Back to Details

securecoder-update

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

/securecoder-update

/securecoder-update

You are running the 
/securecoder-update
skill. Your job is to surface version-check info to the user — what's installed, what's latest, and how to upgrade if needed. The skill never modifies anything; upgrade remains an explicit user action via 
npx skills@latest add nerdy-krishna/securecoder
.
您正在运行
/securecoder-update
技能。您的任务是向用户展示版本检查信息——已安装版本、最新版本以及必要时的升级方法。本技能绝不修改任何内容;升级始终需要用户通过
npx skills@latest add nerdy-krishna/securecoder
执行显式操作。

How to invoke

调用方式

/securecoder-update
No arguments. The skill runs unconditionally and reports the result.
/securecoder-update
无需参数。技能会无条件运行并返回结果。

What it does

功能说明

Run the bundled helper:
bash
python3 "<skill-dir>/scripts/check_version.py"
For machine-readable output (useful when piping to another tool):
bash
python3 "<skill-dir>/scripts/check_version.py" --json
The helper:
  1. Reads the 
    VERSION
    file at 
    <skill-dir>/VERSION
    (carried into the install by the skills.sh installer alongside 
    SKILL.md
    ).
  2. Queries 
    https://api.github.com/repos/nerdy-krishna/securecoder/releases/latest
    .
  3. Parses both tags as 
    (major, minor, patch)
    tuples for ordered comparison.
  4. Compares and reports.
运行内置辅助工具:
bash
python3 "<skill-dir>/scripts/check_version.py"
如需机器可读格式的输出(便于传递给其他工具):
bash
python3 "<skill-dir>/scripts/check_version.py" --json
该辅助工具的执行步骤:
  1. 读取
    <skill-dir>/VERSION
    文件(由skills.sh安装程序与
    SKILL.md
    一同安装到本地)。
  2. 查询
    https://api.github.com/repos/nerdy-krishna/securecoder/releases/latest
  3. 将两个版本标签解析为
    (major, minor, patch)
    元组进行有序比较。
  4. 对比结果并生成报告。

Exit codes

退出码

ExitMeaning
0Up to date — installed matches latest
1Update available
2Could not determine installed version (VERSION file missing — broken install)
3Could not reach the GitHub API (offline, rate-limited, server error)
退出码含义
0已更新至最新版本——已安装版本与最新版本一致
1有可用更新
2无法确定已安装版本(VERSION文件缺失——安装已损坏)
3无法连接GitHub API(离线、请求受限、服务器错误)

Output examples

输出示例

Up to date

已更新至最新版本

You're up to date.
  Installed: v1.1.0
  Latest:    v1.1.0 (v1.1.0 — False-positive suppression)
您的版本已是最新。
  已安装版本: v1.1.0
  最新版本:    v1.1.0 (v1.1.0 — 误报抑制)

Update available

有可用更新

Update available.
  Installed: v1.0.0
  Latest:    v1.1.0 (v1.1.0 — False-positive suppression)
  Released:  2026-05-14T15:30:00Z (1 days ago)
  Notes:     https://github.com/nerdy-krishna/securecoder/releases/tag/v1.1.0

To upgrade:
  npx skills@latest add nerdy-krishna/securecoder

Your team-shared config (.securecoder/config.json), suppressions
(.securecoder/suppressions.json), and scan history (.securecoder/runs/)
are preserved across upgrades.
有可用更新。
  已安装版本: v1.0.0
  最新版本:    v1.1.0 (v1.1.0 — 误报抑制)
  发布时间:  2026-05-14T15:30:00Z(1天前)
  发布说明:     https://github.com/nerdy-krishna/securecoder/releases/tag/v1.1.0

升级命令:
  npx skills@latest add nerdy-krishna/securecoder

您的团队共享配置文件(.securecoder/config.json)、误报抑制文件(.securecoder/suppressions.json)以及扫描历史记录(.securecoder/runs/)在升级过程中会被保留。

Offline / API unreachable

离线/API无法访问

Installed: v1.1.0. Could not check for updates (network/API issue).
Try again later or browse https://github.com/nerdy-krishna/securecoder/releases manually.
已安装版本: v1.1.0。无法检查更新(网络/API问题)。
请稍后重试或手动浏览https://github.com/nerdy-krishna/securecoder/releases。

