Add @patchstack/connect (JS/Node) install page; link it from npm API docs#61
Merged
Conversation
docs.patchstack.com described npm coverage only as a partner-level, host-applied integration; a security-reviewing AI agent read that as contradicting the self-install connector and concluded the npm package was counterfeit (see patchstack/connect#67). Adds an official page for @patchstack/connect under Installing Patchstack and a note on the npm Threat Intelligence page distinguishing the two paths. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Clear, comprehensive documentation for JS/Node integration added. 🎯 Quality: 96% Elite · 📦 Size: Small 📈 This month: Your 227th PR — above team average · Averaging Excellent |
✅ Deploy Preview for deluxe-meerkat-8daf24 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
install.txt is being removed from patchstack.com (patchstack-website#350); the package's guide CLI and repo docs are the versioned sources of truth. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…sure, data handling, uninstall Extends the JS/Node install page to match the published CLI (v0.3.16): setup as the recommended bounded flow, the disclosure widget's script URL and opt-out, an explicit note that setup never runs the opt-in protect command, a Security and data handling section, and an uninstall path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
Author
|
Extended the page to fully document the published CLI (v0.3.16), verified against the published tarball:
Build passes (192 pages). |
Contributor
Author
|
/review |
patchstackdave
approved these changes
Jul 15, 2026
devlob
approved these changes
Jul 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
docs.patchstack.com currently describes npm vulnerability coverage only as a partner-level, host-applied integration (Threat Intelligence API npm features). During a real install attempt on 2026-07-14, a security-reviewing AI build agent checked these docs to verify
@patchstack/connect, found no mention of it, read "npm scanning is applied by the host" as contradicting a self-installed package, and refused the install as suspected name-squatting. Listing the connector in the official docs is the durable fix (tracked from patchstack/connect#67).What
@patchstack/connectis (official, MIT, npm + GitHub links), what it reads and sends, the zero-signup install flow, build hooks, the disclosure widget, and how it relates to host-level npm protection.Build passes (192 pages).
🤖 Generated with Claude Code