All command-code versions

[email protected] rejected Risk: 100 UNLICENSED

command-code @0.18.8

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Tarball
100
Risk Score
UNLICENSED
License
No
Install Scripts
44
Dependencies
14
Dev Dependencies
345.8 KB
Package Size
Published

Command Code, coding agent that continuously learns your coding taste

Maintainers

asharirfansaqibameenahmadawaisahmadbilaldev

Keywords

commandcommand codelangbasecoding agentai

Dependencies (44)

PackageConstraintRegistry Status
ink 6.6.0 auto_approved
ora ^8.2.0 auto_approved
zod ^4.0.17 auto_approved
diff ^8.0.2 auto_approved
glob ^13.0.5 auto_approved
open ^10.2.0 auto_approved
uuid ^11.1.0 auto_approved
chalk ^5.5.0 auto_approved
giget ^3.1.2 auto_approved
react ^19.1.1 auto_approved
sharp ^0.34.3 No greenflagged match
dedent ^1.6.0 auto_approved
dotenv ^17.2.1 auto_approved
ignore ^7.0.5 auto_approved
marked ^15.0.12 auto_approved
semver ^7.7.2 auto_approved
figures ^6.1.0 auto_approved
commander ^14.0.0 auto_approved
minimatch ^10.0.3 auto_approved
picocolors ^1.1.1 auto_approved
strip-ansi ^7.1.0 auto_approved
gray-matter ^4.0.3 auto_approved
ink-spinner ^5.0.0 auto_approved
log-symbols ^7.0.1 auto_approved
open-editor ^5.1.0 auto_approved
shell-quote ^1.8.3 auto_approved
ink-gradient ^4.0.0 auto_approved
terminal-link ^5.0.0 auto_approved
@clack/prompts ^1.0.1 auto_approved
fast-wrap-ansi ^0.2.0 auto_approved
ink-text-input ^6.0.0 auto_approved
marked-terminal ^7.3.0 auto_approved
ink-select-input ^6.2.0 auto_approved
@anthropic-ai/sdk ^0.60.0 auto_approved
@opentelemetry/api ^1.9.0 auto_approved
strip-json-comments ^5.0.3 auto_approved
@crosscopy/clipboard ^0.2.8 No greenflagged match
is-unicode-supported ^2.1.0 auto_approved
@sindresorhus/slugify ^2.2.1 auto_approved
@opentelemetry/sdk-node ^0.200.0 auto_approved
@opentelemetry/resources ^2.0.0 auto_approved
@opentelemetry/sdk-trace-node ^2.0.0 auto_approved
@opentelemetry/semantic-conventions ^1.30.0 auto_approved
@opentelemetry/exporter-trace-otlp-http ^0.200.0 auto_approved

Dev Dependencies (14)

PackageConstraintRegistry Status
pkg ^5.8.1 No greenflagged match
tsup ^8.5.0 auto_approved
execa ^9.6.1 auto_approved
terser ^5.43.1 auto_approved
vitest ^3.2.4 No greenflagged match
@types/node ^24.2.0 auto_approved
@types/uuid ^10.0.0 auto_approved
@types/react ^19.0.3 auto_approved
@types/semver ^7.7.1 auto_approved
@types/shell-quote ^1.7.5 auto_approved
ink-testing-library ^4.0.0 auto_approved
javascript-obfuscator ^4.1.1 auto_approved
@types/marked-terminal ^6.1.1 auto_approved
vitest-ansi-serializer ^0.1.2 No greenflagged match

