@westbayberry/dg 1.0.17 → 1.0.22

package/dist/index.mjs

@@ -39,6 +39,149 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
+// src/auth.ts
+var auth_exports = {};
+__export(auth_exports, {
+  clearCredentials: () => clearCredentials,
+  createAuthSession: () => createAuthSession,
+  getOrCreateDeviceId: () => getOrCreateDeviceId,
+  getStoredApiKey: () => getStoredApiKey,
+  openBrowser: () => openBrowser,
+  pollAuthSession: () => pollAuthSession,
+  saveCredentials: () => saveCredentials
+});
+import { readFileSync, writeFileSync, chmodSync, unlinkSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+import { exec } from "node:child_process";
+import { randomUUID } from "node:crypto";
+async function createAuthSession() {
+  let res;
+  try {
+    res = await globalThis.fetch(`${WEB_BASE}/cli/auth/sessions`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" }
+    });
+  } catch {
+    throw new Error("Could not connect to westbayberry.com");
+  }
+  if (!res.ok) {
+    const body = await res.text().catch(() => "");
+    throw new Error(
+      `Failed to create auth session (HTTP ${res.status})${body ? `: ${body}` : ""}`
+    );
+  }
+  const json = await res.json();
+  return {
+    sessionId: json.session_id,
+    verifyUrl: json.verify_url,
+    expiresIn: json.expires_in
+  };
+}
+async function pollAuthSession(sessionId) {
+  let res;
+  try {
+    res = await globalThis.fetch(
+      `${WEB_BASE}/cli/auth/sessions/${sessionId}/token`
+    );
+  } catch {
+    return { status: "expired" };
+  }
+  if (res.status === 404) {
+    return { status: "expired" };
+  }
+  if (!res.ok) {
+    return { status: "expired" };
+  }
+  const json = await res.json();
+  return {
+    status: json.status,
+    apiKey: json.api_key,
+    email: json.email
+  };
+}
+function configPath() {
+  return join(homedir(), CONFIG_FILE);
+}
+function readConfig() {
+  try {
+    const raw = readFileSync(configPath(), "utf-8");
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed;
+    }
+    return {};
+  } catch {
+    return {};
+  }
+}
+function saveCredentials(apiKey) {
+  const data = readConfig();
+  data.apiKey = apiKey;
+  const p = configPath();
+  writeFileSync(p, JSON.stringify(data, null, 2) + "\n", "utf-8");
+  chmodSync(p, 384);
+}
+function clearCredentials() {
+  const p = configPath();
+  if (!existsSync(p)) return;
+  const data = readConfig();
+  delete data.apiKey;
+  if (Object.keys(data).length === 0) {
+    unlinkSync(p);
+  } else {
+    writeFileSync(p, JSON.stringify(data, null, 2) + "\n", "utf-8");
+    chmodSync(p, 384);
+  }
+}
+function getStoredApiKey() {
+  const data = readConfig();
+  if (typeof data.apiKey === "string" && data.apiKey.length > 0) {
+    return data.apiKey;
+  }
+  return null;
+}
+function getOrCreateDeviceId() {
+  const data = readConfig();
+  if (typeof data.deviceId === "string" && data.deviceId.length > 0) {
+    return data.deviceId;
+  }
+  const deviceId = randomUUID();
+  data.deviceId = deviceId;
+  const p = configPath();
+  writeFileSync(p, JSON.stringify(data, null, 2) + "\n", "utf-8");
+  chmodSync(p, 384);
+  return deviceId;
+}
+function openBrowser(url) {
+  if (!/^https?:\/\//i.test(url)) return;
+  const escaped = url.replace(/"/g, '\\"');
+  let cmd;
+  switch (process.platform) {
+    case "darwin":
+      cmd = `open "${escaped}"`;
+      break;
+    case "linux":
+      cmd = `xdg-open "${escaped}"`;
+      break;
+    case "win32":
+      cmd = `start "" "${escaped}"`;
+      break;
+    default:
+      return;
+  }
+  exec(cmd, () => {
+  });
+}
