compromising-position 1.0.0

package/dist/checks/plugins/common-secrets-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const commonSecretsPlugin: CheckPlugin;
+//# sourceMappingURL=common-secrets-plugin.d.ts.map

package/dist/checks/plugins/common-secrets-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common-secrets-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/common-secrets-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAwEhD,eAAO,MAAM,mBAAmB,EAAE,WA0EjC,CAAC"}

package/dist/checks/plugins/common-secrets-plugin.js

@@ -0,0 +1,130 @@
+/**
+ * SHA-256 hashes of common passwords, default credentials, and placeholder values.
+ * Stored as hashes so the actual secrets never appear in source code.
+ * Implements NIST SP 800-63B Rev 4 mandatory blocklist screening.
+ */
+const COMMON_SECRET_HASHES = new Set([
+    // Top passwords: password, 123456, 12345678, qwerty, abc123, monkey, 1234567,
+    // letmein, trustno1, dragon, baseball, master, etc.
+    "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", // password
+    "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", // 123456
+    "ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f", // 12345678
+    "65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5", // qwerty
+    "6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090", // abc123
+    "ab56b4d92b40713acc5af89985d4b786c2f8fcc30898a36a2c8e3b3b3cdd7460", // 1234567
+    "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3", // 123456789
+    "03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4", // 1234
+    "5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5", // 12345
+    "20f3765880a5c269b747e1e906054a4b4a3a991259f1e16b5dde4742cec2319a", // 1234567890
+    "b822f1cd2dcfc685b47e83e3980289fd5d8e3ff3a82def24d7d1d68bb272eb32", // letmein
+    "fcab0453879a2b2281bc5073e3f5f93b2aee8f41109fbc3983180bfbf6ce8ade", // trustno1
+    "8621ffdbc5698829397d97767ac13db3f084e3e8d68e506c9cf5658c9e89b1c8", // dragon
+    "5906ac361a137e2d286465cd6588ebb5ac3f5ae955001100bc41577c3d751764", // baseball
+    "a8cfcd74832004951b4408cdb0a5dbcd8c7e52d43f7fe244bf720582e05241da", // iloveyou
+    "0ffe1abd1a08215353c233d6e009613e95eec4253832a761af28ff37ac5a150c", // master
+    "b7e94be513e96e8c45cd23f162275e5a12ebde9100a425c4ebcdd7fa4dcd897c", // sunshine
+    "f2d81a260dea8a100dd517984e53c56a7523d96942a834b9cdc249bd4e8c7aa9", // ashley
+    "b4b147bc522828731f1a016bfa72c073571be76ab0adb1a841c5eb4b79a56271", // michael
+    "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", // hello
+    // Common placeholder/test values
+    "057ba03d6c44104863dc7361fe4578965d1887360f90a0895882e58a6248fc86", // changeme
+    "8bb0cf6eb9b17d0f7d22b456f121257dc1254e1f01665370476383ea776df414", // password1
+    "b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342", // Password1
+    "a075d17f3d453073853f813838c15b8023b8c487038436354fe599c3942e1f95", // admin
+    "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b", // test
+    "e3b98a4da31a127d4bde6e43033f66ba274cab0eb7eb1c70ec41402bf6273dd8", // default
+    "4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8", // secret
+    "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", // secret
+]);
+/** Known placeholder patterns that indicate test/dummy values. */
+const PLACEHOLDER_PATTERNS = [
+    /^your[-_]?api[-_]?key[-_]?here$/i,
+    /^insert[-_]?api[-_]?key$/i,
+    /^replace[-_]?me$/i,
+    /^xxx+$/i,
+    /^todo$/i,
+    /^fixme$/i,
+    /^example$/i,
+    /^test[-_]?key$/i,
+    /^dummy$/i,
+    /^fake[-_]?key$/i,
+    /^placeholder$/i,
+    /^changeme$/i,
+    /^your[-_]?token[-_]?here$/i,
+    /^sk[-_]test[-_]xxx+$/i,
+];
+/** Sequential and keyboard patterns. */
+const SEQUENTIAL_PATTERNS = [
+    /^(.)\1{7,}$/, // aaaaaaaa
+    /^0123456789/,
+    /^abcdefgh/i,
+    /^qwerty/i,
+    /^asdfgh/i,
+    /^zxcvbn/i,
+];
+export const commonSecretsPlugin = {
+    id: "common-secrets",
+    name: "Common/Weak Secret Detection",
+    inputKind: "secret",
+    requiresNetwork: false,
+    requiredConfigKeys: [],
+    isFree: true,
+    privacySummary: "No data sent (local only)",
+    async check(input, _config) {
+        const secret = input;
+        // Check against hashed blocklist
+        const hash = secret.sha256Hex();
+        if (COMMON_SECRET_HASHES.has(hash)) {
+            return {
+                pluginId: "common-secrets",
+                pluginName: "Common/Weak Secret Detection",
+                found: true,
+                details: "Matches a commonly used password or default credential",
+                severity: "critical",
+                error: null,
+                metadata: { matchType: "blocklist" },
+            };
+        }
+        // Check placeholder patterns
+        const matchesPlaceholder = secret.withString((raw) => {
+            const trimmed = raw.trim();
+            return PLACEHOLDER_PATTERNS.some((p) => p.test(trimmed));
+        });
+        if (matchesPlaceholder) {
+            return {
+                pluginId: "common-secrets",
+                pluginName: "Common/Weak Secret Detection",
+                found: true,
+                details: "Matches a known placeholder or test value pattern",
+                severity: "medium",
+                error: null,
+                metadata: { matchType: "placeholder" },
+            };
+        }
+        // Check sequential/keyboard patterns
+        const matchesSequential = secret.withString((raw) => {
+            const trimmed = raw.trim();
+            return SEQUENTIAL_PATTERNS.some((p) => p.test(trimmed));
+        });
+        if (matchesSequential) {
+            return {
+                pluginId: "common-secrets",
+                pluginName: "Common/Weak Secret Detection",
+                found: true,
+                details: "Contains a sequential or keyboard pattern",
+                severity: "high",
+                error: null,
+                metadata: { matchType: "sequential" },
+            };
+        }
+        return {
+            pluginId: "common-secrets",
+            pluginName: "Common/Weak Secret Detection",
+            found: false,
+            details: "Not found in common secrets blocklist",
+            severity: "low",
+            error: null,
+        };
+    },
+};
+//# sourceMappingURL=common-secrets-plugin.js.map

