npm - @vaultcompass/vault-guard-core - Versions diffs - 1.0.0 - Mend

@vaultcompass/vault-guard-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/LICENSE +21 -0
package/dist/baseline.d.ts +24 -0
package/dist/baseline.d.ts.map +1 -0
package/dist/baseline.js +87 -0
package/dist/baseline.js.map +1 -0
package/dist/config-validate.d.ts +13 -0
package/dist/config-validate.d.ts.map +1 -0
package/dist/config-validate.js +111 -0
package/dist/config-validate.js.map +1 -0
package/dist/config.d.ts +69 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +106 -0
package/dist/config.js.map +1 -0
package/dist/diagnostics.d.ts +64 -0
package/dist/diagnostics.d.ts.map +1 -0
package/dist/diagnostics.js +59 -0
package/dist/diagnostics.js.map +1 -0
package/dist/errors.d.ts +63 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +98 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +53 -0
package/dist/index.js.map +1 -0
package/dist/match-fingerprint.d.ts +7 -0
package/dist/match-fingerprint.d.ts.map +1 -0
package/dist/match-fingerprint.js +28 -0
package/dist/match-fingerprint.js.map +1 -0
package/dist/scan-output.d.ts +65 -0
package/dist/scan-output.d.ts.map +1 -0
package/dist/scan-output.js +140 -0
package/dist/scan-output.js.map +1 -0
package/dist/scanners/index.d.ts +5 -0
package/dist/scanners/index.d.ts.map +1 -0
package/dist/scanners/index.js +21 -0
package/dist/scanners/index.js.map +1 -0
package/dist/scanners/pre-commit-hook.d.ts +41 -0
package/dist/scanners/pre-commit-hook.d.ts.map +1 -0
package/dist/scanners/pre-commit-hook.js +389 -0
package/dist/scanners/pre-commit-hook.js.map +1 -0
package/dist/scanners/secret-scanner.d.ts +99 -0
package/dist/scanners/secret-scanner.d.ts.map +1 -0
package/dist/scanners/secret-scanner.js +422 -0
package/dist/scanners/secret-scanner.js.map +1 -0
package/dist/scanners/token-counter.d.ts +27 -0
package/dist/scanners/token-counter.d.ts.map +1 -0
package/dist/scanners/token-counter.js +121 -0
package/dist/scanners/token-counter.js.map +1 -0
package/dist/types.d.ts +36 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +3 -0
package/dist/types.js.map +1 -0
package/dist/utils/entropy.d.ts +17 -0
package/dist/utils/entropy.d.ts.map +1 -0
package/dist/utils/entropy.js +35 -0
package/dist/utils/entropy.js.map +1 -0
package/dist/utils/file-utils.d.ts +39 -0
package/dist/utils/file-utils.d.ts.map +1 -0
package/dist/utils/file-utils.js +442 -0
package/dist/utils/file-utils.js.map +1 -0
package/dist/utils/git-utils.d.ts +12 -0
package/dist/utils/git-utils.d.ts.map +1 -0
package/dist/utils/git-utils.js +55 -0
package/dist/utils/git-utils.js.map +1 -0
package/dist/utils/path-severity.d.ts +17 -0
package/dist/utils/path-severity.d.ts.map +1 -0
package/dist/utils/path-severity.js +96 -0
package/dist/utils/path-severity.js.map +1 -0
package/dist/utils/placeholder.d.ts +53 -0
package/dist/utils/placeholder.d.ts.map +1 -0
package/dist/utils/placeholder.js +198 -0
package/dist/utils/placeholder.js.map +1 -0
package/dist/utils/regex-safety.d.ts +102 -0
package/dist/utils/regex-safety.d.ts.map +1 -0
package/dist/utils/regex-safety.js +193 -0
package/dist/utils/regex-safety.js.map +1 -0
package/dist/utils/scan-file.d.ts +29 -0
package/dist/utils/scan-file.d.ts.map +1 -0
package/dist/utils/scan-file.js +125 -0
package/dist/utils/scan-file.js.map +1 -0
package/package.json +51 -0

package/dist/scanners/secret-scanner.js ADDED Viewed

@@ -0,0 +1,422 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretScanner = void 0;
+exports.getBuiltinPatternDocEntries = getBuiltinPatternDocEntries;
+const fs_1 = __importDefault(require("fs"));
+const entropy_1 = require("../utils/entropy");
+const placeholder_1 = require("../utils/placeholder");
+const path_severity_1 = require("../utils/path-severity");
+const regex_safety_1 = require("../utils/regex-safety");
+/**
+ * Vendor-specific patterns anchored to known prefixes / structures.
+ *
+ * Deliberately NOT included (too broad / not actual secrets):
+ *   - cohere            (`[a-zA-Z0-9]{40}`)   — matches git SHAs, MD5s, …
+ *   - aws-secret        (`[a-zA-Z0-9/+]{40}`) — matches any base-64-ish string
+ *   - circleci-token    (`[a-zA-Z0-9_-]{40}`) — identical problem
+ *   - jenkins-token     (`[a-zA-Z0-9]{32}`)   — matches MD5 hashes
+ *   - kubernetes-token  (JWT)                 — merged into jwt-token
+ *   - elasticsearch-url (`https://u:p@h:n`)   — matches any auth URL
+ *   - ssh-rsa-public    / ssh-ed25519-public  — public keys are NOT secrets
+ *   - google-analytics  / google-analytics-4  — publishable measurement IDs
+ *   - twilio-account    (AC…)                 — public Account SID, not secret
+ *
+ * AWS secret access key is retained as a context-anchored pattern only.
