codeslick-cli 1.2.5 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +57 -3
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -155,6 +155,8 @@ codeslick scan [files...] [options]
155
155
  - `--severity, -s <level>` - Override severity threshold (critical|high|medium|low)
156
156
  - `--fix` - Auto-apply fixes where possible (experimental)
157
157
  - `--json` - Output results as JSON (for CI/CD)
158
+ - `--verify` - **NEW**: Run security scan + tests (combined pass/fail) ⭐
159
+ - `--test-command <cmd>` - Custom test command (e.g., "npm test", "pytest")
158
160
 
159
161
  **Default Behavior:** Scans only **staged files** for fast pre-commit feedback.
160
162
 
@@ -167,6 +169,10 @@ codeslick scan --verbose # Show all issues (including MEDIUM/LOW)
167
169
  codeslick scan src/**/*.js # Scan specific files/patterns
168
170
  codeslick scan --json # JSON output (for CI/CD)
169
171
  codeslick scan --severity high # Temporarily override threshold
172
+
173
+ # NEW: Test Execution Integration (v1.3)
174
+ codeslick scan --verify # Run security scan + tests (both must pass)
175
+ codeslick scan --verify --test-command "pytest --cov" # Custom test command
170
176
  ```
171
177
 
172
178
  ---
@@ -246,7 +252,19 @@ The `.codeslick.json` file controls how CodeSlick scans your code.
246
252
  "**/test/**",
247
253
  "**/tests/**"
248
254
  ],
249
- "languages": ["javascript", "typescript", "python", "java", "go"]
255
+ "languages": ["javascript", "typescript", "python", "java", "go"],
256
+
257
+ // NEW: Pass/Fail Thresholds (v1.3)
258
+ "thresholdEnabled": true,
259
+ "thresholdBlockCritical": true,
260
+ "thresholdBlockHigh": false,
261
+ "thresholdMaxVulnerabilities": 50,
262
+ "thresholdMaxEpss": 70,
263
+ "thresholdExemptPaths": ["**/__tests__/**", "vendor/**"],
264
+
265
+ // NEW: Test Execution Integration (v1.3)
266
+ "testCommand": "npm test",
267
+ "testTimeout": 300000
250
268
  }
251
269
  ```
252
270
 
@@ -260,6 +278,16 @@ The `.codeslick.json` file controls how CodeSlick scans your code.
260
278
  | `exclude` | string[] | See above | Glob patterns to exclude from scanning |
261
279
  | `languages` | string[] | All | Languages to scan: `javascript`, `typescript`, `python`, `java`, `go` |
262
280
  | `telemetry` | boolean | `true` | Enable anonymous usage analytics |
281
+ | **Thresholds (v1.3)** | | | |
282
+ | `thresholdEnabled` | boolean | `true` | Enable pass/fail threshold enforcement |
283
+ | `thresholdBlockCritical` | boolean | `true` | Block on CRITICAL vulnerabilities |
284
+ | `thresholdBlockHigh` | boolean | `false` | Block on HIGH severity vulnerabilities |
285
+ | `thresholdMaxVulnerabilities` | number | `50` | Max total vulnerabilities allowed |
286
+ | `thresholdMaxEpss` | number | `70` | Max EPSS score (0-100, exploitability %) |
287
+ | `thresholdExemptPaths` | string[] | `[]` | Glob patterns exempt from thresholds |
288
+ | **Test Execution (v1.3)** | | | |
289
+ | `testCommand` | string | Auto-detect | Test command to run with `--verify` flag |
290
+ | `testTimeout` | number | `300000` | Test execution timeout (milliseconds) |
263
291
 
264
292
  ### Severity Thresholds
265
293
 
@@ -319,7 +347,13 @@ jobs:
319
347
  - uses: actions/setup-node@v3
320
348
  with:
321
349
  node-version: 18
350
+
351
+ # Option 1: Security scan only
322
352
  - run: npx codeslick-cli scan --json > results.json
353
+
354
+ # Option 2: Security scan + tests (v1.3) ⭐
355
+ - run: npx codeslick-cli scan --verify
356
+
323
357
  - uses: actions/upload-artifact@v3
324
358
  if: always()
325
359
  with:
@@ -525,7 +559,26 @@ MIT License - see [LICENSE](../../LICENSE) for details.
525
559
  - **Issues**: https://github.com/VitorLourenco/codeslick2/issues
526
560
  - **Email**: support@codeslick.dev
527
561
 
528
- ## What's New in v1.2
562
+ ## What's New in v1.3 ⭐
563
+
564
+ **Pass/Fail Thresholds + Test Execution Integration** (February 2026)
565
+
566
+ - **`--verify` Flag** - Run security scan + tests in one command (both must pass)
567
+ - **Granular Thresholds** - Configure exactly what blocks commits (CRITICAL only, HIGH+, max count, EPSS score)
568
+ - **Path Exemptions** - Exclude test files, vendor code, docs from threshold enforcement
569
+ - **Auto-Detect Test Frameworks** - Supports npm test, pytest, go test, maven, gradle
570
+ - **Combined Pass/Fail** - Exit code 0 only if BOTH security AND tests pass
571
+ - **CLI Default: Enabled** - Thresholds enforce by default (configurable in `.codeslick.json`)
572
+
573
+ **Example:**
574
+ ```bash
575
+ cs scan --verify # Run security scan + tests
576
+ # ✓ Analyzed 50 files (0 CRITICAL)
577
+ # ✓ Tests passed (127 tests, 0 failures)
578
+ # Exit code: 0 (commit allowed)
579
+ ```
580
+
581
+ ### v1.2 Features
529
582
 
530
583
  - **Go Language Support** - Added comprehensive Go security analysis with 26 security checks
531
584
  - **AI-Generated Code Detection** - Detects AI hallucinations and code smells in Go code
@@ -550,10 +603,11 @@ MIT License - see [LICENSE](../../LICENSE) for details.
550
603
 
551
604
  ## Roadmap
552
605
 
553
- ### v1.3 (Coming Soon)
606
+ ### v1.4 (Coming Q2 2026)
554
607
  - Custom rule configuration
555
608
  - IDE integration (VS Code extension)
556
609
  - Enhanced auto-fix support
610
+ - Smart exemption suggestions (ML-based)
557
611
 
558
612
  ---
559
613
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "codeslick-cli",
3
- "version": "1.2.5",
3
+ "version": "1.3.0",
4
4
  "description": "CodeSlick CLI tool for pre-commit security scanning",
5
5
  "main": "dist/index.js",
6
6
  "bin": {