npmguard-cli 0.5.6 → 1.0.0

package/dist/contract.js

@@ -1,92 +0,0 @@
-// NpmGuardAuditRequest contract — deployed on Sepolia + 0G Galileo Testnet
-// Update these addresses after running: cd contracts && npm run deploy
-export const AUDIT_REQUEST_ADDRESS = "0x4bbaf196bde9e02594631e03c28ebe16719214f3"; // Sepolia
-export const AUDIT_REQUEST_ADDRESS_0G = "0x1201448ae5f00e1783036439569e71ab3757d0de"; // 0G Galileo Testnet
-export const AUDIT_REQUEST_ABI = [
-    {
-        inputs: [{ name: "_auditFee", type: "uint256" }],
-        stateMutability: "nonpayable",
-        type: "constructor",
-    },
-    {
-        anonymous: false,
-        inputs: [
-            { indexed: false, name: "packageName", type: "string" },
-            { indexed: false, name: "version", type: "string" },
-            { indexed: true, name: "requester", type: "address" },
-        ],
-        name: "AuditRequested",
-        type: "event",
-    },
-    {
-        anonymous: false,
-        inputs: [
-            { indexed: true, name: "key", type: "bytes32" },
-            { indexed: true, name: "requester", type: "address" },
-        ],
-        name: "AuditRequestedByKey",
-        type: "event",
-    },
-    {
-        inputs: [
-            { name: "packageName", type: "string" },
-            { name: "version", type: "string" },
-        ],
-        name: "requestAudit",
-        outputs: [],
-        stateMutability: "payable",
-        type: "function",
-    },
-    {
-        inputs: [{ name: "key", type: "bytes32" }],
-        name: "requestAuditByKey",
-        outputs: [],
-        stateMutability: "payable",
-        type: "function",
-    },
-    {
-        inputs: [],
-        name: "auditFee",
-        outputs: [{ name: "", type: "uint256" }],
-        stateMutability: "view",
-        type: "function",
-    },
-    {
-        inputs: [],
-        name: "owner",
-        outputs: [{ name: "", type: "address" }],
-        stateMutability: "view",
-        type: "function",
-    },
-    {
-        inputs: [
-            { name: "packageName", type: "string" },
-            { name: "version", type: "string" },
-        ],
-        name: "isRequested",
-        outputs: [{ name: "", type: "bool" }],
-        stateMutability: "view",
-        type: "function",
-    },
-    {
-        inputs: [{ name: "", type: "bytes32" }],
-        name: "requested",
-        outputs: [{ name: "", type: "bool" }],
-        stateMutability: "view",
-        type: "function",
-    },
-    {
-        inputs: [{ name: "_fee", type: "uint256" }],
-        name: "setFee",
-        outputs: [],
-        stateMutability: "nonpayable",
-        type: "function",
-    },
-    {
-        inputs: [],
-        name: "withdraw",
-        outputs: [],
-        stateMutability: "nonpayable",
-        type: "function",
-    },
-];

package/dist/ens-source.d.ts

@@ -1,4 +0,0 @@
-import type { AuditSource, AuditResult } from "./audit-source.js";
-export declare class ENSAuditSource implements AuditSource {
-    getAudit(packageName: string, version: string): Promise<AuditResult | null>;
-}

package/dist/ens-source.js

@@ -1,57 +0,0 @@
-import { createPublicClient, http } from "viem";
-import { sepolia } from "viem/chains";
-const RPC_URLS = process.env.SEPOLIA_RPC_URL
-    ? [process.env.SEPOLIA_RPC_URL]
-    : [
-        "https://sepolia.infura.io/v3/c087278b0ced40f5bea26b7536ebe9a1",
-        "https://ethereum-sepolia-rpc.publicnode.com",
-        "https://sepolia.drpc.org",
-    ];
-function makeClient(url) {
-    return createPublicClient({ chain: sepolia, transport: http(url) });
-}
-async function getText(ensName, key) {
-    for (const url of RPC_URLS) {
-        try {
-            return await makeClient(url).getEnsText({ name: ensName, key });
-        }
-        catch {
-            continue;
-        }
-    }
-    return null;
-}
-export class ENSAuditSource {
-    async getAudit(packageName, version) {
-        const versionSlug = version
-            .replace(/[^a-z0-9]+/gi, "-")
-            .replace(/^-+|-+$/g, "")
-            .toLowerCase();
-        const ensName = `${versionSlug}.${packageName}.npmguard.eth`;
-        try {
-            const [verdict, score, capabilities, reportCid, sourceCid] = await Promise.all([
-                getText(ensName, "npmguard.verdict"),
-                getText(ensName, "npmguard.score"),
-                getText(ensName, "npmguard.capabilities"),
-                getText(ensName, "npmguard.report_cid"),
-                getText(ensName, "npmguard.source_cid"),
-            ]);
-            if (!verdict)
-                return null;
-            return {
-                packageName,
-                version,
-                verdict: verdict.toUpperCase(),
-                score: score ? parseInt(score, 10) : 0,
-                capabilities: capabilities
-                    ? capabilities.split(",").map((c) => c.trim()).filter(Boolean)
-                    : [],
-                reportCid: reportCid ?? undefined,
-                sourceCid: sourceCid ?? undefined,
-            };
-        }
-        catch {
-            return null;
-        }
-    }
-}

