@victor-software-house/is-node-vulnerable 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Victor Araújo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,113 @@
+# Node.js Security Vulnerability Checker
+
+TypeScript-based Node.js security vulnerability checker with Zod validation and bundled security data.
+
+Based on [`is-my-node-vulnerable`](https://github.com/nodejs/is-my-node-vulnerable) but fully typed and properly structured.
+
+## Features
+
+- **TypeScript**: Full type safety with comprehensive type definitions
+- **Zod Validation**: All external JSON data validated with Zod schemas
+- **Bundled Data**: Security data included with package, no network calls at runtime
+- **Daily Auto-Updates**: Data automatically updated via GitHub Actions
+- **Platform-Specific**: Checks platform-specific vulnerabilities
+- **Modular**: Clean separation of concerns
+
+## Installation
+
+```bash
+npm install @victor-software-house/is-node-vulnerable
+# or
+pnpm add @victor-software-house/is-node-vulnerable
+```
+
+## Usage
+
+### As CLI
+
+```bash
+# Check current Node.js version
+npx @victor-software-house/is-node-vulnerable
+
+# With debug output
+DEBUG=1 npx @victor-software-house/is-node-vulnerable
+
+# Skip check (emergency)
+SKIP_NODE_SECURITY_CHECK=1 node index.js
+```
+
+### As Module
+
+```typescript
+import { isNodeVulnerable, isNodeEOL } from '@victor-software-house/is-node-vulnerable';
+
+// Check if a specific version is vulnerable
+const vulnerable = isNodeVulnerable('v20.10.0', 'darwin');
+console.log(vulnerable); // false
+
+// Check if a version is end-of-life
+const isEOL = isNodeEOL('v16.0.0');
+console.log(isEOL); // true
+```
+
+### In Package Scripts
+
+```json
+{
+	"scripts": {
+		"prebuild": "@victor-software-house/is-node-vulnerable",
+		"check:security": "DEBUG=1 @victor-software-house/is-node-vulnerable"
+	}
+}
+```
+
+## API
+
+### `isNodeVulnerable(version: string, platform?: Platform): boolean`
+
+Check if a Node.js version is vulnerable to known CVEs.
+
+**Parameters:**
+
+- `version`: Node.js version (e.g., `"v20.10.0"`, `"18.0.0"`)
+- `platform`: Optional platform (`"darwin"`, `"linux"`, `"win32"`, etc.)
+
+**Returns:** `true` if vulnerable or EOL, `false` otherwise
+
+### `isNodeEOL(version: string): boolean`
+
+Check if a Node.js version is end-of-life.
+
+**Parameters:**
+
+- `version`: Node.js version (e.g., `"v16.0.0"`)
+
+**Returns:** `true` if EOL, `false` otherwise
+
+## Data Source
+
+Security data is bundled with the package and automatically updated daily via GitHub Actions:
+
+- **schedule.json**: Node.js release schedule from [nodejs/Release](https://github.com/nodejs/Release)
+- **security.json**: CVE database from [nodejs/security-wg](https://github.com/nodejs/security-wg)
+
+Data is synchronized daily at midnight UTC. For the latest security updates, use the most recent package version.
+
+## Exit Codes (CLI)
+
+- `0` - Node.js version is secure
+- `1` - Node.js version is vulnerable or EOL
+- `2` - Check failed (unexpected error)
+
+## Environment Variables
+
+- `DEBUG=1` - Enable debug logging
+- `SKIP_NODE_SECURITY_CHECK=1` - Skip security check (emergency use only)
+
+## License
+
+MIT © Victor Araújo
+
+## Credits
+
+Based on [`is-my-node-vulnerable`](https://github.com/nodejs/is-my-node-vulnerable) by Rafael Gonzaga.

