@coana-tech/cli 14.12.140 → 14.12.142

package/cli.mjs

@@ -209030,6 +209030,28 @@ function prettyPrintAxiosError(error) {
 }
 
 // ../utils/src/dashboard-api/socket-api.ts
+var HEARTBEAT_DEBUG = !!process.env.HEARTBEAT_DEBUG;
+var HEARTBEAT_INTERVAL_MS = HEARTBEAT_DEBUG ? 1e4 : 3e4;
+function formatElapsed(elapsedMs) {
+  const secs = Math.floor(elapsedMs / 1e3);
+  const mins = Math.floor(secs / 60);
+  const remainingSecs = secs % 60;
+  return `${mins}m ${remainingSecs}s`;
+}
+async function withHeartbeat(prefix, messages, operation) {
+  const startTime = Date.now();
+  let index2 = 0;
+  const timer = setInterval(() => {
+    const msg = messages[index2 % messages.length];
+    logger.info(`${prefix}: ${msg} (${formatElapsed(Date.now() - startTime)})`);
+    index2++;
+  }, HEARTBEAT_INTERVAL_MS);
+  try {
+    return await operation();
+  } finally {
+    clearInterval(timer);
+  }
+}
 var axios2 = getAxiosClient();
 function getSocketApiUrl(endpoint) {
   let baseUrl = process.env.SOCKET_CLI_API_BASE_URL ?? "https://api.socket.dev/v0/";
@@ -209300,40 +209322,50 @@ async function initializePregeneratedSbomMatcher() {
   }
   return pregeneratedSbomMatcher;
 }
+var SOCKET_HEARTBEAT_MESSAGES = [
+  "Waiting for Socket backend...",
+  "Processing dependencies...",
+  "Building dependency graph...",
+  "Crawling artifacts...",
+  "Checking for vulnerabilities...",
+  "Resolving SBOM..."
+];
 async function fetchArtifactsFromManifestsTarHash(manifestsTarHash, includePrecomputedReachabilityResults, useOnlyPregeneratedSboms) {
   logger.info("Fetching artifacts from Socket backend (this may take a while)");
   logger.debug("manifests tar hash", manifestsTarHash);
-  let responseData;
-  try {
-    const params = new URLSearchParams({
-      tarHash: manifestsTarHash,
-      includePrecomputedReachabilityResults: String(includePrecomputedReachabilityResults ?? false)
-    });
-    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?${params.toString()}`);
-    responseData = (await axios2.post(url2, {}, { headers: getAuthHeaders() })).data;
-    const result = parseComputeArtifactsResponse(responseData);
-    if (useOnlyPregeneratedSboms) {
-      const matcher = await initializePregeneratedSbomMatcher();
-      result.artifacts = result.artifacts.filter(
-        (artifact) => artifact.manifestFiles?.some((ref) => {
-          const fileName3 = ref.file.split("/").pop() ?? ref.file;
-          return matcher(fileName3);
-        })
-      );
-      if (result.artifacts.length === 0) {
-        logger.error(
-          "No artifacts found from pregenerated SBOMs. Make sure there are CDX or SPDX files in your project when using the --reach-use-only-pregenerated-sboms flag."
+  return withHeartbeat("Socket", SOCKET_HEARTBEAT_MESSAGES, async () => {
+    let responseData;
+    try {
+      const params = new URLSearchParams({
+        tarHash: manifestsTarHash,
+        includePrecomputedReachabilityResults: String(includePrecomputedReachabilityResults ?? false)
+      });
+      const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/compute-artifacts?${params.toString()}`);
+      responseData = (await axios2.post(url2, {}, { headers: getAuthHeaders() })).data;
+      const result = parseComputeArtifactsResponse(responseData);
+      if (useOnlyPregeneratedSboms) {
+        const matcher = await initializePregeneratedSbomMatcher();
+        result.artifacts = result.artifacts.filter(
+          (artifact) => artifact.manifestFiles?.some((ref) => {
+            const fileName3 = ref.file.split("/").pop() ?? ref.file;
+            return matcher(fileName3);
+          })
         );
+        if (result.artifacts.length === 0) {
+          logger.error(
+            "No artifacts found from pregenerated SBOMs. Make sure there are CDX or SPDX files in your project when using the --reach-use-only-pregenerated-sboms flag."
