llm-cli-gateway 1.17.6 → 1.17.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +73 -0
- package/dist/index.d.ts +36 -0
- package/dist/index.js +278 -3
- package/dist/upstream-contracts.js +71 -3
- package/npm-shrinkwrap.json +4359 -0
- package/package.json +5 -3
- package/socket.yml +5 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-cli-gateway",
|
|
3
|
-
"version": "1.17.
|
|
3
|
+
"version": "1.17.8",
|
|
4
4
|
"mcpName": "io.github.verivus-oss/llm-cli-gateway",
|
|
5
5
|
"description": "MCP server providing unified access to Claude Code, Codex, Gemini, Grok, and Mistral Vibe CLIs with session management, retry logic, async job orchestration, durable job results, and cross-LLM validation.",
|
|
6
6
|
"license": "MIT",
|
|
@@ -46,6 +46,7 @@
|
|
|
46
46
|
"dist/**/*.js",
|
|
47
47
|
"dist/**/*.d.ts",
|
|
48
48
|
"!dist/__tests__/**",
|
|
49
|
+
"npm-shrinkwrap.json",
|
|
49
50
|
"setup/status.schema.json",
|
|
50
51
|
"README.md",
|
|
51
52
|
"CHANGELOG.md",
|
|
@@ -79,7 +80,7 @@
|
|
|
79
80
|
"format": "prettier --write 'src/**/*.ts'",
|
|
80
81
|
"format:check": "prettier --check 'src/**/*.ts'",
|
|
81
82
|
"security:audit": "bash scripts/release-security-audit.sh",
|
|
82
|
-
"check": "npm run build && npm run lint && npm test && npm run security:audit",
|
|
83
|
+
"check": "npm run build && npm run lint && npm run format:check && npm test && npm run security:audit",
|
|
83
84
|
"release:build": "bash installer/build-release.sh",
|
|
84
85
|
"release:checksums": "cd installer/dist && sha256sum --check SHA256SUMS",
|
|
85
86
|
"release:docker": "docker compose -f docker/personal.compose.yml build"
|
|
@@ -119,7 +120,8 @@
|
|
|
119
120
|
},
|
|
120
121
|
"overrides": {
|
|
121
122
|
"type-is": "2.0.1",
|
|
122
|
-
"content-type": "1.0.5"
|
|
123
|
+
"content-type": "1.0.5",
|
|
124
|
+
"tar-stream": "3.1.7"
|
|
123
125
|
},
|
|
124
126
|
"directories": {
|
|
125
127
|
"doc": "docs"
|
package/socket.yml
CHANGED
|
@@ -25,6 +25,11 @@ version: 2
|
|
|
25
25
|
# imported or called from upstream-contracts.ts. The wording now uses
|
|
26
26
|
# "remote retrieval" to avoid that heuristic.
|
|
27
27
|
#
|
|
28
|
+
# Transitive tar-stream@2.2.0 (better-sqlite3 → prebuild-install → tar-fs)
|
|
29
|
+
# triggered Socket "Potential vulnerability" (tar path traversal at install
|
|
30
|
+
# only). v1.17.7+ overrides tar-stream to 3.1.7 and blocks 2.x in the
|
|
31
|
+
# release security audit.
|
|
32
|
+
#
|
|
28
33
|
# shellAccess
|
|
29
34
|
# This alert fires on every module that imports node:child_process, and
|
|
30
35
|
# because spawning provider CLIs and git is the entire purpose of the package
|