Install
The fastest path is the npm launcher:
npx @jsonbored/nightward scanThat runs a read-only HOME scan, prints a redacted summary, and does not mutate local config. For daily use, install the launcher globally:
npm install -g @jsonbored/nightward
nwNightward uses signed GitHub Releases as the canonical binary source. Convenience installers point back to those release artifacts.
Recommended Paths
| Path | Best for | Command |
|---|---|---|
| npm launcher | Fast trial, npx, Raycast users, JavaScript-heavy machines | npx @jsonbored/nightward scan |
| npm global | Everyday CLI/TUI use | npm install -g @jsonbored/nightward |
| GitHub Releases | Manual verification and pinned binary installs | Download from Releases |
| Cargo source build | Rust users who want a local source build | make install-local |
| Source checkout | Nightward development | make install-local |
The installed commands are:
nightward: canonical project command.nw: short alias for frequent terminal/TUI use.
npm Launcher
The npm package is a launcher, not a JavaScript rewrite:
npx @jsonbored/nightward --help
npm install -g @jsonbored/nightward
nw scan --jsonThe launcher has no postinstall script. On first run it downloads the matching GitHub Release archive, verifies its SHA-256 from checksums.txt, caches the extracted binaries, and executes nightward or nw.
Published release archives currently cover macOS arm64/amd64, Linux arm64/amd64, and Windows amd64. Windows ARM64 remains deferred until the release matrix includes a validated Rust build.
GitHub Releases
Use GitHub Releases when you want to verify everything yourself:
- Download the archive for your platform.
- Download
checksums.txtandchecksums.txt.sig. - Verify the signed checksum file.
- Verify the archive checksum.
- Place
nightwardandnwonPATH.
See Release verification for the full command set.
Source Install
git clone https://github.com/JSONbored/nightward.git
cd nightward
make install-localThis installs nightward and nw into ~/.local/bin by default.
Channels
| Channel | Status | Notes |
|---|---|---|
| GitHub Releases | Shipped | Canonical signed release artifacts. |
| npm launcher | Shipped | No postinstall; verifies GitHub Release checksums. |
| Cargo source build | Development | Useful for local Nightward development and branch comparison. |
| Trunk plugin import | Shipped | Pin to a Nightward release tag or SHA. |
| GitHub Action tags | Shipped | Use for policy/SARIF checks in CI. |
| Homebrew tap | Planned next | Best next macOS distribution channel. |
| Nix, Scoop, WinGet, mise, aqua | Later | Add after release artifact behavior stays stable. |
Docker is deferred. It is awkward as a primary scanner because Nightward’s most useful mode audits user HOME and local AI-tool config, which should not be casually mounted into containers.