+          );
+        }
       }
+      return result;
+    } catch (e) {
+      if (!(e instanceof AxiosError2)) {
+        logger.debug(`compute artifacts response data:${responseData ?? "no response data"}`);
+      }
+      handleError(e, "Failed to fetch artifacts from Socket API using manifests tar hash", true);
+      throw new Error("we should never reach this point");
     }
-    return result;
-  } catch (e) {
-    if (!(e instanceof AxiosError2)) {
-      logger.debug(`compute artifacts response data:${responseData ?? "no response data"}`);
-    }
-    handleError(e, "Failed to fetch artifacts from Socket API using manifests tar hash", true);
-    throw new Error("we should never reach this point");
-  }
+  });
 }
 async function uploadManifestsAndGetTarHash(rootDir, manifestFiles) {
   const formData = new import_form_data2.default();
@@ -209723,11 +209755,17 @@ var Spinner = class _Spinner {
   getText() {
     return this.header;
   }
-  setStatus(status) {
+  async setStatus(status) {
+    await this.mutex.acquire();
     this.status = status;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
-  clearStatus() {
+  async clearStatus() {
+    await this.mutex.acquire();
     this.status = void 0;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
   async succeed() {
     if (this.tasks.size > 0) return;
@@ -209827,34 +209865,49 @@ ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   logger[logLevel](`stdout: ${stdout}`);
   logger[logLevel](`stderr: ${stderr}`);
 }
+function startHeartbeat(options) {
+  const startTime = Date.now();
+  let index2 = Math.floor(Math.random() * options.messages.length);
+  const timer = setInterval(() => {
+    options.onMessage(options.messages[index2], Date.now() - startTime);
+    index2 = (index2 + 1) % options.messages.length;
+  }, options.intervalMs);
+  timer.unref?.();
+  return () => clearInterval(timer);
+}
 async function execNeverFail(cmd, dir, options) {
-  return new Promise((resolve45) => {
-    let args2;
-    if (typeof cmd !== "string") [cmd, ...args2] = cmd;
-    const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
-    const childProcess = execFile(
-      cmd,
-      args2,
-      { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout },
-      (error, stdout, stderr) => {
-        resolve45({ error, stdout, stderr });
-      }
-    );
-    if (options?.pipe) {
-      childProcess.stdout?.on("data", (data2) => {
-        Spinner.instance().suspend(() => {
-          process.stdout.write(data2);
+  const stopHeartbeat = options?.heartbeat ? startHeartbeat(options.heartbeat) : void 0;
+  try {
+    return await new Promise((resolve45) => {
+      let args2;
+      if (typeof cmd !== "string") [cmd, ...args2] = cmd;
+      const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
+      const childProcess = execFile(
+        cmd,
+        args2,
+        { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout },
+        (error, stdout, stderr) => {
+          resolve45({ error, stdout, stderr });
+        }
+      );
+      if (options?.pipe) {
+        childProcess.stdout?.on("data", (data2) => {
+          Spinner.instance().suspend(() => {
+            process.stdout.write(data2);
+          });
         });
-      });
-      childProcess.stderr?.on("data", (data2) => {
-        Spinner.instance().suspend(() => {
-          process.stderr.write(data2);
+        childProcess.stderr?.on("data", (data2) => {
+          Spinner.instance().suspend(() => {
+            process.stderr.write(data2);
+          });
         });
-      });
-    }
-    if (options?.stdin) childProcess.stdin?.write(options.stdin);
-    childProcess.stdin?.end();
-  });
+      }
+      if (options?.stdin) childProcess.stdin?.write(options.stdin);
+      childProcess.stdin?.end();
+    });
+  } finally {
+    stopHeartbeat?.();
+  }
 }
 async function exec(cmd, dir, options) {
   const { error, stdout, stderr } = await execNeverFail(cmd, dir, options);
@@ -228633,11 +228686,17 @@ var Spinner2 = class _Spinner {
   getText() {
