@vibgrate/cli 1.0.53 → 1.0.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +236 -6
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -19,8 +19,8 @@ import {
|
|
|
19
19
|
} from "./chunk-RNVZIZNL.js";
|
|
20
20
|
|
|
21
21
|
// src/cli.ts
|
|
22
|
-
import { Command as
|
|
23
|
-
import
|
|
22
|
+
import { Command as Command6 } from "commander";
|
|
23
|
+
import chalk6 from "chalk";
|
|
24
24
|
|
|
25
25
|
// src/commands/init.ts
|
|
26
26
|
import * as path from "path";
|
|
@@ -409,9 +409,239 @@ var deltaCommand = new Command4("delta").description("Show SBOM delta between tw
|
|
|
409
409
|
});
|
|
410
410
|
var sbomCommand = new Command4("sbom").description("SBOM export and delta reports for dependency drift tracking").addCommand(exportCommand).addCommand(deltaCommand);
|
|
411
411
|
|
|
412
|
+
// src/commands/help.ts
|
|
413
|
+
import { Command as Command5 } from "commander";
|
|
414
|
+
import chalk5 from "chalk";
|
|
415
|
+
var HELP_URL = "https://vibgrate.com/help";
|
|
416
|
+
function printFooter() {
|
|
417
|
+
console.log("");
|
|
418
|
+
console.log(chalk5.dim(`See ${HELP_URL} for more guidance`));
|
|
419
|
+
}
|
|
420
|
+
var detailedHelp = {
|
|
421
|
+
scan: () => {
|
|
422
|
+
console.log("");
|
|
423
|
+
console.log(chalk5.bold.underline("vibgrate scan") + chalk5.dim(" \u2014 Scan a project for upgrade drift"));
|
|
424
|
+
console.log("");
|
|
425
|
+
console.log(chalk5.bold("Usage:"));
|
|
426
|
+
console.log(" vibgrate scan [path] [options]");
|
|
427
|
+
console.log("");
|
|
428
|
+
console.log(chalk5.bold("Arguments:"));
|
|
429
|
+
console.log(` ${chalk5.cyan("[path]")} Path to scan (default: current directory)`);
|
|
430
|
+
console.log("");
|
|
431
|
+
console.log(chalk5.bold("Output options:"));
|
|
432
|
+
console.log(` ${chalk5.cyan("--format <format>")} Output format: ${chalk5.white("text")} | json | sarif | md (default: text)`);
|
|
433
|
+
console.log(` ${chalk5.cyan("--out <file>")} Write output to a file instead of stdout`);
|
|
434
|
+
console.log("");
|
|
435
|
+
console.log(chalk5.bold("Baseline & gating:"));
|
|
436
|
+
console.log(` ${chalk5.cyan("--baseline <file>")} Compare results against a saved baseline`);
|
|
437
|
+
console.log(` ${chalk5.cyan("--drift-budget <score>")} Fail if drift score exceeds this value (0\u2013100)`);
|
|
438
|
+
console.log(` ${chalk5.cyan("--drift-worsening <percent>")} Fail if drift worsens by more than % since baseline`);
|
|
439
|
+
console.log(` ${chalk5.cyan("--fail-on <level>")} Fail exit code on warn or error findings`);
|
|
440
|
+
console.log("");
|
|
441
|
+
console.log(chalk5.bold("Performance:"));
|
|
442
|
+
console.log(` ${chalk5.cyan("--concurrency <n>")} Max concurrent registry calls (default: 8)`);
|
|
443
|
+
console.log(` ${chalk5.cyan("--changed-only")} Only scan files changed since last git commit`);
|
|
444
|
+
console.log("");
|
|
445
|
+
console.log(chalk5.bold("Privacy & offline:"));
|
|
446
|
+
console.log(` ${chalk5.cyan("--offline")} Run without any network calls; skip result upload`);
|
|
447
|
+
console.log(` ${chalk5.cyan("--package-manifest <file>")} Use a local package-version manifest (JSON or ZIP) for offline mode`);
|
|
448
|
+
