secure-repo 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +34 -2
- package/package.json +1 -1
package/bin/cli.js
CHANGED
|
@@ -482,6 +482,29 @@ function importPack() {
|
|
|
482
482
|
// ============================================================
|
|
483
483
|
// AUDIT — scan repo for security issues (the viral command)
|
|
484
484
|
// ============================================================
|
|
485
|
+
function checkForUpdate() {
|
|
486
|
+
return new Promise((resolve) => {
|
|
487
|
+
const timeout = setTimeout(() => resolve(null), 3000);
|
|
488
|
+
https.get("https://registry.npmjs.org/secure-repo/latest", (res) => {
|
|
489
|
+
let data = "";
|
|
490
|
+
res.on("data", (chunk) => (data += chunk));
|
|
491
|
+
res.on("end", () => {
|
|
492
|
+
clearTimeout(timeout);
|
|
493
|
+
try {
|
|
494
|
+
const latest = JSON.parse(data).version;
|
|
495
|
+
const pkg = require("../package.json");
|
|
496
|
+
resolve(latest !== pkg.version ? latest : null);
|
|
497
|
+
} catch {
|
|
498
|
+
resolve(null);
|
|
499
|
+
}
|
|
500
|
+
});
|
|
501
|
+
}).on("error", () => {
|
|
502
|
+
clearTimeout(timeout);
|
|
503
|
+
resolve(null);
|
|
504
|
+
});
|
|
505
|
+
});
|
|
506
|
+
}
|
|
507
|
+
|
|
485
508
|
function audit() {
|
|
486
509
|
const targetDir = getArg("--output") || process.cwd();
|
|
487
510
|
|
|
@@ -496,7 +519,7 @@ function audit() {
|
|
|
496
519
|
// Score weights (total = 100)
|
|
497
520
|
const SCORE_WEIGHTS = {
|
|
498
521
|
policyHigh: 10, // 4 high-severity files × 10 = 40
|
|
499
|
-
policyMedium: 5, //
|
|
522
|
+
policyMedium: 5, // 4 medium-severity files × 5 = 20
|
|
500
523
|
gitignoreEnv: 10, // .env in .gitignore
|
|
501
524
|
noEnvFiles: 10, // no committed .env files
|
|
502
525
|
envExample: 5, // .env.example exists
|
|
@@ -664,7 +687,16 @@ function audit() {
|
|
|
664
687
|
console.log(" Run: npx secure-repo upgrade");
|
|
665
688
|
}
|
|
666
689
|
|
|
667
|
-
|
|
690
|
+
// Check for newer version (non-blocking)
|
|
691
|
+
checkForUpdate().then((latest) => {
|
|
692
|
+
if (latest) {
|
|
693
|
+
console.log(`\n Update available: v${latest} (you have v${require("../package.json").version})`);
|
|
694
|
+
console.log(" Run: npx secure-repo@latest init\n");
|
|
695
|
+
} else {
|
|
696
|
+
console.log();
|
|
697
|
+
}
|
|
698
|
+
});
|
|
699
|
+
|
|
668
700
|
return issues;
|
|
669
701
|
}
|
|
670
702
|
|
package/package.json
CHANGED