projectlens 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +143 -143
- package/dist/cli.js +3 -3
- package/dist/{esm-UD73TBFV.js → esm-3RYR6KRP.js} +79 -79
- package/dist/{lib-RYPZ47SK.js → lib-6MKWNYYM.js} +318 -318
- package/dist/{promise-RZT5M2G5.js → promise-Q3EUAGZV.js} +240 -240
- package/package.json +37 -37
- package/public/404.html +1 -1
- package/public/__next.__PAGE__.txt +3 -3
- package/public/__next._full.txt +11 -11
- package/public/__next._head.txt +3 -3
- package/public/__next._index.txt +6 -6
- package/public/__next._tree.txt +2 -2
- package/public/_next/static/chunks/{0ag9_thdvsufz.js → 00xhsd~k-wxkl.js} +1 -1
- package/public/_next/static/chunks/055wtwa3_0~~i.js +1 -0
- package/public/_next/static/chunks/08~pvhfxkn~e1.js +31 -0
- package/public/_next/static/chunks/0bn7sb9dt40_4.js +1 -0
- package/public/_next/static/chunks/0mnylx9uxvgoe.js +1 -0
- package/public/_next/static/chunks/0p3~_xn7z3ctn.css +1 -0
- package/public/_next/static/chunks/0t3z96v_l15ux.js +5 -0
- package/public/_next/static/chunks/14axq_ban0~p1.js +409 -0
- package/public/_next/static/chunks/turbopack-0fx05i3quz0.5.js +1 -0
- package/public/_not-found/__next._full.txt +10 -10
- package/public/_not-found/__next._head.txt +3 -3
- package/public/_not-found/__next._index.txt +6 -6
- package/public/_not-found/{__next._not-found/__PAGE__.txt → __next._not-found.__PAGE__.txt} +2 -2
- package/public/_not-found/__next._not-found.txt +3 -3
- package/public/_not-found/__next._tree.txt +2 -2
- package/public/_not-found.html +1 -1
- package/public/_not-found.txt +10 -10
- package/public/icon.svg +25 -25
- package/public/index.html +1 -1
- package/public/index.txt +11 -11
- package/public/_next/static/chunks/00g6ktfqbvh0k.js +0 -1
- package/public/_next/static/chunks/03~rwd658lpsk.js +0 -409
- package/public/_next/static/chunks/060q84nvp94s6.js +0 -5
- package/public/_next/static/chunks/0cbf_ns_utqrn.css +0 -1
- package/public/_next/static/chunks/0fulyomwb7at-.js +0 -1
- package/public/_next/static/chunks/0~hotr4crj3w3.js +0 -1
- package/public/_next/static/chunks/17mke5d8u31kx.js +0 -31
- package/public/_next/static/chunks/turbopack-0btzs1a7324pk.js +0 -1
- /package/public/_next/static/{5b9sWw26Magr957-mNW48 → MThbDPd1MP5_54V6AAk-i}/_buildManifest.js +0 -0
- /package/public/_next/static/{5b9sWw26Magr957-mNW48 → MThbDPd1MP5_54V6AAk-i}/_clientMiddlewareManifest.js +0 -0
- /package/public/_next/static/{5b9sWw26Magr957-mNW48 → MThbDPd1MP5_54V6AAk-i}/_ssgManifest.js +0 -0
package/README.md
CHANGED
|
@@ -1,143 +1,143 @@
|
|
|
1
|
-
# Projectlens CLI
|
|
2
|
-
|
|
3
|
-
Local lint, type-check & AI security dashboard for JS/TS projects (Next.js, SvelteKit, Vue, plain Node).
|
|
4
|
-
|
|
5
|
-
| | |
|
|
6
|
-
|---|---|
|
|
7
|
-
|  |  |
|
|
8
|
-
|
|
9
|
-
Run one command inside any project and Projectlens runs your **real** ESLint and
|
|
10
|
-
TypeScript toolchain, audits your dependencies, runs an AI security review over
|
|
11
|
-
your source, and opens a live dashboard at `localhost:4321`.
