az2aws 1.4.0 → 1.6.0

package/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Changelog
 
+## [1.6.0](https://github.com/kuma0128/az2aws/compare/v1.5.0...v1.6.0) (2026-03-17)
+
+
+### Features
+
+* add incognito mode option ([#97](https://github.com/kuma0128/az2aws/issues/97)) ([01d5f98](https://github.com/kuma0128/az2aws/commit/01d5f98897795eca9cef1b372284ac0a8c24b840))
+* notify new available version ([#137](https://github.com/kuma0128/az2aws/issues/137)) ([c204bae](https://github.com/kuma0128/az2aws/commit/c204bae4ec57ea0b63d01d5d6c963951f8341318))
+
+
+### Bug Fixes
+
+* update dependencies and add Dependabot config ([#120](https://github.com/kuma0128/az2aws/issues/120)) ([c500dd0](https://github.com/kuma0128/az2aws/commit/c500dd06fd4c799bde467d069ec03ac244967542))
+* update workflows to use pnpm cache and remove standalone option ([#119](https://github.com/kuma0128/az2aws/issues/119)) ([8d759c3](https://github.com/kuma0128/az2aws/commit/8d759c34d8d04211325cfba56692e2cbc55cfe51))
+
+## [1.5.0](https://github.com/kuma0128/az2aws/compare/v1.4.0...v1.5.0) (2026-02-12)
+
+
+### Features
+
+* optimize Docker image build ([#105](https://github.com/kuma0128/az2aws/issues/105)) ([fc7f491](https://github.com/kuma0128/az2aws/commit/fc7f491a3d3029f3dbca750b984cbb3b5ea4bd3a))
+
+
+### Bug Fixes
+
+* handle TargetCloseError from incompatible browser profile ([#117](https://github.com/kuma0128/az2aws/issues/117)) ([d5c1752](https://github.com/kuma0128/az2aws/commit/d5c17521cd179891a13c8285d451ad353b47bc71))
+
 ## [1.4.0](https://github.com/kuma0128/az2aws/compare/v1.3.0...v1.4.0) (2026-02-12)
 
 

package/README.md

@@ -100,6 +100,7 @@ https://snapcraft.io/az2aws
 | `--enable-chrome-seamless-sso` | Enable Azure AD Seamless SSO |
 | `--no-disable-extensions` | Keep browser extensions enabled |
 | `--disable-gpu` | Disable GPU acceleration |
+| `--incognito` | Open the login flow in an incognito browser context |
 | `--version (-v)` | Show version number |
 
 ## Usage
@@ -132,6 +133,10 @@ Enable "Stay logged in" during configuration to use `--no-prompt` without storin
     az2aws --no-prompt
     az2aws --profile foo --no-prompt
 
+`--incognito` starts the login flow in a fresh incognito browser context. This
+helps avoid reusing an existing browser session, and it overrides any saved
+"Stay logged in" browser state for that run.
+
 #### Environment Variables
 
 You can set defaults via environment variables (use with `--no-prompt`):
@@ -176,6 +181,7 @@ Example:
     az2aws                    # Default profile
     az2aws --profile foo      # Named profile
     az2aws --mode gui         # Use browser UI (more reliable)
+    az2aws --mode gui --incognito  # Open a fresh incognito login window
 
 You'll be prompted for username, password, and MFA if required. After login, use AWS CLI/SDKs as usual.
 
@@ -186,6 +192,16 @@ You'll be prompted for username, password, and MFA if required. After login, use
 
 #### Troubleshooting
 
+If you see `TargetCloseError: Protocol error (Target.setAutoAttach): Target closed`,
+the browser profile may be incompatible with the bundled Chromium version
+(e.g., after upgrading or downgrading az2aws). When using the default
+managed profile (`~/.aws/chromium`) with "Stay logged in" enabled, az2aws
+will automatically reset the profile and retry. If you have set
+`BROWSER_USER_DATA_DIR` to point to an existing Chrome profile, az2aws
+will **not** modify that directory — you will need to resolve the
+incompatibility manually (e.g., update az2aws, or use a different
+`BROWSER_USER_DATA_DIR`).
+
 If you see device compliance errors (e.g., "Device UnSecured Or Non-Compliant"),
 Try:
  `--mode gui` and use your system Chrome via `BROWSER_CHROME_BIN`.