Transitive Dependency Tree

204 transitive deps max depth 10
  ├─ @anthropic-ai/sdk ^0.60.0 → 0.60.0
  ├─ @clack/prompts ^1.0.1 → 1.3.0
  ├─ @crosscopy/clipboard ^0.2.8
  ├─ @opentelemetry/api ^1.9.0 → 1.9.1
  ├─ @opentelemetry/exporter-trace-otlp-http ^0.200.0 → 0.200.0
  ├─ @opentelemetry/resources ^2.0.0 → 2.7.1
  ├─ @opentelemetry/sdk-node ^0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-trace-node ^2.0.0 → 2.7.1
  ├─ @opentelemetry/semantic-conventions ^1.30.0 → 1.40.0
  ├─ @sindresorhus/slugify ^2.2.1 → 2.2.1
  ├─ chalk ^5.5.0 → 5.6.2
  ├─ commander ^14.0.0 → 14.0.3
  ├─ dedent ^1.6.0 → 1.7.2
  ├─ diff ^8.0.2 → 8.0.4
  ├─ dotenv ^17.2.1 → 17.4.2
  ├─ fast-wrap-ansi ^0.2.0 → 0.2.2
  ├─ figures ^6.1.0 → 6.1.0
  ├─ giget ^3.1.2 → 3.2.0
  ├─ glob ^13.0.5 → 13.0.6
  ├─ gray-matter ^4.0.3 → 4.0.3
  ├─ ignore ^7.0.5 → 7.0.5
  ├─ ink 6.6.0 → 6.6.0
  ├─ ink-gradient ^4.0.0 → 4.0.1
  ├─ ink-select-input ^6.2.0 → 6.2.0
  ├─ ink-spinner ^5.0.0 → 5.0.0
  ├─ ink-text-input ^6.0.0 → 6.0.0
  ├─ is-unicode-supported ^2.1.0 → 2.1.0
  ├─ log-symbols ^7.0.1 → 7.0.1
  ├─ marked ^15.0.12 → 15.0.12
  ├─ marked-terminal ^7.3.0 → 7.3.0
  ├─ minimatch ^10.0.3 → 10.2.5
  ├─ open ^10.2.0 → 10.2.0
  ├─ open-editor ^5.1.0 → 5.1.0
  ├─ ora ^8.2.0 → 8.2.0
  ├─ picocolors ^1.1.1 → 1.1.1
  ├─ react ^19.1.1 → 19.2.6
  ├─ semver ^7.7.2 → 7.8.1
  ├─ sharp ^0.34.3
  ├─ shell-quote ^1.8.3 → 1.8.4
  ├─ strip-ansi ^7.1.0 → 7.2.0
  ├─ strip-json-comments ^5.0.3 → 5.0.3
  ├─ terminal-link ^5.0.0 → 5.0.0
  ├─ uuid ^11.1.0 → 11.1.0
├─ zod ^4.0.17 → 4.4.1
  ├─ @alcalzone/ansi-tokenize ^0.2.1 → 0.2.5
  ├─ @clack/core 1.3.0 → 1.3.0
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/context-async-hooks 2.7.1 → 2.7.1
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/core 2.7.1 → 2.7.1
  ├─ @opentelemetry/exporter-logs-otlp-grpc 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-logs-otlp-http 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-logs-otlp-proto 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-metrics-otlp-grpc 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-metrics-otlp-http 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-metrics-otlp-proto 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-prometheus 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-trace-otlp-grpc 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-trace-otlp-http 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-trace-otlp-proto 0.200.0 → 0.200.0
  ├─ @opentelemetry/exporter-zipkin 2.0.0 → 2.0.0
  ├─ @opentelemetry/instrumentation 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-exporter-base 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-transformer 0.200.0 → 0.200.0
