openclaw-plugin-vt-sentinel 0.8.2 → 0.8.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +15 -9
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -145,11 +145,15 @@ function generateUpdateCommands(opts) {
|
|
|
145
145
|
return lines.join('\n');
|
|
146
146
|
}
|
|
147
147
|
const stateDir = opts.stateDir;
|
|
148
|
-
// Escape double quotes in paths to prevent shell injection via OPENCLAW_STATE_DIR
|
|
149
|
-
const escapeForShell = (s) => s.replace(/"/g, '\\"');
|
|
150
148
|
const extDir = path.join(stateDir, 'extensions', PACKAGE_NAME);
|
|
151
|
-
const quotedExtDir = `"${escapeForShell(extDir)}"`;
|
|
152
149
|
const configPath = path.join(stateDir, 'openclaw.json');
|
|
150
|
+
// Shell quoting helpers:
|
|
151
|
+
// Single-quote for bash (no expansion at all): handle embedded ' via '\''
|
|
152
|
+
const singleQuote = (s) => "'" + s.replace(/'/g, "'\\''") + "'";
|
|
153
|
+
// Double-quote for shell: escape \, ", $, ` (all chars bash expands inside "")
|
|
154
|
+
const doubleQuote = (s) => '"' + s.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/\$/g, '\\$').replace(/`/g, '\\`') + '"';
|
|
155
|
+
// For JS string inside shell double-quoted node -e: escape \, ', $, `
|
|
156
|
+
const jsInShellDq = (s) => s.replace(/\\/g, '\\\\').replace(/'/g, "\\'").replace(/\$/g, '\\$').replace(/`/g, '\\`');
|
|
153
157
|
const lines = [];
|
|
154
158
|
lines.push(`Upgrade: v${opts.currentVersion} → v${opts.latestVersion}`);
|
|
155
159
|
lines.push('');
|
|
@@ -167,13 +171,15 @@ function generateUpdateCommands(opts) {
|
|
|
167
171
|
lines.push('In that case, replace step 2 with:');
|
|
168
172
|
lines.push('');
|
|
169
173
|
lines.push(` 2a. Remove the extension directory:`);
|
|
170
|
-
lines.push(` rm -rf ${
|
|
171
|
-
lines.push(` rmdir /s /q ${
|
|
174
|
+
lines.push(` rm -rf ${singleQuote(extDir)} (Linux/macOS)`);
|
|
175
|
+
lines.push(` rmdir /s /q ${doubleQuote(extDir.replace(/\//g, '\\\\'))} (Windows)`);
|
|
172
176
|
lines.push('');
|
|
173
|
-
lines.push(` 2b. Back up and clean the
|
|
174
|
-
// Generate a safe node -e script for config cleanup
|
|
175
|
-
|
|
176
|
-
|
|
177
|
+
lines.push(` 2b. Back up and clean the stale install entry (preserves your config):`);
|
|
178
|
+
// Generate a safe node -e script for config cleanup.
|
|
179
|
+
// Only deletes plugins.installs (stale install metadata), NOT plugins.entries (user config with apiKey etc.).
|
|
180
|
+
// Tries json5 parser first (likely available as openclaw dependency), falls back to JSON.parse.
|
|
181
|
+
// All interpolated paths are escaped for shell double-quote context ($, `, \, ").
|
|
182
|
+
const cleanupScript = `node -e "const fs=require('fs'),p='${jsInShellDq(configPath)}';try{const b=fs.readFileSync(p,'utf8');fs.writeFileSync(p+'.bak',b);const P=(()=>{try{return require('json5').parse}catch{return JSON.parse}})();const c=P(b);if(c.plugins&&c.plugins.installs){delete c.plugins.installs['${PACKAGE_NAME}'];}fs.writeFileSync(p,JSON.stringify(c,null,2));console.log('Config cleaned (backup: '+p+'.bak)')}catch(e){console.error('Failed: '+e.message+'. Manually remove ${PACKAGE_NAME} from plugins.installs in '+p);process.exit(1)}"`;
|
|
177
183
|
lines.push(` ${cleanupScript}`);
|
|
178
184
|
lines.push('');
|
|
179
185
|
lines.push(` 2c. Reinstall:`);
|
package/package.json
CHANGED