npm - grepleaks - Versions diffs - 1.3.0 → 1.3.2 - Mend

grepleaks 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/grepleaks.js CHANGED Viewed

@@ -1,797 +1,459 @@
-#!/usr/bin/env -S node --no-deprecation
+#!/usr/bin/env node
 const fs = require('fs');
 const path = require('path');
-const os = require('os');
+const { execSync } = require('child_process');
 const https = require('https');
 const http = require('http');
-const readline = require('readline');
-const { exec } = require('child_process');
 const archiver = require('archiver');
+const readline = require('readline');
-const VERSION = '1.2.4';
-const API_URL = 'https://grepleaks.com/api/v1';
-const WEB_URL = 'https://grepleaks.com';
-const CONFIG_DIR = path.join(os.homedir(), '.grepleaks');
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
-const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
-// Text strings (English only)
-const TEXT = {
-  // General
-  tagline: 'Security scanner for your code',
-  version: 'grepleaks v',
-  // Help
-  helpUsage: 'USAGE:',
-  helpCommands: 'COMMANDS:',
-  helpOptions: 'OPTIONS:',
-  helpExamples: 'EXAMPLES:',
-  helpMoreInfo: 'MORE INFO:',
-  helpLoginDesc: 'Login (email or GitHub)',
-  helpLogoutDesc: 'Logout',
-  helpScanDesc: 'Scan a directory',
-  helpShowHelp: 'Show help',
-  helpShowVersion: 'Show version',
-  // Login
-  loginTitle: 'Login to grepleaks',
-  loginChooseMethod: 'Choose login method:',
-  loginOptionEmail: 'Email / Password',
-  loginOptionGitHub: 'GitHub',
-  loginChoice: 'Your choice (1 or 2): ',
-  loginGitHubTitle: 'Login with GitHub',
-  loginOpeningBrowser: 'Opening browser...',
-  loginTokenPrompt: 'After logging in on the website, copy your token and paste it here.',
-  loginTokenInput: 'Token: ',
-  loginTokenRequired: 'Token required',
-  loginVerifying: 'Verifying token...',
-  loginInvalidToken: 'Invalid token',
-  loginEmail: 'Email: ',
-  loginPassword: 'Password: ',
-  loginEmailPasswordRequired: 'Email and password required',
-  loginInProgress: 'Logging in...',
-  loginFailed: 'Login failed',
-  loginSuccess: 'Logged in as',
-  // Logout
-  logoutSuccess: 'Logged out',
-  // Scan
-  scanTitle: 'Security scan',
-  scanMustLogin: 'You must be logged in to scan.',
-  scanPathNotFound: 'Path not found:',
-  scanMustBeDir: 'Path must be a directory:',
-  scanProject: 'Project:',
-  scanPath: 'Path:',
-  scanPreparing: 'Preparing files...',
-  scanArchiveCreated: 'Archive created',
-  scanUploading: 'Uploading to server...',
-  scanUploadFailed: 'Upload failed',
-  scanStarted: 'Scan started',
-  scanAnalyzing: 'Analyzing...',
-  scanStatusFailed: 'Failed to check status',
-  scanFailed: 'Scan failed',
-  scanComplete: 'Scan complete!',
-  scanResults: 'Results:',
-  scanScore: 'Score:',
-  scanVulnerabilities: 'Vulnerabilities:',
-  scanReportSaved: 'Report saved:',
-  // Report
-  reportTitle: 'Security Report',
-  reportNoVulns: 'No vulnerabilities detected',
-  reportCongrats: 'Congratulations! Your code has no known vulnerabilities.',
-  reportVulnsDetected: 'Vulnerabilities detected',
-  reportRecommendation: 'Recommendation',
-  reportGeneratedBy: 'Report generated by',
-  // Errors
-  errorUnknownCmd: 'Unknown command:',
-  errorUseHelp: "Use 'grepleaks --help' for help."
