@victor-software-house/is-node-vulnerable 1.0.0

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["scheduleData","securityData","process","securityData","process"],"sources":["../data/security.json","../logger.ts","../data/schedule.json","../schemas.ts","../schedule.ts","../types.ts","../vulnerability.ts","../cli.ts","../index.ts"],"sourcesContent":["","/**\n * Logging utility for debug output\n */\n\nconst isDebugEnabled = (): boolean => {\n\treturn process.env.DEBUG === '1';\n};\n\nexport function debug(message: string): void {\n\tif (isDebugEnabled()) {\n\t\tconsole.debug(`[DEBUG] ${message}`);\n\t}\n}\n\nexport function error(message: string): void {\n\tconsole.error(`[ERROR] ${message}`);\n}\n\nexport function info(message: string): void {\n\tconsole.log(message);\n}\n\nexport function warn(message: string): void {\n\tconsole.warn(`[WARN] ${message}`);\n}\n","","/**\n * Zod schemas for Node.js security data validation\n */\n\nimport { z } from 'zod';\n\nexport const vulnerabilityEntrySchema = z.object({\n\taffectedEnvironments: z.array(z.string()).optional(),\n\tcve: z.array(z.string()),\n\tdescription: z.string().optional(),\n\toverview: z.string().optional(),\n\tpatched: z.string(),\n\tref: z.string().optional(),\n\tseverity: z.enum(['critical', 'high', 'low', 'medium', 'unknown']),\n\tvulnerable: z.string(),\n});\n\nexport const securityDatabaseSchema = z.record(\n\tz.string(),\n\tvulnerabilityEntrySchema,\n);\n\nexport const releaseScheduleEntrySchema = z.object({\n\tcodename: z.string().optional(),\n\tend: z.string().optional(),\n\tlts: z.string().optional(),\n\tmaintenance: z.string().optional(),\n\tstart: z.string(),\n});\n\nexport const releaseScheduleSchema = z.record(\n\tz.string(),\n\treleaseScheduleEntrySchema,\n);\n","/**\n * Node.js release schedule checking\n */\n\nimport { satisfies } from 'semver';\nimport { z } from 'zod';\n\nimport type { ReleaseScheduleEntry } from '@/types';\n\nimport scheduleData from '@/data/schedule.json' with { type: 'json' };\nimport { releaseScheduleSchema } from '@/schemas';\n\n/**\n * Check if a Node.js version is end-of-life\n *\n * @param version - Node.js version (e.g., \"v20.10.0\", \"18.0.0\")\n * @returns True if the version is end-of-life, false otherwise\n * @throws Error if version information cannot be loaded\n *\n * @example\n * ```typescript\n * const isEOL = isNodeEOL('v16.0.0');\n * console.log(isEOL); // true\n * ```\n */\nexport function isNodeEOL(version: string): boolean {\n\tconst versionInfo = getVersionInfo(version);\n\n\tif (versionInfo === null) {\n\t\tthrow new Error(`Could not load version information for ${version}`);\n\t}\n\n\t// No end date means version is unreleased (not yet EOL)\n\tif (versionInfo.end === undefined) {\n\t\treturn false;\n\t}\n\n\tconst now = new Date();\n\tconst endDate = new Date(versionInfo.end);\n\n\treturn now > endDate;\n}\n\nfunction getVersionInfo(version: string): null | ReleaseScheduleEntry {\n\tconst schedule = z.parse(releaseScheduleSchema, scheduleData);\n\n\tconst normalized = version.toLowerCase();\n\tconst directMatch = schedule[normalized];\n\tif (directMatch !