vskill 0.1.0

package/dist/scanner/tier1.js

@@ -0,0 +1,83 @@
+// ---------------------------------------------------------------------------
+// Tier 1 Scanner -- Static pattern-based security analysis
+// ---------------------------------------------------------------------------
+import { scanContent, SCAN_PATTERNS, } from "./patterns.js";
+// ---- Severity scoring weights ---------------------------------------------
+const SEVERITY_DEDUCTIONS = {
+    critical: 25,
+    high: 15,
+    medium: 8,
+    low: 3,
+    info: 0,
+};
+// ---- Scanner --------------------------------------------------------------
+/**
+ * Run the Tier 1 static scan against the provided skill content.
+ *
+ * Scoring starts at 100 and deducts points per finding based on severity.
+ * Verdict thresholds:
+ *   >= 80  PASS
+ *   50-79  CONCERNS
+ *   < 50   FAIL
+ */
+export function runTier1Scan(content) {
+    const start = performance.now();
+    const findings = scanContent(content);
+    // Count findings by severity
+    let criticalCount = 0;
+    let highCount = 0;
+    let mediumCount = 0;
+    let lowCount = 0;
+    let infoCount = 0;
+    for (const finding of findings) {
+        switch (finding.severity) {
+            case "critical":
+                criticalCount++;
+                break;
+            case "high":
+                highCount++;
+                break;
+            case "medium":
+                mediumCount++;
+                break;
+            case "low":
+                lowCount++;
+                break;
+            case "info":
+                infoCount++;
+                break;
+        }
+    }
+    // Calculate score
+    let score = 100;
+    for (const finding of findings) {
+        score -= SEVERITY_DEDUCTIONS[finding.severity];
+    }
+    // Clamp to 0-100
+    score = Math.max(0, Math.min(100, score));
+    // Determine verdict
+    let verdict;
+    if (score >= 80) {
+        verdict = "PASS";
+    }
+    else if (score >= 50) {
+        verdict = "CONCERNS";
+    }
+    else {
+        verdict = "FAIL";
+    }
+    const durationMs = Math.round(performance.now() - start);
+    return {
+        verdict,
+        findings,
+        score,
+        patternsChecked: SCAN_PATTERNS.length,
+        criticalCount,
+        highCount,
+        mediumCount,
+        lowCount,
+        infoCount,
+        durationMs,
+    };
+}
+//# sourceMappingURL=tier1.js.map

package/dist/scanner/tier1.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tier1.js","sourceRoot":"","sources":["../../src/scanner/tier1.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAE9E,OAAO,EACL,WAAW,EACX,aAAa,GAId,MAAM,eAAe,CAAC;AAiBvB,8EAA8E;AAE9E,MAAM,mBAAmB,GAAoC;IAC3D,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEhC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEtC,6BAA6B;IAC7B,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,UAAU;gBACb,aAAa,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,MAAM;gBACT,SAAS,EAAE,CAAC;gBACZ,MAAM;YACR,KAAK,QAAQ;gBACX,WAAW,EAAE,CAAC;gBACd,MAAM;YACR,KAAK,KAAK;gBACR,QAAQ,EAAE,CAAC;gBACX,MAAM;YACR,KAAK,MAAM;gBACT,SAAS,EAAE,CAAC;gBACZ,MAAM;QACV,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,IAAI,mBAAmB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,iBAAiB;IACjB,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1C,oBAAoB;IACpB,IAAI,OAAoB,CAAC;IACzB,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QAChB,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,OAAO,GAAG,UAAU,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAEzD,OAAO;QACL,OAAO;QACP,QAAQ;QACR,KAAK;QACL,eAAe,EAAE,aAAa,CAAC,MAAM;QACrC,aAAa;QACb,SAAS;QACT,WAAW;QACX,QAAQ;QACR,SAAS;QACT,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/utils/output.d.ts

@@ -0,0 +1,15 @@
+export declare const green: (text: string) => string;
+export declare const red: (text: string) => string;
+export declare const yellow: (text: string) => string;
+export declare const cyan: (text: string) => string;
+export declare const bold: (text: string) => string;
+export declare const dim: (text: string) => string;
+export declare const magenta: (text: string) => string;
+/**
+ * Print aligned columns. Each row is an array of strings.
+ * Column widths are auto-calculated from the widest cell.
+ */
+export declare function table(headers: string[], rows: string[][], gap?: number): string;
+export declare function spinner(message: string): {
+    stop: (final?: string) => void;
+};

package/dist/utils/output.js

@@ -0,0 +1,87 @@
+// ---------------------------------------------------------------------------
+// Colored console output helpers (ANSI codes, zero dependencies)
+// ---------------------------------------------------------------------------
+const isColorSupported = process.env.FORCE_COLOR !== "0" &&
+    process.env.NO_COLOR === undefined &&
+    (process.stdout.isTTY || process.env.FORCE_COLOR === "1");
+function wrap(code, reset) {
+    if (!isColorSupported)
+        return (text) => text;
+    return (text) => `${code}${text}${reset}`;
+}
+// ---- Text formatters ------------------------------------------------------
+export const green = wrap("\x1b[32m", "\x1b[39m");
+export const red = wrap("\x1b[31m", "\x1b[39m");
+export const yellow = wrap("\x1b[33m", "\x1b[39m");
+export const cyan = wrap("\x1b[36m", "\x1b[39m");
+export const bold = wrap("\x1b[1m", "\x1b[22m");
+export const dim = wrap("\x1b[2m", "\x1b[22m");
+export const magenta = wrap("\x1b[35m", "\x1b[39m");
+// ---- Table output ---------------------------------------------------------
+/**
+ * Print aligned columns. Each row is an array of strings.
+ * Column widths are auto-calculated from the widest cell.
+ */
+export function table(headers, rows, gap = 2) {
+    const allRows = [headers, ...rows];
+    const colWidths = [];
+    for (const row of allRows) {
+        for (let i = 0; i < row.length; i++) {
+            const stripped = stripAnsi(row[i] || "");
+            colWidths[i] = Math.max(colWidths[i] || 0, stripped.length);
+        }
+    }
+    const lines = [];
+    // Header
+    const headerLine = headers
+        .map((h, i) => padRight(h, colWidths[i], gap))
+        .join("")
+        .trimEnd();
+    lines.push(bold(headerLine));
+    lines.push(dim(colWidths.map((w) => "-".repeat(w)).join(" ".repeat(gap))));
+    // Data rows
+    for (const row of rows) {
+        const line = row
+            .map((cell, i) => padRight(cell, colWidths[i], gap))
+            .join("")
+            .trimEnd();
+        lines.push(line);
+    }
+    return lines.join("\n");
+}
+function stripAnsi(str) {
+    // eslint-disable-next-line no-control-regex
+    return str.replace(/\x1b\[[0-9;]*m/g, "");
+}
+function padRight(str, width, gap) {
+    const visible = stripAnsi(str);
+    const padding = Math.max(0, width - visible.length) + gap;
+    return str + " ".repeat(padding);
+}
+// ---- Spinner --------------------------------------------------------------
+export function spinner(message) {
+    const frames = ["|", "/", "-", "\\"];
+    let i = 0;
+    if (!isColorSupported || !process.stdout.isTTY) {
+        process.stdout.write(`${message}...\n`);
+        return {
+            stop: (final) => {
+                if (final)
+                    process.stdout.write(`${final}\n`);
+            },
+        };
+    }
+    const interval = setInterval(() => {
+        process.stdout.write(`\r${frames[i % frames.length]} ${message}`);
+        i++;
+    }, 80);
+    return {
+        stop: (final) => {
+            clearInterval(interval);
+            process.stdout.write(`\r${" ".repeat(message.length + 3)}\r`);
+            if (final)
+                process.stdout.write(`${final}\n`);
+        },
+    };
+}
+//# sourceMappingURL=output.js.map

package/dist/utils/output.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../src/utils/output.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,iEAAiE;AACjE,8EAA8E;AAE9E,MAAM,gBAAgB,GACpB,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG;IAC/B,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;IAClC,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,CAAC;AAE5D,SAAS,IAAI,CAAC,IAAY,EAAE,KAAa;IACvC,IAAI,CAAC,gBAAgB;QAAE,OAAO,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC;IACrD,OAAO,CAAC,IAAY,EAAE,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,EAAE,CAAC;AACpD,CAAC;AAED,8EAA8E;AAE9E,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AAClD,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AAChD,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AACnD,MAAM,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AACjD,MAAM,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAChD,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AAEpD,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,KAAK,CAAC,OAAiB,EAAE,IAAgB,EAAE,GAAG,GAAG,CAAC;IAChE,MAAM,OAAO,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACnC,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACzC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,MAAM,UAAU,GAAG,OAAO;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC7C,IAAI,CAAC,EAAE,CAAC;SACR,OAAO,EAAE,CAAC;IACb,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CACR,GAAG,CACD,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAC1D,CACF,CAAC;IAEF,YAAY;IACZ,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,GAAG;aACb,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACnD,IAAI,CAAC,EAAE,CAAC;aACR,OAAO,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,4CAA4C;IAC5C,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW,EAAE,KAAa,EAAE,GAAW;IACvD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;IAC1D,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAE9E,MAAM,UAAU,OAAO,CAAC,OAAe;IACrC,MAAM,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,OAAO,CAAC,CAAC;QACxC,OAAO;YACL,IAAI,EAAE,CAAC,KAAc,EAAE,EAAE;gBACvB,IAAI,KAAK;oBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;YAChD,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;QAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;QAClE,CAAC,EAAE,CAAC;IACN,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO;QACL,IAAI,EAAE,CAAC,KAAc,EAAE,EAAE;YACvB,aAAa,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9D,IAAI,KAAK;gBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "vskill",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "Secure multi-platform AI skill installer — scan before you install",
+  "bin": {
+    "vskill": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "ai",
+    "skills",
+    "security",
+    "agent",
+    "cli",
+    "claude",
+    "cursor",
+    "copilot",
+    "verified-skill"
+  ],
+  "author": "Anton Abyzov",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/anton-abyzov/vskill"
+  },
+  "homepage": "https://verified-skill.com",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "devDependencies": {
+    "@types/node": "^25.2.3",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "commander": "^14.0.3"
+  }
+}