@skill-map/cli 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/README.md +8 -0
  2. package/dist/cli.d.ts +2 -0
  3. package/dist/cli.js +12246 -0
  4. package/dist/cli.js.map +1 -0
  5. package/dist/config/defaults/skill-mapignore +27 -0
  6. package/dist/conformance/index.d.ts +82 -0
  7. package/dist/conformance/index.js +357 -0
  8. package/dist/conformance/index.js.map +1 -0
  9. package/dist/index.d.ts +1 -0
  10. package/dist/index.js +1698 -0
  11. package/dist/index.js.map +1 -0
  12. package/dist/kernel/index.d.ts +2531 -0
  13. package/dist/kernel/index.js +1698 -0
  14. package/dist/kernel/index.js.map +1 -0
  15. package/dist/migrations/001_initial.sql +267 -0
  16. package/package.json +1 -1
package/README.md CHANGED
@@ -49,6 +49,14 @@ Exit codes follow [`spec/cli-contract.md`](../spec/cli-contract.md):
49
49
 
50
50
  This binary implements the [skill-map spec](https://www.npmjs.com/package/@skill-map/spec). The spec package ships JSON Schemas, conformance cases, and prose contracts; `skill-map` conforms to a declared range via its `specCompat`.
51
51
 
52
+ ## Security: untrusted repositories
53
+
54
+ `sm scan` (and the verbs that include a scan: `refresh`, `watch`, `init`) auto-loads JavaScript plugins from `<cwd>/.skill-map/plugins/` by default. Running these commands inside a repository you do not control is equivalent to running `node ./.skill-map/plugins/*/index.js` — the plugin code executes with your user permissions.
55
+
56
+ If you cloned an untrusted repository, run with `--no-plugins` to disable third-party plugin loading, or audit the contents of `.skill-map/plugins/` before scanning.
57
+
58
+ A workspace-trust prompt is on the roadmap; until then this is an accepted risk.
59
+
52
60
  ## License
53
61
 
54
62
  MIT. See [`LICENSE`](../LICENSE).
package/dist/cli.d.ts ADDED
@@ -0,0 +1,2 @@
1
+
2
+ export { }