bun-xray-core
| Crates.io | bun-xray-core |
| lib.rs | bun-xray-core |
| version | 0.1.0 |
| created_at | 2025-12-05 19:33:04.012159+00 |
| updated_at | 2025-12-05 19:33:04.012159+00 |
| description | Core parsing and security scanning logic for bun.lockb forensic analysis |
| homepage | https://github.com/ind4skylivey/lockb-xray |
| repository | https://github.com/ind4skylivey/lockb-xray |
| max_upload_size | |
| id | 1969041 |
| size | 57,884 |
Беле Нуар Флеминг (ind4skylivey)
documentation
https://github.com/ind4skylivey/lockb-xray
README
lockb-xray
CLI forensic tool to audit Bun bun.lockb binary lockfiles for supply chain risks.
Workspace
lockb-xray/
├── Cargo.toml
├── bun-xray-core/
│ ├── Cargo.toml
│ └── src/
│ ├── lib.rs
│ ├── model.rs
│ ├── package_json.rs
│ ├── parser.rs
│ └── security.rs
└── lockb-xray-cli/
├── Cargo.toml
└── src/
└── main.rs
Install
cargo install --path lockb-xray-cli
Usage
lockb-xray audit ./bun.lockb
Example output:
$ lockb-xray audit ./bun.lockb
✅ 1,247 packages parsed
✅ No phantom dependencies
⚠️ 3 packages from untrusted registry (jsdelivr)
🚨 HIGH: express@4.18.2 integrity mismatch
JSON mode:
lockb-xray audit ./bun.lockb --json
Verbose + trailers:
lockb-xray audit ./bun.lockb --verbose --severity-threshold warn --allow-registry npmjs.org
CI integration (GitHub Actions):
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo install --path lockb-xray-cli
- run: lockb-xray audit ./bun.lockb --json --severity-threshold warn > lockb-report.json
Examples
examples/minimal/bun.lockb — lockfile sano mínimo.
examples/tampered-registry/bun.lockb — lockfile con registry alterado (evil.com) para pruebas de alerta.
Development
cargo build --workspace