scripter-x 1.0.34 → 1.0.36

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scripter-x",
-  "version": "1.0.34",
+  "version": "1.0.36",
   "description": "ScripterX — local Flipkart session extractor (runs on your residential IP, syncs to marthunt)",
   "type": "module",
   "bin": {

package/src/commands.js

@@ -653,17 +653,32 @@ async function bigbasketAuto(io, args = {}) {
   const { RunController } = await import('./controller.js');
   const controller = new RunController({ name, provider: `tempotp-bigbasket`, requested: count });
 
-  // INCREMENTAL SAVE: append every extracted session to one JSONL the instant it lands.
+  // Optionally check My Orders per account → split NEW (0 orders) vs OLD (≥1 order).
+  const checkOrders = args.checkOrders != null ? args.checkOrders
+    : await io.confirm('check My Orders + split into new / old account files?', true);
+
+  // INCREMENTAL SAVE to a single .json array — rewritten on every success so a mid-run
+  // stop / crash never loses an account, and there's exactly ONE file (no .jsonl).
+  // With --check-orders, successes are also written to per-bucket new/old files.
   const baseDir = bigbasketBaseDir(args);
   const stamp = new Date().toISOString().replace(/[:.]/g, '-');
-  const liveFile = join(baseDir, `${name}-${stamp}.jsonl`);
+  const mainFile = join(baseDir, `${name}-${stamp}.json`);
+  const newFile = join(baseDir, `${name}-${stamp}-new.json`);
+  const oldFile = join(baseDir, `${name}-${stamp}-old.json`);
+  const collected = [];
   const onResult = (res) => {
     if (res.status !== 'success' || !res.session) return;
     mkdirSync(baseDir, { recursive: true });
-    appendFileSync(liveFile, JSON.stringify(res.session) + '\n');
+    collected.push(res.session);
+    writeFileSync(mainFile, JSON.stringify(collected, null, 2) + '\n');
+    if (checkOrders) {
+      const dest = res.session.is_new ? newFile : oldFile;
+      const bucket = collected.filter((s) => (s.is_new === true) === (res.session.is_new === true));
+      writeFileSync(dest, JSON.stringify(bucket, null, 2) + '\n');
+    }
   };
 
-  const worker = new BigBasketWorker(provider, { requested: count, concurrency, onEvent: controller.handleEvent, onResult });
+  const worker = new BigBasketWorker(provider, { requested: count, concurrency, checkOrders, onEvent: controller.handleEvent, onResult });
   controller.stop = () => worker.stop();
 
   const results = [];
@@ -690,15 +705,16 @@ async function bigbasketAuto(io, args = {}) {
 
   io.print(`  ✓ done — ${worker.stats.succeeded} succeeded · ${worker.stats.failed} failed · ${worker.stats.cancelled} cancelled · ₹${worker.stats.charges} spent`);
 
-  // Also write a combined pretty JSON array of all successes for convenience.
   const succeeded = results.filter((r) => r.status === 'success' && r.session).map((r) => r.session);
   if (succeeded.length) {
-    mkdirSync(baseDir, { recursive: true });
-    const combined = join(baseDir, `${name}-${stamp}.json`);
-    writeFileSync(combined, JSON.stringify(succeeded, null, 2) + '\n');
     io.print(`  ✓ saved ${succeeded.length} session(s):`);
-    io.print(`     ${combined}`, 'accent');
-    io.print(`     (live JSONL: ${liveFile})`, 'accent');
+    io.print(`     ${mainFile}`, 'accent');
+    if (checkOrders) {
+      const nNew = succeeded.filter((s) => s.is_new).length;
+      const nOld = succeeded.length - nNew;
+      io.print(`     ${nNew} new → ${newFile}`, 'accent');
+      io.print(`     ${nOld} old → ${oldFile}`, 'accent');
+    }
   } else {
     io.print('  ◉ no sessions extracted — nothing to save.');
   }

package/src/index.js

@@ -124,6 +124,7 @@ async function main() {
     target: flags.target, // run: 'flipkart' | 'zepto'
     number: flags.number, otp: flags.otp, cert: flags.cert, // zepto: local OTP login → ZAUTH1 envelope
     service: flags.service, // bigbasket auto: TempOTP service id (1819/1874/1919/2259)
+    checkOrders: flags['check-orders'] === true ? true : (flags['check-orders'] === false ? false : null), // bigbasket: split new/old by My Orders
     auto: flags.auto, manual: flags.manual,
     checkCoupon: flags['check-coupon'] === true ? true : (flags['check-coupon'] === false ? false : null),
     campaign: flags._[0], out: flags.out, action: flags._[0], value: flags._[1],

package/src/providers/bigbasket.js

@@ -212,6 +212,28 @@ export async function verifyOtp(session, otp) {
   return { ok: false, status: r.status, code, error };
 }
 
