safe-pkg 1.0.0

package/dist/ui/riskReporter.js

@@ -0,0 +1,157 @@
+import chalk from "chalk";
+/**
+ * Display a comprehensive risk report for a single package
+ */
+export function displayRiskReport(report) {
+    console.log(`\n${"=".repeat(80)}`);
+    console.log(chalk.bold(`📦 ${report.packageName}`) + chalk.gray(` (${report.version})`));
+    console.log("=".repeat(80));
+    // Risk score with color coding
+    const scoreColor = getRiskScoreColor(report.riskScore);
+    console.log(`\n${chalk.bold("Risk Score:")} ${scoreColor(`${report.riskScore}/10`)}`);
+    console.log(`${chalk.bold("Risk Level:")} ${getRiskLevelBadge(report.riskLevel)}`);
+    // Recommendation
+    console.log(`\n${chalk.bold("Recommendation:")}`);
+    console.log(`  ${getRecommendationText(report.recommendation)}`);
+    // Warnings
+    if (report.warnings.length > 0) {
+        console.log(`\n${chalk.bold("Warnings:")} ${chalk.red(`(${report.warnings.length})`)}`);
+        for (const warning of report.warnings) {
+            const icon = getSeverityIcon(warning.severity);
+            const severityColor = getSeverityColor(warning.severity);
+            console.log(`  ${icon} ${severityColor(warning.severity.toUpperCase())} - ${warning.message}`);
+            console.log(chalk.gray(`     Source: ${warning.source}`));
+        }
+    }
+    // Analyzer breakdown
+    console.log(`\n${chalk.bold("Analysis Details:")}`);
+    // Audit
+    if (report.analyzers.audit) {
+        const audit = report.analyzers.audit;
+        const vulnText = audit.vulnerabilityCount === 0
+            ? chalk.green("No vulnerabilities")
+            : chalk.red(`${audit.vulnerabilityCount} vulnerabilities (${audit.criticalCount} critical, ${audit.highCount} high)`);
+        console.log(`  ${chalk.cyan("Audit:")} ${vulnText} - Score: ${audit.riskScore}/10`);
+    }
+    // Metadata
+    if (report.analyzers.metadata) {
+        const meta = report.analyzers.metadata;
+        const downloadsText = meta.downloads < 100
+            ? chalk.red(`${meta.downloads.toLocaleString()}`)
+            : meta.downloads < 1000
+                ? chalk.yellow(`${meta.downloads.toLocaleString()}`)
+                : chalk.green(`${meta.downloads.toLocaleString()}`);
+        console.log(`  ${chalk.cyan("Metadata:")} ${downloadsText} weekly downloads, ${meta.packageAge} days old - Score: ${meta.riskScore}/10`);
+        console.log(chalk.gray(`     Maintainers: ${meta.maintainerCount}, License: ${meta.hasLicense ? "Yes" : "No"}`));
+    }
+    // Scripts
+    if (report.analyzers.script) {
+        const script = report.analyzers.script;
+        const scriptStatus = script.hasSuspiciousScripts
+            ? chalk.red("Suspicious scripts detected")
+            : chalk.green("Clean");
+        console.log(`  ${chalk.cyan("Scripts:")} ${scriptStatus} - Score: ${script.riskScore}/10`);
+        if (script.suspiciousScripts.length > 0) {
+            console.log(chalk.gray(`     Found: ${script.suspiciousScripts.join(", ")}`));
+        }
+    }
+    // Heuristics
+    if (report.analyzers.heuristic) {
+        const heuristic = report.analyzers.heuristic;
+        const heuristicStatus = heuristic.isPotentialTyposquat
+            ? chalk.red("Potential typosquatting")
+            : chalk.green("Clean");
+        console.log(`  ${chalk.cyan("Heuristics:")} ${heuristicStatus} - Score: ${heuristic.riskScore}/10`);
+        if (heuristic.suspiciousPatterns.length > 0) {
+            console.log(chalk.gray(`     Patterns: ${heuristic.suspiciousPatterns.join(", ")}`));
+        }
+    }
+    // AI Insights
+    if (report.analyzers.aiInsights) {
+        console.log(`\n${chalk.bold.magenta("🤖 AI Insights:")}`);
+        console.log(chalk.gray(formatAIInsights(report.analyzers.aiInsights)));
+    }
+    console.log(); // Spacing
+}
+/**
+ * Get color for risk score
+ */
+function getRiskScoreColor(score) {
+    if (score >= 7)
+        return chalk.red.bold;
+    if (score >= 4)
+        return chalk.yellow.bold;
+    return chalk.green.bold;
+}
+/**
+ * Get colored badge for risk level
+ */
+function getRiskLevelBadge(level) {
+    switch (level) {
+        case "dangerous":
+            return chalk.bgRed.white.bold(" DANGEROUS ");
+        case "caution":
+            return chalk.bgYellow.black.bold(" CAUTION ");
+        case "safe":
+            return chalk.bgGreen.black.bold(" SAFE ");
+        default:
+            return chalk.bgGray.white.bold(` ${level.toUpperCase()} `);
+    }
+}
+/**
+ * Format recommendation text with appropriate color
+ */
+function getRecommendationText(recommendation) {
+    if (recommendation.includes("DO NOT INSTALL")) {
+        return chalk.red.bold(recommendation);
+    }
+    if (recommendation.includes("CAUTION") ||
+        recommendation.includes("HIGH RISK")) {
+        return chalk.yellow.bold(recommendation);
+    }
+    return chalk.green(recommendation);
+}
+/**
+ * Get icon for severity level
+ */
+function getSeverityIcon(severity) {
+    switch (severity) {
+        case "critical":
+            return "🔴";
+        case "high":
+            return "🟠";
+        case "medium":
+            return "🟡";
+        case "low":
+            return "🔵";
+        default:
+            return "⚪";
+    }
+}
+/**
+ * Get color for severity level
+ */
+function getSeverityColor(severity) {
+    switch (severity) {
+        case "critical":
+            return chalk.red.bold;
+        case "high":
+            return chalk.red;
+        case "medium":
+            return chalk.yellow;
+        case "low":
+            return chalk.blue;
+        default:
+            return chalk.gray;
+    }
+}
+/**
+ * Format AI insights with indentation
+ */
+function formatAIInsights(insights) {
+    return insights
+        .split("\n")
+        .map((line) => `  ${line}`)
+        .join("\n");
+}
+//# sourceMappingURL=riskReporter.js.map

package/dist/ui/riskReporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"riskReporter.js","sourceRoot":"","sources":["../../src/ui/riskReporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAkB;IACnD,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CACV,KAAK,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,OAAO,GAAG,CAAC,CAC3E,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,+BAA+B;IAC/B,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,GAAG,MAAM,CAAC,SAAS,KAAK,CAAC,EAAE,CACxE,CAAC;IACF,OAAO,CAAC,GAAG,CACV,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CACrE,CAAC;IAEF,iBAAiB;IACjB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IAEjE,WAAW;IACX,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAC1E,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,aAAa,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CACV,KAAK,IAAI,IAAI,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,OAAO,CAAC,OAAO,EAAE,CACjF,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;IACF,CAAC;IAED,qBAAqB;IACrB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;IAEpD,QAAQ;IACR,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;QACrC,MAAM,QAAQ,GACb,KAAK,CAAC,kBAAkB,KAAK,CAAC;YAC7B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC;YACnC,CAAC,CAAC,KAAK,CAAC,GAAG,CACT,GAAG,KAAK,CAAC,kBAAkB,qBAAqB,KAAK,CAAC,aAAa,cAAc,KAAK,CAAC,SAAS,QAAQ,CACxG,CAAC;QACL,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,aAAa,KAAK,CAAC,SAAS,KAAK,CACtE,CAAC;IACH,CAAC;IAED,WAAW;IACX,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC;QACvC,MAAM,aAAa,GAClB,IAAI,CAAC,SAAS,GAAG,GAAG;YACnB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI;gBACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,CAAC;gBACpD,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,aAAa,sBAAsB,IAAI,CAAC,UAAU,sBAAsB,IAAI,CAAC,SAAS,KAAK,CAC3H,CAAC;QACF,OAAO,CAAC,GAAG,CACV,KAAK,CAAC,IAAI,CACT,qBAAqB,IAAI,CAAC,eAAe,cAAc,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CACvF,CACD,CAAC;IACH,CAAC;IAED,UAAU;IACV,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;QACvC,MAAM,YAAY,GAAG,MAAM,CAAC,oBAAoB;YAC/C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,6BAA6B,CAAC;YAC1C,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,YAAY,aAAa,MAAM,CAAC,SAAS,KAAK,CAC7E,CAAC;QACF,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,GAAG,CACV,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAChE,CAAC;QACH,CAAC;IACF,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC;QAC7C,MAAM,eAAe,GAAG,SAAS,CAAC,oBAAoB;YACrD,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACtC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CACV,KAAK,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,eAAe,aAAa,SAAS,CAAC,SAAS,KAAK,CACtF,CAAC;QACF,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CACV,KAAK,CAAC,IAAI,CAAC,kBAAkB,SAAS,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CACvE,CAAC;QACH,CAAC;IACF,CAAC;IAED,cAAc;IACd,IAAI,MAAM,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,UAAU;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACvC,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;IACtC,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;IACzC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACvC,QAAQ,KAAK,EAAE,CAAC;QACf,KAAK,WAAW;YACf,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC9C,KAAK,SAAS;YACb,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/C,KAAK,MAAM;YACV,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C;YACC,OAAO,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;AACF,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,cAAsB;IACpD,IAAI,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC;IACD,IACC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClC,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,EACnC,CAAC;QACF,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB;IACxC,QAAQ,QAAQ,EAAE,CAAC;QAClB,KAAK,UAAU;YACd,OAAO,IAAI,CAAC;QACb,KAAK,MAAM;YACV,OAAO,IAAI,CAAC;QACb,KAAK,QAAQ;YACZ,OAAO,IAAI,CAAC;QACb,KAAK,KAAK;YACT,OAAO,IAAI,CAAC;QACb;YACC,OAAO,GAAG,CAAC;IACb,CAAC;AACF,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACzC,QAAQ,QAAQ,EAAE,CAAC;QAClB,KAAK,UAAU;YACd,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;QACvB,KAAK,MAAM;YACV,OAAO,KAAK,CAAC,GAAG,CAAC;QAClB,KAAK,QAAQ;YACZ,OAAO,KAAK,CAAC,MAAM,CAAC;QACrB,KAAK,KAAK;YACT,OAAO,KAAK,CAAC,IAAI,CAAC;QACnB;YACC,OAAO,KAAK,CAAC,IAAI,CAAC;IACpB,CAAC;AACF,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACzC,OAAO,QAAQ;SACb,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,IAAI,CAAC,CAAC;AACd,CAAC"}

package/dist/ui/scanReporter.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/ui/scanReporter.js

@@ -0,0 +1,4 @@
+export {};
+// Display project scan reports
+// Will be implemented in Phase 5
+//# sourceMappingURL=scanReporter.js.map

package/dist/ui/scanReporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanReporter.js","sourceRoot":"","sources":["../../src/ui/scanReporter.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,iCAAiC"}

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "safe-pkg",
+  "type": "module",
+  "description": "Security-first package installer with multi-layer vulnerability analysis before installation",
+  "version": "1.0.0",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "safe-pkg": "./dist/cli/index.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/joker7blue/safe-install.git"
+  },
+  "homepage": "https://github.com/joker7blue/safe-install#readme",
+  "files": [
+    "dist/**/*",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "security",
+    "npm",
+    "package-manager",
+    "vulnerability",
+    "audit",
+    "safety",
+    "malware-detection",
+    "typosquatting",
+    "cli"
+  ],
+  "author": "Georges Fouejio",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "execa": "^9.5.2",
+    "prompts": "^2.4.2"
+  },
+  "optionalDependencies": {
+    "@anthropic-ai/sdk": "^0.32.1"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "1.8.3",
+    "@changesets/cli": "^2.27.7",
+    "@total-typescript/tsconfig": "^1.0.4",
+    "@types/node": "^25.6.0",
+    "@types/prompts": "^2.4.9",
+    "typescript": "^5.5.3"
+  },
+  "bugs": {
+    "url": "https://github.com/joker7blue/safe-install/issues"
+  },
+  "scripts": {
+    "build": "tsc",
+    "check": "biome check --write ./src",
+    "workflow:check": "biome check ./src",
+    "test": "pnpm run build && node dist/test.js",
+    "release": "pnpm run build && changeset publish"
+  }
+}