safelaunch 1.0.37 → 1.0.40

package/bin/safelaunch.js

@@ -59,6 +59,7 @@ for (const a of args) {
 }
 const hookMode = flags["--hook"] === true;
 const silent   = flags["--silent"] === true;
+const jsonMode = flags["--json"] === true;
 
 // ─── Dispatch ─────────────────────────────────────────────────────────────────
 (async () => {
@@ -89,6 +90,12 @@ const silent   = flags["--silent"] === true;
 
     // ── scan ────────────────────────────────────────────────────────────────
     case "scan": {
+      if (jsonMode) {
+        const result = await runScan({ hookMode: false, quiet: true, cwd: process.cwd() });
+        const all = [...result.blockers, ...result.warnings, ...result.infos];
+        process.stdout.write(JSON.stringify({ blockers: result.blockers, warnings: result.warnings, infos: result.infos, all, elapsed: result.elapsed }, null, 2));
+        process.exit(0);
+      }
       if (!hookMode && !silent) {
         process.stdout.write(gray(`safelaunch v${version} — scanning...\n\n`));
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safelaunch",
-  "version": "1.0.37",
+  "version": "1.0.40",
   "description": "Backend Reliability Infrastructure - catch what breaks production before it breaks",
   "main": "index.js",
   "bin": {

package/src/scan.js

@@ -128,12 +128,7 @@ const IMPACTS = {
     impact: "Known vulnerabilities exist that could be exploited. These should be fixed before deploying.",
     fix:    "Run npm audit fix or check npm audit for manual fixes.",
   }),
-  AUDIT_HIGH: (count) => ({
-    title:  `${count} high-severity vulnerability${count > 1 ? "ies" : "y"} in dependencies`,
-    impact: "Known vulnerabilities exist that could be exploited. These should be fixed before deploying.",
-    fix:    "Run npm audit fix or check npm audit for manual fixes.",
-  }),
-  AUDIT_CRITICAL: (count) => ({
+    AUDIT_CRITICAL: (count) => ({
     title:  `${count} critical vulnerability${count > 1 ? "ies" : "y"} in dependencies`,
     impact: "Known exploits exist for these packages. Shipping them puts your users and infrastructure at risk.",
     fix:    "Run npm audit fix or check npm audit for manual fixes.",
@@ -177,8 +172,9 @@ function loadManifest(cwd) {
 
 function checkMissingEnvVars(cwd, envVars, manifest) {
   const issues = [];
-  if (!manifest || !manifest.required) return issues;
-  for (const name of manifest.required) {
+  if (!manifest || !manifest.envs) return issues;
+  for (const [name, meta] of Object.entries(manifest.envs)) {
+    if (!meta.required) continue;
     if (!(name in envVars) && !process.env[name]) {
       issues.push({ severity: "block", ...IMPACTS.MISSING_ENV_VAR(name) });
     }
@@ -252,7 +248,7 @@ function checkTypeScript(cwd) {
   const issues = [];
   if (!fileExists(path.join(cwd, "tsconfig.json"))) return issues;
   try {
-    execSync("npx tsc --noEmit", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"] });
+    execSync("npx tsc --noEmit", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"], timeout: 30000 });
   } catch {
     issues.push({ severity: "block", ...IMPACTS.TS_ERRORS() });
   }
@@ -287,7 +283,7 @@ function checkNpmAudit(cwd) {
   const issues = [];
   if (!fileExists(path.join(cwd, "package.json"))) return issues;
   try {
-    execSync("npm audit --json", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"] });
+    execSync("npm audit --json", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"], timeout: 15000 });
   } catch (e) {
     try {
       const data = JSON.parse(e.stdout || "");
@@ -563,7 +559,7 @@ function checkDebugFlags(cwd) {
       issues.push({ severity: "warn", ...IMPACTS.DEBUG_FLAG_ENABLED(key.trim()) });
     }
     if (k === 'NODE_ENV' && v === 'development') {
-      issues.push({ severity: "warn", ...IMPACTS.DEBUG_FLAG_ENABLED(key.trim()) });
+      issues.push({ severity: "warn", title: `NODE_ENV is set to development`, impact: 'Running in development mode in production exposes stack traces and disables optimizations.', fix: 'Set NODE_ENV=production in your production environment.' });
     }
   }
   return issues;