@oculum/scanner 1.0.9 → 1.0.11

package/dist/layer3/index.js

@@ -4,10 +4,11 @@
  * Deep security analysis using Claude AI and package verification
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkPackages = exports.batchAnalyzeWithAI = exports.analyzeWithAI = void 0;
+exports.checkPackageAdvisories = exports.checkPackages = exports.batchAnalyzeWithAI = exports.analyzeWithAI = void 0;
 exports.runLayer3Scan = runLayer3Scan;
 const anthropic_1 = require("./anthropic");
 const package_check_1 = require("./package-check");
+const osv_check_1 = require("./osv-check");
 // File extensions that benefit most from AI analysis
 const AI_PRIORITY_EXTENSIONS = [
     '.ts', '.tsx', '.js', '.jsx', '.mjs',
@@ -32,14 +33,21 @@ async function runLayer3Scan(files, options = {}) {
             aiAnalyzed: 0,
         };
     }
-    // 1. Check packages (always run, fast)
-    const packageFiles = files.filter(f => f.path.endsWith('package.json'));
-    for (const file of packageFiles) {
+    // 1. Check packages for hallucination/risk (package.json and requirements.txt)
+    const packageManifests = files.filter(f => f.path.endsWith('package.json') ||
+        f.path.endsWith('requirements.txt'));
+    for (const file of packageManifests) {
         // Check for cancellation in package loop
         if (options.cancellationToken?.cancelled)
             break;
-        const packageFindings = await (0, package_check_1.checkPackages)(file.content, file.path);
-        vulnerabilities.push(...packageFindings);
+        // Run hallucination/risk check (package-check only handles package.json)
+        if (file.path.endsWith('package.json')) {
+            const packageFindings = await (0, package_check_1.checkPackages)(file.content, file.path);
+            vulnerabilities.push(...packageFindings);
+        }
+        // Run OSV advisory check (handles both npm and Python)
+        const osvFindings = await (0, osv_check_1.checkPackageAdvisories)(file.content, file.path);
+        vulnerabilities.push(...osvFindings);
     }
     // Check for cancellation before AI analysis
     if (options.cancellationToken?.cancelled) {
@@ -137,4 +145,6 @@ Object.defineProperty(exports, "analyzeWithAI", { enumerable: true, get: functio
 Object.defineProperty(exports, "batchAnalyzeWithAI", { enumerable: true, get: function () { return anthropic_2.batchAnalyzeWithAI; } });
 var package_check_2 = require("./package-check");
 Object.defineProperty(exports, "checkPackages", { enumerable: true, get: function () { return package_check_2.checkPackages; } });
+var osv_check_2 = require("./osv-check");
+Object.defineProperty(exports, "checkPackageAdvisories", { enumerable: true, get: function () { return osv_check_2.checkPackageAdvisories; } });
 //# sourceMappingURL=index.js.map

package/dist/layer3/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/layer3/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAoCH,sCAmFC;AApHD,2CAAoE;AACpE,mDAA+C;AAS/C,qDAAqD;AACrD,MAAM,sBAAsB,GAAG;IAC7B,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACpC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK;CAC5B,CAAA;AAED,6CAA6C;AAC7C,MAAM,YAAY,GAAG,EAAE,CAAA;AAEvB,6DAA6D;AAC7D,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,OAAO;AAanC,KAAK,UAAU,aAAa,CACjC,KAAiB,EACjB,UAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,IAAI,eAAe,GAAG,CAAC,CAAA;IAEvB,mCAAmC;IACnC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,CAAA;IAEnD,8CAA8C;IAC9C,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACzC,OAAO;YACL,eAAe,EAAE,EAAE;YACnB,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,UAAU,EAAE,CAAC;SACd,CAAA;IACH,CAAC;IAED,uCAAuC;IACvC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAA;IACvE,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,yCAAyC;QACzC,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS;YAAE,MAAK;QAE/C,MAAM,eAAe,GAAG,MAAM,IAAA,6BAAa,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QACpE,eAAe,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAA;IAC1C,CAAC;IAED,4CAA4C;IAC5C,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACzC,OAAO;YACL,eAAe;YACf,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,UAAU,EAAE,CAAC;SACd,CAAA;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC/B,+BAA+B;QAC/B,MAAM,YAAY,GAAG,KAAK;aACvB,MAAM,CAAC,CAAC,CAAC,EAAE;YACV,+BAA+B;YAC/B,MAAM,cAAc,GAAG,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/E,2BAA2B;YAC3B,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