@metamask/snaps-utils 6.0.0 → 6.1.0

package/CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.1.0]
+### Added
+- Add a manifest warning when no icon is found and when icon is not square ([#2185](https://github.com/MetaMask/snaps/pull/2185))
+
 ## [6.0.0]
 ### Added
 - Add support for dynamic user interfaces ([#1465](https://github.com/MetaMask/snaps/pull/1465), [#2126](https://github.com/MetaMask/snaps/pull/2126))
@@ -165,7 +169,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@6.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@6.1.0...HEAD
+[6.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@6.0.0...@metamask/snaps-utils@6.1.0
 [6.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@5.2.0...@metamask/snaps-utils@6.0.0
 [5.2.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@5.1.2...@metamask/snaps-utils@5.2.0
 [5.1.2]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-utils@5.1.1...@metamask/snaps-utils@5.1.2

package/dist/cjs/icon.js

@@ -17,21 +17,50 @@ _export(exports, {
     },
     assertIsSnapIcon: function() {
         return assertIsSnapIcon;
+    },
+    getSvgDimensions: function() {
+        return getSvgDimensions;
     }
 });
+const _snapssdk = require("@metamask/snaps-sdk");
 const _utils = require("@metamask/utils");
-const _issvg = /*#__PURE__*/ _interop_require_default(require("is-svg"));
-function _interop_require_default(obj) {
-    return obj && obj.__esModule ? obj : {
-        default: obj
-    };
-}
 const SVG_MAX_BYTE_SIZE = 100000;
 const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(SVG_MAX_BYTE_SIZE / 1000)}kb`;
-const assertIsSnapIcon = (icon)=>{
+function assertIsSnapIcon(icon) {
     (0, _utils.assert)(icon.path.endsWith('.svg'), 'Expected snap icon to end in ".svg".');
     (0, _utils.assert)(Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE, `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`);
-    (0, _utils.assert)((0, _issvg.default)(icon.toString()), 'Snap icon must be a valid SVG.');
-};
+    (0, _utils.assert)((0, _snapssdk.isSvg)(icon.toString()), 'Snap icon must be a valid SVG.');
+}
+function getSvgDimensions(svg) {
+    try {
+        const parsed = (0, _snapssdk.parseSvg)(svg);
+        const height = parsed['@_height'];
+        const width = parsed['@_width'];
+        if (height && width) {
+            return {
+                height,
+                width
+            };
+        }
+        const viewBox = parsed['@_viewBox'];
+        if (viewBox) {
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const [_minX, _minY, viewBoxWidth, viewBoxHeight] = viewBox.split(' ');
+            if (viewBoxWidth && viewBoxHeight) {
+                const parsedWidth = parseInt(viewBoxWidth, 10);
+                const parsedHeight = parseInt(viewBoxHeight, 10);
+                (0, _utils.assert)(Number.isInteger(parsedWidth) && parsedWidth > 0);
+                (0, _utils.assert)(Number.isInteger(parsedHeight) && parsedHeight > 0);
+                return {
+                    width: parsedWidth,
+                    height: parsedHeight
+                };
+            }
+        }
+    } catch  {
+        throw new Error('Snap icon must be a valid SVG.');
+    }
+    return null;
+}
 
 //# sourceMappingURL=icon.js.map

package/dist/cjs/icon.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/icon.ts"],"sourcesContent":["import { assert } from '@metamask/utils';\nimport isSvg from 'is-svg';\n\nimport type { VirtualFile } from './virtual-file';\n\nexport const SVG_MAX_BYTE_SIZE = 100_000;\nexport const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(\n  SVG_MAX_BYTE_SIZE / 1000,\n)}kb`;\n\nexport const assertIsSnapIcon = (icon: VirtualFile) => {\n  assert(icon.path.endsWith('.svg'), 'Expected snap icon to end in \".svg\".');\n\n  assert(\n    Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE,\n    `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`,\n  );\n\n  assert(isSvg(icon.toString()), 'Snap icon must be a valid SVG.');\n};\n"],"names":["SVG_MAX_BYTE_SIZE","SVG_MAX_BYTE_SIZE_TEXT","assertIsSnapIcon","Math","floor","icon","assert","path","endsWith","Buffer","byteLength","value","isSvg","toString"],"mappings":";;;;;;;;;;;IAKaA,iBAAiB;eAAjBA;;IACAC,sBAAsB;eAAtBA;;IAIAC,gBAAgB;eAAhBA;;;uBAVU;8DACL;;;;;;AAIX,MAAMF,oBAAoB;AAC1B,MAAMC,yBAAyB,CAAC,EAAEE,KAAKC,KAAK,CACjDJ,oBAAoB,MACpB,EAAE,CAAC;AAEE,MAAME,mBAAmB,CAACG;IAC/BC,IAAAA,aAAM,EAACD,KAAKE,IAAI,CAACC,QAAQ,CAAC,SAAS;IAEnCF,IAAAA,aAAM,EACJG,OAAOC,UAAU,CAACL,KAAKM,KAAK,EAAE,WAAWX,mBACzC,CAAC,mDAAmD,EAAEC,uBAAuB,CAAC,CAAC;IAGjFK,IAAAA,aAAM,EAACM,IAAAA,cAAK,EAACP,KAAKQ,QAAQ,KAAK;AACjC"}
+{"version":3,"sources":["../../src/icon.ts"],"sourcesContent":["import { isSvg, parseSvg } from '@metamask/snaps-sdk';\nimport { assert } from '@metamask/utils';\n\nimport type { VirtualFile } from './virtual-file';\n\nexport const SVG_MAX_BYTE_SIZE = 100_000;\nexport const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(\n  SVG_MAX_BYTE_SIZE / 1000,\n)}kb`;\n\n/**\n * Assert that a virtual file containing a Snap icon is valid.\n *\n * @param icon - A virtual file containing a Snap icon.\n */\nexport function assertIsSnapIcon(icon: VirtualFile) {\n  assert(icon.path.endsWith('.svg'), 'Expected snap icon to end in \".svg\".');\n\n  assert(\n    Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE,\n    `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`,\n  );\n\n  assert(isSvg(icon.toString()), 'Snap icon must be a valid SVG.');\n}\n\n/**\n * Extract the dimensions of an image from an SVG string if possible.\n *\n * @param svg - An SVG string.\n * @returns The height and width of the SVG or null.\n */\nexport function getSvgDimensions(svg: string): {\n  height: number;\n  width: number;\n} | null {\n  try {\n    const parsed = parseSvg(svg);\n\n    const height = parsed['@_height'];\n    const width = parsed['@_width'];\n\n    if (height && width) {\n      return { height, width };\n    }\n\n    const viewBox = parsed['@_viewBox'];\n    if (viewBox) {\n      // eslint-disable-next-line @typescript-eslint/no-unused-vars\n      const [_minX, _minY, viewBoxWidth, viewBoxHeight] = viewBox.split(' ');\n\n      if (viewBoxWidth && viewBoxHeight) {\n        const parsedWidth = parseInt(viewBoxWidth, 10);\n        const parsedHeight = parseInt(viewBoxHeight, 10);\n\n        assert(Number.isInteger(parsedWidth) && parsedWidth > 0);\n        assert(Number.isInteger(parsedHeight) && parsedHeight > 0);\n\n        return {\n          width: parsedWidth,\n          height: parsedHeight,\n        };\n      }\n    }\n  } catch {\n    throw new Error('Snap icon must be a valid SVG.');\n  }\n\n  return null;\n}\n"],"names":["SVG_MAX_BYTE_SIZE","SVG_MAX_BYTE_SIZE_TEXT","assertIsSnapIcon","getSvgDimensions","Math","floor","icon","assert","path","endsWith","Buffer","byteLength","value","isSvg","toString","svg","parsed","parseSvg","height","width","viewBox","_minX","_minY","viewBoxWidth","viewBoxHeight","split","parsedWidth","parseInt","parsedHeight","Number","isInteger","Error"],"mappings":";;;;;;;;;;;IAKaA,iBAAiB;eAAjBA;;IACAC,sBAAsB;eAAtBA;;IASGC,gBAAgB;eAAhBA;;IAiBAC,gBAAgB;eAAhBA;;;0BAhCgB;uBACT;AAIhB,MAAMH,oBAAoB;AAC1B,MAAMC,yBAAyB,CAAC,EAAEG,KAAKC,KAAK,CACjDL,oBAAoB,MACpB,EAAE,CAAC;AAOE,SAASE,iBAAiBI,IAAiB;IAChDC,IAAAA,aAAM,EAACD,KAAKE,IAAI,CAACC,QAAQ,CAAC,SAAS;IAEnCF,IAAAA,aAAM,EACJG,OAAOC,UAAU,CAACL,KAAKM,KAAK,EAAE,WAAWZ,mBACzC,CAAC,mDAAmD,EAAEC,uBAAuB,CAAC,CAAC;IAGjFM,IAAAA,aAAM,EAACM,IAAAA,eAAK,EAACP,KAAKQ,QAAQ,KAAK;AACjC;AAQO,SAASX,iBAAiBY,GAAW;IAI1C,IAAI;QACF,MAAMC,SAASC,IAAAA,kBAAQ,EAACF;QAExB,MAAMG,SAASF,MAAM,CAAC,WAAW;QACjC,MAAMG,QAAQH,MAAM,CAAC,UAAU;QAE/B,IAAIE,UAAUC,OAAO;YACnB,OAAO;gBAAED;gBAAQC;YAAM;QACzB;QAEA,MAAMC,UAAUJ,MAAM,CAAC,YAAY;QACnC,IAAII,SAAS;YACX,6DAA6D;YAC7D,MAAM,CAACC,OAAOC,OAAOC,cAAcC,cAAc,GAAGJ,QAAQK,KAAK,CAAC;YAElE,IAAIF,gBAAgBC,eAAe;gBACjC,MAAME,cAAcC,SAASJ,cAAc;gBAC3C,MAAMK,eAAeD,SAASH,eAAe;gBAE7CjB,IAAAA,aAAM,EAACsB,OAAOC,SAAS,CAACJ,gBAAgBA,cAAc;gBACtDnB,IAAAA,aAAM,EAACsB,OAAOC,SAAS,CAACF,iBAAiBA,eAAe;gBAExD,OAAO;oBACLT,OAAOO;oBACPR,QAAQU;gBACV;YACF;QACF;IACF,EAAE,OAAM;QACN,MAAM,IAAIG,MAAM;IAClB;IAEA,OAAO;AACT"}

package/dist/cjs/manifest/manifest.js

@@ -41,6 +41,7 @@ const _fs = require("fs");
 const _path = /*#__PURE__*/ _interop_require_default(require("path"));
 const _deepclone = require("../deep-clone");
 const _fs1 = require("../fs");
+const _icon = require("../icon");
 const _npm = require("../npm");
 const _snaps = require("../snaps");
 const _types = require("../types");
@@ -133,6 +134,13 @@ async function checkManifest(basePath, writeManifest = true, sourceCode, writeFi
             return `${allMissing}\t${currentField}\n`;
         }, '')}`);
     }
+    if (!snapFiles.svgIcon) {
+        warnings.push('No icon found in the Snap manifest. It is recommended to include an icon for the Snap. See https://docs.metamask.io/snaps/how-to/design-a-snap/#guidelines-at-a-glance for more information.');
+    }
+    const iconDimensions = snapFiles.svgIcon && (0, _icon.getSvgDimensions)(snapFiles.svgIcon.toString());
+    if (iconDimensions && iconDimensions.height !== iconDimensions.width) {
+        warnings.push('The icon in the Snap manifest is not square. It is recommended to use a square icon for the Snap.');
+    }
     if (writeManifest) {
         try {
             const newManifest = `${JSON.stringify(getWritableManifest(validatedManifest), null, 2)}\n`;