package/eslint.config.cjs

@@ -0,0 +1,36 @@
+const tseslint = require("@typescript-eslint/eslint-plugin");
+const prettier = require("eslint-config-prettier");
+const sourceFiles = ["src/**/*.ts", "typings/**/*.ts"];
+
+module.exports = [
+  {
+    ignores: [
+      "**/*.test.ts",
+      "vitest.config.ts",
+      "eslint.config.cjs",
+      "lib/**",
+      "coverage/**",
+    ],
+  },
+  {
+    linterOptions: {
+      reportUnusedDisableDirectives: "off",
+    },
+  },
+  ...tseslint.configs["flat/recommended-type-checked"].map((config) => ({
+    ...config,
+    files: sourceFiles,
+  })),
+  {
+    files: sourceFiles,
+    languageOptions: {
+      parserOptions: {
+        project: "./tsconfig.json",
+        tsconfigRootDir: __dirname,
+        ecmaVersion: 2018,
+        sourceType: "module",
+      },
+    },
+  },
+  prettier,
+];

package/lib/awsConfig.js

@@ -7,7 +7,7 @@ exports.awsConfig = void 0;
 const ini_1 = __importDefault(require("ini"));
 const debug_1 = __importDefault(require("debug"));
 const paths_1 = require("./paths");
-const mkdirp_1 = __importDefault(require("mkdirp"));
+const mkdirp_1 = require("mkdirp");
 const fs_1 = __importDefault(require("fs"));
 const util_1 = __importDefault(require("util"));
 const debug = (0, debug_1.default)("az2aws");
@@ -101,7 +101,7 @@ exports.awsConfig = {
         debug(`Stringifying ${type} INI data`);
         const text = ini_1.default.stringify(data);
         debug(`Creating AWS config directory '${paths_1.paths.awsDir}' if not exists.`);
-        await (0, mkdirp_1.default)(paths_1.paths.awsDir);
+        await (0, mkdirp_1.mkdirp)(paths_1.paths.awsDir);
         debug(`Writing '${type}' INI to file '${paths_1.paths[type]}'`);
         await writeFile(paths_1.paths[type], text);
     },

package/lib/configureProfileAsync.js

@@ -11,23 +11,27 @@ async function configureProfileAsync(profileName) {
     const profile = await awsConfig_1.awsConfig.getProfileConfigAsync(profileName);
     const questions = [
         {
+            type: "input",
             name: "tenantId",
             message: "Azure Tenant ID:",
-            validate: (input) => !!input,
+            validate: (input) => input.trim().length > 0,
             default: profile && profile.azure_tenant_id,
         },
         {
+            type: "input",
             name: "appIdUri",
             message: "Azure App ID URI:",
-            validate: (input) => !!input,
+            validate: (input) => input.trim().length > 0,
             default: profile && profile.azure_app_id_uri,
         },
         {
+            type: "input",
             name: "username",
             message: "Default Username:",
             default: profile && profile.azure_default_username,
         },
         {
+            type: "input",
             name: "rememberMe",
             message: "Stay logged in: skip authentication while refreshing aws credentials (true|false)",
             default: (profile &&
@@ -41,22 +45,25 @@ async function configureProfileAsync(profileName) {
             },
         },
         {
+            type: "input",
             name: "defaultRoleArn",
             message: "Default Role ARN (if multiple):",
             default: profile && profile.azure_default_role_arn,
         },
         {
+            type: "input",
             name: "defaultDurationHours",
             message: "Default Session Duration Hours (up to 12):",
             default: (profile && profile.azure_default_duration_hours) || 1,
             validate: (input) => {
-                input = Number(input);
-                if (input > 0 && input <= 12)
+                const num = Number(input);
+                if (num > 0 && num <= 12)
                     return true;
                 return "Duration hours must be between 1 and 12";
             },
         },
         {
+            type: "input",
             name: "region",
             message: "AWS Region:",
             default: profile && profile.region,

