@coana-tech/cli 14.12.87 → 14.12.89

package/cli.mjs

@@ -221274,7 +221274,8 @@ var NpmSocketUpgradeManager = class {
       const oldFileContent = await readFile16(resolve19(this.rootDir, lockfile2), "utf-8");
       let result;
       if (this.packageLockMatcher(lockfile2)) {
-        const command = mode === "LOCKFILE_ONLY" ? cmdt`npm install --package-lock-only --loglevel=verbose` : cmdt`npm install -f --ignore-scripts --no-fund --no-audit --no-progress --loglevel=verbose`;
+        const npmBin = await getNpmBin();
+        const command = mode === "LOCKFILE_ONLY" ? cmdt`${npmBin} install --package-lock-only --loglevel=verbose` : cmdt`${npmBin} install -f --ignore-scripts --no-fund --no-audit --no-progress --loglevel=verbose`;
         result = await execNeverFail(command, lockfileDir);
       } else if (this.pnpmLockMatcher(lockfile2)) {
         const command = mode === "LOCKFILE_ONLY" ? cmdt`pnpm install --lockfile-only` : cmdt`pnpm install --ignore-scripts --fix-lockfile --config.confirmModulesPurge=false`;
@@ -245916,7 +245917,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.87";
+var version2 = "14.12.89";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.87",
+  "version": "14.12.89",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -89812,27 +89812,20 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
   }
   static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
     const apps = {
-      [randomUUID()]: {
+      "<app>": {
         src: dependencyTree.src,
-        bin: dependencyTree.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: dependencyTree.bin
       }
     };
     const deps = {};
     const depIdToPurl = /* @__PURE__ */ new Map();
-    Object.values(dependencyTree.transitiveDependencies).forEach((dep) => {
-      const uuid = randomUUID();
-      depIdToPurl.set(uuid, getNugetPurl(dep.packageName, dep.version ?? void 0));
-      deps[uuid] = {
+    for (const [depId, dep] of Object.entries(dependencyTree.transitiveDependencies)) {
+      depIdToPurl.set(depId, getNugetPurl(dep.packageName, dep.version ?? void 0));
+      deps[depId] = {
         src: dep.src,
-        bin: dep.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: dep.bin
       };
-    });
+    }
     return new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async initFromSocketArtifacts(subprojectDir, manifestFiles, artifacts, tmpDir, timeoutInSeconds, statusUpdater) {
@@ -89842,13 +89835,8 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       return project?.sourceFiles ?? [];
     });
     const apps = {
-      [randomUUID()]: {
-        src: i(src),
-        bin: void 0,
-        // TODO: Extract from manifest file!
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+      "<app>": {
+        src: i(src)
       }
     };
     const { deps, depIdToPurl } = await convertSocketArtifacts(artifacts, tmpDir);
@@ -89856,11 +89844,8 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
   }
   static async runOnAlreadyDownloadedPackages([appPath, ...depPaths], vulnerability, options) {
     const apps = {
-      [randomUUID()]: {
-        bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath],
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+      "<app>": {
+        bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath]
       }
     };
     const deps = {};
@@ -89869,10 +89854,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const uuid = randomUUID();
       depIdToPurl.set(uuid, getNugetPurl("", void 0));
       deps[uuid] = {
-        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath],
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath]
       };
     }
     const scanner = new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
@@ -89889,12 +89871,9 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       try {
         const nugetDependencyChain = await convertDependencyChain(dependencyChain, tmpDir);
         const apps = {
-          [randomUUID()]: {
+          "<app>": {
             src: nugetDependencyChain[0].src,
-            bin: nugetDependencyChain[0].bin,
-            ecosystemSpecificPackageInfo: {
-              type: "DOTNET"
-            }
+            bin: nugetDependencyChain[0].bin
           }
         };
         const deps = {};
@@ -89904,10 +89883,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
           depIdToPurl.set(uuid, getNugetPurl(dep.packageName, dep.version ?? void 0));
           deps[uuid] = {
             src: dep.src,
-            bin: dep.bin,
-            ecosystemSpecificPackageInfo: {
-              type: "DOTNET"
-            }
+            bin: dep.bin
           };
         });
         const scanner = new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
