@lateos/npm-scan 0.4.1 → 0.6.0

package/backend/db/pg-schema.sql

@@ -0,0 +1,155 @@
+-- PostgreSQL schema for hosted/team tier (premium)
+-- Extends the SQLite schema with teams, users, RBAC, audit logs, webhooks
+
+-- Extensions
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+
+-- Teams / Organizations
+CREATE TABLE IF NOT EXISTS teams (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  name TEXT NOT NULL,
+  slug TEXT UNIQUE NOT NULL,
+  license_edition TEXT NOT NULL DEFAULT 'community',
+  license_key TEXT,
+  license_expires_at TIMESTAMPTZ,
+  max_seats INTEGER NOT NULL DEFAULT 5,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Users
+CREATE TABLE IF NOT EXISTS users (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  email TEXT UNIQUE NOT NULL,
+  name TEXT NOT NULL,
+  password_hash TEXT NOT NULL,
+  team_id UUID REFERENCES teams(id) ON DELETE CASCADE,
+  role TEXT NOT NULL CHECK (role IN ('admin', 'editor', 'viewer')) DEFAULT 'viewer',
+  last_login_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Scans (extends SQLite scans with team ownership)
+CREATE TABLE IF NOT EXISTS scans (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  team_id UUID REFERENCES teams(id) ON DELETE CASCADE,
+  user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+  package_name TEXT NOT NULL,
+  version TEXT,
+  status TEXT NOT NULL DEFAULT 'pending'
+    CHECK (status IN ('pending', 'fetching', 'analyzing', 'completed', 'failed')),
+  sbom_json JSONB,
+  findings_summary JSONB,
+  duration_ms INTEGER,
+  scanned_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Findings
+CREATE TABLE IF NOT EXISTS findings (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  scan_id UUID NOT NULL REFERENCES scans(id) ON DELETE CASCADE,
+  atk_id TEXT NOT NULL,
+  severity TEXT NOT NULL CHECK (severity IN ('info', 'low', 'medium', 'high', 'critical')),
+  title TEXT,
+  description TEXT,
+  evidence TEXT,
+  mitigation TEXT,
+  file_path TEXT,
+  line_number INTEGER
+);
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_scans_team ON scans(team_id);
+CREATE INDEX IF NOT EXISTS idx_scans_package ON scans(package_name);
+CREATE INDEX IF NOT EXISTS idx_scans_status ON scans(status);
+CREATE INDEX IF NOT EXISTS idx_scans_created ON scans(scanned_at DESC);
+CREATE INDEX IF NOT EXISTS idx_findings_scan ON findings(scan_id);
+CREATE INDEX IF NOT EXISTS idx_findings_atk ON findings(atk_id);
+CREATE INDEX IF NOT EXISTS idx_findings_severity ON findings(severity);
+CREATE INDEX IF NOT EXISTS idx_users_team ON users(team_id);
+
+-- Audit log
+CREATE TABLE IF NOT EXISTS audit_log (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  team_id UUID NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+  user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+  action TEXT NOT NULL,
+  resource_type TEXT NOT NULL,
+  resource_id TEXT,
+  details JSONB,
+  ip_address INET,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_audit_team ON audit_log(team_id, created_at DESC);
+
+-- Webhooks
+CREATE TABLE IF NOT EXISTS webhooks (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  team_id UUID NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+  url TEXT NOT NULL,
+  secret TEXT NOT NULL DEFAULT encode(gen_random_bytes(32), 'hex'),
+  events TEXT[] NOT NULL DEFAULT '{}',
+  active BOOLEAN NOT NULL DEFAULT true,
+  last_triggered_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_webhooks_team ON webhooks(team_id);
+
+-- API keys
+CREATE TABLE IF NOT EXISTS api_keys (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  team_id UUID NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  key_hash TEXT NOT NULL,
+  scopes TEXT[] NOT NULL DEFAULT '{}',
+  last_used_at TIMESTAMPTZ,
+  expires_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_api_keys_team ON api_keys(team_id);
+
+-- Session tokens
+CREATE TABLE IF NOT EXISTS sessions (
+  id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  token_hash TEXT NOT NULL,
+  expires_at TIMESTAMPTZ NOT NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_sessions_user ON sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);
+
+-- Materialized view: package risk aggregation
+CREATE MATERIALIZED VIEW IF NOT EXISTS package_risk AS
+SELECT
+  s.package_name,
+  s.version,
+  COUNT(DISTINCT f.id) AS finding_count,
+  COUNT(DISTINCT f.id) FILTER (WHERE f.severity IN ('high', 'critical')) AS high_crit_count,
+  ARRAY_AGG(DISTINCT f.atk_id) AS atk_ids,
+  MAX(s.scanned_at) AS last_scanned
+FROM scans s
+JOIN findings f ON f.scan_id = s.id
+WHERE s.status = 'completed'
+GROUP BY s.package_name, s.version;
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_package_risk_pkg ON package_risk(package_name, version);
+
+-- Function: touch updated_at
+CREATE OR REPLACE FUNCTION touch_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at = NOW();
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+CREATE TRIGGER trg_teams_updated_at
+  BEFORE UPDATE ON teams
+  FOR EACH ROW EXECUTE FUNCTION touch_updated_at();

