supply-chain-guard 5.1.0 → 5.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -0
- package/dist/cli.js +1 -1
- package/dist/reporter.js +3 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -330,6 +330,11 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. The most impactful contri
|
|
|
330
330
|
|
|
331
331
|
## Changelog
|
|
332
332
|
|
|
333
|
+
### v5.1.1 (2026-04-07)
|
|
334
|
+
**CI and test fixes**
|
|
335
|
+
- CI workflow: add GitHub Release creation step — after npm publish, automatically creates a GitHub Release with changelog notes extracted from README.md
|
|
336
|
+
- `reporter.test.ts`: fix 3 text-format assertions that checked old output patterns (`"scan report"`, `"52/100"`, `"None"`) broken by the v5.1.0 ASCII output redesign
|
|
337
|
+
|
|
333
338
|
### v5.1.0 (2026-04-07)
|
|
334
339
|
**Comprehensive ASCII CLI output** — complete redesign of the default text reporter.
|
|
335
340
|
- Double-line banner header (`╔╗`) with tool name and version
|
package/dist/cli.js
CHANGED
|
@@ -20,7 +20,7 @@ const program = new commander_1.Command();
|
|
|
20
20
|
program
|
|
21
21
|
.name("supply-chain-guard")
|
|
22
22
|
.description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
|
|
23
|
-
.version("5.1.
|
|
23
|
+
.version("5.1.1");
|
|
24
24
|
// ── scan command ────────────────────────────────────────────────────
|
|
25
25
|
program
|
|
26
26
|
.command("scan")
|
package/dist/reporter.js
CHANGED
|
@@ -55,7 +55,7 @@ function formatJson(report) {
|
|
|
55
55
|
function formatText(report) {
|
|
56
56
|
const lines = [];
|
|
57
57
|
// ── layout constants ───────────────────────────────────────────────────────
|
|
58
|
-
const VERSION = "5.1.
|
|
58
|
+
const VERSION = "5.1.1";
|
|
59
59
|
const W = 76; // visible chars between "│ " and " │" (total line = 80)
|
|
60
60
|
// ── ANSI helpers ───────────────────────────────────────────────────────────
|
|
61
61
|
const stripAnsi = (s) => s.replace(/\x1b\[[0-9;]*m/g, "");
|
|
@@ -426,7 +426,7 @@ function formatSarif(report) {
|
|
|
426
426
|
tool: {
|
|
427
427
|
driver: {
|
|
428
428
|
name: "supply-chain-guard",
|
|
429
|
-
version: "5.1.
|
|
429
|
+
version: "5.1.1",
|
|
430
430
|
informationUri: "https://github.com/homeofe/supply-chain-guard",
|
|
431
431
|
rules,
|
|
432
432
|
},
|
|
@@ -640,7 +640,7 @@ footer{text-align:center;padding:24px;color:#94a3b8;font-size:13px}
|
|
|
640
640
|
` : ""}
|
|
641
641
|
|
|
642
642
|
<footer>
|
|
643
|
-
Generated by <a href="https://github.com/homeofe/supply-chain-guard">supply-chain-guard</a> v5.1.
|
|
643
|
+
Generated by <a href="https://github.com/homeofe/supply-chain-guard">supply-chain-guard</a> v5.1.1
|
|
644
644
|
</footer>
|
|
645
645
|
</div>
|
|
646
646
|
<script>
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "supply-chain-guard",
|
|
3
|
-
"version": "5.1.
|
|
3
|
+
"version": "5.1.1",
|
|
4
4
|
"description": "Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs and verifies SLSA provenance.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|