@cyclonedx/cdxgen 12.3.3 → 12.4.1

package/lib/validator/bomValidator.js

@@ -6,6 +6,10 @@ import Ajv2020 from "ajv/dist/2020.js";
 import addFormats from "ajv-formats";
 import { PackageURL } from "packageurl-js";
 
+import {
+  isCycloneDxSpecVersionAtLeast,
+  toCycloneDxSpecVersionString,
+} from "../helpers/bomUtils.js";
 import { thoughtLog } from "../helpers/logger.js";
 import { DEBUG_MODE, dirNameStr, isPartialTree } from "../helpers/utils.js";
 import {
@@ -14,6 +18,13 @@ import {
 } from "../stages/postgen/spdxConverter.js";
 
 const dirName = dirNameStr;
+const SUPPORTED_CYCLONEDX_SCHEMA_VERSIONS = new Set([
+  "1.4",
+  "1.5",
+  "1.6",
+  "1.7",
+  "2.0",
+]);
 const PLACEHOLDER_COMPONENT_NAMES = new Set(["app", "application", "project"]);
 const SPDX_EXPORT_TYPES = new Set([
   "CreationInfo",
@@ -23,6 +34,74 @@ const SPDX_EXPORT_TYPES = new Set([
   "software_Package",
 ]);
 let spdxExportSchemaValidator;
+const cycloneDxSchemaValidators = new Map();
+
+const AJV_OPTIONS = {
+  strict: false,
+  logger: false,
+  verbose: true,
+  code: {
+    source: true,
+    lines: true,
+    optimize: true,
+  },
+};
+
+const readJsonSchema = (fileName) =>
+  JSON.parse(readFileSync(join(dirName, "data", fileName), "utf-8"));
+
+const addDraft2020BundledSchema = (ajv, schema, schemaId) => {
+  const bundledSchema = { ...schema };
+  delete bundledSchema.$schema;
+  bundledSchema.$id = schemaId;
+  ajv.addSchema(bundledSchema);
+};
+
+const getCycloneDxSchemaValidator = (specVersion) => {
+  if (cycloneDxSchemaValidators.has(specVersion)) {
+    return cycloneDxSchemaValidators.get(specVersion);
+  }
+  let validate;
+  if (isCycloneDxSpecVersionAtLeast(specVersion, "2.0")) {
+    const ajv = new Ajv2020(AJV_OPTIONS);
+    addFormats(ajv);
+    addDraft2020BundledSchema(
+      ajv,
+      readJsonSchema("cryptography-defs.schema.json"),
+      "https://cyclonedx.org/schema/cryptography-defs.schema.json",
+    );
+    addDraft2020BundledSchema(
+      ajv,
+      readJsonSchema("jsf-0.82.schema.json"),
+      "https://cyclonedx.org/schema/jsf-0.82.schema.json",
+    );
+    addDraft2020BundledSchema(
+      ajv,
+      readJsonSchema("spdx.schema.json"),
+      "https://cyclonedx.org/schema/spdx.schema.json",
+    );
+    validate = ajv.compile(readJsonSchema("cyclonedx-2.0-bundled.schema.json"));
+  } else {
+    const schemas = [
+      readJsonSchema(`bom-${specVersion}.schema.json`),
+      readJsonSchema("jsf-0.82.schema.json"),
+      readJsonSchema("spdx.schema.json"),
+    ];
+    if (isCycloneDxSpecVersionAtLeast(specVersion, "1.7")) {
+      schemas.push(readJsonSchema("cryptography-defs.schema.json"));
+    }
+    const ajv = new Ajv({
+      ...AJV_OPTIONS,
+      schemas,
+    });
+    addFormats(ajv);
+    validate = ajv.getSchema(
+      `http://cyclonedx.org/schema/bom-${specVersion}.schema.json`,
+    );
+  }
+  cycloneDxSchemaValidators.set(specVersion, validate);
+  return validate;
+};
 
 const getSpdxElementId = (element) => element?.spdxId || element?.["@id"];
 
