aegis-scan 0.2.0

Supply chain security CLI for npm — detect malicious packages before installing
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

pub mod ast;
pub mod cve;
pub mod deptree;
pub mod diff;
pub mod hallucination;
pub mod install_scripts;
pub mod maintainer;
pub mod obfuscation;
pub mod static_code;

use std::path::PathBuf;

use crate::types::Finding;

/// Trait that all security analyzers must implement.
///
/// `files` contains (path, content) tuples for every file in the package.
/// `package_json` is the parsed package.json value.
pub trait Analyzer {
    fn analyze(
        &self,
        files: &[(PathBuf, String)],
        package_json: &serde_json::Value,
    ) -> Vec<Finding>;
}

/// Helper: truncate a string to at most `max` characters, appending "..." if truncated.
pub(crate) fn truncate(s: &str, max: usize) -> String {
    let trimmed = s.trim();
    if trimmed.chars().count() <= max {
        trimmed.to_string()
    } else {
        let truncated: String = trimmed.chars().take(max).collect();
        format!("{truncated}...")
    }
}