Skip to content

v1.10.4

Choose a tag to compare

View all tags
@pirate pirate released this 14 Apr 22:53
· 79 commits to main since this release
v1.10.4
4d78ca7
This commit was signed with the committer’s verified signature.
pirate Nick Sweeting
SSH Key Fingerprint: 6CIN5ob1siNL6Oe4C6+10sUHRwN+AO3b7Hb8TX8SPJY
Verified
Learn about vigilant mode.

abxpkg v1.10.4

✨ Highlights

  • Added richer CLI inspection commands with abxpkg version and abxpkg list, including per-provider runtime state, installer provenance, dependency binaries, and installed binary caches.
  • Tightened provider dependency provenance so wrapper providers now record the upstream runtimes they actually depend on (node, python, ruby, installer binaries) instead of flattening everything into the active provider.
  • Improved run --script option merging so same-name script dependencies now contribute defaults to the final run binary without overriding an explicit --binproviders / ABXPKG_BINPROVIDERS selection.
  • Hardened the base provider action flow so nullable security options are resolved to real provider/action defaults before handlers run, instead of leaking None into provider-specific install/update code.

🧭 Quick Examples

abxpkg version
abxpkg version yt-dlp
abxpkg list
abxpkg list env playwright chromium
abxpkg --binproviders=env,uv,pip run yt-dlp --version
abx --global yt-dlp --version
#!/usr/bin/env -S abxpkg run --script node
// /// script
// dependencies = [
//   {name = "node", binproviders = ["env", "brew"], min_version = "22.0.0"},
//   {name = "playwright", binproviders = ["playwright", "pnpm", "npm", "yarn"]},
// ]
// ///

🛠 What Changed

  • Added documented abxpkg version / abxpkg list flows and refreshed the generated docs/site output to match the current provider/runtime model.
  • Refined cache handling so provider-local derived.env entries preserve stable absolute paths, create missing cache directories lazily, and de-duplicate repeated installer/binary lines in global listings.
  • Fixed Binary._binprovider_order() so cached providers are preferred without dropping uncached fallback providers during update/uninstall flows.
  • Made no-op providers like env and bash still resolve and validate binaries during install() / update(), including enforcing min_version on the final loaded binary instead of silently accepting a mismatch.
  • Resolved nullable postinstall_scripts / min_release_age in the base BinProvider.install() / update() / uninstall() path using provider/action defaults, while preserving warnings for unsupported strict values.
  • Tightened installer provenance so INSTALLER_BINARY() now preserves the real upstream provider that loaded the installer binary, instead of re-wrapping everything as if it came from the active provider.
  • Ensured explicit --binproviders / ABXPKG_BINPROVIDERS remain an exact provider allowlist/order during installer and dependency resolution, instead of silently widening back to defaults.
  • Added explicit upstream dependency tracking for wrapper providers that really depend on another runtime binary:
    • npm, pnpm, yarn, playwright, and puppeteer now cache node
    • pip, ansible, and pyinfra now cache python
    • gem now caches ruby
  • Fixed GoGetProvider installer resolution so go is loaded through a proper go version override instead of relying on generic --version probing.
  • Tightened BrewProvider behavior so postinstall_scripts=False is only claimed for brew install, not brew upgrade, which has no equivalent --skip-post-install flag.
  • Improved script-mode dependency merging so same-name dependencies (for example node in run --script node) merge their defaults into the final run binary generically instead of only special-casing min_version.
  • Updated provider summaries and list/version output so installer binaries, upstream dependency binaries, and installed binaries are reported more accurately and with less duplication.

⚠️ Behavioral Changes

  • Explicit provider selection now stays explicit. If you pass --binproviders=... or set ABXPKG_BINPROVIDERS, dependency and installer resolution no longer silently re-add default providers behind your back.
  • install() / update() on read-only/no-op providers still behave as no-ops for mutation, but they now validate the resolved binary and enforce min_version on the result.
  • Passing nullable security fields through provider instances or provider overrides is safer now: None means “use the provider/action default”, not “let a provider handler crash on an assertion”.
Assets 2
Loading