mihomo-cli 1.2.3 → 1.2.5

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## [1.2.5] - 2026-04-07
+
+### 新增功能
+
+- **update 命令**：新增 `mihomo update` 命令，执行 `npm install -g mihomo-cli` 快速更新 CLI 版本
+  - 支持别名：`update`、`upd`、`upgrade`
+
+---
+
+## [1.2.4] - 2026-04-07
+
+### 修复
+
+- **路径安全**：`getLogPathByName()` 增加 `isPathUnderDir()` 校验，防止潜在的路径遍历风险
+- **错误提示**：覆写配置文件解析失败时显示警告日志，不再静默忽略
+
+### 重构
+
+- **代码结构**：工具函数（`sleepSync`、`formatBytes`、`isProcessRunning` 等）提取到 `utils.js` 模块，简化各模块依赖
+- **命名规范**：统一函数命名为全称单数
+  - `autoUpdateStaleSubscriptions` → `autoUpdateStaleSubscription`
+  - `applyOverwrites` → `applyOverwrite`
+  - `loadOverwriteFiles` → `loadOverwriteFile`
+  - `listOverwriteFiles` → `listOverwriteFile`
+
+---
+
 ## [1.2.3] - 2026-04-07
 
 ### 优化

package/README.md

@@ -112,6 +112,7 @@ mihomo ui yacd     # YACD
 | 命令                                | 说明                                                    |
 | ----------------------------------- | ------------------------------------------------------- |
 | `mihomo kernel [镜像\|--no-mirror]` | 更新内核                                                |
+| `mihomo update`                      | 更新 mihomo-cli (npm install -g)                       |
 | `mihomo ui [zash\|dash\|yacd]`      | 打开 Web UI                                             |
 | `mihomo dir`                        | 显示数据目录位置                                        |
 | `mihomo dir open [target]`          | 打开指定目录（`root`, `subs`, `logs`, `overwrites` 等） |

package/index.js

@@ -8,6 +8,7 @@ const kernel = require('./src/kernel');
 const subscription = require('./src/subscription');
 const processMgr = require('./src/process');
 const overwrite = require('./src/overwrite');
+const utils = require('./src/utils');
 
 const VERSION = require('./package.json').version;
 
@@ -94,6 +95,7 @@ function printHelp() {
       '\n' +
       '系统:\n' +
       '  kernel [镜像|--no-mirror]    更新内核\n' +
+      '  update                       更新 mihomo-cli (npm install -g)\n' +
       '  reset [--full]               重置用户数据 (--full 同时删除内核)\n' +
       '  help, -h                     显示帮助\n' +
       '  version, -v                  显示版本\n' +
@@ -127,7 +129,7 @@ function printStatus() {
   const status = processMgr.getStatus();
   const info = config.getConfigInfo();
   const owEnabled = overwrite.isOverwriteEnabled();
-  const owFiles = overwrite.listOverwriteFiles().files;
+  const owFiles = overwrite.listOverwriteFile().files;
   const activeSub = getActiveSubscription();
 
   console.log('');
@@ -221,32 +223,6 @@ function pickSingleSubscription(subs, pattern) {
   process.exit(1);
 }
 
-function hasFlag(args, short, long) {
-  return args && (args.includes(short) || args.includes(long));
-}
-
-function parseIntArg(args, short, long, defaultValue) {
-  if (!args) return defaultValue;
-  for (let i = 0; i < args.length; i++) {
-    if (args[i] === short || args[i] === long) {
-      if (i + 1 < args.length) {
-        const val = parseInt(args[i + 1]);
-        return isNaN(val) ? defaultValue : val;
-      }
-    }
-  }
-  return defaultValue;
-}
-
-function getNonFlagArg(args, startIdx) {
-  if (!args) return null;
-  for (let i = startIdx; i < args.length; i++) {
-    if (!args[i].startsWith('-')) {
-      return args[i];
-    }
-  }
-  return null;
-}
 
 function openLogFile(logPath, label) {
   const displayLabel = label || logPath;
@@ -305,7 +281,7 @@ async function cmdStart(args) {
     process.exit(1);
   }
 
-  await subscription.autoUpdateStaleSubscriptions();
+  await subscription.autoUpdateStaleSubscription();
 
