context-mode - npm Package Compare versions

Comparing version 1.0.34 to 1.0.35

.claude-plugin/marketplace.json

@@ -9,3 +9,3 @@ {
     "description": "Claude Code plugins by Mert Koseoğlu",
-    "version": "1.0.34"
+    "version": "1.0.35"
   },
@@ -17,3 +17,3 @@ "plugins": [
       "description": "Claude Code MCP plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
-      "version": "1.0.34",
+      "version": "1.0.35",
       "author": {
@@ -20,0 +20,0 @@ "name": "Mert Koseoğlu"

.claude-plugin/plugin.json

 {
   "name": "context-mode",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "description": "MCP server that saves 98% of your context window with session continuity. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and automatic state restore across compactions.",
@@ -5,0 +5,0 @@ "author": {

.openclaw-plugin/openclaw.plugin.json

@@ -6,3 +6,3 @@ {
   "description": "OpenClaw plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "sandbox": {
@@ -9,0 +9,0 @@ "mode": "permissive",

.openclaw-plugin/package.json

 {
   "name": "context-mode",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "description": "OpenClaw plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
@@ -5,0 +5,0 @@ "author": {

build/cli.js

@@ -504,10 +504,13 @@ #!/usr/bin/env node
     // Also ensure CLI binaries are executable (tsc doesn't set +x)
-    for (const bin of ["build/cli.js", "cli.bundle.mjs"]) {
-        const binPath = resolve(pluginRoot, bin);
-        try {
-            accessSync(binPath, constants.F_OK);
-            execSync(`chmod +x "${binPath}"`, { stdio: "ignore" });
-            permSet.push(binPath);
+    // chmod is POSIX-only — skip on Windows where execute bits are irrelevant
+    if (process.platform !== "win32") {
+        for (const bin of ["build/cli.js", "cli.bundle.mjs"]) {
+            const binPath = resolve(pluginRoot, bin);
+            try {
+                accessSync(binPath, constants.F_OK);
+                execSync(`chmod +x "${binPath}"`, { stdio: "ignore" });
+                permSet.push(binPath);
+            }
+            catch { /* not found — skip */ }
         }
-        catch { /* not found — skip */ }
     }
@@ -514,0 +517,0 @@ if (permSet.length > 0) {

openclaw.plugin.json

@@ -6,3 +6,3 @@ {
   "description": "OpenClaw plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "sandbox": {
@@ -9,0 +9,0 @@ "mode": "permissive",

package.json

 {
   "name": "context-mode",
-  "version": "1.0.34",
+  "version": "1.0.35",
   "type": "module",
@@ -62,3 +62,3 @@ "description": "MCP plugin that saves 98% of your context window. Works with Claude Code, Gemini CLI, VS Code Copilot, OpenCode, and Codex CLI. Sandboxed code execution, FTS5 knowledge base, and intent-driven search.",
   "scripts": {
-    "build": "tsc && chmod +x build/cli.js",
+    "build": "tsc && node -e \"if(process.platform!=='win32'){require('fs').chmodSync('build/cli.js',0o755)}\"",
     "bundle": "esbuild src/server.ts --bundle --platform=node --target=node18 --format=esm --outfile=server.bundle.mjs --external:better-sqlite3 --external:turndown --external:turndown-plugin-gfm --external:@mixmark-io/domino --minify && esbuild src/cli.ts --bundle --platform=node --target=node18 --format=esm --outfile=cli.bundle.mjs --external:better-sqlite3 --minify && esbuild src/session/extract.ts --bundle --platform=node --target=node18 --format=esm --outfile=hooks/session-extract.bundle.mjs --minify && esbuild src/session/snapshot.ts --bundle --platform=node --target=node18 --format=esm --outfile=hooks/session-snapshot.bundle.mjs --minify && esbuild src/session/db.ts --bundle --platform=node --target=node18 --format=esm --outfile=hooks/session-db.bundle.mjs --external:better-sqlite3 --minify",
@@ -78,4 +78,4 @@ "version-sync": "node scripts/version-sync.mjs",
     "test:ecosystem": "npx tsx tests/ecosystem-benchmark.ts",
-    "install:openclaw": "bash scripts/install-openclaw-plugin.sh",
-    "postinstall": "[ -n \"$OPENCLAW_STATE_DIR\" ] && printf '\\n  OpenClaw detected. Run: npm run install:openclaw\\n\\n' || true"
+    "install:openclaw": "node -e \"if(process.platform==='win32'){console.error('OpenClaw install requires bash (Git Bash or WSL)');process.exit(1)}else{require('child_process').execSync('bash scripts/install-openclaw-plugin.sh',{stdio:'inherit'})}\"",
+    "postinstall": "node -e \"process.env.OPENCLAW_STATE_DIR && console.log('\\n  OpenClaw detected. Run: npm run install:openclaw\\n')\""
   },
@@ -82,0 +82,0 @@ "dependencies": {

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed or built. Malicious packages often use scripts that run automatically to execute payloads or fetch additional code.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 26 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

AI-detected potential malware

Supply chain risk

AI has identified this package as malware. This is a strong signal that the package may be malicious.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed or built. Malicious packages often use scripts that run automatically to execute payloads or fetch additional code.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 26 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Number of high supply chain risk alerts

1

-50%

Number of low supply chain risk alerts

397

-38.45%

Number of medium supply chain risk alerts

50

-21.87%

Worsened metrics

Total package byte prevSize

1828874

-33.84%

Lines of code

21564

-14.86%

Number of low quality alerts

5

66.67%

No dependency changes