@visulima/vis 1.0.0-alpha.20 → 1.0.0-alpha.22

package/dist/packem_chunks/handler41.js

@@ -1,10 +1,215 @@
-var Pt=Object.defineProperty;var O=(e,t)=>Pt(e,"name",{value:t,configurable:!0});import{createRequire as Nt}from"node:module";import{n as Ft,W as Ke,aT as qe,u as zt,A as at,U as ct,O as jt,R as dt,J as ut,V as Et,T as Lt,N as Bt,p as u,I as ve,ag as F,e as ze,E as $,a as Re,j as ce,q as Ie,ae as pt,s as Vt,M as Ut}from"./bin.js";import{M as ee,i as Me,n as ht,b as _t,O as Ht,C as gt,j as Gt}from"./config.js";import{render as Yt}from"@visulima/tui";import Kt,{useSyncExternalStore as qt,useState as Te,useEffect as Je,useRef as We,useMemo as Le,useCallback as Xe}from"react";import{X as Qt}from"../packem_shared/xxh3-DrAUNq4n.js";import{x as Ze,A as ft,L as Zt,F as ei,T as ti,U as ii,a as ri,I as ni}from"./handler40.js";import{c as oi}from"../packem_shared/runtime-check-BusAwPb2.js";import{s as si}from"../packem_shared/scan-progress-CMynp3eA.js";import{f as li,l as ai}from"../packem_shared/dependency-scan-DC3nAFHS.js";import{jsxs as a,jsx as r,Fragment as ci}from"react/jsx-runtime";import{Box as p}from"@visulima/tui/components/box";import{Dialog as di}from"@visulima/tui/components/dialog";import{Text as n}from"@visulima/tui/components/text";import{useApp as ui}from"@visulima/tui/hooks/use-app";import{useInput as pi}from"@visulima/tui/hooks/use-input";import{useWindowSize as hi}from"@visulima/tui/hooks/use-window-size";import{ScrollView as gi}from"@visulima/tui/components/scroll-view";import{ScrollBar as fi}from"@visulima/tui/components/scroll-bar";import{Spinner as yt}from"@visulima/tui/components/spinner";import{Tab as mi}from"@visulima/tui/components/tab";import{Tabs as yi}from"@visulima/tui/components/tabs";import{u as ki}from"../packem_shared/use-measured-height-DjYgUOKk.js";import{s as wi}from"../packem_shared/verify-07kUNTuP.js";const Mt=Nt(import.meta.url),xe=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,lt=O(e=>{if(typeof xe<"u"&&xe.versions&&xe.versions.node){const[t,i]=xe.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return xe.getBuiltinModule(e)}return Mt(e)},"__cjs_getBuiltinModule"),{statSync:Jt,rmSync:Qe,writeFileSync:Wt,readFileSync:Xt}=lt("node:fs"),{spawnSync:mt}=lt("node:child_process");var vi=Object.defineProperty,De=O((e,t)=>vi(e,"name",{value:t,configurable:!0}),"r$2");const Be=De(()=>ee(Ft(),"doctor"),"getCacheDirectory"),bi=1800*1e3,et=De(e=>{if(!e)return"";try{return String(Jt(e).mtimeMs)}catch{return""}},"safeMtime"),$i=2,Si=De(e=>{const t=JSON.stringify({configMtime:et(e.configPath),lockfileMtime:et(e.lockfilePath),schema:$i,sections:[...e.sections].toSorted(),socketEnabled:e.socketEnabled,workspaceRoot:e.workspaceRoot});return Qt(Buffer.from(t))},"buildDoctorCacheKey"),Ci=De(e=>{const t=ee(Be(),`${e}.json`);if(Me(t))try{const i=ht(t);if(Date.now()-i.createdAt>i.ttlMs){Qe(t,{force:!0});return}return{...i.results,sections:new Set(i.results.sections)}}catch{Qe(t,{force:!0});return}},"readDoctorCache"),xi=De((e,t,i=bi)=>{_t(Be());const s={createdAt:Date.now(),results:{...t,sections:[...t.sections]},ttlMs:i};Wt(ee(Be(),`${e}.json`),JSON.stringify(s,void 0,2),"utf8")},"writeDoctorCache");var Ti=Object.defineProperty,_=O((e,t)=>Ti(e,"name",{value:t,configurable:!0}),"i$1");const Pe="orphans",Ri=_(()=>{if(process.platform!=="linux")return{id:"inotify",message:"inotify capacity check skipped (not Linux).",status:"skip"};let e;try{const t=Xt("/proc/sys/fs/inotify/max_user_watches","utf8").trim(),i=Number.parseInt(t,10);Number.isFinite(i)&&i>0&&(e=i)}catch{return{id:"inotify",message:"Could not read /proc/sys/fs/inotify/max_user_watches.",status:"warn"}}return e===void 0?{id:"inotify",message:"inotify max_user_watches reported a non-numeric value.",status:"warn"}:e<65536?{detail:{maxWatches:e},id:"inotify",message:`inotify watcher limit is ${String(e)} — large monorepos can exhaust this. Bump now with \`sudo sysctl fs.inotify.max_user_watches=524288\` and persist via \`/etc/sysctl.d/99-vis.conf\` so it survives reboot.`,status:"warn"}:{detail:{maxWatches:e},id:"inotify",message:`inotify capacity OK (${String(e)} watches).`,status:"ok"}},"checkInotifyCapacity"),Ii=_(()=>{const e=!!process.stdin.isTTY,t=!!process.stdout.isTTY;return e&&t?{id:"tty",message:"Interactive TTY available — watch keybinds enabled.",status:"ok"}:!e&&!t?{id:"tty",message:"No TTY on stdin/stdout — running in CI / piped mode (keybinds disabled).",status:"skip"}:{detail:{stdin:String(e),stdout:String(t)},id:"tty",message:e?"stdin is a TTY but stdout is not — output is being captured; keybinds still work.":"stdout is a TTY but stdin is not — keybinds disabled (input is piped).",status:"skip"}},"checkTtyAvailability"),Di=_(()=>{const e=process.pid;try{return process.platform==="win32"?vt(e):wt(e)}catch{return[]}},"listOrphanPids"),Ai=_(()=>{const e=process.pid;let t;try{t=process.platform==="win32"?vt(e):wt(e)}catch{return{id:Pe,message:"Could not enumerate processes (ps/tasklist failed).",status:"warn"}}if(t.length===0)return{id:Pe,message:"No orphaned vis/task-runner processes detected.",status:"ok"};if(t.length<=2)return{detail:{count:t.length,pids:t.join(",")},id:Pe,message:`${String(t.length)} possibly orphaned process(es) detected (PIDs: ${t.join(", ")}). Likely benign.`,status:"skip"};const i=process.platform==="win32"?t.map(s=>`taskkill /F /PID ${String(s)}`).join(" & "):`kill ${t.join(" ")}`;return{detail:{count:t.length,pids:t.join(",")},id:"orphans",message:`${String(t.length)} possibly orphaned vis/task-runner processes — run \`vis doctor --fix\` to clean them up, or kill them manually: ${i}`,status:"warn"}},"checkOrphanedRunners"),Oi=_((e={})=>{const t=e.enumerate??Di,i=e.force===!0?"SIGKILL":"SIGTERM",s=e.kill??zi,o=t(),l=[],c=[];for(const h of o)try{s(h,i),l.push(h)}catch(d){const k=d.code??d.message;if(k==="ESRCH"){l.push(h);continue}c.push({pid:h,reason:k})}return{failed:c,killed:l}},"killOrphanedRunners"),Pi=_(e=>mt("taskkill",e,{encoding:"utf8"}),"defaultTaskkillRunner"),Ni=_((e,t)=>{process.kill(e,t)},"defaultProcessKill"),Mi=_((e,t,i=Pi)=>{const s=t==="SIGKILL"?["/F","/PID",String(e)]:["/PID",String(e)],o=i(s);if(o.error)throw o.error;if(typeof o.status=="number"&&o.status!==0){const l=o.status===128?"ESRCH":`taskkill exited with code ${String(o.status)}`,c=new Error(l);throw c.code=l,c}},"killViaTaskkill"),Fi=_((e,t,i=Ni)=>{i(e,t)},"killViaSignal"),zi=_((e,t)=>{if(process.platform==="win32"){Mi(e,t);return}Fi(e,t)},"defaultKill"),kt=_((e,t)=>{const i=mt(e,t,{encoding:"utf8"});if(i.error)throw i.error;if(typeof i.status=="number"&&i.status!==0)throw new Error(`${e} exited with code ${String(i.status)}`);return typeof i.stdout=="string"?i.stdout:""},"runProcessListing"),wt=_(e=>{const t=kt("ps",["-Ao","pid=,command="]),i=[];for(const s of t.split(`
-`)){if(s.length===0)continue;const o=/^\s*(\d+)\s+(.+)$/.exec(s);if(!o)continue;const l=Number.parseInt(o[1]??"",10),c=(o[2]??"").toLowerCase();!Number.isFinite(l)||l===e||(/(?:^|[ /])vis-native(?:\s|$|[-.])/.test(c)||/(?:^|[ /])vis\s+run\b/.test(c)||/(?:^|[ /])task-runner(?:\s|$|[-.])/.test(c))&&i.push(l)}return i},"listOrphansUnix"),vt=_(e=>{const t=kt("tasklist",["/FO","CSV","/NH"]),i=[];for(const s of t.split(/\r?\n/)){if(s.length===0)continue;const o=s.split(/","/).map(h=>h.replaceAll(/^"|"$/g,"")),l=(o[0]??"").toLowerCase(),c=Number.parseInt(o[1]??"",10);!Number.isFinite(c)||c===e||(l==="vis.exe"||l.startsWith("vis-native")||l.includes("task-runner"))&&i.push(c)}return i},"listOrphansWindows"),ji=_(()=>[Ri(),Ii(),Ai()],"runRuntimeDiagnostics");var Ei=Object.defineProperty,we=O((e,t)=>Ei(e,"name",{value:t,configurable:!0}),"s$2");const ke=[{id:"dependencies",label:"Deps"},{id:"security",label:"Security"},{id:"optimization",label:"Optimize"},{id:"runtime",label:"Runtime"}],Fe=["dependencies","security","optimization","runtime"],me=we(e=>{const t=new Map;for(const i of Fe)t.set(i,[]);for(const i of e)t.get(i.section).push(i);for(const[i,s]of t)s.length===0&&t.delete(i);return t},"groupBySection"),ye=we((e,t,i,s)=>{let o=e.filter(l=>l.section===t);if(s&&(o=o.filter(l=>l.severity===s)),i){const l=i.toLowerCase();o=o.filter(c=>c.title.toLowerCase().includes(l))}return[...o]},"filterFindings"),Li=we(e=>{const t={dependencies:"idle",optimization:"idle",runtime:"idle",security:"idle"};for(const i of Fe)e.has(i)&&(t[i]="idle");return t},"initialStatus");class tt{static{O(this,"DoctorStore")}static{we(this,"DoctorStore")}#e;#i=new Set;constructor(t=[]){const i=Array.isArray(t)?{findings:t}:t,s=i.findings??[],o=i.activeSections??new Set(Fe),l=Fe.find(d=>o.has(d))??"dependencies",c=ye(s,l,"",void 0),h=Li(o);if(s.length>0)for(const d of s)h[d.section]="done";this.#e={all:s,entries:c,filterActive:!1,filterText:"",filterType:l,focusedPanel:"list",grouped:me(c),pendingAction:void 0,sectionError:{},sectionMessage:{},sectionStatus:h,selectedIndex:0,severityFilter:void 0}}getSnapshot=we(()=>this.#e,"getSnapshot");subscribe=we(t=>(this.#i.add(t),()=>{this.