ai-trust 0.2.0 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +91 -46
- package/dist/api/client.d.ts +2 -0
- package/dist/api/client.d.ts.map +1 -1
- package/dist/api/client.js +4 -0
- package/dist/api/client.js.map +1 -1
- package/dist/commands/audit.d.ts.map +1 -1
- package/dist/commands/audit.js +63 -38
- package/dist/commands/audit.js.map +1 -1
- package/dist/commands/check.d.ts.map +1 -1
- package/dist/commands/check.js +44 -40
- package/dist/commands/check.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/output/formatter.d.ts.map +1 -1
- package/dist/output/formatter.js +50 -3
- package/dist/output/formatter.js.map +1 -1
- package/dist/scanner/hma.d.ts +2 -0
- package/dist/scanner/hma.d.ts.map +1 -1
- package/dist/scanner/hma.js +1 -0
- package/dist/scanner/hma.js.map +1 -1
- package/dist/telemetry/contribute.d.ts +54 -0
- package/dist/telemetry/contribute.d.ts.map +1 -0
- package/dist/telemetry/contribute.js +123 -0
- package/dist/telemetry/contribute.js.map +1 -0
- package/dist/telemetry/index.d.ts +6 -0
- package/dist/telemetry/index.d.ts.map +1 -0
- package/dist/telemetry/index.js +6 -0
- package/dist/telemetry/index.js.map +1 -0
- package/dist/telemetry/opt-in.d.ts +53 -0
- package/dist/telemetry/opt-in.d.ts.map +1 -0
- package/dist/telemetry/opt-in.js +238 -0
- package/dist/telemetry/opt-in.js.map +1 -0
- package/package.json +6 -1
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless
|
|
1
|
+
> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · Registry (April 2026)
|
|
2
2
|
|
|
3
3
|
# ai-trust
|
|
4
4
|
|
|
@@ -25,6 +25,38 @@ Or run directly with npx:
|
|
|
25
25
|
npx ai-trust check @modelcontextprotocol/server-filesystem
|
|
26
26
|
```
|
|
27
27
|
|
|
28
|
+
For a full security dashboard covering trust, credentials, shadow AI, and more:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
npx opena2a-cli review
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Quick Start
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
ai-trust check @modelcontextprotocol/server-filesystem
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
Expected output:
|
|
41
|
+
|
|
42
|
+
```
|
|
43
|
+
@modelcontextprotocol/server-filesystem
|
|
44
|
+
Trust Level: 4 (Verified)
|
|
45
|
+
Verdict: safe
|
|
46
|
+
Scanned: 2026-03-01
|
|
47
|
+
Findings: 0 critical, 0 high, 2 medium
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Built-in Help
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
ai-trust --help # All commands and flags
|
|
54
|
+
ai-trust --version # Current version
|
|
55
|
+
ai-trust [command] -h # Help for a specific command
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
28
60
|
## Commands
|
|
29
61
|
|
|
30
62
|
### check
|
|
@@ -33,17 +65,30 @@ Look up the trust verdict for a single package.
|
|
|
33
65
|
|
|
34
66
|
```bash
|
|
35
67
|
ai-trust check @modelcontextprotocol/server-filesystem
|
|
68
|
+
ai-trust check my-agent --type a2a_agent
|
|
69
|
+
ai-trust check express --json # JSON output for scripting
|
|
36
70
|
```
|
|
37
71
|
|
|
38
|
-
|
|
72
|
+
### MCP Server Trust
|
|
73
|
+
|
|
74
|
+
MCP servers are the most common trust query. Use shorthand to skip the full package name:
|
|
39
75
|
|
|
40
76
|
```bash
|
|
41
|
-
|
|
77
|
+
# These are equivalent:
|
|
78
|
+
ai-trust check server-filesystem
|
|
79
|
+
ai-trust check @modelcontextprotocol/server-filesystem
|
|
80
|
+
|
|
81
|
+
# Other MCP servers:
|
|
82
|
+
ai-trust check mcp-server-fetch
|
|
83
|
+
ai-trust check server-github
|
|
84
|
+
ai-trust check server-postgres
|
|
42
85
|
```
|
|
43
86
|
|
|
87
|
+
Shorthand rules: `server-*` and `mcp-server-*` automatically resolve to `@modelcontextprotocol/server-*`.
|
|
88
|
+
|
|
44
89
|
#### Scan on demand
|
|
45
90
|
|
|
46
|
-
When a package
|
|
91
|
+
When a package is not in the registry, ai-trust can download and scan it locally using [HackMyAgent](https://github.com/opena2a-org/hackmyagent). In interactive mode, you will be prompted. In CI, use flags:
|
|
47
92
|
|
|
48
93
|
```bash
|
|
49
94
|
# Auto-scan unknown packages, contribute results to the community registry
|
|
@@ -58,24 +103,13 @@ ai-trust check server-filesystem --no-scan
|
|
|
58
103
|
|
|
59
104
|
### audit
|
|
60
105
|
|
|
61
|
-
Parse dependency files and batch-query all dependencies. Supports any `.json` file (package.json format) or `.txt` file (requirements.txt format).
|
|
106
|
+
Parse dependency files and batch-query all dependencies. Supports any `.json` file (package.json format) or `.txt` file (requirements.txt format).
|
|
62
107
|
|
|
63
108
|
```bash
|
|
64
109
|
ai-trust audit package.json
|
|
65
110
|
ai-trust audit requirements.txt
|
|
66
|
-
ai-trust audit
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
Set a minimum trust level threshold (default: 3):
|
|
70
|
-
|
|
71
|
-
```bash
|
|
72
|
-
ai-trust audit package.json --min-trust 2
|
|
73
|
-
```
|
|
74
|
-
|
|
75
|
-
Scan dependencies not found in the registry:
|
|
76
|
-
|
|
77
|
-
```bash
|
|
78
|
-
ai-trust audit package.json --scan-missing --contribute
|
|
111
|
+
ai-trust audit package.json --min-trust 2 # set minimum trust threshold (default: 3)
|
|
112
|
+
ai-trust audit package.json --scan-missing --contribute # scan deps not in registry
|
|
79
113
|
```
|
|
80
114
|
|
|
81
115
|
### batch
|
|
@@ -84,42 +118,40 @@ Look up trust verdicts for multiple packages at once.
|
|
|
84
118
|
|
|
85
119
|
```bash
|
|
86
120
|
ai-trust batch express lodash chalk commander
|
|
87
|
-
```
|
|
88
|
-
|
|
89
|
-
Filter by package type (packages that don't match are excluded):
|
|
90
|
-
|
|
91
|
-
```bash
|
|
92
121
|
ai-trust batch my-server-a my-server-b --type mcp_server
|
|
93
122
|
```
|
|
94
123
|
|
|
95
|
-
|
|
124
|
+
---
|
|
96
125
|
|
|
97
|
-
|
|
126
|
+
## Output Options
|
|
98
127
|
|
|
99
128
|
```bash
|
|
100
|
-
ai-trust check express --json
|
|
101
|
-
ai-trust audit package.json --json
|
|
129
|
+
ai-trust check express --json # JSON output for scripting
|
|
130
|
+
ai-trust audit package.json --json # JSON audit output
|
|
131
|
+
ai-trust check express --no-color # disable colored output
|
|
132
|
+
ai-trust check express --registry-url http://localhost:8080 # custom registry
|
|
102
133
|
```
|
|
103
134
|
|
|
104
|
-
|
|
135
|
+
---
|
|
105
136
|
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
137
|
+
## Community Contribution
|
|
138
|
+
|
|
139
|
+
Every scan you run can improve trust data for the entire community. Scan results are shared as anonymized telemetry (check pass/fail and severity only -- no file paths, source code, or descriptions).
|
|
109
140
|
|
|
110
|
-
|
|
141
|
+
On first scan, ai-trust asks whether you want to contribute. Your choice is saved in `~/.opena2a/config.json` and shared across all OpenA2A tools (opena2a-cli, hackmyagent).
|
|
111
142
|
|
|
112
143
|
```bash
|
|
113
|
-
|
|
144
|
+
# Contribute for this scan (non-interactive / CI)
|
|
145
|
+
ai-trust check chalk --rescan --contribute
|
|
146
|
+
|
|
147
|
+
# Configure globally via opena2a-cli
|
|
148
|
+
opena2a config set contribute true # opt in
|
|
149
|
+
opena2a config set contribute false # opt out
|
|
114
150
|
```
|
|
115
151
|
|
|
116
|
-
|
|
152
|
+
The more scans contributed, the faster packages move from "Listed" to "Scanned" trust level, reducing risk for everyone.
