@npm-breach/check 1.0.0

package/README.md

@@ -0,0 +1,117 @@
+# NPM Breach Check
+
+🔐 **Security-focused CLI tool to detect potentially vulnerable packages in your Node.js applications**
+
+A lightweight command-line scanner that checks for known vulnerable packages in your dependency tree. Help protect your applications by identifying packages that may pose security risks.
+
+## 🚀 Quick Start
+
+```bash
+# Install globally
+npm install -g @npm-breach/check
+
+# Check your project for vulnerable packages
+npm-breach-check
+```
+
+## 📋 Usage
+
+```bash
+# Scan all packages in your project (default)
+npm-breach-check
+
+# List all monitored packages  
+npm-breach-check list
+
+# Show help
+npm-breach-check help
+```
+
+## 📊 Example Output
+
+```
+Summary:
+  Total checked: 60
+  Found: 12
+  Affected versions: 1
+  Used but not affected: 11
+  Not used in the project: 48
+
+Affected versions:
+==================
+  ✓ ansi-styles@2.2.1 (affected: 2.2.1)
+
+Used but not affected:
+======================
+  ⚠ debug@2.6.9 (affected: 4.4.2)
+  ⚠ chalk@1.1.3 (affected: 5.6.1)
+  ⚠ supports-color@3.2.3 (affected: 10.2.1)
+  ⚠ strip-ansi@3.0.1 (affected: 7.1.1)
+  ⚠ ansi-regex@2.1.1 (affected: 6.2.1)
+  ⚠ wrap-ansi@2.1.0 (affected: 9.0.1)
+  ⚠ color-convert@1.9.3 (affected: 3.1.1)
+  ⚠ color-name@1.1.4 (affected: 2.0.1)
+  ⚠ is-arrayish@0.2.1 (affected: 0.3.3)
+  ⚠ has-ansi@2.0.0 (affected: 6.0.1)
+  ⚠ error-ex@1.3.4 (affected: 1.3.3)
+```
+
+- 🔴 **Affected versions** - Vulnerable packages found (need immediate attention)
+- 🟡 **Used but not affected** - Packages installed but in safe versions
+- 🟢 **Not used in project** - Packages not installed (you're safe)
+
+## ⚡ Features
+
+- **Zero Configuration** - Works out of the box
+- **Lightweight** - Only one dependency (`semver`)
+- **Fast Scanning** - Native Node.js performance
+- **Semantic Versioning** - Supports version ranges (`^`, `~`, `>=`, etc.)
+- **Dependency Tree Analysis** - Deep scanning with `npm ls`
+
+## 🛡️ What It Checks
+
+This tool monitors a curated list of packages known to have security considerations, including:
+
+- Color manipulation packages (chalk, ansi-styles)
+- Angular/React form utilities  
+- File processing libraries
+- Template engines
+- And many more...
+
+Run `npm-breach-check list` to see the complete monitored package list.
+
+## 🤝 Contributing
+
+We welcome contributions to improve package security monitoring!
+
+### Adding New Packages
+
+To add a potentially vulnerable package to the monitoring list:
+
+1. Fork this repository
+2. Edit `affected-packages.json` 
+3. Add your package with version constraints:
+   ```json
+   {
+     "name": "package-name",
+     "versions": ["^1.0.0", ">=2.1.0"]
+   }
+   ```
+4. Submit a pull request with details about the security concern
+
+### Development Setup
+
+```bash
+git clone https://github.com/your-username/npm-breach-check.git
+cd npm-breach-check
+npm install
+npm link
+```
+
+## 📄 License
+
+MIT © Contributors
+
+---
+
+**Help keep the Node.js ecosystem secure - contribute to the monitored package list!**

