npm - @reliabilityworks/vibesec - Versions diffs - 0.1.0 - Mend

@reliabilityworks/vibesec 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +221 -0
package/dist/cli.js.map +1 -0
package/package.json +22 -0
package/src/cli.ts +275 -0
package/test/smoke.test.js +7 -0
package/test/workspaceScan.test.js +34 -0
package/tsconfig.json +8 -0

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export declare function runCli(argv: string[]): Promise<void>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiMA,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAyE1D"}

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,221 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCli = runCli;
+const node_fs_1 = require("node:fs");
+const promises_1 = __importDefault(require("node:fs/promises"));
+const node_path_1 = __importDefault(require("node:path"));
+const commander_1 = require("commander");
+const analyzer_javascript_1 = require("@reliabilityworks/analyzer-javascript");
+const core_1 = require("@reliabilityworks/core");
+function formatCliOutput(result) {
+    const lines = [];
+    if (result.frameworks.length > 0) {
+        const frameworkList = result.frameworks.map((f) => f.id).join(', ');
+        lines.push(`Frameworks: ${frameworkList}`);
+        lines.push('');
+    }
+    for (const finding of result.findings) {
+        lines.push(`${finding.severity.toUpperCase()} ${finding.ruleId} ${finding.location.path}:${finding.location.startLine}`);
+        lines.push(`  ${finding.message}`);
+        lines.push('');
+    }
+    lines.push(`Scan complete: ${result.findings.length} issue(s) found`);
+    return lines.join('\n') + '\n';
+}
+function parseFrameworkIds(input) {
+    if (!input || input === 'auto')
+        return [];
+    return input
+        .split(',')
+        .map((s) => s.trim())
+        .filter(Boolean)
+        .map((s) => s);
+}
+function selectFrameworks(detected, requested) {
+    if (requested === 'auto')
+        return detected;
+    const requestedIds = parseFrameworkIds(requested);
+    const byId = new Map(detected.map((d) => [d.id, d]));
+    const selected = [];
+    for (const id of requestedIds) {
+        const hit = byId.get(id);
+        if (hit) {
+            selected.push(hit);
+        }
+        else {
+            selected.push({ id, confidence: 'low', evidence: ['user: --framework'] });
+        }
+    }
+    return selected;
+}
+function toPosixPath(p) {
+    return p.split(node_path_1.default.sep).join('/');
+}
+function joinPrefixedGlob(prefix, glob) {
+    const normalizedPrefix = prefix.replace(/\/+$/, '');
+    if (!normalizedPrefix || normalizedPrefix === '.')
+        return glob;
+    const normalizedGlob = glob.replace(/^\/+/, '');
+    return `${normalizedPrefix}/${normalizedGlob}`;
+}
+function scopeRulesToPrefix(rules, prefix) {
+    const normalizedPrefix = toPosixPath(prefix);
+    if (!normalizedPrefix || normalizedPrefix === '.')
+        return rules;
+    return rules.map((rule) => {
+        if (rule.matcher.type === 'regex') {
+            return {
+                ...rule,
+                matcher: {
+                    ...rule.matcher,
+                    fileGlobs: rule.matcher.fileGlobs.map((glob) => joinPrefixedGlob(normalizedPrefix, glob)),
+                },
+            };
+        }
+        return {
+            ...rule,
+            matcher: {
+                ...rule.matcher,
+                paths: rule.matcher.paths.map((p) => joinPrefixedGlob(normalizedPrefix, p)),
+            },
+        };
+    });
+}
+async function loadWorkspaceScopedRules(workspaceRoot) {
+    const projectRoots = await (0, core_1.listWorkspaceProjectRoots)(workspaceRoot);
+    const rules = [];
+    for (const projectRoot of projectRoots) {
+        const frameworks = await (0, core_1.detectFrameworks)(projectRoot);
+        if (frameworks.length === 0)
+            continue;
+        const projectRules = await loadRulesForFrameworks(frameworks);
+        const projectPrefix = node_path_1.default.relative(workspaceRoot, projectRoot);
+        rules.push(...scopeRulesToPrefix(projectRules, projectPrefix));
+    }
+    return rules;
+}
+async function loadRulesetRules(packageName) {
+    const pkgJsonPath = require.resolve(`${packageName}/package.json`);
+    const rulesPath = node_path_1.default.join(node_path_1.default.dirname(pkgJsonPath), 'rules.json');
