@defai.digital/ax-cli 3.4.6 → 3.5.4

package/dist/analyzers/metrics/maintainability-calculator.js

@@ -0,0 +1,46 @@
+/**
+ * Maintainability Index Calculator
+ *
+ * Calculates MI = 171 - 5.2*ln(V) - 0.23*CC - 16.2*ln(LOC)
+ * Normalized to 0-100 scale
+ */
+export class MaintainabilityCalculator {
+    /**
+     * Calculate Maintainability Index
+     */
+    calculateIndex(halsteadVolume, cyclomaticComplexity, linesOfCode) {
+        // Original formula: MI = 171 - 5.2*ln(V) - 0.23*CC - 16.2*ln(LOC)
+        // Clamp values to avoid invalid log
+        const V = Math.max(1, halsteadVolume);
+        const CC = Math.max(1, cyclomaticComplexity);
+        const LOC = Math.max(1, linesOfCode);
+        const rawMI = 171 - 5.2 * Math.log(V) - 0.23 * CC - 16.2 * Math.log(LOC);
+        // Normalize to 0-100 scale
+        // Original MI can range from negative to ~171
+        // We'll use: MI_normalized = max(0, (rawMI / 171) * 100)
+        const score = Math.max(0, Math.min(100, (rawMI / 171) * 100));
+        const rating = this.getRating(score);
+        return Object.freeze({
+            score: Math.round(score * 100) / 100,
+            rating,
+            halsteadVolume: V,
+            cyclomaticComplexity: CC,
+            linesOfCode: LOC,
+        });
+    }
+    /**
+     * Get letter rating from MI score
+     */
+    getRating(score) {
+        if (score >= 80)
+            return 'A'; // Highly maintainable
+        if (score >= 65)
+            return 'B'; // Moderately maintainable
+        if (score >= 50)
+            return 'C'; // Somewhat maintainable
+        if (score >= 35)
+            return 'D'; // Difficult to maintain
+        return 'F'; // Very difficult to maintain
+    }
+}
+//# sourceMappingURL=maintainability-calculator.js.map

package/dist/analyzers/metrics/maintainability-calculator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"maintainability-calculator.js","sourceRoot":"","sources":["../../../src/analyzers/metrics/maintainability-calculator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,OAAO,yBAAyB;IACpC;;OAEG;IACH,cAAc,CACZ,cAAsB,EACtB,oBAA4B,EAC5B,WAAmB;QAEnB,kEAAkE;QAClE,oCAAoC;QACpC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QACtC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;QAErC,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEzE,2BAA2B;QAC3B,8CAA8C;QAC9C,yDAAyD;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAErC,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;YACpC,MAAM;YACN,cAAc,EAAE,CAAC;YACjB,oBAAoB,EAAE,EAAE;YACxB,WAAW,EAAE,GAAG;SACjB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,KAAa;QAC7B,IAAI,KAAK,IAAI,EAAE;YAAE,OAAO,GAAG,CAAC,CAAC,sBAAsB;QACnD,IAAI,KAAK,IAAI,EAAE;YAAE,OAAO,GAAG,CAAC,CAAC,0BAA0B;QACvD,IAAI,KAAK,IAAI,EAAE;YAAE,OAAO,GAAG,CAAC,CAAC,wBAAwB;QACrD,IAAI,KAAK,IAAI,EAAE;YAAE,OAAO,GAAG,CAAC,CAAC,wBAAwB;QACrD,OAAO,GAAG,CAAC,CAAC,6BAA6B;IAC3C,CAAC;CACF"}

package/dist/analyzers/metrics/metrics-analyzer.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Metrics Analyzer
+ *
+ * Main orchestrator for advanced code metrics analysis
+ */
+import type { MetricsAnalysisResult, MetricsAnalysisOptions } from './types.js';
+export declare class MetricsAnalyzer {
+    private halsteadCalculator;
+    private maintainabilityCalculator;
+    private astParser;
+    constructor();
+    /**
+     * Analyze metrics for files matching patterns
+     */
+    analyze(directory: string, options?: MetricsAnalysisOptions): Promise<MetricsAnalysisResult>;
+    /**
+     * Analyze a single file
+     */
+    private analyzeFile;
+    /**
+     * Calculate lines of code (excluding blank lines)
+     */
+    private calculateLinesOfCode;
+    /**
+     * Get files to analyze based on patterns
+     */
+    private getFilesToAnalyze;
+    /**
+     * Calculate summary statistics
+     */
+    private calculateSummary;
+}

package/dist/analyzers/metrics/metrics-analyzer.js

@@ -0,0 +1,140 @@
+/**
+ * Metrics Analyzer
+ *
+ * Main orchestrator for advanced code metrics analysis
+ */
+import { HalsteadCalculator } from './halstead-calculator.js';
+import { MaintainabilityCalculator } from './maintainability-calculator.js';
+import { ASTParser } from '../ast/parser.js';
+import { glob } from 'glob';
+export class MetricsAnalyzer {
+    halsteadCalculator;
+    maintainabilityCalculator;
+    astParser;
+    constructor() {
+        this.halsteadCalculator = new HalsteadCalculator();
+        this.maintainabilityCalculator = new MaintainabilityCalculator();
+        this.astParser = new ASTParser();
+    }
+    /**
+     * Analyze metrics for files matching patterns
+     */
+    async analyze(directory, options = {}) {
+        const files = await this.getFilesToAnalyze(directory, options);
+        const fileMetrics = [];
+        for (const filePath of files) {
+            try {
+                const metrics = await this.analyzeFile(filePath);
+                fileMetrics.push(metrics);
+            }
+            catch (error) {
+                // Skip files that fail to parse
+                continue;
+            }
+        }
+        const summary = this.calculateSummary(fileMetrics);
+        return Object.freeze({
+            fileMetrics: Object.freeze(fileMetrics),
+            summary,
+            timestamp: new Date(),
+        });
+    }
+    /**
+     * Analyze a single file
+     */
+    async analyzeFile(filePath) {
+        // Calculate Halstead metrics
+        const halstead = this.halsteadCalculator.calculateMetrics(filePath);
+        // Get AST info for complexity and LOC
+        const ast = this.astParser.parseFile(filePath);
+        // Calculate average and max complexity
+        const complexities = ast.functions.map((f) => f.complexity);
+        const averageComplexity = complexities.length > 0
+            ? complexities.reduce((a, b) => a + b, 0) / complexities.length
+            : 0;
+        const maxComplexity = complexities.length > 0 ? Math.max(...complexities) : 0;
+        // Calculate total lines of code (excluding blank lines and comments)
+        const linesOfCode = this.calculateLinesOfCode(filePath);
+        // Calculate Maintainability Index
+        const maintainability = this.maintainabilityCalculator.calculateIndex(halstead.volume, averageComplexity, linesOfCode);
+        return Object.freeze({
+            filePath,
+            halstead,
+            maintainability,
+            averageComplexity: Math.round(averageComplexity * 100) / 100,
+            maxComplexity,
+            totalFunctions: ast.functions.length,
+        });
+    }
+    /**
+     * Calculate lines of code (excluding blank lines)
+     */
+    calculateLinesOfCode(filePath) {
+        const sourceFile = this.astParser.getSourceFile(filePath);
+        const text = sourceFile.getFullText();
+        const lines = text.split('\n');
+        // Count non-blank lines
+        let loc = 0;
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (trimmed.length > 0) {
+                loc++;
+            }
+        }
+        return loc;
+    }
+    /**
+     * Get files to analyze based on patterns
+     */
+    async getFilesToAnalyze(directory, options) {
+        const includePatterns = options.includePatterns || ['**/*.ts', '**/*.tsx'];
+        const excludePatterns = options.excludePatterns || [
+            '**/node_modules/**',
+            '**/*.test.ts',
+            '**/*.spec.ts',
+            '**/dist/**',
+            '**/build/**',
+        ];
+        const allFiles = new Set();
+        for (const pattern of includePatterns) {
+            const matches = await glob(pattern, {
+                cwd: directory,
+                absolute: true,
+                ignore: excludePatterns ? [...excludePatterns] : [],
+            });
+            for (const match of matches) {
+                allFiles.add(match);
+            }
+        }
+        return Array.from(allFiles).sort();
+    }
+    /**
+     * Calculate summary statistics
+     */
+    calculateSummary(fileMetrics) {
+        if (fileMetrics.length === 0) {
+            return Object.freeze({
+                filesAnalyzed: 0,
+                averageMaintainability: 0,
+                averageHalsteadVolume: 0,
+                averageComplexity: 0,
+                lowMaintainabilityCount: 0,
+                highComplexityCount: 0,
+            });
+        }
+        const totalMaintainability = fileMetrics.reduce((sum, m) => sum + m.maintainability.score, 0);
+        const totalHalsteadVolume = fileMetrics.reduce((sum, m) => sum + m.halstead.volume, 0);
+        const totalComplexity = fileMetrics.reduce((sum, m) => sum + m.averageComplexity, 0);
+        const lowMaintainabilityCount = fileMetrics.filter((m) => m.maintainability.score < 65).length;
+        const highComplexityCount = fileMetrics.filter((m) => m.maxComplexity > 10).length;
+        return Object.freeze({
+            filesAnalyzed: fileMetrics.length,
+            averageMaintainability: Math.round((totalMaintainability / fileMetrics.length) * 100) / 100,
+            averageHalsteadVolume: Math.round((totalHalsteadVolume / fileMetrics.length) * 100) / 100,
+            averageComplexity: Math.round((totalComplexity / fileMetrics.length) * 100) / 100,
+            lowMaintainabilityCount,
+            highComplexityCount,
+        });
+    }
+}
+//# sourceMappingURL=metrics-analyzer.js.map

package/dist/analyzers/metrics/metrics-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics-analyzer.js","sourceRoot":"","sources":["../../../src/analyzers/metrics/metrics-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAO7C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,OAAO,eAAe;IAClB,kBAAkB,CAAqB;IACvC,yBAAyB,CAA4B;IACrD,SAAS,CAAY;IAE7B;QACE,IAAI,CAAC,kBAAkB,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACnD,IAAI,CAAC,yBAAyB,GAAG,IAAI,yBAAyB,EAAE,CAAC;QACjE,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,SAAiB,EACjB,UAAkC,EAAE;QAEpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAkB,EAAE,CAAC;QAEtC,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBACjD,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gCAAgC;gBAChC,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAEnD,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;YACvC,OAAO;YACP,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,QAAgB;QACxC,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAEpE,sCAAsC;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE/C,uCAAuC;QACvC,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAC5D,MAAM,iBAAiB,GACrB,YAAY,CAAC,MAAM,GAAG,CAAC;YACrB,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,YAAY,CAAC,MAAM;YAC/D,CAAC,CAAC,CAAC,CAAC;QACR,MAAM,aAAa,GACjB,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE1D,qEAAqE;QACrE,MAAM,WAAW,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAExD,kCAAkC;QAClC,MAAM,eAAe,GAAG,IAAI,CAAC,yBAAyB,CAAC,cAAc,CACnE,QAAQ,CAAC,MAAM,EACf,iBAAiB,EACjB,WAAW,CACZ,CAAC;QAEF,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,QAAQ;YACR,QAAQ;YACR,eAAe;YACf,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,iBAAiB,GAAG,GAAG,CAAC,GAAG,GAAG;YAC5D,aAAa;YACb,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,QAAgB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/B,wBAAwB;QACxB,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,GAAG,EAAE,CAAC;YACR,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,SAAiB,EACjB,OAA+B;QAE/B,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI;YACjD,oBAAoB;YACpB,cAAc;YACd,cAAc;YACd,YAAY;YACZ,aAAa;SACd,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QAEnC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE;gBAClC,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE;aACpD,CAAC,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,WAA0B;QACjD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,aAAa,EAAE,CAAC;gBAChB,sBAAsB,EAAE,CAAC;gBACzB,qBAAqB,EAAE,CAAC;gBACxB,iBAAiB,EAAE,CAAC;gBACpB,uBAAuB,EAAE,CAAC;gBAC1B,mBAAmB,EAAE,CAAC;aACvB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,oBAAoB,GAAG,WAAW,CAAC,MAAM,CAC7C,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,eAAe,CAAC,KAAK,EACzC,CAAC,CACF,CAAC;QACF,MAAM,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAC5C,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,EACnC,CAAC,CACF,CAAC;QACF,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CACxC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,iBAAiB,EACrC,CAAC,CACF,CAAC;QAEF,MAAM,uBAAuB,GAAG,WAAW,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,GAAG,EAAE,CACpC,CAAC,MAAM,CAAC;QAET,MAAM,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,EAAE,CAC5B,CAAC,MAAM,CAAC;QAET,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,sBAAsB,EACpB,IAAI,CAAC,KAAK,CAAC,CAAC,oBAAoB,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;YACrE,qBAAqB,EACnB,IAAI,CAAC,KAAK,CAAC,CAAC,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;YACpE,iBAAiB,EACf,IAAI,CAAC,KAAK,CAAC,CAAC,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG;YAChE,uBAAuB;YACvB,mBAAmB;SACpB,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/analyzers/metrics/types.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Advanced Metrics Types
+ */
+/**
+ * Halstead complexity metrics
+ */
+export interface HalsteadMetrics {
+    readonly n1: number;
+    readonly n2: number;
+    readonly N1: number;
+    readonly N2: number;
+    readonly vocabulary: number;
+    readonly length: number;
+    readonly calculatedLength: number;
+    readonly volume: number;
+    readonly difficulty: number;
+    readonly effort: number;
+    readonly time: number;
+    readonly bugs: number;
+}
+/**
+ * Maintainability Index
+ */
+export interface MaintainabilityIndex {
+    readonly score: number;
+    readonly rating: 'A' | 'B' | 'C' | 'D' | 'F';
+    readonly halsteadVolume: number;
+    readonly cyclomaticComplexity: number;
+    readonly linesOfCode: number;
+}
+/**
+ * File metrics
+ */
+export interface FileMetrics {
+    readonly filePath: string;
+    readonly halstead: HalsteadMetrics;
+    readonly maintainability: MaintainabilityIndex;
+    readonly averageComplexity: number;
+    readonly maxComplexity: number;
+    readonly totalFunctions: number;
+}
+/**
+ * Metrics analysis result
+ */
+export interface MetricsAnalysisResult {
+    readonly fileMetrics: ReadonlyArray<FileMetrics>;
+    readonly summary: MetricsSummary;
+    readonly timestamp: Date;
+}
+/**
+ * Summary statistics
+ */
+export interface MetricsSummary {
+    readonly filesAnalyzed: number;
+    readonly averageMaintainability: number;
+    readonly averageHalsteadVolume: number;
+    readonly averageComplexity: number;
+    readonly lowMaintainabilityCount: number;
+    readonly highComplexityCount: number;
+}
+/**
+ * Analysis options
+ */
+export interface MetricsAnalysisOptions {
+    readonly includePatterns?: readonly string[];
+    readonly excludePatterns?: readonly string[];
+}

package/dist/analyzers/metrics/types.js

@@ -0,0 +1,5 @@
+/**
+ * Advanced Metrics Types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/analyzers/metrics/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/analyzers/metrics/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/analyzers/security/base-detector.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Base Security Detector
+ *
+ * Abstract base class for security vulnerability detectors
+ */
+import type { SecurityDetector, SecurityVulnerability, SecuritySeverity, OWASPCategory } from './types.js';
+export declare abstract class BaseSecurityDetector implements SecurityDetector {
+    readonly id: string;
+    readonly name: string;
+    readonly description: string;
+    readonly severity: SecuritySeverity;
+    readonly owaspCategory?: OWASPCategory;
+    readonly cweId?: string;
+    readonly enabled: boolean;
+    protected readonly fileExtensions: readonly string[];
+    constructor(config: {
+        id: string;
+        name: string;
+        description: string;
+        severity: SecuritySeverity;
+        owaspCategory?: OWASPCategory;
+        cweId?: string;
+        fileExtensions?: readonly string[];
+        enabled?: boolean;
+    });
+    /**
+     * Check if detector applies to this file type
+     */
+    appliesTo(filePath: string): boolean;
+    /**
+     * Scan file content for vulnerabilities
+     */
+    abstract scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
+    /**
+     * Create a vulnerability finding
+     */
+    protected createVulnerability(file: string, line: number, code: string, description: string, recommendation: string, references?: string[]): SecurityVulnerability;
+    /**
+     * Find line number for a match in content
+     */
+    protected findLineNumber(content: string, matchIndex: number): number;
+    /**
+     * Extract code snippet around a match
+     */
+    protected extractCodeSnippet(content: string, matchIndex: number, contextLines?: number): string;
+    /**
+     * Check if line is in a comment
+     */
+    protected isInComment(content: string, matchIndex: number): boolean;
+    /**
+     * Check if match is in a string literal
+     */
+    protected isInString(content: string, matchIndex: number): boolean;
+    /**
+     * Check if match should be ignored
+     */
+    protected shouldIgnore(content: string, matchIndex: number): boolean;
+}

package/dist/analyzers/security/base-detector.js

@@ -0,0 +1,104 @@
+/**
+ * Base Security Detector
+ *
+ * Abstract base class for security vulnerability detectors
+ */
+import path from 'path';
+export class BaseSecurityDetector {
+    id;
+    name;
+    description;
+    severity;
+    owaspCategory;
+    cweId;
+    enabled;
+    fileExtensions;
+    constructor(config) {
+        this.id = config.id;
+        this.name = config.name;
+        this.description = config.description;
+        this.severity = config.severity;
+        this.owaspCategory = config.owaspCategory;
+        this.cweId = config.cweId;
+        this.fileExtensions = config.fileExtensions || ['.ts', '.tsx', '.js', '.jsx'];
+        this.enabled = config.enabled !== false;
+    }
+    /**
+     * Check if detector applies to this file type
+     */
+    appliesTo(filePath) {
+        const ext = path.extname(filePath).toLowerCase();
+        return this.fileExtensions.includes(ext);
+    }
+    /**
+     * Create a vulnerability finding
+     */
+    createVulnerability(file, line, code, description, recommendation, references = []) {
+        return Object.freeze({
+            id: this.id,
+            name: this.name,
+            description,
+            severity: this.severity,
+            owaspCategory: this.owaspCategory,
+            cweId: this.cweId,
+            file,
+            line,
+            code: code.trim(),
+            recommendation,
+            references: Object.freeze(references),
+        });
+    }
+    /**
+     * Find line number for a match in content
+     */
+    findLineNumber(content, matchIndex) {
+        const beforeMatch = content.substring(0, matchIndex);
+        return beforeMatch.split('\n').length;
+    }
+    /**
+     * Extract code snippet around a match
+     */
+    extractCodeSnippet(content, matchIndex, contextLines = 0) {
+        const lines = content.split('\n');
+        const lineNumber = this.findLineNumber(content, matchIndex);
+        const startLine = Math.max(0, lineNumber - contextLines - 1);
+        const endLine = Math.min(lines.length, lineNumber + contextLines);
+        return lines.slice(startLine, endLine).join('\n');
+    }
+    /**
+     * Check if line is in a comment
+     */
+    isInComment(content, matchIndex) {
+        const beforeMatch = content.substring(0, matchIndex);
+        const lastLineBreak = beforeMatch.lastIndexOf('\n');
+        const currentLine = content.substring(lastLineBreak + 1, matchIndex + 50);
+        // Check for single-line comment
+        if (currentLine.includes('//')) {
+            return true;
+        }
+        // Check for multi-line comment
+        const openComments = (beforeMatch.match(/\/\*/g) || []).length;
+        const closeComments = (beforeMatch.match(/\*\//g) || []).length;
+        return openComments > closeComments;
+    }
+    /**
+     * Check if match is in a string literal
+     */
+    isInString(content, matchIndex) {
+        const beforeMatch = content.substring(0, matchIndex);
+        const lastLineBreak = beforeMatch.lastIndexOf('\n');
+        const lineContent = beforeMatch.substring(lastLineBreak + 1);
+        // Count unescaped quotes
+        const singleQuotes = (lineContent.match(/(?<!\\)'/g) || []).length;
+        const doubleQuotes = (lineContent.match(/(?<!\\)"/g) || []).length;
+        const backticks = (lineContent.match(/(?<!\\)`/g) || []).length;
+        return (singleQuotes % 2 === 1) || (doubleQuotes % 2 === 1) || (backticks % 2 === 1);
+    }
+    /**
+     * Check if match should be ignored
+     */
+    shouldIgnore(content, matchIndex) {
+        return this.isInComment(content, matchIndex) || this.isInString(content, matchIndex);
+    }
+}
+//# sourceMappingURL=base-detector.js.map

package/dist/analyzers/security/base-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-detector.js","sourceRoot":"","sources":["../../../src/analyzers/security/base-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,OAAgB,oBAAoB;IACxB,EAAE,CAAS;IACX,IAAI,CAAS;IACb,WAAW,CAAS;IACpB,QAAQ,CAAmB;IAC3B,aAAa,CAAiB;IAC9B,KAAK,CAAU;IACf,OAAO,CAAU;IAEd,cAAc,CAAoB;IAErD,YAAY,MASX;QACC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9E,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;IAOD;;OAEG;IACO,mBAAmB,CAC3B,IAAY,EACZ,IAAY,EACZ,IAAY,EACZ,WAAmB,EACnB,cAAsB,EACtB,aAAuB,EAAE;QAEzB,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI;YACJ,IAAI;YACJ,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YACjB,cAAc;YACd,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACO,cAAc,CAAC,OAAe,EAAE,UAAkB;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IACxC,CAAC;IAED;;OAEG;IACO,kBAAkB,CAAC,OAAe,EAAE,UAAkB,EAAE,eAAuB,CAAC;QACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,YAAY,CAAC,CAAC;QAElE,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACvD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,aAAa,GAAG,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAC;QAE1E,gCAAgC;QAChC,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+BAA+B;QAC/B,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC/D,MAAM,aAAa,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAEhE,OAAO,YAAY,GAAG,aAAa,CAAC;IACtC,CAAC;IAED;;OAEG;IACO,UAAU,CAAC,OAAe,EAAE,UAAkB;QACtD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;QAE7D,yBAAyB;QACzB,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,SAAS,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAEhE,OAAO,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACvF,CAAC;IAED;;OAEG;IACO,YAAY,CAAC,OAAe,EAAE,UAAkB;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACvF,CAAC;CACF"}

package/dist/analyzers/security/detectors/command-injection-detector.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Command Injection Detector
+ *
+ * Detects potential command injection vulnerabilities
+ * OWASP A03:2021 - Injection
+ */
+import { BaseSecurityDetector } from '../base-detector.js';
+import type { SecurityVulnerability } from '../types.js';
+export declare class CommandInjectionDetector extends BaseSecurityDetector {
+    constructor();
+    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
+}

package/dist/analyzers/security/detectors/command-injection-detector.js

@@ -0,0 +1,84 @@
+/**
+ * Command Injection Detector
+ *
+ * Detects potential command injection vulnerabilities
+ * OWASP A03:2021 - Injection
+ */
+import { BaseSecurityDetector } from '../base-detector.js';
+export class CommandInjectionDetector extends BaseSecurityDetector {
+    constructor() {
+        super({
+            id: 'command-injection',
+            name: 'Command Injection',
+            description: 'Detects potential command injection vulnerabilities',
+            severity: 'critical',
+            owaspCategory: 'A03:2021 - Injection',
+            cweId: 'CWE-78',
+        });
+    }
+    async scan(content, filePath) {
+        if (!this.appliesTo(filePath)) {
+            return [];
+        }
+        const vulnerabilities = [];
+        // Pattern 1: exec/execSync with user input
+        const execPatterns = [
+            {
+                pattern: /(?:exec|execSync|spawn|spawnSync)\([^)]*(?:req\.|params\.|query\.|input|user)/gi,
+                method: 'child_process method',
+            },
+            {
+                pattern: /(?:exec|execSync|spawn|spawnSync)\([`'][^`']*\$\{(?:req\.|params\.|query\.|input|user)/gi,
+                method: 'child_process method with template literal',
+            },
+        ];
+        for (const { pattern, method } of execPatterns) {
+            let match;
+            const regex = new RegExp(pattern);
+            while ((match = regex.exec(content)) !== null) {
+                if (this.shouldIgnore(content, match.index)) {
+                    continue;
+                }
+                const line = this.findLineNumber(content, match.index);
+                const code = this.extractCodeSnippet(content, match.index, 1);
+                vulnerabilities.push(this.createVulnerability(filePath, line, code, `${method} uses user input which may lead to command injection`, 'Never pass user input directly to shell commands. Use execFile with array arguments or validate/sanitize input strictly', [
+                    'https://owasp.org/www-community/attacks/Command_Injection',
+                    'https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html',
+                ]));
+            }
+        }
+        // Pattern 2: Shell: true option with user input
+        const shellTruePattern = /(?:exec|spawn)\([^,)]*,\s*\{[^}]*shell:\s*true[^}]*\}/gi;
+        let match;
+        while ((match = shellTruePattern.exec(content)) !== null) {
+            if (this.shouldIgnore(content, match.index)) {
+                continue;
+            }
+            // Check if user input is nearby
+            const contextStart = Math.max(0, match.index - 100);
+            const contextEnd = Math.min(content.length, match.index + 200);
+            const context = content.substring(contextStart, contextEnd);
+            if (/(?:req\.|params\.|query\.|input|user)/.test(context)) {
+                const line = this.findLineNumber(content, match.index);
+                const code = this.extractCodeSnippet(content, match.index, 1);
+                vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Using shell: true with user input is extremely dangerous', 'Avoid shell: true. Use execFile or spawn with array arguments', [
+                    'https://owasp.org/www-community/attacks/Command_Injection',
+                ]));
+            }
+        }
+        // Pattern 3: String concatenation in commands
+        const commandConcatPattern = /(?:exec|execSync)\(['"`][^'"`]*\+\s*(?:req\.|params\.|query\.|input|user)/gi;
+        while ((match = commandConcatPattern.exec(content)) !== null) {
+            if (this.shouldIgnore(content, match.index)) {
+                continue;
+            }
+            const line = this.findLineNumber(content, match.index);
+            const code = this.extractCodeSnippet(content, match.index, 1);
+            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Command constructed using string concatenation with user input', 'Use execFile with array arguments to avoid command injection', [
+                'https://owasp.org/www-community/attacks/Command_Injection',
+            ]));
+        }
+        return vulnerabilities;
+    }
+}
+//# sourceMappingURL=command-injection-detector.js.map

package/dist/analyzers/security/detectors/command-injection-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-injection-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/command-injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,wBAAyB,SAAQ,oBAAoB;IAChE;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,qDAAqD;YAClE,QAAQ,EAAE,UAAU;YACpB,aAAa,EAAE,sBAAsB;YACrC,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,2CAA2C;QAC3C,MAAM,YAAY,GAAG;YACnB;gBACE,OAAO,EAAE,iFAAiF;gBAC1F,MAAM,EAAE,sBAAsB;aAC/B;YACD;gBACE,OAAO,EAAE,0FAA0F;gBACnG,MAAM,EAAE,4CAA4C;aACrD;SACF,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC/C,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,GAAG,MAAM,sDAAsD,EAC/D,yHAAyH,EACzH;oBACE,2DAA2D;oBAC3D,8FAA8F;iBAC/F,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,gBAAgB,GAAG,yDAAyD,CAAC;QACnF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,gCAAgC;YAChC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAE5D,IAAI,uCAAuC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,0DAA0D,EAC1D,+DAA+D,EAC/D;oBACE,2DAA2D;iBAC5D,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,oBAAoB,GAAG,6EAA6E,CAAC;QAC3G,OAAO,CAAC,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,gEAAgE,EAChE,8DAA8D,EAC9D;gBACE,2DAA2D;aAC5D,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}

package/dist/analyzers/security/detectors/hardcoded-secrets-detector.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Hardcoded Secrets Detector
+ *
+ * Detects hardcoded passwords, API keys, tokens, and other secrets
+ * OWASP A02:2021 - Cryptographic Failures
+ */
+import { BaseSecurityDetector } from '../base-detector.js';
+import type { SecurityVulnerability } from '../types.js';
+export declare class HardcodedSecretsDetector extends BaseSecurityDetector {
+    constructor();
+    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
+    /**
+     * Check if value looks like a placeholder
+     */
+    private isPlaceholder;
+}