@vibgrate/cli 1.0.71 → 1.0.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/DOCS.md +1 -23
  2. package/README.md +0 -1
  3. package/dist/baseline-DXFJEV4M.js +10 -0
  4. package/dist/{chunk-SEMFRCWZ.js → chunk-7MXWH3XU.js} +2 -2
  5. package/dist/{chunk-AOCAJJFK.js → chunk-DSKISXFM.js} +4265 -957
  6. package/dist/{chunk-TBE6NQ5Z.js → chunk-JQHUH6A3.js} +54 -5
  7. package/dist/cli.js +4 -4
  8. package/dist/{fs-B2ZS4NOP.js → fs-D24ONFXR.js} +1 -1
  9. package/dist/index.d.ts +10 -55
  10. package/dist/index.js +2 -2
  11. package/package.json +1 -1
  12. package/dist/baseline-FBU3K6U7.js +0 -10
package/DOCS.md CHANGED
@@ -44,7 +44,6 @@ For a quick overview, see the [README](./README.md). This document covers everyt
44
44
  - [Breaking Change Exposure](#breaking-change-exposure)
45
45
  - [File Hotspots](#file-hotspots)
46
46
  - [Security Posture](#security-posture)
47
- - [Security Scanners](#security-scanners)
48
47
  - [Service Dependencies](#service-dependencies)
49
48
  - [Architecture Layers](#architecture-layers)
50
49
  - [Code Quality Metrics](#code-quality-metrics)
@@ -73,7 +72,7 @@ Vibgrate recursively scans your repository for `package.json` (Node/TypeScript),
73
72
  4. **Generates** a deterministic Upgrade Drift Score (0–100)
74
73
  5. **Produces** findings, a full JSON artifact, and optional SARIF output
75
74
 
76
- Core drift analysis does not execute source code. Optional security scanners can run lightweight secret heuristics and local toolchain checks. Dashboard upload remains optional.
75
+ Core drift analysis does not execute source code. Dashboard upload remains optional.
77
76
 
78
77
  ---
79
78
 
@@ -179,7 +178,6 @@ vibgrate scan [path] [--format text|json|sarif|md] [--out <file>] [--fail-on war
179
178
  | `--dsn <dsn>` | `VIBGRATE_DSN` env | DSN used for `--push` authentication |
180
179
  | `--region <region>` | — | Override data residency (`us`, `eu`) during push |
181
180
  | `--strict` | — | Fail scan command if push fails |
182
- | `--install-tools` | — | Auto-install missing local security tools via Homebrew |
183
181
  | `--ui-purpose` | — | Enable optional UI-purpose evidence extraction |
184
182
  | `--offline` | — | Disable network calls and disable upload/push behavior |
185
183
  | `--package-manifest <file>` | — | JSON or ZIP package-version manifest used for offline/latest lookups (latest bundle: `https://github.com/vibgrate/manifests/latest-packages.zip`) |
@@ -570,17 +568,6 @@ Structural security hygiene indicators (not a secret scanner):
570
568
  - `.env` files tracked outside `.gitignore`
571
569
  - Audit severity counts (via `npm audit --json`)
572
570
 
573
- ### Security Scanners
574
-
575
- Security scanner orchestration and readiness analysis for local policy and secret-scanning workflows:
576
-
577
- - Scanner engine discovery (installed vs missing)
578
- - Version freshness checks to flag stale scanner engines/signatures
579
- - Local config discovery for scanner policy files
580
- - Cache-backed heuristic secret signals to add value even when binaries are unavailable
581
-
582
- > This scanner does not guarantee full secret detection or rule coverage by itself; it reports toolchain status and lightweight in-repo indicators so teams can decide how to harden CI enforcement.
583
-
584
571
  ### Service Dependencies
585
572
 
586
573
  Maps external service and platform dependencies by detecting SDK packages:
@@ -613,15 +600,6 @@ Fast AST-based quality checks to identify upgrade friction hotspots:
613
600
  - Circular dependencies and dead-code estimate
614
601
  - "God file" detection for oversized high-complexity modules
615
602
 
616
- ### OWASP Category Mapping
617
-
618
- Maps security findings into OWASP Top 10 categories for security triage inside existing drift reports:
619
-
620
- - Supports `fast` and `cache-input` modes
621
- - Categorizes findings with severity and CWE metadata
622
- - Emits per-category counts in JSON output
623
- - Designed for CI visibility without requiring a separate report format
624
-
625
603
  ---
626
604
 
627
605
  ## CI Integration
package/README.md CHANGED
@@ -129,7 +129,6 @@ Beyond core drift scoring, Vibgrate can also detect:
129
129
  - Full tooling inventory and build/deploy surface
130
130
  - TypeScript modernity and breaking-change exposure
131
131
  - File hotspots and structural security posture
132
- - Security scanner readiness and local policy coverage checks
133
132
  - Service dependency mapping (cloud, db, auth, messaging, etc.)
134
133
  - Architecture layer mapping
135
134
  - Code-quality metrics (complexity, nesting, cycles, god files)
package/dist/baseline-DXFJEV4M.js ADDED
@@ -0,0 +1,10 @@
1
+ import {
2
+ baselineCommand,
3
+ runBaseline
4
+ } from "./chunk-7MXWH3XU.js";
5
+ import "./chunk-DSKISXFM.js";
6
+ import "./chunk-JQHUH6A3.js";
7
+ export {
8
+ baselineCommand,
9
+ runBaseline
10
+ };
package/dist/{chunk-SEMFRCWZ.js → chunk-7MXWH3XU.js} RENAMED
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  runScan
3
- } from "./chunk-AOCAJJFK.js";
3
+ } from "./chunk-DSKISXFM.js";
4
4
  import {
5
5
  writeJsonFile
6
- } from "./chunk-TBE6NQ5Z.js";
6
+ } from "./chunk-JQHUH6A3.js";
7
7
 
8
8
  // src/commands/baseline.ts
9
9
  import * as path from "path";