@westbayberry/dg 1.3.3 → 2.0.0

package/dist/verify/render.js

@@ -0,0 +1,184 @@
+import { createTheme } from "../presentation/theme.js";
+const STATUS_ROLE = {
+    pass: "pass",
+    warn: "warn",
+    block: "block",
+    unknown: "unknown",
+    error: "block"
+};
+const STATUS_ACTION = {
+    pass: "pass",
+    warn: "warn",
+    block: "block",
+    unknown: "analysis_incomplete",
+    error: "block"
+};
+export function renderVerifyText(report, theme = createTheme(false), verbose = false) {
+    return verbose ? renderVerifyVerbose(report, theme) : renderVerifyCompact(report, theme);
+}
+function renderVerifyCompact(report, theme) {
+    const badge = report.status === "error" ? theme.paint("block", "✘ ERROR") : theme.badge(STATUS_ACTION[report.status]);
+    const phrase = summaryPhrase(report);
+    const lines = [phrase ? `${badge}  ${targetLabel(report)} — ${phrase}` : `${badge}  ${targetLabel(report)}`];
+    if (report.sha256) {
+        lines.push(theme.paint("muted", `  sha256 ${shortSha(report.sha256)}`));
+    }
+    for (const finding of report.findings) {
+        const glyph = theme.paint(finding.severity === "block" ? "block" : "warn", finding.severity === "block" ? "✘" : "⚠");
+        lines.push(`  ${glyph} ${finding.id}  ${finding.message}`);
+    }
+    for (const error of report.errors) {
+        lines.push(`  ${theme.paint("block", "✘")} ${error}`);
+    }
+    return `${lines.join("\n")}\n`;
+}
+function targetLabel(report) {
+    if (report.packages.length === 1) {
+        const identity = report.packages[0];
+        const version = identity.version ? `@${identity.version}` : "";
+        return `${identity.name}${version} (${identity.ecosystem})`;
+    }
+    if (report.workspaceScan) {
+        const count = report.workspaceScan.summary.projectCount;
+        return `${report.target} (${count} project${plural(count)})`;
+    }
+    if (report.preflight && report.preflight.packageCount > 1) {
+        return `${report.target} (${report.preflight.packageCount} packages)`;
+    }
+    return report.target;
+}
+function summaryPhrase(report) {
+    const { findingCount, warnCount, blockCount } = report.summary;
+    if (report.status === "error") {
+        return report.errors.length > 0 ? "verification failed" : "verification error";
+    }
+    if (findingCount === 0 && report.errors.length === 0) {
+        return "";
+    }
+    if (blockCount > 0) {
+        return `${blockCount} blocking finding${plural(blockCount)}${warnCount > 0 ? `, ${warnCount} warn` : ""}`;
+    }
+    if (warnCount > 0) {
+        return `${warnCount} advisory finding${plural(warnCount)}`;
+    }
+    return "see details";
+}
+function shortSha(sha) {
+    return sha.length > 12 ? `${sha.slice(0, 4)}…${sha.slice(-4)}` : sha;
+}
+function plural(count) {
+    return count === 1 ? "" : "s";
+}
+function renderVerifyVerbose(report, theme) {
+    const lines = [
+        "Dependency Guardian verify",
+        `Target: ${report.target}`,
+        `Input: ${report.inputKind}`,
+        `Status: ${theme.paint(STATUS_ROLE[report.status], report.status)}`,
+        `SHA-256: ${report.sha256 ?? "not applicable"}`,
+        `Findings: ${report.summary.findingCount} (${report.summary.warnCount} warn, ${report.summary.blockCount} block)`,
+        ""
+    ];
+    if (report.archive) {
+        lines.push(`Archive entries: ${report.archive.entryCount}`);
+        lines.push(`Package manifests: ${report.archive.packageManifestCount}`);
+        lines.push(`Unpacked bytes: ${report.archive.unpackedSizeBytes ?? "unknown"}`);
+        lines.push("");
+    }
+    if (report.workspaceScan) {
+        lines.push(`Projects: ${report.workspaceScan.summary.projectCount}`);
+        lines.push(`Dependencies: ${report.workspaceScan.summary.dependencyCount}`);
+        lines.push("");
+    }
+    if (report.preflight) {
+        lines.push(`Packages: ${report.preflight.packageCount}`);
+        lines.push(`Identity source: ${report.preflight.identitySource}`);
+        lines.push(`Advisory: ${report.preflight.message}`);
+        lines.push("");
+    }
+    if (report.packages.length > 0) {
+        lines.push("Package identities:");
+        for (const identity of report.packages) {
+            const version = identity.version ? `@${identity.version}` : "";
+            const integrity = identity.integrity ? " integrity" : " no-integrity";
+            const license = identity.license ? ` license=${identity.license}` : "";
+            lines.push(`- ${identity.ecosystem}:${identity.name}${version} (${identity.sourceKind}${integrity}${license})`);
+        }
+        lines.push("");
+    }
+    if (report.findings.length === 0 && report.errors.length === 0) {
+        lines.push(report.preflight ? "No advisory preflight issues found." : "No local verification issues found.");
+    }
+    for (const finding of report.findings) {
+        lines.push(`${theme.paint(finding.severity === "block" ? "block" : "warn", finding.severity.toUpperCase())} ${finding.id} ${finding.location}: ${finding.message}`);
+    }
+    for (const error of report.errors) {
+        lines.push(`ERROR ${error}`);
+    }
+    return `${lines.join("\n").replace(/\n{3,}/g, "\n\n").trimEnd()}\n`;
+}
+export function renderVerifyJson(report) {
+    return `${JSON.stringify(report, null, 2)}\n`;
+}
+export function renderVerifySarif(report) {
+    const rules = uniqueFindings(report.findings).map((finding) => ({
+        id: finding.id,
+        name: finding.title,
+        shortDescription: {
+            text: finding.title
+        },
+        fullDescription: {
+            text: finding.message
+        },
+        defaultConfiguration: {
+            level: finding.severity === "block" ? "error" : "warning"
+        }
+    }));
+    const sarif = {
+        version: "2.1.0",
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "Dependency Guardian",
+                        informationUri: "https://westbayberry.com",
+                        rules
+                    }
+                },
+                results: report.findings.map((finding) => ({
+                    ruleId: finding.id,
+                    level: finding.severity === "block" ? "error" : "warning",
+                    message: {
+                        text: finding.message
+                    },
+                    locations: [
+                        {
+                            physicalLocation: {
+                                artifactLocation: {
+                                    uri: artifactUri(finding.location)
+                                }
+                            }
+                        }
+                    ]
+                }))
+            }
+        ]
+    };
+    return `${JSON.stringify(sarif, null, 2)}\n`;
+}
+function artifactUri(location) {
+    return location.replace(/:\d+$/, "");
+}
+function uniqueFindings(findings) {
+    const seen = new Set();
+    const unique = [];
+    for (const finding of findings) {
+        if (seen.has(finding.id)) {
+            continue;
+        }
+        seen.add(finding.id);
+        unique.push(finding);
+    }
+    return unique;
+}