package/lib/index.js

@@ -6,7 +6,8 @@ process.on("SIGTERM", () => process.exit(1));
 const commander_1 = require("commander");
 const configureProfileAsync_1 = require("./configureProfileAsync");
 const login_1 = require("./login");
-// eslint-disable-next-line @typescript-eslint/no-var-requires
+const updateNotifier_1 = require("./updateNotifier");
+// eslint-disable-next-line @typescript-eslint/no-require-imports
 const { version } = require("../package.json");
 const program = new commander_1.Command();
 program
@@ -23,6 +24,7 @@ program
     .option("--enable-chrome-seamless-sso", "Enable Chromium's pass-through authentication with Azure Active Directory Seamless Single Sign-On")
     .option("--no-disable-extensions", "Tell Puppeteer not to pass the --disable-extensions flag to Chromium")
     .option("--disable-gpu", "Tell Puppeteer to pass the --disable-gpu flag to Chromium")
+    .option("--incognito", "Launch Chromium in incognito mode")
     .parse(process.argv);
 const options = program.opts();
 const profileName = options.profile ||
@@ -37,22 +39,42 @@ const enableChromeSeamlessSso = !!options.enableChromeSeamlessSso;
 const forceRefresh = !!options.forceRefresh;
 const noDisableExtensions = !options.disableExtensions;
 const disableGpu = !!options.disableGpu;
-Promise.resolve()
-    .then(() => {
-    if (options.allProfiles) {
-        return login_1.login.loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu);
+const incognito = !!options.incognito;
+// Start the update lookup immediately, but only print after the main flow ends.
+const updateCheckPromise = (0, updateNotifier_1.checkForUpdate)(version, {
+    useColor: process.stderr.isTTY && !process.env.NO_COLOR,
+});
+async function runAsync() {
+    let exitCode = 0;
+    try {
+        if (options.allProfiles) {
+            await login_1.login.loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu, incognito);
+        }
+        else if (options.configure) {
+            await (0, configureProfileAsync_1.configureProfileAsync)(profileName);
+        }
+        else {
+            await login_1.login.loginAsync(profileName, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu, incognito);
+        }
     }
-    if (options.configure)
-        return (0, configureProfileAsync_1.configureProfileAsync)(profileName);
-    return login_1.login.loginAsync(profileName, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu);
-})
-    .catch((err) => {
-    if (err.name === "CLIError") {
-        console.error(err.message);
-        process.exit(2);
+    catch (err) {
+        if (err instanceof Error && err.name === "CLIError") {
+            console.error(err.message);
+            exitCode = 2;
+        }
+        else {
+            console.error(err);
+            exitCode = 1;
+        }
     }
-    else {
-        console.error(err);
-        process.exit(1);
+    if (exitCode === 0) {
+        const updateMessage = await updateCheckPromise;
+        if (updateMessage) {
+            process.stderr.write(updateMessage);
+        }
     }
-});
+    if (exitCode !== 0) {
+        process.exit(exitCode);
+    }
+}
+void runAsync();

