@visulima/vis 1.0.0-alpha.10 → 1.0.0-alpha.11

package/dist/packem_chunks/handler39.js

@@ -1,22 +1,574 @@
-var ae=Object.defineProperty;var P=(r,e)=>ae(r,"name",{value:e,configurable:!0});import{createRequire as le}from"node:module";import{getManifestData as me}from"@socketsecurity/registry";import{isAccessibleSync as V,readFileSync as _,writeFileSync as F,readJsonSync as Z,glob as he}from"@visulima/fs";import{join as A,resolve as ue}from"@visulima/path";import{Box as p,Text as c,ScrollView as ge,ScrollBar as ye,useApp as ke,useWindowSize as ve,useInput as we,render as be}from"@visulima/tui";import{M as $e,D as xe,f as X,c as Se,p as m,g as Ce,d as Ne}from"./bin.js";import Oe from"module-replacements/manifests/micro-utilities.json"with{type:"json"};import je from"module-replacements/manifests/native.json"with{type:"json"};import Te from"module-replacements/manifests/preferred.json"with{type:"json"};import Ee,{useSyncExternalStore as Pe,useRef as Ae,useState as H,useCallback as De}from"react";import{coerce as Q}from"semver";import{readYamlSync as Ie}from"@visulima/fs/yaml";import{jsx as i,jsxs as d,Fragment as q}from"react/jsx-runtime";const de=le(import.meta.url),R=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,pe=P(r=>{if(typeof R<"u"&&R.versions&&R.versions.node){const[e,t]=R.versions.node.split(".").map(Number);if(e>22||e===22&&t>=3||e===20&&t>=16)return R.getBuiltinModule(r)}return de(r)},"__cjs_getBuiltinModule"),{writeFileSync:fe}=pe("node:fs");var Re=Object.defineProperty,T=P((r,e)=>Re(r,"name",{value:e,configurable:!0}),"c$1");const Fe=["dependencies","devDependencies","peerDependencies","peerDependenciesMeta","optionalDependencies","bundleDependencies"],Me=["overrides","pnpm","resolutions"],_e=["engines","files"],ze=T(r=>{const e=Q(r)?.major;return e!==void 0&&e>=10},"isPnpmV10Plus"),Le=T(r=>{const e=A(r,"pnpm-workspace.yaml");if(!V(e))return{overrides:{},source:"pnpm-workspace.yaml"};try{return{overrides:Ie(e)?.overrides??{},source:"pnpm-workspace.yaml"}}catch{return{overrides:{},source:"pnpm-workspace.yaml"}}},"readPnpmWorkspaceOverrides"),Je=T((r,e)=>{let t={};return e==="pnpm"?t=r.pnpm?.overrides??{}:e==="yarn"||e==="bun"?t=r.resolutions??{}:t=r.overrides??{},{overrides:t,source:"package.json"}},"readPkgJsonOverrides"),qe=T((r,e,t)=>t.name==="pnpm"&&ze(t.version)?Le(r):Je(e,t.name),"readOverrides"),W=T((r,e)=>{const t=e;for(const a of Me){const o=r.indexOf(a);if(o!==-1&&a!==t)return t==="overrides"?o:o+1}let n=-1;for(const a of Fe){const o=r.indexOf(a);o>n&&(n=o)}if(n!==-1)return n+1;for(const a of _e){const o=r.indexOf(a);if(o!==-1)return o}return r.length},"findInsertIndex"),Ge=T(r=>/\n(\s+)/.exec(r)?.[1]??"  ","detectIndent"),Be=T((r,e)=>{const t=A(r,"pnpm-workspace.yaml");if(!V(t))throw new Error(`pnpm-workspace.yaml not found at ${t}. Cannot write overrides for pnpm v10+.`);let n=_(t);const a=`overrides:
-${Object.entries(e).map(([o,s])=>`  '${o}': '${s}'`).join(`
-`)}
-`;n=/^overrides:\s*$/m.test(n)||/^overrides:\s*\n/m.test(n)?n.replace(/^overrides:\s*\n(?:(?:[ \t].*)?\n)*/m,a):`${n.trimEnd()}
-
-${a}`,F(t,n)},"writePnpmWorkspaceOverrides"),Ue=T((r,e,t,n)=>{const a=_(r),o=Ge(a);if(n==="pnpm"){const s=e.pnpm??{};if(s.overrides=t,e.pnpm)e.pnpm=s,F(r,`${JSON.stringify(e,null,o)}
-`);else{const y=Object.keys(e),f=W(y,"pnpm"),u=Object.entries(e);u.splice(f,0,["pnpm",s]),F(r,`${JSON.stringify(Object.fromEntries(u),null,o)}
-`)}}else{const s=n==="yarn"||n==="bun"?"resolutions":"overrides";if(e[s])e[s]=t,F(r,`${JSON.stringify(e,null,o)}
-`);else{const y=Object.keys(e),f=W(y,s),u=Object.entries(e);u.splice(f,0,[s,t]),F(r,`${JSON.stringify(Object.fromEntries(u),null,o)}
-`)}}},"writePkgJsonOverrides"),Ve=T((r,e,t,n)=>{const a=_(e),o=JSON.parse(a),{overrides:s,source:y}=qe(r,o,n),f=[],u=[],S=new Set;if(n.name==="npm")for(const g of["dependencies","devDependencies"]){const w=o[g];if(w)for(const k of Object.keys(w))S.add(k)}for(const g of t){const w=s[g.original];if(typeof w=="object")continue;let k=g.spec;n.name==="npm"&&S.has(g.original)&&(k=`$${g.original}`),w!==k&&(w?u.push(g.original):f.push(g.original),s[g.original]=k)}if(f.length===0&&u.length===0)return{added:f,updated:u};const x=Object.fromEntries(Object.entries(s).sort(([g],[w])=>g.localeCompare(w)));return y==="pnpm-workspace.yaml"?Be(r,x):Ue(e,o,x,n.name),{added:f,updated:u}},"applyOverrides"),Xe=T((r,e)=>{const t={bun:["bun.lock"],npm:["npm-shrinkwrap.json","package-lock.json"],pnpm:["pnpm-lock.yaml"],yarn:["yarn.lock"]};for(const n of t[e]??[]){const a=A(r,n);try{return _(a)}catch{continue}}return""},"readLockfileText"),He=T((r,e,t)=>{if(!r)return!1;const n=e.replaceAll(/[.*+?^${}()|[\]\\]/g,String.raw`\$&`);switch(t){case"bun":return r.includes(`"${e}":`)||new RegExp(String.raw`(^|\s|[",])${n}@`,"m").test(r);case"npm":return r.includes(`"${e}":`)||r.includes(`"node_modules/${e}":`);case"pnpm":return new RegExp(String.raw`(^|\s|['"/])${n}(@|['"]?:)`,"m").test(r);case"yarn":return new RegExp(String.raw`(^|\s|[",])${n}@`,"m").test(r);default:return!1}},"lockfileContainsPackage");var We=Object.defineProperty,M=P((r,e)=>We(r,"name",{value:e,configurable:!0}),"s");const Ye=M((r,e,t)=>{let n=r;if(e!=="all"&&(n=n.filter(a=>a.category===e)),t){const a=t.toLowerCase();n=n.filter(o=>o.packageName.toLowerCase().includes(a))}return n},"filterEntries");class Ke{static{P(this,"h")}static{M(this,"OptimizeStore")}#e;#t=new Set;constructor(e){this.#e={applyProgress:null,checkedEntries:new Set,entries:e,error:null,filterActive:!1,filterText:"",filterType:"all",focusedPanel:"list",phase:"browsing",selectedIndex:0}}getSnapshot=M(()=>this.#e,"getSnapshot");subscribe=M(e=>(this.#t.add(e),()=>{this.#t.delete(e)}),"subscribe");getFilteredEntries=M(()=>Ye(this.#e.entries,this.#e.filterType,this.#e.filterText),"getFilteredEntries");#r(){this.#e={...this.#e};for(const e of this.#t)e()}select(e){const t=this.getFilteredEntries();this.#e.selectedIndex=t.length===0?-1:Math.max(0,Math.min(e,t.length-1)),this.#r()}toggleCheck(e){const t=new Set(this.#e.checkedEntries);t.has(e)?t.delete(e):t.add(e),this.#e.checkedEntries=t,this.#r()}toggleAll(){const e=this.getFilteredEntries(),t=new Set(this.#e.checkedEntries);if(e.every(n=>t.has(n.packageName)))for(const n of e)t.delete(n.packageName);else for(const n of e)t.add(n.packageName);this.#e.checkedEntries=t,this.#r()}setFilter(e){this.#e.filterType=e,this.#e.selectedIndex=0,this.#r()}setFilterText(e){this.#e.filterText=e,this.#e.selectedIndex=0,this.#r()}setFilterActive(e){this.#e.filterActive=e,this.#r()}setFocusedPanel(e){this.#e.focusedPanel=e,this.#r()}setPhase(e){this.#e.phase=e,this.#r()}setProgress(e,t){this.#e.applyProgress={current:e,total:t},this.#r()}setError(e){this.#e.error=e,this.#e.phase="error",this.#r()}getCheckedEntries(){return this.#e.entries.filter(e=>this.#e.checkedEntries.has(e.packageName))}}const ee={"micro-utility":"gray",native:"green",preferred:"yellow",socket:"cyan"},Ze={"micro-utility":"MICRO",native:"NATIVE",preferred:"PREF",socket:"SOCKET"},Qe={"micro-utility":"Trivial utility package that can be replaced with inline code.",native:"Polyfill for a native JS/Node.js API. Use the built-in instead.",preferred:"A lighter or faster alternative package exists.",socket:"Security-hardened replacement from Socket.dev's @socketregistry."};var er=Object.defineProperty,rr=P((r,e)=>er(r,"name",{value:e,configurable:!0}),"d");const tr=rr(({entry:r,focused:e,scrollRef:t})=>{const n=e?"white":"gray";if(!r)return i(p,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:i(c,{dimColor:!0,children:"No entry selected"})});const a=ee[r.category]??"gray";return d(p,{borderColor:n,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[i(p,{flexShrink:0,paddingTop:1,paddingX:2,children:i(c,{bold:!0,color:"white",children:r.packageName})}),d(ge,{flexGrow:1,flexShrink:1,paddingX:2,ref:t,scrollbar:!0,scrollbarColor:"gray",children:[i(c,{}),d(p,{children:[i(p,{width:14,children:i(c,{dimColor:!0,children:"Category:"})}),i(c,{bold:!0,color:a,children:r.category})]}),d(p,{children:[i(p,{width:14,children:i(c,{dimColor:!0,children:"Replace with:"})}),i(c,{children:r.replacement})]}),r.overrideSpec&&d(p,{children:[i(p,{width:14,children:i(c,{dimColor:!0,children:"Override:"})}),i(c,{color:"cyan",children:r.overrideSpec})]}),d(p,{children:[i(p,{width:14,children:i(c,{dimColor:!0,children:"Codemod:"})}),i(c,{color:r.hasCodemod?"green":"gray",children:r.hasCodemod?"available ⚙":"not available"})]}),d(p,{flexDirection:"column",marginTop:1,children:[i(c,{dimColor:!0,children:"── "}),i(c,{bold:!0,color:"white",children:"DESCRIPTION"}),i(p,{marginTop:1,paddingLeft:2,children:i(c,{children:Qe[r.category]??""})})]}),r.category==="native"&&d(p,{flexDirection:"column",marginTop:1,children:[i(c,{dimColor:!0,children:"── "}),i(c,{bold:!0,color:"green",children:"ACTION"}),i(p,{flexDirection:"column",marginTop:1,paddingLeft:2,children:r.hasCodemod?d(q,{children:[d(c,{color:"green",children:["✓"," ","Codemod will rewrite imports to use native API."]}),i(c,{dimColor:!0,children:" The package can then be removed from dependencies."})]}):d(q,{children:[d(c,{color:"yellow",children:["ℹ"," ","No automated codemod available."]}),i(c,{dimColor:!0,children:" Manual migration required — replace usage with native equivalent."})]})})]}),r.category==="socket"&&d(p,{flexDirection:"column",marginTop:1,children:[i(c,{dimColor:!0,children:"── "}),i(c,{bold:!0,color:"cyan",children:"ACTION"}),d(p,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[d(c,{color:"cyan",children:["✓"," ","Override will redirect resolution to the hardened package."]}),i(c,{dimColor:!0,children:" No source code changes needed — drop-in replacement."})]})]}),(r.category==="preferred"||r.category==="micro-utility")&&d(p,{flexDirection:"column",marginTop:1,children:[i(c,{dimColor:!0,children:"── "}),i(c,{bold:!0,color:"yellow",children:"ACTION"}),i(p,{flexDirection:"column",marginTop:1,paddingLeft:2,children:r.hasCodemod?d(q,{children:[d(c,{color:"green",children:["✓"," ","Codemod will rewrite imports to the recommended alternative."]