dep-brain 1.0.2 → 1.1.0

package/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.1.0
+
+- Added `--focus` modes for targeted duplicate, unused, outdated, risk, and health analysis.
+- Added `--ci` for low-noise CI defaults focused on duplicate and runtime risk enforcement.
+- Added `dep-brain init` to generate a starter `depbrain.config.json`.
+- Introduced capped health score deductions so large outdated/risk counts do not automatically collapse project health to `0/100`.
+- Added GitHub Action inputs for `focus` and `ci`.
+- Added regression coverage for focused analysis and capped scoring.
+
 ## 1.0.2
 
 - Treated npm `overrides` entries as intentional version pins so direct override packages are not flagged as unused.

package/README.md

@@ -50,6 +50,9 @@ The long-term goal is not just to list problems, but to answer:
 - SARIF output via `--sarif`
 - Ranked top issues via `--top`
 - Baseline mode via `--baseline`
+- Focused analysis via `--focus`
+- Low-noise CI defaults via `--ci`
+- Starter config generation via `dep-brain init`
 - Reusable GitHub Action via `action.yml`
 - Library entrypoint for programmatic use
 
@@ -70,10 +73,13 @@ npx dep-brain analyze ./path-to-project --fail-on-unused --json
 npx dep-brain analyze --md > depbrain.md
 npx dep-brain analyze --json --out depbrain.json
 npx dep-brain analyze --sarif --out depbrain.sarif
+npx dep-brain analyze --focus duplicates
+npx dep-brain analyze --ci
 npx dep-brain analyze --baseline depbrain-baseline.json
 npx dep-brain analyze --baseline depbrain-baseline.json --min-score 90 --fail-on-risks
 npx dep-brain report --from depbrain.json --md --out depbrain.md
 
+dep-brain init
 dep-brain config
 dep-brain config --config depbrain.config.json
 
