
Security News
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
@agent-pattern-labs/iso-migrate
Advanced tools
Deterministic project migrations for AI-agent workflow packages: plan, apply, check, and explain JSON/text file upgrades without model calls.
Deterministic project migrations for AI-agent workflow packages.
iso-migrate answers: what local project-owned files need to change for this
package upgrade? It plans and applies idempotent JSON/text migrations without
model calls, MCP servers, shell-specific patch scripts, or a mandatory migration
history database.
It is:
plan shows pending edits, check fails when drift remains.npm install @agent-pattern-labs/iso-migrate
iso-migrate plan --config migrations.json --root .
iso-migrate apply --config migrations.json --root .
iso-migrate check --config migrations.json --root .
iso-migrate explain --config migrations.json
check exits 1 when changes are still pending, which makes it useful in CI.
iso-migrate plan \
--config examples/jobforge-consumer-migrations.json \
--root /path/to/jobforge-consumer
iso-migrate apply \
--config examples/jobforge-consumer-migrations.json \
--root /path/to/jobforge-consumer
The bundled example adds job-forge index:* npm scripts, bumps a job-forge
dependency range, and ensures generated local state paths are ignored.
{
"version": 1,
"migrations": [
{
"id": "add-index",
"description": "Add artifact-index commands.",
"operations": [
{
"type": "json-merge",
"path": "package.json",
"pointer": "/scripts",
"value": {
"index:status": "job-forge index:status"
}
},
{
"type": "ensure-lines",
"path": ".gitignore",
"lines": [".jobforge-index.json"]
}
]
}
]
}
json-set: set a JSON pointer to a JSON value.json-merge: deep-merge an object at a JSON pointer.ensure-lines: ensure exact text lines exist, optionally near an after or before anchor.replace: replace exact text, once or globally.write-file: write a file, with optional overwrite protection.All operation paths are relative to --root; absolute paths and path traversal
are rejected.
import {
loadMigrationConfig,
runMigrations,
} from "@agent-pattern-labs/iso-migrate";
const config = loadMigrationConfig(JSON.parse(configText));
const plan = runMigrations(config, { root: process.cwd(), dryRun: true });
if (plan.changed) {
runMigrations(config, { root: process.cwd(), dryRun: false });
}
iso-migrate does not decide when a domain package should run migrations, and
it does not replace semantic versioning. Domain packages own migration ordering,
release policy, and any domain-specific validation after files change.
FAQs
Deterministic project migrations for AI-agent workflow packages: plan, apply, check, and explain JSON/text file upgrades without model calls.
The npm package @agent-pattern-labs/iso-migrate receives a total of 22 weekly downloads. As such, @agent-pattern-labs/iso-migrate popularity was classified as not popular.
We found that @agent-pattern-labs/iso-migrate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.