|
|
117
153
|
|
|
118
|
-
|
|
119
|
-
|------|---------|
|
|
120
|
-
| 0 | All queried packages meet the minimum trust threshold |
|
|
121
|
-
| 1 | Error (network failure, file not found, server error, package not found) |
|
|
122
|
-
| 2 | One or more packages fall below the minimum trust threshold (`--min-trust`) |
|
|
154
|
+
---
|
|
123
155
|
|
|
124
156
|
## Trust Levels
|
|
125
157
|
|
|
@@ -131,6 +163,16 @@ ai-trust check express --no-color
|
|
|
131
163
|
| 3 | Scanned | Package has been scanned by HackMyAgent |
|
|
132
164
|
| 4 | Verified | Package is verified by the publisher |
|
|
133
165
|
|
|
166
|
+
## Exit Codes
|
|
167
|
+
|
|
168
|
+
| Code | Meaning |
|
|
169
|
+
|------|---------|
|
|
170
|
+
| 0 | All queried packages are safe / meet the trust threshold |
|
|
171
|
+
| 1 | Operational error (network failure, file not found, server error) |
|
|
172
|
+
| 2 | Policy signal: one or more packages have warning/blocked verdict or fall below `--min-trust` |
|
|
173
|
+
|
|
174
|
+
---
|
|
175
|
+
|
|
134
176
|
## Requirements
|
|
135
177
|
|
|
136
178
|
- Node.js 18 or later
|
|
@@ -140,16 +182,19 @@ ai-trust check express --no-color
|
|
|
140
182
|
|
|
141
183
|
```bash
|
|
142
184
|
git clone https://github.com/opena2a-org/ai-trust.git
|
|
143
|
-
cd ai-trust
|
|
144
|
-
|
|
145
|
-
npm run build
|
|
185
|
+
cd ai-trust && npm install && npm run build
|
|
186
|
+
node dist/index.js check express # run locally without installing
|
|
146
187
|
```
|
|
147
188
|
|
|
148
|
-
|
|
189
|
+
## Use Cases
|
|
149
190
|
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
191
|
+
Step-by-step guides for common workflows:
|
|
192
|
+
|
|
193
|
+
- [Check if a package is safe before installing](docs/use-cases/check-before-install.md)
|
|
194
|
+
- [Verify an MCP server's trust score](docs/use-cases/check-mcp-server.md)
|
|
195
|
+
- [Contribute trust data to the community](docs/use-cases/contribute-scans.md)
|
|
196
|
+
|
|
197
|
+
See [docs/USE-CASES.md](docs/USE-CASES.md) for the full index.
|
|
153
198
|
|
|
154
199
|
## Links
|
|
155
200
|
|
package/dist/api/client.d.ts
CHANGED
package/dist/api/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,SAAgB,WAAW,EAAE,MAAM,CAAC;gBAExB,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAS;gBAEZ,WAAW,EAAE,MAAM;IAIzB,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC;IAmCjB,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;IAuClE;;OAEG;IACG,WAAW,CACf,UAAU,EAAE,cAAc,GACzB,OAAO,CAAC,eAAe,CAAC;CAqB5B"}
|
package/dist/api/client.js
CHANGED
|
@@ -61,6 +61,10 @@ export class RegistryClient {
|
|
|
61
61
|
const body = await response.text();
|
|
62
62
|
throw new Error(`Registry API returned ${response.status}: ${body}`);
|
|
63
63
|
}
|
|
64
|
+
// Known issue: The batch endpoint may return different trust scores and
|
|
65
|
+
// package classifications (e.g., express classified as "ai_tool") compared
|
|
66
|
+
// to the single-query endpoint. This is a server-side inconsistency in the
|
|
67
|
+
// registry API, not a client-side bug.
