toolip 1.0.6 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (308) hide show
  1. package/README.md +189 -448
  2. package/dist/src/analyzers/ast/ast-security-analyzer.d.ts +6 -0
  3. package/dist/src/analyzers/ast/ast-security-analyzer.js +64 -0
  4. package/dist/src/analyzers/ast/ast-security-analyzer.js.map +1 -0
  5. package/dist/src/analyzers/ast/rules.d.ts +48 -0
  6. package/dist/src/analyzers/ast/rules.js +39 -0
  7. package/dist/src/analyzers/ast/rules.js.map +1 -0
  8. package/dist/src/analyzers/ast/source-analysis.d.ts +2 -0
  9. package/dist/src/analyzers/ast/source-analysis.js +225 -0
  10. package/dist/src/analyzers/ast/source-analysis.js.map +1 -0
  11. package/dist/src/analyzers/dependency-confusion/analyzer.d.ts +9 -0
  12. package/dist/src/analyzers/dependency-confusion/analyzer.js +98 -0
  13. package/dist/src/analyzers/dependency-confusion/analyzer.js.map +1 -0
  14. package/dist/src/analyzers/docker/analyzer.d.ts +6 -0
  15. package/dist/src/analyzers/docker/analyzer.js +103 -0
  16. package/dist/src/analyzers/docker/analyzer.js.map +1 -0
  17. package/dist/src/analyzers/git-history/analyzer.d.ts +8 -0
  18. package/dist/src/analyzers/git-history/analyzer.js +157 -0
  19. package/dist/src/analyzers/git-history/analyzer.js.map +1 -0
  20. package/dist/src/analyzers/git-history/secret-patterns.d.ts +7 -0
  21. package/dist/src/analyzers/git-history/secret-patterns.js +33 -0
  22. package/dist/src/analyzers/git-history/secret-patterns.js.map +1 -0
  23. package/dist/src/analyzers/install-scripts/install-script-analyzer.d.ts +6 -0
  24. package/dist/src/analyzers/install-scripts/install-script-analyzer.js +135 -0
  25. package/dist/src/analyzers/install-scripts/install-script-analyzer.js.map +1 -0
  26. package/dist/src/analyzers/reachability/import-graph.d.ts +9 -0
  27. package/dist/src/analyzers/reachability/import-graph.js +110 -0
  28. package/dist/src/analyzers/reachability/import-graph.js.map +1 -0
  29. package/dist/src/analyzers/reachability/reachability-analyzer.d.ts +16 -0
  30. package/dist/src/analyzers/reachability/reachability-analyzer.js +95 -0
  31. package/dist/src/analyzers/reachability/reachability-analyzer.js.map +1 -0
  32. package/dist/src/analyzers/vulnerability/osv-analyzer.d.ts +9 -0
  33. package/dist/src/analyzers/vulnerability/osv-analyzer.js +94 -0
  34. package/dist/src/analyzers/vulnerability/osv-analyzer.js.map +1 -0
  35. package/dist/src/analyzers/vulnerability/severity.d.ts +3 -0
  36. package/dist/src/analyzers/vulnerability/severity.js +13 -0
  37. package/dist/src/analyzers/vulnerability/severity.js.map +1 -0
  38. package/dist/src/application/analyzer-runner.d.ts +12 -0
  39. package/dist/src/application/analyzer-runner.js +45 -0
  40. package/dist/src/application/analyzer-runner.js.map +1 -0
  41. package/dist/src/commands/alternatives.d.ts +2 -0
  42. package/dist/src/commands/alternatives.js +17 -0
  43. package/dist/src/commands/alternatives.js.map +1 -0
  44. package/dist/src/commands/announce.d.ts +2 -0
  45. package/dist/src/commands/announce.js +27 -0
  46. package/dist/src/commands/announce.js.map +1 -0
  47. package/dist/src/commands/ast-scan.d.ts +2 -0
  48. package/dist/src/commands/ast-scan.js +86 -0
  49. package/dist/src/commands/ast-scan.js.map +1 -0
  50. package/dist/src/commands/audit-repo.d.ts +2 -0
  51. package/dist/src/commands/audit-repo.js +20 -0
  52. package/dist/src/commands/audit-repo.js.map +1 -0
  53. package/dist/src/commands/compare.d.ts +2 -0
  54. package/dist/src/commands/compare.js +19 -0
  55. package/dist/src/commands/compare.js.map +1 -0
  56. package/dist/src/commands/config.d.ts +2 -0
  57. package/dist/src/commands/config.js +69 -0
  58. package/dist/src/commands/config.js.map +1 -0
  59. package/dist/src/commands/dependency-confusion.d.ts +2 -0
  60. package/dist/src/commands/dependency-confusion.js +37 -0
  61. package/dist/src/commands/dependency-confusion.js.map +1 -0
  62. package/dist/src/commands/diff.d.ts +2 -0
  63. package/dist/src/commands/diff.js +24 -0
  64. package/dist/src/commands/diff.js.map +1 -0
  65. package/dist/src/commands/docker-scan.d.ts +2 -0
  66. package/dist/src/commands/docker-scan.js +34 -0
  67. package/dist/src/commands/docker-scan.js.map +1 -0
  68. package/dist/src/commands/doctor.d.ts +2 -0
  69. package/dist/src/commands/doctor.js +42 -0
  70. package/dist/src/commands/doctor.js.map +1 -0
  71. package/dist/src/commands/git-audit.d.ts +2 -0
  72. package/dist/src/commands/git-audit.js +37 -0
  73. package/dist/src/commands/git-audit.js.map +1 -0
  74. package/dist/src/commands/git-history.d.ts +2 -0
  75. package/dist/src/commands/git-history.js +40 -0
  76. package/dist/src/commands/git-history.js.map +1 -0
  77. package/dist/src/commands/history.d.ts +2 -0
  78. package/dist/src/commands/history.js +69 -0
  79. package/dist/src/commands/history.js.map +1 -0
  80. package/dist/src/commands/hook.d.ts +2 -0
  81. package/dist/src/commands/hook.js +16 -0
  82. package/dist/src/commands/hook.js.map +1 -0
  83. package/dist/src/commands/inspect.d.ts +2 -0
  84. package/dist/src/commands/inspect.js +24 -0
  85. package/dist/src/commands/inspect.js.map +1 -0
  86. package/dist/src/commands/install-scripts.d.ts +2 -0
  87. package/dist/src/commands/install-scripts.js +52 -0
  88. package/dist/src/commands/install-scripts.js.map +1 -0
  89. package/dist/src/commands/learn.d.ts +2 -0
  90. package/dist/src/commands/learn.js +42 -0
  91. package/dist/src/commands/learn.js.map +1 -0
  92. package/dist/src/commands/licenses.d.ts +2 -0
  93. package/dist/src/commands/licenses.js +40 -0
  94. package/dist/src/commands/licenses.js.map +1 -0
  95. package/dist/src/commands/mcp.d.ts +2 -0
  96. package/dist/src/commands/mcp.js +10 -0
  97. package/dist/src/commands/mcp.js.map +1 -0
  98. package/dist/src/commands/monorepo.d.ts +2 -0
