npm - @oculum/scanner - Versions diffs - 1.0.0 - Mend

@oculum/scanner 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (281) hide show

package/dist/formatters/cli-terminal.d.ts +27 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -0
package/dist/formatters/cli-terminal.js +412 -0
package/dist/formatters/cli-terminal.js.map +1 -0
package/dist/formatters/github-comment.d.ts +41 -0
package/dist/formatters/github-comment.d.ts.map +1 -0
package/dist/formatters/github-comment.js +306 -0
package/dist/formatters/github-comment.js.map +1 -0
package/dist/formatters/grouping.d.ts +52 -0
package/dist/formatters/grouping.d.ts.map +1 -0
package/dist/formatters/grouping.js +152 -0
package/dist/formatters/grouping.js.map +1 -0
package/dist/formatters/index.d.ts +9 -0
package/dist/formatters/index.d.ts.map +1 -0
package/dist/formatters/index.js +35 -0
package/dist/formatters/index.js.map +1 -0
package/dist/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/formatters/vscode-diagnostic.js +151 -0
package/dist/formatters/vscode-diagnostic.js.map +1 -0
package/dist/index.d.ts +52 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +648 -0
package/dist/index.js.map +1 -0
package/dist/layer1/comments.d.ts +8 -0
package/dist/layer1/comments.d.ts.map +1 -0
package/dist/layer1/comments.js +203 -0
package/dist/layer1/comments.js.map +1 -0
package/dist/layer1/config-audit.d.ts +8 -0
package/dist/layer1/config-audit.d.ts.map +1 -0
package/dist/layer1/config-audit.js +252 -0
package/dist/layer1/config-audit.js.map +1 -0
package/dist/layer1/entropy.d.ts +8 -0
package/dist/layer1/entropy.d.ts.map +1 -0
package/dist/layer1/entropy.js +500 -0
package/dist/layer1/entropy.js.map +1 -0
package/dist/layer1/file-flags.d.ts +7 -0
package/dist/layer1/file-flags.d.ts.map +1 -0
package/dist/layer1/file-flags.js +112 -0
package/dist/layer1/file-flags.js.map +1 -0
package/dist/layer1/index.d.ts +36 -0
package/dist/layer1/index.d.ts.map +1 -0
package/dist/layer1/index.js +132 -0
package/dist/layer1/index.js.map +1 -0
package/dist/layer1/patterns.d.ts +8 -0
package/dist/layer1/patterns.d.ts.map +1 -0
package/dist/layer1/patterns.js +482 -0
package/dist/layer1/patterns.js.map +1 -0
package/dist/layer1/urls.d.ts +8 -0
package/dist/layer1/urls.d.ts.map +1 -0
package/dist/layer1/urls.js +296 -0
package/dist/layer1/urls.js.map +1 -0
package/dist/layer1/weak-crypto.d.ts +7 -0
package/dist/layer1/weak-crypto.d.ts.map +1 -0
package/dist/layer1/weak-crypto.js +291 -0
package/dist/layer1/weak-crypto.js.map +1 -0
package/dist/layer2/ai-agent-tools.d.ts +19 -0
package/dist/layer2/ai-agent-tools.d.ts.map +1 -0
package/dist/layer2/ai-agent-tools.js +528 -0
package/dist/layer2/ai-agent-tools.js.map +1 -0
package/dist/layer2/ai-endpoint-protection.d.ts +36 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -0
package/dist/layer2/ai-endpoint-protection.js +332 -0
package/dist/layer2/ai-endpoint-protection.js.map +1 -0
package/dist/layer2/ai-execution-sinks.d.ts +18 -0
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -0
package/dist/layer2/ai-execution-sinks.js +496 -0
package/dist/layer2/ai-execution-sinks.js.map +1 -0
package/dist/layer2/ai-fingerprinting.d.ts +7 -0
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -0
package/dist/layer2/ai-fingerprinting.js +654 -0
package/dist/layer2/ai-fingerprinting.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts +19 -0
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -0
package/dist/layer2/ai-prompt-hygiene.js +356 -0
package/dist/layer2/ai-prompt-hygiene.js.map +1 -0
package/dist/layer2/ai-rag-safety.d.ts +21 -0
package/dist/layer2/ai-rag-safety.d.ts.map +1 -0
package/dist/layer2/ai-rag-safety.js +459 -0
package/dist/layer2/ai-rag-safety.js.map +1 -0
package/dist/layer2/ai-schema-validation.d.ts +25 -0
package/dist/layer2/ai-schema-validation.d.ts.map +1 -0
package/dist/layer2/ai-schema-validation.js +375 -0
package/dist/layer2/ai-schema-validation.js.map +1 -0
package/dist/layer2/auth-antipatterns.d.ts +20 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -0
package/dist/layer2/auth-antipatterns.js +333 -0
package/dist/layer2/auth-antipatterns.js.map +1 -0
package/dist/layer2/byok-patterns.d.ts +12 -0
package/dist/layer2/byok-patterns.d.ts.map +1 -0
package/dist/layer2/byok-patterns.js +299 -0
package/dist/layer2/byok-patterns.js.map +1 -0
package/dist/layer2/dangerous-functions.d.ts +7 -0
package/dist/layer2/dangerous-functions.d.ts.map +1 -0
package/dist/layer2/dangerous-functions.js +1375 -0
package/dist/layer2/dangerous-functions.js.map +1 -0
package/dist/layer2/data-exposure.d.ts +16 -0
package/dist/layer2/data-exposure.d.ts.map +1 -0
package/dist/layer2/data-exposure.js +279 -0
package/dist/layer2/data-exposure.js.map +1 -0
package/dist/layer2/framework-checks.d.ts +7 -0
package/dist/layer2/framework-checks.d.ts.map +1 -0
package/dist/layer2/framework-checks.js +388 -0
package/dist/layer2/framework-checks.js.map +1 -0
package/dist/layer2/index.d.ts +58 -0
package/dist/layer2/index.d.ts.map +1 -0
package/dist/layer2/index.js +380 -0
package/dist/layer2/index.js.map +1 -0
