npm - @westbayberry/dg - Versions diffs - 2.0.0 → 2.0.2 - Mend

@westbayberry/dg 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/api/analyze.js +8 -0
package/dist/commands/audit.js +6 -1
package/dist/install-ui/block-render.js +5 -3
package/dist/proxy/server.js +13 -1
package/dist/scan-ui/components/InteractiveResultsView.js +15 -2
package/dist/setup/plan.js +36 -0
package/package.json +1 -1

package/dist/api/analyze.js CHANGED Viewed

@@ -182,6 +182,14 @@ function resolveApiBaseUrl(env) {
 function resolveToken(env) {
     return envAuthToken(env) ?? readAuthStateSafe(env)?.token;
 }
+export function identityHeaders(env) {
+    const headers = { "X-Device-Id": getOrCreateDeviceId(env) };
+    const token = resolveToken(env);
+    if (token) {
+        headers.Authorization = `Bearer ${token}`;
+    }
+    return headers;
+}
 function readAuthStateSafe(env) {
     try {
         return readAuthState(env);

package/dist/commands/audit.js CHANGED Viewed

@@ -12,6 +12,7 @@ import { loadUserConfig, saveUserConfig, setConfigValue } from "../config/settin
 import { promptYesNo } from "../util/tty-prompt.js";
 import { authStatus } from "../auth/store.js";
 import { shouldLaunchAuditTui, launchAuditTui } from "../audit-ui/launch.js";
+import { renderCommandHelp } from "./help.js";
 export const auditCommand = {
     name: "audit",
     summary: "Audit the package you're about to publish for leaked secrets and risky files.",
@@ -95,7 +96,11 @@ export async function maybeAudit(args) {
     if (args[0] !== "audit") {
         return { handled: false, result: { exitCode: 0, stdout: "", stderr: "" } };
     }
-    const gathered = gather(args.slice(1));
+    const sub = args.slice(1);
+    if (sub[0] === "--help" || sub[0] === "-h" || sub[0] === "help") {
+        return { handled: true, result: { exitCode: 0, stdout: renderCommandHelp(auditCommand), stderr: "" } };
+    }
+    const gathered = gather(sub);
     if ("error" in gathered) {
         return { handled: true, result: gatherError(gathered) };
     }

package/dist/install-ui/block-render.js CHANGED Viewed

@@ -13,6 +13,7 @@ const HEADLINES = {
     license: "license policy",
     "hash-mismatch": "artifact integrity mismatch",
     "private-upload-disabled": "private artifact not scanned",
+    "needs-login": "sign-in required",
     "api-unavailable": "scanner unavailable",
     "quota-exceeded": "monthly scan limit reached",
     "api-timeout": "scanner timed out",
@@ -27,6 +28,7 @@ const NEXT_STEP = {
     license: "Replace the dependency or update your license policy.",
     "hash-mismatch": "Clear your package cache and retry. If it persists, do not install.",
     "private-upload-disabled": "Enable private artifact scanning to verify this package.",
+    "needs-login": "Run 'dg login' (free) to check packages from the registry before they install.",
     "quota-exceeded": "Upgrade your plan or wait for your monthly limit to reset. See westbayberry.com/pricing."
 };
 export function describeBlockedInstall(decision) {
@@ -34,7 +36,7 @@ export function describeBlockedInstall(decision) {
     const override = decision.forceOverride && !decision.forceOverride.allowed
         ? "not allowed by your policy"
         : "re-run with --dg-force-install";
-    const nextStep = verifiedBad
+    const nextStep = verifiedBad || decision.cause === "needs-login"
         ? NEXT_STEP[decision.cause]
         : "Re-check later with 'dg verify', or override if you accept the risk.";
     return {
@@ -67,13 +69,13 @@ export function renderInstallDecision(decision) {
     if (decision.dashboardUrl) {
         lines.push(`  Evidence: ${decision.dashboardUrl}`);
     }
-    if (decision.unauthenticated) {
+    if (decision.unauthenticated && decision.cause !== "needs-login") {
         lines.push("  Auth: local policy only (run 'dg login' for full coverage)");
     }
     lines.push(decision.forceOverride && !decision.forceOverride.allowed
         ? "  Override: not allowed by your policy"
         : "  Override: re-run with --dg-force-install");
-    const next = verifiedBad
+    const next = verifiedBad || decision.cause === "needs-login"
         ? NEXT_STEP[decision.cause]
         : "Re-check later with 'dg verify', or override if you accept the risk.";
     if (next) {

package/dist/proxy/server.js CHANGED Viewed

@@ -15,6 +15,7 @@ import { artifactDisplayName, artifactUrlHash, extractRegistryMetadataIdentities
 import { authorityFor, connectViaUpstreamProxy, selectUpstreamProxy } from "./upstream-proxy.js";
 import { redactSecrets } from "../launcher/output-redaction.js";
 import { envAuthToken } from "../auth/env-token.js";
+import { identityHeaders } from "../api/analyze.js";
 export async function startProductionHttpProxy(options) {
     const ca = createEphemeralCertificateAuthority(options.session.files.ca);
     const state = {
@@ -629,7 +630,8 @@ async function lookupVerdict(options, target, sha256, upstream, identity) {
         const response = await fetch(`${options.apiBaseUrl}/v1/install-verdict`, {
             method: "POST",
             headers: {
-                "Content-Type": "application/json"
+                "Content-Type": "application/json",
+                ...identityHeaders(options.env)
             },
             body: JSON.stringify({
                 manager: options.classification.manager,
@@ -655,6 +657,15 @@ async function lookupVerdict(options, target, sha256, upstream, identity) {
                 reason: "You've reached your monthly scan limit. Upgrade at westbayberry.com/pricing or wait for it to reset."
             };
         }
+        if (response.status === 401) {
+            return {
+                verdict: "block",
+                packageName: artifactDisplayName(identity),
+                cause: "needs-login",
+                unauthenticated: true,
+                reason: "Checking a package from the registry before it installs requires sign-in."
+            };
+        }
         if (!response.ok) {
             return {
                 verdict: "block",
@@ -898,6 +909,7 @@ function isProxyCause(value) {
         "license",
         "hash-mismatch",
         "private-upload-disabled",
+        "needs-login",
         "api-unavailable",
         "quota-exceeded",
         "api-timeout",

