@preship/core 1.0.2 → 2.0.0

package/dist/index.d.ts

@@ -40,7 +40,125 @@ interface ScanResult {
     passed: boolean;
     scanDurationMs: number;
 }
+type SecuritySeverity = 'critical' | 'high' | 'medium' | 'low';
+interface SecurityVulnerability {
+    id: string;
+    package: string;
+    version: string;
+    severity: SecuritySeverity;
+    summary: string;
+    fixedVersion?: string;
+    references: string[];
+    source: 'osv' | 'github-advisory' | 'npm-audit';
+}
+interface PackageHealth {
+    package: string;
+    version: string;
+    deprecated: boolean;
+    deprecationMessage?: string;
+    outdated: boolean;
+    latestVersion?: string;
+    majorVersionsBehind?: number;
+    unmaintained: boolean;
+    lastPublishDate?: string;
+    weeklyDownloads?: number;
+}
+type SecurityPolicyLevel = 'default' | 'strict' | 'lenient';
+interface SecurityFinding {
+    type: 'vulnerability' | 'deprecated' | 'outdated' | 'unmaintained';
+    severity: SecuritySeverity;
+    package: string;
+    version: string;
+    message: string;
+    details?: SecurityVulnerability | PackageHealth;
+}
+interface SecurityResult {
+    enabled: boolean;
+    passed: boolean;
+    totalPackages: number;
+    vulnerabilities: SecurityVulnerability[];
+    healthIssues: PackageHealth[];
+    findings: SecurityFinding[];
+    stats: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        deprecated: number;
+        outdated: number;
+        unmaintained: number;
+    };
+    scanDurationMs: number;
+}
+type SecretSeverity = 'critical' | 'high' | 'medium' | 'low';
+interface SecretRule {
+    id: string;
+    description: string;
+    severity: SecretSeverity;
+    keywords: string[];
+    pattern: RegExp;
+    entropyThreshold?: number;
+    allowPatterns?: RegExp[];
+}
+interface SecretFinding {
+    ruleId: string;
+    description: string;
+    severity: SecretSeverity;
+    file: string;
+    line: number;
+    column: number;
+    match: string;
+    entropy?: number;
+}
+interface SecretsResult {
+    enabled: boolean;
+    passed: boolean;
+    filesScanned: number;
+    findings: SecretFinding[];
+    stats: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    scanDurationMs: number;
+}
+interface UnifiedScanResult {
+    version: string;
+    projectPath: string;
+    projectType: ProjectType;
+    framework?: string;
+    timestamp: string;
+    passed: boolean;
+    mode: ResolverMode;
+    policy: string;
+    modules: {
+        license?: ScanResult;
+        security?: SecurityResult;
+        secrets?: SecretsResult;
+    };
+    totalScanDurationMs: number;
+}
 type ResolverMode = 'auto' | 'online' | 'local';
+interface ModuleConfig {
+    license: boolean;
+    security: boolean;
+    secrets: boolean;
+}
+interface SecurityConfig {
+    severity: SecurityPolicyLevel;
+    failOn: SecuritySeverity;
+    checkOutdated: boolean;
+    checkDeprecated: boolean;
+    checkUnmaintained: boolean;
+    outdatedMajorThreshold: number;
+    unmaintainedYears: number;
+}
+interface SecretsConfig {
+    scanPaths: string[];
+    allowPaths: string[];
+    allowRules: string[];
+}
 interface PreshipConfig {
     policy?: string;
     reject?: string[];
@@ -56,6 +174,9 @@ interface PreshipConfig {
     cache?: boolean;
     cacheTTL?: number;
     scanTimeout?: number;
+    modules?: Partial<ModuleConfig>;
+    security?: Partial<SecurityConfig>;
+    secrets?: Partial<SecretsConfig>;
 }
 interface ExceptionEntry {
     package: string;
@@ -73,6 +194,7 @@ interface PolicyTemplate {
     scanDevDependencies: boolean;
 }
 
+declare function getDefaultConfig(): PreshipConfig;
 declare function loadConfig(projectPath: string): PreshipConfig;
 
 declare function detectProjects(rootPath: string): DetectedProject[];
@@ -238,4 +360,4 @@ interface ScanTimeoutController {
  */
 declare function createScanTimeoutController(timeout?: number): ScanTimeoutController;
 
