npm packages

[salim-b]

First of all: Thanks a million for your awesome work!

Now I've noticed that there are two different npm packages in the npm repository:

1. @hackmd/codimd-cli
2. codimd-cli

The first one clearly seems to be maintained by HackMD team members. The second one is authored by Dylan Bourdere Andreou. I can't tell how this person is related to the HackMD/CodiMD project and if he's trustworthy. Since there have been various cases of hijacked/faked npm packages in the past and npm has quite a questionable security track record, I thought it would be best to ask you guys.

Can you shed some light into this? Do you know why there are two npm packages for the same codimd-cli tool? And if so, do you know what's the difference between the two packages?

_{I've tried to quickly inspect the differences in the tarballs of the two packages (1, 2) using tardiff, but as it seems, tardiff's --modified flag doesn't really work as supposed...}

[Yukaii]

Hi @salim-b , @hackmd/codimd-cli is our old npm package and should be deprecated. You should use @hackmd/hackmd-cli instead, which is now compatible for both CodiMD and HackMD / enterprise instances. Thanks for reminding this, we'll update the README of @hackmd/codimd-cli soon.

The second package codimd-cli is not published and maintained by us. You can simply ignore it.

[salim-b]

@hackmd/codimd-cli is our old npm package and should be deprecated. You should use @hackmd/hackmd-cli instead, which is now compatible for both CodiMD and HackMD / enterprise instances.

Thanks @Yukaii for explaining this to me! So, is the official name of the CLI now hackmd-cli? And will it stay that way?

The second package codimd-cli is not published and maintained by us. You can simply ignore it.

Ok. I'd suggest to reach out to the author of this package and ideally convince him to retire it to avoid further confusion for your user base. :)

[Yukaii]

So, is the official name of the CLI now hackmd-cli? And will it stay that way?

Yes!

[DylanBourdere]

Ok. I'd suggest to reach out to the author of this package and ideally convince him to retire it to avoid further confusion for your user base. :)

Hi,
Found out alone 3 years later, but I deleted the package on npm.
Didnt remember why i pushed it to NPM in the first place ...
Apologies if that caused any issue or mislead to your users.