-};
+const API_URL = 'http://72.62.60.91';
+const CONFIG_FILE = '.grepleaksrc';
-// Files/folders to skip when zipping
-const SKIP_PATTERNS = [
-  'node_modules', '.git', '.svn', '.hg', 'vendor', '__pycache__',
-  '.venv', 'venv', 'env', '.env', 'dist', 'build', '.next',
-  '.nuxt', 'coverage', '.nyc_output', '.cache', '.parcel-cache',
-  'target', 'Pods', '.gradle', '.idea', '.vscode', '*.log',
-  '*.lock', 'package-lock.json', 'yarn.lock', 'pnpm-lock.yaml',
-  '*.min.js', '*.min.css', '*.map', '*.png', '*.jpg', '*.jpeg',
-  '*.gif', '*.ico', '*.svg', '*.woff', '*.woff2', '*.ttf', '*.eot',
-  '*.mp3', '*.mp4', '*.avi', '*.mov', '*.pdf', '*.zip', '*.tar',
-  '*.gz', '*.rar', '*.7z', '*.exe', '*.dll', '*.so', '*.dylib'
-];
-// Colors
-const c = {
+// Colors for terminal output
+const colors = {
   reset: '\x1b[0m',
-  bold: '\x1b[1m',
   red: '\x1b[31m',
   green: '\x1b[32m',
   yellow: '\x1b[33m',
   blue: '\x1b[34m',
   cyan: '\x1b[36m',
-  gray: '\x1b[90m'
+  bold: '\x1b[1m',
 };
-// Get text string
-function t(key) {
-  return TEXT[key] || key;
+function log(message, color = '') {
+  console.log(`${color}${message}${colors.reset}`);
 }
-// Helpers
-function log(msg, color = '') {
-  console.log(`${color}${msg}${c.reset}`);
+function logError(message) {
+  log(`Error: ${message}`, colors.red);
 }
-function error(msg) {
-  console.error(`${c.red}Error: ${msg}${c.reset}`);
-  process.exit(1);
+function logSuccess(message) {
+  log(`${message}`, colors.green);
 }
-function success(msg) {
-  log(`${c.green}✓${c.reset} ${msg}`);
+function logInfo(message) {
+  log(`${message}`, colors.cyan);
 }
-function info(msg) {
-  log(`${c.cyan}→${c.reset} ${msg}`);
+// Get config
+function getConfig() {
+  const configPath = path.join(process.cwd(), CONFIG_FILE);
+  if (fs.existsSync(configPath)) {
+    try {
+      return JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    } catch (e) {
+      return {};
+    }
+  }
+  return {};
 }
-// Config management
-function ensureConfigDir() {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true });
-  }
+// Save config
+function saveConfig(config) {
+  const configPath = path.join(process.cwd(), CONFIG_FILE);
+  fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
 }
-function loadConfig() {
-  if (!fs.existsSync(CONFIG_FILE)) {
-    return { lang: 'en' };
-  }
+// Check if inside a git repo
+function isGitRepo() {
   try {
-    return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
-  } catch {
-    return { lang: 'en' };
+    execSync('git rev-parse --git-dir', { stdio: 'ignore' });
+    return true;
+  } catch (e) {
+    return false;
   }
 }
-function saveConfig(data) {
-  ensureConfigDir();
-  const current = loadConfig();
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify({ ...current, ...data }, null, 2));
-}
-// Credentials management
-function saveCredentials(data) {
-  ensureConfigDir();
-  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(data, null, 2));
-}
-function loadCredentials() {
-  if (!fs.existsSync(CREDENTIALS_FILE)) {
-    return null;
-  }
+// Get git hooks directory
+function getGitHooksDir() {
   try {
-    return JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf8'));
-  } catch {
+    const gitDir = execSync('git rev-parse --git-dir', { encoding: 'utf8' }).trim();
+    return path.join(gitDir, 'hooks');
+  } catch (e) {
     return null;
   }
 }
-function clearCredentials() {
-  if (fs.existsSync(CREDENTIALS_FILE)) {
-    fs.unlinkSync(CREDENTIALS_FILE);
+// Create git hook
+function createHook(hookName, apiKey) {
+  const hooksDir = getGitHooksDir();
+  if (!hooksDir) {
+    logError('Not a git repository');
+    return false;
   }
-}
-// Readline helper
-function prompt(question) {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise(resolve => {
-    rl.question(question, answer => {
-      rl.close();
-      resolve(answer);
-    });
-  });
-}
+  if (!fs.existsSync(hooksDir)) {
+    fs.mkdirSync(hooksDir, { recursive: true });
+  }
-function promptPassword(question) {
-  return new Promise(resolve => {
-    const rl = readline.createInterface({
-      input: process.stdin,
-      output: process.stdout
-    });
+  const hookPath = path.join(hooksDir, hookName);
+  const hookContent = `#!/bin/sh
+# Grepleaks security scan hook
+npx grepleaks scan --api-key "${apiKey}"
+`;
-    process.stdout.write(question);
-    const stdin = process.stdin;
-    const wasRaw = stdin.isRaw;
-    if (stdin.setRawMode) stdin.setRawMode(true);
-    let password = '';
-    const onData = (char) => {
-      char = char.toString();
-      switch (char) {
-        case '\n':
-        case '\r':
-        case '\u0004':
-          if (stdin.setRawMode) stdin.setRawMode(wasRaw);
-          stdin.removeListener('data', onData);
-          rl.close();
-          console.log();
-          resolve(password);
-          break;
-        case '\u0003':
-          process.exit();
-          break;
-        case '\u007F':
-          password = password.slice(0, -1);
-          break;
-        default:
-          password += char;
-          break;
-      }
-    };
+  fs.writeFileSync(hookPath, hookContent);
+  fs.chmodSync(hookPath, '755');
+  return true;
+}
-    stdin.on('data', onData);
-  });
+// Remove git hook
+function removeHook(hookName) {
+  const hooksDir = getGitHooksDir();
+  if (!hooksDir) return;
+  const hookPath = path.join(hooksDir, hookName);
+  if (fs.existsSync(hookPath)) {
+    const content = fs.readFileSync(hookPath, 'utf8');
+    if (content.includes('Grepleaks')) {
+      fs.unlinkSync(hookPath);
+    }
+  }
 }
-// HTTP request helper
-function request(method, url, data = null, headers = {}) {
+// Create zip of current directory
+async function createZip() {
   return new Promise((resolve, reject) => {
-    const urlObj = new URL(url);
-    const options = {
-      hostname: urlObj.hostname,
-      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
-      path: urlObj.pathname + urlObj.search,
-      method,
-      headers: {
-        'Content-Type': 'application/json',
-        ...headers
-      }
-    };
+    const zipPath = path.join(process.cwd(), '.grepleaks-scan.zip');
+    const output = fs.createWriteStream(zipPath);
+    const archive = archiver('zip', { zlib: { level: 9 } });
-    const proto = urlObj.protocol === 'https:' ? https : http;
-    const req = proto.request(options, res => {
-      let body = '';
-      res.on('data', chunk => body += chunk);
-      res.on('end', () => {
-        try {
-          resolve({ status: res.statusCode, data: JSON.parse(body) });
-        } catch {
-          resolve({ status: res.statusCode, data: body });
-        }
-      });
-    });
+    output.on('close', () => resolve(zipPath));
+    archive.on('error', (err) => reject(err));
-    req.on('error', reject);
+    archive.pipe(output);
-    if (data) {
-      req.write(typeof data === 'string' ? data : JSON.stringify(data));
-    }
-    req.end();
+    // Add all files except .git and node_modules
+    archive.glob('**/*', {
+      ignore: ['.git/**', 'node_modules/**', '.grepleaks-scan.zip'],
+      dot: true,
+    });
+    archive.finalize();
   });
 }
-// Upload file with multipart
-function uploadFile(url, filePath, token, projectName) {
+// Send scan request to API
+async function sendScan(zipPath, apiKey) {
   return new Promise((resolve, reject) => {
-    const boundary = '----grepleaks' + Date.now();
-    const fileName = path.basename(filePath);
-    const fileStream = fs.createReadStream(filePath);
+    const boundary = '----FormBoundary' + Math.random().toString(36).slice(2);
+    const fileContent = fs.readFileSync(zipPath);
-    const urlObj = new URL(url);
+    const bodyParts = [
+      `--${boundary}\r\n`,
+      `Content-Disposition: form-data; name="file"; filename="code.zip"\r\n`,
+      `Content-Type: application/zip\r\n\r\n`,
+    ];
+    const bodyEnd = `\r\n--${boundary}--\r\n`;
+    const bodyStart = Buffer.from(bodyParts.join(''));
+    const bodyEndBuf = Buffer.from(bodyEnd);
+    const body = Buffer.concat([bodyStart, fileContent, bodyEndBuf]);
+    const url = new URL(`${API_URL}/api/v1/scan`);
     const options = {
-      hostname: urlObj.hostname,
-      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
-      path: urlObj.pathname,
+      hostname: url.hostname,
+      port: url.port || 80,
+      path: url.pathname,
       method: 'POST',
       headers: {
+        'X-API-Key': apiKey,
         'Content-Type': `multipart/form-data; boundary=${boundary}`,
-        'Authorization': `Bearer ${token}`
-      }
+        'Content-Length': body.length,
+      },
     };
-    const proto = urlObj.protocol === 'https:' ? https : http;
-    const req = proto.request(options, res => {
-      let body = '';
-      res.on('data', chunk => body += chunk);
+    const req = http.request(options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => data += chunk);
       res.on('end', () => {
         try {
-          resolve({ status: res.statusCode, data: JSON.parse(body) });
-        } catch {
-          resolve({ status: res.statusCode, data: body });
+          resolve(JSON.parse(data));
+        } catch (e) {
+          reject(new Error(`Invalid response: ${data}`));
         }
       });
     });
-    req.on('error', reject);
-    // Add project_name field
-    req.write(`--${boundary}\r\n`);
-    req.write(`Content-Disposition: form-data; name="project_name"\r\n\r\n`);
