@7nsane/zift 1.0.4 → 1.0.5

package/README.md

@@ -19,14 +19,15 @@ npm install -g @7nsane/zift
 ## Usage
 
 ```bash
+# NEW: Secure Installer Mode (Scan + Install)
+@7nsane/zift install <package-name>
+@7nsane/zift i <package-name>
+
 # Scan current directory
 @7nsane/zift .
 
-# Scan a specific package or directory
+# Scan a specific folder
 @7nsane/zift ./node_modules/example-pkg
-
-# Output result in JSON format for CI/CD pipelines
-@7nsane/zift . --format json
 ```
 
 ## Rule Transparency

package/bin/zift.js

@@ -13,57 +13,130 @@ async function main() {
   let format = 'text';
   let isInstallMode = false;
 
-  // Verb detection: zift install <pkg> or zift i <pkg>
+  // 1. Setup Command
+  if (args[0] === 'setup') {
+    await runSetup();
+    return;
+  }
+
+  // 2. Installation Verbs
   if (args[0] === 'install' || args[0] === 'i') {
     isInstallMode = true;
-    target = args[1] || '.';
+    target = args.find((a, i) => i > 0 && !a.startsWith('-')) || '.';
   }
 
-  // Flag detection: zift <pkg> --zift (for future-proofing/aliases)
   if (args.includes('--zift')) {
     isInstallMode = true;
+    target = args.find(a => !a.startsWith('-') && !['install', 'i'].includes(a)) || '.';
   }
 
-  // Basic arg parsing for other flags
+  // 3. Flags
   for (let i = 0; i < args.length; i++) {
     if (args[i] === '--format' && args[i + 1]) {
       format = args[i + 1];
       i++;
-    } else if (!args[i].startsWith('-') && !['install', 'i'].includes(args[i])) {
-      target = args[i];
     }
   }
 
-  // Determine if target is a local folder
+  // 4. No Args? Show Help or offer Setup
+  if (args.length === 0) {
+    showHelp();
+    return;
+  }
+
+  // 5. Execution
   const isLocal = fs.existsSync(target) && fs.lstatSync(target).isDirectory();
 
   if (isLocal) {
     await runLocalScan(target, format);
   } else {
-    // Treat as remote package name
     await runRemoteAudit(target, format, isInstallMode);
   }
 }
 
+async function runSetup() {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  console.log(chalk.blue.bold('\n🛡️  Zift Secure Alias Setup'));
+  console.log(chalk.gray('This will allow you to use `npm install <pkg> --zift` for secure audits.\n'));
+
+  const question = chalk.white('Would you like to add the Zift secure alias to your shell profile? (y/n): ');
+
+  rl.question(question, (answer) => {
+    rl.close();
+    if (['y', 'yes'].includes(answer.toLowerCase())) {
+      try {
+        if (os.platform() === 'win32') {
+          setupWindows();
+        } else {
+          setupUnix();
+        }
+        console.log(chalk.green('\n✅ Setup complete! Please RESTART your terminal to use the new command.'));
+      } catch (e) {
+        console.error(chalk.red('\n❌ Setup failed: ') + e.message);
+      }
+    } else {
+      console.log(chalk.yellow('\nSetup cancelled. You can always run `zift setup` later.'));
+    }
+  });
+}
+
+function setupWindows() {
+  // Define PowerShell function
+  const psFunction = `
+# Zift Secure Alias
+function npm-secure {
+    if ($args -contains "--zift") {
+        $pkg = $args | Where-Object { $_ -ne "install" -and $_ -ne "i" -and $_ -ne "--zift" } | Select-Object -First 1
+        npx @7nsane/zift install $pkg
+    } else {
+        npm.cmd @args
+    }
+}
+if (!(Test-Path alias:npm)) { Set-Alias npm npm-secure -Force -Scope Global }
+`;
+
+  // Get PS Profile path
+  const profilePath = cp.execSync('powershell -NoProfile -Command "echo $PROFILE"').toString().trim();
+  const profileDir = path.dirname(profilePath);
+
+  if (!fs.existsSync(profileDir)) fs.mkdirSync(profileDir, { recursive: true });
+  fs.appendFileSync(profilePath, psFunction);
+}
+
+function setupUnix() {
+  const bashFunction = `
+# Zift Secure Alias
+npm() {
+  if [[ "$*" == *"--zift"* ]]; then
+    pkg=$(echo "$@" | sed 's/install//g; s/ i //g; s/--zift//g' | xargs)
+    npx @7nsane/zift install $pkg
+  else
+    command npm "$@"
+  fi
+}
+`;
+  const home = os.homedir();
+  const profiles = [path.join(home, '.bashrc'), path.join(home, '.zshrc')];
+
+  profiles.forEach(p => {
+    if (fs.existsSync(p)) {
+      fs.appendFileSync(p, bashFunction);
+    }
+  });
+}
+
 async function runLocalScan(targetDir, format) {
   const scanner = new PackageScanner(targetDir);
-  if (format === 'text') {
-    console.log(chalk.blue(`\n🔍 Scanning local directory: ${path.resolve(targetDir)}`));
-  }
+  if (format === 'text') console.log(chalk.blue(`\n🔍 Scanning local directory: ${path.resolve(targetDir)}`));
 
   try {
     const findings = await scanner.scan();
     handleFindings(findings, format, targetDir);
-  } catch (err) {
-    handleError(err, format);
-  }
+  } catch (err) { handleError(err, format); }
 }
 
