grepleaks 1.0.1

package/README.md

@@ -0,0 +1,94 @@
+# grepleaks
+
+Security scanner for your code - detect vulnerabilities, secrets, and misconfigurations.
+
+## Installation
+
+```bash
+npm install -g grepleaks
+```
+
+## Usage
+
+### 1. Login
+
+```bash
+# Login with email/password
+grepleaks login
+
+# Or login via browser
+grepleaks login --browser
+```
+
+### 2. Scan a project
+
+```bash
+# Scan current directory
+grepleaks scan .
+
+# Scan a specific directory
+grepleaks scan ./my-project
+```
+
+### 3. Result
+
+The scan generates a `grepleaks-report.md` file in the scanned directory.
+
+```
+grepleaks - Security scan
+
+→ Project: my-project
+→ Path: /path/to/my-project
+
+→ Preparing files...
+✓ Archive created (1.23 MB)
+→ Uploading to server...
+✓ Scan started (job: abc123)
+→ Analyzing...
+✓ Scan complete!
+
+Results:
+  Score: 75/100 (B)
+  Vulnerabilities: 3
+    ● High: 1
+    ● Medium: 2
+
+✓ Report saved: ./my-project/grepleaks-report.md
+```
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `grepleaks login` | Login with email/password |
+| `grepleaks login --browser` | Login via browser |
+| `grepleaks logout` | Logout |
+| `grepleaks scan <path>` | Scan a directory |
+| `grepleaks lang <en\|fr>` | Set language |
+| `grepleaks --help` | Show help |
+| `grepleaks --version` | Show version |
+
+## Language
+
+The CLI is in English by default. To switch to French:
+
+```bash
+grepleaks lang fr
+```
+
+To switch back to English:
+
+```bash
+grepleaks lang en
+```
+
+## What it detects
+
+- Hardcoded secrets (API keys, passwords, tokens)
+- Vulnerabilities in dependencies
+- Security issues in code (SQL injection, XSS, etc.)
+- Misconfigurations
+
+## More info
+
+Visit [grepleaks.com](https://grepleaks.com) for the full web interface.

package/bin/grepleaks.js

@@ -0,0 +1,822 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const https = require('https');
+const http = require('http');
+const readline = require('readline');
+const { exec } = require('child_process');
+const archiver = require('archiver');
+
+const VERSION = '1.0.1';
+const API_URL = 'https://grepleaks.com/api/v1';
+const WEB_URL = 'https://grepleaks.com';
+const CONFIG_DIR = path.join(os.homedir(), '.grepleaks');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
+
+// Translations
+const translations = {
+  en: {
+    // General
+    tagline: 'Security scanner for your code',
+    version: 'grepleaks v',
+
+    // Help
+    helpUsage: 'USAGE:',
+    helpCommands: 'COMMANDS:',
+    helpOptions: 'OPTIONS:',
+    helpExamples: 'EXAMPLES:',
+    helpMoreInfo: 'MORE INFO:',
+    helpLoginDesc: 'Login (email or GitHub)',
+    helpLogoutDesc: 'Logout',
+    helpScanDesc: 'Scan a directory',
+    helpLangDesc: 'Set language (en/fr)',
+    helpShowHelp: 'Show help',
+    helpShowVersion: 'Show version',
+
+    // Login
+    loginTitle: 'Login to grepleaks',
+    loginChooseMethod: 'Choose login method:',
+    loginOptionEmail: 'Email / Password',
+    loginOptionGitHub: 'GitHub',
+    loginChoice: 'Your choice (1 or 2): ',
+    loginBrowserTitle: 'Login via browser',
+    loginGitHubTitle: 'Login with GitHub',
+    loginOpeningBrowser: 'Opening browser...',
+    loginTokenPrompt: 'After logging in on the website, copy your token and paste it here.',
+    loginTokenInput: 'Token: ',
+    loginTokenRequired: 'Token required',
+    loginVerifying: 'Verifying token...',
+    loginInvalidToken: 'Invalid token',
+    loginEmail: 'Email: ',
+    loginPassword: 'Password: ',
+    loginEmailPasswordRequired: 'Email and password required',
+    loginInProgress: 'Logging in...',
+    loginFailed: 'Login failed',
+    loginSuccess: 'Logged in as',
+
+    // Logout