   // 每次 start 都先确保完全干净的状态（停止进程 + 清理运行时文件）
   const status = processMgr.getStatus();
@@ -390,7 +366,7 @@ function cmdUI(args) {
 function cmdLog(args) {
   const logPath = processMgr.getLogPath();
 
-  if (hasFlag(args, '-o', '--open')) {
+  if (utils.hasFlag(args, '-o', '--open')) {
     openLogFile(logPath);
     return;
   }
@@ -399,9 +375,9 @@ function cmdLog(args) {
 }
 
 function cmdLogs(args) {
-  const targetName = getNonFlagArg(args, 1);
-  const lines = parseIntArg(args, '-n', '--lines', 100);
-  const openInViewer = hasFlag(args, '-o', '--open');
+  const targetName = utils.getNonFlagArg(args, 1);
+  const lines = utils.parseIntArg(args, '-n', '--lines', 100);
+  const openInViewer = utils.hasFlag(args, '-o', '--open');
 
   if (targetName) {
     let logPath;
@@ -466,8 +442,8 @@ function cmdLogs(args) {
       archiveCounter++;
       num = archiveCounter < 10 ? ' ' + archiveCounter : '' + archiveCounter;
     }
-    const time = subscription.formatDate(log.mtime);
-    const size = subscription.formatBytes(log.size);
+    const time = utils.formatDate(log.mtime);
+    const size = utils.formatBytes(log.size);
     const name = log.isCurrent ? 'mihomo.log (当前运行中)' : log.name;
 
     console.log(' ' + num + '. ' + name);
@@ -586,7 +562,7 @@ async function cmdKernel(args) {
 }
 
 async function printSubscriptionList() {
-  const updateResult = await subscription.autoUpdateStaleSubscriptions();
+  const updateResult = await subscription.autoUpdateStaleSubscription();
   if (updateResult.total > 0) {
     console.log('');
   }
@@ -601,7 +577,7 @@ async function printSubscriptionList() {
   }
   console.log('订阅列表:');
   subs.forEach((s, i) => {
-    const time = subscription.formatDate(s.updated_at);
+    const time = utils.formatDate(s.updated_at);
     const defaultMark = i === 0 ? ' [默认]' : '';
     const interval = s.update_interval || subscription.DEFAULT_UPDATE_INTERVAL_HOURS;
     console.log('  ' + (i + 1) + '. ' + s.name + defaultMark);
@@ -612,8 +588,8 @@ async function printSubscriptionList() {
     }
     if (s.download !== undefined || s.total !== undefined) {
       const used = (s.upload || 0) + (s.download || 0);
-      const usedStr = subscription.formatBytes(used);
-      const totalStr = subscription.formatBytes(s.total);
+      const usedStr = utils.formatBytes(used);
+      const totalStr = utils.formatBytes(s.total);
       let percentStr = '';
       if (s.total && s.total > 0) {
         const percent = Math.min((used / s.total) * 100, 100);
@@ -622,7 +598,7 @@ async function printSubscriptionList() {
       console.log('    流量: ' + usedStr + ' / ' + totalStr + percentStr);
     }
     if (s.expire !== undefined) {
-      console.log('    到期: ' + subscription.formatTimestamp(s.expire));
+      console.log('    到期: ' + utils.formatTimestamp(s.expire));
     }
     if (s.web_page_url) {
       console.log('    页面: ' + s.web_page_url);
@@ -811,6 +787,27 @@ async function cmdSubscription(args) {
   process.exit(1);
 }
 
+function cmdUpdate() {
+  console.log('更新 mihomo-cli...');
+  console.log('');
+
+  const npm = spawn('npm', ['install', '-g', 'mihomo-cli'], { stdio: 'inherit' });
+
+  npm.on('close', code => {
+    if (code === 0) {
+      console.log('');
+      console.log('更新完成');
+    } else {
+      process.exit(code);
+    }
+  });
+
+  npm.on('error', e => {
+    console.error('执行失败: ' + e.message);
+    process.exit(1);
+  });
+}
+
 async function cmdReset(args) {
   const fullReset = args && (args.includes('--full') || args.includes('-f'));
   const skipConfirm = args && (args.includes('--yes') || args.includes('-y'));
@@ -853,7 +850,7 @@ async function cmdReset(args) {
 }
 
