npm - @empline/preflight - Versions diffs - 1.1.33 → 1.1.34 - Mend

@empline/preflight 1.1.33 → 1.1.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/checks/auth/client-only-protected-pages.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+export declare const id = "auth/client-only-protected-pages";
+export declare const name = "Client Only Protected Pages";
+export declare const description = "Detects protected pages marked 'use client' bypassing server auth";
+export declare const category = "auth";
+export declare const blocking = true;
+export declare const tags: string[];
+export declare const requires: string[];
+export declare function run(): Promise<{
+    success: boolean;
+    errors: number;
+    warnings: number;
+}>;
+//# sourceMappingURL=client-only-protected-pages.d.ts.map

package/dist/checks/auth/client-only-protected-pages.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client-only-protected-pages.d.ts","sourceRoot":"","sources":["../../../src/checks/auth/client-only-protected-pages.ts"],"names":[],"mappings":";AA2BA,eAAO,MAAM,EAAE,qCAAqC,CAAC;AACrD,eAAO,MAAM,IAAI,gCAAgC,CAAC;AAClD,eAAO,MAAM,WAAW,sEAAsE,CAAC;AAC/F,eAAO,MAAM,QAAQ,SAAS,CAAC;AAC/B,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAA8D,CAAC;AAChF,eAAO,MAAM,QAAQ,UAA0B,CAAC;AAgDhD,wBAAsB,GAAG,IAAI,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAmH3F"}

package/dist/checks/auth/client-only-protected-pages.js ADDED Viewed

@@ -0,0 +1,182 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requires = exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
+exports.run = run;
+/**
+ * Client Only Protected Pages Preflight
+ *
+ * Detects when pages in protected routes are marked "use client" which
+ * bypasses server-side authentication. This is a CRITICAL security issue.
+ *
+ * The problem:
+ * - Server Components can check auth before rendering
+ * - Client Components render first, THEN check auth
+ * - This creates a flash of protected content before redirect
+ * - Attacker can intercept the initial HTML with sensitive data
+ *
+ * DANGEROUS: 'use client' in app/store/[storeId]/page.tsx
+ * DANGEROUS: 'use client' in app/admin/page.tsx
+ * DANGEROUS: 'use client' in app/(protected)/page.tsx
+ *
+ * SAFE: Server Component that checks auth, then renders client child
+ * SAFE: Layout does auth check, page can be client component
+ */
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const glob_1 = require("glob");
+const console_chars_1 = require("../../utils/console-chars");
+// METADATA - Required for plugin loader discovery
+exports.id = "auth/client-only-protected-pages";
+exports.name = "Client Only Protected Pages";
+exports.description = "Detects protected pages marked 'use client' bypassing server auth";
+exports.category = "auth";
+exports.blocking = true; // Critical security check
+exports.tags = ["auth", "security", "client", "server", "rsc", "critical"];
+exports.requires = ["trading-card-system"];
+/**
+ * Protected route patterns that MUST have server-side auth
+ */
+const PROTECTED_ROUTE_PATTERNS = [
+    "app/store/**/page.tsx",
+    "app/admin/**/page.tsx",
+    "app/(protected)/**/page.tsx",
+    "app/(authenticated)/**/page.tsx",
+    "app/dashboard/**/page.tsx",
+    "app/settings/**/page.tsx",
+    "app/account/**/page.tsx",
+    "app/seller/**/page.tsx",
+];
+/**
+ * These files MUST check auth server-side in the route
+ */
+const LAYOUT_FILES = [
+    "app/store/layout.tsx",
+    "app/store/[storeId]/layout.tsx",
+    "app/admin/layout.tsx",
+    "app/(protected)/layout.tsx",
+    "app/dashboard/layout.tsx",
+];
+function hasUseClientDirective(content) {
+    // Check first 500 chars for 'use client' directive
+    const header = content.substring(0, 500);
+    return /['"]use client['"]/.test(header);
+}
+function hasServerAuthCheck(content) {
+    // Check for server-side auth patterns
+    return (/getServerSession|auth\s*\(\s*\)|requireAuth/.test(content) &&
+        /redirect|notFound|throw/.test(content));
+}
+async function run() {
+    console.log(`\n${console_chars_1.emoji.shield} CLIENT ONLY PROTECTED PAGES CHECK`);
+    console.log((0, console_chars_1.createDivider)(65, "heavy"));
+    const issues = [];
+    const filesChecked = [];
+    // First, check if protected route layouts have server auth
+    console.log(`\n${console_chars_1.emoji.search} Checking protected route layouts...`);
+    const layoutsWithAuth = new Set();
+    for (const layoutPattern of LAYOUT_FILES) {
+        const matches = await (0, glob_1.glob)(layoutPattern, { cwd: process.cwd() });
+        for (const relativePath of matches) {
+            const filePath = path_1.default.join(process.cwd(), relativePath);
+            if (!fs_1.default.existsSync(filePath))
+                continue;
+            const content = fs_1.default.readFileSync(filePath, "utf-8");
+            if (hasServerAuthCheck(content)) {
+                layoutsWithAuth.add(path_1.default.dirname(relativePath));
+                console.log(`   ${console_chars_1.emoji.success} ${relativePath} has server-side auth`);
+            }
+            else if (!hasUseClientDirective(content)) {
+                // Server component layout without auth check
+                console.log(`   ${console_chars_1.emoji.warning} ${relativePath} is server component but no auth check found`);
+            }
+        }
+    }
+    // Now check protected pages
+    console.log(`\n${console_chars_1.emoji.search} Checking protected pages...`);
+    const allFiles = [];
+    for (const pattern of PROTECTED_ROUTE_PATTERNS) {
+        const matches = await (0, glob_1.glob)(pattern, { cwd: process.cwd() });
+        allFiles.push(...matches);
+    }
+    const uniqueFiles = [...new Set(allFiles)];
+    for (const relativePath of uniqueFiles) {
+        const filePath = path_1.default.join(process.cwd(), relativePath);
+        if (!fs_1.default.existsSync(filePath))
+            continue;
+        const content = fs_1.default.readFileSync(filePath, "utf-8");
+        filesChecked.push(relativePath);
+        const isClientComponent = hasUseClientDirective(content);
+        const pageDir = path_1.default.dirname(relativePath);
+        // Check if this page's parent layout has auth
+        const hasParentLayoutAuth = [...layoutsWithAuth].some((layoutDir) => pageDir.startsWith(layoutDir));
+        if (isClientComponent) {
+            if (!hasParentLayoutAuth) {
+                issues.push({
+                    file: relativePath,
+                    type: "client-protected-page",
+                    description: `Protected page uses 'use client' without server auth in parent layout`,
+                    critical: true,
+                });
+                console.log(`   ${console_chars_1.emoji.error} ${relativePath}: Client component in protected route without parent layout auth`);
+            }
+            else {
+                console.log(`   ${console_chars_1.emoji.success} ${relativePath}: Client component but parent layout has auth`);
+            }
+        }
+        else {
+            // Server component - check if it has its own auth
+            if (hasServerAuthCheck(content)) {
+                console.log(`   ${console_chars_1.emoji.success} ${relativePath}: Server component with auth check`);
+            }
+            else if (hasParentLayoutAuth) {
+                console.log(`   ${console_chars_1.emoji.success} ${relativePath}: Server component, parent layout has auth`);
+            }
+            else {
+                console.log(`   ${console_chars_1.emoji.warning} ${relativePath}: Server component but no visible auth check`);
+            }
+        }
+    }
+    // Summary
+    const criticalIssues = issues.filter((i) => i.critical);
+    console.log(`\n${console_chars_1.emoji.chart} Summary:`);
+    console.log(`   Protected pages checked: ${filesChecked.length}`);
+    console.log(`   Layouts with server auth: ${layoutsWithAuth.size}`);
+    console.log(`   Security issues: ${criticalIssues.length}`);
+    if (issues.length === 0) {
+        console.log(`\n${console_chars_1.emoji.success} CLIENT ONLY PROTECTED PAGES CHECK PASSED`);
+        console.log(`\nAll protected pages have proper server-side authentication.`);
+        return { success: true, errors: 0, warnings: 0 };
+    }
+    console.log(`\n${console_chars_1.emoji.error} Security issues found:`);
+    for (const issue of issues) {
+        console.log(`   ${issue.file}: ${issue.description}`);
+    }
+    console.log(`\n${console_chars_1.emoji.info} To fix client-only protected pages:`);
+    console.log(`   Option 1: Remove 'use client' and do auth in the page itself`);
+    console.log(`   Option 2: Add auth check to parent layout.tsx (recommended)`);
+    console.log(`   Option 3: Create a Server Component wrapper that checks auth`);
+    console.log(`\n   Layout auth pattern:`);
+    console.log(`   export default async function Layout({children}) {`);
+    console.log(`     const session = await auth();`);
+    console.log(`     if (!session) redirect('/login');`);
+    console.log(`     return children;`);
+    console.log(`   }`);
+    console.log(`\n${console_chars_1.emoji.error} CLIENT ONLY PROTECTED PAGES CHECK FAILED`);
+    return { success: false, errors: criticalIssues.length, warnings: 0 };
+}
+// Allow direct execution
+if (require.main === module) {
+    run()
+        .then((result) => {
+        process.exit(result.success ? 0 : 1);
+    })
+        .catch((err) => {
+        console.error(`${console_chars_1.emoji.error} Preflight failed:`, err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=client-only-protected-pages.js.map

