@paklo/core 0.2.0 → 0.4.0

package/dist/browser/environment-DinhzwQn.js

@@ -1,139 +0,0 @@
-//#region rolldown:runtime
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, { get: (a, b) => (typeof require !== "undefined" ? require : a)[b] }) : x)(function(x) {
-	if (typeof require !== "undefined") return require.apply(this, arguments);
-	throw Error("Calling `require` for \"" + x + "\" in an environment that doesn't expose the `require` function.");
-});
-
-//#endregion
-//#region src/environment/git.ts
-/**
-* Retrieves the name of the current Git branch from the environment variables or from Git itself.
-* The priority order for retrieving the branch name is as follows:
-* 1. `process.env.GITHUB_REF_NAME`
-* 2. `process.env.VERCEL_GIT_COMMIT_REF`
-* 3. `process.env.CF_PAGES_BRANCH`
-* 4. Retrieve the branch name from Git using the `getBranchFromGit` function.
-* @returns The name of the current Git branch, or undefined if it cannot be determined.
-*/
-function getBranch() {
-	return process.env.GITHUB_REF_NAME || process.env.VERCEL_GIT_COMMIT_REF || process.env.CF_PAGES_BRANCH || getBranchFromGit();
-}
-/**
-* Retrieves the Git SHA (commit hash) from the environment variables or from Git itself.
-* The priority order for retrieving the Git SHA is as follows:
-* 1. `process.env.GITHUB_SHA`
-* 2. `process.env.VERCEL_GIT_COMMIT_SHA`
-* 3. `process.env.CF_PAGES_COMMIT_SHA`
-* 4. Retrieve the SHA from Git using the `getShaFromGit` function.
-* @returns The Git SHA (commit hash) if available, otherwise `undefined`.
-*/
-function getSha() {
-	return process?.env.GITHUB_SHA || process?.env.VERCEL_GIT_COMMIT_SHA || process?.env.CF_PAGES_COMMIT_SHA || getShaFromGit();
-}
-/**
-* Retrieves the SHA (commit hash) from the Git repository.
-* @returns The SHA (commit hash) as a string, or undefined if it cannot be retrieved.
-*/
-function getShaFromGit() {
-	try {
-		if (process.env.NEXT_RUNTIME === "nodejs") {
-			const { execSync } = __require("node:child_process");
-			return execSync("git rev-parse HEAD").toString().trim();
-		}
-	} catch {
-		return;
-	}
-}
-/**
-* Retrieves the current branch name from Git.
-* @returns The name of the current branch, or 'unknown' if an error occurs.
-*/
-function getBranchFromGit() {
-	try {
-		if (process.env.NEXT_RUNTIME === "nodejs") {
-			const { execSync } = __require("node:child_process");
-			return execSync("git rev-parse --abbrev-ref HEAD").toString().trim();
-		}
-	} catch {
-		return;
-	}
-}
-
-//#endregion
-//#region src/environment/platform.ts
-function getPlatform() {
-	if (process.env.CONTAINER_APP_ENV_DNS_SUFFIX) return "azure_container_apps";
-	else if (process.env.WEBSITE_STATICWEBAPP_RESOURCE_ID) return "azure_static_web_app";
-	else if (process.env.WEBSITE_HOSTNAME) return "azure_app_service";
-	else if (process.env.CF_PAGES_URL) return "cloudflare_pages";
-	else if (process.env.VERCEL_BRANCH_URL) return "vercel";
-}
-
-//#endregion
-//#region src/environment/site-url.ts
-/**
-* Get the site URL based on the environment variables.
-* @param options - The options to use.
-* @returns The site URL.
-*/
-function getSiteUrlCombined({ development, main, defaultValue }) {
-	if (development) return `http://localhost:${process.env.PORT || 3e3}`;
-	if (main) return defaultValue;
-	let value = getSiteUrlForAca();
-	if (value && value.length > 0) return value;
-	value = getSiteUrlForAppService();
-	if (value && value.length > 0) return value;
-	value = getSiteUrlForSwa();
-	if (value && value.length > 0) return value;
-	value = process.env.VERCEL_BRANCH_URL;
-	if (value && value.length > 0) return `https://${value}`;
-	value = process.env.CF_PAGES_URL;
-	if (value && value.length > 0) return value;
-	return defaultValue;
-}
-function getSiteUrlForAca() {
-	const suffix = process.env.CONTAINER_APP_ENV_DNS_SUFFIX;
-	const name = process.env.CONTAINER_APP_NAME;
-	if (!suffix || !name) return void 0;
-	return `https://${name}.${suffix}`;
-}
-function getSiteUrlForAppService() {
-	const value = process.env.WEBSITE_HOSTNAME;
-	return value ? `https://${value}` : void 0;
-}
-function getSiteUrlForSwa() {
-	const clientIdMatch = process.env.WEBSITE_AUTH_V2_CONFIG_JSON?.match(/"clientId":"([^"]+)"/);
-	return clientIdMatch ? `https://${clientIdMatch[1]}` : void 0;
-}
-
-//#endregion
-//#region src/environment/index.ts
-function getEnvironment() {
-	const env = "development";
-	const branch = getBranch();
-	const sha = getSha();
-	const platform = getPlatform();
-	return {
-		name: env,
-		development: env === "development",
-		production: env === "production",
-		test: env === "test",
-		platform,
-		sha,
-		branch,
-		main: branch === "main"
-	};
-}
-const environment = getEnvironment();
-function getSiteUrl({ defaultValue }) {
-	const { development, main } = environment;
-	return getSiteUrlCombined({
-		development,
-		main,
-		defaultValue
