Releases: codacy/codacy-cloud-cli
Release list
v1.5.0
Minor Changes
-
#26
bf903e4Thanks @alerizzo! - Addlsanddirectoriescommands to browse a repository's tree with quality
metrics.lslists the directories and files at a path — showing Grade, Issues,
Complexity, Duplication, and Coverage per row — anddirectories(aliasdirs)
lists folders only, with--plus-childrento also show one level of
sub-directories as a└─tree. Both auto-detect the provider/organization/repository
from the git remote and the path from your current directory (relative to the
repo root); override with positional args,--path, and--branch. Sort with
--sort <field>(name,issues,grade,duplication,complexity,
coverage) and--direction asc|desc.codacy ls --search <term>finds files
at any depth under the path. Folders and files are marked with▸and·(no
emojis). Both commands fetch every page of results, so nothing is truncated. -
#24
bf527adThanks @alerizzo! - Add an npm-style "update available" notice. When a newer version is published, the
CLI prints a one-time upgrade hint to stderr — it never auto-updates. The notice
only shows with the default--output tablein an interactive terminal; it is
suppressed for--output json, when piped, in CI, and undernpx/npm scripts, so
machine-readable stdout stays byte-clean. The version lookup runs in a non-blocking
background process (at most once a day) and never affects timing or exit codes. Opt
out viaCODACY_DISABLE_UPDATE_CHECK,NO_UPDATE_NOTIFIER, or--no-update-notifier.
A package.jsonoverridesentry pinsupdate-notifier's transitivegot/package-json
to patched, still-CommonJS versions to avoid CVE-2022-33987.
Patch Changes
- #27
c5c9af5Thanks @alerizzo! - Stopissues --overviewfrom suggesting noise reduction on repositories that aren't
actually noisy. The "Suggested actions to reduce noise" section now requires two absolute
floors before anything is suggested: the repository must have at least 200 issues in total,
and an individual pattern must produce at least 100 issues on its own. The per-pattern floor
matters because a repository with a long tail of tiny patterns pulls the median issues-per-
pattern very low, which previously made a pattern with only a handful of issues look
disproportionate — now a rule has to genuinely flood the repo before it's flagged. On top of
those floors, a pattern must still show a relative signal: the "dominant share" rule (≥10% of
all issues) only applies when there are at least 11 distinct patterns (an even split of N
patterns only drops below 10% once N is above 10, so 8-10 balanced patterns would otherwise
all be flagged), and the "disproportionate count" rule now compares each
pattern against the median issues-per-pattern instead of the mean, so a single huge
pattern can no longer inflate the baseline and hide smaller-but-still-disproportionate ones.
v1.4.0
Minor Changes
- #20
cbf62d5Thanks @alerizzo! -codacy findingsandcodacy findingnow show the vulnerable dependency's import chain for SCA findings that carry the newdependencyChainsfield. Each finding is labelled Direct (Update <pkg> to <fixedVersion>) or Transitive (<pkg> → … → <pkg> (Fixed in <fixedVersion>)), and chains with 4+ packages collapse their middle to<first> → ... N more ... → <last>. The list shows the first chain plus... and X more; the detail lists every chain aligned under a single label.dependencyChainsis also included in--output json.
v1.3.1
Patch Changes
- #18
7b09b5bThanks @manufacturist! - Fix--versionflag reporting hardcoded1.0.0instead of the actual package version. The CLI now reads the version dynamically frompackage.jsonat runtime viarequire, so the reported version stays in sync with every release automatically.
v1.3.0
Minor Changes
- #16
8f86866Thanks @manufacturist! -codacy repo --output jsonnow includes afileCountfield on the repository object, plucked fromcoverage.numberTotalFileson the existinggetRepositoryWithAnalysisresponse. The field is present even on repos without coverage data, so no extra API call is needed. Lets consumers (e.g. theconfigure-codacy-cloudskill) read repo size without a separate roundtrip.
