Moves all automated scripts back to the repo root where setup.sh
expects them. standalone/ remains for manual-run tools.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Moves automated scan scripts and setup.sh into package/.
bind-ssh-tailscale.sh remains in standalone/ as a manual-run tool.
Updates README.md setup instructions to reflect new paths.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Places the script in standalone/ so it is excluded from setup.sh automation.
Documents manual curl-and-run usage in README.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use tee -a instead of redirect + cat, so only the current run's output
is shown rather than the entire accumulated daily log.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- README: add Scripts section explaining what check-npm-sudo-config.sh
does, what it checks, and that it is audit-only
- setup.sh: print check-npm-sudo-config log to terminal after initial scan
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Checks npm prefix ownership, PATH wiring, cache ownership, shell history
for sudo npm usage, and n/nvm version manager config. Runs daily at 08:10
via cron and on initial setup.sh run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- setup.sh: run once after cloning to configure credentials and register cron jobs
- config.sh gitignored so credentials never enter the repo
- Both scripts notify Telegram on issues/warnings, including hostname
- Cron runs npm-security-check at 08:00 and check-nextjs-rce at 08:05 daily