package/lib/login.js

@@ -15,9 +15,8 @@ const querystring_1 = __importDefault(require("querystring"));
 const debug_1 = __importDefault(require("debug"));
 const CLIError_1 = require("./CLIError");
 const awsConfig_1 = require("./awsConfig");
-const https_proxy_agent_1 = require("https-proxy-agent");
 const paths_1 = require("./paths");
-const mkdirp_1 = __importDefault(require("mkdirp"));
+const mkdirp_1 = require("mkdirp");
 const promises_1 = __importDefault(require("fs/promises"));
 const https_1 = require("https");
 const node_http_handler_1 = require("@smithy/node-http-handler");
@@ -32,12 +31,20 @@ const AZURE_AD_SSO = "autologon.microsoftazuread-sso.com";
 const AWS_SAML_ENDPOINT = "https://signin.aws.amazon.com/saml";
 const AWS_CN_SAML_ENDPOINT = "https://signin.amazonaws.cn/saml";
 const AWS_GOV_SAML_ENDPOINT = "https://signin.amazonaws-us-gov.com/saml";
+// Keep the runtime import as native `import()` so CommonJS output can load
+// the ESM-only https-proxy-agent package.
+// eslint-disable-next-line @typescript-eslint/no-implied-eval
+const importHttpsProxyAgent = Function('return import("https-proxy-agent")');
 const getProxyUrl = () => process.env.https_proxy ||
     process.env.HTTPS_PROXY ||
     process.env.http_proxy ||
     process.env.HTTP_PROXY;
 exports.login = {
-    async loginAsync(profileName, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu) {
+    async _createHttpsProxyAgentAsync(proxyUrl, proxyOptions) {
+        const { HttpsProxyAgent } = await importHttpsProxyAgent();
+        return new HttpsProxyAgent(proxyUrl, proxyOptions);
+    },
+    async loginAsync(profileName, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu, incognito = false) {
         let headless, cliProxy;
         if (mode === "cli") {
             headless = true;
@@ -70,16 +77,13 @@ exports.login = {
         }
         console.log("Using AWS SAML endpoint", assertionConsumerServiceURL);
         const loginUrl = await this._createLoginUrlAsync(profile.azure_app_id_uri, profile.azure_tenant_id, assertionConsumerServiceURL);
-        const samlResponse = await this._performLoginAsync(loginUrl, headless, disableSandbox, cliProxy, noPrompt, enableChromeNetworkService, profile.azure_default_username, profile.azure_default_password, enableChromeSeamlessSso, profile.azure_default_remember_me, noDisableExtensions, disableGpu);
+        const samlResponse = await this._performLoginAsync(loginUrl, headless, disableSandbox, cliProxy, noPrompt, enableChromeNetworkService, profile.azure_default_username, profile.azure_default_password, enableChromeSeamlessSso, profile.azure_default_remember_me, noDisableExtensions, disableGpu, incognito);
         const roles = this._parseRolesFromSamlResponse(samlResponse);
         const { role, durationHours } = await this._askUserForRoleAndDurationAsync(roles, noPrompt, profile.azure_default_role_arn, profile.azure_default_duration_hours);
         await this._assumeRoleAsync(profileName, samlResponse, role, durationHours, awsNoVerifySsl, profile.region);
     },
-    async loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu) {
+    async loginAll(mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, forceRefresh, noDisableExtensions, disableGpu, incognito = false) {
         const profiles = await awsConfig_1.awsConfig.getAllProfileNames();
-        if (!profiles) {
-            return;
-        }
         for (const profile of profiles) {
             debug(`Check if profile ${profile} is expired or is about to expire`);
             if (!forceRefresh &&
@@ -88,7 +92,7 @@ exports.login = {
                 continue;
             }
             debug(`Run login for profile: ${profile}`);
-            await this.loginAsync(profile, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu);
+            await this.loginAsync(profile, mode, disableSandbox, noPrompt, enableChromeNetworkService, awsNoVerifySsl, enableChromeSeamlessSso, noDisableExtensions, disableGpu, incognito);