     return this.header;
   }
-  setStatus(status) {
+  async setStatus(status) {
+    await this.mutex.acquire();
     this.status = status;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
-  clearStatus() {
+  async clearStatus() {
+    await this.mutex.acquire();
     this.status = void 0;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
   async succeed() {
     if (this.tasks.size > 0)
@@ -228737,31 +228796,46 @@ ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   logger[logLevel](`stdout: ${stdout}`);
   logger[logLevel](`stderr: ${stderr}`);
 }
+function startHeartbeat2(options) {
+  const startTime = Date.now();
+  let index2 = Math.floor(Math.random() * options.messages.length);
+  const timer = setInterval(() => {
+    options.onMessage(options.messages[index2], Date.now() - startTime);
+    index2 = (index2 + 1) % options.messages.length;
+  }, options.intervalMs);
+  timer.unref?.();
+  return () => clearInterval(timer);
+}
 async function execNeverFail3(cmd, dir, options) {
-  return new Promise((resolve45) => {
-    let args2;
-    if (typeof cmd !== "string")
-      [cmd, ...args2] = cmd;
-    const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS2;
-    const childProcess = execFile2(cmd, args2, { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout }, (error, stdout, stderr) => {
-      resolve45({ error, stdout, stderr });
-    });
-    if (options?.pipe) {
-      childProcess.stdout?.on("data", (data2) => {
-        Spinner2.instance().suspend(() => {
-          process.stdout.write(data2);
-        });
+  const stopHeartbeat = options?.heartbeat ? startHeartbeat2(options.heartbeat) : void 0;
+  try {
+    return await new Promise((resolve45) => {
+      let args2;
+      if (typeof cmd !== "string")
+        [cmd, ...args2] = cmd;
+      const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS2;
+      const childProcess = execFile2(cmd, args2, { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args2 === void 0, timeout }, (error, stdout, stderr) => {
+        resolve45({ error, stdout, stderr });
       });
-      childProcess.stderr?.on("data", (data2) => {
-        Spinner2.instance().suspend(() => {
-          process.stderr.write(data2);
+      if (options?.pipe) {
+        childProcess.stdout?.on("data", (data2) => {
+          Spinner2.instance().suspend(() => {
+            process.stdout.write(data2);
+          });
         });
-      });
-    }
-    if (options?.stdin)
-      childProcess.stdin?.write(options.stdin);
-    childProcess.stdin?.end();
-  });
+        childProcess.stderr?.on("data", (data2) => {
+          Spinner2.instance().suspend(() => {
+            process.stderr.write(data2);
+          });
+        });
+      }
+      if (options?.stdin)
+        childProcess.stdin?.write(options.stdin);
+      childProcess.stdin?.end();
+    });
+  } finally {
+    stopHeartbeat?.();
+  }
 }
 async function runCommandResolveStdOut3(cmd, dir, options) {
   const { stdout, error } = await execNeverFail3(cmd, dir, options);
@@ -254983,7 +255057,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.140";
+var version3 = "14.12.142";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.140",
+  "version": "14.12.142",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -76214,11 +76214,17 @@ var Spinner = class _Spinner {
   getText() {
     return this.header;
   }
-  setStatus(status) {
+  async setStatus(status) {
+    await this.mutex.acquire();
     this.status = status;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
-  clearStatus() {
+  async clearStatus() {
+    await this.mutex.acquire();
     this.status = void 0;
+    this.oraInstance.text = this.getCombinedText();
+    this.mutex.release();
   }
   async succeed() {
     if (this.tasks.size > 0) return;
@@ -80594,6 +80600,7 @@ function getPurlFromSocketFactArtifact(artifact) {
 }
 
 // ../utils/src/dashboard-api/socket-api.ts
+var HEARTBEAT_DEBUG = !!process.env.HEARTBEAT_DEBUG;
 var axios2 = getAxiosClient();
 function getSocketApiUrl(endpoint) {
   let baseUrl = process.env.SOCKET_CLI_API_BASE_URL ?? "https://api.socket.dev/v0/";
@@ -81008,34 +81015,49 @@ ${stderr}`) ? em.slice(0, -stderr.length - 1) : em}`);
   logger[logLevel](`stdout: ${stdout}`);
   logger[logLevel](`stderr: ${stderr}`);
 }
+function startHeartbeat(options) {
+  const startTime = Date.now();
+  let index2 = Math.floor(Math.random() * options.messages.length);
+  const timer = setInterval(() => {
+    options.onMessage(options.messages[index2], Date.now() - startTime);
+    index2 = (index2 + 1) % options.messages.length;
+  }, options.intervalMs);
+  timer.unref?.();
+  return () => clearInterval(timer);
+}
 async function execNeverFail(cmd, dir, options) {
-  return new Promise((resolve23) => {
-    let args;
-    if (typeof cmd !== "string") [cmd, ...args] = cmd;
-    const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
-    const childProcess = execFile(
-      cmd,
-      args,
-      { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout },
-      (error, stdout, stderr) => {
-        resolve23({ error, stdout, stderr });
-      }
-    );
-    if (options?.pipe) {
-      childProcess.stdout?.on("data", (data2) => {
-        Spinner.instance().suspend(() => {
-          process.stdout.write(data2);
+  const stopHeartbeat = options?.heartbeat ? startHeartbeat(options.heartbeat) : void 0;
+  try {
+    return await new Promise((resolve23) => {
+      let args;
+      if (typeof cmd !== "string") [cmd, ...args] = cmd;
+      const timeout = options?.timeout ?? DEFAULT_TIMEOUT_MS;
+      const childProcess = execFile(
+        cmd,
+        args,
+        { ...options, cwd: dir, maxBuffer: 1024 * 1024 * 1024, shell: args === void 0, timeout },
+        (error, stdout, stderr) => {
+          resolve23({ error, stdout, stderr });
+        }
+      );
+      if (options?.pipe) {
+        childProcess.stdout?.on("data", (data2) => {
+          Spinner.instance().suspend(() => {
+            process.stdout.write(data2);
+          });
         });
-      });
-      childProcess.stderr?.on("data", (data2) => {
-        Spinner.instance().suspend(() => {
-          process.stderr.write(data2);
+        childProcess.stderr?.on("data", (data2) => {
+          Spinner.instance().suspend(() => {
+            process.stderr.write(data2);
+          });
         });
-      });
-    }
-    if (options?.stdin) childProcess.stdin?.write(options.stdin);
-    childProcess.stdin?.end();
-  });
+      }
+      if (options?.stdin) childProcess.stdin?.write(options.stdin);
+      childProcess.stdin?.end();
+    });
+  } finally {
+    stopHeartbeat?.();
+  }
 }
 async function exec(cmd, dir, options) {
   const { error, stdout, stderr } = await execNeverFail(cmd, dir, options);
@@ -88292,6 +88314,118 @@ async function withTmpDirectory(prefix, fn, deleteTmpDir = true) {
 // ../web-compat-utils/src/vuln-chain-detail-utils.ts
 var ROOT_NODE_STR = "";
 
+// dist/analyzer-heartbeats.js
+var DEBUG_MODE = !!process.env.HEARTBEAT_DEBUG;
+var HEARTBEAT_INTERVAL_MS = DEBUG_MODE ? 1e4 : 3e4;
+function formatElapsed(elapsedMs) {
+  const secs = Math.floor(elapsedMs / 1e3);
+  const mins = Math.floor(secs / 60);
+  const remainingSecs = secs % 60;
+  return `${mins}m ${remainingSecs}s`;
+}
+function createHeartbeat(prefix, messages) {
+  return {
+    intervalMs: HEARTBEAT_INTERVAL_MS,
+    messages,
+    onMessage: (msg, elapsed) => {
+      logger.info(`${prefix}: ${msg} (${formatElapsed(elapsed)})`);
+    }
+  };
+}
+var HEARTBEATS = {
+  // Data flow analyzers
+  js: createHeartbeat("JS Reachability Analyzer", [
+    "Building call graph...",
+    "Tracing data flow...",
+    "Analyzing reachability paths...",
+    "Processing dependencies...",
+    "Mapping function calls...",
+    "Evaluating vulnerability exposure...",
+    "Propagating data flow through assignments...",
+    "Resolving dynamic property accesses...",
+    "Tracking inter-procedural data flow...",
+    "Analyzing callback invocations...",
+    "Computing points-to sets...",
+    "Evaluating reachability..."
