npm - vite-plugin-vue-security - Versions diffs - 1.1.0 → 1.3.0 - Mend

vite-plugin-vue-security 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js +206 -9
package/package.json +8 -4
package/vite-plugin-vue-security-1.3.0.tgz +0 -0

package/index.js CHANGED Viewed

@@ -1,13 +1,15 @@
 const fs = require('fs');
 const path = require('path');
-// Import the security scanner with rule-based architecture
-const { SecurityScanner } = require('vue-security-scanner/src/scanner');
+// Import the security scanner with rule-based architecture from npm package
+const { SecurityScanner } = require('vue-security-scanner');
 const IgnoreManager = require('vue-security-scanner/src/utils/ignore-manager');
+const AdvancedReportGenerator = require('vue-security-scanner/src/reporting/advanced-report-generator');
 /**
  * Vite Plugin for Vue Security Scanning
  * Performs security scans on Vue.js projects during the build process
+ * with advanced semantic analysis and enterprise-grade reporting
  */
 function vueSecurityPlugin(options = {}) {
   const config = {
@@ -17,11 +19,21 @@ function vueSecurityPlugin(options = {}) {
     reportLevel: 'warning', // 'error', 'warning', or 'info'
     outputFile: null, // Optional output file for security report
     exclude: [], // Patterns to exclude from scanning
+    // NEW: Advanced features
+    enableSemanticAnalysis: true, // Enable AST-based semantic analysis
+    enableDependencyScanning: true, // Enable dependency vulnerability scanning
+    enableAdvancedReport: false, // Enable advanced reporting with trends and compliance
+    reportHistoryPath: '.vue-security-reports', // Path for report history
+    complianceStandards: ['OWASP', 'GDPR', 'HIPAA', 'PCI-DSS', 'SOX'], // Compliance standards to check
     ...options
   };
   let scanner;
   let ignoreManager;
+  let advancedReportGenerator;
+  let allVulnerabilities = []; // Collect all vulnerabilities for final report
   return {
     name: 'vue-security',
@@ -40,6 +52,15 @@ function vueSecurityPlugin(options = {}) {
         output: {
           showProgress: false, // Disable progress in build process
           format: 'json'
+        },
+        performance: {
+          enableSemanticAnalysis: config.enableSemanticAnalysis,
+          enableNpmAudit: config.enableDependencyScanning,
+          enableVulnerabilityDB: config.enableDependencyScanning
+        },
+        compliance: {
+          enabled: config.enableAdvancedReport,
+          standards: config.complianceStandards
         }
       };
@@ -48,6 +69,14 @@ function vueSecurityPlugin(options = {}) {
       // Initialize ignore manager
       ignoreManager = new IgnoreManager(process.cwd());
+      // Initialize advanced report generator if enabled
+      if (config.enableAdvancedReport) {
+        advancedReportGenerator = new AdvancedReportGenerator();
+      }
+      // Clear previous vulnerabilities
+      allVulnerabilities = [];
     },
     async transform(code, id) {
@@ -76,6 +105,9 @@ function vueSecurityPlugin(options = {}) {
         const result = await scanner.scanFile(id, code);
         const vulnerabilities = result.vulnerabilities || [];
+        // Collect vulnerabilities for final report
+        allVulnerabilities.push(...vulnerabilities);
         // Report vulnerabilities
         if (vulnerabilities.length > 0) {
           vulnerabilities.forEach(vuln => {
@@ -89,6 +121,9 @@ function vueSecurityPlugin(options = {}) {
             if (vuln.ruleId) {
               message += `Rule: ${vuln.ruleId}\n`;
             }
+            if (vuln.confidence) {
+              message += `Confidence: ${vuln.confidence}\n`;
+            }
             // Log based on report level
             if (config.reportLevel === 'error' ||
@@ -99,11 +134,6 @@ function vueSecurityPlugin(options = {}) {
             }
           });
-          // Optionally write to output file
-          if (config.outputFile) {
-            await writeSecurityReport(config.outputFile, vulnerabilities);
-          }
           // Fail build if configured to do so
           if (config.failOnError) {
             const highSeverityVulns = vulnerabilities.filter(v => v.severity === 'High' || v.severity === 'Critical');
