@nodesecure/js-x-ray 9.1.0 → 9.2.0

package/dist/probes/isUnsafeCommand.js

@@ -0,0 +1,100 @@
+// Import Internal Dependencies
+import { SourceFile } from "../SourceFile.js";
+import { generateWarning } from "../warnings.js";
+import { ProbeSignals } from "../ProbeRunner.js";
+import { isLiteral } from "../types/estree.js";
+// CONSTANTS
+const kUnsafeCommands = ["csrutil"];
+function isUnsafeCommand(command) {
+    return kUnsafeCommands.some((unsafeCommand) => command.includes(unsafeCommand));
+}
+function isSpawnOrExec(name) {
+    return name === "spawn" ||
+        name === "exec" ||
+        name === "spawnSync" ||
+        name === "execSync";
+}
+/**
+ * @description Detect spawn or exec unsafe commands
+ * @example
+ * child_process.spawn("csrutil", ["status"]);
+ *
+ * require("child_process").spawn("csrutil", ["disable"]);
+ *
+ * const { exec } = require("child_process");
+ * exec("csrutil status");
+ */
+function validateNode(node) {
+    if (node.type !== "CallExpression" || node.arguments.length === 0) {
+        return [false];
+    }
+    // const { spawn } = require("child_process");
+    // spawn("...", ["..."]);
+    // or
+    // const { exec } = require("child_process");
+    // exec(...);
+    if (node.type === "CallExpression" &&
+        node.callee.type === "Identifier" &&
+        isSpawnOrExec(node.callee.name)) {
+        return [true, node.callee.name];
+    }
+    // child_process.spawn(...) or require("child_process").spawn(...)
+    // child_process.exec(...) or require("child_process").exec(...)
+    if (node.callee.type === "MemberExpression" &&
+        node.callee.property.type === "Identifier" &&
+        isSpawnOrExec(node.callee.property.name)) {
+        // child_process.spawn(...)
+        // child_process.exec(...)
+        if (node.callee.object.type === "Identifier" &&
+            node.callee.object.name === "child_process") {
+            return [true, node.callee.property.name];
+        }
+        // require("child_process").spawn(...)
+        // require("child_process").exec(...)
+        if (node.callee.object.type === "CallExpression" &&
+            node.callee.object.callee.type === "Identifier" &&
+            node.callee.object.callee.name === "require" &&
+            node.callee.object.arguments.length === 1 &&
+            node.callee.object.arguments[0].type === "Literal" &&
+            node.callee.object.arguments[0].value === "child_process") {
+            return [true, node.callee.property.name];
+        }
+    }
+    return [false];
+}
+function main(node, options) {
+    const { sourceFile, data: methodName } = options;
+    const commandArg = node.arguments[0];
+    if (!isLiteral(commandArg)) {
+        return null;
+    }
+    let command = commandArg.value;
+    if (isUnsafeCommand(command)) {
+        // Spawned command arguments are filled into an Array
+        // as second arguments. This is why we should add them
+        // manually to the command string.
+        if (methodName === "spawn" || methodName === "spawnSync") {
+            const arrExpr = node.arguments.at(1);
+            if (arrExpr && arrExpr.type === "ArrayExpression") {
+                arrExpr.elements
+                    .filter((element) => isLiteral(element))
+                    .forEach((element) => {
+                    command += ` ${element.value}`;
+                });
+            }
+        }
+        const warning = generateWarning("unsafe-command", {
+            value: command,
+            location: node.loc
+        });
+        sourceFile.warnings.push(warning);
+        return ProbeSignals.Skip;
+    }
+    return null;
+}
+export default {
+    name: "isUnsafeCommand",
+    validateNode,
+    main
+};
+//# sourceMappingURL=isUnsafeCommand.js.map

package/dist/probes/isUnsafeCommand.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isUnsafeCommand.js","sourceRoot":"","sources":["../../src/probes/isUnsafeCommand.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,YAAY;AACZ,MAAM,eAAe,GAAG,CAAC,SAAS,CAAC,CAAC;AAEpC,SAAS,eAAe,CACtB,OAAe;IAEf,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,aAAa,CACpB,IAAY;IAEZ,OAAO,IAAI,KAAK,OAAO;QACrB,IAAI,KAAK,MAAM;QACf,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,UAAU,CAAC;AACxB,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,YAAY,CACnB,IAAiB;IAEjB,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,8CAA8C;IAC9C,yBAAyB;IACzB,KAAK;IACL,6CAA6C;IAC7C,aAAa;IACb,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAChC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QACjC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAC/B,CAAC;QACD,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,kEAAkE;IAClE,gEAAgE;IAChE,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;QACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;QAC1C,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACxC,CAAC;QACD,2BAA2B;QAC3B,0BAA0B;QAC1B,IACE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;YACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,eAAe,EAC3C,CAAC;YACD,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC;QACD,sCAAsC;QACtC,qCAAqC;QACrC,IACE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB;YAC5C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;YAC/C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;YAC5C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS;YAClD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,eAAe,EACzD,CAAC;YACD,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,CAAC;AACjB,CAAC;AAED,SAAS,IAAI,CACX,IAA2B,EAC3B,OAAmD;IAEnD,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEjD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC;IAC/B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,qDAAqD;QACrD,sDAAsD;QACtD,kCAAkC;QAClC,IAAI,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAErC,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBAClD,OAAO,CAAC,QAAQ;qBACb,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;qBACvC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;oBACnB,OAAO,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBACjC,CAAC,CAAC,CAAC;YACP,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,eAAe,CAAC,gBAAgB,EAAE;YAChD,KAAK,EAAE,OAAO;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG;SACnB,CAAC,CAAC;QACH,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAElC,OAAO,YAAY,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,eAAe;IACb,IAAI,EAAE,iBAAiB;IACvB,YAAY;IACZ,IAAI;CACL,CAAC"}

package/dist/probes/isWeakCrypto.d.ts

@@ -0,0 +1,16 @@
+import type { ESTree } from "meriyah";
+import { SourceFile } from "../SourceFile.js";
+declare function validateNode(node: ESTree.Node, sourceFile: SourceFile): [boolean, any?];
+declare function initialize(sourceFile: SourceFile): void;
+declare function main(node: ESTree.CallExpression, { sourceFile }: {
+    sourceFile: SourceFile;
+}): void;
+declare const _default: {
+    name: string;
+    validateNode: typeof validateNode;
+    main: typeof main;
+    initialize: typeof initialize;
+    breakOnMatch: boolean;
+};
+export default _default;
+//# sourceMappingURL=isWeakCrypto.d.ts.map

package/dist/probes/isWeakCrypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isWeakCrypto.d.ts","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGtC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAe9C,iBAAS,YAAY,CACnB,IAAI,EAAE,MAAM,CAAC,IAAI,EACjB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAajB;AAED,iBAAS,UAAU,CACjB,UAAU,EAAE,UAAU,QAMvB;AAED,iBAAS,IAAI,CACX,IAAI,EAAE,MAAM,CAAC,cAAc,EAC3B,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,UAAU,CAAC;CAAE,QAW5C;;;;;;;;AAED,wBAME"}

