reskill 1.17.0 → 1.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/find.d.ts +1 -0
- package/dist/cli/commands/find.d.ts.map +1 -1
- package/dist/cli/commands/publish.d.ts +10 -0
- package/dist/cli/commands/publish.d.ts.map +1 -1
- package/dist/cli/index.js +36 -16
- package/dist/core/content-scanner.d.ts.map +1 -1
- package/dist/index.js +13 -0
- package/dist/scanner.js +13 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"find.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/find.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"find.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/find.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAcpC,UAAU,WAAW;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA0ED;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAwCnF;AAMD,eAAO,MAAM,WAAW,SAWH,CAAC;AAEtB,eAAe,WAAW,CAAC"}
|
|
@@ -27,6 +27,16 @@ export declare function buildPublishSkillName(name: string, registry: string, _u
|
|
|
27
27
|
* @internal Exported for testing
|
|
28
28
|
*/
|
|
29
29
|
export declare function isBlockedPublicRegistry(registryUrl: string): boolean;
|
|
30
|
+
/**
|
|
31
|
+
* Check authentication
|
|
32
|
+
*
|
|
33
|
+
* Token resolution: --token CLI flag > RESKILL_TOKEN env > ~/.reskillrc
|
|
34
|
+
*
|
|
35
|
+
* @internal Exported for testing
|
|
36
|
+
*/
|
|
37
|
+
export declare function checkAuth(registry: string, dryRun: boolean, cliToken?: string): {
|
|
38
|
+
token: string;
|
|
39
|
+
} | null;
|
|
30
40
|
/**
|
|
31
41
|
* Parse user's confirmation answer
|
|
32
42
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"publish.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/publish.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"publish.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/publish.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAuDpC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,MAAM,CAcR;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAYpE;AAqBD;;;;;;GAMG;AACH,wBAAgB,SAAS,CACvB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,OAAO,EACf,QAAQ,CAAC,EAAE,MAAM,GAChB;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAsB1B;AAkLD;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAI1D;AAoBD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,kBAAkB,CAyBnE;AA0TD,eAAO,MAAM,cAAc,SAcH,CAAC;AAEzB,eAAe,cAAc,CAAC"}
|
package/dist/cli/index.js
CHANGED
|
@@ -6579,8 +6579,15 @@ class AuthManager {
|
|
|
6579
6579
|
return;
|
|
6580
6580
|
}
|
|
6581
6581
|
const registry = resolveRegistryForSearch(options.registry);
|
|
6582
|
+
// Resolve auth token: --token flag > RESKILL_TOKEN env > ~/.reskillrc
|
|
6583
|
+
let token = options.token;
|
|
6584
|
+
if (!token) {
|
|
6585
|
+
const authManager = new AuthManager();
|
|
6586
|
+
token = authManager.getToken(registry) ?? void 0;
|
|
6587
|
+
}
|
|
6582
6588
|
const client = new RegistryClient({
|
|
6583
|
-
registry
|
|
6589
|
+
registry,
|
|
6590
|
+
token
|
|
6584
6591
|
});
|
|
6585
6592
|
try {
|
|
6586
6593
|
const { items, total } = await client.search(query, {
|
|
@@ -6600,7 +6607,7 @@ class AuthManager {
|
|
|
6600
6607
|
// ============================================================================
|
|
6601
6608
|
// Command Definition
|
|
6602
6609
|
// ============================================================================
|
|
6603
|
-
const findCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('find').alias('search').description('Search for skills in the registry').argument('<query>', 'Search query').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-l, --limit <n>', 'Maximum number of results', '10').option('-j, --json', 'Output as JSON').action(findAction);
|
|
6610
|
+
const findCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('find').alias('search').description('Search for skills in the registry').argument('<query>', 'Search query').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-l, --limit <n>', 'Maximum number of results', '10').option('-j, --json', 'Output as JSON').option('-t, --token <token>', 'Auth token for registry API requests (for CI/CD)').action(findAction);
|
|
6604
6611
|
/**
|
|
6605
6612
|
* Group path utilities — normalization, slug generation, and validation.
|
|
6606
6613
|
*
|
|
@@ -8232,6 +8239,7 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
8232
8239
|
}
|
|
8233
8240
|
},
|
|
8234
8241
|
// Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
|
|
8242
|
+
// Zero-width chars and base64 are suspicious everywhere (even inside code blocks).
|
|
8235
8243
|
{
|
|
8236
8244
|
id: 'obfuscation',
|
|
8237
8245
|
level: 'high',
|
|
@@ -8252,6 +8260,18 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
8252
8260
|
line: i + 1,
|
|
8253
8261
|
snippet: 'Suspicious base64-encoded block detected'
|
|
8254
8262
|
});
|
|
8263
|
+
return matches;
|
|
8264
|
+
}
|
|
8265
|
+
},
|
|
8266
|
+
// Rule 3b: Large HTML Comments (high) — respects safe zones (code blocks, etc.)
|
|
8267
|
+
// HTML comments inside fenced code blocks are normal code examples, not obfuscation.
