npm - @putdotio/cli - Versions diffs - 1.0.10 → 1.0.12 - Mend

@putdotio/cli 1.0.10 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +2 -2
package/dist/bin.mjs +1 -1
package/dist/index.mjs +1 -1
package/dist/{metadata-CP3-u5nn.mjs → metadata-Bf6lftdl.mjs} +86 -12
package/package.json +5 -11

package/README.md CHANGED Viewed

@@ -100,10 +100,10 @@ Link your account:
 putio auth login
 ```
-Check the account:
+Check the auth source:
 ```bash
-putio whoami --output json
+putio whoami --fields auth --output json
 ```
 Read a small JSON result:

package/dist/bin.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { A as translate, C as CliOutput, D as CliConfigLive, E as renderJson, O as CliRuntime, S as CliSdkLive, T as detectOutputModeFromArgv, a as searchCommand, c as brandCommand, i as filesCommand, j as version, k as CliRuntimeLive, l as versionCommand, m as CliStateLive, n as whoamiCommand, o as eventsCommand, r as transfersCommand, s as downloadLinksCommand, t as describeCli, u as makeAuthCommand, w as CliOutputLive } from "./metadata-CP3-u5nn.mjs";
+import { A as translate, C as CliOutput, D as CliConfigLive, E as renderJson, O as CliRuntime, S as CliSdkLive, T as detectOutputModeFromArgv, a as searchCommand, c as brandCommand, i as filesCommand, j as version, k as CliRuntimeLive, l as versionCommand, m as CliStateLive, n as whoamiCommand, o as eventsCommand, r as transfersCommand, s as downloadLinksCommand, t as describeCli, u as makeAuthCommand, w as CliOutputLive } from "./metadata-Bf6lftdl.mjs";
 import { Cause, Console, Effect, Layer } from "effect";
 import { Command } from "@effect/cli";
 import { NodeContext, NodeRuntime } from "@effect/platform-node";

package/dist/index.mjs CHANGED Viewed

@@ -1,2 +1,2 @@
-import { _ as clearPersistedState, b as resolveAuthState, d as AuthStateError, f as AuthStatusSchema, g as ResolvedAuthStateSchema, h as PutioCliConfigSchema, m as CliStateLive, p as CliState, t as describeCli, v as getAuthStatus, x as savePersistedState, y as loadPersistedState } from "./metadata-CP3-u5nn.mjs";
+import { _ as clearPersistedState, b as resolveAuthState, d as AuthStateError, f as AuthStatusSchema, g as ResolvedAuthStateSchema, h as PutioCliConfigSchema, m as CliStateLive, p as CliState, t as describeCli, v as getAuthStatus, x as savePersistedState, y as loadPersistedState } from "./metadata-Bf6lftdl.mjs";
 export { AuthStateError, AuthStatusSchema, CliState, CliStateLive, PutioCliConfigSchema, ResolvedAuthStateSchema, clearPersistedState, describeCli, getAuthStatus, loadPersistedState, resolveAuthState, savePersistedState };

package/dist/{metadata-CP3-u5nn.mjs → metadata-Bf6lftdl.mjs} RENAMED Viewed

@@ -13,7 +13,7 @@ import * as FileSystem from "@effect/platform/FileSystem";
 import { SystemError } from "@effect/platform/Error";
 //#region package.json
 var name = "@putdotio/cli";
-var version = "1.0.10";
+var version = "1.0.12";
 //#endregion
 //#region src/i18n/translate.ts
 const resources = { en: { translation: {
@@ -1290,15 +1290,28 @@ const SAFE_SENSITIVE_SENTINEL_VALUES = new Set([
 	REDACTED_VALUE
 ]);
 const PROMPT_INJECTION_PATTERN = /\b(ignore (?:all|any|previous|above)|system prompt|developer message|tool call|function call|follow these instructions|you are chatgpt|you are an ai)\b/iu;
-const isPlainObject = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
-const sanitizeTerminalText = (value) => value.replace(/(Authorization\s*:\s*Bearer\s+)([A-Za-z0-9._~+/=-]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/((?:auth_?token|access_?token|refresh_?token|oauth_?token|token|password|secret|cookie)["']?\s*[:=]\s*["']?)([^"'&,\s}]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/(Bearer\s+)([A-Za-z0-9._~+/=-]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/([?&](?:auth_?token|access_?token|refresh_?token|oauth_?token|token)=)([^&\s]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`);
+const TERMINAL_ESCAPE_PATTERN = new RegExp(String.raw`\u001B(?:\][^\u0007]*(?:\u0007|\u001B\\)|\[[0-?]*[ -/]*[@-~]|[@-Z\\-_])`, "gu");
+const TERMINAL_CONTROL_PATTERN = new RegExp(String.raw`[\u0000-\u0008\u000B-\u001F\u007F-\u009F]`, "gu");
+const isPlainObject = (value) => {
+	if (typeof value !== "object" || value === null || Array.isArray(value)) return false;
+	const prototype = Object.getPrototypeOf(value);
+	return prototype === Object.prototype || prototype === null;
+};
+const redactSensitiveText = (value) => value.replace(/(Authorization\s*:\s*Bearer\s+)([A-Za-z0-9._~+/=-]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/((?:auth_?token|access_?token|refresh_?token|oauth_?token|token|password|secret|cookie)["']?\s*[:=]\s*["']?)([^"'&,\s}]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/(Bearer\s+)([A-Za-z0-9._~+/=-]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`).replace(/([?&](?:auth_?token|access_?token|refresh_?token|oauth_?token|token)=)([^&\s]+)/gi, (_match, prefix) => `${prefix}${REDACTED_VALUE}`);
+const sanitizeTerminalText = (value) => redactSensitiveText(value).replace(TERMINAL_ESCAPE_PATTERN, "").replace(TERMINAL_CONTROL_PATTERN, "");
+const sanitizeTerminalValue = (value) => {
+	if (typeof value === "string") return sanitizeTerminalText(value);
+	if (Array.isArray(value)) return value.map(sanitizeTerminalValue);
+	if (isPlainObject(value)) return Object.fromEntries(Object.entries(value).map(([key, nestedValue]) => [key, SENSITIVE_KEY_PATTERN.test(key) && typeof nestedValue === "string" ? SAFE_SENSITIVE_SENTINEL_VALUES.has(nestedValue) ? nestedValue : REDACTED_VALUE : sanitizeTerminalValue(nestedValue)]));
+	return value;
+};
 const joinPath = (segments) => segments.reduce((path, segment) => {
 	if (segment.startsWith("[")) return `${path}${segment}`;
 	return path === "$" ? `$.${segment}` : `${path}.${segment}`;
 }, "$");
 const sanitizeStructuredValueInternal = (value, path) => {
 	if (typeof value === "string") {
-		const sanitized = sanitizeTerminalText(value);
+		const sanitized = redactSensitiveText(value);
 		return {
 			untrustedTextPaths: PROMPT_INJECTION_PATTERN.test(sanitized) ? [joinPath(path)] : [],
 			value: sanitized
@@ -1356,7 +1369,7 @@ const sanitizeStructuredValueInternal = (value, path) => {
 const sanitizeStructuredValue = (value) => sanitizeStructuredValueInternal(value, []).value;
 const renderJson = (value) => JSON.stringify(sanitizeStructuredValue(value), null, 2);
 const renderNdjson = (value) => JSON.stringify(sanitizeStructuredValue(value));
-const renderTerminal = (value, renderTerminalValue) => sanitizeTerminalText(renderTerminalValue(value));
+const renderTerminal = (value, renderTerminalValue) => redactSensitiveText(renderTerminalValue(sanitizeTerminalValue(value)));
 const toCliErrorView = (error) => {
 	const meta = error.meta;