package/dist/cjs/manifest/manifest.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/manifest/manifest.ts"],"sourcesContent":["import { getErrorMessage } from '@metamask/snaps-sdk';\nimport type { Json } from '@metamask/utils';\nimport { assertExhaustive, assert, isPlainObject } from '@metamask/utils';\nimport deepEqual from 'fast-deep-equal';\nimport { promises as fs } from 'fs';\nimport pathUtils from 'path';\n\nimport { deepClone } from '../deep-clone';\nimport { readJsonFile } from '../fs';\nimport { validateNpmSnap } from '../npm';\nimport {\n  getSnapChecksum,\n  ProgrammaticallyFixableSnapError,\n  validateSnapShasum,\n} from '../snaps';\nimport type { SnapFiles, UnvalidatedSnapFiles } from '../types';\nimport { NpmSnapFileNames, SnapValidationFailureReason } from '../types';\nimport { readVirtualFile, VirtualFile } from '../virtual-file';\nimport type { SnapManifest } from './validation';\n\nconst MANIFEST_SORT_ORDER: Record<keyof SnapManifest, number> = {\n  $schema: 1,\n  version: 2,\n  description: 3,\n  proposedName: 4,\n  repository: 5,\n  source: 6,\n  initialConnections: 7,\n  initialPermissions: 8,\n  manifestVersion: 9,\n};\n\n/**\n * The result from the `checkManifest` function.\n *\n * @property manifest - The fixed manifest object.\n * @property updated - Whether the manifest was updated.\n * @property warnings - An array of warnings that were encountered during\n * processing of the manifest files. These warnings are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n * @property errors - An array of errors that were encountered during\n * processing of the manifest files. These errors are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n */\nexport type CheckManifestResult = {\n  manifest: SnapManifest;\n  updated?: boolean;\n  warnings: string[];\n  errors: string[];\n};\n\nexport type WriteFileFunction = (path: string, data: string) => Promise<void>;\n\n/**\n * Validates a snap.manifest.json file. Attempts to fix the manifest and write\n * the fixed version to disk if `writeManifest` is true. Throws if validation\n * fails.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param writeManifest - Whether to write the fixed manifest to disk.\n * @param sourceCode - The source code of the Snap.\n * @param writeFileFn - The function to use to write the manifest to disk.\n * @returns Whether the manifest was updated, and an array of warnings that\n * were encountered during processing of the manifest files.\n */\nexport async function checkManifest(\n  basePath: string,\n  writeManifest = true,\n  sourceCode?: string,\n  writeFileFn: WriteFileFunction = fs.writeFile,\n): Promise<CheckManifestResult> {\n  const warnings: string[] = [];\n  const errors: string[] = [];\n\n  let updated = false;\n\n  const manifestPath = pathUtils.join(basePath, NpmSnapFileNames.Manifest);\n  const manifestFile = await readJsonFile(manifestPath);\n  const unvalidatedManifest = manifestFile.result;\n\n  const packageFile = await readJsonFile(\n    pathUtils.join(basePath, NpmSnapFileNames.PackageJson),\n  );\n\n  const auxiliaryFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.files,\n  );\n\n  const localizationFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.locales,\n  );\n\n  const snapFiles: UnvalidatedSnapFiles = {\n    manifest: manifestFile,\n    packageJson: packageFile,\n    sourceCode: await getSnapSourceCode(\n      basePath,\n      unvalidatedManifest,\n      sourceCode,\n    ),\n    svgIcon: await getSnapIcon(basePath, unvalidatedManifest),\n    // Intentionally pass null as the encoding here since the files may be binary\n    auxiliaryFiles:\n      (await getSnapFiles(basePath, auxiliaryFilePaths, null)) ?? [],\n    localizationFiles:\n      (await getSnapFiles(basePath, localizationFilePaths)) ?? [],\n  };\n\n  let manifest: VirtualFile<SnapManifest> | undefined;\n  try {\n    ({ manifest } = await validateNpmSnap(snapFiles));\n  } catch (error) {\n    if (error instanceof ProgrammaticallyFixableSnapError) {\n      errors.push(error.message);\n\n      // If we get here, the files at least have the correct shape.\n      const partiallyValidatedFiles = snapFiles as SnapFiles;\n\n      let isInvalid = true;\n      let currentError = error;\n      const maxAttempts = Object.keys(SnapValidationFailureReason).length;\n\n      // Attempt to fix all fixable validation failure reasons. All such reasons\n      // are enumerated by the `SnapValidationFailureReason` enum, so we only\n      // attempt to fix the manifest the same amount of times as there are\n      // reasons in the enum.\n      for (let attempts = 1; isInvalid && attempts <= maxAttempts; attempts++) {\n        manifest = await fixManifest(\n          manifest\n            ? { ...partiallyValidatedFiles, manifest }\n            : partiallyValidatedFiles,\n          currentError,\n        );\n\n        try {\n          await validateNpmSnapManifest({\n            ...partiallyValidatedFiles,\n            manifest,\n          });\n\n          isInvalid = false;\n        } catch (nextValidationError) {\n          currentError = nextValidationError;\n          /* istanbul ignore next: this should be impossible */\n          if (\n            !(\n              nextValidationError instanceof ProgrammaticallyFixableSnapError\n            ) ||\n            (attempts === maxAttempts && !isInvalid)\n          ) {\n            throw new Error(\n              `Internal error: Failed to fix manifest. This is a bug, please report it. Reason:\\n${error.message}`,\n            );\n          }\n\n          errors.push(currentError.message);\n        }\n      }\n\n      updated = true;\n    } else {\n      throw error;\n    }\n  }\n\n  // TypeScript assumes `manifest` can still be undefined, that is not the case.\n  // But we assert to keep TypeScript happy.\n  assert(manifest);\n\n  const validatedManifest = manifest.result;\n\n  // Check presence of recommended keys\n  const recommendedFields = ['repository'] as const;\n\n  const missingRecommendedFields = recommendedFields.filter(\n    (key) => !validatedManifest[key],\n  );\n\n  if (missingRecommendedFields.length > 0) {\n    warnings.push(\n      `Missing recommended package.json properties:\\n${missingRecommendedFields.reduce(\n        (allMissing, currentField) => {\n          return `${allMissing}\\t${currentField}\\n`;\n        },\n        '',\n      )}`,\n    );\n  }\n\n  if (writeManifest) {\n    try {\n      const newManifest = `${JSON.stringify(\n        getWritableManifest(validatedManifest),\n        null,\n        2,\n      )}\\n`;\n\n      if (updated || newManifest !== manifestFile.value) {\n        await writeFileFn(\n          pathUtils.join(basePath, NpmSnapFileNames.Manifest),\n          newManifest,\n        );\n      }\n    } catch (error) {\n      // Note: This error isn't pushed to the errors array, because it's not an\n      // error in the manifest itself.\n      throw new Error(`Failed to update snap.manifest.json: ${error.message}`);\n    }\n  }\n\n  return { manifest: validatedManifest, updated, warnings, errors };\n}\n\n/**\n * Given the relevant Snap files (manifest, `package.json`, and bundle) and a\n * Snap manifest validation error, fixes the fault in the manifest that caused\n * the error.\n *\n * @param snapFiles - The contents of all Snap files.\n * @param error - The {@link ProgrammaticallyFixableSnapError} that was thrown.\n * @returns A copy of the manifest file where the cause of the error is fixed.\n */\nexport async function fixManifest(\n  snapFiles: SnapFiles,\n  error: ProgrammaticallyFixableSnapError,\n): Promise<VirtualFile<SnapManifest>> {\n  const { manifest, packageJson } = snapFiles;\n  const clonedFile = manifest.clone();\n  const manifestCopy = clonedFile.result;\n\n  switch (error.reason) {\n    case SnapValidationFailureReason.NameMismatch:\n      manifestCopy.source.location.npm.packageName = packageJson.result.name;\n      break;\n\n    case SnapValidationFailureReason.VersionMismatch:\n      manifestCopy.version = packageJson.result.version;\n      break;\n\n    case SnapValidationFailureReason.RepositoryMismatch:\n      manifestCopy.repository = packageJson.result.repository\n        ? deepClone(packageJson.result.repository)\n        : undefined;\n      break;\n\n    case SnapValidationFailureReason.ShasumMismatch:\n      manifestCopy.source.shasum = await getSnapChecksum(snapFiles);\n      break;\n\n    /* istanbul ignore next */\n    default:\n      assertExhaustive(error.reason);\n  }\n\n  clonedFile.result = manifestCopy;\n  clonedFile.value = JSON.stringify(manifestCopy);\n  return clonedFile;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * bundle source file location and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param sourceCode - Override source code for plugins.\n * @returns The contents of the bundle file, if any.\n */\nexport async function getSnapSourceCode(\n  basePath: string,\n  manifest: Json,\n  sourceCode?: string,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const sourceFilePath = (manifest as Partial<SnapManifest>).source?.location\n    ?.npm?.filePath;\n\n  if (!sourceFilePath) {\n    return undefined;\n  }\n\n  if (sourceCode) {\n    return new VirtualFile({\n      path: pathUtils.join(basePath, sourceFilePath),\n      value: sourceCode,\n    });\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, sourceFilePath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(\n      `Failed to read snap bundle file: ${getErrorMessage(error)}`,\n    );\n  }\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * icon and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @returns The contents of the icon, if any.\n */\nexport async function getSnapIcon(\n  basePath: string,\n  manifest: Json,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const iconPath = (manifest as Partial<SnapManifest>).source?.location?.npm\n    ?.iconPath;\n\n  if (!iconPath) {\n    return undefined;\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, iconPath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(`Failed to read snap icon file: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Get an array of paths from an unvalidated Snap manifest.\n *\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param selector - A function that returns the paths to the files.\n * @returns The paths to the files, if any.\n */\nexport function getSnapFilePaths(\n  manifest: Json,\n  selector: (manifest: Partial<SnapManifest>) => string[] | undefined,\n) {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const snapManifest = manifest as Partial<SnapManifest>;\n  const paths = selector(snapManifest);\n\n  if (!Array.isArray(paths)) {\n    return undefined;\n  }\n\n  return paths;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the files with the\n * given paths and read them.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param paths - The paths to the files.\n * @param encoding - An optional encoding to pass down to readVirtualFile.\n * @returns A list of auxiliary files and their contents, if any.\n */\nexport async function getSnapFiles(\n  basePath: string,\n  paths: string[] | undefined,\n  encoding: BufferEncoding | null = 'utf8',\n): Promise<VirtualFile[] | undefined> {\n  if (!paths) {\n    return undefined;\n  }\n\n  try {\n    return await Promise.all(\n      paths.map(async (filePath) =>\n        readVirtualFile(pathUtils.join(basePath, filePath), encoding),\n      ),\n    );\n  } catch (error) {\n    throw new Error(`Failed to read snap files: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Sorts the given manifest in our preferred sort order and removes the\n * `repository` field if it is falsy (it may be `null`).\n *\n * @param manifest - The manifest to sort and modify.\n * @returns The disk-ready manifest.\n */\nexport function getWritableManifest(manifest: SnapManifest): SnapManifest {\n  const { repository, ...remaining } = manifest;\n\n  const keys = Object.keys(\n    repository ? { ...remaining, repository } : remaining,\n  ) as (keyof SnapManifest)[];\n\n  const writableManifest = keys\n    .sort((a, b) => MANIFEST_SORT_ORDER[a] - MANIFEST_SORT_ORDER[b])\n    .reduce<Partial<SnapManifest>>(\n      (result, key) => ({\n        ...result,\n        [key]: manifest[key],\n      }),\n      {},\n    );\n\n  return writableManifest as SnapManifest;\n}\n\n/**\n * Validates the fields of an NPM Snap manifest that has already passed JSON\n * Schema validation.\n *\n * @param snapFiles - The relevant snap files to validate.\n * @param snapFiles.manifest - The npm Snap manifest to validate.\n * @param snapFiles.packageJson - The npm Snap's `package.json`.\n * @param snapFiles.sourceCode - The Snap's source code.\n * @param snapFiles.svgIcon - The Snap's optional icon.\n * @param snapFiles.auxiliaryFiles - Any auxiliary files required by the snap at runtime.\n * @param snapFiles.localizationFiles - The Snap's localization files.\n */\nexport async function validateNpmSnapManifest({\n  manifest,\n  packageJson,\n  sourceCode,\n  svgIcon,\n  auxiliaryFiles,\n  localizationFiles,\n}: SnapFiles) {\n  const packageJsonName = packageJson.result.name;\n  const packageJsonVersion = packageJson.result.version;\n  const packageJsonRepository = packageJson.result.repository;\n\n  const manifestPackageName = manifest.result.source.location.npm.packageName;\n  const manifestPackageVersion = manifest.result.version;\n  const manifestRepository = manifest.result.repository;\n\n  if (packageJsonName !== manifestPackageName) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package name (\"${manifestPackageName}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"name\" field (\"${packageJsonName}\").`,\n      SnapValidationFailureReason.NameMismatch,\n    );\n  }\n\n  if (packageJsonVersion !== manifestPackageVersion) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package version (\"${manifestPackageVersion}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"version\" field (\"${packageJsonVersion}\").`,\n      SnapValidationFailureReason.VersionMismatch,\n    );\n  }\n\n  if (\n    // The repository may be `undefined` in package.json but can only be defined\n    // or `null` in the Snap manifest due to TS@<4.4 issues.\n    (packageJsonRepository || manifestRepository) &&\n    !deepEqual(packageJsonRepository, manifestRepository)\n  ) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" \"repository\" field does not match the \"${NpmSnapFileNames.PackageJson}\" \"repository\" field.`,\n      SnapValidationFailureReason.RepositoryMismatch,\n    );\n  }\n\n  await validateSnapShasum(\n    { manifest, sourceCode, svgIcon, auxiliaryFiles, localizationFiles },\n    `\"${NpmSnapFileNames.Manifest}\" \"shasum\" field does not match computed shasum.`,\n  );\n}\n"],"names":["checkManifest","fixManifest","getSnapSourceCode","getSnapIcon","getSnapFilePaths","getSnapFiles","getWritableManifest","validateNpmSnapManifest","MANIFEST_SORT_ORDER","$schema","version","description","proposedName","repository","source","initialConnections","initialPermissions","manifestVersion","basePath","writeManifest","sourceCode","writeFileFn","fs","writeFile","warnings","errors","updated","manifestPath","pathUtils","join","NpmSnapFileNames","Manifest","manifestFile","readJsonFile","unvalidatedManifest","result","packageFile","PackageJson","auxiliaryFilePaths","manifest","files","localizationFilePaths","locales","snapFiles","packageJson","svgIcon","auxiliaryFiles","localizationFiles","validateNpmSnap","error","ProgrammaticallyFixableSnapError","push","message","partiallyValidatedFiles","isInvalid","currentError","maxAttempts","Object","keys","SnapValidationFailureReason","length","attempts","nextValidationError","Error","assert","validatedManifest","recommendedFields","missingRecommendedFields","filter","key","reduce","allMissing","currentField","newManifest","JSON","stringify","value","clonedFile","clone","manifestCopy","reason","NameMismatch","location","npm","packageName","name","VersionMismatch","RepositoryMismatch","deepClone","undefined","ShasumMismatch","shasum","getSnapChecksum","assertExhaustive","isPlainObject","sourceFilePath","filePath","VirtualFile","path","virtualFile","readVirtualFile","getErrorMessage","iconPath","selector","snapManifest","paths","Array","isArray","encoding","Promise","all","map","remaining","writableManifest","sort","a","b","packageJsonName","packageJsonVersion","packageJsonRepository","manifestPackageName","manifestPackageVersion","manifestRepository","deepEqual","validateSnapShasum"],"mappings":";;;;;;;;;;;IAmEsBA,aAAa;eAAbA;;IA+JAC,WAAW;eAAXA;;IA8CAC,iBAAiB;eAAjBA;;IA4CAC,WAAW;eAAXA;;IAiCNC,gBAAgB;eAAhBA;;IA2BMC,YAAY;eAAZA;;IA2BNC,mBAAmB;eAAnBA;;IAgCMC,uBAAuB;eAAvBA;;;0BAnbU;uBAEwB;sEAClC;oBACS;6DACT;2BAEI;qBACG;qBACG;uBAKzB;uBAEuD;6BACjB;;;;;;AAG7C,MAAMC,sBAA0D;IAC9DC,SAAS;IACTC,SAAS;IACTC,aAAa;IACbC,cAAc;IACdC,YAAY;IACZC,QAAQ;IACRC,oBAAoB;IACpBC,oBAAoB;IACpBC,iBAAiB;AACnB;AAqCO,eAAejB,cACpBkB,QAAgB,EAChBC,gBAAgB,IAAI,EACpBC,UAAmB,EACnBC,cAAiCC,YAAE,CAACC,SAAS;IAE7C,MAAMC,WAAqB,EAAE;IAC7B,MAAMC,SAAmB,EAAE;IAE3B,IAAIC,UAAU;IAEd,MAAMC,eAAeC,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACC,QAAQ;IACvE,MAAMC,eAAe,MAAMC,IAAAA,iBAAY,EAACN;IACxC,MAAMO,sBAAsBF,aAAaG,MAAM;IAE/C,MAAMC,cAAc,MAAMH,IAAAA,iBAAY,EACpCL,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACO,WAAW;IAGvD,MAAMC,qBAAqBlC,iBACzB8B,qBACA,CAACK,WAAaA,UAAUzB,QAAQ0B;IAGlC,MAAMC,wBAAwBrC,iBAC5B8B,qBACA,CAACK,WAAaA,UAAUzB,QAAQ4B;IAGlC,MAAMC,YAAkC;QACtCJ,UAAUP;QACVY,aAAaR;QACbhB,YAAY,MAAMlB,kBAChBgB,UACAgB,qBACAd;QAEFyB,SAAS,MAAM1C,YAAYe,UAAUgB;QACrC,6EAA6E;QAC7EY,gBACE,AAAC,MAAMzC,aAAaa,UAAUoB,oBAAoB,SAAU,EAAE;QAChES,mBACE,AAAC,MAAM1C,aAAaa,UAAUuB,0BAA2B,EAAE;IAC/D;IAEA,IAAIF;IACJ,IAAI;QACD,CAAA,EAAEA,QAAQ,EAAE,GAAG,MAAMS,IAAAA,oBAAe,EAACL,UAAS;IACjD,EAAE,OAAOM,OAAO;QACd,IAAIA,iBAAiBC,uCAAgC,EAAE;YACrDzB,OAAO0B,IAAI,CAACF,MAAMG,OAAO;YAEzB,6DAA6D;YAC7D,MAAMC,0BAA0BV;YAEhC,IAAIW,YAAY;YAChB,IAAIC,eAAeN;YACnB,MAAMO,cAAcC,OAAOC,IAAI,CAACC,kCAA2B,EAAEC,MAAM;YAEnE,0EAA0E;YAC1E,uEAAuE;YACvE,oEAAoE;YACpE,uBAAuB;YACvB,IAAK,IAAIC,WAAW,GAAGP,aAAaO,YAAYL,aAAaK,WAAY;gBACvEtB,WAAW,MAAMtC,YACfsC,WACI;oBAAE,GAAGc,uBAAuB;oBAAEd;gBAAS,IACvCc,yBACJE;gBAGF,IAAI;oBACF,MAAMhD,wBAAwB;wBAC5B,GAAG8C,uBAAuB;wBAC1Bd;oBACF;oBAEAe,YAAY;gBACd,EAAE,OAAOQ,qBAAqB;oBAC5BP,eAAeO;oBACf,mDAAmD,GACnD,IACE,CACEA,CAAAA,+BAA+BZ,uCAAgC,AAAD,KAE/DW,aAAaL,eAAe,CAACF,WAC9B;wBACA,MAAM,IAAIS,MACR,CAAC,kFAAkF,EAAEd,MAAMG,OAAO,CAAC,CAAC;oBAExG;oBAEA3B,OAAO0B,IAAI,CAACI,aAAaH,OAAO;gBAClC;YACF;YAEA1B,UAAU;QACZ,OAAO;YACL,MAAMuB;QACR;IACF;IAEA,8EAA8E;IAC9E,0CAA0C;IAC1Ce,IAAAA,aAAM,EAACzB;IAEP,MAAM0B,oBAAoB1B,SAASJ,MAAM;IAEzC,qCAAqC;IACrC,MAAM+B,oBAAoB;QAAC;KAAa;IAExC,MAAMC,2BAA2BD,kBAAkBE,MAAM,CACvD,CAACC,MAAQ,CAACJ,iBAAiB,CAACI,IAAI;IAGlC,IAAIF,yBAAyBP,MAAM,GAAG,GAAG;QACvCpC,SAAS2B,IAAI,CACX,CAAC,8CAA8C,EAAEgB,yBAAyBG,MAAM,CAC9E,CAACC,YAAYC;YACX,OAAO,CAAC,EAAED,WAAW,EAAE,EAAEC,aAAa,EAAE,CAAC;QAC3C,GACA,IACA,CAAC;IAEP;IAEA,IAAIrD,eAAe;QACjB,IAAI;YACF,MAAMsD,cAAc,CAAC,EAAEC,KAAKC,SAAS,CACnCrE,oBAAoB2D,oBACpB,MACA,GACA,EAAE,CAAC;YAEL,IAAIvC,WAAW+C,gBAAgBzC,aAAa4C,KAAK,EAAE;gBACjD,MAAMvD,YACJO,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACC,QAAQ,GAClD0C;YAEJ;QACF,EAAE,OAAOxB,OAAO;YACd,yEAAyE;YACzE,gCAAgC;YAChC,MAAM,IAAIc,MAAM,CAAC,qCAAqC,EAAEd,MAAMG,OAAO,CAAC,CAAC;QACzE;IACF;IAEA,OAAO;QAAEb,UAAU0B;QAAmBvC;QAASF;QAAUC;IAAO;AAClE;AAWO,eAAexB,YACpB0C,SAAoB,EACpBM,KAAuC;IAEvC,MAAM,EAAEV,QAAQ,EAAEK,WAAW,EAAE,GAAGD;IAClC,MAAMkC,aAAatC,SAASuC,KAAK;IACjC,MAAMC,eAAeF,WAAW1C,MAAM;IAEtC,OAAQc,MAAM+B,MAAM;QAClB,KAAKrB,kCAA2B,CAACsB,YAAY;YAC3CF,aAAajE,MAAM,CAACoE,QAAQ,CAACC,GAAG,CAACC,WAAW,GAAGxC,YAAYT,MAAM,CAACkD,IAAI;YACtE;QAEF,KAAK1B,kCAA2B,CAAC2B,eAAe;YAC9CP,aAAarE,OAAO,GAAGkC,YAAYT,MAAM,CAACzB,OAAO;YACjD;QAEF,KAAKiD,kCAA2B,CAAC4B,kBAAkB;YACjDR,aAAalE,UAAU,GAAG+B,YAAYT,MAAM,CAACtB,UAAU,GACnD2E,IAAAA,oBAAS,EAAC5C,YAAYT,MAAM,CAACtB,UAAU,IACvC4E;YACJ;QAEF,KAAK9B,kCAA2B,CAAC+B,cAAc;YAC7CX,aAAajE,MAAM,CAAC6E,MAAM,GAAG,MAAMC,IAAAA,sBAAe,EAACjD;YACnD;QAEF,wBAAwB,GACxB;YACEkD,IAAAA,uBAAgB,EAAC5C,MAAM+B,MAAM;IACjC;IAEAH,WAAW1C,MAAM,GAAG4C;IACpBF,WAAWD,KAAK,GAAGF,KAAKC,SAAS,CAACI;IAClC,OAAOF;AACT;AAWO,eAAe3E,kBACpBgB,QAAgB,EAChBqB,QAAc,EACdnB,UAAmB;IAEnB,IAAI,CAAC0E,IAAAA,oBAAa,EAACvD,WAAW;QAC5B,OAAOkD;IACT;IAEA,MAAMM,iBAAiB,AAACxD,SAAmCzB,MAAM,EAAEoE,UAC/DC,KAAKa;IAET,IAAI,CAACD,gBAAgB;QACnB,OAAON;IACT;IAEA,IAAIrE,YAAY;QACd,OAAO,IAAI6E,wBAAW,CAAC;YACrBC,MAAMtE,aAAS,CAACC,IAAI,CAACX,UAAU6E;YAC/BnB,OAAOxD;QACT;IACF;IAEA,IAAI;QACF,MAAM+E,cAAc,MAAMC,IAAAA,4BAAe,EACvCxE,aAAS,CAACC,IAAI,CAACX,UAAU6E,iBACzB;QAEF,OAAOI;IACT,EAAE,OAAOlD,OAAO;QACd,MAAM,IAAIc,MACR,CAAC,iCAAiC,EAAEsC,IAAAA,yBAAe,EAACpD,OAAO,CAAC;IAEhE;AACF;AAUO,eAAe9C,YACpBe,QAAgB,EAChBqB,QAAc;IAEd,IAAI,CAACuD,IAAAA,oBAAa,EAACvD,WAAW;QAC5B,OAAOkD;IACT;IAEA,MAAMa,WAAW,AAAC/D,SAAmCzB,MAAM,EAAEoE,UAAUC,KACnEmB;IAEJ,IAAI,CAACA,UAAU;QACb,OAAOb;IACT;IAEA,IAAI;QACF,MAAMU,cAAc,MAAMC,IAAAA,4BAAe,EACvCxE,aAAS,CAACC,IAAI,CAACX,UAAUoF,WACzB;QAEF,OAAOH;IACT,EAAE,OAAOlD,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,+BAA+B,EAAEsC,IAAAA,yBAAe,EAACpD,OAAO,CAAC;IAC5E;AACF;AASO,SAAS7C,iBACdmC,QAAc,EACdgE,QAAmE;IAEnE,IAAI,CAACT,IAAAA,oBAAa,EAACvD,WAAW;QAC5B,OAAOkD;IACT;IAEA,MAAMe,eAAejE;IACrB,MAAMkE,QAAQF,SAASC;IAEvB,IAAI,CAACE,MAAMC,OAAO,CAACF,QAAQ;QACzB,OAAOhB;IACT;IAEA,OAAOgB;AACT;AAWO,eAAepG,aACpBa,QAAgB,EAChBuF,KAA2B,EAC3BG,WAAkC,MAAM;IAExC,IAAI,CAACH,OAAO;QACV,OAAOhB;IACT;IAEA,IAAI;QACF,OAAO,MAAMoB,QAAQC,GAAG,CACtBL,MAAMM,GAAG,CAAC,OAAOf,WACfI,IAAAA,4BAAe,EAACxE,aAAS,CAACC,IAAI,CAACX,UAAU8E,WAAWY;IAG1D,EAAE,OAAO3D,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,2BAA2B,EAAEsC,IAAAA,yBAAe,EAACpD,OAAO,CAAC;IACxE;AACF;AASO,SAAS3C,oBAAoBiC,QAAsB;IACxD,MAAM,EAAE1B,UAAU,EAAE,GAAGmG,WAAW,GAAGzE;IAErC,MAAMmB,OAAOD,OAAOC,IAAI,CACtB7C,aAAa;QAAE,GAAGmG,SAAS;QAAEnG;IAAW,IAAImG;IAG9C,MAAMC,mBAAmBvD,KACtBwD,IAAI,CAAC,CAACC,GAAGC,IAAM5G,mBAAmB,CAAC2G,EAAE,GAAG3G,mBAAmB,CAAC4G,EAAE,EAC9D9C,MAAM,CACL,CAACnC,QAAQkC,MAAS,CAAA;YAChB,GAAGlC,MAAM;YACT,CAACkC,IAAI,EAAE9B,QAAQ,CAAC8B,IAAI;QACtB,CAAA,GACA,CAAC;IAGL,OAAO4C;AACT;AAcO,eAAe1G,wBAAwB,EAC5CgC,QAAQ,EACRK,WAAW,EACXxB,UAAU,EACVyB,OAAO,EACPC,cAAc,EACdC,iBAAiB,EACP;IACV,MAAMsE,kBAAkBzE,YAAYT,MAAM,CAACkD,IAAI;IAC/C,MAAMiC,qBAAqB1E,YAAYT,MAAM,CAACzB,OAAO;IACrD,MAAM6G,wBAAwB3E,YAAYT,MAAM,CAACtB,UAAU;IAE3D,MAAM2G,sBAAsBjF,SAASJ,MAAM,CAACrB,MAAM,CAACoE,QAAQ,CAACC,GAAG,CAACC,WAAW;IAC3E,MAAMqC,yBAAyBlF,SAASJ,MAAM,CAACzB,OAAO;IACtD,MAAMgH,qBAAqBnF,SAASJ,MAAM,CAACtB,UAAU;IAErD,IAAIwG,oBAAoBG,qBAAqB;QAC3C,MAAM,IAAItE,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,qBAAqB,EAAEyF,oBAAoB,uBAAuB,EAAE1F,uBAAgB,CAACO,WAAW,CAAC,iBAAiB,EAAEgF,gBAAgB,GAAG,CAAC,EACtK1D,kCAA2B,CAACsB,YAAY;IAE5C;IAEA,IAAIqC,uBAAuBG,wBAAwB;QACjD,MAAM,IAAIvE,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,wBAAwB,EAAE0F,uBAAuB,uBAAuB,EAAE3F,uBAAgB,CAACO,WAAW,CAAC,oBAAoB,EAAEiF,mBAAmB,GAAG,CAAC,EAClL3D,kCAA2B,CAAC2B,eAAe;IAE/C;IAEA,IAGE,AAFA,4EAA4E;IAC5E,wDAAwD;IACvDiC,CAAAA,yBAAyBG,kBAAiB,KAC3C,CAACC,IAAAA,sBAAS,EAACJ,uBAAuBG,qBAClC;QACA,MAAM,IAAIxE,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,yCAAyC,EAAED,uBAAgB,CAACO,WAAW,CAAC,qBAAqB,CAAC,EAC5HsB,kCAA2B,CAAC4B,kBAAkB;IAElD;IAEA,MAAMqC,IAAAA,yBAAkB,EACtB;QAAErF;QAAUnB;QAAYyB;QAASC;QAAgBC;IAAkB,GACnE,CAAC,CAAC,EAAEjB,uBAAgB,CAACC,QAAQ,CAAC,gDAAgD,CAAC;AAEnF"}
+{"version":3,"sources":["../../../src/manifest/manifest.ts"],"sourcesContent":["import { getErrorMessage } from '@metamask/snaps-sdk';\nimport type { Json } from '@metamask/utils';\nimport { assertExhaustive, assert, isPlainObject } from '@metamask/utils';\nimport deepEqual from 'fast-deep-equal';\nimport { promises as fs } from 'fs';\nimport pathUtils from 'path';\n\nimport { deepClone } from '../deep-clone';\nimport { readJsonFile } from '../fs';\nimport { getSvgDimensions } from '../icon';\nimport { validateNpmSnap } from '../npm';\nimport {\n  getSnapChecksum,\n  ProgrammaticallyFixableSnapError,\n  validateSnapShasum,\n} from '../snaps';\nimport type { SnapFiles, UnvalidatedSnapFiles } from '../types';\nimport { NpmSnapFileNames, SnapValidationFailureReason } from '../types';\nimport { readVirtualFile, VirtualFile } from '../virtual-file';\nimport type { SnapManifest } from './validation';\n\nconst MANIFEST_SORT_ORDER: Record<keyof SnapManifest, number> = {\n  $schema: 1,\n  version: 2,\n  description: 3,\n  proposedName: 4,\n  repository: 5,\n  source: 6,\n  initialConnections: 7,\n  initialPermissions: 8,\n  manifestVersion: 9,\n};\n\n/**\n * The result from the `checkManifest` function.\n *\n * @property manifest - The fixed manifest object.\n * @property updated - Whether the manifest was updated.\n * @property warnings - An array of warnings that were encountered during\n * processing of the manifest files. These warnings are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n * @property errors - An array of errors that were encountered during\n * processing of the manifest files. These errors are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n */\nexport type CheckManifestResult = {\n  manifest: SnapManifest;\n  updated?: boolean;\n  warnings: string[];\n  errors: string[];\n};\n\nexport type WriteFileFunction = (path: string, data: string) => Promise<void>;\n\n/**\n * Validates a snap.manifest.json file. Attempts to fix the manifest and write\n * the fixed version to disk if `writeManifest` is true. Throws if validation\n * fails.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param writeManifest - Whether to write the fixed manifest to disk.\n * @param sourceCode - The source code of the Snap.\n * @param writeFileFn - The function to use to write the manifest to disk.\n * @returns Whether the manifest was updated, and an array of warnings that\n * were encountered during processing of the manifest files.\n */\nexport async function checkManifest(\n  basePath: string,\n  writeManifest = true,\n  sourceCode?: string,\n  writeFileFn: WriteFileFunction = fs.writeFile,\n): Promise<CheckManifestResult> {\n  const warnings: string[] = [];\n  const errors: string[] = [];\n\n  let updated = false;\n\n  const manifestPath = pathUtils.join(basePath, NpmSnapFileNames.Manifest);\n  const manifestFile = await readJsonFile(manifestPath);\n  const unvalidatedManifest = manifestFile.result;\n\n  const packageFile = await readJsonFile(\n    pathUtils.join(basePath, NpmSnapFileNames.PackageJson),\n  );\n\n  const auxiliaryFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.files,\n  );\n\n  const localizationFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.locales,\n  );\n\n  const snapFiles: UnvalidatedSnapFiles = {\n    manifest: manifestFile,\n    packageJson: packageFile,\n    sourceCode: await getSnapSourceCode(\n      basePath,\n      unvalidatedManifest,\n      sourceCode,\n    ),\n    svgIcon: await getSnapIcon(basePath, unvalidatedManifest),\n    // Intentionally pass null as the encoding here since the files may be binary\n    auxiliaryFiles:\n      (await getSnapFiles(basePath, auxiliaryFilePaths, null)) ?? [],\n    localizationFiles:\n      (await getSnapFiles(basePath, localizationFilePaths)) ?? [],\n  };\n\n  let manifest: VirtualFile<SnapManifest> | undefined;\n  try {\n    ({ manifest } = await validateNpmSnap(snapFiles));\n  } catch (error) {\n    if (error instanceof ProgrammaticallyFixableSnapError) {\n      errors.push(error.message);\n\n      // If we get here, the files at least have the correct shape.\n      const partiallyValidatedFiles = snapFiles as SnapFiles;\n\n      let isInvalid = true;\n      let currentError = error;\n      const maxAttempts = Object.keys(SnapValidationFailureReason).length;\n\n      // Attempt to fix all fixable validation failure reasons. All such reasons\n      // are enumerated by the `SnapValidationFailureReason` enum, so we only\n      // attempt to fix the manifest the same amount of times as there are\n      // reasons in the enum.\n      for (let attempts = 1; isInvalid && attempts <= maxAttempts; attempts++) {\n        manifest = await fixManifest(\n          manifest\n            ? { ...partiallyValidatedFiles, manifest }\n            : partiallyValidatedFiles,\n          currentError,\n        );\n\n        try {\n          await validateNpmSnapManifest({\n            ...partiallyValidatedFiles,\n            manifest,\n          });\n\n          isInvalid = false;\n        } catch (nextValidationError) {\n          currentError = nextValidationError;\n          /* istanbul ignore next: this should be impossible */\n          if (\n            !(\n              nextValidationError instanceof ProgrammaticallyFixableSnapError\n            ) ||\n            (attempts === maxAttempts && !isInvalid)\n          ) {\n            throw new Error(\n              `Internal error: Failed to fix manifest. This is a bug, please report it. Reason:\\n${error.message}`,\n            );\n          }\n\n          errors.push(currentError.message);\n        }\n      }\n\n      updated = true;\n    } else {\n      throw error;\n    }\n  }\n\n  // TypeScript assumes `manifest` can still be undefined, that is not the case.\n  // But we assert to keep TypeScript happy.\n  assert(manifest);\n\n  const validatedManifest = manifest.result;\n\n  // Check presence of recommended keys\n  const recommendedFields = ['repository'] as const;\n\n  const missingRecommendedFields = recommendedFields.filter(\n    (key) => !validatedManifest[key],\n  );\n\n  if (missingRecommendedFields.length > 0) {\n    warnings.push(\n      `Missing recommended package.json properties:\\n${missingRecommendedFields.reduce(\n        (allMissing, currentField) => {\n          return `${allMissing}\\t${currentField}\\n`;\n        },\n        '',\n      )}`,\n    );\n  }\n\n  if (!snapFiles.svgIcon) {\n    warnings.push(\n      'No icon found in the Snap manifest. It is recommended to include an icon for the Snap. See https://docs.metamask.io/snaps/how-to/design-a-snap/#guidelines-at-a-glance for more information.',\n    );\n  }\n\n  const iconDimensions =\n    snapFiles.svgIcon && getSvgDimensions(snapFiles.svgIcon.toString());\n  if (iconDimensions && iconDimensions.height !== iconDimensions.width) {\n    warnings.push(\n      'The icon in the Snap manifest is not square. It is recommended to use a square icon for the Snap.',\n    );\n  }\n\n  if (writeManifest) {\n    try {\n      const newManifest = `${JSON.stringify(\n        getWritableManifest(validatedManifest),\n        null,\n        2,\n      )}\\n`;\n\n      if (updated || newManifest !== manifestFile.value) {\n        await writeFileFn(\n          pathUtils.join(basePath, NpmSnapFileNames.Manifest),\n          newManifest,\n        );\n      }\n    } catch (error) {\n      // Note: This error isn't pushed to the errors array, because it's not an\n      // error in the manifest itself.\n      throw new Error(`Failed to update snap.manifest.json: ${error.message}`);\n    }\n  }\n\n  return { manifest: validatedManifest, updated, warnings, errors };\n}\n\n/**\n * Given the relevant Snap files (manifest, `package.json`, and bundle) and a\n * Snap manifest validation error, fixes the fault in the manifest that caused\n * the error.\n *\n * @param snapFiles - The contents of all Snap files.\n * @param error - The {@link ProgrammaticallyFixableSnapError} that was thrown.\n * @returns A copy of the manifest file where the cause of the error is fixed.\n */\nexport async function fixManifest(\n  snapFiles: SnapFiles,\n  error: ProgrammaticallyFixableSnapError,\n): Promise<VirtualFile<SnapManifest>> {\n  const { manifest, packageJson } = snapFiles;\n  const clonedFile = manifest.clone();\n  const manifestCopy = clonedFile.result;\n\n  switch (error.reason) {\n    case SnapValidationFailureReason.NameMismatch:\n      manifestCopy.source.location.npm.packageName = packageJson.result.name;\n      break;\n\n    case SnapValidationFailureReason.VersionMismatch:\n      manifestCopy.version = packageJson.result.version;\n      break;\n\n    case SnapValidationFailureReason.RepositoryMismatch:\n      manifestCopy.repository = packageJson.result.repository\n        ? deepClone(packageJson.result.repository)\n        : undefined;\n      break;\n\n    case SnapValidationFailureReason.ShasumMismatch:\n      manifestCopy.source.shasum = await getSnapChecksum(snapFiles);\n      break;\n\n    /* istanbul ignore next */\n    default:\n      assertExhaustive(error.reason);\n  }\n\n  clonedFile.result = manifestCopy;\n  clonedFile.value = JSON.stringify(manifestCopy);\n  return clonedFile;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * bundle source file location and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param sourceCode - Override source code for plugins.\n * @returns The contents of the bundle file, if any.\n */\nexport async function getSnapSourceCode(\n  basePath: string,\n  manifest: Json,\n  sourceCode?: string,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const sourceFilePath = (manifest as Partial<SnapManifest>).source?.location\n    ?.npm?.filePath;\n\n  if (!sourceFilePath) {\n    return undefined;\n  }\n\n  if (sourceCode) {\n    return new VirtualFile({\n      path: pathUtils.join(basePath, sourceFilePath),\n      value: sourceCode,\n    });\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, sourceFilePath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(\n      `Failed to read snap bundle file: ${getErrorMessage(error)}`,\n    );\n  }\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * icon and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @returns The contents of the icon, if any.\n */\nexport async function getSnapIcon(\n  basePath: string,\n  manifest: Json,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const iconPath = (manifest as Partial<SnapManifest>).source?.location?.npm\n    ?.iconPath;\n\n  if (!iconPath) {\n    return undefined;\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, iconPath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(`Failed to read snap icon file: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Get an array of paths from an unvalidated Snap manifest.\n *\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param selector - A function that returns the paths to the files.\n * @returns The paths to the files, if any.\n */\nexport function getSnapFilePaths(\n  manifest: Json,\n  selector: (manifest: Partial<SnapManifest>) => string[] | undefined,\n) {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const snapManifest = manifest as Partial<SnapManifest>;\n  const paths = selector(snapManifest);\n\n  if (!Array.isArray(paths)) {\n    return undefined;\n  }\n\n  return paths;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the files with the\n * given paths and read them.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param paths - The paths to the files.\n * @param encoding - An optional encoding to pass down to readVirtualFile.\n * @returns A list of auxiliary files and their contents, if any.\n */\nexport async function getSnapFiles(\n  basePath: string,\n  paths: string[] | undefined,\n  encoding: BufferEncoding | null = 'utf8',\n): Promise<VirtualFile[] | undefined> {\n  if (!paths) {\n    return undefined;\n  }\n\n  try {\n    return await Promise.all(\n      paths.map(async (filePath) =>\n        readVirtualFile(pathUtils.join(basePath, filePath), encoding),\n      ),\n    );\n  } catch (error) {\n    throw new Error(`Failed to read snap files: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Sorts the given manifest in our preferred sort order and removes the\n * `repository` field if it is falsy (it may be `null`).\n *\n * @param manifest - The manifest to sort and modify.\n * @returns The disk-ready manifest.\n */\nexport function getWritableManifest(manifest: SnapManifest): SnapManifest {\n  const { repository, ...remaining } = manifest;\n\n  const keys = Object.keys(\n    repository ? { ...remaining, repository } : remaining,\n  ) as (keyof SnapManifest)[];\n\n  const writableManifest = keys\n    .sort((a, b) => MANIFEST_SORT_ORDER[a] - MANIFEST_SORT_ORDER[b])\n    .reduce<Partial<SnapManifest>>(\n      (result, key) => ({\n        ...result,\n        [key]: manifest[key],\n      }),\n      {},\n    );\n\n  return writableManifest as SnapManifest;\n}\n\n/**\n * Validates the fields of an NPM Snap manifest that has already passed JSON\n * Schema validation.\n *\n * @param snapFiles - The relevant snap files to validate.\n * @param snapFiles.manifest - The npm Snap manifest to validate.\n * @param snapFiles.packageJson - The npm Snap's `package.json`.\n * @param snapFiles.sourceCode - The Snap's source code.\n * @param snapFiles.svgIcon - The Snap's optional icon.\n * @param snapFiles.auxiliaryFiles - Any auxiliary files required by the snap at runtime.\n * @param snapFiles.localizationFiles - The Snap's localization files.\n */\nexport async function validateNpmSnapManifest({\n  manifest,\n  packageJson,\n  sourceCode,\n  svgIcon,\n  auxiliaryFiles,\n  localizationFiles,\n}: SnapFiles) {\n  const packageJsonName = packageJson.result.name;\n  const packageJsonVersion = packageJson.result.version;\n  const packageJsonRepository = packageJson.result.repository;\n\n  const manifestPackageName = manifest.result.source.location.npm.packageName;\n  const manifestPackageVersion = manifest.result.version;\n  const manifestRepository = manifest.result.repository;\n\n  if (packageJsonName !== manifestPackageName) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package name (\"${manifestPackageName}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"name\" field (\"${packageJsonName}\").`,\n      SnapValidationFailureReason.NameMismatch,\n    );\n  }\n\n  if (packageJsonVersion !== manifestPackageVersion) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package version (\"${manifestPackageVersion}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"version\" field (\"${packageJsonVersion}\").`,\n      SnapValidationFailureReason.VersionMismatch,\n    );\n  }\n\n  if (\n    // The repository may be `undefined` in package.json but can only be defined\n    // or `null` in the Snap manifest due to TS@<4.4 issues.\n    (packageJsonRepository || manifestRepository) &&\n    !deepEqual(packageJsonRepository, manifestRepository)\n  ) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" \"repository\" field does not match the \"${NpmSnapFileNames.PackageJson}\" \"repository\" field.`,\n      SnapValidationFailureReason.RepositoryMismatch,\n    );\n  }\n\n  await validateSnapShasum(\n    { manifest, sourceCode, svgIcon, auxiliaryFiles, localizationFiles },\n    `\"${NpmSnapFileNames.Manifest}\" \"shasum\" field does not match computed shasum.`,\n  );\n}\n"],"names":["checkManifest","fixManifest","getSnapSourceCode","getSnapIcon","getSnapFilePaths","getSnapFiles","getWritableManifest","validateNpmSnapManifest","MANIFEST_SORT_ORDER","$schema","version","description","proposedName","repository","source","initialConnections","initialPermissions","manifestVersion","basePath","writeManifest","sourceCode","writeFileFn","fs","writeFile","warnings","errors","updated","manifestPath","pathUtils","join","NpmSnapFileNames","Manifest","manifestFile","readJsonFile","unvalidatedManifest","result","packageFile","PackageJson","auxiliaryFilePaths","manifest","files","localizationFilePaths","locales","snapFiles","packageJson","svgIcon","auxiliaryFiles","localizationFiles","validateNpmSnap","error","ProgrammaticallyFixableSnapError","push","message","partiallyValidatedFiles","isInvalid","currentError","maxAttempts","Object","keys","SnapValidationFailureReason","length","attempts","nextValidationError","Error","assert","validatedManifest","recommendedFields","missingRecommendedFields","filter","key","reduce","allMissing","currentField","iconDimensions","getSvgDimensions","toString","height","width","newManifest","JSON","stringify","value","clonedFile","clone","manifestCopy","reason","NameMismatch","location","npm","packageName","name","VersionMismatch","RepositoryMismatch","deepClone","undefined","ShasumMismatch","shasum","getSnapChecksum","assertExhaustive","isPlainObject","sourceFilePath","filePath","VirtualFile","path","virtualFile","readVirtualFile","getErrorMessage","iconPath","selector","snapManifest","paths","Array","isArray","encoding","Promise","all","map","remaining","writableManifest","sort","a","b","packageJsonName","packageJsonVersion","packageJsonRepository","manifestPackageName","manifestPackageVersion","manifestRepository","deepEqual","validateSnapShasum"],"mappings":";;;;;;;;;;;IAoEsBA,aAAa;eAAbA;;IA6KAC,WAAW;eAAXA;;IA8CAC,iBAAiB;eAAjBA;;IA4CAC,WAAW;eAAXA;;IAiCNC,gBAAgB;eAAhBA;;IA2BMC,YAAY;eAAZA;;IA2BNC,mBAAmB;eAAnBA;;IAgCMC,uBAAuB;eAAvBA;;;0BAlcU;uBAEwB;sEAClC;oBACS;6DACT;2BAEI;qBACG;sBACI;qBACD;uBAKzB;uBAEuD;6BACjB;;;;;;AAG7C,MAAMC,sBAA0D;IAC9DC,SAAS;IACTC,SAAS;IACTC,aAAa;IACbC,cAAc;IACdC,YAAY;IACZC,QAAQ;IACRC,oBAAoB;IACpBC,oBAAoB;IACpBC,iBAAiB;AACnB;AAqCO,eAAejB,cACpBkB,QAAgB,EAChBC,gBAAgB,IAAI,EACpBC,UAAmB,EACnBC,cAAiCC,YAAE,CAACC,SAAS;IAE7C,MAAMC,WAAqB,EAAE;IAC7B,MAAMC,SAAmB,EAAE;IAE3B,IAAIC,UAAU;IAEd,MAAMC,eAAeC,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACC,QAAQ;IACvE,MAAMC,eAAe,MAAMC,IAAAA,iBAAY,EAACN;IACxC,MAAMO,sBAAsBF,aAAaG,MAAM;IAE/C,MAAMC,cAAc,MAAMH,IAAAA,iBAAY,EACpCL,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACO,WAAW;IAGvD,MAAMC,qBAAqBlC,iBACzB8B,qBACA,CAACK,WAAaA,UAAUzB,QAAQ0B;IAGlC,MAAMC,wBAAwBrC,iBAC5B8B,qBACA,CAACK,WAAaA,UAAUzB,QAAQ4B;IAGlC,MAAMC,YAAkC;QACtCJ,UAAUP;QACVY,aAAaR;QACbhB,YAAY,MAAMlB,kBAChBgB,UACAgB,qBACAd;QAEFyB,SAAS,MAAM1C,YAAYe,UAAUgB;QACrC,6EAA6E;QAC7EY,gBACE,AAAC,MAAMzC,aAAaa,UAAUoB,oBAAoB,SAAU,EAAE;QAChES,mBACE,AAAC,MAAM1C,aAAaa,UAAUuB,0BAA2B,EAAE;IAC/D;IAEA,IAAIF;IACJ,IAAI;QACD,CAAA,EAAEA,QAAQ,EAAE,GAAG,MAAMS,IAAAA,oBAAe,EAACL,UAAS;IACjD,EAAE,OAAOM,OAAO;QACd,IAAIA,iBAAiBC,uCAAgC,EAAE;YACrDzB,OAAO0B,IAAI,CAACF,MAAMG,OAAO;YAEzB,6DAA6D;YAC7D,MAAMC,0BAA0BV;YAEhC,IAAIW,YAAY;YAChB,IAAIC,eAAeN;YACnB,MAAMO,cAAcC,OAAOC,IAAI,CAACC,kCAA2B,EAAEC,MAAM;YAEnE,0EAA0E;YAC1E,uEAAuE;YACvE,oEAAoE;YACpE,uBAAuB;YACvB,IAAK,IAAIC,WAAW,GAAGP,aAAaO,YAAYL,aAAaK,WAAY;gBACvEtB,WAAW,MAAMtC,YACfsC,WACI;oBAAE,GAAGc,uBAAuB;oBAAEd;gBAAS,IACvCc,yBACJE;gBAGF,IAAI;oBACF,MAAMhD,wBAAwB;wBAC5B,GAAG8C,uBAAuB;wBAC1Bd;oBACF;oBAEAe,YAAY;gBACd,EAAE,OAAOQ,qBAAqB;oBAC5BP,eAAeO;oBACf,mDAAmD,GACnD,IACE,CACEA,CAAAA,+BAA+BZ,uCAAgC,AAAD,KAE/DW,aAAaL,eAAe,CAACF,WAC9B;wBACA,MAAM,IAAIS,MACR,CAAC,kFAAkF,EAAEd,MAAMG,OAAO,CAAC,CAAC;oBAExG;oBAEA3B,OAAO0B,IAAI,CAACI,aAAaH,OAAO;gBAClC;YACF;YAEA1B,UAAU;QACZ,OAAO;YACL,MAAMuB;QACR;IACF;IAEA,8EAA8E;IAC9E,0CAA0C;IAC1Ce,IAAAA,aAAM,EAACzB;IAEP,MAAM0B,oBAAoB1B,SAASJ,MAAM;IAEzC,qCAAqC;IACrC,MAAM+B,oBAAoB;QAAC;KAAa;IAExC,MAAMC,2BAA2BD,kBAAkBE,MAAM,CACvD,CAACC,MAAQ,CAACJ,iBAAiB,CAACI,IAAI;IAGlC,IAAIF,yBAAyBP,MAAM,GAAG,GAAG;QACvCpC,SAAS2B,IAAI,CACX,CAAC,8CAA8C,EAAEgB,yBAAyBG,MAAM,CAC9E,CAACC,YAAYC;YACX,OAAO,CAAC,EAAED,WAAW,EAAE,EAAEC,aAAa,EAAE,CAAC;QAC3C,GACA,IACA,CAAC;IAEP;IAEA,IAAI,CAAC7B,UAAUE,OAAO,EAAE;QACtBrB,SAAS2B,IAAI,CACX;IAEJ;IAEA,MAAMsB,iBACJ9B,UAAUE,OAAO,IAAI6B,IAAAA,sBAAgB,EAAC/B,UAAUE,OAAO,CAAC8B,QAAQ;IAClE,IAAIF,kBAAkBA,eAAeG,MAAM,KAAKH,eAAeI,KAAK,EAAE;QACpErD,SAAS2B,IAAI,CACX;IAEJ;IAEA,IAAIhC,eAAe;QACjB,IAAI;YACF,MAAM2D,cAAc,CAAC,EAAEC,KAAKC,SAAS,CACnC1E,oBAAoB2D,oBACpB,MACA,GACA,EAAE,CAAC;YAEL,IAAIvC,WAAWoD,gBAAgB9C,aAAaiD,KAAK,EAAE;gBACjD,MAAM5D,YACJO,aAAS,CAACC,IAAI,CAACX,UAAUY,uBAAgB,CAACC,QAAQ,GAClD+C;YAEJ;QACF,EAAE,OAAO7B,OAAO;YACd,yEAAyE;YACzE,gCAAgC;YAChC,MAAM,IAAIc,MAAM,CAAC,qCAAqC,EAAEd,MAAMG,OAAO,CAAC,CAAC;QACzE;IACF;IAEA,OAAO;QAAEb,UAAU0B;QAAmBvC;QAASF;QAAUC;IAAO;AAClE;AAWO,eAAexB,YACpB0C,SAAoB,EACpBM,KAAuC;IAEvC,MAAM,EAAEV,QAAQ,EAAEK,WAAW,EAAE,GAAGD;IAClC,MAAMuC,aAAa3C,SAAS4C,KAAK;IACjC,MAAMC,eAAeF,WAAW/C,MAAM;IAEtC,OAAQc,MAAMoC,MAAM;QAClB,KAAK1B,kCAA2B,CAAC2B,YAAY;YAC3CF,aAAatE,MAAM,CAACyE,QAAQ,CAACC,GAAG,CAACC,WAAW,GAAG7C,YAAYT,MAAM,CAACuD,IAAI;YACtE;QAEF,KAAK/B,kCAA2B,CAACgC,eAAe;YAC9CP,aAAa1E,OAAO,GAAGkC,YAAYT,MAAM,CAACzB,OAAO;YACjD;QAEF,KAAKiD,kCAA2B,CAACiC,kBAAkB;YACjDR,aAAavE,UAAU,GAAG+B,YAAYT,MAAM,CAACtB,UAAU,GACnDgF,IAAAA,oBAAS,EAACjD,YAAYT,MAAM,CAACtB,UAAU,IACvCiF;YACJ;QAEF,KAAKnC,kCAA2B,CAACoC,cAAc;YAC7CX,aAAatE,MAAM,CAACkF,MAAM,GAAG,MAAMC,IAAAA,sBAAe,EAACtD;YACnD;QAEF,wBAAwB,GACxB;YACEuD,IAAAA,uBAAgB,EAACjD,MAAMoC,MAAM;IACjC;IAEAH,WAAW/C,MAAM,GAAGiD;IACpBF,WAAWD,KAAK,GAAGF,KAAKC,SAAS,CAACI;IAClC,OAAOF;AACT;AAWO,eAAehF,kBACpBgB,QAAgB,EAChBqB,QAAc,EACdnB,UAAmB;IAEnB,IAAI,CAAC+E,IAAAA,oBAAa,EAAC5D,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMM,iBAAiB,AAAC7D,SAAmCzB,MAAM,EAAEyE,UAC/DC,KAAKa;IAET,IAAI,CAACD,gBAAgB;QACnB,OAAON;IACT;IAEA,IAAI1E,YAAY;QACd,OAAO,IAAIkF,wBAAW,CAAC;YACrBC,MAAM3E,aAAS,CAACC,IAAI,CAACX,UAAUkF;YAC/BnB,OAAO7D;QACT;IACF;IAEA,IAAI;QACF,MAAMoF,cAAc,MAAMC,IAAAA,4BAAe,EACvC7E,aAAS,CAACC,IAAI,CAACX,UAAUkF,iBACzB;QAEF,OAAOI;IACT,EAAE,OAAOvD,OAAO;QACd,MAAM,IAAIc,MACR,CAAC,iCAAiC,EAAE2C,IAAAA,yBAAe,EAACzD,OAAO,CAAC;IAEhE;AACF;AAUO,eAAe9C,YACpBe,QAAgB,EAChBqB,QAAc;IAEd,IAAI,CAAC4D,IAAAA,oBAAa,EAAC5D,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMa,WAAW,AAACpE,SAAmCzB,MAAM,EAAEyE,UAAUC,KACnEmB;IAEJ,IAAI,CAACA,UAAU;QACb,OAAOb;IACT;IAEA,IAAI;QACF,MAAMU,cAAc,MAAMC,IAAAA,4BAAe,EACvC7E,aAAS,CAACC,IAAI,CAACX,UAAUyF,WACzB;QAEF,OAAOH;IACT,EAAE,OAAOvD,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,+BAA+B,EAAE2C,IAAAA,yBAAe,EAACzD,OAAO,CAAC;IAC5E;AACF;AASO,SAAS7C,iBACdmC,QAAc,EACdqE,QAAmE;IAEnE,IAAI,CAACT,IAAAA,oBAAa,EAAC5D,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMe,eAAetE;IACrB,MAAMuE,QAAQF,SAASC;IAEvB,IAAI,CAACE,MAAMC,OAAO,CAACF,QAAQ;QACzB,OAAOhB;IACT;IAEA,OAAOgB;AACT;AAWO,eAAezG,aACpBa,QAAgB,EAChB4F,KAA2B,EAC3BG,WAAkC,MAAM;IAExC,IAAI,CAACH,OAAO;QACV,OAAOhB;IACT;IAEA,IAAI;QACF,OAAO,MAAMoB,QAAQC,GAAG,CACtBL,MAAMM,GAAG,CAAC,OAAOf,WACfI,IAAAA,4BAAe,EAAC7E,aAAS,CAACC,IAAI,CAACX,UAAUmF,WAAWY;IAG1D,EAAE,OAAOhE,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,2BAA2B,EAAE2C,IAAAA,yBAAe,EAACzD,OAAO,CAAC;IACxE;AACF;AASO,SAAS3C,oBAAoBiC,QAAsB;IACxD,MAAM,EAAE1B,UAAU,EAAE,GAAGwG,WAAW,GAAG9E;IAErC,MAAMmB,OAAOD,OAAOC,IAAI,CACtB7C,aAAa;QAAE,GAAGwG,SAAS;QAAExG;IAAW,IAAIwG;IAG9C,MAAMC,mBAAmB5D,KACtB6D,IAAI,CAAC,CAACC,GAAGC,IAAMjH,mBAAmB,CAACgH,EAAE,GAAGhH,mBAAmB,CAACiH,EAAE,EAC9DnD,MAAM,CACL,CAACnC,QAAQkC,MAAS,CAAA;YAChB,GAAGlC,MAAM;YACT,CAACkC,IAAI,EAAE9B,QAAQ,CAAC8B,IAAI;QACtB,CAAA,GACA,CAAC;IAGL,OAAOiD;AACT;AAcO,eAAe/G,wBAAwB,EAC5CgC,QAAQ,EACRK,WAAW,EACXxB,UAAU,EACVyB,OAAO,EACPC,cAAc,EACdC,iBAAiB,EACP;IACV,MAAM2E,kBAAkB9E,YAAYT,MAAM,CAACuD,IAAI;IAC/C,MAAMiC,qBAAqB/E,YAAYT,MAAM,CAACzB,OAAO;IACrD,MAAMkH,wBAAwBhF,YAAYT,MAAM,CAACtB,UAAU;IAE3D,MAAMgH,sBAAsBtF,SAASJ,MAAM,CAACrB,MAAM,CAACyE,QAAQ,CAACC,GAAG,CAACC,WAAW;IAC3E,MAAMqC,yBAAyBvF,SAASJ,MAAM,CAACzB,OAAO;IACtD,MAAMqH,qBAAqBxF,SAASJ,MAAM,CAACtB,UAAU;IAErD,IAAI6G,oBAAoBG,qBAAqB;QAC3C,MAAM,IAAI3E,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,qBAAqB,EAAE8F,oBAAoB,uBAAuB,EAAE/F,uBAAgB,CAACO,WAAW,CAAC,iBAAiB,EAAEqF,gBAAgB,GAAG,CAAC,EACtK/D,kCAA2B,CAAC2B,YAAY;IAE5C;IAEA,IAAIqC,uBAAuBG,wBAAwB;QACjD,MAAM,IAAI5E,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,wBAAwB,EAAE+F,uBAAuB,uBAAuB,EAAEhG,uBAAgB,CAACO,WAAW,CAAC,oBAAoB,EAAEsF,mBAAmB,GAAG,CAAC,EAClLhE,kCAA2B,CAACgC,eAAe;IAE/C;IAEA,IAGE,AAFA,4EAA4E;IAC5E,wDAAwD;IACvDiC,CAAAA,yBAAyBG,kBAAiB,KAC3C,CAACC,IAAAA,sBAAS,EAACJ,uBAAuBG,qBAClC;QACA,MAAM,IAAI7E,uCAAgC,CACxC,CAAC,CAAC,EAAEpB,uBAAgB,CAACC,QAAQ,CAAC,yCAAyC,EAAED,uBAAgB,CAACO,WAAW,CAAC,qBAAqB,CAAC,EAC5HsB,kCAA2B,CAACiC,kBAAkB;IAElD;IAEA,MAAMqC,IAAAA,yBAAkB,EACtB;QAAE1F;QAAUnB;QAAYyB;QAASC;QAAgBC;IAAkB,GACnE,CAAC,CAAC,EAAEjB,uBAAgB,CAACC,QAAQ,CAAC,gDAAgD,CAAC;AAEnF"}

