@vibgrate/cli 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,244 @@
1
+ <p align="center">
2
+ <strong>@vibgrate/cli</strong>
3
+ <br />
4
+ Continuous Upgrade Drift Intelligence for Node & .NET
5
+ </p>
6
+
7
+ <p align="center">
8
+ <a href="https://www.npmjs.com/package/@vibgrate/cli"><img src="https://img.shields.io/npm/v/@vibgrate/cli?color=blue&label=npm" alt="npm version" /></a>
9
+ <a href="https://www.npmjs.com/package/@vibgrate/cli"><img src="https://img.shields.io/npm/dm/@vibgrate/cli?color=green" alt="npm downloads" /></a>
10
+ <a href="https://vibgrate.com"><img src="https://img.shields.io/badge/website-vibgrate.com-blue" alt="website" /></a>
11
+ <img src="https://img.shields.io/node/v/@vibgrate/cli" alt="node version" />
12
+ </p>
13
+
14
+ ---
15
+
16
+ Modern codebases don't break all at once — they decay silently. Node runtimes fall behind LTS. .NET frameworks approach end-of-life. Core dependencies lag multiple major versions. Upgrade cost compounds until it becomes a project in itself.
17
+
18
+ **Vibgrate turns that invisible decay into a measurable signal.** One CLI command gives you an Upgrade Drift Score (0–100), actionable findings, and a clear picture of where your upgrade debt lives.
19
+
20
+ ---
21
+
22
+ ## Quick Start
23
+
24
+ Run instantly with npx — no install required:
25
+
26
+ ```bash
27
+ npx @vibgrate/cli scan .
28
+ ```
29
+
30
+ Or install as a dev dependency:
31
+
32
+ ```bash
33
+ npm install -D @vibgrate/cli
34
+ ```
35
+
36
+ Then scan your project:
37
+
38
+ ```bash
39
+ npx vibgrate scan .
40
+ ```
41
+
42
+ > **Why `npx`?** Installing with `-D` places the binary in `node_modules/.bin/`, which isn't on your system PATH. Use `npx` to run it, or add a script to your `package.json`:
43
+ >
44
+ > ```json
45
+ > "scripts": {
46
+ > "drift": "vibgrate scan ."
47
+ > }
48
+ > ```
49
+ >
50
+ > Then run `npm run drift`. Alternatively, install globally with `npm install -g @vibgrate/cli` to use `vibgrate` directly.
51
+
52
+ That's it. You'll see a full drift report in seconds.
53
+
54
+ ---
55
+
56
+ ## What You Get
57
+
58
+ ```
59
+ ╔══════════════════════════════════════════╗
60
+ ║ Vibgrate Drift Report ║
61
+ ╚══════════════════════════════════════════╝
62
+
63
+ Drift Score: 72/100
64
+ Risk Level: Low
65
+ Projects: 3
66
+
67
+ Score Breakdown
68
+ Runtime: ████████████████████ 100
69
+ Frameworks: ████████████████░░░░ 78
70
+ Dependencies: ██████████████░░░░░░ 64
71
+ EOL Risk: ████████████████████ 100
72
+
73
+ ── my-api (node) src/api
74
+ Runtime: 20.11.0 (current)
75
+ Frameworks:
76
+ NestJS: 10.3.0 → 11.0.0 (1 behind)
77
+ Dependencies:
78
+ 42 current 8 1-behind 3 2+ behind
79
+
80
+ Findings
81
+ ⚠ Framework "NestJS" is 1 major version(s) behind
82
+ ⚠ 12% of dependencies are 2+ major versions behind
83
+ ```
84
+
85
+ ---
86
+
87
+ ## Key Features
88
+
89
+ ### Upgrade Drift Score
90
+
91
+ A single 0–100 number that tells you how upgrade-ready your codebase is. Computed from runtime lag, framework versions, dependency age distribution, and EOL proximity. Deterministic and comparable across repos.
92
+
93
+ ### Multi-Platform Scanning
94
+
95
+ Works across **Node.js/TypeScript** and **.NET** projects in the same scan. Detects `package.json`, `.sln`, and `.csproj` files recursively.
96
+
97
+ ### CI-Native
98
+
99
+ Designed to live in your build pipeline. Returns meaningful exit codes, produces SARIF output for GitHub Code Scanning and Azure DevOps, and requires zero configuration to get started.
100
+
101
+ ### Ten Extended Scanners
102
+
103
+ Beyond the core drift score, Vibgrate runs a suite of extended scanners — all optional, all privacy-safe:
104
+
105
+ | Scanner | What It Finds |
106
+ |---------|---------------|
107
+ | **Platform Matrix** | Native modules, OS assumptions, Docker base images, architecture risks |
108
+ | **Dependency Risk** | Deprecated packages, native module flags, platform-specific dependencies |
109
+ | **Dependency Graph** | Duplicated packages, phantom dependencies, lockfile analysis |
110
+ | **Tooling Inventory** | Full tech stack map — frameworks, bundlers, ORMs, testing tools |
111
+ | **Build & Deploy** | CI systems, Docker, IaC, release tooling, monorepo tools |
112
+ | **TypeScript Modernity** | Strict mode, module system, ESM readiness |
113
+ | **Breaking Change Exposure** | Packages known to cause upgrade pain, legacy polyfills |
114
+ | **File Hotspots** | Codebase shape — file counts, sizes, depth, shared packages |
115
+ | **Security Posture** | Lockfile hygiene, `.gitignore` coverage, audit severity counts |
116
+ | **Service Dependencies** | External SDK detection — payment, auth, cloud, databases, messaging |
117
+
118
+ ### Baseline & Delta Tracking
119
+
120
+ Take a baseline snapshot, then measure drift over time:
121
+
122
+ ```bash
123
+ npx vibgrate baseline .
