Package Exports
- deploy-check-cli
- deploy-check-cli/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (deploy-check-cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
deploy-check-cli
Analyze code changes for deployment risks before they reach production.
Installation
# npm
npm install -g deploy-check-cli
# pnpm
pnpm add -g deploy-check-cli
# yarn
yarn global add deploy-check-cli
# npx (no install)
npx deploy-check-cli analyzeQuick Start
deploy-check analyze # Analyze against main branch
deploy-check analyze --base develop # Analyze against specific branch
deploy-check analyze --json # Output as JSON
deploy-check runbook # Generate deployment runbook
deploy-check config init # Initialize configurationWhat It Detects
| Risk Type | Languages/Files | Detection |
|---|---|---|
| Breaking API Changes | TypeScript, Python, Go, Java, C/C++, Swift, Rust | AST-based analysis |
| Destructive Migrations | SQL files | Pattern matching (DROP, TRUNCATE, etc.) |
| Permission Changes | IAM, RBAC configs | Pattern detection |
| Low Test Coverage | All (via LCOV) | Coverage report parsing |
| Undocumented APIs | OpenAPI specs | Spec comparison |
Commands
deploy-check analyze
Analyze code changes for deployment risks.
deploy-check analyze [options]| Option | Description | Default |
|---|---|---|
--base <ref> |
Base branch/commit to compare against | main |
--head <ref> |
Head commit to analyze | HEAD |
--files <glob> |
Limit analysis to specific files | all |
--coverage <path> |
Path to lcov coverage report | auto-detect |
--openapi <path> |
Path to OpenAPI specification | auto-detect |
--json |
Output results as JSON | false |
--output <file> |
Write markdown report to file | stdout |
--fail-on <level> |
Exit with error on severity level | high |
deploy-check runbook
Generate a deployment runbook based on detected risks.
deploy-check runbook [options]| Option | Description | Default |
|---|---|---|
--output <file> |
Write runbook to file | stdout |
--template <path> |
Custom runbook template | built-in |
deploy-check config
Manage configuration.
deploy-check config init # Create config interactively
deploy-check config show # Display current configdeploy-check jira
Integrate with Atlassian Jira.
deploy-check jira auth # Authenticate
deploy-check jira auth --logout # Remove credentials
deploy-check jira create --project KEY # Create issues for findings
deploy-check jira create --severity high # Filter by severity
deploy-check jira create --dry-run # Preview without creating
deploy-check jira board --list # List all Jira boards
deploy-check jira board --name "My Board" # View board details & columns
deploy-check jira board --name "My Board" --issues # Show board issues
deploy-check jira board --id 123 --columns # Show column statisticsdeploy-check confluence
Publish reports to Atlassian Confluence.
deploy-check confluence auth # Authenticate
deploy-check confluence publish --space KEY # Publish report
deploy-check confluence publish --runbook # Publish runbookConfiguration
Create .deploy-check.json in your project root:
{
"coverageThreshold": 40,
"ignoredPaths": ["node_modules/**", "dist/**"],
"outputFormat": "terminal",
"baseRef": "main",
"failOn": "high"
}Risk Scoring
| Finding Type | Points | Description |
|---|---|---|
DESTRUCTIVE_MIGRATION |
30 | DROP TABLE, DROP COLUMN, etc. |
BREAKING_API |
25 | Removed exports, changed signatures |
PERMISSION_CHANGE |
20 | IAM/RBAC modifications |
LOW_COVERAGE |
10 | Test coverage below threshold |
UNDOCUMENTED_API |
5 | Endpoints missing from OpenAPI spec |
Risk Levels
| Level | Score | Exit Code |
|---|---|---|
| LOW | 0-34 | 0 |
| MEDIUM | 35-59 | 1 |
| HIGH | 60-79 | 2 |
| CRITICAL | 80+ | 2 |
Exit Codes
| Code | Meaning |
|---|---|
0 |
No findings or all LOW severity |
1 |
MEDIUM severity findings |
2 |
HIGH or CRITICAL findings |
CI/CD Integration
GitHub Actions
- run: npm install -g deploy-check-cli
- run: deploy-check analyze --base ${{ github.event.pull_request.base.sha }} --fail-on highGitLab CI
script:
- npm install -g deploy-check-cli
- deploy-check analyze --base origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --fail-on highPre-commit Hook
npx husky add .husky/pre-commit "npx deploy-check-cli analyze --fail-on high"Supported Languages
| Language | Extensions | What's Detected |
|---|---|---|
| TypeScript/JavaScript | .ts, .tsx, .js, .jsx |
Exported functions, classes, interfaces |
| Python | .py |
Functions, classes, methods |
| Go | .go |
Exported functions, structs |
| Java | .java |
Public methods, classes, interfaces |
| C/C++ | .c, .cpp, .h, .hpp |
Functions, structs, classes |
| Swift | .swift |
Public functions, classes, protocols |
| Rust | .rs |
pub fn, structs, enums, traits |
Links
License
GNU Affero General Public License v3.0 (AGPL-3.0)
Copyright (C) 2025 Aryan Yadav
This software is licensed under the AGPL-3.0 license. See LICENSE and NOTICE for full details.