0.1.0

scripts/build.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "Building app..."
+VITE_APP_VERSION=$(node -p "require('./package.json').version") npm run build
+

scripts/check.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "Running Svelte sync..."
+npx svelte-kit sync
+
+echo "Running svelte-check (fail on errors)..."
+npx svelte-check --tsconfig ./tsconfig.json
+

scripts/osv_scan.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+OSV_VERSION="${OSV_VERSION:-v2.3.1}"
+
+echo "Installing OSV-Scanner ${OSV_VERSION}..."
+curl -sSL "https://github.com/google/osv-scanner/releases/download/${OSV_VERSION}/osv-scanner_linux_amd64" -o /tmp/osv-scanner
+chmod +x /tmp/osv-scanner
+sudo mv /tmp/osv-scanner /usr/local/bin/osv-scanner
+
+echo "Running OSV-Scanner recursively..."
+OSV_JSON="$(mktemp)"
+trap 'rm -f "$OSV_JSON"' EXIT
+
+osv-scanner --recursive ./ --format json > "$OSV_JSON" || true
+
+if ! command -v jq >/dev/null 2>&1; then
+    echo "Error: jq is not installed. Please install jq to parse OSV results."
+    exit 1
+fi
+
+VULNS=$(jq -r '
+  .results[]? |
+  .source as $src |
+  .vulns[]? |
+  select(
+    (.database_specific.severity // "" | ascii_upcase | test("HIGH|CRITICAL")) or
+    (.severity[]?.score // "" | tostring | split("/")[0] | tonumber? // 0 | . >= 7.0)
+  ) |
+  "\(.id) (source: \($src))"
+' "$OSV_JSON")
+
+if [ -n "$VULNS" ]; then
+    echo "OSV scan found HIGH/CRITICAL vulnerabilities:"
+    echo "$VULNS" | while IFS= read -r line; do
+        echo " - $line"
+    done
+    exit 1
+else
+    echo "OSV scan: no HIGH/CRITICAL vulnerabilities found."
+fi
+