package/backend/license.js

@@ -1,13 +1,85 @@
+import { createHmac, timingSafeEqual } from 'crypto';
+
+const HMAC_KEY = process.env.NPM_SCAN_LICENSE_SECRET || 'npm-scan-default-dev-key';
+
+const FEATURE_TIERS = {
+  community: [],
+  premium: ['sandbox', 'siem', 'cra', 'nist-pdf', 'rest-api', 'webhooks', 'helm'],
+  enterprise: ['sandbox', 'siem', 'cra', 'nist-pdf', 'rest-api', 'webhooks', 'helm', 'sso', 'audit-logs', 'pg-backend', 'kubernetes'],
+};
+
+const ALL_FEATURES = Object.values(FEATURE_TIERS).flat();
+const ALLOWED_UNLOCKED = ['sbom', 'nist-html', 'html-report', 'sqlite'];
+
+function generateSignature(payload) {
+  return createHmac('sha256', HMAC_KEY).update(JSON.stringify(payload)).digest('hex');
+}
+
+export function generateKey(edition, options = {}) {
+  const payload = {
+    edition,
+    issued: new Date().toISOString(),
+    exp: options.expiresAt || null,
+    seats: options.seats || 1,
+    org: options.org || null,
+  };
+  const sig = generateSignature(payload);
+  const encoded = Buffer.from(JSON.stringify(payload)).toString('base64url');
+  return `npm-scan-${edition}-${encoded}.${sig}`;
+}
+
 export function validateLicense(key, feature = '*') {
-  if (!key || !key.startsWith('npm-scan-premium-')) {
-    throw new Error(`Invalid license for feature: ${feature}`);
+  if (!key) {
+    throw new Error('No license key provided');
+  }
+
+  if (feature === 'scan' || ALLOWED_UNLOCKED.includes(feature)) {
+    return { edition: 'community', features: ALL_FEATURES };
+  }
+
+  const parts = key.split('-');
+  if (parts.length < 4 || !key.includes('.')) {
+    throw new Error('Invalid license key format');
+  }
+
+  const edition = parts[2];
+  const encodedPayload = parts.slice(3).join('-').split('.')[0];
+  const sig = key.split('.')[1];
+
+  let payload;
+  try {
+    payload = JSON.parse(Buffer.from(encodedPayload, 'base64url').toString('utf8'));
+  } catch {
+    throw new Error('Invalid license key payload');
   }
-  return true;
+
+  const expectedSig = generateSignature(payload);
+  const sigBuf = Buffer.from(sig, 'hex');
+  const expectedBuf = Buffer.from(expectedSig, 'hex');
+  if (sigBuf.length !== expectedBuf.length || !timingSafeEqual(sigBuf, expectedBuf)) {
+    throw new Error('Invalid license key signature');
+  }
+
+  if (payload.exp && new Date(payload.exp) < new Date()) {
+    throw new Error('License key expired');
+  }
+
+  const allowed = FEATURE_TIERS[edition];
+  if (!allowed) {
+    throw new Error(`Unknown license edition: ${edition}`);
+  }
+
+  if (feature !== '*' && !allowed.includes(feature) && !ALLOWED_UNLOCKED.includes(feature)) {
+    throw new Error(`Feature "${feature}" requires ${edition === 'community' ? 'premium' : 'enterprise'} license`);
+  }
+
+  return { edition, features: allowed, ...payload };
 }
 
 export function isFeatureEnabled(feature, licenseKey = process.env.NPM_SCAN_LICENSE_KEY) {
   try {
-    return validateLicense(licenseKey, feature);
+    validateLicense(licenseKey, feature);
+    return true;
   } catch {
     return false;
   }

