npm - @coana-tech/cli - Versions diffs - 14.12.88 → 14.12.90 - Mend

@coana-tech/cli 14.12.88 → 14.12.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/cli.mjs +19702 -21078
package/package.json +1 -1
package/reachability-analyzers-cli.mjs +118 -160
package/repos/coana-tech/class-graph-analysis/dist/bundle/class-graph-analysis-cli.mjs +8062 -3647
package/repos/coana-tech/cocoa/release/Coana.Cocoa.dll +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/repos/coana-tech/alucard/alucard.jar +0 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.88",
+  "version": "14.12.90",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -89812,27 +89812,20 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
   }
   static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
     const apps = {
-      [randomUUID()]: {
+      "<app>": {
         src: dependencyTree.src,
-        bin: dependencyTree.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: dependencyTree.bin
       }
     };
     const deps = {};
     const depIdToPurl = /* @__PURE__ */ new Map();
-    Object.values(dependencyTree.transitiveDependencies).forEach((dep) => {
-      const uuid = randomUUID();
-      depIdToPurl.set(uuid, getNugetPurl(dep.packageName, dep.version ?? void 0));
-      deps[uuid] = {
+    for (const [depId, dep] of Object.entries(dependencyTree.transitiveDependencies)) {
+      depIdToPurl.set(depId, getNugetPurl(dep.packageName, dep.version ?? void 0));
+      deps[depId] = {
         src: dep.src,
-        bin: dep.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: dep.bin
       };
-    });
+    }
     return new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async initFromSocketArtifacts(subprojectDir, manifestFiles, artifacts, tmpDir, timeoutInSeconds, statusUpdater) {
@@ -89842,13 +89835,8 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       return project?.sourceFiles ?? [];
     });
     const apps = {
-      [randomUUID()]: {
-        src: i(src),
-        bin: void 0,
-        // TODO: Extract from manifest file!
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+      "<app>": {
+        src: i(src)
       }
     };
     const { deps, depIdToPurl } = await convertSocketArtifacts(artifacts, tmpDir);
@@ -89856,11 +89844,8 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
   }
   static async runOnAlreadyDownloadedPackages([appPath, ...depPaths], vulnerability, options) {
     const apps = {
-      [randomUUID()]: {
-        bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath],
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+      "<app>": {
+        bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath]
       }
     };
     const deps = {};
@@ -89869,10 +89854,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       const uuid = randomUUID();
       depIdToPurl.set(uuid, getNugetPurl("", void 0));
       deps[uuid] = {
-        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath],
-        ecosystemSpecificPackageInfo: {
-          type: "DOTNET"
-        }
+        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath]
       };
     }
     const scanner = new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
@@ -89889,12 +89871,9 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       try {
         const nugetDependencyChain = await convertDependencyChain(dependencyChain, tmpDir);
         const apps = {
-          [randomUUID()]: {
+          "<app>": {
             src: nugetDependencyChain[0].src,
-            bin: nugetDependencyChain[0].bin,
-            ecosystemSpecificPackageInfo: {
-              type: "DOTNET"
-            }
+            bin: nugetDependencyChain[0].bin
           }
         };
         const deps = {};
@@ -89904,10 +89883,7 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
           depIdToPurl.set(uuid, getNugetPurl(dep.packageName, dep.version ?? void 0));
           deps[uuid] = {
             src: dep.src,
-            bin: dep.bin,
-            ecosystemSpecificPackageInfo: {
-              type: "DOTNET"
-            }
+            bin: dep.bin
           };
         });
         const scanner = new _DotnetCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