package/dist/layer2/logic-gates.d.ts +7 -0
package/dist/layer2/logic-gates.d.ts.map +1 -0
package/dist/layer2/logic-gates.js +182 -0
package/dist/layer2/logic-gates.js.map +1 -0
package/dist/layer2/risky-imports.d.ts +7 -0
package/dist/layer2/risky-imports.d.ts.map +1 -0
package/dist/layer2/risky-imports.js +161 -0
package/dist/layer2/risky-imports.js.map +1 -0
package/dist/layer2/variables.d.ts +8 -0
package/dist/layer2/variables.d.ts.map +1 -0
package/dist/layer2/variables.js +152 -0
package/dist/layer2/variables.js.map +1 -0
package/dist/layer3/anthropic.d.ts +83 -0
package/dist/layer3/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic.js +1745 -0
package/dist/layer3/anthropic.js.map +1 -0
package/dist/layer3/index.d.ts +24 -0
package/dist/layer3/index.d.ts.map +1 -0
package/dist/layer3/index.js +119 -0
package/dist/layer3/index.js.map +1 -0
package/dist/layer3/openai.d.ts +25 -0
package/dist/layer3/openai.d.ts.map +1 -0
package/dist/layer3/openai.js +238 -0
package/dist/layer3/openai.js.map +1 -0
package/dist/layer3/package-check.d.ts +63 -0
package/dist/layer3/package-check.d.ts.map +1 -0
package/dist/layer3/package-check.js +508 -0
package/dist/layer3/package-check.js.map +1 -0
package/dist/modes/incremental.d.ts +66 -0
package/dist/modes/incremental.d.ts.map +1 -0
package/dist/modes/incremental.js +200 -0
package/dist/modes/incremental.js.map +1 -0
package/dist/tiers.d.ts +125 -0
package/dist/tiers.d.ts.map +1 -0
package/dist/tiers.js +234 -0
package/dist/tiers.js.map +1 -0
package/dist/types.d.ts +175 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +50 -0
package/dist/types.js.map +1 -0
package/dist/utils/auth-helper-detector.d.ts +56 -0
package/dist/utils/auth-helper-detector.d.ts.map +1 -0
package/dist/utils/auth-helper-detector.js +360 -0
package/dist/utils/auth-helper-detector.js.map +1 -0
package/dist/utils/context-helpers.d.ts +96 -0
package/dist/utils/context-helpers.d.ts.map +1 -0
package/dist/utils/context-helpers.js +493 -0
package/dist/utils/context-helpers.js.map +1 -0
package/dist/utils/diff-detector.d.ts +53 -0
package/dist/utils/diff-detector.d.ts.map +1 -0
package/dist/utils/diff-detector.js +104 -0
package/dist/utils/diff-detector.js.map +1 -0
package/dist/utils/diff-parser.d.ts +80 -0
package/dist/utils/diff-parser.d.ts.map +1 -0
package/dist/utils/diff-parser.js +202 -0
package/dist/utils/diff-parser.js.map +1 -0
package/dist/utils/imported-auth-detector.d.ts +37 -0
package/dist/utils/imported-auth-detector.d.ts.map +1 -0
package/dist/utils/imported-auth-detector.js +251 -0
package/dist/utils/imported-auth-detector.js.map +1 -0
package/dist/utils/middleware-detector.d.ts +55 -0
package/dist/utils/middleware-detector.d.ts.map +1 -0
package/dist/utils/middleware-detector.js +260 -0
package/dist/utils/middleware-detector.js.map +1 -0
package/dist/utils/oauth-flow-detector.d.ts +41 -0
package/dist/utils/oauth-flow-detector.d.ts.map +1 -0
package/dist/utils/oauth-flow-detector.js +202 -0
package/dist/utils/oauth-flow-detector.js.map +1 -0
package/dist/utils/path-exclusions.d.ts +55 -0
package/dist/utils/path-exclusions.d.ts.map +1 -0
package/dist/utils/path-exclusions.js +222 -0
package/dist/utils/path-exclusions.js.map +1 -0
package/dist/utils/project-context-builder.d.ts +119 -0
package/dist/utils/project-context-builder.d.ts.map +1 -0
package/dist/utils/project-context-builder.js +534 -0
package/dist/utils/project-context-builder.js.map +1 -0
package/dist/utils/registry-clients.d.ts +93 -0
package/dist/utils/registry-clients.d.ts.map +1 -0
package/dist/utils/registry-clients.js +273 -0
package/dist/utils/registry-clients.js.map +1 -0
package/dist/utils/trpc-analyzer.d.ts +78 -0
package/dist/utils/trpc-analyzer.d.ts.map +1 -0
package/dist/utils/trpc-analyzer.js +297 -0
package/dist/utils/trpc-analyzer.js.map +1 -0
package/package.json +45 -0
package/src/__tests__/benchmark/fixtures/false-positives.ts +227 -0
package/src/__tests__/benchmark/fixtures/index.ts +68 -0
package/src/__tests__/benchmark/fixtures/layer1/config-audit.ts +364 -0
package/src/__tests__/benchmark/fixtures/layer1/hardcoded-secrets.ts +173 -0
package/src/__tests__/benchmark/fixtures/layer1/high-entropy.ts +234 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +31 -0
package/src/__tests__/benchmark/fixtures/layer1/sensitive-urls.ts +90 -0
package/src/__tests__/benchmark/fixtures/layer1/weak-crypto.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-agent-tools.ts +170 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-endpoint-protection.ts +418 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +189 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-fingerprinting.ts +316 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +178 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +184 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-schema-validation.ts +434 -0
package/src/__tests__/benchmark/fixtures/layer2/auth-antipatterns.ts +159 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +112 -0
package/src/__tests__/benchmark/fixtures/layer2/dangerous-functions.ts +246 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +168 -0