@@ -82,6 +88,34 @@ dep-brain analyze --help
 dep-brain --version
 ```
 
+## Focus Modes
+
+Use `--focus` when you want a targeted signal instead of a full report:
+
+```bash
+dep-brain analyze --focus duplicates
+dep-brain analyze --focus health
+dep-brain analyze --focus risks
+```
+
+Supported values are `all`, `health`, `duplicates`, `unused`, `outdated`, and `risks`.
+
+## CI Preset
+
+```bash
+dep-brain analyze --ci
+```
+
+The CI preset applies low-noise defaults: a minimum score of `70`, failure on duplicates, and failure on risky dependencies.
+
+## Config Init
+
+```bash
+dep-brain init
+```
+
+Creates a starter `depbrain.config.json` with practical defaults for CI and common TypeScript/NestJS tooling.
+
 ## Workspaces
 
 If the root `package.json` defines `workspaces`, `dep-brain` analyzes each workspace package and reports per-package results. Aggregated counts are still shown at the top-level summary.

package/action.yml

@@ -23,6 +23,14 @@ inputs:
     description: Optional baseline JSON report used to ignore existing findings.
     required: false
     default: ""
+  focus:
+    description: Analysis focus. Use all, health, duplicates, unused, outdated, or risks.
+    required: false
+    default: "all"
+  ci:
+    description: Apply low-noise CI defaults.
+    required: false
+    default: "false"
   min-score:
     description: Minimum project health score required to pass.
     required: false
@@ -55,6 +63,8 @@ runs:
         INPUT_OUT: ${{ inputs.out }}
         INPUT_CONFIG: ${{ inputs.config }}
         INPUT_BASELINE: ${{ inputs.baseline }}
+        INPUT_FOCUS: ${{ inputs.focus }}
+        INPUT_CI: ${{ inputs.ci }}
         INPUT_MIN_SCORE: ${{ inputs.min-score }}
         INPUT_FAIL_ON_UNUSED: ${{ inputs.fail-on-unused }}
         INPUT_FAIL_ON_OUTDATED: ${{ inputs.fail-on-outdated }}
@@ -89,6 +99,14 @@ runs:
           args+=("--baseline" "$INPUT_BASELINE")
         fi
 
+        if [ "$INPUT_FOCUS" != "all" ]; then
+          args+=("--focus" "$INPUT_FOCUS")
+        fi
+
+        if [ "$INPUT_CI" = "true" ]; then
+          args+=("--ci")
+        fi
+
         if [ -n "$INPUT_MIN_SCORE" ]; then
           args+=("--min-score" "$INPUT_MIN_SCORE")
         fi

package/dist/cli.js

@@ -4,6 +4,7 @@ import { renderConsoleReport } from "./reporters/console.js";
 import { renderJsonReport } from "./reporters/json.js";
 import { renderMarkdownReport } from "./reporters/markdown.js";
 import { renderSarifReport } from "./reporters/sarif.js";
+import { defaultConfig } from "./utils/config.js";
 import { promises as fs } from "node:fs";
 import path from "node:path";
 async function main() {
@@ -91,6 +92,22 @@ async function main() {
                 return;
             }
         }
+        if (command === "init") {
+            try {
+                const outputPath = optionValues.get("--out") ?? "depbrain.config.json";
+                const resolvedOut = resolveUserPath(outputPath);
+                const config = buildStarterConfig();
+                await fs.writeFile(resolvedOut, `${JSON.stringify(config, null, 2)}\n`, "utf8");
+                console.log(`Created ${path.relative(process.cwd(), resolvedOut) || outputPath}`);
+                return;
+            }
+            catch (error) {
+                console.error("Failed to create config.");
+                console.error(error);
+                process.exitCode = 1;
+                return;
+            }
+        }
         console.error(`Unknown command: ${sanitizeForLog(command)}`);
         printHelp();
         process.exitCode = 1;
@@ -108,7 +125,8 @@ async function main() {
             rootDir: targetPath,
             configPath: optionValues.get("--config"),
             config: cliConfig,
-            baseline
+            baseline,
+            focus: parseFocus(optionValues.get("--focus"))
         });
         let output;
         if (flags.has("--json")) {
@@ -169,6 +187,11 @@ function buildCliConfig(flags, optionValues) {
     if (flags.has("--fail-on-unused")) {
         policy.failOnUnused = true;
     }
+    if (flags.has("--ci")) {
+        policy.minScore = policy.minScore ?? 70;
+        policy.failOnDuplicates = true;
+        policy.failOnRisks = true;
+    }
     return {
         policy
     };
@@ -186,9 +209,10 @@ function printHelp() {
     console.log("Dependency Brain");
     console.log("");
     console.log("Usage:");
-    console.log("  dep-brain analyze [path] [--json] [--md] [--sarif] [--top] [--out path] [--config path] [--baseline path] [--min-score n] [--fail-on-risks]");
+    console.log("  dep-brain analyze [path] [--json] [--md] [--sarif] [--top] [--focus kind] [--ci] [--out path] [--config path] [--baseline path] [--min-score n] [--fail-on-risks]");
     console.log("  dep-brain report --from <file> [--md] [--json] [--sarif] [--top] [--out path]");
     console.log("  dep-brain config [path] [--config path]");
+    console.log("  dep-brain init [--out depbrain.config.json]");
