@havoc-security/scanner 0.1.0

package/dist/parsers/RouteParser.js

@@ -0,0 +1,327 @@
+/**
+ * HAVOC Route Parser
+ *
+ * Parses Laravel route files (routes/web.php, routes/api.php, etc.) to extract
+ * route definitions and their associated middleware — including group-inherited
+ * middleware. This data is used by the AuthorizationCoverageAnalyzer to eliminate
+ * false positives where auth/authorization is handled at the route level.
+ */
+import { readFile } from 'node:fs/promises';
+import { resolve, relative } from 'node:path';
+import { glob } from 'glob';
+// ─── Middleware Classification ────────────────────────────────────────────────
+/** Middleware that provide AUTHORIZATION (i.e., permission checks — clears finding) */
+const AUTHORIZATION_MIDDLEWARE_PATTERNS = [
+    /^can:/,
+    /^permission:/,
+    /^role:/,
+];
+/** Middleware that provide AUTHENTICATION only (downgrades severity but does not clear) */
+const AUTHENTICATION_MIDDLEWARE_PATTERNS = [
+    /^auth$/,
+    /^auth:/,
+    /^sanctum$/,
+    /^verified$/,
+];
+export function isAuthorizationMiddleware(mw) {
+    return AUTHORIZATION_MIDDLEWARE_PATTERNS.some((re) => re.test(mw.trim()));
+}
+export function isAuthenticationMiddleware(mw) {
+    return AUTHENTICATION_MIDDLEWARE_PATTERNS.some((re) => re.test(mw.trim()));
+}
+export function hasAuthorizationMiddleware(middleware) {
+    return middleware.some(isAuthorizationMiddleware);
+}
+export function hasAuthenticationMiddleware(middleware) {
+    return middleware.some(isAuthenticationMiddleware);
+}
+// ─── Webhook Detection ────────────────────────────────────────────────────────
+const WEBHOOK_PATTERNS = [
+    /\$request->header\s*\(\s*['"]X-[^'"]*Signature/i,
+    /hash_hmac\s*\(/,
+    /hash_equals\s*\(/,
+    /SignatureVerif/i,
+    /validateSignature/i,
+    /verifySignature/i,
+    /StripeSignature/i,
+    /WebhookSignature/i,
+];
+export function isWebhookHandler(bodyText) {
+    return WEBHOOK_PATTERNS.some((re) => re.test(bodyText));
+}
+// ─── Internal Helpers ─────────────────────────────────────────────────────────
+/**
+ * Parses middleware from a middleware() call argument string.
+ * Handles both string and array forms:
+ *   'auth'
+ *   ['auth', 'can:view-admin', 'verified']
+ */
+function parseMiddlewareArg(arg) {
+    arg = arg.trim();
+    // Array form: ['auth', 'can:view-admin']
+    if (arg.startsWith('[')) {
+        const inner = arg.slice(1, arg.lastIndexOf(']'));
+        return inner.match(/['"]([^'"]+)['"]/g)?.map((s) => s.replace(/['"]/g, '')) ?? [];
+    }
+    // String form: 'auth' or "auth"
+    const m = arg.match(/^['"]([^'"]+)['"]$/);
+    if (m)
+        return [m[1]];
+    return [];
+}
+/**
+ * Extract the controller class name (short name) and action from a route action string.
+ *
+ * Supported formats:
+ *   [PostController::class, 'index']
+ *   'PostController@index'
+ *   PostController::class (resource)
+ */
+function parseControllerAction(actionStr) {
+    actionStr = actionStr.trim();
+    // Array syntax: [PostController::class, 'index']
+    const arrayMatch = actionStr.match(/\[?\s*([A-Za-z_\\]+)(?:::class)?\s*,\s*['"]([^'"]+)['"]\s*\]?/);
+    if (arrayMatch) {
+        const parts = arrayMatch[1].split('\\');
+        return { controller: parts[parts.length - 1], action: arrayMatch[2] };
+    }
+    // String syntax: 'PostController@index'
+    const atMatch = actionStr.match(/['"]?([A-Za-z_\\]+)@([A-Za-z_]+)['"]?/);
+    if (atMatch) {
+        const parts = atMatch[1].split('\\');
+        return { controller: parts[parts.length - 1], action: atMatch[2] };
+    }
+    // Resource: PostController::class (no explicit action)
+    const resourceMatch = actionStr.match(/([A-Za-z_\\]+)::class/);
+    if (resourceMatch) {
+        const parts = resourceMatch[1].split('\\');
+        return { controller: parts[parts.length - 1], action: '*' };
+    }
+    return null;
+}
+/** Standard Laravel resource controller actions */
+const RESOURCE_ACTIONS = ['index', 'create', 'store', 'show', 'edit', 'update', 'destroy'];
+// ─── Route Parser ─────────────────────────────────────────────────────────────
+/**
+ * Regex-based Laravel route file parser.