@@ -36,6 +115,7 @@ const getSpdxExportSchemaValidator = () => {
     );
     const ajv = new Ajv2020({
       strict: false,
+      validateSchema: false,
       logger: false,
       verbose: true,
       code: {
@@ -63,44 +143,16 @@ export const validateBom = (bomJson) => {
   if (!bomJson) {
     return true;
   }
-  const specVersion = bomJson.specVersion;
-  const schema = JSON.parse(
-    readFileSync(
-      join(dirName, "data", `bom-${specVersion}.schema.json`),
-      "utf-8",
-    ),
-  );
-  const defsSchema = JSON.parse(
-    readFileSync(join(dirName, "data", "jsf-0.82.schema.json"), "utf-8"),
-  );
-  const spdxSchema = JSON.parse(
-    readFileSync(join(dirName, "data", "spdx.schema.json"), "utf-8"),
-  );
-  const cryptoDefSchema = JSON.parse(
-    readFileSync(
-      join(dirName, "data", "cryptography-defs.schema.json"),
-      "utf-8",
-    ),
-  );
-  const schemas = [schema, defsSchema, spdxSchema];
-  if (specVersion >= 1.7) {
-    schemas.push(cryptoDefSchema);
-  }
-  const ajv = new Ajv({
-    schemas,
-    strict: false,
-    logger: false,
-    verbose: true,
-    code: {
-      source: true,
-      lines: true,
-      optimize: true,
-    },
-  });
-  addFormats(ajv);
-  const validate = ajv.getSchema(
-    `http://cyclonedx.org/schema/bom-${specVersion}.schema.json`,
-  );
+  const specVersion = toCycloneDxSpecVersionString(bomJson.specVersion);
+  if (!SUPPORTED_CYCLONEDX_SCHEMA_VERSIONS.has(specVersion)) {
+    console.log(
+      `Unsupported CycloneDX specVersion '${bomJson.specVersion}'. Supported versions are ${[
+        ...SUPPORTED_CYCLONEDX_SCHEMA_VERSIONS,
+      ].join(", ")}.`,
+    );
+    return false;
+  }
+  const validate = getCycloneDxSchemaValidator(specVersion);
   const isValid = validate(bomJson);
   if (!isValid) {
     if (bomJson.metadata?.component?.name) {

package/lib/validator/bomValidator.poku.js

@@ -1,7 +1,97 @@
+import { readFileSync as actualReadFileSync } from "node:fs";
+
 import esmock from "esmock";
 import { assert, describe, it } from "poku";
 import sinon from "sinon";
 
