@dreamhorizonorg/sentinel
Version:
Open-source, zero-dependency tool that blocks compromised packages BEFORE download. Built to counter supply chain and credential theft attacks like Shai-Hulud.
75 lines (54 loc) • 1.51 kB
JavaScript
/**
* Application-wide constants
* Global configuration values used across the entire application
*/
export const APP_NAME = 'Sentinel Package Manager';
export const DEFAULT_LOG_MODE = 'normal';
export const LOG_MODES = {
VERBOSE: 'verbose',
NORMAL: 'normal',
QUIET: 'quiet'
};
export const VALID_LOG_MODES = Object.values(LOG_MODES);
export const DEFAULT_TIMEOUT_MS = 30000;
export const COMPROMISED_PACKAGES_FILENAME = 'compromised-packages.json';
export const CONFIG_FILENAMES = [
'sentinel.config.json',
'sentinel.config.js',
'sentinel.config.mjs',
'.sentinelrc',
'.sentinelrc.json',
'.sentinelrc.js',
'.sentinelrc.mjs'
];
export const DEFAULT_IGNORE_DIRS = [
'node_modules',
'.git',
'dist',
'build',
'.next',
'out'
];
export const USER_INSTALL_DIR = '.sentinel';
export const TEMP_AUDIT_DIR = '.temp-audit-check';
export const NPM_AUDIT_TIMEOUT_MS = 10000;
export const TEMP_PACKAGE_NAME = 'temp-audit-check';
export const TEMP_PACKAGE_VERSION = '1.0.0';
export const DEFAULT_VERSION_SPEC = '*';
// CVSS Score thresholds for severity classification
export const CVSS_SCORES = {
CRITICAL: 9.0,
HIGH: 7.0,
MEDIUM: 4.0
};
// Default severity when not specified
export const DEFAULT_SEVERITY = 'medium';
// HTTP default ports
export const HTTP_PORTS = {
HTTP: 80,
HTTPS: 443
};
// HTTP default method
export const HTTP_DEFAULT_METHOD = 'GET';
// npm registry URL for version resolution
export const NPM_REGISTRY_URL = 'https://registry.npmjs.org';