entkapp 5.2.4 → 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,75 +1,68 @@
1
- # 🕸️ entkapp Ultimate v5.2.4
1
+ # 🕸️ entkapp Ultimate v5.3.1
2
2
 
3
- > **The Ultimate Enterprise Codebase Janitor.** Faster than Knip with OXC integration, type-aware analysis, and automated structural healing. Fully standalone - solving what Knip cannot.
3
+ > **The Ultimate Enterprise Codebase Janitor.** High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.
4
4
 
5
5
  ![Version](https://img.shields.io/npm/v/entkapp) ![License](https://img.shields.io/badge/license-Apache--2.0-green.svg) ![Performance](https://img.shields.io/badge/performance-OXC--Inside-blueviolet.svg)
6
6
 
7
7
  ---
8
8
 
9
- `entkapp` ist eine next-generation Engine zur statischen Code-Analyse, die die Stabilität der bewährten Version 7 mit den Hochleistungs-Features der Version 9 kombiniert. Sie findet ungenutzte Dateien, tote Exports, zirkuläre Abhängigkeiten und Sicherheitsrisiken schneller als jedes andere Tool im Ökosystem.
9
+ `entkapp` is a next-generation static code analysis engine. It identifies unused files, dead exports, circular dependencies, and security risks faster than any other tool in the ecosystem..
10
10
 
11
- ## 🚀 Warum entkapp?
11
+ ## 🚀 Why entkapp?
12
12
 
13
- * **⚡ Blazing Fast:** Nutzt den Rust-basierten `oxc-parser` für extrem schnelle AST-Traversierung, kombiniert mit der TypeScript Compiler API für tiefe semantische Analysen.
14
- * **🔌 Massives Plugin-System:** Über 80+ integrierte Plugins (React, Vue, Svelte, Angular, Next.js, Nuxt, SvelteKit, Astro, Vite, Webpack, Turbo, Nx, Tailwind, ESLint, Prettier und viele mehr).
15
- * **💀 True Dead Code Detection:** Fortschrittliche graphbasierte Analyse zur Identifizierung von wirklich verwaistem Code.
16
- * **🔄 Circular Dependency Detection:** Hochperformante Erkennung von zirkulären Abhängigkeiten mittels Tarjan's Algorithmus.
17
- * **🔐 Secrets Scanning:** Automatische Erkennung von hartkodierten API-Keys, Tokens und Anmeldedaten.
18
- * **🛠️ Automated Structural Healing:** Repariert Abhängigkeitsprobleme und strukturelle Fehler automatisch mit Git-basiertem Rollback-Schutz.
13
+ * **⚡ Blazing Fast:** Leverages the Rust-based `oxc-parser` for ultra-fast AST traversal, combined with the TypeScript Compiler API for deep semantic analysis.
14
+ * **🔌 Massive Plugin System:** Over 98 built-in plugins (React, Vue, Svelte, Angular, Next.js, Nuxt, SvelteKit, Astro, Vite, Webpack, Turbo, Nx, Tailwind, ESLint, Prettier, and many more).
15
+ * **💀 True Dead Code Detection:** Advanced graph-based analysis to identify genuinely orphaned code.
16
+ * **🔄 Circular Dependency Detection:** High-performance detection of circular dependencies using Tarjan's algorithm.
17
+ * **🔐 Secrets Scanning:** Automatic detection of hardcoded API keys, tokens, and credentials.
18
+ * **🛠️ Automated Structural Healing:** Automatically fixes dependency issues and structural errors with Git-based rollback protection.
19
19
 
20
20
  ## 📦 Installation
21
21
 
22
22
  ```bash
23
- # Direkt ausführen ohne Installation (empfohlen)
23
+ # Run directly without installation (recommended)
24
24
  npx entkapp
25
25
 
26
- # Oder global installieren
26
+ # Or install it globally
27
27
  npm install -g entkapp
28
28
  ```
29
29
 
30
- ## 🛠️ Nutzung
30
+ ## 🛠️ Usage
31
31
 
32
- ### Interaktiver Modus (Standard)
33
- Startet den interaktiven Analyse- und Scaffolding-Workflow:
32
+ ### Interactive Mode (Default)
33
+ Starts the interactive analysis:
34
34
  ```bash
35
- npx entkapp
35
+ npx entkapp -r
36
36
  ```
37
37
 
38
- ### Headless Analyse-Modus
39
- Ideal für CI/CD-Pipelines. Führt die Analyse ohne Prompts durch und gibt JSON aus:
38
+ ### Headless Analysis Mode
39
+ Ideal for CI/CD pipelines. Performs analysis without prompts and outputs JSON:
40
40
  ```bash
41
41
  npx entkapp --analyze
42
42
  ```
43
43
 
44
- ### Auto-Fix Modus
45
- Behebt automatisch Abhängigkeitskonflikte und strukturelle Probleme:
44
+ ### Auto-Fix Mode
45
+ Automatically resolves dependency conflicts and structural issues:
46
46
  ```bash
47
47
  npx entkapp --fix
48
48
  ```
49
49
 
50
- ### Zusätzliche Optionen
50
+ ### Additional Options
51
51
  ```bash
52
- npx entkapp --cwd ./mein-projekt # Analysiert ein spezifisches Verzeichnis
53
- npx entkapp --verbose # Aktiviert detailliertes Logging
54
- npx entkapp --version # Zeigt die Versionsnummer
55
- npx entkapp --help # Zeigt das Hilfe-Panel
52
+ npx entkapp --cwd ./my-project -r # Analyzes a specific directory
53
+ npx entkapp --verbose -r # Enables detailed logging
54
+ npx entkapp --version # Displays the version number
55
+ npx entkapp --help # Displays the help panel
56
56
  ```
57
57
 
58
- ## 🧠 Fortgeschrittene Architektur
58
+ ## 🧠 Advanced Architecture
59
59
 
60
60
  ### Incremental Caching
61
- `entkapp` verwendet eine persistente Graph-Status-Schicht (`.entkapp-cache`). Es berechnet SHA-256 Hashes von Dateipuffern, um das AST-Parsing für unveränderte Dateien zu überspringen.
61
+ `entkapp` uses a persistent graph state layer (`.entkapp-cache`). It calculates SHA-256 hashes of file buffers to skip AST parsing for unchanged files.
62
62
 
63
63
  ### Parallel Analysis
64
- Bei größeren Codebasen verteilt `entkapp` die Arbeitslast automatisch auf mehrere CPU-Threads mittels Node.js Worker Threads.
65
-
66
- ### Pluggable Architecture
67
- Die Engine ist modular aufgebaut:
68
- - **`EntkappEngine`**: Der zentrale Orchestrator.
69
- - **`PluginRegistry`**: Verwaltet den Lebenszyklus der Framework-Plugins.
70
- - **`ASTAnalyzer` / `OxcAnalyzer`**: Multi-pass AST-Walker für tiefgehende Analysen.
71
- - **`SelfHealer`**: Transaktionales Refactoring mit Git-State-Capture und Rollback.
64
+ For larger codebases, `entkapp` automatically distributes the workload across multiple CPU threads using Node.js Worker Threads.
72
65
 
73
- ## 📄 Lizenz
66
+ ## 📄 License
74
67
 
75
- Apache-2.0
68
+ Apache-2.0
package/bin/cli.js CHANGED
@@ -28,7 +28,7 @@ async function bootstrap() {
28
28
  program
29
29
  .name('entkapp')
30
30
  .description(ansis.cyan('The Ultimate Enterprise Codebase Janitor with OXC integration, type-aware analysis, and automated structural healing.'))
31
- .version(packageJsonContent.version || '5.1.0');
31
+ .version(packageJsonContent.version || '5.3.1');
32
32
 
33
33
  program
34
34
  .option('-c, --cwd <path>', 'Specify the execution context root directory', process.cwd())
@@ -109,7 +109,7 @@ async function bootstrap() {
109
109
  try {
110
110
  const { ConfigLoader } = await import('../src/resolution/ConfigLoader.js');
111
111
  const loader = new ConfigLoader(targetCwd);
112
- localConfig = await loader.loadConfig(targetCwd);
112
+ localConfig = await loader.loadConfig();
113
113
  } catch (e) {}
114
114
 
115
115
  // Merge options with local config
@@ -132,7 +132,7 @@ async function bootstrap() {
132
132
  }, timeoutMs);
133
133
  timeoutTimer.unref(); // Allow process to exit if work finishes
134
134
 
135
- console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.1.0'} Engine Activation`));
135
+ console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.3.1'} Engine Activation`));
136
136
  console.log(ansis.dim('------------------------------------------------------------'));
137
137
  console.log(`${ansis.bold('Target Workspace Root :')} ${ansis.blue(targetCwd)}`);
138
138
  console.log(`${ansis.bold('Refactoring Mode :')} ${options.fix ? ansis.yellow('Active Fixing & Self-Healing Enabled') : ansis.gray('Dry-Run Reporting Only')}`);
@@ -1,5 +1,5 @@
1
1
  {
2
- "$schema": "https://unpkg.com/entkapp@5.2.4/schema.json"
2
+ "$schema": "https://unpkg.com/entkapp@latest/schema.json",
3
3
  "interface": "CLI",
4
4
  "useBuiltinPlugins": true,
5
5
  "useCustomPlugins": true,
@@ -26,5 +26,21 @@
26
26
  "dist",
27
27
  "build",
28
28
  "coverage"
29
- ]
29
+ ],
30
+ "entryPoints": [],
31
+ "workspace": {
32
+ "enabled": false,
33
+ "enforcePackageBoundaries": true,
34
+ "checkVersionMismatches": true
35
+ },
36
+ "tsconfig": {
37
+ "filename": "tsconfig.json",
38
+ "followProjectReferences": true,
39
+ "resolveAliases": true
40
+ },
41
+ "buildScripts": {
42
+ "scanWorkspaceScripts": true,
43
+ "scanCIWorkflows": true,
44
+ "scanConfigFiles": true
45
+ }
30
46
  }
@@ -1,19 +1,59 @@
1
- # entkapp Plugins
1
+ # 🔌 entkapp Plugins (v5.3.0)
2
2
 
3
- This directory is for your custom plugins. entkapp will automatically load any `.js` or `.mjs` files placed here if `useCustomPlugins` is set to `true` in your `config.json`.
3
+ Dieses Verzeichnis dient für deine benutzerdefinierten Plugins. entkapp lädt automatisch alle `.js` oder `.mjs` Dateien aus diesem Ordner, wenn `useCustomPlugins` in deiner `config.json` auf `true` gesetzt ist.
4
4
 
5
- ## Supported Ecosystems (Built-in)
5
+ ## 📦 Integrierte Framework- & Tool-Plugins (98 Gesamt)
6
6
 
7
- - **Next.js**: Handles pages, API routes, and App Router conventions.
8
- - **Nuxt**: Supports auto-imports and server routes.
9
- - **Remix**: Maps loaders, actions, and root exports.
10
- - **SvelteKit**: Tracks `+page`, `+layout`, and server-side scripts.
11
- - **Astro**: Analyzes `.astro` files and static paths.
7
+ entkapp verfügt über eine massive Bibliothek von 98 integrierten Plugins, die automatisch die Architektur deiner Codebase erkennen und analysieren.
12
8
 
13
- ## Knip Compatibility
9
+ ### 🖼️ Frontend Frameworks & Meta-Frameworks
10
+ - **Next.js** (App Router, Pages Router)
11
+ - **React**, **Preact**, **Solid**, **Qwik**, **Lit**, **Angular**, **Vue**, **Svelte**
12
+ - **Nuxt**, **Remix**, **SvelteKit**, **Astro**, **Vitepress**, **Gatsby**, **RedwoodJS**
14
13
 
15
- entkapp supports Knip-style plugins. You can drop Knip plugins into this folder, and the engine will attempt to wrap them for use within the entkapp ecosystem.
14
+ ### 🌐 State Management & Routing
15
+ - **Redux**, **Zustand**, **Jotai**, **Recoil**, **MobX**, **Pinia**, **TanStack Query**
16
+ - **React Router**, **TanStack Router**, **Vue Router**
16
17
 
17
- ## Documentation
18
+ ### 🛠️ Build Tools & Monorepo
19
+ - **Vite**, **Esbuild**, **Rollup**, **Webpack**, **Parcel**, **TypeScript**, **Babel**, **SWC**
20
+ - **Turbo**, **Nx**, **Lerna**, **Rush**, **Moon**, **Bazel**
18
21
 
19
- For a detailed guide on how to build your own plugins, please refer to the [Plugin Development Guide](../../docs/guide.md#plugin-development).
22
+ ### 🎨 Styling & UI Components
23
+ - **Tailwind CSS**, **PostCSS**, **UnoCSS**, **Stylelint**, **RTLCSS**
24
+ - **Ant Design (Antd)**, **Material UI (Mui)**, **Shadcn/UI**, **Radix UI**, **Chakra UI**
25
+ - **Framer Motion**, **GSAP**
26
+
27
+ ### 🧪 Testing & Quality
28
+ - **Jest**, **Vitest**, **Playwright**, **Cypress**, **Storybook**, **MSW**
29
+ - **ESLint**, **Prettier**, **Biome**, **Oxlint**, **Husky**, **Lint-Staged**, **Commitlint**, **Changesets**
30
+
31
+ ### ☁️ Backend, API & Database
32
+ - **Express**, **Fastify**, **NestJS**, **Hono**, **Koa**, **Elysia**, **Hapi**, **Grammy**
33
+ - **GraphQL**, **Apollo**, **TRPC**, **Socket.io**
34
+ - **Prisma**, **Drizzle**, **Mongoose**, **TypeORM**, **Supabase**, **Firebase**, **Clerk**
35
+
36
+ ### 🔧 Infrastructure & Dev Tools
37
+ - **GitHub Actions**, **Docker**, **Terraform**, **EditorConfig**, **Dotenv**
38
+ - **Nvm**, **Volta**, **Pnpm**, **Yarn**, **Bun**
39
+ - **Swiper**, **Quill**, **Envelop**, **Nitro Modules**, **CKEditor Engine**
40
+
41
+ ---
42
+
43
+ ## 🛠️ Eigene Plugins erstellen
44
+
45
+ Du kannst die Funktionalität von entkapp erweitern, indem du eine Plugin-Klasse erstellst:
46
+
47
+ ```javascript
48
+ export default class MyCustomPlugin {
49
+ name = 'my-custom-plugin';
50
+
51
+ async onAnalyze(context) {
52
+ // Deine Logik hier
53
+ }
54
+ }
55
+ ```
56
+
57
+ ## 📜 Dokumentation
58
+
59
+ Für eine detaillierte Anleitung zur Plugin-Entwicklung besuche bitte den [Plugin Development Guide](https://dreamlongyt.github.io/entkapp/).
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "http://json-schema.org/draft-07/schema#",
3
3
  "name": "entkapp",
4
- "version": "5.2.4",
5
- "description": "The Ultimate Enterprise Codebase Janitor. Faster than Knip with OXC integration, type-aware analysis, and automated structural healing. Fully standalone - solving what Knip cannot.",
4
+ "version": "5.3.1",
5
+ "description": "The Ultimate Enterprise Codebase Janitor. High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.",
6
6
  "type": "module",
7
7
  "main": "index.js",
8
8
  "bin": {
package/schema.json CHANGED
@@ -1,4 +1,3 @@
1
-
2
1
  {
3
2
  "$schema": "http://json-schema.org/draft-07/schema#",
4
3
  "title": "entkapp Configuration Schema",
@@ -46,11 +45,15 @@
46
45
  "type": "array",
47
46
  "items": {
48
47
  "type": "string",
49
- "enum": ["nextjs", "nuxt", "remix", "sveltekit", "astro", "typescript", "vite", "webpack", "react", "vue", "angular"]
48
+ "enum": [
49
+ "nextjs", "nuxt", "remix", "sveltekit", "astro",
50
+ "typescript", "vite", "webpack", "react", "vue", "angular",
51
+ "turbo", "nx", "lerna"
52
+ ]
50
53
  }
51
54
  },
52
55
  "ignoreDependencies": {
53
- "description": "Dependencies that should never be reported as unused.",
56
+ "description": "Dependencies that should never be reported as unused. Supports glob patterns like '@types/*'.",
54
57
  "type": "array",
55
58
  "items": {
56
59
  "type": "string"
@@ -64,6 +67,87 @@
64
67
  "type": "string"
65
68
  },
66
69
  "default": ["node_modules", ".git", "dist", "build", "coverage"]
70
+ },
71
+ "entryPoints": {
72
+ "description": "Explicit entry point files to protect from orphan detection. Supports glob patterns.",
73
+ "type": "array",
74
+ "items": {
75
+ "type": "string"
76
+ },
77
+ "default": []
78
+ },
79
+ "workspace": {
80
+ "description": "Monorepo workspace configuration.",
81
+ "type": "object",
82
+ "properties": {
83
+ "enabled": {
84
+ "description": "Force-enable monorepo workspace mode (auto-detected from package.json workspaces or pnpm-workspace.yaml).",
85
+ "type": "boolean",
86
+ "default": false
87
+ },
88
+ "packages": {
89
+ "description": "Override workspace package glob patterns (e.g. ['packages/*', 'apps/*']).",
90
+ "type": "array",
91
+ "items": { "type": "string" }
92
+ },
93
+ "ignoredPackages": {
94
+ "description": "Workspace packages to exclude from analysis.",
95
+ "type": "array",
96
+ "items": { "type": "string" }
97
+ },
98
+ "enforcePackageBoundaries": {
99
+ "description": "Report errors when a workspace package imports another without declaring it as a dependency.",
100
+ "type": "boolean",
101
+ "default": true
102
+ },
103
+ "checkVersionMismatches": {
104
+ "description": "Report warnings when the same dependency has different versions across workspace packages.",
105
+ "type": "boolean",
106
+ "default": true
107
+ }
108
+ }
109
+ },
110
+ "tsconfig": {
111
+ "description": "TypeScript configuration options.",
112
+ "type": "object",
113
+ "properties": {
114
+ "filename": {
115
+ "description": "Path to the root tsconfig.json file.",
116
+ "type": "string",
117
+ "default": "tsconfig.json"
118
+ },
119
+ "followProjectReferences": {
120
+ "description": "Follow TypeScript project references to discover workspace packages.",
121
+ "type": "boolean",
122
+ "default": true
123
+ },
124
+ "resolveAliases": {
125
+ "description": "Use tsconfig paths/baseUrl to resolve module aliases.",
126
+ "type": "boolean",
127
+ "default": true
128
+ }
129
+ }
130
+ },
131
+ "buildScripts": {
132
+ "description": "Build script analysis configuration.",
133
+ "type": "object",
134
+ "properties": {
135
+ "scanWorkspaceScripts": {
136
+ "description": "Also scan package.json scripts in all workspace packages (not just root).",
137
+ "type": "boolean",
138
+ "default": true
139
+ },
140
+ "scanCIWorkflows": {
141
+ "description": "Scan .github/workflows YAML files for tool usage.",
142
+ "type": "boolean",
143
+ "default": true
144
+ },
145
+ "scanConfigFiles": {
146
+ "description": "Detect tool usage from config files (vite.config.ts, jest.config.js, etc.).",
147
+ "type": "boolean",
148
+ "default": true
149
+ }
150
+ }
67
151
  }
68
152
  }
69
153
  }
@@ -35,45 +35,89 @@ const SENSITIVE_NAME_PATTERNS = [
35
35
  /private[_-]?key/i,
36
36
  /client[_-]?secret/i,
37
37
  /app[_-]?secret/i,
38
+ /security[_-]?token/i,
39
+ /master[_-]?key/i,
40
+ /root[_-]?password/i,
41
+
38
42
  // Database credentials
39
43
  /db[_-]?pass(word)?/i,
40
44
  /database[_-]?pass(word)?/i,
41
45
  /db[_-]?url/i,
42
46
  /database[_-]?url/i,
43
47
  /connection[_-]?string/i,
44
- // Passwords
48
+ /postgres(ql)?[_-]?url/i,
49
+ /mongo(db)?[_-]?url/i,
50
+ /redis[_-]?url/i,
51
+
52
+ // Passwords & Pins
45
53
  /^password$/i,
46
54
  /^passwd$/i,
47
55
  /^pwd$/i,
48
56
  /[_-]password$/i,
49
- // Tokens
57
+ /[_-]pass$/i,
58
+ /pass(phrase|code)/i,
59
+ /admin[_-]?pass/i,
60
+ /pin[_-]?number/i,
61
+
62
+ // Tokens & Sessions
50
63
  /[_-]token$/i,
51
64
  /^token$/i,
52
- /jwt[_-]?secret/i,
53
- /session[_-]?secret/i,
65
+ /jwt[_-]?(secret|token)/i,
66
+ /session[_-]?(secret|token|id)/i,
54
67
  /cookie[_-]?secret/i,
55
- // Cloud provider keys
56
- /aws[_-]?(access[_-]?key|secret|session[_-]?token)/i,
57
- /gcp[_-]?key/i,
58
- /azure[_-]?(key|secret|connection)/i,
59
- // Service-specific
60
- /stripe[_-]?(key|secret)/i,
61
- /twilio[_-]?(auth|token|sid)/i,
62
- /sendgrid[_-]?key/i,
63
- /github[_-]?token/i,
64
- /slack[_-]?(token|webhook)/i,
65
- /discord[_-]?(token|secret)/i,
66
- /openai[_-]?(key|token)/i,
68
+ /oauth[_-]?(token|secret|client)/i,
69
+ /refresh[_-]?token/i,
70
+ /csrf[_-]?token/i,
71
+
72
+ // Cloud Provider Keys (AWS, GCP, Azure)
73
+ /aws[_-]?(access[_-]?key|secret|session[_-]?token|key[_-]?id)/i,
74
+ /gcp[_-]?(key|secret|token|sa[_-]?key)/i,
75
+ /google[_-]?(api[_-]?key|credentials|client[_-]?secret)/i,
76
+ /azure[_-]?(key|secret|connection|token|tenant[_-]?id)/i,
77
+
78
+ // AI & Machine Learning Platforms
79
+ /openai[_-]?(key|token|secret)/i,
67
80
  /anthropic[_-]?key/i,
68
- /webhook[_-]?(url|secret)/i,
69
- /encryption[_-]?key/i,
81
+ /cohere[_-]?key/i,
82
+ /huggingface[_-]?token/i,
83
+ /replicate[_-]?api/i,
84
+ /langchain[_-]?api/i,
85
+ /pinecone[_-]?api/i,
86
+ /gemini[_-]?key/i,
87
+
88
+ // Service-Specific (CI/CD, Dev Tools, Payment, Comms)
89
+ /stripe[_-]?(key|secret|webhook)/i,
90
+ /twilio[_-]?(auth|token|sid)/i,
91
+ /sendgrid[_-]?(key|api)/i,
92
+ /github[_-]?(token|pat|secret|app[_-]?id)/i,
93
+ /gitlab[_-]?(token|pat|secret)/i,
94
+ /slack[_-]?(token|webhook|secret)/i,
95
+ /discord[_-]?(token|secret|webhook)/i,
96
+ /pagerduty[_-]?(token|key)/i,
97
+ /datadog[_-]?(api[_-]?key|app[_-]?key)/i,
98
+ /sentry[_-]?(dsn|auth[_-]?token)/i,
99
+ /heroku[_-]?(api[_-]?key|oauth)/i,
100
+ /atlassian[_-]?(token|secret)/i,
101
+ /jira[_-]?(token|password)/i,
102
+ /npm[_-]?auth[_-]?token/i,
103
+ /jfrog[_-]?(token|password|api)/i,
104
+ /firebase[_-]?(key|secret|token)/i,
105
+ /supabase[_-]?(key|secret|service[_-]?role)/i,
106
+
107
+ // Webhooks, Crypto, and Infrastructure
108
+ /webhook[_-]?(url|secret|token)/i,
109
+ /encryption[_-]?(key|secret|iv)/i,
70
110
  /signing[_-]?key/i,
71
- /hmac[_-]?key/i,
111
+ /hmac[_-]?(key|secret)/i,
72
112
  /salt$/i,
73
- /ssh[_-]?key/i,
74
- /private[_-]?key/i,
75
- /cert(ificate)?/i,
76
- /credential/i,
113
+ /ssh[_-]?(key|private|public)/i,
114
+ /cert(ificate)?(s)?/i,
115
+ /credential(s)?/i,
116
+ /tls[_-]?(key|cert)/i,
117
+ /ssl[_-]?(key|cert)/i,
118
+ /kube(config)?[_-]?(token|secret)/i,
119
+ /vault[_-]?(token|secret|key)/i,
120
+ /bitcoind?[_-]?(rpc)?password/i,
77
121
  ];
78
122
 
79
123
  /**
@@ -84,37 +128,55 @@ const SENSITIVE_VALUE_PATTERNS = [
84
128
  // AWS Access Key IDs
85
129
  { pattern: /AKIA[0-9A-Z]{16}/, label: 'AWS_ACCESS_KEY_ID', severity: SecretSeverity.CRITICAL },
86
130
  // AWS Secret Access Keys (40-char base64-ish)
87
- { pattern: /[A-Za-z0-9/+=]{40}/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
88
- // Generic high-entropy hex strings (32+ chars)
89
- { pattern: /^[0-9a-f]{32,}$/i, label: 'HEX_SECRET', severity: SecretSeverity.HIGH },
90
- // Generic high-entropy base64 strings (32+ chars)
91
- { pattern: /^[A-Za-z0-9+/]{32,}={0,2}$/, label: 'BASE64_SECRET', severity: SecretSeverity.MEDIUM },
131
+ { pattern: /(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
132
+
133
+ // Generic high-entropy hex strings (32+ chars) - Added word boundaries to reduce false positives
134
+ { pattern: /\b[0-9a-f]{32,}\b/i, label: 'HEX_SECRET', severity: SecretSeverity.HIGH },
135
+ // Generic high-entropy base64 strings (32+ chars) - Replaced rigid anchors with lookarounds
136
+ { pattern: /(?<![A-Za-z0-9+/])[A-Za-z0-9+/]{32,}={0,2}(?![A-Za-z0-9+/])/, label: 'BASE64_SECRET', severity: SecretSeverity.MEDIUM },
137
+
92
138
  // JWT tokens
93
- { pattern: /^ey[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/, label: 'JWT_TOKEN', severity: SecretSeverity.CRITICAL },
94
- // GitHub personal access tokens
95
- { pattern: /ghp_[A-Za-z0-9]{36}/, label: 'GITHUB_PAT', severity: SecretSeverity.CRITICAL },
96
- { pattern: /github_pat_[A-Za-z0-9_]{82}/, label: 'GITHUB_PAT_FINE', severity: SecretSeverity.CRITICAL },
139
+ { pattern: /\bey[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/, label: 'JWT_TOKEN', severity: SecretSeverity.CRITICAL },
140
+
141
+ // GitHub access tokens (Updated for all token formats: ghp, gho, ghu, ghs, ghr, fine-grained)
142
+ { pattern: /\bgh[pousr]_[A-Za-z0-9]{36}\b/, label: 'GITHUB_TOKEN_CLASSIC', severity: SecretSeverity.CRITICAL },
143
+ { pattern: /\bgithub_pat_[A-Za-z0-9_]{82}\b/, label: 'GITHUB_PAT_FINE', severity: SecretSeverity.CRITICAL },
144
+ { pattern: /\bghs_[A-Za-z0-9\.\-_]{36,}\b/, label: 'GITHUB_APP_STATELESS_TOKEN', severity: SecretSeverity.CRITICAL }, // Supports the modern 2026 ghs_ JWT format
145
+
97
146
  // Stripe keys
98
- { pattern: /sk_(live|test)_[A-Za-z0-9]{24,}/, label: 'STRIPE_SECRET_KEY', severity: SecretSeverity.CRITICAL },
99
- { pattern: /pk_(live|test)_[A-Za-z0-9]{24,}/, label: 'STRIPE_PUBLIC_KEY', severity: SecretSeverity.HIGH },
100
- // Slack tokens
101
- { pattern: /xox[baprs]-[A-Za-z0-9-]{10,}/, label: 'SLACK_TOKEN', severity: SecretSeverity.CRITICAL },
102
- // Discord tokens
103
- { pattern: /[MN][A-Za-z0-9]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}/, label: 'DISCORD_TOKEN', severity: SecretSeverity.CRITICAL },
104
- // Twilio SID
105
- { pattern: /AC[a-f0-9]{32}/, label: 'TWILIO_SID', severity: SecretSeverity.HIGH },
147
+ { pattern: /\bsk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_SECRET_KEY', severity: SecretSeverity.CRITICAL },
148
+ { pattern: /\bpk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_PUBLIC_KEY', severity: SecretSeverity.HIGH },
149
+
150
+ // Slack tokens & Webhooks
151
+ { pattern: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, label: 'SLACK_TOKEN', severity: SecretSeverity.CRITICAL },
152
+ { pattern: /https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9_]{8}\/B[A-Z0-9_]{8}\/[A-Za-z0-9_]{24}/, label: 'SLACK_WEBHOOK', severity: SecretSeverity.CRITICAL },
153
+
154
+ // Discord tokens & Webhooks
155
+ { pattern: /\b[MN][A-Za-z0-9]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}\b/, label: 'DISCORD_TOKEN', severity: SecretSeverity.CRITICAL },
156
+ { pattern: /https:\/\/discord\.com\/api\/webhooks\/[0-9]{18,20}\/[A-Za-z0-9_-]{68,}/, label: 'DISCORD_WEBHOOK', severity: SecretSeverity.CRITICAL },
157
+
158
+ // Twilio SID & Auth Token
159
+ { pattern: /\bAC[a-f0-9]{32}\b/, label: 'TWILIO_SID', severity: SecretSeverity.HIGH },
160
+ { pattern: /\b[a-f0-9]{32}\b/, label: 'TWILIO_AUTH_TOKEN_CANDIDATE', severity: SecretSeverity.MEDIUM }, // Twilio tokens are raw 32-char hex strings often found near SIDs
161
+
106
162
  // SendGrid API key
107
- { pattern: /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/, label: 'SENDGRID_KEY', severity: SecretSeverity.CRITICAL },
108
- // OpenAI API key
109
- { pattern: /sk-[A-Za-z0-9]{32,}/, label: 'OPENAI_KEY', severity: SecretSeverity.CRITICAL },
110
- // Generic UUID-like tokens that look like secrets (not just any UUID)
111
- { pattern: /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/, label: 'UUID_SECRET_CANDIDATE', severity: SecretSeverity.MEDIUM },
112
- // Google API Key
113
- { pattern: /AIza[0-9A-Za-z\\-_]{35}/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
114
- // Firebase Web API Key
115
- { pattern: /AIzaSy[0-9A-Za-z\\-_]{33}/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
116
- ];
163
+ { pattern: /\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/, label: 'SENDGRID_KEY', severity: SecretSeverity.CRITICAL },
164
+
165
+ // OpenAI & Anthropic API keys (Updated for Legacy, Project, and Claude token formats)
166
+ { pattern: /\bsk-[A-Za-z0-9]{32,}\b/, label: 'OPENAI_KEY_LEGACY', severity: SecretSeverity.CRITICAL },
167
+ { pattern: /\bsk-proj-[A-Za-z0-9-_]{40,}\b/, label: 'OPENAI_PROJECT_KEY', severity: SecretSeverity.CRITICAL },
168
+ { pattern: /\bsk-ant-sid01-[A-Za-z0-9-_]{93}\b/, label: 'ANTHROPIC_CLAUDE_KEY', severity: SecretSeverity.CRITICAL },
117
169
 
170
+ // Generic UUID-like tokens
171
+ { pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/i, label: 'UUID_SECRET_CANDIDATE', severity: SecretSeverity.MEDIUM },
172
+
173
+ // Google & Firebase Key
174
+ { pattern: /\bAIza[0-9A-Za-z\\-_]{35}\b/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
175
+ { pattern: /\bAIzaSy[0-9A-Za-z\\-_]{33}\b/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
176
+
177
+ // Private Key Files (Detects multi-line PEM blocks often found inside JSON/Env variables)
178
+ { pattern: /-----BEGIN [A-Z ]+ PRIVATE KEY-----/, label: 'PRIVATE_KEY_BLOCK', severity: SecretSeverity.CRITICAL },
179
+ ];
118
180
  /**
119
181
  * Minimum length a string value must have to be considered a potential secret.
120
182
  * Short strings like "test", "dev", "localhost" are excluded.
package/src/index.js CHANGED
@@ -7,7 +7,7 @@ import { CodeSmellAnalyzer } from './analyzers/CodeSmellAnalyzer.js';
7
7
 
8
8
  /**
9
9
  * ============================================================================
10
- * 📦 entkapp v4.6.0: Unified Architectural Refactoring Orchestrator
10
+ * 📦 entkapp v5.3.0: Unified Architectural Refactoring Orchestrator
11
11
  * ============================================================================
12
12
  * Main execution bridge managing multi-pass compilation cycles, semantic cross-linking,
13
13
  * supply-chain validation audits, and automated structural healing rollbacks.
@@ -64,6 +64,11 @@ export class RefactoringEngine {
64
64
  this.resolver = new DependencyResolver(this.context, this.pathMapper, this.workspaceGraph);
65
65
  this.circularDetector = new CircularDetector(this.context);
66
66
 
67
+ // Lazy import DependencyProfiler
68
+ import('./resolution/DependencyProfiler.js').then(({ DependencyProfiler }) => {
69
+ this.dependencyProfiler = new DependencyProfiler(this.context);
70
+ }).catch(() => {});
71
+
67
72
  // Stage 3: Wire official AST Syntax parsers and framework processors
68
73
  this.analyzer = new ASTAnalyzer(this.context);
69
74
  this.oxcAnalyzer = new OxcAnalyzer(this.context);
@@ -115,6 +120,16 @@ export class RefactoringEngine {
115
120
  await this.workspaceGraph.initializeWorkspaceMesh();
116
121
  if (this.context.isWorkspaceEnabled) {
117
122
  console.log(ansis.dim('🌐 Monorepo workspace detected – mapping package mesh layers...'));
123
+ // Expose workspaceGraph on context for WorkspaceDiagnostic and other components
124
+ this.context.workspaceGraph = this.workspaceGraph;
125
+ // Reload PathMapper aliases now that workspace roots are known
126
+ await this.pathMapper.loadMappings(this.context.tsconfigFilename);
127
+ if (this.context.verbose) {
128
+ console.log(`[Workspace] Found ${this.workspaceGraph.packageManifests.size} workspace packages:`);
129
+ for (const [dir, manifest] of this.workspaceGraph.packageManifests.entries()) {
130
+ console.log(ansis.dim(` • ${manifest.name || dir}`));
131
+ }
132
+ }
118
133
  }
119
134
 
120
135
  // UPGRADE: Always clear cache for fresh analysis run
@@ -141,6 +156,12 @@ export class RefactoringEngine {
141
156
  this.context.metrics.totalFilesScanned = fileList.length;
142
157
 
143
158
  // Identify meta-framework setups (Next.js, Remix, Nuxt, etc.)
159
+ if (this.dependencyProfiler) {
160
+ const usedDeps = await this.dependencyProfiler.traceImplicitInvocations(this.context.cwd);
161
+ for (const dep of usedDeps) {
162
+ this.context.usedExternalPackages.add(dep);
163
+ }
164
+ }
144
165
  const activeFrameworkEcosystems = await this.magicDetector.identifyActiveProjectEcosystems(this.context.cwd);
145
166
 
146
167
  // Separate explicit configuration packages out for targeted supply chain security checks
@@ -985,6 +1006,20 @@ export class RefactoringEngine {
985
1006
  peerDependencies: Object.keys(data.peerDependencies || {}),
986
1007
  optionalDependencies: Object.keys(data.optionalDependencies || {})
987
1008
  });
1009
+
1010
+ // Also register workspace manifests if not already done
1011
+ if (this.context.isWorkspaceEnabled && this.workspaceGraph) {
1012
+ for (const [dir, manifest] of this.workspaceGraph.packageManifests.entries()) {
1013
+ if (!this.context.manifestDependencies.has(manifest.manifestPath)) {
1014
+ this.context.manifestDependencies.set(manifest.manifestPath, {
1015
+ dependencies: Object.keys(manifest.dependencies || {}),
1016
+ devDependencies: Object.keys(manifest.devDependencies || {}),
1017
+ peerDependencies: Object.keys(manifest.peerDependencies || {}),
1018
+ optionalDependencies: Object.keys(manifest.optionalDependencies || {})
1019
+ });
1020
+ }
1021
+ }
1022
+ }
988
1023
  } catch (e) {}
989
1024
  }
990
1025