toolip 1.0.6 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +189 -448
- package/dist/src/analyzers/ast/ast-security-analyzer.d.ts +6 -0
- package/dist/src/analyzers/ast/ast-security-analyzer.js +64 -0
- package/dist/src/analyzers/ast/ast-security-analyzer.js.map +1 -0
- package/dist/src/analyzers/ast/rules.d.ts +48 -0
- package/dist/src/analyzers/ast/rules.js +39 -0
- package/dist/src/analyzers/ast/rules.js.map +1 -0
- package/dist/src/analyzers/ast/source-analysis.d.ts +2 -0
- package/dist/src/analyzers/ast/source-analysis.js +225 -0
- package/dist/src/analyzers/ast/source-analysis.js.map +1 -0
- package/dist/src/analyzers/dependency-confusion/analyzer.d.ts +9 -0
- package/dist/src/analyzers/dependency-confusion/analyzer.js +98 -0
- package/dist/src/analyzers/dependency-confusion/analyzer.js.map +1 -0
- package/dist/src/analyzers/docker/analyzer.d.ts +6 -0
- package/dist/src/analyzers/docker/analyzer.js +103 -0
- package/dist/src/analyzers/docker/analyzer.js.map +1 -0
- package/dist/src/analyzers/git-history/analyzer.d.ts +8 -0
- package/dist/src/analyzers/git-history/analyzer.js +157 -0
- package/dist/src/analyzers/git-history/analyzer.js.map +1 -0
- package/dist/src/analyzers/git-history/secret-patterns.d.ts +7 -0
- package/dist/src/analyzers/git-history/secret-patterns.js +33 -0
- package/dist/src/analyzers/git-history/secret-patterns.js.map +1 -0
- package/dist/src/analyzers/install-scripts/install-script-analyzer.d.ts +6 -0
- package/dist/src/analyzers/install-scripts/install-script-analyzer.js +135 -0
- package/dist/src/analyzers/install-scripts/install-script-analyzer.js.map +1 -0
- package/dist/src/analyzers/reachability/import-graph.d.ts +9 -0
- package/dist/src/analyzers/reachability/import-graph.js +110 -0
- package/dist/src/analyzers/reachability/import-graph.js.map +1 -0
- package/dist/src/analyzers/reachability/reachability-analyzer.d.ts +16 -0
- package/dist/src/analyzers/reachability/reachability-analyzer.js +95 -0
- package/dist/src/analyzers/reachability/reachability-analyzer.js.map +1 -0
- package/dist/src/analyzers/vulnerability/osv-analyzer.d.ts +9 -0
- package/dist/src/analyzers/vulnerability/osv-analyzer.js +94 -0
- package/dist/src/analyzers/vulnerability/osv-analyzer.js.map +1 -0
- package/dist/src/analyzers/vulnerability/severity.d.ts +3 -0
- package/dist/src/analyzers/vulnerability/severity.js +13 -0
- package/dist/src/analyzers/vulnerability/severity.js.map +1 -0
- package/dist/src/application/analyzer-runner.d.ts +12 -0
- package/dist/src/application/analyzer-runner.js +45 -0
- package/dist/src/application/analyzer-runner.js.map +1 -0
- package/dist/src/commands/alternatives.d.ts +2 -0
- package/dist/src/commands/alternatives.js +17 -0
- package/dist/src/commands/alternatives.js.map +1 -0
- package/dist/src/commands/announce.d.ts +2 -0
- package/dist/src/commands/announce.js +27 -0
- package/dist/src/commands/announce.js.map +1 -0
- package/dist/src/commands/ast-scan.d.ts +2 -0
- package/dist/src/commands/ast-scan.js +86 -0
- package/dist/src/commands/ast-scan.js.map +1 -0
- package/dist/src/commands/audit-repo.d.ts +2 -0
- package/dist/src/commands/audit-repo.js +20 -0
- package/dist/src/commands/audit-repo.js.map +1 -0
- package/dist/src/commands/compare.d.ts +2 -0
- package/dist/src/commands/compare.js +19 -0
- package/dist/src/commands/compare.js.map +1 -0
- package/dist/src/commands/config.d.ts +2 -0
- package/dist/src/commands/config.js +69 -0
- package/dist/src/commands/config.js.map +1 -0
- package/dist/src/commands/dependency-confusion.d.ts +2 -0
- package/dist/src/commands/dependency-confusion.js +37 -0
- package/dist/src/commands/dependency-confusion.js.map +1 -0
- package/dist/src/commands/diff.d.ts +2 -0
- package/dist/src/commands/diff.js +24 -0
- package/dist/src/commands/diff.js.map +1 -0
- package/dist/src/commands/docker-scan.d.ts +2 -0
- package/dist/src/commands/docker-scan.js +34 -0
- package/dist/src/commands/docker-scan.js.map +1 -0
- package/dist/src/commands/doctor.d.ts +2 -0
- package/dist/src/commands/doctor.js +42 -0
- package/dist/src/commands/doctor.js.map +1 -0
- package/dist/src/commands/git-audit.d.ts +2 -0
- package/dist/src/commands/git-audit.js +37 -0
- package/dist/src/commands/git-audit.js.map +1 -0
- package/dist/src/commands/git-history.d.ts +2 -0
- package/dist/src/commands/git-history.js +40 -0
- package/dist/src/commands/git-history.js.map +1 -0
- package/dist/src/commands/history.d.ts +2 -0
- package/dist/src/commands/history.js +69 -0
- package/dist/src/commands/history.js.map +1 -0
- package/dist/src/commands/hook.d.ts +2 -0
- package/dist/src/commands/hook.js +16 -0
- package/dist/src/commands/hook.js.map +1 -0
- package/dist/src/commands/inspect.d.ts +2 -0
- package/dist/src/commands/inspect.js +24 -0
- package/dist/src/commands/inspect.js.map +1 -0
- package/dist/src/commands/install-scripts.d.ts +2 -0
- package/dist/src/commands/install-scripts.js +52 -0
- package/dist/src/commands/install-scripts.js.map +1 -0
- package/dist/src/commands/learn.d.ts +2 -0
- package/dist/src/commands/learn.js +42 -0
- package/dist/src/commands/learn.js.map +1 -0
- package/dist/src/commands/licenses.d.ts +2 -0
- package/dist/src/commands/licenses.js +40 -0
- package/dist/src/commands/licenses.js.map +1 -0
- package/dist/src/commands/mcp.d.ts +2 -0
- package/dist/src/commands/mcp.js +10 -0
- package/dist/src/commands/mcp.js.map +1 -0
- package/dist/src/commands/monorepo.d.ts +2 -0
- package/dist/src/commands/monorepo.js +21 -0
- package/dist/src/commands/monorepo.js.map +1 -0
- package/dist/src/commands/package-health.d.ts +2 -0
- package/dist/src/commands/package-health.js +50 -0
- package/dist/src/commands/package-health.js.map +1 -0
- package/dist/src/commands/pre-commit.d.ts +2 -0