@@ -89996,9 +89972,9 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintNugetPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -90109,12 +90085,8 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
   const deps = {};
   const depIdToPurl = /* @__PURE__ */ new Map();
   await asyncForEach(artifacts, async (artifact) => {
-    const uuid = randomUUID();
-    depIdToPurl.set(uuid, getPurlFromSocketFactArtifact(artifact));
-    deps[uuid] = {
-      ecosystemSpecificPackageInfo: {
-        type: "DOTNET"
-      },
+    depIdToPurl.set(artifact.id, getPurlFromSocketFactArtifact(artifact));
+    deps[artifact.id] = {
       bin: artifact.name && artifact.version ? await resolveNuGetPackage(artifact.name, artifact.version) : void 0
     };
   }, 4);
@@ -90123,6 +90095,7 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
 
 // dist/whole-program-code-aware-vulnerability-scanner/java/java-code-aware-vulnerability-scanner.js
 var import_lodash8 = __toESM(require_lodash(), 1);
+var import_adm_zip2 = __toESM(require_adm_zip(), 1);
 import { existsSync as existsSync8 } from "node:fs";
 import { mkdir as mkdir2, readFile as readFile7, writeFile as writeFile4 } from "node:fs/promises";
 import { basename as basename6, dirname as dirname6, resolve as resolve9 } from "node:path";
@@ -103760,7 +103733,7 @@ import { randomUUID as randomUUID2 } from "node:crypto";
 
 // dist/whole-program-code-aware-vulnerability-scanner/java/constants.js
 import { join as join13 } from "node:path";
-var alucardPath = join13(COANA_REPOS_PATH(), "alucard", "alucard.jar");
+var javapServicePath = join13(COANA_REPOS_PATH(), "javap-service", "javap-service.jar");
 var treeSitterJavaPath = join13(REPOS_PATH(), "tree-sitter", "tree-sitter-java");
 var treeSitterKotlinPath = join13(REPOS_PATH(), "fwcd", "tree-sitter-kotlin");
 var treeSitterScalaPath = join13(COANA_REPOS_PATH(), "tree-sitter-scala");
@@ -103782,30 +103755,23 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
     this.timeoutInSeconds = timeoutInSeconds;
     this.statusUpdater = statusUpdater;
   }
-  static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
+  static async initFromDependencyTree(dependencyTree, tmpDir, timeoutInSeconds, statusUpdater) {
     const apps = {
-      [randomUUID2()]: {
-        src: dependencyTree.src,
-        bin: dependencyTree.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      "<app>": {
+        src: dependencyTree.src
       }
     };
     const deps = {};
     const depIdToPurl = /* @__PURE__ */ new Map();
-    Object.values(dependencyTree.transitiveDependencies).forEach((dep) => {
-      const uuid = randomUUID2();
+    for (const [depId, dep] of Object.entries(dependencyTree.transitiveDependencies)) {
       const [groupId, artifactId] = dep.packageName.split(":");
-      depIdToPurl.set(uuid, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
-      deps[uuid] = {
+      depIdToPurl.set(depId, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
+      deps[depId] = {
         src: dep.src,
-        bin: dep.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+        bin: dep.bin
       };
-    });
+    }
+    await extractArchivesIfNeeded(tmpDir, apps, deps);
     return new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async initFromSocketArtifacts(subprojectDir, artifacts, tmpDir, timeoutInSeconds, statusUpdater) {
@@ -103813,55 +103779,40 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       cwd: subprojectDir,
       absolute: true
     });
-    const binDirs = await glob(["{**/,}target/classes", "{**/,}target/scala-*/classes", "{**/,}build/classes/*/{main,test}"], {
-      cwd: subprojectDir,
-      absolute: true
-    });
-    const binJars = await glob(["{**/,}target/*.{jar,ear,war}", "{**/,}target/scala-*/*.{jar,ear,war}", "{**/,}build/**/*.{jar,ear,war}"], {
-      cwd: subprojectDir,
-      absolute: true,
-      ignore: ["{**/,}build/{tmp,intermediates,cache}/**"]
-    });
     const apps = {
-      [randomUUID2()]: {
-        src: i(srcDirs),
-        bin: i(binDirs.concat(binJars)),
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      "<app>": {
+        src: i(srcDirs)
       }
     };
     const { deps, depIdToPurl } = await convertSocketArtifacts2(subprojectDir, artifacts, tmpDir);
+    await extractArchivesIfNeeded(tmpDir, apps, deps);
     return new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async runOnAlreadyDownloadedPackages([appPath, ...depPaths], vulnerability, options) {
-    const apps = {};
-    apps[randomUUID2()] = {
-      bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath],
-      ecosystemSpecificPackageInfo: {
-        type: "JVM"
+    return withTmpDirectory("java-run-on-dependency-chain", async (tmpDir) => {
+      const apps = {};
+      apps[randomUUID2()] = {