package/dist/probes/isWeakCrypto.js

@@ -0,0 +1,46 @@
+// Import Third-party Dependencies
+import { getCallExpressionIdentifier } from "@nodesecure/estree-ast-utils";
+// Import Internal Dependencies
+import { SourceFile } from "../SourceFile.js";
+import { generateWarning } from "../warnings.js";
+import { isLiteral } from "../types/estree.js";
+// CONSTANTS
+const kWeakAlgorithms = new Set([
+    "md5",
+    "sha1",
+    "ripemd160",
+    "md4",
+    "md2"
+]);
+function validateNode(node, sourceFile) {
+    const { tracer } = sourceFile;
+    const id = getCallExpressionIdentifier(node);
+    if (id === null || !tracer.importedModules.has("crypto")) {
+        return [false];
+    }
+    const data = tracer.getDataFromIdentifier(id);
+    return [
+        data !== null && data.identifierOrMemberExpr === "crypto.createHash"
+    ];
+}
+function initialize(sourceFile) {
+    sourceFile.tracer.trace("crypto.createHash", {
+        followConsecutiveAssignment: true,
+        moduleName: "crypto"
+    });
+}
+function main(node, { sourceFile }) {
+    const arg = node.arguments.at(0);
+    if (isLiteral(arg) && kWeakAlgorithms.has(arg.value)) {
+        const warning = generateWarning("weak-crypto", { value: arg.value, location: node.loc });
+        sourceFile.warnings.push(warning);
+    }
+}
+export default {
+    name: "isWeakCrypto",
+    validateNode,
+    main,
+    initialize,
+    breakOnMatch: false
+};
+//# sourceMappingURL=isWeakCrypto.js.map

package/dist/probes/isWeakCrypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isWeakCrypto.js","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAG3E,+BAA+B;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EACL,SAAS,EACV,MAAM,oBAAoB,CAAC;AAE5B,YAAY;AACZ,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,KAAK;IACL,MAAM;IACN,WAAW;IACX,KAAK;IACL,KAAK;CACN,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,IAAiB,EACjB,UAAsB;IAEtB,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;IAE9B,MAAM,EAAE,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzD,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IAE9C,OAAO;QACL,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,sBAAsB,KAAK,mBAAmB;KACrE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CACjB,UAAsB;IAEtB,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;QAC3C,2BAA2B,EAAE,IAAI;QACjC,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,IAAI,CACX,IAA2B,EAC3B,EAAE,UAAU,EAA+B;IAE3C,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,OAAO,GAAG,eAAe,CAC7B,aAAa,EACb,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,CACzC,CAAC;QACF,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,eAAe;IACb,IAAI,EAAE,cAAc;IACpB,YAAY;IACZ,IAAI;IACJ,UAAU;IACV,YAAY,EAAE,KAAK;CACpB,CAAC"}

package/dist/types/estree.d.ts

@@ -0,0 +1,11 @@
+import type { ESTree } from "meriyah";
+export type Literal<T> = ESTree.Literal & {
+    value: T;
+};
+export type RegExpLiteral<T> = ESTree.RegExpLiteral & {
+    value: T;
+};
+export declare function isNode(value: any): value is ESTree.Node;
+export declare function isLiteral(node: any): node is Literal<string>;
+export declare function isCallExpression(node: any): node is ESTree.CallExpression;
+//# sourceMappingURL=estree.d.ts.map

package/dist/types/estree.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"estree.d.ts","sourceRoot":"","sources":["../../src/types/estree.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEtC,MAAM,MAAM,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,GAAG;IACxC,KAAK,EAAE,CAAC,CAAC;CACV,CAAC;AAEF,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,MAAM,CAAC,aAAa,GAAG;IACpD,KAAK,EAAE,CAAC,CAAC;CACV,CAAC;AAEF,wBAAgB,MAAM,CACpB,KAAK,EAAE,GAAG,GACT,KAAK,IAAI,MAAM,CAAC,IAAI,CAOtB;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,GAAG,GACR,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,CAIzB;AAED,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,GAAG,GACR,IAAI,IAAI,MAAM,CAAC,cAAc,CAE/B"}

package/dist/types/estree.js

@@ -0,0 +1,15 @@
+export function isNode(value) {
+    return (value !== null &&
+        typeof value === "object" &&
+        "type" in value &&
+        typeof value.type === "string");
+}
+export function isLiteral(node) {
+    return isNode(node) &&
+        node.type === "Literal" &&
+        typeof node.value === "string";
+}
+export function isCallExpression(node) {
+    return isNode(node) && node.type === "CallExpression";
+}
+//# sourceMappingURL=estree.js.map

