skrypt-ai 0.4.2 → 0.5.0

package/dist/auth/index.d.ts

@@ -1,4 +1,4 @@
-interface AuthConfig {
+export interface AuthConfig {
     apiKey?: string;
     email?: string;
     plan?: 'free' | 'pro';
@@ -11,9 +11,19 @@ interface PlanCheckResponse {
     expiresAt?: string;
     error?: string;
 }
+/**
+ * Sync auth config reader — checks env var and auth file only (no keychain).
+ * Use getAuthConfigAsync() when keychain access is needed.
+ */
 export declare function getAuthConfig(): AuthConfig;
-export declare function saveAuthConfig(config: AuthConfig): void;
-export declare function clearAuth(): void;
+/**
+ * Async auth config reader — checks env var → keychain → auth file.
+ * This is the preferred method for all command actions.
+ */
+export declare function getAuthConfigAsync(): Promise<AuthConfig>;
+export declare function saveAuthConfig(config: AuthConfig): Promise<void>;
+export declare function clearAuth(): Promise<void>;
+export declare function getKeyStorageMethod(): Promise<'keychain' | 'file' | 'env' | 'none'>;
 export declare function checkPlan(apiKey: string): Promise<PlanCheckResponse>;
 export declare function requirePro(commandName: string): Promise<boolean>;
 export declare const PRO_COMMANDS: string[];

package/dist/auth/index.js

@@ -1,10 +1,57 @@
-import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync } from 'fs';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync, unlinkSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
-const CONFIG_DIR = join(homedir(), '.skrypt');
+import { keychainStore, keychainRetrieve, keychainDelete } from './keychain.js';
+const homeDir = homedir();
+if (!homeDir) {
+    throw new Error('Could not determine home directory');
+}
+const CONFIG_DIR = join(homeDir, '.skrypt');
 const AUTH_FILE = join(CONFIG_DIR, 'auth.json');
 const API_BASE = process.env.SKRYPT_API_URL || 'https://api.skrypt.sh';
+/**
+ * Sync auth config reader — checks env var and auth file only (no keychain).
+ * Use getAuthConfigAsync() when keychain access is needed.
+ */
 export function getAuthConfig() {
+    if (process.env.SKRYPT_API_KEY) {
+        const fileMeta = readAuthFile();
+        return {
+            apiKey: process.env.SKRYPT_API_KEY,
+            email: fileMeta.email,
+            plan: fileMeta.plan,
+            expiresAt: fileMeta.expiresAt,
+        };
+    }
+    return readAuthFile();
+}
+/**
+ * Async auth config reader — checks env var → keychain → auth file.
+ * This is the preferred method for all command actions.
+ */
+export async function getAuthConfigAsync() {
+    if (process.env.SKRYPT_API_KEY) {
+        const fileMeta = readAuthFile();
+        return {
+            apiKey: process.env.SKRYPT_API_KEY,
+            email: fileMeta.email,
+            plan: fileMeta.plan,
+            expiresAt: fileMeta.expiresAt,
+        };
+    }
+    const keychainKey = await keychainRetrieve();
+    if (keychainKey) {
+        const fileMeta = readAuthFile();
+        return {
+            apiKey: keychainKey,
+            email: fileMeta.email,
+            plan: fileMeta.plan,
+            expiresAt: fileMeta.expiresAt,
+        };
+    }
+    return readAuthFile();
+}
+function readAuthFile() {
     if (!existsSync(AUTH_FILE)) {
         return {};
     }
@@ -15,16 +62,49 @@ export function getAuthConfig() {
         return {};
     }
 }
-export function saveAuthConfig(config) {
+export async function saveAuthConfig(config) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-    writeFileSync(AUTH_FILE, JSON.stringify(config, null, 2));
+    let keyInKeychain = false;
+    if (config.apiKey) {
+        keyInKeychain = await keychainStore(config.apiKey);
+    }
+    // Write metadata to file (omit key if stored in keychain)
+    const fileConfig = {
+        email: config.email,
+        plan: config.plan,
+        expiresAt: config.expiresAt,
+    };
+    if (!keyInKeychain && config.apiKey) {
+        fileConfig.apiKey = config.apiKey;
+    }
+    // Write with restrictive permissions from the start
+    const content = JSON.stringify(fileConfig, null, 2);
+    writeFileSync(AUTH_FILE, content, { mode: 0o600 });
     chmodSync(AUTH_FILE, 0o600);
 }
-export function clearAuth() {
+export async function clearAuth() {
+    await keychainDelete();
     if (existsSync(AUTH_FILE)) {
-        writeFileSync(AUTH_FILE, '{}');
+        try {
+            unlinkSync(AUTH_FILE);
+        }
+        catch {
+            // Fallback: overwrite with empty
+            writeFileSync(AUTH_FILE, '{}', { mode: 0o600 });
+        }
     }
 }
+export async function getKeyStorageMethod() {
+    if (process.env.SKRYPT_API_KEY)
+        return 'env';
+    const keychainKey = await keychainRetrieve();
+    if (keychainKey)
+        return 'keychain';
+    const fileConfig = readAuthFile();
+    if (fileConfig.apiKey)
+        return 'file';
+    return 'none';
+}
 export async function checkPlan(apiKey) {
     try {
         const response = await fetch(`${API_BASE}/v1/plan`, {
@@ -36,14 +116,19 @@ export async function checkPlan(apiKey) {
         if (!response.ok) {
             return { valid: false, plan: 'free', email: '', error: 'Invalid API key' };
         }
-        return await response.json();
+        const data = await response.json();
+        // Validate response shape
+        if (typeof data.valid !== 'boolean' || typeof data.email !== 'string') {
+            return { valid: false, plan: 'free', email: '', error: 'Invalid API response' };
+        }
+        return data;
     }
     catch {
         return { valid: false, plan: 'free', email: '', error: 'Failed to connect to API' };
     }
 }
 export async function requirePro(commandName) {
-    const config = getAuthConfig();
+    const config = await getAuthConfigAsync();
     if (!config.apiKey) {
         console.error(`\n  ⚡ ${commandName} requires Skrypt Pro\n`);
         console.error('  Get started:');
@@ -71,7 +156,7 @@ export async function requirePro(commandName) {
         return false;
     }
     // Cache the result for 1 hour
-    saveAuthConfig({
+    await saveAuthConfig({
         ...config,
         plan: result.plan,
         email: result.email,