== undefined) {\n\t\treturn directMatch;\n\t}\n\n\tfor (const [key, value] of Object.entries(schedule)) {\n\t\tif (satisfies(version, key)) {\n\t\t\treturn value;\n\t\t}\n\t}\n\n\treturn null;\n}\n","/**\n * Type definitions for Node.js security checker\n */\n\nimport * as z4 from 'zod/v4/core';\n\nimport type {\n\treleaseScheduleEntrySchema,\n\treleaseScheduleSchema,\n\tsecurityDatabaseSchema,\n\tvulnerabilityEntrySchema,\n} from '@/schemas';\n\nexport type ReleaseSchedule = z4.output<typeof releaseScheduleSchema>;\nexport type ReleaseScheduleEntry = z4.output<typeof releaseScheduleEntrySchema>;\nexport type SecurityDatabase = z4.output<typeof securityDatabaseSchema>;\nexport type VulnerabilityEntry = z4.output<typeof vulnerabilityEntrySchema>;\n\nexport const PLATFORMS = [\n\t'aix',\n\t'android',\n\t'darwin',\n\t'freebsd',\n\t'linux',\n\t'openbsd',\n\t'sunos',\n\t'win32',\n] as const;\n\nexport type Platform = (typeof PLATFORMS)[number];\n","/**\n * Vulnerability checking logic\n */\n\nimport { satisfies, valid } from 'semver';\nimport { z } from 'zod';\nimport * as z4 from 'zod/v4/core';\n\nimport type { Platform, VulnerabilityEntry } from '@/types';\n\nimport securityData from '@/data/security.json' with { type: 'json' };\nimport { isNodeEOL } from '@/schedule';\nimport { securityDatabaseSchema } from '@/schemas';\nimport { PLATFORMS } from '@/types';\n\ntype SecurityDatabase = z4.output<typeof securityDatabaseSchema>;\n\n/**\n * Validate that a platform string is a valid Platform type\n *\n * @param platform - Platform string to validate\n * @throws Error if platform is not valid\n */\nexport function checkPlatform(\n\tplatform?: string,\n): asserts platform is Platform | undefined {\n\tif (platform !== undefined && !PLATFORMS.includes(platform as Platform)) {\n\t\tthrow new Error(\n\t\t\t`Platform '${platform}' is not valid. Use: ${PLATFORMS.join(', ')}`,\n\t\t);\n\t}\n}\n\nexport function getVulnerabilityList(\n\tcurrentVersion: string,\n\tplatform?: Platform,\n\tsecurityDb?: SecurityDatabase,\n): VulnerabilityEntry[] {\n\tconst vulnerabilities: VulnerabilityEntry[] = [];\n\n\tfor (const vuln of Object.values(securityDb ?? {})) {\n\t\tconst isVulnerable =\n\t\t\tsatisfies(currentVersion, vuln.vulnerable) &&\n\t\t\t!satisfies(currentVersion, vuln.patched);\n\n\t\tconst isPlatformAffected = isSystemAffected(\n\t\t\tvuln.affectedEnvironments,\n\t\t\tplatform,\n\t\t);\n\n\t\tif (isVulnerable && isPlatformAffected) {\n\t\t\tvulnerabilities.push(vuln);\n\t\t}\n\t}\n\n\treturn vulnerabilities;\n}\n\n/**\n * Check if a Node.js version is vulnerable to known CVEs\n *\n * @param version - Node.js version (e.g., \"v20.10.0\", \"18.0.0\")\n * @param platform - Optional platform (darwin, linux, win32, etc.)\n * @returns True if vulnerable or end-of-life, false otherwise\n * @throws Error if version or platform is invalid\n *\n * @example\n * ```typescript\n * const vulnerable = isNodeVulnerable('v20.10.0', 'darwin');\n * console.log(vulnerable); // false\n * ```\n */\nexport function isNodeVulnerable(\n\tplatform?: Platform,\n\tversion?: string,\n): boolean {\n\tvalidateVersion(version ?? '');\n\tcheckPlatform(platform);\n\n\tconst isEOL = isNodeEOL(version ?? '');\n\tif (isEOL) {\n\t\treturn true;\n\t}\n\n\tconst securityDb = z.parse(securityDatabaseSchema, securityData);\n\n\tconst