devcompass 2.3.0 → 2.3.1

package/README.md

@@ -1,3 +1,5 @@
+cd ~/devCampuss
+cat > README.md << 'EOF'
 # 🧭 DevCompass
 
 **Dependency health checker with ecosystem intelligence for JavaScript/TypeScript projects**
@@ -8,16 +10,29 @@
 
 Analyze your JavaScript projects to find unused dependencies, outdated packages, **detect security vulnerabilities**, **check bundle sizes**, **verify licenses**, and **automatically fix issues** with a single command. Perfect for **CI/CD pipelines** with JSON output and exit codes.
 
+> **NEW in v2.3.1:** Fixed all security vulnerabilities! Health score: 2.5/10 → 8/10 🔒  
 > **NEW in v2.3:** Security scanning, bundle analysis & license checker! 🔐  
 > **NEW in v2.2:** CI/CD integration with JSON output & smart caching! 🚀  
 > **NEW in v2.1:** Auto-fix command! 🔧 Fix critical issues automatically!  
 > **NEW in v2.0:** Real-time ecosystem alerts for known issues! 🚨
 
+## 🎉 Latest Update: v2.3.1
+
+**We practice what we preach!** After releasing v2.3.0 with security scanning, we ran DevCompass on itself and found 14 vulnerabilities. We fixed them all:
+
+- ✅ **Health score improved:** 2.5/10 → 8/10
+- ✅ **Security vulnerabilities:** 14 → 0
+- ✅ **Bundle size reduced:** 9.1 MB → 6.2 MB (32% smaller)
+- ✅ **Dependencies upgraded:** npm-check-updates v16 → v20
+- ✅ **Removed 315 vulnerable packages**
+
+This is what "eating your own dog food" looks like. DevCompass helps you catch and fix security issues before they reach production.
+
 ## ✨ Features
 
-- 🔐 **Security Scanning** (NEW in v2.3!) - npm audit integration with severity breakdown
-- 📦 **Bundle Size Analysis** (NEW in v2.3!) - Identify heavy packages (> 1MB)
-- ⚖️ **License Checker** (NEW in v2.3!) - Detect restrictive licenses (GPL, AGPL)
+- 🔐 **Security Scanning** (v2.3) - npm audit integration with severity breakdown
+- 📦 **Bundle Size Analysis** (v2.3) - Identify heavy packages (> 1MB)
+- ⚖️ **License Checker** (v2.3) - Detect restrictive licenses (GPL, AGPL)
 - 🚀 **CI/CD Integration** (v2.2) - JSON output, exit codes, and silent mode
 - ⚡ **Smart Caching** (v2.2) - 70% faster on repeated runs
 - 🎛️ **Advanced Filtering** (v2.2) - Control alerts by severity level
@@ -65,11 +80,11 @@ devcompass analyze --ci
 devcompass analyze --silent
 ```
 
-## 🔐 NEW in v2.3: Security & Compliance Features
+## 🔐 Security & Compliance Features
 
 ### Security Vulnerability Scanning
 
-DevCompass now integrates with **npm audit** to detect security vulnerabilities automatically!
+DevCompass integrates with **npm audit** to detect security vulnerabilities automatically!
 
 **Example Output:**
 ```
@@ -141,22 +156,18 @@ Detect restrictive licenses that may require legal review!
 - ⚠️ **Restrictive:** GPL, AGPL, LGPL
 - ❓ **Unknown:** Missing or custom licenses
 
-### Combined Analysis Example (v2.3)
+### Combined Analysis Example
 
 **Full Output:**
 ```
-🔍 DevCompass v2.3.0 - Analyzing your project...
+🔍 DevCompass v2.3.1 - Analyzing your project...
 ✔ Scanned 25 dependencies in project
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
-🔐 SECURITY VULNERABILITIES (5)
-
-  🔴 CRITICAL: 1
-  🟠 HIGH: 2
-  🟡 MODERATE: 2
+✅ SECURITY VULNERABILITIES
 
-  Run npm audit fix to fix vulnerabilities
+  No vulnerabilities detected!
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
@@ -178,42 +189,36 @@ Detect restrictive licenses that may require legal review!
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
-⚖️ LICENSE WARNINGS (1)
+✅ LICENSE COMPLIANCE
 
-  sharp - Restrictive (LGPL-3.0)
+  All licenses are permissive!
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
 📊 PROJECT HEALTH
 
-  Overall Score:              6.2/10
+  Overall Score:              8.5/10
   Total Dependencies:         25
-  Security Vulnerabilities:   5
   Ecosystem Alerts:           1
   Unused:                     0
-  Outdated:                   3
+  Outdated:                   2
 
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
 💡 QUICK WINS
 
-  🔐 Fix security vulnerabilities:
-
-  npm audit fix
-
   🔴 Fix critical issues:
 
   npm install axios@1.6.2
 
   Expected impact:
-  ✓ Resolve security vulnerabilities
   ✓ Resolve critical stability issues
-  ✓ Improve health score → 8.7/10
+  ✓ Improve health score → 10/10
 
 💡 TIP: Run 'devcompass fix' to apply these fixes automatically!
 ```
 
-## 🚀 CI/CD Integration (v2.2)
+## 🚀 CI/CD Integration
 
 ### JSON Output
 Perfect for parsing in CI/CD pipelines:
@@ -221,28 +226,28 @@ Perfect for parsing in CI/CD pipelines:
 devcompass analyze --json
 ```
 
-**Output (v2.3):**
+**Output:**
 ```json
 {
-  "version": "2.3.0",
+  "version": "2.3.1",
   "timestamp": "2026-04-02T10:30:00.000Z",
   "summary": {
-    "healthScore": 6.2,
+    "healthScore": 8.5,
     "totalDependencies": 25,
-    "securityVulnerabilities": 5,
+    "securityVulnerabilities": 0,
     "ecosystemAlerts": 1,
     "unusedDependencies": 0,
-    "outdatedPackages": 3,
+    "outdatedPackages": 2,
     "heavyPackages": 2,
-    "licenseWarnings": 1
+    "licenseWarnings": 0
   },
   "security": {
-    "total": 5,
-    "critical": 1,
-    "high": 2,
-    "moderate": 2,
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "moderate": 0,
     "low": 0,
-    "vulnerabilities": [...]
+    "vulnerabilities": []
   },
   "bundleAnalysis": {
     "heavyPackages": [
@@ -251,12 +256,10 @@ devcompass analyze --json
     ]
   },
   "licenses": {
-    "warnings": [
-      { "package": "sharp", "license": "LGPL-3.0", "type": "restrictive" }
-    ]
+    "warnings": []
   },
   "ecosystemAlerts": [...],
-  "unusedDependencies": [...],
+  "unusedDependencies": [],
   "outdatedPackages": [...]
 }
 ```
@@ -293,7 +296,7 @@ devcompass analyze --silent
 echo $?  # Check exit code
 ```
 
-## ⚡ Smart Caching (v2.2)
+## ⚡ Smart Caching
 
 DevCompass caches results to improve performance:
 
@@ -318,7 +321,7 @@ DevCompass caches results to improve performance:
 }
 ```
 
-## 🎛️ Advanced Configuration (v2.2)
+## 🎛️ Advanced Configuration
 
 Create `devcompass.config.json` in your project root:
 ```json
@@ -373,7 +376,7 @@ Create `devcompass.config.json` in your project root:
 }
 ```
 
-## 🔧 Auto-Fix Command (v2.1)
+## 🔧 Auto-Fix Command
 
 DevCompass can **automatically fix issues** in your project!
 
@@ -415,7 +418,7 @@ devcompass fix
 devcompass analyze
 ```
 
-## 🚨 Ecosystem Intelligence (v2.0)
+## 🚨 Ecosystem Intelligence
 
 DevCompass tracks **real-world issues** in popular packages and warns you before they break production!
 
@@ -468,7 +471,7 @@ DevCompass won't flag these as unused (they're typically used in config files):
 - Shows current vs latest versions
 - Indicates update type (major/minor/patch)
 
-### Health Score (Enhanced in v2.3)
+### Health Score
 Calculated from 0-10 based on:
 - Percentage of unused dependencies (−4 points per 100%)
 - Percentage of outdated packages (−3 points per 100%)
@@ -698,7 +701,7 @@ Check out DevCompass stats:
 
 ## 🌟 What's Next?
 
-### Roadmap (v2.4+)
+### Roadmap
 - [x] ~~Automatic fix command~~ ✅ **Added in v2.1!**
 - [x] ~~CI/CD integration with JSON output~~ ✅ **Added in v2.2!**
 - [x] ~~Smart caching system~~ ✅ **Added in v2.2!**
@@ -706,6 +709,7 @@ Check out DevCompass stats:
 - [x] ~~npm audit integration~~ ✅ **Added in v2.3!**
 - [x] ~~Bundle size analysis~~ ✅ **Added in v2.3!**
 - [x] ~~License compliance checker~~ ✅ **Added in v2.3!**
+- [x] ~~Fix all security vulnerabilities~~ ✅ **Fixed in v2.3.1!**
 - [ ] GitHub Issues API for real-time issue tracking (v2.4.0)
 - [ ] Automated security patch suggestions (v2.4.0)
 - [ ] Dependency graph visualization (v2.5.0)
@@ -722,4 +726,5 @@ Want to contribute? Pick an item and open an issue! 🚀
 
 *DevCompass - Keep your dependencies healthy!* 🧭
 
-**Like Lighthouse for your dependencies** ⚡
+**Like Lighthouse for your dependencies** ⚡
+EOF

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devcompass",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "description": "Dependency health checker with ecosystem intelligence for JavaScript/TypeScript projects",
   "main": "src/index.js",
   "bin": {
@@ -44,7 +44,7 @@
     "chalk": "^4.1.2",
     "commander": "^11.1.0",
     "depcheck": "^1.4.7",
-    "npm-check-updates": "^16.14.12",
+    "npm-check-updates": "^20.0.0",
     "ora": "^5.4.1",
     "semver": "^7.6.0"
   },