@@ -89996,9 +89972,9 @@ var DotnetCodeAwareVulnerabilityScanner = class _DotnetCodeAwareVulnerabilitySca
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintNugetPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -90109,12 +90085,8 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
   const deps = {};
   const depIdToPurl = /* @__PURE__ */ new Map();
   await asyncForEach(artifacts, async (artifact) => {
-    const uuid = randomUUID();
-    depIdToPurl.set(uuid, getPurlFromSocketFactArtifact(artifact));
-    deps[uuid] = {
-      ecosystemSpecificPackageInfo: {
-        type: "DOTNET"
-      },
+    depIdToPurl.set(artifact.id, getPurlFromSocketFactArtifact(artifact));
+    deps[artifact.id] = {
       bin: artifact.name && artifact.version ? await resolveNuGetPackage(artifact.name, artifact.version) : void 0
     };
   }, 4);
@@ -90123,6 +90095,7 @@ async function convertSocketArtifacts(artifacts, tmpDir) {
 // dist/whole-program-code-aware-vulnerability-scanner/java/java-code-aware-vulnerability-scanner.js
 var import_lodash8 = __toESM(require_lodash(), 1);
+var import_adm_zip2 = __toESM(require_adm_zip(), 1);
 import { existsSync as existsSync8 } from "node:fs";
 import { mkdir as mkdir2, readFile as readFile7, writeFile as writeFile4 } from "node:fs/promises";
 import { basename as basename6, dirname as dirname6, resolve as resolve9 } from "node:path";
@@ -103760,7 +103733,7 @@ import { randomUUID as randomUUID2 } from "node:crypto";
 // dist/whole-program-code-aware-vulnerability-scanner/java/constants.js
 import { join as join13 } from "node:path";
-var alucardPath = join13(COANA_REPOS_PATH(), "alucard", "alucard.jar");
+var javapServicePath = join13(COANA_REPOS_PATH(), "javap-service", "javap-service.jar");
 var treeSitterJavaPath = join13(REPOS_PATH(), "tree-sitter", "tree-sitter-java");
 var treeSitterKotlinPath = join13(REPOS_PATH(), "fwcd", "tree-sitter-kotlin");
 var treeSitterScalaPath = join13(COANA_REPOS_PATH(), "tree-sitter-scala");
@@ -103782,30 +103755,23 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
     this.timeoutInSeconds = timeoutInSeconds;
     this.statusUpdater = statusUpdater;
   }
-  static initFromDependencyTree(dependencyTree, timeoutInSeconds, statusUpdater) {
+  static async initFromDependencyTree(dependencyTree, tmpDir, timeoutInSeconds, statusUpdater) {
     const apps = {
-      [randomUUID2()]: {
-        src: dependencyTree.src,
-        bin: dependencyTree.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      "<app>": {
+        src: dependencyTree.src
       }
     };
     const deps = {};
     const depIdToPurl = /* @__PURE__ */ new Map();
-    Object.values(dependencyTree.transitiveDependencies).forEach((dep) => {
-      const uuid = randomUUID2();
+    for (const [depId, dep] of Object.entries(dependencyTree.transitiveDependencies)) {
       const [groupId, artifactId] = dep.packageName.split(":");
-      depIdToPurl.set(uuid, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
-      deps[uuid] = {
+      depIdToPurl.set(depId, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
+      deps[depId] = {
         src: dep.src,
-        bin: dep.bin,
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+        bin: dep.bin
       };
-    });
+    }
+    await extractArchivesIfNeeded(tmpDir, apps, deps);
     return new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async initFromSocketArtifacts(subprojectDir, artifacts, tmpDir, timeoutInSeconds, statusUpdater) {
@@ -103813,55 +103779,40 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       cwd: subprojectDir,
       absolute: true
     });
-    const binDirs = await glob(["{**/,}target/classes", "{**/,}target/scala-*/classes", "{**/,}build/classes/*/{main,test}"], {
-      cwd: subprojectDir,
-      absolute: true
-    });
-    const binJars = await glob(["{**/,}target/*.{jar,ear,war}", "{**/,}target/scala-*/*.{jar,ear,war}", "{**/,}build/**/*.{jar,ear,war}"], {
-      cwd: subprojectDir,
-      absolute: true,
-      ignore: ["{**/,}build/{tmp,intermediates,cache}/**"]
-    });
     const apps = {
-      [randomUUID2()]: {
-        src: i(srcDirs),
-        bin: i(binDirs.concat(binJars)),
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      "<app>": {
+        src: i(srcDirs)
       }