vulnerabilities = getVulnerabilityList(\n\t\tversion ?? '',\n\t\tplatform,\n\t\tsecurityDb,\n\t);\n\n\treturn vulnerabilities.length > 0;\n}\n\nfunction isSystemAffected(\n\taffectedEnvironments?: string[],\n\tplatform?: Platform,\n): boolean {\n\tif (platform === undefined || !Array.isArray(affectedEnvironments)) {\n\t\treturn true;\n\t}\n\n\treturn (\n\t\taffectedEnvironments.includes(platform) ||\n\t\taffectedEnvironments.includes('all')\n\t);\n}\n\n/**\n * Validate a semver version string\n *\n * @param version - Version string to validate\n * @throws Error if version is invalid\n */\nfunction validateVersion(version: string): void {\n\tif (valid(version) === null) {\n\t\tthrow new Error(`Invalid semver version: ${version}`);\n\t}\n}\n","/**\n * CLI interface for Node.js security checker\n */\n\nimport process from 'node:process';\nimport { z } from 'zod';\n\nimport type { VulnerabilityEntry } from '@/types';\n\nimport securityData from '@/data/security.json' with { type: 'json' };\nimport { error, info } from '@/logger';\nimport { isNodeEOL } from '@/schedule';\nimport { securityDatabaseSchema } from '@/schemas';\nimport { checkPlatform, getVulnerabilityList } from '@/vulnerability';\n\nexport function runCLI(): void {\n\tconst nodeVersion = process.version;\n\tconst platformString = process.platform;\n\n\tcheckPlatform(platformString);\n\tconst platform = platformString;\n\n\tinfo('Node.js Security Vulnerability Check\\n');\n\tinfo(`Current Node.js version: ${nodeVersion}`);\n\tinfo(`Platform: ${platform}\\n`);\n\n\tconst isEOL = isNodeEOL(nodeVersion);\n\n\tif (isEOL) {\n\t\terror('[FAIL] Node.js version is end-of-life.\\n');\n\t\terror(\n\t\t\t`${nodeVersion} is end-of-life. There are high chances of being vulnerable.`,\n\t\t);\n\t\terror('RECOMMENDED ACTION: Upgrade to a supported version.\\n');\n\t\tprocess.exit(1);\n\t}\n\n\tconst securityDb = z.parse(securityDatabaseSchema, securityData);\n\n\tconst vulnerabilities = getVulnerabilityList(\n\t\tnodeVersion,\n\t\tplatform,\n\t\tsecurityDb,\n\t);\n\n\tif (vulnerabilities.length > 0) {\n\t\terror(\n\t\t\t`[VULNERABLE] Node.js ${nodeVersion} has ${vulnerabilities.length} known CVE(s):\\n`,\n\t\t);\n\n\t\tfor (const vuln of vulnerabilities) {\n\t\t\terror(`  ${formatVulnerability(vuln)}\\n`);\n\t\t}\n\n\t\terror('RECOMMENDED ACTION: Upgrade to a patched version.\\n');\n\t\tprocess.exit(1);\n\t}\n\n\tinfo(`[PASS] Node.js ${nodeVersion} has no known vulnerabilities.\\n`);\n\tprocess.exit(0);\n}\n\nfunction formatVulnerability(vuln: VulnerabilityEntry): string {\n\tconst severity =\n\t\tvuln.severity === 'unknown' ? '' : `(${vuln.severity.toUpperCase()})`;\n\tconst cveList = vuln.cve.length > 0 ? vuln.cve.join(', ') : 'No CVE';\n\tconst description = vuln.description ?? vuln.overview ?? 'No description';\n\n\treturn [\n\t\t`${cveList} ${severity}`,\n\t\t`Description: ${description}`,\n\t\t`Patched versions: ${vuln.patched}`,\n\t].join('\\n  ');\n}\n","#!/usr/bin/env node\n/**\n * Node.js Security Vulnerability Checker\n *\n * Based on is-my-node-vulnerable with proper TypeScript typing and bundled security data.\n *\n * Security data is bundled with the package and updated daily via GitHub Actions.