npm - git-watchtower - Versions diffs - 1.5.0 → 1.6.1 - Mend

git-watchtower 1.5.0 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/git-watchtower.js +108 -8
package/package.json +1 -1

package/bin/git-watchtower.js CHANGED Viewed

@@ -77,7 +77,7 @@ const { parseGitHubPr, parseGitLabMr, parseGitHubPrList, parseGitLabMrList, isBa
 // ============================================================================
 // Security & Validation (imported from src/git/branch.js and src/git/commands.js)
 // ============================================================================
-const { isValidBranchName, sanitizeBranchName } = require('../src/git/branch');
+const { isValidBranchName, sanitizeBranchName, getGoneBranches, deleteGoneBranches } = require('../src/git/branch');
 const { isGitAvailable: checkGitAvailable } = require('../src/git/commands');
 // ============================================================================
@@ -676,17 +676,27 @@ function stopServerProcess() {
   addLog('Stopping server...', 'update');
+  // Capture reference before nulling — needed for deferred SIGKILL
+  const proc = serverProcess;
   // Try graceful shutdown first
   if (process.platform === 'win32') {
-    spawn('taskkill', ['/pid', serverProcess.pid, '/f', '/t']);
+    spawn('taskkill', ['/pid', proc.pid.toString(), '/f', '/t']);
   } else {
-    serverProcess.kill('SIGTERM');
-    // Force kill after timeout
-    setTimeout(() => {
-      if (serverProcess) {
-        serverProcess.kill('SIGKILL');
+    proc.kill('SIGTERM');
+    // Force kill after grace period if process hasn't exited
+    const forceKillTimeout = setTimeout(() => {
+      try {
+        proc.kill('SIGKILL');
+      } catch (e) {
+        // Process may already be dead
       }
     }, 3000);
+    // Clear the force-kill timer if the process exits cleanly
+    proc.once('close', () => {
+      clearTimeout(forceKillTimeout);
+    });
   }
   serverProcess = null;
@@ -796,15 +806,28 @@ const LIVE_RELOAD_SCRIPT = `
 // Utility Functions
 // ============================================================================
+// Default timeout for execAsync (30 seconds) — prevents hung git/CLI commands
+// from permanently blocking the polling loop
+const EXEC_ASYNC_TIMEOUT = 30000;
 function execAsync(command, options = {}) {
+  const { timeout = EXEC_ASYNC_TIMEOUT, ...restOptions } = options;
   return new Promise((resolve, reject) => {
-    exec(command, { cwd: PROJECT_ROOT, ...options }, (error, stdout, stderr) => {
+    const child = exec(command, { cwd: PROJECT_ROOT, timeout, ...restOptions }, (error, stdout, stderr) => {
       if (error) {
         reject({ error, stdout, stderr });
       } else {
         resolve({ stdout: stdout.trim(), stderr: stderr.trim() });
       }
     });
+    // Also kill the child if the timeout fires (exec timeout sends SIGTERM
+    // but doesn't guarantee cleanup of process trees)
+    if (timeout > 0) {
+      const killTimer = setTimeout(() => {
+        try { child.kill('SIGKILL'); } catch (e) { /* already dead */ }
+      }, timeout + 5000);
+      child.on('close', () => clearTimeout(killTimer));
+    }
   });
 }
@@ -1191,6 +1214,11 @@ function render() {
     renderer.renderErrorToast(state, write);
   }
+  // Cleanup confirmation dialog
+  if (state.cleanupConfirmMode) {
+    renderer.renderCleanupConfirm(state, write);
+  }
   // Stash confirmation dialog renders on top of everything
   if (state.stashConfirmMode) {
     renderer.renderStashConfirm(state, write);
@@ -2005,6 +2033,16 @@ const server = http.createServer((req, res) => {
   pathname = path.normalize(pathname).replace(/^(\.\.[\/\\])+/, '');
   let filePath = path.join(STATIC_DIR, pathname);
+  // Security: ensure resolved path stays within STATIC_DIR to prevent path traversal
