@hubspot/npm-scripts - npm Package Compare versions

Comparing version 0.0.5-experimental.1 to 0.0.5-experimental.2

package.json

 {
   "name": "@hubspot/npm-scripts",
-  "version": "0.0.5-experimental.1",
+  "version": "0.0.5-experimental.2",
   "description": "Scripts for working with npm packages in the HubSpot ecosystem",
@@ -5,0 +5,0 @@ "author": "",

src/types.d.ts

@@ -40,3 +40,4 @@ import { TAG, TAG_OPTIONS, VERSION_INCREMENT_OPTIONS, VSCODE_VERSION_INCREMENT_OPTIONS } from './constants/release.js';
     dryRun: boolean;
-    skipTests: boolean;
+    skipBranchValidation: boolean;
+    skipVersionCheck: boolean;
 };
@@ -43,0 +44,0 @@ export interface VscodeReleaseScriptBase {

src/vscode-release.js

@@ -14,10 +14,23 @@ import { exec as _exec } from 'node:child_process';
 function buildHandler({ build, packageName, localVersion, mainBranch, }) {
-    return async function handler({ versionIncrement, dryRun, skipTests, }) {
+    return async function handler({ versionIncrement, dryRun, skipBranchValidation, skipVersionCheck, }) {
         try {
             const branch = await getCurrentGitBranch();
             const isDryRun = Boolean(dryRun);
-            if (branch !== mainBranch) {
+            if (!skipBranchValidation && branch !== mainBranch) {
                 logger.error(`Releases can only be published from the ${mainBranch} branch. Current branch: ${branch}`);
                 process.exit(EXIT_CODES.ERROR);
             }
+            if (!skipVersionCheck) {
+                try {
+                    const { stdout: lastTag } = await exec('git describe --tags --abbrev=0');
+                    const lastTagVersion = lastTag.trim().replace(/^v/, '');
+                    if (lastTagVersion !== localVersion) {
+                        logger.error(`Local package.json version ${localVersion} is out of sync with the latest git tag v${lastTagVersion}`);
+                        process.exit(EXIT_CODES.ERROR);
+                    }
+                }
+                catch {
+                    logger.warn('No git tags found, skipping version check.');
+                }
+            }
             const newVersion = semver.inc(localVersion, versionIncrement);
@@ -39,35 +52,33 @@ if (!newVersion) {
             }
-            if (!skipTests) {
-                const userHasTested = await confirm({
-                    message: 'Have you tested the pre-release package locally?',
+            const userHasTested = await confirm({
+                message: 'Have you tested the pre-release package locally?',
+                default: false,
+            });
+            if (!userHasTested) {
+                logger.log('\nBuilding and packaging the pre-release for testing...\n');
+                if (build && typeof build === 'function') {
+                    await build();
+                }
+                else {
+                    logger.log('Installing dependencies...');
+                    await exec('yarn install');
+                    logger.log('Running linting...');
+                    await exec('yarn lint');
+                }
+                logger.log('\nPackaging pre-release...');
+                await exec('npx vsce package --pre-release -o releases/');
+                logger.success('Pre-release package created.');
+                logger.log('\nTo test the package locally:');
+                logger.log('  1. Open VS Code');
+                logger.log('  2. Go to the Extensions panel');
+                logger.log('  3. Click "..." menu → "Install from VSIX..."');
+                logger.log('  4. Select the .vsix file created above');
+                logger.log('  5. Test key functionality\n');
+                const readyToContinue = await confirm({
+                    message: 'Continue when you have finished testing the pre-release.',
                     default: false,
                 });
-                if (!userHasTested) {
-                    logger.log('\nBuilding and packaging the pre-release for testing...\n');
-                    if (build && typeof build === 'function') {
-                        await build();
-                    }
-                    else {
-                        logger.log('Installing dependencies...');
-                        await exec('yarn install');
-                        logger.log('Running linting...');
-                        await exec('yarn lint');
-                    }
-                    logger.log('\nPackaging pre-release...');
-                    await exec('npx vsce package --pre-release -o releases/');
-                    logger.success('Pre-release package created.');
-                    logger.log('\nTo test the package locally:');
-                    logger.log('  1. Open VS Code');
-                    logger.log('  2. Go to the Extensions panel');
-                    logger.log('  3. Click "..." menu → "Install from VSIX..."');
-                    logger.log('  4. Select the .vsix file created above');
-                    logger.log('  5. Test key functionality\n');
-                    const readyToContinue = await confirm({
-                        message: 'Continue when you have finished testing the pre-release.',
-                        default: false,
-                    });
-                    if (!readyToContinue) {
-                        logger.log('Release aborted.');
-                        process.exit(EXIT_CODES.SUCCESS);
-                    }
+                if (!readyToContinue) {
+                    logger.log('Release aborted.');
+                    process.exit(EXIT_CODES.SUCCESS);
                 }
@@ -141,7 +152,12 @@ }
         },
-        skipTests: {
-            describe: 'Skip the pre-release testing prompt',
+        skipBranchValidation: {
+            describe: 'Bypass the branch validation check',
             default: false,
             type: 'boolean',
         },
+        skipVersionCheck: {
+            describe: 'Bypass checking that the local version matches the published version',
+            default: false,
+            type: 'boolean',
+        },
     });
@@ -148,0 +164,0 @@ }

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

95036

0.83%

Lines of code

2038

0.84%

No dependency changes