  99. package/dist/src/commands/monorepo.js +21 -0
  100. package/dist/src/commands/monorepo.js.map +1 -0
  101. package/dist/src/commands/package-health.d.ts +2 -0
  102. package/dist/src/commands/package-health.js +50 -0
  103. package/dist/src/commands/package-health.js.map +1 -0
  104. package/dist/src/commands/pre-commit.d.ts +2 -0
  105. package/dist/src/commands/pre-commit.js +37 -0
  106. package/dist/src/commands/pre-commit.js.map +1 -0
  107. package/dist/src/commands/profile.d.ts +2 -0
  108. package/dist/src/commands/profile.js +18 -0
  109. package/dist/src/commands/profile.js.map +1 -0
  110. package/dist/src/commands/publish.d.ts +2 -0
  111. package/dist/src/commands/publish.js +25 -0
  112. package/dist/src/commands/publish.js.map +1 -0
  113. package/dist/src/commands/reachability.d.ts +2 -0
  114. package/dist/src/commands/reachability.js +47 -0
  115. package/dist/src/commands/reachability.js.map +1 -0
  116. package/dist/src/commands/sbom.d.ts +2 -0
  117. package/dist/src/commands/sbom.js +33 -0
  118. package/dist/src/commands/sbom.js.map +1 -0
  119. package/dist/src/commands/scan.d.ts +2 -0
  120. package/dist/src/commands/scan.js +48 -0
  121. package/dist/src/commands/scan.js.map +1 -0
  122. package/dist/src/commands/score.d.ts +2 -0
  123. package/dist/src/commands/score.js +24 -0
  124. package/dist/src/commands/score.js.map +1 -0
  125. package/dist/src/commands/self-test.d.ts +2 -0
  126. package/dist/src/commands/self-test.js +63 -0
  127. package/dist/src/commands/self-test.js.map +1 -0
  128. package/dist/src/commands/tree.d.ts +2 -0
  129. package/dist/src/commands/tree.js +21 -0
  130. package/dist/src/commands/tree.js.map +1 -0
  131. package/dist/src/commands/upgrade-pr.d.ts +2 -0
  132. package/dist/src/commands/upgrade-pr.js +15 -0
  133. package/dist/src/commands/upgrade-pr.js.map +1 -0
  134. package/dist/src/commands/vault.d.ts +2 -0
  135. package/dist/src/commands/vault.js +86 -0
  136. package/dist/src/commands/vault.js.map +1 -0
  137. package/dist/src/commands/vulnerabilities.d.ts +2 -0
  138. package/dist/src/commands/vulnerabilities.js +42 -0
  139. package/dist/src/commands/vulnerabilities.js.map +1 -0
  140. package/dist/src/commands/watch.d.ts +2 -0
  141. package/dist/src/commands/watch.js +34 -0
  142. package/dist/src/commands/watch.js.map +1 -0
  143. package/dist/src/config/version.d.ts +6 -0
  144. package/dist/src/config/version.js +29 -0
  145. package/dist/src/config/version.js.map +1 -0
  146. package/dist/src/contracts/analyzer.d.ts +23 -0
  147. package/dist/src/contracts/analyzer.js +2 -0
  148. package/dist/src/contracts/analyzer.js.map +1 -0
  149. package/dist/src/contracts/finding.d.ts +35 -0
  150. package/dist/src/contracts/finding.js +13 -0
  151. package/dist/src/contracts/finding.js.map +1 -0
  152. package/dist/src/contracts/report.d.ts +30 -0
  153. package/dist/src/contracts/report.js +2 -0
  154. package/dist/src/contracts/report.js.map +1 -0
  155. package/dist/src/contracts/rule.d.ts +12 -0
  156. package/dist/src/contracts/rule.js +7 -0
  157. package/dist/src/contracts/rule.js.map +1 -0
  158. package/dist/src/core/alternatives.d.ts +8 -0
  159. package/dist/src/core/alternatives.js +35 -0
  160. package/dist/src/core/alternatives.js.map +1 -0
  161. package/dist/src/core/analyze-package.d.ts +2 -0
  162. package/dist/src/core/analyze-package.js +49 -0
  163. package/dist/src/core/analyze-package.js.map +1 -0
  164. package/dist/src/core/announce/generate.d.ts +9 -0
  165. package/dist/src/core/announce/generate.js +19 -0
  166. package/dist/src/core/announce/generate.js.map +1 -0
  167. package/dist/src/core/compare-packages.d.ts +7 -0
  168. package/dist/src/core/compare-packages.js +19 -0
  169. package/dist/src/core/compare-packages.js.map +1 -0
  170. package/dist/src/core/config/load.d.ts +3 -0
  171. package/dist/src/core/config/load.js +21 -0
  172. package/dist/src/core/config/load.js.map +1 -0
  173. package/dist/src/core/config/policy.d.ts +3 -0
  174. package/dist/src/core/config/policy.js +48 -0
  175. package/dist/src/core/config/policy.js.map +1 -0
  176. package/dist/src/core/config/schema.d.ts +172 -0
  177. package/dist/src/core/config/schema.js +84 -0
  178. package/dist/src/core/config/schema.js.map +1 -0
  179. package/dist/src/core/dependencies/inventory.d.ts +9 -0
  180. package/dist/src/core/dependencies/inventory.js +43 -0
  181. package/dist/src/core/dependencies/inventory.js.map +1 -0
  182. package/dist/src/core/dependency-scan.d.ts +17 -0
  183. package/dist/src/core/dependency-scan.js +70 -0
  184. package/dist/src/core/dependency-scan.js.map +1 -0
  185. package/dist/src/core/dependency-tree.d.ts +16 -0
  186. package/dist/src/core/dependency-tree.js +19 -0
  187. package/dist/src/core/dependency-tree.js.map +1 -0
  188. package/dist/src/core/dependency-types.d.ts +17 -0
  189. package/dist/src/core/dependency-types.js +2 -0
  190. package/dist/src/core/dependency-types.js.map +1 -0
  191. package/dist/src/core/diff/security-diff.d.ts +10 -0
  192. package/dist/src/core/diff/security-diff.js +20 -0
  193. package/dist/src/core/diff/security-diff.js.map +1 -0
  194. package/dist/src/core/file-walker.d.ts +6 -0
  195. package/dist/src/core/file-walker.js +27 -0
  196. package/dist/src/core/file-walker.js.map +1 -0
  197. package/dist/src/core/git-audit.d.ts +12 -0
  198. package/dist/src/core/git-audit.js +111 -0
  199. package/dist/src/core/git-audit.js.map +1 -0
  200. package/dist/src/core/github/remote-audit.d.ts +5 -0
  201. package/dist/src/core/github/remote-audit.js +28 -0
  202. package/dist/src/core/github/remote-audit.js.map +1 -0
  203. package/dist/src/core/github/upgrade-pr.d.ts +4 -0
  204. package/dist/src/core/github/upgrade-pr.js +41 -0
  205. package/dist/src/core/github/upgrade-pr.js.map +1 -0
  206. package/dist/src/core/history/git-metadata.d.ts +5 -0