+    const raw = await promises_1.default.readFile(rulesPath, 'utf8');
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) {
+        throw new Error(`${packageName} rules.json must be an array`);
+    }
+    return parsed;
+}
+async function loadRulesForFrameworks(frameworks) {
+    const ids = new Set(frameworks.map((f) => f.id));
+    const rules = [];
+    if (ids.has('nextjs')) {
+        rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-nextjs')));
+    }
+    if (ids.has('react-native') || ids.has('expo')) {
+        rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-react-native')));
+    }
+    if (ids.has('express')) {
+        rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-express')));
+    }
+    if (ids.has('sveltekit')) {
+        rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-sveltekit')));
+    }
+    return rules;
+}
+function readCliVersion() {
+    const packageJsonPath = node_path_1.default.join(__dirname, '..', 'package.json');
+    let raw;
+    try {
+        raw = (0, node_fs_1.readFileSync)(packageJsonPath, 'utf8');
+    }
+    catch {
+        return '0.0.0';
+    }
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === 'object' && 'version' in parsed) {
+        const version = parsed.version;
+        if (typeof version === 'string' && version.length > 0)
+            return version;
+    }
+    return '0.0.0';
+}
+async function runCli(argv) {
+    const program = new commander_1.Command();
+    program
+        .name('vibesec')
+        .description('Local security scanner for modern frameworks')
+        .version(readCliVersion());
+    program
+        .command('scan')
+        .argument('[path]', 'Path to scan', '.')
+        .option('-o, --output <format>', 'Output format: cli|json|sarif|html', 'cli')
+        .option('--out-file <path>', 'Write output to file')
+        .option('--fail-on <severity>', 'Fail on or above: low|medium|high|critical', 'high')
+        .option('--framework <name>', 'Framework: auto|nextjs|react-native|expo|express|sveltekit (comma-separated)', 'auto')
+        .option('--config <path>', 'Config file path (.vibesec.yaml by default)')
+        .option('--rules-dir <path>', 'Custom rules dir (.vibesec/rules by default)')
+        .action(async (scanPath, options) => {
+        const failOn = (0, core_1.severityFromString)(options.failOn);
+        const absoluteRoot = node_path_1.default.resolve(scanPath);
+        const detected = await (0, core_1.detectFrameworksInWorkspace)(absoluteRoot);
+        const frameworks = selectFrameworks(detected, options.framework);
+        const analyzerRules = (0, analyzer_javascript_1.getJavaScriptRules)();
+        const additionalRules = [
+            ...analyzerRules,
+            ...(options.framework === 'auto'
+                ? await loadWorkspaceScopedRules(absoluteRoot)
+                : await loadRulesForFrameworks(frameworks)),
+        ];
+        const result = await (0, core_1.scanProject)({
+            rootDir: absoluteRoot,
+            frameworks,
+            additionalRules,
+            configPath: options.config,
+            customRulesDir: options.rulesDir,
+        });
+        if (options.output === 'json') {
+            const json = JSON.stringify(result, null, 2);
+            if (options.outFile) {
+                await promises_1.default.writeFile(options.outFile, json, 'utf8');
+            }
+            else {
+                process.stdout.write(json + '\n');
+            }
+        }
+        else if (options.output === 'sarif') {
+            const sarif = JSON.stringify((0, core_1.toSarif)(result), null, 2);
+            if (options.outFile) {
+                await promises_1.default.writeFile(options.outFile, sarif, 'utf8');
+            }
+            else {
+                process.stdout.write(sarif + '\n');
+            }
+        }
+        else if (options.output === 'html') {
+            const html = (0, core_1.toHtml)(result);
+            if (options.outFile) {
+                await promises_1.default.writeFile(options.outFile, html, 'utf8');
+            }
+            else {
+                process.stdout.write(html + '\n');
+            }
+        }
+        else {
+            process.stdout.write(formatCliOutput(result));
+        }
