supasec 1.0.0

package/dist/index.js

@@ -0,0 +1,31 @@
+"use strict";
+/**
+ * SupaSec - Supabase Security Auditor
+ * Main exports for programmatic usage
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TOOL_NAME = exports.VERSION = void 0;
+// Models
+__exportStar(require("./models/index.js"), exports);
+// Scanners
+__exportStar(require("./scanners/index.js"), exports);
+// Reporters
+__exportStar(require("./reporters/index.js"), exports);
+// Version
+exports.VERSION = '1.0.0';
+exports.TOOL_NAME = 'supasec';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;AAEH,SAAS;AACT,oDAAkC;AAElC,WAAW;AACX,sDAAoC;AAEpC,YAAY;AACZ,uDAAqC;AAErC,UAAU;AACG,QAAA,OAAO,GAAG,OAAO,CAAC;AAClB,QAAA,SAAS,GAAG,SAAS,CAAC"}

package/dist/models/finding.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Security Finding Model
+ * Represents a single security issue discovered during scanning
+ */
+export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW' | 'INFO';
+export type Category = 'secrets' | 'rls' | 'pii' | 'storage' | 'auth' | 'api' | 'functions' | 'database' | 'transport';
+export interface FindingLocation {
+    file?: string;
+    line?: number;
+    column?: number;
+    url?: string;
+    table?: string;
+    column_name?: string;
+}
+export interface FindingEvidence {
+    code_snippet?: string;
+    matched_pattern?: string;
+    sample_data?: any;
+    request?: string;
+    response?: string;
+    [key: string]: any;
+}
+export interface FindingRemediation {
+    summary: string;
+    priority: 'IMMEDIATE' | 'HIGH' | 'MEDIUM' | 'LOW';
+    effort: 'LOW' | 'MEDIUM' | 'HIGH';
+    steps?: Array<{
+        order: number;
+        action: string;
+        command?: string;
+        code?: string;
+        sql?: string;
+    }>;
+    sql?: string;
+    auto_fixable: boolean;
+}
+export interface FindingImpact {
+    severity_score: number;
+    cvss_vector?: string;
+    description: string;
+    affected_resources: string[];
+    compliance_violations?: string[];
+}
+export interface FindingReference {
+    title: string;
+    url: string;
+}
+export interface Finding {
+    finding_id: string;
+    timestamp: string;
+    severity: Severity;
+    category: Category;
+    subcategory: string;
+    title: string;
+    description: string;
+    location?: FindingLocation;
+    evidence?: FindingEvidence;
+    impact: FindingImpact;
+    remediation: FindingRemediation;
+    references: FindingReference[];
+    false_positive_likelihood: 'VERY_LOW' | 'LOW' | 'MEDIUM' | 'HIGH';
+    confidence: number;
+}
+/**
+ * Generate a unique finding ID based on category and counter
+ */
+export declare function generateFindingId(category: Category, counter: number): string;
+/**
+ * Get severity priority for sorting (higher = more severe)
+ */
+export declare function getSeverityPriority(severity: Severity): number;
+/**
+ * Sort findings by severity (critical first)
+ */
+export declare function sortFindingsBySeverity(findings: Finding[]): Finding[];
+/**
+ * Filter findings by severity
+ */
+export declare function filterFindingsBySeverity(findings: Finding[], minSeverity: Severity): Finding[];
+/**
+ * Group findings by category
+ */
+export declare function groupFindingsByCategory(findings: Finding[]): Record<Category, Finding[]>;
+/**
+ * Count findings by severity
+ */
+export declare function countFindingsBySeverity(findings: Finding[]): Record<Severity | 'total', number>;
+//# sourceMappingURL=finding.d.ts.map

