Skip to content

v2.1.0

Choose a tag to compare

View all tags
@ianwieds ianwieds released this 02 Apr 23:14
· 6 commits to main since this release
v2.1.0
1d4e0e0

Integrate Socket CLI into install and outdated commands for supply chain
protection. All npm installs are wrapped with Socket to detect malicious
or compromised packages before installation.

  • Add socket.js lib for wrapping npm commands with Socket CLI
  • Add install command (npu i) with Socket protection and post-install audit
  • Outdated command backs up and restores package.json on failed installs
  • Add --ignore flag to exclude packages from outdated (e.g. --ignore mocha)
  • Trace and report which parent packages bring in flagged transitive deps
  • Suggest actionable commands (--ignore, --force, SOCKET_CLI_ACCEPT_RISKS)
  • Add --force flag to bypass Socket with SOCKET_CLI_ACCEPT_RISKS=1
  • Handle Ctrl+C gracefully instead of dumping stack traces
  • Remove .npmignore in favor of package.json files field
  • Add development section to README
  • Upgrade deps: node-powertools 3, npm-check-updates 20, mocha 11,
    prepare-package 2, @inquirer/prompts 8.3.2
Assets 2
Loading