+        bin: [appPath]
+      };
+      const deps = {};
+      const depIdToPurl = /* @__PURE__ */ new Map();
+      for (const depPath of depPaths) {
+        const uuid = randomUUID2();
+        depIdToPurl.set(uuid, getMavenPurl("", "", void 0, void 0, void 0));
+        deps[uuid] = {
+          bin: [depPath]
+        };
       }
-    };
-    const deps = {};
-    const depIdToPurl = /* @__PURE__ */ new Map();
-    for (const depPath of depPaths) {
-      const uuid = randomUUID2();
-      depIdToPurl.set(uuid, getMavenPurl("", "", void 0, void 0, void 0));
-      deps[uuid] = {
-        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath],
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      await extractArchivesIfNeeded(tmpDir, apps, deps);
+      const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
+      const result = await scanner.runAnalysis([vulnerability], AlucardHeuristics.ALL_PACKAGES, false);
+      if (result.type === "error")
+        return { error: result.message, terminatedEarly: true };
+      return {
+        detectedOccurrences: result.computeDetectedOccurrences(vulnerability),
+        terminatedEarly: result.terminatedEarly
       };
-    }
-    const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
-    const result = await scanner.runAnalysis([vulnerability], AlucardHeuristics.ALL_PACKAGES, false);
-    if (result.type === "error")
-      return { error: result.message, terminatedEarly: true };
-    return {
-      detectedOccurrences: result.computeDetectedOccurrences(vulnerability),
-      terminatedEarly: result.terminatedEarly
-    };
+    });
   }
   static async runOnDependencyChain(dependencyChain, vulnerability, timeoutInSeconds, statusUpdater) {
     return withTmpDirectory("java-run-on-dependency-chain", async (tmpDir) => {
@@ -103870,10 +103821,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
         const apps = {
           [randomUUID2()]: {
             src: mavenDependencyChain[0].src,
-            bin: mavenDependencyChain[0].bin,
-            ecosystemSpecificPackageInfo: {
-              type: "JVM"
-            }
+            bin: mavenDependencyChain[0].bin
           }
         };
         const deps = {};
@@ -103884,12 +103832,10 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
           depIdToPurl.set(uuid, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
           deps[uuid] = {
             src: dep.src,
-            bin: dep.bin,
-            ecosystemSpecificPackageInfo: {
-              type: "JVM"
-            }
+            bin: dep.bin
           };
         });
+        await extractArchivesIfNeeded(tmpDir, apps, deps);
         const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
         const result = await scanner.actuallyRunAnalysis(vulnerability.vulnerabilityAccessPaths);
         if (result.type === "error")
@@ -103914,7 +103860,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = this.timeoutInSeconds ? Math.max(this.timeoutInSeconds * 1.5, this.timeoutInSeconds + 30) * 1e3 : 750 * 1e3;
-      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${javapServicePath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -103948,7 +103894,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = this.timeoutInSeconds ? Math.max(this.timeoutInSeconds * 1.5, this.timeoutInSeconds + 30) * 1e3 : 750 * 1e3;
-      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${javapServicePath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -103976,9 +103922,9 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintMavenPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -104089,17 +104035,36 @@ async function convertSocketArtifacts2(rootDir, artifacts, tmpDir) {
     ]);
     const pomFile = manifestFilesForArtifact.find((manifestFile) => pomMatcher(basename6(manifestFile)));
     const artifactFile = artifact.namespace && artifact.name && artifact.version ? await resolveArtifact(artifact.namespace, artifact.name, artifact.qualifiers?.ext, artifact.qualifiers?.classifier, artifact.version, pomFile) : void 0;
-    const uuid = randomUUID2();
-    depIdToPurl.set(uuid, getPurlFromSocketFactArtifact(artifact));
-    deps[uuid] = {
-      ecosystemSpecificPackageInfo: {
-        type: "JVM"
-      },
+    depIdToPurl.set(artifact.id, getPurlFromSocketFactArtifact(artifact));
+    deps[artifact.id] = {
       bin: artifactFile ? [artifactFile] : void 0
     };
   }, 4);
   return { deps, depIdToPurl };
 }
+async function extractArchivesIfNeeded(tmpDir, apps, deps) {
+  const allPackages = { ...apps, ...deps };
+  await asyncForEach(Object.values(allPackages), async (packageInfo) => {
+    if (!packageInfo.bin?.length)
+      return;
+    const extractDir = resolve9(tmpDir, randomUUID2());