+  ]),
+  python: createHeartbeat("Python Reachability Analyzer", [
+    "Analyzing modules...",
+    "Tracing import paths...",
+    "Building dependency graph...",
+    "Building call graph...",
+    "Analyzing reachability paths...",
+    "Checking reachability...",
+    "Propagating data flow through functions...",
+    "Resolving dynamic attribute accesses...",
+    "Tracking flow through decorators...",
+    "Analyzing generator and async flows...",
+    "Computing inter-module data dependencies...",
+    "Evaluating reachability..."
+  ]),
+  go: createHeartbeat("Go Reachability Analyzer", [
+    "Analyzing Go packages...",
+    "Building call graph...",
+    "Tracing function calls...",
+    "Checking reachability...",
+    "Propagating data flow through channels...",
+    "Resolving interface method calls...",
+    "Tracking goroutine data flow...",
+    "Analyzing pointer receivers...",
+    "Computing inter-package dependencies...",
+    "Tracing data through struct fields...",
+    "Evaluating reachability..."
+  ]),
+  ruby: createHeartbeat("Ruby Reachability Analyzer", [
+    "Analyzing Ruby gems...",
+    "Tracing method calls...",
+    "Building dependency graph...",
+    "Checking reachability...",
+    "Propagating data through blocks...",
+    "Resolving dynamic method invocations...",
+    "Tracking flow through mixins...",
+    "Analyzing metaprogramming patterns...",
+    "Computing inter-gem data flow...",
+    "Tracing data through instance variables...",
+    "Evaluating reachability..."
+  ]),
+  // Class/type-based analyzers
+  java: createHeartbeat("Java Reachability Analyzer", [
+    "Analyzing Java bytecode...",
+    "Building class graph...",
+    "Checking reachability...",
+    "Resolving class hierarchy...",
+    "Analyzing interface implementations...",
+    "Computing virtual method dispatch...",
+    "Tracing inheritance chains...",
+    "Resolving generic type parameters...",
+    "Analyzing annotation processors...",
+    "Mapping overridden methods..."
+  ]),
+  dotnet: createHeartbeat(".NET Reachability Analyzer", [
+    "Analyzing .NET assemblies...",
+    "Building type graph...",
+    "Checking reachability...",
+    "Resolving type hierarchy...",
+    "Analyzing interface implementations...",
+    "Tracing inheritance chains...",
+    "Resolving generic type arguments...",
+    "Analyzing extension methods...",
+    "Mapping overridden members..."
+  ]),
+  rust: createHeartbeat("Rust Reachability Analyzer", [
+    "Analyzing Rust crates...",
+    "Building call graph...",
+    "Tracing function calls...",
+    "Checking reachability...",
+    "Resolving trait implementations...",
+    "Analyzing generic type bounds...",
+    "Computing trait object dispatch...",
+    "Tracing impl blocks...",
+    "Resolving associated types...",
+    "Analyzing derive macros..."
+  ])
+};
+
 // dist/tool-path-resolver.js
 import { resolve as resolve6 } from "path";
 var ToolPathResolver = class {
@@ -95903,7 +96037,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile6(outputFile, "utf-8")).result;
@@ -95942,7 +96076,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile6(outputFile, "utf-8")).result;
@@ -109879,7 +110013,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve10(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -109918,7 +110052,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve10(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${getJavapServicePath()} --tree-sitter-java ${getTreeSitterJavaPath()} --tree-sitter-kotlin ${getTreeSitterKotlinPath()} --tree-sitter-scala ${getTreeSitterScalaPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.java });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -110550,7 +110684,7 @@ async function runJellyAnalysis(mainProjectRoot, projectRoot, jellyOptions, reac
       jellyCmd,
       void 0,
       // Use SIGKILL to ensure termination even if the process is unresponsive 50% above the timeout (e.g., due to GC pressure).
