Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/irchaosclub/FANGS/llms.txt

Use this file to discover all available pages before exploring further.

The fangs binary is the operator console for the FANGS npm supply-chain monitor. Unlike a typical CLI that tunnels every request through an HTTP API, fangs opens the storage backend directly — the same SQLite or Postgres database the orchestrator uses — so it reflects the current state without an extra network hop. The two exceptions are fangs scan submit and fangs package add, which POST to the orchestrator’s /v1/scans endpoint because only the orchestrator can assign a run ID and dispatch the job to a runner.

Global Flags

Every subcommand inherits these flags. Place them between fangs and the subcommand name.
-storage
string
default:"sqlite"
Storage backend: sqlite or postgres.
-sqlite-path
string
default:"var/lib/fangs/fangs.db"
Path to the SQLite database file. Created (with parent directories) if it does not exist.
-postgres-dsn
string
PostgreSQL connection string. Also read from the $FANGS_PG_DSN environment variable. Required when -storage postgres is set.
-json
bool
default:"false"
Emit JSON instead of a human-readable table. Applies to every subcommand. Useful for scripting and piping output to jq.

Subcommand Reference

package

Add packages to the watcher, list all known packages or just the watched set, and remove packages from monitoring.

scan

Queue a one-off sandbox scan for a specific package@version without waiting for the autonomous watcher.

run

List recent sandbox runs with state and baseline status, or inspect the full metadata and deviations for a single run.

deviation

List and inspect behavioral deviations — the findings FANGS produces when a run differs from the package baseline.

All Subcommands

fangs run list [-package P] [-limit N]
fangs run show <run_id>

fangs deviation list [-package P] [-severity S] [-run-id R] [-limit N]
fangs deviation show <deviation_id>

fangs baseline list [-package P]
fangs baseline promote <run_id>

fangs package list
fangs package watched
fangs package add <name>
fangs package remove <name>

fangs release list -package P [-limit N]

fangs notifier list
fangs notifier add -name N -url U -template slack|discord|generic \
  [-secret-env E] [-min-severity S] [-headers JSON]
fangs notifier remove <name>
fangs notifier test <name>
fangs notifier history -run R

fangs allow list [-package P]
fangs allow add -kind cidr|path|sni -value V [-package P] [-note N]
fangs allow remove <id_prefix>

fangs scan submit -package P -version V \
  [-orchestrator URL] [-runner ID] [-duration D] [-skip-registry-validate]

fangs pending [-package P] [-min-severity S] [-limit N]

Storage Connection

The CLI connects directly to the same database the orchestrator writes to. On a single-host install, the defaults (-storage sqlite, -sqlite-path var/lib/fangs/fangs.db) work without any extra flags. For a Postgres-backed deployment, either pass -storage postgres -postgres-dsn <DSN> or export FANGS_PG_DSN before running any fangs command. 
# Uses var/lib/fangs/fangs.db in the current directory
fangs package list

JSON Output

Pass -json to any subcommand to receive machine-readable output. The flag is global and can precede any subcommand. 
fangs -json deviation list -severity crit | jq '.[] | {id, value, run_id}'
fangs -json run show 18b1f8 | jq '.deviations | length'
-json is especially useful in CI pipelines. fangs -json pending returns an empty array [] when there is nothing to triage, making it straightforward to gate a deployment on a clean FANGS state.

Quick-Start Examples

# Add a package to the watcher and queue an immediate baseline scan
fangs package add axios

# Submit a one-off scan for a specific version
fangs scan submit -package lodash -version 4.18.1

# Check the triage queue
fangs pending

# List the most recent 10 runs for chalk
fangs run list -package chalk -limit 10

# See all critical deviations
fangs deviation list -severity crit

# Promote a run's behavior into the baseline after review
fangs baseline promote 18b1f8a...
fangs scan submit and fangs package add are the only subcommands that make HTTP calls — they POST to the orchestrator’s /v1/scans endpoint (default: http://127.0.0.1:8443). All other subcommands query the database directly and work even when the orchestrator is not running.

Build docs developers (and LLMs) love

Get started for freeTalk to us