package/dist/types/estree.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"estree.js","sourceRoot":"","sources":["../../src/types/estree.ts"],"names":[],"mappings":"AAWA,MAAM,UAAU,MAAM,CACpB,KAAU;IAEV,OAAO,CACL,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,MAAM,IAAI,KAAK;QACf,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAC/B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAS;IAET,OAAO,MAAM,CAAC,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAS;IAET,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC;AACxD,CAAC"}

package/dist/utils/extractNode.d.ts

@@ -0,0 +1,5 @@
+import type { ESTree } from "meriyah";
+export type NodeExtractorCallback<T> = (node: T) => void;
+export type NodeOrNull = ESTree.Node | null;
+export declare function extractNode<T extends ESTree.Node>(expectedType: T["type"]): (callback: NodeExtractorCallback<T>, nodes: NodeOrNull | NodeOrNull[]) => void;
+//# sourceMappingURL=extractNode.d.ts.map

package/dist/utils/extractNode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractNode.d.ts","sourceRoot":"","sources":["../../src/utils/extractNode.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAKtC,MAAM,MAAM,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAC;AACzD,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;AAE5C,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,CAAC,IAAI,EAC/C,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,IAEf,UAAU,qBAAqB,CAAC,CAAC,CAAC,EAAE,OAAO,UAAU,GAAG,UAAU,EAAE,UAS7E"}

package/dist/utils/extractNode.js

@@ -0,0 +1,13 @@
+// Import Internal Dependencies
+import { isNode } from "../types/estree.js";
+export function extractNode(expectedType) {
+    return (callback, nodes) => {
+        const finalNodes = Array.isArray(nodes) ? nodes : [nodes];
+        for (const node of finalNodes) {
+            if (isNode(node) && node.type === expectedType) {
+                callback(node);
+            }
+        }
+    };
+}
+//# sourceMappingURL=extractNode.js.map

package/dist/utils/extractNode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractNode.js","sourceRoot":"","sources":["../../src/utils/extractNode.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAK5C,MAAM,UAAU,WAAW,CACzB,YAAuB;IAEvB,OAAO,CAAC,QAAkC,EAAE,KAAgC,EAAE,EAAE;QAC9E,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAE1D,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAS,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/utils/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./extractNode.js";
+export * from "./isOneLineExpressionExport.js";
+export * from "./notNullOrUndefined.js";
+export * from "./toArrayLocation.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC"}

package/{src/utils/index.ts → dist/utils/index.js}

@@ -2,3 +2,4 @@ export * from "./extractNode.js";
 export * from "./isOneLineExpressionExport.js";
 export * from "./notNullOrUndefined.js";
 export * from "./toArrayLocation.js";
+//# sourceMappingURL=index.js.map

package/dist/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC"}

package/dist/utils/isOneLineExpressionExport.d.ts

@@ -0,0 +1,3 @@
+import type { ESTree } from "meriyah";
+export declare function isOneLineExpressionExport(body: ESTree.Program["body"]): boolean;
+//# sourceMappingURL=isOneLineExpressionExport.d.ts.map

package/dist/utils/isOneLineExpressionExport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isOneLineExpressionExport.d.ts","sourceRoot":"","sources":["../../src/utils/isOneLineExpressionExport.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAKtC,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAC3B,OAAO,CAoBT"}

