@cyberhub/shieldpm 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +239 -0
- package/dist/analyzer/static.d.ts +35 -0
- package/dist/analyzer/static.d.ts.map +1 -0
- package/dist/analyzer/static.js +416 -0
- package/dist/analyzer/static.js.map +1 -0
- package/dist/analyzer/typosquat.d.ts +30 -0
- package/dist/analyzer/typosquat.d.ts.map +1 -0
- package/dist/analyzer/typosquat.js +211 -0
- package/dist/analyzer/typosquat.js.map +1 -0
- package/dist/cli.d.ts +10 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +621 -0
- package/dist/cli.js.map +1 -0
- package/dist/diff/dependency.d.ts +51 -0
- package/dist/diff/dependency.d.ts.map +1 -0
- package/dist/diff/dependency.js +222 -0
- package/dist/diff/dependency.js.map +1 -0
- package/dist/fingerprint/profile.d.ts +68 -0
- package/dist/fingerprint/profile.d.ts.map +1 -0
- package/dist/fingerprint/profile.js +233 -0
- package/dist/fingerprint/profile.js.map +1 -0
- package/dist/index.d.ts +21 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +22 -0
- package/dist/index.js.map +1 -0
- package/dist/monitor/permissions.d.ts +45 -0
- package/dist/monitor/permissions.d.ts.map +1 -0
- package/dist/monitor/permissions.js +265 -0
- package/dist/monitor/permissions.js.map +1 -0
- package/dist/sandbox/runner.d.ts +46 -0
- package/dist/sandbox/runner.d.ts.map +1 -0
- package/dist/sandbox/runner.js +216 -0
- package/dist/sandbox/runner.js.map +1 -0
- package/dist/utils/colors.d.ts +31 -0
- package/dist/utils/colors.d.ts.map +1 -0
- package/dist/utils/colors.js +54 -0
- package/dist/utils/colors.js.map +1 -0
- package/dist/utils/logger.d.ts +26 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +77 -0
- package/dist/utils/logger.js.map +1 -0
- package/package.json +24 -0
- package/src/analyzer/static.ts +483 -0
- package/src/analyzer/typosquat.ts +272 -0
- package/src/cli.ts +700 -0
- package/src/diff/dependency.ts +297 -0
- package/src/fingerprint/profile.ts +333 -0
- package/src/index.ts +34 -0
- package/src/monitor/permissions.ts +330 -0
- package/src/sandbox/runner.ts +302 -0
- package/src/utils/colors.ts +58 -0
- package/src/utils/logger.ts +87 -0
- package/tsconfig.json +19 -0
package/dist/cli.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAClH,OAAO,GAAG,MAAM,mBAAmB,CAAC;AACpC,OAAO,EAAE,cAAc,EAAiC,MAAM,sBAAsB,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAwB,MAAM,yBAAyB,CAAC;AACnF,OAAO,EAAE,YAAY,EAAsB,MAAM,qBAAqB,CAAC;AACvE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAA2C,MAAM,0BAA0B,CAAC;AACjI,OAAO,EAAE,eAAe,EAAgB,WAAW,EAAe,MAAM,0BAA0B,CAAC;AACnG,OAAO,EAAuB,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1E,4EAA4E;AAE5E,MAAM,OAAO,GAAG,OAAO,CAAC;AAExB,4EAA4E;AAE5E,SAAS,WAAW;IAClB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;;;;;;;CAOtB,CAAC,CAAC,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,4EAA4E;AAE5E,SAAS,SAAS;IAChB,WAAW,EAAE,CAAC;IAEd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAuB;QACnC,CAAC,mBAAmB,EAAE,0CAA0C,CAAC;QACjE,CAAC,OAAO,EAAE,oCAAoC,CAAC;QAC/C,CAAC,cAAc,EAAE,8CAA8C,CAAC;QAChE,CAAC,mBAAmB,EAAE,4CAA4C,CAAC;QACnE,CAAC,mBAAmB,EAAE,0CAA0C,CAAC;QACjE,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;QAC1D,CAAC,kBAAkB,EAAE,wCAAwC,CAAC;QAC9D,CAAC,MAAM,EAAE,yCAAyC,CAAC;QACnD,CAAC,MAAM,EAAE,wBAAwB,CAAC;QAClC,CAAC,SAAS,EAAE,cAAc,CAAC;KAC5B,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,WAAW,CAAC,aAAa,GAAG,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,YAAY,CAAC,YAAY,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,QAAQ,CAAC,gBAAgB,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,4EAA4E;AAE5E,SAAS,aAAa,CAAC,QAAgB;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,OAAO,CAAC;QAChC,KAAK,MAAM,CAAC,CAAC,OAAO,GAAG,CAAC;QACxB,KAAK,QAAQ,CAAC,CAAC,OAAO,MAAM,CAAC;QAC7B,KAAK,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC;QACvB,OAAO,CAAC,CAAC,OAAO,GAAG,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa;IAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,EAAE,GAAG,MAAM,CAAC;IAC1B,MAAM,KAAK,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC7D,OAAO,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,KAAK,KAAK,CAAC;AACvF,CAAC;AAED,SAAS,aAAa,CAAC,QAAmB,EAAE,KAAK,GAAG,EAAE;IACpD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACnE,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,MAAM,GAAG,KAAK,gBAAgB,CAAC,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,MAAkB,EAAE,WAAoB;IAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,GAAG,CAAC,MAAM,CAAC,cAAc,KAAK,EAAE,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,KAAK,MAAM,CAAC,YAAY,UAAU,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACjC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED,4EAA4E;AAE5E,KAAK,UAAU,UAAU,CAAC,WAAmB,EAAE,KAAkB;IAC/D,GAAG,CAAC,MAAM,CAAC,cAAc,WAAW,kBAAkB,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,8BAA8B;IAC9B,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACnD,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,WAAW,qBAAqB,CAAC,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,UAAU,CAAC,MAAM,eAAe,UAAU,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QACzF,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC,CAAC;QAEjF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,0CAA0C,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;IAED,8BAA8B;IAC9B,GAAG,CAAC,IAAI,CAAC,uBAAuB,WAAW,KAAK,CAAC,CAAC;IAClD,IAAI,CAAC;QACH,QAAQ,CAAC,gCAAgC,WAAW,EAAE,EAAE;YACtD,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;SACnB,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAChC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5C,eAAe,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAErC,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,+DAA+D,CAAC,CAAC,CAAC;QACvF,CAAC;aAAM,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QACvC,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClF,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC;YACvF,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;YAC9D,GAAG,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACpD,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClF,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,WAAW,IAAI,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC;YAC7E,IAAI,WAAW,EAAE,CAAC;gBAChB,GAAG,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;gBACrD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE;oBAC3D,GAAG,EAAE,MAAM;oBACX,OAAO,EAAE,MAAM;oBACf,YAAY,EAAE,IAAI;oBAClB,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC/B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ;wBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAC/C,CAAC;gBACD,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO;wBAAE,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;gBAC5D,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;oBAC1B,GAAG,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;gBAClD,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,IAAI,CAAC,gCAAgC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAa,EAAE,KAAkB;IACvD,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,GAAG,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC3D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,gDAAgD;IAChD,IAAI,IAAI,GAAa,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7E,IAAI,GAAG;YACL,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;YAC1C,