docs: fix broken programmatic example in README#17
Open
dmchaledev wants to merge 1 commit into
Open
Conversation
The README's programmatic snippet did not match the actual public API:
- diff() is synchronous and takes two parsed SBOM objects, not file
paths, and is not async (the example used await diff('old.json', ...)).
- report.upgraded is VersionChange[] ({ component, from, to, isMajorBump }),
not { from: Component, to: Component }[].
- newCVEs is CVEEntry[], not CVE[].
Copying the old snippet produced code that would not compile or run.
Update it to parse() files first, drop the await, correct the result
types, and show renderReport() for ready-made output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The README's Quick Start → Programmatic snippet does not match the actual public API, so anyone copying it gets code that won't compile or run:
Concrete mismatches against
src/diff.ts/src/types.ts:diff()isasync(await)diff(a, b)is synchronous, returnsChangeReport(not a Promise)diff()takes file pathsSBOMobjects — you mustparse()(and read the files) firstreport.upgradedis{ from: Component, to: Component }[]VersionChange[]→{ component, from, to, isMajorBump }report.newCVEsisCVE[]CVEEntry[]Fix
Rewrite the snippet to reflect the real API: read the files,
parse()each (auto-detects CycloneDX/SPDX), calldiff()synchronously, correct the result-type comments, and demonstraterenderReport()for ready-made text/JSON/markdown output.Docs-only change — no source or test changes.
https://claude.ai/code/session_019P1ZBQEjt5eQup7g9DMqYA
Generated by Claude Code