package/dist/cjs/post-process.js

@@ -21,7 +21,7 @@ const _core = require("@babel/core");
 const _types = require("@babel/types");
 var PostProcessWarning;
 (function(PostProcessWarning) {
-    PostProcessWarning["UnsafeMathRandom"] = '`Math.random` was detected in the bundle. This is not a secure source of randomness.';
+    PostProcessWarning["UnsafeMathRandom"] = '`Math.random` was detected in the Snap bundle. This is not a secure source of randomness, and should not be used in a secure context. Use `crypto.getRandomValues` instead.';
 })(PostProcessWarning || (PostProcessWarning = {}));
 // The RegEx below consists of multiple groups joined by a boolean OR.
 // Each part consists of two groups which capture a part of each string

package/dist/cjs/post-process.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/post-process.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/no-shadow\nimport type { Node, Visitor, PluginObj } from '@babel/core';\nimport { transformSync, template } from '@babel/core';\nimport type { Expression, Identifier, TemplateElement } from '@babel/types';\nimport {\n  binaryExpression,\n  isUnaryExpression,\n  isUpdateExpression,\n  stringLiteral,\n  templateElement,\n  templateLiteral,\n} from '@babel/types';\n\n/**\n * Source map declaration taken from `@babel/core`. Babel doesn't export the\n * type for this, so it's copied from the source code instead here.\n */\nexport type SourceMap = {\n  version: number;\n  sources: string[];\n  names: string[];\n  sourceRoot?: string | undefined;\n  sourcesContent?: string[] | undefined;\n  mappings: string;\n  file: string;\n};\n\n/**\n * The post process options.\n *\n * @property stripComments - Whether to strip comments. Defaults to `true`.\n * @property sourceMap - Whether to generate a source map for the modified code.\n * See also `inputSourceMap`.\n * @property inputSourceMap - The source map for the input code. When provided,\n * the source map will be used to generate a source map for the modified code.\n * This ensures that the source map is correct for the modified code, and still\n * points to the original source. If not provided, a new source map will be\n * generated instead.\n */\nexport type PostProcessOptions = {\n  stripComments?: boolean;\n  sourceMap?: boolean | 'inline';\n  inputSourceMap?: SourceMap;\n};\n\n/**\n * The post processed bundle output.\n *\n * @property code - The modified code.\n * @property sourceMap - The source map for the modified code, if the source map\n * option was enabled.\n * @property warnings - Any warnings that occurred during the post-processing.\n */\nexport type PostProcessedBundle = {\n  code: string;\n  sourceMap?: SourceMap | null;\n  warnings: PostProcessWarning[];\n};\n\nexport enum PostProcessWarning {\n  UnsafeMathRandom = '`Math.random` was detected in the bundle. This is not a secure source of randomness.',\n}\n\n// The RegEx below consists of multiple groups joined by a boolean OR.\n// Each part consists of two groups which capture a part of each string\n// which needs to be split up, e.g., `<!--` is split into `<!` and `--`.\nconst TOKEN_REGEX = /(<!)(--)|(--)(>)|(import)(\\(.*?\\))/gu;\n\n// An empty template element, i.e., a part of a template literal without any\n// value (\"\").\nconst EMPTY_TEMPLATE_ELEMENT = templateElement({ raw: '', cooked: '' });\n\nconst evalWrapper = template.statement(`\n  (1, REF)(ARGS)\n`);\n\nconst objectEvalWrapper = template.statement(`\n  (1, OBJECT.REF)\n`);\n\nconst regeneratorRuntimeWrapper = template.statement(`\n  var regeneratorRuntime;\n`);\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into an array, in a way that it can be joined\n * together to form the same string, but with the tokens separated into single\n * array elements.\n */\nfunction breakTokens(value: string): string[] {\n  const tokens = value.split(TOKEN_REGEX);\n  return (\n    tokens\n      // TODO: The `split` above results in some values being `undefined`.\n      // There may be a better solution to avoid having to filter those out.\n      .filter((token) => token !== '' && token !== undefined)\n  );\n}\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into a tuple consisting of the new template\n * elements and string literal expressions.\n */\nfunction breakTokensTemplateLiteral(\n  value: string,\n): [TemplateElement[], Expression[]] {\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore `matchAll` is not available in ES2017, but this code\n  // should only be used in environments where the function is supported.\n  const matches: RegExpMatchArray[] = Array.from(value.matchAll(TOKEN_REGEX));\n\n  if (matches.length > 0) {\n    const output = matches.reduce<[TemplateElement[], Expression[]]>(\n      ([elements, expressions], rawMatch, index, values) => {\n        const [, first, last] = rawMatch.filter((raw) => raw !== undefined);\n\n        // Slice the text in front of the match, which does not need to be\n        // broken up.\n        const prefix = value.slice(\n          index === 0\n            ? 0\n            : (values[index - 1].index as number) + values[index - 1][0].length,\n          rawMatch.index,\n        );\n\n        return [\n          [\n            ...elements,\n            templateElement({\n              raw: getRawTemplateValue(prefix),\n              cooked: prefix,\n            }),\n            EMPTY_TEMPLATE_ELEMENT,\n          ],\n          [...expressions, stringLiteral(first), stringLiteral(last)],\n        ];\n      },\n      [[], []],\n    );\n\n    // Add the text after the last match to the output.\n    const lastMatch = matches[matches.length - 1];\n    const suffix = value.slice(\n      (lastMatch.index as number) + lastMatch[0].length,\n    );\n\n    return [\n      [\n        ...output[0],\n        templateElement({ raw: getRawTemplateValue(suffix), cooked: suffix }),\n      ],\n      output[1],\n    ];\n  }\n\n  // If there are no matches, simply return the original value.\n  return [\n    [templateElement({ raw: getRawTemplateValue(value), cooked: value })],\n    [],\n  ];\n}\n\n/**\n * Get a raw template literal value from a cooked value. This adds a backslash\n * before every '`', '\\' and '${' characters.\n *\n * @see https://github.com/babel/babel/issues/9242#issuecomment-532529613\n * @param value - The cooked string to get the raw string for.\n * @returns The value as raw value.\n */\nfunction getRawTemplateValue(value: string) {\n  return value.replace(/\\\\|`|\\$\\{/gu, '\\\\$&');\n}\n\n/**\n * Post process code with AST such that it can be evaluated in SES.\n *\n * Currently:\n * - Makes all direct calls to eval indirect.\n * - Handles certain Babel-related edge cases.\n * - Removes the `Buffer` provided by Browserify.\n * - Optionally removes comments.\n * - Breaks up tokens that would otherwise result in SES errors, such as HTML\n * comment tags `<!--` and `-->` and `import(n)` statements.\n *\n * @param code - The code to post process.\n * @param options - The post-process options.\n * @param options.stripComments - Whether to strip comments. Defaults to `true`.\n * @param options.sourceMap - Whether to generate a source map for the modified\n * code. See also `inputSourceMap`.\n * @param options.inputSourceMap - The source map for the input code. When\n * provided, the source map will be used to generate a source map for the\n * modified code. This ensures that the source map is correct for the modified\n * code, and still points to the original source. If not provided, a new source\n * map will be generated instead.\n * @returns An object containing the modified code, and source map, or null if\n * the provided code is null.\n */\nexport function postProcessBundle(\n  code: string,\n  {\n    stripComments = true,\n    sourceMap: sourceMaps,\n    inputSourceMap,\n  }: Partial<PostProcessOptions> = {},\n): PostProcessedBundle {\n  const warnings = new Set<PostProcessWarning>();\n\n  const pre: PluginObj['pre'] = ({ ast }) => {\n    ast.comments?.forEach((comment) => {\n      // Break up tokens that could be parsed as HTML comment terminators. The\n      // regular expressions below are written strangely so as to avoid the\n      // appearance of such tokens in our source code. For reference:\n      // https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      comment.value = comment.value\n        .replace(new RegExp(`<!${'--'}`, 'gu'), '< !--')\n        .replace(new RegExp(`${'--'}>`, 'gu'), '-- >')\n        .replace(/import(\\(.*\\))/gu, 'import\\\\$1');\n    });\n  };\n\n  const visitor: Visitor<Node> = {\n    FunctionExpression(path) {\n      const { node } = path;\n\n      // Browserify provides the `Buffer` global as an argument to modules that\n      // use it, but this does not work in SES. Since we pass in `Buffer` as an\n      // endowment, we can simply remove the argument.\n      //\n      // Note that this only removes `Buffer` from a wrapped function\n      // expression, e.g., `(function (Buffer) { ... })`. Regular functions\n      // are not affected.\n      //\n      // TODO: Since we're working on the AST level, we could check the scope\n      // of the function expression, and possibly prevent false positives?\n      if (node.type === 'FunctionExpression' && node.extra?.parenthesized) {\n        node.params = node.params.filter(\n          (param) => !(param.type === 'Identifier' && param.name === 'Buffer'),\n        );\n      }\n    },\n\n    CallExpression(path) {\n      const { node } = path;\n\n      // Replace `eval(foo)` with `(1, eval)(foo)`.\n      if (node.callee.type === 'Identifier' && node.callee.name === 'eval') {\n        path.replaceWith(\n          evalWrapper({\n            REF: node.callee,\n            ARGS: node.arguments,\n          }),\n        );\n      }\n\n      // Detect the use of `Math.random()` and add a warning.\n      if (\n        node.callee.type === 'MemberExpression' &&\n        node.callee.object.type === 'Identifier' &&\n        node.callee.object.name === 'Math' &&\n        node.callee.property.type === 'Identifier' &&\n        node.callee.property.name === 'random'\n      ) {\n        warnings.add(PostProcessWarning.UnsafeMathRandom);\n      }\n    },\n\n    MemberExpression(path) {\n      const { node } = path;\n\n      // Replace `object.eval(foo)` with `(1, object.eval)(foo)`.\n      if (\n        node.property.type === 'Identifier' &&\n        node.property.name === 'eval' &&\n        // We only apply this to MemberExpressions that are the callee of CallExpression\n        path.parent.type === 'CallExpression' &&\n        path.parent.callee === node\n      ) {\n        path.replaceWith(\n          objectEvalWrapper({\n            OBJECT: node.object,\n            REF: node.property,\n          }),\n        );\n      }\n    },\n\n    Identifier(path) {\n      const { node } = path;\n\n      // Insert `regeneratorRuntime` global if it's used in the code.\n      if (node.name === 'regeneratorRuntime') {\n        const program = path.findParent(\n          (parent) => parent.node.type === 'Program',\n        );\n\n        // We know that `program` is a Program node here, but this keeps\n        // TypeScript happy.\n        if (program?.node.type === 'Program') {\n          const body = program.node.body[0];\n\n          // This stops it from inserting `regeneratorRuntime` multiple times.\n          if (\n            body.type === 'VariableDeclaration' &&\n            (body.declarations[0].id as Identifier).name ===\n              'regeneratorRuntime'\n          ) {\n            return;\n          }\n\n          program?.node.body.unshift(regeneratorRuntimeWrapper());\n        }\n      }\n    },\n\n    TemplateLiteral(path) {\n      const { node } = path;\n\n      // This checks if the template literal was visited before. Without this,\n      // it would cause an infinite loop resulting in a stack overflow. We can't\n      // skip the path here, because we need to visit the children of the node.\n      if (path.getData('visited')) {\n        return;\n      }\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const [replacementQuasis, replacementExpressions] = node.quasis.reduce<\n        [TemplateElement[], Expression[]]\n      >(\n        ([elements, expressions], quasi, index) => {\n          // Note: Template literals have two variants, \"cooked\" and \"raw\". Here\n          // we use the cooked version.\n          // https://exploringjs.com/impatient-js/ch_template-literals.html#template-strings-cooked-vs-raw\n          const tokens = breakTokensTemplateLiteral(\n            quasi.value.cooked as string,\n          );\n\n          // Only update the node if something changed.\n          if (tokens[0].length <= 1) {\n            return [\n              [...elements, quasi],\n              [...expressions, node.expressions[index] as Expression],\n            ];\n          }\n\n          return [\n            [...elements, ...tokens[0]],\n            [\n              ...expressions,\n              ...tokens[1],\n              node.expressions[index] as Expression,\n            ],\n          ];\n        },\n        [[], []],\n      );\n\n      path.replaceWith(\n        templateLiteral(\n          replacementQuasis,\n          replacementExpressions.filter(\n            (expression) => expression !== undefined,\n          ),\n        ) as Node,\n      );\n\n      path.setData('visited', true);\n    },\n\n    StringLiteral(path) {\n      const { node } = path;\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const tokens = breakTokens(node.value);\n\n      // Only update the node if the string literal was broken up.\n      if (tokens.length <= 1) {\n        return;\n      }\n\n      const replacement = tokens\n        .slice(1)\n        .reduce<Expression>(\n          (acc, value) => binaryExpression('+', acc, stringLiteral(value)),\n          stringLiteral(tokens[0]),\n        );\n\n      path.replaceWith(replacement as Node);\n      path.skip();\n    },\n\n    BinaryExpression(path) {\n      const { node } = path;\n\n      const errorMessage =\n        'Using HTML comments (`<!--` and `-->`) as operators is not allowed. The behaviour of ' +\n        'these comments is ambiguous, and differs per browser and environment. If you want ' +\n        'to use them as operators, break them up into separate characters, i.e., `a-- > b` ' +\n        'and `a < ! --b`.';\n\n      if (\n        node.operator === '<' &&\n        isUnaryExpression(node.right) &&\n        isUpdateExpression(node.right.argument) &&\n        node.right.argument.operator === '--' &&\n        node.left.end &&\n        node.right.argument.argument.start\n      ) {\n        const expression = code.slice(\n          node.left.end,\n          node.right.argument.argument.start,\n        );\n\n        if (expression.includes('<!--')) {\n          throw new Error(errorMessage);\n        }\n      }\n\n      if (\n        node.operator === '>' &&\n        isUpdateExpression(node.left) &&\n        node.left.operator === '--' &&\n        node.left.argument.end &&\n        node.right.start\n      ) {\n        const expression = code.slice(node.left.argument.end, node.right.start);\n\n        if (expression.includes('-->')) {\n          throw new Error(errorMessage);\n        }\n      }\n    },\n  };\n\n  try {\n    const file = transformSync(code, {\n      // Prevent Babel from searching for a config file.\n      configFile: false,\n\n      parserOpts: {\n        // Strict mode isn't enabled by default, so we need to enable it here.\n        strictMode: true,\n\n        // If this is disabled, the AST does not include any comments. This is\n        // useful for performance reasons, and we use it for stripping comments.\n        attachComment: !stripComments,\n      },\n\n      // By default, Babel optimises bundles that exceed 500 KB, but that\n      // results in characters which look like HTML comments, which breaks SES.\n      compact: false,\n\n      // This configures Babel to generate a new source map from the existing\n      // source map if specified. If `sourceMap` is `true` but an input source\n      // map is not provided, a new source map will be generated instead.\n      inputSourceMap,\n      sourceMaps,\n\n      plugins: [\n        () => ({\n          pre,\n          visitor,\n        }),\n      ],\n    });\n\n    if (!file?.code) {\n      throw new Error('Bundled code is empty.');\n    }\n\n    return {\n      code: file.code,\n      sourceMap: file.map,\n      warnings: Array.from(warnings),\n    };\n  } catch (error) {\n    throw new Error(`Failed to post process code:\\n${error.message}`);\n  }\n}\n"],"names":["postProcessBundle","PostProcessWarning","UnsafeMathRandom","TOKEN_REGEX","EMPTY_TEMPLATE_ELEMENT","templateElement","raw","cooked","evalWrapper","template","statement","objectEvalWrapper","regeneratorRuntimeWrapper","breakTokens","value","tokens","split","filter","token","undefined","breakTokensTemplateLiteral","matches","Array","from","matchAll","length","output","reduce","elements","expressions","rawMatch","index","values","first","last","prefix","slice","getRawTemplateValue","stringLiteral","lastMatch","suffix","replace","code","stripComments","sourceMap","sourceMaps","inputSourceMap","warnings","Set","pre","ast","comments","forEach","comment","RegExp","visitor","FunctionExpression","path","node","type","extra","parenthesized","params","param","name","CallExpression","callee","replaceWith","REF","ARGS","arguments","object","property","add","MemberExpression","parent","OBJECT","Identifier","program","findParent","body","declarations","id","unshift","TemplateLiteral","getData","replacementQuasis","replacementExpressions","quasis","quasi","templateLiteral","expression","setData","StringLiteral","replacement","acc","binaryExpression","skip","BinaryExpression","errorMessage","operator","isUnaryExpression","right","isUpdateExpression","argument","left","end","start","includes","Error","file","transformSync","configFile","parserOpts","strictMode","attachComment","compact","plugins","map","error","message"],"mappings":"AAAA,wDAAwD;;;;;;;;;;;;;;;IAoNxCA,iBAAiB;eAAjBA;;;sBAlNwB;uBASjC;IAgDA;UAAKC,kBAAkB;IAAlBA,mBACVC,sBAAmB;GADTD,uBAAAA;AAIZ,sEAAsE;AACtE,uEAAuE;AACvE,wEAAwE;AACxE,MAAME,cAAc;AAEpB,4EAA4E;AAC5E,cAAc;AACd,MAAMC,yBAAyBC,IAAAA,sBAAe,EAAC;IAAEC,KAAK;IAAIC,QAAQ;AAAG;AAErE,MAAMC,cAAcC,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAExC,CAAC;AAED,MAAMC,oBAAoBF,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAE9C,CAAC;AAED,MAAME,4BAA4BH,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAEtD,CAAC;AAED;;;;;;;;;;;CAWC,GACD,SAASG,YAAYC,KAAa;IAChC,MAAMC,SAASD,MAAME,KAAK,CAACb;IAC3B,OACEY,MACE,oEAAoE;IACpE,sEAAsE;KACrEE,MAAM,CAAC,CAACC,QAAUA,UAAU,MAAMA,UAAUC;AAEnD;AAEA;;;;;;;;;;CAUC,GACD,SAASC,2BACPN,KAAa;IAEb,6DAA6D;IAC7D,kEAAkE;IAClE,uEAAuE;IACvE,MAAMO,UAA8BC,MAAMC,IAAI,CAACT,MAAMU,QAAQ,CAACrB;IAE9D,IAAIkB,QAAQI,MAAM,GAAG,GAAG;QACtB,MAAMC,SAASL,QAAQM,MAAM,CAC3B,CAAC,CAACC,UAAUC,YAAY,EAAEC,UAAUC,OAAOC;YACzC,MAAM,GAAGC,OAAOC,KAAK,GAAGJ,SAASb,MAAM,CAAC,CAACX,MAAQA,QAAQa;YAEzD,kEAAkE;YAClE,aAAa;YACb,MAAMgB,SAASrB,MAAMsB,KAAK,CACxBL,UAAU,IACN,IACA,AAACC,MAAM,CAACD,QAAQ,EAAE,CAACA,KAAK,GAAcC,MAAM,CAACD,QAAQ,EAAE,CAAC,EAAE,CAACN,MAAM,EACrEK,SAASC,KAAK;YAGhB,OAAO;gBACL;uBACKH;oBACHvB,IAAAA,sBAAe,EAAC;wBACdC,KAAK+B,oBAAoBF;wBACzB5B,QAAQ4B;oBACV;oBACA/B;iBACD;gBACD;uBAAIyB;oBAAaS,IAAAA,oBAAa,EAACL;oBAAQK,IAAAA,oBAAa,EAACJ;iBAAM;aAC5D;QACH,GACA;YAAC,EAAE;YAAE,EAAE;SAAC;QAGV,mDAAmD;QACnD,MAAMK,YAAYlB,OAAO,CAACA,QAAQI,MAAM,GAAG,EAAE;QAC7C,MAAMe,SAAS1B,MAAMsB,KAAK,CACxB,AAACG,UAAUR,KAAK,GAAcQ,SAAS,CAAC,EAAE,CAACd,MAAM;QAGnD,OAAO;YACL;mBACKC,MAAM,CAAC,EAAE;gBACZrB,IAAAA,sBAAe,EAAC;oBAAEC,KAAK+B,oBAAoBG;oBAASjC,QAAQiC;gBAAO;aACpE;YACDd,MAAM,CAAC,EAAE;SACV;IACH;IAEA,6DAA6D;IAC7D,OAAO;QACL;YAACrB,IAAAA,sBAAe,EAAC;gBAAEC,KAAK+B,oBAAoBvB;gBAAQP,QAAQO;YAAM;SAAG;QACrE,EAAE;KACH;AACH;AAEA;;;;;;;CAOC,GACD,SAASuB,oBAAoBvB,KAAa;IACxC,OAAOA,MAAM2B,OAAO,CAAC,eAAe;AACtC;AA0BO,SAASzC,kBACd0C,IAAY,EACZ,EACEC,gBAAgB,IAAI,EACpBC,WAAWC,UAAU,EACrBC,cAAc,EACc,GAAG,CAAC,CAAC;IAEnC,MAAMC,WAAW,IAAIC;IAErB,MAAMC,MAAwB,CAAC,EAAEC,GAAG,EAAE;QACpCA,IAAIC,QAAQ,EAAEC,QAAQ,CAACC;YACrB,wEAAwE;YACxE,qEAAqE;YACrE,+DAA+D;YAC/D,qIAAqI;YACrIA,QAAQvC,KAAK,GAAGuC,QAAQvC,KAAK,CAC1B2B,OAAO,CAAC,IAAIa,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,OAAO,SACvCb,OAAO,CAAC,IAAIa,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,OAAO,QACtCb,OAAO,CAAC,oBAAoB;QACjC;IACF;IAEA,MAAMc,UAAyB;QAC7BC,oBAAmBC,IAAI;YACrB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,yEAAyE;YACzE,yEAAyE;YACzE,gDAAgD;YAChD,EAAE;YACF,+DAA+D;YAC/D,qEAAqE;YACrE,oBAAoB;YACpB,EAAE;YACF,uEAAuE;YACvE,oEAAoE;YACpE,IAAIC,KAAKC,IAAI,KAAK,wBAAwBD,KAAKE,KAAK,EAAEC,eAAe;gBACnEH,KAAKI,MAAM,GAAGJ,KAAKI,MAAM,CAAC7C,MAAM,CAC9B,CAAC8C,QAAU,CAAEA,CAAAA,MAAMJ,IAAI,KAAK,gBAAgBI,MAAMC,IAAI,KAAK,QAAO;YAEtE;QACF;QAEAC,gBAAeR,IAAI;YACjB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,6CAA6C;YAC7C,IAAIC,KAAKQ,MAAM,CAACP,IAAI,KAAK,gBAAgBD,KAAKQ,MAAM,CAACF,IAAI,KAAK,QAAQ;gBACpEP,KAAKU,WAAW,CACd3D,YAAY;oBACV4D,KAAKV,KAAKQ,MAAM;oBAChBG,MAAMX,KAAKY,SAAS;gBACtB;YAEJ;YAEA,uDAAuD;YACvD,IACEZ,KAAKQ,MAAM,CAACP,IAAI,KAAK,sBACrBD,KAAKQ,MAAM,CAACK,MAAM,CAACZ,IAAI,KAAK,gBAC5BD,KAAKQ,MAAM,CAACK,MAAM,CAACP,IAAI,KAAK,UAC5BN,KAAKQ,MAAM,CAACM,QAAQ,CAACb,IAAI,KAAK,gBAC9BD,KAAKQ,MAAM,CAACM,QAAQ,CAACR,IAAI,KAAK,UAC9B;gBACAjB,SAAS0B,GAAG,CAACxE,mBAAmBC,gBAAgB;YAClD;QACF;QAEAwE,kBAAiBjB,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,2DAA2D;YAC3D,IACEC,KAAKc,QAAQ,CAACb,IAAI,KAAK,gBACvBD,KAAKc,QAAQ,CAACR,IAAI,KAAK,UACvB,gFAAgF;YAChFP,KAAKkB,MAAM,CAAChB,IAAI,KAAK,oBACrBF,KAAKkB,MAAM,CAACT,MAAM,KAAKR,MACvB;gBACAD,KAAKU,WAAW,CACdxD,kBAAkB;oBAChBiE,QAAQlB,KAAKa,MAAM;oBACnBH,KAAKV,KAAKc,QAAQ;gBACpB;YAEJ;QACF;QAEAK,YAAWpB,IAAI;YACb,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,+DAA+D;YAC/D,IAAIC,KAAKM,IAAI,KAAK,sBAAsB;gBACtC,MAAMc,UAAUrB,KAAKsB,UAAU,CAC7B,CAACJ,SAAWA,OAAOjB,IAAI,CAACC,IAAI,KAAK;gBAGnC,gEAAgE;gBAChE,oBAAoB;gBACpB,IAAImB,SAASpB,KAAKC,SAAS,WAAW;oBACpC,MAAMqB,OAAOF,QAAQpB,IAAI,CAACsB,IAAI,CAAC,EAAE;oBAEjC,oEAAoE;oBACpE,IACEA,KAAKrB,IAAI,KAAK,yBACd,AAACqB,KAAKC,YAAY,CAAC,EAAE,CAACC,EAAE,CAAgBlB,IAAI,KAC1C,sBACF;wBACA;oBACF;oBAEAc,SAASpB,KAAKsB,KAAKG,QAAQvE;gBAC7B;YACF;QACF;QAEAwE,iBAAgB3B,IAAI;YAClB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,wEAAwE;YACxE,0EAA0E;YAC1E,yEAAyE;YACzE,IAAIA,KAAK4B,OAAO,CAAC,YAAY;gBAC3B;YACF;YAEA,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM,CAACC,mBAAmBC,uBAAuB,GAAG7B,KAAK8B,MAAM,CAAC7D,MAAM,CAGpE,CAAC,CAACC,UAAUC,YAAY,EAAE4D,OAAO1D;gBAC/B,sEAAsE;gBACtE,6BAA6B;gBAC7B,gGAAgG;gBAChG,MAAMhB,SAASK,2BACbqE,MAAM3E,KAAK,CAACP,MAAM;gBAGpB,6CAA6C;gBAC7C,IAAIQ,MAAM,CAAC,EAAE,CAACU,MAAM,IAAI,GAAG;oBACzB,OAAO;wBACL;+BAAIG;4BAAU6D;yBAAM;wBACpB;+BAAI5D;4BAAa6B,KAAK7B,WAAW,CAACE,MAAM;yBAAe;qBACxD;gBACH;gBAEA,OAAO;oBACL;2BAAIH;2BAAab,MAAM,CAAC,EAAE;qBAAC;oBAC3B;2BACKc;2BACAd,MAAM,CAAC,EAAE;wBACZ2C,KAAK7B,WAAW,CAACE,MAAM;qBACxB;iBACF;YACH,GACA;gBAAC,EAAE;gBAAE,EAAE;aAAC;YAGV0B,KAAKU,WAAW,CACduB,IAAAA,sBAAe,EACbJ,mBACAC,uBAAuBtE,MAAM,CAC3B,CAAC0E,aAAeA,eAAexE;YAKrCsC,KAAKmC,OAAO,CAAC,WAAW;QAC1B;QAEAC,eAAcpC,IAAI;YAChB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM1C,SAASF,YAAY6C,KAAK5C,KAAK;YAErC,4DAA4D;YAC5D,IAAIC,OAAOU,MAAM,IAAI,GAAG;gBACtB;YACF;YAEA,MAAMqE,cAAc/E,OACjBqB,KAAK,CAAC,GACNT,MAAM,CACL,CAACoE,KAAKjF,QAAUkF,IAAAA,uBAAgB,EAAC,KAAKD,KAAKzD,IAAAA,oBAAa,EAACxB,SACzDwB,IAAAA,oBAAa,EAACvB,MAAM,CAAC,EAAE;YAG3B0C,KAAKU,WAAW,CAAC2B;YACjBrC,KAAKwC,IAAI;QACX;QAEAC,kBAAiBzC,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,MAAM0C,eACJ,0FACA,uFACA,uFACA;YAEF,IACEzC,KAAK0C,QAAQ,KAAK,OAClBC,IAAAA,wBAAiB,EAAC3C,KAAK4C,KAAK,KAC5BC,IAAAA,yBAAkB,EAAC7C,KAAK4C,KAAK,CAACE,QAAQ,KACtC9C,KAAK4C,KAAK,CAACE,QAAQ,CAACJ,QAAQ,KAAK,QACjC1C,KAAK+C,IAAI,CAACC,GAAG,IACbhD,KAAK4C,KAAK,CAACE,QAAQ,CAACA,QAAQ,CAACG,KAAK,EAClC;gBACA,MAAMhB,aAAajD,KAAKN,KAAK,CAC3BsB,KAAK+C,IAAI,CAACC,GAAG,EACbhD,KAAK4C,KAAK,CAACE,QAAQ,CAACA,QAAQ,CAACG,KAAK;gBAGpC,IAAIhB,WAAWiB,QAAQ,CAAC,SAAS;oBAC/B,MAAM,IAAIC,MAAMV;gBAClB;YACF;YAEA,IACEzC,KAAK0C,QAAQ,KAAK,OAClBG,IAAAA,yBAAkB,EAAC7C,KAAK+C,IAAI,KAC5B/C,KAAK+C,IAAI,CAACL,QAAQ,KAAK,QACvB1C,KAAK+C,IAAI,CAACD,QAAQ,CAACE,GAAG,IACtBhD,KAAK4C,KAAK,CAACK,KAAK,EAChB;gBACA,MAAMhB,aAAajD,KAAKN,KAAK,CAACsB,KAAK+C,IAAI,CAACD,QAAQ,CAACE,GAAG,EAAEhD,KAAK4C,KAAK,CAACK,KAAK;gBAEtE,IAAIhB,WAAWiB,QAAQ,CAAC,QAAQ;oBAC9B,MAAM,IAAIC,MAAMV;gBAClB;YACF;QACF;IACF;IAEA,IAAI;QACF,MAAMW,OAAOC,IAAAA,mBAAa,EAACrE,MAAM;YAC/B,kDAAkD;YAClDsE,YAAY;YAEZC,YAAY;gBACV,sEAAsE;gBACtEC,YAAY;gBAEZ,sEAAsE;gBACtE,wEAAwE;gBACxEC,eAAe,CAACxE;YAClB;YAEA,mEAAmE;YACnE,yEAAyE;YACzEyE,SAAS;YAET,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnEtE;YACAD;YAEAwE,SAAS;gBACP,IAAO,CAAA;wBACLpE;wBACAM;oBACF,CAAA;aACD;QACH;QAEA,IAAI,CAACuD,MAAMpE,MAAM;YACf,MAAM,IAAImE,MAAM;QAClB;QAEA,OAAO;YACLnE,MAAMoE,KAAKpE,IAAI;YACfE,WAAWkE,KAAKQ,GAAG;YACnBvE,UAAUzB,MAAMC,IAAI,CAACwB;QACvB;IACF,EAAE,OAAOwE,OAAO;QACd,MAAM,IAAIV,MAAM,CAAC,8BAA8B,EAAEU,MAAMC,OAAO,CAAC,CAAC;IAClE;AACF"}
