npm - @fortressjs/cli - Versions diffs - 0.1.2 → 0.1.4 - Mend

@fortressjs/cli 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/ast-scanner.d.ts +5 -0
package/dist/ast-scanner.js +58 -0
package/dist/ast-scanner.test.d.ts +1 -0
package/dist/ast-scanner.test.js +24 -0
package/dist/index.d.ts +1 -1
package/dist/index.js +45 -10
package/dist/report-generator.d.ts +8 -0
package/dist/report-generator.js +32 -0
package/package.json +48 -47

package/dist/ast-scanner.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { AuditScanner, ScanResult } from "./scanner";
+export declare class ASTScanner implements AuditScanner {
+    name: string;
+    scan(fileContent: string): ScanResult;
+}

package/dist/ast-scanner.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ASTScanner = void 0;
+const typescript_1 = __importDefault(require("typescript"));
+class ASTScanner {
+    name = "ASTScanner";
+    scan(fileContent) {
+        const sourceFile = typescript_1.default.createSourceFile("temp.ts", fileContent, typescript_1.default.ScriptTarget.Latest, true);
+        const result = {
+            hasCSP: false,
+            hasRateLimiting: false,
+            hasRequestSizeLimiting: false,
+            hasLogger: false,
+            hasThreatDetection: false,
+            hasHTTPS: false
+        };
+        const visit = (node) => {
+            if (typescript_1.default.isImportDeclaration(node)) {
+                const moduleName = node.moduleSpecifier.getText(sourceFile);
+                if (moduleName.includes("@fortressjs/core")) {
+                    result.hasCSP = true;
+                }
+            }
+            if (typescript_1.default.isCallExpression(node)) {
+                const expression = node.expression;
+                if (typescript_1.default.isPropertyAccessExpression(expression)) {
+                    if (expression.expression.getText(sourceFile) ===
+                        "fortress") {
+                        switch (expression.name.getText(sourceFile)) {
+                            case "headers":
+                                result.hasCSP = true;
+                                break;
+                            case "rateLimit":
+                                result.hasRateLimiting = true;
+                                break;
+                            case "requestLimit":
+                                result.hasRequestSizeLimiting = true;
+                                break;
+                            case "logger":
+                                result.hasLogger = true;
+                                break;
+                            case "threatDetector":
+                                result.hasThreatDetection = true;
+                                break;
+                        }
+                    }
+                }
+            }
+            typescript_1.default.forEachChild(node, visit);
+        };
+        visit(sourceFile);
+        return result;
+    }
+}
+exports.ASTScanner = ASTScanner;

package/dist/ast-scanner.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/ast-scanner.test.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ast_scanner_1 = require("./ast-scanner");
+describe("ASTScanner", () => {
+    it("should parse valid code", () => {
+        const scanner = new ast_scanner_1.ASTScanner();
+        const result = scanner.scan(`
+        import express from "express";
+        const app = express();
+        app.get("/", () => {});
+      `);
+        expect(result).toBeDefined();
+    });
+    it("should detect fortress imports", () => {
+        const scanner = new ast_scanner_1.ASTScanner();
+        const result = scanner.scan(`
+      import fortress
+      from "@fortressjs/core";
+    `);
+        expect(result.hasCSP).toBe(true);
+    });
+});

package/dist/index.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare function runAudit(targetPath?: string): void;
1	+ export declare function runAudit(targetPath?: string, jsonOutput?: boolean, reportOutput?: boolean): void;