+    await mkdir2(extractDir, { recursive: true });
+    let anySucceeded = false;
+    const failedBinPaths = [];
+    for (const binPath of packageInfo.bin) {
+      try {
+        const zip = new import_adm_zip2.default(binPath);
+        zip.extractAllTo(extractDir, true);
+        anySucceeded = true;
+      } catch (error) {
+        failedBinPaths.push(binPath);
+      }
+    }
+    if (anySucceeded) {
+      packageInfo.bin = [extractDir, ...failedBinPaths];
+    }
+  }, 8);
+}
 
 // dist/whole-program-code-aware-vulnerability-scanner/js/js-code-aware-vulnerability-scanner.js
 import { mkdtempSync } from "fs";
@@ -110222,14 +110187,13 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
     const appDependencies = {};
     if (dependencyTree.dependenciesWithAliases) {
       for (const [depId, names] of Object.entries(dependencyTree.dependenciesWithAliases)) {
-        appDependencies[depId] = { names };
+        appDependencies[depId] = names;
       }
     }
     const apps = {
       "<app>": {
         src: dependencyTree.src,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: dependencyTree.packageName.replaceAll("-", "_"),
           dependencies: appDependencies
         }
@@ -110242,13 +110206,12 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const dependencies = {};
       if (dep.dependenciesWithAliases) {
         for (const [transDepId, names] of Object.entries(dep.dependenciesWithAliases)) {
-          dependencies[transDepId] = { names };
+          dependencies[transDepId] = names;
         }
       }
       deps[depId] = {
         src: dep.src,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: dep.packageName.replaceAll("-", "_"),
           dependencies
         }
@@ -110287,7 +110250,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       for (const artifact of directDepArtifacts) {
         const names = artifact.name ? cargoTomlDeps.get(artifact.name) ?? [artifact.name] : [];
         if (names.length > 0) {
-          dependencies[artifact.id] = { names };
+          dependencies[artifact.id] = names;
         }
       }
     } else {
@@ -110296,15 +110259,14 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const directDepArtifacts = cargoTomlToArtifacts.get(cargoTomlRelativePath) ?? [];
       for (const artifact of directDepArtifacts) {
         if (artifact.name) {
-          dependencies[artifact.id] = { names: [artifact.name] };
+          dependencies[artifact.id] = [artifact.name];
         }
       }
     }
     const apps = {
       "<app>": {
         src: appSrc,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: appCrateName,
           dependencies
         }
@@ -110351,14 +110313,13 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       for (const [packageName, names] of cargoTomlDeps.entries()) {
         const depId = packageNameToId.get(packageName);
         if (depId) {
-          dependencies[depId] = { names };
+          dependencies[depId] = names;
         }
       }
       const packageId = packageNameToId.get(crateInfo.name);
       const packageInfo = {
         src: isApp ? i([crateInfo.lib, ...crateInfo.examples ?? [], ...crateInfo.tests ?? []]) : [crateInfo.lib],
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: crateInfo.name.replaceAll("-", "_"),
           dependencies
         }
@@ -110397,7 +110358,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
             for (const [packageName, names] of cargoTomlDeps.entries()) {
               const depId = packageNameToId.get(packageName);
               if (depId) {
-                appDependencies[depId] = { names };
+                appDependencies[depId] = names;
               }
             }
           }
@@ -110405,8 +110366,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
         const apps = {
           "<app>": {
             src: rustDependencyChain[0].src,
-            ecosystemSpecificPackageInfo: {
-              type: "RUST",
+            packageInfo: {
               crate: rustDependencyChain[0].packageName.replaceAll("-", "_"),
               dependencies: appDependencies
             }
@@ -110425,15 +110385,14 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
               for (const [packageName, names] of cargoTomlDeps.entries()) {
                 const transDepId = packageNameToId.get(packageName);
                 if (transDepId) {
-                  dependencies[transDepId] = { names };
+                  dependencies[transDepId] = names;
                 }
               }
             }
           }
           deps[packageId] = {
             src: dep.src,
-            ecosystemSpecificPackageInfo: {
-              type: "RUST",
+            packageInfo: {
               crate: dep.packageName.replaceAll("-", "_"),
               dependencies