  ├─ @opentelemetry/propagator-b3 2.0.0 → 2.0.0
  ├─ @opentelemetry/propagator-jaeger 2.0.0 → 2.0.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-metrics 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.7.1 → 2.7.1
  ├─ @opentelemetry/sdk-trace-node 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @sindresorhus/transliterate ^1.0.0 → 1.6.0
  ├─ @types/gradient-string ^1.1.6 → 1.1.6
  ├─ ansi-escapes ^7.2.0 → 7.2.0
  ├─ ansi-escapes ^7.0.0 → 7.2.0
  ├─ ansi-regex ^6.1.0 → 6.2.2
  ├─ ansi-regex ^6.2.2 → 6.2.2
  ├─ ansi-styles ^6.2.1 → 6.2.3
  ├─ auto-bind ^5.0.1 → 5.0.1
  ├─ brace-expansion ^5.0.5 → 5.0.6
  ├─ chalk ^5.6.0 → 5.6.2
  ├─ chalk ^5.4.1 → 5.6.2
  ├─ chalk ^5.3.0 → 5.6.2
  ├─ cli-boxes ^3.0.0 → 3.0.0
  ├─ cli-cursor ^5.0.0 → 5.0.0
  ├─ cli-cursor ^4.0.0
  ├─ cli-highlight ^2.1.11 → 2.1.11
  ├─ cli-spinners ^2.9.2 → 2.9.2
  ├─ cli-spinners ^2.7.0 → 2.9.2
  ├─ cli-table3 ^0.6.5 → 0.6.5
  ├─ cli-truncate ^5.1.1 → 5.2.0
  ├─ code-excerpt ^4.0.0 → 4.0.0
  ├─ default-browser ^5.2.1 → 5.5.0
  ├─ define-lazy-prop ^3.0.0 → 3.0.0
  ├─ env-editor ^1.1.0 → 1.3.0
  ├─ es-toolkit ^1.39.10 → 1.47.0
  ├─ escape-string-regexp ^5.0.0 → 5.0.0
  ├─ execa ^9.3.0 → 9.6.1
  ├─ fast-string-width ^3.0.2
  ├─ fast-wrap-ansi ^0.2.0 → 0.2.2
  ├─ figures ^6.1.0 → 6.1.0
  ├─ gradient-string ^3.0.0 → 3.0.0
  ├─ indent-string ^5.0.0 → 5.0.0
  ├─ is-in-ci ^2.0.0 → 2.0.0
  ├─ is-inside-container ^1.0.0 → 1.0.0
  ├─ is-interactive ^2.0.0 → 2.0.0
  ├─ is-unicode-supported ^2.0.0 → 2.1.0
  ├─ js-yaml ^3.13.1 → 3.14.2
  ├─ kind-of ^6.0.2 → 6.0.3
  ├─ line-column-path ^3.0.0 → 3.0.0
  ├─ log-symbols ^6.0.0 → 6.0.0
  ├─ minimatch ^10.2.2 → 10.2.5
  ├─ minipass ^7.1.3 → 7.1.3
  ├─ node-emoji ^2.2.0 → 2.2.0
  ├─ open ^10.1.0 → 10.2.0
  ├─ patch-console ^2.0.0 → 2.0.0
  ├─ path-scurry ^2.0.2 → 2.0.2
  ├─ react-reconciler ^0.33.0 → 0.33.0
  ├─ section-matter ^1.0.0 → 1.0.0
  ├─ signal-exit ^3.0.7 → 3.0.7
  ├─ sisteransi ^1.0.5 → 1.0.5
  ├─ slice-ansi ^7.1.0 → 7.1.2
  ├─ stack-utils ^2.0.6 → 2.0.6
  ├─ stdin-discarder ^0.2.2 → 0.2.2
  ├─ string-width ^8.1.0 → 8.2.1
  ├─ string-width ^7.2.0 → 7.2.0
  ├─ strip-ansi ^7.1.2 → 7.2.0
  ├─ strip-ansi ^7.1.0 → 7.2.0
  ├─ strip-bom-string ^1.0.0
  ├─ supports-hyperlinks ^3.1.0 → 3.2.0
  ├─ supports-hyperlinks ^4.1.0 → 4.4.0
  ├─ type-fest ^4.27.0 → 4.41.0
  ├─ type-fest ^4.18.2 → 4.41.0
  ├─ widest-line ^5.0.0
  ├─ wrap-ansi ^9.0.0 → 9.0.2
  ├─ ws ^8.18.0 → 8.21.0
  ├─ wsl-utils ^0.1.0
  ├─ yoctocolors ^2.1.1 → 2.1.2
├─ yoga-layout ~3.2.1 → 3.2.1
  ├─ @grpc/grpc-js ^1.7.1 → 1.14.4
