@westbayberry/dg 1.0.34 → 1.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -9
- package/dist/index.mjs +1177 -541
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -57,10 +57,7 @@ Findings include severity (1–5), confidence (0–1), and code evidence with fi
|
|
|
57
57
|
| Flag | Default | Description |
|
|
58
58
|
|------|---------|-------------|
|
|
59
59
|
| `--mode <mode>` | `warn` | `block` / `warn` / `off` |
|
|
60
|
-
| `--block-threshold <n>` | `70` | Score threshold for blocking (0–100) |
|
|
61
|
-
| `--warn-threshold <n>` | `60` | Score threshold for warnings (0–100) |
|
|
62
60
|
| `--max-packages <n>` | `200` | Max packages per scan |
|
|
63
|
-
| `--allowlist <pkgs>` | | Comma-separated packages to skip |
|
|
64
61
|
| `--json` | | Output raw JSON (for CI parsing) |
|
|
65
62
|
| `--scan-all` | | Scan all packages, not just changed |
|
|
66
63
|
| `--base-lockfile <path>` | | Explicit base lockfile for diff |
|
|
@@ -86,10 +83,7 @@ Settings can come from CLI flags, environment variables, or a `.dgrc.json` confi
|
|
|
86
83
|
{
|
|
87
84
|
"apiKey": "dg_...",
|
|
88
85
|
"mode": "block",
|
|
89
|
-
"
|
|
90
|
-
"warnThreshold": 60,
|
|
91
|
-
"maxPackages": 200,
|
|
92
|
-
"allowlist": ["known-safe-pkg"]
|
|
86
|
+
"maxPackages": 200
|
|
93
87
|
}
|
|
94
88
|
```
|
|
95
89
|
|
|
@@ -99,7 +93,6 @@ Settings can come from CLI flags, environment variables, or a `.dgrc.json` confi
|
|
|
99
93
|
|----------|-------------|
|
|
100
94
|
| `DG_API_URL` | API base URL |
|
|
101
95
|
| `DG_MODE` | `block` / `warn` / `off` |
|
|
102
|
-
| `DG_ALLOWLIST` | Comma-separated allowlist |
|
|
103
96
|
| `DG_DEBUG` | Set to `1` for diagnostic output |
|
|
104
97
|
| `DG_WORKSPACE` | Workspace subdirectory |
|
|
105
98
|
|
|
@@ -141,7 +134,7 @@ Block commits that introduce risky dependencies:
|
|
|
141
134
|
dg hook install
|
|
142
135
|
```
|
|
143
136
|
|
|
144
|
-
This adds a pre-commit hook that runs `dg scan --mode block` whenever a lockfile is staged. If any package
|
|
137
|
+
This adds a pre-commit hook that runs `dg scan --mode block` whenever a lockfile is staged. If any package is flagged as high-risk, the commit is rejected. Remove it with `dg hook uninstall`.
|
|
145
138
|
|
|
146
139
|
## npm Wrapper
|
|
147
140
|
|