npm - getdoorman - Versions diffs - 1.0.0 - Mend

getdoorman 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/LICENSE +21 -0
package/README.md +181 -0
package/bin/doorman.js +444 -0
package/package.json +74 -0
package/src/ai-fixer.js +559 -0
package/src/ast-scanner.js +434 -0
package/src/auth.js +149 -0
package/src/baseline.js +48 -0
package/src/compliance.js +539 -0
package/src/config.js +466 -0
package/src/custom-rules.js +32 -0
package/src/dashboard.js +202 -0
package/src/detector.js +142 -0
package/src/fix-engine.js +48 -0
package/src/fix-registry-extra.js +95 -0
package/src/fix-registry-go-rust.js +77 -0
package/src/fix-registry-java-csharp.js +77 -0
package/src/fix-registry-js.js +99 -0
package/src/fix-registry-mcp-ai.js +57 -0
package/src/fix-registry-python.js +87 -0
package/src/fixer-ruby-php.js +608 -0
package/src/fixer.js +2113 -0
package/src/hooks.js +115 -0
package/src/ignore.js +176 -0
package/src/index.js +384 -0
package/src/metrics.js +126 -0
package/src/monorepo.js +65 -0
package/src/presets.js +54 -0
package/src/reporter.js +975 -0
package/src/rule-worker.js +36 -0
package/src/rules/ast-rules.js +756 -0
package/src/rules/bugs/accessibility.js +235 -0
package/src/rules/bugs/ai-codegen-fixable.js +172 -0
package/src/rules/bugs/ai-codegen.js +365 -0
package/src/rules/bugs/code-smell-bugs.js +247 -0
package/src/rules/bugs/crypto-bugs.js +195 -0
package/src/rules/bugs/docker-bugs.js +158 -0
package/src/rules/bugs/general.js +361 -0
package/src/rules/bugs/go-bugs.js +279 -0
package/src/rules/bugs/index.js +73 -0
package/src/rules/bugs/js-api.js +257 -0
package/src/rules/bugs/js-array-object.js +210 -0
package/src/rules/bugs/js-async-fixable.js +223 -0
package/src/rules/bugs/js-async.js +211 -0
package/src/rules/bugs/js-closure-scope.js +182 -0
package/src/rules/bugs/js-database.js +203 -0
package/src/rules/bugs/js-error-handling.js +148 -0
package/src/rules/bugs/js-logic.js +261 -0
package/src/rules/bugs/js-memory.js +214 -0
package/src/rules/bugs/js-node.js +361 -0
package/src/rules/bugs/js-react.js +373 -0
package/src/rules/bugs/js-regex.js +200 -0
package/src/rules/bugs/js-state.js +272 -0
package/src/rules/bugs/js-type-coercion.js +318 -0
package/src/rules/bugs/nextjs-bugs.js +242 -0
package/src/rules/bugs/nextjs-fixable.js +120 -0
package/src/rules/bugs/node-fixable.js +178 -0
package/src/rules/bugs/python-advanced.js +245 -0
package/src/rules/bugs/python-fixable.js +98 -0
package/src/rules/bugs/python.js +284 -0
package/src/rules/bugs/react-fixable.js +207 -0
package/src/rules/bugs/ruby-bugs.js +182 -0
package/src/rules/bugs/shell-bugs.js +181 -0
package/src/rules/bugs/silent-failures.js +261 -0
package/src/rules/bugs/ts-bugs.js +235 -0
package/src/rules/bugs/unused-vars.js +65 -0
package/src/rules/compliance/accessibility-ext.js +468 -0
package/src/rules/compliance/education.js +322 -0
package/src/rules/compliance/financial.js +421 -0
package/src/rules/compliance/frameworks.js +507 -0
package/src/rules/compliance/healthcare.js +520 -0
package/src/rules/compliance/index.js +2714 -0
package/src/rules/compliance/regional-eu.js +480 -0
package/src/rules/compliance/regional-international.js +903 -0
package/src/rules/cost/index.js +1993 -0
package/src/rules/data/index.js +2503 -0
package/src/rules/dependencies/index.js +1684 -0
package/src/rules/deployment/index.js +2050 -0
package/src/rules/index.js +71 -0
package/src/rules/infrastructure/index.js +3048 -0
package/src/rules/performance/index.js +3455 -0
package/src/rules/quality/index.js +3175 -0
package/src/rules/reliability/index.js +3040 -0
package/src/rules/scope-rules.js +815 -0
package/src/rules/security/ai-api.js +1177 -0
package/src/rules/security/auth.js +1328 -0
package/src/rules/security/cors.js +127 -0
package/src/rules/security/crypto.js +527 -0
package/src/rules/security/csharp.js +862 -0
package/src/rules/security/csrf.js +193 -0
package/src/rules/security/dart.js +835 -0
package/src/rules/security/deserialization.js +291 -0
package/src/rules/security/file-upload.js +187 -0
package/src/rules/security/go.js +850 -0
package/src/rules/security/headers.js +235 -0
package/src/rules/security/index.js +65 -0
package/src/rules/security/injection.js +1639 -0
package/src/rules/security/mcp-server.js +71 -0
package/src/rules/security/misconfiguration.js +660 -0
package/src/rules/security/oauth-jwt.js +329 -0
package/src/rules/security/path-traversal.js +295 -0
package/src/rules/security/php.js +1054 -0
package/src/rules/security/prototype-pollution.js +283 -0
package/src/rules/security/rate-limiting.js +208 -0
package/src/rules/security/ruby.js +1061 -0
package/src/rules/security/rust.js +693 -0
package/src/rules/security/secrets.js +747 -0
package/src/rules/security/shell.js +647 -0
package/src/rules/security/ssrf.js +298 -0
package/src/rules/security/supply-chain-advanced.js +393 -0
package/src/rules/security/supply-chain.js +734 -0
package/src/rules/security/swift.js +835 -0
package/src/rules/security/taint.js +27 -0
package/src/rules/security/xss.js +520 -0
package/src/scan-cache.js +71 -0
package/src/scanner.js +710 -0
package/src/scope-analyzer.js +685 -0
package/src/share.js +88 -0
package/src/taint.js +300 -0
package/src/telemetry.js +183 -0
package/src/tracer.js +190 -0
package/src/upload.js +35 -0
package/src/worker.js +31 -0

