Write docs for new globbing/ignore feature

Pelle Wessman · Pelle Wessman · commit 17417aef6248 · 2022-12-12T19:03:57.000+01:00
diff --git a/README.md b/README.md
@@ -22,7 +22,15 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 ## Commands
 
 * `socket info <package@version>` - looks up issues for a package
-* `socket report create <path(s)-to-folder-or-file>` - uploads the specified `package.json` and/or `package-lock.json` to create a report on [socket.dev](https://socket.dev/). If only one of a `package.json`/`package-lock.json` has been specified, the other will be automatically found and uploaded if it exists
+
+* `socket report create <path(s)-to-folder-or-file>` - creates a report on [socket.dev](https://socket.dev/)
+
+  Uploads the specified `package.json` and lock files and, if any folder is specified, the ones found in there. Also includes the complementary `package.json` and lock file to any specified. Currently `package-lock.json` and `yarn.lock` are supported.
+
+  Supports globbing such as `**/package.json`.
+
+  Ignores any file specified in your project's `.gitignore`, the `projectIgnorePaths` in your project's [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has a sensible set of [default ignores](https://www.npmjs.com/package/ignore-by-default)
+
 * `socket report view <report-id>` - looks up issues and scores from a report
 
 ## Flags
@@ -48,6 +56,10 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 * `--help` - prints the help for the current command. All CLI tools should have this flag
 * `--version` - prints the version of the tool. All CLI tools should have this flag
 
+## Configuration files
+
+The CLI reads and uses data from a [`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you run it in. It supports the version 2 of the `socket.yml` file format and makes use of the `projectIgnorePaths` to excludes files when creating a report.
+
 ## Environment variables
 
 * `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key
diff --git a/lib/commands/report/create.js b/lib/commands/report/create.js
@@ -78,6 +78,17 @@ async function setupCommand (name, description, argv, importMeta) {
     Usage
       $ ${name} <paths-to-package-folders-and-files>
 
+    Uploads the specified "package.json" and lock files and, if any folder is
+    specified, the ones found in there. Also includes the complementary
+    "package.json" and lock file to any specified. Currently "package-lock.json"
+    and "yarn.lock" are supported.
+
+    Supports globbing such as "**/package.json".
+
+    Ignores any file specified in your project's ".gitignore", your project's
+    "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
+    default ignores from the "ignore-by-default" module.
+
     Options
       ${printFlagList({
         '--all': 'Include all issues',
@@ -91,7 +102,7 @@ async function setupCommand (name, description, argv, importMeta) {
 
     Examples
       $ ${name} .
-      $ ${name} ../package-lock.json
+      $ ${name} '**/package.json'
       $ ${name} /path/to/a/package.json /path/to/another/package.json
       $ ${name} . --view --json
   `, {