+  const resolvedPath = path.resolve(filePath);
+  const resolvedStaticDir = path.resolve(STATIC_DIR);
+  if (!resolvedPath.startsWith(resolvedStaticDir + path.sep) && resolvedPath !== resolvedStaticDir) {
+    res.writeHead(403, { 'Content-Type': 'text/html' });
+    res.end('<h1>403 Forbidden</h1>');
+    addServerLog(`GET ${logPath} → 403 (path traversal blocked)`, true);
+    return;
+  }
   if (fs.existsSync(filePath) && fs.statSync(filePath).isDirectory()) {
     filePath = path.join(filePath, 'index.html');
   }
@@ -2329,6 +2367,59 @@ function setupKeyboardInput() {
       return; // Ignore other keys in action mode
     }
+    // Handle cleanup confirmation dialog
+    if (store.get('cleanupConfirmMode')) {
+      const cleanupBranches = store.get('cleanupBranches') || [];
+      const maxOptions = cleanupBranches.length > 0 ? 3 : 1;
+      if (key === '\u001b[A' || key === 'k') { // Up
+        const idx = store.get('cleanupSelectedIndex') || 0;
+        if (idx > 0) {
+          store.setState({ cleanupSelectedIndex: idx - 1 });
+          render();
+        }
+        return;
+      }
+      if (key === '\u001b[B' || key === 'j') { // Down
+        const idx = store.get('cleanupSelectedIndex') || 0;
+        if (idx < maxOptions - 1) {
+          store.setState({ cleanupSelectedIndex: idx + 1 });
+          render();
+        }
+        return;
+      }
+      if (key === '\r' || key === '\n') { // Enter — execute selected option
+        const idx = store.get('cleanupSelectedIndex') || 0;
+        applyUpdates(actions.closeCleanupConfirm(getActionState()));
+        render();
+        if (cleanupBranches.length === 0 || idx === maxOptions - 1) {
+          // Cancel or Close (no branches)
+          return;
+        }
+        const force = idx === 1; // 0=safe delete, 1=force delete, 2=cancel
+        addLog(`Cleaning up ${cleanupBranches.length} stale branch${cleanupBranches.length === 1 ? '' : 'es'}${force ? ' (force)' : ''}...`, 'update');
+        render();
+        const result = await deleteGoneBranches(cleanupBranches, { force });
+        for (const name of result.deleted) {
+          addLog(`Deleted branch: ${name}`, 'success');
+        }
+        for (const f of result.failed) {
+          addLog(`Failed to delete ${f.name}: ${f.error}`, 'error');
+        }
+        if (result.deleted.length > 0) {
+          addLog(`Cleaned up ${result.deleted.length} branch${result.deleted.length === 1 ? '' : 'es'}`, 'success');
+          await pollGitChanges();
+        }
+        render();
+        return;
+      }
+      if (key === '\u001b') { // Escape — cancel
+        applyUpdates(actions.closeCleanupConfirm(getActionState()));
+        render();
+        return;
+      }
+      return; // Ignore other keys in cleanup mode
+    }
     // Handle stash confirmation dialog
     if (store.get('stashConfirmMode')) {
       if (key === '\u001b[A' || key === 'k') { // Up
@@ -2565,6 +2656,15 @@ function setupKeyboardInput() {
         break;
       }
+      case 'd': { // Cleanup stale branches (remotes deleted)
+        addLog('Scanning for stale branches...', 'info');
+        render();
+        const goneBranches = await getGoneBranches();
+        applyUpdates(actions.openCleanupConfirm(actionState, goneBranches));
+        render();
+        break;
+      }
       // Number keys to set visible branch count
       case '1': case '2': case '3': case '4': case '5':
       case '6': case '7': case '8': case '9':

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "git-watchtower",
-  "version": "1.5.0",
+  "version": "1.6.1",
   "description": "Terminal-based Git branch monitor with activity sparklines and optional dev server with live reload",
   "main": "bin/git-watchtower.js",
   "bin": {