bun-ready 0.1.0 → 0.2.0

package/README.md

@@ -39,6 +39,145 @@ bun-ready scan . --no-install --no-test
 - 2 → YELLOW
 - 3 → RED
 
+## Monorepo / Workspaces Support
+
+bun-ready now supports scanning monorepo projects with multiple workspace packages.
+
+### Workspace Discovery
+
+If your `package.json` contains a `workspaces` field (array or object), bun-ready will:
+- Discover all workspace packages automatically
+- Analyze each package individually
+- Aggregate results into a single report
+
+### Configuration
+
+You can create a `bun-ready.config.json` file in your repository root to customize the scan:
+
+```json
+{
+  "ignorePackages": ["packages/legacy"],
+  "ignoreFindings": ["scripts.pm_assumptions"],
+  "nativeAddonAllowlist": ["fsevents"],
+  "failOn": "yellow"
+}
+```
+
+### Options
+
+| Option | Description | Default |
+|---------|-------------|----------|
+| `ignorePackages` | Array of package paths to ignore | `[]` |
+| `ignoreFindings` | Array of finding IDs to ignore | `[]` |
+| `nativeAddonAllowlist` | Packages to exclude from native addon checks | `[]` |
+| `failOn` | When to return non-zero exit code | `"red"` |
+
+### New CLI Flags
+
+`--scope root|packages|all`
+- `root`: Scan only the root package.json
+- `packages`: Scan only workspace packages
+- `all`: Scan root and all workspace packages (default)
+
+`--fail-on green|yellow|red`
+- Controls when bun-ready exits with a failure code
+- `green`: Fail on anything not green (exit 3)
+- `yellow`: Fail on red only (exit 3), yellow passes (exit 0)
+- `red`: Default behavior - green=0, yellow=2, red=3
+
+## How Scoring Works
+
+bun-ready uses a combination of heuristics to determine migration readiness:
+
+### Severity Levels
+
+**🟢 GREEN** - Ready to migrate
+- No critical issues detected
+- Bun install succeeds
+- Tests pass (if compatible)
+- No native addon risks or properly handled
+
+**🟡 YELLOW** - Migration possible with manual fixes
+- Lifecycle scripts present (verify npm compatibility)
+- Native addons detected (may need updates)
+- Package manager assumptions in scripts
+- Node version < 18
+- Dev tools that may need configuration
+
+**🔴 RED** - Migration blocked
+- Bun install fails
+- Native build tools (node-gyp, node-sass)
+- Critical missing dependencies
+- Tests fail
+
+### Findings Categories
+
+- `scripts.lifecycle` - Lifecycle scripts in root or dependencies
+- `scripts.npm_specific` - npm/yarn/pnpm-specific commands
+- `scripts.pm_assumptions` - Package manager assumptions
+- `deps.native_addons` - Native addon dependencies
+- `runtime.node_version` - Node.js version requirements
+- `runtime.dev_tools` - Testing frameworks (jest, vitest, etc.)
+- `runtime.build_tools` - Build tools (webpack, babel, etc.)
+- `runtime.ts_execution` - TypeScript runtime execution
+- `lockfile.missing` - No lockfile detected
+- `lockfile.migration` - Non-Bun lockfile present
+- `install.blocked_scripts` - Scripts blocked by Bun
+- `install.trusted_deps` - Trusted dependencies mentioned
+
+## FAQ
+
+### Why yellow when there's a postinstall script?
+
+Bun runs your project's lifecycle scripts during install, but **does not run** lifecycle scripts of dependencies unless they're in `trustedDependencies`. The yellow warning reminds you to verify these scripts work correctly with Bun.
+
+### What are trustedDependencies?
+
+Bun's `trustedDependencies` configuration controls which packages are allowed to run their lifecycle scripts. You can add trusted packages to this field in your `package.json`:
+
+```json
+{
+  "trustedDependencies": ["some-package"]
+}
+```
+
+### How do I handle monorepo scanning?
+
+For monorepos, bun-ready automatically detects workspaces and scans all packages. Use `--scope` to control what's scanned:
+
+```bash
+# Scan everything (default)
+bun-ready scan .
+
+# Scan only root package
+bun-ready scan . --scope root
+
+# Scan only workspace packages
+bun-ready scan . --scope packages
+```
+
+### Can I ignore certain findings?
+
+Yes! Create a `bun-ready.config.json` file:
+
+```json
+{
+  "ignoreFindings": ["scripts.pm_assumptions"]
+}
+```
+
+### What if a package is in the native addon list but works with Bun?
+
+Add it to the allowlist:
+
+```json
+{
+  "nativeAddonAllowlist": ["fsevents"]
+}
+```
+
+Some packages have optional native modules that can be disabled or work fine with Bun.
+
 ## What it checks (MVP)
 - package.json presence & shape
 - lockfiles (npm/yarn/pnpm/bun)

package/dist/cli.js

@@ -1,11 +1,9 @@
-#!/usr/bin/env node
-
 // src/cli.ts
 import { promises as fs3 } from "node:fs";
-import path3 from "node:path";
+import path5 from "node:path";
 
 // src/analyze.ts
-import path2 from "node:path";
+import path4 from "node:path";
 import os from "node:os";
 import { promises as fs2 } from "node:fs";
 
@@ -81,7 +79,7 @@ var truncateLines = (lines, max) => {
 };
 
 // src/heuristics.ts
-var NATIVE_SUSPECTS = [
+var NATIVE_SUSPECTS_V2 = [
   "node-gyp",
   "node-pre-gyp",
   "prebuild-install",
@@ -97,7 +95,112 @@ var NATIVE_SUSPECTS = [
   "argon2",
   "bufferutil",
   "utf-8-validate",
-  "fsevents"
+  "fsevents",
+  "grpc",
+  "@grpc/grpc-js",
+  "grpc-js",
+  "bcryptjs",
+  "bcrypt",
+  "sodium",
+  "libsodium",
+  "leveldb",
+  "level",
+  "rocksdb",
+  "mysql2",
+  "pg",
+  "oracledb",
+  "nodegit",
+  "ffi-napi",
+  "node-ffi",
+  "ref-napi",
+  "skia-canvas",
+  "jimp",
+  "pdfkit",
+  "sharp",
+  "pixelmatch",
+  "cheerio",
+  "node-wav",
+  "lamejs",
+  "flac-bindings",
+  "opus-recorder",
+  "silk-wasm",
+  "zeromq",
+  "zeromq.js",
+  "mongodb",
+  "redis",
+  "ioredis",
+  "elasticsearch",
+  "snappy",
+  "snappyjs",
+  "iltorb",
+  "brotli",
+  "node-sha3",
+  "ursa",
+  "node-forge",
+  "jsonwebtoken",
+  "node-cron",
+  "bull",
+  "bullmq"
+];
+var DEV_TOOL_SUSPECTS = [
+  "jest",
+  "vitest",
+  "mocha",
+  "chai",
+  "ava",
+  "tap",
+  "jasmine",
+  "karma",
+  "cypress",
+  "playwright",
+  "puppeteer",
+  "selenium-webdriver",
+  "webdriverio",
+  "nightwatch",
+  "testcafe",
+  "protractor"
+];
+var RUNTIME_TOOL_SUSPECTS = [
+  "ts-node",
+  "tsx",
+  "ts-node-dev",
+  "nodemon",
+  "babel",
+  "@babel/core",
+  "@babel/node",
+  "babel-cli",
+  "babel-register",
+  "babel-preset-env",
+  "webpack",
+  "webpack-cli",
+  "rollup",
+  "@rollup/plugin",
+  "esbuild",
+  "vite",
+  "@vitejs/plugin",
+  "swc",
+  "@swc/core",
+  "@swc/register",
+  "turbopack",
+  "snowpack",
+  "parcel",
+  "browserify"
+];
+var PM_SPECIFIC_COMMANDS = [
+  "npm ci",
+  "npm run ci",
+  "pnpm -r",
+  "pnpm recursive",
+  "pnpm workspaces",
+  "yarn workspaces",
+  "yarn workspace",
+  "yarn -w",
+  "lerna run",
+  "nx run",
+  "npx lerna",
+  "npx nx",
+  "turbo run",
+  "rushx"
 ];
 var includesAny = (s, needles) => {
   const lower = s.toLowerCase();
@@ -144,31 +247,6 @@ var detectScriptRisks = (repo) => {
   }
   return findings;
 };
-var detectNativeAddonRisk = (repo) => {
-  const allDeps = {
-    ...repo.dependencies,
-    ...repo.devDependencies,
-    ...repo.optionalDependencies
-  };
-  const names = Object.keys(allDeps);
-  const suspects = stableSort(names.filter((n) => NATIVE_SUSPECTS.includes(n) || includesAny(n, ["napi", "node-gyp", "prebuild", "ffi"])), (x) => x);
-  if (suspects.length === 0)
-    return [];
-  const hardRed = suspects.some((n) => n === "node-gyp" || n === "node-sass");
-  const severity = hardRed ? "red" : "yellow";
-  return [
-    {
-      id: "deps.native_addons",
-      title: "Potential native addons / node-gyp toolchain risk",
-      severity,
-      details: suspects.map((n) => `${n}@${allDeps[n] ?? ""}`.trim()),
-      hints: [
-        "Native addons often require toolchains and can be sensitive to runtime differences.",
-        "If you see install/build failures, try upgrading these packages or switching to pure-JS alternatives."
-      ]
-    }
-  ];
-};
 var detectLockfileSignals = (repo) => {
   const { bunLock, bunLockb, npmLock, yarnLock, pnpmLock } = repo.lockfiles;
   if (bunLock || bunLockb)
@@ -208,6 +286,145 @@ var detectLockfileSignals = (repo) => {
     }
   ];
 };
+var detectRuntimeApiRisks = (repo) => {
+  const findings = [];
+  if (repo.packageJson?.engines?.node) {
+    const nodeVersion = repo.packageJson.engines.node;
+    const match = nodeVersion.match(/>=?(\d+)/);
+    if (match && match[1]) {
+      const minVersion = parseInt(match[1], 10);
+      if (minVersion < 18) {
+        findings.push({
+          id: "runtime.node_version",
+          title: "Node.js version requirement is below Bun's baseline (v18+)",
+          severity: "yellow",
+          details: [`engines.node: ${nodeVersion}`],
+          hints: [
+            "Bun targets Node 18+ compatibility. Packages requiring older Node versions may need updates.",
+            "Check if packages have updates or if version constraints can be relaxed."
+          ]
+        });
+      }
+    }
+  }
+  const allDeps = { ...repo.dependencies, ...repo.devDependencies, ...repo.optionalDependencies };
+  const deps = Object.keys(allDeps);
+  const devToolHits = deps.filter((d) => DEV_TOOL_SUSPECTS.includes(d) || deps.some((x) => x.startsWith(`${d}/`)));
+  const relevantDevTools = devToolHits.filter((d) => allDeps[d]);
+  if (relevantDevTools.length > 0) {
+    findings.push({
+      id: "runtime.dev_tools",
+      title: "Dev tools that may need Bun compatibility checks",
+      severity: "yellow",
+      details: relevantDevTools.map((d) => `${d}@${allDeps[d]}`),
+      hints: [
+        "Testing frameworks like jest/vitest may work, but consider migrating to bun:test for optimal performance.",
+        "Build tools like webpack/esbuild/vite typically work with Bun, but verify your build pipeline.",
+        "Check documentation for each tool's Bun compatibility status."
+      ]
+    });
+  }
+  const runtimeToolHits = deps.filter((d) => RUNTIME_TOOL_SUSPECTS.includes(d) || deps.some((x) => x.startsWith(`${d}/`)));
+  const relevantRuntimeTools = runtimeToolHits.filter((d) => allDeps[d]);
+  if (relevantRuntimeTools.length > 0) {
+    findings.push({
+      id: "runtime.build_tools",
+      title: "Runtime/build tools that may need Bun compatibility verification",
+      severity: "yellow",
+      details: relevantRuntimeTools.map((d) => `${d}@${allDeps[d]}`),
+      hints: [
+        "Tools like ts-node/tsx work with Bun, but verify your TypeScript configuration.",
+        "Bundlers like webpack/vite/esbuild typically work with Bun, but verify your build scripts.",
+        "Consider switching to Bun's native build capabilities for improved performance."
+      ]
+    });
+  }
+  const scriptNames = Object.keys(repo.scripts);
+  const tsRuntimeScripts = scriptNames.filter((k) => {
+    const script = repo.scripts[k]?.toLowerCase() || "";
+    return script.includes("ts-node") || script.includes("tsx") || script.includes("babel-node");
+  });
+  if (tsRuntimeScripts.length > 0) {
+    findings.push({
+      id: "runtime.ts_execution",
+      title: "Scripts use TypeScript runtime execution (ts-node/tsx/babel-node)",
+      severity: "yellow",
+      details: tsRuntimeScripts.map((k) => `${k}: ${repo.scripts[k]}`),
+      hints: [
+        "Bun supports TypeScript natively, but verify tsconfig compatibility.",
+        "Consider migrating scripts to use `bun run` directly with TypeScript files.",
+        "Test execution of affected scripts with Bun before full migration."
+      ]
+    });
+  }
+  return findings;
+};
+var detectPmAssumptions = (repo) => {
+  const findings = [];
+  const scriptNames = Object.keys(repo.scripts);
+  const pmSpecificHits = [];
+  for (const scriptName of scriptNames) {
+    const script = repo.scripts[scriptName] || "";
+    const lowerScript = script.toLowerCase();
+    for (const cmd of PM_SPECIFIC_COMMANDS) {
+      if (lowerScript.includes(cmd.toLowerCase())) {
+        pmSpecificHits.push({ name: scriptName, command: cmd });
+        break;
+      }
+    }
+  }
+  if (pmSpecificHits.length > 0) {
+    findings.push({
+      id: "scripts.pm_assumptions",
+      title: "Scripts contain package-manager-specific commands",
+      severity: "yellow",
+      details: pmSpecificHits.map((h) => `${h.name}: uses "${h.command}"`),
+      hints: [
+        "Package-manager-specific commands may need adaptation for Bun.",
+        "Test each affected script with Bun to ensure compatibility.",
+        "Consider rewriting scripts to be package-manager agnostic where possible."
+      ]
+    });
+  }
+  return findings;
+};
+var detectNativeAddonRiskV2 = (repo, config) => {
+  const allDeps = {
+    ...repo.dependencies,
+    ...repo.devDependencies,
+    ...repo.optionalDependencies
+  };
+  const names = Object.keys(allDeps);
+  const allowlist = config?.nativeAddonAllowlist || [];
+  const suspects = names.filter((n) => {
+    if (allowlist.includes(n))
+      return false;
+    return NATIVE_SUSPECTS_V2.includes(n) || includesAny(n, ["napi", "node-gyp", "prebuild", "ffi", "bindings", "native", "native-module"]);
+  });
+  const scriptNames = Object.keys(repo.scripts);
+  const hasNodeGypRebuild = scriptNames.some((k) => {
+    const script = repo.scripts[k]?.toLowerCase() || "";
+    return script.includes("node-gyp") || script.includes("node-gyp rebuild");
+  });
+  if (suspects.length === 0 && !hasNodeGypRebuild)
+    return [];
+  const hardRed = suspects.some((n) => n === "node-gyp" || n === "node-sass") || hasNodeGypRebuild;
+  const severity = hardRed ? "red" : "yellow";
+  return [
+    {
+      id: "deps.native_addons",
+      title: "Potential native addons / node-gyp toolchain risk",
+      severity,
+      details: suspects.map((n) => `${n}@${allDeps[n]}`),
+      hints: [
+        "Native addons often require toolchains and can be sensitive to runtime differences.",
+        "If you see install/build failures, try upgrading these packages or switching to pure-JS alternatives.",
+        "Some packages offer optional native modules that can be disabled via configuration.",
+        "Check if native modules are in use or just installed for optional features."
+      ]
+    }
+  ];
+};
 var summarizeSeverity = (findings, installOk, testOk) => {
   let sev = "green";
   for (const f of findings)
@@ -219,33 +436,264 @@ var summarizeSeverity = (findings, installOk, testOk) => {
   return sev;
 };
 
+// src/bun_logs.ts
+function parseInstallLogs(logs) {
+  const blockedDeps = [];
+  const trustedDepsMentioned = [];
+  const notes = [];
+  const blockedKeywords = ["blocked", "not allowed", "lifecycle script", "postinstall blocked", "prepare blocked"];
+  const trustedKeywords = ["trustedDependencies", "trusted", "trust"];
+  for (const log of logs) {
+    const lowerLog = log.toLowerCase();
+    for (const keyword of blockedKeywords) {
+      if (lowerLog.includes(keyword)) {
+        let pkgMatch = log.match(/blocked:\s+(?:lifecycle\s+script\s+(?:for\s+)?)?(@?[a-z0-9-]+\/[a-z0-9-]+|@?[a-z0-9-]+)@[\d.^]+/i);
+        if (pkgMatch && pkgMatch[1] && !blockedDeps.includes(pkgMatch[1])) {
+          blockedDeps.push(pkgMatch[1]);
+        } else {
+          const fallbackMatch = log.match(/blocked:\s+(?:lifecycle\s+script\s+(?:for\s+)?)?(@?[a-z0-9-]+\/[a-z0-9-]+|@?[a-z0-9-]+)/i);
+          if (fallbackMatch && fallbackMatch[1] && !blockedDeps.includes(fallbackMatch[1]) && !blockedKeywords.includes(fallbackMatch[1].toLowerCase())) {
+            blockedDeps.push(fallbackMatch[1]);
+          }
+        }
+        break;
+      }
+    }
+    for (const keyword of trustedKeywords) {
+      if (lowerLog.includes(keyword)) {
+        if (!notes.some((n) => n.toLowerCase().includes(keyword))) {
+          notes.push(log.trim());
+        }
+        const pkgMatch = log.match(/@?[a-z0-9-]+\/[a-z0-9-]+|@?[a-z0-9-]+/gi);
+        if (pkgMatch) {
+          for (const pkg of pkgMatch) {
+            if (pkg.toLowerCase() !== "trusteddependencies" && !trustedDepsMentioned.includes(pkg)) {
+              trustedDepsMentioned.push(pkg);
+            }
+          }
+        }
+        break;
+      }
+    }
+    if (lowerLog.includes("warning") || lowerLog.includes("warn")) {
+      notes.push(log.trim());
+    }
+  }
+  blockedDeps.sort((a, b) => a.localeCompare(b));
+  trustedDepsMentioned.sort((a, b) => a.localeCompare(b));
+  notes.sort();
+  return {
+    blockedDeps,
+    trustedDepsMentioned,
+    notes
+  };
+}
+
+// src/workspaces.ts
+import path2 from "node:path";
+import fsSync from "node:fs";
+function globMatch(pattern, path3) {
+  const patternParts = pattern.split("/");
+  const pathParts = path3.split("/");
+  let patternIdx = 0;
+  let pathIdx = 0;
+  while (patternIdx < patternParts.length && pathIdx < pathParts.length) {
+    const patternPart = patternParts[patternIdx];
+    const pathPart = pathParts[pathIdx];
+    if (patternPart === "**") {
+      if (patternIdx === patternParts.length - 1) {
+        return true;
+      }
+      const nextPatternPart = patternParts[patternIdx + 1];
+      while (pathIdx < pathParts.length && pathParts[pathIdx] !== nextPatternPart) {
+        pathIdx++;
+      }
+      patternIdx++;
+    } else if (patternPart === "*") {
+      patternIdx++;
+      pathIdx++;
+    } else {
+      if (patternPart !== pathPart) {
+        return false;
+      }
+      patternIdx++;
+      pathIdx++;
+    }
+  }
+  if (patternIdx < patternParts.length) {
+    const remaining = patternParts.slice(patternIdx);
+    if (remaining.length === 1 && remaining[0] === "**") {
+      return true;
+    }
+  }
+  return patternIdx === patternParts.length && pathIdx === pathParts.length;
+}
+function discoverFromWorkspaces(rootPath, workspaces) {
+  const patterns = Array.isArray(workspaces) ? workspaces : workspaces.packages;
+  const packages = [];
+  for (const pattern of patterns) {
+    const patternPath = path2.resolve(rootPath, pattern);
+    if (pattern.includes("/*") && !pattern.includes("/**")) {
+      try {
+        const baseDir = path2.dirname(patternPath);
+        const patternName = path2.basename(patternPath);
+        const entries = fsSync.readdirSync(baseDir, { withFileTypes: true });
+        for (const entry of entries) {
+          if (entry.isDirectory() && globMatch(patternName, entry.name)) {
+            const packagePath = path2.join(baseDir, entry.name);
+            const pkgJsonPath = path2.join(packagePath, "package.json");
+            if (fileExistsSync(pkgJsonPath)) {
+              packages.push(packagePath);
+            }
+          }
+        }
+      } catch {}
+    }
+  }
+  return packages;
+}
+function fileExistsSync(filePath) {
+  try {
+    fsSync.accessSync(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function discoverWorkspaces(rootPath) {
+  const packages = [];
+  const rootPkgJson = path2.join(rootPath, "package.json");
+  if (!await fileExists(rootPkgJson)) {
+    return packages;
+  }
+  const rootPkg = await readJsonFile(rootPkgJson);
+  if (!rootPkg.workspaces && !rootPkg.packages) {
+    return packages;
+  }
+  const workspaces = rootPkg.workspaces || rootPkg.packages;
+  if (!workspaces) {
+    return packages;
+  }
+  const packagePaths = discoverFromWorkspaces(rootPath, workspaces);
+  for (const pkgPath of packagePaths) {
+    const pkgJsonPath = path2.join(pkgPath, "package.json");
+    try {
+      const pkg = await readJsonFile(pkgJsonPath);
+      if (pkg.name) {
+        packages.push({
+          name: pkg.name,
+          path: pkgPath,
+          packageJsonPath: pkgJsonPath
+        });
+      }
+    } catch {
+      continue;
+    }
+  }
+  packages.sort((a, b) => a.name.localeCompare(b.name));
+  return packages;
+}
+async function hasWorkspaces(rootPath) {
+  const rootPkgJson = path2.join(rootPath, "package.json");
+  if (!await fileExists(rootPkgJson)) {
+    return false;
+  }
+  const rootPkg = await readJsonFile(rootPkgJson);
+  return Boolean(rootPkg.workspaces || rootPkg.packages);
+}
+
+// src/config.ts
+import path3 from "node:path";
+var CONFIG_FILE_NAME = "bun-ready.config.json";
+async function readConfig(rootPath) {
+  const configPath = path3.join(rootPath, CONFIG_FILE_NAME);
+  if (!await fileExists(configPath)) {
+    return null;
+  }
+  try {
+    const config = await readJsonFile(configPath);
+    return validateConfig(config);
+  } catch (error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`Warning: Invalid ${CONFIG_FILE_NAME}: ${msg}
+`);
+    return null;
+  }
+}
+function validateConfig(config) {
+  if (!config || typeof config !== "object") {
+    return null;
+  }
+  const cfg = config;
+  const result = {};
+  if (Array.isArray(cfg.ignorePackages)) {
+    const validIgnore = cfg.ignorePackages.filter((p) => typeof p === "string");
+    if (validIgnore.length > 0) {
+      result.ignorePackages = validIgnore;
+    }
+  }
+  if (Array.isArray(cfg.ignoreFindings)) {
+    const validIgnore = cfg.ignoreFindings.filter((f) => typeof f === "string");
+    if (validIgnore.length > 0) {
+      result.ignoreFindings = validIgnore;
+    }
+  }
+  if (Array.isArray(cfg.nativeAddonAllowlist)) {
+    const validAllowlist = cfg.nativeAddonAllowlist.filter((p) => typeof p === "string");
+    if (validAllowlist.length > 0) {
+      result.nativeAddonAllowlist = validAllowlist;
+    }
+  }
+  if (typeof cfg.failOn === "string") {
+    const validFailOn = ["green", "yellow", "red"].includes(cfg.failOn);
+    if (validFailOn) {
+      result.failOn = cfg.failOn;
+    }
+  }
+  if (Object.keys(result).length === 0) {
+    return null;
+  }
+  return result;
+}
+function mergeConfigWithOpts(config, opts) {
+  if (!config && !opts.failOn) {
+    return null;
+  }
+  const result = {
+    ...config || {}
+  };
+  if (opts.failOn) {
+    result.failOn = opts.failOn;
+  }
+  return Object.keys(result).length > 0 ? result : null;
+}
+
 // src/analyze.ts
-var readRepoInfo = async (repoPath) => {
-  const packageJsonPath = path2.join(repoPath, "package.json");
+async function readRepoInfo(packagePath) {
+  const packageJsonPath = path4.join(packagePath, "package.json");
   const pkg = await readJsonFile(packageJsonPath);
   const scripts = pkg.scripts ?? {};
   const dependencies = pkg.dependencies ?? {};
   const devDependencies = pkg.devDependencies ?? {};
   const optionalDependencies = pkg.optionalDependencies ?? {};
-  const hasWorkspaces = Boolean(pkg.workspaces);
   const lockfiles = {
-    bunLock: await fileExists(path2.join(repoPath, "bun.lock")),
-    bunLockb: await fileExists(path2.join(repoPath, "bun.lockb")),
-    npmLock: await fileExists(path2.join(repoPath, "package-lock.json")),
-    yarnLock: await fileExists(path2.join(repoPath, "yarn.lock")),
-    pnpmLock: await fileExists(path2.join(repoPath, "pnpm-lock.yaml"))
+    bunLock: await fileExists(path4.join(packagePath, "bun.lock")),
+    bunLockb: await fileExists(path4.join(packagePath, "bun.lockb")),
+    npmLock: await fileExists(path4.join(packagePath, "package-lock.json")),
+    yarnLock: await fileExists(path4.join(packagePath, "yarn.lock")),
+    pnpmLock: await fileExists(path4.join(packagePath, "pnpm-lock.yaml"))
   };
-  return { packageJsonPath, lockfiles, scripts, dependencies, devDependencies, optionalDependencies, hasWorkspaces };
-};
-var copyIfExists = async (from, to) => {
+  return { pkg, scripts, dependencies, devDependencies, optionalDependencies, lockfiles };
+}
+async function copyIfExists(from, to) {
   try {
     await fs2.copyFile(from, to);
   } catch {
     return;
   }
-};
-var runBunInstallDryRun = async (repoPath) => {
-  const base = await fs2.mkdtemp(path2.join(os.tmpdir(), "bun-ready-"));
+}
+async function runBunInstallDryRun(packagePath) {
+  const base = await fs2.mkdtemp(path4.join(os.tmpdir(), "bun-ready-"));
   const cleanup = async () => {
     try {
       await fs2.rm(base, { recursive: true, force: true });
@@ -254,42 +702,147 @@ var runBunInstallDryRun = async (repoPath) => {
     }
   };
   try {
-    await copyIfExists(path2.join(repoPath, "package.json"), path2.join(base, "package.json"));
-    await copyIfExists(path2.join(repoPath, "bun.lock"), path2.join(base, "bun.lock"));
-    await copyIfExists(path2.join(repoPath, "bun.lockb"), path2.join(base, "bun.lockb"));
-    await copyIfExists(path2.join(repoPath, "package-lock.json"), path2.join(base, "package-lock.json"));
-    await copyIfExists(path2.join(repoPath, "yarn.lock"), path2.join(base, "yarn.lock"));
-    await copyIfExists(path2.join(repoPath, "pnpm-lock.yaml"), path2.join(base, "pnpm-lock.yaml"));
+    await copyIfExists(path4.join(packagePath, "package.json"), path4.join(base, "package.json"));
+    await copyIfExists(path4.join(packagePath, "bun.lock"), path4.join(base, "bun.lock"));
+    await copyIfExists(path4.join(packagePath, "bun.lockb"), path4.join(base, "bun.lockb"));
+    await copyIfExists(path4.join(packagePath, "package-lock.json"), path4.join(base, "package-lock.json"));
+    await copyIfExists(path4.join(packagePath, "yarn.lock"), path4.join(base, "yarn.lock"));
+    await copyIfExists(path4.join(packagePath, "pnpm-lock.yaml"), path4.join(base, "pnpm-lock.yaml"));
     const res = await exec("bun", ["install", "--dry-run"], base);
     const combined = [...res.stdout ? res.stdout.split(`
 `) : [], ...res.stderr ? res.stderr.split(`
 `) : []].filter((l) => l.trim().length > 0);
     const logs = truncateLines(combined, 60);
-    return res.code === 0 ? { ok: true, summary: "bun install --dry-run succeeded", logs } : { ok: false, summary: `bun install --dry-run failed (exit ${res.code})`, logs };
+    const installAnalysis = parseInstallLogs(logs);
+    return res.code === 0 ? { ok: true, summary: "bun install --dry-run succeeded", logs, installAnalysis } : { ok: false, summary: `bun install --dry-run failed (exit ${res.code})`, logs, installAnalysis };
   } finally {
     await cleanup();
   }
-};
-var shouldRunBunTest = (repo) => {
-  const t = repo.scripts["test"];
+}
+function shouldRunBunTest(scripts) {
+  const t = scripts["test"];
   if (!t)
     return false;
   return t.toLowerCase().includes("bun test") || t.toLowerCase().trim() === "bun test";
-};
-var runBunTest = async (repoPath) => {
-  const res = await exec("bun", ["test"], repoPath);
+}
+async function runBunTest(packagePath) {
+  const res = await exec("bun", ["test"], packagePath);
   const combined = [...res.stdout ? res.stdout.split(`
 `) : [], ...res.stderr ? res.stderr.split(`
 `) : []].filter((l) => l.trim().length > 0);
   const logs = truncateLines(combined, 120);
   return res.code === 0 ? { ok: true, summary: "bun test succeeded", logs } : { ok: false, summary: `bun test failed (exit ${res.code})`, logs };
-};
-var analyzeRepo = async (opts) => {
+}
+function filterFindings(findings, config) {
+  const ignoreList = config?.ignoreFindings;
+  if (!ignoreList || ignoreList.length === 0) {
+    return findings;
+  }
+  return findings.filter((f) => !ignoreList.includes(f.id));
+}
+async function analyzeSinglePackage(packagePath, opts, config, pkgName) {
+  const info = await readRepoInfo(packagePath);
+  const name = pkgName || info.pkg.name || path4.basename(packagePath);
+  let findings = [
+    ...detectLockfileSignals({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }),
+    ...detectScriptRisks({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }),
+    ...detectNativeAddonRiskV2({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }, config || undefined),
+    ...detectRuntimeApiRisks({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg }),
+    ...detectPmAssumptions({ packageJsonPath: packagePath, lockfiles: info.lockfiles, scripts: info.scripts, dependencies: info.dependencies, devDependencies: info.devDependencies, optionalDependencies: info.optionalDependencies, hasWorkspaces: false, packageJson: info.pkg })
+  ];
+  findings = filterFindings(findings, config);
+  let install = null;
+  let installOk = null;
+  if (opts.runInstall) {
+    const installResult = await runBunInstallDryRun(packagePath);
+    install = {
+      ok: installResult.ok,
+      summary: installResult.summary,
+      logs: installResult.logs
+    };
+    installOk = installResult.ok;
+    if (installResult.installAnalysis.blockedDeps.length > 0) {
+      findings.push({
+        id: "install.blocked_scripts",
+        title: "Lifecycle scripts blocked by Bun",
+        severity: "red",
+        details: installResult.installAnalysis.blockedDeps,
+        hints: [
+          "Bun blocks lifecycle scripts of dependencies unless they are in trustedDependencies.",
+          "Add the blocked packages to trustedDependencies in root package.json.",
+          "Review if these packages are necessary or can be replaced with alternatives."
+        ]
+      });
+    }
+    if (installResult.installAnalysis.trustedDepsMentioned.length > 0) {
+      findings.push({
+        id: "install.trusted_deps",
+        title: "Trusted dependencies mentioned in install output",
+        severity: "yellow",
+        details: installResult.installAnalysis.trustedDepsMentioned,
+        hints: [
+          "Review the trustedDependencies configuration in your package.json.",
+          "Consider adding packages to trustedDependencies if you trust them."
+        ]
+      });
+    }
+  }
+  let test = null;
+  let testOk = null;
+  if (opts.runTest && shouldRunBunTest(info.scripts)) {
+    const testResult = await runBunTest(packagePath);
+    test = {
+      ok: testResult.ok,
+      summary: testResult.summary,
+      logs: testResult.logs
+    };
+    testOk = testResult.ok;
+  }
+  const severity = summarizeSeverity(findings, installOk, testOk);
+  const summaryLines = [];
+  summaryLines.push(`Lockfiles: ${info.lockfiles.bunLock || info.lockfiles.bunLockb ? "bun" : "non-bun or missing"}`);
+  summaryLines.push(`Lifecycle scripts: ${Object.keys(info.scripts).some((k) => ["postinstall", "prepare", "preinstall", "install"].includes(k)) ? "present" : "none"}`);
+  summaryLines.push(`Native addon risk: ${findings.some((f) => f.id === "deps.native_addons") ? "yes" : "no"}`);
+  summaryLines.push(`bun install dry-run: ${install ? install.ok ? "ok" : "failed" : "skipped"}`);
+  summaryLines.push(`bun test: ${test ? test.ok ? "ok" : "failed" : "skipped"}`);
+  return {
+    name,
+    path: packagePath,
+    severity,
+    summaryLines,
+    findings,
+    install,
+    test,
+    scripts: info.scripts,
+    dependencies: info.dependencies,
+    devDependencies: info.devDependencies,
+    optionalDependencies: info.optionalDependencies,
+    lockfiles: info.lockfiles
+  };
+}
+function aggregateSeverity(packages, overallSeverity) {
+  if (overallSeverity === "red")
+    return "red";
+  if (overallSeverity === "yellow")
+    return "yellow";
+  for (const pkg of packages) {
+    if (pkg.severity === "red")
+      return "red";
+  }
+  for (const pkg of packages) {
+    if (pkg.severity === "yellow")
+      return "yellow";
+  }
+  return "green";
+}
+async function analyzeRepoOverall(opts) {
   const repoPath = normalizeRepoPath(opts.repoPath);
-  const packageJsonPath = path2.join(repoPath, "package.json");
+  const packageJsonPath = path4.join(repoPath, "package.json");
   const hasPkg = await fileExists(packageJsonPath);
+  const config = await readConfig(repoPath);
   if (!hasPkg) {
     return {
+      version: "0.2",
       severity: "red",
       summaryLines: ["package.json not found"],
       findings: [
@@ -305,35 +858,90 @@ var analyzeRepo = async (opts) => {
       test: null,
       repo: {
         packageJsonPath,
+        hasWorkspaces: false,
+        rootPackage: { name: "", version: "" },
         lockfiles: { bunLock: false, bunLockb: false, npmLock: false, yarnLock: false, pnpmLock: false },
         scripts: {},
         dependencies: {},
         devDependencies: {},
-        optionalDependencies: {},
-        hasWorkspaces: false
-      }
+        optionalDependencies: {}
+      },
+      packages: [],
+      config
     };
   }
-  const repo = await readRepoInfo(repoPath);
-  const findings = [
-    ...detectLockfileSignals(repo),
-    ...detectScriptRisks(repo),
-    ...detectNativeAddonRisk(repo)
-  ];
-  const install = opts.runInstall ? await runBunInstallDryRun(repoPath) : null;
-  const allowTest = opts.runTest && shouldRunBunTest(repo);
-  const test = allowTest ? await runBunTest(repoPath) : null;
-  const installOk = install ? install.ok : null;
-  const testOk = test ? test.ok : null;
-  const severity = summarizeSeverity(findings, installOk, testOk);
-  const summaryLines = [];
-  summaryLines.push(`Lockfiles: ${repo.lockfiles.bunLock || repo.lockfiles.bunLockb ? "bun" : "non-bun or missing"}`);
-  summaryLines.push(`Lifecycle scripts: ${Object.keys(repo.scripts).some((k) => ["postinstall", "prepare", "preinstall", "install"].includes(k)) ? "present" : "none"}`);
-  summaryLines.push(`Native addon risk: ${findings.some((f) => f.id === "deps.native_addons") ? "yes" : "no"}`);
-  summaryLines.push(`bun install dry-run: ${install ? install.ok ? "ok" : "failed" : "skipped"}`);
-  summaryLines.push(`bun test: ${test ? test.ok ? "ok" : "failed" : allowTest ? "running" : "skipped"}`);
-  return { severity, summaryLines, findings, install, test, repo };
-};
+  const rootInfo = await readRepoInfo(repoPath);
+  const rootHasWorkspaces = await hasWorkspaces(repoPath);
+  const workspacePackages = [];
+  if (rootHasWorkspaces) {
+    workspacePackages.push(...await discoverWorkspaces(repoPath));
+  }
+  let packagesToAnalyze = [];
+  let packagesToReport = [];
+  if (opts.scope === "root") {
+    packagesToAnalyze = [repoPath];
+    packagesToReport = [repoPath];
+  } else if (opts.scope === "packages") {
+    packagesToAnalyze = workspacePackages.map((wp) => wp.path);
+    packagesToReport = workspacePackages.map((wp) => wp.path);
+  } else {
+    packagesToAnalyze = [repoPath, ...workspacePackages.map((wp) => wp.path)];
+    packagesToReport = [repoPath, ...workspacePackages.map((wp) => wp.path)];
+  }
+  const ignorePackages = config?.ignorePackages;
+  if (ignorePackages && ignorePackages.length > 0) {
+    packagesToAnalyze = packagesToAnalyze.filter((p) => {
+      return !ignorePackages.some((ignore) => p.includes(ignore));
+    });
+    packagesToReport = packagesToReport.filter((p) => {
+      return !ignorePackages.some((ignore) => p.includes(ignore));
+    });
+  }
+  const packages = [];
+  for (const packagePath of packagesToAnalyze) {
+    const wp = workspacePackages.find((w) => w.path === packagePath);
+    const analysis = await analyzeSinglePackage(packagePath, opts, config, wp?.name);
+    packages.push(analysis);
+  }
+  const rootAnalysis = packages.find((p) => p.path === repoPath);
+  let overallSeverity = "green";
+  if (rootAnalysis) {
+    overallSeverity = rootAnalysis.severity;
+  }
+  overallSeverity = aggregateSeverity(packages, overallSeverity);
+  const overallFindings = rootAnalysis ? rootAnalysis.findings : [];
+  const overallSummaryLines = [];
+  overallSummaryLines.push(`Total packages analyzed: ${packages.length}`);
+  overallSummaryLines.push(`Workspaces detected: ${rootHasWorkspaces ? "yes" : "no"}`);
+  if (rootHasWorkspaces) {
+    overallSummaryLines.push(`Workspace packages: ${workspacePackages.length}`);
+  }
+  overallSummaryLines.push(`Root package severity: ${rootAnalysis ? rootAnalysis.severity : "unknown"}`);
+  overallSummaryLines.push(`Overall severity: ${overallSeverity}`);
+  return {
+    version: "0.2",
+    severity: overallSeverity,
+    summaryLines: overallSummaryLines,
+    findings: overallFindings,
+    install: rootAnalysis ? rootAnalysis.install : null,
+    test: rootAnalysis ? rootAnalysis.test : null,
+    repo: {
+      packageJsonPath,
+      hasWorkspaces: rootHasWorkspaces,
+      rootPackage: {
+        name: rootInfo.pkg.name || "",
+        version: rootInfo.pkg.version || ""
+      },
+      lockfiles: rootInfo.lockfiles,
+      scripts: rootInfo.scripts,
+      dependencies: rootInfo.dependencies,
+      devDependencies: rootInfo.devDependencies,
+      optionalDependencies: rootInfo.optionalDependencies
+    },
+    packages,
+    config
+  };
+}
 
 // src/report_md.ts
 var badge = (s) => {
@@ -343,7 +951,24 @@ var badge = (s) => {
     return "\uD83D\uDFE1 YELLOW";
   return "\uD83D\uDD34 RED";
 };
-var renderMarkdown = (r) => {
+var getTopFindings = (pkg, count = 3) => {
+  const sorted = [...pkg.findings].sort((a, b) => {
+    const severityOrder = { red: 0, yellow: 1, green: 2 };
+    if (severityOrder[a.severity] !== severityOrder[b.severity]) {
+      return severityOrder[a.severity] - severityOrder[b.severity];
+    }
+    return a.id.localeCompare(b.id);
+  });
+  return sorted.slice(0, count).map((f) => `${badge(f.severity)} ${f.title}`);
+};
+var packageRow = (pkg) => {
+  const name = pkg.name;
+  const path5 = pkg.path.replace(/\\/g, "/");
+  const severity = badge(pkg.severity);
+  const topFindings = getTopFindings(pkg, 2).join(", ") || "No issues";
+  return `| ${name} | \`${path5}\` | ${severity} | ${topFindings} |`;
+};
+function renderMarkdown(r) {
   const lines = [];
   lines.push(`# bun-ready report`);
   lines.push(``);
@@ -353,77 +978,157 @@ var renderMarkdown = (r) => {
   for (const l of r.summaryLines)
     lines.push(`- ${l}`);
   lines.push(``);
-  lines.push(`## Repo`);
+  if (r.version) {
+    lines.push(`**Report version:** ${r.version}`);
+    lines.push(``);
+  }
+  if (r.config) {
+    lines.push(`**Configuration:**`);
+    const configInfo = [];
+    if (r.config.ignorePackages && r.config.ignorePackages.length > 0) {
+      configInfo.push(`Ignored packages: ${r.config.ignorePackages.join(", ")}`);
+    }
+    if (r.config.ignoreFindings && r.config.ignoreFindings.length > 0) {
+      configInfo.push(`Ignored findings: ${r.config.ignoreFindings.join(", ")}`);
+    }
+    if (r.config.nativeAddonAllowlist && r.config.nativeAddonAllowlist.length > 0) {
+      configInfo.push(`Native addon allowlist: ${r.config.nativeAddonAllowlist.join(", ")}`);
+    }
+    if (r.config.failOn) {
+      configInfo.push(`Fail on: ${r.config.failOn}`);
+    }
+    if (configInfo.length > 0) {
+      for (const info of configInfo) {
+        lines.push(`- ${info}`);
+      }
+    } else {
+      lines.push(`- Using default configuration`);
+    }
+    lines.push(``);
+  }
+  lines.push(`## Root Package`);
   lines.push(`- Path: \`${r.repo.packageJsonPath.replace(/\\/g, "/")}\``);
   lines.push(`- Workspaces: ${r.repo.hasWorkspaces ? "yes" : "no"}`);
-  const lock = [];
-  if (r.repo.lockfiles.bunLock)
-    lock.push("bun.lock");
-  if (r.repo.lockfiles.bunLockb)
-    lock.push("bun.lockb");
-  if (r.repo.lockfiles.npmLock)
-    lock.push("package-lock.json");
-  if (r.repo.lockfiles.yarnLock)
-    lock.push("yarn.lock");
-  if (r.repo.lockfiles.pnpmLock)
-    lock.push("pnpm-lock.yaml");
-  lines.push(`- Lockfiles: ${lock.length === 0 ? "none" : lock.join(", ")}`);
+  lines.push(`- Name: ${r.repo.rootPackage?.name || "unknown"}`);
+  lines.push(`- Version: ${r.repo.rootPackage?.version || "unknown"}`);
   lines.push(``);
-  if (r.install) {
+  if (r.packages && (r.packages.length > 1 || r.packages.length === 1 && r.repo.hasWorkspaces)) {
+    lines.push(`## Packages Overview`);
+    lines.push(`| Package | Path | Status | Key Findings |`);
+    lines.push(`|---------|------|--------|--------------|`);
+    const sortedPackages = stableSort(r.packages, (p) => p.name);
+    for (const pkg of sortedPackages) {
+      lines.push(packageRow(pkg));
+    }
+    lines.push(``);
+  }
+  const rootPkg = r.packages?.find((p) => p.path === r.repo.packageJsonPath);
+  if (rootPkg?.install) {
     lines.push(`## bun install (dry-run)`);
-    lines.push(`- Result: ${r.install.ok ? "ok" : "failed"}`);
-    lines.push(`- Summary: ${r.install.summary}`);
-    if (r.install.logs.length > 0) {
+    lines.push(`- Result: ${rootPkg.install.ok ? "ok" : "failed"}`);
+    lines.push(`- Summary: ${rootPkg.install.summary}`);
+    if (rootPkg.install.logs.length > 0) {
       lines.push(``);
       lines.push("```text");
-      for (const l of r.install.logs)
+      for (const l of rootPkg.install.logs)
         lines.push(l);
       lines.push("```");
     }
     lines.push(``);
   }
-  if (r.test) {
+  if (rootPkg?.test) {
     lines.push(`## bun test`);
-    lines.push(`- Result: ${r.test.ok ? "ok" : "failed"}`);
-    lines.push(`- Summary: ${r.test.summary}`);
-    if (r.test.logs.length > 0) {
+    lines.push(`- Result: ${rootPkg.test.ok ? "ok" : "failed"}`);
+    lines.push(`- Summary: ${rootPkg.test.summary}`);
+    if (rootPkg.test.logs.length > 0) {
       lines.push(``);
       lines.push("```text");
-      for (const l of r.test.logs)
+      for (const l of rootPkg.test.logs)
         lines.push(l);
       lines.push("```");
     }
     lines.push(``);
   }
-  lines.push(`## Findings`);
+  lines.push(`## Root Findings`);
   if (r.findings.length === 0) {
-    lines.push(`No findings. Looks good.`);
-    lines.push(``);
-    return lines.join(`
-`);
+    lines.push(`No findings for root package.`);
+  } else {
+    const findings = stableSort(r.findings, (f) => `${f.severity}:${f.id}`);
+    for (const f of findings) {
+      lines.push(`### ${f.title} (${badge(f.severity)})`);
+      lines.push(``);
+      for (const d of f.details)
+        lines.push(`- ${d}`);
+      if (f.hints.length > 0) {
+        lines.push(``);
+        lines.push(`**Hints:**`);
+        for (const h of f.hints)
+          lines.push(`- ${h}`);
+      }
+      lines.push(``);
+    }
   }
-  const findings = stableSort(r.findings, (f) => `${f.severity}:${f.id}`);
-  for (const f of findings) {
-    lines.push(`### ${f.title} (${badge(f.severity)})`);
-    lines.push(``);
-    for (const d of f.details)
-      lines.push(`- ${d}`);
-    if (f.hints.length > 0) {
+  lines.push(``);
+  if (r.packages && r.packages.length > 0) {
+    const sortedPackages = stableSort(r.packages, (p) => p.name);
+    for (const pkg of sortedPackages) {
+      lines.push(`## Package: ${pkg.name} (${badge(pkg.severity)})`);
+      lines.push(``);
+      lines.push(`**Path:** \`${pkg.path.replace(/\\/g, "/")}\``);
+      lines.push(``);
+      for (const l of pkg.summaryLines)
+        lines.push(`- ${l}`);
+      lines.push(``);
+      if (pkg.install) {
+        lines.push(`**bun install (dry-run):** ${pkg.install.ok ? "ok" : "failed"}`);
+        if (pkg.install.logs.length > 0 && pkg.install.logs.length < 10) {
+          lines.push(``);
+          lines.push("```text");
+          for (const l of pkg.install.logs)
+            lines.push(l);
+          lines.push("```");
+        }
+        lines.push(``);
+      }
+      if (pkg.test) {
+        lines.push(`**bun test:** ${pkg.test.ok ? "ok" : "failed"}`);
+        if (pkg.test.logs.length > 0 && pkg.test.logs.length < 10) {
+          lines.push(``);
+          lines.push("```text");
+          for (const l of pkg.test.logs)
+            lines.push(l);
+          lines.push("```");
+        }
+        lines.push(``);
+      }
+      lines.push(`**Findings:**`);
+      if (pkg.findings.length === 0) {
+        lines.push(`No findings for this package.`);
+      } else {
+        const findings = stableSort(pkg.findings, (f) => `${f.severity}:${f.id}`);
+        for (const f of findings) {
+          lines.push(``);
+          lines.push(`### ${f.title} (${badge(f.severity)})`);
+          for (const d of f.details)
+            lines.push(`- ${d}`);
+          if (f.hints.length > 0) {
+            lines.push(`**Hints:**`);
+            for (const h of f.hints)
+              lines.push(`- ${h}`);
+          }
+        }
+      }
       lines.push(``);
-      lines.push(`**Hints:**`);
-      for (const h of f.hints)
-        lines.push(`- ${h}`);
     }
-    lines.push(``);
   }
   return lines.join(`
 `);
-};
+}
 
 // src/report_json.ts
-var renderJson = (r) => {
+function renderJson(r) {
   return JSON.stringify(r, null, 2);
-};
+}
 
 // src/cli.ts
 var usage = () => {
@@ -431,10 +1136,22 @@ var usage = () => {
     "bun-ready",
     "",
     "Usage:",
-    "  bun-ready scan <path> [--format md|json] [--out <file>] [--no-install] [--no-test] [--verbose]",
+    "  bun-ready scan <path> [--format md|json] [--out <file>] [--no-install] [--no-test] [--verbose] [--scope root|packages|all] [--fail-on green|yellow|red]",
+    "",
+    "Options:",
+    "  --format md|json       Output format (default: md)",
+    "  --out <file>          Output file path (default: bun-ready.md or bun-ready.json)",
+    "  --no-install           Skip bun install --dry-run",
+    "  --no-test             Skip bun test",
+    "  --verbose              Show detailed output",
+    "  --scope root|packages|all  Scan scope for monorepos (default: all)",
+    "  --fail-on green|yellow|red  Fail policy (default: red)",
     "",
     "Exit codes:",
-    "  0 green, 2 yellow, 3 red"
+    "  0   green",
+    "  2   yellow",
+    "  3   red",
+    "  1   invalid command"
   ].join(`
 `);
 };
@@ -444,7 +1161,15 @@ var parseArgs = (argv) => {
   if (cmd !== "scan") {
     return {
       cmd,
-      opts: { repoPath: ".", format: "md", outFile: null, runInstall: true, runTest: true, verbose: false }
+      opts: {
+        repoPath: ".",
+        format: "md",
+        outFile: null,
+        runInstall: true,
+        runTest: true,
+        verbose: false,
+        scope: "all"
+      }
     };
   }
   const repoPath = args[1] && !args[1].startsWith("-") ? args[1] : ".";
@@ -453,6 +1178,8 @@ var parseArgs = (argv) => {
   let runInstall = true;
   let runTest = true;
   let verbose = false;
+  let scope = "all";
+  let failOn;
   for (let i = 2;i < args.length; i++) {
     const a = args[i] ?? "";
     if (a === "--format") {
@@ -479,10 +1206,56 @@ var parseArgs = (argv) => {
       verbose = true;
       continue;
     }
+    if (a === "--scope") {
+      const v = args[i + 1] ?? "";
+      if (v === "root" || v === "packages" || v === "all")
+        scope = v;
+      i++;
+      continue;
+    }
+    if (a === "--fail-on") {
+      const v = args[i + 1] ?? "";
+      if (v === "green" || v === "yellow" || v === "red")
+        failOn = v;
+      i++;
+      continue;
+    }
+  }
+  const baseOpts = {
+    repoPath,
+    format,
+    outFile,
+    runInstall,
+    runTest,
+    verbose,
+    scope
+  };
+  if (failOn !== undefined) {
+    baseOpts.failOn = failOn;
   }
-  return { cmd, opts: { repoPath, format, outFile, runInstall, runTest, verbose } };
+  return {
+    cmd,
+    opts: baseOpts
+  };
 };
-var exitCode = (sev) => {
+var exitCode = (sev, failOn) => {
+  if (!failOn) {
+    if (sev === "green")
+      return 0;
+    if (sev === "yellow")
+      return 2;
+    return 3;
+  }
+  if (failOn === "green") {
+    if (sev === "green")
+      return 0;
+    return 3;
+  }
+  if (failOn === "yellow") {
+    if (sev === "red")
+      return 3;
+    return 0;
+  }
   if (sev === "green")
     return 0;
   if (sev === "yellow")
@@ -496,14 +1269,27 @@ var main = async () => {
 `);
     process.exit(1);
   }
-  const res = await analyzeRepo(opts);
+  const config = await mergeConfigWithOpts(null, opts);
+  const scanOpts = {
+    repoPath: opts.repoPath,
+    format: opts.format,
+    outFile: opts.outFile,
+    runInstall: opts.runInstall,
+    runTest: opts.runTest,
+    verbose: opts.verbose,
+    scope: opts.scope
+  };
+  if (opts.failOn !== undefined) {
+    scanOpts.failOn = opts.failOn;
+  }
+  const res = await analyzeRepoOverall(scanOpts);
   const out = opts.format === "json" ? renderJson(res) : renderMarkdown(res);
   const target = opts.outFile ?? (opts.format === "json" ? "bun-ready.json" : "bun-ready.md");
-  const resolved = path3.resolve(process.cwd(), target);
+  const resolved = path5.resolve(process.cwd(), target);
   await fs3.writeFile(resolved, out, "utf8");
   process.stdout.write(`Wrote ${opts.format.toUpperCase()} report to ${resolved}
 `);
-  process.exit(exitCode(res.severity));
+  process.exit(exitCode(res.severity, config?.failOn || opts.failOn));
 };
 main().catch((e) => {
   const msg = e instanceof Error ? e.message : String(e);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bun-ready",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "CLI that estimates how painful migrating a Node.js repo to Bun might be. Generates a green/yellow/red Markdown report with reasons.",
   "author": "Pas7 Studio",
   "license": "Apache-2.0",