npm - @vibgrate/cli - Versions diffs - 1.0.1 → 1.0.3 - Mend

@vibgrate/cli 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +46 -7
package/dist/{baseline-35XRSRAD.js → baseline-F7SZ4GYH.js} +2 -2
package/dist/{chunk-VMNBKARQ.js → chunk-5YYLI4QL.js} +457 -130
package/dist/{chunk-NTRKEIKP.js → chunk-LFLJ2AXJ.js} +1 -1
package/dist/cli.js +31 -164
package/dist/index.d.ts +11 -0
package/dist/index.js +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -24,7 +24,7 @@ Modern codebases don't break all at once — they decay silently. Node runtimes
 Run instantly with npx — no install required:
 ```bash
-npx @vibgrate/cli scan .
+npx @vibgrate/cli scan
 ```
 Or install as a dev dependency:
@@ -36,14 +36,14 @@ npm install -D @vibgrate/cli
 Then scan your project:
 ```bash
-npx vibgrate scan .
+npx vibgrate scan
 ```
 > **Why `npx`?** Installing with `-D` places the binary in `node_modules/.bin/`, which isn't on your system PATH. Use `npx` to run it, or add a script to your `package.json`:
 >
 > ```json
 > "scripts": {
->   "drift": "vibgrate scan ."
+>   "drift": "vibgrate scan"
 > }
 > ```
 >
@@ -130,11 +130,17 @@ That's it. You'll see a full drift report in seconds.
   1. Upgrade NestJS 10.3.0 → 11.0.0 in my-api
      1 major version behind. Major framework drift increases
      breaking change risk and blocks access to security fixes.
+     ./src/api
+       NestJS: 10.3.0 → 11.0.0 (1 behind)
      Impact: +5–15 points (framework score)
   2. Reduce dependency rot in my-api (42% severely outdated)
      3 of 53 dependencies are 2+ majors behind. Run `npm outdated`
      and prioritise packages with known CVEs.
+     ./src/api
+       express: 3.4.0 → 5.0.0 (2 majors behind)
+       lodash: 3.10.1 → 4.17.21 (1 major behind)
+       ... and 1 more
      Impact: +5–10 points (dependency score)
   Scanned at 2026-02-16T00:00:00.000Z · 1.2s · 48 files scanned
@@ -179,7 +185,7 @@ Take a baseline snapshot, then measure drift over time:
 ```bash
 npx vibgrate baseline .
-npx vibgrate scan . --baseline .vibgrate/baseline.json
+npx vibgrate scan --baseline .vibgrate/baseline.json
 ```
 ### Multiple Output Formats
@@ -195,10 +201,26 @@ npx vibgrate scan . --baseline .vibgrate/baseline.json
 Push scan results to the [Vibgrate Dashboard](https://vibgrate.com) for trend analysis, cross-repo comparison, and team-wide visibility. Upload is always opt-in — the CLI provides full value offline.
+The easiest way is to combine scan and push in a single command:
+```bash
+VIBGRATE_DSN="..." npx @vibgrate/cli scan --push
+```
+Or pass the DSN directly:
+```bash
+npx @vibgrate/cli scan --push --dsn "vibgrate+https://<key_id>:<secret>@us.ingest.vibgrate.com/<workspace_id>"
+```
+You can also push a previously generated artifact separately:
 ```bash
 VIBGRATE_DSN="..." vibgrate push
 ```
+> **Get your DSN:** Sign up at [vibgrate.com](https://vibgrate.com) and your workspace will be created automatically with a ready-to-paste code snippet containing your DSN.
 ---
 ## CI Integration
@@ -207,18 +229,23 @@ VIBGRATE_DSN="..." vibgrate push
 ```yaml
 - name: Vibgrate Scan
-  run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+  env:
+    VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
+  run: npx @vibgrate/cli scan --push --format sarif --out vibgrate.sarif --fail-on error
 - name: Upload SARIF
+  if: always()
   uses: github/codeql-action/upload-sarif@v3
   with:
     sarif_file: vibgrate.sarif
 ```
+> **Setup:** Add your DSN as a repository secret named `VIBGRATE_DSN` under **Settings → Secrets and variables → Actions**. Get your DSN from [vibgrate.com](https://vibgrate.com) — it's generated automatically when you create a workspace.
 ### Azure DevOps
 ```yaml
-- script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+- script: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
   displayName: Vibgrate Scan
 ```
@@ -260,9 +287,20 @@ Vibgrate is designed to be safe to run on any codebase:
 - **No source code is read** — only `package.json`, `tsconfig.json`, lockfiles, and project manifests
 - **No secrets are scanned** — ever
 - **No git history, authors, or commit messages** — only HEAD SHA and branch name for traceability
-- **No data leaves your machine** unless you explicitly run `vibgrate push`
+- **No data leaves your machine** unless you explicitly run `vibgrate push` or `vibgrate scan --push`
 - **No login required** — works fully offline
+### `.gitignore`
+The `.vibgrate/` directory contains ephemeral scan results and should not be committed to version control. Add it to your `.gitignore`:
+```gitignore
+# Vibgrate scan results (do not commit)
+.vibgrate/
+```
+The CLI writes per-project score files to `.vibgrate/` inside each detected project directory. These are regenerated on every scan and should not be copied between environments.
 ---
 ## Commands
@@ -270,6 +308,7 @@ Vibgrate is designed to be safe to run on any codebase:
 | Command | Description |
 |---------|-------------|
 | `vibgrate scan [path]` | Scan for upgrade drift |
+| `vibgrate scan --push` | Scan and auto-push to dashboard |
 | `vibgrate baseline [path]` | Create a drift baseline |
 | `vibgrate report` | Generate a report from a scan artifact |
 | `vibgrate init [path]` | Initialise config and `.vibgrate/` directory |

package/dist/{baseline-35XRSRAD.js → baseline-F7SZ4GYH.js} RENAMED Viewed

@@ -1,8 +1,8 @@
 import {
   baselineCommand,
   runBaseline
-} from "./chunk-NTRKEIKP.js";
-import "./chunk-VMNBKARQ.js";
+} from "./chunk-LFLJ2AXJ.js";
+import "./chunk-5YYLI4QL.js";
 export {
   baselineCommand,
   runBaseline