npm - intercept-commands - Versions diffs - 0.1.1 → 0.1.2 - Mend

intercept-commands 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,16 @@
+# intercept-commands
+Lightweight interceptor to detect potentially dangerous shell and database commands.
+Usage:
+```js
+const interceptor = require('intercept-commands');
+const result = interceptor.analyzeCommand('rm -rf /');
+console.log(result);
+```
+API:
+- `analyzeCommand(text)` → { isHarmful: boolean, findings: Array }
+- `detectDangerousCommands(text)` → Array of findings
+- `isHarmful(text)` → boolean

package/index.js CHANGED Viewed

@@ -1,5 +1,4 @@
-// Simple npm package wrapper that re-exports the core interceptor from the workspace lib.
-const path = require('path');
-const interceptor = require(path.join('..', 'lib', 'interceptor'));
+// Re-export the packaged interceptor implementation
+const interceptor = require('./lib/interceptor');
 module.exports = interceptor;

package/lib/interceptor.js ADDED Viewed

@@ -0,0 +1,215 @@
+// Core interception library for detecting dangerous shell/database commands
+const RULES = [
+	{
+		id: 'fs-rm-recursive-force',
+		description: 'Recursive/forced file deletion (Unix)',
+		platforms: ['unix','linux','mac'],
+		severity: 'high',
+		regex: /\b(rm|unlink)\b[^\n]*(-rf|-r\s|-f\b|--no-preserve-root|--force)\b/gi,
+		example: 'rm -rf /',
+		recommendation: 'Block or require explicit approval; refuse near root or system paths.'
+	},
+	{
+		id: 'fs-rm-root-protect',
+		description: 'rm with root path or no-preserve-root',
+		platforms: ['unix','linux','mac'],
+		severity: 'critical',
+		regex: /\b(rm)\b[^\n]*(?:\/\s*(?:\$|;|\||&|$)|\\\s*(?:\$|;|\||&|$)|--no-preserve-root|^\s*rm\s+.*-[a-z]*f[a-z]*.*\s+\/(?:\s|$))/gi,
+		example: 'rm -rf / --no-preserve-root',
+		recommendation: 'Treat as critical and block automatically.'
+	},
+	{
+		id: 'windows-del-recursive',
+		description: 'Recursive forced delete on Windows',
+		platforms: ['windows'],
+		severity: 'high',
+		regex: /\b(del|erase)\b[^\n]*(?:\/s|\/q|\/f|\\\\|C:\\|%SYSTEMROOT%)/gi,
+		example: 'del /s /q C:\\*',
+		recommendation: 'Block or require approval.'
+	},
+	{
+		id: 'format-disk',
+		description: 'Disk formatting commands',
+		platforms: ['windows','unix','linux','mac'],
+		severity: 'critical',
+		regex: /\b(format|format-volume|mkfs\.|fdisk|diskpart)\b/gi,
+		example: 'format C:',
+		recommendation: 'Critical — block by default.'
+	},
+	{
+		id: 'dd-overwrite',
+		description: 'Raw device overwrite via dd',
+		platforms: ['unix','linux','mac'],
+		severity: 'critical',
+		regex: /\bdd\b[^\n]*(if=|of=)/gi,
+		example: 'dd if=/dev/zero of=/dev/sda bs=1M',
+		recommendation: 'Critical — block by default.'
+	},
+	{
+		id: 'fork-bomb',
+		description: 'Process fork bomb patterns',
+		platforms: ['unix','linux','mac'],
+		severity: 'critical',
+		regex: /:\(\)\s*\{\s*:|\bwhile\s*.*:\s*;|\$\(\([a-z].*[+]\)\)/gi,
+		example: ':(){ :|:& };:',
+		recommendation: 'Block — destructive to system availability.'
+	},
+	{
+		id: 'chmod-unsafe',
+		description: 'Changing permissions to remove all access or make executable broadly',
+		platforms: ['unix','linux','mac'],
+		severity: 'medium',
+		regex: /\bchmod\b[^\n]*(?:000|777|a\+x|\+x\b)/gi,
+		example: 'chmod 000 -R /',
+		recommendation: 'Flag for review; context-sensitive.'
+	},
+	{
+		id: 'chown-root-recursive',
+		description: 'Recursive chown to root or other system user',
+		platforms: ['unix','linux','mac'],
+		severity: 'high',
+		regex: /\bchown\b[^\n]*(-R\b|--recursive)\s+[\w:]+/gi,
+		example: 'chown -R root:root /',
+		recommendation: 'Flag — may break services.'
+	},
+	{
+		id: 'disk-wipe-windows',
+		description: 'Windows disk formatting/wiping utilities',
+		platforms: ['windows'],
+		severity: 'critical',
+		regex: /\b(format|clean)\b[^\n]*\b(volume|disk|partition|fs)\b|format\s+[A-Z]:/gi,
+		example: 'format-volume -DriveLetter D',
+		recommendation: 'Block by default.'
+	},
+	{
+		id: 'power-off-shutdown',
+		description: 'Shutdown, reboot or power-off commands',
+		platforms: ['unix','linux','mac','windows'],
+		severity: 'medium',
+		regex: /\b(shutdown|reboot|poweroff|halt|shutdown.exe|Stop-Computer)\b/gi,
+		example: 'shutdown -h now',
+		recommendation: 'Require approval; context-sensitive.'
+	},
+	{
+		id: 'services-disable',
+		description: 'Disabling or removing critical system services',
+		platforms: ['unix','linux','mac','windows'],
+		severity: 'high',
