npm - @activemind/scd - Versions diffs - 1.4.0 - Mend

@activemind/scd 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/LICENSE.md +35 -0
package/README.md +417 -0
package/bin/scd.js +140 -0
package/lib/audit-report.js +93 -0
package/lib/audit-sync.js +172 -0
package/lib/audit.js +356 -0
package/lib/cli-helpers.js +108 -0
package/lib/commands/accept.js +28 -0
package/lib/commands/audit.js +17 -0
package/lib/commands/configure.js +200 -0
package/lib/commands/doctor.js +14 -0
package/lib/commands/exceptions.js +19 -0
package/lib/commands/export-findings.js +46 -0
package/lib/commands/findings.js +306 -0
package/lib/commands/ignore.js +28 -0
package/lib/commands/init.js +16 -0
package/lib/commands/insights.js +24 -0
package/lib/commands/install.js +15 -0
package/lib/commands/list.js +109 -0
package/lib/commands/remove.js +16 -0
package/lib/commands/repo.js +862 -0
package/lib/commands/report.js +234 -0
package/lib/commands/resolve.js +25 -0
package/lib/commands/rules.js +185 -0
package/lib/commands/scan.js +519 -0
package/lib/commands/scope.js +341 -0
package/lib/commands/sync.js +40 -0
package/lib/commands/uninstall.js +15 -0
package/lib/commands/version.js +33 -0
package/lib/comment-map.js +388 -0
package/lib/config.js +325 -0
package/lib/context-modifiers.js +211 -0
package/lib/deep-analyzer.js +225 -0
package/lib/doctor.js +236 -0
package/lib/exception-manager.js +675 -0
package/lib/export-findings.js +376 -0
package/lib/file-context.js +380 -0
package/lib/file-filter.js +204 -0
package/lib/file-manifest.js +145 -0
package/lib/git-utils.js +102 -0
package/lib/global-config.js +239 -0
package/lib/hooks-manager.js +130 -0
package/lib/init-repo.js +147 -0
package/lib/insights-analyzer.js +416 -0
package/lib/insights-output.js +160 -0
package/lib/installer.js +128 -0
package/lib/output-constants.js +32 -0
package/lib/output-terminal.js +407 -0
package/lib/push-queue.js +322 -0
package/lib/remove-repo.js +108 -0
package/lib/repo-context.js +187 -0
package/lib/report-html.js +1154 -0
package/lib/report-index.js +157 -0
package/lib/report-json.js +136 -0
package/lib/report-markdown.js +250 -0
package/lib/resolve-manager.js +148 -0
package/lib/rule-registry.js +205 -0
package/lib/scan-cache.js +171 -0
package/lib/scan-context.js +312 -0
package/lib/scan-schema.js +67 -0
package/lib/scanner-full.js +681 -0
package/lib/scanner-manual.js +348 -0
package/lib/scanner-secrets.js +83 -0
package/lib/scope.js +331 -0
package/lib/store-verify.js +395 -0
package/lib/store.js +310 -0
package/lib/taint-register.js +196 -0
package/lib/version-check.js +46 -0
package/package.json +37 -0
package/rules/rule-loader.js +324 -0
package/rules/rules-aspx-cs.json +399 -0
package/rules/rules-aspx.json +222 -0
package/rules/rules-infra-leakage.json +434 -0
package/rules/rules-js.json +664 -0
package/rules/rules-php.json +521 -0
package/rules/rules-python.json +466 -0
package/rules/rules-secrets.json +99 -0
package/rules/rules-sensitive-files.json +475 -0
package/rules/rules-ts.json +76 -0

package/lib/scan-schema.js ADDED Viewed

@@ -0,0 +1,67 @@
+'use strict';
+/**
+ * scan-schema.js
+ * Canonical shape of a scan object persisted by scan-cache.js.
+ *
+ * Written by:
+ *   scan-cache.js  → saveCache()
+ *
+ * Read by:
+ *   bin/scd.js           → scd findings, scd report, scd repo scans, scd export-findings
+ *   lib/exception-manager.js → addExceptionById() (reads findings[].findingId, codeHash)
+ *   lib/report-html.js   → generateReport() (reads: findings, target, scanDate, totalFiles, skipped, repoRoot)
+ *   lib/report-json.js   → generateReport() (reads: findings, target, scanDate, totalFiles)
+ *   lib/report-markdown.js → (reads: findings, target, scanDate, totalFiles, skipped)
+ *   lib/export-findings.js → exportFindings() (reads: findings, scanId, repoRoot)
+ *   lib/audit.js         → logScan() (receives scan data as arguments, not from cache directly)
+ *
+ * Field inventory:
+ *
+ *   scanId      {string}   "s-{8hex}"  — random, unique per scan run
+ *   scanDate    {string}   ISO 8601    — timestamp of scan
+ *   target      {string}   CLI target argument, e.g. "." or "src/app.js"
+ *   totalFiles  {number}   Number of files scanned
+ *   skipped     {Array}    Files skipped: [{ filePath, reason, error? }]
+ *   findings    {Array}    Finding objects from scanner-full.js / scanner-secrets.js
+ *   deepResults {Array|null} Deep analysis results, or null if --deep not used
+ *   hasDeep     {boolean}  True if deepResults is non-empty
+ *   repoRoot    {string}   Absolute path to the repo root at scan time
+ *   scanMode    {string}   "full" | "fast" — from config.scan_mode
+ *   exclusions  {null}     Reserved for future .scdignore + rule_excludes (Phase 4)
+ *
+ * Note: repoRoot and scanMode were previously only sent to logScan(), not persisted
+ * in the scan file. They are now included in the payload so all consumers have
+ * full context without needing to re-resolve the repo root from disk.
+ */
+const REQUIRED_FIELDS = [
+  'scanId',
+  'scanDate',
+  'target',
+  'totalFiles',
+  'skipped',
+  'findings',
+  'repoRoot',
+  'scanMode',
+];
+/**
+ * Validate a scan object and warn on missing required fields.
+ * Never throws — always returns the object as-is.
+ *
+ * @param {object} obj     The scan object to validate
+ * @param {string} context Optional label for the warning (e.g. 'saveCache')
+ * @returns {object}       The same object, unmodified
+ */
+function validateScan(obj, context) {
+  for (const field of REQUIRED_FIELDS) {
+    if (obj[field] === undefined) {
+      const label = context ? ' (' + context + ')' : '';
+      console.warn('[scd] scan object missing field: ' + field + label);
+    }
+  }
+  return obj;
+}
+module.exports = { validateScan, REQUIRED_FIELDS };