-	});
-}
-
-//#endregion
-export { getSiteUrl as n, environment as t };
-//# sourceMappingURL=environment-DinhzwQn.js.map

package/dist/browser/environment-DinhzwQn.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"environment-DinhzwQn.js","names":[],"sources":["../../src/environment/git.ts","../../src/environment/platform.ts","../../src/environment/site-url.ts","../../src/environment/index.ts"],"sourcesContent":["/**\n * Retrieves the name of the current Git branch from the environment variables or from Git itself.\n * The priority order for retrieving the branch name is as follows:\n * 1. `process.env.GITHUB_REF_NAME`\n * 2. `process.env.VERCEL_GIT_COMMIT_REF`\n * 3. `process.env.CF_PAGES_BRANCH`\n * 4. Retrieve the branch name from Git using the `getBranchFromGit` function.\n * @returns The name of the current Git branch, or undefined if it cannot be determined.\n */\nexport function getBranch(): string | undefined {\n  // GITHUB_REF_NAME may change on every build and we do not want the turbo cache to be invalidated on every build\n  return (\n    process.env.GITHUB_REF_NAME ||\n    process.env.VERCEL_GIT_COMMIT_REF ||\n    process.env.CF_PAGES_BRANCH ||\n    getBranchFromGit()\n  );\n}\n\n/**\n * Retrieves the Git SHA (commit hash) from the environment variables or from Git itself.\n * The priority order for retrieving the Git SHA is as follows:\n * 1. `process.env.GITHUB_SHA`\n * 2. `process.env.VERCEL_GIT_COMMIT_SHA`\n * 3. `process.env.CF_PAGES_COMMIT_SHA`\n * 4. Retrieve the SHA from Git using the `getShaFromGit` function.\n * @returns The Git SHA (commit hash) if available, otherwise `undefined`.\n */\nexport function getSha(): string | undefined {\n  // GITHUB_SHA changes on every build and we do not want the turbo cache to be invalidated on every build\n  return (\n    process?.env.GITHUB_SHA || process?.env.VERCEL_GIT_COMMIT_SHA || process?.env.CF_PAGES_COMMIT_SHA || getShaFromGit()\n  );\n}\n\n/**\n * Retrieves the SHA (commit hash) from the Git repository.\n * @returns The SHA (commit hash) as a string, or undefined if it cannot be retrieved.\n */\nfunction getShaFromGit(): string | undefined {\n  try {\n    if (process.env.NEXT_RUNTIME === 'nodejs') {\n      const { execSync } = require('node:child_process');\n      return execSync('git rev-parse HEAD').toString().trim();\n    }\n  } catch {\n    return undefined;\n  }\n}\n\n/**\n * Retrieves the current branch name from Git.\n * @returns The name of the current branch, or 'unknown' if an error occurs.\n */\nfunction getBranchFromGit(): string | undefined {\n  try {\n    if (process.env.NEXT_RUNTIME === 'nodejs') {\n      const { execSync } = require('node:child_process');\n      return execSync('git rev-parse --abbrev-ref HEAD').toString().trim();\n    }\n  } catch {\n    return undefined;\n  }\n}\n","export type Platform =\n  | 'azure_app_service'\n  | 'azure_container_apps'\n  | 'azure_static_web_app'\n  | 'cloudflare_pages'\n  | 'vercel'\n  | undefined;\n\nexport function getPlatform(): Platform {\n  if (process.env.CONTAINER_APP_ENV_DNS_SUFFIX) return 'azure_container_apps';\n  // SWA is a special case of Azure App Service so we need to check it first\n  else if (process.env.WEBSITE_STATICWEBAPP_RESOURCE_ID) return 'azure_static_web_app';\n  else if (process.env.WEBSITE_HOSTNAME) return 'azure_app_service';\n  else if (process.env.CF_PAGES_URL) return 'cloudflare_pages';\n  else if (process.env.VERCEL_BRANCH_URL) return 'vercel';\n\n  return undefined;\n}\n","interface SiteUrlOptions {\n  /** Whether the current environment is development. */\n  development: boolean;\n\n  /** Whether the current branch is the main branch. */\n  main: boolean;\n\n  /** The default URL to use if no other URL is found. */\n  defaultValue: string;\n}\n\n/**\n * Get the site URL based on the environment variables.\n * @param options - The options to use.\n * @returns The site URL.\n */\nexport function getSiteUrlCombined({ development, main, defaultValue }: SiteUrlOptions) {\n  // if we are in development, use localhost\n  if (development) return `http://localhost:${process.env.PORT || 3000}`;\n\n  // if we are on the main branch, use the known URL\n  if (main) return defaultValue;\n\n  // if we are on Azure ContainerApps, use the provided URL\n  let value = getSiteUrlForAca();\n  if (value && value.length > 0) return value;\n\n  // if we are on Azure App Service, use the provided URL\n  value = getSiteUrlForAppService();\n  if (value && value.length > 0) return value;\n\n  // if we are on Azure Static WebApps, use the provided URL\n  value = getSiteUrlForSwa();\n  if (value && value.length > 0) return value;\n\n  // if we are on Vercel, use the provided URL\n  value = process.env.VERCEL_BRANCH_URL;\n  if (value && value.length > 0) return `https://${value}`;\n\n  // if we are on Cloudflare Pages, use the provided URL\n  value = process.env.CF_PAGES_URL;\n  if (value && value.length > 0) return value;\n\n  return defaultValue; // fallback (edge cases)\n}\n\nexport function getSiteUrlForAca(): string | undefined {\n  /*\n   * Having looked at the available ENV variables when deployed, we can form the URL from\n   * combinations of the following variables:\n   * CONTAINER_APP_ENV_DNS_SUFFIX (e.g. \"jollyplant-9349db20.westeurope.azurecontainerapps.io\")\n   * CONTAINER_APP_NAME (e.g. \"paklo-website\")\n   */\n\n  const suffix = process.env.CONTAINER_APP_ENV_DNS_SUFFIX;\n  const name = process.env.CONTAINER_APP_NAME;\n  if (!suffix || !name) return undefined;\n  return `https://${name}.