#i.delete(t)}),"subscribe");setSelectedIndex(t){const i=Math.max(0,Math.min(t,this.#e.entries.length-1));i!==this.#e.selectedIndex&&this.#t({...this.#e,selectedIndex:i})}setFocusedPanel(t){t!==this.#e.focusedPanel&&this.#t({...this.#e,focusedPanel:t})}setFilterType(t){if(t===this.#e.filterType)return;const i=ye(this.#e.all,t,this.#e.filterText,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterType:t,grouped:me(i),selectedIndex:0})}setFilter(t){const i=ye(this.#e.all,this.#e.filterType,t,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterText:t,grouped:me(i),selectedIndex:0})}setFilterActive(t){if(t===this.#e.filterActive)return;if(t){this.#t({...this.#e,filterActive:!0});return}const i=ye(this.#e.all,this.#e.filterType,"",this.#e.severityFilter);this.#t({...this.#e,entries:i,filterActive:!1,filterText:"",grouped:me(i),selectedIndex:0})}setPendingAction(t){this.#t({...this.#e,pendingAction:t})}setSeverityFilter(t){if(t===this.#e.severityFilter)return;const i=ye(this.#e.all,this.#e.filterType,this.#e.filterText,t);this.#t({...this.#e,entries:i,grouped:me(i),selectedIndex:0,severityFilter:t})}startSection(t,i){this.#t({...this.#e,sectionMessage:{...this.#e.sectionMessage,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"running"}})}completeSection(t,i){const s=[...this.#e.all,...i],o=ye(s,this.#e.filterType,this.#e.filterText,this.#e.severityFilter),l={...this.#e.sectionMessage};delete l[t],this.#t({...this.#e,all:s,entries:o,grouped:me(o),sectionMessage:l,sectionStatus:{...this.#e.sectionStatus,[t]:"done"}})}failSection(t,i){this.#t({...this.#e,sectionError:{...this.#e.sectionError,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"error"}})}#t(t){this.#e=t;for(const i of this.#i)try{i()}catch{}}}var Bi=Object.defineProperty,bt=O((e,t)=>Bi(e,"name",{value:t,configurable:!0}),"r$1");const it={error:0,warn:1},Vi=bt(e=>!!e.acceptedRisk,"isAcknowledged"),$t=bt(e=>{const t=[];if(e.sections.has("dependencies")){for(const i of e.outdated)t.push({entry:i,id:`outdated:${i.packageName}`,kind:"outdated",section:"dependencies",severity:"warn",subtitle:`${i.currentRange} → ${i.newRange} (${i.updateType})`,title:i.packageName});for(const i of e.duplicates)t.push({id:`duplicate:${i.name}`,kind:"duplicate",pkg:i,section:"dependencies",severity:"warn",subtitle:`${String(i.versions.length)} versions installed`,title:i.name})}if(e.sections.has("security"))for(const i of e.outdated){if(i.vulnerabilities&&i.vulnerabilities.length>0){const s=i.vulnerabilities[0],o=Vi(i)?"warn":"error",l=i.vulnerabilities.length;t.push({entry:i,id:`vuln:${i.packageName}`,kind:"vulnerability",packageName:i.packageName,section:"security",severity:o,subtitle:l===1?`${s.severity} · ${s.id}`:`${String(l)} advisories · top: ${s.severity} ${s.id}`,title:i.packageName})}if(i.socketReport&&i.socketReport.alerts.length>0){const s=Math.round(i.socketReport.score.overall*100);t.push({entry:i,id:`socket:${i.packageName}`,kind:"socket",packageName:i.packageName,section:"security",severity:"warn",subtitle:`${String(i.socketReport.alerts.length)} alert${i.socketReport.alerts.length===1?"":"s"} · score ${String(s)}%`,title:i.packageName})}}if(e.sections.has("optimization"))for(const i of e.optimizations)t.push({entry:i,id:`opt:${i.packageName}`,kind:"optimization",section:"optimization",severity:"warn",subtitle:`${i.category} → ${i.replacement}`,title:i.packageName});if(e.sections.has("runtime"))for(const i of e.runtime)i.status==="warn"&&t.push({diagnostic:i,id:`runtime:${i.id}`,kind:"runtime",section:"runtime",severity:"warn",title:i.message});return t.sort((i,s)=>{if(i.section!==s.section){const o=["dependencies","security","optimization","runtime"];return o.indexOf(i.section)-o.indexOf(s.section)}return it[i.severity]-it[s.severity]}),t},"flattenFindings"),St={dependencies:"Dependencies",optimization:"Optimization",runtime:"Runtime",security:"Security"};var Ui=Object.defineProperty,_i=O((e,t)=>Ui(e,"name",{value:t,configurable:!0}),"a$2");const Hi={error:"red",warn:"yellow"},Gi={error:"✖",warn:"⚠"},Yi={error:" ERROR ",warn:" WARN "},Ki=_i(({children:e,hint:t,message:i,severity:s,title:o})=>{const l=Hi[s];return a(p,{borderColor:l,borderStyle:"single",flexDirection:"column",flexShrink:0,paddingX:1,children:[a(p,{gap:1,children:[r(n,{backgroundColor:l,bold:!0,color:"black",children:Yi[s]}),r(n,{bold:!0,color:l,children:Gi[s]}),r(n,{bold:!0,wrap:"truncate-end",children:o})]}),r(n,{wrap:"truncate-end",children:i}),t?r(n,{dimColor:!0,wrap:"truncate-end",children:t}):null,e]})},"ConfigBanner");var qi=Object.defineProperty,te=O((e,t)=>qi(e,"name",{value:t,configurable:!0}),"d$2");const Ji={CRITICAL:"red",HIGH:"red",LOW:"gray",MODERATE:"yellow",UNKNOWN:"gray"},Wi={critical:"red",high:"red",low:"gray",medium:"yellow"},Xi={major:"red",minor:"yellow",patch:"green"},I=te(({children:e,label:t,width:i=14})=>a(p,{children:[r(p,{width:i,children:a(n,{dimColor:!0,children:[t,":"]})}),typeof e=="string"?r(n,{children:e}):e]}),"FieldRow"),oe=te(({children:e})=>r(p,{marginTop:1,children:r(n,{bold:!0,color:"white",children:e})}),"SectionTitle"),Qi=te(({finding:e})=>{const{entry:t}=e,i=Xi[t.updateType]??"white";return a(p,{flexDirection:"column",children:[r(I,{label:"Current",children:t.currentRange}),a(I,{label:"Target",children:[r(n,{children:t.newRange}),a(n,{bold:!0,color:i,children:[" (",t.updateType,")"]})]}),r(I,{label:"Catalog",children:t.catalogName}),t.acceptedRisk?r(I,{label:"Risk ack",children:r(n,{dimColor:!0,children:t.acceptedRisk.reason??"(no reason recorded)"})}):null,r(oe,{children:"Action"}),a(n,{dimColor:!0,children:["Run"," ",r(n,{bold:!0,color:"white",children:"vis update"})," ","to apply this change."]})]})},"OutdatedDetail"),Zi=te(({finding:e})=>a(p,{flexDirection:"column",children:[r(I,{label:"Versions",children:r(n,{children:String(e.pkg.versions.length)})}),r(oe,{children:"Installed versions"}),e.pkg.versions.map(t=>a(n,{children:["  · ",t]},t)),r(oe,{children:"Action"}),a(n,{dimColor:!0,children:["Run"," ",r(n,{bold:!0,color:"white",children:"vis dedupe"})," ","to consolidate to a single resolution."]})]}),"DuplicateDetail"),er=te(({finding:e})=>{const t=e.entry.vulnerabilities??[];return a(p,{flexDirection:"column",children:[r(I,{label:"Package",children:e.packageName}),r(I,{label:"Current",children:e.entry.currentRange}),r(I,{label:"Advisories",children:String(t.length)}),e.entry.acceptedRisk?r(I,{label:"Risk ack",children:r(n,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,t.map(i=>{const s=Ji[i.severity]??"gray";return a(p,{flexDirection:"column",marginTop:1,children:[a(p,{children:[r(n,{bold:!0,color:s,children:i.severity}),r(n,{children:" "}),r(n,{children:i.id}),typeof i.cvssScore=="number"?a(n,{dimColor:!0,children:[" · CVSS ",i.cvssScore.toFixed(1)]}):null]}),r(n,{wrap:"wrap",children:i.summary}),i.fixedVersions.length>0?a(n,{dimColor:!0,children:["Fixed in: ",i.fixedVersions.join(", ")]}):null,i.aliases&&i.aliases.length>0?a(n,{dimColor:!0,children:["Aliases: ",i.aliases.join(", ")]}):null]},i.id)})]})},"VulnerabilityDetail"),tr=te(({finding:e})=>{const t=e.entry.socketReport;if(!t)return r(n,{dimColor:!0,children:"No Socket report attached."});const i=Math.round(t.score.overall*100),s=Ke(t.score.overall);return a(p,{flexDirection:"column",children:[r(I,{label:"Package",children:e.packageName}),r(I,{label:"Overall",children:a(n,{color:s,children:[String(i),"%"]})}),r(I,{label:"Alerts",children:String(t.alerts.length)}),e.entry.acceptedRisk?r(I,{label:"Risk ack",children:r(n,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,r(oe,{children:"Score breakdown"}),Object.entries(t.score).map(([o,l])=>{if(o==="overall")return null;const c=typeof l=="number"?l:0,h=Math.round(c*100),d=Ke(c);return a(p,{children:[r(p,{width:14,children:a(n,{dimColor:!0,children:[o,":"]})}),a(n,{color:d,children:[String(h),"%"]})]},o)}),r(oe,{children:"Alerts"}),t.alerts.map((o,l)=>{const c=Wi[o.severity]??"gray";return a(p,{flexDirection:"column",marginBottom:1,children:[a(p,{children:[r(n,{bold:!0,color:c,children:o.severity}),r(n,{children:" "}),r(n,{children:o.type})]}),o.props?r(n,{dimColor:!0,wrap:"wrap",children:JSON.stringify(o.props)}):null]},`${o.type}-${String(l)}`)})]})},"SocketDetail"),ir=te(({finding:e})=>{const{entry:t}=e;return a(p,{flexDirection:"column",children:[r(I,{label:"Package",children:t.packageName}),r(I,{label:"Category",children:t.category}),r(I,{label:"Replacement",children:t.replacement}),t.overrideSpec?r(I,{label:"Override",children:t.overrideSpec}):null,r(I,{label:"Codemod",children:r(n,{color:t.hasCodemod?"green":"gray",children:t.hasCodemod?"available":"not available"})}),t.docUrl?r(I,{label:"Guide",children:r(n,{color:"cyan",underline:!0,children:t.docUrl})}):null,r(oe,{children:"Action"}),t.hasCodemod?a(n,{dimColor:!0,children:["Run"," ",r(n,{bold:!0,color:"white",children:"vis optimize"})," ","to apply the codemod interactively."]}):t.overrideSpec?a(n,{dimColor:!0,children:["Run"," ",r(n,{bold:!0,color:"white",children:"vis optimize"})," ","to install the package override."]}):t.docUrl?r(n,{dimColor:!0,children:"No automated codemod. Open the migration guide above for the recommended alternative and steps."}):r(n,{dimColor:!0,children:"No automated codemod. Consult the package's docs or the e18e module-replacements guide for an alternative."})]})},"OptimizationDetail"),rr=te(({finding:e})=>{const{diagnostic:t}=e,i=t.status==="warn"?"yellow":t.status==="ok"?"green":"gray";return a(p,{flexDirection:"column",children:[r(I,{label:"Check",children:t.id}),r(I,{label:"Status",children:r(n,{color:i,children:t.status})}),r(oe,{children:"Message"}),r(n,{wrap:"wrap",children:t.message}),t.detail&&Object.keys(t.detail).length>0?a(ci,{children:[r(oe,{children:"Details"}),Object.entries(t.detail).map(([s,o])=>a(p,{children:[r(p,{width:20,children:a(n,{dimColor:!0,children:[s,":"]})}),r(n,{children:String(o)})]},s))]}):null]})},"RuntimeDetail"),nr=te(({finding:e,focused:t,scrollRef:i})=>{const s=t?"white":"gray";if(!e)return r(p,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:r(n,{dimColor:!0,children:"No finding selected"})});let o;switch(e.kind){case"duplicate":{o=r(Zi,{finding:e});break}case"optimization":{o=r(ir,{finding:e});break}case"outdated":{o=r(Qi,{finding:e});break}case"runtime":{o=r(rr,{finding:e});break}case"socket":{o=r(tr,{finding:e});break}case"vulnerability":{o=r(er,{finding:e});break}default:{o=r(n,{dimColor:!0,children:"Unknown finding kind."});break}}return a(p,{borderColor:s,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[a(p,{flexShrink:0,paddingTop:1,paddingX:2,children:[r(n,{bold:!0,color:"white",children:e.title}),a(n,{dimColor:!0,children:["  ",St[e.section]]})]}),a(gi,{flexGrow:1,flexShrink:1,paddingX:2,ref:i,scrollbar:!0,scrollbarColor:"gray",scrollbarStyle:"block",children:[r(n,{}),o]})]})},"DoctorDetailPanel");var or=Object.defineProperty,Ae=O((e,t)=>or(e,"name",{value:t,configurable:!0}),"c$1");const Ct={error:"red",warn:"yellow"},sr={error:"✖",warn:"⚠"},lr=Ae(e=>e.kind==="outdated"||e.kind==="vulnerability"||e.kind==="socket"?!!e.entry.acceptedRisk:!1,"hasAcceptedRisk"),ar=Ae(({finding:e,isSelected:t})=>{const i=Ct[e.severity],s=lr(e);return a(p,{flexShrink:0,height:1,children:[r(n,{children:t?">":" "}),a(n,{color:i,children:[" ",sr[e.severity]," "]}),r(p,{flexGrow:1,children:r(n,{bold:t,inverse:t,wrap:"truncate",children:e.title})}),s?r(n,{color:"cyan",children:" ack"}):null,e.subtitle?a(n,{dimColor:!0,wrap:"truncate",children:[" ",e.subtitle]}):null]})},"FindingRow"),cr=Ae(({count:e,section:t})=>a(p,{flexShrink:0,height:1,marginTop:1,children:[r(n,{dimColor:!0,children:"▼ "}),r(n,{bold:!0,color:"white",children:St[t].toUpperCase()}),a(n,{dimColor:!0,children:[" (",e,")"]})]}),"SectionHeader"),dr=Ae(({count:e,label:t,status:i})=>a(n,{children:[t,i==="running"?a(n,{children:[" ",r(yt,{type:"dots"})]}):null,i==="error"?r(n,{bold:!0,color:"red",children:" ✖"}):a(n,{dimColor:!0,children:[" (",String(e),")"]})]}),"TabLabel"),ur=Ae(({elapsedMs:e,entries:t,filterActive:i,filterText:s,filterType:o,focused:l,fromCache:c=!1,grouped:h,onViewportHeightChange:d,scrollOffset:k,sectionCounts:b,sectionMessage:v,sectionStatus:D,selectedIndex:j,severityFilter:g,totalAll:A,viewportHeight:E})=>{const J=l?"white":"gray",{measuredHeight:B,ref:L}=ki(E,d);let T=0,V=0;for(const S of t)S.severity==="error"?T+=1:S.severity==="warn"&&(V+=1);const H=[];T>0&&H.push(`${String(T)} error${T===1?"":"s"}`),V>0&&H.push(`${String(V)} warn${V===1?"":"s"}`);const se=H.length>0?` (${H.join(", ")})`:"",ie=(e/1e3).toFixed(1),U=[];for(const[S,C]of h){U.push(r(cr,{count:C.length,section:S},`hdr-${S}`));for(const W of C){const R=t.indexOf(W);U.push(r(ar,{finding:W,isSelected:R===j},W.id))}}let z=0;for(const[,S]of h)z+=2+S.length;const Y=z>B&&B>0;return a(p,{borderColor:J,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[a(p,{flexShrink:0,gap:1,paddingX:1,children:[r(n,{bold:!0,inverse:!0,children:" DOCTOR "}),a(n,{wrap:"truncate",children:[t.length,t.length===A?"":`/${String(A)}`," finding",t.length===1?"":"s",se]}),g?r(n,{bold:!0,color:Ct[g],inverse:!0,children:` ${g.toUpperCase()} ONLY `}):null,c?r(n,{bold:!0,color:"cyan",inverse:!0,children:" CACHED "}):null,a(n,{dimColor:!0,children:[" · ",ie,"s"]})]}),r(p,{flexShrink:0,paddingX:1,paddingY:1,children:r(yi,{isFocused:l,keyMap:{next:[],previous:[],useNumbers:!1,useTab:!1},onChange:O(()=>{},"onChange"),showIndex:!1,value:o,children:ke.map(({id:S,label:C})=>r(mi,{name:S,children:r(dr,{count:b[S],label:C,status:D[S]})},S))})}),(()=>{const S=Object.keys(D).filter(C=>D[C]==="running"&&v[C]).map(C=>v[C]);return S.length===0?null:r(p,{flexShrink:0,paddingX:1,children:a(n,{dimColor:!0,wrap:"truncate",children:[r(yt,{type:"dots"})," ",S.join(" · ")]})})})(),i&&a(p,{flexShrink:0,paddingX:1,children:[r(n,{bold:!0,color:"white",children:"/ "}),r(n,{children:s}),r(n,{inverse:!0,children:" "})]}),a(p,{flexDirection:"row",flexGrow:1,overflow:"hidden",ref:L,children:[r(p,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:r(p,{flexDirection:"column",marginTop:-k,children:U.length>0?U:r(p,{marginTop:1,children:r(n,{dimColor:!0,children:"No findings match the current filter."})})})}),Y&&r(p,{flexShrink:0,marginLeft:1,marginRight:1,children:r(fi,{contentHeight:z,placement:"inset",scrollOffset:k,style:"block",viewportHeight:B})})]},`list-${o}-${s}`)]})},"DoctorListPanel");var pr=Object.defineProperty,je=O((e,t)=>pr(e,"name",{value:t,configurable:!0}),"g$1");const hr=je(e=>{if(e.kind==="outdated")return{command:`vis update ${e.entry.packageName}`,description:`Update ${e.entry.packageName} to ${e.entry.newRange}`};if(e.kind==="duplicate")return{command:`vis dedupe ${e.pkg.name}`,description:`Dedupe ${e.pkg.name} (${String(e.pkg.versions.length)} versions)`}},"buildUpdateAction"),gr=je(e=>{if(e.kind==="optimization")return{command:`vis optimize ${e.entry.packageName}`,description:`Replace ${e.entry.packageName} with ${e.entry.replacement}`}},"buildOptimizeAction"),fr=je(e=>{if(e.kind!=="outdated"&&e.kind!=="vulnerability"&&e.kind!=="socket")return;const t=e.kind==="outdated"?e.entry.packageName:e.packageName,i=["// Add to vis.config.ts:","security: {","    acceptedRisks: {",`        "${t}": {`,'            reason: "explain why this risk is acceptable",','            expiresAt: "YYYY-MM-DD",',"        },","    },","},"].join(`
-`);return{command:i,configSnippet:i,description:`Acknowledge risk for ${t}`}},"buildAckAction"),mr=100,yr=40,kr=10,wr=je(({autoExitSeconds:e=0,banner:t,fromCache:i=!1,startedAt:s,store:o})=>{const{exit:l}=ui(),{columns:c,rows:h}=hi(),d=qt(o.subscribe,o.getSnapshot),[k,b]=Te(!1),[v,D]=Te(!1),[j,g]=Te(0),[A,E]=Te(()=>Date.now());Je(()=>{const y=setInterval(()=>{E(Date.now())},1e3);return()=>{clearInterval(y)}},[]);const J=A-s,B=We(null),L=We(null),T=d.entries[d.selectedIndex]??null,V=Le(()=>{const y={dependencies:0,optimization:0,runtime:0,security:0};for(const m of d.all)y[m.section]+=1;return y},[d.all]),H=t?t.hint?5:4:0,se=Le(()=>{for(const y of Object.keys(d.sectionStatus))if(d.sectionStatus[y]==="running"&&d.sectionMessage[y])return 1;return 0},[d.sectionStatus,d.sectionMessage]),ie=c>=mr,U=ie?Math.max(1,h-H-2):Math.floor(h*.55),z=Math.max(1,U-6-se-(d.filterActive?1:0)),[Y,S]=Te(z),C=Y>0?Y:z,W=Le(()=>{let y=0;for(const[,m]of d.grouped)y+=2+m.length;return y},[d.grouped]),R=Math.max(0,W-C),le=Math.min(j,R),ue=Xe(y=>{let m=0,w=0;for(const[,Ce]of d.grouped){m+=2;for(let ae=0;ae<Ce.length;ae++){if(w===y)return m;m+=1,w+=1}}return m},[d.grouped]),P=Xe(y=>{const m=ue(y);g(w=>m>w+C-2?Math.min(R,Math.max(0,m-C+2)):m<w+1?Math.max(0,m-1):w)},[ue,C,R]);if(Je(()=>{L.current?.scrollToTop()},[T?.id]),pi((y,m)=>{if(y==="c"&&m.ctrl){l();return}if(!v){if(k){m.escape||y==="?"?b(!1):y==="q"?(b(!1),D(!0)):m.downArrow||y==="j"?B.current?.scrollBy(1):(m.upArrow||y==="k")&&B.current?.scrollBy(-1);return}if(y==="?"){b(!0);return}if(y==="q"){D(!0);return}if(m.tab){o.setFocusedPanel(d.focusedPanel==="list"?"detail":"list");return}if(d.filterActive){if(m.escape||m.return){o.setFilterActive(!1);return}if(m.backspace){g(0),o.setFilter(d.filterText.slice(0,-1));return}y&&!m.ctrl&&!m.meta&&(g(0),o.setFilter(d.filterText+y));return}if(d.focusedPanel==="list"&&(m.leftArrow||m.rightArrow)){const w=ke.findIndex(ae=>ae.id===d.filterType),Ce=m.rightArrow?