@dk/hipp 0.1.27 → 0.1.28

package/README.md

@@ -110,7 +110,8 @@ npx @dk/hipp -- --access public --tag beta
 HIPP provides out-of-band verification to prove package integrity:
 
 ```bash
-npx @dk/hipp verify                       # verifies latest @dk/hipp
+npx @dk/hipp verify                       # auto-detect: local hipp repo → published version, else @dk/hipp
+npx @dk/hipp verify --self                # always verifies @dk/hipp itself
 npx @dk/hipp verify @scope/package         # verifies latest of a package
 npx @dk/hipp verify @scope/package@1.0.0   # verifies specific version
 ```
@@ -240,20 +241,20 @@ PERFORMANCE OF THIS SOFTWARE.
 Verify this package with [@dk/hipp](https://www.npmjs.com/package/@dk/hipp):
 
 ```bash
-npx @dk/hipp verify @dk/hipp@0.1.27
+npx @dk/hipp verify @dk/hipp@0.1.28
 ```
 
 ```json
 {
   "origin": "git@github.com:dmytri/hipp.git",
-  "tag": "v0.1.27",
-  "revision": "528a1ce0c415b335f118ec006e50b464c75efd9a",
-  "hash": "8738b992f6546c2aa6509c43aa95dc4a8206582d2cc511e8b30f5e35c6e2eb3a",
-  "signature": "80nbN79+QNiEVMKsY520VXcWBY1s5R2Yq9kpi/EUW5Hrs8KKBRPH3tQ6JSeBGGi5ZzWDi3UEi9s/AN55c5hdAg==",
+  "tag": "v0.1.28",
+  "revision": "9c14060da439f9a4c2b040c282da594703525d14",
+  "hash": "ee78fe3bba06ec7cff6f775c43c9cc4bf3fba4a3bfa64e28dd57879426890f11",
+  "signature": "0Udja52eMvhKvlJxFpwxW927lV1QzyJhF/5kMdOeTnFXy+zQuqMSUBG0fHNo7PRZ9YEDWGzN+EnyeVL5+pyYBQ==",
   "name": "Dmytri Kleiner",
   "email": "dev@dmytri.to",
   "npm": "11.12.1",
   "node": "v25.8.2",
-  "hipp": "0.1.27"
+  "hipp": "0.1.28"
 }
 ```

package/hipp.js

@@ -751,25 +751,40 @@ const verifyIndex = process.argv.indexOf('verify');
 const packageSpec = verifyIndex !== -1 ? process.argv[verifyIndex + 1] : null;
 
 if (isVerify) {
-  const specToVerify = packageSpec;
-  if (specToVerify) {
-    runVerify(specToVerify);
-  } else {
-    const hippPkgPath = path.join(path.dirname(process.argv[1]), 'package.json');
-    const hippPkg = JSON.parse(fs.readFileSync(hippPkgPath, 'utf8'));
-    const spec = hippPkg.version === '0.0.0'
-      ? hippPkg.name
-      : `${hippPkg.name}@${hippPkg.version}`;
-    runVerify(spec);
-  }
+  const hasSelf = process.argv.includes('--self');
+  if (!hasSelf) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'package.json'), 'utf8'));
+      if (pkg.version === '0.0.0') {
+        const rawTag = git(['describe', '--tags', '--exact-match', 'HEAD']);
+        if (rawTag.startsWith('v')) {
+          const tagVersion = semver.clean(rawTag);
+          if (tagVersion) {
+            runVerify(`${pkg.name}@${tagVersion}`);
+            return;
+          }
+        }
+      }
+    } catch {}
+  }
+  const hippPkgPath = path.join(path.dirname(process.argv[1]), 'package.json');
+  const hippPkg = JSON.parse(fs.readFileSync(hippPkgPath, 'utf8'));
+  const spec = hippPkg.version === '0.0.0'
+    ? hippPkg.name
+    : `${hippPkg.name}@${hippPkg.version}`;
+  runVerify(spec);
 } else if (process.argv.includes('--help') || process.argv.includes('-h')) {
   console.log(`\x1b[36mHIPP - High Integrity Package Publisher\x1b[0m
 
 Usage:
   npx hipp [options] [-- npm-options]
   npx hipp verify [@package[@version]]
+  npx hipp verify --self
 
-  Without arguments, verifies the installed hipp version.
+  Without arguments: in a hipp repo (package.json version 0.0.0 with a
+  semver tag on HEAD), verifies the published package at that version.
+  Otherwise verifies @dk/hipp itself.
+  --self: always verifies @dk/hipp.
 
 Options:
   -y, --yes   Skip confirmation prompt

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dk/hipp",
-  "version": "0.1.27",
+  "version": "0.1.28",
   "description": "High Integrity Package Publisher",
   "main": "hipp.js",
   "bin": {