@greenarmor/ges-audit-engine 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +50 -0
- package/package.json +2 -2
package/README.md
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# @greenarmor/ges-audit-engine
|
|
2
|
+
|
|
3
|
+
Source code audit trails and compliance finding evaluation for the [Green Engineering Standard Framework (GESF)](https://github.com/greenarmor/gesf).
|
|
4
|
+
|
|
5
|
+
Scans project source code for security and compliance issues — detecting hardcoded secrets, weak cryptography, SQL injection patterns, missing authentication, missing security headers, and more.
|
|
6
|
+
|
|
7
|
+
## Install
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npm install @greenarmor/ges-audit-engine
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Exports
|
|
14
|
+
|
|
15
|
+
| Export | Description |
|
|
16
|
+
|--------|-------------|
|
|
17
|
+
| `Finding` | Type representing a security or compliance finding |
|
|
18
|
+
| `runAudit(root)` | Scans a project directory and returns findings |
|
|
19
|
+
| `deduplicateFindings(findings)` | Removes duplicate findings from scan results |
|
|
20
|
+
|
|
21
|
+
## Usage
|
|
22
|
+
|
|
23
|
+
```typescript
|
|
24
|
+
import { runAudit, deduplicateFindings } from '@greenarmor/ges-audit-engine';
|
|
25
|
+
|
|
26
|
+
const { findings, scannedFiles } = runAudit('/path/to/project');
|
|
27
|
+
const unique = deduplicateFindings(findings);
|
|
28
|
+
|
|
29
|
+
console.log(`Scanned ${scannedFiles} files, found ${unique.length} issues`);
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## What It Detects
|
|
33
|
+
|
|
34
|
+
- Hardcoded secrets (passwords, API keys, connection strings, private keys)
|
|
35
|
+
- Weak cryptography (MD5, SHA1, DES, disabled TLS)
|
|
36
|
+
- SQL injection patterns (string concatenation in queries)
|
|
37
|
+
- XSS patterns (innerHTML, document.write, dangerouslySetInnerHTML)
|
|
38
|
+
- Missing authentication middleware
|
|
39
|
+
- Missing security headers (helmet, CORS, rate limiting)
|
|
40
|
+
- Missing database audit columns
|
|
41
|
+
- Configuration issues (secrets in .env without .gitignore, Docker running as root)
|
|
42
|
+
|
|
43
|
+
## Related Packages
|
|
44
|
+
|
|
45
|
+
- [`@greenarmor/ges-core`](https://www.npmjs.com/package/@greenarmor/ges-core) — Types and constants
|
|
46
|
+
- [`@greenarmor/ges-report-generator`](https://www.npmjs.com/package/@greenarmor/ges-report-generator) — Generates reports from findings
|
|
47
|
+
|
|
48
|
+
## License
|
|
49
|
+
|
|
50
|
+
MIT
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@greenarmor/ges-audit-engine",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.2",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "GESF Audit Engine - Audit trails and compliance evaluation",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
}
|
|
13
13
|
},
|
|
14
14
|
"dependencies": {
|
|
15
|
-
"@greenarmor/ges-core": "0.3.
|
|
15
|
+
"@greenarmor/ges-core": "0.3.2"
|
|
16
16
|
},
|
|
17
17
|
"devDependencies": {
|
|
18
18
|
"typescript": "^6.0.0",
|