-export { AdaptiveRateLimiter, type CacheEntry, type CacheFile, type Dependency, type DetectedProject, type ExceptionEntry, type LicenseSource, type ParsedDependency, type PolicyResult, type PolicyTemplate, type PolicyVerdict, type PreshipConfig, type ProjectType, type ResolverMode, type ScanResult, type ScanTimeoutController, cacheKey, createEmptyCache, createScanTimeoutController, detectProjects, getCacheEntry, getOrCreateKey, loadCache, loadConfig, parseNpmLockfile, parsePnpmLockfile, parseYarnLockfile, saveCache, setCacheEntry };
+export { AdaptiveRateLimiter, type CacheEntry, type CacheFile, type Dependency, type DetectedProject, type ExceptionEntry, type LicenseSource, type ModuleConfig, type PackageHealth, type ParsedDependency, type PolicyResult, type PolicyTemplate, type PolicyVerdict, type PreshipConfig, type ProjectType, type ResolverMode, type ScanResult, type ScanTimeoutController, type SecretFinding, type SecretRule, type SecretSeverity, type SecretsConfig, type SecretsResult, type SecurityConfig, type SecurityFinding, type SecurityPolicyLevel, type SecurityResult, type SecuritySeverity, type SecurityVulnerability, type UnifiedScanResult, cacheKey, createEmptyCache, createScanTimeoutController, detectProjects, getCacheEntry, getDefaultConfig, getOrCreateKey, loadCache, loadConfig, parseNpmLockfile, parsePnpmLockfile, parseYarnLockfile, saveCache, setCacheEntry };