+{"version":3,"sources":["../../src/post-process.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/no-shadow\nimport type { Node, Visitor, PluginObj } from '@babel/core';\nimport { transformSync, template } from '@babel/core';\nimport type { Expression, Identifier, TemplateElement } from '@babel/types';\nimport {\n  binaryExpression,\n  isUnaryExpression,\n  isUpdateExpression,\n  stringLiteral,\n  templateElement,\n  templateLiteral,\n} from '@babel/types';\n\n/**\n * Source map declaration taken from `@babel/core`. Babel doesn't export the\n * type for this, so it's copied from the source code instead here.\n */\nexport type SourceMap = {\n  version: number;\n  sources: string[];\n  names: string[];\n  sourceRoot?: string | undefined;\n  sourcesContent?: string[] | undefined;\n  mappings: string;\n  file: string;\n};\n\n/**\n * The post process options.\n *\n * @property stripComments - Whether to strip comments. Defaults to `true`.\n * @property sourceMap - Whether to generate a source map for the modified code.\n * See also `inputSourceMap`.\n * @property inputSourceMap - The source map for the input code. When provided,\n * the source map will be used to generate a source map for the modified code.\n * This ensures that the source map is correct for the modified code, and still\n * points to the original source. If not provided, a new source map will be\n * generated instead.\n */\nexport type PostProcessOptions = {\n  stripComments?: boolean;\n  sourceMap?: boolean | 'inline';\n  inputSourceMap?: SourceMap;\n};\n\n/**\n * The post processed bundle output.\n *\n * @property code - The modified code.\n * @property sourceMap - The source map for the modified code, if the source map\n * option was enabled.\n * @property warnings - Any warnings that occurred during the post-processing.\n */\nexport type PostProcessedBundle = {\n  code: string;\n  sourceMap?: SourceMap | null;\n  warnings: PostProcessWarning[];\n};\n\nexport enum PostProcessWarning {\n  UnsafeMathRandom = '`Math.random` was detected in the Snap bundle. This is not a secure source of randomness, and should not be used in a secure context. Use `crypto.getRandomValues` instead.',\n}\n\n// The RegEx below consists of multiple groups joined by a boolean OR.\n// Each part consists of two groups which capture a part of each string\n// which needs to be split up, e.g., `<!--` is split into `<!` and `--`.\nconst TOKEN_REGEX = /(<!)(--)|(--)(>)|(import)(\\(.*?\\))/gu;\n\n// An empty template element, i.e., a part of a template literal without any\n// value (\"\").\nconst EMPTY_TEMPLATE_ELEMENT = templateElement({ raw: '', cooked: '' });\n\nconst evalWrapper = template.statement(`\n  (1, REF)(ARGS)\n`);\n\nconst objectEvalWrapper = template.statement(`\n  (1, OBJECT.REF)\n`);\n\nconst regeneratorRuntimeWrapper = template.statement(`\n  var regeneratorRuntime;\n`);\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into an array, in a way that it can be joined\n * together to form the same string, but with the tokens separated into single\n * array elements.\n */\nfunction breakTokens(value: string): string[] {\n  const tokens = value.split(TOKEN_REGEX);\n  return (\n    tokens\n      // TODO: The `split` above results in some values being `undefined`.\n      // There may be a better solution to avoid having to filter those out.\n      .filter((token) => token !== '' && token !== undefined)\n  );\n}\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into a tuple consisting of the new template\n * elements and string literal expressions.\n */\nfunction breakTokensTemplateLiteral(\n  value: string,\n): [TemplateElement[], Expression[]] {\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore `matchAll` is not available in ES2017, but this code\n  // should only be used in environments where the function is supported.\n  const matches: RegExpMatchArray[] = Array.from(value.matchAll(TOKEN_REGEX));\n\n  if (matches.length > 0) {\n    const output = matches.reduce<[TemplateElement[], Expression[]]>(\n      ([elements, expressions], rawMatch, index, values) => {\n        const [, first, last] = rawMatch.filter((raw) => raw !== undefined);\n\n        // Slice the text in front of the match, which does not need to be\n        // broken up.\n        const prefix = value.slice(\n          index === 0\n            ? 0\n            : (values[index - 1].index as number) + values[index - 1][0].length,\n          rawMatch.index,\n        );\n\n        return [\n          [\n            ...elements,\n            templateElement({\n              raw: getRawTemplateValue(prefix),\n              cooked: prefix,\n            }),\n            EMPTY_TEMPLATE_ELEMENT,\n          ],\n          [...expressions, stringLiteral(first), stringLiteral(last)],\n        ];\n      },\n      [[], []],\n    );\n\n    // Add the text after the last match to the output.\n    const lastMatch = matches[matches.length - 1];\n    const suffix = value.slice(\n      (lastMatch.index as number) + lastMatch[0].length,\n    );\n\n    return [\n      [\n        ...output[0],\n        templateElement({ raw: getRawTemplateValue(suffix), cooked: suffix }),\n      ],\n      output[1],\n    ];\n  }\n\n  // If there are no matches, simply return the original value.\n  return [\n    [templateElement({ raw: getRawTemplateValue(value), cooked: value })],\n    [],\n  ];\n}\n\n/**\n * Get a raw template literal value from a cooked value. This adds a backslash\n * before every '`', '\\' and '${' characters.\n *\n * @see https://github.com/babel/babel/issues/9242#issuecomment-532529613\n * @param value - The cooked string to get the raw string for.\n * @returns The value as raw value.\n */\nfunction getRawTemplateValue(value: string) {\n  return value.replace(/\\\\|`|\\$\\{/gu, '\\\\$&');\n}\n\n/**\n * Post process code with AST such that it can be evaluated in SES.\n *\n * Currently:\n * - Makes all direct calls to eval indirect.\n * - Handles certain Babel-related edge cases.\n * - Removes the `Buffer` provided by Browserify.\n * - Optionally removes comments.\n * - Breaks up tokens that would otherwise result in SES errors, such as HTML\n * comment tags `<!--` and `-->` and `import(n)` statements.\n *\n * @param code - The code to post process.\n * @param options - The post-process options.\n * @param options.stripComments - Whether to strip comments. Defaults to `true`.\n * @param options.sourceMap - Whether to generate a source map for the modified\n * code. See also `inputSourceMap`.\n * @param options.inputSourceMap - The source map for the input code. When\n * provided, the source map will be used to generate a source map for the\n * modified code. This ensures that the source map is correct for the modified\n * code, and still points to the original source. If not provided, a new source\n * map will be generated instead.\n * @returns An object containing the modified code, and source map, or null if\n * the provided code is null.\n */\nexport function postProcessBundle(\n  code: string,\n  {\n    stripComments = true,\n    sourceMap: sourceMaps,\n    inputSourceMap,\n  }: Partial<PostProcessOptions> = {},\n): PostProcessedBundle {\n  const warnings = new Set<PostProcessWarning>();\n\n  const pre: PluginObj['pre'] = ({ ast }) => {\n    ast.comments?.forEach((comment) => {\n      // Break up tokens that could be parsed as HTML comment terminators. The\n      // regular expressions below are written strangely so as to avoid the\n      // appearance of such tokens in our source code. For reference:\n      // https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      comment.value = comment.value\n        .replace(new RegExp(`<!${'--'}`, 'gu'), '< !--')\n        .replace(new RegExp(`${'--'}>`, 'gu'), '-- >')\n        .replace(/import(\\(.*\\))/gu, 'import\\\\$1');\n    });\n  };\n\n  const visitor: Visitor<Node> = {\n    FunctionExpression(path) {\n      const { node } = path;\n\n      // Browserify provides the `Buffer` global as an argument to modules that\n      // use it, but this does not work in SES. Since we pass in `Buffer` as an\n      // endowment, we can simply remove the argument.\n      //\n      // Note that this only removes `Buffer` from a wrapped function\n      // expression, e.g., `(function (Buffer) { ... })`. Regular functions\n      // are not affected.\n      //\n      // TODO: Since we're working on the AST level, we could check the scope\n      // of the function expression, and possibly prevent false positives?\n      if (node.type === 'FunctionExpression' && node.extra?.parenthesized) {\n        node.params = node.params.filter(\n          (param) => !(param.type === 'Identifier' && param.name === 'Buffer'),\n        );\n      }\n    },\n\n    CallExpression(path) {\n      const { node } = path;\n\n      // Replace `eval(foo)` with `(1, eval)(foo)`.\n      if (node.callee.type === 'Identifier' && node.callee.name === 'eval') {\n        path.replaceWith(\n          evalWrapper({\n            REF: node.callee,\n            ARGS: node.arguments,\n          }),\n        );\n      }\n\n      // Detect the use of `Math.random()` and add a warning.\n      if (\n        node.callee.type === 'MemberExpression' &&\n        node.callee.object.type === 'Identifier' &&\n        node.callee.object.name === 'Math' &&\n        node.callee.property.type === 'Identifier' &&\n        node.callee.property.name === 'random'\n      ) {\n        warnings.add(PostProcessWarning.UnsafeMathRandom);\n      }\n    },\n\n    MemberExpression(path) {\n      const { node } = path;\n\n      // Replace `object.eval(foo)` with `(1, object.eval)(foo)`.\n      if (\n        node.property.type === 'Identifier' &&\n        node.property.name === 'eval' &&\n        // We only apply this to MemberExpressions that are the callee of CallExpression\n        path.parent.type === 'CallExpression' &&\n        path.parent.callee === node\n      ) {\n        path.replaceWith(\n          objectEvalWrapper({\n            OBJECT: node.object,\n            REF: node.property,\n          }),\n        );\n      }\n    },\n\n    Identifier(path) {\n      const { node } = path;\n\n      // Insert `regeneratorRuntime` global if it's used in the code.\n      if (node.name === 'regeneratorRuntime') {\n        const program = path.findParent(\n          (parent) => parent.node.type === 'Program',\n        );\n\n        // We know that `program` is a Program node here, but this keeps\n        // TypeScript happy.\n        if (program?.node.type === 'Program') {\n          const body = program.node.body[0];\n\n          // This stops it from inserting `regeneratorRuntime` multiple times.\n          if (\n            body.type === 'VariableDeclaration' &&\n            (body.declarations[0].id as Identifier).name ===\n              'regeneratorRuntime'\n          ) {\n            return;\n          }\n\n          program?.node.body.unshift(regeneratorRuntimeWrapper());\n        }\n      }\n    },\n\n    TemplateLiteral(path) {\n      const { node } = path;\n\n      // This checks if the template literal was visited before. Without this,\n      // it would cause an infinite loop resulting in a stack overflow. We can't\n      // skip the path here, because we need to visit the children of the node.\n      if (path.getData('visited')) {\n        return;\n      }\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const [replacementQuasis, replacementExpressions] = node.quasis.reduce<\n        [TemplateElement[], Expression[]]\n      >(\n        ([elements, expressions], quasi, index) => {\n          // Note: Template literals have two variants, \"cooked\" and \"raw\". Here\n          // we use the cooked version.\n          // https://exploringjs.com/impatient-js/ch_template-literals.html#template-strings-cooked-vs-raw\n          const tokens = breakTokensTemplateLiteral(\n            quasi.value.cooked as string,\n          );\n\n          // Only update the node if something changed.\n          if (tokens[0].length <= 1) {\n            return [\n              [...elements, quasi],\n              [...expressions, node.expressions[index] as Expression],\n            ];\n          }\n\n          return [\n            [...elements, ...tokens[0]],\n            [\n              ...expressions,\n              ...tokens[1],\n              node.expressions[index] as Expression,\n            ],\n          ];\n        },\n        [[], []],\n      );\n\n      path.replaceWith(\n        templateLiteral(\n          replacementQuasis,\n          replacementExpressions.filter(\n            (expression) => expression !== undefined,\n          ),\n        ) as Node,\n      );\n\n      path.setData('visited', true);\n    },\n\n    StringLiteral(path) {\n      const { node } = path;\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const tokens = breakTokens(node.value);\n\n      // Only update the node if the string literal was broken up.\n      if (tokens.length <= 1) {\n        return;\n      }\n\n      const replacement = tokens\n        .slice(1)\n        .reduce<Expression>(\n          (acc, value) => binaryExpression('+', acc, stringLiteral(value)),\n          stringLiteral(tokens[0]),\n        );\n\n      path.replaceWith(replacement as Node);\n      path.skip();\n    },\n\n    BinaryExpression(path) {\n      const { node } = path;\n\n      const errorMessage =\n        'Using HTML comments (`<!--` and `-->`) as operators is not allowed. The behaviour of ' +\n        'these comments is ambiguous, and differs per browser and environment. If you want ' +\n        'to use them as operators, break them up into separate characters, i.e., `a-- > b` ' +\n        'and `a < ! --b`.';\n\n      if (\n        node.operator === '<' &&\n        isUnaryExpression(node.right) &&\n        isUpdateExpression(node.right.argument) &&\n        node.right.argument.operator === '--' &&\n        node.left.end &&\n        node.right.argument.argument.start\n      ) {\n        const expression = code.slice(\n          node.left.end,\n          node.right.argument.argument.start,\n        );\n\n        if (expression.includes('<!--')) {\n          throw new Error(errorMessage);\n        }\n      }\n\n      if (\n        node.operator === '>' &&\n        isUpdateExpression(node.left) &&\n        node.left.operator === '--' &&\n        node.left.argument.end &&\n        node.right.start\n      ) {\n        const expression = code.slice(node.left.argument.end, node.right.start);\n\n        if (expression.includes('-->')) {\n          throw new Error(errorMessage);\n        }\n      }\n    },\n  };\n\n  try {\n    const file = transformSync(code, {\n      // Prevent Babel from searching for a config file.\n      configFile: false,\n\n      parserOpts: {\n        // Strict mode isn't enabled by default, so we need to enable it here.\n        strictMode: true,\n\n        // If this is disabled, the AST does not include any comments. This is\n        // useful for performance reasons, and we use it for stripping comments.\n        attachComment: !stripComments,\n      },\n\n      // By default, Babel optimises bundles that exceed 500 KB, but that\n      // results in characters which look like HTML comments, which breaks SES.\n      compact: false,\n\n      // This configures Babel to generate a new source map from the existing\n      // source map if specified. If `sourceMap` is `true` but an input source\n      // map is not provided, a new source map will be generated instead.\n      inputSourceMap,\n      sourceMaps,\n\n      plugins: [\n        () => ({\n          pre,\n          visitor,\n        }),\n      ],\n    });\n\n    if (!file?.code) {\n      throw new Error('Bundled code is empty.');\n    }\n\n    return {\n      code: file.code,\n      sourceMap: file.map,\n      warnings: Array.from(warnings),\n    };\n  } catch (error) {\n    throw new Error(`Failed to post process code:\\n${error.message}`);\n  }\n}\n"],"names":["postProcessBundle","PostProcessWarning","UnsafeMathRandom","TOKEN_REGEX","EMPTY_TEMPLATE_ELEMENT","templateElement","raw","cooked","evalWrapper","template","statement","objectEvalWrapper","regeneratorRuntimeWrapper","breakTokens","value","tokens","split","filter","token","undefined","breakTokensTemplateLiteral","matches","Array","from","matchAll","length","output","reduce","elements","expressions","rawMatch","index","values","first","last","prefix","slice","getRawTemplateValue","stringLiteral","lastMatch","suffix","replace","code","stripComments","sourceMap","sourceMaps","inputSourceMap","warnings","Set","pre","ast","comments","forEach","comment","RegExp","visitor","FunctionExpression","path","node","type","extra","parenthesized","params","param","name","CallExpression","callee","replaceWith","REF","ARGS","arguments","object","property","add","MemberExpression","parent","OBJECT","Identifier","program","findParent","body","declarations","id","unshift","TemplateLiteral","getData","replacementQuasis","replacementExpressions","quasis","quasi","templateLiteral","expression","setData","StringLiteral","replacement","acc","binaryExpression","skip","BinaryExpression","errorMessage","operator","isUnaryExpression","right","isUpdateExpression","argument","left","end","start","includes","Error","file","transformSync","configFile","parserOpts","strictMode","attachComment","compact","plugins","map","error","message"],"mappings":"AAAA,wDAAwD;;;;;;;;;;;;;;;IAoNxCA,iBAAiB;eAAjBA;;;sBAlNwB;uBASjC;IAgDA;UAAKC,kBAAkB;IAAlBA,mBACVC,sBAAmB;GADTD,uBAAAA;AAIZ,sEAAsE;AACtE,uEAAuE;AACvE,wEAAwE;AACxE,MAAME,cAAc;AAEpB,4EAA4E;AAC5E,cAAc;AACd,MAAMC,yBAAyBC,IAAAA,sBAAe,EAAC;IAAEC,KAAK;IAAIC,QAAQ;AAAG;AAErE,MAAMC,cAAcC,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAExC,CAAC;AAED,MAAMC,oBAAoBF,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAE9C,CAAC;AAED,MAAME,4BAA4BH,cAAQ,CAACC,SAAS,CAAC,CAAC;;AAEtD,CAAC;AAED;;;;;;;;;;;CAWC,GACD,SAASG,YAAYC,KAAa;IAChC,MAAMC,SAASD,MAAME,KAAK,CAACb;IAC3B,OACEY,MACE,oEAAoE;IACpE,sEAAsE;KACrEE,MAAM,CAAC,CAACC,QAAUA,UAAU,MAAMA,UAAUC;AAEnD;AAEA;;;;;;;;;;CAUC,GACD,SAASC,2BACPN,KAAa;IAEb,6DAA6D;IAC7D,kEAAkE;IAClE,uEAAuE;IACvE,MAAMO,UAA8BC,MAAMC,IAAI,CAACT,MAAMU,QAAQ,CAACrB;IAE9D,IAAIkB,QAAQI,MAAM,GAAG,GAAG;QACtB,MAAMC,SAASL,QAAQM,MAAM,CAC3B,CAAC,CAACC,UAAUC,YAAY,EAAEC,UAAUC,OAAOC;YACzC,MAAM,GAAGC,OAAOC,KAAK,GAAGJ,SAASb,MAAM,CAAC,CAACX,MAAQA,QAAQa;YAEzD,kEAAkE;YAClE,aAAa;YACb,MAAMgB,SAASrB,MAAMsB,KAAK,CACxBL,UAAU,IACN,IACA,AAACC,MAAM,CAACD,QAAQ,EAAE,CAACA,KAAK,GAAcC,MAAM,CAACD,QAAQ,EAAE,CAAC,EAAE,CAACN,MAAM,EACrEK,SAASC,KAAK;YAGhB,OAAO;gBACL;uBACKH;oBACHvB,IAAAA,sBAAe,EAAC;wBACdC,KAAK+B,oBAAoBF;wBACzB5B,QAAQ4B;oBACV;oBACA/B;iBACD;gBACD;uBAAIyB;oBAAaS,IAAAA,oBAAa,EAACL;oBAAQK,IAAAA,oBAAa,EAACJ;iBAAM;aAC5D;QACH,GACA;YAAC,EAAE;YAAE,EAAE;SAAC;QAGV,mDAAmD;QACnD,MAAMK,YAAYlB,OAAO,CAACA,QAAQI,MAAM,GAAG,EAAE;QAC7C,MAAMe,SAAS1B,MAAMsB,KAAK,CACxB,AAACG,UAAUR,KAAK,GAAcQ,SAAS,CAAC,EAAE,CAACd,MAAM;QAGnD,OAAO;YACL;mBACKC,MAAM,CAAC,EAAE;gBACZrB,IAAAA,sBAAe,EAAC;oBAAEC,KAAK+B,oBAAoBG;oBAASjC,QAAQiC;gBAAO;aACpE;YACDd,MAAM,CAAC,EAAE;SACV;IACH;IAEA,6DAA6D;IAC7D,OAAO;QACL;YAACrB,IAAAA,sBAAe,EAAC;gBAAEC,KAAK+B,oBAAoBvB;gBAAQP,QAAQO;YAAM;SAAG;QACrE,EAAE;KACH;AACH;AAEA;;;;;;;CAOC,GACD,SAASuB,oBAAoBvB,KAAa;IACxC,OAAOA,MAAM2B,OAAO,CAAC,eAAe;AACtC;AA0BO,SAASzC,kBACd0C,IAAY,EACZ,EACEC,gBAAgB,IAAI,EACpBC,WAAWC,UAAU,EACrBC,cAAc,EACc,GAAG,CAAC,CAAC;IAEnC,MAAMC,WAAW,IAAIC;IAErB,MAAMC,MAAwB,CAAC,EAAEC,GAAG,EAAE;QACpCA,IAAIC,QAAQ,EAAEC,QAAQ,CAACC;YACrB,wEAAwE;YACxE,qEAAqE;YACrE,+DAA+D;YAC/D,qIAAqI;YACrIA,QAAQvC,KAAK,GAAGuC,QAAQvC,KAAK,CAC1B2B,OAAO,CAAC,IAAIa,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,OAAO,SACvCb,OAAO,CAAC,IAAIa,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,OAAO,QACtCb,OAAO,CAAC,oBAAoB;QACjC;IACF;IAEA,MAAMc,UAAyB;QAC7BC,oBAAmBC,IAAI;YACrB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,yEAAyE;YACzE,yEAAyE;YACzE,gDAAgD;YAChD,EAAE;YACF,+DAA+D;YAC/D,qEAAqE;YACrE,oBAAoB;YACpB,EAAE;YACF,uEAAuE;YACvE,oEAAoE;YACpE,IAAIC,KAAKC,IAAI,KAAK,wBAAwBD,KAAKE,KAAK,EAAEC,eAAe;gBACnEH,KAAKI,MAAM,GAAGJ,KAAKI,MAAM,CAAC7C,MAAM,CAC9B,CAAC8C,QAAU,CAAEA,CAAAA,MAAMJ,IAAI,KAAK,gBAAgBI,MAAMC,IAAI,KAAK,QAAO;YAEtE;QACF;QAEAC,gBAAeR,IAAI;YACjB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,6CAA6C;YAC7C,IAAIC,KAAKQ,MAAM,CAACP,IAAI,KAAK,gBAAgBD,KAAKQ,MAAM,CAACF,IAAI,KAAK,QAAQ;gBACpEP,KAAKU,WAAW,CACd3D,YAAY;oBACV4D,KAAKV,KAAKQ,MAAM;oBAChBG,MAAMX,KAAKY,SAAS;gBACtB;YAEJ;YAEA,uDAAuD;YACvD,IACEZ,KAAKQ,MAAM,CAACP,IAAI,KAAK,sBACrBD,KAAKQ,MAAM,CAACK,MAAM,CAACZ,IAAI,KAAK,gBAC5BD,KAAKQ,MAAM,CAACK,MAAM,CAACP,IAAI,KAAK,UAC5BN,KAAKQ,MAAM,CAACM,QAAQ,CAACb,IAAI,KAAK,gBAC9BD,KAAKQ,MAAM,CAACM,QAAQ,CAACR,IAAI,KAAK,UAC9B;gBACAjB,SAAS0B,GAAG,CAACxE,mBAAmBC,gBAAgB;YAClD;QACF;QAEAwE,kBAAiBjB,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,2DAA2D;YAC3D,IACEC,KAAKc,QAAQ,CAACb,IAAI,KAAK,gBACvBD,KAAKc,QAAQ,CAACR,IAAI,KAAK,UACvB,gFAAgF;YAChFP,KAAKkB,MAAM,CAAChB,IAAI,KAAK,oBACrBF,KAAKkB,MAAM,CAACT,MAAM,KAAKR,MACvB;gBACAD,KAAKU,WAAW,CACdxD,kBAAkB;oBAChBiE,QAAQlB,KAAKa,MAAM;oBACnBH,KAAKV,KAAKc,QAAQ;gBACpB;YAEJ;QACF;QAEAK,YAAWpB,IAAI;YACb,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,+DAA+D;YAC/D,IAAIC,KAAKM,IAAI,KAAK,sBAAsB;gBACtC,MAAMc,UAAUrB,KAAKsB,UAAU,CAC7B,CAACJ,SAAWA,OAAOjB,IAAI,CAACC,IAAI,KAAK;gBAGnC,gEAAgE;gBAChE,oBAAoB;gBACpB,IAAImB,SAASpB,KAAKC,SAAS,WAAW;oBACpC,MAAMqB,OAAOF,QAAQpB,IAAI,CAACsB,IAAI,CAAC,EAAE;oBAEjC,oEAAoE;oBACpE,IACEA,KAAKrB,IAAI,KAAK,yBACd,AAACqB,KAAKC,YAAY,CAAC,EAAE,CAACC,EAAE,CAAgBlB,IAAI,KAC1C,sBACF;wBACA;oBACF;oBAEAc,SAASpB,KAAKsB,KAAKG,QAAQvE;gBAC7B;YACF;QACF;QAEAwE,iBAAgB3B,IAAI;YAClB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,wEAAwE;YACxE,0EAA0E;YAC1E,yEAAyE;YACzE,IAAIA,KAAK4B,OAAO,CAAC,YAAY;gBAC3B;YACF;YAEA,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM,CAACC,mBAAmBC,uBAAuB,GAAG7B,KAAK8B,MAAM,CAAC7D,MAAM,CAGpE,CAAC,CAACC,UAAUC,YAAY,EAAE4D,OAAO1D;gBAC/B,sEAAsE;gBACtE,6BAA6B;gBAC7B,gGAAgG;gBAChG,MAAMhB,SAASK,2BACbqE,MAAM3E,KAAK,CAACP,MAAM;gBAGpB,6CAA6C;gBAC7C,IAAIQ,MAAM,CAAC,EAAE,CAACU,MAAM,IAAI,GAAG;oBACzB,OAAO;wBACL;+BAAIG;4BAAU6D;yBAAM;wBACpB;+BAAI5D;4BAAa6B,KAAK7B,WAAW,CAACE,MAAM;yBAAe;qBACxD;gBACH;gBAEA,OAAO;oBACL;2BAAIH;2BAAab,MAAM,CAAC,EAAE;qBAAC;oBAC3B;2BACKc;2BACAd,MAAM,CAAC,EAAE;wBACZ2C,KAAK7B,WAAW,CAACE,MAAM;qBACxB;iBACF;YACH,GACA;gBAAC,EAAE;gBAAE,EAAE;aAAC;YAGV0B,KAAKU,WAAW,CACduB,IAAAA,sBAAe,EACbJ,mBACAC,uBAAuBtE,MAAM,CAC3B,CAAC0E,aAAeA,eAAexE;YAKrCsC,KAAKmC,OAAO,CAAC,WAAW;QAC1B;QAEAC,eAAcpC,IAAI;YAChB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM1C,SAASF,YAAY6C,KAAK5C,KAAK;YAErC,4DAA4D;YAC5D,IAAIC,OAAOU,MAAM,IAAI,GAAG;gBACtB;YACF;YAEA,MAAMqE,cAAc/E,OACjBqB,KAAK,CAAC,GACNT,MAAM,CACL,CAACoE,KAAKjF,QAAUkF,IAAAA,uBAAgB,EAAC,KAAKD,KAAKzD,IAAAA,oBAAa,EAACxB,SACzDwB,IAAAA,oBAAa,EAACvB,MAAM,CAAC,EAAE;YAG3B0C,KAAKU,WAAW,CAAC2B;YACjBrC,KAAKwC,IAAI;QACX;QAEAC,kBAAiBzC,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,MAAM0C,eACJ,0FACA,uFACA,uFACA;YAEF,IACEzC,KAAK0C,QAAQ,KAAK,OAClBC,IAAAA,wBAAiB,EAAC3C,KAAK4C,KAAK,KAC5BC,IAAAA,yBAAkB,EAAC7C,KAAK4C,KAAK,CAACE,QAAQ,KACtC9C,KAAK4C,KAAK,CAACE,QAAQ,CAACJ,QAAQ,KAAK,QACjC1C,KAAK+C,IAAI,CAACC,GAAG,IACbhD,KAAK4C,KAAK,CAACE,QAAQ,CAACA,QAAQ,CAACG,KAAK,EAClC;gBACA,MAAMhB,aAAajD,KAAKN,KAAK,CAC3BsB,KAAK+C,IAAI,CAACC,GAAG,EACbhD,KAAK4C,KAAK,CAACE,QAAQ,CAACA,QAAQ,CAACG,KAAK;gBAGpC,IAAIhB,WAAWiB,QAAQ,CAAC,SAAS;oBAC/B,MAAM,IAAIC,MAAMV;gBAClB;YACF;YAEA,IACEzC,KAAK0C,QAAQ,KAAK,OAClBG,IAAAA,yBAAkB,EAAC7C,KAAK+C,IAAI,KAC5B/C,KAAK+C,IAAI,CAACL,QAAQ,KAAK,QACvB1C,KAAK+C,IAAI,CAACD,QAAQ,CAACE,GAAG,IACtBhD,KAAK4C,KAAK,CAACK,KAAK,EAChB;gBACA,MAAMhB,aAAajD,KAAKN,KAAK,CAACsB,KAAK+C,IAAI,CAACD,QAAQ,CAACE,GAAG,EAAEhD,KAAK4C,KAAK,CAACK,KAAK;gBAEtE,IAAIhB,WAAWiB,QAAQ,CAAC,QAAQ;oBAC9B,MAAM,IAAIC,MAAMV;gBAClB;YACF;QACF;IACF;IAEA,IAAI;QACF,MAAMW,OAAOC,IAAAA,mBAAa,EAACrE,MAAM;YAC/B,kDAAkD;YAClDsE,YAAY;YAEZC,YAAY;gBACV,sEAAsE;gBACtEC,YAAY;gBAEZ,sEAAsE;gBACtE,wEAAwE;gBACxEC,eAAe,CAACxE;YAClB;YAEA,mEAAmE;YACnE,yEAAyE;YACzEyE,SAAS;YAET,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnEtE;YACAD;YAEAwE,SAAS;gBACP,IAAO,CAAA;wBACLpE;wBACAM;oBACF,CAAA;aACD;QACH;QAEA,IAAI,CAACuD,MAAMpE,MAAM;YACf,MAAM,IAAImE,MAAM;QAClB;QAEA,OAAO;YACLnE,MAAMoE,KAAKpE,IAAI;YACfE,WAAWkE,KAAKQ,GAAG;YACnBvE,UAAUzB,MAAMC,IAAI,CAACwB;QACvB;IACF,EAAE,OAAOwE,OAAO;QACd,MAAM,IAAIV,MAAM,CAAC,8BAA8B,EAAEU,MAAMC,OAAO,CAAC,CAAC;IAClE;AACF"}

package/dist/esm/icon.js

@@ -1,11 +1,51 @@
+import { isSvg, parseSvg } from '@metamask/snaps-sdk';
 import { assert } from '@metamask/utils';
-import isSvg from 'is-svg';
 export const SVG_MAX_BYTE_SIZE = 100000;
 export const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(SVG_MAX_BYTE_SIZE / 1000)}kb`;
-export const assertIsSnapIcon = (icon)=>{
+/**
+ * Assert that a virtual file containing a Snap icon is valid.
+ *
+ * @param icon - A virtual file containing a Snap icon.
+ */ export function assertIsSnapIcon(icon) {
     assert(icon.path.endsWith('.svg'), 'Expected snap icon to end in ".svg".');
     assert(Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE, `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`);
     assert(isSvg(icon.toString()), 'Snap icon must be a valid SVG.');
-};
+}
+/**
+ * Extract the dimensions of an image from an SVG string if possible.
+ *
+ * @param svg - An SVG string.
+ * @returns The height and width of the SVG or null.
+ */ export function getSvgDimensions(svg) {
+    try {
+        const parsed = parseSvg(svg);
+        const height = parsed['@_height'];
+        const width = parsed['@_width'];
+        if (height && width) {
+            return {
+                height,
+                width
+            };
+        }
+        const viewBox = parsed['@_viewBox'];
+        if (viewBox) {
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const [_minX, _minY, viewBoxWidth, viewBoxHeight] = viewBox.split(' ');
+            if (viewBoxWidth && viewBoxHeight) {
+                const parsedWidth = parseInt(viewBoxWidth, 10);
+                const parsedHeight = parseInt(viewBoxHeight, 10);
+                assert(Number.isInteger(parsedWidth) && parsedWidth > 0);
+                assert(Number.isInteger(parsedHeight) && parsedHeight > 0);
+                return {
+                    width: parsedWidth,
+                    height: parsedHeight
+                };
+            }
+        }
+    } catch  {
+        throw new Error('Snap icon must be a valid SVG.');
+    }
+    return null;
+}
 