     };
     const { deps, depIdToPurl } = await convertSocketArtifacts2(subprojectDir, artifacts, tmpDir);
+    await extractArchivesIfNeeded(tmpDir, apps, deps);
     return new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
   }
   static async runOnAlreadyDownloadedPackages([appPath, ...depPaths], vulnerability, options) {
-    const apps = {};
-    apps[randomUUID2()] = {
-      bin: await isDirectory(appPath) ? await getFiles(appPath) : [appPath],
-      ecosystemSpecificPackageInfo: {
-        type: "JVM"
+    return withTmpDirectory("java-run-on-dependency-chain", async (tmpDir) => {
+      const apps = {};
+      apps[randomUUID2()] = {
+        bin: [appPath]
+      };
+      const deps = {};
+      const depIdToPurl = /* @__PURE__ */ new Map();
+      for (const depPath of depPaths) {
+        const uuid = randomUUID2();
+        depIdToPurl.set(uuid, getMavenPurl("", "", void 0, void 0, void 0));
+        deps[uuid] = {
+          bin: [depPath]
+        };
       }
-    };
-    const deps = {};
-    const depIdToPurl = /* @__PURE__ */ new Map();
-    for (const depPath of depPaths) {
-      const uuid = randomUUID2();
-      depIdToPurl.set(uuid, getMavenPurl("", "", void 0, void 0, void 0));
-      deps[uuid] = {
-        bin: await isDirectory(depPath) ? await getFiles(depPath) : [depPath],
-        ecosystemSpecificPackageInfo: {
-          type: "JVM"
-        }
+      await extractArchivesIfNeeded(tmpDir, apps, deps);
+      const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
+      const result = await scanner.runAnalysis([vulnerability], AlucardHeuristics.ALL_PACKAGES, false);
+      if (result.type === "error")
+        return { error: result.message, terminatedEarly: true };
+      return {
+        detectedOccurrences: result.computeDetectedOccurrences(vulnerability),
+        terminatedEarly: result.terminatedEarly
       };
-    }
-    const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, options.timeoutInSeconds);
-    const result = await scanner.runAnalysis([vulnerability], AlucardHeuristics.ALL_PACKAGES, false);
-    if (result.type === "error")
-      return { error: result.message, terminatedEarly: true };
-    return {
-      detectedOccurrences: result.computeDetectedOccurrences(vulnerability),
-      terminatedEarly: result.terminatedEarly
-    };
+    });
   }
   static async runOnDependencyChain(dependencyChain, vulnerability, timeoutInSeconds, statusUpdater) {
     return withTmpDirectory("java-run-on-dependency-chain", async (tmpDir) => {
@@ -103870,10 +103821,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
         const apps = {
           [randomUUID2()]: {
             src: mavenDependencyChain[0].src,
-            bin: mavenDependencyChain[0].bin,
-            ecosystemSpecificPackageInfo: {
-              type: "JVM"
-            }
+            bin: mavenDependencyChain[0].bin
           }
         };
         const deps = {};
@@ -103884,12 +103832,10 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
           depIdToPurl.set(uuid, getMavenPurl(groupId, artifactId, dep.type, dep.classifier, dep.version ?? void 0));
           deps[uuid] = {
             src: dep.src,
-            bin: dep.bin,
-            ecosystemSpecificPackageInfo: {
-              type: "JVM"
-            }
+            bin: dep.bin
           };
         });
+        await extractArchivesIfNeeded(tmpDir, apps, deps);
         const scanner = new _JavaCodeAwareVulnerabilityScanner(apps, deps, depIdToPurl, timeoutInSeconds, statusUpdater);
         const result = await scanner.actuallyRunAnalysis(vulnerability.vulnerabilityAccessPaths);
         if (result.type === "error")
@@ -103914,7 +103860,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = this.timeoutInSeconds ? Math.max(this.timeoutInSeconds * 1.5, this.timeoutInSeconds + 30) * 1e3 : 750 * 1e3;
-      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmDirectDependencyAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${javapServicePath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
       if (result.error)
         return void 0;
       const packageIds = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -103948,7 +103894,7 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       const outputFile = resolve9(tmpDir, "output.json");
