@nodesecure/scanner 5.3.0 → 6.0.0

package/dist/depWalker.js

@@ -0,0 +1,205 @@
+// Import Node.js Dependencies
+import path from "node:path";
+import { readFileSync, promises as fs } from "node:fs";
+import timers from "node:timers/promises";
+import os from "node:os";
+// Import Third-party Dependencies
+import { Mutex, MutexRelease } from "@openally/mutex";
+import { scanDirOrArchive } from "@nodesecure/tarball";
+import * as vuln from "@nodesecure/vuln";
+import { npm } from "@nodesecure/tree-walker";
+// Import Internal Dependencies
+import { getDependenciesWarnings, addMissingVersionFlags } from "./utils/index.js";
+import { packageMetadata, manifestMetadata } from "./npmRegistry.js";
+import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
+// CONSTANTS
+const kDefaultDependencyVersionFields = {
+    description: "",
+    size: 0,
+    author: null,
+    engines: {},
+    scripts: {},
+    licenses: [],
+    uniqueLicenseIds: [],
+    composition: {
+        extensions: [],
+        files: [],
+        minified: [],
+        unused: [],
+        missing: [],
+        required_files: [],
+        required_nodejs: [],
+        required_thirdparty: [],
+        required_subpath: []
+    }
+};
+const kDefaultDependencyMetadata = {
+    publishedCount: 0,
+    lastUpdateAt: new Date(),
+    lastVersion: "N/A",
+    hasChangedAuthor: false,
+    hasManyPublishers: false,
+    hasReceivedUpdateInOneYear: true,
+    homepage: null,
+    author: null,
+    publishers: [],
+    maintainers: [],
+    integrity: {}
+};
+const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
+export async function depWalker(manifest, options, logger = new Logger()) {
+    const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = vuln.strategies.NONE, registry } = options;
+    // Create TMP directory
+    const tmpLocation = await fs.mkdtemp(path.join(os.tmpdir(), "/"));
+    const payload = {
+        id: tmpLocation.slice(-6),
+        rootDependencyName: manifest.name,
+        scannerVersion: packageVersion,
+        vulnerabilityStrategy,
+        warnings: []
+    };
+    const dependencies = new Map();
+    const npmTreeWalker = new npm.TreeWalker({
+        registry
+    });
+    {
+        logger
+            .start(ScannerLoggerEvents.analysis.tree)
+            .start(ScannerLoggerEvents.analysis.tarball)
+            .start(ScannerLoggerEvents.analysis.registry);
+        const fetchedMetadataPackages = new Set();
+        const operationsQueue = [];
+        const locker = new Mutex({ concurrency: 5 });
+        locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
+        const rootDepsOptions = {
+            maxDepth,
+            includeDevDeps,
+            packageLock
+        };
+        for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
+            const { name, version, ...currentVersion } = current;
+            const dependency = {
+                versions: {
+                    [version]: {
+                        ...currentVersion,
+                        ...structuredClone(kDefaultDependencyVersionFields)
+                    }
+                },
+                vulnerabilities: [],
+                metadata: structuredClone(kDefaultDependencyMetadata)
+            };
+            let proceedDependencyScan = true;
+            if (dependencies.has(name)) {
+                const dep = dependencies.get(name);
+                operationsQueue.push(manifestMetadata(name, version, dep));
+                if (version in dep.versions) {
+                    // The dependency has already entered the analysis
+                    // This happens if the package is used by multiple packages in the tree
+                    proceedDependencyScan = false;
+                }
+                else {
+                    dep.versions[version] = dependency.versions[version];
+                }
+            }
+            else {
+                dependencies.set(name, dependency);
+            }
+            // If the dependency is a DevDependencies we ignore it.
+            if (current.isDevDependency || !proceedDependencyScan) {
+                continue;
+            }
+            logger.tick(ScannerLoggerEvents.analysis.tree);
+            // There is no need to fetch 'N' times the npm metadata for the same package.
+            if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
+                logger.tick(ScannerLoggerEvents.analysis.registry);
+            }
+            else {
+                fetchedMetadataPackages.add(name);
+                operationsQueue.push(packageMetadata(name, version, {
+                    dependency,
+                    logger
+                }));
+            }
+            const scanDirOptions = {
+                ref: dependency.versions[version],
+                location,
+                tmpLocation: scanRootNode && name === manifest.name ? null : tmpLocation,
+                registry
+            };
+            operationsQueue.push(scanDirOrArchiveEx(name, version, locker, scanDirOptions));
+        }
+        logger.end(ScannerLoggerEvents.analysis.tree);
+        await Promise.allSettled(operationsQueue);
+        await timers.setImmediate();
+        logger
+            .end(ScannerLoggerEvents.analysis.tarball)
+            .end(ScannerLoggerEvents.analysis.registry);
+    }
+    const { hydratePayloadDependencies, strategy } = await vuln.setStrategy(vulnerabilityStrategy);
+    await hydratePayloadDependencies(dependencies, {
+        useStandardFormat: true,
+        path: location
+    });
+    payload.vulnerabilityStrategy = strategy;
+    // We do this because it "seem" impossible to link all dependencies in the first walk.
+    // Because we are dealing with package only one time it may happen sometimes.
+    const globalWarnings = [];
+    for (const [packageName, dependency] of dependencies) {
+        const metadataIntegrities = dependency.metadata?.integrity ?? {};
+        for (const [version, integrity] of Object.entries(metadataIntegrities)) {
+            const dependencyVer = dependency.versions[version];
+            // @ts-ignore
+            const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
+            if (isEmptyPackage) {
+                globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
+            }
+            if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
+                continue;
+            }
+            if (dependencyVer.integrity !== integrity) {
+                globalWarnings.push(`${packageName}@${version} manifest & tarball integrity doesn't match!`);
+            }
+        }
+        for (const version of Object.entries(dependency.versions)) {
+            const [verStr, verDescriptor] = version;
+            verDescriptor.flags.push(...addMissingVersionFlags(new Set(verDescriptor.flags), dependency));
+            const usedDeps = npmTreeWalker.relationsMap.get(`${packageName}@${verStr}`) || new Set();
+            if (usedDeps.size === 0) {
+                continue;
+            }
+            const usedBy = Object.create(null);
+            for (const [name, version] of [...usedDeps].map((name) => name.split("@"))) {
+                usedBy[name] = version;
+            }
+            Object.assign(verDescriptor.usedBy, usedBy);
+        }
+    }
+    try {
+        const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts);
+        payload.warnings = globalWarnings.concat(warnings);
+        payload.highlighted = {
+            contacts: illuminated
+        };
+        payload.dependencies = Object.fromEntries(dependencies);
+        return payload;
+    }
+    finally {
+        await timers.setImmediate();
+        await fs.rm(tmpLocation, { recursive: true, force: true });
+        logger.emit(ScannerLoggerEvents.done);
+    }
+}
+// eslint-disable-next-line max-params
+async function scanDirOrArchiveEx(name, version, locker, options) {
+    const free = await locker.acquire();
+    try {
+        await scanDirOrArchive(name, version, options);
+    }
+    catch {
+        // ignore
+    }
+    finally {
+        free();
+    }
+}
+//# sourceMappingURL=depWalker.js.map

