Skip to content

Add @patchstack/connect (JS/Node) install page; link it from npm API docs#61

Merged
ejntaylor merged 3 commits into
mainfrom
docs/connect-js-node-page
Jul 15, 2026
Merged

Add @patchstack/connect (JS/Node) install page; link it from npm API docs#61
ejntaylor merged 3 commits into
mainfrom
docs/connect-js-node-page

Conversation

@ejntaylor

Copy link
Copy Markdown
Contributor

Why

docs.patchstack.com currently describes npm vulnerability coverage only as a partner-level, host-applied integration (Threat Intelligence API npm features). During a real install attempt on 2026-07-14, a security-reviewing AI build agent checked these docs to verify @patchstack/connect, found no mention of it, read "npm scanning is applied by the host" as contradicting a self-installed package, and refused the install as suspected name-squatting. Listing the connector in the official docs is the durable fix (tracked from patchstack/connect#67).

What

  • New page: Getting Started → Installing Patchstack → JavaScript / Node.js projects — what @patchstack/connect is (official, MIT, npm + GitHub links), what it reads and sends, the zero-signup install flow, build hooks, the disclosure widget, and how it relates to host-level npm protection.
  • Note on Threat Intelligence API → NPM features distinguishing the partner API from the self-install connector, with a link.

Build passes (192 pages).

🤖 Generated with Claude Code

docs.patchstack.com described npm coverage only as a partner-level,
host-applied integration; a security-reviewing AI agent read that as
contradicting the self-install connector and concluded the npm package
was counterfeit (see patchstack/connect#67). Adds an official page for
@patchstack/connect under Installing Patchstack and a note on the npm
Threat Intelligence page distinguishing the two paths.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderbuds

coderbuds Bot commented Jul 14, 2026

Copy link
Copy Markdown

Clear, comprehensive documentation for JS/Node integration added.

🎯 Quality: 96% Elite · 📦 Size: Small

📈 This month: Your 227th PR — above team average · Averaging Excellent

See how your team is trending →

@netlify

netlify Bot commented Jul 14, 2026

Copy link
Copy Markdown

Deploy Preview for deluxe-meerkat-8daf24 ready!

Name Link
🔨 Latest commit 892a2bc
🔍 Latest deploy log https://app.netlify.com/projects/deluxe-meerkat-8daf24/deploys/6a57423ca049200008a8c8f8
😎 Deploy Preview https://deploy-preview-61--deluxe-meerkat-8daf24.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

ejntaylor and others added 2 commits July 14, 2026 15:24
install.txt is being removed from patchstack.com
(patchstack-website#350); the package's guide CLI and repo docs are the
versioned sources of truth.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…sure, data handling, uninstall

Extends the JS/Node install page to match the published CLI (v0.3.16):
setup as the recommended bounded flow, the disclosure widget's script URL
and opt-out, an explicit note that setup never runs the opt-in protect
command, a Security and data handling section, and an uninstall path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@ejntaylor

Copy link
Copy Markdown
Contributor Author

Extended the page to fully document the published CLI (v0.3.16), verified against the published tarball:

  • setup as the recommended install flow, with its five bounded effects enumerated (manifest submission, site provision/reuse, widget tag management, production-only build integration, status checklist) — dev scripts untouched, build never run
  • explicit disclosure that setup never runs protect, plus a section describing protect as the separate opt-in command (TanStack Start + Supabase) that may modify application code
  • widget details: external script URL, "widget": false opt-out, mark-build output-only behavior
  • a Security and data handling section (what is sent, what is written locally, external resources, dashboard-link behavior)
  • an uninstall path

Build passes (192 pages).

@ejntaylor

Copy link
Copy Markdown
Contributor Author

/review

@ejntaylor ejntaylor merged commit 0154901 into main Jul 15, 2026
4 checks passed
@ejntaylor ejntaylor deleted the docs/connect-js-node-page branch July 15, 2026 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants