@vainplex/shieldapi-cli 1.2.2 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/commands/password.js +61 -14
- package/src/index.js +2 -2
package/package.json
CHANGED
package/src/commands/password.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { createHash } from 'node:crypto';
|
|
2
|
-
import { createInterface } from 'node:readline';
|
|
3
2
|
import ora from 'ora';
|
|
4
3
|
import chalk from 'chalk';
|
|
5
4
|
import { apiRequest } from '../lib/api.js';
|
|
@@ -8,16 +7,60 @@ import { formatPassword } from '../lib/formatter.js';
|
|
|
8
7
|
import { exitCodeFromResult, exitCodeFromError, EXIT } from '../lib/exit.js';
|
|
9
8
|
|
|
10
9
|
/**
|
|
11
|
-
* Read
|
|
10
|
+
* Read password from stdin.
|
|
11
|
+
* If stdin is a TTY (interactive), prompts with hidden input (like Linux `read -s`).
|
|
12
|
+
* If piped, reads data directly.
|
|
12
13
|
*/
|
|
13
14
|
function readStdin() {
|
|
14
15
|
return new Promise((resolve, reject) => {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
16
|
+
if (process.stdin.isTTY) {
|
|
17
|
+
// Interactive mode: hide typed characters
|
|
18
|
+
process.stderr.write('Password: ');
|
|
19
|
+
process.stdin.setRawMode(true);
|
|
20
|
+
process.stdin.resume();
|
|
21
|
+
process.stdin.setEncoding('utf8');
|
|
22
|
+
|
|
23
|
+
let password = '';
|
|
24
|
+
|
|
25
|
+
const onData = (char) => {
|
|
26
|
+
const c = char.toString();
|
|
27
|
+
if (c === '\n' || c === '\r') {
|
|
28
|
+
cleanup();
|
|
29
|
+
process.stderr.write('\n');
|
|
30
|
+
resolve(password);
|
|
31
|
+
} else if (c === '\u0003') {
|
|
32
|
+
// Ctrl+C
|
|
33
|
+
cleanup();
|
|
34
|
+
process.stderr.write('\n');
|
|
35
|
+
process.exit(130);
|
|
36
|
+
} else if (c === '\u007f' || c === '\b') {
|
|
37
|
+
// Backspace
|
|
38
|
+
password = password.slice(0, -1);
|
|
39
|
+
} else {
|
|
40
|
+
password += c;
|
|
41
|
+
}
|
|
42
|
+
};
|
|
43
|
+
|
|
44
|
+
const cleanup = () => {
|
|
45
|
+
process.stdin.setRawMode(false);
|
|
46
|
+
process.stdin.pause();
|
|
47
|
+
process.stdin.removeListener('data', onData);
|
|
48
|
+
};
|
|
49
|
+
|
|
50
|
+
process.stdin.on('data', onData);
|
|
51
|
+
} else {
|
|
52
|
+
// Piped mode: read all data from stdin
|
|
53
|
+
let data = '';
|
|
54
|
+
process.stdin.setEncoding('utf8');
|
|
55
|
+
process.stdin.on('data', (chunk) => { data += chunk; });
|
|
56
|
+
process.stdin.on('end', () => resolve(data.trim()));
|
|
57
|
+
process.stdin.on('error', reject);
|
|
58
|
+
setTimeout(() => {
|
|
59
|
+
process.stdin.destroy();
|
|
60
|
+
if (data) resolve(data.trim());
|
|
61
|
+
else reject(new Error('Stdin timeout — no input received'));
|
|
62
|
+
}, 10000);
|
|
63
|
+
}
|
|
21
64
|
});
|
|
22
65
|
}
|
|
23
66
|
|
|
@@ -31,18 +74,22 @@ export async function passwordCommand(password, opts) {
|
|
|
31
74
|
try {
|
|
32
75
|
let hash;
|
|
33
76
|
|
|
34
|
-
// --stdin: read password from stdin
|
|
35
77
|
if (opts.stdin) {
|
|
36
|
-
|
|
37
|
-
process.stderr.write(chalk.gray('Reading password from stdin...\n'));
|
|
38
|
-
}
|
|
78
|
+
// --stdin: read password from stdin, ignore positional argument
|
|
39
79
|
const stdinPassword = await readStdin();
|
|
40
80
|
if (!stdinPassword) {
|
|
41
|
-
process.stderr.write(chalk.red('Error: No password received
|
|
81
|
+
process.stderr.write(chalk.red('Error: No password received.\n'));
|
|
42
82
|
process.exitCode = EXIT.USAGE;
|
|
43
83
|
return;
|
|
44
84
|
}
|
|
45
85
|
hash = createHash('sha1').update(stdinPassword).digest('hex').toUpperCase();
|
|
86
|
+
} else if (!password) {
|
|
87
|
+
// No password argument and no --stdin
|
|
88
|
+
process.stderr.write(chalk.red('Error: Provide a password argument or use --stdin.\n'));
|
|
89
|
+
process.stderr.write(chalk.gray(' shieldapi password "mypassword" --demo\n'));
|
|
90
|
+
process.stderr.write(chalk.gray(' shieldapi password --stdin --demo\n'));
|
|
91
|
+
process.exitCode = EXIT.USAGE;
|
|
92
|
+
return;
|
|
46
93
|
} else if (opts.hash) {
|
|
47
94
|
// --hash: treat input as pre-computed SHA-1
|
|
48
95
|
hash = password.toUpperCase();
|
|
@@ -56,7 +103,7 @@ export async function passwordCommand(password, opts) {
|
|
|
56
103
|
hash = createHash('sha1').update(password).digest('hex').toUpperCase();
|
|
57
104
|
|
|
58
105
|
// Shell history warning (SR-5)
|
|
59
|
-
if (!opts.quiet && process.
|
|
106
|
+
if (!opts.quiet && process.stderr.isTTY) {
|
|
60
107
|
process.stderr.write(
|
|
61
108
|
chalk.yellow('⚠ Password may appear in shell history. Use --stdin for sensitive passwords.\n')
|
|
62
109
|
);
|
package/src/index.js
CHANGED
|
@@ -14,7 +14,7 @@ export function run(argv) {
|
|
|
14
14
|
program
|
|
15
15
|
.name('shieldapi')
|
|
16
16
|
.description('🛡️ ShieldAPI CLI — Security intelligence from your terminal. Pay-per-request with USDC.')
|
|
17
|
-
.version('1.
|
|
17
|
+
.version('1.3.1')
|
|
18
18
|
.option('--wallet <key>', 'Private key for x402 payments (or set SHIELDAPI_WALLET_KEY)')
|
|
19
19
|
.option('--json', 'Output raw JSON instead of formatted output')
|
|
20
20
|
.option('--no-color', 'Disable colors')
|
|
@@ -24,7 +24,7 @@ export function run(argv) {
|
|
|
24
24
|
program
|
|
25
25
|
.command('password')
|
|
26
26
|
.description('Check a password against breach databases')
|
|
27
|
-
.argument('
|
|
27
|
+
.argument('[password]', 'Password to check (hashed locally with SHA-1)')
|
|
28
28
|
.option('--demo', 'Use demo mode (free, no wallet needed)')
|
|
29
29
|
.option('--stdin', 'Read password from stdin (avoids shell history)')
|
|
30
30
|
.option('--hash', 'Treat input as pre-computed SHA-1 hash')
|