+    logoutSuccess: 'Logged out',
+
+    // Scan
+    scanTitle: 'Security scan',
+    scanMustLogin: 'You must be logged in to scan.',
+    scanPathNotFound: 'Path not found:',
+    scanMustBeDir: 'Path must be a directory:',
+    scanProject: 'Project:',
+    scanPath: 'Path:',
+    scanPreparing: 'Preparing files...',
+    scanArchiveCreated: 'Archive created',
+    scanUploading: 'Uploading to server...',
+    scanUploadFailed: 'Upload failed',
+    scanStarted: 'Scan started',
+    scanAnalyzing: 'Analyzing...',
+    scanStatusFailed: 'Failed to check status',
+    scanFailed: 'Scan failed',
+    scanComplete: 'Scan complete!',
+    scanResults: 'Results:',
+    scanScore: 'Score:',
+    scanVulnerabilities: 'Vulnerabilities:',
+    scanReportSaved: 'Report saved:',
+
+    // Report
+    reportTitle: 'Security Report',
+    reportDate: 'Date:',
+    reportScore: 'Score:',
+    reportVulns: 'Vulnerabilities:',
+    reportNoVulns: 'No vulnerabilities detected',
+    reportCongrats: 'Congratulations! Your code has no known vulnerabilities.',
+    reportVulnsDetected: 'Vulnerabilities detected',
+    reportFile: 'File:',
+    reportLine: 'Line:',
+    reportScanner: 'Scanner:',
+    reportRecommendation: 'Recommendation:',
+    reportGeneratedBy: 'Report generated by',
+
+    // Language
+    langSet: 'Language set to',
+    langInvalid: 'Invalid language. Use: en, fr',
+
+    // Errors
+    errorUnknownCmd: 'Unknown command:',
+    errorUseHelp: "Use 'grepleaks --help' for help."
+  },
+  fr: {
+    // General
+    tagline: 'Scanner de securite pour votre code',
+    version: 'grepleaks v',
+
+    // Help
+    helpUsage: 'USAGE:',
+    helpCommands: 'COMMANDES:',
+    helpOptions: 'OPTIONS:',
+    helpExamples: 'EXEMPLES:',
+    helpMoreInfo: 'PLUS D\'INFO:',
+    helpLoginDesc: 'Connexion (email ou GitHub)',
+    helpLogoutDesc: 'Deconnexion',
+    helpScanDesc: 'Scanner un dossier',
+    helpLangDesc: 'Changer la langue (en/fr)',
+    helpShowHelp: 'Afficher l\'aide',
+    helpShowVersion: 'Afficher la version',
+
+    // Login
+    loginTitle: 'Connexion a grepleaks',
+    loginChooseMethod: 'Choisissez votre methode de connexion:',
+    loginOptionEmail: 'Email / Mot de passe',
+    loginOptionGitHub: 'GitHub',
+    loginChoice: 'Votre choix (1 ou 2): ',
+    loginBrowserTitle: 'Connexion via navigateur',
+    loginGitHubTitle: 'Connexion avec GitHub',
+    loginOpeningBrowser: 'Ouverture du navigateur...',
+    loginTokenPrompt: 'Apres connexion sur le site, copiez votre token et collez-le ici.',
+    loginTokenInput: 'Token: ',
+    loginTokenRequired: 'Token requis',
+    loginVerifying: 'Verification du token...',
+    loginInvalidToken: 'Token invalide',
+    loginEmail: 'Email: ',
+    loginPassword: 'Mot de passe: ',
+    loginEmailPasswordRequired: 'Email et mot de passe requis',
+    loginInProgress: 'Connexion en cours...',
+    loginFailed: 'Echec de connexion',
+    loginSuccess: 'Connecte en tant que',
+
+    // Logout
+    logoutSuccess: 'Deconnecte',
+
+    // Scan
+    scanTitle: 'Scan de securite',
+    scanMustLogin: 'Vous devez etre connecte pour scanner.',
+    scanPathNotFound: 'Chemin introuvable:',
+    scanMustBeDir: 'Le chemin doit etre un dossier:',
+    scanProject: 'Projet:',
+    scanPath: 'Chemin:',
+    scanPreparing: 'Preparation des fichiers...',
+    scanArchiveCreated: 'Archive creee',
+    scanUploading: 'Envoi au serveur...',
+    scanUploadFailed: 'Echec de l\'upload',
+    scanStarted: 'Scan demarre',
+    scanAnalyzing: 'Analyse en cours...',
+    scanStatusFailed: 'Echec de verification du statut',
+    scanFailed: 'Le scan a echoue',
+    scanComplete: 'Scan termine!',
+    scanResults: 'Resultats:',
