@planu/cli 1.0.3 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/license-plans.json +4 -2
- package/dist/engine/ci-generator/yaml-builder.d.ts.map +1 -1
- package/dist/engine/ci-generator/yaml-builder.js +43 -0
- package/dist/engine/ci-generator/yaml-builder.js.map +1 -1
- package/dist/engine/dep-auditor/index.d.ts +2 -0
- package/dist/engine/dep-auditor/index.d.ts.map +1 -1
- package/dist/engine/dep-auditor/index.js +114 -42
- package/dist/engine/dep-auditor/index.js.map +1 -1
- package/dist/engine/dep-auditor/lockfile-parser.d.ts +26 -0
- package/dist/engine/dep-auditor/lockfile-parser.d.ts.map +1 -0
- package/dist/engine/dep-auditor/lockfile-parser.js +164 -0
- package/dist/engine/dep-auditor/lockfile-parser.js.map +1 -0
- package/dist/engine/dep-auditor/semver-utils.d.ts +19 -0
- package/dist/engine/dep-auditor/semver-utils.d.ts.map +1 -0
- package/dist/engine/dep-auditor/semver-utils.js +141 -0
- package/dist/engine/dep-auditor/semver-utils.js.map +1 -0
- package/dist/engine/dep-auditor/vuln-data.d.ts.map +1 -1
- package/dist/engine/dep-auditor/vuln-data.js +1 -20
- package/dist/engine/dep-auditor/vuln-data.js.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/tools/register-dep-audit-tools.d.ts +3 -0
- package/dist/tools/register-dep-audit-tools.d.ts.map +1 -0
- package/dist/tools/register-dep-audit-tools.js +157 -0
- package/dist/tools/register-dep-audit-tools.js.map +1 -0
- package/dist/tools/update-status/dod-gates.d.ts +14 -0
- package/dist/tools/update-status/dod-gates.d.ts.map +1 -1
- package/dist/tools/update-status/dod-gates.js +54 -0
- package/dist/tools/update-status/dod-gates.js.map +1 -1
- package/dist/tools/update-status/index.d.ts.map +1 -1
- package/dist/tools/update-status/index.js +6 -6
- package/dist/tools/update-status/index.js.map +1 -1
- package/dist/types/tooling/audit.d.ts +20 -0
- package/dist/types/tooling/audit.d.ts.map +1 -1
- package/dist/types/tooling/audit.js +1 -1
- package/dist/types/tooling/audit.js.map +1 -1
- package/dist/types/tooling/index.d.ts +1 -1
- package/dist/types/tooling/index.d.ts.map +1 -1
- package/dist/types/tooling.d.ts +1 -1
- package/dist/types/tooling.d.ts.map +1 -1
- package/package.json +4 -2
- package/src/config/license-plans.json +4 -2
|
@@ -89,7 +89,8 @@
|
|
|
89
89
|
"unregister_project_path",
|
|
90
90
|
"update_status",
|
|
91
91
|
"validate",
|
|
92
|
-
"worker_status"
|
|
92
|
+
"worker_status",
|
|
93
|
+
"security_scan"
|
|
93
94
|
],
|
|
94
95
|
"proTools": [
|
|
95
96
|
"a2a_delegate",
|
|
@@ -284,7 +285,8 @@
|
|
|
284
285
|
"velocity_report",
|
|
285
286
|
"velocity_trend",
|
|
286
287
|
"version_spec",
|
|
287
|
-
"workload_distribution"
|
|
288
|
+
"workload_distribution",
|
|
289
|
+
"security_scan_pro"
|
|
288
290
|
],
|
|
289
291
|
"alwaysAllowed": [
|
|
290
292
|
"activate_license",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"yaml-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/ci-generator/yaml-builder.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,KAAK,EACL,SAAS,EACT,mBAAmB,EACnB,cAAc,EAEd,cAAc,EACd,UAAU,EACV,eAAe,EACf,cAAc,EACf,MAAM,sBAAsB,CAAC;AAW9B,YAAY,EAAE,eAAe,EAAE,CAAC;AAuGhC,+CAA+C;AAC/C,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,CAe9D;
|
|
1
|
+
{"version":3,"file":"yaml-builder.d.ts","sourceRoot":"","sources":["../../../src/engine/ci-generator/yaml-builder.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,KAAK,EACL,SAAS,EACT,mBAAmB,EACnB,cAAc,EAEd,cAAc,EACd,UAAU,EACV,eAAe,EACf,cAAc,EACf,MAAM,sBAAsB,CAAC;AAW9B,YAAY,EAAE,eAAe,EAAE,CAAC;AAuGhC,+CAA+C;AAC/C,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,CAe9D;AA+MD;;GAEG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,mBAAmB,EAC9B,SAAS,EAAE,MAAM,EAAE,GAClB,KAAK,CAyCP;AAID;;GAEG;AACH,wBAAgB,aAAa,CAC3B,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,SAAS,EAAE,EACjB,QAAQ,EAAE,cAAc,EAAE,EAC1B,YAAY,EAAE,MAAM,EACpB,YAAY,CAAC,EAAE,eAAe,GAC7B,UAAU,CAwDZ;AAID;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,cAAc,EAAE,EAC/B,QAAQ,EAAE,cAAc,EAAE,EAC1B,YAAY,EAAE,MAAM,GACnB,UAAU,CAoCZ"}
|
|
@@ -223,6 +223,38 @@ function getSetupSteps(ctx) {
|
|
|
223
223
|
}
|
|
224
224
|
}
|
|
225
225
|
// -- Job factories -----------------------------------------------------------
|
|
226
|
+
// -- Security audit step builder (SPEC-335) ----------------------------------
|
|
227
|
+
/**
|
|
228
|
+
* Build a security audit step appropriate for the detected ecosystem.
|
|
229
|
+
* The step fails CI if high/critical vulnerabilities are found.