package/dist/checks/auth/client-only-protected-pages.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client-only-protected-pages.js","sourceRoot":"","sources":["../../../src/checks/auth/client-only-protected-pages.ts"],"names":[],"mappings":";;;;;;;AAiFA,kBAmHC;AAnMD;;;;;;;;;;;;;;;;;;GAkBG;AACH,4CAAoB;AACpB,gDAAwB;AACxB,+BAA4B;AAE5B,6DAAiE;AAEjE,kDAAkD;AACrC,QAAA,EAAE,GAAG,kCAAkC,CAAC;AACxC,QAAA,IAAI,GAAG,6BAA6B,CAAC;AACrC,QAAA,WAAW,GAAG,mEAAmE,CAAC;AAClF,QAAA,QAAQ,GAAG,MAAM,CAAC;AAClB,QAAA,QAAQ,GAAG,IAAI,CAAC,CAAC,0BAA0B;AAC3C,QAAA,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;AACnE,QAAA,QAAQ,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,uBAAuB;IACvB,uBAAuB;IACvB,6BAA6B;IAC7B,iCAAiC;IACjC,2BAA2B;IAC3B,0BAA0B;IAC1B,yBAAyB;IACzB,wBAAwB;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,YAAY,GAAG;IACnB,sBAAsB;IACtB,gCAAgC;IAChC,sBAAsB;IACtB,4BAA4B;IAC5B,0BAA0B;CAC3B,CAAC;AASF,SAAS,qBAAqB,CAAC,OAAe;IAC5C,mDAAmD;IACnD,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzC,OAAO,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,sCAAsC;IACtC,OAAO,CACL,6CAA6C,CAAC,IAAI,CAAC,OAAO,CAAC;QAC3D,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,CACxC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,GAAG;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,oCAAoC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,2DAA2D;IAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,sCAAsC,CAAC,CAAC;IAErE,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAE1C,KAAK,MAAM,aAAa,IAAI,YAAY,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,aAAa,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAElE,KAAK,MAAM,YAAY,IAAI,OAAO,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;YAExD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEvC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEnD,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,eAAe,CAAC,GAAG,CAAC,cAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,uBAAuB,CAAC,CAAC;YAC1E,CAAC;iBAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3C,6CAA6C;gBAC7C,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,8CAA8C,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,8BAA8B,CAAC,CAAC;IAE7D,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE3C,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,cAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAE3C,8CAA8C;QAC9C,MAAM,mBAAmB,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAClE,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAC9B,CAAC;QAEF,IAAI,iBAAiB,EAAE,CAAC;YACtB,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,uBAAuB;oBAC7B,WAAW,EAAE,uEAAuE;oBACpF,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,IAAI,YAAY,kEAAkE,CAAC,CAAC;YACnH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,+CAA+C,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kDAAkD;YAClD,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,oCAAoC,CAAC,CAAC;YACvF,CAAC;iBAAM,IAAI,mBAAmB,EAAE,CAAC;gBAC/B,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,4CAA4C,CAAC,CAAC;YAC/F,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,IAAI,YAAY,8CAA8C,CAAC,CAAC;YACjG,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,WAAW,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,+BAA+B,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,gCAAgC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,uBAAuB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAE5D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,2CAA2C,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;QAC7E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,yBAAyB,CAAC,CAAC;IACvD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,sCAAsC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEpB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,2CAA2C,CAAC,CAAC;IACzE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,GAAG,EAAE;SACF,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/checks/auth/empty-data-instead-of-redirect.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+export declare const id = "auth/empty-data-instead-of-redirect";
+export declare const name = "Empty Data Instead of Redirect";
+export declare const description = "Detects pages returning empty data instead of redirecting on access failure";
+export declare const category = "auth";
+export declare const blocking = true;
+export declare const tags: string[];
+export declare const requires: string[];
+export declare function run(): Promise<{
+    success: boolean;
+    errors: number;
+    warnings: number;
+}>;
+//# sourceMappingURL=empty-data-instead-of-redirect.d.ts.map

