npm - @cyclonedx/cdxgen - Versions diffs - 12.4.3 → 12.4.4 - Mend

@cyclonedx/cdxgen 12.4.3 → 12.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/README.md +6 -0
package/bin/audit.js +7 -0
package/bin/cdxgen.js +48 -2
package/bin/evinse.js +7 -0
package/lib/audit/index.js +165 -2
package/lib/audit/index.poku.js +462 -0
package/lib/cli/index.js +317 -169
package/lib/evinser/evinser.js +31 -9
package/lib/helpers/analyzer.js +890 -0
package/lib/helpers/analyzer.poku.js +341 -0
package/lib/helpers/atomUtils.js +445 -0
package/lib/helpers/atomUtils.poku.js +137 -0
package/lib/helpers/bomUtils.js +71 -0
package/lib/helpers/bomUtils.poku.js +45 -0
package/lib/helpers/depsUtils.js +146 -0
package/lib/helpers/depsUtils.poku.js +183 -0
package/lib/helpers/utils.js +585 -191
package/lib/helpers/utils.poku.js +357 -4
package/lib/managers/binary.js +18 -9
package/lib/stages/postgen/postgen.js +215 -0
package/lib/stages/postgen/postgen.poku.js +218 -3
package/lib/validator/bomValidator.js +11 -2
package/package.json +8 -8
package/types/lib/audit/index.d.ts.map +1 -1
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/atomUtils.d.ts +18 -0
package/types/lib/helpers/atomUtils.d.ts.map +1 -0
package/types/lib/helpers/bomUtils.d.ts +10 -0
package/types/lib/helpers/bomUtils.d.ts.map +1 -1
package/types/lib/helpers/depsUtils.d.ts +9 -0
package/types/lib/helpers/depsUtils.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +19 -0
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts +2 -1
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/validator/bomValidator.d.ts.map +1 -1

package/lib/helpers/analyzer.js CHANGED Viewed

@@ -332,6 +332,252 @@ const getStringValue = (astNode) => {
   return undefined;
 };
+const ANGULAR_WORKSPACE_MANIFEST_NAMES = new Set([
+  "angular.json",
+  "workspace.json",
+  "project.json",
+]);
+const ANGULAR_RESOURCE_METADATA_KEYS = new Set([
+  "styleUrl",
+  "styleUrls",
+  "templateUrl",
+]);
+const ANGULAR_PACKAGE_STRING_KEYS = new Set([
+  "builder",
+  "executor",
+  "loadChildren",
+]);
+const ANGULAR_WORKSPACE_PACKAGE_STRING_KEYS = new Set([
+  "builder",
+  "executor",
+  "polyfills",
+  "plugins",
+  "scripts",
+  "styles",
+]);
+const ANGULAR_CONFIG_EVIDENCE_FILE_NAMES = new Set([
+  "karma.conf.js",
+  "karma.conf.cjs",
+  "karma.conf.mjs",
+  "protractor.conf.js",
+  "protractor.conf.cjs",
+  "protractor.conf.mjs",
+]);
+const ANGULAR_SCRIPT_COMMAND_PACKAGES = [
+  { pattern: /(?:^|[\s;&|()])ng\s+test(?:\s|$)/, packages: ["karma"] },
+  { pattern: /(?:^|[\s;&|()])ng\s+e2e(?:\s|$)/, packages: ["protractor"] },
+  {
+    pattern: /(?:^|[\s;&|()])ng\s+lint(?:\s|$)/,
+    packages: ["codelyzer", "tslint"],
+  },
+  {
+    pattern: /(?:^|[\s;&|()])ng\s+(?:build|serve|run|xi18n)(?:\s|$)/,
+    packages: ["@angular/compiler-cli", "typescript"],
+  },
+  { pattern: /(?:^|[\s;&|()])ng(?:\s|$)/, packages: ["@angular/cli"] },
+  {
+    pattern: /(?:^|[\s;&|()])ngc(?:\s|$)/,
+    packages: ["@angular/compiler-cli"],
+  },
+  { pattern: /(?:^|[\s;&|()])tsc(?:\s|$)/, packages: ["typescript"] },
+  { pattern: /(?:^|[\s;&|()])ttsc(?:\s|$)/, packages: ["ttypescript"] },
+  { pattern: /(?:^|[\s;&|()])ts-node(?:\s|\/|$)/, packages: ["ts-node"] },
+  { pattern: /(?:^|[\s;&|()])tslint(?:\s|$)/, packages: ["tslint"] },
+  { pattern: /(?:^|[\s;&|()])karma(?:\s|$)/, packages: ["karma"] },
+  { pattern: /(?:^|[\s;&|()])protractor(?:\s|$)/, packages: ["protractor"] },
+  { pattern: /(?:^|[\s;&|()])jasmine(?:\s|$)/, packages: ["jasmine"] },
+  {
+    pattern: /(?:^|[\s;&|()])webpack-bundle-analyzer(?:\s|$)/,
+    packages: ["webpack-bundle-analyzer"],
+  },
+  { pattern: /(?:^|[\s;&|()])ng-packagr(?:\s|$)/, packages: ["ng-packagr"] },
