🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@kilocode/openclaw-security-advisor
Advanced tools
@kilocode/openclaw-security-advisor - npm Package Compare versions
+9
-1
@@ -18,5 +18,13 @@ # Changelog | ||
| - README install section now leads with the `@dev` install command and explains why the plain install will fail until the first stable release ships. | ||
| - README install section leads with the plain install command (no `@dev` suffix) now that a stable release is shipping. The dev channel is documented as a prerelease option under `Channels`. | ||
| - README `Contributing` links to `AGENTS.md`, `RELEASING.md`, and `CHANGELOG.md` are now absolute GitHub URLs, so they resolve correctly on the npm package page (those docs were never shipped in the tarball). | ||
| - README now documents `KILO_API_KEY` as an alias for `KILOCODE_API_KEY` (both have always been accepted by the code). | ||
| - Removed the stale "The gateway restarts after device auth" troubleshooting entry. The restart no longer happens after the `reload.noopPrefixes` fix above. | ||
| - Exact-version install example updated from `0.1.0-dev.1` to `0.1.0`. | ||
| - RELEASING.md documents the first-publish `latest` dist-tag quirk, the workflow's reconciliation step, and what its expected `::warning::` output means. | ||
| ### Packaging | ||
| - Added npm `keywords` to `package.json` (`openclaw`, `kiloclaw`, `kilocode`, `security`) for registry discoverability. | ||
| ## [0.1.0-dev.1] - 2026-04-15 | ||
@@ -23,0 +31,0 @@ |
+7
-1
| { | ||
| "name": "@kilocode/openclaw-security-advisor", | ||
| "version": "0.1.0-dev.5", | ||
| "version": "0.1.0", | ||
| "type": "module", | ||
| "license": "MIT", | ||
| "description": "Security analysis plugin for OpenClaw instances, powered by KiloCode", | ||
| "keywords": [ | ||
| "openclaw", | ||
| "kiloclaw", | ||
| "kilocode", | ||
| "security" | ||
| ], | ||
| "//": "private: true is intentional — safety net against accidental `npm publish`. The publish script (script/publish.ts) strips this flag before packing and restores it after. Do NOT remove this without also having the publish pipeline in place.", | ||
@@ -8,0 +14,0 @@ "main": "index.ts", |
+13
-28
@@ -17,3 +17,3 @@ # @kilocode/openclaw-security-advisor | ||
| ```bash | ||
| openclaw plugins install @kilocode/openclaw-security-advisor@dev | ||
| openclaw plugins install @kilocode/openclaw-security-advisor | ||
| openclaw plugins enable openclaw-security-advisor | ||
@@ -23,11 +23,2 @@ openclaw gateway restart | ||
| > **Why `@dev`?** No stable release has shipped yet — only dev snapshots | ||
| > (`0.1.0-dev.N`). The `@dev` tag is currently the only working install | ||
| > path. Plain `openclaw plugins install @kilocode/openclaw-security-advisor` | ||
| > (without `@dev`) **will fail today** with a prerelease-guard error, | ||
| > because npm's `latest` dist-tag still points at a dev version on | ||
| > pre-stable packages. Once the first stable release (`X.Y.Z`) ships, | ||
| > you'll be able to drop the `@dev` suffix and use the plain command. | ||
| > See [Channels](#channels) below. | ||
| On first use, the plugin will walk you through a one-time device auth | ||
@@ -40,6 +31,6 @@ flow to connect your KiloCode account. | ||
| - **`latest`** — public stable releases (`X.Y.Z`). Default for plain | ||
| `npm install` / `openclaw plugins install`. Will exist once the first | ||
| stable release ships. | ||
| - **`dev`** — internal dogfood snapshots (`X.Y.Z-dev.N`). Install with: | ||
| - **`latest`** — stable releases (`X.Y.Z`). Default for plain | ||
| `npm install` / `openclaw plugins install`. | ||
| - **`dev`** — prerelease snapshots (`X.Y.Z-dev.N`) published ahead of | ||
| stable cuts for early testing. Install with: | ||
@@ -54,4 +45,2 @@ ```bash | ||
| attestation as stable releases (verify with `npm audit signatures`). | ||
| They're "internal" only by social convention and by being on a | ||
| non-default dist-tag — there's nothing technically restricting access. | ||
@@ -61,3 +50,3 @@ You can also install an exact version directly: | ||
| ```bash | ||
| openclaw plugins install @kilocode/openclaw-security-advisor@0.1.0-dev.1 | ||
| openclaw plugins install @kilocode/openclaw-security-advisor@0.1.0 | ||
| ``` | ||
@@ -183,5 +172,6 @@ | ||
| - `KILOCODE_API_KEY`: if set, the plugin uses this as the auth token | ||
| and skips the device auth flow entirely. Intended for environments | ||
| where an operator has already injected the key at boot. | ||
| - `KILOCODE_API_KEY` (alias: `KILO_API_KEY`): if set, the plugin uses | ||
| this as the auth token and skips the device auth flow entirely. | ||
| Intended for environments where an operator has already injected the | ||
| key at boot. | ||
| - `KILO_API_URL` or `KILOCODE_API_BASE_URL`: override the API base URL | ||
@@ -222,7 +212,2 @@ without touching the plugin config. | ||
| **The gateway restarts after device auth** | ||
| This is expected on first auth: the plugin writes your token to the | ||
| OpenClaw config, which triggers a one-time gateway reload. Subsequent | ||
| checkups don't reload. | ||
| --- | ||
@@ -232,5 +217,5 @@ | ||
| - [`AGENTS.md`](./AGENTS.md) — build, test, lint, code layout, and contribution rules. | ||
| - [`RELEASING.md`](./RELEASING.md) — how to cut a release. | ||
| - [`CHANGELOG.md`](./CHANGELOG.md) — release history. | ||
| - [`AGENTS.md`](https://github.com/Kilo-Org/openclaw-security-advisor/blob/main/AGENTS.md) — build, test, lint, code layout, and contribution rules. | ||
| - [`RELEASING.md`](https://github.com/Kilo-Org/openclaw-security-advisor/blob/main/RELEASING.md) — how to cut a release. | ||
| - [`CHANGELOG.md`](https://github.com/Kilo-Org/openclaw-security-advisor/blob/main/CHANGELOG.md) — release history. | ||
@@ -237,0 +222,0 @@ --- |
No alert changes
Improved metrics
- Total package byte prevSize
52283
0.23%Worsened metrics
- Number of lines in readme file
219
-6.41%No dependency changes