npm - getdoorman - Versions diffs - 1.2.0 → 2.0.0 - Mend

getdoorman 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/doorman.js CHANGED Viewed

@@ -1,63 +1,135 @@
 #!/usr/bin/env node
-import { readFileSync } from 'fs';
+import { readFileSync, readdirSync, statSync, existsSync } from 'fs';
+import { join, resolve, relative } from 'path';
 import { fileURLToPath } from 'url';
-import { dirname, join, resolve } from 'path';
-import { Command } from 'commander';
+import { dirname } from 'path';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
-const program = new Command();
-program
-  .name('getdoorman')
-  .description('10 checks. Zero false positives. Ship with confidence.')
-  .version(pkg.version);
-program
-  .command('check', { isDefault: true })
-  .description('Check your code before shipping')
-  .argument('[path]', 'Path to check', '.')
-  .option('--json', 'Output results as JSON')
-  .option('--ci', 'Exit with code 1 if issues found')
-  .action(async (path, options) => {
-    try {
-      const { collectFiles } = await import('../src/scanner.js');
-      const { runSimpleChecks, printSimpleReport } = await import('../src/simple-reporter.js');
-      const files = await collectFiles(resolve(path), { silent: true });
-      const results = runSimpleChecks(files);
-      if (options.json) {
-        const output = results.map(r => ({
-          check: r.name,
-          passed: r.passed,
-          issues: r.findings.map(f => ({ message: f.message, file: f.file, line: f.line })),
-        }));
-        console.log(JSON.stringify(output, null, 2));
-      } else {
-        printSimpleReport(results);
+// Simple file collector — no dependencies
+function collectFiles(dir, ignorePatterns = []) {
+  const files = new Map();
+  const defaultIgnore = [
+    'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', '.svelte-kit',
+    'coverage', '.cache', '.turbo', '.vercel', '.expo', '__pycache__', 'vendor',
+    '.doorman', '.vscode', '.idea',
+  ];
+  const defaultFileIgnore = [
+    '.min.js', '.min.css', '.map', '.ico', '.png', '.jpg', '.jpeg', '.gif',
+    '.svg', '.woff', '.woff2', '.ttf', '.eot', '.mp4', '.webm', '.mp3', '.pdf',
+    'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb',
+  ];
+  function walk(currentDir) {
+    let entries;
+    try { entries = readdirSync(currentDir, { withFileTypes: true }); } catch { return; }
+    for (const entry of entries) {
+      const fullPath = join(currentDir, entry.name);
+      if (entry.isDirectory()) {
+        if (defaultIgnore.includes(entry.name)) continue;
+        if (entry.name.startsWith('.') && entry.name !== '.env') continue;
+        walk(fullPath);
+      } else if (entry.isFile()) {
+        if (defaultFileIgnore.some(ext => entry.name.endsWith(ext))) continue;
+        try {
+          const stat = statSync(fullPath);
+          if (stat.size > 1024 * 1024) continue; // skip >1MB
+          const content = readFileSync(fullPath, 'utf-8');
+          const rel = relative(dir, fullPath);
+          files.set(rel, content);
+        } catch {}
       }
+    }
+  }
+  walk(dir);
+  return files;
+}
+// Run
+const path = process.argv[2] || '.';
+const isJson = process.argv.includes('--json');
+const isCi = process.argv.includes('--ci');
+if (process.argv.includes('--version') || process.argv.includes('-V')) {
+  console.log(pkg.version);
+  process.exit(0);
+}
+if (process.argv.includes('--help') || process.argv.includes('-h')) {
+  console.log(`
+  doorman v${pkg.version}
+  10 checks. Zero false positives. Ship with confidence.
+  Usage: npx getdoorman [path]
-      // On first scan: add doorman to AI tool configs
-      try {
-        const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
-        const resolvedPath = resolve(path);
-        if (isFirstScan(resolvedPath)) {
-          installClaudeMd(resolvedPath);
-          installAgentsMd(resolvedPath);
-          installCursorRules(resolvedPath);
-          installClaudeHook(resolvedPath);
-        }
-      } catch {}
-      const failCount = results.filter(r => !r.passed).length;
-      process.exit(options.ci && failCount > 0 ? 1 : 0);
-    } catch (err) {
-      console.error('Error:', err.message);
-      process.exit(2);
+  Options:
+    --json    Output as JSON
+    --ci      Exit with code 1 if issues found
+    --version Show version
+`);
+  process.exit(0);
+}
+const files = collectFiles(resolve(path));
+const { default: CHECKS } = await import('../src/simple-checks.js');
+const results = CHECKS.map(check => {
+  const findings = check.check(files);
+  return { ...check, findings, passed: findings.length === 0 };
+});
+if (isJson) {
+  const output = results.map(r => ({
+    check: r.name, passed: r.passed,
+    issues: r.findings.map(f => ({ message: f.message, file: f.file, line: f.line })),
+  }));
+  console.log(JSON.stringify(output, null, 2));
+} else {
+  const chalk = (await import('chalk')).default;
+  console.log('');
+  console.log(chalk.bold('  Doorman'));
+  console.log('');
+  let failCount = 0;
+  for (const r of results) {
+    if (r.passed) {
+      console.log(`  ✅ ${r.name}`);
+    } else {
+      failCount++;
+      console.log(`  ❌ ${r.name}`);
+      for (const f of r.findings.slice(0, 3)) {
+        const loc = f.file ? ` — ${f.file}${f.line ? ':' + f.line : ''}` : '';
+        console.log(chalk.gray(`     ${f.message}${loc}`));
+      }
+      if (r.findings.length > 3) {
+        console.log(chalk.gray(`     ...and ${r.findings.length - 3} more`));
+      }
     }
-  });
+  }
+  console.log('');
+  if (failCount === 0) {
+    console.log(chalk.green.bold('  All clear. Ship it. 🚀'));
+  } else {
+    console.log(`  ${failCount} issue${failCount === 1 ? '' : 's'} to fix before shipping.`);
+    console.log(chalk.gray('  Tell your AI: "fix the issues Doorman found"'));
+  }
+  console.log('');
+  if (isCi && failCount > 0) process.exit(1);
+}
-program.parse();
+// Viral: add doorman to AI configs on first run (silent, never fails)
+try {
+  const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
+  const resolvedPath = resolve(path);
+  if (isFirstScan(resolvedPath)) {
+    installClaudeMd(resolvedPath);
+    installAgentsMd(resolvedPath);
+    installCursorRules(resolvedPath);
+    installClaudeHook(resolvedPath);
+  }
+} catch {}

package/bin/getdoorman.js CHANGED Viewed

@@ -1,63 +1,135 @@
 #!/usr/bin/env node
-import { readFileSync } from 'fs';
+import { readFileSync, readdirSync, statSync, existsSync } from 'fs';
+import { join, resolve, relative } from 'path';
 import { fileURLToPath } from 'url';
-import { dirname, join, resolve } from 'path';
-import { Command } from 'commander';
+import { dirname } from 'path';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
-const program = new Command();
-program
-  .name('getdoorman')
-  .description('10 checks. Zero false positives. Ship with confidence.')
-  .version(pkg.version);
-program
-  .command('check', { isDefault: true })
-  .description('Check your code before shipping')
-  .argument('[path]', 'Path to check', '.')
-  .option('--json', 'Output results as JSON')
-  .option('--ci', 'Exit with code 1 if issues found')
-  .action(async (path, options) => {
-    try {
-      const { collectFiles } = await import('../src/scanner.js');
-      const { runSimpleChecks, printSimpleReport } = await import('../src/simple-reporter.js');
-      const files = await collectFiles(resolve(path), { silent: true });
-      const results = runSimpleChecks(files);
-      if (options.json) {
-        const output = results.map(r => ({
-          check: r.name,
-          passed: r.passed,
-          issues: r.findings.map(f => ({ message: f.message, file: f.file, line: f.line })),
-        }));
-        console.log(JSON.stringify(output, null, 2));
-      } else {
-        printSimpleReport(results);
+// Simple file collector — no dependencies
+function collectFiles(dir, ignorePatterns = []) {
+  const files = new Map();
+  const defaultIgnore = [
+    'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', '.svelte-kit',
+    'coverage', '.cache', '.turbo', '.vercel', '.expo', '__pycache__', 'vendor',
+    '.doorman', '.vscode', '.idea',
+  ];
+  const defaultFileIgnore = [
+    '.min.js', '.min.css', '.map', '.ico', '.png', '.jpg', '.jpeg', '.gif',
+    '.svg', '.woff', '.woff2', '.ttf', '.eot', '.mp4', '.webm', '.mp3', '.pdf',
+    'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb',
+  ];
+  function walk(currentDir) {
+    let entries;
+    try { entries = readdirSync(currentDir, { withFileTypes: true }); } catch { return; }
+    for (const entry of entries) {
+      const fullPath = join(currentDir, entry.name);
+      if (entry.isDirectory()) {
+        if (defaultIgnore.includes(entry.name)) continue;
+        if (entry.name.startsWith('.') && entry.name !== '.env') continue;
+        walk(fullPath);
+      } else if (entry.isFile()) {
+        if (defaultFileIgnore.some(ext => entry.name.endsWith(ext))) continue;
+        try {
+          const stat = statSync(fullPath);
+          if (stat.size > 1024 * 1024) continue; // skip >1MB
+          const content = readFileSync(fullPath, 'utf-8');
+          const rel = relative(dir, fullPath);
+          files.set(rel, content);
+        } catch {}
       }
+    }
+  }
+  walk(dir);
+  return files;
+}
+// Run
+const path = process.argv[2] || '.';
+const isJson = process.argv.includes('--json');
+const isCi = process.argv.includes('--ci');
+if (process.argv.includes('--version') || process.argv.includes('-V')) {
+  console.log(pkg.version);
+  process.exit(0);
+}
+if (process.argv.includes('--help') || process.argv.includes('-h')) {
+  console.log(`
+  doorman v${pkg.version}
+  10 checks. Zero false positives. Ship with confidence.
+  Usage: npx getdoorman [path]
-      // On first scan: add doorman to AI tool configs
-      try {
-        const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
-        const resolvedPath = resolve(path);
-        if (isFirstScan(resolvedPath)) {
-          installClaudeMd(resolvedPath);
-          installAgentsMd(resolvedPath);
-          installCursorRules(resolvedPath);
-          installClaudeHook(resolvedPath);
-        }
-      } catch {}
-      const failCount = results.filter(r => !r.passed).length;
-      process.exit(options.ci && failCount > 0 ? 1 : 0);
-    } catch (err) {
-      console.error('Error:', err.message);
-      process.exit(2);
+  Options:
+    --json    Output as JSON
+    --ci      Exit with code 1 if issues found
+    --version Show version
+`);
+  process.exit(0);
+}
+const files = collectFiles(resolve(path));
+const { default: CHECKS } = await import('../src/simple-checks.js');
+const results = CHECKS.map(check => {
+  const findings = check.check(files);
+  return { ...check, findings, passed: findings.length === 0 };
+});
+if (isJson) {
+  const output = results.map(r => ({
+    check: r.name, passed: r.passed,
+    issues: r.findings.map(f => ({ message: f.message, file: f.file, line: f.line })),
+  }));
+  console.log(JSON.stringify(output, null, 2));
+} else {
+  const chalk = (await import('chalk')).default;
+  console.log('');
+  console.log(chalk.bold('  Doorman'));
+  console.log('');
+  let failCount = 0;
+  for (const r of results) {
+    if (r.passed) {
+      console.log(`  ✅ ${r.name}`);
+    } else {
+      failCount++;
+      console.log(`  ❌ ${r.name}`);
+      for (const f of r.findings.slice(0, 3)) {
+        const loc = f.file ? ` — ${f.file}${f.line ? ':' + f.line : ''}` : '';
+        console.log(chalk.gray(`     ${f.message}${loc}`));
+      }
+      if (r.findings.length > 3) {
+        console.log(chalk.gray(`     ...and ${r.findings.length - 3} more`));
+      }
     }
-  });
+  }
+  console.log('');
+  if (failCount === 0) {
+    console.log(chalk.green.bold('  All clear. Ship it. 🚀'));
+  } else {
+    console.log(`  ${failCount} issue${failCount === 1 ? '' : 's'} to fix before shipping.`);
+    console.log(chalk.gray('  Tell your AI: "fix the issues Doorman found"'));
+  }
+  console.log('');
+  if (isCi && failCount > 0) process.exit(1);
+}
-program.parse();
+// Viral: add doorman to AI configs on first run (silent, never fails)
+try {
+  const { isFirstScan, installClaudeMd, installAgentsMd, installCursorRules, installClaudeHook } = await import('../src/hooks.js');
+  const resolvedPath = resolve(path);
+  if (isFirstScan(resolvedPath)) {
+    installClaudeMd(resolvedPath);
+    installAgentsMd(resolvedPath);
+    installCursorRules(resolvedPath);
+    installClaudeHook(resolvedPath);
+  }
+} catch {}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "getdoorman",
-  "version": "1.2.0",
+  "version": "2.0.0",
   "description": "Zero-config security scanner for AI-assisted development. 2000+ rules, 11 languages, 4 detection engines.",
   "main": "src/index.js",
   "exports": {

package/src/simple-checks.js CHANGED Viewed

@@ -17,17 +17,24 @@ const CHECKS = [
         { name: 'AWS Secret Key', regex: /(?:aws_secret|secret_access_key)\s*[:=]\s*['"][A-Za-z0-9/+=]{40}['"]/ },
         { name: 'Google API Key', regex: /AIza[0-9A-Za-z_-]{35}/ },