package/affected-packages.json

@@ -0,0 +1,232 @@
+{
+  "packages": [
+    {
+      "name": "angulartics2",
+      "versions": ["14.1.2"]
+    },
+    {
+      "name": "@ctrl/deluge",
+      "versions": ["7.2.2"]
+    },
+    {
+      "name": "@ctrl/golang-template",
+      "versions": ["1.4.3"]
+    },
+    {
+      "name": "@ctrl/magnet-link",
+      "versions": ["4.0.4"]
+    },
+    {
+      "name": "@ctrl/ngx-codemirror",
+      "versions": ["7.0.2"]
+    },
+    {
+      "name": "@ctrl/ngx-csv",
+      "versions": ["6.0.2"]
+    },
+    {
+      "name": "@ctrl/ngx-emoji-mart",
+      "versions": ["9.2.2"]
+    },
+    {
+      "name": "@ctrl/ngx-rightclick",
+      "versions": ["4.0.2"]
+    },
+    {
+      "name": "@ctrl/qbittorrent",
+      "versions": ["9.7.2"]
+    },
+    {
+      "name": "@ctrl/react-adsense",
+      "versions": ["2.0.2"]
+    },
+    {
+      "name": "@ctrl/shared-torrent",
+      "versions": ["6.3.2"]
+    },
+    {
+      "name": "@ctrl/tinycolor",
+      "versions": ["4.1.1", "4.1.2"]
+    },
+    {
+      "name": "@ctrl/torrent-file",
+      "versions": ["4.1.2"]
+    },
+    {
+      "name": "@ctrl/transmission",
+      "versions": ["7.3.1"]
+    },
+    {
+      "name": "@ctrl/ts-base32",
+      "versions": ["4.0.2"]
+    },
+    {
+      "name": "encounter-playground",
+      "versions": ["0.0.5"]
+    },
+    {
+      "name": "json-rules-engine-simplified",
+      "versions": ["0.2.4", "0.2.1"]
+    },
+    {
+      "name": "koa2-swagger-ui",
+      "versions": ["5.11.2", "5.11.1"]
+    },
+    {
+      "name": "@nativescript-community/gesturehandler",
+      "versions": ["2.0.35"]
+    },
+    {
+      "name": "@nativescript-community/sentry",
+      "versions": ["4.6.43"]
+    },
+    {
+      "name": "@nativescript-community/text",
+      "versions": ["1.6.13"]
+    },
+    {
+      "name": "@nativescript-community/ui-collectionview",
+      "versions": ["6.0.6"]
+    },
+    {
+      "name": "@nativescript-community/ui-drawer",
+      "versions": ["0.1.30"]
+    },
+    {
+      "name": "@nativescript-community/ui-image",
+      "versions": ["4.5.6"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-bottomsheet",
+      "versions": ["7.2.72"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-core",
+      "versions": ["7.2.76"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-core-tabs",
+      "versions": ["7.2.76"]
+    },
+    {
+      "name": "ngx-color",
+      "versions": ["10.0.2"]
+    },
+    {
+      "name": "ngx-toastr",
+      "versions": ["19.0.2"]
+    },
+    {
+      "name": "ngx-trend",
+      "versions": ["8.0.1"]
+    },
+    {
+      "name": "react-complaint-image",
+      "versions": ["0.0.35"]
+    },
+    {
+      "name": "react-jsonschema-form-conditionals",
+      "versions": ["0.3.21"]
+    },
+    {
+      "name": "react-jsonschema-form-extras",
+      "versions": ["1.0.4"]
+    },
+    {
+      "name": "rxnt-authentication",
+      "versions": ["0.0.6"]
+    },
+    {
+      "name": "rxnt-healthchecks-nestjs",
+      "versions": ["1.0.5"]
+    },
+    {
+      "name": "rxnt-kue",
+      "versions": ["1.0.7"]
+    },
+    {
+      "name": "swc-plugin-component-annotate",
+      "versions": ["1.9.2"]
+    },
+    {
+      "name": "ts-gaussian",
+      "versions": ["3.0.6"]
+    },
+    {
+      "name": "ansi-styles",
+      "versions": ["2.2.1"]
+    },
+    {
+      "name": "debug",
+      "versions": ["4.4.2"]
+    },
+    {
+      "name": "chalk",
+      "versions": ["5.6.1"]
+    },
+    {
+      "name": "supports-color",
+      "versions": ["10.2.1"]
+    },
+    {
+      "name": "strip-ansi",
+      "versions": ["7.1.1"]
+    },
+    {
+      "name": "ansi-regex",
+      "versions": ["6.2.1"]
+    },
+    {
+      "name": "wrap-ansi",
+      "versions": ["9.0.1"]
+    },
+    {
+      "name": "color-convert",
+      "versions": ["3.1.1"]
+    },
+    {
+      "name": "color-name",
+      "versions": ["2.0.1"]
+    },
+    {
+      "name": "is-arrayish",
+      "versions": ["0.3.3"]
+    },
+    {
+      "name": "slice-ansi",
+      "versions": ["7.1.1"]
+    },
+    {
+      "name": "color",
+      "versions": ["5.0.1"]
+    },
+    {
+      "name": "color-string",
+      "versions": ["2.1.1"]
+    },
+    {
+      "name": "simple-swizzle",
+      "versions": ["0.2.3"]
+    },
+    {
+      "name": "supports-hyperlinks",
+      "versions": ["4.1.1"]
+    },
+    {
+      "name": "has-ansi",
+      "versions": ["6.0.1"]
+    },
+    {
+      "name": "chalk-template",
+      "versions": ["1.1.1"]
+    },
+    {
+      "name": "backslash",
+      "versions": ["0.2.1"]
+    },
+    {
+      "name": "error-ex",
+      "versions": ["1.3.3"]
+    }
+  ]
+}