 //# sourceMappingURL=icon.js.map

package/dist/esm/icon.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/icon.ts"],"sourcesContent":["import { assert } from '@metamask/utils';\nimport isSvg from 'is-svg';\n\nimport type { VirtualFile } from './virtual-file';\n\nexport const SVG_MAX_BYTE_SIZE = 100_000;\nexport const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(\n  SVG_MAX_BYTE_SIZE / 1000,\n)}kb`;\n\nexport const assertIsSnapIcon = (icon: VirtualFile) => {\n  assert(icon.path.endsWith('.svg'), 'Expected snap icon to end in \".svg\".');\n\n  assert(\n    Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE,\n    `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`,\n  );\n\n  assert(isSvg(icon.toString()), 'Snap icon must be a valid SVG.');\n};\n"],"names":["assert","isSvg","SVG_MAX_BYTE_SIZE","SVG_MAX_BYTE_SIZE_TEXT","Math","floor","assertIsSnapIcon","icon","path","endsWith","Buffer","byteLength","value","toString"],"mappings":"AAAA,SAASA,MAAM,QAAQ,kBAAkB;AACzC,OAAOC,WAAW,SAAS;AAI3B,OAAO,MAAMC,oBAAoB,OAAQ;AACzC,OAAO,MAAMC,yBAAyB,CAAC,EAAEC,KAAKC,KAAK,CACjDH,oBAAoB,MACpB,EAAE,CAAC,CAAC;AAEN,OAAO,MAAMI,mBAAmB,CAACC;IAC/BP,OAAOO,KAAKC,IAAI,CAACC,QAAQ,CAAC,SAAS;IAEnCT,OACEU,OAAOC,UAAU,CAACJ,KAAKK,KAAK,EAAE,WAAWV,mBACzC,CAAC,mDAAmD,EAAEC,uBAAuB,CAAC,CAAC;IAGjFH,OAAOC,MAAMM,KAAKM,QAAQ,KAAK;AACjC,EAAE"}
+{"version":3,"sources":["../../src/icon.ts"],"sourcesContent":["import { isSvg, parseSvg } from '@metamask/snaps-sdk';\nimport { assert } from '@metamask/utils';\n\nimport type { VirtualFile } from './virtual-file';\n\nexport const SVG_MAX_BYTE_SIZE = 100_000;\nexport const SVG_MAX_BYTE_SIZE_TEXT = `${Math.floor(\n  SVG_MAX_BYTE_SIZE / 1000,\n)}kb`;\n\n/**\n * Assert that a virtual file containing a Snap icon is valid.\n *\n * @param icon - A virtual file containing a Snap icon.\n */\nexport function assertIsSnapIcon(icon: VirtualFile) {\n  assert(icon.path.endsWith('.svg'), 'Expected snap icon to end in \".svg\".');\n\n  assert(\n    Buffer.byteLength(icon.value, 'utf8') <= SVG_MAX_BYTE_SIZE,\n    `The specified SVG icon exceeds the maximum size of ${SVG_MAX_BYTE_SIZE_TEXT}.`,\n  );\n\n  assert(isSvg(icon.toString()), 'Snap icon must be a valid SVG.');\n}\n\n/**\n * Extract the dimensions of an image from an SVG string if possible.\n *\n * @param svg - An SVG string.\n * @returns The height and width of the SVG or null.\n */\nexport function getSvgDimensions(svg: string): {\n  height: number;\n  width: number;\n} | null {\n  try {\n    const parsed = parseSvg(svg);\n\n    const height = parsed['@_height'];\n    const width = parsed['@_width'];\n\n    if (height && width) {\n      return { height, width };\n    }\n\n    const viewBox = parsed['@_viewBox'];\n    if (viewBox) {\n      // eslint-disable-next-line @typescript-eslint/no-unused-vars\n      const [_minX, _minY, viewBoxWidth, viewBoxHeight] = viewBox.split(' ');\n\n      if (viewBoxWidth && viewBoxHeight) {\n        const parsedWidth = parseInt(viewBoxWidth, 10);\n        const parsedHeight = parseInt(viewBoxHeight, 10);\n\n        assert(Number.isInteger(parsedWidth) && parsedWidth > 0);\n        assert(Number.isInteger(parsedHeight) && parsedHeight > 0);\n\n        return {\n          width: parsedWidth,\n          height: parsedHeight,\n        };\n      }\n    }\n  } catch {\n    throw new Error('Snap icon must be a valid SVG.');\n  }\n\n  return null;\n}\n"],"names":["isSvg","parseSvg","assert","SVG_MAX_BYTE_SIZE","SVG_MAX_BYTE_SIZE_TEXT","Math","floor","assertIsSnapIcon","icon","path","endsWith","Buffer","byteLength","value","toString","getSvgDimensions","svg","parsed","height","width","viewBox","_minX","_minY","viewBoxWidth","viewBoxHeight","split","parsedWidth","parseInt","parsedHeight","Number","isInteger","Error"],"mappings":"AAAA,SAASA,KAAK,EAAEC,QAAQ,QAAQ,sBAAsB;AACtD,SAASC,MAAM,QAAQ,kBAAkB;AAIzC,OAAO,MAAMC,oBAAoB,OAAQ;AACzC,OAAO,MAAMC,yBAAyB,CAAC,EAAEC,KAAKC,KAAK,CACjDH,oBAAoB,MACpB,EAAE,CAAC,CAAC;AAEN;;;;CAIC,GACD,OAAO,SAASI,iBAAiBC,IAAiB;IAChDN,OAAOM,KAAKC,IAAI,CAACC,QAAQ,CAAC,SAAS;IAEnCR,OACES,OAAOC,UAAU,CAACJ,KAAKK,KAAK,EAAE,WAAWV,mBACzC,CAAC,mDAAmD,EAAEC,uBAAuB,CAAC,CAAC;IAGjFF,OAAOF,MAAMQ,KAAKM,QAAQ,KAAK;AACjC;AAEA;;;;;CAKC,GACD,OAAO,SAASC,iBAAiBC,GAAW;IAI1C,IAAI;QACF,MAAMC,SAAShB,SAASe;QAExB,MAAME,SAASD,MAAM,CAAC,WAAW;QACjC,MAAME,QAAQF,MAAM,CAAC,UAAU;QAE/B,IAAIC,UAAUC,OAAO;YACnB,OAAO;gBAAED;gBAAQC;YAAM;QACzB;QAEA,MAAMC,UAAUH,MAAM,CAAC,YAAY;QACnC,IAAIG,SAAS;YACX,6DAA6D;YAC7D,MAAM,CAACC,OAAOC,OAAOC,cAAcC,cAAc,GAAGJ,QAAQK,KAAK,CAAC;YAElE,IAAIF,gBAAgBC,eAAe;gBACjC,MAAME,cAAcC,SAASJ,cAAc;gBAC3C,MAAMK,eAAeD,SAASH,eAAe;gBAE7CtB,OAAO2B,OAAOC,SAAS,CAACJ,gBAAgBA,cAAc;gBACtDxB,OAAO2B,OAAOC,SAAS,CAACF,iBAAiBA,eAAe;gBAExD,OAAO;oBACLT,OAAOO;oBACPR,QAAQU;gBACV;YACF;QACF;IACF,EAAE,OAAM;QACN,MAAM,IAAIG,MAAM;IAClB;IAEA,OAAO;AACT"}

package/dist/esm/manifest/manifest.js

@@ -5,6 +5,7 @@ import { promises as fs } from 'fs';
 import pathUtils from 'path';
 import { deepClone } from '../deep-clone';
 import { readJsonFile } from '../fs';
+import { getSvgDimensions } from '../icon';
 import { validateNpmSnap } from '../npm';
 import { getSnapChecksum, ProgrammaticallyFixableSnapError, validateSnapShasum } from '../snaps';
 import { NpmSnapFileNames, SnapValidationFailureReason } from '../types';
@@ -103,6 +104,13 @@ const MANIFEST_SORT_ORDER = {
             return `${allMissing}\t${currentField}\n`;
         }, '')}`);
     }
+    if (!snapFiles.svgIcon) {
+        warnings.push('No icon found in the Snap manifest. It is recommended to include an icon for the Snap. See https://docs.metamask.io/snaps/how-to/design-a-snap/#guidelines-at-a-glance for more information.');
+    }
+    const iconDimensions = snapFiles.svgIcon && getSvgDimensions(snapFiles.svgIcon.toString());
+    if (iconDimensions && iconDimensions.height !== iconDimensions.width) {
+        warnings.push('The icon in the Snap manifest is not square. It is recommended to use a square icon for the Snap.');
+    }
     if (writeManifest) {
         try {
             const newManifest = `${JSON.stringify(getWritableManifest(validatedManifest), null, 2)}\n`;