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;SAC9C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACtC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,GAAG,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACnC,OAAO;IACT,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,kBAAkB,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,QAAQ,GAAsC,EAAE,CAAC;IAEvD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,6BAA6B,CAAC,CAAC;YAC9C,SAAS;QACX,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5C,UAAU,IAAI,MAAM,CAAC,KAAK,CAAC;QAE3B,IAAI,MAAM,CAAC,KAAK,GAAG,QAAQ,EAAE,CAAC;YAC5B,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC;YAChC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;gBACjB,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;QAEhG,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YAClC,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,sBAAsB;QACtB,MAAM,IAAI,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,+CAA+C,IAAI,CAAC,SAAS,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,CAAC,0BAA0B,MAAM,KAAK,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAE5E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,MAAM,6BAA6B,CAAC,CAAC,CAAC;QAC3E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,8DAA8D;QAC9D,GAAG,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,WAAmB;IAC3C,oDAAoD;IACpD,IAAI,SAAS,GAAG,OAAO,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,GAAG,CAAC,KAAK,CAAC,YAAY,WAAW,2CAA2C,CAAC,CAAC;QAC9E,GAAG,CAAC,IAAI,CAAC,qCAAqC,GAAG,WAAW,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAErC,gCAAgC;IAChC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACrF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,SAAS,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QAEvE,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;YAChC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;YACtE,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAC;YAChD,KAAK,MAAM,EAAE,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;gBAC1C,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YACnC,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACxC,KAAK,MAAM,EAAE,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAChC,CAAC;YACD,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,OAAiB;IACzC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,GAAG,CAAC,MAAM,CAAC,eAAe,WAAW,EAAE,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,GAAG,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QAC9D,OAAO,EAAE,MAAM;QACf,YAAY,EAAE,IAAI;QAClB,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,mBAAmB;IAChC,GAAG,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACjC,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IAE1D,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;QACnB,GAAG,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACtD,GAAG,CAAC,OAAO,CAAC,0BAA0B,QAAQ,WAAW,CAAC,CAAC;IAC3D,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,GAAG,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IAC1D,GAAG,CAAC,IAAI,CAAC,wBAAwB,QAAQ,gBAAgB,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,yDAAyD;IACzD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7E,MAAM,IAAI,GAAG;YACX,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;YAC1C,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;SAC9C,CAAC;QAEF,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;gBACxC,MAAM,YAAY,GAAa,EAAE,CAAC;gBAClC,IAAI,KAAK,CAAC,GAAG,KAAK,KAAK;oBAAE,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;qBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;oBAAE,YAAY,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,MAAM,QAAQ,CAAC,CAAC;gBACtF,IAAI,KAAK,CAAC,EAAE,KAAK,KAAK;oBAAE,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;qBACnD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBAAE,YAAY,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC,MAAM,QAAQ,CAAC,CAAC;gBACnF,IAAI,KAAK,CAAC,MAAM;oBAAE,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAClD,IAAI,KAAK,CAAC,IAAI;oBAAE,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAE9C,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACpF,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,GAAG,CAAC,gDAAgD,CAAC,EAAE,CAAC,CAAC;YACpG,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,gEAAgE,CAAC,CAAC;YACrF,GAAG,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACtC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,OAAO;IACpB,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,yCAAyC;IACzC,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,GAAG,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACzC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,iCAAiC;IACjC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,QAAQ,CAAC,iCAAiC,EAAE;YACpD,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAChE,GAAG,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;QACvF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/C,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC1E,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC;QAChE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC;QACnE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/G,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC,KAAK,CAAC,MAAM,oBAAoB,CAAC,CAAC,CAAC;IACxE,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnG,GAAG,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,4EAA4E;AAE5E,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,MAAM;QAC1B,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACnB,KAAK;KACN,CAAC;AACJ,CAAC;AAED,4EAA4E;AAE5E,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzD,IAAI,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,SAAS;YACZ,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YACD,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YACjC,MAAM;QAER,KAAK,OAAO;YACV,MAAM,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM;QAER,KAAK,SAAS;YACZ,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBACb,GAAG,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBACrE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YACD,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM;QAER,KAAK,SAAS;YACZ,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,MAAM;QAER,KAAK,UAAU;YACb,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;gBAC3B,MAAM,mBAAmB,EAAE,CAAC;YAC9B,CAAC;iBAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBACjC,MAAM,kBAAkB,EAAE,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,KAAK,CAAC,wEAAwE,CAAC,CAAC;gBACpF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACvB,CAAC;YACD,MAAM;QAER,KAAK,MAAM;YACT,MAAM,OAAO,EAAE,CAAC;YAChB,MAAM;QAER,KAAK,SAAS,CAAC;QACf,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI;YACP,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,EAAE,CAAC,CAAC;YACpC,MAAM;QAER,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,SAAS,EAAE,CAAC;YACZ,MAAM;QAER;YACE,GAAG,CAAC,KAAK,CAAC,qBAAqB,OAAO,GAAG,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC,CAAC;YACjE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,MAAM;IACV,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,GAAG,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShieldPM — Dependency Diff
|
|
3
|
+
* Compare two states of package-lock.json to detect meaningful changes
|
|
4
|
+
* in the dependency tree — new packages, version bumps, and red flags.
