npm - cli4ai - Versions diffs - 1.2.1 → 1.2.2 - Mend

cli4ai 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/commands/add.js CHANGED Viewed

@@ -4,8 +4,12 @@
 import { existsSync, symlinkSync, mkdirSync, cpSync, rmSync, readdirSync, unlinkSync, lstatSync } from 'fs';
 import { resolve, dirname, join, normalize } from 'path';
 import { createInterface } from 'readline';
-import { tmpdir } from 'os';
+import { tmpdir, platform } from 'os';
 import { spawnSync } from 'child_process';
+// Windows-safe command helpers
+const isWindows = platform() === 'win32';
+const npmCmd = isWindows ? 'npm.cmd' : 'npm';
+const tarCmd = 'tar'; // Windows 10+ has tar built-in
 import { output, outputError, log } from '../lib/cli.js';
 import { loadManifest, tryLoadManifest } from '../core/manifest.js';
 import { ensureCli4aiHome, ensureLocalDir, PACKAGES_DIR, LOCAL_PACKAGES_DIR, loadConfig } from '../core/config.js';
@@ -98,7 +102,7 @@ async function downloadFromNpm(packageName, targetDir) {
     try {
         // Use npm pack to download the tarball - using spawnSync to prevent command injection
         log(`Downloading ${packageName} from npm...`);
-        const packResult = spawnSync('npm', ['pack', packageName, `--pack-destination=${tmpDir}`], {
+        const packResult = spawnSync(npmCmd, ['pack', packageName, `--pack-destination=${tmpDir}`], {
             stdio: 'pipe',
             cwd: tmpDir,
             encoding: 'utf-8'
@@ -118,7 +122,7 @@ async function downloadFromNpm(packageName, targetDir) {
         // Extract the tarball using spawnSync to prevent command injection
         // Use --strip-components=1 equivalent by extracting to a subdir
         const tarPath = join(tmpDir, tarball);
-        const extractResult = spawnSync('tar', ['-xzf', tarPath, '-C', tmpDir], {
+        const extractResult = spawnSync(tarCmd, ['-xzf', tarPath, '-C', tmpDir], {
             stdio: 'pipe',
             encoding: 'utf-8'
         });
@@ -161,7 +165,8 @@ async function downloadFromNpm(packageName, targetDir) {
  */
 function checkCliTool(name) {
     try {
-        const result = spawnSync('which', [name], { stdio: 'pipe' });
+        const cmd = isWindows ? 'where' : 'which';
+        const result = spawnSync(cmd, [name], { stdio: 'pipe' });
         return result.status === 0;
     }
     catch {
@@ -176,7 +181,7 @@ async function installNpmDependencies(pkgPath, dependencies) {
     if (deps.length === 0)
         return;
     log(`Installing npm dependencies: ${deps.join(', ')}`);
-    const result = spawnSync('npm', ['install', ...deps], {
+    const result = spawnSync(npmCmd, ['install', ...deps], {
         cwd: pkgPath,
         stdio: 'inherit'
     });

package/dist/commands/browse.js CHANGED Viewed

@@ -2,8 +2,11 @@
  * cli4ai browse - Interactive package browser
  */
 import { spawnSync } from 'child_process';
+import { platform } from 'os';
 import { log, outputError } from '../lib/cli.js';
 import { getNpmGlobalPackages, getGlobalPackages, getLocalPackages } from '../core/config.js';
+// Windows-safe cli4ai command (npm creates .cmd wrappers on Windows)
+const cli4aiCmd = platform() === 'win32' ? 'cli4ai.cmd' : 'cli4ai';
 // ANSI codes
 const RESET = '\x1B[0m';
 const BOLD = '\x1B[1m';
@@ -328,7 +331,7 @@ async function installPackages(packages, scope) {
             if (scopeFlag)
                 addArgs.push(scopeFlag);
             addArgs.push('-y');
-            const result = spawnSync('cli4ai', addArgs, { stdio: 'pipe' });
+            const result = spawnSync(cli4aiCmd, addArgs, { stdio: 'pipe' });
             clearInterval(spinner);
             if (result.status === 0) {
                 process.stderr.write(`\r  ${GREEN}✓${RESET} ${BOLD}${shortName}${RESET} installed                    \n`);

package/dist/commands/info.js CHANGED Viewed

@@ -3,7 +3,10 @@
  */
 import { resolve } from 'path';
 import { spawnSync } from 'child_process';
+import { platform } from 'os';
 import { output, outputError, log } from '../lib/cli.js';
+// Windows-safe npm command
+const npmCmd = platform() === 'win32' ? 'npm.cmd' : 'npm';
 import { findPackage, loadConfig } from '../core/config.js';
 import { loadManifest, tryLoadManifest } from '../core/manifest.js';
 import { remotePackageInfo, RemoteConnectionError, RemoteApiError } from '../core/remote-client.js';
@@ -62,7 +65,7 @@ export async function infoCommand(packageName, options) {
     try {
         log(`Fetching ${scopedName} from npm...`);
         // Use spawnSync with argument array to prevent command injection
-        const result = spawnSync('npm', ['view', scopedName, '--json'], {
+        const result = spawnSync(npmCmd, ['view', scopedName, '--json'], {
             encoding: 'utf-8',
             timeout: 10000,
             stdio: ['pipe', 'pipe', 'pipe']

package/dist/commands/search.js CHANGED Viewed

@@ -4,7 +4,10 @@
 import { readdirSync, existsSync } from 'fs';
 import { resolve } from 'path';
 import { spawnSync } from 'child_process';
+import { platform } from 'os';
 import { output, outputError, log } from '../lib/cli.js';
+// Windows-safe npm command
+const npmCmd = platform() === 'win32' ? 'npm.cmd' : 'npm';
 import { loadConfig, getGlobalPackages, getLocalPackages } from '../core/config.js';
 import { tryLoadManifest } from '../core/manifest.js';
 import { remoteListPackages, RemoteConnectionError, RemoteApiError } from '../core/remote-client.js';
@@ -94,7 +97,7 @@ export async function searchCommand(query, options) {
         try {
             log(`Searching npm for @cli4ai packages...`);
             // Use spawnSync with argument array to prevent command injection
-            const searchResult = spawnSync('npm', ['search', `@cli4ai/${query}`, '--json'], {
+            const searchResult = spawnSync(npmCmd, ['search', `@cli4ai/${query}`, '--json'], {
                 encoding: 'utf-8',
                 timeout: 10000,
                 stdio: ['pipe', 'pipe', 'pipe']
@@ -102,7 +105,7 @@ export async function searchCommand(query, options) {
             let npmResults = searchResult.stdout || '';
             // Fallback to searching @cli4ai if specific query fails
             if (!npmResults || npmResults === '[]') {
-                const fallbackResult = spawnSync('npm', ['search', '@cli4ai', '--json'], {
+                const fallbackResult = spawnSync(npmCmd, ['search', '@cli4ai', '--json'], {
                     encoding: 'utf-8',
                     timeout: 10000,
                     stdio: ['pipe', 'pipe', 'pipe']

package/dist/core/config.js CHANGED Viewed

@@ -2,7 +2,7 @@
  * Global cli4ai configuration (~/.cli4ai/)
  */
 import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, lstatSync, realpathSync, openSync, closeSync, unlinkSync, renameSync } from 'fs';
-import { resolve, join, normalize } from 'path';
+import { resolve, join, normalize, sep } from 'path';
 import { homedir } from 'os';
 import { outputError, log } from '../lib/cli.js';
 // ═══════════════════════════════════════════════════════════════════════════
@@ -36,7 +36,7 @@ function validateSymlinkTarget(symlinkPath) {
         // Check if the real path is within a safe prefix
         const isSafe = SAFE_SYMLINK_PREFIXES.some(prefix => {
             const normalizedPrefix = normalize(prefix);
-            return normalizedRealPath.startsWith(normalizedPrefix + '/') ||
+            return normalizedRealPath.startsWith(normalizedPrefix + sep) ||
                 normalizedRealPath === normalizedPrefix;
         });
         if (!isSafe) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cli4ai",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "The package manager for AI CLI tools - cli4ai.com",
   "type": "module",
   "bin": {