CLI reference
All commands and flags for the crawwwl CLI (v0.1.2).
Installation
npm install -g crawwwl
# or
pnpm add -g crawwwlCommands
crawwwl auditRun an audit on the current directory. Crawls source files, sends them to the API, and renders the report when complete.
| Flag | Description |
|---|---|
--scale quick | standard | deep | Audit depth. quick: scanners only, no AI. standard: scanners + AI explanations (default). deep: full reasoning model, requires a paid balance. |
--ai / --no-ai | Override whether AI processing is used. --no-ai forces quick-style output regardless of scale. |
--markdown | Write a Markdown report file (crawwwl-report.md) alongside terminal output. |
--no-markdown | Suppress Markdown file output even if configured as default. |
--full | Show all findings in terminal output, including low-severity ones that are collapsed by default. |
crawwwl reportFetch and display the most recent audit report for the current project without running a new audit.
| Flag | Description |
|---|---|
--markdown | Re-export the last report as a Markdown file. |
--full | Show all findings including low-severity ones. |
crawwwl fix-checkRe-run the audit and compare results against the previous audit. Exits with code 1 if critical findings are present or if the score has dropped.
| Flag | Description |
|---|---|
--scale quick | standard | deep | Audit scale for the re-run. Defaults to the scale of the previous audit. |
crawwwl loginAuthenticate with your crawwwl account. Required for deep audits. Opens a device auth flow in your browser.
Audit scales
quickInstant · FreeRuns all scanner categories. No AI processing. Good for fast iteration during development.
AI model: None
standard~10–30s · FreeScanners plus AI-generated explanations and recommendations for each finding. Default scale.
AI model: qwen2.5-coder:7b
deep~1–3 min · £5Full reasoning model. Understands project context, produces more nuanced insights, and is better at reducing false positives in larger projects.
AI model: deepseek-r1:7b
Output formats
Terminal (default)
Colour-coded report rendered directly to stdout. Scores, findings by severity, and top priorities.
Markdown (--markdown)
Writes crawwwl-report.md to the project root. Suitable for GitHub issues, Notion, or Confluence.
Full (--full)
By default, low-severity findings are collapsed. Pass --full to show everything.
Suppressing findings
Add // crawwwl-ignore on the line immediately above any code that triggers a finding to suppress it.
// crawwwl-ignore
<img src="/hero.png" />
// crawwwl-ignore
eval(userInput)Suppressed lines are excluded from scoring and will not appear in audit reports. Use sparingly. Suppression is intended for intentional exceptions, not for hiding real issues.
Environment
The CLI picks up auth credentials from ~/.crawwwl/config.json after running crawwwl login. No environment variables are required for CLI usage.
The CLI communicates with the crawwwl API at https://api.crawwwl.com. Outbound HTTPS on port 443 must be permitted in your network.