+var WEB_BASE, CONFIG_FILE;
+var init_auth = __esm({
+  "src/auth.ts"() {
+    "use strict";
+    WEB_BASE = "https://westbayberry.com";
+    CONFIG_FILE = ".dgrc.json";
+  }
+});
+
 // src/config.ts
 var config_exports = {};
 __export(config_exports, {
@@ -47,19 +190,19 @@ __export(config_exports, {
   parseConfig: () => parseConfig
 });
 import { parseArgs } from "node:util";
-import { readFileSync, existsSync } from "node:fs";
-import { join, dirname } from "node:path";
+import { readFileSync as readFileSync2, existsSync as existsSync2 } from "node:fs";
+import { join as join2, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
-import { homedir } from "node:os";
+import { homedir as homedir2 } from "node:os";
 function loadDgrc() {
   const candidates = [
-    join(process.cwd(), ".dgrc.json"),
-    join(homedir(), ".dgrc.json")
+    join2(process.cwd(), ".dgrc.json"),
+    join2(homedir2(), ".dgrc.json")
   ];
   for (const filepath of candidates) {
-    if (existsSync(filepath)) {
+    if (existsSync2(filepath)) {
       try {
-        return JSON.parse(readFileSync(filepath, "utf-8"));
+        return JSON.parse(readFileSync2(filepath, "utf-8"));
       } catch {
         process.stderr.write(`Warning: Failed to parse ${filepath}, ignoring.
 `);
@@ -72,7 +215,7 @@ function getVersion() {
   try {
     const thisDir = dirname(fileURLToPath(import.meta.url));
     const pkg = JSON.parse(
-      readFileSync(join(thisDir, "..", "package.json"), "utf-8")
+      readFileSync2(join2(thisDir, "..", "package.json"), "utf-8")
     );
     return pkg.version ?? "1.0.0";
   } catch {
@@ -113,13 +256,8 @@ function parseConfig(argv) {
   const command = positionals[0] ?? "scan";
   const noConfig = values["no-config"];
   const dgrc = noConfig ? {} : loadDgrc();
-  const apiKey = dgrc.apiKey ?? "";
-  if (!apiKey) {
-    process.stderr.write(
-      "Error: Not logged in. Run `dg login` to authenticate.\n"
-    );
-    process.exit(1);
-  }
+  const apiKey = dgrc.apiKey && dgrc.apiKey.length > 0 ? dgrc.apiKey : null;
+  const deviceId = getOrCreateDeviceId();
   const modeRaw = values.mode ?? process.env.DG_MODE ?? dgrc.mode ?? "warn";
   if (!["block", "warn", "off"].includes(modeRaw)) {
     process.stderr.write(
@@ -147,6 +285,7 @@ function parseConfig(argv) {
   }
   return {
     apiKey,
+    deviceId,
     apiUrl: values["api-url"] ?? process.env.DG_API_URL ?? dgrc.apiUrl ?? "https://api.westbayberry.com",
     mode: modeRaw,
     blockThreshold,
@@ -165,6 +304,7 @@ var USAGE;
 var init_config = __esm({
   "src/config.ts"() {
     "use strict";
+    init_auth();
     USAGE = `
   Dependency Guardian \u2014 Supply chain security scanner
 
@@ -231,8 +371,8 @@ var init_config = __esm({
 
 // src/npm-wrapper.ts
 import { spawn } from "node:child_process";
-import { readFileSync as readFileSync2, existsSync as existsSync2 } from "node:fs";
-import { join as join2 } from "node:path";
+import { readFileSync as readFileSync3, existsSync as existsSync3 } from "node:fs";
+import { join as join3 } from "node:path";
 function parseNpmArgs(args) {
   let dgForce = false;
   const filtered = [];
@@ -378,10 +518,10 @@ function runNpm(args) {
   });
 }
 function readBareInstallPackages(cwd2) {
-  const pkgPath = join2(cwd2, "package.json");
-  if (!existsSync2(pkgPath)) return [];
+  const pkgPath = join3(cwd2, "package.json");
+  if (!existsSync3(pkgPath)) return [];
   try {
-    const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+    const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
     const specs = [];