v1.2.1
Patch Changes
- #14
ca896dfThanks @pedrobpereira! - Adds possibility of using the cli againsta other environments
v1.2.0
Minor Changes
-
#11
12ad8a3Thanks @alerizzo! - Auto-detect provider, organization, and repository from the git remote origin URL. All repository-scoped commands now work without explicitly passing<provider> <organization> <repository>— just run them inside a git repo with anoriginremote pointing at GitHub, GitLab, or Bitbucket. -
#13
f039b39Thanks @alerizzo! - Improveissues --overview. The False Positives table now uses human-friendly labels ("Not a False Positive" / "Potential False Positive") instead of the rawbelowThreshold/equalOrAboveThresholdAPI bucket names. The overview also adds a "Suggested actions to reduce noise" section that flags noisy patterns — those accounting for at least 10% of all issues, or at least 3× the average issues-per-pattern — and prints a ready-to-runcodacy pattern <tool> <patternId> --disablecommand for each (the owning tool is resolved automatically; suggestions whose tool can't be resolved are omitted).--output jsonoutput is unchanged. -
#13
f039b39Thanks @alerizzo! - Make the pattern commands aware of local configuration files and coding standards.pattern <tool> <patternId>with no action flag now shows the pattern's information (same card as thepatternscommand, with--output jsonsupport). Since there's no single-pattern endpoint, it searches by ID and keeps the exact match.- When a tool is driven by a local configuration file,
patterns(list) andpattern(info) print<tool> is using a local configuration file.and skip fetching patterns;patterns --enable-all/--disable-allandpattern --enable/--disable/--parameterrefuse withTool uses a local configuration file, can't be updated. pattern --enable/--disable/--parameteralso refuses patterns enforced by a coding standard withPattern enforced by <standard> coding standard, can't be modified.issues --overviewnoise suggestions now adapt per pattern: a runnablecodacy pattern … --disablecommand when possible, otherwise a manual step —Update your local <tool> configuration file to disable the patternorUpdate <coding standard> to disable the pattern.
-
#13
f039b39Thanks @alerizzo! - Add a--reanalyze-and-wait(-w) variant to therepositoryandpull-requestcommands. Unlike--reanalyze(which triggers analysis and exits), this blocking variant captures a baseline of the current issues, triggers the reanalysis, polls until it finishes (every 10s, up to 20 minutes), and then prints how long the analysis took and what changed — issue deltas by pattern, severity, and category. Supports--output json.
v1.1.1
v1.1.0
Minor Changes
-
#6
0280af1Thanks @alerizzo! - ### Changes since v1.0.5-
--toolsfilter for issues command (#4): Added--toolsoption to filter issues by the tool/pattern that detected them. Includes new formatting utilities for tool name display. -
Filter and bulk-ignore for false positives (#5): Added
--categoryand--severityfilters to the issues command. Introduced bulk-ignore functionality to ignore multiple issues matching filter criteria, streamlining false-positive triage workflows. -
Pin GitHub Actions to SHA hashes (#2): Pinned all GitHub Actions workflow dependencies to commit SHAs for improved supply-chain security.
-
Adopt changesets for automated versioning and publishing (#6): Replaced the manual publish workflow with a changesets-based release pipeline. PRs now require a changeset file, and merging to main triggers automated version bumps and npm publishing with provenance.
-
v1.0.5
Import tool configuration from file
New --import flag on the tools command lets you configure all repository tools and patterns from a codacy.config.json file in a single operation. The CLI showsva detailed preview of what will change (tools to enable, disable, reconfigure, and pattern counts), asks for confirmation, then applies everything — including optionally unlinking coding standards with --force.
codacy tools gh my-org my-repo --import
codacy tools gh my-org my-repo --import ./custom-config.json --force -y
Also in this release
--limitoption for issues and findings — fetch up to 1,000 results with automatic pagination (default remains 100)--link-standard/--unlink-standardon the repository command to manage coding standards- patternInfo.id now included in JSON output for issues
- Node engine requirement bumped to >=20