Commit Graph

2 Commits

  • fix: security and documentation fixes
    - fix(utils.js): prevent command injection in commandExists() by using
      spawnSync instead of execSync with string interpolation, and validate
      input to only allow alphanumeric chars, dash, underscore, dot (#42)
    
    - fix(utils.js): add security documentation to runCommand() warning
      against passing user-controlled input
    
    - fix(setup-package-manager.js): replace <script> and <binary> with
      [script-name] and [binary-name] to avoid XSS scanner false positives (#43)
    
    - fix(doc-updater.md): replace invalid 'npx ts-morph' with correct
      'npx tsx scripts/codemaps/generate.ts' since ts-morph is a library,
      not a CLI tool (#51)
    
    Fixes #42, #43, #51
  • feat: cross-platform support with Node.js scripts
    - Rewrite all bash hooks to Node.js for Windows/macOS/Linux compatibility
    - Add package manager auto-detection (npm, pnpm, yarn, bun)
    - Add scripts/lib/ with cross-platform utilities
    - Add /setup-pm command for package manager configuration
    - Add comprehensive test suite (62 tests)
    
    Co-authored-by: zerx-lab