package/dist/checks/plugins/common-secrets-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common-secrets-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/common-secrets-plugin.ts"],"names":[],"mappings":"AAKA;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,8EAA8E;IAC9E,oDAAoD;IACpD,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,YAAY;IAChF,kEAAkE,EAAE,OAAO;IAC3E,kEAAkE,EAAE,QAAQ;IAC5E,kEAAkE,EAAE,aAAa;IACjF,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,QAAQ;IAE5E,iCAAiC;IACjC,kEAAkE,EAAE,WAAW;IAC/E,kEAAkE,EAAE,YAAY;IAChF,kEAAkE,EAAE,YAAY;IAChF,kEAAkE,EAAE,QAAQ;IAC5E,kEAAkE,EAAE,OAAO;IAC3E,kEAAkE,EAAE,UAAU;IAC9E,kEAAkE,EAAE,SAAS;IAC7E,kEAAkE,EAAE,SAAS;CAC9E,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,oBAAoB,GAAG;IAC3B,kCAAkC;IAClC,2BAA2B;IAC3B,mBAAmB;IACnB,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,iBAAiB;IACjB,UAAU;IACV,iBAAiB;IACjB,gBAAgB;IAChB,aAAa;IACb,4BAA4B;IAC5B,uBAAuB;CACxB,CAAC;AAEF,wCAAwC;AACxC,MAAM,mBAAmB,GAAG;IAC1B,aAAa,EAAE,WAAW;IAC1B,aAAa;IACb,YAAY;IACZ,UAAU;IACV,UAAU;IACV,UAAU;CACX,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAgB;IAC9C,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,8BAA8B;IACpC,SAAS,EAAE,QAAQ;IACnB,eAAe,EAAE,KAAK;IACtB,kBAAkB,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI;IACZ,cAAc,EAAE,2BAA2B;IAE3C,KAAK,CAAC,KAAK,CACT,KAA4B,EAC5B,OAAkB;QAElB,MAAM,MAAM,GAAG,KAAqB,CAAC;QAErC,iCAAiC;QACjC,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,QAAQ,EAAE,gBAAgB;gBAC1B,UAAU,EAAE,8BAA8B;gBAC1C,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,wDAAwD;gBACjE,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE;aACrC,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,kBAAkB,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;YAC3B,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO;gBACL,QAAQ,EAAE,gBAAgB;gBAC1B,UAAU,EAAE,8BAA8B;gBAC1C,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,mDAAmD;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE;aACvC,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,MAAM,iBAAiB,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,EAAE;YAClD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;YAC3B,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO;gBACL,QAAQ,EAAE,gBAAgB;gBAC1B,UAAU,EAAE,8BAA8B;gBAC1C,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,2CAA2C;gBACpD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE;aACtC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,gBAAgB;YAC1B,UAAU,EAAE,8BAA8B;YAC1C,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,uCAAuC;YAChD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,IAAI;SACZ,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/checks/plugins/dehashed-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const dehashedPlugin: CheckPlugin;
+//# sourceMappingURL=dehashed-plugin.d.ts.map

package/dist/checks/plugins/dehashed-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dehashed-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/dehashed-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AA4BhD,eAAO,MAAM,cAAc,EAAE,WA+F5B,CAAC"}

package/dist/checks/plugins/dehashed-plugin.js

@@ -0,0 +1,86 @@
+import { sanitizeForTerminal } from "../../core/sanitize.js";
+const DEHASHED_BASE = "https://api.dehashed.com/search";
+const USER_AGENT = "compromising-position/1.0.0";
+export const dehashedPlugin = {
+    id: "dehashed",
+    name: "DeHashed",
+    inputKind: "email",
+    requiresNetwork: true,
+    requiredConfigKeys: ["DEHASHED_EMAIL", "DEHASHED_API_KEY"],
+    isFree: false,
+    privacySummary: "Full email -> api.dehashed.com (requires paid API key)",
+    async check(input, config) {
+        const email = input;
+        const dehashedEmail = config.pluginApiKeys["DEHASHED_EMAIL"];
+        const apiKey = config.pluginApiKeys["DEHASHED_API_KEY"];
+        if (!dehashedEmail || !apiKey) {
+            return {
+                pluginId: "dehashed",
+                pluginName: "DeHashed",
+                found: false,
+                details: "DeHashed credentials not configured",
+                severity: "info",
+                error: "Missing DEHASHED_EMAIL and/or DEHASHED_API_KEY",
+            };
+        }
+        try {
+            const credentials = Buffer.from(`${dehashedEmail}:${apiKey}`).toString("base64");
+            const response = await fetch(`${DEHASHED_BASE}?query=email:${encodeURIComponent(email)}&size=10`, {
+                headers: {
+                    Accept: "application/json",
+                    Authorization: `Basic ${credentials}`,
+                    "User-Agent": USER_AGENT,
+                },
+            });
+            if (!response.ok) {
+                const statusText = sanitizeForTerminal(response.statusText);
+                return {
+                    pluginId: "dehashed",
+                    pluginName: "DeHashed",
+                    found: false,
+                    details: `API error: ${response.status} ${statusText}`,
+                    severity: "info",
+                    error: `DeHashed API returned ${response.status}: ${statusText}`,
+                };
+            }
+            const data = (await response.json());
+            const found = data.total > 0;
+            // Count unique databases
+            const databases = new Set((data.entries ?? []).map((e) => e.database_name).filter(Boolean));
+            let severity = "low";
+            if (data.total > 10) {
+                severity = "critical";
+            }
+            else if (data.total > 0) {
+                severity = "high";
+            }
+            return {
+                pluginId: "dehashed",
+                pluginName: "DeHashed",
+                found,
+                details: found
+                    ? `Found ${data.total} record(s) across ${databases.size} database(s)`
+                    : "Not found in DeHashed database",
+                severity,
+                error: null,
+                metadata: {
+                    total: data.total,
+                    uniqueDatabases: databases.size,
+                    balance: data.balance,
+                },
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return {
+                pluginId: "dehashed",
+                pluginName: "DeHashed",
+                found: false,
+                details: `Network error: ${sanitizeForTerminal(message)}`,
+                severity: "info",
+                error: sanitizeForTerminal(message),
+            };
+        }
+    },
+};
+//# sourceMappingURL=dehashed-plugin.js.map