124
+ npx vibgrate scan . --baseline .vibgrate/baseline.json
125
+ ```
126
+
127
+ ### Multiple Output Formats
128
+
129
+ | Format | Use Case |
130
+ |--------|----------|
131
+ | `text` | Terminal output, local development |
132
+ | `json` | Programmatic consumption, artifact storage |
133
+ | `sarif` | GitHub Code Scanning, Azure DevOps integration |
134
+ | `md` | PR comments, documentation, wikis |
135
+
136
+ ### Dashboard Upload (Optional)
137
+
138
+ Push scan results to the [Vibgrate Dashboard](https://vibgrate.com) for trend analysis, cross-repo comparison, and team-wide visibility. Upload is always opt-in — the CLI provides full value offline.
139
+
140
+ ```bash
141
+ VIBGRATE_DSN="..." vibgrate push
142
+ ```
143
+
144
+ ---
145
+
146
+ ## CI Integration
147
+
148
+ ### GitHub Actions
149
+
150
+ ```yaml
151
+ - name: Vibgrate Scan
152
+ run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
153
+
154
+ - name: Upload SARIF
155
+ uses: github/codeql-action/upload-sarif@v3
156
+ with:
157
+ sarif_file: vibgrate.sarif
158
+ ```
159
+
160
+ ### Azure DevOps
161
+
162
+ ```yaml
163
+ - script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
164
+ displayName: Vibgrate Scan
165
+ ```
166
+
167
+ Works in any CI environment. No login required. No configuration needed.
168
+
169
+ ---
170
+
171
+ ## Configuration
172
+
173
+ Optionally create a `vibgrate.config.ts` to customise thresholds and scanner toggles:
174
+
175
+ ```bash
176
+ vibgrate init
177
+ ```
178
+
179
+ ```typescript
180
+ import type { VibgrateConfig } from '@vibgrate/cli';
181
+
182
+ const config: VibgrateConfig = {
183
+ exclude: ['legacy/**'],
184
+ thresholds: {
185
+ failOnError: {
186
+ eolDays: 180,
187
+ frameworkMajorLag: 3,
188
+ dependencyTwoPlusPercent: 50,
189
+ },
190
+ },
191
+ };
192
+
193
+ export default config;
194
+ ```
195
+
196
+ ---
197
+
198
+ ## Privacy First
199
+
200
+ Vibgrate is designed to be safe to run on any codebase:
201
+
202
+ - **No source code is read** — only `package.json`, `tsconfig.json`, lockfiles, and project manifests
203
+ - **No secrets are scanned** — ever
204
+ - **No git history, authors, or commit messages** — only HEAD SHA and branch name for traceability
205
+ - **No data leaves your machine** unless you explicitly run `vibgrate push`
206
+ - **No login required** — works fully offline
207
+
208
+ ---
209
+
210
+ ## Commands
211
+
212
+ | Command | Description |
213
+ |---------|-------------|
214
+ | `vibgrate scan [path]` | Scan for upgrade drift |
215
+ | `vibgrate baseline [path]` | Create a drift baseline |
216
+ | `vibgrate report` | Generate a report from a scan artifact |
217
+ | `vibgrate init [path]` | Initialise config and `.vibgrate/` directory |
218
+ | `vibgrate push` | Upload scan results to dashboard |
219
+ | `vibgrate dsn create` | Generate a DSN token |
220
+ | `vibgrate update` | Check for and install updates |
221
+
222
+ ---
223
+
224
+ ## Requirements
225
+
226
+ - **Node.js** >= 20.0.0
227
+ - Works on macOS, Linux, and Windows
228
+
229
+ ---
230
+
231
+ ## Full Documentation
232
+
233
+ See [DOCS.md](https://github.com/crowers/vibgrate-cli/blob/main/packages/vibgrate-cli/DOCS.md) for the complete reference — all commands, all flags, configuration options, extended scanner details, CI examples, and more.
234
+
235
+ ---
236
+
237
+ ## Links
238
+
239
+ - [Website](https://vibgrate.com)
240
+ - [Documentation](https://github.com/crowers/vibgrate-cli/blob/main/packages/vibgrate-cli/DOCS.md)
241
+
242
+ ---
243
+
244
+ Copyright © 2026 Vibgrate. All rights reserved. See [LICENSE](./LICENSE) for terms.
@@ -1,8 +1,8 @@
1
1
  import {
2
2
  baselineCommand,
3
3
  runBaseline
4
- } from "./chunk-OHAVLM6P.js";
5
- import "./chunk-DLRBJYO6.js";
4
+ } from "./chunk-3X3ZMVHI.js";
5
+ import "./chunk-VXEZ7APL.js";
6
6
  export {
7
7
  baselineCommand,
8
8
  runBaseline
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  runScan,
3
3
  writeJsonFile
4
- } from "./chunk-DLRBJYO6.js";
4
+ } from "./chunk-VXEZ7APL.js";
5
5
 
6
6
  // src/commands/baseline.ts
7
7
  import * as path from "path";