+    scanScore: 'Score:',
+    scanVulnerabilities: 'Vulnerabilites:',
+    scanReportSaved: 'Rapport sauvegarde:',
+
+    // Report
+    reportTitle: 'Rapport de Securite',
+    reportDate: 'Date:',
+    reportScore: 'Score:',
+    reportVulns: 'Vulnerabilites:',
+    reportNoVulns: 'Aucune vulnerabilite detectee',
+    reportCongrats: 'Felicitations! Votre code ne presente aucune vulnerabilite connue.',
+    reportVulnsDetected: 'Vulnerabilites detectees',
+    reportFile: 'Fichier:',
+    reportLine: 'Ligne:',
+    reportScanner: 'Scanner:',
+    reportRecommendation: 'Recommandation:',
+    reportGeneratedBy: 'Rapport genere par',
+
+    // Language
+    langSet: 'Langue definie:',
+    langInvalid: 'Langue invalide. Utilisez: en, fr',
+
+    // Errors
+    errorUnknownCmd: 'Commande inconnue:',
+    errorUseHelp: "Utilisez 'grepleaks --help' pour l'aide."
+  }
+};
+
+// Files/folders to skip when zipping
+const SKIP_PATTERNS = [
+  'node_modules', '.git', '.svn', '.hg', 'vendor', '__pycache__',
+  '.venv', 'venv', 'env', '.env', 'dist', 'build', '.next',
+  '.nuxt', 'coverage', '.nyc_output', '.cache', '.parcel-cache',
+  'target', 'Pods', '.gradle', '.idea', '.vscode', '*.log',
+  '*.lock', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml',
+  '*.min.js', '*.min.css', '*.map', '*.png', '*.jpg', '*.jpeg',
+  '*.gif', '*.ico', '*.svg', '*.woff', '*.woff2', '*.ttf', '*.eot',
+  '*.mp3', '*.mp4', '*.avi', '*.mov', '*.pdf', '*.zip', '*.tar',
+  '*.gz', '*.rar', '*.7z', '*.exe', '*.dll', '*.so', '*.dylib'
+];
+
+// Colors
+const c = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  cyan: '\x1b[36m',
+  gray: '\x1b[90m'
+};
+
+// Get current language
+function getLang() {
+  const config = loadConfig();
+  return config.lang || 'en';
+}
+
+// Get translation
+function t(key) {
+  const lang = getLang();
+  return translations[lang]?.[key] || translations['en'][key] || key;
+}
+
+// Helpers
+function log(msg, color = '') {
+  console.log(`${color}${msg}${c.reset}`);
+}
+
+function error(msg) {
+  console.error(`${c.red}Error: ${msg}${c.reset}`);
+  process.exit(1);
+}
+
+function success(msg) {
+  log(`${c.green}✓${c.reset} ${msg}`);
+}
+
+function info(msg) {
+  log(`${c.cyan}→${c.reset} ${msg}`);
+}
+
+// Config management
+function ensureConfigDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+}
+
+function loadConfig() {
+  if (!fs.existsSync(CONFIG_FILE)) {
+    return { lang: 'en' };
+  }
+  try {
+    return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+  } catch {
+    return { lang: 'en' };
+  }
+}
+
+function saveConfig(data) {
+  ensureConfigDir();
+  const current = loadConfig();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify({ ...current, ...data }, null, 2));
+}
+
+// Credentials management
+function saveCredentials(data) {
+  ensureConfigDir();
+  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(data, null, 2));
+}
+
+function loadCredentials() {
+  if (!fs.existsSync(CREDENTIALS_FILE)) {
+    return null;
+  }
+  try {
+    return JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function clearCredentials() {
+  if (fs.existsSync(CREDENTIALS_FILE)) {
+    fs.unlinkSync(CREDENTIALS_FILE);
+  }
+}
+
+// Readline helper
+function prompt(question) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise(resolve => {
+    rl.question(question, answer => {
+      rl.close();
+      resolve(answer);
+    });
+  });
+}
+
+function promptPassword(question) {
+  return new Promise(resolve => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout
+    });
+
+    process.stdout.write(question);
+
+    const stdin = process.stdin;
+    const wasRaw = stdin.isRaw;
+    if (stdin.setRawMode) stdin.setRawMode(true);
+
+    let password = '';
+
+    const onData = (char) => {
+      char = char.toString();
+
+      switch (char) {
+        case '\n':
+        case '\r':
+        case '\u0004':
+          if (stdin.setRawMode) stdin.setRawMode(wasRaw);
+          stdin.removeListener('data', onData);
+          rl.close();
+          console.log();
+          resolve(password);
+          break;
+        case '\u0003':
+          process.exit();
+          break;
+        case '\u007F':
+          password = password.slice(0, -1);
+          break;
+        default:
+          password += char;
+          break;
+      }
+    };
+
+    stdin.on('data', onData);
+  });
+}
+
+// HTTP request helper
+function request(method, url, data = null, headers = {}) {
+  return new Promise((resolve, reject) => {
+    const urlObj = new URL(url);
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname + urlObj.search,
+      method,
+      headers: {
+        'Content-Type': 'application/json',
+        ...headers
+      }
+    };
+
+    const proto = urlObj.protocol === 'https:' ? https : http;
+    const req = proto.request(options, res => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        try {
+          resolve({ status: res.statusCode, data: JSON.parse(body) });
+        } catch {
+          resolve({ status: res.statusCode, data: body });
+        }
+      });
+    });
+
+    req.on('error', reject);
+
+    if (data) {
+      req.write(typeof data === 'string' ? data : JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+
+// Upload file with multipart
+function uploadFile(url, filePath, token) {
+  return new Promise((resolve, reject) => {
+    const boundary = '----grepleaks' + Date.now();
+    const fileName = path.basename(filePath);
+    const fileStream = fs.createReadStream(filePath);
+
+    const urlObj = new URL(url);
+
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname,
+      method: 'POST',
+      headers: {
+        'Content-Type': `multipart/form-data; boundary=${boundary}`,
+        'Authorization': `Bearer ${token}`
+      }
+    };
+
+    const proto = urlObj.protocol === 'https:' ? https : http;
+    const req = proto.request(options, res => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        try {
+          resolve({ status: res.statusCode, data: JSON.parse(body) });
+        } catch {
+          resolve({ status: res.statusCode, data: body });
+        }
+      });
+    });
+
+    req.on('error', reject);
+
+    req.write(`--${boundary}\r\n`);
+    req.write(`Content-Disposition: form-data; name="file"; filename="${fileName}"\r\n`);
+    req.write('Content-Type: application/zip\r\n\r\n');
+
+    fileStream.on('data', chunk => req.write(chunk));
+    fileStream.on('end', () => {
+      req.write(`\r\n--${boundary}--\r\n`);
+      req.end();
+    });
+    fileStream.on('error', reject);
+  });
+}
+
+// Open URL in browser
+function openBrowser(url) {
+  const cmd = process.platform === 'darwin' ? 'open' :
+              process.platform === 'win32' ? 'start' : 'xdg-open';
+  exec(`${cmd} "${url}"`);
+}
+
+// Should skip file/folder
+function shouldSkip(name) {
+  return SKIP_PATTERNS.some(pattern => {
+    if (pattern.startsWith('*.')) {
+      return name.endsWith(pattern.slice(1));
+    }
+    return name === pattern;
+  });
+}
+
+// Zip directory
+function zipDirectory(sourceDir, outPath) {
+  return new Promise((resolve, reject) => {
+    const output = fs.createWriteStream(outPath);
+    const archive = archiver('zip', { zlib: { level: 6 } });
+
+    output.on('close', () => resolve(archive.pointer()));
+    archive.on('error', reject);
+
+    archive.pipe(output);
+
+    const addDir = (dir, prefix = '') => {
+      const items = fs.readdirSync(dir);
+      for (const item of items) {
+        if (shouldSkip(item)) continue;
+
+        const fullPath = path.join(dir, item);
+        const archivePath = prefix ? `${prefix}/${item}` : item;
+
+        const stat = fs.statSync(fullPath);
+        if (stat.isDirectory()) {
+          addDir(fullPath, archivePath);
+        } else if (stat.size < 1024 * 1024) {
+          archive.file(fullPath, { name: archivePath });
+        }
+      }
+    };
+
+    addDir(sourceDir);
+    archive.finalize();
+  });
+}
+
+// Generate markdown report
+function generateMarkdownReport(result) {
+  const vulns = result.vulnerabilities || [];
+  const score = result.security_score || 0;
+  const grade = result.grade_level || 'N/A';
+  const projectName = result.project_name || 'Unknown Project';
+
+  const dateStr = new Date().toLocaleDateString(getLang() === 'fr' ? 'fr-FR' : 'en-US');
+
+  let md = `# ${t('reportTitle')} - ${projectName}\n\n`;
+  md += `**${t('reportDate')}** ${dateStr}\n`;
+  md += `**${t('reportScore')}** ${score}/100 (${grade})\n`;
+  md += `**${t('reportVulns')}** ${vulns.length}\n\n`;
+
+  if (vulns.length === 0) {
+    md += `## ${t('reportNoVulns')}\n\n`;
+    md += `${t('reportCongrats')}\n`;
+  } else {
+    md += `## ${t('reportVulnsDetected')}\n\n`;
+
+    const bySeverity = { CRITICAL: [], HIGH: [], MEDIUM: [], LOW: [] };
+    for (const v of vulns) {
+      const sev = (v.severity || 'LOW').toUpperCase();
+      if (bySeverity[sev]) bySeverity[sev].push(v);
+    }
+
+    for (const [severity, items] of Object.entries(bySeverity)) {
+      if (items.length === 0) continue;
+
+      const emoji = severity === 'CRITICAL' ? '🔴' :
+                    severity === 'HIGH' ? '🟠' :
+                    severity === 'MEDIUM' ? '🟡' : '🟢';
+
+      md += `### ${emoji} ${severity} (${items.length})\n\n`;
+
+      for (const v of items) {
+        md += `#### ${v.title || 'Vulnerability'}\n\n`;
+        md += `- **${t('reportFile')}** \`${v.file || 'N/A'}\`\n`;
+        if (v.line) md += `- **${t('reportLine')}** ${v.line}\n`;
+        md += `- **${t('reportScanner')}** ${v.scanner || 'N/A'}\n`;
+        if (v.description) md += `\n${v.description}\n`;
+        if (v.recommendation) md += `\n**${t('reportRecommendation')}** ${v.recommendation}\n`;
+        md += `\n---\n\n`;
+      }
+    }
+  }
+
+  md += `\n---\n*${t('reportGeneratedBy')} [grepleaks](https://grepleaks.com)*\n`;
+
+  return md;
+}
+
+// Commands
+async function cmdLogin(args) {
+  log(`\n${c.cyan}${c.bold}${t('loginTitle')}${c.reset}\n`);
+
+  // Show menu
+  log(`${t('loginChooseMethod')}\n`);
+  log(`  ${c.cyan}1.${c.reset} ${t('loginOptionEmail')}`);
+  log(`  ${c.cyan}2.${c.reset} ${t('loginOptionGitHub')}\n`);
+
+  const choice = await prompt(t('loginChoice'));
+
+  if (choice === '2') {
+    // GitHub login via browser
+    await loginWithGitHub();
+  } else {
+    // Email/password login (default)
+    await loginWithEmail();
+  }
+}
+
+async function loginWithEmail() {
+  const email = await prompt(t('loginEmail'));
+  const password = await promptPassword(t('loginPassword'));
+
+  if (!email || !password) {
+    error(t('loginEmailPasswordRequired'));
+  }
+
+  info(t('loginInProgress'));
+
+  const res = await request('POST', `${API_URL}/auth/signin`, {
+    email,
+    password
+  });
+
+  if (res.status !== 200) {
+    error(res.data.error || t('loginFailed'));
+  }
+
+  saveCredentials({
+    access_token: res.data.access_token,
+    refresh_token: res.data.refresh_token,
+    email: email
+  });
+
+  success(`${t('loginSuccess')} ${email}`);
+}
+
+async function loginWithGitHub() {
+  log(`\n${c.cyan}${c.bold}${t('loginGitHubTitle')}${c.reset}\n`);
