@coana-tech/cli 14.12.199 → 14.12.201

package/cli.mjs

@@ -25038,15 +25038,15 @@ var require_file = __commonJS({
       _incFile(callback) {
         debug("_incFile", this.filename);
         const ext2 = path9.extname(this._basename);
-        const basename12 = path9.basename(this._basename, ext2);
+        const basename13 = path9.basename(this._basename, ext2);
         const tasks = [];
         if (this.zippedArchive) {
           tasks.push(
             function(cb) {
               const num = this._created > 0 && !this.tailable ? this._created : "";
               this._compressFile(
-                path9.join(this.dirname, `${basename12}${num}${ext2}`),
-                path9.join(this.dirname, `${basename12}${num}${ext2}.gz`),
+                path9.join(this.dirname, `${basename13}${num}${ext2}`),
+                path9.join(this.dirname, `${basename13}${num}${ext2}.gz`),
                 cb
               );
             }.bind(this)
@@ -25056,9 +25056,9 @@ var require_file = __commonJS({
           function(cb) {
             if (!this.tailable) {
               this._created += 1;
-              this._checkMaxFilesIncrementing(ext2, basename12, cb);
+              this._checkMaxFilesIncrementing(ext2, basename13, cb);
             } else {
-              this._checkMaxFilesTailable(ext2, basename12, cb);
+              this._checkMaxFilesTailable(ext2, basename13, cb);
             }
           }.bind(this)
         );
@@ -25072,9 +25072,9 @@ var require_file = __commonJS({
        */
       _getFile() {
         const ext2 = path9.extname(this._basename);
-        const basename12 = path9.basename(this._basename, ext2);
+        const basename13 = path9.basename(this._basename, ext2);
         const isRotation = this.rotationFormat ? this.rotationFormat() : this._created;
-        return !this.tailable && this._created ? `${basename12}${isRotation}${ext2}` : `${basename12}${ext2}`;
+        return !this.tailable && this._created ? `${basename13}${isRotation}${ext2}` : `${basename13}${ext2}`;
       }
       /**
        * Increment the number of files created or checked by this instance.
@@ -25084,14 +25084,14 @@ var require_file = __commonJS({
        * @returns {undefined}
        * @private
        */
-      _checkMaxFilesIncrementing(ext2, basename12, callback) {
+      _checkMaxFilesIncrementing(ext2, basename13, callback) {
         if (!this.maxFiles || this._created < this.maxFiles) {
           return setImmediate(callback);
         }
         const oldest = this._created - this.maxFiles;
         const isOldest = oldest !== 0 ? oldest : "";
         const isZipped = this.zippedArchive ? ".gz" : "";
-        const filePath = `${basename12}${isOldest}${ext2}${isZipped}`;
+        const filePath = `${basename13}${isOldest}${ext2}${isZipped}`;
         const target = path9.join(this.dirname, filePath);
         fs11.unlink(target, callback);
       }
@@ -25106,7 +25106,7 @@ var require_file = __commonJS({
        * @returns {undefined}
        * @private
        */
-      _checkMaxFilesTailable(ext2, basename12, callback) {
+      _checkMaxFilesTailable(ext2, basename13, callback) {
         const tasks = [];
         if (!this.maxFiles) {
           return;
@@ -25114,21 +25114,21 @@ var require_file = __commonJS({
         const isZipped = this.zippedArchive ? ".gz" : "";
         for (let x2 = this.maxFiles - 1; x2 > 1; x2--) {
           tasks.push(function(i7, cb) {
-            let fileName3 = `${basename12}${i7 - 1}${ext2}${isZipped}`;
+            let fileName3 = `${basename13}${i7 - 1}${ext2}${isZipped}`;
             const tmppath = path9.join(this.dirname, fileName3);
             fs11.exists(tmppath, (exists2) => {
               if (!exists2) {
                 return cb(null);
               }
-              fileName3 = `${basename12}${i7}${ext2}${isZipped}`;
+              fileName3 = `${basename13}${i7}${ext2}${isZipped}`;
               fs11.rename(tmppath, path9.join(this.dirname, fileName3), cb);
             });
           }.bind(this, x2));
         }
         asyncSeries(tasks, () => {
           fs11.rename(
-            path9.join(this.dirname, `${basename12}${ext2}${isZipped}`),
-            path9.join(this.dirname, `${basename12}1${ext2}${isZipped}`),
+            path9.join(this.dirname, `${basename13}${ext2}${isZipped}`),
+            path9.join(this.dirname, `${basename13}1${ext2}${isZipped}`),
             callback
           );
         });
@@ -102682,7 +102682,7 @@ var require_parseParams = __commonJS({
 var require_basename = __commonJS({
   "../../node_modules/.pnpm/@fastify+busboy@2.1.1/node_modules/@fastify/busboy/lib/utils/basename.js"(exports2, module2) {
     "use strict";
-    module2.exports = function basename12(path9) {
+    module2.exports = function basename13(path9) {
       if (typeof path9 !== "string") {
         return "";
       }
@@ -102709,7 +102709,7 @@ var require_multipart = __commonJS({
     var Dicer = require_Dicer();
     var parseParams = require_parseParams();
     var decodeText = require_decodeText();
-    var basename12 = require_basename();
+    var basename13 = require_basename();
     var getLimit2 = require_getLimit();
     var RE_BOUNDARY = /^boundary$/i;
     var RE_FIELD = /^form-data$/i;
@@ -102826,7 +102826,7 @@ var require_multipart = __commonJS({
               } else if (RE_FILENAME.test(parsed[i7][0])) {
                 filename = parsed[i7][1];
                 if (!preservePath) {
-                  filename = basename12(filename);
+                  filename = basename13(filename);
                 }
               }
             }
@@ -121662,8 +121662,8 @@ var require_tmp = __commonJS({
       if (option === "name") {
         if (path9.isAbsolute(name2))
           throw new Error(`${option} option must not contain an absolute path, found "${name2}".`);
-        let basename12 = path9.basename(name2);
-        if (basename12 === ".." || basename12 === "." || basename12 !== name2)
+        let basename13 = path9.basename(name2);
+        if (basename13 === ".." || basename13 === "." || basename13 !== name2)
           throw new Error(`${option} option must not contain a path, found "${name2}".`);
       } else {
         if (path9.isAbsolute(name2) && !name2.startsWith(tmpDir)) {
@@ -155347,8 +155347,8 @@ var require_pattern = __commonJS({
     }
     exports2.endsWithSlashGlobStar = endsWithSlashGlobStar;
     function isAffectDepthOfReadingPattern(pattern) {
-      const basename12 = path9.basename(pattern);
-      return endsWithSlashGlobStar(pattern) || isStaticPattern(basename12);
+      const basename13 = path9.basename(pattern);
+      return endsWithSlashGlobStar(pattern) || isStaticPattern(basename13);
     }
     exports2.isAffectDepthOfReadingPattern = isAffectDepthOfReadingPattern;
     function expandPatternsWithBraceExpansion(patterns) {
@@ -234280,6 +234280,28 @@ function assertDefined(value2) {
 }
 
 // dist/internal/validate-external-dependencies.js
+import { basename as basename10 } from "path";
+function getEcosystemsFromManifestFileNames(fileNames) {
+  const ecosystems = /* @__PURE__ */ new Set();
+  for (const f6 of fileNames) {
+    const base = basename10(f6);
+    if (/^package(-lock)?\.json$|pnpm-lock\.yaml|yarn\.lock|rush\.json/.test(base))
+      ecosystems.add("NPM");
+    if (/^pom\.xml$|^gradlew$|^build\.sbt$/.test(base))
+      ecosystems.add("MAVEN");
+    if (/^go\.(mod|work)$/.test(base))
+      ecosystems.add("GO");
+    if (/\.(sln|csproj|vbproj|fsproj)$/.test(base))
+      ecosystems.add("NUGET");
+    if (/^[Cc]argo\.(toml|lock)$/.test(base))
+      ecosystems.add("RUST");
+    if (/^([Gg]emfile(\.lock)?|gems\.rb|[^/\\]+\.gemspec)$/.test(base))
+      ecosystems.add("RUBYGEMS");
+    if (/^(pyproject\.toml|setup\.py|poetry\.lock|Pipfile\.lock|uv\.lock|requirements.*\.txt)$/.test(base))
+      ecosystems.add("PIP");
+  }
+  return [...ecosystems];
+}
 async function validateExternalDependencies(ecosystems, command, manifestFileNames) {
   const checks = [];
   const ecosystemSet = new Set(ecosystems);
@@ -235554,7 +235576,7 @@ var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 // dist/internal/exclude-dirs-from-configuration-files.js
 import { existsSync as existsSync25 } from "fs";
 import { readFile as readFile35 } from "fs/promises";
-import { basename as basename10, resolve as resolve41 } from "path";
+import { basename as basename11, resolve as resolve41 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve41(rootWorkingDir, "socket.yml");
@@ -235574,7 +235596,7 @@ async function inferExcludeDirsFromSocketConfig(socketConfigFile) {
       return void 0;
     if (ignorePaths.some((ignorePath) => ignorePath.includes("!")))
