spec-up-t 1.6.3 → 1.6.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "spec-up-t",
-  "version": "1.6.3",
+  "version": "1.6.5",
   "description": "Technical specification drafting tool that generates rich specification documents from markdown. Forked from https://github.com/decentralized-identity/spec-up by Daniel Buchner (https://github.com/csuwildcat)",
   "main": "./index",
   "repository": {

package/src/install-from-boilerplate/custom-update.js

@@ -3,17 +3,20 @@ const { configOverwriteScriptsKeys } = require('./config-scripts-keys');
 const addScriptsKeys = require('./add-scripts-keys');
 const copySystemFiles = require('./copy-system-files');
 const { gitIgnoreEntries } = require('./config-gitignore-entries');
-const {updateGitignore} = require('./add-gitignore-entries');
+const { updateGitignore } = require('./add-gitignore-entries');
+const updateDependencies = require('./update-dependencies');
+const Logger = require('../utils/logger');
 
 
 addScriptsKeys(configScriptsKeys, configOverwriteScriptsKeys);
 copySystemFiles();
 updateGitignore(gitIgnoreEntries.gitignorePath, gitIgnoreEntries.filesToAdd);
 
-const Logger = require('../utils/logger');
-
 // We can use this file to do any custom updates during post-install.
 const customUpdate = () => {
+    // Update dependencies based on package.spec-up-t.json
+    updateDependencies();
+
     // Custom logic here
     // ...
 }

package/src/install-from-boilerplate/update-dependencies.js

@@ -0,0 +1,105 @@
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const Logger = require('../utils/logger');
+
+/**
+ * URL to the canonical package.spec-up-t.json in the starter-pack repository.
+ * This defines the recommended dependency versions for consuming repos.
+ */
+const STARTER_PACK_PACKAGE_URL = 'https://raw.githubusercontent.com/trustoverip/spec-up-t-starter-pack/main/package.spec-up-t.json';
+
+/**
+ * Fetches package.spec-up-t.json from the remote starter-pack repository.
+ * 
+ * @returns {Promise<Object>} The parsed package.spec-up-t.json content
+ * @throws {Error} If the fetch fails or the response is invalid
+ */
+function fetchStarterPackageConfig() {
+    return new Promise((resolve, reject) => {
+        https.get(STARTER_PACK_PACKAGE_URL, (response) => {
+            if (response.statusCode !== 200) {
+                reject(new Error(`Failed to fetch package.spec-up-t.json: HTTP ${response.statusCode}`));
+                return;
+            }
+
+            let data = '';
+            response.on('data', (chunk) => {
+                data += chunk;
+            });
+
+            response.on('end', () => {
+                try {
+                    const config = JSON.parse(data);
+                    resolve(config);
+                } catch (error) {
+                    reject(new Error(`Failed to parse package.spec-up-t.json: ${error.message}`));
+                }
+            });
+        }).on('error', (error) => {
+            reject(new Error(`Network error fetching package.spec-up-t.json: ${error.message}`));
+        });
+    });
+}
+
+/**
+ * Updates dependencies in the consuming repo's package.json based on the
+ * canonical package.spec-up-t.json from the starter-pack repository.
+ * This ensures that the consuming repo always has the correct dependency versions
+ * as specified by the spec-up-t-starter-pack.
+ */
+async function updateDependencies() {
+    // Path to the consuming repo's package.json
+    const consumerPackagePath = path.resolve(process.cwd(), 'package.json');
+
+    try {
+        // Fetch the canonical package.spec-up-t.json from the starter-pack repo
+        Logger.info('Fetching latest dependency configuration...');
+        const specUpPackage = await fetchStarterPackageConfig();
+
+        // Read consuming repo's package.json
+        if (!fs.existsSync(consumerPackagePath)) {
+            Logger.error('package.json not found at:', consumerPackagePath);
+            return;
+        }
+
+        const consumerPackageData = fs.readFileSync(consumerPackagePath, 'utf8');
+        const consumerPackage = JSON.parse(consumerPackageData);
+
+        // Initialize dependencies section if it doesn't exist
+        if (!consumerPackage.dependencies) {
+            consumerPackage.dependencies = {};
+        }
+
+        // Check if there are dependencies to update
+        if (!specUpPackage.dependencies) {
+            Logger.info('No dependencies found in package.spec-up-t.json');
+            return;
+        }
+
+        let updatedCount = 0;
+
+        // Update each dependency from package.spec-up-t.json
+        for (const [packageName, version] of Object.entries(specUpPackage.dependencies)) {
+            const currentVersion = consumerPackage.dependencies[packageName];
+
+            if (currentVersion !== version) {
+                consumerPackage.dependencies[packageName] = version;
+                updatedCount++;
+                Logger.info(`Updated ${packageName}: ${currentVersion || 'not installed'} -> ${version}`);
+            }
+        }
+
+        if (updatedCount > 0) {
+            // Write the updated package.json back to disk
+            fs.writeFileSync(consumerPackagePath, JSON.stringify(consumerPackage, null, 2) + '\n', 'utf8');
+            Logger.success(`Successfully updated ${updatedCount} dependenc${updatedCount === 1 ? 'y' : 'ies'} in package.json`);
+        } else {
+            Logger.info('All dependencies are already up to date');
+        }
+    } catch (error) {
+        Logger.error('Error updating dependencies:', error.message);
+    }
+}
+
+module.exports = updateDependencies;

