oauthlint 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +59 -0
- package/bin/oauthlint.js +5 -0
- package/dist/adapters/semgrep.d.ts +36 -0
- package/dist/adapters/semgrep.d.ts.map +1 -0
- package/dist/adapters/semgrep.js +156 -0
- package/dist/adapters/semgrep.js.map +1 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +103 -0
- package/dist/cli.js.map +1 -0
- package/dist/commands/doctor.d.ts +8 -0
- package/dist/commands/doctor.d.ts.map +1 -0
- package/dist/commands/doctor.js +69 -0
- package/dist/commands/doctor.js.map +1 -0
- package/dist/commands/init.d.ts +9 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +51 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/list.d.ts +6 -0
- package/dist/commands/list.d.ts.map +1 -0
- package/dist/commands/list.js +32 -0
- package/dist/commands/list.js.map +1 -0
- package/dist/commands/scan.d.ts +24 -0
- package/dist/commands/scan.d.ts.map +1 -0
- package/dist/commands/scan.js +73 -0
- package/dist/commands/scan.js.map +1 -0
- package/dist/core/config.d.ts +4 -0
- package/dist/core/config.d.ts.map +1 -0
- package/dist/core/config.js +40 -0
- package/dist/core/config.js.map +1 -0
- package/dist/core/reporter.d.ts +17 -0
- package/dist/core/reporter.d.ts.map +1 -0
- package/dist/core/reporter.js +111 -0
- package/dist/core/reporter.js.map +1 -0
- package/dist/core/sarif.d.ts +69 -0
- package/dist/core/sarif.d.ts.map +1 -0
- package/dist/core/sarif.js +115 -0
- package/dist/core/sarif.js.map +1 -0
- package/dist/core/severity.d.ts +23 -0
- package/dist/core/severity.d.ts.map +1 -0
- package/dist/core/severity.js +42 -0
- package/dist/core/severity.js.map +1 -0
- package/dist/core/suppress.d.ts +40 -0
- package/dist/core/suppress.d.ts.map +1 -0
- package/dist/core/suppress.js +81 -0
- package/dist/core/suppress.js.map +1 -0
- package/dist/index.d.ts +13 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +12 -0
- package/dist/index.js.map +1 -0
- package/dist/types.d.ts +42 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +17 -0
- package/dist/types.js.map +1 -0
- package/package.json +71 -0
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { readFile } from 'node:fs/promises';
|
|
2
|
+
const DIRECTIVE_RE = /oauthlint-disable-(next-line|line|file)\s+([a-z0-9.*-]+)(?:\s*--\s*(.+))?/i;
|
|
3
|
+
export async function loadSuppressionMap(filePath) {
|
|
4
|
+
let text;
|
|
5
|
+
try {
|
|
6
|
+
text = await readFile(filePath, 'utf8');
|
|
7
|
+
}
|
|
8
|
+
catch {
|
|
9
|
+
return { byLine: new Map(), fileWide: new Set() };
|
|
10
|
+
}
|
|
11
|
+
return parseSuppressionsFromSource(text);
|
|
12
|
+
}
|
|
13
|
+
export function parseSuppressionsFromSource(source) {
|
|
14
|
+
const byLine = new Map();
|
|
15
|
+
const fileWide = new Set();
|
|
16
|
+
const lines = source.split('\n');
|
|
17
|
+
for (let i = 0; i < lines.length; i++) {
|
|
18
|
+
const match = lines[i]?.match(DIRECTIVE_RE);
|
|
19
|
+
if (!match)
|
|
20
|
+
continue;
|
|
21
|
+
const kind = match[1]?.toLowerCase();
|
|
22
|
+
const ruleId = match[2]?.toLowerCase();
|
|
23
|
+
if (!kind || !ruleId)
|
|
24
|
+
continue;
|
|
25
|
+
if (kind === 'file') {
|
|
26
|
+
if (ruleId === '*') {
|
|
27
|
+
// We deliberately don't let `disable-file *` work — see comment above.
|
|
28
|
+
continue;
|
|
29
|
+
}
|
|
30
|
+
fileWide.add(ruleId);
|
|
31
|
+
continue;
|
|
32
|
+
}
|
|
33
|
+
// disable-line: same line; disable-next-line: i + 1
|
|
34
|
+
const target = kind === 'line' ? i : i + 1;
|
|
35
|
+
let set = byLine.get(ruleId);
|
|
36
|
+
if (!set) {
|
|
37
|
+
set = new Set();
|
|
38
|
+
byLine.set(ruleId, set);
|
|
39
|
+
}
|
|
40
|
+
set.add(target);
|
|
41
|
+
}
|
|
42
|
+
return { byLine, fileWide };
|
|
43
|
+
}
|
|
44
|
+
export function isSuppressed(finding, maps) {
|
|
45
|
+
if (maps.fileWide.has(finding.ruleId) || maps.fileWide.has('*')) {
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
// Semgrep returns 1-based start lines; our suppression map is 0-based
|
|
49
|
+
// because we walk the source array with for-loops.
|
|
50
|
+
const lineIdx = finding.startLine - 1;
|
|
51
|
+
for (const id of [finding.ruleId, '*']) {
|
|
52
|
+
const lines = maps.byLine.get(id);
|
|
53
|
+
if (lines?.has(lineIdx))
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
return false;
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Apply suppression to a list of findings. Caches the parsed directive
|
|
60
|
+
* map per-file so we only read each file once.
|
|
61
|
+
*/
|
|
62
|
+
export async function applySuppressions(findings) {
|
|
63
|
+
const cache = new Map();
|
|
64
|
+
const kept = [];
|
|
65
|
+
const suppressed = [];
|
|
66
|
+
for (const f of findings) {
|
|
67
|
+
let maps = cache.get(f.filePath);
|
|
68
|
+
if (!maps) {
|
|
69
|
+
maps = await loadSuppressionMap(f.filePath);
|
|
70
|
+
cache.set(f.filePath, maps);
|
|
71
|
+
}
|
|
72
|
+
if (isSuppressed(f, maps)) {
|
|
73
|
+
suppressed.push(f);
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
kept.push(f);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
return { kept, suppressed };
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=suppress.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"suppress.js","sourceRoot":"","sources":["../../src/core/suppress.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AA+B5C,MAAM,YAAY,GAAG,4EAA4E,CAAC;AAElG,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,QAAgB;IACvD,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,IAAI,GAAG,EAAE,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;IACpD,CAAC;IACD,OAAO,2BAA2B,CAAC,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAAc;IACxD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM;YAAE,SAAS;QAE/B,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACpB,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnB,uEAAuE;gBACvE,SAAS;YACX,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QAED,oDAAoD;QACpD,MAAM,MAAM,GAAG,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;YAChB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAgB,EAAE,IAAqB;IAClE,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,sEAAsE;IACtE,mDAAmD;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;IACtC,KAAK,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAmB;IAIzD,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,MAAM,IAAI,GAAc,EAAE,CAAC;IAC3B,MAAM,UAAU,GAAc,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,MAAM,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC5C,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,YAAY,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC;YAC1B,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAC9B,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export { buildProgram } from './cli.js';
|
|
2
|
+
export { runScan, type ScanCommandOptions } from './commands/scan.js';
|
|
3
|
+
export { runList, type ListOptions } from './commands/list.js';
|
|
4
|
+
export { runInit, type InitOptions } from './commands/init.js';
|
|
5
|
+
export { runDoctor, type DoctorOptions } from './commands/doctor.js';
|
|
6
|
+
export { applySuppressions, isSuppressed, loadSuppressionMap, parseSuppressionsFromSource, } from './core/suppress.js';
|
|
7
|
+
export { SemgrepAdapter, SemgrepNotInstalledError } from './adapters/semgrep.js';
|
|
8
|
+
export { Reporter, type ReporterOptions } from './core/reporter.js';
|
|
9
|
+
export { loadConfig, DEFAULT_CONFIG } from './core/config.js';
|
|
10
|
+
export { exitCodeFor, highestSeverity, meetsThreshold, severityRank, } from './core/severity.js';
|
|
11
|
+
export type { OAuthLintConfig, Finding, ScanResult, SeverityName, } from './types.js';
|
|
12
|
+
export { SEVERITIES } from './types.js';
|
|
13
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,KAAK,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,2BAA2B,GAC5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,QAAQ,EAAE,KAAK,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,eAAe,EACf,OAAO,EACP,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export { buildProgram } from './cli.js';
|
|
2
|
+
export { runScan } from './commands/scan.js';
|
|
3
|
+
export { runList } from './commands/list.js';
|
|
4
|
+
export { runInit } from './commands/init.js';
|
|
5
|
+
export { runDoctor } from './commands/doctor.js';
|
|
6
|
+
export { applySuppressions, isSuppressed, loadSuppressionMap, parseSuppressionsFromSource, } from './core/suppress.js';
|
|
7
|
+
export { SemgrepAdapter, SemgrepNotInstalledError } from './adapters/semgrep.js';
|
|
8
|
+
export { Reporter } from './core/reporter.js';
|
|
9
|
+
export { loadConfig, DEFAULT_CONFIG } from './core/config.js';
|
|
10
|
+
export { exitCodeFor, highestSeverity, meetsThreshold, severityRank, } from './core/severity.js';
|
|
11
|
+
export { SEVERITIES } from './types.js';
|
|
12
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACxC,OAAO,EAAE,OAAO,EAA2B,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAoB,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAoB,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAsB,MAAM,sBAAsB,CAAC;AACrE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,2BAA2B,GAC5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjF,OAAO,EAAE,QAAQ,EAAwB,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,YAAY,GACb,MAAM,oBAAoB,CAAC;AAO5B,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Severity used both for filtering and for exit-code decisions.
|
|
3
|
+
* Order matters: items later in the array are considered "worse".
|
|
4
|
+
*/
|
|
5
|
+
export declare const SEVERITIES: readonly ["INFO", "LOW", "MEDIUM", "HIGH", "CRITICAL"];
|
|
6
|
+
export type SeverityName = (typeof SEVERITIES)[number];
|
|
7
|
+
/**
|
|
8
|
+
* Map raw Semgrep severities to our 5-level scale.
|
|
9
|
+
* Semgrep itself only emits INFO / WARNING / ERROR, but each rule can
|
|
10
|
+
* additionally declare its own severity metadata; we honour rule metadata
|
|
11
|
+
* when present.
|
|
12
|
+
*/
|
|
13
|
+
export declare const SEMGREP_SEVERITY_MAP: Record<string, SeverityName>;
|
|
14
|
+
export interface Finding {
|
|
15
|
+
/** Rule id, e.g. "auth.jwt.alg-none" */
|
|
16
|
+
ruleId: string;
|
|
17
|
+
/** OAuthLint-specific id, e.g. "AUTH-JWT-001" */
|
|
18
|
+
oauthlintRuleId?: string;
|
|
19
|
+
severity: SeverityName;
|
|
20
|
+
filePath: string;
|
|
21
|
+
startLine: number;
|
|
22
|
+
endLine: number;
|
|
23
|
+
message: string;
|
|
24
|
+
docUrl?: string;
|
|
25
|
+
cwe?: string;
|
|
26
|
+
llmPrevalence?: 'HIGH' | 'MEDIUM' | 'LOW';
|
|
27
|
+
}
|
|
28
|
+
export interface ScanResult {
|
|
29
|
+
findings: Finding[];
|
|
30
|
+
scannedFiles: number;
|
|
31
|
+
durationMs: number;
|
|
32
|
+
semgrepVersion: string | null;
|
|
33
|
+
errors: string[];
|
|
34
|
+
}
|
|
35
|
+
export interface OAuthLintConfig {
|
|
36
|
+
include?: string[];
|
|
37
|
+
exclude?: string[];
|
|
38
|
+
rules?: Record<string, 'off' | 'warn' | SeverityName>;
|
|
39
|
+
customRulesDir?: string;
|
|
40
|
+
failOn?: SeverityName | 'off';
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,UAAU,wDAAyD,CAAC;AACjF,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAI7D,CAAC;AAEF,MAAM,WAAW,OAAO;IACtB,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAC3C;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,YAAY,CAAC,CAAC;IACtD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,YAAY,GAAG,KAAK,CAAC;CAC/B"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Severity used both for filtering and for exit-code decisions.
|
|
3
|
+
* Order matters: items later in the array are considered "worse".