+// Fetch the account's order count to classify NEW (0 orders) vs OLD (≥1).
+// Primary signal is member/details.active_order_count (confirmed 200 on the native API).
+// NOTE: active_order_count counts in-progress orders; a returning customer with only
+// delivered orders can read 0 here. For freshly-extracted accounts the strongest signal is
+// the verify-time is_signup flag (a brand-new account == NEW); this call refines it. Returns
+// { count, isNew, name, email } and never throws.
+export async function getOrderCount(session) {
+  try {
+    if (session.token) session.jar.BBAUTHTOKEN = session.token;
+    await throttle.wait();
+    const r = await req(session, 'GET', '/ui-svc/v1/member/details');
+    const md = r.json?.member_details || {};
+    const count = Number(md.active_order_count ?? 0);
+    // hasOrdered: any past order at all. active_order_count>0 is a definite yes; otherwise
+    // fall back to the signup flag (a freshly-created account has never ordered).
+    const hasOrdered = count > 0 || (session.isSignup === false && !!md.email);
+    return { ok: r.status === 200, count, isNew: !hasOrdered, name: md.first_name || '', email: md.email || '' };
+  } catch {
+    return { ok: false, count: 0, isNew: session.isSignup !== false, name: '', email: '' };
+  }
+}
+
 // Step 3 (new users only) — set the name to activate the freshly-created account.
 // POST /member-tdl/v3/member/profile/ with the BBAUTHTOKEN we just got. Returns true on
 // success. Never throws — a name-set failure shouldn't discard the token.

package/src/ui/fullscreen.js

@@ -37,6 +37,9 @@ export function FullScreen({ children }) {
 // We register restore on exit + the kill signals so it runs no matter how we leave.
 export function enterAltScreen() {
   process.stdout.write('\x1b[?1049h'); // switch to alternate buffer
+  process.stdout.write('\x1b[r');        // reset scroll region to full screen (in case a prior
+                                         // session — e.g. an update-restart — left DECSTBM set,
+                                         // which would push our output to the bottom of the screen)
   process.stdout.write('\x1b[2J\x1b[H'); // clear + home
   process.stdout.write('\x1b[?25l');     // hide cursor (we draw our own ▏)
   let restored = false;
@@ -44,7 +47,10 @@ export function enterAltScreen() {
     if (restored) return;
     restored = true;
     try {
-      process.stdout.write('\x1b[?1000l\x1b[?1003l\x1b[?1006l'); // disable ALL mouse modes
+      process.stdout.write('\x1b[?1000l\x1b[?1003l\x1b[?1006l\x1b[?1015l'); // disable ALL mouse modes
+      process.stdout.write('\x1b[?2004l');  // disable bracketed-paste
+      process.stdout.write('\x1b[r');       // reset scroll region (so typed text isn't stuck at the bottom)
+      process.stdout.write('\x1b[?7h');     // restore line wrap
       process.stdout.write('\x1b[?25h');    // show cursor
       process.stdout.write('\x1b[?1049l');   // back to normal buffer (history intact)
     } catch { /* */ }

package/src/update.js

@@ -6,6 +6,7 @@
 import { execFile, spawn } from 'node:child_process';
 import { promisify } from 'node:util';
 import process from 'node:process';
+import { dirname, join } from 'node:path';
 import * as config from './config.js';
 
 const execFileP = promisify(execFile);
@@ -39,13 +40,44 @@ export async function checkForUpdate(current) {
 }
 
 // Run the global update. Returns { ok, output }.
+//
+// Robustness: a bare execFile('npm', …) frequently fails with "Command failed" because the
+// spawned process doesn't inherit the user's interactive PATH (npm/node installed via nvm,
+// homebrew, fnm, etc. live in dirs the login shell adds but a non-login spawn doesn't). We
+// run through the user's shell so `npm` resolves the same way it does in their terminal, and
+// fall back across a couple of resolutions. On failure we return the REAL stderr so the user
+// sees why (EACCES, ENOTFOUND, etc.) instead of a generic "Command failed".
 export async function runUpdate() {
-  try {
-    const { stdout, stderr } = await execFileP('npm', ['install', '-g', `${PKG}@latest`], { timeout: 120000 });
-    return { ok: true, output: (stdout + stderr).trim() };
-  } catch (e) {
-    return { ok: false, output: e.message };
+  const args = ['install', '-g', `${PKG}@latest`];
+  // 1) try a login+interactive shell so PATH matches the user's terminal exactly.
+  const shell = process.env.SHELL || '/bin/sh';
+  const attempts = [
+    () => execFileP(shell, ['-lic', `npm ${args.join(' ')}`], { timeout: 180000 }),
+    () => execFileP('npm', args, { timeout: 180000 }),                 // npm already on PATH
+    () => execFileP(process.execPath, [npmCliPath(), ...args], { timeout: 180000 }), // node + npm-cli.js
+  ];
+  let lastErr = '';
+  for (const run of attempts) {
+    try {
+      const { stdout, stderr } = await run();
+      return { ok: true, output: (stdout + stderr).trim() };
+    } catch (e) {
+      lastErr = (e.stderr || e.stdout || e.message || '').toString().trim();
+      // permission error → tell the user to use sudo (don't auto-sudo; that needs a TTY prompt)
+      if (/EACCES|permission denied/i.test(lastErr)) {
+        return { ok: false, output: `permission denied — run:  sudo npm install -g ${PKG}@latest` };
+      }
+    }
   }
+  return { ok: false, output: lastErr || 'could not run npm' };
+}
+
+// Best-effort path to npm's CLI entry (npm-cli.js) next to the running node binary, so we can
+// invoke it directly when `npm` isn't resolvable as a command.
+function npmCliPath() {
+  // node lives in <prefix>/bin/node; npm-cli.js is at <prefix>/lib/node_modules/npm/bin/npm-cli.js
+  const dir = dirname(process.execPath);
+  return join(dir, '..', 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js');
 }
 
