Major Update to v3.0.0 by equiman · Pull Request #110 · deinsoftware/swpm

equiman · 2026-04-26T00:56:37Z

Major Update to v3.0.0

📝 Summary

This PR marks the transition to v3.0.0. The primary focus is upgrading the core CLI engine, modernizing the development environment, and aligning the project with Node.js LTS standards.

⚠️ Breaking Changes

Minimum Node.js version: Now requires Node.js >= 20. Support for older versions has been dropped to utilize modern features and maintain compatibility with the latest dependency updates.

🚀 Key Changes

Engine & Versioning: * Bumped version to v3.0.0.
- Updated yargs to v18.0.0.
Tooling & Environment:
- Updated Volta configuration to Node 24.15.0.
- Updated TypeScript to v6.0.3.
- Updated ESLint to v10.2.1 with the new flat config system.
Dependency Refresh:
- Updated chalk (v5.6.2), find-up (v8.0.0), open (v11.0.0), and semver (v7.7.4).
- Integrated security patches identified by Snyk.
Documentation: * Updated DEVELOPER.md with the new Node 20+ requirement and a streamlined local testing workflow.
- Updated CHANGELOG.md with the v3.0.0 milestone.

🛠️ How to Test

Uninstall the current global version: npm uninstall -g swpm
Sync dependencies: npm ci
Build the project: npm run build
Link locally: cd bin && npm link
Verify version: swpm --version (should return 3.0.0)
Run tests: npm run test

📦 Deployment

This version is ready to be published to npm. Due to the breaking change in Node.js requirements, it is recommended to monitor the initial release via the latest tag or a temporary beta tag.

Co-authored-by: Copilot <copilot@github.com>

…guments

Co-authored-by: Copilot <copilot@github.com>

….json

…lock.json

…-exists'

…th handling in openBrowser function Co-authored-by: Copilot <copilot@github.com>

socket-security · 2026-04-26T00:57:04Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
typescript-eslint@8.60.1
@types/semver@7.5.6 ⏵ 7.7.1			⁺¹
@types/yargs@17.0.32 ⏵ 17.0.35	⁺¹		⁺¹
vitest@1.1.0 ⏵ 4.1.8	⁺²	⁺⁷⁵	⁺¹
@vitest/coverage-v8@1.1.0 ⏵ 4.1.8	⁺¹		⁺¹¹
update-notifier@7.0.0 ⏵ 7.3.1	⁺¹
find-up@7.0.0 ⏵ 8.0.0	⁺¹		⁺¹
@types/node@20.10.5 ⏵ 25.9.2
open@10.0.1 ⏵ 11.0.0	⁺¹		⁺¹
yargs@17.7.2 ⏵ 18.0.0	⁺¹		⁺¹
chalk@4.1.2 ⏵ 5.6.2	⁺¹		⁺¹
@eslint/eslintrc@2.1.4 ⏵ 3.3.5	⁺¹
globals@13.24.0 ⏵ 17.6.0			⁺¹
@eslint/js@8.56.0 ⏵ 10.0.1			⁺¹⁴
typescript@5.3.3 ⏵ 6.0.3
type-fest@4.8.3 ⏵ 5.7.0			⁺¹
semver@7.5.4 ⏵ 7.8.2	⁺¹		⁺¹
eslint@8.56.0 ⏵ 10.4.1	⁺²			⁺⁴⁵

View full report

Co-authored-by: aider (groq/llama-3.3-70b-versatile) <aider@aider.chat>

…age-updates

socket-security · 2026-06-06T15:59:50Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@typescript-eslint/eslint-plugin` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/typescript-eslint@8.60.1` → `npm/@typescript-eslint/eslint-plugin@8.60.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.60.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `brace-expansion` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/eslint@10.4.1` → `npm/typescript-eslint@8.60.1` → `npm/brace-expansion@5.0.5` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/brace-expansion@5.0.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `es-module-lexer` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/vitest@4.1.8` → `npm/es-module-lexer@2.0.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-module-lexer@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `es-module-lexer` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/vitest@4.1.8` → `npm/es-module-lexer@2.0.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-module-lexer@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `powershell-utils` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/open@11.0.0` → `npm/powershell-utils@0.1.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/powershell-utils@0.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

