npm - cc-cream - Versions diffs - 0.1.17 → 0.1.18 - Mend

cc-cream 0.1.17 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,19 @@ All notable changes to cc-cream are documented here. Format follows
 [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); versions follow
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.1.18] — 2026-05-29
+### Security
+- **Status-line text is now stripped of terminal control characters before output.** Three stdin-derived fields — `model.display_name`, `session_name`, and `effort.level` — were written to the terminal verbatim on every render. Because `session_name` can be derived from conversation content (which may include untrusted material), an embedded ANSI/OSC escape sequence would have been interpreted by the terminal (window-title/clipboard rewrites via OSC, or cursor/erase sequences that spoof or hide output). `paint()` now passes every segment through a `sanitize()` pass that drops C0/C1 control bytes (incl. ESC, BEL, DEL) while preserving the tool's own color codes, which are added afterward. The bar is purely visual, so the strip is lossless.
+- **A crafted `session_id` can no longer corrupt the session-state map.** `session_id` is used as an object key; values of `__proto__`/`constructor`/`prototype` are now rejected in `getSessionState`/`patchSessionState`, and reads use `Object.hasOwn`.
+### Fixed
+- **Writes to `settings.json` (and the state file) are now atomic.** `install.js`, the `SessionStart` auto-setup hook, and `state.js` wrote via a direct `writeFileSync` over the live file; an interruption (crash, `ENOSPC`) mid-write could truncate `settings.json` and erase the user's permissions/hooks/plugins/MCP config — the very loss `readSettings` works to avoid. They now write a sibling temp file and `rename` it over the target (atomic within a filesystem; the temp shares the target's directory so the rename never crosses devices).
+- **The plugin auto-update command now quotes the node binary path** (`exec "${nodePath}"`), so a node path containing spaces no longer breaks the status line.
+### Changed
+- **The session-state map is capped at 50 entries**, evicting the least-recently-touched sessions. It previously gained one key per `session_id` and was never pruned, growing without bound.
 ## [0.1.17] — 2026-05-29
 ### Fixed
@@ -142,6 +155,7 @@ line and prints a colored ≤3-row bar — zero tokens, the model never sees it.
 - Supports **macOS and Linux**; Windows is a planned fast-follow.
 - Requires Claude Code **2.1.132+** (`effort` / `thinking` need 2.1.145+).
+[0.1.18]: https://github.com/bart-turczynski/cc-cream/compare/v0.1.17...v0.1.18
 [0.1.17]: https://github.com/bart-turczynski/cc-cream/compare/v0.1.16...v0.1.17
 [0.1.16]: https://github.com/bart-turczynski/cc-cream/compare/v0.1.15...v0.1.16
 [0.1.15]: https://github.com/bart-turczynski/cc-cream/compare/v0.1.14...v0.1.15

package/README.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # cc-cream
+[![CI](https://img.shields.io/github/actions/workflow/status/bart-turczynski/cc-cream/ci.yml?branch=main&label=CI)](https://github.com/bart-turczynski/cc-cream/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/cc-cream)](https://www.npmjs.com/package/cc-cream)
+[![Socket Badge](https://socket.dev/api/badge/npm/package/cc-cream)](https://socket.dev/npm/package/cc-cream)
+[![install size](https://img.shields.io/bundlephobia/minzip/cc-cream)](https://bundlephobia.com/package/cc-cream)
+[![License: MIT](https://img.shields.io/npm/l/cc-cream)](https://github.com/bart-turczynski/cc-cream/blob/main/LICENSE)
 **C.R.E.A.M. — Cache Rules Everything Around Me.**
 A lightweight status-line tool for [Claude Code](https://claude.com/claude-code)
@@ -116,6 +122,13 @@ The installer:
 After install, Claude Code must be **trusted** for the directory (if prompted),
 and you may need to **restart** it for the bar to appear.
+> **Pick one install method.** If you wire cc-cream via npm/manual (Options 2–3)
+> and *then* install the plugin, the plugin won't take over the existing wiring —
+> it points at your home copy, so `/plugin update` won't auto-update the bar. To
+> switch to the auto-updating plugin, run `/cc-cream:setup` (or `cc-cream-setup
+> --uninstall` first). Nothing breaks either way; it just stays on whichever
+> method wired it.
 ### Uninstall
 Plugin users — two steps, **in this order** (Claude Code can't clean

