npm - @collabchron/tharos - Versions diffs - 0.1.5 → 1.0.1 - Mend

@collabchron/tharos 0.1.5 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -3,9 +3,10 @@
   # Tharos
-**AI-Powered Security & Quality Analysis for Modern Development**
+**Modern AI-Powered Git Hook Security Scanner**
+Tharos is a specialized git commit hook scanner that acts as an intelligent gatekeeper for your codebase. It combines lightning-fast AST analysis with deep AI semantic insights to catch security vulnerabilities and leaks *before* they are committed to your repository.
-Tharos is a comprehensive security analysis tool that combines static code analysis with AI-powered semantic insights to catch security vulnerabilities, enforce compliance standards, and improve code quality before they reach production.
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.0-blue)](https://www.typescriptlang.org/)
@@ -15,54 +16,23 @@ Tharos is a comprehensive security analysis tool that combines static code analy
 ## ✨ Features
-### 🔒 Multi-Layer Security Analysis
-- **AST-Based Detection**: Fast, accurate pattern matching for common vulnerabilities
-- **Scanner Mindset**: Context-aware analysis that ignores test files and mock data
-- **Weighted Blocking**: Intelligent CI/CD gating based on finding severity
-- **AI Semantic Analysis**: Deep understanding of code context and intent
-- **Risk Scoring**: Automated 0-100 risk assessment for every finding
-- **SARIF Export**: Standardized reporting for GitHub Advanced Security & other tools
-- **Suggested Fixes**: AI-generated code snippets to resolve issues
-### 🌍 Multi-Language Support
-- TypeScript & JavaScript (including React)
-- Python
-- Go
-- Rust
-- Java
-- *More languages coming soon*
-### 🎯 Compliance Frameworks
-Pre-built policies for industry standards:
-- **OWASP Top 10 2021** - Web application security risks
-- **SOC 2 Type II** - Trust Services Criteria
-- **GDPR** - EU data protection compliance
-- **PCI-DSS v4.0** - Payment card security
-- **Code Quality** - Best practices and maintainability
-### 🚀 Multiple Integration Points
-#### 1. CLI Tool
-```bash
-# Initialize in your project
-tharos init
+### 🛡️ Core: Intelligent Git Hooks
+Tharos's primary interface is your git workflow. It provides automated security gating that prevents high-risk code from ever leaving your machine.
+- **Pre-commit Gating**: Block commits containing secrets, SQLi, or high-risk vulnerabilities.
+- **Polyglot AST Support**: Native semantic analysis for **TypeScript, JavaScript, Go, and Python**.
+- **Interactive Magic Fixes**: Collaboratively review, fix, or explain findings in the CLI.
+- **Policy-as-Code**: Load organizational security policies from YAML (SOC2, GDPR, OWASP).
-# Check files before commit
-tharos check
+- **Self-Healing Hooks**: Automatically manages and repairs git hook integrity.
-# Analyze specific file
-tharos analyze src/auth.ts
-```
+### 🔒 AI-Powered Security Analysis
+- **AST-Based Detection**: Fast, accurate pattern matching for common vulnerabilities (SQLi, XSS, Secrets).
+- **Scanner Mindset**: Context-aware analysis that ignores test files and mock data.
+- **AI Semantic Analysis**: Deep understanding of code context and intent using Gemini/Groq.
+- **Risk Scoring**: Intelligent commit blocking based on cumulative finding severity and AI risk scores.
+- **Suggested Fixes**: AI-generated code snippets to resolve issues instantly at commit time.
-#### 2. Git Hooks
-Automatic pre-commit and pre-push validation with self-healing hooks
-#### 3. VSCode Extension
-Real-time feedback as you code:
-- Red squiggles under security issues
-- AI insights on hover
-- Quick fixes via lightbulb menu
-- Status bar integration
 #### 4. GitHub Actions
 ```yaml
@@ -75,16 +45,15 @@ Real-time feedback as you code:
 ### 🧠 AI Provider Flexibility
 Automatic fallback chain:
-1. **Ollama** (Local, privacy-first)
-2. **Managed AI** (Zero-config cloud)
-3. **Google Gemini** (Personal API key)
-4. **Groq** (Fast, cost-effective)
+1. **Google Gemini** (Recommended, generous free tier)
+2. **Groq** (Fast & Free inference)
+3. **Managed AI** (Zero-config cloud fallback)
 ## 📦 Installation
 ### NPM (Recommended)
 ```bash
-npm install -g tharos
+npm install -g @collabchron/tharos
 ```
 ### From Source
@@ -151,7 +120,7 @@ $env:GROQ_API_KEY="your-groq-key-here"
 **Check your setup:**
 ```bash
-tharos core setup
+tharos setup
 ```
@@ -164,10 +133,20 @@ tharos check
 # Analyze specific file
 tharos analyze src/api/auth.ts
-# Analyze entire project
-tharos analyze .
+# Interactive review (Fix/Explain/Skip findings)
+tharos analyze . --interactive
 ```
+---
+### 🧪 Automated Testing
+Tharos includes a built-in test suite to verify security policies and engine performance.
+```bash
+# Run the automated security test suite
+node scripts/run-tests.cjs
+```
+This suite tests Tharos against the `audit_samples/` directory, ensuring no regressions in vulnerability detection.