|
|
12
|
-
|
|
13
|
-
```bash
|
|
14
|
-
projectlens # run checks + open the dashboard
|
|
15
|
-
projectlens --no-ai # skip the AI security pass (lint + types only)
|
|
16
|
-
projectlens --ci # run once, print summary, exit non-zero on issues
|
|
17
|
-
projectlens --json # print the full report as JSON and exit
|
|
18
|
-
projectlens --min-score 80 # in --ci mode, fail if health score < 80
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
## What the dashboard shows
|
|
22
|
-
|
|
23
|
-
The dashboard turns one run into a navigable workspace:
|
|
24
|
-
|
|
25
|
-
- **Overview** — composite health score, severity breakdown, and per-category summaries.
|
|
26
|
-
- **Trends** — an interactive multi-metric chart and per-run history table built from
|
|
27
|
-
the local `.projectlens/` run history (deltas, peak/low/avg).
|
|
28
|
-
- **Code quality** — Lint, Types, and Tests findings from your real toolchain.
|
|
29
|
-
- **Security** — AI security review with severity sub-tabs (Critical → Info).
|
|
30
|
-
- **Dependencies** — real CVE advisories with fix-version guidance.
|
|
31
|
-
- **Database** — schema inspection plus a foreign-key relationship graph.
|
|
32
|
-
- **API surface** — a map of detected routes (Next, Express, Hono, Fastify, SvelteKit,
|
|
33
|
-
Nuxt) with method, auth, and validation coverage.
|
|
34
|
-
- **Auth, Environment, Network, Git/CI, Docs** — focused panels for each area.
|
|
35
|
-
- **Task Manager** — a built-in kanban board (see below).
|
|
36
|
-
|
|
37
|
-
### Task Manager (dashboard-only)
|
|
38
|
-
|
|
39
|
-
Every finding has a **Track task** action — in its detail sheet and inline on each
|
|
40
|
-
list row. Tracking adds it to a kanban board and marks the row so you can see what's
|
|
41
|
-
already on your worklist at a glance.
|
|
42
|
-
|
|
43
|
-
- **Custom columns** — rename/delete the defaults (To do / In progress / Done) and add
|
|
44
|
-
your own; drag cards between columns to change status.
|
|
45
|
-
- **Groups/tags** — file tasks under labels like "This sprint" or "Tech debt" and filter
|
|
46
|
-
by them; create a group inline while tracking.
|
|
47
|
-
- **Detail** — click a tracked finding to reopen its full analysis; click a free-form task
|
|
48
|
-
to edit its column, priority, group, and notes.
|
|
49
|
-
|
|
50
|
-
The board is stored only in your browser (localStorage) — it never leaves your machine or
|
|
51
|
-
reaches the CLI. Manage or reset it from **Settings → Task board**.
|
|
52
|
-
|
|
53
|
-
## Screenshots
|
|
54
|
-
|
|
55
|
-
| | |
|
|
56
|
-
|---|---|
|
|
57
|
-
|  |  |
|
|
58
|
-
|  |  |
|
|
59
|
-
|  |  |
|
|
60
|
-
|  |  |
|
|
61
|
-
|  |  |
|
|
62
|
-
|  |  |
|
|
63
|
-
|
|
64
|
-
## How it works
|
|
65
|
-
|
|
66
|
-
```
|
|
67
|
-
cli.ts entry point + flag parsing (commander)
|
|
68
|
-
run.ts orchestrates the pipeline, emits streaming events
|
|
69
|
-
detect.ts reads package.json → framework + package manager
|
|
70
|
-
runners/eslint.ts spawns your local eslint, parses --format json
|
|
71
|
-
runners/tsc.ts spawns tsc --pretty false, parses the diagnostic chain
|
|
72
|
-
runners/audit.ts npm/pnpm/yarn audit --json → real CVE advisories
|
|
73
|
-
ai/audit.ts AI SDK security review (code) + dependency prioritization
|
|
74
|
-
report.ts weighted composite health score
|
|
75
|
-
store.ts local run history in .projectlens/ (powers trends)
|
|
76
|
-
server.ts local HTTP + WebSocket server that serves the dashboard
|
|
77
|
-
```
|
|
78
|
-
|
|
79
|
-
The dashboard (the Next.js app one level up) is prebuilt into `cli/public` and
|
|
80
|
-
served statically, so the installed tool has no runtime build step.
