Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@posthog/cli

Package Overview
Dependencies
Maintainers
22
Versions
72
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@posthog/cli - npm Package Compare versions

Comparing version
0.7.18
 to
0.7.20
+63
-50
CHANGELOG.md
# posthog-cli
# 0.7.18
## 0.7.20 — 2026-06-05
### Patch changes
- [81b679f143](https://github.com/PostHog/posthog/commit/81b679f14324668be61e6a3f55df04a60427ab75) Clarify the Hermes upload help text. — Thanks @cat-ph!
## 0.7.19 — 2026-06-04
### Patch changes
- [51fc41a92dd](https://github.com/PostHog/posthog/commit/51fc41a92dd46c8a6840152b1647dd6da6894cb9) Add help text for the SSL verification flag. — Thanks @cat-ph!
- [867f88d1e9f](https://github.com/PostHog/posthog/commit/867f88d1e9f00b922ff98f8be475f4e2839d8f7b) Clarify the CLI release tag format in the release docs. — Thanks @cat-ph!
## 0.7.18
- fix: rename `--env-file` to `--dotenv-file`. The npm package runs the CLI binary through a `node` wrapper script, and Node has its own built-in `--env-file` flag — so Node intercepted the flag before it reached the binary, failing with `node: .env: not found` for a missing file. `--env-file` still works as an alias for native installs.
# 0.7.17
## 0.7.17
- fix: treat a missing `--env-file` as a warning instead of a fatal error — the CLI logs that the file wasn't found and falls back to the other credential sources (process env, then stored credentials). A file that exists but can't be read still errors.
# 0.7.16
## 0.7.16
- feat: add `--dry-run` flag (and `POSTHOG_CLI_DRY_RUN` env var) to skip artifact uploads (sourcemap, dSYM, Hermes, ProGuard) without contacting PostHog or requiring credentials — for CI gates that bundle to catch regressions but must not upload.
# 0.7.15
## 0.7.15
- fix: make symbol upload retry logs clearer and report failed finalization explicitly.
# 0.7.14
## 0.7.14
- feat: add `--env-file <PATH>` to load `POSTHOG_CLI_HOST`, `POSTHOG_CLI_API_KEY`, and `POSTHOG_CLI_PROJECT_ID` (and their legacy aliases) from a dotenv-style file when not set in the process environment. Credentials are resolved atomically from a single source (process env first, then the file), so `POSTHOG_CLI_HOST` from the file cannot redirect a key supplied by the process env.
# 0.7.13
## 0.7.13
- chore: bump `cargo-dist` to 0.32.0; the new npm installer drops the bundled transitive deps that were carrying open CVEs (`axios`, `follow-redirects`, `minimatch`, `brace-expansion`)
# 0.7.12
## 0.7.12

@@ -32,3 +45,3 @@ - feat: add `--skip-on-conflict` to symbol upload commands for keeping existing symbol sets when content differs

# 0.7.11
## 0.7.11

@@ -38,3 +51,3 @@ - fix: resolve release once in `process` command to avoid race condition when multiple workers run in parallel

# 0.7.10
## 0.7.10

@@ -46,7 +59,7 @@ - feat: add `symbol-sets download` command to download symbol sets by ID or ref

# 0.7.9
## 0.7.9
- feat: warn and skip empty sourcemaps (no mappings/sources/names) during upload to surface bundler misconfigurations instead of silently uploading useless symbol sets
# 0.7.8
## 0.7.8

@@ -56,3 +69,3 @@ - feat: add `--build` flag to all upload commands (hermes, dsym, proguard, sourcemap) via shared ReleaseArgs

# 0.7.7
## 0.7.7

@@ -62,3 +75,3 @@ - fix: align `dsym upload` release flags with other upload commands by using `--release-name` / `--release-version` (with backward-compatible aliases)

# 0.7.5
## 0.7.5

@@ -69,7 +82,7 @@ - fix: stable source bundle for dSYM uploads — CU-anchored prefix filter prevents framework sources from changing the content hash

# 0.7.4
## 0.7.4
- fix: create per-UUID ZIP for dSYM uploads
# 0.7.3
## 0.7.3

@@ -79,11 +92,11 @@ - feat: enable symbol set compression

# 0.7.2
## 0.7.2
- feat: allow reading files and directories from stdin
# 0.7.1
## 0.7.1
- feat: track upload started and upload finished events
# 0.7.0
## 0.7.0