  207. package/dist/src/core/history/git-metadata.js +37 -0
  208. package/dist/src/core/history/git-metadata.js.map +1 -0
  209. package/dist/src/core/history/store.d.ts +5 -0
  210. package/dist/src/core/history/store.js +65 -0
  211. package/dist/src/core/history/store.js.map +1 -0
  212. package/dist/src/core/history/types.d.ts +27 -0
  213. package/dist/src/core/history/types.js +2 -0
  214. package/dist/src/core/history/types.js.map +1 -0
  215. package/dist/src/core/hooks.d.ts +1 -0
  216. package/dist/src/core/hooks.js +14 -0
  217. package/dist/src/core/hooks.js.map +1 -0
  218. package/dist/src/core/learn.d.ts +11 -0
  219. package/dist/src/core/learn.js +163 -0
  220. package/dist/src/core/learn.js.map +1 -0
  221. package/dist/src/core/license-analysis.d.ts +18 -0
  222. package/dist/src/core/license-analysis.js +98 -0
  223. package/dist/src/core/license-analysis.js.map +1 -0
  224. package/dist/src/core/load-toolip-ignore.d.ts +5 -0
  225. package/dist/src/core/load-toolip-ignore.js +35 -0
  226. package/dist/src/core/load-toolip-ignore.js.map +1 -0
  227. package/dist/src/core/monorepo/discover.d.ts +7 -0
  228. package/dist/src/core/monorepo/discover.js +49 -0
  229. package/dist/src/core/monorepo/discover.js.map +1 -0
  230. package/dist/src/core/npm-registry.d.ts +3 -0
  231. package/dist/src/core/npm-registry.js +5 -0
  232. package/dist/src/core/npm-registry.js.map +1 -0
  233. package/dist/src/core/pre-commit.d.ts +11 -0
  234. package/dist/src/core/pre-commit.js +22 -0
  235. package/dist/src/core/pre-commit.js.map +1 -0
  236. package/dist/src/core/profile-project.d.ts +23 -0
  237. package/dist/src/core/profile-project.js +119 -0
  238. package/dist/src/core/profile-project.js.map +1 -0
  239. package/dist/src/core/publish/html.d.ts +6 -0
  240. package/dist/src/core/publish/html.js +44 -0
  241. package/dist/src/core/publish/html.js.map +1 -0
  242. package/dist/src/core/read-dependencies.d.ts +2 -0
  243. package/dist/src/core/read-dependencies.js +24 -0
  244. package/dist/src/core/read-dependencies.js.map +1 -0
  245. package/dist/src/core/report-writer.d.ts +5 -0
  246. package/dist/src/core/report-writer.js +61 -0
  247. package/dist/src/core/report-writer.js.map +1 -0
  248. package/dist/src/core/report.d.ts +34 -0
  249. package/dist/src/core/report.js +26 -0
  250. package/dist/src/core/report.js.map +1 -0
  251. package/dist/src/core/risk-score.d.ts +5 -0
  252. package/dist/src/core/risk-score.js +14 -0
  253. package/dist/src/core/risk-score.js.map +1 -0
  254. package/dist/src/core/sbom/generate.d.ts +2 -0
  255. package/dist/src/core/sbom/generate.js +120 -0
  256. package/dist/src/core/sbom/generate.js.map +1 -0
  257. package/dist/src/core/scanner-context.d.ts +12 -0
  258. package/dist/src/core/scanner-context.js +27 -0
  259. package/dist/src/core/scanner-context.js.map +1 -0
  260. package/dist/src/core/score.d.ts +13 -0
  261. package/dist/src/core/score.js +44 -0
  262. package/dist/src/core/score.js.map +1 -0
  263. package/dist/src/core/security-doctor.d.ts +12 -0
  264. package/dist/src/core/security-doctor.js +158 -0
  265. package/dist/src/core/security-doctor.js.map +1 -0
  266. package/dist/src/core/security-patterns.d.ts +14 -0
  267. package/dist/src/core/security-patterns.js +139 -0
  268. package/dist/src/core/security-patterns.js.map +1 -0
  269. package/dist/src/core/typosquat.d.ts +6 -0
  270. package/dist/src/core/typosquat.js +50 -0
  271. package/dist/src/core/typosquat.js.map +1 -0
  272. package/dist/src/core/vault.d.ts +48 -0
  273. package/dist/src/core/vault.js +127 -0
  274. package/dist/src/core/vault.js.map +1 -0
  275. package/dist/src/core/watch/watch.d.ts +5 -0
  276. package/dist/src/core/watch/watch.js +49 -0
  277. package/dist/src/core/watch/watch.js.map +1 -0
  278. package/dist/src/errors/toolip-error.d.ts +8 -0
  279. package/dist/src/errors/toolip-error.js +11 -0
  280. package/dist/src/errors/toolip-error.js.map +1 -0
  281. package/dist/src/index.d.ts +2 -0
  282. package/dist/src/index.js +89 -0
  283. package/dist/src/index.js.map +1 -0
  284. package/dist/src/mcp/server.d.ts +1 -0
  285. package/dist/src/mcp/server.js +64 -0
  286. package/dist/src/mcp/server.js.map +1 -0
  287. package/dist/src/providers/depsdev/client.d.ts +71 -0
  288. package/dist/src/providers/depsdev/client.js +44 -0
  289. package/dist/src/providers/depsdev/client.js.map +1 -0
  290. package/dist/src/providers/osv/client.d.ts +15 -0
  291. package/dist/src/providers/osv/client.js +51 -0
  292. package/dist/src/providers/osv/client.js.map +1 -0
  293. package/dist/src/providers/osv/types.d.ts +38 -0
  294. package/dist/src/providers/osv/types.js +2 -0
  295. package/dist/src/providers/osv/types.js.map +1 -0
  296. package/dist/src/storage/memory-cache.d.ts +7 -0
  297. package/dist/src/storage/memory-cache.js +25 -0
  298. package/dist/src/storage/memory-cache.js.map +1 -0
  299. package/dist/src/utils/error-handler.d.ts +1 -0
  300. package/dist/src/utils/error-handler.js +24 -0
  301. package/dist/src/utils/error-handler.js.map +1 -0
  302. package/dist/src/utils/output.d.ts +6 -0
  303. package/dist/src/utils/output.js +72 -0
  304. package/dist/src/utils/output.js.map +1 -0
  305. package/dist/src/utils/package-output.d.ts +4 -0
  306. package/dist/src/utils/package-output.js +40 -0
  307. package/dist/src/utils/package-output.js.map +1 -0
  308. package/package.json +13 -8
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerProfileCommand(program: Command): void;
@@ -0,0 +1,18 @@
1
+ import { profileProject } from '../core/profile-project.js';
2
+ import { printProfile } from '../utils/output.js';
3
+ export function registerProfileCommand(program) {
4
+ program
5
+ .command('profile')
6
+ .description('Fingerprint the current project and detect frameworks, languages, and tooling.')
