thuban 0.3.3 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. package/dist/LICENSE +21 -0
  2. package/dist/README.md +185 -0
  3. package/dist/cli.js +2 -0
  4. package/dist/packages/scanner/ai-confidence-scorer.js +1 -0
  5. package/dist/packages/scanner/alert-manager.js +1 -0
  6. package/dist/packages/scanner/baseline-manager.js +1 -0
  7. package/dist/packages/scanner/code-scanner.js +1 -0
  8. package/dist/packages/scanner/codebase-passport.js +1 -0
  9. package/dist/packages/scanner/copy-paste-detector.js +1 -0
  10. package/dist/packages/scanner/dependency-graph.js +1 -0
  11. package/dist/packages/scanner/drift-detector.js +1 -0
  12. package/dist/packages/scanner/executive-report.js +1 -0
  13. package/dist/packages/scanner/file-collector.js +1 -0
  14. package/dist/packages/scanner/file-watcher.js +1 -0
  15. package/dist/packages/scanner/ghost-code-detector.js +1 -0
  16. package/dist/packages/scanner/hallucination-detector.js +1 -0
  17. package/dist/packages/scanner/health-checker.js +1 -0
  18. package/dist/packages/scanner/html-report.js +1 -0
  19. package/dist/packages/scanner/index.js +1 -0
  20. package/dist/packages/scanner/license-manager.js +1 -0
  21. package/dist/packages/scanner/master-health-checker.js +1 -0
  22. package/dist/packages/scanner/monitor-notifier.js +1 -0
  23. package/dist/packages/scanner/monitor-service.js +1 -0
  24. package/dist/packages/scanner/monitor-store.js +1 -0
  25. package/dist/packages/scanner/pre-commit-gate.js +1 -0
  26. package/dist/packages/scanner/scan-diff.js +1 -0
  27. package/dist/packages/scanner/scan-runner.js +1 -0
  28. package/dist/packages/scanner/secret-scanner.js +1 -0
  29. package/dist/packages/scanner/sentinel-core.js +1 -0
  30. package/dist/packages/scanner/sentinel-knowledge.js +1 -0
  31. package/dist/packages/scanner/tech-debt-analyzer.js +1 -0
  32. package/dist/packages/scanner/tech-debt-cost.js +1 -0
  33. package/dist/packages/scanner/widget-generator.js +1 -0
  34. package/package.json +12 -7
  35. package/cli.js +0 -2627
  36. package/packages/scanner/ai-confidence-scorer.js +0 -260
  37. package/packages/scanner/alert-manager.js +0 -398
  38. package/packages/scanner/baseline-manager.js +0 -109
  39. package/packages/scanner/code-scanner.js +0 -758
  40. package/packages/scanner/codebase-passport.js +0 -299
  41. package/packages/scanner/copy-paste-detector.js +0 -276
  42. package/packages/scanner/dependency-graph.js +0 -541
  43. package/packages/scanner/drift-detector.js +0 -423
  44. package/packages/scanner/executive-report.js +0 -774
  45. package/packages/scanner/file-collector.js +0 -64
  46. package/packages/scanner/file-watcher.js +0 -323
  47. package/packages/scanner/ghost-code-detector.js +0 -301
  48. package/packages/scanner/hallucination-detector.js +0 -822
  49. package/packages/scanner/health-checker.js +0 -586
  50. package/packages/scanner/html-report.js +0 -634
  51. package/packages/scanner/index.js +0 -100
  52. package/packages/scanner/license-manager.js +0 -331
  53. package/packages/scanner/master-health-checker.js +0 -513
  54. package/packages/scanner/monitor-notifier.js +0 -64
  55. package/packages/scanner/monitor-service.js +0 -103
  56. package/packages/scanner/monitor-store.js +0 -117
  57. package/packages/scanner/pre-commit-gate.js +0 -216
  58. package/packages/scanner/scan-diff.js +0 -50
  59. package/packages/scanner/scan-runner.js +0 -172
  60. package/packages/scanner/secret-scanner.js +0 -612
  61. package/packages/scanner/secret-scanner.test.js +0 -103
  62. package/packages/scanner/sentinel-core.js +0 -616
  63. package/packages/scanner/sentinel-knowledge.js +0 -322
  64. package/packages/scanner/tech-debt-analyzer.js +0 -583
  65. package/packages/scanner/tech-debt-cost.js +0 -194
  66. package/packages/scanner/widget-generator.js +0 -415
@@ -1,103 +0,0 @@
1
- const test = require('node:test');
2
- const assert = require('node:assert/strict');
3
- const fs = require('fs');
4
- const os = require('os');
5
- const path = require('path');
6
- const { execFileSync } = require('child_process');
7
- const SecretScanner = require('./secret-scanner');
8
-
9
- function createTempRepo() {
10
- const rootPath = fs.mkdtempSync(path.join(os.tmpdir(), 'thuban-secret-scanner-'));
11
- execFileSync('git', ['init'], { cwd: rootPath, stdio: 'ignore' });
12
- execFileSync('git', ['config', 'user.email', 'test@example.com'], { cwd: rootPath, stdio: 'ignore' });
13
- execFileSync('git', ['config', 'user.name', 'Test User'], { cwd: rootPath, stdio: 'ignore' });
14