}),i(c,{dimColor:!0,children:" The original package can then be removed from dependencies."})]}):d(q,{children:[d(c,{color:"yellow",children:["ℹ"," ","Manual migration required."]}),r.docUrl?i(c,{dimColor:!0,children:" Open the migration guide below for the recommended alternative and steps."}):i(c,{dimColor:!0,children:" Consult the package's docs or the e18e module-replacements guide for an alternative."})]})})]}),d(p,{flexDirection:"column",marginTop:1,children:[i(c,{dimColor:!0,children:"── "}),i(c,{bold:!0,color:"white",children:"LINKS"}),d(p,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[d(c,{color:"cyan",underline:!0,children:["https://npmx.dev/",r.packageName]}),r.docUrl&&i(c,{color:"cyan",underline:!0,children:r.docUrl})]})]})]})]})},"OptimizeDetailPanel");var nr=Object.defineProperty,re=P((r,e)=>nr(r,"name",{value:e,configurable:!0}),"b$1");const ir=[{key:"all",label:"All",shortcut:"1"},{key:"native",label:"Native",shortcut:"2"},{key:"preferred",label:"Preferred",shortcut:"3"},{key:"micro-utility",label:"Micro",shortcut:"4"},{key:"socket",label:"Socket",shortcut:"5"}],or=re(({checked:r,entry:e,isSelected:t})=>{const n=ee[e.category]??"white",a=Ze[e.category]??e.category,o=r?"☑":"☐",s=e.hasCodemod?"⚙":" ";return d(p,{flexShrink:0,height:1,children:[i(c,{children:t?">":" "}),d(c,{color:r?"white":"gray",children:[" ",o," "]}),i(c,{bold:!0,color:n,children:`[${a}]`.padEnd(9)}),d(c,{children:[" ",s," "]}),i(p,{flexGrow:1,children:i(c,{bold:t,inverse:t,wrap:"truncate",children:e.packageName})}),i(c,{dimColor:!0,children:" → "}),i(c,{wrap:"truncate",children:e.replacement})]})},"EntryRow"),cr=re(({checkedEntries:r,entries:e,filterActive:t,filterText:n,filterType:a,focused:o,isDryRun:s,scrollOffset:y,selectedIndex:f,totalEntries:u,viewportHeight:S})=>{const x=o?"white":"gray";let g=0,w=0,k=0,N=0;for(const O of e)switch(O.category){case"micro-utility":{k++;break}case"native":{g++;break}case"preferred":{w++;break}case"socket":{N++;break}}const h=[];g>0&&h.push(`${g} native`),w>0&&h.push(`${w} preferred`),k>0&&h.push(`${k} micro`),N>0&&h.push(`${N} socket`);const b=h.length>0?` (${h.join(", ")})`:"",C=r.size,D=[];for(const[O,$]of e.entries())D.push(i(or,{checked:r.has($.packageName),entry:$,isSelected:O===f},$.packageName));const I=e.length,l=I>S&&S>0;return d(p,{borderColor:x,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[d(p,{flexShrink:0,gap:1,paddingX:1,children:[i(c,{bold:!0,inverse:!0,children:" VIS OPTIMIZE "}),d(c,{wrap:"truncate",children:[u," ","optimizations",b]}),!s&&C>0&&d(c,{dimColor:!0,children:[" ","—",C," ","selected"]})]}),i(p,{flexShrink:0,gap:1,paddingX:1,paddingY:1,children:ir.map(O=>{const $=a===O.key;return d(p,{children:[i(c,{dimColor:!$,children:"["}),i(c,{bold:$,color:$?"cyan":"gray",children:O.shortcut}),i(c,{dimColor:!$,children:"]"}),d(c,{color:$?"white":"gray",children:[" ",O.label]})]},O.key)})}),t&&d(p,{flexShrink:0,paddingX:1,children:[i(c,{bold:!0,color:"white",children:"/ "}),i(c,{children:n}),i(c,{inverse:!0,children:" "})]}),d(p,{flexDirection:"row",flexGrow:1,overflow:"hidden",children:[i(p,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:i(p,{flexDirection:"column",marginTop:-y,children:D})}),l&&i(p,{flexShrink:0,marginLeft:1,marginRight:1,children:i(ye,{contentHeight:I,placement:"inset",scrollOffset:y,style:"block",viewportHeight:S})})]})]})},"OptimizeListPanel");var sr=Object.defineProperty,ar=P((r,e)=>sr(r,"name",{value:e,configurable:!0}),"S");const lr=100,Y=10,K={1:"all",2:"native",3:"preferred",4:"micro-utility",5:"socket"},dr=ar(({isDryRun:r,store:e})=>{const{exit:t}=ke(),{columns:n,rows:a}=ve(),o=Pe(e.subscribe,e.getSnapshot),s=Ae(null),[y,f]=H(0),[u,S]=H(!1),x=e.getFilteredEntries(),g=x[o.selectedIndex]??null,w=n>=lr,k=Math.max(0,a-5),N=De(h=>{t(h)},[t]);return we((h,b)=>{if(u){h==="y"||h==="Y"?N():S(!1);return}if(o.filterActive){b.escape?(e.setFilterActive(!1),e.setFilterText("")):b.return?e.setFilterActive(!1):b.backspace||b.delete?e.setFilterText(o.filterText.slice(0,-1)):h&&!b.ctrl&&!b.meta&&e.setFilterText(o.filterText+h);return}if(h==="q"){!r&&o.checkedEntries.size>0?S(!0):N();return}if(h==="/"){e.setFilterActive(!0);return}if(K[h]){e.setFilter(K[h]);return}if(b.tab){e.setFocusedPanel(o.focusedPanel==="list"?"detail":"list");return}if(o.focusedPanel==="list")if(b.upArrow||h==="k"){const C=Math.max(0,o.selectedIndex-1);e.select(C),C<y&&f(C)}else if(b.downArrow||h==="j"){const C=Math.min(x.length-1,o.selectedIndex+1);e.select(C),C>=y+k&&f(C-k+1)}else h===" "?g&&e.toggleCheck(g.packageName):h==="a"?e.toggleAll():b.return&&!r&&o.checkedEntries.size>0&&N(e.getCheckedEntries());else o.focusedPanel==="detail"&&(b.upArrow||h==="k"?s.current?.scrollBy(-1):(b.downArrow||h==="j")&&s.current?.scrollBy(1))},{isActive:o.phase==="browsing"}),a<Y?i(p,{alignItems:"center",justifyContent:"center",children:d(c,{color:"yellow",children:["Terminal too small. Resize to at least",Y," ","rows."]