package/src/rules/index.js ADDED Viewed

@@ -0,0 +1,71 @@
+import securityRules from './security/index.js';
+import performanceRules from './performance/index.js';
+import reliabilityRules from './reliability/index.js';
+import costRules from './cost/index.js';
+import complianceRules from './compliance/index.js';
+import dataRules from './data/index.js';
+import dependencyRules from './dependencies/index.js';
+import infrastructureRules from './infrastructure/index.js';
+import qualityRules from './quality/index.js';
+import deploymentRules from './deployment/index.js';
+import bugRules from './bugs/index.js';
+import astRules from './ast-rules.js';
+import { isASTAvailable } from '../ast-scanner.js';
+/**
+ * Load all rules, optionally filtered by category.
+ * When tree-sitter is available, AST-based rules are included automatically.
+ */
+// Language-specific rule IDs — skip these if the project doesn't have that language
+const LANG_RULE_PREFIXES = {
+  go: ['SEC-GO-', 'BUG-GO-'],
+  rust: ['SEC-RUST-', 'BUG-RUST-'],
+  cs: ['SEC-CS-', 'BUG-CS-'],
+  swift: ['SEC-SWIFT-', 'BUG-SWIFT-'],
+  dart: ['SEC-DART-', 'BUG-DART-'],
+  shell: ['SEC-SHELL-', 'BUG-SHELL-'],
+  rb: ['SEC-RUBY-', 'BUG-RUBY-'],
+  php: ['SEC-PHP-', 'BUG-PHP-'],
+};
+export function loadRules(options = {}) {
+  const allRules = [
+    ...securityRules,
+    ...performanceRules,
+    ...reliabilityRules,
+    ...costRules,
+    ...complianceRules,
+    ...dataRules,
+    ...dependencyRules,
+    ...infrastructureRules,
+    ...qualityRules,
+    ...deploymentRules,
+    ...bugRules,
+  ];
+  // Include AST rules when tree-sitter is available (but NOT in worker threads)
+  if (!options.noAST && (isASTAvailable() || options.ast)) {
+    allRules.push(...astRules);
+  }
+  if (options.category) {
+    const categories = options.category.split(',').map(c => c.trim().toLowerCase());
+    return allRules.filter(r => categories.includes(r.category));
+  }
+  // Skip language-specific rules not relevant to this project
+  const detectedLangs = options._detectedLangs;
+  if (detectedLangs && detectedLangs.size > 0) {
+    return allRules.filter(r => {
+      const id = r.id || '';
+      for (const [lang, prefixes] of Object.entries(LANG_RULE_PREFIXES)) {
+        if (prefixes.some(p => id.startsWith(p)) && !detectedLangs.has(lang)) {
+          return false;
+        }
+      }
+      return true;
+    });
+  }
+  return allRules;
+}