@trailofbits/vsix-audit 0.1.0

package/dist/scanner/types.d.ts

@@ -0,0 +1,118 @@
+export type Severity = "low" | "medium" | "high" | "critical";
+export type Registry = "marketplace" | "openvsx" | "cursor";
+export interface ModuleTimings {
+    load: number;
+    package?: number;
+    obfuscation?: number;
+    ast?: number;
+    ioc?: number;
+    yara?: number;
+    total: number;
+}
+export interface ScanOptions {
+    output: "text" | "json" | "sarif";
+    severity: Severity;
+    network: boolean;
+    modules?: string[];
+    profile?: boolean;
+}
+export interface Finding {
+    id: string;
+    title: string;
+    description: string;
+    severity: Severity;
+    category: string;
+    location?: {
+        file: string;
+        line?: number;
+        column?: number;
+    };
+    metadata?: Record<string, unknown>;
+}
+export interface CheckSummary {
+    name: string;
+    enabled: boolean;
+    description: string;
+    filesExamined?: number;
+    rulesApplied?: number;
+    skipReason?: string;
+}
+export interface ScanResult {
+    extension: {
+        id: string;
+        name: string;
+        version: string;
+        publisher: string;
+    };
+    findings: Finding[];
+    inventory: CheckSummary[];
+    metadata: {
+        scannedAt: string;
+        scanDuration: number;
+        registry?: Registry;
+        timings?: ModuleTimings;
+    };
+}
+export interface VsixManifest {
+    name: string;
+    displayName?: string;
+    publisher: string;
+    version: string;
+    description?: string;
+    main?: string;
+    browser?: string;
+    activationEvents?: string[];
+    contributes?: {
+        themes?: Array<{
+            id?: string;
+            label?: string;
+            path?: string;
+        }>;
+        iconThemes?: Array<{
+            id?: string;
+            label?: string;
+            path?: string;
+        }>;
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+}
+export interface VsixContents {
+    manifest: VsixManifest;
+    files: Map<string, Buffer>;
+    basePath: string;
+}
+export interface BlocklistEntry {
+    id: string;
+    name: string;
+    reason: string;
+    campaign?: string;
+    platform?: string;
+    addedDate?: string;
+    reference?: string;
+}
+export interface ZooData {
+    blocklist: BlocklistEntry[];
+    hashes: Set<string>;
+    domains: Set<string>;
+    ips: Set<string>;
+    maliciousNpmPackages: Set<string>;
+    wallets: Set<string>;
+    blockchainAllowlist: Set<string>;
+}
+export interface BatchScanResult {
+    results: ScanResult[];
+    errors: Array<{
+        path: string;
+        error: string;
+    }>;
+    summary: {
+        totalFiles: number;
+        scannedFiles: number;
+        failedFiles: number;
+        totalFindings: number;
+        findingsBySeverity: Record<Severity, number>;
+        scanDuration: number;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/scanner/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AAE5D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE;QACT,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,QAAQ,EAAE;QACR,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,OAAO,CAAC,EAAE,aAAa,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,KAAK,CAAC;YACjB,EAAE,CAAC,EAAE,MAAM,CAAC;YACZ,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC,CAAC;QACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACjB,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACrB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH"}

package/dist/scanner/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/scanner/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":""}

package/dist/scanner/utils.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Shared utility functions for scanner checks.
+ */
+/**
+ * Find line number for a string match in content.
+ * Returns 1-indexed line number, or undefined if not found.
+ */
+export declare function findLineNumberByString(content: string, searchStr: string): number | undefined;
+/**
+ * Find line number for a regex match by its index.
+ * Returns 1-indexed line number.
+ */
+export declare function findLineNumberByIndex(content: string, index: number): number;
+//# sourceMappingURL=utils.d.ts.map

package/dist/scanner/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAQ7F;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAG5E"}