package/src/__tests__/benchmark/fixtures/layer2/framework-checks.ts +346 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +67 -0
package/src/__tests__/benchmark/fixtures/layer2/injection-vulnerabilities.ts +239 -0
package/src/__tests__/benchmark/fixtures/layer2/logic-gates.ts +246 -0
package/src/__tests__/benchmark/fixtures/layer2/risky-imports.ts +231 -0
package/src/__tests__/benchmark/fixtures/layer2/variables.ts +167 -0
package/src/__tests__/benchmark/index.ts +29 -0
package/src/__tests__/benchmark/run-benchmark.ts +144 -0
package/src/__tests__/benchmark/run-depth-validation.ts +206 -0
package/src/__tests__/benchmark/run-real-world-test.ts +243 -0
package/src/__tests__/benchmark/security-benchmark-script.ts +1737 -0
package/src/__tests__/benchmark/tier-integration-script.ts +177 -0
package/src/__tests__/benchmark/types.ts +144 -0
package/src/__tests__/benchmark/utils/test-runner.ts +475 -0
package/src/__tests__/regression/known-false-positives.test.ts +467 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +178 -0
package/src/__tests__/snapshots/scan-depth.test.ts +258 -0
package/src/__tests__/validation/analyze-results.ts +542 -0
package/src/__tests__/validation/extract-for-triage.ts +146 -0
package/src/__tests__/validation/fp-deep-analysis.ts +327 -0
package/src/__tests__/validation/run-validation.ts +364 -0
package/src/__tests__/validation/triage-template.md +132 -0
package/src/formatters/cli-terminal.ts +446 -0
package/src/formatters/github-comment.ts +382 -0
package/src/formatters/grouping.ts +190 -0
package/src/formatters/index.ts +47 -0
package/src/formatters/vscode-diagnostic.ts +243 -0
package/src/index.ts +823 -0
package/src/layer1/comments.ts +218 -0
package/src/layer1/config-audit.ts +289 -0
package/src/layer1/entropy.ts +583 -0
package/src/layer1/file-flags.ts +127 -0
package/src/layer1/index.ts +181 -0
package/src/layer1/patterns.ts +516 -0
package/src/layer1/urls.ts +334 -0
package/src/layer1/weak-crypto.ts +328 -0
package/src/layer2/ai-agent-tools.ts +601 -0
package/src/layer2/ai-endpoint-protection.ts +387 -0
package/src/layer2/ai-execution-sinks.ts +580 -0
package/src/layer2/ai-fingerprinting.ts +758 -0
package/src/layer2/ai-prompt-hygiene.ts +411 -0
package/src/layer2/ai-rag-safety.ts +511 -0
package/src/layer2/ai-schema-validation.ts +421 -0
package/src/layer2/auth-antipatterns.ts +394 -0
package/src/layer2/byok-patterns.ts +336 -0
package/src/layer2/dangerous-functions.ts +1563 -0
package/src/layer2/data-exposure.ts +315 -0
package/src/layer2/framework-checks.ts +433 -0
package/src/layer2/index.ts +473 -0
package/src/layer2/logic-gates.ts +206 -0
package/src/layer2/risky-imports.ts +186 -0
package/src/layer2/variables.ts +166 -0
package/src/layer3/anthropic.ts +2030 -0
package/src/layer3/index.ts +130 -0
package/src/layer3/package-check.ts +604 -0
package/src/modes/incremental.ts +293 -0
package/src/tiers.ts +318 -0
package/src/types.ts +284 -0
package/src/utils/auth-helper-detector.ts +443 -0
package/src/utils/context-helpers.ts +535 -0
package/src/utils/diff-detector.ts +135 -0
package/src/utils/diff-parser.ts +272 -0
package/src/utils/imported-auth-detector.ts +320 -0
package/src/utils/middleware-detector.ts +333 -0
package/src/utils/oauth-flow-detector.ts +246 -0
package/src/utils/path-exclusions.ts +266 -0
package/src/utils/project-context-builder.ts +707 -0
package/src/utils/registry-clients.ts +351 -0
package/src/utils/trpc-analyzer.ts +382 -0

package/dist/utils/diff-detector.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Diff Detection Utility
+ * Compares current repository tree against previous scan data to detect changed files
+ * Used for incremental scanning (Story D)
+ */
+export interface TreeFileInfo {
+    path: string;
+    sha: string;
+}
+export interface DiffResult {
+    /** Files that are new (not in previous scan) */
+    added: string[];
+    /** Files whose SHA changed (content modified) */
+    modified: string[];
+    /** Files that were deleted (in previous scan but not in current) */
+    deleted: string[];
+    /** Files that haven't changed */
+    unchanged: string[];
+    /** Total count of changed files (added + modified) */
+    changedCount: number;
+    /** Whether this is a significant change warranting incremental scan */
+    shouldUseIncremental: boolean;
+}
+/**
+ * Detect which files have changed between the current tree and previous scan
+ *
+ * @param currentTree - Array of files from current GitHub tree (path + sha)
+ * @param previousFileShas - Map of {file_path: sha} from previous scan
+ * @returns DiffResult with categorized file changes
+ */
+export declare function detectChangedFiles(currentTree: TreeFileInfo[], previousFileShas: Record<string, string> | null | undefined): DiffResult;
+/**
+ * Build a file SHA map from a GitHub tree response
+ * Filters to only include blob (file) entries
+ *
+ * @param tree - GitHub tree items with path and sha
+ * @returns Map of {file_path: sha}
+ */
+export declare function buildFileShaMap(tree: Array<{
