Show HN: Attune – 슬로프에서 배송까지 안내하는 448개 규칙이 포함된 로컬 우선 CLI

A local-first CLI tool for comprehensive code quality checks. Attune analyzes your codebase for security vulnerabilities, architectural issues, performance problems, and best practices across multiple frameworks and languages. - 500+ Built-in Rules covering security, performance, architecture, and code quality - Multi-Language Support: JavaScript/TypeScript, Python (Django, FastAPI, Flask, SQLAlchemy, Celery) - Multi-Framework Support: React, Next.js, Vue, Svelte, Angular, Nuxt, Astro, Remix, SolidJS, Express, Fastify, tRPC, Django, FastAPI, Flask, SQLAlchemy, Celery, Pydantic, aiohttp, Starlette - Project Type Detection: Automatically detects CLI tools, libraries, web apps, SaaS, mobile, desktop apps - Security Scanning: OWASP Top 10, secret detection, SQL injection, command injection - Architecture Patterns: MVC, state management, component patterns - Performance Checks: Bundle size, memory leaks, async patterns - Accessibility: WCAG 2.1 compliance checks - TypeScript: Type safety, any usage, enum warnings - Configurable: .attunerc config file with CLI defaults - Multiple Output Formats: JSON, Markdown, HTML, SARIF - Result Caching: Faster incremental scans (enabled by default) - Custom Rules: Load your own rules via --rules-path - Performance Metrics: See scan timing with --metrics Attune rules work in two ways: - Direct Detection (most rules): These detect specific code patterns that are problematic (e.g., SQL injection vulnerabilities, missing error handling) - Best Practice Warnings (some rules): These warn when recommended patterns aren't found. For example: - Rules warning about missing rate limiting, caching, or authentication - These help you evaluate whether your project follows security/performance best practices - You can decide to: fix it, add a .attuneignore entry, or acknowledge it's not needed for your use case Tip: If you see warnings for patterns that don't apply to your project, you can add them to .attuneignore . Community feedback helps us improve rules with more specific detection patterns. npm install -D attune # or npm install -g attune # Analyze current directory (uses .attunerc if present) attune analyze . # First-run: Creates .attune/reports/, .attuneignore, and .attunerc # Analyze current directory attune analyze . # Analyze specific path attune analyze ./src # Security checks only attune analyze . --security # Architecture checks only attune analyze . --architecture # Performance checks only attune analyze . --performance # Specify framework attune analyze . --framework nextjs # Output formats attune analyze . --json attune analyze . --markdown attune analyze . --html # Full scan (bypasses config file) attune analyze . --full # Skip config file, use .attuneignore only attune analyze . --no-config # Use custom rules from a file or directory attune analyze . --rules-path ./my-rules/ # Fail on warnings (for CI pipelines) attune analyze . --fail-on-warnings # Show performance metrics attune analyze . --metrics Stores default CLI flags. One per line, comments start with # . # Example .attunerc --security # Run security checks by default --cache # Enable incremental caching Exclude files from scanning: # Test files **/__tests__/** **/*.test.ts **/*.spec.ts # Build outputs dist/ build/ # Dependencies node_modules/ You can skip specific rules on specific files while still running other rules on those files. This is useful for handling false positives: # Format: RULE_ID:path # Skip a specific rule on a specific file OWASP_A08_INTEGRITY_FAIL:src/types/index.ts # Skip a rule on multiple files using glob patterns ERR_ASYNC_NO_AWAIT:src/cli/handlers/*.ts # Multiple rule-specific ignores RULE_ID_1:path/to/file1.ts RULE_ID_2:path/to/file2.ts Attune supports three scanning modes: - Default (recommended): Uses .attunerc config +.attuneignore - --full: Bypasses config file, runs all checks - --no-config: Ignores .attunerc , uses.attuneignore only Reports are saved to .attune/reports/ : # Report saved to .attune/reports/attune-2026-03-24T10-30-00.json # Report saved to .attune/reports/attune-2026-03-24T10-30-00.html To prevent overwhelming reports, Attune limits each rule to a maximum of 10 findings per scan. The total count is still shown so you know the full scope. Use .attuneignore to suppress rules you don't want to see. # Example warning when a rule exceeds the limit: # Rule OWASP_A03_INJECTION: 150 findings, showing top 10. Use .attuneignore to suppress. For detailed CLI usage, output format comparison, and common workflows, see docs/GUIDE.md. # Common options attune analyze . --security # Security only attune analyze . --json # JSON output attune analyze . --cache # Enable caching attune analyze . --fail-on-warnings # CI mode # Specify framework/project type attune analyze . --framework nextjs attune analyze . --project-type saas For complete CLI options, see docs/CONFIG.md. Add to your package.json : { "scripts": { "attune": "attune analyze .", "attune:check": "attune analyze . --security