Documentation Index
Fetch the complete documentation index at: https://mintlify.com/irchaosclub/FANGS/llms.txt
Use this file to discover all available pages before exploring further.
fangs pending is your primary triage surface. It walks the most recent deviations across all (or one) package, groups them by run, discards runs that have already been promoted, and presents the remainder sorted by severity — most urgent first. Every row in the output includes a fully-formed fangs baseline promote command you can paste directly into your terminal once you have reviewed the findings and confirmed no malicious activity.
Usage
Flags
Restrict the queue to a single package name. When omitted, all monitored packages are included. Useful when you are triaging a specific library after a new release.
Show only runs whose maximum deviation severity is at or above this level. Applied after grouping, so the threshold is evaluated against the worst finding in each run rather than individual deviations. Accepted values:
low, medium, high, critical.Cap the number of rows returned. The default value of
0 means no cap — all matching runs are shown. Useful in scripts or dashboards where you only want to display the top-N most urgent runs.How it works
Load recent deviations
Fetches up to 5,000 of the most recent deviation rows across the selected package scope, ordered newest-first. The 5,000-row ceiling covers any realistic triage backlog without unbounded memory use.
Group by run
Iterates the deviations and groups them into per-run buckets. For each new
run_id encountered, the corresponding Run record is fetched to check whether it has already been promoted.Skip promoted runs
Runs with
is_baseline = true are skipped entirely, regardless of whether they have deviation rows. This covers both auto-promoted runs (zero-deviation passes) and manually promoted runs.Accumulate per-run stats
For each unreviewed run, the following are tracked across all its deviations:
DevCount, MaxSeverity, FirstDetected, and LastDetected.Apply min-severity filter
Runs whose
MaxSeverity ranks below the requested -min-severity threshold are dropped from the result set.Sort and cap
Remaining runs are sorted by severity descending, then by
LastDetected descending (most recently active within each severity tier comes first). If -limit is greater than zero, the slice is capped.Output columns
| Column | Description |
|---|---|
SEVERITY | The maximum deviation severity across all findings in this run (critical, high, medium, low, or empty for unknown) |
RUN | Short hex prefix of the run ID |
PACKAGE | npm package name |
VERSION | Package version string as recorded in the run |
FINDINGS | Total count of deviation rows for this run |
DETECTED | Relative time since the most recent deviation was recorded (e.g. 5m ago, 2h ago, 3d ago) |
PROMOTE | Ready-to-paste command: fangs baseline promote <short_id> |
Severity ranking
Severity is compared using an internal integer rank. TheMaxSeverity for a run is determined by the highest-ranked deviation it contains.
| Severity | Rank |
|---|---|
critical | 4 |
high | 3 |
medium | 2 |
low | 1 |
| (empty / unknown) | 0 |
Relative time format
TheDETECTED column shows how long ago the most recent deviation in the run was recorded, using coarse human-readable buckets:
| Duration | Format |
|---|---|
| Less than 60 seconds | Ns ago |
| Less than 60 minutes | Nm ago |
| Less than 24 hours | Nh ago |
| 24 hours or more | Nd ago |
Examples
Typical triage workflow
Check the queue
Run
fangs pending to see all runs awaiting review. Start with critical and high severity rows at the top of the output.Inspect deviations
Use
fangs deviation show <short_id> on specific deviation IDs to read the full (category, value) detail and the evidence event behind each finding.Review the allowlist
If a deviation is known-good infrastructure (internal CIDR, vendor telemetry SNI), consider adding an allowlist rule with
fangs allow add before promoting so the value is not baked into the baseline.Empty queue
When there are no runs awaiting review — either because none exist or all have been filtered out — the command prints:fangs pending loads a maximum of 5,000 deviation rows per invocation. In environments with extremely high run volume, very old low-priority deviations may fall outside this window. Use -package or -min-severity to narrow scope, or address the highest-severity runs first to keep the queue manageable.