bun-ready 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +178 -5
  2. package/dist/cli.js +1345 -79
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -23,7 +23,7 @@ bun-ready scan .
23
23
 
24
24
  ## Usage
25
25
  ```bash
26
- bun-ready scan <path> [--format md|json] [--out <file>] [--no-install] [--no-test] [--verbose]
26
+ bun-ready scan <path> [--format md|json|sarif] [--out <file>] [--no-install] [--no-test] [--verbose] [--detailed] [--scope root|packages|all] [--fail-on green|yellow|red] [--ci] [--output-dir <dir>] [--rule <id>=<action>] [--max-warnings <n>] [--baseline <file>] [--update-baseline] [--changed-only] [--since <ref>]
27
27
  ```
28
28
 
29
29
  ## Examples:
@@ -32,6 +32,7 @@ bun-ready scan .
32
32
  bun-ready scan . --out bun-ready.md
33
33
  bun-ready scan ./packages/api --format json
34
34
  bun-ready scan . --no-install --no-test
35
+ bun-ready scan . --detailed
35
36
  ```
36
37
 
37
38
  ## Exit codes
@@ -71,6 +72,7 @@ You can create a `bun-ready.config.json` file in your repository root to customi
71
72
  | `ignoreFindings` | Array of finding IDs to ignore | `[]` |
72
73
  | `nativeAddonAllowlist` | Packages to exclude from native addon checks | `[]` |
73
74
  | `failOn` | When to return non-zero exit code | `"red"` |
75
+ | `detailed` | Enable detailed package usage analysis | `false` |
74
76
 
75
77
  ### New CLI Flags
76
78
 
@@ -80,10 +82,68 @@ You can create a `bun-ready.config.json` file in your repository root to customi
80
82
  - `all`: Scan root and all workspace packages (default)
81
83
 
82
84
  `--fail-on green|yellow|red`
83
- - Controls when bun-ready exits with a failure code
84
- - `green`: Fail on anything not green (exit 3)
85
- - `yellow`: Fail on red only (exit 3), yellow passes (exit 0)
86
- - `red`: Default behavior - green=0, yellow=2, red=3
85
+ - Controls when bun-ready exits with a failure code
86
+ - `green`: Fail on anything not green (exit 3)
87
+ - `yellow`: Fail on red only (exit 3), yellow passes (exit 0)
88
+ - `red`: Default behavior - green=0, yellow=2, red=3
89
+
90
+ `--detailed`
91
+ - Enables detailed package usage analysis
92
+ - Shows which packages are used in which files
93
+ - Provides file-by-file breakdown of imports
94
+ - Output is written to `bun-ready-detailed.md` instead of `bun-ready.md`
95
+ - Requires scanning of all `.ts`, `.js`, `.tsx`, `.jsx` files in the project
96
+ - **Note:** This operation is slower as it needs to read and parse all source files
97
+
98
+ ## Detailed Reports
99
+
100
+ When using the `--detailed` flag, bun-ready provides comprehensive package usage information:
101
+
102
+ ### What it analyzes:
103
+ - All source files with extensions: `.ts`, `.js`, `.tsx`, `.jsx`, `.mts`, `.mjs`
104
+ - Import patterns supported:
105
+ - ES6 imports: `import ... from 'package-name'`
106
+ - Namespace imports: `import * as name from 'package-name'`
107
+ - Dynamic imports: `import('package-name')`
108
+ - CommonJS requires: `require('package-name')`
109
+ - Local imports (starting with `./` or `../`) are ignored
110
+ - Skips `node_modules` and hidden directories
111
+
112
+ ### Output format:
113
+
114
+ The detailed report shows:
115
+ 1. **Package Summary** - Total files analyzed and packages used
116
+ 2. **Per-package usage** - For each package in your dependencies:
117
+ - How many files import it
118
+ - List of all file paths where it's used
119
+ 3. **Regular findings** - All migration risk findings from standard analysis
120
+
121
+ ### Example:
122
+ ```bash
123
+ bun-ready scan . --detailed
124
+ ```
125
+
126
+ This generates `bun-ready-detailed.md` with sections like:
127
+
128
+ ```markdown
129
+ ### @nestjs/common (15 files)
130
+ - src/main.ts
131
+ - src/app.module.ts
132
+ - src/auth/auth.service.ts
133
+ ...