${suffix}`;\n}\n\nexport function getSiteUrlForAppService(): string | undefined {\n  /*\n   * Environment variables for Azure App Service are documented at\n   * https://learn.microsoft.com/en-us/azure/app-service/reference-app-settings?tabs=kudu%2Cdotnet#app-environment\n   *\n   * WEBSITE_HOSTNAME (e.g. \"paklo-website.azurewebsites.net\")\n   */\n\n  const value = process.env.WEBSITE_HOSTNAME;\n  return value ? `https://${value}` : undefined;\n}\n\nexport function getSiteUrlForSwa(): string | undefined {\n  /*\n   * Having looked at the available ENV variables when deployed to both production and preview environments,\n   * only the WEBSITE_AUTH_V2_CONFIG_JSON has values we can use for this.\n   *\n   * Sample value for production:\n   * {\\\"platform\\\":{\\\"enabled\\\":true},\\\"globalValidation\\\":{\\\"excludedPaths\\\":[\\\"/.swa/health.html\\\"]},\\\"identityProviders\\\":{\\\"azureStaticWebApps\\\":{\\\"registration\\\":{\\\"clientId\\\":\\\"black-bush-020715303.5.azurestaticapps.net\\\"}}},\\\"legacyProperties\\\":{\\\"configVersion\\\":\\\"v2\\\",\\\"legacyVersion\\\":\\\"V2\\\"}}\n   *\n   * Sample value for preview environment (named 331):\n   * {\\\"platform\\\":{\\\"enabled\\\":true},\\\"globalValidation\\\":{\\\"excludedPaths\\\":[\\\"/.swa/health.html\\\"]},\\\"identityProviders\\\":{\\\"azureStaticWebApps\\\":{\\\"registration\\\":{\\\"clientId\\\":\\\"black-bush-020715303-331.westeurope.5.azurestaticapps.net\\\"}}},\\\"legacyProperties\\\":{\\\"configVersion\\\":\\\"v2\\\",\\\"legacyVersion\\\":\\\"V2\\\"}}\n   *\n   * The part we are interested in is the clientId value. We can extract this value and use it as the domain to form the siteUrl.\n   */\n\n  const config = process.env.WEBSITE_AUTH_V2_CONFIG_JSON;\n  const clientIdMatch = config?.match(/\"clientId\":\"([^\"]+)\"/);\n  return clientIdMatch ? `https://${clientIdMatch[1]}` : undefined;\n}\n","import { getBranch, getSha } from './git';\nimport { getPlatform, type Platform } from './platform';\nimport { getSiteUrlCombined } from './site-url';\n\nexport type Environment = {\n  /** The current environment. */\n  name?: 'development' | 'production' | 'test';\n\n  /** Whether the current environment is development. */\n  development: boolean;\n\n  /** Whether the current environment is production. */\n  production: boolean;\n\n  /** Whether the current environment is test. */\n  test: boolean;\n\n  /** The current platform. */\n  platform: Platform;\n\n  /** The current commit SHA. */\n  sha?: string;\n\n  /** The current branch name. */\n  branch?: string;\n\n  /** Whether the current branch is the main branch. */\n  main: boolean;\n};\n\nfunction getEnvironment(): Environment {\n  const env = process.env.NODE_ENV as Environment['name'];\n  const branch = getBranch();\n  const sha = getSha();\n  const platform = getPlatform();\n\n  return {\n    name: env,\n    development: env === 'development',\n    production: env === 'production',\n    test: env === 'test',\n    platform,\n    sha,\n    branch,\n    main: branch === 'main',\n  };\n}\n\nexport const environment = getEnvironment();\n\nexport interface SiteUrlOptions {\n  /** The default URL to use if no other URL is found. */\n  defaultValue: string;\n}\n\nexport function getSiteUrl({ defaultValue }: SiteUrlOptions): string {\n  const { development, main } = environment;\n  return getSiteUrlCombined({ development, main, defaultValue: defaultValue });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AASA,SAAgB,YAAgC;AAE9C,QACE,QAAQ,IAAI,mBACZ,QAAQ,IAAI,yBACZ,QAAQ,IAAI,mBACZ,kBAAkB;;;;;;;;;;;AAatB,SAAgB,SAA6B;AAE3C,QACE,SAAS,IAAI,cAAc,SAAS,IAAI,yBAAyB,SAAS,IAAI,uBAAuB,eAAe;;;;;;AAQxH,SAAS,gBAAoC;AAC3C,KAAI;AACF,MAAI,QAAQ,IAAI,iBAAiB,UAAU;GACzC,MAAM,EAAE,uBAAqB,qBAAqB;AAClD,UAAO,SAAS,qBAAqB,CAAC,UAAU,CAAC,MAAM;;SAEnD;AACN;;;;;;;AAQJ,SAAS,mBAAuC;AAC9C,KAAI;AACF,MAAI,QAAQ,IAAI,iBAAiB,UAAU;GACzC,MAAM,EAAE,uBAAqB,qBAAqB;AAClD,UAAO,SAAS,kCAAkC,CAAC,UAAU,CAAC,MAAM;;SAEhE;AACN;;;;;;ACrDJ,SAAgB,cAAwB;AACtC,KAAI,QAAQ,IAAI,6BAA8B,QAAO;UAE5C,QAAQ,IAAI,iCAAkC,QAAO;UACrD,QAAQ,IAAI,iBAAkB,QAAO;UACrC,QAAQ,IAAI,aAAc,QAAO;UACjC,QAAQ,IAAI,kBAAmB,QAAO;;;;;;;;;;ACEjD,SAAgB,mBAAmB,EAAE,aAAa,MAAM,gBAAgC;AAEtF,KAAI,YAAa,QAAO,oBAAoB,QAAQ,IAAI,QAAQ;AAGhE,KAAI,KAAM,QAAO;CAGjB,IAAI,QAAQ,kBAAkB;AAC9B,KAAI,SAAS,MAAM,SAAS,EAAG,QAAO;AAGtC,SAAQ,yBAAyB;AACjC,KAAI,SAAS,MAAM,SAAS,EAAG,QAAO;AAGtC,SAAQ,kBAAkB;AAC1B,KAAI,SAAS,MAAM,SAAS,EAAG,QAAO;AAGtC,SAAQ,QAAQ,IAAI;AACpB,KAAI,SAAS,MAAM,SAAS,EAAG,QAAO,WAAW;AAGjD,SAAQ,QAAQ,IAAI;AACpB,KAAI,SAAS,MAAM,SAAS,EAAG,QAAO;AAEtC,QAAO;;AAGT,SAAgB,mBAAuC;CAQrD,MAAM,SAAS,QAAQ,IAAI;CAC3B,MAAM,OAAO,QAAQ,IAAI;AACzB,KAAI,CAAC,UAAU,CAAC,KAAM,QAAO;AAC7B,QAAO,WAAW,KAAK,GAAG;;AAG5B,SAAgB,0BAA8C;CAQ5D,MAAM,QAAQ,QAAQ,IAAI;AAC1B,QAAO,QAAQ,WAAW,UAAU;;AAGtC,SAAgB,mBAAuC;CAerD,MAAM,gBADS,QAAQ,IAAI,6BACG,MAAM,uBAAuB;AAC3D,QAAO,gBAAgB,WAAW,cAAc,OAAO;;;;;AC1DzD,SAAS,iBAA8B;CACrC,MAAM;CACN,MAAM,SAAS,WAAW;CAC1B,MAAM,MAAM,QAAQ;CACpB,MAAM,WAAW,aAAa;AAE9B,QAAO;EACL,MAAM;EACN,aAAa,QAAQ;EACrB,YAAY,QAAQ;EACpB,MAAM,QAAQ;EACd;EACA;EACA;EACA,MAAM,WAAW;EAClB;;AAGH,MAAa,cAAc,gBAAgB;AAO3C,SAAgB,WAAW,EAAE,gBAAwC;CACnE,MAAM,EAAE,aAAa,SAAS;AAC9B,QAAO,mBAAmB;EAAE;EAAa;EAAoB;EAAc,CAAC"}

package/dist/browser/environment.d.ts

@@ -1,33 +0,0 @@
-//#region src/environment/platform.d.ts
-type Platform = 'azure_app_service' | 'azure_container_apps' | 'azure_static_web_app' | 'cloudflare_pages' | 'vercel' | undefined;
-//#endregion
-//#region src/environment/index.d.ts
-type Environment = {
-  /** The current environment. */
-  name?: 'development' | 'production' | 'test';
-  /** Whether the current environment is development. */
-  development: boolean;
-  /** Whether the current environment is production. */
-  production: boolean;
-  /** Whether the current environment is test. */
-  test: boolean;
-  /** The current platform. */
-  platform: Platform;
-  /** The current commit SHA. */
-  sha?: string;
-  /** The current branch name. */
-  branch?: string;
-  /** Whether the current branch is the main branch. */
-  main: boolean;
-};
-declare const environment: Environment;
-interface SiteUrlOptions {
-  /** The default URL to use if no other URL is found. */
-  defaultValue: string;
-}
-declare function getSiteUrl({
-  defaultValue
-}: SiteUrlOptions): string;
-//#endregion
-export { Environment, SiteUrlOptions, environment, getSiteUrl };
-//# sourceMappingURL=environment.d.ts.map

package/dist/browser/environment.js

@@ -1,3 +0,0 @@
-import { n as getSiteUrl, t as environment } from "./environment-DinhzwQn.js";
-
-export { environment, getSiteUrl };

package/dist/browser/github.js

@@ -1,199 +0,0 @@
-import "./environment-DinhzwQn.js";
-import { n as logger } from "./logger-B7HLv660.js";
-import { t as _defineProperty } from "./defineProperty-ie4tC-F5.js";
-import * as semver from "semver";
-import { z } from "zod/v4";
-
-//#region src/github/ghsa.ts
-const GHSA_GRAPHQL_API = "https://api.github.com/graphql";
-const GHSA_SECURITY_VULNERABILITIES_QUERY = `
-  query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {
-    securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {
-      nodes {
-        advisory {
-          identifiers {
-            type,
-            value
-          },
-          severity,
-          summary,
-          description,
-          references {
-            url
-          }
-          cvss {
-            score
-            vectorString
-          }
-          epss {
-            percentage
-            percentile
-          }
-          cwes (first: 100) {
-            nodes {
-              cweId
-              name
-              description
-            }
-          }
-          publishedAt
-          updatedAt
-          withdrawnAt
-          permalink
-        }
-        vulnerableVersionRange
-        firstPatchedVersion {
-          identifier
-        }
-      }
-    }
-  }
-`;
-const PackageEcosystemSchema = z.enum([
-	"COMPOSER",
-	"ERLANG",
-	"GO",
-	"ACTIONS",
-	"MAVEN",
-	"NPM",
-	"NUGET",
-	"PIP",
-	"PUB",
-	"RUBYGEMS",
-	"RUST",
-	"SWIFT"
-]);
-const PackageSchema = z.object({
-	name: z.string(),
-	version: z.string().nullish()
-});
-const SecurityAdvisoryIdentifierSchema = z.enum(["CVE", "GHSA"]);
-const SecurityAdvisorySeveritySchema = z.enum([
-	"LOW",
-	"MODERATE",
-	"HIGH",
-	"CRITICAL"
-]);
-const SecurityAdvisorySchema = z.object({
-	identifiers: z.array(z.object({
-		type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),
-		value: z.string()
-	})),
-	severity: SecurityAdvisorySeveritySchema.nullish(),
-	summary: z.string(),
-	description: z.string().nullish(),
-	references: z.array(z.object({ url: z.string() })).nullish(),
-	cvss: z.object({
-		score: z.number(),
-		vectorString: z.string()
-	}).nullish(),
-	epss: z.object({
-		percentage: z.number(),
-		percentile: z.number()
-	}).nullish(),
-	cwes: z.array(z.object({
-		cweId: z.string(),
-		name: z.string(),
-		description: z.string()
-	})).nullish(),
-	publishedAt: z.string().nullish(),
-	updatedAt: z.string().nullish(),
-	withdrawnAt: z.string().nullish(),
