From bc630e87c9d7ccc32b9ebab756ccb3b264d1149d Mon Sep 17 00:00:00 2001
From: hamza-hafeez82 <upvistadigital@gmail.com>
Date: Wed, 10 Jun 2026 15:22:15 +0500
Subject: [PATCH] chore: resolve vulnerabilities, add package repository
 metadata, and fix TruffleHog CI action

---
 .github/workflows/security.yml |  6 +++---
 package-lock.json              | 34 +++++++++++-----------------------
 package.json                   | 13 ++++++++++++-
 3 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index bc2b923..63cbdf0 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -56,9 +56,9 @@ jobs:
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
-          extra_args: --debug --only-verified
+          # Scan the full git log rather than a diff range — avoids the
+          # "BASE and HEAD commits are the same" failure on merge pushes
+          extra_args: --only-verified
 
   # ─── Dependency Vulnerability Scan (Trivy) ────────────────────────────────
   trivy-deps:
diff --git a/package-lock.json b/package-lock.json
index 758361e..e94fded 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,11 +1,11 @@
 {
-    "name": "cortex-cli",
+    "name": "cortex-attack",
     "version": "0.1.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
-            "name": "cortex-cli",
+            "name": "cortex-attack",
             "version": "0.1.0",
             "dependencies": {
                 "boxen": "^8.0.1",
@@ -18,7 +18,7 @@
                 "inquirer": "^10.1.8",
                 "openai": "^4.52.0",
                 "ora": "^8.0.1",
-                "uuid": "^10.0.0",
+                "uuid": "^11.1.1",
                 "which": "^4.0.0"
             },
             "bin": {
@@ -1346,14 +1346,6 @@
                 "url": "https://github.com/chalk/strip-ansi?sponsor=1"
             }
         },
-        "node_modules/os-tmpdir": {
-            "version": "1.0.2",
-            "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
-            "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==",
-            "engines": {
-                "node": ">=0.10.0"
-            }
-        },
         "node_modules/restore-cursor": {
             "version": "5.1.0",
             "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-5.1.0.tgz",
@@ -1465,14 +1457,11 @@
             }
         },
         "node_modules/tmp": {
-            "version": "0.0.33",
-            "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
-            "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
-            "dependencies": {
-                "os-tmpdir": "~1.0.2"
-            },
+            "version": "0.2.7",
+            "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.7.tgz",
+            "integrity": "sha512-e0votIpp4Uo2AJYSzVHV6xCcawuiez3DzqDAbrTc3YxBkplN6e+dM13ZeIcZnDg/QpSuU2zfZ3rzwY8ukEnaXw==",
             "engines": {
-                "node": ">=0.6.0"
+                "node": ">=14.14"
             }
         },
         "node_modules/tr46": {
@@ -1566,16 +1555,15 @@
             }
         },
         "node_modules/uuid": {
-            "version": "10.0.0",
-            "resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz",
-            "integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==",
-            "deprecated": "uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).",
+            "version": "11.1.1",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.1.tgz",
+            "integrity": "sha512-vIYxrBCC/N/K+Js3qSN88go7kIfNPssr/hHCesKCQNAjmgvYS2oqr69kIufEG+O4+PfezOH4EbIeHCfFov8ZgQ==",
             "funding": [
                 "https://github.com/sponsors/broofa",
                 "https://github.com/sponsors/ctavan"
             ],
             "bin": {
-                "uuid": "dist/bin/uuid"
+                "uuid": "dist/esm/bin/uuid"
             }
         },
         "node_modules/v8-compile-cache-lib": {
diff --git a/package.json b/package.json
index 3bfe866..d9983f2 100644
--- a/package.json
+++ b/package.json
@@ -3,6 +3,14 @@
     "version": "0.1.0",
     "description": "Terminal-native security intelligence and attack orchestration engine.",
     "main": "dist/index.js",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/Cortex-EDR/cortex-attack.git"
+    },
+    "homepage": "https://github.com/Cortex-EDR/cortex-attack#readme",
+    "bugs": {
+        "url": "https://github.com/Cortex-EDR/cortex-attack/issues"
+    },
     "bin": {
         "cortex": "dist/index.js"
     },
@@ -20,7 +28,7 @@
         "boxen": "^8.0.1",
         "figlet": "^1.7.0",
         "fs-extra": "^11.2.0",
-        "uuid": "^10.0.0",
+        "uuid": "^11.1.1",
         "dotenv": "^16.4.5",
         "inquirer": "^10.1.8",
         "cli-table3": "^0.6.5",
@@ -39,6 +47,9 @@
     "engines": {
         "node": ">=18.0.0"
     },
+    "overrides": {
+        "tmp": "^0.2.7"
+    },
     "files": [
         "dist/",
         "README.md"