npm - laxy-verify - Versions diffs - 1.2.3 → 1.3.0 - Mend

laxy-verify 1.2.3 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/README.md +23 -0
package/dist/audit/broken-links.d.ts +25 -25
package/dist/audit/broken-links.js +97 -97
package/dist/badge.d.ts +2 -1
package/dist/badge.js +18 -14
package/dist/cli.js +1246 -1233
package/dist/config.d.ts +102 -102
package/dist/config.js +360 -360
package/dist/entitlement.d.ts +15 -13
package/dist/entitlement.js +98 -94
package/dist/init.js +132 -132
package/dist/lighthouse.d.ts +37 -37
package/dist/lighthouse.js +231 -231
package/dist/report-markdown.d.ts +53 -53
package/dist/report-markdown.js +407 -407
package/dist/security-audit.d.ts +17 -17
package/dist/security-audit.js +127 -127
package/dist/verification-core/report.js +526 -526
package/dist/verification-core/types.d.ts +164 -164
package/dist/visual-diff.d.ts +33 -33
package/dist/visual-diff.js +213 -213
package/package.json +1 -1
package/dist/ai-analysis.d.ts +0 -28
package/dist/ai-analysis.js +0 -32
package/dist/compare-env.d.ts +0 -23
package/dist/compare-env.js +0 -55
package/dist/init-analysis.d.ts +0 -6
package/dist/init-analysis.js +0 -302
package/dist/route-discovery.d.ts +0 -7
package/dist/route-discovery.js +0 -108

package/dist/security-audit.d.ts CHANGED Viewed

@@ -1,17 +1,17 @@
-export interface SecurityAuditResult {
-    totalVulnerabilities: number;
-    critical: number;
-    high: number;
-    moderate: number;
-    low: number;
-    summary: string;
-    missingHeaders: string[];
-    headerCheckUrl?: string;
-    headerCheckError?: string;
-}
-export declare function auditSecurityHeaders(url: string): Promise<{
-    missingHeaders: string[];
-    checkedUrl: string;
-    error?: string;
-}>;
-export declare function runSecurityAudit(cwd: string, appUrl?: string, timeoutMs?: number): Promise<SecurityAuditResult>;
+export interface SecurityAuditResult {
+    totalVulnerabilities: number;
+    critical: number;
+    high: number;
+    moderate: number;
+    low: number;
+    summary: string;
+    missingHeaders: string[];
+    headerCheckUrl?: string;
+    headerCheckError?: string;
+}
+export declare function auditSecurityHeaders(url: string): Promise<{
+    missingHeaders: string[];
+    checkedUrl: string;
+    error?: string;
+}>;
+export declare function runSecurityAudit(cwd: string, appUrl?: string, timeoutMs?: number): Promise<SecurityAuditResult>;

package/dist/security-audit.js CHANGED Viewed

@@ -1,127 +1,127 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.auditSecurityHeaders = auditSecurityHeaders;
-exports.runSecurityAudit = runSecurityAudit;
-/**
- * npm audit wrapper plus runtime security-header checks.
- *
- * The package audit catches known dependency vulnerabilities.
- * The header audit adds shallow runtime coverage for common missing
- * browser-enforced protections on the running app.
- */
-const node_child_process_1 = require("node:child_process");
-async function runNpmAudit(cwd, timeoutMs) {
-    return new Promise((resolve) => {
-        const chunks = [];
-        const proc = process.platform === "win32"
-            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npm audit --json"], {
-                stdio: ["ignore", "pipe", "pipe"],
-                cwd,
-            })
-            : (0, node_child_process_1.spawn)("npm", ["audit", "--json"], {
-                shell: true,
-                stdio: ["ignore", "pipe", "pipe"],
-                cwd,
-            });
-        const timer = setTimeout(() => {
-            try {
-                proc.kill();
-            }
-            catch { }
-            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
-        }, timeoutMs);
-        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
-        proc.stderr?.on("data", () => { });
-        proc.on("exit", () => {
-            clearTimeout(timer);
-            try {
-                const json = JSON.parse(chunks.join(""));
-                const meta = json.metadata?.vulnerabilities ?? json.vulnerabilities ?? {};
-                const critical = meta.critical ?? 0;
-                const high = meta.high ?? 0;
-                const moderate = meta.moderate ?? 0;
-                const low = meta.low ?? 0;
-                resolve({
-                    totalVulnerabilities: critical + high + moderate + low,
-                    critical,
-                    high,
-                    moderate,
-                    low,
-                });
-            }
-            catch {
-                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
-            }
-        });
-    });
-}
-async function auditSecurityHeaders(url) {
-    const requiredHeaders = ["X-Frame-Options", "Content-Security-Policy"];
-    const urlObj = new URL(url);
-    if (urlObj.protocol === "https:") {
-        requiredHeaders.push("Strict-Transport-Security");
-    }
-    let response;
-    try {
-        response = await fetch(url, {
-            method: "HEAD",
-            redirect: "follow",
-            signal: AbortSignal.timeout(5000),
-        });
-    }
-    catch {
-        try {
-            response = await fetch(url, {
-                method: "GET",
-                redirect: "follow",
-                signal: AbortSignal.timeout(5000),
-            });
-        }
-        catch (error) {
-            return {
-                missingHeaders: [],
-                checkedUrl: url,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    const missingHeaders = requiredHeaders.filter((headerName) => !response.headers.get(headerName));
-    return {
-        missingHeaders,
-        checkedUrl: response.url || url,
-    };
-}
-async function runSecurityAudit(cwd, appUrl, timeoutMs = 30000) {
-    console.log("  Running security audit (npm audit + runtime headers)...");
-    const [npmAudit, headerAudit] = await Promise.all([
-        runNpmAudit(cwd, timeoutMs),
-        appUrl ? auditSecurityHeaders(appUrl) : Promise.resolve(null),
-    ]);
-    const parts = [];
-    if (npmAudit.critical > 0)
-        parts.push(`${npmAudit.critical} critical`);
-    if (npmAudit.high > 0)
-        parts.push(`${npmAudit.high} high`);
-    if (npmAudit.moderate > 0)
-        parts.push(`${npmAudit.moderate} moderate`);
-    if (npmAudit.low > 0)
-        parts.push(`${npmAudit.low} low`);
-    const missingHeaders = headerAudit?.missingHeaders ?? [];
-    if (missingHeaders.length > 0) {
-        parts.push(`missing headers: ${missingHeaders.join(", ")}`);
-    }
-    if (headerAudit?.error) {
-        parts.push(`header check skipped: ${headerAudit.error}`);
-    }
-    const summary = parts.length > 0
-        ? parts.join(" | ")
-        : "No known vulnerabilities or missing security headers";
-    console.log(`  Security: ${summary}`);
-    return {
-        ...npmAudit,
-        summary,
-        missingHeaders,
-        headerCheckUrl: headerAudit?.checkedUrl,
-        headerCheckError: headerAudit?.error,
-    };
-}
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.auditSecurityHeaders = auditSecurityHeaders;
+exports.runSecurityAudit = runSecurityAudit;
+/**
+ * npm audit wrapper plus runtime security-header checks.
+ *
+ * The package audit catches known dependency vulnerabilities.
+ * The header audit adds shallow runtime coverage for common missing
+ * browser-enforced protections on the running app.
+ */
+const node_child_process_1 = require("node:child_process");
+async function runNpmAudit(cwd, timeoutMs) {
+    return new Promise((resolve) => {
+        const chunks = [];
+        const proc = process.platform === "win32"
+            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npm audit --json"], {
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd,
+            })
+            : (0, node_child_process_1.spawn)("npm", ["audit", "--json"], {
+                shell: true,
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd,
+            });
+        const timer = setTimeout(() => {
+            try {
+                proc.kill();
+            }
+            catch { }
+            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
+        }, timeoutMs);
+        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
+        proc.stderr?.on("data", () => { });
+        proc.on("exit", () => {
+            clearTimeout(timer);
+            try {
+                const json = JSON.parse(chunks.join(""));
+                const meta = json.metadata?.vulnerabilities ?? json.vulnerabilities ?? {};
+                const critical = meta.critical ?? 0;
+                const high = meta.high ?? 0;
+                const moderate = meta.moderate ?? 0;
+                const low = meta.low ?? 0;
+                resolve({
+                    totalVulnerabilities: critical + high + moderate + low,
+                    critical,
+                    high,
+                    moderate,
+                    low,
+                });
+            }
+            catch {
+                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0 });
+            }
+        });
+    });
+}
+async function auditSecurityHeaders(url) {
+    const requiredHeaders = ["X-Frame-Options", "Content-Security-Policy"];
+    const urlObj = new URL(url);
+    if (urlObj.protocol === "https:") {
+        requiredHeaders.push("Strict-Transport-Security");
+    }
+    let response;
+    try {
+        response = await fetch(url, {
+            method: "HEAD",
+            redirect: "follow",
+            signal: AbortSignal.timeout(5000),
+        });
+    }
+    catch {
+        try {
+            response = await fetch(url, {
+                method: "GET",
+                redirect: "follow",
+                signal: AbortSignal.timeout(5000),
+            });
+        }
+        catch (error) {
+            return {
+                missingHeaders: [],
+                checkedUrl: url,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    const missingHeaders = requiredHeaders.filter((headerName) => !response.headers.get(headerName));
+    return {
+        missingHeaders,
+        checkedUrl: response.url || url,
+    };
+}
+async function runSecurityAudit(cwd, appUrl, timeoutMs = 30000) {
+    console.log("  Running security audit (npm audit + runtime headers)...");
+    const [npmAudit, headerAudit] = await Promise.all([
+        runNpmAudit(cwd, timeoutMs),
+        appUrl ? auditSecurityHeaders(appUrl) : Promise.resolve(null),
+    ]);
+    const parts = [];
+    if (npmAudit.critical > 0)
+        parts.push(`${npmAudit.critical} critical`);
+    if (npmAudit.high > 0)
+        parts.push(`${npmAudit.high} high`);
+    if (npmAudit.moderate > 0)
+        parts.push(`${npmAudit.moderate} moderate`);
+    if (npmAudit.low > 0)
+        parts.push(`${npmAudit.low} low`);
+    const missingHeaders = headerAudit?.missingHeaders ?? [];
+    if (missingHeaders.length > 0) {
+        parts.push(`missing headers: ${missingHeaders.join(", ")}`);
+    }
+    if (headerAudit?.error) {
+        parts.push(`header check skipped: ${headerAudit.error}`);
+    }
+    const summary = parts.length > 0
+        ? parts.join(" | ")
+        : "No known vulnerabilities or missing security headers";
+    console.log(`  Security: ${summary}`);
+    return {
+        ...npmAudit,
+        summary,
+        missingHeaders,
+        headerCheckUrl: headerAudit?.checkedUrl,
+        headerCheckError: headerAudit?.error,
+    };
+}