v2.4.0

What's Changed

• feat(interface): prevent network navigation when wiki is opened by @FredGuiou in #324
• docs: add FredGuiou as a contributor for code by @allcontributors in #325
• feat(wiki): keyboard navigation by @PierreDemailly in #328
• fix(code-fetcher): improve multi-line code snippet by @PierreDemailly in #329
• make npmAvatar primary src by @kishore881 in #331
• feat(interface): navigate between locked nodes by @PierreDemailly in #340
• chore: update copyright by @fabnguess in #348
• feat: improve i18n by @PierreDemailly in #347
• feat(interface): download report by @PierreDemailly in #349
• chore: use dependabot groups by @PierreDemailly in #356
• chore: fix dependabot group name by @PierreDemailly in #357
• chore(deps): bump the github-actions group with 3 updates by @dependabot in #358
• chore(deps): bump the dependencies group with 2 updates by @dependabot in #359
• chore(deps): bump the nodesecure-dependencies group with 2 updates by @dependabot in #362
• chore(deps-dev): bump the development-dependencies group with 1 update by @dependabot in #360
• chore(http/report): remove co-body by @PierreDemailly in #363
• ci: setup npm provenance by @fraxken in #365
• 2.4.0 by @fraxken in #366
• ci(provenance): do not use npm ci by @fraxken in #367

New Contributors

• @FredGuiou made their first contribution in #324

Full Changelog: v2.3.1...v2.4.0

v2.3.1

What's Changed

• fix(build): missing i18n folder by @PierreDemailly in #322
• 2.3.1 by @PierreDemailly in #323

Full Changelog: v2.3.0...v2.3.1

v2.3.0

What's Changed

• feat: implements ossf scorecard by @PierreDemailly in #125
• docs: add PierreDemailly as a contributor for code by @allcontributors in #126
• fix: remove import protocol for doc redirection by @PierreDemailly in #127
• feat: improve cliui design by @PierreDemailly in #129
• chore: fixing badges and adding back SECURITY.md by @fraxken in #130
• docs: add documentation for scorecards by @PierreDemailly in #132
• change the node.js favicon by our own logo by @Ineslujan in #137
• docs: add Ineslujan as a contributor for code by @allcontributors in #138
• Updating the URL of an avatar by @fabnguess in #136
• docs(badges): use for-the-badge style and remove downloads one by @fraxken in #139
• [Snyk] Upgrade cacache from 17.0.2 to 17.0.4 by @fraxken in #140
• Updating security policy by @fabnguess in #141
• ci: update and pin version with SHA-commit by @fraxken in #142
• feat: add dependabot yml configuration by @fraxken in #143
• [StepSecurity] Apply security best practices by @step-security-bot in #144
• CodeQL fix and remove root dependabot file by @fraxken in #147
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #145
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #146
• chore(deps-dev): bump @myunisoft/httpie from 1.9.2 to 1.10.0 by @dependabot in #151
• chore(deps-dev): bump esbuild from 0.15.14 to 0.17.3 by @dependabot in #148
• docs: improve CONTRIBUTORS guide(s) by @fraxken in #153
• chore(deps-dev): bump @nodesecure/size-satisfies from 1.0.2 to 1.1.0 by @dependabot in #152
• chore: remove permanently package-lock.json by @fraxken in #157
• ci: remove lint stage and use coverage npm script by @fraxken in #158
• refactor: use latest spinner API and implement --silent mode by @fraxken in #162
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.0 by @dependabot in #161
• chore(deps): bump github/codeql-action from 2.2.0 to 2.2.1 by @dependabot in #163
• fix: searchbar helper redirect to the good section by @PierreDemailly in #166
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 by @dependabot in #168
• feat(cli): add scorecard command by @PierreDemailly in #164
• docs: add SofianD as a contributor for code by @allcontributors in #169
• chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 by @dependabot in #170
• feat: 3rd party tools links (Snyk & Socket.dev) by @PierreDemailly in #171
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #172
• fix(package.json): npm scripts using cross-env by @SofianD in #174
• Update dependabot frequency by @fabnguess in #175
• docs: add fabnguess as a contributor for maintenance by @allcontributors in #177
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #176
• chore: bump i18n by @PierreDemailly in #179
• refactor: transform to NPM monorepo by @fraxken in #178
• fix(security): add missing workflow top level permissions by @fraxken in #181
• chore(deps): bump ini from 3.0.1 to 4.0.0 by @dependabot in #182
• chore(deps): bump open from 8.4.2 to 9.1.0 by @dependabot in #183
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #185
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #186
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #187
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #188
• chore: update dependencies by @fraxken in #184
• 2.2.0 by @fraxken in #189
• fix: move @openally/result from devDeps to deps by @PierreDemailly in #190
• 2.2.1 by @fraxken in #191
• chore(ci): run tests on Windows & Mac by @PierreDemailly in #192
• chore(deps): bump filenamify from 5.1.1 to 6.0.0 by @dependabot in #193
• refactor: migrate from tap to node test runner by @PierreDemailly in #202
• test: add missing tests by @PierreDemailly in #206
• chore(deps): bump github/codeql-action from 2.2.9 to 2.3.5 by @dependabot in #204
• chore: update dependencies by @PierreDemailly in #227
• fix: build error by @PierreDemailly in #230
• chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #232
• chore(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in #231
• feat: apply settings on save by @PierreDemailly in #234
• feat: add scorecard visualizer external link by @PierreDemailly in #235
• chore: drop support for Node 16 by @fabnguess in #246
• refactor: split package component into multiple class by @fraxken in #247
• fix(network): missing type conversion by @PierreDemailly in #249
• fix: prevent update of current node by @PierreDemailly in #248
• Update documentation and dependencies by @fraxken in #251
• feat: add color to scorecard menu by @fraxken in #253
• feat(network): keyboard navigation by @PierreDemailly in #254
• fix: minors bugs in the package pannel by @fraxken in #256
• fix: package info does not shows by @PierreDemailly in #259
• Update scanner by @fraxken in #262
• chore: start working on home ossf scorecard by @fraxken in #261
• fix: package info not opening by @PierreDemailly in #260
• refactor(gauge): improve implementation & add optional chips by @fraxken in #263
• Avoid invalid GitHub crash by @fraxken in #268
• refactor(home.view): rework authors section by @fraxken in #267
• feat(scorecard): add support for GitLab by @PierreDemailly in #266
• feat(navigation): add simple anchor mecanism for views by @fraxken in #269
• feat: add clickable link to Gauge & add link to licenses by @fraxken in #274
• refactor: revamp flags position & fix unicode segmentation bug by @fraxken in #275
• fix(css): adapt package-container height by @fraxken in #277
• refactor: use node: namespace everywhere by @fraxken in #276
• feat: highlight suspicious scripts by @fraxken in #278
• refactor: use @topcli/prompts instead of qoa by @fraxken in #280
• fix: left menu not updated by @PierreDemailly in #282
• feat: create new header menu by @PierreDemailly in #283
• Fix bugs by @fraxken in #286
• refactor: improve wiki css by @fraxken in #281
• docs: update README by @fraxken in #287
• feat: verify payload scanner version & implement local i18n by @fraxken in #279
• feat(settings): hotkeys customisation by @PierreDemailly in #290
• feat: add wiki shortcut by @fraxken in #291
• feat: highlight suspicious packages by...

