npm - claude-yolo-extended - Versions diffs - 1.9.4 → 1.9.5 - Mend

claude-yolo-extended 1.9.4 → 1.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/.editorconfig ADDED Viewed

@@ -0,0 +1,21 @@
+# EditorConfig helps maintain consistent coding styles
+# https://editorconfig.org
+root = true
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+[*.md]
+trim_trailing_whitespace = false
+[*.json]
+indent_size = 2
+[Makefile]
+indent_style = tab

package/.prettierrc ADDED Viewed

@@ -0,0 +1,8 @@
+{
+  "semi": true,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "none",
+  "printWidth": 100,
+  "endOfLine": "lf"
+}

package/AI_HANDOFF.md CHANGED Viewed

@@ -2,12 +2,16 @@
 ## Current State
 * **Last Updated:** 2025-12-26
-* **Version:** 1.9.2 (published)
-* **Status:** Complete
+* **Version:** 1.9.4 (ready for 1.9.5)
+* **Status:** All verification complete, ready to publish
-## Session Summary
-* Updated `@anthropic-ai/claude-code` from 2.0.55 to 2.0.76
-* Published v1.9.2 to npm and GitHub
+## Verification Results
+- npm install: 331 packages, 0 vulnerabilities
+- npm test: 14/14 tests passed
+- npm run lint: 0 errors
+- npm run format: Applied to 4 files
 ## NEXT STEPS (Resume Work Here)
-1. [ ] Monitor for new `@anthropic-ai/claude-code` releases
+1. [ ] Run `npm version patch` to bump to 1.9.5
+2. [ ] Run `git push origin main --tags` to push changes
+3. [ ] Delete CODE_REVIEW_TASKS.md after successful publish

