add verbose github search output and bun.lock to README

msrkp · msrkp · commit f1fc55cd7036 · 2026-03-31T12:41:37.000+05:30
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Find compromised npm packages across your infrastructure.
 python3 cull.py axios@1.14.1 axios@0.30.4 plain-crypto-js
 ```
 
-Checks lock files (`pnpm-lock.yaml`, `package-lock.json`, `yarn.lock`), `node_modules`, GitHub code search, and Docker image layers (legacy + OCI). Version-aware — distinguishes compromised versions from safe pins. Exit code `1` if found, `0` otherwise.
+Checks lock files (`pnpm-lock.yaml`, `package-lock.json`, `yarn.lock`, `bun.lock`), `node_modules`, GitHub code search, and Docker image layers (legacy + OCI). Version-aware — distinguishes compromised versions from safe pins. Exit code `1` if found, `0` otherwise.
 
 ## Scan targets
 
diff --git a/cull.py b/cull.py
@@ -464,6 +464,7 @@ def scan_github(
     auth = {"Authorization": f"Bearer {token}"}
 
     for lock_file in LOCK_FILES:
+        _tprint(f"  {dim('searching')} {dim(lock_file)}…")
         q = urllib.request.quote(f"{pkg} filename:{lock_file} org:{org}")
         data = http_get(
             f"https://api.github.com/search/code?q={q}&per_page=100",
