@clear-capabilities/agentic-security-scanner 0.78.0 → 0.79.0

package/bin/.agentic-security/findings.json

@@ -1,7 +1,7 @@
 {
-  "scanId": "0c2c7713-e7de-4bc9-ab48-f6473ad81d9f",
-  "startedAt": "2026-05-27T11:23:10.965Z",
-  "durationMs": 278,
+  "scanId": "bb8f9491-46eb-4ec6-a21b-df7b0a436001",
+  "startedAt": "2026-05-28T14:16:52.841Z",
+  "durationMs": 320,
   "scanned": {
     "files": 7,
     "lines": 0
@@ -759,7 +759,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "toctou-fs:agentic-security.js:362",
+      "id": "toctou-fs:agentic-security.js:367",
       "kind": "sast",
       "severity": "medium",
       "vuln": "TOCTOU: file existence/permission check before open",
@@ -767,7 +767,7 @@
       "owaspLlm": null,
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 362,
+      "line": 367,
       "snippet": "if (args.flags['since-baseline'] && fs.existsSync(baselinePath)) {",
       "fix": null,
       "reachable": false,
@@ -848,7 +848,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:362` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:367` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "stableId": "ba3080b44d262d10",
       "confidenceTier": "medium",
@@ -981,7 +981,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "toctou-fs:agentic-security.js:1136",
+      "id": "toctou-fs:agentic-security.js:1151",
       "kind": "sast",
       "severity": "medium",
       "vuln": "TOCTOU: file existence/permission check before open",
@@ -989,7 +989,7 @@
       "owaspLlm": null,
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 1136,
+      "line": 1151,
       "snippet": "const st = fs.statSync(abs);",
       "fix": null,
       "reachable": false,
@@ -1070,7 +1070,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:1136` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:1151` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "stableId": "17f63a600e3a68b4",
       "confidenceTier": "medium",
@@ -1701,14 +1701,14 @@
       "family": null
     },
     {
-      "id": "logic:agentic-security.js:362:TOCTOU:_existsSync_followed_by_file_op",
+      "id": "logic:agentic-security.js:367:TOCTOU:_existsSync_followed_by_file_op",
       "kind": "logic",
       "severity": "medium",
       "vuln": "TOCTOU: existsSync followed by file op",
       "cwe": "CWE-367",
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 362,
+      "line": 367,
       "snippet": "if (args.flags['since-baseline'] && fs.existsSync(baselinePath)) {",
       "fix": {
         "description": "Replace the check-then-act sequence with a single atomic operation (e.g., `fs.open` with appropriate flags). Between `existsSync` and the file op the file can be replaced by a symlink or removed.",
@@ -1778,7 +1778,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: existsSync followed by file op on `agentic-security.js:362` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: existsSync followed by file op on `agentic-security.js:367` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "parser": "LOGIC",
       "family": null
@@ -1787,7 +1787,7 @@
   "bundles": [],
   "routes": [],
   "components": [],
-  "suppressedCount": 39,
+  "suppressedCount": 42,
   "blastRadiusSignals": {
     "industry": "generic",
     "industryConfidence": "low",
@@ -1805,7 +1805,7 @@
   "_v3": {
     "counterfactual": {
       "spofControls": [],
-      "controlsDetected": 118
+      "controlsDetected": 119
     },
     "threatModel": {
       "summary": {
@@ -1854,13 +1854,13 @@
           {
             "vuln": "TOCTOU: file existence/permission check before open",
             "file": "agentic-security.js",
-            "line": 362,
+            "line": 367,
             "severity": "medium"
           },
           {
             "vuln": "TOCTOU: file existence/permission check before open",
             "file": "agentic-security.js",
-            "line": 1136,
+            "line": 1151,
             "severity": "medium"
           }
         ],

