@getcodesentinel/codesentinel 1.4.2 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -0
- package/dist/index.js +1827 -1124
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -11,6 +11,7 @@ CodeSentinel combines three signals into a single, explainable risk profile:
|
|
|
11
11
|
- **Structural risk**: dependency graph topology, cycles, coupling, fan-in/fan-out, boundary violations.
|
|
12
12
|
- **Evolutionary risk**: change frequency, hotspots, bus factor, volatility.
|
|
13
13
|
- **External risk**: transitive dependency exposure, maintainer risk, staleness and abandonment indicators.
|
|
14
|
+
- Includes bounded popularity dampening (weekly npm downloads) as a secondary stability signal.
|
|
14
15
|
|
|
15
16
|
The CLI output now includes a deterministic `risk` block composed from those dimensions:
|
|
16
17
|
|
|
@@ -59,6 +60,7 @@ Then run:
|
|
|
59
60
|
|
|
60
61
|
```bash
|
|
61
62
|
codesentinel analyze [path]
|
|
63
|
+
codesentinel dependency-risk <dependency[@version]>
|
|
62
64
|
```
|
|
63
65
|
|
|
64
66
|
Examples:
|
|
@@ -67,6 +69,8 @@ Examples:
|
|
|
67
69
|
codesentinel analyze
|
|
68
70
|
codesentinel analyze .
|
|
69
71
|
codesentinel analyze ../project
|
|
72
|
+
codesentinel dependency-risk react
|
|
73
|
+
codesentinel dependency-risk react@19.0.0
|
|
70
74
|
```
|
|
71
75
|
|
|
72
76
|
Author identity mode:
|
|
@@ -188,6 +192,12 @@ For `external.dependencies`, each direct dependency now exposes three signal fie
|
|
|
188
192
|
- `inheritedRiskSignals`: signals propagated from transitive dependencies in its subtree.
|
|
189
193
|
- `riskSignals`: union of `ownRiskSignals` and `inheritedRiskSignals`.
|
|
190
194
|
|
|
195
|
+
Classification lists:
|
|
196
|
+
|
|
197
|
+
- `highRiskDependencies`: **production** direct packages classified from strong **own** signals (not inherited-only signals).
|
|
198
|
+
- `highRiskDevelopmentDependencies`: same classification model for direct development dependencies.
|
|
199
|
+
- `transitiveExposureDependencies`: direct packages carrying inherited transitive exposure signals.
|
|
200
|
+
|
|
191
201
|
Propagation policy is explicit and deterministic:
|
|
192
202
|
|
|
193
203
|
- `single_maintainer`: **not propagated**
|