-    req.write(projectName || 'Unknown');
-    req.write('\r\n');
-    // Add source field
-    req.write(`--${boundary}\r\n`);
-    req.write(`Content-Disposition: form-data; name="source"\r\n\r\n`);
-    req.write('cli');
-    req.write('\r\n');
-    // Add file
-    req.write(`--${boundary}\r\n`);
-    req.write(`Content-Disposition: form-data; name="file"; filename="${fileName}"\r\n`);
-    req.write('Content-Type: application/zip\r\n\r\n');
-    fileStream.on('data', chunk => req.write(chunk));
-    fileStream.on('end', () => {
-      req.write(`\r\n--${boundary}--\r\n`);
-      req.end();
-    });
-    fileStream.on('error', reject);
-  });
-}
-// Open URL in browser
-function openBrowser(url) {
-  const cmd = process.platform === 'darwin' ? 'open' :
-              process.platform === 'win32' ? 'start' : 'xdg-open';
-  exec(`${cmd} "${url}"`);
-}
-// Should skip file/folder
-function shouldSkip(name) {
-  return SKIP_PATTERNS.some(pattern => {
-    if (pattern.startsWith('*.')) {
-      return name.endsWith(pattern.slice(1));
-    }
-    return name === pattern;
-  });
-}
-// Zip directory
-function zipDirectory(sourceDir, outPath) {
-  return new Promise((resolve, reject) => {
-    const output = fs.createWriteStream(outPath);
-    const archive = archiver('zip', { zlib: { level: 6 } });
-    output.on('close', () => resolve(archive.pointer()));
-    archive.on('error', reject);
-    archive.pipe(output);
-    const addDir = (dir, prefix = '') => {
-      const items = fs.readdirSync(dir);
-      for (const item of items) {
-        if (shouldSkip(item)) continue;
-        const fullPath = path.join(dir, item);
-        const archivePath = prefix ? `${prefix}/${item}` : item;
-        const stat = fs.statSync(fullPath);
-        if (stat.isDirectory()) {
-          addDir(fullPath, archivePath);
-        } else if (stat.size < 1024 * 1024) {
-          archive.file(fullPath, { name: archivePath });
-        }
-      }
-    };
-    addDir(sourceDir);
-    archive.finalize();
+    req.on('error', (e) => reject(e));
+    req.write(body);
+    req.end();
   });
 }
 // Generate markdown report
-function generateMarkdownReport(result) {
-  const vulns = result.vulnerabilities || [];
-  const score = result.security_score || 0;
-  const grade = result.grade_level || 'N/A';
-  const projectName = result.project_name || 'Unknown Project';
-  const dateStr = new Date().toLocaleDateString('en-US', {
-    year: 'numeric',
-    month: 'long',
-    day: 'numeric'
-  });
-  // Count by severity
-  const counts = { critical: 0, high: 0, medium: 0, low: 0 };
-  for (const v of vulns) {
-    const sev = (v.severity || 'low').toLowerCase();
-    if (counts[sev] !== undefined) counts[sev]++;
-  }
-  // Header
-  let md = `# ${t('reportTitle')}\n\n`;
-  md += `> **${projectName}** | ${dateStr}\n\n`;
-  // Score card
-  const scoreEmoji = score >= 90 ? '🛡️' : score >= 75 ? '✅' : score >= 50 ? '⚠️' : '🚨';
-  md += `## ${scoreEmoji} Security Score: ${score}/100 (${grade})\n\n`;
-  // Summary table
-  if (vulns.length > 0) {
-    md += `| Severity | Count |\n`;
-    md += `|----------|-------|\n`;
-    if (counts.critical > 0) md += `| 🔴 Critical | ${counts.critical} |\n`;
-    if (counts.high > 0) md += `| 🟠 High | ${counts.high} |\n`;
-    if (counts.medium > 0) md += `| 🟡 Medium | ${counts.medium} |\n`;
-    if (counts.low > 0) md += `| 🟢 Low | ${counts.low} |\n`;
-    md += `\n`;
+function generateReport(result) {
+  const date = new Date().toISOString().split('T')[0];
+  const time = new Date().toLocaleTimeString();
+  let report = `# Security Report
+**Date:** ${date} ${time}
+**Score:** ${result.security_score || 0}/100
+**Grade:** ${result.grade || 'N/A'}
+**Total Findings:** ${result.total_findings || 0}
+## Summary
+| Severity | Count |
+|----------|-------|
+| Critical | ${result.critical_count || 0} |
+| High | ${result.high_count || 0} |
+| Medium | ${result.medium_count || 0} |
+| Low | ${result.low_count || 0} |
+`;
+  if (result.findings && result.findings.length > 0) {
+    report += `## Findings\n\n`;
+    result.findings.forEach((finding, i) => {
+      report += `### ${i + 1}. ${finding.title || finding.rule_id || 'Finding'}\n\n`;
+      report += `- **Severity:** ${finding.severity || 'Unknown'}\n`;
+      report += `- **File:** ${finding.file || 'N/A'}\n`;
+      if (finding.line) report += `- **Line:** ${finding.line}\n`;
+      if (finding.description) report += `- **Description:** ${finding.description}\n`;
+      report += '\n';
+    });
   }
-  // Vulnerabilities
-  if (vulns.length === 0) {
-    md += `## ✅ ${t('reportNoVulns')}\n\n`;
-    md += `${t('reportCongrats')}\n`;
-  } else {
-    md += `---\n\n`;
-    md += `## ${t('reportVulnsDetected')}\n\n`;