package/bin/.agentic-security/last-scan.json

@@ -1,7 +1,7 @@
 {
-  "scanId": "0c2c7713-e7de-4bc9-ab48-f6473ad81d9f",
-  "startedAt": "2026-05-27T11:23:10.965Z",
-  "durationMs": 278,
+  "scanId": "bb8f9491-46eb-4ec6-a21b-df7b0a436001",
+  "startedAt": "2026-05-28T14:16:52.841Z",
+  "durationMs": 320,
   "scanned": {
     "files": 7,
     "lines": 0
@@ -759,7 +759,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "toctou-fs:agentic-security.js:362",
+      "id": "toctou-fs:agentic-security.js:367",
       "kind": "sast",
       "severity": "medium",
       "vuln": "TOCTOU: file existence/permission check before open",
@@ -767,7 +767,7 @@
       "owaspLlm": null,
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 362,
+      "line": 367,
       "snippet": "if (args.flags['since-baseline'] && fs.existsSync(baselinePath)) {",
       "fix": null,
       "reachable": false,
@@ -848,7 +848,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:362` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:367` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "stableId": "ba3080b44d262d10",
       "confidenceTier": "medium",
@@ -981,7 +981,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "toctou-fs:agentic-security.js:1136",
+      "id": "toctou-fs:agentic-security.js:1151",
       "kind": "sast",
       "severity": "medium",
       "vuln": "TOCTOU: file existence/permission check before open",
@@ -989,7 +989,7 @@
       "owaspLlm": null,
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 1136,
+      "line": 1151,
       "snippet": "const st = fs.statSync(abs);",
       "fix": null,
       "reachable": false,
@@ -1070,7 +1070,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:1136` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: file existence/permission check before open on `agentic-security.js:1151` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "stableId": "17f63a600e3a68b4",
       "confidenceTier": "medium",
@@ -1701,14 +1701,14 @@
       "family": null
     },
     {
-      "id": "logic:agentic-security.js:362:TOCTOU:_existsSync_followed_by_file_op",
+      "id": "logic:agentic-security.js:367:TOCTOU:_existsSync_followed_by_file_op",
       "kind": "logic",
       "severity": "medium",
       "vuln": "TOCTOU: existsSync followed by file op",
       "cwe": "CWE-367",
       "stride": "Tampering",
       "file": "agentic-security.js",
-      "line": 362,
+      "line": 367,
       "snippet": "if (args.flags['since-baseline'] && fs.existsSync(baselinePath)) {",
       "fix": {
         "description": "Replace the check-then-act sequence with a single atomic operation (e.g., `fs.open` with appropriate flags). Between `existsSync` and the file op the file can be replaced by a symlink or removed.",
@@ -1778,7 +1778,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
-        "narrative": "TOCTOU: existsSync followed by file op on `agentic-security.js:362` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
+        "narrative": "TOCTOU: existsSync followed by file op on `agentic-security.js:367` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
       },
       "parser": "LOGIC",
       "family": null
@@ -1787,7 +1787,7 @@
   "bundles": [],
   "routes": [],
   "components": [],
-  "suppressedCount": 39,
+  "suppressedCount": 42,
   "blastRadiusSignals": {
     "industry": "generic",
     "industryConfidence": "low",
@@ -1805,7 +1805,7 @@
   "_v3": {
     "counterfactual": {
       "spofControls": [],
-      "controlsDetected": 118
+      "controlsDetected": 119
     },
     "threatModel": {
       "summary": {
@@ -1854,13 +1854,13 @@
           {
             "vuln": "TOCTOU: file existence/permission check before open",
             "file": "agentic-security.js",
-            "line": 362,
+            "line": 367,
             "severity": "medium"
           },
           {
             "vuln": "TOCTOU: file existence/permission check before open",
             "file": "agentic-security.js",
-            "line": 1136,
+            "line": 1151,
             "severity": "medium"
           }
         ],

package/bin/.agentic-security/last-scan.json.sig

@@ -1 +1 @@
-1a7a7e91a1b09ea956d4e722c3d9df15e8c662dba64e487bdc6f8ba875fd48b9
+5bb921912d508574fede241a7e16cd7ac261f415b200e9eff04093fa70426dd1

