From 10bcf87ad41d5b49c699b0f77301e12d6bce264e Mon Sep 17 00:00:00 2001 From: Foucsi Date: Sun, 11 Aug 2024 15:38:08 +0200 Subject: [PATCH 01/15] =?UTF-8?q?Mise=20=C3=A0=20jour=20de=20la=20document?= =?UTF-8?q?ation=20des=20commandes=20CLI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .DS_Store | Bin 0 -> 8196 bytes README.md | 21 +++++++++++++++++++++ docs/cli/auto.md | 17 +++++++++++++++++ docs/cli/config-create.md | 0 docs/cli/config.md | 0 docs/cli/cwd.md | 22 ++++++++++++++++++++++ docs/cli/from.md | 0 docs/cli/hydrate-db.md | 15 +++++++++++++++ docs/cli/lang.md | 0 docs/cli/open.md | 0 docs/cli/report.md | 0 docs/cli/scorecard.md | 0 docs/cli/summary.md | 0 docs/cli/verify.md | 0 public/.DS_Store | Bin 0 -> 6148 bytes src/.DS_Store | Bin 0 -> 6148 bytes test/.DS_Store | Bin 0 -> 6148 bytes workspaces/.DS_Store | Bin 0 -> 6148 bytes 18 files changed, 75 insertions(+) create mode 100644 .DS_Store create mode 100644 docs/cli/auto.md create mode 100644 docs/cli/config-create.md create mode 100644 docs/cli/config.md create mode 100644 docs/cli/cwd.md create mode 100644 docs/cli/from.md create mode 100644 docs/cli/hydrate-db.md create mode 100644 docs/cli/lang.md create mode 100644 docs/cli/open.md create mode 100644 docs/cli/report.md create mode 100644 docs/cli/scorecard.md create mode 100644 docs/cli/summary.md create mode 100644 docs/cli/verify.md create mode 100644 public/.DS_Store create mode 100644 src/.DS_Store create mode 100644 test/.DS_Store create mode 100644 workspaces/.DS_Store diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..1b3e19849549ea4056eb5107d5f10898ee15bb6f GIT binary patch literal 8196 zcmeHLziSjh6n>N2(^Cthq)6wYMGh6=z#`?ETmmZCq_GJmcNdc2UG^}!2v%!htNsQ4 z0~QISu(cBGY;3gfUl2P{#P7|_?Y`L`S_#6=z|1@5dvCw@zS-O5EfJ}u$)H0tPed(D zwzKE3lnlms7RHR-X~QbS({Q`9){jTyf~Vi`3U~#)0$u^HfLGvuQ2_639<7S^zCr!! z74QnwQUQKGgqUn2YZGJjqXUa>0bm1c>w(|1`~x<$HnKJ`76^tip|B=Y*%m{YaO{WH zFS0f<)`XL?&4;qg%62G9v*Y@qb|)1X>sPOUSD>f>_wE7Rpl#Zv1E+t#_kAd_QQYnJ zhH(#jt>uLmKcC!ucgw{Gf5gW-;@iObSA^2(DKG8NgnAA;UFFPj9x{h-zg9lk9131p zCe>a}KBPZcG^hs^_S`(?&L9tqNd5=y)hU09X1qnzuVqf!GO!7Y8Olu9GkdBqSWw^tuUmtV|GUJ?S zh->tnnlF8P3T_9N{O7N?Kij%z zX}uy|vX^@}{ItRRXTcmp>4&I&Oq;mVp@MVn7us*C{A5noo~7qsdQF+#-+Y}sFY4zI z=jw-7pl%8@Ou_Tq|F2Yk|F4@YzFx0DtrSo}cdfgGl5KBYD1HVzA?5}q5B5up)gf5e rh4*zk4r|+Sy%$<6vNkbRhayIY!kSM0pMMCDeTaYm^HKOwLj`^V@ozYA literal 0 HcmV?d00001 diff --git a/README.md b/README.md index cb31a362..65db9131 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,27 @@ $ nsecure open --port 8080 ``` --- + +## Documentation des Commandes + +Pour des détails complets sur chaque commande, consultez les documents suivants : + +- [Commande `cwd`](./docs/cli/cwd.md) +- [Commande `hydrate-db`](./docs/cli/hydrate-db.md) +- [Commande `from`](./docs/cli/from.md) +- [Commande `auto`](./docs/cli/auto.md) +- [Commande `open`](./docs/cli/open.md) +- [Commande `verify`](./docs/cli/verify.md) +- [Commande `summary`](./docs/cli/summary.md) +- [Commande `scorecard`](./docs/cli/scorecard.md) +- [Commande `report`](./docs/cli/report.md) +- [Commande `lang`](./docs/cli/lang.md) +- [Commande `config create`](./docs/cli/config-create.md) +- [Commande `config`](./docs/cli/config.md) + +Chaque lien vous redirige vers la documentation complète de la commande, avec des détails supplémentaires, des options, et des exemples d'utilisation. + + ##### Available options | name | shortcut | default value | description | diff --git a/docs/cli/auto.md b/docs/cli/auto.md new file mode 100644 index 00000000..397ab7de --- /dev/null +++ b/docs/cli/auto.md @@ -0,0 +1,17 @@ +# Commande `auto` + +La commande `auto` permet d'automatiser le scan d'un package ou du projet courant avec des options spécifiques. + +## Syntaxe + +```bash +nsecure auto [package] [options] +``` + +## Options + +- **`-k, --keep`** : Conserver les fichiers temporaires après l'exécution. Par défaut : `false`. + +## Description + +La commande `auto` permet d'automatiser le scan d'un package ou du projet courant avec des options spécifiques. Cette commande exécute une analyse automatique en combinant les commandes `cwd` et `from`, et peut ensuite ouvrir les résultats dans un serveur HTTP. Elle est utile pour effectuer une analyse rapide et complète en une seule commande. diff --git a/docs/cli/config-create.md b/docs/cli/config-create.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/config.md b/docs/cli/config.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/cwd.md b/docs/cli/cwd.md new file mode 100644 index 00000000..34afbf5d --- /dev/null +++ b/docs/cli/cwd.md @@ -0,0 +1,22 @@ +# Commande `cwd` + +La commande `cwd` permet d'analyser le projet situé dans le répertoire courant en utilisant les stratégies définies dans l'outil. + +## Syntaxe + +```bash +nsecure cwd [options] +``` +## Options + +- **`-n, --nolock`** : Ne pas utiliser de fichier lock (`package-lock.json` ou `yarn.lock`) pour l'analyse. Par défaut : `false`. +- **`-f, --full`** : Effectuer une analyse complète du projet, y compris toutes les dépendances. Par défaut : `false`. +- **`-d, --depth `** : Spécifie la profondeur d'analyse des dépendances. Par défaut : `4`. +- **`--silent`** : Supprime les sorties console, rendant l'exécution silencieuse. Par défaut : `false`. +- **`-o, --output `** : Spécifie le fichier de sortie pour les résultats. Par défaut : `nsecure-result`. +- **`-s, --vulnerabilityStrategy `** : Définir la stratégie de vulnérabilité à utiliser. Par défaut : `NPM_AUDIT`. + + +## Description + +La commande `cwd` scanne les dépendances du projet situé dans le répertoire courant en utilisant les options spécifiées pour détecter les vulnérabilités potentielles. Cette commande est utile pour évaluer la sécurité d'un projet Node.js en analysant les packages installés localement dans le répertoire de travail actuel. diff --git a/docs/cli/from.md b/docs/cli/from.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/hydrate-db.md b/docs/cli/hydrate-db.md new file mode 100644 index 00000000..cd658add --- /dev/null +++ b/docs/cli/hydrate-db.md @@ -0,0 +1,15 @@ +# Commande `hydrate-db` + +La commande `hydrate-db` permet de mettre à jour la base de données des vulnérabilités en téléchargeant les dernières informations disponibles. + +## Syntaxe + +```bash +nsecure hydrate-db +``` + +## Description + +Cette commande télécharge et met à jour la base de données des vulnérabilités utilisées par l'outil pour scanner les projets. Elle est essentielle pour s'assurer que les données de vulnérabilité sont à jour, ce qui améliore la précision des analyses de sécurité. + + diff --git a/docs/cli/lang.md b/docs/cli/lang.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/open.md b/docs/cli/open.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/report.md b/docs/cli/report.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/summary.md b/docs/cli/summary.md new file mode 100644 index 00000000..e69de29b diff --git a/docs/cli/verify.md b/docs/cli/verify.md new file mode 100644 index 00000000..e69de29b diff --git a/public/.DS_Store b/public/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..056776efee80d19e7bb72c7223b80e857615f3f6 GIT binary patch literal 6148 zcmeHLy-ve05I(mNDn&>gi^LEi!B#<~O01y@MU1EeE9x&u4XJ2hV9LhE%*x9!@&J7b z9)Uain%GUMZV17-vcJT4=kNTbvFieWYCjH|05t%pU?udb*c249Q_YnU_tX)U9wUbP z$++3=$I&$BEghnODDc}9pm%o*`Vd2epWOSq|F&w6;xOz@;vV)_-lNXqx%F|D_Ze*T zncmv##0d@oRnB8ddB70s9A?gXQX0Li^Rx51I=EQoRXAo8XZdaNb@KEmP4IM{4={9c zgT}FKv-24=(tOfbJBK2>!wUiNmXUY1q6q9BW)_?C`ZVR_IGZtVb@}x3@L;5$#N3%@ z{j-CNsm5J07G**a zO{n4{hSEn7vis~8FeU~~I4EAa6*DV7p(xFc@xFEk6&RFO6c7bm1C=wqKqA)OLWPvuQm1syrfq^N1#KH$K@exdX3eRUN zX-FfO5Fk4`zl+blb6%>rCL)*I=MmAAhyo18(Js^$;dLH88L5RAo!