       return void 0;
-    logger.info(`Inferring paths to exclude based on Socket config file: ${basename10(socketConfigFile)}`);
+    logger.info(`Inferring paths to exclude based on Socket config file: ${basename11(socketConfigFile)}`);
     return config3.projectIgnorePaths;
   } catch (e) {
     return void 0;
@@ -235784,7 +235806,7 @@ function transformToVulnChainNode(dependencyTree) {
 }
 
 // dist/internal/socket-mode-helpers-socket-dependency-trees.js
-import { basename as basename11, dirname as dirname25, join as join32, sep as sep5 } from "path";
+import { basename as basename12, dirname as dirname25, join as join32, sep as sep5 } from "path";
 var REQUIREMENTS_FILES_SEARCH_DEPTH2 = 3;
 var venvExcludes = [
   "venv",
@@ -235812,7 +235834,7 @@ var venvExcludes = [
 function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonProjects) {
   switch (ecosystem) {
     case "NPM": {
-      const base = basename11(manifestPath);
+      const base = basename12(manifestPath);
       const dir = dirname25(manifestPath);
       return base === "package.json" ? dir || "." : void 0;
     }
@@ -235823,7 +235845,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
       if (venvExcludes.some((exclude) => manifestPath.startsWith(`${exclude}/`) || manifestPath.includes(`/${exclude}/`))) {
         return void 0;
       }
-      const base = basename11(manifestPath);
+      const base = basename12(manifestPath);
       const dir = dirname25(manifestPath);
       const workspaceDir = dir === "" ? "." : dir;
       if (properPythonProjects.includes(workspaceDir)) {
@@ -235850,7 +235872,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
       return dirname25(manifestPath) || ".";
     }
     case "GO": {
-      const base = basename11(manifestPath);
+      const base = basename12(manifestPath);
       const dir = dirname25(manifestPath);
       return base === "go.mod" ? dir || "." : void 0;
     }
@@ -235865,7 +235887,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
 function inferProjectFromManifestPath(ecosystem, manifestPath) {
   switch (ecosystem) {
     case "NPM": {
-      const filename = basename11(manifestPath);
+      const filename = basename12(manifestPath);
       if (["package-lock.json", "pnpm-lock.yaml", "pnpm-lock.yml", "yarn.lock"].includes(filename)) {
         return dirname25(manifestPath) || ".";
       }
@@ -235907,7 +235929,7 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
     }
     const allFiles = await getFilesRelative(rootWorkingDirectory, venvExcludes);
     for (const file of allFiles) {
-      const base = basename11(file);
+      const base = basename12(file);
       const workspaceDir = dirname25(file) || ".";
       if (base === "pyproject.toml" || base === "setup.py" && await isSetupPySetuptools(join32(rootWorkingDirectory, file))) {
         if (!properPythonProjects.includes(workspaceDir)) {
@@ -251655,7 +251677,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.199";
+var version3 = "14.12.201";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
@@ -251861,13 +251883,14 @@ var CliCore = class {
   }
   async computeAndOutputReportSocketMode(otherModulesCommunicator) {
     logger.info("Fetching artifacts from Socket backend");
+    if (!this.options.disableExternalToolChecks) {
+      const manifestFiles = await fetchManifestFilesFromManifestsTarHash(this.options.manifestsTarHash);
+      const ecosystems = getEcosystemsFromManifestFileNames(manifestFiles);
+      await validateExternalDependencies(ecosystems, "run", manifestFiles);
+    }
     this.sendProgress("SCAN_FOR_VULNERABILITIES", true, ".", ".");
     const { artifacts, ecosystemToWorkspaceToAnalysisData, ecosystemToWorkspaceToVulnerabilities } = await fetchArtifactsFromSocket(this.rootWorkingDirectory, this.options.manifestsTarHash, "reachability", this.options.useUnreachableFromPrecomputation, this.options.useOnlyPregeneratedSboms);
     this.sendProgress("SCAN_FOR_VULNERABILITIES", false, ".", ".");
-    const detectedEcosystemsSocket = Object.keys(ecosystemToWorkspaceToAnalysisData);
-    if (!this.options.disableExternalToolChecks) {
-      await validateExternalDependencies(detectedEcosystemsSocket, "run");
-    }
     const subProjects = Object.entries(ecosystemToWorkspaceToAnalysisData).flatMap(([ecosystem, workspaceToAnalysisData]) => {
       return Object.entries(workspaceToAnalysisData).map(([workspace, analysisData]) => {
         return {
@@ -252009,10 +252032,6 @@ var CliCore = class {
     const manager = await ProjectManager.create(this.rootWorkingDirectory, otherModulesCommunicator, this.options.ecosystems, this.options.includeDirs, this.options.excludeDirs, this.options.changedFiles);
     this.sendProgress("CREATE_PROJECT_MANAGER", false);
     const { reachabilitySupport, traditionalScaSupport, noSupport } = manager.getSubprojectsWithWorkspacePaths();
-    const detectedEcosystemsSbom = [...new Set([...reachabilitySupport, ...traditionalScaSupport].map((s6) => s6.ecosystem))];
-    if (!this.options.disableExternalToolChecks) {
-      await validateExternalDependencies(detectedEcosystemsSbom, "run");
-    }
     await this.dashboardAPI.registerSubprojects([...reachabilitySupport, ...traditionalScaSupport, ...noSupport].map((sp) => ({
       ...sp,
       subprojectPath: relative22(this.rootWorkingDirectory, sp.subprojectPath) || "."