package/bin/.agentic-security/scan-history.json

@@ -111,5 +111,56 @@
       "toctou-fs:agentic-security.js:1136",
       "toctou-fs:agentic-security.js:362"
     ]
+  },
+  {
+    "timestamp": "2026-05-28T14:13:54.951Z",
+    "label": "scan",
+    "total": 5,
+    "critical": 0,
+    "high": 0,
+    "medium": 5,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "toctou-fs:agentic-security-audit.js:55",
+      "toctou-fs:agentic-security-consistency.js:44",
+      "toctou-fs:agentic-security-consistency.js:66",
+      "toctou-fs:agentic-security.js:1141",
+      "toctou-fs:agentic-security.js:362"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T14:16:39.437Z",
+    "label": "scan",
+    "total": 5,
+    "critical": 0,
+    "high": 0,
+    "medium": 5,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "toctou-fs:agentic-security-audit.js:55",
+      "toctou-fs:agentic-security-consistency.js:44",
+      "toctou-fs:agentic-security-consistency.js:66",
+      "toctou-fs:agentic-security.js:1146",
+      "toctou-fs:agentic-security.js:367"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T14:16:53.162Z",
+    "label": "scan",
+    "total": 5,
+    "critical": 0,
+    "high": 0,
+    "medium": 5,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "toctou-fs:agentic-security-audit.js:55",
+      "toctou-fs:agentic-security-consistency.js:44",
+      "toctou-fs:agentic-security-consistency.js:66",
+      "toctou-fs:agentic-security.js:1151",
+      "toctou-fs:agentic-security.js:367"
+    ]
   }
 ]

package/bin/.agentic-security/streak.json

@@ -1,12 +1,12 @@
 {
   "firstScanDate": "2026-05-26T04:00:10.482Z",
-  "lastScanDate": "2026-05-27T11:23:11.268Z",
-  "totalScans": 7,
-  "daysCleanCritical": 2,
-  "lastCleanDate": "2026-05-27",
+  "lastScanDate": "2026-05-28T14:16:53.192Z",
+  "totalScans": 10,
+  "daysCleanCritical": 3,
+  "lastCleanDate": "2026-05-28",
   "lastCriticalDate": null,
   "hasEverHadCritical": false,
-  "bestDaysCleanCritical": 2,
+  "bestDaysCleanCritical": 3,
   "totalFindingsAtFirstScan": 11,
   "totalFindingsAtLastScan": 13,
   "totalFixesInferred": 0,

package/bin/agentic-security.js

@@ -269,6 +269,11 @@ function renderV3Blocks(scan, flags) {
 // Always-on machine output (R2). Vibecoder gets JSON only; pro gets JSON+SARIF+CSV.
 async function writeMachineOutput(targetAbs, scan, meta, profile) {
   const stateDir = path.join(targetAbs, '.agentic-security');
+  const { isSafeStateDir: _isSafe } = await import('../src/posture/state-dir.js');
+  if (!_isSafe(stateDir)) {
+    if (process.env.AGENTIC_SECURITY_DEBUG === '1') process.stderr.write(`[agentic-security] refusing to write machine output at ${stateDir} — no project marker\n`);
+    return;
+  }
   await fsp.mkdir(stateDir, { recursive: true });
   // Always JSON (used by /security-fix and /security-report).
   await fsp.writeFile(path.join(stateDir, 'findings.json'),
@@ -495,14 +500,19 @@ async function cmdScan(args) {
   else process.stdout.write(body + '\n');
 
   // Persist last scan for /security-fix and /security-report
+  const { isSafeStateDir: _isSafeStateDir } = await import('../src/posture/state-dir.js');
   const stateDir = path.join(path.resolve(target), '.agentic-security');
-  await fsp.mkdir(stateDir, { recursive: true });
-  const persistedScan = toJSON(scan, meta);
-  const lastScanBody = JSON.stringify(persistedScan, null, 2);
-  await fsp.writeFile(path.join(stateDir, 'last-scan.json'), lastScanBody);
-  try {
-    await fsp.writeFile(path.join(stateDir, 'last-scan.json.sig'), _signLastScan(lastScanBody));
-  } catch { /* non-fatal — sig file is best-effort */ }
+  if (_isSafeStateDir(stateDir)) {
+    await fsp.mkdir(stateDir, { recursive: true });
+    const persistedScan = toJSON(scan, meta);
+    const lastScanBody = JSON.stringify(persistedScan, null, 2);
+    await fsp.writeFile(path.join(stateDir, 'last-scan.json'), lastScanBody);
+    try {
+      await fsp.writeFile(path.join(stateDir, 'last-scan.json.sig'), _signLastScan(lastScanBody));
+    } catch { /* non-fatal — sig file is best-effort */ }
+  } else {
+    if (process.env.AGENTIC_SECURITY_DEBUG === '1') process.stderr.write(`[agentic-security] refusing to write state at ${stateDir} — no project marker in ${path.resolve(target)}\n`);
+  }
 
   // 0.14.0 — update streak / achievements after every full scan. Suppress
   // streak side effects when the user only wants raw JSON output (CI piping).
@@ -587,6 +597,11 @@ async function cmdCi(args) {
 
   // Persist the three CI artifacts.
   const stateDir = path.join(targetAbs, '.agentic-security');
+  const { isSafeStateDir: _isSafeCi } = await import('../src/posture/state-dir.js');
+  if (!_isSafeCi(stateDir)) {
+    if (process.env.AGENTIC_SECURITY_DEBUG === '1') process.stderr.write(`[agentic-security] refusing to write CI artifacts at ${stateDir} — no project marker\n`);
+    return;
+  }
   await fsp.mkdir(stateDir, { recursive: true });
   await fsp.writeFile(path.join(stateDir, 'findings.json'),
     JSON.stringify(toJSON(scan, meta), null, 2));

package/dist/178.index.js

@@ -13,7 +13,7 @@ export const modules = {
 /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
 /* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3024);
 /* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6760);
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(8636);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(6048);
 // Time-travel + counterfactual scanning (v0.68).
 //
 // Two new modes that exploit the pure-input shape of runFullScan:

package/dist/384.index.js

@@ -8,7 +8,7 @@ export const modules = {
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   scanCredentials: () => (/* reexport safe */ _engine_js__WEBPACK_IMPORTED_MODULE_0__.Sv)
 /* harmony export */ });
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(8636);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(6048);
 // Secrets submodule view of the engine — credential + entropy + TODO scanning.
 
 

package/dist/476.index.js

@@ -11,6 +11,7 @@ export const modules = {
 /* unused harmony export _internals */
 /* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(3024);
 /* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6760);
+/* harmony import */ var _state_dir_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(1174);
 // Auto-rule synthesis from repeated FPs (FR-LEARN-6).
 //
 // Reads `.agentic-security/triage-feedback.json` (populated by the /triage
@@ -27,13 +28,11 @@ export const modules = {
 
 
 
-const TRIAGE_PATH = node_path__WEBPACK_IMPORTED_MODULE_1__.join('.agentic-security', 'triage-feedback.json');
-const PROPOSED_DIR = node_path__WEBPACK_IMPORTED_MODULE_1__.join('.agentic-security', 'rules-proposed');
 
 const DEFAULT_FP_THRESHOLD = 5;
 
 function _readTriage(scanRoot) {
-  const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot || process.cwd(), TRIAGE_PATH);
+  const fp = (0,_state_dir_js__WEBPACK_IMPORTED_MODULE_2__/* .statePath */ .BQ)(scanRoot, 'triage-feedback.json');
   if (!node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(fp)) return null;
   try { return JSON.parse(node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(fp, 'utf8')); } catch { return null; }
 }
@@ -100,7 +99,8 @@ function synthesizeRules(scanRoot, opts = {}) {
     groups.get(k).push(e);
   }
   const proposals = [];
-  const dir = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot || process.cwd(), PROPOSED_DIR);
+  const dir = (0,_state_dir_js__WEBPACK_IMPORTED_MODULE_2__/* .statePath */ .BQ)(scanRoot, 'rules-proposed');
+  if (!opts.dryRun && !(0,_state_dir_js__WEBPACK_IMPORTED_MODULE_2__.isSafeStateDir)(node_path__WEBPACK_IMPORTED_MODULE_1__.dirname(dir))) return [];
   for (const [, group] of groups) {
     if (group.length < threshold) continue;
     const summary = _summarizeGroup(group);
@@ -118,7 +118,7 @@ function synthesizeRules(scanRoot, opts = {}) {
   return proposals;
 }
 
-const _internals = { DEFAULT_FP_THRESHOLD, TRIAGE_PATH, PROPOSED_DIR };
+const _internals = { DEFAULT_FP_THRESHOLD };
 
 
 /***/ })

package/dist/637.index.js

@@ -10,7 +10,7 @@ export const modules = {
 /* harmony export */   renderPrDeltaText: () => (/* binding */ renderPrDeltaText)
 /* harmony export */ });
 /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(8636);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6048);
 // Shadowscan / security-DELTA on PR (v0.72).
 //
 // Most SAST PR-comment integrations show absolute counts — "12 findings

package/dist/700.index.js

@@ -0,0 +1,138 @@
+export const id = 700;
+export const ids = [700];
+export const modules = {
+
+/***/ 1700:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   validateOsvFunctionsExist: () => (/* binding */ validateOsvFunctionsExist)
+/* harmony export */ });
+/* unused harmony export extractPythonPackageFunctions */
+/* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(3024);
+/* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6760);
+/* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(1421);
+/* harmony import */ var _ir_parser_py_cst_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(682);
+// Python package function extraction via the CST parser.
+//
+// Locates an installed Python package in site-packages or .venv,
+// parses its source files via the Python CST parser, and returns
+// a map of exported function names. Used by markUsedVulnFunctions
+// to validate that OSV-named vulnerable functions actually exist
+// in the installed version.
+
+
+
+
+
+
+const VENV_DIRS = ['.venv', 'venv', '.env', 'env'];
+
+function _findSitePackages(scanRoot) {
+  for (const vdir of VENV_DIRS) {
+    const base = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot || '.', vdir);
+    if (!node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(base)) continue;
+    const lib = node_path__WEBPACK_IMPORTED_MODULE_1__.join(base, 'lib');
+    if (!node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(lib)) continue;
+    const pydirs = node_fs__WEBPACK_IMPORTED_MODULE_0__.readdirSync(lib).filter(d => d.startsWith('python'));
+    for (const pydir of pydirs) {
+      const sp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(lib, pydir, 'site-packages');
+      if (node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(sp)) return sp;
+    }
+  }
+  // Fallback: ask python3 directly
+  try {
+    const out = (0,node_child_process__WEBPACK_IMPORTED_MODULE_2__.execFileSync)('python3', ['-c', 'import site; print(site.getsitepackages()[0])'], {
+      encoding: 'utf8', timeout: 5000,
+    }).trim();
+    if (out && node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(out)) return out;
+  } catch { /* no python3 or no site-packages */ }
+  return null;
+}
+
+function _findPackageDir(sitePackages, packageName) {
+  if (!sitePackages) return null;
+  const normalized = packageName.replace(/-/g, '_').toLowerCase();
+  const candidates = [
+    normalized,
+    packageName.toLowerCase(),
+    packageName,
+  ];
+  for (const name of candidates) {
+    const dir = node_path__WEBPACK_IMPORTED_MODULE_1__.join(sitePackages, name);
+    if (node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(dir) && node_fs__WEBPACK_IMPORTED_MODULE_0__.statSync(dir).isDirectory()) return dir;
+  }
+  return null;
+}
+
+function _readPyFilesFromDir(dir, maxFiles = 50) {
+  const entries = [];
+  try {
+    const files = node_fs__WEBPACK_IMPORTED_MODULE_0__.readdirSync(dir, { recursive: true })
+      .filter(f => f.endsWith('.py'))
+      .slice(0, maxFiles);
+    for (const f of files) {
+      const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(dir, f);
+      try {
+        const content = node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(fp, 'utf8');
+        if (content.length < 1_000_000) {
+          entries.push({ file: f, content });
+        }
+      } catch { /* skip unreadable files */ }
+    }
+  } catch { /* dir not readable */ }
+  return entries;
+}
+
+function extractPythonPackageFunctions(packageName, scanRoot) {
+  const cap = (0,_ir_parser_py_cst_js__WEBPACK_IMPORTED_MODULE_3__/* .probePythonAvailable */ .w4)();
+  if (!cap.ok) return null;
+
+  const sitePackages = _findSitePackages(scanRoot);
+  const pkgDir = _findPackageDir(sitePackages, packageName);
+  if (!pkgDir) return null;
+
+  const pyFiles = _readPyFilesFromDir(pkgDir);
+  if (!pyFiles.length) return null;
+
+  const batch = (0,_ir_parser_py_cst_js__WEBPACK_IMPORTED_MODULE_3__/* .parsePythonFilesBatch */ .H2)(pyFiles);
+  if (!batch || !Array.isArray(batch)) return null;
+
+  const functionMap = new Map();
+  for (const fileIR of batch) {
+    if (!fileIR || !fileIR.functions) continue;
+    for (const fn of fileIR.functions) {
+      if (fn.name && !fn.name.startsWith('_')) {
+        functionMap.set(fn.name, {
+          file: fileIR.file,
+          line: fn.line,
+          qid: fn.qid,
+          params: fn.params,
+        });
+      }
+    }
+  }
+  return functionMap;
+}
+
+function validateOsvFunctionsExist(packageName, osvFunctions, scanRoot) {
+  if (!osvFunctions || !osvFunctions.length) return { validated: [], missing: [] };
+  const fnMap = extractPythonPackageFunctions(packageName, scanRoot);
+  if (!fnMap) return { validated: osvFunctions, missing: [] };
+  const validated = [];
+  const missing = [];
+  for (const fn of osvFunctions) {
+    const shortFn = fn.includes('.') ? fn.split('.').pop() : fn;
+    if (fnMap.has(shortFn) || fnMap.has(fn)) {
+      validated.push(shortFn);
+    } else {
+      missing.push(fn);
+    }
+  }
+  return { validated, missing };
+}
+
+
+/***/ })
+
+};

package/dist/718.index.js

@@ -97,6 +97,59 @@ function detectVendoredLibraries(fileContents) {
       }
     }
   }
+  // Pass 2: Function-body structural matching for minified/forked copies
+  const FUNCTION_BODY_SIGS = [
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'merge', paramMin: 1,
+      bodyContains: ['assignValue', 'baseFor', 'isObject', 'baseMerge'] },
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'template', paramMin: 1,
+      bodyContains: ['sourceURL', 'interpolate', 'evaluate', 'escape'] },
+    { pkg: 'lodash', ecosystem: 'npm', fn: 'defaultsDeep', paramMin: 1,
+      bodyContains: ['baseMerge', 'isMergeableObject', 'customDefaultsMerge'] },
+    { pkg: 'jquery', ecosystem: 'npm', fn: 'ajax', paramMin: 1,
+      bodyContains: ['XMLHttpRequest', 'ajaxSettings', 'crossDomain', 'responseFields'] },
+    { pkg: 'handlebars', ecosystem: 'npm', fn: 'compile', paramMin: 1,
+      bodyContains: ['templateSpec', 'container', 'invokePartial', 'blockParams'] },
+    { pkg: 'marked', ecosystem: 'npm', fn: 'parse', paramMin: 1,
+      bodyContains: ['Lexer', 'Parser', 'blockTokens', 'walkTokens'] },
+    { pkg: 'ejs', ecosystem: 'npm', fn: 'render', paramMin: 1,
+      bodyContains: ['includeFile', 'resolveInclude', 'rethrow', 'escapeFn'] },
+    { pkg: 'moment', ecosystem: 'npm', fn: 'format', paramMin: 0,
+      bodyContains: ['formatMoment', 'expandFormat', 'makeFormatFunction', 'localFormattingTokens'] },
+    { pkg: 'underscore', ecosystem: 'npm', fn: 'template', paramMin: 1,
+      bodyContains: ['interpolate', 'evaluate', 'escape', 'templateSettings'] },
+    { pkg: 'minimist', ecosystem: 'npm', fn: 'parse', paramMin: 1,
+      bodyContains: ['boolean', 'alias', 'default', 'stopEarly', 'unknown'] },
+  ];
+
+  for (const [fp, content] of Object.entries(fileContents)) {
+    if (!content || typeof content !== 'string') continue;
+    if (SKIP_DIRS.test(fp)) continue;
+    if (!/\.(?:js|mjs|cjs)$/i.test(fp)) continue;
+    if (content.length < 200 || content.length > 500_000) continue;
+
+    for (const sig of FUNCTION_BODY_SIGS) {
+      const key = `${sig.pkg}:${fp}`;
+      if (seen.has(key)) continue;
+      const fnRe = new RegExp(`(?:function\\s+${sig.fn}|(?:const|let|var)\\s+${sig.fn}\\s*=|${sig.fn}\\s*[:=]\\s*function)\\s*\\(`, 'g');
+      const m = fnRe.exec(content);
+      if (!m) continue;
+      const bodyWindow = content.slice(m.index, m.index + 2000);
+      const matchCount = sig.bodyContains.filter(kw => bodyWindow.includes(kw)).length;
+      if (matchCount < Math.ceil(sig.bodyContains.length * 0.6)) continue;
+      seen.add(key);
+      detected.push({
+        name: sig.pkg,
+        version: 'unknown',
+        ecosystem: sig.ecosystem,
+        file: fp,
+        scope: 'vendored',
+        isVendored: true,
+        _detectionMethod: 'function-body-signature',
+        _matchedKeywords: matchCount,
+      });
+    }
+  }
+
   return detected;
 }