-	permalink: z.string().nullish()
-});
-const FirstPatchedVersionSchema = z.object({ identifier: z.string() });
-const SecurityVulnerabilitySchema = z.object({
-	package: PackageSchema,
-	advisory: SecurityAdvisorySchema,
-	vulnerableVersionRange: z.string(),
-	firstPatchedVersion: FirstPatchedVersionSchema.nullish()
-});
-function getGhsaPackageEcosystemFromDependabotPackageManager(dependabotPackageManager) {
-	switch (dependabotPackageManager) {
-		case "composer": return "COMPOSER";
-		case "elm": return "ERLANG";
-		case "github_actions": return "ACTIONS";
-		case "go_modules": return "GO";
-		case "maven": return "MAVEN";
-		case "npm_and_yarn": return "NPM";
-		case "nuget": return "NUGET";
-		case "pip": return "PIP";
-		case "pub": return "PUB";
-		case "bundler": return "RUBYGEMS";
-		case "cargo": return "RUST";
-		case "swift": return "SWIFT";
-		default: throw new Error(`Unknown dependabot package manager: ${dependabotPackageManager}`);
-	}
-}
-/**
-* GitHub GraphQL client
-*/
-var GitHubGraphClient = class {
-	constructor(accessToken) {
-		_defineProperty(this, "accessToken", void 0);
-		this.accessToken = accessToken;
-	}
-	/**
-	* Get the list of security vulnerabilities for a given package ecosystem and list of packages
-	* @param packageEcosystem
-	* @param packages
-	*/
-	async getSecurityVulnerabilitiesAsync(packageEcosystem, packages) {
-		return await this.batchGraphQueryAsync(100, packages, async (pkg) => {
-			const variables = {
-				ecosystem: packageEcosystem,
-				package: pkg.name
-			};
-			const response = await fetch(GHSA_GRAPHQL_API, {
-				method: "POST",
-				headers: {
-					Authorization: `Bearer ${this.accessToken}`,
-					"Content-Type": "application/json"
-				},
-				body: JSON.stringify({
-					query: GHSA_SECURITY_VULNERABILITIES_QUERY,
-					variables
-				})
-			});
-			if (!response.ok) throw new Error(`GHSA GraphQL request failed with response: ${response.status} ${response.statusText}`);
-			const responseData = await response.json();
-			const errors = responseData?.errors;
-			if (errors) throw new Error(`GHSA GraphQL request failed with errors: ${JSON.stringify(errors)}`);
-			return (responseData?.data?.securityVulnerabilities?.nodes)?.filter((v) => v?.advisory)?.map((v) => ({
-				package: pkg,
-				...v
-			}));
-		});
-	}
-	/**
-	* Batch requests in parallel to speed up the process when we are forced to do a N+1 query
-	* @param batchSize
-	* @param items
-	* @param action
-	* @returns
-	*/
-	async batchGraphQueryAsync(batchSize, items, action) {
-		const results = [];
-		for (let i = 0; i < items.length; i += batchSize) {
-			const batch = items.slice(i, i + batchSize);
-			if (batch?.length) try {
-				const batchResults = await Promise.all(batch.map(action));
-				if (batchResults?.length) results.push(...batchResults.flat());
-			} catch (error) {
-				logger.warn(`Request batch [${i}-${i + batchSize}] failed; The data may be incomplete. ${error}`);
-			}
-		}
-		return results;
-	}
-};
-function filterVulnerabilities(securityVulnerabilities) {
-	return securityVulnerabilities.filter((v) => !v.advisory.withdrawnAt).filter((v) => {
-		const pkg = v.package;
-		if (!pkg || !pkg.version || !v.vulnerableVersionRange) return false;
-		return v.vulnerableVersionRange.split(",").map((v$1) => v$1.trim()).every((r) => pkg.version && semver.satisfies(pkg.version, r));
-	});
-}
-
-//#endregion
-export { GitHubGraphClient, PackageEcosystemSchema, PackageSchema, SecurityAdvisoryIdentifierSchema, SecurityAdvisorySchema, SecurityAdvisorySeveritySchema, SecurityVulnerabilitySchema, filterVulnerabilities, getGhsaPackageEcosystemFromDependabotPackageManager };
-//# sourceMappingURL=github.js.map

package/dist/browser/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","names":["results: T2[]","v"],"sources":["../../src/github/ghsa.ts"],"sourcesContent":["import * as semver from 'semver';\nimport { z } from 'zod/v4';\n\nimport { logger } from '@/logger';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nconst GHSA_GRAPHQL_API = 'https://api.github.com/graphql';\n\nconst GHSA_SECURITY_VULNERABILITIES_QUERY = `\n  query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {\n    securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {\n      nodes {\n        advisory {\n          identifiers {\n            type,\n            value\n          },\n          severity,\n          summary,\n          description,\n          references {\n            url\n          }\n          cvss {\n            score\n            vectorString\n          }\n          epss {\n            percentage\n            percentile\n          }\n          cwes (first: 100) {\n            nodes {\n              cweId\n              name\n              description\n            }\n          }\n          publishedAt\n          updatedAt\n          withdrawnAt\n          