 // Hard-reset the terminal so the freshly-spawned child inherits a CLEAN, cooked TTY.
@@ -63,10 +95,18 @@ export async function runUpdate() {
 function resetTerminal() {
   try {
     if (process.stdout.isTTY) {
-      // disable button/motion/SGR mouse modes (the source of the coordinate-code garbage)
-      process.stdout.write('\x1b[?1000l\x1b[?1003l\x1b[?1006l');
-      process.stdout.write('\x1b[?25h');     // show cursor
-      process.stdout.write('\x1b[?1049l');   // leave alt-screen → normal buffer
+      // Order matters. We must undo EVERY terminal mode the ink/fullscreen UI set, not just
+      // mouse + alt-screen — a leftover scroll region (DECSTBM) or bracketed-paste mode makes
+      // typed characters land at the bottom of the screen instead of at the prompt.
+      const w = (s) => process.stdout.write(s);
+      w('\x1b[?1000l\x1b[?1003l\x1b[?1006l\x1b[?1015l'); // disable ALL mouse modes
+      w('\x1b[?2004l');        // disable bracketed-paste mode
+      w('\x1b[r');             // reset scroll region (DECSTBM) to the full screen  ← the bottom-text fix
+      w('\x1b[?7h');           // re-enable line wrap (autowrap)
+      w('\x1b[0m');            // reset SGR (colors/attrs)
+      w('\x1b[?1049l');        // leave alt-screen → normal buffer (history intact)
+      w('\x1b[?25h');          // show cursor
+      w('\x1b[!p');            // DECSTR: soft terminal reset (restores sane default modes)
     }
   } catch { /* */ }
   try {

package/src/worker.js

@@ -773,11 +773,12 @@ export class ZeptoWorker {
 // rentOnce/startOtp(poll)/cancel. Local-first: emits res.session for incremental save;
 // server push is layered on top by the caller (onResult) when a backend is configured.
 export class BigBasketWorker {
-  constructor(provider, { requested, concurrency, deadlineMs, onEvent, onResult }) {
+  constructor(provider, { requested, concurrency, deadlineMs, checkOrders, onEvent, onResult }) {
     this.provider = provider;
     this.requested = requested;
     this.concurrency = Math.max(1, Math.min(concurrency, requested));
     this.deadlineMs = deadlineMs || (provider?.name === 'tempotp' ? TEMPOTP_DEADLINE : OTPCART_DEADLINE);
+    this.checkOrders = !!checkOrders; // classify NEW (0 orders) vs OLD (≥1) per account
     this.onEvent = onEvent || (() => {});
     this.onResult = onResult || null;
     if (provider && 'onNotice' in provider) provider.onNotice = (msg) => this.onEvent('warn', `⚠ ${msg}`);
@@ -951,9 +952,20 @@ export class BigBasketWorker {
       res.cost = number.cost;
       res.session = bigbasket.toSessionKeys(session); // { phone, bbAuthToken, mId, bbVisitorId }
       res.category = 'extracted';
+      // is_new defaults to the signup signal (brand-new account == NEW). Refine with the
+      // order check when enabled.
+      res.session.is_new = session.isSignup !== false;
+
+      if (this.checkOrders) {
+        this._emit(slot, { phase: 'minutes', detail: 'checking My Orders' });
+        const oc = await bigbasket.getOrderCount(session);
+        res.session.orderCount = oc.count;
+        res.session.is_new = oc.isNew;
+        res.category = oc.isNew ? 'fresh' : 'extracted';
+      }
 
       this._emit(slot, { phase: 'saving', detail: 'saving session' });
-      releaseOnce(true, 'extracted', true); // success: OTP consumed → no cancel
+      releaseOnce(true, res.session.is_new ? 'new account' : 'old account', true); // OTP consumed → no cancel
       return res;
     } catch (e) {
       return fail(`unexpected: ${e.message}`);