+  info(t('loginOpeningBrowser'));
+  openBrowser(`${WEB_URL}/login?cli=true&provider=github`);
+
+  log(`\n${t('loginTokenPrompt')}\n`);
+  const token = await prompt(t('loginTokenInput'));
+
+  if (!token) {
+    error(t('loginTokenRequired'));
+  }
+
+  info(t('loginVerifying'));
+  const res = await request('GET', `${API_URL}/auth/user`, null, {
+    'Authorization': `Bearer ${token}`
+  });
+
+  if (res.status !== 200) {
+    error(t('loginInvalidToken'));
+  }
+
+  saveCredentials({
+    access_token: token,
+    email: res.data.email || 'GitHub User'
+  });
+
+  success(`${t('loginSuccess')} ${res.data.email || 'GitHub User'}`);
+}
+
+async function cmdLogout() {
+  clearCredentials();
+  success(t('logoutSuccess'));
+}
+
+async function cmdLang(args) {
+  const lang = args[1];
+
+  if (!lang) {
+    log(`Current language: ${getLang()}`);
+    return;
+  }
+
+  if (!['en', 'fr'].includes(lang)) {
+    error(t('langInvalid'));
+  }
+
+  saveConfig({ lang });
+  success(`${t('langSet')} ${lang}`);
+}
+
+async function cmdScan(args) {
+  const creds = loadCredentials();
+  if (!creds || !creds.access_token) {
+    log(`\n${c.yellow}${t('scanMustLogin')}${c.reset}\n`);
+    log(`  ${c.cyan}grepleaks login${c.reset}\n`);
+    process.exit(1);
+  }
+
+  const scanPath = args[1] || '.';
+  const absolutePath = path.resolve(process.cwd(), scanPath);
+
+  if (!fs.existsSync(absolutePath)) {
+    error(`${t('scanPathNotFound')} ${absolutePath}`);
+  }
+
+  if (!fs.statSync(absolutePath).isDirectory()) {
+    error(`${t('scanMustBeDir')} ${absolutePath}`);
+  }
+
+  const projectName = path.basename(absolutePath);
+
+  log(`\n${c.cyan}${c.bold}grepleaks${c.reset} - ${t('scanTitle')}\n`);
+  info(`${t('scanProject')} ${projectName}`);
+  info(`${t('scanPath')} ${absolutePath}\n`);
+
+  const tempZip = path.join(os.tmpdir(), `grepleaks-${Date.now()}.zip`);
+
+  try {
+    info(t('scanPreparing'));
+    const zipSize = await zipDirectory(absolutePath, tempZip);
+    success(`${t('scanArchiveCreated')} (${(zipSize / 1024 / 1024).toFixed(2)} MB)`);
+
+    info(t('scanUploading'));
+    const uploadRes = await uploadFile(
+      `${API_URL}/scan/async`,
+      tempZip,
+      creds.access_token
+    );
+
+    if (uploadRes.status !== 202) {
+      error(uploadRes.data.error || t('scanUploadFailed'));
+    }
+
+    const jobId = uploadRes.data.job_id;
+    success(`${t('scanStarted')} (job: ${jobId})`);
+
+    info(t('scanAnalyzing'));
+    let result = null;
+    let lastProgress = '';
+
+    while (true) {
+      await new Promise(r => setTimeout(r, 2000));
+
+      const statusRes = await request('GET', `${API_URL}/scan/${jobId}/status`, null, {
+        'Authorization': `Bearer ${creds.access_token}`
+      });
+
+      if (statusRes.status !== 200) {
+        error(t('scanStatusFailed'));
+      }
+
+      const status = statusRes.data.status;
+      const progress = statusRes.data.progress || '';
+
+      if (progress !== lastProgress) {
+        process.stdout.write(`\r${c.gray}  ${progress}${c.reset}                    `);
+        lastProgress = progress;
+      }
+
+      if (status === 'completed') {
+        result = statusRes.data;
+        break;
+      } else if (status === 'failed') {
+        console.log();
+        error(statusRes.data.error || t('scanFailed'));
+      }
+    }
+
+    console.log();
+    success(`${t('scanComplete')}\n`);
+
+    // Result data is nested inside result.result from the API response
+    const scanResult = result.result || {};
+    const score = scanResult.security_score || 0;
+    const grade = scanResult.grade_level || 'N/A';
+    const vulns = scanResult.vulnerabilities || [];