|
|
5
|
+
*/
|
|
6
|
+
export interface LockPackageInfo {
|
|
7
|
+
version: string;
|
|
8
|
+
resolved?: string;
|
|
9
|
+
integrity?: string;
|
|
10
|
+
dependencies?: Record<string, string>;
|
|
11
|
+
devDependencies?: Record<string, string>;
|
|
12
|
+
hasInstallScript?: boolean;
|
|
13
|
+
hasBin?: boolean;
|
|
14
|
+
}
|
|
15
|
+
export interface PackageDelta {
|
|
16
|
+
name: string;
|
|
17
|
+
type: 'added' | 'removed' | 'changed';
|
|
18
|
+
oldVersion?: string;
|
|
19
|
+
newVersion?: string;
|
|
20
|
+
/** Significant changes detected */
|
|
21
|
+
flags: DeltaFlag[];
|
|
22
|
+
}
|
|
23
|
+
export interface DeltaFlag {
|
|
24
|
+
type: 'new-install-script' | 'new-native-module' | 'new-network-dep' | 'major-bump' | 'new-dependency' | 'removed-dependency' | 'version-downgrade' | 'new-bin';
|
|
25
|
+
message: string;
|
|
26
|
+
}
|
|
27
|
+
export interface DependencyDiffReport {
|
|
28
|
+
/** Total packages in the old lock */
|
|
29
|
+
oldPackageCount: number;
|
|
30
|
+
/** Total packages in the new lock */
|
|
31
|
+
newPackageCount: number;
|
|
32
|
+
/** Added packages */
|
|
33
|
+
added: PackageDelta[];
|
|
34
|
+
/** Removed packages */
|
|
35
|
+
removed: PackageDelta[];
|
|
36
|
+
/** Changed packages */
|
|
37
|
+
changed: PackageDelta[];
|
|
38
|
+
/** High-level summary */
|
|
39
|
+
summary: string;
|
|
40
|
+
/** Red flags found */
|
|
41
|
+
flags: DeltaFlag[];
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Compare two package-lock.json contents and produce a diff report.
|
|
45
|
+
*/
|
|
46
|
+
export declare function diffLockfiles(oldLockContent: string, newLockContent: string): DependencyDiffReport;
|
|
47
|
+
/**
|
|
48
|
+
* Load and diff two package-lock.json files from disk.
|
|
49
|
+
*/
|
|
50
|
+
export declare function diffLockfilesByPath(oldPath: string, newPath: string): Promise<DependencyDiffReport>;
|
|
51
|
+
//# sourceMappingURL=dependency.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../src/diff/dependency.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,KAAK,EAAE,SAAS,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,oBAAoB,GAAG,mBAAmB,GAAG,iBAAiB,GAAG,YAAY,GAC7E,gBAAgB,GAAG,oBAAoB,GAAG,mBAAmB,GAAG,SAAS,CAAC;IAChF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,eAAe,EAAE,MAAM,CAAC;IACxB,qCAAqC;IACrC,eAAe,EAAE,MAAM,CAAC;IACxB,qBAAqB;IACrB,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,uBAAuB;IACvB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,uBAAuB;IACvB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,KAAK,EAAE,SAAS,EAAE,CAAC;CACpB;AA0JD;;GAEG;AACH,wBAAgB,aAAa,CAC3B,cAAc,EAAE,MAAM,EACtB,cAAc,EAAE,MAAM,GACrB,oBAAoB,CAwEtB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,oBAAoB,CAAC,CAM/B"}
|
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShieldPM — Dependency Diff
|
|
3
|
+
* Compare two states of package-lock.json to detect meaningful changes
|
|
4
|
+
* in the dependency tree — new packages, version bumps, and red flags.
|
|
5
|
+
*/
|
|
6
|
+
import { readFile } from 'node:fs/promises';
|
|
7
|
+
function parseLockPackages(lockContent) {
|
|
8
|
+
const lock = JSON.parse(lockContent);
|
|
9
|
+
const packages = new Map();
|
|
10
|
+
if (lock.packages) {
|
|
11
|
+
// v2/v3 format: keys are "node_modules/<name>"
|
|
12
|
+
for (const [key, info] of Object.entries(lock.packages)) {
|
|
13
|
+
if (key === '')
|
|
14
|
+
continue; // Root package
|
|
15
|
+
const name = key.replace(/^node_modules\//, '');
|
|
16
|
+
// Skip nested node_modules
|
|
17
|
+
if (name.includes('node_modules/'))
|
|
18
|
+
continue;
|
|
19
|
+
packages.set(name, info);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
else if (lock.dependencies) {
|
|
23
|
+
// v1 format
|
|
24
|
+
for (const [name, info] of Object.entries(lock.dependencies)) {
|
|
25
|
+
packages.set(name, info);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return packages;
|
|
29
|
+
}
|
|
30
|
+
// ── Known network-capable packages ───────────────────────────────────────
|
|
31
|
+
const NETWORK_PACKAGES = new Set([
|
|
32
|
+
'node-fetch', 'axios', 'got', 'request', 'superagent', 'undici',
|