package/dist/depWalker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,MAAM,MAAM,sBAAsB,CAAC;AAC1C,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAgC,MAAM,qBAAqB,CAAC;AACrF,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAG9C,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EAAE,sBAAsB,EAChD,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAQtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuC,EACvC,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAC5C,QAAQ,EACT,GAAG,OAAO,CAAC;IAEZ,uBAAuB;IACvB,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GAAqB;QAChC,EAAE,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,kBAAkB,EAAE,QAAQ,CAAC,IAAI;QACjC,cAAc,EAAE,cAAc;QAC9B,qBAAqB;QACrB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;QACvC,QAAQ;KACT,CAAC,CAAC;IACH,CAAC;QACC,MAAM;aACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;aACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;QAEF,MAAM,eAAe,GAAoB;YACvC,QAAQ;YACR,cAAc;YACd,WAAW;SACZ,CAAC;QACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;YAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;YACrD,MAAM,UAAU,GAAe;gBAC7B,QAAQ,EAAE;oBACR,CAAC,OAAO,CAAC,EAAE;wBACT,GAAG,cAAc;wBACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;qBACpD;iBACF;gBACD,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;aACtD,CAAC;YAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;YACjC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;gBACpC,eAAe,CAAC,IAAI,CAClB,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CACrC,CAAC;gBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAC5B,kDAAkD;oBAClD,uEAAuE;oBACvE,qBAAqB,GAAG,KAAK,CAAC;gBAChC,CAAC;qBACI,CAAC;oBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;iBACI,CAAC;gBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YACrC,CAAC;YAED,uDAAuD;YACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBACtD,SAAS;YACX,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE/C,6EAA6E;YAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC;iBACI,CAAC;gBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAClC,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE;oBAClD,UAAU;oBACV,MAAM;iBACP,CAAC,CAAC,CAAC;YACN,CAAC;YAED,MAAM,cAAc,GAAG;gBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;gBACxC,QAAQ;gBACR,WAAW,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW;gBACxE,QAAQ;aACT,CAAC;YACF,eAAe,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAE5B,MAAM;aACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC;IAC/F,MAAM,0BAA0B,CAAC,YAAmB,EAAE;QACpD,iBAAiB,EAAE,IAAI;QACvB,IAAI,EAAE,QAAQ;KACf,CAAC,CAAC;IAEH,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;IAEzC,sFAAsF;IACtF,6EAA6E;IAC7E,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;QACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;YAExE,aAAa;YACb,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;YAClG,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,oCAAoC,CAAC,CAAC;YACrF,CAAC;YAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,SAAS;YACX,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1C,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,8CAA8C,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;YACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;YAEF,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACzB,CAAC;YACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,CAAC,WAAW,GAAG;YACpB,QAAQ,EAAE,WAAW;SACtB,CAAC;QACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAExD,OAAO,OAAkB,CAAC;IAC5B,CAAC;YACO,CAAC;QACP,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3D,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAgC;IAEhC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;YACO,CAAC;QACP,IAAI,EAAE,CAAC;IACT,CAAC;AACH,CAAC"}

