@paklo/core 0.2.0 → 0.4.0

package/dist/{node/github.js → github/index.js}

@@ -1,10 +1,22 @@
-import "./environment-DX5CD-dD.js";
-import { n as logger } from "./logger-bWnHxtAf.js";
-import * as semver from "semver";
+import "../environment-DX5CD-dD.js";
+import { n as logger } from "../logger-bWnHxtAf.js";
 import { z } from "zod/v4";
+import { Octokit } from "octokit";
+import * as semver from "semver";
+
+//#region src/github/client.ts
+/**
+* Creates an authenticated GitHub API client using Octokit.
+*
+* @param token - GitHub personal access token or fine-grained token with appropriate permissions
+* @returns Configured Octokit instance ready for API calls
+*/
+function createGitHubClient({ token }) {
+	return new Octokit({ auth: token });
+}
 
+//#endregion
 //#region src/github/ghsa.ts
-const GHSA_GRAPHQL_API = "https://api.github.com/graphql";
 const GHSA_SECURITY_VULNERABILITIES_QUERY = `
   query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {
     securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {
@@ -20,9 +32,15 @@ const GHSA_SECURITY_VULNERABILITIES_QUERY = `
           references {
             url
           }
-          cvss {
-            score
-            vectorString
+          cvssSeverities {
+            cvssV3 {
+              score
+              vectorString
+            }
+            cvssV4 {
+              score
+              vectorString
+            }
           }
           epss {
             percentage
@@ -73,28 +91,30 @@ const SecurityAdvisorySeveritySchema = z.enum([
 	"HIGH",
 	"CRITICAL"
 ]);
+const CweSchema = z.object({
+	cweId: z.string(),
+	name: z.string(),
+	description: z.string()
+});
+const CvssSchema = z.object({
+	score: z.number(),
+	vectorString: z.string().nullish()
+});
 const SecurityAdvisorySchema = z.object({
-	identifiers: z.array(z.object({
+	identifiers: z.object({
 		type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),
 		value: z.string()
-	})),
+	}).array(),
 	severity: SecurityAdvisorySeveritySchema.nullish(),
 	summary: z.string(),
 	description: z.string().nullish(),
-	references: z.array(z.object({ url: z.string() })).nullish(),
-	cvss: z.object({
-		score: z.number(),
-		vectorString: z.string()
-	}).nullish(),
+	references: z.object({ url: z.string() }).array().nullish(),
+	cvss: CvssSchema.nullish(),
 	epss: z.object({
-		percentage: z.number(),
-		percentile: z.number()
+		percentage: z.number().nullish(),
+		percentile: z.number().nullish()
 	}).nullish(),
-	cwes: z.array(z.object({
-		cweId: z.string(),
-		name: z.string(),
-		description: z.string()
-	})).nullish(),
+	cwes: CweSchema.array().nullish(),
 	publishedAt: z.string().nullish(),
 	updatedAt: z.string().nullish(),
 	withdrawnAt: z.string().nullish(),
@@ -107,6 +127,18 @@ const SecurityVulnerabilitySchema = z.object({
 	vulnerableVersionRange: z.string(),
 	firstPatchedVersion: FirstPatchedVersionSchema.nullish()
 });
+const CvssSeveritiesSchema = z.object({
+	cvssV3: CvssSchema.nullish(),
+	cvssV4: CvssSchema.nullish()
+});
+const GitHubSecurityVulnerabilitiesResponseSchema = z.object({ securityVulnerabilities: z.object({ nodes: z.object({
+	advisory: SecurityAdvisorySchema.omit({ cvss: true }).extend({
+		cvssSeverities: CvssSeveritiesSchema,
+		cwes: z.object({ nodes: CweSchema.array() }).nullish()
+	}),
+	firstPatchedVersion: FirstPatchedVersionSchema.nullish(),
+	vulnerableVersionRange: z.string()
+}).array() }) });
 function getGhsaPackageEcosystemFromDependabotPackageManager(dependabotPackageManager) {
 	switch (dependabotPackageManager) {
 		case "composer": return "COMPOSER";
@@ -125,12 +157,15 @@ function getGhsaPackageEcosystemFromDependabotPackageManager(dependabotPackageMa
 	}
 }
 /**
-* GitHub GraphQL client
+* GitHub Security Advisory client
 */
-var GitHubGraphClient = class {
-	accessToken;
-	constructor(accessToken) {
-		this.accessToken = accessToken;
+var GitHubSecurityAdvisoryClient = class {
+	octokit;
+	/**
+	* @param token GitHub personal access token with access to the GHSA API
+	*/
+	constructor(token) {
+		this.octokit = createGitHubClient({ token });
 	}
 	/**
 	* Get the list of security vulnerabilities for a given package ecosystem and list of packages
@@ -143,25 +178,25 @@ var GitHubGraphClient = class {
 				ecosystem: packageEcosystem,
 				package: pkg.name
 			};
-			const response = await fetch(GHSA_GRAPHQL_API, {
-				method: "POST",
-				headers: {
-					Authorization: `Bearer ${this.accessToken}`,
-					"Content-Type": "application/json"
-				},
-				body: JSON.stringify({
-					query: GHSA_SECURITY_VULNERABILITIES_QUERY,
-					variables
-				})
-			});
-			if (!response.ok) throw new Error(`GHSA GraphQL request failed with response: ${response.status} ${response.statusText}`);
-			const responseData = await response.json();
-			const errors = responseData?.errors;
-			if (errors) throw new Error(`GHSA GraphQL request failed with errors: ${JSON.stringify(errors)}`);
-			return (responseData?.data?.securityVulnerabilities?.nodes)?.filter((v) => v?.advisory)?.map((v) => ({
-				package: pkg,
-				...v
-			}));
+			function pickCvss(value) {
+				if (value.cvssV4 && value.cvssV4.score > 0) return value.cvssV4;
+				if (value.cvssV3 && value.cvssV3.score > 0) return value.cvssV3;
+			}
+			try {
+				const response = await this.octokit.graphql(GHSA_SECURITY_VULNERABILITIES_QUERY, variables);
+				return GitHubSecurityVulnerabilitiesResponseSchema.parse(response).securityVulnerabilities.nodes?.filter((v) => v.advisory != null)?.map((v) => ({
+					...v,
+					package: pkg,
+					advisory: {
+						...v.advisory,
+						cwes: v.advisory.cwes?.nodes,
+						cvss: pickCvss(v.advisory.cvssSeverities)
+					}
+				})) || [];
+			} catch (error) {
+				logger.warn(`GHSA GraphQL request failed for package ${pkg.name}: ${error}. Continuing with other packages.`);
+				return [];
+			}
 		});
 	}
 	/**
@@ -194,5 +229,5 @@ function filterVulnerabilities(securityVulnerabilities) {
 }
 
