npm - @activemind/scd - Versions diffs - 1.4.0 - Mend

@activemind/scd 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/LICENSE.md +35 -0
package/README.md +417 -0
package/bin/scd.js +140 -0
package/lib/audit-report.js +93 -0
package/lib/audit-sync.js +172 -0
package/lib/audit.js +356 -0
package/lib/cli-helpers.js +108 -0
package/lib/commands/accept.js +28 -0
package/lib/commands/audit.js +17 -0
package/lib/commands/configure.js +200 -0
package/lib/commands/doctor.js +14 -0
package/lib/commands/exceptions.js +19 -0
package/lib/commands/export-findings.js +46 -0
package/lib/commands/findings.js +306 -0
package/lib/commands/ignore.js +28 -0
package/lib/commands/init.js +16 -0
package/lib/commands/insights.js +24 -0
package/lib/commands/install.js +15 -0
package/lib/commands/list.js +109 -0
package/lib/commands/remove.js +16 -0
package/lib/commands/repo.js +862 -0
package/lib/commands/report.js +234 -0
package/lib/commands/resolve.js +25 -0
package/lib/commands/rules.js +185 -0
package/lib/commands/scan.js +519 -0
package/lib/commands/scope.js +341 -0
package/lib/commands/sync.js +40 -0
package/lib/commands/uninstall.js +15 -0
package/lib/commands/version.js +33 -0
package/lib/comment-map.js +388 -0
package/lib/config.js +325 -0
package/lib/context-modifiers.js +211 -0
package/lib/deep-analyzer.js +225 -0
package/lib/doctor.js +236 -0
package/lib/exception-manager.js +675 -0
package/lib/export-findings.js +376 -0
package/lib/file-context.js +380 -0
package/lib/file-filter.js +204 -0
package/lib/file-manifest.js +145 -0
package/lib/git-utils.js +102 -0
package/lib/global-config.js +239 -0
package/lib/hooks-manager.js +130 -0
package/lib/init-repo.js +147 -0
package/lib/insights-analyzer.js +416 -0
package/lib/insights-output.js +160 -0
package/lib/installer.js +128 -0
package/lib/output-constants.js +32 -0
package/lib/output-terminal.js +407 -0
package/lib/push-queue.js +322 -0
package/lib/remove-repo.js +108 -0
package/lib/repo-context.js +187 -0
package/lib/report-html.js +1154 -0
package/lib/report-index.js +157 -0
package/lib/report-json.js +136 -0
package/lib/report-markdown.js +250 -0
package/lib/resolve-manager.js +148 -0
package/lib/rule-registry.js +205 -0
package/lib/scan-cache.js +171 -0
package/lib/scan-context.js +312 -0
package/lib/scan-schema.js +67 -0
package/lib/scanner-full.js +681 -0
package/lib/scanner-manual.js +348 -0
package/lib/scanner-secrets.js +83 -0
package/lib/scope.js +331 -0
package/lib/store-verify.js +395 -0
package/lib/store.js +310 -0
package/lib/taint-register.js +196 -0
package/lib/version-check.js +46 -0
package/package.json +37 -0
package/rules/rule-loader.js +324 -0
package/rules/rules-aspx-cs.json +399 -0
package/rules/rules-aspx.json +222 -0
package/rules/rules-infra-leakage.json +434 -0
package/rules/rules-js.json +664 -0
package/rules/rules-php.json +521 -0
package/rules/rules-python.json +466 -0
package/rules/rules-secrets.json +99 -0
package/rules/rules-sensitive-files.json +475 -0
package/rules/rules-ts.json +76 -0

package/lib/commands/list.js ADDED Viewed

@@ -0,0 +1,109 @@
+'use strict';
+const { RESET, BOLD, DIM, RED, YELLOW } = require('../output-constants');
+// lib/commands/list.js
+module.exports = { register };
+function register(program) {
+  const { Command } = require('commander');
+  const listCmd = new Command('list')
+    .description('List all repos registered with Secure Code by Design')
+    .option('--json', 'Output as JSON')
+    .action((opts) => {
+      const store = require('../store');
+      const repos = store.listRepos();
+      if (opts.json) {
+        console.log(JSON.stringify(repos, null, 2));
+        return;
+      }
+      if (repos.length === 0) {
+        console.log(DIM + '\n No repos found. Run scd init in a project to get started.' + RESET + '\n');
+        return;
+      }
+      const { cacheAge } = require('../scan-cache');
+      console.log('\n' + BOLD + 'Secure Code by Design – Known repos' + RESET);
+      console.log(DIM + '─'.repeat(72) + RESET);
+      const namW = 24, scanW = 18, findW = 10;
+      console.log(
+        DIM +
+        'Name'.padEnd(namW) +
+        'Last scan'.padEnd(scanW) +
+        'Findings'.padEnd(findW) +
+        'Type'.padEnd(10) +
+        'Store ID' +
+        RESET
+      );
+      console.log(DIM + '─'.repeat(72) + RESET);
+      for (const r of repos.sort((a, b) => (b.lastSeen || '').localeCompare(a.lastSeen || ''))) {
+        const name     = (r.name || r.repoId).slice(0, namW - 1).padEnd(namW);
+        const lastScan = r.lastScan ? cacheAge(r.lastScan).padEnd(scanW) : DIM + '(never)' + RESET.padEnd(scanW + 8);
+        const findings = r.lastScanFindings != null
+          ? (String(r.lastScanFindings) + (r.lastScanCritical ? ' ' + RED + '(' + r.lastScanCritical + 'C)' + RESET : '')).padEnd(findW + (r.lastScanCritical ? 12 : 0))
+          : DIM + '–' + RESET.padEnd(findW + 4);
+        const type     = r.type === 'path-based' ? YELLOW + 'path' + RESET + '    ' : DIM + 'git' + RESET + '     ';
+        const id       = DIM + r.repoId + RESET;
+        console.log(name + lastScan + findings + type + id);
+      }
+      console.log();
+      const pathBased = repos.filter(r => r.type === 'path-based');
+      if (pathBased.length > 0) {
+        console.log(YELLOW + '⚠  ' + pathBased.length + ' repo(s) use path-based IDs (no git remote).');
+        console.log('   IDs may change if the folder is renamed or moved.' + RESET + '\n');
+      }
+    });
+  // ── scd list verify ────────────────────────────────────────────────────────
+  const listVerifyCmd = new Command('verify')
+    .description('Verify all registered repos still exist on disk')
+    .option('--clean',   'Interactive cleanup of missing/stale repos')
+    .option('--verbose', 'Show detail lines for each issue')
+    .option('--json',    'Output results as JSON')
+    .action(async (opts) => {
+      const { verifyAll, renderResults, promptClean } = require('../store-verify');
+      const results = verifyAll();
+      if (results.length === 0) {
+        console.log(DIM + ' No repos found in store.' + RESET + '\n');
+        return;
+      }
+      if (opts.json) {
+        console.log(JSON.stringify(results.map(r => ({
+          repoId:            r.repoId,
+          name:              r.name,
+          status:            r.status,
+          localPath:         r.localPath,
+          remote:            r.remote,
+          type:              r.type,
+          daysSinceLastSeen: r.daysSinceLastSeen,
+          lastScan:          r.lastScan,
+          detail:            r.detail,
+          stats:             r.stats,
+        })), null, 2));
+        return;
+      }
+      const issues = results.filter(r => r.status !== 'OK');
+      console.log('\n' + BOLD + 'Secure Code by Design – Store verify' + RESET);
+      console.log(DIM + '─'.repeat(60) + RESET);
+      console.log(DIM + ' Checking ' + results.length + ' repo' + (results.length !== 1 ? 's' : '') + ' in store…' + RESET);
+      renderResults(results, { verbose: opts.verbose || opts.clean });
+      if (opts.clean && issues.length > 0) {
+        await promptClean(results);
+      }
+    });
+  listCmd.addCommand(listVerifyCmd);
+  program.addCommand(listCmd);
+}

package/lib/commands/remove.js ADDED Viewed

@@ -0,0 +1,16 @@
+'use strict';
+// lib/commands/remove.js
+module.exports = { register };
+function register(program) {
+  program
+    .command('remove')
+    .description('Remove this repo from scd — marks as inactive and optionally deletes scan history')
+    .action(async () => {
+      const { removeRepo } = require('../remove-repo');
+      const { getRepoRoot } = require('../config');
+      const repoRoot = getRepoRoot();
+      await removeRepo(repoRoot);
+    });
+}