package/dist/i18n/english.d.ts

@@ -0,0 +1,9 @@
+declare namespace _default {
+    export { scanner };
+}
+export default _default;
+declare namespace scanner {
+    let disable_scarf: string;
+    let keylogging: string;
+}
+//# sourceMappingURL=english.d.ts.map

package/dist/i18n/english.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"english.d.ts","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":""}

package/dist/i18n/english.js

@@ -0,0 +1,6 @@
+const scanner = {
+    disable_scarf: "This dependency could collect data against your consent so think to disable it with the env var: SCARF_ANALYTICS",
+    keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares."
+};
+export default { scanner };
+//# sourceMappingURL=english.js.map

package/dist/i18n/english.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;CAC7H,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}

package/dist/i18n/french.d.ts

@@ -0,0 +1,9 @@
+declare namespace _default {
+    export { scanner };
+}
+export default _default;
+declare namespace scanner {
+    let disable_scarf: string;
+    let keylogging: string;
+}
+//# sourceMappingURL=french.d.ts.map

package/dist/i18n/french.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"french.d.ts","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":""}

package/dist/i18n/french.js

@@ -0,0 +1,6 @@
+const scanner = {
+    disable_scarf: "Cette dépendance peut récolter des données contre votre volonté, pensez donc à la désactiver en fournissant la variable d'environnement SCARF_ANALYTICS",
+    keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares."
+};
+export default { scanner };
+//# sourceMappingURL=french.js.map

package/dist/i18n/french.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;CAC7J,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+import * as tarball from "@nodesecure/tarball";
+import { depWalker } from "./depWalker.js";
+import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
+import { comparePayloads } from "./comparePayloads.js";
+import type { Options } from "./types.js";
+export * from "./types.js";
+export declare function cwd(location?: string, options?: Options, logger?: Logger): Promise<import("./types.js").Payload>;
+export declare function from(packageName: string, options?: Omit<Options, "includeDevDeps">, logger?: Logger): Promise<import("./types.js").Payload>;
+export declare function verify(packageName?: string): Promise<tarball.ScannedPackageResult>;
+export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAI/C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAS1C,cAAc,YAAY,CAAC;AAE3B,wBAAsB,GAAG,CACvB,QAAQ,SAAgB,EACxB,OAAO,GAAE,OAAY,EACrB,MAAM,SAAe,yCAyBtB;AAED,wBAAsB,IAAI,CACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAM,EAC7C,MAAM,SAAe,yCAkBtB;AAED,wBAAsB,MAAM,CAC1B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAuBvC;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}

