supascan 0.2.3 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +96 -0
  2. package/package.json +1 -1
  3. package/supascan.js +98 -68
package/README.md ADDED
@@ -0,0 +1,96 @@
1
+ # supascan
2
+
3
+ [![.github/workflows/tests.yml](https://github.com/abhishekg999/supascan/actions/workflows/tests.yml/badge.svg)](https://github.com/abhishekg999/supascan/actions/workflows/tests.yml) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/abhishekg999/supascan/master/LICENCE)
4
+
5
+ **supascan** is an automated security scanner for Supabase databases. It detects exposed data, analyzes Row Level Security (RLS) policies, tests RPC functions, and generates comprehensive security reports.
6
+
7
+ ## Features
8
+
9
+ - Automated schema and table discovery
10
+ - RLS policy effectiveness testing
11
+ - Exposed data detection with row count estimation
12
+ - RPC function parameter analysis and testing
13
+ - JWT token decoding and validation
14
+ - Multiple output formats (Console, JSON, HTML)
15
+ - Interactive HTML reports with live query interface
16
+ - Credential extraction from JavaScript files (experimental)
17
+
18
+ ## Installation
19
+
20
+ **Note:**
21
+
22
+ - Primarily tested with [Bun](https://bun.sh) runtime (Node.js support is experimental)
23
+
24
+ **Bun:**
25
+
26
+ ```bash
27
+ bun install -g supascan
28
+ ```
29
+
30
+ **NPM:**
31
+
32
+ ```bash
33
+ npm install -g supascan
34
+ ```
35
+
36
+ **From source:**
37
+
38
+ ```bash
39
+ git clone https://github.com/abhishekg999/supascan.git
40
+ cd supascan
41
+ bun install
42
+ bun run build
43
+ ```
44
+
45
+ ## Usage
46
+
47
+ To get basic options and usage:
48
+
49
+ ```bash
50
+ supascan --help
51
+ ```
52
+
53
+ ### Quick Start
54
+
55
+ ```bash
56
+ # Basic security scan
57
+ supascan --url https://your-project.supabase.co --key your-anon-key
58
+
59
+ # Generate HTML report
60
+ supascan --url https://your-project.supabase.co --key your-anon-key --html
61
+
62
+ # Analyze specific schema
63
+ supascan --url https://your-project.supabase.co --key your-anon-key --schema public
64
+
65
+ # Dump table data
66
+ supascan --url https://your-project.supabase.co --key your-anon-key --dump public.users --limit 100
67
+
68
+ # Test RPC function
69
+ supascan --url https://your-project.supabase.co --key your-anon-key --rpc public.my_function --args '{"param": "value"}'
70
+ ```
71
+
72
+ ## Development
73
+
74
+ ```bash
75
+ # Install dependencies
76
+ bun install
77
+
78
+ # Run locally
79
+ bun run start
80
+
81
+ # Run tests
82
+ bun test
83
+
84
+ # Build
85
+ bun run build
86
+ ```
87
+
88
+ ## License
89
+
90
+ supascan is distributed under the [MIT License](LICENCE).
91
+
92
+ ## Links
93
+
94
+ - **Homepage**: https://github.com/abhishekg999/supascan
95
+ - **Issues**: https://github.com/abhishekg999/supascan/issues
96
+ - **NPM**: https://www.npmjs.com/package/supascan
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "supascan",
3
- "version": "0.2.3",
3
+ "version": "0.3.0",
4
4
  "description": "Automated security scanner for Supabase databases - detect exposed data, analyze RLS policies, and test RPC functions",
5
5
  "license": "MIT",
6
6
  "author": "Abhishek Govindarasu",