npm - ship-safe - Versions diffs - 4.1.0 → 4.3.0 - Mend

ship-safe 4.1.0 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +65 -16
package/cli/__tests__/agents.test.js +722 -0
package/cli/agents/api-fuzzer.js +345 -224
package/cli/agents/auth-bypass-agent.js +348 -326
package/cli/agents/base-agent.js +262 -253
package/cli/agents/cicd-scanner.js +201 -200
package/cli/agents/config-auditor.js +529 -413
package/cli/agents/git-history-scanner.js +170 -167
package/cli/agents/html-reporter.js +370 -363
package/cli/agents/index.js +59 -56
package/cli/agents/injection-tester.js +455 -401
package/cli/agents/llm-redteam.js +251 -251
package/cli/agents/mobile-scanner.js +225 -225
package/cli/agents/orchestrator.js +263 -157
package/cli/agents/scoring-engine.js +225 -207
package/cli/agents/supabase-rls-agent.js +148 -0
package/cli/agents/supply-chain-agent.js +356 -274
package/cli/bin/ship-safe.js +29 -1
package/cli/commands/audit.js +875 -620
package/cli/commands/baseline.js +192 -0
package/cli/commands/doctor.js +149 -0
package/cli/commands/remediate.js +7 -3
package/cli/index.js +60 -53
package/cli/providers/llm-provider.js +287 -288
package/cli/utils/autofix-rules.js +74 -0
package/cli/utils/cache-manager.js +311 -258
package/cli/utils/pdf-generator.js +94 -0
package/package.json +2 -2

package/cli/bin/ship-safe.js CHANGED Viewed

@@ -34,6 +34,8 @@ import { scoreCommand } from '../commands/score.js';
 import { redTeamCommand } from '../commands/red-team.js';
 import { watchCommand } from '../commands/watch.js';
 import { auditCommand } from '../commands/audit.js';
+import { doctorCommand } from '../commands/doctor.js';
+import { baselineCommand } from '../commands/baseline.js';
 import { PolicyEngine } from '../agents/policy-engine.js';
 import { SBOMGenerator } from '../agents/sbom-generator.js';
@@ -141,6 +143,7 @@ program
   .option('--dry-run', 'Preview changes without writing any files')
   .option('--yes', 'Apply all fixes without prompting (for CI)')
   .option('--stage', 'Also run git add on modified files after fixing')
+  .option('--all', 'Also fix common agent findings (debug mode, TLS bypass, shell injection)')
   .action(remediateCommand);
 // -----------------------------------------------------------------------------
@@ -188,10 +191,16 @@ program
   .description('Full security audit: secrets + 12 agents + deps + score + remediation plan')
   .option('--json', 'Output results as JSON')
   .option('--sarif', 'Output results in SARIF format')
+  .option('--csv', 'Output results as CSV')
+  .option('--md', 'Output results as Markdown')
   .option('--html [file]', 'HTML report path (default: ship-safe-report.html)')
+  .option('--compare', 'Show detailed comparison with last scan')
+  .option('--timeout <ms>', 'Per-agent timeout in milliseconds (default: 30000)', parseInt)
   .option('--no-deps', 'Skip dependency audit')
   .option('--no-ai', 'Skip AI classification')
   .option('--no-cache', 'Force full rescan (ignore cached results)')
+  .option('--baseline', 'Only show findings not in the baseline')
+  .option('--pdf [file]', 'Generate PDF report (requires Chrome/Chromium)')
   .option('-v, --verbose', 'Verbose output')
   .action(auditCommand);
@@ -250,6 +259,24 @@ program
     }
   });
+// -----------------------------------------------------------------------------
+// BASELINE COMMAND (v4.3)
+// -----------------------------------------------------------------------------
+program
+  .command('baseline [path]')
+  .description('Create/manage a findings baseline — only report new findings on subsequent scans')
+  .option('--diff', 'Show what changed since baseline')
+  .option('--clear', 'Remove the baseline')
+  .action(baselineCommand);
+// -----------------------------------------------------------------------------
+// DOCTOR COMMAND
+// -----------------------------------------------------------------------------
+program
+  .command('doctor')
+  .description('Diagnose environment: check Node.js, git, API keys, cache, and dependencies')
+  .action(doctorCommand);
 // -----------------------------------------------------------------------------
 // PARSE AND RUN
 // -----------------------------------------------------------------------------
@@ -258,12 +285,13 @@ program
 if (process.argv.length === 2) {
   console.log(banner);
   console.log(chalk.yellow('\nQuick start:\n'));
-  console.log(chalk.cyan.bold('  v4.0 — Full Security Audit'));
+  console.log(chalk.cyan.bold('  v4.3 — Full Security Audit'));
   console.log(chalk.white('  npx ship-safe audit .       ') + chalk.gray('# Full audit: secrets + agents + deps + remediation plan'));
   console.log(chalk.white('  npx ship-safe red-team .    ') + chalk.gray('# 12-agent red team scan (50+ attack classes)'));
   console.log(chalk.white('  npx ship-safe watch .       ') + chalk.gray('# Continuous monitoring mode'));
   console.log(chalk.white('  npx ship-safe sbom .        ') + chalk.gray('# Generate CycloneDX SBOM'));
   console.log(chalk.white('  npx ship-safe policy init   ') + chalk.gray('# Create security policy template'));
+  console.log(chalk.white('  npx ship-safe doctor        ') + chalk.gray('# Check environment and configuration'));
   console.log();
   console.log(chalk.gray('  Core commands:'));
   console.log(chalk.white('  npx ship-safe agent .       ') + chalk.gray('# AI audit: scan + classify + auto-fix'));