+    path: string;
+    sha: string;
+    type: 'blob' | 'tree';
+}>): Record<string, string>;
+/**
+ * Check if two tree SHAs are different
+ * Quick check before doing detailed file comparison
+ *
+ * @param currentTreeSha - SHA of current tree
+ * @param previousTreeSha - SHA from previous scan
+ * @returns true if trees are different (need detailed comparison)
+ */
+export declare function hasTreeChanged(currentTreeSha: string, previousTreeSha: string | null | undefined): boolean;
+//# sourceMappingURL=diff-detector.d.ts.map

package/dist/utils/diff-detector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff-detector.d.ts","sourceRoot":"","sources":["../../src/utils/diff-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,UAAU;IACzB,gDAAgD;IAChD,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,iDAAiD;IACjD,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,oEAAoE;IACpE,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,iCAAiC;IACjC,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAA;IACpB,uEAAuE;IACvE,oBAAoB,EAAE,OAAO,CAAA;CAC9B;AAQD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,YAAY,EAAE,EAC3B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,SAAS,GAC1D,UAAU,CAsDZ;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC,GAChE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWxB;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACzC,OAAO,CAGT"}

package/dist/utils/diff-detector.js ADDED Viewed

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * Diff Detection Utility
+ * Compares current repository tree against previous scan data to detect changed files
+ * Used for incremental scanning (Story D)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectChangedFiles = detectChangedFiles;
+exports.buildFileShaMap = buildFileShaMap;
+exports.hasTreeChanged = hasTreeChanged;
+/**
+ * Maximum number of changed files before falling back to full scan
+ * Beyond this threshold, incremental mode provides diminishing returns
+ */
+const MAX_CHANGED_FILES_FOR_INCREMENTAL = 50;
+/**
+ * Detect which files have changed between the current tree and previous scan
+ *
+ * @param currentTree - Array of files from current GitHub tree (path + sha)
+ * @param previousFileShas - Map of {file_path: sha} from previous scan
+ * @returns DiffResult with categorized file changes
+ */
+function detectChangedFiles(currentTree, previousFileShas) {
+    // If no previous data, everything is "new"
+    if (!previousFileShas || Object.keys(previousFileShas).length === 0) {
+        return {
+            added: currentTree.map(f => f.path),
+            modified: [],
+            deleted: [],
+            unchanged: [],
+            changedCount: currentTree.length,
+            shouldUseIncremental: false, // No baseline = full scan
+        };
+    }
+    const added = [];
+    const modified = [];
+    const unchanged = [];
+    const currentPaths = new Set();
+    // Compare current files against previous
+    for (const file of currentTree) {
+        currentPaths.add(file.path);
+        const previousSha = previousFileShas[file.path];
+        if (!previousSha) {
+            // File didn't exist before
+            added.push(file.path);
+        }
+        else if (previousSha !== file.sha) {
+            // File content changed (SHA differs)
+            modified.push(file.path);
+        }
+        else {
+            // Same SHA = unchanged
+            unchanged.push(file.path);
+        }
+    }
+    // Find deleted files (in previous but not in current)
+    const deleted = [];
+    for (const path of Object.keys(previousFileShas)) {
+        if (!currentPaths.has(path)) {
+            deleted.push(path);
+        }
+    }
+    const changedCount = added.length + modified.length;
+    const shouldUseIncremental = changedCount > 0 && changedCount <= MAX_CHANGED_FILES_FOR_INCREMENTAL;
+    return {
+        added,
+        modified,
+        deleted,
+        unchanged,
+        changedCount,
+        shouldUseIncremental,
+    };
+}
+/**
+ * Build a file SHA map from a GitHub tree response
+ * Filters to only include blob (file) entries
+ *
+ * @param tree - GitHub tree items with path and sha
+ * @returns Map of {file_path: sha}
+ */
+function buildFileShaMap(tree) {
+    const map = {};
+    for (const item of tree) {
+        // Only include files (blobs), not directories (trees)
+        if (item.type === 'blob') {
+            map[item.path] = item.sha;
+        }
+    }
+    return map;
+}
+/**
+ * Check if two tree SHAs are different
+ * Quick check before doing detailed file comparison
+ *
+ * @param currentTreeSha - SHA of current tree
+ * @param previousTreeSha - SHA from previous scan
+ * @returns true if trees are different (need detailed comparison)
+ */
+function hasTreeChanged(currentTreeSha, previousTreeSha) {
+    if (!previousTreeSha)
+        return true;
+    return currentTreeSha !== previousTreeSha;
+}
+//# sourceMappingURL=diff-detector.js.map