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/context-async-hooks 2.0.0 → 2.0.0
  ├─ @opentelemetry/core 2.7.1 → 2.7.1
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/exporter-metrics-otlp-http 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-exporter-base 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-grpc-exporter-base 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-transformer 0.200.0 → 0.200.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/resources 2.7.1 → 2.7.1
  ├─ @opentelemetry/sdk-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-metrics 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @sindresorhus/is ^4.6.0
  ├─ @sindresorhus/merge-streams ^4.0.0 → 4.0.0
  ├─ @types/shimmer ^1.2.0 → 1.2.0
  ├─ @types/tinycolor2 * → 1.4.6
  ├─ ansi-regex ^6.2.2 → 6.2.2
  ├─ ansi-styles ^6.2.1 → 6.2.3
  ├─ argparse ^1.0.7 → 1.0.10
  ├─ balanced-match ^4.0.2 → 4.0.4
  ├─ brace-expansion ^5.0.5 → 5.0.6
  ├─ bundle-name ^4.1.0 → 4.1.0
  ├─ chalk ^4.0.0 → 4.1.2
  ├─ chalk ^5.3.0 → 5.6.2
  ├─ char-regex ^1.0.2 → 1.0.2
  ├─ convert-to-spaces ^2.0.1
  ├─ cross-spawn ^7.0.6 → 7.0.6
  ├─ default-browser ^5.2.1 → 5.5.0
  ├─ default-browser-id ^5.0.0 → 5.0.1
  ├─ define-lazy-prop ^3.0.0 → 3.0.0
  ├─ emoji-regex ^10.3.0
  ├─ emojilib ^2.4.0
  ├─ environment ^1.0.0 → 1.1.0
  ├─ escape-string-regexp ^5.0.0 → 5.0.0
  ├─ escape-string-regexp ^2.0.0 → 2.0.0
  ├─ esprima ^4.0.0 → 4.0.1
  ├─ extend-shallow ^2.0.1
  ├─ fast-string-width ^3.0.2
  ├─ fast-wrap-ansi ^0.2.0 → 0.2.2
  ├─ figures ^6.1.0 → 6.1.0
  ├─ get-east-asian-width ^1.0.0 → 1.5.0
  ├─ get-east-asian-width ^1.5.0 → 1.5.0
  ├─ get-stream ^9.0.0 → 9.0.1
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ has-flag ^5.0.1 → 5.0.1
  ├─ highlight.js ^10.7.1 → 10.7.3
  ├─ human-signals ^8.0.1 → 8.0.1
  ├─ import-in-the-middle ^1.8.1 → 1.15.0
  ├─ is-docker ^3.0.0 → 3.0.0
  ├─ is-fullwidth-code-point ^5.0.0 → 5.1.0
  ├─ is-inside-container ^1.0.0 → 1.0.0
  ├─ is-plain-obj ^4.1.0 → 4.1.0
  ├─ is-stream ^4.0.1 → 4.0.1
  ├─ is-unicode-supported ^1.3.0 → 1.3.0
  ├─ is-unicode-supported ^2.0.0 → 2.1.0
  ├─ kind-of ^6.0.0 → 6.0.3
  ├─ lru-cache ^11.0.0 → 11.5.1
  ├─ minipass ^7.1.2 → 7.1.3
  ├─ mz ^2.4.0 → 2.7.0
  ├─ npm-run-path ^6.0.0 → 6.0.0
  ├─ parse5 ^5.1.1 → 5.1.1
  ├─ parse5-htmlparser2-tree-adapter ^6.0.0 → 6.0.1
  ├─ pretty-ms ^9.2.0 → 9.3.0
  ├─ protobufjs ^7.3.0 → 7.6.1
  ├─ require-in-the-middle ^7.1.1
  ├─ restore-cursor ^5.0.0 → 5.1.0
  ├─ scheduler ^0.27.0 → 0.27.0
  ├─ shimmer ^1.2.1 → 1.2.1
  ├─ signal-exit ^4.1.0 → 4.1.0
  ├─ sisteransi ^1.0.5 → 1.0.5
  ├─ skin-tone ^2.0.0 → 2.0.0
  ├─ slice-ansi ^8.0.0 → 8.0.0
  ├─ string-width ^7.0.0 → 7.2.0
  ├─ string-width ^8.2.0 → 8.2.1
  ├─ string-width ^4.2.0 → 4.2.3
  ├─ strip-ansi ^7.1.2 → 7.2.0
  ├─ strip-ansi ^7.1.0 → 7.2.0
  ├─ strip-final-newline ^4.0.0 → 4.0.0
  ├─ supports-color ^10.2.2 → 10.2.2
  ├─ supports-color ^7.0.0 → 7.2.0
  ├─ tinygradient ^1.1.5 → 1.1.5
  ├─ type-fest ^2.0.0 → 2.19.0
  ├─ wsl-utils ^0.1.0
  ├─ yargs ^16.0.0 → 16.2.0
├─ yoctocolors ^2.1.1 → 2.1.2
  ├─ @grpc/grpc-js ^1.7.1 → 1.14.4
  ├─ @grpc/proto-loader ^0.8.0 → 0.8.1
  ├─ @js-sdsl/ordered-map ^4.4.2 → 4.4.2
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/core 2.7.1 → 2.7.1
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/otlp-exporter-base 0.200.0 → 0.200.0
  ├─ @opentelemetry/otlp-transformer 0.200.0 → 0.200.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-metrics 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @protobufjs/aspromise ^1.1.2 → 1.1.2
  ├─ @protobufjs/base64 ^1.1.2 → 1.1.2
  ├─ @protobufjs/codegen ^2.0.5 → 2.0.5
  ├─ @protobufjs/eventemitter ^1.1.1 → 1.1.1
  ├─ @protobufjs/fetch ^1.1.1 → 1.1.1
  ├─ @protobufjs/float ^1.0.2 → 1.0.2
  ├─ @protobufjs/inquire ^1.1.2 → 1.1.2
  ├─ @protobufjs/path ^1.1.2 → 1.1.2
  ├─ @protobufjs/pool ^1.1.0 → 1.1.0
  ├─ @protobufjs/utf8 ^1.1.1 → 1.1.1
  ├─ @sec-ant/readable-stream ^0.4.1
  ├─ @types/node >=13.7.0 → 25.9.1
  ├─ @types/tinycolor2 ^1.4.0 → 1.4.6
  ├─ acorn ^8.14.0 → 8.16.0
  ├─ acorn-import-attributes ^1.9.5 → 1.9.5
  ├─ ansi-regex ^6.2.2 → 6.2.2
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ ansi-styles ^6.2.3 → 6.2.3
  ├─ any-promise ^1.0.0 → 1.3.0
  ├─ balanced-match ^4.0.2 → 4.0.4
  ├─ bundle-name ^4.1.0 → 4.1.0
  ├─ cjs-module-lexer ^1.2.2 → 1.2.3
  ├─ cliui ^7.0.2 → 7.0.4
  ├─ default-browser-id ^5.0.0 → 5.0.1
  ├─ emoji-regex ^10.3.0
  ├─ emoji-regex ^8.0.0
  ├─ escalade ^3.1.1 → 3.2.0
  ├─ fast-string-width ^3.0.2
  ├─ get-caller-file ^2.0.5 → 2.0.5
  ├─ get-east-asian-width ^1.5.0 → 1.5.0
  ├─ get-east-asian-width ^1.0.0 → 1.5.0
  ├─ get-east-asian-width ^1.3.1 → 1.5.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ is-docker ^3.0.0 → 3.0.0
  ├─ is-fullwidth-code-point ^5.1.0 → 5.1.0
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ is-stream ^4.0.1 → 4.0.1
  ├─ is-unicode-supported ^2.0.0 → 2.1.0
  ├─ long ^5.3.2 → 5.3.2
  ├─ module-details-from-path ^1.0.3 → 1.0.4
  ├─ object-assign ^4.0.1 → 4.1.1
  ├─ onetime ^7.0.0
  ├─ parse-ms ^4.0.0 → 4.0.0
  ├─ parse5 ^6.0.1 → 6.0.1
  ├─ path-key ^4.0.0 → 4.0.0
  ├─ path-key ^3.1.0 → 3.1.1
  ├─ protobufjs ^7.3.0 → 7.6.1
  ├─ require-directory ^2.1.1 → 2.1.1
  ├─ run-applescript ^7.0.0
  ├─ shebang-command ^2.0.0 → 2.0.0
  ├─ signal-exit ^4.1.0 → 4.1.0
