proof-of-commitment 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +8 -5
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
/**
|
|
3
|
-
* proof-of-commitment CLI v1.
|
|
3
|
+
* proof-of-commitment CLI v1.14.0
|
|
4
4
|
* Scores npm/PyPI/Cargo/Go packages on behavioral commitment signals.
|
|
5
5
|
* Usage: npx proof-of-commitment [packages...] [options]
|
|
6
6
|
*/
|
|
@@ -198,17 +198,19 @@ function printTable(results, { totalScanned, totalCritical, lockfile } = {}) {
|
|
|
198
198
|
}
|
|
199
199
|
|
|
200
200
|
// Contextual upsell — show when findings make monitoring relevant
|
|
201
|
+
// In TTY mode, inlineSignup() handles the upsell interactively — skip static text
|
|
201
202
|
if (effectiveCritical > 0) {
|
|
202
|
-
// Check for API key synchronously via env (fast path)
|
|
203
203
|
const hasKey = !!process.env.COMMIT_API_KEY || _cachedHasKey;
|
|
204
204
|
if (hasKey) {
|
|
205
205
|
console.log(clr(c.dim, `\n 📊 Monitor ${effectiveCritical === 1 ? 'this package' : 'these packages'}: `) +
|
|
206
206
|
clr(c.cyan, `poc watch ${results.find(r => hasCritical(r.riskFlags))?.name || results[0]?.name}`));
|
|
207
|
-
} else {
|
|
207
|
+
} else if (!process.stdin.isTTY || !process.stdout.isTTY) {
|
|
208
|
+
// Non-TTY (CI, piped): show static URL since interactive prompt won't work
|
|
208
209
|
console.log(clr(c.dim, `\n 📊 Monitor ${effectiveCritical === 1 ? 'this' : 'these ' + effectiveCritical} CRITICAL ${effectiveCritical === 1 ? 'package' : 'packages'} — get alerted when scores change.`));
|
|
209
210
|
console.log(clr(c.dim, ' Get a free API key: ') + clr(c.cyan, 'https://getcommit.dev/get-started?utm_source=cli'));
|
|
210
211
|
console.log(clr(c.dim, ' Then run: ') + clr(c.cyan, 'poc login'));
|
|
211
212
|
}
|
|
213
|
+
// else: TTY mode — inlineSignup() will prompt interactively after printTable
|
|
212
214
|
}
|
|
213
215
|
console.log();
|
|
214
216
|
}
|
|
@@ -284,7 +286,7 @@ async function inlineSignup(results) {
|
|
|
284
286
|
|
|
285
287
|
function printHelp() {
|
|
286
288
|
console.log(`
|
|
287
|
-
${clr(c.bold, 'proof-of-commitment')} v1.
|
|
289
|
+
${clr(c.bold, 'proof-of-commitment')} v1.14.0 — supply chain risk scorer
|
|
288
290
|
|
|
289
291
|
${clr(c.bold, 'Usage:')}
|
|
290
292
|
npx proof-of-commitment Auto-detect manifest in current dir
|
|
@@ -386,7 +388,8 @@ ${clr(c.bold, 'Provenance (npm):')}
|
|
|
386
388
|
${clr(c.bold, 'Score dimensions (npm/PyPI/Cargo):')} longevity · download momentum · release consistency · publisher depth · GitHub backing · provenance
|
|
387
389
|
${clr(c.bold, 'Score dimensions (Go):')} longevity · release consistency · maintainer depth · GitHub backing · stars
|
|
388
390
|
|
|
389
|
-
${clr(c.bold, 'MCP:')}
|
|
391
|
+
${clr(c.bold, 'MCP:')} https://poc-backend.amdal-dev.workers.dev/mcp — connect from Claude Desktop / Cursor / Cline.
|
|
392
|
+
Free tier: 100 queries/IP/UTC day. Power users: API key for 200/day. ${clr(c.dim, '(Authorization: Bearer sk_commit_…)')}
|
|
390
393
|
|
|
391
394
|
${clr(c.bold, 'Web:')} ${WEB}
|
|
392
395
|
`);
|