npm - getdoorman - Versions diffs - 1.0.0 - Mend

getdoorman 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/LICENSE +21 -0
package/README.md +181 -0
package/bin/doorman.js +444 -0
package/package.json +74 -0
package/src/ai-fixer.js +559 -0
package/src/ast-scanner.js +434 -0
package/src/auth.js +149 -0
package/src/baseline.js +48 -0
package/src/compliance.js +539 -0
package/src/config.js +466 -0
package/src/custom-rules.js +32 -0
package/src/dashboard.js +202 -0
package/src/detector.js +142 -0
package/src/fix-engine.js +48 -0
package/src/fix-registry-extra.js +95 -0
package/src/fix-registry-go-rust.js +77 -0
package/src/fix-registry-java-csharp.js +77 -0
package/src/fix-registry-js.js +99 -0
package/src/fix-registry-mcp-ai.js +57 -0
package/src/fix-registry-python.js +87 -0
package/src/fixer-ruby-php.js +608 -0
package/src/fixer.js +2113 -0
package/src/hooks.js +115 -0
package/src/ignore.js +176 -0
package/src/index.js +384 -0
package/src/metrics.js +126 -0
package/src/monorepo.js +65 -0
package/src/presets.js +54 -0
package/src/reporter.js +975 -0
package/src/rule-worker.js +36 -0
package/src/rules/ast-rules.js +756 -0
package/src/rules/bugs/accessibility.js +235 -0
package/src/rules/bugs/ai-codegen-fixable.js +172 -0
package/src/rules/bugs/ai-codegen.js +365 -0
package/src/rules/bugs/code-smell-bugs.js +247 -0
package/src/rules/bugs/crypto-bugs.js +195 -0
package/src/rules/bugs/docker-bugs.js +158 -0
package/src/rules/bugs/general.js +361 -0
package/src/rules/bugs/go-bugs.js +279 -0
package/src/rules/bugs/index.js +73 -0
package/src/rules/bugs/js-api.js +257 -0
package/src/rules/bugs/js-array-object.js +210 -0
package/src/rules/bugs/js-async-fixable.js +223 -0
package/src/rules/bugs/js-async.js +211 -0
package/src/rules/bugs/js-closure-scope.js +182 -0
package/src/rules/bugs/js-database.js +203 -0
package/src/rules/bugs/js-error-handling.js +148 -0
package/src/rules/bugs/js-logic.js +261 -0
package/src/rules/bugs/js-memory.js +214 -0
package/src/rules/bugs/js-node.js +361 -0
package/src/rules/bugs/js-react.js +373 -0
package/src/rules/bugs/js-regex.js +200 -0
package/src/rules/bugs/js-state.js +272 -0
package/src/rules/bugs/js-type-coercion.js +318 -0
package/src/rules/bugs/nextjs-bugs.js +242 -0
package/src/rules/bugs/nextjs-fixable.js +120 -0
package/src/rules/bugs/node-fixable.js +178 -0
package/src/rules/bugs/python-advanced.js +245 -0
package/src/rules/bugs/python-fixable.js +98 -0
package/src/rules/bugs/python.js +284 -0
package/src/rules/bugs/react-fixable.js +207 -0
package/src/rules/bugs/ruby-bugs.js +182 -0
package/src/rules/bugs/shell-bugs.js +181 -0
package/src/rules/bugs/silent-failures.js +261 -0
package/src/rules/bugs/ts-bugs.js +235 -0
package/src/rules/bugs/unused-vars.js +65 -0
package/src/rules/compliance/accessibility-ext.js +468 -0
package/src/rules/compliance/education.js +322 -0
package/src/rules/compliance/financial.js +421 -0
package/src/rules/compliance/frameworks.js +507 -0
package/src/rules/compliance/healthcare.js +520 -0
package/src/rules/compliance/index.js +2714 -0
package/src/rules/compliance/regional-eu.js +480 -0
package/src/rules/compliance/regional-international.js +903 -0
package/src/rules/cost/index.js +1993 -0
package/src/rules/data/index.js +2503 -0
package/src/rules/dependencies/index.js +1684 -0
package/src/rules/deployment/index.js +2050 -0
package/src/rules/index.js +71 -0
package/src/rules/infrastructure/index.js +3048 -0
package/src/rules/performance/index.js +3455 -0
package/src/rules/quality/index.js +3175 -0
package/src/rules/reliability/index.js +3040 -0
package/src/rules/scope-rules.js +815 -0
package/src/rules/security/ai-api.js +1177 -0
package/src/rules/security/auth.js +1328 -0
package/src/rules/security/cors.js +127 -0
package/src/rules/security/crypto.js +527 -0
package/src/rules/security/csharp.js +862 -0
package/src/rules/security/csrf.js +193 -0
package/src/rules/security/dart.js +835 -0
package/src/rules/security/deserialization.js +291 -0
package/src/rules/security/file-upload.js +187 -0
package/src/rules/security/go.js +850 -0
package/src/rules/security/headers.js +235 -0
package/src/rules/security/index.js +65 -0
package/src/rules/security/injection.js +1639 -0
package/src/rules/security/mcp-server.js +71 -0
package/src/rules/security/misconfiguration.js +660 -0
package/src/rules/security/oauth-jwt.js +329 -0
package/src/rules/security/path-traversal.js +295 -0
package/src/rules/security/php.js +1054 -0
package/src/rules/security/prototype-pollution.js +283 -0
package/src/rules/security/rate-limiting.js +208 -0
package/src/rules/security/ruby.js +1061 -0
package/src/rules/security/rust.js +693 -0
package/src/rules/security/secrets.js +747 -0
package/src/rules/security/shell.js +647 -0
package/src/rules/security/ssrf.js +298 -0
package/src/rules/security/supply-chain-advanced.js +393 -0
package/src/rules/security/supply-chain.js +734 -0
package/src/rules/security/swift.js +835 -0
package/src/rules/security/taint.js +27 -0
package/src/rules/security/xss.js +520 -0
package/src/scan-cache.js +71 -0
package/src/scanner.js +710 -0
package/src/scope-analyzer.js +685 -0
package/src/share.js +88 -0
package/src/taint.js +300 -0
package/src/telemetry.js +183 -0
package/src/tracer.js +190 -0
package/src/upload.js +35 -0
package/src/worker.js +31 -0

package/src/metrics.js ADDED Viewed

@@ -0,0 +1,126 @@
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+const METRICS_DIR = '.doorman';
+const METRICS_FILE = 'metrics.json';
+function getMetricsPath(targetPath) {
+  return join(targetPath, METRICS_DIR, METRICS_FILE);
+}
+function ensureDir(targetPath) {
+  const dir = join(targetPath, METRICS_DIR);
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+}
+export function loadMetrics(targetPath) {
+  const path = getMetricsPath(targetPath);
+  if (!existsSync(path)) {
+    return { scans: [], fixes: [], scores: [] };
+  }
+  return JSON.parse(readFileSync(path, 'utf-8'));
+}
+export function recordScan(targetPath, { score, findings, stack }) {
+  ensureDir(targetPath);
+  const metrics = loadMetrics(targetPath);
+  const scan = {
+    timestamp: new Date().toISOString(),
+    score,
+    totalFindings: findings.length,
+    bySeverity: {
+      critical: findings.filter(f => f.severity === 'critical').length,
+      high: findings.filter(f => f.severity === 'high').length,
+      medium: findings.filter(f => f.severity === 'medium').length,
+      low: findings.filter(f => f.severity === 'low').length,
+    },
+    byCategory: {},
+    fixable: findings.filter(f => f.fix).length,
+    stack: stack.framework || stack.language || 'unknown',
+  };
+  // Count by category
+  for (const f of findings) {
+    scan.byCategory[f.category] = (scan.byCategory[f.category] || 0) + 1;
+  }
+  metrics.scans.push(scan);
+  // Keep last 100 scans
+  if (metrics.scans.length > 100) metrics.scans = metrics.scans.slice(-100);
+  // Track score history
+  metrics.scores.push({ timestamp: scan.timestamp, score });
+  if (metrics.scores.length > 100) metrics.scores = metrics.scores.slice(-100);
+  writeFileSync(getMetricsPath(targetPath), JSON.stringify(metrics, null, 2));
+  return scan;
+}
+export function recordFix(targetPath, { applied, offered, accepted }) {
+  ensureDir(targetPath);
+  const metrics = loadMetrics(targetPath);
+  metrics.fixes.push({
+    timestamp: new Date().toISOString(),
+    offered,
+    applied,
+    accepted,
+    rate: offered > 0 ? Math.round((accepted / offered) * 100) : 0,
+  });
+  if (metrics.fixes.length > 100) metrics.fixes = metrics.fixes.slice(-100);
+  writeFileSync(getMetricsPath(targetPath), JSON.stringify(metrics, null, 2));
+}
+export function getScoreHistory(targetPath) {
+  const metrics = loadMetrics(targetPath);
+  return metrics.scores;
+}
+export function getFixAcceptanceRate(targetPath) {
+  const metrics = loadMetrics(targetPath);
+  if (metrics.fixes.length === 0) return null;
+  const totalOffered = metrics.fixes.reduce((sum, f) => sum + f.offered, 0);
+  const totalAccepted = metrics.fixes.reduce((sum, f) => sum + f.accepted, 0);
+  return {
+    totalOffered,
+    totalAccepted,
+    rate: totalOffered > 0 ? Math.round((totalAccepted / totalOffered) * 100) : 0,
+    history: metrics.fixes,
+  };
+}
+export function printMetricsSummary(targetPath) {
+  const metrics = loadMetrics(targetPath);
+  if (metrics.scans.length === 0) {
+    console.log('  No scan history yet. Run `doorman check` first.');
+    return;
+  }
+  const latest = metrics.scans[metrics.scans.length - 1];
+  const first = metrics.scans[0];
+  const scoreDelta = latest.score - first.score;
+  console.log('');
+  console.log('  Doorman Metrics');
+  console.log('  ═══════════════════');
+  console.log(`  Total scans: ${metrics.scans.length}`);
+  console.log(`  Current score: ${latest.score}/100`);
+  if (metrics.scans.length > 1) {
+    console.log(`  Score trend: ${scoreDelta >= 0 ? '+' : ''}${scoreDelta} since first scan`);
+  }
+  console.log(`  Total findings: ${latest.totalFindings}`);
+  console.log(`  Auto-fixable: ${latest.fixable}`);
+  if (metrics.fixes.length > 0) {
+    const fixRate = getFixAcceptanceRate(targetPath);
+    console.log(`  Fix acceptance rate: ${fixRate.rate}%`);
+  }
+  console.log('');
+}

package/src/monorepo.js ADDED Viewed

@@ -0,0 +1,65 @@
+// Monorepo detection and workspace root discovery
+import { existsSync, readFileSync } from 'fs';
+import { join, resolve } from 'path';
+/**
+ * Detect monorepo workspaces and return workspace roots.
+ * Supports: npm workspaces, yarn, pnpm, turborepo, nx, lerna
+ */
+export function detectWorkspaces(targetPath) {
+  const workspaces = [];
+  // npm/yarn workspaces
+  const pkgPath = join(targetPath, 'package.json');
+  if (existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+      const ws = pkg.workspaces;
+      if (Array.isArray(ws)) {
+        workspaces.push(...ws);
+      } else if (ws && Array.isArray(ws.packages)) {
+        workspaces.push(...ws.packages);
+      }
+    } catch {}
+  }
+  // pnpm workspaces
+  const pnpmWs = join(targetPath, 'pnpm-workspace.yaml');
+  if (existsSync(pnpmWs)) {
+    try {
+      const content = readFileSync(pnpmWs, 'utf-8');
+      const matches = content.match(/- ['"]?([^'":\n]+)['"]?/g);
+      if (matches) {
+        workspaces.push(...matches.map(m => m.replace(/^- ['"]?/, '').replace(/['"]?$/, '')));
+      }
+    } catch {}
+  }
+  // turborepo
+  if (existsSync(join(targetPath, 'turbo.json'))) {
+    // turbo uses package.json workspaces — already handled above
+  }
+  // nx
+  if (existsSync(join(targetPath, 'nx.json'))) {
+    if (workspaces.length === 0) {
+      // Default nx layout
+      if (existsSync(join(targetPath, 'apps'))) workspaces.push('apps/*');
+      if (existsSync(join(targetPath, 'libs'))) workspaces.push('libs/*');
+      if (existsSync(join(targetPath, 'packages'))) workspaces.push('packages/*');
+    }
+  }
+  // lerna
+  const lernaPath = join(targetPath, 'lerna.json');
+  if (existsSync(lernaPath) && workspaces.length === 0) {
+    try {
+      const lerna = JSON.parse(readFileSync(lernaPath, 'utf-8'));
+      if (Array.isArray(lerna.packages)) {
+        workspaces.push(...lerna.packages);
+      }
+    } catch {}
+  }
+  return { isMonorepo: workspaces.length > 0, workspaces };
+}

package/src/presets.js ADDED Viewed

@@ -0,0 +1,54 @@
+// ---------------------------------------------------------------------------
+// Built-in configuration presets for Doorman
+// ---------------------------------------------------------------------------
+/**
+ * "recommended" — sensible defaults for most projects.
+ * All categories, medium+ severity, common ignore patterns.
+ */
+const recommended = {
+  rules: {},
+  categories: [],               // empty = all categories
+  severity: 'medium',
+  ignore: ['test/**', 'vendor/**', '*.min.js'],
+};
+/**
+ * "strict" — everything, no mercy.
+ * All categories, all severities, no extra ignore patterns.
+ */
+const strict = {
+  rules: {},
+  categories: [],               // all categories
+  severity: 'low',
+  ignore: [],
+};
+/**
+ * "minimal" — only the critical stuff.
+ * Security + reliability only, high+ severity.
+ */
+const minimal = {
+  rules: {},
+  categories: ['security', 'reliability'],
+  severity: 'high',
+  ignore: ['test/**', 'vendor/**', '*.min.js'],
+};
+const PRESETS = { recommended, strict, minimal };
+/**
+ * Resolve a preset by name. Returns a shallow copy or null if unknown.
+ */
+export function getPreset(name) {
+  const preset = PRESETS[name];
+  if (!preset) return null;
+  return {
+    ...preset,
+    rules: { ...preset.rules },
+    categories: [...preset.categories],
+    ignore: [...preset.ignore],
+  };
+}
+export { PRESETS };