  ├─ sprintf-js ~1.0.2 → 1.0.3
  ├─ string-width ^4.2.0 → 4.2.3
  ├─ strip-ansi ^7.1.2 → 7.2.0
  ├─ strip-ansi ^7.1.0 → 7.2.0
  ├─ strip-ansi ^6.0.1 → 6.0.1
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ thenify-all ^1.0.0 → 1.6.0
  ├─ tinycolor2 ^1.0.0 → 1.6.0
  ├─ unicorn-magic ^0.3.0
  ├─ which ^2.0.1 → 2.0.2
  ├─ y18n ^5.0.5 → 5.0.8
├─ yargs-parser ^20.2.2 → 20.2.9
  ├─ @grpc/proto-loader ^0.8.0 → 0.8.1
  ├─ @js-sdsl/ordered-map ^4.4.2 → 4.4.2
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/otlp-transformer 0.200.0 → 0.200.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-metrics 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @protobufjs/aspromise ^1.1.2 → 1.1.2
  ├─ @protobufjs/aspromise ^1.1.1 → 1.1.2
  ├─ @protobufjs/base64 ^1.1.2 → 1.1.2
  ├─ @protobufjs/codegen ^2.0.5 → 2.0.5
  ├─ @protobufjs/eventemitter ^1.1.1 → 1.1.1
  ├─ @protobufjs/fetch ^1.1.1 → 1.1.1
  ├─ @protobufjs/float ^1.0.2 → 1.0.2
  ├─ @protobufjs/inquire ^1.1.2 → 1.1.2
  ├─ @protobufjs/path ^1.1.2 → 1.1.2
  ├─ @protobufjs/pool ^1.1.0 → 1.1.0
  ├─ @protobufjs/utf8 ^1.1.1 → 1.1.1
  ├─ @types/node >=13.7.0 → 25.9.1
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-regex ^6.2.2 → 6.2.2
  ├─ color-convert ^2.0.1
  ├─ emoji-regex ^8.0.0
  ├─ get-east-asian-width ^1.3.1 → 1.5.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ lodash.camelcase ^4.3.0 → 4.3.0
  ├─ long ^5.3.2 → 5.3.2
  ├─ long ^5.0.0 → 5.3.2
  ├─ protobufjs ^7.3.0 → 7.6.1
  ├─ protobufjs ^7.5.5 → 7.6.1
  ├─ run-applescript ^7.0.0
  ├─ shebang-regex ^3.0.0
  ├─ string-width ^4.2.0 → 4.2.3
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ strip-ansi ^6.0.1 → 6.0.1
  ├─ thenify >= 3.1.0 < 4
  ├─ undici-types >=7.24.0 <7.24.7 → 7.24.6
  ├─ wrap-ansi ^7.0.0 → 7.0.0
├─ yargs ^17.7.2 → 17.7.2
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/sdk-metrics 2.0.0 → 2.0.0
  ├─ @opentelemetry/sdk-trace-base 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @protobufjs/aspromise ^1.1.1 → 1.1.2
  ├─ @protobufjs/aspromise ^1.1.2 → 1.1.2
  ├─ @protobufjs/base64 ^1.1.2 → 1.1.2
  ├─ @protobufjs/codegen ^2.0.5 → 2.0.5
  ├─ @protobufjs/eventemitter ^1.1.1 → 1.1.1
  ├─ @protobufjs/fetch ^1.1.1 → 1.1.1
  ├─ @protobufjs/float ^1.0.2 → 1.0.2
  ├─ @protobufjs/inquire ^1.1.2 → 1.1.2
  ├─ @protobufjs/path ^1.1.2 → 1.1.2
  ├─ @protobufjs/pool ^1.1.0 → 1.1.0
  ├─ @protobufjs/utf8 ^1.1.1 → 1.1.1
  ├─ @types/node >=13.7.0 → 25.9.1
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.0.0 → 4.3.0
  ├─ cliui ^8.0.1 → 8.0.1
  ├─ emoji-regex ^8.0.0
  ├─ escalade ^3.1.1 → 3.2.0
  ├─ get-caller-file ^2.0.5 → 2.0.5
