npm - @shriyanss/js-recon - Versions diffs - 1.3.1-alpha.4 → 1.3.1-beta.1 - Mend

@shriyanss/js-recon 1.3.1-alpha.4 → 1.3.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,11 +1,17 @@
 # Change Log
-## 1.3.1-alpha.4 - 2026-06-08
+## 1.3.1-beta.1 - 2026-06-08
+### Added
+### Changed
 ### Fixed
-- `extractSourceMaps` no longer crashes with `EISDIR` when a source map entry has a degenerate path (e.g. a bare `webpack://` prefix with no trailing path) that `normalizePath` reduces to `"."` — such entries are now silently skipped (`lazyload`, `run`)
-- Source map files extracted during `run` are now written to `output/<domain>/extracted/` (or the equivalent per-target subdirectory) instead of a bare `extracted/` directory in the current working directory (`lazyload`, `run`)
+- Bumped versions for dependencies
+- Fixed container
+## 1.3.1-alpha.4 - 2026-06-08
 ### Performance
@@ -75,6 +81,8 @@
 - `mcp --cli` "Thinking..." spinner no longer ticks forever after a provider error — the `setInterval` is now declared outside the `try` and cleared in `finally`, so 4xx/network failures render cleanly and the next prompt is not mangled (`mcp --cli`)
 - Job/skill announcements (e.g. `[Job 1] run started ...`, `[Invoking skill: web_app_pentest]`) are now echoed to the REPL the moment `handleToolExecution` returns, in addition to being baked into the LLM context. Previously, if the subsequent LLM call failed (quota / auth), the user had no visible signal that a background scan had actually been spawned (`mcp --cli`)
 - Ctrl-C in `mcp --cli` no longer crashes the readline with `SES_UNCAUGHT_EXCEPTION: readline was closed`. The SIGINT handler is wrapped in a try/catch and `prompt()` is guarded by a `promptingActive` flag so a re-entrant call against an already-pending `rl.question` is dropped instead of tearing the interface down (`mcp --cli`)
+- `extractSourceMaps` no longer crashes with `EISDIR` when a source map entry has a degenerate path (e.g. a bare `webpack://` prefix with no trailing path) that `normalizePath` reduces to `"."` — such entries are now silently skipped (`lazyload`, `run`)
+- Source map files extracted during `run` are now written to `output/<domain>/extracted/` (or the equivalent per-target subdirectory) instead of a bare `extracted/` directory in the current working directory (`lazyload`, `run`)
 ## 1.3.1-alpha.3 - 2026-05-20

package/CLAUDE.md CHANGED Viewed

@@ -195,7 +195,7 @@ Releasing a new version touches four repos. Work on `dev` (js-recon, js-recon-ru
     git log <prev-tag>..HEAD --oneline | grep -E "^[a-f0-9]+ (feat|fix)"
     ```
-3. **Update README** — ensure the Commands table in `README.md` lists every subcommand declared in `src/index.ts`.
+3. **Update README** — ensure the Commands table in `README.md` lists every subcommand declared in `src/index.ts`. The `refactor` and `load` subcommands are easy to miss — explicitly verify they are present.
 4. **Update rules** (`js-recon-rules` repo, `dev` branch) — if there are unreleased commits, update `CHANGELOG.md` and `version.txt`, then push.
@@ -214,7 +214,11 @@ Releasing a new version touches four repos. Work on `dev` (js-recon, js-recon-ru
    | `shriyanss/js-recon-docs` | `stage` | `main` | version string | Brief summary of doc changes |
    | `shriyanss/js-recon-rules` | `dev` | `main` | rules version (e.g. `v1.2.0`) | `## <version>` rules changelog section |
-8. **Monitor PRs** — CodeRabbit reviews automatically. Wait for GitHub CI (version check, build, etc.) to pass. The docs CI check is expected to fail until js-recon is fully published to npm.
+8. **Monitor CI** — after PRs are open, use `gh pr checks <pr-number> --repo <owner/repo>` to watch all three repos. Poll until all checks complete. The docs CI check is expected to fail until js-recon is fully published to npm — that is acceptable.
+9. **Handle CodeRabbit** — js-recon has CodeRabbit installed. After the PR is created, poll for review comments with `gh api repos/shriyanss/js-recon/pulls/<pr>/comments`. For each actionable suggestion (correctness bugs, conventions violations), apply a fix as a follow-up commit to `dev` — the PR updates automatically. Trivial style preferences can be skipped.
+10. **Stop before merge** — do NOT merge any PR. Once all CI checks pass and CodeRabbit suggestions are addressed, present a summary to the user: what changed in each repo, PR links, CI status, CodeRabbit disposition. Wait for explicit merge approval.
 ## Security / confidentiality

package/Dockerfile CHANGED Viewed

@@ -1,4 +1,4 @@
-FROM --platform=amd64 ghcr.io/puppeteer/puppeteer:latest
+FROM ghcr.io/puppeteer/puppeteer:24.43.1
 WORKDIR /home/pptruser
@@ -9,11 +9,25 @@ COPY ./tsconfig.json .
 COPY ./src ./src
 USER root
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    unzip \
+    libnspr4 libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 \
+    libxcomposite1 libxdamage1 libxrandr2 libgbm1 libxkbcommon0 \
+    libasound2 libpangocairo-1.0-0 libxfixes3 libxi6 libxinerama1 \
+    libxcursor1 libdrm2 && \
+    rm -rf /var/lib/apt/lists/*
 RUN npm ci
 RUN npm run build
 USER pptruser
-RUN npx puppeteer browsers install chrome
+RUN ./node_modules/.bin/puppeteer browsers install chrome && \
+    for zip in /home/pptruser/.cache/puppeteer/chrome/*-chrome-linux64.zip; do \
+        [ -f "$zip" ] || break; \
+        version="${zip%-chrome-linux64.zip}"; version="${version##*/}"; \
+        dest="/home/pptruser/.cache/puppeteer/chrome/linux-${version}"; \
+        unzip -o "$zip" -d "${dest}/" && chmod +x "${dest}/chrome-linux64/chrome"; \
+    done
 ENV IS_DOCKER=true
 ENV NODE_OPTIONS="--max-http-header-size=99999999"

package/README.md CHANGED Viewed

@@ -62,6 +62,8 @@ js-recon run -u https://app.example.com
 | `report`      | Generates a report from the analysis modules.                                 | [Read Docs](https://js-recon.io/docs/docs/modules/report)      |
 | `mcp`         | AI-powered interactive CLI, one-shot chat, and MCP stdio server.              | [Read Docs](https://js-recon.io/docs/docs/modules/mcp)         |
 | `fingerprint` | Detects the JavaScript framework used by a target URL (JSON/JSONL output).    | [Read Docs](https://js-recon.io/docs/docs/modules/fingerprint) |
+| `refactor`    | Refactors and deobfuscates webpack modules from a mapped JSON file.           | [Read Docs](https://js-recon.io/docs/docs/modules/refactor)    |
+| `load`        | Populates the response cache from a Caido or Burp Suite export.               | [Read Docs](https://js-recon.io/docs/docs/modules/load)        |
 ## Key Features

package/build/globalConfig.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const githubURL = "https://github.com/shriyanss/js-recon";
 const modulesDocs = "https://js-recon.io/docs/category/modules";
-const version = "1.3.1-alpha.4";
+const version = "1.3.1-beta.1";
 const toolDesc = "JS Recon Tool";
 const axiosNonHttpMethods = ["isAxiosError"]; // methods available in axios, which are not for making HTTP requests
 let CONFIG = {

package/build/globalConfig.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"globalConfig.js","sourceRoot":"","sources":["../src/globalConfig.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG,uCAAuC,CAAC;AAC1D,MAAM,WAAW,GAAG,2CAA2C,CAAC;AAChE,MAAM,OAAO,GAAG,~~eAAe~~,CAAC;~~AAChC~~,MAAM,QAAQ,GAAG,eAAe,CAAC;AACjC,MAAM,mBAAmB,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,qEAAqE;AAEnH,IAAI,MAAM,GAAG;IACT,MAAM,EAAE,SAAS;IACjB,WAAW,EAAE,WAAW;IACxB,eAAe,EAAE,qFAAqF,SAAS,kCAAkC;IACjJ,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,QAAQ;IAClB,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,GAAG,SAAS,oBAAoB;CAC7C,CAAC;AAEF,eAAe,MAAM,CAAC"}
1	+ {"version":3,"file":"globalConfig.js","sourceRoot":"","sources":["../src/globalConfig.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG,uCAAuC,CAAC;AAC1D,MAAM,WAAW,GAAG,2CAA2C,CAAC;AAChE,MAAM,OAAO,GAAG,cAAc,CAAC;AAC/B,MAAM,QAAQ,GAAG,eAAe,CAAC;AACjC,MAAM,mBAAmB,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,qEAAqE;AAEnH,IAAI,MAAM,GAAG;IACT,MAAM,EAAE,SAAS;IACjB,WAAW,EAAE,WAAW;IACxB,eAAe,EAAE,qFAAqF,SAAS,kCAAkC;IACjJ,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,QAAQ;IAClB,mBAAmB,EAAE,mBAAmB;IACxC,QAAQ,EAAE,GAAG,SAAS,oBAAoB;CAC7C,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@shriyanss/js-recon",
-    "version": "1.3.1-alpha.4",
+    "version": "1.3.1-beta.1",
     "description": "JS Recon Tool",
     "main": "build/index.js",
     "type": "module",
@@ -20,21 +20,21 @@
     "dependencies": {
         "@anthropic-ai/sdk": "^0.102.0",
         "@aws-sdk/client-api-gateway": "^3.958.0",
-        "@babel/parser": "^7.27.4",
-        "@babel/traverse": "^7.27.4",
+        "@babel/parser": "^7.28.5",
+        "@babel/traverse": "^7.28.5",
         "@babel/types": "^7.27.6",
         "@modelcontextprotocol/sdk": "^1.29.0",
         "@types/chalk": "^0.4.31",
         "@types/cli-progress": "^3.11.6",
         "better-sqlite3": "^12.5.0",
         "blessed": "^0.1.81",
-        "chalk": "^5.4.1",
+        "chalk": "^5.6.2",
         "cheerio": "^1.0.0",
         "cli-highlight": "^2.1.11",
         "cli-progress": "^3.12.0",
         "commander": "^14.0.0",
-        "datatables.net": "^2.3.2",
-        "datatables.net-dt": "^2.3.2",
+        "datatables.net": "^2.3.6",
+        "datatables.net-dt": "^2.3.6",
         "esquery": "^1.6.0",
         "fs": "^0.0.2",
         "graphql": "^16.14.1",