@meterian/cli 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -2
- package/dist/cli.js +2189 -1359
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -35,14 +35,27 @@ Output:
|
|
|
35
35
|
"version": "4.17.15",
|
|
36
36
|
"severity": "HIGH",
|
|
37
37
|
"id": "CVE-2021-23337",
|
|
38
|
-
"safeVersions": ["4.17.21"]
|
|
38
|
+
"safeVersions": ["4.17.21"],
|
|
39
|
+
"advisories": [
|
|
40
|
+
{
|
|
41
|
+
"id": "a1b2c3d4-...",
|
|
42
|
+
"description": "Prototype pollution in lodash's zipObjectDeep via...",
|
|
43
|
+
"severity": "HIGH",
|
|
44
|
+
"cvss": 7.2,
|
|
45
|
+
"cwe": "CWE-1321",
|
|
46
|
+
"cve": "CVE-2021-23337",
|
|
47
|
+
"identifiers": ["CVE-2021-23337", "GHSA-35jh-r3h4-6jhm"],
|
|
48
|
+
"versionRange": "[0,4.17.21)",
|
|
49
|
+
"link": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
|
|
50
|
+
}
|
|
51
|
+
]
|
|
39
52
|
}
|
|
40
53
|
],
|
|
41
54
|
"summary": { "total": 2, "vulnerable": 1, "clean": 1 }
|
|
42
55
|
}
|
|
43
56
|
```
|
|
44
57
|
|
|
45
|
-
Only vulnerable packages appear in the `vulnerable` array. `safeVersions` is ordered patch → minor → major (nulls excluded).
|
|
58
|
+
Only vulnerable packages appear in the `vulnerable` array. `safeVersions` is ordered patch → minor → major (nulls excluded). Each entry's `advisories` array contains one object per advisory found, with the best available link resolved in priority order: `ANNOUNCE` type → `NVD` type → `CVE` type → first link whose URL contains `github.com/advisories` → first link whose URL contains `osv.dev` → first link available.
|
|
46
59
|
|
|
47
60
|
### `advisories get` — Single-package advisory lookup
|
|
48
61
|
|
|
@@ -101,6 +114,23 @@ Install the companion Claude Code skill plugin for automated dependency auditing
|
|
|
101
114
|
|
|
102
115
|
The skill reads your manifest files, pipes dependencies to `npx @meterian/cli check`, and presents a vulnerability report with remediation suggestions.
|
|
103
116
|
|
|
117
|
+
## Changelog
|
|
118
|
+
|
|
119
|
+
### 0.1.3 — 2026-06-07
|
|
120
|
+
- `check` command: each vulnerable entry now includes an `advisories` array with per-advisory detail (id, description, severity, cvss, cwe, cve, identifiers, versionRange, link). Fully backward compatible — existing fields are unchanged.
|
|
121
|
+
- Advisory descriptions are stripped of markdown before truncation, so consumers receive plain text.
|
|
122
|
+
|
|
123
|
+
### 0.1.2 — 2026-05-22
|
|
124
|
+
- Unified canonical user ID: the CLI now shares a persistent analytics fingerprint with the VS Code extension and MCP server (`~/.meterian/heidi/config/user.json`)
|
|
125
|
+
|
|
126
|
+
### 0.1.1 — 2026-05-20
|
|
127
|
+
- Set `User-Agent: meterian-cli/<version>` on all outbound HTTP requests
|
|
128
|
+
- Added readable `--help` output
|
|
129
|
+
- Fixed silent output swallowing in the bin script
|
|
130
|
+
|
|
131
|
+
### 0.1.0 — 2026-05-05
|
|
132
|
+
- Initial release: `check`, `advisories get`, and `nextsafe` commands
|
|
133
|
+
|
|
104
134
|
## License
|
|
105
135
|
|
|
106
136
|
MIT
|