 //#endregion
-export { GitHubGraphClient, PackageEcosystemSchema, PackageSchema, SecurityAdvisoryIdentifierSchema, SecurityAdvisorySchema, SecurityAdvisorySeveritySchema, SecurityVulnerabilitySchema, filterVulnerabilities, getGhsaPackageEcosystemFromDependabotPackageManager };
-//# sourceMappingURL=github.js.map
+export { GitHubSecurityAdvisoryClient, PackageEcosystemSchema, PackageSchema, SecurityAdvisoryIdentifierSchema, SecurityAdvisorySchema, SecurityAdvisorySeveritySchema, SecurityVulnerabilitySchema, createGitHubClient, filterVulnerabilities, getGhsaPackageEcosystemFromDependabotPackageManager };
+//# sourceMappingURL=index.js.map

package/dist/github/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":["results: T2[]","v"],"sources":["../../src/github/client.ts","../../src/github/ghsa.ts"],"sourcesContent":["import { Octokit } from 'octokit';\n\n/**\n * Creates an authenticated GitHub API client using Octokit.\n *\n * @param token - GitHub personal access token or fine-grained token with appropriate permissions\n * @returns Configured Octokit instance ready for API calls\n */\nexport function createGitHubClient({ token }: { token: string }): Octokit {\n  return new Octokit({\n    auth: token,\n    // could add retry here perhaps?\n  });\n}\n","import type { Octokit } from 'octokit';\nimport * as semver from 'semver';\nimport { z } from 'zod/v4';\n\nimport { logger } from '@/logger';\nimport { createGitHubClient } from './client';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nconst GHSA_SECURITY_VULNERABILITIES_QUERY = `\n  query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {\n    securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {\n      nodes {\n        advisory {\n          identifiers {\n            type,\n            value\n          },\n          severity,\n          summary,\n          description,\n          references {\n            url\n          }\n          cvssSeverities {\n            cvssV3 {\n              score\n              vectorString\n            }\n            cvssV4 {\n              score\n              vectorString\n            }\n          }\n          epss {\n            percentage\n            percentile\n          }\n          cwes (first: 100) {\n            nodes {\n              cweId\n              name\n              description\n            }\n          }\n          publishedAt\n          updatedAt\n          withdrawnAt\n          permalink\n        }\n        vulnerableVersionRange\n        firstPatchedVersion {\n          identifier\n        }\n      }\n    }\n  }\n`;\n\nexport const PackageEcosystemSchema = z.enum([\n  'COMPOSER',\n  'ERLANG',\n  'GO',\n  'ACTIONS',\n  'MAVEN',\n  'NPM',\n  'NUGET',\n  'PIP',\n  'PUB',\n  'RUBYGEMS',\n  'RUST',\n  'SWIFT',\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const PackageSchema = z.object({\n  name: z.string(),\n  version: z.string().nullish(),\n});\nexport type Package = z.infer<typeof PackageSchema>;\n\nexport const SecurityAdvisoryIdentifierSchema = z.enum(['CVE', 'GHSA']);\nexport type SecurityAdvisoryIdentifierType = z.infer<typeof SecurityAdvisoryIdentifierSchema>;\n\nexport const SecurityAdvisorySeveritySchema = z.enum(['LOW', 'MODERATE', 'HIGH', 'CRITICAL']);\nexport type SecurityAdvisorySeverity = z.infer<typeof SecurityAdvisorySeveritySchema>;\n\nconst CweSchema = z.object({\n  cweId: z.string(),\n  name: z.string(),\n  description: z.string(),\n});\n\nconst CvssSchema = z.object({\n  score: z.number(),\n  vectorString: z.string().nullish(),\n});\ntype Cvss = z.infer<typeof CvssSchema>;\n\nexport const SecurityAdvisorySchema = z.object({\n  identifiers: z\n    .object({\n      type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),\n      value: z.string(),\n    })\n    .array(),\n  severity: SecurityAdvisorySeveritySchema.nullish(),\n  summary: z.string(),\n  description: z.string().nullish(),\n  references: z.object({ url: z.string() }).array().nullish(),\n  cvss: CvssSchema.nullish(),\n  epss: z\n    .object({\n      percentage: z.number().nullish(),\n      percentile: z.number().nullish(),\n    })\n    .nullish(),\n  cwes: CweSchema.array().nullish(),\n  publishedAt: z.string().nullish(),\n  updatedAt: z.string().nullish(),\n  withdrawnAt: z.string().nullish(),\n  permalink: z.string().nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisorySchema>;\n\nconst FirstPatchedVersionSchema = z.object({ identifier: z.string() });\nexport type FirstPatchedVersion = z.infer<typeof FirstPatchedVersionSchema>;\n\nexport const SecurityVulnerabilitySchema = z.object({\n  package: PackageSchema,\n  advisory: SecurityAdvisorySchema,\n  vulnerableVersionRange: z.string(),\n  firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n});\nexport type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;\n\nconst CvssSeveritiesSchema = z.object({\n  cvssV3: CvssSchema.nullish(),\n  cvssV4: CvssSchema.nullish(),\n});\ntype CvssSeverities = z.infer<typeof CvssSeveritiesSchema>;\n\nconst GitHubSecurityVulnerabilitiesResponseSchema = z.object({\n  securityVulnerabilities: z.object({\n    nodes: z\n      .object({\n        advisory: SecurityAdvisorySchema.omit({ cvss: true /* incoming is cvssSeverities */ }).extend({\n          cvssSeverities: CvssSeveritiesSchema,\n          cwes: z.object({ nodes: CweSchema.array() }).nullish(),\n        }),\n        firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n        vulnerableVersionRange: z.string(),\n      })\n      .array(),\n  }),\n});\ntype GitHubSecurityVulnerabilitiesResponse = z.infer<typeof GitHubSecurityVulnerabilitiesResponseSchema>;\n\nexport function getGhsaPackageEcosystemFromDependabotPackageManager(\n  dependabotPackageManager: string,\n): PackageEcosystem {\n  switch (dependabotPackageManager) {\n    case 'composer':\n      return 'COMPOSER';\n    case 'elm':\n      return 'ERLANG';\n    case 'github_actions':\n      return 'ACTIONS';\n    case 'go_modules':\n      return 'GO';\n    case 'maven':\n      return 'MAVEN';\n    case 'npm_and_yarn':\n      return 'NPM';\n    case 'nuget':\n      return 'NUGET';\n    case 'pip':\n      return 'PIP';\n    case 'pub':\n      return 'PUB';\n    case 'bundler':\n      return 'RUBYGEMS';\n    case 'cargo':\n      return 'RUST';\n    case 'swift':\n      return 'SWIFT';\n    default:\n      throw new Error(`Unknown dependabot package manager: ${dependabotPackageManager}`);\n  }\n}\n\n/**\n * GitHub Security Advisory client\n */\nexport class GitHubSecurityAdvisoryClient {\n  private readonly octokit: Octokit;\n\n  /**\n   * @param token GitHub personal access token with access to the GHSA API\n   */\n  constructor(token: string) {\n    this.octokit = createGitHubClient({ token });\n  }\n\n  /**\n   * Get the list of security vulnerabilities for a given package ecosystem and list of packages\n   * @param packageEcosystem\n   * @param packages\n   */\n  public async getSecurityVulnerabilitiesAsync(\n    packageEcosystem: PackageEcosystem,\n    packages: Package[],\n  ): Promise<SecurityVulnerability[]> {\n    // GitHub API doesn't support querying multiple package at once, so we need to make a request for each package individually.\n    // To speed up the process, we can make the requests in parallel, 100 at a time. We batch the requests to avoid hitting the rate limit too quickly.\n    // https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api\n    const securityVulnerabilities = await this.batchGraphQueryAsync<Package, SecurityVulnerability>(\n      100,\n      packages,\n      async (pkg) => {\n        const variables = {\n          ecosystem: packageEcosystem,\n          package: pkg.name,\n        };\n\n        function pickCvss(value: CvssSeverities): Cvss | undefined {\n          // Pick the one with a non-zero score\n          if (value.cvssV4 && value.cvssV4.score > 0) return value.cvssV4;\n          if (value.cvssV3 && value.cvssV3.score > 0) return value.cvssV3;\n        }\n\n        try {\n          const response = await this.octokit.graphql<GitHubSecurityVulnerabilitiesResponse>(\n            GHSA_SECURITY_VULNERABILITIES_QUERY,\n            variables,\n          );\n          const parsed = GitHubSecurityVulnerabilitiesResponseSchema.parse(response);\n          const vulnerabilities = parsed.securityVulnerabilities.nodes;\n          return (\n            vulnerabilities\n              ?.filter((v) => v.advisory != null)\n              ?.map(\n                (v) =>\n                  ({\n                    ...v,\n                    package: pkg,\n                    advisory: {\n                      ...v.advisory,\n                      cwes: v.advisory.cwes?.nodes,\n                      cvss: pickCvss(v.advisory.cvssSeverities),\n                    },\n                  }) satisfies SecurityVulnerability,\n              ) || []\n          );\n        } catch (error) {\n          logger.warn(`GHSA GraphQL request failed for package ${pkg.name}: ${error}. Continuing with other packages.`);\n          return [];\n        }\n      },\n    );\n\n    return securityVulnerabilities;\n  }\n\n  /**\n   * Batch requests in parallel to speed up the process when we are forced to do a N+1 query\n   * @param batchSize\n   * @param items\n   * @param action\n   * @returns\n   */\n  private async batchGraphQueryAsync<T1, T2>(batchSize: number, items: T1[], action: (item: T1) => Promise<T2[]>) {\n    const results: T2[] = [];\n    for (let i = 0; i < items.length; i += batchSize) {\n      const batch = items.slice(i, i + batchSize);\n      if (batch?.length) {\n        try {\n          const batchResults = await Promise.all(batch.map(action));\n          if (batchResults?.length) {\n            results.push(...batchResults.flat());\n          }\n        } catch (error) {\n          logger.warn(`Request batch [${i}-${i + batchSize}] failed; The data may be incomplete. ${error}`);\n        }\n      }\n    }\n    return results;\n  }\n}\n\nexport function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[] {\n  // Filter out vulnerabilities that have been withdrawn or that are not relevant the current version of the package\n  const affectedVulnerabilities = securityVulnerabilities\n    .filter((v) => !v.advisory.withdrawnAt)\n    .filter((v) => {\n      const pkg = v.package;\n      if (!pkg || !pkg.version || !v.vulnerableVersionRange) {\n        return false;\n      }\n\n      /**\n       * The vulnerable version range follows a basic syntax with a few forms:\n       *   `= 0.2.0` denotes a single vulnerable version\n       *   `<= 1.0.8` denotes a version range up to and including the specified version\n       *   `< 0.1.11` denotes a version range up to, but excluding, the specified version\n       *   `>= 4.3.0, < 4.3.5` denotes a version range with a known minimum and maximum version\n       *   `>= 0.0.1` denotes a version range with a known minimum, but no known maximum\n       */\n      const versionRangeRequirements = v.vulnerableVersionRange.split(',').map((v) => v.trim());\n      return versionRangeRequirements.every((r) => pkg.version && semver.satisfies(pkg.version, r));\n    });\n  return affectedVulnerabilities;\n}\n"],"mappings":";;;;;;;;;;;;;AAQA,SAAgB,mBAAmB,EAAE,SAAqC;AACxE,QAAO,IAAI,QAAQ,EACjB,MAAM,OAEP,CAAC;;;;;ACHJ,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkD5C,MAAa,yBAAyB,EAAE,KAAK;CAC3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,gBAAgB,EAAE,OAAO;CACpC,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC9B,CAAC;AAGF,MAAa,mCAAmC,EAAE,KAAK,CAAC,OAAO,OAAO,CAAC;AAGvE,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAO;CAAY;CAAQ;CAAW,CAAC;AAG7F,MAAM,YAAY,EAAE,OAAO;CACzB,OAAO,EAAE,QAAQ;CACjB,MAAM,EAAE,QAAQ;CAChB,aAAa,EAAE,QAAQ;CACxB,CAAC;AAEF,MAAM,aAAa,EAAE,OAAO;CAC1B,OAAO,EAAE,QAAQ;CACjB,cAAc,EAAE,QAAQ,CAAC,SAAS;CACnC,CAAC;AAGF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,aAAa,EACV,OAAO;EACN,MAAM,EAAE,MAAM,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAC;EAC7D,OAAO,EAAE,QAAQ;EAClB,CAAC,CACD,OAAO;CACV,UAAU,+BAA+B,SAAS;CAClD,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS;CAC3D,MAAM,WAAW,SAAS;CAC1B,MAAM,EACH,OAAO;EACN,YAAY,EAAE,QAAQ,CAAC,SAAS;EAChC,YAAY,EAAE,QAAQ,CAAC,SAAS;EACjC,CAAC,CACD,SAAS;CACZ,MAAM,UAAU,OAAO,CAAC,SAAS;CACjC,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAM,4BAA4B,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAGtE,MAAa,8BAA8B,EAAE,OAAO;CAClD,SAAS;CACT,UAAU;CACV,wBAAwB,EAAE,QAAQ;CAClC,qBAAqB,0BAA0B,SAAS;CACzD,CAAC;AAGF,MAAM,uBAAuB,EAAE,OAAO;CACpC,QAAQ,WAAW,SAAS;CAC5B,QAAQ,WAAW,SAAS;CAC7B,CAAC;AAGF,MAAM,8CAA8C,EAAE,OAAO,EAC3D,yBAAyB,EAAE,OAAO,EAChC,OAAO,EACJ,OAAO;CACN,UAAU,uBAAuB,KAAK,EAAE,MAAM,MAAuC,CAAC,CAAC,OAAO;EAC5F,gBAAgB;EAChB,MAAM,EAAE,OAAO,EAAE,OAAO,UAAU,OAAO,EAAE,CAAC,CAAC,SAAS;EACvD,CAAC;CACF,qBAAqB,0BAA0B,SAAS;CACxD,wBAAwB,EAAE,QAAQ;CACnC,CAAC,CACD,OAAO,EACX,CAAC,EACH,CAAC;AAGF,SAAgB,oDACd,0BACkB;AAClB,SAAQ,0BAAR;EACE,KAAK,WACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,UACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uCAAuC,2BAA2B;;;;;;AAOxF,IAAa,+BAAb,MAA0C;CACxC,AAAiB;;;;CAKjB,YAAY,OAAe;AACzB,OAAK,UAAU,mBAAmB,EAAE,OAAO,CAAC;;;;;;;CAQ9C,MAAa,gCACX,kBACA,UACkC;AAiDlC,SA7CgC,MAAM,KAAK,qBACzC,KACA,UACA,OAAO,QAAQ;GACb,MAAM,YAAY;IAChB,WAAW;IACX,SAAS,IAAI;IACd;GAED,SAAS,SAAS,OAAyC;AAEzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;AACzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;;AAG3D,OAAI;IACF,MAAM,WAAW,MAAM,KAAK,QAAQ,QAClC,qCACA,UACD;AAGD,WAFe,4CAA4C,MAAM,SAAS,CAC3C,wBAAwB,OAGjD,QAAQ,MAAM,EAAE,YAAY,KAAK,EACjC,KACC,OACE;KACC,GAAG;KACH,SAAS;KACT,UAAU;MACR,GAAG,EAAE;MACL,MAAM,EAAE,SAAS,MAAM;MACvB,MAAM,SAAS,EAAE,SAAS,eAAe;MAC1C;KACF,EACJ,IAAI,EAAE;YAEJ,OAAO;AACd,WAAO,KAAK,2CAA2C,IAAI,KAAK,IAAI,MAAM,mCAAmC;AAC7G,WAAO,EAAE;;IAGd;;;;;;;;;CAYH,MAAc,qBAA6B,WAAmB,OAAa,QAAqC;EAC9G,MAAMA,UAAgB,EAAE;AACxB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;GAChD,MAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,UAAU;AAC3C,OAAI,OAAO,OACT,KAAI;IACF,MAAM,eAAe,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAO,CAAC;AACzD,QAAI,cAAc,OAChB,SAAQ,KAAK,GAAG,aAAa,MAAM,CAAC;YAE/B,OAAO;AACd,WAAO,KAAK,kBAAkB,EAAE,GAAG,IAAI,UAAU,wCAAwC,QAAQ;;;AAIvG,SAAO;;;AAIX,SAAgB,sBAAsB,yBAA2E;AAqB/G,QAnBgC,wBAC7B,QAAQ,MAAM,CAAC,EAAE,SAAS,YAAY,CACtC,QAAQ,MAAM;EACb,MAAM,MAAM,EAAE;AACd,MAAI,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,EAAE,uBAC7B,QAAO;AAYT,SADiC,EAAE,uBAAuB,MAAM,IAAI,CAAC,KAAK,QAAMC,IAAE,MAAM,CAAC,CACzD,OAAO,MAAM,IAAI,WAAW,OAAO,UAAU,IAAI,SAAS,EAAE,CAAC;GAC7F"}