package/dist/scanner/utils.js

@@ -0,0 +1,25 @@
+/**
+ * Shared utility functions for scanner checks.
+ */
+/**
+ * Find line number for a string match in content.
+ * Returns 1-indexed line number, or undefined if not found.
+ */
+export function findLineNumberByString(content, searchStr) {
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        if (lines[i]?.includes(searchStr)) {
+            return i + 1;
+        }
+    }
+    return undefined;
+}
+/**
+ * Find line number for a regex match by its index.
+ * Returns 1-indexed line number.
+ */
+export function findLineNumberByIndex(content, index) {
+    const beforeMatch = content.slice(0, index);
+    return beforeMatch.split("\n").length;
+}
+//# sourceMappingURL=utils.js.map

package/dist/scanner/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/scanner/utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe,EAAE,SAAiB;IACvE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,KAAa;IAClE,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5C,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACxC,CAAC"}

package/dist/scanner/vsix.d.ts

@@ -0,0 +1,6 @@
+import type { VsixContents } from "./types.js";
+export declare function extractVsix(vsixPath: string): Promise<VsixContents>;
+export declare function loadDirectory(dirPath: string): Promise<VsixContents>;
+export declare function loadExtension(target: string): Promise<VsixContents>;
+export declare function computeSha256(content: Buffer): string;
+//# sourceMappingURL=vsix.d.ts.map

package/dist/scanner/vsix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vsix.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;AAoJ7D,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAgEzE;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAqC1E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAUzE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAErD"}