134
+ ```
135
+
136
+ ### Configuration:
137
+
138
+ You can also enable detailed reports via config file:
139
+
140
+ ```json
141
+ {
142
+ "detailed": true
143
+ }
144
+ ```
145
+
146
+ When `detailed` is set in config, it acts as if `--detailed` was passed, unless overridden by CLI flags.
87
147
 
88
148
  ## How Scoring Works
89
149
 
@@ -178,6 +238,119 @@ Add it to the allowlist:
178
238
 
179
239
  Some packages have optional native modules that can be disabled or work fine with Bun.
180
240
 
241
+ ## v0.3 New Features
242
+
243
+ ### CI Mode
244
+
245
+ Run in CI mode for stable, machine-friendly output:
246
+
247
+ ```bash
248
+ bun-ready scan . --ci --output-dir .bun-ready-artifacts
249
+ ```
250
+
251
+ **CI Mode Benefits:**
252
+ - Reduced "human noise" in stdout
253
+ - Stable section ordering in reports
254
+ - CI summary block with top findings and next actions
255
+ - Automatic artifact generation when `--output-dir` is specified
256
+
257
+ ### SARIF Export
258
+
259
+ Generate SARIF 2.1.0 format for GitHub Code Scanning:
260
+
261
+ ```bash
262
+ bun-ready scan . --format sarif --out bun-ready.sarif.json
263
+ ```
264
+
265
+ ### Policy-as-Code
266
+
267
+ Enforce organization-specific migration policies:
268
+
269
+ ```bash
270
+ # CLI flags
271
+ bun-ready scan . --rule deps.native_addons=fail --max-warnings 5
272
+
273
+ # Or in config file
274
+ {
275
+ "rules": [
276
+ { "id": "deps.native_addons", "action": "fail" },
277
+ { "id": "scripts.lifecycle", "action": "off" }
278
+ ],
279
+ "thresholds": {
280
+ "maxWarnings": 10,
281
+ "maxPackagesRed": 2
282
+ }
283
+ }
284
+ ```
285
+
286
+ **Policy Sources** (priority order):
287
+ 1. CLI flags (`--rule`, `--max-warnings`)
288
+ 2. `bun-ready.config.json` file
289
+ 3. Default rules
290
+
291
+ **Policy Actions:**
292
+ - `fail` - Mark finding as failure
293
+ - `warn` - Downgrade to warning
294
+ - `off` - Disable this finding
295
+ - `ignore` - Ignore this finding (don't report)
296
+
297
+ ### Baseline / Regression Detection
298
+
299
+ Prevent regressions by comparing against a baseline:
300
+
301
+ ```bash
302
+ # Create baseline (first time)
303
+ bun-ready scan . --baseline bun-ready-baseline.json --update-baseline
304
+
305
+ # In CI - compare against baseline
306
+ bun-ready scan . --baseline bun-ready-baseline.json --ci
307
+ ```
308
+
309
+ **Baseline Features:**
310
+ - Detects new findings
311
+ - Detects resolved findings
312
+ - Detects severity changes (upgrades/downgrades)
313
+ - Regression verdict: fails if new red findings or increased failures
314
+ - Update baseline with `--update-baseline`
315
+
316
+ ### Changed-Only Scanning (Monorepos)
317
+
318
+ Scan only changed packages to speed up large monorepo PRs:
319
+
320
+ ```bash
321
+ bun-ready scan . --changed-only --since main
322
+ ```
323
+
324
+ **Changed-Only Verdict Types:**
325
+ - **Partial verdict** (no baseline): Warning about partial coverage
326
+ - **Regression verdict** (with baseline): OK - comparing only changed packages
327
+
328
+ ### GitHub Action Integration
329
+
330
+ Use bun-ready as a GitHub Action:
331
+
332
+ ```yaml
333
+ name: bun-ready Check
334
+ on: [pull_request]
335
+ jobs:
336
+ bun-ready:
337
+ runs-on: ubuntu-latest
338
+ steps:
339
+ - uses: actions/checkout@v4
340
+ - uses: oven-sh/setup-bun@v1
341
+ - uses: ./ # Uses action.yml from repo
342
+ with:
343
+ fail-on: yellow
344
+ baseline: bun-ready-baseline.json
345
+ ```
346
+
347
+ **Action Features:**
348
+ - Automatic artifact upload
349
+ - GitHub job summary generation
350
+ - PR comment support
351
+ - SARIF export for Code Scanning
352
+ - Policy and baseline support
353
+
181
354
  ## What it checks (MVP)
182
355
  - package.json presence & shape
183
356
  - lockfiles (npm/yarn/pnpm/bun)