+        const shouldFail = result.findings.some((finding) => finding.severityRank <= failOn.rank);
+        process.exitCode = shouldFail ? 1 : 0;
+    });
+    await program.parseAsync(argv);
+}
+if (require.main === module) {
+    runCli(process.argv).catch((error) => {
+        const message = error instanceof Error ? (error.stack ?? error.message) : String(error);
+        process.stderr.write(message + '\n');
+        process.exitCode = 2;
+    });
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;;AAiMA,wBAyEC;AAxQD,qCAAsC;AACtC,gEAAiC;AACjC,0DAA4B;AAE5B,yCAAmC;AAEnC,+EAA0E;AAC1E,iDAa+B;AAW/B,SAAS,eAAe,CAAC,MAAkB;IACzC,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACnE,KAAK,CAAC,IAAI,CAAC,eAAe,aAAa,EAAE,CAAC,CAAA;QAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChB,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CACR,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,CAC7G,CAAA;QACD,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,MAAM,iBAAiB,CAAC,CAAA;IAErE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;AAChC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,EAAE,CAAA;IAEzC,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAgB,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA8B,EAAE,SAAiB;IACzE,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,QAAQ,CAAA;IAEzC,MAAM,YAAY,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAA;IACjD,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAU,CAAC,CAAC,CAAA;IAE7D,MAAM,QAAQ,GAAyB,EAAE,CAAA;IACzC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACxB,IAAI,GAAG,EAAE,CAAC;YACR,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACpB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAA;QAC3E,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,CAAC,CAAC,KAAK,CAAC,mBAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AACpC,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc,EAAE,IAAY;IACpD,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IACnD,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IAE9D,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IAC/C,OAAO,GAAG,gBAAgB,IAAI,cAAc,EAAE,CAAA;AAChD,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa,EAAE,MAAc;IACvD,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IAC5C,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IAE/D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAClC,OAAO;gBACL,GAAG,IAAI;gBACP,OAAO,EAAE;oBACP,GAAG,IAAI,CAAC,OAAO;oBACf,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;iBAC1F;aACF,CAAA;QACH,CAAC;QAED,OAAO;YACL,GAAG,IAAI;YACP,OAAO,EAAE;gBACP,GAAG,IAAI,CAAC,OAAO;gBACf,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;aAC5E;SACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,aAAqB;IAC3D,MAAM,YAAY,GAAG,MAAM,IAAA,gCAAyB,EAAC,aAAa,CAAC,CAAA;IACnE,MAAM,KAAK,GAAW,EAAE,CAAA;IAExB,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,MAAM,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAA;QACtD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAErC,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,UAAU,CAAC,CAAA;QAC7D,MAAM,aAAa,GAAG,mBAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAA;QAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACjD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,WAAW,eAAe,CAAC,CAAA;IAClE,MAAM,SAAS,GAAG,mBAAI,CAAC,IAAI,CAAC,mBAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,YAAY,CAAC,CAAA;IACpE,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAA;IAEzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,GAAG,WAAW,8BAA8B,CAAC,CAAA;IAC/D,CAAC;IAED,OAAO,MAAgB,CAAA;AACzB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,UAAgC;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAChD,MAAM,KAAK,GAAW,EAAE,CAAA;IAExB,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,gBAAgB,CAAC,kCAAkC,CAAC,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,gBAAgB,CAAC,wCAAwC,CAAC,CAAC,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,gBAAgB,CAAC,mCAAmC,CAAC,CAAC,CAAC,CAAA;IAC9E,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,gBAAgB,CAAC,qCAAqC,CAAC,CAAC,CAAC,CAAA;IAChF,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,eAAe,GAAG,mBAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAA;IAElE,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACH,GAAG,GAAG,IAAA,sBAAY,EAAC,eAAe,EAAE,MAAM,CAAC,CAAA;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAA;IAEzC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;QAChE,MAAM,OAAO,GAAI,MAAgC,CAAC,OAAO,CAAA;QACzD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,OAAO,CAAA;IACvE,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,IAAc;IACzC,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAA;IAE7B,OAAO;SACJ,IAAI,CAAC,SAAS,CAAC;SACf,WAAW,CAAC,8CAA8C,CAAC;SAC3D,OAAO,CAAC,cAAc,EAAE,CAAC,CAAA;IAE5B,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,CAAC;SACvC,MAAM,CAAC,uBAAuB,EAAE,oCAAoC,EAAE,KAAK,CAAC;SAC5E,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;SACnD,MAAM,CAAC,sBAAsB,EAAE,4CAA4C,EAAE,MAAM,CAAC;SACpF,MAAM,CACL,oBAAoB,EACpB,8EAA8E,EAC9E,MAAM,CACP;SACA,MAAM,CAAC,iBAAiB,EAAE,6CAA6C,CAAC;SACxE,MAAM,CAAC,oBAAoB,EAAE,8CAA8C,CAAC;SAC5E,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAA2B,EAAE,EAAE;QAC9D,MAAM,MAAM,GAAG,IAAA,yBAAkB,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAEjD,MAAM,YAAY,GAAG,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAA2B,EAAC,YAAY,CAAC,CAAA;QAChE,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAChE,MAAM,aAAa,GAAG,IAAA,wCAAkB,GAAE,CAAA;QAC1C,MAAM,eAAe,GAAG;YACtB,GAAG,aAAa;YAChB,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM,wBAAwB,CAAC,YAAY,CAAC;gBAC9C,CAAC,CAAC,MAAM,sBAAsB,CAAC,UAAU,CAAC,CAAC;SAC9C,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC;YAC/B,OAAO,EAAE,YAAY;YACrB,UAAU;YACV,eAAe;YACf,UAAU,EAAE,OAAO,CAAC,MAAM;YAC1B,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAA;QAEF,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YAC5C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,kBAAE,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAA;YACnD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,IAAA,cAAO,EAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YACtD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,kBAAE,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,IAAA,aAAM,EAAC,MAAM,CAAC,CAAA;YAC3B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,kBAAE,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAA;YACnD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;YACnC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;QACzF,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IAEJ,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;AAChC,CAAC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACvF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;QACpC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,22 @@
+{
+  "name": "@reliabilityworks/vibesec",
+  "version": "0.1.0",
+  "bin": {
+    "vibesec": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint .",
+    "test": "pnpm build && node --test test",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
+  "dependencies": {
+    "@reliabilityworks/analyzer-javascript": "0.1.0",
+    "@reliabilityworks/core": "0.1.0",
+    "@reliabilityworks/ruleset-express": "0.1.0",
+    "@reliabilityworks/ruleset-nextjs": "0.1.0",
+    "@reliabilityworks/ruleset-react-native": "0.1.0",
+    "@reliabilityworks/ruleset-sveltekit": "0.1.0",
+    "commander": "^12.0.0"
+  }
+}

package/src/cli.ts ADDED Viewed

@@ -0,0 +1,275 @@
+#!/usr/bin/env node
+import { readFileSync } from 'node:fs'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { Command } from 'commander'
+import { getJavaScriptRules } from '@reliabilityworks/analyzer-javascript'
+import {
+  detectFrameworks,
+  detectFrameworksInWorkspace,
+  listWorkspaceProjectRoots,
+  scanProject,
+  severityFromString,
+  toHtml,
+  toSarif,
+  type FrameworkDetection,
+  type FrameworkId,
+  type Rule,
+  type SeverityName,
+  type ScanResult,
+} from '@reliabilityworks/core'
+type ScanCommandOptions = {
+  output: string
+  outFile?: string
+  failOn: SeverityName
+  framework: string
+  config?: string
+  rulesDir?: string
+}
+function formatCliOutput(result: ScanResult): string {
+  const lines: string[] = []
+  if (result.frameworks.length > 0) {
+    const frameworkList = result.frameworks.map((f) => f.id).join(', ')
+    lines.push(`Frameworks: ${frameworkList}`)
+    lines.push('')
+  }
+  for (const finding of result.findings) {
+    lines.push(
+      `${finding.severity.toUpperCase()} ${finding.ruleId} ${finding.location.path}:${finding.location.startLine}`,
+    )
+    lines.push(`  ${finding.message}`)
+    lines.push('')
+  }