package/dist/esm/manifest/manifest.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/manifest/manifest.ts"],"sourcesContent":["import { getErrorMessage } from '@metamask/snaps-sdk';\nimport type { Json } from '@metamask/utils';\nimport { assertExhaustive, assert, isPlainObject } from '@metamask/utils';\nimport deepEqual from 'fast-deep-equal';\nimport { promises as fs } from 'fs';\nimport pathUtils from 'path';\n\nimport { deepClone } from '../deep-clone';\nimport { readJsonFile } from '../fs';\nimport { validateNpmSnap } from '../npm';\nimport {\n  getSnapChecksum,\n  ProgrammaticallyFixableSnapError,\n  validateSnapShasum,\n} from '../snaps';\nimport type { SnapFiles, UnvalidatedSnapFiles } from '../types';\nimport { NpmSnapFileNames, SnapValidationFailureReason } from '../types';\nimport { readVirtualFile, VirtualFile } from '../virtual-file';\nimport type { SnapManifest } from './validation';\n\nconst MANIFEST_SORT_ORDER: Record<keyof SnapManifest, number> = {\n  $schema: 1,\n  version: 2,\n  description: 3,\n  proposedName: 4,\n  repository: 5,\n  source: 6,\n  initialConnections: 7,\n  initialPermissions: 8,\n  manifestVersion: 9,\n};\n\n/**\n * The result from the `checkManifest` function.\n *\n * @property manifest - The fixed manifest object.\n * @property updated - Whether the manifest was updated.\n * @property warnings - An array of warnings that were encountered during\n * processing of the manifest files. These warnings are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n * @property errors - An array of errors that were encountered during\n * processing of the manifest files. These errors are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n */\nexport type CheckManifestResult = {\n  manifest: SnapManifest;\n  updated?: boolean;\n  warnings: string[];\n  errors: string[];\n};\n\nexport type WriteFileFunction = (path: string, data: string) => Promise<void>;\n\n/**\n * Validates a snap.manifest.json file. Attempts to fix the manifest and write\n * the fixed version to disk if `writeManifest` is true. Throws if validation\n * fails.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param writeManifest - Whether to write the fixed manifest to disk.\n * @param sourceCode - The source code of the Snap.\n * @param writeFileFn - The function to use to write the manifest to disk.\n * @returns Whether the manifest was updated, and an array of warnings that\n * were encountered during processing of the manifest files.\n */\nexport async function checkManifest(\n  basePath: string,\n  writeManifest = true,\n  sourceCode?: string,\n  writeFileFn: WriteFileFunction = fs.writeFile,\n): Promise<CheckManifestResult> {\n  const warnings: string[] = [];\n  const errors: string[] = [];\n\n  let updated = false;\n\n  const manifestPath = pathUtils.join(basePath, NpmSnapFileNames.Manifest);\n  const manifestFile = await readJsonFile(manifestPath);\n  const unvalidatedManifest = manifestFile.result;\n\n  const packageFile = await readJsonFile(\n    pathUtils.join(basePath, NpmSnapFileNames.PackageJson),\n  );\n\n  const auxiliaryFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.files,\n  );\n\n  const localizationFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.locales,\n  );\n\n  const snapFiles: UnvalidatedSnapFiles = {\n    manifest: manifestFile,\n    packageJson: packageFile,\n    sourceCode: await getSnapSourceCode(\n      basePath,\n      unvalidatedManifest,\n      sourceCode,\n    ),\n    svgIcon: await getSnapIcon(basePath, unvalidatedManifest),\n    // Intentionally pass null as the encoding here since the files may be binary\n    auxiliaryFiles:\n      (await getSnapFiles(basePath, auxiliaryFilePaths, null)) ?? [],\n    localizationFiles:\n      (await getSnapFiles(basePath, localizationFilePaths)) ?? [],\n  };\n\n  let manifest: VirtualFile<SnapManifest> | undefined;\n  try {\n    ({ manifest } = await validateNpmSnap(snapFiles));\n  } catch (error) {\n    if (error instanceof ProgrammaticallyFixableSnapError) {\n      errors.push(error.message);\n\n      // If we get here, the files at least have the correct shape.\n      const partiallyValidatedFiles = snapFiles as SnapFiles;\n\n      let isInvalid = true;\n      let currentError = error;\n      const maxAttempts = Object.keys(SnapValidationFailureReason).length;\n\n      // Attempt to fix all fixable validation failure reasons. All such reasons\n      // are enumerated by the `SnapValidationFailureReason` enum, so we only\n      // attempt to fix the manifest the same amount of times as there are\n      // reasons in the enum.\n      for (let attempts = 1; isInvalid && attempts <= maxAttempts; attempts++) {\n        manifest = await fixManifest(\n          manifest\n            ? { ...partiallyValidatedFiles, manifest }\n            : partiallyValidatedFiles,\n          currentError,\n        );\n\n        try {\n          await validateNpmSnapManifest({\n            ...partiallyValidatedFiles,\n            manifest,\n          });\n\n          isInvalid = false;\n        } catch (nextValidationError) {\n          currentError = nextValidationError;\n          /* istanbul ignore next: this should be impossible */\n          if (\n            !(\n              nextValidationError instanceof ProgrammaticallyFixableSnapError\n            ) ||\n            (attempts === maxAttempts && !isInvalid)\n          ) {\n            throw new Error(\n              `Internal error: Failed to fix manifest. This is a bug, please report it. Reason:\\n${error.message}`,\n            );\n          }\n\n          errors.push(currentError.message);\n        }\n      }\n\n      updated = true;\n    } else {\n      throw error;\n    }\n  }\n\n  // TypeScript assumes `manifest` can still be undefined, that is not the case.\n  // But we assert to keep TypeScript happy.\n  assert(manifest);\n\n  const validatedManifest = manifest.result;\n\n  // Check presence of recommended keys\n  const recommendedFields = ['repository'] as const;\n\n  const missingRecommendedFields = recommendedFields.filter(\n    (key) => !validatedManifest[key],\n  );\n\n  if (missingRecommendedFields.length > 0) {\n    warnings.push(\n      `Missing recommended package.json properties:\\n${missingRecommendedFields.reduce(\n        (allMissing, currentField) => {\n          return `${allMissing}\\t${currentField}\\n`;\n        },\n        '',\n      )}`,\n    );\n  }\n\n  if (writeManifest) {\n    try {\n      const newManifest = `${JSON.stringify(\n        getWritableManifest(validatedManifest),\n        null,\n        2,\n      )}\\n`;\n\n      if (updated || newManifest !== manifestFile.value) {\n        await writeFileFn(\n          pathUtils.join(basePath, NpmSnapFileNames.Manifest),\n          newManifest,\n        );\n      }\n    } catch (error) {\n      // Note: This error isn't pushed to the errors array, because it's not an\n      // error in the manifest itself.\n      throw new Error(`Failed to update snap.manifest.json: ${error.message}`);\n    }\n  }\n\n  return { manifest: validatedManifest, updated, warnings, errors };\n}\n\n/**\n * Given the relevant Snap files (manifest, `package.json`, and bundle) and a\n * Snap manifest validation error, fixes the fault in the manifest that caused\n * the error.\n *\n * @param snapFiles - The contents of all Snap files.\n * @param error - The {@link ProgrammaticallyFixableSnapError} that was thrown.\n * @returns A copy of the manifest file where the cause of the error is fixed.\n */\nexport async function fixManifest(\n  snapFiles: SnapFiles,\n  error: ProgrammaticallyFixableSnapError,\n): Promise<VirtualFile<SnapManifest>> {\n  const { manifest, packageJson } = snapFiles;\n  const clonedFile = manifest.clone();\n  const manifestCopy = clonedFile.result;\n\n  switch (error.reason) {\n    case SnapValidationFailureReason.NameMismatch:\n      manifestCopy.source.location.npm.packageName = packageJson.result.name;\n      break;\n\n    case SnapValidationFailureReason.VersionMismatch:\n      manifestCopy.version = packageJson.result.version;\n      break;\n\n    case SnapValidationFailureReason.RepositoryMismatch:\n      manifestCopy.repository = packageJson.result.repository\n        ? deepClone(packageJson.result.repository)\n        : undefined;\n      break;\n\n    case SnapValidationFailureReason.ShasumMismatch:\n      manifestCopy.source.shasum = await getSnapChecksum(snapFiles);\n      break;\n\n    /* istanbul ignore next */\n    default:\n      assertExhaustive(error.reason);\n  }\n\n  clonedFile.result = manifestCopy;\n  clonedFile.value = JSON.stringify(manifestCopy);\n  return clonedFile;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * bundle source file location and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param sourceCode - Override source code for plugins.\n * @returns The contents of the bundle file, if any.\n */\nexport async function getSnapSourceCode(\n  basePath: string,\n  manifest: Json,\n  sourceCode?: string,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const sourceFilePath = (manifest as Partial<SnapManifest>).source?.location\n    ?.npm?.filePath;\n\n  if (!sourceFilePath) {\n    return undefined;\n  }\n\n  if (sourceCode) {\n    return new VirtualFile({\n      path: pathUtils.join(basePath, sourceFilePath),\n      value: sourceCode,\n    });\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, sourceFilePath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(\n      `Failed to read snap bundle file: ${getErrorMessage(error)}`,\n    );\n  }\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * icon and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @returns The contents of the icon, if any.\n */\nexport async function getSnapIcon(\n  basePath: string,\n  manifest: Json,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const iconPath = (manifest as Partial<SnapManifest>).source?.location?.npm\n    ?.iconPath;\n\n  if (!iconPath) {\n    return undefined;\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, iconPath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(`Failed to read snap icon file: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Get an array of paths from an unvalidated Snap manifest.\n *\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param selector - A function that returns the paths to the files.\n * @returns The paths to the files, if any.\n */\nexport function getSnapFilePaths(\n  manifest: Json,\n  selector: (manifest: Partial<SnapManifest>) => string[] | undefined,\n) {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const snapManifest = manifest as Partial<SnapManifest>;\n  const paths = selector(snapManifest);\n\n  if (!Array.isArray(paths)) {\n    return undefined;\n  }\n\n  return paths;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the files with the\n * given paths and read them.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param paths - The paths to the files.\n * @param encoding - An optional encoding to pass down to readVirtualFile.\n * @returns A list of auxiliary files and their contents, if any.\n */\nexport async function getSnapFiles(\n  basePath: string,\n  paths: string[] | undefined,\n  encoding: BufferEncoding | null = 'utf8',\n): Promise<VirtualFile[] | undefined> {\n  if (!paths) {\n    return undefined;\n  }\n\n  try {\n    return await Promise.all(\n      paths.map(async (filePath) =>\n        readVirtualFile(pathUtils.join(basePath, filePath), encoding),\n      ),\n    );\n  } catch (error) {\n    throw new Error(`Failed to read snap files: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Sorts the given manifest in our preferred sort order and removes the\n * `repository` field if it is falsy (it may be `null`).\n *\n * @param manifest - The manifest to sort and modify.\n * @returns The disk-ready manifest.\n */\nexport function getWritableManifest(manifest: SnapManifest): SnapManifest {\n  const { repository, ...remaining } = manifest;\n\n  const keys = Object.keys(\n    repository ? { ...remaining, repository } : remaining,\n  ) as (keyof SnapManifest)[];\n\n  const writableManifest = keys\n    .sort((a, b) => MANIFEST_SORT_ORDER[a] - MANIFEST_SORT_ORDER[b])\n    .reduce<Partial<SnapManifest>>(\n      (result, key) => ({\n        ...result,\n        [key]: manifest[key],\n      }),\n      {},\n    );\n\n  return writableManifest as SnapManifest;\n}\n\n/**\n * Validates the fields of an NPM Snap manifest that has already passed JSON\n * Schema validation.\n *\n * @param snapFiles - The relevant snap files to validate.\n * @param snapFiles.manifest - The npm Snap manifest to validate.\n * @param snapFiles.packageJson - The npm Snap's `package.json`.\n * @param snapFiles.sourceCode - The Snap's source code.\n * @param snapFiles.svgIcon - The Snap's optional icon.\n * @param snapFiles.auxiliaryFiles - Any auxiliary files required by the snap at runtime.\n * @param snapFiles.localizationFiles - The Snap's localization files.\n */\nexport async function validateNpmSnapManifest({\n  manifest,\n  packageJson,\n  sourceCode,\n  svgIcon,\n  auxiliaryFiles,\n  localizationFiles,\n}: SnapFiles) {\n  const packageJsonName = packageJson.result.name;\n  const packageJsonVersion = packageJson.result.version;\n  const packageJsonRepository = packageJson.result.repository;\n\n  const manifestPackageName = manifest.result.source.location.npm.packageName;\n  const manifestPackageVersion = manifest.result.version;\n  const manifestRepository = manifest.result.repository;\n\n  if (packageJsonName !== manifestPackageName) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package name (\"${manifestPackageName}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"name\" field (\"${packageJsonName}\").`,\n      SnapValidationFailureReason.NameMismatch,\n    );\n  }\n\n  if (packageJsonVersion !== manifestPackageVersion) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package version (\"${manifestPackageVersion}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"version\" field (\"${packageJsonVersion}\").`,\n      SnapValidationFailureReason.VersionMismatch,\n    );\n  }\n\n  if (\n    // The repository may be `undefined` in package.json but can only be defined\n    // or `null` in the Snap manifest due to TS@<4.4 issues.\n    (packageJsonRepository || manifestRepository) &&\n    !deepEqual(packageJsonRepository, manifestRepository)\n  ) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" \"repository\" field does not match the \"${NpmSnapFileNames.PackageJson}\" \"repository\" field.`,\n      SnapValidationFailureReason.RepositoryMismatch,\n    );\n  }\n\n  await validateSnapShasum(\n    { manifest, sourceCode, svgIcon, auxiliaryFiles, localizationFiles },\n    `\"${NpmSnapFileNames.Manifest}\" \"shasum\" field does not match computed shasum.`,\n  );\n}\n"],"names":["getErrorMessage","assertExhaustive","assert","isPlainObject","deepEqual","promises","fs","pathUtils","deepClone","readJsonFile","validateNpmSnap","getSnapChecksum","ProgrammaticallyFixableSnapError","validateSnapShasum","NpmSnapFileNames","SnapValidationFailureReason","readVirtualFile","VirtualFile","MANIFEST_SORT_ORDER","$schema","version","description","proposedName","repository","source","initialConnections","initialPermissions","manifestVersion","checkManifest","basePath","writeManifest","sourceCode","writeFileFn","writeFile","warnings","errors","updated","manifestPath","join","Manifest","manifestFile","unvalidatedManifest","result","packageFile","PackageJson","auxiliaryFilePaths","getSnapFilePaths","manifest","files","localizationFilePaths","locales","snapFiles","packageJson","getSnapSourceCode","svgIcon","getSnapIcon","auxiliaryFiles","getSnapFiles","localizationFiles","error","push","message","partiallyValidatedFiles","isInvalid","currentError","maxAttempts","Object","keys","length","attempts","fixManifest","validateNpmSnapManifest","nextValidationError","Error","validatedManifest","recommendedFields","missingRecommendedFields","filter","key","reduce","allMissing","currentField","newManifest","JSON","stringify","getWritableManifest","value","clonedFile","clone","manifestCopy","reason","NameMismatch","location","npm","packageName","name","VersionMismatch","RepositoryMismatch","undefined","ShasumMismatch","shasum","sourceFilePath","filePath","path","virtualFile","iconPath","selector","snapManifest","paths","Array","isArray","encoding","Promise","all","map","remaining","writableManifest","sort","a","b","packageJsonName","packageJsonVersion","packageJsonRepository","manifestPackageName","manifestPackageVersion","manifestRepository"],"mappings":"AAAA,SAASA,eAAe,QAAQ,sBAAsB;AAEtD,SAASC,gBAAgB,EAAEC,MAAM,EAAEC,aAAa,QAAQ,kBAAkB;AAC1E,OAAOC,eAAe,kBAAkB;AACxC,SAASC,YAAYC,EAAE,QAAQ,KAAK;AACpC,OAAOC,eAAe,OAAO;AAE7B,SAASC,SAAS,QAAQ,gBAAgB;AAC1C,SAASC,YAAY,QAAQ,QAAQ;AACrC,SAASC,eAAe,QAAQ,SAAS;AACzC,SACEC,eAAe,EACfC,gCAAgC,EAChCC,kBAAkB,QACb,WAAW;AAElB,SAASC,gBAAgB,EAAEC,2BAA2B,QAAQ,WAAW;AACzE,SAASC,eAAe,EAAEC,WAAW,QAAQ,kBAAkB;AAG/D,MAAMC,sBAA0D;IAC9DC,SAAS;IACTC,SAAS;IACTC,aAAa;IACbC,cAAc;IACdC,YAAY;IACZC,QAAQ;IACRC,oBAAoB;IACpBC,oBAAoB;IACpBC,iBAAiB;AACnB;AAyBA;;;;;;;;;;;CAWC,GACD,OAAO,eAAeC,cACpBC,QAAgB,EAChBC,gBAAgB,IAAI,EACpBC,UAAmB,EACnBC,cAAiC1B,GAAG2B,SAAS;IAE7C,MAAMC,WAAqB,EAAE;IAC7B,MAAMC,SAAmB,EAAE;IAE3B,IAAIC,UAAU;IAEd,MAAMC,eAAe9B,UAAU+B,IAAI,CAACT,UAAUf,iBAAiByB,QAAQ;IACvE,MAAMC,eAAe,MAAM/B,aAAa4B;IACxC,MAAMI,sBAAsBD,aAAaE,MAAM;IAE/C,MAAMC,cAAc,MAAMlC,aACxBF,UAAU+B,IAAI,CAACT,UAAUf,iBAAiB8B,WAAW;IAGvD,MAAMC,qBAAqBC,iBACzBL,qBACA,CAACM,WAAaA,UAAUvB,QAAQwB;IAGlC,MAAMC,wBAAwBH,iBAC5BL,qBACA,CAACM,WAAaA,UAAUvB,QAAQ0B;IAGlC,MAAMC,YAAkC;QACtCJ,UAAUP;QACVY,aAAaT;QACbZ,YAAY,MAAMsB,kBAChBxB,UACAY,qBACAV;QAEFuB,SAAS,MAAMC,YAAY1B,UAAUY;QACrC,6EAA6E;QAC7Ee,gBACE,AAAC,MAAMC,aAAa5B,UAAUgB,oBAAoB,SAAU,EAAE;QAChEa,mBACE,AAAC,MAAMD,aAAa5B,UAAUoB,0BAA2B,EAAE;IAC/D;IAEA,IAAIF;IACJ,IAAI;QACD,CAAA,EAAEA,QAAQ,EAAE,GAAG,MAAMrC,gBAAgByC,UAAS;IACjD,EAAE,OAAOQ,OAAO;QACd,IAAIA,iBAAiB/C,kCAAkC;YACrDuB,OAAOyB,IAAI,CAACD,MAAME,OAAO;YAEzB,6DAA6D;YAC7D,MAAMC,0BAA0BX;YAEhC,IAAIY,YAAY;YAChB,IAAIC,eAAeL;YACnB,MAAMM,cAAcC,OAAOC,IAAI,CAACpD,6BAA6BqD,MAAM;YAEnE,0EAA0E;YAC1E,uEAAuE;YACvE,oEAAoE;YACpE,uBAAuB;YACvB,IAAK,IAAIC,WAAW,GAAGN,aAAaM,YAAYJ,aAAaI,WAAY;gBACvEtB,WAAW,MAAMuB,YACfvB,WACI;oBAAE,GAAGe,uBAAuB;oBAAEf;gBAAS,IACvCe,yBACJE;gBAGF,IAAI;oBACF,MAAMO,wBAAwB;wBAC5B,GAAGT,uBAAuB;wBAC1Bf;oBACF;oBAEAgB,YAAY;gBACd,EAAE,OAAOS,qBAAqB;oBAC5BR,eAAeQ;oBACf,mDAAmD,GACnD,IACE,CACEA,CAAAA,+BAA+B5D,gCAA+B,KAE/DyD,aAAaJ,eAAe,CAACF,WAC9B;wBACA,MAAM,IAAIU,MACR,CAAC,kFAAkF,EAAEd,MAAME,OAAO,CAAC,CAAC;oBAExG;oBAEA1B,OAAOyB,IAAI,CAACI,aAAaH,OAAO;gBAClC;YACF;YAEAzB,UAAU;QACZ,OAAO;YACL,MAAMuB;QACR;IACF;IAEA,8EAA8E;IAC9E,0CAA0C;IAC1CzD,OAAO6C;IAEP,MAAM2B,oBAAoB3B,SAASL,MAAM;IAEzC,qCAAqC;IACrC,MAAMiC,oBAAoB;QAAC;KAAa;IAExC,MAAMC,2BAA2BD,kBAAkBE,MAAM,CACvD,CAACC,MAAQ,CAACJ,iBAAiB,CAACI,IAAI;IAGlC,IAAIF,yBAAyBR,MAAM,GAAG,GAAG;QACvClC,SAAS0B,IAAI,CACX,CAAC,8CAA8C,EAAEgB,yBAAyBG,MAAM,CAC9E,CAACC,YAAYC;YACX,OAAO,CAAC,EAAED,WAAW,EAAE,EAAEC,aAAa,EAAE,CAAC;QAC3C,GACA,IACA,CAAC;IAEP;IAEA,IAAInD,eAAe;QACjB,IAAI;YACF,MAAMoD,cAAc,CAAC,EAAEC,KAAKC,SAAS,CACnCC,oBAAoBX,oBACpB,MACA,GACA,EAAE,CAAC;YAEL,IAAItC,WAAW8C,gBAAgB1C,aAAa8C,KAAK,EAAE;gBACjD,MAAMtD,YACJzB,UAAU+B,IAAI,CAACT,UAAUf,iBAAiByB,QAAQ,GAClD2C;YAEJ;QACF,EAAE,OAAOvB,OAAO;YACd,yEAAyE;YACzE,gCAAgC;YAChC,MAAM,IAAIc,MAAM,CAAC,qCAAqC,EAAEd,MAAME,OAAO,CAAC,CAAC;QACzE;IACF;IAEA,OAAO;QAAEd,UAAU2B;QAAmBtC;QAASF;QAAUC;IAAO;AAClE;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAemC,YACpBnB,SAAoB,EACpBQ,KAAuC;IAEvC,MAAM,EAAEZ,QAAQ,EAAEK,WAAW,EAAE,GAAGD;IAClC,MAAMoC,aAAaxC,SAASyC,KAAK;IACjC,MAAMC,eAAeF,WAAW7C,MAAM;IAEtC,OAAQiB,MAAM+B,MAAM;QAClB,KAAK3E,4BAA4B4E,YAAY;YAC3CF,aAAajE,MAAM,CAACoE,QAAQ,CAACC,GAAG,CAACC,WAAW,GAAG1C,YAAYV,MAAM,CAACqD,IAAI;YACtE;QAEF,KAAKhF,4BAA4BiF,eAAe;YAC9CP,aAAarE,OAAO,GAAGgC,YAAYV,MAAM,CAACtB,OAAO;YACjD;QAEF,KAAKL,4BAA4BkF,kBAAkB;YACjDR,aAAalE,UAAU,GAAG6B,YAAYV,MAAM,CAACnB,UAAU,GACnDf,UAAU4C,YAAYV,MAAM,CAACnB,UAAU,IACvC2E;YACJ;QAEF,KAAKnF,4BAA4BoF,cAAc;YAC7CV,aAAajE,MAAM,CAAC4E,MAAM,GAAG,MAAMzF,gBAAgBwC;YACnD;QAEF,wBAAwB,GACxB;YACElD,iBAAiB0D,MAAM+B,MAAM;IACjC;IAEAH,WAAW7C,MAAM,GAAG+C;IACpBF,WAAWD,KAAK,GAAGH,KAAKC,SAAS,CAACK;IAClC,OAAOF;AACT;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAelC,kBACpBxB,QAAgB,EAChBkB,QAAc,EACdhB,UAAmB;IAEnB,IAAI,CAAC5B,cAAc4C,WAAW;QAC5B,OAAOmD;IACT;IAEA,MAAMG,iBAAiB,AAACtD,SAAmCvB,MAAM,EAAEoE,UAC/DC,KAAKS;IAET,IAAI,CAACD,gBAAgB;QACnB,OAAOH;IACT;IAEA,IAAInE,YAAY;QACd,OAAO,IAAId,YAAY;YACrBsF,MAAMhG,UAAU+B,IAAI,CAACT,UAAUwE;YAC/Bf,OAAOvD;QACT;IACF;IAEA,IAAI;QACF,MAAMyE,cAAc,MAAMxF,gBACxBT,UAAU+B,IAAI,CAACT,UAAUwE,iBACzB;QAEF,OAAOG;IACT,EAAE,OAAO7C,OAAO;QACd,MAAM,IAAIc,MACR,CAAC,iCAAiC,EAAEzE,gBAAgB2D,OAAO,CAAC;IAEhE;AACF;AAEA;;;;;;;CAOC,GACD,OAAO,eAAeJ,YACpB1B,QAAgB,EAChBkB,QAAc;IAEd,IAAI,CAAC5C,cAAc4C,WAAW;QAC5B,OAAOmD;IACT;IAEA,MAAMO,WAAW,AAAC1D,SAAmCvB,MAAM,EAAEoE,UAAUC,KACnEY;IAEJ,IAAI,CAACA,UAAU;QACb,OAAOP;IACT;IAEA,IAAI;QACF,MAAMM,cAAc,MAAMxF,gBACxBT,UAAU+B,IAAI,CAACT,UAAU4E,WACzB;QAEF,OAAOD;IACT,EAAE,OAAO7C,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,+BAA+B,EAAEzE,gBAAgB2D,OAAO,CAAC;IAC5E;AACF;AAEA;;;;;;CAMC,GACD,OAAO,SAASb,iBACdC,QAAc,EACd2D,QAAmE;IAEnE,IAAI,CAACvG,cAAc4C,WAAW;QAC5B,OAAOmD;IACT;IAEA,MAAMS,eAAe5D;IACrB,MAAM6D,QAAQF,SAASC;IAEvB,IAAI,CAACE,MAAMC,OAAO,CAACF,QAAQ;QACzB,OAAOV;IACT;IAEA,OAAOU;AACT;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAenD,aACpB5B,QAAgB,EAChB+E,KAA2B,EAC3BG,WAAkC,MAAM;IAExC,IAAI,CAACH,OAAO;QACV,OAAOV;IACT;IAEA,IAAI;QACF,OAAO,MAAMc,QAAQC,GAAG,CACtBL,MAAMM,GAAG,CAAC,OAAOZ,WACftF,gBAAgBT,UAAU+B,IAAI,CAACT,UAAUyE,WAAWS;IAG1D,EAAE,OAAOpD,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,2BAA2B,EAAEzE,gBAAgB2D,OAAO,CAAC;IACxE;AACF;AAEA;;;;;;CAMC,GACD,OAAO,SAAS0B,oBAAoBtC,QAAsB;IACxD,MAAM,EAAExB,UAAU,EAAE,GAAG4F,WAAW,GAAGpE;IAErC,MAAMoB,OAAOD,OAAOC,IAAI,CACtB5C,aAAa;QAAE,GAAG4F,SAAS;QAAE5F;IAAW,IAAI4F;IAG9C,MAAMC,mBAAmBjD,KACtBkD,IAAI,CAAC,CAACC,GAAGC,IAAMrG,mBAAmB,CAACoG,EAAE,GAAGpG,mBAAmB,CAACqG,EAAE,EAC9DxC,MAAM,CACL,CAACrC,QAAQoC,MAAS,CAAA;YAChB,GAAGpC,MAAM;YACT,CAACoC,IAAI,EAAE/B,QAAQ,CAAC+B,IAAI;QACtB,CAAA,GACA,CAAC;IAGL,OAAOsC;AACT;AAEA;;;;;;;;;;;CAWC,GACD,OAAO,eAAe7C,wBAAwB,EAC5CxB,QAAQ,EACRK,WAAW,EACXrB,UAAU,EACVuB,OAAO,EACPE,cAAc,EACdE,iBAAiB,EACP;IACV,MAAM8D,kBAAkBpE,YAAYV,MAAM,CAACqD,IAAI;IAC/C,MAAM0B,qBAAqBrE,YAAYV,MAAM,CAACtB,OAAO;IACrD,MAAMsG,wBAAwBtE,YAAYV,MAAM,CAACnB,UAAU;IAE3D,MAAMoG,sBAAsB5E,SAASL,MAAM,CAAClB,MAAM,CAACoE,QAAQ,CAACC,GAAG,CAACC,WAAW;IAC3E,MAAM8B,yBAAyB7E,SAASL,MAAM,CAACtB,OAAO;IACtD,MAAMyG,qBAAqB9E,SAASL,MAAM,CAACnB,UAAU;IAErD,IAAIiG,oBAAoBG,qBAAqB;QAC3C,MAAM,IAAI/G,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,qBAAqB,EAAEoF,oBAAoB,uBAAuB,EAAE7G,iBAAiB8B,WAAW,CAAC,iBAAiB,EAAE4E,gBAAgB,GAAG,CAAC,EACtKzG,4BAA4B4E,YAAY;IAE5C;IAEA,IAAI8B,uBAAuBG,wBAAwB;QACjD,MAAM,IAAIhH,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,wBAAwB,EAAEqF,uBAAuB,uBAAuB,EAAE9G,iBAAiB8B,WAAW,CAAC,oBAAoB,EAAE6E,mBAAmB,GAAG,CAAC,EAClL1G,4BAA4BiF,eAAe;IAE/C;IAEA,IAGE,AAFA,4EAA4E;IAC5E,wDAAwD;IACvD0B,CAAAA,yBAAyBG,kBAAiB,KAC3C,CAACzH,UAAUsH,uBAAuBG,qBAClC;QACA,MAAM,IAAIjH,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,yCAAyC,EAAEzB,iBAAiB8B,WAAW,CAAC,qBAAqB,CAAC,EAC5H7B,4BAA4BkF,kBAAkB;IAElD;IAEA,MAAMpF,mBACJ;QAAEkC;QAAUhB;QAAYuB;QAASE;QAAgBE;IAAkB,GACnE,CAAC,CAAC,EAAE5C,iBAAiByB,QAAQ,CAAC,gDAAgD,CAAC;AAEnF"}
+{"version":3,"sources":["../../../src/manifest/manifest.ts"],"sourcesContent":["import { getErrorMessage } from '@metamask/snaps-sdk';\nimport type { Json } from '@metamask/utils';\nimport { assertExhaustive, assert, isPlainObject } from '@metamask/utils';\nimport deepEqual from 'fast-deep-equal';\nimport { promises as fs } from 'fs';\nimport pathUtils from 'path';\n\nimport { deepClone } from '../deep-clone';\nimport { readJsonFile } from '../fs';\nimport { getSvgDimensions } from '../icon';\nimport { validateNpmSnap } from '../npm';\nimport {\n  getSnapChecksum,\n  ProgrammaticallyFixableSnapError,\n  validateSnapShasum,\n} from '../snaps';\nimport type { SnapFiles, UnvalidatedSnapFiles } from '../types';\nimport { NpmSnapFileNames, SnapValidationFailureReason } from '../types';\nimport { readVirtualFile, VirtualFile } from '../virtual-file';\nimport type { SnapManifest } from './validation';\n\nconst MANIFEST_SORT_ORDER: Record<keyof SnapManifest, number> = {\n  $schema: 1,\n  version: 2,\n  description: 3,\n  proposedName: 4,\n  repository: 5,\n  source: 6,\n  initialConnections: 7,\n  initialPermissions: 8,\n  manifestVersion: 9,\n};\n\n/**\n * The result from the `checkManifest` function.\n *\n * @property manifest - The fixed manifest object.\n * @property updated - Whether the manifest was updated.\n * @property warnings - An array of warnings that were encountered during\n * processing of the manifest files. These warnings are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n * @property errors - An array of errors that were encountered during\n * processing of the manifest files. These errors are not logged to the\n * console automatically, so depending on the environment the function is called\n * in, a different method for logging can be used.\n */\nexport type CheckManifestResult = {\n  manifest: SnapManifest;\n  updated?: boolean;\n  warnings: string[];\n  errors: string[];\n};\n\nexport type WriteFileFunction = (path: string, data: string) => Promise<void>;\n\n/**\n * Validates a snap.manifest.json file. Attempts to fix the manifest and write\n * the fixed version to disk if `writeManifest` is true. Throws if validation\n * fails.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param writeManifest - Whether to write the fixed manifest to disk.\n * @param sourceCode - The source code of the Snap.\n * @param writeFileFn - The function to use to write the manifest to disk.\n * @returns Whether the manifest was updated, and an array of warnings that\n * were encountered during processing of the manifest files.\n */\nexport async function checkManifest(\n  basePath: string,\n  writeManifest = true,\n  sourceCode?: string,\n  writeFileFn: WriteFileFunction = fs.writeFile,\n): Promise<CheckManifestResult> {\n  const warnings: string[] = [];\n  const errors: string[] = [];\n\n  let updated = false;\n\n  const manifestPath = pathUtils.join(basePath, NpmSnapFileNames.Manifest);\n  const manifestFile = await readJsonFile(manifestPath);\n  const unvalidatedManifest = manifestFile.result;\n\n  const packageFile = await readJsonFile(\n    pathUtils.join(basePath, NpmSnapFileNames.PackageJson),\n  );\n\n  const auxiliaryFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.files,\n  );\n\n  const localizationFilePaths = getSnapFilePaths(\n    unvalidatedManifest,\n    (manifest) => manifest?.source?.locales,\n  );\n\n  const snapFiles: UnvalidatedSnapFiles = {\n    manifest: manifestFile,\n    packageJson: packageFile,\n    sourceCode: await getSnapSourceCode(\n      basePath,\n      unvalidatedManifest,\n      sourceCode,\n    ),\n    svgIcon: await getSnapIcon(basePath, unvalidatedManifest),\n    // Intentionally pass null as the encoding here since the files may be binary\n    auxiliaryFiles:\n      (await getSnapFiles(basePath, auxiliaryFilePaths, null)) ?? [],\n    localizationFiles:\n      (await getSnapFiles(basePath, localizationFilePaths)) ?? [],\n  };\n\n  let manifest: VirtualFile<SnapManifest> | undefined;\n  try {\n    ({ manifest } = await validateNpmSnap(snapFiles));\n  } catch (error) {\n    if (error instanceof ProgrammaticallyFixableSnapError) {\n      errors.push(error.message);\n\n      // If we get here, the files at least have the correct shape.\n      const partiallyValidatedFiles = snapFiles as SnapFiles;\n\n      let isInvalid = true;\n      let currentError = error;\n      const maxAttempts = Object.keys(SnapValidationFailureReason).length;\n\n      // Attempt to fix all fixable validation failure reasons. All such reasons\n      // are enumerated by the `SnapValidationFailureReason` enum, so we only\n      // attempt to fix the manifest the same amount of times as there are\n      // reasons in the enum.\n      for (let attempts = 1; isInvalid && attempts <= maxAttempts; attempts++) {\n        manifest = await fixManifest(\n          manifest\n            ? { ...partiallyValidatedFiles, manifest }\n            : partiallyValidatedFiles,\n          currentError,\n        );\n\n        try {\n          await validateNpmSnapManifest({\n            ...partiallyValidatedFiles,\n            manifest,\n          });\n\n          isInvalid = false;\n        } catch (nextValidationError) {\n          currentError = nextValidationError;\n          /* istanbul ignore next: this should be impossible */\n          if (\n            !(\n              nextValidationError instanceof ProgrammaticallyFixableSnapError\n            ) ||\n            (attempts === maxAttempts && !isInvalid)\n          ) {\n            throw new Error(\n              `Internal error: Failed to fix manifest. This is a bug, please report it. Reason:\\n${error.message}`,\n            );\n          }\n\n          errors.push(currentError.message);\n        }\n      }\n\n      updated = true;\n    } else {\n      throw error;\n    }\n  }\n\n  // TypeScript assumes `manifest` can still be undefined, that is not the case.\n  // But we assert to keep TypeScript happy.\n  assert(manifest);\n\n  const validatedManifest = manifest.result;\n\n  // Check presence of recommended keys\n  const recommendedFields = ['repository'] as const;\n\n  const missingRecommendedFields = recommendedFields.filter(\n    (key) => !validatedManifest[key],\n  );\n\n  if (missingRecommendedFields.length > 0) {\n    warnings.push(\n      `Missing recommended package.json properties:\\n${missingRecommendedFields.reduce(\n        (allMissing, currentField) => {\n          return `${allMissing}\\t${currentField}\\n`;\n        },\n        '',\n      )}`,\n    );\n  }\n\n  if (!snapFiles.svgIcon) {\n    warnings.push(\n      'No icon found in the Snap manifest. It is recommended to include an icon for the Snap. See https://docs.metamask.io/snaps/how-to/design-a-snap/#guidelines-at-a-glance for more information.',\n    );\n  }\n\n  const iconDimensions =\n    snapFiles.svgIcon && getSvgDimensions(snapFiles.svgIcon.toString());\n  if (iconDimensions && iconDimensions.height !== iconDimensions.width) {\n    warnings.push(\n      'The icon in the Snap manifest is not square. It is recommended to use a square icon for the Snap.',\n    );\n  }\n\n  if (writeManifest) {\n    try {\n      const newManifest = `${JSON.stringify(\n        getWritableManifest(validatedManifest),\n        null,\n        2,\n      )}\\n`;\n\n      if (updated || newManifest !== manifestFile.value) {\n        await writeFileFn(\n          pathUtils.join(basePath, NpmSnapFileNames.Manifest),\n          newManifest,\n        );\n      }\n    } catch (error) {\n      // Note: This error isn't pushed to the errors array, because it's not an\n      // error in the manifest itself.\n      throw new Error(`Failed to update snap.manifest.json: ${error.message}`);\n    }\n  }\n\n  return { manifest: validatedManifest, updated, warnings, errors };\n}\n\n/**\n * Given the relevant Snap files (manifest, `package.json`, and bundle) and a\n * Snap manifest validation error, fixes the fault in the manifest that caused\n * the error.\n *\n * @param snapFiles - The contents of all Snap files.\n * @param error - The {@link ProgrammaticallyFixableSnapError} that was thrown.\n * @returns A copy of the manifest file where the cause of the error is fixed.\n */\nexport async function fixManifest(\n  snapFiles: SnapFiles,\n  error: ProgrammaticallyFixableSnapError,\n): Promise<VirtualFile<SnapManifest>> {\n  const { manifest, packageJson } = snapFiles;\n  const clonedFile = manifest.clone();\n  const manifestCopy = clonedFile.result;\n\n  switch (error.reason) {\n    case SnapValidationFailureReason.NameMismatch:\n      manifestCopy.source.location.npm.packageName = packageJson.result.name;\n      break;\n\n    case SnapValidationFailureReason.VersionMismatch:\n      manifestCopy.version = packageJson.result.version;\n      break;\n\n    case SnapValidationFailureReason.RepositoryMismatch:\n      manifestCopy.repository = packageJson.result.repository\n        ? deepClone(packageJson.result.repository)\n        : undefined;\n      break;\n\n    case SnapValidationFailureReason.ShasumMismatch:\n      manifestCopy.source.shasum = await getSnapChecksum(snapFiles);\n      break;\n\n    /* istanbul ignore next */\n    default:\n      assertExhaustive(error.reason);\n  }\n\n  clonedFile.result = manifestCopy;\n  clonedFile.value = JSON.stringify(manifestCopy);\n  return clonedFile;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * bundle source file location and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param sourceCode - Override source code for plugins.\n * @returns The contents of the bundle file, if any.\n */\nexport async function getSnapSourceCode(\n  basePath: string,\n  manifest: Json,\n  sourceCode?: string,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const sourceFilePath = (manifest as Partial<SnapManifest>).source?.location\n    ?.npm?.filePath;\n\n  if (!sourceFilePath) {\n    return undefined;\n  }\n\n  if (sourceCode) {\n    return new VirtualFile({\n      path: pathUtils.join(basePath, sourceFilePath),\n      value: sourceCode,\n    });\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, sourceFilePath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(\n      `Failed to read snap bundle file: ${getErrorMessage(error)}`,\n    );\n  }\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the location of the\n * icon and read the file.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param manifest - The unvalidated Snap manifest file contents.\n * @returns The contents of the icon, if any.\n */\nexport async function getSnapIcon(\n  basePath: string,\n  manifest: Json,\n): Promise<VirtualFile | undefined> {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const iconPath = (manifest as Partial<SnapManifest>).source?.location?.npm\n    ?.iconPath;\n\n  if (!iconPath) {\n    return undefined;\n  }\n\n  try {\n    const virtualFile = await readVirtualFile(\n      pathUtils.join(basePath, iconPath),\n      'utf8',\n    );\n    return virtualFile;\n  } catch (error) {\n    throw new Error(`Failed to read snap icon file: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Get an array of paths from an unvalidated Snap manifest.\n *\n * @param manifest - The unvalidated Snap manifest file contents.\n * @param selector - A function that returns the paths to the files.\n * @returns The paths to the files, if any.\n */\nexport function getSnapFilePaths(\n  manifest: Json,\n  selector: (manifest: Partial<SnapManifest>) => string[] | undefined,\n) {\n  if (!isPlainObject(manifest)) {\n    return undefined;\n  }\n\n  const snapManifest = manifest as Partial<SnapManifest>;\n  const paths = selector(snapManifest);\n\n  if (!Array.isArray(paths)) {\n    return undefined;\n  }\n\n  return paths;\n}\n\n/**\n * Given an unvalidated Snap manifest, attempts to extract the files with the\n * given paths and read them.\n *\n * @param basePath - The path to the folder with the manifest files.\n * @param paths - The paths to the files.\n * @param encoding - An optional encoding to pass down to readVirtualFile.\n * @returns A list of auxiliary files and their contents, if any.\n */\nexport async function getSnapFiles(\n  basePath: string,\n  paths: string[] | undefined,\n  encoding: BufferEncoding | null = 'utf8',\n): Promise<VirtualFile[] | undefined> {\n  if (!paths) {\n    return undefined;\n  }\n\n  try {\n    return await Promise.all(\n      paths.map(async (filePath) =>\n        readVirtualFile(pathUtils.join(basePath, filePath), encoding),\n      ),\n    );\n  } catch (error) {\n    throw new Error(`Failed to read snap files: ${getErrorMessage(error)}`);\n  }\n}\n\n/**\n * Sorts the given manifest in our preferred sort order and removes the\n * `repository` field if it is falsy (it may be `null`).\n *\n * @param manifest - The manifest to sort and modify.\n * @returns The disk-ready manifest.\n */\nexport function getWritableManifest(manifest: SnapManifest): SnapManifest {\n  const { repository, ...remaining } = manifest;\n\n  const keys = Object.keys(\n    repository ? { ...remaining, repository } : remaining,\n  ) as (keyof SnapManifest)[];\n\n  const writableManifest = keys\n    .sort((a, b) => MANIFEST_SORT_ORDER[a] - MANIFEST_SORT_ORDER[b])\n    .reduce<Partial<SnapManifest>>(\n      (result, key) => ({\n        ...result,\n        [key]: manifest[key],\n      }),\n      {},\n    );\n\n  return writableManifest as SnapManifest;\n}\n\n/**\n * Validates the fields of an NPM Snap manifest that has already passed JSON\n * Schema validation.\n *\n * @param snapFiles - The relevant snap files to validate.\n * @param snapFiles.manifest - The npm Snap manifest to validate.\n * @param snapFiles.packageJson - The npm Snap's `package.json`.\n * @param snapFiles.sourceCode - The Snap's source code.\n * @param snapFiles.svgIcon - The Snap's optional icon.\n * @param snapFiles.auxiliaryFiles - Any auxiliary files required by the snap at runtime.\n * @param snapFiles.localizationFiles - The Snap's localization files.\n */\nexport async function validateNpmSnapManifest({\n  manifest,\n  packageJson,\n  sourceCode,\n  svgIcon,\n  auxiliaryFiles,\n  localizationFiles,\n}: SnapFiles) {\n  const packageJsonName = packageJson.result.name;\n  const packageJsonVersion = packageJson.result.version;\n  const packageJsonRepository = packageJson.result.repository;\n\n  const manifestPackageName = manifest.result.source.location.npm.packageName;\n  const manifestPackageVersion = manifest.result.version;\n  const manifestRepository = manifest.result.repository;\n\n  if (packageJsonName !== manifestPackageName) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package name (\"${manifestPackageName}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"name\" field (\"${packageJsonName}\").`,\n      SnapValidationFailureReason.NameMismatch,\n    );\n  }\n\n  if (packageJsonVersion !== manifestPackageVersion) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" npm package version (\"${manifestPackageVersion}\") does not match the \"${NpmSnapFileNames.PackageJson}\" \"version\" field (\"${packageJsonVersion}\").`,\n      SnapValidationFailureReason.VersionMismatch,\n    );\n  }\n\n  if (\n    // The repository may be `undefined` in package.json but can only be defined\n    // or `null` in the Snap manifest due to TS@<4.4 issues.\n    (packageJsonRepository || manifestRepository) &&\n    !deepEqual(packageJsonRepository, manifestRepository)\n  ) {\n    throw new ProgrammaticallyFixableSnapError(\n      `\"${NpmSnapFileNames.Manifest}\" \"repository\" field does not match the \"${NpmSnapFileNames.PackageJson}\" \"repository\" field.`,\n      SnapValidationFailureReason.RepositoryMismatch,\n    );\n  }\n\n  await validateSnapShasum(\n    { manifest, sourceCode, svgIcon, auxiliaryFiles, localizationFiles },\n    `\"${NpmSnapFileNames.Manifest}\" \"shasum\" field does not match computed shasum.`,\n  );\n}\n"],"names":["getErrorMessage","assertExhaustive","assert","isPlainObject","deepEqual","promises","fs","pathUtils","deepClone","readJsonFile","getSvgDimensions","validateNpmSnap","getSnapChecksum","ProgrammaticallyFixableSnapError","validateSnapShasum","NpmSnapFileNames","SnapValidationFailureReason","readVirtualFile","VirtualFile","MANIFEST_SORT_ORDER","$schema","version","description","proposedName","repository","source","initialConnections","initialPermissions","manifestVersion","checkManifest","basePath","writeManifest","sourceCode","writeFileFn","writeFile","warnings","errors","updated","manifestPath","join","Manifest","manifestFile","unvalidatedManifest","result","packageFile","PackageJson","auxiliaryFilePaths","getSnapFilePaths","manifest","files","localizationFilePaths","locales","snapFiles","packageJson","getSnapSourceCode","svgIcon","getSnapIcon","auxiliaryFiles","getSnapFiles","localizationFiles","error","push","message","partiallyValidatedFiles","isInvalid","currentError","maxAttempts","Object","keys","length","attempts","fixManifest","validateNpmSnapManifest","nextValidationError","Error","validatedManifest","recommendedFields","missingRecommendedFields","filter","key","reduce","allMissing","currentField","iconDimensions","toString","height","width","newManifest","JSON","stringify","getWritableManifest","value","clonedFile","clone","manifestCopy","reason","NameMismatch","location","npm","packageName","name","VersionMismatch","RepositoryMismatch","undefined","ShasumMismatch","shasum","sourceFilePath","filePath","path","virtualFile","iconPath","selector","snapManifest","paths","Array","isArray","encoding","Promise","all","map","remaining","writableManifest","sort","a","b","packageJsonName","packageJsonVersion","packageJsonRepository","manifestPackageName","manifestPackageVersion","manifestRepository"],"mappings":"AAAA,SAASA,eAAe,QAAQ,sBAAsB;AAEtD,SAASC,gBAAgB,EAAEC,MAAM,EAAEC,aAAa,QAAQ,kBAAkB;AAC1E,OAAOC,eAAe,kBAAkB;AACxC,SAASC,YAAYC,EAAE,QAAQ,KAAK;AACpC,OAAOC,eAAe,OAAO;AAE7B,SAASC,SAAS,QAAQ,gBAAgB;AAC1C,SAASC,YAAY,QAAQ,QAAQ;AACrC,SAASC,gBAAgB,QAAQ,UAAU;AAC3C,SAASC,eAAe,QAAQ,SAAS;AACzC,SACEC,eAAe,EACfC,gCAAgC,EAChCC,kBAAkB,QACb,WAAW;AAElB,SAASC,gBAAgB,EAAEC,2BAA2B,QAAQ,WAAW;AACzE,SAASC,eAAe,EAAEC,WAAW,QAAQ,kBAAkB;AAG/D,MAAMC,sBAA0D;IAC9DC,SAAS;IACTC,SAAS;IACTC,aAAa;IACbC,cAAc;IACdC,YAAY;IACZC,QAAQ;IACRC,oBAAoB;IACpBC,oBAAoB;IACpBC,iBAAiB;AACnB;AAyBA;;;;;;;;;;;CAWC,GACD,OAAO,eAAeC,cACpBC,QAAgB,EAChBC,gBAAgB,IAAI,EACpBC,UAAmB,EACnBC,cAAiC3B,GAAG4B,SAAS;IAE7C,MAAMC,WAAqB,EAAE;IAC7B,MAAMC,SAAmB,EAAE;IAE3B,IAAIC,UAAU;IAEd,MAAMC,eAAe/B,UAAUgC,IAAI,CAACT,UAAUf,iBAAiByB,QAAQ;IACvE,MAAMC,eAAe,MAAMhC,aAAa6B;IACxC,MAAMI,sBAAsBD,aAAaE,MAAM;IAE/C,MAAMC,cAAc,MAAMnC,aACxBF,UAAUgC,IAAI,CAACT,UAAUf,iBAAiB8B,WAAW;IAGvD,MAAMC,qBAAqBC,iBACzBL,qBACA,CAACM,WAAaA,UAAUvB,QAAQwB;IAGlC,MAAMC,wBAAwBH,iBAC5BL,qBACA,CAACM,WAAaA,UAAUvB,QAAQ0B;IAGlC,MAAMC,YAAkC;QACtCJ,UAAUP;QACVY,aAAaT;QACbZ,YAAY,MAAMsB,kBAChBxB,UACAY,qBACAV;QAEFuB,SAAS,MAAMC,YAAY1B,UAAUY;QACrC,6EAA6E;QAC7Ee,gBACE,AAAC,MAAMC,aAAa5B,UAAUgB,oBAAoB,SAAU,EAAE;QAChEa,mBACE,AAAC,MAAMD,aAAa5B,UAAUoB,0BAA2B,EAAE;IAC/D;IAEA,IAAIF;IACJ,IAAI;QACD,CAAA,EAAEA,QAAQ,EAAE,GAAG,MAAMrC,gBAAgByC,UAAS;IACjD,EAAE,OAAOQ,OAAO;QACd,IAAIA,iBAAiB/C,kCAAkC;YACrDuB,OAAOyB,IAAI,CAACD,MAAME,OAAO;YAEzB,6DAA6D;YAC7D,MAAMC,0BAA0BX;YAEhC,IAAIY,YAAY;YAChB,IAAIC,eAAeL;YACnB,MAAMM,cAAcC,OAAOC,IAAI,CAACpD,6BAA6BqD,MAAM;YAEnE,0EAA0E;YAC1E,uEAAuE;YACvE,oEAAoE;YACpE,uBAAuB;YACvB,IAAK,IAAIC,WAAW,GAAGN,aAAaM,YAAYJ,aAAaI,WAAY;gBACvEtB,WAAW,MAAMuB,YACfvB,WACI;oBAAE,GAAGe,uBAAuB;oBAAEf;gBAAS,IACvCe,yBACJE;gBAGF,IAAI;oBACF,MAAMO,wBAAwB;wBAC5B,GAAGT,uBAAuB;wBAC1Bf;oBACF;oBAEAgB,YAAY;gBACd,EAAE,OAAOS,qBAAqB;oBAC5BR,eAAeQ;oBACf,mDAAmD,GACnD,IACE,CACEA,CAAAA,+BAA+B5D,gCAA+B,KAE/DyD,aAAaJ,eAAe,CAACF,WAC9B;wBACA,MAAM,IAAIU,MACR,CAAC,kFAAkF,EAAEd,MAAME,OAAO,CAAC,CAAC;oBAExG;oBAEA1B,OAAOyB,IAAI,CAACI,aAAaH,OAAO;gBAClC;YACF;YAEAzB,UAAU;QACZ,OAAO;YACL,MAAMuB;QACR;IACF;IAEA,8EAA8E;IAC9E,0CAA0C;IAC1C1D,OAAO8C;IAEP,MAAM2B,oBAAoB3B,SAASL,MAAM;IAEzC,qCAAqC;IACrC,MAAMiC,oBAAoB;QAAC;KAAa;IAExC,MAAMC,2BAA2BD,kBAAkBE,MAAM,CACvD,CAACC,MAAQ,CAACJ,iBAAiB,CAACI,IAAI;IAGlC,IAAIF,yBAAyBR,MAAM,GAAG,GAAG;QACvClC,SAAS0B,IAAI,CACX,CAAC,8CAA8C,EAAEgB,yBAAyBG,MAAM,CAC9E,CAACC,YAAYC;YACX,OAAO,CAAC,EAAED,WAAW,EAAE,EAAEC,aAAa,EAAE,CAAC;QAC3C,GACA,IACA,CAAC;IAEP;IAEA,IAAI,CAAC9B,UAAUG,OAAO,EAAE;QACtBpB,SAAS0B,IAAI,CACX;IAEJ;IAEA,MAAMsB,iBACJ/B,UAAUG,OAAO,IAAI7C,iBAAiB0C,UAAUG,OAAO,CAAC6B,QAAQ;IAClE,IAAID,kBAAkBA,eAAeE,MAAM,KAAKF,eAAeG,KAAK,EAAE;QACpEnD,SAAS0B,IAAI,CACX;IAEJ;IAEA,IAAI9B,eAAe;QACjB,IAAI;YACF,MAAMwD,cAAc,CAAC,EAAEC,KAAKC,SAAS,CACnCC,oBAAoBf,oBACpB,MACA,GACA,EAAE,CAAC;YAEL,IAAItC,WAAWkD,gBAAgB9C,aAAakD,KAAK,EAAE;gBACjD,MAAM1D,YACJ1B,UAAUgC,IAAI,CAACT,UAAUf,iBAAiByB,QAAQ,GAClD+C;YAEJ;QACF,EAAE,OAAO3B,OAAO;YACd,yEAAyE;YACzE,gCAAgC;YAChC,MAAM,IAAIc,MAAM,CAAC,qCAAqC,EAAEd,MAAME,OAAO,CAAC,CAAC;QACzE;IACF;IAEA,OAAO;QAAEd,UAAU2B;QAAmBtC;QAASF;QAAUC;IAAO;AAClE;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAemC,YACpBnB,SAAoB,EACpBQ,KAAuC;IAEvC,MAAM,EAAEZ,QAAQ,EAAEK,WAAW,EAAE,GAAGD;IAClC,MAAMwC,aAAa5C,SAAS6C,KAAK;IACjC,MAAMC,eAAeF,WAAWjD,MAAM;IAEtC,OAAQiB,MAAMmC,MAAM;QAClB,KAAK/E,4BAA4BgF,YAAY;YAC3CF,aAAarE,MAAM,CAACwE,QAAQ,CAACC,GAAG,CAACC,WAAW,GAAG9C,YAAYV,MAAM,CAACyD,IAAI;YACtE;QAEF,KAAKpF,4BAA4BqF,eAAe;YAC9CP,aAAazE,OAAO,GAAGgC,YAAYV,MAAM,CAACtB,OAAO;YACjD;QAEF,KAAKL,4BAA4BsF,kBAAkB;YACjDR,aAAatE,UAAU,GAAG6B,YAAYV,MAAM,CAACnB,UAAU,GACnDhB,UAAU6C,YAAYV,MAAM,CAACnB,UAAU,IACvC+E;YACJ;QAEF,KAAKvF,4BAA4BwF,cAAc;YAC7CV,aAAarE,MAAM,CAACgF,MAAM,GAAG,MAAM7F,gBAAgBwC;YACnD;QAEF,wBAAwB,GACxB;YACEnD,iBAAiB2D,MAAMmC,MAAM;IACjC;IAEAH,WAAWjD,MAAM,GAAGmD;IACpBF,WAAWD,KAAK,GAAGH,KAAKC,SAAS,CAACK;IAClC,OAAOF;AACT;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAetC,kBACpBxB,QAAgB,EAChBkB,QAAc,EACdhB,UAAmB;IAEnB,IAAI,CAAC7B,cAAc6C,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMG,iBAAiB,AAAC1D,SAAmCvB,MAAM,EAAEwE,UAC/DC,KAAKS;IAET,IAAI,CAACD,gBAAgB;QACnB,OAAOH;IACT;IAEA,IAAIvE,YAAY;QACd,OAAO,IAAId,YAAY;YACrB0F,MAAMrG,UAAUgC,IAAI,CAACT,UAAU4E;YAC/Bf,OAAO3D;QACT;IACF;IAEA,IAAI;QACF,MAAM6E,cAAc,MAAM5F,gBACxBV,UAAUgC,IAAI,CAACT,UAAU4E,iBACzB;QAEF,OAAOG;IACT,EAAE,OAAOjD,OAAO;QACd,MAAM,IAAIc,MACR,CAAC,iCAAiC,EAAE1E,gBAAgB4D,OAAO,CAAC;IAEhE;AACF;AAEA;;;;;;;CAOC,GACD,OAAO,eAAeJ,YACpB1B,QAAgB,EAChBkB,QAAc;IAEd,IAAI,CAAC7C,cAAc6C,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMO,WAAW,AAAC9D,SAAmCvB,MAAM,EAAEwE,UAAUC,KACnEY;IAEJ,IAAI,CAACA,UAAU;QACb,OAAOP;IACT;IAEA,IAAI;QACF,MAAMM,cAAc,MAAM5F,gBACxBV,UAAUgC,IAAI,CAACT,UAAUgF,WACzB;QAEF,OAAOD;IACT,EAAE,OAAOjD,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,+BAA+B,EAAE1E,gBAAgB4D,OAAO,CAAC;IAC5E;AACF;AAEA;;;;;;CAMC,GACD,OAAO,SAASb,iBACdC,QAAc,EACd+D,QAAmE;IAEnE,IAAI,CAAC5G,cAAc6C,WAAW;QAC5B,OAAOuD;IACT;IAEA,MAAMS,eAAehE;IACrB,MAAMiE,QAAQF,SAASC;IAEvB,IAAI,CAACE,MAAMC,OAAO,CAACF,QAAQ;QACzB,OAAOV;IACT;IAEA,OAAOU;AACT;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAevD,aACpB5B,QAAgB,EAChBmF,KAA2B,EAC3BG,WAAkC,MAAM;IAExC,IAAI,CAACH,OAAO;QACV,OAAOV;IACT;IAEA,IAAI;QACF,OAAO,MAAMc,QAAQC,GAAG,CACtBL,MAAMM,GAAG,CAAC,OAAOZ,WACf1F,gBAAgBV,UAAUgC,IAAI,CAACT,UAAU6E,WAAWS;IAG1D,EAAE,OAAOxD,OAAO;QACd,MAAM,IAAIc,MAAM,CAAC,2BAA2B,EAAE1E,gBAAgB4D,OAAO,CAAC;IACxE;AACF;AAEA;;;;;;CAMC,GACD,OAAO,SAAS8B,oBAAoB1C,QAAsB;IACxD,MAAM,EAAExB,UAAU,EAAE,GAAGgG,WAAW,GAAGxE;IAErC,MAAMoB,OAAOD,OAAOC,IAAI,CACtB5C,aAAa;QAAE,GAAGgG,SAAS;QAAEhG;IAAW,IAAIgG;IAG9C,MAAMC,mBAAmBrD,KACtBsD,IAAI,CAAC,CAACC,GAAGC,IAAMzG,mBAAmB,CAACwG,EAAE,GAAGxG,mBAAmB,CAACyG,EAAE,EAC9D5C,MAAM,CACL,CAACrC,QAAQoC,MAAS,CAAA;YAChB,GAAGpC,MAAM;YACT,CAACoC,IAAI,EAAE/B,QAAQ,CAAC+B,IAAI;QACtB,CAAA,GACA,CAAC;IAGL,OAAO0C;AACT;AAEA;;;;;;;;;;;CAWC,GACD,OAAO,eAAejD,wBAAwB,EAC5CxB,QAAQ,EACRK,WAAW,EACXrB,UAAU,EACVuB,OAAO,EACPE,cAAc,EACdE,iBAAiB,EACP;IACV,MAAMkE,kBAAkBxE,YAAYV,MAAM,CAACyD,IAAI;IAC/C,MAAM0B,qBAAqBzE,YAAYV,MAAM,CAACtB,OAAO;IACrD,MAAM0G,wBAAwB1E,YAAYV,MAAM,CAACnB,UAAU;IAE3D,MAAMwG,sBAAsBhF,SAASL,MAAM,CAAClB,MAAM,CAACwE,QAAQ,CAACC,GAAG,CAACC,WAAW;IAC3E,MAAM8B,yBAAyBjF,SAASL,MAAM,CAACtB,OAAO;IACtD,MAAM6G,qBAAqBlF,SAASL,MAAM,CAACnB,UAAU;IAErD,IAAIqG,oBAAoBG,qBAAqB;QAC3C,MAAM,IAAInH,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,qBAAqB,EAAEwF,oBAAoB,uBAAuB,EAAEjH,iBAAiB8B,WAAW,CAAC,iBAAiB,EAAEgF,gBAAgB,GAAG,CAAC,EACtK7G,4BAA4BgF,YAAY;IAE5C;IAEA,IAAI8B,uBAAuBG,wBAAwB;QACjD,MAAM,IAAIpH,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,wBAAwB,EAAEyF,uBAAuB,uBAAuB,EAAElH,iBAAiB8B,WAAW,CAAC,oBAAoB,EAAEiF,mBAAmB,GAAG,CAAC,EAClL9G,4BAA4BqF,eAAe;IAE/C;IAEA,IAGE,AAFA,4EAA4E;IAC5E,wDAAwD;IACvD0B,CAAAA,yBAAyBG,kBAAiB,KAC3C,CAAC9H,UAAU2H,uBAAuBG,qBAClC;QACA,MAAM,IAAIrH,iCACR,CAAC,CAAC,EAAEE,iBAAiByB,QAAQ,CAAC,yCAAyC,EAAEzB,iBAAiB8B,WAAW,CAAC,qBAAqB,CAAC,EAC5H7B,4BAA4BsF,kBAAkB;IAElD;IAEA,MAAMxF,mBACJ;QAAEkC;QAAUhB;QAAYuB;QAASE;QAAgBE;IAAkB,GACnE,CAAC,CAAC,EAAE5C,iBAAiByB,QAAQ,CAAC,gDAAgD,CAAC;AAEnF"}

