@circlesac/tsk - npm Package Compare versions

Comparing version 0.0.1 to 26.3.0

bin/install.js

+import https from "https";
+import fs from "fs";
+import path from "path";
+import { execSync } from "child_process";
+import { fileURLToPath } from "url";
+import { createRequire } from "module";
+
+const require = createRequire(import.meta.url);
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+const REPO = "circlesac/tsk-cli";
+
+const PLATFORMS = {
+  "darwin-x64": { artifact: "tsk-darwin-x64", ext: ".tar.gz" },
+  "darwin-arm64": { artifact: "tsk-darwin-arm64", ext: ".tar.gz" },
+  "linux-x64": { artifact: "tsk-linux-x64", ext: ".tar.gz" },
+  "linux-arm64": { artifact: "tsk-linux-arm64", ext: ".tar.gz" },
+};
+
+function download(url) {
+  return new Promise((resolve, reject) => {
+    https.get(url, (res) => {
+      if (res.statusCode === 302 || res.statusCode === 301) {
+        return download(res.headers.location).then(resolve).catch(reject);
+      }
+      if (res.statusCode !== 200) return reject(new Error(`HTTP ${res.statusCode}`));
+      const chunks = [];
+      res.on("data", (c) => chunks.push(c));
+      res.on("end", () => resolve(Buffer.concat(chunks)));
+      res.on("error", reject);
+    });
+  });
+}
+
+const nativeDir = path.join(__dirname, "native");
+const binPath = path.join(nativeDir, "tsk");
+
+if (!fs.existsSync(binPath)) {
+  const { version } = require("../package.json");
+  if (version) {
+    const platform = `${process.platform}-${process.arch}`;
+    const info = PLATFORMS[platform];
+    if (!info) {
+      console.error(`Unsupported platform: ${platform}`);
+      process.exit(1);
+    }
+
+    const { artifact, ext } = info;
+    const url = `https://github.com/${REPO}/releases/download/v${version}/${artifact}${ext}`;
+    console.info(`Downloading tsk v${version} for ${platform}...`);
+
+    const data = await download(url);
+    fs.mkdirSync(nativeDir, { recursive: true });
+
+    const tmp = path.join(nativeDir, `tmp${ext}`);
+    fs.writeFileSync(tmp, data);
+    execSync(`tar xzf "${tmp}"`, { cwd: nativeDir });
+    fs.unlinkSync(tmp);
+
+    fs.chmodSync(binPath, 0o755);
+    console.info("Installed successfully.");
+  }
+}

bin/install.sh

+#!/bin/sh
+set -e
+
+REPO="circlesac/tsk-cli"
+INSTALL_DIR="${INSTALL_DIR:-/usr/local/bin}"
+
+OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+
+case "$OS-$ARCH" in
+  darwin-arm64)  TARGET="tsk-darwin-arm64" ;;
+  darwin-x86_64) TARGET="tsk-darwin-x64" ;;
+  linux-aarch64) TARGET="tsk-linux-arm64" ;;
+  linux-x86_64)  TARGET="tsk-linux-x64" ;;
+  *) echo "Unsupported platform: $OS-$ARCH"; exit 1 ;;
+esac
+
+VERSION=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name"' | cut -d'"' -f4)
+URL="https://github.com/$REPO/releases/download/$VERSION/$TARGET.tar.gz"
+
+echo "Installing tsk $VERSION..."
+curl -fsSL "$URL" | tar xz -C "$INSTALL_DIR"
+chmod +x "$INSTALL_DIR/tsk"
+echo "Installed to $INSTALL_DIR/tsk"

package.json

 {
-  "name": "@circlesac/tsk",
-  "description": "Circles Tasks — unified task management CLI",
-  "type": "module",
   "bin": {
-    "tsk": "bin/tsk.mjs"
+    "tsk": "bin/tsk"
   },
+  "dependencies": {
+    "citty": "^0.1.6",
+    "marklassian": "^1.2.0"
+  },
+  "description": "Circles Tasks — unified task management CLI",
+  "devDependencies": {
+    "bun-types": "^1.3.11"
+  },
   "files": [
     "bin"
   ],
-  "scripts": {},
   "license": "MIT",
+  "name": "@circlesac/tsk",
   "repository": {
@@ -17,9 +22,9 @@ "type": "git",
   },
-  "devDependencies": {
-    "bun-types": "^1.3.11"
+  "scripts": {
+    "build": "bun build --compile --outfile=dist/tsk src/index.ts",
+    "dev": "bun run src/index.ts",
+    "postinstall": "node bin/install.js"
   },
-  "dependencies": {
-    "marklassian": "^1.2.0"
-  },
-  "version": "0.0.1"
+  "type": "module",
+  "version": "26.3.0"
 }

bin/tsk.mjs

-#!/usr/bin/env node
-import { spawnSync } from "node:child_process";
-import { existsSync } from "node:fs";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const ext = process.platform === "win32" ? ".exe" : "";
-const bin = path.join(__dirname, "native", `tsk${ext}`);
-
-if (!existsSync(bin)) {
-  await import("./install.js");
-}
-const result = spawnSync(bin, process.argv.slice(2), { stdio: "inherit" });
-process.exit(result.status ?? 1);

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed or built. Malicious packages often use scripts that run automatically to execute payloads or fetch additional code.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4781

152.83%

Number of package files

5

66.67%

Lines of code

53

307.69%

Number of low quality alerts

1

-50%

Worsened metrics

Dependency count

2

100%

Number of high supply chain risk alerts

1

Infinity%

Number of low supply chain risk alerts

3

Infinity%

Number of medium supply chain risk alerts

2

Infinity%

Dependency changes

• + Added

  citty@^0.1.6

• + Added

  citty@0.1.6
  (transitive)

• + Added

  consola@3.4.2
  (transitive)