permalink\n        }\n        vulnerableVersionRange\n        firstPatchedVersion {\n          identifier\n        }\n      }\n    }\n  }\n`;\n\nexport const PackageEcosystemSchema = z.enum([\n  'COMPOSER',\n  'ERLANG',\n  'GO',\n  'ACTIONS',\n  'MAVEN',\n  'NPM',\n  'NUGET',\n  'PIP',\n  'PUB',\n  'RUBYGEMS',\n  'RUST',\n  'SWIFT',\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const PackageSchema = z.object({\n  name: z.string(),\n  version: z.string().nullish(),\n});\nexport type Package = z.infer<typeof PackageSchema>;\n\nexport const SecurityAdvisoryIdentifierSchema = z.enum(['CVE', 'GHSA']);\nexport type SecurityAdvisoryIdentifierType = z.infer<typeof SecurityAdvisoryIdentifierSchema>;\n\nexport const SecurityAdvisorySeveritySchema = z.enum(['LOW', 'MODERATE', 'HIGH', 'CRITICAL']);\nexport type SecurityAdvisorySeverity = z.infer<typeof SecurityAdvisorySeveritySchema>;\n\nexport const SecurityAdvisorySchema = z.object({\n  identifiers: z.array(\n    z.object({\n      type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),\n      value: z.string(),\n    }),\n  ),\n  severity: SecurityAdvisorySeveritySchema.nullish(),\n  summary: z.string(),\n  description: z.string().nullish(),\n  references: z.array(z.object({ url: z.string() })).nullish(),\n  cvss: z\n    .object({\n      score: z.number(),\n      vectorString: z.string(),\n    })\n    .nullish(),\n  epss: z\n    .object({\n      percentage: z.number(),\n      percentile: z.number(),\n    })\n    .nullish(),\n  cwes: z\n    .array(\n      z.object({\n        cweId: z.string(),\n        name: z.string(),\n        description: z.string(),\n      }),\n    )\n    .nullish(),\n  publishedAt: z.string().nullish(),\n  updatedAt: z.string().nullish(),\n  withdrawnAt: z.string().nullish(),\n  permalink: z.string().nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisorySchema>;\n\nconst FirstPatchedVersionSchema = z.object({ identifier: z.string() });\nexport type FirstPatchedVersion = z.infer<typeof FirstPatchedVersionSchema>;\n\nexport const SecurityVulnerabilitySchema = z.object({\n  package: PackageSchema,\n  advisory: SecurityAdvisorySchema,\n  vulnerableVersionRange: z.string(),\n  firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n});\nexport type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;\n\nexport function getGhsaPackageEcosystemFromDependabotPackageManager(\n  dependabotPackageManager: string,\n): PackageEcosystem {\n  switch (dependabotPackageManager) {\n    case 'composer':\n      return 'COMPOSER';\n    case 'elm':\n      return 'ERLANG';\n    case 'github_actions':\n      return 'ACTIONS';\n    case 'go_modules':\n      return 'GO';\n    case 'maven':\n      return 'MAVEN';\n    case 'npm_and_yarn':\n      return 'NPM';\n    case 'nuget':\n      return 'NUGET';\n    case 'pip':\n      return 'PIP';\n    case 'pub':\n      return 'PUB';\n    case 'bundler':\n      return 'RUBYGEMS';\n    case 'cargo':\n      return 'RUST';\n    case 'swift':\n      return 'SWIFT';\n    default:\n      throw new Error(`Unknown dependabot package manager: ${dependabotPackageManager}`);\n  }\n}\n\n/**\n * GitHub GraphQL client\n */\nexport class GitHubGraphClient {\n  private readonly accessToken: string;\n\n  constructor(accessToken: string) {\n    this.accessToken = accessToken;\n  }\n\n  /**\n   * Get the list of security vulnerabilities for a given package ecosystem and list of packages\n   * @param packageEcosystem\n   * @param packages\n   */\n  public async getSecurityVulnerabilitiesAsync(\n    packageEcosystem: PackageEcosystem,\n    packages: Package[],\n  ): Promise<SecurityVulnerability[]> {\n    // GitHub API doesn't support querying multiple package at once, so we need to make a request for each package individually.\n    // To speed up the process, we can make the requests in parallel, 100 at a time. We batch the requests to avoid hitting the rate limit too quickly.\n    // https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api\n    const securityVulnerabilities = await this.batchGraphQueryAsync<Package, SecurityVulnerability>(\n      100,\n      packages,\n      async (pkg) => {\n        const variables = {\n          ecosystem: packageEcosystem,\n          package: pkg.name,\n        };\n        const response = await fetch(GHSA_GRAPHQL_API, {\n          method: 'POST',\n          headers: {\n            Authorization: `Bearer ${this.accessToken}`,\n            'Content-Type': 'application/json',\n          },\n          body: JSON.stringify({\n            query: GHSA_SECURITY_VULNERABILITIES_QUERY,\n            variables: variables,\n          }),\n        });\n        if (!response.ok) {\n          throw new Error(`GHSA GraphQL request failed with response: ${response.status} ${response.statusText}`);\n        }\n        const responseData = await response.json();\n        const errors = responseData?.errors;\n        if (errors) {\n          throw new Error(`GHSA GraphQL request failed with errors: ${JSON.stringify(errors)}`);\n        }\n\n        const vulnerabilities = responseData?.data?.securityVulnerabilities?.nodes;\n        // biome-ignore lint/suspicious/noExplicitAny: generic\n        return vulnerabilities?.filter((v: any) => v?.advisory)?.map((v: any) => ({ package: pkg, ...v }));\n      },\n    );\n\n    return securityVulnerabilities;\n  }\n\n  /**\n   * Batch requests in parallel to speed up the process when we are forced to do a N+1 query\n   * @param batchSize\n   * @param items\n   * @param action\n   * @returns\n   */\n  private async batchGraphQueryAsync<T1, T2>(batchSize: number, items: T1[], action: (item: T1) => Promise<T2[]>) {\n    const results: T2[] = [];\n    for (let i = 0; i < items.length; i += batchSize) {\n      const batch = items.slice(i, i + batchSize);\n      if (batch?.length) {\n        try {\n          const batchResults = await Promise.all(batch.map(action));\n          if (batchResults?.length) {\n            results.push(...batchResults.flat());\n          }\n        } catch (error) {\n          logger.warn(`Request batch [${i}-${i + batchSize}] failed; The data may be incomplete. ${error}`);\n        }\n      }\n    }\n    return results;\n  }\n}\n\nexport function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[] {\n  // Filter out vulnerabilities that have been withdrawn or that are not relevant the current version of the package\n  const affectedVulnerabilities = securityVulnerabilities\n    .filter((v) => !v.advisory.withdrawnAt)\n    .filter((v) => {\n      const pkg = v.package;\n      if (!pkg || !pkg.version || !v.vulnerableVersionRange) {\n        return false;\n      }\n\n      /**\n       * The vulnerable version range follows a basic syntax with a few forms:\n       *   `= 0.2.0` denotes a single vulnerable version\n       *   `<= 1.0.8` denotes a version range up to and including the specified version\n       *   `< 0.1.11` denotes a version range up to, but excluding, the specified version\n       *   `>= 4.3.0, < 4.3.5` denotes a version range with a known minimum and maximum version\n       *   `>= 0.0.1` denotes a version range with a known minimum, but no known maximum\n       */\n      const versionRangeRequirements = v.vulnerableVersionRange.split(',').map((v) => v.trim());\n      return versionRangeRequirements.every((r) => pkg.version && semver.satisfies(pkg.version, r));\n    });\n  return affectedVulnerabilities;\n}\n"],"mappings":";;;;;;;AAOA,MAAM,mBAAmB;AAEzB,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4C5C,MAAa,yBAAyB,EAAE,KAAK;CAC3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,gBAAgB,EAAE,OAAO;CACpC,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC9B,CAAC;AAGF,MAAa,mCAAmC,EAAE,KAAK,CAAC,OAAO,OAAO,CAAC;AAGvE,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAO;CAAY;CAAQ;CAAW,CAAC;AAG7F,MAAa,yBAAyB,EAAE,OAAO;CAC7C,aAAa,EAAE,MACb,EAAE,OAAO;EACP,MAAM,EAAE,MAAM,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAC;EAC7D,OAAO,EAAE,QAAQ;EAClB,CAAC,CACH;CACD,UAAU,+BAA+B,SAAS;CAClD,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;CAC5D,MAAM,EACH,OAAO;EACN,OAAO,EAAE,QAAQ;EACjB,cAAc,EAAE,QAAQ;EACzB,CAAC,CACD,SAAS;CACZ,MAAM,EACH,OAAO;EACN,YAAY,EAAE,QAAQ;EACtB,YAAY,EAAE,QAAQ;EACvB,CAAC,CACD,SAAS;CACZ,MAAM,EACH,MACC,EAAE,OAAO;EACP,OAAO,EAAE,QAAQ;EACjB,MAAM,EAAE,QAAQ;EAChB,aAAa,EAAE,QAAQ;EACxB,CAAC,CACH,CACA,SAAS;CACZ,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAM,4BAA4B,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAGtE,MAAa,8BAA8B,EAAE,OAAO;CAClD,SAAS;CACT,UAAU;CACV,wBAAwB,EAAE,QAAQ;CAClC,qBAAqB,0BAA0B,SAAS;CACzD,CAAC;AAGF,SAAgB,oDACd,0BACkB;AAClB,SAAQ,0BAAR;EACE,KAAK,WACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,UACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uCAAuC,2BAA2B;;;;;;AAOxF,IAAa,oBAAb,MAA+B;CAG7B,YAAY,aAAqB;wBAFhB;AAGf,OAAK,cAAc;;;;;;;CAQrB,MAAa,gCACX,kBACA,UACkC;AAsClC,SAlCgC,MAAM,KAAK,qBACzC,KACA,UACA,OAAO,QAAQ;GACb,MAAM,YAAY;IAChB,WAAW;IACX,SAAS,IAAI;IACd;GACD,MAAM,WAAW,MAAM,MAAM,kBAAkB;IAC7C,QAAQ;IACR,SAAS;KACP,eAAe,UAAU,KAAK;KAC9B,gBAAgB;KACjB;IACD,MAAM,KAAK,UAAU;KACnB,OAAO;KACI;KACZ,CAAC;IACH,CAAC;AACF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,8CAA8C,SAAS,OAAO,GAAG,SAAS,aAAa;GAEzG,MAAM,eAAe,MAAM,SAAS,MAAM;GAC1C,MAAM,SAAS,cAAc;AAC7B,OAAI,OACF,OAAM,IAAI,MAAM,4CAA4C,KAAK,UAAU,OAAO,GAAG;AAKvF,WAFwB,cAAc,MAAM,yBAAyB,QAE7C,QAAQ,MAAW,GAAG,SAAS,EAAE,KAAK,OAAY;IAAE,SAAS;IAAK,GAAG;IAAG,EAAE;IAErG;;;;;;;;;CAYH,MAAc,qBAA6B,WAAmB,OAAa,QAAqC;EAC9G,MAAMA,UAAgB,EAAE;AACxB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;GAChD,MAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,UAAU;AAC3C,OAAI,OAAO,OACT,KAAI;IACF,MAAM,eAAe,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAO,CAAC;AACzD,QAAI,cAAc,OAChB,SAAQ,KAAK,GAAG,aAAa,MAAM,CAAC;YAE/B,OAAO;AACd,WAAO,KAAK,kBAAkB,EAAE,GAAG,IAAI,UAAU,wCAAwC,QAAQ;;;AAIvG,SAAO;;;AAIX,SAAgB,sBAAsB,yBAA2E;AAqB/G,QAnBgC,wBAC7B,QAAQ,MAAM,CAAC,EAAE,SAAS,YAAY,CACtC,QAAQ,MAAM;EACb,MAAM,MAAM,EAAE;AACd,MAAI,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,EAAE,uBAC7B,QAAO;AAYT,SADiC,EAAE,uBAAuB,MAAM,IAAI,CAAC,KAAK,QAAMC,IAAE,MAAM,CAAC,CACzD,OAAO,MAAM,IAAI,WAAW,OAAO,UAAU,IAAI,SAAS,EAAE,CAAC;GAC7F"}