package/dist/utils/isOneLineExpressionExport.js

@@ -0,0 +1,49 @@
+import { getCallExpressionIdentifier } from "@nodesecure/estree-ast-utils";
+export function isOneLineExpressionExport(body) {
+    if (body.length === 0 || body.length > 1) {
+        return false;
+    }
+    const [firstNode] = body;
+    if (firstNode.type !== "ExpressionStatement") {
+        return false;
+    }
+    switch (firstNode.expression.type) {
+        // module.exports = require('...');
+        case "AssignmentExpression":
+            return exportAssignmentHasRequireLeave(firstNode.expression.right);
+        // require('...');
+        case "CallExpression":
+            return exportAssignmentHasRequireLeave(firstNode.expression);
+        default:
+            return false;
+    }
+}
+function exportAssignmentHasRequireLeave(expr) {
+    if (expr.type === "LogicalExpression") {
+        return atLeastOneBranchHasRequireLeave(expr.left, expr.right);
+    }
+    if (expr.type === "ConditionalExpression") {
+        return atLeastOneBranchHasRequireLeave(expr.consequent, expr.alternate);
+    }
+    if (expr.type === "CallExpression") {
+        return getCallExpressionIdentifier(expr) === "require";
+    }
+    if (expr.type === "MemberExpression") {
+        let rootMember = expr.object;
+        while (rootMember.type === "MemberExpression") {
+            rootMember = rootMember.object;
+        }
+        if (rootMember.type !== "CallExpression") {
+            return false;
+        }
+        return getCallExpressionIdentifier(rootMember) === "require";
+    }
+    return false;
+}
+function atLeastOneBranchHasRequireLeave(left, right) {
+    return [
+        exportAssignmentHasRequireLeave(left),
+        exportAssignmentHasRequireLeave(right)
+    ].some((hasRequire) => hasRequire);
+}
+//# sourceMappingURL=isOneLineExpressionExport.js.map

package/dist/utils/isOneLineExpressionExport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isOneLineExpressionExport.js","sourceRoot":"","sources":["../../src/utils/isOneLineExpressionExport.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,2BAA2B,EAC5B,MAAM,8BAA8B,CAAC;AAEtC,MAAM,UAAU,yBAAyB,CACvC,IAA4B;IAE5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;IACzB,IAAI,SAAS,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,QAAQ,SAAS,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAClC,mCAAmC;QACnC,KAAK,sBAAsB;YACzB,OAAO,+BAA+B,CAAC,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACrE,kBAAkB;QAClB,KAAK,gBAAgB;YACnB,OAAO,+BAA+B,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC/D;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,+BAA+B,CACtC,IAAuB;IAEvB,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACtC,OAAO,+BAA+B,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;QAC1C,OAAO,+BAA+B,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACnC,OAAO,2BAA2B,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC;IACzD,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,IAAI,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;QAC7B,OAAO,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAC9C,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC;QACjC,CAAC;QAED,IAAI,UAAU,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACzC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,2BAA2B,CAAC,UAAU,CAAC,KAAK,SAAS,CAAC;IAC/D,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,+BAA+B,CACtC,IAAuB,EACvB,KAAwB;IAExB,OAAO;QACL,+BAA+B,CAAC,IAAI,CAAC;QACrC,+BAA+B,CAAC,KAAK,CAAC;KACvC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;AACrC,CAAC"}

package/dist/utils/notNullOrUndefined.d.ts

@@ -0,0 +1,2 @@
+export declare function notNullOrUndefined<T = any>(value: T): value is NonNullable<T>;
+//# sourceMappingURL=notNullOrUndefined.d.ts.map

package/dist/utils/notNullOrUndefined.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"notNullOrUndefined.d.ts","sourceRoot":"","sources":["../../src/utils/notNullOrUndefined.ts"],"names":[],"mappings":"AAAA,wBAAgB,kBAAkB,CAAC,CAAC,GAAG,GAAG,EACxC,KAAK,EAAE,CAAC,GACP,KAAK,IAAI,WAAW,CAAC,CAAC,CAAC,CAEzB"}

package/dist/utils/notNullOrUndefined.js

@@ -0,0 +1,4 @@
+export function notNullOrUndefined(value) {
+    return value !== null && value !== void 0;
+}
+//# sourceMappingURL=notNullOrUndefined.js.map

package/dist/utils/notNullOrUndefined.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notNullOrUndefined.js","sourceRoot":"","sources":["../../src/utils/notNullOrUndefined.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,kBAAkB,CAChC,KAAQ;IAER,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,KAAK,CAAC,CAAC;AAC5C,CAAC"}

package/dist/utils/toArrayLocation.d.ts

@@ -0,0 +1,5 @@
+import type { ESTree } from "meriyah";
+export type SourceArrayLocation = [[number, number], [number, number]];
+export declare function rootLocation(): ESTree.SourceLocation;
+export declare function toArrayLocation(location?: ESTree.SourceLocation): SourceArrayLocation;
+//# sourceMappingURL=toArrayLocation.d.ts.map

package/dist/utils/toArrayLocation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toArrayLocation.d.ts","sourceRoot":"","sources":["../../src/utils/toArrayLocation.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEtC,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAEvE,wBAAgB,YAAY,IAAI,MAAM,CAAC,cAAc,CAKpD;AAED,wBAAgB,eAAe,CAC7B,QAAQ,GAAE,MAAM,CAAC,cAA+B,GAC/C,mBAAmB,CAOrB"}

package/dist/utils/toArrayLocation.js

@@ -0,0 +1,14 @@
+export function rootLocation() {
+    return {
+        start: { line: 0, column: 0 },
+        end: { line: 0, column: 0 }
+    };
+}
+export function toArrayLocation(location = rootLocation()) {
+    const { start, end = start } = location;
+    return [
+        [start.line || 0, start.column || 0],
+        [end.line || 0, end.column || 0]
+    ];
+}
+//# sourceMappingURL=toArrayLocation.js.map

package/dist/utils/toArrayLocation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toArrayLocation.js","sourceRoot":"","sources":["../../src/utils/toArrayLocation.ts"],"names":[],"mappings":"AAKA,MAAM,UAAU,YAAY;IAC1B,OAAO;QACL,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;QAC7B,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;KAC5B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,WAAkC,YAAY,EAAE;IAEhD,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,KAAK,EAAE,GAAG,QAAQ,CAAC;IAExC,OAAO;QACL,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;QACpC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC;KACjC,CAAC;AACJ,CAAC"}

package/dist/warnings.d.ts

@@ -0,0 +1,88 @@
+import type { ESTree } from "meriyah";
+import { type SourceArrayLocation } from "./utils/toArrayLocation.js";
+export type OptionalWarningName = "synchronous-io";
+export type WarningName = "parsing-error" | "encoded-literal" | "unsafe-regex" | "unsafe-stmt" | "short-identifiers" | "suspicious-literal" | "suspicious-file" | "obfuscated-code" | "weak-crypto" | "shady-link" | "unsafe-command" | "unsafe-import" | "serialize-environment" | OptionalWarningName;
+export interface Warning<T = WarningName> {
+    kind: T | (string & {});
+    file?: string;
+    value: string | null;
+    source: string;
+    location: null | SourceArrayLocation | SourceArrayLocation[];
+    i18n: string;
+    severity: "Information" | "Warning" | "Critical";
+    experimental?: boolean;
+}
+export declare const warnings: Readonly<{
+    "parsing-error": {
+        i18n: string;
+        severity: "Information";
+    };
+    "unsafe-import": {
+        i18n: string;
+        severity: "Warning";
+    };
+    "unsafe-regex": {
+        i18n: string;
+        severity: "Warning";
+    };
+    "unsafe-stmt": {
+        code: string;
+        i18n: string;
+        severity: "Warning";
+    };
+    "encoded-literal": {
+        i18n: string;
+        severity: "Information";
+    };
+    "short-identifiers": {
+        i18n: string;
+        severity: "Warning";
+    };
+    "suspicious-literal": {
+        i18n: string;
+        severity: "Warning";
+    };
+    "suspicious-file": {
+        i18n: string;
+        severity: "Critical";
+        experimental: false;
+    };
+    "obfuscated-code": {
+        i18n: string;
+        severity: "Critical";
+        experimental: true;
+    };
+    "weak-crypto": {
+        i18n: string;
+        severity: "Information";
+        experimental: false;
+    };
+    "shady-link": {
+        i18n: string;
+        severity: "Warning";
+        experimental: false;
+    };
+    "unsafe-command": {
+        i18n: string;
+        severity: "Warning";
+        experimental: true;
+    };
+    "synchronous-io": {
+        i18n: string;
+        severity: "Warning";
+        experimental: true;
+    };
+    "serialize-environment": {
+        i18n: string;
+        severity: "Warning";
+        experimental: false;
+    };
+}>;
+export interface GenerateWarningOptions {
+    location?: ESTree.SourceLocation | null;
+    file?: string | null;
+    value: string | null;
+    source?: string;
+}
+export declare function generateWarning<T extends WarningName>(kind: T, options: GenerateWarningOptions): Warning<T>;
+//# sourceMappingURL=warnings.d.ts.map