     for (const [name, range] of Object.entries(pkg.dependencies ?? {})) {
       if (typeof range === "string") specs.push(`${name}@${range}`);
@@ -27448,9 +27588,9 @@ var init_ansi_styles = __esm({
 
 // node_modules/wrap-ansi/index.js
 function wrapAnsi(string, columns, options) {
-  return String(string).normalize().replaceAll("\r\n", "\n").split("\n").map((line) => exec(line, columns, options)).join("\n");
+  return String(string).normalize().replaceAll("\r\n", "\n").split("\n").map((line) => exec2(line, columns, options)).join("\n");
 }
-var ESCAPES, END_CODE, ANSI_ESCAPE_BELL, ANSI_CSI, ANSI_OSC, ANSI_SGR_TERMINATOR, ANSI_ESCAPE_LINK, wrapAnsiCode, wrapAnsiHyperlink, wordLengths, wrapWord, stringVisibleTrimSpacesRight, exec;
+var ESCAPES, END_CODE, ANSI_ESCAPE_BELL, ANSI_CSI, ANSI_OSC, ANSI_SGR_TERMINATOR, ANSI_ESCAPE_LINK, wrapAnsiCode, wrapAnsiHyperlink, wordLengths, wrapWord, stringVisibleTrimSpacesRight, exec2;
 var init_wrap_ansi = __esm({
   "node_modules/wrap-ansi/index.js"() {
     init_string_width();
@@ -27522,7 +27662,7 @@ var init_wrap_ansi = __esm({
       }
       return words.slice(0, last).join(" ") + words.slice(last).join("");
     };
-    exec = (string, columns, options = {}) => {
+    exec2 = (string, columns, options = {}) => {
       if (options.trim !== false && string.trim() === "") {
         return "";
       }
@@ -35955,135 +36095,6 @@ var init_build2 = __esm({
   }
 });
 
-// src/auth.ts
-var auth_exports = {};
-__export(auth_exports, {
-  clearCredentials: () => clearCredentials,
-  createAuthSession: () => createAuthSession,
-  getStoredApiKey: () => getStoredApiKey,
-  openBrowser: () => openBrowser,
-  pollAuthSession: () => pollAuthSession,
-  saveCredentials: () => saveCredentials
-});
-import { readFileSync as readFileSync5, writeFileSync as writeFileSync2, chmodSync, unlinkSync, existsSync as existsSync4 } from "node:fs";
-import { join as join4 } from "node:path";
-import { homedir as homedir3 } from "node:os";
-import { exec as exec2 } from "node:child_process";
-async function createAuthSession() {
-  let res;
-  try {
-    res = await globalThis.fetch(`${WEB_BASE}/cli/auth/sessions`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" }
-    });
-  } catch {
-    throw new Error("Could not connect to westbayberry.com");
-  }
-  if (!res.ok) {
-    const body = await res.text().catch(() => "");
-    throw new Error(
-      `Failed to create auth session (HTTP ${res.status})${body ? `: ${body}` : ""}`
-    );
-  }
-  const json = await res.json();
-  return {
-    sessionId: json.session_id,
-    verifyUrl: json.verify_url,
-    expiresIn: json.expires_in
-  };
-}
-async function pollAuthSession(sessionId) {
-  let res;
-  try {
-    res = await globalThis.fetch(
-      `${WEB_BASE}/cli/auth/sessions/${sessionId}/token`
-    );
-  } catch {
-    return { status: "expired" };
-  }
-  if (res.status === 404) {
-    return { status: "expired" };
-  }
-  if (!res.ok) {
-    return { status: "expired" };
-  }
-  const json = await res.json();
-  return {
-    status: json.status,
-    apiKey: json.api_key,
-    email: json.email
-  };
-}
-function configPath() {
-  return join4(homedir3(), CONFIG_FILE);
-}
-function readConfig() {
-  try {
-    const raw = readFileSync5(configPath(), "utf-8");
-    const parsed = JSON.parse(raw);
-    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-      return parsed;
-    }
-    return {};
-  } catch {
-    return {};
-  }
-}
-function saveCredentials(apiKey) {
-  const data = readConfig();
-  data.apiKey = apiKey;
-  const p = configPath();