package/dist/index.js

@@ -0,0 +1,68 @@
+// Import Node.js Dependencies
+import path from "node:path";
+import fs from "node:fs/promises";
+import timers from "node:timers/promises";
+import os from "node:os";
+// Import Third-party Dependencies
+import pacote from "pacote";
+import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
+import * as tarball from "@nodesecure/tarball";
+// Import Internal Dependencies
+import { depWalker } from "./depWalker.js";
+import { NPM_TOKEN, urlToString } from "./utils/index.js";
+import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
+import { comparePayloads } from "./comparePayloads.js";
+// CONSTANTS
+const kDefaultCwdOptions = {
+    forceRootAnalysis: true,
+    usePackageLock: true,
+    includeDevDeps: false
+};
+export * from "./types.js";
+export async function cwd(location = process.cwd(), options = {}, logger = new Logger()) {
+    const registry = options.registry ?
+        urlToString(options.registry) :
+        getLocalRegistryURL();
+    const finalizedOptions = Object.assign({ location }, kDefaultCwdOptions, {
+        ...options,
+        registry
+    });
+    logger.start(ScannerLoggerEvents.manifest.read);
+    const packagePath = path.join(location, "package.json");
+    const str = await fs.readFile(packagePath, "utf-8");
+    logger.end(ScannerLoggerEvents.manifest.read);
+    return depWalker(JSON.parse(str), finalizedOptions, logger);
+}
+export async function from(packageName, options = {}, logger = new Logger()) {
+    const registry = options.registry ?
+        urlToString(options.registry) :
+        getLocalRegistryURL();
+    logger.start(ScannerLoggerEvents.manifest.fetch);
+    const manifest = await pacote.manifest(packageName, {
+        ...NPM_TOKEN, registry, cache: `${os.homedir()}/.npm`
+    });
+    logger.end(ScannerLoggerEvents.manifest.fetch);
+    return depWalker(
+    // FIX: find a way to merge pacote & registry interfaces
+    manifest, Object.assign(options, { registry }), logger);
+}
+export async function verify(packageName) {
+    if (typeof packageName === "undefined") {
+        return tarball.scanPackage(process.cwd());
+    }
+    const tmpLocation = await fs.mkdtemp(path.join(os.tmpdir(), "nsecure-"));
+    const dest = path.join(tmpLocation, packageName);
+    try {
+        await pacote.extract(packageName, dest, {
+            ...NPM_TOKEN, registry: getLocalRegistryURL(), cache: `${os.homedir()}/.npm`
+        });
+        const scanResult = await tarball.scanPackage(dest, packageName);
+        return scanResult;
+    }
+    finally {
+        await timers.setImmediate();
+        await fs.rm(tmpLocation, { recursive: true, force: true });
+    }
+}
+export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,MAAM,MAAM,sBAAsB,CAAC;AAC1C,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,YAAY;AACZ,MAAM,kBAAkB,GAAG;IACzB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,IAAI;IACpB,cAAc,EAAE,KAAK;CACtB,CAAC;AAEF,cAAc,YAAY,CAAC;AAE3B,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAmB,EAAE,EACrB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CACpC,EAAE,QAAQ,EAAE,EACZ,kBAAkB,EAClB;QACE,GAAG,OAAO;QACV,QAAQ;KACT,CACF,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9C,OAAO,SAAS,CACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,EAC9B,gBAAgB,EAChB,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,WAAmB,EACnB,UAA2C,EAAE,EAC7C,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE;QAClD,GAAG,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;KACtD,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE/C,OAAO,SAAS;IACd,wDAAwD;IACxD,QAAsC,EACtC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EACpC,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,WAAoB;IAEpB,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;QACvC,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAClC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CACnC,CAAC;IACF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,EAAE;YACtC,GAAG,SAAS,EAAE,QAAQ,EAAE,mBAAmB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;SAC7E,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAEhE,OAAO,UAAU,CAAC;IACpB,CAAC;YACO,CAAC;QACP,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}

