sentinel-scanner 2.4.1 → 2.5.0

package/package.json

@@ -1,104 +1,71 @@
 {
-  "name": "sentinel-scanner",
-  "description": "[WIP] An open-source web app vulnerability scanner developed by Rebackk.",
-  "version": "2.4.1",
-  "exports": "./build/index.js",
-  "types": "./build/index.d.ts",
-  "bin": "./build/bin.js",
-  "type": "module",
-  "main": "./build/index.js",
-  "license": "Apache-2.0",
-  "engines": {
-    "node": "^22.11.0",
-    "npm": "^10.5.0"
-  },
-  "volta": {
-    "node": "^22.11.0",
-    "npm": "^10.5.0"
-  },
-  "keywords": [
-    "nodejs",
-    "npm-package",
-    "owasp",
-    "sentinel",
-    "cybersecurity",
-    "penetration-testing",
-    "web-security",
-    "vulnerability-detection",
-    "vulnerability-scanner",
-    "api-security",
-    "threat-detection",
-    "security-tool",
-    "webapp-scanner",
-    "ai-powered",
-    "automated-scanning",
-    "spider-scanner",
-    "scanner",
-    "typescript"
-  ],
-  "publishConfig": {
-    "access": "public"
-  },
-  "scripts": {
-    "build": "node --disable-warning=ExperimentalWarning --experimental-strip-types  ./scripts/build.ts",
-    "clean": "rimraf build coverage",
-    "type:check": "tsc --noEmit",
-    "lint": "biome check . --write --unsafe",
-    "lint:check": "biome ci .",
-    "test": "npm run build && ava src/__tests__/*.ts",
-    "test:watch": "npm run build && ava src/__tests__/*.ts --watch",
-    "test:coverage": "npm run build && ava src/__tests__/*.ts --coverage",
-    "spell:check": "cspell \"{DISCLAIMER.md,README.md,CODE_OF_CONDUCT.md,CONTRIBUTING.md,.github/*.md,src/**/*.ts}\"",
-    "cz": "cz",
-    "semantic-release": "semantic-release",
-    "prepare": "husky",
-    "audit": "better-npm-audit audit",
-    "audit:fix": "better-npm-audit --fix"
-  },
-  "devDependencies": {
-    "@biomejs/biome": "^1.9.4",
-    "@microsoft/api-extractor": "^7.47.11",
-    "@ryansonshine/commitizen": "^4.2.8",
-    "@ryansonshine/cz-conventional-changelog": "^3.3.4",
-    "@semantic-release/changelog": "^6.0.3",
-    "@semantic-release/commit-analyzer": "^13.0.0",
-    "@semantic-release/github": "^10.3.5",
-    "@semantic-release/npm": "^12.0.1",
-    "@semantic-release/release-notes-generator": "^14.0.1",
-    "@types/axios": "^0.9.36",
-    "@types/isomorphic-fetch": "^0.0.39",
-    "@types/jsdom": "^21.1.7",
-    "@types/node": "^22.9.0",
-    "@types/prompts": "^2.4.9",
-    "@types/puppeteer": "^5.4.7",
-    "@types/user-agents": "^1.0.4",
-    "@types/yargs": "^17.0.33",
-    "ae-cvss-calculator": "^1.0.2",
-    "ava": "^6.2.0",
-    "better-npm-audit": "^3.11.0",
-    "c8": "^10.1.2",
-    "cspell": "^8.15.7",
-    "cz-conventional-changelog": "^3.3.0",
-    "esbuild": "^0.24.0",
-    "husky": "^9.1.6",
-    "rimraf": "^6.0.1",
-    "semantic-release": "^24.2.0",
-    "threads": "^1.7.0",
-    "tiny-worker": "^2.3.0",
-    "typescript": "^5.4.2",
-    "winston": "^3.17.0"
-  },
-  "config": {
-    "commitizen": {
-      "path": "./node_modules/cz-conventional-changelog"
-    }
-  },
-  "dependencies": {
-    "cross-spawn": "^7.0.5",
-    "cvssify": "^1.0.0",
-    "jsdom": "^25.0.1",
-    "puppeteer": "^23.8.0",
-    "user-agents": "^1.1.359",
-    "yargs": "^17.7.2"
-  }
+	"name": "sentinel-scanner",
+	"version": "2.5.0",
+	"description": "[WIP] An open-source web app vulnerability scanner developed by Rebackk.",
+	"type": "module",
+	"bin": "./build/index.js",
+	"types": "./build/index.d.ts",
+	"license": "Apache-2.0",
+	"homepage": "https://rebackkhq.github.io/webapp-scanner/",
+	"engines": {
+		"node": "^22.8.0",
+		"npm": "^10.9.1"
+	},
+	"volta": {
+		"node": "22.8.0",
+		"npm": "^10.9.1"
+	},
+	"publishConfig": {
+		"access": "public"
+	},
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/RebackkHQ/webapp-scanner.git"
+	},
+	"scripts": {
+		"build": "node --disable-warning=ExperimentalWarning --experimental-strip-types  ./scripts/build.ts",
+		"clean": "rimraf build coverage",
+		"type:check": "tsc --noEmit",
+		"lint": "biome check . --write --unsafe",
+		"lint:check": "biome ci .",
+		"test": "node --disable-warning=ExperimentalWarning --experimental-strip-types ./scripts/test.ts test",
+		"test:watch": "node --disable-warning=ExperimentalWarning --experimental-strip-types ./scripts/test.ts test:watch",
+		"test:coverage": "node --disable-warning=ExperimentalWarning --experimental-strip-types ./scripts/test.ts test:coverage",
+		"spell:check": "cspell \"{README.md,CODE_OF_CONDUCT.md,CONTRIBUTING.md,.github/*.md,src/**/*.ts}\"",
+		"cz": "cz",
+		"semantic-release": "semantic-release",
+		"prepare": "husky"
+	},
+	"devDependencies": {
+		"@biomejs/biome": "^1.9.4",
+		"@microsoft/api-extractor": "^7.47.11",
+		"@ryansonshine/commitizen": "^4.2.8",
+		"@ryansonshine/cz-conventional-changelog": "^3.3.4",
+		"@semantic-release/changelog": "^6.0.3",
+		"@semantic-release/commit-analyzer": "^13.0.0",
+		"@semantic-release/github": "^10.3.5",
+		"@semantic-release/npm": "^12.0.1",
+		"@semantic-release/release-notes-generator": "^14.0.1",
+		"@types/node": "^22.9.0",
+		"@types/prompts": "^2.4.9",
+		"@types/yargs": "17.0.33",
+		"c8": "^10.1.2",
+		"cspell": "^8.16.0",
+		"cvssify": "1.0.1",
+		"cz-conventional-changelog": "^3.3.0",
+		"esbuild": "^0.23.1",
+		"husky": "9.1.7",
+		"node-html-parser": "6.1.13",
+		"rimraf": "^6.0.1",
+		"semantic-release": "^24.2.0",
+		"typescript": "^5.6.3",
+		"winston": "3.17.0",
+		"yargs": "17.7.2",
+		"zod": "3.23.8"
+	},
+	"config": {
+		"commitizen": {
+			"path": "./node_modules/cz-conventional-changelog"
+		}
+	}
 }

package/scripts/build.ts

@@ -11,100 +11,90 @@ const srcPath = path.join(process.cwd(), "src");
 const buildPath = path.join(process.cwd(), "build");
 
 async function clear(): Promise<void> {
-  const time = Date.now();
+	const time = Date.now();
 
-  await fs.rm(buildPath, { recursive: true, force: true });
+	await fs.rm(buildPath, { recursive: true, force: true });
 
-  // biome-ignore lint/suspicious/noConsoleLog: script file
-  console.log(`🚀 cleared in ${Date.now() - time}ms`);
+	// biome-ignore lint/suspicious/noConsoleLog: script file
+	// biome-ignore lint/suspicious/noConsole : script file
+	console.log(`🚀 cleared in ${Date.now() - time}ms`);
 }
 
 async function buildDts(): Promise<void> {
-  const time = Date.now();
-
-  const { stderr } = await execFile("tsc", [
-    "--emitDeclarationOnly",
-    "--project",
-    "tsconfig.build.json",
-  ]);
-
-  if (stderr) {
-    console.error(stderr);
-  }
-
-  // biome-ignore lint/suspicious/noConsoleLog: script file
-  console.log(`🚀 built definitions files in ${Date.now() - time} ms`);
+	const time = Date.now();
+
+	const { stderr } = await execFile("tsc", [
+		"--emitDeclarationOnly",
+		"--project",
+		"tsconfig.build.json",
+	]);
+
+	if (stderr) {
+		// biome-ignore lint/suspicious/noConsoleLog: script file
+		// biome-ignore lint/suspicious/noConsole : script file
+		console.error(stderr);
+	}
+
+	// biome-ignore lint/suspicious/noConsoleLog: script file
+	// biome-ignore lint/suspicious/noConsole : script file
+	console.log(`🚀 built definitions files in ${Date.now() - time} ms`);
 }
 
 async function extractDts(): Promise<void> {
-  const time = Date.now();
+	const time = Date.now();
 
-  const { stderr } = await execFile("api-extractor", ["run"]);
+	const { stderr } = await execFile("api-extractor", ["run"]);
 
-  if (stderr) {
-    console.error(stderr);
-  }
+	if (stderr) {
+		// biome-ignore lint/suspicious/noConsoleLog: script file
+		// biome-ignore lint/suspicious/noConsole : script file
+		console.error(stderr);
+	}
 
-  await rimraf("./build/*", { glob: true });
-  await fs.rename("trimmed.d.ts", "build/index.d.ts");
+	await rimraf("./build/*", { glob: true });
+	await fs.rename("trimmed.d.ts", "build/index.d.ts");
 
-  // biome-ignore lint/suspicious/noConsoleLog: script file
-  console.log(`🚀 extracted definitions files in ${Date.now() - time} ms`);
+	// biome-ignore lint/suspicious/noConsoleLog: script file
+	// biome-ignore lint/suspicious/noConsole : script file
+	console.log(`🚀 extracted definitions files in ${Date.now() - time} ms`);
 }
 
 async function build(): Promise<void> {
-  const time = Date.now();
-
-  const banner =
-    "const require = (await import('node:module')).createRequire(import.meta.url);";
-
-  await esbuild({
-    banner: { js: banner },
-    platform: "node",
-    format: "esm",
-    nodePaths: [srcPath],
-    sourcemap: false,
-    external: [],
-    bundle: true,
-    entryPoints: [path.join(srcPath, "index.ts"), path.join(srcPath, "bin.ts")],
-    outdir: buildPath,
-    footer: {
-      js: "// https://github.com/RebackkHQ/webapp-scanner",
-    },
-    inject: [path.resolve("./scripts/extras/document-shim.js")],
-    minify: true,
-  });
-
-  // biome-ignore lint/suspicious/noConsoleLog: script file
-  console.log(`🚀 bundled in ${Date.now() - time}ms`);
-}
-
-async function copyXhrSync() {
-  const currentPath = path.join(
-    process.cwd(),
-    "node_modules/jsdom/lib/jsdom/living/xhr/xhr-sync-worker.js"
-  );
-  const targetPath = path.join(buildPath, "xhr-sync-worker.js");
-
-  try {
-    // Check if the source file exists
-    await fs.access(currentPath);
-
-    // Copy the file to the build path
-    await fs.copyFile(currentPath, targetPath);
-
-    console.log(
-      "📄 xhr-sync-worker.js copied successfully to the build folder."
-    );
-  } catch (error) {
-    console.error("❌ Failed to copy xhr-sync-worker.js:", error);
-  }
+	const time = Date.now();
+
+	await esbuild({
+		platform: "node",
+		target: "node21",
+		format: "esm",
+		nodePaths: [srcPath],
+		sourcemap: false,
+		external: [],
+		bundle: true,
+		entryPoints: [path.join(srcPath, "index.ts")],
+		outdir: buildPath,
+		minify: true,
+		banner: {
+			js: "const require = (await import('node:module')).createRequire(import.meta.url);const __filename = (await import('node:url')).fileURLToPath(import.meta.url);const __dirname = (await import('node:path')).dirname(__filename);",
+		},
+		footer: {
+			js: `
+				/**
+				 * Github Repository: https://github.com/RebackkHQ/webapp-scanner
+				 * Author: Rebackk Team
+				 * License: Apache-2.0
+				 */
+			`,
+		},
+	});
+
+	// biome-ignore lint/suspicious/noConsoleLog: script file
+	// biome-ignore lint/suspicious/noConsole : script file
+	console.log(`🚀 bundled in ${Date.now() - time}ms`);
 }
 
 if (process.argv[1] === import.meta.filename) {
-  await clear();
-  await buildDts();
-  await extractDts();
-  await build();
-  await copyXhrSync();
+	await clear();
+	await buildDts();
+	await extractDts();
+	await build();
 }

package/scripts/test.ts

@@ -0,0 +1,55 @@
+import { spawn } from "node:child_process";
+
+async function runTests(
+	nodeOptions: string[] = [],
+	program = "node",
+	programOptions: string[] = [],
+	env: Record<string, string> = {},
+): Promise<void> {
+	const time = Date.now();
+
+	return new Promise((resolve, reject) => {
+		const nodeProcess = spawn(
+			program,
+			[
+				...programOptions,
+				"--disable-warning=ExperimentalWarning",
+				"--experimental-strip-types",
+				"--test",
+				...nodeOptions,
+				"src/**/*.test.ts",
+			],
+			{ stdio: "inherit", env: { ...process.env, ...env } },
+		);
+
+		nodeProcess.on("close", (code) => {
+			if (code === 0) {
+				resolve();
+			}
+
+			reject(`🚨 tests failed with code ${code} in ${Date.now() - time}ms`);
+		});
+	});
+}
+
+if (process.argv[1] === import.meta.filename) {
+	if (process.argv[2] === "test") {
+		await runTests();
+	}
+
+	if (process.argv[2] === "test:watch") {
+		await runTests(["--watch"]);
+	}
+
+	if (process.argv[2] === "test:coverage") {
+		await runTests(
+			["--experimental-test-coverage"],
+			"c8",
+			["-r", "html", "node"],
+			{
+				// biome-ignore lint/style/useNamingConvention: node options
+				NODE_V8_COVERAGE: "./coverage",
+			},
+		);
+	}
+}

package/src/__tests__/spider.test.ts

@@ -0,0 +1,44 @@
+import { equal } from "node:assert/strict";
+import { describe, it } from "node:test";
+import { Spider } from "../spider/index.ts";
+import type { SpiderConstructorOptions } from "../spider/types/index.ts";
+
+describe("Spider", async () => {
+	it("Should Throw Error", () => {
+		try {
+			// @ts-ignore - Testing Purposes
+			new Spider();
+		} catch (error) {
+			equal(error instanceof Error, true);
+		}
+	});
+
+	it("Should Return An Array", async () => {
+		try {
+			/**
+			 * Options for Spider constructor.
+			 */
+			const opts: SpiderConstructorOptions = {
+				seed: "https://www.example.com",
+				maxDepth: 1,
+				maxRetries: 1,
+				concurrency: 1,
+				ignoreExternalLinks: true,
+				timeout: 1000,
+			};
+			const spider = new Spider(opts);
+			const { seed, urls } = await spider.scan();
+
+			/**
+			 * Asserting the seed is equal to the seed URL.
+			 * Asserting the URLs is an array.
+			 * @param seed - Seed URL.
+			 * @param urls - Array of URLs.
+			 */
+			equal(seed, opts.seed);
+			equal(Array.isArray(urls), true);
+		} catch (_) {
+			equal(Array.isArray(_), true);
+		}
+	});
+});