+ *
+ * Handles:
+ * - Route::get/post/put/patch/delete/any('uri', ...)
+ * - Route::resource('resource', Controller::class)
+ * - Route::middleware([...])->group(function () { ... })
+ * - Nested groups
+ */
+export class RouteParser {
+    /**
+     * Parse a single route file's content and return extracted routes.
+     */
+    parseContent(content, filePath = '') {
+        const routes = [];
+        this.parseBlock(content, [], routes);
+        return { path: filePath, routes };
+    }
+    /**
+     * Parse a route file from disk.
+     */
+    async parseFile(filePath, rootDir) {
+        const content = await readFile(filePath, 'utf-8').catch(() => '');
+        const relativePath = rootDir ? relative(rootDir, filePath) : filePath;
+        return this.parseContent(content, relativePath);
+    }
+    /**
+     * Parse all route files in a Laravel project's routes/ directory.
+     */
+    async parseDirectory(projectRoot) {
+        const absRoot = resolve(projectRoot);
+        const files = await glob(`${absRoot}/routes/**/*.php`, { nodir: true });
+        return Promise.all(files.map((f) => this.parseFile(f, absRoot)));
+    }
+    /**
+     * Recursively parse a block of PHP route code, tracking inherited middleware.
+     */
+    parseBlock(content, inheritedMiddleware, routes) {
+        let pos = 0;
+        while (pos < content.length) {
+            const routeIdx = content.indexOf('Route::', pos);
+            if (routeIdx === -1)
+                break;
+            const chain = this.extractChain(content, routeIdx);
+            if (!chain) {
+                pos = routeIdx + 7;
+                continue;
+            }
+            const { text, end } = chain;
+            // Check if this is a group
+            const groupMiddleware = this.extractGroupMiddleware(text);
+            if (groupMiddleware !== null) {
+                const groupBody = this.extractGroupBody(content, routeIdx);
+                if (groupBody) {
+                    const combined = [...inheritedMiddleware, ...groupMiddleware];
+                    this.parseBlock(groupBody.body, combined, routes);
+                    pos = groupBody.end;
+                    continue;
+                }
+            }
+            const extracted = this.extractRoute(text, inheritedMiddleware);
+            if (extracted.length > 0) {
+                routes.push(...extracted);
+            }
+            pos = end;
+        }
+    }
+    /**
+     * Extract the full chained call text starting at a Route:: position.
+     * Stops at semicolons not inside brackets/parens.
+     */
+    extractChain(content, start) {
+        let depth = 0;
+        let i = start;
+        let inString = false;
+        let stringChar = '';
+        while (i < content.length) {
+            const ch = content[i];
+            if (inString) {
+                if (ch === stringChar && content[i - 1] !== '\\')
+                    inString = false;
+            }
+            else if (ch === '"' || ch === "'") {
+                inString = true;
+                stringChar = ch;
+            }
+            else if (ch === '(' || ch === '[') {
+                depth++;
+            }
+            else if (ch === ')' || ch === ']') {
+                depth--;
+            }
+            else if (ch === '{' && depth === 0) {
+                // Entering a closure body — stop here (group handling takes over)
+                break;
+            }
+            else if (ch === '}' && depth < 0) {
+                break;
+            }
+            else if (ch === ';' && depth === 0) {
+                return { text: content.slice(start, i + 1), end: i + 1 };
+            }
+            i++;
+        }
+        if (i > start) {
+            return { text: content.slice(start, i), end: i };
+        }
+        return null;
+    }
+    /**
+     * If the chain is a Route::middleware(...)->group(...), extract the middleware list.
+     * Returns null if this is not a group.
+     */
+    extractGroupMiddleware(chain) {
+        const mwMatch = chain.match(/Route::(?:\w+\([^)]*\)->)*middleware\s*\(([^)]+)\)/);
+        if (!mwMatch)
+            return null;
+        if (!chain.includes('->group('))
+            return null;
+        return parseMiddlewareArg(mwMatch[1]);
+    }
+    /**
+     * Find the closure body of a ->group(function () { ... }) call.
