npm - @khanhcan148/mk - Versions diffs - 0.1.14 → 0.1.15 - Mend

@khanhcan148/mk 0.1.14 → 0.1.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -134,7 +134,7 @@ User → /mk-* command (skill) → spawns utility agents → agents use knowledg
 | `/mk-docs` | Generate and update project documentation; maintains AGENTS.md; Impact Areas analysis produces human-readable "What changed / Who is affected / What could go wrong" narrative |
 | `/mk-git` | Git operations: branch, commit, push, PR, merge |
 | `/mk-research` | Deep multi-source research on technical topics |
-| `/mk-spike` | Investigate external service integrations: fetch API docs, evaluate options, produce spike.md with Go/No-Go |
+| `/mk-spike` | Investigate external service integrations: fetch API docs, evaluate options, produce <service-slug>-spike.md with Go/No-Go |
 | `/mk-overview` | Synthesize project artifacts into multi-tier stakeholder overview: Executive Brief, Product Report, Technical Report |
 | `/mk-workflow` | Trace REST endpoint call chains with upstream caller detection, variant branching, side effects/feature flags, Mermaid diagrams |
 | `/mk-log-analysis` | Analyze production logs from Datadog or Azure Application Insights via MCP; progressive severity triage, pattern detection, mandatory stack trace investigation, mk-debug integration |

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@khanhcan148/mk",
-  "version": "0.1.14",
+  "version": "0.1.15",
   "description": "CLI to install and manage MyClaudeKit (.claude/) in your projects",
   "type": "module",
   "bin": {

package/src/commands/update.js CHANGED Viewed

@@ -13,6 +13,32 @@ import { downloadAndExtractKit, cleanupTempDir } from '../lib/download.js';
 import { fetchLatestRelease, compareVersions } from '../lib/releases.js';
 import { isEmptyDir } from '../lib/fs-utils.js';
+// ---------------------------------------------------------------------------
+// Security: strip terminal escape sequences from untrusted content
+// ---------------------------------------------------------------------------
+/**
+ * Strip terminal escape sequences from a string to prevent terminal injection
+ * when printing content sourced from the GitHub API (e.g. release notes).
+ *
+ * Removes:
+ *   - CSI sequences: ESC [ ... <letter>  (e.g. color codes, cursor movement, screen clear)
+ *   - OSC sequences: ESC ] ... BEL/ST    (e.g. window title manipulation)
+ *   - Fe two-character sequences: ESC <char> (e.g. ESC c = RIS terminal reset, ESC P = DCS)
+ *   - Raw C0 control characters (0x00-0x08, 0x0b, 0x0c, 0x0e-0x1f) excluding
+ *     printable whitespace (\t, \n, \r which are 0x09, 0x0a, 0x0d)
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+function stripTerminalEscapes(str) {
+  return str
+    .replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '')         // CSI sequences
+    .replace(/\x1b\].*?(\x07|\x1b\\)/gs, '')         // OSC sequences (dotAll for multiline)
+    .replace(/\x1b[^[\]]/g, '')                       // Fe two-char sequences (ESC c, ESC P, etc.)
+    .replace(/[\x00-\x08\x0b\x0c\x0e-\x1f]/g, '');  // raw control chars (preserve \t \n \r)
+}
 // ---------------------------------------------------------------------------
 // Prompt helper
 // ---------------------------------------------------------------------------
@@ -327,10 +353,13 @@ export async function updateAction(options = {}, deps = {}) {
         chalk.cyan(`Update available: v${local} -> v${remote}\n`)
       );
-      // Show release notes (if any), truncated to 500 chars
+      // Show release notes (if any), truncated to 500 chars.
+      // S4: Strip terminal escape sequences before printing to prevent injection via
+      // crafted GitHub release bodies (CSI/OSC sequences can clear screen, set window titles, etc.).
       const body = release.body;
       if (body && body.trim().length > 0) {
-        const notes = body.length > 500 ? body.slice(0, 500) + '...' : body;
+        const rawNotes = body.length > 500 ? body.slice(0, 500) + '...' : body;
+        const notes = stripTerminalEscapes(rawNotes);
         process.stdout.write('\nRelease notes:\n');
         process.stdout.write(notes + '\n\n');
       }

package/src/lib/auth.js CHANGED Viewed

@@ -127,7 +127,9 @@ export async function startDeviceFlow(opts = {}) {
       'Content-Type': 'application/x-www-form-urlencoded',
       Accept: 'application/json'
     },
-    body: `client_id=${GITHUB_CLIENT_ID}&scope=repo`
+    // Empty scope sufficient for public repos (5000 req/hr). Set MK_OAUTH_SCOPE=repo for private forks.
+    // Use URLSearchParams to prevent parameter injection via env var containing '&' chars.
+    body: new URLSearchParams({ client_id: GITHUB_CLIENT_ID, scope: process.env.MK_OAUTH_SCOPE || '' }).toString()
   });
   if (!codeRes.ok) {

