@empline/preflight 1.1.58 → 1.1.60

package/dist/checks/security/deprecated-node-apis-validation.js

@@ -0,0 +1,324 @@
+#!/usr/bin/env tsx
+"use strict";
+/**
+ * Deprecated Node.js APIs Validation Preflight
+ *
+ * Detects usage of deprecated Node.js APIs that have security implications:
+ *
+ * 1. url.parse() - DEP0169: Not standardized, prone to security errors
+ *    CVEs are not issued for url.parse() vulnerabilities.
+ *    Use: new URL() (WHATWG URL API) instead
+ *
+ * 2. Buffer() constructor - DEP0005: Can cause security issues
+ *    Use: Buffer.from(), Buffer.alloc(), Buffer.allocUnsafe() instead
+ *
+ * 3. domain module - DEP0152: Deprecated, use async_hooks instead
+ *
+ * 4. punycode module - DEP0040: Use userland alternative instead
+ *
+ * 5. querystring module - DEP0019: Use URLSearchParams instead
+ *
+ * This preflight helps maintain security best practices and prevents
+ * usage of APIs that may have unpatched vulnerabilities.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
+exports.run = main;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const console_chars_1 = require("../../utils/console-chars");
+const universal_progress_reporter_1 = require("../system/universal-progress-reporter");
+// PREFLIGHT METADATA
+exports.id = "security/deprecated-node-apis-validation";
+exports.name = "Deprecated Node.js APIs Validation";
+exports.description = "Detects deprecated Node.js APIs with security implications (url.parse, Buffer constructor, etc.)";
+exports.category = "security";
+exports.blocking = true;
+exports.tags = ["security", "deprecated", "node", "api", "url.parse", "buffer"];
+const TRADING_CARD_SYSTEM_PATH = path.resolve(__dirname, "../../../../trading-card-system");
+// Directories to skip (node_modules, build outputs, etc.)
+const SKIP_DIRS = new Set([
+    "node_modules",
+    ".next",
+    "dist",
+    "build",
+    ".git",
+    "coverage",
+    ".turbo",
+    ".vercel",
+    ".preflight-submissions",
+]);
+// File extensions to check
+const CHECK_EXTENSIONS = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
+// Deprecated APIs to detect
+// Note: We focus on actual deprecated API calls, not imports of modules that have modern alternatives
+const DEPRECATED_APIS = [
+    {
+        // CRITICAL: url.parse() has security vulnerabilities and CVEs are not issued
+        pattern: /\burl\.parse\s*\(/g,
+        api: "url.parse()",
+        severity: "error",
+        recommendation: "Use new URL() constructor instead. url.parse() has security vulnerabilities (DEP0169).",
+    },
+    {
+        // url.resolve() is also deprecated
+        pattern: /\burl\.resolve\s*\(/g,
+        api: "url.resolve()",
+        severity: "error",
+        recommendation: "Use new URL(relative, base) instead. url.resolve() is deprecated (DEP0169).",
+    },
+    {
+        // url.format() with legacy urlObject is deprecated
+        pattern: /\burl\.format\s*\(\s*\{/g,
+        api: "url.format({...})",
+        severity: "warning",
+        recommendation: "Use URL.toString() or construct URLs with new URL() instead.",
+    },
+    {
+        // new Buffer() is a security risk
+        pattern: /\bnew\s+Buffer\s*\(/g,
+        api: "new Buffer()",
+        severity: "error",
+        recommendation: "Use Buffer.from(), Buffer.alloc(), or Buffer.allocUnsafe() instead (DEP0005).",
+    },
+    {
+        // Domain module is deprecated
+        pattern: /\brequire\s*\(\s*['"]domain['"]\s*\)/g,
+        api: "require('domain')",
+        severity: "warning",
+        recommendation: "Domain module is deprecated (DEP0152). Use async_hooks for async context tracking.",
+    },
+    {
+        pattern: /\bfrom\s+['"]domain['"]/g,
+        api: "import from 'domain'",
+        severity: "warning",
+        recommendation: "Domain module is deprecated (DEP0152). Use async_hooks for async context tracking.",
+    },
+    {
+        // Punycode module is deprecated
+        pattern: /\brequire\s*\(\s*['"]punycode['"]\s*\)/g,
+        api: "require('punycode')",
+        severity: "warning",
+        recommendation: "Punycode module is deprecated (DEP0040). Use a userland package instead.",
+    },
+    {
+        // querystring.parse() is deprecated
+        pattern: /\bquerystring\.parse\s*\(/g,
+        api: "querystring.parse()",
+        severity: "warning",
+        recommendation: "Use URLSearchParams instead of querystring module.",
+    },
+    {
+        // querystring.stringify() is deprecated
+        pattern: /\bquerystring\.stringify\s*\(/g,
+        api: "querystring.stringify()",
+        severity: "warning",
+        recommendation: "Use URLSearchParams.toString() instead of querystring module.",
+    },
+    {
+        // querystring.escape() is deprecated
+        pattern: /\bquerystring\.escape\s*\(/g,
+        api: "querystring.escape()",
+        severity: "warning",
+        recommendation: "Use encodeURIComponent() instead.",
+    },
+    {
+        // querystring.unescape() is deprecated
+        pattern: /\bquerystring\.unescape\s*\(/g,
+        api: "querystring.unescape()",
+        severity: "warning",
+        recommendation: "Use decodeURIComponent() instead.",
+    },
+];
+// Note: We intentionally do NOT flag:
+// - import { fileURLToPath } from 'url' - this is a modern API
+// - import { URL } from 'url' - this is the WHATWG URL API
+// - require('url') when only using modern APIs
+// The issue is specifically with url.parse(), url.resolve(), and url.format() with legacy objects
+function getAllFiles(dir, files = []) {
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (SKIP_DIRS.has(entry.name)) {
+                continue;
+            }
+            const fullPath = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                getAllFiles(fullPath, files);
+            }
+            else if (entry.isFile() && CHECK_EXTENSIONS.has(path.extname(entry.name))) {
+                files.push(fullPath);
+            }
+        }
+    }
+    catch {
+        // Ignore permission errors
+    }
+    return files;
+}
+function checkFile(filePath) {
+    const usages = [];
+    try {
+        const content = fs.readFileSync(filePath, "utf8");
+        const lines = content.split("\n");
+        const relativePath = path.relative(TRADING_CARD_SYSTEM_PATH, filePath);
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i] || "";
+            const lineNumber = i + 1;
+            // Skip comments
+            const trimmedLine = line.trim();
+            if (trimmedLine.startsWith("//") || trimmedLine.startsWith("*") || trimmedLine.startsWith("/*")) {
+                continue;
+            }
+            for (const api of DEPRECATED_APIS) {
+                // Reset regex state
+                api.pattern.lastIndex = 0;
+                if (api.pattern.test(line)) {
+                    usages.push({
+                        file: relativePath,
+                        line: lineNumber,
+                        api: api.api,
+                        code: trimmedLine.substring(0, 100) + (trimmedLine.length > 100 ? "..." : ""),
+                        severity: api.severity,
+                        recommendation: api.recommendation,
+                    });
+                }
+            }
+        }
+    }
+    catch {
+        // Ignore read errors
+    }
+    return usages;
+}
+async function main() {
+    const reporter = (0, universal_progress_reporter_1.createUniversalProgressReporter)(exports.name);
+    console.log(`\n${console_chars_1.emoji.rocket} DEPRECATED NODE.JS APIs VALIDATION PREFLIGHT`);
+    console.log((0, console_chars_1.createDivider)(60, "heavy"));
+    console.log(`${console_chars_1.emoji.info} Scanning for deprecated Node.js APIs with security implications...\n`);
+    // Get all files to check
+    console.log(`${console_chars_1.emoji.folder} Scanning source files...`);
+    const files = getAllFiles(TRADING_CARD_SYSTEM_PATH);
+    console.log(`  Found ${files.length} source files to check\n`);
+    // Check each file
+    const allUsages = [];
+    let filesChecked = 0;
+    for (const file of files) {
+        const usages = checkFile(file);
+        allUsages.push(...usages);
+        filesChecked++;
+    }
+    // Group usages by severity
+    const errors = allUsages.filter((u) => u.severity === "error");
+    const warnings = allUsages.filter((u) => u.severity === "warning");
+    // Report findings
+    if (allUsages.length > 0) {
+        console.log(`${console_chars_1.emoji.folder} Deprecated API usages found:\n`);
+        // Report errors first
+        if (errors.length > 0) {
+            console.log(`${console_chars_1.emoji.error} CRITICAL - Security-sensitive deprecated APIs:`);
+            for (const usage of errors) {
+                console.log(`  ${console_chars_1.emoji.error} ${usage.api} in ${usage.file}:${usage.line}`);
+                console.log(`     Code: ${usage.code}`);
+                console.log(`     ${console_chars_1.emoji.hint} ${usage.recommendation}\n`);
+            }
+        }
+        // Then warnings
+        if (warnings.length > 0) {
+            console.log(`${console_chars_1.emoji.warning} WARNINGS - Deprecated APIs (may cause issues):`);
+            for (const usage of warnings) {
+                console.log(`  ${console_chars_1.emoji.warning} ${usage.api} in ${usage.file}:${usage.line}`);
+                console.log(`     ${console_chars_1.emoji.hint} ${usage.recommendation}\n`);
+            }
+        }
+    }
+    else {
+        console.log(`${console_chars_1.emoji.success} No deprecated API usages found in source code.\n`);
+    }
+    // Note about dependencies
+    console.log(`${console_chars_1.emoji.info} Note: Deprecation warnings from dependencies (node_modules) are not scanned.`);
+    console.log(`  If you see DEP0169 warnings at runtime, check these common culprits:`);
+    console.log(`  - nodemailer (may use url.parse internally)`);
+    console.log(`  - sendgrid (may use url.parse internally)`);
+    console.log(`  - older versions of next-auth`);
+    console.log(`  - other email/HTTP client libraries`);
+    console.log(`  Update these packages when newer versions are available.\n`);
+    // Summary
+    console.log((0, console_chars_1.createDivider)(60, "heavy"));
+    console.log(`${console_chars_1.emoji.chart} VALIDATION SUMMARY`);
+    console.log((0, console_chars_1.createDivider)(60, "heavy"));
+    console.log(`${console_chars_1.emoji.success} Files checked: ${filesChecked}`);
+    if (errors.length > 0) {
+        console.log(`${console_chars_1.emoji.error} Critical issues: ${errors.length}`);
+    }
+    if (warnings.length > 0) {
+        console.log(`${console_chars_1.emoji.warning} Warnings: ${warnings.length}`);
+    }
+    reporter.showSummary({
+        filesProcessed: filesChecked,
+        issuesFound: allUsages.length,
+        errors: errors.length,
+        warnings: warnings.length,
+    });
+    console.log((0, console_chars_1.createDivider)(60, "heavy"));
+    if (errors.length > 0) {
+        console.log(`\n${console_chars_1.emoji.error} DEPRECATED NODE.JS APIs VALIDATION FAILED`);
+        console.log(`\n${console_chars_1.emoji.info} Critical deprecated APIs found with security implications.`);
+        console.log(`\n${console_chars_1.emoji.hint} To fix:`);
+        console.log(`  - Replace url.parse() with new URL()`);
+        console.log(`  - Replace new Buffer() with Buffer.from()/Buffer.alloc()`);
+        console.log(`  - See recommendations above for each issue`);
+        process.exit(1);
+    }
+    else if (warnings.length > 0) {
+        console.log(`\n${console_chars_1.emoji.warning} DEPRECATED NODE.JS APIs VALIDATION PASSED WITH WARNINGS`);
+        console.log(`\n${console_chars_1.emoji.info} Consider updating deprecated APIs to prevent future issues.`);
+        process.exit(0);
+    }
+    else {
+        console.log(`\n${console_chars_1.emoji.success} DEPRECATED NODE.JS APIs VALIDATION PASSED`);
+        console.log(`\n${console_chars_1.emoji.info} No deprecated APIs detected in source code.`);
+        process.exit(0);
+    }
+}
+// Run if called directly
+if (require.main === module) {
+    main().catch((error) => {
+        console.error(`${console_chars_1.emoji.error} Fatal error:`, error);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=deprecated-node-apis-validation.js.map

package/dist/checks/security/deprecated-node-apis-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deprecated-node-apis-validation.js","sourceRoot":"","sources":["../../../src/checks/security/deprecated-node-apis-validation.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmTc,mBAAG;AAjTpB,4CAA8B;AAC9B,gDAAkC;AAClC,6DAAiE;AACjE,uFAAwF;AAExF,qBAAqB;AAER,QAAA,EAAE,GAAG,0CAA0C,CAAC;AAChD,QAAA,IAAI,GAAG,oCAAoC,CAAC;AAC5C,QAAA,WAAW,GACtB,kGAAkG,CAAC;AACxF,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,IAAI,GAAG,CAAC,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;AAarF,MAAM,wBAAwB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iCAAiC,CAAC,CAAC;AAE5F,0DAA0D;AAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,cAAc;IACd,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,UAAU;IACV,QAAQ;IACR,SAAS;IACT,wBAAwB;CACzB,CAAC,CAAC;AAEH,2BAA2B;AAC3B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjF,4BAA4B;AAC5B,sGAAsG;AACtG,MAAM,eAAe,GAAG;IACtB;QACE,6EAA6E;QAC7E,OAAO,EAAE,oBAAoB;QAC7B,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,wFAAwF;KACzG;IACD;QACE,mCAAmC;QACnC,OAAO,EAAE,sBAAsB;QAC/B,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,6EAA6E;KAC9F;IACD;QACE,mDAAmD;QACnD,OAAO,EAAE,0BAA0B;QACnC,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,8DAA8D;KAC/E;IACD;QACE,kCAAkC;QAClC,OAAO,EAAE,sBAAsB;QAC/B,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,+EAA+E;KAChG;IACD;QACE,8BAA8B;QAC9B,OAAO,EAAE,uCAAuC;QAChD,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,gCAAgC;QAChC,OAAO,EAAE,yCAAyC;QAClD,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,0EAA0E;KAC3F;IACD;QACE,oCAAoC;QACpC,OAAO,EAAE,4BAA4B;QACrC,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oDAAoD;KACrE;IACD;QACE,wCAAwC;QACxC,OAAO,EAAE,gCAAgC;QACzC,GAAG,EAAE,yBAAyB;QAC9B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,+DAA+D;KAChF;IACD;QACE,qCAAqC;QACrC,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,mCAAmC;KACpD;IACD;QACE,uCAAuC;QACvC,OAAO,EAAE,+BAA+B;QACxC,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,mCAAmC;KACpD;CACF,CAAC;AAEF,sCAAsC;AACtC,+DAA+D;AAC/D,2DAA2D;AAC3D,+CAA+C;AAC/C,kGAAkG;AAElG,SAAS,WAAW,CAAC,GAAW,EAAE,QAAkB,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5E,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,MAAM,GAAyB,EAAE,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,QAAQ,CAAC,CAAC;QAEvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;YAEzB,gBAAgB;YAChB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChG,SAAS;YACX,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,oBAAoB;gBACpB,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE1B,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,YAAY;wBAClB,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,GAAG,CAAC,GAAG;wBACZ,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC7E,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,cAAc,EAAE,GAAG,CAAC,cAAc;qBACnC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,QAAQ,GAAG,IAAA,6DAA+B,EAAC,YAAI,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,+CAA+C,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,uEAAuE,CAAC,CAAC;IAElG,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,2BAA2B,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,0BAA0B,CAAC,CAAC;IAE/D,kBAAkB;IAClB,MAAM,SAAS,GAAyB,EAAE,CAAC;IAC3C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC/B,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QAC1B,YAAY,EAAE,CAAC;IACjB,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEnE,kBAAkB;IAClB,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,iCAAiC,CAAC,CAAC;QAE9D,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,iDAAiD,CAAC,CAAC;YAC7E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,qBAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,iDAAiD,CAAC,CAAC;YAC/E,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,IAAI,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9E,OAAO,CAAC,GAAG,CAAC,QAAQ,qBAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,mDAAmD,CAAC,CAAC;IACnF,CAAC;IAED,0BAA0B;IAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,+EAA+E,CAAC,CAAC;IAC1G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;IAE5E,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,qBAAqB,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,mBAAmB,YAAY,EAAE,CAAC,CAAC;IAC/D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,qBAAqB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,cAAc,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,WAAW,CAAC;QACnB,cAAc,EAAE,YAAY;QAC5B,WAAW,EAAE,SAAS,CAAC,MAAM;QAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,QAAQ,CAAC,MAAM;KAC1B,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,4CAA4C,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,6DAA6D,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,UAAU,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,0DAA0D,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,8DAA8D,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4CAA4C,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,8CAA8C,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,eAAe,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/checks/security/security-headers-validation.d.ts

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+import { PreflightCheckResult } from "../../core/types";
+export declare const id = "security/security-headers-validation";
+export declare const name = "Security Headers Validation";
+export declare const description = "Validates security headers, cookies, SRI, CORS, and OWASP best practices";
+export declare const category = "security";
+export declare const blocking = true;
+export declare const tags: string[];
+export declare function run(): Promise<PreflightCheckResult>;
+//# sourceMappingURL=security-headers-validation.d.ts.map

package/dist/checks/security/security-headers-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-headers-validation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/security-headers-validation.ts"],"names":[],"mappings":";AAkCA,OAAO,EAAE,oBAAoB,EAAoB,MAAM,kBAAkB,CAAC;AAG1E,eAAO,MAAM,EAAE,yCAAyC,CAAC;AACzD,eAAO,MAAM,IAAI,gCAAgC,CAAC;AAClD,eAAO,MAAM,WAAW,6EAA6E,CAAC;AACtG,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAA6D,CAAC;AAye/E,wBAAsB,GAAG,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAuCzD"}