+     */
+    extractGroupBody(content, routeStart) {
+        const groupIdx = content.indexOf('->group(', routeStart);
+        if (groupIdx === -1)
+            return null;
+        const braceIdx = content.indexOf('{', groupIdx);
+        if (braceIdx === -1)
+            return null;
+        let depth = 1;
+        let i = braceIdx + 1;
+        while (i < content.length && depth > 0) {
+            const ch = content[i];
+            if (ch === '{')
+                depth++;
+            else if (ch === '}')
+                depth--;
+            i++;
+        }
+        return { body: content.slice(braceIdx + 1, i - 1), end: i };
+    }
+    /**
+     * Extract route info from a single Route::method() chain.
+     */
+    extractRoute(chain, inheritedMiddleware) {
+        const results = [];
+        // Extract inline middleware from ->middleware(...) in this chain
+        const inlineMiddleware = [];
+        const mwRegex = /->middleware\s*\(([^)]+)\)/g;
+        let mwMatch;
+        while ((mwMatch = mwRegex.exec(chain)) !== null) {
+            inlineMiddleware.push(...parseMiddlewareArg(mwMatch[1]));
+        }
+        const allMiddleware = [...inheritedMiddleware, ...inlineMiddleware];
+        // Route::resource('posts', PostController::class)
+        const resourceMatch = chain.match(/Route::resource\s*\(\s*['"]([^'"]+)['"]\s*,\s*([^,)]+)/);
+        if (resourceMatch) {
+            const uri = resourceMatch[1];
+            const ctrlRaw = resourceMatch[2].trim();
+            const parsed = parseControllerAction(ctrlRaw)
+                ?? { controller: ctrlRaw.replace(/::class.*/, '').split('\\').pop() ?? ctrlRaw, action: '*' };
+            for (const action of RESOURCE_ACTIONS) {
+                results.push({ method: 'resource', uri, controller: parsed.controller, action, middleware: allMiddleware });
+            }
+            return results;
+        }
+        // Route::apiResource(...)
+        const apiResourceMatch = chain.match(/Route::apiResource\s*\(\s*['"]([^'"]+)['"]\s*,\s*([^,)]+)/);
+        if (apiResourceMatch) {
+            const uri = apiResourceMatch[1];
+            const ctrlRaw = apiResourceMatch[2].trim();
+            const parsed = parseControllerAction(ctrlRaw)
+                ?? { controller: ctrlRaw.replace(/::class.*/, '').split('\\').pop() ?? ctrlRaw, action: '*' };
+            for (const action of ['index', 'store', 'show', 'update', 'destroy']) {
+                results.push({ method: 'apiResource', uri, controller: parsed.controller, action, middleware: allMiddleware });
+            }
+            return results;
+        }
+        // Route::get/post/put/patch/delete/any(...)
+        const verbMatch = chain.match(/Route::(get|post|put|patch|delete|any|options)\s*\(\s*['"]([^'"]+)['"]\s*,\s*([\s\S]+?)\s*\)/);
+        if (verbMatch) {
+            const method = verbMatch[1].toUpperCase();
+            const uri = verbMatch[2];
+            const actionStr = verbMatch[3];
+            const parsed = parseControllerAction(actionStr);
+            if (parsed) {
+                results.push({ method, uri, controller: parsed.controller, action: parsed.action, middleware: allMiddleware });
+            }
+        }
+        return results;
+    }
+}
+// ─── Route Map Helpers ────────────────────────────────────────────────────────
+/**
+ * Build a lookup map: "ControllerName::action" → RouteInfo[]
+ * Used by analyzers for O(1) route lookups.
+ */
+export function buildRouteMap(routeFiles) {
+    const map = new Map();
+    for (const file of routeFiles) {
+        for (const route of file.routes) {
+            const key = `${route.controller}::${route.action}`;
+            if (!map.has(key))
+                map.set(key, []);
+            map.get(key).push(route);
+        }
+    }
+    return map;
+}
+/**
+ * Get all middleware for a given controller action from the route map.
+ * Returns an empty array if the action is not found in any route.
