@dreamlogic-ai/cli 2.0.6 → 2.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/list.js +1 -1
- package/dist/commands/update.js +5 -2
- package/dist/index.js +3 -3
- package/dist/types.d.ts +1 -1
- package/dist/types.js +1 -1
- package/package.json +1 -1
package/dist/commands/list.js
CHANGED
|
@@ -20,7 +20,7 @@ export function listCommand() {
|
|
|
20
20
|
["版本", info.version],
|
|
21
21
|
["安装时间", new Date(info.installed_at).toLocaleString()],
|
|
22
22
|
["路径", info.path],
|
|
23
|
-
["SHA256", info.sha256.slice(0, 16) + "..."],
|
|
23
|
+
["SHA256", (info.sha256 || "unknown").slice(0, 16) + "..."],
|
|
24
24
|
]);
|
|
25
25
|
if (info.previous_version) {
|
|
26
26
|
ui.line(` ${ui.dim(`上一版本: ${info.previous_version}`)}`);
|
package/dist/commands/update.js
CHANGED
|
@@ -49,11 +49,14 @@ export async function updateCommand(opts) {
|
|
|
49
49
|
const normalizeVer = (v) => v.replace(/^v/, "");
|
|
50
50
|
const localVer = normalizeVer(local.version);
|
|
51
51
|
const remoteVer = normalizeVer(remote.latest_version);
|
|
52
|
+
// R5-M03 FIX: Numeric comparison to prevent non-standard version bypass
|
|
53
|
+
const localNum = parseInt(localVer.replace(/\D/g, ""), 10);
|
|
54
|
+
const remoteNum = parseInt(remoteVer.replace(/\D/g, ""), 10);
|
|
52
55
|
if (localVer === remoteVer) {
|
|
53
56
|
ui.line(`${chalk.green("✓")} ${remote.name} ${local.version} — 已是最新`);
|
|
54
57
|
}
|
|
55
|
-
else if (
|
|
56
|
-
// R4-C02 FIX: Block version downgrade attacks
|
|
58
|
+
else if (!isNaN(localNum) && !isNaN(remoteNum) && remoteNum < localNum) {
|
|
59
|
+
// R4-C02 + R5-M03 FIX: Block version downgrade attacks (numeric comparison)
|
|
57
60
|
ui.line(`${ui.warn("⚠")} ${remote.name} — 服务器版本 ${remote.latest_version} 低于本地 ${local.version}(可能的降级攻击,已跳过)`);
|
|
58
61
|
}
|
|
59
62
|
else {
|
package/dist/index.js
CHANGED
|
@@ -173,10 +173,10 @@ async function main() {
|
|
|
173
173
|
}
|
|
174
174
|
}
|
|
175
175
|
// CLI-001: clack returns isCancel symbol (handled at each prompt site)
|
|
176
|
-
//
|
|
177
|
-
if (err instanceof Error &&
|
|
176
|
+
// R5-M01 FIX: Only match exact clack cancel errors, not all messages containing "cancel"
|
|
177
|
+
if (clack.isCancel(err) || (err instanceof Error && err.message === "Cancelled")) {
|
|
178
178
|
console.log();
|
|
179
|
-
clack.cancel("
|
|
179
|
+
clack.cancel("已取消。");
|
|
180
180
|
return;
|
|
181
181
|
}
|
|
182
182
|
// R4-FIX #10: 错误信息不泄漏内部路径/堆栈
|
package/dist/types.d.ts
CHANGED
|
@@ -34,6 +34,6 @@ export interface InstalledRegistry {
|
|
|
34
34
|
export declare const DEFAULT_SERVER = "https://skill.dreamlogic-claw.com";
|
|
35
35
|
export declare const DEFAULT_INSTALL_DIR_NAME = "dreamlogic-skills";
|
|
36
36
|
export declare const CONFIG_DIR_NAME = ".dreamlogic";
|
|
37
|
-
export declare const CLI_VERSION = "2.0.
|
|
37
|
+
export declare const CLI_VERSION = "2.0.7";
|
|
38
38
|
export declare const CLI_NAME = "Dreamlogic CLI";
|
|
39
39
|
export declare const CLI_AUTHOR = "Dreamlogic-ai by MAJORNINE";
|
package/dist/types.js
CHANGED
|
@@ -2,6 +2,6 @@
|
|
|
2
2
|
export const DEFAULT_SERVER = "https://skill.dreamlogic-claw.com";
|
|
3
3
|
export const DEFAULT_INSTALL_DIR_NAME = "dreamlogic-skills";
|
|
4
4
|
export const CONFIG_DIR_NAME = ".dreamlogic";
|
|
5
|
-
export const CLI_VERSION = "2.0.
|
|
5
|
+
export const CLI_VERSION = "2.0.7";
|
|
6
6
|
export const CLI_NAME = "Dreamlogic CLI";
|
|
7
7
|
export const CLI_AUTHOR = "Dreamlogic-ai by MAJORNINE";
|