package/dist/warnings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGtC,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,4BAA4B,CAAC;AAGpC,MAAM,MAAM,mBAAmB,GAC3B,gBAAgB,CAAC;AAErB,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,iBAAiB,GACjB,cAAc,GACd,aAAa,GACb,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,iBAAiB,GACjB,aAAa,GACb,YAAY,GACZ,gBAAgB,GAChB,eAAe,GACf,uBAAuB,GACvB,mBAAmB,CAAC;AAExB,MAAM,WAAW,OAAO,CAAC,CAAC,GAAG,WAAW;IACtC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,IAAI,GAAG,mBAAmB,GAAG,mBAAmB,EAAE,CAAC;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC;IACjD,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiEgE,CAAC;AAEtF,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC;IACxC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,eAAe,CAAC,CAAC,SAAS,WAAW,EACnD,IAAI,EAAE,CAAC,EACP,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,CAAC,CAAC,CA0BZ"}

package/dist/warnings.js

@@ -0,0 +1,91 @@
+// Import Internal Dependencies
+import { toArrayLocation, rootLocation } from "./utils/toArrayLocation.js";
+import { notNullOrUndefined } from "./utils/notNullOrUndefined.js";
+export const warnings = Object.freeze({
+    "parsing-error": {
+        i18n: "sast_warnings.parsing_error",
+        severity: "Information"
+    },
+    "unsafe-import": {
+        i18n: "sast_warnings.unsafe_import",
+        severity: "Warning"
+    },
+    "unsafe-regex": {
+        i18n: "sast_warnings.unsafe_regex",
+        severity: "Warning"
+    },
+    "unsafe-stmt": {
+        code: "unsafe-stmt",
+        i18n: "sast_warnings.unsafe_stmt",
+        severity: "Warning"
+    },
+    "encoded-literal": {
+        i18n: "sast_warnings.encoded_literal",
+        severity: "Information"
+    },
+    "short-identifiers": {
+        i18n: "sast_warnings.short_identifiers",
+        severity: "Warning"
+    },
+    "suspicious-literal": {
+        i18n: "sast_warnings.suspicious_literal",
+        severity: "Warning"
+    },
+    "suspicious-file": {
+        i18n: "sast_warnings.suspicious_file",
+        severity: "Critical",
+        experimental: false
+    },
+    "obfuscated-code": {
+        i18n: "sast_warnings.obfuscated_code",
+        severity: "Critical",
+        experimental: true
+    },
+    "weak-crypto": {
+        i18n: "sast_warnings.weak_crypto",
+        severity: "Information",
+        experimental: false
+    },
+    "shady-link": {
+        i18n: "sast_warnings.shady_link",
+        severity: "Warning",
+        experimental: false
+    },
+    "unsafe-command": {
+        i18n: "sast_warnings.unsafe-command",
+        severity: "Warning",
+        experimental: true
+    },
+    "synchronous-io": {
+        i18n: "sast_warnings.synchronous-io",
+        severity: "Warning",
+        experimental: true
+    },
+    "serialize-environment": {
+        i18n: "sast_warnings.serialize-environment",
+        severity: "Warning",
+        experimental: false
+    }
+});
+export function generateWarning(kind, options) {
+    const { file = null, value, source = "JS-X-Ray" } = options;
+    const location = options.location ?? rootLocation();
+    if (kind === "encoded-literal") {
+        return {
+            kind,
+            value,
+            location: [toArrayLocation(location)],
+            source,
+            ...warnings[kind]
+        };
+    }
+    return {
+        kind,
+        location: toArrayLocation(location),
+        source,
+        ...warnings[kind],
+        ...(notNullOrUndefined(file) ? { file } : {}),
+        ...(notNullOrUndefined(value) ? { value } : { value: null })
+    };
+}
+//# sourceMappingURL=warnings.js.map