+ */
+const BUILTIN_PATTERNS = new Map([
+    // --- AI / ML providers ---
+    ['anthropic', { regex: /sk-ant-[a-zA-Z0-9_-]{20,}/g, severity: 'critical' }],
+    ['openai', { regex: /sk-[a-zA-Z0-9]{48}/g, severity: 'critical' }],
+    ['openai-project', { regex: /sk-proj-[a-zA-Z0-9_-]{48,}/g, severity: 'critical' }],
+    ['huggingface', { regex: /hf_[a-zA-Z0-9]{34,}/g, severity: 'critical' }],
+    ['replicate', { regex: /r8_[a-zA-Z0-9]{32}/g, severity: 'critical' }],
+    // --- Payment processors ---
+    ['stripe', { regex: /sk_live_[a-zA-Z0-9]{24,}/g, severity: 'critical' }],
+    ['stripe-test', { regex: /sk_test_[a-zA-Z0-9]{24,}/g, severity: 'high' }],
+    ['paypal', { regex: /access_token\$production\$[a-zA-Z0-9]{20,}/g, severity: 'critical' }],
+    // --- Cloud providers ---
+    ['aws-access', { regex: /AKIA[0-9A-Z]{16}/g, severity: 'critical' }],
+    // Context-anchored AWS secret: only flags values that appear on the same
+    // line as the canonical env-var / config-key name.
+    ['aws-secret-context', { regex: /(?:aws_secret_access_key|AWS_SECRET_ACCESS_KEY)\s*[=:]\s*["']?([a-zA-Z0-9/+]{40})/gi, severity: 'critical' }],
+    ['gcp-service-account', { regex: /"type":\s*"service_account"/g, severity: 'critical' }],
+    ['gcp-api-key', { regex: /AIza[a-zA-Z0-9_-]{35}/g, severity: 'critical' }],
+    ['gcp-oauth', { regex: /[0-9]+-[a-zA-Z0-9_]{32}\.apps\.googleusercontent\.com/g, severity: 'critical' }],
+    ['azure-storage', { regex: /DefaultEndpointsProtocol=https;AccountName=[^;]+;AccountKey=[A-Za-z0-9+/=]{20,}/g, severity: 'critical' }],
+    // --- Database connection strings ---
+    ['postgresql-url', { regex: /postgres(?:ql)?:\/\/[^:@\s]+:[^@\s]+@[^:\s/]+(?::\d+)?\/\S+/g, severity: 'critical', connectionString: true }],
+    ['mysql-url', { regex: /mysql:\/\/[^:@\s]+:[^@\s]+@[^:\s/]+(?::\d+)?\/\S+/g, severity: 'critical', connectionString: true }],
+    ['mongodb-url', { regex: /mongodb(?:\+srv)?:\/\/[^:@\s]+:[^@\s]+@[^:\s/]+(?::\d+)?/g, severity: 'critical', connectionString: true }],
+    ['redis-url', { regex: /rediss?:\/\/[^:@\s]+:[^@\s]+@[^:\s/]+(?::\d+)/g, severity: 'critical', connectionString: true }],
+    // --- Source control tokens ---
+    ['github-token', { regex: /gh[pousor]_[a-zA-Z0-9]{36}/g, severity: 'critical' }],
+    ['github-pat', { regex: /github_pat_[a-zA-Z0-9_]{82}/g, severity: 'critical' }],
+    ['gitlab-token', { regex: /glpat-[a-zA-Z0-9_-]{20}/g, severity: 'critical' }],
+    ['bitbucket-token', { regex: /BBDC-[a-zA-Z0-9_-]{40}/g, severity: 'critical' }],
+    // --- Communication platforms ---
+    ['slack-webhook', { regex: /hooks\.slack\.com\/services\/[A-Z0-9]{9,}\/[A-Z0-9]{9,}\/[a-zA-Z0-9]{20,}/g, severity: 'critical' }],
+    ['slack-token', { regex: /xox[baprs]-[a-zA-Z0-9-]{10,}/g, severity: 'critical' }],
+    ['discord-webhook', { regex: /discord\.com\/api\/webhooks\/[0-9]{17,20}\/[a-zA-Z0-9_-]{60,}/g, severity: 'critical' }],
+    // --- Email / messaging services ---
+    ['sendgrid-api', { regex: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g, severity: 'critical' }],
+    ['resend-api', { regex: /re_[a-zA-Z0-9]{32,}/g, severity: 'critical' }],
+    ['mailgun-api', { regex: /key-[a-zA-Z0-9]{32}/g, severity: 'critical', minEntropy: 3.5 }],
+    // --- Package managers ---
+    ['npm-token', { regex: /npm_[a-zA-Z0-9]{36}/g, severity: 'critical' }],
+    // --- Monitoring ---
+    ['newrelic-api', { regex: /NRAK-[a-zA-Z0-9]{26}/g, severity: 'critical' }],
+    // --- E-commerce ---
+    ['shopify-admin', { regex: /shp(?:ss|at|ca)_[a-zA-Z0-9]{32}/g, severity: 'critical' }],
+    // --- Keys and auth tokens ---
+    ['ssh-private-key', { regex: /-----BEGIN [A-Z ]+ PRIVATE KEY-----/g, severity: 'critical' }],
+    ['jwt-token', { regex: /eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g, severity: 'high' }],
+    // Generic patterns — entropy-gated AND placeholder-filtered (aggressive) to
+    // suppress false positives on documentation samples and unit-test fixtures.
+    ['bearer-token', { regex: /Bearer [a-zA-Z0-9_-]{20,}/g, severity: 'high', minEntropy: 3.5, aggressivePlaceholder: true }],
+    ['api-key-generic', { regex: /api[_-]?key["']?\s*[:=]\s*["']?([a-zA-Z0-9_-]{20,})/gi, severity: 'high', minEntropy: 3.5, aggressivePlaceholder: true }],
+    ['secret-generic', { regex: /secret["']?\s*[:=]\s*["']?([a-zA-Z0-9_-]{20,})/gi, severity: 'high', minEntropy: 3.5, aggressivePlaceholder: true }],
+    // Negative lookbehind prevents matching when `password` is a suffix of a
+    // compound identifier (e.g. `email-reset-password`, `changePassword`).
+    // Only standalone assignments trigger — `password =`, `password:`, etc.