package/src/pipeline/configuration/configure-starterpack.js

@@ -19,6 +19,9 @@ const defaultQuestions = [
     { field: 'title', prompt: 'Enter title', defaultValue: 'Spec-Up-T Starterpack' },
     { field: 'description', prompt: 'Enter description', defaultValue: 'Create technical specifications in markdown. Based on the original Spec-Up, extended with Terminology tooling' },
     { field: 'author', prompt: 'Enter author', defaultValue: 'Trust over IP Foundation' },
+    { field: 'logo', prompt: 'Enter logo URL', defaultValue: 'https://raw.githubusercontent.com/trustoverip/spec-up-t/refs/heads/master/src/install-from-boilerplate/boilerplate/static/logo.svg' },
+    { field: 'logo_link', prompt: 'Enter logo link URL', defaultValue: 'https://github.com/trustoverip/spec-up-t' },
+    { field: 'favicon', prompt: 'Enter favicon URL', defaultValue: 'https://raw.githubusercontent.com/trustoverip/spec-up-t/refs/heads/master/src/install-from-boilerplate/boilerplate/static/favicon.ico' },
     { field: 'account', prompt: 'Enter account', defaultValue: 'trustoverip' },
     { field: 'repo', prompt: 'Enter repo', defaultValue: 'spec-up-t-starter-pack' }
 ];

package/src/utils/git-info.js

@@ -11,6 +11,11 @@
 const { execSync } = require('child_process');
 const Logger = require('./logger');
 
+// Fixed PATH for security: only system directories, not user-writable
+const FIXED_PATH = process.platform === 'win32'
+    ? 'C:\\Windows\\system32;C:\\Windows'
+    : '/usr/bin:/bin:/usr/sbin:/sbin';
+
 /**
  * Gets the current Git branch name
  * 
@@ -21,7 +26,8 @@ function getCurrentBranch() {
         const branch = execSync('git branch --show-current', { 
             encoding: 'utf8',
             timeout: 5000,
-            stdio: ['pipe', 'pipe', 'pipe']
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: { ...process.env, PATH: FIXED_PATH }
         }).trim();
         
         if (branch) {
@@ -33,7 +39,8 @@ function getCurrentBranch() {
         const head = execSync('git rev-parse --abbrev-ref HEAD', {
             encoding: 'utf8',
             timeout: 5000,
-            stdio: ['pipe', 'pipe', 'pipe']
+            stdio: ['pipe', 'pipe', 'pipe'],
+            env: { ...process.env, PATH: FIXED_PATH }
         }).trim();
         
         if (head && head !== 'HEAD') {