|
|
64
68
|
const raw = (await response.json());
|
|
65
69
|
const NULL_UUID = "00000000-0000-0000-0000-000000000000";
|
|
66
70
|
for (const r of raw.results) {
|
package/dist/api/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;AAuF7C,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7B,WAAW,CAAS;IAEpC,YAAY,IAAY;QACtB,KAAK,CAAC,YAAY,IAAI,sCAAsC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAS;IAExB,YAAY,WAAmB;QAC7B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI;YACJ,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAwB;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,qBAAqB,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,2EAA2E;QAC3E,2EAA2E;QAC3E,uCAAuC;QACvC,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACxD,MAAM,SAAS,GAAG,sCAAsC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE;gBACJ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,KAAK;gBACL,QAAQ,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK;aAC5B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,UAA0B;QAE1B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IACpD,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0BzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuH3D"}
|
package/dist/commands/audit.js
CHANGED
|
@@ -8,6 +8,7 @@ import { parseDependencyFile } from "../utils/parser.js";
|
|
|
8
8
|
import { formatBatchResults, formatJson, } from "../output/formatter.js";
|
|
9
9
|
import { isHmaAvailable, scanPackage } from "../scanner/index.js";
|
|
10
10
|
import { confirm } from "../utils/prompt.js";
|
|
11
|
+
import { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayload, submitContribution, } from "../telemetry/index.js";
|
|
11
12
|
export function registerAuditCommand(program) {
|
|
12
13
|
program
|
|
13
14
|
.command("audit <file>")
|
|
@@ -39,7 +40,7 @@ export function registerAuditCommand(program) {
|
|
|
39
40
|
// Scan missing packages if requested
|
|
40
41
|
const notFound = response.results.filter((r) => !r.found);
|
|
41
42
|
if (notFound.length > 0 && opts.scanMissing) {
|
|
42
|
-
await scanMissingPackages(notFound, response.results,
|
|
43
|
+
await scanMissingPackages(notFound, response.results, opts, globalOpts.registryUrl);
|
|
43
44
|
}
|
|
44
45
|
else if (notFound.length > 0 &&
|
|
45
46
|
!opts.scanMissing &&
|
|
@@ -52,7 +53,7 @@ export function registerAuditCommand(program) {
|
|
|
52
53
|
console.error(" npm install -g hackmyagent");
|
|
53
54
|
}
|
|
54
55
|
else {
|
|
55
|
-
await scanMissingPackages(notFound, response.results,
|
|
56
|
+
await scanMissingPackages(notFound, response.results, opts, globalOpts.registryUrl);
|
|
56
57
|
}
|
|
57
58
|
}
|
|
58
59
|
}
|
|
@@ -68,13 +69,19 @@ export function registerAuditCommand(program) {
|
|
|
68
69
|
}
|
|
69
70
|
}
|
|
70
71
|
catch (err) {
|
|
72
|
+
let message;
|
|
71
73
|
if (err instanceof Error &&
|
|
72
74
|
"code" in err &&
|
|
73
75
|
err.code === "ENOENT") {
|
|
74
|
-
|
|
76
|
+
message = `File not found: ${file}`;
|
|
77
|
+
}
|
|
78
|
+
else {
|
|
79
|
+
message = err instanceof Error ? err.message : String(err);
|
|
80
|
+
}
|
|
81
|
+
if (globalOpts.json) {
|
|
82
|
+
console.log(formatJson({ file, error: message }));
|
|
75
83
|
}
|
|
76
84
|
else {
|
|
77
|
-
const message = err instanceof Error ? err.message : String(err);
|
|
78
85
|
console.error(`Error: ${message}`);
|
|
79
86
|
}
|
|
80
87
|
process.exitCode = 1;
|
|
@@ -84,7 +91,7 @@ export function registerAuditCommand(program) {
|
|
|
84
91
|
/**
|
|
85
92
|
* Scan packages not found in registry and update the results array in-place.
