entkapp 5.2.4 → 5.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -37
- package/bin/cli.js +3 -3
- package/entkapp/config.json +18 -2
- package/entkapp/plugins/README.md +52 -12
- package/package.json +2 -2
- package/schema.json +87 -3
- package/src/ast/SecretScanner.js +112 -50
- package/src/index.js +36 -1
- package/src/resolution/ConfigLoader.js +88 -2
- package/src/resolution/DepencyResolver.js +15 -0
- package/src/resolution/DependencyProfiler.js +41 -23
- package/src/resolution/PathMapper.js +42 -9
- package/src/resolution/TSConfigLoader.js +96 -10
- package/src/resolution/WorkSpaceGraph.js +178 -3
- package/src/resolution/WorkspaceDiagnostic.js +137 -3
package/README.md
CHANGED
|
@@ -1,75 +1,68 @@
|
|
|
1
|
-
# 🕸️ entkapp Ultimate v5.
|
|
1
|
+
# 🕸️ entkapp Ultimate v5.3.1
|
|
2
2
|
|
|
3
|
-
> **The Ultimate Enterprise Codebase Janitor.**
|
|
3
|
+
> **The Ultimate Enterprise Codebase Janitor.** High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.
|
|
4
4
|
|
|
5
5
|
  
|
|
6
6
|
|
|
7
7
|
---
|
|
8
8
|
|
|
9
|
-
`entkapp`
|
|
9
|
+
`entkapp` is a next-generation static code analysis engine. It identifies unused files, dead exports, circular dependencies, and security risks faster than any other tool in the ecosystem..
|
|
10
10
|
|
|
11
|
-
## 🚀
|
|
11
|
+
## 🚀 Why entkapp?
|
|
12
12
|
|
|
13
|
-
* **⚡ Blazing Fast:**
|
|
14
|
-
* **🔌
|
|
15
|
-
* **💀 True Dead Code Detection:**
|
|
16
|
-
* **🔄 Circular Dependency Detection:**
|
|
17
|
-
* **🔐 Secrets Scanning:**
|
|
18
|
-
* **🛠️ Automated Structural Healing:**
|
|
13
|
+
* **⚡ Blazing Fast:** Leverages the Rust-based `oxc-parser` for ultra-fast AST traversal, combined with the TypeScript Compiler API for deep semantic analysis.
|
|
14
|
+
* **🔌 Massive Plugin System:** Over 98 built-in plugins (React, Vue, Svelte, Angular, Next.js, Nuxt, SvelteKit, Astro, Vite, Webpack, Turbo, Nx, Tailwind, ESLint, Prettier, and many more).
|
|
15
|
+
* **💀 True Dead Code Detection:** Advanced graph-based analysis to identify genuinely orphaned code.
|
|
16
|
+
* **🔄 Circular Dependency Detection:** High-performance detection of circular dependencies using Tarjan's algorithm.
|
|
17
|
+
* **🔐 Secrets Scanning:** Automatic detection of hardcoded API keys, tokens, and credentials.
|
|
18
|
+
* **🛠️ Automated Structural Healing:** Automatically fixes dependency issues and structural errors with Git-based rollback protection.
|
|
19
19
|
|
|
20
20
|
## 📦 Installation
|
|
21
21
|
|
|
22
22
|
```bash
|
|
23
|
-
#
|
|
23
|
+
# Run directly without installation (recommended)
|
|
24
24
|
npx entkapp
|
|
25
25
|
|
|
26
|
-
#
|
|
26
|
+
# Or install it globally
|
|
27
27
|
npm install -g entkapp
|
|
28
28
|
```
|
|
29
29
|
|
|
30
|
-
## 🛠️
|
|
30
|
+
## 🛠️ Usage
|
|
31
31
|
|
|
32
|
-
###
|
|
33
|
-
|
|
32
|
+
### Interactive Mode (Default)
|
|
33
|
+
Starts the interactive analysis:
|
|
34
34
|
```bash
|
|
35
|
-
npx entkapp
|
|
35
|
+
npx entkapp -r
|
|
36
36
|
```
|
|
37
37
|
|
|
38
|
-
### Headless
|
|
39
|
-
Ideal
|
|
38
|
+
### Headless Analysis Mode
|
|
39
|
+
Ideal for CI/CD pipelines. Performs analysis without prompts and outputs JSON:
|
|
40
40
|
```bash
|
|
41
41
|
npx entkapp --analyze
|
|
42
42
|
```
|
|
43
43
|
|
|
44
|
-
### Auto-Fix
|
|
45
|
-
|
|
44
|
+
### Auto-Fix Mode
|
|
45
|
+
Automatically resolves dependency conflicts and structural issues:
|
|
46
46
|
```bash
|
|
47
47
|
npx entkapp --fix
|
|
48
48
|
```
|
|
49
49
|
|
|
50
|
-
###
|
|
50
|
+
### Additional Options
|
|
51
51
|
```bash
|
|
52
|
-
npx entkapp --cwd ./
|
|
53
|
-
npx entkapp --verbose #
|
|
54
|
-
npx entkapp --version
|
|
55
|
-
npx entkapp --help
|
|
52
|
+
npx entkapp --cwd ./my-project -r # Analyzes a specific directory
|
|
53
|
+
npx entkapp --verbose -r # Enables detailed logging
|
|
54
|
+
npx entkapp --version # Displays the version number
|
|
55
|
+
npx entkapp --help # Displays the help panel
|
|
56
56
|
```
|
|
57
57
|
|
|
58
|
-
## 🧠
|
|
58
|
+
## 🧠 Advanced Architecture
|
|
59
59
|
|
|
60
60
|
### Incremental Caching
|
|
61
|
-
`entkapp`
|
|
61
|
+
`entkapp` uses a persistent graph state layer (`.entkapp-cache`). It calculates SHA-256 hashes of file buffers to skip AST parsing for unchanged files.
|
|
62
62
|
|
|
63
63
|
### Parallel Analysis
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
### Pluggable Architecture
|
|
67
|
-
Die Engine ist modular aufgebaut:
|
|
68
|
-
- **`EntkappEngine`**: Der zentrale Orchestrator.
|
|
69
|
-
- **`PluginRegistry`**: Verwaltet den Lebenszyklus der Framework-Plugins.
|
|
70
|
-
- **`ASTAnalyzer` / `OxcAnalyzer`**: Multi-pass AST-Walker für tiefgehende Analysen.
|
|
71
|
-
- **`SelfHealer`**: Transaktionales Refactoring mit Git-State-Capture und Rollback.
|
|
64
|
+
For larger codebases, `entkapp` automatically distributes the workload across multiple CPU threads using Node.js Worker Threads.
|
|
72
65
|
|
|
73
|
-
## 📄
|
|
66
|
+
## 📄 License
|
|
74
67
|
|
|
75
|
-
Apache-2.0
|
|
68
|
+
Apache-2.0
|
package/bin/cli.js
CHANGED
|
@@ -28,7 +28,7 @@ async function bootstrap() {
|
|
|
28
28
|
program
|
|
29
29
|
.name('entkapp')
|
|
30
30
|
.description(ansis.cyan('The Ultimate Enterprise Codebase Janitor with OXC integration, type-aware analysis, and automated structural healing.'))
|
|
31
|
-
.version(packageJsonContent.version || '5.1
|
|
31
|
+
.version(packageJsonContent.version || '5.3.1');
|
|
32
32
|
|
|
33
33
|
program
|
|
34
34
|
.option('-c, --cwd <path>', 'Specify the execution context root directory', process.cwd())
|
|
@@ -109,7 +109,7 @@ async function bootstrap() {
|
|
|
109
109
|
try {
|
|
110
110
|
const { ConfigLoader } = await import('../src/resolution/ConfigLoader.js');
|
|
111
111
|
const loader = new ConfigLoader(targetCwd);
|
|
112
|
-
localConfig = await loader.loadConfig(
|
|
112
|
+
localConfig = await loader.loadConfig();
|
|
113
113
|
} catch (e) {}
|
|
114
114
|
|
|
115
115
|
// Merge options with local config
|
|
@@ -132,7 +132,7 @@ async function bootstrap() {
|
|
|
132
132
|
}, timeoutMs);
|
|
133
133
|
timeoutTimer.unref(); // Allow process to exit if work finishes
|
|
134
134
|
|
|
135
|
-
console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.1
|
|
135
|
+
console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.3.1'} Engine Activation`));
|
|
136
136
|
console.log(ansis.dim('------------------------------------------------------------'));
|
|
137
137
|
console.log(`${ansis.bold('Target Workspace Root :')} ${ansis.blue(targetCwd)}`);
|
|
138
138
|
console.log(`${ansis.bold('Refactoring Mode :')} ${options.fix ? ansis.yellow('Active Fixing & Self-Healing Enabled') : ansis.gray('Dry-Run Reporting Only')}`);
|
package/entkapp/config.json
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
{
|
|
2
|
-
"$schema": "https://unpkg.com/entkapp@
|
|
2
|
+
"$schema": "https://unpkg.com/entkapp@latest/schema.json",
|
|
3
3
|
"interface": "CLI",
|
|
4
4
|
"useBuiltinPlugins": true,
|
|
5
5
|
"useCustomPlugins": true,
|
|
@@ -26,5 +26,21 @@
|
|
|
26
26
|
"dist",
|
|
27
27
|
"build",
|
|
28
28
|
"coverage"
|
|
29
|
-
]
|
|
29
|
+
],
|
|
30
|
+
"entryPoints": [],
|
|
31
|
+
"workspace": {
|
|
32
|
+
"enabled": false,
|
|
33
|
+
"enforcePackageBoundaries": true,
|
|
34
|
+
"checkVersionMismatches": true
|
|
35
|
+
},
|
|
36
|
+
"tsconfig": {
|
|
37
|
+
"filename": "tsconfig.json",
|
|
38
|
+
"followProjectReferences": true,
|
|
39
|
+
"resolveAliases": true
|
|
40
|
+
},
|
|
41
|
+
"buildScripts": {
|
|
42
|
+
"scanWorkspaceScripts": true,
|
|
43
|
+
"scanCIWorkflows": true,
|
|
44
|
+
"scanConfigFiles": true
|
|
45
|
+
}
|
|
30
46
|
}
|
|
@@ -1,19 +1,59 @@
|
|
|
1
|
-
# entkapp Plugins
|
|
1
|
+
# 🔌 entkapp Plugins (v5.3.0)
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Dieses Verzeichnis dient für deine benutzerdefinierten Plugins. entkapp lädt automatisch alle `.js` oder `.mjs` Dateien aus diesem Ordner, wenn `useCustomPlugins` in deiner `config.json` auf `true` gesetzt ist.
|
|
4
4
|
|
|
5
|
-
##
|
|
5
|
+
## 📦 Integrierte Framework- & Tool-Plugins (98 Gesamt)
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
- **Nuxt**: Supports auto-imports and server routes.
|
|
9
|
-
- **Remix**: Maps loaders, actions, and root exports.
|
|
10
|
-
- **SvelteKit**: Tracks `+page`, `+layout`, and server-side scripts.
|
|
11
|
-
- **Astro**: Analyzes `.astro` files and static paths.
|
|
7
|
+
entkapp verfügt über eine massive Bibliothek von 98 integrierten Plugins, die automatisch die Architektur deiner Codebase erkennen und analysieren.
|
|
12
8
|
|
|
13
|
-
|
|
9
|
+
### 🖼️ Frontend Frameworks & Meta-Frameworks
|
|
10
|
+
- **Next.js** (App Router, Pages Router)
|
|
11
|
+
- **React**, **Preact**, **Solid**, **Qwik**, **Lit**, **Angular**, **Vue**, **Svelte**
|
|
12
|
+
- **Nuxt**, **Remix**, **SvelteKit**, **Astro**, **Vitepress**, **Gatsby**, **RedwoodJS**
|
|
14
13
|
|
|
15
|
-
|
|
14
|
+
### 🌐 State Management & Routing
|
|
15
|
+
- **Redux**, **Zustand**, **Jotai**, **Recoil**, **MobX**, **Pinia**, **TanStack Query**
|
|
16
|
+
- **React Router**, **TanStack Router**, **Vue Router**
|
|
16
17
|
|
|
17
|
-
|
|
18
|
+
### 🛠️ Build Tools & Monorepo
|
|
19
|
+
- **Vite**, **Esbuild**, **Rollup**, **Webpack**, **Parcel**, **TypeScript**, **Babel**, **SWC**
|
|
20
|
+
- **Turbo**, **Nx**, **Lerna**, **Rush**, **Moon**, **Bazel**
|
|
18
21
|
|
|
19
|
-
|
|
22
|
+
### 🎨 Styling & UI Components
|
|
23
|
+
- **Tailwind CSS**, **PostCSS**, **UnoCSS**, **Stylelint**, **RTLCSS**
|
|
24
|
+
- **Ant Design (Antd)**, **Material UI (Mui)**, **Shadcn/UI**, **Radix UI**, **Chakra UI**
|
|
25
|
+
- **Framer Motion**, **GSAP**
|
|
26
|
+
|
|
27
|
+
### 🧪 Testing & Quality
|
|
28
|
+
- **Jest**, **Vitest**, **Playwright**, **Cypress**, **Storybook**, **MSW**
|
|
29
|
+
- **ESLint**, **Prettier**, **Biome**, **Oxlint**, **Husky**, **Lint-Staged**, **Commitlint**, **Changesets**
|
|
30
|
+
|
|
31
|
+
### ☁️ Backend, API & Database
|
|
32
|
+
- **Express**, **Fastify**, **NestJS**, **Hono**, **Koa**, **Elysia**, **Hapi**, **Grammy**
|
|
33
|
+
- **GraphQL**, **Apollo**, **TRPC**, **Socket.io**
|
|
34
|
+
- **Prisma**, **Drizzle**, **Mongoose**, **TypeORM**, **Supabase**, **Firebase**, **Clerk**
|
|
35
|
+
|
|
36
|
+
### 🔧 Infrastructure & Dev Tools
|
|
37
|
+
- **GitHub Actions**, **Docker**, **Terraform**, **EditorConfig**, **Dotenv**
|
|
38
|
+
- **Nvm**, **Volta**, **Pnpm**, **Yarn**, **Bun**
|
|
39
|
+
- **Swiper**, **Quill**, **Envelop**, **Nitro Modules**, **CKEditor Engine**
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## 🛠️ Eigene Plugins erstellen
|
|
44
|
+
|
|
45
|
+
Du kannst die Funktionalität von entkapp erweitern, indem du eine Plugin-Klasse erstellst:
|
|
46
|
+
|
|
47
|
+
```javascript
|
|
48
|
+
export default class MyCustomPlugin {
|
|
49
|
+
name = 'my-custom-plugin';
|
|
50
|
+
|
|
51
|
+
async onAnalyze(context) {
|
|
52
|
+
// Deine Logik hier
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## 📜 Dokumentation
|
|
58
|
+
|
|
59
|
+
Für eine detaillierte Anleitung zur Plugin-Entwicklung besuche bitte den [Plugin Development Guide](https://dreamlongyt.github.io/entkapp/).
|
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
3
3
|
"name": "entkapp",
|
|
4
|
-
"version": "5.
|
|
5
|
-
"description": "The Ultimate Enterprise Codebase Janitor.
|
|
4
|
+
"version": "5.3.1",
|
|
5
|
+
"description": "The Ultimate Enterprise Codebase Janitor. High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "index.js",
|
|
8
8
|
"bin": {
|
package/schema.json
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
|
|
2
1
|
{
|
|
3
2
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
4
3
|
"title": "entkapp Configuration Schema",
|
|
@@ -46,11 +45,15 @@
|
|
|
46
45
|
"type": "array",
|
|
47
46
|
"items": {
|
|
48
47
|
"type": "string",
|
|
49
|
-
"enum": [
|
|
48
|
+
"enum": [
|
|
49
|
+
"nextjs", "nuxt", "remix", "sveltekit", "astro",
|
|
50
|
+
"typescript", "vite", "webpack", "react", "vue", "angular",
|
|
51
|
+
"turbo", "nx", "lerna"
|
|
52
|
+
]
|
|
50
53
|
}
|
|
51
54
|
},
|
|
52
55
|
"ignoreDependencies": {
|
|
53
|
-
"description": "Dependencies that should never be reported as unused.",
|
|
56
|
+
"description": "Dependencies that should never be reported as unused. Supports glob patterns like '@types/*'.",
|
|
54
57
|
"type": "array",
|
|
55
58
|
"items": {
|
|
56
59
|
"type": "string"
|
|
@@ -64,6 +67,87 @@
|
|
|
64
67
|
"type": "string"
|
|
65
68
|
},
|
|
66
69
|
"default": ["node_modules", ".git", "dist", "build", "coverage"]
|
|
70
|
+
},
|
|
71
|
+
"entryPoints": {
|
|
72
|
+
"description": "Explicit entry point files to protect from orphan detection. Supports glob patterns.",
|
|
73
|
+
"type": "array",
|
|
74
|
+
"items": {
|
|
75
|
+
"type": "string"
|
|
76
|
+
},
|
|
77
|
+
"default": []
|
|
78
|
+
},
|
|
79
|
+
"workspace": {
|
|
80
|
+
"description": "Monorepo workspace configuration.",
|
|
81
|
+
"type": "object",
|
|
82
|
+
"properties": {
|
|
83
|
+
"enabled": {
|
|
84
|
+
"description": "Force-enable monorepo workspace mode (auto-detected from package.json workspaces or pnpm-workspace.yaml).",
|
|
85
|
+
"type": "boolean",
|
|
86
|
+
"default": false
|
|
87
|
+
},
|
|
88
|
+
"packages": {
|
|
89
|
+
"description": "Override workspace package glob patterns (e.g. ['packages/*', 'apps/*']).",
|
|
90
|
+
"type": "array",
|
|
91
|
+
"items": { "type": "string" }
|
|
92
|
+
},
|
|
93
|
+
"ignoredPackages": {
|
|
94
|
+
"description": "Workspace packages to exclude from analysis.",
|
|
95
|
+
"type": "array",
|
|
96
|
+
"items": { "type": "string" }
|
|
97
|
+
},
|
|
98
|
+
"enforcePackageBoundaries": {
|
|
99
|
+
"description": "Report errors when a workspace package imports another without declaring it as a dependency.",
|
|
100
|
+
"type": "boolean",
|
|
101
|
+
"default": true
|
|
102
|
+
},
|
|
103
|
+
"checkVersionMismatches": {
|
|
104
|
+
"description": "Report warnings when the same dependency has different versions across workspace packages.",
|
|
105
|
+
"type": "boolean",
|
|
106
|
+
"default": true
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
},
|
|
110
|
+
"tsconfig": {
|
|
111
|
+
"description": "TypeScript configuration options.",
|
|
112
|
+
"type": "object",
|
|
113
|
+
"properties": {
|
|
114
|
+
"filename": {
|
|
115
|
+
"description": "Path to the root tsconfig.json file.",
|
|
116
|
+
"type": "string",
|
|
117
|
+
"default": "tsconfig.json"
|
|
118
|
+
},
|
|
119
|
+
"followProjectReferences": {
|
|
120
|
+
"description": "Follow TypeScript project references to discover workspace packages.",
|
|
121
|
+
"type": "boolean",
|
|
122
|
+
"default": true
|
|
123
|
+
},
|
|
124
|
+
"resolveAliases": {
|
|
125
|
+
"description": "Use tsconfig paths/baseUrl to resolve module aliases.",
|
|
126
|
+
"type": "boolean",
|
|
127
|
+
"default": true
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
},
|
|
131
|
+
"buildScripts": {
|
|
132
|
+
"description": "Build script analysis configuration.",
|
|
133
|
+
"type": "object",
|
|
134
|
+
"properties": {
|
|
135
|
+
"scanWorkspaceScripts": {
|
|
136
|
+
"description": "Also scan package.json scripts in all workspace packages (not just root).",
|
|
137
|
+
"type": "boolean",
|
|
138
|
+
"default": true
|
|
139
|
+
},
|
|
140
|
+
"scanCIWorkflows": {
|
|
141
|
+
"description": "Scan .github/workflows YAML files for tool usage.",
|
|
142
|
+
"type": "boolean",
|
|
143
|
+
"default": true
|
|
144
|
+
},
|
|
145
|
+
"scanConfigFiles": {
|
|
146
|
+
"description": "Detect tool usage from config files (vite.config.ts, jest.config.js, etc.).",
|
|
147
|
+
"type": "boolean",
|
|
148
|
+
"default": true
|
|
149
|
+
}
|
|
150
|
+
}
|
|
67
151
|
}
|
|
68
152
|
}
|
|
69
153
|
}
|
package/src/ast/SecretScanner.js
CHANGED
|
@@ -35,45 +35,89 @@ const SENSITIVE_NAME_PATTERNS = [
|
|
|
35
35
|
/private[_-]?key/i,
|
|
36
36
|
/client[_-]?secret/i,
|
|
37
37
|
/app[_-]?secret/i,
|
|
38
|
+
/security[_-]?token/i,
|
|
39
|
+
/master[_-]?key/i,
|
|
40
|
+
/root[_-]?password/i,
|
|
41
|
+
|
|
38
42
|
// Database credentials
|
|
39
43
|
/db[_-]?pass(word)?/i,
|
|
40
44
|
/database[_-]?pass(word)?/i,
|
|
41
45
|
/db[_-]?url/i,
|
|
42
46
|
/database[_-]?url/i,
|
|
43
47
|
/connection[_-]?string/i,
|
|
44
|
-
|
|
48
|
+
/postgres(ql)?[_-]?url/i,
|
|
49
|
+
/mongo(db)?[_-]?url/i,
|
|
50
|
+
/redis[_-]?url/i,
|
|
51
|
+
|
|
52
|
+
// Passwords & Pins
|
|
45
53
|
/^password$/i,
|
|
46
54
|
/^passwd$/i,
|
|
47
55
|
/^pwd$/i,
|
|
48
56
|
/[_-]password$/i,
|
|
49
|
-
|
|
57
|
+
/[_-]pass$/i,
|
|
58
|
+
/pass(phrase|code)/i,
|
|
59
|
+
/admin[_-]?pass/i,
|
|
60
|
+
/pin[_-]?number/i,
|
|
61
|
+
|
|
62
|
+
// Tokens & Sessions
|
|
50
63
|
/[_-]token$/i,
|
|
51
64
|
/^token$/i,
|
|
52
|
-
/jwt[_-]?secret/i,
|
|
53
|
-
/session[_-]?secret/i,
|
|
65
|
+
/jwt[_-]?(secret|token)/i,
|
|
66
|
+
/session[_-]?(secret|token|id)/i,
|
|
54
67
|
/cookie[_-]?secret/i,
|
|
55
|
-
|
|
56
|
-
/
|
|
57
|
-
/
|
|
58
|
-
|
|
59
|
-
//
|
|
60
|
-
/
|
|
61
|
-
/
|
|
62
|
-
/
|
|
63
|
-
/
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
/openai[_-]?(key|token)/i,
|
|
68
|
+
/oauth[_-]?(token|secret|client)/i,
|
|
69
|
+
/refresh[_-]?token/i,
|
|
70
|
+
/csrf[_-]?token/i,
|
|
71
|
+
|
|
72
|
+
// Cloud Provider Keys (AWS, GCP, Azure)
|
|
73
|
+
/aws[_-]?(access[_-]?key|secret|session[_-]?token|key[_-]?id)/i,
|
|
74
|
+
/gcp[_-]?(key|secret|token|sa[_-]?key)/i,
|
|
75
|
+
/google[_-]?(api[_-]?key|credentials|client[_-]?secret)/i,
|
|
76
|
+
/azure[_-]?(key|secret|connection|token|tenant[_-]?id)/i,
|
|
77
|
+
|
|
78
|
+
// AI & Machine Learning Platforms
|
|
79
|
+
/openai[_-]?(key|token|secret)/i,
|
|
67
80
|
/anthropic[_-]?key/i,
|
|
68
|
-
/
|
|
69
|
-
/
|
|
81
|
+
/cohere[_-]?key/i,
|
|
82
|
+
/huggingface[_-]?token/i,
|
|
83
|
+
/replicate[_-]?api/i,
|
|
84
|
+
/langchain[_-]?api/i,
|
|
85
|
+
/pinecone[_-]?api/i,
|
|
86
|
+
/gemini[_-]?key/i,
|
|
87
|
+
|
|
88
|
+
// Service-Specific (CI/CD, Dev Tools, Payment, Comms)
|
|
89
|
+
/stripe[_-]?(key|secret|webhook)/i,
|
|
90
|
+
/twilio[_-]?(auth|token|sid)/i,
|
|
91
|
+
/sendgrid[_-]?(key|api)/i,
|
|
92
|
+
/github[_-]?(token|pat|secret|app[_-]?id)/i,
|
|
93
|
+
/gitlab[_-]?(token|pat|secret)/i,
|
|
94
|
+
/slack[_-]?(token|webhook|secret)/i,
|
|
95
|
+
/discord[_-]?(token|secret|webhook)/i,
|
|
96
|
+
/pagerduty[_-]?(token|key)/i,
|
|
97
|
+
/datadog[_-]?(api[_-]?key|app[_-]?key)/i,
|
|
98
|
+
/sentry[_-]?(dsn|auth[_-]?token)/i,
|
|
99
|
+
/heroku[_-]?(api[_-]?key|oauth)/i,
|
|
100
|
+
/atlassian[_-]?(token|secret)/i,
|
|
101
|
+
/jira[_-]?(token|password)/i,
|
|
102
|
+
/npm[_-]?auth[_-]?token/i,
|
|
103
|
+
/jfrog[_-]?(token|password|api)/i,
|
|
104
|
+
/firebase[_-]?(key|secret|token)/i,
|
|
105
|
+
/supabase[_-]?(key|secret|service[_-]?role)/i,
|
|
106
|
+
|
|
107
|
+
// Webhooks, Crypto, and Infrastructure
|
|
108
|
+
/webhook[_-]?(url|secret|token)/i,
|
|
109
|
+
/encryption[_-]?(key|secret|iv)/i,
|
|
70
110
|
/signing[_-]?key/i,
|
|
71
|
-
/hmac[_-]?key/i,
|
|
111
|
+
/hmac[_-]?(key|secret)/i,
|
|
72
112
|
/salt$/i,
|
|
73
|
-
/ssh[_-]?key/i,
|
|
74
|
-
/
|
|
75
|
-
/
|
|
76
|
-
/
|
|
113
|
+
/ssh[_-]?(key|private|public)/i,
|
|
114
|
+
/cert(ificate)?(s)?/i,
|
|
115
|
+
/credential(s)?/i,
|
|
116
|
+
/tls[_-]?(key|cert)/i,
|
|
117
|
+
/ssl[_-]?(key|cert)/i,
|
|
118
|
+
/kube(config)?[_-]?(token|secret)/i,
|
|
119
|
+
/vault[_-]?(token|secret|key)/i,
|
|
120
|
+
/bitcoind?[_-]?(rpc)?password/i,
|
|
77
121
|
];
|
|
78
122
|
|
|
79
123
|
/**
|
|
@@ -84,37 +128,55 @@ const SENSITIVE_VALUE_PATTERNS = [
|
|
|
84
128
|
// AWS Access Key IDs
|
|
85
129
|
{ pattern: /AKIA[0-9A-Z]{16}/, label: 'AWS_ACCESS_KEY_ID', severity: SecretSeverity.CRITICAL },
|
|
86
130
|
// AWS Secret Access Keys (40-char base64-ish)
|
|
87
|
-
{ pattern: /[A-Za-z0-9/+=]{40}/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
131
|
+
{ pattern: /(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
|
|
132
|
+
|
|
133
|
+
// Generic high-entropy hex strings (32+ chars) - Added word boundaries to reduce false positives
|
|
134
|
+
{ pattern: /\b[0-9a-f]{32,}\b/i, label: 'HEX_SECRET', severity: SecretSeverity.HIGH },
|
|
135
|
+
// Generic high-entropy base64 strings (32+ chars) - Replaced rigid anchors with lookarounds
|
|
136
|
+
{ pattern: /(?<![A-Za-z0-9+/])[A-Za-z0-9+/]{32,}={0,2}(?![A-Za-z0-9+/])/, label: 'BASE64_SECRET', severity: SecretSeverity.MEDIUM },
|
|
137
|
+
|
|
92
138
|
// JWT tokens
|
|
93
|
-
{ pattern:
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
{ pattern:
|
|
139
|
+
{ pattern: /\bey[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/, label: 'JWT_TOKEN', severity: SecretSeverity.CRITICAL },
|
|
140
|
+
|
|
141
|
+
// GitHub access tokens (Updated for all token formats: ghp, gho, ghu, ghs, ghr, fine-grained)
|
|
142
|
+
{ pattern: /\bgh[pousr]_[A-Za-z0-9]{36}\b/, label: 'GITHUB_TOKEN_CLASSIC', severity: SecretSeverity.CRITICAL },
|
|
143
|
+
{ pattern: /\bgithub_pat_[A-Za-z0-9_]{82}\b/, label: 'GITHUB_PAT_FINE', severity: SecretSeverity.CRITICAL },
|
|
144
|
+
{ pattern: /\bghs_[A-Za-z0-9\.\-_]{36,}\b/, label: 'GITHUB_APP_STATELESS_TOKEN', severity: SecretSeverity.CRITICAL }, // Supports the modern 2026 ghs_ JWT format
|
|
145
|
+
|
|
97
146
|
// Stripe keys
|
|
98
|
-
{ pattern:
|
|
99
|
-
{ pattern:
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
{ pattern: /[
|
|
104
|
-
|
|
105
|
-
|
|
147
|
+
{ pattern: /\bsk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_SECRET_KEY', severity: SecretSeverity.CRITICAL },
|
|
148
|
+
{ pattern: /\bpk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_PUBLIC_KEY', severity: SecretSeverity.HIGH },
|
|
149
|
+
|
|
150
|
+
// Slack tokens & Webhooks
|
|
151
|
+
{ pattern: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, label: 'SLACK_TOKEN', severity: SecretSeverity.CRITICAL },
|
|
152
|
+
{ pattern: /https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9_]{8}\/B[A-Z0-9_]{8}\/[A-Za-z0-9_]{24}/, label: 'SLACK_WEBHOOK', severity: SecretSeverity.CRITICAL },
|
|
153
|
+
|
|
154
|
+
// Discord tokens & Webhooks
|
|
155
|
+
{ pattern: /\b[MN][A-Za-z0-9]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}\b/, label: 'DISCORD_TOKEN', severity: SecretSeverity.CRITICAL },
|
|
156
|
+
{ pattern: /https:\/\/discord\.com\/api\/webhooks\/[0-9]{18,20}\/[A-Za-z0-9_-]{68,}/, label: 'DISCORD_WEBHOOK', severity: SecretSeverity.CRITICAL },
|
|
157
|
+
|
|
158
|
+
// Twilio SID & Auth Token
|
|
159
|
+
{ pattern: /\bAC[a-f0-9]{32}\b/, label: 'TWILIO_SID', severity: SecretSeverity.HIGH },
|
|
160
|
+
{ pattern: /\b[a-f0-9]{32}\b/, label: 'TWILIO_AUTH_TOKEN_CANDIDATE', severity: SecretSeverity.MEDIUM }, // Twilio tokens are raw 32-char hex strings often found near SIDs
|
|
161
|
+
|
|
106
162
|
// SendGrid API key
|
|
107
|
-
{ pattern:
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
{ pattern:
|
|
112
|
-
|
|
113
|
-
{ pattern: /AIza[0-9A-Za-z\\-_]{35}/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
|
|
114
|
-
// Firebase Web API Key
|
|
115
|
-
{ pattern: /AIzaSy[0-9A-Za-z\\-_]{33}/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
|
|
116
|
-
];
|
|
163
|
+
{ pattern: /\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/, label: 'SENDGRID_KEY', severity: SecretSeverity.CRITICAL },
|
|
164
|
+
|
|
165
|
+
// OpenAI & Anthropic API keys (Updated for Legacy, Project, and Claude token formats)
|
|
166
|
+
{ pattern: /\bsk-[A-Za-z0-9]{32,}\b/, label: 'OPENAI_KEY_LEGACY', severity: SecretSeverity.CRITICAL },
|
|
167
|
+
{ pattern: /\bsk-proj-[A-Za-z0-9-_]{40,}\b/, label: 'OPENAI_PROJECT_KEY', severity: SecretSeverity.CRITICAL },
|
|
168
|
+
{ pattern: /\bsk-ant-sid01-[A-Za-z0-9-_]{93}\b/, label: 'ANTHROPIC_CLAUDE_KEY', severity: SecretSeverity.CRITICAL },
|
|
117
169
|
|
|
170
|
+
// Generic UUID-like tokens
|
|
171
|
+
{ pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/i, label: 'UUID_SECRET_CANDIDATE', severity: SecretSeverity.MEDIUM },
|
|
172
|
+
|
|
173
|
+
// Google & Firebase Key
|
|
174
|
+
{ pattern: /\bAIza[0-9A-Za-z\\-_]{35}\b/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
|
|
175
|
+
{ pattern: /\bAIzaSy[0-9A-Za-z\\-_]{33}\b/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
|
|
176
|
+
|
|
177
|
+
// Private Key Files (Detects multi-line PEM blocks often found inside JSON/Env variables)
|
|
178
|
+
{ pattern: /-----BEGIN [A-Z ]+ PRIVATE KEY-----/, label: 'PRIVATE_KEY_BLOCK', severity: SecretSeverity.CRITICAL },
|
|
179
|
+
];
|
|
118
180
|
/**
|
|
119
181
|
* Minimum length a string value must have to be considered a potential secret.
|
|
120
182
|
* Short strings like "test", "dev", "localhost" are excluded.
|
package/src/index.js
CHANGED
|
@@ -7,7 +7,7 @@ import { CodeSmellAnalyzer } from './analyzers/CodeSmellAnalyzer.js';
|
|
|
7
7
|
|
|
8
8
|
/**
|
|
9
9
|
* ============================================================================
|
|
10
|
-
* 📦 entkapp
|
|
10
|
+
* 📦 entkapp v5.3.0: Unified Architectural Refactoring Orchestrator
|
|
11
11
|
* ============================================================================
|
|
12
12
|
* Main execution bridge managing multi-pass compilation cycles, semantic cross-linking,
|
|
13
13
|
* supply-chain validation audits, and automated structural healing rollbacks.
|
|
@@ -64,6 +64,11 @@ export class RefactoringEngine {
|
|
|
64
64
|
this.resolver = new DependencyResolver(this.context, this.pathMapper, this.workspaceGraph);
|
|
65
65
|
this.circularDetector = new CircularDetector(this.context);
|
|
66
66
|
|
|
67
|
+
// Lazy import DependencyProfiler
|
|
68
|
+
import('./resolution/DependencyProfiler.js').then(({ DependencyProfiler }) => {
|
|
69
|
+
this.dependencyProfiler = new DependencyProfiler(this.context);
|
|
70
|
+
}).catch(() => {});
|
|
71
|
+
|
|
67
72
|
// Stage 3: Wire official AST Syntax parsers and framework processors
|
|
68
73
|
this.analyzer = new ASTAnalyzer(this.context);
|
|
69
74
|
this.oxcAnalyzer = new OxcAnalyzer(this.context);
|
|
@@ -115,6 +120,16 @@ export class RefactoringEngine {
|
|
|
115
120
|
await this.workspaceGraph.initializeWorkspaceMesh();
|
|
116
121
|
if (this.context.isWorkspaceEnabled) {
|
|
117
122
|
console.log(ansis.dim('🌐 Monorepo workspace detected – mapping package mesh layers...'));
|
|
123
|
+
// Expose workspaceGraph on context for WorkspaceDiagnostic and other components
|
|
124
|
+
this.context.workspaceGraph = this.workspaceGraph;
|
|
125
|
+
// Reload PathMapper aliases now that workspace roots are known
|
|
126
|
+
await this.pathMapper.loadMappings(this.context.tsconfigFilename);
|
|
127
|
+
if (this.context.verbose) {
|
|
128
|
+
console.log(`[Workspace] Found ${this.workspaceGraph.packageManifests.size} workspace packages:`);
|
|
129
|
+
for (const [dir, manifest] of this.workspaceGraph.packageManifests.entries()) {
|
|
130
|
+
console.log(ansis.dim(` • ${manifest.name || dir}`));
|
|
131
|
+
}
|
|
132
|
+
}
|
|
118
133
|
}
|
|
119
134
|
|
|
120
135
|
// UPGRADE: Always clear cache for fresh analysis run
|
|
@@ -141,6 +156,12 @@ export class RefactoringEngine {
|
|
|
141
156
|
this.context.metrics.totalFilesScanned = fileList.length;
|
|
142
157
|
|
|
143
158
|
// Identify meta-framework setups (Next.js, Remix, Nuxt, etc.)
|
|
159
|
+
if (this.dependencyProfiler) {
|
|
160
|
+
const usedDeps = await this.dependencyProfiler.traceImplicitInvocations(this.context.cwd);
|
|
161
|
+
for (const dep of usedDeps) {
|
|
162
|
+
this.context.usedExternalPackages.add(dep);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
144
165
|
const activeFrameworkEcosystems = await this.magicDetector.identifyActiveProjectEcosystems(this.context.cwd);
|
|
145
166
|
|
|
146
167
|
// Separate explicit configuration packages out for targeted supply chain security checks
|
|
@@ -985,6 +1006,20 @@ export class RefactoringEngine {
|
|
|
985
1006
|
peerDependencies: Object.keys(data.peerDependencies || {}),
|
|
986
1007
|
optionalDependencies: Object.keys(data.optionalDependencies || {})
|
|
987
1008
|
});
|
|
1009
|
+
|
|
1010
|
+
// Also register workspace manifests if not already done
|
|
1011
|
+
if (this.context.isWorkspaceEnabled && this.workspaceGraph) {
|
|
1012
|
+
for (const [dir, manifest] of this.workspaceGraph.packageManifests.entries()) {
|
|
1013
|
+
if (!this.context.manifestDependencies.has(manifest.manifestPath)) {
|
|
1014
|
+
this.context.manifestDependencies.set(manifest.manifestPath, {
|
|
1015
|
+
dependencies: Object.keys(manifest.dependencies || {}),
|
|
1016
|
+
devDependencies: Object.keys(manifest.devDependencies || {}),
|
|
1017
|
+
peerDependencies: Object.keys(manifest.peerDependencies || {}),
|
|
1018
|
+
optionalDependencies: Object.keys(manifest.optionalDependencies || {})
|
|
1019
|
+
});
|
|
1020
|
+
}
|
|
1021
|
+
}
|
|
1022
|
+
}
|
|
988
1023
|
} catch (e) {}
|
|
989
1024
|
}
|
|
990
1025
|
|