-    const bySeverity = { CRITICAL: [], HIGH: [], MEDIUM: [], LOW: [] };
-    for (const v of vulns) {
-      const sev = (v.severity || 'LOW').toUpperCase();
-      if (bySeverity[sev]) bySeverity[sev].push(v);
-    }
-    for (const [severity, items] of Object.entries(bySeverity)) {
-      if (items.length === 0) continue;
+  report += `---\n*Generated by [Grepleaks](${API_URL})*\n`;
-      const emoji = severity === 'CRITICAL' ? '🔴' :
-                    severity === 'HIGH' ? '🟠' :
-                    severity === 'MEDIUM' ? '🟡' : '🟢';
-      const severityLabel = severity.charAt(0) + severity.slice(1).toLowerCase();
-      md += `### ${emoji} ${severityLabel}\n\n`;
-      for (let i = 0; i < items.length; i++) {
-        const v = items[i];
-        // Title from description (first sentence or truncated)
-        let title = v.description || 'Security Issue';
-        const firstSentence = title.match(/^[^.!?]+[.!?]/);
-        if (firstSentence) {
-          title = firstSentence[0];
-        } else if (title.length > 80) {
-          title = title.substring(0, 77) + '...';
-        }
-        md += `#### ${i + 1}. ${title}\n\n`;
-        // Location
-        if (v.location) {
-          md += `- **File:** \`${v.location}\`\n`;
-        }
-        // CVE
-        if (v.cve) {
-          md += `- **CVE:** [${v.cve}](https://nvd.nist.gov/vuln/detail/${v.cve})\n`;
-        }
-        // Package info
-        if (v.package_name) {
-          md += `- **Package:** \`${v.package_name}\``;
-          if (v.current_version) md += ` v${v.current_version}`;
-          md += `\n`;
-          if (v.fixed_version) {
-            md += `- **Fix:** Upgrade to v${v.fixed_version}\n`;
-          }
-        }
-        md += `\n`;
-        // Code snippet
-        if (v.code_snippet) {
-          md += `**Affected code:**\n\`\`\`\n${v.code_snippet}\n\`\`\`\n\n`;
-        }
-        // Recommendation
-        const rec = v.llm_recommendation || v.recommendation;
-        if (rec) {
-          md += `**${t('reportRecommendation')}:** ${rec}\n\n`;
-        }
-        // Reference
-        if (v.reference_url) {
-          md += `[Learn more](${v.reference_url})\n\n`;
-        }
-        md += `---\n\n`;
-      }
-    }
-  }
+  return report;
+}
-  // Footer
-  md += `*${t('reportGeneratedBy')} [grepleaks](https://grepleaks.com)*\n`;
+// Interactive prompt
+function prompt(question) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
-  return md;
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer);
+    });
+  });
 }
-// Commands
-async function cmdLogin(args) {
-  log(`\n${c.cyan}${c.bold}${t('loginTitle')}${c.reset}\n`);
+// ========== COMMANDS ==========
-  // Show menu
-  log(`${t('loginChooseMethod')}\n`);
-  log(`  ${c.cyan}1.${c.reset} ${t('loginOptionEmail')}`);
-  log(`  ${c.cyan}2.${c.reset} ${t('loginOptionGitHub')}\n`);
-  const choice = await prompt(t('loginChoice'));
+// Init command
+async function init() {
+  console.log(`
+${colors.cyan}${colors.bold}Grepleaks Setup${colors.reset}
+`);
-  if (choice === '2') {
-    // GitHub login via browser
-    await loginWithGitHub();
-  } else {
-    // Email/password login (default)
-    await loginWithEmail();
+  if (!isGitRepo()) {
+    logError('This is not a git repository. Please run "git init" first.');
+    process.exit(1);
   }
-}
-async function loginWithEmail() {
-  const email = await prompt(t('loginEmail'));
-  const password = await promptPassword(t('loginPassword'));
-  if (!email || !password) {
-    error(t('loginEmailPasswordRequired'));
+  // Get API key
+  let apiKey = process.env.GREPLEAKS_API_KEY;
+  if (!apiKey) {
+    console.log(`Get your API key at: ${colors.cyan}${API_URL}${colors.reset} (Settings > API Keys)\n`);
+    apiKey = await prompt('Enter your API key: ');
   }
-  info(t('loginInProgress'));
-  const res = await request('POST', `${API_URL}/auth/signin`, {
-    email,
-    password
-  });
-  if (res.status !== 200) {
-    error(res.data.error || t('loginFailed'));
+  if (!apiKey || !apiKey.startsWith('grpl_')) {
+    logError('Invalid API key. It should start with "grpl_"');
+    process.exit(1);
   }
-  saveCredentials({
-    access_token: res.data.access_token,
-    refresh_token: res.data.refresh_token,
-    email: email
-  });
-  success(`${t('loginSuccess')} ${email}`);
-}
-async function loginWithGitHub() {
-  log(`\n${c.cyan}${c.bold}${t('loginGitHubTitle')}${c.reset}\n`);
-  const loginUrl = `${WEB_URL}/login?cli=true&provider=github`;
-  log(`If your browser doesn't open, visit this URL:`);
-  log(`${c.cyan}${loginUrl}${c.reset}\n`);
-  info(t('loginOpeningBrowser'));
-  openBrowser(loginUrl);
+  // Choose when to scan
+  console.log(`
+When do you want to run security scans?
-  log(`\n${t('loginTokenPrompt')}\n`);
-  const token = await prompt(t('loginTokenInput'));
+  ${colors.cyan}1${colors.reset}) On commit (pre-commit hook)
+  ${colors.cyan}2${colors.reset}) On push (pre-push hook)
+  ${colors.cyan}3${colors.reset}) Both
+  ${colors.cyan}4${colors.reset}) Manual only (no hooks)
+`);
-  if (!token) {
-    error(t('loginTokenRequired'));
+  const choice = await prompt('Your choice (1-4): ');
+  // Remove existing hooks
+  removeHook('pre-commit');
+  removeHook('pre-push');
+  // Create hooks based on choice
+  switch (choice) {
+    case '1':
+      createHook('pre-commit', apiKey);
+      logSuccess('Pre-commit hook installed');
+      break;
+    case '2':
+      createHook('pre-push', apiKey);
+      logSuccess('Pre-push hook installed');
+      break;
+    case '3':
+      createHook('pre-commit', apiKey);
+      createHook('pre-push', apiKey);
+      logSuccess('Pre-commit and pre-push hooks installed');
+      break;
+    case '4':
+      logInfo('No hooks installed. Run "npx grepleaks scan" manually.');
+      break;
+    default:
+      logError('Invalid choice');
+      process.exit(1);
   }
-  info(t('loginVerifying'));
-  const res = await request('GET', `${API_URL}/auth/user`, null, {
-    'Authorization': `Bearer ${token}`
+  // Save config
+  saveConfig({
+    apiKey: apiKey,
+    hook: choice,
+    createReport: true,
   });
-  if (res.status !== 200) {
-    error(t('loginInvalidToken'));
+  // Add config to gitignore
+  const gitignorePath = path.join(process.cwd(), '.gitignore');
+  let gitignore = '';
+  if (fs.existsSync(gitignorePath)) {
+    gitignore = fs.readFileSync(gitignorePath, 'utf8');
+  }
+  if (!gitignore.includes('.grepleaksrc')) {
+    fs.appendFileSync(gitignorePath, '\n# Grepleaks\n.grepleaksrc\n.grepleaks-scan.zip\n');
+    logInfo('Added .grepleaksrc to .gitignore');
   }
-  saveCredentials({
-    access_token: token,
-    email: res.data.email || 'GitHub User'
-  });
-  success(`${t('loginSuccess')} ${res.data.email || 'GitHub User'}`);
-}
+  console.log(`
+${colors.green}${colors.bold}Setup complete!${colors.reset}
-async function cmdLogout() {
-  clearCredentials();
-  success(t('logoutSuccess'));
+Run a manual scan anytime with:
+  ${colors.cyan}npx grepleaks scan${colors.reset}
+`);
 }
+// Scan command
+async function scan(apiKey) {
+  const config = getConfig();
+  apiKey = apiKey || config.apiKey || process.env.GREPLEAKS_API_KEY;
-async function cmdScan(args) {
-  const creds = loadCredentials();
-  if (!creds || !creds.access_token) {
-    log(`\n${c.yellow}${t('scanMustLogin')}${c.reset}\n`);
-    log(`  ${c.cyan}grepleaks login${c.reset}\n`);
+  if (!apiKey) {
+    logError('No API key provided. Run "npx grepleaks init" or use --api-key');
     process.exit(1);
   }
-  const scanPath = args[1] || '.';
-  const absolutePath = path.resolve(process.cwd(), scanPath);
-  if (!fs.existsSync(absolutePath)) {
-    error(`${t('scanPathNotFound')} ${absolutePath}`);
-  }
-  if (!fs.statSync(absolutePath).isDirectory()) {
-    error(`${t('scanMustBeDir')} ${absolutePath}`);
-  }
-  const projectName = path.basename(absolutePath);
-  log(`\n${c.cyan}${c.bold}grepleaks${c.reset} - ${t('scanTitle')}\n`);
-  info(`${t('scanProject')} ${projectName}`);
-  info(`${t('scanPath')} ${absolutePath}\n`);
+  console.log(`
+${colors.cyan}${colors.bold}Grepleaks Security Scan${colors.reset}
+`);
-  const tempZip = path.join(os.tmpdir(), `grepleaks-${Date.now()}.zip`);
+  logInfo('Creating archive...');
+  const zipPath = await createZip();
+  logInfo('Scanning...');
+  let result;
   try {
-    info(t('scanPreparing'));
-    const zipSize = await zipDirectory(absolutePath, tempZip);
-    success(`${t('scanArchiveCreated')} (${(zipSize / 1024 / 1024).toFixed(2)} MB)`);
-    info(t('scanUploading'));
-    const uploadRes = await uploadFile(
-      `${API_URL}/scan/async`,
-      tempZip,
-      creds.access_token,
-      projectName
-    );
-    if (uploadRes.status !== 202) {
-      error(uploadRes.data.error || t('scanUploadFailed'));
-    }
-    const jobId = uploadRes.data.job_id;
-    success(`${t('scanStarted')} (job: ${jobId})`);
-    info(t('scanAnalyzing'));
-    let result = null;
-    let lastProgress = '';
-    while (true) {
-      await new Promise(r => setTimeout(r, 2000));
-      const statusRes = await request('GET', `${API_URL}/scan/${jobId}/status`, null, {
-        'Authorization': `Bearer ${creds.access_token}`
-      });
-      if (statusRes.status !== 200) {
-        error(t('scanStatusFailed'));
-      }
-      const status = statusRes.data.status;
-      const progress = statusRes.data.progress || '';
-      if (progress !== lastProgress) {
-        process.stdout.write(`\r${c.gray}  ${progress}${c.reset}                    `);
-        lastProgress = progress;
-      }
-      if (status === 'completed') {
-        result = statusRes.data;
-        break;
-      } else if (status === 'failed') {
-        console.log();
-        error(statusRes.data.error || t('scanFailed'));
-      }
-    }
-    console.log();
-    success(`${t('scanComplete')}\n`);
+    result = await sendScan(zipPath, apiKey);
+  } catch (e) {
+    logError(`Scan failed: ${e.message}`);
+    fs.unlinkSync(zipPath);
+    process.exit(1);
+  }
-    // Result data is nested inside result.result from the API response
-    const scanResult = result.result || {};
-    const score = scanResult.security_score || 0;
-    const grade = scanResult.grade_level || 'N/A';
-    const vulns = scanResult.vulnerabilities || [];
+  // Clean up zip
+  fs.unlinkSync(zipPath);
-    const scoreColor = score >= 80 ? c.green : score >= 50 ? c.yellow : c.red;
+  if (result.error) {
+    logError(result.error);
+    process.exit(1);
+  }
-    log(`${c.bold}${t('scanResults')}${c.reset}`);
-    log(`  ${t('scanScore')} ${scoreColor}${score}/100 (${grade})${c.reset}`);
-    log(`  ${t('scanVulnerabilities')} ${vulns.length}`);
+  // Display results
+  console.log(`
+${colors.bold}========================================${colors.reset}
+${colors.bold}         SECURITY SCAN RESULTS${colors.reset}
+${colors.bold}========================================${colors.reset}
-    if (vulns.length > 0) {
-      const critical = vulns.filter(v => v.severity?.toUpperCase() === 'CRITICAL').length;
-      const high = vulns.filter(v => v.severity?.toUpperCase() === 'HIGH').length;
-      const medium = vulns.filter(v => v.severity?.toUpperCase() === 'MEDIUM').length;
-      const low = vulns.filter(v => v.severity?.toUpperCase() === 'LOW').length;
+  Score: ${colors.bold}${result.security_score || 0}/100${colors.reset}
+  Grade: ${colors.bold}${result.grade || 'N/A'}${colors.reset}
-      if (critical) log(`    ${c.red}● Critical: ${critical}${c.reset}`);
-      if (high) log(`    ${c.yellow}● High: ${high}${c.reset}`);
-      if (medium) log(`    ${c.blue}● Medium: ${medium}${c.reset}`);
-      if (low) log(`    ${c.gray}● Low: ${low}${c.reset}`);
-    }
+  Findings:
+    Critical: ${colors.red}${result.critical_count || 0}${colors.reset}
+    High:     ${colors.yellow}${result.high_count || 0}${colors.reset}
+    Medium:   ${colors.blue}${result.medium_count || 0}${colors.reset}
+    Low:      ${result.low_count || 0}
-    // Use AI-generated report from backend if available, otherwise generate locally
-    let report;
-    if (scanResult.report_markdown && scanResult.report_markdown.trim().length > 0) {
-      report = scanResult.report_markdown;
-      log(`\n${c.cyan}ℹ${c.reset} Using AI-generated report from server`);
-    } else {
-      report = generateMarkdownReport({ ...scanResult, project_name: projectName });
-      log(`\n${c.cyan}ℹ${c.reset} Generated report locally (AI report not available)`);
-    }
+${colors.bold}========================================${colors.reset}
+`);
-    const reportPath = path.join(absolutePath, 'grepleaks-report.md');
+  // Create report
+  if (config.createReport !== false) {
+    const report = generateReport(result);
+    const reportPath = path.join(process.cwd(), 'SECURITY_REPORT.md');
     fs.writeFileSync(reportPath, report);
+    logSuccess(`Report saved to SECURITY_REPORT.md`);
+  }
-    log(`${c.green}✓${c.reset} ${t('scanReportSaved')} ${c.cyan}${reportPath}${c.reset}\n`);
-  } finally {
-    if (fs.existsSync(tempZip)) {
-      fs.unlinkSync(tempZip);
-    }
+  // Exit with error if critical findings
+  if ((result.critical_count || 0) > 0) {
+    logError('Critical vulnerabilities found!');
+    process.exit(1);
   }
+  logSuccess('Scan complete!');
 }
-function showHelp() {
-  log(`
-${c.bold}${c.cyan}grepleaks${c.reset} - ${t('tagline')}
+// Help command
+function help() {
+  console.log(`
+${colors.cyan}${colors.bold}Grepleaks CLI${colors.reset}
-${c.bold}${t('helpUsage')}${c.reset}
-  grepleaks <command> [options]
+Usage: npx grepleaks <command> [options]
-${c.bold}${t('helpCommands')}${c.reset}
-  login             ${t('helpLoginDesc')}
-  logout            ${t('helpLogoutDesc')}
-  scan <path>       ${t('helpScanDesc')}
+Commands:
+  ${colors.cyan}init${colors.reset}              Setup grepleaks in your project
+  ${colors.cyan}scan${colors.reset}              Run a security scan
+  ${colors.cyan}help${colors.reset}              Show this help message
-${c.bold}${t('helpOptions')}${c.reset}
-  -h, --help        ${t('helpShowHelp')}
-  -v, --version     ${t('helpShowVersion')}
+Options:
+  ${colors.cyan}--api-key${colors.reset}         Your Grepleaks API key
-${c.bold}${t('helpExamples')}${c.reset}
-  grepleaks login
-  grepleaks scan .