-      { timeout: timeoutInSeconds * 1e3 * 1.5, killSignal: "SIGKILL" }
+      { timeout: timeoutInSeconds * 1e3 * 1.5, killSignal: "SIGKILL", heartbeat: HEARTBEATS.js }
     );
     if (reachabilityAnalysisOptions.printLogFile)
       logger.info("JS analysis log file:", await readFile8(logFile, "utf-8"));
@@ -110593,7 +110727,8 @@ async function runJellyPhantomDependencyAnalysis(projectRoot, options) {
         --reachable-json ${reachablePackagesFile} ${projectRoot}`;
     await runCommandResolveStdOut2(jellyCmd, void 0, {
       timeout: options.timeoutSeconds.allVulnRuns * 1e3,
-      killSignal: "SIGKILL"
+      killSignal: "SIGKILL",
+      heartbeat: HEARTBEATS.js
     });
     return JSON.parse(await readFile8(reachablePackagesFile, "utf-8")).packages;
   } finally {
@@ -110613,7 +110748,8 @@ async function runJellyImportReachabilityAnalysis(mainProjectRoot, projectRoot,
         ${options.entryPoints ?? projectRoot}`;
     await runCommandResolveStdOut2(jellyCmd, void 0, {
       timeout: options.timeoutSeconds.allVulnRuns * 1e3,
-      killSignal: "SIGKILL"
+      killSignal: "SIGKILL",
+      heartbeat: HEARTBEATS.js
     });
     return JSON.parse(await readFile8(reachableModulesFile, "utf-8"));
   } finally {
@@ -110874,7 +111010,8 @@ var GoCodeAwareVulnerabilityScanner = class {
           ${this.projectDir} ${vulnAccPaths}`, void 0, {
         timeout: timeoutInSeconds * 1e3,
         killSignal: "SIGKILL",
-        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0
+        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0,
+        heartbeat: HEARTBEATS.go
       });
       if (error) {
         logger.error("Error running Go code-aware analysis", error);
@@ -111273,7 +111410,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const outputFile = resolve15(tmpDir, "output.json");
       await writeFile8(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile10(outputFile, "utf-8")).result;
@@ -111309,7 +111446,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const outputFile = resolve15(tmpDir, "output.json");
       await writeFile8(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(effectiveTimeout * 1.5, effectiveTimeout + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL" });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runRustReachabilityAnalysis -i ${inputFile} -o ${outputFile} --tree-sitter-rust ${getTreeSitterRustPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.rust });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile10(outputFile, "utf-8")).result;
@@ -111833,7 +111970,8 @@ var PythonCodeAwareVulnerabilityScanner = class {
         // Forcefully kill the process if the internal timeout mechanism fails.
         // Use SIGKILL to ensure termination even if the process is unresponsive.
         timeout: (timeoutInSeconds * 1.5 + 15) * 1e3,
-        killSignal: "SIGKILL"
+        killSignal: "SIGKILL",
+        heartbeat: HEARTBEATS.python
       });
       logger.debug("Done running mambalade");
       const errors = stderr.split("\n").filter((line) => line.startsWith("ERROR:") && !/^ERROR: Excluded distribution/.test(line));
@@ -116579,7 +116717,8 @@ var RubyCodeAwareVulnerabilityScanner = class {
         this.numberAnalysesRun++;
         await exec2(cmd, this.projectDir, {
           timeout: (timeoutInSeconds * 1.5 + 10) * 1e3,
-          killSignal: "SIGKILL"
+          killSignal: "SIGKILL",
+          heartbeat: HEARTBEATS.ruby
         });
         const result = JSON.parse(await readFile12(vulnsOutputFile, "utf-8"));
         const relativeLoadPathsToPackageNames = new Map([...loadPathsToPackageNames.entries()].map(([k, v]) => [join17("vendor", relative8(this.vendorDir, k)), v]));