@npm-breach/check 1.0.0 → 1.0.3

package/README.md

@@ -1,10 +1,10 @@
 # NPM Breach Check
 
-🔐 **Security-focused CLI tool to detect potentially vulnerable packages in your Node.js applications**
+**Security-focused CLI tool to detect potentially vulnerable packages in your Node.js applications**
 
 A lightweight command-line scanner that checks for known vulnerable packages in your dependency tree. Help protect your applications by identifying packages that may pose security risks.
 
-## 🚀 Quick Start
+## Quick Start
 
 ```bash
 # Install globally
@@ -14,12 +14,15 @@ npm install -g @npm-breach/check
 npm-breach-check
 ```
 
-## 📋 Usage
+## Usage
 
 ```bash
 # Scan all packages in your project (default)
 npm-breach-check
 
+# Check a specific package and version
+npm-breach-check check-package lodash "^4.17.20"
+
 # List all monitored packages  
 npm-breach-check list
 
@@ -27,7 +30,7 @@ npm-breach-check list
 npm-breach-check help
 ```
 
-## 📊 Example Output
+## Example Output
 
 ```
 Summary:
@@ -56,11 +59,11 @@ Used but not affected:
   ⚠ error-ex@1.3.4 (affected: 1.3.3)
 ```
 
-- 🔴 **Affected versions** - Vulnerable packages found (need immediate attention)
-- 🟡 **Used but not affected** - Packages installed but in safe versions
-- 🟢 **Not used in project** - Packages not installed (you're safe)
+- **Affected versions** - Vulnerable packages found (need immediate attention)
+- **Used but not affected** - Packages installed but in safe versions
+- **Not used in project** - Packages not installed (you're safe)
 
-## ⚡ Features
+## Features
 
 - **Zero Configuration** - Works out of the box
 - **Lightweight** - Only one dependency (`semver`)
@@ -68,7 +71,7 @@ Used but not affected:
 - **Semantic Versioning** - Supports version ranges (`^`, `~`, `>=`, etc.)
 - **Dependency Tree Analysis** - Deep scanning with `npm ls`
 
-## 🛡️ What It Checks
+## What It Checks
 
 This tool monitors a curated list of packages known to have security considerations, including:
 
@@ -80,7 +83,7 @@ This tool monitors a curated list of packages known to have security considerati
 
 Run `npm-breach-check list` to see the complete monitored package list.
 
-## 🤝 Contributing
+## Contributing
 
 We welcome contributions to improve package security monitoring!
 
@@ -108,7 +111,7 @@ npm install
 npm link
 ```
 
-## 📄 License
+## License
 
 MIT © Contributors
 

package/lib/commands/help.js

@@ -1,7 +1,20 @@
 const { colorize } = require('../utils/colors');
+const fs = require('fs');
+const path = require('path');
+
+function getVersion() {
+  try {
+    const packageJsonPath = path.join(__dirname, '..', '..', 'package.json');
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+    return packageJson.version;
+  } catch (error) {
+    return '1.0.0'; // fallback version
+  }
+}
 
 function showHelp() {
-  console.log(colorize('NPM Package Checker v1.0.0', 'blue'));
+  const version = getVersion();
+  console.log(colorize(`NPM Package Checker v${version}`, 'blue'));
   console.log(colorize("Check npm packages and semantic version ranges in dependency trees", 'gray'));
   console.log();
   console.log(colorize("Usage:", 'yellow'));
@@ -30,7 +43,8 @@ function showHelp() {
 }
 
 function showVersion() {
-  console.log('1.0.0');
+  const version = getVersion();
+  console.log(version);
 }
 
 module.exports = { showHelp, showVersion };

package/lib/index.js

@@ -5,6 +5,10 @@ const { checkSpecificPackage } = require('./commands/checkPackage');
 const { listPackages } = require('./commands/list');
 const { showHelp, showVersion } = require('./commands/help');
 const { colorize } = require('./utils/colors');
+const { checkForUpdates } = require('./utils/versionChecker');
+
+// Check for updates before running commands (async, non-blocking)
+checkForUpdates();
 
 // Parse command line arguments
 const args = process.argv.slice(2);

package/lib/utils/versionChecker.js

@@ -0,0 +1,33 @@
+const { execSync } = require('child_process');
+const semver = require('semver');
+const fs = require('fs');
+const path = require('path');
+const { colorize } = require('./colors');
+
+function checkForUpdates() {
+  try {
+    // Get current version from package.json
+    const packageJsonPath = path.join(__dirname, '..', '..', 'package.json');
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+    const currentVersion = packageJson.version;
+    
+    // Check latest version from npm registry
+    const latestVersionOutput = execSync('npm view @npm-breach/check version', { 
+      encoding: 'utf8',
+      stdio: 'pipe',
+      timeout: 3000 // 3 second timeout
+    }).trim();
+    
+    if (semver.gt(latestVersionOutput, currentVersion)) {
+      console.log(colorize('\n⚠ Update available!', 'yellow'));
+      console.log(colorize(`  Current version: ${currentVersion}`, 'gray'));
+      console.log(colorize(`  Latest version:  ${latestVersionOutput}`, 'green'));
+      console.log(colorize('  Run: npm install -g @npm-breach/check@latest\n', 'cyan'));
+    }
+  } catch (error) {
+    // Silently fail - don't interrupt the main functionality
+    // Version check is not critical
+  }
+}
+
+module.exports = { checkForUpdates };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npm-breach/check",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "Security-focused CLI tool to detect potentially vulnerable packages in your Node.js applications",
   "main": "lib/index.js",
   "bin": {
@@ -13,7 +13,7 @@
   "keywords": [
     "security",
     "vulnerability",
-    "scanner", 
+    "scanner",
     "cli",
     "npm",
     "package-checker",