@westbayberry/dg 1.0.59 → 1.0.61

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@westbayberry/dg",
-  "version": "1.0.59",
+  "version": "1.0.61",
   "description": "Supply chain security scanner for npm and Python dependencies — 35 behavioral detectors catch zero-day attacks CVE databases miss. 99.66% catch rate on 155K packages.",
   "bin": {
     "dependency-guardian": "dist/index.mjs",

package/README.md

@@ -1,129 +0,0 @@
-# @westbayberry/dg
-
-Behavioral supply chain security for npm and Python. Reads what packages
-actually do — install hooks, credential access, network exfiltration,
-obfuscation — and gates risky installs before they touch your machine.
-
-**53 detectors · 95.20% npm / 93.88% PyPI catch rate on 17,874 packages · 0.44% npm / 0.29% PyPI FPR** —
-[published methodology](https://westbayberry.com/benchmark).
-
-## What `dg` actually does
-
-| Surface | What it does | Default mode |
-|---|---|---|
-| `dg npm install <pkg>` | Resolves the full dependency tree (top-level + transitive) without running install scripts, scans every package, then invokes the real `npm install` only if the verdict permits. Top-level versions are pinned to the exact version we scanned. Bare `dg npm install` honors `package-lock.json` pinned versions. | **block** |
-| `dg pip install <pkg>` | Resolves the full pip tree via `pip install --dry-run --report=-` (pip ≥ 23.0); scans the full set before invoking real `pip install`. On older pip, transitive scan is reported as unavailable and (in block mode) the install is refused. | **block** |
-| `dg scan` | Read-only audit. Diffs lockfiles and reports findings. Does **not** block anything by default. | warn |
-| `dg hook install` | Adds a pre-commit hook that runs `dg scan --mode block` when a lockfile change is staged. Quiet when nothing is wrong. | block |
-
-For maximum protection in CI/build pipelines, add `--strict` to the install
-wrapper. `--strict` implies `--dg-no-scripts` and refuses any partial-coverage
-scan (transitive enumeration must succeed).
-
-DG only activates when you intentionally invoke it, install the hook, or
-run it in CI. It does not globally hijack `npm`/`pip`.
-
-## Install
-
-```bash
-npm install -g @westbayberry/dg
-```
-
-Requires Node.js 18+.
-
-## Quick Start
-
-```bash
-dg login
-dg scan          # read-only audit of the current project
-```
-
-Scope-truthful output: a clean project shows
-`✓ Dependency Guardian checked 142 packages. No risky behavior found.`
-A flagged install shows only the warn/block packages with one-line
-reasons and a clear next step.
-
-Supports `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`,
-`requirements.txt`, `Pipfile.lock`, and `poetry.lock`.
-
-## Commands
-
-```
-dg scan              Read-only audit of the project's lockfiles
-dg status            Show your auth state, plan tier, and whether protection is on
-dg login / logout    Manage authentication
-dg npm install <pkg> Protective install wrapper (default mode: block)
-dg pip install <pkg> Protective install wrapper (default mode: block)
-dg protect           Opt this project in to auto-protection on every install
-dg protect off       Disable opt-in protection in this project
-dg wrap              Print the shell-alias snippet without writing a project marker
-dg hook install      Install a git pre-commit hook that gates lockfile diffs
-dg hook uninstall    Remove the git pre-commit hook
-dg publish-check     Self-scan before `npm publish` / `pip upload`
-dg update            Check for and install the latest version
-```
-
-Full reference: <https://westbayberry.com/docs/cli-reference>
-
-## Common Options
-
-| Flag | Default | Description |
-|------|---------|-------------|
-| `--mode <mode>` | `warn` for `scan`, `block` for install wrappers | `block` / `warn` / `off` |
-| `--details` | off | Verbose table view (the older format) |
-| `--explain` | off | Plain-English explanation of findings |
-| `--json` | off | Stable machine-readable JSON (CI) |
-| `--ci` | auto when `CI=1` | Deterministic output, no spinners |
-| `--dg-force` | off | Bypass a block (visible in output, audit-friendly) |
-| `--dg-no-scripts` | off | Pass `--ignore-scripts` to the real install |
-| `--strict` | off | Refuse partial-coverage scans + auto `--dg-no-scripts` |
-| `--quiet` | off | Suppress login + update nudges (still prints findings) |
-| `--workspace <dir>` | | Scan a specific workspace subdirectory |
-
-## Exit Codes
-
-| Code | Meaning |
-|------|---------|
-| `0` | Pass |
-| `1` | Warning |
-| `2` | Block |
-| `3` | Error |
-
-## CI
-
-```bash
-npx @westbayberry/dg login
-npx @westbayberry/dg scan --mode block --json
-```
-
-Wire exit code `2` into your pipeline to fail the build.
-
-## Configuration
-
-Settings come from CLI flags, environment variables, or a `.dgrc.json` file in the project or home directory. CLI flags take precedence.
-
-```json
-{
-  "apiKey": "dg_...",
-  "mode": "block"
-}
-```
-
-## Telemetry
-
-The CLI sends anonymous crash reports to Sentry (error message, stack trace, Node version, OS, CLI version). It never sends package names, file paths, API keys, or scan results. API keys and home directory paths are redacted before transmission.
-
-Opt out:
-
-```bash
-export DG_TELEMETRY=0      # or
-export DO_NOT_TRACK=1
-```
-
-## Links
-
-- [Dashboard](https://westbayberry.com/dashboard)
-- [Documentation](https://westbayberry.com/docs) — setup walkthrough
-- [CLI reference](https://westbayberry.com/docs/cli-reference) — every command and flag
-- [Pricing](https://westbayberry.com/pricing)
-- [Changelog](https://github.com/WestBayBerry/dependency-guardian-action/blob/main/CHANGELOG.md)