-  writeFileSync2(p, JSON.stringify(data, null, 2) + "\n", "utf-8");
-  chmodSync(p, 384);
-}
-function clearCredentials() {
-  const p = configPath();
-  if (!existsSync4(p)) return;
-  const data = readConfig();
-  delete data.apiKey;
-  if (Object.keys(data).length === 0) {
-    unlinkSync(p);
-  } else {
-    writeFileSync2(p, JSON.stringify(data, null, 2) + "\n", "utf-8");
-    chmodSync(p, 384);
-  }
-}
-function getStoredApiKey() {
-  const data = readConfig();
-  if (typeof data.apiKey === "string" && data.apiKey.length > 0) {
-    return data.apiKey;
-  }
-  return null;
-}
-function openBrowser(url) {
-  if (!/^https?:\/\//i.test(url)) return;
-  const escaped = url.replace(/"/g, '\\"');
-  let cmd;
-  switch (process.platform) {
-    case "darwin":
-      cmd = `open "${escaped}"`;
-      break;
-    case "linux":
-      cmd = `xdg-open "${escaped}"`;
-      break;
-    case "win32":
-      cmd = `start "" "${escaped}"`;
-      break;
-    default:
-      return;
-  }
-  exec2(cmd, () => {
-  });
-}
-var WEB_BASE, CONFIG_FILE;
-var init_auth = __esm({
-  "src/auth.ts"() {
-    "use strict";
-    WEB_BASE = "https://westbayberry.com";
-    CONFIG_FILE = ".dgrc.json";
-  }
-});
-
 // src/ui/hooks/useLogin.ts
 function reducer(state, action) {
   switch (action.type) {
@@ -38909,9 +38920,34 @@ var init_LoginApp = __esm({
 });
 
 // src/api.ts
+function buildHeaders(config) {
+  const headers = {
+    "Content-Type": "application/json",
+    "User-Agent": "dependency-guardian-cli/1.0.0"
+  };
+  if (config.apiKey) {
+    headers["Authorization"] = `Bearer ${config.apiKey}`;
+  } else {
+    headers["X-Device-Id"] = config.deviceId;
+  }
+  return headers;
+}
+async function handleTrialExhausted(response) {
+  if (response.status === 403) {
+    const body = await response.json().catch(() => ({}));
+    if (body && body.trialExhausted) {
+      const b = body;
+      throw new TrialExhaustedError(b.scansUsed, b.maxScans);
+    }
+    throw new APIError("Forbidden", 403, JSON.stringify(body));
+  }
+}
 async function callAnalyzeAPI(packages, config, onProgress) {
   if (packages.length <= BATCH_SIZE) {
-    return callAnalyzeBatch(packages, config);
+    if (onProgress) onProgress(0, packages.length, packages.map((p) => p.name));
+    const result = await callBatchWithRetry(packages, config);
+    if (onProgress) onProgress(packages.length, packages.length, packages.map((p) => p.name));
+    return result;
   }
   const batches = [];
   for (let i = 0; i < packages.length; i += BATCH_SIZE) {
@@ -38981,29 +39017,26 @@ async function callAnalyzeBatch(packages, config) {
     }
   };
   const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), 12e4);
+  const timeoutId = setTimeout(() => controller.abort(), 18e4);
   let response;
   try {
     response = await fetch(url, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${config.apiKey}`,
-        "User-Agent": "dependency-guardian-cli/1.0.0"
-      },
+      headers: buildHeaders(config),
       body: JSON.stringify(payload),
       signal: controller.signal
     });
   } catch (error) {
     clearTimeout(timeoutId);
     if (error instanceof Error && error.name === "AbortError") {
-      throw new APIError("Request timed out after 120s. Try scanning fewer packages.", 408, "");
+      throw new APIError("Request timed out after 180s. Try scanning fewer packages.", 408, "");
     }
     const cause = error instanceof Error && error.cause;
     const detail = cause ? `: ${cause.message || cause}` : "";
     throw new Error(`fetch failed${detail}`);
   }