+import { validateBom } from "./bomValidator.js";
+
+const validCycloneDx20Bom = {
+  specFormat: "CycloneDX",
+  specVersion: "2.0",
+  serialNumber: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  version: 1,
+  metadata: {
+    component: {
+      "bom-ref": "pkg:generic/demo@1.0.0",
+      name: "demo",
+      purl: "pkg:generic/demo@1.0.0",
+      type: "application",
+      version: "1.0.0",
+    },
+    tools: {
+      components: [{ type: "application", name: "cdxgen", version: "12.4.0" }],
+    },
+  },
+  components: [
+    {
+      "bom-ref": "pkg:npm/lodash@4.17.21",
+      name: "lodash",
+      purl: "pkg:npm/lodash@4.17.21",
+      type: "library",
+      version: "4.17.21",
+    },
+  ],
+  dependencies: [
+    {
+      ref: "pkg:generic/demo@1.0.0",
+      dependsOn: ["pkg:npm/lodash@4.17.21"],
+    },
+    { ref: "pkg:npm/lodash@4.17.21", dependsOn: [] },
+  ],
+};
+
+describe("validateBom()", () => {
+  it("validates CycloneDX 2.0-dev JSON against the bundled schema", () => {
+    assert.strictEqual(validateBom(validCycloneDx20Bom), true);
+  });
+
+  it("returns a clear validation failure for unsupported spec versions", async () => {
+    const readFileSyncStub = sinon.stub();
+    const consoleLogStub = sinon.stub(console, "log");
+    try {
+      const { validateBom } = await esmock("./bomValidator.js", {
+        "node:fs": {
+          readFileSync: readFileSyncStub,
+        },
+      });
+
+      assert.strictEqual(
+        validateBom({ bomFormat: "CycloneDX", specVersion: "2.0.1" }),
+        false,
+      );
+      sinon.assert.notCalled(readFileSyncStub);
+      sinon.assert.calledWithMatch(
+        consoleLogStub,
+        "Unsupported CycloneDX specVersion '2.0.1'.",
+      );
+    } finally {
+      consoleLogStub.restore();
+    }
+  });
+
+  it("caches compiled CycloneDX schema validators by spec version", async () => {
+    const readFileSyncStub = sinon
+      .stub()
+      .callsFake((...args) => actualReadFileSync(...args));
+    const { validateBom } = await esmock("./bomValidator.js", {
+      "node:fs": {
+        readFileSync: readFileSyncStub,
+      },
+    });
+
+    assert.strictEqual(validateBom(validCycloneDx20Bom), true);
+    const readCountAfterFirstValidation = readFileSyncStub.callCount;
+    assert.ok(readCountAfterFirstValidation > 0);
+
+    assert.strictEqual(validateBom(validCycloneDx20Bom), true);
+    assert.strictEqual(
+      readFileSyncStub.callCount,
+      readCountAfterFirstValidation,
+    );
+  });
+});
+
 describe("validateSpdx()", () => {
   it("lazy-loads the bundled SPDX export schema on first validation call", async () => {
     const readFileSyncStub = sinon

package/lib/validator/complianceRules.js

@@ -36,6 +36,8 @@
 
 import { PackageURL } from "packageurl-js";
 
+import { isCycloneDxBom } from "../helpers/bomUtils.js";
+
 /**
  * Extract the first SPDX-ish license id from a CycloneDX component's licenses
  * block. Returns null when no license is declared.
@@ -325,7 +327,7 @@ const SCVS_RULES = [
     scvsLevels: ["L1", "L2", "L3"],
     automatable: true,
     evaluate(bomJson) {
-      if (bomJson?.bomFormat !== "CycloneDX" || !bomJson?.specVersion) {
+      if (!isCycloneDxBom(bomJson)) {
         return fail(
           "BOM is not a valid CycloneDX document (bomFormat/specVersion missing).",
           {
@@ -467,7 +469,7 @@ const SCVS_RULES = [
     scvsLevels: ["L1", "L2", "L3"],
     automatable: true,
     evaluate(bomJson) {
-      if (bomJson?.bomFormat === "CycloneDX" && bomJson?.specVersion) {
+      if (isCycloneDxBom(bomJson)) {
         return pass(`SBOM format is CycloneDX ${bomJson.specVersion}.`);
       }
       return fail("bomFormat or specVersion missing from the SBOM root.", {

