super-release 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/npm/bin/super-release-darwin-aarch64.tar.gz.sha256 +1 -0
  2. package/npm/bin/super-release-darwin-x86_64.tar.gz.sha256 +1 -0
  3. package/npm/bin/super-release-linux-aarch64.tar.gz.sha256 +1 -0
  4. package/npm/bin/super-release-linux-x86_64-musl.tar.gz.sha256 +1 -0
  5. package/npm/bin/super-release-linux-x86_64.tar.gz.sha256 +1 -0
  6. package/npm/bin/super-release-windows-x86_64.zip.sha256 +1 -0
  7. package/npm/bin/super-release.js +22 -0
  8. package/package.json +2 -2
package/npm/bin/super-release-darwin-aarch64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ f8f0f3bea7140dcf3d83b48e40880086137f73afe32237c5acca4e93b4fe7978 super-release-darwin-aarch64.tar.gz
package/npm/bin/super-release-darwin-x86_64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 97b0db18b7089bbd72467c5932864165fa1d84af68c105296f1226ec08ddd604 super-release-darwin-x86_64.tar.gz
package/npm/bin/super-release-linux-aarch64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ f04c6e51c2bcd4b21592fe531740586580fab32e81d4d25ccb31b91b13459d9c super-release-linux-aarch64.tar.gz
package/npm/bin/super-release-linux-x86_64-musl.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 1f8581d2d08ceb6b1bc8b3b63fae163fa561ff24e92fc7fa5ae15da9a89cc2d3 super-release-linux-x86_64-musl.tar.gz
package/npm/bin/super-release-linux-x86_64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 9a47bc384459f01d6fb83df3ab38851f2f7662e446d2e3d1ed114e4fb4129029 super-release-linux-x86_64.tar.gz
package/npm/bin/super-release-windows-x86_64.zip.sha256 ADDED
@@ -0,0 +1 @@
1
+ 04FCBE4653F84BD15706437F3CAB64C2E5C8E622A347A43DCB64BA31C7165BF5
package/npm/bin/super-release.js CHANGED
@@ -5,6 +5,7 @@ import {
5
5
  existsSync,
6
6
  mkdirSync,
7
7
  createWriteStream,
8
+ readFileSync,
8
9
  unlinkSync,
9
10
  chmodSync,
10
11
  } from "node:fs";
@@ -92,6 +93,27 @@ async function install() {
92
93
  const response = await download(url);
93
94
  await pipeline(response, createWriteStream(tmpFile));
94
95
 
96
+ const hashFile = join(__dirname, `${artifact}.${ext}.sha256`);
97
+ if (existsSync(hashFile)) {
98
+ const expectedHash = readFileSync(hashFile, "utf8").trim().split(/\s+/)[0].toLowerCase();
99
+ const fileBuffer = readFileSync(tmpFile);
100
+ const hashBuffer = await crypto.subtle.digest("SHA-256", fileBuffer);
101
+ const actualHash = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, "0")).join("");
102
+ if (actualHash !== expectedHash) {
103
+ console.error(`Hash mismatch for ${artifact}.${ext}!`);
104
+ console.error(` Expected: ${expectedHash}`);
105
+ console.error(` Actual: ${actualHash}`);
106
+ console.error(`This may indicate a tampered or corrupted download.`);
107
+ unlinkSync(tmpFile);
108
+ process.exit(1);
109
+ }
110
+ console.error(`Hash verified for ${artifact}.${ext}`);
111
+ } else {
112
+ console.error(`No hash file found at ${hashFile}, cannot verify download integrity.`);
113
+ unlinkSync(tmpFile);
114
+ process.exit(1);
115
+ }
116
+
95
117
  if (isWindows) {
96
118
  execFileSync("powershell", ["-Command", `Expand-Archive -Path '${tmpFile}' -DestinationPath '${__dirname}' -Force`], { stdio: "ignore" });
97
119
  } else {
package/package.json CHANGED
@@ -4,7 +4,7 @@
4
4
  },
5
5
  "description": "A fast semantic-release alternative for monorepos, written in Rust",
6
6
  "engines": {
7
- "node": ">=18"
7
+ "node": ">=20"
8
8
  },
9
9
  "files": [
10
10
  "npm/bin",
@@ -28,7 +28,7 @@
28
28
  "url": "git+https://github.com/BowlingX/super-release.git"
29
29
  },
30
30
  "type": "module",
31
- "version": "1.1.3",
31
+ "version": "1.1.4",
32
32
  "scripts": {
33
33
  "super-release": "node npm/bin/super-release.js"
34
34
  }