package/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,84 @@
+# Contributing to Claude YOLO Extended
+Thank you for your interest in contributing!
+## Development Setup
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/jslitzkerttcu/claude-yolo.git
+   cd claude-yolo
+   ```
+2. Install dependencies:
+   ```bash
+   npm install
+   ```
+3. Link for local development:
+   ```bash
+   npm link
+   ```
+## Development Workflow
+### Running the Tool
+```bash
+# Run in YOLO mode
+claude-yolo-extended
+# Run in SAFE mode
+claude-yolo-extended --safe
+# Switch modes
+claude-yolo-extended mode yolo
+claude-yolo-extended mode safe
+```
+### Code Quality
+Before submitting a PR, ensure:
+```bash
+# Run linting
+npm run lint
+# Run tests
+npm test
+# Check formatting
+npm run format:check
+```
+### Commit Guidelines
+- Use conventional commit messages
+- Keep commits focused and atomic
+- Reference issues when applicable
+### Pull Request Process
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Run linting and tests
+5. Submit a pull request
+## Project Structure
+```
+claude-yolo/
+├── bin/           # CLI entry points
+│   ├── claude-yolo.js  # Main wrapper
+│   ├── cl.js          # cl command wrapper
+│   └── ascii-art.js   # ASCII art and status displays
+├── lib/           # Shared modules
+│   └── constants.js   # Shared constants and utilities
+├── tests/         # Test files
+└── package.json
+```
+## Questions?
+Open an issue on GitHub if you have questions or suggestions.

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,36 @@
+# Security Policy
+## Supported Versions
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.9.x   | :white_check_mark: |
+| < 1.9   | :x:                |
+## Reporting a Vulnerability
+If you discover a security vulnerability within this project, please report it by opening an issue on GitHub or by emailing the maintainer directly.
+**Please do not publicly disclose the vulnerability until it has been addressed.**
+### What to Include
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+## Security Considerations
+This package modifies the Claude CLI to bypass safety checks when running in YOLO mode. By design, this introduces security risks that users should be aware of:
+1. **File Access**: In YOLO mode, Claude CLI can access any file without permission prompts
+2. **Command Execution**: Safety prompts for potentially dangerous operations are bypassed
+3. **Root Detection**: Root user checks are bypassed to allow running as root
+### Recommendations
+- Only use YOLO mode in trusted, isolated environments
+- Never use YOLO mode with sensitive data or in production
+- Use SAFE mode for normal development work
+- Review Claude's actions carefully when in YOLO mode

package/bin/ascii-art.js CHANGED Viewed

@@ -1,11 +1,4 @@
-// ANSI color codes
-const RED = '\x1b[31m';
-const YELLOW = '\x1b[33m';
-const CYAN = '\x1b[36m';
-const GREEN = '\x1b[32m';
-const RESET = '\x1b[0m';
-const BOLD = '\x1b[1m';
-const ORANGE = '\x1b[38;5;208m';
+import { RED, YELLOW, CYAN, GREEN, ORANGE, RESET, BOLD } from '../lib/constants.js';
 export const YOLO_ART = `${YELLOW}
     ██╗   ██╗ ██████╗ ██╗      ██████╗ ██╗
@@ -49,7 +42,7 @@ export function showSafeActivated() {
 export function showModeStatus(mode) {
   console.log(`${BOLD}Claude CLI Status:${RESET}`);
   console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
   if (mode === 'YOLO') {
     console.log(YOLO_ART);
     console.log(`Mode: ${YELLOW}${BOLD}YOLO${RESET} 🔥`);
@@ -62,4 +55,4 @@ export function showModeStatus(mode) {
     console.log(`Permissions: ${GREEN}REQUIRED${RESET}`);
   }
   console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
-}
+}

package/bin/cl CHANGED Viewed

@@ -3,7 +3,7 @@
 # Claude YOLO/SAFE Mode Wrapper Script
 # Usage: cl /YON | /YOFF | /STATUS | /HELP | [claude commands]
-# Barvy pro výstup
+# Terminal colors
 RED='\033[0;31m'
 YELLOW='\033[1;33m'
 CYAN='\033[0;36m'
@@ -11,24 +11,24 @@ GREEN='\033[0;32m'
 RESET='\033[0m'
 BOLD='\033[1m'
-# Soubor pro uložení stavu
+# State file for mode persistence
 STATE_FILE="$HOME/.claude_yolo_state"
-# Funkce pro čtení aktuálního režimu
+# Function to get current mode
 get_mode() {
     if [ -f "$STATE_FILE" ]; then
         cat "$STATE_FILE"
     else
-        echo "SAFE"  # Výchozí je bezpečný režim
+        echo "SAFE"  # Default to safe mode
     fi
 }
-# Funkce pro nastavení režimu
+# Function to set mode
 set_mode() {
     echo "$1" > "$STATE_FILE"
 }
-# Zpracování argumentů
+# Process arguments
 case "$1" in
     /YON)
         echo -e "${YELLOW}${BOLD}🔥 ACTIVATING YOLO MODE 🔥${RESET}"
@@ -83,10 +83,10 @@ case "$1" in
         ;;
     *)
-        # Spustit Claude v aktuálním režimu
+        # Run Claude in current mode
         MODE=$(get_mode)
-        # Zobrazit režim před spuštěním
+        # Show mode before running
         if [ "$MODE" = "YOLO" ]; then
             echo -e "${YELLOW}[YOLO]${RESET} Running Claude in YOLO mode..."
             # Check if claude-yolo-extended is installed

package/bin/cl.js CHANGED Viewed

@@ -1,38 +1,57 @@
 #!/usr/bin/env node
 import fs from 'fs';
