npm - infynon - Versions diffs - 0.2.4 → 0.2.6 - Mend

infynon 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,10 +1,10 @@
 {
     "name":  "infynon",
-    "version":  "0.2.4",
+    "version":  "0.2.6",
     "description":  "Thin npm installer for the proprietary INFYNON CLI binary releases.",
     "bin":  {
                 "infynon":  "run.js",
-                "infynon-pkg":  "run.js"
+                "infynon-pkg":  "run-pkg.js"
             },
     "scripts":  {
                     "postinstall":  "node postinstall.js",
@@ -13,6 +13,7 @@
     "files":  [
                   "LICENSE",
                   "run.js",
+                  "run-pkg.js",
                   "postinstall.js",
                   "preuninstall.js"
               ],

package/postinstall.js CHANGED Viewed

@@ -1,14 +1,18 @@
 #!/usr/bin/env node
 "use strict";
+const crypto = require("crypto");
 const https = require("https");
 const fs = require("fs");
 const path = require("path");
+const { spawnSync } = require("child_process");
 const REPO = "d4rkNinja/infynon-cli";
 const VERSION = require("./package.json").version;
 const BIN_DIR = path.join(__dirname, "bin");
 const BIN_PATH = path.join(BIN_DIR, process.platform === "win32" ? "infynon.exe" : "infynon");
+const TEMP_BIN_PATH = BIN_PATH + ".download-" + process.pid;
+const TEMP_CHECKSUMS_PATH = BIN_PATH + ".checksums-" + process.pid + ".txt";
 function getTarget() {
   if (process.platform === "win32" && process.arch === "x64") return { target: "x86_64-pc-windows-msvc", ext: ".exe" };
@@ -22,14 +26,24 @@ function getTarget() {
 function downloadFile(url, dest, redirects) {
   redirects = redirects === undefined ? 0 : redirects;
   if (redirects > 5) {
-    throw new Error("Too many redirects while downloading binary");
+    return Promise.reject(new Error("Too many redirects while downloading binary"));
   }
   return new Promise(function (resolve, reject) {
     https
       .get(url, { headers: { "User-Agent": "infynon-npm-installer" } }, function (res) {
-        if (res.statusCode === 301 || res.statusCode === 302) {
-          return downloadFile(res.headers.location, dest, redirects + 1)
+        if (res.statusCode >= 300 && res.statusCode < 400) {
+          res.resume();
+          if (!res.headers.location) {
+            return reject(new Error("Redirect response did not include a Location header"));
+          }
+          let nextUrl;
+          try {
+            nextUrl = new URL(res.headers.location, url).toString();
+          } catch (err) {
+            return reject(err);
+          }
+          return downloadFile(nextUrl, dest, redirects + 1)
             .then(resolve)
             .catch(reject);
         }
@@ -47,6 +61,12 @@ function downloadFile(url, dest, redirects) {
         file.on("finish", function () {
           file.close(resolve);
         });
+        res.on("error", function (err) {
+          file.close(function () {
+            fs.unlink(dest, function () {});
+            reject(err);
+          });
+        });
         res.pipe(file);
       })
       .on("error", function (err) {
@@ -56,6 +76,62 @@ function downloadFile(url, dest, redirects) {
   });
 }
+function removeQuietly(filePath) {
+  try {
+    fs.rmSync(filePath, { force: true });
+  } catch (_) {}
+}
+function checksumForAsset(checksumsText, assetName) {
+  const lines = checksumsText.split(/\r?\n/);
+  for (const line of lines) {
+    const match = line.match(/^([a-fA-F0-9]{64})\s+[* ]?(.+)$/);
+    if (!match) continue;
+    if (path.basename(match[2].trim()) === assetName) {
+      return match[1].toLowerCase();
+    }
+  }
+  throw new Error("checksums.txt does not include " + assetName);
+}
+function sha256File(filePath) {
+  return crypto.createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
+}
+function verifyChecksum(checksumsPath, filePath, assetName) {
+  const expected = checksumForAsset(fs.readFileSync(checksumsPath, "utf8"), assetName);
+  const actual = sha256File(filePath);
+  if (actual !== expected) {
+    throw new Error("SHA-256 mismatch for " + assetName);
+  }
+}
+function verifyBinary() {
+  const result = spawnSync(BIN_PATH, ["--version"], {
+    encoding: "utf8",
+    windowsHide: true,
+  });
+  if (result.error) {
+    throw new Error("Downloaded binary is not executable: " + result.error.message);
+  }
+  if (result.status !== 0) {
+    const detail = (result.stderr || result.stdout || "").trim();
+    throw new Error(
+      "Downloaded binary failed verification" +
+      (detail ? ": " + detail : " with exit code " + result.status)
+    );
+  }
+  const versionFields = String((result.stdout || "") + " " + (result.stderr || ""))
+    .trim()
+    .split(/\s+/)
+    .map(function (field) {
+      return field.replace(/^v/, "");
+    });
+  if (versionFields.indexOf(VERSION) === -1) {
+    throw new Error("Downloaded binary did not report version " + VERSION);
+  }
+}
 async function main() {
   const info = getTarget();
@@ -70,6 +146,7 @@ async function main() {
   const tag = "v" + VERSION;
   const assetName = "infynon-" + info.target + info.ext;
   const url = "https://github.com/" + REPO + "/releases/download/" + tag + "/" + assetName;
+  const checksumsUrl = "https://github.com/" + REPO + "/releases/download/" + tag + "/checksums.txt";
   if (!fs.existsSync(BIN_DIR)) {
     fs.mkdirSync(BIN_DIR, { recursive: true });
@@ -78,17 +155,36 @@ async function main() {
   console.log("[infynon] Downloading " + assetName + " from " + tag + " release...");
   try {
-    await downloadFile(url, BIN_PATH);
+    removeQuietly(TEMP_BIN_PATH);
+    removeQuietly(TEMP_CHECKSUMS_PATH);
+    await downloadFile(url, TEMP_BIN_PATH);
+    await downloadFile(checksumsUrl, TEMP_CHECKSUMS_PATH);
+    verifyChecksum(TEMP_CHECKSUMS_PATH, TEMP_BIN_PATH, assetName);
+    removeQuietly(BIN_PATH);
+    fs.renameSync(TEMP_BIN_PATH, BIN_PATH);
   } catch (err) {
+    removeQuietly(TEMP_BIN_PATH);
+    removeQuietly(TEMP_CHECKSUMS_PATH);
     console.error("[infynon] Download failed: " + err.message);
     console.error("[infynon] Manual install: https://github.com/" + REPO + "/releases/tag/" + tag);
     process.exit(1);
+  } finally {
+    removeQuietly(TEMP_CHECKSUMS_PATH);
   }
   if (process.platform !== "win32") {
     fs.chmodSync(BIN_PATH, 0o755);
   }
+  try {
+    verifyBinary();
+  } catch (err) {
+    removeQuietly(BIN_PATH);
+    console.error("[infynon] Binary verification failed: " + err.message);
+    console.error("[infynon] Reinstall after the release asset is corrected: npm install -g infynon");
+    process.exit(1);
+  }
   console.log("[infynon] Installed successfully. Run: infynon --help");
 }