- package/dist/src/commands/pre-commit.js +37 -0
- package/dist/src/commands/pre-commit.js.map +1 -0
- package/dist/src/commands/profile.d.ts +2 -0
- package/dist/src/commands/profile.js +18 -0
- package/dist/src/commands/profile.js.map +1 -0
- package/dist/src/commands/publish.d.ts +2 -0
- package/dist/src/commands/publish.js +25 -0
- package/dist/src/commands/publish.js.map +1 -0
- package/dist/src/commands/reachability.d.ts +2 -0
- package/dist/src/commands/reachability.js +47 -0
- package/dist/src/commands/reachability.js.map +1 -0
- package/dist/src/commands/sbom.d.ts +2 -0
- package/dist/src/commands/sbom.js +33 -0
- package/dist/src/commands/sbom.js.map +1 -0
- package/dist/src/commands/scan.d.ts +2 -0
- package/dist/src/commands/scan.js +48 -0
- package/dist/src/commands/scan.js.map +1 -0
- package/dist/src/commands/score.d.ts +2 -0
- package/dist/src/commands/score.js +24 -0
- package/dist/src/commands/score.js.map +1 -0
- package/dist/src/commands/self-test.d.ts +2 -0
- package/dist/src/commands/self-test.js +63 -0
- package/dist/src/commands/self-test.js.map +1 -0
- package/dist/src/commands/tree.d.ts +2 -0
- package/dist/src/commands/tree.js +21 -0
- package/dist/src/commands/tree.js.map +1 -0
- package/dist/src/commands/upgrade-pr.d.ts +2 -0
- package/dist/src/commands/upgrade-pr.js +15 -0
- package/dist/src/commands/upgrade-pr.js.map +1 -0
- package/dist/src/commands/vault.d.ts +2 -0
- package/dist/src/commands/vault.js +86 -0
- package/dist/src/commands/vault.js.map +1 -0
- package/dist/src/commands/vulnerabilities.d.ts +2 -0
- package/dist/src/commands/vulnerabilities.js +42 -0
- package/dist/src/commands/vulnerabilities.js.map +1 -0
- package/dist/src/commands/watch.d.ts +2 -0
- package/dist/src/commands/watch.js +34 -0
- package/dist/src/commands/watch.js.map +1 -0
- package/dist/src/config/version.d.ts +6 -0
- package/dist/src/config/version.js +29 -0
- package/dist/src/config/version.js.map +1 -0
- package/dist/src/contracts/analyzer.d.ts +23 -0
- package/dist/src/contracts/analyzer.js +2 -0
- package/dist/src/contracts/analyzer.js.map +1 -0
- package/dist/src/contracts/finding.d.ts +35 -0
- package/dist/src/contracts/finding.js +13 -0
- package/dist/src/contracts/finding.js.map +1 -0
- package/dist/src/contracts/report.d.ts +30 -0
- package/dist/src/contracts/report.js +2 -0
- package/dist/src/contracts/report.js.map +1 -0
- package/dist/src/contracts/rule.d.ts +12 -0
- package/dist/src/contracts/rule.js +7 -0
- package/dist/src/contracts/rule.js.map +1 -0
- package/dist/src/core/alternatives.d.ts +8 -0
- package/dist/src/core/alternatives.js +35 -0
- package/dist/src/core/alternatives.js.map +1 -0
- package/dist/src/core/analyze-package.d.ts +2 -0
- package/dist/src/core/analyze-package.js +49 -0
- package/dist/src/core/analyze-package.js.map +1 -0
- package/dist/src/core/announce/generate.d.ts +9 -0
- package/dist/src/core/announce/generate.js +19 -0
- package/dist/src/core/announce/generate.js.map +1 -0
- package/dist/src/core/compare-packages.d.ts +7 -0
- package/dist/src/core/compare-packages.js +19 -0
- package/dist/src/core/compare-packages.js.map +1 -0
- package/dist/src/core/config/load.d.ts +3 -0
- package/dist/src/core/config/load.js +21 -0
- package/dist/src/core/config/load.js.map +1 -0
- package/dist/src/core/config/policy.d.ts +3 -0
- package/dist/src/core/config/policy.js +48 -0
- package/dist/src/core/config/policy.js.map +1 -0
- package/dist/src/core/config/schema.d.ts +172 -0
- package/dist/src/core/config/schema.js +84 -0
- package/dist/src/core/config/schema.js.map +1 -0
- package/dist/src/core/dependencies/inventory.d.ts +9 -0
- package/dist/src/core/dependencies/inventory.js +43 -0
- package/dist/src/core/dependencies/inventory.js.map +1 -0
- package/dist/src/core/dependency-scan.d.ts +17 -0
- package/dist/src/core/dependency-scan.js +70 -0
- package/dist/src/core/dependency-scan.js.map +1 -0
- package/dist/src/core/dependency-tree.d.ts +16 -0
- package/dist/src/core/dependency-tree.js +19 -0
- package/dist/src/core/dependency-tree.js.map +1 -0
- package/dist/src/core/dependency-types.d.ts +17 -0
- package/dist/src/core/dependency-types.js +2 -0
- package/dist/src/core/dependency-types.js.map +1 -0
- package/dist/src/core/diff/security-diff.d.ts +10 -0
- package/dist/src/core/diff/security-diff.js +20 -0
- package/dist/src/core/diff/security-diff.js.map +1 -0
- package/dist/src/core/file-walker.d.ts +6 -0
- package/dist/src/core/file-walker.js +27 -0
- package/dist/src/core/file-walker.js.map +1 -0
- package/dist/src/core/git-audit.d.ts +12 -0
- package/dist/src/core/git-audit.js +111 -0
- package/dist/src/core/git-audit.js.map +1 -0
- package/dist/src/core/github/remote-audit.d.ts +5 -0
- package/dist/src/core/github/remote-audit.js +28 -0
- package/dist/src/core/github/remote-audit.js.map +1 -0
- package/dist/src/core/github/upgrade-pr.d.ts +4 -0
- package/dist/src/core/github/upgrade-pr.js +41 -0
- package/dist/src/core/github/upgrade-pr.js.map +1 -0
- package/dist/src/core/history/git-metadata.d.ts +5 -0
- package/dist/src/core/history/git-metadata.js +37 -0
- package/dist/src/core/history/git-metadata.js.map +1 -0
- package/dist/src/core/history/store.d.ts +5 -0
- package/dist/src/core/history/store.js +65 -0
- package/dist/src/core/history/store.js.map +1 -0
- package/dist/src/core/history/types.d.ts +27 -0
- package/dist/src/core/history/types.js +2 -0
- package/dist/src/core/history/types.js.map +1 -0
- package/dist/src/core/hooks.d.ts +1 -0
- package/dist/src/core/hooks.js +14 -0
- package/dist/src/core/hooks.js.map +1 -0
- package/dist/src/core/learn.d.ts +11 -0
- package/dist/src/core/learn.js +163 -0
- package/dist/src/core/learn.js.map +1 -0
- package/dist/src/core/license-analysis.d.ts +18 -0
- package/dist/src/core/license-analysis.js +98 -0
- package/dist/src/core/license-analysis.js.map +1 -0
- package/dist/src/core/load-toolip-ignore.d.ts +5 -0
- package/dist/src/core/load-toolip-ignore.js +35 -0
- package/dist/src/core/load-toolip-ignore.js.map +1 -0
- package/dist/src/core/monorepo/discover.d.ts +7 -0
- package/dist/src/core/monorepo/discover.js +49 -0
- package/dist/src/core/monorepo/discover.js.map +1 -0
- package/dist/src/core/npm-registry.d.ts +3 -0
- package/dist/src/core/npm-registry.js +5 -0
- package/dist/src/core/npm-registry.js.map +1 -0
- package/dist/src/core/pre-commit.d.ts +11 -0
- package/dist/src/core/pre-commit.js +22 -0
- package/dist/src/core/pre-commit.js.map +1 -0
- package/dist/src/core/profile-project.d.ts +23 -0
- package/dist/src/core/profile-project.js +119 -0
- package/dist/src/core/profile-project.js.map +1 -0
- package/dist/src/core/publish/html.d.ts +6 -0
- package/dist/src/core/publish/html.js +44 -0
- package/dist/src/core/publish/html.js.map +1 -0
- package/dist/src/core/read-dependencies.d.ts +2 -0
- package/dist/src/core/read-dependencies.js +24 -0
- package/dist/src/core/read-dependencies.js.map +1 -0
- package/dist/src/core/report-writer.d.ts +5 -0
- package/dist/src/core/report-writer.js +61 -0
- package/dist/src/core/report-writer.js.map +1 -0
- package/dist/src/core/report.d.ts +34 -0
- package/dist/src/core/report.js +26 -0
- package/dist/src/core/report.js.map +1 -0
- package/dist/src/core/risk-score.d.ts +5 -0
- package/dist/src/core/risk-score.js +14 -0
- package/dist/src/core/risk-score.js.map +1 -0
- package/dist/src/core/sbom/generate.d.ts +2 -0
- package/dist/src/core/sbom/generate.js +120 -0
- package/dist/src/core/sbom/generate.js.map +1 -0
- package/dist/src/core/scanner-context.d.ts +12 -0
- package/dist/src/core/scanner-context.js +27 -0
- package/dist/src/core/scanner-context.js.map +1 -0
- package/dist/src/core/score.d.ts +13 -0
- package/dist/src/core/score.js +44 -0
- package/dist/src/core/score.js.map +1 -0
- package/dist/src/core/security-doctor.d.ts +12 -0
- package/dist/src/core/security-doctor.js +158 -0
- package/dist/src/core/security-doctor.js.map +1 -0
- package/dist/src/core/security-patterns.d.ts +14 -0
- package/dist/src/core/security-patterns.js +139 -0
- package/dist/src/core/security-patterns.js.map +1 -0
- package/dist/src/core/typosquat.d.ts +6 -0
- package/dist/src/core/typosquat.js +50 -0
- package/dist/src/core/typosquat.js.map +1 -0
- package/dist/src/core/vault.d.ts +48 -0
- package/dist/src/core/vault.js +127 -0
- package/dist/src/core/vault.js.map +1 -0
- package/dist/src/core/watch/watch.d.ts +5 -0
- package/dist/src/core/watch/watch.js +49 -0
- package/dist/src/core/watch/watch.js.map +1 -0
- package/dist/src/errors/toolip-error.d.ts +8 -0
- package/dist/src/errors/toolip-error.js +11 -0
- package/dist/src/errors/toolip-error.js.map +1 -0
- package/dist/src/index.d.ts +2 -0
- package/dist/src/index.js +89 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/mcp/server.d.ts +1 -0
- package/dist/src/mcp/server.js +64 -0
- package/dist/src/mcp/server.js.map +1 -0
- package/dist/src/providers/depsdev/client.d.ts +71 -0
- package/dist/src/providers/depsdev/client.js +44 -0
- package/dist/src/providers/depsdev/client.js.map +1 -0
- package/dist/src/providers/osv/client.d.ts +15 -0
- package/dist/src/providers/osv/client.js +51 -0
- package/dist/src/providers/osv/client.js.map +1 -0
- package/dist/src/providers/osv/types.d.ts +38 -0
- package/dist/src/providers/osv/types.js +2 -0
- package/dist/src/providers/osv/types.js.map +1 -0
- package/dist/src/storage/memory-cache.d.ts +7 -0
- package/dist/src/storage/memory-cache.js +25 -0
- package/dist/src/storage/memory-cache.js.map +1 -0
- package/dist/src/utils/error-handler.d.ts +1 -0
- package/dist/src/utils/error-handler.js +24 -0
- package/dist/src/utils/error-handler.js.map +1 -0
- package/dist/src/utils/output.d.ts +6 -0
- package/dist/src/utils/output.js +72 -0
- package/dist/src/utils/output.js.map +1 -0
- package/dist/src/utils/package-output.d.ts +4 -0
- package/dist/src/utils/package-output.js +40 -0
- package/dist/src/utils/package-output.js.map +1 -0
- package/package.json +13 -8
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { profileProject } from '../core/profile-project.js';
|
|
2
|
+
import { printProfile } from '../utils/output.js';
|
|
3
|
+
export function registerProfileCommand(program) {
|
|
4
|
+
program
|
|
5
|
+
.command('profile')
|
|
6
|
+
.description('Fingerprint the current project and detect frameworks, languages, and tooling.')
|
|
7
|
+
.option('-p, --path <path>', 'Project path to inspect.', process.cwd())
|
|
8
|
+
.option('--json', 'Print profile as JSON.')
|
|
9
|
+
.action(async (options) => {
|
|
10
|
+
const profile = await profileProject(options.path);
|
|
11
|
+
if (options.json) {
|
|
12
|
+
console.log(JSON.stringify(profile, null, 2));
|
|
13
|
+
return;
|
|
14
|
+
}
|
|
15
|
+
printProfile(profile);
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=profile.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profile.js","sourceRoot":"","sources":["../../../src/commands/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,gFAAgF,CAAC;SAC7F,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;SAC1C,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { mkdir, writeFile } from 'node:fs/promises';
|
|
2
|
+
import path from 'node:path';
|
|
3
|
+
import { runSecurityDoctor } from '../core/security-doctor.js';
|
|
4
|
+
import { renderHtmlReport } from '../core/publish/html.js';
|
|
5
|
+
export function registerPublishCommand(program) {
|
|
6
|
+
program
|
|
7
|
+
.command('publish')
|
|
8
|
+
.description('Generate a static HTML security report.')
|
|
9
|
+
.option('-p, --path <path>', 'Project path.', process.cwd())
|
|
10
|
+
.option('-o, --output <directory>', 'Output directory.', '.toolip-report')
|
|
11
|
+
.action(async (options) => {
|
|
12
|
+
const report = await runSecurityDoctor(options.path);
|
|
13
|
+
const directory = path.resolve(options.path, options.output);
|
|
14
|
+
await mkdir(directory, { recursive: true });
|
|
15
|
+
const html = renderHtmlReport({
|
|
16
|
+
project: path.basename(path.resolve(options.path)),
|
|
17
|
+
generatedAt: new Date().toISOString(),
|
|
18
|
+
findings: report.findings
|
|
19
|
+
});
|
|
20
|
+
await writeFile(path.join(directory, 'index.html'), html, 'utf8');
|
|
21
|
+
console.log(`Static report written to ${path.join(directory, 'index.html')}`);
|
|
22
|
+
console.log('Deploy this directory to GitHub Pages only after reviewing it for private data.');
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=publish.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"publish.js","sourceRoot":"","sources":["../../../src/commands/publish.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,yCAAyC,CAAC;SACtD,MAAM,CAAC,mBAAmB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC3D,MAAM,CAAC,0BAA0B,EAAE,mBAAmB,EAAE,gBAAgB,CAAC;SACzE,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7D,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5C,MAAM,IAAI,GAAG,gBAAgB,CAAC;YAC5B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAClD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;QAEH,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { AnalyzerRunner } from '../application/analyzer-runner.js';
|
|
2
|
+
import { ReachabilityAnalyzer } from '../analyzers/reachability/reachability-analyzer.js';
|
|
3
|
+
export function registerReachabilityCommand(program) {
|
|
4
|
+
program
|
|
5
|
+
.command('reachability')
|
|
6
|
+
.description('Show which npm packages are observed in JavaScript and TypeScript source imports.')
|
|
7
|
+
.option('-p, --path <path>', 'Project path to inspect.', process.cwd())
|
|
8
|
+
.option('--json', 'Print structured JSON output.')
|
|
9
|
+
.option('--include-dev', 'Include development dependencies.')
|
|
10
|
+
.action(async (options) => {
|
|
11
|
+
const runner = new AnalyzerRunner({
|
|
12
|
+
concurrency: 1,
|
|
13
|
+
timeoutMs: 60_000
|
|
14
|
+
});
|
|
15
|
+
const [result] = await runner.run([new ReachabilityAnalyzer()], {
|
|
16
|
+
root: options.path
|
|
17
|
+
});
|
|
18
|
+
if (!result) {
|
|
19
|
+
throw new Error('The reachability analyzer returned no result.');
|
|
20
|
+
}
|
|
21
|
+
const allPackages = (result.metadata?.packages ??
|
|
22
|
+
[]);
|
|
23
|
+
const packages = options.includeDev
|
|
24
|
+
? allPackages
|
|
25
|
+
: allPackages.filter((item) => !item.development);
|
|
26
|
+
if (options.json) {
|
|
27
|
+
console.log(JSON.stringify({
|
|
28
|
+
analyzer: result.analyzer,
|
|
29
|
+
durationMs: result.durationMs,
|
|
30
|
+
packages
|
|
31
|
+
}, null, 2));
|
|
32
|
+
return;
|
|
33
|
+
}
|
|
34
|
+
console.log('Toolip Package Reachability');
|
|
35
|
+
console.log('');
|
|
36
|
+
for (const item of packages) {
|
|
37
|
+
console.log(`${item.state.padEnd(18)} ${item.packageName}`);
|
|
38
|
+
for (const reference of item.references.slice(0, 5)) {
|
|
39
|
+
console.log(` ${reference.file}:${reference.line}:` +
|
|
40
|
+
`${reference.column} (${reference.kind})`);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
console.log('');
|
|
44
|
+
console.log('Reachability is static evidence, not proof that exploitation is impossible.');
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=reachability.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"reachability.js","sourceRoot":"","sources":["../../../src/commands/reachability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EACL,oBAAoB,EAErB,MAAM,oDAAoD,CAAC;AAQ5D,MAAM,UAAU,2BAA2B,CACzC,OAAgB;IAEhB,OAAO;SACJ,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CACV,mFAAmF,CACpF;SACA,MAAM,CACL,mBAAmB,EACnB,0BAA0B,EAC1B,OAAO,CAAC,GAAG,EAAE,CACd;SACA,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;SACjD,MAAM,CACL,eAAe,EACf,mCAAmC,CACpC;SACA,MAAM,CAAC,KAAK,EAAE,OAA4B,EAAE,EAAE;QAC7C,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;YAChC,WAAW,EAAE,CAAC;YACd,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,CAAC,IAAI,oBAAoB,EAAE,CAAC,EAC5B;YACE,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,+CAA+C,CAChD,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GACf,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ;YACxB,EAAE,CAA0B,CAAC;QAEjC,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU;YACjC,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,WAAW,CAAC,MAAM,CAChB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAC5B,CAAC;QAEN,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;gBACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ;aACT,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CACT,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAC/C,CAAC;YAEF,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAC3C,CAAC,EACD,CAAC,CACF,EAAE,CAAC;gBACF,OAAO,CAAC,GAAG,CACT,KAAK,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,GAAG;oBACtC,GAAG,SAAS,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,GAAG,CAC5C,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CACT,6EAA6E,CAC9E,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { mkdir, writeFile } from 'node:fs/promises';
|
|
2
|
+
import path from 'node:path';
|
|
3
|
+
import { generateSbom } from '../core/sbom/generate.js';
|
|
4
|
+
function assertFormat(value) {
|
|
5
|
+
if (value !== 'cyclonedx' &&
|
|
6
|
+
value !== 'spdx') {
|
|
7
|
+
throw new Error('SBOM format must be cyclonedx or spdx.');
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
export function registerSbomCommand(program) {
|
|
11
|
+
program
|
|
12
|
+
.command('sbom')
|
|
13
|
+
.description('Generate a CycloneDX 1.5 or SPDX 2.3 software bill of materials.')
|
|
14
|
+
.option('-p, --path <path>', 'Project path to inspect.', process.cwd())
|
|
15
|
+
.option('-f, --format <format>', 'cyclonedx or spdx.', 'cyclonedx')
|
|
16
|
+
.option('-o, --output <file>', 'Write JSON to a file instead of stdout.')