+    ['password-in-code', { regex: /(?<![a-zA-Z0-9_-])password["']?\s*[:=]\s*["']([a-zA-Z0-9_\-!@#$%^&*]{12,})/gi, severity: 'high', minEntropy: 3.2, aggressivePlaceholder: true }],
+]);
+/**
+ * Low-precision generic assignment patterns (`<key> = <value>`) whose captured
+ * value may be an unquoted code identifier rather than a literal secret. Only
+ * these are subject to the function-call suppression heuristic; vendor- and
+ * context-anchored detectors are deliberately excluded.
+ */
+const GENERIC_ASSIGNMENT_IDS = new Set(['secret-generic', 'api-key-generic', 'password-in-code']);
+/** Stable insertion order of {@link BUILTIN_PATTERNS}. */
+function getBuiltinPatternDocEntries() {
+    return [...BUILTIN_PATTERNS.entries()].map(([id, entry]) => ({
+        id,
+        severity: entry.severity,
+        ...(entry.minEntropy !== undefined ? { minEntropy: entry.minEntropy } : {}),
+        regexSource: entry.regex.source,
+        regexFlags: entry.regex.flags,
+    }));
+}
+// ---------------------------------------------------------------------------
+// Severity ranking (higher = worse)
+// ---------------------------------------------------------------------------
+const SEVERITY_RANK = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+};
+// ---------------------------------------------------------------------------
+// SecretScanner
+// ---------------------------------------------------------------------------
+class SecretScanner {
+    patterns;
+    entropyThreshold;
+    constructor(config) {
+        this.entropyThreshold = config?.entropy_threshold ?? entropy_1.DEFAULT_ENTROPY_THRESHOLD;
+        // Start from a mutable copy of the built-ins.
+        this.patterns = new Map([...BUILTIN_PATTERNS].map(([k, v]) => [k, { ...v, regex: new RegExp(v.regex.source, v.regex.flags) }]));
+        // Apply severity overrides / "off" switches.
+        if (config?.severity_overrides) {
+            for (const [id, override] of Object.entries(config.severity_overrides)) {
+                if (override === 'off') {
+                    this.patterns.delete(id);
+                }
+                else {
+                    const entry = this.patterns.get(id);
+                    if (entry) {
+                        this.patterns.set(id, { ...entry, severity: override });
+                    }
+                }
+            }
+        }
+        // Compile and append extra patterns from config.
+        //
+        // Security policy: every user-supplied regex passes through
+        // `validateRegexSafety` (heuristic ReDoS check). Patterns that fail are
+        // **not** silently skipped — that is exactly the behaviour the audit
+        // flagged (Audit §14: silent error swallows). They are reported via
+        // `extraPatternRejections` for the caller (CLI / MCP) to surface to the
+        // user, then dropped.
+        //
+        // `extra_patterns_unsafe: true` opts out of the heuristic, but the length
+        // cap still runs as a memory-use backstop.
+        if (config?.extra_patterns) {
+            const unsafe = config.extra_patterns_unsafe === true;
+            for (const ep of config.extra_patterns) {
+                const lengthCheck = (0, regex_safety_1.validateRegexLength)(ep.regex);
+                if (!lengthCheck.ok) {
+                    this.extraPatternRejections.push({
+                        id: ep.id,
+                        reason: lengthCheck.reason ?? 'too_long',
+                        detail: lengthCheck.detail ?? 'pattern exceeds length cap',
+                    });
+                    continue;
+                }
+                if (!unsafe) {
+                    const safety = (0, regex_safety_1.validateRegexSafety)(ep.regex);
+                    if (!safety.ok) {
+                        this.extraPatternRejections.push({
+                            id: ep.id,
+                            reason: safety.reason ?? 'invalid_syntax',
+                            detail: safety.detail ?? 'pattern failed ReDoS safety check',
+                        });
+                        continue;
+                    }
+                }
+                try {
+                    this.patterns.set(ep.id, {
+                        regex: new RegExp(ep.regex, 'g'),
+                        severity: ep.severity,
+                        ...(ep.min_entropy !== undefined ? { minEntropy: ep.min_entropy } : {}),
+                    });
+                }
+                catch (e) {
+                    this.extraPatternRejections.push({
+                        id: ep.id,
+                        reason: 'invalid_syntax',
+                        detail: e instanceof Error ? e.message : String(e),
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Rejected `extra_patterns` from the most recent constructor call.
+     *
+     * Callers should surface these to the user (stderr today, structured
+     * `diagnostics[]` channel post Phase 2.2). A non-empty list means the
+     * user's `.vault-guard.json` declared rules that are not active.
+     */
+    extraPatternRejections = [];
+    /** Number of built-in + extra patterns active after config (severity "off" removes rules). */
+    getActivePatternCount() {
+        return this.patterns.size;
+    }
+    /**
+     * Scan a file and return deduplicated, ignore-directive-filtered matches.
+     */
+    scan(filePath) {
+        if (!fs_1.default.existsSync(filePath))
+            return [];
+        const content = fs_1.default.readFileSync(filePath, 'utf-8');
+        // Path-aware severity is applied here (not in scanContent) because it needs
+        // the file path. scanContent callers that know the path (scanTextFile*)
+        // apply it themselves, so this does not double-apply.
+        return (0, path_severity_1.applyPathAwareSeverity)(this.scanContent(content), filePath);
+    }
+    /**
+     * Scan arbitrary UTF-8 text (editor buffer, pasted snippet, MCP payload).
+     * Line numbers and byte offsets are relative to this string.
+     *
+     * Each call uses fresh `RegExp` instances so overlapping `scanContent` work
+     * (e.g. after an `await` in a concurrent worker pool) cannot corrupt
+     * `lastIndex` on shared patterns.
+     */
+    scanContent(content) {
+        const lineIndex = this.buildLineIndex(content);
+        const ignoredLines = this.parseIgnoreDirectives(content, lineIndex);
+        const raw = [];
+        // Fresh `RegExp` per invocation so concurrent or interleaved `scanContent`
+        // calls (e.g. across `await` in a worker pool) never share `lastIndex`.
+        const patternsForRun = new Map();
+        for (const [k, v] of this.patterns) {
+            patternsForRun.set(k, {
+                ...v,
+                regex: new RegExp(v.regex.source, v.regex.flags),
+            });
+        }
+        for (const [type, entry] of patternsForRun) {
+            const { regex, severity, minEntropy, aggressivePlaceholder, connectionString } = entry;
+            regex.lastIndex = 0;
+            let match;
+            while ((match = regex.exec(content)) !== null) {
+                const rawValue = match[1] ?? match[0];
+                const fullMatch = match[0];
+                const threshold = minEntropy ?? (minEntropy === 0 ? 0 : undefined);
+                if (threshold !== undefined && (0, entropy_1.shannonEntropy)(rawValue) < threshold) {
+                    continue;
+                }
+                // Suppress documentation samples / test fixtures (e.g. AWS's
+                // `AKIAIOSFODNN7EXAMPLE`, `password: 'testPass1234'`). The aggressive
+                // tier only applies to the low-precision generic patterns.
+                if ((0, placeholder_1.isPlaceholderSecret)(rawValue, { aggressive: aggressivePlaceholder === true })) {
+                    continue;
+                }
+                // Suppress local/dev/example/placeholder connection strings — the
+                // dominant FP source on real repos (docker-compose, `.env.example`,
+                // test fixtures all carry `postgres://user:pass@localhost/db`).
+                if (connectionString === true && (0, placeholder_1.isNonSecretConnectionString)(fullMatch)) {
+                    continue;
+                }
+                // Suppress the ubiquitous jwt.io sample token (John Doe / sub 1234567890)
+                // that appears in API docs and tutorials everywhere.
+                if (type === 'jwt-token' && (0, placeholder_1.isSampleJwt)(fullMatch)) {
+                    continue;
+                }
+                // Suppress unquoted assignments whose "value" is actually a function
+                // call — e.g. `csrf_secret = _add_new_csrf_cookie(request)`. The value
+                // capture group stops at `(`, so a `(` immediately following the match
+                // means we captured a callee identifier, not a literal secret. Scoped to
+                // the low-precision generic assignment patterns only — vendor-anchored
+                // and context-anchored detectors (incl. critical `aws-secret-context`)
+                // are never weakened by this heuristic.
+                if (GENERIC_ASSIGNMENT_IDS.has(type) &&
+                    content[match.index + fullMatch.length] === '(') {
+                    continue;
+                }
+                const line = this.lineFromIndex(lineIndex, match.index);
+                if (ignoredLines.has(line))
+                    continue;
+                raw.push({
+                    type,
+                    value: this.maskValue(fullMatch),
+                    line,
+                    column: match.index,
+                    matchLength: fullMatch.length,
+                    severity,
+                });
+            }
+        }
+        return this.deduplicateMatches(raw);
+    }
+    /**
+     * Merge matches produced from chunked reads (e.g. line-by-line streaming)
+     * using the same overlap / severity rules as a full-file scan.
+     */
+    mergeChunkedMatches(matches) {
+        return this.deduplicateMatches(matches);
+    }
+    // ---------------------------------------------------------------------------
+    // Private helpers
+    // ---------------------------------------------------------------------------
+    /**
+     * Build an index of line-start byte offsets for O(log n) line lookup.
+     * Index position 0 = start of line 1.
+     */
+    buildLineIndex(content) {
+        const idx = [0];
+        for (let i = 0; i < content.length; i++) {
+            if (content[i] === '\n')
+                idx.push(i + 1);
+        }
+        return idx;
+    }
+    /** Binary-search the line index to return a 1-based line number. */
+    lineFromIndex(lineIndex, byteOffset) {
+        let lo = 0;
+        let hi = lineIndex.length - 1;
+        while (lo <= hi) {
+            const mid = (lo + hi) >>> 1;
+            if (lineIndex[mid] <= byteOffset)
+                lo = mid + 1;
+            else
+                hi = mid - 1;
+        }
+        return lo; // 1-based
+    }
+    /**
+     * Parse inline ignore directives from file content.
+     *
+     * Supported forms (case-insensitive):
+     *   `// vault-guard: ignore-line`        — ignores that line
+     *   `// vault-guard: ignore-next-line`   — ignores the following line
+     *   `# vault-guard: ignore-line`         — same, for shell/Python/YAML
+     *   `# vault-guard: ignore-next-line`
+     *
+     * Returns a Set of 1-based line numbers to ignore.
+     */
+    parseIgnoreDirectives(content, lineIndex) {
+        const ignored = new Set();
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const lineNum = i + 1; // 1-based
+            const lower = lines[i].toLowerCase();
+            if (lower.includes('vault-guard: ignore-line') || lower.includes('vault-guard:ignore-line')) {
+                ignored.add(lineNum);
+            }
+            if (lower.includes('vault-guard: ignore-next-line') || lower.includes('vault-guard:ignore-next-line')) {
+                ignored.add(lineNum + 1);
+            }
+        }
+        // lineIndex is available for future column-level ignore; unused here.
+        void lineIndex;
+        return ignored;
+    }
+    /**
+     * Deduplicate matches by overlapping byte ranges.
+     *
+     * When two matches cover the same (or overlapping) bytes in the file the
+     * more-specific (higher-severity or shorter) match is kept.  This prevents
+     * the same secret from being reported multiple times when several patterns
+     * overlap.
+     */
+    deduplicateMatches(matches) {
+        if (matches.length <= 1)
+            return matches;
+        // Sort by start offset so we can do a linear sweep.
+        const sorted = [...matches].sort((a, b) => a.column - b.column || a.line - b.line);
+        const kept = [];
+        for (const candidate of sorted) {
+            const cStart = candidate.column;
+            const cEnd = cStart + candidate.matchLength;
+            let dominated = false;
+            for (let i = kept.length - 1; i >= 0; i--) {
+                const existing = kept[i];
+                const eStart = existing.column;
+                const eEnd = eStart + existing.matchLength;
+                // No possible overlap once we've passed the candidate start by more
+                // than the max pattern length (optimisation — safe upper bound: 512).
+                if (eEnd < cStart - 512)
+                    break;
+                const overlaps = cStart < eEnd && eStart < cEnd;
+                if (!overlaps)
+                    continue;
+                const existingRank = SEVERITY_RANK[existing.severity];
+                const candidateRank = SEVERITY_RANK[candidate.severity];
+                if (candidateRank > existingRank) {
+                    // Candidate is more severe — replace existing.
+                    kept.splice(i, 1);
+                }
+                else {
+                    // Existing is at least as severe — drop candidate.
+                    dominated = true;
+                    break;
+                }
+            }
+            if (!dominated)
+                kept.push(candidate);
+        }
+        return kept;
+    }
+    /**
+     * Redact a matched secret to a low-information identifier.
+     *
+     * Format: `<prefix>…(<length>c)` — e.g. `sk-a…(37c)`.
+     *
+     * Why not show more characters?
+     *   - 4-char prefix is enough to identify vendor (sk-a, sk_l, ghp_, AKIA, …)
+     *     without leaking meaningful entropy of the underlying secret.
+     *   - The exact location is already in `line` / `column`, so users don't
+     *     need a longer fragment to find the match in source.
+     *   - Output of this tool is routinely pasted into PRs, Slack, terminals,
+     *     SARIF uploads, and GitHub Code Scanning — the surface area for
+     *     leakage is large, so we keep the redaction conservative.
+     *
+     * For values shorter than 6 chars (rare; broad patterns enforce ≥20)
+     * we redact entirely to `*…(<length>c)`.
+     */
+    maskValue(value) {
+        const PREFIX = 4;
+        const lengthTag = `(${value.length}c)`;
+        if (value.length < 6) {
+            return `*…${lengthTag}`;
+        }
+        return `${value.substring(0, PREFIX)}…${lengthTag}`;
+    }
+}
+exports.SecretScanner = SecretScanner;
+//# sourceMappingURL=secret-scanner.js.map

package/dist/scanners/secret-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secret-scanner.js","sourceRoot":"","sources":["../../src/scanners/secret-scanner.ts"],"names":[],"mappings":";;;;;;AAmJA,kEAQC;AA3JD,4CAAoB;AAGpB,8CAA6E;AAC7E,sDAAqG;AACrG,0DAAgE;AAChE,wDAG+B;AAgC/B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,gBAAgB,GAAsC,IAAI,GAAG,CAAC;IAClE,4BAA4B;IAC5B,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,4BAA4B,EAAqC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACpH,CAAC,QAAQ,EAAU,EAAE,KAAK,EAAE,qBAAqB,EAA6C,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,6BAA6B,EAAoC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACpH,CAAC,aAAa,EAAK,EAAE,KAAK,EAAE,sBAAsB,EAA4C,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,qBAAqB,EAA6C,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,6BAA6B;IAC7B,CAAC,QAAQ,EAAU,EAAE,KAAK,EAAE,2BAA2B,EAAuC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,aAAa,EAAK,EAAE,KAAK,EAAE,2BAA2B,EAAuC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACjH,CAAC,QAAQ,EAAU,EAAE,KAAK,EAAE,6CAA6C,EAAqB,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,0BAA0B;IAC1B,CAAC,YAAY,EAAW,EAAE,KAAK,EAAE,mBAAmB,EAA2C,QAAQ,EAAE,UAAU,EAAE,CAAC;IACtH,yEAAyE;IACzE,mDAAmD;IACnD,CAAC,oBAAoB,EAAG,EAAE,KAAK,EAAE,qFAAqF,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC/I,CAAC,qBAAqB,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAgC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACtH,CAAC,aAAa,EAAU,EAAE,KAAK,EAAE,wBAAwB,EAAqC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,WAAW,EAAY,EAAE,KAAK,EAAE,wDAAwD,EAAK,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,eAAe,EAAQ,EAAE,KAAK,EAAE,kFAAkF,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAE5I,sCAAsC;IACtC,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,8DAA8D,EAAG,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAC5I,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,oDAAoD,EAAc,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAC7I,CAAC,aAAa,EAAK,EAAE,KAAK,EAAE,2DAA2D,EAAO,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAC7I,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,gDAAgD,EAAkB,QAAQ,EAAE,UAAU,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAE7I,gCAAgC;IAChC,CAAC,cAAc,EAAI,EAAE,KAAK,EAAE,6BAA6B,EAAqC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,YAAY,EAAM,EAAE,KAAK,EAAE,8BAA8B,EAAoC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,cAAc,EAAI,EAAE,KAAK,EAAE,0BAA0B,EAAwC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,iBAAiB,EAAC,EAAE,KAAK,EAAE,yBAAyB,EAAyC,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,kCAAkC;IAClC,CAAC,eAAe,EAAG,EAAE,KAAK,EAAE,4EAA4E,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IACjI,CAAC,aAAa,EAAK,EAAE,KAAK,EAAE,+BAA+B,EAAmC,QAAQ,EAAE,UAAU,EAAE,CAAC;IACrH,CAAC,iBAAiB,EAAC,EAAE,KAAK,EAAE,gEAAgE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,qCAAqC;IACrC,CAAC,cAAc,EAAI,EAAE,KAAK,EAAE,2CAA2C,EAAsB,QAAQ,EAAE,UAAU,EAAE,CAAC;IACpH,CAAC,YAAY,EAAM,EAAE,KAAK,EAAE,sBAAsB,EAA6C,QAAQ,EAAE,UAAU,EAAE,CAAC;IACtH,CAAC,aAAa,EAAK,EAAE,KAAK,EAAE,sBAAsB,EAA6C,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;IAEvI,2BAA2B;IAC3B,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,sBAAsB,EAA6C,QAAQ,EAAE,UAAU,EAAE,CAAC;IAEtH,qBAAqB;IACrB,CAAC,cAAc,EAAI,EAAE,KAAK,EAAE,uBAAuB,EAA2C,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,qBAAqB;IACrB,CAAC,eAAe,EAAG,EAAE,KAAK,EAAE,kCAAkC,EAAgC,QAAQ,EAAE,UAAU,EAAE,CAAC;IAErH,+BAA+B;IAC/B,CAAC,iBAAiB,EAAC,EAAE,KAAK,EAAE,sCAAsC,EAA6B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACtH,CAAC,WAAW,EAAO,EAAE,KAAK,EAAE,oDAAoD,EAAa,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEhH,4EAA4E;IAC5E,4EAA4E;IAC5E,CAAC,cAAc,EAAI,EAAE,KAAK,EAAE,4BAA4B,EAAsC,QAAQ,EAAE,MAAM,EAAI,UAAU,EAAE,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;IACjK,CAAC,iBAAiB,EAAC,