@fortressjs/cli 0.1.3 → 0.1.4

package/dist/ast-scanner.d.ts

@@ -0,0 +1,5 @@
+import { AuditScanner, ScanResult } from "./scanner";
+export declare class ASTScanner implements AuditScanner {
+    name: string;
+    scan(fileContent: string): ScanResult;
+}

package/dist/ast-scanner.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ASTScanner = void 0;
+const typescript_1 = __importDefault(require("typescript"));
+class ASTScanner {
+    name = "ASTScanner";
+    scan(fileContent) {
+        const sourceFile = typescript_1.default.createSourceFile("temp.ts", fileContent, typescript_1.default.ScriptTarget.Latest, true);
+        const result = {
+            hasCSP: false,
+            hasRateLimiting: false,
+            hasRequestSizeLimiting: false,
+            hasLogger: false,
+            hasThreatDetection: false,
+            hasHTTPS: false
+        };
+        const visit = (node) => {
+            if (typescript_1.default.isImportDeclaration(node)) {
+                const moduleName = node.moduleSpecifier.getText(sourceFile);
+                if (moduleName.includes("@fortressjs/core")) {
+                    result.hasCSP = true;
+                }
+            }
+            if (typescript_1.default.isCallExpression(node)) {
+                const expression = node.expression;
+                if (typescript_1.default.isPropertyAccessExpression(expression)) {
+                    if (expression.expression.getText(sourceFile) ===
+                        "fortress") {
+                        switch (expression.name.getText(sourceFile)) {
+                            case "headers":
+                                result.hasCSP = true;
+                                break;
+                            case "rateLimit":
+                                result.hasRateLimiting = true;
+                                break;
+                            case "requestLimit":
+                                result.hasRequestSizeLimiting = true;
+                                break;
+                            case "logger":
+                                result.hasLogger = true;
+                                break;
+                            case "threatDetector":
+                                result.hasThreatDetection = true;
+                                break;
+                        }
+                    }
+                }
+            }
+            typescript_1.default.forEachChild(node, visit);
+        };
+        visit(sourceFile);
+        return result;
+    }
+}
+exports.ASTScanner = ASTScanner;

package/dist/ast-scanner.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/ast-scanner.test.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ast_scanner_1 = require("./ast-scanner");
+describe("ASTScanner", () => {
+    it("should parse valid code", () => {
+        const scanner = new ast_scanner_1.ASTScanner();
+        const result = scanner.scan(`
+        import express from "express";
+
+        const app = express();
+
+        app.get("/", () => {});
+      `);
+        expect(result).toBeDefined();
+    });
+    it("should detect fortress imports", () => {
+        const scanner = new ast_scanner_1.ASTScanner();
+        const result = scanner.scan(`
+      import fortress
+      from "@fortressjs/core";
+    `);
+        expect(result.hasCSP).toBe(true);
+    });
+});

package/dist/index.d.ts

@@ -1 +1 @@
-export declare function runAudit(targetPath?: string, jsonOutput?: boolean): void;
+export declare function runAudit(targetPath?: string, jsonOutput?: boolean, reportOutput?: boolean): void;