package/cli/cli.js

@@ -1,11 +1,21 @@
 #!/usr/bin/env node
 
 import { Command } from 'commander';
+import { isFeatureEnabled, generateKey } from '../backend/license.js';
+
+function requirePremium(feature, licenseKey) {
+  if (!isFeatureEnabled(feature, licenseKey)) {
+    console.error(`Error: "${feature}" requires a premium license key.`);
+    console.error(`  Pass --license-key <key> or set NPM_SCAN_LICENSE_KEY env var.`);
+    console.error(`  Generate a dev key: require('@lateos/npm-scan/backend/license').generateKey('premium')`);
+    process.exit(1);
+  }
+}
 
 const program = new Command()
   .name('npm-scan')
   .description('npm supply chain security scanner')
-  .version('0.4.0');
+  .version('0.5.0');
 
 program
   .command('scan')
@@ -47,13 +57,15 @@ program
   .description('Generate report')
   .option('-i, --id <id>', 'Scan ID')
   .option('--sbom [format]', 'SBOM format (json/xml/spdx)')
-.option('--html', 'HTML report')
+  .option('--html', 'HTML report')
   .option('--nist', 'NIST 800-161 compliance report')
   .option('--cra', 'EU CRA compliance report')
   .option('--siem <format>', 'SIEM format (cef)')
   .option('-l, --license-key <key>', 'Premium license')
   .action(async (options) => {
+    const licenseKey = options.licenseKey || process.env.NPM_SCAN_LICENSE_KEY;
     const { getRecentScans, getFindings, getScan } = await import('../backend/db.js');
+
     if (options.id) {
       const findings = getFindings(options.id);
       const scanInfo = getScan(options.id);
@@ -61,16 +73,19 @@ program
       const pkgVer = scanInfo?.version || 'unknown';
       const pkg = { name: pkgName, version: pkgVer };
       const scan = findings.length ? { package_name: pkgName, version: pkgVer, findings } : null;
-      if (options.sbom) {
-        const { generateSBOM } = await import('../backend/sbom.js');
-        const sbom = generateSBOM(pkg, findings, options.sbom === true ? 'json' : options.sbom);
-        console.log(sbom);
-      } else if (options.siem) {
+
+      if (options.siem) {
+        requirePremium('siem', licenseKey);
         const { generateSIEM } = await import('../backend/siem/index.js');
         console.log(generateSIEM(scan ? [scan] : [], options.siem));
       } else if (options.cra) {
+        requirePremium('cra', licenseKey);
         const { generateCRA } = await import('../backend/cra.js');
         console.log(generateCRA(scan ? [scan] : []));
+      } else if (options.sbom) {
+        const { generateSBOM } = await import('../backend/sbom.js');
+        const sbom = generateSBOM(pkg, findings, options.sbom === true ? 'json' : options.sbom);
+        console.log(sbom);
       } else if (options.html || options.nist) {
         const { generateHTML } = await import('../backend/report.js');
         const html = generateHTML(scan ? [scan] : []);
@@ -81,10 +96,13 @@ program
     } else {
       const scans = getRecentScans();
       const scansWithFindings = scans.map(s => ({ ...s, findings: getFindings(s.id) }));
-if (options.siem) {
+
+      if (options.siem) {
+        requirePremium('siem', licenseKey);
         const { generateSIEM } = await import('../backend/siem/index.js');
         console.log(generateSIEM(scansWithFindings, options.siem));
       } else if (options.cra) {
+        requirePremium('cra', licenseKey);
         const { generateCRA } = await import('../backend/cra.js');
         console.log(generateCRA(scansWithFindings));
       } else if (options.html || options.nist) {

package/deploy/helm/npm-scan/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: npm-scan
+description: npm supply chain security scanner — Helm chart for Kubernetes deployment
+type: application
+version: 0.5.0
+appVersion: "0.5.0"
+keywords:
+  - npm
+  - security
+  - supply-chain
+  - scanner
+sources:
+  - https://github.com/YOUR_GITHUB_USERNAME/npm-scan
+maintainers:
+  - name: Lateos
+    email: hello@lateos.ai

package/deploy/helm/npm-scan/templates/_helpers.tpl

@@ -0,0 +1,9 @@
+{{- define "npm-scan.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "npm-scan.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}