       await writeFile4(inputFile, JSON.stringify(options));
       const timeoutMs = this.timeoutInSeconds ? Math.max(this.timeoutInSeconds * 1.5, this.timeoutInSeconds + 30) * 1e3 : 750 * 1e3;
-      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --alucard ${alucardPath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
+      const result = await execNeverFail(cmdt`node ${classGraphAnalysisCliPath} runJvmReachabilityAnalysis -i ${inputFile} -o ${outputFile} --javap-service ${javapServicePath} --tree-sitter-java ${treeSitterJavaPath} --tree-sitter-kotlin ${treeSitterKotlinPath} --tree-sitter-scala ${treeSitterScalaPath}`, void 0, { timeout: timeoutMs });
       if (result.error)
         return { type: "error", message: result.error.message ?? "unknown error" };
       const { success, error, analysisDiagnostics: diagnostics, vulnerablePaths, reachablePackageIds } = JSON.parse(await readFile7(outputFile, "utf-8")).result;
@@ -103976,9 +103922,9 @@ var JavaCodeAwareVulnerabilityScanner = class _JavaCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintMavenPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -104089,17 +104035,36 @@ async function convertSocketArtifacts2(rootDir, artifacts, tmpDir) {
     ]);
     const pomFile = manifestFilesForArtifact.find((manifestFile) => pomMatcher(basename6(manifestFile)));
     const artifactFile = artifact.namespace && artifact.name && artifact.version ? await resolveArtifact(artifact.namespace, artifact.name, artifact.qualifiers?.ext, artifact.qualifiers?.classifier, artifact.version, pomFile) : void 0;
-    const uuid = randomUUID2();
-    depIdToPurl.set(uuid, getPurlFromSocketFactArtifact(artifact));
-    deps[uuid] = {
-      ecosystemSpecificPackageInfo: {
-        type: "JVM"
-      },
+    depIdToPurl.set(artifact.id, getPurlFromSocketFactArtifact(artifact));
+    deps[artifact.id] = {
       bin: artifactFile ? [artifactFile] : void 0
     };
   }, 4);
   return { deps, depIdToPurl };
 }
+async function extractArchivesIfNeeded(tmpDir, apps, deps) {
+  const allPackages = { ...apps, ...deps };
+  await asyncForEach(Object.values(allPackages), async (packageInfo) => {
+    if (!packageInfo.bin?.length)
+      return;
+    const extractDir = resolve9(tmpDir, randomUUID2());
+    await mkdir2(extractDir, { recursive: true });
+    let anySucceeded = false;
+    const failedBinPaths = [];
+    for (const binPath of packageInfo.bin) {
+      try {
+        const zip = new import_adm_zip2.default(binPath);
+        zip.extractAllTo(extractDir, true);
+        anySucceeded = true;
+      } catch (error) {
+        failedBinPaths.push(binPath);
+      }
+    }
+    if (anySucceeded) {
+      packageInfo.bin = [extractDir, ...failedBinPaths];
+    }
+  }, 8);
+}
 // dist/whole-program-code-aware-vulnerability-scanner/js/js-code-aware-vulnerability-scanner.js
 import { mkdtempSync } from "fs";
@@ -110222,14 +110187,13 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
     const appDependencies = {};
     if (dependencyTree.dependenciesWithAliases) {
       for (const [depId, names] of Object.entries(dependencyTree.dependenciesWithAliases)) {
-        appDependencies[depId] = { names };
+        appDependencies[depId] = names;
       }
     }
     const apps = {
       "<app>": {
         src: dependencyTree.src,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: dependencyTree.packageName.replaceAll("-", "_"),
           dependencies: appDependencies
         }
@@ -110242,13 +110206,12 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const dependencies = {};
       if (dep.dependenciesWithAliases) {
         for (const [transDepId, names] of Object.entries(dep.dependenciesWithAliases)) {
-          dependencies[transDepId] = { names };
+          dependencies[transDepId] = names;
         }
       }
       deps[depId] = {
         src: dep.src,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: dep.packageName.replaceAll("-", "_"),
           dependencies
         }
@@ -110287,7 +110250,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       for (const artifact of directDepArtifacts) {
         const names = artifact.name ? cargoTomlDeps.get(artifact.name) ?? [artifact.name] : [];