 	return {
@@ -1381,7 +1394,7 @@ const toCliErrorJson = (error) => {
 };
 const localizeError = (error) => isLocalizedError(error) ? error : localizeCliError(error);
 const formatCliError = (error) => {
-	return sanitizeTerminalText(renderCliErrorTerminal(toCliErrorView(localizeError(error))));
+	return redactSensitiveText(renderCliErrorTerminal(sanitizeTerminalValue(toCliErrorView(localizeError(error)))));
 };
 const formatCliErrorJson = (error) => {
 	return renderJson(toCliErrorJson(isLocalizedError(error) ? error : localizeCliError(error)));
@@ -1596,6 +1609,8 @@ var CliCommandInputError = class extends Data.TaggedError("CliCommandInputError"
 const PATH_TRAVERSAL_PATTERN = /(?:^|[\\/])\.\.(?:[\\/]|$)|%2e/iu;
 const QUERY_OR_FRAGMENT_PATTERN = /[?#]/u;
 const TOP_LEVEL_FIELD_PATTERN = /^[A-Za-z0-9_-]+$/u;
+const MAX_CURSOR_PAGES = 1e3;
+const MAX_CURSOR_ITEMS = 1e5;
 const ownKeys = (value) => Object.keys(value);
 const hasControlCharacters = (value) => [...value].some((character) => {
 	const codePoint = character.codePointAt(0);
@@ -1620,10 +1635,10 @@ const validateNameLikeInput = (label, value) => validateSafeString({
 const parseRequestedFields = (raw) => {
 	const parts = raw.split(",").map((part) => part.trim());
 	if (parts.length === 0 || parts.some((part) => part.length === 0)) throw new CliCommandInputError({ message: "Expected `--fields` to be a comma-separated list of top-level field names." });
-	return [...new Set(parts.map((part) => validateSafeString({
-		label: `\`--fields\` selector \`${part}\``,
+	return [...new Set(parts.map((part, index) => validateSafeString({
+		label: `\`--fields\` selector #${index + 1}`,
 		pattern: TOP_LEVEL_FIELD_PATTERN,
-		patternMessage: "`--fields` only accepts top-level field names without dots, brackets, or slashes.",
+		patternMessage: `\`--fields\` selector #${index + 1} only accepts top-level field names without dots, brackets, or slashes.`,
 		value: part
 	})))];
 };
@@ -1637,6 +1652,17 @@ const readPageItems = (value, itemKey, command) => {
 	if (!Array.isArray(items)) throw new CliCommandInputError({ message: `Expected \`${command}\` responses to include an array at \`${itemKey}\`.` });
 	return items;
 };
+const assertCursorPageBudget = (input) => {
+	if (input.pageCount > MAX_CURSOR_PAGES) throw new CliCommandInputError({ message: `\`${input.command}\` pagination exceeded ${MAX_CURSOR_PAGES} pages.` });
+	if (input.itemCount > MAX_CURSOR_ITEMS) throw new CliCommandInputError({ message: `\`${input.command}\` pagination exceeded ${MAX_CURSOR_ITEMS} items.` });
+};
+const assertCursorNotSeen = (input) => {
+	if (input.seenCursors.has(input.cursor)) throw new CliCommandInputError({ message: `\`${input.command}\` pagination returned a repeated cursor.` });
+	input.seenCursors.add(input.cursor);
+};
+const assertCursorNotRepeated = (input) => {
+	if (input.cursor !== null && input.seenCursors.has(input.cursor)) throw new CliCommandInputError({ message: `\`${input.command}\` pagination returned a repeated cursor.` });
+};
 const integerPattern = /^-?\d+$/;
 const parseRepeatedIntegers = (values) => {
 	const parsed = [];
@@ -1701,11 +1727,36 @@ const selectTopLevelFields = (input) => Effect.try({
 const collectAllCursorPages = (input) => Effect.gen(function* () {
 	if (!input.pageAll) return input.initial;
 	const collectedItems = [...readPageItems(input.initial, input.itemKey, input.command)];
+	const seenCursors = /* @__PURE__ */ new Set();
 	let cursor = readCursor(input.initial);
+	let pageCount = 1;
+	assertCursorPageBudget({
+		command: input.command,
+		itemCount: collectedItems.length,
+		pageCount
+	});
 	while (cursor !== null) {
+		assertCursorNotSeen({
+			command: input.command,
+			cursor,
+			seenCursors
+		});
 		const nextPage = yield* input.continueWithCursor(cursor);
-		collectedItems.push(...readPageItems(nextPage, input.itemKey, input.command));
-		cursor = readCursor(nextPage);
+		const nextCursor = readCursor(nextPage);
+		assertCursorNotRepeated({
+			command: input.command,
+			cursor: nextCursor,
+			seenCursors
+		});
+		const pageItems = readPageItems(nextPage, input.itemKey, input.command);
+		pageCount += 1;
+		collectedItems.push(...pageItems);
+		assertCursorPageBudget({
+			command: input.command,
+			itemCount: collectedItems.length,
+			pageCount
+		});
+		cursor = nextCursor;
 	}
 	return {
 		...input.initial,
@@ -1740,7 +1791,18 @@ const writeReadPages = (input) => Effect.gen(function* () {
 		});
 	}
 	let current = input.initial;
+	const seenCursors = /* @__PURE__ */ new Set();
+	let pageCount = 1;
+	let streamedItemCount = 0;
 	while (true) {
+		if (input.itemKey) {
+			streamedItemCount += readPageItems(current, input.itemKey, input.command).length;
+			assertCursorPageBudget({
+				command: input.command,
+				itemCount: streamedItemCount,
+				pageCount
+			});
+		}
 		yield* writeOutput(yield* selectTopLevelFields({
 			command: input.command,
 			requestedFields: input.controls.requestedFields,
@@ -1749,7 +1811,19 @@ const writeReadPages = (input) => Effect.gen(function* () {
 		if (!input.controls.pageAll || !input.continueWithCursor || !input.itemKey) return;
 		const cursor = readCursor(current);
 		if (cursor === null) return;
-		current = yield* input.continueWithCursor(cursor);
+		assertCursorNotSeen({
+			command: input.command,
+			cursor,
+			seenCursors
+		});
+		const nextPage = yield* input.continueWithCursor(cursor);
+		assertCursorNotRepeated({
+			command: input.command,
+			cursor: readCursor(nextPage),
+			seenCursors
+		});
+		current = nextPage;
+		pageCount += 1;
 	}
 });
 const renderDryRunPlanTerminal = (value) => [

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@putdotio/cli",
-  "version": "1.0.10",
+  "version": "1.0.12",
   "description": "Agent-first CLI for the put.io API.",
   "homepage": "https://github.com/putdotio/putio-cli#readme",
   "bugs": {
@@ -30,7 +30,7 @@
   },
   "scripts": {
     "build": "vp pack",
-    "build:sea": "node ./scripts/build-sea.mjs",
+    "build:sea": "node ./scripts/build-sea.mts",
     "check": "vp check .",
     "coverage": "vp test --coverage",
     "dev": "vp pack --watch",
@@ -52,20 +52,14 @@
   },
   "devDependencies": {
     "@types/node": "^24.0.0",
-    "@vitest/coverage-v8": "^4.1.0",
+    "@vitest/coverage-v8": "^4.1.5",
     "esbuild": "^0.27.0",
     "postject": "^1.0.0-alpha.6",
     "typescript": "^5.9.3",
-    "vite-plus": "0.1.14"
+    "vite-plus": "0.1.20"
   },
   "engines": {
     "node": ">=24.14.0 <25"
   },
-  "packageManager": "pnpm@10.32.1",
-  "pnpm": {
-    "overrides": {
-      "vite": "npm:@voidzero-dev/vite-plus-core@0.1.14",
-      "vitest": "npm:@voidzero-dev/vite-plus-test@0.1.14"
-    }
-  }
+  "packageManager": "pnpm@11.0.0"
 }