package/dist/auth/keychain.d.ts

@@ -0,0 +1,5 @@
+export declare function keychainAvailable(): Promise<boolean>;
+export declare function keychainStore(key: string): Promise<boolean>;
+export declare function keychainRetrieve(): Promise<string | null>;
+export declare function keychainDelete(): Promise<boolean>;
+export declare function getKeychainPlatformName(): string;

package/dist/auth/keychain.js

@@ -0,0 +1,82 @@
+const SERVICE_NAME = 'skrypt';
+const ACCOUNT_NAME = 'api-key';
+let keyringLoadPromise = null;
+async function loadKeyring() {
+    // Use a shared promise to prevent race conditions — only one import attempt
+    if (keyringLoadPromise)
+        return keyringLoadPromise;
+    keyringLoadPromise = doLoadKeyring();
+    return keyringLoadPromise;
+}
+async function doLoadKeyring() {
+    try {
+        // Dynamic import — @napi-rs/keyring is an optional dependency.
+        // Using indirect import to avoid TypeScript compile error for missing module.
+        const moduleName = '@napi-rs/keyring';
+        const mod = await import(/* webpackIgnore: true */ moduleName);
+        return mod;
+    }
+    catch {
+        return null;
+    }
+}
+export async function keychainAvailable() {
+    const mod = await loadKeyring();
+    if (!mod)
+        return false;
+    try {
+        const entry = new mod.Entry(SERVICE_NAME, ACCOUNT_NAME);
+        // Actually test that keychain is functional by attempting a read
+        entry.getPassword();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function keychainStore(key) {
+    const mod = await loadKeyring();
+    if (!mod)
+        return false;
+    try {
+        const entry = new mod.Entry(SERVICE_NAME, ACCOUNT_NAME);
+        entry.setPassword(key);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function keychainRetrieve() {
+    const mod = await loadKeyring();
+    if (!mod)
+        return null;
+    try {
+        const entry = new mod.Entry(SERVICE_NAME, ACCOUNT_NAME);
+        const password = entry.getPassword();
+        return password || null;
+    }
+    catch {
+        return null;
+    }
+}
+export async function keychainDelete() {
+    const mod = await loadKeyring();
+    if (!mod)
+        return false;
+    try {
+        const entry = new mod.Entry(SERVICE_NAME, ACCOUNT_NAME);
+        entry.deletePassword();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function getKeychainPlatformName() {
+    switch (process.platform) {
+        case 'darwin': return 'macOS Keychain';
+        case 'win32': return 'Windows Credential Manager';
+        default: return 'system keyring (libsecret)';
+    }
+}

