super-release 1.1.3 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/npm/bin/super-release-darwin-aarch64.tar.gz.sha256 +1 -0
  2. package/npm/bin/super-release-darwin-x86_64.tar.gz.sha256 +1 -0
  3. package/npm/bin/super-release-linux-aarch64.tar.gz.sha256 +1 -0
  4. package/npm/bin/super-release-linux-x86_64-musl.tar.gz.sha256 +1 -0
  5. package/npm/bin/super-release-linux-x86_64.tar.gz.sha256 +1 -0
  6. package/npm/bin/super-release-windows-x86_64.zip.sha256 +1 -0
  7. package/npm/bin/super-release.js +22 -0
  8. package/package.json +2 -2
package/npm/bin/super-release-darwin-aarch64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 71794d83631b0d1836e6890a5d0a3360085bb3e2aad37080774026d936e30d1a super-release-darwin-aarch64.tar.gz
package/npm/bin/super-release-darwin-x86_64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ e853cd54e6a245b80fd8446afee4aaa81871af6ef6c415af108fee48a15979cb super-release-darwin-x86_64.tar.gz
package/npm/bin/super-release-linux-aarch64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 455d0bb89c981360e22092d65dc2cf21011c55a827807495fd88f63ab0cb585f super-release-linux-aarch64.tar.gz
package/npm/bin/super-release-linux-x86_64-musl.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ 80c6c77119ee232a7b8138a358b86bb6317cd0ef358473d8f2e0c868f9d29511 super-release-linux-x86_64-musl.tar.gz
package/npm/bin/super-release-linux-x86_64.tar.gz.sha256 ADDED
@@ -0,0 +1 @@
1
+ b9a26668bbe4efbff75e9169afd9fd0f4f6c380d5d440a3d7f066a7bba776eb5 super-release-linux-x86_64.tar.gz
package/npm/bin/super-release-windows-x86_64.zip.sha256 ADDED
@@ -0,0 +1 @@
1
+ F2250B18DE1F400175D88C5E65A27B7CFE2CE287FF153122C8564BBA5BD0FECC
package/npm/bin/super-release.js CHANGED
@@ -5,6 +5,7 @@ import {
5
5
  existsSync,
6
6
  mkdirSync,
7
7
  createWriteStream,
8
+ readFileSync,
8
9
  unlinkSync,
9
10
  chmodSync,
10
11
  } from "node:fs";
@@ -92,6 +93,27 @@ async function install() {
92
93
  const response = await download(url);
93
94
  await pipeline(response, createWriteStream(tmpFile));
94
95
 
96
+ const hashFile = join(__dirname, `${artifact}.${ext}.sha256`);
97
+ if (existsSync(hashFile)) {
98
+ const expectedHash = readFileSync(hashFile, "utf8").trim().split(/\s+/)[0].toLowerCase();
99
+ const fileBuffer = readFileSync(tmpFile);
100
+ const hashBuffer = await crypto.subtle.digest("SHA-256", fileBuffer);
101
+ const actualHash = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, "0")).join("");
102
+ if (actualHash !== expectedHash) {
103
+ console.error(`Hash mismatch for ${artifact}.${ext}!`);
104
+ console.error(` Expected: ${expectedHash}`);
105
+ console.error(` Actual: ${actualHash}`);
106
+ console.error(`This may indicate a tampered or corrupted download.`);
107
+ unlinkSync(tmpFile);
108
+ process.exit(1);
109
+ }
110
+ console.error(`Hash verified for ${artifact}.${ext}`);
111
+ } else {
112
+ console.error(`No hash file found at ${hashFile}, cannot verify download integrity.`);
113
+ unlinkSync(tmpFile);
114
+ process.exit(1);
115
+ }
116
+
95
117
  if (isWindows) {
96
118
  execFileSync("powershell", ["-Command", `Expand-Archive -Path '${tmpFile}' -DestinationPath '${__dirname}' -Force`], { stdio: "ignore" });
97
119
  } else {
package/package.json CHANGED
@@ -4,7 +4,7 @@
4
4
  },
5
5
  "description": "A fast semantic-release alternative for monorepos, written in Rust",
6
6
  "engines": {
7
- "node": ">=18"
7
+ "node": ">=20"
8
8
  },
9
9
  "files": [
10
10
  "npm/bin",
@@ -28,7 +28,7 @@
28
28
  "url": "git+https://github.com/BowlingX/super-release.git"
29
29
  },
30
30
  "type": "module",
31
- "version": "1.1.3",
31
+ "version": "1.2.0",
32
32
  "scripts": {
33
33
  "super-release": "node npm/bin/super-release.js"
34
34
  }