UNPKG

@dreamhorizonorg/sentinel

Version:

Open-source, zero-dependency tool that blocks compromised packages BEFORE download. Built to counter supply chain and credential theft attacks like Shai-Hulud.

github.com/ds-horizon/sentinel

ds-horizon/sentinel

70 lines (63 loc) 4.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/** * Validation-related constants * Error messages, validation rules, and constraint values */ export const ERROR_MESSAGES = { LOCKFILE_NOT_FOUND: (path) => `❌ Lockfile not found: ${path}`, PACKAGE_JSON_NOT_FOUND: (path) => `❌ package.json not found: ${path}`, PATH_NOT_FOUND: (path) => `❌ Path not found: ${path}`, UNKNOWN_COMMAND: (command) => `❌ Unknown command: ${command}`, COMPROMISED_PACKAGES_NOT_FOUND: (path) => `Compromised packages JSON file not found at: ${path}`, FAILED_TO_LOAD_FROM_ENDPOINT: (endpoint, reason) => `Failed to load from endpoint ${endpoint}: ${reason}`, FAILED_TO_FETCH: (url, reason) => `Failed to fetch from ${url}: ${reason}`, REQUEST_TIMEOUT: (url) => `Request timeout for ${url}`, HTTP_ERROR: (statusCode, url) => `HTTP ${statusCode} from ${url}`, JSON_PARSE_ERROR: (url, reason) => `Failed to parse JSON from ${url}: ${reason}`, UPDATE_COMPROMISED_LIST_ERROR: (reason) => `❌ Error updating compromised packages list: ${reason}`, NO_PACKAGE_JSON_FILES: (path) => `⚠️ No package.json files found in ${path}`, NO_COMPROMISED_PACKAGES: 'No compromised packages found.', ERROR_READING_FILE: (path, reason) => `⚠️ Error reading ${path}: ${reason}` }; export const SUCCESS_MESSAGES = { LOCKFILE_CLEAN: '✅ Lockfile is clean', PACKAGE_JSON_CLEAN: '✅ package.json is clean', PACKAGE_SAFE: (packageName) => `✅ Package ${packageName} is safe`, PACKAGE_ADDED_TO_LIST: '✅ Package added to compromised packages list', NO_COMPROMISED_PACKAGES_IN_LOCKFILE: '✅ No compromised packages found in lockfile', NO_COMPROMISED_PACKAGES_IN_PACKAGE_JSON: '✅ No compromised packages found in package.json', REPOSITORY_CLEAN: '✅ Repository is clean' }; export const WARNING_MESSAGES = { CANNOT_UPDATE_REMOTE: '⚠️ Cannot update remote endpoint. Package detected but not saved.', PACKAGE_HAS_COMPROMISED_VERSIONS: (packageName, version, versions) => `⚠️ WARNING: Package "${packageName}" has compromised versions, but "${version}" appears safe.\n Compromised versions: ${versions.join(', ')}`, PACKAGE_VERSION_WARNING: (packageName, versionSpec) => `⚠️ WARNING: ${packageName}@${versionSpec} - package has compromised versions` }; export const INFO_MESSAGES = { // Provider-related messages PROVIDER_ERROR: (provider, error) => `[${provider}] Error: ${error}`, PROVIDER_CHECKING: (provider, packageName, version) => `[${provider}] Checking ${packageName}${version ? '@' + version : ''}...`, SCANNING_REPOSITORY: (path) => `🔍 Scanning repository: ${path}...`, CHECKING_LOCKFILE: (path) => `🔍 Checking lockfile: ${path}...`, CHECKING_PACKAGE_JSON: (path) => `🔍 Checking package.json: ${path}...`, VALIDATING_PACKAGE: (packageName) => `🔍 Validating package: ${packageName}...`, SCANNING_DIRECTORY: (path) => `🔍 Scanning directory: ${path}...`, CHECKING_NPM_AUDIT: (packageName) => `🔍 Checking npm audit for "${packageName}"...`, ADDING_TO_LIST: '📝 Adding to compromised packages list...', FOUND_PACKAGE_JSON_FILES: (count) => `📦 Found ${count} package.json file(s)\n`, SCAN_SUMMARY: '📊 Scan Summary:', COMPROMISED_PACKAGES_LIST: (count) => `\n📋 Compromised Packages (${count}):\n` }; export const BLOCKED_MESSAGES = { PACKAGE_COMPROMISED: (packageName) => `❌ BLOCKED: Package "${packageName}" is in the compromised packages list!`, PACKAGE_VERSION_COMPROMISED: (packageName, version) => `❌ BLOCKED: Package "${packageName}@${version}" is compromised!`, PACKAGE_HAS_VULNERABILITIES: (packageName, version, title, severity) => `❌ BLOCKED: Package "${packageName}${version ? '@' + version : ''}" has security vulnerabilities!\n⚠️ Vulnerability detected via npm audit: ${title}\n Severity: ${severity}`, SPECIFIC_VERSION_VULNERABLE: '⚠️ This specific version has known security vulnerabilities.', PACKAGE_VULNERABLE: '⚠️ This package has known security vulnerabilities.', USE_ALTERNATIVE: ' Please use a different version or an alternative package.', CONTACT_SECURITY: ' Please use an alternative package or contact security team.' };