@westbayberry/dg 1.0.16 → 1.0.17

package/dist/index.mjs

@@ -114,6 +114,12 @@ function parseConfig(argv) {
   const noConfig = values["no-config"];
   const dgrc = noConfig ? {} : loadDgrc();
   const apiKey = dgrc.apiKey ?? "";
+  if (!apiKey) {
+    process.stderr.write(
+      "Error: Not logged in. Run `dg login` to authenticate.\n"
+    );
+    process.exit(1);
+  }
   const modeRaw = values.mode ?? process.env.DG_MODE ?? dgrc.mode ?? "warn";
   if (!["block", "warn", "off"].includes(modeRaw)) {
     process.stderr.write(
@@ -125,10 +131,7 @@ function parseConfig(argv) {
   const allowlistRaw = values.allowlist ?? process.env.DG_ALLOWLIST ?? "";
   const blockThreshold = Number(values["block-threshold"] ?? dgrc.blockThreshold ?? "70");
   const warnThreshold = Number(values["warn-threshold"] ?? dgrc.warnThreshold ?? "60");
-  let maxPackages = Number(values["max-packages"] ?? dgrc.maxPackages ?? "200");
-  if (!apiKey) {
-    maxPackages = Math.min(maxPackages, 50);
-  }
+  const maxPackages = Number(values["max-packages"] ?? dgrc.maxPackages ?? "200");
   const debug = values.debug || process.env.DG_DEBUG === "1";
   if (isNaN(blockThreshold) || blockThreshold < 0 || blockThreshold > 100) {
     process.stderr.write("Error: --block-threshold must be a number between 0 and 100\n");
@@ -38914,35 +38917,15 @@ async function callAnalyzeAPI(packages, config, onProgress) {
   for (let i = 0; i < packages.length; i += BATCH_SIZE) {
     batches.push(packages.slice(i, i + BATCH_SIZE));
   }
-  const MAX_CONCURRENT_BATCHES = 2;
-  const results = new Array(batches.length);
+  const results = [];
   let completed = 0;
-  let nextIdx = 0;
-  async function runBatch(idx) {
-    const result = await callBatchWithRetry(batches[idx], config);
-    results[idx] = result;
-    completed += batches[idx].length;
+  for (const batch of batches) {
+    const result = await callBatchWithRetry(batch, config);
+    completed += batch.length;
     if (onProgress) {
-      onProgress(completed, packages.length, batches[idx].map((p) => p.name));
-    }
-  }
-  const inFlight = /* @__PURE__ */ new Set();
-  while (nextIdx < batches.length && inFlight.size < MAX_CONCURRENT_BATCHES) {
-    const idx = nextIdx++;
-    const p = runBatch(idx).then(() => {
-      inFlight.delete(p);
-    });
-    inFlight.add(p);
-  }
-  while (inFlight.size > 0) {
-    await Promise.race(inFlight);
-    while (nextIdx < batches.length && inFlight.size < MAX_CONCURRENT_BATCHES) {
-      const idx = nextIdx++;
-      const p = runBatch(idx).then(() => {
-        inFlight.delete(p);
-      });
-      inFlight.add(p);
+      onProgress(completed, packages.length, batch.map((p) => p.name));
     }
+    results.push(result);
   }
   return mergeResponses(results, config);
 }
@@ -39001,16 +38984,13 @@ async function callAnalyzeBatch(packages, config) {
   const timeoutId = setTimeout(() => controller.abort(), 12e4);
   let response;
   try {
-    const headers = {
-      "Content-Type": "application/json",
-      "User-Agent": "dependency-guardian-cli/1.0.0"
-    };
-    if (config.apiKey) {
-      headers["Authorization"] = `Bearer ${config.apiKey}`;
-    }
     response = await fetch(url, {
       method: "POST",
-      headers,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.apiKey}`,
+        "User-Agent": "dependency-guardian-cli/1.0.0"
+      },
       body: JSON.stringify(payload),
       signal: controller.signal
     });
@@ -39032,14 +39012,6 @@ async function callAnalyzeBatch(packages, config) {
     );
   }
   if (response.status === 429) {
-    const body = await response.json().catch(() => ({}));
-    if (body.anonymous) {
-      throw new APIError(
-        "Anonymous scan limit reached. Run `dg login` for 200 free scans/month.",
-        429,
-        ""
-      );
-    }
     throw new APIError(
       "Rate limit exceeded. Upgrade your plan at https://westbayberry.com/pricing",
       429,
@@ -39092,16 +39064,13 @@ async function callPyPIBatch(packages, config) {
   const timeoutId = setTimeout(() => controller.abort(), 12e4);
   let response;
   try {
-    const headers = {
-      "Content-Type": "application/json",
-      "User-Agent": "dependency-guardian-cli/1.0.0"
-    };
-    if (config.apiKey) {
-      headers["Authorization"] = `Bearer ${config.apiKey}`;
-    }
     response = await fetch(url, {
       method: "POST",
-      headers,
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.apiKey}`,
+        "User-Agent": "dependency-guardian-cli/1.0.0"
+      },
       body: JSON.stringify(payload),
       signal: controller.signal
     });
@@ -39123,14 +39092,6 @@ async function callPyPIBatch(packages, config) {
     );
   }
   if (response.status === 429) {
-    const body = await response.json().catch(() => ({}));
-    if (body.anonymous) {
