vite-plugin-vue-security 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +53 -0
- package/package.json +2 -2
package/index.js
CHANGED
|
@@ -5,6 +5,7 @@ const path = require('path');
|
|
|
5
5
|
const { SecurityScanner } = require('vue-security-scanner');
|
|
6
6
|
const IgnoreManager = require('vue-security-scanner/src/utils/ignore-manager');
|
|
7
7
|
const AdvancedReportGenerator = require('vue-security-scanner/src/reporting/advanced-report-generator');
|
|
8
|
+
const TraeCNIntegration = require('vue-security-scanner/src/integration/trae-cn-integration');
|
|
8
9
|
|
|
9
10
|
/**
|
|
10
11
|
* Vite Plugin for Vue Security Scanning
|
|
@@ -27,12 +28,20 @@ function vueSecurityPlugin(options = {}) {
|
|
|
27
28
|
reportHistoryPath: '.vue-security-reports', // Path for report history
|
|
28
29
|
complianceStandards: ['OWASP', 'GDPR', 'HIPAA', 'PCI-DSS', 'SOX'], // Compliance standards to check
|
|
29
30
|
|
|
31
|
+
// Trae CN Integration
|
|
32
|
+
enableTraeCN: false, // Enable Trae CN integration
|
|
33
|
+
traeCNApiKey: null, // Trae CN API key
|
|
34
|
+
traeCNProjectId: null, // Trae CN project ID
|
|
35
|
+
traeCNAutoReport: true, // Auto-report vulnerabilities to Trae CN
|
|
36
|
+
traeCNRealtimePush: false, // Push scan results in realtime
|
|
37
|
+
|
|
30
38
|
...options
|
|
31
39
|
};
|
|
32
40
|
|
|
33
41
|
let scanner;
|
|
34
42
|
let ignoreManager;
|
|
35
43
|
let advancedReportGenerator;
|
|
44
|
+
let traeCNIntegration;
|
|
36
45
|
let allVulnerabilities = []; // Collect all vulnerabilities for final report
|
|
37
46
|
|
|
38
47
|
return {
|
|
@@ -40,6 +49,21 @@ function vueSecurityPlugin(options = {}) {
|
|
|
40
49
|
enforce: 'pre', // Run before other transforms
|
|
41
50
|
|
|
42
51
|
async buildStart() {
|
|
52
|
+
// Initialize Trae CN integration if enabled
|
|
53
|
+
if (config.enableTraeCN && config.traeCNApiKey) {
|
|
54
|
+
try {
|
|
55
|
+
traeCNIntegration = new TraeCNIntegration({
|
|
56
|
+
apiKey: config.traeCNApiKey,
|
|
57
|
+
projectId: config.traeCNProjectId,
|
|
58
|
+
enableAutoReport: config.traeCNAutoReport,
|
|
59
|
+
enableRealtimePush: config.traeCNRealtimePush
|
|
60
|
+
});
|
|
61
|
+
console.log('Trae CN integration enabled');
|
|
62
|
+
} catch (error) {
|
|
63
|
+
console.warn('Failed to initialize Trae CN integration:', error.message);
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
43
67
|
// Initialize the security scanner with configuration
|
|
44
68
|
const scannerConfig = {
|
|
45
69
|
rules: config.rules || {},
|
|
@@ -132,6 +156,21 @@ function vueSecurityPlugin(options = {}) {
|
|
|
132
156
|
} else {
|
|
133
157
|
this.warn(message);
|
|
134
158
|
}
|
|
159
|
+
|
|
160
|
+
// Report to Trae CN if enabled
|
|
161
|
+
if (traeCNIntegration && config.traeCNAutoReport) {
|
|
162
|
+
traeCNIntegration.reportVulnerability(vuln)
|
|
163
|
+
.then(result => {
|
|
164
|
+
if (result.success) {
|
|
165
|
+
console.log(`Vulnerability reported to Trae CN: ${vuln.type}`);
|
|
166
|
+
} else {
|
|
167
|
+
console.warn(`Failed to report vulnerability to Trae CN: ${result.message}`);
|
|
168
|
+
}
|
|
169
|
+
})
|
|
170
|
+
.catch(error => {
|
|
171
|
+
console.warn(`Trae CN reporting error: ${error.message}`);
|
|
172
|
+
});
|
|
173
|
+
}
|
|
135
174
|
});
|
|
136
175
|
|
|
137
176
|
// Fail build if configured to do so
|
|
@@ -221,6 +260,20 @@ function vueSecurityPlugin(options = {}) {
|
|
|
221
260
|
if (config.outputFile) {
|
|
222
261
|
await writeSecurityReport(config.outputFile, allVulnerabilities, scanResult);
|
|
223
262
|
}
|
|
263
|
+
|
|
264
|
+
// Report scan results to Trae CN if enabled
|
|
265
|
+
if (traeCNIntegration && config.traeCNRealtimePush) {
|
|
266
|
+
try {
|
|
267
|
+
const pushResult = await traeCNIntegration.reportScanResults(scanResult);
|
|
268
|
+
if (pushResult.success) {
|
|
269
|
+
console.log('Scan results pushed to Trae CN');
|
|
270
|
+
} else {
|
|
271
|
+
console.warn(`Failed to push scan results to Trae CN: ${pushResult.message}`);
|
|
272
|
+
}
|
|
273
|
+
} catch (error) {
|
|
274
|
+
console.warn(`Trae CN push error: ${error.message}`);
|
|
275
|
+
}
|
|
276
|
+
}
|
|
224
277
|
}
|
|
225
278
|
}
|
|
226
279
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vite-plugin-vue-security",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.5.0",
|
|
4
4
|
"description": "A Vite plugin that performs security scans on Vue.js projects during the build process with advanced semantic analysis and enterprise-grade reporting",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
30
|
"cheerio": "^1.0.0-rc.12",
|
|
31
|
-
"vue-security-scanner": "^1.
|
|
31
|
+
"vue-security-scanner": "^1.5.1"
|
|
32
32
|
},
|
|
33
33
|
"repository": {
|
|
34
34
|
"type": "git",
|