openclaw-plugin-vt-sentinel 0.8.3 → 0.8.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -7
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -145,11 +145,15 @@ function generateUpdateCommands(opts) {
|
|
|
145
145
|
return lines.join('\n');
|
|
146
146
|
}
|
|
147
147
|
const stateDir = opts.stateDir;
|
|
148
|
-
// Escape double quotes in paths to prevent shell injection via OPENCLAW_STATE_DIR
|
|
149
|
-
const escapeForShell = (s) => s.replace(/"/g, '\\"');
|
|
150
148
|
const extDir = path.join(stateDir, 'extensions', PACKAGE_NAME);
|
|
151
|
-
const quotedExtDir = `"${escapeForShell(extDir)}"`;
|
|
152
149
|
const configPath = path.join(stateDir, 'openclaw.json');
|
|
150
|
+
// Shell quoting helpers:
|
|
151
|
+
// Single-quote for bash (no expansion at all): handle embedded ' via '\''
|
|
152
|
+
const singleQuote = (s) => "'" + s.replace(/'/g, "'\\''") + "'";
|
|
153
|
+
// Double-quote for shell: escape \, ", $, ` (all chars bash expands inside "")
|
|
154
|
+
const doubleQuote = (s) => '"' + s.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/\$/g, '\\$').replace(/`/g, '\\`') + '"';
|
|
155
|
+
// For JS string inside shell double-quoted node -e: escape \, ", ', $, `
|
|
156
|
+
const jsInShellDq = (s) => s.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/'/g, "\\'").replace(/\$/g, '\\$').replace(/`/g, '\\`');
|
|
153
157
|
const lines = [];
|
|
154
158
|
lines.push(`Upgrade: v${opts.currentVersion} → v${opts.latestVersion}`);
|
|
155
159
|
lines.push('');
|
|
@@ -167,15 +171,15 @@ function generateUpdateCommands(opts) {
|
|
|
167
171
|
lines.push('In that case, replace step 2 with:');
|
|
168
172
|
lines.push('');
|
|
169
173
|
lines.push(` 2a. Remove the extension directory:`);
|
|
170
|
-
lines.push(` rm -rf ${
|
|
171
|
-
lines.push(` rmdir /s /q ${
|
|
174
|
+
lines.push(` rm -rf ${singleQuote(extDir)} (Linux/macOS)`);
|
|
175
|
+
lines.push(` rmdir /s /q ${doubleQuote(extDir.replace(/\//g, '\\\\'))} (Windows)`);
|
|
172
176
|
lines.push('');
|
|
173
177
|
lines.push(` 2b. Back up and clean the stale install entry (preserves your config):`);
|
|
174
178
|
// Generate a safe node -e script for config cleanup.
|
|
175
179
|
// Only deletes plugins.installs (stale install metadata), NOT plugins.entries (user config with apiKey etc.).
|
|
176
180
|
// Tries json5 parser first (likely available as openclaw dependency), falls back to JSON.parse.
|
|
177
|
-
|
|
178
|
-
const cleanupScript = `node -e "const fs=require('fs'),p='${
|
|
181
|
+
// All interpolated paths are escaped for shell double-quote context ($, `, \, ").
|
|
182
|
+
const cleanupScript = `node -e "const fs=require('fs'),p='${jsInShellDq(configPath)}';try{const b=fs.readFileSync(p,'utf8');fs.writeFileSync(p+'.bak',b);const P=(()=>{try{return require('json5').parse}catch{return JSON.parse}})();const c=P(b);if(c.plugins&&c.plugins.installs){delete c.plugins.installs['${PACKAGE_NAME}'];}fs.writeFileSync(p,JSON.stringify(c,null,2));console.log('Config cleaned (backup: '+p+'.bak)')}catch(e){console.error('Failed: '+e.message+'. Manually remove ${PACKAGE_NAME} from plugins.installs in '+p);process.exit(1)}"`;
|
|
179
183
|
lines.push(` ${cleanupScript}`);
|
|
180
184
|
lines.push('');
|
|
181
185
|
lines.push(` 2c. Reinstall:`);
|
package/package.json
CHANGED