})}):d(p,{flexDirection:"column",height:a,width:n,children:[d(p,{flexDirection:w?"row":"column",flexGrow:1,children:[i(p,{flexBasis:w?"50%":void 0,flexGrow:1,children:i(cr,{checkedEntries:o.checkedEntries,entries:x,filterActive:o.filterActive,filterText:o.filterText,filterType:o.filterType,focused:o.focusedPanel==="list",isDryRun:r,scrollOffset:y,selectedIndex:o.selectedIndex,totalEntries:o.entries.length,viewportHeight:k})}),i(p,{flexBasis:w?"50%":void 0,flexGrow:1,children:i(tr,{entry:g,focused:o.focusedPanel==="detail",scrollRef:s})})]}),i(p,{flexShrink:0,paddingX:1,children:d(c,{dimColor:!0,children:[r?"Preview mode":"space:toggle a:all enter:apply"," ","| tab:switch panel /: filter q:quit |","⚙","=codemod available"]})}),i($e,{autoExitSeconds:3,onCancel:P(()=>{S(!1)},"onCancel"),visible:u})]})},"VisOptimizeApp");var pr=Object.defineProperty,j=P((r,e)=>pr(r,"name",{value:e,configurable:!0}),"p");const U=j((r,e)=>{const t=new Set;try{const n=Z(r),a=e?[n.dependencies,n.optionalDependencies]:[n.dependencies,n.devDependencies,n.peerDependencies,n.optionalDependencies];for(const o of a)if(o)for(const s of Object.keys(o))t.add(s)}catch{}return t},"collectDepsFromPkgJson"),te=j(r=>{const e=xe(r);if(e)return X(r,e);const t=A(r,"package.json");if(!V(t))return[];try{const n=Z(t),a=Array.isArray(n.workspaces)?n.workspaces:n.workspaces?.packages;return a?X(r,a):[]}catch{return[]}},"discoverWorkspacePackages"),fr="https://github.com/es-tooling/module-replacements/blob/main/docs/modules",mr=j(r=>`${fr}/${r}.md`,"buildE18eDocUrl"),hr=j(r=>{if(r.type==="simple"&&r.replacement)return r.replacement;if(r.type==="native"){const e=r.nodeVersion?` (Node ${r.nodeVersion}+)`:"";return r.replacement?`${r.replacement}${e}`:`Native API${e}`}return r.type==="documented"&&r.docPath?"see migration guide":""},"e18eReplacementHint"),ne=j(r=>{const e=[],t=j((n,a)=>{const o=n.moduleReplacements;if(Array.isArray(o))for(const s of o)r.has(s.moduleName)&&e.push({category:a,docUrl:s.type==="documented"&&s.docPath?mr(s.docPath):void 0,hasCodemod:!1,overrideSpec:void 0,packageName:s.moduleName,replacement:hr(s)})},"scanManifest");return t(je,"native"),t(Te,"preferred"),t(Oe,"micro-utility"),e},"buildE18eEntries"),ie=j((r,e,t,n)=>{const a=me("npm")??[],o=[];for(const[,s]of a){if(s.deprecated)continue;const y=r.has(s.package),f=e?He(e,s.package,t.name):!1;if(!y&&!f)continue;const u=Q(s.version)?.major;if(u===void 0)continue;const S=n?`npm:${s.name}@${s.version}`:`npm:${s.name}@^${String(u)}`;o.push({category:"socket",hasCodemod:!1,overrideSpec:S,packageName:s.package,replacement:s.name})}return o},"buildSocketEntries");let G;const oe=j(async()=>{if(G)return G;try{return G=(await import("module-replacements-codemods")).codemods,G}catch{return{}}},"loadCodemods"),ce=j(async r=>{try{const e=await oe();for(const t of r)t.category!=="socket"&&e[t.packageName]&&(t.hasCodemod=!0)}catch{}},"markCodemodAvailability"),se=j(async(r,e)=>{let t=0;try{const n=(await oe())[e];if(!n)return{filesChanged:0,packageName:e};const a=n({}),o=await ur(r);for(const s of o){const y=_(s);if(y.includes(e))try{const f=await a.transform({file:{filename:s,source:y}});f!==y&&(fe(s,f,"utf8"),t++)}catch(f){process.stderr.write(`warn: codemod transform failed for ${s}: ${f instanceof Error?f.message:String(f)}
-`)}}}catch{}return{filesChanged:t,packageName:e}},"runCodemod"),ur=j(async r=>he("**/*.{cjs,cts,js,jsx,mjs,mts,ts,tsx}",{absolute:!0,cwd:r,ignore:["**/.*/**","**/.*","**/node_modules/**","**/dist/**","**/coverage/**","**/.git/**","**/.next/**","**/.nuxt/**"]}),"collectSourceFiles"),gr=j(async({logger:r,options:e,workspaceRoot:t})=>{if(!t)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const n=Se(t),a=!!e.dryRun,o=!!e.prod,s=!!e.pin;m.info(`Detected ${n.name} v${n.version}.`);const y=U(A(t,"package.json"),o),f=te(t),u=new Set(y);for(const l of f){const O=U(A(ue(t,l),"package.json"),o);for(const $ of O)u.add($)}f.length>0&&m.info(`Scanned ${String(f.length)} workspace package${f.length===1?"":"s"}.`),m.info(`Scanning dependencies...
-`);const S=Xe(t,n.name),x=ne(u),g=ie(u,S,n,s),w=new Set(x.map(l=>l.packageName)),k=g.filter(l=>!w.has(l.packageName)),N=[...x,...k];if(await ce(N),N.length===0){m.info("No optimizations found for your dependencies.");return}const h=!!process.stdout.isTTY&&!Ne,b=e.format==="json"||!!e.json;if(h&&!a&&!b){const l=new Ke(N),O=await be(Ee.createElement(dr,{isDryRun:!1,store:l}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),$=Array.isArray(O)?O:[];if($.length===0){m.info("No optimizations selected.");return}const z=$.filter(v=>v.category!=="socket"&&v.hasCodemod),L=$.filter(v=>v.category!=="socket"&&!v.hasCodemod),B=$.filter(v=>v.category==="socket");if(z.length>0){m.info(`
-Running ${String(z.length)} codemod${z.length===1?"":"s"}...
