You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
@cubis/foundry
Advanced tools
@cubis/foundry - npm Package Compare versions
@@ -15,3 +15,3 @@ ````markdown | ||
| Generate and maintain `postman_setting.json` as the primary Postman configuration. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
| Generate and maintain `cbx_config.json` as the primary Postman configuration (workspace: `./cbx_config.json`, global: `~/.cbx/cbx_config.json`). Use `postman_setting.json` only as a legacy fallback when `cbx_config.json` is unavailable. When both files exist, always use `cbx_config.json` and do not reference `postman_setting.json` in normal responses. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
@@ -72,3 +72,3 @@ ## Step 2 | ||
| **Authentication**: Env-first via `postman_setting.json` + `POSTMAN_API_KEY`; inline `apiKey` is optional. | ||
| **Authentication**: Env-first via `cbx_config.json` + `POSTMAN_API_KEY` (legacy fallback: `postman_setting.json`); inline `apiKey` is optional. | ||
@@ -75,0 +75,0 @@ ## Available MCP Servers |
@@ -13,3 +13,3 @@ --- | ||
| Generate and maintain `postman_setting.json` as the primary Postman configuration. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
| Generate and maintain `cbx_config.json` as the primary Postman configuration (workspace: `./cbx_config.json`, global: `~/.cbx/cbx_config.json`). Use `postman_setting.json` only as a legacy fallback when `cbx_config.json` is unavailable. When both files exist, always use `cbx_config.json` and do not reference `postman_setting.json` in normal responses. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
@@ -70,3 +70,3 @@ ## Step 2 | ||
| **Authentication**: Env-first via `postman_setting.json` + `POSTMAN_API_KEY`; inline `apiKey` is optional. | ||
| **Authentication**: Env-first via `cbx_config.json` + `POSTMAN_API_KEY` (legacy fallback: `postman_setting.json`); inline `apiKey` is optional. | ||
@@ -73,0 +73,0 @@ ## Available MCP Servers |
@@ -15,3 +15,3 @@ --- | ||
| Generate and maintain `postman_setting.json` as the primary Postman configuration. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
| Generate and maintain `cbx_config.json` as the primary Postman configuration (workspace: `./cbx_config.json`, global: `~/.cbx/cbx_config.json`). Use `postman_setting.json` only as a legacy fallback when `cbx_config.json` is unavailable. When both files exist, always use `cbx_config.json` and do not reference `postman_setting.json` in normal responses. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
@@ -72,3 +72,3 @@ ## Step 2 | ||
| **Authentication**: Env-first via `postman_setting.json` + `POSTMAN_API_KEY`; inline `apiKey` is optional. | ||
| **Authentication**: Env-first via `cbx_config.json` + `POSTMAN_API_KEY` (legacy fallback: `postman_setting.json`); inline `apiKey` is optional. | ||
@@ -75,0 +75,0 @@ ## Available MCP Servers |
@@ -13,3 +13,3 @@ --- | ||
| Generate and maintain `postman_setting.json` as the primary Postman configuration. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
| Generate and maintain `cbx_config.json` as the primary Postman configuration (workspace: `./cbx_config.json`, global: `~/.cbx/cbx_config.json`). Use `postman_setting.json` only as a legacy fallback when `cbx_config.json` is unavailable. When both files exist, always use `cbx_config.json` and do not reference `postman_setting.json` in normal responses. Use env-first authentication by default: keep `apiKey` as `null`, set `apiKeyEnvVar` to `POSTMAN_API_KEY`, and read the key from environment variables. Only store `apiKey` inline when the user explicitly requests file-based key storage. Keep `defaultWorkspaceId` nullable (`null` when unknown) so workflows can run without a preselected workspace. | ||
@@ -70,3 +70,3 @@ ## Step 2 | ||
| **Authentication**: Env-first via `postman_setting.json` + `POSTMAN_API_KEY`; inline `apiKey` is optional. | ||
| **Authentication**: Env-first via `cbx_config.json` + `POSTMAN_API_KEY` (legacy fallback: `postman_setting.json`); inline `apiKey` is optional. | ||
@@ -73,0 +73,0 @@ ## Available MCP Servers |
+7
-0
@@ -5,2 +5,9 @@ # Changelog | ||
| ## [0.3.27] - 2026-02-26 | ||
| ### Changed | ||
| - Updated Postman skill/power guidance to use `cbx_config.json` as the default config source with `POSTMAN_API_KEY` env-first auth. | ||
| - Added explicit instruction to avoid referencing `postman_setting.json` in normal responses when `cbx_config.json` exists. | ||
| ## [0.3.26] - 2026-02-26 | ||
@@ -7,0 +14,0 @@ |
+1
-1
| { | ||
| "name": "@cubis/foundry", | ||
| "version": "0.3.26", | ||
| "version": "0.3.27", | ||
| "description": "Cubis Foundry CLI for workflow-first AI agent environments", | ||
@@ -5,0 +5,0 @@ "type": "module", |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
21065355
0.01%No dependency changes