,IAAI,gBAAgB,CAAA;YACjD,kBAAkB;YAClB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YAC/C,OAAO,cAAc,IAAI,cAAc,IAAI,SAAS,CAAA;QACtD,CAAC,CAAC;YACF,yDAAyD;aACxD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACpC,OAAO,MAAM,GAAG,MAAM,CAAA;QACxB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QAEvB,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,uBAAuB,YAAY,CAAC,MAAM,mBAAmB,CAAC,CAAA;YAE1E,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAkB,EAAC,YAAY,EAAE,OAAO,CAAC,cAAc,CAAC,CAAA;gBACjF,eAAe,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAA;gBACnC,eAAe,GAAG,YAAY,CAAC,MAAM,CAAA;YACvC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAA;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,eAAe;QACf,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,UAAU,EAAE,eAAe;KAC5B,CAAA;AACH,CAAC;AAED,iEAAiE;AACjE,SAAS,kBAAkB,CAAC,IAAc;IACxC,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAA;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;IAEpC,qBAAqB;IACrB,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,EAAE,CAAA;IACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC/D,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAExC,+DAA+D;IAC/D,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC/E,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,EAAE,CAAA;IACvE,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5F,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACzE,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACjF,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAEzE,OAAO,KAAK,CAAA;AACd,CAAC;AAED,yCAAmF;AAA1E,0GAAA,aAAa,OAAA;AAAE,+GAAA,kBAAkB,OAAA;AAC1C,iDAA+C;AAAtC,8GAAA,aAAa,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/layer3/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAqCH,sCA8FC;AAhID,2CAAoE;AACpE,mDAA+C;AAC/C,2CAAoD;AASpD,qDAAqD;AACrD,MAAM,sBAAsB,GAAG;IAC7B,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACpC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK;CAC5B,CAAA;AAED,6CAA6C;AAC7C,MAAM,YAAY,GAAG,EAAE,CAAA;AAEvB,6DAA6D;AAC7D,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,OAAO;AAanC,KAAK,UAAU,aAAa,CACjC,KAAiB,EACjB,UAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,IAAI,eAAe,GAAG,CAAC,CAAA;IAEvB,mCAAmC;IACnC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,CAAA;IAEnD,8CAA8C;IAC9C,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACzC,OAAO;YACL,eAAe,EAAE,EAAE;YACnB,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,UAAU,EAAE,CAAC;SACd,CAAA;IACH,CAAC;IAED,+EAA+E;IAC/E,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACxC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CACpC,CAAA;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,yCAAyC;QACzC,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS;YAAE,MAAK;QAE/C,yEAAyE;QACzE,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvC,MAAM,eAAe,GAAG,MAAM,IAAA,6BAAa,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;YACpE,eAAe,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAA;QAC1C,CAAC;QAED,uDAAuD;QACvD,MAAM,WAAW,GAAG,MAAM,IAAA,kCAAsB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QACzE,eAAe,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAA;IACtC,CAAC;IAED,4CAA4C;IAC5C,IAAI,OAAO,CAAC,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACzC,OAAO;YACL,eAAe;YACf,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,UAAU,EAAE,CAAC;SACd,CAAA;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC/B,+BAA+B;QAC/B,MAAM,YAAY,GAAG,KAAK;aACvB,MAAM,CAAC,CAAC,CAAC,EAAE;YACV,+BAA+B;YAC/B,MAAM,cAAc,GAAG,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YAC/E,2BAA2B;YAC3B,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,IAAI,gBAAgB,CAAA;YACjD,kBAAkB;YAClB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;YAC/C,OAAO,cAAc,IAAI,cAAc,IAAI,SAAS,CAAA;QACtD,CAAC,CAAC;YACF,yDAAyD;aACxD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACpC,OAAO,MAAM,GAAG,MAAM,CAAA;QACxB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QAEvB,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,uBAAuB,YAAY,CAAC,MAAM,mBAAmB,CAAC,CAAA;YAE1E,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAkB,EAAC,YAAY,EAAE,OAAO,CAAC,cAAc,CAAC,CAAA;gBACjF,eAAe,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAA;gBACnC,eAAe,GAAG,YAAY,CAAC,MAAM,CAAA;YACvC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAA;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,eAAe;QACf,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,UAAU,EAAE,eAAe;KAC5B,CAAA;AACH,CAAC;AAED,iEAAiE;AACjE,SAAS,kBAAkB,CAAC,IAAc;IACxC,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAA;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;IAEpC,qBAAqB;IACrB,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,EAAE,CAAA;IACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC/D,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAExC,+DAA+D;IAC/D,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC/E,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,EAAE,CAAA;IACvE,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5F,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACrE,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACzE,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IACjF,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,KAAK,IAAI,CAAC,CAAA;IAEzE,OAAO,KAAK,CAAA;AACd,CAAC;AAED,yCAAmF;AAA1E,0GAAA,aAAa,OAAA;AAAE,+GAAA,kBAAkB,OAAA;AAC1C,iDAA+C;AAAtC,8GAAA,aAAa,OAAA;AACtB,yCAAoD;AAA3C,mHAAA,sBAAsB,OAAA"}

package/dist/layer3/osv-check.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Layer 3: OSV/Security Advisory Integration
+ * Checks packages against OSV.dev for known vulnerabilities
+ *
+ * Features:
+ * - Queries OSV.dev API for known malicious/vulnerable packages
+ * - Caches advisories for efficiency
+ * - Supports npm and PyPI ecosystems
+ */
+import type { Vulnerability, VulnerabilitySeverity } from '../types';
+interface OSVVulnerability {
+    id: string;
+    summary?: string;
+    details?: string;
+    severity?: Array<{
+        type: string;
+        score: string;
+    }>;
+    references?: Array<{
+        type: string;
+        url: string;
+    }>;
+    affected?: Array<{
+        package: {
+            name: string;
+            ecosystem: string;
+        };
+        ranges?: Array<{
+            type: string;
+            events: Array<{
+                introduced?: string;
+                fixed?: string;
+            }>;
+        }>;
+    }>;
+    database_specific?: {
+        malicious?: boolean;
+        severity?: string;
+    };
+}
+interface CachedAdvisory {
+    timestamp: number;
+    advisories: OSVVulnerability[];
+}
+declare const advisoryCache: Map<string, CachedAdvisory>;
+/**
+ * Get cache key for a package
+ */
+declare function getCacheKey(name: string, ecosystem: string): string;
+/**
+ * Query OSV.dev for vulnerabilities affecting a single package
+ */
+declare function queryOSV(packageName: string, ecosystem: 'npm' | 'PyPI', version?: string): Promise<OSVVulnerability[]>;
+/**
+ * Query OSV.dev for multiple packages in batch
+ */
+declare function queryOSVBatch(packages: Array<{
+    name: string;
+    ecosystem: 'npm' | 'PyPI';
+    version?: string;
+}>): Promise<Map<string, OSVVulnerability[]>>;
+/**
+ * Determine severity from OSV vulnerability
+ */
+declare function mapOSVSeverity(vuln: OSVVulnerability): VulnerabilitySeverity;
+/**
+ * Check if vulnerability is for a malicious package
+ */
+declare function isMaliciousPackage(vuln: OSVVulnerability): boolean;
+/**
+ * Check packages in a file for known vulnerabilities via OSV.dev
+ */
+export declare function checkPackageAdvisories(content: string, filePath: string): Promise<Vulnerability[]>;
+export { queryOSV, queryOSVBatch, mapOSVSeverity, isMaliciousPackage, getCacheKey, advisoryCache, };
+//# sourceMappingURL=osv-check.d.ts.map

package/dist/layer3/osv-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"osv-check.d.ts","sourceRoot":"","sources":["../../src/layer3/osv-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AAmCpE,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,IAAI,EAAE,MAAM,CAAA;QACZ,KAAK,EAAE,MAAM,CAAA;KACd,CAAC,CAAA;IACF,UAAU,CAAC,EAAE,KAAK,CAAC;QACjB,IAAI,EAAE,MAAM,CAAA;QACZ,GAAG,EAAE,MAAM,CAAA;KACZ,CAAC,CAAA;IACF,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAA;YACZ,SAAS,EAAE,MAAM,CAAA;SAClB,CAAA;QACD,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAA;YACZ,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAA;SACvD,CAAC,CAAA;KACH,CAAC,CAAA;IACF,iBAAiB,CAAC,EAAE;QAClB,SAAS,CAAC,EAAE,OAAO,CAAA;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAUD,UAAU,cAAc;IACtB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,gBAAgB,EAAE,CAAA;CAC/B;AAMD,QAAA,MAAM,aAAa,6BAAoC,CAAA;AAEvD;;GAEG;AACH,iBAAS,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAE5D;AAoCD;;GAEG;AACH,iBAAe,QAAQ,CACrB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,KAAK,GAAG,MAAM,EACzB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,EAAE,CAAC,CA4C7B;AAED;;GAEG;AACH,iBAAe,aAAa,CAC1B,QAAQ,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,KAAK,GAAG,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,GAC7E,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAgE1C;AAMD;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,gBAAgB,GAAG,qBAAqB,CA2BrE;AAED;;GAEG;AACH,iBAAS,kBAAkB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAI3D;AAMD;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,EAAE,CAAC,CAiG1B;AAGD,OAAO,EACL,QAAQ,EACR,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,WAAW,EACX,aAAa,GACd,CAAA"}

package/dist/layer3/osv-check.js

@@ -0,0 +1,308 @@
+"use strict";
+/**
+ * Layer 3: OSV/Security Advisory Integration
+ * Checks packages against OSV.dev for known vulnerabilities
+ *
+ * Features:
+ * - Queries OSV.dev API for known malicious/vulnerable packages
+ * - Caches advisories for efficiency
+ * - Supports npm and PyPI ecosystems
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.advisoryCache = void 0;
+exports.checkPackageAdvisories = checkPackageAdvisories;
+exports.queryOSV = queryOSV;
+exports.queryOSVBatch = queryOSVBatch;
+exports.mapOSVSeverity = mapOSVSeverity;
+exports.isMaliciousPackage = isMaliciousPackage;
+exports.getCacheKey = getCacheKey;
+const registry_clients_1 = require("../utils/registry-clients");
+// ============================================================================
+// Configuration
+// ============================================================================
+// OSV API endpoint
+const OSV_API_URL = 'https://api.osv.dev/v1/query';
+const OSV_BATCH_URL = 'https://api.osv.dev/v1/querybatch';
+// Cache TTL (24 hours)
+const CACHE_TTL_MS = 24 * 60 * 60 * 1000;
+// Maximum packages to check per scan (cost/time control)
+const MAX_PACKAGES_TO_CHECK = 100;
+// ============================================================================
+// Advisory Cache
+// ============================================================================
+const advisoryCache = new Map();
+exports.advisoryCache = advisoryCache;
+/**
+ * Get cache key for a package
+ */
+function getCacheKey(name, ecosystem) {
+    return `${ecosystem}:${name.toLowerCase()}`;
+}
+/**
+ * Check if cached advisory is still valid
+ */
+function isCacheValid(cached) {
+    return Date.now() - cached.timestamp < CACHE_TTL_MS;
+}
+/**
+ * Get cached advisories for a package
+ */
+function getCachedAdvisories(name, ecosystem) {
+    const key = getCacheKey(name, ecosystem);
+    const cached = advisoryCache.get(key);
+    if (cached && isCacheValid(cached)) {
+        return cached.advisories;
+    }
+    return null;
+}
+/**
+ * Cache advisories for a package
+ */
+function cacheAdvisories(name, ecosystem, advisories) {
+    const key = getCacheKey(name, ecosystem);
+    advisoryCache.set(key, {
+        timestamp: Date.now(),
+        advisories,
+    });
+}
+// ============================================================================
+// OSV API Client
+// ============================================================================
+/**
+ * Query OSV.dev for vulnerabilities affecting a single package
+ */
+async function queryOSV(packageName, ecosystem, version) {
+    // Check cache first
+    const cached = getCachedAdvisories(packageName, ecosystem);
+    if (cached !== null) {
+        return cached;
+    }
+    try {
+        const query = {
+            package: {
+                name: packageName,
+                ecosystem,
+            },
+        };
+        if (version) {
+            query.version = version;
+        }
+        const response = await fetch(OSV_API_URL, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify(query),
+        });
+        if (!response.ok) {
+            // Don't throw - gracefully degrade
+            cacheAdvisories(packageName, ecosystem, []);
+            return [];
+        }
+        const data = (await response.json());
+        const advisories = data.vulns || [];
+        // Cache the result
+        cacheAdvisories(packageName, ecosystem, advisories);
+        return advisories;
+    }
+    catch {
+        // Network error - gracefully degrade
+        return [];
+    }
+}
+/**
+ * Query OSV.dev for multiple packages in batch
+ */
+async function queryOSVBatch(packages) {
+    const results = new Map();
+    // Split into cached and uncached
