@critiq/cli 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +24 -22
  2. package/main.js +90809 -16512
  3. package/package.json +1 -1
  4. package/schema/rule-document-v0alpha1.schema.json +1 -0
package/README.md CHANGED
@@ -1,5 +1,5 @@
1
1
  <p align="center">
2
- <img src="https://raw.githubusercontent.com/critiq-dev/critiq-core/main/docs/assets/banner-cli-simple-transparent.png" alt="critiq.dev" style="max-height:400px" />
2
+ <img src="https://raw.githubusercontent.com/critiq-dev/critiq-core/main/docs/assets/banner-cli.png" alt="critiq.dev" style="max-height:400px" />
3
3
  </p>
4
4
 
5
5
  <h1 align="center">Critiq CLI</h1>
@@ -21,12 +21,12 @@ It does this by parsing your code, matching it against a curated catalog of expl
21
21
 
22
22
  <p align="center">
23
23
  <img
24
- src="https://raw.githubusercontent.com/critiq-dev/critiq-core/main/docs/assets/cli-architecture-transparent.png"
24
+ src="https://raw.githubusercontent.com/critiq-dev/critiq-core/main/docs/assets/cli-architecture.png"
25
25
  alt="Cli Architecture"
26
26
  />
27
27
  </p>
28
28
 
29
- `@critiq/cli` runs Critiq checks against real code and exposes the public rule-pack commands for validation, testing, normalization, and explanation. By default it uses [`@critiq/rules`](https://www.npmjs.com/package/@critiq/rules) as the open source catalog with recommended rules. You can configure this by adding a `.critiq/config.yaml` configuration file.
29
+ By default, `@critiq/cli` uses the open source [`@critiq/rules`](https://www.npmjs.com/package/@critiq/rules) catalog with recommended rules. You can customize which rules are used either by passing command-line flags or by creating a `.critiq/config.yaml` configuration file.
30
30
 
31
31
  <br/>
32
32
  <p align="left">
@@ -44,18 +44,18 @@ Run Critiq on your project:
44
44
 
45
45
  ```bash
46
46
  npm install -D @critiq/cli @critiq/rules
47
- npx critiq check .
47
+ npx @critiq/cli check .
48
48
  ```
49
49
 
50
50
  Run Critiq against a diff:
51
51
 
52
52
  ```bash
53
- npx critiq check . --base origin/main --head HEAD
53
+ npx @critiq/cli check . --base origin/main --head HEAD
54
54
  ```
55
55
 
56
56
  ## GitHub Actions
57
57
 
58
- To run the same checks on **pull requests** in GitHub Actionswith optional **inline PR review comments** and severity-based merge gatesuse the official composite action **[critiq-dev/critiq-action](https://github.com/critiq-dev/critiq-action)** ([README](https://github.com/critiq-dev/critiq-action/blob/main/README.md)). The action wraps `critiq check`, honors `.critiq/config.yaml`, and can install published `@critiq/cli` / `@critiq/rules` when they are not already declared on the repository root `package.json`.
58
+ To run the same checks on **pull requests** in GitHub Actions, with optional **inline PR review comments** and severity-based merge gates, use the official composite action **[critiq-dev/critiq-action](https://github.com/critiq-dev/critiq-action)**. See the [GitHub Actions docs](https://docs.critiq.dev/ci/github-actions) for setup and configuration. The action wraps `critiq check`, honors `.critiq/config.yaml`, and can install published `@critiq/cli` / `@critiq/rules` when they are not already declared on the repository root `package.json`.
59
59
 
