gadriel 0.10.5 → 0.10.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +15 -10
  2. package/package.json +6 -6
package/README.md CHANGED
@@ -29,23 +29,28 @@ time via npm `optionalDependencies`.
29
29
  # 1. Authenticate — paste a token from https://app.gadriel.ai/developers/tokens
30
30
  gadriel auth login
31
31
 
32
- # 2. Sync the vulnerability database (one-time, ~500 MB, enables CVE detection)
33
- gadriel code policies --osv
34
-
35
- # 3. Scaffold code-security in your repo
36
- # Creates .security/, git hooks, MCP server config, and CLAUDE.md
32
+ # 2. Scaffold code-security in your repo
33
+ # Creates .security/, git hooks, MCP server config, and CLAUDE.md.
34
+ # Also syncs the OSV CVE database for the languages it detects, so
35
+ # your first scan has CVE detection ready (only downloads the
36
+ # ecosystems your repo uses pass --skip-osv to defer).
37
37
  gadriel code init
38
38
 
39
- # 4. Scan the current repo
39
+ # 3. Scan the current repo
40
40
  gadriel code scan .
41
41
 
42
- # 5. Open the HTML report
42
+ # 4. Open the HTML report
43
43
  open .security/reports/index.html
44
44
  ```
45
45
 
46
- > **New in 0.10.3:** When the OSV database is absent, `gadriel code scan`
47
- > now prompts you to sync it inline rather than silently running in degraded
48
- > mode. The CLI also shows a clear recovery message when no token is found.
46
+ > **New in 0.10.6:** `gadriel code init` now front-loads the OSV
47
+ > vulnerability-database sync for the ecosystems detected in your repo,
48
+ > so your first `gadriel code scan` runs with CVE detection already
49
+ > enabled — no slow mid-scan download. Use `--skip-osv` for air-gapped
50
+ > setups. (If you skip it, the first scan still auto-syncs on demand.)
51
+
52
+ > **Manual OSV sync** is still available any time:
53
+ > `gadriel code policies --osv`
49
54
 
50
55
  ## Getting started (full guide)
51
56
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gadriel",
3
- "version": "0.10.5",
3
+ "version": "0.10.7",
4
4
  "description": "Gadriel - Code-security CLI for AI-assisted development",
5
5
  "keywords": [
6
6
  "security",
@@ -35,10 +35,10 @@
35
35
  "node": ">=16"
36
36
  },
37
37
  "optionalDependencies": {
38
- "@gadriel/cli-linux-x64": "0.10.5",
39
- "@gadriel/cli-linux-arm64": "0.10.5",
40
- "@gadriel/cli-darwin-x64": "0.10.5",
41
- "@gadriel/cli-darwin-arm64": "0.10.5",
42
- "@gadriel/cli-win32-x64": "0.10.5"
38
+ "@gadriel/cli-linux-x64": "0.10.7",
39
+ "@gadriel/cli-linux-arm64": "0.10.7",
40
+ "@gadriel/cli-darwin-x64": "0.10.7",
41
+ "@gadriel/cli-darwin-arm64": "0.10.7",
42
+ "@gadriel/cli-win32-x64": "0.10.7"
43
43
  }
44
44
  }