package/dist/auth/notices.d.ts

@@ -0,0 +1,3 @@
+export declare function hasSeenNotice(id: string): boolean;
+export declare function markNoticeSeen(id: string): void;
+export declare function showSecurityNotice(): void;

package/dist/auth/notices.js

@@ -0,0 +1,42 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+const CONFIG_DIR = join(homedir(), '.skrypt');
+const NOTICES_FILE = join(CONFIG_DIR, 'notices.json');
+function loadNotices() {
+    if (!existsSync(NOTICES_FILE))
+        return { seen: {} };
+    try {
+        return JSON.parse(readFileSync(NOTICES_FILE, 'utf-8'));
+    }
+    catch {
+        return { seen: {} };
+    }
+}
+function saveNotices(state) {
+    mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    writeFileSync(NOTICES_FILE, JSON.stringify(state, null, 2));
+}
+export function hasSeenNotice(id) {
+    const state = loadNotices();
+    return id in state.seen;
+}
+export function markNoticeSeen(id) {
+    const state = loadNotices();
+    state.seen[id] = new Date().toISOString();
+    saveNotices(state);
+}
+export function showSecurityNotice() {
+    if (hasSeenNotice('security-v1'))
+        return;
+    console.log('');
+    console.log('  \x1b[36m🔒 Security Notice\x1b[0m');
+    console.log('');
+    console.log('  Your API keys are stored locally and never sent to Skrypt.');
+    console.log('  When using your own keys (OPENAI_API_KEY, etc.), LLM calls');
+    console.log('  go directly to the provider — they never touch our servers.');
+    console.log('');
+    console.log('  Run \x1b[1mskrypt security\x1b[0m for full details.');
+    console.log('');
+    markNoticeSeen('security-v1');
+}

package/dist/autofix/index.js

@@ -137,13 +137,20 @@ function extractCode(response, language) {
     const genericMatch = response.match(/```\w*\n([\s\S]*?)\n```/);
     if (genericMatch?.[1])
         return genericMatch[1].trim();
-    // Try to find code without block
+    // Try to find code without block — only accept if it looks like actual code
     const lines = response.split('\n');
     const codeLines = lines.filter(line => {
         const trimmed = line.trim();
         return trimmed && !trimmed.startsWith('#') && !trimmed.startsWith('//');
     });
-    return codeLines.length > 0 ? codeLines.join('\n') : null;
+    if (codeLines.length === 0)
+        return null;
+    const joined = codeLines.join('\n');
+    // Require at least some code-like tokens to avoid returning prose as code
+    const codeTokens = /[=(){}[\];:,]|def |class |function |const |let |var |import |from |return /;
+    if (!codeTokens.test(joined))
+        return null;
+    return joined;
 }
 /**
  * Batch auto-fix multiple examples
@@ -212,7 +219,7 @@ export function createPythonValidator() {
             const { randomUUID } = await import('crypto');
             // Use crypto.randomUUID() to avoid timestamp collisions
             const tempFile = join(tmpdir(), `autofix_${randomUUID()}.py`);
-            writeFileSync(tempFile, code);
+            writeFileSync(tempFile, code, { mode: 0o600 });
             try {
                 // Use spawnSync with array args to avoid command injection
                 const result = spawnSync('python3', ['-m', 'py_compile', tempFile], {

