npm - @aldegad/safedeps - Versions diffs - 2.5.0 → 2.6.0 - Mend

@aldegad/safedeps 2.5.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.ko.md +28 -8
package/README.md +28 -6
package/bin/safedeps +41 -41
package/package.json +1 -1
package/scripts/safedeps-post-verify.sh +6 -6
package/scripts/test/e2e.sh +52 -2
package/scripts/test/smoke.sh +1 -1

package/README.ko.md CHANGED Viewed

@@ -1,18 +1,30 @@
-# Safedeps
+# safedeps
-> **모든 install 을 미확정 블록으로 본다 — `safedeps` 는 안전한 것만 승인하고, 그렇지 않으면 reorg 한다.**
+> **AI 코딩 에이전트가 취약하거나 미승인된 의존성을 설치하지 못하게 막고, 빠져나간 건 롤백한다.**
 >
-> OSV / CISA KEV / GitHub Advisory 로 의존성 spec 을 사전 승인하고, Claude Code 와 Codex CLI 의 hook 에서 실제 설치 closure 를 강제하며, 승인과 어긋난 install 은 자동으로 마지막 안전 snapshot 으로 롤백한다.
+> `safedeps` 는 Claude Code·Codex CLI 에이전트가 실행하는 모든 의존성 install 을 게이트한다. 패키지를 OSV / CISA KEV / GitHub Advisory 로 사전 승인하고, 실제로 lockfile 에 깔린 closure 를 다시 검증하며, 어긋난 건 자동으로 롤백한다. 전부 로컬에서 돌고 런타임 의존성은 0.
-*Detailed reference → [README.md](./README.md) (영문, SSoT)*
+- **사전 승인** — 모든 `pkg@version` 과 (npm 은) 그 전체 transitive closure 를 설치 *전에* OSV(정본)·CISA KEV·GitHub Advisory 로 검사한다.
+- **실제 effect 강제** — 설치 후 실제 `package-lock.json` closure 를 다시 확인하므로, 래핑·난독화된 명령도 게이트를 못 빠져나간다.
+- **롤백** — 미승인·신규 취약 패키지는 마지막 확정 안전 snapshot 으로 되돌린다. Claude Code 에서는 install 이 inert(`--ignore-scripts`)로 돌아 거부된 패키지의 lifecycle script 가 아예 실행되지 않는다.
----
+## Quickstart
-## "reorg" 는 뭐고 왜 그 비유인가
+```bash
+# 1. CLI 설치 — npm 패키지는 scoped, @aldegad/ 접두사 주의
+npm install -g @aldegad/safedeps
-블록체인에서 **reorg (재편성)** 은 미확정 블록 시퀀스를 무효화하고 마지막 확정된 안전 상태로 체인을 되돌린다. `safedeps` 는 같은 원리를 `node_modules` 에 적용한다 — 모든 install 은 일련의 공급망 보안 검사를 통과하기 전까지는 **미확정 블록 후보** 로 취급된다. 의심스러우면 도구가 **reorg** 를 수행한다 — lock 파일, `package.json`, `node_modules` 를 마지막 확정된 안전 snapshot 으로 되돌린다.
+# 2. Claude Code / Codex 에 hook 연결 (idempotent)
+cd "$(npm root -g)/@aldegad/safedeps" && node scripts/install/install-safedeps-hooks.mjs
-빠른 advisory 피드백, 관측 가능한 rollback, silent fallback 없음. command guard 는 best-effort UX 이고, 설치 결과 effect 가 backstop 이다.
+# 3. 끝 — 이제 에이전트가 실행하는 모든 의존성 install 이 자동으로 게이트된다.
+```
+> `safedeps` 는 CLI 명령어이고, npm 패키지는 **`@aldegad/safedeps`** 다 — npm 의 unscoped `safedeps` 는 무관한 남의 패키지. 전체 skill 소스 트리를 원하면 [설치](#설치) 참고.
+![safedeps 가 취약한 install 을 보류하고, 패치 버전은 통과시킨다](assets/demo.gif)
+*Detailed reference → [README.md](./README.md) (영문, SSoT)*
 ---
@@ -193,6 +205,14 @@ node scripts/install/install-safedeps-recheck-agent.mjs install --hour 9 --minut
 ---
+## "reorg" 는 뭐고 왜 그 비유인가
+블록체인에서 **reorg (재편성)** 은 미확정 블록 시퀀스를 무효화하고 마지막 확정된 안전 상태로 체인을 되돌린다. `safedeps` 는 모든 install 을 똑같이 본다 — 일련의 공급망 보안 검사를 통과하기 전까지는 미확정 블록 후보다. 설치된 effect 가 어긋나면 도구가 **reorg** 를 수행한다 — lock 파일, `package.json`, `node_modules` 를 마지막 확정된 안전 snapshot 으로 되돌린다.
+하지만 reorg 는 **최전선이 아니라 backstop 이다.** 나쁜 install 의 대부분은 여기까지 오지도 않는다 — 사전 승인 게이트가 미승인·플래그된 패키지를 실행 전에 *거부* 하고, Claude Code 에서는 install 이 **inert (`--ignore-scripts`)** 로 돌아 closure 가 깨끗하다고 검증되기 전까지 lifecycle script 가 실행되지 않는다. reorg 가 발동하는 건 잔여 케이스뿐이다 — 승인된 직접 패키지가 미승인·취약 transitive 를 끌어오거나, 래핑된 명령이 advisory 계층을 빠져나간 경우 — 그리고 그때조차 실행되지도 못한 파일을 되돌린다.
+빠른 advisory 피드백, 관측 가능한 rollback, silent fallback 없음. command guard 는 best-effort UX 이고, 설치 결과 effect 가 backstop 이다.
 ## 다른 도구와 뭐가 다른가
 `safedeps` 는 **AI 에이전트가 코딩 중 install 명령을 작성하는 순간**에 끼어드는 도구다. CI 스캔, PR 권장, runtime sandbox 처럼 다른 시점에서 동작하는 도구들과 핵심 차별점이 여기 있다.

package/README.md CHANGED Viewed

@@ -1,14 +1,28 @@
-# Safedeps
+# safedeps
-> **Treat every install as an unconfirmed block — `safedeps` approves the safe ones, reorgs the rest.**
+> **Stop your AI coding agent from installing vulnerable or unapproved dependencies — and roll back the ones that slip through.**
 >
-> Pre-approve dependency installs against OSV / CISA KEV / GitHub Advisory, enforce the installed closure from Claude Code and Codex CLI hooks, and auto-rollback any install that diverges from the approved closure. *(한국어 README → [README.ko.md](./README.ko.md))*
+> `safedeps` gates every dependency install your Claude Code or Codex CLI agent runs. It pre-approves packages against OSV / CISA KEV / GitHub Advisory, re-verifies the closure that actually lands in your lockfile, and auto-rolls-back anything that diverges. Local-only, with zero runtime dependencies. *(한국어 README → [README.ko.md](./README.ko.md))*
-## Why "reorg"?
+- **Pre-approve** — every `pkg@version`, plus its full transitive closure for npm, is cleared against OSV (canonical), CISA KEV, and GitHub Advisory *before* it installs.
+- **Enforce the real effect** — after the install, the actual `package-lock.json` closure is re-checked, so a wrapped or obfuscated command can't sneak a package past the gate.
+- **Roll back** — anything unapproved or newly-vulnerable is reverted to the last confirmed safe snapshot. On Claude Code the install runs inert (`--ignore-scripts`), so a rejected package's lifecycle scripts never run.
-In blockchain networks, a **reorganization (reorg)** invalidates a sequence of blocks and reverts the chain to a previously confirmed safe state. `safedeps` applies the same principle to your `node_modules`: every install is treated as an unconfirmed block candidate until it passes a battery of supply-chain security checks. If anything looks wrong, the tool performs a **reorg** -- rolling back lock files, `package.json`, and `node_modules` to the last confirmed safe snapshot.
+## Quickstart
-Fast advisory feedback, observable rollback, and no hidden fallback. The command guard is best-effort UX; the installed effect is the backstop.
+```bash
+# 1. Install the CLI — the npm package is scoped, note the @aldegad/ prefix
+npm install -g @aldegad/safedeps
+# 2. Wire the hooks into Claude Code / Codex (idempotent)
+cd "$(npm root -g)/@aldegad/safedeps" && node scripts/install/install-safedeps-hooks.mjs
+# 3. Done — every dependency install your agent runs is now gated.
+```
+> `safedeps` is the CLI command; the npm package is **`@aldegad/safedeps`** — the unscoped `safedeps` on npm is an unrelated package. Prefer the full skill source tree? See [Installation](#installation).
+![safedeps withholds a vulnerable install, then clears the patched version](assets/demo.gif)
 ## Distribution Model
@@ -115,6 +129,14 @@ After the install command completes, the verify hook analyzes what changed. For
   4. The event is logged to `~/.safedeps/reorg.log`.
   5. Claude Code receives a system message detailing the detected threats and rollback actions.
+## Why "reorg"?
