shipcheck-cli 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -3
- package/dist/src/cli.js +1 -1
- package/package.json +9 -1
package/README.md
CHANGED
|
@@ -6,15 +6,17 @@ Release-readiness and AI-app exposure scanner for JavaScript and TypeScript repo
|
|
|
6
6
|
|
|
7
7
|
It also checks the failure points that show up in AI-built apps made with Lovable, Bolt, Replit, Cursor, v0, Base44, Supabase, Firebase, Stripe, and AI API integrations: exposed private keys, public frontend env vars that look private, unsigned Stripe webhooks, missing Firebase rules, undocumented Supabase RLS, debug API routes, and missing AI usage guardrails.
|
|
8
8
|
|
|
9
|
+
Tool page: https://tatelyman.github.io/tate-web-services/shipcheck.html
|
|
10
|
+
|
|
9
11
|
## Install
|
|
10
12
|
|
|
11
|
-
Run from
|
|
13
|
+
Run from npm:
|
|
12
14
|
|
|
13
15
|
```bash
|
|
14
|
-
npx --yes
|
|
16
|
+
npx --yes shipcheck-cli .
|
|
15
17
|
```
|
|
16
18
|
|
|
17
|
-
|
|
19
|
+
Or install/build locally:
|
|
18
20
|
|
|
19
21
|
```bash
|
|
20
22
|
npm install
|
|
@@ -47,6 +49,34 @@ shipcheck ../client-app --format markdown
|
|
|
47
49
|
shipcheck . --strict --fail-on medium
|
|
48
50
|
```
|
|
49
51
|
|
|
52
|
+
## GitHub Action
|
|
53
|
+
|
|
54
|
+
Action repo: https://github.com/TateLyman/shipcheck-action
|
|
55
|
+
|
|
56
|
+
Add Shipcheck as a release gate in any JS/TS repo:
|
|
57
|
+
|
|
58
|
+
```yaml
|
|
59
|
+
name: shipcheck
|
|
60
|
+
|
|
61
|
+
on:
|
|
62
|
+
pull_request:
|
|
63
|
+
push:
|
|
64
|
+
branches:
|
|
65
|
+
- main
|
|
66
|
+
|
|
67
|
+
jobs:
|
|
68
|
+
shipcheck:
|
|
69
|
+
runs-on: ubuntu-latest
|
|
70
|
+
steps:
|
|
71
|
+
- uses: actions/checkout@v4
|
|
72
|
+
- uses: TateLyman/shipcheck-action@v1
|
|
73
|
+
with:
|
|
74
|
+
fail-on: medium
|
|
75
|
+
strict: true
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
The action runs the npm package with `npx`, so target repos do not need to add Shipcheck as a dependency.
|
|
79
|
+
|
|
50
80
|
## What It Checks
|
|
51
81
|
|
|
52
82
|
- `package.json` exists and has repeatable `test` and `build` scripts
|
|
@@ -90,6 +120,12 @@ JSON output is designed for automation:
|
|
|
90
120
|
shipcheck . --format json
|
|
91
121
|
```
|
|
92
122
|
|
|
123
|
+
## Manual Review
|
|
124
|
+
|
|
125
|
+
Shipcheck is the first pass. If the report finds a blocker in an app you own or are authorized to inspect, you can request a manual review from the tool page.
|
|
126
|
+
|
|
127
|
+
Manual reviews focus on auth, data rules, env boundaries, Stripe/webhooks, deploy config, and the first paid user flow.
|
|
128
|
+
|
|
93
129
|
## Exit Codes
|
|
94
130
|
|
|
95
131
|
By default, `shipcheck` exits with code `1` only when a `high` finding is present.
|
package/dist/src/cli.js
CHANGED
package/package.json
CHANGED
|
@@ -1,8 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "shipcheck-cli",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.1",
|
|
4
4
|
"description": "Release-readiness and AI-app exposure scanner for JavaScript and TypeScript repositories.",
|
|
5
5
|
"type": "module",
|
|
6
|
+
"homepage": "https://tatelyman.github.io/tate-web-services/shipcheck.html",
|
|
7
|
+
"repository": {
|
|
8
|
+
"type": "git",
|
|
9
|
+
"url": "git+https://github.com/TateLyman/shipcheck-cli.git"
|
|
10
|
+
},
|
|
11
|
+
"bugs": {
|
|
12
|
+
"url": "https://github.com/TateLyman/shipcheck-cli/issues"
|
|
13
|
+
},
|
|
6
14
|
"bin": {
|
|
7
15
|
"shipcheck": "dist/src/cli.js"
|
|
8
16
|
},
|