package/dist/{node/http.d.ts → http/index.d.ts}

@@ -39,7 +39,7 @@ interface ProblemDetails {
 type CreateInnerApiClientOptions = {
   /**
    * The base URL to use for the API.
-   * @example 'https://api.paklo.app'
+   * @example 'https://www.paklo.app/api'
    */
   baseUrl: string;
   /** The token to use for authentication. This can be a JWT or specialized key. */
@@ -53,7 +53,7 @@ type RequestOptions = {
    */
   userAgent?: string;
 };
-type ResourceResponse<T$1 = Record<string, unknown>> = {
+type ResourceResponse<T = Record<string, unknown>> = {
   /** The headers of the response. */
   headers: Headers;
   /** Whether the request was successful. */
@@ -63,15 +63,15 @@ type ResourceResponse<T$1 = Record<string, unknown>> = {
   /** The status text of the response. */
   statusText: string;
   /** The data of the response. */
-  data?: T$1;
+  data?: T;
   /** The error of the response. */
   error?: ProblemDetails;
 };
-type InnerRequestOptions<T$1> = RequestOptions & {
+type InnerRequestOptions<T> = RequestOptions & {
   /**
    * The base URL to use for the request.
    * This overrides the default base URL.
-   * @example 'https://api.paklo.app'
+   * @example 'https://www.paklo.app/api'
    */
   baseUrl?: string;
   /** Additional headers to use for the request. */
@@ -79,9 +79,9 @@ type InnerRequestOptions<T$1> = RequestOptions & {
   /** The payload to use for the request. */
   payload?: Record<string, unknown> | MultipartFormDataBody | ReadableStream | XMLHttpRequestBodyInit;
   /** The schema to use when parsing the response. */
-  schema?: ZodType<T$1>;
+  schema?: ZodType<T>;
 };
-type InnerRequestOptionsComplete<T$1> = InnerRequestOptions<T$1> & {
+type InnerRequestOptionsComplete<T> = InnerRequestOptions<T> & {
   /** The method to use for the request. */
   method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
   /** The URL to use for the request. */
@@ -118,4 +118,4 @@ declare function isErrorTemporaryFailure(e?: {
 } | null): boolean;
 //#endregion
 export { CreateInnerApiClientOptions, HEADER_NAME_ACCEPT, HEADER_NAME_AUTHORIZATION, HEADER_NAME_CONTENT_DISPOSITION, HEADER_NAME_CONTENT_TYPE, HEADER_NAME_USER_AGENT, HttpRequestError, InnerApiClient, InnerRequestOptions, ProblemDetails, RequestOptions, ResourceResponse, isErrorTemporaryFailure };
-//# sourceMappingURL=http.d.ts.map
+//# sourceMappingURL=index.d.ts.map

package/dist/{node/http.js → http/index.js}

@@ -1,4 +1,4 @@
-import "./environment-DX5CD-dD.js";
-import { a as HEADER_NAME_AUTHORIZATION, c as HEADER_NAME_USER_AGENT, i as HEADER_NAME_ACCEPT, n as InnerApiClient, o as HEADER_NAME_CONTENT_DISPOSITION, r as isErrorTemporaryFailure, s as HEADER_NAME_CONTENT_TYPE, t as HttpRequestError } from "./http-BG_-s47I.js";
+import "../environment-DX5CD-dD.js";
+import { a as HEADER_NAME_AUTHORIZATION, c as HEADER_NAME_USER_AGENT, i as HEADER_NAME_ACCEPT, n as InnerApiClient, o as HEADER_NAME_CONTENT_DISPOSITION, r as isErrorTemporaryFailure, s as HEADER_NAME_CONTENT_TYPE, t as HttpRequestError } from "../http-Be3uWaqn.js";
 
 export { HEADER_NAME_ACCEPT, HEADER_NAME_AUTHORIZATION, HEADER_NAME_CONTENT_DISPOSITION, HEADER_NAME_CONTENT_TYPE, HEADER_NAME_USER_AGENT, HttpRequestError, InnerApiClient, isErrorTemporaryFailure };

package/dist/{node/http-BG_-s47I.js → http-Be3uWaqn.js}

@@ -242,4 +242,4 @@ function isErrorTemporaryFailure(e) {
 
 //#endregion
 export { HEADER_NAME_AUTHORIZATION as a, HEADER_NAME_USER_AGENT as c, HEADER_NAME_ACCEPT as i, InnerApiClient as n, HEADER_NAME_CONTENT_DISPOSITION as o, isErrorTemporaryFailure as r, HEADER_NAME_CONTENT_TYPE as s, HttpRequestError as t };
-//# sourceMappingURL=http-BG_-s47I.js.map
+//# sourceMappingURL=http-Be3uWaqn.js.map

package/dist/http-Be3uWaqn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-Be3uWaqn.js","names":["data: Array<MultipartFormDataBodyPart['body']>","list: Buffer[]","headers: Record<string, string>","body: BodyInit | undefined","error: ProblemDetails","code: number"],"sources":["../src/http/headers.ts","../src/http/multipart.ts","../src/http/inner.ts"],"sourcesContent":["export const HEADER_NAME_CONTENT_DISPOSITION = 'Content-Disposition';\nexport const HEADER_NAME_CONTENT_TYPE = 'Content-Type';\nexport const HEADER_NAME_ACCEPT = 'Accept';\nexport const HEADER_NAME_USER_AGENT = 'User-Agent';\nexport const HEADER_NAME_AUTHORIZATION = 'Authorization';\n","import { HEADER_NAME_CONTENT_DISPOSITION, HEADER_NAME_CONTENT_TYPE } from './headers';\n\nexport class MultipartFormDataBody {\n  private type = 'multipart/form-data';\n  private boundary: string = `${Math.random().toString(36).substring(2)}`;\n  private parts: Array<MultipartFormDataBodyPart> = [];\n\n  public async encode(): Promise<Buffer> {\n    if (this.parts.length === 0) {\n      throw new Error('MultipartFormDataBody must have at least one part');\n    }\n\n    const data: Array<MultipartFormDataBodyPart['body']> = [];\n\n    for (const part of this.parts) {\n      // write boundary\n      data.push(`--${this.boundary}\\r\\n`);\n\n      // write headers\n      for (const [key, value] of Object.entries(part.headers)) {\n        data.push(`${key}: ${value}\\r\\n`);\n      }\n      data.push('\\r\\n');\n\n      // write body\n      data.push(part.body);\n      data.push('\\r\\n');\n    }\n\n    data.push(`--${this.boundary}--\\r\\n`);\n\n    const list: Buffer[] = [];\n    for (const item of data) {\n      if (item instanceof File) list.push(Buffer.from(await item.arrayBuffer()));\n      else if (typeof item === 'string') list.push(Buffer.from(item, 'utf8'));\n      else list.push(item);\n    }\n    return Buffer.concat(list);\n  }\n\n  public getBoundary(): string {\n    return this.boundary;\n  }\n\n  public getContentType(): string {\n    return `${this.type}; boundary=${this.boundary}`;\n  }\n\n  public add(name: string, value: string) {\n    const part = createPart(name, value);\n    this.parts.push(part);\n  }\n\n  public addFile(name: string, file: File) {\n    const part = createPart(name, file, file.name, file.type);\n    this.parts.push(part);\n  }\n}\n\ntype MultipartFormDataBodyPart = {\n  name: string;\n  headers: Record<string, string>;\n  body: Buffer | File | string;\n};\n\nfunction createPart(\n  name: string,\n  body: MultipartFormDataBodyPart['body'],\n  filename?: string,\n  contentType?: string,\n): MultipartFormDataBodyPart {\n  const headers: Record<string, string> = {};\n  headers[HEADER_NAME_CONTENT_DISPOSITION] = `form-data; name=\"${name}\"${filename ? `; filename=\"${filename}\"` : ''}`;\n  if (contentType) headers[HEADER_NAME_CONTENT_TYPE] = contentType;\n  return { name, headers, body };\n}\n","import type { ZodType } from 'zod/v4';\n\nimport { environment } from '@/environment';\n\nimport {\n  HEADER_NAME_ACCEPT,\n  HEADER_NAME_AUTHORIZATION,\n  HEADER_NAME_CONTENT_TYPE,\n  HEADER_NAME_USER_AGENT,\n} from './headers';\nimport { MultipartFormDataBody } from './multipart';\nimport type { ProblemDetails } from './problem';\n\nconst defaultUserAgent = `paklo/${environment.sha?.substring(0, 7) ?? 'dogfood'}`;\n\nexport type CreateInnerApiClientOptions = {\n  /**\n   * The base URL to use for the API.\n   * @example 'https://www.paklo.app/api'\n   */\n  baseUrl: string;\n\n  /** The token to use for authentication. This can be a JWT or specialized key. */\n  token?: string;\n};\n\nexport type RequestOptions = {\n  /**\n   * Value for the `User-Agent` header.\n   * This prepends the default value (e.g. `paklo/ab26320`)\n   * which is important when we need to propagate the browser information to the server.\n   */\n  userAgent?: string;\n};\n\nexport type ResourceResponse<T = Record<string, unknown>> = {\n  /** The headers of the response. */\n  headers: Headers;\n\n  /** Whether the request was successful. */\n  successful: boolean;\n\n  /** The status code of the response. */\n  status: number;\n\n  /** The status text of the response. */\n  statusText: string;\n\n  /** The data of the response. */\n  data?: T;\n\n  /** The error of the response. */\n  error?: ProblemDetails;\n};\n\nexport type InnerRequestOptions<T> = RequestOptions & {\n  /**\n   * The base URL to use for the request.\n   * This overrides the default base URL.\n   * @example 'https://www.paklo.app/api'\n   */\n  baseUrl?: string;\n\n  /** Additional headers to use for the request. */\n  headers?: HeadersInit;\n\n  /** The payload to use for the request. */\n  payload?: Record<string, unknown> | MultipartFormDataBody | ReadableStream | XMLHttpRequestBodyInit;\n\n  /** The schema to use when parsing the response. */\n  schema?: ZodType<T>;\n};\n\ntype InnerRequestOptionsComplete<T> = InnerRequestOptions<T> & {\n  /** The method to use for the request. */\n  method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';\n\n  /** The URL to use for the request. */\n  url: string;\n};\n\nexport class InnerApiClient {\n  private readonly baseUrl: string;\n  private readonly headers: Headers;\n  private readonly token?: string;\n\n  /**\n   * Create a new API client.\n   * @param options The options to use for the client.\n   */\n  constructor({ baseUrl, token }: CreateInnerApiClientOptions) {\n    this.baseUrl = baseUrl;\n\n    this.headers = new Headers({\n      [HEADER_NAME_ACCEPT]: 'application/json',\n    });\n\n    this.token = token;\n  }\n\n  async get<T>(url: string, options?: InnerRequestOptions<T>) {\n    return this.request<T>({\n      url: this.makeUrl(url, options),\n      method: 'GET',\n      ...options,\n    });\n  }\n\n  async post<T>(url: string, options?: InnerRequestOptions<T>) {\n    return this.request<T>({\n      method: 'POST',\n      url: this.makeUrl(url, options),\n      ...options,\n    });\n  }\n\n  async put<T>(url: string, options?: InnerRequestOptions<T>) {\n    return this.request<T>({\n      method: 'PUT',\n      url: this.makeUrl(url, options),\n      ...options,\n    });\n  }\n\n  async patch<T>(url: string, options?: InnerRequestOptions<T>) {\n    return this.request<T>({\n      method: 'PATCH',\n      url: this.makeUrl(url, options),\n      ...options,\n    });\n  }\n\n  async delete<T>(url: string, options?: InnerRequestOptions<T>) {\n    return this.request<T>({\n      method: 'DELETE',\n      url: this.makeUrl(url, options),\n      ...options,\n    });\n  }\n\n  async request<T>(options: InnerRequestOptionsComplete<T>): Promise<ResourceResponse<T>> {\n    const { method, url, payload, userAgent, headers: additionalHeaders, schema } = options;\n\n    // create headers for the request\n    const headers = new Headers(this.headers);\n    const finalUserAgent = userAgent && userAgent.length > 0 ? `${userAgent} (${defaultUserAgent})` : defaultUserAgent;\n    headers.set(HEADER_NAME_USER_AGENT, finalUserAgent);\n\n    // populate authorization header\n    if (this.token) {\n      headers.set(HEADER_NAME_AUTHORIZATION, `Bearer ${this.token}`);\n    }\n\n    // populate additional headers\n    // biome-ignore-start lint/suspicious/useIterableCallbackReturn: not used\n    if (additionalHeaders) {\n      if (additionalHeaders instanceof Headers) {\n        additionalHeaders.forEach((value, key) => headers.set(key, value as string));\n      } else if (Array.isArray(additionalHeaders)) {\n        additionalHeaders.forEach(([key, value]) => headers.set(key, value));\n      } else {\n        Object.entries(additionalHeaders).forEach(([key, value]) => headers.set(key, value as string));\n      }\n    }\n    // biome-ignore-end lint/suspicious/useIterableCallbackReturn: not used\n\n    // prepare body\n    let body: BodyInit | undefined;\n    if (skipSerialization(payload)) body = payload;\n    else if (payload instanceof MultipartFormDataBody) {\n      body = new Uint8Array(await payload.encode());\n      headers.set(HEADER_NAME_CONTENT_TYPE, payload.getContentType());\n    } else {\n      body = JSON.stringify(payload);\n      headers.set(HEADER_NAME_CONTENT_TYPE, 'application/json');\n    }\n\n    // make request\n    try {\n      const response = await fetch(url, { method, headers, body });\n      const { ok: successful, status, statusText } = response;\n\n      if (!successful) {\n        try {\n          const rawError = await response.text();\n          return { headers: response.headers, successful, status, statusText, error: JSON.parse(rawError) };\n        } catch (err) {\n          if (err instanceof SyntaxError) {\n            return {\n              headers: response.headers,\n              successful,\n              status,\n              statusText,\n              error: {\n                title: 'Unknown error',\n                status,\n                statusText: response.statusText,\n              },\n            };\n          }\n\n          const error: ProblemDetails = {\n            title: (err instanceof Error ? err.message : undefined) ?? 'Unknown error',\n            status: response.status,\n            statusText: response.statusText,\n          };\n\n          return { headers: response.headers, successful, status, statusText, error };\n        }\n      }\n\n      const contentLength = response.headers.get('content-length');\n      let data = contentLength && contentLength !== '0' ? ((await response.json()) as T) : undefined;\n      if (data && schema) {\n        const result = await schema.safeParseAsync(data);\n        if (!result.success) {\n          return {\n            headers: response.headers,\n            successful: false,\n            status,\n            statusText,\n            data,\n            error: {\n              title: 'application_error',\n              detail: 'Schema validation error',\n              errors: result.error.flatten().fieldErrors,\n              status: response.status,\n              statusText: response.statusText,\n            },\n          };\n        }\n        data = result.data;\n      }\n\n      return { headers: response.headers, data, successful, status, statusText };\n    } catch (err) {\n      return {\n        headers: new Headers(),\n        successful: false,\n        status: -1,\n        statusText: 'Application Error',\n        error: {\n          title: 'application_error',\n          detail: `Unable to fetch data. The request could not be resolved. ${err}`,\n        },\n      };\n    }\n  }\n\n  private makeUrl<T>(url: string, options?: InnerRequestOptions<T>): string {\n    if (url.startsWith('http://') || url.startsWith('https://')) return url;\n    const baseUrl = options?.baseUrl ?? this.baseUrl;\n    return `${baseUrl}${url}`;\n  }\n}\n\n/**\n * Whether to skip serialization of the payload.\n * @param payload The payload to check.\n * @returns true if the payload should not be serialized; otherwise, false.\n */\nfunction skipSerialization(\n  payload: InnerRequestOptions<never>['payload'],\n): payload is FormData | URLSearchParams | ReadableStream | Blob | ArrayBuffer | string | undefined {\n  return (\n    payload instanceof FormData ||\n    payload instanceof URLSearchParams ||\n    payload instanceof ReadableStream ||\n    payload instanceof Blob ||\n    payload instanceof ArrayBuffer ||\n    payload instanceof Buffer ||\n    typeof payload === 'string' ||\n    !payload\n  );\n}\n\n/** Http request error */\nexport class HttpRequestError extends Error {\n  constructor(\n    message: string,\n    public code: number,\n  ) {\n    super(message);\n  }\n}\n\nexport function isErrorTemporaryFailure(e?: { code?: string | number; message?: string } | null): boolean {\n  if (e instanceof HttpRequestError) {\n    // Check for common HTTP status codes that indicate a temporary failure\n    // See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status\n    switch (e.code) {\n      case 502:\n        return true; // 502 Bad Gateway\n      case 503:\n        return true; // 503 Service Unavailable\n      case 504:\n        return true; // 504 Gateway Timeout\n      default:\n        return false;\n    }\n  } else if (e?.code) {\n    // Check for Node.js system errors that indicate a temporary failure\n    // See: https://nodejs.org/api/errors.html#errors_common_system_errors\n    switch (e.code) {\n      case 'ETIMEDOUT':\n        return true; // Operation timed out\n      default:\n        return false;\n    }\n  } else {\n    return false;\n  }\n}\n"],"mappings":";;;AAAA,MAAa,kCAAkC;AAC/C,MAAa,2BAA2B;AACxC,MAAa,qBAAqB;AAClC,MAAa,yBAAyB;AACtC,MAAa,4BAA4B;;;;ACFzC,IAAa,wBAAb,MAAmC;CACjC,AAAQ,OAAO;CACf,AAAQ,WAAmB,GAAG,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,UAAU,EAAE;CACrE,AAAQ,QAA0C,EAAE;CAEpD,MAAa,SAA0B;AACrC,MAAI,KAAK,MAAM,WAAW,EACxB,OAAM,IAAI,MAAM,oDAAoD;EAGtE,MAAMA,OAAiD,EAAE;AAEzD,OAAK,MAAM,QAAQ,KAAK,OAAO;AAE7B,QAAK,KAAK,KAAK,KAAK,SAAS,MAAM;AAGnC,QAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,QAAQ,CACrD,MAAK,KAAK,GAAG,IAAI,IAAI,MAAM,MAAM;AAEnC,QAAK,KAAK,OAAO;AAGjB,QAAK,KAAK,KAAK,KAAK;AACpB,QAAK,KAAK,OAAO;;AAGnB,OAAK,KAAK,KAAK,KAAK,SAAS,QAAQ;EAErC,MAAMC,OAAiB,EAAE;AACzB,OAAK,MAAM,QAAQ,KACjB,KAAI,gBAAgB,KAAM,MAAK,KAAK,OAAO,KAAK,MAAM,KAAK,aAAa,CAAC,CAAC;WACjE,OAAO,SAAS,SAAU,MAAK,KAAK,OAAO,KAAK,MAAM,OAAO,CAAC;MAClE,MAAK,KAAK,KAAK;AAEtB,SAAO,OAAO,OAAO,KAAK;;CAG5B,AAAO,cAAsB;AAC3B,SAAO,KAAK;;CAGd,AAAO,iBAAyB;AAC9B,SAAO,GAAG,KAAK,KAAK,aAAa,KAAK;;CAGxC,AAAO,IAAI,MAAc,OAAe;EACtC,MAAM,OAAO,WAAW,MAAM,MAAM;AACpC,OAAK,MAAM,KAAK,KAAK;;CAGvB,AAAO,QAAQ,MAAc,MAAY;EACvC,MAAM,OAAO,WAAW,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK;AACzD,OAAK,MAAM,KAAK,KAAK;;;AAUzB,SAAS,WACP,MACA,MACA,UACA,aAC2B;CAC3B,MAAMC,UAAkC,EAAE;AAC1C,SAAQ,mCAAmC,oBAAoB,KAAK,GAAG,WAAW,eAAe,SAAS,KAAK;AAC/G,KAAI,YAAa,SAAQ,4BAA4B;AACrD,QAAO;EAAE;EAAM;EAAS;EAAM;;;;;AC7DhC,MAAM,mBAAmB,SAAS,YAAY,KAAK,UAAU,GAAG,EAAE,IAAI;AAoEtE,IAAa,iBAAb,MAA4B;CAC1B,AAAiB;CACjB,AAAiB;CACjB,AAAiB;;;;;CAMjB,YAAY,EAAE,SAAS,SAAsC;AAC3D,OAAK,UAAU;AAEf,OAAK,UAAU,IAAI,QAAQ,GACxB,qBAAqB,oBACvB,CAAC;AAEF,OAAK,QAAQ;;CAGf,MAAM,IAAO,KAAa,SAAkC;AAC1D,SAAO,KAAK,QAAW;GACrB,KAAK,KAAK,QAAQ,KAAK,QAAQ;GAC/B,QAAQ;GACR,GAAG;GACJ,CAAC;;CAGJ,MAAM,KAAQ,KAAa,SAAkC;AAC3D,SAAO,KAAK,QAAW;GACrB,QAAQ;GACR,KAAK,KAAK,QAAQ,KAAK,QAAQ;GAC/B,GAAG;GACJ,CAAC;;CAGJ,MAAM,IAAO,KAAa,SAAkC;AAC1D,SAAO,KAAK,QAAW;GACrB,QAAQ;GACR,KAAK,KAAK,QAAQ,KAAK,QAAQ;GAC/B,GAAG;GACJ,CAAC;;CAGJ,MAAM,MAAS,KAAa,SAAkC;AAC5D,SAAO,KAAK,QAAW;GACrB,QAAQ;GACR,KAAK,KAAK,QAAQ,KAAK,QAAQ;GAC/B,GAAG;GACJ,CAAC;;CAGJ,MAAM,OAAU,KAAa,SAAkC;AAC7D,SAAO,KAAK,QAAW;GACrB,QAAQ;GACR,KAAK,KAAK,QAAQ,KAAK,QAAQ;GAC/B,GAAG;GACJ,CAAC;;CAGJ,MAAM,QAAW,SAAuE;EACtF,MAAM,EAAE,QAAQ,KAAK,SAAS,WAAW,SAAS,mBAAmB,WAAW;EAGhF,MAAM,UAAU,IAAI,QAAQ,KAAK,QAAQ;EACzC,MAAM,iBAAiB,aAAa,UAAU,SAAS,IAAI,GAAG,UAAU,IAAI,iBAAiB,KAAK;AAClG,UAAQ,IAAI,wBAAwB,eAAe;AAGnD,MAAI,KAAK,MACP,SAAQ,IAAI,2BAA2B,UAAU,KAAK,QAAQ;AAKhE,MAAI,kBACF,KAAI,6BAA6B,QAC/B,mBAAkB,SAAS,OAAO,QAAQ,QAAQ,IAAI,KAAK,MAAgB,CAAC;WACnE,MAAM,QAAQ,kBAAkB,CACzC,mBAAkB,SAAS,CAAC,KAAK,WAAW,QAAQ,IAAI,KAAK,MAAM,CAAC;MAEpE,QAAO,QAAQ,kBAAkB,CAAC,SAAS,CAAC,KAAK,WAAW,QAAQ,IAAI,KAAK,MAAgB,CAAC;EAMlG,IAAIC;AACJ,MAAI,kBAAkB,QAAQ,CAAE,QAAO;WAC9B,mBAAmB,uBAAuB;AACjD,UAAO,IAAI,WAAW,MAAM,QAAQ,QAAQ,CAAC;AAC7C,WAAQ,IAAI,0BAA0B,QAAQ,gBAAgB,CAAC;SAC1D;AACL,UAAO,KAAK,UAAU,QAAQ;AAC9B,WAAQ,IAAI,0BAA0B,mBAAmB;;AAI3D,MAAI;GACF,MAAM,WAAW,MAAM,MAAM,KAAK;IAAE;IAAQ;IAAS;IAAM,CAAC;GAC5D,MAAM,EAAE,IAAI,YAAY,QAAQ,eAAe;AAE/C,OAAI,CAAC,WACH,KAAI;IACF,MAAM,WAAW,MAAM,SAAS,MAAM;AACtC,WAAO;KAAE,SAAS,SAAS;KAAS;KAAY;KAAQ;KAAY,OAAO,KAAK,MAAM,SAAS;KAAE;YAC1F,KAAK;AACZ,QAAI,eAAe,YACjB,QAAO;KACL,SAAS,SAAS;KAClB;KACA;KACA;KACA,OAAO;MACL,OAAO;MACP;MACA,YAAY,SAAS;MACtB;KACF;IAGH,MAAMC,QAAwB;KAC5B,QAAQ,eAAe,QAAQ,IAAI,UAAU,WAAc;KAC3D,QAAQ,SAAS;KACjB,YAAY,SAAS;KACtB;AAED,WAAO;KAAE,SAAS,SAAS;KAAS;KAAY;KAAQ;KAAY;KAAO;;GAI/E,MAAM,gBAAgB,SAAS,QAAQ,IAAI,iBAAiB;GAC5D,IAAI,OAAO,iBAAiB,kBAAkB,MAAQ,MAAM,SAAS,MAAM,GAAU;AACrF,OAAI,QAAQ,QAAQ;IAClB,MAAM,SAAS,MAAM,OAAO,eAAe,KAAK;AAChD,QAAI,CAAC,OAAO,QACV,QAAO;KACL,SAAS,SAAS;KAClB,YAAY;KACZ;KACA;KACA;KACA,OAAO;MACL,OAAO;MACP,QAAQ;MACR,QAAQ,OAAO,MAAM,SAAS,CAAC;MAC/B,QAAQ,SAAS;MACjB,YAAY,SAAS;MACtB;KACF;AAEH,WAAO,OAAO;;AAGhB,UAAO;IAAE,SAAS,SAAS;IAAS;IAAM;IAAY;IAAQ;IAAY;WACnE,KAAK;AACZ,UAAO;IACL,SAAS,IAAI,SAAS;IACtB,YAAY;IACZ,QAAQ;IACR,YAAY;IACZ,OAAO;KACL,OAAO;KACP,QAAQ,4DAA4D;KACrE;IACF;;;CAIL,AAAQ,QAAW,KAAa,SAA0C;AACxE,MAAI,IAAI,WAAW,UAAU,IAAI,IAAI,WAAW,WAAW,CAAE,QAAO;AAEpE,SAAO,GADS,SAAS,WAAW,KAAK,UACrB;;;;;;;;AASxB,SAAS,kBACP,SACkG;AAClG,QACE,mBAAmB,YACnB,mBAAmB,mBACnB,mBAAmB,kBACnB,mBAAmB,QACnB,mBAAmB,eACnB,mBAAmB,UACnB,OAAO,YAAY,YACnB,CAAC;;;AAKL,IAAa,mBAAb,cAAsC,MAAM;CAC1C,YACE,SACA,AAAOC,MACP;AACA,QAAM,QAAQ;EAFP;;;AAMX,SAAgB,wBAAwB,GAAkE;AACxG,KAAI,aAAa,iBAGf,SAAQ,EAAE,MAAV;EACE,KAAK,IACH,QAAO;EACT,KAAK,IACH,QAAO;EACT,KAAK,IACH,QAAO;EACT,QACE,QAAO;;UAEF,GAAG,KAGZ,SAAQ,EAAE,MAAV;EACE,KAAK,YACH,QAAO;EACT,QACE,QAAO;;KAGX,QAAO"}

package/dist/{browser/github.d.ts → index-CYzMyUeu.d.ts}

@@ -1,5 +1,20 @@
 import { z } from "zod/v4";
+import { Octokit } from "octokit";
 
+//#region src/github/client.d.ts
+
+/**
+ * Creates an authenticated GitHub API client using Octokit.
+ *
+ * @param token - GitHub personal access token or fine-grained token with appropriate permissions
+ * @returns Configured Octokit instance ready for API calls
+ */
+declare function createGitHubClient({
+  token
+}: {
+  token: string;
+}): Octokit;
+//#endregion
 //#region src/github/ghsa.d.ts
 declare const PackageEcosystemSchema: z.ZodEnum<{
   COMPOSER: "COMPOSER";
@@ -54,11 +69,11 @@ declare const SecurityAdvisorySchema: z.ZodObject<{
   }, z.core.$strip>>>>;
   cvss: z.ZodOptional<z.ZodNullable<z.ZodObject<{
     score: z.ZodNumber;
-    vectorString: z.ZodString;
+    vectorString: z.ZodOptional<z.ZodNullable<z.ZodString>>;
   }, z.core.$strip>>>;
   epss: z.ZodOptional<z.ZodNullable<z.ZodObject<{
-    percentage: z.ZodNumber;
-    percentile: z.ZodNumber;
+    percentage: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+    percentile: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
   }, z.core.$strip>>>;
   cwes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
     cweId: z.ZodString;
@@ -101,11 +116,11 @@ declare const SecurityVulnerabilitySchema: z.ZodObject<{
     }, z.core.$strip>>>>;
     cvss: z.ZodOptional<z.ZodNullable<z.ZodObject<{
       score: z.ZodNumber;
-      vectorString: z.ZodString;
+      vectorString: z.ZodOptional<z.ZodNullable<z.ZodString>>;
     }, z.core.$strip>>>;
     epss: z.ZodOptional<z.ZodNullable<z.ZodObject<{
-      percentage: z.ZodNumber;
-      percentile: z.ZodNumber;
+      percentage: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+      percentile: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
     }, z.core.$strip>>>;
     cwes: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodObject<{
       cweId: z.ZodString;
@@ -125,11 +140,14 @@ declare const SecurityVulnerabilitySchema: z.ZodObject<{
 type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;
 declare function getGhsaPackageEcosystemFromDependabotPackageManager(dependabotPackageManager: string): PackageEcosystem;
 /**
- * GitHub GraphQL client
+ * GitHub Security Advisory client
  */
-declare class GitHubGraphClient {
-  private readonly accessToken;
-  constructor(accessToken: string);
+declare class GitHubSecurityAdvisoryClient {
+  private readonly octokit;
+  /**
+   * @param token GitHub personal access token with access to the GHSA API
+   */
+  constructor(token: string);
   /**
    * Get the list of security vulnerabilities for a given package ecosystem and list of packages
    * @param packageEcosystem
@@ -147,5 +165,5 @@ declare class GitHubGraphClient {
 }
 declare function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[];
 //#endregion
-export { FirstPatchedVersion, GitHubGraphClient, Package, PackageEcosystem, PackageEcosystemSchema, PackageSchema, SecurityAdvisory, SecurityAdvisoryIdentifierSchema, SecurityAdvisoryIdentifierType, SecurityAdvisorySchema, SecurityAdvisorySeverity, SecurityAdvisorySeveritySchema, SecurityVulnerability, SecurityVulnerabilitySchema, filterVulnerabilities, getGhsaPackageEcosystemFromDependabotPackageManager };
-//# sourceMappingURL=github.d.ts.map
+export { createGitHubClient as _, PackageEcosystemSchema as a, SecurityAdvisoryIdentifierSchema as c, SecurityAdvisorySeverity as d, SecurityAdvisorySeveritySchema as f, getGhsaPackageEcosystemFromDependabotPackageManager as g, filterVulnerabilities as h, PackageEcosystem as i, SecurityAdvisoryIdentifierType as l, SecurityVulnerabilitySchema as m, GitHubSecurityAdvisoryClient as n, PackageSchema as o, SecurityVulnerability as p, Package as r, SecurityAdvisory as s, FirstPatchedVersion as t, SecurityAdvisorySchema as u };
+//# sourceMappingURL=index-CYzMyUeu.d.ts.map