|
|
8268
|
+
{
|
|
8269
|
+
id: 'obfuscation',
|
|
8270
|
+
level: 'high',
|
|
8271
|
+
message: 'Detected content obfuscation',
|
|
8272
|
+
skipSafeZones: true,
|
|
8273
|
+
check: (content)=>{
|
|
8274
|
+
const matches = [];
|
|
8255
8275
|
// Large HTML comments (>200 chars of content)
|
|
8256
8276
|
const commentRegex = /<!--([\s\S]{200,}?)-->/g;
|
|
8257
8277
|
let match;
|
|
@@ -9093,7 +9113,15 @@ class SkillValidator {
|
|
|
9093
9113
|
}
|
|
9094
9114
|
/**
|
|
9095
9115
|
* Check authentication
|
|
9096
|
-
|
|
9116
|
+
*
|
|
9117
|
+
* Token resolution: --token CLI flag > RESKILL_TOKEN env > ~/.reskillrc
|
|
9118
|
+
*
|
|
9119
|
+
* @internal Exported for testing
|
|
9120
|
+
*/ function checkAuth(registry, dryRun, cliToken) {
|
|
9121
|
+
// --token flag takes highest priority
|
|
9122
|
+
if (cliToken) return {
|
|
9123
|
+
token: cliToken
|
|
9124
|
+
};
|
|
9097
9125
|
const authManager = new AuthManager();
|
|
9098
9126
|
const token = authManager.getToken(registry);
|
|
9099
9127
|
if (!token) {
|
|
@@ -9104,7 +9132,7 @@ class SkillValidator {
|
|
|
9104
9132
|
logger_logger.error('Authentication required');
|
|
9105
9133
|
logger_logger.newline();
|
|
9106
9134
|
logger_logger.log('You must be logged in to publish skills.');
|
|
9107
|
-
logger_logger.log("Run 'reskill login' to authenticate
|
|
9135
|
+
logger_logger.log("Run 'reskill login' to authenticate, or pass --token <token>.");
|
|
9108
9136
|
process.exit(1);
|
|
9109
9137
|
}
|
|
9110
9138
|
return {
|
|
@@ -9363,7 +9391,7 @@ async function publishAction(skillPath, options) {
|
|
|
9363
9391
|
try {
|
|
9364
9392
|
// 1. Check authentication (skip for dry-run)
|
|
9365
9393
|
// Note: checkAuth exits the process if not authenticated (unless dry-run)
|
|
9366
|
-
checkAuth(registry, options.dryRun || false);
|
|
9394
|
+
const authResult = checkAuth(registry, options.dryRun || false, options.token);
|
|
9367
9395
|
// 2. Load skill
|
|
9368
9396
|
const skill = validator.loadSkill(absolutePath);
|
|
9369
9397
|
// 2.5. Check version - prompt if missing and not in --yes/--dry-run mode
|
|
@@ -9463,16 +9491,8 @@ async function publishAction(skillPath, options) {
|
|
|
9463
9491
|
return;
|
|
9464
9492
|
}
|
|
9465
9493
|
}
|
|
9466
|
-
// 10. Get auth token
|
|
9467
|
-
const
|
|
9468
|
-
const token = authManager.getToken(registry);
|
|
9469
|
-
if (!token) {
|
|
9470
|
-
logger_logger.error('Authentication required');
|
|
9471
|
-
logger_logger.newline();
|
|
9472
|
-
logger_logger.log('You must be logged in to publish skills.');
|
|
9473
|
-
logger_logger.log("Run 'reskill login' to authenticate.");
|
|
9474
|
-
process.exit(1);
|
|
9475
|
-
}
|
|
9494
|
+
// 10. Get auth token (already resolved by checkAuth in step 1)
|
|
9495
|
+
const token = authResult?.token;
|
|
9476
9496
|
// 11. Actually publish
|
|
9477
9497
|
logger_logger.newline();
|
|
9478
9498
|
logger_logger.log(`Publishing to ${registry}...`);
|
|
@@ -9528,7 +9548,7 @@ async function publishAction(skillPath, options) {
|
|
|
9528
9548
|
// ============================================================================
|
|
9529
9549
|
// Command Definition
|
|
9530
9550
|
// ============================================================================
|
|
9531
|
-
const publishCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('publish').alias('pub').description('Publish a skill to the registry').argument('[path]', 'Path to skill directory', '.').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-t, --tag <tag>', 'Git tag to publish').option('--access <level>', 'Access level: public or restricted', 'public').option('-n, --dry-run', 'Validate without publishing').option('-y, --yes', 'Skip confirmation prompts').option('-g, --group <path>', 'Publish skill into a group (e.g., "kanyun/frontend")').action(publishAction);
|
|
9551
|
+
const publishCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('publish').alias('pub').description('Publish a skill to the registry').argument('[path]', 'Path to skill directory', '.').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-t, --tag <tag>', 'Git tag to publish').option('--access <level>', 'Access level: public or restricted', 'public').option('-n, --dry-run', 'Validate without publishing').option('-y, --yes', 'Skip confirmation prompts').option('-g, --group <path>', 'Publish skill into a group (e.g., "kanyun/frontend")').option('--token <token>', 'Auth token for registry API requests (for CI/CD)').action(publishAction);
|
|
9532
