npmguard-cli 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/audit-source.d.ts +1 -1
  2. package/dist/commands/install.js +6 -4
  3. package/package.json +1 -1
package/dist/audit-source.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  export interface AuditResult {
2
2
  packageName: string;
3
3
  version: string;
4
- verdict: "SAFE" | "WARNING" | "CRITICAL";
4
+ verdict: "SAFE" | "WARNING" | "CRITICAL" | "DANGEROUS";
5
5
  score: number;
6
6
  capabilities: string[];
7
7
  reportCid?: string;
package/dist/commands/install.js CHANGED
@@ -306,6 +306,8 @@ export async function installCommand(packageSpec, auditSource, force = false) {
306
306
  }
307
307
  // Trigger audit engine
308
308
  const auditApiUrl = process.env.NPMGUARD_AUDIT_API_URL ?? DEFAULT_AUDIT_API_URL;
309
+ console.log(chalk.gray(` Live dashboard: http://209.38.42.28:3000`));
310
+ console.log();
309
311
  const auditSpinner = ora(" Running security audit...").start();
310
312
  try {
311
313
  const resp = await fetch(auditApiUrl, {
@@ -361,8 +363,8 @@ export async function installCommand(packageSpec, auditSource, force = false) {
361
363
  else if (audit.verdict === "WARNING") {
362
364
  console.log(chalk.yellow(` WARNING (score: ${audit.score})`));
363
365
  }
364
- else if (audit.verdict === "CRITICAL") {
365
- console.log(chalk.red(` CRITICAL (score: ${audit.score})`));
366
+ else if (audit.verdict === "CRITICAL" || audit.verdict === "DANGEROUS") {
367
+ console.log(chalk.red(` DANGEROUS (score: ${audit.score})`));
366
368
  }
367
369
  if (audit.capabilities.length > 0) {
368
370
  console.log(chalk.gray(` Capabilities: ${audit.capabilities.join(", ")}`));
@@ -371,8 +373,8 @@ export async function installCommand(packageSpec, auditSource, force = false) {
371
373
  console.log(chalk.gray(` Report: ${IPFS_GATEWAY}/${audit.reportCid}`));
372
374
  }
373
375
  console.log();
374
- // Block CRITICAL unless --force
375
- if (audit.verdict === "CRITICAL" && !force) {
376
+ // Block CRITICAL/DANGEROUS unless --force
377
+ if ((audit.verdict === "CRITICAL" || audit.verdict === "DANGEROUS") && !force) {
376
378
  console.log(chalk.red.bold(" Installation blocked. This package has critical security issues."));
377
379
  console.log(chalk.gray(" Use --force to install anyway."));
378
380
  console.log();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "npmguard-cli",
3
- "version": "0.5.0",
3
+ "version": "0.5.2",
4
4
  "type": "module",
5
5
  "description": "Check npm packages against NpmGuard security audits on ENS before installing",
6
6
  "bin": "./dist/index.js",