@multisystemsuite/security-scanner

v2.1.0

Published

9 days ago

SQL injection and credential leak detection

0High
0Medium
0Low

@multisystemsuite/security-scanner

Scan SQL and source files for SQL injection patterns, dangerous DDL/DML, dynamic SQL risks, and credential leaks.

Version: 1.0.1 · License: MIT

npm readme: @multisystemsuite/security-scanner on npm

Installation

pnpm add @multisystemsuite/security-scanner

Quick start

import { SecurityScanner } from '@multisystemsuite/security-scanner';

const scanner = new SecurityScanner();

const queryFindings = scanner.scanQuery(
  "SELECT * FROM users WHERE id = '1' OR '1'='1'",
);

const fileFindings = scanner.scanSecrets('password = "supersecret"');

const all = scanner.scanAll([sql], { 'config.ts': fileContent });
const summary = scanner.getSummary(all);

API reference

`scanQuery(query: string): SecurityFinding[]`

Detects:

| Type | Severity | Examples | |------|----------|----------| | sql_injection | critical | ' OR '1'='1, UNION SELECT, -- comments | | dangerous_query | high | DROP DATABASE, TRUNCATE, GRANT ALL | | dynamic_sql | high | ${var} or string concatenation in SQL |

`scanSecrets(content: string): SecurityFinding[]`

Detects:

password = "..." / api_key = "..."
AWS key patterns (AKIA...)
MongoDB/Postgres connection strings with embedded credentials

`scanAll(queries, files?)`

Aggregates query + file scans. File findings include path in message.

`getSummary(findings)`

{ total: number; critical: number; high: number }

`SecurityFinding` shape

{
  severity: 'low' | 'medium' | 'high' | 'critical';
  type: string;
  message: string;
  query?: string;
  line?: number;
}

CI integration

db-toolkit scan -f src/config.ts

// In tests or pre-commit
const findings = scanner.scanAll(collectedQueries, readProjectFiles());
if (scanner.getSummary(findings).critical > 0) {
  process.exit(1);
}

Limitations

Static analysis only — does not execute queries. Review findings before blocking deploys; some patterns may be false positives in tests.

Related packages

See the @multisystemsuite org on npm.

npm

Package: @multisystemsuite/security-scanner
Install: npm install @multisystemsuite/security-scanner

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@multisystemsuite/security-scanner

Installation

Quick start

API reference

scanQuery(query: string): SecurityFinding[]

scanSecrets(content: string): SecurityFinding[]

scanAll(queries, files?)

getSummary(findings)

SecurityFinding shape

CI integration

Limitations

Related packages

npm

`scanQuery(query: string): SecurityFinding[]`

`scanSecrets(content: string): SecurityFinding[]`

`scanAll(queries, files?)`

`getSummary(findings)`

`SecurityFinding` shape