npm-scan-plus 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +28 -18
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # npm-scan 🔒
1
+ # npm-scan-plus 🔒
2
2
 
3
3
  **Security scanner for npm packages** - Pre and post-install scanning for malicious code, supply chain attacks, and obfuscated code.
4
4
 
@@ -17,7 +17,7 @@ These attacks succeed because:
17
17
  - Obfuscated code hides malicious intent
18
18
  - Typosquatting confuses developers
19
19
 
20
- **npm-scan** was built to automatically detect these threats before they reach your project.
20
+ **npm-scan-plus** was built to automatically detect these threats before they reach your project.
21
21
 
22
22
  ## Features
23
23
 
@@ -43,29 +43,39 @@ These attacks succeed because:
43
43
 
44
44
  ## Installation
45
45
 
46
+ ### Option 1: npx (run without installing)
46
47
  ```bash
47
- npm install -g npm-scan
48
- ```
48
+ # Scan a package before installing
49
+ npx npm-scan-plus pre install <package>
49
50
 
50
- Or use without installation:
51
+ # Full automatic wrapper (pre-scan + install + post-scan)
52
+ npx npm-scan-plus-wrap install <package>
53
+ npx npm-scan-plus-wrap install # install from package.json
54
+ ```
51
55
 
56
+ ### Option 2: Install globally (recommended for frequent use)
52
57
  ```bash
53
- npx npm-scan pre install <package>
58
+ npm install -g npm-scan-plus
59
+
60
+ # Then use directly
61
+ npm-scan-plus pre install <package>
62
+ npm-scan-plus-wrap install lodash
63
+ npm-scan-plus-wrap install # install from package.json
54
64
  ```
55
65
 
56
66
  ## Quick Start: Automatic Wrapper
57
67
 
58
- The **recommended way** to use npm-scan is with the automatic wrapper:
68
+ The **recommended way** to use npm-scan-plus is with the automatic wrapper:
59
69
 
60
70
  ```bash
61
71
  # Install a package with automatic pre + post scan
62
- npm-scan-wrap install lodash
72
+ npm-scan-plus-wrap install lodash
63
73
 
64
74
  # Install multiple packages
65
- npm-scan-wrap install lodash axios express
75
+ npm-scan-plus-wrap install lodash axios express
66
76
 
67
77
  # Install all dependencies from package.json
68
- npm-scan-wrap install
78
+ npm-scan-plus-wrap install
69
79
  ```
70
80
 
71
81
  The wrapper automatically:
@@ -79,22 +89,22 @@ If you prefer manual control:
79
89
 
80
90
  ### Pre-install scan
81
91
  ```bash
82
- npm-scan pre install <package>
83
- npm-scan pre install axios --version 1.6.0
84
- npm-scan pre install lodash -V # verbose output
92
+ npm-scan-plus pre install <package>
93
+ npm-scan-plus pre install axios --version 1.6.0
94
+ npm-scan-plus pre install lodash -V # verbose output
85
95
  ```
86
96
 
87
97
  ### Post-install scan
88
98
  ```bash
89
- npm-scan post
90
- npm-scan post --folder ./node_modules
99
+ npm-scan-plus post
100
+ npm-scan-plus post --folder ./node_modules
91
101
  ```
92
102
 
93
103
  ### Blocklist management
94
104
  ```bash
95
- npm-scan blocklist list
96
- npm-scan blocklist add <package>
97
- npm-scan blocklist remove <package>
105
+ npm-scan-plus blocklist list
106
+ npm-scan-plus blocklist add <package>
107
+ npm-scan-plus blocklist remove <package>
98
108
  ```
99
109
 
100
110
  ## Detection Patterns
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "npm-scan-plus",
3
- "version": "1.0.0",
3
+ "version": "1.0.1",
4
4
  "description": "Security scanner for npm packages - pre and post-install scanning for malicious code, supply chain attacks, and obfuscated code",
5
5
  "main": "dist/lib/index.js",
6
6
  "types": "dist/lib/index.d.ts",