+ */
+export function getRouteMiddleware(routeMap, controller, action) {
+    const key = `${controller}::${action}`;
+    const routes = routeMap.get(key) ?? [];
+    if (routes.length === 0)
+        return [];
+    return [...new Set(routes.flatMap((r) => r.middleware))];
+}
+//# sourceMappingURL=RouteParser.js.map

package/dist/parsers/RouteParser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RouteParser.js","sourceRoot":"","sources":["../../src/parsers/RouteParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAwB5B,iFAAiF;AAEjF,uFAAuF;AACvF,MAAM,iCAAiC,GAAG;IACxC,OAAO;IACP,cAAc;IACd,QAAQ;CACT,CAAC;AAEF,2FAA2F;AAC3F,MAAM,kCAAkC,GAAG;IACzC,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,YAAY;CACb,CAAC;AAEF,MAAM,UAAU,yBAAyB,CAAC,EAAU;IAClD,OAAO,iCAAiC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,EAAU;IACnD,OAAO,kCAAkC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,UAAoB;IAC7D,OAAO,UAAU,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,UAAoB;IAC9D,OAAO,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;AACrD,CAAC;AAED,iFAAiF;AAEjF,MAAM,gBAAgB,GAAG;IACvB,iDAAiD;IACjD,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;IACjB,oBAAoB;IACpB,kBAAkB;IAClB,kBAAkB;IAClB,mBAAmB;CACpB,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,iFAAiF;AAEjF;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,GAAG,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAEjB,yCAAyC;IACzC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QACjD,OAAO,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACpF,CAAC;IAED,gCAAgC;IAChC,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC1C,IAAI,CAAC;QAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErB,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAAC,SAAiB;IAC9C,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAE7B,iDAAiD;IACjD,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACpG,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,CAAC;IAED,wCAAwC;IACxC,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACzE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,CAAC;IAED,uDAAuD;IACvD,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC/D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IAC9D,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,mDAAmD;AACnD,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AAE3F,iFAAiF;AAEjF;;;;;;;;GAQG;AACH,MAAM,OAAO,WAAW;IACtB;;OAEG;IACH,YAAY,CAAC,OAAe,EAAE,WAAmB,EAAE;QACjD,MAAM,MAAM,GAAgB,EAAE,CAAC;QAC/B,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;QACrC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,OAAgB;QAChD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,OAAO,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,OAAe,EAAE,mBAA6B,EAAE,MAAmB;QACpF,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,OAAO,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YACjD,IAAI,QAAQ,KAAK,CAAC,CAAC;gBAAE,MAAM;YAE3B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,EAAE,CAAC;gBAAC,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAE7C,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;YAE5B,2BAA2B;YAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC3D,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,QAAQ,GAAG,CAAC,GAAG,mBAAmB,EAAE,GAAG,eAAe,CAAC,CAAC;oBAC9D,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;oBAClD,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC;oBACpB,SAAS;gBACX,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YAC/D,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;YAC5B,CAAC;YAED,GAAG,GAAG,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,YAAY,CAAC,OAAe,EAAE,KAAa;QACjD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,KAAK,CAAC;QACd,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,UAAU,GAAG,EAAE,CAAC;QAEpB,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAEtB,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,EAAE,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;oBAAE,QAAQ,GAAG,KAAK,CAAC;YACrE,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACpC,QAAQ,GAAG,IAAI,CAAC;gBAChB,UAAU,GAAG,EAAE,CAAC;YAClB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACpC,KAAK,EAAE,CAAC;YACV,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACpC,KAAK,EAAE,CAAC;YACV,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBACrC,kEAAkE;gBAClE,MAAM;YACR,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM;YACR,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3D,CAAC;YACD,CAAC,EAAE,CAAC;QACN,CAAC;QAED,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACK,sBAAsB,CAAC,KAAa;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAClF,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,OAAe,EAAE,UAAkB;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACzD,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjC,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChD,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACvC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;iBACnB,IAAI,EAAE,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;YAC7B,CAAC,EAAE,CAAC;QACN,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAa,EAAE,mBAA6B;QAC/D,MAAM,OAAO,GAAgB,EAAE,CAAC;QAEhC,iEAAiE;QACjE,MAAM,gBAAgB,GAAa,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,6BAA6B,CAAC;QAC9C,IAAI,OAAO,CAAC;QACZ,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,gBAAgB,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,aAAa,GAAG,CAAC,GAAG,mBAAmB,EAAE,GAAG,gBAAgB,CAAC,CAAC;QAEpE,kDAAkD;QAClD,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5F,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC;mBACxC,EAAE,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;YAChG,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAC9G,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,0BAA0B;QAC1B,MAAM,gBAAgB,GAAG,KAAK,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;QAClG,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC;mBACxC,EAAE,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;YAChG,KAAK,MAAM,MAAM,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,CAAC;gBACrE,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YACjH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,4CAA4C;QAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,8FAA8F,CAAC,CAAC;QAC9H,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAC1C,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YACzB,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,MAAM,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAChD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YACjH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,UAA6B;IACzD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,UAAU,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YACnD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,QAAkC,EAClC,UAAkB,EAClB,MAAc;IAEd,MAAM,GAAG,GAAG,GAAG,UAAU,KAAK,MAAM,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/rules/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * HAVOC Rule Definitions
+ *
+ * Rules define patterns and thresholds for each analyzer.