|
33
|
+
'http-proxy', 'http-proxy-agent', 'https-proxy-agent', 'socks-proxy-agent',
|
|
34
|
+
'socket.io', 'ws', 'websocket', 'net', 'dgram',
|
|
35
|
+
]);
|
|
36
|
+
const NATIVE_PACKAGES = new Set([
|
|
37
|
+
'node-gyp', 'node-pre-gyp', 'prebuild-install', 'nan', 'napi',
|
|
38
|
+
'sharp', 'bcrypt', 'better-sqlite3', 'canvas', 'grpc',
|
|
39
|
+
'sqlite3', 'pg-native', 'libxmljs',
|
|
40
|
+
]);
|
|
41
|
+
// ── Version comparison ───────────────────────────────────────────────────
|
|
42
|
+
function parseSemver(version) {
|
|
43
|
+
const match = version.match(/^(\d+)\.(\d+)\.(\d+)/);
|
|
44
|
+
if (!match)
|
|
45
|
+
return null;
|
|
46
|
+
return {
|
|
47
|
+
major: parseInt(match[1], 10),
|
|
48
|
+
minor: parseInt(match[2], 10),
|
|
49
|
+
patch: parseInt(match[3], 10),
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
function isMajorBump(oldVer, newVer) {
|
|
53
|
+
const o = parseSemver(oldVer);
|
|
54
|
+
const n = parseSemver(newVer);
|
|
55
|
+
if (!o || !n)
|
|
56
|
+
return false;
|
|
57
|
+
return n.major > o.major;
|
|
58
|
+
}
|
|
59
|
+
function isDowngrade(oldVer, newVer) {
|
|
60
|
+
const o = parseSemver(oldVer);
|
|
61
|
+
const n = parseSemver(newVer);
|
|
62
|
+
if (!o || !n)
|
|
63
|
+
return false;
|
|
64
|
+
if (n.major < o.major)
|
|
65
|
+
return true;
|
|
66
|
+
if (n.major === o.major && n.minor < o.minor)
|
|
67
|
+
return true;
|
|
68
|
+
if (n.major === o.major && n.minor === o.minor && n.patch < o.patch)
|
|
69
|
+
return true;
|
|
70
|
+
return false;
|
|
71
|
+
}
|
|
72
|
+
// ── Diff computation ─────────────────────────────────────────────────────
|
|
73
|
+
function computeFlags(name, oldInfo, newInfo) {
|
|
74
|
+
const flags = [];
|
|
75
|
+
if (newInfo && !oldInfo) {
|
|
76
|
+
// Newly added package
|
|
77
|
+
if (newInfo.hasInstallScript) {
|
|
78
|
+
flags.push({
|
|
79
|
+
type: 'new-install-script',
|
|
80
|
+
message: `New package "${name}" has install scripts`,
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
if (NATIVE_PACKAGES.has(name)) {
|
|
84
|
+
flags.push({
|
|
85
|
+
type: 'new-native-module',
|
|
86
|
+
message: `New package "${name}" is a native module`,
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
if (NETWORK_PACKAGES.has(name)) {
|
|
90
|
+
flags.push({
|
|
91
|
+
type: 'new-network-dep',
|
|
92
|
+
message: `New package "${name}" has network capabilities`,
|
|
93
|
+
});
|
|
94
|
+
}
|
|
95
|
+
if (newInfo.hasBin) {
|
|
96
|
+
flags.push({
|
|
97
|
+
type: 'new-bin',
|
|
98
|
+
message: `New package "${name}" installs binaries`,
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
if (oldInfo && newInfo) {
|
|
103
|
+
// Version change checks
|
|
104
|
+
if (oldInfo.version && newInfo.version) {
|
|
105
|
+
if (isMajorBump(oldInfo.version, newInfo.version)) {
|
|
106
|
+
flags.push({
|
|
107
|
+
type: 'major-bump',
|
|
108
|
+
message: `"${name}" major version bump: ${oldInfo.version} -> ${newInfo.version}`,
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
if (isDowngrade(oldInfo.version, newInfo.version)) {
|
|
112
|
+
flags.push({
|
|
113
|
+
type: 'version-downgrade',
|
|
114
|
+
message: `"${name}" version downgrade: ${oldInfo.version} -> ${newInfo.version}`,
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
// New install script added
|
|
119
|
+
if (!oldInfo.hasInstallScript && newInfo.hasInstallScript) {
|
|
120
|
+
flags.push({
|
|
121
|
+
type: 'new-install-script',
|
|
122
|
+
message: `"${name}" added install scripts in ${newInfo.version}`,
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
// New sub-dependencies
|
|
126
|
+
const oldDeps = new Set(Object.keys(oldInfo.dependencies ?? {}));
|
|
127
|
+
const newDeps = Object.keys(newInfo.dependencies ?? {});
|
|
128
|
+
for (const dep of newDeps) {
|
|
129
|
+
if (!oldDeps.has(dep)) {
|
|
130
|
+
flags.push({
|
|
131
|
+
type: 'new-dependency',
|
|
132
|
+
message: `"${name}" added new dependency "${dep}"`,
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
return flags;
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Compare two package-lock.json contents and produce a diff report.