- return rootPath;
15
- }
16
-
17
- test('detects hardcoded secrets, .env exposure, and history leaks', async () => {
18
- const rootPath = createTempRepo();
19
-
20
- fs.writeFileSync(path.join(rootPath, '.gitignore'), 'node_modules/\n');
21
- fs.writeFileSync(
22
- path.join(rootPath, 'config.js'),
23
- [
24
- 'const stripe = "sk_live_1234567890abcdefghijklmnop";',
25
- 'const password = "SuperSecret123!";',
26
- 'const token = "Bearer abcdefghijklmnopqrstuvwxyz123456";',
27
- 'const db = "postgres://appuser:dbpassword@localhost:5432/app";'
28
- ].join('\n')
29
- );
30
- fs.writeFileSync(path.join(rootPath, '.env'), 'API_KEY=AIzaSyA123456789012345678901234567890123\n');
31
-
32
- execFileSync('git', ['add', '.'], { cwd: rootPath, stdio: 'ignore' });
33
- execFileSync('git', ['commit', '-m', 'initial'], { cwd: rootPath, stdio: 'ignore' });
34
-
35
- fs.writeFileSync(path.join(rootPath, 'removed.js'), 'const oldKey = "ghp_abcdefghijklmnopqrstuvwxyz123456";\n');
36
- execFileSync('git', ['add', 'removed.js'], { cwd: rootPath, stdio: 'ignore' });
37
- execFileSync('git', ['commit', '-m', 'add leaked token'], { cwd: rootPath, stdio: 'ignore' });
38
- fs.unlinkSync(path.join(rootPath, 'removed.js'));
39
- execFileSync('git', ['add', '-A'], { cwd: rootPath, stdio: 'ignore' });
40
- execFileSync('git', ['commit', '-m', 'remove leaked token'], { cwd: rootPath, stdio: 'ignore' });
41
-
42
- const scanner = new SecretScanner({ rootPath });
43
- const result = await scanner.scanAll();
44
-
45
- assert.ok(result.issues.some((issue) => issue.type === 'Stripe Secret Key'));
46
- assert.ok(result.issues.some((issue) => issue.type === 'Hardcoded Password or Secret Assignment'));
47
- assert.ok(result.issues.some((issue) => issue.type === 'Database Connection String with Password'));
48
- assert.ok(result.issues.some((issue) => issue.type === '.env File Present'));
49
- assert.ok(result.issues.some((issue) => issue.type.includes('Git History')));
50
- assert.ok(result.summary.bySeverity.critical >= 1);
51
- });
52
-
53
- test('does not flag gitignored env files as exposure issues', async () => {
54
- const rootPath = createTempRepo();
55
-
56
- fs.writeFileSync(path.join(rootPath, '.gitignore'), '.env\n');
57
- fs.writeFileSync(path.join(rootPath, '.env'), 'TOKEN=example-value\n');
58
-
59
- const scanner = new SecretScanner({ rootPath, includeGitHistory: false });
60
- const issues = await scanner.scanFile(path.join(rootPath, '.env'));
61
-
62
- assert.equal(issues.some((issue) => issue.type === '.env File Present'), false);
63
- });
64
-
65
- test('ignores placeholders, examples, tests, and virtualenv noise while catching modern keys', async () => {
66
- const rootPath = createTempRepo();
67
-
68
- fs.writeFileSync(path.join(rootPath, '.gitignore'), '.env.local\n');
69
- fs.mkdirSync(path.join(rootPath, 'apps', 'api', 'tests'), { recursive: true });
70
- fs.mkdirSync(path.join(rootPath, 'apps', 'web'), { recursive: true });
71
- fs.mkdirSync(path.join(rootPath, '.venv', 'Lib', 'site-packages'), { recursive: true });
72
-
73
- fs.writeFileSync(
74
- path.join(rootPath, 'apps', 'api', 'tests', 'auth.test.js'),
75
- 'const header = "Bearer local-dev-token";\n'
76
- );
77
- fs.writeFileSync(
78
- path.join(rootPath, 'apps', 'web', '.env.example'),
79
- 'CLERK_SECRET_KEY=sk_test_replace_me\nNEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_replace_me\n'
80
- );
81
- fs.writeFileSync(
82
- path.join(rootPath, '.venv', 'Lib', 'site-packages', 'pkg.py'),
83
- 'TOKEN = "hf_94wBhPGp6KrrTH3KDchhKpRxZwd6dmHWLL"\n'
84
- );
85
- fs.writeFileSync(
86
- path.join(rootPath, '.env.local'),
87
- [
88
- 'OPENAI_API_KEY=sk-proj-abcdefghijklmnopqrstuvwxyzABCDE123456789',
89
- 'CARTESIA_API_KEY=sk_car_LbvdTSQmrEYgi5KCHN3C6m',
90
- 'LIVEKIT_API_SECRET=M06JDMQfH0ZsfzFYmxgu1OnqhiSOHQJfH8jcn4kkcgmA'
91
- ].join('\n')
92
- );
93
-
94
- const scanner = new SecretScanner({ rootPath, includeGitHistory: false });
95
- const result = await scanner.scanAll();
96
-
97
- assert.ok(result.issues.some((issue) => issue.type === 'OpenAI Project Key'));
98
- assert.ok(result.issues.some((issue) => issue.type === 'Cartesia API Key'));
99
- assert.ok(result.issues.some((issue) => issue.type === 'LiveKit API Secret'));
100
- assert.equal(result.issues.some((issue) => issue.code.includes('local-dev-token')), false);
101
- assert.equal(result.issues.some((issue) => issue.type === '.env File Present' && issue.file.includes('.env.example')), false);
102
- assert.equal(result.issues.some((issue) => issue.file.includes('.venv')), false);
103
- });