4 Commits

  • fix: reject flags passed as package manager names in setup-package-manager CLI
    When --global or --project was followed by another flag (e.g., --global --project),
    the flag was treated as a package manager name. Added pmName.startsWith('-') check
    to both handlers. Added 20 tests across 4 test files covering argument validation,
    ensureDir error propagation, runCommand stderr handling, and saveAliases failure paths.
  • fix: resolve ESLint errors and update tests for project-name fallback
    - Fix 16 ESLint no-unused-vars errors across hook scripts and tests
    - Add eslint-disable comment for intentional control-regex in ANSI stripper
    - Update session file test to use getSessionIdShort() instead of hardcoded 'default'
      (reflects PR #110's project-name fallback behavior)
    - Add marketing/ to .gitignore (local drafts)
    - Add skill-create-output.js (terminal output formatter)
    
    All 69 tests now pass. CI should be green.
  • fix: security and documentation fixes
    - fix(utils.js): prevent command injection in commandExists() by using
      spawnSync instead of execSync with string interpolation, and validate
      input to only allow alphanumeric chars, dash, underscore, dot (#42)
    
    - fix(utils.js): add security documentation to runCommand() warning
      against passing user-controlled input
    
    - fix(setup-package-manager.js): replace <script> and <binary> with
      [script-name] and [binary-name] to avoid XSS scanner false positives (#43)
    
    - fix(doc-updater.md): replace invalid 'npx ts-morph' with correct
      'npx tsx scripts/codemaps/generate.ts' since ts-morph is a library,
      not a CLI tool (#51)
    
    Fixes #42, #43, #51
  • feat: cross-platform support with Node.js scripts
    - Rewrite all bash hooks to Node.js for Windows/macOS/Linux compatibility
    - Add package manager auto-detection (npm, pnpm, yarn, bun)
    - Add scripts/lib/ with cross-platform utilities
    - Add /setup-pm command for package manager configuration
    - Add comprehensive test suite (62 tests)
    
    Co-authored-by: zerx-lab