UNPKG

@dreamhorizonorg/sentinel

Version:

Open-source, zero-dependency tool that blocks compromised packages BEFORE download. Built to counter supply chain and credential theft attacks like Shai-Hulud.

github.com/ds-horizon/sentinel

ds-horizon/sentinel

60 lines (53 loc) 1.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
/** * Provider Interface * All vulnerability providers must implement this interface */ /** * Vulnerability result from a provider * @typedef {Object} VulnerabilityResult * @property {boolean} found - Whether a vulnerability was found * @property {string} [severity] - Severity level (low, medium, high, critical) * @property {string} [title] - Vulnerability title/description * @property {string} [source] - Provider name * @property {string} [cve] - CVE identifier if available * @property {string} [url] - Link to vulnerability details */ /** * Provider interface * All providers must implement these methods */ export class VulnerabilityProvider { /** * Provider name * @type {string} */ name = ''; /** * Check if a package has vulnerabilities * @param {string} packageName - Package name * @param {string|null} version - Package version (optional) * @param {Object} config - Provider-specific configuration * @returns {Promise<VulnerabilityResult>} */ async check(packageName, version = null, config = {}) { throw new Error('check() method must be implemented'); } /** * Check if provider is enabled * @param {Object} config - Provider-specific configuration * @returns {boolean} */ isEnabled(config = {}) { return config.enabled !== false; } /** * Get provider configuration defaults * @returns {Object} */ getDefaultConfig() { return { enabled: true, timeout: 5000 }; } }