npm - sertivibed - Versions diffs - 0.1.0 - Mend

sertivibed 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/utils/rg.js ADDED Viewed

@@ -0,0 +1,222 @@
+"use strict";
+/**
+ * Ripgrep Wrapper
+ *
+ * Kjører ripgrep (rg) med JSON output for stabil parsing.
+ * Fallback til grep hvis rg ikke er installert.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isRipgrepAvailable = isRipgrepAvailable;
+exports.search = search;
+exports.searchAbsence = searchAbsence;
+exports.getExpandedContext = getExpandedContext;
+const child_process_1 = require("child_process");
+// ============================================
+// CHECK AVAILABILITY
+// ============================================
+function isRipgrepAvailable() {
+    try {
+        // På Windows må vi bruke cmd.exe som shell for å finne rg i PATH
+        const result = (0, child_process_1.execSync)("rg --version", {
+            stdio: "pipe",
+            shell: process.platform === "win32" ? "cmd.exe" : "/bin/sh"
+        });
+        return true;
+    }
+    catch {
+        // rg not available, will fall back to grep
+        return false;
+    }
+}
+/**
+ * Søk etter pattern i filer med ripgrep
+ */
+function search(options) {
+    const { pattern, paths, cwd, ignoreCase = true, contextLines = 3 } = options;
+    if (!isRipgrepAvailable()) {
+        return searchWithGrep(options);
+    }
+    const args = [
+        "--json",
+        "--no-heading",
+        "--line-number",
+        `-C${contextLines}`,
+        ignoreCase ? "--ignore-case" : "",
+        "--glob", "!node_modules/**",
+        "--glob", "!dist/**",
+        "--glob", "!.next/**",
+        "--glob", "!.git/**",
+        "--glob", "!*.min.js",
+        "-e", pattern,
+        ...paths.flatMap(p => ["--glob", p])
+    ].filter(Boolean);
+    try {
+        const result = (0, child_process_1.spawnSync)("rg", args, {
+            cwd,
+            encoding: "utf-8",
+            maxBuffer: 10 * 1024 * 1024, // 10MB
+        });
+        // rg returnerer exit code 1 hvis ingen matches (ikke en feil)
+        if (result.status !== 0 && result.status !== 1) {
+            return { found: false, matches: [], matchCount: 0 };
+        }
+        const matches = parseRipgrepOutput(result.stdout || "", cwd);
+        return {
+            found: matches.length > 0,
+            matches,
+            matchCount: matches.length
+        };
+    }
+    catch {
+        return { found: false, matches: [], matchCount: 0 };
+    }
+}
+/**
+ * Sjekk om pattern IKKE finnes (for absence-regler)
+ */
+function searchAbsence(options) {
+    const result = search(options);
+    return {
+        found: !result.found, // Invertert: "funnet" betyr at pattern MANGLER
+        matches: [], // Ingen matches for absence
+        matchCount: 0
+    };
+}
+// ============================================
+// PARSING
+// ============================================
+function parseRipgrepOutput(output, cwd) {
+    const lines = output.trim().split("\n").filter(Boolean);
+    const matches = [];
+    const seenLocations = new Set();
+    for (const line of lines) {
+        try {
+            const parsed = JSON.parse(line);
+            if (parsed.type === "match") {
+                const match = parsed;
+                const path = match.data.path.text;
+                const lineNum = match.data.line_number;
+                const locationKey = `${path}:${lineNum}`;
+                // Dedupliser
+                if (seenLocations.has(locationKey))
+                    continue;
+                seenLocations.add(locationKey);
+                const matchText = match.data.submatches?.[0]?.match?.text || "";
+                matches.push({
+                    path: path.replace(cwd + "/", ""), // Relativ path
+                    lineStart: Math.max(1, lineNum - 2),
+                    lineEnd: lineNum + 2,
+                    snippet: match.data.lines.text.trim(),
+                    matchText
+                });
+            }
+        }
+        catch {
+            // Ignorer linjer som ikke er valid JSON
+        }
+    }
+    return matches;
+}
+// ============================================
+// FALLBACK: GREP
+// ============================================
+function searchWithGrep(options) {
+    const { pattern, paths, cwd, ignoreCase = true } = options;
+    // Build include patterns from paths
+    const includeArgs = [];
+    for (const p of paths) {
+        // Convert glob to grep include pattern
+        // e.g., "**/*.sql" -> "--include=*.sql"
+        const match = p.match(/\*\*\/\*\.(\w+)$/) || p.match(/\*\.(\w+)$/);
+        if (match) {
+            includeArgs.push("--include", `*.${match[1]}`);
+        }
+    }
+    // Fallback: include common file types if no specific includes
+    if (includeArgs.length === 0) {
+        includeArgs.push("--include", "*.ts", "--include", "*.tsx", "--include", "*.js", "--include", "*.jsx", "--include", "*.sql");
+    }
+    const args = [
+        "-r",
+        "-n",
+        ignoreCase ? "-i" : "",
+        "-E", // Extended regex
+        ...includeArgs,
+        "--exclude-dir=node_modules",
+        "--exclude-dir=dist",
+        "--exclude-dir=.next",
+        "--exclude-dir=.git",
+        pattern,
+        "."
+    ].filter(Boolean);
+    try {
+        // Don't use shell on Windows - it breaks argument handling
+        const result = (0, child_process_1.spawnSync)("grep", args, {
+            cwd,
+            encoding: "utf-8",
+        });
+        if (result.status !== 0 && result.status !== 1) {
+            return { found: false, matches: [], matchCount: 0 };
+        }
+        const matches = parseGrepOutput(result.stdout || "");
+        return {
+            found: matches.length > 0,
+            matches,
+            matchCount: matches.length
+        };
+    }
+    catch {
+        return { found: false, matches: [], matchCount: 0 };
+    }
+}
+function parseGrepOutput(output) {
+    const lines = output.trim().split("\n").filter(Boolean);
+    const matches = [];
+    for (const line of lines) {
+        // Format: ./path/to/file.ts:123:matched line content
+        const match = line.match(/^\.?\/?([^:]+):(\d+):(.*)$/);
+        if (match) {
+            const [, path, lineStr, content] = match;
+            const lineNum = parseInt(lineStr, 10);
+            matches.push({
+                path,
+                lineStart: lineNum,
+                lineEnd: lineNum,
+                snippet: content.trim(),
+                matchText: content.trim()
+            });
+        }
+    }
+    return matches;
+}
+// ============================================
+// CONTEXT FETCHING
+// ============================================
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Hent flere linjer rundt en match for bedre kontekst
+ */
+function getExpandedContext(cwd, filePath, lineNumber, contextBefore = 3, contextAfter = 3) {
+    const fullPath = (0, path_1.join)(cwd, filePath);
+    if (!(0, fs_1.existsSync)(fullPath)) {
+        return "[File not found]";
+    }
+    try {
+        const content = (0, fs_1.readFileSync)(fullPath, "utf-8");
+        const lines = content.split("\n");
+        const start = Math.max(0, lineNumber - 1 - contextBefore);
+        const end = Math.min(lines.length, lineNumber + contextAfter);
+        return lines
+            .slice(start, end)
+            .map((line, i) => {
+            const num = start + i + 1;
+            const marker = num === lineNumber ? "→" : " ";
+            return `${marker} ${num.toString().padStart(4)}: ${line}`;
+        })
+            .join("\n");
+    }
+    catch {
+        return "[Could not read file]";
+    }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,47 @@
+{
+  "name": "sertivibed",
+  "version": "0.1.0",
+  "description": "Evidence-first security scanner for Supabase/React apps",
+  "bin": {
+    "sertivibed": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "ts-node src/cli.ts",
+    "scan": "ts-node src/cli.ts scan",
+    "test": "node --test"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sertivibed/sertivibed-cli"
+  },
+  "keywords": [
+    "security",
+    "supabase",
+    "rls",
+    "scanner",
+    "audit",
+    "react",
+    "nextjs",
+    "prisma"
+  ],
+  "author": "Håkon Haugen",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "chalk": "^5.3.0",
+    "handlebars": "^4.7.8"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.0.0",
+    "ts-node": "^10.9.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist",
+    "templates"
+  ]
+}