|
|
230
|
+
*/
|
|
231
|
+
function buildSecurityAuditStep(ctx) {
|
|
232
|
+
switch (ctx.ecosystem) {
|
|
233
|
+
case 'nodejs': {
|
|
234
|
+
const auditCmd = ctx.packageManager === 'pnpm'
|
|
235
|
+
? 'pnpm audit --audit-level=high'
|
|
236
|
+
: ctx.packageManager === 'yarn'
|
|
237
|
+
? 'yarn audit --level high'
|
|
238
|
+
: 'npm audit --audit-level=high';
|
|
239
|
+
return { name: 'Security audit', run: auditCmd };
|
|
240
|
+
}
|
|
241
|
+
case 'python':
|
|
242
|
+
return {
|
|
243
|
+
name: 'Security audit',
|
|
244
|
+
run: 'pip install pip-audit && pip-audit --require-hashes || pip install safety && safety check',
|
|
245
|
+
};
|
|
246
|
+
case 'go':
|
|
247
|
+
case 'rust':
|
|
248
|
+
case 'java':
|
|
249
|
+
case 'kotlin':
|
|
250
|
+
case 'ruby':
|
|
251
|
+
case 'php':
|
|
252
|
+
case 'dart':
|
|
253
|
+
case 'dotnet':
|
|
254
|
+
case 'unknown':
|
|
255
|
+
return null;
|
|
256
|
+
}
|
|
257
|
+
}
|
|
226
258
|
function buildLintJob(ctx) {
|
|
227
259
|
const steps = [...getSetupSteps(ctx), { name: 'Run linter', run: ctx.lintCommand }];
|
|
228
260
|
return { name: 'Lint', runsOn: 'ubuntu-latest', steps };
|
|
@@ -318,6 +350,17 @@ export function buildWorkflow(ctx, jobs, triggers, workflowName, driftOptions) {
|
|
|
318
350
|
jobMap.deploy = buildDeployJob(ctx, preDeployJobs);
|
|
319
351
|
jobOrder.push('deploy');
|
|
320
352
|
}
|
|
353
|
+
// SPEC-335: Add security audit job to all generated CI configs
|
|
354
|
+
const securityStep = buildSecurityAuditStep(ctx);
|
|
355
|
+
if (securityStep !== null) {
|
|
356
|
+
const securitySteps = [...getSetupSteps(ctx), securityStep];
|
|
357
|
+
jobMap['security-audit'] = {
|
|
358
|
+
name: 'Security Audit',
|
|
359
|
+
runsOn: 'ubuntu-latest',
|
|
360
|
+
needs: jobOrder.length > 0 && jobOrder[0] !== undefined ? [jobOrder[0]] : [],
|
|
361
|
+
steps: securitySteps,
|
|
362
|
+
};
|
|
363
|
+
}
|
|
321
364
|
if (driftOptions !== undefined) {
|
|
322
365
|
jobMap['planu-drift'] = buildDriftJob(driftOptions.specsDir, driftOptions.threshold, jobOrder);
|
|
323
366
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"yaml-builder.js","sourceRoot":"","sources":["../../../src/engine/ci-generator/yaml-builder.ts"],"names":[],"mappings":"AAAA,wFAAwF;AAaxF,OAAO,EACL,kBAAkB,EAClB,0BAA0B,EAC1B,sBAAsB,GACvB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,+EAA+E;AAE/E,SAAS,MAAM,CAAC,KAAe,EAAE,MAAc;IAC7C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,UAAqD;IAC1E,MAAM,KAAK,GAAa,CAAC,aAAa,CAAC,CAAC;IACxC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,SAAiC;IACrD,MAAM,KAAK,GAAa,CAAC,YAAY,CAAC,CAAC;IACvC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,GAAG,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,KAAK,GAAa,CAAC,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,KAAa,EAAE,GAAU;IAC7C,MAAM,KAAK,GAAa,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,KAAK,GAAG,EAAE,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,QAA0B;IACnD,MAAM,KAAK,GAAa,CAAC,KAAK,CAAC,CAAC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,MAAM;gBACT,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBAC5C,MAAM;YACR,KAAK,cAAc;gBACjB,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBAC5C,MAAM;YACR,KAAK,mBAAmB;gBACtB,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,UAAU;gBACb,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACtC,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,iBAAiB,CAAC,QAAoB;IACpD,MAAM,KAAK,GAAa;QACtB,SAAS,QAAQ,CAAC,IAAI,EAAE;QACxB,EAAE;QACF,GAAG,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvC,EAAE;QACF,OAAO;KACR,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACjC,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY;IACnB,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC;AAChE,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACxC,MAAM,KAAK,GAAa,CAAC,YAAY,EAAE,CAAC,CAAC;IAEzC,IAAI,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAChG,CAAC;IAED,KAAK,CAAC,IAAI,CAAC;QACT,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE;YACJ,cAAc,EAAE,OAAO;YACvB,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YACvD,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,KAAK,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;SACxD;KACF,CAAC,CAAC;IAEH,MAAM,UAAU,GACd,GAAG,CAAC,cAAc,KAAK,MAAM;QAC3B,CAAC,CAAC,gCAAgC;QAClC,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM;YAC7B,CAAC,CAAC,gCAAgC;YAClC,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,KAAK;gBAC5B,CAAC,CAAC,+BAA+B;gBACjC,CAAC,CAAC,QAAQ,CAAC;IAEnB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,GAAmB;IAChD,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,IAAI,MAAM,CAAC;IAC5C,MAAM,KAAK,GAAa;QACtB,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,yBAAyB,EAAE,IAAI,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE;KAC/F,CAAC;IAEF,IAAI,GAAG,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACvF,CAAC;SAAM,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,GAAmB;IAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC;IACxC,OAAO;QACL,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;KAChG,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAC;IAC5C,OAAO;QACL,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE;QAC3F,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,wBAAwB,EAAE;KACxD,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACxC,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,IAAI,SAAS,CAAC;IACvD,OAAO;QACL,YAAY,EAAE;QACd;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,uBAAuB;YAC7B,IAAI,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,YAAY,EAAE;SAChD;QACD,GAAG,CAAC,GAAG,CAAC,aAAa,KAAK,QAAQ;YAChC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;YACpE,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,sBAAsB;IAC7B,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB;IACxC,QAAQ,GAAG,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,QAAQ;YACX,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,QAAQ;YACX,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAC;QACpC,KAAK,IAAI;YACP,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,MAAM;YACT,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf;YACE,OAAO,sBAAsB,EAAE,CAAC;IACpC,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,GAAmB;IACvC,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9F,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,YAAY,CAAC,GAAmB;IACvC,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7F,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB,EAAE,SAAmB;IAC7D,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IAClG,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAC7E,CAAC;AAED,SAAS,cAAc,CAAC,GAAmB,EAAE,SAAmB;IAC9D,MAAM,KAAK,GAAa;QACtB,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,6CAA6C,EAAE;KACvE,CAAC;IAEF,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CACR,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,+BAA+B,EAAE,EACvE,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,EAAE,8BAA8B,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,eAAe;QACvB,KAAK,EAAE,SAAS;QAChB,KAAK;QACL,GAAG,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,SAA8B,EAC9B,SAAmB;IAEnB,MAAM,YAAY,GAAG;QACnB,yDAAyD,QAAQ,cAAc;QAC/E,4BAA4B;QAC5B,kDAAkD;QAClD,MAAM;QACN,mDAAmD;QACnD,IAAI;KACL,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,KAAK,GAAa;QACtB,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,EAAE;QAClF;YACE,IAAI,EAAE,mBAAmB;YACzB,EAAE,EAAE,OAAO;YACX,GAAG,EAAE,YAAY;SACR;KACZ,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG;YACjB,gCAAgC,SAAS,yCAAyC;YAClF,QAAQ;SACT,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,iDAAiD;YACrD,GAAG,EAAE,UAAU;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,eAAe;QACvB,KAAK,EAAE,SAAS;QAChB,KAAK;QACL,OAAO,EAAE;YACP,gBAAgB,EAAE,8CAA8C;SACjE;KACF,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAmB,EACnB,IAAiB,EACjB,QAA0B,EAC1B,YAAoB,EACpB,YAA8B;IAE9B,MAAM,MAAM,GAA0B,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAE5D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,CAAC,aAAa,CAAC,GAAG,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,QAAQ,GACZ,YAAY;SACT,WAAW,EAAE;SACb,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAEzC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,qBAAqB,QAAQ,EAAE;QACzC,QAAQ;QACR,IAAI,EAAE,MAAM;KACb,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,aAA+B,EAC/B,QAA0B,EAC1B,YAAoB;IAEpB,MAAM,MAAM,GAA0B,EAAE,CAAC;IAEzC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,UAAU,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,CAAC,gBAAgB,CAAC,GAAG;gBACzB,GAAG,0BAA0B,CAAC,MAAM,CAAC;gBACrC,KAAK,EAAE,CAAC,UAAU,CAAC;aACpB,CAAC;YACF,MAAM,CAAC,cAAc,CAAC,GAAG;gBACvB,GAAG,sBAAsB,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,CAAC,UAAU,CAAC;aACpB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM,CAAC,cAAc,CAAC,GAAG;gBACvB,GAAG,wBAAwB,CAAC,MAAM,CAAC;gBACnC,KAAK,EAAE,CAAC,cAAc,CAAC;aACxB,CAAC;YACF,MAAM,CAAC,gBAAgB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GACZ,YAAY;SACT,WAAW,EAAE;SACb,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAEzC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,qBAAqB,QAAQ,EAAE;QACzC,QAAQ;QACR,IAAI,EAAE,MAAM;KACb,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"yaml-builder.js","sourceRoot":"","sources":["../../../src/engine/ci-generator/yaml-builder.ts"],"names":[],"mappings":"AAAA,wFAAwF;AAaxF,OAAO,EACL,kBAAkB,EAClB,0BAA0B,EAC1B,sBAAsB,GACvB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,+EAA+E;AAE/E,SAAS,MAAM,CAAC,KAAe,EAAE,MAAc;IAC7C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,UAAqD;IAC1E,MAAM,KAAK,GAAa,CAAC,aAAa,CAAC,CAAC;IACxC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,UAAU,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,SAAiC;IACrD,MAAM,KAAK,GAAa,CAAC,YAAY,CAAC,CAAC;IACvC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,GAAG,EAAE,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,KAAK,GAAa,CAAC,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACZ,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,KAAa,EAAE,GAAU;IAC7C,MAAM,KAAK,GAAa,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACzC,IAAI,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,KAAK,GAAG,EAAE,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,QAA0B;IACnD,MAAM,KAAK,GAAa,CAAC,KAAK,CAAC,CAAC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,QAAQ,OAAO,EAAE,CAAC;YAChB,KAAK,MAAM;gBACT,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBAC5C,MAAM;YACR,KAAK,cAAc;gBACjB,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBAC5C,MAAM;YACR,KAAK,mBAAmB;gBACtB,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,UAAU;gBACb,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACtC,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,iBAAiB,CAAC,QAAoB;IACpD,MAAM,KAAK,GAAa;QACtB,SAAS,QAAQ,CAAC,IAAI,EAAE;QACxB,EAAE;QACF,GAAG,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACvC,EAAE;QACF,OAAO;KACR,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACjC,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY;IACnB,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC;AAChE,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACxC,MAAM,KAAK,GAAa,CAAC,YAAY,EAAE,CAAC,CAAC;IAEzC,IAAI,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAChG,CAAC;IAED,KAAK,CAAC,IAAI,CAAC;QACT,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE;YACJ,cAAc,EAAE,OAAO;YACvB,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;YACvD,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,KAAK,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;SACxD;KACF,CAAC,CAAC;IAEH,MAAM,UAAU,GACd,GAAG,CAAC,cAAc,KAAK,MAAM;QAC3B,CAAC,CAAC,gCAAgC;QAClC,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM;YAC7B,CAAC,CAAC,gCAAgC;YAClC,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,KAAK;gBAC5B,CAAC,CAAC,+BAA+B;gBACjC,CAAC,CAAC,QAAQ,CAAC;IAEnB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,GAAmB;IAChD,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,IAAI,MAAM,CAAC;IAC5C,MAAM,KAAK,GAAa;QACtB,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,yBAAyB,EAAE,IAAI,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE;KAC/F,CAAC;IAEF,IAAI,GAAG,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACvF,CAAC;SAAM,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,GAAmB;IAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC;IACxC,OAAO;QACL,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;KAChG,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAC;IAC5C,OAAO;QACL,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE;QAC3F,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,wBAAwB,EAAE;KACxD,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACxC,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,IAAI,SAAS,CAAC;IACvD,OAAO;QACL,YAAY,EAAE;QACd;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,uBAAuB;YAC7B,IAAI,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,YAAY,EAAE;SAChD;QACD,GAAG,CAAC,GAAG,CAAC,aAAa,KAAK,QAAQ;YAChC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;YACpE,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,sBAAsB;IAC7B,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB;IACxC,QAAQ,GAAG,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,QAAQ;YACX,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,QAAQ;YACX,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAC;QACpC,KAAK,IAAI;YACP,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAChC,KAAK,MAAM;YACT,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ;YACX,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf;YACE,OAAO,sBAAsB,EAAE,CAAC;IACpC,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,sBAAsB,CAAC,GAAmB;IACjD,QAAQ,GAAG,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,QAAQ,GACZ,GAAG,CAAC,cAAc,KAAK,MAAM;gBAC3B,CAAC,CAAC,+BAA+B;gBACjC,CAAC,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM;oBAC7B,CAAC,CAAC,yBAAyB;oBAC3B,CAAC,CAAC,8BAA8B,CAAC;YACvC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;QACnD,CAAC;QACD,KAAK,QAAQ;YACX,OAAO;gBACL,IAAI,EAAE,gBAAgB;gBACtB,GAAG,EAAE,2FAA2F;aACjG,CAAC;QACJ,KAAK,IAAI,CAAC;QACV,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAmB;IACvC,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9F,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,YAAY,CAAC,GAAmB;IACvC,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7F,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB,EAAE,SAAmB;IAC7D,MAAM,KAAK,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IAClG,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAC7E,CAAC;AAED,SAAS,cAAc,CAAC,GAAmB,EAAE,SAAmB;IAC9D,MAAM,KAAK,GAAa;QACtB,YAAY,EAAE;QACd,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,6CAA6C,EAAE;KACvE,CAAC;IAEF,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CACR,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,+BAA+B,EAAE,EACvE,EAAE,IAAI,EAAE,oBAAoB,EAAE,GAAG,EAAE,8BAA8B,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,eAAe;QACvB,KAAK,EAAE,SAAS;QAChB,KAAK;QACL,GAAG,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,SAA8B,EAC9B,SAAmB;IAEnB,MAAM,YAAY,GAAG;QACnB,yDAAyD,QAAQ,cAAc;QAC/E,4BAA4B;QAC5B,kDAAkD;QAClD,MAAM;QACN,mDAAmD;QACnD,IAAI;KACL,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,KAAK,GAAa;QACtB,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,EAAE;QAClF;YACE,IAAI,EAAE,mBAAmB;YACzB,EAAE,EAAE,OAAO;YACX,GAAG,EAAE,YAAY;SACR;KACZ,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG;YACjB,gCAAgC,SAAS,yCAAyC;YAClF,QAAQ;SACT,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,eAAe;YACrB,EAAE,EAAE,iDAAiD;YACrD,GAAG,EAAE,UAAU;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,eAAe;QACvB,KAAK,EAAE,SAAS;QAChB,KAAK;QACL,OAAO,EAAE;YACP,gBAAgB,EAAE,8CAA8C;SACjE;KACF,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,GAAmB,EACnB,IAAiB,EACjB,QAA0B,EAC1B,YAAoB,EACpB,YAA8B;IAE9B,MAAM,MAAM,GAA0B,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC;IAE1E,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAE5D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,MAAM,GAAG,cAAc,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,+DAA+D;IAC/D,MAAM,YAAY,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACjD,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAa,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,CAAC;QACtE,MAAM,CAAC,gBAAgB,CAAC,GAAG;YACzB,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,eAAe;YACvB,KAAK,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;YAC5E,KAAK,EAAE,aAAa;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,CAAC,aAAa,CAAC,GAAG,aAAa,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,QAAQ,GACZ,YAAY;SACT,WAAW,EAAE;SACb,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAEzC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,qBAAqB,QAAQ,EAAE;QACzC,QAAQ;QACR,IAAI,EAAE,MAAM;KACb,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,aAA+B,EAC/B,QAA0B,EAC1B,YAAoB;IAEpB,MAAM,MAAM,GAA0B,EAAE,CAAC;IAEzC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,IAAI,MAAM,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,UAAU,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAChD,MAAM,CAAC,gBAAgB,CAAC,GAAG;gBACzB,GAAG,0BAA0B,CAAC,MAAM,CAAC;gBACrC,KAAK,EAAE,CAAC,UAAU,CAAC;aACpB,CAAC;YACF,MAAM,CAAC,cAAc,CAAC,GAAG;gBACvB,GAAG,sBAAsB,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,CAAC,UAAU,CAAC;aACpB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACpD,MAAM,CAAC,cAAc,CAAC,GAAG;gBACvB,GAAG,wBAAwB,CAAC,MAAM,CAAC;gBACnC,KAAK,EAAE,CAAC,cAAc,CAAC;aACxB,CAAC;YACF,MAAM,CAAC,gBAAgB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GACZ,YAAY;SACT,WAAW,EAAE;SACb,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAEzC,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,qBAAqB,QAAQ,EAAE;QACzC,QAAQ;QACR,IAAI,EAAE,MAAM;KACb,CAAC;AACJ,CAAC"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import type { DepAuditReport } from '../../types/index.js';
|
|
2
2
|
export { formatDepAuditMarkdown, formatDepAuditAcceptanceCriteria } from './formatters.js';
|
|
3
|
+
/** Clear the CVE cache — intended for use in tests only. */
|
|
4
|
+
export declare function clearCveCache(): void;
|
|
3
5
|
/**
|
|
4
6
|
* Audit all dependencies of a project at projectPath.
|
|
5
7
|
* Scans package.json (npm), requirements.txt (python), go.mod (go),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/index.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAEV,cAAc,EAIf,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,sBAAsB,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AAS3F,4DAA4D;AAC5D,wBAAgB,aAAa,IAAI,IAAI,CAEpC;AAkHD;;;;GAIG;AACH,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CA2C5E"}
|
|
@@ -1,63 +1,103 @@
|
|
|
1
|
-
// dep-auditor/index.ts — Main dependency audit orchestrator (SPEC-025)
|
|
1
|
+
// dep-auditor/index.ts — Main dependency audit orchestrator (SPEC-025, SPEC-335)
|
|
2
2
|
// Combines license checking, vuln detection, abandonment heuristics, and duplicate detection.
|
|
3
3
|
import { readFile } from 'node:fs/promises';
|
|
4
4
|
import { join } from 'node:path';
|
|
5
5
|
import { readManifest } from '../stack-auditor/manifest-reader.js';
|
|
6
6
|
import { checkLicense, isCommercialProject } from './license-checker.js';
|
|
7
7
|
import { detectDuplicates } from './dep-duplicates-detector.js';
|
|
8
|
-
import { getVulns } from './vuln-data.js';
|
|
8
|
+
import { getVulns, KNOWN_VULNS } from './vuln-data.js';
|
|
9
9
|
import { getAbandonedInfo, classifyEntry } from './abandonment-data.js';
|
|
10
|
+
import { fetchNpmCve } from './cve-fetcher.js';
|
|
11
|
+
import { parseTransitiveDeps } from './lockfile-parser.js';
|
|
10
12
|
export { formatDepAuditMarkdown, formatDepAuditAcceptanceCriteria } from './formatters.js';
|
|
13
|
+
// ---------------------------------------------------------------------------
|
|
14
|
+
// 1h in-memory CVE cache
|
|
15
|
+
// ---------------------------------------------------------------------------
|
|
16
|
+
const cveCache = new Map();
|
|
17
|
+
const CVE_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
|
|
18
|
+
/** Clear the CVE cache — intended for use in tests only. */
|
|
19
|
+
export function clearCveCache() {
|
|
20
|
+
cveCache.clear();
|
|
21
|
+
}
|
|
22
|
+
async function fetchNpmCveCached(pkg, version) {
|
|
23
|
+
const cacheKey = `${pkg}@${version}`;
|
|
24
|
+
const now = Date.now();
|
|
25
|
+
const cached = cveCache.get(cacheKey);
|
|
26
|
+
if (cached && cached.expiresAt > now) {
|
|
27
|
+
return cached.data;
|
|
28
|
+
}
|
|
29
|
+
const data = await fetchNpmCve(pkg, version);
|
|
30
|
+
cveCache.set(cacheKey, { data, expiresAt: now + CVE_CACHE_TTL_MS });
|
|
31
|
+
return data;
|
|
32
|
+
}
|
|
33
|
+
/** Build DepVuln entries from live CveFinding results, marking as transitive if needed. */
|
|
34
|
+
function cveToDepVulns(findings, transitive) {
|
|
35
|
+
return findings.map((f) => ({
|
|
36
|
+
cveId: f.cveId,
|
|
37
|
+
severity: f.severity,
|
|
38
|
+
description: f.title,
|
|
39
|
+
fixedIn: f.fixedIn ?? undefined,
|
|
40
|
+
...(transitive ? { transitive: true } : {}),
|
|
41
|
+
}));
|
|
42
|
+
}
|
|
11
43
|
/**
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
* Cargo.toml (rust), pom.xml (java).