console.log(` ${chalk5.cyan("--no-local-artifacts")} Do not write .vibgrate JSON artifacts to disk`);
|
|
449
|
+
console.log(` ${chalk5.cyan("--max-privacy")} Strongest privacy mode: minimal scanners + no local artifacts`);
|
|
450
|
+
console.log("");
|
|
451
|
+
console.log(chalk5.bold("Tooling:"));
|
|
452
|
+
console.log(` ${chalk5.cyan("--install-tools")} Auto-install missing security scanners via Homebrew`);
|
|
453
|
+
console.log(` ${chalk5.cyan("--ui-purpose")} Enable UI purpose evidence extraction (slower)`);
|
|
454
|
+
console.log("");
|
|
455
|
+
console.log(chalk5.bold("Uploading results:"));
|
|
456
|
+
console.log(` ${chalk5.cyan("--push")} Auto-push results to Vibgrate API after scan`);
|
|
457
|
+
console.log(` ${chalk5.cyan("--dsn <dsn>")} DSN token for push (or set VIBGRATE_DSN env var)`);
|
|
458
|
+
console.log(` ${chalk5.cyan("--region <region>")} Data residency region: us | eu (default: us)`);
|
|
459
|
+
console.log(` ${chalk5.cyan("--strict")} Fail if the upload to Vibgrate API fails`);
|
|
460
|
+
console.log("");
|
|
461
|
+
console.log(chalk5.bold("Examples:"));
|
|
462
|
+
console.log(` ${chalk5.dim("# Scan the current directory and display a text report")}`);
|
|
463
|
+
console.log(" vibgrate scan .");
|
|
464
|
+
console.log("");
|
|
465
|
+
console.log(` ${chalk5.dim("# Scan, fail if drift score > 40, and write SARIF for GitHub Actions")}`);
|
|
466
|
+
console.log(" vibgrate scan . --drift-budget 40 --format sarif --out drift.sarif");
|
|
467
|
+
console.log("");
|
|
468
|
+
console.log(` ${chalk5.dim("# Scan and automatically upload results via a DSN")}`);
|
|
469
|
+
console.log(" vibgrate scan . --push --dsn $VIBGRATE_DSN");
|
|
470
|
+
console.log("");
|
|
471
|
+
console.log(` ${chalk5.dim("# Offline scan using a pre-downloaded package manifest")}`);
|
|
472
|
+
console.log(" vibgrate scan . --offline --package-manifest ./manifest.zip");
|
|
473
|
+
},
|
|
474
|
+
init: () => {
|
|
475
|
+
console.log("");
|
|
476
|
+
console.log(chalk5.bold.underline("vibgrate init") + chalk5.dim(" \u2014 Initialise vibgrate in a project directory"));
|
|
477
|
+
console.log("");
|
|
478
|
+
console.log(chalk5.bold("Usage:"));
|
|
479
|
+
console.log(" vibgrate init [path] [options]");
|
|
480
|
+
console.log("");
|
|
481
|
+
console.log(chalk5.bold("Arguments:"));
|
|
482
|
+
console.log(` ${chalk5.cyan("[path]")} Directory to initialise (default: current directory)`);
|
|
483
|
+
console.log("");
|
|
484
|
+
console.log(chalk5.bold("Options:"));
|
|
485
|
+
console.log(` ${chalk5.cyan("--baseline")} Create an initial drift baseline after init`);
|
|
486
|
+
console.log(` ${chalk5.cyan("--yes")} Skip all confirmation prompts`);
|
|
487
|
+
console.log("");
|
|
488
|
+
console.log(chalk5.bold("What it does:"));
|
|
489
|
+
console.log(" \u2022 Creates a .vibgrate/ directory");
|
|
490
|
+
console.log(" \u2022 Writes a vibgrate.config.ts starter config");
|
|
491
|
+
console.log(" \u2022 Optionally runs an initial baseline scan (--baseline)");
|
|
492
|
+
console.log("");
|
|
493
|
+
console.log(chalk5.bold("Examples:"));
|
|
494
|
+
console.log(" vibgrate init");
|
|
495
|
+
console.log(" vibgrate init ./my-project --baseline");
|
|
496
|
+
},
|
|
497
|
+
baseline: () => {
|
|
498
|
+
console.log("");
|
|
499
|
+
console.log(chalk5.bold.underline("vibgrate baseline") + chalk5.dim(" \u2014 Save a drift baseline snapshot"));
|
|
500
|
+
console.log("");
|
|
501
|
+
console.log(chalk5.bold("Usage:"));
|
|
502
|
+
console.log(" vibgrate baseline [path]");
|
|
503
|
+
console.log("");
|
|
504
|
+
console.log(chalk5.bold("Arguments:"));
|
|
505
|
+
console.log(` ${chalk5.cyan("[path]")} Path to baseline (default: current directory)`);
|
|
506
|
+
console.log("");
|
|
507
|
+
console.log(chalk5.bold("What it does:"));
|
|
508
|
+
console.log(" Runs a full scan and saves the result as .vibgrate/baseline.json.");
|
|
509
|
+
console.log(" Future scans can compare against this file using --baseline.");
|
|
510
|
+
console.log("");
|
|
511
|
+
console.log(chalk5.bold("Examples:"));
|
|
512
|
+
console.log(" vibgrate baseline .");
|
|
513
|
+
console.log(" vibgrate scan . --baseline .vibgrate/baseline.json --drift-worsening 10");
|
|
514
|
+
},
|
|
515
|
+
report: () => {
|
|
516
|
+
console.log("");
|
|
517
|
+
console.log(chalk5.bold.underline("vibgrate report") + chalk5.dim(" \u2014 Generate a report from a saved scan artifact"));
|
|
518
|
+
console.log("");
|
|
519
|
+
console.log(chalk5.bold("Usage:"));
|
|
520
|
+
console.log(" vibgrate report [options]");
|
|
521
|
+
console.log("");
|
|
522
|
+
console.log(chalk5.bold("Options:"));
|
|
523
|
+
console.log(` ${chalk5.cyan("--in <file>")} Input artifact file (default: .vibgrate/scan_result.json)`);
|
|
524
|
+
console.log(` ${chalk5.cyan("--format <format>")} Output format: ${chalk5.white("text")} | md | json (default: text)`);
|
|
525
|
+
console.log("");
|
|
526
|
+
console.log(chalk5.bold("Examples:"));
|
|
527
|
+
console.log(" vibgrate report");
|
|
528
|
+
console.log(" vibgrate report --format md > DRIFT-REPORT.md");
|
|
529
|
+
console.log(" vibgrate report --in ./ci/scan_result.json --format json");
|
|
530
|
+
},
|
|
531
|
+
sbom: () => {
|
|
532
|
+
console.log("");
|
|
533
|
+
console.log(chalk5.bold.underline("vibgrate sbom") + chalk5.dim(" \u2014 Export a Software Bill of Materials from a scan artifact"));
|
|
534
|
+
console.log("");
|
|
535
|
+
console.log(chalk5.bold("Usage:"));
|
|
536
|
+
console.log(" vibgrate sbom [options]");
|
|
537
|
+
console.log("");
|
|
538
|
+
console.log(chalk5.bold("Options:"));
|
|
539
|
+
console.log(` ${chalk5.cyan("--in <file>")} Input artifact (default: .vibgrate/scan_result.json)`);
|
|
540
|
+
console.log(` ${chalk5.cyan("--format <format>")} SBOM format: ${chalk5.white("cyclonedx")} | spdx (default: cyclonedx)`);
|
|
541
|
+
console.log(` ${chalk5.cyan("--out <file>")} Write SBOM to file instead of stdout`);
|
|
542
|
+
console.log("");
|
|
543
|
+
console.log(chalk5.bold("Examples:"));
|
|
544
|
+
console.log(" vibgrate sbom --format cyclonedx --out sbom.json");
|
|
545
|
+
console.log(" vibgrate sbom --format spdx --out sbom.spdx.json");
|
|
546
|
+
},
|
|
547
|
+
push: () => {
|
|
548
|
+
console.log("");
|
|
549
|
+
console.log(chalk5.bold.underline("vibgrate push") + chalk5.dim(" \u2014 Upload a scan artifact to the Vibgrate API"));
|
|
550
|
+
console.log("");
|
|
551
|
+
console.log(chalk5.bold("Usage:"));
|
|
552
|
+