7
+ .option('-p, --path <path>', 'Project path to inspect.', process.cwd())
8
+ .option('--json', 'Print profile as JSON.')
9
+ .action(async (options) => {
10
+ const profile = await profileProject(options.path);
11
+ if (options.json) {
12
+ console.log(JSON.stringify(profile, null, 2));
13
+ return;
14
+ }
15
+ printProfile(profile);
16
+ });
17
+ }
18
+ //# sourceMappingURL=profile.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"profile.js","sourceRoot":"","sources":["../../../src/commands/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,gFAAgF,CAAC;SAC7F,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;SAC1C,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerPublishCommand(program: Command): void;
@@ -0,0 +1,25 @@
1
+ import { mkdir, writeFile } from 'node:fs/promises';
2
+ import path from 'node:path';
3
+ import { runSecurityDoctor } from '../core/security-doctor.js';
4
+ import { renderHtmlReport } from '../core/publish/html.js';
5
+ export function registerPublishCommand(program) {
6
+ program
7
+ .command('publish')
8
+ .description('Generate a static HTML security report.')
9
+ .option('-p, --path <path>', 'Project path.', process.cwd())
10
+ .option('-o, --output <directory>', 'Output directory.', '.toolip-report')
11
+ .action(async (options) => {
12
+ const report = await runSecurityDoctor(options.path);
13
+ const directory = path.resolve(options.path, options.output);
14
+ await mkdir(directory, { recursive: true });
15
+ const html = renderHtmlReport({
16
+ project: path.basename(path.resolve(options.path)),
17
+ generatedAt: new Date().toISOString(),
18
+ findings: report.findings
19
+ });
20
+ await writeFile(path.join(directory, 'index.html'), html, 'utf8');
21
+ console.log(`Static report written to ${path.join(directory, 'index.html')}`);
22
+ console.log('Deploy this directory to GitHub Pages only after reviewing it for private data.');
23
+ });
24
+ }
25
+ //# sourceMappingURL=publish.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publish.js","sourceRoot":"","sources":["../../../src/commands/publish.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,yCAAyC,CAAC;SACtD,MAAM,CAAC,mBAAmB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC3D,MAAM,CAAC,0BAA0B,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;SACzE,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5C,MAAM,IAAI,GAAG,gBAAgB,CAAC;YAC5B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAClD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerReachabilityCommand(program: Command): void;
@@ -0,0 +1,47 @@
1
+ import { AnalyzerRunner } from '../application/analyzer-runner.js';
2
+ import { ReachabilityAnalyzer } from '../analyzers/reachability/reachability-analyzer.js';
3
+ export function registerReachabilityCommand(program) {
4
+ program
5
+ .command('reachability')
6
+ .description('Show which npm packages are observed in JavaScript and TypeScript source imports.')
7
+ .option('-p, --path <path>', 'Project path to inspect.', process.cwd())
8
+ .option('--json', 'Print structured JSON output.')
9
+ .option('--include-dev', 'Include development dependencies.')
10
+ .action(async (options) => {
11
+ const runner = new AnalyzerRunner({
12
+ concurrency: 1,
13
+ timeoutMs: 60_000
14
+ });
15
+ const [result] = await runner.run([new ReachabilityAnalyzer()], {
16
+ root: options.path
17
+ });
18
+ if (!result) {
19
+ throw new Error('The reachability analyzer returned no result.');
20
+ }
21
+ const allPackages = (result.metadata?.packages ??
22
+ []);
23
+ const packages = options.includeDev
24
+ ? allPackages
25
+ : allPackages.filter((item) => !item.development);
26
+ if (options.json) {
27
+ console.log(JSON.stringify({
28
+ analyzer: result.analyzer,
29
+ durationMs: result.durationMs,
30
+ packages
31
+ }, null, 2));
32
+ return;
33
+ }
34
+ console.log('Toolip Package Reachability');
35
+ console.log('');
36
+ for (const item of packages) {
37
+ console.log(`${item.state.padEnd(18)} ${item.packageName}`);
38
+ for (const reference of item.references.slice(0, 5)) {
39
+ console.log(` ${reference.file}:${reference.line}:` +
40
+ `${reference.column} (${reference.kind})`);
41
+ }
42
+ }
43
+ console.log('');
44
+ console.log('Reachability is static evidence, not proof that exploitation is impossible.');
45
+ });
46
+ }
47
+ //# sourceMappingURL=reachability.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"reachability.js","sourceRoot":"","sources":["../../../src/commands/reachability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EACL,oBAAoB,EAErB,MAAM,oDAAoD,CAAC;AAQ5D,MAAM,UAAU,2BAA2B,CACzC,OAAgB;IAEhB,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,mFAAmF,CACpF;SACA,MAAM,CACL,mBAAmB,EACnB,0BAA0B,EAC1B,OAAO,CAAC,GAAG,EAAE,CACd;SACA,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;SACjD,MAAM,CACL,eAAe,EACf,mCAAmC,CACpC;SACA,MAAM,CAAC,KAAK,EAAE,OAA4B,EAAE,EAAE;QAC7C,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;YAChC,WAAW,EAAE,CAAC;YACd,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,CAAC,IAAI,oBAAoB,EAAE,CAAC,EAC5B;YACE,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,+CAA+C,CAChD,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GACf,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ;YACxB,EAAE,CAA0B,CAAC;QAEjC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU;YACjC,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,WAAW,CAAC,MAAM,CAChB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAC5B,CAAC;QAEN,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;gBACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ;aACT,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CACT,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAC/C,CAAC;YAEF,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAC3C,CAAC,EACD,CAAC,CACF,EAAE,CAAC;gBACF,OAAO,CAAC,GAAG,CACT,KAAK,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,GAAG;oBACtC,GAAG,SAAS,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,GAAG,CAC5C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CACT,6EAA6E,CAC9E,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerSbomCommand(program: Command): void;
@@ -0,0 +1,33 @@
1
+ import { mkdir, writeFile } from 'node:fs/promises';
2
+ import path from 'node:path';
3
+ import { generateSbom } from '../core/sbom/generate.js';
4
+ function assertFormat(value) {
5
+ if (value !== 'cyclonedx' &&
6
+ value !== 'spdx') {
7
+ throw new Error('SBOM format must be cyclonedx or spdx.');
8
+ }
9
+ }
10
+ export function registerSbomCommand(program) {
11
+ program
12
+ .command('sbom')
13
+ .description('Generate a CycloneDX 1.5 or SPDX 2.3 software bill of materials.')
