supascan 0.3.0 → 4.0.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "supascan",
-  "version": "0.3.0",
+  "version": "4.0.1",
   "description": "Automated security scanner for Supabase databases - detect exposed data, analyze RLS policies, and test RPC functions",
   "license": "MIT",
   "author": "Abhishek Govindarasu",

package/supascan.js

@@ -222,4 +222,4 @@ Table: ${d}.${l} (${n.value.count} total rows, showing ${n.value.rows.length})
 Query Execution Plan:
 `),console.log(p.value);else if(console.log(`
 RPC Result:
-`),Array.isArray(p.value))console.table(p.value);else console.log(JSON.stringify(p.value,null,2))}var S2=Y1(H2(),1);async function N2(e){let{url:a,key:t}=e;if(e.extract){let n=fd(e.extract),p;while(!0){let r=await n.next();if(r.done){p=r.value;break}if(e.debug){let s=r.value;if(s.type==="content_fetched")console.error(`[DEBUG] Fetched ${s.data.size} bytes (${s.data.contentType})`);else if(s.type==="script_checking")console.error(`[DEBUG] Checking script: ${s.data.scriptUrl}`)}}if(!p||!p.success)throw Error(`Failed to extract credentials: ${p?.error.message??"Unknown error"}`);if(a=p.value.url,t=p.value.key,p.value.source)T.success(`Extracted credentials from: ${p.value.source}`);else T.success("Extracted credentials from target");if(e.debug)console.error(`[DEBUG] URL: ${a}`),console.error(`[DEBUG] Key: ${t?.substring(0,20)}...`)}if(!a||!t)throw Error("Either provide --url and --key, or use --extract <url>");let d=e.header&&e.header.length>0?kd(e.header):void 0,i=S2.createClient(a,t,d?{global:{headers:d}}:void 0);return{debug:e.debug||!1,json:e.json||!1,html:e.html||!1,suppressExperimentalWarnings:e.suppressExperimentalWarnings||!1,url:a,key:t,headers:d,client:i}}var k2={name:"supascan",version:"0.0.0",private:!0,type:"module",main:"./dist/supascan.js",bin:{supascan:"./dist/supascan.js"},files:["dist/**"],scripts:{build:"bun run build.ts",dev:"bun run src/index.ts",lint:"tsc --noEmit"},dependencies:{"@commander-js/extra-typings":"^14.0.0","@supabase/supabase-js":"^2.75.0","@supascan/core":"workspace:*",commander:"^14.0.1",picocolors:"^1.1.1"},devDependencies:{"@types/bun":"latest",typescript:"^5.9.3"}};var D2=k2.version;var V2=new id;V2.name("supascan").description("Security analysis tool for Supabase").version(D2).option("-u, --url <url>","Supabase URL").option("-k, --key <key>","Supabase anon key").option("-s, --schema <schema>","Schema to analyze (default: all schemas)").option("-x, --extract <url>","Extract credentials from JS file URL (experimental)").option("--dump <schema.table|schema>","Dump data from specific table or swagger JSON from schema").option("--limit <number>","Limit rows for dump or RPC results","10").option("--rpc <schema.rpc_name>","Call an RPC function (read-only operations only)").option("--args <json>","JSON arguments for RPC call (use $VAR for environment variables)").option("-H, --header <header>","Add custom HTTP header (can be used multiple times)",[]).option("--json","Output as JSON").option("--html","Generate HTML report").option("-d, --debug","Enable debug mode").option("--explain","Show query execution plan").option("--suppress-experimental-warnings","Suppress experimental warnings").action(async(e)=>{try{if(e.json&&e.html)T.error("Cannot use --json and --html together. Please choose one."),process.exit(1);if(e.suppressExperimentalWarnings)Xd(!0);if(e.extract)Zd();let a=await N2({...e,header:Array.isArray(e.header)?e.header:e.header?[e.header]:void 0});if(e.rpc){await Dd(a,{rpc:e.rpc,args:e.args,limit:e.limit,explain:e.explain});return}if(e.dump){await Sd(a,{dump:e.dump,limit:e.limit});return}await Hd(a,{schema:e.schema})}catch(a){T.error("Command failed",a instanceof Error?a.message:String(a)),process.exit(1)}});if(Q.main==Q.module)await V2.parseAsync(process.argv);
+`),Array.isArray(p.value))console.table(p.value);else console.log(JSON.stringify(p.value,null,2))}var S2=Y1(H2(),1);async function N2(e){let{url:a,key:t}=e;if(e.extract){let n=fd(e.extract),p;while(!0){let r=await n.next();if(r.done){p=r.value;break}if(e.debug){let s=r.value;if(s.type==="content_fetched")console.error(`[DEBUG] Fetched ${s.data.size} bytes (${s.data.contentType})`);else if(s.type==="script_checking")console.error(`[DEBUG] Checking script: ${s.data.scriptUrl}`)}}if(!p||!p.success)throw Error(`Failed to extract credentials: ${p?.error.message??"Unknown error"}`);if(a=p.value.url,t=p.value.key,p.value.source)T.success(`Extracted credentials from: ${p.value.source}`);else T.success("Extracted credentials from target");if(e.debug)console.error(`[DEBUG] URL: ${a}`),console.error(`[DEBUG] Key: ${t?.substring(0,20)}...`)}if(!a||!t)throw Error("Either provide --url and --key, or use --extract <url>");let d=e.header&&e.header.length>0?kd(e.header):void 0,i=S2.createClient(a,t,d?{global:{headers:d}}:void 0);return{debug:e.debug||!1,json:e.json||!1,html:e.html||!1,suppressExperimentalWarnings:e.suppressExperimentalWarnings||!1,url:a,key:t,headers:d,client:i}}var k2={name:"supascan",version:"4.0.1",description:"Automated security scanner for Supabase databases - detect exposed data, analyze RLS policies, and test RPC functions",license:"MIT",author:"Abhishek Govindarasu",workspaces:["apps/*","packages/*"],scripts:{build:"turbo run build","build:cli":"turbo run build --filter supascan","build:web":"turbo run build --filter @supascan/web","build:core":"turbo run build --filter @supascan/core","build:bundle":"bun run build:cli && mkdir -p dist && cp apps/cli/dist/supascan.js dist/supascan.js && cp package.publish.json dist/package.json && cp README.md dist/README.md","build:binary":"bun run build:cli && cd apps/cli && bun build --compile --minify --sourcemap src/index.ts --outfile ../../dist/supascan",dev:"turbo run dev","dev:web":"cd apps/web && bun run dev",cli:"cd apps/cli && bun run dev",start:"node apps/cli/dist/supascan.js",lint:"turbo run lint","lint:cli":"turbo run lint --filter supascan","lint:web":"turbo run lint --filter @supascan/web",test:"turbo run test",clean:"rm -rf apps/*/dist packages/*/dist node_modules/.cache .turbo dist",format:"prettier --write .",prepublishOnly:"bun run build:bundle"},devDependencies:{"@types/bun":"latest","@types/react":"^19","@types/react-dom":"^19",knip:"^5.64.3",prettier:"^3.6.2",turbo:"latest",typescript:"^5.9.3"},packageManager:"bun@1.1.0",repository:{type:"git",url:"git+https://github.com/abhishekg999/supascan.git"},homepage:"https://github.com/abhishekg999/supascan#readme",bugs:{url:"https://github.com/abhishekg999/supascan/issues"}};var D2=k2.version;var V2=new id;V2.name("supascan").description("Security analysis tool for Supabase").version(D2).option("-u, --url <url>","Supabase URL").option("-k, --key <key>","Supabase anon key").option("-s, --schema <schema>","Schema to analyze (default: all schemas)").option("-x, --extract <url>","Extract credentials from JS file URL (experimental)").option("--dump <schema.table|schema>","Dump data from specific table or swagger JSON from schema").option("--limit <number>","Limit rows for dump or RPC results","10").option("--rpc <schema.rpc_name>","Call an RPC function (read-only operations only)").option("--args <json>","JSON arguments for RPC call (use $VAR for environment variables)").option("-H, --header <header>","Add custom HTTP header (can be used multiple times)",[]).option("--json","Output as JSON").option("--html","Generate HTML report").option("-d, --debug","Enable debug mode").option("--explain","Show query execution plan").option("--suppress-experimental-warnings","Suppress experimental warnings").action(async(e)=>{try{if(e.json&&e.html)T.error("Cannot use --json and --html together. Please choose one."),process.exit(1);if(e.suppressExperimentalWarnings)Xd(!0);if(e.extract)Zd();let a=await N2({...e,header:Array.isArray(e.header)?e.header:e.header?[e.header]:void 0});if(e.rpc){await Dd(a,{rpc:e.rpc,args:e.args,limit:e.limit,explain:e.explain});return}if(e.dump){await Sd(a,{dump:e.dump,limit:e.limit});return}await Hd(a,{schema:e.schema})}catch(a){T.error("Command failed",a instanceof Error?a.message:String(a)),process.exit(1)}});if(Q.main==Q.module)await V2.parseAsync(process.argv);