Node.js CLI best-practices audit: vendor skill + non-breaking fixes#556
Open
Paveltarno wants to merge 9 commits into
Open
Node.js CLI best-practices audit: vendor skill + non-breaking fixes#556Paveltarno wants to merge 9 commits into
Paveltarno wants to merge 9 commits into
Conversation
Vendors the Node.js CLI best-practices skill from lirantal/nodejs-cli-apps-best-practices (CC BY-SA 4.0, see ATTRIBUTION.md) into .claude/skills so audits and PR reviews can check changes against the 37 documented practices. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
Error events previously included raw positional args and API request/ response bodies, so a failing `base44 secrets set KEY=VALUE` sent the plaintext secret to PostHog twice. Mask KEY=VALUE arg values and drop bodies for /secrets endpoints before capture. Addresses §8.1 (strict opt-in analytics) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
Telemetry was opt-out but undocumented outside contributor docs. Print a one-time notice (marker at ~/.base44/telemetry-notice) explaining what is collected and how to opt out, and add a Telemetry section to the README. Addresses §8.1 (strict opt-in analytics) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
Error codes existed on every CLIError but were only sent to telemetry, and the version was not shown anywhere in failures — both are needed for usable bug reports. Add them to the themed error footer and to plain (non-interactive) error output. Addresses §6.1 (trackable errors) and §9.4 (version in errors) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
When a failure is not a user error (bad input, missing auth), print a GitHub new-issue link pre-populated with the error message, CLI version, command, session ID, and OS/Node details so filing a bug requires no manual info gathering. Addresses §6.5 (effortless bug reports) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
The npm entry point statically imported the ESM bundle, so running on an old Node version surfaced as a SyntaxError instead of an actionable message. Check process.versions.node against the engines field before dynamically importing the bundle. Addresses §4.3 (Node.js versions compatibility) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
- Handle SIGHUP in the dev server alongside SIGINT/SIGTERM so closing the terminal tears down child processes cleanly (§1.8) - Drop shell: true from fixed-argument execa calls (npm view, npx skills); execa resolves .cmd shims via cross-spawn, and avoiding the shell removes injection surface (§10.1) - Prune old ~/.base44/assets/<version> directories on first run of a new version so the cache doesn't grow with every release (§2.3) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
Error output now ends with a version/code footer and, for system errors, a pre-filled bug report link; the exact-match stderr assertions in exec.spec.ts needed to account for both. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
The changelog stopped at v0.0.51 while eight newer versions were tagged and published. Add the missing entries from the tagged commit history. Addresses §9.7 (update version documents) of the Node.js CLI best practices audit. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01VKEi1vRWoN1wX8QXErt2UC
Contributor
🚀 Package Preview Available!Install this PR's preview build with npm: npm i @base44-preview/cli@0.1.1-pr.556.40ca32ePrefer not to change any import paths? Install using npm alias so your code still imports npm i "base44@npm:@base44-preview/cli@0.1.1-pr.556.40ca32e"Or add it to your {
"dependencies": {
"base44": "npm:@base44-preview/cli@0.1.1-pr.556.40ca32e"
}
}
Preview published to npm registry — try new features instantly! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Description
This PR hardens the CLI's error-handling, telemetry, and startup behavior. It adds a pre-filled GitHub bug-report link plus the CLI version and error code to unexpected error output, redacts secret values from telemetry, shows a one-time telemetry notice with opt-out instructions, and fixes several robustness issues around unsupported Node.js versions, signal handling, shell usage, and stale asset cleanup.
Related Issue
None
Type of Change
Changes Made
Testing
Checklist
Additional Notes
New unit tests cover telemetry redaction (`tests/core/telemetry-redact.spec.ts`), and `exec` command assertions were updated for the new error output. All telemetry/UX helpers are best-effort and never throw, so they cannot break the CLI.
🤖 Generated by Claude | 2026-07-02 20:27 UTC | 40ca32e