|
|
81
|
-
|
|
82
|
-
## Building
|
|
83
|
-
|
|
84
|
-
```bash
|
|
85
|
-
# from the cli/ package
|
|
86
|
-
pnpm install
|
|
87
|
-
pnpm build # builds the dashboard into ./public, then bundles the CLI
|
|
88
|
-
```
|
|
89
|
-
|
|
90
|
-
`pnpm build` runs two steps:
|
|
91
|
-
1. `build:dashboard` — static-exports the Next.js dashboard (with
|
|
92
|
-
`PROJECTLENS_EXPORT=1`) and copies it into `cli/public`.
|
|
93
|
-
2. `tsup` — bundles `src/` into `dist/`.
|
|
94
|
-
|
|
95
|
-
## Installing it into your own projects
|
|
96
|
-
|
|
97
|
-
**Local link (best while iterating on the tool):**
|
|
98
|
-
|
|
99
|
-
```bash
|
|
100
|
-
cd cli
|
|
101
|
-
pnpm build
|
|
102
|
-
pnpm link --global
|
|
103
|
-
|
|
104
|
-
cd ~/your-project
|
|
105
|
-
projectlens
|
|
106
|
-
```
|
|
107
|
-
|
|
108
|
-
**Run directly by path (no linking):**
|
|
109
|
-
|
|
110
|
-
```bash
|
|
111
|
-
node ~/path/to/cli/dist/cli.js
|
|
112
|
-
```
|
|
113
|
-
|
|
114
|
-
**Publish (optional, for `npx projectlens`):**
|
|
115
|
-
|
|
116
|
-
```bash
|
|
117
|
-
cd cli
|
|
118
|
-
npm publish
|
|
119
|
-
```
|
|
120
|
-
|
|
121
|
-
## AI security audit
|
|
122
|
-
|
|
123
|
-
The AI pass needs a model key. Projectlens uses the Vercel AI Gateway, so set one of:
|
|
124
|
-
|
|
125
|
-
```bash
|
|
126
|
-
export AI_GATEWAY_API_KEY=... # recommended
|
|
127
|
-
# or
|
|
128
|
-
export OPENAI_API_KEY=...
|
|
129
|
-
```
|
|
130
|
-
|
|
131
|
-
By default the audit runs on a **free** OpenRouter text model
|
|
132
|
-
(`meta-llama/llama-3.3-70b-instruct:free`) and automatically **falls back** to
|
|
133
|
-
`google/gemini-2.5-flash` if the primary model errors or is rate-limited, so the
|
|
134
|
-
review keeps working out of the box. Override either via env or `.projectlensrc`:
|
|
135
|
-
|
|
136
|
-
```bash
|
|
137
|
-
export PROJECTLENS_MODEL=openai/gpt-5-mini # primary model
|
|
138
|
-
export PROJECTLENS_FALLBACK_MODEL=anthropic/claude-haiku-4
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
Without a key, lint + type-check + dependency advisories still run; only the AI
|
|
142
|
-
code review and prioritization are skipped (`--no-ai` silences the warning).
|
|
143
|
-
Only the selected security-relevant source files are sent to the model.
|
|
1
|
+
# Projectlens CLI
|
|
2
|
+
|
|
3
|
+
Local lint, type-check & AI security dashboard for JS/TS projects (Next.js, SvelteKit, Vue, plain Node).
|
|
4
|
+
|
|
5
|
+
| | |
|
|
6
|
+
|---|---|
|
|
7
|
+
|  |  |
|
|
8
|
+
|
|
9
|
+
Run one command inside any project and Projectlens runs your **real** ESLint and
|
|
10
|
+
TypeScript toolchain, audits your dependencies, runs an AI security review over
|
|
11
|
+
your source, and opens a live dashboard at `localhost:4321`.
