@qoder-ai/qodercli - npm Package Compare versions

Comparing version 0.2.5 to 0.2.6

package.json

 {
   "name": "@qoder-ai/qodercli",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "qodercli - npm installer",
@@ -47,3 +47,3 @@ "private": false,
   "binaries": {
-    "version": "0.2.5",
+    "version": "0.2.6",
     "files": [
@@ -53,4 +53,4 @@ {
         "arch": "arm64",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-darwin-arm64.tar.gz",
-        "sha256": "84c6dadf6d4b758d74bd1bd64aa7bff31d7dbed266bf75d3c47a652d5d81575f"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-darwin-arm64.tar.gz",
+        "sha256": "a04a55f730470cefdda69aeb383c43a92e945539d192b344c92b0f6625e3f9b2"
       },
@@ -60,4 +60,4 @@ {
         "arch": "amd64",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-darwin-x64.tar.gz",
-        "sha256": "d92f88a115b818bcc488d3661ee4ef3e4650c8baea65dcee9831fd2c43071af2"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-darwin-x64.tar.gz",
+        "sha256": "b98f2567f34f68269001326813f3c7b42fc5e31a342d2c0b19867684c43de185"
       },
@@ -67,4 +67,4 @@ {
         "arch": "arm64-musl",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-linux-arm64-musl.tar.gz",
-        "sha256": "d93c930dc580a1019d1ca474bd645d1ed7ebd1e57baa1d0ac29a28c73aa26f03"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-linux-arm64-musl.tar.gz",
+        "sha256": "f610dc8ddb74e6cdf3e3d1c382762929d7f5a1b81537dcbe5e47ff40c617f938"
       },
@@ -74,4 +74,4 @@ {
         "arch": "arm64",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-linux-arm64.tar.gz",
-        "sha256": "1e8bf94f468aa64e03a07694919ea9c44ad20869c35d5804671a0a65ec73c9fb"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-linux-arm64.tar.gz",
+        "sha256": "fbcd05cf64938ef2fa6228ae9026cebb1640d065f57c5bc3736748443e68746d"
       },
@@ -81,4 +81,4 @@ {
         "arch": "amd64-baseline",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-linux-x64-baseline.tar.gz",
-        "sha256": "b8104b3369f13b2bca7d48ceb3f9f52d389c2a0b4d43aa4bf2edbce7dd019ce2"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-linux-x64-baseline.tar.gz",
+        "sha256": "1985dd1d92c812c14f1869d556f7e0bc78cb3d154c43795bca5ec095d72fbd09"
       },
@@ -88,4 +88,4 @@ {
         "arch": "amd64-musl",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-linux-x64-musl.tar.gz",
-        "sha256": "a7abcaa6ae7774f663d053baf17ff9e3ed1ae5c47a49704d07fb7d810b881651"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-linux-x64-musl.tar.gz",
+        "sha256": "15842d2aa43c60c8985801ac9d1491054a140448f700fe4d14bc228dda6c7a7e"
       },
@@ -95,4 +95,4 @@ {
         "arch": "amd64",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-linux-x64.tar.gz",
-        "sha256": "3ababd13ffa541b8e75cd7544085c432c54c47664c8395c9ba2b3fc35cc94044"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-linux-x64.tar.gz",
+        "sha256": "be3b283db58e36394ac9c15b3b966f23188d6795be7e1edbec5535c9d8153293"
       },
@@ -102,4 +102,4 @@ {
         "arch": "amd64",
-        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.5/qodercli-windows-x64.zip",
-        "sha256": "66cd16400ef9a89481a66ad5b2b0386d0e68ac6ae521f138aa144ae44f6037f3"
+        "url": "https://qoder-ide.oss-accelerate.aliyuncs.com/qodercli/releases/0.2.6/qodercli-windows-x64.zip",
+        "sha256": "2ad9cfb48b9d686f561507bbbe49b064441762363db1f63717f1840efcc6aca1"
       }
@@ -106,0 +106,0 @@ ]

scripts/install.js

@@ -60,5 +60,6 @@ #!/usr/bin/env node
       case 'x64':
-        // On Linux x64, check if CPU supports AVX instructions.
-        // CPUs without AVX need the baseline binary to avoid SIGILL.
-        if (process.platform === 'linux' && !this.hasAVX()) {
+        // On Linux x64, check if CPU supports AVX2 instructions.
+        // Bun optimized binaries require AVX2/BMI2/FMA3 (-march=haswell).
+        // CPUs with only AVX1 (e.g. Ivy Bridge) will SIGILL on BMI2 instructions.
+        if (process.platform === 'linux' && !this.hasAVX2()) {
           return 'amd64-baseline';
@@ -75,12 +76,14 @@ }
   /**
-   * Check if the CPU supports AVX instructions by reading /proc/cpuinfo.
-   * Returns true if AVX is present or detection is unavailable.
-   * Only returns false when we can confirm AVX is absent.
+   * Check if the CPU supports AVX2 instructions by reading /proc/cpuinfo.
+   * Bun optimized binaries are compiled with -march=haswell, requiring
+   * AVX2/BMI1/BMI2/FMA3. AVX1-only CPUs (e.g. Ivy Bridge) will SIGILL.
+   * Returns true if AVX2 is present or detection is unavailable.
+   * Only returns false when we can confirm AVX2 is absent.
    */
-  hasAVX() {
+  hasAVX2() {
     try {
       const cpuinfo = fs.readFileSync('/proc/cpuinfo', 'utf-8');
-      return /^flags\s*:.*\bavx\b/m.test(cpuinfo);
+      return /^flags\s*:.*\bavx2\b/m.test(cpuinfo);
     } catch (e) {
-      // If we can't read cpuinfo, assume AVX is present (safer default)
+      // If we can't read cpuinfo, assume AVX2 is present (safer default)
       return true;
@@ -87,0 +90,0 @@ }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Unidentified License

License

Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Fixed alerts

AI-detected potential malware

Supply chain risk

AI has identified this package as malware. This is a strong signal that the package may be malicious.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Unidentified License

License

Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

36593

0.66%

Lines of code

590

0.51%

Number of high supply chain risk alerts

1

-50%

No dependency changes