{eMI{NJ9{~gUB&wz6z5OJ{-Jj#7Ymv;28@9&13Pj%<@$d*-2Zoj?9Lc4 z2L2TTZk%Rmf=ANY+Iu*zwIRj@1`GSuf=vh}z7)fkOYt6t7uZ9d0As~k5Eh925%4sa JG6sH>fe-%^R{{V4 literal 0 HcmV?d00001 diff --git a/test/.DS_Store b/test/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..90fa7424f8f75d616fb9a592ebeefc1be8e2099b GIT binary patch literal 6148 zcmeHK!A=4(5S;>v8;l7@%p4|KcI+;3F~f95~7#=2|vJ_|KQz^@Zx89 z^-ZUNZUN)TsF@+1x6Hn_Zy(T7A~L<{uuIe-q6Cex)kazoe4pD=G<=0S8#l%o-O!M3 z$5-9{5?c%EfI9Ho9FPUzoC?bE3Vy%mMP7>7odaM(5hpLQY%necd~fz}{C2@Vv^fiN>I9!aWi8aKeO>C6ys(`-8wp%R8X@zpbpd>Xv*6T z@Bc^Z&;RvK`c55C2mX}txFHbd#yz~MdM&zCFr^!`R&+U@K(Hy<^uOD WUjS2&l^`kz{UhLP(4-Fhr~{uh!IWbF literal 0 HcmV?d00001 diff --git a/workspaces/.DS_Store b/workspaces/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..e79e0c2ac9816fa0cc0710987e03f38ea0338650 GIT binary patch literal 6148 zcmeHK!Ab)$5S?g+VnJ2}(cAt&!Ga&Kmi3^=_6KU)RTtfEwN{}D?%AUssZb}!F{rkLmbGBH^m$KC6^3*YMN$I1KT z@a?EvT>nRL!%HVeb-<}^(TGx-U{9)}#d}f;JcmtaJQMiIVKuI#(Q@wIQ?vWnsU< lpbmkt$FXkkQM?D$g0YYrz{p}@5Iqq2BcN#zBMkg11D{^es>=WX literal 0 HcmV?d00001 From 038a18bd9d790866965a4020fcad69ff86c5e186 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Sun, 11 Aug 2024 16:25:20 +0200 Subject: [PATCH 02/15] =?UTF-8?q?Apporte=20les=20modifications=20demand?= =?UTF-8?q?=C3=A9es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .DS_Store | Bin 8196 -> 8196 bytes README.md | 17 +++-------------- docs/.DS_Store | Bin 0 -> 6148 bytes docs/cli/auto.md | 19 ++++++++----------- docs/cli/config-create.md | 20 ++++++++++++++++++++ docs/cli/config.md | 26 ++++++++++++++++++++++++++ docs/cli/cwd.md | 26 +++++++++++++------------- docs/cli/hydrate-db.md | 12 +++--------- 8 files changed, 73 insertions(+), 47 deletions(-) create mode 100644 docs/.DS_Store diff --git a/.DS_Store b/.DS_Store index 1b3e19849549ea4056eb5107d5f10898ee15bb6f..4c98253d815237de77f06e91b0710614fb280406 100644 GIT binary patch delta 141 zcmZp1XmQw}DiG%%`;UQvfrUYjA)O(Up(Hoo#U&{xKM5$t@hb10X@kizM^yO~yz&JZ zhQZ1CxdlKy3=9bdo0|os8JV*0OkN-;!TLkhrM-6YUO{On>#m?I<}IeCh=}J8>lx96h$^@s?PVF74)o!+fx}O5V z9np#!x@&H_{ORs1vuW#k*|bYUs`sH#u^HQ0-?Y`0r@^8xL|fHhWhEiq9XuMe&f~ftg{3#NdTA~iy>~yn9r5IK*|8WJomg+iIes(ygu;3|;z`Sivtg{EKq$~xU}W2g^#4ovH}ij= z6uVF$6!=pL@VH*obG(xG*1^k3uTAi4_@|*(%du!H25KwDMq2Snr!L7e^4YN%Djjj9 P1LH?PbO{RuenWu|_|_*7 literal 0 HcmV?d00001 diff --git a/docs/cli/auto.md b/docs/cli/auto.md index 397ab7de..54003698 100644 --- a/docs/cli/auto.md +++ b/docs/cli/auto.md @@ -1,17 +1,14 @@ -# Commande `auto` +## ⚙️ Options -La commande `auto` permet d'automatiser le scan d'un package ou du projet courant avec des options spécifiques. +- **`-k, --keep`**: Preserve temporary files after execution. Default: `false`. -## Syntaxe +## 📝 Description -```bash -nsecure auto [package] [options] -``` +The `auto` command is designed to simplify and accelerate the security analysis of a project or package. By automatically combining the `cwd` and `from` commands, this tool allows you to quickly generate a comprehensive security report. Additionally, it can serve the results via an HTTP server for easy access and review. -## Options +## 🛠️ Available Options -- **`-k, --keep`** : Conserver les fichiers temporaires après l'exécution. Par défaut : `false`. +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|-------------------|------------------------------------------------------------------------------| +| `--keep` | `-k` | `false` | Preserve temporary files after execution. | -## Description - -La commande `auto` permet d'automatiser le scan d'un package ou du projet courant avec des options spécifiques. Cette commande exécute une analyse automatique en combinant les commandes `cwd` et `from`, et peut ensuite ouvrir les résultats dans un serveur HTTP. Elle est utile pour effectuer une analyse rapide et complète en une seule commande. diff --git a/docs/cli/config-create.md b/docs/cli/config-create.md index e69de29b..119014d4 100644 --- a/docs/cli/config-create.md +++ b/docs/cli/config-create.md @@ -0,0 +1,20 @@ +# 🛠️ Command `config create` + +The `config create` command allows you to create a new configuration file for NodeSecure. This command is useful for initializing a custom configuration tailored to your project's specific needs. + +## 📜 Syntax + +```bash +nsecure config create [configuration] [options] +``` + +## 📝 Description + +The `config create` command is designed to help you easily create a new configuration file in the current working directory or in a specified location. This is particularly useful when you need to set up NodeSecure with custom settings specific to your project. + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|-------------------|-------------------------------------------------------------------------------| +| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | + diff --git a/docs/cli/config.md b/docs/cli/config.md index e69de29b..8c07f028 100644 --- a/docs/cli/config.md +++ b/docs/cli/config.md @@ -0,0 +1,26 @@ +# ⚙️ Command `config` + +The `config` command allows you to manage the configuration files used by NodeSecure. This command can be used to either create a new configuration file or edit an existing one. + +## 📜 Syntax + +```bash +nsecure config [sub-command] [options] +``` + +## 📝 Description + +The `config` command is designed to help you manage your NodeSecure configuration files. With this command, you can create a new configuration file with the `create` sub-command, or edit an existing configuration file with the `edit` sub-command. This is useful for customizing the behavior of NodeSecure based on your specific needs. + +## ⚙️ Available Options + +### `create` Sub-command + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|-------------------|-------------------------------------------------------------------------------| +| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | + +### `edit` Sub-command + +This sub-command does not have any specific options. + diff --git a/docs/cli/cwd.md b/docs/cli/cwd.md index 34afbf5d..494cd2d0 100644 --- a/docs/cli/cwd.md +++ b/docs/cli/cwd.md @@ -1,22 +1,22 @@ -# Commande `cwd` +# 📂 Command `cwd` -La commande `cwd` permet d'analyser le projet situé dans le répertoire courant en utilisant les stratégies définies dans l'outil. +The `cwd` command allows you to scan the project located in the current working directory using the strategies defined by the tool. This command is useful for analyzing the security of a Node.js project by inspecting the dependencies installed locally in the current working directory. -## Syntaxe +## 📜 Syntax ```bash nsecure cwd [options] ``` -## Options +## 📝 Description -- **`-n, --nolock`** : Ne pas utiliser de fichier lock (`package-lock.json` ou `yarn.lock`) pour l'analyse. Par défaut : `false`. -- **`-f, --full`** : Effectuer une analyse complète du projet, y compris toutes les dépendances. Par défaut : `false`. -- **`-d, --depth `** : Spécifie la profondeur d'analyse des dépendances. Par défaut : `4`. -- **`--silent`** : Supprime les sorties console, rendant l'exécution silencieuse. Par défaut : `false`. -- **`-o, --output `** : Spécifie le fichier de sortie pour les résultats. Par défaut : `nsecure-result`. -- **`-s, --vulnerabilityStrategy `** : Définir la stratégie de vulnérabilité à utiliser. Par défaut : `NPM_AUDIT`. +The `cwd` command scans the dependencies of the project in the current working directory using the specified options to detect potential vulnerabilities. This is particularly useful for evaluating the security of a Node.js project by analyzing the packages installed in the current working directory. +## ⚙️ Available Options -## Description - -La commande `cwd` scanne les dépendances du projet situé dans le répertoire courant en utilisant les options spécifiées pour détecter les vulnérabilités potentielles. Cette commande est utile pour évaluer la sécurité d'un projet Node.js en analysant les packages installés localement dans le répertoire de travail actuel. +| **Name** | **Shortcut** | **Default Value** | **Description** | +|-------------|--------------|---------------------|------------------------------------------------------------------------------| +| `--nolock` | `-n` | `false` | Do not use a lock file (package-lock.json or yarn.lock) for the analysis. | +| `--full` | `-f` | `false` | Perform a full analysis of the project, including all dependencies. | +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | diff --git a/docs/cli/hydrate-db.md b/docs/cli/hydrate-db.md index cd658add..42120dfe 100644 --- a/docs/cli/hydrate-db.md +++ b/docs/cli/hydrate-db.md @@ -1,15 +1,9 @@ -# Commande `hydrate-db` +# 💧 Command `hydrate-db` -La commande `hydrate-db` permet de mettre à jour la base de données des vulnérabilités en téléchargeant les dernières informations disponibles. +The `hydrate-db` command is responsible for downloading and updating the vulnerability database used by the tool to scan projects. Ensuring this database is up-to-date is crucial for accurate security analysis. -## Syntaxe +## 📜 Syntax ```bash nsecure hydrate-db ``` - -## Description - -Cette commande télécharge et met à jour la base de données des vulnérabilités utilisées par l'outil pour scanner les projets. Elle est essentielle pour s'assurer que les données de vulnérabilité sont à jour, ce qui améliore la précision des analyses de sécurité. - - From 0520234bc928836ef7bbcad55f2d2c8a193ed883 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Sun, 11 Aug 2024 16:31:05 +0200 Subject: [PATCH 03/15] =?UTF-8?q?Apporte=20les=20modifications=20demand?= =?UTF-8?q?=C3=A9es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .DS_Store | Bin 8196 -> 8196 bytes README.md | 7 ------- docs/.DS_Store | Bin 6148 -> 6148 bytes docs/cli/auto.md | 9 +++++---- docs/cli/from.md | 22 ++++++++++++++++++++++ 5 files changed, 27 insertions(+), 11 deletions(-) diff --git a/.DS_Store b/.DS_Store index 4c98253d815237de77f06e91b0710614fb280406..915f0eb302d7115d7fa63bbb3b377dcfc329a40b 100644 GIT binary patch delta 120 zcmZp1XmQw}CJ@{5ih+TFg+Y%YogtHOpULY97cwqByK~6pZ&9Whe diff --git a/README.md b/README.md index 4f6af1b9..333c9c4c 100644 --- a/README.md +++ b/README.md @@ -130,13 +130,6 @@ $ nsecure auto > 👀 By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`. --- -Some options are available on both `cwd`, `from` and `auto` commands. The output option is not available for the `auto` command. - -| name | shortcut | default value | description | -| --- | --- | --- | --- | -| --depth | -d | **4** | the maximum depth we must walk (when we fetch the whole tree). | -| --output | -o | **nsecure-result** | the name that the outputted .json file will have | - ```bash $ nsecure from express -d 10 -o express-security-report ``` diff --git a/docs/.DS_Store b/docs/.DS_Store index 4f7dbab3b665f964477b8604ba4dfc39ddadaf41..f9f0d071aa79abef3c68175ae41a4437fa57722b 100644 GIT binary patch delta 63 zcmZoMXfc?uL{=h_fq{XUA( [options] +``` + +## 📝 Description + +The `from` command analyzes the specified npm package by scanning its dependencies to detect potential vulnerabilities. This is particularly useful for evaluating the security of a package you plan to include in your Node.js project. + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|-------------|--------------|---------------------|------------------------------------------------------------------------------| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--silent` | | | Suppress console output, making execution silent. | + From d31032095b5f1f42e00a35853e457122ed3aa8b2 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Mon, 12 Aug 2024 14:22:09 +0200 Subject: [PATCH 04/15] Ajout de .DS_Store au .gitignore et suppression du suivi --- .DS_Store | Bin 8196 -> 0 bytes .gitignore | 4 ++++ 2 files changed, 4 insertions(+) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 915f0eb302d7115d7fa63bbb3b377dcfc329a40b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8196 zcmeHLJ&P1U5UswQ)l~yeF}Tb@5!Vld1%nIcjyXXL3@$Md_jdQV6L)VG?^Zz&=0GtM ze}R8M!O+w|j7>~5@M0q|G7?{R*Uog$hem=h)zDo_zp8mvuV-hdAtJRp8}*2mh^T|9 z?cy;k6+`2Cmc|0_bYT_ZX}r~2A10G&$x}8&0Z~8{5Cud5QQ&`30Pk!)IyLWoi^?hr zhysmNKtCTsOl>2!skP?OfyJ}{umQHs!0$!<12$wEu}!T7f}w0EtPNG%VkjGq{gC}4 zwyCu?oD?@7ikTI6D9W(o`k`?r6jHqB_@vC~DJS;522;m5DF&yQ>lC9gb_ zdM_^@GM_A3G=K^_ejcZeAP+`d{yW`kbN&p?dCREJ7viGOeMAWjY1d|D>!*~Gb(mr;*T zvEF;M2~Pk2)w*>Ci~%v`a=v+WeqOJG=e1Vh9&Zrh($uC0P*J@ZkQ`^CGg zUMJqIx!S|yr@rPt3g!e#-$U(F+Q6L-6})pl(S2Lz=jL?jX?FgV*L1V{o3EGW$?rN( z8KOWF6=>O_mvsNXR{#CKiPA{TqCjI5P(i#NucBP;txJV3U?;@vW9p&(Qfo~J7VV<< oO*; Date: Fri, 9 Aug 2024 22:08:22 +0200 Subject: [PATCH 05/15] docs: add missing GitHub blockquotes --- README.md | 41 +++++++++++++++-------------------------- 1 file changed, 15 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 333c9c4c..3e6ff36c 100644 --- a/README.md +++ b/README.md @@ -103,37 +103,24 @@ $ nsecure open --port 8080 ### Command Documentation + For complete details on each command, refer to the following documents: -- [Commande `cwd`](./docs/cli/cwd.md) -- [Commande `hydrate-db`](./docs/cli/hydrate-db.md) -- [Commande `from`](./docs/cli/from.md) -- [Commande `auto`](./docs/cli/auto.md) -- [Commande `open`](./docs/cli/open.md) -- [Commande `verify`](./docs/cli/verify.md) -- [Commande `summary`](./docs/cli/summary.md) -- [Commande `scorecard`](./docs/cli/scorecard.md) -- [Commande `report`](./docs/cli/report.md) -- [Commande `lang`](./docs/cli/lang.md) -- [Commande `config create`](./docs/cli/config-create.md) -- [Commande `config`](./docs/cli/config.md) +- [`cwd`](./docs/cli/cwd.md) +- [`hydrate-db`](./docs/cli/hydrate-db.md) +- [`from`](./docs/cli/from.md) +- [`auto`](./docs/cli/auto.md) +- [`open`](./docs/cli/open.md) +- [`verify`](./docs/cli/verify.md) +- [`summary`](./docs/cli/summary.md) +- [`scorecard`](./docs/cli/scorecard.md) +- [`report`](./docs/cli/report.md) +- [`lang`](./docs/cli/lang.md) +- [`config create`](./docs/cli/config-create.md) +- [`config`](./docs/cli/config.md) Each link redirects you to the complete documentation of the command, with additional details, options, and usage examples. -```bash -$ nsecure auto jest - -# if no package is given to the auto command then it will run the cwd command instead of from. -$ nsecure auto -``` - -> 👀 By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`. - ---- -```bash -$ nsecure from express -d 10 -o express-security-report -``` - ## Private registry / Verdaccio NodeSecure allow you to fetch stats on private npm packages by setting up a `NODE_SECURE_TOKEN` env variable (which must contains an [npm token](https://docs.npmjs.com/creating-and-viewing-authentication-tokens)). @@ -185,6 +172,8 @@ other side will bundle and remove most of the useless files from the tarball (Li ### Why some packages don't have OSSF Scorecard ? See [Scorecard Public Data](https://github.com/ossf/scorecard#public-data): + +> [!NOTE] > We run a weekly Scorecard scan of the 1 million most critical open source projects judged by their direct dependencies and publish the results in a BigQuery public dataset. ## Contributors guide From 6d055b7a64f1b8744de712a67ee56c93eee27e92 Mon Sep 17 00:00:00 2001 From: fraxken Date: Sat, 10 Aug 2024 00:48:54 +0200 Subject: [PATCH 06/15] docs: add SLSA & publishing docs along with minor enhancements --- README.md | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 3e6ff36c..eb433adf 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Flags and emojis legends are documented [here](https://github.com/NodeSecure/fla ## Searchbar filters -Since version 0.6.0 of Node-secure the UI include a brand new searchbar that allow to search anything on the tree (graph) by multiple criteria (filters). The current available filters are: +Since version **0.6.0**, the UI includes a brand new search bar that allows you to search anything within the tree (graph) using multiple criteria (filters). The currently available filters are: - package (**the default filter if there is none**). - version (take a semver range as an argument). @@ -164,11 +164,10 @@ version: >=1.2 | 2, ext: .js, builtin: fs ## FAQ ### Why some nodes are red in the UI ? -Nodes are red when the project/package has been flagged with 🔬 `hasMinifiedCode` or ⚠️ `hasWarnings`. +Nodes are highlighted in red when the project/package is flagged with 🔬 `hasMinifiedCode` or ⚠️ `hasWarnings`. You can deactivate specific warnings in the options if desired. -### Why the node-secure package size is so different from Bundlephobia ? -Node-secure will analyze the complete size of the npm tarball with no filters or particular optimization. Bundlephobia on the -other side will bundle and remove most of the useless files from the tarball (Like the documentation, etc.). +### Why the package size is so different from Bundlephobia ? +The back-end scanner will analyze the complete size of the npm tarball without any filters or specific optimizations. In contrast, Bundlephobia will bundle the package and remove most of the unnecessary files from the tarball, such as documentation and other non-essential items. ### Why some packages don't have OSSF Scorecard ? See [Scorecard Public Data](https://github.com/ossf/scorecard#public-data): @@ -178,9 +177,9 @@ See [Scorecard Public Data](https://github.com/ossf/scorecard#public-data): ## Contributors guide -If you are a developer **wishing to contribute** to the project, you must first read the [CONTRIBUTING](./CONTRIBUTING.md) guide. +If you are a developer **looking to contribute** to the project, you must first read the [CONTRIBUTING](./CONTRIBUTING.md) guide. -If you have already cloned and installed the project with npm locally, you still need to build and bundle front-end assets using the npm `build` script: +If you have already cloned and installed the project locally with npm, you still need to build and bundle front-end assets using the npm `build` script: ```bash $ npm run build @@ -198,6 +197,20 @@ $ npm test > [!CAUTION] > If you add a feature, try adding tests for it along. +### Publishing package and SLSA + +The package is published on [NPM with provenance](https://docs.npmjs.com/generating-provenance-statements), ensuring that this project is compliant with [SLSA Level 3](https://slsa.dev/spec/v0.1/levels?ref=fossa.com) standards. The build and publication process is managed through the GitHub [npm-provenance.yml](https://github.com/NodeSecure/cli/blob/master/.github/workflows/npm-provenance.yml) workflow, which is automatically triggered upon the creation of a new release. + +To create a local version of the package using npm and Git, follow these commands: + +```bash +$ npm version [patch | minor | major] +$ git commit -am "chore: x.x.x" +$ git push origin master --tags +``` + +These commands will increment the package version, commit the changes, and push them along with the tags to the repository + ## Workspaces Click on one of the links to access the documentation of the workspace: From 5fb342c523e7c4dc39f633054ed088c1cbfd71c7 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Mon, 12 Aug 2024 14:56:28 +0200 Subject: [PATCH 07/15] Add detailed Markdown documentation for CLI commands (hydrate-db, lang, open, report, scorecard, summary, verify) --- docs/cli/hydrate-db.md | 14 +++++++++++--- docs/cli/lang.md | 7 +++++++ docs/cli/open.md | 14 ++++++++++++++ docs/cli/report.md | 17 +++++++++++++++++ docs/cli/scorecard.md | 14 ++++++++++++++ docs/cli/summary.md | 7 +++++++ docs/cli/verify.md | 13 +++++++++++++ 7 files changed, 83 insertions(+), 3 deletions(-) diff --git a/docs/cli/hydrate-db.md b/docs/cli/hydrate-db.md index 42120dfe..1e605583 100644 --- a/docs/cli/hydrate-db.md +++ b/docs/cli/hydrate-db.md @@ -1,9 +1,17 @@ -# 💧 Command `hydrate-db` +## 📝 Description -The `hydrate-db` command is responsible for downloading and updating the vulnerability database used by the tool to scan projects. Ensuring this database is up-to-date is crucial for accurate security analysis. +The `hydrate-db` command is used to hydrate the Node.js dependency database. It fetches the dependency tree and any associated vulnerabilities, storing the results in a specified output file. This command is essential for maintaining an up-to-date security report by analyzing the project's dependencies and their potential vulnerabilities. -## 📜 Syntax ```bash nsecure hydrate-db ``` + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|--------------------------|--------------|------------------------------|----------------------------------------------------------------------| +| `--depth` | `-d` | `4` | The maximum depth to walk when fetching the whole tree. | +| `--silent` | | `false` | Run the command in silent mode, suppressing output. | +| `--output` | `-o` | `nsecure-result` | Specify the output file name. | +| `--vulnerabilityStrategy`| `-s` | `vulnera.strategies.GITHUB_ADVISORY` | Specify the vulnerability strategy to use. | diff --git a/docs/cli/lang.md b/docs/cli/lang.md index e69de29b..2c3263f8 100644 --- a/docs/cli/lang.md +++ b/docs/cli/lang.md @@ -0,0 +1,7 @@ +## 📝 Description + +The `lang` command is used to set the language for the NodeSecure CLI tool. It allows users to choose their preferred language for the CLI interface. + +```bash +nsecure lang +``` diff --git a/docs/cli/open.md b/docs/cli/open.md index e69de29b..e3b7fb3b 100644 --- a/docs/cli/open.md +++ b/docs/cli/open.md @@ -0,0 +1,14 @@ +## 📝 Description + +The `open` command is used to open a security report in a local HTTP server. This allows for easy access and review of the security report through a web browser. + +```bash +nsecure open +``` + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|---------------------|----------------------------------------------------------| +| `--port` | `-p` | `process.env.PORT` | Specify the port on which the HTTP server should run. | + diff --git a/docs/cli/report.md b/docs/cli/report.md index e69de29b..597d2ffc 100644 --- a/docs/cli/report.md +++ b/docs/cli/report.md @@ -0,0 +1,17 @@ +## 📝 Description + +The `report` command is used to generate a detailed security report for a repository. This report can include all dependencies and be customized with various options such as theme, title, and format. + +```bash +nsecure report [repository] +``` + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|---------------------|--------------|---------------------------|----------------------------------------------------------| +| `--theme` | `-t` | `white` | Specify the theme for the report. | +| `--includesAllDeps` | `-i` | `true` | Include all dependencies in the report. | +| `--title` | `-l` | `NodeSecure Report` | Specify the title of the report. | +| `--reporters` | `-r` | `["html"]` | Specify the format of the report (e.g., HTML, JSON). | + diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md index e69de29b..0df9fdad 100644 --- a/docs/cli/scorecard.md +++ b/docs/cli/scorecard.md @@ -0,0 +1,14 @@ +## 📝 Description + +The `scorecard` command is used to generate a security scorecard for a specific repository. This command evaluates the repository and provides a security score based on various criteria. + +```bash +nsecure scorecard [repository] +``` + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|-------------------|---------------------------------------------------------| +| `--vcs` | | `github` | Specify the version control system (VCS) used by the repository. | + diff --git a/docs/cli/summary.md b/docs/cli/summary.md index e69de29b..880bc4fe 100644 --- a/docs/cli/summary.md +++ b/docs/cli/summary.md @@ -0,0 +1,7 @@ +## 📝 Description + +The `summary` command is used to generate a summarized report from a JSON security report. This command provides a concise overview of the security findings. + +```bash +nsecure summary [json] +``` diff --git a/docs/cli/verify.md b/docs/cli/verify.md index e69de29b..899b514c 100644 --- a/docs/cli/verify.md +++ b/docs/cli/verify.md @@ -0,0 +1,13 @@ +## 📝 Description + +The `verify` command is used to verify the integrity and security of a specific package. This command checks the package against known vulnerabilities and integrity issues. + +```bash +nsecure verify [package] +``` + +## ⚙️ Available Options + +| **Name** | **Shortcut** | **Default Value** | **Description** | +|----------|--------------|-------------------|-------------------------------------------| +| `--json` | `-j` | `false` | Output the results in JSON format. | From a0d0b9c7189ba2eb543268df05d77aaca4d6d472 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Tue, 13 Aug 2024 13:47:47 +0200 Subject: [PATCH 08/15] remove prefix 'commande' from CLI documentation link. --- README.md | 3 ++- docs/cli/hydrate-db.md | 17 ----------------- 2 files changed, 2 insertions(+), 18 deletions(-) delete mode 100644 docs/cli/hydrate-db.md diff --git a/README.md b/README.md index eb433adf..d8142eae 100644 --- a/README.md +++ b/README.md @@ -106,8 +106,8 @@ $ nsecure open --port 8080 For complete details on each command, refer to the following documents: + - [`cwd`](./docs/cli/cwd.md) -- [`hydrate-db`](./docs/cli/hydrate-db.md) - [`from`](./docs/cli/from.md) - [`auto`](./docs/cli/auto.md) - [`open`](./docs/cli/open.md) @@ -119,6 +119,7 @@ For complete details on each command, refer to the following documents: - [`config create`](./docs/cli/config-create.md) - [`config`](./docs/cli/config.md) + Each link redirects you to the complete documentation of the command, with additional details, options, and usage examples. ## Private registry / Verdaccio diff --git a/docs/cli/hydrate-db.md b/docs/cli/hydrate-db.md deleted file mode 100644 index 1e605583..00000000 --- a/docs/cli/hydrate-db.md +++ /dev/null @@ -1,17 +0,0 @@ -## 📝 Description - -The `hydrate-db` command is used to hydrate the Node.js dependency database. It fetches the dependency tree and any associated vulnerabilities, storing the results in a specified output file. This command is essential for maintaining an up-to-date security report by analyzing the project's dependencies and their potential vulnerabilities. - - -```bash -nsecure hydrate-db -``` - -## ⚙️ Available Options - -| **Name** | **Shortcut** | **Default Value** | **Description** | -|--------------------------|--------------|------------------------------|----------------------------------------------------------------------| -| `--depth` | `-d` | `4` | The maximum depth to walk when fetching the whole tree. | -| `--silent` | | `false` | Run the command in silent mode, suppressing output. | -| `--output` | `-o` | `nsecure-result` | Specify the output file name. | -| `--vulnerabilityStrategy`| `-s` | `vulnera.strategies.GITHUB_ADVISORY` | Specify the vulnerability strategy to use. | From 191c5c9c1bc9751a43940f872df5f94ab51a39b4 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Tue, 13 Aug 2024 13:53:07 +0200 Subject: [PATCH 09/15] Remove .DS_Store files from repository --- docs/.DS_Store | Bin 6148 -> 0 bytes public/.DS_Store | Bin 6148 -> 0 bytes src/.DS_Store | Bin 6148 -> 0 bytes test/.DS_Store | Bin 6148 -> 0 bytes workspaces/.DS_Store | Bin 6148 -> 0 bytes 5 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 docs/.DS_Store delete mode 100644 public/.DS_Store delete mode 100644 src/.DS_Store delete mode 100644 test/.DS_Store delete mode 100644 workspaces/.DS_Store diff --git a/docs/.DS_Store b/docs/.DS_Store deleted file mode 100644 index f9f0d071aa79abef3c68175ae41a4437fa57722b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKJx{|x47F*IBC(XM3(`&Ok@x}EDh$k>SWuN#f=a2A${-7j^U}OMW z^1Ynxcc;7|j){nu$8AY8BccK>NFTC{P4eO+yYk2s$Z|%x+O+$_sP3nLa3{2(hIY+s zpFe;8%Iw>!s++b(q`0r2%J+xUqMzMfvez%Scf;)At$*qow6IVh6bJ=Efl%OID}bIY zR@@lI8VZC0p}<7}`937LV0P>b_0xexM*yJw#;f63X9-}E05CgthKRt}s6eB#j~Hxp z#FN)$$Ij5`#CkK%@tfHv6xQ1jPg+i#4Py-jLV=+I6Wh+D|3AXNng55R*o6Y2z@Jip zr`4)j;+4F&j$TfBZGx}ipN3j3$D*wmsI3?qX~pwiU6Ngi^LEi!B#<~O01y@MU1EeE9x&u4XJ2hV9LhE%*x9!@&J7b z9)Uain%GUMZV17-vcJT4=kNTbvFieWYCjH|05t%pU?udb*c249Q_YnU_tX)U9wUbP z$++3=$I&$BEghnODDc}9pm%o*`Vd2epWOSq|F&w6;xOz@;vV)_-lNXqx%F|D_Ze*T zncmv##0d@oRnB8ddB70s9A?gXQX0Li^Rx51I=EQoRXAo8XZdaNb@KEmP4IM{4={9c zgT}FKv-24=(tOfbJBK2>!wUiNmXUY1q6q9BW)_?C`ZVR_IGZtVb@}x3@L;5$#N3%@ z{j-CNsm5J07G**a zO{n4{hSEn7vis~8FeU~~I4EAa6*DV7p(xFc@xFEk6&RFO6c7bm1C=wqKqA)OLWPvuQm1syrfq^N1#KH$K@exdX3eRUN zX-FfO5Fk4`zl+blb6%>rCL)*I=MmAAhyo18(Js^$;dLH88L5RAo!{eMI{NJ9{~gUB&wz6z5OJ{-Jj#7Ymv;28@9&13Pj%<@$d*-2Zoj?9Lc4 z2L2TTZk%Rmf=ANY+Iu*zwIRj@1`GSuf=vh}z7)fkOYt6t7uZ9d0As~k5Eh925%4sa JG6sH>fe-%^R{{V4 diff --git a/test/.DS_Store b/test/.DS_Store deleted file mode 100644 index 90fa7424f8f75d616fb9a592ebeefc1be8e2099b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK!A=4(5S;>v8;l7@%p4|KcI+;3F~f95~7#=2|vJ_|KQz^@Zx89 z^-ZUNZUN)TsF@+1x6Hn_Zy(T7A~L<{uuIe-q6Cex)kazoe4pD=G<=0S8#l%o-O!M3 z$5-9{5?c%EfI9Ho9FPUzoC?bE3Vy%mMP7>7odaM(5hpLQY%necd~fz}{C2@Vv^fiN>I9!aWi8aKeO>C6ys(`-8wp%R8X@zpbpd>Xv*6T z@Bc^Z&;RvK`c55C2mX}txFHbd#yz~MdM&zCFr^!`R&+U@K(Hy<^uOD WUjS2&l^`kz{UhLP(4-Fhr~{uh!IWbF diff --git a/workspaces/.DS_Store b/workspaces/.DS_Store deleted file mode 100644 index e79e0c2ac9816fa0cc0710987e03f38ea0338650..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK!Ab)$5S?g+VnJ2}(cAt&!Ga&Kmi3^=_6KU)RTtfEwN{}D?%AUssZb}!F{rkLmbGBH^m$KC6^3*YMN$I1KT z@a?EvT>nRL!%HVeb-<}^(TGx-U{9)}#d}f;JcmtaJQMiIVKuI#(Q@wIQ?vWnsU< lpbmkt$FXkkQM?D$g0YYrz{p}@5Iqq2BcN#zBMkg11D{^es>=WX From ae8afe2b6e7b3ae7f16a1396e52917bf99964517 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Wed, 14 Aug 2024 13:49:16 +0200 Subject: [PATCH 10/15] docs: harmonize available options across commands - Updated auto.md to include missing common options (--silent, --output) - Ensured consistency in the documentation of options across from, cwd, and auto commands - Centralized common options for easier maintenance and readability --- docs/cli/auto.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/cli/auto.md b/docs/cli/auto.md index 98b7620c..15f0fe89 100644 --- a/docs/cli/auto.md +++ b/docs/cli/auto.md @@ -8,8 +8,12 @@ The `auto` command is designed to simplify and accelerate the security analysis ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|-----------|--------------|---------------------|------------------------------------------------------------------------| -| `--depth` | `-d` | **4** | The maximum depth we must walk (when we fetch the whole tree). | +| **Name** | **Shortcut** | **Default Value** | **Description** | +|------------|--------------|---------------------|---------------------------------------------------------------------------| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--keep` | `-k` | `false` | Preserve temporary files after execution. | + From 2105df68ee13814c7d69afda3a1c640ad39b7458 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Wed, 14 Aug 2024 13:54:29 +0200 Subject: [PATCH 11/15] docs: remove outdated sections from README.md - Removed the port configuration example from the CLI options table - Removed outdated IMPORTANT note about the auto command in README.md --- README.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README.md b/README.md index 779694db..29c19c99 100644 --- a/README.md +++ b/README.md @@ -104,18 +104,8 @@ $ nsecure open --port 8080 ### Command Documentation -| name | shortcut | default value | description | -| --- | --- | --- | --- | -| --port | -p | 0 | Define the running port, can also be define through the environment variable `PORT` | - - - For complete details on each command, refer to the following documents: -> [!IMPORTANT] -> By default with the auto command the .json file is deleted when the http server is closed. It's possible to disable this behavior by using the CLI option `--keep`, `-k`. - - - [`cwd`](./docs/cli/cwd.md) - [`from`](./docs/cli/from.md) - [`auto`](./docs/cli/auto.md) From 3afec7f5147ab9c43ca410ecb60f7ad1f94976b4 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Thu, 15 Aug 2024 16:15:55 +0200 Subject: [PATCH 12/15] Standardize documentation formatting: - Updated `scorecard` command description to include NPM packages and clarify use of OpenSSF scorecard. - Removed unnecessary spaces in documentation. - Standardized the presentation of options in the `auto` command documentation to match other commands. --- README.md | 1 - docs/cli/auto.md | 12 +++++++----- docs/cli/scorecard.md | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 29c19c99..abece2c4 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,6 @@ $ nsecure open $ nsecure open --port 8080 ``` - ### Command Documentation For complete details on each command, refer to the following documents: diff --git a/docs/cli/auto.md b/docs/cli/auto.md index 15f0fe89..7fd6be57 100644 --- a/docs/cli/auto.md +++ b/docs/cli/auto.md @@ -1,6 +1,11 @@ -## ⚙️ Options +# 🚀 Command `auto` -- **`-k, --keep`**: Preserve temporary files after execution. Default: `false`. +The `auto` command is designed to simplify and accelerate the security analysis of a project or package. By automatically combining the `cwd` and `from` commands, this tool allows you to quickly generate a comprehensive security report. Additionally, it can serve the results via an HTTP server for easy access and review. + + +```bash +nsecure auto [options] +``` ## 📝 Description @@ -14,6 +19,3 @@ The `auto` command is designed to simplify and accelerate the security analysis | `--silent` | | | Suppress console output, making execution silent. | | `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | | `--keep` | `-k` | `false` | Preserve temporary files after execution. | - - - diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md index 0df9fdad..eb112953 100644 --- a/docs/cli/scorecard.md +++ b/docs/cli/scorecard.md @@ -1,6 +1,6 @@ ## 📝 Description -The `scorecard` command is used to generate a security scorecard for a specific repository. This command evaluates the repository and provides a security score based on various criteria. +The `scorecard` command is used to generate an OpenSSF scorecard for a specific GIT repository or NPM package. This command evaluates the repository and provides a security score based on various criteria. ```bash nsecure scorecard [repository] From 23134bb04b1732336b570d5b7fb872db76cc8718 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Fri, 16 Aug 2024 21:30:40 +0200 Subject: [PATCH 13/15] file standardization --- docs/cli/auto.md | 5 +---- docs/cli/config-create.md | 4 ---- docs/cli/config.md | 4 ---- docs/cli/cwd.md | 3 --- docs/cli/from.md | 4 ---- docs/cli/lang.md | 4 +++- docs/cli/open.md | 4 +++- docs/cli/report.md | 4 +++- docs/cli/scorecard.md | 4 +++- docs/cli/summary.md | 4 +++- docs/cli/verify.md | 4 +++- 11 files changed, 19 insertions(+), 25 deletions(-) diff --git a/docs/cli/auto.md b/docs/cli/auto.md index 7fd6be57..2f28a9f7 100644 --- a/docs/cli/auto.md +++ b/docs/cli/auto.md @@ -2,15 +2,12 @@ The `auto` command is designed to simplify and accelerate the security analysis of a project or package. By automatically combining the `cwd` and `from` commands, this tool allows you to quickly generate a comprehensive security report. Additionally, it can serve the results via an HTTP server for easy access and review. +## 📜 Syntax ```bash nsecure auto [options] ``` -## 📝 Description - -The `auto` command is designed to simplify and accelerate the security analysis of a project or package. By automatically combining the `cwd` and `from` commands, this tool allows you to quickly generate a comprehensive security report. Additionally, it can serve the results via an HTTP server for easy access and review. - ## ⚙️ Available Options | **Name** | **Shortcut** | **Default Value** | **Description** | diff --git a/docs/cli/config-create.md b/docs/cli/config-create.md index 119014d4..33ebc400 100644 --- a/docs/cli/config-create.md +++ b/docs/cli/config-create.md @@ -8,10 +8,6 @@ The `config create` command allows you to create a new configuration file for No nsecure config create [configuration] [options] ``` -## 📝 Description - -The `config create` command is designed to help you easily create a new configuration file in the current working directory or in a specified location. This is particularly useful when you need to set up NodeSecure with custom settings specific to your project. - ## ⚙️ Available Options | **Name** | **Shortcut** | **Default Value** | **Description** | diff --git a/docs/cli/config.md b/docs/cli/config.md index 8c07f028..c86e9066 100644 --- a/docs/cli/config.md +++ b/docs/cli/config.md @@ -8,10 +8,6 @@ The `config` command allows you to manage the configuration files used by NodeSe nsecure config [sub-command] [options] ``` -## 📝 Description - -The `config` command is designed to help you manage your NodeSecure configuration files. With this command, you can create a new configuration file with the `create` sub-command, or edit an existing configuration file with the `edit` sub-command. This is useful for customizing the behavior of NodeSecure based on your specific needs. - ## ⚙️ Available Options ### `create` Sub-command diff --git a/docs/cli/cwd.md b/docs/cli/cwd.md index 494cd2d0..e138b02d 100644 --- a/docs/cli/cwd.md +++ b/docs/cli/cwd.md @@ -7,9 +7,6 @@ The `cwd` command allows you to scan the project located in the current working ```bash nsecure cwd [options] ``` -## 📝 Description - -The `cwd` command scans the dependencies of the project in the current working directory using the specified options to detect potential vulnerabilities. This is particularly useful for evaluating the security of a Node.js project by analyzing the packages installed in the current working directory. ## ⚙️ Available Options diff --git a/docs/cli/from.md b/docs/cli/from.md index 48c8b14e..e1922167 100644 --- a/docs/cli/from.md +++ b/docs/cli/from.md @@ -8,10 +8,6 @@ The `from` command allows you to run a security analysis on a specific npm packa nsecure from [options] ``` -## 📝 Description - -The `from` command analyzes the specified npm package by scanning its dependencies to detect potential vulnerabilities. This is particularly useful for evaluating the security of a package you plan to include in your Node.js project. - ## ⚙️ Available Options | **Name** | **Shortcut** | **Default Value** | **Description** | diff --git a/docs/cli/lang.md b/docs/cli/lang.md index 2c3263f8..a52a9385 100644 --- a/docs/cli/lang.md +++ b/docs/cli/lang.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `lang` The `lang` command is used to set the language for the NodeSecure CLI tool. It allows users to choose their preferred language for the CLI interface. +## 📜 Syntax + ```bash nsecure lang ``` diff --git a/docs/cli/open.md b/docs/cli/open.md index e3b7fb3b..962b6be3 100644 --- a/docs/cli/open.md +++ b/docs/cli/open.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `open` The `open` command is used to open a security report in a local HTTP server. This allows for easy access and review of the security report through a web browser. +## 📜 Syntax + ```bash nsecure open ``` diff --git a/docs/cli/report.md b/docs/cli/report.md index 597d2ffc..2c57537d 100644 --- a/docs/cli/report.md +++ b/docs/cli/report.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `report` The `report` command is used to generate a detailed security report for a repository. This report can include all dependencies and be customized with various options such as theme, title, and format. +## 📜 Syntax + ```bash nsecure report [repository] ``` diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md index eb112953..3410ee30 100644 --- a/docs/cli/scorecard.md +++ b/docs/cli/scorecard.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `scorecard` The `scorecard` command is used to generate an OpenSSF scorecard for a specific GIT repository or NPM package. This command evaluates the repository and provides a security score based on various criteria. +## 📜 Syntax + ```bash nsecure scorecard [repository] ``` diff --git a/docs/cli/summary.md b/docs/cli/summary.md index 880bc4fe..5b491ad0 100644 --- a/docs/cli/summary.md +++ b/docs/cli/summary.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `summary` The `summary` command is used to generate a summarized report from a JSON security report. This command provides a concise overview of the security findings. +## 📜 Syntax + ```bash nsecure summary [json] ``` diff --git a/docs/cli/verify.md b/docs/cli/verify.md index 899b514c..22186b61 100644 --- a/docs/cli/verify.md +++ b/docs/cli/verify.md @@ -1,7 +1,9 @@ -## 📝 Description +## 📝 Command `verify` The `verify` command is used to verify the integrity and security of a specific package. This command checks the package against known vulnerabilities and integrity issues. +## 📜 Syntax + ```bash nsecure verify [package] ``` From 53bd2e26ee33872135c73648a463b531461e50c7 Mon Sep 17 00:00:00 2001 From: Foucsi Date: Sat, 17 Aug 2024 08:41:50 +0200 Subject: [PATCH 14/15] Addressed review comments - multiple fixes applied --- README.md | 2 +- docs/cli/auto.md | 16 ++++++++-------- docs/cli/config-create.md | 16 ---------------- docs/cli/config.md | 8 ++++---- docs/cli/cwd.md | 16 ++++++++-------- docs/cli/from.md | 10 +++++----- docs/cli/lang.md | 2 +- docs/cli/open.md | 13 ++++++++----- docs/cli/report.md | 14 +++++++------- docs/cli/scorecard.md | 6 +++--- docs/cli/verify.md | 8 ++++---- 11 files changed, 49 insertions(+), 62 deletions(-) delete mode 100644 docs/cli/config-create.md diff --git a/README.md b/README.md index abece2c4..ac9fda4c 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ For complete details on each command, refer to the following documents: - [`scorecard`](./docs/cli/scorecard.md) - [`report`](./docs/cli/report.md) - [`lang`](./docs/cli/lang.md) -- [`config create`](./docs/cli/config-create.md) +- [`config create`](./docs/cli/config.md) - [`config`](./docs/cli/config.md) diff --git a/docs/cli/auto.md b/docs/cli/auto.md index 2f28a9f7..88469720 100644 --- a/docs/cli/auto.md +++ b/docs/cli/auto.md @@ -1,18 +1,18 @@ # 🚀 Command `auto` -The `auto` command is designed to simplify and accelerate the security analysis of a project or package. By automatically combining the `cwd` and `from` commands, this tool allows you to quickly generate a comprehensive security report. Additionally, it can serve the results via an HTTP server for easy access and review. +The `auto` command combines the `cwd` and `from` commands to analyze and explore a local project or remote NPM packages in the WebUI. ## 📜 Syntax ```bash -nsecure auto [options] +nsecure auto [spec] ``` ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|------------|--------------|---------------------|---------------------------------------------------------------------------| -| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | -| `--silent` | | | Suppress console output, making execution silent. | -| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | -| `--keep` | `-k` | `false` | Preserve temporary files after execution. | +| Name | Shortcut | Default Value | Description | +|---|---|---|--| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--keep` | `-k` | `false` | Preserve temporary files after execution. | diff --git a/docs/cli/config-create.md b/docs/cli/config-create.md deleted file mode 100644 index 33ebc400..00000000 --- a/docs/cli/config-create.md +++ /dev/null @@ -1,16 +0,0 @@ -# 🛠️ Command `config create` - -The `config create` command allows you to create a new configuration file for NodeSecure. This command is useful for initializing a custom configuration tailored to your project's specific needs. - -## 📜 Syntax - -```bash -nsecure config create [configuration] [options] -``` - -## ⚙️ Available Options - -| **Name** | **Shortcut** | **Default Value** | **Description** | -|----------|--------------|-------------------|-------------------------------------------------------------------------------| -| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | - diff --git a/docs/cli/config.md b/docs/cli/config.md index c86e9066..d14746ff 100644 --- a/docs/cli/config.md +++ b/docs/cli/config.md @@ -1,6 +1,6 @@ # ⚙️ Command `config` -The `config` command allows you to manage the configuration files used by NodeSecure. This command can be used to either create a new configuration file or edit an existing one. +The `config` command allows you to manage the `.nodesecurerc` configuration file, which is used by NodeSecure components to customize their behavior. You can use this command to create a new configuration file or edit the existing one. ## 📜 Syntax @@ -12,9 +12,9 @@ nsecure config [sub-command] [options] ### `create` Sub-command -| **Name** | **Shortcut** | **Default Value** | **Description** | -|----------|--------------|-------------------|-------------------------------------------------------------------------------| -| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--cwd` | `-c` | `false` | Create the configuration file in the current working directory instead of the default location. | ### `edit` Sub-command diff --git a/docs/cli/cwd.md b/docs/cli/cwd.md index e138b02d..779a8cc7 100644 --- a/docs/cli/cwd.md +++ b/docs/cli/cwd.md @@ -1,6 +1,6 @@ # 📂 Command `cwd` -The `cwd` command allows you to scan the project located in the current working directory using the strategies defined by the tool. This command is useful for analyzing the security of a Node.js project by inspecting the dependencies installed locally in the current working directory. +The `cwd` command scans the project in the current working directory using the `package.json` and `package-lock.json` files, and stores the analysis results in a JSON file. You can then share this JSON or explore it in the WebUI using the `open` command. ## 📜 Syntax @@ -10,10 +10,10 @@ nsecure cwd [options] ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|-------------|--------------|---------------------|------------------------------------------------------------------------------| -| `--nolock` | `-n` | `false` | Do not use a lock file (package-lock.json or yarn.lock) for the analysis. | -| `--full` | `-f` | `false` | Perform a full analysis of the project, including all dependencies. | -| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | -| `--silent` | | | Suppress console output, making execution silent. | -| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--nolock` | `-n` | `false` | Do not use a lock file (package-lock.json or yarn.lock) for the analysis. | +| `--full` | `-f` | `false` | Perform a full analysis of the project, including all dependencies. | +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--silent` | | | Suppress console output, making execution silent. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | diff --git a/docs/cli/from.md b/docs/cli/from.md index e1922167..0d8fbab7 100644 --- a/docs/cli/from.md +++ b/docs/cli/from.md @@ -10,9 +10,9 @@ nsecure from [options] ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|-------------|--------------|---------------------|------------------------------------------------------------------------------| -| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | -| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | -| `--silent` | | | Suppress console output, making execution silent. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--depth` | `-d` | `4` | Specify the depth of dependency analysis. | +| `--output` | `-o` | `nsecure-result` | Specify the output file for the results. | +| `--silent` | | | Suppress console output, making execution silent. | diff --git a/docs/cli/lang.md b/docs/cli/lang.md index a52a9385..e8109167 100644 --- a/docs/cli/lang.md +++ b/docs/cli/lang.md @@ -1,6 +1,6 @@ ## 📝 Command `lang` -The `lang` command is used to set the language for the NodeSecure CLI tool. It allows users to choose their preferred language for the CLI interface. +The `lang` command allows you to set your preferred language. Use this command to customize the language used in the CLI or Web interfaces ## 📜 Syntax diff --git a/docs/cli/open.md b/docs/cli/open.md index 962b6be3..e890b800 100644 --- a/docs/cli/open.md +++ b/docs/cli/open.md @@ -1,16 +1,19 @@ ## 📝 Command `open` -The `open` command is used to open a security report in a local HTTP server. This allows for easy access and review of the security report through a web browser. +The `open` command reads a specified JSON payload and starts a local HTTP server. This allows you to explore dependencies, their metrics, and potential threats directly in your web browser. ## 📜 Syntax ```bash -nsecure open +nsecure open [json] ``` +>[!NOTE] +> If the `[json]` property is omitted, the command will default to searching for a `nsecure-result.json` file in the current working directory. +> ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|----------|--------------|---------------------|----------------------------------------------------------| -| `--port` | `-p` | `process.env.PORT` | Specify the port on which the HTTP server should run. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--port` | `-p` | `process.env.PORT` | Specify the port on which the HTTP server should run. | diff --git a/docs/cli/report.md b/docs/cli/report.md index 2c57537d..3cd2bea8 100644 --- a/docs/cli/report.md +++ b/docs/cli/report.md @@ -1,6 +1,6 @@ ## 📝 Command `report` -The `report` command is used to generate a detailed security report for a repository. This report can include all dependencies and be customized with various options such as theme, title, and format. +The `report` command generates a detailed security report for a repository in PDF format. The report can include all dependencies and can be customized with various options. ## 📜 Syntax @@ -10,10 +10,10 @@ nsecure report [repository] ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|---------------------|--------------|---------------------------|----------------------------------------------------------| -| `--theme` | `-t` | `white` | Specify the theme for the report. | -| `--includesAllDeps` | `-i` | `true` | Include all dependencies in the report. | -| `--title` | `-l` | `NodeSecure Report` | Specify the title of the report. | -| `--reporters` | `-r` | `["html"]` | Specify the format of the report (e.g., HTML, JSON). | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--theme` | `-t` | `white` | Specify the theme for the report. | +| `--includesAllDeps` | `-i` | `true` | Include all dependencies in the report. | +| `--title` | `-l` | `NodeSecure Report` | Specify the title of the report. | +| `--reporters` | `-r` | `["html"]` | Specify the format of the report (e.g., HTML, JSON). | diff --git a/docs/cli/scorecard.md b/docs/cli/scorecard.md index 3410ee30..9c2c9960 100644 --- a/docs/cli/scorecard.md +++ b/docs/cli/scorecard.md @@ -10,7 +10,7 @@ nsecure scorecard [repository] ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|----------|--------------|-------------------|---------------------------------------------------------| -| `--vcs` | | `github` | Specify the version control system (VCS) used by the repository. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--vcs` | | `github` | Specify the version control system (VCS) used by the repository. | diff --git a/docs/cli/verify.md b/docs/cli/verify.md index 22186b61..24e47478 100644 --- a/docs/cli/verify.md +++ b/docs/cli/verify.md @@ -1,6 +1,6 @@ ## 📝 Command `verify` -The `verify` command is used to verify the integrity and security of a specific package. This command checks the package against known vulnerabilities and integrity issues. +The `verify` command performs a deep analysis of a specified NPM package. It provides advanced information about the files in the tarball, including details on potential threats, file integrity, and more. ## 📜 Syntax @@ -10,6 +10,6 @@ nsecure verify [package] ## ⚙️ Available Options -| **Name** | **Shortcut** | **Default Value** | **Description** | -|----------|--------------|-------------------|-------------------------------------------| -| `--json` | `-j` | `false` | Output the results in JSON format. | +| Name | Shortcut | Default Value | Description | +|---|---|---|---| +| `--json` | `-j` | `false` | Output the results in JSON format. | From 1aef2282169eb86cb4eae2078853f91bc0f4465f Mon Sep 17 00:00:00 2001 From: "Thomas.G" Date: Sat, 17 Aug 2024 17:43:38 +0200 Subject: [PATCH 15/15] Update docs/cli/open.md --- docs/cli/open.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/cli/open.md b/docs/cli/open.md index e890b800..70983e01 100644 --- a/docs/cli/open.md +++ b/docs/cli/open.md @@ -8,6 +8,9 @@ The `open` command reads a specified JSON payload and starts a local HTTP server nsecure open [json] ``` +> [!NOTE] +> If the `[json]` property is omitted, the command will default to searching for a `nsecure-result.json` file in the current working directory. + >[!NOTE] > If the `[json]` property is omitted, the command will default to searching for a `nsecure-result.json` file in the current working directory. >