 function printOverwriteList() {
-  const info = overwrite.listOverwriteFiles();
+  const info = overwrite.listOverwriteFile();
   console.log('状态: ' + (info.enabled ? '已启用' : '已禁用'));
   console.log('目录: ' + info.dir);
   console.log('');
@@ -1059,6 +1056,11 @@ async function main() {
     case 'kernel':
       await cmdKernel(args);
       break;
+    case 'upd':
+    case 'update':
+    case 'upgrade':
+      cmdUpdate();
+      break;
     case 'sub':
     case 'subscription':
     case 'subscriptions':

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mihomo-cli",
-  "version": "1.2.3",
+  "version": "1.2.5",
   "description": "A terminal-based mihomo (Clash.Meta) client for macOS",
   "main": "index.js",
   "bin": {

package/src/config.js

@@ -315,7 +315,7 @@ function buildConfig(subRawContent, mode) {
   const overwrite = require('./overwrite');
 
   // 应用覆写配置
-  const withOverwrites = overwrite.applyOverwrites(baseConfig);
+  const withOverwrites = overwrite.applyOverwrite(baseConfig);
 
   // 合并 BASE_CONFIG（优先级高于覆写）
   const merged = { ...withOverwrites, ...BASE_CONFIG };

package/src/overwrite.js

@@ -171,7 +171,7 @@ function setOverwriteEnabled(enabled) {
  * 读取 overwrites 目录下的所有 yaml 文件
  * 按文件名排序返回
  */
-function loadOverwriteFiles() {
+function loadOverwriteFile() {
   const dir = getOverwritesDir();
 
   if (!fs.existsSync(dir)) {
@@ -197,7 +197,7 @@ function loadOverwriteFiles() {
         });
       }
     } catch (e) {
-      // 忽略解析错误的文件
+      console.warn('警告: 覆写文件 "' + file + '" 解析失败: ' + e.message);
     }
   }
 
@@ -207,12 +207,12 @@ function loadOverwriteFiles() {
 /**
  * 应用所有覆写配置到基础配置
  */
-function applyOverwrites(baseConfig) {
+function applyOverwrite(baseConfig) {
   if (!isOverwriteEnabled()) {
     return baseConfig;
   }
 
-  const overwriteFiles = loadOverwriteFiles();
+  const overwriteFiles = loadOverwriteFile();
 
   if (overwriteFiles.length === 0) {
     return baseConfig;
@@ -230,8 +230,8 @@ function applyOverwrites(baseConfig) {
 /**
  * 列出覆写文件信息
  */
-function listOverwriteFiles() {
-  const files = loadOverwriteFiles();
+function listOverwriteFile() {
+  const files = loadOverwriteFile();
   const enabled = isOverwriteEnabled();
   const dir = getOverwritesDir();
 
@@ -249,6 +249,6 @@ function listOverwriteFiles() {
 module.exports = {
   isOverwriteEnabled,
   setOverwriteEnabled,
-  applyOverwrites,
-  listOverwriteFiles,
+  applyOverwrite,
+  listOverwriteFile,
 };

package/src/process.js

@@ -2,11 +2,7 @@ const fs = require('fs');
 const path = require('path');
 const { spawn, execSync } = require('child_process');
 const config = require('./config');
-
-const _sharedBuf = new Int32Array(new SharedArrayBuffer(4));
-function sleepSync(ms) {
-  Atomics.wait(_sharedBuf, 0, 0, ms);
-}
+const utils = require('./utils');
 
 function clearRuntime() {
   if (fs.existsSync(config.DIRS.runtime)) {
@@ -27,21 +23,9 @@ function getPid() {
   }
 }
 
-function isProcessRunning(pid) {
-  if (!pid) return false;
-  try {
-    const output = execSync('ps -p ' + pid + ' -o pid= 2>/dev/null || true', {
-      encoding: 'utf8',
-    }).trim();
-    return output.length > 0;
-  } catch (e) {
-    return false;
-  }
-}
-
 function isRunning() {
   const pid = getPid();
-  return pid ? isProcessRunning(pid) : false;
+  return pid ? utils.isProcessRunning(pid) : false;
 }
 
 function getAllMihomoPids() {
@@ -61,17 +45,6 @@ function getAllMihomoPids() {
   }
 }
 
