cryptoserve 0.3.2 → 0.3.3

package/lib/census/report-html.mjs

@@ -250,7 +250,7 @@ export function generateHtml(data) {
   <div class="hero">
     <div class="hero-brand">CryptoServe Census</div>
     <h1>The State of Cryptography</h1>
-    <p class="hero-subtitle">Real-time analysis of cryptographic library adoption across npm and PyPI</p>
+    <p class="hero-subtitle">Real-time analysis of cryptographic library adoption across 11 package ecosystems</p>
     <div class="hero-stat">
       <span class="hero-stat-number" id="hero-ratio"></span>
       <span class="hero-stat-label">weak crypto downloads for every 1 PQC download</span>
@@ -258,16 +258,16 @@ export function generateHtml(data) {
   </div>
 
   <!-- NIST Deadline Countdown -->
-  <h2 class="section-title">NIST Post-Quantum Deadlines</h2>
-  <p class="section-subtitle">Time remaining before NIST mandates PQC migration</p>
+  <h2 class="section-title">NIST Post-Quantum Transition Deadlines</h2>
+  <p class="section-subtitle">Deadlines for quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, DSA) per NIST IR 8547. Symmetric crypto (AES) and hash functions (SHA-2, SHA-3) are not affected.</p>
   <div class="countdown-grid">
     <div class="countdown-item">
       <div class="countdown-days" id="countdown-2030"></div>
-      <div class="countdown-label">Days until 2030 (deprecate classical)</div>
+      <div class="countdown-label">Days until 2030 (deprecate quantum-vulnerable asymmetric crypto)</div>
     </div>
     <div class="countdown-item">
       <div class="countdown-days" id="countdown-2035"></div>
-      <div class="countdown-label">Days until 2035 (disallow classical)</div>
+      <div class="countdown-label">Days until 2035 (disallow quantum-vulnerable asymmetric crypto)</div>
     </div>
   </div>
 
@@ -367,9 +367,22 @@ export function generateHtml(data) {
 
   <!-- Methodology -->
   <div class="methodology">
-    <p><strong>Methodology:</strong> Download counts sourced from npm registry API and PyPI Stats API (last 30 days).
+    <p><strong>Methodology:</strong> Download counts from npm, PyPI, Go, Maven, crates.io, Packagist, NuGet, RubyGems, Hex, pub.dev, and CocoaPods (last 30 days).
+    Download counts reflect package manager installs (including CI/CD and transitive dependencies) and may overstate direct application usage.
     CVE data from NIST National Vulnerability Database (CWE-326, CWE-327, CWE-328).
-    Advisory data from GitHub Advisory Database. Package classification based on NIST SP 800-131A and CNSA 2.0 guidance.</p>
+    Advisory data from GitHub Advisory Database.</p>
+    <p style="margin-top: 0.5rem;"><strong>Classification:</strong> Packages categorized as <em>weak</em> (broken or deprecated algorithms: MD5, SHA-1, DES, RC4),
+    <em>modern</em> (current-generation algorithms: AES-GCM, SHA-256, ECDSA, Ed25519), or <em>PQC</em> (post-quantum: ML-KEM, ML-DSA, SLH-DSA).
+    Note: the 2030/2035 NIST deadlines apply to public-key cryptography only; symmetric ciphers (AES-128/256) and hash functions (SHA-2, SHA-3) remain approved beyond 2035.</p>
+    <p style="margin-top: 0.5rem;"><strong>Verify our data:</strong>
+    <a href="https://api.npmjs.org/downloads/point/last-month/" style="color:#06b6d4">npm API</a> |
+    <a href="https://pypistats.org/api/" style="color:#06b6d4">PyPI Stats</a> |
+    <a href="https://proxy.golang.org" style="color:#06b6d4">Go Proxy</a> |
+    <a href="https://search.maven.org" style="color:#06b6d4">Maven Central</a> |
+    <a href="https://crates.io/api/v1/crates/" style="color:#06b6d4">crates.io</a> |
+    <a href="https://services.nvd.nist.gov/rest/json/cves/2.0" style="color:#06b6d4">NIST NVD</a> |
+    <a href="https://api.github.com/advisories" style="color:#06b6d4">GitHub Advisories</a> |
+    <a href="https://csrc.nist.gov/pubs/ir/8547/final" style="color:#06b6d4">NIST IR 8547</a></p>
     <p style="margin-top: 0.5rem;">Generated by CryptoServe Census on <span id="collected-at"></span></p>
   </div>
 </div>

package/lib/census/report-terminal.mjs

@@ -114,12 +114,22 @@ export function renderTerminal(data, style) {
     lines.push('');
   }
 
-  // --- Next Steps ---
+  // --- Data Sources ---
   lines.push(divider());
+  lines.push(section('Data Sources'));
+  lines.push(dim('  Downloads: npm Registry API, PyPI Stats, Go Module Proxy, Maven Central, crates.io,'));
+  lines.push(dim('             Packagist, NuGet, RubyGems, Hex.pm, pub.dev, CocoaPods Trunk'));
+  lines.push(dim('  CVEs:      NIST NVD (CWE-326, CWE-327, CWE-328)'));
+  lines.push(dim('  Advisories: GitHub Advisory Database (reviewed, crypto-CWE filtered)'));
+  lines.push(dim('  Download counts reflect package installs (CI/CD + transitive deps), not direct usage'));
+  lines.push(dim('  NIST 2030/2035 deadlines target public-key crypto only (AES, SHA-2, SHA-3 unaffected)'));
+  lines.push('');
+
+  // --- Next Steps ---
   lines.push(section('Next Steps'));
   lines.push(info('Run `cryptoserve scan .` to find weak crypto in your code'));
   lines.push(info('Run `cryptoserve census --format html --output report.html` for visual report'));
-  lines.push(warning(`NIST requires PQC migration by 2030 -- ${data.nistDeadline2030} remaining`));
+  lines.push(warning(`NIST deprecates quantum-vulnerable public-key crypto by 2030 -- ${data.nistDeadline2030} remaining`));
   lines.push('');
 
   console.log(lines.join('\n'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cryptoserve",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "CryptoServe CLI - Cryptographic scanning, PQC analysis, encryption, and local key management",
   "type": "module",
   "bin": {