   clearTimeout(timeoutId);
+  await handleTrialExhausted(response);
   if (response.status === 401) {
     throw new APIError(
       "Invalid API key. Run `dg logout` then `dg login` to re-authenticate.",
@@ -39061,16 +39094,12 @@ async function callPyPIBatch(packages, config) {
     }
   };
   const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), 12e4);
+  const timeoutId = setTimeout(() => controller.abort(), 18e4);
   let response;
   try {
     response = await fetch(url, {
       method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${config.apiKey}`,
-        "User-Agent": "dependency-guardian-cli/1.0.0"
-      },
+      headers: buildHeaders(config),
       body: JSON.stringify(payload),
       signal: controller.signal
     });
@@ -39084,6 +39113,7 @@ async function callPyPIBatch(packages, config) {
     throw new Error(`fetch failed${detail}`);
   }
   clearTimeout(timeoutId);
+  await handleTrialExhausted(response);
   if (response.status === 401) {
     throw new APIError(
       "Invalid API key. Run `dg logout` then `dg login` to re-authenticate.",
@@ -39104,7 +39134,7 @@ async function callPyPIBatch(packages, config) {
   }
   return await response.json();
 }
-var APIError, BATCH_SIZE, MAX_RETRIES, RETRY_DELAY_MS;
+var APIError, TrialExhaustedError, BATCH_SIZE, MAX_RETRIES, RETRY_DELAY_MS;
 var init_api = __esm({
   "src/api.ts"() {
     "use strict";
@@ -39116,7 +39146,15 @@ var init_api = __esm({
         this.name = "APIError";
       }
     };
-    BATCH_SIZE = 15;
+    TrialExhaustedError = class extends Error {
+      constructor(scansUsed, maxScans) {
+        super("Free trial scans used up. Run `dg login` to create a free account and continue scanning.");
+        this.scansUsed = scansUsed;
+        this.maxScans = maxScans;
+        this.name = "TrialExhaustedError";
+      }
+    };
+    BATCH_SIZE = 75;
     MAX_RETRIES = 2;
     RETRY_DELAY_MS = 5e3;
   }
@@ -39733,6 +39771,31 @@ __export(static_output_exports, {
   runStaticLogin: () => runStaticLogin,
   runStaticNpm: () => runStaticNpm
 });
+function printTrialBanner(result) {
+  if (result.trialScansRemaining === void 0) return;
+  const remaining = result.trialScansRemaining;
+  if (remaining > 0) {
+    process.stderr.write(
+      import_chalk4.default.dim(`  ${remaining} free scan${remaining !== 1 ? "s" : ""} remaining. `) + import_chalk4.default.dim(`Run \`dg login\` for unlimited scans.
+`)
+    );
+  } else {
+    process.stderr.write(
+      import_chalk4.default.yellow(`  No free scans remaining. `) + import_chalk4.default.yellow(`Run \`dg login\` to continue scanning.
+`)
+    );
+  }
+}
+function handleTrialExhausted2(error) {
+  if (error instanceof TrialExhaustedError) {
+    process.stderr.write(
+      import_chalk4.default.yellow("\n  Free trial scans used up.\n") + import_chalk4.default.white("  Run `dg login` to create a free account and continue scanning.\n\n")
+    );
+    process.exit(1);
+    return true;
+  }
+  return false;
+}
 function severityColor(sev) {
   if (sev >= 5) return (s) => import_chalk4.default.bold.red(s);
   if (sev >= 4) return import_chalk4.default.red;
@@ -39934,16 +39997,23 @@ async function runStatic(config) {
   dbg(
     `packages to scan: ${packages.map((p) => `${p.name}@${p.version}`).slice(0, 10).join(", ")}${packages.length > 10 ? ` (+${packages.length - 10} more)` : ""}`
   );
-  const startMs = Date.now();
-  const result = await callAnalyzeAPI(packages, config, (done, total) => {
-    process.stderr.write(import_chalk4.default.dim(`  Analyzed ${done}/${total}...
