@seqra/opentaint 0.3.1 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +116 -0
  2. package/package.json +9 -8
package/README.md ADDED
@@ -0,0 +1,116 @@
1
+ <p align="center">
2
+ <picture>
3
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/seqra/opentaint/main/logos/opentaint-logo-dark.svg">
4
+ <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/seqra/opentaint/main/logos/opentaint-logo-light.svg">
5
+ <img src="https://raw.githubusercontent.com/seqra/opentaint/main/logos/opentaint-logo-light.svg" alt="OpenTaint" height="100">
6
+ </picture>
7
+ </p>
8
+
9
+ <h3 align="center">The open source taint analysis engine for the AI era</h3>
10
+
11
+ <p align="center">
12
+ Formal taint analysis for application security — finds what AST-pattern matchers miss, lets LLM agents enact vulnerabilities as rules, and scales where neither can alone.
13
+ </p>
14
+
15
+ <p align="center">
16
+ <a href="https://www.npmjs.com/package/@seqra/opentaint"><img src="https://img.shields.io/npm/v/@seqra/opentaint.svg" alt="npm version"></a>
17
+ <a href="https://github.com/seqra/opentaint/blob/main/cli/LICENSE"><img src="https://img.shields.io/badge/License-MIT-blue.svg" alt="License: MIT"></a>
18
+ <a href="https://discord.gg/6BXDfbP4p9"><img src="https://img.shields.io/discord/1403357427176575036?logo=discord&label=Discord" alt="Discord"></a>
19
+ </p>
20
+
21
+ <p align="center">
22
+ <a href="https://github.com/seqra/opentaint">
23
+ <picture>
24
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/seqra/opentaint/main/public/opentaint-demo-light.gif">
25
+ <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/seqra/opentaint/main/public/opentaint-demo-dark.gif">
26
+ <img src="https://raw.githubusercontent.com/seqra/opentaint/main/public/opentaint-demo-dark.gif" alt="OpenTaint taint analysis demo">
27
+ </picture>
28
+ </a>
29
+ </p>
30
+
31
+ ---
32
+
33
+ This package is the npm distribution of the OpenTaint CLI. Installing it pulls in
34
+ a prebuilt, self-contained binary for your platform that bundles the analyzer,
35
+ rules, and a Java runtime — no separate Java installation required.
36
+
37
+ ## Install
38
+
39
+ Run instantly with `npx` — no install required:
40
+
41
+ ```bash
42
+ npx @seqra/opentaint scan
43
+ ```
44
+
45
+ Or install globally:
46
+
47
+ ```bash
48
+ npm install -g @seqra/opentaint
49
+ opentaint --version
50
+ ```
51
+
52
+ The correct binary for your platform is selected automatically through optional
53
+ dependencies. Supported platforms:
54
+
55
+ | OS | Architectures |
56
+ | ------- | ------------- |
57
+ | Linux | x64, arm64 |
58
+ | macOS | x64, arm64 |
59
+ | Windows | x64, arm64 |
60
+
61
+ > **Note:** Do not install with `--no-optional` / `--omit=optional`. The
62
+ > platform binary ships as an optional dependency; omitting it leaves the
63
+ > launcher with nothing to run.
64
+
65
+ ## Usage
66
+
67
+ Scan the project in the current directory:
68
+
69
+ ```bash
70
+ opentaint scan
71
+ ```
72
+
73
+ Write results to a SARIF file:
74
+
75
+ ```bash
76
+ opentaint scan --output results.sarif
77
+ ```
78
+
79
+ See all commands and flags:
80
+
81
+ ```bash
82
+ opentaint --help
83
+ ```
84
+
85
+ ## AI agent workflows
86
+
87
+ OpenTaint ships agent skills that turn static analysis into an end-to-end
88
+ application-security workflow. Add them to your agent with:
89
+
90
+ ```bash
91
+ npx skills add https://github.com/seqra/opentaint
92
+ ```
93
+
94
+ The `appsec-agent` skill orchestrates a full assessment: build the project, run
95
+ OpenTaint, discover the attack surface, add targeted rules, model missing library
96
+ data flows, triage findings, and optionally generate dynamic proof-of-concept
97
+ checks for confirmed vulnerabilities.
98
+
99
+ ## Updating
100
+
101
+ ```bash
102
+ npm install -g @seqra/opentaint@latest
103
+ ```
104
+
105
+ ## Documentation & support
106
+
107
+ - **Documentation:** https://github.com/seqra/opentaint/blob/main/docs/README.md
108
+ - **Issues:** https://github.com/seqra/opentaint/issues
109
+ - **Community:** [Discord](https://discord.gg/6BXDfbP4p9)
110
+ - **Email:** [seqradev@gmail.com](mailto:seqradev@gmail.com)
111
+
112
+ ## License
113
+
114
+ The CLI is released under the [MIT License](https://github.com/seqra/opentaint/blob/main/cli/LICENSE).
115
+ The core analysis engine is released under the
116
+ [Apache 2.0 License](https://github.com/seqra/opentaint/blob/main/LICENSE.md).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@seqra/opentaint",
3
- "version": "0.3.1",
3
+ "version": "0.4.1",
4
4
  "description": "The open source taint analysis engine for the AI era.",
5
5
  "license": "Apache-2.0",
6
6
  "repository": {
@@ -12,15 +12,16 @@
12
12
  "opentaint": "bin/opentaint.js"
13
13
  },
14
14
  "files": [
15
- "bin/"
15
+ "bin/",
16
+ "README.md"
16
17
  ],
17
18
  "optionalDependencies": {
18
- "@seqra/opentaint-linux-x64": "0.3.1",
19
- "@seqra/opentaint-linux-arm64": "0.3.1",
20
- "@seqra/opentaint-darwin-x64": "0.3.1",
21
- "@seqra/opentaint-darwin-arm64": "0.3.1",
22
- "@seqra/opentaint-win32-x64": "0.3.1",
23
- "@seqra/opentaint-win32-arm64": "0.3.1"
19
+ "@seqra/opentaint-linux-x64": "0.4.1",
20
+ "@seqra/opentaint-linux-arm64": "0.4.1",
21
+ "@seqra/opentaint-darwin-x64": "0.4.1",
22
+ "@seqra/opentaint-darwin-arm64": "0.4.1",
23
+ "@seqra/opentaint-win32-x64": "0.4.1",
24
+ "@seqra/opentaint-win32-arm64": "0.4.1"
24
25
  },
25
26
  "publishConfig": {
26
27
  "access": "public"