-async function runRemoteAudit(packageName, format, forceInstall = false) {
-  if (format === 'text') {
-    console.log(chalk.blue(`\n🌍 Remote Audit: Pre-scanning package '${packageName}'...`));
-  }
-
+async function runRemoteAudit(packageName, format, installOnSuccess) {
+  if (format === 'text') console.log(chalk.blue(`\n🌍 Remote Audit: Pre-scanning package '${packageName}'...`));
   const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'zift-audit-'));
 
   try {
@@ -74,44 +147,25 @@ async function runRemoteAudit(packageName, format, forceInstall = false) {
     const scanPath = path.join(tmpDir, 'package');
     const scanner = new PackageScanner(scanPath);
     const findings = await scanner.scan();
-
-    if (format === 'text') {
-      const s = getSummary(findings);
-      const statusText = s.Critical > 0 ? chalk.red.bold('CRITICAL RISK') :
-        s.High > 0 ? chalk.red('HIGH RISK') :
-          s.Medium > 0 ? chalk.yellow('WARNING') : chalk.green('SECURE');
-
-      console.log(chalk.green(`✅ Audit of '${packageName}' complete. Status: ${statusText}`));
-    }
-
     handleFindings(findings, format, scanPath, true);
 
     if (format === 'text') {
       const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
       const promptText = findings.length > 0
         ? chalk.yellow(`\n⚠️  Suspicious patterns found. Still install '${packageName}'? (y/n): `)
-        : chalk.blue(`\nProceed with installation of '${packageName}'? (y/n): `);
+        : chalk.blue(`\nAudit passed. Proceed with installation of '${packageName}'? (y/n): `);
 
       rl.question(promptText, (answer) => {
         rl.close();
-        const confirmed = ['y', 'yes'].includes(answer.toLowerCase());
-
-        if (confirmed) {
+        if (['y', 'yes'].includes(answer.toLowerCase())) {
           console.log(chalk.blue(`\n📦 Installing ${packageName}...`));
-          try {
-            cp.execSync(`npm install ${packageName}`, { stdio: 'inherit' });
-            console.log(chalk.green(`\n✅ ${packageName} installed successfully.`));
-          } catch (e) { console.error(chalk.red(`\n❌ Installation failed.`)); }
-        } else {
-          console.log(chalk.red(`\n❌ Installation aborted by user.`));
+          cp.execSync(`npm install ${packageName}`, { stdio: 'inherit' });
+          console.log(chalk.green(`\n✅ ${packageName} installed successfully.`));
         }
         cleanupAndExit(tmpDir, 0);
       });
-    } else {
-      cleanupAndExit(tmpDir, 0);
-    }
+    } else { cleanupAndExit(tmpDir, 0); }
   } catch (err) {
-    console.error(chalk.red(`\n❌ Audit failed: Ensure '${packageName}' is a valid npm package.`));
     cleanupAndExit(tmpDir, 1);
   }
 }
@@ -122,38 +176,35 @@ function handleFindings(findings, format, targetDir, skipExit = false) {
     if (!skipExit) process.exit(findings.some(f => f.score >= 90) ? 1 : 0);
     return;
   }
-
   if (findings.length === 0) {
-    if (!skipExit) {
-      console.log(chalk.green('\n✅ No suspicious patterns detected. All modules safe.'));
-      process.exit(0);
-    }
+    if (!skipExit) { console.log(chalk.green('\n✅ No suspicious patterns detected. All modules safe.')); process.exit(0); }
     return;
   }
-
-  console.log(chalk.yellow(`\n⚠️  Suspicious patterns found:\n`));
   findings.forEach(f => {
     const color = { 'Critical': chalk.red.bold, 'High': chalk.red, 'Medium': chalk.yellow, 'Low': chalk.blue }[f.classification];
     console.log(color(`[${f.classification}] ${f.id} ${f.name} (Score: ${f.score})`));
     f.triggers.forEach(t => console.log(chalk.white(`  - ${t.type} in ${t.file}:${t.line} [${t.context}]`)));
     console.log('');
   });
-
   printSummary(findings);
+  if (!skipExit) process.exit(findings[0].score >= 90 ? 1 : 0);
+}
 
-  if (!skipExit) {
-    process.exit(findings[0].score >= 90 ? 1 : 0);
-  }
+function showHelp() {
+  console.log(chalk.blue.bold('\n🛡️  Zift - The Elite Security Scanner\n'));
+  console.log('Usage:');
+  console.log('  zift setup           Configure secure npm aliases');
+  console.log('  zift install <pkg>   Scan and prompt before installing');
+  console.log('  zift .               Scan current directory');
 }
 
 function cleanupAndExit(dir, code) {
   if (fs.existsSync(dir)) fs.rmSync(dir, { recursive: true, force: true });
-  if (code !== undefined) process.exit(code);
+  process.exit(code);
 }
 
 function handleError(err, format) {
-  if (format === 'json') console.error(JSON.stringify({ error: err.message }));
-  else console.error(chalk.red(`\n❌ Fatal Error: ${err.message}`));
+  console.error(chalk.red(`\n❌ Error: ${err.message}`));
   process.exit(1);
 }
 
@@ -167,8 +218,6 @@ function printSummary(findings) {
   const s = getSummary(findings);
   console.log(chalk.bold('Severity Summary:'));
   console.log(chalk.red(`  Critical: ${s.Critical}\n  High:     ${s.High}`));
-  console.log(chalk.yellow(`  Medium:   ${s.Medium}`));
-  console.log(chalk.blue(`  Low:      ${s.Low}`));
 }
 
 main();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@7nsane/zift",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "A high-performance, deterministic security scanner for npm packages.",
   "main": "src/scanner.js",
   "bin": {