package/preuninstall.js CHANGED Viewed

@@ -3,54 +3,9 @@
 const fs = require("fs");
 const path = require("path");
-const os = require("os");
-// Mirror the same path logic as src/firewall/config.rs → config_dir()
-const INFYNON_DIR = path.join(os.homedir(), ".infynon");
+const BIN_DIR = path.join(__dirname, "bin");
-// Files/dirs managed by infynon that live outside the npm package
-const MANAGED_PATHS = [
-  { p: path.join(INFYNON_DIR, "infynon.toml"),    label: "firewall config" },
-  { p: path.join(INFYNON_DIR, "eagle-eye.toml"),  label: "eagle eye config" },
-  { p: path.join(INFYNON_DIR, "access.jsonl"),    label: "access log" },
-  { p: path.join(INFYNON_DIR, "blocked.jsonl"),   label: "blocked log" },
-  { p: path.join(INFYNON_DIR, "sbom.json"),       label: "SBOM" },
-];
-console.log("\n[infynon] Cleaning up...\n");
-let removed = 0;
-for (const { p, label } of MANAGED_PATHS) {
-  if (fs.existsSync(p)) {
-    try {
-      fs.rmSync(p, { force: true });
-      console.log("  removed  " + label + " (" + p + ")");
-      removed++;
-    } catch (err) {
-      console.warn("  skipped  " + label + " — " + err.message);
-    }
-  }
-}
-// Remove ~/.infynon/ itself if it is now empty
-if (fs.existsSync(INFYNON_DIR)) {
-  try {
-    const remaining = fs.readdirSync(INFYNON_DIR);
-    if (remaining.length === 0) {
-      fs.rmdirSync(INFYNON_DIR);
-      console.log("  removed  ~/.infynon/ directory");
-    } else {
-      console.log(
-        "  kept     ~/.infynon/ — " + remaining.length +
-        " user file(s) remain: " + remaining.join(", ")
-      );
-    }
-  } catch (_) {}
-}
-if (removed === 0) {
-  console.log("  nothing to clean up.\n");
-} else {
-  console.log("\n[infynon] Clean uninstall complete.\n");
+if (fs.existsSync(BIN_DIR)) {
+  fs.rmSync(BIN_DIR, { recursive: true, force: true });
 }

package/run-pkg.js ADDED Viewed

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+"use strict";
+process.argv.splice(2, 0, "pkg");
+require("./run.js");

package/run.js CHANGED Viewed

@@ -20,13 +20,31 @@ if (!fs.existsSync(BIN_PATH)) {
   process.exit(1);
 }
-const result = spawnSync(BIN_PATH, process.argv.slice(2), {
-  stdio: "inherit",
-  windowsHide: false,
-});
+function runBinary(args) {
+  if (process.platform === "win32") {
+    const estimatedLength = BIN_PATH.length + args.reduce(function (total, arg) {
+      return total + String(arg).length + 3;
+    }, 0);
+    if (estimatedLength > 30000) {
+      return {
+        error: new Error("command line is too long for Windows process creation; reduce arguments or use file-based package-manager input"),
+      };
+    }
+  }
+  return spawnSync(BIN_PATH, args, {
+    stdio: "inherit",
+    windowsHide: false,
+  });
+}
+const result = runBinary(process.argv.slice(2));
 if (result.error) {
   console.error("[infynon] Failed to run binary:", result.error.message);
+  if (process.platform === "win32" && result.error.code === "UNKNOWN") {
+    console.error("[infynon] The installed Windows binary could not be executed.");
+    console.error("[infynon] Reinstall to download and verify a fresh release asset: npm install -g infynon");
+  }
   process.exit(1);
 }