+The name borrows from blockchain, where a **reorganization (reorg)** invalidates a sequence of unconfirmed blocks and reverts the chain to its last confirmed safe state. `safedeps` treats every install the same way: an unconfirmed block candidate until it passes a battery of supply-chain checks. If the installed effect diverges, the tool performs a **reorg** -- rolling the lock file, `package.json`, and `node_modules` back to the last confirmed safe snapshot.
+But the reorg is the **backstop, not the front line.** Most bad installs never reach it: the pre-approval gate *denies* an unapproved or flagged package before it runs, and on Claude Code the install runs **inert** (`--ignore-scripts`) so lifecycle scripts do not execute until the closure verifies clean. The reorg fires for the residual case -- an approved direct package that pulls in an unapproved or vulnerable transitive, or a wrapped command that slips past the advisory layer -- and even then it rolls back files that never got to run.
+Fast advisory feedback, observable rollback, and no hidden fallback. The command guard is best-effort UX; the installed effect is the backstop.
 ## The Blockchain Analogy
 | Blockchain Concept | Safedeps Equivalent |

package/bin/safedeps CHANGED Viewed

@@ -7,7 +7,7 @@
 set -euo pipefail
-SAFEDEPS_VERSION="2.5.0"
+SAFEDEPS_VERSION="2.6.0"
 # ---- repo / lib bootstrap ----------------------------------------------------
@@ -340,7 +340,7 @@ sf_cmd_check_npm_full_closure() {
   evidence_file=$(sf_mktemp_evidence)
   transitive_file=$(sf_closure_temp_file)
-  sf_spinner_start "npm closure 해석 중 (${pkg}@${version})"
+  sf_spinner_start "resolving npm closure (${pkg}@${version})"
   if ! sf_npm_closure_for_spec "${pkg}" "${version}" "${closure_file}"; then
     sf_spinner_stop
     rm -f "${closure_file}" "${batch_file}" "${evidence_file}" "${transitive_file}"
@@ -352,10 +352,10 @@ sf_cmd_check_npm_full_closure() {
   fi
   sf_spinner_stop
-  sf_spinner_start "closure 취약점 batch 조회 중 (OSV / KEV)"
+  sf_spinner_start "batch-checking closure for advisories (OSV / KEV)"
   if ! sf_npm_batch_check_closure "${closure_file}" "${batch_file}"; then
     sf_spinner_stop
-    sf_err "OSV batch 응답 없음 — fail-closed (closure cache miss + 라이브 실패)"
+    sf_err "no OSV batch response — fail-closed (closure cache miss + live query failed)"
     sf_advisory_log "check fail-closed npm-closure package=${pkg} version=${version}"
     rm -f "${closure_file}" "${batch_file}" "${evidence_file}" "${transitive_file}"
     if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
@@ -377,7 +377,7 @@ sf_cmd_check_npm_full_closure() {
   if [[ "${kev_count}" -gt 0 ]]; then
     local kev_summary
     kev_summary=$(jq -r '[.[] | select(.status == "hard_block") | "\(.package)@\(.version)" + (if .direct then " (direct)" else " (transitive)" end)] | join(", ")' "${batch_file}")
-    sf_err "KEV 매칭 closure 감지 — 설치 차단: ${kev_summary}"
+    sf_err "KEV-matched package in closure — install blocked: ${kev_summary}"
     sf_advisory_log "check block(KEV closure) package=${pkg} version=${version} affected=${kev_summary}"
     if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
       sf_npm_emit_closure_block_json "kev_hard_block" "${ecosystem}" "${pkg}" "${range}" "${version}" "${batch_file}"
@@ -402,7 +402,7 @@ sf_cmd_check_npm_full_closure() {
       fi
       for patched_version in "${patched_versions[@]+${patched_versions[@]}}"; do
-        sf_warn "${pkg}@${version} direct 취약 — 후보 ${patched_version} closure 재조회 중."
+        sf_warn "${pkg}@${version} direct vulnerable — re-checking closure for candidate ${patched_version}."
         if ! sf_npm_closure_for_spec "${pkg}" "${patched_version}" "${closure_file}"; then
           continue
         fi
@@ -422,7 +422,7 @@ sf_cmd_check_npm_full_closure() {
         local hash; hash=$(jq -r '.hash' <<< "${spec_json}")
         local expires_at; expires_at=$(jq -r '.expires_at' <<< "${spec_json}")
         local transitive_count; transitive_count=$(jq 'length' "${transitive_file}")
-        sf_ok "${pkg}@${patched_version} full closure 승인 (transitive ${transitive_count}, until ${expires_at})"
+        sf_ok "${pkg}@${patched_version} full closure cleared (transitive ${transitive_count}, until ${expires_at})"
         sf_info "ledger: ${hash}"
         sf_advisory_log "check approve(patched closure) package=${pkg} version=${patched_version} hash=${hash} transitive=${transitive_count} prev_version=${version}"
         rm -f "${direct_evidence}" "${closure_file}" "${batch_file}" "${evidence_file}" "${transitive_file}"
@@ -443,7 +443,7 @@ sf_cmd_check_npm_full_closure() {
     local affected_summary
     affected_summary=$(jq -r '[.[] | select(.status == "vulnerable") | "\(.package)@\(.version)" + (if .direct then " (direct)" else " (transitive)" end)] | join(", ")' "${batch_file}")
-    sf_warn "closure 에 취약 패키지 감지 — 승인 보류: ${affected_summary}"
+    sf_warn "vulnerable package in closure — approval withheld: ${affected_summary}"
     sf_advisory_log "check block(vulnerable closure) package=${pkg} version=${version} affected=${affected_summary}"
     if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
       sf_npm_emit_closure_block_json "${block_result}" "${ecosystem}" "${pkg}" "${range}" "${version}" "${batch_file}"
@@ -459,7 +459,7 @@ sf_cmd_check_npm_full_closure() {
   local hash; hash=$(jq -r '.hash' <<< "${spec_json}")
   local expires_at; expires_at=$(jq -r '.expires_at' <<< "${spec_json}")
   local transitive_count; transitive_count=$(jq 'length' "${transitive_file}")
-  sf_ok "${pkg}@${version} full closure 승인 (transitive ${transitive_count}, until ${expires_at})"
+  sf_ok "${pkg}@${version} full closure cleared (transitive ${transitive_count}, until ${expires_at})"
   sf_info "ledger: ${hash}"
   sf_advisory_log "check approve(clean closure) package=${pkg} version=${version} hash=${hash} transitive=${transitive_count}"
   rm -f "${closure_file}" "${batch_file}" "${evidence_file}" "${transitive_file}"
@@ -506,10 +506,10 @@ cmd_check() {
   range=$(sf_parse_pkg_spec "${pkg_spec}" | sed -n '2p')
   local version
-  sf_spinner_start "버전 해석 중 (${pkg}@${range})"
+  sf_spinner_start "resolving version (${pkg}@${range})"
   if ! version=$(sf_resolve_version "${ecosystem}" "${pkg}" "${range}"); then
     sf_spinner_stop
-    sf_err "버전 해석 실패: ${pkg}@${range}"
+    sf_err "version resolution failed: ${pkg}@${range}"
     if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
       jq -nc --arg ecosystem "${ecosystem}" --arg package "${pkg}" --arg range "${range}" \
         '{command:"check", ecosystem:$ecosystem, package:$package, input_range:$range, result:"error", error:"version_resolution_failed"}'
@@ -526,7 +526,7 @@ cmd_check() {
       hash=$(jq -r '.hash' <<< "${ledger_check}")
       approved_at=$(jq -r '.spec.approved_at // "n/a"' <<< "${ledger_check}")
       expires_at=$(jq -r '.spec.expires_at // "n/a"' <<< "${ledger_check}")
-      sf_ok "${pkg}@${version} 이미 승인됨 (until ${expires_at})"
+      sf_ok "${pkg}@${version} already approved (until ${expires_at})"
       sf_info "ledger: ${hash}"
       if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
         jq -nc \
@@ -551,10 +551,10 @@ cmd_check() {
   # Provider query (canonical truth = OSV; KEV overlay; GHSA enrichment)
   local provider_json
-  sf_spinner_start "취약점 조회 중 (OSV / KEV / GHSA)"
+  sf_spinner_start "checking advisories (OSV / KEV / GHSA)"
   if ! provider_json=$(safedeps_providers_query "${ecosystem}" "${pkg}" "${version}"); then
     sf_spinner_stop
-    sf_err "OSV primary 응답 없음 — fail-closed (cache miss + 라이브 실패)"
+    sf_err "no OSV primary response — fail-closed (cache miss + live query failed)"
     sf_advisory_log "check fail-closed ecosystem=${ecosystem} package=${pkg} version=${version}"
     if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
       jq -nc \
@@ -577,11 +577,11 @@ cmd_check() {
   case "${status}" in
     hard_block)
-      sf_err "KEV 매칭 — ${pkg}@${version} 은 실제 야생에서 exploit 확인됨. 설치 차단."
+      sf_err "KEV match — ${pkg}@${version} is exploited in the wild. install blocked."
       local kev_cves
       kev_cves=$(jq -r '[.kev.matches[]?.cveID] | unique | join(", ")' <<< "${provider_json}")
-      [[ -n "${kev_cves}" ]] && sf_info "관련 CVE: ${kev_cves}"
-      sf_warn "대체 모듈을 검토하세요. 이 spec 은 ledger 에 승인되지 않습니다."
+      [[ -n "${kev_cves}" ]] && sf_info "related CVEs: ${kev_cves}"
+      sf_warn "consider an alternative package; this spec is not approved in the ledger."
       sf_advisory_log "check block(KEV) ecosystem=${ecosystem} package=${pkg} version=${version} cves=${kev_cves}"
       if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
         jq -c \
@@ -610,11 +610,11 @@ cmd_check() {
         for patched_version in "${patched_versions[@]}"; do
           last_patched="${patched_version}"
-          sf_warn "${pkg}@${version} 에 ${vuln_count} 개 CVE — 후보 ${patched_version} 재조회 중."
-          sf_spinner_start "${patched_version} 재조회 중"
+          sf_warn "${pkg}@${version} has ${vuln_count} CVE(s) — re-checking candidate ${patched_version}."
+          sf_spinner_start "re-checking ${patched_version}"
           if ! narrow_json=$(safedeps_providers_query "${ecosystem}" "${pkg}" "${patched_version}"); then
             sf_spinner_stop
-            sf_err "${pkg}@${patched_version} 재조회 실패 — fail-closed"
+            sf_err "${pkg}@${patched_version} re-check failed — fail-closed"
             rm -f "${tmp_evidence}"
             if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
               jq -nc \
@@ -630,7 +630,7 @@ cmd_check() {
           narrow_status=$(jq -r '.status' <<< "${narrow_json}")
           last_status="${narrow_status}"
           if [[ "${narrow_status}" != "clean" ]]; then
-            sf_warn "패치 후보 ${patched_version} 도 깨끗하지 않음 (status=${narrow_status}); 다음 후보를 확인합니다."
+            sf_warn "patch candidate ${patched_version} is not clean either (status=${narrow_status}); trying the next candidate."
             continue
           fi
@@ -644,7 +644,7 @@ cmd_check() {
           rm -f "${narrow_evidence}" "${tmp_evidence}"
           local hash; hash=$(jq -r '.hash' <<< "${spec_json}")
           local expires_at; expires_at=$(jq -r '.expires_at' <<< "${spec_json}")
-          sf_ok "${pkg}@${patched_version} 승인 (until ${expires_at})"
+          sf_ok "${pkg}@${patched_version} approved (until ${expires_at})"
           sf_info "ledger: ${hash}"
           sf_advisory_log "check approve(patched) ecosystem=${ecosystem} package=${pkg} version=${patched_version} hash=${hash} prev_version=${version}"
           if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
@@ -658,7 +658,7 @@ cmd_check() {
           return 0
         done
-        sf_err "패치 후보를 모두 재조회했지만 clean 후보가 없음 (last=${last_patched}, status=${last_status})"
+        sf_err "re-checked all patch candidates but none are clean (last=${last_patched}, status=${last_status})"
         rm -f "${tmp_evidence}"
         if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
           jq -nc \
@@ -669,7 +669,7 @@ cmd_check() {
         fi
         return 2
       else
-        sf_warn "${pkg}@${version} 에 ${vuln_count} 개 CVE — 사용 가능한 patch 없음. 승인 보류."
+        sf_warn "${pkg}@${version} has ${vuln_count} CVE(s) — no patch available. approval withheld."
         sf_advisory_log "check warn(no-patch) ecosystem=${ecosystem} package=${pkg} version=${version} vulns=${vuln_count}"
         rm -f "${tmp_evidence}"
         if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
@@ -688,7 +688,7 @@ cmd_check() {
       rm -f "${tmp_evidence}"
       local hash; hash=$(jq -r '.hash' <<< "${spec_json}")
       local expires_at; expires_at=$(jq -r '.expires_at' <<< "${spec_json}")
-      sf_ok "${pkg}@${version} 승인 (until ${expires_at})"
+      sf_ok "${pkg}@${version} approved (until ${expires_at})"
       sf_info "ledger: ${hash}"
       sf_advisory_log "check approve(clean) ecosystem=${ecosystem} package=${pkg} version=${version} hash=${hash}"
       if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
@@ -702,7 +702,7 @@ cmd_check() {
       ;;
     *)
-      sf_err "예상치 못한 provider status: ${status}"
+      sf_err "unexpected provider status: ${status}"
       rm -f "${tmp_evidence}"
       return 4
       ;;
@@ -757,7 +757,7 @@ cmd_ledger() {
   fi
   if [[ ${#entries[@]} -eq 0 ]]; then
-    sf_info "approved-specs 비어있음 (${SAFEDEPS_LEDGER_DIR})"
+    sf_info "approved-specs is empty (${SAFEDEPS_LEDGER_DIR})"
     return 0
   fi
@@ -830,7 +830,7 @@ cmd_revoke() {
   local target_file=""
   if [[ "${arg1}" == sha256:* ]]; then
     target_file=$(safedeps_ledger_path_for_hash "${arg1}")
-    [[ -f "${target_file}" ]] || { sf_err "ledger entry 없음: ${arg1}"; return 1; }
+    [[ -f "${target_file}" ]] || { sf_err "no ledger entry: ${arg1}"; return 1; }
   else
     # one or two args. Two = ecosystem + pkg@version. One = pkg@version (scan).
     if [[ -n "${arg2}" ]]; then
@@ -839,7 +839,7 @@ cmd_revoke() {
       version=$(sf_parse_pkg_spec "${arg2}" | sed -n '2p')
       [[ -n "${version}" ]] || { sf_eprintf "safedeps: revoke needs pkg@version, got '${arg2}'"; return 4; }
       target_file=$(safedeps_ledger_path "${arg1}" "${pkg}" "${version}")
-      [[ -f "${target_file}" ]] || { sf_err "ledger entry 없음: ${arg1} ${pkg}@${version}"; return 1; }
+      [[ -f "${target_file}" ]] || { sf_err "no ledger entry: ${arg1} ${pkg}@${version}"; return 1; }
     else
       local pkg version
       pkg=$(sf_parse_pkg_spec "${arg1}" | sed -n '1p')
@@ -855,9 +855,9 @@ cmd_revoke() {
         fi
       done < <(find "${SAFEDEPS_LEDGER_DIR}" -maxdepth 1 -name '*.json' -type f -print0 2>/dev/null)
       case "${#matches[@]}" in
-        0) sf_err "ledger entry 없음: ${pkg}@${version}"; return 1 ;;
+        0) sf_err "no ledger entry: ${pkg}@${version}"; return 1 ;;
         1) target_file="${matches[0]}" ;;
-        *) sf_err "${pkg}@${version} 가 여러 ecosystem 에서 매칭됨 — ecosystem 을 명시하세요"; return 4 ;;
+        *) sf_err "${pkg}@${version} matched in multiple ecosystems — specify the ecosystem"; return 4 ;;
       esac
     fi
   fi
@@ -870,7 +870,7 @@ cmd_revoke() {
   local revoked_json
   revoked_json=$(safedeps_ledger_revoke "${ecosystem}" "${pkg}" "${version}" "${reason}")
   sf_advisory_log "revoke ecosystem=${ecosystem} package=${pkg} version=${version} reason=${reason}"
-  sf_ok "취소: ${ecosystem} ${pkg}@${version}"
+  sf_ok "revoked: ${ecosystem} ${pkg}@${version}"
   sf_info "reason: ${reason}"
   if [[ "${SAFEDEPS_JSON_MODE}" -eq 1 ]]; then
@@ -909,17 +909,17 @@ cmd_recheck() {
     hash=$(jq -r '.hash // ""' "${f}")
     [[ -n "${revoked_at}" ]] && continue
     if [[ -f "${SAFEDEPS_ADVISORY_LOG}" ]] && ! sf_ledger_has_approval_provenance "${hash}" "${ecosystem}" "${pkg}" "${version}"; then
-      sf_warn "  provenance 없음 — 위조 의심 flag (revoke 안 함)"
+      sf_warn "  no provenance — flagged as suspected forgery (not revoked)"
       suspected_forgery_arr=$(jq -c \
         --arg ecosystem "${ecosystem}" --arg package "${pkg}" --arg version "${version}" --arg hash "${hash}" \
         '. + [{ecosystem:$ecosystem, package:$package, version:$version, hash:$hash, reason:"missing_advisory_log_approval"}]' <<< "${suspected_forgery_arr}")
     fi
     checked=$(( checked + 1 ))
-    sf_info "재검증 ${ecosystem} ${pkg}@${version}"
+    sf_info "re-checking ${ecosystem} ${pkg}@${version}"
     local pj
     if ! pj=$(safedeps_providers_query "${ecosystem}" "${pkg}" "${version}" 2>/dev/null); then
-      sf_warn "  provider 응답 없음 — skip"
+      sf_warn "  no provider response — skipped"
       continue
     fi
     local s; s=$(jq -r '.status' <<< "${pj}")
@@ -932,12 +932,12 @@ cmd_recheck() {
         safedeps_ledger_revoke "${ecosystem}" "${pkg}" "${version}" "${reason}" >/dev/null
         sf_advisory_log "re-check revoke ecosystem=${ecosystem} package=${pkg} version=${version} status=${s}"
         if [[ "${s}" == "hard_block" ]]; then
-          sf_err "  KEV 매칭 → revoke"
+          sf_err "  KEV match -> revoked"
           kev_hit_arr=$(jq -c \