package/dist/index.js

@@ -6,7 +6,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runAudit = runAudit;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
-const scanner_1 = require("./scanner");
+const report_generator_1 = require("./report-generator");
+const ast_scanner_1 = require("./ast-scanner");
 // ANSI Terminal Colors
 const C = {
     reset: "\x1b[0m",
@@ -58,7 +59,7 @@ function getFilesRecursively(dir, fileList = []) {
     }
     return fileList;
 }
-function runAudit(targetPath, jsonOutput = false) {
+function runAudit(targetPath, jsonOutput = false, reportOutput = false) {
     const target = path_1.default.resolve(targetPath || process.cwd());
     let files;
     try {
@@ -82,13 +83,13 @@ function runAudit(targetPath, jsonOutput = false) {
         console.log(`${C.yellow}No JavaScript or TypeScript files found to scan in: ${target}${C.reset}`);
         return;
     }
-    if (!jsonOutput) {
+    if (!jsonOutput && !reportOutput) {
         console.log(`\n${C.bold}${C.cyan}🛡️  FortressJS Security Audit CLI${C.reset}`);
         console.log(`${C.dim}=========================================${C.reset}\n`);
         console.log(`${C.dim}Target: ${target}${C.reset}`);
         console.log(`${C.dim}Scanning ${files.length} file(s)...${C.reset}\n`);
     }
-    const scanner = new scanner_1.RegexScanner();
+    const scanner = new ast_scanner_1.ASTScanner();
     // Aggregate results across all files in the project
     const aggregated = {
         hasCSP: false,
@@ -160,6 +161,12 @@ function runAudit(targetPath, jsonOutput = false) {
         missing,
         recommendations
     };
+    if (reportOutput) {
+        const markdown = (0, report_generator_1.generateMarkdownReport)(auditResult);
+        fs_1.default.writeFileSync("fortress-report.md", markdown);
+        console.log("Report generated: fortress-report.md");
+        return;
+    }
     if (jsonOutput) {
         console.log(JSON.stringify(auditResult, null, 2));
         return;
@@ -189,9 +196,11 @@ function runAudit(targetPath, jsonOutput = false) {
 const args = process.argv.slice(2);
 if (args[0] === "audit") {
     const jsonOutput = args.includes("--json");
+    const reportOutput = args.includes("--report");
     const target = args.find((arg) => arg !== "audit" &&
-        arg !== "--json");
-    runAudit(target, jsonOutput);
+        arg !== "--json" &&
+        arg !== "--report");
+    runAudit(target, jsonOutput, reportOutput);
 }
 else {
     console.log(`\n${C.bold}FortressJS CLI${C.reset}`);
@@ -199,5 +208,7 @@ else {
     console.log(`  fortress audit`);
     console.log(`  fortress audit .`);
     console.log(`  fortress audit ./src`);
-    console.log(`  fortress audit ./src/app.ts\n`);
+    console.log(`  fortress audit ./src/app.ts`);
+    console.log(`  fortress audit --json`);
+    console.log(`  fortress audit --report\n`);
 }

package/dist/report-generator.d.ts

@@ -0,0 +1,8 @@
+interface AuditResult {
+    target: string;
+    score: number;
+    missing: string[];
+    recommendations: string[];
+}
+export declare function generateMarkdownReport(auditResult: AuditResult): string;
+export {};

package/dist/report-generator.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateMarkdownReport = generateMarkdownReport;
+function generateMarkdownReport(auditResult) {
+    const date = new Date()
+        .toISOString()
+        .split("T")[0];
+    return `# FortressJS Security Report
+
+Generated: ${date}
+
+## Target
+
+${auditResult.target}
+
+## Security Score
+
+${auditResult.score}/100
+
+## Missing Protections
+
+${auditResult.missing
+        .map(item => `- ${item}`)
+        .join("\n")}
+
+## Recommendations
+
+${auditResult.recommendations
+        .map(item => `- ${item}`)
+        .join("\n")}
+`;
+}

package/package.json

@@ -1,47 +1,48 @@
-{
-  "name": "@fortressjs/cli",
-  "version": "0.1.3",
-  "description": "Security audit CLI for Express applications. Detect missing security headers, rate limits, request validation, and threat protection.",
-  "license": "MIT",
-  "author": "Davanesh Saminathan",
-  "homepage": "https://github.com/davanesh/fortressjs",
-  "bugs": {
-    "url": "https://github.com/davanesh/fortressjs/issues"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/davanesh/fortressjs.git"
-  },
-  "keywords": [
-    "security",
-    "cli",
-    "audit",
-    "express",
-    "nodejs",
-    "middleware",
-    "api-security",
-    "fortressjs"
-  ],
-  "engines": {
-    "node": ">=18"
-  },
-  "bin": {
-    "fortress": "bin/fortress.js"
-  },
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "files": [
-    "dist",
-    "bin",
-    "README.md"
-  ],
-  "scripts": {
-    "build": "tsc"
-  },
-  "dependencies": {
-    "@fortressjs/core": "^0.1.2"
-  },
-  "devDependencies": {
-    "typescript": "^5.0.0"
-  }
-}
+{
+  "name": "@fortressjs/cli",
+  "version": "0.1.4",
+  "description": "Security audit CLI for Express applications. Detect missing security headers, rate limits, request validation, and threat protection.",
+  "license": "MIT",
+  "author": "Davanesh Saminathan",
+  "homepage": "https://github.com/davanesh/fortressjs",
+  "bugs": {
+    "url": "https://github.com/davanesh/fortressjs/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/davanesh/fortressjs.git"
+  },
+  "keywords": [
+    "security",
+    "cli",
+    "audit",
+    "express",
+    "nodejs",
+    "middleware",
+    "api-security",
+    "fortressjs"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "bin": {
+    "fortress": "bin/fortress.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "bin",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "jest"
+  },
+  "dependencies": {
+    "@fortressjs/core": "^0.1.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0"
+  }
+}