+  {
+    pattern: /(?:^|[\s;&|()])firebase-tools(?:\s|$)/,
+    packages: ["firebase-tools"],
+  },
+  { pattern: /(?:^|[\s;&|()])typedoc(?:\s|$)/, packages: ["typedoc"] },
+  { pattern: /(?:^|[\s;&|()])rimraf(?:\s|$)/, packages: ["rimraf"] },
+  { pattern: /(?:^|[\s;&|()])rollup(?:\s|$)/, packages: ["rollup"] },
+];
+const ANGULAR_KARMA_CONFIG_PATTERNS = [
+  {
+    pattern: /\bframeworks\s*:\s*\[[^\]]*['"]jasmine['"]/s,
+    packages: ["karma-jasmine", "jasmine-core"],
+  },
+  {
+    pattern: /\bbrowsers\s*:\s*\[[^\]]*['"]Chrome/s,
+    packages: ["karma-chrome-launcher"],
+  },
+  {
+    pattern: /\bbrowsers\s*:\s*\[[^\]]*['"]Firefox/s,
+    packages: ["karma-firefox-launcher"],
+  },
+  {
+    pattern: /\bbrowsers\s*:\s*\[[^\]]*['"]Safari/s,
+    packages: ["karma-safarinative-launcher"],
+  },
+  {
+    pattern: /\breporters\s*:\s*\[[^\]]*['"]coverage-istanbul['"]/s,
+    packages: ["karma-coverage-istanbul-reporter"],
+  },
+  {
+    pattern: /\breporters\s*:\s*\[[^\]]*['"]html['"]/s,
+    packages: ["karma-jasmine-html-reporter"],
+  },
+];
+const ANGULAR_PROTRACTOR_CONFIG_PATTERNS = [
+  {
+    pattern: /\bframework\s*:\s*['"]jasmine['"]/,
+    packages: ["jasmine-core", "jasminewd2"],
+  },
+  { pattern: /\bts-node\/register\b/, packages: ["ts-node"] },
+];
+const isAngularTsconfigFileName = (fileName) =>
+  /^tsconfig(?:[.-].*)?\.json$/i.test(fileName);
+const ANGULAR_TEMPLATE_PACKAGE_PATTERNS = [
+  {
+    packageName: "@angular/router",
+    pattern: /<\s*router-outlet\b|\brouterLink(?:Active)?\b/,
+  },
+  {
+    packageName: "@angular/common",
+    pattern:
+      /\*(ngIf|ngFor|ngSwitch)|\b(ngClass|ngStyle|ngTemplateOutlet)\b|\|\s*(async|date|currency|decimal|json|keyvalue|lowercase|number|percent|slice|titlecase|uppercase)\b/,
+  },
+  {
+    packageName: "@angular/forms",
+    pattern:
+      /\b(formControl|formControlName|formGroup|formArrayName|ngModel)\b/,
+  },
+  {
+    packageName: "@angular/material",
+    pattern: /<\s*mat-[\w-]+\b|\bmat[A-Z][\w-]*\b|\bmat-[\w-]+\b/,
+  },
+  {
+    packageName: "@angular/cdk",
+    pattern: /<\s*cdk-[\w-]+\b|\bcdk[A-Z][\w-]*\b|\bcdk-[\w-]+\b/,
+  },
+  {
+    packageName: "@ionic/angular",
+    pattern: /<\s*ion-[\w-]+\b/,
+  },
+  {
+    packageName: "@fortawesome/angular-fontawesome",
+    pattern: /<\s*fa-icon\b/,
+  },
+  {
+    packageName: "ag-grid-angular",
+    pattern: /<\s*ag-grid-angular\b/,
+  },
+  {
+    packageName: "@ng-select/ng-select",
+    pattern: /<\s*ng-select\b/,
+  },
+  {
+    packageName: "@swimlane/ngx-charts",
+    pattern: /<\s*ngx-charts-[\w-]+\b/,
+  },
+];
+const angularLocalPathPrefixRegex =
+  /^(\.|\/|\\|src\/|app\/|assets\/|styles\/|environments\/)/i;
+const angularUrlRegex = /^[a-z][a-z0-9+.-]*:/i;
+const angularBareFileRegex =
+  /^[\w.-]+\.(css|html|js|json|less|mjs|scss|sass|ts)$/i;
+const stripAngularRouteFragment = (reference) =>
+  String(reference || "")
+    .split("#")[0]
+    .split("?")[0]
+    .trim();
+const extractAngularPackageName = (reference, allowBare = true) => {
+  let candidate = stripAngularRouteFragment(reference)
+    .replace(/^~+/, "")
+    .replace(/^\.\//, "");
+  if (!candidate || angularUrlRegex.test(candidate)) {
+    return undefined;
+  }
+  candidate = candidate.replaceAll("\\", "/");
+  if (candidate.startsWith("node_modules/")) {
+    candidate = candidate.slice("node_modules/".length);
+  } else if (angularLocalPathPrefixRegex.test(candidate)) {
+    return undefined;
+  }
+  if (!allowBare && !candidate.includes("/")) {
+    return undefined;
+  }
+  if (candidate === "zone.js") {
+    return candidate;
+  }
+  if (angularBareFileRegex.test(candidate)) {
+    return undefined;