|
|
86
93
|
*/
|
|
87
|
-
async function scanMissingPackages(notFound, allResults,
|
|
94
|
+
async function scanMissingPackages(notFound, allResults, opts, registryUrl) {
|
|
88
95
|
const available = await isHmaAvailable();
|
|
89
96
|
if (!available) {
|
|
90
97
|
console.error("HMA (HackMyAgent) is required for scanning. Install it with:");
|
|
@@ -92,6 +99,7 @@ async function scanMissingPackages(notFound, allResults, client, opts) {
|
|
|
92
99
|
return;
|
|
93
100
|
}
|
|
94
101
|
console.error(chalk.gray(`Scanning ${notFound.length} missing package(s)...`));
|
|
102
|
+
const scannedResults = [];
|
|
95
103
|
for (const pkg of notFound) {
|
|
96
104
|
try {
|
|
97
105
|
console.error(chalk.gray(` Scanning ${pkg.name}...`));
|
|
@@ -108,50 +116,67 @@ async function scanMissingPackages(notFound, allResults, client, opts) {
|
|
|
108
116
|
scanStatus: "local",
|
|
109
117
|
};
|
|
110
118
|
}
|
|
111
|
-
|
|
112
|
-
if (opts.contribute) {
|
|
113
|
-
await contributeResult(pkg.name, scanResult, client);
|
|
114
|
-
}
|
|
119
|
+
scannedResults.push({ name: pkg.name, scanResult });
|
|
115
120
|
}
|
|
116
121
|
catch (err) {
|
|
117
122
|
const message = err instanceof Error ? err.message : String(err);
|
|
118
123
|
console.error(chalk.yellow(` Could not scan ${pkg.name}: ${message}`));
|
|
119
124
|
}
|
|
120
125
|
}
|
|
121
|
-
//
|
|
122
|
-
if (
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
126
|
+
// Handle community contribution for all scanned packages
|
|
127
|
+
if (scannedResults.length > 0) {
|
|
128
|
+
await handleAuditContribution(scannedResults, opts, registryUrl);
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Handle community contribution after audit scanning.
|
|
133
|
+
* Follows the same opt-in flow as check: config -> prompt -> submit.
|
|
134
|
+
*/
|
|
135
|
+
async function handleAuditContribution(scannedResults, opts, registryUrl) {
|
|
136
|
+
// Track scan count for each scanned package
|
|
137
|
+
for (let i = 0; i < scannedResults.length; i++) {
|
|
138
|
+
incrementScanCount();
|
|
139
|
+
}
|
|
140
|
+
if (opts.contribute) {
|
|
141
|
+
for (const { name, scanResult } of scannedResults) {
|
|
142
|
+
await submitAnonymizedTelemetry(name, scanResult, registryUrl);
|
|
143
|
+
}
|
|
144
|
+
return;
|
|
145
|
+
}
|
|
146
|
+
const configEnabled = isContributeEnabled();
|
|
147
|
+
if (configEnabled === true) {
|
|
148
|
+
// Already opted in: auto-contribute anonymized telemetry
|
|
149
|
+
for (const { name, scanResult } of scannedResults) {
|
|
150
|
+
await submitAnonymizedTelemetry(name, scanResult, registryUrl);
|
|
151
|
+
}
|
|
152
|
+
return;
|
|
153
|
+
}
|
|
154
|
+
if (configEnabled === false) {
|
|
155
|
+
return;
|
|
156
|
+
}
|
|
157
|
+
// Not yet configured: check if we should prompt
|
|
158
|
+
if (shouldPromptContribute()) {
|
|
159
|
+
const enabled = await showContributePrompt();
|
|
160
|
+
if (enabled) {
|
|
161
|
+
for (const { name, scanResult } of scannedResults) {
|
|
162
|
+
await submitAnonymizedTelemetry(name, scanResult, registryUrl);
|
|
163
|
+
}
|
|
128
164
|
}
|
|
129
165
|
}
|
|
130
166
|
}
|
|
131
|
-
|
|
167
|
+
/**
|
|
168
|
+
* Submit anonymized telemetry to the registry (opt-in contribution).