|
|
141
|
+
*/
|
|
142
|
+
export function diffLockfiles(oldLockContent, newLockContent) {
|
|
143
|
+
const oldPackages = parseLockPackages(oldLockContent);
|
|
144
|
+
const newPackages = parseLockPackages(newLockContent);
|
|
145
|
+
const added = [];
|
|
146
|
+
const removed = [];
|
|
147
|
+
const changed = [];
|
|
148
|
+
const allFlags = [];
|
|
149
|
+
// Find added and changed
|
|
150
|
+
for (const [name, newInfo] of newPackages) {
|
|
151
|
+
const oldInfo = oldPackages.get(name);
|
|
152
|
+
if (!oldInfo) {
|
|
153
|
+
const flags = computeFlags(name, undefined, newInfo);
|
|
154
|
+
added.push({
|
|
155
|
+
name,
|
|
156
|
+
type: 'added',
|
|
157
|
+
newVersion: newInfo.version,
|
|
158
|
+
flags,
|
|
159
|
+
});
|
|
160
|
+
allFlags.push(...flags);
|
|
161
|
+
}
|
|
162
|
+
else if (oldInfo.version !== newInfo.version) {
|
|
163
|
+
const flags = computeFlags(name, oldInfo, newInfo);
|
|
164
|
+
changed.push({
|
|
165
|
+
name,
|
|
166
|
+
type: 'changed',
|
|
167
|
+
oldVersion: oldInfo.version,
|
|
168
|
+
newVersion: newInfo.version,
|
|
169
|
+
flags,
|
|
170
|
+
});
|
|
171
|
+
allFlags.push(...flags);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
// Find removed
|
|
175
|
+
for (const [name, oldInfo] of oldPackages) {
|
|
176
|
+
if (!newPackages.has(name)) {
|
|
177
|
+
removed.push({
|
|
178
|
+
name,
|
|
179
|
+
type: 'removed',
|
|
180
|
+
oldVersion: oldInfo.version,
|
|
181
|
+
flags: [],
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
// Sort alphabetically
|
|
186
|
+
added.sort((a, b) => a.name.localeCompare(b.name));
|
|
187
|
+
removed.sort((a, b) => a.name.localeCompare(b.name));
|
|
188
|
+
changed.sort((a, b) => a.name.localeCompare(b.name));
|
|
189
|
+
// Summary
|
|
190
|
+
const parts = [];
|
|
191
|
+
if (added.length > 0)
|
|
192
|
+
parts.push(`${added.length} added`);
|
|
193
|
+
if (removed.length > 0)
|
|
194
|
+
parts.push(`${removed.length} removed`);
|
|
195
|
+
if (changed.length > 0)
|
|
196
|
+
parts.push(`${changed.length} changed`);
|
|
197
|
+
if (allFlags.length > 0)
|
|
198
|
+
parts.push(`${allFlags.length} flags`);
|
|
199
|
+
const summary = parts.length > 0
|
|
200
|
+
? `Dependency changes: ${parts.join(', ')}`
|
|
201
|
+
: 'No dependency changes';
|
|
202
|
+
return {
|
|
203
|
+
oldPackageCount: oldPackages.size,
|
|
204
|
+
newPackageCount: newPackages.size,
|
|
205
|
+
added,
|
|
206
|
+
removed,
|
|
207
|
+
changed,
|
|
208
|
+
summary,
|
|
209
|
+
flags: allFlags,
|
|
210
|
+
};
|
|
211
|
+
}
|
|
212
|
+
/**
|
|
213
|
+
* Load and diff two package-lock.json files from disk.
|
|
214
|
+
*/
|
|
215
|
+
export async function diffLockfilesByPath(oldPath, newPath) {
|
|
216
|
+
const [oldContent, newContent] = await Promise.all([
|
|
217
|
+
readFile(oldPath, 'utf-8'),
|
|
218
|
+
readFile(newPath, 'utf-8'),
|
|
219
|
+
]);
|
|
220
|
+
return diffLockfiles(oldContent, newContent);
|
|
221
|
+
}
|
|
222
|
+
//# sourceMappingURL=dependency.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../src/diff/dependency.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAsD5C,SAAS,iBAAiB,CAAC,WAAmB;IAC5C,MAAM,IAAI,GAAe,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEpD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,+CAA+C;QAC/C,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxD,IAAI,GAAG,KAAK,EAAE;gBAAE,SAAS,CAAC,eAAe;YACzC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;YAChD,2BAA2B;YAC3B,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAAE,SAAS;YAC7C,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QAC7B,YAAY;QACZ,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4EAA4E;AAE5E,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ;IAC/D,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,mBAAmB;IAC1E,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO;CAC/C,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,UAAU,EAAE,cAAc,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM;IAC7D,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM;IACrD,SAAS,EAAE,WAAW,EAAE,UAAU;CACnC,CAAC,CAAC;AAEH,4EAA4E;AAE5E,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,MAAc;IACjD,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,MAAc;IACjD,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3B,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACjF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4EAA4E;AAE5E,SAAS,YAAY,CACnB,IAAY,EACZ,OAAoC,EACpC,OAAoC;IAEpC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,IAAI,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACxB,sBAAsB;QACtB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,gBAAgB,IAAI,uBAAuB;aACrD,CAAC,CAAC;QACL,CAAC;QACD,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,gBAAgB,IAAI,sBAAsB;aACpD,CAAC,CAAC;QACL,CAAC;QACD,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,gBAAgB,IAAI,4BAA4B;aAC1D,CAAC,CAAC;QACL,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,gBAAgB,IAAI,qBAAqB;aACnD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,wBAAwB;QACxB,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACvC,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClD,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE,IAAI,IAAI,yBAAyB,OAAO,CAAC,OAAO,OAAO,OAAO,CAAC,OAAO,EAAE;iBAClF,CAAC,CAAC;YACL,CAAC;YACD,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClD,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,IAAI,IAAI,wBAAwB,OAAO,CAAC,OAAO,OAAO,OAAO,CAAC,OAAO,EAAE;iBACjF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC1D,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,IAAI,IAAI,8BAA8B,OAAO,CAAC,OAAO,EAAE;aACjE,CAAC,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;QACxD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,IAAI,IAAI,2BAA2B,GAAG,GAAG;iBACnD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,cAAsB,EACtB,cAAsB;IAEtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC;IAEtD,MAAM,KAAK,GAAmB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAgB,EAAE,CAAC;IAEjC,yBAAyB;IACzB,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI;gBACJ,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO,CAAC,OAAO;gBAC3B,KAAK;aACN,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC;YAC/C,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,OAAO,CAAC,OAAO;gBAC3B,UAAU,EAAE,OAAO,CAAC,OAAO;gBAC3B,KAAK;aACN,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,eAAe;IACf,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,OAAO,CAAC,OAAO;gBAC3B,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAErD,UAAU;IACV,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC;IAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,UAAU,CAAC,CAAC;IAChE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,UAAU,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,QAAQ,CAAC,CAAC;IAEhE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC;QAC9B,CAAC,CAAC,uBAAuB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3C,CAAC,CAAC,uBAAuB,CAAC;IAE5B,OAAO;QACL,eAAe,EAAE,WAAW,CAAC,IAAI;QACjC,eAAe,EAAE,WAAW,CAAC,IAAI;QACjC,KAAK;QACL,OAAO;QACP,OAAO;QACP,OAAO;QACP,KAAK,EAAE,QAAQ;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAe,EACf,OAAe;IAEf,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;KAC3B,CAAC,CAAC;IACH,OAAO,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AAC/C,CAAC"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShieldPM — Behavioral Fingerprinting
|
|
3
|
+
* Creates and compares behavioral profiles for packages to detect
|
|
4
|
+
* unexpected changes between versions.