console.log(" vibgrate push [options]");
|
|
553
|
+
console.log("");
|
|
554
|
+
console.log(chalk5.bold("Options:"));
|
|
555
|
+
console.log(` ${chalk5.cyan("--dsn <dsn>")} DSN token (or set VIBGRATE_DSN env var)`);
|
|
556
|
+
console.log(` ${chalk5.cyan("--file <file>")} Artifact to upload (default: .vibgrate/scan_result.json)`);
|
|
557
|
+
console.log(` ${chalk5.cyan("--region <region>")} Override data residency region: us | eu`);
|
|
558
|
+
console.log(` ${chalk5.cyan("--strict")} Fail with non-zero exit code on upload error`);
|
|
559
|
+
console.log("");
|
|
560
|
+
console.log(chalk5.bold("Examples:"));
|
|
561
|
+
console.log(" vibgrate push --dsn $VIBGRATE_DSN");
|
|
562
|
+
console.log(" vibgrate push --file ./ci/scan_result.json --strict");
|
|
563
|
+
},
|
|
564
|
+
dsn: () => {
|
|
565
|
+
console.log("");
|
|
566
|
+
console.log(chalk5.bold.underline("vibgrate dsn") + chalk5.dim(" \u2014 Manage DSN tokens for API authentication"));
|
|
567
|
+
console.log("");
|
|
568
|
+
console.log(chalk5.bold("Subcommands:"));
|
|
569
|
+
console.log(` ${chalk5.cyan("vibgrate dsn create")} Generate a new DSN token`);
|
|
570
|
+
console.log("");
|
|
571
|
+
console.log(chalk5.bold("dsn create options:"));
|
|
572
|
+
console.log(` ${chalk5.cyan("--workspace <id>")} Workspace ID ${chalk5.red("(required)")}`);
|
|
573
|
+
console.log(` ${chalk5.cyan("--region <region>")} Data residency region: us | eu (default: us)`);
|
|
574
|
+
console.log(` ${chalk5.cyan("--ingest <url>")} Override ingest API URL`);
|
|
575
|
+
console.log(` ${chalk5.cyan("--write <path>")} Write the DSN to a file (add to .gitignore!)`);
|
|
576
|
+
console.log("");
|
|
577
|
+
console.log(chalk5.bold("Examples:"));
|
|
578
|
+
console.log(" vibgrate dsn create --workspace abc123");
|
|
579
|
+
console.log(" vibgrate dsn create --workspace abc123 --region eu --write .vibgrate/.dsn");
|
|
580
|
+
},
|
|
581
|
+
update: () => {
|
|
582
|
+
console.log("");
|
|
583
|
+
console.log(chalk5.bold.underline("vibgrate update") + chalk5.dim(" \u2014 Update the vibgrate CLI to the latest version"));
|
|
584
|
+
console.log("");
|
|
585
|
+
console.log(chalk5.bold("Usage:"));
|
|
586
|
+
console.log(" vibgrate update [options]");
|
|
587
|
+
console.log("");
|
|
588
|
+
console.log(chalk5.bold("Options:"));
|
|
589
|
+
console.log(` ${chalk5.cyan("--check")} Check for a newer version without installing`);
|
|
590
|
+
console.log(` ${chalk5.cyan("--pm <manager>")} Force a package manager: npm | pnpm | yarn | bun`);
|
|
591
|
+
console.log("");
|
|
592
|
+
console.log(chalk5.bold("Examples:"));
|
|
593
|
+
console.log(" vibgrate update");
|
|
594
|
+
console.log(" vibgrate update --check");
|
|
595
|
+
console.log(" vibgrate update --pm pnpm");
|
|
596
|
+
}
|
|
597
|
+
};
|
|
598
|
+
function printSummaryHelp() {
|
|
599
|
+
console.log("");
|
|
600
|
+
console.log(chalk5.bold("vibgrate") + chalk5.dim(" \u2014 Continuous Drift Intelligence"));
|
|
601
|
+
console.log("");
|
|
602
|
+
console.log(chalk5.bold("Usage:"));
|
|
603
|
+
console.log(" vibgrate <command> [options]");
|
|
604
|
+
console.log(" vibgrate help [command] Show detailed help for a command");
|
|
605
|
+
console.log("");
|
|
606
|
+
console.log(chalk5.bold("Getting started:"));
