Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

checkpoint-client

Package Overview
Dependencies
Maintainers
3
Versions
39
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

checkpoint-client

javascript checkpoint client

  • 1.1.33
  • latest
  • npm
  • Socket score

Version published
Maintainers
3
Created
Source

Checkpoint Client

A TypeScript Checkpoint Client for the Checkpoint Server. Checkpoint provides version information and security alerts for your products.

import checkpoint from 'checkpoint-client'

checkpoint.check({
  product: 'prisma',
  version: '2.0.0',
})

Features

  • No impact on the developer experience of your CLI
  • Easily hook into any product
  • Bring your own styles

Install

npm install checkpoint-client

API

checkpoint.check(input: Input): Promise<Result>

Check for the latest version and inform the user of any security notices.

await checkpoint.check({
  product: 'prisma',
  version: '2.0.0',
})
Input
FieldAttributesDescription
productstring, requiredName of the product. Current we only support prisma.
versionstring, requiredCurrently installed version of the product (e.g. 1.0.0-rc0)
cli_path_hashstring, requiredA unique hash of the path in which the CLI is installed
project_hashstring, requiredA unique hash of the project's path, i.e.. the schema.prisma's path
disableboolean, requiredDisable checking for an update if it's not already cached. Useful for CI.
endpointstring, optionalCheckpoint server endpoint URL. Defaults to https://checkpoint.prisma.io.
timeoutnumber, optionalTime in milliseconds we should wait for a response before giving up.
archstring, optionalClient's operating system architecture (e.g. amd64).
osstring, optionalClient's operating system (e.g. darwin).
node_versionstring, optionalClient's node version (e.g. v12.12.0).
signaturestring, optionalRandom, non-identifiable signature to ensure alerts aren't repeated.
cache_filestring, optionalFile where we store the response for the cache_duration.
cache_durationnumber, optionalTime in milliseconds to store the response. Defaults to 12 hours.
remind_durationnumber, optionalTime in milliseconds to wait for a new reminder. Defaults to 48 hours.
forceboolean, optionalForce a check regardless of disable or CHECKPOINT_DISABLE.
unrefboolean, optionalControl when we should unreference the child. Use with care.
cli_install_typestring, optional'local' or 'global'
Result

The result's shape changes depending on the status:

status: "ok" and status: "reminded"

The ok status occurs when we our cached result is available and valid.

type Result = {
  status: 'ok'
  data: Output
}

The reminded status occurs when we recently checked the cache. This status is influenced by the remind_duration.

type Result = {
  status: 'reminded'
  data: Output
}

In both cases, the Output has the following shape:

FieldAttributesDescription
productstring, requiredProduct we're checking on.
current_versionstring, requiredLatest version of the product.
current_release_datenumber, requiredRelease date of the latest version in Unix time.
current_download_urlstring, requiredURL to download the latest version.
current_changelog_urlstring, requiredURL to the latest version's changelog.
project_websitestring, requiredWebsite for the project.
outdatedboolean, requiredTrue if the our version is outdated.
alerts[]Alert[], requiredNew security alerts or notices for this version.
.idstring, requiredID of the alert.
.datestring, requiredDate of the alert in Unix time.
.messagestring, requiredAlert message.
.urlstring, optionalURL for more information about the alert.
.levelstring, requiredSeverity of the alert.
status: "waiting"

The waiting status occurs when we don't have the cached result and we're requesting it from the checkpoint server.

type Result = {
  status: 'waiting'
  data: ChildProcess
}

If you like, you can pass unref: false as input and wait for the ChildProcess to exit. The child process prints out the Output to stdout. You can see an example in check-version.

status: "disabled"

The disabled status occurs when we've explicitly disabled this service. The most common case for this is in CI.

type Result = {
  status: 'disabled'
}

You can see an example for this in is-ci.

Environment variables
FieldAttributesDescription
CHECKPOINT_DISABLEstring, optionalDisable the checkpoint client
CHECKPOINT_TIMEOUTstring, optionalGlobally set timeout for our checkpoint client

Clearing the Cache

// macOS
ls ~/Library/Caches/checkpoint-nodejs
rm -rf ~/Library/Caches/checkpoint-nodejs

// Windows
C:\Users\Jan\AppData\Local\checkpoint-nodejs

// Linux
$XDG_CACHE_HOME/checkpoint-nodejs
Or
$HOME - /home/.cache/checkpoint-nodejs

Examples

You can use ts-node to run the examples:

npm install
npm run build
node dist/examples/is-ci.js

Publishing a new version on npm

  1. Create a release in the UI -> https://github.com/prisma/checkpoint-client/releases/new
    • Add a tag, use the version, like 1.1.30
      • Click on "Create new tag: on publish"
    • Add a release title, use the version, like 1.1.30
    • Click "Generate release notes" (add more info if needed)
    • "Target" should be "main" (default)
    • "Set as the latest release" should be checked (default)
    • Click "Publish release"
    • Monitor https://github.com/prisma/checkpoint-client/actions/workflows/release-latest.yml for the publish workflow
  2. Update checkpoint-client dependency in:

Previous instructions:

  1. Pull latest changes from GitHub
  2. Bump the package version
  3. Update the HISTORY.md. We recommend git-changelog. Run git changelog --tag 1.1.XX
  4. Run npm publish
  5. Run git commit -am "Release <version>"
  6. Run git tag <version>
  7. Run git push --tags origin main

You can automate steps 5-7 with git-release.

About Us

The Prisma Team is behind the Checkpoint Client – chat with us on Slack!

FAQs

Package last updated on 01 Dec 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc