preflyt 1.0.1 ā 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +23 -15
- package/package.json +1 -1
package/bin/cli.js
CHANGED
|
@@ -3,14 +3,14 @@
|
|
|
3
3
|
const fs = require('fs')
|
|
4
4
|
const path = require('path')
|
|
5
5
|
|
|
6
|
-
//
|
|
7
|
-
const
|
|
8
|
-
{ name: '
|
|
9
|
-
{ name: '
|
|
10
|
-
{ name: '
|
|
11
|
-
{ name: '
|
|
12
|
-
{ name: '
|
|
13
|
-
{ name: '
|
|
6
|
+
// Security patterns to check
|
|
7
|
+
const SECURITY_PATTERNS = [
|
|
8
|
+
{ name: 'Exposed secret', pattern: /sk-[a-zA-Z0-9-_]{20,}/ },
|
|
9
|
+
{ name: 'Exposed secret', pattern: /sk_live_[a-zA-Z0-9]{20,}/ },
|
|
10
|
+
{ name: 'Exposed secret', pattern: /sk_test_[a-zA-Z0-9]{20,}/ },
|
|
11
|
+
{ name: 'Exposed secret', pattern: /AKIA[0-9A-Z]{16}/ },
|
|
12
|
+
{ name: 'Exposed secret', pattern: /ghp_[a-zA-Z0-9]{36}/ },
|
|
13
|
+
{ name: 'Exposed secret', pattern: /hf_[a-zA-Z0-9]{20,}/ },
|
|
14
14
|
]
|
|
15
15
|
|
|
16
16
|
// File extensions to scan
|
|
@@ -21,14 +21,16 @@ const SKIP_FOLDERS = ['node_modules', '.git', '.next', 'dist', 'build']
|
|
|
21
21
|
|
|
22
22
|
// Store found issues
|
|
23
23
|
const issues = []
|
|
24
|
+
let filesScanned = 0
|
|
24
25
|
|
|
25
26
|
// Scan a single file
|
|
26
27
|
function scanFile(filePath) {
|
|
28
|
+
filesScanned++
|
|
27
29
|
const content = fs.readFileSync(filePath, 'utf-8')
|
|
28
30
|
const lines = content.split('\n')
|
|
29
31
|
|
|
30
32
|
lines.forEach((line, index) => {
|
|
31
|
-
|
|
33
|
+
SECURITY_PATTERNS.forEach(({ name, pattern }) => {
|
|
32
34
|
if (pattern.test(line)) {
|
|
33
35
|
issues.push({
|
|
34
36
|
file: filePath,
|
|
@@ -62,30 +64,36 @@ function scanDirectory(dir) {
|
|
|
62
64
|
})
|
|
63
65
|
}
|
|
64
66
|
|
|
67
|
+
// Security categories (for display)
|
|
68
|
+
const SECURITY_CATEGORIES = [
|
|
69
|
+
'š Exposed secrets & API keys'
|
|
70
|
+
]
|
|
71
|
+
|
|
65
72
|
// Main
|
|
66
73
|
console.log('\nāļø Preflyt - Preflight security check\n')
|
|
67
74
|
|
|
68
75
|
const targetDir = process.argv[2] || '.'
|
|
69
76
|
scanDirectory(targetDir)
|
|
70
77
|
|
|
71
|
-
console.log(
|
|
78
|
+
console.log(`š Scanned ${filesScanned} files for:`)
|
|
79
|
+
SECURITY_CATEGORIES.forEach(cat => console.log(` ${cat}`))
|
|
80
|
+
console.log()
|
|
72
81
|
|
|
73
82
|
if (issues.length === 0) {
|
|
74
|
-
console.log('
|
|
83
|
+
console.log('ā
All clear ā ready for takeoff!\n')
|
|
75
84
|
} else {
|
|
76
85
|
console.log(`āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā`)
|
|
77
|
-
console.log(
|
|
86
|
+
console.log(`ā ļø Found ${issues.length} issue(s) to review:\n`)
|
|
78
87
|
|
|
79
88
|
issues.forEach((issue, index) => {
|
|
80
|
-
console.log(` ${index + 1}. ${issue.type}
|
|
89
|
+
console.log(` ${index + 1}. ${issue.type}`)
|
|
81
90
|
console.log(` š ${issue.file}:${issue.line}`)
|
|
82
91
|
console.log(` āā ${issue.content}`)
|
|
83
92
|
console.log()
|
|
84
93
|
})
|
|
85
94
|
|
|
86
95
|
console.log(`āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā`)
|
|
87
|
-
console.log(`š”
|
|
88
|
-
console.log(` Then use process.env.YOUR_KEY_NAME instead\n`)
|
|
96
|
+
console.log(`š” Fix these issues before shipping to production\n`)
|
|
89
97
|
process.exit(1) // Exit with error code
|
|
90
98
|
}
|
|
91
99
|
|