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
projectlens # run checks + open the dashboard
|
|
15
|
+
projectlens --no-ai # skip the AI security pass (lint + types only)
|
|
16
|
+
projectlens --ci # run once, print summary, exit non-zero on issues
|
|
17
|
+
projectlens --json # print the full report as JSON and exit
|
|
18
|
+
projectlens --min-score 80 # in --ci mode, fail if health score < 80
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## What the dashboard shows
|
|
22
|
+
|
|
23
|
+
The dashboard turns one run into a navigable workspace:
|
|
24
|
+
|
|
25
|
+
- **Overview** — composite health score, severity breakdown, and per-category summaries.
|
|
26
|
+
- **Trends** — an interactive multi-metric chart and per-run history table built from
|
|
27
|
+
the local `.projectlens/` run history (deltas, peak/low/avg).
|
|
28
|
+
- **Code quality** — Lint, Types, and Tests findings from your real toolchain.
|
|
29
|
+
- **Security** — AI security review with severity sub-tabs (Critical → Info).
|
|
30
|
+
- **Dependencies** — real CVE advisories with fix-version guidance.
|
|
31
|
+
- **Database** — schema inspection plus a foreign-key relationship graph.
|
|
32
|
+
- **API surface** — a map of detected routes (Next, Express, Hono, Fastify, SvelteKit,
|
|
33
|
+
Nuxt) with method, auth, and validation coverage.
|
|
34
|
+
- **Auth, Environment, Network, Git/CI, Docs** — focused panels for each area.
|
|
35
|
+
- **Task Manager** — a built-in kanban board (see below).
|
|
36
|
+
|
|
37
|
+
### Task Manager (dashboard-only)
|
|
38
|
+
|
|
39
|
+
Every finding has a **Track task** action — in its detail sheet and inline on each
|
|
40
|
+
list row. Tracking adds it to a kanban board and marks the row so you can see what's
|
|
41
|
+
already on your worklist at a glance.
|
|
42
|
+
|
|
43
|
+
- **Custom columns** — rename/delete the defaults (To do / In progress / Done) and add
|
|
44
|
+
your own; drag cards between columns to change status.
|
|
45
|
+
- **Groups/tags** — file tasks under labels like "This sprint" or "Tech debt" and filter
|
|
46
|
+
by them; create a group inline while tracking.
|
|
47
|
+
- **Detail** — click a tracked finding to reopen its full analysis; click a free-form task
|
|
48
|
+
to edit its column, priority, group, and notes.
|
|
49
|
+
|
|
50
|
+
The board is stored only in your browser (localStorage) — it never leaves your machine or
|
|
51
|
+
reaches the CLI. Manage or reset it from **Settings → Task board**.
|
|
52
|
+
|
|
53
|
+
## Screenshots
|
|
54
|
+
|
|
55
|
+
| | |
|
|
56
|
+
|---|---|
|
|
57
|
+
|  |  |
|
|
58
|
+
|  |  |
|
|
59
|
+
|  |  |
|
|
60
|
+
|  |  |
|
|
61
|
+
|  |  |
|
|
62
|
+
|  |  |
|
|
63
|
+
|
|
64
|
+
## How it works
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
cli.ts entry point + flag parsing (commander)
|
|
68
|
+
run.ts orchestrates the pipeline, emits streaming events
|
|
69
|
+
detect.ts reads package.json → framework + package manager
|
|
70
|
+
runners/eslint.ts spawns your local eslint, parses --format json
|
|
71
|
+
runners/tsc.ts spawns tsc --pretty false, parses the diagnostic chain
|
|
72
|
+
runners/audit.ts npm/pnpm/yarn audit --json → real CVE advisories
|
|
73
|
+
ai/audit.ts AI SDK security review (code) + dependency prioritization
|
|
74
|
+
report.ts weighted composite health score
|
|
75
|
+
store.ts local run history in .projectlens/ (powers trends)
|
|
76
|
+
server.ts local HTTP + WebSocket server that serves the dashboard
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
The dashboard (the Next.js app one level up) is prebuilt into `cli/public` and
|
|
80
|
+
served statically, so the installed tool has no runtime build step.
