chore(main): release depgraph-cli 0.3.0

[depgraph-release-bot]

🤖 I have created a release beep boop

0.3.0 (2026-04-14)

Features

• add canonical label resolution and resolved review state (2dd68f3)
• add canonical label resolution and resolved review state (6144e26)
• add explicit review targets for findings and edge findings (fac97eb)
• add first-class edge findings and metadata coverage observability (f48bdbb)
• add first-class edge findings, baseline identity, and metadata coverage stats (e39d575)
• add package-lock project scanning (9778d32)
• add package-lock project scanning support (85eb563)
• add scan history, edge-level delta, review events, and eval command (d98a231)
• add scan history, edge-level delta, review events, and eval command (951bce3)
• benchmark: add benchmark runner and manifest-driven evaluation pipeline (9b4fb64)
• benchmark: add internal benchmark runner and execution pipeline (a197cae)
• eval: add ADR-012 data readiness reporting (884f441)
• eval: add explicit export readiness semantics to eval (bf9c3f6)
• eval: add failure surfacing for persisted scan history (7584259)
• eval: add failure surfacing for persisted scan history (009ab81)
• eval: eval data readiness reporting with explicit denominator semantics (2886b1e)
• eval: harden export readiness reporting with explicit denominator semantics (fa042e4)
• implement depgraph scan MVP (end-to-end dependency risk analysis) (b076353)
• implement depgraph scan MVP end to end (cde220b)
• improve risk scoring and introduce rich Ink-based scan UI (b8ef1d0)
• improve supply-chain risk signals and introduce rich Ink scan UI (9bda0c0)
• initialize depgraph CLI with clean architecture scaffold (3530ad6)
• make review targets explicit for findings and edge events (eaead2b)
• metadata: add explicit missingness contract for metadata fields (0b128b3)
• metadata: add explicit missingness contract for metadata fields (4717ed5)
• refine new package risk signals for supply-chain detection (b91a625)
• refine new package risk signals for supply-chain detection (dc2c63b)
• scan: add ADR-012 field reliability policy to scan results (155205b)
• scan: add ADR-012 field reliability policy to scan results (0d37114)
• scan: add pnpm lockfile scan mode and traversal support (e659108)
• scan: add pnpm lockfile scanning support (6419a0e)
• scan: add summary mode for compact scan output (86ab58c)
• scan: add summary mode for compact scan output (806e950)
• scan: add warning for weekly downloads lookup fallback (a1261c2)
• scan: add warning for weekly downloads lookup fallback (3e1f136)
• scan: polish TUI and plain-text scan presentation (5a303b8)
• scan: polish TUI and plain-text scan presentation (87184d6)
• scan: refine plain-text and TUI presentation layering (0947fe7)
• scan: refine plain-text and TUI presentation layering (e83e889)
• scorer: add security deprecation language signal (5ec2873)
• scorer: add security deprecation language signal (28ce356)
• scorer: calibrate freshness and churn interaction (6b16e0a)
• scorer: calibrate freshness and churn interaction (50352da)
• scorer: calibrate freshness signal for mature packages (78364d5)
• scorer: calibrate freshness signal for mature packages (6d769ac)
• surface unresolved registry metadata in package-lock scans (5739446)
• surface unresolved registry metadata in package-lock scans (278485d)

Bug Fixes

• add source precedence to canonical label resolution (a877769)
• adjust Node mascot asset sizing (cc324ce)
• clean up duplicate unresolved metadata handling (7fb40c3)
• eval: normalize legacy eval history and add readiness blocker breakdown (fd735b4)
• eval: normalize legacy scan history and add blocker breakdown (8c824d5)
• expose depgraph and depgraph-cli bins (172c24a)
• expose depgraph and depgraph-cli bins (6bf718f)
• expose depgraph and depgraph-cli bins (9ffbbad)
• harden canonical label resolution behavior (6c526df)
• make package-lock scans resilient to unresolved dependencies (5af643e)
• make package-lock scans resilient to unresolved dependencies (2328813)
• persistence: align scan-level explanation with primary finding (16fdd84)
• persistence: align scan-level explanation with primary finding (43d2e11)
• persistence: suppress no-op scan record appends (c641e32)
• persistence: suppress no-op scan record appends (86faef9)
• removed architecture.md file (bd42ec0)
• removed image from readme (5247015)
• removed image from readme (8beb981)
• require publish timestamps in npm metadata source (38894ad)
• require publish timestamps in npm metadata source (69e7dfd)
• resolve CLI entrypoint correctly through symlinks (75c05ef)
• resolve CLI entrypoint correctly through symlinks (29cfbce)
• tighten README mascot and title spacing (d38473f)
• trimmed JSON (af4d81e)
• use import.meta.main for CLI entrypoint detection (eb93358)
• use import.meta.main for CLI entrypoint detection (3d54fcc)

Performance Improvements

• parallelize package metadata fetching with graceful download fallback (c8f948c)
• parallelize package metadata fetching with graceful download fallback (ee748a3)

---

This PR was generated with Release Please. See documentation.

[depgraph-release-bot]

🤖 Created releases:

• depgraph-cli-v0.3.0

🌻