         }
     },
     // Gather data from environment variables
@@ -182,16 +186,20 @@ exports.login = {
      * @param {bool} [rememberMe] - Enable remembering the session
      * @param {bool} [noDisableExtensions] - True to prevent Puppeteer from disabling Chromium extensions
      * @param {bool} [disableGpu] - Disables GPU Acceleration
+     * @param {bool} [incognito] - Launch the login flow in an incognito browser context
      * @returns {Promise.<string>} The SAML response.
      * @private
      */
-    async _performLoginAsync(url, headless, disableSandbox, cliProxy, noPrompt, enableChromeNetworkService, defaultUsername, defaultPassword, enableChromeSeamlessSso, rememberMe, noDisableExtensions, disableGpu) {
+    async _performLoginAsync(url, headless, disableSandbox, cliProxy, noPrompt, enableChromeNetworkService, defaultUsername, defaultPassword, enableChromeSeamlessSso, rememberMe, noDisableExtensions, disableGpu, incognito = false) {
         debug("Loading login page in Chrome");
         let browser;
+        const useRememberMe = rememberMe && !incognito;
         try {
             const args = headless
                 ? []
-                : [`--app=${url}`, `--window-size=${WIDTH},${HEIGHT}`];
+                : incognito
+                    ? [`--window-size=${WIDTH},${HEIGHT}`]
+                    : [`--app=${url}`, `--window-size=${WIDTH},${HEIGHT}`];
             if (disableSandbox)
                 args.push("--no-sandbox");
             if (enableChromeNetworkService)
@@ -199,12 +207,12 @@ exports.login = {
             if (enableChromeSeamlessSso)
                 args.push(`--auth-server-whitelist=${AZURE_AD_SSO}`, `--auth-negotiate-delegate-whitelist=${AZURE_AD_SSO}`);
             debug(`rememberMe value: ${rememberMe} (type: ${typeof rememberMe})`);
-            if (rememberMe) {
+            if (useRememberMe) {
                 if (paths_1.paths.userDataDir) {
                     args.push(`--user-data-dir=${paths_1.paths.userDataDir}`);
                 }
                 else {
-                    await (0, mkdirp_1.default)(paths_1.paths.chromium);
+                    await (0, mkdirp_1.mkdirp)(paths_1.paths.chromium);
                     args.push(`--user-data-dir=${paths_1.paths.chromium}`);
                 }
                 // --profile-directory requires --user-data-dir to work properly
@@ -212,6 +220,9 @@ exports.login = {
                     args.push(`--profile-directory=${paths_1.paths.profileDir}`);
                 }
             }
+            if (incognito && rememberMe) {
+                console.warn("WARNING: Incognito mode overrides 'Stay logged in' and ignores saved Chrome profiles.");
+            }
             const proxyUrl = getProxyUrl();
             if (proxyUrl) {
                 args.push(`--proxy-server=${proxyUrl}`);
@@ -235,13 +246,13 @@ exports.login = {
             }
             catch (e) {
                 if (e instanceof Error &&
-                    e.constructor.name === "TargetCloseError" &&
-                    rememberMe) {
-                    const userDataDir = paths_1.paths.userDataDir || paths_1.paths.chromium;
-                    debug(`Browser launch failed with TargetCloseError. Resetting profile at ${userDataDir}`);
+                    e.name === "TargetCloseError" &&
+                    useRememberMe &&
+                    !paths_1.paths.userDataDir) {
+                    debug(`Browser launch failed with TargetCloseError. Resetting profile at ${paths_1.paths.chromium}`);
                     console.warn("Browser profile appears incompatible. Resetting profile data and retrying...");
-                    await promises_1.default.rm(userDataDir, { recursive: true, force: true });
-                    await (0, mkdirp_1.default)(userDataDir);
+                    await promises_1.default.rm(paths_1.paths.chromium, { recursive: true, force: true });
+                    await (0, mkdirp_1.mkdirp)(paths_1.paths.chromium);
                     browser = await puppeteer_1.default.launch(launchParams);
                 }
                 else {
@@ -250,8 +261,20 @@ exports.login = {
             }
             // Wait for a bit as sometimes the browser isn't ready.
             await bluebird_1.default.delay(200);
-            const pages = await browser.pages();
-            const page = pages[0];
+            let page;
+            if (incognito) {
+                const existingPages = await browser.pages();
+                const context = await browser.createBrowserContext();
+                page = await context.newPage();
+                await Promise.all(existingPages.map((existingPage) => existingPage.close()));
+                if (!headless) {
+                    await page.bringToFront();
+                }
+            }
+            else {
+                const pages = await browser.pages();
+                page = pages[0];
+            }
             await page.setExtraHTTPHeaders({
                 "Accept-Language": "en",
             });
@@ -290,7 +313,7 @@ exports.login = {
             debug("Enabling request interception");
             await page.setRequestInterception(true);
             try {
-                if (headless || (!headless && cliProxy)) {
+                if (incognito || headless || cliProxy) {
                     debug("Going to login page");
                     await page.goto(url, { waitUntil: "domcontentloaded" });
                 }
@@ -332,7 +355,7 @@ exports.login = {
                             debug(`Found state: ${state.name}`);
                             await Promise.race([
                                 samlResponsePromise,
-                                state.handler(page, selected, noPrompt, defaultUsername, defaultPassword, rememberMe),
+                                state.handler(page, selected, noPrompt, defaultUsername, defaultPassword, useRememberMe),
                             ]);
                             debug(`Finished state: ${state.name}`);
                             break;
@@ -422,10 +445,13 @@ exports.login = {
         let durationHours = 1;
         if (defaultDurationHours) {
             const parsedDuration = parseInt(defaultDurationHours, 10);
-            if (!Number.isNaN(parsedDuration) && parsedDuration > 0) {
+            if (!Number.isNaN(parsedDuration) &&
+                parsedDuration > 0 &&
+                parsedDuration <= 12) {
                 durationHours = parsedDuration;
             }
         }
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         const questions = [];
         if (roles.length === 0) {
             throw new CLIError_1.CLIError("No roles found in SAML response.");
@@ -450,7 +476,7 @@ exports.login = {
                 questions.push({
                     name: "role",
                     message: "Role:",
-                    type: "list",
+                    type: "select",
                     choices: roles.map((r) => r.roleArn).sort(),
                     default: defaultRoleArn,
                 });
@@ -471,8 +497,8 @@ exports.login = {
                 type: "input",
                 default: defaultDurationHours || 1,
                 validate: (input) => {
-                    input = Number(input);
-                    if (input > 0 && input <= 12)
+                    const num = Number(input);
+                    if (num > 0 && num <= 12)
                         return true;
                     return "Duration hours must be between 1 and 12";
                 },
@@ -519,7 +545,7 @@ exports.login = {
             stsOptions = {
                 ...stsOptions,
                 requestHandler: new node_http_handler_1.NodeHttpHandler({
-                    httpsAgent: new https_proxy_agent_1.HttpsProxyAgent(proxyUrl, proxyOptions),
+                    httpsAgent: await this._createHttpsProxyAgentAsync(proxyUrl, proxyOptions),
                 }),
             };
         }

