JSPM

@sandcheck/core

0.2.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 20
  • Score
    100M100P100Q84681F
  • License Apache-2.0

Core lookup library for Sandcheck. Loads the curated compromised-package dataset, validates it against the JSON Schema, and resolves package@version queries against it.

Package Exports

  • @sandcheck/core
  • @sandcheck/core/dataset
  • @sandcheck/core/lockfiles
  • @sandcheck/core/lookup
  • @sandcheck/core/schema
  • @sandcheck/core/types

Readme

@sandcheck/core

Core lookup library for Sandcheck. Loads the curated compromised-package dataset, validates it against the JSON Schema, and resolves package@version queries against it.

This package is the shared library powering both the sandcheck CLI and the @sandcheck/mcp server. You can also consume it directly from your own tooling.

Install

pnpm add @sandcheck/core

Quick start

import { loadDatasetFromUrl, lookupPackage } from '@sandcheck/core';

const dataset = await loadDatasetFromUrl(); // canonical raw GitHub URL
const result = lookupPackage('chalk', '5.6.1', { dataset });

if (result.status === 'compromised') {
  for (const entry of result.entries) {
    console.error(`${entry.package}@${result.version}${entry.summary}`);
  }
}

API

  • loadDatasetFromUrl(url?, options?) — fetch and validate the dataset. Defaults to the canonical raw GitHub URL.
  • loadDatasetFromFile(path) — load and validate a local dataset file.
  • validateDataset(data) — validate an already-parsed object against the JSON Schema.
  • lookupPackage(name, version, { dataset }) / lookupMany(packages, { dataset }).
  • detectAndParseLockfile(cwd) / parsePackageLock / parsePnpmLock / parseYarnLock.

The dataset shape is described by schema/compromised.schema.json and the matching TypeScript types are exported from this package.

Security posture

No install-time lifecycle scripts. ESM only. Strict TypeScript.

License

Apache-2.0.