npm - @7nsane/zift - Versions diffs - 1.0.5 → 1.0.6 - Mend

@7nsane/zift 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/zift.js +18 -44
package/package.json +3 -1

package/bin/zift.js CHANGED Viewed

@@ -27,7 +27,7 @@ async function main() {
   if (args.includes('--zift')) {
     isInstallMode = true;
-    target = args.find(a => !a.startsWith('-') && !['install', 'i'].includes(a)) || '.';
+    target = args.find(a => !a.startsWith('-') && !['install', 'i', 'npm'].includes(a)) || '.';
   }
   // 3. Flags
@@ -38,7 +38,7 @@ async function main() {
     }
   }
-  // 4. No Args? Show Help or offer Setup
+  // 4. No Args? Show Help
   if (args.length === 0) {
     showHelp();
     return;
@@ -57,9 +57,9 @@ async function main() {
 async function runSetup() {
   const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
   console.log(chalk.blue.bold('\n🛡️  Zift Secure Alias Setup'));
-  console.log(chalk.gray('This will allow you to use `npm install <pkg> --zift` for secure audits.\n'));
+  console.log(chalk.gray('Configure `npm install --zift` for automatic security audits.\n'));
-  const question = chalk.white('Would you like to add the Zift secure alias to your shell profile? (y/n): ');
+  const question = chalk.white('Add the Zift secure wrapper to your shell profile? (y/n): ');
   rl.question(question, (answer) => {
     rl.close();
@@ -70,35 +70,32 @@ async function runSetup() {
         } else {
           setupUnix();
         }
-        console.log(chalk.green('\n✅ Setup complete! Please RESTART your terminal to use the new command.'));
+        console.log(chalk.green('\n✅ Setup complete! Please RESTART your terminal.'));
+        console.log(chalk.gray('Try: npm install <pkg> --zift'));
       } catch (e) {
         console.error(chalk.red('\n❌ Setup failed: ') + e.message);
       }
     } else {
-      console.log(chalk.yellow('\nSetup cancelled. You can always run `zift setup` later.'));
+      console.log(chalk.yellow('\nSetup cancelled.'));
     }
   });
 }
 function setupWindows() {
-  // Define PowerShell function
   const psFunction = `
 # Zift Secure Alias
-function npm-secure {
+function npm {
     if ($args -contains "--zift") {
         $pkg = $args | Where-Object { $_ -ne "install" -and $_ -ne "i" -and $_ -ne "--zift" } | Select-Object -First 1
-        npx @7nsane/zift install $pkg
+        Write-Host "\n🛡️ Zift: Intercepting installation for audit...\n" -ForegroundColor Green
+        npx @7nsane/zift@latest install $pkg
     } else {
-        npm.cmd @args
+        & (Get-Command npm.cmd).Definition @args
     }
 }
-if (!(Test-Path alias:npm)) { Set-Alias npm npm-secure -Force -Scope Global }
 `;
-  // Get PS Profile path
   const profilePath = cp.execSync('powershell -NoProfile -Command "echo $PROFILE"').toString().trim();
   const profileDir = path.dirname(profilePath);
   if (!fs.existsSync(profileDir)) fs.mkdirSync(profileDir, { recursive: true });
   fs.appendFileSync(profilePath, psFunction);
 }
@@ -109,7 +106,7 @@ function setupUnix() {
 npm() {
   if [[ "$*" == *"--zift"* ]]; then
     pkg=$(echo "$@" | sed 's/install//g; s/ i //g; s/--zift//g' | xargs)
-    npx @7nsane/zift install $pkg
+    npx @7nsane/zift@latest install $pkg
   else
     command npm "$@"
   fi
@@ -117,18 +114,12 @@ npm() {
 `;
   const home = os.homedir();
   const profiles = [path.join(home, '.bashrc'), path.join(home, '.zshrc')];
-  profiles.forEach(p => {
-    if (fs.existsSync(p)) {
-      fs.appendFileSync(p, bashFunction);
-    }
-  });
+  profiles.forEach(p => { if (fs.existsSync(p)) fs.appendFileSync(p, bashFunction); });
 }
 async function runLocalScan(targetDir, format) {
   const scanner = new PackageScanner(targetDir);