\n *\n * Usage:\n *   pnpm run check                              # Check current Node.js version\n *   SKIP_NODE_SECURITY_CHECK=1 pnpm build       # Skip check (emergency)\n *   DEBUG=1 pnpm run check                      # Enable debug output\n *\n * Exit codes:\n *   0 - Node.js version is secure\n *   1 - Node.js version is vulnerable or EOL\n *   2 - Check failed (unexpected error)\n */\n\nimport process from 'node:process';\n\nimport { runCLI } from '@/cli';\nimport { error, warn } from '@/logger';\n\n// Re-export public API\nexport { isNodeEOL } from '@/schedule';\nexport type {\n\tPlatform,\n\tReleaseSchedule,\n\tReleaseScheduleEntry,\n\tSecurityDatabase,\n\tVulnerabilityEntry,\n} from '@/types';\nexport { isNodeVulnerable } from '@/vulnerability';\n\n// CLI execution when run directly\nif (\n\timport.meta.url.endsWith('/index.ts') ||\n\timport.meta.url.endsWith('/index.mjs') ||\n\timport.meta.url.endsWith('/index')\n) {\n\tif (process.env.SKIP_NODE_SECURITY_CHECK === '1') {\n\t\twarn('[SKIP] Security check skipped (SKIP_NODE_SECURITY_CHECK=1)\\n');\n\t\tprocess.exit(0);\n\t}\n\n\ttry {\n\t\trunCLI();\n\t} catch (err: unknown) {\n\t\terror('[ERROR] Security check failed:');\n\t\tconsole.error(err);\n\t\tprocess.exit(2);\n\t}\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACcA,SAAgB,MAAM,SAAuB;AAC5C,SAAQ,MAAM,WAAW,UAAU;;AAGpC,SAAgB,KAAK,SAAuB;AAC3C,SAAQ,IAAI,QAAQ;;AAGrB,SAAgB,KAAK,SAAuB;AAC3C,SAAQ,KAAK,UAAU,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEjBlC,MAAa,2BAA2B,EAAE,OAAO;CAChD,sBAAsB,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU;CACpD,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC;CACxB,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,SAAS,EAAE,QAAQ;CACnB,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,UAAU,EAAE,KAAK;EAAC;EAAY;EAAQ;EAAO;EAAU;EAAU,CAAC;CAClE,YAAY,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,yBAAyB,EAAE,OACvC,EAAE,QAAQ,EACV,yBACA;AAED,MAAa,6BAA6B,EAAE,OAAO;CAClD,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,OAAO,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAa,wBAAwB,EAAE,OACtC,EAAE,QAAQ,EACV,2BACA;;;;;;;;;;;;;;;;;;;;ACRD,SAAgB,UAAU,SAA0B;CACnD,MAAM,cAAc,eAAe,QAAQ;AAE3C,KAAI,gBAAgB,KACnB,OAAM,IAAI,MAAM,0CAA0C,UAAU;AAIrE,KAAI,YAAY,QAAQ,OACvB,QAAO;AAMR,wBAHY,IAAI,MAAM,GACN,IAAI,KAAK,YAAY,IAAI;;AAK1C,SAAS,eAAe,SAA8C;CACrE,MAAM,WAAW,EAAE,MAAM,uBAAuBA,iBAAa;CAG7D,MAAM,cAAc,SADD,QAAQ,aAAa;AAExC,KAAI,gBAAgB,OACnB,QAAO;AAGR,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,SAAS,CAClD,KAAI,UAAU,SAAS,IAAI,CAC1B,QAAO;AAIT,QAAO;;;;;ACxCR,MAAa,YAAY;CACxB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;;;;;;;;;;;;;ACJD,SAAgB,cACf,UAC2C;AAC3C,KAAI,aAAa,UAAa,CAAC,UAAU,SAAS,SAAqB,CACtE,OAAM,IAAI,MACT,aAAa,SAAS,uBAAuB,UAAU,KAAK,KAAK,GACjE;;AAIH,SAAgB,qBACf,gBACA,UACA,YACuB;CACvB,MAAM,kBAAwC,EAAE;AAEhD,MAAK,MAAM,QAAQ,OAAO,OAAO,cAAc,EAAE,CAAC,EAAE;EACnD,MAAM,eACL,UAAU,gBAAgB,KAAK,WAAW,IAC1C,CAAC,UAAU,gBAAgB,KAAK,QAAQ;EAEzC,MAAM,qBAAqB,iBAC1B,KAAK,sBACL,SACA;AAED,MAAI,gBAAgB,mBACnB,iBAAgB,KAAK,KAAK;;AAI5B,QAAO;;;;;;;;;;;;;;;;AAiBR,SAAgB,iBACf,UACA,SACU;AACV,iBAAgB,WAAW,GAAG;AAC9B,eAAc,SAAS;AAGvB,KADc,UAAU,WAAW,GAAG,CAErC,QAAO;CAGR,MAAM,aAAa,EAAE,MAAM,wBAAwBC,iBAAa;AAQhE,QANwB,qBACvB,WAAW,IACX,UACA,