-      throw new APIError(
-        "Anonymous scan limit reached. Run `dg login` for 200 free scans/month.",
-        429,
-        ""
-      );
-    }
     throw new APIError(
       "Rate limit exceeded. Upgrade your plan at https://westbayberry.com/pricing",
       429,
@@ -39155,7 +39116,7 @@ var init_api = __esm({
         this.name = "APIError";
       }
     };
-    BATCH_SIZE = 200;
+    BATCH_SIZE = 15;
     MAX_RETRIES = 2;
     RETRY_DELAY_MS = 5e3;
   }
@@ -39794,7 +39755,7 @@ function truncate(s, max) {
 function groupPackages(packages) {
   const map = /* @__PURE__ */ new Map();
   for (const pkg of packages) {
-    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.category}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
+    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.id}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
     const group = map.get(fingerprint) ?? [];
     group.push(pkg);
     map.set(fingerprint, group);
@@ -39876,7 +39837,7 @@ function renderResultStatic(result, config) {
       const sevLabel = SEVERITY_LABELS[finding.severity] ?? "INFO";
       const colorFn = severityColor(finding.severity);
       lines.push(
-        `    ${colorFn(pad(sevLabel, 10))}${finding.category} \u2014 ${finding.title}`
+        `    ${colorFn(pad(sevLabel, 10))}${finding.id} \u2014 ${finding.title}`
       );
       const evidenceLimit = 3;
       for (let i = 0; i < Math.min(finding.evidence.length, evidenceLimit); i++) {
@@ -39983,11 +39944,6 @@ async function runStatic(config) {
   );
   const output = renderResultStatic(result, config);
   process.stdout.write(output + "\n");
-  if (!config.apiKey && !config.json) {
-    process.stderr.write(
-      "\n" + import_chalk4.default.dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n") + import_chalk4.default.cyan("  Want this on every PR? ") + "Run " + import_chalk4.default.white("dg login") + import_chalk4.default.dim(" \u2192 free tier, 200 scans/month\n") + import_chalk4.default.dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
-    );
-  }
   if (result.action === "block" && config.mode === "block") {
     process.exit(2);
   } else if (result.action === "block" || result.action === "warn") {
@@ -40106,11 +40062,6 @@ async function scanAndInstallStatic(resolved, parsed, config) {
   }
   const output = renderResultStatic(result, config);
   process.stdout.write(output + "\n");
-  if (!config.apiKey) {
-    process.stderr.write(
-      "\n" + import_chalk4.default.dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n") + import_chalk4.default.cyan("  Want this on every PR? ") + "Run " + import_chalk4.default.white("dg login") + import_chalk4.default.dim(" \u2192 free tier, 200 scans/month\n") + import_chalk4.default.dim("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
-    );
-  }
   if (result.action === "warn") {
     process.stderr.write(
       import_chalk4.default.yellow("  Warnings detected. Proceeding with install.\n\n")
@@ -40651,7 +40602,7 @@ var init_DurationLine = __esm({
 function groupPackages2(packages) {
   const map = /* @__PURE__ */ new Map();
   for (const pkg of packages) {
-    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.category}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
+    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.id}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
     const group = map.get(fingerprint) ?? [];
     group.push(pkg);
     map.set(fingerprint, group);
@@ -40771,7 +40722,7 @@ var init_ResultsView = __esm({
                 /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(Text, { children: [
                   "  ",
                   colorFn(pad2(sevLabel, 10)),
-                  finding.category,
+                  finding.id,
                   " ",
                   "\u2014",
                   " ",
@@ -40786,7 +40737,7 @@ var init_ResultsView = __esm({
                   import_chalk6.default.dim(`... and ${overflow} more`)
                 ] }),
                 /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(Text, { children: " " })
-              ] }, `${finding.category}-${idx}`);
+              ] }, `${finding.id}-${idx}`);
             }),
             safeVersion && /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(Text, { children: [
               "  ",
@@ -41288,7 +41239,7 @@ var init_useTerminalSize = __esm({
 function groupPackages3(packages) {
   const map = /* @__PURE__ */ new Map();
   for (const pkg of packages) {
-    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.category}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
+    const fingerprint = pkg.findings.length === 0 ? `__clean_${pkg.score}` : pkg.findings.map((f) => `${f.id}:${f.severity}`).sort().join("|") + `|score:${pkg.score}`;