package/dist/browser/http.d.ts

@@ -1,121 +0,0 @@
-import { ZodType } from "zod/v4";
-
-//#region src/http/headers.d.ts
-declare const HEADER_NAME_CONTENT_DISPOSITION = "Content-Disposition";
-declare const HEADER_NAME_CONTENT_TYPE = "Content-Type";
-declare const HEADER_NAME_ACCEPT = "Accept";
-declare const HEADER_NAME_USER_AGENT = "User-Agent";
-declare const HEADER_NAME_AUTHORIZATION = "Authorization";
-//#endregion
-//#region src/http/multipart.d.ts
-declare class MultipartFormDataBody {
-  private type;
-  private boundary;
-  private parts;
-  encode(): Promise<Buffer>;
-  getBoundary(): string;
-  getContentType(): string;
-  add(name: string, value: string): void;
-  addFile(name: string, file: File): void;
-}
-//#endregion
-//#region src/http/problem.d.ts
-interface ProblemDetails {
-  type?: string;
-  /** The name/title of the error.*/
-  title: string;
-  /** A brief explanation/definition into the nature of the error. */
-  detail?: string | null;
-  /** Any additional error arguments passed to the client. */
-  extras?: unknown;
-  /** The HTTP status code */
-  status?: number;
-  statusText?: string;
-  errors?: Record<string, string[] | undefined>;
-  traceId?: string;
-}
-//#endregion
-//#region src/http/inner.d.ts
-type CreateInnerApiClientOptions = {
-  /**
-   * The base URL to use for the API.
-   * @example 'https://api.paklo.app'
-   */
-  baseUrl: string;
-  /** The token to use for authentication. This can be a JWT or specialized key. */
-  token?: string;
-};
-type RequestOptions = {
-  /**
-   * Value for the `User-Agent` header.
-   * This prepends the default value (e.g. `paklo/ab26320`)
-   * which is important when we need to propagate the browser information to the server.
-   */
-  userAgent?: string;
-};
-type ResourceResponse<T$1 = Record<string, unknown>> = {
-  /** The headers of the response. */
-  headers: Headers;
-  /** Whether the request was successful. */
-  successful: boolean;
-  /** The status code of the response. */
-  status: number;
-  /** The status text of the response. */
-  statusText: string;
-  /** The data of the response. */
-  data?: T$1;
-  /** The error of the response. */
-  error?: ProblemDetails;
-};
-type InnerRequestOptions<T$1> = RequestOptions & {
-  /**
-   * The base URL to use for the request.
-   * This overrides the default base URL.
-   * @example 'https://api.paklo.app'
-   */
-  baseUrl?: string;
-  /** Additional headers to use for the request. */
-  headers?: HeadersInit;
-  /** The payload to use for the request. */
-  payload?: Record<string, unknown> | MultipartFormDataBody | ReadableStream | XMLHttpRequestBodyInit;
-  /** The schema to use when parsing the response. */
-  schema?: ZodType<T$1>;
-};
-type InnerRequestOptionsComplete<T$1> = InnerRequestOptions<T$1> & {
-  /** The method to use for the request. */
-  method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
-  /** The URL to use for the request. */
-  url: string;
-};
-declare class InnerApiClient {
-  private readonly baseUrl;
-  private readonly headers;
-  private readonly token?;
-  /**
-   * Create a new API client.
-   * @param options The options to use for the client.
-   */
-  constructor({
-    baseUrl,
-    token
-  }: CreateInnerApiClientOptions);
-  get<T>(url: string, options?: InnerRequestOptions<T>): Promise<ResourceResponse<T>>;
-  post<T>(url: string, options?: InnerRequestOptions<T>): Promise<ResourceResponse<T>>;
-  put<T>(url: string, options?: InnerRequestOptions<T>): Promise<ResourceResponse<T>>;
-  patch<T>(url: string, options?: InnerRequestOptions<T>): Promise<ResourceResponse<T>>;
-  delete<T>(url: string, options?: InnerRequestOptions<T>): Promise<ResourceResponse<T>>;
-  request<T>(options: InnerRequestOptionsComplete<T>): Promise<ResourceResponse<T>>;
-  private makeUrl;
-}
-/** Http request error */
-declare class HttpRequestError extends Error {
-  code: number;
-  constructor(message: string, code: number);
-}
-declare function isErrorTemporaryFailure(e?: {
-  code?: string | number;
-  message?: string;
-} | null): boolean;
-//#endregion
-export { CreateInnerApiClientOptions, HEADER_NAME_ACCEPT, HEADER_NAME_AUTHORIZATION, HEADER_NAME_CONTENT_DISPOSITION, HEADER_NAME_CONTENT_TYPE, HEADER_NAME_USER_AGENT, HttpRequestError, InnerApiClient, InnerRequestOptions, ProblemDetails, RequestOptions, ResourceResponse, isErrorTemporaryFailure };
-//# sourceMappingURL=http.d.ts.map