@fortressjs/cli 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -1
- package/dist/index.js +60 -9
- package/package.json +2 -2
package/dist/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare function runAudit(): void;
|
|
1
|
+
export declare function runAudit(targetPath?: string, jsonOutput?: boolean): void;
|
package/dist/index.js
CHANGED
|
@@ -17,6 +17,20 @@ const C = {
|
|
|
17
17
|
yellow: "\x1b[33m",
|
|
18
18
|
cyan: "\x1b[36m"
|
|
19
19
|
};
|
|
20
|
+
function getTargetFiles(targetPath) {
|
|
21
|
+
if (!fs_1.default.existsSync(targetPath)) {
|
|
22
|
+
throw new Error(`Path does not exist: ${targetPath}`);
|
|
23
|
+
}
|
|
24
|
+
const stat = fs_1.default.statSync(targetPath);
|
|
25
|
+
if (stat.isFile()) {
|
|
26
|
+
if (targetPath.endsWith(".ts") ||
|
|
27
|
+
targetPath.endsWith(".js")) {
|
|
28
|
+
return [targetPath];
|
|
29
|
+
}
|
|
30
|
+
return [];
|
|
31
|
+
}
|
|
32
|
+
return getFilesRecursively(targetPath);
|
|
33
|
+
}
|
|
20
34
|
function getFilesRecursively(dir, fileList = []) {
|
|
21
35
|
if (!fs_1.default.existsSync(dir))
|
|
22
36
|
return fileList;
|
|
@@ -44,16 +58,36 @@ function getFilesRecursively(dir, fileList = []) {
|
|
|
44
58
|
}
|
|
45
59
|
return fileList;
|
|
46
60
|
}
|
|
47
|
-
function runAudit() {
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
61
|
+
function runAudit(targetPath, jsonOutput = false) {
|
|
62
|
+
const target = path_1.default.resolve(targetPath || process.cwd());
|
|
63
|
+
let files;
|
|
64
|
+
try {
|
|
65
|
+
files = getTargetFiles(target);
|
|
66
|
+
}
|
|
67
|
+
catch (error) {
|
|
68
|
+
console.error(`${C.red}${error.message}${C.reset}`);
|
|
69
|
+
process.exit(1);
|
|
70
|
+
}
|
|
52
71
|
if (files.length === 0) {
|
|
53
|
-
|
|
72
|
+
if (jsonOutput) {
|
|
73
|
+
console.log(JSON.stringify({
|
|
74
|
+
target,
|
|
75
|
+
score: 0,
|
|
76
|
+
missing: [],
|
|
77
|
+
recommendations: [],
|
|
78
|
+
message: "No JavaScript or TypeScript files found"
|
|
79
|
+
}, null, 2));
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
console.log(`${C.yellow}No JavaScript or TypeScript files found to scan in: ${target}${C.reset}`);
|
|
54
83
|
return;
|
|
55
84
|
}
|
|
56
|
-
|
|
85
|
+
if (!jsonOutput) {
|
|
86
|
+
console.log(`\n${C.bold}${C.cyan}🛡️ FortressJS Security Audit CLI${C.reset}`);
|
|
87
|
+
console.log(`${C.dim}=========================================${C.reset}\n`);
|
|
88
|
+
console.log(`${C.dim}Target: ${target}${C.reset}`);
|
|
89
|
+
console.log(`${C.dim}Scanning ${files.length} file(s)...${C.reset}\n`);
|
|
90
|
+
}
|
|
57
91
|
const scanner = new scanner_1.RegexScanner();
|
|
58
92
|
// Aggregate results across all files in the project
|
|
59
93
|
const aggregated = {
|
|
@@ -120,6 +154,16 @@ function runAudit() {
|
|
|
120
154
|
recommendations.push("Configure fortress.headers({ strictTransportSecurity: ... }) for HSTS");
|
|
121
155
|
}
|
|
122
156
|
score = Math.max(0, score);
|
|
157
|
+
const auditResult = {
|
|
158
|
+
target,
|
|
159
|
+
score,
|
|
160
|
+
missing,
|
|
161
|
+
recommendations
|
|
162
|
+
};
|
|
163
|
+
if (jsonOutput) {
|
|
164
|
+
console.log(JSON.stringify(auditResult, null, 2));
|
|
165
|
+
return;
|
|
166
|
+
}
|
|
123
167
|
// Pick color based on score
|
|
124
168
|
let scoreColor = C.red;
|
|
125
169
|
if (score >= 90)
|
|
@@ -144,9 +188,16 @@ function runAudit() {
|
|
|
144
188
|
// CLI entry point
|
|
145
189
|
const args = process.argv.slice(2);
|
|
146
190
|
if (args[0] === "audit") {
|
|
147
|
-
|
|
191
|
+
const jsonOutput = args.includes("--json");
|
|
192
|
+
const target = args.find((arg) => arg !== "audit" &&
|
|
193
|
+
arg !== "--json");
|
|
194
|
+
runAudit(target, jsonOutput);
|
|
148
195
|
}
|
|
149
196
|
else {
|
|
150
197
|
console.log(`\n${C.bold}FortressJS CLI${C.reset}`);
|
|
151
|
-
console.log(`${C.dim}Usage
|
|
198
|
+
console.log(`${C.dim}Usage:${C.reset}`);
|
|
199
|
+
console.log(` fortress audit`);
|
|
200
|
+
console.log(` fortress audit .`);
|
|
201
|
+
console.log(` fortress audit ./src`);
|
|
202
|
+
console.log(` fortress audit ./src/app.ts\n`);
|
|
152
203
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fortressjs/cli",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"description": "Security audit CLI for Express applications. Detect missing security headers, rate limits, request validation, and threat protection.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Davanesh Saminathan",
|
|
@@ -39,7 +39,7 @@
|
|
|
39
39
|
"build": "tsc"
|
|
40
40
|
},
|
|
41
41
|
"dependencies": {
|
|
42
|
-
"@fortressjs/core": "^0.1.
|
|
42
|
+
"@fortressjs/core": "^0.1.2"
|
|
43
43
|
},
|
|
44
44
|
"devDependencies": {
|
|
45
45
|
"typescript": "^5.0.0"
|