mitnick-cli 1.0.0

package/dist/utils/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/utils/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoCH,MAAM,eAAe,GAAG,MAAM,CAAC;AAE/B,6DAA6D;AAE7D,SAAS,cAAc,CAAC,MAAc;IACpC,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,WAAW,CAAC;IACvC,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,cAAc,CAAC;IAC1C,IAAI,MAAM,IAAI,GAAG;QAAE,OAAO,cAAc,CAAC;IACzC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,KAAK,YAAY,YAAY,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACjE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IACvE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;AAClD,CAAC;AAED,6DAA6D;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,UAAwB,EAAE;IAE1B,MAAM,EAAE,OAAO,GAAG,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAErE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,IAAI,GAAgB;YACxB,MAAM,EAAE,MAAM,IAAI,KAAK;YACvB,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,GAAG,OAAO;aACX;YACD,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC;QACF,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAExC,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE;gBACvD,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;YAC1C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,+BAA+B;gBACxC,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAW,EACX,UAAwB,EAAE;IAE1B,MAAM,EAAE,OAAO,GAAG,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE/D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM,IAAI,KAAK;YACvB,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE;gBACvD,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;IAC/E,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC"}

package/dist/utils/logger.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Structured logger with colored output and verbosity control.
+ *
+ * Respects the --verbose flag: debug messages are suppressed
+ * unless verbose mode is enabled.
+ */
+interface LoggerConfig {
+    readonly verbose: boolean;
+    readonly silent: boolean;
+}
+declare class Logger {
+    private config;
+    /**
+     * Configure the logger. Call once during CLI initialization.
+     */
+    configure(config: Partial<LoggerConfig>): void;
+    /**
+     * Get current verbosity setting.
+     */
+    get isVerbose(): boolean;
+    /**
+     * Log a debug message. Only shown when --verbose is set.
+     */
+    debug(message: string, context?: Readonly<Record<string, unknown>>): void;
+    /**
+     * Log an informational message.
+     */
+    info(message: string, context?: Readonly<Record<string, unknown>>): void;
+    /**
+     * Log a warning message.
+     */
+    warn(message: string, context?: Readonly<Record<string, unknown>>): void;
+    /**
+     * Log an error message.
+     */
+    error(message: string, context?: Readonly<Record<string, unknown>>): void;
+    private log;
+    private formatPrefix;
+}
+/**
+ * Global logger instance. Configure once with `logger.configure({ verbose: true })`
+ * then use throughout the application.
+ */
+export declare const logger: Logger;
+export {};
+//# sourceMappingURL=logger.d.ts.map

package/dist/utils/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAeH,UAAU,YAAY;IACpB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;CAC1B;AAID,cAAM,MAAM;IACV,OAAO,CAAC,MAAM,CAAmD;IAEjE;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,IAAI;IAI9C;;OAEG;IACH,IAAI,SAAS,IAAI,OAAO,CAEvB;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI;IAIzE;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI;IAIxE;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI;IAIxE;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI;IAIzE,OAAO,CAAC,GAAG;IAmBX,OAAO,CAAC,YAAY;CAYrB;AAID;;;GAGG;AACH,eAAO,MAAM,MAAM,QAAe,CAAC"}

package/dist/utils/logger.js

@@ -0,0 +1,91 @@
+/**
+ * Structured logger with colored output and verbosity control.
+ *
+ * Respects the --verbose flag: debug messages are suppressed
+ * unless verbose mode is enabled.
+ */
+import chalk from 'chalk';
+const LOG_LEVEL_PRIORITY = {
+    debug: 0,
+    info: 1,
+    warn: 2,
+    error: 3,
+};
+// ─── Logger ───────────────────────────────────────────────
+class Logger {
+    config = { verbose: false, silent: false };
+    /**
+     * Configure the logger. Call once during CLI initialization.
+     */
+    configure(config) {
+        this.config = { ...this.config, ...config };
+    }
+    /**
+     * Get current verbosity setting.
+     */
+    get isVerbose() {
+        return this.config.verbose;
+    }
+    /**
+     * Log a debug message. Only shown when --verbose is set.
+     */
+    debug(message, context) {
+        this.log('debug', message, context);
+    }
+    /**
+     * Log an informational message.
+     */
+    info(message, context) {
+        this.log('info', message, context);
+    }
+    /**
+     * Log a warning message.
+     */
+    warn(message, context) {
+        this.log('warn', message, context);
+    }
+    /**
+     * Log an error message.
+     */
+    error(message, context) {
+        this.log('error', message, context);
+    }
+    log(level, message, context) {
+        if (this.config.silent)
+            return;
+        const minLevel = this.config.verbose ? 'debug' : 'info';
+        if (LOG_LEVEL_PRIORITY[level] < LOG_LEVEL_PRIORITY[minLevel])
+            return;
+        const prefix = this.formatPrefix(level);
+        const contextStr = context !== undefined ? ` ${chalk.gray(JSON.stringify(context))}` : '';
+        const output = `${prefix} ${message}${contextStr}`;
+        if (level === 'error') {
+            console.error(output);
+        }
+        else if (level === 'warn') {
+            console.warn(output);
+        }
+        else {
+            console.log(output);
+        }
+    }
+    formatPrefix(level) {
+        switch (level) {
+            case 'debug':
+                return chalk.gray('[DEBUG]');
+            case 'info':
+                return chalk.blue('[INFO]');
+            case 'warn':
+                return chalk.yellow('[WARN]');
+            case 'error':
+                return chalk.red('[ERROR]');
+        }
+    }
+}
+// ─── Singleton Export ─────────────────────────────────────
+/**
+ * Global logger instance. Configure once with `logger.configure({ verbose: true })`
+ * then use throughout the application.
+ */
+export const logger = new Logger();
+//# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAM1B,MAAM,kBAAkB,GAAuC;IAC7D,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;CACA,CAAC;AAOX,6DAA6D;AAE7D,MAAM,MAAM;IACF,MAAM,GAAiB,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAEjE;;OAEG;IACH,SAAS,CAAC,MAA6B;QACrC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,OAA2C;QAChE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAA2C;QAC/D,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAe,EAAE,OAA2C;QAC/D,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe,EAAE,OAA2C;QAChE,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IAEO,GAAG,CAAC,KAAe,EAAE,OAAe,EAAE,OAA2C;QACvF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM;YAAE,OAAO;QAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;QACxD,IAAI,kBAAkB,CAAC,KAAK,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC;YAAE,OAAO;QAErE,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,UAAU,GAAG,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;QAEnD,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;aAAM,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,KAAe;QAClC,QAAQ,KAAK,EAAE,CAAC;YACd,KAAK,OAAO;gBACV,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC/B,KAAK,MAAM;gBACT,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9B,KAAK,MAAM;gBACT,OAAO,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChC,KAAK,OAAO;gBACV,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;CACF;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC"}

package/dist/utils/strings.d.ts

@@ -0,0 +1,8 @@
+/**
+ * String utility functions shared across analyzers.
+ */
+/**
+ * Truncate a string to a maximum length, appending "..." if truncated.
+ */
+export declare function truncate(text: string, maxLength?: number): string;
+//# sourceMappingURL=strings.d.ts.map

package/dist/utils/strings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.d.ts","sourceRoot":"","sources":["../../src/utils/strings.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,SAAK,GAAG,MAAM,CAG7D"}

package/dist/utils/strings.js

@@ -0,0 +1,12 @@
+/**
+ * String utility functions shared across analyzers.
+ */
+/**
+ * Truncate a string to a maximum length, appending "..." if truncated.
+ */
+export function truncate(text, maxLength = 80) {
+    if (text.length <= maxLength)
+        return text;
+    return `${text.slice(0, maxLength)}...`;
+}
+//# sourceMappingURL=strings.js.map

package/dist/utils/strings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strings.js","sourceRoot":"","sources":["../../src/utils/strings.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY,EAAE,SAAS,GAAG,EAAE;IACnD,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC;AAC1C,CAAC"}

package/package.json

@@ -0,0 +1,96 @@
+{
+  "name": "mitnick-cli",
+  "version": "1.0.0",
+  "description": "Pre-install security analysis CLI for npm packages. Analyze packages before installation to detect vulnerabilities, malicious code, typosquatting, and supply chain attacks.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./cli": {
+      "import": "./dist/cli/index.js",
+      "types": "./dist/cli/index.d.ts"
+    }
+  },
+  "bin": {
+    "mitnick": "dist/cli/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/cli/index.js",
+    "test": "vitest run --exclude 'tests/integration/**'",
+    "test:watch": "vitest --exclude 'tests/integration/**'",
+    "test:coverage": "vitest run --coverage --exclude 'tests/integration/**'",
+    "test:integration": "vitest run tests/integration/",
+    "test:all": "vitest run",
+    "lint": "eslint src/ tests/",
+    "lint:fix": "eslint --fix src/ tests/",
+    "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "typecheck": "tsc --noEmit",
+    "validate": "npm run typecheck && npm run lint && npm run test",
+    "prepublishOnly": "npm run build",
+    "prepare": "husky"
+  },
+  "keywords": [
+    "security",
+    "npm",
+    "audit",
+    "vulnerability",
+    "supply-chain",
+    "malware",
+    "typosquatting",
+    "obfuscation",
+    "cli",
+    "analysis",
+    "pre-install"
+  ],
+  "author": "Murat Demirci (https://github.com/muratdemirci)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/muratdemirci/mitnick"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "dependencies": {
+    "@typescript-eslint/typescript-estree": "^8.0.0",
+    "chalk": "^5.3.0",
+    "commander": "^12.0.0",
+    "ora": "^8.0.0",
+    "semver": "^7.7.4",
+    "tar": "^7.0.0",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.4",
+    "@types/node": "^22.0.0",
+    "@types/semver": "^7.7.1",
+    "@typescript-eslint/eslint-plugin": "^8.57.1",
+    "@typescript-eslint/parser": "^8.57.1",
+    "@vitest/coverage-v8": "^2.0.0",
+    "eslint": "^9.0.0",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.4.0",
+    "prettier": "^3.3.0",
+    "typescript": "^5.6.0",
+    "typescript-eslint": "^8.57.1",
+    "vitest": "^2.0.0"
+  },
+  "lint-staged": {
+    "*.ts": [
+      "eslint --fix",
+      "prettier --write"
+    ]
+  }
+}