npm - icoa-cli - Versions diffs - 2.15.14 → 2.16.1 - Mend

icoa-cli 2.15.14 → 2.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/commands/exam.js CHANGED Viewed

@@ -106,8 +106,9 @@ function printQuestion(q, answer) {
         console.log(chalk.yellow(`  ${egg.emoji}  ${egg.text}`));
     }
     console.log();
-    console.log(chalk.bold.white(`  Q${q.number}`) + (q.category ? chalk.gray(` [${q.category}]`) : ''));
-    console.log(`  ${q.text}`);
+    if (q.category)
+        console.log(chalk.cyan(`  [${q.category}]`));
+    console.log(chalk.bold.white(`  Q${q.number}. `) + chalk.white(q.text));
     console.log();
     for (const key of ['A', 'B', 'C', 'D']) {
         const isEliminated = eliminated.includes(key);
@@ -123,6 +124,13 @@ function printQuestion(q, answer) {
         }
     }
     console.log();
+    // Q2 tutorial hint
+    const isDemo = state?.session.examId === 'demo-free';
+    const q2Helps = help.perQ[2] || 0;
+    if (isDemo && q.number === 2 && q2Helps === 0) {
+        console.log(chalk.yellow.bold('  👉 Try typing "help" to see what happens!'));
+        console.log();
+    }
     // Full menu on every question
     const remaining = help.max - help.used;
     const helpLabel = remaining > 0 ? `remove a wrong option (${remaining}/${help.max})` : (help.max < 8 ? 'used up — type more help for +3' : `used up (${help.used}/${help.max})`);
@@ -527,6 +535,18 @@ export function registerExamCommand(program) {
             printError('Choice must be A, B, C, or D.');
             return;
         }
+        // Q2 tutorial: must use help first before answering
+        if (state.session.examId === 'demo-free' && num === 2) {
+            const helpState = getHelpState(state);
+            const q2Helps = helpState.perQ[2] || 0;
+            if (q2Helps === 0) {
+                console.log();
+                console.log(chalk.yellow('  💡 Try typing ') + chalk.bold.yellow('help') + chalk.yellow(' first to see what it does!'));
+                console.log(chalk.gray('  This question requires you to use help before answering.'));
+                console.log();
+                return;
+            }
+        }
         state.answers[num] = c;
         state._lastQ = num;
         saveExamState(state);
@@ -844,7 +864,7 @@ export function registerExamCommand(program) {
         printHeader('ICOA Demo Exam — Free Practice');
         console.log();
         console.log(chalk.white('  Free practice · No account needed · No time limit'));
-        console.log(chalk.white('  30 questions · Pick one answer per question'));
+        console.log(chalk.white('  15 questions · Pick one answer per question'));
         console.log();
         printHowToPlay();
         console.log();
@@ -867,7 +887,7 @@ export function registerExamCommand(program) {
         console.log();
         console.log();
         saveExamState({ session, questions: DEMO_QUESTIONS, answers: {} });
-        printKeyValue('Questions', '30');
+        printKeyValue('Questions', '15');
         printKeyValue('Duration', 'No time limit');
         // Show first question
         printQuestion(DEMO_QUESTIONS[0]);