9552
|
/**
|
|
9533
9553
|
* uninstall command - Uninstall one or more skills
|
|
9534
9554
|
*/ const uninstallCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('uninstall').alias('un').alias('remove').alias('rm').description('Uninstall one or more skills').argument('<skills...>', 'Skill names to uninstall').option('-g, --global', 'Uninstall from global installation (~/.claude/skills)').option('-y, --yes', 'Skip confirmation prompts').action(async (skillNames, options)=>{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"content-scanner.d.ts","sourceRoot":"","sources":["../../src/core/content-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,WAAW;IAC1B,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,oCAAoC;IACpC,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oFAAoF;IACpF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;IACvB,6EAA6E;IAC7E,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,aAAa,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC1B;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA6ErD;AAmDD,+BAA+B;AAC/B,eAAO,MAAM,aAAa,EAAE,SAAS,QAAQ,
|
|
1
|
+
{"version":3,"file":"content-scanner.d.ts","sourceRoot":"","sources":["../../src/core/content-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,WAAW;IAC1B,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,oCAAoC;IACpC,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oFAAoF;IACpF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB;IACjB,KAAK,EAAE,SAAS,CAAC;IACjB,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;IACvB,6EAA6E;IAC7E,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,aAAa,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,EAAE,CAAC;CAC1B;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA6ErD;AAmDD,+BAA+B;AAC/B,eAAO,MAAM,aAAa,EAAE,SAAS,QAAQ,EAmO5C,CAAC;AA+BF;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAa;gBAEd,OAAO,CAAC,EAAE,cAAc;IAIpC;;;OAGG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAoCjC;;;OAGG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU;CAOvC;AAMD;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;gBAErB,QAAQ,EAAE,WAAW,EAAE;CAQpC"}
|
package/dist/index.js
CHANGED
|
@@ -200,6 +200,7 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
200
200
|
}
|
|
201
201
|
},
|
|
202
202
|
// Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
|
|
203
|
+
// Zero-width chars and base64 are suspicious everywhere (even inside code blocks).
|
|
203
204
|
{
|
|
204
205
|
id: 'obfuscation',
|
|
205
206
|
level: 'high',
|
|
@@ -220,6 +221,18 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
220
221
|
line: i + 1,
|
|
221
222
|
snippet: 'Suspicious base64-encoded block detected'
|
|
222
223
|
});
|
|
224
|
+
return matches;
|
|
225
|
+
}
|
|
226
|
+
},
|
|
227
|
+
// Rule 3b: Large HTML Comments (high) — respects safe zones (code blocks, etc.)
|
|
228
|
+
// HTML comments inside fenced code blocks are normal code examples, not obfuscation.
|
|
229
|
+
{
|
|
230
|
+
id: 'obfuscation',
|
|
231
|
+
level: 'high',
|
|
232
|
+
message: 'Detected content obfuscation',
|
|
233
|
+
skipSafeZones: true,
|
|
234
|
+
check: (content)=>{
|
|
235
|
+
const matches = [];
|
|
223
236
|
// Large HTML comments (>200 chars of content)
|
|
224
237
|
const commentRegex = /<!--([\s\S]{200,}?)-->/g;
|
|
225
238
|
let match;
|
package/dist/scanner.js
CHANGED
|
@@ -167,6 +167,7 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
167
167
|
}
|
|
168
168
|
},
|
|
169
169
|
// Rule 3: Content Obfuscation (high) — scans ALL content including safe zones
|
|
170
|
+
// Zero-width chars and base64 are suspicious everywhere (even inside code blocks).
|
|
170
171
|
{
|
|
171
172
|
id: 'obfuscation',
|
|
172
173
|
level: 'high',
|
|
@@ -187,6 +188,18 @@ const SNIPPET_MAX_LENGTH = 120;
|
|
|
187
188
|
line: i + 1,
|
|
188
189
|
snippet: 'Suspicious base64-encoded block detected'
|
|
189
190
|
});
|
|
191
|
+
return matches;
|
|
192
|
+
}
|
|
193
|
+
},
|
|
194
|
+
// Rule 3b: Large HTML Comments (high) — respects safe zones (code blocks, etc.)
|
|
195
|
+
// HTML comments inside fenced code blocks are normal code examples, not obfuscation.
|
|
196
|
+
{
|
|
197
|
+
id: 'obfuscation',
|
|
198
|
+
level: 'high',
|
|
199
|
+
message: 'Detected content obfuscation',
|
|
200
|
+
skipSafeZones: true,
|
|
201
|
+
check: (content)=>{
|
|
202
|
+
const matches = [];
|
|
190
203
|
// Large HTML comments (>200 chars of content)
|
|
191
204
|
const commentRegex = /<!--([\s\S]{200,}?)-->/g;
|
|
192
205
|
let match;
|