npm - nothumanallowed - Versions diffs - 13.5.130 → 13.5.131 - Mend

nothumanallowed 13.5.130 → 13.5.131

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "13.5.130",
+  "version": "13.5.131",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs CHANGED Viewed

@@ -5308,8 +5308,14 @@ module.exports = { validateEmail, sanitizeText, validatePassword, validateUserna
           let pkg = {};
           try { pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8')); } catch(_) {}
           if (!pkg.dependencies) pkg.dependencies = {};
+          // Remove server-side deps that can't run in sandbox
           delete pkg.dependencies.pg;
           delete pkg.dependencies.ioredis;
+          delete pkg.dependencies['pg-pool'];
+          delete pkg.dependencies.redis;
+          delete pkg.dependencies.mongoose;
+          delete pkg.dependencies.mysql2;
+          delete pkg.dependencies.sequelize;
           // Force known-good versions — LLM often generates non-existent patch versions
           pkg.dependencies.express = '^4.19.0';
           pkg.dependencies.bcryptjs = '^2.4.3';
@@ -5320,10 +5326,63 @@ module.exports = { validateEmail, sanitizeText, validatePassword, validateUserna
           pkg.dependencies.dotenv = '^16.4.0';
           pkg.dependencies.nodemailer = '^6.9.0';
           pkg.dependencies['express-validator'] = '^7.0.1';
+          // Auto-detect any require('pkg') in server JS files and add missing deps
+          const KNOWN_VERSIONS = {
+            'xss-clean': '^0.1.4', 'morgan': '^1.10.0', 'compression': '^1.7.4',
+            'multer': '^1.4.5-lts.1', 'uuid': '^9.0.0', 'axios': '^1.6.0',
+            'lodash': '^4.17.21', 'moment': '^2.30.1', 'dayjs': '^1.11.10',
+            'joi': '^17.12.0', 'zod': '^3.22.4', 'yup': '^1.3.3',
+            'stripe': '^14.21.0', 'passport': '^0.7.0', 'passport-local': '^1.0.0',
+            'passport-jwt': '^4.0.1', 'cookie-parser': '^1.4.6', 'body-parser': '^1.20.2',
+            'express-session': '^1.18.0', 'connect-flash': '^0.1.1', 'method-override': '^3.0.0',
+            'serve-static': '^1.15.0', 'path': '0.12.7', 'crypto': '^1.0.1',
+            'sanitize-html': '^2.12.0', 'dompurify': '^3.0.9', 'validator': '^13.11.0',
+            'express-mongo-sanitize': '^2.2.0', 'hpp': '^0.2.3', 'xss': '^1.0.14',
+            'winston': '^3.12.0', 'pino': '^8.19.0', 'chalk': '^5.3.0',
+            'socket.io': '^4.7.4', 'ws': '^8.16.0', 'ejs': '^3.1.9', 'pug': '^3.0.2',
+            'handlebars': '^4.7.8', 'nunjucks': '^3.2.4', 'sharp': '^0.33.3',
+            'qrcode': '^1.5.3', 'pdf-lib': '^1.17.1',
+          };
+          const NODE_BUILTINS = new Set(['fs','path','os','crypto','http','https','net','url','util',
+            'events','stream','buffer','child_process','process','querystring','readline','assert',
+            'zlib','dns','tls','cluster','worker_threads','perf_hooks','vm','v8','module',
+            'string_decoder','timers','punycode','domain','console','sys']);
+          function scanRequires(dir) {
+            const found = new Set();
+            const walk = (d) => {
+              let entries;
+              try { entries = fs.readdirSync(d, { withFileTypes: true }); } catch { return; }
+              for (const e of entries) {
+                if (e.name === 'node_modules' || e.name.startsWith('.')) continue;
+                const full = path.join(d, e.name);
+                if (e.isDirectory()) { walk(full); continue; }
+                if (!e.name.endsWith('.js') && !e.name.endsWith('.mjs') && !e.name.endsWith('.cjs')) continue;
+                let src;
+                try { src = fs.readFileSync(full, 'utf8'); } catch { continue; }
+                const re = /require\s*\(\s*['"]([^'"./][^'"]*)['"]\s*\)/g;
+                let m;
+                while ((m = re.exec(src)) !== null) {
+                  const pkg2 = m[1].startsWith('@') ? m[1].split('/').slice(0,2).join('/') : m[1].split('/')[0];
+                  if (!NODE_BUILTINS.has(pkg2)) found.add(pkg2);
+                }
+              }
+            };
+            walk(dir);
+            return found;
+          }
+          const detected = scanRequires(sandboxDir);
+          const missing = [];
+          for (const mod of detected) {
+            if (!pkg.dependencies[mod] && !pkg.devDependencies?.[mod]) {
+              pkg.dependencies[mod] = KNOWN_VERSIONS[mod] || 'latest';
+              missing.push(mod);
+            }
+          }
+          if (missing.length > 0) sendLog('🔍 Dipendenze auto-rilevate e aggiunte: ' + missing.join(', '));
           pkg.scripts = pkg.scripts || {};
           pkg.scripts.start = 'node server/index.js';
           fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2), 'utf8');
-          sendLog('📦 package.json ottimizzato per sandbox (rimosso pg, redis)');
+          sendLog('📦 package.json ottimizzato per sandbox (rimosso pg/redis, auto-scan require)');
           // Create minimal .env for sandbox
           const envContent = [

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '13.5.130';
+export const VERSION = '13.5.131';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';