npm - opmsec - Versions diffs - 0.1.0 - Mend

opmsec 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/.env.example +14 -0
package/.pnp.cjs +9953 -0
package/.pnp.loader.mjs +2126 -0
package/README.md +266 -0
package/bun.lock +620 -0
package/bunfig.toml +6 -0
package/docker-compose.yml +10 -0
package/package.json +39 -0
package/packages/cli/package.json +7 -0
package/packages/cli/src/commands/audit.tsx +142 -0
package/packages/cli/src/commands/author-view.tsx +247 -0
package/packages/cli/src/commands/info.tsx +109 -0
package/packages/cli/src/commands/install.tsx +362 -0
package/packages/cli/src/commands/passthrough.tsx +36 -0
package/packages/cli/src/commands/push.tsx +321 -0
package/packages/cli/src/components/AgentScores.tsx +32 -0
package/packages/cli/src/components/AuthorInfo.tsx +45 -0
package/packages/cli/src/components/Header.tsx +24 -0
package/packages/cli/src/components/PackageCard.tsx +48 -0
package/packages/cli/src/components/RiskBadge.tsx +32 -0
package/packages/cli/src/components/ScanReport.tsx +50 -0
package/packages/cli/src/components/StatusLine.tsx +30 -0
package/packages/cli/src/index.tsx +111 -0
package/packages/cli/src/services/avatar.ts +10 -0
package/packages/cli/src/services/chainpatrol.ts +25 -0
package/packages/cli/src/services/contract.ts +182 -0
package/packages/cli/src/services/ens.ts +143 -0
package/packages/cli/src/services/fileverse.ts +36 -0
package/packages/cli/src/services/osv.ts +141 -0
package/packages/cli/src/services/signature.ts +22 -0
package/packages/cli/src/services/version.ts +10 -0
package/packages/contracts/contracts/OPMRegistry.sol +253 -0
package/packages/contracts/hardhat.config.ts +32 -0
package/packages/contracts/package-lock.json +7772 -0
package/packages/contracts/package.json +10 -0
package/packages/contracts/scripts/deploy.ts +28 -0
package/packages/contracts/test/OPMRegistry.test.ts +101 -0
package/packages/contracts/tsconfig.json +11 -0
package/packages/core/package.json +7 -0
package/packages/core/src/abi.ts +629 -0
package/packages/core/src/constants.ts +30 -0
package/packages/core/src/index.ts +5 -0
package/packages/core/src/prompt.ts +111 -0
package/packages/core/src/types.ts +104 -0
package/packages/core/src/utils.ts +50 -0
package/packages/scanner/package.json +6 -0
package/packages/scanner/src/agents/agent-configs.ts +24 -0
package/packages/scanner/src/agents/base-agent.ts +75 -0
package/packages/scanner/src/index.ts +25 -0
package/packages/scanner/src/queue/memory-queue.ts +91 -0
package/packages/scanner/src/services/contract-writer.ts +34 -0
package/packages/scanner/src/services/fileverse.ts +89 -0
package/packages/scanner/src/services/npm-registry.ts +159 -0
package/packages/scanner/src/services/openrouter.ts +86 -0
package/packages/scanner/src/services/osv.ts +87 -0
package/packages/scanner/src/services/report-formatter.ts +134 -0
package/tsconfig.json +23 -0

package/packages/core/src/abi.ts ADDED Viewed

@@ -0,0 +1,629 @@
+export const OPM_REGISTRY_ABI = [
+  {
+    "inputs": [],
+    "stateMutability": "nonpayable",
+    "type": "constructor"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": false,
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      },
+      {
+        "indexed": false,
+        "internalType": "bool",
+        "name": "status",
+        "type": "bool"
+      }
+    ],
+    "name": "AgentAuthorized",
+    "type": "event"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": false,
+        "internalType": "address",
+        "name": "addr",
+        "type": "address"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      }
+    ],
+    "name": "AuthorRegistered",
+    "type": "event"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "address",
+        "name": "author",
+        "type": "address"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      }
+    ],
+    "name": "PackageRegistered",
+    "type": "event"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "uri",
+        "type": "string"
+      }
+    ],
+    "name": "ReportURISet",
+    "type": "event"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      },
+      {
+        "indexed": false,
+        "internalType": "uint8",
+        "name": "riskScore",
+        "type": "uint8"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "reasoning",
+        "type": "string"
+      }
+    ],
+    "name": "ScoreSubmitted",
+    "type": "event"
+  },
+  {
+    "inputs": [],
+    "name": "HIGH_RISK_THRESHOLD",
+    "outputs": [
+      {
+        "internalType": "uint8",
+        "name": "",
+        "type": "uint8"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [],
+    "name": "MEDIUM_RISK_THRESHOLD",
+    "outputs": [
+      {
+        "internalType": "uint8",
+        "name": "",
+        "type": "uint8"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "name": "authorizedAgents",
+    "outputs": [
+      {
+        "internalType": "bool",
+        "name": "",
+        "type": "bool"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "name": "authors",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "addr",
+        "type": "address"
+      },
+      {
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      },
+      {
+        "internalType": "uint256",
+        "name": "reputationTotal",
+        "type": "uint256"
+      },
+      {
+        "internalType": "uint256",
+        "name": "reputationCount",
+        "type": "uint256"
+      },
+      {
+        "internalType": "uint256",
+        "name": "packagesPublished",
+        "type": "uint256"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "bytes32",
+        "name": "",
+        "type": "bytes32"
+      }
+    ],
+    "name": "ensToAuthor",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      }
+    ],
+    "name": "getAggregateScore",
+    "outputs": [
+      {
+        "internalType": "uint8",
+        "name": "",
+        "type": "uint8"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "addr",
+        "type": "address"
+      }
+    ],
+    "name": "getAuthorByAddress",
+    "outputs": [
+      {
+        "components": [
+          {
+            "internalType": "address",
+            "name": "addr",
+            "type": "address"
+          },
+          {
+            "internalType": "string",
+            "name": "ensName",
+            "type": "string"
+          },
+          {
+            "internalType": "uint256",
+            "name": "reputationTotal",
+            "type": "uint256"
+          },
+          {
+            "internalType": "uint256",
+            "name": "reputationCount",
+            "type": "uint256"
+          },
+          {
+            "internalType": "uint256",
+            "name": "packagesPublished",
+            "type": "uint256"
+          }
+        ],
+        "internalType": "struct OPMRegistry.AuthorProfile",
+        "name": "",
+        "type": "tuple"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      }
+    ],
+    "name": "getAuthorByENS",
+    "outputs": [
+      {
+        "components": [
+          {
+            "internalType": "address",
+            "name": "addr",
+            "type": "address"
+          },
+          {
+            "internalType": "string",
+            "name": "ensName",
+            "type": "string"
+          },
+          {
+            "internalType": "uint256",
+            "name": "reputationTotal",
+            "type": "uint256"
+          },
+          {
+            "internalType": "uint256",
+            "name": "reputationCount",
+            "type": "uint256"
+          },
+          {
+            "internalType": "uint256",
+            "name": "packagesPublished",
+            "type": "uint256"
+          }
+        ],
+        "internalType": "struct OPMRegistry.AuthorProfile",
+        "name": "",
+        "type": "tuple"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "addr",
+        "type": "address"
+      }
+    ],
+    "name": "getAuthorReputation",
+    "outputs": [
+      {
+        "internalType": "uint256",
+        "name": "",
+        "type": "uint256"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      }
+    ],
+    "name": "getPackageInfo",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "author",
+        "type": "address"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "checksum",
+        "type": "bytes32"
+      },
+      {
+        "internalType": "bytes",
+        "name": "sig",
+        "type": "bytes"
+      },
+      {
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "reportURI",
+        "type": "string"
+      },
+      {
+        "internalType": "uint8",
+        "name": "aggregateScore",
+        "type": "uint8"
+      },
+      {
+        "internalType": "bool",
+        "name": "exists",
+        "type": "bool"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "uint8",
+        "name": "lookback",
+        "type": "uint8"
+      }
+    ],
+    "name": "getSafestVersion",
+    "outputs": [
+      {
+        "internalType": "string",
+        "name": "",
+        "type": "string"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      }
+    ],
+    "name": "getScores",
+    "outputs": [
+      {
+        "components": [
+          {
+            "internalType": "address",
+            "name": "agent",
+            "type": "address"
+          },
+          {
+            "internalType": "uint8",
+            "name": "riskScore",
+            "type": "uint8"
+          },
+          {
+            "internalType": "string",
+            "name": "reasoning",
+            "type": "string"
+          }
+        ],
+        "internalType": "struct OPMRegistry.AgentScore[]",
+        "name": "",
+        "type": "tuple[]"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      }
+    ],
+    "name": "getVersions",
+    "outputs": [
+      {
+        "internalType": "string[]",
+        "name": "",
+        "type": "string[]"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [],
+    "name": "owner",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "checksum",
+        "type": "bytes32"
+      },
+      {
+        "internalType": "bytes",
+        "name": "sig",
+        "type": "bytes"
+      },
+      {
+        "internalType": "string",
+        "name": "ensName",
+        "type": "string"
+      }
+    ],
+    "name": "registerPackage",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      },
+      {
+        "internalType": "bool",
+        "name": "status",
+        "type": "bool"
+      }
+    ],
+    "name": "setAgent",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "uri",
+        "type": "string"
+      }
+    ],
+    "name": "setReportURI",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "version",
+        "type": "string"
+      },
+      {
+        "internalType": "uint8",
+        "name": "riskScore",
+        "type": "uint8"
+      },
+      {
+        "internalType": "string",
+        "name": "reasoning",
+        "type": "string"
+      }
+    ],
+    "name": "submitScore",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  }
+] as const;

package/packages/core/src/constants.ts ADDED Viewed

@@ -0,0 +1,30 @@
+export const HIGH_RISK_THRESHOLD = 70;
+export const MEDIUM_RISK_THRESHOLD = 40;
+export const OPENROUTER_MODELS = {
+  agent1: 'anthropic/claude-sonnet-4-20250514',
+  agent2: 'google/gemini-2.5-flash',
+  agent3: 'deepseek/deepseek-chat',
+} as const;
+export const OPENAI_MODELS = {
+  agent1: 'gpt-4.1',
+  agent2: 'gpt-4.1-mini',
+  agent3: 'gpt-4.1-nano',
+} as const;
+export const OPENROUTER_API_URL = 'https://openrouter.ai/api/v1/chat/completions';
+export const OPENAI_API_URL = 'https://api.openai.com/v1/chat/completions';
+export const BASE_SEPOLIA_CHAIN_ID = 84532;
+export const BASE_SEPOLIA_RPC = 'https://sepolia.base.org';
+export const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+export const CHAINPATROL_API_URL = 'https://app.chainpatrol.io/api/v2';
+export const SCANNABLE_EXTENSIONS = ['.js', '.ts', '.mjs', '.cjs', '.json'];
+export const MAX_FILE_SIZE_BYTES = 100_000;
+export const MAX_TOTAL_CODE_CHARS = 200_000;
+export const VERSION_LOOKBACK = 3;

package/packages/core/src/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './types';
+export * from './constants';
+export * from './utils';
+export * from './prompt';
+export { OPM_REGISTRY_ABI } from './abi';