{
  "name": "supply-chain-guard",
  "version": "5.5.0",
  "description": "Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 180+ threat indicators across all major lockfile formats (npm, pnpm, yarn, bun). Generates CycloneDX 1.6 SBOMs, verifies SLSA provenance, and correlates findings into attack-chain incidents.",
  "main": "dist/index.js",
  "types": "dist/index.d.ts",
  "bin": {
    "supply-chain-guard": "dist/cli.js"
  },
  "scripts": {
    "build": "tsc",
    "test": "vitest run",
    "test:coverage": "vitest run --coverage",
    "test:watch": "vitest",
    "lint": "tsc --noEmit",
    "check:changelog": "node scripts/check-changelog.mjs",
    "check:version-sync": "node scripts/check-version-sync.mjs",
    "check:handoff": "node scripts/aahp-dashboard.mjs --check",
    "handoff:refresh": "node scripts/aahp-dashboard.mjs",
    "feed:generate": "node scripts/generate-feed.mjs",
    "check:feed": "node scripts/generate-feed.mjs --check",
    "prebuild": "npm run check:changelog && npm run check:version-sync && npm run check:handoff && npm run check:feed",
    "prepublishOnly": "npm run build",
    "prepare": "tsc"
  },
  "keywords": [
    "security",
    "supply-chain",
    "malware-detection",
    "npm",
    "pypi",
    "cargo",
    "golang",
    "docker",
    "terraform",
    "glassworm",
    "shai-hulud",
    "scanner",
    "cli",
    "github-action",
    "sarif",
    "sbom",
    "slsa",
    "cyclonedx",
    "devsecops",
    "threat-intelligence"
  ],
  "author": "Elvatis <emre.kohler@elvatis.com>",
  "license": "Apache-2.0",
  "repository": {
    "type": "git",
    "url": "https://github.com/homeofe/supply-chain-guard.git"
  },
  "bugs": {
    "url": "https://github.com/homeofe/supply-chain-guard/issues"
  },
  "homepage": "https://github.com/homeofe/supply-chain-guard#readme",
  "engines": {
    "node": ">=20.0.0"
  },
  "files": [
    "dist/**/*",
    "action.yml",
    "README.md",
    "LICENSE",
    "socket.yml",
    "policy-schema.json"
  ],
  "dependencies": {
    "commander": "^14.0.3"
  },
  "devDependencies": {
    "@types/node": "^26.0.1",
    "@vitest/coverage-v8": "^4.1.9",
    "typescript": "^6.0.3",
    "vitest": "^4.1.9"
  }
}
