npm-scan-plus 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +32 -18
  3. package/package.json +3 -3
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Chris Bunting
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # npm-scan 🔒
1
+ # npm-scan-plus 🔒
2
2
 
3
3
  **Security scanner for npm packages** - Pre and post-install scanning for malicious code, supply chain attacks, and obfuscated code.
4
4
 
@@ -17,7 +17,7 @@ These attacks succeed because:
17
17
  - Obfuscated code hides malicious intent
18
18
  - Typosquatting confuses developers
19
19
 
20
- **npm-scan** was built to automatically detect these threats before they reach your project.
20
+ **npm-scan-plus** was built to automatically detect these threats before they reach your project.
21
21
 
22
22
  ## Features
23
23
 
@@ -43,29 +43,39 @@ These attacks succeed because:
43
43
 
44
44
  ## Installation
45
45
 
46
+ ### Option 1: npx (run without installing)
46
47
  ```bash
47
- npm install -g npm-scan
48
- ```
48
+ # Scan a package before installing
49
+ npx npm-scan-plus pre install <package>
49
50
 
50
- Or use without installation:
51
+ # Full automatic wrapper (pre-scan + install + post-scan)
52
+ npx npm-scan-plus-wrap install <package>
53
+ npx npm-scan-plus-wrap install # install from package.json
54
+ ```
51
55
 
56
+ ### Option 2: Install globally (recommended for frequent use)
52
57
  ```bash
53
- npx npm-scan pre install <package>
58
+ npm install -g npm-scan-plus
59
+
60
+ # Then use directly
61
+ npm-scan-plus pre install <package>
62
+ npm-scan-plus-wrap install lodash
63
+ npm-scan-plus-wrap install # install from package.json
54
64
  ```
55
65
 
56
66
  ## Quick Start: Automatic Wrapper
57
67
 
58
- The **recommended way** to use npm-scan is with the automatic wrapper:
68
+ The **recommended way** to use npm-scan-plus is with the automatic wrapper:
59
69
 
60
70
  ```bash
61
71
  # Install a package with automatic pre + post scan
62
- npm-scan-wrap install lodash
72
+ npm-scan-plus-wrap install lodash
63
73
 
64
74
  # Install multiple packages
65
- npm-scan-wrap install lodash axios express
75
+ npm-scan-plus-wrap install lodash axios express
66
76
 
67
77
  # Install all dependencies from package.json
68
- npm-scan-wrap install
78
+ npm-scan-plus-wrap install
69
79
  ```
70
80
 
71
81
  The wrapper automatically:
@@ -79,22 +89,22 @@ If you prefer manual control:
79
89
 
80
90
  ### Pre-install scan
81
91
  ```bash
82
- npm-scan pre install <package>
83
- npm-scan pre install axios --version 1.6.0
84
- npm-scan pre install lodash -V # verbose output
92
+ npm-scan-plus pre install <package>
93
+ npm-scan-plus pre install axios --version 1.6.0
94
+ npm-scan-plus pre install lodash -V # verbose output
85
95
  ```
86
96
 
87
97
  ### Post-install scan
88
98
  ```bash
89
- npm-scan post
90
- npm-scan post --folder ./node_modules
99
+ npm-scan-plus post
100
+ npm-scan-plus post --folder ./node_modules
91
101
  ```
92
102
 
93
103
  ### Blocklist management
94
104
  ```bash
95
- npm-scan blocklist list
96
- npm-scan blocklist add <package>
97
- npm-scan blocklist remove <package>
105
+ npm-scan-plus blocklist list
106
+ npm-scan-plus blocklist add <package>
107
+ npm-scan-plus blocklist remove <package>
98
108
  ```
99
109
 
100
110
  ## Detection Patterns
@@ -148,3 +158,7 @@ npm run lint
148
158
  ## License
149
159
 
150
160
  MIT
161
+
162
+ ---
163
+
164
+ Developed by [Chris Bunting](https://github.com/cbuntingde) &lt;cbuntingde@gmail.com&gt;
package/package.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "npm-scan-plus",
3
- "version": "1.0.0",
3
+ "version": "1.0.2",
4
4
  "description": "Security scanner for npm packages - pre and post-install scanning for malicious code, supply chain attacks, and obfuscated code",
5
5
  "main": "dist/lib/index.js",
6
6
  "types": "dist/lib/index.d.ts",
7
7
  "bin": {
8
- "npm-scan": "./bin/npm-scan.js",
9
- "npm-scan-wrap": "./bin/npm-scan-wrap"
8
+ "npm-scan-plus": "./bin/npm-scan.js",
9
+ "npm-scan-plus-wrap": "./bin/npm-scan-wrap"
10
10
  },
11
11
  "scripts": {
12
12
  "build": "tsc",