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cc-cream",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "description": "Claude Code cache/context/cost status-line tool",
   "directories": {
     "doc": "docs"

package/src/install.js CHANGED Viewed

@@ -37,7 +37,7 @@ const TRUST_NOTE =
 // MODULE_NOT_FOUND on every render. "Degrade, never crash" (CLAUDE.md). `exec`
 // replaces the shell so stdin/stdout pass straight through to the renderer.
 export function autoUpdateCommand(nodePath) {
-  return `d="$(ls -1d "\${CLAUDE_CONFIG_DIR:-$HOME/.claude}"/plugins/cache/*/cc-cream/*/ 2>/dev/null | grep -E '/[0-9]+(\\.[0-9]+)+/$' | sort -V | tail -1)"; [ -z "$d" ] && exit 0; exec ${nodePath} "\${d}src/cc-cream.js"`;
+  return `d="$(ls -1d "\${CLAUDE_CONFIG_DIR:-$HOME/.claude}"/plugins/cache/*/cc-cream/*/ 2>/dev/null | grep -E '/[0-9]+(\\.[0-9]+)+/$' | sort -V | tail -1)"; [ -z "$d" ] && exit 0; exec "${nodePath}" "\${d}src/cc-cream.js"`;
 }
 // `desired` is considered already installed if it matches the planned command
@@ -143,6 +143,22 @@ function destinationPath() {
   return path.join(os.homedir(), '.claude', 'cc-cream', 'cc-cream.js');
 }
+// Write `contents` to `file` atomically: write a sibling temp file, then rename
+// over the target (rename is atomic within a filesystem). settings.json holds
+// the user's permissions/hooks/plugins/MCP config — a direct writeFileSync that
+// is interrupted (crash, ENOSPC) could truncate it and erase all of that. The
+// temp file shares the target's directory so the rename never crosses devices.
+export function writeFileAtomic(file, contents) {
+  const tmp = `${file}.tmp-${process.pid}`;
+  fs.writeFileSync(tmp, contents);
+  try {
+    fs.renameSync(tmp, file);
+  } catch (err) {
+    try { fs.rmSync(tmp, { force: true }); } catch {}
+    throw err;
+  }
+}
 // Read settings.json safely. A MISSING or empty file -> {} (fresh start, nothing
 // to lose). A file that exists with content but fails to parse, or parses to a
 // non-object, is REFUSED: we exit rather than overwrite and erase the user's
@@ -221,7 +237,7 @@ async function uninstall({ purge }) {
   const result = planUninstall(settings);
   for (const m of result.messages) console.log(m);
   if (result.changed) {
-    fs.writeFileSync(file, `${JSON.stringify(result.settings, null, 2)}\n`);
+    writeFileAtomic(file, `${JSON.stringify(result.settings, null, 2)}\n`);
     console.log(`\nUpdated ${file}.`);
   }
@@ -323,7 +339,7 @@ async function main() {
   for (const m of result.messages) console.log(m);
   if (result.changed) {
     fs.mkdirSync(path.dirname(file), { recursive: true });
-    fs.writeFileSync(file, `${JSON.stringify(result.settings, null, 2)}\n`);
+    writeFileAtomic(file, `${JSON.stringify(result.settings, null, 2)}\n`);
     console.log(`\nWrote ${file}.`);
   }
 }

package/src/state.js CHANGED Viewed

@@ -1,6 +1,17 @@
 import fs from 'node:fs';
+import process from 'node:process';
 import { isNum, numOr } from './utils.js';
+// Cap on retained per-session entries. The state file gains one key per
+// session_id and is never otherwise pruned, so without a cap it grows without
+// bound. We keep the most-recently-touched sessions (by `ts`) and drop the rest.
+const MAX_SESSIONS = 50;
+// session_id is used as an object key. A value of __proto__/constructor/prototype
+// would mutate the object's prototype instead of storing data; reject those so a
+// crafted or poisoned id can't corrupt the session map.
+const isUnsafeKey = (k) => k === '__proto__' || k === 'constructor' || k === 'prototype';
 export function readState(stateFilePath) {
   try {
     const raw = fs.readFileSync(stateFilePath, 'utf8');
@@ -13,25 +24,45 @@ export function readState(stateFilePath) {
 }
 export function writeState(stateFilePath, state) {
+  // Atomic write: a direct writeFileSync interrupted mid-write (crash, ENOSPC)
+  // would truncate the state file. Write a sibling temp file, then rename over
+  // the target (atomic within a filesystem; the temp shares the target's dir so
+  // the rename never crosses devices). State is regenerable, so any failure
+  // degrades silently — a stateless render is fine.
+  const tmp = `${stateFilePath}.tmp-${process.pid}`;
   try {
-    fs.writeFileSync(stateFilePath, JSON.stringify(state));
+    fs.writeFileSync(tmp, JSON.stringify(state));
+    fs.renameSync(tmp, stateFilePath);
   } catch {
-    // degrade silently — stateless render is fine
+    try { fs.rmSync(tmp, { force: true }); } catch {}
   }
 }
 export function getSessionState(state, sessionId) {
-  if (!sessionId || typeof sessionId !== 'string') return null;
+  if (!sessionId || typeof sessionId !== 'string' || isUnsafeKey(sessionId)) return null;
   const sessions = state?.sessions;
   if (!sessions || typeof sessions !== 'object') return null;
-  return sessions[sessionId] ?? null;
+  return Object.hasOwn(sessions, sessionId) ? sessions[sessionId] : null;
+}
+// Keep at most MAX_SESSIONS entries, evicting the lowest `ts` (oldest touched)
+// first. Sessions without a numeric ts sort oldest.
+function prune(sessions) {
+  const keys = Object.keys(sessions);
+  if (keys.length <= MAX_SESSIONS) return sessions;
+  const keep = keys
+    .sort((a, b) => numOr(sessions[b]?.ts, 0) - numOr(sessions[a]?.ts, 0))
+    .slice(0, MAX_SESSIONS);
+  const out = {};
+  for (const k of keep) out[k] = sessions[k];
+  return out;
 }
 export function patchSessionState(state, sessionId, patch) {
-  if (!sessionId || typeof sessionId !== 'string') return state;
+  if (!sessionId || typeof sessionId !== 'string' || isUnsafeKey(sessionId)) return state;
   const sessions = { ...(state?.sessions ?? {}) };
   sessions[sessionId] = { ...(sessions[sessionId] ?? {}), ...patch };
-  return { ...state, sessions };
+  return { ...state, sessions: prune(sessions) };
 }
 export function nextSessionPatch(data, prevSessionState, cfg, now) {

package/src/utils.js CHANGED Viewed

@@ -32,8 +32,19 @@ export function fmtNum(n, mode) {
   return String(n);
 }
+// Strip C0/C1 control characters (incl. ESC, BEL, DEL) from any text bound for
+// the terminal. stdin fields like session_name, model.display_name, and
+// effort.level are echoed into the status line verbatim; without this, escape
+// sequences smuggled into them would be interpreted by the terminal (title/OSC
+// rewrites, clipboard writes, cursor moves that spoof or hide output). The bar
+// is purely visual, so dropping control bytes is lossless. The tool's own ANSI
+// color codes are added AFTER sanitizing, so they survive.
+// biome-ignore lint/suspicious/noControlCharactersInRegex: stripping control bytes is the intent
+const sanitize = (text) => String(text).replace(/[\x00-\x1f\x7f-\x9f]/g, '');
 export function paint(text, color) {
-  return color && ANSI[color] ? `${ANSI[color]}${text}\x1b[0m` : text;
+  const clean = sanitize(text);
+  return color && ANSI[color] ? `${ANSI[color]}${clean}\x1b[0m` : clean;
 }
 // 3-arg form: band(value, amber, red) — used by ttl / rate limits.