{"id":45899112,"url":"https://github.com/Releaserun/releaserun-cli","last_synced_at":"2026-03-10T05:01:44.698Z","repository":{"id":340183313,"uuid":"1164939146","full_name":"Releaserun/releaserun-cli","owner":"Releaserun","description":"CLI tool that scans dependency files for EOL status, CVE risk, and health grade","archived":false,"fork":false,"pushed_at":"2026-03-03T10:25:03.000Z","size":65,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-03T13:43:06.203Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://releaserun.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Releaserun.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-23T16:46:38.000Z","updated_at":"2026-03-03T10:25:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Releaserun/releaserun-cli","commit_stats":null,"previous_names":["releaserun/releaserun-cli"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Releaserun/releaserun-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Releaserun%2Freleaserun-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Releaserun%2Freleaserun-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Releaserun%2Freleaserun-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Releaserun%2Freleaserun-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Releaserun","download_url":"https://codeload.github.com/Releaserun/releaserun-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Releaserun%2Freleaserun-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30325598,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T01:36:58.598Z","status":"online","status_checked_at":"2026-03-10T02:00:06.579Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-27T22:00:44.193Z","updated_at":"2026-03-10T05:01:44.682Z","avatar_url":"https://github.com/Releaserun.png","language":"TypeScript","funding_links":[],"categories":["Dependency intelligence","Diagnostics \u0026 Troubleshooting","Tools","Vulnerabilities and Security Advisories"],"sub_categories":["ArgoCD"],"readme":"# releaserun\n\n[![npm version](https://badge.fury.io/js/releaserun.svg)](https://badge.fury.io/js/releaserun)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n\u003c!-- releaserun:badges:start --\u003e\n[![Node.js 22 Health](https://img.releaserun.com/badge/health/nodejs/22.svg)](https://releaserun.com/nodejs/22/)\n[![TypeScript 5.3 Health](https://img.releaserun.com/badge/health/typescript/5.3.svg)](https://releaserun.com/typescript/5.3/)\n\u003c!-- releaserun:badges:end --\u003e\n\nScan your project for end-of-life dependencies, known CVEs, and version health issues. Get an A-F grade for your entire stack in seconds.\n\n**Version-aware**: badges and grades are pinned to the versions YOUR project actually uses, not generic \"latest version\" data.\n\n```bash\nnpx releaserun check\n```\n\n## What it does\n\nPoint it at any project directory. It reads your dependency files, figures out what you're running, and tells you what's healthy, what's approaching EOL, and what has known CVEs.\n\n```\n  releaserun v1.3.0 — Stack Health Check\n\n  ┌─────────────┬─────────┬────────┬──────┬───────┐\n  │ Technology  │ Version │ EOL    │ CVEs │ Grade │\n  ├─────────────┼─────────┼────────┼──────┼───────┤\n  │ Node.js     │ 22      │ Apr 27 │ 0    │ A     │\n  │ React       │ 19      │ --     │ 0    │ B     │\n  │ TypeScript  │ 5.7     │ --     │ 0    │ A     │\n  │ PostgreSQL  │ 16      │ Nov 28 │ 0    │ A     │\n  │ Redis       │ 7.4     │ --     │ 0    │ A     │\n  └─────────────┴─────────┴────────┴──────┴───────┘\n\n  Overall Grade: A\n```\n\nThe versions come from your actual files. Node.js 22 from `.nvmrc`, PostgreSQL 16 from `docker-compose.yml`, React 19 from `package.json`. Not guesses.\n\n## Install\n\n```bash\n# Run without installing\nnpx releaserun check\n\n# Or install globally\nnpm install -g releaserun\n```\n\nRequires Node.js 18+.\n\n## Commands\n\n### `releaserun check`\n\nScan and grade your stack.\n\n```bash\nreleaserun check                    # scan current directory\nreleaserun check --path ./my-app    # scan a specific path\nreleaserun check --json             # JSON output for scripting\nreleaserun check --fail-on D        # exit non-zero if anything grades D or worse\nreleaserun check --verbose          # show what's being scanned and fetched\n```\n\n### `releaserun badges`\n\nGenerate version-specific badge markdown for your README.\n\n```bash\nreleaserun badges                          # health badges (default)\nreleaserun badges --type eol               # EOL status badges\nreleaserun badges --type cve               # CVE count badges\nreleaserun badges --style flat-square      # flat-square style\n```\n\nOutput (copied to clipboard):\n\n```markdown\n[![Node.js 22 Health](https://img.releaserun.com/badge/health/nodejs/22.svg)](https://releaserun.com/nodejs/22/)\n[![Python 3.12 Health](https://img.releaserun.com/badge/health/python/3.12.svg)](https://releaserun.com/python/3.12/)\n[![PostgreSQL 16 Health](https://img.releaserun.com/badge/health/postgresql/16.svg)](https://releaserun.com/postgresql/16/)\n```\n\nBadges are pinned to the versions detected in your project. `PostgreSQL 16` comes from your `docker-compose.yml`, not from the `pg` npm package version.\n\n### `releaserun readme`\n\nInject badges directly into your README with auto-updating markers.\n\n```bash\nreleaserun readme                   # preview what would be injected\nreleaserun readme --write           # write badges into README.md\nreleaserun readme --readme DOCS.md  # target a different file\n```\n\nBadges go between `\u003c!-- releaserun:badges:start --\u003e` and `\u003c!-- releaserun:badges:end --\u003e` markers. Run it again and it replaces the old badges with fresh ones. No markers yet? It inserts them after the first heading.\n\n### `releaserun ci`\n\nCI-optimized output. No colors, no table formatting.\n\n```bash\nreleaserun ci --json --fail-on D\n```\n\n## What it scans\n\n| File | What it detects |\n|------|-----------------|\n| `package.json` | Node.js (from `engines`), React, Vue, Angular, TypeScript, webpack, etc. |\n| `pyproject.toml` | Python (from `requires-python`), Django, Flask, database clients |\n| `requirements.txt` / `Pipfile` | Python packages, framework detection |\n| `go.mod` | Go version (from directive), database client detection |\n| `Gemfile` | Ruby version, Rails |\n| `Cargo.toml` | Rust (from `rust-version` or edition), crate detection |\n| `pom.xml` | Java version, Spring Boot |\n| `composer.json` | PHP version, Laravel, Symfony |\n| `Dockerfile` | Base images (node:22, python:3.12, postgres:16, etc.) |\n| `docker-compose.yml` | Service images (postgres:16, redis:7.4, etc.) |\n| `.nvmrc` / `.node-version` | Node.js version |\n| `.python-version` | Python version |\n| `.ruby-version` / `.go-version` | Ruby/Go version |\n| `.tool-versions` | asdf-managed runtimes |\n\n**Version accuracy matters.** Client library versions are never confused with server versions. `pg:8.13` in package.json detects \"PostgreSQL is used\" but doesn't claim it's PostgreSQL 8.13. The actual version comes from your Dockerfile or docker-compose.yml where you define `postgres:16`.\n\n## How version detection works\n\nSources are checked in priority order:\n\n1. **Version files** (`.nvmrc`, `.python-version`) - what you actually run locally\n2. **Lock/config files** (`package.json engines`, `pyproject.toml requires-python`, `go.mod go directive`, `Cargo.toml rust-version`)\n3. **Dependency lists** - direct-match packages (react 19 = React 19) vs indicators (express 4.18 = \"Node.js is used, version unknown\")\n4. **Dockerfile** - base image tags (`FROM python:3.12-slim`)\n5. **docker-compose.yml** - service images (`image: postgres:16`)\n\nLater sources fill in gaps. If `pg` in package.json detects PostgreSQL (unknown version), and docker-compose.yml has `postgres:16`, the final result is PostgreSQL 16.\n\n## Grading\n\n| Grade | Meaning |\n|-------|---------|\n| **A** | Fully supported, no CVEs, plenty of runway |\n| **B** | Supported, EOL in 6-12 months |\n| **C** | Approaching EOL (\u003c6 months) or minor CVEs |\n| **D** | EOL imminent (\u003c3 months) or moderate CVEs |\n| **F** | Past EOL or critical CVEs |\n| **?** | Version unknown, can't determine health |\n\nTechnologies with unknown versions get `?` instead of a fake grade. We'd rather be honest than misleading.\n\n## CI Integration\n\n```yaml\n# GitHub Actions\n- name: Check stack health\n  run: npx releaserun check --fail-on D\n\n# Or use the dedicated action with PR comments and badge auto-update\n- uses: Releaserun/releaserun-action@v2\n  with:\n    path: '.'\n    comment: 'true'\n    update-readme: 'true'\n```\n\nExit codes: `0` = all clear, `1` = something grades C/D, `2` = something grades F.\n\n## All Options\n\n| Flag | Description | Default |\n|------|-------------|---------|\n| `--path \u003cdir\u003e` | Directory to scan | `.` |\n| `--json` | JSON output | `false` |\n| `--fail-on \u003cgrade\u003e` | Exit non-zero at or below this grade | `F` |\n| `--style \u003cs\u003e` | Badge style: `flat` or `flat-square` | `flat` |\n| `--type \u003ct\u003e` | Badge type: `health`, `eol`, `v`, `cve` | `health` |\n| `--write` | Write badges to README (readme command) | `false` |\n| `--readme \u003cfile\u003e` | Target file for readme command | `README.md` |\n| `--no-color` | Disable terminal colors | `false` |\n| `--no-cache` | Skip local response cache | `false` |\n| `--verbose` | Show scanning details | `false` |\n\n## Privacy\n\nNo dependency files are uploaded. The only network calls are to check version status against public APIs ([endoflife.date](https://endoflife.date), [ReleaseRun badge API](https://releaserun.github.io/badges)). Responses are cached locally for 1 hour.\n\n## Links\n\n- [ReleaseRun](https://releaserun.com) - Release lifecycle tracking for 300+ technologies\n- [Badge API Docs](https://releaserun.github.io/badges) - Full badge reference\n- [GitHub Action](https://github.com/Releaserun/releaserun-action) - CI integration with PR comments\n- [Free Developer Tools](https://releaserun.com/tools/) - 30 browser-based tools (no signup)\n\n## License\n\nMIT\n\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FReleaserun%2Freleaserun-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FReleaserun%2Freleaserun-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FReleaserun%2Freleaserun-cli/lists"}