@meterian/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +106 -0
  2. package/bin/meterian +5 -0
  3. package/dist/cli.js +21455 -0
  4. package/package.json +24 -0
package/README.md ADDED
@@ -0,0 +1,106 @@
1
+ # @meterian/cli
2
+
3
+ Command-line tool for checking open-source dependencies against the [Meterian](https://meterian.io) vulnerability database. Works without a Meterian account.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ # Zero-install (no global install required)
9
+ npx @meterian/cli <command>
10
+
11
+ # Global install
12
+ npm install -g @meterian/cli
13
+ ```
14
+
15
+ ## Commands
16
+
17
+ ### `check` — Batch dependency audit
18
+
19
+ Reads a JSON array of `{language, name, version}` objects from stdin and returns a compact vulnerability summary.
20
+
21
+ ```bash
22
+ echo '[
23
+ {"language":"nodejs","name":"lodash","version":"4.17.15"},
24
+ {"language":"python","name":"requests","version":"2.25.0"}
25
+ ]' | npx @meterian/cli check
26
+ ```
27
+
28
+ Output:
29
+ ```json
30
+ {
31
+ "vulnerable": [
32
+ {
33
+ "language": "nodejs",
34
+ "name": "lodash",
35
+ "version": "4.17.15",
36
+ "severity": "HIGH",
37
+ "id": "CVE-2021-23337",
38
+ "safeVersions": ["4.17.21"]
39
+ }
40
+ ],
41
+ "summary": { "total": 2, "vulnerable": 1, "clean": 1 }
42
+ }
43
+ ```
44
+
45
+ Only vulnerable packages appear in the `vulnerable` array. `safeVersions` is ordered patch → minor → major (nulls excluded).
46
+
47
+ ### `advisories get` — Single-package advisory lookup
48
+
49
+ ```bash
50
+ npx @meterian/cli advisories get <language> <name> <version>
51
+ ```
52
+
53
+ Returns the full advisory list for one package as a JSON array.
54
+
55
+ ```bash
56
+ npx @meterian/cli advisories get nodejs lodash 4.17.15
57
+ ```
58
+
59
+ ### `nextsafe` — Safe upgrade versions
60
+
61
+ ```bash
62
+ npx @meterian/cli nextsafe <language> <name> <version>
63
+ ```
64
+
65
+ Returns the next safe version available at each semver level:
66
+
67
+ ```json
68
+ { "latestPatch": "4.17.21", "latestMinor": null, "latestMajor": null }
69
+ ```
70
+
71
+ ## Supported languages
72
+
73
+ | Language value | Package manager |
74
+ |---|---|
75
+ | `nodejs` (alias: `npm`, `javascript`) | npm / yarn / pnpm |
76
+ | `python` (alias: `pypi`) | pip / poetry / uv |
77
+ | `java` (alias: `maven`) | Maven / Gradle |
78
+ | `rust` (alias: `cargo`) | Cargo |
79
+ | `php` (alias: `packagist`) | Composer |
80
+ | `ruby` (alias: `gem`) | Bundler |
81
+ | `golang` (alias: `go`) | Go modules |
82
+ | `dotnet` (alias: `nuget`, `csharp`) | NuGet |
83
+ | `cpp` (alias: `conan`, `c`, `c++`) | Conan |
84
+ | `dart` (alias: `pub`, `flutter`) | pub |
85
+ | `clojure` (alias: `leiningen`) | Leiningen / deps.edn |
86
+ | `swift` (alias: `spm`) | Swift Package Manager |
87
+
88
+ ## Environment variables
89
+
90
+ | Variable | Default | Description |
91
+ |---|---|---|
92
+ | `KIWI_BASE_URL` | `https://services3.www.meterian.io` | Override the Kiwi API endpoint (e.g. for QA) |
93
+
94
+ ## Use with AI assistants
95
+
96
+ Install the companion Claude Code skill plugin for automated dependency auditing directly from your AI coding assistant:
97
+
98
+ ```bash
99
+ /plugin install meterian-security-audit@claude-plugins-official
100
+ ```
101
+
102
+ The skill reads your manifest files, pipes dependencies to `npx @meterian/cli check`, and presents a vulnerability report with remediation suggestions.
103
+
104
+ ## License
105
+
106
+ MIT
package/bin/meterian ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env node
2
+ require('../dist/cli.js').main().catch(e => {
3
+ process.stderr.write(e.message + '\n');
4
+ process.exit(1);
5
+ });