npm-validator CLI

This workspace packages the local npm-validator command-line interface. It mirrors the GitHub Action so you can scan repositories from your workstation before committing workflows.

Prerequisites

- Node.js 20 LTS (minimum 18.x)
- Python 3.11 on your PATH (the Python zipapp runs under the hood)

Install dependencies once from the repository root:

``bash
npm install
`

Running the scanner locally

Build the CLI bundle (required whenever you pull new changes):

`bash
npm --workspace cli run build
`

Invoke the executable against your project directory (replace ~/projects/my-app with the directory you want to scan):

`bash
npm --workspace cli exec npm-validator --root ~/projects/my-app
`

$3

Install the CLI globally (or use npx) and run it directly:

`bash
npm install -g @ivangrynenko/npm-validator-cli
npm-validator --root ~/projects/my-app

or without a global install


npx @ivangrynenko/npm-validator-cli --root ~/projects/my-app
`

Key options:

- --list – override the bundled compromised package list.
- --warn-only – always return exit code 0, even if findings are detected.
- --summary / --json / --inventory – control where outputs are written.
- --version / -v / -V – print the CLI version without running a scan.

You can also execute the binary directly for quick checks:

`bash
node cli/bin/npm-validator.js --root .
``

The CLI prints a table summarising findings, paths to the generated artifacts, and the compromised list source used during the scan.