+    const uncached = [];
+    for (let i = 0; i < packages.length; i++) {
+        const pkg = packages[i];
+        const cached = getCachedAdvisories(pkg.name, pkg.ecosystem);
+        if (cached !== null) {
+            results.set(getCacheKey(pkg.name, pkg.ecosystem), cached);
+        }
+        else {
+            uncached.push({ ...pkg, index: i });
+        }
+    }
+    if (uncached.length === 0) {
+        return results;
+    }
+    try {
+        const queries = uncached.map(pkg => ({
+            package: {
+                name: pkg.name,
+                ecosystem: pkg.ecosystem,
+            },
+            version: pkg.version,
+        }));
+        const response = await fetch(OSV_BATCH_URL, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ queries }),
+        });
+        if (!response.ok) {
+            // Gracefully degrade - return empty for all uncached
+            for (const pkg of uncached) {
+                cacheAdvisories(pkg.name, pkg.ecosystem, []);
+                results.set(getCacheKey(pkg.name, pkg.ecosystem), []);
+            }
+            return results;
+        }
+        const data = (await response.json());
+        // Process batch results
+        for (let i = 0; i < uncached.length; i++) {
+            const pkg = uncached[i];
+            const advisories = data.results[i]?.vulns || [];
+            cacheAdvisories(pkg.name, pkg.ecosystem, advisories);
+            results.set(getCacheKey(pkg.name, pkg.ecosystem), advisories);
+        }
+        return results;
+    }
+    catch {
+        // Network error - gracefully degrade
+        for (const pkg of uncached) {
+            results.set(getCacheKey(pkg.name, pkg.ecosystem), []);
+        }
+        return results;
+    }
+}
+// ============================================================================
+// Severity Mapping
+// ============================================================================
+/**
+ * Determine severity from OSV vulnerability
+ */
+function mapOSVSeverity(vuln) {
+    // Check for malicious package (critical)
+    if (vuln.database_specific?.malicious) {
+        return 'critical';
+    }
+    // Check CVSS score
+    const cvss = vuln.severity?.find(s => s.type === 'CVSS_V3');
+    if (cvss) {
+        const score = parseFloat(cvss.score);
+        if (score >= 9.0)
+            return 'critical';
+        if (score >= 7.0)
+            return 'high';
+        if (score >= 4.0)
+            return 'medium';
+        return 'low';
+    }
+    // Check database_specific severity
+    const dbSeverity = vuln.database_specific?.severity?.toLowerCase();
+    if (dbSeverity) {
+        if (dbSeverity === 'critical')
+            return 'critical';
+        if (dbSeverity === 'high')
+            return 'high';
+        if (dbSeverity === 'moderate' || dbSeverity === 'medium')
+            return 'medium';
+        if (dbSeverity === 'low')
+            return 'low';
+    }
+    // Default to high for unknown severity (conservative)
+    return 'high';
+}
+/**
+ * Check if vulnerability is for a malicious package
+ */
+function isMaliciousPackage(vuln) {
+    return vuln.database_specific?.malicious === true ||
+        vuln.id.startsWith('MAL-') ||
+        (vuln.summary?.toLowerCase().includes('malicious') ?? false);
+}
+// ============================================================================
+// Main Check Function
+// ============================================================================
+/**
+ * Check packages in a file for known vulnerabilities via OSV.dev
+ */
+async function checkPackageAdvisories(content, filePath) {
+    const vulnerabilities = [];
+    // Determine file type
+    const fileType = (0, registry_clients_1.getPackageFileType)(filePath);
+    if (!fileType) {
+        return vulnerabilities;
+    }
+    // Extract dependencies based on file type
+    let dependencies = [];
+    if (fileType === 'npm' && filePath.endsWith('package.json')) {
+        dependencies = (0, registry_clients_1.extractNpmDependencies)(content);
+    }
+    else if (fileType === 'python') {
+        dependencies = (0, registry_clients_1.extractPythonRequirements)(content);
+    }
+    if (dependencies.length === 0) {
+        return vulnerabilities;
+    }
+    const lines = content.split('\n');
+    const ecosystem = fileType === 'npm' ? 'npm' : 'PyPI';
+    // Limit packages to check
+    const limitedDeps = dependencies.slice(0, MAX_PACKAGES_TO_CHECK);