|
|
5
|
+
*/
|
|
6
|
+
export interface BehaviorProfile {
|
|
7
|
+
/** Package name */
|
|
8
|
+
name: string;
|
|
9
|
+
/** Package version */
|
|
10
|
+
version: string;
|
|
11
|
+
/** ISO timestamp of when the profile was generated */
|
|
12
|
+
generatedAt: string;
|
|
13
|
+
/** SHA-256 hash of all .js file contents concatenated */
|
|
14
|
+
contentHash: string;
|
|
15
|
+
/** Individual file hashes */
|
|
16
|
+
fileHashes: Record<string, string>;
|
|
17
|
+
/** All require() and import statements found */
|
|
18
|
+
imports: string[];
|
|
19
|
+
/** Native module bindings (e.g., .node files, node-gyp) */
|
|
20
|
+
nativeBindings: string[];
|
|
21
|
+
/** Network endpoints parsed from source */
|
|
22
|
+
networkEndpoints: string[];
|
|
23
|
+
/** Filesystem paths parsed from source */
|
|
24
|
+
fsPaths: string[];
|
|
25
|
+
/** Total file count */
|
|
26
|
+
fileCount: number;
|
|
27
|
+
/** Total size in bytes */
|
|
28
|
+
totalSize: number;
|
|
29
|
+
}
|
|
30
|
+
export interface ProfileDiff {
|
|
31
|
+
/** Newly added imports */
|
|
32
|
+
addedImports: string[];
|
|
33
|
+
/** Removed imports */
|
|
34
|
+
removedImports: string[];
|
|
35
|
+
/** Newly added network endpoints */
|
|
36
|
+
addedNetworkEndpoints: string[];
|
|
37
|
+
/** Removed network endpoints */
|
|
38
|
+
removedNetworkEndpoints: string[];
|
|
39
|
+
/** New filesystem paths */
|
|
40
|
+
addedFsPaths: string[];
|
|
41
|
+
/** Removed filesystem paths */
|
|
42
|
+
removedFsPaths: string[];
|
|
43
|
+
/** New native bindings */
|
|
44
|
+
addedNativeBindings: string[];
|
|
45
|
+
/** Removed native bindings */
|
|
46
|
+
removedNativeBindings: string[];
|
|
47
|
+
/** Files added */
|
|
48
|
+
addedFiles: string[];
|
|
49
|
+
/** Files removed */
|
|
50
|
+
removedFiles: string[];
|
|
51
|
+
/** Files with changed content */
|
|
52
|
+
changedFiles: string[];
|
|
53
|
+
/** Whether the overall content hash changed */
|
|
54
|
+
contentHashChanged: boolean;
|
|
55
|
+
/** Human-readable summary */
|
|
56
|
+
summary: string;
|
|
57
|
+
}
|
|
58
|
+
export declare function saveProfile(baseDir: string, profile: BehaviorProfile): Promise<string>;
|
|
59
|
+
export declare function loadProfile(baseDir: string, name: string, version: string): Promise<BehaviorProfile | null>;
|
|
60
|
+
/**
|
|
61
|
+
* Generate a behavioral profile for a package directory.
|
|
62
|
+
*/
|
|
63
|
+
export declare function generateProfile(packageDir: string, name: string, version: string): Promise<BehaviorProfile>;
|
|
64
|
+
/**
|
|
65
|
+
* Compare two behavioral profiles and report differences.
|
|
66
|
+
*/
|
|
67
|
+
export declare function diffProfiles(oldProfile: BehaviorProfile, newProfile: BehaviorProfile): ProfileDiff;
|
|
68
|
+
//# sourceMappingURL=profile.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../../src/fingerprint/profile.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,eAAe;IAC9B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,WAAW,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,gDAAgD;IAChD,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,2DAA2D;IAC3D,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,2CAA2C;IAC3C,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,0CAA0C;IAC1C,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,0BAA0B;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,sBAAsB;IACtB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,oCAAoC;IACpC,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gCAAgC;IAChC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,2BAA2B;IAC3B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,+BAA+B;IAC/B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,0BAA0B;IAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,8BAA8B;IAC9B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,kBAAkB;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,oBAAoB;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iCAAiC;IACjC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,+CAA+C;IAC/C,kBAAkB,EAAE,OAAO,CAAC;IAC5B,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAUD,wBAAsB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAO5F;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAQjC;AAmHD;;GAEG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,eAAe,CAAC,CAqD1B;AAaD;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,eAAe,GAAG,WAAW,CA8ClG"}
|
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ShieldPM — Behavioral Fingerprinting
|
|
3
|
+
* Creates and compares behavioral profiles for packages to detect
|
|
4
|
+
* unexpected changes between versions.
