autoremediator 0.4.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/README.md +11 -11
  2. package/dist/chunk-7XSZTGU7.js +16 -0
  3. package/dist/chunk-7XSZTGU7.js.map +1 -0
  4. package/dist/{chunk-GBOD3DV6.js → chunk-ZXPLOIB7.js} +842 -125
  5. package/dist/chunk-ZXPLOIB7.js.map +1 -0
  6. package/dist/cli.js +41 -6
  7. package/dist/cli.js.map +1 -1
  8. package/dist/index.d.ts +99 -2
  9. package/dist/index.js +21 -3
  10. package/dist/mcp/server.d.ts +2 -240
  11. package/dist/mcp/server.js +14 -69
  12. package/dist/mcp/server.js.map +1 -1
  13. package/dist/openapi/server.d.ts +15 -232
  14. package/dist/openapi/server.js +16 -90
  15. package/dist/openapi/server.js.map +1 -1
  16. package/package.json +2 -2
  17. package/dist/chunk-GBOD3DV6.js.map +0 -1
package/README.md CHANGED
@@ -4,24 +4,32 @@
4
4
  [![npm downloads](https://img.shields.io/npm/dm/autoremediator.svg)](https://www.npmjs.com/package/autoremediator)
5
5
  [![license](https://img.shields.io/npm/l/autoremediator.svg)](https://github.com/Rawlings/autoremediator/blob/master/LICENSE)
6
6
  [![node](https://img.shields.io/node/v/autoremediator.svg)](https://www.npmjs.com/package/autoremediator)
7
+ [![Docker](https://img.shields.io/badge/docker-ghcr.io-blue)](https://github.com/Rawlings/autoremediator/pkgs/container/autoremediator)
8
+ [![GitHub Actions](https://img.shields.io/badge/github--actions-marketplace-blue)](https://github.com/marketplace/actions/autoremediator)
7
9
 
8
10
  > [!WARNING]
9
11
  > Automated dependency remediation is a controversial practice.
10
12
  > It can reduce exposure windows, but it can also introduce operational and supply-chain risk if used without policy controls.
11
- > Autoremediator is designed for automation-first teams, and should be paired with explicit policy, CI safeguards, and repository protection rules.
13
+ > Autoremediator is designed for risk-aware automation teams, and should be paired with explicit policy, CI safeguards, and repository protection rules.
12
14
 
13
- Autoremediator is an automation-first Node.js CVE remediation platform package.
15
+ Autoremediator is a risk-aware, agentic Node.js CVE remediation package.
14
16
 
15
- This package is designed for teams that want remediation integrated into GitHub workflows and CI pipelines.
17
+ It correlates OSV package intelligence with CISA KEV known-exploited signals and FIRST EPSS exploit probability scores to prioritize vulnerabilities more likely to matter in production.
18
+
19
+ This package is designed for teams that want remediation integrated into GitHub workflows and CI pipelines with policy and evidence controls.
16
20
 
17
21
  It exposes stable SDK and CLI surfaces for direct CVE remediation and scanner-driven automation.
18
22
 
19
23
  It also exposes non-mutating planning and correlation context for agent orchestration workflows.
20
24
 
25
+ See the [documentation](https://rawlings.github.io/autoremediator/docs/getting-started) to get started.
26
+
21
27
  ## Why Teams Use It
22
28
 
23
29
  - Continuous remediation in CI and scheduled GitHub workflows
30
+ - Risk-aware prioritization using EPSS, CISA KEV, and OSV intelligence
24
31
  - Scanner-to-fix pipelines from npm audit, yarn audit, and SARIF inputs
32
+ - Lower vulnerability fatigue by focusing operator attention on exploited and higher-probability issues
25
33
  - Policy-aware upgrade behavior for controlled automation at scale
26
34
  - Structured evidence and summary outputs for security operations
27
35
  - Multiple integration surfaces for platform engineering and automation agents
@@ -100,14 +108,6 @@ Public API naming canon: `runTests`, `policy`, `evidence`, `patchCount`, and `pa
100
108
  - Configure policy and branch protection before broad rollout
101
109
  - Use CI summaries and evidence outputs for operational governance
102
110
 
103
- ## Getting Started Fast
104
-
105
- Start from the live guides instead of repo markdown:
106
-
107
- - [Quick setup](https://rawlings.github.io/autoremediator/docs/getting-started)
108
- - [Automation workflows](https://rawlings.github.io/autoremediator/docs/integrations)
109
- - [Safety controls](https://rawlings.github.io/autoremediator/docs/policy-and-safety)
110
-
111
111
  ## Package
112
112
 
113
113
  - [npm package](https://www.npmjs.com/package/autoremediator)
package/dist/chunk-7XSZTGU7.js ADDED
@@ -0,0 +1,16 @@
1
+ // src/version.ts
2
+ import { readFileSync } from "fs";
3
+ function readPackageVersion() {
4
+ const raw = readFileSync(new URL("../package.json", import.meta.url), "utf8");
5
+ const metadata = JSON.parse(raw);
6
+ if (!metadata.version) {
7
+ throw new Error("packages/core/package.json is missing a version field.");
8
+ }
9
+ return metadata.version;
10
+ }
11
+ var PACKAGE_VERSION = readPackageVersion();
12
+
13
+ export {
14
+ PACKAGE_VERSION
15
+ };
16
+ //# sourceMappingURL=chunk-7XSZTGU7.js.map
package/dist/chunk-7XSZTGU7.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/version.ts"],"sourcesContent":["import { readFileSync } from \"node:fs\";\n\ninterface PackageMetadata {\n version?: string;\n}\n\nfunction readPackageVersion(): string {\n const raw = readFileSync(new URL(\"../package.json\", import.meta.url), \"utf8\");\n const metadata = JSON.parse(raw) as PackageMetadata;\n\n if (!metadata.version) {\n throw new Error(\"packages/core/package.json is missing a version field.\");\n }\n\n return metadata.version;\n}\n\nexport const PACKAGE_VERSION = readPackageVersion();"],"mappings":";AAAA,SAAS,oBAAoB;AAM7B,SAAS,qBAA6B;AACpC,QAAM,MAAM,aAAa,IAAI,IAAI,mBAAmB,YAAY,GAAG,GAAG,MAAM;AAC5E,QAAM,WAAW,KAAK,MAAM,GAAG;AAE/B,MAAI,CAAC,SAAS,SAAS;AACrB,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AAEA,SAAO,SAAS;AAClB;AAEO,IAAM,kBAAkB,mBAAmB;","names":[]}