-`);for(const v of z){const E=await se(t,v.packageName);E.filesChanged>0?m.success(`  ${v.packageName}: ${String(E.filesChanged)} file${E.filesChanged===1?"":"s"} updated`):m.info(`  ${v.packageName}: no files changed`)}}if(L.length>0){m.warn(`
-${String(L.length)} selected replacement${L.length===1?"":"s"} require manual migration (no codemod available):`);for(const v of L)m.info(`  ${v.packageName} → ${v.replacement}`);m.notice("  Replace usage in your source code, then remove from dependencies.")}if(B.length>0){const v=B.filter(J=>J.overrideSpec).map(J=>({original:J.packageName,spec:J.overrideSpec})),E=Ve(t,A(t,"package.json"),v,n);E.added.length>0&&m.success(`
-Added ${String(E.added.length)} override${E.added.length===1?"":"s"}.`),E.updated.length>0&&m.success(`Updated ${String(E.updated.length)} override${E.updated.length===1?"":"s"}.`)}if(B.length>0&&!e.noInstall){m.info(`
-Running ${n.name} install to update lockfile...`);const v=Ce(n,{dev:!1,filter:[],force:!1,frozenLockfile:!1,ignoreScripts:!1,lockfileOnly:!1,noOptional:!1,offline:!1,prod:!1,recursive:!1,silent:!1,workspaceRoot:!1},t,r);v!==0&&m.warn(`${n.name} install exited with code ${String(v)}. Run it manually.`)}m.info(""),m.success("Optimization complete.");return}if(b){process.stdout.write(`${JSON.stringify({e18e:x.map(l=>({category:l.category,hasCodemod:l.hasCodemod,packageName:l.packageName,replacement:l.replacement})),packageManager:n.name,socket:k.map(l=>({overrideSpec:l.overrideSpec,packageName:l.packageName,replacement:l.replacement})),total:N.length,workspaces:f.length},void 0,2)}
-`);return}const C=x.filter(l=>l.category==="native"),D=x.filter(l=>l.category==="preferred"),I=x.filter(l=>l.category==="micro-utility");if(C.length>0){m.info(`Native replacements (${String(C.length)}):`);for(const l of C)m.info(`  ${l.hasCodemod?"⚙":" "} ${l.packageName} → ${l.replacement}`)}if(D.length>0){m.info(`
-Preferred alternatives (${String(D.length)}):`);for(const l of D)m.info(`  ${l.hasCodemod?"⚙":" "} ${l.packageName} → ${l.replacement}`)}if(I.length>0){m.info(`
-Micro-utilities (${String(I.length)}):`);for(const l of I)m.info(`  ${l.hasCodemod?"⚙":" "} ${l.packageName} → ${l.replacement}`)}if(k.length>0){m.info(`
-Socket.dev overrides (${String(k.length)}):`);for(const l of k)m.info(`  ${l.packageName} → ${l.overrideSpec}`)}m.info(`
-Total: ${String(N.length)} optimizations available (⚙ = codemod available).`),a&&m.notice("Run without --dry-run for interactive selection.")},"execute"),Pr=Object.defineProperty({__proto__:null,buildE18eEntries:ne,buildSocketEntries:ie,collectDepsFromPkgJson:U,default:gr,discoverWorkspacePackages:te,markCodemodAvailability:ce,runCodemod:se},Symbol.toStringTag,{value:"Module"});export{te as A,ce as B,ne as F,se as I,ie as T,Xe as a,Ve as b,Pr as h,U as x};
+import { createRequire as __cjs_createRequire } from "node:module";
+
+const __cjs_require = __cjs_createRequire(import.meta.url);
+
+const __cjs_getProcess = typeof globalThis !== "undefined" && typeof globalThis.process !== "undefined" ? globalThis.process : process;
+
+const __cjs_getBuiltinModule = (module) => {
+    // Check if we're in Node.js and version supports getBuiltinModule
+    if (typeof __cjs_getProcess !== "undefined" && __cjs_getProcess.versions && __cjs_getProcess.versions.node) {
+        const [major, minor] = __cjs_getProcess.versions.node.split(".").map(Number);
+        // Node.js 20.16.0+ and 22.3.0+
+        if (major > 22 || (major === 22 && minor >= 3) || (major === 20 && minor >= 16)) {
+            return __cjs_getProcess.getBuiltinModule(module);
+        }
+    }
+    // Fallback to createRequire
+    return __cjs_require(module);
+};
+
+import { dim, cyan, yellow, red, green } from '@visulima/colorize';
+import { writeFileSync, isAccessibleSync, readJsonSync, readFileSync } from '@visulima/fs';
+import { isAbsolute, relative, resolve, join } from '@visulima/path';
+import { redact } from '@visulima/redact';
+import { fingerprint, scan, scanFiles, inspectRuleset, listRules, listRequiredValidators } from '@visulima/secret-scanner';
+import { p as pail } from './bin.js';
+import { InteractiveManager, InteractiveStreamHook } from '@visulima/interactive-manager';
+import { Spinner } from '@visulima/spinner';
+const {
+  pathToFileURL
+} = __cjs_getBuiltinModule("node:url");
+const {
+  execFileSync
+} = __cjs_getBuiltinModule("node:child_process");
+
+const createSpinner = (options = {}) => {
+  const manager = new InteractiveManager(new InteractiveStreamHook(process.stdout), new InteractiveStreamHook(process.stderr));
+  return new Spinner(options, manager);
+};
+
+const toRelative = (file, root) => {
+  if (!isAbsolute(file)) {
+    return file;
+  }
+  const rel = relative(root, file);
+  return rel === "" || rel.startsWith("..") ? file : rel;
+};
+const toRelativeFinding = (f, root) => {
+  const relativeFile = toRelative(f.file, root);
+  return relativeFile === f.file ? f : { ...f, file: relativeFile };
+};
+const readBaseline = (baselinePath) => {
+  if (!isAccessibleSync(baselinePath)) {
+    return [];
+  }
+  try {
+    const parsed = readJsonSync(baselinePath);
+    return Array.isArray(parsed) ? parsed : [];
+  } catch {
+    return [];
+  }
+};
+const diffBaseline = (findings, baselinePath, root) => {
+  const existing = readBaseline(baselinePath).map((f) => toRelativeFinding(f, root));
+  const existingKeys = new Set(existing.map((f) => fingerprint(f)));
+  const currentRelative = findings.map((f) => toRelativeFinding(f, root));
+  const currentKeys = new Set(currentRelative.map((f) => fingerprint(f)));
+  return {
+    fresh: currentRelative.filter((f) => !existingKeys.has(fingerprint(f))),
+    resolved: existing.filter((f) => !currentKeys.has(fingerprint(f))),
+    surviving: currentRelative.filter((f) => existingKeys.has(fingerprint(f)))
+  };
+};
+const writeBaseline = (findings, baselinePath, root, options = {}) => {
+  const incoming = findings.map((f) => toRelativeFinding(f, root));
+  let final;
+  if (options.replace) {
+    final = incoming;
+  } else {
+    const existing = readBaseline(baselinePath).map((f) => toRelativeFinding(f, root));
+    const seen = /* @__PURE__ */ new Set();
+    final = [];
+    for (const f of [...existing, ...incoming]) {