package/lib/loginStates.js

@@ -37,8 +37,10 @@ exports.states = [
             }
             else {
                 debug("Prompting user for username");
+                // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
                 ({ username } = await inquirer_1.default.prompt([
                     {
+                        type: "input",
                         name: "username",
                         message: "Username:",
                         default: defaultUsername,
@@ -115,7 +117,7 @@ exports.states = [
                     {
                         name: "account",
                         message: "Account:",
-                        type: "list",
+                        type: "select",
                         choices: accounts.map((a) => a.message),
                         default: aadTileMessage,
                     },
@@ -187,6 +189,7 @@ exports.states = [
             }
             else {
                 debug("Prompting user for password");
+                // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
                 ({ password } = await inquirer_1.default.prompt([
                     {
                         name: "password",
@@ -272,8 +275,10 @@ exports.states = [
                 (d) => { var _a; return (_a = d === null || d === void 0 ? void 0 : d.textContent) !== null && _a !== void 0 ? _a : ""; }, description);
                 console.log(descriptionMessage);
             }
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
             const { verificationCode } = await inquirer_1.default.prompt([
                 {
+                    type: "input",
                     name: "verificationCode",
                     message: "Verification Code:",
                 },

package/lib/updateNotifier.js

@@ -0,0 +1,147 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkForUpdate = checkForUpdate;
+const https_1 = __importDefault(require("https"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const PACKAGE_NAME = "az2aws";
+const CACHE_TTL_MS = 1000 * 60 * 60 * 24; // 24 hours
+const FAKE_LATEST_VERSION_ENV = "AZ2AWS_FAKE_LATEST_VERSION";
+const ANSI_YELLOW = "\u001b[33m";
+const ANSI_RESET = "\u001b[0m";
+function getCachePath() {
+    return path_1.default.join(os_1.default.homedir(), ".config", "az2aws", "update-check.json");
+}
+function readCache() {
+    try {
+        const data = fs_1.default.readFileSync(getCachePath(), "utf-8");
+        const cache = JSON.parse(data);
+        if (Date.now() - cache.checkedAt < CACHE_TTL_MS) {
+            return cache;
+        }
+    }
+    catch (_a) {
+        // Cache doesn't exist or is invalid
+    }
+    return null;
+}
+function writeCache(latestVersion) {
+    try {
+        const cachePath = getCachePath();
+        const dir = path_1.default.dirname(cachePath);
+        fs_1.default.mkdirSync(dir, { recursive: true });
+        fs_1.default.writeFileSync(cachePath, JSON.stringify({ latestVersion, checkedAt: Date.now() }));
+    }
+    catch (_a) {
+        // Ignore cache write failures
+    }
+}
+function compareVersions(current, latest) {
+    const currentParts = current.split(".").map(Number);
+    const latestParts = latest.split(".").map(Number);
+    for (let i = 0; i < 3; i++) {
+        const c = currentParts[i] || 0;
+        const l = latestParts[i] || 0;
+        if (l > c)
+            return 1;
+        if (l < c)
+            return -1;
+    }
+    return 0;
+}
+function fetchLatestVersion() {
+    return new Promise((resolve, reject) => {
+        const url = `https://registry.npmjs.org/${PACKAGE_NAME}/latest`;
+        const req = https_1.default.get(url, { timeout: 3000 }, (res) => {
+            if (res.statusCode !== 200) {
+                res.resume();
+                reject(new Error(`Unexpected npm registry status code: ${res.statusCode}`));
+                return;
+            }
+            let body = "";
+            res.on("data", (chunk) => {
+                body += chunk.toString();
+            });
+            res.on("end", () => {
+                try {
+                    const data = JSON.parse(body);
+                    resolve(data.version);
+                }
+                catch (_a) {
+                    reject(new Error("Failed to parse npm registry response"));
+                }
+            });
+        });
+        req.on("error", reject);
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Request timed out"));
+        });
+    });
+}
+function detectInstallMethod(env, executablePath) {
+    if (env.SNAP) {
+        return "snap";
+    }
+    if (executablePath === null || executablePath === void 0 ? void 0 : executablePath.includes(`${path_1.default.sep}mise${path_1.default.sep}`)) {
+        return "mise";
+    }