|
|
17
|
+
.action(async (options) => {
|
|
18
|
+
assertFormat(options.format);
|
|
19
|
+
const document = await generateSbom(options.path, options.format);
|
|
20
|
+
const output = `${JSON.stringify(document, null, 2)}\n`;
|
|
21
|
+
if (!options.output) {
|
|
22
|
+
process.stdout.write(output);
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
const outputPath = path.resolve(options.path, options.output);
|
|
26
|
+
await mkdir(path.dirname(outputPath), {
|
|
27
|
+
recursive: true
|
|
28
|
+
});
|
|
29
|
+
await writeFile(outputPath, output, 'utf8');
|
|
30
|
+
console.log(`SBOM written to ${outputPath}`);
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=sbom.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sbom.js","sourceRoot":"","sources":["../../../src/commands/sbom.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,SAAS,EACV,MAAM,kBAAkB,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EACL,YAAY,EAEb,MAAM,0BAA0B,CAAC;AAQlC,SAAS,YAAY,CACnB,KAAa;IAEb,IACE,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,MAAM,EAChB,CAAC;QACD,MAAM,IAAI,KAAK,CACb,wCAAwC,CACzC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAgB;IAEhB,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CACV,kEAAkE,CACnE;SACA,MAAM,CACL,mBAAmB,EACnB,0BAA0B,EAC1B,OAAO,CAAC,GAAG,EAAE,CACd;SACA,MAAM,CACL,uBAAuB,EACvB,oBAAoB,EACpB,WAAW,CACZ;SACA,MAAM,CACL,qBAAqB,EACrB,yCAAyC,CAC1C;SACA,MAAM,CAAC,KAAK,EAAE,OAAoB,EAAE,EAAE;QACrC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE7B,MAAM,QAAQ,GAAG,MAAM,YAAY,CACjC,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;QAEF,MAAM,MAAM,GACV,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QAE3C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7B,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAC7B,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,MAAM,CACf,CAAC;QAEF,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YACpC,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QAEH,MAAM,SAAS,CACb,UAAU,EACV,MAAM,EACN,MAAM,CACP,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,mBAAmB,UAAU,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { createScannerContext } from '../core/scanner-context.js';
|
|
3
|
+
import { createReport } from '../core/report.js';
|
|
4
|
+
import { writeReport } from '../core/report-writer.js';
|
|
5
|
+
import { scanDependencies } from '../core/dependency-scan.js';
|
|
6
|
+
import { calculateDependencyHealth, calculateScore } from '../core/score.js';
|
|
7
|
+
import { TOOLIP_VERSION } from '../config/version.js';
|
|
8
|
+
import { printReportSummary, printScannerContext } from '../utils/output.js';
|
|
9
|
+
export function registerScanCommand(program) {
|
|
10
|
+
program
|
|
11
|
+
.command('scan')
|
|
12
|
+
.description('Scan project dependencies and security hygiene indicators.')
|
|
13
|
+
.option('-p, --path <path>', 'Project path to scan.', process.cwd())
|
|
14
|
+
.option('-o, --output <file>', 'Write scan report to JSON or Markdown.')
|
|
15
|
+
.action(async (options) => {
|
|
16
|
+
console.log(chalk.bold('Toolip Scan'));
|
|
17
|
+
console.log('');
|
|
18
|
+
const context = await createScannerContext(options.path);
|
|
19
|
+
printScannerContext(context);
|
|
20
|
+
const dependencyScan = await scanDependencies(context.root);
|
|
21
|
+
const dependencyHealth = calculateDependencyHealth(dependencyScan.findings);
|
|
22
|
+
const score = calculateScore({ dependencyHealth });
|
|
23
|
+
const report = createReport({
|
|
24
|
+
version: TOOLIP_VERSION,
|
|
25
|
+
command: 'scan',
|
|
26
|
+
root: context.root,
|
|
27
|
+
findings: dependencyScan.findings
|
|
28
|
+
});
|
|
29
|
+
console.log('');
|
|
30
|
+
console.log(chalk.bold('Dependency Intelligence'));
|
|
31
|
+
console.log(`${chalk.dim('Total Dependencies:')} ${dependencyScan.summary.totalDependencies}`);
|
|
32
|
+
console.log(`${chalk.dim('Outdated:')} ${dependencyScan.summary.outdated}`);
|
|
33
|
+
console.log(`${chalk.dim('Deprecated:')} ${dependencyScan.summary.deprecated}`);
|
|
34
|
+
console.log(`${chalk.dim('High Risk:')} ${dependencyScan.summary.highRisk}`);
|
|
35
|
+
console.log(`${chalk.dim('Medium Risk:')} ${dependencyScan.summary.mediumRisk}`);
|
|
36
|
+
console.log(`${chalk.dim('Average Risk:')} ${dependencyScan.summary.averageRiskScore}`);
|
|
37
|
+
console.log(`${chalk.dim('Dependency Health:')} ${dependencyHealth}`);
|
|
38
|
+
console.log(`${chalk.dim('Overall Grade:')} ${score.grade}`);
|
|
39
|
+
console.log('');
|
|
40
|
+
printReportSummary(report);
|
|
41
|
+
if (options.output) {
|
|
42
|
+
await writeReport(options.output, report);
|
|
43
|
+
console.log('');
|
|
44
|
+
console.log(`${chalk.green('✓')} Report written to ${options.output}`);
|
|
45
|
+
}
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=scan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/commands/scan.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE7E,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACnE,MAAM,CAAC,qBAAqB,EAAE,wCAAwC,CAAC;SACvE,MAAM,CAAC,KAAK,EAAE,OAA0C,EAAE,EAAE;QAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEnD,MAAM,MAAM,GAAG,YAAY,CAAC;YAC1B,OAAO,EAAE,cAAc;YACvB,OAAO,EAAE,MAAM;YACf,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACjF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACxF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gBAAgB,EAAE,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAE7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAE3B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { scanDependencies } from '../core/dependency-scan.js';
|
|
3
|
+
import { calculateDependencyHealth, calculateScore } from '../core/score.js';
|
|
4
|
+
export function registerScoreCommand(program) {
|
|
5
|
+
program
|
|
6
|
+
.command('score')
|
|
7
|
+
.description('Calculate a Toolip security scorecard for the current project.')
|
|
8
|
+
.option('-p, --path <path>', 'Project path to score.', process.cwd())
|
|
9
|
+
.action(async (options) => {
|
|
10
|
+
const dependencyScan = await scanDependencies(options.path);
|
|
11
|
+
const dependencyHealth = calculateDependencyHealth(dependencyScan.findings);
|
|
12
|
+
const score = calculateScore({ dependencyHealth });
|
|
13
|
+
console.log(chalk.bold('Toolip Security Scorecard'));
|
|
14
|
+
console.log('');
|
|
15
|
+
console.log(`${chalk.dim('Dependency Health ....')} ${score.dependencyHealth}`);
|
|
16
|
+
console.log(`${chalk.dim('Secret Hygiene .......')} ${score.secretHygiene}`);
|
|
17
|
+
console.log(`${chalk.dim('Configuration ........')} ${score.configurationSecurity}`);
|
|
18
|
+
console.log(`${chalk.dim('Git Safety ...........')} ${score.gitSafety}`);
|
|
19
|
+
console.log('');
|
|
20
|
+
console.log(`${chalk.dim('Overall Score ........')} ${score.overall}`);
|
|
21
|
+
console.log(`${chalk.dim('Grade ................')} ${score.grade}`);
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=score.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"score.js","sourceRoot":"","sources":["../../../src/commands/score.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAE7E,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,gEAAgE,CAAC;SAC7E,MAAM,CAAC,mBAAmB,EAAE,wBAAwB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACpE,MAAM,CAAC,KAAK,EAAE,OAAyB,EAAE,EAAE;QAC1C,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { access } from 'node:fs/promises';
|
|
3
|
+
import path from 'node:path';
|
|
4
|
+
import { TOOLIP_VERSION } from '../config/version.js';
|
|
5
|
+
async function canAccess(filePath) {
|
|
6
|
+
try {
|
|
7
|
+
await access(filePath);
|
|
8
|
+
return true;
|
|
9
|
+
}
|
|
10
|
+
catch {
|
|
11
|
+
return false;
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
export function registerSelfTestCommand(program) {
|
|
15
|
+
program
|
|
16
|
+
.command('self-test')
|
|
17
|
+
.description('Run Toolip internal diagnostics.')