+      const key = fingerprint(f);
+      if (seen.has(key)) {
+        continue;
+      }
+      seen.add(key);
+      final.push(f);
+    }
+  }
+  writeFileSync(baselinePath, `${JSON.stringify(final, null, 4)}
+`);
+  return final.length;
+};
+
+const CONTEXT_RADIUS = 1;
+const groupByFile = (findings) => {
+  const byFile = /* @__PURE__ */ new Map();
+  for (const f of findings) {
+    const list = byFile.get(f.file);
+    if (list) {
+      list.push(f);
+    } else {
+      byFile.set(f.file, [f]);
+    }
+  }
+  return byFile;
+};
+const loadLines = (file) => {
+  try {
+    return readFileSync(file).split(/\r?\n/);
+  } catch {
+    return void 0;
+  }
+};
+const caretFor = (line, col, len) => {
+  const clampedCol = Math.max(1, col);
+  const prefix = line.slice(0, clampedCol - 1).replaceAll(/[^\t]/g, " ");
+  return `${prefix}${"^".repeat(Math.max(1, len))}`;
+};
+const formatText = (findings, root, useColor, options = {}) => {
+  if (findings.length === 0) {
+    return useColor ? dim("No secrets detected.") : "No secrets detected.";
+  }
+  const color = useColor ? { cyan, dim, green, red, yellow } : {
+    cyan: (s) => s,
+    dim: (s) => s,
+    green: (s) => s,
+    red: (s) => s,
+    yellow: (s) => s
+  };
+  const lines = [];
+  const byFile = groupByFile(findings);
+  for (const [file, items] of byFile) {
+    const relativeFile = relative(root, file) || file;
+    lines.push(color.cyan(relativeFile));
+    const sourceLines = options.redact ? void 0 : loadLines(file);
+    for (const f of items) {
+      const provenance = [f.source, f.confidence].filter(Boolean).join(", ");
+      const provenanceSuffix = provenance ? ` ${color.dim(`(${provenance})`)}` : "";
+      const alternates = f.alternateMatches && f.alternateMatches.length > 0 ? ` ${color.dim(`also: ${f.alternateMatches.join(", ")}`)}` : "";
+      let validationBadge = "";
+      switch (f.validation) {
+        case "error": {
+          validationBadge = ` ${color.yellow("! error")}`;
+          break;
+        }
+        case "rejected": {
+          validationBadge = ` ${color.red("✗ rejected")}`;
+          break;
+        }
+        case "skipped": {
+          validationBadge = ` ${color.dim("— unverifiable")}`;
+          break;
+        }
+        case "verified": {
+          validationBadge = ` ${color.green("✓ verified")}`;
+          break;
+        }
+      }
+      lines.push(
+        `  ${color.red("✖")} ${color.yellow(`[${f.ruleId}]`)}${provenanceSuffix}${validationBadge} ${color.dim(`line ${String(f.startLine)}:${String(f.startColumn)}`)}${alternates}`
+      );
+      if (sourceLines) {
+        const start = Math.max(0, f.startLine - 1 - CONTEXT_RADIUS);
+        const end = Math.min(sourceLines.length, f.startLine + CONTEXT_RADIUS);
+        for (let n = start; n < end; n += 1) {
+          const lineNumber = String(n + 1).padStart(4, " ");
+          const isMatchLine = n + 1 === f.startLine;
+          const marker = isMatchLine ? color.red("▶") : " ";
+          lines.push(`    ${marker} ${color.dim(lineNumber)} │ ${sourceLines[n] ?? ""}`);
+          if (isMatchLine) {
+            const matchLen = Math.max(1, (f.endColumn ?? f.startColumn + 1) - f.startColumn);
+            const caret = caretFor(sourceLines[n] ?? "", f.startColumn, matchLen);
+            lines.push(`      ${color.dim("    │ ")}${color.red(caret)}`);
+          }
+        }
+      }
+      lines.push("");
+    }
+  }
+  return lines.join("\n").trimEnd();
+};
+const toSarifUri = (path, root) => {
+  if (!isAbsolute(path)) {
+    return path.replaceAll("\\", "/");
+  }
+  try {
+    return pathToFileURL(path).toString();
+  } catch {
+    return `file://${resolve(root, path).replaceAll("\\", "/")}`;
+  }
+};
+const shortText = (text, limit = 100) => {
+  if (text.length <= limit) {
+    return text;
+  }
+  return `${text.slice(0, limit - 1).trimEnd()}…`;
+};
+const formatSarif = (findings, toolVersion, root = process.cwd(), ruleMetadata = []) => {
+  const metaById = new Map(ruleMetadata.map((r) => [r.id, r]));
+  const seenIds = /* @__PURE__ */ new Set();
+  for (const f of findings) {
+    seenIds.add(f.ruleId);
+  }
+  const ruleIds = [.../* @__PURE__ */ new Set([...metaById.keys(), ...seenIds])].sort((a, b) => a.localeCompare(b));
+  const ruleIndex = new Map(ruleIds.map((id, i) => [id, i]));
+  return JSON.stringify(
+    {
+      $schema: "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0.json",
+      runs: [
+        {
+          originalUriBaseIds: {
+            SRCROOT: { uri: pathToFileURL(root).toString() }
+          },
+          results: findings.map((f) => {
+            const properties = {};
+            if (f.source) {
+              properties["source"] = f.source;
+            }
+            if (f.confidence) {
+              properties["confidence"] = f.confidence;
+            }
+            if (f.alternateMatches && f.alternateMatches.length > 0) {
+              properties["alternateRules"] = f.alternateMatches;
+            }
+            if (f.validation) {
+              properties["validation"] = f.validation;
+            }
+            return {
+              level: "error",
+              locations: [
+                {
+                  physicalLocation: {
+                    artifactLocation: {
+                      uri: toSarifUri(f.file, root),
+                      uriBaseId: isAbsolute(f.file) ? void 0 : "SRCROOT"
+                    },
+                    region: {
+                      endColumn: f.endColumn,
+                      endLine: f.endLine,
+                      snippet: { text: f.match },
+                      startColumn: f.startColumn,
+                      startLine: f.startLine
+                    }
+                  }
+                }
+              ],
+              message: { text: f.description || f.ruleId },
+              properties: Object.keys(properties).length > 0 ? properties : void 0,
+              ruleId: f.ruleId,
+              ruleIndex: ruleIndex.get(f.ruleId) ?? -1
+            };
+          }),
+          tool: {
+            driver: {
+              informationUri: "https://visulima.com/packages/secret-scanner",
+              name: "visulima-secret-scanner",
+              rules: ruleIds.map((id) => {
