diff --git a/.gitignore b/.gitignore index 870bd7db..d56cc501 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,7 @@ vuln.json tmp/ dist/ reports + +# macOS system files +.DS_Store + diff --git a/README.md b/README.md index 54856b92..ac9fda4c 100644 --- a/README.md +++ b/README.md @@ -100,37 +100,25 @@ $ nsecure open # If you want to define a specific port use the --port option. $ nsecure open --port 8080 ``` ---- - -##### Available options - -| name | shortcut | default value | description | -| --- | --- | --- | --- | -| --port | -p | 0 | Define the running port, can also be define through the environment variable `PORT` | -The `auto` command can be used to chain `cwd/from` and `open` commands automatically. +### Command Documentation -```bash -$ nsecure auto jest +For complete details on each command, refer to the following documents: -# if no package is given to the auto command then it will run the cwd command instead of from. -$ nsecure auto -``` +- [`cwd`](./docs/cli/cwd.md) +- [`from`](./docs/cli/from.md) +- [`auto`](./docs/cli/auto.md) +- [`open`](./docs/cli/open.md) +- [`verify`](./docs/cli/verify.md) +- [`summary`](./docs/cli/summary.md) +- [`scorecard`](./docs/cli/scorecard.md) +- [`report`](./docs/cli/report.md) +- [`lang`](./docs/cli/lang.md) +- [`config create`](./docs/cli/config.md) +- [`config`](./docs/cli/config.md) -> [!IMPORTANT] -> By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`. ---- -Some options are available on both `cwd`, `from` and `auto` commands. The output option is not available for the `auto` command. - -| name | shortcut | default value | description | -| --- | --- | --- | --- | -| --depth | -d | **4** | the maximum depth we must walk (when we fetch the whole tree). | -| --output | -o | **nsecure-result** | the name that the outputted .json file will have | - -```bash -$ nsecure from express -d 10 -o express-security-report -``` +Each link redirects you to the complete documentation of the command, with additional details, options, and usage examples. ## Private registry / Verdaccio diff --git a/docs/cli/auto.md b/docs/cli/auto.md new file mode 100644 index 00000000..88469720 --- /dev/null +++ b/docs/cli/auto.md @@ -0,0 +1,18 @@ +# 🚀 Command `auto` + +The `auto` command combines the `cwd` and `from` commands to analyze and explore a local project or remote NPM packages in the WebUI. + +## 📜 Syntax + +```bash +nsecure auto [spec] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|--| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--keep` | `-k` | `false` | Preserve temporary files after execution. | diff --git a/docs/cli/config.md b/docs/cli/config.md new file mode 100644 index 00000000..d14746ff --- /dev/null +++ b/docs/cli/config.md @@ -0,0 +1,22 @@ +# ⚙️ Command `config` + +The `config` command allows you to manage the `.nodesecurerc` configuration file, which is used by NodeSecure components to customize their behavior. You can use this command to create a new configuration file or edit the existing one. + +## 📜 Syntax + +```bash +nsecure config [sub-command] [options] +``` + +## ⚙️ Available Options + +### `create` Sub-command + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | + +### `edit` Sub-command + +This sub-command does not have any specific options. + diff --git a/docs/cli/cwd.md b/docs/cli/cwd.md new file mode 100644 index 00000000..779a8cc7 --- /dev/null +++ b/docs/cli/cwd.md @@ -0,0 +1,19 @@ +# 📂 Command `cwd` + +The `cwd` command scans the project in the current working directory using the `package.json` and `package-lock.json` files, and stores the analysis results in a JSON file. You can then share this JSON or explore it in the WebUI using the `open` command. + +## 📜 Syntax + +```bash +nsecure cwd [options] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--nolock` | `-n` | `false` | Do not use a lock file (package-lock.json or yarn.lock) for the analysis. | +| `--full` | `-f` | `false` | Perform a full analysis of the project, including all dependencies. | +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | diff --git a/docs/cli/from.md b/docs/cli/from.md new file mode 100644 index 00000000..0d8fbab7 --- /dev/null +++ b/docs/cli/from.md @@ -0,0 +1,18 @@ +# 📦 Command `from` + +The `from` command allows you to run a security analysis on a specific npm package, which must be available in the npm registry. This command is useful for evaluating the security of a package before including it in your project. + +## 📜 Syntax + +```bash +nsecure from [options] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--silent` | | | Suppress console output, making execution silent. | + diff --git a/docs/cli/lang.md b/docs/cli/lang.md new file mode 100644 index 00000000..e8109167 --- /dev/null +++ b/docs/cli/lang.md @@ -0,0 +1,9 @@ +## 📝 Command `lang` + +The `lang` command allows you to set your preferred language. Use this command to customize the language used in the CLI or Web interfaces + +## 📜 Syntax + +```bash +nsecure lang +``` diff --git a/docs/cli/open.md b/docs/cli/open.md new file mode 100644 index 00000000..70983e01 --- /dev/null +++ b/docs/cli/open.md @@ -0,0 +1,22 @@ +## 📝 Command `open` + +The `open` command reads a specified JSON payload and starts a local HTTP server. This allows you to explore dependencies, their metrics, and potential threats directly in your web browser. + +## 📜 Syntax + +```bash +nsecure open [json] +``` + +> [!NOTE] +> If the `[json]` property is omitted, the command will default to searching for a `nsecure-result.json` file in the current working directory. + +>[!NOTE] +> If the `[json]` property is omitted, the command will default to searching for a `nsecure-result.json` file in the current working directory. +> +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--port` | `-p` | `process.env.PORT` | Specify the port on which the HTTP server should run. | + diff --git a/docs/cli/report.md b/docs/cli/report.md new file mode 100644 index 00000000..3cd2bea8 --- /dev/null +++ b/docs/cli/report.md @@ -0,0 +1,19 @@ +## 📝 Command `report` + +The `report` command generates a detailed security report for a repository in PDF format. The report can include all dependencies and can be customized with various options. + +## 📜 Syntax + +```bash +nsecure report [repository] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--theme` | `-t` | `white` | Specify the theme for the report. | +| `--includesAllDeps` | `-i` | `true` | Include all dependencies in the report. | +| `--title` | `-l` | `NodeSecure Report` | Specify the title of the report. | +| `--reporters` | `-r` | `["html"]` | Specify the format of the report (e.g., HTML, JSON). | + diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md new file mode 100644 index 00000000..9c2c9960 --- /dev/null +++ b/docs/cli/scorecard.md @@ -0,0 +1,16 @@ +## 📝 Command `scorecard` + +The `scorecard` command is used to generate an OpenSSF scorecard for a specific GIT repository or NPM package. This command evaluates the repository and provides a security score based on various criteria. + +## 📜 Syntax + +```bash +nsecure scorecard [repository] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--vcs` | | `github` | Specify the version control system (VCS) used by the repository. | + diff --git a/docs/cli/summary.md b/docs/cli/summary.md new file mode 100644 index 00000000..5b491ad0 --- /dev/null +++ b/docs/cli/summary.md @@ -0,0 +1,9 @@ +## 📝 Command `summary` + +The `summary` command is used to generate a summarized report from a JSON security report. This command provides a concise overview of the security findings. + +## 📜 Syntax + +```bash +nsecure summary [json] +``` diff --git a/docs/cli/verify.md b/docs/cli/verify.md new file mode 100644 index 00000000..24e47478 --- /dev/null +++ b/docs/cli/verify.md @@ -0,0 +1,15 @@ +## 📝 Command `verify` + +The `verify` command performs a deep analysis of a specified NPM package. It provides advanced information about the files in the tarball, including details on potential threats, file integrity, and more. + +## 📜 Syntax + +```bash +nsecure verify [package] +``` + +## ⚙️ Available Options + +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--json` | `-j` | `false` | Output the results in JSON format. |