* Initial plan * Fix DEP0190: remove shell:true from spawn/spawnSync, add Windows support via cmd /c Co-authored-by: ptandler <934595+ptandler@users.noreply.github.com> * Refactor: extract resolveSpawnArgs helper, remove unnecessary array copy Co-authored-by: ptandler <934595+ptandler@users.noreply.github.com> * refactor: use detectOs instead of duplicate isWindows check Reuse existing detectOs() from open.ts instead of maintaining separate platform === 'win32' check in cmds.ts. * test: add node version compatibility test with mise Add integration test that verifies swpm install works on all active LTS node versions (18, 20, 22, 24). Versions are fetched dynamically from nodejs.org API. Create .tool-versions to pin current node version for the project. * docs: add testing report for package-updates branch Document findings from testing the upstream package-updates branch: - detectOs refactor already included (improved version) - Build and CLI commands work correctly - 496/501 tests pass (5 timeout failures are environmental) - Compatible with all active LTS Node versions (18, 20, 22, 24) - Significant dependency updates (TypeScript 6, vitest 4, etc.) - New swpm status command added * .editorconfig * fix: increase timeout for node version compatibility tests Set 120s per-test timeout since npm install under different node versions can take longer than the default 5s, especially on first run when mise needs to download and install the node binary. * cleanup * fix node-versions.test.ts * fix node-versions.test.ts * fix .tool-versions * rm TESTING_REPORT.md * sonar fixes in open.ts * revert package.json & lock * added @types/node * revert detectOs * review comments * review comments: deleted node-versions.test.ts --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ptandler <934595+ptandler@users.noreply.github.com>

…-lock.json

equiman and others added 15 commits April 24, 2026 21:57

chore: update dependencies and ESLint configuration

3c13eab

refactor: simplify error handling in various helper functions

516fe59

Co-authored-by: Copilot <copilot@github.com>

chore: update semver and @types/semver to latest versions

aa940e7

chore: update update-notifier to version 7.3.1

e523d66

refactor: enhance command execution by resolving OS-specific spawn ar…

dc04ec4

…guments

chore: update TypeScript to version 6.0.3 and adjust tsconfig settings

e607b46

Co-authored-by: Copilot <copilot@github.com>

chore: update chalk to version 5.6.2 in package.json and package-lock…

845f700

….json

chore: update type-fest to version 5.6.0 in package.json and package-…

cdd4b28

…lock.json

chore: update dependencies and improve test mocks

7d0009a

chore: update package dependencies and switch from 'find-up' to 'path…

db0f5cb

…-exists'

chore: update 'open' package to version 11.0.0 and ensure absolute pa…

3cabac3

…th handling in openBrowser function Co-authored-by: Copilot <copilot@github.com>

fix: open configuration for paths

ed1eef3

feat: bump yargs version

6f222c7

chore: bump project version

834c0aa

docs: developer instructions

ebcd935

equiman added 6 commits April 25, 2026 20:32

test: update config exclusions

c0f3b92

chore: update vscode settings

af680c6

test: update config exclusions

3019abf

docs: update docs version

2414ae7

remove: sonar configurations

d01f760

feat: add status command

7b98486

equiman mentioned this pull request Apr 26, 2026

Adding additional info utilities #104

Closed

equiman and others added 7 commits April 26, 2026 16:03

docs: add cheatsheet

dc976ae

feat: add done command support

aecd1e3

Co-authored-by: aider (groq/llama-3.3-70b-versatile) <aider@aider.chat>

fix: revert wsl explorer command

967d7fd

fix: build failure with any type

00ed6e1

chore: remove unused file and code

94040a6

chore: linter fix

5c31c8a

chore: better dev documentation

0347049

equiman added 6 commits May 1, 2026 20:39

Merge branch 'main' of https://github.com/deinsoftware/swpm into pack…

b41f1d5

…age-updates

chore: replaced with an skill

884540e

chore: comments in english

a8e2051

chore: update packages

448948d

chore: remove comments

6ff36a6

chore: update dependencies to latest versions

929f3fc

ptandler and others added 5 commits June 6, 2026 11:03

fix: correct regex in detectOs function and clean up browserId handling

3c34553

fix: update ptandler's avatar link in README.md

abd906a

fix: update release date for version 3.0.0 in CHANGELOG.md

ab7f5bd

fix: update @types/node to version 25.9.2 in package.json and package…

4c3fb65

…-lock.json

equiman merged commit ee443bd into main Jun 6, 2026
7 checks passed

equiman deleted the package-updates branch June 6, 2026 17:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Major Update to v3.0.0#110

Major Update to v3.0.0#110
equiman merged 39 commits into
mainfrom
package-updates

equiman commented Apr 26, 2026

Uh oh!

socket-security Bot commented Apr 26, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 6, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

equiman commented Apr 26, 2026