package/dist/models/finding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding.d.ts","sourceRoot":"","sources":["../../src/models/finding.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AACvE,MAAM,MAAM,QAAQ,GAChB,SAAS,GACT,KAAK,GACL,KAAK,GACL,SAAS,GACT,MAAM,GACN,KAAK,GACL,WAAW,GACX,UAAU,GACV,WAAW,CAAC;AAEhB,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,WAAW,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAClD,MAAM,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAClC,KAAK,CAAC,EAAE,KAAK,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,OAAO;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,aAAa,CAAC;IACtB,WAAW,EAAE,kBAAkB,CAAC;IAChC,UAAU,EAAE,gBAAgB,EAAE,CAAC;IAC/B,yBAAyB,EAAE,UAAU,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAClE,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAG7E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAS9D;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAMrE;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,QAAQ,GAAG,OAAO,EAAE,CAG9F;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,CAAC,CAQxF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,GAAG,OAAO,EAAE,MAAM,CAAC,CAe/F"}

package/dist/models/finding.js

@@ -0,0 +1,80 @@
+"use strict";
+/**
+ * Security Finding Model
+ * Represents a single security issue discovered during scanning
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateFindingId = generateFindingId;
+exports.getSeverityPriority = getSeverityPriority;
+exports.sortFindingsBySeverity = sortFindingsBySeverity;
+exports.filterFindingsBySeverity = filterFindingsBySeverity;
+exports.groupFindingsByCategory = groupFindingsByCategory;
+exports.countFindingsBySeverity = countFindingsBySeverity;
+/**
+ * Generate a unique finding ID based on category and counter
+ */
+function generateFindingId(category, counter) {
+    const prefix = category.toUpperCase().substring(0, 3);
+    return `${prefix}-${String(counter).padStart(3, '0')}`;
+}
+/**
+ * Get severity priority for sorting (higher = more severe)
+ */
+function getSeverityPriority(severity) {
+    const priorities = {
+        'CRITICAL': 5,
+        'HIGH': 4,
+        'MEDIUM': 3,
+        'LOW': 2,
+        'INFO': 1
+    };
+    return priorities[severity];
+}
+/**
+ * Sort findings by severity (critical first)
+ */
+function sortFindingsBySeverity(findings) {
+    return [...findings].sort((a, b) => {
+        const priorityDiff = getSeverityPriority(b.severity) - getSeverityPriority(a.severity);
+        if (priorityDiff !== 0)
+            return priorityDiff;
+        return a.finding_id.localeCompare(b.finding_id);
+    });
+}
+/**
+ * Filter findings by severity
+ */
+function filterFindingsBySeverity(findings, minSeverity) {
+    const minPriority = getSeverityPriority(minSeverity);
+    return findings.filter(f => getSeverityPriority(f.severity) >= minPriority);
+}
+/**
+ * Group findings by category
+ */
+function groupFindingsByCategory(findings) {
+    return findings.reduce((acc, finding) => {
+        if (!acc[finding.category]) {
+            acc[finding.category] = [];
+        }
+        acc[finding.category].push(finding);
+        return acc;
+    }, {});
+}
+/**
+ * Count findings by severity
+ */
+function countFindingsBySeverity(findings) {
+    const counts = {
+        'CRITICAL': 0,
+        'HIGH': 0,
+        'MEDIUM': 0,
+        'LOW': 0,
+        'INFO': 0,
+        'total': findings.length
+    };
+    for (const finding of findings) {
+        counts[finding.severity]++;
+    }
+    return counts;
+}
+//# sourceMappingURL=finding.js.map

package/dist/models/finding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding.js","sourceRoot":"","sources":["../../src/models/finding.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAgFH,8CAGC;AAKD,kDASC;AAKD,wDAMC;AAKD,4DAGC;AAKD,0DAQC;AAKD,0DAeC;AAxED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,QAAkB,EAAE,OAAe;IACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtD,OAAO,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,QAAkB;IACpD,MAAM,UAAU,GAA6B;QAC3C,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,CAAC;QACX,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,CAAC;KACV,CAAC;IACF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CAAC,QAAmB;IACxD,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,YAAY,GAAG,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACvF,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,QAAmB,EAAE,WAAqB;IACjF,MAAM,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACrD,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,WAAW,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,QAAmB;IACzD,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;QACtC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC7B,CAAC;QACD,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAiC,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,QAAmB;IACzD,MAAM,MAAM,GAAuC;QACjD,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,CAAC;QACX,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,CAAC;QACT,OAAO,EAAE,QAAQ,CAAC,MAAM;KACzB,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC7B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/models/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Models Index
+ * Export all model types and functions
+ */
+export * from './finding.js';
+export * from './scan-result.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/models/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC"}

package/dist/models/index.js

@@ -0,0 +1,23 @@
+"use strict";
+/**
+ * Models Index
+ * Export all model types and functions
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./finding.js"), exports);
+__exportStar(require("./scan-result.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/models/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/models/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,+CAA6B;AAC7B,mDAAiC"}

package/dist/models/scan-result.d.ts

@@ -0,0 +1,103 @@
+/**
+ * Scan Result Model
+ * Represents the complete result of a security scan
+ */
+import { Finding, Category } from './finding.js';
+export interface ScanMetadata {
+    tool: string;
+    version: string;
+    scan_id: string;
+    target_url: string;
+    supabase_project_ref?: string;
+    scan_date: string;
+    scan_duration_seconds: number;
+    scanner_mode: 'url' | 'project' | 'local';
+}
+export interface ProjectInfo {
+    tables_count: number;
+    rpcs_count: number;
+    storage_buckets: number;
+    auth_providers: string[];
+    edge_functions: number;
+}
+export interface ScanSummary {
+    total_issues: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    info: number;
+    passed_checks: number;
+    overall_grade: string;
+    overall_score: number;
+}
+export interface CategoryScore {
+    score: number;
+    grade: string;
+    issues: number;
+}
+export interface GradingConfig {
+    overall_grade: string;
+    overall_score: number;
+    category_scores: Record<Category, CategoryScore>;
+    scoring_methodology: {
+        base_score: number;
+        critical_deduction: number;
+        high_deduction: number;
+        medium_deduction: number;
+        low_deduction: number;
+    };
+    grade_thresholds: {
+        A: number;
+        B: number;
+        C: number;
+        D: number;
+        F: number;
+    };
+    improvement_priority: string[];
+}
+export interface PassedCheck {
+    check_id: string;
+    category: Category;
+    title: string;
+    description: string;
+}
+export interface Recommendations {
+    immediate_actions: string[];
+    security_best_practices: string[];
+    next_steps: string[];
+}
+export interface ScanResult {
+    scan_metadata: ScanMetadata;
+    project_info: ProjectInfo;
+    summary: ScanSummary;
+    findings: Finding[];
+    passed_checks: PassedCheck[];
+    grading: GradingConfig;
+    recommendations: Recommendations;
+}
+/**
+ * Calculate overall security grade based on score
+ */
+export declare function calculateGrade(score: number): {
+    grade: string;
+    color: string;
+    message: string;
+};
+/**
+ * Calculate security score based on findings
+ */
+export declare function calculateScore(findings: Finding[]): number;
+/**
+ * Generate scan ID based on timestamp
+ */
+export declare function generateScanId(): string;
+/**
+ * Create an empty scan result
+ */
+export declare function createEmptyScanResult(targetUrl: string, mode: ScanMetadata['scanner_mode']): ScanResult;
+/**
+ * Update scan result with computed values
+ */
+export declare function finalizeScanResult(result: ScanResult): ScanResult;
+//# sourceMappingURL=scan-result.d.ts.map