package/dist/checks/plugins/dehashed-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dehashed-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/dehashed-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAI7D,MAAM,aAAa,GAAG,iCAAiC,CAAC;AACxD,MAAM,UAAU,GAAG,6BAA6B,CAAC;AAwBjD,MAAM,CAAC,MAAM,cAAc,GAAgB;IACzC,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,UAAU;IAChB,SAAS,EAAE,OAAO;IAClB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;IAC1D,MAAM,EAAE,KAAK;IACb,cAAc,EAAE,wDAAwD;IAExE,KAAK,CAAC,KAAK,CACT,KAAc,EACd,MAAiB;QAEjB,MAAM,KAAK,GAAG,KAAe,CAAC;QAC9B,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAExD,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9B,OAAO;gBACL,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,UAAU;gBACtB,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,qCAAqC;gBAC9C,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,gDAAgD;aACxD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,IAAI,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,aAAa,gBAAgB,kBAAkB,CAAC,KAAK,CAAC,UAAU,EACnE;gBACE,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,aAAa,EAAE,SAAS,WAAW,EAAE;oBACrC,YAAY,EAAE,UAAU;iBACzB;aACF,CACF,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5D,OAAO;oBACL,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,UAAU;oBACtB,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,cAAc,QAAQ,CAAC,MAAM,IAAI,UAAU,EAAE;oBACtD,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,yBAAyB,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE;iBACjE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;YACzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;YAE7B,yBAAyB;YACzB,MAAM,SAAS,GAAG,IAAI,GAAG,CACvB,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CACjE,CAAC;YAEF,IAAI,QAAQ,GAAkC,KAAK,CAAC;YACpD,IAAI,IAAI,CAAC,KAAK,GAAG,EAAE,EAAE,CAAC;gBACpB,QAAQ,GAAG,UAAU,CAAC;YACxB,CAAC;iBAAM,IAAI,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC1B,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,UAAU;gBACtB,KAAK;gBACL,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,SAAS,IAAI,CAAC,KAAK,qBAAqB,SAAS,CAAC,IAAI,cAAc;oBACtE,CAAC,CAAC,gCAAgC;gBACpC,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE;oBACR,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,eAAe,EAAE,SAAS,CAAC,IAAI;oBAC/B,OAAO,EAAE,IAAI,CAAC,OAAO;iBACtB;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,UAAU;gBACtB,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,kBAAkB,mBAAmB,CAAC,OAAO,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,mBAAmB,CAAC,OAAO,CAAC;aACpC,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/checks/plugins/emailrep-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const emailRepPlugin: CheckPlugin;
+//# sourceMappingURL=emailrep-plugin.d.ts.map

package/dist/checks/plugins/emailrep-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"emailrep-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/emailrep-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAsChD,eAAO,MAAM,cAAc,EAAE,WAoG5B,CAAC"}

package/dist/checks/plugins/emailrep-plugin.js

@@ -0,0 +1,95 @@
+import { sanitizeForTerminal } from "../../core/sanitize.js";
+const EMAILREP_BASE = "https://emailrep.io";
+const USER_AGENT = "compromising-position/1.0.0";
+export const emailRepPlugin = {
+    id: "emailrep",
+    name: "EmailRep.io",
+    inputKind: "email",
+    requiresNetwork: true,
+    requiredConfigKeys: [],
+    isFree: true,
+    privacySummary: "Full email -> emailrep.io (free, 100/day)",
+    async check(input, config) {
+        const email = input;
+        const apiKey = config.pluginApiKeys["EMAILREP_API_KEY"];
+        try {
+            const headers = {
+                "User-Agent": USER_AGENT,
+                Accept: "application/json",
+            };
+            if (apiKey) {
+                headers["Key"] = apiKey;
+            }
+            const response = await fetch(`${EMAILREP_BASE}/${encodeURIComponent(email)}`, {
+                headers,
+            });
+            if (!response.ok) {
+                const statusText = sanitizeForTerminal(response.statusText);
+                return {
+                    pluginId: "emailrep",
+                    pluginName: "EmailRep.io",
+                    found: false,
+                    details: `API error: ${response.status} ${statusText}`,
+                    severity: "info",
+                    error: `EmailRep API returned ${response.status}: ${statusText}`,
+                };
+            }
+            const data = (await response.json());
+            const findings = [];
+            if (data.details.credentials_leaked) {
+                findings.push("credentials leaked");
+            }
+            if (data.details.data_breach) {
+                findings.push("found in data breach");
+            }
+            if (data.details.dark_web_appearance) {
+                findings.push("dark web appearance");
+            }
+            if (data.details.malicious_activity) {
+                findings.push("malicious activity detected");
+            }
+            const found = findings.length > 0;
+            let severity = "low";
+            if (data.details.credentials_leaked_recent || data.details.malicious_activity_recent) {
+                severity = "critical";
+            }
+            else if (data.details.credentials_leaked || data.details.dark_web_appearance) {
+                severity = "high";
+            }
+            else if (data.details.data_breach || data.suspicious) {
+                severity = "medium";
+            }
+            return {
+                pluginId: "emailrep",
+                pluginName: "EmailRep.io",
+                found,
+                details: found
+                    ? `Reputation: ${data.reputation} — ${findings.join(", ")}`
+                    : `Reputation: ${data.reputation} — no exposure found`,
+                severity,
+                error: null,
+                metadata: {
+                    reputation: data.reputation,
+                    suspicious: data.suspicious,
+                    references: data.references,
+                    credentialsLeaked: data.details.credentials_leaked,
+                    darkWebAppearance: data.details.dark_web_appearance,
+                    dataBreach: data.details.data_breach,
+                    profiles: data.details.profiles,
+                },
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return {
+                pluginId: "emailrep",
+                pluginName: "EmailRep.io",
+                found: false,
+                details: `Network error: ${sanitizeForTerminal(message)}`,
+                severity: "info",
+                error: sanitizeForTerminal(message),
+            };
+        }
+    },
+};
+//# sourceMappingURL=emailrep-plugin.js.map

package/dist/checks/plugins/emailrep-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"emailrep-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/emailrep-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAI7D,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAC5C,MAAM,UAAU,GAAG,6BAA6B,CAAC;AAkCjD,MAAM,CAAC,MAAM,cAAc,GAAgB;IACzC,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,aAAa;IACnB,SAAS,EAAE,OAAO;IAClB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI;IACZ,cAAc,EAAE,2CAA2C;IAE3D,KAAK,CAAC,KAAK,CACT,KAAc,EACd,MAAiB;QAEjB,MAAM,KAAK,GAAG,KAAe,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,OAAO,GAA2B;gBACtC,YAAY,EAAE,UAAU;gBACxB,MAAM,EAAE,kBAAkB;aAC3B,CAAC;YAEF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC;YAC1B,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,aAAa,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE;gBAC5E,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5D,OAAO;oBACL,QAAQ,EAAE,UAAU;oBACpB,UAAU,EAAE,aAAa;oBACzB,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,cAAc,QAAQ,CAAC,MAAM,IAAI,UAAU,EAAE;oBACtD,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,yBAAyB,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE;iBACjE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;YACzD,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACtC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACxC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC/C,CAAC;YAED,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;YAElC,IAAI,QAAQ,GAAkC,KAAK,CAAC;YACpD,IAAI,IAAI,CAAC,OAAO,CAAC,yBAAyB,IAAI,IAAI,CAAC,OAAO,CAAC,yBAAyB,EAAE,CAAC;gBACrF,QAAQ,GAAG,UAAU,CAAC;YACxB,CAAC;iBAAM,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;gBAC/E,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;iBAAM,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACvD,QAAQ,GAAG,QAAQ,CAAC;YACtB,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,aAAa;gBACzB,KAAK;gBACL,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,eAAe,IAAI,CAAC,UAAU,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAC3D,CAAC,CAAC,eAAe,IAAI,CAAC,UAAU,sBAAsB;gBACxD,QAAQ;gBACR,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE;oBACR,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,kBAAkB;oBAClD,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,mBAAmB;oBACnD,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;oBACpC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ;iBAChC;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,aAAa;gBACzB,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,kBAAkB,mBAAmB,CAAC,OAAO,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,mBAAmB,CAAC,OAAO,CAAC;aACpC,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/checks/plugins/gitguardian-hsl-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const gitGuardianHslPlugin: CheckPlugin;
+//# sourceMappingURL=gitguardian-hsl-plugin.d.ts.map

package/dist/checks/plugins/gitguardian-hsl-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitguardian-hsl-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/gitguardian-hsl-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAYhD,eAAO,MAAM,oBAAoB,EAAE,WAkFlC,CAAC"}

package/dist/checks/plugins/gitguardian-hsl-plugin.js

@@ -0,0 +1,75 @@
+import { sanitizeForTerminal } from "../../core/sanitize.js";
+const GITGUARDIAN_BASE = "https://api.gitguardian.com/v1";
+const USER_AGENT = "compromising-position/1.0.0";
+export const gitGuardianHslPlugin = {
+    id: "gitguardian-hsl",
+    name: "GitGuardian HasMySecretLeaked",
+    inputKind: "secret",
+    requiresNetwork: true,
+    requiredConfigKeys: ["GITGUARDIAN_API_TOKEN"],
+    isFree: false,
+    privacySummary: "SHA-256 hash -> api.gitguardian.com (requires API token)",
+    async check(input, config) {
+        const secret = input;
+        const apiToken = config.pluginApiKeys["GITGUARDIAN_API_TOKEN"];
+        if (!apiToken) {
+            return {
+                pluginId: "gitguardian-hsl",
+                pluginName: "GitGuardian HasMySecretLeaked",
+                found: false,
+                details: "GitGuardian API token not configured",
+                severity: "info",
+                error: "Missing GITGUARDIAN_API_TOKEN",
+            };
+        }
+        // Only send the SHA-256 hash, not the actual secret
+        const hash = secret.sha256Hex();
+        try {
+            const response = await fetch(`${GITGUARDIAN_BASE}/secret/has_secret_leaked`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    Authorization: `Token ${apiToken}`,
+                    "User-Agent": USER_AGENT,
+                },
+                body: JSON.stringify({ hash }),
+            });
+            if (!response.ok) {
+                const statusText = sanitizeForTerminal(response.statusText);
+                return {
+                    pluginId: "gitguardian-hsl",
+                    pluginName: "GitGuardian HasMySecretLeaked",
+                    found: false,
+                    details: `API error: ${response.status} ${statusText}`,
+                    severity: "info",
+                    error: `GitGuardian API returned ${response.status}: ${statusText}`,
+                };
+            }
+            const data = (await response.json());
+            const found = data.matches > 0;
+            return {
+                pluginId: "gitguardian-hsl",
+                pluginName: "GitGuardian HasMySecretLeaked",
+                found,
+                details: found
+                    ? `Found in ${data.matches} public GitHub repo(s)`
+                    : "Not found in public GitHub repos",
+                severity: found ? "critical" : "low",
+                error: null,
+                metadata: { matches: data.matches },
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return {
+                pluginId: "gitguardian-hsl",
+                pluginName: "GitGuardian HasMySecretLeaked",
+                found: false,
+                details: `Network error: ${sanitizeForTerminal(message)}`,
+                severity: "info",
+                error: sanitizeForTerminal(message),
+            };
+        }
+    },
+};
+//# sourceMappingURL=gitguardian-hsl-plugin.js.map

package/dist/checks/plugins/gitguardian-hsl-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitguardian-hsl-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/gitguardian-hsl-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAK7D,MAAM,gBAAgB,GAAG,gCAAgC,CAAC;AAC1D,MAAM,UAAU,GAAG,6BAA6B,CAAC;AAOjD,MAAM,CAAC,MAAM,oBAAoB,GAAgB;IAC/C,EAAE,EAAE,iBAAiB;IACrB,IAAI,EAAE,+BAA+B;IACrC,SAAS,EAAE,QAAQ;IACnB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,CAAC,uBAAuB,CAAC;IAC7C,MAAM,EAAE,KAAK;IACb,cAAc,EAAE,0DAA0D;IAE1E,KAAK,CAAC,KAAK,CACT,KAA4B,EAC5B,MAAiB;QAEjB,MAAM,MAAM,GAAG,KAAqB,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,aAAa,CAAC,uBAAuB,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,iBAAiB;gBAC3B,UAAU,EAAE,+BAA+B;gBAC3C,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,sCAAsC;gBAC/C,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,+BAA+B;aACvC,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,gBAAgB,2BAA2B,EAC9C;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,SAAS,QAAQ,EAAE;oBAClC,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;aAC/B,CACF,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC5D,OAAO;oBACL,QAAQ,EAAE,iBAAiB;oBAC3B,UAAU,EAAE,+BAA+B;oBAC3C,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,cAAc,QAAQ,CAAC,MAAM,IAAI,UAAU,EAAE;oBACtD,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,4BAA4B,QAAQ,CAAC,MAAM,KAAK,UAAU,EAAE;iBACpE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8B,CAAC;YAClE,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;YAE/B,OAAO;gBACL,QAAQ,EAAE,iBAAiB;gBAC3B,UAAU,EAAE,+BAA+B;gBAC3C,KAAK;gBACL,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,YAAY,IAAI,CAAC,OAAO,wBAAwB;oBAClD,CAAC,CAAC,kCAAkC;gBACtC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK;gBACpC,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;aACpC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,QAAQ,EAAE,iBAAiB;gBAC3B,UAAU,EAAE,+BAA+B;gBAC3C,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,kBAAkB,mBAAmB,CAAC,OAAO,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,mBAAmB,CAAC,OAAO,CAAC;aACpC,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/checks/plugins/hibp-email-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const hibpEmailPlugin: CheckPlugin;
+//# sourceMappingURL=hibp-email-plugin.d.ts.map

package/dist/checks/plugins/hibp-email-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp-email-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/hibp-email-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAIhD,eAAO,MAAM,eAAe,EAAE,WAgF7B,CAAC"}

package/dist/checks/plugins/hibp-email-plugin.js

@@ -0,0 +1,73 @@
+import { checkHibpEmail } from "../hibp-email.js";
+export const hibpEmailPlugin = {
+    id: "hibp-email",
+    name: "HIBP Email Breach Check",
+    inputKind: "email",
+    requiresNetwork: true,
+    requiredConfigKeys: ["HIBP_API_KEY"],
+    isFree: false,
+    privacySummary: "Full email -> haveibeenpwned.com (requires paid API key)",
+    async check(input, config) {
+        const email = input;
+        const apiKey = config.pluginApiKeys["HIBP_API_KEY"] ?? config.hibpApiKey;
+        if (!apiKey) {
+            return {
+                pluginId: "hibp-email",
+                pluginName: "HIBP Email Breach Check",
+                found: false,
+                details: "HIBP API key not configured",
+                severity: "info",
+                error: "Missing HIBP_API_KEY",
+            };
+        }
+        const result = await checkHibpEmail(email, apiKey);
+        if (result.error) {
+            return {
+                pluginId: "hibp-email",
+                pluginName: "HIBP Email Breach Check",
+                found: false,
+                details: result.error,
+                severity: "info",
+                error: result.error,
+            };
+        }
+        const totalFindings = result.breaches.length +
+            result.stealerLogs.length +
+            result.pastes.length;
+        const found = totalFindings > 0;
+        const parts = [];
+        if (result.breaches.length > 0) {
+            parts.push(`${result.breaches.length} breach(es)`);
+        }
+        if (result.stealerLogs.length > 0) {
+            parts.push(`${result.stealerLogs.length} stealer log(s)`);
+        }
+        if (result.pastes.length > 0) {
+            parts.push(`${result.pastes.length} paste(s)`);
+        }
+        let severity = "low";
+        if (result.stealerLogs.length > 0 || result.breaches.length > 10) {
+            severity = "critical";
+        }
+        else if (result.breaches.length > 0) {
+            severity = "high";
+        }
+        else if (result.pastes.length > 0) {
+            severity = "medium";
+        }
+        return {
+            pluginId: "hibp-email",
+            pluginName: "HIBP Email Breach Check",
+            found,
+            details: found ? `Found in: ${parts.join(", ")}` : "No breaches found",
+            severity,
+            error: null,
+            metadata: {
+                breachCount: result.breaches.length,
+                stealerLogCount: result.stealerLogs.length,
+                pasteCount: result.pastes.length,
+            },
+        };
+    },
+};
+//# sourceMappingURL=hibp-email-plugin.js.map

package/dist/checks/plugins/hibp-email-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp-email-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/hibp-email-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,MAAM,CAAC,MAAM,eAAe,GAAgB;IAC1C,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,yBAAyB;IAC/B,SAAS,EAAE,OAAO;IAClB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,CAAC,cAAc,CAAC;IACpC,MAAM,EAAE,KAAK;IACb,cAAc,EAAE,0DAA0D;IAE1E,KAAK,CAAC,KAAK,CACT,KAAc,EACd,MAAiB;QAEjB,MAAM,KAAK,GAAG,KAAe,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC;QAEzE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,yBAAyB;gBACrC,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,6BAA6B;gBACtC,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,sBAAsB;aAC9B,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;gBACL,QAAQ,EAAE,YAAY;gBACtB,UAAU,EAAE,yBAAyB;gBACrC,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,MAAM,CAAC,KAAK;gBACrB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GACjB,MAAM,CAAC,QAAQ,CAAC,MAAM;YACtB,MAAM,CAAC,WAAW,CAAC,MAAM;YACzB,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;QACvB,MAAM,KAAK,GAAG,aAAa,GAAG,CAAC,CAAC;QAEhC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,iBAAiB,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,QAAQ,GAAkC,KAAK,CAAC;QACpD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACjE,QAAQ,GAAG,UAAU,CAAC;QACxB,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,QAAQ,GAAG,MAAM,CAAC;QACpB,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,YAAY;YACtB,UAAU,EAAE,yBAAyB;YACrC,KAAK;YACL,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,aAAa,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB;YACtE,QAAQ;YACR,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE;gBACR,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;gBACnC,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM;gBAC1C,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;aACjC;SACF,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/checks/plugins/hibp-password-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const hibpPasswordPlugin: CheckPlugin;
+//# sourceMappingURL=hibp-password-plugin.d.ts.map

package/dist/checks/plugins/hibp-password-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp-password-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/hibp-password-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAKhD,eAAO,MAAM,kBAAkB,EAAE,WA0ChC,CAAC"}

package/dist/checks/plugins/hibp-password-plugin.js

@@ -0,0 +1,39 @@
+import { checkHibpPassword } from "../hibp-password.js";
+export const hibpPasswordPlugin = {
+    id: "hibp-password",
+    name: "HIBP Password Check",
+    inputKind: "secret",
+    requiresNetwork: true,
+    requiredConfigKeys: [],
+    isFree: true,
+    privacySummary: "SHA-1 prefix (5 hex chars) -> api.pwnedpasswords.com",
+    async check(input, _config) {
+        const secret = input;
+        const result = await checkHibpPassword(secret);
+        if (result.error) {
+            return {
+                pluginId: "hibp-password",
+                pluginName: "HIBP Password Check",
+                found: false,
+                details: result.error,
+                severity: "info",
+                error: result.error,
+            };
+        }
+        return {
+            pluginId: "hibp-password",
+            pluginName: "HIBP Password Check",
+            found: result.found,
+            details: result.found
+                ? `Found in ${result.occurrences.toLocaleString()} breach(es)`
+                : "Not found in breach data",
+            severity: result.found ? "critical" : "low",
+            error: null,
+            metadata: {
+                occurrences: result.occurrences,
+                hashPrefix: result.hashPrefix,
+            },
+        };
+    },
+};
+//# sourceMappingURL=hibp-password-plugin.js.map

package/dist/checks/plugins/hibp-password-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hibp-password-plugin.js","sourceRoot":"","sources":["../../../src/checks/plugins/hibp-password-plugin.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,CAAC,MAAM,kBAAkB,GAAgB;IAC7C,EAAE,EAAE,eAAe;IACnB,IAAI,EAAE,qBAAqB;IAC3B,SAAS,EAAE,QAAQ;IACnB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,EAAE;IACtB,MAAM,EAAE,IAAI;IACZ,cAAc,EAAE,sDAAsD;IAEtE,KAAK,CAAC,KAAK,CACT,KAA4B,EAC5B,OAAkB;QAElB,MAAM,MAAM,GAAG,KAAqB,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO;gBACL,QAAQ,EAAE,eAAe;gBACzB,UAAU,EAAE,qBAAqB;gBACjC,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,MAAM,CAAC,KAAK;gBACrB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,eAAe;YACzB,UAAU,EAAE,qBAAqB;YACjC,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,KAAK;gBACnB,CAAC,CAAC,YAAY,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE,aAAa;gBAC9D,CAAC,CAAC,0BAA0B;YAC9B,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK;YAC3C,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE;gBACR,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B;SACF,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/checks/plugins/intelx-plugin.d.ts

@@ -0,0 +1,3 @@
+import type { CheckPlugin } from "../plugin.js";
+export declare const intelXPlugin: CheckPlugin;
+//# sourceMappingURL=intelx-plugin.d.ts.map

package/dist/checks/plugins/intelx-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"intelx-plugin.d.ts","sourceRoot":"","sources":["../../../src/checks/plugins/intelx-plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAyBhD,eAAO,MAAM,YAAY,EAAE,WA8H1B,CAAC"}