@@ -128,6 +158,70 @@ function vueSecurityPlugin(options = {}) {
       if (errors && errors.length > 0) {
         console.log(`Build completed with ${errors.length} errors.`);
       }
+      // Scan dependencies if enabled
+      if (config.enableDependencyScanning) {
+        try {
+          console.log('Scanning dependencies for vulnerabilities...');
+          const dependencyScanner = require('../src/analysis/dependency-scanner');
+          const depScanner = new dependencyScanner({
+            enableNpmAudit: true,
+            enableVulnerabilityDB: true
+          });
+          const depVulns = await depScanner.scanDependencies(process.cwd());
+          allVulnerabilities.push(...depVulns);
+          console.log(`Found ${depVulns.length} dependency vulnerabilities.`);
+        } catch (error) {
+          console.warn('Dependency scanning failed:', error.message);
+        }
+      }
+      // Generate report
+      if (allVulnerabilities.length > 0) {
+        const scanResult = {
+          summary: {
+            totalVulnerabilities: allVulnerabilities.length,
+            critical: allVulnerabilities.filter(v => v.severity === 'Critical').length,
+            high: allVulnerabilities.filter(v => v.severity === 'High').length,
+            medium: allVulnerabilities.filter(v => v.severity === 'Medium').length,
+            low: allVulnerabilities.filter(v => v.severity === 'Low').length
+          },
+          vulnerabilities: allVulnerabilities,
+          scanInfo: {
+            scannerVersion: '1.3.0',
+            scanDate: new Date().toISOString(),
+            projectPath: process.cwd()
+          }
+        };
+        // Generate advanced report if enabled
+        if (config.enableAdvancedReport && advancedReportGenerator) {
+          try {
+            const advancedReport = advancedReportGenerator.generateAdvancedReport(scanResult, {
+              includeTrends: true,
+              includeCompliance: true,
+              historyPath: config.reportHistoryPath
+            });
+            if (config.outputFile) {
+              const reportPath = config.outputFile.endsWith('.html')
+                ? config.outputFile
+                : config.outputFile.replace('.json', '.html');
+              await writeAdvancedReport(reportPath, advancedReport, 'html');
+            }
+          } catch (error) {
+            console.warn('Advanced report generation failed:', error.message);
+          }
+        }
+        // Write basic report
+        if (config.outputFile) {
+          await writeSecurityReport(config.outputFile, allVulnerabilities, scanResult);
+        }
+      }
     }
   };
 }
@@ -135,11 +229,12 @@ function vueSecurityPlugin(options = {}) {
 /**
  * Write security report to file
  */
-async function writeSecurityReport(outputFile, vulnerabilities) {
+async function writeSecurityReport(outputFile, vulnerabilities, scanResult) {
   try {
     const report = {
       timestamp: new Date().toISOString(),
       totalVulnerabilities: vulnerabilities.length,
+      summary: scanResult.summary,
       vulnerabilities: vulnerabilities.map(v => ({
         type: v.type,
         severity: v.severity,
@@ -147,7 +242,8 @@ async function writeSecurityReport(outputFile, vulnerabilities) {
         line: v.line,
         description: v.description,
         recommendation: v.recommendation,
-        ruleId: v.ruleId
+        ruleId: v.ruleId,
+        confidence: v.confidence
       }))
     };
@@ -163,4 +259,105 @@ async function writeSecurityReport(outputFile, vulnerabilities) {
   }
 }
+/**
+ * Write advanced report to file (HTML or JSON)
+ */
+async function writeAdvancedReport(outputFile, advancedReport, format = 'json') {
+  try {
+    const dir = path.dirname(outputFile);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    if (format === 'html') {
+      const htmlReport = generateHTMLReport(advancedReport);
+      await fs.promises.writeFile(outputFile, htmlReport);
+      console.log(`Advanced HTML report written to ${outputFile}`);
+    } else {
+      await fs.promises.writeFile(outputFile, JSON.stringify(advancedReport, null, 2));
+      console.log(`Advanced JSON report written to ${outputFile}`);
+    }
+  } catch (error) {
