npm - mobbdev - Versions diffs - 0.0.3 → 0.0.5 - Mend

mobbdev 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,17 +1,32 @@
-# [mobb.dev](https://www.mobb.dev)
+# Mobb CLI (community tool)
-Give your developers time back with fixes you can trust.
+[Mobb](https://www.mobb.dev) automates security vulnerability remediations.
-Turn mountains of depressing SAST findings into code fixes with Mobb's developer-first automated secure code remediation.
+<img width="750" alt="Screenshot 2023-03-27 at 5 23 19 PM" src="https://user-images.githubusercontent.com/96389636/228070025-2a1c3aae-6b40-427f-a1e9-2b10ef97b5ea.png">
+## What is [Mobb](https://www.mobb.dev)?
+[Mobb](https://www.mobb.dev) is the first vendor agnostic automatic security vulnerability remediation tool. It injests SAST results from Checkmarx One, GitHub Advanced Security, and Snyk Code and produces code fixes for the developer to review and commit to their code.
+## What does Mobb CLI (Community Tool) do?
+-   Uses Snyk Code CLI to run a SAST analysis on a given GitHub repo
+-   Analyzes the vulnerbilities report to identify issues that can be remediated
+-   Produce the code fixes and redirect the user to the fix report page on [mobb.dev](https://www.mobb.dev)
 ## Disclaimer
-This is a demo version only capable of analyzing public GitHub repositories. We wrap Snyk Code CLI to produce SAST vulnerabilities report.
+This is an alpha version only capable of analyzing public GitHub repositories. We wrap Snyk Code CLI to produce SAST vulnerabilities report.
-Only Java projects are supported at the moment.
+-   Only Java projects are supported at the moment.
+-   Only SQLi, CMDi, XSS, and XXE are supported at the moment.
 ## Usage
 ```shell
 npx mobbdev https://github.com/mobb-dev/simple-vulnerable-java-project
 ```
+## Getting support
+If you need support using Mobb CLI, or just want to share your thoughts and learn more, you are more than welcome to join our [discord server](https://discord.gg/ks6Nz3H828)

package/bin/cli.mjs CHANGED Viewed

File without changes

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "mobbdev",
-    "version": "0.0.3",
+    "version": "0.0.5",
     "description": "Automated secure code remediation tool",
     "main": "index.js",
     "scripts": {

package/src/constants.mjs CHANGED Viewed

@@ -1,7 +1,10 @@
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
 import * as dotenv from 'dotenv';
 import { z } from 'zod';
-dotenv.config();
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+dotenv.config({ path: path.join(__dirname, '../.env') });
 const envVariablesSchema = z
     .object({

package/src/index.mjs CHANGED Viewed

@@ -18,7 +18,9 @@ const config = new Configstore(packageJson.name, { token: '' });
 export async function main(dirname, repoUrl) {
     if (!repoUrl) {
-        console.warn('Mobb CLI usage: npx mobb <public GitHub repository URL>');
+        console.warn(
+            'Mobb CLI usage: npx mobbdev <public GitHub repository URL>'
+        );
         return;
     }