npm - cli4ai - Versions diffs - 1.2.2 → 1.2.3 - Mend

cli4ai 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/commands/add.js CHANGED Viewed

@@ -6,10 +6,9 @@ import { resolve, dirname, join, normalize } from 'path';
 import { createInterface } from 'readline';
 import { tmpdir, platform } from 'os';
 import { spawnSync } from 'child_process';
-// Windows-safe command helpers
+// Windows compatibility: use shell: true on Windows to handle .cmd wrappers
+// This is safe because package names are validated with strict regex patterns
 const isWindows = platform() === 'win32';
-const npmCmd = isWindows ? 'npm.cmd' : 'npm';
-const tarCmd = 'tar'; // Windows 10+ has tar built-in
 import { output, outputError, log } from '../lib/cli.js';
 import { loadManifest, tryLoadManifest } from '../core/manifest.js';
 import { ensureCli4aiHome, ensureLocalDir, PACKAGES_DIR, LOCAL_PACKAGES_DIR, loadConfig } from '../core/config.js';
@@ -102,10 +101,11 @@ async function downloadFromNpm(packageName, targetDir) {
     try {
         // Use npm pack to download the tarball - using spawnSync to prevent command injection
         log(`Downloading ${packageName} from npm...`);
-        const packResult = spawnSync(npmCmd, ['pack', packageName, `--pack-destination=${tmpDir}`], {
+        const packResult = spawnSync('npm', ['pack', packageName, `--pack-destination=${tmpDir}`], {
             stdio: 'pipe',
             cwd: tmpDir,
-            encoding: 'utf-8'
+            encoding: 'utf-8',
+            shell: isWindows // Required on Windows to find npm.cmd
         });
         if (packResult.error) {
             throw new Error(`npm not found or failed to execute: ${packResult.error.message}`);
@@ -122,9 +122,10 @@ async function downloadFromNpm(packageName, targetDir) {
         // Extract the tarball using spawnSync to prevent command injection
         // Use --strip-components=1 equivalent by extracting to a subdir
         const tarPath = join(tmpDir, tarball);
-        const extractResult = spawnSync(tarCmd, ['-xzf', tarPath, '-C', tmpDir], {
+        const extractResult = spawnSync('tar', ['-xzf', tarPath, '-C', tmpDir], {
             stdio: 'pipe',
-            encoding: 'utf-8'
+            encoding: 'utf-8',
+            shell: isWindows // Required on Windows
         });
         if (extractResult.status !== 0) {
             throw new Error(`Failed to extract package: ${extractResult.stderr || 'tar extraction failed'}`);
@@ -181,9 +182,10 @@ async function installNpmDependencies(pkgPath, dependencies) {
     if (deps.length === 0)
         return;
     log(`Installing npm dependencies: ${deps.join(', ')}`);
-    const result = spawnSync(npmCmd, ['install', ...deps], {
+    const result = spawnSync('npm', ['install', ...deps], {
         cwd: pkgPath,
-        stdio: 'inherit'
+        stdio: 'inherit',
+        shell: isWindows // Required on Windows to find npm.cmd
     });
     if (result.status !== 0) {
         throw new Error(`Failed to install dependencies (exit code: ${result.status})`);

package/dist/commands/browse.js CHANGED Viewed

@@ -5,8 +5,8 @@ import { spawnSync } from 'child_process';
 import { platform } from 'os';
 import { log, outputError } from '../lib/cli.js';
 import { getNpmGlobalPackages, getGlobalPackages, getLocalPackages } from '../core/config.js';
-// Windows-safe cli4ai command (npm creates .cmd wrappers on Windows)
-const cli4aiCmd = platform() === 'win32' ? 'cli4ai.cmd' : 'cli4ai';
+// Windows compatibility
+const isWindows = platform() === 'win32';
 // ANSI codes
 const RESET = '\x1B[0m';
 const BOLD = '\x1B[1m';
@@ -331,7 +331,7 @@ async function installPackages(packages, scope) {
             if (scopeFlag)
                 addArgs.push(scopeFlag);
             addArgs.push('-y');
-            const result = spawnSync(cli4aiCmd, addArgs, { stdio: 'pipe' });
+            const result = spawnSync('cli4ai', addArgs, { stdio: 'pipe', shell: isWindows });
             clearInterval(spinner);
             if (result.status === 0) {
                 process.stderr.write(`\r  ${GREEN}✓${RESET} ${BOLD}${shortName}${RESET} installed                    \n`);

