npm - proof-of-commitment - Versions diffs - 1.18.1 → 1.18.2 - Mend

proof-of-commitment 1.18.1 → 1.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -63,14 +63,14 @@ poc login sk_commit_your_key_here
 poc status                          # check tier + usage anytime
 poc logout                          # remove saved key
-# Monitoring (Pro tier — daily scans + alerts):
+# Monitoring (Developer $15/mo+ — daily scans + alerts):
 poc watch chalk
 poc watch requests --ecosystem pypi
 poc watch serde --ecosystem cargo
 poc watchlist                       # view scores + risk levels
 poc unwatch chalk
-# Upgrade to Pro: https://getcommit.dev/pricing
+# Enable monitoring: https://getcommit.dev/pricing
 ```
 Alerts fire on: score drop ≥10 points · package crosses CRITICAL threshold · recovery to HEALTHY.
@@ -132,12 +132,12 @@ When `comment-on-pr: true` (default), the action automatically posts the audit t
 | `max-packages` | `20` | Max packages to audit when auto-detecting |
 | `include-dev-dependencies` | `false` | Include `devDependencies` from `package.json` |
 | `comment-on-pr` | `true` | Post audit results as a PR comment (requires `pull-requests: write` permission) |
-| `api-key` | _(none)_ | [Commit Pro](https://getcommit.dev/pricing) API key — enables batch requests and 10K requests/month |
+| `api-key` | _(none)_ | [Commit](https://getcommit.dev/pricing) API key — enables batch requests; Developer ($15/mo) gets 10K requests/month |
 | `api-url` | _(prod)_ | Override API endpoint (useful for self-hosting) |
 **Outputs:** `has-critical`, `critical-count`, `audit-summary` (markdown table, also written to Step Summary).
-**Free vs Pro:** Without an API key, packages are audited one at a time (with delays to respect rate limits). With a Pro API key, all packages are audited in a single batch request — faster and with higher monthly limits.
+**Free vs paid:** Without an API key, packages are audited one at a time (with delays to respect rate limits). With any API key (free or paid), all packages are audited in a single batch request — faster. Paid tiers (Developer $15/mo+) raise the monthly request limit and unlock daily monitoring.
 Example PR comment / Step Summary output:

package/index.js CHANGED Viewed

@@ -367,7 +367,7 @@ async function inlineSignup(results) {
       console.log(clr(c.bold, '  Next steps:'));
       console.log(clr(c.dim, '    • ') + clr(c.cyan, 'poc status') + clr(c.dim, '       — check your account'));
       if (critPkgs.length > 0) {
-        console.log(clr(c.dim, '    • ') + clr(c.cyan, `poc watch ${critPkgs[0].name}`) + clr(c.dim, '  — start monitoring (Pro)'));
+        console.log(clr(c.dim, '    • ') + clr(c.cyan, `poc watch ${critPkgs[0].name}`) + clr(c.dim, '  — start monitoring (Developer $15/mo)'));
       }
       console.log(clr(c.dim, '    • ') + clr(c.cyan, 'poc init') + clr(c.dim, '          — add CI gate to this project'));
     } else if (data.message) {
@@ -384,7 +384,7 @@ async function inlineSignup(results) {
 function printHelp() {
   console.log(`
-${clr(c.bold, 'proof-of-commitment')} v1.18.1 — supply chain risk scorer
+${clr(c.bold, 'proof-of-commitment')} v1.18.2 — supply chain risk scorer
 ${clr(c.bold, 'Usage:')}
   npx proof-of-commitment                            Auto-detect manifest in current dir
@@ -415,14 +415,14 @@ ${clr(c.bold, 'Account:')}
   poc status          Show current tier, usage, and limits
   poc logout          Remove saved API key
-${clr(c.bold, 'Monitoring (Pro):')}
+${clr(c.bold, 'Monitoring (Developer $15/mo+):')}
   poc watch <package> [--ecosystem npm|pypi|cargo|golang]
