Add Telegram alerts, setup script, and cron registration

- setup.sh: run once after cloning to configure credentials and register cron jobs
- config.sh gitignored so credentials never enter the repo
- Both scripts notify Telegram on issues/warnings, including hostname
- Cron runs npm-security-check at 08:00 and check-nextjs-rce at 08:05 daily

npm-security-check.sh

@@ -4,6 +4,17 @@
 
 set -euo pipefail
 
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=config.sh
+source "$SCRIPT_DIR/config.sh"
+
+send_telegram() {
+    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
+        -d chat_id="${TELEGRAM_CHAT_ID}" \
+        -d text="$1" \
+        -d parse_mode="HTML" > /dev/null || true
+}
+
 HOSTNAME=$(hostname)
 DATE=$(date)
 LOGFILE="${1:-npm_security_check_${HOSTNAME}_$(date +%Y%m%d_%H%M%S).log}"
@@ -257,9 +268,17 @@ log "Results saved to : $LOGFILE"
 log ""
 if [[ $ISSUES -gt 0 ]]; then
     log "$(printf "${RED}✗ %d issue(s) found — review output above${RESET}" "$ISSUES")"
+    send_telegram "🚨 <b>Security Alert — npm-security-check</b>
+Host: <code>${HOSTNAME}</code>
+Issues: ${ISSUES} | Warnings: ${WARNINGS}
+Run manually to review: bash npm-security-check.sh"
     exit 1
 elif [[ $WARNINGS -gt 0 ]]; then
     log "$(printf "${YELLOW}⚠ Clean but %d warning(s) — review output above${RESET}" "$WARNINGS")"
+    send_telegram "⚠️ <b>Security Warning — npm-security-check</b>
+Host: <code>${HOSTNAME}</code>
+Warnings: ${WARNINGS} (no critical issues)
+Run manually to review: bash npm-security-check.sh"
     exit 0
 else
     log "$(printf "${GREEN}✓ All checks passed — no indicators of compromise${RESET}")"