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ lodash.camelcase ^4.3.0 → 4.3.0
  ├─ long ^5.3.2 → 5.3.2
  ├─ long ^5.0.0 → 5.3.2
  ├─ protobufjs ^7.5.5 → 7.6.1
  ├─ protobufjs ^7.3.0 → 7.6.1
  ├─ require-directory ^2.1.1 → 2.1.1
  ├─ string-width ^4.2.3 → 4.2.3
  ├─ string-width ^4.1.0 → 4.2.3
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ strip-ansi ^6.0.1 → 6.0.1
  ├─ undici-types >=7.24.0 <7.24.7 → 7.24.6
  ├─ y18n ^5.0.5 → 5.0.8
  ├─ yargs ^17.7.2 → 17.7.2
├─ yargs-parser ^21.1.1 → 21.1.1
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/api-logs 0.200.0 → 0.200.0
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/resources 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @protobufjs/aspromise ^1.1.2 → 1.1.2
  ├─ @protobufjs/aspromise ^1.1.1 → 1.1.2
  ├─ @protobufjs/base64 ^1.1.2 → 1.1.2
  ├─ @protobufjs/codegen ^2.0.5 → 2.0.5
  ├─ @protobufjs/eventemitter ^1.1.1 → 1.1.1
  ├─ @protobufjs/fetch ^1.1.1 → 1.1.1
  ├─ @protobufjs/float ^1.0.2 → 1.0.2
  ├─ @protobufjs/inquire ^1.1.2 → 1.1.2
  ├─ @protobufjs/path ^1.1.2 → 1.1.2
  ├─ @protobufjs/pool ^1.1.0 → 1.1.0
  ├─ @protobufjs/utf8 ^1.1.1 → 1.1.1
  ├─ @types/node >=13.7.0 → 25.9.1
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ cliui ^8.0.1 → 8.0.1
  ├─ color-convert ^2.0.1
  ├─ emoji-regex ^8.0.0
  ├─ escalade ^3.1.1 → 3.2.0
  ├─ get-caller-file ^2.0.5 → 2.0.5
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ long ^5.3.2 → 5.3.2
  ├─ require-directory ^2.1.1 → 2.1.1
  ├─ string-width ^4.2.3 → 4.2.3
  ├─ string-width ^4.2.0 → 4.2.3
  ├─ strip-ansi ^6.0.1 → 6.0.1
  ├─ undici-types >=7.24.0 <7.24.7 → 7.24.6
  ├─ wrap-ansi ^7.0.0 → 7.0.0
  ├─ y18n ^5.0.5 → 5.0.8
├─ yargs-parser ^21.1.1 → 21.1.1
  ├─ @opentelemetry/api ^1.3.0 → 1.9.1
  ├─ @opentelemetry/core 2.0.0 → 2.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ @protobufjs/aspromise ^1.1.1 → 1.1.2
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.0.0 → 4.3.0
  ├─ emoji-regex ^8.0.0
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ string-width ^4.1.0 → 4.2.3
  ├─ string-width ^4.2.0 → 4.2.3
  ├─ strip-ansi ^6.0.1 → 6.0.1
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ undici-types >=7.24.0 <7.24.7 → 7.24.6
├─ wrap-ansi ^7.0.0 → 7.0.0
  ├─ @opentelemetry/semantic-conventions ^1.29.0 → 1.40.0
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.0.0 → 4.3.0
  ├─ color-convert ^2.0.1
  ├─ emoji-regex ^8.0.0
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ string-width ^4.1.0 → 4.2.3
  ├─ strip-ansi ^6.0.1 → 6.0.1
├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ color-convert ^2.0.1
  ├─ emoji-regex ^8.0.0
  ├─ is-fullwidth-code-point ^3.0.0
  ├─ strip-ansi ^6.0.1 → 6.0.1

