@deco-team/deco-server - npm Package Compare versions

Comparing version 1.0.3 to 1.0.4

index.js

@@ -22,4 +22,3 @@ import express from "express";
 
-const { PLUGIN_SECRET_ENCRYPTION_STRING, LOGIN_JWT_KEY } = config;
-const DEFAULT_USER_PASSWORD = "kellykevinlindsaynickjill";
+const { PLUGIN_SECRET_ENCRYPTION_STRING, LOGIN_JWT_KEY, DEFAULT_USER_PASSWORD } = config;
 
@@ -1060,27 +1059,10 @@ // Decryption function
 
-// Imagine someone is looking through an plugin store and clicks "install"
-// We can send a request to this endpoint
-// Logic can be reused when an plugin requests an plugin be installed
-// serverInstance.get("/_meta/install", async (req, res) => {
-//   try {
-//     await installPlugin("http://localhost:4321/manifest.json");
-//     // At this point, we have to do a teardown and rebuild of the server routes
-
-//     await buildRoutes(server);
-
-//     console.log("Routes rebuilt successfully.");
-//     return res.status(200).send({ success: true });
-//   } catch (err) {
-//     console.log("Plugin installation failed.");
-//     console.log(err);
-//     return res.status(500).send({ success: false });
-//   }
-// });
-
-(async () => {
-  try {
-    await deco();
-  } catch (err) {
-    console.error(err);
-  }
-})();
+if (process.env.NODE_ENV === "development") {
+  (async () => {
+    try {
+      deco();
+    } catch (err) {
+      console.error(err);
+    }
+  })();
+}

package.json

 {
   "name": "@deco-team/deco-server",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "A web server that enables installable plugins, structured learning and bidirectional AI interactions.",
@@ -8,3 +8,4 @@ "main": "index.js",
     "dev": "nodemon index.js",
-    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js"
+    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "postinstall": "node ./lib/postInstall.js"
   },
@@ -16,2 +17,3 @@ "engines": {
     "db",
+    "lib",
     "index.js"
@@ -18,0 +20,0 @@ ],

README.md

@@ -57,2 +57,4 @@ # Deco Server
 
+[Here is the repository for the core plugins.](https://github.com/MikeCarbone/deco-core)
+
 Core plugins are the minimum plugins required to run a Deco server. These plugins bring core functionality to the server, like users, permissions, notifications, and more.
@@ -107,2 +109,5 @@
 - [x] Testing infrastructure
+- [ ] Multi-user database handling
+- [ ] Reset password flow
+- [ ] [Isolated VM](https://www.npmjs.com/package/isolated-vm) implementation for safe plugin execution
 - [ ] Updating / versioning plugins (checking for and executing)
@@ -109,0 +114,0 @@ - [ ] User profiles

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

51395

increased by1.2%

Number of package files

6

increased by20%

Lines of code

979

increased by0.93%

Number of lines in readme file

128

increased by4.07%

Worsened metrics

Number of high supply chain risk alerts

1

increased byInfinity%

Number of low supply chain risk alerts

9

increased by28.57%

No dependency changes