Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
@gitlab/duo-cli
Advanced tools
GitLab CLI Development
GitLab Duo CLI (@gitlab/duo-cli) - GitLab Duo for your command line.
Installing
The Duo CLI can be installed from the npm registry using npm, bun, yarn etc:
npm install -g @gitlab/duo-cli
After installing, the CLI can be run with duo.
Alternatively, the CLI can be directly run without an explicit install:
npx -y @gitlab/duo-cli
Updating
The CLI can be updated the same way you installed it, specifying @latest to ensure the latest version is installed:
npm install -g @gitlab/duo-cli@latest
Usage
Run duo to start the CLI terminal UI. You will be prompted for an authentication token on first run. Your token must have the api scope granted.
The CLI help text can be displayed with the --help flag, globally or per-command for more details:
duo --help
duo run --help
This will provide details of all available commands and flags.
Contributing
Prerequisites
This CLI project is built using bun. Make sure you have the following installed:
- Install mise and bun:
mise install - Install dependencies using bun package manager:
npm run install:bun
in order to continue working with the language server, install dependencies with npm package manager: npm run install:npm
Compilation
To create standalone executables for distribution, use the compilation script:
npm run build:binary
This will create cross-platform executables in the ./bin directory:
duo-linux-x64- Linux 64-bitduo-linux-arm64- Linux ARM64duo-darwin-x64- macOS Intelduo-darwin-arm64- macOS Apple Siliconduo-windows-x64.exe- Windows 64-bit
Development
There are a few handy commands available for development:
dev:watch- starts the application with bun in watch mode. The application will be automatically restarted if code changes are madedev:watch-tools- as above, but react devtools will be started alongside connected to the applicationstart- compiles the application to js and starts it. This is exactly the version of the app that will be packaged to the npm package. It is recommended to test your changes with it before creating an MR
When using the package.json scripts, use -- to separate flags between npm/CLI. For example:
cd packages/cli
npm run dev:watch -- --cwd /foo/bar # this passes through --cwd to the CLI, rather than npm itself getting the flag
Troubleshooting
If you have issues with Bun not resolving installed node_modules in the packages, you may need to clear node_modules folders and reinstall:
npm run install:bun
FAQs
GitLab Duo for your command line
We found that @gitlab/duo-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 18 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025