+  let result;
+  try {
+    const startMs = Date.now();
+    result = await callAnalyzeAPI(packages, config, (done, total) => {
+      process.stderr.write(import_chalk4.default.dim(`  Analyzed ${done}/${total}...
 `));
-  });
-  dbg(
-    `API responded in ${Date.now() - startMs}ms, action=${result.action}, score=${result.score}`
-  );
+    });
+    dbg(
+      `API responded in ${Date.now() - startMs}ms, action=${result.action}, score=${result.score}`
+    );
+  } catch (error) {
+    if (handleTrialExhausted2(error)) return;
+    throw error;
+  }
   const output = renderResultStatic(result, config);
   process.stdout.write(output + "\n");
+  printTrialBanner(result);
   if (result.action === "block" && config.mode === "block") {
     process.exit(2);
   } else if (result.action === "block" || result.action === "warn") {
@@ -40038,6 +40108,7 @@ async function scanAndInstallStatic(resolved, parsed, config) {
       );
     }
   } catch (error) {
+    if (handleTrialExhausted2(error)) return;
     const msg = error instanceof Error ? error.message : String(error);
     process.stderr.write(
       import_chalk4.default.yellow(
@@ -40053,15 +40124,17 @@ async function scanAndInstallStatic(resolved, parsed, config) {
     process.stderr.write(
       import_chalk4.default.green(
         `  ${import_chalk4.default.bold("\u2713")} ${toScan.length} package${toScan.length !== 1 ? "s" : ""} scanned \u2014 all clear
-
 `
       )
     );
+    printTrialBanner(result);
+    process.stderr.write("\n");
     const code = await runNpm(parsed.rawArgs);
     process.exit(code);
   }
   const output = renderResultStatic(result, config);
   process.stdout.write(output + "\n");
+  printTrialBanner(result);
   if (result.action === "warn") {
     process.stderr.write(
       import_chalk4.default.yellow("  Warnings detected. Proceeding with install.\n\n")
@@ -40380,6 +40453,8 @@ function reducer2(_state, action) {
       return { phase: "done", exitCode: action.exitCode };
     case "ERROR":
       return { phase: "error", message: action.message, proceed: action.proceed };
+    case "TRIAL_EXHAUSTED":
+      return { phase: "trial_exhausted" };
   }
 }
 function useNpmWrapper(npmArgs, config) {
@@ -40484,6 +40559,10 @@ function useNpmWrapper(npmArgs, config) {
           return;
         }
       } catch (error) {
+        if (error instanceof TrialExhaustedError) {
+          dispatch({ type: "TRIAL_EXHAUSTED" });
+          return;
+        }
         const message = error instanceof Error ? error.message : String(error);
         dispatch({ type: "ERROR", message, proceed: true });
         dispatch({ type: "INSTALLING" });
@@ -40858,6 +40937,11 @@ var init_NpmWrapperApp = __esm({
           const timer = setTimeout(() => exit(), 0);
           return () => clearTimeout(timer);
         }
+        if (state.phase === "trial_exhausted") {
+          process.exitCode = 1;
+          const timer = setTimeout(() => exit(), 0);
+          return () => clearTimeout(timer);
+        }
         if (state.phase === "passthrough") {
         }
       }, [state, exit]);
@@ -40957,6 +41041,15 @@ var init_NpmWrapperApp = __esm({
           return /* @__PURE__ */ (0, import_jsx_runtime8.jsx)(ErrorView, { error: new Error(state.message) });
         case "passthrough":
           return null;
+        case "trial_exhausted":
+          return /* @__PURE__ */ (0, import_jsx_runtime8.jsxs)(Box_default, { flexDirection: "column", paddingLeft: 2, children: [
+            /* @__PURE__ */ (0, import_jsx_runtime8.jsx)(Text, { color: "yellow", bold: true, children: "Free trial scans used up." }),
+            /* @__PURE__ */ (0, import_jsx_runtime8.jsxs)(Text, { children: [
+              "Run ",
+              /* @__PURE__ */ (0, import_jsx_runtime8.jsx)(Text, { color: "cyan", bold: true, children: "dg login" }),
+              " to create a free account and continue scanning."