package/dist/lib/demo-exam.js CHANGED Viewed

@@ -8,13 +8,12 @@ export const DEMO_SESSION = {
     examName: 'ICOA Demo Exam — Free Practice',
     startedAt: '',
     durationMinutes: 0, // 0 = no time limit for demo
-    questionCount: 30,
+    questionCount: 15,
     country: 'ALL',
 };
 export const DEMO_ANSWERS = {
-    1: 'B', 2: 'B', 3: 'C', 4: 'B', 5: 'C', 6: 'B', 7: 'B', 8: 'C', 9: 'C', 10: 'B',
-    11: 'C', 12: 'B', 13: 'B', 14: 'B', 15: 'B', 16: 'B', 17: 'B', 18: 'B', 19: 'C', 20: 'B',
-    21: 'A', 22: 'B', 23: 'B', 24: 'B', 25: 'B', 26: 'B', 27: 'B', 28: 'B', 29: 'A', 30: 'C',
+    1: 'B', 2: 'B', 3: 'C', 4: 'C', 5: 'B', 6: 'B', 7: 'C', 8: 'B',
+    9: 'B', 10: 'B', 11: 'B', 12: 'B', 13: 'B', 14: 'B', 15: 'C',
 };
 export const DEMO_QUESTIONS = [
     { number: 1, text: 'Which algorithm is NOT a symmetric cipher?', category: 'Cryptography',
@@ -23,59 +22,29 @@ export const DEMO_QUESTIONS = [
         options: { A: 'Buffer overflow in web server', B: 'Unsanitized user input in database queries', C: 'Weak encryption algorithms', D: 'Misconfigured firewall rules' } },
     { number: 3, text: 'Which HTTP status code indicates "Forbidden"?', category: 'Web Security',
         options: { A: '401', B: '404', C: '403', D: '500' } },
-    { number: 4, text: 'What is the primary purpose of a nonce in cryptography?', category: 'Cryptography',
-        options: { A: 'Encrypt data at rest', B: 'Prevent replay attacks', C: 'Generate random passwords', D: 'Compress data before encryption' } },
-    { number: 5, text: 'Which tool is commonly used for network packet capture?', category: 'Network',
+    { number: 4, text: 'Which tool is commonly used for network packet capture?', category: 'Network',
         options: { A: 'Burp Suite', B: 'Ghidra', C: 'Wireshark', D: 'John the Ripper' } },
-    { number: 6, text: 'What does XSS stand for in cybersecurity?', category: 'Web Security',
+    { number: 5, text: 'What does XSS stand for in cybersecurity?', category: 'Web Security',
         options: { A: 'Extended Security System', B: 'Cross-Site Scripting', C: 'XML Secure Socket', D: 'Cross-Server Sharing' } },
-    { number: 7, text: 'What is the primary function of a firewall?', category: 'Network',
-        options: { A: 'Encrypt network data', B: 'Filter network traffic based on security rules', C: 'Detect viruses in files', D: 'Speed up internet connection' } },
-    { number: 8, text: 'Which type of malware disguises itself as legitimate software?', category: 'Malware',
+    { number: 6, text: 'Which type of malware disguises itself as legitimate software?', category: 'Malware',
         options: { A: 'Worm', B: 'Ransomware', C: 'Trojan', D: 'Adware' } },
-    { number: 9, text: 'Which protocol provides secure communication on the web?', category: 'Network',
-        options: { A: 'HTTP', B: 'FTP', C: 'HTTPS', D: 'SMTP' } },
-    { number: 10, text: 'What is a cryptographic hash?', category: 'Cryptography',
-        options: { A: 'A reversible encryption key', B: 'A one-way function producing a fixed-size digest', C: 'An authentication protocol', D: 'A type of digital signature' } },
-    { number: 11, text: 'Which tool is used for binary analysis?', category: 'Reverse Engineering',
-        options: { A: 'Nmap', B: 'SQLMap', C: 'Ghidra', D: 'Nikto' } },
-    { number: 12, text: 'Which attack manipulates DNS requests to redirect traffic?', category: 'Network',
-        options: { A: 'Phishing', B: 'DNS Spoofing', C: 'SQL Injection', D: 'Brute Force' } },
-    { number: 13, text: 'What is the standard port for SSH?', category: 'Network',
+    { number: 7, text: 'What is the standard port for SSH?', category: 'Network',
         options: { A: '21', B: '22', C: '80', D: '443' } },
-    { number: 14, text: 'What is two-factor authentication (2FA)?', category: 'Authentication',
+    { number: 8, text: 'What is a cryptographic hash?', category: 'Cryptography',
+        options: { A: 'A reversible encryption key', B: 'A one-way function producing a fixed-size digest', C: 'An authentication protocol', D: 'A type of digital signature' } },
+    { number: 9, text: 'What is two-factor authentication (2FA)?', category: 'Authentication',
         options: { A: 'Using two different passwords', B: 'Verifying identity with two distinct types of credentials', C: 'Encrypting data twice', D: 'Connecting through two networks' } },
-    { number: 15, text: 'Which Linux command shows open ports on a system?', category: 'Linux',
+    { number: 10, text: 'Which Linux command shows open ports on a system?', category: 'Linux',
         options: { A: 'ls -la', B: 'netstat -tulpn', C: 'chmod 777', D: 'cat /etc/passwd' } },
-    { number: 16, text: 'What is a Man-in-the-Middle (MitM) attack?', category: 'Network',
+    { number: 11, text: 'What is a Man-in-the-Middle (MitM) attack?', category: 'Network',
