npm - @westbayberry/dg - Versions diffs - 1.0.58 → 1.0.59 - Mend

@westbayberry/dg 1.0.58 → 1.0.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +37 -3
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -47020,6 +47020,20 @@ var init_config = __esm({
 });
 // src/commands/npm-wrapper.ts
+var npm_wrapper_exports = {};
+__export(npm_wrapper_exports, {
+  handleWrapCommand: () => handleWrapCommand,
+  parseNpmArgs: () => parseNpmArgs,
+  parsePackageSpec: () => parsePackageSpec,
+  pinTopLevelArgs: () => pinTopLevelArgs,
+  readBareInstallPackages: () => readBareInstallPackages,
+  readBareInstallPackagesTyped: () => readBareInstallPackagesTyped,
+  readLockfilePins: () => readLockfilePins,
+  resolvePackages: () => resolvePackages,
+  resolveTreeNpm: () => resolveTreeNpm,
+  resolveVersion: () => resolveVersion,
+  runNpm: () => runNpm
+});
 import { spawn as spawn2 } from "node:child_process";
 import { readFileSync as readFileSync4, existsSync as existsSync4, mkdtempSync, writeFileSync as writeFileSync2, rmSync } from "node:fs";
 import { join as join6 } from "node:path";
@@ -85578,12 +85592,24 @@ var init_protect = __esm({
 #   echo 'source ~/.dependency-guardian/aliases.sh' >> ~/.zshrc   # or ~/.bashrc
 # To turn it off, remove that line.
-# Only alias if dg is on PATH (avoids breaking the shell when dg is uninstalled).
-if command -v dg >/dev/null 2>&1; then
+# Only alias if a real dg binary is on PATH.
+#
+# We use \`type -p\` (bash + zsh) rather than POSIX \`command -v\`
+# because command -v ALSO returns true for shell functions and
+# aliases. If your rc defines a wrapper function like
+#   dg() { ... command dg "$@"; }
+# command -v passes even when the dg binary isn't installed \u2014 and
+# the npm alias below then rewrites every \`npm install\` into a
+# command that fails silently. type -p returns ONLY the path of
+# an external executable, so this check is honest about whether
+# dg is actually reachable.
+__dg_bin=$(type -p dg 2>/dev/null)
+if [ -n "$__dg_bin" ] && [ -x "$__dg_bin" ]; then
   alias npm='dg npm'
   alias pip='dg pip'
   alias pip3='dg pip'
 fi
+unset __dg_bin
 `;
     USAGE3 = `
   dg protect \u2014 opt-in low-friction protection for a project
@@ -97238,7 +97264,15 @@ async function main() {
   const strictFlags = rawCommand !== "npm" && rawCommand !== "pip";
   const config3 = parseConfig(process.argv, strictFlags);
   const updatePromise = checkForUpdate(CLI_VERSION).catch(() => null);
-  if (rawCommand === "scan" || rawCommand === "npm" || rawCommand === "pip") {
+  let needsTermsGate = rawCommand === "scan";
+  if (rawCommand === "npm") {
+    const { parseNpmArgs: parseNpmArgs2 } = await Promise.resolve().then(() => (init_npm_wrapper(), npm_wrapper_exports));
+    needsTermsGate = parseNpmArgs2(process.argv.slice(3)).shouldScan;
+  } else if (rawCommand === "pip") {
+    const { parsePipArgs: parsePipArgs2 } = await Promise.resolve().then(() => (init_pip_wrapper(), pip_wrapper_exports));
+    needsTermsGate = parsePipArgs2(process.argv.slice(3)).shouldScan;
+  }
+  if (needsTermsGate) {
     const { gateOrExit: gateOrExit2 } = await Promise.resolve().then(() => (init_terms_gate(), terms_gate_exports));
     await gateOrExit2();
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@westbayberry/dg",
-  "version": "1.0.58",
+  "version": "1.0.59",
   "description": "Supply chain security scanner for npm and Python dependencies — 35 behavioral detectors catch zero-day attacks CVE databases miss. 99.66% catch rate on 155K packages.",
   "bin": {
     "dependency-guardian": "dist/index.mjs",