EAAE,KAAK,EAAE,uDAAuD,EAAU,QAAQ,EAAE,MAAM,EAAI,UAAU,EAAE,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;IAChK,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAgB,QAAQ,EAAE,MAAM,EAAI,UAAU,EAAE,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;IACjK,yEAAyE;IACzE,uEAAuE;IACvE,wEAAwE;IACxE,CAAC,kBAAkB,EAAC,EAAE,KAAK,EAAE,8EAA8E,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC;CAC/K,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,CAAC,CAAC,CAAC;AAclG,0DAA0D;AAC1D,SAAgB,2BAA2B;IACzC,OAAO,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,EAAE;QACF,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,WAAW,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;QAC/B,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK;KAC9B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAC9E,MAAM,aAAa,GAA4C;IAC7D,QAAQ,EAAE,CAAC;IACX,IAAI,EAAM,CAAC;IACX,MAAM,EAAI,CAAC;IACX,GAAG,EAAO,CAAC;CACZ,CAAC;AAEF,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAa,aAAa;IACP,QAAQ,CAA4B;IACpC,gBAAgB,CAAS;IAE1C,YAAY,MAAyB;QACnC,IAAI,CAAC,gBAAgB,GAAG,MAAM,EAAE,iBAAiB,IAAI,mCAAyB,CAAC;QAE/E,8CAA8C;QAC9C,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,CACrB,CAAC,GAAG,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CACvG,CAAC;QAEF,6CAA6C;QAC7C,IAAI,MAAM,EAAE,kBAAkB,EAAE,CAAC;YAC/B,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACvE,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;oBACvB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACN,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBACpC,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,EAAE;QACF,4DAA4D;QAC5D,wEAAwE;QACxE,qEAAqE;QACrE,oEAAoE;QACpE,wEAAwE;QACxE,sBAAsB;QACtB,EAAE;QACF,0EAA0E;QAC1E,2CAA2C;QAC3C,IAAI,MAAM,EAAE,cAAc,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,KAAK,IAAI,CAAC;YAErD,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBACvC,MAAM,WAAW,GAAG,IAAA,kCAAmB,EAAC,EAAE,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;oBACpB,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC;wBAC/B,EAAE,EAAE,EAAE,CAAC,EAAE;wBACT,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,UAAU;wBACxC,MAAM,EAAE,WAAW,CAAC,MAAM,IAAI,4BAA4B;qBAC3D,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,MAAM,GAAG,IAAA,kCAAmB,EAAC,EAAE,CAAC,KAAK,CAAC,CAAC;oBAC7C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;wBACf,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC;4BAC/B,EAAE,EAAE,EAAE,CAAC,EAAE;4BACT,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,gBAAgB;4BACzC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,mCAAmC;yBAC7D,CAAC,CAAC;wBACH,SAAS;oBACX,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC;oBACH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE;wBACvB,KAAK,EAAE,IAAI,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC;wBAChC,QAAQ,EAAE,EAAE,CAAC,QAAQ;wBACrB,GAAG,CAAC,EAAE,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBACxE,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC;wBAC/B,EAAE,EAAE,EAAE,CAAC,EAAE;wBACT,MAAM,EAAE,gBAAgB;wBACxB,MAAM,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;qBACnD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACM,sBAAsB,GAI1B,EAAE,CAAC;IAER,8FAA8F;IAC9F,qBAAqB;QACnB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,QAAgB;QACnB,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,4EAA4E;QAC5E,wEAAwE;QACxE,sDAAsD;QACtD,OAAO,IAAA,sCAAsB,EAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;IACrE,CAAC;IAED;;;;;;;OAOG;IACH,WAAW,CAAC,OAAe;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAkB,EAAE,CAAC;QAE9B,2EAA2E;QAC3E,wEAAwE;QACxE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAwB,CAAC;QACvD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnC,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE;gBACpB,GAAG,CAAC;gBACJ,KAAK,EAAE,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;YAC3C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,KAAK,CAAC;YACvF,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAEpB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAE3B,MAAM,SAAS,GAAG,UAAU,IAAI,CAAC,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBACnE,IAAI,SAAS,KAAK,SAAS,IAAI,IAAA,wBAAc,EAAC,QAAQ,CAAC,GAAG,SAAS,EAAE,CAAC;oBACpE,SAAS;gBACX,CAAC;gBAED,6DAA6D;gBAC7D,sEAAsE;gBACtE,2DAA2D;gBAC3D,IAAI,IAAA,iCAAmB,EAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,qBAAqB,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;oBAClF,SAAS;gBACX,CAAC;gBAED,kEAAkE;gBAClE,oEAAoE;gBACpE,gEAAgE;gBAChE,IAAI,gBAAgB,KAAK,IAAI,IAAI,IAAA,yCAA2B,EAAC,SAAS,CAAC,EAAE,CAAC;oBACxE,SAAS;gBACX,CAAC;gBAED,0EAA0E;gBAC1E,qDAAqD;gBACrD,IAAI,IAAI,KAAK,WAAW,IAAI,IAAA,yBAAW,EAAC,SAAS,CAAC,EAAE,CAAC;oBACnD,SAAS;gBACX,CAAC;gBAED,qEAAqE;gBACrE,uEAAuE;gBACvE,uEAAuE;gBACvE,yEAAyE;gBACzE,uEAAuE;gBACvE,uEAAuE;gBACvE,wCAAwC;gBACxC,IACE,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC;oBAChC,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,GAAG,EAC/C,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAExD,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAErC,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI;oBACJ,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;oBAChC,IAAI;oBACJ,MAAM,EAAE,KAAK,CAAC,KAAK;oBACnB,WAAW,EAAE,SAAS,CAAC,MAAM;oBAC7B,QAAQ;iBACT,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,mBAAmB,CAAC,OAAsB;QACxC,OAAO,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E;;;OAGG;IACK,cAAc,CAAC,OAAe;QACpC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,oEAAoE;IAC5D,aAAa,CAAC,SAAmB,EAAE,UAAkB;QAC3D,IAAI,EAAE,GAAG,CAAC,CAAC;QACX,IAAI,EAAE,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;YAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,UAAU;gBAAE,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC;;gBAC1C,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,EAAE,CAAC,CAAC,UAAU;IACvB,CAAC;IAED;;;;;;;;;;OAUG;IACK,qBAAqB,CAAC,OAAe,EAAE,SAAmB;QAChE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YACjC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAErC,IAAI,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBAC5F,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YACD,IAAI,KAAK,CAAC,QAAQ,CAAC,+BAA+B,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC,EAAE,CAAC;gBACtG,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,sEAAsE;QACtE,KAAK,SAAS,CAAC;QAEf,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CAAC,OAAsB;QAC/C,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC;YAAE,OAAO,OAAO,CAAC;QAExC,oDAAoD;QACpD,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QACnF,MAAM,IAAI,GAAkB,EAAE,CAAC;QAE/B,KAAK,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;YAChC,MAAM,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC;YAE5C,IAAI,SAAS,GAAG,KAAK,CAAC;YAEtB,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBACzB,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAC/B,MAAM,IAAI,GAAG,MAAM,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAE3C,oEAAoE;gBACpE,sEAAsE;gBACtE,IAAI,IAAI,GAAG,MAAM,GAAG,GAAG;oBAAE,MAAM;gBAE/B,MAAM,QAAQ,GAAG,MAAM,GAAG,IAAI,IAAI,MAAM,GAAG,IAAI,CAAC;gBAChD,IAAI,CAAC,QAAQ;oBAAE,SAAS;gBAExB,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACtD,MAAM,aAAa,GAAG,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAExD,IAAI,aAAa,GAAG,YAAY,EAAE,CAAC;oBACjC,+CAA+C;oBAC/C,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,mDAAmD;oBACnD,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS;gBAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACK,SAAS,CAAC,KAAa;QAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;QACjB,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,CAAC;QACD,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;IACtD,CAAC;CACF;AA1VD,sCA0VC"}

package/dist/scanners/token-counter.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { TokenReport } from '../types';
+export declare class TokenCounter {
+    private tokenRates;
+    /**
+     * Count tokens in a file (rough estimation)
+     * Real implementation would use tiktoken or similar
+     */
+    countTokensInFile(filePath: string): number;
+    /**
+     * Estimate token count from text with improved accuracy
+     * Accounts for code density, symbols, and whitespace
+     */
+    estimateTokens(text: string): number;
+    /**
+     * Calculate cost from token usage
+     */
+    calculateCost(provider: 'anthropic' | 'openai', inputTokens: number, outputTokens: number): number;
+    /**
+     * Generate token report for a directory
+     */
+    generateReport(directoryPath: string): TokenReport;
+    private getAllFiles;
+    private shouldIgnore;
+    private shouldIgnoreFile;
+    private getExtension;
+}
+//# sourceMappingURL=token-counter.d.ts.map

package/dist/scanners/token-counter.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-counter.d.ts","sourceRoot":"","sources":["../../src/scanners/token-counter.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,qBAAa,YAAY;IACvB,OAAO,CAAC,UAAU,CAShB;IAEF;;;OAGG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAS3C;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IA+BpC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,WAAW,GAAG,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM;IAOlG;;OAEG;IACH,cAAc,CAAC,aAAa,EAAE,MAAM,GAAG,WAAW;IAyBlD,OAAO,CAAC,WAAW;IAkBnB,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,gBAAgB;IAKxB,OAAO,CAAC,YAAY;CAIrB"}

package/dist/scanners/token-counter.js ADDED Viewed

@@ -0,0 +1,121 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenCounter = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+class TokenCounter {
+    tokenRates = {
+        anthropic: {
+            input: 3.0, // $3 per million tokens
+            output: 15.0 // $15 per million tokens
+        },
+        openai: {
+            input: 5.0,
+            output: 15.0
+        }
+    };
+    /**
+     * Count tokens in a file (rough estimation)
+     * Real implementation would use tiktoken or similar
+     */
+    countTokensInFile(filePath) {
+        if (!fs_1.default.existsSync(filePath)) {
+            return 0;
+        }
+        const content = fs_1.default.readFileSync(filePath, 'utf-8');
+        return this.estimateTokens(content);
+    }
+    /**
+     * Estimate token count from text with improved accuracy
+     * Accounts for code density, symbols, and whitespace
+     */
+    estimateTokens(text) {
+        if (!text || text.length === 0) {
+            return 0;
+        }
+        // Count whitespace-separated words
+        const words = text.split(/\s+/).filter(w => w.length > 0);
+        const wordCount = words.length;
+        // Count symbols and operators (more common in code)
+        const symbolMatches = text.match(/[{}[\]();,:.<>+\-*/%=|^&!~?]/g);
+        const symbolCount = symbolMatches ? symbolMatches.length : 0;
+        // Base estimate: words + symbols (rough approximation)
+        let tokenEstimate = wordCount + symbolCount;
+        // Adjust for code density (code typically has higher token/word ratio)
+        // If text has many symbols relative to words, it's likely code
+        const symbolToWordRatio = wordCount > 0 ? symbolCount / wordCount : 0;
+        if (symbolToWordRatio > 0.5) {
+            // Code-like content: increase estimate
+            tokenEstimate = Math.floor(tokenEstimate * 1.3);
+        }
+        else if (symbolToWordRatio < 0.1) {
+            // Natural language: decrease slightly (words are better tokens)
+            tokenEstimate = Math.floor(tokenEstimate * 0.9);
+        }
+        // Ensure minimum estimate
+        return Math.max(tokenEstimate, Math.ceil(text.length / 8));
+    }
+    /**
+     * Calculate cost from token usage
+     */
+    calculateCost(provider, inputTokens, outputTokens) {
+        const rates = this.tokenRates[provider];
