feat(cli): add show command to preview package contents

[khaliqgant]

User description

Add prpm show command that allows users and agents to inspect
package contents before installing. Supports:

• File listing with sizes
• --full flag for complete file contents
• --file for viewing specific files
• --json for programmatic/agent use

---

CodeAnt-AI Description

Add 'prpm show' command to preview package contents before installing

What Changed

• New CLI command prpm show that fetches a package and displays its metadata (name, version, description, format/subtype) and a file list with human-readable sizes and simple file-type icons
• Options:
  • --full: prints complete contents of every file in the package
  • --file : prints the contents of a single file (supports basename or path)
  • --json: outputs package metadata and file list as JSON; includes file contents when --full is used
• Handles scoped and unscoped package specs (with optional version), reports friendly errors and usage tips when package or file not found, and prints a suggested install command after preview

Impact

✅ Preview package files before install
✅ Easier inspection of specific files from packages
✅ JSON output for automation and agent workflows

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[my-senior-dev-pr-review]

🤖 My Senior Dev — Analysis Complete

👤 For @khaliqgant

📁 Expert in packages/ (203 edits) • ⚡ 98th PR this month

View your contributor analytics →

---

📊 3 files reviewed • 2 high risk • 4 need attention

🚨 High Risk:

• packages/cli/src/commands/show.ts — Critical concerns around security vulnerabilities and handling of edge cases in file extraction.
• packages/cli/src/commands/show.ts — Potential data exposure through logging that could lead to sensitive information leaks.

⚠️ Needs Attention:

• packages/cli/src/commands/show.ts — Important logic issues around the handling of binary content and maintainability concerns.

---

🚀 Open Interactive Review →

The full interface unlocks features not available in GitHub:

• 💬 AI Chat — Ask questions on any file, get context-aware answers
• 🔍 Smart Hovers — See symbol definitions and usage without leaving the diff
• 📚 Code Archeology — Understand how files evolved over time (/archeology)
• 🎯 Learning Insights — See how this PR compares to similar changes

---

💬 Chat here: @my-senior-dev explain this change — or try @chaos-monkey @security-auditor @optimizer @skeptic @junior-dev

📖 View all 12 personas & slash commands

You can interact with me by mentioning @my-senior-dev in any comment:

In PR comments or on any line of code:

• Ask questions about the code or PR
• Request explanations of specific changes
• Get suggestions for improvements

Slash commands:

• /help — Show all available commands
• /archeology — See the history and evolution of changed files
• /profile — Performance analysis and suggestions
• /expertise — Find who knows this code best
• /personas — List all available AI personas

AI Personas (mention to get their perspective):

Persona	Focus
@chaos-monkey 🐵	Edge cases & failure scenarios
@skeptic 🤨	Challenge assumptions
@optimizer ⚡	Performance & efficiency
@security-auditor 🔒	Security vulnerabilities
@accessibility-advocate ♿	Inclusive design
@junior-dev 🌱	Simple explanations
@tech-debt-collector 💳	Code quality & shortcuts
@ux-champion 🎨	User experience
@devops-engineer 🚀	Deployment & scaling
@documentation-nazi 📚	Documentation gaps
@legacy-whisperer 🏛️	Working with existing code
@test-driven-purist ✅	Testing & TDD

For the best experience, view this PR on myseniordev.com — includes AI chat, file annotations, and interactive reviews.

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Security Issue Tar extraction is performed without any safety filters (no symlink/path traversal checks). An attacker-controlled tarball could create symlinks or entries with ../ paths that escape the temp directory and overwrite arbitrary files. Error Resilience Registering the command eagerly means any failure during module load or command construction could crash CLI initialization. Ensure failures are handled gracefully (try/catch/fallback) so other commands remain usable. Performance / Memory The code reads the entire tarball into memory (Buffer) and then reads every extracted file fully into memory as strings. Large packages may OOM; streaming extraction and/or limiting content read size for preview mode would be safer. Possible Bug The implementation always attempts to gunzip the provided buffer and throws on failure. If the registry returns a raw tar stream (not gzipped) the decompression step will fail and the command exits instead of falling back to extracting a non-gzipped tar. Missing Tests / Coverage The PR adds a new user-facing command but does not add unit or e2e tests exercising it. Add tests that verify help text, basic output, and flags (--full, --file, --json) to prevent regressions.