|
|
44
|
+
* Merge hardcoded vulns with live API vulns. Live results take precedence:
|
|
45
|
+
* if a CVE ID appears in both, keep the live version.
|
|
15
46
|
*/
|
|
16
|
-
|
|
17
|
-
const
|
|
18
|
-
const
|
|
19
|
-
|
|
20
|
-
|
|
47
|
+
function mergeVulns(hardcoded, live) {
|
|
48
|
+
const liveCveIds = new Set(live.map((v) => v.cveId));
|
|
49
|
+
const filteredHardcoded = hardcoded.filter((v) => !liveCveIds.has(v.cveId));
|
|
50
|
+
return [...filteredHardcoded, ...live];
|
|
51
|
+
}
|
|
52
|
+
/** Build a DepAuditEntry for a single direct dependency. */
|
|
53
|
+
async function buildDirectEntry(name, version, ecosystem, licenseMap) {
|
|
54
|
+
const hardcodedVulns = getVulns(name, version);
|
|
55
|
+
let liveVulns = [];
|
|
56
|
+
if (ecosystem === 'nodejs' && name in KNOWN_VULNS) {
|
|
21
57
|
try {
|
|
22
|
-
const
|
|
23
|
-
|
|
24
|
-
isCommercialProject(pkgJson);
|
|
58
|
+
const findings = await fetchNpmCveCached(name, version);
|
|
59
|
+
liveVulns = cveToDepVulns(findings, false);
|
|
25
60
|
}
|
|
26
61
|
catch {
|
|
27
|
-
//
|
|
62
|
+
// silently fall back to hardcoded list
|
|
28
63
|
}
|
|
29
64
|
}
|
|
30
|
-
const
|
|
31
|
-
const
|
|
32
|
-
const
|
|
33
|
-
const
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
65
|
+
const vulns = mergeVulns(hardcodedVulns, liveVulns);
|
|
66
|
+
const licenseRaw = licenseMap[name] ?? '';
|
|
67
|
+
const license = checkLicense(licenseRaw);
|
|
68
|
+
const abandoned = getAbandonedInfo(name);
|
|
69
|
+
return { name, currentVersion: version, ecosystem, vulns, license, abandoned };
|
|
70
|
+
}
|
|
71
|
+
/** Build transitive-only vuln entries (packages not in direct deps). */
|
|
72
|
+
async function buildTransitiveEntries(transitiveOnlyEntries, ecosystem) {
|
|
73
|
+
const results = await Promise.all(transitiveOnlyEntries.map(async ([name, version]) => {
|
|
74
|
+
const hardcoded = getVulns(name, version).map((v) => ({ ...v, transitive: true }));
|
|
75
|
+
let liveVulns = [];
|
|
76
|
+
if (name in KNOWN_VULNS) {
|
|
77
|
+
try {
|
|
78
|
+
liveVulns = cveToDepVulns(await fetchNpmCveCached(name, version), true);
|
|
79
|
+
}
|
|
80
|
+
catch {
|
|
81
|
+
/* fall back to hardcoded */
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
const vulns = mergeVulns(hardcoded, liveVulns);
|
|
85
|
+
if (vulns.length === 0) {
|
|
86
|
+
return null;
|
|
87
|
+
}
|
|
39
88
|
return {
|
|
40
89
|
name,
|
|
41
90
|
currentVersion: version,
|
|
42
91
|
ecosystem,
|
|
43
92
|
vulns,
|
|
44
|
-
license,
|
|
45
|
-
abandoned,
|
|
93
|
+
license: checkLicense(''),
|
|
94
|
+
abandoned: getAbandonedInfo(name),
|
|
46
95
|
};
|
|
47
|
-
});
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
for (const pkg of dup.packages) {
|
|
53
|
-
duplicateCategories.set(pkg, dup.category);
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
// Tag duplicate groups on entries
|
|
57
|
-
const taggedEntries = entries.map((e) => {
|
|
58
|
-
const grp = duplicateCategories.get(e.name);
|
|
59
|
-
return grp ? { ...e, duplicateGroup: grp } : e;
|
|
60
|
-
});
|
|
96
|
+
}));
|
|
97
|
+
return results.filter((e) => e !== null);
|
|
98
|
+
}
|
|
99
|
+
/** Classify tagged entries into critical / warnings / clean buckets. */
|
|
100
|
+
function classifyEntries(taggedEntries) {
|
|
61
101
|
const critical = [];
|
|
62
102
|
const warnings = [];
|
|
63
103
|
const clean = [];
|
|
@@ -73,9 +113,41 @@ export async function auditDeps(projectPath) {
|
|
|
73
113
|
clean.push(entry);
|
|
74
114
|
}
|
|
75
115
|
}
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
116
|
+
return { critical, warnings, clean };
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Audit all dependencies of a project at projectPath.
|
|
120
|
+
* Scans package.json (npm), requirements.txt (python), go.mod (go),
|
|
121
|
+
* Cargo.toml (rust), pom.xml (java).
|
|
122
|
+
*/
|
|
123
|
+
export async function auditDeps(projectPath) {
|
|
124
|
+
const manifest = await readManifest(projectPath);
|
|
125
|
+
const ecosystem = manifest.ecosystem;
|
|
126
|
+
if (ecosystem === 'nodejs') {
|
|
127
|
+
try {
|
|
128
|
+
isCommercialProject(await readFile(join(projectPath, 'package.json'), 'utf-8'));
|
|
129
|
+
}
|
|
130
|
+
catch {
|
|
131
|
+
/* default: assume commercial */
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
const deps = manifest.directDependencies;
|
|
135
|
+
const depNames = Object.keys(deps);
|
|
136
|
+
const licenseMap = await buildLicenseMap(projectPath, ecosystem);
|
|
137
|
+
const entries = await Promise.all(depNames.map((name) => buildDirectEntry(name, deps[name] ?? 'unknown', ecosystem, licenseMap)));
|
|
138
|
+
const transitiveOnlyEntries = ecosystem === 'nodejs'
|
|
139
|
+
? [...(await parseTransitiveDeps(projectPath)).entries()].filter(([n]) => !new Set(depNames).has(n))
|
|
140
|
+
: [];
|
|
141
|
+
const transitiveVulnEntries = await buildTransitiveEntries(transitiveOnlyEntries, ecosystem);
|
|
142
|
+
const duplicates = detectDuplicates(depNames);
|
|
143
|
+
const dupCategories = new Map(duplicates.flatMap((d) => d.packages.map((p) => [p, d.category])));
|
|
144
|
+
const tagged = [...entries, ...transitiveVulnEntries].map((e) => {
|
|
145
|
+
const grp = dupCategories.get(e.name);
|
|
146
|
+
return grp ? { ...e, duplicateGroup: grp } : e;
|
|
147
|
+
});
|
|
148
|
+
const { critical, warnings, clean } = classifyEntries(tagged);
|
|
149
|
+
const summary = buildSummary(depNames.length, critical.length, warnings.length, duplicates.length);
|
|
150
|
+
return { ecosystem, totalDeps: depNames.length, critical, warnings, clean, duplicates, summary };
|
|
79
151
|
}
|
|
80
152
|
async function buildLicenseMap(projectPath, ecosystem) {
|
|
81
153
|
if (ecosystem !== 'nodejs') {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/index.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,8FAA8F;AAC9F,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAS3D,OAAO,EAAE,sBAAsB,EAAE,gCAAgC,EAAE,MAAM,iBAAiB,CAAC;AAE3F,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAqD,CAAC;AAC9E,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAElD,4DAA4D;AAC5D,MAAM,UAAU,aAAa;IAC3B,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAW,EAAE,OAAe;IAC3D,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,OAAO,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;QACrC,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC7C,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,GAAG,gBAAgB,EAAE,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,2FAA2F;AAC3F,SAAS,aAAa,CAAC,QAAsB,EAAE,UAAmB;IAChE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1B,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,KAAK;QACpB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,SAAS;QAC/B,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,SAAoB,EAAE,IAAe;IACvD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,iBAAiB,EAAE,GAAG,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,4DAA4D;AAC5D,KAAK,UAAU,gBAAgB,CAC7B,IAAY,EACZ,OAAe,EACf,SAAiB,EACjB,UAAkC;IAElC,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,SAAS,GAAc,EAAE,CAAC;IAC9B,IAAI,SAAS,KAAK,QAAQ,IAAI,IAAI,IAAI,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxD,SAAS,GAAG,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAmB,YAAY,CAAC,UAAU,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACjF,CAAC;AAED,wEAAwE;AACxE,KAAK,UAAU,sBAAsB,CACnC,qBAAyC,EACzC,SAAiB;IAEjB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,qBAAqB,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE;QAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnF,IAAI,SAAS,GAAc,EAAE,CAAC;QAC9B,IAAI,IAAI,IAAI,WAAW,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,SAAS,GAAG,aAAa,CAAC,MAAM,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,CAAC;YAC1E,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC/C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,IAAI;YACJ,cAAc,EAAE,OAAO;YACvB,SAAS;YACT,KAAK;YACL,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;YACzB,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IACF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,wEAAwE;AACxE,SAAS,eAAe,CAAC,aAA8B;IAKrD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,WAAmB;IACjD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;IAErC,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,mBAAmB,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,kBAAkB,CAAC;IACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAEjE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CAC/F,CAAC;IAEF,MAAM,qBAAqB,GACzB,SAAS,KAAK,QAAQ;QACpB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAC5D,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CACnC;QACH,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,qBAAqB,GAAG,MAAM,sBAAsB,CAAC,qBAAqB,EAAE,SAAS,CAAC,CAAC;IAE7F,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjG,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,EAAE,GAAG,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC9D,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,YAAY,CAC1B,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,MAAM,EACf,UAAU,CAAC,MAAM,CAClB,CAAC;IACF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACnG,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,WAAmB,EACnB,SAAiB;IAEjB,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;QAC9D,MAAM,OAAO,GAAG;YACd,GAAG,CAAE,MAAM,CAAC,YAAmD,IAAI,EAAE,CAAC;YACtE,GAAG,CAAE,MAAM,CAAC,eAAsD,IAAI,EAAE,CAAC;SAC1E,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAC3B,IAAI,CAAC,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,cAAc,CAAC,EAC1D,OAAO,CACR,CAAC;gBACF,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA4B,CAAC;gBAChE,IAAI,OAAO,SAAS,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC1C,UAAU,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;gBAC1C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,yDAAyD;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,YAAY,CACnB,KAAa,EACb,aAAqB,EACrB,YAAoB,EACpB,cAAsB;IAEtB,MAAM,KAAK,GAAa,CAAC,GAAG,KAAK,iBAAiB,CAAC,CAAC;IACpD,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,oBAAoB,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,aAAa,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,GAAG,cAAc,8BAA8B,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,aAAa,KAAK,CAAC,IAAI,YAAY,KAAK,CAAC,IAAI,cAAc,KAAK,CAAC,EAAE,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parse transitive deps from the project lockfile.
|
|
3
|
+
* Returns Map<packageName, installedVersion> for ALL deps (direct + transitive).
|
|
4
|
+
* Falls back to direct deps from package.json if no lockfile found.
|
|
5
|
+
*/
|
|
6
|
+
export declare function parseTransitiveDeps(projectPath: string): Promise<Map<string, string>>;
|
|
7
|
+
/**
|
|
8
|
+
* Parse pnpm-lock.yaml v9 format.
|
|
9
|
+
* v9 format has a `snapshots:` section with entries like:
|
|
10
|
+
* pkg@version:
|
|
11
|
+
* ...
|
|
12
|
+
* and a `packages:` section with entries like:
|
|
13
|
+
* /pkg/version:
|
|
14
|
+
* ...
|
|
15
|
+
* We parse both sections to extract all package names and versions.
|
|
16
|
+
*/
|
|
17
|
+
export declare function parsePnpmLockYaml(raw: string): Map<string, string>;
|
|
18
|
+
/**
|
|
19
|
+
* Parse package-lock.json v2/v3 format.
|
|
20
|
+
* v3: top-level `packages` object with keys like "node_modules/pkg" or
|
|
21
|
+
* "node_modules/pkg/node_modules/nested-pkg".
|
|
22
|
+
* v2: both `packages` and `dependencies` present.
|
|
23
|
+
* v1: only `dependencies` present (older format).
|
|
24
|
+
*/
|
|
25
|
+
export declare function parsePackageLockJson(raw: string): Map<string, string>;
|
|
26
|
+
//# sourceMappingURL=lockfile-parser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lockfile-parser.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/lockfile-parser.ts"],"names":[],"mappings":"AAOA;;;;GAIG;AACH,wBAAsB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAe3F;AAaD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CA8BlE;AAkBD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAgCrE"}
|
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
// dep-auditor/lockfile-parser.ts — Transitive dependency walker (SPEC-335)
|
|
2
|
+
// Reads pnpm-lock.yaml (v9) or package-lock.json (v2/v3) to build a full
|
|
3
|
+
// flat map of all installed packages including transitive dependencies.
|
|
4
|
+
import { readFile } from 'node:fs/promises';
|
|
5
|
+
import { join } from 'node:path';
|
|
6
|
+
/**
|
|
7
|
+
* Parse transitive deps from the project lockfile.
|
|
8
|
+
* Returns Map<packageName, installedVersion> for ALL deps (direct + transitive).
|
|
9
|
+
* Falls back to direct deps from package.json if no lockfile found.
|
|
10
|
+
*/
|
|
11
|
+
export async function parseTransitiveDeps(projectPath) {
|
|
12
|
+
// Try pnpm-lock.yaml first
|
|
13
|
+
const pnpmResult = await tryParsePnpmLock(projectPath);
|
|
14
|
+
if (pnpmResult !== null) {
|
|
15
|
+
return pnpmResult;
|
|
16
|
+
}
|
|
17
|
+
// Try package-lock.json (npm v2/v3)
|
|
18
|
+
const npmResult = await tryParsePackageLock(projectPath);
|
|
19
|
+
if (npmResult !== null) {
|
|
20
|
+
return npmResult;
|
|
21
|
+
}
|
|
22
|
+
// Fallback: read direct deps from package.json
|
|
23
|
+
return readDirectDepsFromPackageJson(projectPath);
|
|
24
|
+
}
|
|
25
|
+
async function tryParsePnpmLock(projectPath) {
|
|
26
|
+
const lockPath = join(projectPath, 'pnpm-lock.yaml');
|
|
27
|
+
let raw;
|
|
28
|
+
try {
|
|
29
|
+
raw = await readFile(lockPath, 'utf-8');
|
|
30
|
+
}
|
|
31
|
+
catch {
|
|
32
|
+
return null;
|
|
33
|
+
}
|
|
34
|
+
return parsePnpmLockYaml(raw);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Parse pnpm-lock.yaml v9 format.
|
|
38
|
+
* v9 format has a `snapshots:` section with entries like:
|
|
39
|
+
* pkg@version:
|
|
40
|
+
* ...
|
|
41
|
+
* and a `packages:` section with entries like:
|
|
42
|
+
* /pkg/version:
|
|
43
|
+
* ...
|
|
44
|
+
* We parse both sections to extract all package names and versions.
|
|
45
|
+
*/
|
|
46
|
+
export function parsePnpmLockYaml(raw) {
|
|
47
|
+
const result = new Map();
|
|
48
|
+
// pnpm-lock.yaml v9: snapshots section
|
|
49
|
+
// Pattern: " pkg@version:" or " '@scope/pkg@version':" at start of line
|
|
50
|
+
// Also handle: " pkg@version(peer@ver):"
|
|
51
|
+
// Scoped packages start with @scope/name, unscoped are plain names.
|
|
52
|
+
const snapshotPattern = /^ {2}'?(@[^/@\s']+\/[^/@\s'(]+|[^/@\s'(]+)@([^:()\s']+)/gm;
|
|
53
|
+
let match;
|
|
54
|
+
while ((match = snapshotPattern.exec(raw)) !== null) {
|
|
55
|
+
const name = match[1];
|
|
56
|
+
const version = match[2];
|
|
57
|
+
if (name && version && !result.has(name)) {
|
|
58
|
+
result.set(name, version);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
// pnpm-lock.yaml v6/v8: packages section with /pkg/version: format
|
|
62
|
+
// Pattern: " /pkg/version:" — older pnpm format
|
|
63
|
+
const packagePattern = /^ {2}\/(@?[^/\s]+(?:\/[^/\s]+)?)\/([^:()\s]+):/gm;
|
|
64
|
+
while ((match = packagePattern.exec(raw)) !== null) {
|
|
65
|
+
const name = match[1];
|
|
66
|
+
const version = match[2];
|
|
67
|
+
if (name && version && !result.has(name)) {
|
|
68
|
+
result.set(name, version);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
return result;
|
|
72
|
+
}
|
|
73
|
+
async function tryParsePackageLock(projectPath) {
|
|
74
|
+
const lockPath = join(projectPath, 'package-lock.json');
|
|
75
|
+
let raw;
|
|
76
|
+
try {
|
|
77
|
+
raw = await readFile(lockPath, 'utf-8');
|
|
78
|
+
}
|
|
79
|
+
catch {
|
|
80
|
+
return null;
|
|
81
|
+
}
|
|
82
|
+
try {
|
|
83
|
+
return parsePackageLockJson(raw);
|
|
84
|
+
}
|
|
85
|
+
catch {
|
|
86
|
+
return null;
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Parse package-lock.json v2/v3 format.
|
|
91
|
+
* v3: top-level `packages` object with keys like "node_modules/pkg" or
|
|
92
|
+
* "node_modules/pkg/node_modules/nested-pkg".
|
|
93
|
+
* v2: both `packages` and `dependencies` present.
|
|
94
|
+
* v1: only `dependencies` present (older format).
|
|
95
|
+
*/
|
|
96
|
+
export function parsePackageLockJson(raw) {
|
|
97
|
+
const result = new Map();
|
|
98
|
+
const parsed = JSON.parse(raw);
|
|
99
|
+
// v2/v3: use packages section
|
|
100
|
+
if (parsed.packages && typeof parsed.packages === 'object') {
|
|
101
|
+
const pkgs = parsed.packages;
|
|
102
|
+
for (const [key, entry] of Object.entries(pkgs)) {
|
|
103
|
+
if (!key || key === '') {
|
|
104
|
+
continue; // skip root package entry
|
|
105
|
+
}
|
|
106
|
+
const version = entry.version;
|
|
107
|
+
if (!version) {
|
|
108
|
+
continue;
|
|
109
|
+
}
|
|
110
|
+
// Extract package name from key: "node_modules/foo" -> "foo"
|
|
111
|
+
// Scoped: "node_modules/@scope/foo" -> "@scope/foo"
|
|
112
|
+
// Nested: "node_modules/foo/node_modules/bar" -> "bar" (use the deepest)
|
|
113
|
+
const name = extractNameFromPackagesKey(key);
|
|
114
|
+
if (name && !result.has(name)) {
|
|
115
|
+
result.set(name, version);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
return result;
|
|
119
|
+
}
|
|
120
|
+
// v1 fallback: use dependencies section (flat list)
|
|
121
|
+
if (parsed.dependencies && typeof parsed.dependencies === 'object') {
|
|
122
|
+
flattenDependencies(parsed.dependencies, result);
|
|
123
|
+
}
|
|
124
|
+
return result;
|
|
125
|
+
}
|
|
126
|
+
function extractNameFromPackagesKey(key) {
|
|
127
|
+
// Remove leading "node_modules/" segments, keep the last package name
|
|
128
|
+
const parts = key.split('node_modules/');
|
|
129
|
+
const lastPart = parts[parts.length - 1];
|
|
130
|
+
if (!lastPart) {
|
|
131
|
+
return null;
|
|
132
|
+
}
|
|
133
|
+
// Handle scoped packages like "@scope/name"
|
|
134
|
+
return lastPart || null;
|
|
135
|
+
}
|
|
136
|
+
function flattenDependencies(deps, result) {
|
|
137
|
+
for (const [name, entry] of Object.entries(deps)) {
|
|
138
|
+
if (entry.version && !result.has(name)) {
|
|
139
|
+
result.set(name, entry.version);
|
|
140
|
+
}
|
|
141
|
+
if (entry.dependencies && typeof entry.dependencies === 'object') {
|
|
142
|
+
flattenDependencies(entry.dependencies, result);
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
async function readDirectDepsFromPackageJson(projectPath) {
|
|
147
|
+
const result = new Map();
|
|
148
|
+
try {
|
|
149
|
+
const raw = await readFile(join(projectPath, 'package.json'), 'utf-8');
|
|
150
|
+
const parsed = JSON.parse(raw);
|
|
151
|
+
const allDeps = {
|
|
152
|
+
...(parsed.dependencies ?? {}),
|
|
153
|
+
...(parsed.devDependencies ?? {}),
|
|
154
|
+
};
|
|
155
|
+
for (const [name, version] of Object.entries(allDeps)) {
|
|
156
|
+
result.set(name, version.replace(/^[\^~>=<]/, ''));
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
catch {
|
|
160
|
+
// no package.json or parse error — return empty map
|
|
161
|
+
}
|
|
162
|
+
return result;
|
|
163
|
+
}
|
|
164
|
+
//# sourceMappingURL=lockfile-parser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lockfile-parser.js","sourceRoot":"","sources":["../../../src/engine/dep-auditor/lockfile-parser.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,yEAAyE;AACzE,wEAAwE;AACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IAC3D,2BAA2B;IAC3B,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACvD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACzD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,+CAA+C;IAC/C,OAAO,6BAA6B,CAAC,WAAW,CAAC,CAAC;AACpD,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACrD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,uCAAuC;IACvC,0EAA0E;IAC1E,0CAA0C;IAC1C,oEAAoE;IACpE,MAAM,eAAe,GAAG,2DAA2D,CAAC;IACpF,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,iDAAiD;IACjD,MAAM,cAAc,GAAG,kDAAkD,CAAC;IAC1E,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IACxD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAEhD,8BAA8B;IAC9B,IAAI,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,QAAgD,CAAC;QACrE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;gBACvB,SAAS,CAAC,0BAA0B;YACtC,CAAC;YACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;YAC9B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;YACD,6DAA6D;YAC7D,oDAAoD;YACpD,yEAAyE;YACzE,MAAM,IAAI,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;YAC7C,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oDAAoD;IACpD,IAAI,MAAM,CAAC,YAAY,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACnE,mBAAmB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,0BAA0B,CAAC,GAAW;IAC7C,sEAAsE;IACtE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACD,4CAA4C;IAC5C,OAAO,QAAQ,IAAI,IAAI,CAAC;AAC1B,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAAkF,EAClF,MAA2B;IAE3B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,YAAY,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YACjE,mBAAmB,CACjB,KAAK,CAAC,YAGL,EACD,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,6BAA6B,CAAC,WAAmB;IAC9D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAG5B,CAAC;QACF,MAAM,OAAO,GAAG;YACd,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;SAClC,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Returns true if installedVersion falls within vulnerableRange.
|
|
3
|
+
* vulnerableRange supports:
|
|
4
|
+
* - exact: "1.2.3"
|
|
5
|
+
* - caret: "^1.2.3"
|
|
6
|
+
* - tilde: "~1.2.3"
|
|
7
|
+
* - comparators: ">=1.0.0", "<=2.0.0", ">1.0.0", "<2.0.0"
|
|
8
|
+
* - AND ranges (space-separated): ">=1.0.0 <2.0.0"
|
|
9
|
+
* - OR ranges (|| separated): ">=1.0.0 <1.5.0 || >=2.0.0 <2.5.0"
|
|
10
|
+
* - pre-release suffixes: "1.2.3-rc.1", ">=1.0.0-alpha"
|
|
11
|
+
*/
|
|
12
|
+
export declare function isVersionVulnerable(installedVersion: string, vulnerableRange: string): boolean;
|
|
13
|
+
/**
|
|
14
|
+
* Returns true if installedVersion is strictly below threshold.
|
|
15
|
+
* Equivalent to isVersionVulnerable(installed, '<threshold').
|
|
16
|
+
* Used as backward-compatible replacement for the old isVersionBelow().
|
|
17
|
+
*/
|
|
18
|
+
export declare function isVersionBelow(installedVersion: string, threshold: string): boolean;
|
|
19
|
+
//# sourceMappingURL=semver-utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semver-utils.d.ts","sourceRoot":"","sources":["../../../src/engine/dep-auditor/semver-utils.ts"],"names":[],"mappings":"AA2GA;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,gBAAgB,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO,CAmB9F;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,gBAAgB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAOnF"}
|