|
|
5
|
+
*/
|
|
6
|
+
import { readFile, writeFile, readdir, mkdir } from 'node:fs/promises';
|
|
7
|
+
import { join, extname, relative } from 'node:path';
|
|
8
|
+
import { createHash } from 'node:crypto';
|
|
9
|
+
// ── Profile storage ──────────────────────────────────────────────────────
|
|
10
|
+
const PROFILE_DIR = '.shieldpm/profiles';
|
|
11
|
+
function profilePath(baseDir, name, version) {
|
|
12
|
+
return join(baseDir, PROFILE_DIR, `${name.replace('/', '__')}@${version}.json`);
|
|
13
|
+
}
|
|
14
|
+
export async function saveProfile(baseDir, profile) {
|
|
15
|
+
const dir = join(baseDir, PROFILE_DIR);
|
|
16
|
+
await mkdir(dir, { recursive: true });
|
|
17
|
+
const path = profilePath(baseDir, profile.name, profile.version);
|
|
18
|
+
await writeFile(path, JSON.stringify(profile, null, 2) + '\n', 'utf-8');
|
|
19
|
+
return path;
|
|
20
|
+
}
|
|
21
|
+
export async function loadProfile(baseDir, name, version) {
|
|
22
|
+
const path = profilePath(baseDir, name, version);
|
|
23
|
+
try {
|
|
24
|
+
const raw = await readFile(path, 'utf-8');
|
|
25
|
+
return JSON.parse(raw);
|
|
26
|
+
}
|
|
27
|
+
catch {
|
|
28
|
+
return null;
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
// ── Source parsing helpers ────────────────────────────────────────────────
|
|
32
|
+
const JS_EXTENSIONS = new Set(['.js', '.mjs', '.cjs', '.ts', '.mts', '.cts']);
|
|
33
|
+
const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', 'test', 'tests', '__tests__']);
|
|
34
|
+
async function collectSourceFiles(dir) {
|
|
35
|
+
const files = [];
|
|
36
|
+
async function walk(d) {
|
|
37
|
+
let entries;
|
|
38
|
+
try {
|
|
39
|
+
entries = await readdir(d, { withFileTypes: true });
|
|
40
|
+
}
|
|
41
|
+
catch {
|
|
42
|
+
return;
|
|
43
|
+
}
|
|
44
|
+
for (const entry of entries) {
|
|
45
|
+
const full = join(d, entry.name);
|
|
46
|
+
if (entry.isDirectory()) {
|
|
47
|
+
if (!SKIP_DIRS.has(entry.name))
|
|
48
|
+
await walk(full);
|
|
49
|
+
}
|
|
50
|
+
else if (entry.isFile() && JS_EXTENSIONS.has(extname(entry.name))) {
|
|
51
|
+
files.push(full);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
await walk(dir);
|
|
56
|
+
return files.sort();
|
|
57
|
+
}
|
|
58
|
+
function extractImports(source) {
|
|
59
|
+
const imports = new Set();
|
|
60
|
+
// CommonJS require
|
|
61
|
+
const requireRe = /require\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/g;
|
|
62
|
+
let m;
|
|
63
|
+
while ((m = requireRe.exec(source)) !== null) {
|
|
64
|
+
imports.add(m[1]);
|
|
65
|
+
}
|
|
66
|
+
// ESM import
|
|
67
|
+
const importRe = /(?:import|export)\s+.*?from\s+['"`]([^'"`]+)['"`]/g;
|
|
68
|
+
while ((m = importRe.exec(source)) !== null) {
|
|
69
|
+
imports.add(m[1]);
|
|
70
|
+
}
|
|
71
|
+
// Dynamic import
|
|
72
|
+
const dynImportRe = /import\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/g;
|
|
73
|
+
while ((m = dynImportRe.exec(source)) !== null) {
|
|
74
|
+
imports.add(m[1]);
|
|
75
|
+
}
|
|
76
|
+
return [...imports].sort();
|
|
77
|
+
}
|
|
78
|
+
function extractNetworkEndpoints(source) {
|
|
79
|
+
const endpoints = new Set();
|
|
80
|
+
// URL literals
|
|
81
|
+
const urlRe = /['"`](https?:\/\/[^'"`\s]+)['"`]/g;
|
|
82
|
+
let m;
|
|
83
|
+
while ((m = urlRe.exec(source)) !== null) {
|
|
84
|
+
endpoints.add(m[1]);
|
|
85
|
+
}
|
|
86
|
+
// fetch/http.request with template literals are harder — capture hostname patterns
|
|
87
|
+
const hostRe = /(?:hostname|host)\s*[:=]\s*['"`]([^'"`]+)['"`]/g;
|
|
88
|
+
while ((m = hostRe.exec(source)) !== null) {
|
|
89
|
+
endpoints.add(m[1]);
|
|
90
|
+
}
|
|
91
|
+
return [...endpoints].sort();
|
|
92
|
+
}
|
|
93
|
+
function extractFsPaths(source) {
|
|
94
|
+
const paths = new Set();
|
|
95
|
+
// readFile, writeFile, etc. with string literals
|
|
96
|
+
const fsRe = /(?:readFile|writeFile|readdir|unlink|stat|access|mkdir|rmdir|rename|copyFile|appendFile)\w*\s*\(\s*['"`]([^'"`]+)['"`]/g;
|
|
97
|
+
let m;
|
|
98
|
+
while ((m = fsRe.exec(source)) !== null) {
|
|
99
|
+
paths.add(m[1]);
|
|
100
|
+
}
|
|
101
|
+
return [...paths].sort();
|
|
102
|
+
}
|
|
103
|
+
function extractNativeBindings(files, source) {
|
|
104
|
+
const bindings = new Set();
|
|
105
|
+
// .node files
|
|
106
|
+
for (const f of files) {
|
|
107
|
+
if (f.endsWith('.node')) {
|
|
108
|
+
bindings.add(f);
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
// require with .node extension
|
|
112
|
+
const nodeReqRe = /require\s*\(\s*['"`]([^'"`]*\.node)['"`]\s*\)/g;
|
|
113
|
+
let m;
|
|
114
|
+
while ((m = nodeReqRe.exec(source)) !== null) {
|
|
115
|
+
bindings.add(m[1]);
|
|
116
|
+
}
|
|
117
|
+
// node-gyp / node-pre-gyp / prebuild patterns
|
|
118
|
+
if (/binding\.gyp|node-gyp|node-pre-gyp|prebuild-install|napi_/.test(source)) {
|
|
119
|
+
bindings.add('<native-addon>');
|
|
120
|
+
}
|
|
121
|
+
return [...bindings].sort();
|
|
122
|
+
}
|
|
123
|
+
// ── Profile generation ───────────────────────────────────────────────────
|
|
124
|
+
/**
|
|
125
|
+
* Generate a behavioral profile for a package directory.