|
|
169
|
+
*/
|
|
170
|
+
async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
|
|
132
171
|
try {
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
.filter((f) => !f.passed)
|
|
139
|
-
.map((f) => ({
|
|
140
|
-
checkId: f.checkId,
|
|
141
|
-
name: f.name,
|
|
142
|
-
severity: f.severity,
|
|
143
|
-
passed: f.passed,
|
|
144
|
-
message: f.message,
|
|
145
|
-
category: f.category,
|
|
146
|
-
})),
|
|
147
|
-
projectType: scanResult.scan.projectType,
|
|
148
|
-
scanTimestamp: scanResult.scan.timestamp,
|
|
149
|
-
});
|
|
150
|
-
console.error(chalk.green(` Contributed: ${name}`));
|
|
172
|
+
const payload = buildContributionPayload(name, scanResult.scan.findings);
|
|
173
|
+
const result = await submitContribution(payload, registryUrl);
|
|
174
|
+
if (result.success) {
|
|
175
|
+
console.error(chalk.green(` Anonymized scan data shared: ${name}`));
|
|
176
|
+
}
|
|
151
177
|
}
|
|
152
|
-
catch
|
|
153
|
-
|
|
154
|
-
console.error(chalk.yellow(` Could not publish ${name}: ${message}`));
|
|
178
|
+
catch {
|
|
179
|
+
// Non-fatal
|
|
155
180
|
}
|
|
156
181
|
}
|
|
157
182
|
//# sourceMappingURL=audit.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EACL,kBAAkB,EAClB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EACL,kBAAkB,EAClB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAQ/B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,0DAA0D,CAC3D;SACA,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CACL,gBAAgB,EAChB,+CAA+C,CAChD;SACA,MAAM,CACL,cAAc,EACd,+CAA+C,CAChD;SACA,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAkB,EAAE,EAAE;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,CACX,iCAAiC,QAAQ,CAAC,MAAM,kEAAkE,CACnH,CAAC;gBACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,qCAAqC;YACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;YACJ,CAAC;iBAAM,IACL,QAAQ,CAAC,MAAM,GAAG,CAAC;gBACnB,CAAC,IAAI,CAAC,WAAW;gBACjB,OAAO,CAAC,KAAK,CAAC,KAAK,EACnB,CAAC;gBACD,6BAA6B;gBAC7B,MAAM,UAAU,GAAG,MAAM,OAAO,CAC9B,GAAG,QAAQ,CAAC,MAAM,4CAA4C,EAC9D,KAAK,CACN,CAAC;gBACF,IAAI,UAAU,EAAE,CAAC;oBACf,IAAI,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,CAAC;wBAC9B,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;wBACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACN,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,OAAe,CAAC;YACpB,IACE,GAAG,YAAY,KAAK;gBACpB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAChD,CAAC;gBACD,OAAO,GAAG,mBAAmB,IAAI,EAAE,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAuB,EACvB,UAAyB,EACzB,IAAkB,EAClB,WAAmB;IAEnB,MAAM,SAAS,GAAG,MAAM,cAAc,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,MAAM,wBAAwB,CAAC,CAChE,CAAC;IAEF,MAAM,cAAc,GAA+C,EAAE,CAAC;IAEtE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YACvD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAE/C,6BAA6B;YAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7D,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,UAAU,CAAC,GAAG,CAAC,GAAG;oBAChB,GAAG,UAAU,CAAC,GAAG,CAAC;oBAClB,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,UAAU,EAAE,OAAO;iBACpB,CAAC;YACJ,CAAC;YAED,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,MAAM,CAAC,oBAAoB,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,uBAAuB,CAC3B,cAAc,EACd,IAAI,EACJ,WAAW,CACZ,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CACpC,cAA0D,EAC1D,IAAkB,EAClB,WAAmB;IAEnB,4CAA4C;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/C,kBAAkB,EAAE,CAAC;IACvB,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;YAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,yDAAyD;QACzD,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;YAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,gDAAgD;IAChD,IAAI,sBAAsB,EAAE,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;gBAClD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,yBAAyB,CACtC,IAAY,EACZ,UAAsB,EACtB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,KAAK,CAAC,kCAAkC,IAAI,EAAE,CAAC,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA6BzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA2E3D"}
|
package/dist/commands/check.js
CHANGED
|
@@ -10,6 +10,7 @@ import { formatCheckResult, formatScanResult, formatJson, } from "../output/form
|
|
|
10
10
|
import { resolveAndLog } from "../utils/resolve.js";
|
|
11
11
|
import { isHmaAvailable, scanPackage } from "../scanner/index.js";
|
|
12
12
|
import { confirm } from "../utils/prompt.js";
|
|
13
|
+
import { isContributeEnabled, shouldPromptContribute, showContributePrompt, incrementScanCount, buildContributionPayload, submitContribution, } from "../telemetry/index.js";
|
|
13
14
|
export function registerCheckCommand(program) {
|
|
14
15
|
program
|
|
15
16
|
.command("check <name>")
|
|
@@ -39,7 +40,7 @@ export function registerCheckCommand(program) {
|
|
|
39
40
|
}
|
|
40
41
|
if (result.found &&
|
|
41
42
|
(result.verdict === "blocked" || result.verdict === "warning")) {
|
|
42
|
-
process.exitCode =
|
|
43
|
+
process.exitCode = 2;
|
|
43
44
|
}
|
|
44
45
|
}
|
|
45
46
|
catch (err) {
|
|
@@ -114,55 +115,58 @@ async function handleScanFlow(name, client, globalOpts, opts, statusMessage) {
|
|
|
114
115
|
else {
|
|
115
116
|
console.log(formatScanResult(scanResult));
|
|
116
117
|
}
|
|
117
|
-
// Set exit code based on verdict
|
|
118
|
+
// Set exit code based on verdict (2 = policy signal, matching audit/batch)
|
|
118
119
|
if (scanResult.verdict === "blocked" || scanResult.verdict === "warning") {
|
|
119
|
-
process.exitCode =
|
|
120
|
+
process.exitCode = 2;
|
|
120
121
|
}
|
|
121
|
-
//
|
|
122
|
-
await handleContribute(name, scanResult,
|
|
122
|
+
// Community contribution flow
|
|
123
|
+
await handleContribute(name, scanResult, globalOpts, opts);
|
|
123
124
|
}
|
|
124
|
-
async function handleContribute(name, scanResult,
|
|
125
|
-
|
|
125
|
+
async function handleContribute(name, scanResult, globalOpts, opts) {
|
|
126
|
+
// Track scan count regardless of contribution setting
|
|
127
|
+
incrementScanCount();
|
|
128
|
+
// Determine contribution mode:
|
|
129
|
+
// 1. --contribute flag: always contribute anonymized telemetry
|
|
130
|
+
// 2. Config enabled: auto-contribute anonymized telemetry
|
|
131
|
+
// 3. Not configured: maybe prompt
|
|
132
|
+
// 4. Config disabled: skip
|
|
126
133
|
if (opts.contribute) {
|
|
127
|
-
|
|
128
|
-
|
|
134
|
+
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
135
|
+
return;
|
|
129
136
|
}
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
137
|
+
const configEnabled = isContributeEnabled();
|
|
138
|
+
if (configEnabled === true) {
|
|
139
|
+
// Already opted in: auto-contribute anonymized telemetry
|
|
140
|
+
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
141
|
+
return;
|
|
133
142
|
}
|
|
134
|
-
if (
|
|
143
|
+
if (configEnabled === false) {
|
|
144
|
+
// Explicitly opted out: skip
|
|
135
145
|
return;
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
.filter((f) => !f.passed)
|
|
143
|
-
.map((f) => ({
|
|
144
|
-
checkId: f.checkId,
|
|
145
|
-
name: f.name,
|
|
146
|
-
severity: f.severity,
|
|
147
|
-
passed: f.passed,
|
|
148
|
-
message: f.message,
|
|
149
|
-
category: f.category,
|
|
150
|
-
})),
|
|
151
|
-
projectType: scanResult.scan.projectType,
|
|
152
|
-
scanTimestamp: scanResult.scan.timestamp,
|
|
153
|
-
};
|
|
154
|
-
const publishResult = await client.publishScan(submission);
|
|
155
|
-
if (publishResult.accepted) {
|
|
156
|
-
console.error(chalk.green("Scan results contributed to community registry."));
|
|
146
|
+
}
|
|
147
|
+
// Not yet configured: check if we should prompt
|
|
148
|
+
if (shouldPromptContribute()) {
|
|
149
|
+
const enabled = await showContributePrompt();
|
|
150
|
+
if (enabled) {
|
|
151
|
+
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
157
152
|
}
|
|
158
|
-
|
|
159
|
-
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
/**
|
|
156
|
+
* Submit anonymized telemetry to the registry (opt-in contribution).
|
|
157
|
+
* Only sends checkId, pass/fail, and severity. No file paths, descriptions, or code.