package/dist/cli.js

@@ -18,6 +18,8 @@ import { loginCommand, logoutCommand, whoamiCommand } from './commands/login.js'
 import { cronCommand } from './commands/cron.js';
 import { deployCommand } from './commands/deploy.js';
 import { testCommand } from './commands/test.js';
+import { securityCommand } from './commands/security.js';
+import { importCommand } from './commands/import.js';
 import { createRequire } from 'module';
 process.on('uncaughtException', (err) => {
     console.error('\x1b[31mFatal error:\x1b[0m', err.message);
@@ -33,6 +35,16 @@ process.on('unhandledRejection', (reason) => {
 });
 const require = createRequire(import.meta.url);
 const { version: VERSION } = require('../package.json');
+function semverNewer(latest, current) {
+    const parse = (v) => v.split('.').map(Number);
+    const [lMaj, lMin, lPatch] = parse(latest);
+    const [cMaj, cMin, cPatch] = parse(current);
+    if (lMaj !== cMaj)
+        return lMaj > cMaj;
+    if (lMin !== cMin)
+        return lMin > cMin;
+    return lPatch > cPatch;
+}
 async function checkForUpdates() {
     try {
         const res = await fetch('https://registry.npmjs.org/skrypt-ai/latest', {
@@ -41,9 +53,8 @@ async function checkForUpdates() {
         if (res.ok) {
             const data = await res.json();
             const version = data.version;
-            if (typeof version === 'string' && /^\d+\.\d+\.\d+/.test(version) && version !== VERSION) {
-                const latest = version;
-                console.log(`\n  Update available: ${VERSION} → ${latest}`);
+            if (typeof version === 'string' && /^\d+\.\d+\.\d+$/.test(version) && semverNewer(version, VERSION)) {
+                console.log(`\n  Update available: ${VERSION} → ${version}`);
                 console.log(`  Run: npm install -g skrypt-ai@latest\n`);
             }
         }
@@ -80,4 +91,6 @@ program.addCommand(whoamiCommand);
 program.addCommand(cronCommand);
 program.addCommand(deployCommand);
 program.addCommand(testCommand);
+program.addCommand(securityCommand);
+program.addCommand(importCommand);
 program.parse();

package/dist/commands/generate.js

@@ -6,6 +6,7 @@ import { DEFAULT_MODELS } from '../config/types.js';
 import { scanDirectory } from '../scanner/index.js';
 import { createLLMClient } from '../llm/index.js';
 import { generateForElements, groupDocsByFile, writeDocsToDirectory, writeDocsByTopic, writeLlmsTxt } from '../generator/index.js';
+import { showSecurityNotice } from '../auth/notices.js';
 /**
  * Read .skryptignore patterns from source directory
  */
@@ -60,9 +61,23 @@ function shouldExcludeElement(element, patterns) {
         // Match by name
         if (pattern.startsWith('name:')) {
             const namePattern = pattern.slice(5);
-            if (element.name === namePattern || element.name.match(new RegExp(namePattern))) {
+            if (element.name === namePattern) {
                 return true;
             }
+            // Only use regex if the pattern contains regex metacharacters
+            // Reject patterns with nested quantifiers to prevent catastrophic backtracking (ReDoS)
+            if (/[*+?{}()|[\]\\^$.]/.test(namePattern)) {
+                if (/(\+|\*|\?)\{|\(\?[^:)]|\(\.[*+].*\)\+|\([^)]*[+*][^)]*\)[+*]/.test(namePattern)) {
+                    continue; // Skip patterns prone to catastrophic backtracking
+                }
+                try {
+                    if (new RegExp(namePattern).test(element.name))
+                        return true;
+                }
+                catch {
+                    // Invalid regex — treat as literal match (already checked above)
+                }
+            }
         }
         // Match by file path
         else if (pattern.includes('/') || pattern.includes('*')) {
@@ -112,6 +127,11 @@ export const generateCommand = new Command('generate')
         if (options.output)
             config.output.path = options.output;
         if (options.provider) {
+            const validProviders = ['deepseek', 'openai', 'anthropic', 'google', 'ollama', 'openrouter'];
+            if (!validProviders.includes(options.provider)) {
+                console.error(`Error: Unknown provider "${options.provider}". Valid: ${validProviders.join(', ')}`);
+                process.exit(1);
+            }
             config.llm.provider = options.provider;
             // Use provider's default model unless explicitly specified
             if (!options.model) {
@@ -137,6 +157,8 @@ export const generateCommand = new Command('generate')
                 process.exit(1);
             }
         }
+        // First-run security notice
+        showSecurityNotice();
         console.log('skrypt generate');
         console.log(`  source:   ${config.source.path}`);
         console.log(`  output:   ${config.output.path}`);
@@ -145,6 +167,20 @@ export const generateCommand = new Command('generate')
         if (config.llm.baseUrl) {
             console.log(`  base url: ${config.llm.baseUrl}`);
         }
+        // Routing transparency
+        const providerEnvKeys = {
+            openai: 'OPENAI_API_KEY',
+            anthropic: 'ANTHROPIC_API_KEY',
+            google: 'GOOGLE_API_KEY',
+            deepseek: 'DEEPSEEK_API_KEY',
+        };
+        const providerKey = providerEnvKeys[config.llm.provider];
+        if (providerKey && process.env[providerKey]) {
+            console.log(`  routing:  direct to ${config.llm.provider} (BYOK — your key never touches Skrypt)`);
+        }
+        else if (config.llm.provider !== 'ollama') {
+            console.log('  routing:  via Skrypt API proxy');
+        }
         console.log('');
         // Check source exists
         const sourcePath = resolve(config.source.path);

