@withone/cli
Advanced tools
@withone/cli - npm Package Compare versions
Sorry, the diff of this file is too big to display
| import { | ||
| FlowRunner, | ||
| collectStepTypes, | ||
| flowRequiresBash, | ||
| flowUsesCodeModules, | ||
| getFlowRootDir, | ||
| listFlows, | ||
| loadFlow, | ||
| loadFlowWithMeta, | ||
| resolveFlowPath, | ||
| saveFlow, | ||
| summarizeFlowInputs, | ||
| walkSteps | ||
| } from "./chunk-A5AFLKCQ.js"; | ||
| export { | ||
| FlowRunner, | ||
| collectStepTypes, | ||
| flowRequiresBash, | ||
| flowUsesCodeModules, | ||
| getFlowRootDir, | ||
| listFlows, | ||
| loadFlow, | ||
| loadFlowWithMeta, | ||
| resolveFlowPath, | ||
| saveFlow, | ||
| summarizeFlowInputs, | ||
| walkSteps | ||
| }; |
+1
-1
| { | ||
| "name": "@withone/cli", | ||
| "version": "1.40.0", | ||
| "version": "1.41.0", | ||
| "description": "CLI for managing One", | ||
@@ -5,0 +5,0 @@ "type": "module", |
@@ -285,3 +285,3 @@ # One Workflows — Multi-Step API Workflows | ||
| "actionId": "conn_mod_def::xxx::yyy", | ||
| "connectionKey": "$.input.stripeConnectionKey", | ||
| "connection": { "platform": "stripe" }, | ||
| "data": { "query": "email:'{{$.input.customerEmail}}'" } | ||
@@ -292,2 +292,9 @@ } | ||
| **Connection forms.** Each action step sets exactly one of: | ||
| - **`connection: { platform: "<name>", "tag"?: "<tag>" }`** (preferred) — late-bound, resolved at flow-execute time. Survives re-auth (which always mints a new key). Use `tag` to disambiguate when a platform has multiple connections (e.g. multi-account Gmail). Both `platform` and `tag` accept `$.input.x` selectors so flows can be parameterised per-execution. | ||
| - **`connectionKey: "<literal-or-selector>"`** (legacy) — passes the key string straight through. Still supported for backwards compat, but breaks on re-auth and forces manual edits across every flow that references the stale key. Migrate to `connection` when convenient. | ||
| The validator rejects an action that sets both forms (or neither) at `flow validate` and `flow execute` time. | ||
| ### `transform` — JS expression (implicit return) | ||
@@ -294,0 +301,0 @@ |
Sorry, the diff of this file is too big to display
| import { | ||
| FlowRunner, | ||
| collectStepTypes, | ||
| flowRequiresBash, | ||
| flowUsesCodeModules, | ||
| getFlowRootDir, | ||
| listFlows, | ||
| loadFlow, | ||
| loadFlowWithMeta, | ||
| resolveFlowPath, | ||
| saveFlow, | ||
| summarizeFlowInputs, | ||
| walkSteps | ||
| } from "./chunk-SSEDFOVV.js"; | ||
| export { | ||
| FlowRunner, | ||
| collectStepTypes, | ||
| flowRequiresBash, | ||
| flowUsesCodeModules, | ||
| getFlowRootDir, | ||
| listFlows, | ||
| loadFlow, | ||
| loadFlowWithMeta, | ||
| resolveFlowPath, | ||
| saveFlow, | ||
| summarizeFlowInputs, | ||
| walkSteps | ||
| }; |
Sorry, the diff of this file is too big to display
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
558913
0.6%- Lines of code
12508
0.26%- Number of low supply chain risk alerts
93
-8.82%