package/dist/warnings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EACL,eAAe,EACf,YAAY,EAEb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAgCnE,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;IACpC,eAAe,EAAE;QACf,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,aAAa;KACxB;IACD,eAAe,EAAE;QACf,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,SAAS;KACpB;IACD,cAAc,EAAE;QACd,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,SAAS;KACpB;IACD,aAAa,EAAE;QACb,IAAI,EAAE,aAAa;QACnB,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,SAAS;KACpB;IACD,iBAAiB,EAAE;QACjB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,aAAa;KACxB;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,SAAS;KACpB;IACD,oBAAoB,EAAE;QACpB,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,SAAS;KACpB;IACD,iBAAiB,EAAE;QACjB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,UAAU;QACpB,YAAY,EAAE,KAAK;KACpB;IACD,iBAAiB,EAAE;QACjB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,UAAU;QACpB,YAAY,EAAE,IAAI;KACnB;IACD,aAAa,EAAE;QACb,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,aAAa;QACvB,YAAY,EAAE,KAAK;KACpB;IACD,YAAY,EAAE;QACZ,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,KAAK;KACpB;IACD,gBAAgB,EAAE;QAChB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,IAAI;KACnB;IACD,gBAAgB,EAAE;QAChB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,IAAI;KACnB;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,KAAK;KACpB;CACF,CAAoF,CAAC;AAStF,MAAM,UAAU,eAAe,CAC7B,IAAO,EACP,OAA+B;IAE/B,MAAM,EACJ,IAAI,GAAG,IAAI,EACX,KAAK,EACL,MAAM,GAAG,UAAU,EACpB,GAAG,OAAO,CAAC;IACZ,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,EAAE,CAAC;IAEpD,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC/B,OAAO;YACL,IAAI;YACJ,KAAK;YACL,QAAQ,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM;YACN,GAAG,QAAQ,CAAC,IAAI,CAAC;SAClB,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;QACnC,MAAM;QACN,GAAG,QAAQ,CAAC,IAAI,CAAC;QACjB,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;KAC7D,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/js-x-ray",
-  "version": "9.1.0",
+  "version": "9.2.0",
   "description": "JavaScript AST XRay analysis",
   "type": "module",
   "exports": {
@@ -36,10 +36,7 @@
     "security"
   ],
   "files": [
-    "src",
-    "types",
-    "index.js",
-    "index.d.ts"
+    "dist"
   ],
   "author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
   "license": "MIT",
@@ -48,7 +45,7 @@
   },
   "homepage": "https://github.com/NodeSecure/js-x-ray#readme",
   "dependencies": {
-    "@nodesecure/estree-ast-utils": "^4.0.0",
+    "@nodesecure/estree-ast-utils": "^4.1.0",
     "@nodesecure/sec-literal": "^1.2.0",
     "@nodesecure/tracer": "^2.0.0",
     "digraph-js": "^2.2.3",