watchmen-cli 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,82 @@
1
+ #!/usr/bin/env node
2
+ "use strict";
3
+
4
+ // W-WIN-CMD-CRLF-1 mitigation — install a direct wm.exe alongside the
5
+ // npm-generated wm.cmd shim. cmd.exe's command-line parser splits on
6
+ // `\n` BEFORE wm.cmd's `%*` expansion runs, which silently truncates
7
+ // CR/LF-bearing args (the W-WIN-IP-CRLF-1 attack vector class) before
8
+ // they reach wm.exe. The v1.7.0 GetCommandLineW check inside wm.exe
9
+ // can only fire when args arrive intact — invoking wm.exe directly is
10
+ // the only way to guarantee that on Windows.
11
+ //
12
+ // Strategy: copy wm.exe to the npm bin prefix (where wm.cmd lives).
13
+ // Windows' default PATHEXT search order is `.EXE` before `.CMD`, so
14
+ // `wm <args>` from any shell resolves to wm.exe first. The auto-
15
+ // generated wm.cmd remains in place for backwards compatibility with
16
+ // explicit `.cmd` invocations.
17
+ //
18
+ // Failures here MUST NOT break the install — we exit 0 with a warning
19
+ // so npm doesn't roll back the package. The cmd shim still works for
20
+ // non-sensitive operations.
21
+
22
+ const fs = require("fs");
23
+ const path = require("path");
24
+ const os = require("os");
25
+
26
+ function main() {
27
+ // Only act on Windows; mac + linux have no cmd-shim CR/LF problem.
28
+ if (process.platform !== "win32") {
29
+ return 0;
30
+ }
31
+ // Only run on global installs — local node_modules/.bin/ has different
32
+ // semantics and a copy there would be unexpected.
33
+ if (process.env.npm_config_global !== "true") {
34
+ return 0;
35
+ }
36
+ const prefix = process.env.npm_config_prefix;
37
+ if (!prefix) {
38
+ console.warn("note: wm-install-shim: npm_config_prefix unset; skipping");
39
+ return 0;
40
+ }
41
+
42
+ let resolveBinary;
43
+ try {
44
+ ({ resolveBinary } = require(".."));
45
+ } catch (err) {
46
+ console.warn(`note: wm-install-shim: could not load shim resolver: ${err.message}`);
47
+ return 0;
48
+ }
49
+
50
+ let src;
51
+ try {
52
+ src = resolveBinary();
53
+ } catch (err) {
54
+ console.warn(`note: wm-install-shim: could not resolve platform binary: ${err.message}`);
55
+ return 0;
56
+ }
57
+
58
+ if (!fs.existsSync(src)) {
59
+ console.warn(`note: wm-install-shim: source binary missing at ${src}`);
60
+ return 0;
61
+ }
62
+
63
+ const dst = path.join(prefix, "wm.exe");
64
+ try {
65
+ fs.copyFileSync(src, dst);
66
+ console.log(
67
+ `wm-install-shim: copied wm.exe to ${dst}\n` +
68
+ ` Windows PATH will resolve 'wm' to this .exe (PATHEXT default puts .EXE\n` +
69
+ ` before .CMD), bypassing the cmd.exe %* CR/LF-truncation hazard.`
70
+ );
71
+ } catch (err) {
72
+ console.warn(
73
+ `note: wm-install-shim: could not write ${dst}: ${err.message}\n` +
74
+ ` The npm-generated wm.cmd shim will still work for non-sensitive\n` +
75
+ ` invocations. For CR/LF-safe IP input use \`wm watchdog firewall add\n` +
76
+ ` --ip-file <path>\` or invoke ${src} directly.`
77
+ );
78
+ }
79
+ return 0;
80
+ }
81
+
82
+ process.exit(main());
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "watchmen-cli",
3
- "version": "1.7.0",
3
+ "version": "1.7.1",
4
4
  "description": "Capture, compare, and transfer your complete development environment",
5
5
  "main": "shim.js",
6
6
  "keywords": [
@@ -25,17 +25,21 @@
25
25
  "bin": {
26
26
  "wm": "bin/wm.js"
27
27
  },
28
+ "scripts": {
29
+ "postinstall": "node bin/wm-install-shim.js"
30
+ },
28
31
  "engines": {
29
32
  "node": ">=18"
30
33
  },
31
34
  "optionalDependencies": {
32
- "watchmen-cli-darwin-arm64": "1.7.0",
33
- "watchmen-cli-linux-x64": "1.7.0",
34
- "watchmen-cli-win32-x64": "1.7.0"
35
+ "watchmen-cli-darwin-arm64": "1.7.1",
36
+ "watchmen-cli-linux-x64": "1.7.1",
37
+ "watchmen-cli-win32-x64": "1.7.1"
35
38
  },
36
39
  "files": [
37
40
  "shim.js",
38
41
  "bin/wm.js",
42
+ "bin/wm-install-shim.js",
39
43
  "README.md"
40
44
  ]
41
45
  }