14
+ .option('-p, --path <path>', 'Project path to inspect.', process.cwd())
15
+ .option('-f, --format <format>', 'cyclonedx or spdx.', 'cyclonedx')
16
+ .option('-o, --output <file>', 'Write JSON to a file instead of stdout.')
17
+ .action(async (options) => {
18
+ assertFormat(options.format);
19
+ const document = await generateSbom(options.path, options.format);
20
+ const output = `${JSON.stringify(document, null, 2)}\n`;
21
+ if (!options.output) {
22
+ process.stdout.write(output);
23
+ return;
24
+ }
25
+ const outputPath = path.resolve(options.path, options.output);
26
+ await mkdir(path.dirname(outputPath), {
27
+ recursive: true
28
+ });
29
+ await writeFile(outputPath, output, 'utf8');
30
+ console.log(`SBOM written to ${outputPath}`);
31
+ });
32
+ }
33
+ //# sourceMappingURL=sbom.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sbom.js","sourceRoot":"","sources":["../../../src/commands/sbom.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,SAAS,EACV,MAAM,kBAAkB,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EACL,YAAY,EAEb,MAAM,0BAA0B,CAAC;AAQlC,SAAS,YAAY,CACnB,KAAa;IAEb,IACE,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,MAAM,EAChB,CAAC;QACD,MAAM,IAAI,KAAK,CACb,wCAAwC,CACzC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAgB;IAEhB,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CACV,kEAAkE,CACnE;SACA,MAAM,CACL,mBAAmB,EACnB,0BAA0B,EAC1B,OAAO,CAAC,GAAG,EAAE,CACd;SACA,MAAM,CACL,uBAAuB,EACvB,oBAAoB,EACpB,WAAW,CACZ;SACA,MAAM,CACL,qBAAqB,EACrB,yCAAyC,CAC1C;SACA,MAAM,CAAC,KAAK,EAAE,OAAoB,EAAE,EAAE;QACrC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE7B,MAAM,QAAQ,GAAG,MAAM,YAAY,CACjC,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;QAEF,MAAM,MAAM,GACV,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QAE3C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAC7B,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;QAEF,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YACpC,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QAEH,MAAM,SAAS,CACb,UAAU,EACV,MAAM,EACN,MAAM,CACP,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,mBAAmB,UAAU,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerScanCommand(program: Command): void;
@@ -0,0 +1,48 @@
1
+ import chalk from 'chalk';
2
+ import { createScannerContext } from '../core/scanner-context.js';
3
+ import { createReport } from '../core/report.js';
4
+ import { writeReport } from '../core/report-writer.js';
5
+ import { scanDependencies } from '../core/dependency-scan.js';
6
+ import { calculateDependencyHealth, calculateScore } from '../core/score.js';
7
+ import { TOOLIP_VERSION } from '../config/version.js';
8
+ import { printReportSummary, printScannerContext } from '../utils/output.js';
9
+ export function registerScanCommand(program) {
10
+ program
11
+ .command('scan')
12
+ .description('Scan project dependencies and security hygiene indicators.')
13
+ .option('-p, --path <path>', 'Project path to scan.', process.cwd())
14
+ .option('-o, --output <file>', 'Write scan report to JSON or Markdown.')
15
+ .action(async (options) => {
16
+ console.log(chalk.bold('Toolip Scan'));
17
+ console.log('');
18
+ const context = await createScannerContext(options.path);
19
+ printScannerContext(context);
20
+ const dependencyScan = await scanDependencies(context.root);
21
+ const dependencyHealth = calculateDependencyHealth(dependencyScan.findings);
22
+ const score = calculateScore({ dependencyHealth });
23
+ const report = createReport({
24
+ version: TOOLIP_VERSION,
25
+ command: 'scan',
26
+ root: context.root,
27
+ findings: dependencyScan.findings
28
+ });
29
+ console.log('');
30
+ console.log(chalk.bold('Dependency Intelligence'));
31
+ console.log(`${chalk.dim('Total Dependencies:')} ${dependencyScan.summary.totalDependencies}`);
32
+ console.log(`${chalk.dim('Outdated:')} ${dependencyScan.summary.outdated}`);
33
+ console.log(`${chalk.dim('Deprecated:')} ${dependencyScan.summary.deprecated}`);
34
+ console.log(`${chalk.dim('High Risk:')} ${dependencyScan.summary.highRisk}`);
35
+ console.log(`${chalk.dim('Medium Risk:')} ${dependencyScan.summary.mediumRisk}`);
36
+ console.log(`${chalk.dim('Average Risk:')} ${dependencyScan.summary.averageRiskScore}`);
37
+ console.log(`${chalk.dim('Dependency Health:')} ${dependencyHealth}`);
38
+ console.log(`${chalk.dim('Overall Grade:')} ${score.grade}`);
39
+ console.log('');
40
+ printReportSummary(report);
41
+ if (options.output) {
42
+ await writeReport(options.output, report);
43
+ console.log('');
44
+ console.log(`${chalk.green('✓')} Report written to ${options.output}`);
45
+ }
46
+ });
47
+ }
48
+ //# sourceMappingURL=scan.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/commands/scan.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE7E,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACnE,MAAM,CAAC,qBAAqB,EAAE,wCAAwC,CAAC;SACvE,MAAM,CAAC,KAAK,EAAE,OAA0C,EAAE,EAAE;QAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEnD,MAAM,MAAM,GAAG,YAAY,CAAC;YAC1B,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,MAAM;YACf,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACjF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACxF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAE7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAE3B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerScoreCommand(program: Command): void;
@@ -0,0 +1,24 @@
1
+ import chalk from 'chalk';
2
+ import { scanDependencies } from '../core/dependency-scan.js';
3
+ import { calculateDependencyHealth, calculateScore } from '../core/score.js';
4
+ export function registerScoreCommand(program) {
5
+ program
6
+ .command('score')
7
+ .description('Calculate a Toolip security scorecard for the current project.')