         if (names.length > 0) {
-          dependencies[artifact.id] = { names };
+          dependencies[artifact.id] = names;
         }
       }
     } else {
@@ -110296,15 +110259,14 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       const directDepArtifacts = cargoTomlToArtifacts.get(cargoTomlRelativePath) ?? [];
       for (const artifact of directDepArtifacts) {
         if (artifact.name) {
-          dependencies[artifact.id] = { names: [artifact.name] };
+          dependencies[artifact.id] = [artifact.name];
         }
       }
     }
     const apps = {
       "<app>": {
         src: appSrc,
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: appCrateName,
           dependencies
         }
@@ -110351,14 +110313,13 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       for (const [packageName, names] of cargoTomlDeps.entries()) {
         const depId = packageNameToId.get(packageName);
         if (depId) {
-          dependencies[depId] = { names };
+          dependencies[depId] = names;
         }
       }
       const packageId = packageNameToId.get(crateInfo.name);
       const packageInfo = {
         src: isApp ? i([crateInfo.lib, ...crateInfo.examples ?? [], ...crateInfo.tests ?? []]) : [crateInfo.lib],
-        ecosystemSpecificPackageInfo: {
-          type: "RUST",
+        packageInfo: {
           crate: crateInfo.name.replaceAll("-", "_"),
           dependencies
         }
@@ -110397,7 +110358,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
             for (const [packageName, names] of cargoTomlDeps.entries()) {
               const depId = packageNameToId.get(packageName);
               if (depId) {
-                appDependencies[depId] = { names };
+                appDependencies[depId] = names;
               }
             }
           }
@@ -110405,8 +110366,7 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
         const apps = {
           "<app>": {
             src: rustDependencyChain[0].src,
-            ecosystemSpecificPackageInfo: {
-              type: "RUST",
+            packageInfo: {
               crate: rustDependencyChain[0].packageName.replaceAll("-", "_"),
               dependencies: appDependencies
             }
@@ -110425,15 +110385,14 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
               for (const [packageName, names] of cargoTomlDeps.entries()) {
                 const transDepId = packageNameToId.get(packageName);
                 if (transDepId) {
-                  dependencies[transDepId] = { names };
+                  dependencies[transDepId] = names;
                 }
               }
             }
           }
           deps[packageId] = {
             src: dep.src,
-            ecosystemSpecificPackageInfo: {
-              type: "RUST",
+            packageInfo: {
               crate: dep.packageName.replaceAll("-", "_"),
               dependencies
             }
@@ -110529,9 +110488,9 @@ var RustCodeAwareVulnerabilityScanner = class _RustCodeAwareVulnerabilityScanner
       if (!vulnerablePathsForClass)
         continue;
       classStacks.push(...vulnerablePathsForClass.map((vulnPath) => {
-        return vulnPath.map(({ fullyQualifiedName, confidence, packageId }) => ({
+        return vulnPath.map(({ displayName, confidence, packageId }) => ({
           package: depIdToPurl.has(packageId) ? prettyPrintCargoPurl(depIdToPurl.get(packageId)) : "<app>",
-          class: fullyQualifiedName,
+          class: displayName,
           confidence
         }));
       }));
@@ -110682,14 +110641,13 @@ async function convertSocketArtifacts3(artifacts, tmpDir, artifactNameToId) {
         for (const [packageName, names] of cargoTomlDeps.entries()) {
           const depArtifactId = artifactNameToId.get(packageName);
           if (depArtifactId) {
-            dependencies[depArtifactId] = { names };
+            dependencies[depArtifactId] = names;
           }
         }
       }
     }
     deps[artifact.id] = {
-      ecosystemSpecificPackageInfo: {
-        type: "RUST",
+      packageInfo: {
         crate: artifact.name?.replaceAll("-", "_") ?? "",
         dependencies
       },
@@ -110714,8 +110672,8 @@ async function extractDependenciesFromCargoToml(cargoTomlPath) {
