npm - @devshub198211/devguard - Versions diffs - 2.0.1 → 2.0.2 - Mend

@devshub198211/devguard 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/MODULES.md ADDED Viewed

@@ -0,0 +1,122 @@
+# DevGuard — Module Reference Guide
+DevGuard is a zero-dependency toolkit containing 15 production-grade modules for Security, AI, Auth, and Developer Experience (DX).
+---
+## 🛡️ 1. Security Modules
+### lockfile-guardian
+*   **What it does:** Prevents "Supply Chain Attacks" by ensuring your `package-lock.json` hasn't been tampered with.
+*   **Usefulness:** Critical for CI/CD to prevent malicious code from sneaking into your build.
+*   **Example:**
+    ```typescript
+    import { verifyLockfile } from 'devguard';
+    const result = verifyLockfile(); // Returns { valid: true/false }
+    ```
+### hook-scanner
+*   **What it does:** Scans all `node_modules` for malicious install hooks (preinstall/postinstall).
+*   **Usefulness:** Stops malware from running on your machine immediately after `npm install`.
+*   **Example:**
+    ```bash
+    devguard scan
+    ```
+### token-rotator
+*   **What it does:** Monitors your environment variables (NPM_TOKEN, etc.) for expiration and stale usage.
+*   **Usefulness:** Reduces the risk of a leaked token being used forever.
+*   **Example:**
+    ```bash
+    devguard check # automatically alerts if tokens are > 30 days old
+    ```
+### dep-pincer
+*   **What it does:** Enforces "Exact Pinning" for your dependencies (removes `^` and `~`).
+*   **Usefulness:** Ensures your production build is 100% identical to your local build.
+*   **Example:**
+    ```bash
+    devguard pin --fix
+    ```
+---
+## 🤖 2. AI & Agent Modules
+### agent-schema
+*   **What it does:** Type-safe JSON schema builder for LLM Tool Calling (Function calling).
+*   **Usefulness:** Ensures AI models send perfectly formatted data to your backend tools.
+*   **Example:**
+    ```typescript
+    const tool = s.obj({
+      city: s.str().desc("The city name")
+    });
+    ```
+### mcp-server-kit
+*   **What it does:** Build "Model Context Protocol" servers over standard input/output.
+*   **Usefulness:** Connect your custom tools and data directly to Claude, ChatGPT, or other AI agents.
+*   **Example:**
+    ```typescript
+    const server = new MCPServerBuilder("MyServer");
+    server.addTool({ name: "get_weather", handler: async () => "Sunny" });
+    server.startStdio();
+    ```
+### refactor-engine
+*   **What it does:** AI-powered security and performance refactoring with an interactive review UI.
+*   **Usefulness:** One-click optimization of time complexity and security flaws.
+*   **Example:**
+    ```bash
+    devguard refactor src/utils.ts
+    ```
+### agent-memory & llm-budget
+*   **What they do:** Persistent history for AI agents and real-time cost/token tracking.
+*   **Usefulness:** Prevents runaway AI costs and allows agents to "remember" users across sessions.
+---
+## 🔐 3. Auth & Identity Modules
+### zero-trust-jwt
+*   **What it does:** Ultra-secure JWT issuing and verification.
+*   **Usefulness:** Hardened against "Algorithm Confusion" and "Replay Attacks." Uses constant-time comparisons.
+*   **Example:**
+    ```typescript
+    const verifier = new JWTVerifier({ secret: process.env.SECRET });
+    const payload = await verifier.verify(token);
+    ```
+### passkey-node
+*   **What it does:** Zero-dependency WebAuthn (Passkey) implementation.
+*   **Usefulness:** Allows you to build passwordless login that is immune to phishing.
+### bot-fence
+*   **What it does:** Smart rate-limiter and IP-based bot detection.
+*   **Usefulness:** Protects your login endpoints from brute-force attacks.
+---
+## 🛠️ 4. DX (Developer Experience)
+### env-safe
+*   **What it does:** Startup validation for `.env` files with full TypeScript types.
+*   **Usefulness:** Prevents your app from starting if a critical secret (like DB_URL) is missing or malformed.
+*   **Example:**
+    ```typescript
+    const env = loadEnv({ PORT: s.num().default(3000) });
+    ```
+### log-otlp
+*   **What it does:** High-performance logger that sends data to OpenTelemetry (Grafana/Honeycomb).
+*   **Usefulness:** Cloud-native observability with zero external dependencies.
+### api-contract
+*   **What it does:** Type-safe fetch and request validation.
+*   **Usefulness:** Shares types between your frontend and backend so they never "break" each other.
+### Its for testing purpous if you like it leave some reviews and also if you got some sugestion you can contact me to Update it i am a student and it was an idea so let me know what i can add  more and make it more usefull for developers.
+### you can contact me at [devs.hub.604@gmail.com]