package/dist/esm/post-process.js

@@ -3,7 +3,7 @@ import { transformSync, template } from '@babel/core';
 import { binaryExpression, isUnaryExpression, isUpdateExpression, stringLiteral, templateElement, templateLiteral } from '@babel/types';
 export var PostProcessWarning;
 (function(PostProcessWarning) {
-    PostProcessWarning["UnsafeMathRandom"] = '`Math.random` was detected in the bundle. This is not a secure source of randomness.';
+    PostProcessWarning["UnsafeMathRandom"] = '`Math.random` was detected in the Snap bundle. This is not a secure source of randomness, and should not be used in a secure context. Use `crypto.getRandomValues` instead.';
 })(PostProcessWarning || (PostProcessWarning = {}));
 // The RegEx below consists of multiple groups joined by a boolean OR.
 // Each part consists of two groups which capture a part of each string

package/dist/esm/post-process.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/post-process.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/no-shadow\nimport type { Node, Visitor, PluginObj } from '@babel/core';\nimport { transformSync, template } from '@babel/core';\nimport type { Expression, Identifier, TemplateElement } from '@babel/types';\nimport {\n  binaryExpression,\n  isUnaryExpression,\n  isUpdateExpression,\n  stringLiteral,\n  templateElement,\n  templateLiteral,\n} from '@babel/types';\n\n/**\n * Source map declaration taken from `@babel/core`. Babel doesn't export the\n * type for this, so it's copied from the source code instead here.\n */\nexport type SourceMap = {\n  version: number;\n  sources: string[];\n  names: string[];\n  sourceRoot?: string | undefined;\n  sourcesContent?: string[] | undefined;\n  mappings: string;\n  file: string;\n};\n\n/**\n * The post process options.\n *\n * @property stripComments - Whether to strip comments. Defaults to `true`.\n * @property sourceMap - Whether to generate a source map for the modified code.\n * See also `inputSourceMap`.\n * @property inputSourceMap - The source map for the input code. When provided,\n * the source map will be used to generate a source map for the modified code.\n * This ensures that the source map is correct for the modified code, and still\n * points to the original source. If not provided, a new source map will be\n * generated instead.\n */\nexport type PostProcessOptions = {\n  stripComments?: boolean;\n  sourceMap?: boolean | 'inline';\n  inputSourceMap?: SourceMap;\n};\n\n/**\n * The post processed bundle output.\n *\n * @property code - The modified code.\n * @property sourceMap - The source map for the modified code, if the source map\n * option was enabled.\n * @property warnings - Any warnings that occurred during the post-processing.\n */\nexport type PostProcessedBundle = {\n  code: string;\n  sourceMap?: SourceMap | null;\n  warnings: PostProcessWarning[];\n};\n\nexport enum PostProcessWarning {\n  UnsafeMathRandom = '`Math.random` was detected in the bundle. This is not a secure source of randomness.',\n}\n\n// The RegEx below consists of multiple groups joined by a boolean OR.\n// Each part consists of two groups which capture a part of each string\n// which needs to be split up, e.g., `<!--` is split into `<!` and `--`.\nconst TOKEN_REGEX = /(<!)(--)|(--)(>)|(import)(\\(.*?\\))/gu;\n\n// An empty template element, i.e., a part of a template literal without any\n// value (\"\").\nconst EMPTY_TEMPLATE_ELEMENT = templateElement({ raw: '', cooked: '' });\n\nconst evalWrapper = template.statement(`\n  (1, REF)(ARGS)\n`);\n\nconst objectEvalWrapper = template.statement(`\n  (1, OBJECT.REF)\n`);\n\nconst regeneratorRuntimeWrapper = template.statement(`\n  var regeneratorRuntime;\n`);\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into an array, in a way that it can be joined\n * together to form the same string, but with the tokens separated into single\n * array elements.\n */\nfunction breakTokens(value: string): string[] {\n  const tokens = value.split(TOKEN_REGEX);\n  return (\n    tokens\n      // TODO: The `split` above results in some values being `undefined`.\n      // There may be a better solution to avoid having to filter those out.\n      .filter((token) => token !== '' && token !== undefined)\n  );\n}\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into a tuple consisting of the new template\n * elements and string literal expressions.\n */\nfunction breakTokensTemplateLiteral(\n  value: string,\n): [TemplateElement[], Expression[]] {\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore `matchAll` is not available in ES2017, but this code\n  // should only be used in environments where the function is supported.\n  const matches: RegExpMatchArray[] = Array.from(value.matchAll(TOKEN_REGEX));\n\n  if (matches.length > 0) {\n    const output = matches.reduce<[TemplateElement[], Expression[]]>(\n      ([elements, expressions], rawMatch, index, values) => {\n        const [, first, last] = rawMatch.filter((raw) => raw !== undefined);\n\n        // Slice the text in front of the match, which does not need to be\n        // broken up.\n        const prefix = value.slice(\n          index === 0\n            ? 0\n            : (values[index - 1].index as number) + values[index - 1][0].length,\n          rawMatch.index,\n        );\n\n        return [\n          [\n            ...elements,\n            templateElement({\n              raw: getRawTemplateValue(prefix),\n              cooked: prefix,\n            }),\n            EMPTY_TEMPLATE_ELEMENT,\n          ],\n          [...expressions, stringLiteral(first), stringLiteral(last)],\n        ];\n      },\n      [[], []],\n    );\n\n    // Add the text after the last match to the output.\n    const lastMatch = matches[matches.length - 1];\n    const suffix = value.slice(\n      (lastMatch.index as number) + lastMatch[0].length,\n    );\n\n    return [\n      [\n        ...output[0],\n        templateElement({ raw: getRawTemplateValue(suffix), cooked: suffix }),\n      ],\n      output[1],\n    ];\n  }\n\n  // If there are no matches, simply return the original value.\n  return [\n    [templateElement({ raw: getRawTemplateValue(value), cooked: value })],\n    [],\n  ];\n}\n\n/**\n * Get a raw template literal value from a cooked value. This adds a backslash\n * before every '`', '\\' and '${' characters.\n *\n * @see https://github.com/babel/babel/issues/9242#issuecomment-532529613\n * @param value - The cooked string to get the raw string for.\n * @returns The value as raw value.\n */\nfunction getRawTemplateValue(value: string) {\n  return value.replace(/\\\\|`|\\$\\{/gu, '\\\\$&');\n}\n\n/**\n * Post process code with AST such that it can be evaluated in SES.\n *\n * Currently:\n * - Makes all direct calls to eval indirect.\n * - Handles certain Babel-related edge cases.\n * - Removes the `Buffer` provided by Browserify.\n * - Optionally removes comments.\n * - Breaks up tokens that would otherwise result in SES errors, such as HTML\n * comment tags `<!--` and `-->` and `import(n)` statements.\n *\n * @param code - The code to post process.\n * @param options - The post-process options.\n * @param options.stripComments - Whether to strip comments. Defaults to `true`.\n * @param options.sourceMap - Whether to generate a source map for the modified\n * code. See also `inputSourceMap`.\n * @param options.inputSourceMap - The source map for the input code. When\n * provided, the source map will be used to generate a source map for the\n * modified code. This ensures that the source map is correct for the modified\n * code, and still points to the original source. If not provided, a new source\n * map will be generated instead.\n * @returns An object containing the modified code, and source map, or null if\n * the provided code is null.\n */\nexport function postProcessBundle(\n  code: string,\n  {\n    stripComments = true,\n    sourceMap: sourceMaps,\n    inputSourceMap,\n  }: Partial<PostProcessOptions> = {},\n): PostProcessedBundle {\n  const warnings = new Set<PostProcessWarning>();\n\n  const pre: PluginObj['pre'] = ({ ast }) => {\n    ast.comments?.forEach((comment) => {\n      // Break up tokens that could be parsed as HTML comment terminators. The\n      // regular expressions below are written strangely so as to avoid the\n      // appearance of such tokens in our source code. For reference:\n      // https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      comment.value = comment.value\n        .replace(new RegExp(`<!${'--'}`, 'gu'), '< !--')\n        .replace(new RegExp(`${'--'}>`, 'gu'), '-- >')\n        .replace(/import(\\(.*\\))/gu, 'import\\\\$1');\n    });\n  };\n\n  const visitor: Visitor<Node> = {\n    FunctionExpression(path) {\n      const { node } = path;\n\n      // Browserify provides the `Buffer` global as an argument to modules that\n      // use it, but this does not work in SES. Since we pass in `Buffer` as an\n      // endowment, we can simply remove the argument.\n      //\n      // Note that this only removes `Buffer` from a wrapped function\n      // expression, e.g., `(function (Buffer) { ... })`. Regular functions\n      // are not affected.\n      //\n      // TODO: Since we're working on the AST level, we could check the scope\n      // of the function expression, and possibly prevent false positives?\n      if (node.type === 'FunctionExpression' && node.extra?.parenthesized) {\n        node.params = node.params.filter(\n          (param) => !(param.type === 'Identifier' && param.name === 'Buffer'),\n        );\n      }\n    },\n\n    CallExpression(path) {\n      const { node } = path;\n\n      // Replace `eval(foo)` with `(1, eval)(foo)`.\n      if (node.callee.type === 'Identifier' && node.callee.name === 'eval') {\n        path.replaceWith(\n          evalWrapper({\n            REF: node.callee,\n            ARGS: node.arguments,\n          }),\n        );\n      }\n\n      // Detect the use of `Math.random()` and add a warning.\n      if (\n        node.callee.type === 'MemberExpression' &&\n        node.callee.object.type === 'Identifier' &&\n        node.callee.object.name === 'Math' &&\n        node.callee.property.type === 'Identifier' &&\n        node.callee.property.name === 'random'\n      ) {\n        warnings.add(PostProcessWarning.UnsafeMathRandom);\n      }\n    },\n\n    MemberExpression(path) {\n      const { node } = path;\n\n      // Replace `object.eval(foo)` with `(1, object.eval)(foo)`.\n      if (\n        node.property.type === 'Identifier' &&\n        node.property.name === 'eval' &&\n        // We only apply this to MemberExpressions that are the callee of CallExpression\n        path.parent.type === 'CallExpression' &&\n        path.parent.callee === node\n      ) {\n        path.replaceWith(\n          objectEvalWrapper({\n            OBJECT: node.object,\n            REF: node.property,\n          }),\n        );\n      }\n    },\n\n    Identifier(path) {\n      const { node } = path;\n\n      // Insert `regeneratorRuntime` global if it's used in the code.\n      if (node.name === 'regeneratorRuntime') {\n        const program = path.findParent(\n          (parent) => parent.node.type === 'Program',\n        );\n\n        // We know that `program` is a Program node here, but this keeps\n        // TypeScript happy.\n        if (program?.node.type === 'Program') {\n          const body = program.node.body[0];\n\n          // This stops it from inserting `regeneratorRuntime` multiple times.\n          if (\n            body.type === 'VariableDeclaration' &&\n            (body.declarations[0].id as Identifier).name ===\n              'regeneratorRuntime'\n          ) {\n            return;\n          }\n\n          program?.node.body.unshift(regeneratorRuntimeWrapper());\n        }\n      }\n    },\n\n    TemplateLiteral(path) {\n      const { node } = path;\n\n      // This checks if the template literal was visited before. Without this,\n      // it would cause an infinite loop resulting in a stack overflow. We can't\n      // skip the path here, because we need to visit the children of the node.\n      if (path.getData('visited')) {\n        return;\n      }\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const [replacementQuasis, replacementExpressions] = node.quasis.reduce<\n        [TemplateElement[], Expression[]]\n      >(\n        ([elements, expressions], quasi, index) => {\n          // Note: Template literals have two variants, \"cooked\" and \"raw\". Here\n          // we use the cooked version.\n          // https://exploringjs.com/impatient-js/ch_template-literals.html#template-strings-cooked-vs-raw\n          const tokens = breakTokensTemplateLiteral(\n            quasi.value.cooked as string,\n          );\n\n          // Only update the node if something changed.\n          if (tokens[0].length <= 1) {\n            return [\n              [...elements, quasi],\n              [...expressions, node.expressions[index] as Expression],\n            ];\n          }\n\n          return [\n            [...elements, ...tokens[0]],\n            [\n              ...expressions,\n              ...tokens[1],\n              node.expressions[index] as Expression,\n            ],\n          ];\n        },\n        [[], []],\n      );\n\n      path.replaceWith(\n        templateLiteral(\n          replacementQuasis,\n          replacementExpressions.filter(\n            (expression) => expression !== undefined,\n          ),\n        ) as Node,\n      );\n\n      path.setData('visited', true);\n    },\n\n    StringLiteral(path) {\n      const { node } = path;\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const tokens = breakTokens(node.value);\n\n      // Only update the node if the string literal was broken up.\n      if (tokens.length <= 1) {\n        return;\n      }\n\n      const replacement = tokens\n        .slice(1)\n        .reduce<Expression>(\n          (acc, value) => binaryExpression('+', acc, stringLiteral(value)),\n          stringLiteral(tokens[0]),\n        );\n\n      path.replaceWith(replacement as Node);\n      path.skip();\n    },\n\n    BinaryExpression(path) {\n      const { node } = path;\n\n      const errorMessage =\n        'Using HTML comments (`<!--` and `-->`) as operators is not allowed. The behaviour of ' +\n        'these comments is ambiguous, and differs per browser and environment. If you want ' +\n        'to use them as operators, break them up into separate characters, i.e., `a-- > b` ' +\n        'and `a < ! --b`.';\n\n      if (\n        node.operator === '<' &&\n        isUnaryExpression(node.right) &&\n        isUpdateExpression(node.right.argument) &&\n        node.right.argument.operator === '--' &&\n        node.left.end &&\n        node.right.argument.argument.start\n      ) {\n        const expression = code.slice(\n          node.left.end,\n          node.right.argument.argument.start,\n        );\n\n        if (expression.includes('<!--')) {\n          throw new Error(errorMessage);\n        }\n      }\n\n      if (\n        node.operator === '>' &&\n        isUpdateExpression(node.left) &&\n        node.left.operator === '--' &&\n        node.left.argument.end &&\n        node.right.start\n      ) {\n        const expression = code.slice(node.left.argument.end, node.right.start);\n\n        if (expression.includes('-->')) {\n          throw new Error(errorMessage);\n        }\n      }\n    },\n  };\n\n  try {\n    const file = transformSync(code, {\n      // Prevent Babel from searching for a config file.\n      configFile: false,\n\n      parserOpts: {\n        // Strict mode isn't enabled by default, so we need to enable it here.\n        strictMode: true,\n\n        // If this is disabled, the AST does not include any comments. This is\n        // useful for performance reasons, and we use it for stripping comments.\n        attachComment: !stripComments,\n      },\n\n      // By default, Babel optimises bundles that exceed 500 KB, but that\n      // results in characters which look like HTML comments, which breaks SES.\n      compact: false,\n\n      // This configures Babel to generate a new source map from the existing\n      // source map if specified. If `sourceMap` is `true` but an input source\n      // map is not provided, a new source map will be generated instead.\n      inputSourceMap,\n      sourceMaps,\n\n      plugins: [\n        () => ({\n          pre,\n          visitor,\n        }),\n      ],\n    });\n\n    if (!file?.code) {\n      throw new Error('Bundled code is empty.');\n    }\n\n    return {\n      code: file.code,\n      sourceMap: file.map,\n      warnings: Array.from(warnings),\n    };\n  } catch (error) {\n    throw new Error(`Failed to post process code:\\n${error.message}`);\n  }\n}\n"],"names":["transformSync","template","binaryExpression","isUnaryExpression","isUpdateExpression","stringLiteral","templateElement","templateLiteral","PostProcessWarning","UnsafeMathRandom","TOKEN_REGEX","EMPTY_TEMPLATE_ELEMENT","raw","cooked","evalWrapper","statement","objectEvalWrapper","regeneratorRuntimeWrapper","breakTokens","value","tokens","split","filter","token","undefined","breakTokensTemplateLiteral","matches","Array","from","matchAll","length","output","reduce","elements","expressions","rawMatch","index","values","first","last","prefix","slice","getRawTemplateValue","lastMatch","suffix","replace","postProcessBundle","code","stripComments","sourceMap","sourceMaps","inputSourceMap","warnings","Set","pre","ast","comments","forEach","comment","RegExp","visitor","FunctionExpression","path","node","type","extra","parenthesized","params","param","name","CallExpression","callee","replaceWith","REF","ARGS","arguments","object","property","add","MemberExpression","parent","OBJECT","Identifier","program","findParent","body","declarations","id","unshift","TemplateLiteral","getData","replacementQuasis","replacementExpressions","quasis","quasi","expression","setData","StringLiteral","replacement","acc","skip","BinaryExpression","errorMessage","operator","right","argument","left","end","start","includes","Error","file","configFile","parserOpts","strictMode","attachComment","compact","plugins","map","error","message"],"mappings":"AAAA,wDAAwD;AAExD,SAASA,aAAa,EAAEC,QAAQ,QAAQ,cAAc;AAEtD,SACEC,gBAAgB,EAChBC,iBAAiB,EACjBC,kBAAkB,EAClBC,aAAa,EACbC,eAAe,EACfC,eAAe,QACV,eAAe;WAgDf;UAAKC,kBAAkB;IAAlBA,mBACVC,sBAAmB;GADTD,uBAAAA;AAIZ,sEAAsE;AACtE,uEAAuE;AACvE,wEAAwE;AACxE,MAAME,cAAc;AAEpB,4EAA4E;AAC5E,cAAc;AACd,MAAMC,yBAAyBL,gBAAgB;IAAEM,KAAK;IAAIC,QAAQ;AAAG;AAErE,MAAMC,cAAcb,SAASc,SAAS,CAAC,CAAC;;AAExC,CAAC;AAED,MAAMC,oBAAoBf,SAASc,SAAS,CAAC,CAAC;;AAE9C,CAAC;AAED,MAAME,4BAA4BhB,SAASc,SAAS,CAAC,CAAC;;AAEtD,CAAC;AAED;;;;;;;;;;;CAWC,GACD,SAASG,YAAYC,KAAa;IAChC,MAAMC,SAASD,MAAME,KAAK,CAACX;IAC3B,OACEU,MACE,oEAAoE;IACpE,sEAAsE;KACrEE,MAAM,CAAC,CAACC,QAAUA,UAAU,MAAMA,UAAUC;AAEnD;AAEA;;;;;;;;;;CAUC,GACD,SAASC,2BACPN,KAAa;IAEb,6DAA6D;IAC7D,kEAAkE;IAClE,uEAAuE;IACvE,MAAMO,UAA8BC,MAAMC,IAAI,CAACT,MAAMU,QAAQ,CAACnB;IAE9D,IAAIgB,QAAQI,MAAM,GAAG,GAAG;QACtB,MAAMC,SAASL,QAAQM,MAAM,CAC3B,CAAC,CAACC,UAAUC,YAAY,EAAEC,UAAUC,OAAOC;YACzC,MAAM,GAAGC,OAAOC,KAAK,GAAGJ,SAASb,MAAM,CAAC,CAACV,MAAQA,QAAQY;YAEzD,kEAAkE;YAClE,aAAa;YACb,MAAMgB,SAASrB,MAAMsB,KAAK,CACxBL,UAAU,IACN,IACA,AAACC,MAAM,CAACD,QAAQ,EAAE,CAACA,KAAK,GAAcC,MAAM,CAACD,QAAQ,EAAE,CAAC,EAAE,CAACN,MAAM,EACrEK,SAASC,KAAK;YAGhB,OAAO;gBACL;uBACKH;oBACH3B,gBAAgB;wBACdM,KAAK8B,oBAAoBF;wBACzB3B,QAAQ2B;oBACV;oBACA7B;iBACD;gBACD;uBAAIuB;oBAAa7B,cAAciC;oBAAQjC,cAAckC;iBAAM;aAC5D;QACH,GACA;YAAC,EAAE;YAAE,EAAE;SAAC;QAGV,mDAAmD;QACnD,MAAMI,YAAYjB,OAAO,CAACA,QAAQI,MAAM,GAAG,EAAE;QAC7C,MAAMc,SAASzB,MAAMsB,KAAK,CACxB,AAACE,UAAUP,KAAK,GAAcO,SAAS,CAAC,EAAE,CAACb,MAAM;QAGnD,OAAO;YACL;mBACKC,MAAM,CAAC,EAAE;gBACZzB,gBAAgB;oBAAEM,KAAK8B,oBAAoBE;oBAAS/B,QAAQ+B;gBAAO;aACpE;YACDb,MAAM,CAAC,EAAE;SACV;IACH;IAEA,6DAA6D;IAC7D,OAAO;QACL;YAACzB,gBAAgB;gBAAEM,KAAK8B,oBAAoBvB;gBAAQN,QAAQM;YAAM;SAAG;QACrE,EAAE;KACH;AACH;AAEA;;;;;;;CAOC,GACD,SAASuB,oBAAoBvB,KAAa;IACxC,OAAOA,MAAM0B,OAAO,CAAC,eAAe;AACtC;AAEA;;;;;;;;;;;;;;;;;;;;;;;CAuBC,GACD,OAAO,SAASC,kBACdC,IAAY,EACZ,EACEC,gBAAgB,IAAI,EACpBC,WAAWC,UAAU,EACrBC,cAAc,EACc,GAAG,CAAC,CAAC;IAEnC,MAAMC,WAAW,IAAIC;IAErB,MAAMC,MAAwB,CAAC,EAAEC,GAAG,EAAE;QACpCA,IAAIC,QAAQ,EAAEC,QAAQ,CAACC;YACrB,wEAAwE;YACxE,qEAAqE;YACrE,+DAA+D;YAC/D,qIAAqI;YACrIA,QAAQvC,KAAK,GAAGuC,QAAQvC,KAAK,CAC1B0B,OAAO,CAAC,IAAIc,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,OAAO,SACvCd,OAAO,CAAC,IAAIc,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,OAAO,QACtCd,OAAO,CAAC,oBAAoB;QACjC;IACF;IAEA,MAAMe,UAAyB;QAC7BC,oBAAmBC,IAAI;YACrB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,yEAAyE;YACzE,yEAAyE;YACzE,gDAAgD;YAChD,EAAE;YACF,+DAA+D;YAC/D,qEAAqE;YACrE,oBAAoB;YACpB,EAAE;YACF,uEAAuE;YACvE,oEAAoE;YACpE,IAAIC,KAAKC,IAAI,KAAK,wBAAwBD,KAAKE,KAAK,EAAEC,eAAe;gBACnEH,KAAKI,MAAM,GAAGJ,KAAKI,MAAM,CAAC7C,MAAM,CAC9B,CAAC8C,QAAU,CAAEA,CAAAA,MAAMJ,IAAI,KAAK,gBAAgBI,MAAMC,IAAI,KAAK,QAAO;YAEtE;QACF;QAEAC,gBAAeR,IAAI;YACjB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,6CAA6C;YAC7C,IAAIC,KAAKQ,MAAM,CAACP,IAAI,KAAK,gBAAgBD,KAAKQ,MAAM,CAACF,IAAI,KAAK,QAAQ;gBACpEP,KAAKU,WAAW,CACd1D,YAAY;oBACV2D,KAAKV,KAAKQ,MAAM;oBAChBG,MAAMX,KAAKY,SAAS;gBACtB;YAEJ;YAEA,uDAAuD;YACvD,IACEZ,KAAKQ,MAAM,CAACP,IAAI,KAAK,sBACrBD,KAAKQ,MAAM,CAACK,MAAM,CAACZ,IAAI,KAAK,gBAC5BD,KAAKQ,MAAM,CAACK,MAAM,CAACP,IAAI,KAAK,UAC5BN,KAAKQ,MAAM,CAACM,QAAQ,CAACb,IAAI,KAAK,gBAC9BD,KAAKQ,MAAM,CAACM,QAAQ,CAACR,IAAI,KAAK,UAC9B;gBACAjB,SAAS0B,GAAG,CAACtE,mBAAmBC,gBAAgB;YAClD;QACF;QAEAsE,kBAAiBjB,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,2DAA2D;YAC3D,IACEC,KAAKc,QAAQ,CAACb,IAAI,KAAK,gBACvBD,KAAKc,QAAQ,CAACR,IAAI,KAAK,UACvB,gFAAgF;YAChFP,KAAKkB,MAAM,CAAChB,IAAI,KAAK,oBACrBF,KAAKkB,MAAM,CAACT,MAAM,KAAKR,MACvB;gBACAD,KAAKU,WAAW,CACdxD,kBAAkB;oBAChBiE,QAAQlB,KAAKa,MAAM;oBACnBH,KAAKV,KAAKc,QAAQ;gBACpB;YAEJ;QACF;QAEAK,YAAWpB,IAAI;YACb,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,+DAA+D;YAC/D,IAAIC,KAAKM,IAAI,KAAK,sBAAsB;gBACtC,MAAMc,UAAUrB,KAAKsB,UAAU,CAC7B,CAACJ,SAAWA,OAAOjB,IAAI,CAACC,IAAI,KAAK;gBAGnC,gEAAgE;gBAChE,oBAAoB;gBACpB,IAAImB,SAASpB,KAAKC,SAAS,WAAW;oBACpC,MAAMqB,OAAOF,QAAQpB,IAAI,CAACsB,IAAI,CAAC,EAAE;oBAEjC,oEAAoE;oBACpE,IACEA,KAAKrB,IAAI,KAAK,yBACd,AAACqB,KAAKC,YAAY,CAAC,EAAE,CAACC,EAAE,CAAgBlB,IAAI,KAC1C,sBACF;wBACA;oBACF;oBAEAc,SAASpB,KAAKsB,KAAKG,QAAQvE;gBAC7B;YACF;QACF;QAEAwE,iBAAgB3B,IAAI;YAClB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,wEAAwE;YACxE,0EAA0E;YAC1E,yEAAyE;YACzE,IAAIA,KAAK4B,OAAO,CAAC,YAAY;gBAC3B;YACF;YAEA,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM,CAACC,mBAAmBC,uBAAuB,GAAG7B,KAAK8B,MAAM,CAAC7D,MAAM,CAGpE,CAAC,CAACC,UAAUC,YAAY,EAAE4D,OAAO1D;gBAC/B,sEAAsE;gBACtE,6BAA6B;gBAC7B,gGAAgG;gBAChG,MAAMhB,SAASK,2BACbqE,MAAM3E,KAAK,CAACN,MAAM;gBAGpB,6CAA6C;gBAC7C,IAAIO,MAAM,CAAC,EAAE,CAACU,MAAM,IAAI,GAAG;oBACzB,OAAO;wBACL;+BAAIG;4BAAU6D;yBAAM;wBACpB;+BAAI5D;4BAAa6B,KAAK7B,WAAW,CAACE,MAAM;yBAAe;qBACxD;gBACH;gBAEA,OAAO;oBACL;2BAAIH;2BAAab,MAAM,CAAC,EAAE;qBAAC;oBAC3B;2BACKc;2BACAd,MAAM,CAAC,EAAE;wBACZ2C,KAAK7B,WAAW,CAACE,MAAM;qBACxB;iBACF;YACH,GACA;gBAAC,EAAE;gBAAE,EAAE;aAAC;YAGV0B,KAAKU,WAAW,CACdjE,gBACEoF,mBACAC,uBAAuBtE,MAAM,CAC3B,CAACyE,aAAeA,eAAevE;YAKrCsC,KAAKkC,OAAO,CAAC,WAAW;QAC1B;QAEAC,eAAcnC,IAAI;YAChB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM1C,SAASF,YAAY6C,KAAK5C,KAAK;YAErC,4DAA4D;YAC5D,IAAIC,OAAOU,MAAM,IAAI,GAAG;gBACtB;YACF;YAEA,MAAMoE,cAAc9E,OACjBqB,KAAK,CAAC,GACNT,MAAM,CACL,CAACmE,KAAKhF,QAAUjB,iBAAiB,KAAKiG,KAAK9F,cAAcc,SACzDd,cAAce,MAAM,CAAC,EAAE;YAG3B0C,KAAKU,WAAW,CAAC0B;YACjBpC,KAAKsC,IAAI;QACX;QAEAC,kBAAiBvC,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,MAAMwC,eACJ,0FACA,uFACA,uFACA;YAEF,IACEvC,KAAKwC,QAAQ,KAAK,OAClBpG,kBAAkB4D,KAAKyC,KAAK,KAC5BpG,mBAAmB2D,KAAKyC,KAAK,CAACC,QAAQ,KACtC1C,KAAKyC,KAAK,CAACC,QAAQ,CAACF,QAAQ,KAAK,QACjCxC,KAAK2C,IAAI,CAACC,GAAG,IACb5C,KAAKyC,KAAK,CAACC,QAAQ,CAACA,QAAQ,CAACG,KAAK,EAClC;gBACA,MAAMb,aAAahD,KAAKN,KAAK,CAC3BsB,KAAK2C,IAAI,CAACC,GAAG,EACb5C,KAAKyC,KAAK,CAACC,QAAQ,CAACA,QAAQ,CAACG,KAAK;gBAGpC,IAAIb,WAAWc,QAAQ,CAAC,SAAS;oBAC/B,MAAM,IAAIC,MAAMR;gBAClB;YACF;YAEA,IACEvC,KAAKwC,QAAQ,KAAK,OAClBnG,mBAAmB2D,KAAK2C,IAAI,KAC5B3C,KAAK2C,IAAI,CAACH,QAAQ,KAAK,QACvBxC,KAAK2C,IAAI,CAACD,QAAQ,CAACE,GAAG,IACtB5C,KAAKyC,KAAK,CAACI,KAAK,EAChB;gBACA,MAAMb,aAAahD,KAAKN,KAAK,CAACsB,KAAK2C,IAAI,CAACD,QAAQ,CAACE,GAAG,EAAE5C,KAAKyC,KAAK,CAACI,KAAK;gBAEtE,IAAIb,WAAWc,QAAQ,CAAC,QAAQ;oBAC9B,MAAM,IAAIC,MAAMR;gBAClB;YACF;QACF;IACF;IAEA,IAAI;QACF,MAAMS,OAAO/G,cAAc+C,MAAM;YAC/B,kDAAkD;YAClDiE,YAAY;YAEZC,YAAY;gBACV,sEAAsE;gBACtEC,YAAY;gBAEZ,sEAAsE;gBACtE,wEAAwE;gBACxEC,eAAe,CAACnE;YAClB;YAEA,mEAAmE;YACnE,yEAAyE;YACzEoE,SAAS;YAET,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnEjE;YACAD;YAEAmE,SAAS;gBACP,IAAO,CAAA;wBACL/D;wBACAM;oBACF,CAAA;aACD;QACH;QAEA,IAAI,CAACmD,MAAMhE,MAAM;YACf,MAAM,IAAI+D,MAAM;QAClB;QAEA,OAAO;YACL/D,MAAMgE,KAAKhE,IAAI;YACfE,WAAW8D,KAAKO,GAAG;YACnBlE,UAAUzB,MAAMC,IAAI,CAACwB;QACvB;IACF,EAAE,OAAOmE,OAAO;QACd,MAAM,IAAIT,MAAM,CAAC,8BAA8B,EAAES,MAAMC,OAAO,CAAC,CAAC;IAClE;AACF"}
