@triedotdev/mcp 1.0.169 → 1.0.170

package/dist/vulnerability-signatures-2URZSXAQ.js

@@ -1,983 +0,0 @@
-import {
-  AhoCorasick
-} from "./chunk-6NLHFIYA.js";
-import {
-  isInteractiveMode
-} from "./chunk-KDHN2ZQE.js";
-import "./chunk-DGUM43GV.js";
-
-// src/trie/vulnerability-signatures.ts
-var ALWAYS_EXCLUDED_FILES = [
-  /vulnerability-signatures\.[jt]s$/,
-  // CRITICAL: Never scan ourselves!
-  /vibe-code-signatures\.[jt]s$/,
-  // Never scan signature files
-  /legal\.[jt]s$/,
-  // Legal skill contains detection patterns
-  /security-scanner\.[jt]s$/,
-  // Security scanner contains patterns
-  /agent-smith\.[jt]s$/,
-  // Agent Smith contains patterns
-  /security\.[jt]s$/,
-  // Security skill
-  /privacy\.[jt]s$/,
-  // Privacy skill
-  /soc2\.[jt]s$/,
-  // SOC2 skill
-  /skills[\/\\]built-in[\/\\]/,
-  // Never scan Trie's own skill implementations
-  /skills[\/\\].*\.[jt]s$/,
-  // Never scan any skills directory
-  /trie-agents?[\/\\]src[\/\\]/,
-  // Never scan Trie's source when installed as dependency
-  /trie-agents?[\/\\]dist[\/\\]/,
-  // Never scan Trie's dist when installed
-  /package-lock\.json$/,
-  // Lock files
-  /yarn\.lock$/,
-  /pnpm-lock\.yaml$/,
-  /node_modules[\/\\]/,
-  // Dependencies
-  /\.d\.ts$/,
-  // Type definitions
-  /\.min\.[jt]s$/,
-  // Minified files
-  /dist[\/\\]/,
-  // Build output
-  /build[\/\\]/
-];
-var EXCLUDED_FILE_PATTERNS = [
-  /\.test\.[jt]sx?$/,
-  // Test files
-  /\.spec\.[jt]sx?$/,
-  // Spec files
-  /__tests__\//,
-  // Test directories
-  /\/test\//,
-  // test/ directory
-  /\/tests\//,
-  // tests/ directory
-  /\.stories\.[jt]sx?$/,
-  // Storybook files
-  /\.config\.[jt]s$/,
-  // Config files
-  /example/i,
-  // Example files
-  /demo/i,
-  // Demo files
-  /fixture/i,
-  // Test fixtures
-  /mock/i
-  // Mock files
-];
-function shouldAlwaysExcludeFile(filePath) {
-  const normalizedPath = filePath.replace(/\\/g, "/");
-  if (ALWAYS_EXCLUDED_FILES.some((pattern) => pattern.test(normalizedPath))) {
-    return true;
-  }
-  if (normalizedPath.includes("trie") && normalizedPath.includes("/src/")) {
-    return true;
-  }
-  const fileName = normalizedPath.split("/").pop() || "";
-  const TRIE_SCANNER_FILES = [
-    "vulnerability-signatures.ts",
-    "vulnerability-signatures.js",
-    "vibe-code-signatures.ts",
-    "vibe-code-signatures.js",
-    "legal.ts",
-    "legal.js",
-    "security-scanner.ts",
-    "security-scanner.js",
-    "agent-smith.ts",
-    "agent-smith.js",
-    "security.ts",
-    "security.js",
-    "privacy.ts",
-    "privacy.js",
-    "soc2.ts",
-    "soc2.js"
-  ];
-  if (TRIE_SCANNER_FILES.includes(fileName)) {
-    if (normalizedPath.includes("/skills/") || normalizedPath.includes("/trie/")) {
-      return true;
-    }
-  }
-  return false;
-}
-function shouldExcludeFile(filePath, patternCategory) {
-  if (shouldAlwaysExcludeFile(filePath)) {
-    return true;
-  }
-  if (patternCategory === "secrets" || patternCategory === "exposed-secrets") {
-    return false;
-  }
-  return EXCLUDED_FILE_PATTERNS.some((pattern) => pattern.test(filePath));
-}
-var SQL_CONTEXT_KEYWORDS = [
-  "SELECT",
-  "INSERT",
-  "UPDATE",
-  "DELETE",
-  "FROM",
-  "WHERE",
-  "JOIN",
-  "query",
-  "execute",
-  "sql",
-  "prisma",
-  "knex",
-  "sequelize",
-  "createQueryBuilder",
-  "rawQuery",
-  ".raw("
-];
-function isInSQLContext(line, surroundingLines) {
-  const allContent = [line, ...surroundingLines].join(" ").toLowerCase();
-  return SQL_CONTEXT_KEYWORDS.some(
-    (keyword) => allContent.includes(keyword.toLowerCase())
-  );
-}
-var VULNERABILITY_PATTERNS = [
-  // ============================================
-  // CRITICAL: Injection vulnerabilities
-  // ============================================
-  {
-    pattern: "eval(",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "injection",
-      description: "eval() can execute arbitrary code - potential RCE",
-      cwe: "CWE-95",
-      fix: "Use safer alternatives like JSON.parse() or a sandboxed interpreter"
-    }
-  },
-  {
-    pattern: "new Function(",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "injection",
-      description: "new Function() can execute arbitrary code",
-      cwe: "CWE-95",
-      fix: "Avoid dynamic function creation from user input"
-    }
-  },
-  {
-    pattern: "exec(",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "injection",
-      description: "Command execution - potential command injection",
-      cwe: "CWE-78",
-      fix: "Use parameterized commands and validate/sanitize all inputs"
-    }
-  },
-  {
-    pattern: "execSync(",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "injection",
-      description: "Synchronous command execution - potential injection",
-      cwe: "CWE-78",
-      fix: "Use spawn with argument arrays instead of shell strings"
-    }
-  },
-  {
-    pattern: "spawn(",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "injection",
-      description: "Process spawn - verify inputs are sanitized",
-      cwe: "CWE-78",
-      fix: "Use shell: false and pass arguments as array"
-    }
-  },
-  {
-    pattern: "child_process",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "injection",
-      description: "Child process module - review for command injection",
-      cwe: "CWE-78",
-      fix: "Validate all inputs passed to child processes"
-    }
-  },
-  // ============================================
-  // CRITICAL: SQL Injection patterns
-  // NOTE: ${} is NOT flagged here - we check SQL context in isFalsePositive
-  // ============================================
-  {
-    pattern: "SELECT * FROM",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "sql-injection",
-      description: "Raw SQL query detected - verify parameterization",
-      cwe: "CWE-89",
-      fix: "Use ORM or parameterized queries"
-    }
-  },
-  {
-    pattern: "INSERT INTO",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "sql-injection",
-      description: "Raw SQL INSERT - verify parameterization",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries"
-    }
-  },
-  {
-    pattern: "DELETE FROM",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "sql-injection",
-      description: "Raw SQL DELETE - verify parameterization",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries"
-    }
-  },
-  {
-    pattern: ".raw(`",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "sql-injection",
-      description: "Raw query with template literal - high injection risk",
-      cwe: "CWE-89",
-      fix: "Avoid raw queries with interpolation or use proper escaping"
-    }
-  },
-  {
-    pattern: ".raw('",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "sql-injection",
-      description: "Raw query method - verify for injection risk",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries instead of raw SQL"
-    }
-  },
-  {
-    pattern: '.raw("',
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "sql-injection",
-      description: "Raw query method - verify for injection risk",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries instead of raw SQL"
-    }
-  },
-  {
-    pattern: "`SELECT",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "sql-injection",
-      description: "SQL in template literal - check for injection",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries with placeholders"
-    }
-  },
-  {
-    pattern: "`INSERT",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "sql-injection",
-      description: "SQL INSERT in template literal - check for injection",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries with placeholders"
-    }
-  },
-  {
-    pattern: "`UPDATE",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "sql-injection",
-      description: "SQL UPDATE in template literal - check for injection",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries with placeholders"
-    }
-  },
-  {
-    pattern: "`DELETE",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "sql-injection",
-      description: "SQL DELETE in template literal - check for injection",
-      cwe: "CWE-89",
-      fix: "Use parameterized queries with placeholders"
-    }
-  },
-  // ============================================
-  // CRITICAL: XSS vulnerabilities
-  // ============================================
-  {
-    pattern: "innerHTML",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "innerHTML can inject malicious scripts",
-      cwe: "CWE-79",
-      fix: "Use textContent or sanitize HTML with DOMPurify"
-    }
-  },
-  {
-    pattern: "outerHTML",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "outerHTML can inject malicious scripts",
-      cwe: "CWE-79",
-      fix: "Avoid outerHTML with user input"
-    }
-  },
-  {
-    pattern: "document.write",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "document.write can inject malicious content",
-      cwe: "CWE-79",
-      fix: "Use DOM methods like createElement instead"
-    }
-  },
-  {
-    pattern: "dangerouslySetInnerHTML",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "React dangerouslySetInnerHTML - XSS risk",
-      cwe: "CWE-79",
-      fix: "Sanitize with DOMPurify before using"
-    }
-  },
-  {
-    pattern: "v-html",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "Vue v-html directive - XSS risk",
-      cwe: "CWE-79",
-      fix: "Sanitize content or use v-text"
-    }
-  },
-  {
-    pattern: "[innerHTML]",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "xss",
-      description: "Angular innerHTML binding - XSS risk",
-      cwe: "CWE-79",
-      fix: "Use Angular DomSanitizer"
-    }
-  },
-  // ============================================
-  // CRITICAL: Hardcoded secrets
-  // More specific patterns to reduce false positives
-  // ============================================
-  {
-    pattern: "password = '",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded password in string",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: 'password = "',
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded password in string",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: "password: '",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded password in config",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: 'password: "',
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded password in config",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: "api_key = '",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded API key",
-      cwe: "CWE-798",
-      fix: "Use environment variables"
-    }
-  },
-  {
-    pattern: 'api_key = "',
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded API key",
-      cwe: "CWE-798",
-      fix: "Use environment variables"
-    }
-  },
-  {
-    pattern: "apiKey: '",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded API key in config",
-      cwe: "CWE-798",
-      fix: "Use environment variables"
-    }
-  },
-  {
-    pattern: 'apiKey: "',
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded API key in config",
-      cwe: "CWE-798",
-      fix: "Use environment variables"
-    }
-  },
-  {
-    pattern: "secret = '",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded secret",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: 'secret = "',
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "Hardcoded secret",
-      cwe: "CWE-798",
-      fix: "Use environment variables or secret management"
-    }
-  },
-  {
-    pattern: "AWS_SECRET_ACCESS_KEY=",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "secrets",
-      description: "AWS secret key assignment",
-      cwe: "CWE-798",
-      fix: "Use IAM roles or AWS Secrets Manager"
-    }
-  },
-  {
-    pattern: "'Bearer ",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "secrets",
-      description: "Hardcoded bearer token in string",
-      cwe: "CWE-798",
-      fix: "Use environment variables for tokens"
-    }
-  },
-  {
-    pattern: '"Bearer ',
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "secrets",
-      description: "Hardcoded bearer token in string",
-      cwe: "CWE-798",
-      fix: "Use environment variables for tokens"
-    }
-  },
-  // ============================================
-  // SERIOUS: Authentication issues
-  // ============================================
-  {
-    pattern: "password ==",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "auth",
-      description: "Plain text password comparison",
-      cwe: "CWE-256",
-      fix: "Use bcrypt.compare() or similar secure comparison"
-    }
-  },
-  {
-    pattern: "password ===",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "auth",
-      description: "Plain text password comparison",
-      cwe: "CWE-256",
-      fix: "Use bcrypt.compare() or similar secure comparison"
-    }
-  },
-  {
-    pattern: "MD5(",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "crypto",
-      description: "MD5 is cryptographically broken",
-      cwe: "CWE-328",
-      fix: "Use SHA-256 or bcrypt for passwords"
-    }
-  },
-  {
-    pattern: "md5(",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "crypto",
-      description: "MD5 is cryptographically broken",
-      cwe: "CWE-328",
-      fix: "Use SHA-256 or bcrypt for passwords"
-    }
-  },
-  {
-    pattern: "SHA1(",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "crypto",
-      description: "SHA1 is deprecated for security use",
-      cwe: "CWE-328",
-      fix: "Use SHA-256 or stronger"
-    }
-  },
-  {
-    pattern: "sha1(",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "crypto",
-      description: "SHA1 is deprecated for security use",
-      cwe: "CWE-328",
-      fix: "Use SHA-256 or stronger"
-    }
-  },
-  {
-    pattern: "Math.random()",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "crypto",
-      description: "Math.random() is not cryptographically secure",
-      cwe: "CWE-338",
-      fix: "Use crypto.randomBytes() or crypto.getRandomValues()"
-    }
-  },
-  // ============================================
-  // SERIOUS: Insecure configurations
-  // ============================================
-  {
-    pattern: "cors: true",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "config",
-      description: "CORS enabled - verify origin restrictions",
-      cwe: "CWE-942",
-      fix: "Specify allowed origins explicitly"
-    }
-  },
-  {
-    pattern: "origin: '*'",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "config",
-      description: "CORS allows all origins",
-      cwe: "CWE-942",
-      fix: "Restrict to specific trusted origins"
-    }
-  },
-  {
-    pattern: 'origin: "*"',
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "config",
-      description: "CORS allows all origins",
-      cwe: "CWE-942",
-      fix: "Restrict to specific trusted origins"
-    }
-  },
-  {
-    pattern: "secure: false",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "config",
-      description: "Insecure cookie/connection setting",
-      cwe: "CWE-614",
-      fix: "Set secure: true in production"
-    }
-  },
-  {
-    pattern: "httpOnly: false",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "config",
-      description: "Cookie accessible to JavaScript",
-      cwe: "CWE-1004",
-      fix: "Set httpOnly: true to prevent XSS cookie theft"
-    }
-  },
-  {
-    pattern: "rejectUnauthorized: false",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "config",
-      description: "TLS certificate validation disabled",
-      cwe: "CWE-295",
-      fix: "Enable certificate validation in production"
-    }
-  },
-  {
-    pattern: "NODE_TLS_REJECT_UNAUTHORIZED",
-    metadata: {
-      type: "vulnerability",
-      severity: "critical",
-      category: "config",
-      description: "TLS validation may be disabled",
-      cwe: "CWE-295",
-      fix: "Never disable TLS validation in production"
-    }
-  },
-  // ============================================
-  // MODERATE: Common bugs and issues
-  // ============================================
-  {
-    pattern: ".forEach(async",
-    metadata: {
-      type: "vulnerability",
-      severity: "serious",
-      category: "async",
-      description: "async forEach does not await - unexpected behavior",
-      cwe: "CWE-703",
-      fix: "Use for...of loop or Promise.all(arr.map())"
-    }
-  },
-  {
-    pattern: "JSON.parse(",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "error-handling",
-      description: "JSON.parse can throw - needs try/catch",
-      cwe: "CWE-755",
-      fix: "Wrap in try/catch block"
-    }
-  },
-  {
-    pattern: "atob(",
-    metadata: {
-      type: "vulnerability",
-      severity: "low",
-      category: "encoding",
-      description: "atob can throw on invalid input",
-      cwe: "CWE-755",
-      fix: "Wrap in try/catch and validate input"
-    }
-  },
-  // ============================================
-  // Privacy & Compliance patterns
-  // ============================================
-  {
-    pattern: "console.log(",
-    metadata: {
-      type: "vulnerability",
-      severity: "low",
-      category: "logging",
-      description: "Console logging - may leak sensitive data",
-      cwe: "CWE-532",
-      fix: "Remove or replace with proper logging in production"
-    }
-  },
-  {
-    pattern: "localStorage.setItem",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "storage",
-      description: "localStorage is accessible to XSS attacks",
-      cwe: "CWE-922",
-      fix: "Avoid storing sensitive data in localStorage"
-    }
-  },
-  {
-    pattern: "sessionStorage.setItem",
-    metadata: {
-      type: "vulnerability",
-      severity: "moderate",
-      category: "storage",
-      description: "sessionStorage is accessible to XSS attacks",
-      cwe: "CWE-922",
-      fix: "Avoid storing sensitive data in sessionStorage"
-    }
-  }
-];
-var vulnerabilityTrie = null;
-function getVulnerabilityTrie() {
-  if (!vulnerabilityTrie) {
-    vulnerabilityTrie = new AhoCorasick();
-    for (const { pattern, metadata } of VULNERABILITY_PATTERNS) {
-      vulnerabilityTrie.addPattern(pattern, metadata, metadata);
-    }
-    vulnerabilityTrie.build();
-    if (!isInteractiveMode()) {
-      console.error(`   Loaded ${VULNERABILITY_PATTERNS.length} vulnerability signatures into trie`);
-    }
-  }
-  return vulnerabilityTrie;
-}
-function scanForVulnerabilities(code, filePath) {
-  if (shouldAlwaysExcludeFile(filePath)) {
-    return [];
-  }
-  const trie = getVulnerabilityTrie();
-  const rawMatches = trie.search(code);
-  const lines = code.split("\n");
-  const matches = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const match of rawMatches) {
-    const key = `${match.line}:${match.pattern}`;
-    if (seen.has(key)) continue;
-    seen.add(key);
-    const meta = match.metadata;
-    if (shouldExcludeFile(filePath, meta.category || "")) continue;
-    if (isFalsePositive(code, match, filePath, lines)) continue;
-    const vulnMatch = {
-      pattern: match.pattern,
-      line: match.line,
-      column: match.column,
-      severity: meta.severity,
-      category: meta.category || "unknown",
-      description: meta.description || "",
-      fix: meta.fix || ""
-    };
-    if (meta.cwe !== void 0) {
-      vulnMatch.cwe = meta.cwe;
-    }
-    matches.push(vulnMatch);
-  }
-  return matches;
-}
-function getSurroundingLines(lines, lineNum, range = 3) {
-  const start = Math.max(0, lineNum - range - 1);
-  const end = Math.min(lines.length, lineNum + range);
-  return lines.slice(start, end);
-}
-function isFalsePositive(_code, match, filePath, lines) {
-  const line = lines[match.line - 1] || "";
-  const trimmedLine = line.trim();
-  const pattern = match.pattern;
-  const category = match.metadata?.category || "";
-  if (filePath.includes("signature") || filePath.includes("patterns") || filePath.includes("rules")) {
-    if (/pattern\s*[:=]/.test(line)) {
-      return true;
-    }
-  }
-  if (/^\s*(pattern|regex|rule|signature)\s*[:=]/.test(trimmedLine)) {
-    return true;
-  }
-  if (isTestFile(filePath)) {
-    if (category === "secrets") {
-      if (/test|mock|fake|dummy|example|fixture|sample|placeholder/i.test(line)) {
-        return true;
-      }
-      if (/'[a-z_]*password[a-z_0-9]*'|"[a-z_]*password[a-z_0-9]*"|'[a-z_]*secret[a-z_0-9]*'|"[a-z_]*secret[a-z_0-9]*"/i.test(line)) {
-        return true;
-      }
-      if (/sk-[a-z0-9]{10,20}"|'sk-[a-z0-9]{10,20}'|api[_-]?key.*['"][a-z0-9_-]{5,30}['"]/i.test(line)) {
-        return true;
-      }
-    }
-    return true;
-  }
-  if (trimmedLine.startsWith("//") || trimmedLine.startsWith("*") || trimmedLine.startsWith("/*") || trimmedLine.startsWith("#") || trimmedLine.startsWith("<!--")) {
-    return true;
-  }
-  if (/^\s*\*\s/.test(line) || /@(param|returns|example|description|see|link)/i.test(line)) {
-    return true;
-  }