WACA,CAEsB,SAAS;;AAGjC,SAAS,iBACR,sBACA,UACU;AACV,KAAI,aAAa,UAAa,CAAC,MAAM,QAAQ,qBAAqB,CACjE,QAAO;AAGR,QACC,qBAAqB,SAAS,SAAS,IACvC,qBAAqB,SAAS,MAAM;;;;;;;;AAUtC,SAAS,gBAAgB,SAAuB;AAC/C,KAAI,MAAM,QAAQ,KAAK,KACtB,OAAM,IAAI,MAAM,2BAA2B,UAAU;;;;;;;;ACtGvD,SAAgB,SAAe;CAC9B,MAAM,cAAcC,UAAQ;CAC5B,MAAM,iBAAiBA,UAAQ;AAE/B,eAAc,eAAe;CAC7B,MAAM,WAAW;AAEjB,MAAK,yCAAyC;AAC9C,MAAK,4BAA4B,cAAc;AAC/C,MAAK,aAAa,SAAS,IAAI;AAI/B,KAFc,UAAU,YAAY,EAEzB;AACV,QAAM,2CAA2C;AACjD,QACC,GAAG,YAAY,8DACf;AACD,QAAM,wDAAwD;AAC9D,YAAQ,KAAK,EAAE;;CAKhB,MAAM,kBAAkB,qBACvB,aACA,UAJkB,EAAE,MAAM,wBAAwBC,iBAAa,CAM/D;AAED,KAAI,gBAAgB,SAAS,GAAG;AAC/B,QACC,wBAAwB,YAAY,OAAO,gBAAgB,OAAO,kBAClE;AAED,OAAK,MAAM,QAAQ,gBAClB,OAAM,KAAK,oBAAoB,KAAK,CAAC,IAAI;AAG1C,QAAM,sDAAsD;AAC5D,YAAQ,KAAK,EAAE;;AAGhB,MAAK,kBAAkB,YAAY,kCAAkC;AACrE,WAAQ,KAAK,EAAE;;AAGhB,SAAS,oBAAoB,MAAkC;CAC9D,MAAM,WACL,KAAK,aAAa,YAAY,KAAK,IAAI,KAAK,SAAS,aAAa,CAAC;CACpE,MAAM,UAAU,KAAK,IAAI,SAAS,IAAI,KAAK,IAAI,KAAK,KAAK,GAAG;CAC5D,MAAM,cAAc,KAAK,eAAe,KAAK,YAAY;AAEzD,QAAO;EACN,GAAG,QAAQ,GAAG;EACd,gBAAgB;EAChB,qBAAqB,KAAK;EAC1B,CAAC,KAAK,OAAO;;;;;;;;;;;;;;;;;;;;;;ACpCf,IACC,OAAO,KAAK,IAAI,SAAS,YAAY,IACrC,OAAO,KAAK,IAAI,SAAS,aAAa,IACtC,OAAO,KAAK,IAAI,SAAS,SAAS,EACjC;AACD,KAAIC,UAAQ,IAAI,6BAA6B,KAAK;AACjD,OAAK,+DAA+D;AACpE,YAAQ,KAAK,EAAE;;AAGhB,KAAI;AACH,UAAQ;UACA,KAAc;AACtB,QAAM,iCAAiC;AACvC,UAAQ,MAAM,IAAI;AAClB,YAAQ,KAAK,EAAE"}

package/package.json

@@ -0,0 +1,82 @@
+{
+  "name": "@victor-software-house/is-node-vulnerable",
+  "version": "1.0.0",
+  "description": "TypeScript-based Node.js security vulnerability checker with Zod validation and bundled security data",
+  "type": "module",
+  "main": "./dist/index.mjs",
+  "types": "./dist/index.d.mts",
+  "bin": {
+    "is-node-vulnerable": "./dist/index.mjs"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs"
+    }
+  },
+  "files": [
+    "dist",
+    "data",
+    "README.md"
+  ],
+  "lint-staged": {
+    "*.{ts,js,json,md}": "eslint --fix"
+  },
+  "keywords": [
+    "node",
+    "security",
+    "vulnerability",
+    "cve",
+    "checker",
+    "typescript"
+  ],
+  "author": "Victor Araújo",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/victor-software-house/is-node-vulnerable.git"
+  },
+  "bugs": {
+    "url": "https://github.com/victor-software-house/is-node-vulnerable/issues"
+  },
+  "homepage": "https://github.com/victor-software-house/is-node-vulnerable#readme",
+  "dependencies": {
+    "semver": "^7.7.3",
+    "zod": "^4.3.5"
+  },
+  "devDependencies": {
+    "@dword-design/eslint-plugin-import-alias": "^8.1.3",
+    "@eslint/js": "^9.39.2",
+    "@tool-belt/type-predicates": "^1.4.1",
+    "@types/node": "^25.0.8",
+    "@types/semver": "^7.7.1",
+    "@vitest/coverage-v8": "^4.0.17",
+    "eslint": "^9.39.2",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-perfectionist": "^5.3.1",
+    "eslint-plugin-prettier": "^5.5.5",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.2.7",
+    "prettier": "^3.7.4",
+    "tsdown": "0.20.0-beta.3",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.53.0",
+    "vitest": "^4.0.17"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "check": "node --import tsx ./index.ts",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit"
+  }
+}