guardrail-security 1.0.0

package/dist/secrets/vault-providers.js

@@ -0,0 +1,417 @@
+"use strict";
+/**
+ * Vault Providers
+ *
+ * Real implementations for secret vault integrations:
+ * - AWS Secrets Manager
+ * - HashiCorp Vault
+ * - Azure Key Vault
+ * - GCP Secret Manager
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalEnvProvider = exports.GCPSecretManagerProvider = exports.AzureKeyVaultProvider = exports.HashiCorpVaultProvider = exports.AWSSecretsManagerProvider = void 0;
+exports.createVaultProvider = createVaultProvider;
+/**
+ * AWS Secrets Manager Provider
+ */
+class AWSSecretsManagerProvider {
+    name = 'AWS Secrets Manager';
+    client;
+    region;
+    constructor(config) {
+        this.region = config.region || 'us-east-1';
+    }
+    async getClient() {
+        if (!this.client) {
+            const { SecretsManagerClient } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+            this.client = new SecretsManagerClient({ region: this.region });
+        }
+        return this.client;
+    }
+    async createSecret(name, value) {
+        const client = await this.getClient();
+        const { CreateSecretCommand } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+        try {
+            const result = await client.send(new CreateSecretCommand({
+                Name: name,
+                SecretString: value,
+                Description: 'Migrated by Guardrail AI',
+            }));
+            return result.ARN || name;
+        }
+        catch (error) {
+            if (error.name === 'ResourceExistsException') {
+                const { PutSecretValueCommand } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+                await client.send(new PutSecretValueCommand({
+                    SecretId: name,
+                    SecretString: value,
+                }));
+                return name;
+            }
+            throw error;
+        }
+    }
+    async getSecret(name) {
+        const client = await this.getClient();
+        const { GetSecretValueCommand } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+        try {
+            const result = await client.send(new GetSecretValueCommand({ SecretId: name }));
+            return result.SecretString || null;
+        }
+        catch (error) {
+            if (error.name === 'ResourceNotFoundException') {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async deleteSecret(name) {
+        const client = await this.getClient();
+        const { DeleteSecretCommand } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+        try {
+            await client.send(new DeleteSecretCommand({
+                SecretId: name,
+                ForceDeleteWithoutRecovery: false,
+            }));
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async listSecrets() {
+        const client = await this.getClient();
+        const { ListSecretsCommand } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-secrets-manager')));
+        const result = await client.send(new ListSecretsCommand({}));
+        return (result.SecretList || []).map((s) => s.Name).filter(Boolean);
+    }
+    async testConnection() {
+        try {
+            await this.listSecrets();
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+}
+exports.AWSSecretsManagerProvider = AWSSecretsManagerProvider;
+/**
+ * HashiCorp Vault Provider
+ */
+class HashiCorpVaultProvider {
+    name = 'HashiCorp Vault';
+    client;
+    endpoint;
+    token;
+    mountPath;
+    constructor(config) {
+        this.endpoint = config.endpoint || 'http://127.0.0.1:8200';
+        this.token = config.credentials?.token || process.env['VAULT_TOKEN'] || '';
+        this.mountPath = 'secret';
+    }
+    async getClient() {
+        if (!this.client) {
+            const vault = (await Promise.resolve().then(() => __importStar(require('node-vault')))).default;
+            this.client = vault({
+                endpoint: this.endpoint,
+                token: this.token,
+            });