-  grepleaks scan ./my-project
+Examples:
+  npx grepleaks init
+  npx grepleaks scan
+  npx grepleaks scan --api-key grpl_xxx
-${c.bold}${t('helpMoreInfo')}${c.reset}
-  ${c.cyan}https://grepleaks.com${c.reset}
+Get your API key at: ${colors.cyan}${API_URL}${colors.reset}
 `);
 }
 // Main
 async function main() {
   const args = process.argv.slice(2);
-  if (args.length === 0 || args.includes('--help') || args.includes('-h')) {
-    showHelp();
-    process.exit(0);
-  }
-  if (args.includes('--version') || args.includes('-v')) {
-    log(`${t('version')}${VERSION}`);
-    process.exit(0);
-  }
   const command = args[0];
-  try {
-    switch (command) {
-      case 'login':
-        await cmdLogin(args);
-        break;
-      case 'logout':
-        await cmdLogout();
-        break;
-      case 'scan':
-        await cmdScan(args);
-        break;
-      default:
-        error(`${t('errorUnknownCmd')} ${command}\n${t('errorUseHelp')}`);
+  // Parse options
+  let apiKey = null;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--api-key' && args[i + 1]) {
+      apiKey = args[i + 1];
     }
-  } catch (err) {
-    error(err.message);
+  }
+  switch (command) {
+    case 'init':
+      await init();
+      break;
+    case 'scan':
+      await scan(apiKey);
+      break;
+    case 'help':
+    case '--help':
+    case '-h':
+      help();
+      break;
+    default:
+      help();
   }
 }
-main();
+main().catch((e) => {
+  logError(e.message);
+  process.exit(1);
+});

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "grepleaks",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "Security scanner for your code - detect vulnerabilities, secrets, and misconfigurations",
   "main": "bin/grepleaks.js",
   "bin": {

package/README.md DELETED Viewed

@@ -1,94 +0,0 @@
-# grepleaks
-Security scanner for your code - detect vulnerabilities, secrets, and misconfigurations.
-## Installation
-```bash
-npm install -g grepleaks
-```
-## Usage
-### 1. Login
-```bash
-# Login with email/password
-grepleaks login
-# Or login via browser
-grepleaks login --browser
-```
-### 2. Scan a project
-```bash
-# Scan current directory
-grepleaks scan .
-# Scan a specific directory
-grepleaks scan ./my-project
-```
-### 3. Result
-The scan generates a `grepleaks-report.md` file in the scanned directory.
-```
-grepleaks - Security scan
-→ Project: my-project
-→ Path: /path/to/my-project
-→ Preparing files...
-✓ Archive created (1.23 MB)
-→ Uploading to server...
-✓ Scan started (job: abc123)
-→ Analyzing...
-✓ Scan complete!
-Results:
-  Score: 75/100 (B)
-  Vulnerabilities: 3
-    ● High: 1
-    ● Medium: 2
-✓ Report saved: ./my-project/grepleaks-report.md
-```
-## Commands
-| Command | Description |
-|---------|-------------|
-| `grepleaks login` | Login with email/password |
-| `grepleaks login --browser` | Login via browser |
-| `grepleaks logout` | Logout |
-| `grepleaks scan <path>` | Scan a directory |
-| `grepleaks lang <en\|fr>` | Set language |
-| `grepleaks --help` | Show help |
-| `grepleaks --version` | Show version |
-## Language
-The CLI is in English by default. To switch to French:
-```bash
-grepleaks lang fr
-```
-To switch back to English:
-```bash
-grepleaks lang en
-```
-## What it detects
-- Hardcoded secrets (API keys, passwords, tokens)
-- Vulnerabilities in dependencies
-- Security issues in code (SQL injection, XSS, etc.)
-- Misconfigurations
-## More info
-Visit [grepleaks.com](https://grepleaks.com) for the full web interface.