package/dist/index.js CHANGED Viewed

@@ -6,7 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runAudit = runAudit;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
-const scanner_1 = require("./scanner");
+const report_generator_1 = require("./report-generator");
+const ast_scanner_1 = require("./ast-scanner");
 // ANSI Terminal Colors
 const C = {
     reset: "\x1b[0m",
@@ -58,9 +59,7 @@ function getFilesRecursively(dir, fileList = []) {
     }
     return fileList;
 }
-function runAudit(targetPath) {
-    console.log(`\n${C.bold}${C.cyan}🛡️  FortressJS Security Audit CLI${C.reset}`);
-    console.log(`${C.dim}=========================================${C.reset}\n`);
+function runAudit(targetPath, jsonOutput = false, reportOutput = false) {
     const target = path_1.default.resolve(targetPath || process.cwd());
     let files;
     try {
@@ -71,12 +70,26 @@ function runAudit(targetPath) {
         process.exit(1);
     }
     if (files.length === 0) {
+        if (jsonOutput) {
+            console.log(JSON.stringify({
+                target,
+                score: 0,
+                missing: [],
+                recommendations: [],
+                message: "No JavaScript or TypeScript files found"
+            }, null, 2));
+            return;
+        }
         console.log(`${C.yellow}No JavaScript or TypeScript files found to scan in: ${target}${C.reset}`);
         return;
     }
-    console.log(`${C.dim}Target: ${target}${C.reset}`);
-    console.log(`${C.dim}Scanning ${files.length} file(s)...${C.reset}`);
-    const scanner = new scanner_1.RegexScanner();
+    if (!jsonOutput && !reportOutput) {
+        console.log(`\n${C.bold}${C.cyan}🛡️  FortressJS Security Audit CLI${C.reset}`);
+        console.log(`${C.dim}=========================================${C.reset}\n`);
+        console.log(`${C.dim}Target: ${target}${C.reset}`);
+        console.log(`${C.dim}Scanning ${files.length} file(s)...${C.reset}\n`);
+    }
+    const scanner = new ast_scanner_1.ASTScanner();
     // Aggregate results across all files in the project
     const aggregated = {
         hasCSP: false,
@@ -142,6 +155,22 @@ function runAudit(targetPath) {
         recommendations.push("Configure fortress.headers({ strictTransportSecurity: ... }) for HSTS");
     }
     score = Math.max(0, score);
+    const auditResult = {
+        target,
+        score,
+        missing,
+        recommendations
+    };
+    if (reportOutput) {
+        const markdown = (0, report_generator_1.generateMarkdownReport)(auditResult);
+        fs_1.default.writeFileSync("fortress-report.md", markdown);
+        console.log("Report generated: fortress-report.md");
+        return;
+    }
+    if (jsonOutput) {
+        console.log(JSON.stringify(auditResult, null, 2));
+        return;
+    }
     // Pick color based on score
     let scoreColor = C.red;
     if (score >= 90)
@@ -166,8 +195,12 @@ function runAudit(targetPath) {
 // CLI entry point
 const args = process.argv.slice(2);
 if (args[0] === "audit") {
-    const target = args[1];
-    runAudit(target);
+    const jsonOutput = args.includes("--json");
+    const reportOutput = args.includes("--report");
+    const target = args.find((arg) => arg !== "audit" &&
+        arg !== "--json" &&
+        arg !== "--report");
+    runAudit(target, jsonOutput, reportOutput);
 }
 else {
     console.log(`\n${C.bold}FortressJS CLI${C.reset}`);
@@ -175,5 +208,7 @@ else {
     console.log(`  fortress audit`);
     console.log(`  fortress audit .`);
     console.log(`  fortress audit ./src`);
-    console.log(`  fortress audit ./src/app.ts\n`);
+    console.log(`  fortress audit ./src/app.ts`);
+    console.log(`  fortress audit --json`);
+    console.log(`  fortress audit --report\n`);
 }

package/dist/report-generator.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+interface AuditResult {
+    target: string;
+    score: number;
+    missing: string[];
+    recommendations: string[];
+}
+export declare function generateMarkdownReport(auditResult: AuditResult): string;
+export {};

package/dist/report-generator.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateMarkdownReport = generateMarkdownReport;
+function generateMarkdownReport(auditResult) {
+    const date = new Date()
+        .toISOString()
+        .split("T")[0];
+    return `# FortressJS Security Report
+Generated: ${date}
+## Target
+${auditResult.target}
+## Security Score
+${auditResult.score}/100
+## Missing Protections
+${auditResult.missing
+        .map(item => `- ${item}`)
+        .join("\n")}
+## Recommendations
+${auditResult.recommendations
+        .map(item => `- ${item}`)
+        .join("\n")}
+`;
+}

package/package.json CHANGED Viewed

@@ -1,47 +1,48 @@
-{
-  "name": "@fortressjs/cli",
-  "version": "0.1.2",
-  "description": "Security audit CLI for Express applications. Detect missing security headers, rate limits, request validation, and threat protection.",
-  "license": "MIT",
-  "author": "Davanesh Saminathan",
-  "homepage": "https://github.com/davanesh/fortressjs",
-  "bugs": {
-    "url": "https://github.com/davanesh/fortressjs/issues"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/davanesh/fortressjs.git"
-  },
-  "keywords": [
-    "security",
-    "cli",
-    "audit",
-    "express",
-    "nodejs",
-    "middleware",
-    "api-security",
-    "fortressjs"
-  ],
-  "engines": {
-    "node": ">=18"
-  },
-  "bin": {
-    "fortress": "bin/fortress.js"
-  },
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "files": [
-    "dist",
-    "bin",
-    "README.md"
-  ],
-  "scripts": {
-    "build": "tsc"
-  },
-  "dependencies": {
-    "@fortressjs/core": "^0.1.2"
-  },
-  "devDependencies": {
-    "typescript": "^5.0.0"
-  }
-}
+{
+  "name": "@fortressjs/cli",
+  "version": "0.1.4",
+  "description": "Security audit CLI for Express applications. Detect missing security headers, rate limits, request validation, and threat protection.",
+  "license": "MIT",
+  "author": "Davanesh Saminathan",
+  "homepage": "https://github.com/davanesh/fortressjs",
+  "bugs": {
+    "url": "https://github.com/davanesh/fortressjs/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/davanesh/fortressjs.git"
+  },
+  "keywords": [
+    "security",
+    "cli",
+    "audit",
+    "express",
+    "nodejs",
+    "middleware",
+    "api-security",
+    "fortressjs"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "bin": {
+    "fortress": "bin/fortress.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "bin",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "jest"
+  },
+  "dependencies": {
+    "@fortressjs/core": "^0.1.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0"
+  }
+}