+  lines.push(`Scan complete: ${result.findings.length} issue(s) found`)
+  return lines.join('\n') + '\n'
+}
+function parseFrameworkIds(input: string): FrameworkId[] {
+  if (!input || input === 'auto') return []
+  return input
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean)
+    .map((s) => s as FrameworkId)
+}
+function selectFrameworks(detected: FrameworkDetection[], requested: string): FrameworkDetection[] {
+  if (requested === 'auto') return detected
+  const requestedIds = parseFrameworkIds(requested)
+  const byId = new Map(detected.map((d) => [d.id, d] as const))
+  const selected: FrameworkDetection[] = []
+  for (const id of requestedIds) {
+    const hit = byId.get(id)
+    if (hit) {
+      selected.push(hit)
+    } else {
+      selected.push({ id, confidence: 'low', evidence: ['user: --framework'] })
+    }
+  }
+  return selected
+}
+function toPosixPath(p: string): string {
+  return p.split(path.sep).join('/')
+}
+function joinPrefixedGlob(prefix: string, glob: string): string {
+  const normalizedPrefix = prefix.replace(/\/+$/, '')
+  if (!normalizedPrefix || normalizedPrefix === '.') return glob
+  const normalizedGlob = glob.replace(/^\/+/, '')
+  return `${normalizedPrefix}/${normalizedGlob}`
+}
+function scopeRulesToPrefix(rules: Rule[], prefix: string): Rule[] {
+  const normalizedPrefix = toPosixPath(prefix)
+  if (!normalizedPrefix || normalizedPrefix === '.') return rules
+  return rules.map((rule) => {
+    if (rule.matcher.type === 'regex') {
+      return {
+        ...rule,
+        matcher: {
+          ...rule.matcher,
+          fileGlobs: rule.matcher.fileGlobs.map((glob) => joinPrefixedGlob(normalizedPrefix, glob)),
+        },
+      }
+    }
+    return {
+      ...rule,
+      matcher: {
+        ...rule.matcher,
+        paths: rule.matcher.paths.map((p) => joinPrefixedGlob(normalizedPrefix, p)),
+      },
+    }
+  })
+}
+async function loadWorkspaceScopedRules(workspaceRoot: string): Promise<Rule[]> {
+  const projectRoots = await listWorkspaceProjectRoots(workspaceRoot)
+  const rules: Rule[] = []
+  for (const projectRoot of projectRoots) {
+    const frameworks = await detectFrameworks(projectRoot)
+    if (frameworks.length === 0) continue
+    const projectRules = await loadRulesForFrameworks(frameworks)
+    const projectPrefix = path.relative(workspaceRoot, projectRoot)
+    rules.push(...scopeRulesToPrefix(projectRules, projectPrefix))
+  }
+  return rules
+}
+async function loadRulesetRules(packageName: string): Promise<Rule[]> {
+  const pkgJsonPath = require.resolve(`${packageName}/package.json`)
+  const rulesPath = path.join(path.dirname(pkgJsonPath), 'rules.json')
+  const raw = await fs.readFile(rulesPath, 'utf8')
+  const parsed = JSON.parse(raw) as unknown
+  if (!Array.isArray(parsed)) {
+    throw new Error(`${packageName} rules.json must be an array`)
+  }
+  return parsed as Rule[]
+}
+async function loadRulesForFrameworks(frameworks: FrameworkDetection[]): Promise<Rule[]> {
+  const ids = new Set(frameworks.map((f) => f.id))
+  const rules: Rule[] = []
+  if (ids.has('nextjs')) {
+    rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-nextjs')))
+  }
+  if (ids.has('react-native') || ids.has('expo')) {
+    rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-react-native')))
+  }
+  if (ids.has('express')) {
+    rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-express')))
+  }
+  if (ids.has('sveltekit')) {
+    rules.push(...(await loadRulesetRules('@reliabilityworks/ruleset-sveltekit')))
+  }
+  return rules
+}
+function readCliVersion(): string {
+  const packageJsonPath = path.join(__dirname, '..', 'package.json')
+  let raw: string
+  try {
+    raw = readFileSync(packageJsonPath, 'utf8')
+  } catch {
+    return '0.0.0'
+  }
+  const parsed = JSON.parse(raw) as unknown
+  if (parsed && typeof parsed === 'object' && 'version' in parsed) {
+    const version = (parsed as { version?: unknown }).version
+    if (typeof version === 'string' && version.length > 0) return version
+  }
+  return '0.0.0'
+}
+export async function runCli(argv: string[]): Promise<void> {
+  const program = new Command()
+  program
+    .name('vibesec')
+    .description('Local security scanner for modern frameworks')
+    .version(readCliVersion())
+  program
+    .command('scan')
+    .argument('[path]', 'Path to scan', '.')