package/lib/affected-packages.json

@@ -0,0 +1,232 @@
+{
+  "packages": [
+    {
+      "name": "angulartics2",
+      "versions": ["14.1.2"]
+    },
+    {
+      "name": "@ctrl/deluge",
+      "versions": ["7.2.2"]
+    },
+    {
+      "name": "@ctrl/golang-template",
+      "versions": ["1.4.3"]
+    },
+    {
+      "name": "@ctrl/magnet-link",
+      "versions": ["4.0.4"]
+    },
+    {
+      "name": "@ctrl/ngx-codemirror",
+      "versions": ["7.0.2"]
+    },
+    {
+      "name": "@ctrl/ngx-csv",
+      "versions": ["6.0.2"]
+    },
+    {
+      "name": "@ctrl/ngx-emoji-mart",
+      "versions": ["9.2.2"]
+    },
+    {
+      "name": "@ctrl/ngx-rightclick",
+      "versions": ["4.0.2"]
+    },
+    {
+      "name": "@ctrl/qbittorrent",
+      "versions": ["9.7.2"]
+    },
+    {
+      "name": "@ctrl/react-adsense",
+      "versions": ["2.0.2"]
+    },
+    {
+      "name": "@ctrl/shared-torrent",
+      "versions": ["6.3.2"]
+    },
+    {
+      "name": "@ctrl/tinycolor",
+      "versions": ["4.1.1", "4.1.2"]
+    },
+    {
+      "name": "@ctrl/torrent-file",
+      "versions": ["4.1.2"]
+    },
+    {
+      "name": "@ctrl/transmission",
+      "versions": ["7.3.1"]
+    },
+    {
+      "name": "@ctrl/ts-base32",
+      "versions": ["4.0.2"]
+    },
+    {
+      "name": "encounter-playground",
+      "versions": ["0.0.5"]
+    },
+    {
+      "name": "json-rules-engine-simplified",
+      "versions": ["0.2.4", "0.2.1"]
+    },
+    {
+      "name": "koa2-swagger-ui",
+      "versions": ["5.11.2", "5.11.1"]
+    },
+    {
+      "name": "@nativescript-community/gesturehandler",
+      "versions": ["2.0.35"]
+    },
+    {
+      "name": "@nativescript-community/sentry",
+      "versions": ["4.6.43"]
+    },
+    {
+      "name": "@nativescript-community/text",
+      "versions": ["1.6.13"]
+    },
+    {
+      "name": "@nativescript-community/ui-collectionview",
+      "versions": ["6.0.6"]
+    },
+    {
+      "name": "@nativescript-community/ui-drawer",
+      "versions": ["0.1.30"]
+    },
+    {
+      "name": "@nativescript-community/ui-image",
+      "versions": ["4.5.6"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-bottomsheet",
+      "versions": ["7.2.72"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-core",
+      "versions": ["7.2.76"]
+    },
+    {
+      "name": "@nativescript-community/ui-material-core-tabs",
