[bacelyy]

We shipped ScortonJS CLI (MIT, 450 weekly downloads) to make security checks and EU compliance mapping runnable from the terminal. Supports: scan, audit, score; compliance (dora|nis2|both); report generation.

Goal: lightweight audits that emit a publishable markdown/PDF report for client reviews or insurance underwriting—no vendor lock‑in, clear pass/fail + score.

Quick start: npx scortonjs-cli scan <tool> <target> • npm i scortonjs-cli

Repo: github.com/scorton/scortonjs npm: npmjs.com/package/scortonjs-cli

Ask: Which signals and formats actually unblock you—code/deps/infra/behavior, and is SARIF/JUnit/SPDX enough?

For EU teams, what’s the minimum NIS2/DORA mapping you need to ship?