package/dist/utils/diff-detector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff-detector.js","sourceRoot":"","sources":["../../src/utils/diff-detector.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAmCH,gDAyDC;AASD,0CAaC;AAUD,wCAMC;AA5GD;;;GAGG;AACH,MAAM,iCAAiC,GAAG,EAAE,CAAA;AAE5C;;;;;;GAMG;AACH,SAAgB,kBAAkB,CAChC,WAA2B,EAC3B,gBAA2D;IAE3D,2CAA2C;IAC3C,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,OAAO;YACL,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACnC,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,EAAE;YACX,SAAS,EAAE,EAAE;YACb,YAAY,EAAE,WAAW,CAAC,MAAM;YAChC,oBAAoB,EAAE,KAAK,EAAE,0BAA0B;SACxD,CAAA;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,MAAM,QAAQ,GAAa,EAAE,CAAA;IAC7B,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAA;IAEtC,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3B,MAAM,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAE/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,2BAA2B;YAC3B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACvB,CAAC;aAAM,IAAI,WAAW,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;YACpC,qCAAqC;YACrC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC;aAAM,CAAC;YACN,uBAAuB;YACvB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;IACnD,MAAM,oBAAoB,GAAG,YAAY,GAAG,CAAC,IAAI,YAAY,IAAI,iCAAiC,CAAA;IAElG,OAAO;QACL,KAAK;QACL,QAAQ;QACR,OAAO;QACP,SAAS;QACT,YAAY;QACZ,oBAAoB;KACrB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,eAAe,CAC7B,IAAiE;IAEjE,MAAM,GAAG,GAA2B,EAAE,CAAA;IAEtC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,sDAAsD;QACtD,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,cAAc,CAC5B,cAAsB,EACtB,eAA0C;IAE1C,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAA;IACjC,OAAO,cAAc,KAAK,eAAe,CAAA;AAC3C,CAAC"}

package/dist/utils/diff-parser.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * Git Diff Parser
+ * Parses unified diff format to extract changed line ranges
+ * Used for incremental scanning to only flag findings on changed lines
+ */
+/**
+ * A hunk represents a contiguous block of changes
+ */
+export interface DiffHunk {
+    /** Starting line in the old file */
+    oldStart: number;
+    /** Number of lines in old file */
+    oldLines: number;
+    /** Starting line in the new file */
+    newStart: number;
+    /** Number of lines in new file */
+    newLines: number;
+    /** Lines that were added (line numbers in new file) */
+    addedLines: number[];
+    /** Lines that were removed (line numbers in old file) */
+    removedLines: number[];
+    /** Lines that were modified (context around changes in new file) */
+    contextLines: number[];
+}
+/**
+ * Parsed file diff
+ */
+export interface FileDiff {
+    /** File path (after rename if applicable) */
+    path: string;
+    /** Old file path (if renamed) */
+    oldPath?: string;
+    /** Whether the file was added */
+    isNew: boolean;
+    /** Whether the file was deleted */
+    isDeleted: boolean;
+    /** Whether the file was renamed */
+    isRenamed: boolean;
+    /** Hunks containing the actual changes */
+    hunks: DiffHunk[];
+    /** All changed line numbers in the new file */
+    changedLines: Set<number>;
+    /** All lines near changes (within context window) */
+    affectedLines: Set<number>;
+}
+/**
+ * Parse a unified diff output
+ *
+ * @param diffOutput - The raw git diff output
+ * @param contextWindow - Lines around changes to consider "affected" (default: 5)
+ * @returns Map of file path to FileDiff
+ */
+export declare function parseDiff(diffOutput: string, contextWindow?: number): Map<string, FileDiff>;
+/**
+ * Parse a simple list of changed file paths
+ * Used when full diff isn't available (e.g., GitHub API file list)
+ */
+export declare function parseChangedFileList(files: string[]): Map<string, FileDiff>;
+/**
+ * Check if a finding is on a changed line
+ */
+export declare function isOnChangedLine(filePath: string, lineNumber: number, diffs: Map<string, FileDiff>): boolean;
+/**
+ * Check if a finding is near a changed line (within context window)
+ */
+export declare function isNearChangedLine(filePath: string, lineNumber: number, diffs: Map<string, FileDiff>): boolean;
+/**
+ * Get all changed file paths from diffs
+ */
+export declare function getChangedFilePaths(diffs: Map<string, FileDiff>): string[];
+/**
+ * Filter vulnerabilities to only those on/near changed lines
+ */
+export declare function filterToChangedLines<T extends {
+    filePath: string;
+    lineNumber: number;
+}>(findings: T[], diffs: Map<string, FileDiff>, options?: {
+    strictMode?: boolean;
+}): T[];
+//# sourceMappingURL=diff-parser.d.ts.map

package/dist/utils/diff-parser.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff-parser.d.ts","sourceRoot":"","sources":["../../src/utils/diff-parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAA;IAChB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAA;IAChB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,uDAAuD;IACvD,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,yDAAyD;IACzD,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,oEAAoE;IACpE,YAAY,EAAE,MAAM,EAAE,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAA;IACZ,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,iCAAiC;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,mCAAmC;IACnC,SAAS,EAAE,OAAO,CAAA;IAClB,mCAAmC;IACnC,SAAS,EAAE,OAAO,CAAA;IAClB,0CAA0C;IAC1C,KAAK,EAAE,QAAQ,EAAE,CAAA;IACjB,+CAA+C;IAC/C,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IACzB,qDAAqD;IACrD,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CAC3B;AAED;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,GAAE,MAAU,GAAG,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAkB9F;AA6GD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAiB3E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,GAC3B,OAAO,CAQT;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,GAC3B,OAAO,CAQT;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,MAAM,EAAE,CAK1E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,EACrF,QAAQ,EAAE,CAAC,EAAE,EACb,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5B,OAAO,GAAE;IAAE,UAAU,CAAC,EAAE,OAAO,CAAA;CAAO,GACrC,CAAC,EAAE,CAeL"}

package/dist/utils/diff-parser.js ADDED Viewed

@@ -0,0 +1,202 @@
+"use strict";
+/**
+ * Git Diff Parser
+ * Parses unified diff format to extract changed line ranges
+ * Used for incremental scanning to only flag findings on changed lines
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseDiff = parseDiff;
+exports.parseChangedFileList = parseChangedFileList;
+exports.isOnChangedLine = isOnChangedLine;
+exports.isNearChangedLine = isNearChangedLine;
+exports.getChangedFilePaths = getChangedFilePaths;
+exports.filterToChangedLines = filterToChangedLines;
+/**
+ * Parse a unified diff output
+ *
+ * @param diffOutput - The raw git diff output
+ * @param contextWindow - Lines around changes to consider "affected" (default: 5)
+ * @returns Map of file path to FileDiff
+ */
+function parseDiff(diffOutput, contextWindow = 5) {
+    const files = new Map();
+    if (!diffOutput || diffOutput.trim() === '') {
+        return files;
+    }
+    // Split into file sections (each starts with "diff --git")
+    const fileSections = diffOutput.split(/^diff --git /gm).filter(s => s.trim());
+    for (const section of fileSections) {
+        const fileDiff = parseFileSection('diff --git ' + section, contextWindow);
+        if (fileDiff) {
+            files.set(fileDiff.path, fileDiff);
+        }
+    }
+    return files;
+}
+/**
+ * Parse a single file's diff section
+ */
+function parseFileSection(section, contextWindow) {
+    const lines = section.split('\n');
+    // Extract file paths from header
+    // Format: diff --git a/path/to/file b/path/to/file
+    const headerMatch = lines[0].match(/diff --git a\/(.+) b\/(.+)/);
+    if (!headerMatch)
+        return null;
+    const oldPath = headerMatch[1];
+    const newPath = headerMatch[2];
+    // Detect file status
+    let isNew = false;
+    let isDeleted = false;
+    let isRenamed = oldPath !== newPath;
+    for (const line of lines.slice(0, 10)) {
+        if (line.startsWith('new file mode'))
+            isNew = true;
+        if (line.startsWith('deleted file mode'))
+            isDeleted = true;
+        if (line.startsWith('rename from'))
+            isRenamed = true;
+    }
+    // Parse hunks
+    const hunks = [];
+    const changedLines = new Set();
+    const affectedLines = new Set();
+    // Find hunk headers: @@ -oldStart,oldLines +newStart,newLines @@
+    const hunkRegex = /@@ -(\d+)(?:,(\d+))? \+(\d+)(?:,(\d+))? @@/g;
+    let match;
+    const sectionContent = section;
+    while ((match = hunkRegex.exec(sectionContent)) !== null) {
+        const oldStart = parseInt(match[1], 10);
+        const oldLines = parseInt(match[2] || '1', 10);
+        const newStart = parseInt(match[3], 10);
+        const newLines = parseInt(match[4] || '1', 10);
+        // Find the content of this hunk (until next @@ or end)
+        const hunkStartIndex = match.index + match[0].length;
+        const nextHunkMatch = /@@ -\d+/.exec(sectionContent.slice(hunkStartIndex + 1));
+        const hunkEndIndex = nextHunkMatch
+            ? hunkStartIndex + 1 + nextHunkMatch.index
+            : sectionContent.length;
+        const hunkContent = sectionContent.slice(hunkStartIndex, hunkEndIndex);
+        const hunkLines = hunkContent.split('\n');
+        const addedLines = [];
+        const removedLines = [];
+        const contextLines = [];
+        let newLineNum = newStart;
+        let oldLineNum = oldStart;
+        for (const line of hunkLines) {
+            if (line.startsWith('+') && !line.startsWith('+++')) {
+                // Added line
+                addedLines.push(newLineNum);
+                changedLines.add(newLineNum);
+                newLineNum++;
+            }
+            else if (line.startsWith('-') && !line.startsWith('---')) {
+                // Removed line
+                removedLines.push(oldLineNum);
+                oldLineNum++;
+            }
+            else if (line.startsWith(' ') || line === '') {
+                // Context line
+                contextLines.push(newLineNum);
+                newLineNum++;