         actualPackageName = key;
       } else if (dep instanceof TOMLTable) {
         const packageNameValue = dep.package;
-        if (packageNameValue instanceof TOMLScalar) {
-          actualPackageName = String(packageNameValue[value]);
+        if (packageNameValue instanceof TOMLScalar && typeof packageNameValue[value] === "string") {
+          actualPackageName = packageNameValue[value];
         } else {
           actualPackageName = key;
         }
@@ -110757,19 +110715,19 @@ async function getCrateInfo(cargoTomlPath) {
   const packageSection = getNestedValue(parsed, "package");
   if (packageSection instanceof TOMLTable) {
     const packageName = packageSection.name;
-    if (packageName instanceof TOMLScalar) {
-      name2 = String(packageName[value]);
+    if (packageName instanceof TOMLScalar && typeof packageName[value] === "string") {
+      name2 = packageName[value];
     }
     const packageVersion = packageSection.version;
-    if (packageVersion instanceof TOMLScalar) {
-      version3 = String(packageVersion[value]);
+    if (packageVersion instanceof TOMLScalar && typeof packageVersion[value] === "string") {
+      version3 = packageVersion[value];
     }
   }
   const libSection = parsed.lib;
   if (libSection instanceof TOMLTable) {
     const libPath = libSection.path;
-    if (libPath instanceof TOMLScalar) {
-      lib = dirname13(resolve15(cargoTomlDir, String(libPath[value])));
+    if (libPath instanceof TOMLScalar && typeof libPath[value] === "string") {
+      lib = dirname13(resolve15(cargoTomlDir, libPath[value]));
     }
   }
   const exampleSection = parsed.example;
@@ -110778,8 +110736,8 @@ async function getCrateInfo(cargoTomlPath) {
     exampleSection.forEach((example) => {
       if (example instanceof TOMLTable) {
         const examplePath = example.path;
-        if (examplePath instanceof TOMLScalar) {
-          examples?.push(dirname13(resolve15(cargoTomlDir, String(examplePath[value]))));
+        if (examplePath instanceof TOMLScalar && typeof examplePath[value] === "string") {
+          examples?.push(dirname13(resolve15(cargoTomlDir, examplePath[value])));
         }
       }
     });
@@ -110790,8 +110748,8 @@ async function getCrateInfo(cargoTomlPath) {
     testSection.forEach((test3) => {
       if (test3 instanceof TOMLTable) {
         const testPath = test3.path;
-        if (testPath instanceof TOMLScalar) {
-          tests?.push(dirname13(resolve15(cargoTomlDir, String(testPath[value]))));
+        if (testPath instanceof TOMLScalar && typeof testPath[value] === "string") {
+          tests?.push(dirname13(resolve15(cargoTomlDir, testPath[value])));
         }
       }
     });
@@ -112031,13 +111989,13 @@ var MavenAnalyzer = class {
   }
   async runPhantomDependencyAnalysis() {
     return withTmpDirectory("maven-phantom-dependency-analysis", async (tmpDir) => {
-      const scanner = this.state.workspaceData.type === "coana" ? JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir);
+      const scanner = this.state.workspaceData.type === "coana" ? await JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, tmpDir) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir);
       return scanner.runPhantomDependencyAnalysis();
     });
   }
   async runReachabilityAnalysis(vulns, analysisMetadataCollector, statusUpdater) {
     return withTmpDirectory("maven-reachability-analysis", async (tmpDir) => {
-      const scanner = this.state.workspaceData.type === "coana" ? JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater);
+      const scanner = this.state.workspaceData.type === "coana" ? await JavaCodeAwareVulnerabilityScanner.initFromDependencyTree(this.state.workspaceData.data.dependencyTree, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater) : await JavaCodeAwareVulnerabilityScanner.initFromSocketArtifacts(this.state.subprojectDir, this.state.workspaceData.data.artifacts, tmpDir, this.state.reachabilityAnalysisOptions.timeoutInSeconds, statusUpdater);
       const heuristicsInOrder = [AlucardHeuristics.ALL_PACKAGES];
       return await analyzeWithHeuristics(this.state, vulns, heuristicsInOrder, false, scanner, analysisMetadataCollector, statusUpdater);
     });