package/dist/index.d.ts

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-import "dotenv/config";

package/dist/mock-source.d.ts

@@ -1,4 +0,0 @@
-import type { AuditSource, AuditResult } from "./audit-source.js";
-export declare class MockAuditSource implements AuditSource {
-    getAudit(packageName: string, version: string): Promise<AuditResult | null>;
-}

package/dist/mock-source.js

@@ -1,50 +0,0 @@
-// Mock data for demo — simulates what ENS would return
-const MOCK_AUDITS = {
-    "axios@1.14.0": {
-        packageName: "axios",
-        version: "1.14.0",
-        verdict: "SAFE",
-        score: 92,
-        capabilities: ["network"],
-        reportCid: "bafkreia3dgrfewkj6q4sdpqrbxcfuxa47d3ku4uzbauqdk4qo7gok3geoi",
-        sourceCid: "bafybeif372guv6lwfzdx622uyqmtk3bkxuhsozd6j5bmzxgqohe4ste77q",
-    },
-    "axios@1.13.0": {
-        packageName: "axios",
-        version: "1.13.0",
-        verdict: "SAFE",
-        score: 90,
-        capabilities: ["network"],
-        reportCid: "bafkreia3dgrfewkj6q4sdpqrbxcfuxa47d3ku4uzbauqdk4qo7gok3geoi",
-    },
-    "lodash@4.18.1": {
-        packageName: "lodash",
-        version: "4.18.1",
-        verdict: "WARNING",
-        score: 65,
-        capabilities: ["network", "filesystem"],
-        reportCid: "QmT5NvUtoM5nWFfrQdVrFtvGfKFmG7AHE8P34isapyhCxX", // mock
-    },
-    "express@5.2.1": {
-        packageName: "express",
-        version: "5.2.1",
-        verdict: "CRITICAL",
-        score: 12,
-        capabilities: ["network", "filesystem", "process_spawn", "binary_download"],
-        reportCid: "QmW2WQi7j6c7UgJTarActp7tDNikE4B2qXtFCfLPdsgaTQ", // mock
-    },
-    "chalk@5.6.2": {
-        packageName: "chalk",
-        version: "5.6.2",
-        verdict: "SAFE",
-        score: 98,
-        capabilities: [],
-        reportCid: "QmRf22bZar3WKmojipms22PkXH1MZGmvsqzQtuSvQE3uhm", // mock
-    },
-};
-export class MockAuditSource {
-    async getAudit(packageName, version) {
-        const key = `${packageName}@${version}`;
-        return MOCK_AUDITS[key] ?? null;
-    }
-}

package/dist/scanner.d.ts

@@ -1,7 +0,0 @@
-export interface PackageDep {
-    name: string;
-    installed: string;
-    latest: string | null;
-    hasUpdate: boolean;
-}
-export declare function scanProject(projectPath: string): Promise<PackageDep[]>;

package/dist/scanner.js

@@ -1,35 +0,0 @@
-import { readFile } from "node:fs/promises";
-import { join } from "node:path";
-export async function scanProject(projectPath) {
-    const pkgPath = join(projectPath, "package.json");
-    const raw = await readFile(pkgPath, "utf-8");
-    const pkg = JSON.parse(raw);
-    const allDeps = {
-        ...pkg.dependencies,
-        ...pkg.devDependencies,
-    };
-    const results = [];
-    for (const [name, versionRange] of Object.entries(allDeps)) {
-        // Strip ^, ~, >= etc. to get the installed version
-        const installed = versionRange.replace(/^[\^~>=<]*/, "");
-        // Fetch latest from npm registry
-        let latest = null;
-        try {
-            const resp = await fetch(`https://registry.npmjs.org/${name}/latest`);
-            if (resp.ok) {
-                const data = await resp.json();
-                latest = data.version;
-            }
-        }
-        catch {
-            // Network error — skip
-        }
-        results.push({
-            name,
-            installed,
-            latest,
-            hasUpdate: latest !== null && latest !== installed,
-        });
-    }
-    return results;
-}