+                oldLineNum++;
+            }
+        }
+        hunks.push({
+            oldStart,
+            oldLines,
+            newStart,
+            newLines,
+            addedLines,
+            removedLines,
+            contextLines,
+        });
+    }
+    // Calculate affected lines (changed lines + context window)
+    for (const line of changedLines) {
+        for (let i = Math.max(1, line - contextWindow); i <= line + contextWindow; i++) {
+            affectedLines.add(i);
+        }
+    }
+    return {
+        path: newPath,
+        oldPath: isRenamed ? oldPath : undefined,
+        isNew,
+        isDeleted,
+        isRenamed,
+        hunks,
+        changedLines,
+        affectedLines,
+    };
+}
+/**
+ * Parse a simple list of changed file paths
+ * Used when full diff isn't available (e.g., GitHub API file list)
+ */
+function parseChangedFileList(files) {
+    const result = new Map();
+    for (const path of files) {
+        result.set(path, {
+            path,
+            isNew: false,
+            isDeleted: false,
+            isRenamed: false,
+            hunks: [],
+            // Without diff content, consider all lines as changed
+            changedLines: new Set(),
+            affectedLines: new Set(),
+        });
+    }
+    return result;
+}
+/**
+ * Check if a finding is on a changed line
+ */
+function isOnChangedLine(filePath, lineNumber, diffs) {
+    const fileDiff = diffs.get(filePath);
+    if (!fileDiff)
+        return false;
+    // If no specific changed lines (file list only), consider all findings relevant
+    if (fileDiff.changedLines.size === 0)
+        return true;
+    return fileDiff.changedLines.has(lineNumber);
+}
+/**
+ * Check if a finding is near a changed line (within context window)
+ */
+function isNearChangedLine(filePath, lineNumber, diffs) {
+    const fileDiff = diffs.get(filePath);
+    if (!fileDiff)
+        return false;
+    // If no specific affected lines, consider all findings relevant
+    if (fileDiff.affectedLines.size === 0)
+        return true;
+    return fileDiff.affectedLines.has(lineNumber);
+}
+/**
+ * Get all changed file paths from diffs
+ */
+function getChangedFilePaths(diffs) {
+    return Array.from(diffs.keys()).filter(path => {
+        const diff = diffs.get(path);
+        return diff && !diff.isDeleted;
+    });
+}
+/**
+ * Filter vulnerabilities to only those on/near changed lines
+ */
+function filterToChangedLines(findings, diffs, options = {}) {
+    const { strictMode = false } = options;
+    return findings.filter(finding => {
+        // If file not in diff, it wasn't changed - exclude
+        if (!diffs.has(finding.filePath))
+            return false;
+        // In strict mode, only include findings on exactly changed lines
+        if (strictMode) {
+            return isOnChangedLine(finding.filePath, finding.lineNumber, diffs);
+        }
+        // In normal mode, include findings near changed lines
+        return isNearChangedLine(finding.filePath, finding.lineNumber, diffs);
+    });
+}
+//# sourceMappingURL=diff-parser.js.map

package/dist/utils/diff-parser.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"diff-parser.js","sourceRoot":"","sources":["../../src/utils/diff-parser.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAmDH,8BAkBC;AAiHD,oDAiBC;AAKD,0CAYC;AAKD,8CAYC;AAKD,kDAKC;AAKD,oDAmBC;AA/ND;;;;;;GAMG;AACH,SAAgB,SAAS,CAAC,UAAkB,EAAE,gBAAwB,CAAC;IACrE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAoB,CAAA;IAEzC,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAA;IACd,CAAC;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;IAE7E,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,GAAG,OAAO,EAAE,aAAa,CAAC,CAAA;QACzE,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe,EAAE,aAAqB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,iCAAiC;IACjC,mDAAmD;IACnD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAA;IAChE,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAA;IAE7B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC9B,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAE9B,qBAAqB;IACrB,IAAI,KAAK,GAAG,KAAK,CAAA;IACjB,IAAI,SAAS,GAAG,KAAK,CAAA;IACrB,IAAI,SAAS,GAAG,OAAO,KAAK,OAAO,CAAA;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC;YAAE,KAAK,GAAG,IAAI,CAAA;QAClD,IAAI,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC;YAAE,SAAS,GAAG,IAAI,CAAA;QAC1D,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,SAAS,GAAG,IAAI,CAAA;IACtD,CAAC;IAED,cAAc;IACd,MAAM,KAAK,GAAe,EAAE,CAAA;IAC5B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAA;IACtC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAA;IAEvC,iEAAiE;IACjE,MAAM,SAAS,GAAG,6CAA6C,CAAA;IAC/D,IAAI,KAA6B,CAAA;IAEjC,MAAM,cAAc,GAAG,OAAO,CAAA;IAE9B,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACvC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QAC9C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QACvC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QAE9C,uDAAuD;QACvD,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QACpD,