[codeant-ai]

Suggestion: The tarball extraction in the show command does not apply any path-safety or symlink filtering, so a malicious package can include symlinks and crafted paths that cause files to be written outside the temporary directory during extraction, enabling potential file overwrite attacks; you should mirror the hardened extraction used in the install command by blocking symlinks and unsafe paths relative to the temp directory. [security]

Severity Level: Critical 🚨

Suggested change

	});
	// Security: block symlinks and unsafe paths to prevent path traversal attacks
	filter: (entryPath: string, entry: any) => {
	// Block explicit symlink and hard link entry types
	const entryType = 'type' in entry ? entry.type : null;
	if (entryType === 'SymbolicLink' || entryType === 'Link') {
	console.warn(` ⚠️ Blocked symlink in package: ${entryPath}`);
	return false;
	}
	// Also block filesystem symlinks if exposed via isSymbolicLink()
	if ('isSymbolicLink' in entry && typeof (entry as any).isSymbolicLink === 'function' && (entry as any).isSymbolicLink()) {
	console.warn(` ⚠️ Blocked symlink in package: ${entryPath}`);
	return false;
	}
	// Basic unsafe path patterns (.., absolute paths, Windows drive letters, null bytes)
	if (
	entryPath.includes('..') ||
	entryPath.startsWith('/') ||
	/^[a-zA-Z]:/.test(entryPath) ||
	entryPath.includes('\0')
	) {
	console.warn(` ⚠️ Blocked unsafe path in package: ${entryPath}`);
	return false;
	}
	// Ensure the resolved path stays within the temporary directory
	const resolvedPath = path.resolve(tmpDir, entryPath);
	const resolvedTarget = path.resolve(tmpDir);
	if (!resolvedPath.startsWith(resolvedTarget + path.sep) && resolvedPath !== resolvedTarget) {
	console.warn(` ⚠️ Blocked path traversal attempt: ${entryPath}`);
	return false;
	}
	return true;
	},

Why it matters? ⭐

This is a real security issue. The current code calls tar.extract with cwd set to a temp dir but applies no filtering or symlink handling — malicious tarballs can contain symlinks or crafted paths (../, absolute paths, Windows drive paths) that result in files being written outside the temp directory or symlinks pointing elsewhere, enabling file overwrite or information disclosure. The proposed filter mirrors common hardening strategies (block symlinks/links, block absolute/.. paths, and ensure resolved paths remain inside tmpDir) and therefore fixes a real vulnerability rather than being cosmetic.
The suggested implementation is sensible for the tar package API surface (filter/onentry patterns) and matches the threat described. It may need minor tweaks to match exact tar package types, but the core idea (reject symlinks and path traversal) is correct and necessary.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** packages/cli/src/commands/show.ts
**Line:** 57:57
**Comment:**
	*Security: The tarball extraction in the show command does not apply any path-safety or symlink filtering, so a malicious package can include symlinks and crafted paths that cause files to be written outside the temporary directory during extraction, enabling potential file overwrite attacks; you should mirror the hardened extraction used in the install command by blocking symlinks and unsafe paths relative to the temp directory.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[cubic-dev-ai]

2 issues found across 2 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="packages/cli/src/commands/show.ts">

<violation number="1" location="packages/cli/src/commands/show.ts:54">
P1: Missing security filter for tarball extraction. The `install.ts` command includes a `filter` option that blocks symlinks and path traversal attacks, but this `show` command extracts without these protections. A malicious package could exploit this to write files outside the temp directory.</violation>

<violation number="2" location="packages/cli/src/commands/show.ts:83">
P2: Reading all files as UTF-8 will fail or corrupt binary files. Consider detecting binary files (e.g., by extension or checking for null bytes) and either skipping their content or displaying a placeholder like `[binary file]`.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}