munack-ai-dependency-scanner 0.1.11

package/README.md

@@ -0,0 +1,28 @@
+# Munack AI Dependency Scanner
+
+`munack-ai-dependency-scanner` is the public npm CLI package for Munack AI Dependency Scanner.
+
+It checks AI-generated code for:
+
+- hallucinated packages
+- fake imports
+- fake SDK references
+- slopsquatting-style dependency mistakes
+
+Install:
+
+```bash
+npm install -g munack-ai-dependency-scanner
+```
+
+Run:
+
+```bash
+munack-ai-dependency-scanner scan .
+```
+
+Project:
+
+- GitHub: https://github.com/balkanbrs/munack
+- VS Marketplace: https://marketplace.visualstudio.com/items?itemName=balkanbrs.munack
+- Open VSX: https://open-vsx.org/extension/balkanbrs/munack

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,184 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_path_1 = __importDefault(require("node:path"));
+const commander_1 = require("commander");
+const munack_core_1 = require("@balkanbrs/munack-core");
+const program = new commander_1.Command();
+const RESULT_TYPES = ["exists", "not_found", "suspicious", "unknown"];
+function normalizeFormat(value) {
+    if (value === "json" || value === "sarif") {
+        return value;
+    }
+    return "markdown";
+}
+function shouldFailForResults(findings, failOn) {
+    if (!failOn) {
+        return false;
+    }
+    const targets = new Set(failOn
+        .split(",")
+        .map((part) => part.trim())
+        .filter((part) => RESULT_TYPES.includes(part)));
+    return findings.some((finding) => targets.has(finding.result));
+}
+function printJson(value) {
+    process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+function printTable(rows) {
+    if (rows.length === 0) {
+        process.stdout.write("No rows.\n");
+        return;
+    }
+    const headers = Object.keys(rows[0]);
+    const widths = headers.map((header) => Math.max(header.length, ...rows.map((row) => String(row[header] ?? "").length)));
+    const formatRow = (row) => headers.map((header, index) => String(row[header] ?? "").padEnd(widths[index])).join("  ");
+    process.stdout.write(`${formatRow(Object.fromEntries(headers.map((header) => [header, header])))}\n`);
+    process.stdout.write(`${widths.map((width) => "-".repeat(width)).join("  ")}\n`);
+    for (const row of rows) {
+        process.stdout.write(`${formatRow(row)}\n`);
+    }
+}
+program.name("munack-ai-dependency-scanner").description("Munack AI Dependency Scanner CLI.");
+program
+    .command("scan")
+    .argument("[target]", "Path to scan", ".")
+    .option("--format <format>", "Output format: markdown, json, sarif", "markdown")
+    .option("--output <file>", "Write report to a file")
+    .option("--fail-on <results>", "Exit non-zero if any findings match, e.g. not_found,suspicious")
+    .option("--no-imports", "Disable code import scanning and only use manifests/lockfiles")
+    .option("--timeout-ms <ms>", "Registry request timeout in milliseconds")
+    .option("--concurrency <n>", "Registry lookup concurrency")
+    .action(async (target, options) => {
+    try {
+        const report = await (0, munack_core_1.runScan)({
+            projectPath: target,
+            includeCodeImports: options.imports,
+            registryTimeoutMs: options.timeoutMs ? Number(options.timeoutMs) : undefined,
+            registryConcurrency: options.concurrency ? Number(options.concurrency) : undefined
+        });
+        const format = normalizeFormat(options.format);
+        if (options.output) {
+            const outputPath = node_path_1.default.resolve(options.output);
+            (0, munack_core_1.writeFormattedReportToFile)(report, outputPath, format);
+        }
+        process.stdout.write((0, munack_core_1.formatReport)(report, format));
+        if (options.output) {
+            process.stdout.write(`Report written to ${node_path_1.default.resolve(options.output)}\n`);
+        }
+        if (shouldFailForResults(report.findings, options.failOn)) {
+            process.exitCode = 2;
+        }
+    }
+    catch (error) {
+        process.stderr.write(`${String(error)}\n`);
+        process.exitCode = 1;
+    }
+});
+program
+    .command("check")
+    .argument("<packageName>", "Package or dependency name to verify")
+    .requiredOption("--registry <registry>", "Registry to query: npm, pypi, crates, packagist")
+    .option("--format <format>", "Output format: markdown or json", "markdown")
+    .action(async (packageName, options) => {
+    try {
+        const result = await (0, munack_core_1.checkSinglePackage)({
+            name: packageName,
+            registry: options.registry
+        });
+        if (normalizeFormat(options.format) === "json") {
+            printJson(result);
+            return;
+        }
+        printTable([
+            {
+                package: result.name,
+                registry: result.registry,
+                result: result.result,
+                reason: result.reason
+            }
+        ]);
+    }
+    catch (error) {
+        process.stderr.write(`${String(error)}\n`);
+        process.exitCode = 1;
+    }
+});
+program.command("doctor").action(async () => {
+    const status = await (0, munack_core_1.verifyLicense)({});
+    const cache = (0, munack_core_1.getCachedLicenseState)();
+    const monthKey = (0, munack_core_1.getCurrentMonthKey)();
+    const used = cache.scanUsageByMonth[monthKey] ?? 0;
+    printTable([
+        {
+            item: "Config directory",
+            value: (0, munack_core_1.getConfigDir)()
+        },
+        {
+            item: "License key configured",
+            value: Boolean((0, munack_core_1.getConfiguredLicenseKey)() ?? cache.licenseKey)
+        },
+        {
+            item: "External license verifier configured",
+            value: Boolean((0, munack_core_1.getConfiguredLicenseVerifierUrl)())
+        },
+        {
+            item: "License verifier token configured",
+            value: Boolean((0, munack_core_1.getConfiguredLicenseVerifierToken)())
+        },
+        {
+            item: "License active",
+            value: status.active
+        },
+        {
+            item: "License plan",
+            value: status.plan
+        },
+        {
+            item: "License source",
+            value: status.source
+        },
+        {
+            item: "Offline cache used",
+            value: Boolean(status.offline)
+        },
+        {
+            item: "Free scans used this month",
+            value: `${used}/${(0, munack_core_1.getFreeMonthlyLimit)()}`
+        }
+    ]);
+});
+program
+    .command("activate")
+    .argument("[licenseKey]", "License key")
+    .action(async (licenseKey) => {
+    const effectiveKey = licenseKey?.trim() || (0, munack_core_1.getConfiguredLicenseKey)() || (0, munack_core_1.getCachedLicenseState)().licenseKey;
+    if (!effectiveKey) {
+        process.stderr.write("Provide a license key argument or set MUNACK_LICENSE_KEY.\n");
+        process.exitCode = 1;
+        return;
+    }
+    (0, munack_core_1.saveLicenseKey)(effectiveKey);
+    const status = await (0, munack_core_1.verifyLicense)({ licenseKey: effectiveKey, forceRefresh: true });
+    printJson(status);
+    if (!status.active) {
+        process.exitCode = 1;
+    }
+});
+const license = program.command("license").description("License management commands.");
+license.command("status").action(async () => {
+    const status = await (0, munack_core_1.verifyLicense)({});
+    printJson(status);
+});
+license.command("deactivate").action(() => {
+    (0, munack_core_1.clearStoredLicense)();
+    printJson({
+        active: false,
+        cleared: true
+    });
+});
+program.parseAsync(process.argv);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;AACA,0DAA6B;AAC7B,yCAAoC;AACpC,wDAiBgC;AAEhC,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAC9B,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,CAAU,CAAC;AAE/E,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAmC,EACnC,MAAe;IAEf,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,MAAM;SACH,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAyC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAqC,CAAC,CAAC,CACzH,CAAC;IAEF,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,MAAuC,CAAC,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,IAA6D;IAC/E,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACpC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAChF,CAAC;IACF,MAAM,SAAS,GAAG,CAAC,GAAqD,EAAU,EAAE,CAClF,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,WAAW,CAAC,mCAAmC,CAAC,CAAC;AAE9F,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,QAAQ,CAAC,UAAU,EAAE,cAAc,EAAE,GAAG,CAAC;KACzC,MAAM,CAAC,mBAAmB,EAAE,sCAAsC,EAAE,UAAU,CAAC;KAC/E,MAAM,CAAC,iBAAiB,EAAE,wBAAwB,CAAC;KACnD,MAAM,CAAC,qBAAqB,EAAE,gEAAgE,CAAC;KAC/F,MAAM,CAAC,cAAc,EAAE,+DAA+D,CAAC;KACvF,MAAM,CAAC,mBAAmB,EAAE,0CAA0C,CAAC;KACvE,MAAM,CAAC,mBAAmB,EAAE,6BAA6B,CAAC;KAC1D,MAAM,CACL,KAAK,EACH,MAAc,EACd,OAOC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAO,EAAC;YAC3B,WAAW,EAAE,MAAM;YACnB,kBAAkB,EAAE,OAAO,CAAC,OAAO;YACnC,iBAAiB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAC5E,mBAAmB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;SACnF,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,mBAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAChD,IAAA,wCAA0B,EAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,mBAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,oBAAoB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,QAAQ,CAAC,eAAe,EAAE,sCAAsC,CAAC;KACjE,cAAc,CAAC,uBAAuB,EAAE,iDAAiD,CAAC;KAC1F,MAAM,CAAC,mBAAmB,EAAE,iCAAiC,EAAE,UAAU,CAAC;KAC1E,MAAM,CAAC,KAAK,EAAE,WAAmB,EAAE,OAAoD,EAAE,EAAE;IAC1F,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAkB,EAAC;YACtC,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC,CAAC;QAEH,IAAI,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;YAC/C,SAAS,CAAC,MAAM,CAAC,CAAC;YAClB,OAAO;QACT,CAAC;QAED,UAAU,CAAC;YACT;gBACE,OAAO,EAAE,MAAM,CAAC,IAAI;gBACpB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;IAC1C,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAa,EAAC,EAAE,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAA,mCAAqB,GAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAA,gCAAkB,GAAE,CAAC;IACtC,MAAM,IAAI,GAAG,KAAK,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnD,UAAU,CAAC;QACT;YACE,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,IAAA,0BAAY,GAAE;SACtB;QACD;YACE,IAAI,EAAE,wBAAwB;YAC9B,KAAK,EAAE,OAAO,CAAC,IAAA,qCAAuB,GAAE,IAAI,KAAK,CAAC,UAAU,CAAC;SAC9D;QACD;YACE,IAAI,EAAE,sCAAsC;YAC5C,KAAK,EAAE,OAAO,CAAC,IAAA,6CAA+B,GAAE,CAAC;SAClD;QACD;YACE,IAAI,EAAE,mCAAmC;YACzC,KAAK,EAAE,OAAO,CAAC,IAAA,+CAAiC,GAAE,CAAC;SACpD;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,KAAK,EAAE,MAAM,CAAC,MAAM;SACrB;QACD;YACE,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,MAAM,CAAC,IAAI;SACnB;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,KAAK,EAAE,MAAM,CAAC,MAAM;SACrB;QACD;YACE,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;SAC/B;QACD;YACE,IAAI,EAAE,4BAA4B;YAClC,KAAK,EAAE,GAAG,IAAI,IAAI,IAAA,iCAAmB,GAAE,EAAE;SAC1C;KACF,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,QAAQ,CAAC,cAAc,EAAE,aAAa,CAAC;KACvC,MAAM,CAAC,KAAK,EAAE,UAAmB,EAAE,EAAE;IACpC,MAAM,YAAY,GAAG,UAAU,EAAE,IAAI,EAAE,IAAI,IAAA,qCAAuB,GAAE,IAAI,IAAA,mCAAqB,GAAE,CAAC,UAAU,CAAC;IAC3G,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACpF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAA,4BAAc,EAAC,YAAY,CAAC,CAAC;IAC7B,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAa,EAAC,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACrF,SAAS,CAAC,MAAM,CAAC,CAAC;IAClB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,8BAA8B,CAAC,CAAC;AAEvF,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;IAC1C,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAa,EAAC,EAAE,CAAC,CAAC;IACvC,SAAS,CAAC,MAAM,CAAC,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE;IACxC,IAAA,gCAAkB,GAAE,CAAC;IACrB,SAAS,CAAC;QACR,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "munack-ai-dependency-scanner",
+  "version": "0.1.11",
+  "description": "Public CLI package for Munack AI Dependency Scanner to detect hallucinated packages, fake imports, and AI-generated dependency mistakes.",
+  "license": "MIT",
+  "homepage": "https://github.com/balkanbrs/munack",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/balkanbrs/munack.git"
+  },
+  "bugs": {
+    "url": "https://github.com/balkanbrs/munack/issues"
+  },
+  "bin": {
+    "munack-ai-dependency-scanner": "dist/index.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "keywords": [
+    "munack",
+    "ai-dependency-scanner",
+    "hallucinated-package",
+    "fake-import",
+    "fake-package",
+    "slopsquatting",
+    "dependency-scanner",
+    "ai-generated-code",
+    "supply-chain-security",
+    "cli"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "pack:dry": "npm pack --dry-run"
+  },
+  "dependencies": {
+    "@balkanbrs/munack-core": "0.1.11",
+    "commander": "^14.0.2"
+  }
+}