Security News
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems
RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.
By Sarah Gooding - Jun 05, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@gitlab/duo-cli
Advanced tools
GitLab Duo CLI (Beta)
[!note] Duo CLI npm package (
@gitlab/duo-cli) is not under active development. Install the GitLab Duo CLI withglab duo clior as a standalone binary instead.
GitLab Duo for your command line. An AI-powered CLI tool that brings GitLab Duo Agentic Chat to your terminal.
📖 For installation, usage, and configuration see the GitLab Duo CLI documentation.
Development
To run the CLI from a local checkout:
bun run cli
This builds and launches the app. Pass CLI flags after --:
bun run cli -- run --goal "example"
For hot-reload development, use bun run dev:watch instead.
See the full Development Guide for prerequisites, building, debugging, testing, and architecture details.
Packages
The GitLab Duo CLI is split across two packages:
packages/cli— CLI entry point, command routing, backend abstraction, and controllers for interactive and headless modes.packages/tui— React-based terminal UI built on Ink. Pure presentation layer with zero domain logic. Renders the chat interface, messages, tool calls, diffs, and Markdown.
License
See the License for details.
FAQs
GitLab Duo for your command line
The npm package @gitlab/duo-cli receives a total of 76,049 weekly downloads. As such, @gitlab/duo-cli popularity was classified as popular.
We found that @gitlab/duo-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 25 May 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.
By Sarah Gooding - Jun 04, 2026
Security News
Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog
Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.
By Sarah Gooding - Jun 03, 2026