+        const inputCost = (inputTokens / 1_000_000) * rates.input;
+        const outputCost = (outputTokens / 1_000_000) * rates.output;
+        return inputCost + outputCost;
+    }
+    /**
+     * Generate token report for a directory
+     */
+    generateReport(directoryPath) {
+        let totalTokens = 0;
+        const breakdown = {};
+        const files = this.getAllFiles(directoryPath);
+        for (const file of files) {
+            const tokens = this.countTokensInFile(file);
+            if (tokens > 0) {
+                const ext = this.getExtension(file);
+                breakdown[ext] = (breakdown[ext] || 0) + tokens;
+                totalTokens += tokens;
+            }
+        }
+        // Estimate cost (assuming Anthropic)
+        const estimatedCost = (totalTokens / 1_000_000) * 3.0;
+        return {
+            totalTokens,
+            estimatedCost,
+            breakdown
+        };
+    }
+    getAllFiles(dirPath) {
+        const files = [];
+        const items = fs_1.default.readdirSync(dirPath);
+        for (const item of items) {
+            const fullPath = path_1.default.join(dirPath, item);
+            const stat = fs_1.default.statSync(fullPath);
+            if (stat.isDirectory() && !this.shouldIgnore(item)) {
+                files.push(...this.getAllFiles(fullPath));
+            }
+            else if (stat.isFile() && !this.shouldIgnoreFile(fullPath)) {
+                files.push(fullPath);
+            }
+        }
+        return files;
+    }
+    shouldIgnore(name) {
+        return ['node_modules', '.git', 'dist', 'build', 'coverage', '.next'].includes(name);
+    }
+    shouldIgnoreFile(filePath) {
+        const ext = this.getExtension(filePath);
+        return ['.png', '.jpg', '.jpeg', '.gif', '.pdf', '.zip', '.lock', '.log'].includes(ext);
+    }
+    getExtension(filePath) {
+        const parts = filePath.split('.');
+        return parts.length > 1 ? `.${parts[parts.length - 1]}` : '(no ext)';
+    }
+}
+exports.TokenCounter = TokenCounter;
+//# sourceMappingURL=token-counter.js.map

package/dist/scanners/token-counter.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-counter.js","sourceRoot":"","sources":["../../src/scanners/token-counter.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AAGxB,MAAa,YAAY;IACf,UAAU,GAAG;QACnB,SAAS,EAAE;YACT,KAAK,EAAE,GAAG,EAAE,wBAAwB;YACpC,MAAM,EAAE,IAAI,CAAC,yBAAyB;SACvC;QACD,MAAM,EAAE;YACN,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,IAAI;SACb;KACF,CAAC;IAEF;;;OAGG;IACH,iBAAiB,CAAC,QAAgB;QAChC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,IAAY;QACzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,CAAC;QACX,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;QAE/B,oDAAoD;QACpD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE7D,uDAAuD;QACvD,IAAI,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;QAE5C,uEAAuE;QACvE,+DAA+D;QAC/D,MAAM,iBAAiB,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,iBAAiB,GAAG,GAAG,EAAE,CAAC;YAC5B,uCAAuC;YACvC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,iBAAiB,GAAG,GAAG,EAAE,CAAC;YACnC,gEAAgE;YAChE,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;QAClD,CAAC;QAED,0BAA0B;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgC,EAAE,WAAmB,EAAE,YAAoB;QACvF,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;QAC1D,MAAM,UAAU,GAAG,CAAC,YAAY,GAAG,SAAS,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;QAC7D,OAAO,SAAS,GAAG,UAAU,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,aAAqB;QAClC,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,MAAM,SAAS,GAA2B,EAAE,CAAC;QAE7C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;gBACpC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC;gBAChD,WAAW,IAAI,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,MAAM,aAAa,GAAG,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,GAAG,CAAC;QAEtD,OAAO;YACL,WAAW;YACX,aAAa;YACb,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,OAAe;QACjC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,YAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,YAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEnC,IAAI,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,YAAY,CAAC,IAAY;QAC/B,OAAO,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvF,CAAC;IAEO,gBAAgB,CAAC,QAAgB;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC1F,CAAC;IAEO,YAAY,CAAC,QAAgB;QACnC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;IACvE,CAAC;CACF;AAjID,oCAiIC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+export interface SecretMatch {
+    /** Pattern id (e.g. "anthropic", "aws-access"). */
+    type: string;
+    /** Masked representation of the matched value (safe to log). */
+    value: string;
+    /** 1-based line number in the file. */
+    line: number;
+    /** 0-based absolute byte offset in the file (used for deduplication). */
+    column: number;
+    /** Byte length of the original match (used for SARIF region output). */
+    matchLength: number;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+}
+export interface TokenReport {
+    totalTokens: number;
+    estimatedCost: number;
+    breakdown: Record<string, number>;
+}
+export interface GuardStatus {
+    security: {
+        clean: boolean;
+        critical: number;
+        warning: number;
+    };
+    tokens: {
+        used: number;
+        limit: number;
+        cost: number;
+    };
+    savings: {
+        percentage: number;
+        amount: number;
+    };
+    aiActive: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,yEAAyE;IACzE,MAAM,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAClD;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE;QACR,KAAK,EAAE,OAAO,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,OAAO,EAAE;QACP,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,QAAQ,EAAE,OAAO,CAAC;CACnB"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}