npm - coverme-security-scanner - Versions diffs - 3.7.2 → 3.7.4 - Mend

coverme-security-scanner 3.7.2 → 3.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/bin/coverme.js CHANGED Viewed

File without changes

package/bin/install-command.js CHANGED Viewed

File without changes

package/bin/merge-reports.js CHANGED Viewed

File without changes

package/commands/coverme.md CHANGED Viewed

@@ -1,36 +1,21 @@
 # Security Assessment
-You MUST follow these steps exactly. Do NOT deviate. Do NOT ask questions. Execute automatically.
+Run a security scan and generate a PDF report. Execute automatically without asking questions.
-## Step 1: Create directory
+## Step 1: Setup
 ```bash
 mkdir -p .coverme
 ```
-## Step 2: Launch 7 agents IN PARALLEL
+## Step 2: Run Security Scan
+Use ONE Task agent with subagent_type="general-purpose" to perform the full security assessment:
-You MUST use the Task tool 7 times in a SINGLE message. Each Task MUST have subagent_type="general-purpose" (NOT Explore).
+prompt: "Perform a comprehensive security assessment of this codebase. Analyze: 1) Architecture and tech stack 2) API endpoints and attack surface 3) Security vulnerabilities (secrets, injection, XSS, auth issues) 4) Infrastructure (Docker, CI/CD, dependencies). When done, use the Write tool to create .coverme/scan.json with this structure: {\"project\":\"<name>\",\"date\":\"2026-02-19\",\"executiveSummary\":\"<summary>\",\"summary\":{\"critical\":0,\"high\":0,\"medium\":0,\"low\":0,\"total\":0},\"overallRiskLevel\":\"low|medium|high|critical\",\"findings\":[{\"id\":\"VULN-01\",\"title\":\"\",\"severity\":\"critical|high|medium|low\",\"file\":\"\",\"line\":0,\"issue\":\"\",\"why\":\"\",\"fix\":\"\",\"cwe\":\"\"}],\"architecture\":{\"overview\":\"\",\"components\":[]},\"positiveObservations\":[{\"title\":\"\",\"description\":\"\"}]}"
-Task 1: description="Security Executive", subagent_type="general-purpose", prompt="Analyze codebase architecture and security posture. Then use the Write tool to create .coverme/partial-01-executive.json with this exact structure: {\"project\":\"<name>\",\"date\":\"2026-02-19\",\"executiveSummary\":\"<summary>\",\"architecture\":{\"overview\":\"<text>\",\"components\":[{\"name\":\"\",\"technology\":\"\",\"description\":\"\"}],\"trustBoundaries\":[{\"id\":\"\",\"boundary\":\"\",\"trustLevel\":\"\",\"description\":\"\"}]},\"topPriorities\":[{\"finding\":\"\",\"severity\":\"\",\"action\":\"\"}]}"
-Task 2: description="Attack Surface", subagent_type="general-purpose", prompt="Map API endpoints and entry points. Then use the Write tool to create .coverme/partial-02-surface.json with: {\"network\":{\"diagram\":\"\",\"ports\":[],\"externalDeps\":[]},\"findings\":[]}"
-Task 3: description="Vulnerability Scan", subagent_type="general-purpose", prompt="Find security vulnerabilities with code evidence. Then use the Write tool to create .coverme/partial-03-vulns.json with: {\"findings\":[{\"id\":\"\",\"title\":\"\",\"severity\":\"\",\"file\":\"\",\"line\":0,\"issue\":\"\",\"why\":\"\",\"fix\":\"\",\"cwe\":\"\",\"codeEvidence\":[],\"proofOfConcept\":\"\"}]}"
-Task 4: description="Attack Chains", subagent_type="general-purpose", prompt="Identify attack chains. Then use the Write tool to create .coverme/partial-04-chains.json with: {\"attackChains\":[{\"id\":\"\",\"name\":\"\",\"description\":\"\",\"likelihood\":\"\",\"impact\":\"\",\"steps\":[],\"mitigationStrategy\":\"\"}],\"riskMatrix\":[]}"
-Task 5: description="Business Logic", subagent_type="general-purpose", prompt="Find business logic flaws. Then use the Write tool to create .coverme/partial-05-business.json with: {\"findings\":[],\"threatModel\":[]}"
-Task 6: description="Infrastructure", subagent_type="general-purpose", prompt="Check Docker, CI/CD, dependencies. Then use the Write tool to create .coverme/partial-06-infra.json with: {\"findings\":[],\"qualityReview\":{}}"
-Task 7: description="Compliance", subagent_type="general-purpose", prompt="Map to compliance frameworks. Then use the Write tool to create .coverme/partial-07-compliance.json with: {\"complianceMapping\":[],\"remediation\":{\"p0\":[],\"p1\":[],\"p2\":[],\"p3\":[]},\"positiveObservations\":[],\"privacyAnalysis\":[]}"
-## Step 3: Wait for agents
-Use AgentOutputTool to wait for all 7 agents to complete.
+## Step 3: Wait for agent to complete
+Use AgentOutputTool to wait for the agent.
 ## Step 4: Generate PDF
 ```bash
-coverme-merge .coverme && coverme .coverme/scan.json security-report.pdf && open security-report.pdf
+coverme .coverme/scan.json security-report.pdf && open security-report.pdf
 ```
-CRITICAL: Use subagent_type="general-purpose" for ALL agents. They MUST write JSON files using the Write tool.

package/dist/pdf/generator.js CHANGED Viewed

@@ -402,6 +402,9 @@ export class PDFGenerator {
             this.y = this.doc.y + spacing.paragraph;
         }
         if (report.architecture?.components?.length) {
+            // Start components table on new page to keep it together
+            this.newPage();
+            this.y = spacing.page.top;
             this.subTitle('Components');
             this.renderSimpleTable(['Component', 'Technology', 'Description'], report.architecture.components.map(c => [c.name, c.technology, c.description]), [100, 150, 245]);
         }
@@ -434,7 +437,6 @@ export class PDFGenerator {
                 this.y += 18;
             });
         }
-        this.checkPageBreak();
     }
     // ─────────────────────────────────────────────────────────────────
     // Network
@@ -614,15 +616,20 @@ export class PDFGenerator {
         const boxPadding = 12;
         const boxInnerWidth = layout.content.width - (boxPadding * 2);
         const style = colors.severity[finding.severity];
-        // ID in severity color, title in black
+        // ID in severity color, title in black - allow wrapping for long titles
+        const titleText = `[${finding.id}] ${finding.title}`;
+        const titleHeight = this.doc
+            .font(fonts.weights.bold)
+            .fontSize(fonts.sizes.body)
+            .heightOfString(titleText, { width: layout.content.width });
         this.doc
             .font(fonts.weights.bold)
             .fontSize(fonts.sizes.body)
             .fillColor(style.text)
             .text(`[${finding.id}]`, spacing.page.margin, this.y, { continued: true })
             .fillColor(colors.text.primary)
-            .text(` ${finding.title}`);
-        this.y += 18;
+            .text(` ${finding.title}`, { width: layout.content.width - 60 });
+        this.y = this.doc.y + 4;
         // Cross-references and DREAD score line
         const hasRefs = finding.relatedFindings?.length || finding.dreadScore || finding.cwe;
         if (hasRefs) {
@@ -1141,53 +1148,73 @@ export class PDFGenerator {
         this.y += 20;
     }
     renderSimpleTable(headers, rows, colWidths) {
-        const rowHeight = 24;
+        const minRowHeight = 24;
         const x = spacing.page.margin;
-        // Header
-        this.doc
-            .rect(x, this.y, layout.content.width, rowHeight)
-            .fill(colors.table.header);
-        let colX = x;
-        headers.forEach((header, i) => {
+        const cellPadding = 8;
+        // Helper to render table header
+        const renderHeader = () => {
             this.doc
-                .font(fonts.weights.bold)
-                .fontSize(fonts.sizes.small)
-                .fillColor(colors.table.headerText)
-                .text(header, colX + 8, this.y + 7, {
-                width: colWidths[i] - 16,
+                .rect(x, this.y, layout.content.width, minRowHeight)
+                .fill(colors.table.header);
+            let colX = x;
+            headers.forEach((header, i) => {
+                this.doc
+                    .font(fonts.weights.bold)
+                    .fontSize(fonts.sizes.small)
+                    .fillColor(colors.table.headerText)
+                    .text(header, colX + cellPadding, this.y + 7, {
+                    width: colWidths[i] - (cellPadding * 2),
+                });
+                colX += colWidths[i];
             });
-            colX += colWidths[i];
-        });
-        this.y += rowHeight;
-        // Rows
+            this.y += minRowHeight;
+        };
+        // Initial header
+        renderHeader();
+        // Rows - calculate dynamic height based on content
         rows.forEach((row, rowIndex) => {
-            this.checkPageBreak(rowHeight + 20);
+            // Calculate the height needed for this row based on longest cell
+            let maxCellHeight = minRowHeight;
+            row.forEach((cell, i) => {
+                const cellWidth = colWidths[i] - (cellPadding * 2);
+                const textHeight = this.doc
+                    .font(fonts.weights.normal)
+                    .fontSize(fonts.sizes.small)
+                    .heightOfString(cell, { width: cellWidth });
+                const cellHeight = Math.max(minRowHeight, textHeight + (cellPadding * 2));
+                maxCellHeight = Math.max(maxCellHeight, cellHeight);
+            });
+            // Check if we need a page break - if so, re-render header on new page
+            const needsPageBreak = this.y > layout.page.height - spacing.page.bottom - maxCellHeight - 20;
+            if (needsPageBreak) {
+                this.newPage();
+                renderHeader();
+            }
             // Alternating background
             if (rowIndex % 2 === 1) {
                 this.doc
-                    .rect(x, this.y, layout.content.width, rowHeight)
+                    .rect(x, this.y, layout.content.width, maxCellHeight)
                     .fill(colors.table.altRow);
             }
             // Border
             this.doc
-                .moveTo(x, this.y + rowHeight)
-                .lineTo(x + layout.content.width, this.y + rowHeight)
+                .moveTo(x, this.y + maxCellHeight)
+                .lineTo(x + layout.content.width, this.y + maxCellHeight)
                 .strokeColor(colors.table.border)
                 .lineWidth(0.5)
                 .stroke();
-            colX = x;
+            let colX = x;
             row.forEach((cell, i) => {
                 this.doc
                     .font(fonts.weights.normal)
                     .fontSize(fonts.sizes.small)
                     .fillColor(colors.text.primary)
-                    .text(cell, colX + 8, this.y + 7, {
-                    width: colWidths[i] - 16,
-                    ellipsis: true,
+                    .text(cell, colX + cellPadding, this.y + 7, {
+                    width: colWidths[i] - (cellPadding * 2),
                 });
                 colX += colWidths[i];
             });
-            this.y += rowHeight;
+            this.y += maxCellHeight;
         });
         this.y += spacing.paragraph;
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "coverme-security-scanner",
-  "version": "3.7.2",
+  "version": "3.7.4",
   "description": "AI-powered security assessment reports with beautiful PDF output",
   "type": "module",
   "bin": {