package/dist/scanner/vsix.js

@@ -0,0 +1,213 @@
+import { createHash } from "node:crypto";
+import { readFile, readdir, stat } from "node:fs/promises";
+import { join, relative } from "node:path";
+import { inflateRawSync } from "node:zlib";
+const VSIX_EXTENSION_PREFIX = "extension/";
+const LOCAL_FILE_HEADER = 0x04034b50;
+const CENTRAL_DIR_HEADER = 0x02014b50;
+const END_OF_CENTRAL_DIR = 0x06054b50;
+/**
+ * Validate that a ZIP entry path is safe (no path traversal).
+ * Prevents zip slip attacks by rejecting paths with ".." segments.
+ */
+function isPathSafe(path) {
+    const normalized = path.split("/").filter((p) => p !== ".");
+    return !normalized.some((segment) => segment === ".." || segment.startsWith(".."));
+}
+/**
+ * Find the End of Central Directory record by searching backwards from end of file.
+ * The EOCD is at least 22 bytes and can have a variable-length comment.
+ */
+function findEndOfCentralDir(buffer) {
+    // EOCD is minimum 22 bytes, max comment is 65535 bytes
+    const minEocdOffset = Math.max(0, buffer.length - 22 - 65535);
+    for (let i = buffer.length - 22; i >= minEocdOffset; i--) {
+        if (buffer.readUInt32LE(i) === END_OF_CENTRAL_DIR) {
+            return i;
+        }
+    }
+    throw new Error("Invalid ZIP: End of central directory not found");
+}
+/**
+ * Parse the central directory to get accurate file sizes.
+ * Central directory always has correct sizes, even when local headers use data descriptors.
+ */
+function parseCentralDirectory(buffer) {
+    const eocdOffset = findEndOfCentralDir(buffer);
+    const cdEntryCount = buffer.readUInt16LE(eocdOffset + 10);
+    const cdOffset = buffer.readUInt32LE(eocdOffset + 16);
+    const entries = new Map();
+    let offset = cdOffset;
+    for (let i = 0; i < cdEntryCount; i++) {
+        if (offset + 46 > buffer.length) {
+            throw new Error("Invalid ZIP: Central directory entry extends beyond file");
+        }
+        if (buffer.readUInt32LE(offset) !== CENTRAL_DIR_HEADER) {
+            throw new Error(`Invalid ZIP: Expected central directory header at offset ${offset}`);
+        }
+        const compressionMethod = buffer.readUInt16LE(offset + 10);
+        const compressedSize = buffer.readUInt32LE(offset + 20);
+        const uncompressedSize = buffer.readUInt32LE(offset + 24);
+        const fileNameLength = buffer.readUInt16LE(offset + 28);
+        const extraLength = buffer.readUInt16LE(offset + 30);
+        const commentLength = buffer.readUInt16LE(offset + 32);
+        const localHeaderOffset = buffer.readUInt32LE(offset + 42);
+        if (offset + 46 + fileNameLength > buffer.length) {
+            throw new Error("Invalid ZIP: File name extends beyond file");
+        }
+        const fileName = buffer.toString("utf8", offset + 46, offset + 46 + fileNameLength);
+        // Skip directories (names ending with /)
+        if (!fileName.endsWith("/")) {
+            entries.set(fileName, {
+                fileName,
+                compressedSize,
+                uncompressedSize,
+                compressionMethod,
+                localHeaderOffset,
+            });
+        }
+        offset += 46 + fileNameLength + extraLength + commentLength;
+    }
+    return entries;
+}
+/**
+ * Parse ZIP entries using the central directory for accurate sizes.
+ * This handles ZIP files with data descriptors (bit 3 set) where local headers have size 0.
+ */
+function parseZipEntries(buffer) {
+    const centralDir = parseCentralDirectory(buffer);
+    const entries = [];
+    for (const [fileName, cdEntry] of centralDir) {
+        const offset = cdEntry.localHeaderOffset;
+        if (offset + 30 > buffer.length) {
+            throw new Error(`Invalid ZIP: Local header for ${fileName} extends beyond file`);
+        }
+        if (buffer.readUInt32LE(offset) !== LOCAL_FILE_HEADER) {
+            throw new Error(`Invalid ZIP: Expected local file header for ${fileName}`);
+        }
+        const fileNameLength = buffer.readUInt16LE(offset + 26);
+        const extraFieldLength = buffer.readUInt16LE(offset + 28);
+        const dataOffset = offset + 30 + fileNameLength + extraFieldLength;
+        entries.push({
+            name: fileName,
+            compressedSize: cdEntry.compressedSize,
+            uncompressedSize: cdEntry.uncompressedSize,
+            compressionMethod: cdEntry.compressionMethod,
+            dataOffset,
+        });
+    }
+    return entries;
+}
+function extractEntry(buffer, entry) {
+    const compressedData = buffer.subarray(entry.dataOffset, entry.dataOffset + entry.compressedSize);
+    if (entry.compressionMethod === 0) {
+        return compressedData;
+    }
+    else if (entry.compressionMethod === 8) {
+        return inflateRawSync(compressedData);
+    }
+    else {
+        throw new Error(`Unsupported compression method: ${entry.compressionMethod}`);
+    }
+}
+export async function extractVsix(vsixPath) {
+    const buffer = await readFile(vsixPath);
+    const entries = parseZipEntries(buffer);
+    const files = new Map();
+    let manifest;
+    for (const entry of entries) {
+        // Validate path before processing to prevent zip slip attacks
+        if (!isPathSafe(entry.name)) {
+            throw new Error(`Invalid VSIX: path traversal detected in "${entry.name}"`);
+        }
+        const content = extractEntry(buffer, entry);
+        let relativePath = entry.name;
+        if (relativePath.startsWith(VSIX_EXTENSION_PREFIX)) {
+            relativePath = relativePath.slice(VSIX_EXTENSION_PREFIX.length);
+        }
+        files.set(relativePath, content);
+        if (relativePath === "package.json") {
+            manifest = JSON.parse(content.toString("utf8"));
+        }
+    }
+    // Handle non-standard prefixes (e.g., "publisher.name-version/" instead of "extension/")
+    if (!manifest) {
+        for (const [path, content] of files) {
+            const match = path.match(/^([^/]+)\/package\.json$/);
+            if (match) {
+                const prefix = match[1] + "/";
+                // Re-normalize all paths with detected prefix
+                const normalized = new Map();
+                for (const [p, c] of files) {
+                    if (p.startsWith(prefix)) {
+                        normalized.set(p.slice(prefix.length), c);
+                    }
+                    else {
+                        normalized.set(p, c);
+                    }
+                }
+                files.clear();
+                for (const [p, c] of normalized) {
+                    files.set(p, c);
+                }
+                manifest = JSON.parse(content.toString("utf8"));
+                break;
+            }
+        }
+    }
+    if (!manifest) {
+        throw new Error("Invalid VSIX: missing package.json");
+    }
+    return {
+        manifest,
+        files,
+        basePath: vsixPath,
+    };
+}
+export async function loadDirectory(dirPath) {
+    const files = new Map();
+    async function walkDir(dir) {
+        const entries = await readdir(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = join(dir, entry.name);
+            if (entry.name === "node_modules" || entry.name === ".git") {
+                continue;
+            }
+            if (entry.isDirectory()) {
+                await walkDir(fullPath);
+            }
+            else if (entry.isFile()) {
+                const relativePath = relative(dirPath, fullPath);
+                const content = await readFile(fullPath);
+                files.set(relativePath, content);
+            }
+        }
+    }
+    await walkDir(dirPath);
+    const manifestBuffer = files.get("package.json");
+    if (!manifestBuffer) {
+        throw new Error("Invalid extension directory: missing package.json");
+    }
+    const manifest = JSON.parse(manifestBuffer.toString("utf8"));
+    return {
+        manifest,
+        files,
+        basePath: dirPath,
+    };
+}
+export async function loadExtension(target) {
+    const stats = await stat(target);
+    if (stats.isDirectory()) {
+        return loadDirectory(target);
+    }
+    else if (target.endsWith(".vsix")) {
+        return extractVsix(target);
+    }
+    else {
+        throw new Error(`Unsupported target: ${target}. Expected .vsix file or directory.`);
+    }
+}
+export function computeSha256(content) {
+    return createHash("sha256").update(content).digest("hex");
+}
+//# sourceMappingURL=vsix.js.map