+                const meta = metaById.get(id);
+                const description = meta?.description ?? `Detected by rule \`${id}\``;
+                const ruleProperties = {};
+                if (meta?.tags && meta.tags.length > 0) {
+                  ruleProperties["tags"] = meta.tags;
+                }
+                if (meta?.source) {
+                  ruleProperties["source"] = meta.source;
+                }
+                if (meta?.confidence) {
+                  ruleProperties["confidence"] = meta.confidence;
+                }
+                return {
+                  defaultConfiguration: { level: "error" },
+                  fullDescription: { text: description },
+                  helpUri: "https://visulima.com/packages/secret-scanner",
+                  id,
+                  name: id,
+                  properties: Object.keys(ruleProperties).length > 0 ? ruleProperties : void 0,
+                  shortDescription: { text: shortText(description) }
+                };
+              }),
+              version: toolVersion
+            }
+          }
+        }
+      ],
+      version: "2.1.0"
+    },
+    void 0,
+    2
+  );
+};
+
+const runGit = (root, args) => {
+  try {
+    return execFileSync("git", args, { cwd: root, encoding: "utf8", stdio: ["ignore", "pipe", "pipe"] }).trim();
+  } catch {
+    return "";
+  }
+};
+const splitFiles = (stdout) => stdout.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+const stagedFiles = (root) => splitFiles(runGit(root, ["diff", "--cached", "--name-only", "--diff-filter=ACMR"])).map((p) => isAbsolute(p) ? p : join(root, p));
+const filesSince = (root, ref) => {
+  const stdout = runGit(root, ["diff", "--name-only", "--diff-filter=ACMR", `${ref}...HEAD`]);
+  const list = splitFiles(stdout);
+  if (list.length === 0) {
+    const fallback = runGit(root, ["diff", "--name-only", "--diff-filter=ACMR", ref]);
+    return splitFiles(fallback).map((p) => isAbsolute(p) ? p : join(root, p));
+  }
+  return list.map((p) => isAbsolute(p) ? p : join(root, p));
+};
+const hasGit = (root) => runGit(root, ["rev-parse", "--show-toplevel"]).length > 0;
+
+const DEFAULT_BASELINE = ".secrets-baseline.json";
+const toArray = (value) => {
+  if (!value) {
+    return [];
+  }
+  return Array.isArray(value) ? value : [value];
+};
+const validateFormat = (raw) => {
+  const allowed = /* @__PURE__ */ new Set(["json", "sarif", "text"]);
+  if (raw && !allowed.has(raw)) {
+    pail.error(`--format must be one of: ${[...allowed].join(", ")} (got "${raw}")`);
+    process.exit(2);
+  }
+  return raw ?? "text";
+};
+const validateConfidence = (raw) => {
+  if (raw === void 0) {
+    return void 0;
+  }
+  const allowed = /* @__PURE__ */ new Set(["high", "low", "medium"]);
+  if (!allowed.has(raw)) {
+    pail.error(`--min-confidence must be one of: ${[...allowed].join(", ")} (got "${raw}")`);
+    process.exit(2);
+  }
+  return raw;
+};
+const printListRules = async (scanOptions, useColor) => {
+  const rules = await listRules(scanOptions);
+  process.stdout.write(`${String(rules.length)} rules loaded
+
+`);
+  for (const rule of rules) {
+    const id = useColor ? yellow(rule.id) : rule.id;
+    const tags = rule.tags.length > 0 ? ` ${useColor ? dim(`[${rule.tags.join(", ")}]`) : `[${rule.tags.join(", ")}]`}` : "";
+    process.stdout.write(`${id}${tags}
+  ${rule.description}
+`);
+    if (rule.keywords.length > 0) {
+      const kw = `keywords: ${rule.keywords.slice(0, 6).join(", ")}${rule.keywords.length > 6 ? ", ..." : ""}`;
+      process.stdout.write(`  ${useColor ? dim(kw) : kw}
+`);
+    }
+    process.stdout.write("\n");
+  }
+};
+const printListValidators = async (scanOptions, useColor) => {
+  const report = await listRequiredValidators(scanOptions);
+  if (report.length === 0) {
+    process.stdout.write(
+      useColor ? `${dim("No non-HTTP validators required by the current ruleset.")}
+` : "No non-HTTP validators required by the current ruleset.\n"
+    );
+    return;
+  }
+  process.stdout.write(`${String(report.length)} non-HTTP validator type(s) referenced by the current ruleset:
+
+`);
+  for (const entry of report) {
+    const title = useColor ? yellow(entry.displayName) : entry.displayName;
+    const typeLabel = `(${entry.type}, ${String(entry.ruleCount)} rule${entry.ruleCount === 1 ? "" : "s"})`;
+    process.stdout.write(`${title} ${useColor ? dim(typeLabel) : typeLabel}
+`);
+    process.stdout.write(`  ${entry.summary}
+`);
+    const hint = entry.packageName ? `install: npm add ${entry.packageName}` : "no driver — bespoke implementation required";
+    process.stdout.write(`  ${useColor ? dim(hint) : hint}
+
+`);
+  }
+};
+const runInit = async (root, scanOptions, dryRun) => {
+  const baselinePath = join(root, DEFAULT_BASELINE);
+  if (!dryRun && isAccessibleSync(baselinePath)) {
+    pail.warn(`Detected existing ${DEFAULT_BASELINE} — refusing to overwrite. Delete it first to re-init.`);
+    process.exit(1);
+  }
+  pail.info(dryRun ? "[dry-run] Previewing init — no files will be written." : "Scanning workspace to seed baseline…");
+  const spinner = createSpinner();
+  spinner.start("scanning");
+  let findings;
+  try {
+    findings = await scan([root], scanOptions);
+    spinner.succeed();
+  } catch (error) {
+    spinner.failed();
+    throw error;
+  }
+  if (dryRun) {
+    pail.info(`[dry-run] Would create ${DEFAULT_BASELINE} with ${String(findings.length)} finding(s).`);
+    return;
+  }
+  const count = writeBaseline(findings, baselinePath, root, { replace: true });
+  pail.success(`Wrote ${DEFAULT_BASELINE} (${String(count)} findings).`);
+  pail.notice("Commit it. Use `vis secrets --baseline .secrets-baseline.json` in CI. Add path patterns to .gitignore to exclude directories from scanning.");
+};
+const resolveScanOptions = (flags, visSecrets, root) => {
+  const cfg = visSecrets ?? {};
+  const resolvePath = (p) => p ? resolve(root, p) : void 0;
+  const pickList = (flag, fallback) => {
+    const fromFlag = toArray(flag);
+    return fromFlag.length > 0 ? fromFlag : fallback;
+  };
+  const enableRules = pickList(flags.enableRule, cfg.rules?.enable);
+  const excludeRules = pickList(flags.excludeRule, cfg.rules?.exclude);
+  const includeRules = pickList(flags.includeRule, cfg.rules?.include);