+    .option('-o, --output <format>', 'Output format: cli|json|sarif|html', 'cli')
+    .option('--out-file <path>', 'Write output to file')
+    .option('--fail-on <severity>', 'Fail on or above: low|medium|high|critical', 'high')
+    .option(
+      '--framework <name>',
+      'Framework: auto|nextjs|react-native|expo|express|sveltekit (comma-separated)',
+      'auto',
+    )
+    .option('--config <path>', 'Config file path (.vibesec.yaml by default)')
+    .option('--rules-dir <path>', 'Custom rules dir (.vibesec/rules by default)')
+    .action(async (scanPath: string, options: ScanCommandOptions) => {
+      const failOn = severityFromString(options.failOn)
+      const absoluteRoot = path.resolve(scanPath)
+      const detected = await detectFrameworksInWorkspace(absoluteRoot)
+      const frameworks = selectFrameworks(detected, options.framework)
+      const analyzerRules = getJavaScriptRules()
+      const additionalRules = [
+        ...analyzerRules,
+        ...(options.framework === 'auto'
+          ? await loadWorkspaceScopedRules(absoluteRoot)
+          : await loadRulesForFrameworks(frameworks)),
+      ]
+      const result = await scanProject({
+        rootDir: absoluteRoot,
+        frameworks,
+        additionalRules,
+        configPath: options.config,
+        customRulesDir: options.rulesDir,
+      })
+      if (options.output === 'json') {
+        const json = JSON.stringify(result, null, 2)
+        if (options.outFile) {
+          await fs.writeFile(options.outFile, json, 'utf8')
+        } else {
+          process.stdout.write(json + '\n')
+        }
+      } else if (options.output === 'sarif') {
+        const sarif = JSON.stringify(toSarif(result), null, 2)
+        if (options.outFile) {
+          await fs.writeFile(options.outFile, sarif, 'utf8')
+        } else {
+          process.stdout.write(sarif + '\n')
+        }
+      } else if (options.output === 'html') {
+        const html = toHtml(result)
+        if (options.outFile) {
+          await fs.writeFile(options.outFile, html, 'utf8')
+        } else {
+          process.stdout.write(html + '\n')
+        }
+      } else {
+        process.stdout.write(formatCliOutput(result))
+      }
+      const shouldFail = result.findings.some((finding) => finding.severityRank <= failOn.rank)
+      process.exitCode = shouldFail ? 1 : 0
+    })
+  await program.parseAsync(argv)
+}
+if (require.main === module) {
+  runCli(process.argv).catch((error: unknown) => {
+    const message = error instanceof Error ? (error.stack ?? error.message) : String(error)
+    process.stderr.write(message + '\n')
+    process.exitCode = 2
+  })
+}

package/test/smoke.test.js ADDED Viewed

@@ -0,0 +1,7 @@
+const assert = require('node:assert/strict')
+const test = require('node:test')
+test('cli exports runCli', async () => {
+  const cli = require('../dist/cli.js')
+  assert.equal(typeof cli.runCli, 'function')
+})

package/test/workspaceScan.test.js ADDED Viewed

@@ -0,0 +1,34 @@
+const assert = require('node:assert/strict')
+const { execFileSync } = require('node:child_process')
+const path = require('node:path')
+const test = require('node:test')
+test('workspace scan scopes framework rules to project roots', async () => {
+  const fixtureRoot = path.join(__dirname, '..', '..', 'core', 'test', 'fixtures', 'monorepo')
+  const cliPath = path.join(__dirname, '..', 'dist', 'cli.js')
+  const output = execFileSync(
+    process.execPath,
+    [
+      '--enable-source-maps',
+      cliPath,
+      'scan',
+      fixtureRoot,
+      '--output',
+      'json',
+      '--framework',
+      'auto',
+      '--fail-on',
+      'critical',
+    ],
+    { encoding: 'utf8' },
+  )
+  const result = JSON.parse(output)
+  const nextPaths = result.findings
+    .filter((finding) => finding.ruleId === 'nextjs/production-browser-sourcemaps')
+    .map((finding) => finding.location.path)
+  assert.ok(nextPaths.includes('apps/web/next.config.js'))
+  assert.equal(nextPaths.includes('apps/api/next.config.js'), false)
+})

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "rootDir": "src",
+    "outDir": "dist"
+  },
+  "include": ["src/**/*.ts"]
+}