+    // Query OSV in batch for efficiency
+    const packagesToQuery = limitedDeps.map(dep => ({
+        name: dep.name,
+        ecosystem: ecosystem,
+        version: dep.version,
+    }));
+    const advisoriesMap = await queryOSVBatch(packagesToQuery);
+    // Process results
+    for (const dep of limitedDeps) {
+        const key = getCacheKey(dep.name, ecosystem);
+        const advisories = advisoriesMap.get(key) || [];
+        if (advisories.length === 0)
+            continue;
+        // Find the most severe vulnerability
+        let mostSevere = null;
+        let highestSeverity = 'info';
+        const severityOrder = ['info', 'low', 'medium', 'high', 'critical'];
+        for (const adv of advisories) {
+            const sev = mapOSVSeverity(adv);
+            if (severityOrder.indexOf(sev) > severityOrder.indexOf(highestSeverity)) {
+                highestSeverity = sev;
+                mostSevere = adv;
+            }
+        }
+        if (!mostSevere)
+            continue;
+        // Determine category based on malicious vs vulnerable
+        const isMalicious = advisories.some(a => isMaliciousPackage(a));
+        const category = isMalicious ? 'ai_package_malicious' : 'suspicious_package';
+        // Build description
+        const advIds = advisories.map(a => a.id).slice(0, 3).join(', ');
+        const moreCount = advisories.length > 3 ? ` +${advisories.length - 3} more` : '';
+        const description = isMalicious
+            ? `Package "${dep.name}" is flagged as MALICIOUS in OSV.dev (${advIds}${moreCount}). This package may contain malware or data exfiltration code.`
+            : `Package "${dep.name}" has ${advisories.length} known security advisories (${advIds}${moreCount}). ${mostSevere.summary || 'Review before use.'}`;
+        // Build suggested fix
+        const suggestedFix = isMalicious
+            ? `Remove "${dep.name}" immediately. Do not use this package.`
+            : `Update "${dep.name}" to a patched version or find an alternative. Check: https://osv.dev/list?ecosystem=${ecosystem}&q=${encodeURIComponent(dep.name)}`;
+        vulnerabilities.push({
+            id: `osv-${filePath}-${dep.name}`,
+            filePath,
+            lineNumber: dep.line,
+            lineContent: lines[dep.line - 1]?.trim() || dep.name,
+            severity: highestSeverity,
+            category,
+            title: isMalicious
+                ? `Malicious package: ${dep.name}`
+                : `Vulnerable package: ${dep.name} (${advisories.length} advisories)`,
+            description,
+            suggestedFix,
+            confidence: 'high',
+            layer: 3,
+            requiresAIValidation: false, // OSV data is authoritative
+        });
+        // Rate limit between individual package queries if not using batch
+        await (0, registry_clients_1.rateLimitDelay)();
+    }
+    return vulnerabilities;
+}
+//# sourceMappingURL=osv-check.js.map

package/dist/layer3/osv-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"osv-check.js","sourceRoot":"","sources":["../../src/layer3/osv-check.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AA6SH,wDAoGC;AAIC,4BAAQ;AACR,sCAAa;AACb,wCAAc;AACd,gDAAkB;AAClB,kCAAW;AAtZb,gEAMkC;AAElC,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,mBAAmB;AACnB,MAAM,WAAW,GAAG,8BAA8B,CAAA;AAClD,MAAM,aAAa,GAAG,mCAAmC,CAAA;AAEzD,uBAAuB;AACvB,MAAM,YAAY,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAExC,yDAAyD;AACzD,MAAM,qBAAqB,GAAG,GAAG,CAAA;AAuDjC,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E,MAAM,aAAa,GAAG,IAAI,GAAG,EAA0B,CAAA;AAwUrD,sCAAa;AAtUf;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY,EAAE,SAAiB;IAClD,OAAO,GAAG,SAAS,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAA;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAsB;IAC1C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,YAAY,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,IAAY,EAAE,SAAiB;IAC1D,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACrC,IAAI,MAAM,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,UAAU,CAAA;IAC1B,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAY,EAAE,SAAiB,EAAE,UAA8B;IACtF,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;IACxC,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,UAAU;KACX,CAAC,CAAA;AACJ,CAAC;AAED,+EAA+E;AAC/E,iBAAiB;AACjB,+EAA+E;AAE/E;;GAEG;AACH,KAAK,UAAU,QAAQ,CACrB,WAAmB,EACnB,SAAyB,EACzB,OAAgB;IAEhB,oBAAoB;IACpB,MAAM,MAAM,GAAG,mBAAmB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAA;IAC1D,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAa;YACtB,OAAO,EAAE;gBACP,IAAI,EAAE,WAAW;gBACjB,SAAS;aACV;SACF,CAAA;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,OAAO,GAAG,OAAO,CAAA;QACzB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,CAAC,CAAA;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,mCAAmC;YACnC,eAAe,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAA;YAC3C,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAA;QACnD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAA;QAEnC,mBAAmB;QACnB,eAAe,CAAC,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;QAEnD,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;QACrC,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,QAA8E;IAE9E,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAA;IAErD,iCAAiC;IACjC,MAAM,QAAQ,GAAwF,EAAE,CAAA;IAExG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;QACvB,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;QAC3D,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAA;QAC3D,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QACrC,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnC,OAAO,EAAE;gBACP,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,SAAS,EAAE,GAAG,CAAC,SAAS;aACzB;YACD,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAC,CAAC,CAAA;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;SAClC,CAAC,CAAA;QAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,qDAAqD;YACrD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;gBAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,CAAA;YACvD,CAAC;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAA;QAExD,wBAAwB;QACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;YACvB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAA;YAC/C,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;YACpD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,UAAU,CAAC,CAAA;QAC/D,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;QACrC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,cAAc,CAAC,IAAsB;IAC5C,yCAAyC;IACzC,IAAI,IAAI,CAAC,iBAAiB,EAAE,SAAS,EAAE,CAAC;QACtC,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,mBAAmB;IACnB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAA;IAC3D,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpC,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,UAAU,CAAA;QACnC,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,MAAM,CAAA;QAC/B,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,QAAQ,CAAA;QACjC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,mCAAmC;IACnC,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;IAClE,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,UAAU,KAAK,UAAU;YAAE,OAAO,UAAU,CAAA;QAChD,IAAI,UAAU,KAAK,MAAM;YAAE,OAAO,MAAM,CAAA;QACxC,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,QAAQ;YAAE,OAAO,QAAQ,CAAA;QACzE,IAAI,UAAU,KAAK,KAAK;YAAE,OAAO,KAAK,CAAA;IACxC,CAAC;IAED,sDAAsD;IACtD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAsB;IAChD,OAAO,IAAI,CAAC,iBAAiB,EAAE,SAAS,KAAK,IAAI;QAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAC1B,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,CAAA;AAChE,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;GAEG;AACI,KAAK,UAAU,sBAAsB,CAC1C,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,qCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,0CAA0C;IAC1C,IAAI,YAAY,GAA0B,EAAE,CAAA;IAE5C,IAAI,QAAQ,KAAK,KAAK,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC5D,YAAY,GAAG,IAAA,yCAAsB,EAAC,OAAO,CAAC,CAAA;IAChD,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,YAAY,GAAG,IAAA,4CAAyB,EAAC,OAAO,CAAC,CAAA;IACnD,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;IAErD,0BAA0B;IAC1B,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAA;IAEhE,oCAAoC;IACpC,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,SAAS,EAAE,SAA2B;QACtC,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAA;IAEH,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,CAAA;IAE1D,kBAAkB;IAClB,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;QAC5C,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;QAE/C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAErC,qCAAqC;QACrC,IAAI,UAAU,GAA4B,IAAI,CAAA;QAC9C,IAAI,eAAe,GAA0B,MAAM,CAAA;QACnD,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAA;QAEnE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;gBACxE,eAAe,GAAG,GAAG,CAAA;gBACrB,UAAU,GAAG,GAAG,CAAA;YAClB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU;YAAE,SAAQ;QAEzB,sDAAsD;QACtD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAA;QAC/D,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,oBAAoB,CAAA;QAE5E,oBAAoB;QACpB,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAA;QAChF,MAAM,WAAW,GAAG,WAAW;YAC7B,CAAC,CAAC,YAAY,GAAG,CAAC,IAAI,yCAAyC,MAAM,GAAG,SAAS,gEAAgE;YACjJ,CAAC,CAAC,YAAY,GAAG,CAAC,IAAI,SAAS,UAAU,CAAC,MAAM,+BAA+B,MAAM,GAAG,SAAS,MAAM,UAAU,CAAC,OAAO,IAAI,oBAAoB,EAAE,CAAA;QAErJ,sBAAsB;QACtB,MAAM,YAAY,GAAG,WAAW;YAC9B,CAAC,CAAC,WAAW,GAAG,CAAC,IAAI,yCAAyC;YAC9D,CAAC,CAAC,WAAW,GAAG,CAAC,IAAI,wFAAwF,SAAS,MAAM,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAA;QAE5J,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,OAAO,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE;YACjC,QAAQ;YACR,UAAU,EAAE,GAAG,CAAC,IAAI;YACpB,WAAW,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,IAAI;YACpD,QAAQ,EAAE,eAAe;YACzB,QAAQ;YACR,KAAK,EAAE,WAAW;gBAChB,CAAC,CAAC,sBAAsB,GAAG,CAAC,IAAI,EAAE;gBAClC,CAAC,CAAC,uBAAuB,GAAG,CAAC,IAAI,KAAK,UAAU,CAAC,MAAM,cAAc;YACvE,WAAW;YACX,YAAY;YACZ,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,CAAC;YACR,oBAAoB,EAAE,KAAK,EAAE,4BAA4B;SAC1D,CAAC,CAAA;QAEF,mEAAmE;QACnE,MAAM,IAAA,iCAAc,GAAE,CAAA;IACxB,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/rules/framework-fixes.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Framework-Aware Fix Suggestions Registry (PRO-83)
+ *
+ * Provides framework-specific fix suggestions that transform generic advice
+ * into actionable guidance based on the user's detected tech stack.
+ *
+ * When a Next.js + Prisma project has a SQL injection finding, this registry
+ * provides Prisma-specific fixes instead of generic SQL advice.
+ *
+ * Falls back gracefully to generic fixes (from metadata.ts) when no match.
+ */
+import type { VulnerabilityCategory } from '../types';
+import type { FrameworkContext, DataAccessContext } from '../utils/project-context-builder';
+export type FrameworkKey = 'nextjs' | 'express' | 'fastify' | 'nestjs' | 'prisma' | 'drizzle' | 'supabase' | 'mongoose' | 'knex' | 'react' | 'vue';
+export interface FrameworkFix {
+    /** Step-by-step fix instructions specific to this framework */
+    fixSteps: string[];
+    /** Optional code example demonstrating the fix */
+    codeExample?: string;
+}
+/**
+ * Registry mapping vulnerability categories to framework-specific fixes.
+ *
+ * Structure: category -> framework -> fix
+ *
+ * Priority categories (Tier 1):
+ * - sql_injection: Fixes vary dramatically by ORM
+ * - missing_auth: Framework-specific middleware patterns
+ * - xss: React/Vue/vanilla have different approaches
+ * - hardcoded_secret: Framework-specific env handling
+ * - cors_misconfiguration: Very framework-specific
+ */
+export declare const FRAMEWORK_FIX_REGISTRY: Partial<Record<VulnerabilityCategory, Partial<Record<FrameworkKey, FrameworkFix>>>>;
+/**
+ * Get framework-specific fix for a vulnerability category.
+ *
+ * Priority order for ORM-related categories (sql_injection):
+ * 1. ORM (prisma, drizzle, supabase, mongoose, knex)
+ * 2. Backend framework (nextjs, express, fastify, nestjs)
+ *
+ * Priority order for other categories:
+ * 1. Frontend framework for XSS (react, vue)
+ * 2. Backend framework for auth/cors/secrets
+ *
+ * @returns FrameworkFix if a match is found, undefined otherwise (falls back to generic)
+ */
+export declare function getFrameworkFix(category: VulnerabilityCategory, frameworks: FrameworkContext, dataAccess?: DataAccessContext): FrameworkFix | undefined;
+//# sourceMappingURL=framework-fixes.d.ts.map

package/dist/rules/framework-fixes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"framework-fixes.d.ts","sourceRoot":"","sources":["../../src/rules/framework-fixes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAA;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AAM3F,MAAM,MAAM,YAAY,GACpB,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAC3C,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,GACvD,OAAO,GAAG,KAAK,CAAA;AAEnB,MAAM,WAAW,YAAY;IAC3B,+DAA+D;IAC/D,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAMD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,EAAE,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,CA+WtH,CAAA;AAMD;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,qBAAqB,EAC/B,UAAU,EAAE,gBAAgB,EAC5B,UAAU,CAAC,EAAE,iBAAiB,GAC7B,YAAY,GAAG,SAAS,CAgC1B"}