npm - @critiq/rules - Versions diffs - 0.0.1 - Mend

@critiq/rules 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

package/rules/typescript/ts.security.weak-key-strength.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: ts.security.weak-key-strength
+  title: Avoid weak key-generation strength
+  summary: Key-generation helpers should use current minimum strengths for RSA, AES, and HMAC keys.
+  rationale: Weak modulus or key lengths make brute-force and cryptanalytic attacks more practical, even when the API itself is correct.
+  tags:
+    - security
+    - cryptography
+    - key-management
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - typescript
+    - javascript
+match:
+  fact:
+    kind: security.weak-key-strength
+    bind: issue
+emit:
+  finding:
+    category: security.cryptography
+    severity: high
+    confidence: 0.9
+    tags:
+      - security
+      - cryptography
+      - key-management
+  message:
+    title: Strengthen the key configuration used by `${captures.issue.text}`
+    summary: "`${captures.issue.text}` configures a key length or modulus size below the current minimum expected for production cryptography."
+  remediation:
+    summary: Use at least 2048-bit RSA keys and at least 128-bit AES or HMAC keys unless a clearly documented compatibility boundary requires otherwise.

package/rules/typescript/ts.security.weak-tls-version.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: ts.security.weak-tls-version
+  title: Require modern TLS minimum versions
+  summary: Transport clients should not explicitly allow SSLv3, TLS 1.0, or TLS 1.1.
+  rationale: Legacy TLS protocol floors weaken transport security and keep obsolete downgrade-compatible settings alive in production code.
+  tags:
+    - security
+    - transport
+    - tls
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - typescript
+    - javascript
+match:
+  fact:
+    kind: security.weak-tls-version
+    bind: issue
+emit:
+  finding:
+    category: security.transport
+    severity: high
+    confidence: 0.9
+    tags:
+      - security
+      - transport
+      - tls
+  message:
+    title: Raise the TLS protocol floor in `${captures.issue.text}`
+    summary: "`${captures.issue.text}` explicitly allows an obsolete TLS or SSL protocol version."
+  remediation:
+    summary: Set `minVersion` to at least `TLSv1.2` or `TLSv1.3` and remove legacy `secureProtocol` values.

package/src/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './lib/rules-package';

package/src/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./lib/rules-package"), exports);
+//# sourceMappingURL=index.js.map

package/src/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../libs/rules/catalog/src/index.ts"],"names":[],"mappings":";;;AAAA,8DAAoC"}

package/src/lib/rules-package.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare function rulesPackageName(): string;
+export declare function resolveRulesPackageRoot(): string;
+export declare function resolveRulesCatalogPath(): string;

package/src/lib/rules-package.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rulesPackageName = rulesPackageName;
+exports.resolveRulesPackageRoot = resolveRulesPackageRoot;
+exports.resolveRulesCatalogPath = resolveRulesCatalogPath;
+const node_path_1 = require("node:path");
+function rulesPackageName() {
+    return '@critiq/rules';
+}
+function resolveRulesPackageRoot() {
+    return (0, node_path_1.resolve)(__dirname, '../..');
+}
+function resolveRulesCatalogPath() {
+    return (0, node_path_1.resolve)(resolveRulesPackageRoot(), 'catalog.yaml');
+}
+//# sourceMappingURL=rules-package.js.map

package/src/lib/rules-package.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rules-package.js","sourceRoot":"","sources":["../../../../../../libs/rules/catalog/src/lib/rules-package.ts"],"names":[],"mappings":";;AAEA,4CAEC;AAED,0DAEC;AAED,0DAEC;AAZD,yCAAoC;AAEpC,SAAgB,gBAAgB;IAC9B,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAgB,uBAAuB;IACrC,OAAO,IAAA,mBAAO,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,uBAAuB;IACrC,OAAO,IAAA,mBAAO,EAAC,uBAAuB,EAAE,EAAE,cAAc,CAAC,CAAC;AAC5D,CAAC"}