@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/package.js

@@ -0,0 +1,422 @@
+// Known-good packages that are NOT typosquats despite edit distance
+// These are legitimate packages that happen to be similar to popular packages
+const KNOWN_GOOD_PACKAGES = new Set([
+    // Testing and utilities
+    "chai", // Testing library, not typosquat of chalk
+    "async", // Async utilities, legitimate
+    "debug", // Debug logging, legitimate
+    // URL/file openers
+    "open", // URL opener, not typosquat of openai
+    "opener", // URL/file opener, not typosquat of openai
+    // Linters (all legitimate, not typosquats of eslint)
+    "tslint", // TypeScript linter (deprecated but legitimate)
+    "xqlint", // XQuery linter
+    // UUID and ID libraries
+    "uuid4", // UUID v4 package, not typosquat of uuid
+    "uuidv4", // Another UUID v4 package, not typosquat of uuid
+    "ulid", // ULID library, different from UUID
+    // Node.js core module shims
+    "util", // Node.js util shim, not typosquat of uuid
+    "os", // Node.js os shim, not typosquat of cors
+    // Database drivers
+    "mssql", // Microsoft SQL Server driver, not typosquat of mysql
+    "mysql2", // MySQL2 driver (successor to mysql package)
+    // React ecosystem
+    "preact", // Lightweight React alternative, not typosquat
+    // CLI utilities
+    "colors", // CLI colors, not typosquat of cors
+    // Build/config utilities
+    "core", // Common name, not typosquat of cors
+    "acorn", // JS parser, not typosquat of cors
+    "cpr", // Recursive copy, not typosquat of cors
+    "dotenv-expand", // dotenv companion, not typosquat
+    "cross-spawn", // Spawn helper, not typosquat of cross-env
+    "defu", // Deep defaults utility (unjs), not typosquat of debug
+    "jsonc", // JSON with Comments parser, not typosquat of async
+]);
+// Popular packages and their common typosquats
+const POPULAR_PACKAGES = new Map([
+    ["lodash", ["lodahs", "lodashs", "loadsh", "lodaash", "lo-dash", "lodassh"]],
+    ["express", ["expres", "expresss", "exprees", "xpress"]],
+    ["react", ["reect", "raect", "reactt", "reakt"]],
+    ["axios", ["axois", "axio", "axioss", "axiosjs"]],
+    ["moment", ["momment", "momnent", "momentjs"]],
+    ["webpack", ["webpak", "webpackk", "web-pack"]],
+    ["babel", ["babell", "bable", "babeel"]],
+    ["eslint", ["esslint", "eslnt", "eslintjs"]],
+    ["typescript", ["typscript", "tyepscript", "typescipt"]],
+    ["mongoose", ["mongose", "mongoos", "mongoosee"]],
+    ["jquery", ["jquerry", "jqeury", "jqueryjs", "jquery.js"]],
+    ["chalk", ["challk", "chaulk", "chak"]],
+    ["commander", ["comandar", "comander", "commanderjs"]],
+    ["request", ["reqest", "requets", "requestjs"]],
+    ["underscore", ["undrscore", "undescore", "underscorejs"]],
+    ["async", ["asnyc", "asyncjs", "asynic"]],
+    ["debug", ["debuf", "debgu", "debugjs"]],
+    ["uuid", ["uuuid", "uuidjs", "uiid"]],
+    ["dotenv", ["dtoenv", "dotenvjs", "dot-env"]],
+    ["cors", ["corss", "corsjs", "cros"]],
+    ["cross-env", ["crossenv", "cross-env.js", "cros-env"]],
+    ["mysql", ["mysqljs", "my-sql", "mysqll"]],
+    ["sqlite3", ["sqliter", "sqlite.js", "sqllite3"]],
+    ["openai", ["openai-api", "open-ai", "openaijs"]],
+    ["anthropic", ["anthropic-api", "anthopic", "antropic"]],
+    ["langchain", ["langchain-core", "lang-chain", "langchainjs"]],
+]);
+// Dangerous npm lifecycle scripts
+const DANGEROUS_SCRIPTS = [
+    "preinstall",
+    "postinstall",
+    "preuninstall",
+    "postuninstall",
+    "prepublish",
+    "postpublish",
+];
+// Patterns that indicate malicious script content
+const MALICIOUS_SCRIPT_PATTERNS = [
+    { pattern: /curl\s+.*\|\s*(ba)?sh/i, desc: "Downloads and executes remote script" },
+    { pattern: /wget\s+.*\|\s*(ba)?sh/i, desc: "Downloads and executes remote script" },
+    { pattern: /eval\s*\(.*\$\(/i, desc: "Eval with command substitution" },
+    { pattern: /node\s+-e\s+.*atob/i, desc: "Node.js eval with base64 decode" },
+    { pattern: /powershell.*-enc/i, desc: "Encoded PowerShell command" },
+    { pattern: /\bexec\s*\(.*http/i, desc: "Executes remote content" },
+    { pattern: /\.ssh\/id_/i, desc: "SSH key access" },
+    { pattern: /discord\.com\/api\/webhooks/i, desc: "Discord webhook (data exfiltration)" },
+    { pattern: /crypto.*wallet/i, desc: "Cryptocurrency wallet access" },
+    { pattern: /APPDATA.*Chrome/i, desc: "Chrome browser data access" },
+    { pattern: /\.credentials/i, desc: "Credential file access" },
+    { pattern: /keychain|keyring/i, desc: "System keychain access" },
+];
+function levenshteinDistance(a, b) {
+    const matrix = [];
+    for (let i = 0; i <= b.length; i++) {
+        matrix[i] = [i];
+    }
+    const firstRow = matrix[0];
+    if (!firstRow)
+        return 0;
+    for (let j = 0; j <= a.length; j++) {
+        firstRow[j] = j;
+    }
+    for (let i = 1; i <= b.length; i++) {
+        const currentRow = matrix[i];
+        const prevRow = matrix[i - 1];
+        if (!currentRow || !prevRow)
+            continue;
+        for (let j = 1; j <= a.length; j++) {
+            if (b.charAt(i - 1) === a.charAt(j - 1)) {
+                currentRow[j] = prevRow[j - 1] ?? 0;
+            }
+            else {
+                currentRow[j] = Math.min((prevRow[j - 1] ?? 0) + 1, // substitution
+                (currentRow[j - 1] ?? 0) + 1, // insertion
+                (prevRow[j] ?? 0) + 1);
+            }
+        }
+    }
+    return matrix[b.length]?.[a.length] ?? 0;
+}
+function checkTyposquatting(pkgName) {
+    const lowerName = pkgName.toLowerCase();
+    // Skip known-good packages that are NOT typosquats
+    if (KNOWN_GOOD_PACKAGES.has(lowerName)) {
+        return null;
+    }
+    // First check known typosquats
+    for (const [popular, typos] of POPULAR_PACKAGES) {
+        if (typos.includes(lowerName)) {
+            return { target: popular, distance: 1 };
+        }
+    }
+    // Then check by edit distance for short package names
+    for (const [popular] of POPULAR_PACKAGES) {
+        // Only check if package name is similar length
+        if (Math.abs(pkgName.length - popular.length) > 2)
+            continue;
+        const distance = levenshteinDistance(lowerName, popular);
+        // Flag if edit distance is 1-2 and names are not identical
+        if (distance > 0 && distance <= 2 && lowerName !== popular) {
+            return { target: popular, distance };
+        }
+    }
+    return null;
+}
+// --- Blocklist check ---
+function matchesWildcard(extensionId, pattern) {
+    const lowerId = extensionId.toLowerCase();
+    const lowerPattern = pattern.toLowerCase();
+    if (lowerPattern.endsWith(".*")) {
+        const prefix = lowerPattern.slice(0, -2);
+        return lowerId.startsWith(prefix + ".");
+    }
+    return lowerId === lowerPattern;
+}
+export function checkBlocklist(manifest, blocklist) {
+    const findings = [];
+    const extensionId = `${manifest.publisher}.${manifest.name}`;
+    for (const entry of blocklist) {
+        if (matchesWildcard(extensionId, entry.id)) {
+            findings.push({
+                id: "BLOCKLIST_MATCH",
+                title: "Extension on malware blocklist",
+                description: `Extension "${extensionId}" matches blocklisted pattern "${entry.id}": ${entry.reason}`,
+                severity: "critical",
+                category: "blocklist",
+                location: {
+                    file: "package.json",
+                },
+                metadata: {
+                    campaign: entry.campaign,
+                    reference: entry.reference,
+                    blocklistEntry: entry.id,
+                },
+            });
+        }
+    }
+    return findings;
+}
+// --- Manifest checks ---
+export function checkActivationEvents(manifest) {
+    const findings = [];
+    if (manifest.activationEvents?.includes("*")) {
+        findings.push({
+            id: "ACTIVATION_WILDCARD",
+            title: "Extension activates on all events",
+            description: 'Extension uses "activationEvents": ["*"] which activates on every VS Code action. This is often used by malware to ensure immediate execution, but may be legitimate for extensions that need to respond to many different events.',
+            severity: "high",
+            category: "manifest",
+            location: {
+                file: "package.json",
+            },
+            metadata: {
+                legitimateUses: ["Extensions with many contribution points", "Global workspace tools"],
+                redFlags: [
+                    "Simple extension with wildcard activation",
+                    "Combined with suspicious patterns",
+                ],
+            },
+        });
+    }
+    if (manifest.activationEvents?.includes("onStartupFinished")) {
+        findings.push({
+            id: "ACTIVATION_STARTUP",
+            title: "Extension activates on startup",
+            description: 'Extension uses "onStartupFinished" activation event. Common in extensions that need to initialize early (git integration, status bar items, language servers). Review if early activation is necessary for the extension\'s purpose.',
+            severity: "medium",
+            category: "manifest",
+            location: {
+                file: "package.json",
+            },
+            metadata: {
+                legitimateUses: [
+                    "Git integration",
+                    "Status bar extensions",
+                    "Language servers",
+                    "Background services",
+                ],
+                redFlags: [
+                    "Combined with network activity on startup",
+                    "No obvious need for early activation",
+                ],
+            },
+        });
+    }
+    return findings;
+}
+export function checkThemeAbuse(manifest) {
+    const findings = [];
+    const hasMain = Boolean(manifest.main || manifest.browser);
+    const hasThemes = (manifest.contributes?.themes?.length ?? 0) > 0 ||
+        (manifest.contributes?.iconThemes?.length ?? 0) > 0;
+    if (hasThemes && hasMain) {
+        findings.push({
+            id: "THEME_WITH_CODE",
+            title: "Theme extension has code entry point",
+            description: "This extension contributes themes/icon themes but also has a code entry point (main/browser). Pure themes don't need executable code. However, some legitimate extensions combine themes with additional functionality (commands, settings sync).",
+            severity: "high",
+            category: "manifest",
+            location: {
+                file: "package.json",
+            },
+            metadata: {
+                main: manifest.main,
+                browser: manifest.browser,
+                themes: manifest.contributes?.themes?.length ?? 0,
+                iconThemes: manifest.contributes?.iconThemes?.length ?? 0,
+                legitimateUses: [
+                    "Theme packs with additional commands",
+                    "Theme switchers",
+                    "Theme previews",
+                ],
+                redFlags: [
+                    "Theme-only description but runs code",
+                    "Network activity from theme extension",
+                    "Known malware pattern",
+                ],
+            },
+        });
+    }
+    return findings;
+}
+export function checkSuspiciousPermissions(manifest) {
+    const findings = [];
+    const extensionDependencies = manifest["extensionDependencies"];
+    if (extensionDependencies) {
+        for (const dep of extensionDependencies) {
+            if (dep.includes("remote-ssh") || dep.includes("remote-wsl")) {
+                findings.push({
+                    id: "REMOTE_DEPENDENCY",
+                    title: "Extension depends on remote access extension",
+                    description: `Extension depends on "${dep}" which provides remote system access. This is expected for extensions that enhance remote development workflows.`,
+                    severity: "medium",
+                    category: "manifest",
+                    location: {
+                        file: "package.json",
+                    },
+                    metadata: {
+                        dependency: dep,
+                        legitimateUses: [
+                            "Remote development helpers",
+                            "SSH workflow tools",
+                            "Container development",
+                        ],
+                        redFlags: [
+                            "No clear remote development purpose",
+                            "Combined with credential access patterns",
+                        ],
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+// --- Dependency checks ---
+export function checkMaliciousPackages(packageJson, maliciousPackages) {
+    const findings = [];
+    // Only check runtime dependencies, not devDependencies
+    // devDependencies aren't bundled in .vsix files and only used during development
+    const deps = packageJson.dependencies ?? {};
+    for (const pkgName of Object.keys(deps)) {
+        if (maliciousPackages.has(pkgName.toLowerCase())) {
+            findings.push({
+                id: "MALICIOUS_NPM_PACKAGE",
+                title: "Known malicious npm package",
+                description: `Dependency "${pkgName}" is a known malicious npm package. This package has been identified in previous attacks and should be removed immediately.`,
+                severity: "critical",
+                category: "dependency",
+                location: {
+                    file: "package.json",
+                },
+                metadata: {
+                    package: pkgName,
+                },
+            });
+        }
+    }
+    return findings;
+}
+export function checkTyposquattingPackages(packageJson) {
+    const findings = [];
+    const allDeps = {
+        ...packageJson.dependencies,
+        ...packageJson.devDependencies,
+    };
+    for (const pkgName of Object.keys(allDeps)) {
+        const typosquat = checkTyposquatting(pkgName);
+        if (typosquat) {
+            findings.push({
+                id: "TYPOSQUAT_PACKAGE",
+                title: "Potential typosquatting package",
+                description: `Dependency "${pkgName}" is suspiciously similar to popular package "${typosquat.target}" (edit distance: ${typosquat.distance}). This may be a typosquatting attack.`,
+                severity: "high",
+                category: "dependency",
+                location: {
+                    file: "package.json",
+                },
+                metadata: {
+                    package: pkgName,
+                    similar_to: typosquat.target,
+                    edit_distance: typosquat.distance,
+                },
+            });
+        }
+    }
+    return findings;
+}
+export function checkLifecycleScripts(packageJson) {
+    const findings = [];
+    const scripts = packageJson.scripts ?? {};
+    for (const scriptName of DANGEROUS_SCRIPTS) {
+        const scriptContent = scripts[scriptName];
+        if (!scriptContent)
+            continue;
+        // Check for malicious patterns in the script
+        for (const { pattern, desc } of MALICIOUS_SCRIPT_PATTERNS) {
+            if (pattern.test(scriptContent)) {
+                findings.push({
+                    id: "MALICIOUS_LIFECYCLE_SCRIPT",
+                    title: `Suspicious ${scriptName} script`,
+                    description: `The ${scriptName} script contains suspicious content: ${desc}. Lifecycle scripts run automatically during npm install and can execute arbitrary code.`,
+                    severity: "critical",
+                    category: "dependency",
+                    location: {
+                        file: "package.json",
+                    },
+                    metadata: {
+                        script: scriptName,
+                        content: scriptContent.slice(0, 200),
+                        pattern: desc,
+                    },
+                });
+                break; // Only report one pattern per script
+            }
+        }
+        // Also flag any lifecycle script that exists even without malicious patterns
+        // as they're a common attack vector
+        if (!findings.some((f) => f.id === "MALICIOUS_LIFECYCLE_SCRIPT" && f.metadata?.["script"] === scriptName)) {
+            findings.push({
+                id: "LIFECYCLE_SCRIPT",
+                title: `Has ${scriptName} script`,
+                description: `The extension has a ${scriptName} script that runs during installation. While not always malicious, lifecycle scripts are a common attack vector. Review the script content carefully.`,
+                severity: "medium",
+                category: "dependency",
+                location: {
+                    file: "package.json",
+                },
+                metadata: {
+                    script: scriptName,
+                    content: scriptContent.slice(0, 200),
+                },
+            });
+        }
+    }
+    return findings;
+}
+// --- Main export ---
+export function checkPackage(contents, zooData) {
+    const { manifest } = contents;
+    const findings = [];
+    // Blocklist check
+    findings.push(...checkBlocklist(manifest, zooData.blocklist));
+    // Manifest checks (use manifest object directly)
+    findings.push(...checkActivationEvents(manifest));
+    findings.push(...checkThemeAbuse(manifest));
+    findings.push(...checkSuspiciousPermissions(manifest));
+    // Dependencies checks (parse package.json from files)
+    const packageJsonBuffer = contents.files.get("package.json");
+    if (packageJsonBuffer) {
+        let packageJson;
+        try {
+            packageJson = JSON.parse(packageJsonBuffer.toString("utf8"));
+        }
+        catch {
+            return findings;
+        }
+        findings.push(...checkMaliciousPackages(packageJson, zooData.maliciousNpmPackages));
+        findings.push(...checkTyposquattingPackages(packageJson));
+        findings.push(...checkLifecycleScripts(packageJson));
+    }
+    return findings;
+}
+//# sourceMappingURL=package.js.map

package/dist/scanner/checks/package.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package.js","sourceRoot":"","sources":["../../../src/scanner/checks/package.ts"],"names":[],"mappings":"AASA,oEAAoE;AACpE,8EAA8E;AAC9E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,wBAAwB;IACxB,MAAM,EAAE,0CAA0C;IAClD,OAAO,EAAE,8BAA8B;IACvC,OAAO,EAAE,4BAA4B;IAErC,mBAAmB;IACnB,MAAM,EAAE,sCAAsC;IAC9C,QAAQ,EAAE,2CAA2C;IAErD,qDAAqD;IACrD,QAAQ,EAAE,gDAAgD;IAC1D,QAAQ,EAAE,gBAAgB;IAE1B,wBAAwB;IACxB,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,iDAAiD;IAC3D,MAAM,EAAE,oCAAoC;IAE5C,4BAA4B;IAC5B,MAAM,EAAE,2CAA2C;IACnD,IAAI,EAAE,yCAAyC;IAE/C,mBAAmB;IACnB,OAAO,EAAE,sDAAsD;IAC/D,QAAQ,EAAE,6CAA6C;IAEvD,kBAAkB;IAClB,QAAQ,EAAE,+CAA+C;IAEzD,gBAAgB;IAChB,QAAQ,EAAE,oCAAoC;IAE9C,yBAAyB;IACzB,MAAM,EAAE,qCAAqC;IAC7C,OAAO,EAAE,mCAAmC;IAC5C,KAAK,EAAE,wCAAwC;IAC/C,eAAe,EAAE,kCAAkC;IACnD,aAAa,EAAE,2CAA2C;IAC1D,MAAM,EAAE,uDAAuD;IAC/D,OAAO,EAAE,oDAAoD;CAC9D,CAAC,CAAC;AAEH,+CAA+C;AAC/C,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAmB;IACjD,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAC5E,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACjD,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9C,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAC5C,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;IACxD,CAAC,UAAU,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACjD,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAC1D,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC,WAAW,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;IAC1D,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACzC,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACxC,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC,WAAW,EAAE,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC,OAAO,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC1C,CAAC,SAAS,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC,QAAQ,EAAE,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACjD,CAAC,WAAW,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IACxD,CAAC,WAAW,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;CAC/D,CAAC,CAAC;AAEH,kCAAkC;AAClC,MAAM,iBAAiB,GAAG;IACxB,YAAY;IACZ,aAAa;IACb,cAAc;IACd,eAAe;IACf,YAAY;IACZ,aAAa;CACd,CAAC;AAEF,kDAAkD;AAClD,MAAM,yBAAyB,GAAG;IAChC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,sCAAsC,EAAE;IACnF,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,sCAAsC,EAAE;IACnF,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,gCAAgC,EAAE;IACvE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,iCAAiC,EAAE;IAC3E,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACpE,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,yBAAyB,EAAE;IAClE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAClD,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,qCAAqC,EAAE;IACxF,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,8BAA8B,EAAE;IACpE,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACnE,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,wBAAwB,EAAE;IAC7D,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,wBAAwB,EAAE;CACjE,CAAC;AAEF,SAAS,mBAAmB,CAAC,CAAS,EAAE,CAAS;IAC/C,MAAM,MAAM,GAAe,EAAE,CAAC;IAE9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,CAAC,QAAQ;QAAE,OAAO,CAAC,CAAC;IACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,UAAU,IAAI,CAAC,OAAO;YAAE,SAAS;QAEtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CACtB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,eAAe;gBAC1C,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,YAAY;gBAC1C,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CACtB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAExC,mDAAmD;IACnD,IAAI,mBAAmB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,+BAA+B;IAC/B,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,gBAAgB,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACzC,+CAA+C;QAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;YAAE,SAAS;QAE5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACzD,2DAA2D;QAC3D,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,IAAI,CAAC,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,0BAA0B;AAE1B,SAAS,eAAe,CAAC,WAAmB,EAAE,OAAe;IAC3D,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAE3C,IAAI,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,OAAO,KAAK,YAAY,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAsB,EAAE,SAA2B;IAChF,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE7D,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,IAAI,eAAe,CAAC,WAAW,EAAE,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,iBAAiB;gBACrB,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,cAAc,WAAW,kCAAkC,KAAK,CAAC,EAAE,MAAM,KAAK,CAAC,MAAM,EAAE;gBACpG,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE;oBACR,IAAI,EAAE,cAAc;iBACrB;gBACD,QAAQ,EAAE;oBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,SAAS,EAAE,KAAK,CAAC,SAAS;oBAC1B,cAAc,EAAE,KAAK,CAAC,EAAE;iBACzB;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0BAA0B;AAE1B,MAAM,UAAU,qBAAqB,CAAC,QAAsB;IAC1D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,qBAAqB;YACzB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EACT,oOAAoO;YACtO,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE;gBACR,IAAI,EAAE,cAAc;aACrB;YACD,QAAQ,EAAE;gBACR,cAAc,EAAE,CAAC,0CAA0C,EAAE,wBAAwB,CAAC;gBACtF,QAAQ,EAAE;oBACR,2CAA2C;oBAC3C,mCAAmC;iBACpC;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,CAAC,gBAAgB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC7D,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,oBAAoB;YACxB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EACT,sOAAsO;YACxO,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE;gBACR,IAAI,EAAE,cAAc;aACrB;YACD,QAAQ,EAAE;gBACR,cAAc,EAAE;oBACd,iBAAiB;oBACjB,uBAAuB;oBACvB,kBAAkB;oBAClB,qBAAqB;iBACtB;gBACD,QAAQ,EAAE;oBACR,2CAA2C;oBAC3C,sCAAsC;iBACvC;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAsB;IACpD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3D,MAAM,SAAS,GACb,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;QAC/C,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAEtD,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,iBAAiB;YACrB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EACT,mPAAmP;YACrP,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE;gBACR,IAAI,EAAE,cAAc;aACrB;YACD,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;gBACzB,MAAM,EAAE,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;gBACjD,UAAU,EAAE,QAAQ,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;gBACzD,cAAc,EAAE;oBACd,sCAAsC;oBACtC,iBAAiB;oBACjB,gBAAgB;iBACjB;gBACD,QAAQ,EAAE;oBACR,sCAAsC;oBACtC,uCAAuC;oBACvC,uBAAuB;iBACxB;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,QAAsB;IAC/D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,qBAAqB,GAAG,QAAQ,CAAC,uBAAuB,CAAyB,CAAC;IACxF,IAAI,qBAAqB,EAAE,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,qBAAqB,EAAE,CAAC;YACxC,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,mBAAmB;oBACvB,KAAK,EAAE,8CAA8C;oBACrD,WAAW,EAAE,yBAAyB,GAAG,mHAAmH;oBAC5J,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE;wBACR,IAAI,EAAE,cAAc;qBACrB;oBACD,QAAQ,EAAE;wBACR,UAAU,EAAE,GAAG;wBACf,cAAc,EAAE;4BACd,4BAA4B;4BAC5B,oBAAoB;4BACpB,uBAAuB;yBACxB;wBACD,QAAQ,EAAE;4BACR,qCAAqC;4BACrC,0CAA0C;yBAC3C;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4BAA4B;AAE5B,MAAM,UAAU,sBAAsB,CACpC,WAAwB,EACxB,iBAA8B;IAE9B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,uDAAuD;IACvD,iFAAiF;IACjF,MAAM,IAAI,GAAG,WAAW,CAAC,YAAY,IAAI,EAAE,CAAC;IAE5C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,uBAAuB;gBAC3B,KAAK,EAAE,6BAA6B;gBACpC,WAAW,EAAE,eAAe,OAAO,6HAA6H;gBAChK,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE;oBACR,IAAI,EAAE,cAAc;iBACrB;gBACD,QAAQ,EAAE;oBACR,OAAO,EAAE,OAAO;iBACjB;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,WAAwB;IACjE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG;QACd,GAAG,WAAW,CAAC,YAAY;QAC3B,GAAG,WAAW,CAAC,eAAe;KAC/B,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,SAAS,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,mBAAmB;gBACvB,KAAK,EAAE,iCAAiC;gBACxC,WAAW,EAAE,eAAe,OAAO,iDAAiD,SAAS,CAAC,MAAM,qBAAqB,SAAS,CAAC,QAAQ,wCAAwC;gBACnL,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE;oBACR,IAAI,EAAE,cAAc;iBACrB;gBACD,QAAQ,EAAE;oBACR,OAAO,EAAE,OAAO;oBAChB,UAAU,EAAE,SAAS,CAAC,MAAM;oBAC5B,aAAa,EAAE,SAAS,CAAC,QAAQ;iBAClC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,WAAwB;IAC5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,EAAE,CAAC;IAE1C,KAAK,MAAM,UAAU,IAAI,iBAAiB,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC,aAAa;YAAE,SAAS;QAE7B,6CAA6C;QAC7C,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,yBAAyB,EAAE,CAAC;YAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;gBAChC,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,4BAA4B;oBAChC,KAAK,EAAE,cAAc,UAAU,SAAS;oBACxC,WAAW,EAAE,OAAO,UAAU,wCAAwC,IAAI,0FAA0F;oBACpK,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE;wBACR,IAAI,EAAE,cAAc;qBACrB;oBACD,QAAQ,EAAE;wBACR,MAAM,EAAE,UAAU;wBAClB,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACpC,OAAO,EAAE,IAAI;qBACd;iBACF,CAAC,CAAC;gBACH,MAAM,CAAC,qCAAqC;YAC9C,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,oCAAoC;QACpC,IACE,CAAC,QAAQ,CAAC,IAAI,CACZ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,4BAA4B,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,KAAK,UAAU,CACtF,EACD,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,kBAAkB;gBACtB,KAAK,EAAE,OAAO,UAAU,SAAS;gBACjC,WAAW,EAAE,uBAAuB,UAAU,uJAAuJ;gBACrM,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE;oBACR,IAAI,EAAE,cAAc;iBACrB;gBACD,QAAQ,EAAE;oBACR,MAAM,EAAE,UAAU;oBAClB,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBACrC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,sBAAsB;AAEtB,MAAM,UAAU,YAAY,CAAC,QAAsB,EAAE,OAAgB;IACnE,MAAM,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;IAC9B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,kBAAkB;IAClB,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;IAE9D,iDAAiD;IACjD,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClD,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC5C,QAAQ,CAAC,IAAI,CAAC,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEvD,sDAAsD;IACtD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC7D,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,WAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAgB,CAAC;QAC9E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,WAAW,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC;QACpF,QAAQ,CAAC,IAAI,CAAC,GAAG,0BAA0B,CAAC,WAAW,CAAC,CAAC,CAAC;QAC1D,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanner/checks/package.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=package.test.d.ts.map

package/dist/scanner/checks/package.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/package.test.ts"],"names":[],"mappings":""}