package/dist/checks/auth/empty-data-instead-of-redirect.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"empty-data-instead-of-redirect.d.ts","sourceRoot":"","sources":["../../../src/checks/auth/empty-data-instead-of-redirect.ts"],"names":[],"mappings":";AA4BA,eAAO,MAAM,EAAE,wCAAwC,CAAC;AACxD,eAAO,MAAM,IAAI,mCAAmC,CAAC;AACrD,eAAO,MAAM,WAAW,gFAAgF,CAAC;AACzG,eAAO,MAAM,QAAQ,SAAS,CAAC;AAC/B,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAAqD,CAAC;AACvE,eAAO,MAAM,QAAQ,UAA0B,CAAC;AAiFhD,wBAAsB,GAAG,IAAI,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAuG3F"}

package/dist/checks/auth/empty-data-instead-of-redirect.js ADDED Viewed

@@ -0,0 +1,200 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requires = exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
+exports.run = run;
+/**
+ * Empty Data Instead of Redirect Preflight
+ *
+ * Detects when pages return empty arrays/objects instead of redirecting
+ * on access failure. This is a security anti-pattern because:
+ *
+ * BAD: if (!hasAccess) return { data: [] } // Hides access failure
+ * BAD: if (!session) return [] // Silent auth failure
+ * BAD: if (!store) return null // Doesn't tell user they need to login
+ *
+ * GOOD: if (!hasAccess) redirect('/unauthorized')
+ * GOOD: if (!session) redirect('/login')
+ * GOOD: if (!store) notFound()
+ *
+ * Problems with returning empty data:
+ * - User sees blank page with no explanation
+ * - Masks authorization failures
+ * - Makes debugging harder
+ * - May expose that resource exists (information leak)
+ */
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const glob_1 = require("glob");
+const console_chars_1 = require("../../utils/console-chars");
+// METADATA - Required for plugin loader discovery
+exports.id = "auth/empty-data-instead-of-redirect";
+exports.name = "Empty Data Instead of Redirect";
+exports.description = "Detects pages returning empty data instead of redirecting on access failure";
+exports.category = "auth";
+exports.blocking = true;
+exports.tags = ["auth", "security", "redirect", "ux", "critical"];
+exports.requires = ["trading-card-system"];
+/**
+ * File patterns to check
+ */
+const FILE_PATTERNS = [
+    "app/**/page.tsx",
+    "app/**/layout.tsx",
+    "app/api/**/route.ts",
+];
+/**
+ * Dangerous patterns - returning empty on auth/access failure
+ */
+const DANGEROUS_PATTERNS = {
+    // Return empty array on !session
+    emptyArrayNoSession: {
+        pattern: /if\s*\(\s*!session\s*\)[^{]*return\s*(?:\[\s*\]|\{\s*\}|null|undefined)/,
+        description: "Returns empty data when session missing (should redirect to login)",
+        critical: true,
+    },
+    // Return empty array on !hasAccess
+    emptyArrayNoAccess: {
+        pattern: /if\s*\(\s*!(?:hasAccess|canAccess|isAuthorized|hasPermission)\s*\)[^{]*return\s*(?:\[\s*\]|\{\s*\}|null)/,
+        description: "Returns empty data on access failure (should redirect or show error)",
+        critical: true,
+    },
+    // Return empty on !store
+    emptyArrayNoStore: {
+        pattern: /if\s*\(\s*!store\s*\)[^{]*return\s*(?:\[\s*\]|\{\s*\}|null)/,
+        description: "Returns empty data when store not found (should use notFound())",
+        critical: true,
+    },
+    // Return empty data prop
+    emptyDataProp: {
+        pattern: /return\s*\{[^}]*(?:data|items|results):\s*\[\s*\][^}]*\}(?:(?!redirect|notFound).)*$/m,
+        description: "Returns object with empty data array (may mask access failure)",
+        critical: false,
+    },
+    // Early return empty in RSC
+    earlyReturnEmpty: {
+        pattern: /(?:async\s+)?function\s+(?:Page|Layout)\s*\([^)]*\)[^{]*\{[^}]*if\s*\([^)]*\)\s*return\s*(?:null|\[\]|\{\})/s,
+        description: "Page/Layout returns empty early (should redirect instead)",
+        critical: false,
+    },
+    // Return NextResponse with empty body on auth failure
+    nextResponseEmpty: {
+        pattern: /if\s*\(\s*!(?:session|auth|user)\s*\)[^{]*return\s*NextResponse\.json\s*\(\s*(?:\[\]|\{\}|null)\s*\)/,
+        description: "API returns empty response on auth failure (should return 401)",
+        critical: true,
+    },
+};
+/**
+ * Safe patterns that indicate proper handling
+ */
+const SAFE_PATTERNS = [
+    // Redirect on failure
+    /if\s*\(\s*!session\s*\)[^{]*redirect/,
+    /if\s*\(\s*!hasAccess\s*\)[^{]*redirect/,
+    // notFound() call
+    /if\s*\(\s*!(?:store|data|item)\s*\)[^{]*notFound\s*\(\)/,
+    // Proper error response
+    /if\s*\(\s*!session\s*\)[^{]*return\s*(?:NextResponse\.json\s*\([^)]*,\s*\{\s*status:\s*401|new\s*Response\s*\([^)]*,\s*\{\s*status:\s*401)/,
+    // Throw error
+    /if\s*\(\s*!(?:session|hasAccess)\s*\)[^{]*throw/,
+];
+function getLineNumber(content, position) {
+    return content.substring(0, position).split("\n").length;
+}
+async function run() {
+    console.log(`\n${console_chars_1.emoji.shield} EMPTY DATA INSTEAD OF REDIRECT CHECK`);
+    console.log((0, console_chars_1.createDivider)(65, "heavy"));
+    const issues = [];
+    const filesChecked = [];
+    // Find files
+    const allFiles = [];
+    for (const pattern of FILE_PATTERNS) {
+        const matches = await (0, glob_1.glob)(pattern, { cwd: process.cwd() });
+        allFiles.push(...matches);
+    }
+    const uniqueFiles = [...new Set(allFiles)];
+    console.log(`\n${console_chars_1.emoji.search} Scanning ${uniqueFiles.length} page/route files...`);
+    for (const relativePath of uniqueFiles) {
+        const filePath = path_1.default.join(process.cwd(), relativePath);
+        if (!fs_1.default.existsSync(filePath))
+            continue;
+        const content = fs_1.default.readFileSync(filePath, "utf-8");
+        filesChecked.push(relativePath);
+        // Skip if file has proper redirect/notFound handling
+        const hasSafePattern = SAFE_PATTERNS.some((pattern) => pattern.test(content));
+        // Check for dangerous patterns
+        for (const [name, check] of Object.entries(DANGEROUS_PATTERNS)) {
+            const regex = new RegExp(check.pattern.source, "g");
+            let match;
+            while ((match = regex.exec(content)) !== null) {
+                // Check if there's a safe pattern nearby
+                const nearbyCode = content.substring(Math.max(0, match.index - 100), Math.min(content.length, match.index + 300));
+                if (SAFE_PATTERNS.some((pattern) => pattern.test(nearbyCode))) {
+                    continue;
+                }
+                const lineNum = getLineNumber(content, match.index);
+                issues.push({
+                    file: relativePath,
+                    type: "empty-data-return",
+                    pattern: name,
+                    description: check.description,
+                    critical: check.critical,
+                    line: lineNum,
+                });
+            }
+        }
+    }
+    // Summary
+    const criticalIssues = issues.filter((i) => i.critical);
+    const warningIssues = issues.filter((i) => !i.critical);
+    console.log(`\n${console_chars_1.emoji.chart} Summary:`);
+    console.log(`   Files checked: ${filesChecked.length}`);
+    console.log(`   Critical issues: ${criticalIssues.length}`);
+    console.log(`   Warning issues: ${warningIssues.length}`);
+    if (issues.length === 0) {
+        console.log(`\n${console_chars_1.emoji.success} EMPTY DATA INSTEAD OF REDIRECT CHECK PASSED`);
+        console.log(`\nAll pages properly redirect or show errors on access failure.`);
+        return { success: true, errors: 0, warnings: 0 };
+    }
+    // Group by file
+    const issuesByFile = new Map();
+    for (const issue of issues) {
+        const existing = issuesByFile.get(issue.file) || [];
+        existing.push(issue);
+        issuesByFile.set(issue.file, existing);
+    }
+    console.log(`\n${console_chars_1.emoji.error} Issues found:`);
+    for (const [file, fileIssues] of issuesByFile) {
+        console.log(`\n   ${file}:`);
+        for (const issue of fileIssues) {
+            const icon = issue.critical ? console_chars_1.emoji.error : console_chars_1.emoji.warning;
+            console.log(`     ${icon} Line ${issue.line}: ${issue.description}`);
+        }
+    }
+    console.log(`\n${console_chars_1.emoji.info} To fix empty data returns:`);
+    console.log(`   1. On missing session: redirect('/login') or redirect('/auth/signin')`);
+    console.log(`   2. On access denied: redirect('/unauthorized') or return 403`);
+    console.log(`   3. On missing resource: notFound() to show 404 page`);
+    console.log(`   4. API routes: return NextResponse.json({error}, {status: 401/403})`);
+    if (criticalIssues.length > 0) {
+        console.log(`\n${console_chars_1.emoji.error} EMPTY DATA INSTEAD OF REDIRECT CHECK FAILED`);
+        return { success: false, errors: criticalIssues.length, warnings: warningIssues.length };
+    }
+    console.log(`\n${console_chars_1.emoji.warning} EMPTY DATA INSTEAD OF REDIRECT CHECK PASSED WITH WARNINGS`);
+    return { success: true, errors: 0, warnings: warningIssues.length };
+}
+// Allow direct execution
+if (require.main === module) {
+    run()
+        .then((result) => {
+        process.exit(result.success ? 0 : 1);
+    })
+        .catch((err) => {
+        console.error(`${console_chars_1.emoji.error} Preflight failed:`, err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=empty-data-instead-of-redirect.js.map

