freebuff - npm Package Compare versions
+21
-0
@@ -376,2 +376,23 @@ #!/usr/bin/env node | ||
| // Move tree-sitter.wasm next to the binary if the tarball included | ||
| // it. The CLI binary loads this at startup; embedding it inside the | ||
| // binary itself was unreliable on Windows (bun --compile asset | ||
| // bundling silently dropped or unbound it across several attempts), | ||
| // so we ship it as a sibling file instead. Older artifacts that | ||
| // pre-date this change won't have the wasm and will still install — | ||
| // they'll just hit the same crash they had before, which is fine. | ||
| const tempWasmPath = path.join(CONFIG.tempDownloadDir, 'tree-sitter.wasm') | ||
| if (fs.existsSync(tempWasmPath)) { | ||
| const targetWasmPath = path.join( | ||
| path.dirname(CONFIG.binaryPath), | ||
| 'tree-sitter.wasm', | ||
| ) | ||
| try { | ||
| if (fs.existsSync(targetWasmPath)) fs.unlinkSync(targetWasmPath) | ||
| } catch { | ||
| // best effort; rename below will surface the real error if it matters | ||
| } | ||
| fs.renameSync(tempWasmPath, targetWasmPath) | ||
| } | ||
| fs.writeFileSync( | ||
@@ -378,0 +399,0 @@ CONFIG.metadataPath, |
+1
-1
| { | ||
| "name": "freebuff", | ||
| "version": "0.0.64", | ||
| "version": "0.0.74", | ||
| "description": "The world's strongest free coding agent", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
New alerts
AI-detected potential malware
Supply chain riskAI has identified this package as malware. This is a strong signal that the package may be malicious.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
24054
4.25%- Lines of code
680
3.03%Worsened metrics
- Number of high supply chain risk alerts
2
100%