package/SETUP.md ADDED Viewed

@@ -0,0 +1,168 @@
+# devguard — Complete Setup, Publish & Monetisation Guide
+## PART 1: Local Setup
+### Step 1 — Prerequisites
+```
+node --version   # must be >= 18.0.0
+npm --version    # must be >= 9.0.0
+```
+### Step 2 — Unzip & Install
+```
+unzip devguard-final.zip
+cd devguard-final
+npm install
+```
+### Step 3 — Build
+```
+npm run build
+```
+Generates dist/ with CJS + ESM + TypeScript declarations + CLI.
+### Step 4 — Test CLI locally
+```
+node dist/cli.js                    # full security scan
+node dist/cli.js lockfile snapshot  # create integrity baseline
+node dist/cli.js lockfile verify    # verify against baseline
+node dist/cli.js hooks              # scan for malicious scripts
+node dist/cli.js pins --fix         # auto-fix unpinned deps
+node dist/cli.js tokens --live      # live API token check
+node dist/cli.js --json             # machine-readable output
+node dist/cli.js help               # all commands
+```
+### Step 5 — Use in your project
+```
+npm install devguard
+```
+```typescript
+import { runAllChecks } from 'devguard';
+const report = await runAllChecks();
+console.log(report.score); // 0-100
+if (!report.passedAll) process.exit(1);
+```
+---
+## PART 2: Publish to npm
+### Step 1 — Create Account
+1. https://www.npmjs.com/signup
+2. Verify email
+3. Enable 2FA (mandatory): https://www.npmjs.com/settings/~/profile
+### Step 2 — Login
+```
+npm login
+npm whoami
+```
+### Step 3 — Check name availability
+```
+npm info devguard
+```
+If taken, rename in package.json: "name": "@yourscope/devguard"
+### Step 4 — Dry run
+```
+npm publish --dry-run --access public
+```
+### Step 5 — Publish
+```
+npm run build
+npm publish --access public
+```
+### Step 6 — Verify
+```
+npm info devguard
+npx devguard help
+```
+### Step 7 — Update versions
+```
+npm version patch    # 2.0.0 -> 2.0.1
+npm run build
+npm publish --access public
+```
+---
+## PART 3: GitHub Setup
+```
+git init
+git add .
+git commit -m "feat: devguard v2.0.0"
+gh repo create devguard --public --push
+```
+Add CI (.github/workflows/ci.yml):
+```yaml
+name: CI
+on: [push, pull_request]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: '20', cache: 'npm' }
+      - run: npm ci && npm run build
+      - run: node dist/cli.js --json
+```
+---
+## PART 4: Monetisation
+### Free (builds audience)
+- GitHub Sponsors: github.com/sponsors/onboarding — $5/$15/$50 tiers
+- Polar.sh: polar.sh — connect repo, create paid issues
+- Target: $200-2000/month at 1k+ weekly downloads
+### Pro SaaS ($19-299/month)
+Create @devguard/pro package with:
+- Web dashboard (Next.js + Stripe + Supabase)
+- Slack/email alerts for stale tokens
+- Team management
+- PDF reports
+Pricing: Indie $19 | Team $79 | Enterprise $299
+### GitHub Marketplace Action
+Publish a scan action, charge per CI minute.
+Guide: github.com/marketplace/actions/new
+### VS Code Extension
+Inline warnings for ^ ~ deps, missing env vars, security score in status bar.
+Freemium: free basic, paid Pro ($4.99/month).
+### Enterprise ($5k-50k/year)
+Commercial license + SLA + private registry + security audits.
+---
+## PART 5: Marketing
+Week 1: npm publish + GitHub + post on r/node + Hacker News Show HN
+Week 2: Blog post + awesome-nodejs PR + newsletter outreach
+Month 1: Product Hunt + YouTube demo + devguard.dev landing page
+---
+## Quick Reference
+```
+npm install devguard
+import { runAllChecks }   from 'devguard';
+import { verifyLockfile } from 'devguard/security';
+import { LLMBudget }      from 'devguard/ai';
+import { JWTVerifier }    from 'devguard/auth';
+import { loadEnv }        from 'devguard/dx';
+```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@devshub198211/devguard",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "The only Node.js/TypeScript security, AI-tooling, auth & DX package you will ever need. Zero external dependencies. Production-complete.",
   "type": "module",
   "main": "dist/index.js",
@@ -41,7 +41,9 @@
     "dist",
     "README.md",
     "LICENSE",
-    "CHANGELOG.md"
+    "CHANGELOG.md",
+    "MODULES.md",
+    "SETUP.md"
   ],
   "scripts": {
     "build": "tsup src/index.ts src/cli.ts src/security.ts src/ai.ts src/auth.ts src/dx.ts --format cjs,esm --dts --clean --treeshake",