+      "versions": ["7.2.76"]
+    },
+    {
+      "name": "ngx-color",
+      "versions": ["10.0.2"]
+    },
+    {
+      "name": "ngx-toastr",
+      "versions": ["19.0.2"]
+    },
+    {
+      "name": "ngx-trend",
+      "versions": ["8.0.1"]
+    },
+    {
+      "name": "react-complaint-image",
+      "versions": ["0.0.35"]
+    },
+    {
+      "name": "react-jsonschema-form-conditionals",
+      "versions": ["0.3.21"]
+    },
+    {
+      "name": "react-jsonschema-form-extras",
+      "versions": ["1.0.4"]
+    },
+    {
+      "name": "rxnt-authentication",
+      "versions": ["0.0.6"]
+    },
+    {
+      "name": "rxnt-healthchecks-nestjs",
+      "versions": ["1.0.5"]
+    },
+    {
+      "name": "rxnt-kue",
+      "versions": ["1.0.7"]
+    },
+    {
+      "name": "swc-plugin-component-annotate",
+      "versions": ["1.9.2"]
+    },
+    {
+      "name": "ts-gaussian",
+      "versions": ["3.0.6"]
+    },
+    {
+      "name": "ansi-styles",
+      "versions": ["6.2.2"]
+    },
+    {
+      "name": "debug",
+      "versions": ["4.4.2"]
+    },
+    {
+      "name": "chalk",
+      "versions": ["5.6.1"]
+    },
+    {
+      "name": "supports-color",
+      "versions": ["10.2.1"]
+    },
+    {
+      "name": "strip-ansi",
+      "versions": ["7.1.1"]
+    },
+    {
+      "name": "ansi-regex",
+      "versions": ["6.2.1"]
+    },
+    {
+      "name": "wrap-ansi",
+      "versions": ["9.0.1"]
+    },
+    {
+      "name": "color-convert",
+      "versions": ["3.1.1"]
+    },
+    {
+      "name": "color-name",
+      "versions": ["2.0.1"]
+    },
+    {
+      "name": "is-arrayish",
+      "versions": ["0.3.3"]
+    },
+    {
+      "name": "slice-ansi",
+      "versions": ["7.1.1"]
+    },
+    {
+      "name": "color",
+      "versions": ["5.0.1"]
+    },
+    {
+      "name": "color-string",
+      "versions": ["2.1.1"]
+    },
+    {
+      "name": "simple-swizzle",
+      "versions": ["0.2.3"]
+    },
+    {
+      "name": "supports-hyperlinks",
+      "versions": ["4.1.1"]
+    },
+    {
+      "name": "has-ansi",
+      "versions": ["6.0.1"]
+    },
+    {
+      "name": "chalk-template",
+      "versions": ["1.1.1"]
+    },
+    {
+      "name": "backslash",
+      "versions": ["0.2.1"]
+    },
+    {
+      "name": "error-ex",
+      "versions": ["1.3.3"]
+    }
+  ]
+}