-  if (/^\s*(description|fix|message|help|hint|reason|why)\s*[:=]/.test(trimmedLine)) {
-    return true;
-  }
-  if (/^\s*(interface|type|export\s+interface|export\s+type)\s/.test(line)) {
-    return true;
-  }
-  if (/:\s*(string|number|boolean|any|unknown|null|undefined|void)\s*(;|,|\)|$)/.test(line)) {
-    return true;
-  }
-  if (/^\s*\w+\s*\??\s*:\s*(string|number|boolean|any)/.test(trimmedLine)) {
-    return true;
-  }
-  if (/process\.env|import\.meta\.env|getenv|os\.environ|Deno\.env|\.env\.|config\.\w+|settings\.\w+/.test(line)) {
-    return true;
-  }
-  if (filePath.endsWith("package-lock.json") || filePath.endsWith("yarn.lock") || filePath.endsWith("pnpm-lock.yaml") || filePath.includes("node_modules/")) {
-    return true;
-  }
-  if (/^\s*(severity|category|type|level|priority|cwe|owasp)\s*:\s*['"]/.test(trimmedLine)) {
-    return true;
-  }
-  if (category === "sql-injection") {
-    const surroundingLines = getSurroundingLines(lines, match.line);
-    if (!isInSQLContext(line, surroundingLines)) {
-      return true;
-    }
-  }
-  if (category === "secrets" || category === "auth") {
-    if (/\(\s*[^)]*\w+\s*:\s*(string|any)/.test(line)) {
-      return true;
-    }
-    if (/\{\s*\w*password\w*\s*(,|\}|:)/.test(line) && !/'|"|`/.test(line.split(/password/i)[1] || "")) {
-      return true;
-    }
-    if (/=\s*(process\.env|config\.|options\.|settings\.|env\.)/.test(line)) {
-      return true;
-    }
-    if (/password\s*[=:](?!\s*['"`])/.test(line)) {
-      return true;
-    }
-    if (/password\s*=\s*\w+(\.|$)/.test(line) && !/'|"|`/.test(line)) {
-      return true;
-    }
-    if (/error|message|log|warn|info|debug|throw|new Error/i.test(line)) {
-      return true;
-    }
-    if (/regex|RegExp|\/.*password.*\//i.test(line)) {
-      return true;
-    }
-  }
-  if (category === "logging") {
-    if (pattern === "console.error(" || pattern === "console.warn(") {
-      return true;
-    }
-    if (/catch|error|err\b/.test(line)) {
-      return true;
-    }
-  }
-  if (category === "config") {
-    if (/secure:\s*true/.test(line) || /httpOnly:\s*true/.test(line)) {
-      return true;
-    }
-    if (/NODE_ENV|process\.env|production|development/.test(line)) {
-      return true;
-    }
-    if (/if\s*\(|ternary|\?.*:/.test(line)) {
-      return true;
-    }
-  }
-  if (category === "crypto") {
-    if (/checksum|hash.*file|etag|cache.*key|fingerprint|integrity|content.*hash/i.test(line)) {
-      return true;
-    }
-    if (pattern === "Math.random()") {
-      if (!/token|secret|password|key|auth|session|csrf|nonce/i.test(line)) {
-        return true;
-      }
-    }
-  }
-  if (category === "async") {
-    if (/\/\/.*intentional|\/\/.*fire.?and.?forget|\/\/.*parallel/i.test(line)) {
-      return true;
-    }
-  }
-  if (/password.*length|validate.*password|check.*password|verify.*password|is.*valid/i.test(line)) {
-    return true;
-  }
-  if (/bcrypt|argon|scrypt|pbkdf|compare.*hash|hash.*compare|verify.*hash/i.test(line)) {
-    return true;
-  }
-  if (/z\.|yup\.|joi\.|schema|validation|validator/i.test(line)) {
-    return true;
-  }
-  if (/^\s*(import|require|from)\s/.test(trimmedLine)) {
-    return true;
-  }
-  if (/example|demo|sample|tutorial|readme/i.test(filePath)) {
-    return true;
-  }
-  return false;
-}
-function isTestFile(filePath) {
-  return /\.(test|spec)\.[jt]sx?$/.test(filePath) || /__tests__\//.test(filePath) || /test\//.test(filePath) || /tests\//.test(filePath) || /\.stories\.[jt]sx?$/.test(filePath);
-}
-function getVulnerabilityStats() {
-  const byCategory = {};
-  const bySeverity = {};
-  for (const { metadata } of VULNERABILITY_PATTERNS) {
-    const cat = metadata.category || "unknown";
-    const sev = metadata.severity || "unknown";
-    byCategory[cat] = (byCategory[cat] || 0) + 1;
-    bySeverity[sev] = (bySeverity[sev] || 0) + 1;
-  }
-  return {
-    total: VULNERABILITY_PATTERNS.length,
-    byCategory,
-    bySeverity
-  };
-}
-export {
-  getVulnerabilityStats,
-  getVulnerabilityTrie,
-  scanForVulnerabilities,
-  shouldAlwaysExcludeFile,
-  shouldExcludeFile
-};
-//# sourceMappingURL=vulnerability-signatures-2URZSXAQ.js.map