package/dist/index.js

@@ -36,6 +36,7 @@ __export(index_exports, {
   createScanTimeoutController: () => createScanTimeoutController,
   detectProjects: () => detectProjects,
   getCacheEntry: () => getCacheEntry,
+  getDefaultConfig: () => getDefaultConfig,
   getOrCreateKey: () => getOrCreateKey,
   loadCache: () => loadCache,
   loadConfig: () => loadConfig,
@@ -56,9 +57,11 @@ var CONFIG_FILENAMES = [
   "preship-config.yaml",
   "preship-config.json"
 ];
-var VALID_POLICIES = ["commercial-safe", "strict", "permissive-only"];
+var VALID_POLICIES = ["commercial-safe", "saas-safe", "distribution-safe", "strict", "permissive-only"];
 var VALID_OUTPUTS = ["table", "json", "csv"];
 var VALID_MODES = ["auto", "online", "local"];
+var VALID_SECURITY_SEVERITIES = ["default", "strict", "lenient"];
+var VALID_SECURITY_FAIL_ON = ["critical", "high", "medium", "low"];
 function validateConfig(config, filePath) {
   if (config.policy !== void 0) {
     if (typeof config.policy !== "string" || !VALID_POLICIES.includes(config.policy)) {
@@ -190,6 +193,97 @@ function validateConfig(config, filePath) {
       );
     }
   }
+  if (config.modules !== void 0) {
+    if (typeof config.modules !== "object" || config.modules === null || Array.isArray(config.modules)) {
+      throw new Error(
+        `Invalid preship-config at ${filePath}:
+  'modules' must be an object with boolean values (e.g., { license: true, security: true, secrets: true }).
+  See https://github.com/dipen-code/preship for config docs.`
+      );
+    }
+    const m = config.modules;
+    for (const key of ["license", "security", "secrets"]) {
+      if (m[key] !== void 0 && typeof m[key] !== "boolean") {
+        throw new Error(
+          `Invalid preship-config at ${filePath}:
+  'modules.${key}' must be a boolean, got ${typeof m[key]}.
+  See https://github.com/dipen-code/preship for config docs.`
+        );
+      }
+    }
+  }
+  if (config.security !== void 0) {
+    if (typeof config.security !== "object" || config.security === null || Array.isArray(config.security)) {
+      throw new Error(
+        `Invalid preship-config at ${filePath}:
+  'security' must be an object.
+  See https://github.com/dipen-code/preship for config docs.`
+      );
+    }
+    const s = config.security;
+    if (s.severity !== void 0 && (typeof s.severity !== "string" || !VALID_SECURITY_SEVERITIES.includes(s.severity))) {
+      throw new Error(
+        `Invalid preship-config at ${filePath}:
+  'security.severity' must be one of: ${VALID_SECURITY_SEVERITIES.join(", ")}, got '${s.severity}'.
+  See https://github.com/dipen-code/preship for config docs.`
+      );
+    }
+    if (s.failOn !== void 0 && (typeof s.failOn !== "string" || !VALID_SECURITY_FAIL_ON.includes(s.failOn))) {
+      throw new Error(
+        `Invalid preship-config at ${filePath}:
+  'security.failOn' must be one of: ${VALID_SECURITY_FAIL_ON.join(", ")}, got '${s.failOn}'.
+  See https://github.com/dipen-code/preship for config docs.`
+      );
+    }
+    for (const boolField of ["checkOutdated", "checkDeprecated", "checkUnmaintained"]) {
+      if (s[boolField] !== void 0 && typeof s[boolField] !== "boolean") {
+        throw new Error(
+          `Invalid preship-config at ${filePath}:
+  'security.${boolField}' must be a boolean, got ${typeof s[boolField]}.
+  See https://github.com/dipen-code/preship for config docs.`
+        );
+      }
+    }
+    for (const numField of ["outdatedMajorThreshold", "unmaintainedYears"]) {
+      if (s[numField] !== void 0 && (typeof s[numField] !== "number" || s[numField] <= 0)) {
+        throw new Error(
+          `Invalid preship-config at ${filePath}:
+  'security.${numField}' must be a positive number, got '${s[numField]}'.
+  See https://github.com/dipen-code/preship for config docs.`
+        );
+      }
+    }
+  }
+  if (config.secrets !== void 0) {
+    if (typeof config.secrets !== "object" || config.secrets === null || Array.isArray(config.secrets)) {
+      throw new Error(
+        `Invalid preship-config at ${filePath}:
+  'secrets' must be an object.
+  See https://github.com/dipen-code/preship for config docs.`
+      );
+    }
+    const sec = config.secrets;
+    for (const arrField of ["scanPaths", "allowPaths", "allowRules"]) {
+      if (sec[arrField] !== void 0) {
+        if (!Array.isArray(sec[arrField])) {
+          throw new Error(
+            `Invalid preship-config at ${filePath}:
+  'secrets.${arrField}' must be an array of strings.
+  See https://github.com/dipen-code/preship for config docs.`
+          );
+        }
+        for (const item of sec[arrField]) {
+          if (typeof item !== "string") {
+            throw new Error(
+              `Invalid preship-config at ${filePath}:
+  'secrets.${arrField}' must contain only strings, found ${typeof item}.
+  See https://github.com/dipen-code/preship for config docs.`
+            );
+          }
+        }
+      }
+    }
+  }
   return config;
 }
 function getDefaultConfig() {
@@ -205,8 +299,27 @@ function getDefaultConfig() {
     cache: true,
     cacheTTL: 604800,
     // 7 days in seconds
-    scanTimeout: 6e4
+    scanTimeout: 6e4,
     // 60 seconds in ms (0 = disabled)
+    modules: {
+      license: true,
+      security: true,
+      secrets: true
+    },
+    security: {
+      severity: "default",
+      failOn: "high",
+      checkOutdated: true,
+      checkDeprecated: true,
+      checkUnmaintained: true,
+      outdatedMajorThreshold: 3,
+      unmaintainedYears: 2
+    },
+    secrets: {
+      scanPaths: [],
+      allowPaths: [],
+      allowRules: []
+    }
   };
 }
 function loadConfig(projectPath) {
@@ -244,7 +357,19 @@ function loadConfig(projectPath) {
     return {
       ...defaults,
       ...validated,
-      exceptions: validated.exceptions ?? defaults.exceptions
+      exceptions: validated.exceptions ?? defaults.exceptions,
+      modules: {
+        ...defaults.modules,
+        ...validated.modules ?? {}
+      },
+      security: {
+        ...defaults.security,
+        ...validated.security ?? {}
+      },
+      secrets: {
+        ...defaults.secrets,
+        ...validated.secrets ?? {}
+      }
     };
   }
   return getDefaultConfig();
@@ -901,6 +1026,7 @@ function createScanTimeoutController(timeout) {
   createScanTimeoutController,
   detectProjects,
   getCacheEntry,
+  getDefaultConfig,
   getOrCreateKey,
   loadCache,
   loadConfig,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@preship/core",
-  "version": "1.0.2",
+  "version": "2.0.0",
   "description": "Core infrastructure for PreShip — types, config, detection, parsing, caching, and rate limiting",
   "author": "Cyfox Inc.",
   "license": "Apache-2.0",