Command-line interface

Deslint CLI — verify, fix, and attest from the terminal.

The CLI is the deterministic engine underneath every Deslint surface. It scans, fixes, and emits a Sigstore-ready attestation you can commit as a trailer. Use it standalone for pre-commit hooks and local development, or as the source of truth the MCP server and GitHub Action both delegate to.

Install

$ npm install -D @deslint/cli

Also available via pnpm add -D @deslint/cli or bun add -d @deslint/cli. Requires Node 20.19+.

Scan in 5 seconds

One command, one exit code, one Design Health Score. Run it from a pre-commit hook or CI step without any extra config — Deslint detects Tailwind, the framework, and the test surface on its own.

$ npx deslint scan Deslint Design Health Report ──────────────────────────────────────────────────────── Design Health Score: 95/100 (pass) Colors ██████████████████░░ 95 (3 violations) Spacing ███████████████████░ 97 (2 violations) Typography ████████████████████ 100 Responsive █████████████████░░░ 92 (5 violations) Consistency ████████████████████ 100 Files scanned: 247 Files with issues: 8 Total violations: 10 warnings, 0 errors Design debt: 42m estimated remediation effort See https://deslint.com/docs/rules for fixes.

Every command

deslint scan
--format json|sarif--min-score <0-100>--fail-on <level>--diff <ref>--budget <path>
Scan a directory and report the Design Health Score, violations per category, and estimated design debt.
deslint fix
--interactive--dry-run--stage-only
Apply every safe autofix across the workspace. Opinionated fixes are read-only — run interactively or opt in per rule.
deslint init
Interactive wizard that seeds .deslintrc.json — auto-detects Tailwind v3/v4 tokens and the framework (React / Vue / Svelte / Angular / HTML).
deslint import-tokens
--figma <file-id>--style-dictionary <path>--stitch <path>--force
Pull design tokens from a Figma file, a Style Dictionary JSON, or a Google Stitch / Material 3 export. Refuses to clobber existing files without --force.
deslint attest
--budget <path>
Emit a reproducible .deslint/attestation.json for the current scan. Set DESLINT_ATTEST_SIGNER=sigstore to also write a signed Sigstore sidecar.
deslint verify
--signer-identity <regex>--signer-issuer <url>--show-signer
Verify a .deslint/attestation.json against its Sigstore bundle. Exit 0 on a valid signature, non-zero on tamper. --signer-identity pins the acceptable cert SAN.
deslint trend
--since <ref>--format text|json
Show the Design Health Score trend over time from .deslint/history.json. Spot regressions and attribute them to commits.
deslint compliance
--format html|json--output <path>
Generate a WCAG 2.2 conformance report (HTML or JSON) — maps each rule to the WCAG success criterion it enforces.
deslint generate-config
<target>
Emit config files for AI tools (Cursor rules, CLAUDE.md, AGENTS.md, .windsurfrules) that tell your agent to call Deslint after UI edits.
deslint suggest-tokens
Group unfixable arbitrary values across the repo and emit a ready-to-paste `@theme` CSS block so you can upgrade the design system in one commit.

Exit codes

Deterministic exit codes so CI and pre-commit hooks can branch without parsing output.

Exit	Meaning
0	Clean scan — no violations of the configured severity or budget.
1	Violations found. Default fires only on `error` severity; override with `--fail-on`.
2	Usage error — bad flag, missing argument, or unreadable config.

Why a local CLI — not a cloud service

Every check is deterministic. The CLI runs ESLint rules — same input, same output, every run. No LLM inference in the evaluation path.
Zero code egress. Scans read files from disk and write JSON/SARIF to stdout or a local path. No outbound network calls unless you explicitly opt in with import-tokens --figma.
Sigstore-signable attestations. Run deslint attest to commit a reproducible score claim; the GitHub Action re-verifies it at merge time so a trailer can't lie.

Full getting-started guide All 34 rules MCP server instead