kramscan 0.1.1 → 0.3.0

package/dist/commands/analyze.js

@@ -1,47 +1,66 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerAnalyzeCommand = registerAnalyzeCommand;
+const commander_1 = require("commander");
 const chalk_1 = __importDefault(require("chalk"));
 const ai_client_1 = require("../core/ai-client");
+const scan_storage_1 = require("../core/scan-storage");
 const logger_1 = require("../utils/logger");
+const theme_1 = require("../utils/theme");
 const promises_1 = __importDefault(require("fs/promises"));
-const path_1 = __importDefault(require("path"));
-const os_1 = __importDefault(require("os"));
 function registerAnalyzeCommand(program) {
     program
         .command("analyze [scan-file]")
         .description("AI-powered analysis of scan results")
         .option("-m, --model <name>", "Override default AI model")
         .option("-v, --verbose", "Show detailed analysis")
-        .action(async (scanFile, options) => {
+        .action(async (scanFile) => {
         console.log("");
-        console.log(chalk_1.default.bold.cyan("🧠 AI Security Analysis"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("AI Security Analysis"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
+        let spinner = null;
         try {
-            // Load scan results
-            let filepath;
-            if (scanFile) {
-                filepath = path_1.default.isAbsolute(scanFile)
-                    ? scanFile
-                    : path_1.default.join(process.cwd(), scanFile);
-            }
-            else {
-                // Find latest scan
-                const scanDir = path_1.default.join(os_1.default.homedir(), ".kramscan", "scans");
-                const files = await promises_1.default.readdir(scanDir);
-                const scanFiles = files.filter((f) => f.endsWith(".json"));
-                if (scanFiles.length === 0) {
-                    logger_1.logger.error("No scan results found. Run 'kramscan scan <url>' first.");
-                    process.exit(1);
-                }
-                // Get most recent
-                scanFiles.sort().reverse();
-                filepath = path_1.default.join(scanDir, scanFiles[0]);
-                logger_1.logger.info(`Using latest scan: ${scanFiles[0]}`);
+            const resolved = await (0, scan_storage_1.resolveScanFile)(scanFile);
+            const filepath = resolved.filepath;
+            if (resolved.isLatest) {
+                logger_1.logger.info(`Using latest scan: ${resolved.filename}`);
             }
             const content = await promises_1.default.readFile(filepath, "utf-8");
             const scanResult = JSON.parse(content);
@@ -49,26 +68,53 @@ function registerAnalyzeCommand(program) {
                 logger_1.logger.success("No vulnerabilities to analyze!");
                 return;
             }
-            const spinner = logger_1.logger.spinner("Analyzing vulnerabilities with AI...");
-            // Create AI client
+            spinner = logger_1.logger.spinner("Analyzing vulnerabilities with AI...");
+            const { getConfig } = await Promise.resolve().then(() => __importStar(require("../core/config")));
+            const config = await getConfig();
+            if (!config.ai.enabled) {
+                spinner.stop();
+                const { default: inquirer } = await Promise.resolve().then(() => __importStar(require("inquirer")));
+                const { setup } = await inquirer.prompt([
+                    {
+                        type: "confirm",
+                        name: "setup",
+                        message: theme_1.theme.yellow("AI analysis is not enabled. Would you like to set it up now?"),
+                        default: true,
+                    },
+                ]);
+                if (setup) {
+                    const { registerOnboardCommand } = await Promise.resolve().then(() => __importStar(require("./onboard")));
+                    const onboardProgram = new commander_1.Command();
+                    registerOnboardCommand(onboardProgram);
+                    await onboardProgram.parseAsync(["node", "kramscan", "onboard"]);
+                    // Re-check after onboarding
+                    const updatedConfig = await getConfig();
+                    if (!updatedConfig.ai.enabled) {
+                        logger_1.logger.error("AI analysis still not enabled. Exiting.");
+                        return;
+                    }
+                    spinner.start("Analyzing vulnerabilities with AI...");
+                }
+                else {
+                    logger_1.logger.warn("AI analysis skipped.");
+                    return;
+                }
+            }
             const aiClient = await (0, ai_client_1.createAIClient)();
-            // Build analysis prompt
             const prompt = buildAnalysisPrompt(scanResult);
-            // Get AI analysis
             const response = await aiClient.analyze(prompt);
             spinner.succeed("Analysis complete!");
             console.log("");
-            console.log(chalk_1.default.bold("📝 AI Analysis"));
-            console.log(chalk_1.default.gray("─".repeat(50)));
+            console.log(chalk_1.default.bold("AI Analysis"));
+            console.log(chalk_1.default.gray("-".repeat(50)));
             console.log("");
             console.log(response.content);
             console.log("");
             if (response.usage) {
-                console.log(chalk_1.default.gray("─".repeat(50)));
+                console.log(chalk_1.default.gray("-".repeat(50)));
                 console.log(chalk_1.default.gray(`Tokens used: ${response.usage.totalTokens} (${response.usage.promptTokens} prompt + ${response.usage.completionTokens} completion)`));
                 console.log("");
             }
-            // Save enhanced results
             const enhancedResult = {
                 ...scanResult,
                 aiAnalysis: {
@@ -82,6 +128,9 @@ function registerAnalyzeCommand(program) {
             console.log("");
         }
         catch (error) {
+            if (spinner) {
+                spinner.fail("Analysis failed");
+            }
             logger_1.logger.error(error.message);
             process.exit(1);
         }
@@ -89,27 +138,27 @@ function registerAnalyzeCommand(program) {
 }
 function buildAnalysisPrompt(scanResult) {
     const vulnList = scanResult.vulnerabilities
-        .map((v, i) => `${i + 1}. [${v.severity.toUpperCase()}] ${v.title}
-   URL: ${v.url}
-   Description: ${v.description}
-   ${v.evidence ? `Evidence: ${v.evidence}` : ""}
-   ${v.cwe ? `CWE: ${v.cwe}` : ""}`)
+        .map((v, i) => `${i + 1}. [${v.severity.toUpperCase()}] ${v.title}\n` +
+        `   URL: ${v.url}\n` +
+        `   Description: ${v.description}\n` +
+        `${v.evidence ? `   Evidence: ${v.evidence}\n` : ""}` +
+        `${v.cwe ? `   CWE: ${v.cwe}` : ""}`)
         .join("\n\n");
-    return `You are a security expert analyzing web application vulnerabilities.
-
-Target: ${scanResult.target}
-Scan Date: ${scanResult.timestamp}
-Total Vulnerabilities: ${scanResult.summary.total}
-
-Vulnerabilities Found:
-${vulnList}
-
-Please provide:
-1. **Executive Summary**: Brief overview of the security posture
-2. **Risk Assessment**: Overall risk level and business impact
-3. **Priority Recommendations**: Top 3-5 vulnerabilities to fix first, with specific remediation steps
-4. **Attack Scenarios**: How an attacker could chain these vulnerabilities
-5. **Remediation Roadmap**: Step-by-step plan to address all findings
-
+    return `You are a security expert analyzing web application vulnerabilities.
+
+Target: ${scanResult.target}
+Scan Date: ${scanResult.timestamp}
+Total Vulnerabilities: ${scanResult.summary.total}
+
+Vulnerabilities Found:
+${vulnList}
+
+Please provide:
+1. Executive Summary: Brief overview of the security posture
+2. Risk Assessment: Overall risk level and business impact
+3. Priority Recommendations: Top 3-5 vulnerabilities to fix first, with specific remediation steps
+4. Attack Scenarios: How an attacker could chain these vulnerabilities
+5. Remediation Roadmap: Step-by-step plan to address all findings
+
 Format your response in clear markdown with headers and bullet points.`;
 }

package/dist/commands/config.js

@@ -22,21 +22,26 @@ function registerConfigCommand(program) {
             logger_1.logger.error(`Configuration key '${key}' not found`);
             process.exit(1);
         }
-        console.log(chalk_1.default.cyan(key), "=", chalk_1.default.white(JSON.stringify(value, null, 2)));
+        const displayValue = key === "ai.apiKey" && typeof value === "string" && value
+            ? "***configured***"
+            : value;
+        console.log(chalk_1.default.cyan(key), "=", chalk_1.default.white(JSON.stringify(displayValue, null, 2)));
     });
     configCmd
         .command("set <key> <value>")
         .description("Set a configuration value")
         .action(async (key, value) => {
         const config = await (0, config_1.getConfig)();
-        // Parse value
         let parsedValue = value;
-        if (value === "true")
+        if (value === "true") {
             parsedValue = true;
-        else if (value === "false")
+        }
+        else if (value === "false") {
             parsedValue = false;
-        else if (!isNaN(Number(value)))
+        }
+        else if (!Number.isNaN(Number(value))) {
             parsedValue = Number(value);
+        }
         setNestedValue(config, key, parsedValue);
         await (0, config_1.setConfig)(config);
         logger_1.logger.success(`Set ${chalk_1.default.cyan(key)} = ${chalk_1.default.white(JSON.stringify(parsedValue))}`);
@@ -46,11 +51,18 @@ function registerConfigCommand(program) {
         .description("List all configuration")
         .action(async () => {
         const config = await (0, config_1.getConfig)();
+        const sanitizedConfig = {
+            ...config,
+            ai: {
+                ...config.ai,
+                apiKey: config.ai.apiKey ? "***configured***" : "",
+            },
+        };
         console.log("");
-        console.log(chalk_1.default.bold.cyan("📋 Current Configuration"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("Current Configuration"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
-        console.log(JSON.stringify(config, null, 2));
+        console.log(JSON.stringify(sanitizedConfig, null, 2));
         console.log("");
     });
     configCmd
@@ -59,8 +71,8 @@ function registerConfigCommand(program) {
         .action(async () => {
         const config = await (0, config_1.getConfig)();
         console.log("");
-        console.log(chalk_1.default.bold.cyan("⚙️  Configuration Editor"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
+        console.log(chalk_1.default.bold.cyan("Configuration Editor"));
+        console.log(chalk_1.default.gray("-".repeat(50)));
         console.log("");
         const answers = await inquirer_1.default.prompt([
             {
@@ -73,23 +85,23 @@ function registerConfigCommand(program) {
                 type: "list",
                 name: "aiProvider",
                 message: "AI provider:",
-                choices: ["openai", "anthropic"],
+                choices: ["openai", "anthropic", "gemini", "openrouter", "mistral", "kimi", "groq"],
                 default: config.ai.provider,
-                when: (answers) => answers.aiEnabled,
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "input",
                 name: "apiKey",
-                message: "API key:",
-                default: config.ai.apiKey,
-                when: (answers) => answers.aiEnabled,
+                message: "API key (leave blank to keep current):",
+                default: "",
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "input",
                 name: "model",
                 message: "Default AI model:",
                 default: config.ai.defaultModel,
-                when: (answers) => answers.aiEnabled,
+                when: (ans) => ans.aiEnabled,
             },
             {
                 type: "list",
@@ -103,36 +115,50 @@ function registerConfigCommand(program) {
                 name: "rateLimit",
                 message: "Requests per second rate limit:",
                 default: config.scan.rateLimitPerSecond,
+                validate: (value) => Number.isFinite(value) && value > 0
+                    ? true
+                    : "Rate limit must be a positive number",
             },
         ]);
-        // Update config
-        if (answers.aiEnabled !== undefined)
+        if (answers.aiEnabled !== undefined) {
             config.ai.enabled = answers.aiEnabled;
-        if (answers.aiProvider)
+        }
+        if (answers.aiProvider) {
             config.ai.provider = answers.aiProvider;
-        if (answers.apiKey)
+        }
+        if (answers.apiKey) {
             config.ai.apiKey = answers.apiKey;
-        if (answers.model)
+        }
+        if (answers.model) {
             config.ai.defaultModel = answers.model;
-        if (answers.reportFormat)
+        }
+        if (answers.reportFormat) {
             config.report.defaultFormat = answers.reportFormat;
-        if (answers.rateLimit)
+        }
+        if (Number.isFinite(answers.rateLimit) && answers.rateLimit > 0) {
             config.scan.rateLimitPerSecond = answers.rateLimit;
-        (0, config_1.setConfig)(config);
+        }
+        await (0, config_1.setConfig)(config);
         console.log("");
         logger_1.logger.success("Configuration updated successfully!");
         console.log("");
     });
 }
-function getNestedValue(obj, path) {
-    return path.split(".").reduce((current, key) => current?.[key], obj);
+function getNestedValue(obj, keyPath) {
+    return keyPath
+        .split(".")
+        .reduce((current, key) => current?.[key], obj);
 }
-function setNestedValue(obj, path, value) {
-    const keys = path.split(".");
+function setNestedValue(obj, keyPath, value) {
+    const keys = keyPath.split(".");
     const lastKey = keys.pop();
+    if (!lastKey) {
+        return;
+    }
     const target = keys.reduce((current, key) => {
-        if (!current[key])
+        if (!current[key] || typeof current[key] !== "object") {
             current[key] = {};
+        }
         return current[key];
     }, obj);
     target[lastKey] = value;

package/dist/commands/dev.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerDevCommand(program: Command): void;

package/dist/commands/dev.js

@@ -0,0 +1,236 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerDevCommand = registerDevCommand;
+const scanner_1 = require("../core/scanner");
+const server_probe_1 = require("../core/server-probe");
+const diff_engine_1 = require("../core/diff-engine");
+const theme_1 = require("../utils/theme");
+const logger_1 = require("../utils/logger");
+const theme_2 = require("../utils/theme");
+const path_1 = __importDefault(require("path"));
+const promises_1 = __importDefault(require("fs/promises"));
+function registerDevCommand(program) {
+    program
+        .command("dev [url]")
+        .description("Watch-mode security scanning for localhost development servers")
+        .option("--port <number>", "Shorthand for http://localhost:<port>")
+        .option("--watch-dir <path>", "Directory to watch for file changes", "./src")
+        .option("--debounce <ms>", "Debounce time before re-scanning (ms)", "2000")
+        .option("--profile <name>", "Scan profile: quick|balanced", "quick")
+        .option("--notify", "Enable desktop notifications for critical findings")
+        .option("--fail-on <severity>", "Exit with code 1 if severity threshold met")
+        .option("--no-watch", "Run a single scan without watching (useful for CI)")
+        .action(async (url, options) => {
+        // Resolve target URL
+        const targetUrl = url || (options.port ? `http://localhost:${options.port}` : null);
+        if (!targetUrl) {
+            console.log("");
+            console.log(theme_1.theme.error("✗ No target URL specified."));
+            console.log(theme_1.theme.gray("  Usage: kramscan dev http://localhost:3000"));
+            console.log(theme_1.theme.gray("     or: kramscan dev --port 3000"));
+            console.log("");
+            process.exit(1);
+        }
+        const isLocal = (0, server_probe_1.isLocalhost)(targetUrl);
+        console.log("");
+        console.log(theme_1.theme.brand.bold("🛠️  KramScan Dev Mode"));
+        console.log(theme_1.theme.gray("─".repeat(50)));
+        console.log("");
+        console.log(theme_1.theme.white("Target:"), theme_1.theme.cyan(targetUrl));
+        console.log(theme_1.theme.white("Profile:"), theme_1.theme.cyan(options.profile));
+        if (isLocal) {
+            console.log(theme_1.theme.white("Environment:"), theme_1.theme.green("localhost (dev mode)"));
+        }
+        console.log("");
+        // Probe server readiness
+        const probeSpinner = logger_1.logger.spinner(`Waiting for ${targetUrl} to be ready...`);
+        const probeResult = await (0, server_probe_1.probeServer)(targetUrl, { timeout: 30000 });
+        if (!probeResult.reachable) {
+            probeSpinner.fail(`Server at ${targetUrl} is not responding`);
+            console.log("");
+            console.log(theme_1.theme.warning("⚠️  Make sure your dev server is running:"));
+            console.log(theme_1.theme.gray("  • npm run dev"));
+            console.log(theme_1.theme.gray("  • yarn dev"));
+            console.log(theme_1.theme.gray("  • python manage.py runserver"));
+            console.log("");
+            process.exit(1);
+        }
+        probeSpinner.succeed(`Server ready! (${probeResult.responseTime}ms` +
+            `${probeResult.framework ? `, ${probeResult.framework}` : ""}` +
+            `${probeResult.server ? `, ${probeResult.server}` : ""})`);
+        // Run initial scan
+        let previousResult = null;
+        const runScan = async (isRescan = false) => {
+            const scanSpinner = logger_1.logger.spinner(isRescan ? "Re-scanning after code change..." : "Running initial security scan...");
+            try {
+                const scanner = new scanner_1.Scanner(true);
+                const scanOptions = {
+                    depth: 2,
+                    timeout: 10000,
+                    headless: true,
+                    maxPages: 15,
+                    maxLinksPerPage: 30,
+                    profile: options.profile,
+                };
+                const result = await scanner.scan(targetUrl, scanOptions);
+                scanSpinner.succeed(isRescan
+                    ? `Re-scan complete: ${result.summary.total} vulnerabilities`
+                    : `Initial scan complete: ${result.summary.total} vulnerabilities`);
+                await scanner.close();
+                if (isRescan && previousResult) {
+                    // Show diff
+                    const diff = (0, diff_engine_1.diffScanResults)(previousResult, result);
+                    displayDiff(diff);
+                }
+                else {
+                    // Show full summary for initial scan
+                    (0, theme_1.displayScanSummary)({
+                        target: result.target,
+                        duration: result.duration,
+                        metadata: result.metadata,
+                        summary: result.summary,
+                        vulnerabilities: result.vulnerabilities,
+                        score: result.score,
+                        filepath: "(dev mode — results in memory)",
+                    });
+                }
+                // Desktop notification for critical/high findings
+                if (options.notify && result.summary.critical + result.summary.high > 0) {
+                    try {
+                        // node-notifier is optional — skip if not installed
+                        // eslint-disable-next-line @typescript-eslint/no-var-requires
+                        const notifier = require("node-notifier");
+                        notifier.notify({
+                            title: "⚠️ KramScan Security Alert",
+                            message: `Found ${result.summary.critical} critical, ${result.summary.high} high vulnerabilities on ${targetUrl}`,
+                            sound: true,
+                        });
+                    }
+                    catch {
+                        // node-notifier not installed, skip silently
+                    }
+                }
+                // Check fail threshold
+                if (options.failOn) {
+                    const shouldFail = checkThreshold(result, options.failOn);
+                    if (shouldFail && !options.watch) {
+                        console.log(theme_1.theme.error(`\n✗ Security gate failed: found vulnerabilities at or above '${options.failOn}' severity.\n`));
+                        process.exit(1);
+                    }
+                }
+                return result;
+            }
+            catch (err) {
+                scanSpinner.fail(`Scan failed: ${err.message}`);
+                return previousResult;
+            }
+        };
+        // Initial scan
+        previousResult = await runScan(false);
+        // Watch mode
+        if (options.watch !== false) {
+            const watchDir = path_1.default.resolve(options.watchDir);
+            try {
+                await promises_1.default.access(watchDir);
+            }
+            catch {
+                console.log(theme_1.theme.warning(`⚠️  Watch directory not found: ${watchDir}`));
+                console.log(theme_1.theme.gray("  Falling back to current directory."));
+            }
+            console.log("");
+            console.log(theme_1.theme.brand("👁️  Watching for changes..."));
+            console.log(theme_1.theme.gray(`  Directory: ${watchDir}`));
+            console.log(theme_1.theme.gray(`  Debounce: ${options.debounce}ms`));
+            console.log(theme_1.theme.gray("  Press Ctrl+C to stop."));
+            console.log("");
+            // Use fs.watch with recursive option (Node.js 19+)
+            let debounceTimer = null;
+            let scanning = false;
+            try {
+                const watcher = promises_1.default.watch(watchDir, { recursive: true });
+                for await (const event of watcher) {
+                    if (scanning)
+                        continue;
+                    // Ignore node_modules, dist, .git, etc.
+                    const filename = event.filename || "";
+                    if (filename.includes("node_modules") ||
+                        filename.includes("dist") ||
+                        filename.includes(".git") ||
+                        filename.includes(".next") ||
+                        filename.includes("__pycache__")) {
+                        continue;
+                    }
+                    if (debounceTimer)
+                        clearTimeout(debounceTimer);
+                    debounceTimer = setTimeout(async () => {
+                        scanning = true;
+                        console.log("");
+                        console.log(theme_1.theme.dim(`📝 Change detected: ${filename}`));
+                        previousResult = await runScan(true);
+                        scanning = false;
+                    }, parseInt(options.debounce, 10));
+                }
+            }
+            catch (err) {
+                console.log(theme_1.theme.warning(`⚠️  File watching failed: ${err.message}`));
+                console.log(theme_1.theme.gray("  Make sure the watch directory exists and is readable."));
+            }
+        }
+    });
+}
+function displayDiff(diff) {
+    console.log("");
+    console.log(theme_1.theme.brightWhite.bold("🔄 Scan Diff Report"));
+    console.log(theme_1.theme.gray("─".repeat(50)));
+    if (diff.newVulnerabilities.length === 0 && diff.resolvedVulnerabilities.length === 0) {
+        console.log(theme_1.theme.gray("  No changes since last scan."));
+        console.log(theme_1.theme.gray(`  ${diff.unchangedCount} vulnerabilities unchanged.`));
+    }
+    else {
+        // New vulnerabilities
+        if (diff.newVulnerabilities.length > 0) {
+            console.log("");
+            console.log(theme_1.theme.error(`  🆕 ${diff.newVulnerabilities.length} New Vulnerabilities`));
+            for (const v of diff.newVulnerabilities) {
+                const color = (0, theme_2.getSeverityColor)(v.severity);
+                console.log(color(`    [${v.severity.toUpperCase()}] ${v.title}`));
+                console.log(theme_1.theme.gray(`      ${v.url}`));
+            }
+        }
+        // Resolved vulnerabilities
+        if (diff.resolvedVulnerabilities.length > 0) {
+            console.log("");
+            console.log(theme_1.theme.success(`  ✅ ${diff.resolvedVulnerabilities.length} Resolved`));
+            for (const v of diff.resolvedVulnerabilities) {
+                console.log(theme_1.theme.green(`    ✓ ${v.title}`));
+            }
+        }
+        console.log("");
+        console.log(theme_1.theme.gray(`  Total: ${diff.previousTotal} → ${diff.currentTotal} `) +
+            (diff.currentTotal < diff.previousTotal
+                ? theme_1.theme.green(`(↓ ${diff.previousTotal - diff.currentTotal})`)
+                : diff.currentTotal > diff.previousTotal
+                    ? theme_1.theme.error(`(↑ ${diff.currentTotal - diff.previousTotal})`)
+                    : theme_1.theme.gray("(no change)")));
+    }
+    console.log("");
+}
+function checkThreshold(result, failOn) {
+    const severityLevels = {
+        critical: 4,
+        high: 3,
+        medium: 2,
+        low: 1,
+        info: 0,
+    };
+    const threshold = severityLevels[failOn.toLowerCase()] ?? 3;
+    for (const v of result.vulnerabilities) {
+        if ((severityLevels[v.severity] ?? 0) >= threshold) {
+            return true;
+        }
+    }
+    return false;
+}