package/dist/commands/import.d.ts

@@ -0,0 +1,2 @@
+import { Command } from 'commander';
+export declare const importCommand: Command;

package/dist/commands/import.js

@@ -0,0 +1,157 @@
+import { Command } from 'commander';
+import { existsSync, mkdirSync, cpSync, readFileSync, writeFileSync } from 'fs';
+import { resolve, join, dirname, basename } from 'path';
+import { fileURLToPath } from 'url';
+import { detectFormat, isGitHubUrl, parseGitHubUrl, runImport, importFromGitHub } from '../importers/index.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+export const importCommand = new Command('import')
+    .description('Import documentation from another platform')
+    .argument('<source>', 'Local directory or GitHub URL')
+    .option('--from <format>', 'Source format (mintlify, docusaurus, gitbook, readme, notion, confluence, markdown)')
+    .option('-o, --output <dir>', 'Output directory')
+    .option('--dry-run', 'Show what would be imported without writing files')
+    .option('--name <name>', 'Project name')
+    .action(async (source, options) => {
+    try {
+        console.log('skrypt import\n');
+        // Validate --from flag
+        const VALID_FORMATS = ['mintlify', 'docusaurus', 'gitbook', 'readme', 'notion', 'confluence', 'markdown'];
+        if (options.from && !VALID_FORMATS.includes(options.from)) {
+            console.error(`  Error: Unknown format "${options.from}". Valid formats: ${VALID_FORMATS.join(', ')}`);
+            process.exit(1);
+        }
+        let result;
+        if (isGitHubUrl(source)) {
+            // GitHub URL import
+            const { owner, repo, path, ref } = parseGitHubUrl(source);
+            console.log(`  Source: github.com/${owner}/${repo}/${path} (${ref})`);
+            result = await importFromGitHub(owner, repo, path, ref, {
+                format: options.from,
+                name: options.name,
+            });
+        }
+        else {
+            // Local directory import
+            const sourceDir = resolve(source);
+            if (!existsSync(sourceDir)) {
+                console.error(`  Error: Source directory not found: ${sourceDir}`);
+                process.exit(1);
+            }
+            const format = options.from || detectFormat(sourceDir);
+            console.log(`  Source: ${sourceDir} (${format})`);
+            result = runImport(sourceDir, format, options.name);
+        }
+        // Determine output directory
+        const outputDir = resolve(options.output || `${basename(source).replace(/[^a-zA-Z0-9-_]/g, '-')}-docs`);
+        console.log(`  Output: ${outputDir}`);
+        console.log('');
+        // Print migration report
+        printReport(result);
+        if (options.dryRun) {
+            console.log('  [dry run — no files written]\n');
+            return;
+        }
+        // Scaffold output directory
+        scaffoldOutput(outputDir, result);
+        console.log('  Next steps:');
+        console.log(`    cd ${outputDir} && npm install && npm run dev\n`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`  Error: ${message}`);
+        process.exit(1);
+    }
+});
+function printReport(result) {
+    console.log('  Imported:');
+    console.log(`    ${result.stats.pages} pages across ${result.stats.groups} groups`);
+    const { transforms } = result.stats;
+    if (transforms.callouts > 0)
+        console.log(`    ${transforms.callouts} callouts mapped`);
+    if (transforms.tabs > 0)
+        console.log(`    ${transforms.tabs} tabs mapped`);
+    if (transforms.codeGroups > 0)
+        console.log(`    ${transforms.codeGroups} code groups mapped`);
+    if (transforms.steps > 0)
+        console.log(`    ${transforms.steps} steps mapped`);
+    if (transforms.accordions > 0)
+        console.log(`    ${transforms.accordions} accordions mapped`);
+    if (transforms.images > 0)
+        console.log(`    ${transforms.images} images copied`);
+    if (result.warnings.length > 0) {
+        console.log('');
+        console.log('  Warnings:');
+        for (const w of result.warnings.slice(0, 10)) {
+            console.log(`    - ${w}`);
+        }
+        if (result.warnings.length > 10) {
+            console.log(`    ... and ${result.warnings.length - 10} more`);
+        }
+    }
+    console.log('');
+}
+function scaffoldOutput(outputDir, result) {
+    // Copy template
+    const templateDir = join(__dirname, '..', 'template');
+    if (existsSync(templateDir)) {
+        mkdirSync(outputDir, { recursive: true });
+        cpSync(templateDir, outputDir, { recursive: true });
+    }
+    else {
+        mkdirSync(outputDir, { recursive: true });
+    }
+    // Write transformed content files
+    for (const [filePath, content] of result.files) {
+        const outputPath = join(outputDir, filePath);
+        mkdirSync(dirname(outputPath), { recursive: true });
+        writeFileSync(outputPath, content);
+    }
+    // Copy assets
+    for (const [destPath, srcPath] of result.assets) {
+        const outputPath = join(outputDir, destPath);
+        mkdirSync(dirname(outputPath), { recursive: true });
+        try {
+            cpSync(srcPath, outputPath);
+        }
+        catch {
+            // Image may not exist (e.g. CDN URL)
+        }
+    }
+    // Generate docs.json navigation
+    const docsJson = {
+        name: result.name,
+        description: result.description,
+        theme: {
+            primaryColor: '#3b82f6',
+            accentColor: '#8b5cf6',
+            font: 'Inter',
+        },
+        navigation: result.navigation.map(group => ({
+            group: group.group,
+            pages: group.pages.map(page => ({
+                title: page.title,
+                path: `/docs/${page.slug}`,
+            })),
+        })),
+        footer: {
+            links: [],
+        },
+    };
+    writeFileSync(join(outputDir, 'docs.json'), JSON.stringify(docsJson, null, 2));
+    // Update package.json name if template exists
+    const pkgPath = join(outputDir, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            pkg.name = result.name.toLowerCase().replace(/[^a-z0-9-]/g, '-');
+            writeFileSync(pkgPath, JSON.stringify(pkg, null, 2));
+        }
+        catch { /* skip */ }
+    }
+    console.log(`  ✓ Wrote ${result.files.size} pages to ${outputDir}`);
+    if (result.assets.size > 0) {
+        console.log(`  ✓ Copied ${result.assets.size} assets`);
+    }
+    console.log('');
+}

package/dist/commands/init.js

@@ -35,15 +35,27 @@ export const initCommand = new Command('init')
         cpSync(templateDir, targetDir, { recursive: true });
         // Update package.json with project name
         const packageJsonPath = join(targetDir, 'package.json');
-        const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
-        packageJson.name = options.name;
-        writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2));
+        try {
+            const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+            packageJson.name = options.name;
+            writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2));
+        }
+        catch {
+            console.error('Error: Template package.json is missing or corrupted. Please reinstall skrypt.');
+            process.exit(1);
+        }
         // Update docs.json with project name
         const docsJsonPath = join(targetDir, 'docs.json');
-        const docsJson = JSON.parse(readFileSync(docsJsonPath, 'utf-8'));
-        docsJson.name = options.name;
-        docsJson.description = `${options.name} documentation`;
-        writeFileSync(docsJsonPath, JSON.stringify(docsJson, null, 2));
+        try {
+            const docsJson = JSON.parse(readFileSync(docsJsonPath, 'utf-8'));
+            docsJson.name = options.name;
+            docsJson.description = `${options.name} documentation`;
+            writeFileSync(docsJsonPath, JSON.stringify(docsJson, null, 2));
+        }
+        catch {
+            console.error('Error: Template docs.json is missing or corrupted. Please reinstall skrypt.');
+            process.exit(1);
+        }
         console.log('');
         console.log('Done! Next steps:');
         console.log('');