n8n-nodes-ninjapipe 0.7.0 → 0.8.0

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## 0.8.0
+- embedded the updated NinjaPipe SVG logo in both nodes
+- bumped the action node to version 5 and the trigger to version 2
+- added stronger validation for contacts, companies, deals, tasks, budgets, dates, and email format
+- added friendlier error messages for common NinjaPipe API failures
+- added company upsert by exact company name
+- added pipeline stage lookup after selecting a pipeline
+- added owner lookup support with safe fallback behavior
+- hardened advanced paths to block full URLs and path traversal
+- improved field discovery output with inferred field types
+- improved npm metadata, install docs, and update guidance

package/INSTALL.md

@@ -1,16 +1,20 @@
-# Install
+# Install n8n-nodes-ninjapipe
 
-## Install from npm in n8n
+## Community Nodes GUI
+Install:
 
-Community Nodes package name:
-
-`n8n-nodes-ninjapipe`
-
-## Local publish
+```text
+n8n-nodes-ninjapipe@0.8.0
+```
 
+## Local development
 ```bash
+cd ~/Desktop/n8n-nodes-ninjapipe
 npm install
-npm publish
+npm link
+mkdir -p ~/.n8n/custom
+cd ~/.n8n/custom
+npm init -y
+npm link n8n-nodes-ninjapipe
+n8n start
 ```
-
-After updating the package, refresh or restart n8n if the UI doesn't immediately show the new labels or icon.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Michael Hemmersbach
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,71 +1,108 @@
 # n8n-nodes-ninjapipe
 
-A clean UI community node package for NinjaPipe in n8n.
+Production-ready NinjaPipe community nodes for n8n.
 
-## Included nodes
+This package focuses on **clean UX**, **safer defaults**, and **update-friendly structure**. Instead of scattering NinjaPipe actions across many separate node variants, it keeps the package intentionally simple:
 
-- **NinjaPipe**
-- **NinjaPipe Trigger**
+- **NinjaPipe** for actions
+- **NinjaPipe Trigger** for polling-based event workflows
 
-## V7 focus
+## Highlights
 
-This package keeps the UX intentionally simple.
+- one action node and one trigger node
+- guided fields for core NinjaPipe resources
+- safer validation before requests are sent
+- friendlier error messages for common API failures
+- select boxes for pipelines, contacts, companies, projects, countries, states, currencies, and deal status
+- optional pipeline stage lookup after choosing a pipeline
+- contact upsert by email
+- company upsert by exact company name
+- custom fields as flexible repeatable entries
+- safer advanced mode with relative-path validation
+- bundled example workflows for forms and lead processing
+
+## Included resources
+
+- Contacts
+- Companies
+- Deals
+- Products
+- Projects
+- Tasks
+- Budgets
+- Lists
+- Pipelines
+- Pipeline Items
+- Invoices
+- Orders
+- Databins
+- Custom API Request
+
+## Included examples
 
-### In the action node
-Choose:
+See the `examples` folder:
 
-- **Resource**
-- **Action**
+- `databin-lead-to-contact.json`
+- `np-form-simple-contact-upsert.json`
+- `np-form-multipage-branching.json`
+- `np-form-contact-deal-task-validated.json`
 
-Then fill in only the fields that matter.
+## Install in n8n
 
-### In the trigger node
-Choose:
+### From npm in the GUI
+Install this package in **Settings → Community Nodes**:
 
-- **Source**
-- **Polling mode**
-- optional **Custom path**
+```text
+n8n-nodes-ninjapipe@0.8.0
+```
 
-## Highlights
+n8n expects community node packages to include the `n8n-community-node-package` keyword and to declare node and credential files in the `n8n` section of `package.json`. citeturn189812search0turn189812search3
 
-- one main action node
-- one trigger node
-- guided fields for core resources
-- pipeline, contact, company, and project lookups
-- deal status select box
-- country and state select boxes for DACH-friendly setups
-- custom fields as flexible entries
-- custom API request fallback
-- example workflow templates included
+### Run locally from a custom folder
+n8n loads custom nodes from `~/.n8n/custom` by default, or from paths provided via `N8N_CUSTOM_EXTENSIONS`. citeturn189812search1turn189812search12
 
-## Included workflow templates
+### Link a local development copy
+For local development, n8n documents `npm link` in the custom nodes directory. citeturn189812search4
 
-See the `examples` folder:
+## Update policy
 
-- `np-form-simple-contact-upsert.json`
-- `np-form-multipage-branching.json`
+This package follows semantic versioning so breaking changes can be released in a predictable way. npm recommends publishing updated versions using SemVer so downstream users can understand the impact of a change. citeturn189812search2turn189812search13
 
-## Install
+### Practical release rules
 
-In n8n Community Nodes, install:
+- patch = bug fixes and non-breaking improvements
+- minor = new actions or fields without breaking existing flows
+- major = breaking UI or payload changes
 
-```text
-n8n-nodes-ninjapipe
-```
+## Security notes
+
+- credentials are stored in n8n credentials, not inside workflows
+- advanced path overrides only accept **relative API paths**
+- full URLs are blocked in custom request paths
+- friendly validation runs before common create and update calls
+- custom fields remain flexible, but guided validation protects common mistakes
+
+See `SECURITY.md` for operational guidance.
 
-## Publish locally
+## Known limitations
+
+- owner and pipeline stage lookup depend on what the NinjaPipe workspace exposes through its API
+- if a workspace does not expose those endpoints, the select box may remain empty
+- in that case you can still use Additional Fields or Advanced mode for manual payload overrides
+
+## Publish
 
 ```bash
 npm install
 npm publish
 ```
 
-## Important
+## Check package contents before publishing
 
-- Replace the placeholder pipeline IDs in the workflow templates
-- Adjust custom field keys to your NinjaPipe workspace
-- Use **Create Or Update By Email** for public lead forms
+```bash
+npm pack --dry-run
+```
 
-## Docs
+## Maintainer
 
-Additional package docs live in the `docs` folder.
+Michael Hemmersbach

package/SECURITY.md

@@ -0,0 +1,20 @@
+# Security
+
+## Supported versions
+- 0.8.x
+
+## Recommendations
+- keep API keys only in n8n credentials
+- avoid raw advanced mode unless you know the exact NinjaPipe endpoint you need
+- prefer guided fields over raw JSON for production workflows
+- use patch and minor releases for routine updates and reserve major releases for breaking changes
+- test new versions with example workflows before updating production flows
+
+## Safe update workflow
+1. export critical workflows
+2. install the new package version in a staging or local instance
+3. validate contact, deal, task, and trigger flows
+4. only then update production
+
+## Reporting issues
+Report packaging, security, or data handling issues through the repository issue tracker.

package/docs/RELEASE-NOTES-0.8.0.md

@@ -0,0 +1,20 @@
+# Release Notes 0.8.0
+
+This release hardens the package for production use.
+
+## UX
+- cleaner action naming
+- pipeline stages after pipeline selection
+- owner lookups
+- clearer validation and error messages
+
+## Security
+- safe relative-path enforcement
+- blocked full URLs in advanced path inputs
+- preflight validation for common create and update actions
+
+## Update readiness
+- semver-oriented package metadata
+- explicit changelog
+- security guidance
+- node version bumps for safer future evolution