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.199",
+  "version": "14.12.201",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -88572,7 +88572,7 @@ function addPathToTrie(root3, vulnPath) {
 var import_lodash14 = __toESM(require_lodash(), 1);
 import assert6 from "assert";
 import { existsSync as existsSync13 } from "fs";
-import { cp as cp7, readdir as readdir4, readFile as readFile12, rm as rm5 } from "fs/promises";
+import { cp as cp7, readdir as readdir5, readFile as readFile12, rm as rm5 } from "fs/promises";
 var import_semver3 = __toESM(require_semver2(), 1);
 import { basename as basename11, dirname as dirname15, join as join17, resolve as resolve17, sep as sep5 } from "path";
 import util5 from "util";
@@ -94244,7 +94244,7 @@ var CocoaHeuristics = {
 
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
 var import_adm_zip = __toESM(require_adm_zip(), 1);
-import { mkdir as mkdir5, readFile as readFile7, writeFile as writeFile5 } from "fs/promises";
+import { mkdir as mkdir5, readdir as readdir4, readFile as readFile7, writeFile as writeFile5 } from "fs/promises";
 import { randomUUID } from "node:crypto";
 
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/constants.js
@@ -96464,7 +96464,13 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile5(inputFile, JSON.stringify(options));
       const timeoutMs = Math.max(timeoutInSeconds * 1.5, timeoutInSeconds + 30) * 1e3;
-      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, { timeout: timeoutMs, killSignal: "SIGKILL", heartbeat: HEARTBEATS.dotnet, telemetryHandler, analyzerTelemetryHandler });
+      const result = await execNeverFail2(cmdt`${await getNodeExecutable(ToolPathResolver.nodeExecutablePath)} ${getClassGraphAnalysisCliPath()} runDotnetReachabilityAnalysis -i ${inputFile} -o ${outputFile} --cocoa ${getCocoaPath()} --tree-sitter-c-sharp ${getTreeSitterCSharpPath()}`, void 0, {
+        timeout: timeoutMs,
+        killSignal: "SIGKILL",
+        heartbeat: HEARTBEATS.dotnet,
+        telemetryHandler,
+        analyzerTelemetryHandler
+      });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -96555,18 +96561,29 @@ async function downloadAndExtractNugetPackage(packageName, version3, tmpDir) {
     const packageUrl = getUrlForPackage(packageName, version3);
     const success = await downloadFile(packageUrl, packageFile);
     if (!success) {
-      logger.warn(`Failed to download nuget package ${packageName}/${version3}`);
-      return void 0;
+      throw new Error(`Failed to download nuget package ${packageName}/${version3}`);
     }
   }
   return extractNugetPackage(packageFile, packageName, version3, tmpDir);
 }
 async function convertDependencyChain(dependencyChain, tmpDir) {
+  const runtimePaths = await getDotnetRuntimeSharedPaths();
+  const runtimeFileIndex = await buildRuntimeFileIndex(runtimePaths);
   const nugetDependencyChain = await asyncMap(dependencyChain, async (dep) => {
-    return {
-      ...dep,
-      bin: dep.version ? await downloadAndExtractNugetPackage(dep.packageName, dep.version, tmpDir) : void 0
-    };
+    const binFiles = [];
+    if (dep.version) {
+      try {
+        const extracted = await downloadAndExtractNugetPackage(dep.packageName, dep.version, tmpDir);
+        if (extracted)
+          binFiles.push(...extracted);
+      } catch (e) {
+        logger.warn(`${e.message}`);
+      }
+      const runtimeFiles = findStdlibRuntimeFiles(dep.packageName, runtimeFileIndex);
+      if (runtimeFiles)
+        binFiles.push(...runtimeFiles);
+    }
+    return { ...dep, bin: binFiles.length > 0 ? binFiles : void 0 };
   }, 4);
   return nugetDependencyChain;
 }
@@ -96592,23 +96609,109 @@ async function findNuGetPackageInLocalRepo(repo, packageName, version3, tmpDir)
   const nupkgFile = allFiles.find((file) => basename7(file).toLowerCase() === targetNupkg);
   return nupkgFile ? extractNugetPackage(nupkgFile, packageName, version3, tmpDir) : void 0;
 }
+async function getDotnetRuntimeSharedPaths() {
+  const result = await execNeverFail2(cmdt`dotnet --list-runtimes`);
+  if (result.error ?? !result.stdout)
+    return [];
+  const paths = [];
+  for (const line of result.stdout.split("\n")) {
+    const match2 = line.trim().match(/^(\S+)\s+(\S+)\s+\[(.+)\]$/);
+    if (match2) {
+      const runtimeDir = resolve9(match2[3], match2[2]);
+      if (existsSync7(runtimeDir)) {
+        paths.push(runtimeDir);
+      }
+    }
+  }
+  return paths;
+}
+async function buildRuntimeFileIndex(runtimePaths) {
+  const index2 = /* @__PURE__ */ new Map();
+  for (const runtimePath of runtimePaths) {
+    try {
+      const entries = await readdir4(runtimePath, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isFile())
+          continue;
+        const name2 = entry.name.toLowerCase();
+        const fullPath = resolve9(runtimePath, entry.name);
+        const existing = index2.get(name2);
+        if (existing) {
+          existing.push(fullPath);
+        } else {
+          index2.set(name2, [fullPath]);
+        }
+      }
+    } catch (e) {
+      logger.debug(`Failed to read runtime path ${runtimePath}: ${e.message}`);
+    }
+  }
+  return index2;
+}
+function findStdlibRuntimeFiles(packageName, runtimeFileIndex) {
+  if (runtimeFileIndex.size === 0)
+    return void 0;
+  const possibleFileNames = /* @__PURE__ */ new Set();
+  if (packageName.toLowerCase() === "netstandard.library") {
+    possibleFileNames.add("netstandard.dll");
+  } else {
+    const lowerName = packageName.toLowerCase();
+    const componentName = lowerName.startsWith("runtime.native.") ? lowerName.slice("runtime.native.".length) : lowerName;
+    const nameVariants = [componentName, `${componentName}.Native`];
+    const lastDotIndex = componentName.lastIndexOf(".");
+    if (lastDotIndex !== -1) {
+      nameVariants.push(componentName.slice(0, lastDotIndex) + ".Native" + componentName.slice(lastDotIndex));
+    }
+    for (const name2 of nameVariants) {
+      possibleFileNames.add(`${name2}.dll`.toLowerCase());
+      possibleFileNames.add(`lib${name2}.dylib`.toLowerCase());
+      possibleFileNames.add(`lib${name2}.so`.toLowerCase());
+    }
+  }
+  const matchedFiles = [];
+  for (const fileName2 of possibleFileNames) {
+    const files = runtimeFileIndex.get(fileName2);
+    if (files)
+      matchedFiles.push(...files);
+  }
+  return matchedFiles.length > 0 ? matchedFiles : void 0;
+}
 async function convertSocketArtifacts(artifacts, tmpDir) {
   const localRepositories = getNuGetLocalRepositoryPaths();
+  const runtimePaths = await getDotnetRuntimeSharedPaths();
+  const runtimeFileIndex = await buildRuntimeFileIndex(runtimePaths);
   async function resolveNuGetPackage(packageName, version3) {
+    const binFiles = [];
     for (const repo of localRepositories) {
       const localPackage = await findNuGetPackageInLocalRepo(repo, packageName, version3, tmpDir);
-      if (localPackage)
-        return localPackage;
+      if (localPackage) {
+        binFiles.push(...localPackage);
+        break;
+      }
+    }
+    if (binFiles.length === 0) {
+      const downloaded = await downloadAndExtractNugetPackage(packageName, version3, tmpDir);
+      if (downloaded)
+        binFiles.push(...downloaded);
     }
-    return await downloadAndExtractNugetPackage(packageName, version3, tmpDir);