+            ] })
+          ] });
       }
     };
   }
@@ -40979,6 +41072,8 @@ function reducer3(_state, action) {
       return { phase: "results", result: action.result, durationMs: action.durationMs, skippedCount: action.skippedCount };
     case "ERROR":
       return { phase: "error", error: action.error };
+    case "TRIAL_EXHAUSTED":
+      return { phase: "trial_exhausted", scansUsed: action.scansUsed, maxScans: action.maxScans };
   }
 }
 function useScan(config) {
@@ -41037,6 +41132,10 @@ async function runNpmScan(packages, skippedCount, config, dispatch) {
     });
     dispatch({ type: "SCAN_COMPLETE", result, durationMs: Date.now() - startMs, skippedCount });
   } catch (error) {
+    if (error instanceof TrialExhaustedError) {
+      dispatch({ type: "TRIAL_EXHAUSTED", scansUsed: error.scansUsed, maxScans: error.maxScans });
+      return;
+    }
     dispatch({ type: "ERROR", error: error instanceof Error ? error : new Error(String(error)) });
   }
 }
@@ -41044,21 +41143,35 @@ async function scanProjects(projects, config, dispatch) {
   try {
     const npmProjects = projects.filter((p) => p.ecosystem === "npm");
     const pypiProjects = projects.filter((p) => p.ecosystem === "pypi");
+    const fullScanConfig = { ...config, scanAll: true };
     const npmPackages = [];
     const pypiPackages = [];
+    const seenNpm = /* @__PURE__ */ new Set();
+    const seenPypi = /* @__PURE__ */ new Set();
     for (const proj of npmProjects) {
       try {
-        const discovery = discoverChanges(proj.path, config);
+        const discovery = discoverChanges(proj.path, fullScanConfig);
         for (const pkg of discovery.packages) {
-          if (!config.allowlist.includes(pkg.name)) npmPackages.push(pkg);
+          const key = `${pkg.name}@${pkg.version}`;
+          if (!config.allowlist.includes(pkg.name) && !seenNpm.has(key)) {
+            seenNpm.add(key);
+            npmPackages.push(pkg);
+          }
         }
       } catch {
       }
     }
     for (const proj of pypiProjects) {
-      const packages = parsePythonDepFile(proj.path, proj.depFile);
-      for (const pkg of packages) {
-        if (!config.allowlist.includes(pkg.name)) pypiPackages.push(pkg);
+      try {
+        const packages = parsePythonDepFile(proj.path, proj.depFile);
+        for (const pkg of packages) {
+          const key = `${pkg.name}@${pkg.version}`;
+          if (!config.allowlist.includes(pkg.name) && !seenPypi.has(key)) {
+            seenPypi.add(key);
+            pypiPackages.push(pkg);
+          }
+        }
+      } catch {
       }
     }
     const totalPackages = npmPackages.length + pypiPackages.length;
@@ -41107,6 +41220,10 @@ async function scanProjects(projects, config, dispatch) {
     };
     dispatch({ type: "SCAN_COMPLETE", result: merged, durationMs: merged.durationMs, skippedCount: 0 });
   } catch (error) {
+    if (error instanceof TrialExhaustedError) {
+      dispatch({ type: "TRIAL_EXHAUSTED", scansUsed: error.scansUsed, maxScans: error.maxScans });
+      return;
+    }
     dispatch({ type: "ERROR", error: error instanceof Error ? error : new Error(String(error)) });
   }
 }
@@ -41799,10 +41916,8 @@ var init_App2 = __esm({
       (0, import_react32.useEffect)(() => {
         if (!process.stdout.isTTY) return;
         process.stdout.write("\x1B[?1049h");
-        process.stdout.write("\x1B[?1003h");
         process.stdout.write("\x1B[2J\x1B[H");
         return () => {
-          process.stdout.write("\x1B[?1003l");
           process.stdout.write("\x1B[?1049l");
           process.stdout.write("\x1B[?25h");
