package.json

{
  "name": "cve-dashboard",
  "version": "1.0.0",
  "description": "STEAM Security Dashboard — vulnerability management for NTS-AEO",
  "author": "",
  "license": "ISC",
  "private": true,
  "scripts": {
    "test": "jest --ci --forceExit backend/__tests__/",
    "test:backend": "jest --ci --forceExit backend/__tests__/",
    "test:frontend": "cd frontend && CI=true npx react-scripts test --watchAll=false --ci --forceExit"
  },
  "keywords": [],
  "dependencies": {
    "bcryptjs": "^3.0.3",
    "cookie-parser": "^1.4.7",
    "cors": "^2.8.6",
    "dotenv": "^16.6.1",
    "express": "^5.2.1",
    "express-rate-limit": "^7.5.0",
    "multer": "^2.0.2",
    "pg": "^8.20.0",
    "sqlite3": "^5.1.7"
  },
  "devDependencies": {
    "fast-check": "^4.8.0",
    "jest": "^30.3.0"
  },
  "jest": {
    "roots": [
      "<rootDir>/backend/__tests__"
    ],
    "testPathIgnorePatterns": [
      "/node_modules/",
      "integration"
    ]
  }
}
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`{`
			`"name": "cve-dashboard",`
			`"version": "1.0.0",`
release: v1.0.0 — clean README, changelog, full reference manual, dead code removal, package metadata 2026-05-01 21:11:47 +00:00			`"description": "STEAM Security Dashboard — vulnerability management for NTS-AEO",`
feat(postgres): infrastructure setup and schema creation (tasks 1-2) - Install pg (node-postgres) dependency - Create backend/db.js connection pool module (max 10, auto-reconnect) - Install Docker and spin up steam-postgres container on port 5433 - Create backend/db-schema.sql with complete Postgres DDL (24 tables) - Replace findings_json blob with ivanti_findings table (individual rows) - Merge notes/overrides into findings table columns - Add proper indexes: state, bu_ownership, severity, composite - Create backend/setup-postgres.js for idempotent schema initialization - Add DATABASE_URL to .env and .env.example - Update migration plan docs with Docker setup commands - Verify: schema executes cleanly, pool connects, 24 tables created 2026-05-05 15:47:09 -06:00			`"author": "",`
			`"license": "ISC",`
release: v1.0.0 — clean README, changelog, full reference manual, dead code removal, package metadata 2026-05-01 21:11:47 +00:00			`"private": true,`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`"scripts": {`
Add CI/CD pipeline, feedback modal, Atlas qualys_id fallback, and health endpoint - Rewrite .gitlab-ci.yml with proper stages, blocking tests, staging environment on dev box, and SSH-based production deploy to 71.85.90.6 - Add POST /api/health endpoint for pipeline verification - Add POST /atlas/hosts/:hostId/refresh-cache for Atlas cache staleness - AtlasSlideOutPanel: auto-resolve qualys_id from Atlas vulnerabilities, prefer qualys_id over active_host_findings_id, retry on failure - Add FeedbackModal component with bug report button in header and feature request in UserMenu, creates GitLab issues via /api/feedback - Fix all frontend test failures (ESM transforms, TextDecoder polyfill, fast-check resolution, App.test.js boilerplate replacement) - Fix root package.json test script to run jest - Add deploy/ directory with staging systemd service and setup script 2026-05-08 12:47:39 -06:00			`"test": "jest --ci --forceExit backend/__tests__/",`
			`"test:backend": "jest --ci --forceExit backend/__tests__/",`
			`"test:frontend": "cd frontend && CI=true npx react-scripts test --watchAll=false --ci --forceExit"`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`},`
			`"keywords": [],`
			`"dependencies": {`
added required code changes, components, and packages for login feature 2026-01-28 14:36:33 -07:00			`"bcryptjs": "^3.0.3",`
			`"cookie-parser": "^1.4.7",`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`"cors": "^2.8.6",`
Added .env configuration to remove hardcoded IP issues 2026-01-28 09:23:30 -07:00			`"dotenv": "^16.6.1",`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`"express": "^5.2.1",`
security: address audit findings C-4 through M-8 Critical: - C-4: Add express-rate-limit to login (20 attempts/15min) - C-5: Remove default credentials from LoginForm.js - C-6: Add sandbox attribute to KB document iframe High: - H-2: Hard-fail on startup if SESSION_SECRET env var is missing - H-6: Sanitize filenames in Content-Disposition headers - H-7: Fix KB upload race condition — move file after DB insert succeeds - H-8: Generate random admin password in setup.js instead of hardcoded - H-9: Add rehype-sanitize to ReactMarkdown (requires npm install) Medium: - M-4: Fix loose equality (==) to strict (===) in users.js self-checks - M-5: Add hostname format regex validation in compliance notes - M-6: Fix vendor trim-before-validate in ivantiTodoQueue.js - M-7: Sanitize original filename in compliance temp JSON - M-8: Pull CSP frame-ancestors from CORS_ORIGINS env var New dependencies needed: - backend: express-rate-limit (npm install in root) - frontend: rehype-sanitize (npm install in frontend/) 2026-04-07 10:23:10 -06:00			`"express-rate-limit": "^7.5.0",`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`"multer": "^2.0.2",`
feat(postgres): infrastructure setup and schema creation (tasks 1-2) - Install pg (node-postgres) dependency - Create backend/db.js connection pool module (max 10, auto-reconnect) - Install Docker and spin up steam-postgres container on port 5433 - Create backend/db-schema.sql with complete Postgres DDL (24 tables) - Replace findings_json blob with ivanti_findings table (individual rows) - Merge notes/overrides into findings table columns - Add proper indexes: state, bu_ownership, severity, composite - Create backend/setup-postgres.js for idempotent schema initialization - Add DATABASE_URL to .env and .env.example - Update migration plan docs with Docker setup commands - Verify: schema executes cleanly, pool connects, 24 tables created 2026-05-05 15:47:09 -06:00			`"pg": "^8.20.0",`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`"sqlite3": "^5.1.7"`
Add Atlas metrics reporting, security audit tracker, and spec documents 2026-04-24 17:30:06 +00:00			`},`
			`"devDependencies": {`
Add interactive configuration wizard for deployment setup 2026-05-13 09:40:45 -06:00			`"fast-check": "^4.8.0",`
Add Atlas metrics reporting, security audit tracker, and spec documents 2026-04-24 17:30:06 +00:00			`"jest": "^30.3.0"`
Restrict root Jest to backend/__tests__ only — stop scanning frontend Jest 30 default test discovery was finding frontend/src/*/.test.js and __tests__/ files when running from the project root. These need react-scripts (CRA's Babel config) to parse ESM imports and JSX. Added jest.roots to confine root-level Jest to backend tests only. Frontend tests run separately via react-scripts test in test-frontend. 2026-06-16 16:17:57 -06:00			`},`
			`"jest": {`
			`"roots": [`
			`"<rootDir>/backend/__tests__"`
			`],`
			`"testPathIgnorePatterns": [`
			`"/node_modules/",`
			`"integration"`
			`]`
Initial commit: CVE Dashboard v1.0 2026-01-27 04:06:03 +00:00			`}`
			`}`