npm - @openpkg-ts/cli - Versions diffs - 0.6.0 → 0.6.1 - Mend

@openpkg-ts/cli 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/bin/openpkg.js +59 -41
package/package.json +4 -4

package/dist/bin/openpkg.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { Command as Command12 } from "commander";
 // package.json
 var package_default = {
   name: "@openpkg-ts/cli",
-  version: "0.6.0",
+  version: "0.6.1",
   description: "CLI for OpenPkg TypeScript API extraction and documentation generation",
   homepage: "https://github.com/ryanwaits/openpkg-ts#readme",
   repository: {
@@ -32,14 +32,14 @@ var package_default = {
     test: "bun test"
   },
   dependencies: {
-    "@openpkg-ts/adapters": "^0.3.3",
-    "@openpkg-ts/sdk": "^0.34.0",
+    "@openpkg-ts/adapters": "^0.3.4",
+    "@openpkg-ts/sdk": "^0.34.1",
     commander: "^14.0.0"
   },
   devDependencies: {
     "@types/bun": "latest",
     "@types/node": "^20.0.0",
-    bunup: "latest"
+    bunup: "^0.16.20"
   },
   publishConfig: {
     access: "public"
@@ -344,11 +344,15 @@ import * as path5 from "node:path";
 import { loadSpec as loadSpec4, query, toReact } from "@openpkg-ts/sdk";
 import { Command as Command5 } from "commander";
 async function readStdin() {
-  const chunks = [];
-  for await (const chunk of process.stdin) {
-    chunks.push(chunk);
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    return Buffer.concat(chunks).toString("utf-8");
+  } catch (err) {
+    throw new Error(`stdin read failed: ${err instanceof Error ? err.message : String(err)}`);
   }
-  return Buffer.concat(chunks).toString("utf-8");
 }
 function getExtension(format) {
   switch (format) {
@@ -511,8 +515,14 @@ Next: Add components with 'openpkg docs add function-section'`);
         }
         const exports = docs.getAllExports();
         for (const exp of exports) {
-          const filename = `${exp.name}${getExtension(format)}`;
+          const filename = path5.basename(`${exp.name}${getExtension(format)}`);
           const filePath = path5.join(outDir, filename);
+          const resolvedPath = path5.resolve(filePath);
+          const resolvedOutDir = path5.resolve(outDir);
+          if (!resolvedPath.startsWith(resolvedOutDir + path5.sep)) {
+            console.error(JSON.stringify({ error: `Path traversal detected: ${exp.name}` }));
+            process.exit(1);
+          }
           const content = renderExport(docs, exp.id, format, collapseUnionThreshold);
           fs5.writeFileSync(filePath, content);
         }
@@ -687,8 +697,24 @@ var VALID_KINDS = [
 ];
 function loadSpec6(filePath) {
   const resolved = path8.resolve(filePath);
-  const content = fs8.readFileSync(resolved, "utf-8");
-  return JSON.parse(content);
+  let content;
+  let spec;
+  try {
+    content = fs8.readFileSync(resolved, "utf-8");
+  } catch (err) {
+    throw new Error(`Failed to read spec file: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  try {
+    spec = JSON.parse(content);
+  } catch (err) {
+    throw new Error(`Invalid JSON in spec file: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  const errors = getValidationErrors(spec);
+  if (errors.length > 0) {
+    const details = errors.slice(0, 5).map((e) => `${e.instancePath || "/"}: ${e.message}`).join("; ");
+    throw new Error(`Invalid OpenPkg spec: ${details}`);
+  }
+  return spec;
 }
 function parseList(val) {
   if (!val)
@@ -940,34 +966,26 @@ program.addCommand(createBreakingCommand());
 program.addCommand(createChangelogCommand());
 program.addCommand(createSemverCommand());
 var specCmd = program.commands.find((c) => c.name() === "spec");
-var snapshotAlias = new Command12("snapshot").description("(alias) → openpkg spec snapshot").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "snapshot").parseAsync(args, { from: "user" });
-});
-program.addCommand(snapshotAlias);
-var listAlias = new Command12("list").description("(alias) → openpkg spec list").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "list").parseAsync(args, { from: "user" });
-});
-program.addCommand(listAlias);
-var getAlias = new Command12("get").description("(alias) → openpkg spec get").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "get").parseAsync(args, { from: "user" });
-});
-program.addCommand(getAlias);
-var validateAlias = new Command12("validate").description("(alias) → openpkg spec validate").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "validate").parseAsync(args, { from: "user" });
-});
-program.addCommand(validateAlias);
-var filterAlias = new Command12("filter").description("(alias) → openpkg spec filter").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "filter").parseAsync(args, { from: "user" });
-});
-program.addCommand(filterAlias);
-var diagnosticsAlias = new Command12("diagnostics").description("(alias) → openpkg spec lint").allowUnknownOption().allowExcessArguments().action(async () => {
-  const args = process.argv.slice(3);
-  await specCmd.commands.find((c) => c.name() === "lint").parseAsync(args, { from: "user" });
-});
-program.addCommand(diagnosticsAlias);
+if (!specCmd) {
+  throw new Error("Internal error: spec command not found");
+}
+function getSubcommand(parent, name) {
+  const cmd = parent.commands.find((c) => c.name() === name);
+  if (!cmd) {
+    throw new Error(`Internal error: ${name} subcommand not found`);
+  }
+  return cmd;
+}
+function createAlias(aliasName, targetName, description) {
+  return new Command12(aliasName).description(description).allowUnknownOption().allowExcessArguments().action(async () => {
+    const args = process.argv.slice(3);
+    await getSubcommand(specCmd, targetName).parseAsync(args, { from: "user" });
+  });
+}
+program.addCommand(createAlias("snapshot", "snapshot", "(alias) → openpkg spec snapshot"));
+program.addCommand(createAlias("list", "list", "(alias) → openpkg spec list"));
+program.addCommand(createAlias("get", "get", "(alias) → openpkg spec get"));
+program.addCommand(createAlias("validate", "validate", "(alias) → openpkg spec validate"));
+program.addCommand(createAlias("filter", "filter", "(alias) → openpkg spec filter"));
+program.addCommand(createAlias("diagnostics", "lint", "(alias) → openpkg spec lint"));
 program.parse();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@openpkg-ts/cli",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "CLI for OpenPkg TypeScript API extraction and documentation generation",
   "homepage": "https://github.com/ryanwaits/openpkg-ts#readme",
   "repository": {
@@ -23,14 +23,14 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@openpkg-ts/adapters": "^0.3.3",
-    "@openpkg-ts/sdk": "^0.34.0",
+    "@openpkg-ts/adapters": "^0.3.4",
+    "@openpkg-ts/sdk": "^0.34.1",
     "commander": "^14.0.0"
   },
   "devDependencies": {
     "@types/bun": "latest",
     "@types/node": "^20.0.0",
-    "bunup": "latest"
+    "bunup": "^0.16.20"
   },
   "publishConfig": {
     "access": "public"