@q32/signal-scanner 0.1.0 → 0.2.0

package/dist/rules/packs/html.js

@@ -0,0 +1,227 @@
+export const htmlRules = {
+    external_script_from_unrelated_domain: {
+        id: "external_script_from_unrelated_domain",
+        pack: "script-risk",
+        severity: "medium",
+        confidence: "medium",
+        title: "External script from unrelated domain",
+        description: "HTML loads a script from an off-site domain.",
+        locationType: "url",
+        score: { base: 8, tags: ["script", "url"], repeatMultiplier: 0.1, maxRepeats: 3 }
+    },
+    mixed_content_script: {
+        id: "mixed_content_script",
+        pack: "script-risk",
+        severity: "medium",
+        confidence: "high",
+        title: "Mixed-content script",
+        description: "HTTPS page loads a script over HTTP.",
+        locationType: "url",
+        // A real injection vector, but a hygiene issue on its own (browsers block it)
+        // — shouldn't convict a site as malicious without corroborating signal.
+        score: { base: 30, tags: ["script", "url"] }
+    },
+    hidden_iframe_off_origin: {
+        id: "hidden_iframe_off_origin",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Hidden off-origin iframe",
+        description: "HTML contains a hidden iframe pointed at an off-origin URL.",
+        locationType: "url",
+        score: { base: 70, tags: ["phishing", "url"] }
+    },
+    meta_refresh_external: {
+        id: "meta_refresh_external",
+        pack: "redirects",
+        severity: "medium",
+        confidence: "medium",
+        title: "Meta refresh to external URL",
+        description: "HTML redirects with a meta refresh to an off-site URL.",
+        locationType: "url",
+        score: { base: 25, tags: ["redirect", "url"] }
+    },
+    password_form_without_https: {
+        id: "password_form_without_https",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Password form without HTTPS",
+        description: "Page contains a password form on an HTTP origin.",
+        locationType: "html",
+        score: { base: 70, tags: ["credential", "phishing"] }
+    },
+    credential_form_posts_off_origin: {
+        id: "credential_form_posts_off_origin",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Credential form posts off origin",
+        description: "A form with a password field submits to an off-origin URL.",
+        locationType: "url",
+        score: { base: 82, tags: ["credential", "phishing", "url"] }
+    },
+    card_fields_plus_external_script: {
+        id: "card_fields_plus_external_script",
+        pack: "payment",
+        severity: "high",
+        confidence: "medium",
+        title: "Payment fields with external resources",
+        description: "Page contains payment fields and off-site resources.",
+        locationType: "html",
+        score: { base: 72, tags: ["payment", "script", "url"] }
+    },
+    excessive_external_scripts_on_login_page: {
+        id: "excessive_external_scripts_on_login_page",
+        pack: "phishing",
+        severity: "medium",
+        confidence: "medium",
+        title: "Excessive external scripts on login/payment page",
+        description: "Login or payment page loads many off-site scripts.",
+        locationType: "aggregate",
+        score: { base: 14, tags: ["phishing", "script"] }
+    },
+    login_page_with_punycode_links: {
+        id: "login_page_with_punycode_links",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Login page with punycode links",
+        description: "Login-like page references punycode URLs.",
+        locationType: "aggregate",
+        score: { base: 76, tags: ["phishing", "url"] }
+    },
+    credential_ui_rendered_as_image: {
+        id: "credential_ui_rendered_as_image",
+        pack: "phishing",
+        severity: "medium",
+        confidence: "high",
+        title: "Credential UI rendered as image",
+        description: "Page model or markup references a screenshot/image that appears to contain a login or credential form.",
+        locationType: "html",
+        score: { base: 34, tags: ["credential", "phishing"] }
+    },
+    crypto_wallet_login_language: {
+        id: "crypto_wallet_login_language",
+        pack: "phishing",
+        severity: "medium",
+        confidence: "high",
+        title: "Crypto wallet login language",
+        description: "Page model or markup contains crypto/wallet language in login, account, or access context.",
+        locationType: "html",
+        score: { base: 22, tags: ["phishing", "wallet"] }
+    },
+    crypto_trading_landing_language: {
+        id: "crypto_trading_landing_language",
+        pack: "phishing",
+        severity: "low",
+        confidence: "medium",
+        title: "Crypto or DeFi trading landing language",
+        description: "Page model or markup contains multiple crypto, DeFi, exchange, swap, trading, or liquidity terms.",
+        locationType: "html",
+        score: { base: 6, tags: ["phishing", "wallet"] }
+    },
+    seo_trademark_stuffing: {
+        id: "seo_trademark_stuffing",
+        pack: "phishing",
+        severity: "high",
+        confidence: "medium",
+        title: "SEO trademark stuffing",
+        description: "Page title or SEO model overuses trademark symbols in a way commonly seen on impersonation landing pages.",
+        locationType: "html",
+        score: { base: 64, tags: ["phishing", "seo"] }
+    },
+    credential_form_on_suspicious_host: {
+        id: "credential_form_on_suspicious_host",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Credential form on suspicious host",
+        description: "Page contains credential fields on a generated, shared-hosting, suspicious-path, or redirected host.",
+        locationType: "html",
+        score: { base: 72, tags: ["credential", "hosting", "phishing"] }
+    },
+    brand_impersonation_content: {
+        id: "brand_impersonation_content",
+        pack: "phishing",
+        severity: "high",
+        confidence: "high",
+        title: "Page mimics a brand and captures credentials",
+        description: "Page content prominently references a well-known brand and presents a credential field, but is served from a domain that does not belong to that brand — the core credential-phishing pattern, independent of the URL.",
+        locationType: "html",
+        score: { base: 68, tags: ["credential", "phishing"] }
+    }
+};
+export const htmlTechnologyRules = {
+    legacy_jquery_reference: {
+        id: "legacy_jquery_reference",
+        pack: "dependency-fingerprint",
+        severity: "low",
+        confidence: "medium",
+        title: "Legacy jQuery reference",
+        description: "A script URL or source text references a legacy jQuery major version.",
+        locationType: "url",
+        score: { base: 4, tags: ["dependency"] }
+    },
+    legacy_angularjs_reference: {
+        id: "legacy_angularjs_reference",
+        pack: "dependency-fingerprint",
+        severity: "low",
+        confidence: "medium",
+        title: "Legacy AngularJS reference",
+        description: "A script URL or source text references AngularJS 1.x.",
+        locationType: "url",
+        score: { base: 6, tags: ["dependency"] }
+    },
+    legacy_bootstrap_reference: {
+        id: "legacy_bootstrap_reference",
+        pack: "dependency-fingerprint",
+        severity: "low",
+        confidence: "medium",
+        title: "Legacy Bootstrap reference",
+        description: "A script URL or source text references Bootstrap 3.x.",
+        locationType: "url",
+        score: { base: 4, tags: ["dependency"] }
+    },
+    legacy_lodash_reference: {
+        id: "legacy_lodash_reference",
+        pack: "dependency-fingerprint",
+        severity: "low",
+        confidence: "medium",
+        title: "Legacy lodash reference",
+        description: "A script URL or source text references lodash versions commonly covered by dependency scanners.",
+        locationType: "url",
+        score: { base: 4, tags: ["dependency"] }
+    },
+    wordpress_surface_reference: {
+        id: "wordpress_surface_reference",
+        pack: "technology-fingerprint",
+        severity: "info",
+        confidence: "medium",
+        title: "WordPress surface reference",
+        description: "HTML references common WordPress paths or generator metadata.",
+        locationType: "html",
+        score: { base: 2, tags: ["technology"] }
+    },
+    drupal_surface_reference: {
+        id: "drupal_surface_reference",
+        pack: "technology-fingerprint",
+        severity: "info",
+        confidence: "medium",
+        title: "Drupal surface reference",
+        description: "HTML or script text references common Drupal surface fingerprints.",
+        locationType: "html",
+        score: { base: 2, tags: ["technology"] }
+    },
+    phpmyadmin_surface_reference: {
+        id: "phpmyadmin_surface_reference",
+        pack: "technology-fingerprint",
+        severity: "info",
+        confidence: "medium",
+        title: "phpMyAdmin surface reference",
+        description: "HTML references common phpMyAdmin surface fingerprints.",
+        locationType: "html",
+        score: { base: 8, tags: ["technology"] }
+    }
+};
+//# sourceMappingURL=html.js.map

package/dist/rules/packs/html.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"html.js","sourceRoot":"","sources":["../../../src/rules/packs/html.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,SAAS,GAiBlB;IACF,qCAAqC,EAAE;QACrC,EAAE,EAAE,uCAAuC;QAC3C,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,uCAAuC;QAC9C,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,gBAAgB,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE;KAClF;IACD,oBAAoB,EAAE;QACpB,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE,KAAK;QACnB,8EAA8E;QAC9E,wEAAwE;QACxE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE;KAC7C;IACD,wBAAwB,EAAE;QACxB,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;KAC/C;IACD,qBAAqB,EAAE;QACrB,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,wDAAwD;QACrE,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;KAC/C;IACD,2BAA2B,EAAE;QAC3B,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE;KACtD;IACD,gCAAgC,EAAE;QAChC,EAAE,EAAE,kCAAkC;QACtC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,4DAA4D;QACzE,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE;KAC7D;IACD,gCAAgC,EAAE;QAChC,EAAE,EAAE,kCAAkC;QACtC,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,wCAAwC;QAC/C,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE;KACxD;IACD,wCAAwC,EAAE;QACxC,EAAE,EAAE,0CAA0C;QAC9C,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,kDAAkD;QACzD,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,WAAW;QACzB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE;KAClD;IACD,8BAA8B,EAAE;QAC9B,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,WAAW;QACzB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;KAC/C;IACD,+BAA+B,EAAE;QAC/B,EAAE,EAAE,iCAAiC;QACrC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,wGAAwG;QACrH,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE;KACtD;IACD,4BAA4B,EAAE;QAC5B,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,4FAA4F;QACzG,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE;KAClD;IACD,+BAA+B,EAAE;QAC/B,EAAE,EAAE,iCAAiC;QACrC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EAAE,mGAAmG;QAChH,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE;KACjD;IACD,sBAAsB,EAAE;QACtB,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,2GAA2G;QACxH,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE;KAC/C;IACD,kCAAkC,EAAE;QAClC,EAAE,EAAE,oCAAoC;QACxC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,sGAAsG;QACnH,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;KACjE;IACD,2BAA2B,EAAE;QAC3B,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,8CAA8C;QACrD,WAAW,EAAE,wNAAwN;QACrO,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE;KACtD;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAS5B;IACF,uBAAuB,EAAE;QACvB,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,uEAAuE;QACpF,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,0BAA0B,EAAE;QAC1B,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,0BAA0B,EAAE;QAC1B,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,uBAAuB,EAAE;QACvB,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,iGAAiG;QAC9G,YAAY,EAAE,KAAK;QACnB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,2BAA2B,EAAE;QAC3B,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,+DAA+D;QAC5E,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,wBAAwB,EAAE;QACxB,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,oEAAoE;QACjF,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;IACD,4BAA4B,EAAE;QAC5B,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,yDAAyD;QACtE,YAAY,EAAE,MAAM;QACpB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,EAAE;KACzC;CACF,CAAC"}

package/dist/rules/packs/index.d.ts

@@ -0,0 +1,24 @@
+export { binaryRules, binaryStringRules } from "./binary.js";
+export { cssRules } from "./css.js";
+export { decodedArtifactRules } from "./decoders.js";
+export { htmlRules } from "./html.js";
+export { htmlTechnologyRules } from "./html.js";
+export { scriptCompositeRules, scriptRiskRules } from "./script-risk.js";
+export { sourceCodeRules } from "./source-code.js";
+export { urlRules } from "./urls.js";
+export declare const rulePacks: {
+    readonly phishing: readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly redirects: readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, ...import("../types.js").PatternRule[]];
+    readonly "url-risk": readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly "technology-fingerprint": readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly "dependency-fingerprint": readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly "script-risk": readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition, ...import("../types.js").PatternRule[]];
+    readonly obfuscation: readonly [...(import("../types.js").PatternRule | import("../types.js").RuleDefinition)[], import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly exfiltration: readonly [...import("../types.js").PatternRule[], import("../types.js").RuleDefinition];
+    readonly wallet: import("../types.js").PatternRule[];
+    readonly payment: readonly [import("../types.js").RuleDefinition, import("../types.js").RuleDefinition];
+    readonly "seo-spam": readonly [import("../types.js").RuleDefinition];
+    readonly "source-code": import("../types.js").PatternRule[];
+    readonly "binary-static": readonly (import("../types.js").PatternRule | import("../types.js").RuleDefinition)[];
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/packs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/packs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAUrC,eAAO,MAAM,SAAS;;;;;;;;;;;;;;CA0DZ,CAAC"}

package/dist/rules/packs/index.js

@@ -0,0 +1,75 @@
+export { binaryRules, binaryStringRules } from "./binary.js";
+export { cssRules } from "./css.js";
+export { decodedArtifactRules } from "./decoders.js";
+export { htmlRules } from "./html.js";
+export { htmlTechnologyRules } from "./html.js";
+export { scriptCompositeRules, scriptRiskRules } from "./script-risk.js";
+export { sourceCodeRules } from "./source-code.js";
+export { urlRules } from "./urls.js";
+import { binaryRules, binaryStringRules } from "./binary.js";
+import { cssRules } from "./css.js";
+import { decodedArtifactRules } from "./decoders.js";
+import { htmlRules, htmlTechnologyRules } from "./html.js";
+import { scriptCompositeRules, scriptRiskRules } from "./script-risk.js";
+import { sourceCodeRules } from "./source-code.js";
+import { urlRules } from "./urls.js";
+export const rulePacks = {
+    phishing: [
+        htmlRules.credential_form_posts_off_origin,
+        htmlRules.password_form_without_https,
+        htmlRules.hidden_iframe_off_origin,
+        htmlRules.excessive_external_scripts_on_login_page,
+        htmlRules.login_page_with_punycode_links,
+        htmlRules.credential_ui_rendered_as_image,
+        htmlRules.crypto_wallet_login_language,
+        htmlRules.crypto_trading_landing_language,
+        htmlRules.seo_trademark_stuffing,
+        htmlRules.credential_form_on_suspicious_host,
+        htmlRules.brand_impersonation_content,
+        urlRules.punycode_login_url,
+        urlRules.brand_impersonation_url
+    ],
+    redirects: [htmlRules.meta_refresh_external, urlRules.redirect_to_url_shortener, urlRules.final_url_offsite_redirect, ...scriptRiskRules.filter((rule) => rule.pack === "redirects")],
+    "url-risk": [
+        urlRules.private_ip_url,
+        urlRules.ip_literal_url,
+        urlRules.suspicious_tld_url,
+        urlRules.download_like_external_url,
+        urlRules.malware_download_like_url,
+        urlRules.shared_hosting_subdomain_url,
+        urlRules.brand_impersonation_url,
+        urlRules.generated_landing_url
+    ],
+    "technology-fingerprint": [
+        htmlTechnologyRules.wordpress_surface_reference,
+        htmlTechnologyRules.drupal_surface_reference,
+        htmlTechnologyRules.phpmyadmin_surface_reference
+    ],
+    "dependency-fingerprint": [
+        htmlTechnologyRules.legacy_jquery_reference,
+        htmlTechnologyRules.legacy_angularjs_reference,
+        htmlTechnologyRules.legacy_bootstrap_reference,
+        htmlTechnologyRules.legacy_lodash_reference
+    ],
+    "script-risk": [
+        htmlRules.external_script_from_unrelated_domain,
+        htmlRules.mixed_content_script,
+        ...scriptRiskRules.filter((rule) => rule.pack === "script-risk")
+    ],
+    obfuscation: [
+        ...Object.values(decodedArtifactRules),
+        ...scriptRiskRules.filter((rule) => rule.pack === "obfuscation"),
+        scriptCompositeRules.decoded_dynamic_execution,
+        cssRules.unicode_bidi_trick
+    ],
+    exfiltration: [
+        ...scriptRiskRules.filter((rule) => rule.pack === "exfiltration"),
+        scriptCompositeRules.credential_exfil_candidate
+    ],
+    wallet: scriptRiskRules.filter((rule) => rule.pack === "wallet"),
+    payment: [htmlRules.card_fields_plus_external_script, scriptCompositeRules.payment_input_event_hooks],
+    "seo-spam": [cssRules.hidden_link_cluster],
+    "source-code": sourceCodeRules,
+    "binary-static": [...Object.values(binaryRules), ...binaryStringRules]
+};
+//# sourceMappingURL=index.js.map

package/dist/rules/packs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/packs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,QAAQ,EAAE;QACR,SAAS,CAAC,gCAAgC;QAC1C,SAAS,CAAC,2BAA2B;QACrC,SAAS,CAAC,wBAAwB;QAClC,SAAS,CAAC,wCAAwC;QAClD,SAAS,CAAC,8BAA8B;QACxC,SAAS,CAAC,+BAA+B;QACzC,SAAS,CAAC,4BAA4B;QACtC,SAAS,CAAC,+BAA+B;QACzC,SAAS,CAAC,sBAAsB;QAChC,SAAS,CAAC,kCAAkC;QAC5C,SAAS,CAAC,2BAA2B;QACrC,QAAQ,CAAC,kBAAkB;QAC3B,QAAQ,CAAC,uBAAuB;KACjC;IACD,SAAS,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,QAAQ,CAAC,yBAAyB,EAAE,QAAQ,CAAC,0BAA0B,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;IACrL,UAAU,EAAE;QACV,QAAQ,CAAC,cAAc;QACvB,QAAQ,CAAC,cAAc;QACvB,QAAQ,CAAC,kBAAkB;QAC3B,QAAQ,CAAC,0BAA0B;QACnC,QAAQ,CAAC,yBAAyB;QAClC,QAAQ,CAAC,4BAA4B;QACrC,QAAQ,CAAC,uBAAuB;QAChC,QAAQ,CAAC,qBAAqB;KAC/B;IACD,wBAAwB,EAAE;QACxB,mBAAmB,CAAC,2BAA2B;QAC/C,mBAAmB,CAAC,wBAAwB;QAC5C,mBAAmB,CAAC,4BAA4B;KACjD;IACD,wBAAwB,EAAE;QACxB,mBAAmB,CAAC,uBAAuB;QAC3C,mBAAmB,CAAC,0BAA0B;QAC9C,mBAAmB,CAAC,0BAA0B;QAC9C,mBAAmB,CAAC,uBAAuB;KAC5C;IACD,aAAa,EAAE;QACb,SAAS,CAAC,qCAAqC;QAC/C,SAAS,CAAC,oBAAoB;QAC9B,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,aAAa,CAAC;KACjE;IACD,WAAW,EAAE;QACX,GAAG,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACtC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,aAAa,CAAC;QAChE,oBAAoB,CAAC,yBAAyB;QAC9C,QAAQ,CAAC,kBAAkB;KAC5B;IACD,YAAY,EAAE;QACZ,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC;QACjE,oBAAoB,CAAC,0BAA0B;KAChD;IACD,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC;IAChE,OAAO,EAAE,CAAC,SAAS,CAAC,gCAAgC,EAAE,oBAAoB,CAAC,yBAAyB,CAAC;IACrG,UAAU,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC1C,aAAa,EAAE,eAAe;IAC9B,eAAe,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,GAAG,iBAAiB,CAAC;CAC9D,CAAC"}

package/dist/rules/packs/script-risk.d.ts

@@ -0,0 +1,4 @@
+import type { PatternRule, RuleDefinition } from "../types.js";
+export declare const scriptRiskRules: PatternRule[];
+export declare const scriptCompositeRules: Record<"credential_exfil_candidate" | "decoded_dynamic_execution" | "form_action_changed_by_javascript" | "wallet_api_plus_external_beacon" | "payment_input_event_hooks", RuleDefinition>;
+//# sourceMappingURL=script-risk.d.ts.map

package/dist/rules/packs/script-risk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-risk.d.ts","sourceRoot":"","sources":["../../../src/rules/packs/script-risk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE/D,eAAO,MAAM,eAAe,EAAE,WAAW,EA4KxC,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,MAAM,CACvC,4BAA4B,GAAG,2BAA2B,GAAG,mCAAmC,GAAG,iCAAiC,GAAG,2BAA2B,EAClK,cAAc,CAyDf,CAAC"}

package/dist/rules/packs/script-risk.js

@@ -0,0 +1,231 @@
+export const scriptRiskRules = [
+    {
+        id: "dynamic_code_execution",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "medium",
+        title: "Dynamic code execution",
+        description: "JavaScript calls eval().",
+        locationType: "javascript",
+        pattern: /\beval\s*\(/,
+        counter: "dynamic_code_execution",
+        // eval() is ubiquitous in legitimate minified bundles; weak signal alone.
+        score: { base: 12, tags: ["script"], maxGroup: "dynamic-code" }
+    },
+    {
+        id: "function_constructor_with_string",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "medium",
+        title: "Function constructor with string",
+        description: "JavaScript constructs code from a string.",
+        locationType: "javascript",
+        pattern: /\bnew\s+Function\s*\(/,
+        // new Function() is ubiquitous in legitimate minified bundles (framework
+        // template compilers, lodash, etc.) — weak signal alone, like eval().
+        score: { base: 15, tags: ["script"], maxGroup: "dynamic-code" }
+    },
+    {
+        id: "string_timer_execution",
+        pack: "script-risk",
+        severity: "medium",
+        confidence: "high",
+        title: "String-based timer execution",
+        description: "JavaScript passes a string to a timer execution API.",
+        locationType: "javascript",
+        pattern: /\bset(?:Timeout|Interval)\s*\(\s*['"`]/,
+        counter: "dynamic_code_execution",
+        score: { base: 24, tags: ["script"], maxGroup: "dynamic-code" }
+    },
+    {
+        id: "document_write_script",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "high",
+        title: "document.write usage",
+        description: "JavaScript writes dynamic HTML into the document.",
+        locationType: "javascript",
+        pattern: /\bdocument\.write\s*\(/,
+        score: { base: 8, tags: ["script"] }
+    },
+    {
+        id: "innerhtml_script_injection",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "high",
+        title: "HTML injection sink",
+        description: "JavaScript assigns to an HTML injection sink.",
+        locationType: "javascript",
+        pattern: /\.(?:innerHTML|outerHTML)\s*=/,
+        score: { base: 10, tags: ["script"] }
+    },
+    {
+        id: "insert_adjacent_html",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "high",
+        title: "insertAdjacentHTML usage",
+        description: "JavaScript inserts HTML through insertAdjacentHTML().",
+        locationType: "javascript",
+        pattern: /\.insertAdjacentHTML\s*\(/,
+        score: { base: 8, tags: ["script"] }
+    },
+    {
+        id: "dynamic_script_src",
+        pack: "script-risk",
+        severity: "medium",
+        confidence: "high",
+        title: "Dynamic script creation",
+        description: "JavaScript creates a script element dynamically.",
+        locationType: "javascript",
+        pattern: /\bcreateElement\s*\(\s*['"]script['"]\s*\)/,
+        score: { base: 18, tags: ["script"] }
+    },
+    {
+        id: "script_src_assignment",
+        pack: "script-risk",
+        severity: "medium",
+        confidence: "high",
+        title: "Dynamic script src assignment",
+        description: "JavaScript assigns to a script source dynamically.",
+        locationType: "javascript",
+        pattern: /\.src\s*=|setAttribute\s*\(\s*['"]src['"]/,
+        score: { base: 18, tags: ["script"] }
+    },
+    {
+        id: "append_child_script",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "medium",
+        title: "Dynamic script append",
+        description: "JavaScript appends a dynamically created script element.",
+        locationType: "javascript",
+        pattern: /\.appendChild\s*\(\s*(?:script|s|el|node)\s*\)/,
+        score: { base: 6, tags: ["script"] }
+    },
+    {
+        id: "external_request_api_seen",
+        pack: "script-risk",
+        severity: "low",
+        confidence: "medium",
+        title: "External request API",
+        description: "JavaScript references an outbound request API.",
+        locationType: "javascript",
+        pattern: /\b(?:fetch|XMLHttpRequest|sendBeacon|WebSocket)\b/,
+        score: { base: 6, tags: ["script"] }
+    },
+    {
+        id: "js_location_external",
+        pack: "redirects",
+        severity: "medium",
+        confidence: "high",
+        title: "JavaScript redirect logic",
+        description: "JavaScript references browser redirect APIs.",
+        locationType: "javascript",
+        pattern: /\b(?:location\.href|location\.assign|location\.replace|window\.open)\b/,
+        score: { base: 20, tags: ["redirect", "script"] }
+    },
+    {
+        id: "decoder_seen",
+        pack: "obfuscation",
+        severity: "low",
+        confidence: "medium",
+        title: "Decoder API seen",
+        description: "JavaScript references a common string decoder API.",
+        locationType: "javascript",
+        pattern: /\b(?:atob|btoa|unescape|String\.fromCharCode)\b/,
+        counter: "decoder_seen",
+        score: { base: 6, tags: ["decoded", "script"] }
+    },
+    {
+        id: "charcodeat_decoder_loop",
+        pack: "obfuscation",
+        severity: "medium",
+        confidence: "medium",
+        title: "charCodeAt decoder loop",
+        description: "JavaScript uses charCodeAt in loop-like code, a common lightweight decoder pattern.",
+        locationType: "javascript",
+        pattern: /(?:for|while)\s*\([^)]*\)[\s\S]{0,300}\.charCodeAt\s*\(/,
+        score: { base: 22, tags: ["decoded", "obfuscation", "script"] }
+    },
+    {
+        id: "browser_storage_or_clipboard_seen",
+        pack: "exfiltration",
+        severity: "medium",
+        confidence: "medium",
+        title: "Storage or clipboard access",
+        description: "JavaScript references browser storage, cookies, or clipboard APIs.",
+        locationType: "javascript",
+        pattern: /\b(?:localStorage|sessionStorage|document\.cookie|navigator\.clipboard)\b/,
+        score: { base: 14, tags: ["exfiltration", "script"] }
+    },
+    {
+        id: "wallet_interaction_with_obfuscation",
+        pack: "wallet",
+        severity: "medium",
+        confidence: "medium",
+        title: "Wallet API reference",
+        description: "JavaScript references wallet or approval APIs.",
+        locationType: "javascript",
+        pattern: /\b(?:window\.ethereum|WalletConnect|ethereum\.request)\b|\.(?:approve|permit)\s*\(|\bmethod\s*:\s*['"]eth_/i,
+        score: { base: 20, tags: ["script", "wallet"] }
+    }
+];
+export const scriptCompositeRules = {
+    credential_exfil_candidate: {
+        id: "credential_exfil_candidate",
+        pack: "exfiltration",
+        severity: "high",
+        confidence: "medium",
+        title: "Credential or storage exfiltration candidate",
+        description: "JavaScript combines credential/storage signals with outbound request APIs.",
+        locationType: "javascript",
+        score: { base: 72, tags: ["credential", "exfiltration", "script"] }
+    },
+    decoded_dynamic_execution: {
+        id: "decoded_dynamic_execution",
+        pack: "obfuscation",
+        severity: "high",
+        confidence: "high",
+        title: "Decoded dynamic execution",
+        description: "JavaScript combines decoder APIs with dynamic execution.",
+        locationType: "javascript",
+        score: { base: 76, tags: ["decoded", "obfuscation", "script"] }
+    },
+    form_action_changed_by_javascript: {
+        id: "form_action_changed_by_javascript",
+        pack: "phishing",
+        severity: "low",
+        confidence: "medium",
+        title: "Form action changed by JavaScript",
+        description: "JavaScript appears to change a form action target.",
+        locationType: "javascript",
+        // Legitimate SPAs/SSO flows rewrite form actions; weak on its own, and the
+        // "credential"/"phishing" tags were escalating the score multiplier.
+        score: { base: 12, tags: ["script"] }
+    },
+    wallet_api_plus_external_beacon: {
+        id: "wallet_api_plus_external_beacon",
+        pack: "wallet",
+        severity: "high",
+        confidence: "medium",
+        title: "Wallet API plus external request",
+        description: "JavaScript combines wallet APIs with outbound request APIs.",
+        locationType: "javascript",
+        score: { base: 72, tags: ["exfiltration", "script", "wallet"] }
+    },
+    payment_input_event_hooks: {
+        id: "payment_input_event_hooks",
+        pack: "payment",
+        severity: "low",
+        confidence: "medium",
+        title: "Payment input event hooks",
+        description: "JavaScript attaches input/change listeners near payment-card fields.",
+        locationType: "javascript",
+        // Every legitimate checkout/login listens to its own input fields — weak
+        // signal alone. The real skimmer pattern is this PLUS off-site exfil of the
+        // captured values, which the exfil/credential-form rules score on their own.
+        score: { base: 15, tags: ["payment", "script"] }
+    }
+};
+//# sourceMappingURL=script-risk.js.map

package/dist/rules/packs/script-risk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-risk.js","sourceRoot":"","sources":["../../../src/rules/packs/script-risk.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAkB;IAC5C;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,0BAA0B;QACvC,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,wBAAwB;QACjC,0EAA0E;QAC1E,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE;KAChE;IACD;QACE,EAAE,EAAE,kCAAkC;QACtC,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,uBAAuB;QAChC,yEAAyE;QACzE,sEAAsE;QACtE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE;KAChE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,wCAAwC;QACjD,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE;KAChE;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,mDAAmD;QAChE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACrC;IACD;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,+CAA+C;QAC5D,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,+BAA+B;QACxC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACtC;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,2BAA2B;QACpC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACrC;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,4CAA4C;QACrD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACtC;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACtC;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,gDAAgD;QACzD,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACrC;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,gDAAgD;QAC7D,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,mDAAmD;QAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACrC;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,wEAAwE;QACjF,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE;KAClD;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,iDAAiD;QAC1D,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;KAChD;IACD;QACE,EAAE,EAAE,yBAAyB;QAC7B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,qFAAqF;QAClG,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,yDAAyD;QAClE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,EAAE,QAAQ,CAAC,EAAE;KAChE;IACD;QACE,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,oEAAoE;QACjF,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,2EAA2E;QACpF,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE;KACtD;IACD;QACE,EAAE,EAAE,qCAAqC;QACzC,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,gDAAgD;QAC7D,YAAY,EAAE,YAAY;QAC1B,OAAO,EAAE,6GAA6G;QACtH,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE;KAChD;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAG7B;IACF,0BAA0B,EAAE;QAC1B,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,8CAA8C;QACrD,WAAW,EAAE,4EAA4E;QACzF,YAAY,EAAE,YAAY;QAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAE;KACpE;IACD,yBAAyB,EAAE;QACzB,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,YAAY;QAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,EAAE,QAAQ,CAAC,EAAE;KAChE;IACD,iCAAiC,EAAE;QACjC,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,YAAY;QAC1B,2EAA2E;QAC3E,qEAAqE;QACrE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;KACtC;IACD,+BAA+B,EAAE;QAC/B,EAAE,EAAE,iCAAiC;QACrC,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,YAAY;QAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE;KAChE;IACD,yBAAyB,EAAE;QACzB,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,sEAAsE;QACnF,YAAY,EAAE,YAAY;QAC1B,yEAAyE;QACzE,4EAA4E;QAC5E,6EAA6E;QAC7E,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;KACjD;CACF,CAAC"}

package/dist/rules/packs/source-code.d.ts

@@ -0,0 +1,3 @@
+import type { PatternRule } from "../types.js";
+export declare const sourceCodeRules: PatternRule[];
+//# sourceMappingURL=source-code.d.ts.map

package/dist/rules/packs/source-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"source-code.d.ts","sourceRoot":"","sources":["../../../src/rules/packs/source-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,eAAO,MAAM,eAAe,EAAE,WAAW,EAiLxC,CAAC"}