npm - @fortressjs/cli - Versions diffs - 0.1.0 - Mend

@fortressjs/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/fortress.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ require("../dist/index.js");

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function runAudit(): void;

package/dist/index.js ADDED Viewed

@@ -0,0 +1,152 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runAudit = runAudit;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const scanner_1 = require("./scanner");
+// ANSI Terminal Colors
+const C = {
+    reset: "\x1b[0m",
+    bold: "\x1b[1m",
+    dim: "\x1b[2m",
+    red: "\x1b[31m",
+    green: "\x1b[32m",
+    yellow: "\x1b[33m",
+    cyan: "\x1b[36m"
+};
+function getFilesRecursively(dir, fileList = []) {
+    if (!fs_1.default.existsSync(dir))
+        return fileList;
+    const files = fs_1.default.readdirSync(dir);
+    for (const file of files) {
+        const filePath = path_1.default.join(dir, file);
+        const stat = fs_1.default.statSync(filePath);
+        // Skip node_modules, build directories, hidden files, and coverage files
+        if (file === "node_modules" ||
+            file === "dist" ||
+            file === "build" ||
+            file === "coverage" ||
+            file.startsWith(".")) {
+            continue;
+        }
+        if (stat.isDirectory()) {
+            getFilesRecursively(filePath, fileList);
+        }
+        else if (filePath.endsWith(".ts") || filePath.endsWith(".js")) {
+            // Exclude definition files and config files
+            if (!filePath.endsWith(".d.ts") && !filePath.includes("config.js")) {
+                fileList.push(filePath);
+            }
+        }
+    }
+    return fileList;
+}
+function runAudit() {
+    console.log(`\n${C.bold}${C.cyan}🛡️  FortressJS Security Audit CLI${C.reset}`);
+    console.log(`${C.dim}=========================================${C.reset}\n`);
+    const cwd = process.cwd();
+    const files = getFilesRecursively(cwd);
+    if (files.length === 0) {
+        console.log(`${C.yellow}No JavaScript or TypeScript files found to scan in: ${cwd}${C.reset}`);
+        return;
+    }
+    console.log(`${C.dim}Scanning ${files.length} file(s)...${C.reset}`);
+    const scanner = new scanner_1.RegexScanner();
+    // Aggregate results across all files in the project
+    const aggregated = {
+        hasCSP: false,
+        hasRateLimiting: false,
+        hasRequestSizeLimiting: false,
+        hasLogger: false,
+        hasThreatDetection: false,
+        hasHTTPS: false
+    };
+    for (const file of files) {
+        try {
+            const content = fs_1.default.readFileSync(file, "utf8");
+            const result = scanner.scan(content);
+            if (result.hasCSP)
+                aggregated.hasCSP = true;
+            if (result.hasRateLimiting)
+                aggregated.hasRateLimiting = true;
+            if (result.hasRequestSizeLimiting)
+                aggregated.hasRequestSizeLimiting = true;
+            if (result.hasLogger)
+                aggregated.hasLogger = true;
+            if (result.hasThreatDetection)
+                aggregated.hasThreatDetection = true;
+            if (result.hasHTTPS)
+                aggregated.hasHTTPS = true;
+        }
+        catch (e) {
+            console.error(`${C.red}Error reading file ${file}: ${e.message}${C.reset}`);
+        }
+    }
+    // Calculate score
+    let score = 100;
+    const missing = [];
+    const recommendations = [];
+    if (!aggregated.hasCSP) {
+        score -= 15;
+        missing.push("Content Security Policy (CSP)");
+        recommendations.push("Add fortress.headers() to configure secure CSP and other headers");
+    }
+    if (!aggregated.hasRateLimiting) {
+        score -= 20;
+        missing.push("Rate Limiting");
+        recommendations.push("Add fortress.rateLimit() to prevent DDoS and Brute Force attacks");
+    }
+    if (!aggregated.hasRequestSizeLimiting) {
+        score -= 15;
+        missing.push("Request Size Limiting");
+        recommendations.push("Add fortress.requestLimit() to restrict payload sizes");
+    }
+    if (!aggregated.hasLogger) {
+        score -= 15;
+        missing.push("Security Logger");
+        recommendations.push("Add fortress.logger() to record requests in event store");
+    }
+    if (!aggregated.hasThreatDetection) {
+        score -= 20;
+        missing.push("Threat Intelligence Engine");
+        recommendations.push("Add fortress.threatDetector() to intercept automated scans and brute force");
+    }
+    if (!aggregated.hasHTTPS) {
+        score -= 15;
+        missing.push("HTTPS Enforcement / HSTS");
+        recommendations.push("Configure fortress.headers({ strictTransportSecurity: ... }) for HSTS");
+    }
+    score = Math.max(0, score);
+    // Pick color based on score
+    let scoreColor = C.red;
+    if (score >= 90)
+        scoreColor = C.green;
+    else if (score >= 70)
+        scoreColor = C.yellow;
+    console.log(`${C.bold}Security Score: ${scoreColor}${score}/100${C.reset}\n`);
+    if (missing.length === 0) {
+        console.log(`${C.bold}${C.green}🎉 Congratulations! Perfect score. Your application follows core FortressJS security best practices.${C.reset}\n`);
+        return;
+    }
+    console.log(`${C.bold}${C.red}Missing Protections:${C.reset}`);
+    for (const item of missing) {
+        console.log(`  ${C.red}✗${C.reset} ${item}`);
+    }
+    console.log(`\n${C.bold}${C.yellow}Recommendations:${C.reset}`);
+    for (const rec of recommendations) {
+        console.log(`  ${C.cyan}•${C.reset} ${rec}`);
+    }
+    console.log("");
+}
+// CLI entry point
+const args = process.argv.slice(2);
+if (args[0] === "audit") {
+    runAudit();
+}
+else {
+    console.log(`\n${C.bold}FortressJS CLI${C.reset}`);
+    console.log(`${C.dim}Usage: npx fortress audit${C.reset}\n`);
+}

