@trynullsec/s1-zk 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -0
- package/dist/cli-banner.d.ts +5 -0
- package/dist/cli-banner.js +38 -0
- package/dist/cli-banner.js.map +1 -0
- package/dist/cli.js +19 -0
- package/dist/cli.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -124,11 +124,18 @@ nullsec-zk scan ./circuits
|
|
|
124
124
|
nullsec-zk scan ./circuits --deep
|
|
125
125
|
nullsec-zk scan ./circuits --format json
|
|
126
126
|
nullsec-zk scan ./circuits --report markdown
|
|
127
|
+
nullsec-zk scan ./circuits --deep --no-banner
|
|
127
128
|
nullsec-zk rules
|
|
128
129
|
nullsec-zk explain NS-H2-005
|
|
129
130
|
nullsec-zk init
|
|
130
131
|
```
|
|
131
132
|
|
|
133
|
+
Use `--no-banner` for machine-readable logs or minimal terminal output:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
nullsec-zk scan ./circuits --deep --no-banner
|
|
137
|
+
```
|
|
138
|
+
|
|
132
139
|
The same commands work through `npx`:
|
|
133
140
|
|
|
134
141
|
```bash
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import chalk from "chalk";
|
|
2
|
+
function shouldPrint(silent) {
|
|
3
|
+
if (silent)
|
|
4
|
+
return false;
|
|
5
|
+
return Boolean(process.stdout.isTTY) || process.env.NULLSEC_ZK_FORCE_BANNER === "1";
|
|
6
|
+
}
|
|
7
|
+
export function printBanner(options = {}) {
|
|
8
|
+
if (!shouldPrint(options.silent))
|
|
9
|
+
return;
|
|
10
|
+
const accent = chalk.cyanBright;
|
|
11
|
+
const muted = chalk.gray;
|
|
12
|
+
const strong = chalk.whiteBright;
|
|
13
|
+
const star = process.stdout.isTTY ? "✶" : "*";
|
|
14
|
+
if (options.compact) {
|
|
15
|
+
process.stdout.write(`${muted("╭────────────────────────────────────────────╮")}
|
|
16
|
+
${muted("│")} ${accent(star)} ${strong("Nullsec S1-ZK")} ${muted("│")}
|
|
17
|
+
${muted("╰────────────────────────────────────────────╯")}
|
|
18
|
+
|
|
19
|
+
`);
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
process.stdout.write(`${muted("╭────────────────────────────────────────────╮")}
|
|
23
|
+
${muted("│")} ${accent(star)} ${strong("Nullsec S1-ZK")} ${muted("│")}
|
|
24
|
+
${muted("╰────────────────────────────────────────────╯")}
|
|
25
|
+
|
|
26
|
+
${accent("███╗ ██╗██╗ ██╗██╗ ██╗ ███████╗███████╗ ██████╗")}
|
|
27
|
+
${accent("████╗ ██║██║ ██║██║ ██║ ██╔════╝██╔════╝██╔════╝")}
|
|
28
|
+
${accent("██╔██╗ ██║██║ ██║██║ ██║ ███████╗█████╗ ██║ ")}
|
|
29
|
+
${accent("██║╚██╗██║██║ ██║██║ ██║ ╚════██║██╔══╝ ██║ ")}
|
|
30
|
+
${accent("██║ ╚████║╚██████╔╝███████╗███████╗███████║███████╗╚██████╗")}
|
|
31
|
+
${accent("╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚══════╝╚══════╝╚══════╝ ╚═════╝")}
|
|
32
|
+
|
|
33
|
+
${strong("S1-ZK")} ${muted("·")} audit what your circuit actually proves
|
|
34
|
+
${muted("Local deterministic analysis · Circom + Halo2 · scan ./circuits --deep")}
|
|
35
|
+
|
|
36
|
+
`);
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=cli-banner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli-banner.js","sourceRoot":"","sources":["../src/cli-banner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAO1B,SAAS,WAAW,CAAC,MAAgB;IACnC,IAAI,MAAM;QAAE,OAAO,KAAK,CAAC;IACzB,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,GAAG,CAAC;AACtF,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,UAAyB,EAAE;IACrD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO;IAEzC,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC;IAChC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAE9C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,KAAK,CAAC,gDAAgD,CAAC;EAC9D,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,eAAe,CAAC,+BAA+B,KAAK,