package/lib/commands/check.js

@@ -0,0 +1,68 @@
+const { loadAffectedPackages } = require('../core/packageLoader');
+const { checkPackageWithSemver } = require('../core/packageChecker');
+const { printHeader, printSummary, printSatisfiedPackages, printAffectedPackages } = require('../utils/output');
+const { colorize } = require('../utils/colors');
+
+function checkAllAffectedPackages() {
+  const affectedPackages = loadAffectedPackages();
+  
+  if (affectedPackages.length === 0) {
+    console.log(colorize("No packages loaded from affected-packages.json", 'red'));
+    return;
+  }
+
+  printHeader();
+
+  let totalChecked = 0;
+  let foundCount = 0;
+  let satisfiedCount = 0;
+  const wrongVersionPackages = [];
+  const satisfiedPackages = [];
+
+  for (const packageInfo of affectedPackages) {
+    for (const versionRange of packageInfo.versions) {
+      totalChecked++;
+      console.log(colorize(`Checking: ${packageInfo.name} (${versionRange})`, 'yellow'));
+      
+      const result = checkPackageWithSemver(packageInfo.name, versionRange);
+      
+      if (result.found) {
+        foundCount++;
+        if (result.satisfies) {
+          satisfiedCount++;
+          console.log(colorize("✓ Affected", 'red'));
+          const satisfiedInfo = `${packageInfo.name}@${result.installedVersion} (affected: ${versionRange})`;
+          if (!satisfiedPackages.includes(satisfiedInfo)) {
+            satisfiedPackages.push(satisfiedInfo);
+          }
+        } else {
+          console.log(colorize("⚠ Found but version not affected", 'yellow'));
+          const wrongVersionInfo = `${packageInfo.name}@${result.installedVersion} (affected: ${versionRange})`;
+          if (!wrongVersionPackages.includes(wrongVersionInfo)) {
+            wrongVersionPackages.push(wrongVersionInfo);
+          }
+        }
+        console.log(colorize(`  Installed: ${result.installedVersion}`, 'gray'));
+        console.log(colorize(`  Affected: ${versionRange}`, 'gray'));
+      } else {
+        console.log(colorize(`  ${result.output}`, 'gray'));
+      }
+      
+      console.log(colorize("─".repeat(60), 'blue'));
+    }
+  }
+
+  const summary = {
+    totalChecked,
+    foundCount,
+    satisfiedCount,
+    satisfiedPackages,
+    wrongVersionPackages
+  };
+
+  printSummary(summary);
+  printSatisfiedPackages(satisfiedPackages);
+  printAffectedPackages(wrongVersionPackages);
+}
+
+module.exports = { checkAllAffectedPackages };

package/lib/commands/checkPackage.js

@@ -0,0 +1,22 @@
+const { checkPackageWithSemver } = require('../core/packageChecker');
+const { colorize } = require('../utils/colors');
+
+function checkSpecificPackage(packageName, versionRange) {
+  console.log(colorize(`Checking package: ${packageName} (${versionRange})`, 'yellow'));
+  const result = checkPackageWithSemver(packageName, versionRange);
+  
+  if (result.found) {
+    if (result.satisfies) {
+      console.log(colorize("✓ Affected", 'red'));
+    } else {
+      console.log(colorize("⚠ Found but version not affected", 'yellow'));
+    }
+    console.log(colorize(`  Installed: ${result.installedVersion}`, 'gray'));
+    console.log(colorize(`  Affected: ${versionRange}`, 'gray'));
+  } else {
+    console.log(colorize("✗ Not Affected", 'green'));
+    console.log(colorize(`  ${result.output}`, 'gray'));
+  }
+}
+
+module.exports = { checkSpecificPackage };

package/lib/commands/help.js

@@ -0,0 +1,36 @@
+const { colorize } = require('../utils/colors');
+
+function showHelp() {
+  console.log(colorize('NPM Package Checker v1.0.0', 'blue'));
+  console.log(colorize("Check npm packages and semantic version ranges in dependency trees", 'gray'));
+  console.log();
+  console.log(colorize("Usage:", 'yellow'));
+  console.log('  npm-breach-check [command] [options]');
+  console.log();
+  console.log(colorize("Commands:", 'yellow'));
+  console.log("  check                                 Check all affected packages (default)");
+  console.log("  check-package <name> <version-range>  Check a specific package and version range");
+  console.log("  list                                  List all affected packages");
+  console.log("  help, --help, -h                      Show this help message");
+  console.log("  version, --version, -v                Show version number");
+  console.log();
+  console.log(colorize("Semantic Version Examples:", 'yellow'));
+  console.log("  ^1.2.3     Compatible with version 1.2.3 or higher (^1.2.3 ≤ version < 2.0.0)");
+  console.log("  ~1.2.3     Approximately equivalent to version 1.2.3 (~1.2.3 ≤ version < 1.3.0)");
+  console.log("  >=1.2.3    Greater than or equal to version 1.2.3");
+  console.log("  1.2.3      Exact version 1.2.3");
+  console.log("  1.2.x      Any version in the 1.2.x range");
+  console.log();
+  console.log(colorize("Examples:", 'yellow'));
+  console.log('  npm-breach-check');
+  console.log('  npm-breach-check check');
+  console.log("  npm-breach-check check-package jwt-decode '^2.2.0'");
+  console.log("  npm-breach-check check-package react '>=16.0.0'");
+  console.log('  npm-breach-check list');
+}
+
+function showVersion() {
+  console.log('1.0.0');
+}
+
+module.exports = { showHelp, showVersion };

package/lib/commands/list.js

@@ -0,0 +1,26 @@
+const { loadAffectedPackages } = require('../core/packageLoader');
+const { colorize } = require('../utils/colors');
+
+function listPackages() {
+  const affectedPackages = loadAffectedPackages();
+  
+  if (affectedPackages.length === 0) {
+    console.log(colorize("No packages loaded from affected-packages.json", 'red'));
+    return;
+  }
+
+  console.log(colorize("Affected packages:", 'blue'));
+  console.log(colorize("=================", 'blue'));
+  
+  for (const packageInfo of affectedPackages) {
+    console.log(colorize(`${packageInfo.name}`, 'green'));
+    for (const version of packageInfo.versions) {
+      console.log(colorize(`  └─ ${version}`, 'gray'));
+    }
+  }
+  
+  const totalVersions = affectedPackages.reduce((acc, pkg) => acc + pkg.versions.length, 0);
+  console.log(colorize(`\nTotal: ${affectedPackages.length} packages with ${totalVersions} versions`, 'cyan'));
+}
+
+module.exports = { listPackages };

package/lib/core/packageChecker.js

@@ -0,0 +1,58 @@
+const { execSync } = require('child_process');
+const semver = require('semver');
+
+function getInstalledPackageInfo(packageName) {
+  try {
+    const output = execSync(`npm ls ${packageName} --json`, { 
+      encoding: 'utf8',
+      stdio: 'pipe'
+    });
+    const data = JSON.parse(output);
+    
+    // Navigate through the dependency tree to find the package
+    function findPackage(deps, name) {
+      if (!deps) return null;
+      
+      if (deps[name]) {
+        return {
+          version: deps[name].version,
+          path: deps[name].path || ''
+        };
+      }
+      
+      // Search in nested dependencies
+      for (const depName in deps) {
+        const found = findPackage(deps[depName].dependencies, name);
+        if (found) return found;
+      }
+      
+      return null;
+    }
+    
+    return findPackage(data.dependencies, packageName);
+  } catch (error) {
+    return null;
+  }
+}
+
+function checkPackageWithSemver(packageName, versionRange) {
+  const installedPkg = getInstalledPackageInfo(packageName);
+  
+  if (!installedPkg) {
+    return { 
+      found: false, 
+      output: `Package ${packageName} not found in dependency tree` 
+    };
+  }
+  
+  const satisfies = semver.satisfies(installedPkg.version, versionRange);
+  
+  return {
+    found: true,
+    installedVersion: installedPkg.version,
+    satisfies,
+    output: `Found ${packageName}@${installedPkg.version} ${satisfies ? '✓' : '✗'} (${satisfies ? 'satisfies' : 'does not satisfy'} ${versionRange})`
+  };
+}
+
+module.exports = { getInstalledPackageInfo, checkPackageWithSemver };

package/lib/core/packageLoader.js

@@ -0,0 +1,17 @@
+const fs = require('fs');
+const path = require('path');
+const { colorize } = require('../utils/colors');
+
+function loadAffectedPackages() {
+  try {
+    const jsonPath = path.join(__dirname, '..', '..', 'affected-packages.json');
+    const jsonContent = fs.readFileSync(jsonPath, 'utf8');
+    const config = JSON.parse(jsonContent);
+    return config.packages;
+  } catch (error) {
+    console.error(colorize('Error loading affected-packages.json:', 'red'), error);
+    return [];
+  }
+}
+
+module.exports = { loadAffectedPackages };