+        }
+        return this.client;
+    }
+    async createSecret(name, value) {
+        const client = await this.getClient();
+        const path = `${this.mountPath}/data/${name}`;
+        await client.write(path, {
+            data: { value },
+            metadata: { created_by: 'Guardrail-ai' },
+        });
+        return path;
+    }
+    async getSecret(name) {
+        const client = await this.getClient();
+        const path = `${this.mountPath}/data/${name}`;
+        try {
+            const result = await client.read(path);
+            return result?.data?.data?.value || null;
+        }
+        catch (error) {
+            if (error.response?.statusCode === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async deleteSecret(name) {
+        const client = await this.getClient();
+        const path = `${this.mountPath}/metadata/${name}`;
+        try {
+            await client.delete(path);
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async listSecrets() {
+        const client = await this.getClient();
+        const path = `${this.mountPath}/metadata`;
+        try {
+            const result = await client.list(path);
+            return result?.data?.keys || [];
+        }
+        catch (error) {
+            return [];
+        }
+    }
+    async testConnection() {
+        try {
+            const client = await this.getClient();
+            await client.health();
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+}
+exports.HashiCorpVaultProvider = HashiCorpVaultProvider;
+/**
+ * Azure Key Vault Provider
+ */
+class AzureKeyVaultProvider {
+    name = 'Azure Key Vault';
+    client;
+    vaultUrl;
+    constructor(config) {
+        this.vaultUrl = config.endpoint || '';
+        if (!this.vaultUrl) {
+            throw new Error('Azure Key Vault URL is required');
+        }
+    }
+    async getClient() {
+        if (!this.client) {
+            const { SecretClient } = await Promise.resolve().then(() => __importStar(require('@azure/keyvault-secrets')));
+            const { DefaultAzureCredential } = await Promise.resolve().then(() => __importStar(require('@azure/identity')));
+            const credential = new DefaultAzureCredential();
+            this.client = new SecretClient(this.vaultUrl, credential);
+        }
+        return this.client;
+    }
+    async createSecret(name, value) {
+        const client = await this.getClient();
+        const sanitizedName = name.replace(/[^a-zA-Z0-9-]/g, '-');
+        const result = await client.setSecret(sanitizedName, value, {
+            tags: { createdBy: 'Guardrail-ai' },
+        });
+        return result.properties.id || sanitizedName;
+    }
+    async getSecret(name) {
+        const client = await this.getClient();
+        const sanitizedName = name.replace(/[^a-zA-Z0-9-]/g, '-');
+        try {
+            const result = await client.getSecret(sanitizedName);
+            return result.value || null;
+        }
+        catch (error) {
+            if (error.code === 'SecretNotFound') {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async deleteSecret(name) {
+        const client = await this.getClient();
+        const sanitizedName = name.replace(/[^a-zA-Z0-9-]/g, '-');
+        try {
+            await client.beginDeleteSecret(sanitizedName);
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async listSecrets() {
+        const client = await this.getClient();
+        const secrets = [];
+        for await (const secretProperties of client.listPropertiesOfSecrets()) {
+            secrets.push(secretProperties.name);
+        }
+        return secrets;
+    }
+    async testConnection() {
+        try {
+            await this.listSecrets();
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+}
+exports.AzureKeyVaultProvider = AzureKeyVaultProvider;
+/**
+ * GCP Secret Manager Provider
+ */
+class GCPSecretManagerProvider {
+    name = 'GCP Secret Manager';
+    client;
+    projectId;
+    constructor(config) {
+        this.projectId = config.projectId || process.env['GOOGLE_CLOUD_PROJECT'] || '';
+        if (!this.projectId) {
+            throw new Error('GCP Project ID is required');
+        }
+    }
+    async getClient() {
+        if (!this.client) {
+            const { SecretManagerServiceClient } = await Promise.resolve().then(() => __importStar(require('@google-cloud/secret-manager')));
+            this.client = new SecretManagerServiceClient();
+        }
+        return this.client;
+    }
+    async createSecret(name, value) {
+        const client = await this.getClient();
+        const parent = `projects/${this.projectId}`;
+        const sanitizedName = name.replace(/[^a-zA-Z0-9_-]/g, '_');
+        try {
+            await client.createSecret({
+                parent,
+                secretId: sanitizedName,
+                secret: {
+                    replication: { automatic: {} },
+                    labels: { created_by: 'Guardrail-ai' },
+                },
+            });
+        }
+        catch (error) {
+            if (error.code !== 6) {
+                throw error;
+            }
+        }
+        const secretName = `${parent}/secrets/${sanitizedName}`;
+        await client.addSecretVersion({
+            parent: secretName,
+            payload: { data: Buffer.from(value, 'utf8') },
+        });
+        return secretName;
+    }
+    async getSecret(name) {
+        const client = await this.getClient();
+        const sanitizedName = name.replace(/[^a-zA-Z0-9_-]/g, '_');
+        const secretName = `projects/${this.projectId}/secrets/${sanitizedName}/versions/latest`;
+        try {
+            const [version] = await client.accessSecretVersion({ name: secretName });
+            return version.payload?.data?.toString() || null;
+        }
+        catch (error) {
+            if (error.code === 5) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async deleteSecret(name) {
+        const client = await this.getClient();
+        const sanitizedName = name.replace(/[^a-zA-Z0-9_-]/g, '_');
+        const secretName = `projects/${this.projectId}/secrets/${sanitizedName}`;
+        try {
+            await client.deleteSecret({ name: secretName });
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    async listSecrets() {
+        const client = await this.getClient();
+        const parent = `projects/${this.projectId}`;
+        const [secrets] = await client.listSecrets({ parent });
+        return secrets.map((s) => s.name?.split('/').pop()).filter(Boolean);
+    }
+    async testConnection() {
+        try {
+            await this.listSecrets();
+            return true;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+}
+exports.GCPSecretManagerProvider = GCPSecretManagerProvider;
+/**
+ * Factory function to create vault provider
+ */
+function createVaultProvider(config) {
+    switch (config.type) {
+        case 'aws_secrets_manager':
+            return new AWSSecretsManagerProvider(config);
+        case 'hashicorp_vault':
+            return new HashiCorpVaultProvider(config);
+        case 'azure_keyvault':
+            return new AzureKeyVaultProvider(config);
+        case 'gcp_secret_manager':
+            return new GCPSecretManagerProvider(config);
+        default:
+            throw new Error(`Unsupported vault type: ${config.type}`);
+    }
+}
+/**
+ * Local environment provider (for development/testing)
+ */
+class LocalEnvProvider {
+    name = 'Local Environment';
+    secrets = new Map();
+    async createSecret(name, value) {
+        this.secrets.set(name, value);
+        return `local://${name}`;
+    }
+    async getSecret(name) {
+        return this.secrets.get(name) || process.env[name] || null;
+    }
+    async deleteSecret(name) {
+        return this.secrets.delete(name);
+    }
+    async listSecrets() {
+        return Array.from(this.secrets.keys());
+    }
+    async testConnection() {
+        return true;
+    }
+}
+exports.LocalEnvProvider = LocalEnvProvider;

package/dist/supply-chain/detector.d.ts

@@ -0,0 +1,80 @@
+import { TyposquatResult } from "./typosquat";
+import { ScriptAnalysisResult } from "./script-analyzer";
+/**
+ * Package analysis result
+ */
+export interface PackageAnalysisResult {
+    packageName: string;
+    version: string;
+    registry: string;
+    riskScore: number;
+    threats: Threat[];
+    isMalicious: boolean;
+    isTyposquat: boolean;
+    isDeprecated: boolean;
+    typosquatResult?: TyposquatResult;
+    scriptAnalysis?: ScriptAnalysisResult[];
+    license?: string;
+    maintainerRisk?: MaintainerRisk;
+}
+export interface Threat {
+    type: string;
+    severity: "low" | "medium" | "high" | "critical";
+    description: string;
+}
+export interface MaintainerRisk {
+    accountAge: number;
+    packageCount: number;
+    suspiciousActivity: boolean;
+    riskLevel: "low" | "medium" | "high";
+}
+/**
+ * SBOM (Software Bill of Materials)
+ */
+export interface SBOM {
+    id?: string;
+    projectId: string;
+    version: number;
+    format: "CycloneDX" | "SPDX";
+    specVersion: string;
+    components: SBOMComponent[];
+    generatedAt: Date;
+}
+export interface SBOMComponent {
+    type: "library" | "application" | "framework";
+    name: string;
+    version: string;
+    purl: string;
+    licenses?: string[];
+    hashes?: {
+        algorithm: string;
+        value: string;
+    }[];
+    dependencies?: string[];
+}
+/**
+ * Supply Chain Attack Detector
+ */
+export declare class SupplyChainDetector {
+    /**
+     * Detect typosquatting
+     */
+    detectTyposquatting(packageName: string): Promise<TyposquatResult>;
+    /**
+     * Detect dependency confusion
+     */
+    detectDependencyConfusion(_packageName: string, internalRegistry?: string): Promise<{
+        isDependencyConfusion: boolean;
+        reason: string;
+    }>;
+    /**
+     * Full package analysis
+     */
+    analyzePackage(packageName: string, version: string, projectId: string): Promise<PackageAnalysisResult>;
+    /**
+     * Generate SBOM (CycloneDX format)
+     */
+    generateSBOM(projectPath: string, projectId: string): Promise<SBOM>;
+}
+export declare const supplyChainDetector: SupplyChainDetector;
+//# sourceMappingURL=detector.d.ts.map

package/dist/supply-chain/detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../src/supply-chain/detector.ts"],"names":[],"mappings":"AACA,OAAO,EAAqB,eAAe,EAAE,MAAM,aAAa,CAAC;AAEjE,OAAO,EAAkB,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAIzE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,OAAO,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,cAAc,CAAC,EAAE,oBAAoB,EAAE,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,WAAW,EAAE,IAAI,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,GAAG,aAAa,GAAG,WAAW,CAAC;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;OAEG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAIxE;;OAEG;IACG,yBAAyB,CAC7B,YAAY,EAAE,MAAM,EACpB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC;QAAE,qBAAqB,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAoB9D;;OAEG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,qBAAqB,CAAC;IAiFjC;;OAEG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA2D1E;AAGD,eAAO,MAAM,mBAAmB,qBAA4B,CAAC"}

package/dist/supply-chain/detector.js

@@ -0,0 +1,168 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.supplyChainDetector = exports.SupplyChainDetector = void 0;
+const database_1 = require("@guardrail/database");
+const typosquat_1 = require("./typosquat");
+const malicious_db_1 = require("./malicious-db");
+const script_analyzer_1 = require("./script-analyzer");
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Supply Chain Attack Detector
+ */
+class SupplyChainDetector {
+    /**
+     * Detect typosquatting
+     */
+    async detectTyposquatting(packageName) {
+        return typosquat_1.typosquatDetector.detectTyposquatting(packageName);
+    }
+    /**
+     * Detect dependency confusion
+     */
+    async detectDependencyConfusion(_packageName, internalRegistry) {
+        // Check if package exists in both public and internal registries
+        // This is a simplified implementation
+        if (!internalRegistry) {
+            return {
+                isDependencyConfusion: false,
+                reason: "No internal registry configured",
+            };
+        }
+        // In production, this would check both registries
+        // and compare versions, publish dates, etc.
+        return {
+            isDependencyConfusion: false,
+            reason: "Package only found in public registry",
+        };
+    }
+    /**
+     * Full package analysis
+     */
+    async analyzePackage(packageName, version, projectId) {
+        const threats = [];
+        let riskScore = 0;
+        // Check for typosquatting
+        const typosquatResult = await this.detectTyposquatting(packageName);
+        const isTyposquat = typosquatResult.isTyposquat;
+        if (isTyposquat) {
+            threats.push({
+                type: "typosquatting",
+                severity: "high",
+                description: `Possible typosquatting of ${typosquatResult.targetPackage}`,
+            });
+            riskScore += 40;
+        }
+        // Check against malicious database
+        const maliciousCheck = await malicious_db_1.maliciousPackageDB.checkPackage(packageName, version);
+        const isMalicious = maliciousCheck.isMalicious;
+        if (isMalicious) {
+            for (const match of maliciousCheck.matches) {
+                threats.push({
+                    type: "known_malicious",
+                    severity: match.severity,
+                    description: match.reason,
+                });
+                riskScore += 50;
+            }
+        }
+        // Analyze scripts
+        const scriptAnalysis = await script_analyzer_1.scriptAnalyzer.analyzeScripts(packageName, version);
+        for (const analysis of scriptAnalysis) {
+            if (analysis.isSuspicious) {
+                threats.push({
+                    type: "suspicious_script",
+                    severity: "high",
+                    description: `Suspicious script: ${analysis.scriptName}`,
+                });
+                riskScore += analysis.riskScore * 0.5;
+            }
+        }
+        // Save to database
+        await database_1.prisma.dependencyAnalysis.create({
+            data: {
+                projectId,
+                packageName,
+                version,
+                registry: "npm",
+                isMalicious,
+                isTyposquat,
+                isDeprecated: false,
+                riskScore: Math.min(100, riskScore),
+                threats: JSON.parse(JSON.stringify(threats)),
+            },
+        });
+        return {
+            packageName,
+            version,
+            registry: "npm",
+            riskScore: Math.min(100, riskScore),
+            threats,
+            isMalicious,
+            isTyposquat,
+            isDeprecated: false,
+            typosquatResult: isTyposquat ? typosquatResult : undefined,
+            scriptAnalysis,
+        };
+    }
+    /**
+     * Generate SBOM (CycloneDX format)
+     */
+    async generateSBOM(projectPath, projectId) {
+        const components = [];
+        try {
+            // Read package.json
+            const packageJsonPath = (0, path_1.join)(projectPath, "package.json");
+            const packageJson = JSON.parse((0, fs_1.readFileSync)(packageJsonPath, "utf-8"));
+            // Extract dependencies
+            const deps = {
+                ...packageJson.dependencies,
+                ...packageJson.devDependencies,
+            };
+            for (const [name, version] of Object.entries(deps)) {
+                components.push({
+                    type: "library",
+                    name,
+                    version: version,
+                    purl: `pkg:npm/${name}@${version}`,
+                });
+            }
+        }
+        catch (error) {
+            // Handle error
+        }
+        const sbom = {
+            id: `sbom_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`,
+            projectId,
+            version: 1,
+            format: "CycloneDX",
+            specVersion: "1.4",
+            components,
+            generatedAt: new Date(),
+        };
+        // @ts-ignore - SBOM model exists in schema, Prisma client may need regeneration
+        const savedSBOM = await database_1.prisma.sBOM.create({
+            data: {
+                id: sbom.id,
+                projectId,
+                version: sbom.version,
+                format: sbom.format,
+                specVersion: sbom.specVersion,
+                components: JSON.parse(JSON.stringify(components)),
+                generatedAt: sbom.generatedAt,
+            },
+        });
+        return {
+            id: savedSBOM.id,
+            projectId: savedSBOM.projectId,
+            version: savedSBOM.version,
+            format: savedSBOM.format,
+            specVersion: savedSBOM.specVersion,
+            components: savedSBOM.components,
+            generatedAt: savedSBOM.generatedAt,
+        };
+    }
+}
+exports.SupplyChainDetector = SupplyChainDetector;
+// Export singleton
+exports.supplyChainDetector = new SupplyChainDetector();

package/dist/supply-chain/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Supply Chain Attack Detection
+ *
+ * Detects typosquatting, malicious packages, and generates SBOMs
+ */
+export * from './detector';
+export * from './typosquat';
+export * from './malicious-db';
+export * from './script-analyzer';
+export * from './vulnerability-db';
+//# sourceMappingURL=index.d.ts.map

package/dist/supply-chain/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/supply-chain/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC"}