-function isProcessRoot(pid) {
-  try {
-    const uidOutput = execSync('ps -p ' + pid + ' -o uid= 2>/dev/null || true', {
-      encoding: 'utf8',
-    }).trim();
-    return uidOutput === '0';
-  } catch (e) {
-    return false;
-  }
-}
-
 function isPidFileOwnedByRoot() {
   if (!fs.existsSync(config.PATHS.pidFile)) {
     return false;
@@ -86,7 +59,7 @@ function isPidFileOwnedByRoot() {
 
 function checkStaleState() {
   const allPids = getAllMihomoPids();
-  const hasRootProcess = allPids.some(p => isProcessRoot(p));
+  const hasRootProcess = allPids.some(p => utils.isProcessRoot(p));
   const hasRootPidFile = isPidFileOwnedByRoot();
 
   return {
@@ -184,7 +157,7 @@ function cleanupAll(forceSudo) {
     return { killed: 0, failed: 0, remaining: [] };
   }
 
-  const hasRootProcess = pids.some(p => isProcessRoot(p));
+  const hasRootProcess = pids.some(p => utils.isProcessRoot(p));
   const hasRootPidFile = isPidFileOwnedByRoot();
   const needsSudo = hasRootProcess;
   const allowSudo = forceSudo || hasRootProcess || hasRootPidFile;
@@ -216,7 +189,7 @@ function cleanupAll(forceSudo) {
 
   for (let i = 0; i < 50; i++) {
     if (getAllMihomoPids().length === 0) break;
-    sleepSync(100);
+    utils.sleepSync(100);
   }
 
   clearPid();
@@ -306,7 +279,7 @@ function getProcessInfo(pid) {
       pid,
       memory: rss ? (rss / 1024).toFixed(1) + ' MB' : '未知',
       cpu: pcpu ? pcpu.toFixed(1) + '%' : '未知',
-      isRoot: isProcessRoot(pid),
+      isRoot: utils.isProcessRoot(pid),
     };
   } catch (e) {
     return { pid, memory: '未知', cpu: '未知', isRoot: false };
@@ -606,6 +579,12 @@ function listLogs() {
   return result;
 }
 
+function isPathUnderDir(filePath, baseDir) {
+  const resolvedPath = path.resolve(filePath);
+  const resolvedBase = path.resolve(baseDir);
+  return resolvedPath === resolvedBase || resolvedPath.startsWith(resolvedBase + path.sep);
+}
+
 function getLogPathByName(name) {
   const logsDir = config.DIRS.logs;
 
@@ -619,16 +598,19 @@ function getLogPathByName(name) {
   }
 
   const filePath = path.join(logsDir, targetName);
-  if (fs.existsSync(filePath)) {
+  if (fs.existsSync(filePath) && isPathUnderDir(filePath, logsDir)) {
     return filePath;
   }
 
-  // 尝试模糊匹配
+  // 尝试模糊匹配（readdirSync 返回的文件名已是安全的，但为了一致性仍校验）
   if (fs.existsSync(logsDir)) {
     const files = fs.readdirSync(logsDir);
     for (const file of files) {
       if (file.includes(name)) {
-        return path.join(logsDir, file);
+        const candidatePath = path.join(logsDir, file);
+        if (isPathUnderDir(candidatePath, logsDir)) {
+          return candidatePath;
+        }
       }
     }
   }

package/src/subscription.js

@@ -1,5 +1,4 @@
 const axios = require('axios');
-const yaml = require('js-yaml');
 const config = require('./config');
 
 const DEFAULT_UPDATE_INTERVAL_HOURS = 12;
@@ -38,35 +37,6 @@ function parseUsernameFromContentDisposition(header) {
   return parts[parts.length - 1] || null;
 }
 