CAAC,GAAG,CAAC;EAC9F,KAAK,CAAC,gDAAgD,CAAC;;CAExD,CACI,CAAC;QACF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,KAAK,CAAC,gDAAgD,CAAC;EAC5D,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,eAAe,CAAC,+BAA+B,KAAK,CAAC,GAAG,CAAC;EAC9F,KAAK,CAAC,gDAAgD,CAAC;;EAEvD,MAAM,CAAC,6DAA6D,CAAC;EACrE,MAAM,CAAC,6DAA6D,CAAC;EACrE,MAAM,CAAC,6DAA6D,CAAC;EACrE,MAAM,CAAC,6DAA6D,CAAC;EACrE,MAAM,CAAC,6DAA6D,CAAC;EACrE,MAAM,CAAC,6DAA6D,CAAC;;EAErE,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC;EAC9B,KAAK,CAAC,4EAA4E,CAAC;;CAEpF,CACE,CAAC;AACJ,CAAC"}
|
package/dist/cli.js
CHANGED
|
@@ -5,13 +5,25 @@ import { existsSync } from "node:fs";
|
|
|
5
5
|
import { scanTarget } from "./scanner.js";
|
|
6
6
|
import { writeDefaultConfig } from "./config.js";
|
|
7
7
|
import { allRules } from "./rules/index.js";
|
|
8
|
+
import { printBanner } from "./cli-banner.js";
|
|
8
9
|
import { normalizeSeverity } from "./core/severity.js";
|
|
9
10
|
import { VERSION } from "./version.js";
|
|
10
11
|
const program = new Command();
|
|
12
|
+
function bannerDisabled(options) {
|
|
13
|
+
return options.banner === false || process.argv.includes("--no-banner");
|
|
14
|
+
}
|
|
15
|
+
function isMachineFormat(format) {
|
|
16
|
+
return format === "json" || format === "sarif";
|
|
17
|
+
}
|
|
11
18
|
program
|
|
12
19
|
.name("nullsec-zk")
|
|
13
20
|
.description("Nullsec S1-ZK: deterministic, graph-aware static analysis for zero-knowledge circuits.")
|
|
14
21
|
.version(VERSION);
|
|
22
|
+
program.option("--no-banner", "disable the terminal intro banner");
|
|
23
|
+
program.addHelpText("beforeAll", () => {
|
|
24
|
+
printBanner({ compact: true, silent: bannerDisabled(program.opts()) });
|
|
25
|
+
return "";
|
|
26
|
+
});
|
|
15
27
|
program
|
|
16
28
|
.command("scan")
|
|
17
29
|
.argument("<target>", "Circom file or directory to scan")
|
|
@@ -21,8 +33,12 @@ program
|
|
|
21
33
|
.option("--fail-on <severity>", "CRITICAL, HIGH, MEDIUM, LOW, or INFO")
|
|
22
34
|
.option("--config <path>", "config file path")
|
|
23
35
|
.option("--deep", "enable proof obligation, taint flow, and exploit hypothesis analysis")
|
|
36
|
+
.option("--no-banner", "disable the terminal intro banner")
|
|
24
37
|
.action(async (target, options) => {
|
|
25
38
|
try {
|
|
39
|
+
const suppressBanner = bannerDisabled(options) || isMachineFormat(options.format) || Boolean(options.out);
|
|
40
|
+
if (!suppressBanner)
|
|
41
|
+
printBanner({ compact: options.report === "markdown", silent: false });
|
|
26
42
|
const run = await scanTarget(target, {
|
|
27
43
|
format: options.format,
|
|
28
44
|
report: options.report,
|
|
@@ -42,11 +58,13 @@ program
|
|
|
42
58
|
}
|
|
43
59
|
});
|
|
44
60
|
program.command("rules").description("List supported Nullsec S1-ZK rules").action(() => {
|
|
61
|
+
printBanner({ compact: true, silent: bannerDisabled(program.opts()) });
|
|
45
62
|
for (const rule of allRules) {
|
|
46
63
|
console.log(`${rule.id} ${rule.defaultSeverity.padEnd(8)} ${rule.title}`);
|
|
47
64
|
}
|
|
48
65
|
});
|
|
49
66
|
program.command("explain").argument("<issue-id>", "Rule ID or issue ID").description("Explain a supported rule").action((issueId) => {
|
|
67
|
+
printBanner({ compact: true, silent: bannerDisabled(program.opts()) });
|
|
50
68
|
const ruleId = issueId.match(/NS-(?:ZK|H2)-\d{3}/)?.[0] ?? issueId;
|
|
51
69
|
const rule = allRules.find((candidate) => candidate.id === ruleId);
|
|
52
70
|
if (!rule) {
|
|
@@ -62,6 +80,7 @@ Tags: ${rule.tags.join(", ")}
|
|
|
62
80
|
${rule.description}`);
|
|
63
81
|
});
|
|
64
82
|
program.command("init").description("Create a .nullsec-zk.json config file").action(() => {
|
|
83
|
+
printBanner({ compact: true, silent: bannerDisabled(program.opts()) });
|
|
65
84
|
if (existsSync(".nullsec-zk.json")) {
|
|
66
85
|
console.error(".nullsec-zk.json already exists");
|
|
67
86
|
process.exitCode = 2;
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,YAAY,CAAC;KAClB,WAAW,CAAC,wFAAwF,CAAC;KACrG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,QAAQ,CAAC,UAAU,EAAE,kCAAkC,CAAC;KACxD,MAAM,CAAC,mBAAmB,EAAE,oCAAoC,CAAC;KACjE,MAAM,CAAC,mBAAmB,EAAE,wCAAwC,CAAC;KACrE,MAAM,CAAC,cAAc,EAAE,+BAA+B,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,sCAAsC,CAAC;KACtE,MAAM,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;KAC7C,MAAM,CAAC,QAAQ,EAAE,sEAAsE,CAAC;KACxF,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,SAAS,cAAc,CAAC,OAA6B;IACnD,OAAO,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,eAAe,CAAC,MAA0B;IACjD,OAAO,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,OAAO,CAAC;AACjD,CAAC;AAED,OAAO;KACJ,IAAI,CAAC,YAAY,CAAC;KAClB,WAAW,CAAC,wFAAwF,CAAC;KACrG,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,mCAAmC,CAAC,CAAC;AACnE,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,GAAG,EAAE;IACpC,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,EAAwB,CAAC,EAAE,CAAC,CAAC;IAC7F,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC,CAAC;AAEH,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,QAAQ,CAAC,UAAU,EAAE,kCAAkC,CAAC;KACxD,MAAM,CAAC,mBAAmB,EAAE,oCAAoC,CAAC;KACjE,MAAM,CAAC,mBAAmB,EAAE,wCAAwC,CAAC;KACrE,MAAM,CAAC,cAAc,EAAE,+BAA+B,CAAC;KACvD,MAAM,CAAC,sBAAsB,EAAE,sCAAsC,CAAC;KACtE,MAAM,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;KAC7C,MAAM,CAAC,QAAQ,EAAE,sEAAsE,CAAC;KACxF,MAAM,CAAC,aAAa,EAAE,mCAAmC,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,OAA2I,EAAE,EAAE;IAC5K,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1G,IAAI,CAAC,cAAc;YAAE,WAAW,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5F,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE;YACnC,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YAClF,UAAU,EAAE,OAAO,CAAC,MAAM;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtE,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,oCAAoC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE;IACrF,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,EAAwB,CAAC,EAAE,CAAC,CAAC;IAC7F,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,YAAY,EAAE,qBAAqB,CAAC,CAAC,WAAW,CAAC,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1I,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,EAAwB,CAAC,EAAE,CAAC,CAAC;IAC7F,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;IACnE,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACnE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,KAAK;;oBAEnB,IAAI,CAAC,eAAe;QAChC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;;EAE1B,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AACtB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,uCAAuC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE;IACvF,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,EAAwB,CAAC,EAAE,CAAC,CAAC;IAC7F,IAAI,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACjD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,IAAI,GAAG,kBAAkB,EAAE,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}
|
package/dist/version.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const VERSION = "1.0.
|
|
1
|
+
export declare const VERSION = "1.0.7";
|
package/dist/version.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const VERSION = "1.0.
|
|
1
|
+
export const VERSION = "1.0.7";
|
|
2
2
|
//# sourceMappingURL=version.js.map
|