8
+ .option('-p, --path <path>', 'Project path to score.', process.cwd())
9
+ .action(async (options) => {
10
+ const dependencyScan = await scanDependencies(options.path);
11
+ const dependencyHealth = calculateDependencyHealth(dependencyScan.findings);
12
+ const score = calculateScore({ dependencyHealth });
13
+ console.log(chalk.bold('Toolip Security Scorecard'));
14
+ console.log('');
15
+ console.log(`${chalk.dim('Dependency Health ....')} ${score.dependencyHealth}`);
16
+ console.log(`${chalk.dim('Secret Hygiene .......')} ${score.secretHygiene}`);
17
+ console.log(`${chalk.dim('Configuration ........')} ${score.configurationSecurity}`);
18
+ console.log(`${chalk.dim('Git Safety ...........')} ${score.gitSafety}`);
19
+ console.log('');
20
+ console.log(`${chalk.dim('Overall Score ........')} ${score.overall}`);
21
+ console.log(`${chalk.dim('Grade ................')} ${score.grade}`);
22
+ });
23
+ }
24
+ //# sourceMappingURL=score.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"score.js","sourceRoot":"","sources":["../../../src/commands/score.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAE7E,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,gEAAgE,CAAC;SAC7E,MAAM,CAAC,mBAAmB,EAAE,wBAAwB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACpE,MAAM,CAAC,KAAK,EAAE,OAAyB,EAAE,EAAE;QAC1C,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerSelfTestCommand(program: Command): void;
@@ -0,0 +1,63 @@
1
+ import chalk from 'chalk';
2
+ import { access } from 'node:fs/promises';
3
+ import path from 'node:path';
4
+ import { TOOLIP_VERSION } from '../config/version.js';
5
+ async function canAccess(filePath) {
6
+ try {
7
+ await access(filePath);
8
+ return true;
9
+ }
10
+ catch {
11
+ return false;
12
+ }
13
+ }
14
+ export function registerSelfTestCommand(program) {
15
+ program
16
+ .command('self-test')
17
+ .description('Run Toolip internal diagnostics.')
18
+ .action(async () => {
19
+ const checks = [
20
+ {
21
+ label: 'CLI Loaded',
22
+ passed: true
23
+ },
24
+ {
25
+ label: 'Command Router Ready',
26
+ passed: true
27
+ },
28
+ {
29
+ label: 'Package Manifest Found',
30
+ passed: await canAccess(path.join(process.cwd(), 'package.json'))
31
+ },
32
+ {
33
+ label: 'Scanner Foundation Ready',
34
+ passed: true
35
+ },
36
+ {
37
+ label: 'Report Engine Ready',
38
+ passed: true
39
+ }
40
+ ];
41
+ console.log(chalk.bold('Toolip Self-Test'));
42
+ console.log(chalk.dim(`Version: ${TOOLIP_VERSION}`));
43
+ console.log('');
44
+ let failed = 0;
45
+ for (const check of checks) {
46
+ if (check.passed) {
47
+ console.log(`${chalk.green('✓')} ${check.label}`);
48
+ }
49
+ else {
50
+ failed += 1;
51
+ console.log(`${chalk.red('✖')} ${check.label}`);
52
+ }
53
+ }
54
+ console.log('');
55
+ if (failed > 0) {
56
+ console.log(chalk.red(`Toolip found ${failed} failed diagnostic check(s).`));
57
+ process.exitCode = 1;
58
+ return;
59
+ }
60
+ console.log(chalk.green('Toolip is healthy.'));
61
+ });
62
+ }
63
+ //# sourceMappingURL=self-test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"self-test.js","sourceRoot":"","sources":["../../../src/commands/self-test.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,OAAO;SACJ,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,kCAAkC,CAAC;SAC/C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG;YACb;gBACE,KAAK,EAAE,YAAY;gBACnB,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,sBAAsB;gBAC7B,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,wBAAwB;gBAC/B,MAAM,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;aAClE;YACD;gBACE,KAAK,EAAE,0BAA0B;gBACjC,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,qBAAqB;gBAC5B,MAAM,EAAE,IAAI;aACb;SACF,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,cAAc,EAAE,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,CAAC,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,MAAM,8BAA8B,CAAC,CAAC,CAAC;YAC7E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerTreeCommand(program: Command): void;
@@ -0,0 +1,21 @@
1
+ import chalk from 'chalk';
2
+ import { buildDependencyTree } from '../core/dependency-tree.js';
3
+ export function registerTreeCommand(program) {
4
+ program
5
+ .command('tree')
6
+ .description('Display a dependency tree summary.')
7
+ .option('-p, --path <path>', 'Project path to analyze.', process.cwd())
8
+ .action(async (options) => {
9
+ const tree = await buildDependencyTree(options.path);
10
+ console.log(chalk.bold('Toolip Dependency Tree'));
11
+ console.log('');
12
+ console.log(`${chalk.dim('Direct Dependencies:')} ${tree.summary.direct}`);
13
+ console.log(`${chalk.dim('Transitive Dependencies:')} ${tree.summary.transitive}`);
14
+ console.log(`${chalk.dim('Max Depth:')} ${tree.summary.maxDepth}`);
15
+ console.log('');
16
+ for (const dependency of tree.dependencies) {
17
+ console.log(`${chalk.green('├─')} ${dependency.name}@${dependency.version} ${chalk.dim(`(${dependency.type})`)}`);
18
+ }
19
+ });
20
+ }
21
+ //# sourceMappingURL=tree.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"tree.js","sourceRoot":"","sources":["../../../src/commands/tree.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,oCAAoC,CAAC;SACjD,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,OAAyB,EAAE,EAAE;QAC1C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAErD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QACpH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerUpgradePrCommand(program: Command): void;
@@ -0,0 +1,15 @@
1
+ import { createUpgradePullRequest } from '../core/github/upgrade-pr.js';
2
+ export function registerUpgradePrCommand(program) {
3
+ program
4
+ .command('upgrade-pr <package> <version>')
5
+ .description('Create a tested dependency-upgrade pull request through gh.')
6
+ .option('-p, --path <path>', 'Repository path.', process.cwd())
7
+ .option('--dry-run', 'Validate the request without changing Git.')
