Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/irchaosclub/FANGS/llms.txt

Use this file to discover all available pages before exploring further.

The fangs package subcommands manage which npm packages FANGS monitors and give a quick summary of each package’s run history. Adding a package triggers an immediate kickoff scan of its current latest version so that a baseline exists before the first autonomous watcher cycle fires. Removing a package stops future monitoring but leaves all existing runs and deviations intact.

Subcommands

SubcommandDescription
fangs package listAll packages ever seen in runs, with run counts, latest version, and latest deviation count
fangs package watchedOnly packages in the active watcher list, with timestamps
fangs package add <name>Add a package to the watcher and optionally queue a kickoff scan
fangs package remove <name>Remove a package from the watcher (existing runs are preserved)

fangs package list

Lists every package that has appeared in at least one run, whether or not it is currently watched. This is useful for auditing what FANGS has scanned historically. 
fangs package list
Output columns:
ColumnDescription
PACKAGEnpm package name
RUNSTotal number of sandbox runs ever recorded
BASELINESNumber of runs currently in the baseline set
LATEST_VERSIONVersion string from the most recent run
LATEST_DEVSDeviation count on the most recent run
LATEST_RUNShort hex ID of the most recent run
# JSON output
fangs -json package list | jq '.[] | select(.DeviationsLatest > 0)'

fangs package watched

Lists only the packages currently in the watcher’s poll loop — the set that FANGS checks for new releases on each watcher interval (default: every 5 minutes). 
fangs package watched
Output columns:
ColumnDescription
PACKAGEnpm package name
ADDEDUTC timestamp when the package was added
LAST_CHECKEDUTC timestamp of the most recent watcher poll ((never) if not yet checked)
LAST_SEENLast version the watcher observed (- if unknown)

fangs package add

Adds a package to the watcher and, by default, immediately queues a sandbox scan of the current latest version. That scan becomes the initial baseline once it completes with zero deviations. 
fangs package add <name> [flags]

Flags

-orchestrator
string
default:"http://127.0.0.1:8443"
Orchestrator base URL for submitting the kickoff scan. Must be reachable from the machine running the CLI.
-runner
string
default:""
Target runner ID for the kickoff scan. When empty the orchestrator picks the first registered runner.
-skip-initial-scan
bool
default:"false"
Skip the automatic kickoff scan. The package is still added to the watcher; a scan will be queued the next time a new version is detected, or you can submit one manually with fangs scan submit.
-skip-registry-validate
bool
default:"false"
Skip verifying the package exists on registry.npmjs.org. Useful in air-gapped or offline test environments.
-duration
duration
default:"60s"
Maximum sandbox duration for the kickoff scan. Passed through to the runner as the scan timeout.

Behavior

1

Duplicate check

The CLI calls ListWatchedPackages and refuses with an error if the package name is already in the list. Re-adding a package is a no-op error: package "X" is already watched (added <timestamp>).
2

Registry validation

Unless -skip-registry-validate is set, the CLI resolves <name>@latest against registry.npmjs.org. This both confirms the package exists and retrieves the current latest version string for use in the kickoff scan. Returns ErrPackageNotFound if the package does not exist.
3

Database insert

Calls AddWatchedPackage to insert the package name into the packages table.
4

Stamp last_seen_version

Calls UpdatePackageCheck to record the latest version just retrieved. This prevents the autonomous watcher from treating the current latest as a newly-discovered release and queuing a second scan on top of the kickoff scan.
5

Submit kickoff scan

Unless -skip-initial-scan is set (or registry validation was skipped and no version is known), the CLI POSTs a scan job to the orchestrator at POST /v1/scans. A failure here does not roll back the package insertion — the watch row is useful even if the kickoff scan failed.

Output

added "axios" to watched packages (latest: 1.7.9)
kickoff scan queued: run_id=3a9c12
watch: http://127.0.0.1:8443/ui/runs/3a9c12f4...

Examples

# Add axios, queue a kickoff scan with the orchestrator on the default port
fangs package add axios

# Add a package to the watcher without an automatic scan
fangs package add axios -skip-initial-scan

# Add a package, send the scan to a specific runner
fangs package add axios -runner runner-hostname-01

# Add a package with a longer sandbox observation window
fangs package add axios -duration 120s

# Add a package in an air-gapped environment (skip registry check)
fangs package add my-internal-pkg -skip-registry-validate -skip-initial-scan

fangs package remove

Removes a package from the watcher. The package will no longer be polled for new releases and no future scans will be auto-submitted. All existing run and deviation rows are preserved — they can still be queried with fangs run list and fangs deviation list. 
fangs package remove <name>
The subcommand also accepts rm as an alias: fangs package rm axios.

Output

removed "axios" from watched packages
There is no undo. If you remove a package and later re-add it with fangs package add, the existing run history is still present in the database, but a new kickoff scan will be queued as if it were a fresh package.

Build docs developers (and LLMs) love

Get started for freeTalk to us