package/lib/index.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+
+const { checkAllAffectedPackages } = require('./commands/check');
+const { checkSpecificPackage } = require('./commands/checkPackage');
+const { listPackages } = require('./commands/list');
+const { showHelp, showVersion } = require('./commands/help');
+const { colorize } = require('./utils/colors');
+
+// Parse command line arguments
+const args = process.argv.slice(2);
+const command = args[0] || 'check';
+
+switch (command) {
+  case 'check':
+    checkAllAffectedPackages();
+    break;
+  
+  case 'check-package':
+    if (args.length < 3) {
+      console.error(colorize("Error: check-package requires package name and version range", 'red'));
+      console.log("Usage: npm-breach-check check-package <package> <version-range>");
+      console.log("Examples:");
+      console.log("  npm-breach-check check-package jwt-decode '^2.2.0'");
+      console.log("  npm-breach-check check-package react '>=16.0.0'");
+      process.exit(1);
+    }
+    checkSpecificPackage(args[1], args[2]);
+    break;
+  
+  case 'list':
+    listPackages();
+    break;
+  
+  case 'help':
+  case '--help':
+  case '-h':
+    showHelp();
+    break;
+  
+  case 'version':
+  case '--version':
+  case '-v':
+    showVersion();
+    break;
+  
+  default:
+    console.error(colorize(`Error: Unknown command '${command}'`, 'red'));
+    console.log("Run 'npm-breach-check help' for usage information");
+    process.exit(1);
+}

package/lib/utils/colors.js

@@ -0,0 +1,15 @@
+const colors = {
+  reset: '\x1b[0m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  cyan: '\x1b[36m',
+  gray: '\x1b[90m'
+};
+
+function colorize(text, color) {
+  return `${colors[color]}${text}${colors.reset}`;
+}
+
+module.exports = { colors, colorize };

package/lib/utils/output.js

@@ -0,0 +1,37 @@
+const { colorize } = require('./colors');
+
+function printHeader() {
+  console.log(colorize("Checking affected npm packages:", 'blue'));
+  console.log(colorize("===============================================================", 'blue'));
+}
+
+function printSummary(summary) {
+  console.log(colorize(`\nSummary:`, 'cyan'));
+  console.log(colorize(`  Total checked: ${summary.totalChecked}`, 'cyan'));
+  console.log(colorize(`  Found: ${summary.foundCount}`, 'cyan'));
+  console.log(colorize(`  Affected versions: ${summary.satisfiedCount}`, 'red'));
+  console.log(colorize(`  Used but not affected: ${summary.foundCount - summary.satisfiedCount}`, 'gray'));
+//   console.log(colorize(`  Not used in the project: ${summary.totalChecked - summary.foundCount}`, 'green'));
+}
+
+function printSatisfiedPackages(packages) {
+  if (packages.length > 0) {
+    console.log(colorize(`\nAffected versions:`, 'red'));
+    console.log(colorize("==================", 'red'));
+    for (const pkg of packages) {
+      console.log(colorize(`  ✓ ${pkg}`, 'red'));
+    }
+  }
+}
+
+function printAffectedPackages(packages) {
+  if (packages.length > 0) {
+    console.log(colorize(`\nUsed but not affected:`, 'gray'));
+    console.log(colorize("======================", 'gray'));
+    for (const pkg of packages) {
+      console.log(colorize(`  ⚠ ${pkg}`, 'gray'));
+    }
+  }
+}
+
+module.exports = { printHeader, printSummary, printSatisfiedPackages, printAffectedPackages };

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@npm-breach/check",
+  "version": "1.0.0",
+  "description": "Security-focused CLI tool to detect potentially vulnerable packages in your Node.js applications",
+  "main": "lib/index.js",
+  "bin": {
+    "npm-breach-check": "./lib/index.js"
+  },
+  "scripts": {
+    "start": "node lib/index.js",
+    "test": "echo \"No tests configured for plain JavaScript version\" && exit 0"
+  },
+  "keywords": [
+    "security",
+    "vulnerability",
+    "scanner", 
+    "cli",
+    "npm",
+    "package-checker",
+    "dependency-tree",
+    "breach",
+    "audit"
+  ],
+  "author": "Your Name",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/labidiaymen/npm-breach.git"
+  },
+  "homepage": "https://github.com/labidiaymen/npm-breach#readme",
+  "bugs": {
+    "url": "https://github.com/labidiaymen/npm-breach/issues"
+  },
+  "preferGlobal": true,
+  "dependencies": {
+    "semver": "^7.5.0"
+  }
+}