8
+ .action(async (packageName, version, options) => {
9
+ const result = await createUpgradePullRequest(options.path, packageName, version, Boolean(options.dryRun));
10
+ console.log(options.dryRun
11
+ ? `Dry run passed. Proposed branch: ${result.branch}`
12
+ : `Pull request created from ${result.branch}`);
13
+ });
14
+ }
15
+ //# sourceMappingURL=upgrade-pr.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"upgrade-pr.js","sourceRoot":"","sources":["../../../src/commands/upgrade-pr.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AAExE,MAAM,UAAU,wBAAwB,CAAC,OAAgB;IACvD,OAAO;SACJ,OAAO,CAAC,gCAAgC,CAAC;SACzC,WAAW,CAAC,6DAA6D,CAAC;SAC1E,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC9D,MAAM,CAAC,WAAW,EAAE,4CAA4C,CAAC;SACjE,MAAM,CAAC,KAAK,EACX,WAAmB,EACnB,OAAe,EACf,OAA2C,EAC3C,EAAE;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,OAAO,CAAC,IAAI,EACZ,WAAW,EACX,OAAO,EACP,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CACxB,CAAC;QAEF,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,MAAM;YACZ,CAAC,CAAC,oCAAoC,MAAM,CAAC,MAAM,EAAE;YACrD,CAAC,CAAC,6BAA6B,MAAM,CAAC,MAAM,EAAE,CACjD,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerVaultCommand(program: Command): void;
@@ -0,0 +1,86 @@
1
+ import chalk from 'chalk';
2
+ import { deleteSecret, exportEnv, getSecret, initVault, listSecrets, setSecret } from '../core/vault.js';
3
+ export function registerVaultCommand(program) {
4
+ const vault = program
5
+ .command('vault')
6
+ .description('Manage encrypted local secrets with Toolip Vault.');
7
+ vault
8
+ .command('init')
9
+ .description('Initialize an encrypted local vault.')
10
+ .requiredOption('--password <password>', 'Master password.')
11
+ .action(async (options) => {
12
+ await initVault(options.password);
13
+ console.log(`${chalk.green('✓')} Toolip Vault initialized.`);
14
+ });
15
+ vault
16
+ .command('set <key> <value>')
17
+ .description('Store or update a secret.')
18
+ .option('--env <env>', 'Secret environment.', 'development')
19
+ .requiredOption('--password <password>', 'Master password.')
20
+ .action(async (key, value, options) => {
21
+ await setSecret({
22
+ key,
23
+ value,
24
+ env: options.env,
25
+ masterPassword: options.password
26
+ });
27
+ console.log(`${chalk.green('✓')} Stored ${key} for ${options.env}.`);
28
+ });
29
+ vault
30
+ .command('get <key>')
31
+ .description('Retrieve a secret value.')
32
+ .option('--env <env>', 'Secret environment.', 'development')
33
+ .requiredOption('--password <password>', 'Master password.')
34
+ .action(async (key, options) => {
35
+ const secret = await getSecret({
36
+ key,
37
+ env: options.env,
38
+ masterPassword: options.password
39
+ });
40
+ console.log(secret.value);
41
+ });
42
+ vault
43
+ .command('list')
44
+ .description('List secret names without revealing values.')
45
+ .option('--env <env>', 'Filter by environment.')
46
+ .requiredOption('--password <password>', 'Master password.')
47
+ .action(async (options) => {
48
+ const secrets = await listSecrets({
49
+ env: options.env,
50
+ masterPassword: options.password
51
+ });
52
+ if (secrets.length === 0) {
53
+ console.log(chalk.yellow('No secrets found.'));
54
+ return;
55
+ }
56
+ for (const secret of secrets) {
57
+ console.log(`${chalk.green('✓')} ${secret.key} ${chalk.dim(`(${secret.env})`)}`);
58
+ }
59
+ });
60
+ vault
61
+ .command('delete <key>')
62
+ .description('Delete a secret.')
63
+ .option('--env <env>', 'Secret environment.', 'development')
64
+ .requiredOption('--password <password>', 'Master password.')
65
+ .action(async (key, options) => {
66
+ const deleted = await deleteSecret({
67
+ key,
68
+ env: options.env,
69
+ masterPassword: options.password
70
+ });
71
+ console.log(deleted ? `${chalk.green('✓')} Deleted ${key}.` : chalk.yellow(`No secret found for ${key}.`));
72
+ });
73
+ vault
74
+ .command('export')
75
+ .description('Export secrets as shell-compatible environment lines.')
76
+ .option('--env <env>', 'Filter by environment.')
77
+ .requiredOption('--password <password>', 'Master password.')
78
+ .action(async (options) => {
79
+ const output = await exportEnv({
80
+ env: options.env,
81
+ masterPassword: options.password
82
+ });
83
+ console.log(output);
84
+ });
85
+ }
86
+ //# sourceMappingURL=vault.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vault.js","sourceRoot":"","sources":["../../../src/commands/vault.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,SAAS,EACT,SAAS,EACT,SAAS,EACT,WAAW,EACX,SAAS,EACV,MAAM,kBAAkB,CAAC;AAE1B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,mDAAmD,CAAC,CAAC;IAEpE,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,sCAAsC,CAAC;SACnD,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA6B,EAAE,EAAE;QAC9C,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,mBAAmB,CAAC;SAC5B,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,KAAa,EAAE,OAA0C,EAAE,EAAE;QACvF,MAAM,SAAS,CAAC;YACd,GAAG;YACH,KAAK;YACL,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,GAAG,QAAQ,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,0BAA0B,CAAC;SACvC,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,OAA0C,EAAE,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,GAAG;YACH,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,6CAA6C,CAAC;SAC1D,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC;SAC/C,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA2C,EAAE,EAAE;QAC5D,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;YAChC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,kBAAkB,CAAC;SAC/B,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,OAA0C,EAAE,EAAE;QACxE,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC;YACjC,GAAG;YACH,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,uBAAuB,GAAG,GAAG,CAAC,CAAC,CAAC;IAC7G,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,uDAAuD,CAAC;SACpE,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC;SAC/C,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA2C,EAAE,EAAE;QAC5D,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerVulnerabilitiesCommand(program: Command): void;
@@ -0,0 +1,42 @@
1
+ import { AnalyzerRunner } from '../application/analyzer-runner.js';
2
+ import { OsvVulnerabilityAnalyzer } from '../analyzers/vulnerability/osv-analyzer.js';
3
+ import { MemoryCache } from '../storage/memory-cache.js';
4
+ export function registerVulnerabilitiesCommand(program) {
5
+ program
6
+ .command('vulnerabilities')
7
+ .alias('vulns')
8
+ .description('Match resolved npm dependencies against OSV.dev.')