     console.log("  dep-brain help");
     console.log("  dep-brain --version");
     console.log("");
@@ -197,6 +221,8 @@ function printHelp() {
     console.log("  --md                Output Markdown report");
     console.log("  --sarif             Output SARIF format for Code Scanning");
     console.log("  --top               Output the ranked top issues only");
+    console.log("  --focus <kind>      Run all, health, duplicates, unused, outdated, or risks");
+    console.log("  --ci                Apply low-noise CI defaults");
     console.log("  --config <path>     Path to depbrain.config.json");
     console.log("  --baseline <path>   Ignore findings already present in a baseline JSON report");
     console.log("  --from <file>       Read analysis JSON from file");
@@ -209,6 +235,45 @@ function printHelp() {
     console.log("  --help              Show this help output");
     console.log("  --version           Show CLI version");
 }
+function parseFocus(value) {
+    if (value === "duplicates" ||
+        value === "unused" ||
+        value === "outdated" ||
+        value === "risks" ||
+        value === "health" ||
+        value === "all") {
+        return value;
+    }
+    return "all";
+}
+function buildStarterConfig() {
+    return {
+        ...defaultConfig,
+        ignore: {
+            ...defaultConfig.ignore,
+            unused: [
+                "@nestjs/platform-express",
+                "reflect-metadata",
+                "source-map-support",
+                "ts-loader",
+                "ts-node",
+                "tsconfig-paths"
+            ]
+        },
+        policy: {
+            ...defaultConfig.policy,
+            minScore: 70,
+            failOnDuplicates: true,
+            failOnRisks: true
+        },
+        scoring: {
+            duplicateWeight: 8,
+            outdatedWeight: 1,
+            unusedWeight: 2,
+            riskWeight: 4
+        }
+    };
+}
 async function loadPackageVersion() {
     try {
         const pkgPath = new URL("../package.json", import.meta.url);

package/dist/core/analyzer.d.ts

@@ -4,7 +4,9 @@ export interface AnalysisOptions {
     configPath?: string;
     config?: DepBrainConfigOverrides;
     baseline?: DepBrainBaseline;
+    focus?: AnalysisFocus;
 }
+export type AnalysisFocus = "all" | "duplicates" | "unused" | "outdated" | "risks" | "health";
 export interface DepBrainBaseline {
     duplicates?: Array<Partial<Pick<DuplicateDependency, "name">>>;
     unused?: Array<Partial<Pick<UnusedDependency, "name" | "section" | "package">>>;

package/dist/core/analyzer.js

@@ -6,27 +6,30 @@ import { runUnusedCheck } from "../checks/unused.js";
 import { loadDepBrainConfig } from "../utils/config.js";
 import { findWorkspacePackages } from "../utils/workspaces.js";
 import { buildDependencyGraph } from "./graph-builder.js";
-import { calculateHealthScore } from "./scorer.js";
+import { calculateHealthScore, calculateScoreDeductions } from "./scorer.js";
 import { buildAnalysisContext } from "./context.js";
 export const OUTPUT_VERSION = "1.4";
 export async function analyzeProject(options = {}) {
     const rootDir = path.resolve(options.rootDir ?? process.cwd());
     const loadedConfig = await loadDepBrainConfig(rootDir, options.configPath);
     const config = mergeConfig(loadedConfig, options.config);
+    const focus = options.focus ?? "all";
     const workspaces = await findWorkspacePackages(rootDir);
     if (workspaces.length === 0) {
         return analyzeSingleProject(rootDir, config, {
-            baseline: options.baseline
+            baseline: options.baseline,
+            focus
         });
     }
     const rootGraph = await buildDependencyGraph(rootDir);
-    const duplicateCheck = await runDuplicateCheck(rootGraph);
-    const filteredDuplicateIssues = filterIssues(duplicateCheck.issues, "duplicates", config);
-    const duplicates = mapDuplicateIssues(filteredDuplicateIssues);
+    const duplicates = shouldRunCheck("duplicate", focus)
+        ? mapDuplicateIssues(filterIssues((await runDuplicateCheck(rootGraph)).issues, "duplicates", config))
+        : [];
     const packages = [];
     for (const workspace of workspaces) {
         const result = await analyzeSingleProject(workspace.rootDir, config, {
-            packageName: workspace.name
+            packageName: workspace.name,
+            focus
         });
         packages.push({ ...result, name: workspace.name });
     }
@@ -163,7 +166,7 @@ function evaluatePolicy(summary, config) {
 }
 async function analyzeSingleProject(rootDir, config, options = {}) {
     const context = await buildAnalysisContext(rootDir, config);
-    const results = await runChecks(context);
+    const results = await runChecks(context, options.focus ?? "all");
     const issueGroups = normalizeIssues(results, config);
     const duplicates = mapDuplicateIssues(issueGroups.duplicates);
