@mondoohq/xgrep 0.1.1 → 0.2.0

package/README.md

@@ -1,63 +1,57 @@
-# xgrep
+# @mondoohq/xgrep
 
 A fast, Semgrep-compatible code scanner written in Go.
 
-xgrep scans codebases using Semgrep YAML rule syntax and tree-sitter for language-aware,
-AST-based pattern matching. It optimizes for **accuracy** — when it reports a
-vulnerability, it should be real and exploitable — and adds code-intelligence and
-AI-agent features on top of scanning. See the
-[design goals](docs/01-getting-started/index.md#design-goals).
+xgrep scans codebases using Semgrep YAML rule syntax and tree-sitter for
+language-aware, AST-based pattern matching. It optimizes for **accuracy** — when
+it reports a vulnerability, it should be real and exploitable — and adds
+code-intelligence and AI-agent features on top of scanning.
 
-## Installation
+This npm package ships prebuilt `xgrep` binaries for Linux and Windows
+(amd64 and arm64).
 
-```bash
-go install go.mondoo.com/xgrep/cmd/xgrep@latest
-```
+## Quick start
 
-Or build from source:
+xgrep ships with a built-in rule corpus, so no rules file is needed to get
+started — run it straight from npx:
 
 ```bash
-git clone https://github.com/mondoohq/xgrep.git
-cd xgrep
-go build -o xgrep ./cmd/xgrep
+# Scan the current directory with the built-in rules (defaults to security)
+npx @mondoohq/xgrep scan .
 ```
 
-## Quick start
-
 ```bash
-# Scan a directory with a rule file (or a directory of rules)
-xgrep -f rules.yaml src/
+# Choose a category (default: security)
+npx @mondoohq/xgrep scan --category correctness .
 
 # Machine-readable output
-xgrep -f rules.yaml --json src/
-xgrep -f rules.yaml --sarif src/                          # GitHub Code Scanning
-xgrep -f rules.yaml --gitlab -o gl-sast-report.json src/  # GitLab SAST
+npx @mondoohq/xgrep scan --json .
+npx @mondoohq/xgrep scan --sarif .                          # GitHub Code Scanning
+npx @mondoohq/xgrep scan --gitlab -o gl-sast-report.json .  # GitLab SAST
+
+# Bring your own rules: point -f at a rule file or a directory of rules
+npx @mondoohq/xgrep scan -f rules.yaml src/
 ```
 
-A scan target can also be a **remote git repository** — xgrep clones it (shallow,
-default branch) into a temp directory and scans it, no manual clone needed:
+A scan target can also be a **remote git repository** — xgrep clones it
+(shallow, default branch) into a temp directory and scans it, no manual clone
+needed:
 
 ```bash
-xgrep scan github.com/mondoohq/xgrep            # host/owner/repo shorthand
-xgrep scan https://github.com/mondoohq/xgrep    # or a full HTTPS/SSH URL
-xgrep scan github.com/mondoohq/xgrep --ref v1.2.0   # a branch, tag, or commit
+npx @mondoohq/xgrep scan github.com/mondoohq/xgrep            # host/owner/repo shorthand
+npx @mondoohq/xgrep scan https://github.com/mondoohq/xgrep    # or a full HTTPS/SSH URL
+npx @mondoohq/xgrep scan github.com/mondoohq/xgrep --ref v1.2.0   # a branch, tag, or commit
 ```
 
-See the [remote-repository section](docs/02-scanning/cli-reference.md#scanning-a-remote-repository)
-for `--ref`, `--depth`, and `--full-clone`.
-
-## Documentation
+## Install
 
-Full documentation lives in [`docs/`](docs/README.md):
+To add the `xgrep` command to your `PATH` instead of using npx:
 
-- **[Getting started](docs/01-getting-started/index.md)** — install and run your first scan.
-- **[Scanning](docs/02-scanning/index.md)** — CLI reference, output formats, supported
-  languages, file filtering, and Semgrep compatibility.
-- **[Rules](docs/03-rules/index.md)** — writing, syntax, taint analysis, and testing rules.
-- **[Code intelligence](docs/04-code-intelligence/index.md)** — `xgrep inspect` and the code graph.
-- **[Integrations](docs/05-integrations/index.md)** — MCP, LSP, and CI.
-- **[AI agents](docs/06-ai-agents/index.md)** — using xgrep as an agent backend (see also
-  [`AGENTS.md`](AGENTS.md)).
+```bash
+# Global install
+npm install -g @mondoohq/xgrep
+xgrep scan .
 
-Contributors: see [`CLAUDE.md`](CLAUDE.md) and the
-[architecture decision records](docs/adr).
+# Or as a project dev dependency
+npm install --save-dev @mondoohq/xgrep
+```

package/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 const path = require('path');
 const child_process = require('child_process');
-const mapping = { win32_x64: { name: [ '@mondoohq', 'xgrep_windows_amd64' ], bin: 'xgrep.exe' }, win32_arm64: { name: [ '@mondoohq', 'xgrep_windows_arm64' ], bin: 'xgrep.exe' }, linux_arm64: { name: [ '@mondoohq', 'xgrep_linux_arm64' ], bin: 'xgrep' }, linux_x64: { name: [ '@mondoohq', 'xgrep_linux_amd64' ], bin: 'xgrep' } };
+const mapping = { win32_x64: { name: [ '@mondoohq', 'xgrep_windows_amd64' ], bin: 'xgrep.exe' }, win32_arm64: { name: [ '@mondoohq', 'xgrep_windows_arm64' ], bin: 'xgrep.exe' }, linux_x64: { name: [ '@mondoohq', 'xgrep_linux_amd64' ], bin: 'xgrep' }, linux_arm64: { name: [ '@mondoohq', 'xgrep_linux_arm64' ], bin: 'xgrep' } };
 const definition = mapping[process.platform + '_' + process.arch];
 const packageJsonPath = require.resolve(path.join(...definition.name, 'package.json'));
 const packagePath = path.join(path.dirname(packageJsonPath), definition.bin);

package/package.json

@@ -1,14 +1,14 @@
 {
   "name": "@mondoohq/xgrep",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "bin": {
     "xgrep": "index.js"
   },
   "optionalDependencies": {
-    "@mondoohq/xgrep_windows_amd64": "0.1.1",
-    "@mondoohq/xgrep_windows_arm64": "0.1.1",
-    "@mondoohq/xgrep_linux_arm64": "0.1.1",
-    "@mondoohq/xgrep_linux_amd64": "0.1.1"
+    "@mondoohq/xgrep_windows_amd64": "0.2.0",
+    "@mondoohq/xgrep_windows_arm64": "0.2.0",
+    "@mondoohq/xgrep_linux_amd64": "0.2.0",
+    "@mondoohq/xgrep_linux_arm64": "0.2.0"
   },
   "os": [
     "win32",