autoremediator 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +44 -14
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -14,6 +14,8 @@ Autoremediator is an automation-first Node.js CVE remediation platform package.
14
14
 
15
15
  This package is designed for teams that want remediation integrated into GitHub workflows and CI pipelines.
16
16
 
17
+ It exposes stable SDK and CLI surfaces for direct CVE remediation and scanner-driven automation.
18
+
17
19
  ## Why Teams Use It
18
20
 
19
21
  - Continuous remediation in CI and scheduled GitHub workflows
@@ -30,6 +32,35 @@ This package is designed for teams that want remediation integrated into GitHub
30
32
  - Platform-level remediation orchestration across many services
31
33
  - Agentic integration via CLI, SDK, MCP, and OpenAPI
32
34
 
35
+ ## How Remediation Works
36
+
37
+ Core pipeline behavior:
38
+
39
+ 1. CVE lookup and enrichment
40
+ 2. installed dependency inventory detection
41
+ 3. vulnerable version matching
42
+ 4. safe version bump attempt
43
+ 5. controlled fallback patch flow when no safe bump exists
44
+
45
+ Safety and policy controls are applied through each stage.
46
+
47
+ ## Trust and Advisory Sources
48
+
49
+ The remediation engine relies on public vulnerability intelligence sources and deterministic policy checks.
50
+
51
+ Primary sources:
52
+
53
+ - [OSV](https://osv.dev)
54
+ - [GitHub Advisory Database](https://github.com/advisories)
55
+ - [NVD](https://nvd.nist.gov)
56
+
57
+ Trust controls:
58
+
59
+ - correlate advisory data with local dependency inventory before action
60
+ - prefer safe version remediation when fixed versions are available
61
+ - emit structured evidence so every remediation attempt is traceable
62
+ - preserve unresolved status when confidence or validation gates fail
63
+
33
64
  ## Surfaces
34
65
 
35
66
  - CLI: workflow and CI execution
@@ -39,15 +70,14 @@ This package is designed for teams that want remediation integrated into GitHub
39
70
 
40
71
  ## Documentation
41
72
 
42
- - https://rawlings.github.io/autoremediator/
43
-
44
- - Getting Started: https://rawlings.github.io/autoremediator/docs/getting-started
45
- - CLI Reference: https://rawlings.github.io/autoremediator/docs/cli
46
- - Scanner Inputs: https://rawlings.github.io/autoremediator/docs/scanner-inputs
47
- - Policy and Safety: https://rawlings.github.io/autoremediator/docs/policy-and-safety
48
- - API and SDK: https://rawlings.github.io/autoremediator/docs/api-sdk
49
- - Integrations: https://rawlings.github.io/autoremediator/docs/integrations
50
- - Contributor Guide: https://rawlings.github.io/autoremediator/docs/contributor-guide
73
+ - [Docs Home](https://rawlings.github.io/autoremediator/)
74
+ - [Getting Started](https://rawlings.github.io/autoremediator/docs/getting-started): install and first remediation runs
75
+ - [CLI Reference](https://rawlings.github.io/autoremediator/docs/cli): command and option semantics
76
+ - [Scanner Inputs](https://rawlings.github.io/autoremediator/docs/scanner-inputs): scanner adapters and format constraints
77
+ - [Policy and Safety](https://rawlings.github.io/autoremediator/docs/policy-and-safety): policy precedence and operational guardrails
78
+ - [API and SDK](https://rawlings.github.io/autoremediator/docs/api-sdk): public programmatic entry points
79
+ - [Integrations](https://rawlings.github.io/autoremediator/docs/integrations): CI workflows and service integrations
80
+ - [Contributor Guide](https://rawlings.github.io/autoremediator/docs/contributor-guide): architecture and extension guidance
51
81
 
52
82
  ## Product Direction
53
83
 
@@ -59,14 +89,14 @@ This package is designed for teams that want remediation integrated into GitHub
59
89
 
60
90
  Start from the live guides instead of repo markdown:
61
91
 
62
- - Quick setup: https://rawlings.github.io/autoremediator/docs/getting-started
63
- - Automation workflows: https://rawlings.github.io/autoremediator/docs/integrations
64
- - Safety controls: https://rawlings.github.io/autoremediator/docs/policy-and-safety
92
+ - [Quick setup](https://rawlings.github.io/autoremediator/docs/getting-started)
93
+ - [Automation workflows](https://rawlings.github.io/autoremediator/docs/integrations)
94
+ - [Safety controls](https://rawlings.github.io/autoremediator/docs/policy-and-safety)
65
95
 
66
96
  ## Package
67
97
 
68
- - npm: https://www.npmjs.com/package/autoremediator
69
- - repository: https://github.com/Rawlings/autoremediator
98
+ - [npm package](https://www.npmjs.com/package/autoremediator)
99
+ - [repository](https://github.com/Rawlings/autoremediator)
70
100
 
71
101
  ## License
72
102
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "autoremediator",
3
3
  "private": false,
4
- "version": "0.2.0",
4
+ "version": "0.2.2",
5
5
  "description": "Automated CVE remediation for Node.js dependencies with CLI, SDK, MCP, and scanner-to-fix workflows.",
6
6
  "keywords": [
7
7
  "security-remediation",