pi-updater
Health Uyari
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Basarisiz
- exec() — Shell command execution in index.ts
- spawnSync — Synchronous process spawning in index.ts
- process.env — Environment variable access in index.ts
- network request — Outbound network request in index.ts
Permissions Gecti
- Permissions — No dangerous permissions requested
This is an auto-updater agent for the "pi" CLI tool. It checks for software updates, prompts the user, and handles the download and restart process automatically.
Security Assessment
The overall risk is High. The tool relies heavily on executing shell commands and spawning synchronous processes (`exec()`, `spawnSync`) to run updates and restart your session. It also reads environment variables and makes outbound network requests to fetch update data. While these actions are necessary for an auto-updater to function, dynamically executing remote code or commands is a highly sensitive operation. There is no evidence of hardcoded secrets in the scan.
Quality Assessment
The project appears to be actively maintained, with repository activity as recent as today. However, it suffers from low community visibility, having only 6 GitHub stars, which means the code has likely not been extensively reviewed by a wide audience. The README mentions an MIT license, though the automated scan failed to find a formal license file in the repository.
Verdict
Use with caution — while its functionality requires these risky permissions, its low community engagement means its shell execution and network behaviors have not been broadly vetted for supply chain security.
Auto updater for pi
pi-updater
A lightweight, Codex-style auto-updater for pi with fast, cache-first startup checks.
Note: On pi 0.70.3+, pi-updater delegates installation to pi's native
pi update --selfcommand. Older pi versions fall back to npm-based installation.
What it does
On pi 0.70.3+: pi-updater is native-aware. It keeps the interactive startup update prompt, checks pi's update service, installs with pi update --self, then offers to restart the current session. Pi's built-in updater only shows a notice with a command to run; pi-updater provides the clickable update/restart flow.
On older pi versions: if a newer version is available, pi-updater shows a startup prompt:
- Update now — install with npm, then auto-restart pi on the current session
- Skip — dismiss until next session
- Skip this version — don't ask again until a newer version appears
After a successful update, pi-updater asks whether to restart immediately. If confirmed, pi relaunches seamlessly on the current session. In non-interactive modes or if auto-restart fails, it falls back to a manual restart message. Ephemeral --no-session runs stay ephemeral on restart.
/update: manually check for updates (always fetches fresh from pi's update service, unless PI_OFFLINE is set). On pi 0.70.3+ it installs with pi update --self; on older pi it falls back to npm.
How version checks work
pi-updater uses a cache-first approach to keep startup fast:
- On startup, cached version data is checked instantly.
- One background live fetch refreshes the cache from pi's update service.
- If the background fetch finds a newer version, pi-updater can prompt in the same session.
- Automatic checks are skipped when
PI_SKIP_VERSION_CHECKorPI_OFFLINEis set.
Install
pi install npm:pi-updater
Or from git:
pi install git:github.com/tonze/pi-updater
Usage
Use /update inside pi to manually check for updates and install them.
Cache and dismissed-version state are stored in pi's configured agent directory and respect PI_CODING_AGENT_DIR.
Environment flags
Disable automatic version checks:
export PI_SKIP_VERSION_CHECK=1
Or run in offline mode (also disables automatic checks):
export PI_OFFLINE=1
Updating this package
pi update
License
MIT
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi