githits 0.4.15 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,2 +1,2 @@
1
- import{createRequire}from"node:module";var __require=createRequire(import.meta.url);var version="0.4.15";
1
+ import{createRequire}from"node:module";var __require=createRequire(import.meta.url);var version="0.5.1";
2
2
  export{__require,version};
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "githits",
3
- "version": "0.4.15",
3
+ "version": "0.5.1",
4
4
  "description": "Code examples from global open source for developers and AI assistants.",
5
5
  "mcpServers": {
6
6
  "githits": {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "githits",
3
3
  "description": "CLI companion for GitHits - code examples from global open source for developers and AI assistants",
4
- "version": "0.4.15",
4
+ "version": "0.5.1",
5
5
  "type": "module",
6
6
  "workspaces": [
7
7
  "packages/*"
@@ -38,6 +38,8 @@
38
38
  "inspector": "npx @modelcontextprotocol/inspector bun run dev mcp",
39
39
  "smoke:cli": "bun run scripts/cli-smoke.ts",
40
40
  "smoke:mcp": "bun run scripts/mcp-smoke.ts",
41
+ "validate:packages": "bun run scripts/validate-public-packages.ts",
42
+ "validate:packages:mcp-publish": "bun run scripts/validate-public-packages.ts --mcp-publish-dry-run",
41
43
  "audit:pkg-ecosystems": "bun run scripts/pkg-ecosystem-audit.ts",
42
44
  "agent:e2e": "bun run scripts/agent-eval.ts",
43
45
  "agent:e2e:report": "bun run scripts/agent-eval-report.ts",
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "githits",
3
- "version": "0.4.15",
3
+ "version": "0.5.1",
4
4
  "description": "Code examples from global open source for developers and AI assistants",
5
5
  "author": {
6
6
  "name": "GitHits"
@@ -1,6 +1,6 @@
1
1
  # GitHits Code And Docs CLI Reference
2
2
 
3
- Package target syntax is `registry:name[@version]`, for example `npm:express@5.2.1`; omit `@version` for the latest release. Repository target syntax uses `--repo-url <url> [--git-ref <ref>]` for `code` commands; omit `--git-ref` for the backend default-branch intent. For `search`, use `--in https://github.com/org/repo` for the backend default-branch snapshot or append `#ref` such as `#HEAD` for a specific/latest ref.
3
+ Package target syntax requires an explicit registry: `registry:name[@version]`, for example `npm:express@5.2.1`; omit `@version` for the latest release. Repository target syntax uses `--repo-url <url> [--git-ref <ref>]` for `code` commands; omit `--git-ref` for the backend default-branch intent. For `search`, use `--in github:org/repo`, `--in github.com/org/repo`, or `--in https://github.com/org/repo` for the backend default-branch snapshot, or append `#ref` such as `#HEAD` for a specific/latest ref.
4
4
 
5
5
  ## Search
6
6
 
@@ -52,7 +52,7 @@ githits pkg upgrade-review --package npm:zod@4.3.6..4.4.3 --package npm:lint-sta
52
52
  - Need security status for a specific installed version: use `githits pkg vulns <registry:name@version>`.
53
53
  - Need historical advisories that do not affect the inspected version: use `pkg vulns --scope non_affecting`; use `--scope all` for affected plus historical rows.
54
54
  - Need dependency footprint: start with `pkg deps`; add `--lifecycle all` for non-runtime groups and `--depth <n>` for aggregate transitive graph data.
55
- - Need upgrade evidence for dependency updates, outdated package bumps, or lockfile changes: prefer `pkg upgrade-review` because it compares current vs target vulnerabilities, changelog range evidence, deprecation metadata, peer changes, dependency changes, and optional transitive evidence. It reports facts only; you still own the final assessment.
55
+ - Need upgrade evidence for dependency updates, outdated package bumps, or lockfile changes: prefer `pkg upgrade-review` because it compares current vs target vulnerabilities, changelog range evidence, deprecation metadata, peer changes, dependency changes, and transitive security evidence by default. It reports facts only; you still own the final assessment.
56
56
  - Need release notes without a current-to-target comparison: use `pkg changelog`; use `--from`/`--to` for ranges and `--no-body` for compact timelines.
57
57
 
58
58
  ## Gotchas
@@ -36,7 +36,7 @@ Do not use `registry:name@version` for changelog. Use `--to <version>`.
36
36
 
37
37
  Batch form: `githits pkg upgrade-review --package <registry:name@current>..<target> --package <registry:name@current>..<target>`.
38
38
 
39
- Evidence includes current and target direct vulnerabilities, changelog range evidence, target deprecation metadata, peer dependency changes, dependency changes, and optional transitive security or dependency-issue diffs.
39
+ Evidence includes current and target direct vulnerabilities, changelog range evidence, target deprecation metadata, peer dependency changes, dependency changes, and transitive security by default. Dependency-issue diffs are opt-in with `--dependency-issues`.
40
40
 
41
41
  Flags: `--package <spec>`, `--to <version>`, `--no-transitive-security`, `--dependency-issues`, `--min-severity low|medium|high|critical`, `--verbose`, `--json`.
42
42