|
|
81
|
+
|
|
82
|
+
## Building
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
# from the cli/ package
|
|
86
|
+
pnpm install
|
|
87
|
+
pnpm build # builds the dashboard into ./public, then bundles the CLI
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
`pnpm build` runs two steps:
|
|
91
|
+
1. `build:dashboard` — static-exports the Next.js dashboard (with
|
|
92
|
+
`PROJECTLENS_EXPORT=1`) and copies it into `cli/public`.
|
|
93
|
+
2. `tsup` — bundles `src/` into `dist/`.
|
|
94
|
+
|
|
95
|
+
## Installing it into your own projects
|
|
96
|
+
|
|
97
|
+
**Local link (best while iterating on the tool):**
|
|
98
|
+
|
|
99
|
+
```bash
|
|
100
|
+
cd cli
|
|
101
|
+
pnpm build
|
|
102
|
+
pnpm link --global
|
|
103
|
+
|
|
104
|
+
cd ~/your-project
|
|
105
|
+
projectlens
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
**Run directly by path (no linking):**
|
|
109
|
+
|
|
110
|
+
```bash
|
|
111
|
+
node ~/path/to/cli/dist/cli.js
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
**Publish (optional, for `npx projectlens`):**
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
cd cli
|
|
118
|
+
npm publish
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
## AI security audit
|
|
122
|
+
|
|
123
|
+
The AI pass needs a model key. Projectlens uses the Vercel AI Gateway, so set one of:
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
export AI_GATEWAY_API_KEY=... # recommended
|
|
127
|
+
# or
|
|
128
|
+
export OPENAI_API_KEY=...
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
By default the audit runs on a **free** OpenRouter text model
|
|
132
|
+
(`meta-llama/llama-3.3-70b-instruct:free`) and automatically **falls back** to
|
|
133
|
+
`google/gemini-2.5-flash` if the primary model errors or is rate-limited, so the
|
|
134
|
+
review keeps working out of the box. Override either via env or `.projectlensrc`:
|
|
135
|
+
|
|
136
|
+
```bash
|
|
137
|
+
export PROJECTLENS_MODEL=openai/gpt-5-mini # primary model
|
|
138
|
+
export PROJECTLENS_FALLBACK_MODEL=anthropic/claude-haiku-4
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
Without a key, lint + type-check + dependency advisories still run; only the AI
|
|
142
|
+
code review and prioritization are skipped (`--no-ai` silences the warning).
|
|
143
|
+
Only the selected security-relevant source files are sent to the model.
|
package/dist/cli.js
CHANGED
|
@@ -2336,7 +2336,7 @@ async function introspectOne(conn) {
|
|
|
2336
2336
|
async function introspectPostgres(conn) {
|
|
2337
2337
|
let pg;
|
|
2338
2338
|
try {
|
|
2339
|
-
pg = await import("./esm-
|
|
2339
|
+
pg = await import("./esm-3RYR6KRP.js");
|
|
2340
2340
|
} catch {
|
|
2341
2341
|
return null;
|
|
2342
2342
|
}
|
|
@@ -2426,7 +2426,7 @@ async function introspectPostgres(conn) {
|
|
|
2426
2426
|
async function introspectMysql(conn) {
|
|
2427
2427
|
let mysql;
|
|
2428
2428
|
try {
|
|
2429
|
-
mysql = await import("./promise-
|
|
2429
|
+
mysql = await import("./promise-Q3EUAGZV.js");
|
|
2430
2430
|
} catch {
|
|
2431
2431
|
return null;
|
|
2432
2432
|
}
|
|
@@ -2479,7 +2479,7 @@ async function introspectMysql(conn) {
|
|
|
2479
2479
|
async function introspectMongo(conn) {
|
|
2480
2480
|
let mongodb;
|
|
2481
2481
|
try {
|
|
2482
|
-
mongodb = await import("./lib-
|
|
2482
|
+
mongodb = await import("./lib-6MKWNYYM.js");
|
|
2483
2483
|
} catch {
|
|
2484
2484
|
return null;
|
|
2485
2485
|
}
|