brakit 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -2
- package/dist/bin/brakit.js +367 -749
- package/dist/index.d.ts +1 -1
- package/dist/index.js +231 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -37,7 +37,7 @@ npx brakit dev ./my-app # Specify project directory
|
|
|
37
37
|
|
|
38
38
|
## What You Get
|
|
39
39
|
|
|
40
|
-
- **
|
|
40
|
+
- **8 security rules** scanned against live traffic — leaked secrets, PII in responses, missing auth, N+1 queries flagged automatically
|
|
41
41
|
- **Action-level visibility** — see "Sign Up" and "Load Dashboard", not 47 raw HTTP requests
|
|
42
42
|
- **Duplicate detection** — same API called twice? Flagged with redundancy percentage
|
|
43
43
|
- **N+1 query detection** — same query pattern repeated 5+ times in a single request? That's an N+1
|
|
@@ -57,7 +57,7 @@ Brakit watches every action your app takes — not raw HTTP noise, but what actu
|
|
|
57
57
|
|
|
58
58
|
## Security Scanner
|
|
59
59
|
|
|
60
|
-
|
|
60
|
+
8 high-confidence rules that scan your live traffic and flag real issues — not theoretical ones:
|
|
61
61
|
|
|
62
62
|
| | Rule | What it catches |
|
|
63
63
|
| ------------ | ---------------- | ------------------------------------------------------------------------------- |
|
|
@@ -65,6 +65,7 @@ Brakit watches every action your app takes — not raw HTTP noise, but what actu
|
|
|
65
65
|
| **Critical** | Token in URL | Auth tokens in query parameters instead of headers |
|
|
66
66
|
| **Critical** | Stack Trace Leak | Internal stack traces sent to the client |
|
|
67
67
|
| **Critical** | Error Info Leak | DB connection strings, SQL queries, or secret values in error responses |
|
|
68
|
+
| Warning | PII in Response | API echoes back emails, returns full user records with internal IDs |
|
|
68
69
|
| Warning | Insecure Cookie | Missing `HttpOnly` or `SameSite` flags |
|
|
69
70
|
| Warning | Sensitive Logs | Passwords, secrets, or token values in console output |
|
|
70
71
|
| Warning | CORS + Credentials | `credentials: true` with wildcard origin |
|
|
@@ -77,6 +78,19 @@ Developers using AI tools (Cursor, Copilot, Claude Code) to generate API code th
|
|
|
77
78
|
|
|
78
79
|
---
|
|
79
80
|
|
|
81
|
+
## Principles — ZEAL
|
|
82
|
+
|
|
83
|
+
Everything we build is anchored around four pillars:
|
|
84
|
+
|
|
85
|
+
| | Pillar | What it means |
|
|
86
|
+
|---|---|---|
|
|
87
|
+
| **Z** | **Zero Config** | One command to start, zero config by default. Optional middleware for deeper integration — but the default path is always zero-touch. |
|
|
88
|
+
| **E** | **Extensible** | Open source. One file, one interface. Add a database adapter, security rule, or language SDK without touching brakit's core. |
|
|
89
|
+
| **A** | **AI-Native** | Built for the era where AI writes code humans don't fully review. A safety net for AI-generated APIs. |
|
|
90
|
+
| **L** | **Language Agnostic** | HTTP proxy works with any backend. SDK protocol accepts events from any language. Not locked to Node.js. |
|
|
91
|
+
|
|
92
|
+
---
|
|
93
|
+
|
|
80
94
|
## How It Works
|
|
81
95
|
|
|
82
96
|
```
|