         };
@@ -41829,11 +41944,21 @@ var init_App2 = __esm({
       (0, import_react32.useEffect)(() => {
         if (state.phase === "empty") {
           process.exitCode = 0;
+          process.stderr.write(`${state.message}
+`);
           const timer = setTimeout(() => exit(), 0);
           return () => clearTimeout(timer);
         }
         if (state.phase === "error") {
           process.exitCode = 3;
+          process.stderr.write(`Error: ${state.error.message}
+`);
+          const timer = setTimeout(() => exit(), 0);
+          return () => clearTimeout(timer);
+        }
+        if (state.phase === "trial_exhausted") {
+          process.exitCode = 1;
+          process.stderr.write("Free trial scans used up. Run `dg login` to create a free account and continue scanning.\n");
           const timer = setTimeout(() => exit(), 0);
           return () => clearTimeout(timer);
         }
@@ -41887,6 +42012,15 @@ var init_App2 = __esm({
             return /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(Text, { dimColor: true, children: state.message });
           case "error":
             return /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(ErrorView, { error: state.error });
+          case "trial_exhausted":
+            return /* @__PURE__ */ (0, import_jsx_runtime12.jsxs)(Box_default, { flexDirection: "column", paddingLeft: 2, children: [
+              /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(Text, { color: "yellow", bold: true, children: "Free trial scans used up." }),
+              /* @__PURE__ */ (0, import_jsx_runtime12.jsxs)(Text, { children: [
+                "Run ",
+                /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(Text, { color: "cyan", bold: true, children: "dg login" }),
+                " to create a free account and continue scanning."
+              ] })
+            ] });
         }
       })();
       return /* @__PURE__ */ (0, import_jsx_runtime12.jsx)(Box_default, { flexDirection: "column", height: termRows, children: content });
@@ -41899,16 +42033,16 @@ init_config();
 init_npm_wrapper();
 
 // src/update-check.ts
-import { readFileSync as readFileSync3, writeFileSync } from "node:fs";
-import { homedir as homedir2 } from "node:os";
-import { join as join3 } from "node:path";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync2 } from "node:fs";
+import { homedir as homedir3 } from "node:os";
+import { join as join4 } from "node:path";
 import { spawn as spawn2, execSync } from "node:child_process";
 var PKG_NAME = "@westbayberry/dg";
-var CACHE_FILE = join3(homedir2(), ".dg-update-check.json");
+var CACHE_FILE = join4(homedir3(), ".dg-update-check.json");
 var CHECK_INTERVAL_MS = 24 * 60 * 60 * 1e3;
 function readCache() {
   try {
-    const raw = readFileSync3(CACHE_FILE, "utf-8");
+    const raw = readFileSync4(CACHE_FILE, "utf-8");
     const data = JSON.parse(raw);
     if (typeof data.latest === "string" && typeof data.checkedAt === "number") {
       return data;
@@ -41919,7 +42053,7 @@ function readCache() {
 }
 function writeCache(entry) {
   try {
-    writeFileSync(CACHE_FILE, JSON.stringify(entry), "utf-8");
+    writeFileSync2(CACHE_FILE, JSON.stringify(entry), "utf-8");
   } catch {
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@westbayberry/dg",
-  "version": "1.0.17",
+  "version": "1.0.22",
   "description": "Supply chain security scanner for npm and Python dependencies — detects malicious packages, typosquatting, dependency confusion, and 26+ attack patterns",
   "bin": {
     "dependency-guardian": "dist/index.mjs",