What's in this release
🔒 Security
- Upgraded
@anthropic-ai/sdkto ≥0.91.1 to clear GHSA-p7fg-763f-g4gf (CWE-732, insecure default file permissions in the local-filesystem memory tool). - Patched transitive
esbuildvulns: GHSA-gv7w-rqvm-qjhr (NPM_CONFIG_REGISTRY RCE) + GHSA-g7r4-m6w7-qqqr (arbitrary file read on Windows dev server). npm auditnow reports 0 vulnerabilities.
📦 Install
- Added
prepare: tscsonpm install github:alex-jb/council-diff#v0.4.2auto-buildsdist/. Lets downstream TypeScript projects pull this from GitHub directly until the next npm publish.
🌐 Distribution
- council-diff is now distributed across 71 AI agent platforms via skills.sh:
npx skills add alex-jb/council-diffinstalls SKILL.md + types + source to Amp / Antigravity / Claude Code / Cline / Codex / Cursor / Gemini CLI / GitHub Copilot / Kimi Code CLI / Warp / Zed +60 more.
🧪 Verified by
- Local
npm audit: 0 vulns - Local
npm run build: passes - Local
npm test: 1/1 passing - skills.sh install: SKILL.md + dist/ + sources fully unpacked
- Downstream consumer build: Council-for-Slack v0.4.2 GitHub install → Next.js production build green
Upgrade
# npm (when v0.4.2 publishes — currently still serving v0.4.0)
npm install council-diff@0.4.2
# GitHub tag (works immediately, audit-clean)
npm install github:alex-jb/council-diff#v0.4.2
# skills.sh universal install (71 agent platforms)
npx skills add alex-jb/council-diff🤖 Generated with Claude Code