         options: { A: 'Accessing a server without authorization', B: 'Intercepting and modifying communications between two parties', C: 'Sending multiple requests to overload a server', D: 'Guessing passwords by brute force' } },
-    { number: 17, text: 'Which of these is a hash algorithm?', category: 'Cryptography',
-        options: { A: 'AES-256', B: 'SHA-256', C: 'RSA-2048', D: 'Diffie-Hellman' } },
-    { number: 18, text: 'What is the principle of least privilege?', category: 'Security',
+    { number: 12, text: 'What is the principle of least privilege?', category: 'Security',
         options: { A: 'Give root access to all users', B: 'Grant only the permissions necessary to perform a task', C: 'Use the shortest password possible', D: 'Disable all firewalls' } },
-    { number: 19, text: 'Which tool is commonly used for port scanning?', category: 'Network',
-        options: { A: 'Wireshark', B: 'Metasploit', C: 'Nmap', D: 'Hashcat' } },
-    { number: 20, text: 'What is ransomware?', category: 'Malware',
-        options: { A: 'Software that shows unwanted ads', B: 'Software that encrypts files and demands payment to decrypt', C: 'Software that records keystrokes', D: 'Software that replicates across networks' } },
-    { number: 21, text: 'What is the difference between symmetric and asymmetric encryption?', category: 'Cryptography',
-        options: { A: 'Symmetric uses the same key to encrypt and decrypt; asymmetric uses two different keys', B: 'Symmetric is slower than asymmetric', C: 'Asymmetric only works with small files', D: 'There is no significant difference' } },
-    { number: 22, text: 'Which vulnerability allows arbitrary code execution on a web server?', category: 'Web Security',
-        options: { A: 'CSRF', B: 'Remote Code Execution (RCE)', C: 'Clickjacking', D: 'Open Redirect' } },
-    { number: 23, text: 'What is OWASP?', category: 'Security',
-        options: { A: 'A security operating system', B: 'An organization that publishes web security standards and guides', C: 'A type of firewall', D: 'A programming language for security' } },
-    { number: 24, text: 'Which Linux command changes file permissions?', category: 'Linux',
-        options: { A: 'chown', B: 'chmod', C: 'chgrp', D: 'passwd' } },
-    { number: 25, text: 'What is an SSL/TLS certificate?', category: 'Cryptography',
-        options: { A: 'A file containing malware', B: 'A digital document that verifies a website\'s identity', C: 'A private key for SSH', D: 'A type of encrypted database' } },
-    { number: 26, text: 'Which of the following is a social engineering attack?', category: 'Security',
+    { number: 13, text: 'Which of the following is a social engineering attack?', category: 'Security',
         options: { A: 'Buffer overflow', B: 'Phishing', C: 'SQL Injection', D: 'Port scanning' } },
-    { number: 27, text: 'What does the Linux command "grep" do?', category: 'Linux',
-        options: { A: 'Compresses files', B: 'Searches for text patterns in files', C: 'Shows active processes', D: 'Configures the network' } },
-    { number: 28, text: 'What is a VPN?', category: 'Network',
+    { number: 14, text: 'What is a VPN?', category: 'Network',
         options: { A: 'A type of virus', B: 'A virtual private network that encrypts internet traffic', C: 'A file transfer protocol', D: 'A vulnerability scanner' } },
-    { number: 29, text: 'What is CSRF (Cross-Site Request Forgery)?', category: 'Web Security',
-        options: { A: 'An attack that forces a user\'s browser to perform unauthorized actions', B: 'A data encryption method', C: 'A type of network scanner', D: 'A file compression technique' } },
-    { number: 30, text: 'What is the best practice for storing passwords in a database?', category: 'Security',
+    { number: 15, text: 'What is the best practice for storing passwords in a database?', category: 'Security',
         options: { A: 'Plain text', B: 'Encrypted with AES', C: 'Hashed with salt', D: 'Encoded in Base64' } },
 ];
 /**

package/dist/repl.js CHANGED Viewed

@@ -181,7 +181,7 @@ export async function startRepl(program, resumeMode) {
         console.log(chalk.white('   Ready to start? Just type ') + chalk.bold.cyan('demo') + chalk.white(' and press ') + chalk.yellow('Enter') + chalk.white('!'));
         console.log();
         console.log(chalk.gray('   ─────────────────────────────────────────────'));
-        console.log(chalk.bold.cyan('     demo') + chalk.gray('            Free practice exam (30 questions)'));
+        console.log(chalk.bold.cyan('     demo') + chalk.gray('            Free practice exam (15 questions)'));
         console.log(chalk.white('     exam <token>') + chalk.gray('    Enter exam with access token'));
         console.log(chalk.white('     lang es') + chalk.gray('         Switch language (15 supported)'));
         console.log(chalk.gray('                     e.g. lang es (Español), lang zh, lang fr'));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.15.14",
+  "version": "2.16.1",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {