@opensip-cli/checks-universal 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (620) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +8 -0
  3. package/README.md +31 -0
  4. package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
  5. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
  6. package/dist/__tests__/all-checks-execute.test.js +452 -0
  7. package/dist/__tests__/all-checks-execute.test.js.map +1 -0
  8. package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
  9. package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
  10. package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
  11. package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
  12. package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
  13. package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
  14. package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
  15. package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
  16. package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
  17. package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
  18. package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
  19. package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
  20. package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
  21. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
  22. package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
  23. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
  24. package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
  25. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
  26. package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
  27. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
  28. package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
  29. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
  30. package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
  31. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
  32. package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
  33. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
  34. package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
  35. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
  36. package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
  37. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
  38. package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
  39. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
  40. package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
  41. package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
  42. package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
  43. package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
  44. package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
  45. package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
  46. package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
  47. package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
  48. package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
  49. package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
  50. package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
  51. package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
  52. package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
  53. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
  54. package/dist/__tests__/behavior-fixtures.test.js +1423 -0
  55. package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
  56. package/dist/__tests__/checks.test.d.ts +2 -0
  57. package/dist/__tests__/checks.test.d.ts.map +1 -0
  58. package/dist/__tests__/checks.test.js +61 -0
  59. package/dist/__tests__/checks.test.js.map +1 -0
  60. package/dist/__tests__/env-var-validation.test.d.ts +14 -0
  61. package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
  62. package/dist/__tests__/env-var-validation.test.js +53 -0
  63. package/dist/__tests__/env-var-validation.test.js.map +1 -0
  64. package/dist/__tests__/file-length-limit.test.d.ts +2 -0
  65. package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
  66. package/dist/__tests__/file-length-limit.test.js +29 -0
  67. package/dist/__tests__/file-length-limit.test.js.map +1 -0
  68. package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
  69. package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
  70. package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
  71. package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
  72. package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
  73. package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
  74. package/dist/__tests__/fixture-coverage.test.js +57 -0
  75. package/dist/__tests__/fixture-coverage.test.js.map +1 -0
  76. package/dist/__tests__/iic.test.d.ts +15 -0
  77. package/dist/__tests__/iic.test.d.ts.map +1 -0
  78. package/dist/__tests__/iic.test.js +316 -0
  79. package/dist/__tests__/iic.test.js.map +1 -0
  80. package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
  81. package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
  82. package/dist/__tests__/no-skipped-tests.test.js +144 -0
  83. package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
  84. package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
  85. package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
  86. package/dist/__tests__/no-todo-comments.test.js +31 -0
  87. package/dist/__tests__/no-todo-comments.test.js.map +1 -0
  88. package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
  89. package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
  90. package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
  91. package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
  92. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
  93. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
  94. package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
  95. package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
  96. package/dist/__tests__/resilience-fp.test.d.ts +14 -0
  97. package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
  98. package/dist/__tests__/resilience-fp.test.js +110 -0
  99. package/dist/__tests__/resilience-fp.test.js.map +1 -0
  100. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
  101. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
  102. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
  103. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
  104. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
  105. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
  106. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
  107. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
  108. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
  109. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
  110. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
  111. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
  112. package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
  113. package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
  114. package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
  115. package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
  116. package/dist/checks/architecture/dependencies/index.d.ts +2 -0
  117. package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
  118. package/dist/checks/architecture/dependencies/index.js +2 -0
  119. package/dist/checks/architecture/dependencies/index.js.map +1 -0
  120. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
  121. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
  122. package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
  123. package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
  124. package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
  125. package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
  126. package/dist/checks/architecture/docker-best-practices.js +427 -0
  127. package/dist/checks/architecture/docker-best-practices.js.map +1 -0
  128. package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
  129. package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
  130. package/dist/checks/architecture/docker-ignore-validation.js +117 -0
  131. package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
  132. package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
  133. package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
  134. package/dist/checks/architecture/docker-version-sync.js +193 -0
  135. package/dist/checks/architecture/docker-version-sync.js.map +1 -0
  136. package/dist/checks/architecture/env-var-validation.d.ts +14 -0
  137. package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
  138. package/dist/checks/architecture/env-var-validation.js +289 -0
  139. package/dist/checks/architecture/env-var-validation.js.map +1 -0
  140. package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
  141. package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
  142. package/dist/checks/architecture/heavy-import-detection.js +91 -0
  143. package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
  144. package/dist/checks/architecture/index.d.ts +16 -0
  145. package/dist/checks/architecture/index.d.ts.map +1 -0
  146. package/dist/checks/architecture/index.js +16 -0
  147. package/dist/checks/architecture/index.js.map +1 -0
  148. package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
  149. package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
  150. package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
  151. package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
  152. package/dist/checks/architecture/modules/index.d.ts +3 -0
  153. package/dist/checks/architecture/modules/index.d.ts.map +1 -0
  154. package/dist/checks/architecture/modules/index.js +3 -0
  155. package/dist/checks/architecture/modules/index.js.map +1 -0
  156. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
  157. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
  158. package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
  159. package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
  160. package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
  161. package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
  162. package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
  163. package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
  164. package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
  165. package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
  166. package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
  167. package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
  168. package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
  169. package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
  170. package/dist/checks/architecture/node-version-consistency.js +225 -0
  171. package/dist/checks/architecture/node-version-consistency.js.map +1 -0
  172. package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
  173. package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
  174. package/dist/checks/architecture/project-readme-existence.js +55 -0
  175. package/dist/checks/architecture/project-readme-existence.js.map +1 -0
  176. package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
  177. package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
  178. package/dist/checks/architecture/stale-build-artifacts.js +55 -0
  179. package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
  180. package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
  181. package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
  182. package/dist/checks/architecture/tool-has-manifest.js +135 -0
  183. package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
  184. package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
  185. package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
  186. package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
  187. package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
  188. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
  189. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
  190. package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
  191. package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
  192. package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
  193. package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
  194. package/dist/checks/documentation/_directives/eslint.js +168 -0
  195. package/dist/checks/documentation/_directives/eslint.js.map +1 -0
  196. package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
  197. package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
  198. package/dist/checks/documentation/_directives/fitness.js +64 -0
  199. package/dist/checks/documentation/_directives/fitness.js.map +1 -0
  200. package/dist/checks/documentation/_directives/graph.d.ts +10 -0
  201. package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
  202. package/dist/checks/documentation/_directives/graph.js +65 -0
  203. package/dist/checks/documentation/_directives/graph.js.map +1 -0
  204. package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
  205. package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
  206. package/dist/checks/documentation/_directives/graph.test.js +54 -0
  207. package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
  208. package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
  209. package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
  210. package/dist/checks/documentation/_directives/semgrep.js +72 -0
  211. package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
  212. package/dist/checks/documentation/_directives/types.d.ts +21 -0
  213. package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
  214. package/dist/checks/documentation/_directives/types.js +9 -0
  215. package/dist/checks/documentation/_directives/types.js.map +1 -0
  216. package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
  217. package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
  218. package/dist/checks/documentation/_directives/typescript.js +54 -0
  219. package/dist/checks/documentation/_directives/typescript.js.map +1 -0
  220. package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
  221. package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
  222. package/dist/checks/documentation/_public-api-graph.js +304 -0
  223. package/dist/checks/documentation/_public-api-graph.js.map +1 -0
  224. package/dist/checks/documentation/directive-audit.d.ts +26 -0
  225. package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
  226. package/dist/checks/documentation/directive-audit.js +144 -0
  227. package/dist/checks/documentation/directive-audit.js.map +1 -0
  228. package/dist/checks/documentation/index.d.ts +3 -0
  229. package/dist/checks/documentation/index.d.ts.map +1 -0
  230. package/dist/checks/documentation/index.js +3 -0
  231. package/dist/checks/documentation/index.js.map +1 -0
  232. package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
  233. package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
  234. package/dist/checks/documentation/public-api-jsdoc.js +131 -0
  235. package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
  236. package/dist/checks/file-length-limit.d.ts +16 -0
  237. package/dist/checks/file-length-limit.d.ts.map +1 -0
  238. package/dist/checks/file-length-limit.js +47 -0
  239. package/dist/checks/file-length-limit.js.map +1 -0
  240. package/dist/checks/index.d.ts +16 -0
  241. package/dist/checks/index.d.ts.map +1 -0
  242. package/dist/checks/index.js +16 -0
  243. package/dist/checks/index.js.map +1 -0
  244. package/dist/checks/no-todo-comments.d.ts +18 -0
  245. package/dist/checks/no-todo-comments.d.ts.map +1 -0
  246. package/dist/checks/no-todo-comments.js +79 -0
  247. package/dist/checks/no-todo-comments.js.map +1 -0
  248. package/dist/checks/no-unimplemented-markers.d.ts +24 -0
  249. package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
  250. package/dist/checks/no-unimplemented-markers.js +198 -0
  251. package/dist/checks/no-unimplemented-markers.js.map +1 -0
  252. package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
  253. package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
  254. package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
  255. package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
  256. package/dist/checks/quality/api/index.d.ts +3 -0
  257. package/dist/checks/quality/api/index.d.ts.map +1 -0
  258. package/dist/checks/quality/api/index.js +3 -0
  259. package/dist/checks/quality/api/index.js.map +1 -0
  260. package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
  261. package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
  262. package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
  263. package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
  264. package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
  265. package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
  266. package/dist/checks/quality/code-structure/dead-code.js +238 -0
  267. package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
  268. package/dist/checks/quality/code-structure/index.d.ts +5 -0
  269. package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
  270. package/dist/checks/quality/code-structure/index.js +5 -0
  271. package/dist/checks/quality/code-structure/index.js.map +1 -0
  272. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
  273. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
  274. package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
  275. package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
  276. package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
  277. package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
  278. package/dist/checks/quality/code-structure/no-console-log.js +106 -0
  279. package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
  280. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
  281. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
  282. package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
  283. package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
  284. package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
  285. package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
  286. package/dist/checks/quality/dependency-version-consistency.js +266 -0
  287. package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
  288. package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
  289. package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
  290. package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
  291. package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
  292. package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
  293. package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
  294. package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
  295. package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
  296. package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
  297. package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
  298. package/dist/checks/quality/frontend/image-optimization.js +166 -0
  299. package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
  300. package/dist/checks/quality/frontend/index.d.ts +4 -0
  301. package/dist/checks/quality/frontend/index.d.ts.map +1 -0
  302. package/dist/checks/quality/frontend/index.js +4 -0
  303. package/dist/checks/quality/frontend/index.js.map +1 -0
  304. package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
  305. package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
  306. package/dist/checks/quality/frontend/navigation-typing.js +77 -0
  307. package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
  308. package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
  309. package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
  310. package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
  311. package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
  312. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
  313. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
  314. package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
  315. package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
  316. package/dist/checks/quality/index.d.ts +16 -0
  317. package/dist/checks/quality/index.d.ts.map +1 -0
  318. package/dist/checks/quality/index.js +16 -0
  319. package/dist/checks/quality/index.js.map +1 -0
  320. package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
  321. package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
  322. package/dist/checks/quality/linting/eslint-justifications.js +328 -0
  323. package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
  324. package/dist/checks/quality/linting/index.d.ts +4 -0
  325. package/dist/checks/quality/linting/index.d.ts.map +1 -0
  326. package/dist/checks/quality/linting/index.js +4 -0
  327. package/dist/checks/quality/linting/index.js.map +1 -0
  328. package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
  329. package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
  330. package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
  331. package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
  332. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
  333. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
  334. package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
  335. package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
  336. package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
  337. package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
  338. package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
  339. package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
  340. package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
  341. package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
  342. package/dist/checks/quality/no-deprecated-tags.js +76 -0
  343. package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
  344. package/dist/checks/quality/no-markdown-references.d.ts +16 -0
  345. package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
  346. package/dist/checks/quality/no-markdown-references.js +145 -0
  347. package/dist/checks/quality/no-markdown-references.js.map +1 -0
  348. package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
  349. package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
  350. package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
  351. package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
  352. package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
  353. package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
  354. package/dist/checks/quality/no-temporary-workarounds.js +69 -0
  355. package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
  356. package/dist/checks/quality/no-window-alert.d.ts +19 -0
  357. package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
  358. package/dist/checks/quality/no-window-alert.js +74 -0
  359. package/dist/checks/quality/no-window-alert.js.map +1 -0
  360. package/dist/checks/quality/observability/index.d.ts +2 -0
  361. package/dist/checks/quality/observability/index.d.ts.map +1 -0
  362. package/dist/checks/quality/observability/index.js +2 -0
  363. package/dist/checks/quality/observability/index.js.map +1 -0
  364. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
  365. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
  366. package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
  367. package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
  368. package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
  369. package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
  370. package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
  371. package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
  372. package/dist/checks/quality/patterns/index.d.ts +4 -0
  373. package/dist/checks/quality/patterns/index.d.ts.map +1 -0
  374. package/dist/checks/quality/patterns/index.js +4 -0
  375. package/dist/checks/quality/patterns/index.js.map +1 -0
  376. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
  377. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
  378. package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
  379. package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
  380. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
  381. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
  382. package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
  383. package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
  384. package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
  385. package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
  386. package/dist/checks/resilience/_helpers/config-validation.js +61 -0
  387. package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
  388. package/dist/checks/resilience/batch-operations.d.ts +22 -0
  389. package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
  390. package/dist/checks/resilience/batch-operations.js +422 -0
  391. package/dist/checks/resilience/batch-operations.js.map +1 -0
  392. package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
  393. package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
  394. package/dist/checks/resilience/cache-ttl-validation.js +222 -0
  395. package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
  396. package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
  397. package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
  398. package/dist/checks/resilience/catch-clause-safety.js +110 -0
  399. package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
  400. package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
  401. package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
  402. package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
  403. package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
  404. package/dist/checks/resilience/error-code-registration.d.ts +11 -0
  405. package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
  406. package/dist/checks/resilience/error-code-registration.js +88 -0
  407. package/dist/checks/resilience/error-code-registration.js.map +1 -0
  408. package/dist/checks/resilience/event-patterns.d.ts +21 -0
  409. package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
  410. package/dist/checks/resilience/event-patterns.js +232 -0
  411. package/dist/checks/resilience/event-patterns.js.map +1 -0
  412. package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
  413. package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
  414. package/dist/checks/resilience/exit-code-correctness.js +107 -0
  415. package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
  416. package/dist/checks/resilience/index.d.ts +18 -0
  417. package/dist/checks/resilience/index.d.ts.map +1 -0
  418. package/dist/checks/resilience/index.js +18 -0
  419. package/dist/checks/resilience/index.js.map +1 -0
  420. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
  421. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
  422. package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
  423. package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
  424. package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
  425. package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
  426. package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
  427. package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
  428. package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
  429. package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
  430. package/dist/checks/resilience/readline-cleanup.js +107 -0
  431. package/dist/checks/resilience/readline-cleanup.js.map +1 -0
  432. package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
  433. package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
  434. package/dist/checks/resilience/recovery-patterns.js +273 -0
  435. package/dist/checks/resilience/recovery-patterns.js.map +1 -0
  436. package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
  437. package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
  438. package/dist/checks/resilience/reentrancy-guard.js +86 -0
  439. package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
  440. package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
  441. package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
  442. package/dist/checks/resilience/retry-config-validation.js +159 -0
  443. package/dist/checks/resilience/retry-config-validation.js.map +1 -0
  444. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
  445. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
  446. package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
  447. package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
  448. package/dist/checks/resilience/sentry/index.d.ts +8 -0
  449. package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
  450. package/dist/checks/resilience/sentry/index.js +8 -0
  451. package/dist/checks/resilience/sentry/index.js.map +1 -0
  452. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
  453. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
  454. package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
  455. package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
  456. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
  457. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
  458. package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
  459. package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
  460. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
  461. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
  462. package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
  463. package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
  464. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
  465. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
  466. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
  467. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
  468. package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
  469. package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
  470. package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
  471. package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
  472. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
  473. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
  474. package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
  475. package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
  476. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
  477. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
  478. package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
  479. package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
  480. package/dist/checks/resilience/service-patterns.d.ts +18 -0
  481. package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
  482. package/dist/checks/resilience/service-patterns.js +230 -0
  483. package/dist/checks/resilience/service-patterns.js.map +1 -0
  484. package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
  485. package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
  486. package/dist/checks/resilience/timer-lifecycle.js +78 -0
  487. package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
  488. package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
  489. package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
  490. package/dist/checks/resilience/transaction-patterns.js +258 -0
  491. package/dist/checks/resilience/transaction-patterns.js.map +1 -0
  492. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
  493. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
  494. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
  495. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
  496. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
  497. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
  498. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
  499. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
  500. package/dist/checks/security/api-key-rotation.d.ts +10 -0
  501. package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
  502. package/dist/checks/security/api-key-rotation.js +186 -0
  503. package/dist/checks/security/api-key-rotation.js.map +1 -0
  504. package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
  505. package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
  506. package/dist/checks/security/auth-middleware-coverage.js +210 -0
  507. package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
  508. package/dist/checks/security/auth-route-guard.d.ts +12 -0
  509. package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
  510. package/dist/checks/security/auth-route-guard.js +70 -0
  511. package/dist/checks/security/auth-route-guard.js.map +1 -0
  512. package/dist/checks/security/cors-configuration.d.ts +11 -0
  513. package/dist/checks/security/cors-configuration.d.ts.map +1 -0
  514. package/dist/checks/security/cors-configuration.js +126 -0
  515. package/dist/checks/security/cors-configuration.js.map +1 -0
  516. package/dist/checks/security/csp-headers.d.ts +11 -0
  517. package/dist/checks/security/csp-headers.d.ts.map +1 -0
  518. package/dist/checks/security/csp-headers.js +192 -0
  519. package/dist/checks/security/csp-headers.js.map +1 -0
  520. package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
  521. package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
  522. package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
  523. package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
  524. package/dist/checks/security/env-secret-exposure.d.ts +11 -0
  525. package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
  526. package/dist/checks/security/env-secret-exposure.js +127 -0
  527. package/dist/checks/security/env-secret-exposure.js.map +1 -0
  528. package/dist/checks/security/hasura-production-config.d.ts +11 -0
  529. package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
  530. package/dist/checks/security/hasura-production-config.js +122 -0
  531. package/dist/checks/security/hasura-production-config.js.map +1 -0
  532. package/dist/checks/security/index.d.ts +17 -0
  533. package/dist/checks/security/index.d.ts.map +1 -0
  534. package/dist/checks/security/index.js +17 -0
  535. package/dist/checks/security/index.js.map +1 -0
  536. package/dist/checks/security/jwt-validation.d.ts +11 -0
  537. package/dist/checks/security/jwt-validation.d.ts.map +1 -0
  538. package/dist/checks/security/jwt-validation.js +294 -0
  539. package/dist/checks/security/jwt-validation.js.map +1 -0
  540. package/dist/checks/security/no-eval.d.ts +16 -0
  541. package/dist/checks/security/no-eval.d.ts.map +1 -0
  542. package/dist/checks/security/no-eval.js +83 -0
  543. package/dist/checks/security/no-eval.js.map +1 -0
  544. package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
  545. package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
  546. package/dist/checks/security/no-hardcoded-secrets.js +209 -0
  547. package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
  548. package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
  549. package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
  550. package/dist/checks/security/package-supply-chain-policy.js +534 -0
  551. package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
  552. package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
  553. package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
  554. package/dist/checks/security/rate-limit-coverage.js +143 -0
  555. package/dist/checks/security/rate-limit-coverage.js.map +1 -0
  556. package/dist/checks/security/semgrep-scan.d.ts +13 -0
  557. package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
  558. package/dist/checks/security/semgrep-scan.js +86 -0
  559. package/dist/checks/security/semgrep-scan.js.map +1 -0
  560. package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
  561. package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
  562. package/dist/checks/security/use-centralized-crypto.js +129 -0
  563. package/dist/checks/security/use-centralized-crypto.js.map +1 -0
  564. package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
  565. package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
  566. package/dist/checks/security/webhook-signature-verification.js +183 -0
  567. package/dist/checks/security/webhook-signature-verification.js.map +1 -0
  568. package/dist/checks/testing/index.d.ts +6 -0
  569. package/dist/checks/testing/index.d.ts.map +1 -0
  570. package/dist/checks/testing/index.js +6 -0
  571. package/dist/checks/testing/index.js.map +1 -0
  572. package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
  573. package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
  574. package/dist/checks/testing/no-skipped-tests.js +174 -0
  575. package/dist/checks/testing/no-skipped-tests.js.map +1 -0
  576. package/dist/checks/testing/no-stub-tests.d.ts +11 -0
  577. package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
  578. package/dist/checks/testing/no-stub-tests.js +103 -0
  579. package/dist/checks/testing/no-stub-tests.js.map +1 -0
  580. package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
  581. package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
  582. package/dist/checks/testing/test-convention-consistency.js +93 -0
  583. package/dist/checks/testing/test-convention-consistency.js.map +1 -0
  584. package/dist/checks/testing/test-file-naming.d.ts +13 -0
  585. package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
  586. package/dist/checks/testing/test-file-naming.js +218 -0
  587. package/dist/checks/testing/test-file-naming.js.map +1 -0
  588. package/dist/checks/testing/test-file-pairing.d.ts +13 -0
  589. package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
  590. package/dist/checks/testing/test-file-pairing.js +274 -0
  591. package/dist/checks/testing/test-file-pairing.js.map +1 -0
  592. package/dist/display/architecture.d.ts +9 -0
  593. package/dist/display/architecture.d.ts.map +1 -0
  594. package/dist/display/architecture.js +29 -0
  595. package/dist/display/architecture.js.map +1 -0
  596. package/dist/display/index.d.ts +20 -0
  597. package/dist/display/index.d.ts.map +1 -0
  598. package/dist/display/index.js +30 -0
  599. package/dist/display/index.js.map +1 -0
  600. package/dist/display/quality.d.ts +7 -0
  601. package/dist/display/quality.d.ts.map +1 -0
  602. package/dist/display/quality.js +34 -0
  603. package/dist/display/quality.js.map +1 -0
  604. package/dist/display/resilience.d.ts +7 -0
  605. package/dist/display/resilience.d.ts.map +1 -0
  606. package/dist/display/resilience.js +36 -0
  607. package/dist/display/resilience.js.map +1 -0
  608. package/dist/display/security-testing.d.ts +9 -0
  609. package/dist/display/security-testing.d.ts.map +1 -0
  610. package/dist/display/security-testing.js +31 -0
  611. package/dist/display/security-testing.js.map +1 -0
  612. package/dist/display/types.d.ts +6 -0
  613. package/dist/display/types.d.ts.map +1 -0
  614. package/dist/display/types.js +6 -0
  615. package/dist/display/types.js.map +1 -0
  616. package/dist/index.d.ts +19 -0
  617. package/dist/index.d.ts.map +1 -0
  618. package/dist/index.js +21 -0
  619. package/dist/index.js.map +1 -0
  620. package/package.json +52 -0
@@ -0,0 +1,16 @@
1
+ /**
2
+ * @fileoverview Detect dangerous eval and dynamic code execution
3
+ *
4
+ * Migrated to defineRegexListCheck (Layer 4 Phase C6). The original
5
+ * `findEvalPattern` shape returned only the first matching pattern's
6
+ * exec result per line; that semantics is preserved via the helper's
7
+ * `oneViolationPerLine: true` option (combined with non-global regexes).
8
+ */
9
+ /**
10
+ * Check: security/no-eval
11
+ *
12
+ * Detects usage of eval(), new Function(), and similar dynamic code execution
13
+ * patterns that can lead to code injection vulnerabilities.
14
+ */
15
+ export declare const noEval: import("@opensip-cli/fitness").Check;
16
+ //# sourceMappingURL=no-eval.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-eval.d.ts","sourceRoot":"","sources":["../../../src/checks/security/no-eval.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AAIH;;;;;GAKG;AACH,eAAO,MAAM,MAAM,sCAoEjB,CAAC"}
@@ -0,0 +1,83 @@
1
+ // @fitness-ignore-file timer-lifecycle -- All setInterval references are in regex patterns and documentation strings, not actual timer usage
2
+ // @fitness-ignore-file no-eval -- Fitness check definition references eval/Function/setTimeout/setInterval in string literals and regex patterns, not actual usage
3
+ /**
4
+ * @fileoverview Detect dangerous eval and dynamic code execution
5
+ *
6
+ * Migrated to defineRegexListCheck (Layer 4 Phase C6). The original
7
+ * `findEvalPattern` shape returned only the first matching pattern's
8
+ * exec result per line; that semantics is preserved via the helper's
9
+ * `oneViolationPerLine: true` option (combined with non-global regexes).
10
+ */
11
+ import { defineRegexListCheck } from '@opensip-cli/fitness';
12
+ /**
13
+ * Check: security/no-eval
14
+ *
15
+ * Detects usage of eval(), new Function(), and similar dynamic code execution
16
+ * patterns that can lead to code injection vulnerabilities.
17
+ */
18
+ export const noEval = defineRegexListCheck({
19
+ id: '9f6d299f-8155-4719-b605-897e9dcb1fdb',
20
+ slug: 'no-eval',
21
+ scope: { languages: ['typescript'], concerns: ['backend', 'frontend', 'cli'] },
22
+ contentFilter: 'strip-strings',
23
+ confidence: 'medium',
24
+ description: 'Detect dangerous eval and dynamic code execution',
25
+ longDescription: `**Purpose:** Detects usage of \`eval()\`, \`new Function()\`, and other dynamic code execution patterns that can lead to code injection vulnerabilities.
26
+
27
+ **Detects:**
28
+ - \`eval(\` calls
29
+ - \`new Function(\` constructor usage
30
+ - \`setTimeout('string', ...)\` with string argument instead of function reference
31
+ - \`setInterval('string', ...)\` with string argument instead of function reference
32
+
33
+ **Why it matters:** Dynamic code execution from strings (\`eval\`, \`new Function\`, string-based timers) allows attackers to inject and run arbitrary code if any input reaches these functions.
34
+
35
+ **Scope:** General best practice. Analyzes each file individually against the production preset.`,
36
+ tags: ['security', 'injection', 'eval'],
37
+ fileTypes: ['ts', 'tsx'],
38
+ options: {
39
+ // Original site emitted at most one violation per line, returning
40
+ // the FIRST matching pattern via findEvalPattern().
41
+ oneViolationPerLine: true,
42
+ },
43
+ patterns: [
44
+ {
45
+ id: '1ea47b8c-18be-402b-ae19-8ac66a88d050',
46
+ slug: 'eval-call',
47
+ // Match only the global/bare `eval(` — NOT a member call `x.eval(`
48
+ // (e.g. ioredis / Sequelize `redis.eval(luaScript, …)` is a Redis
49
+ // server-side Lua EVAL, not JavaScript eval) nor an identifier that
50
+ // merely ends in `eval` (`retrieval(`, `myEval(`). The negative
51
+ // lookbehind rejects a preceding `.`, word char, or `$`.
52
+ regex: /(?<![.\w$])eval\s*\(/,
53
+ message: 'eval() usage detected - use JSON.parse or other safe alternatives',
54
+ severity: 'error',
55
+ suggestion: 'Replace eval() with safe alternatives: use JSON.parse() for JSON strings, use a proper expression parser for math, or restructure code to avoid dynamic evaluation entirely.',
56
+ },
57
+ {
58
+ id: 'b7c3a2c2-0448-405f-86e3-8b5fca987bc7',
59
+ slug: 'new-function',
60
+ regex: /\bnew\s+Function\s*\(/,
61
+ message: 'new Function() usage detected - avoid dynamic code generation',
62
+ severity: 'error',
63
+ suggestion: 'Replace new Function() with precompiled functions or safe alternatives. For templating, use a template engine. For dynamic behavior, use configuration objects or the strategy pattern.',
64
+ },
65
+ {
66
+ id: 'a09a09f6-13c1-4988-9275-aec0ef3572e5',
67
+ slug: 'set-timeout-string',
68
+ regex: /setTimeout\s*\(\s*['"`][^'"`]+['"`]/,
69
+ message: 'setTimeout with string argument detected - use function reference',
70
+ severity: 'error',
71
+ suggestion: 'Pass a function reference instead of a string: setTimeout(() => doSomething(), 1000) or setTimeout(doSomething, 1000). String arguments are evaluated like eval().',
72
+ },
73
+ {
74
+ id: '9968cdec-1541-4522-ac02-e9eff56a5c2a',
75
+ slug: 'set-interval-string',
76
+ regex: /setInterval\s*\(\s*['"`][^'"`]+['"`]/,
77
+ message: 'setInterval with string argument detected - use function reference',
78
+ severity: 'error',
79
+ suggestion: 'Pass a function reference instead of a string: setInterval(() => doSomething(), 1000) or setInterval(doSomething, 1000). String arguments are evaluated like eval().',
80
+ },
81
+ ],
82
+ });
83
+ //# sourceMappingURL=no-eval.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-eval.js","sourceRoot":"","sources":["../../../src/checks/security/no-eval.ts"],"names":[],"mappings":"AAAA,6IAA6I;AAC7I,mKAAmK;AACnK;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE5D;;;;;GAKG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,oBAAoB,CAAC;IACzC,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE;IAC9E,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,kDAAkD;IAC/D,eAAe,EAAE;;;;;;;;;;iGAU8E;IAC/F,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IACxB,OAAO,EAAE;QACP,kEAAkE;QAClE,oDAAoD;QACpD,mBAAmB,EAAE,IAAI;KAC1B;IACD,QAAQ,EAAE;QACR;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,WAAW;YACjB,mEAAmE;YACnE,kEAAkE;YAClE,oEAAoE;YACpE,gEAAgE;YAChE,yDAAyD;YACzD,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,mEAAmE;YAC5E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,8KAA8K;SACjL;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,+DAA+D;YACxE,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,yLAAyL;SAC5L;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,qCAAqC;YAC5C,OAAO,EAAE,mEAAmE;YAC5E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,oKAAoK;SACvK;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,sCAAsC;YAC7C,OAAO,EAAE,oEAAoE;YAC7E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,sKAAsK;SACzK;KACF;CACF,CAAC,CAAC"}
@@ -0,0 +1,28 @@
1
+ /**
2
+ * @fileoverview Detect hardcoded secrets in source code.
3
+ *
4
+ * Inline regex-list shape retained — migration to `defineRegexListCheck`
5
+ * deferred (Phase C6 / 2026-05-23 NF2). This site has site-specific
6
+ * post-match filters that the helper does not model:
7
+ * 1. `isInsideRegexLiteral` — skips matches inside `/.../` literals
8
+ * to avoid false-firing on detection-pattern source itself.
9
+ * 2. `lineHasRedactionPlaceholder` — skips lines containing `***`,
10
+ * `[REDACTED]`, `<REDACTED>`, or `X{4,}` redaction markers.
11
+ * Adding these as helper options would broaden its surface beyond
12
+ * what the other adopters need; keeping them inline here is the
13
+ * smaller change.
14
+ */
15
+ import { type CheckViolation } from '@opensip-cli/fitness';
16
+ /**
17
+ * Check: security/no-hardcoded-secrets
18
+ *
19
+ * Detects hardcoded secrets, API keys, and credentials in source code.
20
+ * Secrets should come from environment variables or secret management.
21
+ */
22
+ export declare const noHardcodedSecrets: import("@opensip-cli/fitness").Check;
23
+ /**
24
+ * Pure analysis function. Exported so unit tests can exercise the
25
+ * detection logic without standing up the full Check framework.
26
+ */
27
+ export declare function analyzeHardcodedSecrets(content: string, filePath: string): CheckViolation[];
28
+ //# sourceMappingURL=no-hardcoded-secrets.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-hardcoded-secrets.d.ts","sourceRoot":"","sources":["../../../src/checks/security/no-hardcoded-secrets.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAe,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAyFxE;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,sCA4B7B,CAAC;AAEH;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CAc3F"}
@@ -0,0 +1,209 @@
1
+ // @fitness-ignore-file no-hardcoded-secrets -- Fitness check definition references secret patterns in longDescription as examples, not actual secrets
2
+ /**
3
+ * @fileoverview Detect hardcoded secrets in source code.
4
+ *
5
+ * Inline regex-list shape retained — migration to `defineRegexListCheck`
6
+ * deferred (Phase C6 / 2026-05-23 NF2). This site has site-specific
7
+ * post-match filters that the helper does not model:
8
+ * 1. `isInsideRegexLiteral` — skips matches inside `/.../` literals
9
+ * to avoid false-firing on detection-pattern source itself.
10
+ * 2. `lineHasRedactionPlaceholder` — skips lines containing `***`,
11
+ * `[REDACTED]`, `<REDACTED>`, or `X{4,}` redaction markers.
12
+ * Adding these as helper options would broaden its surface beyond
13
+ * what the other adopters need; keeping them inline here is the
14
+ * smaller change.
15
+ */
16
+ import { logger } from '@opensip-cli/core';
17
+ import { defineCheck } from '@opensip-cli/fitness';
18
+ /**
19
+ * Creates a pre-compiled RegExp for pattern matching.
20
+ * These patterns operate on trusted source code files, not user input,
21
+ * and use bounded character classes to prevent ReDoS.
22
+ * @param pattern - The regex pattern string
23
+ * @param flags - Optional regex flags
24
+ * @returns Compiled RegExp object
25
+ */
26
+ function createPattern(pattern, flags) {
27
+ // @fitness-ignore-next-line semgrep-scan -- non-literal RegExp is intentional; patterns are hardcoded string constants for code analysis, not user input
28
+ return new RegExp(pattern, flags);
29
+ }
30
+ // Patterns that indicate hardcoded secrets
31
+ // Note: These regex patterns operate on trusted source code files, not user input.
32
+ // The patterns use bounded character classes and limited repetition to prevent ReDoS.
33
+ const SECRET_PATTERNS = [
34
+ // Stripe keys - bounded alphanumeric character class
35
+ {
36
+ regex: createPattern('[\'"`]sk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
37
+ message: 'Hardcoded Stripe secret key detected',
38
+ suggestion: 'Move Stripe secret key to environment variable: process.env.STRIPE_SECRET_KEY. Never commit production keys to source control.',
39
+ },
40
+ {
41
+ regex: createPattern('[\'"`]pk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
42
+ message: 'Hardcoded Stripe publishable key detected',
43
+ suggestion: 'Move Stripe publishable key to environment variable: process.env.STRIPE_PUBLISHABLE_KEY. Use separate keys for test/production environments.',
44
+ },
45
+ {
46
+ regex: createPattern('[\'"`]rk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
47
+ message: 'Hardcoded Stripe restricted key detected',
48
+ suggestion: 'Move Stripe restricted key to environment variable. Consider using Stripe Connect if exposing to third parties.',
49
+ },
50
+ // AWS keys - bounded alphanumeric character class
51
+ {
52
+ regex: createPattern('[\'"`]AKIA[A-Z0-9]{16}[\'"`]', 'g'),
53
+ message: 'Hardcoded AWS access key detected',
54
+ suggestion: 'Remove AWS access key immediately and rotate it. Use IAM roles, environment variables, or AWS Secrets Manager instead of hardcoded credentials.',
55
+ },
56
+ // Generic API keys - use [\\w-] (word chars + hyphen) to avoid character class duplicates
57
+ {
58
+ regex: createPattern('(?:api[_-]?key|apikey)\\s*[:=]\\s*[\'"`][\\w-]{16,}[\'"`]', 'gi'),
59
+ message: 'Hardcoded API key detected',
60
+ suggestion: 'Move API key to environment variable: process.env.API_KEY. For local development, use .env files (and add to .gitignore).',
61
+ },
62
+ // Passwords - uses [^'"`]* which is bounded by quote characters
63
+ {
64
+ regex: createPattern('(?:password|passwd|pwd)\\s*[:=]\\s*[\'"`][^\'"`]{8,}[\'"`]', 'gi'),
65
+ message: 'Hardcoded password detected',
66
+ suggestion: 'Move password to environment variable or secrets manager. Never store passwords in source code. Consider using a password manager or vault service.',
67
+ },
68
+ // JWT secrets - uses [^'"`]* which is bounded by quote characters
69
+ {
70
+ regex: createPattern('(?:jwt[_-]?secret|jwt[_-]?key)\\s*[:=]\\s*[\'"`][^\'"`]{8,}[\'"`]', 'gi'),
71
+ message: 'Hardcoded JWT secret detected',
72
+ suggestion: 'Move JWT secret to environment variable: process.env.JWT_SECRET. Generate a strong random secret (256+ bits) and rotate periodically.',
73
+ },
74
+ // Database connection strings with credentials - uses [^:]+ and [^@]+ which are bounded
75
+ {
76
+ regex: createPattern('(?:postgres|mysql|mongodb)://[^:]+:[^@]+@', 'gi'),
77
+ message: 'Hardcoded database connection string with credentials detected',
78
+ suggestion: 'Use environment variables for database credentials: process.env.DATABASE_URL. Consider using IAM authentication or secrets manager for production.',
79
+ },
80
+ // Private keys (PEM format start) - fixed pattern, no variable repetition
81
+ {
82
+ regex: createPattern(String.raw `-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----`, 'g'),
83
+ message: 'Hardcoded private key detected',
84
+ suggestion: 'Move private key to a secure file outside the repository or use a secrets manager. Never commit private keys to source control. If exposed, rotate immediately.',
85
+ },
86
+ // Bearer tokens - use [\\w-] (word chars + hyphen) to avoid character class duplicates
87
+ {
88
+ regex: createPattern('[\'"`]Bearer\\s+[\\w-]{20,}[\'"`]', 'g'),
89
+ message: 'Hardcoded bearer token detected',
90
+ suggestion: 'Remove hardcoded bearer token. Tokens should be obtained at runtime through authentication flows, not stored in code.',
91
+ },
92
+ ];
93
+ /**
94
+ * Check: security/no-hardcoded-secrets
95
+ *
96
+ * Detects hardcoded secrets, API keys, and credentials in source code.