package/dist/scanner/vsix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vsix.js","sourceRoot":"","sources":["../../src/scanner/vsix.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,MAAM,qBAAqB,GAAG,YAAY,CAAC;AAC3C,MAAM,iBAAiB,GAAG,UAAU,CAAC;AACrC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AACtC,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC;;;GAGG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;IAC5D,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;AACrF,CAAC;AAkBD;;;GAGG;AACH,SAAS,mBAAmB,CAAC,MAAc;IACzC,uDAAuD;IACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAE9D,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,kBAAkB,EAAE,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2B,CAAC;IACnD,IAAI,MAAM,GAAG,QAAQ,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,4DAA4D,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACvD,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC;QAEpF,yCAAyC;QACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,cAAc;gBACd,gBAAgB;gBAChB,iBAAiB;gBACjB,iBAAiB;aAClB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,EAAE,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,CAAC;IAC9D,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,OAAO,GAAe,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEzC,IAAI,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,sBAAsB,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,GAAG,EAAE,GAAG,cAAc,GAAG,gBAAgB,CAAC;QAEnE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,UAAU;SACX,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,MAAc,EAAE,KAAe;IACnD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC;IAElG,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,cAAc,CAAC;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,CAAC,EAAE,CAAC;QACzC,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAExC,IAAI,QAAkC,CAAC;IAEvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,8DAA8D;QAC9D,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC5C,IAAI,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;QAE9B,IAAI,YAAY,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACnD,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAEjC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YACpC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;QAClE,CAAC;IACH,CAAC;IAED,yFAAyF;IACzF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YACrD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;gBAE9B,8CAA8C;gBAC9C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;gBAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;oBAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC5C,CAAC;yBAAM,CAAC;wBACN,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAED,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;oBAChC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAClB,CAAC;gBAED,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;gBAChE,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,QAAQ;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAExC,KAAK,UAAU,OAAO,CAAC,GAAW;QAChC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAEvC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC3D,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvB,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACjD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAiB,CAAC;IAE7E,OAAO;QACL,QAAQ;QACR,KAAK;QACL,QAAQ,EAAE,OAAO;KAClB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC;IAEjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACxB,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,qCAAqC,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC"}

package/dist/scanner/vsix.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=vsix.test.d.ts.map

package/dist/scanner/vsix.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vsix.test.d.ts","sourceRoot":"","sources":["../../src/scanner/vsix.test.ts"],"names":[],"mappings":""}