@lateos/npm-scan 0.3.0 → 0.3.1

package/backend/db/schema.sql

@@ -1 +1,32 @@
--- SQLite schema for local CLI mode (free tier)\n-- Tables: scans, findings (ATK-linked)\n\nCREATE TABLE IF NOT EXISTS scans (\n  id INTEGER PRIMARY KEY AUTOINCREMENT,\n  package_name TEXT NOT NULL,\n  version TEXT,\n  scanned_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n  status TEXT DEFAULT 'completed',\n  sbom_json TEXT\n);\n\nCREATE TABLE IF NOT EXISTS findings (\n  id INTEGER PRIMARY KEY AUTOINCREMENT,\n  scan_id INTEGER NOT NULL,\n  atk_id TEXT NOT NULL REFERENCES attack_taxonomy(id),\n  severity TEXT CHECK (severity IN ('info', 'low', 'medium', 'high', 'critical')),\n  description TEXT,\n  evidence TEXT,\n  mitigation TEXT,\n  FOREIGN KEY (scan_id) REFERENCES scans(id) ON DELETE CASCADE\n);\n\n-- View for reports\nCREATE VIEW scan_findings AS\nSELECT s.*, f.* FROM scans s\nJOIN findings f ON s.id = f.scan_id;\n\n-- Indexes\nCREATE INDEX idx_scans_package ON scans(package_name);\nCREATE INDEX idx_findings_atk ON findings(atk_id);\nCREATE INDEX idx_findings_severity ON findings(severity);
+-- SQLite schema for local CLI mode (free tier)
+-- Tables: scans, findings (ATK-linked)
+
+CREATE TABLE IF NOT EXISTS scans (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  package_name TEXT NOT NULL,
+  version TEXT,
+  scanned_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  status TEXT DEFAULT 'completed',
+  sbom_json TEXT
+);
+
+CREATE TABLE IF NOT EXISTS findings (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id INTEGER NOT NULL,
+  atk_id TEXT NOT NULL,
+  severity TEXT CHECK (severity IN ('info', 'low', 'medium', 'high', 'critical')),
+  description TEXT,
+  evidence TEXT,
+  mitigation TEXT,
+  FOREIGN KEY (scan_id) REFERENCES scans(id) ON DELETE CASCADE
+);
+
+-- View for reports
+CREATE VIEW IF NOT EXISTS scan_findings AS
+SELECT s.*, f.* FROM scans s
+JOIN findings f ON s.id = f.scan_id;
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_scans_package ON scans(package_name);
+CREATE INDEX IF NOT EXISTS idx_findings_atk ON findings(atk_id);
+CREATE INDEX IF NOT EXISTS idx_findings_severity ON findings(severity);

package/backend/sbom.js

@@ -17,13 +17,16 @@ function generateCycloneDX(pkgJson, findings) {
       },
       tools: [{ name: 'npm-scan', version: '0.2.5' }]
     },
-    vulnerabilities: findings.map(f => ({
-      id: f.id,
+    vulnerabilities: findings.map(f => {
+      const atkId = f.atk_id || f.id;
+      return {
+      id: atkId,
       source: { name: 'npm-scan' },
       ratings: [{ severity: f.severity }],
-      description: f.title || '',
+      description: f.description || f.title || '',
       recommendation: f.mitigation || 'Review evidence'
-    }))
+      };
+    })
   };
   return JSON.stringify(bom, null, 2);
 }

package/cli/cli.js

@@ -12,7 +12,7 @@ program
   .description('Scan a package')
   .argument('<target>', 'package name')
   .option('-l, --license-key <key>', 'Premium license')
-  .option('--sbom [format]', 'Generate SBOM (json/xml/spdx)', 'json')
+  .option('--sbom [format]', 'Generate SBOM (json/xml/spdx)')
   .action(async (target, options) => {
     try {
       const { pkgJson, jsFiles, tmpDir } = await import('../backend/fetch.js').then(m => m.fetchPackage(target));
@@ -46,7 +46,7 @@ program
   .command('report')
   .description('Generate report')
   .option('-i, --id <id>', 'Scan ID')
-  .option('--sbom [format]', 'SBOM format (json/xml/spdx)', 'json')
+  .option('--sbom [format]', 'SBOM format (json/xml/spdx)')
   .option('--html', 'HTML report')
   .option('--nist', 'NIST 800-161 compliance report')
   .action(async (options) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Powerful npm supply chain security scanner - detects malicious packages (Shai-Hulud style), behavioral analysis, SBOM, and compliance reporting.",
   "main": "backend/index.js",
   "bin": {