97
+ * Secrets should come from environment variables or secret management.
98
+ */
99
+ export const noHardcodedSecrets = defineCheck({
100
+ id: '68ba1265-9e9b-4a1c-9adc-73c68f470242',
101
+ slug: 'no-hardcoded-secrets',
102
+ scope: { languages: ['typescript'], concerns: ['backend', 'frontend', 'cli'] },
103
+ contentFilter: 'strip-strings',
104
+ confidence: 'medium',
105
+ description: 'Detect hardcoded secrets, API keys, and credentials in source code',
106
+ longDescription: `**Purpose:** Detects hardcoded secrets, API keys, and credentials in source code that should be stored in environment variables or a secrets manager.
107
+
108
+ **Detects:**
109
+ - Stripe keys: \`sk_live_\`, \`pk_live_\`, \`rk_live_\` prefixed strings
110
+ - AWS access keys: \`AKIA\` prefixed strings (16+ alphanumeric chars)
111
+ - Generic API keys: \`api_key\`/\`apikey\` assignments with 16+ character string values
112
+ - Hardcoded passwords: \`password\`/\`passwd\`/\`pwd\` assignments with 8+ character values
113
+ - JWT secrets: \`jwt_secret\`/\`jwt_key\` assignments with 8+ character values
114
+ - Database connection strings with embedded credentials: \`postgres://user:pass@host\`
115
+ - PEM private keys: \`-----BEGIN PRIVATE KEY-----\`
116
+ - Bearer tokens: \`Bearer \` followed by 20+ character token strings
117
+
118
+ **Why it matters:** Secrets committed to source control are permanently exposed in git history and can be harvested by attackers scanning repositories.
119
+
120
+ **Scope:** General best practice. Analyzes each file individually against the production preset.`,
121
+ tags: ['security', 'secrets', 'credentials'],
122
+ fileTypes: ['ts', 'tsx'],
123
+ analyze(content, filePath) {
124
+ return analyzeHardcodedSecrets(content, filePath);
125
+ },
126
+ });
127
+ /**
128
+ * Pure analysis function. Exported so unit tests can exercise the
129
+ * detection logic without standing up the full Check framework.
130
+ */
131
+ export function analyzeHardcodedSecrets(content, filePath) {
132
+ logger.debug({
133
+ evt: 'fitness.checks.no_hardcoded_secrets.analyze',
134
+ msg: 'Analyzing file for hardcoded secrets and credentials',
135
+ });
136
+ const violations = [];
137
+ const lines = content.split('\n');
138
+ for (const [lineNum, line_] of lines.entries()) {
139
+ const line = line_ ?? '';
140
+ analyzeLine(line, lineNum + 1, filePath, violations);
141
+ }
142
+ return violations;
143
+ }
144
+ function analyzeLine(line, lineNumber, filePath, violations) {
145
+ const trimmed = line.trim();
146
+ if (trimmed.startsWith('//') || trimmed.startsWith('*'))
147
+ return;
148
+ for (const pattern of SECRET_PATTERNS) {
149
+ pattern.regex.lastIndex = 0;
150
+ const matched = pattern.regex.exec(line);
151
+ if (!matched)
152
+ continue;
153
+ if (isInsideRegexLiteral(line, matched.index))
154
+ continue;
155
+ if (lineHasRedactionPlaceholder(line))
156
+ continue;
157
+ violations.push({
158
+ line: lineNumber,
159
+ column: matched.index,
160
+ message: pattern.message,
161
+ severity: 'error',
162
+ suggestion: pattern.suggestion,
163
+ match: matched[0],
164
+ filePath,
165
+ });
166
+ }
167
+ }
168
+ /**
169
+ * Heuristic: is `pos` inside a regex literal on `line`? Walks the line
170
+ * tracking unescaped `/` chars as regex-literal delimiters. A position
171
+ * with an odd number of unescaped `/` chars to its left, and another
172
+ * unescaped `/` after, is inside a literal.
173
+ *
174
+ * Heuristic — division operators and JSX can confuse it, but lines
175
+ * with those tokens AND a secret-pattern match in the same line are
176
+ * rare; the trade-off favors silencing the redaction-pattern FPs.
177
+ */
178
+ function isInsideRegexLiteral(line, pos) {
179
+ // Count unescaped slashes before pos.
