ai-trust 0.2.1 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +91 -61
- package/dist/api/client.d.ts.map +1 -1
- package/dist/api/client.js +4 -0
- package/dist/api/client.js.map +1 -1
- package/dist/commands/audit.d.ts.map +1 -1
- package/dist/commands/audit.js +13 -38
- package/dist/commands/audit.js.map +1 -1
- package/dist/commands/check.d.ts.map +1 -1
- package/dist/commands/check.js +12 -35
- package/dist/commands/check.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/output/formatter.d.ts.map +1 -1
- package/dist/output/formatter.js +47 -3
- package/dist/output/formatter.js.map +1 -1
- package/dist/telemetry/contribute.d.ts +60 -6
- package/dist/telemetry/contribute.d.ts.map +1 -1
- package/dist/telemetry/contribute.js +197 -44
- package/dist/telemetry/contribute.js.map +1 -1
- package/dist/telemetry/index.d.ts +2 -2
- package/dist/telemetry/index.d.ts.map +1 -1
- package/dist/telemetry/index.js +2 -2
- package/dist/telemetry/index.js.map +1 -1
- package/dist/telemetry/opt-in.d.ts +34 -23
- package/dist/telemetry/opt-in.d.ts.map +1 -1
- package/dist/telemetry/opt-in.js +154 -125
- package/dist/telemetry/opt-in.js.map +1 -1
- package/package.json +6 -1
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless
|
|
1
|
+
> **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · Registry (April 2026)
|
|
2
2
|
|
|
3
3
|
# ai-trust
|
|
4
4
|
|
|
@@ -25,6 +25,38 @@ Or run directly with npx:
|
|
|
25
25
|
npx ai-trust check @modelcontextprotocol/server-filesystem
|
|
26
26
|
```
|
|
27
27
|
|
|
28
|
+
For a full security dashboard covering trust, credentials, shadow AI, and more:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
npx opena2a-cli review
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Quick Start
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
ai-trust check @modelcontextprotocol/server-filesystem
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
Expected output:
|
|
41
|
+
|
|
42
|
+
```
|
|
43
|
+
@modelcontextprotocol/server-filesystem
|
|
44
|
+
Trust Level: 4 (Verified)
|
|
45
|
+
Verdict: safe
|
|
46
|
+
Scanned: 2026-03-01
|
|
47
|
+
Findings: 0 critical, 0 high, 2 medium
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Built-in Help
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
ai-trust --help # All commands and flags
|
|
54
|
+
ai-trust --version # Current version
|
|
55
|
+
ai-trust [command] -h # Help for a specific command
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
28
60
|
## Commands
|
|
29
61
|
|
|
30
62
|
### check
|
|
@@ -33,17 +65,30 @@ Look up the trust verdict for a single package.
|
|
|
33
65
|
|
|
34
66
|
```bash
|
|
35
67
|
ai-trust check @modelcontextprotocol/server-filesystem
|
|
68
|
+
ai-trust check my-agent --type a2a_agent
|
|
69
|
+
ai-trust check express --json # JSON output for scripting
|
|
36
70
|
```
|
|
37
71
|
|
|
38
|
-
|
|
72
|
+
### MCP Server Trust
|
|
73
|
+
|
|
74
|
+
MCP servers are the most common trust query. Use shorthand to skip the full package name:
|
|
39
75
|
|
|
40
76
|
```bash
|
|
41
|
-
|
|
77
|
+
# These are equivalent:
|
|
78
|
+
ai-trust check server-filesystem
|
|
79
|
+
ai-trust check @modelcontextprotocol/server-filesystem
|
|
80
|
+
|
|
81
|
+
# Other MCP servers:
|
|
82
|
+
ai-trust check mcp-server-fetch
|
|
83
|
+
ai-trust check server-github
|
|
84
|
+
ai-trust check server-postgres
|
|
42
85
|
```
|
|
43
86
|
|
|
87
|
+
Shorthand rules: `server-*` and `mcp-server-*` automatically resolve to `@modelcontextprotocol/server-*`.
|
|
88
|
+
|
|
44
89
|
#### Scan on demand
|
|
45
90
|
|
|
46
|
-
When a package
|
|
91
|
+
When a package is not in the registry, ai-trust can download and scan it locally using [HackMyAgent](https://github.com/opena2a-org/hackmyagent). In interactive mode, you will be prompted. In CI, use flags:
|
|
47
92
|
|
|
48
93
|
```bash
|
|
49
94
|
# Auto-scan unknown packages, contribute results to the community registry
|
|
@@ -56,41 +101,15 @@ ai-trust check server-filesystem --rescan
|
|
|
56
101
|
ai-trust check server-filesystem --no-scan
|
|
57
102
|
```
|
|
58
103
|
|
|
59
|
-
#### Community contribution
|
|
60
|
-
|
|
61
|
-
Scan results can be shared with the OpenA2A Registry as anonymized telemetry (check pass/fail and severity only -- no file paths, source code, or descriptions).