What the upgrade preserves

升级时保留的内容

Tell the user explicitly when reporting an available update (the helper's output already mentions this):
  • .securecoder/config.json
    — team-shared per-project config
  • .securecoder/suppressions.json
    — team-shared false-positive ledger
  • .securecoder/runs/*
    — local scan + fix run history
  • ~/.cache/securecoder/tools/
    — cached SAST binaries (re-checked against pinned versions in the updated skill; only upgraded if pins changed)
  • ~/.cache/securecoder/rules/
    — cached OWASP + Semgrep rule packs (same content-addressed reuse policy)
User data survives upgrades unconditionally. Only the skill files themselves get rewritten.
当报告有可用更新时,需明确告知用户(辅助工具的输出已提及此内容):
  • .securecoder/config.json
    — 项目级团队共享配置
  • .securecoder/suppressions.json
    — 团队共享误报记录
  • .securecoder/runs/*
    — 本地扫描与修复运行历史
  • ~/.cache/securecoder/tools/
    — 缓存的SAST二进制文件(会与更新后技能中的固定版本进行核对;仅当版本固定值变更时才会升级)
  • ~/.cache/securecoder/rules/
    — 缓存的OWASP + Semgrep规则包(采用相同的内容寻址复用策略)
用户数据会在升级过程中无条件保留。仅技能文件本身会被重写。

What this skill does NOT do

本技能不具备的功能

  • Does NOT upgrade automatically. That's a security boundary — the user always explicitly runs the install command.
  • Does NOT modify any file. Read-only; only emits text.
  • Does NOT bypass the GitHub API rate limit. Unauthenticated requests are throttled at 60/hour per IP. For frequent check needs, consider running with a 
    GITHUB_TOKEN
    env var (set on the host).
  • Does NOT detect pre-release versions explicitly. The helper only compares against 
    /releases/latest
    which GitHub filters to non-pre-release entries. Users tracking the 
    main
    branch (not a tagged release) won't be notified of every commit.
  • 不会自动升级。这是安全边界——用户必须显式运行安装命令。
  • 不会修改任何文件。只读模式;仅输出文本信息。
  • 不会绕过GitHub API请求限制。未认证请求的限制为每IP每小时60次。如需频繁检查,可考虑设置
    GITHUB_TOKEN
    环境变量(在主机上配置)。
  • 不会显式检测预发布版本。辅助工具仅与
    /releases/latest
    进行对比,GitHub会过滤掉预发布条目。跟踪
    main
    分支(而非已标记版本)的用户不会收到每次提交的通知。

When to invoke

调用时机

  • Once a month-ish, as a habit, to know if there's a release worth picking up
  • After hearing about a new release on the project's release feed
  • When 
    /securecoder-scan
    behaves unexpectedly — could be that you're on an older version
  • Right before running a substantial audit, to make sure you're not missing fixes
  • 每月一次左右,作为习惯检查是否有值得升级的版本
  • 在项目发布 feed 中得知新版本后
  • /securecoder-scan
    运行异常时——可能是因为您使用的是旧版本
  • 在执行重大审计前,确保您没有遗漏修复内容

Failure modes

故障场景

  • VERSION file missing. Means the install is broken. Recommend re-running 
    npx skills@latest add nerdy-krishna/securecoder
    .
  • GitHub API unreachable. Could be offline, behind a proxy that blocks 
    api.github.com
    , or rate-limited. The skill exits cleanly with a hint to retry or browse the releases page manually.
  • API returns a malformed response. Treated the same as unreachable. The user gets a clear message and exit code 3.
  • VERSION文件缺失。意味着安装已损坏。建议重新运行
    npx skills@latest add nerdy-krishna/securecoder
  • GitHub API无法访问。可能是离线状态、代理阻止了
    api.github.com
    ,或是请求受限。技能会正常退出并提示重试或手动浏览发布页面。
  • API返回格式错误的响应。处理方式与无法访问相同。用户会收到清晰提示,退出码为3。

See also

相关链接

  • README — Quickstart
  • docs/roadmap.md — v1.2.0 backlog and future work
  • CHANGELOG.md — complete release history
  • README — 快速入门
  • docs/roadmap.md — v1.2.0待办事项与未来规划
  • CHANGELOG.md — 完整发布历史