+
+    const scoreColor = score >= 80 ? c.green : score >= 50 ? c.yellow : c.red;
+
+    log(`${c.bold}${t('scanResults')}${c.reset}`);
+    log(`  ${t('scanScore')} ${scoreColor}${score}/100 (${grade})${c.reset}`);
+    log(`  ${t('scanVulnerabilities')} ${vulns.length}`);
+
+    if (vulns.length > 0) {
+      const critical = vulns.filter(v => v.severity?.toUpperCase() === 'CRITICAL').length;
+      const high = vulns.filter(v => v.severity?.toUpperCase() === 'HIGH').length;
+      const medium = vulns.filter(v => v.severity?.toUpperCase() === 'MEDIUM').length;
+      const low = vulns.filter(v => v.severity?.toUpperCase() === 'LOW').length;
+
+      if (critical) log(`    ${c.red}● Critical: ${critical}${c.reset}`);
+      if (high) log(`    ${c.yellow}● High: ${high}${c.reset}`);
+      if (medium) log(`    ${c.blue}● Medium: ${medium}${c.reset}`);
+      if (low) log(`    ${c.gray}● Low: ${low}${c.reset}`);
+    }
+
+    const report = generateMarkdownReport({ ...scanResult, project_name: projectName });
+    const reportPath = path.join(absolutePath, 'grepleaks-report.md');
+    fs.writeFileSync(reportPath, report);
+
+    log(`\n${c.green}✓${c.reset} ${t('scanReportSaved')} ${c.cyan}${reportPath}${c.reset}\n`);
+
+  } finally {
+    if (fs.existsSync(tempZip)) {
+      fs.unlinkSync(tempZip);
+    }
+  }
+}
+
+function showHelp() {
+  log(`
+${c.bold}${c.cyan}grepleaks${c.reset} - ${t('tagline')}
+
+${c.bold}${t('helpUsage')}${c.reset}
+  grepleaks <command> [options]
+
+${c.bold}${t('helpCommands')}${c.reset}
+  login             ${t('helpLoginDesc')}
+  logout            ${t('helpLogoutDesc')}
+  scan <path>       ${t('helpScanDesc')}
+  lang <en|fr>      ${t('helpLangDesc')}
+
+${c.bold}${t('helpOptions')}${c.reset}
+  -h, --help        ${t('helpShowHelp')}
+  -v, --version     ${t('helpShowVersion')}
+
+${c.bold}${t('helpExamples')}${c.reset}
+  grepleaks login
+  grepleaks scan .
+  grepleaks scan ./my-project
+  grepleaks lang fr
+
+${c.bold}${t('helpMoreInfo')}${c.reset}
+  ${c.cyan}https://grepleaks.com${c.reset}
+`);
+}
+
+// Main
+async function main() {
+  const args = process.argv.slice(2);
+
+  if (args.length === 0 || args.includes('--help') || args.includes('-h')) {
+    showHelp();
+    process.exit(0);
+  }
+
+  if (args.includes('--version') || args.includes('-v')) {
+    log(`${t('version')}${VERSION}`);
+    process.exit(0);
+  }
+
+  const command = args[0];
+
+  try {
+    switch (command) {
+      case 'login':
+        await cmdLogin(args);
+        break;
+      case 'logout':
+        await cmdLogout();
+        break;
+      case 'lang':
+        await cmdLang(args);
+        break;
+      case 'scan':
+        await cmdScan(args);
+        break;
+      default:
+        error(`${t('errorUnknownCmd')} ${command}\n${t('errorUseHelp')}`);
+    }
+  } catch (err) {
+    error(err.message);
+  }
+}
+
+main();

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "grepleaks",
+  "version": "1.0.1",
+  "description": "Security scanner for your code - detect vulnerabilities, secrets, and misconfigurations",
+  "main": "bin/grepleaks.js",
+  "bin": {
+    "grepleaks": "./bin/grepleaks.js"
+  },
+  "scripts": {
+    "test": "node bin/grepleaks.js --help"
+  },
+  "keywords": [
+    "security",
+    "scanner",
+    "vulnerability",
+    "secrets",
+    "sast",
+    "devsecops",
+    "trivy",
+    "semgrep",
+    "code-analysis"
+  ],
+  "author": "Lucas Bolens",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/lbolens/grepleaks.git"
+  },
+  "homepage": "https://grepleaks.com",
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "files": [
+    "bin/"
+  ],
+  "dependencies": {
+    "archiver": "^6.0.1"
+  }
+}