             }
@@ -110529,9 +110488,9 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintCargoPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -110682,14 +110641,13 @@ async function convertSocketArtifacts3(artifacts, tmpDir, artifactNameToId) {
         for (const [packageName, names] of cargoTomlDeps.entries()) {
           const depArtifactId = artifactNameToId.get(packageName);
           if (depArtifactId) {
-            dependencies[depArtifactId] = { names };
+            dependencies[depArtifactId] = names;
           }
         }
       }
     }
     deps[artifact.id] = {
-      ecosystemSpecificPackageInfo: {
-        type: "RUST",
+      packageInfo: {
         crate: artifact.name?.replaceAll("-", "_") ?? "",
         dependencies
       },
@@ -110714,8 +110672,8 @@ async function extractDependenciesFromCargoToml(cargoTomlPath) {
         actualPackageName = key;
       } else if (dep instanceof TOMLTable) {
         const packageNameValue = dep.package;
-        if (packageNameValue instanceof TOMLScalar) {
-          actualPackageName = String(packageNameValue[value]);
+        if (packageNameValue instanceof TOMLScalar && typeof packageNameValue[value] === "string") {
+          actualPackageName = packageNameValue[value];
         } else {
           actualPackageName = key;
         }
@@ -110757,19 +110715,19 @@ async function getCrateInfo(cargoTomlPath) {
   const packageSection = getNestedValue(parsed, "package");
   if (packageSection instanceof TOMLTable) {
     const packageName = packageSection.name;
-    if (packageName instanceof TOMLScalar) {
-      name2 = String(packageName[value]);
+    if (packageName instanceof TOMLScalar && typeof packageName[value] === "string") {
+      name2 = packageName[value];
     }
     const packageVersion = packageSection.version;
-    if (packageVersion instanceof TOMLScalar) {
-      version3 = String(packageVersion[value]);
+    if (packageVersion instanceof TOMLScalar && typeof packageVersion[value] === "string") {
+      version3 = packageVersion[value];
     }
   }
   const libSection = parsed.lib;
   if (libSection instanceof TOMLTable) {
     const libPath = libSection.path;
-    if (libPath instanceof TOMLScalar) {
-      lib = dirname13(resolve15(cargoTomlDir, String(libPath[value])));
+    if (libPath instanceof TOMLScalar && typeof libPath[value] === "string") {
+      lib = dirname13(resolve15(cargoTomlDir, libPath[value]));
     }
   }
   const exampleSection = parsed.example;
@@ -110778,8 +110736,8 @@ async function getCrateInfo(cargoTomlPath) {
     exampleSection.forEach((example) => {
       if (example instanceof TOMLTable) {
         const examplePath = example.path;
-        if (examplePath instanceof TOMLScalar) {
-          examples?.push(dirname13(resolve15(cargoTomlDir, String(examplePath[value]))));
+        if (examplePath instanceof TOMLScalar && typeof examplePath[value] === "string") {
+          examples?.push(dirname13(resolve15(cargoTomlDir, examplePath[value])));
         }
       }
     });
@@ -110790,8 +110748,8 @@ async function getCrateInfo(cargoTomlPath) {
     testSection.forEach((test3) => {
       if (test3 instanceof TOMLTable) {
         const testPath = test3.path;
-        if (testPath instanceof TOMLScalar) {
-          tests?.push(dirname13(resolve15(cargoTomlDir, String(testPath[value]))));
+        if (testPath instanceof TOMLScalar && typeof testPath[value] === "string") {
+          tests?.push(dirname13(resolve15(cargoTomlDir, testPath[value])));
         }
       }
     });
@@ -112031,13 +111989,13 @@ var MavenAnalyzer = class {
   }
   async runPhantomDependencyAnalysis() {
     return withTmpDirectory("maven-phantom-dependency-analysis", async (tmpDir) => {
-      const scanner = this.state.workspaceData.type === "coana" ? JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir);
+      const scanner = this.state.workspaceData.type === "coana" ? await JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, tmpDir) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir);
       return scanner.runPhantomDependencyAnalysis();
     });
   }
   async runReachabilityAnalysis(vulns, analysisMetadataCollector, statusUpdater) {
     return withTmpDirectory("maven-reachability-analysis", async (tmpDir) => {
-      const scanner = this.state.workspaceData.type === "coana" ? JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater);
+      const scanner = this.state.workspaceData.type === "coana" ? await JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater);
       const heuristicsInOrder = [AlucardHeuristics.ALL_PACKAGES];
       return await analyzeWithHeuristics(this.state, vulns, heuristicsInOrder, false, scanner, analysisMetadataCollector, statusUpdater);
     });