+  }
+  if (candidate.startsWith("@")) {
+    const scopedMatch = candidate.match(/^(@[^/\s:]+\/[^/\s:]+)/);
+    return scopedMatch?.[1];
+  }
+  const unscopedMatch = candidate.match(
+    /^([a-zA-Z0-9][a-zA-Z0-9._-]*)(?=\/|:|$)/,
+  );
+  return unscopedMatch?.[1];
+};
+const setAngularPackageRef = (
+  allImports,
+  allExports,
+  src,
+  file,
+  reference,
+  sourceLoc,
+  allowBare = true,
+) => {
+  const packageName = extractAngularPackageName(reference, allowBare);
+  if (!packageName) {
+    return;
+  }
+  setSyntheticImportRef(
+    allImports,
+    allExports,
+    src,
+    file,
+    packageName,
+    [],
+    sourceLoc,
+  );
+};
+const getObjectPropertyKeyName = (propertyNode) => {
+  if (!propertyNode) {
+    return undefined;
+  }
+  return getMemberExpressionPropertyName(propertyNode);
+};
+const getAngularStringNodes = (astNode) => {
+  if (!astNode) {
+    return [];
+  }
+  if (getStringValue(astNode)) {
+    return [astNode];
+  }
+  if (astNode.type === "ArrayExpression") {
+    return (astNode.elements || []).filter((element) =>
+      getStringValue(element),
+    );
+  }
+  return [];
+};
 const unwrapAwait = (astNode) =>
   astNode?.type === "AwaitExpression" ? astNode.argument : astNode;
@@ -570,6 +816,42 @@ const parseFileASTTree = (src, file, allImports, allExports) => {
           path.node.specifiers,
         );
         const sourceValue = path.node.source?.value;
+        if (sourceValue === "@angular/platform-browser/animations") {
+          setSyntheticImportRef(
+            allImports,
+            allExports,
+            src,
+            file,
+            "@angular/animations",
+            [],
+            path.node.loc?.start,
+          );
+        }
+        if (sourceValue === "@angular/platform-browser-dynamic") {
+          setSyntheticImportRef(
+            allImports,
+            allExports,
+            src,
+            file,
+            "@angular/compiler",
+            [],
+            path.node.loc?.start,
+          );
+        }
+        if (
+          sourceValue === "@angular/fire" ||
+          sourceValue?.startsWith("@angular/fire/")
+        ) {
+          setSyntheticImportRef(
+            allImports,
+            allExports,
+            src,
+            file,
+            "firebase",
+            [],
+            path.node.loc?.start,
+          );
+        }
         if (sourceValue === "node:wasi" || sourceValue === "wasi") {
           for (const specifier of path.node.specifiers || []) {
             if (
@@ -950,6 +1232,37 @@ const parseFileASTTree = (src, file, allImports, allExports) => {
         );
       }
     },
+    ObjectProperty: (path) => {
+      const keyName = getObjectPropertyKeyName(path?.node?.key);
+      if (!keyName) {
+        return;
+      }
+      if (ANGULAR_RESOURCE_METADATA_KEYS.has(keyName)) {
+        for (const stringNode of getAngularStringNodes(path.node.value)) {
+          setFileRef(allImports, allExports, src, file, stringNode);
+        }
+      }
+      if (ANGULAR_PACKAGE_STRING_KEYS.has(keyName)) {
+        for (const stringNode of getAngularStringNodes(path.node.value)) {
+          const reference = getStringValue(stringNode);
+          if (keyName === "loadChildren" && /^[./]/.test(reference || "")) {
+            setFileRef(allImports, allExports, src, file, {
+              value: stripAngularRouteFragment(reference),
+              loc: stringNode.loc,
+            });
+            continue;
+          }
+          setAngularPackageRef(
+            allImports,
+            allExports,
+            src,
+            file,
+            reference,
+            stringNode.loc?.start,
+          );
+        }
+      }
+    },
     // Use for export barrells
     ExportAllDeclaration: (path) => {
       setFileRef(allImports, allExports, src, file, path.node.source);
@@ -992,6 +1305,541 @@ const getAllSrcJSAndTSFiles = (src, deep) =>
     ),
   );
+const getAngularWorkspaceManifestFiles = (
+  dir,
+  deep,
+  result = [],
+  rootDir = dir,
+  excludePatterns = [],
+) => {
+  let files;
+  try {
+    files = readdirSync(dir);
+  } catch {
+    return result;
+  }
+  for (const entry of files) {
+    if (entry.startsWith(".")) {
+      continue;
+    }
+    const file = join(dir, entry);
+    let fileStat;
+    try {
+      fileStat = lstatSync(file);
+    } catch {
+      continue;
+    }
+    if (fileStat.isSymbolicLink()) {
+      continue;
+    }
+    if (
+      shouldExcludeAnalyzerPath(
+        rootDir,
+        file,
+        excludePatterns,
+        fileStat.isDirectory(),
+      )
+    ) {
+      continue;
+    }
+    if (fileStat.isDirectory()) {
+      const dirName = basename(file);
+      if (
+        dirName.startsWith("__") ||
+        IGNORE_DIRS.includes(dirName.toLowerCase()) ||
+        dirName === "node_modules"
+      ) {
+        continue;
+      }
+      getAngularWorkspaceManifestFiles(
+        file,
+        deep,
+        result,
+        rootDir,
+        excludePatterns,
+      );
+      continue;
+    }
+    if (ANGULAR_WORKSPACE_MANIFEST_NAMES.has(entry)) {
+      result.push(file);
+    }
+  }
+  return result;
+};
+const getAngularEvidenceFiles = (
+  dir,
+  deep,
+  result = [],
+  rootDir = dir,
+  excludePatterns = [],
+) => {
+  let files;
+  try {
+    files = readdirSync(dir);
+  } catch {
+    return result;
+  }
+  for (const entry of files) {
+    if (entry.startsWith(".")) {
+      continue;
+    }
+    const file = join(dir, entry);
+    let fileStat;
+    try {
+      fileStat = lstatSync(file);
+    } catch {
+      continue;
+    }
+    if (fileStat.isSymbolicLink()) {
+      continue;
+    }
+    if (
+      shouldExcludeAnalyzerPath(
+        rootDir,
+        file,
+        excludePatterns,
+        fileStat.isDirectory(),
+      )
+    ) {
+      continue;
+    }
+    if (fileStat.isDirectory()) {
+      const dirName = basename(file);
+      if (
+        dirName.startsWith("__") ||
+        IGNORE_DIRS.includes(dirName.toLowerCase()) ||
+        dirName === "node_modules" ||
+        (!deep && dirName === "dist")
+      ) {
+        continue;
+      }
+      getAngularEvidenceFiles(file, deep, result, rootDir, excludePatterns);
+      continue;
+    }
+    if (
+      entry === "package.json" ||
+      ANGULAR_CONFIG_EVIDENCE_FILE_NAMES.has(entry) ||
+      isAngularTsconfigFileName(entry)
+    ) {
+      result.push(file);
+    }
+  }
+  return result;
+};
+const parseAngularJsonFile = (file) => {
+  try {
+    return JSON.parse(readFileSync(file, "utf-8"));
+  } catch {
+    return undefined;
+  }
+};
+const parseAngularJsonLikeFile = (file) => {
+  try {
+    const content = readFileSync(file, "utf-8")
+      .replace(/\/\*[\s\S]*?\*\//g, "")
+      .replace(/^\s*\/\/.*$/gm, "");
+    return JSON.parse(content);
+  } catch {
+    return undefined;
+  }
+};
+const addAngularBuilderImpliedPackageRefs = (reference, refs) => {
+  const normalizedReference = String(reference || "").trim();
+  if (!normalizedReference.includes(":")) {
+    return;
+  }
+  const [builderPackage, builderTarget] = normalizedReference.split(":");
+  if (
+    builderPackage === "@angular-devkit/build-angular" ||
+    builderPackage === "@angular/build"
+  ) {
+    if (
+      [
+        "application",
+        "browser",
+        "browser-esbuild",
+        "dev-server",
+        "extract-i18n",
+        "server",
+      ].includes(builderTarget)
+    ) {
+      refs.add("@angular/compiler-cli");
+      refs.add("typescript");
+    }
+    if (builderTarget === "karma") {
+      refs.add("karma");
+    }
+    if (builderTarget === "protractor") {
+      refs.add("protractor");
+    }
+  }
+  if (builderPackage === "@angular-devkit/build-ng-packagr") {
+    refs.add("ng-packagr");
+  }
+  if (builderPackage === "@nguniversal/builders") {
+    refs.add("@angular/compiler-cli");
+    refs.add("typescript");
+  }
+};
+const isAngularPackageSignal = (packageName) =>
+  packageName === "@angular" ||
+  packageName?.startsWith("@angular/") ||
+  packageName?.startsWith("@angular-") ||
+  packageName === "@nx/angular" ||
+  packageName === "@schematics/angular";
+const collectAngularWorkspacePackageRefs = (node, keyName, refs) => {
+  if (typeof node === "string") {
+    if (ANGULAR_WORKSPACE_PACKAGE_STRING_KEYS.has(keyName)) {
+      const packageName = extractAngularPackageName(node, true);
+      if (packageName) {
+        refs.add(packageName);
+      }
+      if (keyName === "builder" || keyName === "executor") {
+        addAngularBuilderImpliedPackageRefs(node, refs);
+      }
+    }
+    return;
+  }
+  if (Array.isArray(node)) {
+    for (const item of node) {
+      collectAngularWorkspacePackageRefs(item, keyName, refs);
+    }
+    return;
+  }
+  if (!node || typeof node !== "object") {
+    return;
+  }
+  if (
+    ANGULAR_WORKSPACE_PACKAGE_STRING_KEYS.has(keyName) &&
+    typeof node.input === "string"
+  ) {
+    const packageName = extractAngularPackageName(node.input, true);
+    if (packageName) {
+      refs.add(packageName);
+    }
+  }
+  for (const [childKey, childValue] of Object.entries(node)) {
+    if (typeof childKey === "string" && childKey.includes(":")) {
+      const packageName = extractAngularPackageName(childKey, true);
+      if (packageName) {
+        refs.add(packageName);
+      }
+    }
+    if (
+      ANGULAR_WORKSPACE_PACKAGE_STRING_KEYS.has(childKey) &&
+      typeof childValue === "object" &&
+      !Array.isArray(childValue) &&
+      typeof childValue?.input === "string"
+    ) {
+      const packageName = extractAngularPackageName(childValue.input, true);
+      if (packageName) {
+        refs.add(packageName);
+      }
+    }
+    collectAngularWorkspacePackageRefs(childValue, childKey, refs);
+  }
+};
+const parseAngularWorkspaceManifests = (
+  src,
+  allImports,
+  allExports,
+  deep,
+  excludePatterns,
+) => {
+  const manifestFiles = getAngularWorkspaceManifestFiles(
+    src,
+    deep,
+    [],
+    src,
+    excludePatterns,
+  );
+  const parsedAngularManifestFiles = [];
+  const hasAngularSourceEvidence = Object.keys(allImports).some((importName) =>
+    isAngularPackageSignal(importName),
+  );
+  for (const manifestFile of manifestFiles) {
+    const manifest = parseAngularJsonFile(manifestFile);
+    if (!manifest) {
+      continue;
+    }
+    const packageRefs = new Set();
+    collectAngularWorkspacePackageRefs(manifest, undefined, packageRefs);
+    if (
+      basename(manifestFile) === "project.json" &&
+      !hasAngularSourceEvidence &&
+      !Array.from(packageRefs).some((packageRef) =>
+        isAngularPackageSignal(packageRef),
+      )
+    ) {
+      continue;
+    }
+    parsedAngularManifestFiles.push(manifestFile);
+    for (const packageRef of packageRefs) {
+      setAngularPackageRef(
+        allImports,
+        allExports,
+        src,
+        manifestFile,
+        packageRef,
+        undefined,
+      );
+    }
+  }
+  return parsedAngularManifestFiles;
+};
+const hasAngularImportEvidence = (allImports, manifestFiles) =>
+  manifestFiles.length > 0 ||
+  Object.keys(allImports).some((importName) =>
+    isAngularPackageSignal(importName),
+  );
+const parseAngularTemplateFiles = (
+  src,
+  allImports,
+  allExports,
+  deep,
+  excludePatterns,
+) => {
+  const templateFiles = getAllFiles(
+    deep,
+    src,
+    ".html",
+    undefined,
+    undefined,
+    undefined,
+    src,
+    excludePatterns,
+  );
+  for (const templateFile of templateFiles) {
+    let content;
+    try {
+      content = readFileSync(templateFile, "utf-8");
+    } catch {
+      continue;
+    }
+    const lines = content.split(/\r?\n/);
+    for (const [index, line] of lines.entries()) {
+      for (const templatePattern of ANGULAR_TEMPLATE_PACKAGE_PATTERNS) {
+        if (templatePattern.pattern.test(line)) {
+          setAngularPackageRef(
+            allImports,
+            allExports,
+            src,
+            templateFile,
+            templatePattern.packageName,
+            { line: index + 1, column: 0 },
+          );
+        }
+      }
+    }
+  }
+};
+const addAngularScriptPackageRefs = (
+  allImports,
+  allExports,
+  src,
+  file,
+  scriptValue,
+) => {
+  const script = String(scriptValue || "");
+  if (!script) {
+    return;
+  }
+  for (const commandPackage of ANGULAR_SCRIPT_COMMAND_PACKAGES) {
+    if (commandPackage.pattern.test(script)) {
+      for (const packageName of commandPackage.packages) {
+        setAngularPackageRef(
+          allImports,
+          allExports,
+          src,
+          file,
+          packageName,
+          undefined,
+        );
+      }
+    }
+  }
+};
+const parseAngularPackageJsonScripts = (
+  src,
+  allImports,
+  allExports,
+  evidenceFiles,
+) => {
+  for (const evidenceFile of evidenceFiles) {
+    if (basename(evidenceFile) !== "package.json") {
+      continue;
+    }
+    const packageJson = parseAngularJsonFile(evidenceFile);
+    if (!packageJson?.scripts || typeof packageJson.scripts !== "object") {
+      continue;
+    }
+    for (const scriptValue of Object.values(packageJson.scripts)) {
+      addAngularScriptPackageRefs(
+        allImports,
+        allExports,
+        src,
+        evidenceFile,
+        scriptValue,
+      );
+    }
+  }
+};
+const addAngularConfigPatternPackageRefs = (
+  allImports,
+  allExports,
+  src,
+  file,
+  content,
+  configPatterns,
+) => {
+  for (const configPattern of configPatterns) {
+    if (configPattern.pattern.test(content)) {
+      for (const packageName of configPattern.packages) {
+        setAngularPackageRef(
+          allImports,
+          allExports,
+          src,
+          file,
+          packageName,
+          undefined,
+        );
+      }
+    }
+  }
+};
+const parseAngularToolConfigFiles = (
+  src,
+  allImports,
+  allExports,
+  evidenceFiles,
+) => {
+  for (const evidenceFile of evidenceFiles) {
+    const evidenceFileName = basename(evidenceFile);
+    if (!ANGULAR_CONFIG_EVIDENCE_FILE_NAMES.has(evidenceFileName)) {
+      continue;
+    }
+    let content;
+    try {
+      content = readFileSync(evidenceFile, "utf-8");
+    } catch {
+      continue;
+    }
+    setAngularPackageRef(
+      allImports,
+      allExports,
+      src,
+      evidenceFile,
+      evidenceFileName.startsWith("karma.") ? "karma" : "protractor",
+      undefined,
+    );
+    for (const requiredPackage of content.matchAll(
+      /require\(["']([^"']+)["']\)/g,
+    )) {
+      setAngularPackageRef(
+        allImports,
+        allExports,
+        src,
+        evidenceFile,
+        requiredPackage[1],
+        undefined,
+      );
+    }
+    if (evidenceFileName.startsWith("karma.")) {
+      addAngularConfigPatternPackageRefs(
+        allImports,
+        allExports,
+        src,
+        evidenceFile,
+        content,
+        ANGULAR_KARMA_CONFIG_PATTERNS,
+      );
+      continue;
+    }
+    addAngularConfigPatternPackageRefs(
+      allImports,
+      allExports,
+      src,
+      evidenceFile,
+      content,
+      ANGULAR_PROTRACTOR_CONFIG_PATTERNS,
+    );
+  }
+};
+const parseAngularTsconfigFiles = (
+  src,
+  allImports,
+  allExports,
+  evidenceFiles,
+) => {
+  for (const evidenceFile of evidenceFiles) {
+    if (!isAngularTsconfigFileName(basename(evidenceFile))) {
+      continue;
+    }
+    const tsconfig = parseAngularJsonLikeFile(evidenceFile);
+    const compilerOptions = tsconfig?.compilerOptions;
+    if (!compilerOptions || typeof compilerOptions !== "object") {
+      continue;
+    }
+    if (compilerOptions.importHelpers === true) {
+      setAngularPackageRef(
+        allImports,
+        allExports,
+        src,
+        evidenceFile,
+        "tslib",
+        undefined,
+      );
+    }
+    if (Array.isArray(compilerOptions.types)) {
+      for (const typeName of compilerOptions.types) {
+        if (typeof typeName !== "string" || !typeName) {
+          continue;
+        }
+        const typePackageName = typeName.startsWith("@")
+          ? typeName
+          : `@types/${typeName}`;
+        setAngularPackageRef(
+          allImports,
+          allExports,
+          src,
+          evidenceFile,
+          typePackageName,
+          undefined,
+        );
+      }
+    }
+    if (Array.isArray(compilerOptions.plugins)) {
+      for (const plugin of compilerOptions.plugins) {
+        const pluginReference =
+          plugin?.transform || plugin?.name || plugin?.import;
+        if (typeof pluginReference === "string") {
+          setAngularPackageRef(
+            allImports,
+            allExports,
+            src,
+            evidenceFile,
+            pluginReference,
+            undefined,
+          );
+        }
+      }
+    }
+  }
+};
 export const CHROMIUM_EXTENSION_CAPABILITY_CATEGORIES = [
   "fileAccess",
   "deviceAccess",
@@ -1485,6 +2333,7 @@ export const findJSImportsExports = async (src, deep) => {
   const allImports = {};
   const allExports = {};
   try {
+    const searchOptions = normalizeAnalyzerSearchOptions(deep);
     const promiseMap = await getAllSrcJSAndTSFiles(src, deep);
     const srcFiles = promiseMap.flat();
     for (const file of srcFiles) {
@@ -1494,6 +2343,47 @@ export const findJSImportsExports = async (src, deep) => {
         // ignore parse failures
       }
     }
+    const angularManifestFiles = parseAngularWorkspaceManifests(
+      src,
+      allImports,
+      allExports,
+      searchOptions.deep,
+      searchOptions.exclude,
+    );
+    if (hasAngularImportEvidence(allImports, angularManifestFiles)) {
+      const angularEvidenceFiles = getAngularEvidenceFiles(
+        src,
+        searchOptions.deep,
+        [],
+        src,
+        searchOptions.exclude,
+      );
+      parseAngularPackageJsonScripts(
+        src,
+        allImports,
+        allExports,
+        angularEvidenceFiles,
+      );
+      parseAngularToolConfigFiles(
+        src,
+        allImports,
+        allExports,
+        angularEvidenceFiles,
+      );
+      parseAngularTsconfigFiles(
+        src,
+        allImports,
+        allExports,
+        angularEvidenceFiles,
+      );
+      parseAngularTemplateFiles(
+        src,
+        allImports,
+        allExports,
+        searchOptions.deep,
+        searchOptions.exclude,
+      );
+    }
     return { allImports, allExports };
   } catch (_err) {
     return { allImports, allExports };