package/dist/checks/auth/empty-data-instead-of-redirect.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"empty-data-instead-of-redirect.js","sourceRoot":"","sources":["../../../src/checks/auth/empty-data-instead-of-redirect.ts"],"names":[],"mappings":";;;;;;;AAmHA,kBAuGC;AAzND;;;;;;;;;;;;;;;;;;;GAmBG;AACH,4CAAoB;AACpB,gDAAwB;AACxB,+BAA4B;AAE5B,6DAAiE;AAEjE,kDAAkD;AACrC,QAAA,EAAE,GAAG,qCAAqC,CAAC;AAC3C,QAAA,IAAI,GAAG,gCAAgC,CAAC;AACxC,QAAA,WAAW,GAAG,6EAA6E,CAAC;AAC5F,QAAA,QAAQ,GAAG,MAAM,CAAC;AAClB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;AAC1D,QAAA,QAAQ,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,iBAAiB;IACjB,mBAAmB;IACnB,qBAAqB;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,iCAAiC;IACjC,mBAAmB,EAAE;QACnB,OAAO,EAAE,yEAAyE;QAClF,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,IAAI;KACf;IACD,mCAAmC;IACnC,kBAAkB,EAAE;QAClB,OAAO,EAAE,0GAA0G;QACnH,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,IAAI;KACf;IACD,yBAAyB;IACzB,iBAAiB,EAAE;QACjB,OAAO,EAAE,6DAA6D;QACtE,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE,IAAI;KACf;IACD,yBAAyB;IACzB,aAAa,EAAE;QACb,OAAO,EAAE,uFAAuF;QAChG,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,KAAK;KAChB;IACD,4BAA4B;IAC5B,gBAAgB,EAAE;QAChB,OAAO,EAAE,8GAA8G;QACvH,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,KAAK;KAChB;IACD,sDAAsD;IACtD,iBAAiB,EAAE;QACjB,OAAO,EAAE,sGAAsG;QAC/G,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,sBAAsB;IACtB,sCAAsC;IACtC,wCAAwC;IACxC,kBAAkB;IAClB,yDAAyD;IACzD,wBAAwB;IACxB,4IAA4I;IAC5I,cAAc;IACd,iDAAiD;CAClD,CAAC;AAWF,SAAS,aAAa,CAAC,OAAe,EAAE,QAAgB;IACtD,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3D,CAAC;AAEM,KAAK,UAAU,GAAG;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,uCAAuC,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,aAAa;IACb,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,aAAa,WAAW,CAAC,MAAM,sBAAsB,CAAC,CAAC;IAEpF,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhC,qDAAqD;QACrD,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE9E,+BAA+B;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACpD,IAAI,KAAK,CAAC;YAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,yCAAyC;gBACzC,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAClC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,EAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAC5C,CAAC;gBAEF,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;oBAC9D,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAEpD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,WAAW,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,uBAAuB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,sBAAsB,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,8CAA8C,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,gBAAgB;IAChB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAmB,CAAC;IAChD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACpD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,gBAAgB,CAAC,CAAC;IAC9C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC;QAC7B,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,qBAAK,CAAC,KAAK,CAAC,CAAC,CAAC,qBAAK,CAAC,OAAO,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,SAAS,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,6BAA6B,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;IAC/E,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IAEtF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,8CAA8C,CAAC,CAAC;QAC5E,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3F,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4DAA4D,CAAC,CAAC;IAC5F,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;AACtE,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,GAAG,EAAE;SACF,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/checks/auth/store-id-fallback.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+export declare const id = "auth/store-id-fallback";
+export declare const name = "Store ID Fallback Detection";
+export declare const description = "Detects risky patterns where storeId falls back to userId";
+export declare const category = "auth";
+export declare const blocking = true;
+export declare const tags: string[];
+export declare const requires: string[];
+export declare function run(): Promise<{
+    success: boolean;
+    errors: number;
+    warnings: number;
+}>;
+//# sourceMappingURL=store-id-fallback.d.ts.map

package/dist/checks/auth/store-id-fallback.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store-id-fallback.d.ts","sourceRoot":"","sources":["../../../src/checks/auth/store-id-fallback.ts"],"names":[],"mappings":";AA4BA,eAAO,MAAM,EAAE,2BAA2B,CAAC;AAC3C,eAAO,MAAM,IAAI,gCAAgC,CAAC;AAClD,eAAO,MAAM,WAAW,8DAA8D,CAAC;AACvF,eAAO,MAAM,QAAQ,SAAS,CAAC;AAC/B,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAAwD,CAAC;AAC1E,eAAO,MAAM,QAAQ,UAA0B,CAAC;AA4FhD,wBAAsB,GAAG,IAAI,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAgH3F"}

package/dist/checks/auth/store-id-fallback.js ADDED Viewed

@@ -0,0 +1,217 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requires = exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
+exports.run = run;
+/**
+ * Store ID Fallback Preflight
+ *
+ * Detects risky patterns where storeId falls back to userId or other values.
+ * This pattern can cause security issues and data leakage:
+ *
+ * DANGEROUS: storeId || userId - Falls back to userId if storeId missing
+ * DANGEROUS: storeId ?? session.user.id - Silently uses userId as storeId
+ * DANGEROUS: params.storeId || defaultStoreId - May expose wrong store
+ *
+ * These patterns often indicate:
+ * - Missing store context in the request
+ * - Assumption that userId === storeId (only true for store owners)
+ * - Logic errors that expose other users' stores
+ *
+ * Correct patterns:
+ * - Always require explicit storeId
+ * - Validate storeId against user's accessible stores
+ * - Return error if storeId is missing, don't fallback
+ */
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const glob_1 = require("glob");
+const console_chars_1 = require("../../utils/console-chars");
+// METADATA - Required for plugin loader discovery
+exports.id = "auth/store-id-fallback";
+exports.name = "Store ID Fallback Detection";
+exports.description = "Detects risky patterns where storeId falls back to userId";
+exports.category = "auth";
+exports.blocking = true; // Critical security check
+exports.tags = ["auth", "security", "store", "fallback", "critical"];
+exports.requires = ["trading-card-system"];
+/**
+ * File patterns to check
+ */
+const FILE_PATTERNS = [
+    "app/store/**/*.tsx",
+    "app/store/**/*.ts",
+    "app/api/store/**/*.ts",
+    "app/(store)/**/*.tsx",
+    "app/(store)/**/*.ts",
+    "lib/store*.ts",
+    "hooks/useStore*.ts",
+    "hooks/useStore*.tsx",
+];
+/**
+ * Dangerous fallback patterns
+ */
+const DANGEROUS_PATTERNS = {
+    // storeId || userId fallback
+    storeIdOrUserId: {
+        pattern: /storeId\s*\|\|\s*(?:userId|session\.user\.id|user\.id)/,
+        description: "storeId falls back to userId (dangerous - userId !== storeId for non-owners)",
+        critical: true,
+    },
+    // storeId ?? userId fallback
+    storeIdNullishUserId: {
+        pattern: /storeId\s*\?\?\s*(?:userId|session\.user\.id|user\.id)/,
+        description: "storeId nullish coalesces to userId",
+        critical: true,
+    },
+    // params.storeId || default
+    paramsStoreIdFallback: {
+        pattern: /params\.storeId\s*\|\|\s*(?!null|undefined|throw|redirect)/,
+        description: "params.storeId falls back to another value instead of erroring",
+        critical: true,
+    },
+    // Default storeId assignment
+    defaultStoreId: {
+        pattern: /storeId\s*=\s*storeId\s*\|\|\s*|storeId\s*\?\?=\s*(?!null)/,
+        description: "storeId assigned a default value instead of requiring explicit value",
+        critical: true,
+    },
+    // userId as storeId directly
+    userIdAsStoreId: {
+        pattern: /storeId:\s*(?:userId|session\.user\.id|user\.id)(?!\s*\|\||[^,}\s])/,
+        description: "userId used directly as storeId (only valid for store owners)",
+        critical: false, // Warning - might be intentional for owner operations
+    },
+    // Ternary fallback to userId
+    ternaryFallbackUserId: {
+        pattern: /storeId\s*\?\s*storeId\s*:\s*(?:userId|session\.user\.id)/,
+        description: "Ternary expression falls back to userId when storeId missing",
+        critical: true,
+    },
+};
+/**
+ * Acceptable patterns (used for context - don't flag these)
+ */
+const SAFE_PATTERNS = [
+    // Explicit error on missing storeId
+    /if\s*\(\s*!storeId\s*\)\s*(?:throw|return.*error|redirect)/,
+    // Required storeId validation
+    /storeId.*required|require.*storeId/i,
+    // Lookup user's default store (intentional)
+    /getUserDefaultStore|getDefaultStoreForUser/i,
+];
+function getLineNumber(content, position) {
+    return content.substring(0, position).split("\n").length;
+}
+function getCodeContext(content, position) {
+    const lines = content.split("\n");
+    const lineNum = getLineNumber(content, position);
+    const start = Math.max(0, lineNum - 2);
+    const end = Math.min(lines.length, lineNum + 1);
+    return lines.slice(start, end).join("\n").trim();
+}
+async function run() {
+    console.log(`\n${console_chars_1.emoji.shield} STORE ID FALLBACK DETECTION`);
+    console.log((0, console_chars_1.createDivider)(65, "heavy"));
+    const issues = [];
+    const filesChecked = [];
+    // Find files
+    const allFiles = [];
+    for (const pattern of FILE_PATTERNS) {
+        const matches = await (0, glob_1.glob)(pattern, { cwd: process.cwd() });
+        allFiles.push(...matches);
+    }
+    const uniqueFiles = [...new Set(allFiles)];
+    console.log(`\n${console_chars_1.emoji.search} Scanning ${uniqueFiles.length} store-related files...`);
+    if (uniqueFiles.length === 0) {
+        console.log(`\n${console_chars_1.emoji.warning} No store files found - skipping check`);
+        return { success: true, errors: 0, warnings: 1 };
+    }
+    for (const relativePath of uniqueFiles) {
+        const filePath = path_1.default.join(process.cwd(), relativePath);
+        if (!fs_1.default.existsSync(filePath))
+            continue;
+        const content = fs_1.default.readFileSync(filePath, "utf-8");
+        filesChecked.push(relativePath);
+        // Skip if file has safe patterns indicating proper handling
+        const hasSafePattern = SAFE_PATTERNS.some((pattern) => pattern.test(content));
+        // Check for dangerous patterns
+        for (const [name, check] of Object.entries(DANGEROUS_PATTERNS)) {
+            const regex = new RegExp(check.pattern.source, "g");
+            let match;
+            while ((match = regex.exec(content)) !== null) {
+                // Skip if nearby code has safe pattern
+                const nearbyCode = content.substring(Math.max(0, match.index - 200), Math.min(content.length, match.index + 200));
+                if (SAFE_PATTERNS.some((pattern) => pattern.test(nearbyCode))) {
+                    continue;
+                }
+                const lineNum = getLineNumber(content, match.index);
+                issues.push({
+                    file: relativePath,
+                    type: "dangerous-fallback",
+                    pattern: name,
+                    description: check.description,
+                    critical: check.critical,
+                    line: lineNum,
+                    code: getCodeContext(content, match.index),
+                });
+            }
+        }
+    }
+    // Summary
+    const criticalIssues = issues.filter((i) => i.critical);
+    const warningIssues = issues.filter((i) => !i.critical);
+    console.log(`\n${console_chars_1.emoji.chart} Summary:`);
+    console.log(`   Files checked: ${filesChecked.length}`);
+    console.log(`   Critical issues: ${criticalIssues.length}`);
+    console.log(`   Warning issues: ${warningIssues.length}`);
+    if (issues.length === 0) {
+        console.log(`\n${console_chars_1.emoji.success} STORE ID FALLBACK DETECTION PASSED`);
+        console.log(`\nNo dangerous storeId fallback patterns found.`);
+        return { success: true, errors: 0, warnings: 0 };
+    }
+    // Display issues
+    if (criticalIssues.length > 0) {
+        console.log(`\n${console_chars_1.emoji.error} Critical issues:`);
+        for (const issue of criticalIssues) {
+            console.log(`\n   ${issue.file}:${issue.line}`);
+            console.log(`   ${issue.description}`);
+            if (issue.code) {
+                const indented = issue.code.split("\n").map((l) => `     ${l}`).join("\n");
+                console.log(indented);
+            }
+        }
+    }
+    if (warningIssues.length > 0) {
+        console.log(`\n${console_chars_1.emoji.warning} Warning issues:`);
+        for (const issue of warningIssues) {
+            console.log(`   ${issue.file}:${issue.line}: ${issue.description}`);
+        }
+    }
+    console.log(`\n${console_chars_1.emoji.info} To fix storeId fallback issues:`);
+    console.log(`   1. Never use: storeId || userId (userId !== storeId for delegated users)`);
+    console.log(`   2. Always require explicit storeId from route params or context`);
+    console.log(`   3. Validate storeId against user's accessible stores`);
+    console.log(`   4. Return error/redirect if storeId is missing, don't fallback`);
+    if (criticalIssues.length > 0) {
+        console.log(`\n${console_chars_1.emoji.error} STORE ID FALLBACK DETECTION FAILED`);
+        return { success: false, errors: criticalIssues.length, warnings: warningIssues.length };
+    }
+    console.log(`\n${console_chars_1.emoji.warning} STORE ID FALLBACK DETECTION PASSED WITH WARNINGS`);
+    return { success: true, errors: 0, warnings: warningIssues.length };
+}
+// Allow direct execution
+if (require.main === module) {
+    run()
+        .then((result) => {
+        process.exit(result.success ? 0 : 1);
+    })
+        .catch((err) => {
+        console.error(`${console_chars_1.emoji.error} Preflight failed:`, err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=store-id-fallback.js.map

package/dist/checks/auth/store-id-fallback.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store-id-fallback.js","sourceRoot":"","sources":["../../../src/checks/auth/store-id-fallback.ts"],"names":[],"mappings":";;;;;;;AA8HA,kBAgHC;AA7OD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,4CAAoB;AACpB,gDAAwB;AACxB,+BAA4B;AAE5B,6DAAiE;AAEjE,kDAAkD;AACrC,QAAA,EAAE,GAAG,wBAAwB,CAAC;AAC9B,QAAA,IAAI,GAAG,6BAA6B,CAAC;AACrC,QAAA,WAAW,GAAG,2DAA2D,CAAC;AAC1E,QAAA,QAAQ,GAAG,MAAM,CAAC;AAClB,QAAA,QAAQ,GAAG,IAAI,CAAC,CAAC,0BAA0B;AAC3C,QAAA,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;AAC7D,QAAA,QAAQ,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,oBAAoB;IACpB,mBAAmB;IACnB,uBAAuB;IACvB,sBAAsB;IACtB,qBAAqB;IACrB,eAAe;IACf,oBAAoB;IACpB,qBAAqB;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,6BAA6B;IAC7B,eAAe,EAAE;QACf,OAAO,EAAE,wDAAwD;QACjE,WAAW,EAAE,8EAA8E;QAC3F,QAAQ,EAAE,IAAI;KACf;IACD,6BAA6B;IAC7B,oBAAoB,EAAE;QACpB,OAAO,EAAE,wDAAwD;QACjE,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,IAAI;KACf;IACD,4BAA4B;IAC5B,qBAAqB,EAAE;QACrB,OAAO,EAAE,4DAA4D;QACrE,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,IAAI;KACf;IACD,6BAA6B;IAC7B,cAAc,EAAE;QACd,OAAO,EAAE,4DAA4D;QACrE,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,IAAI;KACf;IACD,6BAA6B;IAC7B,eAAe,EAAE;QACf,OAAO,EAAE,qEAAqE;QAC9E,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,KAAK,EAAE,sDAAsD;KACxE;IACD,6BAA6B;IAC7B,qBAAqB,EAAE;QACrB,OAAO,EAAE,2DAA2D;QACpE,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,oCAAoC;IACpC,4DAA4D;IAC5D,8BAA8B;IAC9B,qCAAqC;IACrC,4CAA4C;IAC5C,6CAA6C;CAC9C,CAAC;AAYF,SAAS,aAAa,CAAC,OAAe,EAAE,QAAgB;IACtD,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AAC3D,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;IAChD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,GAAG;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,8BAA8B,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,aAAa;IACb,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,aAAa,WAAW,CAAC,MAAM,yBAAyB,CAAC,CAAC;IAEvF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,wCAAwC,CAAC,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhC,4DAA4D;QAC5D,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE9E,+BAA+B;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACpD,IAAI,KAAK,CAAC;YAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,uCAAuC;gBACvC,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAClC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,EAC9B,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAC5C,CAAC;gBAEF,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;oBAC9D,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAEpD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,oBAAoB;oBAC1B,OAAO,EAAE,IAAI;oBACb,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,WAAW,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,uBAAuB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,sBAAsB,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IAE1D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,iBAAiB;IACjB,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,mBAAmB,CAAC,CAAC;QACjD,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3E,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;QAClD,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,kCAAkC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;IAEjF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,qCAAqC,CAAC,CAAC;QACnE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3F,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,mDAAmD,CAAC,CAAC;IACnF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC;AACtE,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,GAAG,EAAE;SACF,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/checks/auth/store-page-auth-guard.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+export declare const id = "auth/store-page-auth-guard";
+export declare const name = "Store Page Auth Guard";
+export declare const description = "Detects store pages missing auth or store access verification";
+export declare const category = "auth";
+export declare const blocking = true;
+export declare const tags: string[];
+export declare const requires: string[];
+export declare function run(): Promise<{
+    success: boolean;
+    errors: number;
+    warnings: number;
+}>;
+//# sourceMappingURL=store-page-auth-guard.d.ts.map

package/dist/checks/auth/store-page-auth-guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store-page-auth-guard.d.ts","sourceRoot":"","sources":["../../../src/checks/auth/store-page-auth-guard.ts"],"names":[],"mappings":";AA2BA,eAAO,MAAM,EAAE,+BAA+B,CAAC;AAC/C,eAAO,MAAM,IAAI,0BAA0B,CAAC;AAC5C,eAAO,MAAM,WAAW,kEAAkE,CAAC;AAC3F,eAAO,MAAM,QAAQ,SAAS,CAAC;AAC/B,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAA8D,CAAC;AAChF,eAAO,MAAM,QAAQ,UAA0B,CAAC;AAgFhD,wBAAsB,GAAG,IAAI,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CA0G3F"}

package/dist/checks/auth/store-page-auth-guard.js ADDED Viewed

@@ -0,0 +1,207 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requires = exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
+exports.run = run;
+/**
+ * Store Page Auth Guard Preflight
+ *
+ * Detects store pages that are missing authentication or store access verification.
+ * This is CRITICAL for security - store pages must verify:
+ * 1. User is authenticated (session exists)
+ * 2. User has access to the specific store (ownership or delegation)
+ * 3. Store exists and is not deleted
+ *
+ * Common vulnerable patterns:
+ * - Store pages without getServerSession or auth() call
+ * - Store API routes without checkPermission or store access check
+ * - Pages that fetch store data without verifying user access
+ *
+ * Prevents:
+ * - Unauthorized access to store data
+ * - Store data leakage between users
+ * - IDOR vulnerabilities
+ */
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const glob_1 = require("glob");
+const console_chars_1 = require("../../utils/console-chars");
+// METADATA - Required for plugin loader discovery
+exports.id = "auth/store-page-auth-guard";
+exports.name = "Store Page Auth Guard";
+exports.description = "Detects store pages missing auth or store access verification";
+exports.category = "auth";
+exports.blocking = true; // Critical security check
+exports.tags = ["auth", "security", "store", "access-control", "critical"];
+exports.requires = ["trading-card-system"];
+/**
+ * Store page patterns to check
+ */
+const STORE_PAGE_PATTERNS = [
+    "app/store/**/page.tsx",
+    "app/store/**/layout.tsx",
+    "app/api/store/**/route.ts",
+    "app/(store)/**/page.tsx",
+    "app/(store)/**/layout.tsx",
+];
+/**
+ * Required auth patterns for store pages
+ */
+const REQUIRED_AUTH_PATTERNS = {
+    // Session/auth check
+    sessionCheck: {
+        pattern: /getServerSession|auth\s*\(\s*\)|requireAuth|getSession/,
+        description: "Session/authentication check",
+        critical: true,
+    },
+    // Store access verification
+    storeAccessCheck: {
+        pattern: /checkPermission|getUserStoreAccess|verifyStoreAccess|storeId.*session|hasStoreAccess/i,
+        description: "Store access verification",
+        critical: true,
+    },
+    // Store ownership or delegation check
+    ownershipCheck: {
+        pattern: /store\.ownerId|ownerId.*===.*userId|userId.*===.*ownerId|delegatedAccess|storeAccess/i,
+        description: "Store ownership or delegation check",
+        critical: true,
+    },
+};
+/**
+ * Patterns that indicate store data access (requires auth)
+ */
+const STORE_DATA_PATTERNS = [
+    /findUnique.*store|findFirst.*store|prisma\.authStores/i,
+    /store\.listings|store\.orders|store\.products/i,
+    /getStoreData|fetchStore|loadStore/i,
+    /params\.storeId|storeId.*params/i,
+];
+/**
+ * Anti-patterns - dangerous code patterns
+ */
+const ANTI_PATTERNS = {
+    // Fetch store without auth
+    fetchStoreNoAuth: {
+        pattern: /(?:findUnique|findFirst)[\s\S]{0,100}authStores(?:(?!session|auth|checkPermission).)*\}/s,
+        description: "Store data fetched without authentication check nearby",
+    },
+    // Direct storeId from params without verification
+    directStoreIdUsage: {
+        pattern: /params\.storeId(?:(?!checkPermission|verifyAccess|hasAccess).){0,200}prisma/s,
+        description: "storeId from params used directly without access verification",
+    },
+    // Return store data without auth check
+    returnStoreDataNoAuth: {
+        pattern: /return\s*(?:NextResponse\.json|Response\.json)[\s\S]{0,50}store(?:(?!session|auth).){0,100}\}/s,
+        description: "Store data returned without visible auth check",
+    },
+};
+function hasStoreDataAccess(content) {
+    return STORE_DATA_PATTERNS.some((pattern) => pattern.test(content));
+}
+async function run() {
+    console.log(`\n${console_chars_1.emoji.shield} STORE PAGE AUTH GUARD CHECK`);
+    console.log((0, console_chars_1.createDivider)(65, "heavy"));
+    const issues = [];
+    const filesChecked = [];
+    // Find all store pages/routes
+    const allFiles = [];
+    for (const pattern of STORE_PAGE_PATTERNS) {
+        const matches = await (0, glob_1.glob)(pattern, { cwd: process.cwd() });
+        allFiles.push(...matches);
+    }
+    const uniqueFiles = [...new Set(allFiles)];
+    console.log(`\n${console_chars_1.emoji.search} Scanning ${uniqueFiles.length} store pages/routes...`);
+    if (uniqueFiles.length === 0) {
+        console.log(`\n${console_chars_1.emoji.warning} No store pages found - skipping check`);
+        return { success: true, errors: 0, warnings: 1 };
+    }
+    for (const relativePath of uniqueFiles) {
+        const filePath = path_1.default.join(process.cwd(), relativePath);
+        if (!fs_1.default.existsSync(filePath))
+            continue;
+        const content = fs_1.default.readFileSync(filePath, "utf-8");
+        filesChecked.push(relativePath);
+        // Skip if file doesn't access store data
+        if (!hasStoreDataAccess(content)) {
+            continue;
+        }
+        console.log(`\n${console_chars_1.emoji.file} ${relativePath} (accesses store data)`);
+        // Check for required auth patterns
+        const hasSessionCheck = REQUIRED_AUTH_PATTERNS.sessionCheck.pattern.test(content);
+        const hasStoreAccessCheck = REQUIRED_AUTH_PATTERNS.storeAccessCheck.pattern.test(content);
+        const hasOwnershipCheck = REQUIRED_AUTH_PATTERNS.ownershipCheck.pattern.test(content);
+        if (!hasSessionCheck) {
+            issues.push({
+                file: relativePath,
+                type: "missing-auth",
+                description: "Missing session/authentication check",
+                critical: true,
+            });
+            console.log(`   ${console_chars_1.emoji.error} Missing: Session/authentication check`);
+        }
+        else {
+            console.log(`   ${console_chars_1.emoji.success} Found: Session check`);
+        }
+        if (!hasStoreAccessCheck && !hasOwnershipCheck) {
+            issues.push({
+                file: relativePath,
+                type: "missing-store-access",
+                description: "Missing store access verification",
+                critical: true,
+            });
+            console.log(`   ${console_chars_1.emoji.error} Missing: Store access verification`);
+        }
+        else {
+            console.log(`   ${console_chars_1.emoji.success} Found: Store access check`);
+        }
+        // Check for anti-patterns
+        for (const [name, check] of Object.entries(ANTI_PATTERNS)) {
+            if (check.pattern.test(content)) {
+                issues.push({
+                    file: relativePath,
+                    type: "anti-pattern",
+                    description: check.description,
+                    critical: true,
+                });
+                console.log(`   ${console_chars_1.emoji.error} Anti-pattern: ${check.description}`);
+            }
+        }
+    }
+    // Summary
+    const criticalIssues = issues.filter((i) => i.critical);
+    console.log(`\n${console_chars_1.emoji.chart} Summary:`);
+    console.log(`   Store pages checked: ${filesChecked.length}`);
+    console.log(`   Security issues: ${criticalIssues.length}`);
+    if (issues.length === 0) {
+        console.log(`\n${console_chars_1.emoji.success} STORE PAGE AUTH GUARD CHECK PASSED`);
+        console.log(`\nAll store pages have proper authentication and access control.`);
+        return { success: true, errors: 0, warnings: 0 };
+    }
+    console.log(`\n${console_chars_1.emoji.error} Security issues found:`);
+    for (const issue of issues) {
+        console.log(`   ${issue.file}: ${issue.description}`);
+    }
+    console.log(`\n${console_chars_1.emoji.info} Store page auth requirements:`);
+    console.log(`   1. Call getServerSession() or auth() to verify authentication`);
+    console.log(`   2. Call checkPermission() or getUserStoreAccess() to verify store access`);
+    console.log(`   3. Verify store ownership or delegation before returning data`);
+    console.log(`   4. Redirect or return 403 on access failure (don't return empty data)`);
+    console.log(`\n${console_chars_1.emoji.error} STORE PAGE AUTH GUARD CHECK FAILED`);
+    return { success: false, errors: criticalIssues.length, warnings: 0 };
+}
+// Allow direct execution
+if (require.main === module) {
+    run()
+        .then((result) => {
+        process.exit(result.success ? 0 : 1);
+    })
+        .catch((err) => {
+        console.error(`${console_chars_1.emoji.error} Preflight failed:`, err);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=store-page-auth-guard.js.map

package/dist/checks/auth/store-page-auth-guard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store-page-auth-guard.js","sourceRoot":"","sources":["../../../src/checks/auth/store-page-auth-guard.ts"],"names":[],"mappings":";;;;;;;AAiHA,kBA0GC;AA1ND;;;;;;;;;;;;;;;;;;GAkBG;AACH,4CAAoB;AACpB,gDAAwB;AACxB,+BAA4B;AAE5B,6DAAiE;AAEjE,kDAAkD;AACrC,QAAA,EAAE,GAAG,4BAA4B,CAAC;AAClC,QAAA,IAAI,GAAG,uBAAuB,CAAC;AAC/B,QAAA,WAAW,GAAG,+DAA+D,CAAC;AAC9E,QAAA,QAAQ,GAAG,MAAM,CAAC;AAClB,QAAA,QAAQ,GAAG,IAAI,CAAC,CAAC,0BAA0B;AAC3C,QAAA,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;AACnE,QAAA,QAAQ,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAEhD;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,uBAAuB;IACvB,yBAAyB;IACzB,2BAA2B;IAC3B,yBAAyB;IACzB,2BAA2B;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,qBAAqB;IACrB,YAAY,EAAE;QACZ,OAAO,EAAE,wDAAwD;QACjE,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,IAAI;KACf;IACD,4BAA4B;IAC5B,gBAAgB,EAAE;QAChB,OAAO,EAAE,uFAAuF;QAChG,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,IAAI;KACf;IACD,sCAAsC;IACtC,cAAc,EAAE;QACd,OAAO,EAAE,uFAAuF;QAChG,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,wDAAwD;IACxD,gDAAgD;IAChD,oCAAoC;IACpC,kCAAkC;CACnC,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,2BAA2B;IAC3B,gBAAgB,EAAE;QAChB,OAAO,EAAE,0FAA0F;QACnG,WAAW,EAAE,wDAAwD;KACtE;IACD,kDAAkD;IAClD,kBAAkB,EAAE;QAClB,OAAO,EAAE,8EAA8E;QACvF,WAAW,EAAE,+DAA+D;KAC7E;IACD,uCAAuC;IACvC,qBAAqB,EAAE;QACrB,OAAO,EAAE,gGAAgG;QACzG,WAAW,EAAE,gDAAgD;KAC9D;CACF,CAAC;AAUF,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACtE,CAAC;AAEM,KAAK,UAAU,GAAG;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,8BAA8B,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,aAAa,WAAW,CAAC,MAAM,wBAAwB,CAAC,CAAC;IAEtF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,wCAAwC,CAAC,CAAC;QACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,MAAM,YAAY,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEvC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhC,yCAAyC;QACzC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,IAAI,YAAY,wBAAwB,CAAC,CAAC;QAErE,mCAAmC;QACnC,MAAM,eAAe,GAAG,sBAAsB,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClF,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1F,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEtF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,cAAc;gBACpB,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,wCAAwC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,mBAAmB,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,sBAAsB;gBAC5B,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,qCAAqC,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;QAC/D,CAAC;QAED,0BAA0B;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,cAAc;oBACpB,WAAW,EAAE,KAAK,CAAC,WAAW;oBAC9B,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,kBAAkB,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAExD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,WAAW,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,2BAA2B,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,uBAAuB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAE5D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,yBAAyB,CAAC,CAAC;IACvD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,gCAAgC,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;IAExF,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,qCAAqC,CAAC,CAAC;IACnE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,GAAG,EAAE;SACF,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;QACpB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@empline/preflight",
-  "version": "1.1.33",
+  "version": "1.1.34",
   "description": "Distributable preflight validation system with app-specific plugin support",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",