package/lib/validator/index.poku.js

@@ -46,6 +46,20 @@ function richBom() {
 }
 
 describe("validateBomAdvanced", () => {
+  it("accepts CycloneDX 2.0-dev root fields in compliance evaluation", () => {
+    const bom20 = richBom();
+    delete bom20.bomFormat;
+    bom20.specFormat = "CycloneDX";
+    bom20.specVersion = "2.0";
+    const report = validateBomAdvanced(bom20, { schema: false });
+    assert.strictEqual(
+      report.allFindings.some((finding) =>
+        /bomFormat\/specVersion missing/.test(finding.message),
+      ),
+      false,
+    );
+  });
+
   it("returns structural, compliance, and benchmark data", () => {
     const report = validateBomAdvanced(richBom(), { schema: false });
     assert.strictEqual(typeof report.schemaValid, "boolean");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "12.3.3",
+  "version": "12.4.1",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "keywords": [
     "sbom",
@@ -91,6 +91,7 @@
     "cdxgen-secure": "bin/cdxgen.js",
     "cdxi": "bin/repl.js",
     "evinse": "bin/evinse.js",
+    "hbom": "bin/hbom.js",
     "obom": "bin/cdxgen.js",
     "saasbom": "bin/cdxgen.js",
     "spdxgen": "bin/cdxgen.js"
@@ -105,7 +106,7 @@
     "index.cjs"
   ],
   "dependencies": {
-    "@babel/parser": "7.29.2",
+    "@babel/parser": "7.29.3",
     "@babel/traverse": "7.29.0",
     "@iarna/toml": "2.2.5",
     "@isaacs/string-locale-compare": "1.1.0",
@@ -131,40 +132,41 @@
     "proc-log": "6.1.0",
     "properties-reader": "3.0.1",
     "read-package-json-fast": "5.0.0",
-    "semver": "7.7.4",
+    "semver": "7.8.0",
     "ssri": "13.0.1",
-    "tar": "7.5.13",
+    "tar": "7.5.15",
     "treeverse": "3.0.0",
     "uuid": "14.0.0",
     "walk-up-path": "4.0.0",
     "xml-js": "1.6.11",
-    "yaml": "2.8.3",
+    "yaml": "2.8.4",
     "yargs": "18.0.0",
     "yoctocolors": "2.1.2"
   },
   "devDependencies": {
-    "@biomejs/biome": "2.4.13",
-    "esmock": "2.7.3",
+    "@biomejs/biome": "2.4.15",
+    "esmock": "2.7.5",
     "poku": "4.3.0",
-    "sinon": "21.1.2",
+    "sinon": "22.0.0",
     "typescript": "6.0.3"
   },
   "optionalDependencies": {
     "@appthreat/atom": "2.5.2",
     "@appthreat/atom-parsetools": "1.1.4",
-    "@appthreat/cdx-proto": "1.3.0",
-    "@bufbuild/protobuf": "2.11.0",
-    "@cdxgen/cdxgen-plugins-bin": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-darwin-amd64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-darwin-arm64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linux-amd64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linux-arm": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linux-arm64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linux-ppc64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linuxmusl-amd64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-linuxmusl-arm64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-windows-amd64": "2.0.3",
-    "@cdxgen/cdxgen-plugins-bin-windows-arm64": "2.0.3",
+    "@appthreat/cdx-proto": "2.0.1",
+    "@bufbuild/protobuf": "2.12.0",
+    "@cdxgen/cdx-hbom": "0.5.0",
+    "@cdxgen/cdxgen-plugins-bin": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-darwin-amd64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-darwin-arm64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linux-amd64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linux-arm": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linux-arm64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linux-ppc64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linuxmusl-amd64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-linuxmusl-arm64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-windows-amd64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin-windows-arm64": "2.1.1",
     "body-parser": "2.2.2",
     "compression": "1.8.1",
     "connect": "3.7.0",

package/types/bin/hbom.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=hbom.d.ts.map

package/types/bin/hbom.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hbom.d.ts","sourceRoot":"","sources":["../../bin/hbom.js"],"names":[],"mappings":""}

package/types/bin/repl.d.ts

@@ -1,3 +1,3 @@
 #!/usr/bin/env node
-export function importSbom(sbomOrPath: any): void;
+export function importSbom(sbomOrPath: any): Promise<void>;
 //# sourceMappingURL=repl.d.ts.map

package/types/bin/repl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"repl.d.ts","sourceRoot":"","sources":["../../bin/repl.js"],"names":[],"mappings":";AA4OO,kDAwDN"}
+{"version":3,"file":"repl.d.ts","sourceRoot":"","sources":["../../bin/repl.js"],"names":[],"mappings":";AA6WO,2DAoEN"}

package/types/lib/audit/index.d.ts

@@ -22,6 +22,50 @@ export function loadInputBoms(options: object): {
     source: string;
     bomJson: object;
 }[];
+export function runDirectBomAuditFromBoms(inputBoms: any, options?: {}): Promise<{
+    auditMode: string;
+    generatedAt: string;
+    inputs: any;
+    results: {
+        auditOptions: {
+            bomAuditCategories: any;
+            bomAuditMinSeverity: any;
+            bomAuditRulesDir: any;
+        };
+        bomFormat: any;
+        findings: any[];
+        serialNumber: any;
+        source: any;
+        specVersion: any;
+        status: string;
+        summary: {
+            findingsBySeverity: {
+                critical: number;
+                high: number;
+                low: number;
+                medium: number;
+            };
+            findingsCount: number;
+            maxSeverity: string;
+        };
+    }[];
+    summary: {
+        findingsBySeverity: {
+            critical: number;
+            high: number;
+            low: number;
+            medium: number;
+        };
+        inputBomCount: any;
+        maxSeverity: string;
+        totalFindings: number;
+        bomsWithFindings: number;
+    };
+    tool: {
+        name: string;
+        version: string;
+    };
+}>;
 /**
  * Build low-noise provenance-aware contextual findings from the root BOM target.
  *

package/types/lib/audit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/audit/index.js"],"names":[],"mappings":"AAyFA;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAclB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,EAAE,CAoBpB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,GACJ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CA0BjD;AAkbD;;;;;;;;GAQG;AACH,mDAHW,MAAM,GACJ,MAAM,EAAE,CAqdpB;AAkJD;;;;;;GAMG;AACH,uDAJW,MAAM,UACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA0CnD;AAED;;;;;;;GAOG;AACH,uDALW,MAAM,UACN,MAAM,cACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAuBnD;AAoED;;;;;;;;;GASG;AACH,4DAJW,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAkEpB;AA+BD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgN3B;AAoVD,uDA8CC;AAoBD;;;;;;GAMG;AACH,4CAJW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,WACrC,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsF3B;AAED;;;;;GAKG;AACH,kCAHW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAe3B;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,WACN,MAAM,GACJ;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAqBhD;AAED;;;;;GAKG;AACH,2CAHW,MAAM,GACJ,MAAM,GAAG,SAAS,CAU9B;AAxpED,gDAKE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/audit/index.js"],"names":[],"mappings":"AAmGA;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAclB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,EAAE,CAoBpB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,GACJ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,CA0BjD;AA6CD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8DC;AA4bD;;;;;;;;GAQG;AACH,mDAHW,MAAM,GACJ,MAAM,EAAE,CAqdpB;AAkJD;;;;;;GAMG;AACH,uDAJW,MAAM,UACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CA0CnD;AAED;;;;;;;GAOG;AACH,uDALW,MAAM,UACN,MAAM,cACN,MAAM,GACJ;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAuBnD;AAoED;;;;;;;;;GASG;AACH,4DAJW,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAkEpB;AA+BD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiN3B;AAoVD,uDA8CC;AAoBD;;;;;;GAMG;AACH,4CAJW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,WACrC,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA4I3B;AAED;;;;;GAKG;AACH,kCAHW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAqB3B;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,WACN,MAAM,GACJ;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAmChD;AAED;;;;;GAKG;AACH,2CAHW,MAAM,GACJ,MAAM,GAAG,SAAS,CAU9B;AA11ED,gDAKE"}

package/types/lib/audit/reporters.d.ts

@@ -6,6 +6,22 @@ export function renderSarifReport(report: any, options?: {}): string;
  * @returns {string} JSON output
  */
 export function renderJsonReport(report: object): string;
+/**
+ * Render a direct BOM audit report for terminal output.
+ *
+ * @param {object} report aggregate direct audit report
+ * @param {object} options render options
+ * @returns {string} console report text
+ */
+export function renderDirectBomConsoleReport(report: object, options?: object): string;
+/**
+ * Render a direct BOM audit report as SARIF 2.1.0 output.
+ *
+ * @param {object} report aggregate direct audit report
+ * @param {object} [options] render options
+ * @returns {string} SARIF output
+ */
+export function renderDirectBomSarifReport(report: object, options?: object): string;
 /**
  * Render an audit report for terminal output.
  *