+    return "unknown";
+}
+function getForcedLatestVersion(env) {
+    var _a;
+    const forcedLatestVersion = (_a = env[FAKE_LATEST_VERSION_ENV]) === null || _a === void 0 ? void 0 : _a.trim();
+    return forcedLatestVersion ? forcedLatestVersion : null;
+}
+function getUpdateInstructions(installMethod) {
+    switch (installMethod) {
+        case "mise":
+            return `Run: mise use -g npm:${PACKAGE_NAME}`;
+        case "snap":
+            return `Run: sudo snap refresh ${PACKAGE_NAME}`;
+        default:
+            return `Run: npm install -g ${PACKAGE_NAME}`;
+    }
+}
+function createUpdateMessage(currentVersion, latestVersion, installMethod, useColor = false) {
+    const message = [
+        "",
+        `Update available! ${currentVersion} -> ${latestVersion}`,
+        getUpdateInstructions(installMethod),
+        "",
+    ].join("\n");
+    return useColor ? `${ANSI_YELLOW}${message}${ANSI_RESET}` : message;
+}
+async function checkForUpdate(currentVersion, options = {}) {
+    var _a, _b, _c, _d;
+    try {
+        const env = (_a = options.env) !== null && _a !== void 0 ? _a : process.env;
+        const forcedLatestVersion = getForcedLatestVersion(env);
+        let latestVersion;
+        if (forcedLatestVersion) {
+            latestVersion = forcedLatestVersion;
+        }
+        else {
+            const cache = readCache();
+            if (cache) {
+                latestVersion = cache.latestVersion;
+            }
+            else {
+                latestVersion = await fetchLatestVersion();
+                writeCache(latestVersion);
+            }
+        }
+        if (compareVersions(currentVersion, latestVersion) > 0) {
+            const installMethod = (_b = options.installMethod) !== null && _b !== void 0 ? _b : detectInstallMethod(env, (_c = options.executablePath) !== null && _c !== void 0 ? _c : process.argv[1]);
+            return createUpdateMessage(currentVersion, latestVersion, installMethod, (_d = options.useColor) !== null && _d !== void 0 ? _d : false);
+        }
+    }
+    catch (_e) {
+        // Silently ignore update check failures
+    }
+    return null;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "az2aws",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "Use Azure AD SSO to log into the AWS CLI. A modern, actively maintained alternative to aws-azure-login.",
   "main": "index.js",
   "author": {
@@ -42,7 +42,11 @@
     "onlyBuiltDependencies": [
       "esbuild",
       "puppeteer"
-    ]
+    ],
+    "overrides": {
+      "minimatch@>=9.0.0 <9.0.7": "9.0.7",
+      "yauzl@<3.2.1": "3.2.1"
+    }
   },
   "bin": {
     "az2aws": "lib/index.js"
@@ -51,7 +55,7 @@
     "start": "ts-node-dev src/index.ts",
     "build": "tsc",
     "watch": "tsc -w",
-    "eslint": "eslint . --ext .ts",
+    "eslint": "eslint .",
     "prettier:write": "prettier --write \"src/**/*.{ts,json}\"",
     "prettier:check": "prettier --check \"src/**/*.ts\"",
     "test": "vitest run",
@@ -60,37 +64,32 @@
     "lint": "pnpm eslint && pnpm prettier:check"
   },
   "dependencies": {
-    "@aws-sdk/client-sts": "^3.723.0",
-    "@smithy/node-http-handler": "^2.5.0",
-    "az2aws": "^1.1.0",
+    "@aws-sdk/client-sts": "^3.1009.0",
+    "@smithy/node-http-handler": "^4.4.16",
     "bluebird": "^3.7.2",
-    "cheerio": "^1.0.0-rc.12",
-    "commander": "^9.5.0",
-    "debug": "^4.3.1",
-    "https-proxy-agent": "^7.0.6",
-    "ini": "^3.0.1",
-    "inquirer": "^8.2.6",
-    "mkdirp": "^2.1.6",
-    "puppeteer": "^24.34.0",
-    "uuid": "^9.0.1"
+    "cheerio": "^1.2.0",
+    "commander": "^14.0.3",
+    "debug": "^4.4.3",
+    "https-proxy-agent": "^8.0.0",
+    "ini": "^6.0.0",
+    "inquirer": "^13.3.2",
+    "mkdirp": "^3.0.1",
+    "puppeteer": "^24.39.1",
+    "uuid": "^13.0.0"
   },
   "devDependencies": {
     "@types/bluebird": "^3.5.42",
-    "@types/cheerio": "^0.22.35",
     "@types/debug": "^4.1.12",
-    "@types/ini": "^1.3.34",
-    "@types/inquirer": "^8.2.10",
-    "@types/mkdirp": "^1.0.2",
-    "@types/node": "^24.0.0",
-    "@types/uuid": "^8.3.4",
-    "@typescript-eslint/eslint-plugin": "^6.21.0",
-    "@typescript-eslint/parser": "^6.21.0",
-    "@vitest/coverage-v8": "^4.0.16",
-    "eslint": "^8.57.0",
-    "eslint-config-prettier": "^8.10.0",
-    "prettier": "^2.8.8",
-    "ts-node-dev": "^1.1.8",
-    "typescript": "^5.4.3",
-    "vitest": "^4.0.16"
+    "@types/ini": "^4.1.1",
+    "@types/node": "^25.5.0",
+    "@typescript-eslint/eslint-plugin": "^8.57.0",
+    "@typescript-eslint/parser": "^8.57.0",
+    "@vitest/coverage-v8": "^4.1.0",
+    "eslint": "^10.0.3",
+    "eslint-config-prettier": "^10.1.8",
+    "prettier": "^3.8.1",
+    "ts-node-dev": "^2.0.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.1.0"
   }
 }