package/dist/verify/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,69 +1,52 @@
 {
   "name": "@westbayberry/dg",
-  "version": "1.3.3",
+  "version": "2.0.0",
+  "description": "Dependency Guardian supply-chain firewall CLI",
   "type": "module",
-  "description": "Supply chain security scanner for npm and Python dependencies",
   "bin": {
-    "dependency-guardian": "dist/index.mjs",
-    "dg": "dist/index.mjs"
+    "dg": "./dist/bin/dg.js"
   },
   "files": [
     "dist",
     "LICENSE",
-    "NOTICE"
+    "NOTICE",
+    "package.json"
   ],
-  "license": "Apache-2.0",
-  "author": "WestBayBerry",
-  "homepage": "https://westbayberry.com",
-  "bugs": {
-    "url": "https://github.com/WestBayBerry/WestBayBerry/issues"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/WestBayBerry/WestBayBerry.git"
-  },
-  "keywords": [
-    "security",
-    "npm",
-    "pypi",
-    "supply-chain",
-    "scanner",
-    "cli",
-    "dependencies",
-    "malware",
-    "typosquatting",
-    "dependency-confusion"
-  ],
-  "publishConfig": {
-    "access": "public"
+  "engines": {
+    "node": ">=22.14.0"
   },
   "scripts": {
     "build": "node build.mjs",
-    "dev": "npx tsx src/bin.ts",
     "test": "vitest run",
-    "pretest": "node build.mjs",
-    "lint": "eslint src",
-    "postinstall": "node dist/postinstall.mjs || true",
-    "prepublishOnly": "npm run lint && npm test && npm run build"
-  },
-  "engines": {
-    "node": ">=18"
+    "test:unit": "vitest run test/unit",
+    "test:integration": "vitest run test/integration",
+    "typecheck": "tsc --noEmit",
+    "lint": "node scripts/lint.mjs",
+    "format:check": "node scripts/format-check.mjs",
+    "check:package": "node scripts/check-package-contract.mjs",
+    "check:tarball": "node scripts/check-tarball.mjs",
+    "check:legacy": "node scripts/check-legacy-absence.mjs",
+    "check:architecture-cracks": "node scripts/validate-architecture-crack-closure.mjs",
+    "check:release-docs": "node scripts/check-release-docs.mjs",
+    "check:plan-coverage": "node scripts/validate-plan-coverage.mjs",
+    "check:adversarial-plan": "node scripts/validate-adversarial-validation-plan.mjs",
+    "check": "npm run typecheck && npm run lint && npm run format:check && npm run check:package && npm run check:legacy && npm run check:release-docs && npm run check:plan-coverage && npm run check:adversarial-plan && npm run build && npm run test && npm run check:tarball && npm run check:architecture-cracks"
   },
   "devDependencies": {
-    "@types/node": "^20.0.0",
-    "@types/react": "^18.3.28",
-    "@vitest/coverage-v8": "^3.2.4",
-    "esbuild": "^0.25.12",
-    "eslint": "^9.39.4",
-    "ink-testing-library": "^4.0.0",
-    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.58.1",
-    "vitest": "^3.0.0"
+    "@types/node": "22.15.30",
+    "@types/react": "18.3.28",
+    "ink-testing-library": "4.0.0",
+    "node-pty": "1.0.0",
+    "typescript": "5.8.3",
+    "vitest": "3.1.4"
   },
+  "license": "UNLICENSED",
+  "private": false,
   "dependencies": {
-    "chalk": "^4.1.2",
-    "ink": "^5.2.1",
-    "ink-spinner": "^5.0.0",
-    "react": "^18.3.1"
+    "chalk": "4.1.2",
+    "ink": "5.2.1",
+    "ink-spinner": "5.0.0",
+    "node-forge": "1.4.0",
+    "react": "18.3.1"
   }
 }