-function formatBytes(bytes) {
-  if (bytes === undefined || bytes === null) return '未知';
-  if (bytes === 0) return '0 B';
-  const k = 1024;
-  const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
-  const i = Math.floor(Math.log(bytes) / Math.log(k));
-  return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];
-}
-
-function formatTimestamp(ts) {
-  if (!ts) return '未知';
-  try {
-    return new Date(ts * 1000).toLocaleString('zh-CN');
-  } catch {
-    return '未知';
-  }
-}
-
-function formatDate(dateOrIso) {
-  if (!dateOrIso) return '未知';
-  try {
-    const d = dateOrIso instanceof Date ? dateOrIso : new Date(dateOrIso);
-    if (isNaN(d.getTime())) return '未知';
-    return d.toLocaleString('zh-CN');
-  } catch {
-    return '未知';
-  }
-}
-
 function formatProxySummary(info) {
   const parts = [];
   if (info && info.proxyGroups > 0) parts.push(info.proxyGroups + ' 组');
@@ -178,7 +148,7 @@ async function tryUpdateOne(sub) {
   }
 }
 
-async function autoUpdateStaleSubscriptions() {
+async function autoUpdateStaleSubscription() {
   const allSubs = config.getSubscriptionsWithCache();
   const staleSubs = allSubs.filter(needsAutoUpdate);
 
@@ -217,10 +187,7 @@ module.exports = {
   DEFAULT_UPDATE_INTERVAL_HOURS,
   downloadSubscription,
   prepareConfigForStart,
-  formatBytes,
-  formatTimestamp,
-  formatDate,
   formatProxySummary,
   tryUpdateOne,
-  autoUpdateStaleSubscriptions,
+  autoUpdateStaleSubscription,
 };

package/src/utils.js

@@ -0,0 +1,101 @@
+const { execSync } = require('child_process');
+
+const _sleepBuf = new Int32Array(1);
+
+function sleepSync(ms) {
+  Atomics.wait(_sleepBuf, 0, 0, ms);
+}
+
+function formatBytes(bytes) {
+  if (bytes === undefined || bytes === null) return '未知';
+  const num = Number(bytes);
+  if (isNaN(num) || num < 0) return '未知';
+  if (num === 0) return '0 B';
+  const k = 1024;
+  const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
+  const i = Math.floor(Math.log(num) / Math.log(k));
+  return parseFloat((num / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];
+}
+
+function formatTimestamp(ts) {
+  if (ts === undefined || ts === null) return '未知';
+  try {
+    return new Date(ts * 1000).toLocaleString('zh-CN');
+  } catch {
+    return '未知';
+  }
+}
+
+function formatDate(dateOrIso) {
+  if (dateOrIso === undefined || dateOrIso === null) return '未知';
+  try {
+    const d = dateOrIso instanceof Date ? dateOrIso : new Date(dateOrIso);
+    if (isNaN(d.getTime())) return '未知';
+    return d.toLocaleString('zh-CN');
+  } catch {
+    return '未知';
+  }
+}
+
+function hasFlag(args, short, long) {
+  return args && (args.includes(short) || args.includes(long));
+}
+
+function parseIntArg(args, short, long, defaultValue) {
+  if (!args) return defaultValue;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === short || args[i] === long) {
+      if (i + 1 < args.length) {
+        const val = parseInt(args[i + 1]);
+        return isNaN(val) ? defaultValue : val;
+      }
+    }
+  }
+  return defaultValue;
+}
+
+function getNonFlagArg(args, startIdx) {
+  if (!args) return null;
+  for (let i = startIdx; i < args.length; i++) {
+    if (!args[i].startsWith('-')) {
+      return args[i];
+    }
+  }
+  return null;
+}
+
+function isProcessRunning(pid) {
+  if (!pid) return false;
+  try {
+    const output = execSync('ps -p ' + pid + ' -o pid= 2>/dev/null || true', {
+      encoding: 'utf8',
+    }).trim();
+    return output.length > 0;
+  } catch (e) {
+    return false;
+  }
+}
+
+function isProcessRoot(pid) {
+  if (!pid) return false;
+  try {
+    const uidOutput = execSync('ps -p ' + pid + ' -o uid= 2>/dev/null || true', {
+      encoding: 'utf8',
+    }).trim();
+    return uidOutput === '0';
+  } catch (e) {
+    return false;
+  }
+}
+
+module.exports = {
+  sleepSync,
+  formatBytes,
+  formatTimestamp,
+  formatDate,
+  hasFlag,
+  parseIntArg,
+  getNonFlagArg,
+  isProcessRunning,
+  isProcessRoot,
+};