package/dist/npmRegistry.d.ts

@@ -0,0 +1,9 @@
+import { Logger } from "./class/logger.class.js";
+import type { Dependency } from "./types.js";
+export declare function manifestMetadata(name: string, version: string, dependency: any): Promise<void>;
+export interface PackageMetadataOptions {
+    logger: Logger;
+    dependency: Dependency;
+}
+export declare function packageMetadata(name: string, version: string, options: PackageMetadataOptions): Promise<void>;
+//# sourceMappingURL=npmRegistry.d.ts.map

package/dist/npmRegistry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"npmRegistry.d.ts","sourceRoot":"","sources":["../src/npmRegistry.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,KAAK,EAGV,UAAU,EACX,MAAM,YAAY,CAAC;AAEpB,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,GAAG,iBAuBhB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,IAAI,CAAC,CAqFf"}

package/dist/npmRegistry.js

@@ -0,0 +1,125 @@
+// Import Third-party Dependencies
+import semver from "semver";
+import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
+import { packageJSONIntegrityHash } from "@nodesecure/mama";
+// Import Internal Dependencies
+import { getLinks } from "./utils/index.js";
+import { Logger } from "./class/logger.class.js";
+export async function manifestMetadata(name, version, dependency) {
+    try {
+        const pkgVersion = await npmRegistrySDK.packumentVersion(name, version);
+        const integrity = packageJSONIntegrityHash(pkgVersion, {
+            isFromRemoteRegistry: true
+        });
+        Object.assign(dependency.versions[version], {
+            links: getLinks(pkgVersion)
+        });
+        dependency.metadata.integrity[version] = integrity;
+    }
+    catch {
+        // Ignore
+    }
+}
+export async function packageMetadata(name, version, options) {
+    const { dependency, logger } = options;
+    const spec = `${name}:${version}`;
+    try {
+        const pkg = await npmRegistrySDK.packument(name);
+        const oneYearFromToday = new Date();
+        oneYearFromToday.setFullYear(oneYearFromToday.getFullYear() - 1);
+        const lastVersion = pkg["dist-tags"].latest;
+        const lastUpdateAt = new Date(pkg.time[lastVersion]);
+        const metadata = {
+            author: pkg.author ?? null,
+            homepage: pkg.homepage || null,
+            publishedCount: Object.values(pkg.versions).length,
+            lastVersion,
+            lastUpdateAt,
+            hasReceivedUpdateInOneYear: !(oneYearFromToday > lastUpdateAt),
+            hasManyPublishers: false,
+            hasChangedAuthor: false,
+            maintainers: pkg.maintainers ?? [],
+            publishers: [],
+            integrity: {}
+        };
+        const isOutdated = semver.neq(version, lastVersion);
+        const flags = dependency.versions[version].flags;
+        if (isOutdated) {
+            flags.push("isOutdated");
+        }
+        const publishers = new Set();
+        let searchForMaintainersInVersions = metadata.maintainers.length === 0;
+        for (const ver of Object.values(pkg.versions).reverse()) {
+            if (spec === `${ver.name}:${ver.version}`) {
+                if ("deprecated" in ver && !flags.includes("isDeprecated")) {
+                    flags.push("isDeprecated");
+                }
+                metadata.integrity[ver.version] = packageJSONIntegrityHash(ver, { isFromRemoteRegistry: true });
+            }
+            const { _npmUser = null, version, maintainers = [] } = ver;
+            if (_npmUser !== null) {
+                const authorName = metadata.author?.name ?? null;
+                if (authorName === null) {
+                    metadata.author = _npmUser;
+                }
+                else if (authorName !== null && _npmUser.name !== authorName) {
+                    metadata.hasManyPublishers = true;
+                }
+                if (!publishers.has(_npmUser.name)) {
+                    publishers.add(_npmUser.name);
+                    metadata.publishers.push({
+                        ..._npmUser,
+                        version,
+                        at: new Date(pkg.time[version]).toISOString()
+                    });
+                }
+            }
+            if (searchForMaintainersInVersions) {
+                metadata.maintainers.push(...maintainers);
+                searchForMaintainersInVersions = false;
+            }
+        }
+        await addNpmAvatar(metadata);
+        Object.assign(dependency.versions[version], { links: getLinks(pkg.versions[version]) });
+        dependency.metadata = metadata;
+    }
+    catch {
+        // ignore
+    }
+    finally {
+        logger.tick("registry");
+    }
+}
+async function addNpmAvatar(metadata) {
+    const contributors = [
+        ...metadata.maintainers,
+        ...metadata.publishers
+    ];
+    if (metadata.author !== null) {
+        contributors.push(metadata.author);
+    }
+    const emailToAvatar = {};
+    const promises = contributors.map((contributor) => {
+        if (contributor.email && emailToAvatar[contributor.email]) {
+            contributor.npmAvatar = emailToAvatar[contributor.email];
+            return Promise.resolve();
+        }
+        return npmRegistrySDK.user(contributor.name, { perPage: 1 })
+            .then((profile) => {
+            contributor.npmAvatar = profile.avatars.small;
+            if (contributor.email && contributor.npmAvatar) {
+                emailToAvatar[contributor.email] = contributor.npmAvatar;
+            }
+        }).catch(() => {
+            contributor.npmAvatar = undefined;
+        });
+    });
+    await Promise.all(promises);
+    // back fill npmAvatar if any name property was not npm username in first pass
+    for (const contributor of contributors) {
+        if (!contributor.npmAvatar && contributor.email && emailToAvatar[contributor.email]) {
+            contributor.npmAvatar = emailToAvatar[contributor.email];
+        }
+    }
+}
+//# sourceMappingURL=npmRegistry.js.map