|
|
158
|
+
*/
|
|
159
|
+
async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
|
|
160
|
+
try {
|
|
161
|
+
const payload = buildContributionPayload(name, scanResult.scan.findings);
|
|
162
|
+
const result = await submitContribution(payload, registryUrl);
|
|
163
|
+
if (result.success) {
|
|
164
|
+
console.error(chalk.green("Anonymized scan data shared with the community."));
|
|
160
165
|
}
|
|
166
|
+
// Silent on failure -- non-blocking
|
|
161
167
|
}
|
|
162
|
-
catch
|
|
163
|
-
|
|
164
|
-
console.error(chalk.yellow(`Could not publish results: ${message}`));
|
|
165
|
-
// Non-fatal: scan results are still shown locally
|
|
168
|
+
catch {
|
|
169
|
+
// Non-fatal: telemetry submission should never crash the scan
|
|
166
170
|
}
|
|
167
171
|
}
|
|
168
172
|
async function checkHmaReady() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAW/B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,gDAAgD,CAAC;SAC7D,MAAM,CACL,mBAAmB,EACnB,4DAA4D,CAC7D;SACA,MAAM,CACL,mBAAmB,EACnB,sDAAsD,CACvD;SACA,MAAM,CACL,cAAc,EACd,oDAAoD,CACrD;SACA,MAAM,CAAC,WAAW,EAAE,iCAAiC,CAAC;SACtD,MAAM,CAAC,UAAU,EAAE,mCAAmC,CAAC;SACvD,MAAM,CACL,kBAAkB,EAClB,kCAAkC,EAClC,IAAI,CACL;SACA,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,IAAkB,EAAE,EAAE;QACpD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAExD,uBAAuB;YACvB,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,cAAc,CAClB,IAAI,EACJ,MAAM,EACN,UAAU,EACV,IAAI,EACJ,gBAAgB,CACjB,CAAC;gBACF,OAAO;YACT,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,IACE,MAAM,CAAC,KAAK;gBACZ,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,EAC9D,CAAC;gBACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,oBAAoB,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC/D,MAAM,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CACT,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CACnD,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;gBACrC,CAAC;gBACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAY,EACZ,MAAsB,EACtB,UAAkD,EAClD,IAAkB;IAElB,8CAA8C;IAC9C,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,cAAc,CAClB,IAAI,EACJ,MAAM,EACN,UAAU,EACV,IAAI,EACJ,YAAY,IAAI,sCAAsC,CACvD,CAAC;QACF,OAAO;IACT,CAAC;IAED,6EAA6E;IAC7E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,YAAY,IAAI,6EAA6E,CAAC;QAC1G,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,iCAAiC;IACjC,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,sCAAsC,CAAC,CACnE,CAAC;IAEF,IAAI,CAAC,CAAC,MAAM,aAAa,EAAE,CAAC;QAAE,OAAO;IAErC,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;IAC3E,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAY,EACZ,MAAsB,EACtB,UAAkD,EAClD,IAAkB,EAClB,aAAqB;IAErB,IAAI,CAAC,CAAC,MAAM,aAAa,EAAE,CAAC;QAAE,OAAO;IAErC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IAEzC,IAAI,UAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,2EAA2E;IAC3E,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACzE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,8BAA8B;IAC9B,MAAM,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,IAAY,EACZ,UAAsB,EACtB,UAAkD,EAClD,IAAkB;IAElB,sDAAsD;IACtD,kBAAkB,EAAE,CAAC;IAErB,+BAA+B;IAC/B,+DAA+D;IAC/D,0DAA0D;IAC1D,kCAAkC;IAClC,2BAA2B;IAE3B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,yDAAyD;QACzD,MAAM,yBAAyB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAC5B,6BAA6B;QAC7B,OAAO;IACT,CAAC;IAED,gDAAgD;IAChD,IAAI,sBAAsB,EAAE,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,yBAAyB,CAC7B,IAAI,EACJ,UAAU,EACV,UAAU,CAAC,WAAW,CACvB,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,yBAAyB,CACtC,IAAY,EACZ,UAAsB,EACtB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAC/D,CAAC;QACJ,CAAC;QACD,oCAAoC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;IAChE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,MAAM,SAAS,GAAG,MAAM,cAAc,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -15,7 +15,7 @@ const pkg = require("../package.json");
|
|
|
15
15
|
const program = new Command();
|
|
16
16
|
program
|
|
17
17
|
.name("ai-trust")
|
|
18
|
-
.description("
|
|
18
|
+
.description("Check security trust scores for AI agents and MCP servers before installing them")
|
|
19
19
|
.version(pkg.version, "-v, --version")
|
|
20
20
|
.option("--registry-url <url>", "registry base URL", "https://api.oa2a.org")
|
|
21
21
|
.option("--json", "output raw JSON", false)
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,kFAAkF,CAAC;KAC/F,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC;KACrC,MAAM,CACL,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,CACvB;KACA,MAAM,CAAC,QAAQ,EAAE,iBAAiB,EAAE,KAAK,CAAC;KAC1C,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC,CAAC;AAElD,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAE9B,OAAO,CAAC,KAAK,EAAE,CAAC"}
|