npm - coverme-security-scanner - Versions diffs - 3.0.0 → 3.2.0 - Mend

coverme-security-scanner 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +55 -65
package/bin/coverme.js +44 -0
package/bin/install-command.js +90 -0
package/commands/coverme.md +326 -0
package/dist/index.d.ts +3 -3
package/dist/index.js +2 -124
package/dist/pdf/generator.d.ts +48 -0
package/dist/pdf/generator.js +1235 -0
package/dist/pdf/styles.d.ts +84 -0
package/dist/pdf/styles.js +89 -0
package/dist/pdf/types.d.ts +203 -0
package/dist/pdf/types.js +1 -0
package/package.json +24 -23
package/.claude/commands/coverme.md +0 -349
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/pdf-generator.d.ts +0 -32
package/dist/pdf-generator.d.ts.map +0 -1
package/dist/pdf-generator.js +0 -564
package/dist/pdf-generator.js.map +0 -1
package/dist/types.d.ts +0 -141
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -6
package/dist/types.js.map +0 -1
package/src/index.ts +0 -137
package/src/pdf-generator.ts +0 -684
package/src/types.ts +0 -204
package/tsconfig.json +0 -20

package/dist/types.d.ts DELETED Viewed

@@ -1,141 +0,0 @@
-/**
- * CoverMe Scanner v3 - Type Definitions
- * Clean, minimal types for security assessment reports
- */
-export type Severity = 'critical' | 'high' | 'medium' | 'low' | 'info';
-export type ThreatStatus = 'open' | 'partial' | 'mitigated' | 'accepted';
-export type FixOwner = 'developer' | 'devops' | 'architect';
-export interface DreadScore {
-    damage: number;
-    reproducibility: number;
-    exploitability: number;
-    affectedUsers: number;
-    discoverability: number;
-    total: number;
-}
-export interface Finding {
-    id: string;
-    title: string;
-    severity: Severity;
-    category: string;
-    file: string;
-    line: number | string;
-    endLine?: number;
-    code?: string;
-    description: string;
-    recommendation: string;
-    cwe?: string;
-    owasp?: string;
-    dread?: DreadScore;
-    confidence?: number;
-    dpiPriority?: 'Today' | 'This Sprint' | 'Next Sprint' | 'Backlog';
-    crossReferences?: string[];
-    fixOwner?: FixOwner;
-}
-export interface ThreatModelEntry {
-    id: string;
-    threat: string;
-    category: 'STRIDE' | 'LINDDUN';
-    strideType?: 'S' | 'T' | 'R' | 'I' | 'D' | 'E';
-    status: ThreatStatus;
-    relatedFindings: string[];
-    mitigation?: string;
-    dreadScore?: number;
-}
-export interface QualityItem {
-    type: 'delete' | 'merge' | 'simplify';
-    file: string;
-    lines?: number;
-    title: string;
-    description: string;
-    reason: string;
-    roi: string;
-}
-export interface QualityReview {
-    deleteItems: QualityItem[];
-    mergeItems: QualityItem[];
-    simplifyItems: QualityItem[];
-    totalLinesRemovable: number;
-    percentageOfCodebase: number;
-}
-export interface ExecutiveSummary {
-    headline: string;
-    riskLevel: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
-    overview: string;
-    topRisks: string[];
-    positives: string[];
-    recommendedActions?: RecommendedAction[];
-}
-export interface RecommendedAction {
-    priority: number;
-    action: string;
-    owner: FixOwner;
-    effort?: string;
-}
-export interface ArchitectureComponent {
-    name: string;
-    type: 'service' | 'database' | 'cache' | 'external' | 'frontend';
-    description: string;
-    trustLevel: 'untrusted' | 'semi-trusted' | 'trusted';
-}
-export interface TrustBoundary {
-    name: string;
-    from: string;
-    to: string;
-    protocol: string;
-}
-export interface ArchitectureOverview {
-    components: ArchitectureComponent[];
-    trustBoundaries: TrustBoundary[];
-    criticalAssets: {
-        name: string;
-        type: string;
-        location: string;
-        protection: string;
-    }[];
-    dataFlows: string[];
-}
-export interface PositiveObservation {
-    title: string;
-    description: string;
-}
-export interface ResolvedIssue {
-    id: string;
-    title: string;
-    originalSeverity: Severity;
-    resolution: string;
-    resolvedDate: string;
-}
-export interface ScanResult {
-    projectName: string;
-    scanDate: string;
-    branch?: string;
-    commit?: string;
-    filesScanned: number;
-    linesOfCode: number;
-    projectTree?: string;
-    projectOverview?: {
-        name: string;
-        type: string;
-        stack: string[];
-        purpose: string;
-        architecture: string;
-        keyComponents: string[];
-    };
-    executiveSummary?: ExecutiveSummary;
-    architectureOverview?: ArchitectureOverview;
-    findings: Finding[];
-    threatModel?: ThreatModelEntry[];
-    qualityReview?: QualityReview;
-    positiveObservations?: PositiveObservation[];
-    previouslyResolved?: ResolvedIssue[];
-    summary: {
-        total: number;
-        critical: number;
-        high: number;
-        medium: number;
-        low: number;
-        info: number;
-    };
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AACvE,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,SAAS,GAAG,WAAW,GAAG,UAAU,CAAC;AACzE,MAAM,MAAM,QAAQ,GAAG,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;AAM5D,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IAGjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IAGd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IAGvB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,UAAU,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,GAAG,aAAa,GAAG,aAAa,GAAG,SAAS,CAAC;IAGlE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC/B,UAAU,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IAC/C,MAAM,EAAE,YAAY,CAAC;IACrB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,QAAQ,GAAG,OAAO,GAAG,UAAU,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,WAAW,EAAE,CAAC;IAC3B,UAAU,EAAE,WAAW,EAAE,CAAC;IAC1B,aAAa,EAAE,WAAW,EAAE,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAMD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;CAC1C;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,QAAQ,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAMD,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,WAAW,GAAG,cAAc,GAAG,SAAS,CAAC;CACtD;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,qBAAqB,EAAE,CAAC;IACpC,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,cAAc,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACvF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAMD,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,QAAQ,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACtB;AAMD,MAAM,WAAW,UAAU;IAEzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,EAAE,CAAC;KACzB,CAAC;IAGF,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACjC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC7C,kBAAkB,CAAC,EAAE,aAAa,EAAE,CAAC;IAGrC,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH"}

package/dist/types.js DELETED Viewed

@@ -1,6 +0,0 @@
-/**
- * CoverMe Scanner v3 - Type Definitions
- * Clean, minimal types for security assessment reports
- */
-export {};
-//# sourceMappingURL=types.js.map

package/dist/types.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/src/index.ts DELETED Viewed

@@ -1,137 +0,0 @@
-#!/usr/bin/env node
-/**
- * CoverMe Scanner v3 - CLI Entry Point
- * Simple CLI: coverme report <json-file>
- */
-import { Command } from 'commander';
-import { readFileSync, existsSync } from 'fs';
-import { resolve, dirname, basename, extname } from 'path';
-import { PDFGenerator } from './pdf-generator.js';
-import type { ScanResult } from './types.js';
-const program = new Command();
-program
-  .name('coverme')
-  .description('CoverMe Security Scanner v3 - Generate PDF reports from scan results')
-  .version('3.0.0');
-program
-  .command('report <json-file>')
-  .description('Generate a PDF report from a JSON scan result')
-  .option('-o, --output <path>', 'Output PDF path')
-  .option('--open', 'Open PDF after generation')
-  .action(async (jsonFile: string, options: { output?: string; open?: boolean }) => {
-    try {
-      const inputPath = resolve(jsonFile);
-      if (!existsSync(inputPath)) {
-        console.error(`Error: File not found: ${inputPath}`);
-        process.exit(1);
-      }
-      const rawData = readFileSync(inputPath, 'utf-8');
-      let data: ScanResult;
-      try {
-        data = JSON.parse(rawData) as ScanResult;
-      } catch {
-        console.error('Error: Invalid JSON file');
-        process.exit(1);
-      }
-      // Validate required fields
-      if (!data.projectName || !data.findings) {
-        console.error('Error: JSON must contain projectName and findings array');
-        process.exit(1);
-      }
-      // Determine output path
-      const outputPath = options.output
-        ? resolve(options.output)
-        : resolve(dirname(inputPath), `${basename(inputPath, extname(inputPath))}.pdf`);
-      console.log(`Generating PDF report for: ${data.projectName}`);
-      console.log(`Findings: ${data.findings.length}`);
-      const generator = new PDFGenerator();
-      await generator.generate(data, outputPath);
-      console.log(`Report saved to: ${outputPath}`);
-      // Open PDF if requested
-      if (options.open) {
-        const { exec } = await import('child_process');
-        const openCmd = process.platform === 'darwin' ? 'open' :
-                        process.platform === 'win32' ? 'start' : 'xdg-open';
-        exec(`${openCmd} "${outputPath}"`);
-      }
-    } catch (error) {
-      console.error('Error generating report:', error instanceof Error ? error.message : error);
-      process.exit(1);
-    }
-  });
-program
-  .command('validate <json-file>')
-  .description('Validate a JSON scan result without generating PDF')
-  .action((jsonFile: string) => {
-    try {
-      const inputPath = resolve(jsonFile);
-      if (!existsSync(inputPath)) {
-        console.error(`Error: File not found: ${inputPath}`);
-        process.exit(1);
-      }
-      const rawData = readFileSync(inputPath, 'utf-8');
-      const data = JSON.parse(rawData) as ScanResult;
-      // Validation checks
-      const errors: string[] = [];
-      const warnings: string[] = [];
-      if (!data.projectName) errors.push('Missing projectName');
-      if (!data.findings || !Array.isArray(data.findings)) errors.push('Missing or invalid findings array');
-      if (!data.executiveSummary) warnings.push('Missing executiveSummary');
-      if (!data.threatModel) warnings.push('Missing threatModel');
-      // Validate findings
-      if (data.findings) {
-        data.findings.forEach((f, i) => {
-          if (!f.title) errors.push(`Finding ${i + 1}: missing title`);
-          if (!f.severity) errors.push(`Finding ${i + 1}: missing severity`);
-          if (!f.description) warnings.push(`Finding ${i + 1}: missing description`);
-          if (!f.dpiPriority) warnings.push(`Finding ${i + 1}: missing dpiPriority`);
-        });
-      }
-      if (errors.length > 0) {
-        console.error('Validation FAILED:');
-        errors.forEach(e => console.error(`  - ${e}`));
-        if (warnings.length > 0) {
-          console.warn('Warnings:');
-          warnings.forEach(w => console.warn(`  - ${w}`));
-        }
-        process.exit(1);
-      }
-      console.log('Validation PASSED');
-      console.log(`  Project: ${data.projectName}`);
-      console.log(`  Findings: ${data.findings.length}`);
-      console.log(`  Threat Model: ${data.threatModel ? 'Yes' : 'No'}`);
-      console.log(`  Quality Review: ${data.qualityReview ? 'Yes' : 'No'}`);
-      if (warnings.length > 0) {
-        console.warn('Warnings:');
-        warnings.forEach(w => console.warn(`  - ${w}`));
-      }
-    } catch (error) {
-      console.error('Error:', error instanceof Error ? error.message : error);
-      process.exit(1);
-    }
-  });
-program.parse();