package/dist/npmRegistry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npmRegistry.js","sourceRoot":"","sources":["../src/npmRegistry.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,+BAA+B;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAOjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAY,EACZ,OAAe,EACf,UAAe;IAEf,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,gBAAgB,CACtD,IAAI,EACJ,OAAO,CACR,CAAC;QAEF,MAAM,SAAS,GAAG,wBAAwB,CAAC,UAAU,EAAE;YACrD,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC5B;YACE,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;SAC5B,CACF,CAAC;QAEF,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;IACrD,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;AACH,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAe,EACf,OAA+B;IAE/B,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEjD,MAAM,gBAAgB,GAAG,IAAI,IAAI,EAAE,CAAC;QACpC,gBAAgB,CAAC,WAAW,CAAC,gBAAgB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;QAEjE,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAE,CAAC,CAAC;QACtD,MAAM,QAAQ,GAA2B;YACvC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,IAAI;YAC1B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM;YAClD,WAAW;YACX,YAAY;YACZ,0BAA0B,EAAE,CAAC,CAAC,gBAAgB,GAAG,YAAY,CAAC;YAC9D,iBAAiB,EAAE,KAAK;YACxB,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;YAClC,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAE,CAAC,KAAK,CAAC;QAClD,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,IAAI,8BAA8B,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QACvE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,IAAI,IAAI,KAAK,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAY,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC3D,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC7B,CAAC;gBAED,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,wBAAwB,CACxD,GAAG,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,CACpC,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,OAAO,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,GAAG,CAAC;YAE3D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtB,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI,CAAC;gBACjD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;oBACxB,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC;gBAC7B,CAAC;qBACI,IAAI,UAAU,KAAK,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC7D,QAAQ,CAAC,iBAAiB,GAAG,IAAI,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBAC9B,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC;wBACvB,GAAG,QAAQ;wBACX,OAAO;wBACP,EAAE,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE;qBAC9C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,8BAA8B,EAAE,CAAC;gBACnC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;gBAC1C,8BAA8B,GAAG,KAAK,CAAC;YACzC,CAAC;QACH,CAAC;QAED,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAE,EAC7B,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAE,CAAC,EAAE,CAC5C,CAAC;QACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACjC,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;YACO,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,QAAgC;IAEhC,MAAM,YAAY,GAA+B;QAC/C,GAAG,QAAQ,CAAC,WAAW;QACvB,GAAG,QAAQ,CAAC,UAAU;KACvB,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,aAAa,GAA2B,EAAE,CAAC;IAEjD,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;QAChD,IAAI,WAAW,CAAC,KAAK,IAAI,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,WAAW,CAAC,SAAS,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEzD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;aACzD,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAChB,WAAW,CAAC,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;YAC9C,IAAI,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBAC/C,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,SAAS,CAAC;YAC3D,CAAC;QACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,WAAW,CAAC,SAAS,GAAG,SAAS,CAAC;QACpC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE5B,8EAA8E;IAC9E,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,KAAK,IAAI,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACpF,WAAW,CAAC,SAAS,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC"}