/** * @fileoverview Vulnerability Scanner for npm projects * @module @nahisaho/musubix-security/cve/vulnerability-scanner * * Integrates all CVE components to provide a unified vulnerability * scanning interface for npm projects. * * @requirement REQ-CVE-004 - Unified vulnerability scanning * @design DES-EPIC2-006 - Vulnerability Scanner component */ import { type NVDClientOptions } from './nvd-client.js'; import { type VersionRange } from './cpe-matcher.js'; import { type DependencyParserOptions } from './dependency-parser.js'; import type { CVSSSeverity } from '../types/cve.js'; /** * Vulnerability scanner options */ export interface VulnerabilityScannerOptions { /** NVD client options */ nvdClientOptions?: NVDClientOptions; /** Dependency parser options */ parserOptions?: DependencyParserOptions; /** Include dev dependencies in scan (default: false for production scan) */ includeDevDependencies?: boolean; /** Include transitive dependencies (default: true) */ includeTransitive?: boolean; /** Minimum CVSS score to report (default: 0) */ minCvssScore?: number; /** Severities to include (default: all) */ severities?: CVSSSeverity[]; /** Maximum concurrent NVD requests (default: 5) */ maxConcurrent?: number; /** Progress callback */ onProgress?: (progress: ScanProgress) => void; /** Custom vendor mappings for CPE matching */ vendorMappings?: Record; } /** * Scan progress information */ export interface ScanProgress { /** Current phase */ phase: 'parsing' | 'scanning' | 'matching' | 'complete'; /** Total packages to scan */ totalPackages: number; /** Packages scanned so far */ scannedPackages: number; /** Vulnerabilities found so far */ vulnerabilitiesFound: number; /** Current package being scanned */ currentPackage?: string; } /** * Detected vulnerability information */ export interface DetectedVulnerability { /** CVE ID */ cveId: string; /** Package name */ packageName: string; /** Installed package version */ installedVersion: string; /** CVE description */ description: string; /** CVSS v3.1 score */ cvssScore?: number; /** CVSS severity */ severity?: CVSSSeverity; /** CVSS vector string */ cvssVector?: string; /** Affected version range */ affectedVersions?: VersionRange; /** Fixed version (if known) */ fixedVersion?: string; /** CWE IDs */ cwes?: string[]; /** References (URLs) */ references?: string[]; /** Whether this is a direct dependency */ isDirect: boolean; /** Dependency type */ dependencyType: string; /** Published date */ publishedDate?: string; /** Last modified date */ lastModifiedDate?: string; /** Match confidence (0-1) */ confidence: number; } /** * Scan result */ export interface ScanResult { /** Project name */ projectName?: string; /** Project version */ projectVersion?: string; /** Scan timestamp */ scanTimestamp: string; /** Total packages scanned */ totalPackages: number; /** Direct dependencies count */ directDependencies: number; /** Transitive dependencies count */ transitiveDependencies: number; /** Detected vulnerabilities */ vulnerabilities: DetectedVulnerability[]; /** Summary by severity */ summary: { critical: number; high: number; medium: number; low: number; none: number; total: number; }; /** Scan duration in ms */ durationMs: number; /** Packages that failed to scan */ errors: { packageName: string; error: string; }[]; /** Warnings during scan */ warnings: string[]; } /** * Vulnerability Scanner * * @example * ```typescript * const scanner = new VulnerabilityScanner({ * nvdClientOptions: { apiKey: process.env.NVD_API_KEY }, * includeDevDependencies: false, * }); * * // Scan a project directory * const result = await scanner.scanDirectory('./my-project'); * * // Check specific packages * const vulns = await scanner.scanPackages([ * { name: 'express', version: '4.17.1' }, * { name: 'lodash', version: '4.17.20' }, * ]); * ``` */ export declare class VulnerabilityScanner { private readonly nvdClient; private readonly rateLimiter; private readonly cpeMatcher; private readonly dependencyParser; private readonly options; constructor(options?: VulnerabilityScannerOptions); /** * Scan a project directory for vulnerabilities * @param dirPath - Path to project directory * @returns Scan result with all detected vulnerabilities */ scanDirectory(dirPath: string): Promise; /** * Scan specific packages for vulnerabilities * @param packages - Packages to scan * @returns Detected vulnerabilities */ scanPackages(packages: Array<{ name: string; version: string; }>): Promise; /** * Scan a single package for vulnerabilities */ private scanPackage; /** * Match a CVE to a specific package version */ private matchCVEToPackage; /** * Create a detected vulnerability from CVE data */ private createDetectedVulnerability; /** * Filter vulnerabilities based on options */ private filterVulnerabilities; /** * Calculate summary statistics */ private calculateSummary; /** * Report progress to callback */ private reportProgress; } /** * Quick scan function for simple use cases */ export declare function scanProjectForVulnerabilities(dirPath: string, options?: VulnerabilityScannerOptions): Promise; //# sourceMappingURL=vulnerability-scanner.d.ts.map