coverme-security-scanner 3.0.0 → 3.2.0

package/dist/pdf/styles.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Clean, professional palette with subtle color accents
+ */
+export declare const colors: {
+    readonly background: "#FFFFFF";
+    readonly text: {
+        readonly primary: "#1a1a1a";
+        readonly secondary: "#4a4a4a";
+        readonly muted: "#7a7a7a";
+    };
+    readonly severity: {
+        readonly critical: {
+            readonly bg: "#FFFFFF";
+            readonly text: "#C41E3A";
+            readonly border: "#E8E8E8";
+        };
+        readonly high: {
+            readonly bg: "#FFFFFF";
+            readonly text: "#D2691E";
+            readonly border: "#E8E8E8";
+        };
+        readonly medium: {
+            readonly bg: "#FFFFFF";
+            readonly text: "#B8860B";
+            readonly border: "#E8E8E8";
+        };
+        readonly low: {
+            readonly bg: "#FFFFFF";
+            readonly text: "#2E8B57";
+            readonly border: "#E8E8E8";
+        };
+        readonly info: {
+            readonly bg: "#FFFFFF";
+            readonly text: "#4682B4";
+            readonly border: "#E8E8E8";
+        };
+    };
+    readonly border: "#E0E0E0";
+    readonly borderLight: "#F0F0F0";
+    readonly accent: "#2C5282";
+    readonly accentMuted: "#F7FAFC";
+    readonly table: {
+        readonly header: "#F7F7F7";
+        readonly headerText: "#1a1a1a";
+        readonly border: "#E0E0E0";
+        readonly altRow: "#FAFAFA";
+    };
+};
+export declare const fonts: {
+    readonly primary: "Helvetica";
+    readonly mono: "Courier";
+    readonly sizes: {
+        readonly title: 28;
+        readonly h1: 22;
+        readonly h2: 16;
+        readonly h3: 13;
+        readonly body: 10;
+        readonly small: 9;
+        readonly caption: 8;
+    };
+    readonly weights: {
+        readonly normal: "Helvetica";
+        readonly bold: "Helvetica-Bold";
+    };
+};
+export declare const spacing: {
+    readonly page: {
+        readonly margin: 50;
+        readonly top: 60;
+        readonly bottom: 50;
+    };
+    readonly section: 30;
+    readonly paragraph: 12;
+    readonly line: 4;
+};
+export declare const layout: {
+    readonly page: {
+        readonly width: 595.28;
+        readonly height: 841.89;
+    };
+    readonly content: {
+        readonly width: number;
+    };
+};

package/dist/pdf/styles.js

@@ -0,0 +1,89 @@
+/**
+ * Clean, professional palette with subtle color accents
+ */
+export const colors = {
+    // Base
+    background: '#FFFFFF',
+    text: {
+        primary: '#1a1a1a',
+        secondary: '#4a4a4a',
+        muted: '#7a7a7a',
+    },
+    // Severity - subtle, professional
+    severity: {
+        critical: {
+            bg: '#FFFFFF',
+            text: '#C41E3A', // Subtle red
+            border: '#E8E8E8',
+        },
+        high: {
+            bg: '#FFFFFF',
+            text: '#D2691E', // Subtle orange
+            border: '#E8E8E8',
+        },
+        medium: {
+            bg: '#FFFFFF',
+            text: '#B8860B', // Subtle gold
+            border: '#E8E8E8',
+        },
+        low: {
+            bg: '#FFFFFF',
+            text: '#2E8B57', // Subtle green
+            border: '#E8E8E8',
+        },
+        info: {
+            bg: '#FFFFFF',
+            text: '#4682B4', // Subtle blue
+            border: '#E8E8E8',
+        },
+    },
+    // UI elements
+    border: '#E0E0E0',
+    borderLight: '#F0F0F0',
+    accent: '#2C5282', // Professional blue
+    accentMuted: '#F7FAFC',
+    // Table
+    table: {
+        header: '#F7F7F7',
+        headerText: '#1a1a1a',
+        border: '#E0E0E0',
+        altRow: '#FAFAFA',
+    },
+};
+export const fonts = {
+    // Using system fonts for clean rendering
+    primary: 'Helvetica',
+    mono: 'Courier',
+    sizes: {
+        title: 28,
+        h1: 22,
+        h2: 16,
+        h3: 13,
+        body: 10,
+        small: 9,
+        caption: 8,
+    },
+    weights: {
+        normal: 'Helvetica',
+        bold: 'Helvetica-Bold',
+    },
+};
+export const spacing = {
+    page: {
+        margin: 50,
+        top: 60,
+        bottom: 50,
+    },
+    section: 30,
+    paragraph: 12,
+    line: 4,
+};
+export const layout = {
+    page: {
+        width: 595.28, // A4
+        height: 841.89, // A4
+    },
+    content: {
+        width: 595.28 - (50 * 2), // page width - margins
+    },
+};

package/dist/pdf/types.d.ts

@@ -0,0 +1,203 @@
+export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export interface CodeEvidence {
+    file: string;
+    startLine: number;
+    endLine?: number;
+    code: string;
+    highlight?: number[];
+    annotation?: string;
+}
+export interface Exploitability {
+    skillLevel: 'novice' | 'intermediate' | 'expert';
+    accessRequired: 'network' | 'adjacent' | 'local' | 'physical';
+    authRequired: 'none' | 'low' | 'high';
+    userInteraction: 'none' | 'required';
+    hasPublicExploit: boolean;
+    exploitMaturity: 'theoretical' | 'poc' | 'weaponized';
+    automatable: boolean;
+}
+export interface BlastRadius {
+    affectedUsers: 'none' | 'single' | 'subset' | 'all';
+    affectedData: string[];
+    affectedServices: string[];
+    cascadeRisk: boolean;
+    containment: 'isolated' | 'component' | 'system' | 'infrastructure';
+}
+export interface BusinessImpact {
+    confidentiality: 'none' | 'low' | 'high';
+    integrity: 'none' | 'low' | 'high';
+    availability: 'none' | 'low' | 'high';
+    financialExposure?: string;
+    complianceViolations?: string[];
+    reputationalRisk: 'low' | 'medium' | 'high';
+    slaImpact?: string;
+}
+export interface Finding {
+    id: string;
+    title: string;
+    severity: Severity;
+    file?: string;
+    line?: number;
+    issue?: string;
+    why?: string;
+    fix?: string;
+    description?: string;
+    impact?: string;
+    recommendation?: string;
+    status?: 'open' | 'resolved' | 'accepted' | 'partial';
+    dreadScore?: number;
+    codeEvidence?: CodeEvidence[];
+    exploitability?: Exploitability;
+    blastRadius?: BlastRadius;
+    businessImpact?: BusinessImpact;
+    cwe?: string;
+    cvssVector?: string;
+    cvssScore?: number;
+    relatedFindings?: string[];
+    attackChainPosition?: 'entry' | 'pivot' | 'objective';
+    proofOfConcept?: string;
+    references?: string[];
+}
+export interface ThreatModelEntry {
+    id: string;
+    severity: Severity;
+    dread?: number;
+    status: 'mitigated' | 'partial' | 'accepted' | 'open';
+    finding: string;
+}
+export interface ArchitectureComponent {
+    name: string;
+    technology: string;
+    description: string;
+}
+export interface NetworkConnection {
+    flow: string;
+    description: string;
+}
+export interface PortEntry {
+    port: number;
+    protocol: string;
+    component: string;
+    binding: string;
+    purpose: string;
+}
+export interface RemediationItem {
+    action: string;
+    finding: string;
+    owner: string;
+}
+export interface AttackChain {
+    id: string;
+    name: string;
+    description: string;
+    likelihood: 'low' | 'medium' | 'high' | 'critical';
+    impact: 'low' | 'medium' | 'high' | 'critical';
+    steps: {
+        order: number;
+        findingId: string;
+        action: string;
+        outcome: string;
+    }[];
+    mitigationStrategy: string;
+}
+export interface RiskMatrix {
+    category: string;
+    currentRisk: 'low' | 'medium' | 'high' | 'critical';
+    residualRisk: 'low' | 'medium' | 'high' | 'critical';
+    trend: 'improving' | 'stable' | 'worsening';
+}
+export interface QualityItem {
+    type: 'dead-code' | 'dry-violation' | 'deprecated';
+    action: 'DELETE' | 'MERGE' | 'REFACTOR';
+    file: string;
+    line?: number;
+    description: string;
+    relatedFiles?: string[];
+}
+export interface ResolvedIssue {
+    id: string;
+    title: string;
+    severity: Severity;
+    resolvedDate?: string;
+    resolution: string;
+}
+export interface SecurityReport {
+    project: string;
+    date: string;
+    branch?: string;
+    scope?: string;
+    components?: string[];
+    methodology?: string;
+    reviewType?: string;
+    author?: string;
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        total: number;
+    };
+    executiveSummary: string;
+    overallRiskLevel: 'critical' | 'high' | 'medium' | 'low';
+    topPriorities?: {
+        finding: string;
+        severity: Severity;
+        action: string;
+    }[];
+    attackChains?: AttackChain[];
+    riskMatrix?: RiskMatrix[];
+    architecture?: {
+        overview?: string;
+        components?: ArchitectureComponent[];
+        trustBoundaries?: {
+            id: string;
+            boundary: string;
+            trustLevel: string;
+            description: string;
+        }[];
+    };
+    network?: {
+        diagram?: string;
+        connections?: NetworkConnection[];
+        ports?: PortEntry[];
+        externalDeps?: {
+            service: string;
+            endpoint: string;
+            auth: string;
+            risk?: string;
+        }[];
+    };
+    findings: Finding[];
+    threatModel?: ThreatModelEntry[];
+    positiveObservations?: {
+        title: string;
+        description: string;
+    }[];
+    remediation?: {
+        p0?: RemediationItem[];
+        p1?: RemediationItem[];
+        p2?: RemediationItem[];
+        p3?: RemediationItem[];
+    };
+    complianceMapping?: {
+        framework: string;
+        controls: {
+            controlId: string;
+            name: string;
+            status: 'compliant' | 'partial' | 'non-compliant';
+            relatedFindings?: string[];
+        }[];
+    }[];
+    qualityReview?: {
+        deadCode?: QualityItem[];
+        dryViolations?: QualityItem[];
+        deprecated?: QualityItem[];
+    };
+    resolvedIssues?: ResolvedIssue[];
+    privacyAnalysis?: {
+        category: string;
+        risk: 'low' | 'medium' | 'high';
+        description: string;
+        mitigation?: string;
+    }[];
+}

package/dist/pdf/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,43 +1,44 @@
 {
   "name": "coverme-security-scanner",
-  "version": "3.0.0",
-  "description": "CoverMe Security Scanner - AI-powered security assessment tool for Claude Code",
+  "version": "3.2.0",
+  "description": "AI-powered security assessment reports with beautiful PDF output",
   "type": "module",
-  "main": "dist/index.js",
   "bin": {
-    "coverme": "dist/index.js"
+    "coverme": "./bin/coverme.js",
+    "coverme-install": "./bin/install-command.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
   },
   "scripts": {
     "build": "tsc",
-    "start": "node dist/index.js",
-    "dev": "tsx src/index.ts",
-    "typecheck": "tsc --noEmit",
-    "clean": "rm -rf dist",
     "prepublishOnly": "npm run build"
   },
+  "files": [
+    "dist",
+    "bin",
+    "commands"
+  ],
   "keywords": [
     "security",
-    "scanner",
     "assessment",
-    "claude-code",
-    "pdf-report"
+    "pdf",
+    "claude",
+    "audit"
   ],
-  "author": "Roy-ai",
+  "author": "",
   "license": "MIT",
-  "publishConfig": {
-    "access": "public"
-  },
   "dependencies": {
-    "commander": "^12.1.0",
     "pdfkit": "^0.15.0"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
-    "@types/pdfkit": "^0.13.4",
-    "tsx": "^4.19.0",
-    "typescript": "^5.6.0"
-  },
-  "engines": {
-    "node": ">=20.0.0"
+    "@types/node": "^20.0.0",
+    "@types/pdfkit": "^0.13.0",
+    "typescript": "^5.0.0"
   }
 }