@lateos/npm-scan 0.9.7 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/CHANGELOG.md +200 -0
  2. package/README.de.md +52 -0
  3. package/README.fr.md +52 -0
  4. package/README.ja.md +48 -0
  5. package/README.md +88 -0
  6. package/README.zh.md +52 -0
  7. package/SECURITY.md +73 -0
  8. package/backend/fetch.js +100 -1
  9. package/backend/report.js +97 -0
  10. package/cli/cli.js +165 -9
  11. package/deploy/helm/npm-scan/Chart.yaml +11 -5
  12. package/deploy/helm/npm-scan/templates/api.yaml +29 -1
  13. package/deploy/helm/npm-scan/values.byoc.yaml +75 -0
  14. package/deploy/helm/npm-scan/values.yaml +32 -2
  15. package/package.json +1 -1
package/deploy/helm/npm-scan/values.byoc.yaml ADDED
@@ -0,0 +1,75 @@
1
+ # BYOC Enterprise values example
2
+ # Deploy to your VPC: helm install -f values.byoc.yaml npm-scan ./
3
+
4
+ image:
5
+ repository: ghcr.io/lateos/npm-scan
6
+ tag: "1.0.0"
7
+
8
+ premium:
9
+ enabled: true
10
+ edition: enterprise
11
+ byoc:
12
+ enabled: true
13
+ cloudProvider: aws
14
+ vpcId: vpc-0123456789abcdef0
15
+ region: us-east-1
16
+ clusterName: npm-scan-enterprise
17
+ externalDb: true
18
+ externalRedis: true
19
+
20
+ license:
21
+ key: "npm-scan-enterprise-XXXXX.YOUR-SIGNATURE-HERE"
22
+ secret: "your-license-secret"
23
+
24
+ siem:
25
+ enabled: true
26
+ type: cef
27
+ endpoint: log-collector.your-company.com
28
+ port: 514
29
+ protocol: tcp
30
+
31
+ pdf:
32
+ enabled: true
33
+
34
+ sso:
35
+ enabled: true
36
+ provider: oidc
37
+ clientId: npm-scan-enterprise
38
+ issuerUrl: https://sso.your-company.com/realms/enterprise
39
+
40
+ postgresql:
41
+ enabled: false
42
+ host: your-rds-endpoint.rds.amazonaws.com
43
+ port: 5432
44
+ database: npm_scan
45
+ username: npm_scan
46
+ password: ""
47
+
48
+ redis:
49
+ enabled: false
50
+ host: your-redis-endpoint.cache.amazonaws.com
51
+ port: 6379
52
+
53
+ ingress:
54
+ enabled: true
55
+ className: nginx
56
+ host: npm-scan.your-company.com
57
+ tls:
58
+ - secretName: npm-scan-tls
59
+ hosts:
60
+ - npm-scan.your-company.com
61
+
62
+ persistence:
63
+ enabled: true
64
+ size: 50Gi
65
+ storageClass: gp3
66
+
67
+ worker:
68
+ replicas: 4
69
+ resources:
70
+ requests:
71
+ cpu: 500m
72
+ memory: 1Gi
73
+ limits:
74
+ cpu: 2
75
+ memory: 2Gi
package/deploy/helm/npm-scan/values.yaml CHANGED
@@ -1,4 +1,4 @@
1
- # Helm values for npm-scan
1
+ # Helm values for npm-scan BYOC
2
2
  # Override per environment: helm install -f values-prod.yaml
3
3
 
4
4
  image:
@@ -9,10 +9,40 @@ image:
9
9
  replicaCount: 1
10
10
 
11
11
  license:
12
- # --license-key or NPM_SCAN_LICENSE_KEY env var
13
12
  key: ""
14
13
  secret: ""
15
14
 
15
+ premium:
16
+ enabled: false
17
+ edition: premium
18
+ byoc:
19
+ enabled: false
20
+ cloudProvider: ""
21
+ vpcId: ""
22
+ region: ""
23
+ clusterName: ""
24
+ externalDb: true
25
+ externalRedis: true
26
+
27
+ siem:
28
+ enabled: false
29
+ type: cef
30
+ endpoint: ""
31
+ port: 514
32
+ protocol: tcp
33
+ apiKey: ""
34
+
35
+ pdf:
36
+ enabled: false
37
+
38
+ sso:
39
+ enabled: false
40
+ provider: oidc
41
+ clientId: ""
42
+ clientSecret: ""
43
+ issuerUrl: ""
44
+ allowedDomains: []
45
+
16
46
  postgresql:
17
47
  enabled: true
18
48
  host: ""
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lateos/npm-scan",
3
- "version": "0.9.7",
3
+ "version": "0.10.0",
4
4
  "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
5
5
  "main": "backend/index.js",
6
6
  "bin": {