package/dist/models/scan-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-result.d.ts","sourceRoot":"","sources":["../../src/models/scan-result.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAEjD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,YAAY,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;CAC3C;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACjD,mBAAmB,EAAE;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,cAAc,EAAE,MAAM,CAAC;QACvB,gBAAgB,EAAE,MAAM,CAAC;QACzB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,gBAAgB,EAAE;QAChB,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;KACX,CAAC;IACF,oBAAoB,EAAE,MAAM,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,YAAY,CAAC;IAC5B,YAAY,EAAE,WAAW,CAAC;IAC1B,OAAO,EAAE,WAAW,CAAC;IACrB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,aAAa,EAAE,WAAW,EAAE,CAAC;IAC7B,OAAO,EAAE,aAAa,CAAC;IACvB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAM/F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAc1D;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,MAAM,CAIvC;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,CAAC,cAAc,CAAC,GAAG,UAAU,CA2DvG;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,UAAU,CAuDjE"}

package/dist/models/scan-result.js

@@ -0,0 +1,168 @@
+"use strict";
+/**
+ * Scan Result Model
+ * Represents the complete result of a security scan
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateGrade = calculateGrade;
+exports.calculateScore = calculateScore;
+exports.generateScanId = generateScanId;
+exports.createEmptyScanResult = createEmptyScanResult;
+exports.finalizeScanResult = finalizeScanResult;
+/**
+ * Calculate overall security grade based on score
+ */
+function calculateGrade(score) {
+    if (score >= 90)
+        return { grade: 'A', color: 'green', message: 'Excellent security!' };
+    if (score >= 80)
+        return { grade: 'B', color: 'green', message: 'Good security posture' };
+    if (score >= 70)
+        return { grade: 'C', color: 'yellow', message: 'Needs improvement' };
+    if (score >= 60)
+        return { grade: 'D', color: 'orange', message: 'Serious issues found' };
+    return { grade: 'F', color: 'red', message: 'CRITICAL VULNERABILITIES' };
+}
+/**
+ * Calculate security score based on findings
+ */
+function calculateScore(findings) {
+    let score = 100;
+    for (const finding of findings) {
+        switch (finding.severity) {
+            case 'CRITICAL':
+                score -= 20;
+                break;
+            case 'HIGH':
+                score -= 10;
+                break;
+            case 'MEDIUM':
+                score -= 5;
+                break;
+            case 'LOW':
+                score -= 2;
+                break;
+            case 'INFO':
+                score -= 1;
+                break;
+        }
+    }
+    return Math.max(0, score);
+}
+/**
+ * Generate scan ID based on timestamp
+ */
+function generateScanId() {
+    const now = new Date();
+    const timestamp = now.toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    return `scan_${timestamp}`;
+}
+/**
+ * Create an empty scan result
+ */
+function createEmptyScanResult(targetUrl, mode) {
+    const now = new Date().toISOString();
+    return {
+        scan_metadata: {
+            tool: 'supasec',
+            version: '1.0.0',
+            scan_id: generateScanId(),
