ferret-scan 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +51 -0
- package/LICENSE +21 -0
- package/README.md +416 -0
- package/bin/ferret.js +822 -0
- package/dist/__tests__/basic.test.d.ts +6 -0
- package/dist/__tests__/basic.test.js +80 -0
- package/dist/analyzers/AstAnalyzer.d.ts +30 -0
- package/dist/analyzers/AstAnalyzer.js +332 -0
- package/dist/analyzers/CorrelationAnalyzer.d.ts +21 -0
- package/dist/analyzers/CorrelationAnalyzer.js +288 -0
- package/dist/index.d.ts +17 -0
- package/dist/index.js +22 -0
- package/dist/intelligence/IndicatorMatcher.d.ts +50 -0
- package/dist/intelligence/IndicatorMatcher.js +285 -0
- package/dist/intelligence/ThreatFeed.d.ts +99 -0
- package/dist/intelligence/ThreatFeed.js +296 -0
- package/dist/remediation/Fixer.d.ts +71 -0
- package/dist/remediation/Fixer.js +391 -0
- package/dist/remediation/Quarantine.d.ts +102 -0
- package/dist/remediation/Quarantine.js +329 -0
- package/dist/reporters/ConsoleReporter.d.ts +13 -0
- package/dist/reporters/ConsoleReporter.js +185 -0
- package/dist/reporters/HtmlReporter.d.ts +25 -0
- package/dist/reporters/HtmlReporter.js +604 -0
- package/dist/reporters/SarifReporter.d.ts +86 -0
- package/dist/reporters/SarifReporter.js +117 -0
- package/dist/rules/ai-specific.d.ts +8 -0
- package/dist/rules/ai-specific.js +221 -0
- package/dist/rules/backdoors.d.ts +8 -0
- package/dist/rules/backdoors.js +134 -0
- package/dist/rules/correlationRules.d.ts +8 -0
- package/dist/rules/correlationRules.js +227 -0
- package/dist/rules/credentials.d.ts +8 -0
- package/dist/rules/credentials.js +194 -0
- package/dist/rules/exfiltration.d.ts +8 -0
- package/dist/rules/exfiltration.js +139 -0
- package/dist/rules/index.d.ts +51 -0
- package/dist/rules/index.js +97 -0
- package/dist/rules/injection.d.ts +8 -0
- package/dist/rules/injection.js +136 -0
- package/dist/rules/obfuscation.d.ts +8 -0
- package/dist/rules/obfuscation.js +159 -0
- package/dist/rules/permissions.d.ts +8 -0
- package/dist/rules/permissions.js +129 -0
- package/dist/rules/persistence.d.ts +8 -0
- package/dist/rules/persistence.js +117 -0
- package/dist/rules/semanticRules.d.ts +10 -0
- package/dist/rules/semanticRules.js +212 -0
- package/dist/rules/supply-chain.d.ts +8 -0
- package/dist/rules/supply-chain.js +148 -0
- package/dist/scanner/FileDiscovery.d.ts +24 -0
- package/dist/scanner/FileDiscovery.js +282 -0
- package/dist/scanner/PatternMatcher.d.ts +25 -0
- package/dist/scanner/PatternMatcher.js +206 -0
- package/dist/scanner/Scanner.d.ts +14 -0
- package/dist/scanner/Scanner.js +266 -0
- package/dist/scanner/WatchMode.d.ts +29 -0
- package/dist/scanner/WatchMode.js +195 -0
- package/dist/types.d.ts +332 -0
- package/dist/types.js +53 -0
- package/dist/utils/baseline.d.ts +80 -0
- package/dist/utils/baseline.js +276 -0
- package/dist/utils/config.d.ts +21 -0
- package/dist/utils/config.js +247 -0
- package/dist/utils/ignore.d.ts +18 -0
- package/dist/utils/ignore.js +82 -0
- package/dist/utils/logger.d.ts +32 -0
- package/dist/utils/logger.js +75 -0
- package/package.json +119 -0
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Logger utility for Ferret-Scan
|
|
3
|
+
* Provides consistent logging with levels and formatting
|
|
4
|
+
*/
|
|
5
|
+
const LOG_LEVELS = {
|
|
6
|
+
debug: 0,
|
|
7
|
+
info: 1,
|
|
8
|
+
warn: 2,
|
|
9
|
+
error: 3,
|
|
10
|
+
silent: 4,
|
|
11
|
+
};
|
|
12
|
+
class Logger {
|
|
13
|
+
config = {
|
|
14
|
+
level: 'info',
|
|
15
|
+
verbose: false,
|
|
16
|
+
ci: false,
|
|
17
|
+
};
|
|
18
|
+
configure(config) {
|
|
19
|
+
this.config = { ...this.config, ...config };
|
|
20
|
+
}
|
|
21
|
+
shouldLog(level) {
|
|
22
|
+
return LOG_LEVELS[level] >= LOG_LEVELS[this.config.level];
|
|
23
|
+
}
|
|
24
|
+
formatMessage(level, message) {
|
|
25
|
+
if (this.config.ci) {
|
|
26
|
+
return `[${level.toUpperCase()}] ${message}`;
|
|
27
|
+
}
|
|
28
|
+
const timestamp = new Date().toISOString();
|
|
29
|
+
return `[${timestamp}] [${level.toUpperCase()}] ${message}`;
|
|
30
|
+
}
|
|
31
|
+
debug(message, ...args) {
|
|
32
|
+
if (this.shouldLog('debug') && this.config.verbose) {
|
|
33
|
+
console.error(this.formatMessage('debug', message), ...args);
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
info(message, ...args) {
|
|
37
|
+
if (this.shouldLog('info')) {
|
|
38
|
+
console.error(this.formatMessage('info', message), ...args);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
warn(message, ...args) {
|
|
42
|
+
if (this.shouldLog('warn')) {
|
|
43
|
+
console.error(this.formatMessage('warn', message), ...args);
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
error(message, ...args) {
|
|
47
|
+
if (this.shouldLog('error')) {
|
|
48
|
+
console.error(this.formatMessage('error', message), ...args);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
/** Log without any formatting - for direct output */
|
|
52
|
+
raw(message) {
|
|
53
|
+
if (this.config.level !== 'silent') {
|
|
54
|
+
console.error(message);
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
/** Log finding with severity-appropriate formatting */
|
|
58
|
+
finding(severity, message) {
|
|
59
|
+
if (this.shouldLog('info')) {
|
|
60
|
+
console.error(`[${severity}] ${message}`);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/** Get current log level */
|
|
64
|
+
getLevel() {
|
|
65
|
+
return this.config.level;
|
|
66
|
+
}
|
|
67
|
+
/** Check if verbose mode is enabled */
|
|
68
|
+
isVerbose() {
|
|
69
|
+
return this.config.verbose;
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
// Singleton logger instance
|
|
73
|
+
export const logger = new Logger();
|
|
74
|
+
export default logger;
|
|
75
|
+
//# sourceMappingURL=logger.js.map
|
package/package.json
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "ferret-scan",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Security scanner for AI CLI configurations - detect prompt injections, credential leaks, and malicious patterns in AI agent configs",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "dist/index.js",
|
|
7
|
+
"types": "dist/index.d.ts",
|
|
8
|
+
"bin": {
|
|
9
|
+
"ferret": "./bin/ferret.js"
|
|
10
|
+
},
|
|
11
|
+
"scripts": {
|
|
12
|
+
"build": "tsc",
|
|
13
|
+
"dev": "tsc --watch",
|
|
14
|
+
"start": "node bin/ferret.js",
|
|
15
|
+
"test": "jest",
|
|
16
|
+
"test:watch": "jest --watch",
|
|
17
|
+
"test:coverage": "jest --coverage",
|
|
18
|
+
"typecheck": "tsc --noEmit",
|
|
19
|
+
"lint": "eslint src",
|
|
20
|
+
"lint:fix": "eslint src --fix",
|
|
21
|
+
"prepare": "npm run build",
|
|
22
|
+
"prepublishOnly": "npm run build && npm run test && npm run lint",
|
|
23
|
+
"scan": "node bin/ferret.js scan",
|
|
24
|
+
"check:resources": "node -e \"console.log('RAM:', Math.round(process.memoryUsage().heapUsed / 1024 / 1024) + 'MB')\""
|
|
25
|
+
},
|
|
26
|
+
"keywords": [
|
|
27
|
+
"ai-cli",
|
|
28
|
+
"ai-security",
|
|
29
|
+
"llm-security",
|
|
30
|
+
"ai-agent",
|
|
31
|
+
"claude-code",
|
|
32
|
+
"cursor",
|
|
33
|
+
"windsurf",
|
|
34
|
+
"continue",
|
|
35
|
+
"aider",
|
|
36
|
+
"cline",
|
|
37
|
+
"security-scanner",
|
|
38
|
+
"security-audit",
|
|
39
|
+
"vulnerability-scanner",
|
|
40
|
+
"static-analysis",
|
|
41
|
+
"security",
|
|
42
|
+
"scanner",
|
|
43
|
+
"prompt-injection",
|
|
44
|
+
"prompt-security",
|
|
45
|
+
"jailbreak-detection",
|
|
46
|
+
"malware-detection",
|
|
47
|
+
"threat-intelligence",
|
|
48
|
+
"sarif",
|
|
49
|
+
"sast",
|
|
50
|
+
"devsecops",
|
|
51
|
+
"security-tools",
|
|
52
|
+
"cli",
|
|
53
|
+
"devtools",
|
|
54
|
+
"automation",
|
|
55
|
+
"ci-cd",
|
|
56
|
+
"github-actions",
|
|
57
|
+
"docker"
|
|
58
|
+
],
|
|
59
|
+
"author": {
|
|
60
|
+
"name": "Ferret Security Team",
|
|
61
|
+
"email": "security@ferret-scan.dev"
|
|
62
|
+
},
|
|
63
|
+
"license": "MIT",
|
|
64
|
+
"repository": {
|
|
65
|
+
"type": "git",
|
|
66
|
+
"url": "https://github.com/fubak/ferret-scan.git"
|
|
67
|
+
},
|
|
68
|
+
"bugs": {
|
|
69
|
+
"url": "https://github.com/fubak/ferret-scan/issues"
|
|
70
|
+
},
|
|
71
|
+
"homepage": "https://github.com/fubak/ferret-scan#readme",
|
|
72
|
+
"engines": {
|
|
73
|
+
"node": ">=18.0.0",
|
|
74
|
+
"npm": ">=9.0.0"
|
|
75
|
+
},
|
|
76
|
+
"os": [
|
|
77
|
+
"!win32"
|
|
78
|
+
],
|
|
79
|
+
"cpu": [
|
|
80
|
+
"x64",
|
|
81
|
+
"arm64"
|
|
82
|
+
],
|
|
83
|
+
"files": [
|
|
84
|
+
"dist/**/*.js",
|
|
85
|
+
"dist/**/*.d.ts",
|
|
86
|
+
"bin/ferret.js",
|
|
87
|
+
"src/rules/*.json",
|
|
88
|
+
"LICENSE",
|
|
89
|
+
"README.md",
|
|
90
|
+
"CHANGELOG.md"
|
|
91
|
+
],
|
|
92
|
+
"publishConfig": {
|
|
93
|
+
"access": "public",
|
|
94
|
+
"registry": "https://registry.npmjs.org/"
|
|
95
|
+
},
|
|
96
|
+
"dependencies": {
|
|
97
|
+
"boxen": "^7.1.1",
|
|
98
|
+
"chalk": "^5.3.0",
|
|
99
|
+
"chokidar": "^3.5.3",
|
|
100
|
+
"commander": "^12.1.0",
|
|
101
|
+
"glob": "^10.3.10",
|
|
102
|
+
"ignore": "^5.3.1",
|
|
103
|
+
"ora": "^8.0.1",
|
|
104
|
+
"table": "^6.8.1",
|
|
105
|
+
"yaml": "^2.3.4"
|
|
106
|
+
},
|
|
107
|
+
"devDependencies": {
|
|
108
|
+
"@eslint/js": "^9.39.2",
|
|
109
|
+
"@types/jest": "^29.5.11",
|
|
110
|
+
"@types/node": "^20.11.0",
|
|
111
|
+
"@typescript-eslint/eslint-plugin": "^6.19.0",
|
|
112
|
+
"@typescript-eslint/parser": "^6.19.0",
|
|
113
|
+
"eslint": "^8.56.0",
|
|
114
|
+
"jest": "^29.7.0",
|
|
115
|
+
"ts-jest": "^29.1.1",
|
|
116
|
+
"typescript": "^5.9.3",
|
|
117
|
+
"typescript-eslint": "^8.54.0"
|
|
118
|
+
}
|
|
119
|
+
}
|