-import path from 'path';
 import { spawn } from 'child_process';
-import os from 'os';
-import { fileURLToPath } from 'url';
 import { showYoloActivated, showSafeActivated, showModeStatus } from './ascii-art.js';
-// Get the directory of the current module
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
+import {
+  YELLOW,
+  CYAN,
+  RESET,
+  BOLD,
+  DANGEROUS_CHARS_PATTERN,
+  STATE_FILE,
+  logError,
+  handleFatalError
+} from '../lib/constants.js';
-// ANSI color codes
-const RED = '\x1b[31m';
-const YELLOW = '\x1b[33m';
-const CYAN = '\x1b[36m';
-const GREEN = '\x1b[32m';
-const RESET = '\x1b[0m';
-const BOLD = '\x1b[1m';
-// State file path
-const stateFile = path.join(os.homedir(), '.claude_yolo_state');
-// Function to get current mode
+/**
+ * Get current mode from state file
+ * @returns {string} Current mode ('YOLO' or 'SAFE')
+ */
 function getMode() {
   try {
-    return fs.readFileSync(stateFile, 'utf8').trim();
+    return fs.readFileSync(STATE_FILE, 'utf8').trim();
   } catch {
     return 'YOLO'; // Default to YOLO mode (matches claude-yolo-extended behavior)
   }
 }
-// Function to set mode
+/**
+ * Set mode in state file
+ * @param {string} mode - Mode to set ('YOLO' or 'SAFE')
+ */
 function setMode(mode) {
-  fs.writeFileSync(stateFile, mode);
+  fs.writeFileSync(STATE_FILE, mode);
+}
+/**
+ * Validate command-line arguments for shell injection (Windows only)
+ * @param {string[]} args - Arguments to validate
+ * @returns {boolean} True if all arguments are safe
+ */
+function validateArgs(args) {
+  const isWindows = process.platform === 'win32';
+  if (!isWindows) return true; // Non-Windows uses shell:false
+  for (const arg of args) {
+    if (DANGEROUS_CHARS_PATTERN.test(arg)) {
+      logError(`Invalid characters in argument: ${arg}`);
+      console.error('Arguments cannot contain: ; & | ` $ > <');
+      return false;
+    }
+  }
+  return true;
 }
 // Get command line arguments
@@ -41,13 +60,13 @@ const args = process.argv.slice(2);
 // Handle special commands
 if (args.length > 0) {
   const command = args[0].toUpperCase();
   switch (command) {
     case '/YON':
       showYoloActivated();
       setMode('YOLO');
       console.log(`${YELLOW}✓ YOLO mode is now ON${RESET}`);
       // Auto-start with remaining args
       if (args.length > 1) {
         runClaude(args.slice(1));
@@ -55,12 +74,12 @@ if (args.length > 0) {
         runClaude([]);
       }
       break;
     case '/YOFF':
       showSafeActivated();
       setMode('SAFE');
       console.log(`${CYAN}✓ YOLO mode is now OFF (Safe mode ON)${RESET}`);
       // Auto-start with remaining args
       if (args.length > 1) {
         runClaude(args.slice(1));
@@ -68,12 +87,13 @@ if (args.length > 0) {
         runClaude([]);
       }
       break;
-    case '/STATUS':
+    case '/STATUS': {
       const mode = getMode();
       showModeStatus(mode);
       break;
+    }
     case '/HELP':
     case '/H':
     case '/?':
@@ -95,7 +115,7 @@ if (args.length > 0) {
       console.log('Your mode choice is saved in ~/.claude_yolo_state');
       console.log('and persists between terminal sessions.');
       break;
     default:
       // Run Claude with provided arguments
       runClaude(args);
@@ -105,33 +125,50 @@ if (args.length > 0) {
   runClaude([]);
 }
+/**
+ * Run Claude CLI with the given arguments in current mode
+ * @param {string[]} claudeArgs - Arguments to pass to Claude
+ */
 function runClaude(claudeArgs) {
+  // Validate arguments before running (security check for Windows shell)
+  if (!validateArgs(claudeArgs)) {
+    process.exit(1);
+  }
   const mode = getMode();
   // Show current mode
   if (mode === 'YOLO') {
     console.log(`${YELLOW}[YOLO]${RESET} Running Claude in YOLO mode...`);
   } else {
     console.log(`${CYAN}[SAFE]${RESET} Running Claude in SAFE mode...`);
   }
   // Determine which command to run
   const command = 'claude-yolo-extended';
   const commandArgs = mode === 'SAFE' ? ['--safe', ...claudeArgs] : claudeArgs;
   // Spawn the process
+  // Note: shell:false is safer (prevents command injection) but requires
+  // the command to be in PATH. On Windows, we need shell:true for .cmd files.
+  const isWindows = process.platform === 'win32';
   const child = spawn(command, commandArgs, {
     stdio: 'inherit',
-    shell: true
+    shell: isWindows // Only use shell on Windows where it's required for PATH resolution
   });
   child.on('error', (err) => {
-    console.error(`${RED}Error: Failed to start ${command}${RESET}`);
-    console.error(err.message);
-    process.exit(1);
+    handleFatalError(`Failed to start ${command}: ${err.message}`, err);
   });
-  child.on('exit', (code) => {
-    process.exit(code || 0);
+  child.on('exit', (code, signal) => {
+    if (signal) {
+      // Process was killed by signal - exit with 128 + signal number (Unix convention)
+      // Common signals: SIGTERM=15, SIGKILL=9, SIGINT=2
+      const signalCodes = { SIGTERM: 15, SIGKILL: 9, SIGINT: 2, SIGHUP: 1 };
+      const signalNum = signalCodes[signal] || 1;
+      process.exit(128 + signalNum);
+    }
+    process.exit(code ?? 0);
   });
-}
+}