autoremediator 0.5.0 → 0.7.0

package/README.md

@@ -10,11 +10,13 @@
 > [!WARNING]
 > Automated dependency remediation is a controversial practice.
 > It can reduce exposure windows, but it can also introduce operational and supply-chain risk if used without policy controls.
-> Autoremediator is designed for automation-first teams, and should be paired with explicit policy, CI safeguards, and repository protection rules.
+> Autoremediator is designed for risk-aware automation teams, and should be paired with explicit policy, CI safeguards, and repository protection rules.
 
-Autoremediator is an automation-first Node.js CVE remediation platform package.
+Autoremediator is a risk-aware, agentic Node.js CVE remediation package.
 
-This package is designed for teams that want remediation integrated into GitHub workflows and CI pipelines.
+It correlates OSV package intelligence with CISA KEV known-exploited signals and FIRST EPSS exploit probability scores to prioritize vulnerabilities more likely to matter in production.
+
+This package is designed for teams that want remediation integrated into GitHub workflows and CI pipelines with policy and evidence controls.
 
 It exposes stable SDK and CLI surfaces for direct CVE remediation and scanner-driven automation.
 
@@ -25,7 +27,9 @@ See the [documentation](https://rawlings.github.io/autoremediator/docs/getting-s
 ## Why Teams Use It
 
 - Continuous remediation in CI and scheduled GitHub workflows
+- Risk-aware prioritization using EPSS, CISA KEV, and OSV intelligence
 - Scanner-to-fix pipelines from npm audit, yarn audit, and SARIF inputs
+- Lower vulnerability fatigue by focusing operator attention on exploited and higher-probability issues
 - Policy-aware upgrade behavior for controlled automation at scale
 - Structured evidence and summary outputs for security operations
 - Multiple integration surfaces for platform engineering and automation agents

package/dist/chunk-7XSZTGU7.js

@@ -0,0 +1,16 @@
+// src/version.ts
+import { readFileSync } from "fs";
+function readPackageVersion() {
+  const raw = readFileSync(new URL("../package.json", import.meta.url), "utf8");
+  const metadata = JSON.parse(raw);
+  if (!metadata.version) {
+    throw new Error("packages/core/package.json is missing a version field.");
+  }
+  return metadata.version;
+}
+var PACKAGE_VERSION = readPackageVersion();
+
+export {
+  PACKAGE_VERSION
+};
+//# sourceMappingURL=chunk-7XSZTGU7.js.map

package/dist/chunk-7XSZTGU7.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/version.ts"],"sourcesContent":["import { readFileSync } from \"node:fs\";\n\ninterface PackageMetadata {\n  version?: string;\n}\n\nfunction readPackageVersion(): string {\n  const raw = readFileSync(new URL(\"../package.json\", import.meta.url), \"utf8\");\n  const metadata = JSON.parse(raw) as PackageMetadata;\n\n  if (!metadata.version) {\n    throw new Error(\"packages/core/package.json is missing a version field.\");\n  }\n\n  return metadata.version;\n}\n\nexport const PACKAGE_VERSION = readPackageVersion();"],"mappings":";AAAA,SAAS,oBAAoB;AAM7B,SAAS,qBAA6B;AACpC,QAAM,MAAM,aAAa,IAAI,IAAI,mBAAmB,YAAY,GAAG,GAAG,MAAM;AAC5E,QAAM,WAAW,KAAK,MAAM,GAAG;AAE/B,MAAI,CAAC,SAAS,SAAS;AACrB,UAAM,IAAI,MAAM,wDAAwD;AAAA,EAC1E;AAEA,SAAO,SAAS;AAClB;AAEO,IAAM,kBAAkB,mBAAmB;","names":[]}