package/types/lib/audit/reporters.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"reporters.d.ts","sourceRoot":"","sources":["../../../lib/audit/reporters.js"],"names":[],"mappings":"AAqaA,qEAkDC;AAED;;;;;GAKG;AACH,yCAHW,MAAM,GACJ,MAAM,CAIlB;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,YACN,MAAM,GACJ,MAAM,CAiDlB;AAED;;;;;;;GAOG;AACH,8CALW,MAAM,UACN,MAAM,YACN,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,WACN,MAAM,YACN,MAAM,GACJ,MAAM,EAAE,CAgFpB"}
+{"version":3,"file":"reporters.d.ts","sourceRoot":"","sources":["../../../lib/audit/reporters.js"],"names":[],"mappings":"AA6gBA,qEAkDC;AAED;;;;;GAKG;AACH,yCAHW,MAAM,GACJ,MAAM,CAIlB;AAED;;;;;;GAMG;AACH,qDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA8ClB;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CAuClB;AAED;;;;;;GAMG;AACH,4CAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA2DlB;AAED;;;;;;;GAOG;AACH,8CALW,MAAM,UACN,MAAM,YACN,MAAM,GACJ,MAAM,CAmBlB;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,WACN,MAAM,YACN,MAAM,GACJ,MAAM,EAAE,CAgFpB"}

package/types/lib/audit/targets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"targets.d.ts","sourceRoot":"","sources":["../../../lib/audit/targets.js"],"names":[],"mappings":"AA4CA;;;;;;;GAOG;AACH,gDAHW,MAAM,GAAG,SAAS,GAChB,OAAO,CAOnB;AAuOD;;;;;;;GAOG;AACH,+DAHW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,GACnC,OAAO,CAAC,IAAI,CAAC,CA6EzB;AAkBD;;;;;GAKG;AACH,kDAHW,MAAM,GAAG,SAAS,GAChB,MAAM,CAOlB;AAED;;;;;;;GAOG;AACH,mDALW,MAAM,cACN,MAAM,YACN,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CAmFpD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,+CAfW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,YACrC,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IACR,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,eAAe,EAAE,MAAM,CAAC;QACxB,cAAc,EAAE,MAAM,CAAC;QACvB,sBAAsB,EAAE,MAAM,CAAC;QAC/B,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAyIH;AA7nBD,+CAA+D"}
+{"version":3,"file":"targets.d.ts","sourceRoot":"","sources":["../../../lib/audit/targets.js"],"names":[],"mappings":"AAmKA;;;;;;;GAOG;AACH,gDAHW,MAAM,GAAG,SAAS,GAChB,OAAO,CAOnB;AAuOD;;;;;;;GAOG;AACH,+DAHW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,GACnC,OAAO,CAAC,IAAI,CAAC,CA6EzB;AAkBD;;;;;GAKG;AACH,kDAHW,MAAM,GAAG,SAAS,GAChB,MAAM,CAOlB;AAED;;;;;;;GAOG;AACH,mDALW,MAAM,cACN,MAAM,YACN,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CAmGpD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,+CAfW;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,YACrC,MAAM,GAAG,MAAM,GAAG,SAAS,GACzB;IACR,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,eAAe,EAAE,MAAM,CAAC;QACxB,cAAc,EAAE,MAAM,CAAC;QACvB,sBAAsB,EAAE,MAAM,CAAC;QAC/B,gBAAgB,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAmJH;AA1wBD,+CAA+D"}

