Metadata-Version: 2.4
Name: zerotrustnpm
Version: 0.1.0
Summary: A Zero Trust Security Scanner for NPM Projects
Author-email: Achuth Chandra <achuthumd@gmail.com>
License: MIT License
        
        Copyright (c) 2025 Achuth Chandra
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/Achuth07/ZeroTrustNPM
Project-URL: Bug Tracker, https://github.com/Achuth07/ZeroTrustNPM/issues
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.7
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests>=2.31.0
Requires-Dist: jellyfish>=1.0.3
Requires-Dist: pyfiglet
Requires-Dist: rich
Dynamic: license-file

# ZeroTrustNPM

**ZeroTrustNPM** is an open-source Python-based security scanner for NPM implementing a Zero Trust philosophy. Detects supply chain attacks, typo-squatting, and integrity anomalies beyond standard CVEs. Verify every package, trust no module.

![ZeroTrustNPM Demo](assets/ZeroTrustNPM_demo.gif)

## Features

- **Vulnerability Scanning**: Checks against OSV.dev database for known vulnerabilities.
- **Typosquatting Detection**: Identifies packages with names similar to popular libraries.
- **Integrity Verification**: Compares local package integrity with remote registry data.
- **Metadata Forensics**: Analyzes package publication time and version history for suspicious activity.
- **Script Auditing**: Flags suspicious lifecycle scripts (preinstall, install, postinstall).

## Installation

You can install ZeroTrustNPM directly from source:

```bash
git clone https://github.com/Achuth07/ZeroTrustNPM.git
cd ZeroTrustNPM
pip install .
```

## Usage

Run the scanner on your project directory:

```bash
zero-trust-npm /path/to/your/npm/project
```

Or run it as a module:

```bash
python -m zerotrustnpm /path/to/your/npm/project
```

## License

MIT License