     const group = map.get(fingerprint) ?? [];
     group.push(pkg);
     map.set(fingerprint, group);
@@ -41407,8 +41358,7 @@ var init_InteractiveResultsView = __esm({
       const viewRef = (0, import_react30.useRef)(view);
       viewRef.current = view;
       const { rows: termRows, cols: termCols } = useTerminalSize();
-      const chromeHeight = FIXED_CHROME + (config.apiKey ? 0 : 2);
-      const availableRows = Math.max(5, termRows - chromeHeight);
+      const availableRows = Math.max(5, termRows - FIXED_CHROME);
       const innerWidth = Math.max(40, termCols - 6);
       const getLevel = (idx) => {
         return view.expandedIndex === idx ? view.expandLevel : null;
@@ -41496,9 +41446,6 @@ var init_InteractiveResultsView = __esm({
           dispatchView({ type: "EXPAND", expandedIndex: newExpIdx, expandLevel: newExpLvl, viewport: newVp });
         } else if (input === "e") {
           if (expIdx === cursor && expLvl === "detail") {
-            const newVp = adjustViewport(cursor, cursor, "summary", vpStart);
-            dispatchView({ type: "EXPAND", expandedIndex: cursor, expandLevel: "summary", viewport: newVp });
-          } else if (expIdx === cursor && expLvl === "summary") {
             const newVp = adjustViewport(cursor, null, null, vpStart);
             dispatchView({ type: "EXPAND", expandedIndex: null, expandLevel: null, viewport: newVp });
           } else {
@@ -41620,12 +41567,6 @@ var init_InteractiveResultsView = __esm({
             ]
           }
         ),
-        !config.apiKey && /* @__PURE__ */ (0, import_jsx_runtime10.jsx)(Box_default, { paddingLeft: 1, paddingRight: 1, width: "100%", children: /* @__PURE__ */ (0, import_jsx_runtime10.jsxs)(Text, { children: [
-          import_chalk10.default.cyan("Want this on every PR?"),
-          " Run ",
-          import_chalk10.default.white("dg login"),
-          import_chalk10.default.dim(" \u2192 free tier, 200 scans/month")
-        ] }) }),
         /* @__PURE__ */ (0, import_jsx_runtime10.jsxs)(Text, { dimColor: true, children: [
           " ",
           groups.length > 0 ? /* @__PURE__ */ (0, import_jsx_runtime10.jsxs)(import_jsx_runtime10.Fragment, { children: [
@@ -41678,8 +41619,8 @@ var init_InteractiveResultsView = __esm({
             " ",
             sevColor(pad3(sevLabel, 4)),
             " ",
-            import_chalk10.default.dim(f.category)
-          ] }, `${f.category}-${idx}`)
+            import_chalk10.default.dim(f.id)
+          ] }, `${f.id}-${idx}`)
         );
       }
       if (hasAffects) {
@@ -41717,15 +41658,15 @@ var init_InteractiveResultsView = __esm({
             " ",
             sevColor(pad3(sevLabel, 4)),
             " ",
-            import_chalk10.default.bold(finding.category)
-          ] }, `${finding.category}-${idx}-badge`)
+            import_chalk10.default.bold(finding.id)
+          ] }, `${finding.id}-${idx}-badge`)
         );
         allLines.push(
           /* @__PURE__ */ (0, import_jsx_runtime10.jsxs)(Text, { dimColor: true, children: [
             continuation,
             " ",
             finding.title
-          ] }, `${finding.category}-${idx}-title`)
+          ] }, `${finding.id}-${idx}-title`)
         );
         for (let i = 0; i < evidenceSlice.length; i++) {
           allLines.push(
@@ -41735,7 +41676,7 @@ var init_InteractiveResultsView = __esm({
               import_chalk10.default.dim("\u203A"),
               " ",
               truncate3(evidenceSlice[i], evidenceWidth)
-            ] }, `${finding.category}-${idx}-ev-${i}`)
+            ] }, `${finding.id}-${idx}-ev-${i}`)
           );
         }
         if (overflow > 0) {
@@ -41744,7 +41685,7 @@ var init_InteractiveResultsView = __esm({
               continuation,
               " ",
               import_chalk10.default.dim(`+${overflow} more`)
-            ] }, `${finding.category}-${idx}-overflow`)
+            ] }, `${finding.id}-${idx}-overflow`)
           );
         }
       }
@@ -41858,8 +41799,10 @@ var init_App2 = __esm({
       (0, import_react32.useEffect)(() => {
         if (!process.stdout.isTTY) return;
         process.stdout.write("\x1B[?1049h");
+        process.stdout.write("\x1B[?1003h");
         process.stdout.write("\x1B[2J\x1B[H");
         return () => {
+          process.stdout.write("\x1B[?1003l");
           process.stdout.write("\x1B[?1049l");
           process.stdout.write("\x1B[?25h");
         };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@westbayberry/dg",
-  "version": "1.0.16",
+  "version": "1.0.17",
   "description": "Supply chain security scanner for npm and Python dependencies — detects malicious packages, typosquatting, dependency confusion, and 26+ attack patterns",
   "bin": {
     "dependency-guardian": "dist/index.mjs",