package/types/lib/cli/index.d.ts

@@ -235,6 +235,14 @@ export function createCsharpBom(path: string, options: Object): Promise<Object |
  * @returns {Promise<Object>} Promise resolving to BOM object
  */
 export function createVscodeExtensionBom(path: string, options: Object): Promise<Object>;
+/**
+ * Function to create BOM for Electron ASAR archives.
+ *
+ * @param {string} path to a single archive or a directory to scan
+ * @param {Object} options Parse options from the cli
+ * @returns {Promise<Object>} Promise resolving to BOM object
+ */
+export function createAsarBom(path: string, options: Object): Promise<Object>;
 /**
  * Function to create BOM for installed Chrome and Chromium-based browser extensions.
  *
@@ -278,6 +286,14 @@ export function createMultiXBom(pathList: string[], options: Object): Promise<Ob
  * @returns {Promise<Object|undefined>} Promise resolving to BOM object, or undefined if path is not readable
  */
 export function createXBom(path: string, options: Object): Promise<Object | undefined>;
+/**
+ * Function to create a hardware BOM for the current host.
+ *
+ * @param {string} _path Source path (unused for live host HBOM generation)
+ * @param {Object} options Parse options from the cli
+ * @returns {Promise<Object>} Promise resolving to BOM object
+ */
+export function createHBom(_path: string, options: Object): Promise<Object>;
 /**
  * Function to create bom string for various languages
  *

package/types/lib/cli/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAy5BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AAwbD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA8ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAwB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAouC3B;AAqID,0EAkgCC;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgmB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmJrC;AA2FD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAmPlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA8JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0P3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAkbrC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2F3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAgD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmC3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CAyClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAy7B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAyWrC;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAyS3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA0GjD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAo8BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AA6bD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA8ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAwB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAouC3B;AAsKD,0EA4/BC;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAylB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmJrC;AA2FD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAmPlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmE3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA8JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0P3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAkbrC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+F3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAyL3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+D3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CA4ClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAy9B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmXrC;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsB3B;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA8T3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA+HjD"}

package/types/lib/evinser/evinser.d.ts

@@ -82,18 +82,21 @@ export function catalogGradleDeps(dirPath: any, purlsJars: any, Namespaces: any)
 export function createAndStoreSlice(purl: any, purlsJars: any, Usages: any, options?: {}): Promise<any>;
 export function createSlice(purlOrLanguages: any, filePath: any, sliceType?: string, options?: {}): Promise<{
     tempDir?: undefined;
+    tempDirOwned?: undefined;
     slicesFile?: undefined;
     atomFile?: undefined;
     openapiSpecFile?: undefined;
     semanticsSlicesFile?: undefined;
 } | {
     tempDir: any;
+    tempDirOwned: boolean;
     slicesFile: any;
     atomFile?: undefined;
     openapiSpecFile?: undefined;
     semanticsSlicesFile?: undefined;
 } | {
     tempDir: any;
+    tempDirOwned: boolean;
     slicesFile: any;
     atomFile: any;
     openapiSpecFile: any;
@@ -120,6 +123,7 @@ export function analyzeProject(dbObjMap: Object, options: Object): Promise<{
     servicesMap: {};
     dataFlowFrames: {};
     tempDir: any;
+    tempDirOwned: any;
     userDefinedTypesMap: {};
     cryptoComponents: any[];
     cryptoGeneratePurls: {};

package/types/lib/evinser/evinser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA8BA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;GAuKC;AAED,6EAuBC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;GA4KhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA2KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}
+{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA+BA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;;;;GA2KC;AAED,6EAuBC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;;GA6KhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA0KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}

