or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

examples

edge-cases.mdreal-world-scenarios.md

guides

integration.mdquick-start.md

reference

api.mdconfiguration.mderror-handling.mdmarshalls.mdtypes.md
index.md
tile.json

integration.mddocs/guides/

Integration Guide

This guide covers integrating npq into various workflows and environments.

Shell Alias Integration

Automatic Auditing for All Installs

Add to ~/.bashrc or ~/.zshrc:

# For npm
alias npm='npq-hero'

# For yarn
alias yarn="NPQ_PKG_MGR=yarn npq-hero"

# For pnpm
alias pnpm="NPQ_PKG_MGR=pnpm npq-hero"

After reloading your shell, all package installations are automatically audited.

CI/CD Integration

GitHub Actions

- name: Security audit
  run: npx npq install --dry-run --plain
- name: Install dependencies
  if: success()
  run: npm install

Basic CI Script

# Use --dry-run to audit without installing
npx npq install express --dry-run --plain

# Exit code indicates success/failure
if npx npq install express --dry-run; then
  npm install express
fi

With Error Handling

set -e
npx npq install express --dry-run --plain || {
  echo "Security audit failed"
  exit 1
}
npm install express

Programmatic Integration

Build Script Integration

Create scripts/audit-dependencies.js:

const Marshall = require('npq/lib/marshall');
const fs = require('fs');

async function auditDependencies() {
  const packageJson = JSON.parse(fs.readFileSync('package.json', 'utf8'));
  const allDeps = [
    ...Object.keys(packageJson.dependencies || {}),
    ...Object.keys(packageJson.devDependencies || {})
  ];
  
  const packages = allDeps.map(dep => {
    const version = packageJson.dependencies[dep] || packageJson.devDependencies[dep];
    return `${dep}@${version}`;
  });
  
  const marshall = new Marshall({ pkgs: packages });
  const results = await marshall.run();
  
  const hasErrors = results.some(r => r.errors.length > 0);
  if (hasErrors) {
    console.error('Security audit failed');
    process.exit(1);
  }
}

auditDependencies().catch(error => {
  console.error('Audit error:', error);
  process.exit(1);
});

Add to package.json:

{
  "scripts": {
    "preinstall": "node scripts/audit-dependencies.js",
    "install": "npm install"
  }
}

Custom Security Policies

Strict Security Mode

# Disable auto-continue for strict security review
export NPQ_DISABLE_AUTO_CONTINUE=true

# Enable all checks
export SNYK_TOKEN=your_token_here    # Use Snyk for vulnerabilities
export GITHUB_TOKEN=your_token_here  # Higher rate limits

# Run with custom policy
npq install @company/package

Selective Marshall Configuration

# Disable noisy checks for internal packages
MARSHALL_DISABLE_DOWNLOADS=1 MARSHALL_DISABLE_AGE=1 npq install @mycompany/internal-lib

# Disable checks that require network for offline mode
MARSHALL_DISABLE_REPO=1 MARSHALL_DISABLE_DEPRECATION=1 MARSHALL_DISABLE_SNYK=1 npq install package

Package Manager Integration

Using with pnpm

NPQ_PKG_MGR=pnpm npx npq install fastify

Using with yarn

# Yarn 4.x
NPQ_PKG_MGR=yarn yarn run npq-hero install lodash

# Yarn 1.x
NPQ_PKG_MGR=yarn npq install axios

Project Dependencies Auditing

Audit All Dependencies

# Audit all dependencies without installing
npq install --dry-run

# Reads dependencies and devDependencies from package.json
# Runs all marshalls on each package
# Exits with status code indicating results

Audit Specific Dependency

npq install express --dry-run

Audit with Logging

npq install --dry-run --plain > audit.log

See Also

  • Quick Start Guide - Basic setup and usage
  • Real-World Scenarios - More integration examples
  • Reference: API - Programmatic usage details
  • Reference: Configuration - Environment variables