|
|
18
|
+
.action(async () => {
|
|
19
|
+
const checks = [
|
|
20
|
+
{
|
|
21
|
+
label: 'CLI Loaded',
|
|
22
|
+
passed: true
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
label: 'Command Router Ready',
|
|
26
|
+
passed: true
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
label: 'Package Manifest Found',
|
|
30
|
+
passed: await canAccess(path.join(process.cwd(), 'package.json'))
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
label: 'Scanner Foundation Ready',
|
|
34
|
+
passed: true
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
label: 'Report Engine Ready',
|
|
38
|
+
passed: true
|
|
39
|
+
}
|
|
40
|
+
];
|
|
41
|
+
console.log(chalk.bold('Toolip Self-Test'));
|
|
42
|
+
console.log(chalk.dim(`Version: ${TOOLIP_VERSION}`));
|
|
43
|
+
console.log('');
|
|
44
|
+
let failed = 0;
|
|
45
|
+
for (const check of checks) {
|
|
46
|
+
if (check.passed) {
|
|
47
|
+
console.log(`${chalk.green('✓')} ${check.label}`);
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
failed += 1;
|
|
51
|
+
console.log(`${chalk.red('✖')} ${check.label}`);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
console.log('');
|
|
55
|
+
if (failed > 0) {
|
|
56
|
+
console.log(chalk.red(`Toolip found ${failed} failed diagnostic check(s).`));
|
|
57
|
+
process.exitCode = 1;
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
console.log(chalk.green('Toolip is healthy.'));
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
//# sourceMappingURL=self-test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"self-test.js","sourceRoot":"","sources":["../../../src/commands/self-test.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,OAAO;SACJ,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,kCAAkC,CAAC;SAC/C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,MAAM,GAAG;YACb;gBACE,KAAK,EAAE,YAAY;gBACnB,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,sBAAsB;gBAC7B,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,wBAAwB;gBAC/B,MAAM,EAAE,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;aAClE;YACD;gBACE,KAAK,EAAE,0BAA0B;gBACjC,MAAM,EAAE,IAAI;aACb;YACD;gBACE,KAAK,EAAE,qBAAqB;gBAC5B,MAAM,EAAE,IAAI;aACb;SACF,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,cAAc,EAAE,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,CAAC,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,MAAM,8BAA8B,CAAC,CAAC,CAAC;YAC7E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { buildDependencyTree } from '../core/dependency-tree.js';
|
|
3
|
+
export function registerTreeCommand(program) {
|
|
4
|
+
program
|
|
5
|
+
.command('tree')
|
|
6
|
+
.description('Display a dependency tree summary.')
|
|
7
|
+
.option('-p, --path <path>', 'Project path to analyze.', process.cwd())
|
|
8
|
+
.action(async (options) => {
|
|
9
|
+
const tree = await buildDependencyTree(options.path);
|
|
10
|
+
console.log(chalk.bold('Toolip Dependency Tree'));
|
|
11
|
+
console.log('');
|
|
12
|
+
console.log(`${chalk.dim('Direct Dependencies:')} ${tree.summary.direct}`);
|
|
13
|
+
console.log(`${chalk.dim('Transitive Dependencies:')} ${tree.summary.transitive}`);
|
|
14
|
+
console.log(`${chalk.dim('Max Depth:')} ${tree.summary.maxDepth}`);
|
|
15
|
+
console.log('');
|
|
16
|
+
for (const dependency of tree.dependencies) {
|
|
17
|
+
console.log(`${chalk.green('├─')} ${dependency.name}@${dependency.version} ${chalk.dim(`(${dependency.type})`)}`);
|
|
18
|
+
}
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=tree.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tree.js","sourceRoot":"","sources":["../../../src/commands/tree.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,oCAAoC,CAAC;SACjD,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,OAAyB,EAAE,EAAE;QAC1C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAErD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,0BAA0B,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QACpH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { createUpgradePullRequest } from '../core/github/upgrade-pr.js';
|
|
2
|
+
export function registerUpgradePrCommand(program) {
|
|
3
|
+
program
|
|
4
|
+
.command('upgrade-pr <package> <version>')
|
|
5
|
+
.description('Create a tested dependency-upgrade pull request through gh.')
|
|
6
|
+
.option('-p, --path <path>', 'Repository path.', process.cwd())
|
|
7
|
+
.option('--dry-run', 'Validate the request without changing Git.')
|
|
8
|
+
.action(async (packageName, version, options) => {
|
|
9
|
+
const result = await createUpgradePullRequest(options.path, packageName, version, Boolean(options.dryRun));
|
|
10
|
+
console.log(options.dryRun
|
|
11
|
+
? `Dry run passed. Proposed branch: ${result.branch}`
|
|
12
|
+
: `Pull request created from ${result.branch}`);
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=upgrade-pr.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"upgrade-pr.js","sourceRoot":"","sources":["../../../src/commands/upgrade-pr.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AAExE,MAAM,UAAU,wBAAwB,CAAC,OAAgB;IACvD,OAAO;SACJ,OAAO,CAAC,gCAAgC,CAAC;SACzC,WAAW,CAAC,6DAA6D,CAAC;SAC1E,MAAM,CAAC,mBAAmB,EAAE,kBAAkB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC9D,MAAM,CAAC,WAAW,EAAE,4CAA4C,CAAC;SACjE,MAAM,CAAC,KAAK,EACX,WAAmB,EACnB,OAAe,EACf,OAA2C,EAC3C,EAAE;QACF,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,OAAO,CAAC,IAAI,EACZ,WAAW,EACX,OAAO,EACP,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CACxB,CAAC;QAEF,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,MAAM;YACZ,CAAC,CAAC,oCAAoC,MAAM,CAAC,MAAM,EAAE;YACrD,CAAC,CAAC,6BAA6B,MAAM,CAAC,MAAM,EAAE,CACjD,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import chalk from 'chalk';
|
|
2
|
+
import { deleteSecret, exportEnv, getSecret, initVault, listSecrets, setSecret } from '../core/vault.js';
|
|
3
|
+
export function registerVaultCommand(program) {
|
|
4
|
+
const vault = program
|
|
5
|
+
.command('vault')
|
|
6
|
+
.description('Manage encrypted local secrets with Toolip Vault.');
|
|
7
|
+
vault
|
|
8
|
+
.command('init')
|
|
9
|
+
.description('Initialize an encrypted local vault.')
|
|
10
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
11
|
+
.action(async (options) => {
|
|
12
|
+
await initVault(options.password);
|
|
13
|
+
console.log(`${chalk.green('✓')} Toolip Vault initialized.`);
|
|
14
|
+
});
|
|
15
|
+
vault
|
|
16
|
+
.command('set <key> <value>')
|
|
17
|
+
.description('Store or update a secret.')
|
|
18
|
+
.option('--env <env>', 'Secret environment.', 'development')
|
|
19
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
20
|
+
.action(async (key, value, options) => {
|
|
21
|
+
await setSecret({
|
|
22
|
+
key,
|
|
23
|
+
value,
|
|
24
|
+
env: options.env,
|
|
25
|
+
masterPassword: options.password
|
|
26
|
+
});
|
|
27
|
+
console.log(`${chalk.green('✓')} Stored ${key} for ${options.env}.`);
|
|
28
|
+
});
|
|
29
|
+
vault
|
|
30
|
+
.command('get <key>')
|
|
31
|
+
.description('Retrieve a secret value.')
|
|
32
|
+
.option('--env <env>', 'Secret environment.', 'development')
|
|
33
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
34
|
+
.action(async (key, options) => {
|
|
35
|
+
const secret = await getSecret({
|
|
36
|
+
key,
|
|
37
|
+
env: options.env,
|
|
38
|
+
masterPassword: options.password
|
|
39
|
+
});
|
|
40
|
+
console.log(secret.value);
|
|
41
|
+
});
|
|
42
|
+
vault
|
|
43
|
+
.command('list')
|
|
44
|
+
.description('List secret names without revealing values.')
|
|
45
|
+
.option('--env <env>', 'Filter by environment.')
|
|
46
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
47
|
+
.action(async (options) => {
|
|
48
|
+
const secrets = await listSecrets({
|
|
49
|
+
env: options.env,
|
|
50
|
+
masterPassword: options.password
|
|
51
|
+
});
|
|
52
|
+
if (secrets.length === 0) {
|
|
53
|
+
console.log(chalk.yellow('No secrets found.'));
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
for (const secret of secrets) {
|
|
57
|
+
console.log(`${chalk.green('✓')} ${secret.key} ${chalk.dim(`(${secret.env})`)}`);
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
vault
|
|
61
|
+
.command('delete <key>')
|
|
62
|
+
.description('Delete a secret.')
|
|
63
|
+
.option('--env <env>', 'Secret environment.', 'development')
|
|
64
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
65
|
+
.action(async (key, options) => {
|
|
66
|
+
const deleted = await deleteSecret({
|
|
67
|
+
key,
|
|
68
|
+
env: options.env,
|
|
69
|
+
masterPassword: options.password
|
|
70
|
+
});
|
|
71
|
+
console.log(deleted ? `${chalk.green('✓')} Deleted ${key}.` : chalk.yellow(`No secret found for ${key}.`));
|
|
72
|
+
});
|
|
73
|
+
vault
|
|
74
|
+
.command('export')
|
|
75
|
+
.description('Export secrets as shell-compatible environment lines.')
|
|
76
|
+
.option('--env <env>', 'Filter by environment.')
|
|
77
|
+
.requiredOption('--password <password>', 'Master password.')
|
|
78
|
+
.action(async (options) => {
|
|
79
|
+
const output = await exportEnv({
|
|
80
|
+
env: options.env,
|
|
81
|
+
masterPassword: options.password
|
|
82
|
+
});
|
|
83
|
+
console.log(output);
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=vault.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vault.js","sourceRoot":"","sources":["../../../src/commands/vault.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,SAAS,EACT,SAAS,EACT,SAAS,EACT,WAAW,EACX,SAAS,EACV,MAAM,kBAAkB,CAAC;AAE1B,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,mDAAmD,CAAC,CAAC;IAEpE,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,sCAAsC,CAAC;SACnD,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA6B,EAAE,EAAE;QAC9C,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,mBAAmB,CAAC;SAC5B,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,KAAa,EAAE,OAA0C,EAAE,EAAE;QACvF,MAAM,SAAS,CAAC;YACd,GAAG;YACH,KAAK;YACL,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,GAAG,QAAQ,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,WAAW,CAAC;SACpB,WAAW,CAAC,0BAA0B,CAAC;SACvC,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,OAA0C,EAAE,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,GAAG;YACH,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,6CAA6C,CAAC;SAC1D,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC;SAC/C,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA2C,EAAE,EAAE;QAC5D,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC;YAChC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,kBAAkB,CAAC;SAC/B,MAAM,CAAC,aAAa,EAAE,qBAAqB,EAAE,aAAa,CAAC;SAC3D,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,GAAW,EAAE,OAA0C,EAAE,EAAE;QACxE,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC;YACjC,GAAG;YACH,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,uBAAuB,GAAG,GAAG,CAAC,CAAC,CAAC;IAC7G,CAAC,CAAC,CAAC;IAEL,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,uDAAuD,CAAC;SACpE,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC;SAC/C,cAAc,CAAC,uBAAuB,EAAE,kBAAkB,CAAC;SAC3D,MAAM,CAAC,KAAK,EAAE,OAA2C,EAAE,EAAE;QAC5D,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,cAAc,EAAE,OAAO,CAAC,QAAQ;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { AnalyzerRunner } from '../application/analyzer-runner.js';
|
|
2
|
+
import { OsvVulnerabilityAnalyzer } from '../analyzers/vulnerability/osv-analyzer.js';
|
|
3
|
+
import { MemoryCache } from '../storage/memory-cache.js';
|
|
4
|
+
export function registerVulnerabilitiesCommand(program) {
|
|
5
|
+
program
|
|
6
|
+
.command('vulnerabilities')
|
|
7
|
+
.alias('vulns')
|
|
8
|
+
.description('Match resolved npm dependencies against OSV.dev.')
|
|
9
|
+
.option('-p, --path <path>', 'Project path to inspect.', process.cwd())
|
|
10
|
+
.option('--json', 'Print structured JSON output.')
|
|
11
|
+
.option('--include-dev', 'Include development dependency findings.')