+{"version":3,"sources":["../../src/post-process.ts"],"sourcesContent":["// eslint-disable-next-line @typescript-eslint/no-shadow\nimport type { Node, Visitor, PluginObj } from '@babel/core';\nimport { transformSync, template } from '@babel/core';\nimport type { Expression, Identifier, TemplateElement } from '@babel/types';\nimport {\n  binaryExpression,\n  isUnaryExpression,\n  isUpdateExpression,\n  stringLiteral,\n  templateElement,\n  templateLiteral,\n} from '@babel/types';\n\n/**\n * Source map declaration taken from `@babel/core`. Babel doesn't export the\n * type for this, so it's copied from the source code instead here.\n */\nexport type SourceMap = {\n  version: number;\n  sources: string[];\n  names: string[];\n  sourceRoot?: string | undefined;\n  sourcesContent?: string[] | undefined;\n  mappings: string;\n  file: string;\n};\n\n/**\n * The post process options.\n *\n * @property stripComments - Whether to strip comments. Defaults to `true`.\n * @property sourceMap - Whether to generate a source map for the modified code.\n * See also `inputSourceMap`.\n * @property inputSourceMap - The source map for the input code. When provided,\n * the source map will be used to generate a source map for the modified code.\n * This ensures that the source map is correct for the modified code, and still\n * points to the original source. If not provided, a new source map will be\n * generated instead.\n */\nexport type PostProcessOptions = {\n  stripComments?: boolean;\n  sourceMap?: boolean | 'inline';\n  inputSourceMap?: SourceMap;\n};\n\n/**\n * The post processed bundle output.\n *\n * @property code - The modified code.\n * @property sourceMap - The source map for the modified code, if the source map\n * option was enabled.\n * @property warnings - Any warnings that occurred during the post-processing.\n */\nexport type PostProcessedBundle = {\n  code: string;\n  sourceMap?: SourceMap | null;\n  warnings: PostProcessWarning[];\n};\n\nexport enum PostProcessWarning {\n  UnsafeMathRandom = '`Math.random` was detected in the Snap bundle. This is not a secure source of randomness, and should not be used in a secure context. Use `crypto.getRandomValues` instead.',\n}\n\n// The RegEx below consists of multiple groups joined by a boolean OR.\n// Each part consists of two groups which capture a part of each string\n// which needs to be split up, e.g., `<!--` is split into `<!` and `--`.\nconst TOKEN_REGEX = /(<!)(--)|(--)(>)|(import)(\\(.*?\\))/gu;\n\n// An empty template element, i.e., a part of a template literal without any\n// value (\"\").\nconst EMPTY_TEMPLATE_ELEMENT = templateElement({ raw: '', cooked: '' });\n\nconst evalWrapper = template.statement(`\n  (1, REF)(ARGS)\n`);\n\nconst objectEvalWrapper = template.statement(`\n  (1, OBJECT.REF)\n`);\n\nconst regeneratorRuntimeWrapper = template.statement(`\n  var regeneratorRuntime;\n`);\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into an array, in a way that it can be joined\n * together to form the same string, but with the tokens separated into single\n * array elements.\n */\nfunction breakTokens(value: string): string[] {\n  const tokens = value.split(TOKEN_REGEX);\n  return (\n    tokens\n      // TODO: The `split` above results in some values being `undefined`.\n      // There may be a better solution to avoid having to filter those out.\n      .filter((token) => token !== '' && token !== undefined)\n  );\n}\n\n/**\n * Breaks up tokens that would otherwise result in SES errors. The tokens are\n * broken up in a non-destructive way where possible. Currently works with:\n * - HTML comment tags `<!--` and `-->`, broken up into `<!`, `--`, and `--`,\n * `>`.\n * - `import(n)` statements, broken up into `import`, `(n)`.\n *\n * @param value - The string value to break up.\n * @returns The string split into a tuple consisting of the new template\n * elements and string literal expressions.\n */\nfunction breakTokensTemplateLiteral(\n  value: string,\n): [TemplateElement[], Expression[]] {\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore `matchAll` is not available in ES2017, but this code\n  // should only be used in environments where the function is supported.\n  const matches: RegExpMatchArray[] = Array.from(value.matchAll(TOKEN_REGEX));\n\n  if (matches.length > 0) {\n    const output = matches.reduce<[TemplateElement[], Expression[]]>(\n      ([elements, expressions], rawMatch, index, values) => {\n        const [, first, last] = rawMatch.filter((raw) => raw !== undefined);\n\n        // Slice the text in front of the match, which does not need to be\n        // broken up.\n        const prefix = value.slice(\n          index === 0\n            ? 0\n            : (values[index - 1].index as number) + values[index - 1][0].length,\n          rawMatch.index,\n        );\n\n        return [\n          [\n            ...elements,\n            templateElement({\n              raw: getRawTemplateValue(prefix),\n              cooked: prefix,\n            }),\n            EMPTY_TEMPLATE_ELEMENT,\n          ],\n          [...expressions, stringLiteral(first), stringLiteral(last)],\n        ];\n      },\n      [[], []],\n    );\n\n    // Add the text after the last match to the output.\n    const lastMatch = matches[matches.length - 1];\n    const suffix = value.slice(\n      (lastMatch.index as number) + lastMatch[0].length,\n    );\n\n    return [\n      [\n        ...output[0],\n        templateElement({ raw: getRawTemplateValue(suffix), cooked: suffix }),\n      ],\n      output[1],\n    ];\n  }\n\n  // If there are no matches, simply return the original value.\n  return [\n    [templateElement({ raw: getRawTemplateValue(value), cooked: value })],\n    [],\n  ];\n}\n\n/**\n * Get a raw template literal value from a cooked value. This adds a backslash\n * before every '`', '\\' and '${' characters.\n *\n * @see https://github.com/babel/babel/issues/9242#issuecomment-532529613\n * @param value - The cooked string to get the raw string for.\n * @returns The value as raw value.\n */\nfunction getRawTemplateValue(value: string) {\n  return value.replace(/\\\\|`|\\$\\{/gu, '\\\\$&');\n}\n\n/**\n * Post process code with AST such that it can be evaluated in SES.\n *\n * Currently:\n * - Makes all direct calls to eval indirect.\n * - Handles certain Babel-related edge cases.\n * - Removes the `Buffer` provided by Browserify.\n * - Optionally removes comments.\n * - Breaks up tokens that would otherwise result in SES errors, such as HTML\n * comment tags `<!--` and `-->` and `import(n)` statements.\n *\n * @param code - The code to post process.\n * @param options - The post-process options.\n * @param options.stripComments - Whether to strip comments. Defaults to `true`.\n * @param options.sourceMap - Whether to generate a source map for the modified\n * code. See also `inputSourceMap`.\n * @param options.inputSourceMap - The source map for the input code. When\n * provided, the source map will be used to generate a source map for the\n * modified code. This ensures that the source map is correct for the modified\n * code, and still points to the original source. If not provided, a new source\n * map will be generated instead.\n * @returns An object containing the modified code, and source map, or null if\n * the provided code is null.\n */\nexport function postProcessBundle(\n  code: string,\n  {\n    stripComments = true,\n    sourceMap: sourceMaps,\n    inputSourceMap,\n  }: Partial<PostProcessOptions> = {},\n): PostProcessedBundle {\n  const warnings = new Set<PostProcessWarning>();\n\n  const pre: PluginObj['pre'] = ({ ast }) => {\n    ast.comments?.forEach((comment) => {\n      // Break up tokens that could be parsed as HTML comment terminators. The\n      // regular expressions below are written strangely so as to avoid the\n      // appearance of such tokens in our source code. For reference:\n      // https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      comment.value = comment.value\n        .replace(new RegExp(`<!${'--'}`, 'gu'), '< !--')\n        .replace(new RegExp(`${'--'}>`, 'gu'), '-- >')\n        .replace(/import(\\(.*\\))/gu, 'import\\\\$1');\n    });\n  };\n\n  const visitor: Visitor<Node> = {\n    FunctionExpression(path) {\n      const { node } = path;\n\n      // Browserify provides the `Buffer` global as an argument to modules that\n      // use it, but this does not work in SES. Since we pass in `Buffer` as an\n      // endowment, we can simply remove the argument.\n      //\n      // Note that this only removes `Buffer` from a wrapped function\n      // expression, e.g., `(function (Buffer) { ... })`. Regular functions\n      // are not affected.\n      //\n      // TODO: Since we're working on the AST level, we could check the scope\n      // of the function expression, and possibly prevent false positives?\n      if (node.type === 'FunctionExpression' && node.extra?.parenthesized) {\n        node.params = node.params.filter(\n          (param) => !(param.type === 'Identifier' && param.name === 'Buffer'),\n        );\n      }\n    },\n\n    CallExpression(path) {\n      const { node } = path;\n\n      // Replace `eval(foo)` with `(1, eval)(foo)`.\n      if (node.callee.type === 'Identifier' && node.callee.name === 'eval') {\n        path.replaceWith(\n          evalWrapper({\n            REF: node.callee,\n            ARGS: node.arguments,\n          }),\n        );\n      }\n\n      // Detect the use of `Math.random()` and add a warning.\n      if (\n        node.callee.type === 'MemberExpression' &&\n        node.callee.object.type === 'Identifier' &&\n        node.callee.object.name === 'Math' &&\n        node.callee.property.type === 'Identifier' &&\n        node.callee.property.name === 'random'\n      ) {\n        warnings.add(PostProcessWarning.UnsafeMathRandom);\n      }\n    },\n\n    MemberExpression(path) {\n      const { node } = path;\n\n      // Replace `object.eval(foo)` with `(1, object.eval)(foo)`.\n      if (\n        node.property.type === 'Identifier' &&\n        node.property.name === 'eval' &&\n        // We only apply this to MemberExpressions that are the callee of CallExpression\n        path.parent.type === 'CallExpression' &&\n        path.parent.callee === node\n      ) {\n        path.replaceWith(\n          objectEvalWrapper({\n            OBJECT: node.object,\n            REF: node.property,\n          }),\n        );\n      }\n    },\n\n    Identifier(path) {\n      const { node } = path;\n\n      // Insert `regeneratorRuntime` global if it's used in the code.\n      if (node.name === 'regeneratorRuntime') {\n        const program = path.findParent(\n          (parent) => parent.node.type === 'Program',\n        );\n\n        // We know that `program` is a Program node here, but this keeps\n        // TypeScript happy.\n        if (program?.node.type === 'Program') {\n          const body = program.node.body[0];\n\n          // This stops it from inserting `regeneratorRuntime` multiple times.\n          if (\n            body.type === 'VariableDeclaration' &&\n            (body.declarations[0].id as Identifier).name ===\n              'regeneratorRuntime'\n          ) {\n            return;\n          }\n\n          program?.node.body.unshift(regeneratorRuntimeWrapper());\n        }\n      }\n    },\n\n    TemplateLiteral(path) {\n      const { node } = path;\n\n      // This checks if the template literal was visited before. Without this,\n      // it would cause an infinite loop resulting in a stack overflow. We can't\n      // skip the path here, because we need to visit the children of the node.\n      if (path.getData('visited')) {\n        return;\n      }\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const [replacementQuasis, replacementExpressions] = node.quasis.reduce<\n        [TemplateElement[], Expression[]]\n      >(\n        ([elements, expressions], quasi, index) => {\n          // Note: Template literals have two variants, \"cooked\" and \"raw\". Here\n          // we use the cooked version.\n          // https://exploringjs.com/impatient-js/ch_template-literals.html#template-strings-cooked-vs-raw\n          const tokens = breakTokensTemplateLiteral(\n            quasi.value.cooked as string,\n          );\n\n          // Only update the node if something changed.\n          if (tokens[0].length <= 1) {\n            return [\n              [...elements, quasi],\n              [...expressions, node.expressions[index] as Expression],\n            ];\n          }\n\n          return [\n            [...elements, ...tokens[0]],\n            [\n              ...expressions,\n              ...tokens[1],\n              node.expressions[index] as Expression,\n            ],\n          ];\n        },\n        [[], []],\n      );\n\n      path.replaceWith(\n        templateLiteral(\n          replacementQuasis,\n          replacementExpressions.filter(\n            (expression) => expression !== undefined,\n          ),\n        ) as Node,\n      );\n\n      path.setData('visited', true);\n    },\n\n    StringLiteral(path) {\n      const { node } = path;\n\n      // Break up tokens that could be parsed as HTML comment terminators, or\n      // `import()` statements.\n      // For reference:\n      // - https://github.com/endojs/endo/blob/70cc86eb400655e922413b99c38818d7b2e79da0/packages/ses/error-codes/SES_HTML_COMMENT_REJECTED.md\n      // - https://github.com/MetaMask/snaps-monorepo/issues/505\n      const tokens = breakTokens(node.value);\n\n      // Only update the node if the string literal was broken up.\n      if (tokens.length <= 1) {\n        return;\n      }\n\n      const replacement = tokens\n        .slice(1)\n        .reduce<Expression>(\n          (acc, value) => binaryExpression('+', acc, stringLiteral(value)),\n          stringLiteral(tokens[0]),\n        );\n\n      path.replaceWith(replacement as Node);\n      path.skip();\n    },\n\n    BinaryExpression(path) {\n      const { node } = path;\n\n      const errorMessage =\n        'Using HTML comments (`<!--` and `-->`) as operators is not allowed. The behaviour of ' +\n        'these comments is ambiguous, and differs per browser and environment. If you want ' +\n        'to use them as operators, break them up into separate characters, i.e., `a-- > b` ' +\n        'and `a < ! --b`.';\n\n      if (\n        node.operator === '<' &&\n        isUnaryExpression(node.right) &&\n        isUpdateExpression(node.right.argument) &&\n        node.right.argument.operator === '--' &&\n        node.left.end &&\n        node.right.argument.argument.start\n      ) {\n        const expression = code.slice(\n          node.left.end,\n          node.right.argument.argument.start,\n        );\n\n        if (expression.includes('<!--')) {\n          throw new Error(errorMessage);\n        }\n      }\n\n      if (\n        node.operator === '>' &&\n        isUpdateExpression(node.left) &&\n        node.left.operator === '--' &&\n        node.left.argument.end &&\n        node.right.start\n      ) {\n        const expression = code.slice(node.left.argument.end, node.right.start);\n\n        if (expression.includes('-->')) {\n          throw new Error(errorMessage);\n        }\n      }\n    },\n  };\n\n  try {\n    const file = transformSync(code, {\n      // Prevent Babel from searching for a config file.\n      configFile: false,\n\n      parserOpts: {\n        // Strict mode isn't enabled by default, so we need to enable it here.\n        strictMode: true,\n\n        // If this is disabled, the AST does not include any comments. This is\n        // useful for performance reasons, and we use it for stripping comments.\n        attachComment: !stripComments,\n      },\n\n      // By default, Babel optimises bundles that exceed 500 KB, but that\n      // results in characters which look like HTML comments, which breaks SES.\n      compact: false,\n\n      // This configures Babel to generate a new source map from the existing\n      // source map if specified. If `sourceMap` is `true` but an input source\n      // map is not provided, a new source map will be generated instead.\n      inputSourceMap,\n      sourceMaps,\n\n      plugins: [\n        () => ({\n          pre,\n          visitor,\n        }),\n      ],\n    });\n\n    if (!file?.code) {\n      throw new Error('Bundled code is empty.');\n    }\n\n    return {\n      code: file.code,\n      sourceMap: file.map,\n      warnings: Array.from(warnings),\n    };\n  } catch (error) {\n    throw new Error(`Failed to post process code:\\n${error.message}`);\n  }\n}\n"],"names":["transformSync","template","binaryExpression","isUnaryExpression","isUpdateExpression","stringLiteral","templateElement","templateLiteral","PostProcessWarning","UnsafeMathRandom","TOKEN_REGEX","EMPTY_TEMPLATE_ELEMENT","raw","cooked","evalWrapper","statement","objectEvalWrapper","regeneratorRuntimeWrapper","breakTokens","value","tokens","split","filter","token","undefined","breakTokensTemplateLiteral","matches","Array","from","matchAll","length","output","reduce","elements","expressions","rawMatch","index","values","first","last","prefix","slice","getRawTemplateValue","lastMatch","suffix","replace","postProcessBundle","code","stripComments","sourceMap","sourceMaps","inputSourceMap","warnings","Set","pre","ast","comments","forEach","comment","RegExp","visitor","FunctionExpression","path","node","type","extra","parenthesized","params","param","name","CallExpression","callee","replaceWith","REF","ARGS","arguments","object","property","add","MemberExpression","parent","OBJECT","Identifier","program","findParent","body","declarations","id","unshift","TemplateLiteral","getData","replacementQuasis","replacementExpressions","quasis","quasi","expression","setData","StringLiteral","replacement","acc","skip","BinaryExpression","errorMessage","operator","right","argument","left","end","start","includes","Error","file","configFile","parserOpts","strictMode","attachComment","compact","plugins","map","error","message"],"mappings":"AAAA,wDAAwD;AAExD,SAASA,aAAa,EAAEC,QAAQ,QAAQ,cAAc;AAEtD,SACEC,gBAAgB,EAChBC,iBAAiB,EACjBC,kBAAkB,EAClBC,aAAa,EACbC,eAAe,EACfC,eAAe,QACV,eAAe;WAgDf;UAAKC,kBAAkB;IAAlBA,mBACVC,sBAAmB;GADTD,uBAAAA;AAIZ,sEAAsE;AACtE,uEAAuE;AACvE,wEAAwE;AACxE,MAAME,cAAc;AAEpB,4EAA4E;AAC5E,cAAc;AACd,MAAMC,yBAAyBL,gBAAgB;IAAEM,KAAK;IAAIC,QAAQ;AAAG;AAErE,MAAMC,cAAcb,SAASc,SAAS,CAAC,CAAC;;AAExC,CAAC;AAED,MAAMC,oBAAoBf,SAASc,SAAS,CAAC,CAAC;;AAE9C,CAAC;AAED,MAAME,4BAA4BhB,SAASc,SAAS,CAAC,CAAC;;AAEtD,CAAC;AAED;;;;;;;;;;;CAWC,GACD,SAASG,YAAYC,KAAa;IAChC,MAAMC,SAASD,MAAME,KAAK,CAACX;IAC3B,OACEU,MACE,oEAAoE;IACpE,sEAAsE;KACrEE,MAAM,CAAC,CAACC,QAAUA,UAAU,MAAMA,UAAUC;AAEnD;AAEA;;;;;;;;;;CAUC,GACD,SAASC,2BACPN,KAAa;IAEb,6DAA6D;IAC7D,kEAAkE;IAClE,uEAAuE;IACvE,MAAMO,UAA8BC,MAAMC,IAAI,CAACT,MAAMU,QAAQ,CAACnB;IAE9D,IAAIgB,QAAQI,MAAM,GAAG,GAAG;QACtB,MAAMC,SAASL,QAAQM,MAAM,CAC3B,CAAC,CAACC,UAAUC,YAAY,EAAEC,UAAUC,OAAOC;YACzC,MAAM,GAAGC,OAAOC,KAAK,GAAGJ,SAASb,MAAM,CAAC,CAACV,MAAQA,QAAQY;YAEzD,kEAAkE;YAClE,aAAa;YACb,MAAMgB,SAASrB,MAAMsB,KAAK,CACxBL,UAAU,IACN,IACA,AAACC,MAAM,CAACD,QAAQ,EAAE,CAACA,KAAK,GAAcC,MAAM,CAACD,QAAQ,EAAE,CAAC,EAAE,CAACN,MAAM,EACrEK,SAASC,KAAK;YAGhB,OAAO;gBACL;uBACKH;oBACH3B,gBAAgB;wBACdM,KAAK8B,oBAAoBF;wBACzB3B,QAAQ2B;oBACV;oBACA7B;iBACD;gBACD;uBAAIuB;oBAAa7B,cAAciC;oBAAQjC,cAAckC;iBAAM;aAC5D;QACH,GACA;YAAC,EAAE;YAAE,EAAE;SAAC;QAGV,mDAAmD;QACnD,MAAMI,YAAYjB,OAAO,CAACA,QAAQI,MAAM,GAAG,EAAE;QAC7C,MAAMc,SAASzB,MAAMsB,KAAK,CACxB,AAACE,UAAUP,KAAK,GAAcO,SAAS,CAAC,EAAE,CAACb,MAAM;QAGnD,OAAO;YACL;mBACKC,MAAM,CAAC,EAAE;gBACZzB,gBAAgB;oBAAEM,KAAK8B,oBAAoBE;oBAAS/B,QAAQ+B;gBAAO;aACpE;YACDb,MAAM,CAAC,EAAE;SACV;IACH;IAEA,6DAA6D;IAC7D,OAAO;QACL;YAACzB,gBAAgB;gBAAEM,KAAK8B,oBAAoBvB;gBAAQN,QAAQM;YAAM;SAAG;QACrE,EAAE;KACH;AACH;AAEA;;;;;;;CAOC,GACD,SAASuB,oBAAoBvB,KAAa;IACxC,OAAOA,MAAM0B,OAAO,CAAC,eAAe;AACtC;AAEA;;;;;;;;;;;;;;;;;;;;;;;CAuBC,GACD,OAAO,SAASC,kBACdC,IAAY,EACZ,EACEC,gBAAgB,IAAI,EACpBC,WAAWC,UAAU,EACrBC,cAAc,EACc,GAAG,CAAC,CAAC;IAEnC,MAAMC,WAAW,IAAIC;IAErB,MAAMC,MAAwB,CAAC,EAAEC,GAAG,EAAE;QACpCA,IAAIC,QAAQ,EAAEC,QAAQ,CAACC;YACrB,wEAAwE;YACxE,qEAAqE;YACrE,+DAA+D;YAC/D,qIAAqI;YACrIA,QAAQvC,KAAK,GAAGuC,QAAQvC,KAAK,CAC1B0B,OAAO,CAAC,IAAIc,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,OAAO,SACvCd,OAAO,CAAC,IAAIc,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,OAAO,QACtCd,OAAO,CAAC,oBAAoB;QACjC;IACF;IAEA,MAAMe,UAAyB;QAC7BC,oBAAmBC,IAAI;YACrB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,yEAAyE;YACzE,yEAAyE;YACzE,gDAAgD;YAChD,EAAE;YACF,+DAA+D;YAC/D,qEAAqE;YACrE,oBAAoB;YACpB,EAAE;YACF,uEAAuE;YACvE,oEAAoE;YACpE,IAAIC,KAAKC,IAAI,KAAK,wBAAwBD,KAAKE,KAAK,EAAEC,eAAe;gBACnEH,KAAKI,MAAM,GAAGJ,KAAKI,MAAM,CAAC7C,MAAM,CAC9B,CAAC8C,QAAU,CAAEA,CAAAA,MAAMJ,IAAI,KAAK,gBAAgBI,MAAMC,IAAI,KAAK,QAAO;YAEtE;QACF;QAEAC,gBAAeR,IAAI;YACjB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,6CAA6C;YAC7C,IAAIC,KAAKQ,MAAM,CAACP,IAAI,KAAK,gBAAgBD,KAAKQ,MAAM,CAACF,IAAI,KAAK,QAAQ;gBACpEP,KAAKU,WAAW,CACd1D,YAAY;oBACV2D,KAAKV,KAAKQ,MAAM;oBAChBG,MAAMX,KAAKY,SAAS;gBACtB;YAEJ;YAEA,uDAAuD;YACvD,IACEZ,KAAKQ,MAAM,CAACP,IAAI,KAAK,sBACrBD,KAAKQ,MAAM,CAACK,MAAM,CAACZ,IAAI,KAAK,gBAC5BD,KAAKQ,MAAM,CAACK,MAAM,CAACP,IAAI,KAAK,UAC5BN,KAAKQ,MAAM,CAACM,QAAQ,CAACb,IAAI,KAAK,gBAC9BD,KAAKQ,MAAM,CAACM,QAAQ,CAACR,IAAI,KAAK,UAC9B;gBACAjB,SAAS0B,GAAG,CAACtE,mBAAmBC,gBAAgB;YAClD;QACF;QAEAsE,kBAAiBjB,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,2DAA2D;YAC3D,IACEC,KAAKc,QAAQ,CAACb,IAAI,KAAK,gBACvBD,KAAKc,QAAQ,CAACR,IAAI,KAAK,UACvB,gFAAgF;YAChFP,KAAKkB,MAAM,CAAChB,IAAI,KAAK,oBACrBF,KAAKkB,MAAM,CAACT,MAAM,KAAKR,MACvB;gBACAD,KAAKU,WAAW,CACdxD,kBAAkB;oBAChBiE,QAAQlB,KAAKa,MAAM;oBACnBH,KAAKV,KAAKc,QAAQ;gBACpB;YAEJ;QACF;QAEAK,YAAWpB,IAAI;YACb,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,+DAA+D;YAC/D,IAAIC,KAAKM,IAAI,KAAK,sBAAsB;gBACtC,MAAMc,UAAUrB,KAAKsB,UAAU,CAC7B,CAACJ,SAAWA,OAAOjB,IAAI,CAACC,IAAI,KAAK;gBAGnC,gEAAgE;gBAChE,oBAAoB;gBACpB,IAAImB,SAASpB,KAAKC,SAAS,WAAW;oBACpC,MAAMqB,OAAOF,QAAQpB,IAAI,CAACsB,IAAI,CAAC,EAAE;oBAEjC,oEAAoE;oBACpE,IACEA,KAAKrB,IAAI,KAAK,yBACd,AAACqB,KAAKC,YAAY,CAAC,EAAE,CAACC,EAAE,CAAgBlB,IAAI,KAC1C,sBACF;wBACA;oBACF;oBAEAc,SAASpB,KAAKsB,KAAKG,QAAQvE;gBAC7B;YACF;QACF;QAEAwE,iBAAgB3B,IAAI;YAClB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,wEAAwE;YACxE,0EAA0E;YAC1E,yEAAyE;YACzE,IAAIA,KAAK4B,OAAO,CAAC,YAAY;gBAC3B;YACF;YAEA,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM,CAACC,mBAAmBC,uBAAuB,GAAG7B,KAAK8B,MAAM,CAAC7D,MAAM,CAGpE,CAAC,CAACC,UAAUC,YAAY,EAAE4D,OAAO1D;gBAC/B,sEAAsE;gBACtE,6BAA6B;gBAC7B,gGAAgG;gBAChG,MAAMhB,SAASK,2BACbqE,MAAM3E,KAAK,CAACN,MAAM;gBAGpB,6CAA6C;gBAC7C,IAAIO,MAAM,CAAC,EAAE,CAACU,MAAM,IAAI,GAAG;oBACzB,OAAO;wBACL;+BAAIG;4BAAU6D;yBAAM;wBACpB;+BAAI5D;4BAAa6B,KAAK7B,WAAW,CAACE,MAAM;yBAAe;qBACxD;gBACH;gBAEA,OAAO;oBACL;2BAAIH;2BAAab,MAAM,CAAC,EAAE;qBAAC;oBAC3B;2BACKc;2BACAd,MAAM,CAAC,EAAE;wBACZ2C,KAAK7B,WAAW,CAACE,MAAM;qBACxB;iBACF;YACH,GACA;gBAAC,EAAE;gBAAE,EAAE;aAAC;YAGV0B,KAAKU,WAAW,CACdjE,gBACEoF,mBACAC,uBAAuBtE,MAAM,CAC3B,CAACyE,aAAeA,eAAevE;YAKrCsC,KAAKkC,OAAO,CAAC,WAAW;QAC1B;QAEAC,eAAcnC,IAAI;YAChB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,uEAAuE;YACvE,yBAAyB;YACzB,iBAAiB;YACjB,uIAAuI;YACvI,0DAA0D;YAC1D,MAAM1C,SAASF,YAAY6C,KAAK5C,KAAK;YAErC,4DAA4D;YAC5D,IAAIC,OAAOU,MAAM,IAAI,GAAG;gBACtB;YACF;YAEA,MAAMoE,cAAc9E,OACjBqB,KAAK,CAAC,GACNT,MAAM,CACL,CAACmE,KAAKhF,QAAUjB,iBAAiB,KAAKiG,KAAK9F,cAAcc,SACzDd,cAAce,MAAM,CAAC,EAAE;YAG3B0C,KAAKU,WAAW,CAAC0B;YACjBpC,KAAKsC,IAAI;QACX;QAEAC,kBAAiBvC,IAAI;YACnB,MAAM,EAAEC,IAAI,EAAE,GAAGD;YAEjB,MAAMwC,eACJ,0FACA,uFACA,uFACA;YAEF,IACEvC,KAAKwC,QAAQ,KAAK,OAClBpG,kBAAkB4D,KAAKyC,KAAK,KAC5BpG,mBAAmB2D,KAAKyC,KAAK,CAACC,QAAQ,KACtC1C,KAAKyC,KAAK,CAACC,QAAQ,CAACF,QAAQ,KAAK,QACjCxC,KAAK2C,IAAI,CAACC,GAAG,IACb5C,KAAKyC,KAAK,CAACC,QAAQ,CAACA,QAAQ,CAACG,KAAK,EAClC;gBACA,MAAMb,aAAahD,KAAKN,KAAK,CAC3BsB,KAAK2C,IAAI,CAACC,GAAG,EACb5C,KAAKyC,KAAK,CAACC,QAAQ,CAACA,QAAQ,CAACG,KAAK;gBAGpC,IAAIb,WAAWc,QAAQ,CAAC,SAAS;oBAC/B,MAAM,IAAIC,MAAMR;gBAClB;YACF;YAEA,IACEvC,KAAKwC,QAAQ,KAAK,OAClBnG,mBAAmB2D,KAAK2C,IAAI,KAC5B3C,KAAK2C,IAAI,CAACH,QAAQ,KAAK,QACvBxC,KAAK2C,IAAI,CAACD,QAAQ,CAACE,GAAG,IACtB5C,KAAKyC,KAAK,CAACI,KAAK,EAChB;gBACA,MAAMb,aAAahD,KAAKN,KAAK,CAACsB,KAAK2C,IAAI,CAACD,QAAQ,CAACE,GAAG,EAAE5C,KAAKyC,KAAK,CAACI,KAAK;gBAEtE,IAAIb,WAAWc,QAAQ,CAAC,QAAQ;oBAC9B,MAAM,IAAIC,MAAMR;gBAClB;YACF;QACF;IACF;IAEA,IAAI;QACF,MAAMS,OAAO/G,cAAc+C,MAAM;YAC/B,kDAAkD;YAClDiE,YAAY;YAEZC,YAAY;gBACV,sEAAsE;gBACtEC,YAAY;gBAEZ,sEAAsE;gBACtE,wEAAwE;gBACxEC,eAAe,CAACnE;YAClB;YAEA,mEAAmE;YACnE,yEAAyE;YACzEoE,SAAS;YAET,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnEjE;YACAD;YAEAmE,SAAS;gBACP,IAAO,CAAA;wBACL/D;wBACAM;oBACF,CAAA;aACD;QACH;QAEA,IAAI,CAACmD,MAAMhE,MAAM;YACf,MAAM,IAAI+D,MAAM;QAClB;QAEA,OAAO;YACL/D,MAAMgE,KAAKhE,IAAI;YACfE,WAAW8D,KAAKO,GAAG;YACnBlE,UAAUzB,MAAMC,IAAI,CAACwB;QACvB;IACF,EAAE,OAAOmE,OAAO;QACd,MAAM,IAAIT,MAAM,CAAC,8BAA8B,EAAES,MAAMC,OAAO,CAAC,CAAC;IAClE;AACF"}

package/dist/types/icon.d.ts

@@ -1,4 +1,19 @@
 import type { VirtualFile } from './virtual-file';
 export declare const SVG_MAX_BYTE_SIZE = 100000;
 export declare const SVG_MAX_BYTE_SIZE_TEXT: string;
-export declare const assertIsSnapIcon: (icon: VirtualFile) => void;
+/**
+ * Assert that a virtual file containing a Snap icon is valid.
+ *
+ * @param icon - A virtual file containing a Snap icon.
+ */
+export declare function assertIsSnapIcon(icon: VirtualFile): void;
+/**
+ * Extract the dimensions of an image from an SVG string if possible.
+ *
+ * @param svg - An SVG string.
+ * @returns The height and width of the SVG or null.
+ */
+export declare function getSvgDimensions(svg: string): {
+    height: number;
+    width: number;
+} | null;

package/dist/types/post-process.d.ts

@@ -42,7 +42,7 @@ export declare type PostProcessedBundle = {
     warnings: PostProcessWarning[];
 };
 export declare enum PostProcessWarning {
-    UnsafeMathRandom = "`Math.random` was detected in the bundle. This is not a secure source of randomness."
+    UnsafeMathRandom = "`Math.random` was detected in the Snap bundle. This is not a secure source of randomness, and should not be used in a secure context. Use `crypto.getRandomValues` instead."
 }
 /**
  * Post process code with AST such that it can be evaluated in SES.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@metamask/snaps-utils",
-  "version": "6.0.0",
+  "version": "6.1.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/MetaMask/snaps.git"
@@ -73,7 +73,7 @@
     "@metamask/rpc-errors": "^6.1.0",
     "@metamask/slip44": "^3.1.0",
     "@metamask/snaps-registry": "^3.0.0",
-    "@metamask/snaps-sdk": "^2.0.0",
+    "@metamask/snaps-sdk": "^2.1.0",
     "@metamask/utils": "^8.3.0",
     "@noble/hashes": "^1.3.1",
     "@scure/base": "^1.1.1",
@@ -81,7 +81,6 @@
     "cron-parser": "^4.5.0",
     "fast-deep-equal": "^3.1.3",
     "fast-json-stable-stringify": "^2.1.0",
-    "is-svg": "^4.4.0",
     "rfdc": "^1.3.0",
     "semver": "^7.5.4",
     "ses": "^1.1.0",
@@ -91,7 +90,7 @@
   "devDependencies": {
     "@esbuild-plugins/node-globals-polyfill": "^0.2.3",
     "@esbuild-plugins/node-modules-polyfill": "^0.2.2",
-    "@lavamoat/allow-scripts": "^3.0.0",
+    "@lavamoat/allow-scripts": "^3.0.2",
     "@metamask/auto-changelog": "^3.4.4",
     "@metamask/eslint-config": "^12.1.0",
     "@metamask/eslint-config-jest": "^12.1.0",