Changes from v0.0.3

Dependency Changes

ChangePackageVersion
added ink 6.6.0
added ora ^8.2.0
added zod ^4.0.17
added diff ^8.0.2
added glob ^13.0.5
added open ^10.2.0
added uuid ^11.1.0
added chalk ^5.5.0
added giget ^3.1.2
added react ^19.1.1
added sharp ^0.34.3
added dedent ^1.6.0
added dotenv ^17.2.1
added ignore ^7.0.5
added marked ^15.0.12
added semver ^7.7.2
added figures ^6.1.0
added minimatch ^10.0.3
added picocolors ^1.1.1
added strip-ansi ^7.1.0
added gray-matter ^4.0.3
added ink-spinner ^5.0.0
added log-symbols ^7.0.1
added open-editor ^5.1.0
added shell-quote ^1.8.3
added ink-gradient ^4.0.0
added terminal-link ^5.0.0
added @clack/prompts ^1.0.1
added fast-wrap-ansi ^0.2.0
added ink-text-input ^6.0.0
added marked-terminal ^7.3.0
added ink-select-input ^6.2.0
added @anthropic-ai/sdk ^0.60.0
added @opentelemetry/api ^1.9.0
added strip-json-comments ^5.0.3
added @crosscopy/clipboard ^0.2.8
added is-unicode-supported ^2.1.0
added @sindresorhus/slugify ^2.2.1
added @opentelemetry/sdk-node ^0.200.0
added @opentelemetry/resources ^2.0.0
added @opentelemetry/sdk-trace-node ^2.0.0
added @opentelemetry/semantic-conventions ^1.30.0
added @opentelemetry/exporter-trace-otlp-http ^0.200.0

Script Changes

+ test+ test:all+ test:e2e+ benchmark+ link:local+ test:taste+ test:watch+ test:cleanup+ unlink:local+ test:coverage+ test:cleanup:dry+ test:integration+ test:taste:debug+ benchmark:compare+ test:non-interactive+ test:integration:debug+ test:integration:verbose+ test:non-interactive:watch+ test:non-interactive:verbose - prepublishOnly

File Changes

2 added 1 removed 2 modified size delta: +1165.6 KB

Risk Dispositions (0 applicable to this version, 3 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Show 3 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
publisher-changed provenance reject AI AI (provenance): New publisher has no track record and 1 prior rejection; takeover risk generalizes to future versions until original maintainer is confirmed.
obfuscated-file:dist/index.mjs source-diff reject AI AI (source-diff): Package explicitly uses javascript-obfuscator in publish pipeline; obfuscated 1.4MB bundle is intentional and unauditable.
bogus-package bogus-package reject AI AI (bogus-package): No repo/homepage and link-dump README are stable signals for this package version.

SAST Findings (1)

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 100 (capped from 139). Findings: 1 medium (+10), 43 low (+129), 1 info (+0).

Published to npm: