@vulcn/engine 0.3.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +65 -0
- package/dist/index.cjs +108 -797
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +82 -585
- package/dist/index.d.ts +82 -585
- package/dist/index.js +105 -783
- package/dist/index.js.map +1 -1
- package/package.json +38 -33
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,70 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.3.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 51d69b7: ### Auto-Crawl: Automated Form Discovery & Session Generation
|
|
8
|
+
|
|
9
|
+
Adds a new **auto-crawl** capability to the browser driver — automatically discovers injectable forms, inputs, and submit buttons on a target URL, then generates ready-to-run `Session[]` objects. This replaces the need to manually record sessions for basic form testing.
|
|
10
|
+
|
|
11
|
+
#### `@vulcn/engine`
|
|
12
|
+
- **`CrawlOptions` type** — new interface for crawl configuration (`maxDepth`, `maxPages`, `pageTimeout`, `sameOrigin`, `onPageCrawled` callback)
|
|
13
|
+
- **`RecorderDriver.crawl()`** — optional method on the recorder interface, so only drivers that support auto-discovery need to implement it
|
|
14
|
+
- **`DriverManager.crawl()`** — new top-level method that dispatches to the driver's crawl implementation, with clear errors when a driver doesn't support it
|
|
15
|
+
- **Test coverage** — 4 new tests for the crawl flow (success, arg passthrough, missing driver, unsupported driver), coverage at 62.88%
|
|
16
|
+
|
|
17
|
+
#### `@vulcn/driver-browser`
|
|
18
|
+
- **`BrowserCrawler`** — new module (`crawler.ts`) that performs BFS-based crawling using Playwright:
|
|
19
|
+
- Discovers explicit `<form>` elements with their inputs and submit buttons
|
|
20
|
+
- Discovers standalone inputs not inside a `<form>` (common in SPAs)
|
|
21
|
+
- Identifies injectable text-like input types (text, search, url, email, tel, password, textarea)
|
|
22
|
+
- Finds submit triggers (submit buttons, untyped buttons, or falls back to Enter keypress)
|
|
23
|
+
- Follows same-origin links with configurable depth control
|
|
24
|
+
- Generates proper `navigate → input → submit` step sequences per form
|
|
25
|
+
- **`recorder.crawl()`** — wired into the browser driver's recorder interface
|
|
26
|
+
- **Exported** — `crawlAndBuildSessions` available for direct programmatic use
|
|
27
|
+
|
|
28
|
+
#### Architecture
|
|
29
|
+
- Removed standalone `@vulcn/crawler` package — crawler is now a core part of `@vulcn/driver-browser`, consistent with the driver-based architecture
|
|
30
|
+
- Cleaned up `pnpm-workspace.yaml` to remove the deleted crawler entry
|
|
31
|
+
|
|
32
|
+
## 0.3.1
|
|
33
|
+
|
|
34
|
+
### Patch Changes
|
|
35
|
+
|
|
36
|
+
- c62a3dc: ### `@vulcn/plugin-report` — New Package
|
|
37
|
+
|
|
38
|
+
Introducing the **Report Generation Plugin** — generate professional security reports at the end of every `vulcn run`.
|
|
39
|
+
- **HTML**: Modern dark-themed dashboard with risk gauge, severity breakdown bars, expandable finding cards, Vulcn branding, Inter + JetBrains Mono typography, and print-friendly CSS
|
|
40
|
+
- **JSON**: Machine-readable structured output for CI/CD pipelines — includes severity counts, risk score, vuln types, affected URLs
|
|
41
|
+
- **YAML**: Human-readable YAML with descriptive header comment — same data model as JSON
|
|
42
|
+
- Uses the `onRunEnd` plugin hook to intercept results after execution completes
|
|
43
|
+
- Exports `generateHtml`, `generateJson`, `generateYaml` for programmatic use
|
|
44
|
+
|
|
45
|
+
### `@vulcn/engine`
|
|
46
|
+
- **Plugin lifecycle hooks**: `DriverManager.execute()` now invokes `onRunStart` and `onRunEnd` plugin hooks around the driver runner, enabling plugins like the report generator to intercept and process results
|
|
47
|
+
- Removed legacy `Runner` and `Recorder` exports — all execution now goes through `DriverManager`
|
|
48
|
+
- Updated package description and SEO keywords for npm discoverability
|
|
49
|
+
|
|
50
|
+
### `vulcn` (CLI)
|
|
51
|
+
- Added `--report <format>` flag (`html`, `json`, `yaml`, `all`) to generate security reports after test runs
|
|
52
|
+
- Added `--report-output <dir>` flag to specify output directory for generated reports
|
|
53
|
+
- Report plugin is auto-loaded when `--report` flag is used
|
|
54
|
+
- Updated package description and SEO keywords — positioned as a modern, fast alternative to legacy security scanners
|
|
55
|
+
|
|
56
|
+
### `@vulcn/driver-browser`
|
|
57
|
+
- Updated package description, keywords, homepage, and bugs URL for npm discoverability
|
|
58
|
+
|
|
59
|
+
### `@vulcn/plugin-payloads`
|
|
60
|
+
- Updated package description, keywords, homepage, and bugs URL for npm discoverability
|
|
61
|
+
|
|
62
|
+
### `@vulcn/plugin-detect-xss`
|
|
63
|
+
- Updated package description, keywords, homepage, and bugs URL for npm discoverability
|
|
64
|
+
|
|
65
|
+
### `@vulcn/plugin-detect-reflection`
|
|
66
|
+
- Updated package description, keywords, homepage, and bugs URL for npm discoverability
|
|
67
|
+
|
|
3
68
|
## 0.3.0
|
|
4
69
|
|
|
5
70
|
### Minor Changes
|