Documentation

Learn how to use GlanceVibe CLI to secure your JavaScript and TypeScript code.

Installation

Install GlanceVibe globally using npm:

npm install -g glancevibe

Authentication

Before scanning, you need to authenticate with your API key:

glancevibe auth --login

You can also set the GLANCEVIBE_API_KEY environment variable.

Usage

Scan files

# Scan current directory
glancevibe scan

# Scan specific files or directories
glancevibe scan src/ lib/

# Scan with specific output format
glancevibe scan --format json
glancevibe scan --format sarif
glancevibe scan --format html

# Filter by severity
glancevibe scan --severity HIGH

# Filter by confidence
glancevibe scan --confidence high

# Exclude patterns
glancevibe scan --exclude "**/test/**" --exclude "**/*.spec.ts"

Check account status

glancevibe status

List available rules

glancevibe list-rules

Explain a rule

glancevibe explain GV-001

Git-Aware Scanning

Scan only files that have changed, perfect for CI pipelines and pre-commit hooks:

# Scan uncommitted changes (staged + unstaged)
glancevibe scan --changed

# Scan only staged files (great for pre-commit hooks)
glancevibe scan --staged

# Scan files changed since a branch/tag/commit
glancevibe scan --since main
glancevibe scan --since HEAD~5
glancevibe scan --since v1.0.0

Baseline / Ignore Known Findings

Suppress known findings to focus on new issues:

# Generate a baseline from current findings
glancevibe scan --generate-baseline

# Apply baseline to suppress known findings
glancevibe scan --baseline

# Use a custom baseline file path
glancevibe scan --baseline ./custom-baseline.json
glancevibe scan --generate-baseline --baseline ./custom-baseline.json

The baseline file (.glancevibe-baseline.json) tracks findings by fingerprint, allowing for minor code changes without losing suppressions.

Dependency Scanning

Check your npm dependencies for known vulnerabilities:

# Standalone dependency scan
glancevibe deps

# Scan a specific directory
glancevibe deps ./my-project

# JSON output
glancevibe deps --format json

# Exclude devDependencies
glancevibe deps --no-dev

# Combined with code scan
glancevibe scan --include-deps

Scan History & Trends

Track your security posture over time:

# View scan history for current project
glancevibe history

# Limit number of entries
glancevibe history --limit 20

# View all projects with history
glancevibe history --all

# View security trends with ASCII visualization
glancevibe trends

# Analyze different time periods
glancevibe trends --days 7
glancevibe trends --days 90

# Export trend data as JSON
glancevibe trends --format json

Configuration

Create a .glanceviberc file in your project root:

{
  "severity": "MEDIUM",
  "format": "pretty",
  "exclude": ["**/node_modules/**", "**/*.test.ts"],
  "apiUrl": "https://api.glancevibe.com"
}

Or add a glancevibe key in your package.json:

{
  "glancevibe": {
    "severity": "MEDIUM",
    "exclude": ["**/test/**"]
  }
}

Output Formats

pretty(default): Colored terminal output with code snippets
jsonFull findings as JSON
sarifSARIF format for CI/CD integration (GitHub, GitLab)
htmlInteractive HTML report

Exit Codes

0 - No critical or high severity findings
1 - Critical or high severity findings detected, or scan error

CI/CD Integration

GitHub Actions

- name: Security Scan
  run: |
    npm install -g glancevibe
    glancevibe scan --format sarif > results.sarif
  env:
    GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}

- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: results.sarif

PR-Only Scanning

Scan only changed files in pull requests:

- name: Security Scan (Changed Files)
  run: |
    npm install -g glancevibe
    glancevibe scan --since origin/main
  env:
    GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}

With Baseline

Ignore known findings and fail only on new issues:

- name: Security Scan with Baseline
  run: |
    npm install -g glancevibe
    glancevibe scan --baseline
  env:
    GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}

Pre-commit Hook

Add to .husky/pre-commit:

#!/bin/sh
glancevibe scan --staged --severity HIGH

Commands Reference

Command	Description
scan [targets...]	Scan files for security vulnerabilities
deps [target]	Scan dependencies for known vulnerabilities
history	Show scan history for current project
trends	Show security trend visualization
auth	Manage API authentication
status	Show account status and usage
list-rules	List available security rules
explain <rule>	Explain a security rule

Scan Options

Option	Description
-f, --format <format>	Output format: pretty, json, sarif, html
-o, --output <path>	Output file path
-s, --severity <level>	Minimum severity: LOW, MEDIUM, HIGH, CRITICAL
-c, --confidence <level>	Minimum confidence: low, medium, high
-e, --exclude <patterns...>	Glob patterns to exclude
-i, --include <patterns...>	Glob patterns to include
--changed	Scan only uncommitted changes
--staged	Scan only staged files
--since <ref>	Scan files changed since ref
--generate-baseline	Generate baseline file
--baseline [path]	Apply baseline to suppress findings
--include-deps	Include dependency vulnerability scan
-v, --verbose	Verbose output

GlanceVibe CLI is licensed under the MIT License.