starred/Termix

Fork 0

mirror of https://github.com/Termix-SSH/Termix.git synced 2026-05-09 00:08:19 +02:00

[PR #546] Chore/vuln scanning #344

New issue

Open

opened 2026-05-06 12:38:16 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-06 12:38:16 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/Termix-SSH/Termix/pull/546
Author: @muchasxmaracas
Created: 2/7/2026
Status: 🔄 Open

Base: dev-2.2.0 ← Head: chore/vuln-scanning

📝 Commits (10+)

0729d28 chore: add security checks
f42029f chore: output scan results in pipeline
89a9366 chore: update npm dependencies and remove upload of SARIF to github
a0c0f24 chore: run format check/write, run type-check, run lint/fix
66ea88c chore: try node version 23.5 in gh workflow
a49d499 chore: pin versions of vuln dependencies with override and try npm ci in pr-check
ede745b chore: forgot npm install before npm ci
cdd9871 chore(ci): change npx to npm to ensure consistency with package.json
83b9564 chore: change pr-check to align exactly with package.json
a4eb283 chore(ci): try node v20 again

📊 Changes

26 files changed (+2368 additions, -3116 deletions)

View changed files

📝 .github/workflows/pr-check.yml (+6 -6)
➕ .github/workflows/sec-check.yml (+23 -0)
📝 eslint.config.js (+45 -11)
📝 package-lock.json (+2215 -3038)
📝 package.json (+8 -3)
📝 src/backend/database/routes/credentials.ts (+6 -5)
📝 src/backend/database/routes/rbac.ts (+9 -6)
📝 src/backend/database/routes/ssh.ts (+3 -2)
📝 src/backend/database/routes/users.ts (+3 -2)
📝 src/backend/ssh/docker.ts (+6 -4)
📝 src/backend/ssh/server-stats.ts (+3 -2)
📝 src/backend/ssh/terminal.ts (+1 -1)
📝 src/backend/ssh/tunnel.ts (+3 -2)
📝 src/backend/utils/auth-manager.ts (+24 -16)
📝 src/components/theme-provider.tsx (+0 -1)
📝 src/components/ui/badge.tsx (+0 -1)
📝 src/components/ui/button.tsx (+0 -1)
📝 src/components/ui/form.tsx (+0 -1)
📝 src/components/ui/sidebar.tsx (+0 -1)
📝 src/main.tsx (+0 -1)

...and 6 more files

📄 Description

Overview

[ ✅ ] Added:
Trivy dependency vulnerability scan -> .github/workflows/sec-check.yml
[ ✅] Updated:
eslint.config.js to align local linting with linting in CI job
Updated all npm dependencies and pinned two transient dependencies with HIGH + MEDIUM vulnerabilities
[ ✅] Fixed:
PR Check job

Changes Made

Added a pipeline job to scan for vulnerabilities in npm dependencies -> it is now being executed on pull request and push to main
PR Check CI job was essentially useless (local linting was fine but CI job crashed): the logic and the inclusions/exclusions in the linter config had to be updated a bit
Linting exclusions are handled in config instead of comments in code
Linting locally is now aligned with linting in the pipeline
State in HostTerminalTab was moved to top level to comply with React Hook rules
General linting and formatting applied according to config

Screenshots / Demos

Checklist

[ ✅] Code follows project style guidelines
[ n/a] Supports mobile and desktop UI/app (if applicable)
[ ✅] I have read Contributing.md
[✅ ] This is not a translation request. See docs

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/Termix-SSH/Termix/pull/546 **Author:** [@muchasxmaracas](https://github.com/muchasxmaracas) **Created:** 2/7/2026 **Status:** 🔄 Open **Base:** `dev-2.2.0` ← **Head:** `chore/vuln-scanning` --- ### 📝 Commits (10+) - [`0729d28`](https://github.com/Termix-SSH/Termix/commit/0729d2849adaf294df54fb582ef435f9145abd43) chore: add security checks - [`f42029f`](https://github.com/Termix-SSH/Termix/commit/f42029fb07b8d2dcedcc57f8eb4c0efb96667c2a) chore: output scan results in pipeline - [`89a9366`](https://github.com/Termix-SSH/Termix/commit/89a9366f8df834587b92074d7e8614e39aba66e4) chore: update npm dependencies and remove upload of SARIF to github - [`a0c0f24`](https://github.com/Termix-SSH/Termix/commit/a0c0f244922e194f120f32aeac597ebe542bf1ae) chore: run format check/write, run type-check, run lint/fix - [`66ea88c`](https://github.com/Termix-SSH/Termix/commit/66ea88c040705bc7af5b66a07600d88db3cbe7bb) chore: try node version 23.5 in gh workflow - [`a49d499`](https://github.com/Termix-SSH/Termix/commit/a49d499d74325d6d369b620b6df3636342916bf9) chore: pin versions of vuln dependencies with override and try npm ci in pr-check - [`ede745b`](https://github.com/Termix-SSH/Termix/commit/ede745bc93f458c167ecfd84446542cbbb885671) chore: forgot npm install before npm ci - [`cdd9871`](https://github.com/Termix-SSH/Termix/commit/cdd9871edf28c3fe13fb200f36ffbf0d1ca5b998) chore(ci): change npx to npm to ensure consistency with package.json - [`83b9564`](https://github.com/Termix-SSH/Termix/commit/83b9564fd3fdc0959902ecec44eb3c207dac3923) chore: change pr-check to align exactly with package.json - [`a4eb283`](https://github.com/Termix-SSH/Termix/commit/a4eb28393525868816956741b036351a0d9a9350) chore(ci): try node v20 again ### 📊 Changes **26 files changed** (+2368 additions, -3116 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/pr-check.yml` (+6 -6) ➕ `.github/workflows/sec-check.yml` (+23 -0) 📝 `eslint.config.js` (+45 -11) 📝 `package-lock.json` (+2215 -3038) 📝 `package.json` (+8 -3) 📝 `src/backend/database/routes/credentials.ts` (+6 -5) 📝 `src/backend/database/routes/rbac.ts` (+9 -6) 📝 `src/backend/database/routes/ssh.ts` (+3 -2) 📝 `src/backend/database/routes/users.ts` (+3 -2) 📝 `src/backend/ssh/docker.ts` (+6 -4) 📝 `src/backend/ssh/server-stats.ts` (+3 -2) 📝 `src/backend/ssh/terminal.ts` (+1 -1) 📝 `src/backend/ssh/tunnel.ts` (+3 -2) 📝 `src/backend/utils/auth-manager.ts` (+24 -16) 📝 `src/components/theme-provider.tsx` (+0 -1) 📝 `src/components/ui/badge.tsx` (+0 -1) 📝 `src/components/ui/button.tsx` (+0 -1) 📝 `src/components/ui/form.tsx` (+0 -1) 📝 `src/components/ui/sidebar.tsx` (+0 -1) 📝 `src/main.tsx` (+0 -1) _...and 6 more files_ </details> ### 📄 Description # Overview - [ ✅ ] Added: - Trivy dependency vulnerability scan -> `.github/workflows/sec-check.yml` - [ ✅] Updated: - `eslint.config.js` to align local linting with linting in CI job - Updated all npm dependencies and pinned two transient dependencies with HIGH + MEDIUM vulnerabilities - [ ✅] Fixed: - PR Check job # Changes Made - Added a pipeline job to scan for vulnerabilities in npm dependencies -> it is now being executed on pull request and push to main - PR Check CI job was essentially useless (local linting was fine but CI job crashed): the logic and the inclusions/exclusions in the linter config had to be updated a bit - Linting exclusions are handled in config instead of comments in code - Linting locally is now aligned with linting in the pipeline - [State in HostTerminalTab was moved to top level](https://github.com/Termix-SSH/Termix/commit/77af329afbfb1d376dc2bfb158c2219dfd7c1cd1#diff-9b62bdf4922c91ba33f69aabd306890de3bc3f5b8b3c29c5e64e45d5d55a0a14R52) to comply with React Hook rules - General linting and formatting applied according to config # Related Issues - # Screenshots / Demos - # Checklist - [ ✅] Code follows project style guidelines - [ n/a] Supports mobile and desktop UI/app (if applicable) - [ ✅] I have read [Contributing.md](https://github.com/Termix-SSH/Termix/blob/main/CONTRIBUTING.md) - [✅ ] This is not a translation request. See [docs](https://docs.termix.site/translations) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

BreizhHardware added the

pull-request

label

2026-05-06 12:38:16 +02:00

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Termix#344

No description provided.

Rows
Columns