         { name: 'Google OAuth Secret', regex: /GOCSPX-[a-zA-Z0-9_-]{28}/ },
+        { name: 'Vercel Token', regex: /vercel_[a-zA-Z0-9]{24,}/ },
+        { name: 'Netlify Token', regex: /nfp_[a-zA-Z0-9]{40,}/ },
         // AI providers
         { name: 'OpenAI API Key', regex: /sk-(?:proj-)?[a-zA-Z0-9]{32,}/ },
         { name: 'Anthropic API Key', regex: /sk-ant-[a-zA-Z0-9-]{20,}/ },
         { name: 'Groq API Key', regex: /gsk_[a-zA-Z0-9]{48,}/ },
-        { name: 'Cohere API Key', regex: /[a-zA-Z0-9]{40}/ && false }, // too broad, skip
         { name: 'Replicate API Token', regex: /r8_[a-zA-Z0-9]{38}/ },
         { name: 'Hugging Face Token', regex: /hf_[a-zA-Z0-9]{34}/ },
+        { name: 'Together AI Key', regex: /tog_[a-zA-Z0-9]{40,}/ },
+        { name: 'Pinecone API Key', regex: /pcsk_[a-zA-Z0-9]{50,}/ },
         // Payment
         { name: 'Stripe Secret Key', regex: /sk_live_[0-9a-zA-Z]{24,}/ },
         { name: 'Stripe Publishable (live)', regex: /pk_live_[0-9a-zA-Z]{24,}/ },
-        // Auth & dev tools
+        // Auth
+        { name: 'Clerk Secret Key', regex: /sk_live_[a-zA-Z0-9]{27,}/ },
+        { name: 'Clerk Publishable Key', regex: /pk_live_[a-zA-Z0-9]{27,}/ },
+        { name: 'Auth0 Client Secret', regex: /(?:auth0|AUTH0).*secret.*['"][a-zA-Z0-9_-]{32,}['"]/ },
+        // Dev tools
         { name: 'GitHub Token', regex: /ghp_[0-9a-zA-Z]{36}/ },
         { name: 'GitHub OAuth Secret', regex: /gho_[0-9a-zA-Z]{36}/ },
         { name: 'GitLab Token', regex: /glpat-[0-9a-zA-Z_-]{20,}/ },
@@ -36,15 +43,22 @@ const CHECKS = [
         { name: 'Discord Bot Token', regex: /[MN][A-Za-z0-9]{23,}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}/ },
         { name: 'Twilio Auth Token', regex: /(?:twilio|TWILIO).*[0-9a-f]{32}/ },
         { name: 'SendGrid API Key', regex: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/ },
+        { name: 'Resend API Key', regex: /re_[a-zA-Z0-9]{30,}/ },
         { name: 'Mailgun API Key', regex: /key-[0-9a-zA-Z]{32}/ },
+        { name: 'Postmark Token', regex: /(?:postmark|POSTMARK).*['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]/ },
         // Database
         { name: 'Supabase Service Key', regex: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[a-zA-Z0-9_-]{50,}/ },
         { name: 'Firebase Private Key', regex: /-----BEGIN RSA PRIVATE KEY-----/ },
         { name: 'MongoDB Connection String', regex: /mongodb\+srv:\/\/[^:]+:[^@]+@/ },
         { name: 'Postgres Connection String', regex: /postgres(?:ql)?:\/\/[^:]+:[^@]+@/ },
-        // SSH
+        { name: 'PlanetScale Connection', regex: /mysql:\/\/[^:]+:[^@]+@aws\.connect\.psdb\.cloud/ },
+        { name: 'Neon Postgres', regex: /postgres(?:ql)?:\/\/[^:]+:[^@]+@[^/]*neon\.tech/ },
+        { name: 'Turso Database Token', regex: /eyJhbGciOiJFZERTQS[a-zA-Z0-9_-]{50,}/ },
+        { name: 'Upstash Redis Token', regex: /AX[a-zA-Z0-9]{34,}/ },
+        { name: 'Redis Connection String', regex: /redis:\/\/[^:]+:[^@]+@/ },
+        // SSH & certificates
         { name: 'SSH Private Key', regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/ },
-      ].filter(p => p.regex); // filter out disabled patterns
+      ];
       const findings = [];
       for (const [fp, content] of files) {
         if (fp.endsWith('.example') || fp.endsWith('.sample') || fp.endsWith('.template')) continue;