Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@wcag-audit/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@wcagaudit/cli
Project-aware WCAG 2.1/2.2 auditor. Scans every route in your Next.js app, generates an Excel report AND AI-ready fix prompts your coding agent can read directly.
Install
No install needed — use npx:
npx wcag-audit init # one-time: license key + optional AI config
cd my-nextjs-app
npx wcag-audit scan # audits every route, writes WCAG_FIXES.md + wcag-report.xlsxCommands
| Command | What it does |
|---|---|
init |
Interactive setup. Saves license + AI config to ~/.wcagauditrc (chmod 600). |
scan |
Audit every route in the current project. Next.js App + Pages Router supported. |
scan --dry-run |
Preview credit cost only. No browser launches, no credits consumed. |
scan --no-ai |
Skip AI vision review (faster, no LLM cost). |
scan --no-cache |
Force a full scan even if cached findings are available (they're valid for 24h). |
ci --fail-on=<level> |
CI-optimized scan. Exit 1 when findings at critical (default), serious, moderate, or minor threshold are found. |
doctor |
Diagnose setup (license, AI key, framework detection, dev script). |
scan --url=<url> |
Crawl a deployed site instead of the local project. Combine with --crawl-depth. |
scan --routes=<file> |
Load routes from a plain text file (one per line, # for comments). |
scan --crawl-depth=<n> |
Max BFS depth when using --url (default 2). |
audit <url> |
Legacy single-URL audit. Prefer scan for local projects. |
config |
Print current config (secrets masked). |
Config
Global: ~/.wcagauditrc (secrets, never committed)
Created by init. Contains license key + AI API key.
Project: .wcagauditrc (committed)
Optional. Overrides scan behavior per project:
{
"routes": "auto",
"excludePaths": ["/api/*", "/admin/*"],
"failOn": "critical",
"outputs": ["excel", "markdown"],
"devServer": {
"command": null,
"port": null,
"healthCheck": "/"
}
}What Gets Generated
WCAG_FIXES.md— AI-ready markdown with file paths, route context, WCAG criteria, code snippets, and fix hints. Hand to Cursor / Claude Code / Windsurf.wcag-report.xlsx— Full compliance report with embedded screenshots.
Supported Frameworks
- Next.js App Router and Pages Router
- Vite + React Router v6+
- SvelteKit
- Remix v2
- Astro
- Fallbacks: sitemap.xml, manual routes file, BFS crawl for deployed sites
Dynamic Routes
Routes like /blog/[slug] or /users/:id are skipped by default. To include them, add samples to .wcagauditrc:
{
"dynamicRouteSamples": {
"/blog/[slug]": ["hello-world", "another-post"],
"/users/[id]": ["1", "42"]
}
}Each sample value generates one concrete route.
Credits
- Pro / Business: 1 credit per route audited.
- Enterprise: postpaid monthly invoice.
- AI vision review is BYOK (your own API key, your own LLM spend).
Cursor / Claude Code Integration
Set outputs in .wcagauditrc to include one or both of:
"cursor-rules"— writes.cursor/rules/wcag-fixes.mdc. Cursor auto-attaches the rule as context when you edit matching files."agents-md"— upserts a<!-- wcag-audit:start -->/<!-- wcag-audit:end -->section in your rootAGENTS.md. Safe to re-run; it replaces the section in place without disturbing surrounding content.
Example:
{
"outputs": ["markdown", "cursor-rules", "agents-md"]
}Incremental Scans (Cache)
Scan results are cached per route for 24h in .wcag-audit/cache/. Re-running scan within that window skips unchanged routes at zero credit cost. Gitignore .wcag-audit/ to keep the cache local.
Pass --no-cache to force a fresh scan.