package/dist/scanner.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+export interface ScanResult {
+    hasCSP: boolean;
+    hasRateLimiting: boolean;
+    hasRequestSizeLimiting: boolean;
+    hasLogger: boolean;
+    hasThreatDetection: boolean;
+    hasHTTPS: boolean;
+}
+export interface AuditScanner {
+    name: string;
+    scan(fileContent: string): ScanResult;
+}
+export declare class RegexScanner implements AuditScanner {
+    name: string;
+    scan(fileContent: string): ScanResult;
+}
+export declare class ASTScanner implements AuditScanner {
+    name: string;
+    scan(fileContent: string): ScanResult;
+}

package/dist/scanner.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ASTScanner = exports.RegexScanner = void 0;
+// Concrete implementation of Regex-based scanner for MVP
+class RegexScanner {
+    name = "RegexScanner";
+    scan(fileContent) {
+        const hasCSP = /fortress\.headers|helmet|Content-Security-Policy/i.test(fileContent);
+        const hasRateLimiting = /fortress\.rateLimit|express-rate-limit/i.test(fileContent);
+        const hasRequestSizeLimiting = /fortress\.requestLimit|limit\s*:\s*['"]\d+m?k?b['"]/i.test(fileContent);
+        const hasLogger = /fortress\.logger|morgan|winston/i.test(fileContent);
+        const hasThreatDetection = /fortress\.threatDetector/i.test(fileContent);
+        const hasHTTPS = /trust proxy|Strict-Transport-Security|https/i.test(fileContent);
+        return {
+            hasCSP,
+            hasRateLimiting,
+            hasRequestSizeLimiting,
+            hasLogger,
+            hasThreatDetection,
+            hasHTTPS
+        };
+    }
+}
+exports.RegexScanner = RegexScanner;
+// Future AST-based scanner abstraction skeleton
+class ASTScanner {
+    name = "ASTScanner (Future)";
+    scan(fileContent) {
+        // In v2, this scanner will parse the TypeScript/JavaScript code into an AST
+        // (using e.g., @babel/parser, typescript or acorn) and perform structural analysis
+        // to identify secure middleware configurations accurately without false positives.
+        throw new Error("AST Scanning is not implemented yet. Using RegexScanner as fallback.");
+    }
+}
+exports.ASTScanner = ASTScanner;

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "@fortressjs/cli",
+  "version": "0.1.0",
+  "description": "Security auditing CLI for FortressJS and Express applications",
+  "license": "MIT",
+  "author": "Davanesh Saminathan",
+  "homepage": "https://github.com/davanesh/fortressjs",
+  "bugs": {
+    "url": "https://github.com/davanesh/fortressjs/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/davanesh/fortressjs.git"
+  },
+  "keywords": [
+    "security",
+    "cli",
+    "audit",
+    "express",
+    "nodejs",
+    "middleware",
+    "api-security",
+    "fortressjs"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "bin": {
+    "fortress": "./bin/fortress.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "bin"
+  ],
+  "scripts": {
+    "build": "tsc"
+  },
+  "dependencies": {
+    "@fortressjs/core": "0.1.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0"
+  }
+}