Add repository field to package.json for npm provenance

[netanelgilad]

Adds the repository field to package.json to fix npm publish with provenance verification.

Changes

• Added repository.type and repository.url fields pointing to https://github.com/base44/cli

Why

npm's sigstore provenance verification requires the repository.url in package.json to match the GitHub repository from which the package is being published.

[claude]

Pull Request Review

Summary

This PR updates the CLI description by appending "2" to the description string. Based on the title "Test preview publish", this appears to be a test change to verify the publishing/preview workflow.

Code Quality & Best Practices

• ✅ The change is syntactically correct
• ⚠️ Issue: The change appears to be a test modification that should not be merged to main
  • The description change from 'Base44 CLI' to 'Base44 CLI 2' doesn't reflect an actual product/version change
  • This type of test content could confuse users about the actual CLI version

Inconsistencies Detected

• ⚠️ package.json mismatch: The package.json description still reads "Base44 CLI - Unified interface for managing Base44 applications" (without the "2")
  • At src/cli/index.ts:13, the description is 'Base44 CLI 2 - ...'
  • At package.json:4, the description is 'Base44 CLI - ...'
  • These should be consistent if this is an intentional change

Potential Issues

1. Purpose unclear: If this is truly a test PR, it should:

   • Be clearly labeled as "[TEST]" or "[DO NOT MERGE]"
   • Target a test branch, not main
   • Be closed without merging after verification

2. Semantic meaning: If "2" represents a version:

   • Consider using semantic versioning in package.json instead
   • The CLI already has .version(getPackageVersion()) that reads from package.json
   • Adding version info to the description is redundant

Performance Considerations

✅ No performance impact - this is a string literal change only.

Security Concerns

✅ No security concerns identified.

Test Coverage

⚠️ Missing tests: The repository has no test files (no *.test.ts or *.spec.ts files found). Consider:

• Adding unit tests for CLI commands
• Integration tests for the overall CLI behavior
• Tests to verify version/description output

Recommendation

If this is a test PR: Close without merging after verifying the preview/publish workflow works correctly.

If this is an intentional change:

1. Clarify the purpose - what does "2" signify?
2. Update package.json description to match
3. Consider whether this information belongs in the description or should be handled through versioning

Please clarify the intent of this PR so I can provide more specific guidance.

[github-actions]

🚀 Package Preview Available!

---

Install this PR's preview build with npm:

npm i @base44-preview/cli@0.0.1-pr.4.36be66e

Prefer not to change any import paths? Install using npm alias so your code still imports base44:

npm i "base44@npm:@base44-preview/cli@0.0.1-pr.4.36be66e"

Or add it to your package.json dependencies:

{
  "dependencies": {
    "base44": "npm:@base44-preview/cli@0.0.1-pr.4.36be66e"
  }
}

• 📦 Preview Package: @base44-preview/cli@0.0.1-pr.4.36be66e
• 🔗 View this commit on GitHub

---

_{Preview published to npm registry — try new features instantly!}

[claude]

Pull Request Review

Summary

This PR adds repository metadata to package.json and modifies the CLI description. The changes appear to be testing the preview publish workflow.

---

Code Quality & Best Practices

✅ Positive:

• The repository field addition in package.json is correct and follows npm package.json standards
• Proper formatting and structure maintained

⚠️ Concerns:

• The description change in src/cli/index.ts:13 appears to be a test modification (adding "2" to "Base44 CLI")
• This creates an inconsistency: package.json:4 still has the original description "Base44 CLI - Unified interface for managing Base44 applications", but the CLI now displays "Base44 CLI 2"

Recommendation:
If this change is intentional, the package.json description should be updated to match. If this is just for testing the preview publish, this modification should be reverted before merging.

---

Potential Bugs or Issues

Minor Inconsistency:

• The CLI description and package.json description are now out of sync
• Users might see different descriptions depending on where they look (npm registry vs. running base44 --help)

---

Security Concerns

✅ No security issues identified

• Repository URL addition is benign and expected
• No credentials, secrets, or vulnerable dependencies introduced

---

Test Coverage

⚠️ Testing Observations:

• No tests currently exist in the repository (no *.test.ts or *.spec.ts files found)
• These changes are low-risk and don't require immediate test coverage
• However, consider adding tests for the CLI in the future, especially for:
  • Version display functionality
  • Command registration
  • Help text output

---

Performance Considerations

✅ No performance impact

• Changes are purely metadata/configuration
• No runtime performance implications

---

Recommendation

If this is for testing preview publish: Revert the description change in src/cli/index.ts before merging to production, keeping only the repository field addition.

If the description change is intentional: Update package.json:4 to match:

"description": "Base44 CLI 2 - Unified interface for managing Base44 applications",

The repository field addition is good and should be kept regardless.

[claude]

Pull Request Review

Overview

This PR adds the repository field to package.json to enable npm provenance verification. The change is straightforward and addresses a specific npm publishing requirement.

✅ Code Quality & Best Practices

• Clean implementation: The changes follow the standard npm package.json schema correctly
• Proper placement: The repository field is placed logically after the license field, maintaining good organization
• Minimal scope: The PR does exactly what it needs to without unnecessary changes

🔍 Potential Issues & Suggestions

1. Repository URL Format

The current URL format is missing the .git extension and protocol prefix. While npm accepts both formats, the more complete format is recommended:

Current:

"url": "https://github.com/base44/cli"

Recommended:

"url": "git+https://github.com/base44/cli.git"

This follows the npm package.json specification more precisely and ensures better compatibility with various tools.

2. Additional Repository Metadata (Optional)

Consider adding the directory field if this package is part of a monorepo (doesn't appear to be the case here, so this is just FYI for future reference).

🔒 Security Considerations

• ✅ No security concerns - this is purely metadata
• ✅ The repository URL correctly points to the intended GitHub repository
• ✅ Provenance verification will improve supply chain security for consumers of this package

🚀 Performance Considerations

• ✅ No performance impact - this is package metadata only

🧪 Test Coverage

• ℹ️ No tests are needed for this change as it's purely declarative metadata
• ℹ️ The real test will be whether npm publish with provenance succeeds in the CI/CD pipeline
• 💡 Recommendation: After merging, verify that the provenance publishing works as expected

📝 Summary

Verdict: ✅ Approve with minor suggestion

This is a necessary and well-executed change. The only improvement would be to use the more complete URL format (git+https://.../.git), but the current format should work fine for provenance verification.

Action items before merge (optional):

• Consider updating the URL to git+https://github.com/base44/cli.git
• Verify provenance publishing works in a test publish or after merge

Great work addressing the npm provenance requirement! 🎉