feat: CLI ready for npmjs.com, --ci flag for GitHub Actions annotations

dusan-maintains · dusan-maintains · commit 5bf43046dd03 · 2026-03-17T21:59:01.000+05:00
- Fixed: unscoped oss-health-scan name for public npm registry
- Removed: .npmrc GitHub Packages lock
- Added: --ci flag outputs ::warning:: and ::error:: annotations in GitHub Actions
- Keywords: added deprecated, dead-packages, supply-chain for npm search
diff --git a/cli/.npmrc b/cli/.npmrc
diff --git a/cli/bin/scan.js b/cli/bin/scan.js
@@ -17,18 +17,20 @@ const HELP = `
 
   Options:
     --json          Output raw JSON instead of terminal report
+    --ci            Output GitHub Actions annotations (::warning::, ::error::)
     --threshold N   Only show packages below health score N (default: show all)
     --dev           Include devDependencies
     --no-color      Disable colored output
     -h, --help      Show this help
 `;
 
 async function resolvePackages(args) {
-  const flags = { json: false, threshold: 0, dev: false, color: true, packages: [] };
+  const flags = { json: false, ci: false, threshold: 0, dev: false, color: true, packages: [] };
 
   for (let i = 0; i < args.length; i++) {
     const a = args[i];
     if (a === '--json') flags.json = true;
+    else if (a === '--ci') flags.ci = true;
     else if (a === '--dev') flags.dev = true;
     else if (a === '--no-color') flags.color = false;
     else if (a === '-h' || a === '--help') { process.stdout.write(HELP); process.exit(0); }
@@ -161,6 +163,16 @@ async function main() {
 
   if (flags.json) {
     process.stdout.write(JSON.stringify({ scanned: packages.length, results: filtered }, null, 2) + '\n');
+  } else if (flags.ci) {
+    for (const r of filtered) {
+      if (r.error) continue;
+      const level = r.risk_level === 'critical' ? 'error' : r.risk_level === 'warning' ? 'warning' : 'notice';
+      const msg = `${r.name}@${r.latest || '?'}: health ${r.health_score}/100` +
+        (r.reason ? ` — ${r.reason}` : '') +
+        (r.daysSincePush ? ` (last push ${r.daysSincePush}d ago)` : '');
+      process.stdout.write(`::${level}::${msg}\n`);
+    }
+    printReport(filtered, flags.color);
   } else {
     printReport(filtered, flags.color);
   }
diff --git a/cli/package.json b/cli/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@dusan-maintains/oss-health-scan",
+  "name": "oss-health-scan",
   "version": "1.0.0",
   "description": "Scan your package.json for abandoned, unmaintained, or unhealthy npm dependencies. Get health scores (0-100) for every dependency. Zero external dependencies.",
   "bin": {
@@ -16,7 +16,9 @@
     "maintenance",
     "oss",
     "scanner",
-    "supply-chain"
+    "supply-chain",
+    "deprecated",
+    "dead-packages"
   ],
   "author": "dusan-maintains",
   "license": "MIT",
@@ -36,8 +38,5 @@
     "bin/",
     "lib/",
     "README.md"
-  ],
-  "publishConfig": {
-    "registry": "https://npm.pkg.github.com"
-  }
+  ]
 }