package/data/schedule.json

@@ -0,0 +1,153 @@
+{
+	"v0.8": {
+		"start": "2012-06-25",
+		"end": "2014-07-31"
+	},
+	"v0.10": {
+		"start": "2013-03-11",
+		"end": "2016-10-31"
+	},
+	"v0.12": {
+		"start": "2015-02-06",
+		"end": "2016-12-31"
+	},
+	"v4": {
+		"start": "2015-09-08",
+		"lts": "2015-10-12",
+		"maintenance": "2017-04-01",
+		"end": "2018-04-30",
+		"codename": "Argon"
+	},
+	"v5": {
+		"start": "2015-10-29",
+		"maintenance": "2016-04-30",
+		"end": "2016-06-30"
+	},
+	"v6": {
+		"start": "2016-04-26",
+		"lts": "2016-10-18",
+		"maintenance": "2018-04-30",
+		"end": "2019-04-30",
+		"codename": "Boron"
+	},
+	"v7": {
+		"start": "2016-10-25",
+		"maintenance": "2017-04-30",
+		"end": "2017-06-30"
+	},
+	"v8": {
+		"start": "2017-05-30",
+		"lts": "2017-10-31",
+		"maintenance": "2019-01-01",
+		"end": "2019-12-31",
+		"codename": "Carbon"
+	},
+	"v9": {
+		"start": "2017-10-01",
+		"maintenance": "2018-04-01",
+		"end": "2018-06-30"
+	},
+	"v10": {
+		"start": "2018-04-24",
+		"lts": "2018-10-30",
+		"maintenance": "2020-05-19",
+		"end": "2021-04-30",
+		"codename": "Dubnium"
+	},
+	"v11": {
+		"start": "2018-10-23",
+		"maintenance": "2019-04-22",
+		"end": "2019-06-01"
+	},
+	"v12": {
+		"start": "2019-04-23",
+		"lts": "2019-10-21",
+		"maintenance": "2020-11-30",
+		"end": "2022-04-30",
+		"codename": "Erbium"
+	},
+	"v13": {
+		"start": "2019-10-22",
+		"maintenance": "2020-04-01",
+		"end": "2020-06-01"
+	},
+	"v14": {
+		"start": "2020-04-21",
+		"lts": "2020-10-27",
+		"maintenance": "2021-10-19",
+		"end": "2023-04-30",
+		"codename": "Fermium"
+	},
+	"v15": {
+		"start": "2020-10-20",
+		"maintenance": "2021-04-01",
+		"end": "2021-06-01"
+	},
+	"v16": {
+		"start": "2021-04-20",
+		"lts": "2021-10-26",
+		"maintenance": "2022-10-18",
+		"end": "2023-09-11",
+		"codename": "Gallium"
+	},
+	"v17": {
+		"start": "2021-10-19",
+		"maintenance": "2022-04-01",
+		"end": "2022-06-01"
+	},
+	"v18": {
+		"start": "2022-04-19",
+		"lts": "2022-10-25",
+		"maintenance": "2023-10-18",
+		"end": "2025-04-30",
+		"codename": "Hydrogen"
+	},
+	"v19": {
+		"start": "2022-10-18",
+		"maintenance": "2023-04-01",
+		"end": "2023-06-01"
+	},
+	"v20": {
+		"start": "2023-04-18",
+		"lts": "2023-10-24",
+		"maintenance": "2024-10-22",
+		"end": "2026-04-30",
+		"codename": "Iron"
+	},
+	"v21": {
+		"start": "2023-10-17",
+		"maintenance": "2024-04-01",
+		"end": "2024-06-01"
+	},
+	"v22": {
+		"start": "2024-04-24",
+		"lts": "2024-10-29",
+		"maintenance": "2025-10-21",
+		"end": "2027-04-30",
+		"codename": "Jod"
+	},
+	"v23": {
+		"start": "2024-10-16",
+		"maintenance": "2025-04-01",
+		"end": "2025-06-01"
+	},
+	"v24": {
+		"start": "2025-05-06",
+		"lts": "2025-10-28",
+		"maintenance": "2026-10-20",
+		"end": "2028-04-30",
+		"codename": "Krypton"
+	},
+	"v25": {
+		"start": "2025-10-15",
+		"maintenance": "2026-04-01",
+		"end": "2026-06-01"
+	},
+	"v26": {
+		"start": "2026-04-22",
+		"lts": "2026-10-28",
+		"maintenance": "2027-10-20",
+		"end": "2029-04-30",
+		"codename": ""
+	}
+}