180
+ let slashesBefore = 0;
181
+ for (let i = 0; i < pos; i++) {
182
+ if (line[i] === '/' && line[i - 1] !== '\\')
183
+ slashesBefore++;
184
+ }
185
+ if (slashesBefore % 2 !== 1)
186
+ return false;
187
+ // Check at least one unescaped slash follows.
188
+ for (let i = pos; i < line.length; i++) {
189
+ if (line[i] === '/' && line[i - 1] !== '\\')
190
+ return true;
191
+ }
192
+ return false;
193
+ }
194
+ /**
195
+ * True iff the LINE around a secret match contains a redaction-
196
+ * placeholder marker. Many of the project-defined patterns only match
197
+ * the HEADER (e.g. `-----BEGIN PRIVATE KEY-----`) but the surrounding
198
+ * value is replaced with `***`, `[REDACTED]`, etc. Checking the line
199
+ * (not just the matched span) catches those.
200
+ *
201
+ * Markers: `***`, `<REDACTED>`, `[REDACTED]`, runs of `X` (4+).
202
+ */
203
+ function lineHasRedactionPlaceholder(line) {
204
+ return (line.includes('***') ||
205
+ line.includes('[REDACTED]') ||
206
+ line.includes('<REDACTED>') ||
207
+ /X{4,}/.test(line));
208
+ }
209
+ //# sourceMappingURL=no-hardcoded-secrets.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-hardcoded-secrets.js","sourceRoot":"","sources":["../../../src/checks/security/no-hardcoded-secrets.ts"],"names":[],"mappings":"AAAA,sJAAsJ;AACtJ;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAExE;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,OAAe,EAAE,KAAc;IACpD,yJAAyJ;IACzJ,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,2CAA2C;AAC3C,mFAAmF;AACnF,sFAAsF;AACtF,MAAM,eAAe,GAAG;IACtB,qDAAqD;IACrD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EACR,gIAAgI;KACnI;IACD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,2CAA2C;QACpD,UAAU,EACR,8IAA8I;KACjJ;IACD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,0CAA0C;QACnD,UAAU,EACR,iHAAiH;KACpH;IACD,kDAAkD;IAClD;QACE,KAAK,EAAE,aAAa,CAAC,8BAA8B,EAAE,GAAG,CAAC;QACzD,OAAO,EAAE,mCAAmC;QAC5C,UAAU,EACR,iJAAiJ;KACpJ;IACD,0FAA0F;IAC1F;QACE,KAAK,EAAE,aAAa,CAAC,2DAA2D,EAAE,IAAI,CAAC;QACvF,OAAO,EAAE,4BAA4B;QACrC,UAAU,EACR,2HAA2H;KAC9H;IACD,gEAAgE;IAChE;QACE,KAAK,EAAE,aAAa,CAAC,4DAA4D,EAAE,IAAI,CAAC;QACxF,OAAO,EAAE,6BAA6B;QACtC,UAAU,EACR,qJAAqJ;KACxJ;IACD,kEAAkE;IAClE;QACE,KAAK,EAAE,aAAa,CAAC,mEAAmE,EAAE,IAAI,CAAC;QAC/F,OAAO,EAAE,+BAA+B;QACxC,UAAU,EACR,uIAAuI;KAC1I;IACD,wFAAwF;IACxF;QACE,KAAK,EAAE,aAAa,CAAC,2CAA2C,EAAE,IAAI,CAAC;QACvE,OAAO,EAAE,gEAAgE;QACzE,UAAU,EACR,oJAAoJ;KACvJ;IACD,0EAA0E;IAC1E;QACE,KAAK,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAA,4CAA4C,EAAE,GAAG,CAAC;QACjF,OAAO,EAAE,gCAAgC;QACzC,UAAU,EACR,iKAAiK;KACpK;IACD,uFAAuF;IACvF;QACE,KAAK,EAAE,aAAa,CAAC,mCAAmC,EAAE,GAAG,CAAC;QAC9D,OAAO,EAAE,iCAAiC;QAC1C,UAAU,EACR,uHAAuH;KAC1H;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;IAC5C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,sBAAsB;IAC5B,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE;IAC9E,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,oEAAoE;IACjF,eAAe,EAAE;;;;;;;;;;;;;;iGAc8E;IAC/F,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,CAAC;IAC5C,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IAExB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,OAAO,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC;CACF,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAe,EAAE,QAAgB;IACvE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6CAA6C;QAClD,GAAG,EAAE,sDAAsD;KAC5D,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACzB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAClB,IAAY,EACZ,UAAkB,EAClB,QAAgB,EAChB,UAA4B;IAE5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAEhE,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;YAAE,SAAS;QACxD,IAAI,2BAA2B,CAAC,IAAI,CAAC;YAAE,SAAS;QAChD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,OAAO,CAAC,KAAK;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;YACjB,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,GAAW;IACrD,sCAAsC;IACtC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;YAAE,aAAa,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,aAAa,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,8CAA8C;IAC9C,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IAC3D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,2BAA2B,CAAC,IAAY;IAC/C,OAAO,CACL,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;AACJ,CAAC"}
@@ -0,0 +1,12 @@
1
+ /**
2
+ * @fileoverview Package supply-chain policy check
3
+ *
4
+ * Validates consumer-side package-manager guardrails for npm, pnpm, and Bun:
5
+ * pinned package manager, committed lockfile, frozen CI installs, install
6
+ * script policy, dependency maturity gates, lockfile integrity coverage,
7
+ * exotic dependency review, and trusted publishing posture.
8
+ */
9
+ import { type CheckViolation, type FileAccessor } from '@opensip-cli/fitness';
10
+ export declare function analyzePackageSupplyChainPolicy(files: FileAccessor): Promise<CheckViolation[]>;
11
+ export declare const packageSupplyChainPolicy: import("@opensip-cli/fitness").Check;
12
+ //# sourceMappingURL=package-supply-chain-policy.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"package-supply-chain-policy.d.ts","sourceRoot":"","sources":["../../../src/checks/security/package-supply-chain-policy.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAKH,OAAO,EAAe,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAskB3F,wBAAsB,+BAA+B,CACnD,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,cAAc,EAAE,CAAC,CAqB3B;AAED,eAAO,MAAM,wBAAwB,sCA2BnC,CAAC"}