v2.2.1

What's Changed

• fix: move @openally/result from devDeps to deps by @PierreDemailly in #190

Full Changelog: v2.2.0...v2.2.1

v2.2.0

What's Changed

• feat: implements ossf scorecard by @PierreDemailly in #125
• docs: add PierreDemailly as a contributor for code by @allcontributors in #126
• fix: remove import protocol for doc redirection by @PierreDemailly in #127
• feat: improve cliui design by @PierreDemailly in #129
• chore: fixing badges and adding back SECURITY.md by @fraxken in #130
• docs: add documentation for scorecards by @PierreDemailly in #132
• change the node.js favicon by our own logo by @Ineslujan in #137
• docs: add Ineslujan as a contributor for code by @allcontributors in #138
• Updating the URL of an avatar by @fabnguess in #136
• docs(badges): use for-the-badge style and remove downloads one by @fraxken in #139
• [Snyk] Upgrade cacache from 17.0.2 to 17.0.4 by @fraxken in #140
• Updating security policy by @fabnguess in #141
• ci: update and pin version with SHA-commit by @fraxken in #142
• feat: add dependabot yml configuration by @fraxken in #143
• [StepSecurity] Apply security best practices by @step-security-bot in #144
• CodeQL fix and remove root dependabot file by @fraxken in #147
• chore(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #145
• chore(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2 by @dependabot in #146
• chore(deps-dev): bump @myunisoft/httpie from 1.9.2 to 1.10.0 by @dependabot in #151
• chore(deps-dev): bump esbuild from 0.15.14 to 0.17.3 by @dependabot in #148
• docs: improve CONTRIBUTORS guide(s) by @fraxken in #153
• chore(deps-dev): bump @nodesecure/size-satisfies from 1.0.2 to 1.1.0 by @dependabot in #152
• chore: remove permanently package-lock.json by @fraxken in #157
• ci: remove lint stage and use coverage npm script by @fraxken in #158
• refactor: use latest spinner API and implement --silent mode by @fraxken in #162
• chore(deps): bump github/codeql-action from 2.1.39 to 2.2.0 by @dependabot in #161
• chore(deps): bump github/codeql-action from 2.2.0 to 2.2.1 by @dependabot in #163
• fix: searchbar helper redirect to the good section by @PierreDemailly in #166
• chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 by @dependabot in #168
• feat(cli): add scorecard command by @PierreDemailly in #164
• docs: add SofianD as a contributor for code by @allcontributors in #169
• chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 by @dependabot in #170
• feat: 3rd party tools links (Snyk & Socket.dev) by @PierreDemailly in #171
• chore(deps): bump step-security/harden-runner from 2.1.0 to 2.2.0 by @dependabot in #172
• fix(package.json): npm scripts using cross-env by @SofianD in #174
• Update dependabot frequency by @fabnguess in #175
• docs: add fabnguess as a contributor for maintenance by @allcontributors in #177
• chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 by @dependabot in #176
• chore: bump i18n by @PierreDemailly in #179
• refactor: transform to NPM monorepo by @fraxken in #178
• fix(security): add missing workflow top level permissions by @fraxken in #181
• chore(deps): bump ini from 3.0.1 to 4.0.0 by @dependabot in #182
• chore(deps): bump open from 8.4.2 to 9.1.0 by @dependabot in #183
• chore(deps): bump actions/checkout from 3.3.0 to 3.5.0 by @dependabot in #185
• chore(deps): bump github/codeql-action from 2.2.5 to 2.2.9 by @dependabot in #186
• chore(deps): bump step-security/harden-runner from 2.2.0 to 2.2.1 by @dependabot in #187
• chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @dependabot in #188
• chore: update dependencies by @fraxken in #184

