Skip to main content

Configuration: vibgrate.config.ts Reference

Complete reference for the Vibgrate configuration file — thresholds, scanner toggles, exclude patterns, and all supported config formats.

Vibgrate Docs

Vibgrate Help

Config File Formats

Vibgrate supports three config file formats:

  • vibgrate.config.ts (recommended)
  • vibgrate.config.js
  • vibgrate.config.json

Run vg init to generate the default config.

Full Config Example

import type { VibgrateConfig } from '@vibgrate/cli@latest';

const config: VibgrateConfig = {
  exclude: ['legacy/**', 'examples/**', 'vendor/**'],
  thresholds: {
    failOnError: {
      eolDays: 180,
      frameworkMajorLag: 3,
      dependencyTwoPlusPercent: 50,
    },
    warn: {
      frameworkMajorLag: 2,
      dependencyTwoPlusPercent: 30,
    },
  },
  scanners: {
    platformMatrix: { enabled: true },
    dependencyRisk: { enabled: true },
    dependencyGraph: { enabled: true },
    toolingInventory: { enabled: true },
    buildDeploy: { enabled: true },
    tsModernity: { enabled: true },
    breakingChangeExposure: { enabled: true },
    fileHotspots: { enabled: true },
    securityPosture: { enabled: true },
    securityScanners: { enabled: true },
    serviceDependencies: { enabled: true },
  },
};

export default config;

Exclude Patterns

The exclude array accepts glob patterns for directories and files to skip during scanning:

exclude: [
  'legacy/**',      // Skip a legacy directory
  'examples/**',    // Skip example code
  'vendor/**',      // Skip vendored code
  '**/test-fixtures/**',  // Skip test fixtures anywhere
]

The same patterns can be passed on the command line for one-off scans with vg scan --exclude <glob> (alias -e). CLI excludes are repeatable, accept comma/semicolon-separated values, and are additive — they're merged (and de-duplicated) with this exclude list rather than replacing it, so your committed defaults always apply.

Thresholds

Thresholds control when findings are raised and when the CLI should fail.

failOnError

ThresholdDefaultTriggers
eolDays180Error finding when runtime EOL is within N days
frameworkMajorLag3Error finding when any framework is N+ majors behind
dependencyTwoPlusPercent50Error finding when N+% of dependencies are 2+ majors behind

warn

ThresholdDefaultTriggers
frameworkMajorLag2Warning finding when any framework is N+ majors behind
dependencyTwoPlusPercent30Warning finding when N+% of dependencies are 2+ majors behind

Scanner Toggles

Each extended scanner can be individually enabled or disabled. Set scanners: false to disable all extended scanners (the core drift scan always runs).

Disable a specific scanner

scanners: {
  securityScanners: { enabled: false },  // Disable this one
  // All others remain at their default (enabled)
}

Disable all extended scanners

scanners: false

This runs only the core drift analysis — faster but with less detail.

Related Commands