|
|
62
|
-
|
|
63
|
-
On first scan, ai-trust asks whether you'd like to contribute. Your choice is saved in `~/.opena2a/config.json` and shared across all OpenA2A tools (opena2a-cli, hackmyagent).
|
|
64
|
-
|
|
65
|
-
```bash
|
|
66
|
-
# Contribute for this scan (non-interactive / CI)
|
|
67
|
-
ai-trust check chalk --rescan --contribute
|
|
68
|
-
|
|
69
|
-
# Configure globally via opena2a-cli
|
|
70
|
-
opena2a config set contribute true # opt in
|
|
71
|
-
opena2a config set contribute false # opt out
|
|
72
|
-
```
|
|
73
|
-
|
|
74
104
|
### audit
|
|
75
105
|
|
|
76
|
-
Parse dependency files and batch-query all dependencies. Supports any `.json` file (package.json format) or `.txt` file (requirements.txt format).
|
|
106
|
+
Parse dependency files and batch-query all dependencies. Supports any `.json` file (package.json format) or `.txt` file (requirements.txt format).
|
|
77
107
|
|
|
78
108
|
```bash
|
|
79
109
|
ai-trust audit package.json
|
|
80
110
|
ai-trust audit requirements.txt
|
|
81
|
-
ai-trust audit
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
Set a minimum trust level threshold (default: 3):
|
|
85
|
-
|
|
86
|
-
```bash
|
|
87
|
-
ai-trust audit package.json --min-trust 2
|
|
88
|
-
```
|
|
89
|
-
|
|
90
|
-
Scan dependencies not found in the registry:
|
|
91
|
-
|
|
92
|
-
```bash
|
|
93
|
-
ai-trust audit package.json --scan-missing --contribute
|
|
111
|
+
ai-trust audit package.json --min-trust 2 # set minimum trust threshold (default: 3)
|
|
112
|
+
ai-trust audit package.json --scan-missing --contribute # scan deps not in registry
|
|
94
113
|
```
|
|
95
114
|
|
|
96
115
|
### batch
|
|
@@ -99,42 +118,40 @@ Look up trust verdicts for multiple packages at once.
|
|
|
99
118
|
|
|
100
119
|
```bash
|
|
101
120
|
ai-trust batch express lodash chalk commander
|
|
102
|
-
```
|
|
103
|
-
|
|
104
|
-
Filter by package type (packages that don't match are excluded):
|
|
105
|
-
|
|
106
|
-
```bash
|
|
107
121
|
ai-trust batch my-server-a my-server-b --type mcp_server
|
|
108
122
|
```
|
|
109
123
|
|
|
110
|
-
|
|
124
|
+
---
|
|
111
125
|
|
|
112
|
-
|
|
126
|
+
## Output Options
|
|
113
127
|
|
|
114
128
|
```bash
|
|
115
|
-
ai-trust check express --json
|
|
116
|
-
ai-trust audit package.json --json
|
|
129
|
+
ai-trust check express --json # JSON output for scripting
|
|
130
|
+
ai-trust audit package.json --json # JSON audit output
|
|
131
|
+
ai-trust check express --no-color # disable colored output
|
|
132
|
+
ai-trust check express --registry-url http://localhost:8080 # custom registry
|
|
117
133
|
```
|
|
118
134
|
|
|
119
|
-
|
|
135
|
+
---
|
|
120
136
|
|
|
121
|
-
|
|
122
|
-
ai-trust check express --registry-url http://localhost:8080
|
|
123
|
-
```
|
|
137
|
+
## Community Contribution
|
|
124
138
|
|
|
125
|
-
|
|
139
|
+
Every scan you run can improve trust data for the entire community. Scan results are shared as anonymized telemetry (check pass/fail and severity only -- no file paths, source code, or descriptions).
|
|
140
|
+
|
|
141
|
+
On first scan, ai-trust asks whether you want to contribute. Your choice is saved in `~/.opena2a/config.json` and shared across all OpenA2A tools (opena2a-cli, hackmyagent).
|
|
126
142
|
|
|
127
143
|
```bash
|
|
128
|
-
|
|
144
|
+
# Contribute for this scan (non-interactive / CI)
|
|
145
|
+
ai-trust check chalk --rescan --contribute
|
|
146
|
+
|
|
147
|
+
# Configure globally via opena2a-cli
|
|
148
|
+
opena2a config set contribute true # opt in
|
|
149
|
+
opena2a config set contribute false # opt out
|
|
129
150
|
```
|
|
130
151
|
|
|
131
|
-
|
|
152
|
+
The more scans contributed, the faster packages move from "Listed" to "Scanned" trust level, reducing risk for everyone.
|
|
132
153
|
|
|
133
|
-
|
|
134
|
-
|------|---------|
|
|
135
|
-
| 0 | All queried packages are safe / meet the trust threshold |
|
|
136
|
-
| 1 | Operational error (network failure, file not found, server error) |
|
|
137
|
-
| 2 | Policy signal: one or more packages have warning/blocked verdict or fall below `--min-trust` |
|
|
154
|
+
---
|
|
138
155
|
|
|
139
156
|
## Trust Levels
|
|
140
157
|
|
|
@@ -146,6 +163,16 @@ ai-trust check express --no-color
|
|
|
146
163
|
| 3 | Scanned | Package has been scanned by HackMyAgent |
|
|
147
164
|
| 4 | Verified | Package is verified by the publisher |
|
|
148
165
|
|
|
166
|
+
## Exit Codes
|
|
167
|
+
|
|
168
|
+
| Code | Meaning |
|
|
169
|
+
|------|---------|
|
|
170
|
+
| 0 | All queried packages are safe / meet the trust threshold |
|
|
171
|
+
| 1 | Operational error (network failure, file not found, server error) |
|
|
172
|
+
| 2 | Policy signal: one or more packages have warning/blocked verdict or fall below `--min-trust` |
|
|
173
|
+
|
|
174
|
+
---
|
|
175
|
+
|
|
149
176
|
## Requirements
|
|
150
177
|
|
|
151
178
|
- Node.js 18 or later
|
|
@@ -155,16 +182,19 @@ ai-trust check express --no-color
|
|
|
155
182
|
|
|
156
183
|
```bash
|
|
157
184
|
git clone https://github.com/opena2a-org/ai-trust.git
|
|
158
|
-
cd ai-trust
|
|
159
|
-
|
|
160
|
-
npm run build
|
|
185
|
+
cd ai-trust && npm install && npm run build
|
|
186
|
+
node dist/index.js check express # run locally without installing
|
|
161
187
|
```
|
|
162
188
|
|
|
163
|
-
|
|
189
|
+
## Use Cases
|
|
164
190
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
191
|
+
Step-by-step guides for common workflows:
|
|
192
|
+
|
|
193
|
+
- [Check if a package is safe before installing](docs/use-cases/check-before-install.md)
|
|
194
|
+
- [Verify an MCP server's trust score](docs/use-cases/check-mcp-server.md)
|
|
195
|
+
- [Contribute trust data to the community](docs/use-cases/contribute-scans.md)
|
|
196
|
+
|
|
197
|
+
See [docs/USE-CASES.md](docs/USE-CASES.md) for the full index.
|
|
168
198
|
|
|
169
199
|
## Links
|
|
170
200
|
|
package/dist/api/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,SAAgB,WAAW,EAAE,MAAM,CAAC;gBAExB,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAS;gBAEZ,WAAW,EAAE,MAAM;IAIzB,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC;IAmCjB,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,WAAW;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,cAAc,CAAC;IAE9B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,qBAAqB,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAQD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,SAAgB,WAAW,EAAE,MAAM,CAAC;gBAExB,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAS;gBAEZ,WAAW,EAAE,MAAM;IAIzB,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC;IAmCjB,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC;IAuClE;;OAEG;IACG,WAAW,CACf,UAAU,EAAE,cAAc,GACzB,OAAO,CAAC,eAAe,CAAC;CAqB5B"}
|
package/dist/api/client.js
CHANGED
|
@@ -61,6 +61,10 @@ export class RegistryClient {
|
|
|
61
61
|
const body = await response.text();
|
|
62
62
|
throw new Error(`Registry API returned ${response.status}: ${body}`);
|
|
63
63
|
}
|
|
64
|
+
// Known issue: The batch endpoint may return different trust scores and
|
|
65
|
+
// package classifications (e.g., express classified as "ai_tool") compared
|
|
66
|
+
// to the single-query endpoint. This is a server-side inconsistency in the
|
|
67
|
+
// registry API, not a client-side bug.
|
|
64
68
|
const raw = (await response.json());
|
|
65
69
|
const NULL_UUID = "00000000-0000-0000-0000-000000000000";
|
|
66
70
|
for (const r of raw.results) {
|
package/dist/api/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;AAuF7C,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7B,WAAW,CAAS;IAEpC,YAAY,IAAY;QACtB,KAAK,CAAC,YAAY,IAAI,sCAAsC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAS;IAExB,YAAY,WAAmB;QAC7B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI;YACJ,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAwB;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,qBAAqB,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACxD,MAAM,SAAS,GAAG,sCAAsC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE;gBACJ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,KAAK;gBACL,QAAQ,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK;aAC5B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,UAA0B;QAE1B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IACpD,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/api/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1C,MAAM,UAAU,GAAG,YAAY,GAAG,CAAC,OAAO,EAAE,CAAC;AAuF7C,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7B,WAAW,CAAS;IAEpC,YAAY,IAAY;QACtB,KAAK,CAAC,YAAY,IAAI,sCAAsC,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,OAAO,cAAc;IACjB,OAAO,CAAS;IAExB,YAAY,WAAmB;QAC7B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,IAAI;YACJ,cAAc,EAAE,MAAM;YACtB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAwB;QACvC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,qBAAqB,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CACpD,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,2EAA2E;QAC3E,2EAA2E;QAC3E,uCAAuC;QACvC,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACxD,MAAM,SAAS,GAAG,sCAAsC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC;QACvD,CAAC;QACD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE;gBACJ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,KAAK;gBACL,QAAQ,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK;aAC5B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,UAA0B;QAE1B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,uBAAuB,CAAC;QACnD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;gBAC5B,YAAY,EAAE,UAAU;aACzB;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAoB,CAAC;IACpD,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAwBzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuH3D"}
|
package/dist/commands/audit.js
CHANGED
|
@@ -8,7 +8,7 @@ import { parseDependencyFile } from "../utils/parser.js";
|
|
|
8
8
|
import { formatBatchResults, formatJson, } from "../output/formatter.js";
|
|
9
9
|
import { isHmaAvailable, scanPackage } from "../scanner/index.js";
|
|
10
10
|
import { confirm } from "../utils/prompt.js";
|
|
11
|
-
import { isContributeEnabled,
|
|
11
|
+
import { isContributeEnabled, queueScanResult, flushQueue, recordScanAndMaybeShowTip, } from "../telemetry/index.js";
|
|
12
12
|
export function registerAuditCommand(program) {
|
|
13
13
|
program
|
|
14
14
|
.command("audit <file>")
|
|
@@ -130,49 +130,24 @@ async function scanMissingPackages(notFound, allResults, opts, registryUrl) {
|
|
|
130
130
|
}
|
|
131
131
|
/**
|
|
132
132
|
* Handle community contribution after audit scanning.
|
|
133
|
-
* Follows the same opt-in flow as check:
|
|
133
|
+
* Follows the same opt-in flow as check: queue + flush.
|
|
134
134
|
*/
|
|
135
135
|
async function handleAuditContribution(scannedResults, opts, registryUrl) {
|
|
136
|
-
//
|
|
137
|
-
|
|
138
|
-
|
|
136
|
+
// Show tip after 3rd scan (non-blocking, replaces old interactive prompt)
|
|
137
|
+
const tip = recordScanAndMaybeShowTip();
|
|
138
|
+
if (tip) {
|
|
139
|
+
process.stderr.write(tip + "\n");
|
|
139
140
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
await submitAnonymizedTelemetry(name, scanResult, registryUrl);
|
|
143
|
-
}
|
|
141
|
+
const shouldContribute = opts.contribute || isContributeEnabled() === true;
|
|
142
|
+
if (!shouldContribute)
|
|
144
143
|
return;
|
|
145
|
-
|
|
146
|
-
const configEnabled = isContributeEnabled();
|
|
147
|
-
if (configEnabled === true) {
|
|
148
|
-
// Already opted in: auto-contribute anonymized telemetry
|
|
144
|
+
try {
|
|
149
145
|
for (const { name, scanResult } of scannedResults) {
|
|
150
|
-
|
|
146
|
+
queueScanResult(name, scanResult.scan.findings);
|
|
151
147
|
}
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
return;
|
|
156
|
-
}
|
|
157
|
-
// Not yet configured: check if we should prompt
|
|
158
|
-
if (shouldPromptContribute()) {
|
|
159
|
-
const enabled = await showContributePrompt();
|
|
160
|
-
if (enabled) {
|
|
161
|
-
for (const { name, scanResult } of scannedResults) {
|
|
162
|
-
await submitAnonymizedTelemetry(name, scanResult, registryUrl);
|
|
163
|
-
}
|
|
164
|
-
}
|
|
165
|
-
}
|
|
166
|
-
}
|
|
167
|
-
/**
|
|
168
|
-
* Submit anonymized telemetry to the registry (opt-in contribution).
|
|
169
|
-
*/
|
|
170
|
-
async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
|
|
171
|
-
try {
|
|
172
|
-
const payload = buildContributionPayload(name, scanResult.scan.findings);
|
|
173
|
-
const result = await submitContribution(payload, registryUrl);
|
|
174
|
-
if (result.success) {
|
|
175
|
-
console.error(chalk.green(` Anonymized scan data shared: ${name}`));
|
|
148
|
+
const ok = await flushQueue(registryUrl);
|
|
149
|
+
if (ok) {
|
|
150
|
+
console.error(chalk.green(` Anonymized scan data shared: ${scannedResults.length} package(s)`));
|
|
176
151
|
}
|
|
177
152
|
}
|
|
178
153
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EACL,kBAAkB,EAClB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EACL,kBAAkB,EAClB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,UAAU,EACV,yBAAyB,GAC1B,MAAM,uBAAuB,CAAC;AAQ/B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,0DAA0D,CAC3D;SACA,MAAM,CACL,qBAAqB,EACrB,+BAA+B,EAC/B,GAAG,CACJ;SACA,MAAM,CACL,gBAAgB,EAChB,+CAA+C,CAChD;SACA,MAAM,CACL,cAAc,EACd,+CAA+C,CAChD;SACA,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAkB,EAAE,EAAE;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAEjD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,CACX,iCAAiC,QAAQ,CAAC,MAAM,kEAAkE,CACnH,CAAC;gBACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEnD,qCAAqC;YACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC5C,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;YACJ,CAAC;iBAAM,IACL,QAAQ,CAAC,MAAM,GAAG,CAAC;gBACnB,CAAC,IAAI,CAAC,WAAW;gBACjB,OAAO,CAAC,KAAK,CAAC,KAAK,EACnB,CAAC;gBACD,6BAA6B;gBAC7B,MAAM,UAAU,GAAG,MAAM,OAAO,CAC9B,GAAG,QAAQ,CAAC,MAAM,4CAA4C,EAC9D,KAAK,CACN,CAAC;gBACF,IAAI,UAAU,EAAE,CAAC;oBACf,IAAI,CAAC,CAAC,MAAM,cAAc,EAAE,CAAC,EAAE,CAAC;wBAC9B,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;wBACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;oBAChD,CAAC;yBAAM,CAAC;wBACN,MAAM,mBAAmB,CACvB,QAAQ,EACR,QAAQ,CAAC,OAAO,EAChB,IAAI,EACJ,UAAU,CAAC,WAAW,CACvB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,UAAU,GAAG,QAAQ,CAC1C,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,OAAe,CAAC;YACpB,IACE,GAAG,YAAY,KAAK;gBACpB,MAAM,IAAI,GAAG;gBACZ,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAChD,CAAC;gBACD,OAAO,GAAG,mBAAmB,IAAI,EAAE,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;YACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,QAAuB,EACvB,UAAyB,EACzB,IAAkB,EAClB,WAAmB;IAEnB,MAAM,SAAS,GAAG,MAAM,cAAc,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,MAAM,wBAAwB,CAAC,CAChE,CAAC;IAEF,MAAM,cAAc,GAA+C,EAAE,CAAC;IAEtE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YACvD,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAE/C,6BAA6B;YAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7D,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,UAAU,CAAC,GAAG,CAAC,GAAG;oBAChB,GAAG,UAAU,CAAC,GAAG,CAAC;oBAClB,KAAK,EAAE,IAAI;oBACX,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,UAAU,EAAE,UAAU,CAAC,UAAU;oBACjC,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,UAAU,EAAE,OAAO;iBACpB,CAAC;YACJ,CAAC;YAED,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,MAAM,CAAC,oBAAoB,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,uBAAuB,CAC3B,cAAc,EACd,IAAI,EACJ,WAAW,CACZ,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CACpC,cAA0D,EAC1D,IAAkB,EAClB,WAAmB;IAEnB,0EAA0E;IAC1E,MAAM,GAAG,GAAG,yBAAyB,EAAE,CAAC;IACxC,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,gBAAgB,GACpB,IAAI,CAAC,UAAU,IAAI,mBAAmB,EAAE,KAAK,IAAI,CAAC;IAEpD,IAAI,CAAC,gBAAgB;QAAE,OAAO;IAE9B,IAAI,CAAC;QACH,KAAK,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,cAAc,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,KAAK,CACT,kCAAkC,cAAc,CAAC,MAAM,aAAa,CACrE,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA2BzC,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA2E3D"}
|
package/dist/commands/check.js
CHANGED
|
@@ -10,7 +10,7 @@ import { formatCheckResult, formatScanResult, formatJson, } from "../output/form
|
|
|
10
10
|
import { resolveAndLog } from "../utils/resolve.js";
|
|
11
11
|
import { isHmaAvailable, scanPackage } from "../scanner/index.js";
|
|
12
12
|
import { confirm } from "../utils/prompt.js";
|
|
13
|
-
import { isContributeEnabled,
|
|
13
|
+
import { isContributeEnabled, queueScanResult, flushQueue, recordScanAndMaybeShowTip, } from "../telemetry/index.js";
|
|
14
14
|
export function registerCheckCommand(program) {
|
|
15
15
|
program
|
|
16
16
|
.command("check <name>")
|
|
@@ -123,47 +123,24 @@ async function handleScanFlow(name, client, globalOpts, opts, statusMessage) {
|
|
|
123
123
|
await handleContribute(name, scanResult, globalOpts, opts);
|
|
124
124
|
}
|
|
125
125
|
async function handleContribute(name, scanResult, globalOpts, opts) {
|
|
126
|
-
//
|
|
127
|
-
|
|
126
|
+
// Show tip after 3rd scan (non-blocking, replaces old interactive prompt)
|
|
127
|
+
const tip = recordScanAndMaybeShowTip();
|
|
128
|
+
if (tip) {
|
|
129
|
+
process.stderr.write(tip + "\n");
|
|
130
|
+
}
|
|
128
131
|
// Determine contribution mode:
|
|
129
132
|
// 1. --contribute flag: always contribute anonymized telemetry
|
|
130
133
|
// 2. Config enabled: auto-contribute anonymized telemetry
|
|
131
|
-
// 3. Not configured:
|
|
132
|
-
|
|
133
|
-
if (
|
|
134
|
-
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
135
|
-
return;
|
|
136
|
-
}
|
|
137
|
-
const configEnabled = isContributeEnabled();
|
|
138
|
-
if (configEnabled === true) {
|
|
139
|
-
// Already opted in: auto-contribute anonymized telemetry
|
|
140
|
-
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
134
|
+
// 3. Not configured or disabled: skip
|
|
135
|
+
const shouldContribute = opts.contribute || isContributeEnabled() === true;
|
|
136
|
+
if (!shouldContribute)
|
|
141
137
|
return;
|
|
142
|
-
}
|
|
143
|
-
if (configEnabled === false) {
|
|
144
|
-
// Explicitly opted out: skip
|
|
145
|
-
return;
|
|
146
|
-
}
|
|
147
|
-
// Not yet configured: check if we should prompt
|
|
148
|
-
if (shouldPromptContribute()) {
|
|
149
|
-
const enabled = await showContributePrompt();
|
|
150
|
-
if (enabled) {
|
|
151
|
-
await submitAnonymizedTelemetry(name, scanResult, globalOpts.registryUrl);
|
|
152
|
-
}
|
|
153
|
-
}
|
|
154
|
-
}
|
|
155
|
-
/**
|
|
156
|
-
* Submit anonymized telemetry to the registry (opt-in contribution).
|
|
157
|
-
* Only sends checkId, pass/fail, and severity. No file paths, descriptions, or code.
|
|
158
|
-
*/
|
|
159
|
-
async function submitAnonymizedTelemetry(name, scanResult, registryUrl) {
|
|
160
138
|
try {
|
|
161
|
-
|
|
162
|
-
const
|
|
163
|
-
if (
|
|
139
|
+
queueScanResult(name, scanResult.scan.findings);
|
|
140
|
+
const ok = await flushQueue(globalOpts.registryUrl);
|
|
141
|
+
if (ok) {
|
|
164
142
|
console.error(chalk.green("Anonymized scan data shared with the community."));
|
|
165
143
|
}
|
|
166
|
-
// Silent on failure -- non-blocking
|
|
167
144
|
}
|
|
168
145
|
catch {
|
|
169
146
|
// Non-fatal: telemetry submission should never crash the scan
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,
|
|
1
|
+
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,UAAU,GACX,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,UAAU,EACV,yBAAyB,GAC1B,MAAM,uBAAuB,CAAC;AAW/B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,gDAAgD,CAAC;SAC7D,MAAM,CACL,mBAAmB,EACnB,4DAA4D,CAC7D;SACA,MAAM,CACL,mBAAmB,EACnB,sDAAsD,CACvD;SACA,MAAM,CACL,cAAc,EACd,oDAAoD,CACrD;SACA,MAAM,CAAC,WAAW,EAAE,iCAAiC,CAAC;SACtD,MAAM,CAAC,UAAU,EAAE,mCAAmC,CAAC;SACvD,MAAM,CACL,kBAAkB,EAClB,kCAAkC,EAClC,IAAI,CACL;SACA,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,IAAkB,EAAE,EAAE;QACpD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAG9B,CAAC;QAEF,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAExD,uBAAuB;YACvB,IAAI,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,cAAc,CAClB,IAAI,EACJ,MAAM,EACN,UAAU,EACV,IAAI,EACJ,gBAAgB,CACjB,CAAC;gBACF,OAAO;YACT,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,IACE,MAAM,CAAC,KAAK;gBACZ,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,EAC9D,CAAC;gBACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,oBAAoB,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC/D,MAAM,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CACT,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CACnD,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;gBACrC,CAAC;gBACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAY,EACZ,MAAsB,EACtB,UAAkD,EAClD,IAAkB;IAElB,8CAA8C;IAC9C,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,cAAc,CAClB,IAAI,EACJ,MAAM,EACN,UAAU,EACV,IAAI,EACJ,YAAY,IAAI,sCAAsC,CACvD,CAAC;QACF,OAAO;IACT,CAAC;IAED,6EAA6E;IAC7E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,YAAY,IAAI,6EAA6E,CAAC;QAC1G,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,iCAAiC;IACjC,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,sCAAsC,CAAC,CACnE,CAAC;IAEF,IAAI,CAAC,CAAC,MAAM,aAAa,EAAE,CAAC;QAAE,OAAO;IAErC,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;IAC3E,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAY,EACZ,MAAsB,EACtB,UAAkD,EAClD,IAAkB,EAClB,aAAqB;IAErB,IAAI,CAAC,CAAC,MAAM,aAAa,EAAE,CAAC;QAAE,OAAO;IAErC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IAEzC,IAAI,UAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,2EAA2E;IAC3E,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACzE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,8BAA8B;IAC9B,MAAM,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,IAAY,EACZ,UAAsB,EACtB,UAAkD,EAClD,IAAkB;IAElB,0EAA0E;IAC1E,MAAM,GAAG,GAAG,yBAAyB,EAAE,CAAC;IACxC,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,+BAA+B;IAC/B,+DAA+D;IAC/D,0DAA0D;IAC1D,sCAAsC;IAEtC,MAAM,gBAAgB,GACpB,IAAI,CAAC,UAAU,IAAI,mBAAmB,EAAE,KAAK,IAAI,CAAC;IAEpD,IAAI,CAAC,gBAAgB;QAAE,OAAO;IAE9B,IAAI,CAAC;QACH,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QACpD,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAC/D,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;IAChE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,MAAM,SAAS,GAAG,MAAM,cAAc,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,8DAA8D,CAC/D,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -15,7 +15,7 @@ const pkg = require("../package.json");
|
|
|
15
15
|
const program = new Command();
|
|
16
16
|
program
|
|
17
17
|
.name("ai-trust")
|
|
18
|
-
.description("
|
|
18
|
+
.description("Check security trust scores for AI agents and MCP servers before installing them")
|
|
19
19
|
.version(pkg.version, "-v, --version")
|
|
20
20
|
.option("--registry-url <url>", "registry base URL", "https://api.oa2a.org")
|
|
21
21
|
.option("--json", "output raw JSON", false)
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAE3D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,UAAU,CAAC;KAChB,WAAW,CAAC,kFAAkF,CAAC;KAC/F,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC;KACrC,MAAM,CACL,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,CACvB;KACA,MAAM,CAAC,QAAQ,EAAE,iBAAiB,EAAE,KAAK,CAAC;KAC1C,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC,CAAC;AAElD,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAC9B,oBAAoB,CAAC,OAAO,CAAC,CAAC;AAE9B,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/output/formatter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/output/formatter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAyCtD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CA2D7D;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,aAAa,EACvB,QAAQ,EAAE,MAAM,GACf,MAAM,CAmHR;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAyE3D;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAEhD"}
|
package/dist/output/formatter.js
CHANGED
|
@@ -38,6 +38,7 @@ function trustLevelColor(level) {
|
|
|
38
38
|
return chalk.yellow;
|
|
39
39
|
return chalk.red;
|
|
40
40
|
}
|
|
41
|
+
const TRUST_LEVEL_LEGEND = " Trust levels: Blocked (0) < Warning (1) < Listed (2) < Scanned (3) < Verified (4)";
|
|
41
42
|
export function formatCheckResult(answer) {
|
|
42
43
|
if (!answer.found) {
|
|
43
44
|
return [
|
|
@@ -54,7 +55,7 @@ export function formatCheckResult(answer) {
|
|
|
54
55
|
` Type: ${answer.packageType || "unknown"}`,
|
|
55
56
|
` Verdict: ${colorVerdict(answer.verdict.toUpperCase())}`,
|
|
56
57
|
` Trust Level: ${colorTrust(trustLevelLabel(answer.trustLevel))} (${answer.trustLevel}/4)`,
|
|
57
|
-
` Trust Score: ${answer.trustScore
|
|
58
|
+
` Trust Score: ${Math.round(answer.trustScore * 100)}/100`,
|
|
58
59
|
` Scan Status: ${answer.scanStatus || "unknown"}`,
|
|
59
60
|
];
|
|
60
61
|
if (answer.dependencies && answer.dependencies.totalDeps > 0) {
|
|
@@ -65,6 +66,24 @@ export function formatCheckResult(answer) {
|
|
|
65
66
|
lines.push(` Vulnerable: ${deps.vulnerableDeps > 0 ? chalk.red(String(deps.vulnerableDeps)) : chalk.green("0")}`);
|
|
66
67
|
lines.push(` Min Trust: ${deps.minTrustLevel}/4`);
|
|
67
68
|
}
|
|
69
|
+
// Trust level legend (only when not already at the highest level)
|
|
70
|
+
if (answer.trustLevel < 4) {
|
|
71
|
+
lines.push(chalk.gray(TRUST_LEVEL_LEGEND));
|
|
72
|
+
lines.push("");
|
|
73
|
+
}
|
|
74
|
+
// Contextual next steps
|
|
75
|
+
const nextSteps = [];
|
|
76
|
+
if (answer.verdict === "blocked" || answer.verdict === "warning") {
|
|
77
|
+
nextSteps.push(` Run a local security scan: ai-trust check ${answer.name} --scan-if-missing`);
|
|
78
|
+
}
|
|
79
|
+
else if (answer.trustLevel <= 2) {
|
|
80
|
+
nextSteps.push(` Trust data is limited. Run a local scan to improve: ai-trust check ${answer.name} --scan-if-missing`);
|
|
81
|
+
}
|
|
82
|
+
nextSteps.push(" For a full project audit: ai-trust audit package.json");
|
|
83
|
+
lines.push(chalk.bold(" Next steps"));
|
|
84
|
+
for (const step of nextSteps) {
|
|
85
|
+
lines.push(chalk.gray(step));
|
|
86
|
+
}
|
|
68
87
|
lines.push("");
|
|
69
88
|
return lines.join("\n");
|
|
70
89
|
}
|
|
@@ -98,7 +117,7 @@ export function formatBatchResults(response, minTrust) {
|
|
|
98
117
|
(result.packageType || "-").padEnd(typeWidth) +
|
|
99
118
|
colorVerdict(result.verdict.toUpperCase().padEnd(verdictWidth)) +
|
|
100
119
|
colorTrust(trustLevelLabel(result.trustLevel).padEnd(levelWidth)) +
|
|
101
|
-
(result.found ? result.trustScore
|
|
120
|
+
(result.found ? `${Math.round(result.trustScore * 100)}/100` : "-").padEnd(scoreWidth) +
|
|
102
121
|
(result.scanStatus || "-").padEnd(scanWidth));
|
|
103
122
|
}
|
|
104
123
|
// Summary
|
|
@@ -120,6 +139,19 @@ export function formatBatchResults(response, minTrust) {
|
|
|
120
139
|
if (belowThreshold.length === 0 && notFound.length === 0) {
|
|
121
140
|
lines.push(chalk.green(` All ${response.meta.found} packages meet minimum trust level ${minTrust}.`));
|
|
122
141
|
}
|
|
142
|
+
// Trust level legend (show if any package is below Verified)
|
|
143
|
+
const hasNonVerified = response.results.some((r) => r.found && r.trustLevel < 4);
|
|
144
|
+
if (hasNonVerified) {
|
|
145
|
+
lines.push("");
|
|
146
|
+
lines.push(chalk.gray(TRUST_LEVEL_LEGEND));
|
|
147
|
+
}
|
|
148
|
+
// Contextual next steps
|
|
149
|
+
lines.push("");
|
|
150
|
+
lines.push(chalk.bold(" Next steps"));
|
|
151
|
+
if (belowThreshold.length > 0) {
|
|
152
|
+
lines.push(chalk.gray(` Run ai-trust check <name> for details on flagged packages`));
|
|
153
|
+
}
|
|
154
|
+
lines.push(chalk.gray(" For full security scanning: npx hackmyagent secure"));
|
|
123
155
|
lines.push("");
|
|
124
156
|
return lines.join("\n");
|
|
125
157
|
}
|
|
@@ -131,7 +163,7 @@ export function formatScanResult(result) {
|
|
|
131
163
|
chalk.gray(" (local scan)"),
|
|
132
164
|
` Verdict: ${colorVerdict(result.verdict.toUpperCase())}`,
|
|
133
165
|
` Trust Level: ${colorTrust(trustLevelLabel(result.trustLevel))} (${result.trustLevel}/4)`,
|
|
134
|
-
` Trust Score: ${result.trustScore
|
|
166
|
+
` Trust Score: ${Math.round(result.trustScore * 100)}/100`,
|
|
135
167
|
` HMA Score: ${result.scan.score}/${result.scan.maxScore}`,
|
|
136
168
|
];
|
|
137
169
|
const failed = result.scan.findings.filter((f) => !f.passed);
|
|
@@ -164,6 +196,18 @@ export function formatScanResult(result) {
|
|
|
164
196
|
lines.push("");
|
|
165
197
|
lines.push(chalk.green(" No security findings."));
|
|
166
198
|
}
|
|
199
|
+
// Trust level legend (only when not already at the highest level)
|
|
200
|
+
if (result.trustLevel < 4) {
|
|
201
|
+
lines.push("");
|
|
202
|
+
lines.push(chalk.gray(TRUST_LEVEL_LEGEND));
|
|
203
|
+
}
|
|
204
|
+
// Contextual next steps
|
|
205
|
+
lines.push("");
|
|
206
|
+
lines.push(chalk.bold(" Next steps"));
|
|
207
|
+
if (result.verdict === "warning" || result.verdict === "blocked") {
|
|
208
|
+
lines.push(chalk.gray(` Review findings above and remediate before installing`));
|
|
209
|
+
}
|
|
210
|
+
lines.push(chalk.gray(" For a full project audit: ai-trust audit package.json"));
|
|
167
211
|
lines.push("");
|
|
168
212
|
return lines.join("\n");
|
|
169
213
|
}
|