+		regex: /\b(systemctl|service|sc)\b[^\n]*(?:disable|stop|remove|delete|mask|uninstall)\b/gi,
+		example: 'systemctl disable sshd',
+		recommendation: 'Flag/require approval.'
+	},
+	{
+		id: 'docker-prune-rm',
+		description: 'Docker destructive cleanup',
+		platforms: ['unix','linux','mac','windows'],
+		severity: 'high',
+		regex: /\b(docker)\b[^\n]*(?:system\s+prune|rm\s+-f|rmi\s+-f|volume\s+rm)\b/gi,
+		example: 'docker system prune -a --volumes',
+		recommendation: 'Require approval.'
+	},
+	{
+		id: 'docker-rm-all',
+		description: 'Remove all containers/images via subshell',
+		platforms: ['unix','linux','mac'],
+		severity: 'high',
+		regex: /\b(docker\s+(rm|rmi)\s+-f)\b|\$\(docker\s+ps\s+-aq\)/gi,
+		example: 'docker rm -f $(docker ps -aq)',
+		recommendation: 'Require approval.'
+	},
+	{
+		id: 'git-destructive',
+		description: 'Git operations that rewrite history or wipe worktrees',
+		platforms: ['unix','linux','mac','windows'],
+		severity: 'medium',
+		regex: /\b(git)\b[^\n]*(?:reset\s+--hard|clean\s+-fdx|push\s+--force|-D\s*HEAD)\b/gi,
+		example: 'git reset --hard',
+		recommendation: 'Flag and require confirmation.'
+	},
+	{
+		id: 'db-drop-truncate',
+		description: 'SQL destructive statements',
+		platforms: ['sql','generic'],
+		severity: 'critical',
+		regex: /\b(DROP\s+DATABASE|DROP\s+TABLE|TRUNCATE\s+TABLE|DELETE\s+FROM)\b/gi,
+		example: 'DROP DATABASE mydb',
+		recommendation: 'Critical — block or require high-level approval.'
+	},
+	{
+		id: 'db-cli-drop',
+		description: 'Database client commands invoking drops',
+		platforms: ['generic'],
+		severity: 'critical',
+		regex: /\b(mongosh|psql|mysql|sqlcmd|redis-cli)\b[^\n]*(?:dropDatabase|DROP\s+DATABASE|FLUSHALL|--eval)\b/gi,
+		example: 'mongosh --eval "db.dropDatabase()"',
+		recommendation: 'Block by default.'
+	},
+	{
+		id: 'package-remove-system',
+		description: 'Package manager removing system packages',
+		platforms: ['linux','unix','mac'],
+		severity: 'medium',
+		regex: /\b(apt-get|apt|yum|dnf|pacman|brew)\b[^\n]*(remove|purge|uninstall|--remove|--purge)\b/gi,
+		example: 'apt-get remove --purge important-package',
+		recommendation: 'Flag for review.'
+	},
+	{
+		id: 'npm-uninstall-global',
+		description: 'Removing global packages that may break system',
+		platforms: ['unix','linux','mac','windows'],
+		severity: 'low',
+		regex: /\b(npm|yarn|pnpm)\b[^\n]*(?:(uninstall|remove)\s+(-g|--global|global)|(global|-g|--global)\s+(uninstall|remove))\b/gi,
+		example: 'npm uninstall -g some-package',
+		recommendation: 'Flag; low severity.'
+	},
+	{
+		id: 'iptables-flush',
+		description: 'Flushing firewall / iptables rules',
+		platforms: ['unix','linux','mac'],
+		severity: 'high',
+		regex: /\b(iptables|nft|ufw|netsh)\b[^\n]*(?:flush|reset|delete|-F|-X)\b/gi,
+		example: 'iptables -F',
+		recommendation: 'Require approval.'
+	}
+];
+function detectDangerousCommands(text) {
+	const results = [];
+	if (!text || typeof text !== 'string') return results;
+	const normalized = text;
+	for (const rule of RULES) {
+		try {
+			const re = rule.regex instanceof RegExp ? rule.regex : new RegExp(rule.regex, 'gi');
+			let m;
+			while ((m = re.exec(normalized)) !== null) {
+				if (m.index === re.lastIndex) re.lastIndex++;
+				results.push({
+					id: rule.id,
+					description: rule.description,
+					severity: rule.severity,
+					match: m[0],
+					index: m.index,
+					example: rule.example,
+					recommendation: rule.recommendation
+				});
+			}
+		} catch (err) {
+			continue;
+		}
+	}
+	return results.sort((a,b) => {
+		const sev = { critical: 3, high: 2, medium: 1, low: 0 };
+		return (sev[b.severity] - sev[a.severity]) || (a.index - b.index);
+	});
+}
+function isHarmful(text) {
+	const hits = detectDangerousCommands(text);
+	return hits.length > 0;
+}
+function analyzeCommand(text) {
+	return { isHarmful: isHarmful(text), findings: detectDangerousCommands(text) };
+}
+module.exports = { RULES, detectDangerousCommands, isHarmful, analyzeCommand };

package/package.json CHANGED Viewed

@@ -1,8 +1,9 @@
 {
   "name": "intercept-commands",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Lightweight interceptor to detect potentially dangerous shell and DB commands",
   "main": "index.js",
+  "files": ["index.js","lib","README.md"],
   "keywords": [
     "interceptor",
     "security",
@@ -10,5 +11,9 @@
     "dangerous"
   ],
   "author": "",
-  "license": "MIT"
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-user/intercept-commands"
+  }
 }