             --arg ecosystem "${ecosystem}" --arg package "${pkg}" --arg version "${version}" \
             '. + [{ecosystem:$ecosystem, package:$package, version:$version, status:"hard_block"}]' <<< "${kev_hit_arr}")
         else
-          sf_warn "  새 CVE 매치 → revoke"
+          sf_warn "  new CVE match -> revoked"
           newly_vuln_arr=$(jq -c \
             --arg ecosystem "${ecosystem}" --arg package "${pkg}" --arg version "${version}" \
             '. + [{ecosystem:$ecosystem, package:$package, version:$version, status:"vulnerable"}]' <<< "${newly_vuln_arr}")
@@ -961,15 +961,15 @@ cmd_recheck() {
     return 0
   fi
-  sf_info "검증 완료: ${checked} 개 중 ${still_clean} 개 clean"
+  sf_info "re-check complete: ${still_clean}/${checked} still clean"
   local nv kv
   nv=$(jq -r 'length' <<< "${newly_vuln_arr}")
   kv=$(jq -r 'length' <<< "${kev_hit_arr}")
   local fg
   fg=$(jq -r 'length' <<< "${suspected_forgery_arr}")
-  [[ "${nv}" -gt 0 ]] && sf_warn "새 CVE 매치로 ${nv} 개 revoke"
-  [[ "${kv}" -gt 0 ]] && sf_err  "KEV 매치로 ${kv} 개 revoke"
-  [[ "${fg}" -gt 0 ]] && sf_warn "approval provenance 없는 ledger entry ${fg} 개 flag"
+  [[ "${nv}" -gt 0 ]] && sf_warn "revoked ${nv} for new CVE match"
+  [[ "${kv}" -gt 0 ]] && sf_err  "revoked ${kv} for KEV match"
+  [[ "${fg}" -gt 0 ]] && sf_warn "flagged ${fg} ledger entries with no approval provenance"
 }
 # ---- migrate -----------------------------------------------------------------

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aldegad/safedeps",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Dependency install safety gate with OSV-backed advisory checks, approved-spec ledger enforcement, and reorg rollback hooks",
   "main": "bin/safedeps",
   "bin": {

package/scripts/safedeps-post-verify.sh CHANGED Viewed

@@ -781,12 +781,12 @@ LOG_EOF
     --arg log_path "${GUARD_DIR}/reorg.log" \
     '{
       systemMessage: (
-        "safedeps: 의심스러운 패키지 변경 감지, 마지막으로 confirmed 된 안전 스냅샷으로 롤백했습니다.\n\n" +
-        "감지된 문제:\n" + $reasons + "\n\n" +
-        "롤백 기준 스냅샷: " + $rollback_snapshot + "\n" +
-        "롤백된 파일: " + $rolled_back +
-        (if $warnings == "" then "" else "\n\n추가 경고:\n" + $warnings end) +
-        "\n\n상세 로그: " + $log_path
+        "safedeps: suspicious dependency change detected — rolled back to the last confirmed safe snapshot.\n\n" +
+        "Detected problems:\n" + $reasons + "\n\n" +
+        "Rollback snapshot: " + $rollback_snapshot + "\n" +
+        "Rolled-back files: " + $rolled_back +
+        (if $warnings == "" then "" else "\n\nAdditional warnings:\n" + $warnings end) +
+        "\n\nDetails log: " + $log_path
       )
     }'
   exit 0

package/scripts/test/e2e.sh CHANGED Viewed

@@ -190,6 +190,50 @@ EOF
 grep -qx 'rebuild' "${tmp_root}/npm-calls.log" || fail "post hook runs npm rebuild after verified injected install"
 pass "post hook rebuilds after verified inert install"
+# Reorg must actually revert the on-disk lockfile, not just print the message. The
+# missing-transitive test below proves the systemMessage; this proves the stronger
+# claim — a tampered lockfile is restored byte-for-byte to the last confirmed safe
+# snapshot on disk. Regression guard so a future change cannot break the rollback
+# while keeping the message green. Stub npm keeps `npm ci` from rewriting the file.
+revert_project="${tmp_root}/revert-project"
+mkdir -p "${revert_project}"
+printf '{"dependencies":{"fixture-parent":"1.0.0"}}\n' > "${revert_project}/package.json"
+cat > "${revert_project}/package-lock.json" <<'EOF'
+{
+  "name": "revert-project",
+  "lockfileVersion": 3,
+  "packages": {
+    "": {"dependencies": {"fixture-parent": "1.0.0"}},
+    "node_modules/fixture-parent": {"version": "1.0.0", "dependencies": {"fixture-child": "1.0.0"}},
+    "node_modules/fixture-child": {"version": "1.0.0"}
+  }
+}
+EOF
+cp "${revert_project}/package-lock.json" "${tmp_root}/revert-safe-lock.json"
+scripts/safedeps-pre-guard.sh > /dev/null <<EOF
+{"tool_name":"Bash","tool_input":{"command":"npm install fixture-parent@1.0.0"},"cwd":"${revert_project}"}
+EOF
+cat > "${revert_project}/package-lock.json" <<'EOF'
+{
+  "name": "revert-project",
+  "lockfileVersion": 3,
+  "packages": {
+    "": {"dependencies": {"fixture-parent": "1.0.0"}},
+    "node_modules/fixture-parent": {"version": "1.0.0", "dependencies": {"fixture-child": "1.0.0"}},
+    "node_modules/fixture-child": {"version": "1.0.0"},
+    "node_modules/fixture-evil": {"version": "6.6.6", "resolved": "git://evil.example.com/fixture-evil.git"}
+  }
+}
+EOF
+revert_post=$(
+  PATH="${stub_bin}:${PATH}" scripts/safedeps-post-verify.sh <<EOF
+{"tool_name":"Bash","tool_input":{"command":"npm install fixture-parent@1.0.0"},"cwd":"${revert_project}"}
+EOF
+)
+grep -q 'suspicious dependency change detected' <<< "${revert_post}" || fail "reorg fires on a tampered lockfile"
+cmp -s "${revert_project}/package-lock.json" "${tmp_root}/revert-safe-lock.json" || fail "reorg restores the exact safe lockfile content on disk"
+pass "reorg reverts a tampered lockfile to safe content on disk"
 export SAFEDEPS_HOME="${tmp_root}/safe-missing-transitive"
 export SAFEDEPS_OSV_API_URL="http://127.0.0.1:${port}/osv/v1/query"
 export SAFEDEPS_OSV_BATCH_API_URL="http://127.0.0.1:${port}/osv/v1/querybatch"
@@ -223,9 +267,15 @@ missing_post=$(
 {"tool_name":"Bash","tool_input":{"command":"npm install fixture-parent@1.0.0"},"cwd":"${missing_project}"}
 EOF
 )
-grep -q '의심스러운 패키지 변경 감지' <<< "${missing_post}" || fail "post hook reorgs unapproved transitive package"
+grep -q 'suspicious dependency change detected' <<< "${missing_post}" || fail "post hook reorgs unapproved transitive package"
 grep -q 'fixture-child@1.0.0' <<< "${missing_post}" || fail "post hook names unapproved transitive package"
-pass "post hook reorgs unapproved transitive package"
+# Not just the message — the unapproved transitive must be gone from the on-disk
+# lockfile. (Reorg removes the tampered lockfile; a no-network reinstall may recreate
+# an empty one, so assert fixture-child is absent rather than the file itself.)
+if grep -q 'fixture-child' "${missing_project}/package-lock.json" 2>/dev/null; then
+  fail "post hook reorg leaves the unapproved transitive in the on-disk lockfile"
+fi
+pass "post hook reorgs unapproved transitive package (verified on disk)"
 export SAFEDEPS_HOME="${tmp_root}/safe"
 export SAFEDEPS_OSV_API_URL="http://127.0.0.1:${port}/osv/v1/query"

package/scripts/test/smoke.sh CHANGED Viewed

@@ -262,7 +262,7 @@ tamper_post=$(
   jq -nc --arg cwd "${project_dir}" '{tool_name:"Bash",tool_input:{command:"npm install ledger-tamper@1.0.0"},cwd:$cwd}' |
     HOME="${tamper_home}" SAFEDEPS_HOME="${tamper_safe}" scripts/safedeps-post-verify.sh
 )
-grep -q '의심스러운 패키지 변경 감지' <<< "${tamper_post}" || fail "post hook reorgs safedeps ledger tamper script"
+grep -q 'suspicious dependency change detected' <<< "${tamper_post}" || fail "post hook reorgs safedeps ledger tamper script"
 pass "post hook reorgs safedeps ledger tamper script"
 fixture_json="${tmp_root}/recheck-fixture.json"