                       Add a package to daily monitoring
   poc watchlist       List monitored packages with current scores + risk
   poc unwatch <pkg>   Remove a package from monitoring
-  Get a free key: https://getcommit.dev/get-started?utm_source=cli
-  Upgrade to Pro:  https://getcommit.dev/pricing
+  Get a free key:        https://getcommit.dev/get-started?utm_source=cli
+  Enable monitoring:     https://getcommit.dev/pricing?utm_source=cli&utm_campaign=help
 ${clr(c.bold, 'Options:')}
   --json              Output results as JSON
@@ -965,13 +965,14 @@ async function cmdLogin(keyArg) {
   console.log(clr(c.dim, `  Saved to: ${configPath}`));
   console.log();
-  if (info.tier === 'pro' || info.tier === 'enterprise') {
-    console.log(clr(c.cyan, '  Pro features unlocked:'));
+  if (info.tier === 'developer' || info.tier === 'pro' || info.tier === 'enterprise') {
+    console.log(clr(c.cyan, '  Monitoring unlocked:'));
     console.log(clr(c.dim, '    poc watch <package>    Add a package to daily monitoring'));
     console.log(clr(c.dim, '    poc watchlist          View monitored packages'));
     console.log(clr(c.dim, '    poc unwatch <package>  Remove from monitoring'));
   } else {
-    console.log(clr(c.dim, '  Upgrade to Pro for monitoring + alerts: https://getcommit.dev/pricing?utm_source=cli'));
+    console.log(clr(c.dim, '  Enable monitoring + alerts on Developer ($15/mo):'));
+    console.log(clr(c.cyan, '    https://getcommit.dev/pricing?utm_source=cli&utm_campaign=post-login'));
   }
   console.log();
 }
@@ -1009,7 +1010,8 @@ async function cmdStatus() {
   if (info.tier === 'free') {
     const pct = info.requests_limit > 0 ? Math.round((info.requests_used / info.requests_limit) * 100) : 0;
     if (pct >= 80) {
-      console.log(clr(c.yellow, `  ⚠ ${pct}% of daily limit used. Upgrade for 10K/month: https://getcommit.dev/pricing`));
+      console.log(clr(c.yellow, `  ⚠ ${pct}% of daily limit used. Developer ($15/mo) gets 10K/month + monitoring:`));
+      console.log(clr(c.cyan, `    https://getcommit.dev/pricing?utm_source=cli&utm_campaign=status-limit`));
     }
   }
 }
@@ -1036,11 +1038,24 @@ function tierLabel(tier) {
 /**
  * Handle 402 upgrade response from watchlist endpoints.
+ * Reads server response so the tier name, price, and URL stay authoritative
+ * (server is canonical — CLI was historically out of date saying "Pro" when
+ * "Developer" was the actual gate). Appends CLI UTM for attribution.
  */
-function printUpgradeRequired() {
-  console.error(clr(c.yellow + c.bold, '\n  ✦ Commit Pro required'));
-  console.error(clr(c.dim, '    Monitoring, daily scans, and alerts are Pro features.'));
-  console.error(clr(c.cyan, '    Upgrade at https://getcommit.dev/pricing\n'));
+async function printUpgradeRequired(res, campaign = 'watchlist-402') {
+  let body = null;
+  try { body = await res.json(); } catch {}
+  const plan = (body && body.upgrade && body.upgrade.plan) || 'developer';
+  const planLabel = plan.charAt(0).toUpperCase() + plan.slice(1);
+  const price = (body && body.upgrade && body.upgrade.price) || '$15/month';
+  const baseUrl = (body && body.upgrade && body.upgrade.url) || 'https://getcommit.dev/pricing';
+  const url = baseUrl + (baseUrl.includes('?') ? '&' : '?') + `utm_source=cli&utm_campaign=${campaign}`;
+  const currentTier = body && body.current_tier ? body.current_tier : 'free';
+  console.error(clr(c.yellow + c.bold, `\n  ✦ ${planLabel} (${price}) required`));
+  console.error(clr(c.dim, `    Monitoring, daily scans, and alerts start on ${planLabel}.`));