   if (format === 'text') console.log(chalk.blue(`\n🔍 Scanning local directory: ${path.resolve(targetDir)}`));
   try {
     const findings = await scanner.scan();
     handleFindings(findings, format, targetDir);
@@ -138,12 +129,10 @@ async function runLocalScan(targetDir, format) {
 async function runRemoteAudit(packageName, format, installOnSuccess) {
   if (format === 'text') console.log(chalk.blue(`\n🌍 Remote Audit: Pre-scanning package '${packageName}'...`));
   const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'zift-audit-'));
   try {
     cp.execSync(`npm pack ${packageName}`, { cwd: tmpDir, stdio: 'ignore' });
     const tarball = fs.readdirSync(tmpDir).find(f => f.endsWith('.tgz'));
     cp.execSync(`tar -xzf ${tarball}`, { cwd: tmpDir });
     const scanPath = path.join(tmpDir, 'package');
     const scanner = new PackageScanner(scanPath);
     const findings = await scanner.scan();
@@ -165,14 +154,12 @@ async function runRemoteAudit(packageName, format, installOnSuccess) {
         cleanupAndExit(tmpDir, 0);
       });
     } else { cleanupAndExit(tmpDir, 0); }
-  } catch (err) {
-    cleanupAndExit(tmpDir, 1);
-  }
+  } catch (err) { cleanupAndExit(tmpDir, 1); }
 }
 function handleFindings(findings, format, targetDir, skipExit = false) {
   if (format === 'json') {
-    process.stdout.write(JSON.stringify({ target: targetDir, findings, summary: getSummary(findings) }, null, 2));
+    process.stdout.write(JSON.stringify({ target: targetDir, findings, summary: { Critical: findings.filter(f => f.classification === 'Critical').length, High: findings.filter(f => f.classification === 'High').length, Medium: findings.filter(f => f.classification === 'Medium').length, Low: findings.filter(f => f.classification === 'Low').length } }, null, 2));
     if (!skipExit) process.exit(findings.some(f => f.score >= 90) ? 1 : 0);
     return;
   }
@@ -186,16 +173,15 @@ function handleFindings(findings, format, targetDir, skipExit = false) {
     f.triggers.forEach(t => console.log(chalk.white(`  - ${t.type} in ${t.file}:${t.line} [${t.context}]`)));
     console.log('');
   });
-  printSummary(findings);
   if (!skipExit) process.exit(findings[0].score >= 90 ? 1 : 0);
 }
 function showHelp() {
   console.log(chalk.blue.bold('\n🛡️  Zift - The Elite Security Scanner\n'));
   console.log('Usage:');
-  console.log('  zift setup           Configure secure npm aliases');
-  console.log('  zift install <pkg>   Scan and prompt before installing');
-  console.log('  zift .               Scan current directory');
+  console.log('  zift setup           Configure secure npm wrapper');
+  console.log('  zift install <pkg>   Audit and install package');
+  console.log('  zift .               Scan local directory');
 }
 function cleanupAndExit(dir, code) {
@@ -208,16 +194,4 @@ function handleError(err, format) {
   process.exit(1);
 }
-function getSummary(findings) {
-  const s = { Critical: 0, High: 0, Medium: 0, Low: 0 };
-  findings.forEach(f => s[f.classification]++);
-  return s;
-}
-function printSummary(findings) {
-  const s = getSummary(findings);
-  console.log(chalk.bold('Severity Summary:'));
-  console.log(chalk.red(`  Critical: ${s.Critical}\n  High:     ${s.High}`));
-}
 main();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@7nsane/zift",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "A high-performance, deterministic security scanner for npm packages.",
   "main": "src/scanner.js",
   "bin": {
@@ -24,7 +24,9 @@
   "dependencies": {
     "acorn": "^8.16.0",
     "acorn-walk": "^8.3.5",
+    "axios": "^1.13.6",
     "chalk": "^4.1.2",
+    "express": "^5.2.1",
     "glob": "^13.0.6"
   }
 }