+ * Full rule set implemented in Sprint 2.
+ */
+export interface Rule {
+    id: string;
+    analyzer: string;
+    description: string;
+    cwe?: string;
+}
+export declare const rules: Rule[];
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAGD,eAAO,MAAM,KAAK,EAAE,IAAI,EAAO,CAAC"}

package/dist/rules/index.js

@@ -0,0 +1,9 @@
+/**
+ * HAVOC Rule Definitions
+ *
+ * Rules define patterns and thresholds for each analyzer.
+ * Full rule set implemented in Sprint 2.
+ */
+// Rule registry — populated in Sprint 2
+export const rules = [];
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,wCAAwC;AACxC,MAAM,CAAC,MAAM,KAAK,GAAW,EAAE,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,137 @@
+/**
+ * HAVOC Scanner — Core Type Definitions
+ */
+export declare enum Severity {
+    Critical = "critical",
+    High = "high",
+    Medium = "medium",
+    Low = "low",
+    Info = "info"
+}
+export interface Finding {
+    /** Unique identifier for this finding (e.g., "HAVOC-001") */
+    id: string;
+    /** Severity level */
+    severity: Severity;
+    /** Name of the analyzer that produced this finding */
+    analyzer: string;
+    /** Short, descriptive title */
+    title: string;
+    /** Full description of the vulnerability */
+    description: string;
+    /** Relative file path where the issue was found */
+    file: string;
+    /** Line number (1-indexed) */
+    line: number;
+    /** Actionable recommendation for the developer */
+    recommendation: string;
+    /** CWE identifier (e.g., "CWE-89" for SQL Injection) */
+    cwe?: string;
+    /** Optional code snippet for context */
+    snippet?: string;
+}
+export interface ParsedFile {
+    /** Relative path to the file */
+    path: string;
+    /** Raw file contents */
+    content: string;
+    /** AST representation (framework-specific) */
+    ast?: unknown;
+}
+export interface Analyzer {
+    /** Unique analyzer name (e.g., "authorization-coverage") */
+    name: string;
+    /** Human-readable description of what this analyzer checks */
+    description: string;
+    /**
+     * Analyze the given parsed files and return any findings.
+     * @param files - Parsed PHP files to analyze
+     * @param config - Scanner configuration
+     */
+    analyze(files: ParsedFile[], config: HavocConfig): Promise<Finding[]>;
+}
+export interface CoverageStats {
+    /** Total routes/endpoints found */
+    totalRoutes: number;
+    /** Routes with authorization middleware */
+    coveredRoutes: number;
+    /** Coverage percentage (0–100) */
+    coveragePercent: number;
+    /** Models scanned for mass assignment */
+    totalModels: number;
+    /** Models with $fillable or $guarded properly set */
+    protectedModels: number;
+}
+export interface ScanResult {
+    /** All findings from all analyzers */
+    findings: Finding[];
+    /** Coverage statistics */
+    coverage: CoverageStats;
+    /** Metadata about the scan */
+    metadata: ScanMetadata;
+}
+export interface ScanMetadata {
+    /** When the scan was performed */
+    scannedAt: string;
+    /** Framework detected (e.g., "laravel", "symfony") */
+    framework: string;
+    /** Framework version if detected */
+    frameworkVersion?: string;
+    /** Total files scanned */
+    filesScanned: number;
+    /** Duration in milliseconds */
+    durationMs: number;
+    /** HAVOC scanner version */
+    scannerVersion: string;
+}
+export interface HavocConfig {
+    /**
+     * Framework to use for analysis.
+     * @default "laravel"
+     */
+    framework: 'laravel' | 'symfony' | 'auto';
+    /**
+     * Severity threshold for failing CI.
+     * Findings at or above this level will fail the build.
+     * @default "high"
+     */
+    failOn: Severity;
+    /** List of file/directory patterns to exclude */
+    exclude?: string[];
+    /** Analyzer-specific configuration */
+    analyzers?: AnalyzerConfig;
+    /** Baseline file path for suppressing known findings */
+    baseline?: string;
+    /**
+     * Output format.
+     * @default "text"
+     */
+    output?: 'text' | 'json' | 'sarif' | 'github';
+}
+export interface AnalyzerConfig {
+    authorizationCoverage?: {
+        enabled: boolean;
+        /** Minimum acceptable coverage percent */
+        minCoverage?: number;
+        /** Route prefixes to exclude (e.g., ["api/public"]) */
+        excludePrefixes?: string[];
+    };
+    massAssignment?: {
+        enabled: boolean;
+    };
+    xssSurface?: {
+        enabled: boolean;
+    };
+    sqlInjection?: {
+        enabled: boolean;
+    };
+    dependencyAudit?: {
+        enabled: boolean;
+        /** Max allowed days since last security update */
+        maxAgeDays?: number;
+    };
+    idor?: {
+        enabled: boolean;
+    };
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,oBAAY,QAAQ;IAClB,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;IACX,IAAI,SAAS;CACd;AAID,MAAM,WAAW,OAAO;IACtB,6DAA6D;IAC7D,EAAE,EAAE,MAAM,CAAC;IACX,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,kDAAkD;IAClD,cAAc,EAAE,MAAM,CAAC;IACvB,wDAAwD;IACxD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,MAAM,WAAW,UAAU;IACzB,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAID,MAAM,WAAW,QAAQ;IACvB,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,8DAA8D;IAC9D,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;CACvE;AAID,MAAM,WAAW,aAAa;IAC5B,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,aAAa,EAAE,MAAM,CAAC;IACtB,kCAAkC;IAClC,eAAe,EAAE,MAAM,CAAC;IACxB,yCAAyC;IACzC,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,eAAe,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,UAAU;IACzB,sCAAsC;IACtC,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,EAAE,aAAa,CAAC;IACxB,8BAA8B;IAC9B,QAAQ,EAAE,YAAY,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,EAAE,SAAS,GAAG,SAAS,GAAG,MAAM,CAAC;IAE1C;;;;OAIG;IACH,MAAM,EAAE,QAAQ,CAAC;IAEjB,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB,sCAAsC;IACtC,SAAS,CAAC,EAAE,cAAc,CAAC;IAE3B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;CAC/C;AAED,MAAM,WAAW,cAAc;IAC7B,qBAAqB,CAAC,EAAE;QACtB,OAAO,EAAE,OAAO,CAAC;QACjB,0CAA0C;QAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,uDAAuD;QACvD,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,cAAc,CAAC,EAAE;QACf,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,YAAY,CAAC,EAAE;QACb,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,eAAe,CAAC,EAAE;QAChB,OAAO,EAAE,OAAO,CAAC;QACjB,kDAAkD;QAClD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,IAAI,CAAC,EAAE;QACL,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;CACH"}

package/dist/types/index.js

@@ -0,0 +1,13 @@
+/**
+ * HAVOC Scanner — Core Type Definitions
+ */
+// ─── Severity ────────────────────────────────────────────────────────────────
+export var Severity;
+(function (Severity) {
+    Severity["Critical"] = "critical";
+    Severity["High"] = "high";
+    Severity["Medium"] = "medium";
+    Severity["Low"] = "low";
+    Severity["Info"] = "info";
+})(Severity || (Severity = {}));
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,gFAAgF;AAEhF,MAAM,CAAN,IAAY,QAMX;AAND,WAAY,QAAQ;IAClB,iCAAqB,CAAA;IACrB,yBAAa,CAAA;IACb,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,yBAAa,CAAA;AACf,CAAC,EANW,QAAQ,KAAR,QAAQ,QAMnB"}

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@havoc-security/scanner",
+  "version": "0.1.0",
+  "description": "HAVOC core scanning engine",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "lint": "eslint src tests"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.3",
+    "vitest": "^2.0.0"
+  },
+  "dependencies": {
+    "glob": "^13.0.6",
+    "php-parser": "^3.4.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/package.json.bak

@@ -0,0 +1,27 @@
+{
+  "name": "@havoc/scanner",
+  "version": "0.1.0",
+  "description": "HAVOC core scanning engine",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "lint": "eslint src tests"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.3",
+    "vitest": "^2.0.0"
+  },
+  "dependencies": {
+    "glob": "^13.0.6",
+    "php-parser": "^3.4.0"
+  }
+}