package/deploy/helm/npm-scan/templates/api.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-api
+  labels:
+    app: {{ include "npm-scan.name" . }}-api
+    {{- include "npm-scan.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.api.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-api
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-api
+    spec:
+      containers:
+        - name: api
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["python", "-m", "api.main"]
+          ports:
+            - containerPort: {{ .Values.api.port }}
+          env:
+            - name: API_PORT
+              value: "{{ .Values.api.port }}"
+            - name: API_HOST
+              value: "{{ .Values.api.host }}"
+            - name: NPM_SCAN_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-license
+                  key: key
+                  optional: true
+            {{- if .Values.postgresql.enabled }}
+            - name: PG_HOST
+              value: "{{ .Values.postgresql.host }}"
+            - name: PG_PORT
+              value: "{{ .Values.postgresql.port }}"
+            - name: PG_DATABASE
+              value: "{{ .Values.postgresql.database }}"
+            - name: PG_USERNAME
+              value: "{{ .Values.postgresql.username }}"
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret | default (printf "%s-pg" (include "npm-scan.name" .)) }}
+                  key: password
+                  optional: true
+            {{- end }}
+          resources: {{- toYaml .Values.api.resources | nindent 12 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "npm-scan.name" . }}-api
+  labels:
+    app: {{ include "npm-scan.name" . }}-api
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.api.port }}
+  selector:
+    app: {{ include "npm-scan.name" . }}-api

package/deploy/helm/npm-scan/templates/ingress.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "npm-scan.name" . }}
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "npm-scan.name" . }}-api
+                port:
+                  number: {{ .Values.service.port }}
+  {{- with .Values.ingress.tls }}
+  tls: {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

package/deploy/helm/npm-scan/templates/postgresql.yaml

@@ -0,0 +1,67 @@
+{{- if .Values.postgresql.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-postgresql
+  labels:
+    app: {{ include "npm-scan.name" . }}-postgresql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-postgresql
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-postgresql
+    spec:
+      containers:
+        - name: postgresql
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_DB
+              value: "{{ .Values.postgresql.database }}"
+            - name: POSTGRES_USER
+              value: "{{ .Values.postgresql.username }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-pg
+                  key: password
+          {{- if .Values.persistence.enabled }}
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "npm-scan.name" . }}-pg
+          {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "npm-scan.name" . }}-postgresql
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: {{ include "npm-scan.name" . }}-postgresql
+---
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "npm-scan.name" . }}-pg
+spec:
+  accessModes: [ReadWriteOnce]
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- with .Values.persistence.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
+{{- end }}
+{{- end }}

package/deploy/helm/npm-scan/templates/secrets.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "npm-scan.name" . }}-license
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  key: "{{ .Values.license.key }}"
+---
+{{- if not .Values.postgresql.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "npm-scan.name" . }}-pg
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  password: "{{ .Values.postgresql.password }}"
+{{- end }}

package/deploy/helm/npm-scan/templates/worker.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.worker.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-worker
+  labels:
+    app: {{ include "npm-scan.name" . }}-worker
+    {{- include "npm-scan.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.worker.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-worker
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-worker
+    spec:
+      containers:
+        - name: worker
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["node", "cli/cli.js"]
+          env:
+            - name: NPM_SCAN_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-license
+                  key: key
+                  optional: true
+          resources: {{- toYaml .Values.worker.resources | nindent 12 }}
+{{- end }}

package/deploy/helm/npm-scan/values.yaml

@@ -0,0 +1,73 @@
+# Helm values for npm-scan
+# Override per environment: helm install -f values-prod.yaml
+
+image:
+  repository: ghcr.io/lateos/npm-scan
+  tag: latest
+  pullPolicy: Always
+
+replicaCount: 1
+
+license:
+  # --license-key or NPM_SCAN_LICENSE_KEY env var
+  key: ""
+  secret: ""
+
+postgresql:
+  enabled: true
+  host: ""
+  port: 5432
+  database: npm_scan
+  username: npm_scan
+  password: ""
+  existingSecret: ""
+
+api:
+  enabled: true
+  port: 8000
+  host: 0.0.0.0
+  replicas: 1
+  corsOrigins: ["*"]
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+
+worker:
+  enabled: true
+  replicas: 2
+  resources:
+    requests:
+      cpu: 200m
+      memory: 256Mi
+    limits:
+      cpu: 1
+      memory: 1Gi
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  host: npm-scan.example.com
+  tls: []
+
+service:
+  type: ClusterIP
+  port: 80
+
+persistence:
+  enabled: true
+  size: 10Gi
+  storageClass: ""
+
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+redis:
+  enabled: false
+  host: ""
+  port: 6379

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.4.1",
+  "version": "0.6.0",
   "description": "Powerful npm supply chain security scanner - detects malicious packages (Shai-Hulud style), behavioral analysis, SBOM, and compliance reporting.",
   "main": "backend/index.js",
   "bin": {