|
|
607
|
+
console.log(` ${chalk5.cyan("init")} Initialise vibgrate in a project (creates config & .vibgrate/ dir)`);
|
|
608
|
+
console.log("");
|
|
609
|
+
console.log(chalk5.bold("Core scanning:"));
|
|
610
|
+
console.log(` ${chalk5.cyan("scan")} Scan a project for upgrade drift and generate a report`);
|
|
611
|
+
console.log(` ${chalk5.cyan("baseline")} Save a baseline snapshot to compare future scans against`);
|
|
612
|
+
console.log("");
|
|
613
|
+
console.log(chalk5.bold("Reporting & export:"));
|
|
614
|
+
console.log(` ${chalk5.cyan("report")} Re-generate a report from a previously saved scan artifact`);
|
|
615
|
+
console.log(` ${chalk5.cyan("sbom")} Export a Software Bill of Materials (CycloneDX or SPDX)`);
|
|
616
|
+
console.log("");
|
|
617
|
+
console.log(chalk5.bold("CI/CD integration:"));
|
|
618
|
+
console.log(` ${chalk5.cyan("push")} Upload a scan artifact to the Vibgrate API`);
|
|
619
|
+
console.log(` ${chalk5.cyan("dsn")} Create and manage DSN tokens for API authentication`);
|
|
620
|
+
console.log("");
|
|
621
|
+
console.log(chalk5.bold("Maintenance:"));
|
|
622
|
+
console.log(` ${chalk5.cyan("update")} Update the vibgrate CLI to the latest version`);
|
|
623
|
+
console.log("");
|
|
624
|
+
console.log(chalk5.dim("Run") + ` ${chalk5.cyan("vibgrate help <command>")} ` + chalk5.dim("for detailed options, e.g.") + ` ${chalk5.cyan("vibgrate help scan")}`);
|
|
625
|
+
}
|
|
626
|
+
var helpCommand = new Command5("help").description("Show help for vibgrate commands").argument("[command]", "Command to show detailed help for").helpOption(false).action((cmd) => {
|
|
627
|
+
const name = cmd?.toLowerCase().trim();
|
|
628
|
+
if (name && detailedHelp[name]) {
|
|
629
|
+
detailedHelp[name]();
|
|
630
|
+
} else if (name) {
|
|
631
|
+
console.log("");
|
|
632
|
+
console.log(chalk5.red(`Unknown command: ${name}`));
|
|
633
|
+
console.log(chalk5.dim(`Available commands: ${Object.keys(detailedHelp).join(", ")}`));
|
|
634
|
+
printSummaryHelp();
|
|
635
|
+
} else {
|
|
636
|
+
printSummaryHelp();
|
|
637
|
+
}
|
|
638
|
+
printFooter();
|
|
639
|
+
});
|
|
640
|
+
|
|
412
641
|
// src/cli.ts
|
|
413
|
-
var program = new
|
|
414
|
-
program.name("vibgrate").description("Continuous Drift Intelligence
|
|
642
|
+
var program = new Command6();
|
|
643
|
+
program.name("vibgrate").description("Continuous Drift Intelligence").version(VERSION).addHelpText("after", "\nSee https://vibgrate.com/help for more guidance");
|
|
644
|
+
program.addCommand(helpCommand);
|
|
415
645
|
program.addCommand(initCommand);
|
|
416
646
|
program.addCommand(scanCommand);
|
|
417
647
|
program.addCommand(baselineCommand);
|
|
@@ -424,8 +654,8 @@ function notifyIfUpdateAvailable() {
|
|
|
424
654
|
void checkForUpdate().then((update) => {
|
|
425
655
|
if (!update?.updateAvailable) return;
|
|
426
656
|
console.error("");
|
|
427
|
-
console.error(
|
|
428
|
-
console.error(
|
|
657
|
+
console.error(chalk6.yellow(` Update available: ${update.current} \u2192 ${update.latest}`));
|
|
658
|
+
console.error(chalk6.dim(' Run "vibgrate update" to install the latest version.'));
|
|
429
659
|
console.error("");
|
|
430
660
|
}).catch(() => {
|
|
431
661
|
});
|