 ## 📋 Configuration
 ### `tharos.yaml` Example
@@ -175,28 +154,24 @@ tharos analyze .
 name: "My Project Security Policy"
 version: "1.0.0"
-# Severity levels: block, warning, info
-default_severity: "warning"
+# Built-in AST analysis is ALWAYS enabled for TS, JS, Go, and Python.
+# You can add custom regex patterns under the security section.
-# Security rules
 security:
   enabled: true
   rules:
-    - pattern: "eval\\("
-      message: "Code injection risk: eval() detected"
-      severity: "block"
-    - pattern: "(?i)(api[_-]?key|secret).*=.*['\"].*['\"]"
-      message: "Hardcoded credentials detected"
-      severity: "block"
+    - pattern: "DANGEROUS_INTERNAL_API"
+      message: "Internal API bypass detected"
+      severity: "critical"
 # AI configuration
 ai:
   enabled: true
-  provider: "auto"  # auto, ollama, gemini, groq
-  min_risk_score: 60  # Only show insights for risks >= 60
+  provider: "auto"     # auto, ollama, gemini, groq
+  min_risk_score: 60   # Filter noise; only show high-confidence AI insights
 ```
 ## 🔧 VSCode Extension
 ### Installation
@@ -289,13 +264,13 @@ npm test
 ## 📖 Documentation
-Full documentation available at [https://tharos.dev](https://tharos.dev)
+Full documentation available at [https://tharos.vercel.app](https://tharos.vercel.app)
-- [Getting Started Guide](https://tharos.dev/docs/getting-started)
-- [Policy Configuration](https://tharos.dev/docs/policies)
-- [AI Integration](https://tharos.dev/docs/ai)
-- [VSCode Extension](https://tharos.dev/docs/vscode)
-- [API Reference](https://tharos.dev/docs/api)
+- [Getting Started Guide](https://tharos.vercel.app/docs)
+- [Policy Configuration](https://tharos.vercel.app/docs/policies)
+- [AI Integration](https://tharos.vercel.app/docs/quickstart#2-configure-ai-recommended)
+- [VSCode Extension](https://tharos.vercel.app/docs/vscode)
+- [API Reference](https://tharos.vercel.app/docs/api)
 ## 🎯 Use Cases
@@ -358,12 +333,11 @@ MIT License - see [LICENSE](LICENSE) for details
 - OWASP for security guidelines
 - Google Gemini team for AI capabilities
 - Groq for fast inference
-- Ollama for local AI support
 - The open-source community
 ## 💬 Support
-- **Documentation**: [https://tharos.dev](https://tharos.dev)
+- **Documentation**: [https://tharos.vercel.app](https://tharos.vercel.app)
 - **Issues**: [GitHub Issues](https://github.com/chinonsochikelue/tharos/issues)
 - **Discussions**: [GitHub Discussions](https://github.com/chinonsochikelue/tharos/discussions)
 - **Discord**: [Join our community](https://discord.gg/tharos)

package/dist/hooks/manager.js CHANGED Viewed

@@ -5,8 +5,8 @@ import { promisify } from 'util';
 const execAsync = promisify(exec);
 const HOOK_CONTENT = `#!/bin/sh
 # Tharos Git Hook
-// This hook is managed by Tharos. Do not modify manually.
-// VERSION: 0.1.0
+# This hook is managed by Tharos. Do not modify manually.
+# VERSION: 0.1.2
 # Self-healing check
 if ! command -v tharos > /dev/null 2>&1; then
@@ -14,10 +14,11 @@ if ! command -v tharos > /dev/null 2>&1; then
   exit 0
 fi
-# Auto-sync policies (non-blocking)
+# Periodic setup audit & policy sync (non-blocking)
 tharos sync > /dev/null 2>&1 &
-tharos check --self-heal
+# Run pre-commit security check
+tharos check
 `;
 export async function initHooks() {
     const gitDir = await findGitDir();

package/dist/tharos.exe CHANGED Viewed

Binary file

package/dist/tharos.exe~ ADDED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,13 +1,24 @@
 {
   "name": "@collabchron/tharos",
-  "version": "0.1.5",
+  "version": "1.0.1",
   "description": "Tharos: Intelligent, Unbreakable Code Policy Enforcement",
   "keywords": [
     "security",
     "linter",
     "analysis",
     "policy",
-    "tharos"
+    "tharos",
+    "code-security",
+    "collabchron",
+    "code-quality",
+    "chinonsochikelue",
+    "fluantix",
+    "Chinonso Chikelue",
+    "git-hooks",
+    "code-scanner",
+    "ai-security",
+    "code-policy",
+    "ast-analysis"
   ],
   "author": "Chinonso Chikelue <chinonsoneft@gmail.com>",
   "license": "MIT",
@@ -34,7 +45,8 @@
     "build:binary": "node scripts/build-binary.cjs",
     "start": "node --loader ts-node/esm src/index.ts",
     "dev": "node --loader ts-node/esm src/index.ts",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "prepare": "npm run build",
+    "test": "node scripts/run-tests.cjs"
   },
   "dependencies": {},
   "devDependencies": {