package/dist/commands/info.js CHANGED Viewed

@@ -5,8 +5,8 @@ import { resolve } from 'path';
 import { spawnSync } from 'child_process';
 import { platform } from 'os';
 import { output, outputError, log } from '../lib/cli.js';
-// Windows-safe npm command
-const npmCmd = platform() === 'win32' ? 'npm.cmd' : 'npm';
+// Windows compatibility
+const isWindows = platform() === 'win32';
 import { findPackage, loadConfig } from '../core/config.js';
 import { loadManifest, tryLoadManifest } from '../core/manifest.js';
 import { remotePackageInfo, RemoteConnectionError, RemoteApiError } from '../core/remote-client.js';
@@ -65,10 +65,11 @@ export async function infoCommand(packageName, options) {
     try {
         log(`Fetching ${scopedName} from npm...`);
         // Use spawnSync with argument array to prevent command injection
-        const result = spawnSync(npmCmd, ['view', scopedName, '--json'], {
+        const result = spawnSync('npm', ['view', scopedName, '--json'], {
             encoding: 'utf-8',
             timeout: 10000,
-            stdio: ['pipe', 'pipe', 'pipe']
+            stdio: ['pipe', 'pipe', 'pipe'],
+            shell: isWindows // Required on Windows to find npm.cmd
         });
         if (result.status === 0 && result.stdout) {
             const pkg = JSON.parse(result.stdout);

package/dist/commands/search.js CHANGED Viewed

@@ -6,8 +6,8 @@ import { resolve } from 'path';
 import { spawnSync } from 'child_process';
 import { platform } from 'os';
 import { output, outputError, log } from '../lib/cli.js';
-// Windows-safe npm command
-const npmCmd = platform() === 'win32' ? 'npm.cmd' : 'npm';
+// Windows compatibility
+const isWindows = platform() === 'win32';
 import { loadConfig, getGlobalPackages, getLocalPackages } from '../core/config.js';
 import { tryLoadManifest } from '../core/manifest.js';
 import { remoteListPackages, RemoteConnectionError, RemoteApiError } from '../core/remote-client.js';
@@ -97,18 +97,20 @@ export async function searchCommand(query, options) {
         try {
             log(`Searching npm for @cli4ai packages...`);
             // Use spawnSync with argument array to prevent command injection
-            const searchResult = spawnSync(npmCmd, ['search', `@cli4ai/${query}`, '--json'], {
+            const searchResult = spawnSync('npm', ['search', `@cli4ai/${query}`, '--json'], {
                 encoding: 'utf-8',
                 timeout: 10000,
-                stdio: ['pipe', 'pipe', 'pipe']
+                stdio: ['pipe', 'pipe', 'pipe'],
+                shell: isWindows // Required on Windows to find npm.cmd
             });
             let npmResults = searchResult.stdout || '';
             // Fallback to searching @cli4ai if specific query fails
             if (!npmResults || npmResults === '[]') {
-                const fallbackResult = spawnSync(npmCmd, ['search', '@cli4ai', '--json'], {
+                const fallbackResult = spawnSync('npm', ['search', '@cli4ai', '--json'], {
                     encoding: 'utf-8',
                     timeout: 10000,
-                    stdio: ['pipe', 'pipe', 'pipe']
+                    stdio: ['pipe', 'pipe', 'pipe'],
+                    shell: isWindows // Required on Windows to find npm.cmd
                 });
                 npmResults = fallbackResult.stdout || '[]';
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cli4ai",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "description": "The package manager for AI CLI tools - cli4ai.com",
   "type": "module",
   "bin": {