@aspect-guard/core 0.4.0 → 0.5.1

package/dist/index.d.ts

@@ -160,15 +160,57 @@ declare class ExtensionGuardScanner {
     private hashDatabase;
     constructor(options?: Partial<ScanOptions>);
     scan(options?: Partial<ScanOptions>): Promise<FullScanReport>;
+    /**
+     * Scan multiple extensions concurrently with a configurable pool size.
+     * Uses a simple semaphore pattern to limit concurrent operations.
+     */
+    private scanExtensionsConcurrently;
     private scanExtension;
     private calculateTrustScore;
     private calculateRiskLevel;
     private calculateSummary;
 }
 
+/**
+ * IDE extension paths organized by IDE name.
+ * Each IDE has multiple possible paths to support:
+ * - Different OS (Windows, macOS, Linux)
+ * - Different installation methods (user, system, portable)
+ * - Remote development scenarios (SSH, WSL, containers)
+ *
+ * Paths use these placeholders:
+ * - ~ : User home directory
+ * - %USERPROFILE% : Windows user profile
+ * - %APPDATA% : Windows AppData/Roaming
+ * - %LOCALAPPDATA% : Windows AppData/Local
+ *
+ * References:
+ * - https://code.visualstudio.com/docs/editor/extension-marketplace
+ * - https://code.visualstudio.com/docs/remote/troubleshooting
+ * - https://vscodium.com/
+ * - https://zed.dev/docs/extensions/installing-extensions
+ */
 declare const IDE_PATHS: Record<string, string[]>;
+/**
+ * Expand path placeholders to actual paths
+ */
 declare function expandPath(inputPath: string): string;
+/**
+ * Detect all installed IDE extension paths
+ */
 declare function detectIDEPaths(): DetectedIDE[];
+/**
+ * Get list of all supported IDE names
+ */
+declare function getSupportedIDEs(): string[];
+/**
+ * Check if a specific IDE is installed
+ */
+declare function isIDEInstalled(ideName: string): boolean;
+/**
+ * Get the extension path for a specific IDE
+ */
+declare function getIDEExtensionPath(ideName: string): string | null;
 
 declare function readExtension(extensionPath: string): Promise<ExtensionInfo | null>;
 declare function readExtensionsFromDirectory(directoryPath: string): Promise<ExtensionInfo[]>;
@@ -710,6 +752,6 @@ declare function generateBaseline(_extensionPaths: string[], _outputPath?: strin
     errors: string[];
 }>;
 
-declare const VERSION = "0.4.0";
+declare const VERSION = "0.5.1";
 
-export { ALL_POPULAR_EXTENSIONS, type AdjustFindingsOptions, type AuditReport, type BundleDetectionResult, DETECTION_RULES, type DetectedIDE, type DetectionRule, type Evidence, type ExtensionCategory, ExtensionGuardScanner, type ExtensionHash, type ExtensionInfo, type ExtensionManifest, type Finding, type FindingCategory, type FullScanReport, type HashDatabase, IDE_PATHS, type InspectOptions, type IntegrityInfo, type IntegrityResult, type IntegrityStatus, JsonReporter, MEGA_POPULAR_EXTENSIONS, MarkdownReporter, POPULAR_EXTENSIONS, type PolicyAction, type PolicyConfig, PolicyEngine, type PolicyRules, type PolicyViolation, type PopularExtension, type Reporter, type ReporterOptions, type RiskLevel, RuleEngine, type RuleEngineOptions, SEVERITY_ORDER, SarifReporter, type ScanOptions, type ScanResult, type ScanSummary, type Severity, TRUSTED_EXTENSION_IDS, TRUSTED_PUBLISHERS, VERIFIED_PUBLISHERS, VERSION, addHash, adjustFindings, categorizeExtension, clearHashCache, collectFiles, compareSeverity, computeExtensionHashes, createHashRecord, detectBundle, detectIDEPaths, expandPath, generateBaseline, getDefaultDatabasePath, getHash, getPopularityTier, isAtLeastSeverity, isBundleOutputPath, isMegaPopular, isPopular, isTrustedExtension, isTrustedPublisher, isVerifiedPublisher, loadHashDatabase, loadPolicyConfig, readExtension, readExtensionsFromDirectory, registerBuiltInRules, ruleRegistry, saveHashDatabase, sha256, shouldCollectFile, shouldReduceSeverityForBundle, verifyIntegrity };
+export { ALL_POPULAR_EXTENSIONS, type AdjustFindingsOptions, type AuditReport, type BundleDetectionResult, DETECTION_RULES, type DetectedIDE, type DetectionRule, type Evidence, type ExtensionCategory, ExtensionGuardScanner, type ExtensionHash, type ExtensionInfo, type ExtensionManifest, type Finding, type FindingCategory, type FullScanReport, type HashDatabase, IDE_PATHS, type InspectOptions, type IntegrityInfo, type IntegrityResult, type IntegrityStatus, JsonReporter, MEGA_POPULAR_EXTENSIONS, MarkdownReporter, POPULAR_EXTENSIONS, type PolicyAction, type PolicyConfig, PolicyEngine, type PolicyRules, type PolicyViolation, type PopularExtension, type Reporter, type ReporterOptions, type RiskLevel, RuleEngine, type RuleEngineOptions, SEVERITY_ORDER, SarifReporter, type ScanOptions, type ScanResult, type ScanSummary, type Severity, TRUSTED_EXTENSION_IDS, TRUSTED_PUBLISHERS, VERIFIED_PUBLISHERS, VERSION, addHash, adjustFindings, categorizeExtension, clearHashCache, collectFiles, compareSeverity, computeExtensionHashes, createHashRecord, detectBundle, detectIDEPaths, expandPath, generateBaseline, getDefaultDatabasePath, getHash, getIDEExtensionPath, getPopularityTier, getSupportedIDEs, isAtLeastSeverity, isBundleOutputPath, isIDEInstalled, isMegaPopular, isPopular, isTrustedExtension, isTrustedPublisher, isVerifiedPublisher, loadHashDatabase, loadPolicyConfig, readExtension, readExtensionsFromDirectory, registerBuiltInRules, ruleRegistry, saveHashDatabase, sha256, shouldCollectFile, shouldReduceSeverityForBundle, verifyIntegrity };

package/dist/index.js

@@ -22,27 +22,151 @@ import * as fs from "fs";
 import * as os from "os";
 import * as path from "path";
 var IDE_PATHS = {
-  "VS Code": ["~/.vscode/extensions"],
-  "VS Code Insiders": ["~/.vscode-insiders/extensions"],
+  // VS Code - Standard installation
+  "VS Code": [
+    // Linux & macOS
+    "~/.vscode/extensions",
+    // Windows
+    "%USERPROFILE%/.vscode/extensions",
+    "%USERPROFILE%\\.vscode\\extensions"
+  ],
+  // VS Code Insiders - Preview builds
+  "VS Code Insiders": [
+    // Linux & macOS
+    "~/.vscode-insiders/extensions",
+    // Windows
+    "%USERPROFILE%/.vscode-insiders/extensions",
+    "%USERPROFILE%\\.vscode-insiders\\extensions"
+  ],
+  // VS Code Server - Remote SSH connections
   "VS Code Server": ["~/.vscode-server/extensions"],
-  Cursor: ["~/.cursor/extensions"],
-  Windsurf: ["~/.windsurf/extensions"],
-  Trae: ["~/.trae/extensions"],
-  VSCodium: ["~/.vscode-oss/extensions"]
+  // VS Code Server Insiders - Remote SSH for Insiders
+  "VS Code Server Insiders": ["~/.vscode-server-insiders/extensions"],
+  // Cursor - AI-powered code editor (VS Code fork)
+  // https://cursor.com
+  Cursor: [
+    // Linux & macOS
+    "~/.cursor/extensions",
+    // Windows
+    "%USERPROFILE%/.cursor/extensions",
+    "%USERPROFILE%\\.cursor\\extensions",
+    // macOS alternate location
+    "~/Library/Application Support/Cursor/User/extensions"
+  ],
+  // Cursor Server - Remote Cursor connections
+  "Cursor Server": ["~/.cursor-server/extensions"],
+  // Windsurf - Codeium AI IDE (VS Code fork)
+  // https://codeium.com/windsurf
+  Windsurf: [
+    // Linux & macOS
+    "~/.windsurf/extensions",
+    // Windows
+    "%USERPROFILE%/.windsurf/extensions",
+    "%USERPROFILE%\\.windsurf\\extensions",
+    // macOS alternate location
+    "~/Library/Application Support/Windsurf/extensions"
+  ],
+  // Windsurf Server - Remote Windsurf connections
+  "Windsurf Server": ["~/.windsurf-server/extensions"],
+  // Trae - ByteDance AI IDE (VS Code fork)
+  // https://www.trae.ai / https://www.marscode.com
+  Trae: [
+    // Linux & macOS
+    "~/.trae/extensions",
+    // Windows
+    "%USERPROFILE%/.trae/extensions",
+    "%USERPROFILE%\\.trae\\extensions"
+  ],
+  // VSCodium - Open source VS Code without telemetry
+  // https://vscodium.com
+  VSCodium: [
+    // Linux & macOS
+    "~/.vscode-oss/extensions",
+    // Windows
+    "%USERPROFILE%/.vscode-oss/extensions",
+    "%USERPROFILE%\\.vscode-oss\\extensions",
+    // Flatpak installation (Linux)
+    "~/.var/app/com.vscodium.codium/data/codium/extensions"
+  ],
+  // VSCodium Insiders
+  "VSCodium Insiders": [
+    "~/.vscode-oss-insiders/extensions",
+    "%USERPROFILE%/.vscode-oss-insiders/extensions"
+  ],
+  // Code - OSS (open source build from Microsoft repo)
+  "Code - OSS": ["~/.config/Code - OSS/extensions", "~/.vscode-oss/extensions"],
+  // Positron - Posit's data science IDE (VS Code fork)
+  // https://github.com/posit-dev/positron
+  Positron: [
+    "~/.positron/extensions",
+    "%USERPROFILE%/.positron/extensions",
+    "~/Library/Application Support/Positron/extensions"
+  ],
+  // Theia - Eclipse Theia IDE (VS Code compatible)
+  // https://theia-ide.org
+  Theia: ["~/.theia/extensions", "%USERPROFILE%/.theia/extensions"],
+  // OpenVSCode Server - Web-based VS Code
+  // https://github.com/gitpod-io/openvscode-server
+  "OpenVSCode Server": ["~/.openvscode-server/extensions"],
+  // code-server - VS Code in the browser
+  // https://github.com/coder/code-server
+  "code-server": ["~/.local/share/code-server/extensions", "~/.config/code-server/extensions"],
+  // GitHub Codespaces (when accessed locally)
+  "GitHub Codespaces": ["~/.codespaces/.vscode-remote/extensions"],
+  // Gitpod
+  Gitpod: ["/workspace/.gitpod/extensions", "~/.gitpod/extensions"],
+  // DevPod
+  DevPod: ["~/.devpod/extensions"]
+  // Lapce - Lightning-fast native code editor (has its own extension format but partially compatible)
+  // https://lapce.dev
+  // Note: Lapce uses a different extension format, included for future compatibility
+  // Lapce: [
+  //   '~/.lapce/plugins',
+  //   '~/Library/Application Support/Lapce/plugins',
+  // ],
+  // Zed - High-performance editor (different extension format, not VS Code compatible)
+  // https://zed.dev
+  // Note: Zed uses its own extension format, not VS Code compatible
+  // Included as reference for potential future support
+  // Zed: [
+  //   '~/Library/Application Support/Zed/extensions',
+  //   '~/.local/share/zed/extensions',
+  // ],
 };
 function expandPath(inputPath) {
-  if (inputPath.startsWith("~")) {
-    return path.join(os.homedir(), inputPath.slice(1));
-  }
-  if (inputPath.includes("%USERPROFILE%")) {
-    return inputPath.replace("%USERPROFILE%", os.homedir());
+  let result = inputPath;
+  const home = os.homedir();
+  if (result.startsWith("~/")) {
+    result = path.join(home, result.slice(2));
+  } else if (result.startsWith("~\\")) {
+    result = path.join(home, result.slice(2));
+  } else if (result === "~") {
+    result = home;
+  }
+  if (process.platform === "win32") {
+    result = result.replace(/%USERPROFILE%/gi, home);
+    result = result.replace(
+      /%APPDATA%/gi,
+      process.env.APPDATA || path.join(home, "AppData", "Roaming")
+    );
+    result = result.replace(
+      /%LOCALAPPDATA%/gi,
+      process.env.LOCALAPPDATA || path.join(home, "AppData", "Local")
+    );
+  } else {
+    result = result.replace(/%USERPROFILE%/gi, home);
   }
-  return inputPath;
+  return path.normalize(result);
 }
 function countExtensions(dirPath) {
   try {
     const entries = fs.readdirSync(dirPath, { withFileTypes: true });
-    return entries.filter((entry) => entry.isDirectory()).length;
+    return entries.filter((entry) => {
+      if (!entry.isDirectory()) return false;
+      if (entry.name.startsWith(".")) return false;
+      if (entry.name === "node_modules") return false;
+      return true;
+    }).length;
   } catch {
     return 0;
   }
@@ -53,17 +177,42 @@ function detectIDEPaths() {
     for (const idePath of paths) {
       const expandedPath = expandPath(idePath);
       if (fs.existsSync(expandedPath)) {
-        detected.push({
-          name: ideName,
-          path: expandedPath,
-          extensionCount: countExtensions(expandedPath)
-        });
-        break;
+        const extensionCount = countExtensions(expandedPath);
+        if (extensionCount > 0) {
+          detected.push({
+            name: ideName,
+            path: expandedPath,
+            extensionCount
+          });
+          break;
+        }
       }
     }
   }
   return detected;
 }
+function getSupportedIDEs() {
+  return Object.keys(IDE_PATHS);
+}
+function isIDEInstalled(ideName) {
+  const paths = IDE_PATHS[ideName];
+  if (!paths) return false;
+  return paths.some((p) => {
+    const expanded = expandPath(p);
+    return fs.existsSync(expanded) && countExtensions(expanded) > 0;
+  });
+}
+function getIDEExtensionPath(ideName) {
+  const paths = IDE_PATHS[ideName];
+  if (!paths) return null;
+  for (const p of paths) {
+    const expanded = expandPath(p);
+    if (fs.existsSync(expanded)) {
+      return expanded;
+    }
+  }
+  return null;
+}
 
 // src/scanner/extension-reader.ts
 import * as fs2 from "fs/promises";
@@ -641,7 +790,11 @@ var EXPECTED_BEHAVIORS = {
     {
       // SCM extensions may spawn git processes
       ruleIds: ["EG-CRIT-002"],
-      matchedPatterns: ["child_process-exec", "child_process-execSync", "child_process-spawn-shell"]
+      matchedPatterns: [
+        "child_process-exec",
+        "child_process-execSync",
+        "child_process-spawn-shell"
+      ]
     }
   ],
   debugger: [
@@ -1996,9 +2149,7 @@ var ExtensionGuardScanner = class {
       minSeverity: this.options.severity
     });
     if (this.options.verifyIntegrity) {
-      this.hashDatabase = loadHashDatabase(
-        this.options.hashDatabasePath || void 0
-      );
+      this.hashDatabase = loadHashDatabase(this.options.hashDatabasePath || void 0);
     }
   }
   async scan(options) {
@@ -2027,11 +2178,8 @@ var ExtensionGuardScanner = class {
       }
       ide.extensionCount = allExtensions[i].length;
     }
-    const results = [];
-    for (const { ext } of extensionMap.values()) {
-      const result = await this.scanExtension(ext);
-      results.push(result);
-    }
+    const extensions = Array.from(extensionMap.values()).map(({ ext }) => ext);
+    const results = await this.scanExtensionsConcurrently(extensions, mergedOptions.concurrency);
     const summary = this.calculateSummary(results);
     return {
       scanId: randomUUID2(),
@@ -2048,6 +2196,29 @@ var ExtensionGuardScanner = class {
       scanDurationMs: Date.now() - startTime
     };
   }
+  /**
+   * Scan multiple extensions concurrently with a configurable pool size.
+   * Uses a simple semaphore pattern to limit concurrent operations.
+   */
+  async scanExtensionsConcurrently(extensions, concurrency) {
+    const results = new Array(extensions.length);
+    let currentIndex = 0;
+    const worker = async () => {
+      while (currentIndex < extensions.length) {
+        const index = currentIndex++;
+        const ext = extensions[index];
+        if (ext) {
+          results[index] = await this.scanExtension(ext);
+        }
+      }
+    };
+    const workers = Array.from(
+      { length: Math.min(concurrency, extensions.length) },
+      () => worker()
+    );
+    await Promise.all(workers);
+    return results.filter((r) => r !== void 0);
+  }
   async scanExtension(ext) {
     const startTime = Date.now();
     const files = await collectFiles(ext.installPath);
@@ -2124,9 +2295,7 @@ var ExtensionGuardScanner = class {
     return Math.max(0, Math.min(100, score));
   }
   calculateRiskLevel(trustScore, findings) {
-    const realFindings = findings.filter(
-      (f) => !f.description?.includes("[Downgraded:")
-    );
+    const realFindings = findings.filter((f) => !f.description?.includes("[Downgraded:"));
     if (realFindings.some((f) => f.severity === "critical")) {
       return "critical";
     }
@@ -2847,7 +3016,7 @@ var PolicyEngine = class {
 };
 
 // src/index.ts
-var VERSION = "0.4.0";
+var VERSION = "0.5.1";
 export {
   ALL_POPULAR_EXTENSIONS,
   DETECTION_RULES,
@@ -2879,9 +3048,12 @@ export {
   generateBaseline,
   getDefaultDatabasePath,
   getHash,
+  getIDEExtensionPath,
   getPopularityTier,
+  getSupportedIDEs,
   isAtLeastSeverity,
   isBundleOutputPath,
+  isIDEInstalled,
   isMegaPopular,
   isPopular,
   isTrustedExtension,