|
|
126
|
+
*/
|
|
127
|
+
export async function generateProfile(packageDir, name, version) {
|
|
128
|
+
const files = await collectSourceFiles(packageDir);
|
|
129
|
+
const allImports = new Set();
|
|
130
|
+
const allEndpoints = new Set();
|
|
131
|
+
const allFsPaths = new Set();
|
|
132
|
+
const fileHashes = {};
|
|
133
|
+
const contentParts = [];
|
|
134
|
+
let totalSize = 0;
|
|
135
|
+
let allSourceConcat = '';
|
|
136
|
+
for (const file of files) {
|
|
137
|
+
let content;
|
|
138
|
+
try {
|
|
139
|
+
content = await readFile(file, 'utf-8');
|
|
140
|
+
}
|
|
141
|
+
catch {
|
|
142
|
+
continue;
|
|
143
|
+
}
|
|
144
|
+
const relPath = relative(packageDir, file);
|
|
145
|
+
const hash = createHash('sha256').update(content).digest('hex');
|
|
146
|
+
fileHashes[relPath] = hash;
|
|
147
|
+
contentParts.push(content);
|
|
148
|
+
totalSize += Buffer.byteLength(content);
|
|
149
|
+
allSourceConcat += content + '\n';
|
|
150
|
+
for (const imp of extractImports(content))
|
|
151
|
+
allImports.add(imp);
|
|
152
|
+
for (const ep of extractNetworkEndpoints(content))
|
|
153
|
+
allEndpoints.add(ep);
|
|
154
|
+
for (const fp of extractFsPaths(content))
|
|
155
|
+
allFsPaths.add(fp);
|
|
156
|
+
}
|
|
157
|
+
const contentHash = createHash('sha256')
|
|
158
|
+
.update(contentParts.join('\n'))
|
|
159
|
+
.digest('hex');
|
|
160
|
+
const nativeBindings = extractNativeBindings(files.map((f) => relative(packageDir, f)), allSourceConcat);
|
|
161
|
+
return {
|
|
162
|
+
name,
|
|
163
|
+
version,
|
|
164
|
+
generatedAt: new Date().toISOString(),
|
|
165
|
+
contentHash,
|
|
166
|
+
fileHashes,
|
|
167
|
+
imports: [...allImports].sort(),
|
|
168
|
+
nativeBindings,
|
|
169
|
+
networkEndpoints: [...allEndpoints].sort(),
|
|
170
|
+
fsPaths: [...allFsPaths].sort(),
|
|
171
|
+
fileCount: files.length,
|
|
172
|
+
totalSize,
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
// ── Profile comparison ───────────────────────────────────────────────────
|
|
176
|
+
function arrayDiff(oldArr, newArr) {
|
|
177
|
+
const oldSet = new Set(oldArr);
|
|
178
|
+
const newSet = new Set(newArr);
|
|
179
|
+
return {
|
|
180
|
+
added: newArr.filter((x) => !oldSet.has(x)),
|
|
181
|
+
removed: oldArr.filter((x) => !newSet.has(x)),
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Compare two behavioral profiles and report differences.
|
|
186
|
+
*/
|
|
187
|
+
export function diffProfiles(oldProfile, newProfile) {
|
|
188
|
+
const importDiff = arrayDiff(oldProfile.imports, newProfile.imports);
|
|
189
|
+
const netDiff = arrayDiff(oldProfile.networkEndpoints, newProfile.networkEndpoints);
|
|
190
|
+
const fsDiff = arrayDiff(oldProfile.fsPaths, newProfile.fsPaths);
|
|
191
|
+
const nativeDiff = arrayDiff(oldProfile.nativeBindings, newProfile.nativeBindings);
|
|
192
|
+
const oldFiles = Object.keys(oldProfile.fileHashes);
|
|
193
|
+
const newFiles = Object.keys(newProfile.fileHashes);
|
|
194
|
+
const fileDiff = arrayDiff(oldFiles, newFiles);
|
|
195
|
+
const commonFiles = oldFiles.filter((f) => newFiles.includes(f));
|
|
196
|
+
const changedFiles = commonFiles.filter((f) => oldProfile.fileHashes[f] !== newProfile.fileHashes[f]);
|
|
197
|
+
const contentHashChanged = oldProfile.contentHash !== newProfile.contentHash;
|
|
198
|
+
// Build summary
|
|
199
|
+
const parts = [];
|
|
200
|
+
if (fileDiff.added.length > 0)
|
|
201
|
+
parts.push(`${fileDiff.added.length} files added`);
|
|
202
|
+
if (fileDiff.removed.length > 0)
|
|
203
|
+
parts.push(`${fileDiff.removed.length} files removed`);
|
|
204
|
+
if (changedFiles.length > 0)
|
|
205
|
+
parts.push(`${changedFiles.length} files changed`);
|
|
206
|
+
if (importDiff.added.length > 0)
|
|
207
|
+
parts.push(`${importDiff.added.length} new imports`);
|
|
208
|
+
if (importDiff.removed.length > 0)
|
|
209
|
+
parts.push(`${importDiff.removed.length} removed imports`);
|
|
210
|
+
if (netDiff.added.length > 0)
|
|
211
|
+
parts.push(`${netDiff.added.length} new network endpoints`);
|
|
212
|
+
if (nativeDiff.added.length > 0)
|
|
213
|
+
parts.push(`${nativeDiff.added.length} new native bindings`);
|
|
214
|
+
const summary = parts.length > 0
|
|
215
|
+
? `Changes: ${parts.join(', ')}`
|
|
216
|
+
: 'No behavioral changes detected';
|
|
217
|
+
return {
|
|
218
|
+
addedImports: importDiff.added,
|
|
219
|
+
removedImports: importDiff.removed,
|
|
220
|
+
addedNetworkEndpoints: netDiff.added,
|
|
221
|
+
removedNetworkEndpoints: netDiff.removed,
|
|
222
|
+
addedFsPaths: fsDiff.added,
|
|
223
|
+
removedFsPaths: fsDiff.removed,
|
|
224
|
+
addedNativeBindings: nativeDiff.added,
|
|
225
|
+
removedNativeBindings: nativeDiff.removed,
|
|
226
|
+
addedFiles: fileDiff.added,
|
|
227
|
+
removedFiles: fileDiff.removed,
|
|
228
|
+
changedFiles,
|
|
229
|
+
contentHashChanged,
|
|
230
|
+
summary,
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=profile.js.map
|