package/types/lib/helpers/analyzer.d.ts

@@ -1,4 +1,22 @@
+export function analyzeSuspiciousJsSource(source: any): {
+    executionIndicators: any[];
+    indicators: any[];
+    networkIndicators: any[];
+    obfuscationIndicators: any[];
+};
+export function analyzeJsCapabilitiesSource(source: any): {
+    capabilities: string[];
+    hasDynamicFetch: boolean;
+    hasDynamicImport: boolean;
+    hasEval: boolean;
+    indicatorMap: {};
+};
+export function analyzeJsCryptoSource(source: any): {
+    algorithms: any[];
+    libraries: any[];
+};
 export const CHROMIUM_EXTENSION_CAPABILITY_CATEGORIES: string[];
+export const JS_CAPABILITY_CATEGORIES: string[];
 export function findJSImportsExports(src: any, deep: any): Promise<{
     allImports: {};
     allExports: {};
@@ -9,6 +27,21 @@ export function analyzeSuspiciousJsFile(filePath: string): {
     networkIndicators: string[];
     obfuscationIndicators: string[];
 };
+export function analyzeJsCapabilitiesFile(filePath: any): {
+    capabilities: string[];
+    hasDynamicFetch: boolean;
+    hasDynamicImport: boolean;
+    hasEval: boolean;
+    indicatorMap: {};
+};
+export function analyzeJsCryptoFile(filePath: any): {
+    algorithms: any[];
+    libraries: any[];
+};
+export function detectJsCryptoInventory(src: any, deep?: boolean): Promise<{
+    algorithms: any[];
+    libraries: any[];
+}>;
 export function detectExtensionCapabilities(src: string, deep?: boolean): {
     capabilities: string[];
     indicators: {

package/types/lib/helpers/analyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../lib/helpers/analyzer.js"],"names":[],"mappings":"AAm4BA,gEAQE;AAmUK;;;GAiBN;AASM,kDAHI,MAAM,GACJ;IAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAAC,qBAAqB,EAAE,MAAM,EAAE,CAAA;CAAC,CAe/H;AAWM,iDANI,MAAM,SACN,OAAO,GACL;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE;YAAO,MAAM,GAAE,MAAM,EAAE;KAAC,CAAA;CAAC,CAwF1E;AA68BM,8CAJI,MAAM,SACN,OAAO,GACL;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAC,CAsI9E;AASM,wCAJI,MAAM,SACN,OAAO,GACL;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAC,CAsqB9E"}
+{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../lib/helpers/analyzer.js"],"names":[],"mappings":"AA6yCA;;;;;EAyJC;AA8CD;;;;;;EAmOC;AAyRD;;;EAyaC;AAv7CD,gEAQE;AA4JF,gDAQE;AA6TK;;;GAiBN;AASM,kDAHI,MAAM,GACJ;IAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAAC,qBAAqB,EAAE,MAAM,EAAE,CAAA;CAAC,CAe/H;AAuOM;;;;;;EAcN;AAorBM;;;EAQN;AAEM;;;GA+BN;AAWM,iDANI,MAAM,SACN,OAAO,GACL;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE;YAAO,MAAM,GAAE,MAAM,EAAE;KAAC,CAAA;CAAC,CAiK1E;AA68BM,8CAJI,MAAM,SACN,OAAO,GACL;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAC,CAsI9E;AASM,wCAJI,MAAM,SACN,OAAO,GACL;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAC,CA+uB9E"}

package/types/lib/helpers/analyzerScope.d.ts

@@ -0,0 +1,11 @@
+export function toResolvedValueArray(value: any): any;
+export function resolvedValueKey(value: any): string;
+export function mergeResolvedValues(...values: any[]): any;
+export function filterResolvedValues(value: any, predicate: any): any;
+export function hasOnlyResolvedValues(value: any, predicate: any): any;
+export function getStaticObjectProperty(objectValue: any, propertyName: any): any;
+export function deriveStaticNarrowingsFromCondition(astNode: any, branchTaken: any, getLiteralStringValue: any): any;
+export function resolveStaticValue(astNode: any, staticValueByName: any, getLiteralStringValue: any, getMemberExpressionPropertyName: any, depth?: number): any;
+export function deriveStaticNarrowingsFromSwitchCase(switchCaseNode: any, switchStatementNode: any, staticValueByName: any, getLiteralStringValue: any, getMemberExpressionPropertyName: any): Map<any, any> | undefined;
+export function getScopedStaticValueByName(path: any, staticValueByName: any, getLiteralStringValue: any, getMemberExpressionPropertyName: any): Map<any, any>;
+//# sourceMappingURL=analyzerScope.d.ts.map