diff --git a/CHANGELOG.md b/CHANGELOG.md index cddefbf9..267e198c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [7.9.2] - 2026-03-15 - "npm CLI Packaging Fix" + +> **Patch release to fix the published npm CLI bundle so `npx antigravity-awesome-skills` resolves its runtime helper modules correctly** + +This release fixes a packaging regression in the published npm artifact. Version `7.9.1` shipped `tools/bin/install.js` without the required `tools/lib` runtime helpers, causing `npx antigravity-awesome-skills` to fail with `MODULE_NOT_FOUND` for `../lib/symlink-safety`. + +## New Skills + +- **None in this release** — `7.9.2` is a focused patch release for the npm installer bundle. + +## Improvements + +- **npm package contents**: Expanded the published `files` whitelist to ship `tools/lib/*` alongside `tools/bin/*`, restoring the runtime dependency required by the installer entrypoint. +- **Regression coverage**: Added a package-contents test that checks `npm pack --dry-run --json` and asserts the published tarball includes both `tools/bin/install.js` and `tools/lib/symlink-safety.js`. +- **CLI verification**: Verified the extracted packaged entrypoint runs successfully with `--help`, confirming the published layout no longer reproduces the missing-module crash reported in issue `#315`. + +## Credits + +- **Issue #315 reporter** for isolating the npm packaging regression in the published CLI artifact. + ## [7.9.1] - 2026-03-15 - "Security Hardening Follow-up" > **Follow-up release to 7.9.0: same security batch, additional hardening focused on mutating endpoints, markdown rendering, and doc-risk enforcement** diff --git a/package.json b/package.json index 1a3988dc..6e457cd3 100644 --- a/package.json +++ b/package.json @@ -42,7 +42,8 @@ "antigravity-awesome-skills": "tools/bin/install.js" }, "files": [ - "tools/bin" + "tools/bin", + "tools/lib" ], "keywords": [ "claude-code", diff --git a/tools/scripts/tests/npm_package_contents.test.js b/tools/scripts/tests/npm_package_contents.test.js new file mode 100644 index 00000000..bc4ba334 --- /dev/null +++ b/tools/scripts/tests/npm_package_contents.test.js @@ -0,0 +1,34 @@ +const assert = require("assert"); +const { spawnSync } = require("child_process"); +const path = require("path"); + +const repoRoot = path.resolve(__dirname, "..", "..", ".."); +const npmCommand = process.platform === "win32" ? "npm.cmd" : "npm"; + +function runNpmPackDryRunJson() { + const result = spawnSync(npmCommand, ["pack", "--dry-run", "--json"], { + cwd: repoRoot, + encoding: "utf8", + }); + + if (result.error) { + throw result.error; + } + + if (typeof result.status !== "number" || result.status !== 0) { + throw new Error(result.stderr.trim() || "npm pack --dry-run --json failed"); + } + + return JSON.parse(result.stdout); +} + +const packOutput = runNpmPackDryRunJson(); +assert.ok(Array.isArray(packOutput) && packOutput.length > 0, "npm pack should return package metadata"); + +const packagedFiles = new Set(packOutput[0].files.map((file) => file.path)); + +assert.ok(packagedFiles.has("tools/bin/install.js"), "published package must include tools/bin/install.js"); +assert.ok( + packagedFiles.has("tools/lib/symlink-safety.js"), + "published package must include tools/lib/symlink-safety.js", +); diff --git a/tools/scripts/tests/run-test-suite.js b/tools/scripts/tests/run-test-suite.js index 1e7f5b9b..ce3ca56c 100644 --- a/tools/scripts/tests/run-test-suite.js +++ b/tools/scripts/tests/run-test-suite.js @@ -9,6 +9,7 @@ const TOOL_SCRIPTS = path.join("tools", "scripts"); const TOOL_TESTS = path.join(TOOL_SCRIPTS, "tests"); const LOCAL_TEST_COMMANDS = [ [path.join(TOOL_TESTS, "jetski_gemini_loader.test.js")], + [path.join(TOOL_TESTS, "npm_package_contents.test.js")], [path.join(TOOL_TESTS, "validate_skills_headings.test.js")], [path.join(TOOL_TESTS, "workflow_contracts.test.js")], [path.join(TOOL_TESTS, "docs_security_content.test.js")],