+            target_url: targetUrl,
+            scan_date: now,
+            scan_duration_seconds: 0,
+            scanner_mode: mode
+        },
+        project_info: {
+            tables_count: 0,
+            rpcs_count: 0,
+            storage_buckets: 0,
+            auth_providers: [],
+            edge_functions: 0
+        },
+        summary: {
+            total_issues: 0,
+            critical: 0,
+            high: 0,
+            medium: 0,
+            low: 0,
+            info: 0,
+            passed_checks: 0,
+            overall_grade: 'A',
+            overall_score: 100
+        },
+        findings: [],
+        passed_checks: [],
+        grading: {
+            overall_grade: 'A',
+            overall_score: 100,
+            category_scores: {},
+            scoring_methodology: {
+                base_score: 100,
+                critical_deduction: -20,
+                high_deduction: -10,
+                medium_deduction: -5,
+                low_deduction: -2
+            },
+            grade_thresholds: {
+                A: 90,
+                B: 80,
+                C: 70,
+                D: 60,
+                F: 0
+            },
+            improvement_priority: []
+        },
+        recommendations: {
+            immediate_actions: [],
+            security_best_practices: [],
+            next_steps: []
+        }
+    };
+}
+/**
+ * Update scan result with computed values
+ */
+function finalizeScanResult(result) {
+    const findings = result.findings;
+    const score = calculateScore(findings);
+    const grade = calculateGrade(score);
+    // Count by severity
+    const counts = {
+        critical: findings.filter(f => f.severity === 'CRITICAL').length,
+        high: findings.filter(f => f.severity === 'HIGH').length,
+        medium: findings.filter(f => f.severity === 'MEDIUM').length,
+        low: findings.filter(f => f.severity === 'LOW').length,
+        info: findings.filter(f => f.severity === 'INFO').length
+    };
+    result.summary = {
+        total_issues: findings.length,
+        ...counts,
+        passed_checks: result.passed_checks.length,
+        overall_grade: grade.grade,
+        overall_score: score
+    };
+    result.grading.overall_grade = grade.grade;
+    result.grading.overall_score = score;
+    // Generate improvement priority
+    result.grading.improvement_priority = findings
+        .filter(f => f.severity === 'CRITICAL' || f.severity === 'HIGH')
+        .slice(0, 5)
+        .map(f => `Fix ${f.finding_id}: ${f.title}`);
+    // Generate recommendations
+    result.recommendations.immediate_actions = findings
+        .filter(f => f.severity === 'CRITICAL')
+        .map(f => f.remediation.summary);
+    if (findings.some(f => f.category === 'rls')) {
+        result.recommendations.security_best_practices.push('Review all RLS policies for proper user isolation');
+    }
+    if (findings.some(f => f.category === 'secrets')) {
+        result.recommendations.security_best_practices.push('Audit all environment variables and secrets management');
+    }
+    result.recommendations.next_steps = [
+        'Run: supasec fix --interactive',
+        'Schedule weekly scans: supasec watch --interval 604800',
+        'Add to CI/CD: see https://github.com/yourusername/supasec#cicd'
+    ];
+    return result;
+}
+//# sourceMappingURL=scan-result.js.map