+    console.error('Error writing advanced report:', error.message);
+  }
+}
+/**
+ * Generate HTML report from advanced report data
+ */
+function generateHTMLReport(report) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Vue Security Scanner Report</title>
+    <style>
+        body { font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; }
+        .container { max-width: 1200px; margin: 0 auto; background: white; padding: 20px; border-radius: 8px; }
+        h1 { color: #333; }
+        .summary { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin: 20px 0; }
+        .summary-card { padding: 15px; border-radius: 5px; color: white; }
+        .critical { background: #d32f2f; }
+        .high { background: #f57c00; }
+        .medium { background: #fbc02d; }
+        .low { background: #388e3c; }
+        .vulnerability { border: 1px solid #ddd; padding: 15px; margin: 10px 0; border-radius: 5px; }
+        .vulnerability.critical { border-left: 5px solid #d32f2f; }
+        .vulnerability.high { border-left: 5px solid #f57c00; }
+        .vulnerability.medium { border-left: 5px solid #fbc02d; }
+        .vulnerability.low { border-left: 5px solid #388e3c; }
+        .compliance { margin-top: 30px; padding: 15px; background: #e3f2fd; border-radius: 5px; }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>🔒 Vue Security Scanner Report</h1>
+        <p><strong>Generated:</strong> ${report.metadata.generatedAt}</p>
+        <p><strong>Scanner Version:</strong> ${report.metadata.scannerVersion}</p>
+        <div class="summary">
+            <div class="summary-card critical">
+                <h3>Critical</h3>
+                <p>${report.summary.critical || 0}</p>
+            </div>
+            <div class="summary-card high">
+                <h3>High</h3>
+                <p>${report.summary.high || 0}</p>
+            </div>
+            <div class="summary-card medium">
+                <h3>Medium</h3>
+                <p>${report.summary.medium || 0}</p>
+            </div>
+            <div class="summary-card low">
+                <h3>Low</h3>
+                <p>${report.summary.low || 0}</p>
+            </div>
+        </div>
+        ${report.compliance ? `
+        <div class="compliance">
+            <h2>📋 Compliance Status</h2>
+            ${Object.entries(report.compliance).map(([standard, status]) => `
+                <p><strong>${standard}:</strong> ${status.status === 'compliant' ? '✅ Compliant' : '⚠️ Non-compliant'}</p>
+            `).join('')}
+        </div>
+        ` : ''}
+        <h2>Vulnerabilities (${report.vulnerabilities.length})</h2>
+        ${report.vulnerabilities.map(vuln => `
+            <div class="vulnerability ${vuln.severity.toLowerCase()}">
+                <h3>${vuln.type} - ${vuln.severity}</h3>
+                <p><strong>File:</strong> ${vuln.file}</p>
+                <p><strong>Line:</strong> ${vuln.line}</p>
+                <p><strong>Description:</strong> ${vuln.description}</p>
+                <p><strong>Recommendation:</strong> ${vuln.recommendation}</p>
+                ${vuln.confidence ? `<p><strong>Confidence:</strong> ${vuln.confidence}</p>` : ''}
+            </div>
+        `).join('')}
+    </div>
+</body>
+</html>`;
+}
 module.exports = vueSecurityPlugin;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "vite-plugin-vue-security",
-  "version": "1.1.0",
-  "description": "A Vite plugin that performs security scans on Vue.js projects during the build process",
+  "version": "1.3.0",
+  "description": "A Vite plugin that performs security scans on Vue.js projects during the build process with advanced semantic analysis and enterprise-grade reporting",
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
@@ -14,7 +14,11 @@
     "scanner",
     "vulnerability",
     "xss",
-    "owasp"
+    "owasp",
+    "ast",
+    "semantic-analysis",
+    "dependency-scanning",
+    "compliance"
   ],
   "author": "Vue Security Team",
   "license": "MIT",
@@ -24,7 +28,7 @@
   },
   "dependencies": {
     "cheerio": "^1.0.0-rc.12",
-    "vue-security-scanner": "^1.2.1"
+    "vue-security-scanner": "^1.3.1"
   },
   "repository": {
     "type": "git",

package/vite-plugin-vue-security-1.3.0.tgz ADDED Viewed

Binary file