     const unused = mapUnusedIssues(issueGroups.unused);
@@ -255,7 +258,7 @@ function shouldIgnorePackage(name, bucket, config) {
         }
     });
 }
-async function runChecks(context) {
+async function runChecks(context, focus) {
     const checks = [
         {
             name: "duplicate",
@@ -276,10 +279,21 @@ async function runChecks(context) {
     ];
     const results = [];
     for (const check of checks) {
-        results.push(await check.run());
+        if (shouldRunCheck(check.name, focus)) {
+            results.push(await check.run());
+        }
     }
     return results;
 }
+function shouldRunCheck(checkName, focus) {
+    if (focus === "all" || focus === "health") {
+        return true;
+    }
+    return ((focus === "duplicates" && checkName === "duplicate") ||
+        (focus === "unused" && checkName === "unused") ||
+        (focus === "outdated" && checkName === "outdated") ||
+        (focus === "risks" && checkName === "risk"));
+}
 function normalizeIssues(results, config) {
     const map = new Map();
     for (const result of results) {
@@ -603,12 +617,22 @@ function normalizeWorkspaceUsage(value) {
         .filter((entry) => entry !== null);
 }
 function buildScoreBreakdown(counts, config) {
+    const deductions = calculateScoreDeductions({
+        duplicates: counts.duplicates,
+        outdated: counts.outdated,
+        unused: counts.unused,
+        risks: counts.risks,
+        duplicateWeight: config.scoring.duplicateWeight,
+        outdatedWeight: config.scoring.outdatedWeight,
+        unusedWeight: config.scoring.unusedWeight,
+        riskWeight: config.scoring.riskWeight
+    });
     return {
-        baseScore: 100,
-        duplicates: counts.duplicates * config.scoring.duplicateWeight,
-        outdated: counts.outdated * config.scoring.outdatedWeight,
-        unused: counts.unused * config.scoring.unusedWeight,
-        risks: counts.risks * config.scoring.riskWeight,
+        baseScore: deductions.baseScore,
+        duplicates: deductions.duplicates,
+        outdated: deductions.outdated,
+        unused: deductions.unused,
+        risks: deductions.risks,
         weights: {
             duplicateWeight: config.scoring.duplicateWeight,
             outdatedWeight: config.scoring.outdatedWeight,

package/dist/core/scorer.d.ts

@@ -9,3 +9,10 @@ export interface ScoreInputs {
     riskWeight?: number;
 }
 export declare function calculateHealthScore(inputs: ScoreInputs): number;
+export declare function calculateScoreDeductions(inputs: ScoreInputs): {
+    baseScore: number;
+    duplicates: number;
+    outdated: number;
+    unused: number;
+    risks: number;
+};

package/dist/core/scorer.js

@@ -1,12 +1,21 @@
 export function calculateHealthScore(inputs) {
+    const breakdown = calculateScoreDeductions(inputs);
+    return Math.max(0, breakdown.baseScore -
+        breakdown.duplicates -
+        breakdown.outdated -
+        breakdown.unused -
+        breakdown.risks);
+}
+export function calculateScoreDeductions(inputs) {
     const duplicateWeight = inputs.duplicateWeight ?? 5;
     const outdatedWeight = inputs.outdatedWeight ?? 3;
     const unusedWeight = inputs.unusedWeight ?? 4;
     const riskWeight = inputs.riskWeight ?? 10;
-    const rawScore = 100 -
-        inputs.duplicates * duplicateWeight -
-        inputs.outdated * outdatedWeight -
-        inputs.unused * unusedWeight -
-        inputs.risks * riskWeight;
-    return Math.max(0, rawScore);
+    return {
+        baseScore: 100,
+        duplicates: Math.min(35, inputs.duplicates * duplicateWeight),
+        outdated: Math.min(25, inputs.outdated * outdatedWeight),
+        unused: Math.min(20, inputs.unused * unusedWeight),
+        risks: Math.min(30, inputs.risks * riskWeight)
+    };
 }

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { analyzeProject } from "./core/analyzer.js";
-export type { AnalysisOptions, AnalysisResult, DepBrainBaseline, DuplicateDependency, OutdatedDependency, PolicyResult, PackageAnalysisResult, Recommendation, RiskFactors, ScoreBreakdown, RiskDependency, TopIssue, TrustScore, UnusedDependency, WorkspaceDependencyUsage, WorkspaceOwnershipSummary } from "./core/analyzer.js";
+export type { AnalysisOptions, AnalysisFocus, AnalysisResult, DepBrainBaseline, DuplicateDependency, OutdatedDependency, PolicyResult, PackageAnalysisResult, Recommendation, RiskFactors, ScoreBreakdown, RiskDependency, TopIssue, TrustScore, UnusedDependency, WorkspaceDependencyUsage, WorkspaceOwnershipSummary } from "./core/analyzer.js";
 export { OUTPUT_VERSION } from "./core/analyzer.js";
 export type { AnalysisContext, CheckResult, Issue } from "./core/types.js";
 export type { DepBrainConfig, DepBrainConfigOverrides } from "./utils/config.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dep-brain",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "CLI and library for explainable dependency intelligence",
   "type": "module",
   "main": "dist/index.js",