package/src/lib/download.js CHANGED Viewed

@@ -17,15 +17,22 @@ const TARBALL_URL = `${GITHUB_API}/repos/${KIT_REPO}/tarball/${KIT_BRANCH}`;
  *  from crafted tarballs with large size fields. 50 MB is well above any kit file. */
 const MAX_ENTRY_SIZE = 50 * 1024 * 1024; // 52428800 bytes
+/** Hostnames allowed for kit downloads. Hoisted to module scope to avoid rebuilding on each call. */
+const ALLOWED_HOSTS = new Set(['github.com', 'api.github.com', 'codeload.github.com']);
+/** HTTP status codes that indicate a redirect. Hoisted to module scope alongside ALLOWED_HOSTS. */
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
 /**
  * Validate that the download URL's hostname is a GitHub domain.
  * Prevents SSRF: caller-supplied URLs (e.g. tarballUrl from GitHub API JSON) could be
  * redirected to an attacker-controlled host, exfiltrating the Bearer token.
  * Allowed: api.github.com, *.github.com (e.g. codeload.github.com)
+ * Exported so that releases.js can validate tarball_url at the source.
  * @param {string} url
  * @throws {Error} if hostname is not a GitHub domain
  */
-function assertGitHubHostname(url) {
+export function assertGitHubHostname(url) {
   let parsed;
   try {
     parsed = new URL(url);
@@ -33,7 +40,6 @@ function assertGitHubHostname(url) {
     throw new Error(`SSRF guard: invalid URL "${url}"`);
   }
   const { hostname } = parsed;
-  const ALLOWED_HOSTS = new Set(['github.com', 'api.github.com', 'codeload.github.com']);
   if (!ALLOWED_HOSTS.has(hostname)) {
     throw new Error(
       `SSRF guard: URL hostname "${hostname}" is not allowed. ` +
@@ -289,12 +295,35 @@ export async function downloadAndExtractKit(token, opts = {}) {
         Authorization: `Bearer ${token}`,
         Accept: 'application/vnd.github.v3+json'
       },
-      redirect: 'follow'
+      // S1: Use redirect: 'manual' to prevent the Authorization header from being forwarded
+      // to the redirect target (e.g. codeload.github.com). We handle the redirect manually:
+      // validate the Location hostname, then re-fetch without the auth header.
+      redirect: 'manual'
     });
   } catch (err) {
     throw new Error(`Network connection failed: ${err.message}`);
   }
+  // Handle 3xx redirects: validate Location hostname, then re-fetch without auth header.
+  // This prevents the Bearer token from leaking to third-party servers via a compromised redirect.
+  if (REDIRECT_STATUSES.has(res.status)) {
+    const location = res.headers.get('location');
+    if (!location) {
+      throw new Error(`GitHub API redirect (${res.status}) had no Location header`);
+    }
+    // Validate the redirect target is a GitHub hostname before following
+    assertGitHubHostname(location);
+    try {
+      res = await fetch(location, {
+        // No Authorization header on the redirect target — the token is only for api.github.com
+        headers: { Accept: 'application/vnd.github.v3+json' },
+        redirect: 'follow'
+      });
+    } catch (err) {
+      throw new Error(`Network connection failed on redirect: ${err.message}`);
+    }
+  }
   if (!res.ok) {
     throw new Error(`GitHub API error: ${res.status} ${res.statusText}`);
   }

package/src/lib/releases.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import semver from 'semver';
 import { GITHUB_API, KIT_REPO } from './constants.js';
+import { assertGitHubHostname } from './download.js';
 // ---------------------------------------------------------------------------
 // GitHub Releases API helpers
@@ -53,6 +54,14 @@ export async function fetchLatestRelease(token) {
   const { tag_name: tag, body = null, tarball_url: tarballUrl } = data;
+  // S3: Validate tarball_url hostname before returning it to callers.
+  // A compromised GitHub API response could supply an attacker-controlled URL for SSRF.
+  try {
+    assertGitHubHostname(tarballUrl);
+  } catch {
+    return { available: false, reason: 'Tarball URL failed hostname validation' };
+  }
   // Parse version: try clean() first (handles v-prefix), then coerce() as fallback.
   // coerce('release-0.2.0') => '0.2.0', coerce('totally-not-semver') => null
   const version = semver.clean(tag) ?? (semver.coerce(tag) ? semver.coerce(tag).version : null);