fix(cli): correct --format parsing so the default invocation works

[dmchaledev]

Problem

The CLI crashes on its own headline documented usage. Running the first example from the README:

npx @hailbytes/sbom-diff old.json new.json

fails with:

Error: Unsupported format: old.json

Root cause

src/cli.ts derived the format like this:

const formatArg = args.find(a => a.startsWith('--format='))?.split('=')[1]
    ?? args[args.indexOf('--format') + 1];

When no --format flag is present, args.indexOf('--format') returns -1, so args[-1 + 1] → args[0] — the first file path — gets used as the report format. The default text output (the most common usage) therefore never worked.

A second bug: a space-separated --format json placed before the positional arguments was also broken, because positional filtering only checked startsWith('--') and so treated the value json as a file path:

$ sbom-diff --format json old.json new.json
Error: ENOENT: no such file or directory, open 'json'

Fix

Rewrite argument parsing into a single, order-independent pass (parseArgs) that:

• defaults to text when no flag is given
• supports both --format=value and --format value
• consumes the flag's value so it is never mistaken for a file path
• validates the format and prints a clean one-line error (no stack trace) on an invalid value
• rejects unknown options

parseArgs is exported and main() is guarded to run only when the module is invoked directly, which makes the parser unit-testable.

Tests

Added src/__tests__/cli.test.ts covering both regressions plus edge cases (missing value, invalid value, unknown option, flag-before-paths). Full suite: 27 passing. npm run build and npm run lint are clean.

Before / after

# before
$ sbom-diff old.json new.json
Error: Unsupported format: old.json

# after
$ sbom-diff old.json new.json
SBOM Diff Report
=================
...

https://claude.ai/code/session_018XXxUt46ifP93Dt4WnTkZo

---

Generated by Claude Code