package/dist/scan-ui/components/InteractiveResultsView.js CHANGED Viewed

@@ -37,6 +37,19 @@ function actionBadge(action) {
         return { label: "Unknown", color: chalk.cyan };
     return { label: "Pass", color: chalk.green };
 }
+function isYankedIncomplete(pkg) {
+    if (pkg.action !== "analysis_incomplete")
+        return false;
+    const haystack = [...(pkg.reasons ?? []), ...pkg.findings.map((f) => f.title ?? "")]
+        .join(" ")
+        .toLowerCase();
+    return haystack.includes("unpublish") || haystack.includes("yank") || haystack.includes("removed from the registr");
+}
+export function packageBadge(pkg) {
+    if (isYankedIncomplete(pkg))
+        return { label: "Removed", color: chalk.yellow };
+    return actionBadge(pkg.action);
+}
 const EVIDENCE_LIMIT = 2;
 // Fixed lines outside the scrollable group area:
 //  5  ScoreHeader box  |  2  Flagged box top  |  2  scroll indicators
@@ -1066,7 +1079,7 @@ export const InteractiveResultsView = ({ result, config: _config, durationMs, on
         const dpGroup = groups[detailPane.groupIndex];
         if (dpGroup) {
             const dpRep = firstPackage(dpGroup);
-            const { color: dpColor } = actionBadge(dpRep.action);
+            const { color: dpColor } = packageBadge(dpRep);
             const dpScroll = detailPane.scroll;
             const dpAbove = dpScroll;
             const dpBelow = Math.max(0, detailLines.length - dpScroll - detailContentRows);
@@ -1080,7 +1093,7 @@ export const InteractiveResultsView = ({ result, config: _config, durationMs, on
                                 const isCursor = globalIdx === clampedCursor;
                                 const level = getLevel(globalIdx);
                                 const rep = firstPackage(group);
-                                const { label, color } = actionBadge(rep.action);
+                                const { label, color } = packageBadge(rep);
                                 const names = groupNames(group);
                                 const scoreStr = String(rep.score);
                                 const lcInfo = rep.license;

package/dist/setup/plan.js CHANGED Viewed

@@ -17,6 +17,10 @@ export const RC_SENTINEL = "dg-shell-rc-v1";
 export const GUARD_HOOK_SENTINEL = "dg-git-hook-v1";
 export const RC_BEGIN = "# >>> dg setup >>>";
 export const RC_END = "# <<< dg setup <<<";
+const LEGACY_RC_MARKERS = [
+    { begin: "# >>> dg-managed >>>", end: "# <<< dg-managed <<<" }
+];
+const LEGACY_RC_CANDIDATES = [".zshrc", ".bashrc", ".bash_profile", ".profile", join(".config", "fish", "config.fish")];
 export const SETUP_UNINSTALL_LOCK = "setup-uninstall";
 export const SETUP_UNINSTALL_LOCK_STALE_MS = 30 * 60 * 1000;
 export const STALE_SESSION_OLDER_THAN_MS = 24 * 60 * 60 * 1000;
@@ -191,6 +195,7 @@ export function uninstallSetup(options) {
                 reverseGitHookEntry(entry, removed, missing, warnings);
             }
         }
+        sweepLegacyRcBlocks(paths.homeDir, removed, warnings);
         if (!options.all && !registryRead.malformed && options.keepConfig) {
             writeRegistryWithLock(paths, {
                 version: 1,
@@ -481,6 +486,37 @@ function stripRcBlock(existing) {
     const unterminatedPattern = new RegExp(`${escapeRegex(RC_BEGIN)}\\n[\\s\\S]*$`, "g");
     return existing.replace(pattern, "").replace(unterminatedPattern, "");
 }
+function sweepLegacyRcBlocks(homeDir, removed, warnings) {
+    for (const rel of LEGACY_RC_CANDIDATES) {
+        const rcPath = join(homeDir, rel);
+        const existing = readText(rcPath);
+        if (!existing) {
+            continue;
+        }
+        let next = existing;
+        for (const marker of LEGACY_RC_MARKERS) {
+            if (!next.includes(marker.begin)) {
+                continue;
+            }
+            if (!next.includes(marker.end)) {
+                warnings.push(`legacy dg block in ${rcPath} is missing its end marker; left untouched`);
+                continue;
+            }
+            const pattern = new RegExp(`${escapeRegex(marker.begin)}\\n[\\s\\S]*?${escapeRegex(marker.end)}\\n?`, "g");
+            next = next.replace(pattern, "");
+        }
+        if (next === existing) {
+            continue;
+        }
+        try {
+            writeFileSync(rcPath, next, "utf8");
+            removed.push(`${rcPath} (legacy dg block)`);
+        }
+        catch (error) {
+            warnings.push(`could not strip legacy dg block from ${rcPath}: ${error instanceof Error ? error.message : "write error"}`);
+        }
+    }
+}
 export function cleanupEntry(kind, path, mode, now, sentinel) {
     return {
         kind,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@westbayberry/dg",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "Dependency Guardian supply-chain firewall CLI",
   "type": "module",
   "bin": {