UNPKG

@dreamhorizonorg/sentinel

Version:

Open-source, zero-dependency tool that blocks compromised packages BEFORE download. Built to counter supply chain and credential theft attacks like Shai-Hulud.

github.com/ds-horizon/sentinel

ds-horizon/sentinel

42 lines (35 loc) 1.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [1.0.0] - Unreleased ### Added - Initial release - Zero-dependency package security validation tool - Support for npm, yarn, pnpm, and bun - JSON blacklist validation (795+ compromised packages from Shai-Hulud worm) - npm audit integration - Automatic JSON updates when vulnerabilities detected - User-wide and per-repository installation options - Professional CLI interface - Lockfile validation - package.json validation - Repository scanning command - Dev dependency support - HTTP endpoint support for blacklist - Local folder support for blacklist - Vulnerability provider integration (OSV, GitHub Advisories, Snyk) - Real-time vulnerability checks before installation - Provider configuration via config file and CLI arguments - Shell alias management commands (`add aliases`, `remove aliases`) - Status command for installation verification - Init command for config file generation - Unified `scan` command with intelligent target detection - Log mode configuration (verbose, normal, quiet) ### Security - Zero external dependencies for maximum security - Uses only Node.js built-in modules - Pre-installation package validation - Custom blacklist support - Real-time vulnerability database integration - Pre-install blocking of compromised packages