New Contributors

• @Ineslujan made their first contribution in #137
• @fabnguess made their first contribution in #136
• @step-security-bot made their first contribution in #144
• @SofianD made their first contribution in #174

Full Changelog: v2.1.2...v2.2.0

v2.1.2

What's Changed

• fix(cli): command from, cwd and verify by @fraxken in #124
• chore(package): update @nodesecure/scanner to v3.8.0 by @fraxken

Full Changelog: v2.1.1...v2.1.2

v2.1.1

What's Changed

• Update dependencies by @fraxken (fixing issue with missing tslib and deprecated npm package with cacache).
• Add a warning when NODE_SECURE_TOKEN is missing by @tekeuange23 in #115
• docs: add tekeuange23 as a contributor for code by @allcontributors in #120

New Contributors

• @tekeuange23 made their first contribution in #115

Full Changelog: v2.1.0...v2.1.1

v2.1.0

What's Changed

• fix: initialize fade with bin instead of old manifest name by @PierreDemailly in #110
• chore(deps): bump undici from 5.5.1 to 5.8.0 by @dependabot in #111
• Chore add command to manage runtime configuration by @Kawacrepe in #104
• docs: add Kawacrepe as a contributor for code, bug by @allcontributors in #112
• replacement of the @slimio/async-cli-spinner library by @topcli/spinner by @halcin in #114
• docs: add halcin as a contributor for code by @allcontributors in #116
• chore(deps): bump undici from 5.8.0 to 5.10.0 by @dependabot in #117
• fix: use info as default instead of overview by @fraxken in #119

New Contributors

• @PierreDemailly made their first contribution in #110
• @Kawacrepe made their first contribution in #104
• @halcin made their first contribution in #114

Full Changelog: v2.0.0...v2.1.0

v1.0.0

What's Changed

• Move the project into the NodeSecure org and rename it cli.
• chore: fix ci by @tony-go in #94
• Add scanner v3.3.0 which add support for Workspaces by @fraxken.

Many thanks to the FrenchJavaScript community (ES-Community) that hosted the project for several years.

Full Changelog: v0.9.0...v1.0.0

v0.9.0

New release using the new NodeSecure back-end.

Highlights

• Now use ESM instead of CJS.
• Moving away from Jest to use tape for Unit testing.
• Use @nodesecure/scanner v3.0.0: https://github.com/NodeSecure/scanner/releases/tag/v3.0.0
• Use @nodesecure/vis-network: https://github.com/NodeSecure/vis-network
• All CLI commands are now properly implemented in ./src/commands.
• The http server has been completely cleaned and separated into several files at ./src/http-server.

Some enhancement from the new back-end:

• New trojan source detection on JS-X-Ray.
• Better support for npm resolvers (adding github: and git:).
• Better management and retrieval of authors and maintainers.
• A lot of work around package vulnerabilities (now with a standard format). See NodeSecure/vuln.

Bug fix

• Fixed bundlephobia CORS issue.
• Fixed a bug where the http server would not open.