60
60
  Example `.github/workflows/critiq.yml`:
61
61
 
@@ -84,7 +84,7 @@ jobs:
84
84
  fail-on-severity: off
85
85
  ```
86
86
 
87
- Use a **major tag** (`@v1`) or pin a **commit SHA** for supply-chain control. More options (inputs, outputs, monorepos, reusable workflow) are in the [action README](https://github.com/critiq-dev/critiq-action/blob/main/README.md).
87
+ Use a **major tag** (`@v1`) or pin a **commit SHA** for supply-chain control. More options (inputs, outputs, monorepos, reusable workflow) are in the [GitHub Actions docs](https://docs.critiq.dev/ci/github-actions).
88
88
 
89
89
  ## Public Commands
90
90
 
@@ -140,20 +140,20 @@ Sample scripts ship under `scripts/hooks/` in this package (for example `pre-com
140
140
 
141
141
  ## Default OSS Rule Catalog
142
142
 
143
- The default open source catalog in [`@critiq/rules`](https://www.npmjs.com/package/@critiq/rules) currently includes `112` rules across `10` categories.
143
+ Today it includes `1023` rules across `10` languages, with `recommended`, `strict`, `security`, and `experimental` presets. Browse the full catalog at [docs.critiq.dev/rules](https://docs.critiq.dev/rules).
144
144
 
145
- | Category | Rules | What it looks after |
145
+ | Language | Rules | What it looks after |
146
146
  | --- | ---: | --- |
147
- | Security | 70 | Injection, auth and session gaps, unsafe transport, sensitive data exposure, unsafe file and HTML handling |
148
- | Correctness | 15 | Async bugs, null access, control-flow mistakes, missing fallbacks, race conditions |
149
- | Performance | 10 | Repeated IO, wasted async sequencing, hot-path loops, large retained objects, render churn |
150
- | Quality | 10 | Error handling gaps, oversized functions, coupling, duplicated logic, and weak test coverage |
151
- | Logging | 2 | Console usage and unsafe logging patterns |
152
- | Config | 1 | Configuration access boundaries |
153
- | Next | 1 | Server and client boundary leaks |
154
- | Random | 1 | Unsafe randomness in core logic |
155
- | React | 1 | Cascaded effect fetch patterns |
156
- | Runtime | 1 | Debug-only statements left in shipped code |
147
+ | TypeScript | 335 | Security (Express, NestJS, Apollo, Electron, Angular, Vue, Next.js), correctness (async bugs, null access, control-flow), performance, quality, React, testing, logging, config, and runtime |
148
+ | CloudFormation | 157 | AWS CloudFormation and SAM template validation (correctness, maintainability, and security) via wrapped cfn-lint |
149
+ | Java | 106 | Correctness bugs, performance, Spring/Servlet/JPA/Android security, and testing |
150
+ | Rust | 101 | Correctness (transmute safety, async pitfalls, IO handling), quality, performance, security (Actix, Axum, Rocket, SQL), and testing |
151
+ | PHP | 104 | Correctness (missing returns, invalid static calls, type errors), performance, security (Laravel, Symfony, WordPress), and testing |
152
+ | Go | 95 | Correctness (nil checks, goroutine bugs, defer mistakes), performance, security (Gin, Echo, Fiber), and testing |
153
+ | Python | 61 | Correctness, Django/DRF/Flask/FastAPI security, performance, and testing |
154
+ | Ruby | 38 | Bug risk, Rails security (CSRF, XSS, strong params), performance, and testing |
155
+ | Shared | 13 | Cross-language security rules (hardcoded credentials, SQL injection, path traversal, TLS verification) |
156
+ | SQL | 13 | SQL correctness (undefined references) and style (aliases, keyword casing, formatting) |
157
157
 
158
158
  ## High-Value Rules In The Default Catalog
159
159
 
@@ -174,10 +174,12 @@ The default open source catalog in [`@critiq/rules`](https://www.npmjs.com/packa
174
174
 
175
175
  ## Reference
176
176
 
177
- - [Getting started](https://github.com/critiq-dev/critiq-core/blob/main/docs/guides/getting-started.md)
178
- - [CLI reference](https://github.com/critiq-dev/critiq-core/blob/main/docs/reference/cli.md)
177
+ - [critiq.dev](https://critiq.dev) — product site
178
+ - [docs.critiq.dev](https://docs.critiq.dev) — full documentation
179
+ - [Getting started](https://docs.critiq.dev/getting-started)
180
+ - [CLI reference](https://docs.critiq.dev/cli)
181
+ - [GitHub Actions](https://docs.critiq.dev/ci/github-actions)
179
182
  - [`@critiq/rules` package](https://www.npmjs.com/package/@critiq/rules)
180
- - [Critiq GitHub Action](https://github.com/critiq-dev/critiq-action/blob/main/README.md) (CI and PR comments)
181
183
 
182
184
  ## License
183
185