@@ -93,83 +106,83 @@ - feat: promote dsym, hermes, and proguard commands from experimental to top-level

# 0.6.2
## 0.6.2
- fix: endpoints now save to YAML with proper newlines
# 0.6.1
## 0.6.1
- chore: bump `cargo-dist` version
# 0.6.0
## 0.6.0
- Add experimental dSYM upload for iOS/macOS crash symbolication
# 0.5.30
## 0.5.30
- Add experimental dSYM upload for iOS/macOS crash symbolication
# 0.5.29
## 0.5.29
- chore: introduce env variable `POSTHOG_CLI_API_KEY` and `POSTHOG_CLI_PROJECT_ID` (backwards compatible)
# 0.5.28
## 0.5.28
- chore: introduce `--release-name` and `--release-version` options (backwards compatible)
# 0.5.27
## 0.5.27
- fix: only warns on release id mismatch errors
# 0.5.26
## 0.5.26
- feat: use env variables provided by github actions when available
# 0.5.24
## 0.5.24
- chore: add endpoints use case to cli auth flow
# 0.5.23
## 0.5.23
- feat: add experimental commands for endpoints management
# 0.5.22
## 0.5.22
- feat: add `--project` and `--version` to upload command to define release
# 0.5.20
## 0.5.20
- chore: add global `--rate-limit` option for Posthog client
# 0.5.19
## 0.5.19
- chore: upgrade cargo-dist to 0.30.3
# 0.5.18
## 0.5.18
- fix: fix git info parsing in vercel environment
# 0.5.17
## 0.5.17
- feat: add --file option to target built files directly
# 0.5.16
## 0.5.16
- fix: cut a new version for fixing compromised package
# 0.5.15
## 0.5.15
- Compromised
# 0.5.14
## 0.5.14
- Fix authentication issue on sourcemap upload
# 0.5.13
## 0.5.13
- Add `--include` option on sourcemap commands to match specific files inside directory
# 0.5.12
## 0.5.12
- Bug fixes and improvements
# 0.5.11
## 0.5.11

@@ -179,7 +192,7 @@ - Do not read bundle files as part of hermes sourcemap commands

# 0.5.10
## 0.5.10
- Add terminal checks for login and query command
# 0.5.9
## 0.5.9

@@ -189,23 +202,23 @@ - Improve error handling from api

# 0.5.8
## 0.5.8
- Adding experimental support for proguard mappings
# 0.5.7
## 0.5.7
- Fix bug where files point to the same sourcemap
# 0.5.6
## 0.5.6
- Adding experimental support for hermes sourcemaps
# 0.5.5
## 0.5.5
- When running inject command multiple times, we only update chunk ids when releases are different
# 0.5.4
## 0.5.4
- Added no fail flag to disable non-zero exit codes on errors.
# 0.5.3
## 0.5.3

@@ -215,3 +228,3 @@ - Add support for ignoring public path prefixes appended by bundlers to sourceMappingURLs when searching for sourcemaps

# 0.5.2
## 0.5.2

@@ -221,7 +234,7 @@ - Fixes a bug where chunks which shared a sourcemap were mishandled, leading to an error during upload in recent versions, and a silent

# 0.5.1
## 0.5.1
- Attempts to reduce impact of previous breaking changes - re-adds `--project` and `--version` arguments to sourcemap upload command, marking them as no longer used
# 0.5.0
## 0.5.0

@@ -228,0 +241,0 @@ - Sourcemap injection, upload and process commands made retriable. Significant improvement to release creation.

+2
-2
npm-shrinkwrap.json

@@ -22,3 +22,3 @@ {

"name": "@posthog/cli",
"version": "0.7.18"
"version": "0.7.20"
},

@@ -52,3 +52,3 @@ "node_modules/detect-libc": {

"requires": true,
"version": "0.7.18"
"version": "0.7.20"
}
+2
-2
package.json
{
"artifactDownloadUrls": [
"https://github.com/PostHog/posthog/releases/download/posthog-cli/v0.7.18"
"https://github.com/PostHog/posthog/releases/download/posthog-cli/v0.7.20"
],

@@ -117,3 +117,3 @@ "bin": {

},
"version": "0.7.18",
"version": "0.7.20",
"volta": {

@@ -120,0 +120,0 @@ "node": "18.14.1",