configsentry 0.0.21 → 0.0.23

package/README.md

@@ -15,7 +15,7 @@ npx configsentry ./docker-compose.yml
 ### GitHub Action (minimal)
 
 ```yml
-- uses: alfredMorgenstern/configsentry@v0.0.20
+- uses: alfredMorgenstern/configsentry@v0.0.21
   with:
     target: .
 ```
@@ -27,7 +27,7 @@ permissions:
   contents: read
   security-events: write
 
-- uses: alfredMorgenstern/configsentry@v0.0.20
+- uses: alfredMorgenstern/configsentry@v0.0.21
   with:
     target: .
     sarif: true
@@ -69,13 +69,13 @@ node dist/cli.js --target ./docker-compose.yml
 ### JSON output (CI / tooling)
 
 ```bash
-node dist/cli.js --target ./docker-compose.yml --json
+node dist/cli.js --target ./docker-compose.yml --format json
 ```
 
 ### SARIF output (GitHub Code Scanning)
 
 ```bash
-node dist/cli.js --target ./docker-compose.yml --sarif > configsentry.sarif.json
+node dist/cli.js --target ./docker-compose.yml --format sarif > configsentry.sarif.json
 ```
 
 ## Baselines (incremental adoption)
@@ -92,6 +92,8 @@ Then suppress baseline findings in CI:
 node dist/cli.js --target ./docker-compose.yml --baseline .configsentry-baseline.json
 ```
 
+Tip: for machine output use `--format json` / `--format sarif`.
+
 ## Docs
 
 - GitHub Action usage examples: [`docs/action-usage.md`](docs/action-usage.md)
@@ -144,7 +146,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: alfredMorgenstern/configsentry@v0.0.20
+      - uses: alfredMorgenstern/configsentry@v0.0.21
         with:
           target: .
           # optional: baseline: .configsentry-baseline.json

package/dist/cli.js

@@ -14,7 +14,17 @@ function parseArgs(argv) {
     const version = args.includes('-v') || args.includes('--version');
     const json = args.includes('--json');
     const sarif = args.includes('--sarif');
-    const output = json ? 'json' : sarif ? 'sarif' : 'pretty';
+    const formatIdx = args.indexOf('--format');
+    const format = formatIdx >= 0 ? args[formatIdx + 1] : undefined;
+    let output = json ? 'json' : sarif ? 'sarif' : 'pretty';
+    if (format) {
+        if (format === 'pretty' || format === 'json' || format === 'sarif') {
+            output = format;
+        }
+        else {
+            // Keep output as-is; main() will print a clear error.
+        }
+    }
     const baselineIdx = args.indexOf('--baseline');
     const baselinePath = baselineIdx >= 0 ? args[baselineIdx + 1] : undefined;
     const writeBaselineIdx = args.indexOf('--write-baseline');
@@ -25,18 +35,19 @@ function parseArgs(argv) {
     // Back-compat: first positional arg
     const targetFromPositional = args.find((a) => !a.startsWith('-'));
     const target = targetFromFlag ?? targetFromPositional;
-    return { args, help, version, output, baselinePath, writeBaselinePath, target };
+    return { args, help, version, output, format, baselinePath, writeBaselinePath, target };
 }
 function usage() {
     console.log(`ConfigSentry (MVP)
 
 Usage:
-  configsentry <file-or-dir> [--json|--sarif] [--baseline <file>] [--write-baseline <file>]
-  configsentry --target <file-or-dir> [--json|--sarif] [--baseline <file>] [--write-baseline <file>]
+  configsentry <file-or-dir> [--json|--sarif|--format <pretty|json|sarif>] [--baseline <file>] [--write-baseline <file>]
+  configsentry --target <file-or-dir> [--json|--sarif|--format <pretty|json|sarif>] [--baseline <file>] [--write-baseline <file>]
 
 Output:
-  --json           machine-readable findings
-  --sarif          SARIF 2.1.0 (for GitHub code scanning)
+  --json                    machine-readable findings (deprecated; use --format json)
+  --sarif                   SARIF 2.1.0 (for GitHub code scanning) (deprecated; use --format sarif)
+  --format <pretty|json|sarif>
 
 Baselines:
   --baseline <file>        suppress findings present in a baseline file
@@ -49,7 +60,7 @@ Exit codes:
 `);
 }
 async function main() {
-    const { args, help, version, output, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
+    const { args, help, version, output, format, baselinePath, writeBaselinePath, target } = parseArgs(process.argv);
     if (version) {
         try {
             const here = path.dirname(fileURLToPath(import.meta.url));
@@ -67,13 +78,16 @@ async function main() {
         usage();
         process.exit(0);
     }
-    if (output === 'json' && args.includes('--sarif')) {
-        // should be impossible due to parseArgs, but keep a clear message
-        console.error('Error: choose only one output mode: --json or --sarif');
+    if (format && format !== 'pretty' && format !== 'json' && format !== 'sarif') {
+        console.error(`Error: invalid --format '${format}'. Expected: pretty | json | sarif`);
+        process.exit(1);
+    }
+    if (args.includes('--json') && args.includes('--sarif')) {
+        console.error('Error: choose only one output mode: --json, --sarif, or --format');
         process.exit(1);
     }
-    if (output === 'sarif' && args.includes('--json')) {
-        console.error('Error: choose only one output mode: --json or --sarif');
+    if (format && (args.includes('--json') || args.includes('--sarif'))) {
+        console.error('Error: choose only one output mode: --json, --sarif, or --format');
         process.exit(1);
     }
     if (!target) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "configsentry",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "description": "Developer-first guardrails for docker-compose.yml (security + ops footguns).",
   "type": "module",
   "license": "MIT",
@@ -26,7 +26,7 @@
     "node": ">=18"
   },
   "scripts": {
-    "test": "node --test dist/**/*.test.js",
+    "test": "node scripts/run-tests.mjs",
     "build": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\" && tsc -p tsconfig.json",
     "prepack": "npm run build",
     "start": "node dist/cli.js",