9
+ .option('-p, --path <path>', 'Project path to inspect.', process.cwd())
10
+ .option('--json', 'Print structured JSON output.')
11
+ .option('--include-dev', 'Include development dependency findings.')
12
+ .action(async (options) => {
13
+ const [result] = await new AnalyzerRunner({ concurrency: 1, timeoutMs: 60000 }).run([new OsvVulnerabilityAnalyzer()], { root: options.path, cache: new MemoryCache() });
14
+ if (!result)
15
+ throw new Error('OSV analyzer returned no result.');
16
+ const findings = options.includeDev
17
+ ? result.findings
18
+ : result.findings.filter((finding) => finding.metadata?.development !== true);
19
+ if (options.json) {
20
+ console.log(JSON.stringify({ ...result, findings }, null, 2));
21
+ }
22
+ else {
23
+ console.log('Toolip Vulnerability Intelligence');
24
+ console.log('');
25
+ console.log(`Dependencies checked: ${result.metadata?.dependenciesChecked ?? 0}`);
26
+ console.log(`Known vulnerabilities: ${findings.length}`);
27
+ console.log('');
28
+ for (const finding of findings) {
29
+ console.log(`[${finding.severity.toUpperCase()}] ${finding.metadata?.vulnerabilityId}`);
30
+ console.log(`Package: ${finding.metadata?.package}@${finding.metadata?.installedVersion}`);
31
+ console.log(`Summary: ${finding.title}`);
32
+ if (finding.remediation?.summary)
33
+ console.log(`Fix: ${finding.remediation.summary}`);
34
+ console.log('');
35
+ }
36
+ if (findings.length === 0) {
37
+ console.log('No disclosed vulnerabilities matched the resolved npm dependency versions.');
38
+ }
39
+ }
40
+ });
41
+ }
42
+ //# sourceMappingURL=vulnerabilities.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vulnerabilities.js","sourceRoot":"","sources":["../../../src/commands/vulnerabilities.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,4CAA4C,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,MAAM,UAAU,8BAA8B,CAAC,OAAgB;IAC7D,OAAO;SACJ,OAAO,CAAC,iBAAiB,CAAC;SAC1B,KAAK,CAAC,OAAO,CAAC;SACd,WAAW,CAAC,kDAAkD,CAAC;SAC/D,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;SACjD,MAAM,CAAC,eAAe,EAAE,0CAA0C,CAAC;SACnE,MAAM,CAAC,KAAK,EAAE,OAA+D,EAAE,EAAE;QAChF,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,cAAc,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,CACjF,CAAC,IAAI,wBAAwB,EAAE,CAAC,EAChC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,WAAW,EAAE,EAAE,CACjD,CAAC;QAEF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU;YACjC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACjB,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,KAAK,IAAI,CAAC,CAAC;QAEhF,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,QAAQ,EAAE,mBAAmB,IAAI,CAAC,EAAE,CAAC,CAAC;YAClF,OAAO,CAAC,GAAG,CAAC,0BAA0B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEhB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC;gBACxF,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,QAAQ,EAAE,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAC,CAAC;gBAC3F,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzC,IAAI,OAAO,CAAC,WAAW,EAAE,OAAO;oBAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,4EAA4E,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,2 @@
1
+ import type { Command } from 'commander';
2
+ export declare function registerWatchCommand(program: Command): void;
@@ -0,0 +1,34 @@
1
+ import { runSecurityDoctor } from '../core/security-doctor.js';
2
+ import { watchProject } from '../core/watch/watch.js';
3
+ export function registerWatchCommand(program) {
4
+ program
5
+ .command('watch')
6
+ .description('Continuously rerun Toolip security checks as files change.')
7
+ .option('-p, --path <path>', 'Project path.', process.cwd())
8
+ .option('--once', 'Run once without watching.')
9
+ .action(async (options) => {
10
+ const render = async () => {
11
+ const result = await runSecurityDoctor(options.path);
12
+ console.clear();
13
+ console.log('Toolip Watch');
14
+ console.log('');
15
+ console.log(`Updated: ${new Date().toISOString()}`);
16
+ console.log(`Critical/secrets: ${result.summary.secrets}`);
17
+ console.log(`Dangerous code: ${result.summary.dangerousCode}`);
18
+ console.log(`Configuration: ${result.summary.configuration}`);
19
+ console.log(`Total findings: ${result.findings.length}`);
20
+ };
21
+ await render();
22
+ if (options.once)
23
+ return;
24
+ console.log('');
25
+ console.log('Watching for changes. Press Ctrl+C to stop.');
26
+ const close = watchProject(options.path, render);
27
+ process.once('SIGINT', () => {
28
+ close();
29
+ process.exit(0);
30
+ });
31
+ await new Promise(() => undefined);
32
+ });
33
+ }
34
+ //# sourceMappingURL=watch.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"watch.js","sourceRoot":"","sources":["../../../src/commands/watch.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,mBAAmB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC3D,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC;SAC9C,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,KAAK,IAAmB,EAAE;YACvC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrD,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC;QAEF,MAAM,MAAM,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI;YAAE,OAAO;QAEzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAE3D,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAEjD,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;YAC1B,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACP,CAAC"}
@@ -0,0 +1,6 @@
1
+ export declare const TOOLIP_VERSION: string;
2
+ export declare const TOOLIP_AUTHOR: {
3
+ name: string;
4
+ handle: string;
5
+ github: string;
6
+ };
@@ -0,0 +1,29 @@
1
+ import { readFileSync } from 'node:fs';
2
+ import path from 'node:path';
3
+ import { fileURLToPath } from 'node:url';
4
+ function resolvePackageVersion() {
5
+ let directory = path.dirname(fileURLToPath(import.meta.url));
6
+ const root = path.parse(directory).root;
7
+ while (directory !== root) {
8
+ const manifestPath = path.join(directory, 'package.json');
9
+ try {
10
+ const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
11
+ if (manifest.name === 'toolip' &&
12
+ typeof manifest.version === 'string') {
13
+ return manifest.version;
14
+ }
15
+ }
16
+ catch {
17
+ // Continue searching parent directories.
18
+ }
19
+ directory = path.dirname(directory);
20
+ }
21
+ throw new Error('Unable to resolve Toolip version from package.json.');
22
+ }
23
+ export const TOOLIP_VERSION = resolvePackageVersion();
24
+ export const TOOLIP_AUTHOR = {
25
+ name: 'Ashibuogwu Williams',
26
+ handle: 'wbizmo',
27
+ github: 'https://github.com/wbizmo'
28
+ };
29
+ //# sourceMappingURL=version.js.map