|
|
4
|
+
*/
|
|
5
|
+
export const SEVERITIES = ['INFO', 'LOW', 'MEDIUM', 'HIGH', 'CRITICAL'];
|
|
6
|
+
/**
|
|
7
|
+
* Map raw Semgrep severities to our 5-level scale.
|
|
8
|
+
* Semgrep itself only emits INFO / WARNING / ERROR, but each rule can
|
|
9
|
+
* additionally declare its own severity metadata; we honour rule metadata
|
|
10
|
+
* when present.
|
|
11
|
+
*/
|
|
12
|
+
export const SEMGREP_SEVERITY_MAP = {
|
|
13
|
+
INFO: 'INFO',
|
|
14
|
+
WARNING: 'MEDIUM',
|
|
15
|
+
ERROR: 'HIGH',
|
|
16
|
+
};
|
|
17
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAU,CAAC;AAGjF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAiC;IAChE,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,QAAQ;IACjB,KAAK,EAAE,MAAM;CACd,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "oauthlint",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Catch the OAuth/OIDC/JWT anti-patterns AI coding tools systematically produce. CLI wrapper around the oauthlint-rules Semgrep rule pack.",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"main": "./dist/index.js",
|
|
7
|
+
"types": "./dist/index.d.ts",
|
|
8
|
+
"bin": {
|
|
9
|
+
"oauthlint": "./bin/oauthlint.js"
|
|
10
|
+
},
|
|
11
|
+
"files": [
|
|
12
|
+
"dist",
|
|
13
|
+
"bin",
|
|
14
|
+
"README.md",
|
|
15
|
+
"LICENSE"
|
|
16
|
+
],
|
|
17
|
+
"exports": {
|
|
18
|
+
".": {
|
|
19
|
+
"types": "./dist/index.d.ts",
|
|
20
|
+
"default": "./dist/index.js"
|
|
21
|
+
}
|
|
22
|
+
},
|
|
23
|
+
"keywords": [
|
|
24
|
+
"oauthlint",
|
|
25
|
+
"semgrep",
|
|
26
|
+
"oauth",
|
|
27
|
+
"oidc",
|
|
28
|
+
"jwt",
|
|
29
|
+
"security",
|
|
30
|
+
"sast",
|
|
31
|
+
"cli",
|
|
32
|
+
"ai-code",
|
|
33
|
+
"vibe-coding"
|
|
34
|
+
],
|
|
35
|
+
"dependencies": {
|
|
36
|
+
"commander": "12.1.0",
|
|
37
|
+
"cosmiconfig": "9.0.0",
|
|
38
|
+
"execa": "9.6.0",
|
|
39
|
+
"picocolors": "1.1.1",
|
|
40
|
+
"yaml": "2.6.1",
|
|
41
|
+
"zod": "3.24.1",
|
|
42
|
+
"oauthlint-rules": "0.1.0"
|
|
43
|
+
},
|
|
44
|
+
"devDependencies": {
|
|
45
|
+
"@types/node": "22.10.5",
|
|
46
|
+
"typescript": "5.7.3",
|
|
47
|
+
"vitest": "2.1.9"
|
|
48
|
+
},
|
|
49
|
+
"publishConfig": {
|
|
50
|
+
"access": "public"
|
|
51
|
+
},
|
|
52
|
+
"repository": {
|
|
53
|
+
"type": "git",
|
|
54
|
+
"url": "git+https://github.com/Auspeo/oauthlint.git",
|
|
55
|
+
"directory": "cli"
|
|
56
|
+
},
|
|
57
|
+
"homepage": "https://oauthlint.dev",
|
|
58
|
+
"bugs": "https://github.com/Auspeo/oauthlint/issues",
|
|
59
|
+
"license": "MIT",
|
|
60
|
+
"author": "Maurice Anney <webofboss@gmail.com>",
|
|
61
|
+
"engines": {
|
|
62
|
+
"node": ">=20.0.0"
|
|
63
|
+
},
|
|
64
|
+
"scripts": {
|
|
65
|
+
"build": "tsc",
|
|
66
|
+
"test": "vitest",
|
|
67
|
+
"test:run": "vitest run",
|
|
68
|
+
"typecheck": "tsc --noEmit",
|
|
69
|
+
"start": "node bin/oauthlint.js"
|
|
70
|
+
}
|
|
71
|
+
}
|