@dk/hipp 0.1.26 → 0.1.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +10 -8
  2. package/hipp.js +28 -10
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -110,8 +110,10 @@ npx @dk/hipp -- --access public --tag beta
110
110
  HIPP provides out-of-band verification to prove package integrity:
111
111
 
112
112
  ```bash
113
- npx @dk/hipp verify @dk/your-package[@version]
114
- npx @dk/hipp verify # verifies the installed hipp version
113
+ npx @dk/hipp verify # auto-detect: local hipp repo → published version, else @dk/hipp
114
+ npx @dk/hipp verify --self # always verifies @dk/hipp itself
115
+ npx @dk/hipp verify @scope/package # verifies latest of a package
116
+ npx @dk/hipp verify @scope/package@1.0.0 # verifies specific version
115
117
  ```
116
118
 
117
119
  ### How Verification Works
@@ -239,20 +241,20 @@ PERFORMANCE OF THIS SOFTWARE.
239
241
  Verify this package with [@dk/hipp](https://www.npmjs.com/package/@dk/hipp):
240
242
 
241
243
  ```bash
242
- npx @dk/hipp verify @dk/hipp@0.1.26
244
+ npx @dk/hipp verify @dk/hipp@0.1.28
243
245
  ```
244
246
 
245
247
  ```json
246
248
  {
247
249
  "origin": "git@github.com:dmytri/hipp.git",
248
- "tag": "v0.1.26",
249
- "revision": "54ec0b8b85b58aa5064a223257278218aadb4a37",
250
- "hash": "86b5c3f9d90860998db29b3392a32b2d8a170b42617471684942ecc4aeb81622",
251
- "signature": "+ke2wAueXxhrGaoQE1OqO40ah9j/nDfjnFMuuPILitxU3goPMg9dMtlDezTwnjtq9i/vExpYdYFodQlXumxUCg==",
250
+ "tag": "v0.1.28",
251
+ "revision": "9c14060da439f9a4c2b040c282da594703525d14",
252
+ "hash": "ee78fe3bba06ec7cff6f775c43c9cc4bf3fba4a3bfa64e28dd57879426890f11",
253
+ "signature": "0Udja52eMvhKvlJxFpwxW927lV1QzyJhF/5kMdOeTnFXy+zQuqMSUBG0fHNo7PRZ9YEDWGzN+EnyeVL5+pyYBQ==",
252
254
  "name": "Dmytri Kleiner",
253
255
  "email": "dev@dmytri.to",
254
256
  "npm": "11.12.1",
255
257
  "node": "v25.8.2",
256
- "hipp": "0.1.26"
258
+ "hipp": "0.1.28"
257
259
  }
258
260
  ```
package/hipp.js CHANGED
@@ -429,7 +429,7 @@ async function runVerify(packageSpec) {
429
429
  const npa = require('npm-package-arg');
430
430
  const parsed = npa(packageSpec);
431
431
  const pkgName = parsed.name;
432
- const pkgVersion = parsed.fetchSpec;
432
+ const pkgVersion = parsed.fetchSpec === '*' ? null : parsed.fetchSpec;
433
433
  log.info(`🔍 HIPP Verify: ${pkgName}${pkgVersion ? '@' + pkgVersion : ''}`);
434
434
 
435
435
  const registryUrl = `https://registry.npmjs.org/${parsed.escapedName}/${pkgVersion || 'latest'}`;
@@ -751,22 +751,40 @@ const verifyIndex = process.argv.indexOf('verify');
751
751
  const packageSpec = verifyIndex !== -1 ? process.argv[verifyIndex + 1] : null;
752
752
 
753
753
  if (isVerify) {
754
- const specToVerify = packageSpec;
755
- if (specToVerify) {
756
- runVerify(specToVerify);
757
- } else {
758
- const hippPkgPath = path.join(path.dirname(process.argv[1]), 'package.json');
759
- const hippPkg = JSON.parse(fs.readFileSync(hippPkgPath, 'utf8'));
760
- runVerify(`${hippPkg.name}@${hippPkg.version}`);
761
- }
754
+ const hasSelf = process.argv.includes('--self');
755
+ if (!hasSelf) {
756
+ try {
757
+ const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'package.json'), 'utf8'));
758
+ if (pkg.version === '0.0.0') {
759
+ const rawTag = git(['describe', '--tags', '--exact-match', 'HEAD']);
760
+ if (rawTag.startsWith('v')) {
761
+ const tagVersion = semver.clean(rawTag);
762
+ if (tagVersion) {
763
+ runVerify(`${pkg.name}@${tagVersion}`);
764
+ return;
765
+ }
766
+ }
767
+ }
768
+ } catch {}
769
+ }
770
+ const hippPkgPath = path.join(path.dirname(process.argv[1]), 'package.json');
771
+ const hippPkg = JSON.parse(fs.readFileSync(hippPkgPath, 'utf8'));
772
+ const spec = hippPkg.version === '0.0.0'
773
+ ? hippPkg.name
774
+ : `${hippPkg.name}@${hippPkg.version}`;
775
+ runVerify(spec);
762
776
  } else if (process.argv.includes('--help') || process.argv.includes('-h')) {
763
777
  console.log(`\x1b[36mHIPP - High Integrity Package Publisher\x1b[0m
764
778
 
765
779
  Usage:
766
780
  npx hipp [options] [-- npm-options]
767
781
  npx hipp verify [@package[@version]]
782
+ npx hipp verify --self
768
783
 
769
- Without arguments, verifies the installed hipp version.
784
+ Without arguments: in a hipp repo (package.json version 0.0.0 with a
785
+ semver tag on HEAD), verifies the published package at that version.
786
+ Otherwise verifies @dk/hipp itself.
787
+ --self: always verifies @dk/hipp.
770
788
 
771
789
  Options:
772
790
  -y, --yes Skip confirmation prompt
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dk/hipp",
3
- "version": "0.1.26",
3
+ "version": "0.1.28",
4
4
  "description": "High Integrity Package Publisher",
5
5
  "main": "hipp.js",
6
6
  "bin": {