vibesafe-scanner 0.1.2

package/README.md

@@ -0,0 +1,106 @@
+# VibeSafe - Security Scanner for Vibe-Coded Applications
+
+VibeSafe is a security scanner designed for AI-generated and vibe-coded applications. It helps identify common security issues in projects built with tools like Claude, ChatGPT, and other AI assistants.
+
+## Installation
+
+### Global Installation
+
+```bash
+npm install -g vibesafe-scanner
+vibesafe scan
+```
+
+### One-Time Usage with npx
+
+```bash
+npx vibesafe-scanner scan
+```
+
+### Local Project Installation
+
+```bash
+npm install --save-dev vibesafe
+npx vibesafe-scanner scan
+```
+
+## Usage
+
+Scan the current directory:
+```bash
+vibesafe scan
+```
+
+Scan a specific directory:
+```bash
+vibesafe scan --path ./my-project
+```
+
+Output as JSON:
+```bash
+vibesafe scan --json
+```
+
+## What It Checks
+
+VibeSafe scans for common security issues in vibe-coded projects:
+
+- **Secrets & Credentials**: Hardcoded API keys, passwords, tokens
+- **Authentication Issues**: Missing auth, insecure patterns
+- **Infrastructure Misconfigurations**: Exposed admin panels, debugging enabled
+- **AI Spend Risks**: Unbounded API calls, missing rate limits
+
+## Requirements
+
+- **No Python required!** The npm package includes a standalone binary.
+- Node.js 14+ (for the npm wrapper only)
+
+## Platform Support
+
+- ✅ Windows (x64, arm64)
+- ✅ macOS (x64, arm64)
+- ✅ Linux (x64, arm64)
+
+## CI/CD Integration
+
+### GitHub Actions
+
+```yaml
+name: Security Scan
+on: [push, pull_request]
+
+jobs:
+  vibesafe:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+      - run: npx vibesafe-scanner scan
+```
+
+### GitLab CI
+
+```yaml
+vibesafe:
+  stage: test
+  image: node:18
+  script:
+    - npx vibesafe-scanner scan
+```
+
+## Exit Codes
+
+- `0`: No security issues found
+- `1`: Security issues detected or scan error
+
+## Links
+
+- [GitHub Repository](https://github.com/CodAngels/vibesafe)
+- [Report Issues](https://github.com/CodAngels/vibesafe/issues)
+- [Website](https://vibesafe.ai)
+
+## License
+
+MIT License - see LICENSE file for details.

package/bin/vibesafe.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+/**
+ * VibeSafe CLI entry point.
+ * Executes the downloaded binary with forwarded arguments.
+ */
+
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+/**
+ * Find the binary path
+ */
+function getBinaryPath() {
+  const ext = process.platform === 'win32' ? '.exe' : '';
+  const binaryName = `vibesafe${ext}`;
+  const binaryPath = path.join(__dirname, binaryName);
+
+  if (!fs.existsSync(binaryPath)) {
+    console.error('❌ VibeSafe binary not found!');
+    console.error('');
+    console.error('This usually means the installation failed.');
+    console.error('Try reinstalling: npm install -g vibesafe');
+    console.error('');
+    console.error('If the problem persists, report it at:');
+    console.error('https://github.com/CodAngels/vibesafe/issues');
+    process.exit(1);
+  }
+
+  return binaryPath;
+}
+
+/**
+ * Execute the binary
+ */
+function runBinary() {
+  const binaryPath = getBinaryPath();
+  const args = process.argv.slice(2);
+
+  const child = spawn(binaryPath, args, {
+    stdio: 'inherit',
+    windowsHide: true,
+  });
+
+  child.on('error', (error) => {
+    console.error('❌ Failed to execute VibeSafe:', error.message);
+    process.exit(1);
+  });
+
+  child.on('close', (code) => {
+    process.exit(code || 0);
+  });
+
+  // Handle termination signals
+  process.on('SIGINT', () => child.kill('SIGINT'));
+  process.on('SIGTERM', () => child.kill('SIGTERM'));
+}
+
+// Run the binary
+runBinary();

package/install.js

@@ -0,0 +1,165 @@
+#!/usr/bin/env node
+/**
+ * Post-install script for VibeSafe npm package.
+ * Downloads the appropriate binary for the user's platform.
+ */
+
+const https = require('https');
+const fs = require('fs');
+const path = require('path');
+const { pipeline } = require('stream');
+const { promisify } = require('util');
+
+const streamPipeline = promisify(pipeline);
+
+// Read version from package.json
+const packageJson = require('./package.json');
+const VERSION = packageJson.version;
+
+// GitHub release settings
+const GITHUB_REPO = 'CodAngels/vibesafe';
+const RELEASE_URL_TEMPLATE = `https://github.com/${GITHUB_REPO}/releases/download/v${VERSION}/vibesafe-{PLATFORM}-{ARCH}{EXT}`;
+
+/**
+ * Get platform-specific binary information
+ */
+function getPlatformInfo() {
+  const platform = process.platform;
+  const arch = process.arch;
+
+  let platformName, archName, ext;
+
+  // Map Node.js platform to our naming
+  switch (platform) {
+    case 'win32':
+      platformName = 'windows';
+      ext = '.exe';
+      break;
+    case 'darwin':
+      platformName = 'darwin';
+      ext = '';
+      break;
+    case 'linux':
+      platformName = 'linux';
+      ext = '';
+      break;
+    default:
+      throw new Error(`Unsupported platform: ${platform}`);
+  }
+
+  // Map Node.js arch to our naming
+  switch (arch) {
+    case 'x64':
+      // Intel Macs use ARM64 binary via Rosetta 2
+      archName = (platform === 'darwin') ? 'arm64' : 'x64';
+      break;
+    case 'arm64':
+      archName = 'arm64';
+      break;
+    default:
+      throw new Error(`Unsupported architecture: ${arch}`);
+  }
+
+  return { platform: platformName, arch: archName, ext };
+}
+
+/**
+ * Download file from URL
+ */
+async function downloadFile(url, destPath) {
+  return new Promise((resolve, reject) => {
+    console.log(`[DOWNLOAD] Downloading from: ${url}`);
+
+    https.get(url, (response) => {
+      // Handle redirects
+      if (response.statusCode === 301 || response.statusCode === 302) {
+        const redirectUrl = response.headers.location;
+        console.log(`[REDIRECT]  Following redirect to: ${redirectUrl}`);
+        return downloadFile(redirectUrl, destPath).then(resolve).catch(reject);
+      }
+
+      if (response.statusCode !== 200) {
+        reject(new Error(`Failed to download: HTTP ${response.statusCode}`));
+        return;
+      }
+
+      const fileStream = fs.createWriteStream(destPath);
+
+      response.pipe(fileStream);
+
+      fileStream.on('finish', () => {
+        fileStream.close();
+        resolve();
+      });
+
+      fileStream.on('error', (err) => {
+        fs.unlink(destPath, () => {});
+        reject(err);
+      });
+    }).on('error', reject);
+  });
+}
+
+/**
+ * Main installation logic
+ */
+async function install() {
+  console.log('[INSTALL] Installing VibeSafe binary...');
+
+  try {
+    // Get platform info
+    const { platform, arch, ext } = getPlatformInfo();
+    console.log(`[INFO] Platform: ${platform}-${arch}`);
+
+    // Warn about unsupported platforms
+    if (platform === 'linux' && arch === 'arm64') {
+      console.warn('[WARNING]  Linux ARM64 binaries are not yet available.');
+      console.warn('   Please use the Python version: pip install vibesafe-scanner');
+      process.exit(1);
+    }
+
+    // Construct download URL
+    const binaryName = `vibesafe-${platform}-${arch}${ext}`;
+    const downloadUrl = RELEASE_URL_TEMPLATE
+      .replace('{PLATFORM}', platform)
+      .replace('{ARCH}', arch)
+      .replace('{EXT}', ext);
+
+    // Prepare destination
+    const binDir = path.join(__dirname, 'bin');
+    if (!fs.existsSync(binDir)) {
+      fs.mkdirSync(binDir, { recursive: true });
+    }
+
+    const binaryPath = path.join(binDir, `vibesafe${ext}`);
+
+    // Download binary
+    await downloadFile(downloadUrl, binaryPath);
+
+    // Make executable (Unix-like systems)
+    if (ext === '') {
+      fs.chmodSync(binaryPath, 0o755);
+    }
+
+    console.log(`[SUCCESS] VibeSafe v${VERSION} installed successfully!`);
+    console.log(`   Binary location: ${binaryPath}`);
+    console.log('');
+    console.log('Try it out: npx vibesafe scan');
+
+  } catch (error) {
+    console.error('[ERROR] Installation failed:', error.message);
+    console.error('');
+    console.error('Troubleshooting:');
+    console.error('  1. Check your internet connection');
+    console.error('  2. Verify the release exists: https://github.com/' + GITHUB_REPO + '/releases/tag/v' + VERSION);
+    console.error('  3. Report issues: https://github.com/' + GITHUB_REPO + '/issues');
+    process.exit(1);
+  }
+}
+
+// Run installation
+if (require.main === module) {
+  install();
+}
+
+module.exports = { install };

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "vibesafe-scanner",
+  "version": "0.1.2",
+  "description": "Security scanner for vibe-coded applications (Node.js wrapper)",
+  "bin": {
+    "vibesafe": "bin/vibesafe.js"
+  },
+  "scripts": {
+    "postinstall": "node install.js"
+  },
+  "keywords": [
+    "security",
+    "scanner",
+    "ai",
+    "devtools",
+    "vibesafe",
+    "vibe-check"
+  ],
+  "author": "VibeSafe <hello@vibesafe.ai>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/CodAngels/vibesafe.git"
+  },
+  "homepage": "https://github.com/CodAngels/vibesafe",
+  "bugs": {
+    "url": "https://github.com/CodAngels/vibesafe/issues"
+  },
+  "files": [
+    "bin/",
+    "install.js",
+    "README.md"
+  ]
+}