supasec 1.0.0 → 1.0.2

package/AGENTS.md

@@ -0,0 +1,155 @@
+# SupaSec Development Guide
+
+## Project Overview
+
+SupaSec is a free, open-source CLI tool for comprehensive Supabase security auditing. It scans Supabase-powered websites and applications for security vulnerabilities including exposed secrets, misconfigured RLS policies, and authentication weaknesses.
+
+**GitHub:** https://github.com/Interpoolx/supasec  
+**NPM:** https://www.npmjs.com/package/supasec
+
+## Quick Commands
+
+### Development
+```bash
+npm install              # Install dependencies
+npm run build            # Compile TypeScript to dist/
+npm run dev              # Watch mode for development
+npm run lint             # Run ESLint
+npm test                 # Run Jest tests
+npm start                # Run CLI locally
+```
+
+### Publishing
+```bash
+# Publish using current version in package.json
+node scripts/publish.js
+
+# Publish as specific version (updates package.json + README)
+node scripts/publish.js 1.0.5
+```
+
+## Project Structure
+
+```
+src/
+├── cli.ts                    # Entry point and CLI setup
+├── commands/                 # CLI command handlers
+│   ├── scan.ts              # Main scan command
+│   ├── fix.ts               # Auto-fix command
+│   └── report.ts            # Report generation
+├── scanners/                # Security scanning modules
+│   ├── rls/                 # Row Level Security analyzer
+│   ├── secrets/             # Secrets detector
+│   ├── auth/                # Authentication analyzer
+│   ├── storage/             # Storage security checker
+│   └── api/                 # API security checker
+├── models/                  # Data models
+│   ├── finding.ts           # Finding interface
+│   ├── scan-result.ts       # Scan result model
+│   └── remediation.ts       # Fix recommendations
+├── reporters/               # Output formatters
+│   ├── terminal.ts          # Terminal/CLI output
+│   ├── json.ts              # JSON output
+│   └── html.ts              # HTML report generation
+└── utils/                   # Utility functions
+    ├── supabase-client.ts   # Supabase API client
+    ├── puppeteer-helper.ts  # Browser automation
+    └── logger.ts            # Logging utilities
+```
+
+## Key Files
+
+| File | Purpose |
+|------|---------|
+| `package.json` | Dependencies and scripts |
+| `tsconfig.json` | TypeScript configuration |
+| `.eslintrc.json` | Linting rules |
+| `scripts/publish.js` | Smart publish script |
+
+## Development Workflow
+
+1. **Make changes** in `src/`
+2. **Build locally** with `npm run build`
+3. **Test with** `npm start -- scan <url>`
+4. **Lint with** `npm run lint` (fix with `npm run lint -- --fix`)
+5. **Commit and push** to GitHub
+6. **Publish** with `node scripts/publish.js <version>`
+
+## Publishing Process
+
+The `scripts/publish.js` script automates:
+- ✓ Version management (package.json)
+- ✓ README updates with new version
+- ✓ TypeScript compilation
+- ✓ npm publish
+
+**Setup token once:**
+```bash
+npm config set //registry.npmjs.org/:_authToken npm_YOUR_TOKEN_HERE
+```
+
+**Then publish:**
+```bash
+node scripts/publish.js 1.0.6
+```
+
+## Common Issues
+
+| Issue | Solution |
+|-------|----------|
+| Build fails | Run `npm install` then `npm run build` |
+| Lint errors | Run `npm run lint -- --fix` |
+| npm publish fails | Check token: `npm config set //registry.npmjs.org/:_authToken YOUR_TOKEN` |
+| Outdated deps | Run `npm audit fix` or `npm update` |
+
+## Dependencies
+
+**Main:**
+- `@supabase/supabase-js` - Supabase client
+- `axios` - HTTP requests
+- `chalk` - Terminal colors
+- `commander` - CLI framework
+- `puppeteer` - Browser automation (for frontend scanning)
+
+**Dev:**
+- `typescript` - Language
+- `eslint` & `@typescript-eslint` - Linting
+- `jest` & `ts-jest` - Testing
+
+## Testing
+
+```bash
+npm test                           # Run all tests
+npm test -- --watch              # Watch mode
+npm test -- --coverage           # Coverage report
+```
+
+## Debugging
+
+```bash
+# Run with verbose logging
+DEBUG=supasec:* npm start -- scan <url>
+
+# Build in watch mode
+npm run dev
+
+# Check compiled output
+cat dist/cli.js
+```
+
+## Releasing
+
+1. Update version: `node scripts/publish.js X.Y.Z`
+2. This automatically:
+   - Updates `package.json`
+   - Updates `README.md`
+   - Compiles TypeScript
+   - Publishes to npm
+3. Create GitHub release with tag `vX.Y.Z`
+
+## Resources
+
+- [SupaSec Documentation](https://github.com/Interpoolx/supasec/wiki)
+- [Supabase Docs](https://supabase.com/docs)
+- [TypeScript Handbook](https://www.typescriptlang.org/docs)
+- [Commander.js Guide](https://github.com/tj/commander.js)

package/PUBLISHING.md

@@ -0,0 +1,51 @@
+# Publishing Guide
+
+## One-time Setup
+
+1. **Get npm token** from https://www.npmjs.com/settings/~/tokens
+2. **Set globally:**
+   ```bash
+   npm config set //registry.npmjs.org/:_authToken npm_YOUR_TOKEN_HERE
+   ```
+
+## Publishing
+
+### Using current version in package.json
+```bash
+node scripts/publish.js
+```
+
+### Publishing as new version
+```bash
+node scripts/publish.js 1.0.5
+```
+
+The script automatically:
+- ✓ Updates `package.json` version
+- ✓ Updates `README.md` with new version
+- ✓ Runs `npm run build`
+- ✓ Publishes to npm
+
+## Verify Publication
+
+```bash
+npm view supasec version
+```
+
+## Install Latest Version
+
+```bash
+npx supasec scan <url>
+```
+
+## What the Script Does
+
+| Step | Command |
+|------|---------|
+| 1. Set version | Updates `package.json` |
+| 2. Update docs | Updates `README.md` version tags |
+| 3. Build | Runs `npm run build` |
+| 4. Publish | Runs `npm publish` |
+| 5. Confirm | Shows installation instructions |
+
+If anything fails, the script reverts `package.json` to the previous version.

package/README.md

@@ -126,7 +126,7 @@ SupaSec performs comprehensive security checks across multiple categories:
 ## 📊 Example Output
 
 ```
-🔍 SupaSec - Supabase Security Audit v1.0.0
+🔍 SupaSec - Supabase Security Audit v1.0.2
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
 🎯 Target: https://myapp.com

package/package.json

@@ -1,69 +1,70 @@
-{
-  "name": "supasec",
-  "version": "1.0.0",
-  "description": "A free, open-source CLI tool for comprehensive Supabase security auditing",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "bin": {
-    "supasec": "dist/cli.js"
-  },
-  "scripts": {
-    "build": "tsc",
-    "dev": "tsc --watch",
-    "start": "node dist/cli.js",
-    "lint": "eslint src/**/*.ts",
-    "test": "jest",
-    "prepare": "npm run build"
-  },
-  "keywords": [
-    "supabase",
-    "security",
-    "audit",
-    "cli",
-    "rls",
-    "scanner",
-    "vulnerability",
-    "pentesting"
-  ],
-  "author": "SupaSec Team",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/yourusername/supasec.git"
-  },
-  "bugs": {
-    "url": "https://github.com/yourusername/supasec/issues"
-  },
-  "homepage": "https://github.com/yourusername/supasec#readme",
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "dependencies": {
-    "@supabase/supabase-js": "^2.38.0",
-    "axios": "^1.6.0",
-    "boxen": "^7.1.1",
-    "chalk": "^4.1.2",
-    "cheerio": "^1.0.0-rc.12",
-    "cli-table3": "^0.6.3",
-    "commander": "^11.1.0",
-    "enquirer": "^2.4.1",
-    "ora": "^7.0.1",
-    "puppeteer": "^21.5.0"
-  },
-  "devDependencies": {
-    "@humanwhocodes/config-array": "^0.13.0",
-    "@humanwhocodes/object-schema": "^2.0.3",
-    "@types/jest": "^29.5.0",
-    "@types/json-schema": "^7.0.15",
-    "@types/node": "^20.8.0",
-    "@types/phoenix": "^1.6.7",
-    "@typescript-eslint/eslint-plugin": "^8.54.0",
-    "@typescript-eslint/parser": "^8.54.0",
-    "eslint": "^9.39.2",
-    "glob": "^13.0.0",
-    "jest": "^29.7.0",
-    "rimraf": "^6.1.2",
-    "ts-jest": "^29.1.0",
-    "typescript": "^5.2.0"
-  }
-}
+{
+  "name": "supasec",
+  "version": "1.0.2",
+  "description": "A free, open-source CLI tool for comprehensive Supabase security auditing",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "supasec": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/cli.js",
+    "lint": "eslint src/**/*.ts",
+    "test": "jest",
+    "prepare": "npm run build",
+    "publish-version": "node scripts/publish.js"
+  },
+  "keywords": [
+    "supabase",
+    "security",
+    "audit",
+    "cli",
+    "rls",
+    "scanner",
+    "vulnerability",
+    "pentesting"
+  ],
+  "author": "SupaSec Team",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/yourusername/supasec.git"
+  },
+  "bugs": {
+    "url": "https://github.com/yourusername/supasec/issues"
+  },
+  "homepage": "https://github.com/yourusername/supasec#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@supabase/supabase-js": "^2.38.0",
+    "axios": "^1.6.0",
+    "boxen": "^7.1.1",
+    "chalk": "^4.1.2",
+    "cheerio": "^1.0.0-rc.12",
+    "cli-table3": "^0.6.3",
+    "commander": "^11.1.0",
+    "enquirer": "^2.4.1",
+    "ora": "^7.0.1",
+    "puppeteer": "^21.5.0"
+  },
+  "devDependencies": {
+    "@humanwhocodes/config-array": "^0.13.0",
+    "@humanwhocodes/object-schema": "^2.0.3",
+    "@types/jest": "^29.5.0",
+    "@types/json-schema": "^7.0.15",
+    "@types/node": "^20.8.0",
+    "@types/phoenix": "^1.6.7",
+    "@typescript-eslint/eslint-plugin": "^8.54.0",
+    "@typescript-eslint/parser": "^8.54.0",
+    "eslint": "^9.39.2",
+    "glob": "^13.0.0",
+    "jest": "^29.7.0",
+    "rimraf": "^6.1.2",
+    "ts-jest": "^29.1.0",
+    "typescript": "^5.2.0"
+  }
+}

package/scripts/publish.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+
+/**
+ * Smart npm publish script
+ * Handles versioning, building, and README updates
+ * 
+ * Usage:
+ *   node scripts/publish.js                 (uses version from package.json)
+ *   node scripts/publish.js 1.0.5           (publishes as 1.0.5)
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+
+const rootDir = path.join(__dirname, '..');
+const packageJsonPath = path.join(rootDir, 'package.json');
+const readmePath = path.join(rootDir, 'README.md');
+
+// Parse arguments
+const args = process.argv.slice(2);
+let targetVersion = args[0];
+
+// Read current package.json
+const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+const currentVersion = packageJson.version;
+
+// Determine version to use
+if (!targetVersion) {
+  targetVersion = currentVersion;
+  console.log(`📦 No version provided. Using current version: ${targetVersion}`);
+} else {
+  console.log(`📦 Publishing version: ${targetVersion}`);
+  
+  // Update package.json with new version
+  packageJson.version = targetVersion;
+  fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n');
+  console.log(`✓ Updated package.json to version ${targetVersion}`);
+}
+
+// Update README.md with version
+try {
+  let readme = fs.readFileSync(readmePath, 'utf-8');
+  
+  // Update version in example output (if present)
+  readme = readme.replace(
+    /v\d+\.\d+\.\d+/g,
+    `v${targetVersion}`
+  );
+  
+  // Update version badge URL (if present)
+  readme = readme.replace(
+    /\/js\/supasec@[^\s]*/g,
+    `/js/supasec@${targetVersion}`
+  );
+  
+  fs.writeFileSync(readmePath, readme);
+  console.log(`✓ Updated README.md with version ${targetVersion}`);
+} catch (err) {
+  console.warn(`⚠️  Could not update README.md: ${err.message}`);
+}
+
+// Build
+try {
+  console.log('\n🔨 Building...');
+  execSync('npm run build', { stdio: 'inherit' });
+  console.log('✓ Build successful');
+} catch (err) {
+  console.error('❌ Build failed');
+  process.exit(1);
+}
+
+// Publish
+try {
+  console.log('\n🚀 Publishing to npm...');
+  execSync(`npm publish`, { stdio: 'inherit' });
+  console.log(`✓ Published version ${targetVersion}`);
+  
+  console.log(`\n✨ Success! SupaSec v${targetVersion} is now available on npm`);
+  console.log(`   npm install supasec@${targetVersion}`);
+  console.log(`   npx supasec@${targetVersion} scan <url>`);
+} catch (err) {
+  console.error('❌ Publish failed');
+  
+  // Revert package.json if we changed it
+  if (targetVersion !== currentVersion) {
+    packageJson.version = currentVersion;
+    fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n');
+    console.log(`⚠️  Reverted package.json to version ${currentVersion}`);
+  }
+  
+  process.exit(1);
+}

package/.env

@@ -1 +0,0 @@
-NPM_TOKEN=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

package/npm-publishing-guide.md

@@ -1,38 +0,0 @@
-Using authentication tokens (CI/CD)
-Generate token at https://www.npmjs.com/settings/~/tokens → "Create Token"
-
-Select "Automation" or "Publish" type
-Add to .npmrc (local or CI):
-
-//registry.npmjs.org/:_authToken=YOUR_TOKEN_HERE
-Or set as environment variable:
-
-npm set //registry.npmjs.org/:_authToken $NPM_TOKEN
-For GitHub Actions, add secret and use:
-
-- run: npm publish
-  env:
-    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-Before publishing, update version in package.json and run npm run build.
-
-
-Option 1: Local Publishing (One-time)
-Set token globally:
-
-npm config set //registry.npmjs.org/:_authToken npm_TmTE
-Verify it worked:
-
-npm config get //registry.npmjs.org/:_authToken
-(Should show your token)
-
-Update version in package.json:
-
-npm version minor
-(Or manually edit "version": "1.0.1")
-
-Build:
-
-npm run build
-Publish:
-
-npm publish