Add Telegram alerts, setup script, and cron registration

- setup.sh: run once after cloning to configure credentials and register cron jobs
- config.sh gitignored so credentials never enter the repo
- Both scripts notify Telegram on issues/warnings, including hostname
- Cron runs npm-security-check at 08:00 and check-nextjs-rce at 08:05 daily

check-nextjs-rce.sh

@@ -2,6 +2,18 @@
 # Next.js CVE-2025-66478 / CVE-2025-55182 Vulnerability Checker
 # Checks if Next.js installations are vulnerable to critical RCE
 
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/config.sh"
+
+send_telegram() {
+    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
+        -d chat_id="${TELEGRAM_CHAT_ID}" \
+        -d text="$1" \
+        -d parse_mode="HTML" > /dev/null || true
+}
+
+HOSTNAME=$(hostname)
+
 echo "=== Next.js RCE Vulnerability Scanner ==="
 echo "CVE-2025-66478 / CVE-2025-55182 (CVSS 10.0)"
 echo ""
@@ -116,6 +128,11 @@ if [ $VULNERABLE -gt 0 ]; then
     echo "  npm install next@latest"
     echo "  # or"
     echo "  yarn upgrade next@15.5.7"
+    send_telegram "🚨 <b>Vulnerable Next.js Found — CVE-2025-66478</b>
+Host: <code>${HOSTNAME}</code>
+Vulnerable installations: ${VULNERABLE}
+Update to Next.js 15.5.7+ or 16.0.7+
+Run manually: bash check-nextjs-rce.sh"
     exit 1
 else
     echo -e "${GREEN}✓ All Next.js installations are safe${NC}"