+  console.error(clr(c.dim, `    Current tier: ${currentTier}`));
+  console.error(clr(c.cyan, `    Upgrade at ${url}\n`));
 }
 /**
@@ -1061,7 +1076,7 @@ async function cmdWatch(pkg, ecosystem) {
     body: JSON.stringify({ package: pkg, ecosystem }),
   });
-  if (res.status === 402) { printUpgradeRequired(); process.exit(1); }
+  if (res.status === 402) { process.stdout.write('\n'); await printUpgradeRequired(res, 'watch-cmd'); process.exit(1); }
   const data = await res.json();
   if (!res.ok) {
@@ -1093,7 +1108,7 @@ async function cmdWatchlist() {
     headers: { 'Authorization': `Bearer ${key}` },
   });
-  if (res.status === 402) { printUpgradeRequired(); process.exit(1); }
+  if (res.status === 402) { await printUpgradeRequired(res, 'watchlist-cmd'); process.exit(1); }
   const data = await res.json();
   if (!res.ok) {
@@ -1132,7 +1147,7 @@ async function cmdWatchlist() {
   const divider = '─'.repeat(divWidth);
   console.log('\n' + divider);
-  console.log(clr(c.dim, `  Commit Pro watchlist · ${pkgs.length}/${data.limit} packages · tier: ${data.tier}`));
+  console.log(clr(c.dim, `  Commit watchlist · ${pkgs.length}/${data.limit} packages · tier: ${data.tier}`));
   console.log(divider);
   console.log(header);
   console.log(divider);
@@ -1175,7 +1190,7 @@ async function cmdUnwatch(pkg, ecosystem) {
     body: JSON.stringify({ package: pkg, ecosystem }),
   });
-  if (res.status === 402) { printUpgradeRequired(); process.exit(1); }
+  if (res.status === 402) { process.stdout.write('\n'); await printUpgradeRequired(res, 'unwatch-cmd'); process.exit(1); }
   const data = await res.json();
   if (!res.ok) {
@@ -1315,7 +1330,7 @@ ${rows}
 <div class="footer">
   <span>Generated by <a href="${WEB}" target="_blank">proof-of-commitment</a></span>
   <span><a href="https://github.com/piiiico/commit-action" target="_blank">GitHub Action</a></span>
-  <span><a href="https://getcommit.dev/pricing?utm_source=cli&amp;utm_medium=report" target="_blank">Commit Pro</a></span>
+  <span><a href="https://getcommit.dev/pricing?utm_source=cli&amp;utm_medium=report" target="_blank">Enable monitoring</a></span>
 </div>
 <script>
 function copyMd() {
@@ -1573,9 +1588,11 @@ jobs:
     console.log(clr(c.white, '  1. The badge updates daily with your project\'s score'));
     console.log(clr(c.white, '  2. Push to trigger the existing workflow'));
   }
-  console.log(clr(c.dim, `\n  Want daily monitoring + alerts? Get a free key:`));
-  console.log(clr(c.cyan, '  https://getcommit.dev/get-started?utm_source=cli'));
-  console.log(clr(c.dim, '  Then run: ') + clr(c.cyan, 'poc login') + clr(c.dim, ' + ') + clr(c.cyan, 'poc watch <package>\n'));
+  console.log(clr(c.dim, `\n  Want daily monitoring + alerts on your dependencies?`));
+  console.log(clr(c.dim, '    1. Free key (200 scans/day):  ') + clr(c.cyan, 'https://getcommit.dev/get-started?utm_source=cli'));
+  console.log(clr(c.dim, '    2. Authenticate:              ') + clr(c.cyan, 'poc login'));
+  console.log(clr(c.dim, '    3. Enable monitoring ($15/mo): ') + clr(c.cyan, 'https://getcommit.dev/pricing?utm_source=cli&utm_campaign=init'));
+  console.log(clr(c.dim, '    4. Watch a package:           ') + clr(c.cyan, 'poc watch <package>\n'));
 }
 async function main() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "proof-of-commitment",
-  "version": "1.18.1",
+  "version": "1.18.2",
   "mcpName": "io.github.piiiico/proof-of-commitment",
   "description": "Supply chain risk scorer for npm, PyPI, Cargo, and Go packages — behavioral signals that can't be faked",
   "type": "module",