+    const runtimeFiles = findStdlibRuntimeFiles(packageName, runtimeFileIndex);
+    if (runtimeFiles)
+      binFiles.push(...runtimeFiles);
+    return binFiles.length > 0 ? binFiles : void 0;
   }
   const deps = {};
   const depIdToPurl = /* @__PURE__ */ new Map();
   await asyncForEach(artifacts, async (artifact) => {
     depIdToPurl.set(artifact.id, getPurlFromSocketFactArtifact(artifact));
-    deps[artifact.id] = {
-      bin: artifact.name && artifact.version ? await resolveNuGetPackage(artifact.name, artifact.version) : void 0
-    };
+    let bin;
+    if (artifact.name && artifact.version) {
+      try {
+        bin = await resolveNuGetPackage(artifact.name, artifact.version);
+      } catch (e) {
+        logger.warn(`${e.message}`);
+      }
+    }
+    deps[artifact.id] = { bin };
   }, 4);
   return { deps, depIdToPurl };
 }
@@ -112659,7 +112762,7 @@ ${msg}`;
     await this.updateVirtualEnvInfo(tmpDir, installStats);
   }
   async updateVirtualEnvInfo(virtualEnvFolder, packageInstallationStats) {
-    const entries = await readdir4(join17(virtualEnvFolder, ".venv", "lib"));
+    const entries = await readdir5(join17(virtualEnvFolder, ".venv", "lib"));
     const pydir = entries.find((entry) => entry.startsWith("python"));
     assert6(pydir, `No python* directory found in virtual environment: ${util5.inspect(entries)}`);
     this.virtualEnvInfo = {
@@ -112756,7 +112859,7 @@ async function setupMambalade() {
   logger.debug(`Using Python interpreter: ${python}`);
   await exec2(cmdt`${uvCommand} venv --no-project --no-config --python=${python} .`, venvDir);
   const mambaladeWheelsPath = ToolPathResolver.mambaladeDistPath;
-  const mambaladeWheels = (await readdir4(mambaladeWheelsPath)).filter((f2) => f2.endsWith(".whl")).map((f2) => join17(mambaladeWheelsPath, f2));
+  const mambaladeWheels = (await readdir5(mambaladeWheelsPath)).filter((f2) => f2.endsWith(".whl")).map((f2) => join17(mambaladeWheelsPath, f2));
   if (!mambaladeWheels.length)
     throw new Error(`No mambalade wheel files found in ${mambaladeWheelsPath}`);
   logger.debug(`Installing mambalade wheels: ${mambaladeWheels.join(", ")}`);
@@ -113801,7 +113904,7 @@ import { resolve as resolve21 } from "path";
 // dist/whole-program-code-aware-vulnerability-scanner/ruby/ruby-code-aware-vulnerability-scanner.js
 var import_lodash20 = __toESM(require_lodash(), 1);
 import { createWriteStream as createWriteStream5, existsSync as existsSync15 } from "fs";
-import { mkdir as mkdir9, readdir as readdir5, readFile as readFile13, rm as rm7 } from "fs/promises";
+import { mkdir as mkdir9, readdir as readdir6, readFile as readFile13, rm as rm7 } from "fs/promises";
 import { join as join18, relative as relative9 } from "path";
 import { pipeline as pipeline3 } from "stream/promises";
 var PRINT_ANALYSIS_COMMAND = false;
@@ -113954,12 +114057,12 @@ var RubyCodeAwareVulnerabilityScanner = class {
     }
     const bundlerGemsDir = join18(this.vendorDir, "bundle", "ruby");
     if (existsSync15(bundlerGemsDir)) {
-      const rubyVersions = await readdir5(bundlerGemsDir);
+      const rubyVersions = await readdir6(bundlerGemsDir);
       for (const rubyVersion of rubyVersions) {
         const gemsDir = join18(bundlerGemsDir, rubyVersion, "gems");
         if (existsSync15(gemsDir)) {
           const nameToEntry = /* @__PURE__ */ new Map();
-          for (const entry of await readdir5(gemsDir, { withFileTypes: true }))
+          for (const entry of await readdir6(gemsDir, { withFileTypes: true }))
             if (entry.isDirectory()) {
               const match2 = entry.name.match(/^([\w-_]+)-(\d+\.\d+\.\d+)/);
               if (match2)