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAA;QAC9E,MAAM,YAAY,GAAG,aAAa;YAChC,CAAC,CAAC,cAAc,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK;YAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,CAAA;QAEzB,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;QACtE,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEzC,MAAM,UAAU,GAAa,EAAE,CAAA;QAC/B,MAAM,YAAY,GAAa,EAAE,CAAA;QACjC,MAAM,YAAY,GAAa,EAAE,CAAA;QAEjC,IAAI,UAAU,GAAG,QAAQ,CAAA;QACzB,IAAI,UAAU,GAAG,QAAQ,CAAA;QAEzB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBACpD,aAAa;gBACb,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC3B,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;gBAC5B,UAAU,EAAE,CAAA;YACd,CAAC;iBAAM,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,eAAe;gBACf,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC7B,UAAU,EAAE,CAAA;YACd,CAAC;iBAAM,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;gBAC/C,eAAe;gBACf,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC7B,UAAU,EAAE,CAAA;gBACZ,UAAU,EAAE,CAAA;YACd,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,UAAU;YACV,YAAY;YACZ,YAAY;SACb,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,aAAa,CAAC,EAAE,CAAC,IAAI,IAAI,GAAG,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/E,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QACxC,KAAK;QACL,SAAS;QACT,SAAS;QACT,KAAK;QACL,YAAY;QACZ,aAAa;KACd,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,KAAe;IAClD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAA;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE;YACf,IAAI;YACJ,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,EAAE;YACT,sDAAsD;YACtD,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,aAAa,EAAE,IAAI,GAAG,EAAE;SACzB,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,QAAgB,EAChB,UAAkB,EAClB,KAA4B;IAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAA;IAE3B,gFAAgF;IAChF,IAAI,QAAQ,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjD,OAAO,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;AAC9C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,UAAkB,EAClB,KAA4B;IAE5B,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAA;IAE3B,gEAAgE;IAChE,IAAI,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAElD,OAAO,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,KAA4B;IAC9D,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC5B,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAA;IAChC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAClC,QAAa,EACb,KAA4B,EAC5B,UAAoC,EAAE;IAEtC,MAAM,EAAE,UAAU,GAAG,KAAK,EAAE,GAAG,OAAO,CAAA;IAEtC,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;QAC/B,mDAAmD;QACnD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAA;QAE9C,iEAAiE;QACjE,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QACrE,CAAC;QAED,sDAAsD;QACtD,OAAO,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;IACvE,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/utils/imported-auth-detector.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Imported Auth Detector
+ *
+ * Detects auth middleware/helpers imported from other files to avoid
+ * false positives on routes that are actually protected via imports.
+ *
+ * Example: A route file that does `import { authMiddleware } from '@/lib/auth'`
+ * and wraps handlers with it should not be flagged as "missing auth".
+ */
+import type { ScanFile } from '../types';
+export interface ImportedAuthInfo {
+    importPath: string;
+    importedNames: string[];
+    isAuthRelated: boolean;
+}
+export interface FileAuthImports {
+    filePath: string;
+    imports: ImportedAuthInfo[];
+    usesImportedAuth: boolean;
+}
+/**
+ * Extract all imports from a file's content
+ */
+export declare function extractImports(content: string): ImportedAuthInfo[];
+/**
+ * Check if imported auth is actually used to protect routes/handlers
+ */
+export declare function detectImportedAuthUsage(content: string, authImports: ImportedAuthInfo[]): boolean;
+/**
+ * Build a registry of files and their auth imports
+ */
+export declare function buildFileAuthImports(files: ScanFile[]): Map<string, FileAuthImports>;
+/**
+ * Check if a specific file uses imported auth protection
+ */
+export declare function fileUsesImportedAuth(filePath: string, registry: Map<string, FileAuthImports>): boolean;
+//# sourceMappingURL=imported-auth-detector.d.ts.map

package/dist/utils/imported-auth-detector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"imported-auth-detector.d.ts","sourceRoot":"","sources":["../../src/utils/imported-auth-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAMxC,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,EAAE,MAAM,EAAE,CAAA;IACvB,aAAa,EAAE,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,gBAAgB,EAAE,CAAA;IAC3B,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAkFD;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,EAAE,CA8ElE;AA+BD;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,gBAAgB,EAAE,GAC9B,OAAO,CAgDT;AAaD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAmBpF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,GACrC,OAAO,CAET"}