+  const excludePatterns = pickList(flags.exclude, cfg.walk?.excludePatterns);
+  const excludeFromFlag = toArray(flags.excludeFrom).map((p) => resolve(root, p));
+  const excludeFromFiles = excludeFromFlag.length > 0 ? excludeFromFlag : cfg.walk?.excludeFromFiles?.map((p) => resolve(root, p));
+  const baselinePath = resolvePath(flags.baseline) ?? resolvePath(cfg.baseline);
+  const configPath = resolvePath(flags.config) ?? resolvePath(cfg.config?.path);
+  const minConfidence = validateConfidence(flags.minConfidence ?? cfg.config?.minConfidence);
+  return {
+    baseline: baselinePath,
+    concurrency: flags.concurrency,
+    config: {
+      extendBundled: flags.noExtendBundled ? false : cfg.config?.extendBundled,
+      inline: cfg.config?.inline,
+      minConfidence,
+      onlyVerified: flags.onlyVerified ?? cfg.config?.onlyVerified ?? false,
+      path: configPath,
+      validate: flags.validate ?? cfg.config?.validate ?? false
+    },
+    redact: flags.redact ?? cfg.redact,
+    rules: { enable: enableRules, exclude: excludeRules, include: includeRules },
+    verbose: flags.verbose ?? false,
+    walk: {
+      excludeFromFiles,
+      excludePatterns,
+      gitignore: flags.noGitignore ? false : cfg.walk?.gitignore ?? true,
+      includeHidden: flags.includeHidden ?? cfg.walk?.includeHidden,
+      maxFileSize: flags.maxSize ?? cfg.walk?.maxFileSize
+    }
+  };
+};
+const printDiff = (diff) => {
+  process.stderr.write(
+    `${dim("baseline diff: ")}${green(`+${String(diff.fresh.length)} new`)} · ${yellow(`${String(diff.surviving.length)} unchanged`)} · ${dim(`-${String(diff.resolved.length)} resolved`)}
+`
+  );
+};
+const chooseScanPaths = async (flags, args, root) => {
+  if (flags.staged) {
+    if (!hasGit(root)) {
+      pail.error("--staged requires a git working tree, and none was detected.");
+      process.exit(2);
+    }
+    return { files: stagedFiles(root) };
+  }
+  if (flags.since) {
+    if (!hasGit(root)) {
+      pail.error("--since requires a git working tree, and none was detected.");
+      process.exit(2);
+    }
+    return { files: filesSince(root, flags.since) };
+  }
+  if (flags.affected) {
+    if (!hasGit(root)) {
+      pail.warn("--affected requires git; falling back to full scan");
+      return { paths: args && args.length > 0 ? args.map((p) => resolve(root, p)) : [root] };
+    }
+    const baseRef = process.env["VIS_BASE"] ?? "HEAD~1";
+    return { files: filesSince(root, baseRef) };
+  }
+  return { paths: args && args.length > 0 ? args.map((p) => resolve(root, p)) : [root] };
+};
+const emitFindings = (findings, format, root, useColor, toolVersion, ruleMetadata, redactFindings) => {
+  switch (format) {
+    case "json": {
+      const view = findings.map((f) => toRelativeFinding(f, root));
+      process.stdout.write(`${JSON.stringify(view, null, 2)}
+`);
+      break;
+    }
+    case "sarif": {
+      process.stdout.write(`${formatSarif(findings, toolVersion, root, ruleMetadata)}
+`);
+      break;
+    }
+    default: {
+      process.stdout.write(`${formatText(findings, root, useColor, { redact: redactFindings })}
+`);
+    }
+  }
+};
+const execute = async ({ argument, options, visConfig, workspaceRoot }) => {
+  const flags = options;
+  const args = argument;
+  const root = workspaceRoot ?? process.cwd();
+  const useColor = !flags.quiet && process.stdout.isTTY;
+  const visSecrets = visConfig?.secrets;
+  const scanOptions = resolveScanOptions(flags, visSecrets, root);
+  const toolVersion = "0.0.0-alpha";
+  if (flags.listRules) {
+    await printListRules(scanOptions, useColor);
+    return;
+  }
+  if (flags.listValidators) {
+    await printListValidators(scanOptions, useColor);
+    return;
+  }
+  if (flags.init) {
+    await runInit(root, scanOptions, flags.dryRun ?? false);
+    return;
+  }
+  const target = await chooseScanPaths(flags, args ?? [], root);
+  if (target.files?.length === 0) {
+    if (!flags.quiet) {
+      pail.success("No files to scan.");
+    }
+    return;
+  }
+  const isInteractive = !flags.quiet && !["json", "sarif"].includes(flags.format ?? "text");
+  const spinner = createSpinner({ verbose: isInteractive });
+  spinner.start("scanning for secrets");
+  let findings;
+  try {
+    findings = target.files === void 0 ? await scan(target.paths ?? [root], scanOptions) : await scanFiles(target.files, scanOptions);
+    spinner.succeed();
+  } catch (error) {
+    spinner.failed();
+    pail.error(`secret scan failed: ${error instanceof Error ? error.message : String(error)}`);
+    process.exit(2);
+  }
+  if (flags.verbose) {
+    const skipped = await inspectRuleset(scanOptions);
+    if (skipped.length > 0) {
+      pail.warn(`${String(skipped.length)} rule(s) skipped due to invalid regex. First few:`);
+      for (const s of skipped.slice(0, 5)) {
+        process.stderr.write(`  - ${s.ruleId}: ${s.reason}
+`);
+      }
+    }
+  }
+  const baselineFullPath = scanOptions.baseline ?? join(root, DEFAULT_BASELINE);
+  const showDiff = !flags.quiet && isAccessibleSync(baselineFullPath);
+  if (flags.updateBaseline) {
+    const count = writeBaseline(findings, baselineFullPath, root, { replace: flags.replaceBaseline });
+    pail.success(`Baseline updated: ${relative(root, baselineFullPath) || baselineFullPath} now contains ${String(count)} entries.`);
+    return;
+  }
+  const format = validateFormat(flags.format);
+  const ruleMetadata = format === "sarif" ? await listRules(scanOptions).catch(() => []) : [];
+  const shouldRedact = scanOptions.redact === true;
+  const reportFindings = shouldRedact ? redact(findings, ["match", "secret"]) : findings;
+  emitFindings(reportFindings, format, root, useColor, toolVersion, ruleMetadata, shouldRedact);
+  if (format === "text" && showDiff) {
+    printDiff(diffBaseline(findings, baselineFullPath, root));
+  }
+  if (findings.length > 0) {
+    if (!flags.quiet) {
+      pail.warn(`${String(findings.length)} potential secret(s) found`);
+      pail.notice("Suppress individual lines with `gitleaks:allow` / `secret-scanner:allow`, or run `vis secrets --update-baseline`.");
+    }
+    process.exit(1);
+  }
+  if (!flags.quiet) {
+    pail.success("No secrets detected.");
+  }
+};
+
+export { execute as default };