package/dist/models/scan-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-result.js","sourceRoot":"","sources":["../../src/models/scan-result.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAwFH,wCAMC;AAKD,wCAcC;AAKD,wCAIC;AAKD,sDA2DC;AAKD,gDAuDC;AAjKD;;GAEG;AACH,SAAgB,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC;IACvF,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IACzF,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;IACtF,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IACzF,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,QAAmB;IAChD,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,UAAU;gBAAE,KAAK,IAAI,EAAE,CAAC;gBAAC,MAAM;YACpC,KAAK,MAAM;gBAAE,KAAK,IAAI,EAAE,CAAC;gBAAC,MAAM;YAChC,KAAK,QAAQ;gBAAE,KAAK,IAAI,CAAC,CAAC;gBAAC,MAAM;YACjC,KAAK,KAAK;gBAAE,KAAK,IAAI,CAAC,CAAC;gBAAC,MAAM;YAC9B,KAAK,MAAM;gBAAE,KAAK,IAAI,CAAC,CAAC;gBAAC,MAAM;QACjC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc;IAC5B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvE,OAAO,QAAQ,SAAS,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,SAAiB,EAAE,IAAkC;IACzF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,OAAO;QACL,aAAa,EAAE;YACb,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,OAAO;YAChB,OAAO,EAAE,cAAc,EAAE;YACzB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,GAAG;YACd,qBAAqB,EAAE,CAAC;YACxB,YAAY,EAAE,IAAI;SACnB;QACD,YAAY,EAAE;YACZ,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;YACb,eAAe,EAAE,CAAC;YAClB,cAAc,EAAE,EAAE;YAClB,cAAc,EAAE,CAAC;SAClB;QACD,OAAO,EAAE;YACP,YAAY,EAAE,CAAC;YACf,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;YACP,aAAa,EAAE,CAAC;YAChB,aAAa,EAAE,GAAG;YAClB,aAAa,EAAE,GAAG;SACnB;QACD,QAAQ,EAAE,EAAE;QACZ,aAAa,EAAE,EAAE;QACjB,OAAO,EAAE;YACP,aAAa,EAAE,GAAG;YAClB,aAAa,EAAE,GAAG;YAClB,eAAe,EAAE,EAAqC;YACtD,mBAAmB,EAAE;gBACnB,UAAU,EAAE,GAAG;gBACf,kBAAkB,EAAE,CAAC,EAAE;gBACvB,cAAc,EAAE,CAAC,EAAE;gBACnB,gBAAgB,EAAE,CAAC,CAAC;gBACpB,aAAa,EAAE,CAAC,CAAC;aAClB;YACD,gBAAgB,EAAE;gBAChB,CAAC,EAAE,EAAE;gBACL,CAAC,EAAE,EAAE;gBACL,CAAC,EAAE,EAAE;gBACL,CAAC,EAAE,EAAE;gBACL,CAAC,EAAE,CAAC;aACL;YACD,oBAAoB,EAAE,EAAE;SACzB;QACD,eAAe,EAAE;YACf,iBAAiB,EAAE,EAAE;YACrB,uBAAuB,EAAE,EAAE;YAC3B,UAAU,EAAE,EAAE;SACf;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,MAAkB;IACnD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACjC,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEpC,oBAAoB;IACpB,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAChE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACxD,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC5D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;QACtD,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;KACzD,CAAC;IAEF,MAAM,CAAC,OAAO,GAAG;QACf,YAAY,EAAE,QAAQ,CAAC,MAAM;QAC7B,GAAG,MAAM;QACT,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,MAAM;QAC1C,aAAa,EAAE,KAAK,CAAC,KAAK;QAC1B,aAAa,EAAE,KAAK;KACrB,CAAC;IAEF,MAAM,CAAC,OAAO,CAAC,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC;IAC3C,MAAM,CAAC,OAAO,CAAC,aAAa,GAAG,KAAK,CAAC;IAErC,gCAAgC;IAChC,MAAM,CAAC,OAAO,CAAC,oBAAoB,GAAG,QAAQ;SAC3C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;SAC/D,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAE/C,2BAA2B;IAC3B,MAAM,CAAC,eAAe,CAAC,iBAAiB,GAAG,QAAQ;SAChD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAEnC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,eAAe,CAAC,uBAAuB,CAAC,IAAI,CACjD,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,EAAE,CAAC;QACjD,MAAM,CAAC,eAAe,CAAC,uBAAuB,CAAC,IAAI,CACjD,wDAAwD,CACzD,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,eAAe,CAAC,UAAU,GAAG;QAClC,gCAAgC;QAChC,wDAAwD;QACxD,gEAAgE;KACjE,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/reporters/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Reporters Index
+ * Export all reporter modules
+ */
+export * from './terminal.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/reporters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/reporters/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,eAAe,CAAC"}

package/dist/reporters/index.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * Reporters Index
+ * Export all reporter modules
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./terminal.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/reporters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/reporters/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/dist/reporters/terminal.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Terminal Reporter
+ * Formats and displays scan results in the terminal
+ */
+import { ScanResult } from '../models/scan-result.js';
+export interface TerminalReportOptions {
+    showPassed?: boolean;
+    showRemediation?: boolean;
+    compact?: boolean;
+    noColor?: boolean;
+}
+/**
+ * Generate terminal report from scan result
+ */
+export declare function generateTerminalReport(result: ScanResult, options?: TerminalReportOptions): string;
+/**
+ * Print report to console
+ */
+export declare function printReport(result: ScanResult, options?: TerminalReportOptions): void;
+//# sourceMappingURL=terminal.d.ts.map

package/dist/reporters/terminal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.d.ts","sourceRoot":"","sources":["../../src/reporters/terminal.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEtD,MAAM,WAAW,qBAAqB;IACpC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,OAAO,GAAE,qBAA0B,GAClC,MAAM,CAoCR;AAiWD;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAGrF"}