|
|
12
|
+
.action(async (options) => {
|
|
13
|
+
const [result] = await new AnalyzerRunner({ concurrency: 1, timeoutMs: 60000 }).run([new OsvVulnerabilityAnalyzer()], { root: options.path, cache: new MemoryCache() });
|
|
14
|
+
if (!result)
|
|
15
|
+
throw new Error('OSV analyzer returned no result.');
|
|
16
|
+
const findings = options.includeDev
|
|
17
|
+
? result.findings
|
|
18
|
+
: result.findings.filter((finding) => finding.metadata?.development !== true);
|
|
19
|
+
if (options.json) {
|
|
20
|
+
console.log(JSON.stringify({ ...result, findings }, null, 2));
|
|
21
|
+
}
|
|
22
|
+
else {
|
|
23
|
+
console.log('Toolip Vulnerability Intelligence');
|
|
24
|
+
console.log('');
|
|
25
|
+
console.log(`Dependencies checked: ${result.metadata?.dependenciesChecked ?? 0}`);
|
|
26
|
+
console.log(`Known vulnerabilities: ${findings.length}`);
|
|
27
|
+
console.log('');
|
|
28
|
+
for (const finding of findings) {
|
|
29
|
+
console.log(`[${finding.severity.toUpperCase()}] ${finding.metadata?.vulnerabilityId}`);
|
|
30
|
+
console.log(`Package: ${finding.metadata?.package}@${finding.metadata?.installedVersion}`);
|
|
31
|
+
console.log(`Summary: ${finding.title}`);
|
|
32
|
+
if (finding.remediation?.summary)
|
|
33
|
+
console.log(`Fix: ${finding.remediation.summary}`);
|
|
34
|
+
console.log('');
|
|
35
|
+
}
|
|
36
|
+
if (findings.length === 0) {
|
|
37
|
+
console.log('No disclosed vulnerabilities matched the resolved npm dependency versions.');
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=vulnerabilities.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vulnerabilities.js","sourceRoot":"","sources":["../../../src/commands/vulnerabilities.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,4CAA4C,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,MAAM,UAAU,8BAA8B,CAAC,OAAgB;IAC7D,OAAO;SACJ,OAAO,CAAC,iBAAiB,CAAC;SAC1B,KAAK,CAAC,OAAO,CAAC;SACd,WAAW,CAAC,kDAAkD,CAAC;SAC/D,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SACtE,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;SACjD,MAAM,CAAC,eAAe,EAAE,0CAA0C,CAAC;SACnE,MAAM,CAAC,KAAK,EAAE,OAA+D,EAAE,EAAE;QAChF,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,cAAc,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC,GAAG,CACjF,CAAC,IAAI,wBAAwB,EAAE,CAAC,EAChC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,WAAW,EAAE,EAAE,CACjD,CAAC;QAEF,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU;YACjC,CAAC,CAAC,MAAM,CAAC,QAAQ;YACjB,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,KAAK,IAAI,CAAC,CAAC;QAEhF,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,QAAQ,EAAE,mBAAmB,IAAI,CAAC,EAAE,CAAC,CAAC;YAClF,OAAO,CAAC,GAAG,CAAC,0BAA0B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEhB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC;gBACxF,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,QAAQ,EAAE,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAC,CAAC;gBAC3F,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBACzC,IAAI,OAAO,CAAC,WAAW,EAAE,OAAO;oBAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;gBACrF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAClB,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,4EAA4E,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { runSecurityDoctor } from '../core/security-doctor.js';
|
|
2
|
+
import { watchProject } from '../core/watch/watch.js';
|
|
3
|
+
export function registerWatchCommand(program) {
|
|
4
|
+
program
|
|
5
|
+
.command('watch')
|
|
6
|
+
.description('Continuously rerun Toolip security checks as files change.')
|
|
7
|
+
.option('-p, --path <path>', 'Project path.', process.cwd())
|
|
8
|
+
.option('--once', 'Run once without watching.')
|
|
9
|
+
.action(async (options) => {
|
|
10
|
+
const render = async () => {
|
|
11
|
+
const result = await runSecurityDoctor(options.path);
|
|
12
|
+
console.clear();
|
|
13
|
+
console.log('Toolip Watch');
|
|
14
|
+
console.log('');
|
|
15
|
+
console.log(`Updated: ${new Date().toISOString()}`);
|
|
16
|
+
console.log(`Critical/secrets: ${result.summary.secrets}`);
|
|
17
|
+
console.log(`Dangerous code: ${result.summary.dangerousCode}`);
|
|
18
|
+
console.log(`Configuration: ${result.summary.configuration}`);
|
|
19
|
+
console.log(`Total findings: ${result.findings.length}`);
|
|
20
|
+
};
|
|
21
|
+
await render();
|
|
22
|
+
if (options.once)
|
|
23
|
+
return;
|
|
24
|
+
console.log('');
|
|
25
|
+
console.log('Watching for changes. Press Ctrl+C to stop.');
|
|
26
|
+
const close = watchProject(options.path, render);
|
|
27
|
+
process.once('SIGINT', () => {
|
|
28
|
+
close();
|
|
29
|
+
process.exit(0);
|
|
30
|
+
});
|
|
31
|
+
await new Promise(() => undefined);
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=watch.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"watch.js","sourceRoot":"","sources":["../../../src/commands/watch.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,4DAA4D,CAAC;SACzE,MAAM,CAAC,mBAAmB,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;SAC3D,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC;SAC9C,MAAM,CAAC,KAAK,EAAE,OAAyC,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,KAAK,IAAmB,EAAE;YACvC,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACrD,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC;QAEF,MAAM,MAAM,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI;YAAE,OAAO;QAEzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAE3D,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAEjD,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;YAC1B,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAO,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { readFileSync } from 'node:fs';
|
|
2
|
+
import path from 'node:path';
|
|
3
|
+
import { fileURLToPath } from 'node:url';
|
|
4
|
+
function resolvePackageVersion() {
|
|
5
|
+
let directory = path.dirname(fileURLToPath(import.meta.url));
|
|
6
|
+
const root = path.parse(directory).root;
|
|
7
|
+
while (directory !== root) {
|
|
8
|
+
const manifestPath = path.join(directory, 'package.json');
|
|
9
|
+
try {
|
|
10
|
+
const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
|
|
11
|
+
if (manifest.name === 'toolip' &&
|
|
12
|
+
typeof manifest.version === 'string') {
|
|
13
|
+
return manifest.version;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
catch {
|
|
17
|
+
// Continue searching parent directories.
|
|
18
|
+
}
|
|
19
|
+
directory = path.dirname(directory);
|
|
20
|
+
}
|
|
21
|
+
throw new Error('Unable to resolve Toolip version from package.json.');
|
|
22
|
+
}
|
|
23
|
+
export const TOOLIP_VERSION = resolvePackageVersion();
|
|
24
|
+
export const TOOLIP_AUTHOR = {
|
|
25
|
+
name: 'Ashibuogwu Williams',
|
|
26
|
+
handle: 'wbizmo',
|
|
27
|
+
github: 'https://github.com/wbizmo'
|
|
28
|
+
};
|
|
29
|
+
//# sourceMappingURL=version.js.map
|