(w+1)%ke.length:(w-1+ke.length)%ke.length;g(0),L.current?.scrollToTop(),o.setFilterType(ke[Ce].id);return}if(d.focusedPanel==="list"){if(m.downArrow||y==="j"){const w=Math.min(d.selectedIndex+1,d.entries.length-1);o.setSelectedIndex(w),P(w);return}if(m.upArrow||y==="k"){const w=Math.max(d.selectedIndex-1,0);o.setSelectedIndex(w),P(w);return}if(m.pageDown){const w=Math.min(d.selectedIndex+10,d.entries.length-1);o.setSelectedIndex(w),P(w);return}if(m.pageUp){const w=Math.max(d.selectedIndex-10,0);o.setSelectedIndex(w),P(w);return}if(m.home){o.setSelectedIndex(0),g(0);return}if(m.end){const w=d.entries.length-1;o.setSelectedIndex(w),P(w);return}if(y==="/"){o.setFilterActive(!0);return}if(y==="e"){o.setSeverityFilter(d.severityFilter==="error"?void 0:"error"),g(0);return}if(y==="w"){o.setSeverityFilter(d.severityFilter==="warn"?void 0:"warn"),g(0);return}if(y==="u"&&T){const w=hr(T);w&&(o.setPendingAction(w),l());return}if(y==="o"&&T){const w=gr(T);w&&(o.setPendingAction(w),l());return}if(y==="a"&&T){const w=fr(T);w&&(o.setPendingAction(w),l());return}if(y==="d"){o.setFocusedPanel("detail");return}return}if(m.escape||m.leftArrow){o.setFocusedPanel("list");return}if(m.downArrow||y==="j"){L.current?.scrollBy(1);return}if(m.upArrow||y==="k"){L.current?.scrollBy(-1);return}if(m.pageDown){L.current?.scrollBy(10);return}if(m.pageUp){L.current?.scrollBy(-10);return}if(m.home){L.current?.scrollToTop();return}m.end&&L.current?.scrollToBottom()}},{isActive:!0}),c<yr||h<kr)return r(p,{alignItems:"center",height:h,justifyContent:"center",width:c,children:a(n,{color:"yellow",children:["Terminal too small (",c,"x",h,")"]})});const X=d.focusedPanel==="detail",Z=[a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"q"}),r(n,{dimColor:!0,children:"QUIT"})]},"q"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"?"}),r(n,{dimColor:!0,children:"HELP"})]},"?"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"↑↓"}),r(n,{dimColor:!0,children:X?"SCROLL":"NAV"})]},"nav"),X?a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"←/Esc"}),r(n,{dimColor:!0,children:"LIST"})]},"lr"):a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"←→"}),r(n,{dimColor:!0,children:"SECTION"})]},"lr"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"/"}),r(n,{dimColor:!0,children:"SEARCH"})]},"search"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"e/w"}),r(n,{dimColor:!0,children:"SEVERITY"})]},"sev"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"u/o/a"}),r(n,{dimColor:!0,children:"ACTION"})]},"actions"),a(p,{gap:1,children:[r(n,{bold:!0,color:"white",children:"Tab"}),r(n,{dimColor:!0,children:"PANEL"})]},"tab")],pe=r(p,{borderBottom:!1,borderColor:"gray",borderLeft:!1,borderRight:!1,borderStyle:"single",flexShrink:0,children:r(p,{gap:2,overflow:"hidden",paddingX:1,children:Z})}),he=a(di,{footer:a(n,{dimColor:!0,children:[r(n,{bold:!0,color:"white",children:"↑↓"})," scroll  ",r(n,{bold:!0,color:"white",children:"?"}),"/",r(n,{bold:!0,color:"white",children:"Esc"})," close"]}),scrollRef:B,title:"DOCTOR — KEYBOARD SHORTCUTS",visible:k,width:56,children:[a(p,{flexDirection:"column",marginBottom:1,children:[a(p,{marginBottom:1,children:[r(n,{dimColor:!0,children:"── "}),r(n,{bold:!0,color:"white",children:"NAVIGATION"})]}),a(p,{children:[r(p,{width:26,children:a(n,{children:[r(n,{bold:!0,color:"white",children:" ↑/k  "}),r(n,{dimColor:!0,children:"Move up"})]})}),a(n,{children:[r(n,{bold:!0,color:"white",children:" ↓/j  "}),r(n,{dimColor:!0,children:"Move down"})]})]}),a(p,{children:[r(p,{width:26,children:a(n,{children:[r(n,{bold:!0,color:"white",children:" PgUp"}),r(n,{dimColor:!0,children:" Jump up 10"})]})}),a(n,{children:[r(n,{bold:!0,color:"white",children:" PgDn"}),r(n,{dimColor:!0,children:" Jump down 10"})]})]}),a(p,{children:[r(p,{width:26,children:a(n,{children:[r(n,{bold:!0,color:"white",children:" Home"}),r(n,{dimColor:!0,children:" Jump to top"})]})}),a(n,{children:[r(n,{bold:!0,color:"white",children:" End"}),r(n,{dimColor:!0,children:" Jump to bottom"})]})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" Tab"}),r(n,{dimColor:!0,children:" Switch panel"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" →/←"}),r(n,{dimColor:!0,children:" Section tabs (list) / Focus list (detail)"})]})]}),a(p,{flexDirection:"column",marginBottom:1,children:[a(p,{marginBottom:1,children:[r(n,{dimColor:!0,children:"── "}),r(n,{bold:!0,color:"white",children:"FILTER"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" /"}),r(n,{dimColor:!0,children:" Open text filter (Esc/Enter to close)"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" e"}),r(n,{dimColor:!0,children:" Toggle errors-only filter"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" w"}),r(n,{dimColor:!0,children:" Toggle warns-only filter"})]})]}),a(p,{flexDirection:"column",marginBottom:1,children:[a(p,{marginBottom:1,children:[r(n,{dimColor:!0,children:"── "}),r(n,{bold:!0,color:"white",children:"ACTIONS"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" u"}),r(n,{dimColor:!0,children:" Exit + suggest update / dedupe command"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" o"}),r(n,{dimColor:!0,children:" Exit + suggest optimize command"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" a"}),r(n,{dimColor:!0,children:" Exit + print risk-ack snippet"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" d"}),r(n,{dimColor:!0,children:" Focus detail panel"})]})]}),a(p,{flexDirection:"column",children:[a(p,{marginBottom:1,children:[r(n,{dimColor:!0,children:"── "}),r(n,{bold:!0,color:"white",children:"EXIT"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" q"}),r(n,{dimColor:!0,children:" Quit (with countdown)"})]}),a(n,{children:[r(n,{bold:!0,color:"white",children:" Ctrl+C"}),r(n,{dimColor:!0,children:" Quit immediately"})]})]})]}),ge=r(ur,{elapsedMs:J,entries:d.entries,filterActive:d.filterActive,filterText:d.filterText,filterType:d.filterType,focused:d.focusedPanel==="list",fromCache:i,grouped:d.grouped,onViewportHeightChange:S,scrollOffset:le,sectionCounts:V,sectionMessage:d.sectionMessage,sectionStatus:d.sectionStatus,selectedIndex:d.selectedIndex,severityFilter:d.severityFilter,totalAll:d.all.length,viewportHeight:C}),fe=t?r(Ki,{hint:t.hint,message:t.message,severity:t.severity,title:t.title}):null,Se=r(nr,{finding:T,focused:d.focusedPanel==="detail",scrollRef:L});if(ie){const y=Math.floor(c*.4);return a(p,{flexDirection:"column",height:h,width:c,children:[fe,a(p,{flexDirection:"row",flexGrow:1,children:[r(p,{flexGrow:1,children:ge}),r(p,{width:y,children:Se})]}),pe,r(qe,{autoExitSeconds:e||3,onCancel:O(()=>{D(!1)},"onCancel"),visible:v}),he]})}return a(p,{flexDirection:"column",height:h,width:c,children:[fe,r(p,{height:U,children:ge}),r(p,{flexGrow:1,children:Se}),pe,r(qe,{autoExitSeconds:e||3,onCancel:O(()=>{D(!1)},"onCancel"),visible:v}),he]})},"VisDoctorApp");var vr=Object.defineProperty,be=O((e,t)=>vr(e,"name",{value:t,configurable:!0}),"n");const br=be(e=>e.replaceAll(/[$()+.?[\\\]^{|}]/g,String.raw`\$&`),"escapeRegex"),$r=be(e=>{const t=e.split("*").map(i=>br(i));return new RegExp(`^${t.join(".*")}$`,"i")},"compilePattern"),Sr=be(e=>e?e.split(",").map(t=>t.trim()).filter(t=>t.length>0).map(t=>$r(t)):[],"parseFilterPatterns"),Ne=be((e,t)=>{for(const i of t)if(i.test(e))return!0;return!1},"matchesAny"),Cr=be((e,t,i)=>{if(t.length===0)return e;const s=e.outdated.filter(k=>Ne(k.packageName,t)),o=e.duplicates.filter(k=>Ne(k.name,t)),l=e.optimizations.filter(k=>Ne(k.packageName,t));let c=0,h=0,d=0;for(const k of s)k.vulnerabilities&&(c+=k.vulnerabilities.length),k.socketReport&&(h+=k.socketReport.alerts.length,k.socketReport.score.overall<i&&(d+=1));return{...e,duplicates:o,optimizations:l,outdated:s,socketIssues:{alerts:h,lowScore:d},vulnCount:c}},"applyFilter"),xt=be((e,t)=>t.length===0?[...e]:e.filter(i=>{if(i.kind==="runtime")return!0;const s=i.kind==="duplicate"?i.pkg.name:i.kind==="outdated"||i.kind==="optimization"?i.entry.packageName:i.packageName;return Ne(s,t)}),"filterFindingsByPattern");var xr=Object.defineProperty,$e=O((e,t)=>xr(e,"name",{value:t,configurable:!0}),"r");const Tt=["dependencies","security","optimization","runtime"],rt=$e(e=>{const t=new Set;if(!e)return t;for(const i of e.split(",")){const s=i.trim().toLowerCase();Tt.includes(s)&&t.add(s)}return t},"parseSectionList"),Tr=$e((e,t)=>{if(e!==void 0&&e!=="")return rt(e);const i=rt(t);return new Set(Tt.filter(s=>!i.has(s)))},"resolveSections"),Rt=$e(e=>{const t={micro:0,native:0,preferred:0,socket:0,total:e.length};for(const i of e)switch(i.category){case"micro-utility":{t.micro+=1;break}case"native":{t.native+=1;break}case"preferred":{t.preferred+=1;break}case"socket":{t.socket+=1;break}}return t},"summarizeOptimizations"),ne=$e((e,t)=>{if(!e.sections.has(t))return"skip";switch(t){case"dependencies":return e.outdated.length>0||e.duplicates.length>0?"warn":"ok";case"optimization":return e.optimizations.length>0?"warn":"ok";case"runtime":return e.runtime.some(i=>i.status==="warn")?"warn":"ok";case"security":return e.vulnCount>0||e.socketIssues.alerts>0?"error":e.socketIssues.lowScore>0?"warn":"ok";default:return"ok"}},"sectionStatus"),Rr=$e((e,t)=>{const i=Rt(e.optimizations),s={dependencies:ne(e,"dependencies"),optimization:ne(e,"optimization"),runtime:ne(e,"runtime"),security:ne(e,"security")},o=new Set([...Object.values(s),e.supplyChain.status]),l=o.has("error")?"error":o.has("warn")?"warn":"ok";return{dependencies:{duplicates:e.duplicates.length,installed:e.installedCount,outdated:e.outdated.length,status:s.dependencies},elapsedMs:e.elapsedMs,optimizations:{microUtilities:i.micro,native:i.native,preferred:i.preferred,socket:i.socket,status:s.optimization,total:i.total},packageManager:t,runtime:e.runtime.map(c=>({detail:c.detail,id:c.id,message:c.message,status:c.status})),runtimeStatus:s.runtime,security:{alerts:e.socketIssues.alerts,lowScorePackages:e.socketIssues.lowScore,status:s.security,vulnerabilities:e.vulnCount},status:l,supplyChain:{findings:e.supplyChain.findings.map(c=>({detail:c.detail,label:c.label,severity:c.severity})),status:e.supplyChain.status},workspaces:e.workspaceCount}},"buildJsonPayload"),nt=$e((e,t)=>{const i=e.runtime.some(o=>o.status==="warn"),s=e.vulnCount>0||e.socketIssues.alerts>0;return t?s||e.outdated.length>0||e.duplicates.length>0||i:s},"shouldFail");var Ir=Object.defineProperty,Ve=O((e,t)=>Ir(e,"name",{value:t,configurable:!0}),"i");const Dr=/^(@[\w./-]+\/[\w./-]+|[\w.-]+)@(.+)$/,Ar=Ve(e=>{const t=Dr.exec(e);if(t)return{name:t[1],version:t[2]}},"parsePatchKey"),Or=Ve((e,t)=>{let i;try{if(t==="pnpm"){const o=ee(e,"pnpm-workspace.yaml");Me(o)&&(i=zt(o)?.patchedDependencies)}else if(t==="bun"){const o=ee(e,"package.json");Me(o)&&(i=ht(o)?.patchedDependencies)}}catch{return[]}if(!i||typeof i!="object")return[];const s=[];for(const[o,l]of Object.entries(i)){if(typeof l!="string"||l.length===0)continue;const c=Ar(o);c&&s.push({name:c.name,patchFile:l,resolvedPatchFile:Ht(l)?l:gt(e,l),version:c.version})}return s},"readPatchedDependencies"),Pr=Ve(e=>{const t=[];for(const i of e)Me(i.resolvedPatchFile)||t.push({entry:i,kind:"missing-file"});return t},"findPatchIssues");var Nr=Object.defineProperty,It=O((e,t)=>Nr(e,"name",{value:t,configurable:!0}),"u$1");const ot=It(e=>e.some(t=>t.severity==="error")?"error":e.some(t=>t.severity==="warn")?"warn":"ok","rollUpStatus"),Mr=It((e,t={})=>{const i=[],s=e?.security;if(!s)return i.push({detail:"Use defineConfig() from '@visulima/vis/config' to apply secure defaults.",label:"No security config — running with the PM's native defaults",severity:"warn"}),{findings:i,status:ot(i)};const o=s.policies?.firstSeen?.minutes,l=s.policies?.publisherChange,c=s.policies?.installScripts;o===void 0?i.push({detail:"Set security.policies.firstSeen.minutes to block packages published in the last N minutes (mitigates supply-chain attacks).",label:"policies.firstSeen.minutes is not set",severity:"warn"}):o===0?i.push({detail:"New packages can be installed immediately after publishing. Consider setting a non-zero cooldown.",label:"policies.firstSeen.minutes is explicitly 0",severity:"warn"}):i.push({label:`policies.firstSeen.minutes: ${String(o)} minutes`,severity:"ok"}),l?.mode===void 0||l.mode==="off"?i.push({detail:"Packages whose trust level has decreased will not be blocked. Consider 'no-downgrade'.",label:`policies.publisherChange.mode: ${l?.mode??"not set"}`,severity:"warn"}):i.push({label:`policies.publisherChange.mode: ${l.mode}`,severity:"ok"}),s.blockExoticSubdeps===void 0||!s.blockExoticSubdeps?i.push({detail:"Transitive dependencies can pull code from git repos or tarball URLs. Set to true to block.",label:`blockExoticSubdeps: ${String(s.blockExoticSubdeps??!1)}`,severity:"warn"}):i.push({label:"blockExoticSubdeps: true",severity:"ok"});const h=c?.allow?Object.keys(c.allow).length:0;if(h===0?i.push({detail:"Lifecycle scripts are blocked by default. List trusted packages here to opt them back in (e.g. esbuild, @prisma/client).",label:"policies.installScripts.allow: not configured",severity:"warn"}):i.push({label:`policies.installScripts.allow: ${String(h)} ${h===1?"entry":"entries"}`,severity:"ok"}),c?.strict&&h===0&&i.push({detail:"All dependencies with build scripts will be blocked. Run 'vis approve-builds' to populate the allow list.",label:"policies.installScripts.strict is on but allow is empty",severity:"error"}),t.workspaceRoot){const d=wi(t.workspaceRoot);if(d.length>0){const k=[...new Set(d.map(b=>b.tool))].sort((b,v)=>b.localeCompare(v)).join(", ");i.push({detail:"Run `vis migrate verify` for the full list, then re-run `vis migrate <tool>` to clean up.",label:`${String(d.length)} leftover ${d.length===1?"reference":"references"} to ${k}`,severity:"warn"})}}if(t.workspaceRoot&&t.packageManager){const d=Or(t.workspaceRoot,t.packageManager);if(d.length>0){const k=Pr(d);if(k.length===0)i.push({label:`patchedDependencies: ${String(d.length)} ${d.length===1?"entry":"entries"} resolved`,severity:"ok"});else for(const b of k)i.push({detail:`Referenced from ${t.packageManager==="pnpm"?"pnpm-workspace.yaml":"package.json"} but the file is not present at ${b.entry.patchFile}.`,label:`patchedDependencies: missing patch file for ${b.entry.name}@${b.entry.version}`,severity:"error"})}}return{findings:i,status:ot(i)}},"buildSupplyChainPosture");var Fr=Object.defineProperty,x=O((e,t)=>Fr(e,"name",{value:t,configurable:!0}),"u");const G=x(e=>e>=1e3?`${(e/1e3).toFixed(1)}s`:`${String(Math.round(e))}ms`,"fmtDuration"),Oe=x(async(e,t,i,s)=>{if(!e)return i();e.start(t);const o=Date.now();try{const l=await i(),c=Date.now()-o,{status:h,summary:d}=s(l,c);return e.finish(t,h,d),l}catch(l){const c=Date.now()-o,h=l instanceof Error?l.message:String(l);throw e.finish(t,"error",`${h} (${G(c)})`),l}},"tracked"),zr=x((e,t)=>{const i={duplicates:t.duplicates,elapsedMs:0,installedCount:0,optimizations:t.optimizations,outdated:t.outdated,runtime:t.runtime,sections:new Set([e]),socketIssues:{alerts:0,lowScore:0},supplyChain:{findings:[],status:"ok"},vulnCount:0,workspaceCount:0};return $t(i)},"buildSectionFindings"),st=x(async e=>{const{filterPatterns:t,installed:i,progress:s,resolveCodemods:o,sections:l,store:c,visConfig:h,workspaceRoot:d}=e,k=l.has("dependencies"),b=l.has("security"),v=l.has("optimization"),D=l.has("runtime"),j=x((f,N)=>xt(zr(f,N),t),"sectionFindings"),g=at(d),{packageManager:A}=ct(d),E=Ze(ee(d,"package.json"),!1),J=ft(d),B=new Set(E);for(const f of J){const N=Ze(ee(gt(d,f),"package.json"),!1);for(const M of N)B.add(M)}const L=jt(d),T=dt(d,A),V=ut(h?.security?.socket,h?.security?.policies?.score?.minimum),H=V?.minimumScore??h?.security?.policies?.score?.minimum??pt,se=h?.security?.acceptedRisks,ie=Zt(d,g.name),U={exclude:[],ignore:[],include:[],includeLocked:!1,includePrerelease:!1,security:!0,target:"latest"},z=k?li(d,g.name):[],Y=v?ei(B):[],S=v?ti(B,ie,g,!1):[],C=new Set(Y.map(f=>f.packageName)),W=S.filter(f=>!C.has(f.packageName)),R=[...Y,...W],le=D?ji():[];c&&(k&&c.startSection("dependencies",T.size>0?"checking outdated catalog dependencies":"scanning duplicates"),b&&c.startSection("security",i.length>0?`scanning ${String(i.length)} packages for advisories`:"no installed packages to scan"),v&&c.startSection("optimization","matching e18e + socket overrides"),D&&c.startSection("runtime","running runtime diagnostics")),c&&D&&c.completeSection("runtime",j("runtime",{duplicates:[],optimizations:[],outdated:[],runtime:le}));const ue=(k||b)&&T.size>0?Oe(s,"outdated",()=>Et(T,U,L,void 0,d,V,se),(f,N)=>{const M=f.outdated.length;return{status:M>0?"warn":"ok",summary:M>0?`${String(M)} outdated · ${G(N)}`:`up to date · ${G(N)}`}}):Promise.resolve({failed:[],ignored:[],outdated:[]}),P=b&&i.length>0?Oe(s,"vulnerabilities",()=>Lt(i.map(f=>({name:f.name,version:f.version}))),(f,N)=>{let M=0;for(const re of f.values())M+=re.length;return{status:M>0?"error":"ok",summary:M>0?`${String(M)} found · ${G(N)}`:`none found · ${G(N)}`}}):Promise.resolve(new Map),X=b&&V&&i.length>0?Oe(s,"socket",()=>Bt(i.map(f=>({name:f.name,version:f.version})),V),(f,N)=>{let M=0,re=0;for(const Ye of f.values())M+=Ye.alerts.length,Ye.score.overall<H&&(re+=1);const Ge=M+re;return{status:Ge>0?"warn":"ok",summary:Ge>0?`${String(M)} alert${M===1?"":"s"}, ${String(re)} low-score · ${G(N)}`:`clean · ${G(N)}`}}):Promise.resolve(new Map);let Z,pe,he,ge;const fe=ue.catch(f=>(Z=f instanceof Error?f.message:String(f),c||u.warn(`Outdated scan failed: ${Z}`),{failed:[],ignored:[],outdated:[]})),Se=P.catch(f=>(pe=f instanceof Error?f.message:String(f),c||u.warn(`Vulnerability scan failed: ${pe}`),new Map)),y=X.catch(f=>(he=f instanceof Error?f.message:String(f),c||u.warn(`Socket scan failed: ${he}`),new Map)),m=c&&k?fe.then(f=>{if(Z){c.failSection("dependencies",Z);return}c.completeSection("dependencies",j("dependencies",{duplicates:z,optimizations:[],outdated:f.outdated,runtime:[]}))}):void 0,w=c&&b?Promise.all([fe,Se,y]).then(([f])=>{const N=Z??pe??he;if(N){c.failSection("security",N);return}c.completeSection("security",j("security",{duplicates:[],optimizations:[],outdated:f.outdated,runtime:[]}))}):void 0,Ce=(async()=>{if(o&&v&&R.length>0&&await Oe(s,"codemods",async()=>(await ii(R),R),(f,N)=>{const M=f.filter(re=>re.hasCodemod||re.category==="socket").length;return{status:"ok",summary:`${String(M)} auto-fixable · ${G(N)}`}}).catch(f=>{ge=f instanceof Error?f.message:String(f)}),c&&v){if(ge){c.failSection("optimization",ge);return}c.completeSection("optimization",j("optimization",{duplicates:[],optimizations:R,outdated:[],runtime:[]}))}})(),[ae,At,Ot]=await Promise.all([fe,Se,y]);await Promise.all([m,w,Ce]);let _e=0,He=0;if(b&&V)for(const f of Ot.values())_e+=f.alerts.length,f.score.overall<H&&(He+=1);let Ee=0;if(b){for(const f of ae.outdated)f.vulnerabilities&&f.vulnerabilities.length>0&&(Ee+=f.vulnerabilities.length);for(const f of At.values())Ee+=f.length}return{duplicates:z,installedCount:i.length,optimizations:v?R:[],outdated:k?ae.outdated:[],runtime:le,sections:l,socketIssues:{alerts:_e,lowScore:He},supplyChain:Mr(h,{packageManager:A,workspaceRoot:d}),vulnCount:Ee,workspaceCount:J.length}},"streamScans"),jr=x(e=>{switch(e){case"error":return Re(F.failure);case"skip":return $(F.dash);case"warn":return ze(F.warning);default:return ve(F.success)}},"sectionIcon"),de=x((e,t)=>{const i=process.stderr.columns??80,s=Math.max(20,Math.min(i-2,60)),o=F.dash.repeat(2),l=`${jr(t)} ${ce(e)}`,c=l.replaceAll(/\[[0-9;]*m/g,"").length,h=Math.max(0,s-c-o.length-2);return`${o} ${l} ${$(F.dash.repeat(h))}`},"heading"),q=x(e=>`  ${ve(F.success)} ${e}`,"itemOk"),Q=x(e=>`  ${ze(F.warning)} ${e}`,"itemWarn"),Ue=x(e=>`  ${Re(F.failure)} ${e}`,"itemError"),Dt=x(e=>`  ${$(F.dash)} ${$(e)}`,"itemSkip"),K=x((e,t,i)=>{const s=`${ce(String(e))} ${$(t)}`;return i?`${s} ${$(`(${i})`)}`:s},"countLine"),Er=x(e=>{if(e.sections.has("dependencies")){if(u.log(""),u.log(de("Dependencies",ne(e,"dependencies"))),u.log(q(K(e.installedCount,"packages installed"))),e.outdated.length>0){const t=e.outdated.filter(l=>l.updateType==="major").length,i=e.outdated.filter(l=>l.updateType==="minor").length,s=e.outdated.filter(l=>l.updateType==="patch").length,o=[];t>0&&o.push(`${String(t)} major`),i>0&&o.push(`${String(i)} minor`),s>0&&o.push(`${String(s)} patch`),u.log(Q(K(e.outdated.length,"outdated",o.join(", "))))}else u.log(q("All dependencies up to date"));e.duplicates.length>0?u.log(Q(K(e.duplicates.length,"packages with duplicate versions"))):u.log(q("No duplicate dependencies"))}},"displayDependencies"),Lr=x(e=>{e.sections.has("security")&&(u.log(""),u.log(de("Security",ne(e,"security"))),e.vulnCount>0?u.log(Ue(K(e.vulnCount,`vulnerabilit${e.vulnCount===1?"y":"ies"} found`))):u.log(q("No known vulnerabilities")),e.socketIssues.alerts>0&&u.log(Q(K(e.socketIssues.alerts,`Socket.dev security alert${e.socketIssues.alerts===1?"":"s"}`))),e.socketIssues.lowScore>0&&u.log(Q(K(e.socketIssues.lowScore,`package${e.socketIssues.lowScore===1?"":"s"} with low security score`))),e.socketIssues.alerts===0&&e.socketIssues.lowScore===0&&e.vulnCount===0&&u.log(q("No security issues detected")))},"displaySecurity"),Br=x(e=>{if(!e.sections.has("optimization"))return;u.log(""),u.log(de("Optimization",ne(e,"optimization")));const t=Rt(e.optimizations);if(t.total===0){u.log(q("No optimizations available"));return}t.native>0&&u.log(Q(K(t.native,"replaceable with native APIs"))),t.preferred>0&&u.log(Q(K(t.preferred,"with lighter alternatives"))),t.micro>0&&u.log(Q(K(t.micro,"trivial micro-utilities"))),t.socket>0&&u.log(Q(K(t.socket,"@socketregistry overrides available")))},"displayOptimization"),Vr=x(e=>{u.log(""),u.log(de("Supply Chain",e.supplyChain.status));for(const t of e.supplyChain.findings){const i=t.severity==="ok"?q(t.label):t.severity==="error"?Ue(t.label):Q(t.label);u.log(i),t.detail&&u.log(`  ${$(F.arrow)} ${$(t.detail)}`)}e.supplyChain.status!=="ok"&&u.log(`  ${$(F.arrow)} ${$("Configure with security.* in vis.config.ts. See `vis check --security-config` for details.")}`)},"displaySupplyChain"),Ur=x(e=>{if(e.sections.has("runtime")){u.log(""),u.log(de("Runtime",ne(e,"runtime")));for(const t of e.runtime)t.status==="ok"?u.log(q(t.message)):t.status==="skip"?u.log(Dt(t.message)):u.log(Q(t.message))}},"displayRuntime"),_r=x((e,t)=>{const i=e.vulnCount,s=e.runtime.filter(l=>l.status==="warn").length,o=e.outdated.length+e.duplicates.length+e.optimizations.length+s;if(t){if(i===0&&o===0)u.success(`Everything looks good! ${$(`(${G(e.elapsedMs)})`)}`);else{const l=[];i>0&&l.push(Re(`${String(i)} security`)),o>0&&l.push(ze(`${String(o)} improvement${o===1?"":"s"}`)),u.log(`${Re(F.failure)} ${l.join(", ")} ${$(`(${G(e.elapsedMs)})`)}`)}return}u.log(""),u.log(de("Summary","ok")),i===0&&o===0?u.success(`Everything looks good! ${$(`(${G(e.elapsedMs)})`)}`):(i>0&&u.error(`${String(i)} security issue${i===1?"":"s"}`),o>0&&u.log(`  ${Ie(F.arrow)} ${ce(String(o))} ${$(`improvement${o===1?"":"s"} available`)} ${$(`(${G(e.elapsedMs)})`)}`))},"displaySummary"),Hr=x(e=>{const t=[];if(e.outdated.length>0&&t.push("vis update     — update outdated dependencies"),(e.vulnCount>0||e.socketIssues.alerts>0)&&t.push("vis audit      — detailed security analysis"),e.optimizations.length>0&&t.push("vis optimize   — apply optimizations interactively"),e.duplicates.length>0&&t.push("vis dedupe     — reduce duplicate versions"),t.length>0){u.log(""),u.log(ce("Next steps:"));for(const i of t)u.log(`  ${$(F.arrow)} ${i}`)}u.log("")},"displayActions"),Gr=x((e,t)=>{t||(Er(e),Lr(e),Br(e),Ur(e),Vr(e)),_r(e,t)},"displayResults"),Yr=x((e,t,i,s,o)=>{const l=[],c=e.has("dependencies"),h=e.has("security"),d=e.has("optimization");return(c||h)&&t>0&&l.push({id:"outdated",label:"Outdated catalog dependencies"}),h&&s>0&&l.push({id:"vulnerabilities",label:"Known vulnerabilities (OSV)"}),h&&i&&s>0&&l.push({id:"socket",label:"Socket.dev supply-chain reports"}),d&&o&&l.push({id:"codemods",label:"Codemod availability"}),l},"planScanTasks"),Kr=x(e=>{if(u.log(""),u.log(`${ce(Ie("vis doctor"))} ${$("— project health check")}`),u.log(q(`Detected ${e.packageManagerName} v${e.packageManagerVersion}`)),e.workspaceCount!==void 0&&e.workspaceCount>0&&u.log(q(K(e.workspaceCount,`workspace package${e.workspaceCount===1?"":"s"}`))),e.runtimeFindings.length===0)u.log(q(`Node.js ${e.nodeVersion}`));else{for(const t of e.runtimeFindings){const i=t.severity==="error"?Re:ze;u.log(Ue(`Runtime: ${i(t.message)}`))}u.log(`  ${$(F.arrow)} Run ${ve("vis toolchain install")} to install pinned versions, or ${ve("vis toolchain status")} for the per-tool breakdown.`)}u.log("")},"printBanner"),bn=x(async({logger:e,options:t,visConfig:i,visConfigError:s,workspaceRoot:o})=>{if(!o)throw new Error("Could not determine workspace root.");const l=t.format==="json"||t.json===!0,c=Tr(t.only,t.skip),h=!!t.quiet,d=t.progress===!1,k=Sr(t.filter);if(c.size===0){u.error("No sections selected. Check your --only / --skip values."),process.exitCode=2;return}const b=Date.now(),v=at(o),D=oi(o),j=!!process.stdout.isTTY,g=!l&&j&&!Vt&&!h&&!d;!l&&!g&&Kr({nodeVersion:process.versions.node,packageManagerName:v.name,packageManagerVersion:v.version,runtimeFindings:D,workspaceCount:void 0});const A=dt(o,ct(o).packageManager),E=ai(o,v.name),J=E.length,B=!!ut(i?.security?.socket),L=i?.security?.policies?.score?.minimum??pt,T=ft(o);if(!l&&!h&&!g){const P=T.length>0?$(` · ${String(T.length)} workspace package${T.length===1?"":"s"}`):"";u.log(`${$("·")} ${$("Found")} ${ce(String(J))} ${$(`installed package${J===1?"":"s"}`)}${P}`)}const V=s?{hint:s.file?`Continuing with default settings — fix or regenerate ${s.file} (vis init --force).`:"Continuing with default settings.",message:s.message,severity:"error",title:s.file?`Failed to load ${s.file}`:"Failed to load vis.config"}:void 0,H={bun:"bun.lock",npm:"package-lock.json",pnpm:"pnpm-lock.yaml",yarn:"yarn.lock"}[v.name],se=H?ee(o,H):void 0,ie=Gt(o),U=t.cache!==!1&&!t.fix?Si({configPath:ie,lockfilePath:se,sections:c,socketEnabled:B,workspaceRoot:o}):void 0,z=U?Ci(U):void 0,Y=z!==void 0;let S,C;if(g){const P=z?new tt({activeSections:c,findings:xt($t(z),k)}):new tt({activeSections:c}),X=Yt(Kt.createElement(wr,{banner:V,fromCache:Y,startedAt:b,store:P}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0});try{S=z??await st({filterPatterns:k,installed:E,resolveCodemods:!!t.fix,sections:c,store:P,visConfig:i,workspaceRoot:o})}catch(Z){throw X.unmount(),Z}await X.waitUntilExit(),C=P.getSnapshot().pendingAction}else if(z)S=z;else{const P=Yr(c,A.size,B,J,!!t.fix),X=si(P,{live:!l&&!h&&!d});try{S=await st({filterPatterns:k,installed:E,progress:X,resolveCodemods:!!t.fix,sections:c,visConfig:i,workspaceRoot:o})}finally{X.stop()}}const W={...S,elapsedMs:Date.now()-b};if(U&&!Y)try{xi(U,W)}catch{}const R=Cr(W,k,L);if(l){process.stdout.write(`${JSON.stringify(Rr(R,v.name),void 0,2)}
-`),t.exitCode&&nt(R,!!t.strict)&&(process.exitCode=1);return}Y&&!h&&u.log(`${$("·")} Cached results (use --no-cache to refresh)`),k.length>0&&!h&&u.log(`${$("·")} Filter active: ${Ie(t.filter??"")}`),Gr(R,h);const le=R.runtime.some(P=>P.id===Pe&&P.status==="warn"),ue=R.sections.has("optimization")&&R.optimizations.length>0;t.fix&&(ue||le)?await qr({force:!!t.fixForce,logger:e,pm:v,recoverOrphans:le,results:R,useEditorconfig:i?.editorconfig??!0,workspaceRoot:o}):h||Hr(R),C&&(process.stdout.write(`
-`),process.stdout.write(`${ce("→ ")}${C.description}
-`),C.configSnippet?(process.stdout.write(`
-`),process.stdout.write(`${$(C.configSnippet)}
-`)):process.stdout.write(`  ${Ie(C.command)}
-`),process.stdout.write(`
-`)),t.exitCode&&nt(R,!!t.strict)&&(process.exitCode=1)},"execute"),qr=x(async e=>{const{force:t,logger:i,pm:s,recoverOrphans:o,results:l,useEditorconfig:c,workspaceRoot:h}=e;u.log(""),u.log(de("Applying fixes","ok"));const d=l.optimizations.filter(g=>g.category==="socket"&&g.overrideSpec).map(g=>({original:g.packageName,spec:g.overrideSpec})),k=l.optimizations.filter(g=>g.category!=="socket"&&g.hasCodemod),b=l.optimizations.filter(g=>g.category!=="socket"&&!g.hasCodemod);let v=!1,D=0;const j=[];if(o){const g=Oi({force:t});if(g.killed.length>0&&(u.success(`Cleaned up ${String(g.killed.length)} orphaned process${g.killed.length===1?"":"es"} (PIDs: ${g.killed.join(", ")}).`),v=!0),g.failed.length>0){const A=t?"":" Re-run with `--fix --fix-force` to escalate to SIGKILL.";u.warn(`Could not signal ${String(g.failed.length)} orphan${g.failed.length===1?"":"s"}: ${g.failed.map(E=>`${String(E.pid)} (${E.reason})`).join(", ")}.${A}`)}}if(d.length>0){const g=ri(h,ee(h,"package.json"),d,s,c);g.added.length>0&&(u.success(`Added ${String(g.added.length)} security override${g.added.length===1?"":"s"}.`),v=!0),g.updated.length>0&&(u.success(`Updated ${String(g.updated.length)} override${g.updated.length===1?"":"s"}.`),v=!0)}for(const g of k)try{const A=await ni(h,g.packageName);A.filesChanged>0&&(u.success(`${g.packageName}: ${String(A.filesChanged)} file${A.filesChanged===1?"":"s"} updated`),D+=1,v=!0)}catch(A){const E=A instanceof Error?A.message:String(A);j.push({error:E,package:g.packageName}),u.warn(`${g.packageName}: codemod failed — ${E}`)}d.length>0&&(u.log(`${Ie(F.arrow)} Running ${s.name} install to update lockfile…`),Ut(s,{dev:!1,filter:[],force:!1,frozenLockfile:!1,ignoreScripts:!1,lockfileOnly:!1,noOptional:!1,offline:!1,prod:!1,recursive:!1,silent:!1,workspaceRoot:!1},h,i),v=!0),u.log(""),v?u.success(`Fixes applied. ${D>0?`${String(D)} codemod${D===1?"":"s"} applied.`:""}`.trim()):u.log(Dt("No auto-fixable items in the current run.")),j.length>0&&u.warn(`${String(j.length)} codemod${j.length===1?"":"s"} failed (run ${ve("vis optimize")} for the interactive picker).`),b.length>0&&u.notice(`${String(b.length)} optimization${b.length===1?"":"s"} need manual review (no codemod). Run ${ve("vis optimize")} to inspect them.`)},"runFixes");export{bn as default};
+var kt=Object.defineProperty;var O=(e,t)=>kt(e,"name",{value:t,configurable:!0});import{createRequire as bt}from"node:module";import{aD as Nt,o as Le,aB as G,r as Ct,t as Rt,b3 as Ot,E as j,e as fe,q as st,b4 as rt,a as ge,a9 as Et,ac as It,p as d,A as jt,i as _e,b as Pt,T as Dt,f as Lt,aa as Ue,C as Wt,O as Mt,af as Tt,s as Ie,u as Ht}from"./bin.js";import{M as H,i as B,$ as me,B as Be,n as ot,C as Vt}from"./config.js";import{whichBin as Ft}from"#native";import{t as Gt,b as _t}from"../packem_shared/cyclonedx-CO7-Y1B1.js";import{s as qt}from"../packem_shared/scan-progress-CMynp3eA.js";import{r as Kt,A as qe,q as Ke}from"../packem_shared/advisories-DS8JEB_g.js";import{l as zt,f as Jt}from"../packem_shared/dependency-scan-DPHTzA5r.js";import{r as Yt}from"../packem_shared/manifests-B0fMp872.js";import{l as Zt,p as Xt,O as Qt}from"../packem_shared/osv-bloom-QSAn2Dcw.js";import{s as ue,g as es,p as ts,e as ss}from"../packem_shared/index-B4gpNmrG.js";const $t=bt(import.meta.url),X=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,he=O(e=>{if(typeof X<"u"&&X.versions&&X.versions.node){const[t,s]=X.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return X.getBuiltinModule(e)}return $t(e)},"__cjs_getBuiltinModule"),{spawnSync:wt}=he("node:child_process"),{existsSync:Qe,readFileSync:et,writeFileSync:tt,renameSync:xt,unlinkSync:St}=he("node:fs"),{createInterface:At}=he("node:readline"),{relative:Ut,join:Bt}=he("node:path");var rs=Object.defineProperty,os=O((e,t)=>rs(e,"name",{value:t,configurable:!0}),"t"),ns=Object.defineProperty,as=os((e,t)=>ns(e,"name",{value:t,configurable:!0}),"s"),is=Object.defineProperty,cs=as((e,t)=>is(e,"name",{value:t,configurable:!0}),"n");const ze=cs((e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const s=[];for(const r of Nt(e,t))s.push(r.path);return s},"collectSync");var ls=Object.defineProperty,_=O((e,t)=>ls(e,"name",{value:t,configurable:!0}),"o$1");const ve=_(e=>Array.isArray(e)?e.filter(t=>typeof t=="string"):[],"toStringArray"),je=_((e,t)=>{for(const s of t)if(s===e||s.endsWith("*")&&e.startsWith(s.slice(0,-1)))return!0;return!1},"matchesGlobList"),nt=_(e=>{const t=H(e,"pnpm-workspace.yaml");if(!B(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const s=Le(t);return{excludedPackages:[],ignoredAdvisories:[...ve(s?.auditConfig?.ignoreCves),...ve(s?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),at=_(e=>{const t=H(e,".yarnrc.yml");if(!B(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const s=Le(t);return{excludedPackages:ve(s?.npmAuditExcludePackages),ignoredAdvisories:ve(s?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),ds=_((e,t)=>{switch(t){case"pnpm":return nt(e);case"yarn":return at(e);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),ee=_((e,t,s)=>{if(je(e,t.ignoredAdvisories))return!0;if(s){for(const r of s)if(je(r,t.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),ps=_((e,t)=>je(e,t.excludedPackages),"isPackageExcluded"),us=_((e,t,s)=>{if(s.length===0)return["No advisory IDs to sync."];const r=[];switch(e){case"bun":{r.push(`bun has no audit config file. Use CLI flags: bun audit ${s.map(o=>`--ignore ${o}`).join(" ")}`);break}case"npm":{r.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const o=H(t,"pnpm-workspace.yaml");if(!B(o)){r.push("pnpm-workspace.yaml not found. Cannot sync.");break}const a=nt(t),n=new Set(a.ignoredAdvisories.filter(k=>k.startsWith("CVE-"))),l=new Set(a.ignoredAdvisories.filter(k=>k.startsWith("GHSA-"))),p=s.filter(k=>k.startsWith("CVE-")),u=s.filter(k=>k.startsWith("GHSA-")),g=[...new Set([...n,...p])],b=[...new Set([...l,...u])],v=p.filter(k=>!n.has(k)).length,$=u.filter(k=>!l.has(k)).length;if(v===0&&$===0){r.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let y=me(o);if(g.length>0){const k=`  ignoreCves:
+${g.map(w=>`    - ${w}`).join(`
+`)}
+`;/auditConfig:/.test(y)?y=/ignoreCves:/.test(y)?y.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,k):y.replace(/auditConfig:\s*\n/,`auditConfig:
+${k}`):y=`${y.trimEnd()}
+
+auditConfig:
+${k}`,v>0&&r.push(`Added ${String(v)} new CVE${v===1?"":"s"} to pnpm-workspace.yaml (${String(g.length)} total)`)}if(b.length>0){const k=`  ignoreGhsas:
+${b.map(w=>`    - ${w}`).join(`
+`)}
+`;/auditConfig:/.test(y)&&(y=/ignoreGhsas:/.test(y)?y.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,k):y.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${k}$2`)),$>0&&r.push(`Added ${String($)} new GHSA${$===1?"":"s"} to pnpm-workspace.yaml (${String(b.length)} total)`)}Be(o,y);break}case"yarn":{const o=H(t,".yarnrc.yml");if(!B(o)){r.push(".yarnrc.yml not found. Cannot sync.");break}const a=at(t),n=new Set(a.ignoredAdvisories),l=[...new Set([...n,...s])],p=s.filter(b=>!n.has(b)).length;if(p===0){r.push("All advisory IDs already present in .yarnrc.yml.");break}let u=me(o);const g=`npmAuditIgnoreAdvisories:
+${l.map(b=>`  - "${b}"`).join(`
+`)}
+`;u=/npmAuditIgnoreAdvisories:/.test(u)?u.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,g):`${u.trimEnd()}
+
+${g}`,Be(o,u),r.push(`Synced ${String(p)} advisor${p===1?"y":"ies"} to .yarnrc.yml (${String(l.length)} total)`);break}default:r.push(`Unknown package manager: ${e}`)}return r},"syncAcceptedRisksToNativeConfig");var fs=Object.defineProperty,q=O((e,t)=>fs(e,"name",{value:t,configurable:!0}),"p$2");const gs=["CRITICAL","HIGH","MODERATE","LOW","UNKNOWN"],S=q(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;"),"escapeHtml"),ms=q(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),vs=q((e,t)=>{if(t.length===0)return{kind:"unknown",label:"no fix"};const s=G.coerce(e);if(!s)return{kind:"unknown",label:"non-semver"};let r,o;for(const a of t){const n=G.coerce(a);if(!n)continue;const l=G.diff(s,n);l==="major"||l==="premajor"?r||(r=a):l&&!o&&(o=a)}return o?{kind:"minor-patch",label:`safe to ${o}`}:r?{kind:"major",label:`requires major bump to ${r}`}:{kind:"unknown",label:"no usable fix"}},"breakingMarker"),Je={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},hs=q(e=>{const{acknowledged:t,packageName:s,packageVersion:r,remediation:o,vulnerability:a}=e,{severity:n}=a,l=vs(r,a.fixedVersions),p=a.fixedVersions.length>0?a.fixedVersions.join(", "):"—",u=o?`<code class="copyable" data-cmd="${S(o)}">${S(o)}</code>`:'<span class="muted">advisory only</span>';return`<tr data-severity="${n}" data-package="${S(s)}" data-advisory="${S(a.id)}">
+  <td><span class="badge badge-${n.toLowerCase()}">${n}</span></td>
+  <td><span class="marker marker-${l.kind}" title="${S(l.label)}"></span></td>
+  <td><code>${S(s)}</code></td>
+  <td><code>${S(r)}</code></td>
+  <td><a href="${S(ms(a.id))}" rel="noreferrer noopener" target="_blank">${S(a.id)}</a>${t?' <span class="ack">[acknowledged]</span>':""}</td>
+  <td>${S(a.summary)}</td>
+  <td><code>${S(p)}</code></td>
+  <td>${u}</td>
+</tr>`},"renderRow"),ys=q(e=>{const t=e.now??new Date,s=[...e.findings].sort((u,g)=>{const b=Je[u.vulnerability.severity??"UNKNOWN"]??4,v=Je[g.vulnerability.severity??"UNKNOWN"]??4;return b!==v?b-v:u.packageName.localeCompare(g.packageName)||u.packageVersion.localeCompare(g.packageVersion)}),r={CRITICAL:0,HIGH:0,LOW:0,MODERATE:0,UNKNOWN:0};for(const u of s)r[u.vulnerability.severity??"UNKNOWN"]+=1;const o=s.map(u=>hs(u)).join(`
+`),a=gs.filter(u=>r[u]>0).map(u=>`<span class="badge badge-${u.toLowerCase()}">${r[u]} ${u}</span>`).join(" "),n=s.length===0,l=(e.policyDecisions??[]).filter(u=>u.policy!=="vulnerability"),p=[...l].sort((u,g)=>{const b=q(v=>v==="block"?0:v==="warn"?1:2,"rank");return b(u.severity)-b(g.severity)||u.policy.localeCompare(g.policy)||u.packageName.localeCompare(g.packageName)}).map(u=>{const g=u.acceptedRisk?' <span class="ack">[acknowledged]</span>':"";return`<tr>
+  <td><span class="policy-badge policy-${u.severity}">${u.severity.toUpperCase()}</span></td>
+  <td><code>${S(u.policy)}</code></td>
+  <td><code>${S(u.packageName)}</code></td>
+  <td><code>${S(u.version)}</code></td>
+  <td>${S(u.reason)}${g}</td>
+</tr>`}).join(`
+`);return`<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>vis audit · ${S(t.toISOString().slice(0,10))}</title>
+<style>
+:root {
+  --bg: #0e1116;
+  --fg: #d6dde6;
+  --muted: #8b95a1;
+  --border: #20262e;
+  --row-hover: #161b22;
+  --critical: #ff4757;
+  --high: #ff8c42;
+  --medium: #fbbf24;
+  --low: #38bdf8;
+  --unknown: #6b7280;
+  --major: #ff4757;
+  --minor: #22c55e;
+}
+@media (prefers-color-scheme: light) {
+  :root {
+    --bg: #ffffff;
+    --fg: #1f2328;
+    --muted: #57606a;
+    --border: #d0d7de;
+    --row-hover: #f6f8fa;
+  }
+}
+* { box-sizing: border-box; }
+body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: var(--bg); color: var(--fg); margin: 0; padding: 24px; }
+h1 { font-size: 22px; margin: 0 0 8px; }
+.meta { color: var(--muted); font-size: 13px; margin-bottom: 16px; }
+.summary { display: flex; flex-wrap: wrap; gap: 8px; margin-bottom: 20px; }
+.controls { display: flex; gap: 12px; align-items: center; margin-bottom: 12px; }
+.controls input { background: var(--bg); color: var(--fg); border: 1px solid var(--border); padding: 6px 10px; border-radius: 6px; font-size: 13px; min-width: 240px; }
+.controls select { background: var(--bg); color: var(--fg); border: 1px solid var(--border); padding: 6px 10px; border-radius: 6px; font-size: 13px; }
+table { width: 100%; border-collapse: collapse; font-size: 13px; }
+th, td { padding: 8px 10px; border-bottom: 1px solid var(--border); text-align: left; vertical-align: top; }
+th { font-weight: 600; color: var(--muted); cursor: pointer; user-select: none; }
+th:hover { color: var(--fg); }
+tr:hover td { background: var(--row-hover); }
+code { font-family: ui-monospace, "SF Mono", Menlo, monospace; font-size: 12px; }
+code.copyable { cursor: pointer; padding: 2px 4px; border-radius: 4px; }
+code.copyable:hover { background: var(--row-hover); }
+a { color: var(--low); text-decoration: none; }
+a:hover { text-decoration: underline; }
+.muted { color: var(--muted); }
+.ack { color: var(--muted); font-style: italic; font-size: 12px; }
+.badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: 11px; font-weight: 600; text-transform: uppercase; }
+.badge-critical { background: rgba(255, 71, 87, 0.2); color: var(--critical); }
+.badge-high { background: rgba(255, 140, 66, 0.2); color: var(--high); }
+.badge-moderate { background: rgba(251, 191, 36, 0.2); color: var(--medium); }
+.badge-low { background: rgba(56, 189, 248, 0.2); color: var(--low); }
+.badge-unknown { background: rgba(107, 114, 128, 0.2); color: var(--unknown); }
+.marker { display: inline-block; width: 10px; height: 10px; border-radius: 50%; vertical-align: middle; }
+.marker-major { background: var(--major); }
+.marker-minor-patch { background: var(--minor); }
+.marker-unknown { background: var(--unknown); }
+.clean { padding: 32px; text-align: center; color: var(--muted); font-size: 14px; border: 1px dashed var(--border); border-radius: 8px; }
+h2 { font-size: 16px; margin: 24px 0 12px; }
+.policy-badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: 11px; font-weight: 600; }
+.policy-block { background: rgba(255, 71, 87, 0.2); color: var(--critical); }
+.policy-warn { background: rgba(251, 191, 36, 0.2); color: var(--medium); }
+.policy-info { background: rgba(107, 114, 128, 0.2); color: var(--unknown); }
+</style>
+</head>
+<body>
+<h1>vis audit</h1>
+<div class="meta">${S(e.tool.name)} ${S(e.tool.version)} · ${S(t.toISOString())} · ${e.packagesScanned} packages scanned · ${s.length} findings</div>
+<div class="summary">${a||'<span class="badge badge-low">CLEAN</span>'}</div>
+${n?'<div class="clean">No security issues found.</div>':`
+<div class="controls">
+  <input id="filter" type="search" placeholder="Filter by package or advisory…" aria-label="Filter findings" />
+  <select id="severity" aria-label="Filter by severity">
+    <option value="">All severities</option>
+    <option value="CRITICAL">Critical only</option>
+    <option value="HIGH">High and above</option>
+    <option value="MODERATE">Moderate and above</option>
+    <option value="LOW">Low and above</option>
+  </select>
+</div>
+<table id="findings">
+<thead>
+<tr>
+  <th data-sort="severity">Severity</th>
+  <th title="Green = safe upgrade · Red = requires major bump">Δ</th>
+  <th data-sort="package">Package</th>
+  <th>Version</th>
+  <th>Advisory</th>
+  <th>Summary</th>
+  <th>Fix</th>
+  <th>Remediation</th>
+</tr>
+</thead>
+<tbody>
+${o}
+</tbody>
+</table>`}
+${l.length>0?`
+<h2>Policy Decisions (${l.length})</h2>
+<table id="policies">
+<thead>
+<tr>
+  <th>Severity</th>
+  <th>Policy</th>
+  <th>Package</th>
+  <th>Version</th>
+  <th>Reason</th>
+</tr>
+</thead>
+<tbody>
+${p}
+</tbody>
+</table>`:""}
+<script>
+(() => {
+  const rank = { CRITICAL: 0, HIGH: 1, MODERATE: 2, LOW: 3, UNKNOWN: 4 };
+  const filter = document.getElementById('filter');
+  const severity = document.getElementById('severity');
+  const rows = Array.from(document.querySelectorAll('#findings tbody tr'));
+
+  const apply = () => {
+    const q = (filter?.value ?? '').toLowerCase().trim();
+    const minSev = severity?.value ?? '';
+    const sevCap = minSev ? rank[minSev] ?? 4 : 4;
+    for (const row of rows) {
+      const pkg = row.getAttribute('data-package') ?? '';
+      const adv = row.getAttribute('data-advisory') ?? '';
+      const sev = row.getAttribute('data-severity') ?? 'UNKNOWN';
+      const queryHit = !q || pkg.toLowerCase().includes(q) || adv.toLowerCase().includes(q);
+      const sevHit = !minSev || (rank[sev] ?? 4) <= sevCap;
+      row.style.display = queryHit && sevHit ? '' : 'none';
+    }
+  };
+
+  filter?.addEventListener('input', apply);
+  severity?.addEventListener('change', apply);
+
+  // Click-to-copy on remediation cells.
+  document.addEventListener('click', (event) => {
+    const target = event.target;
+    if (!(target instanceof HTMLElement) || !target.classList.contains('copyable')) return;
+    const cmd = target.getAttribute('data-cmd') ?? target.textContent ?? '';
+    navigator.clipboard?.writeText(cmd).then(() => {
+      const orig = target.textContent;
+      target.textContent = '✓ copied';
+      setTimeout(() => { target.textContent = orig; }, 900);
+    }).catch(() => {});
+  });
+})();
+<\/script>
+</body>
+</html>
+`},"emitAuditHtml");var ks=Object.defineProperty,ye=O((e,t)=>ks(e,"name",{value:t,configurable:!0}),"u");const bs={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},$s={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},Ce=ye((e,t)=>`pkg:npm/${e}@${t}`,"productId"),ws=ye(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Ye=ye((e,t)=>{const s=new Map;for(const r of e){const o=t(r),a=s.get(o);a?a.push(r):s.set(o,[r])}return s},"groupBy"),xs=ye(e=>{const t=e.now??new Date,s=t.toISOString(),r=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,o=[...Ye(e.findings,n=>n.packageName).entries()].sort(([n],[l])=>n.localeCompare(l)).map(([n,l])=>({branches:[...new Set(l.map(p=>p.packageVersion))].sort().map(p=>{const u=Ce(n,p);return{category:"product_version",name:p,product:{name:`${n}@${p}`,product_id:u,product_identification_helper:{purl:u}}}}),category:"product_name",name:n})),a=[...Ye(e.findings,n=>n.vulnerability.id).entries()].sort(([n],[l])=>n.localeCompare(l)).map(([n,l])=>{const p=l[0].vulnerability,u=[...new Set(l.map(w=>Ce(w.packageName,w.packageVersion)))].sort(),g=n.startsWith("CVE-"),b=[n,...p.aliases??[]],v=g?n:b.find(w=>w.startsWith("CVE-")),$=b.filter(w=>w!==v).map(w=>({system_name:w.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:w})),y=typeof p.cvssScore=="number"&&Number.isFinite(p.cvssScore)?p.cvssScore:$s[p.severity]??0,k=l.filter(w=>w.acknowledged).map(w=>Ce(w.packageName,w.packageVersion));return{...v?{cve:v}:{},...$.length>0?{ids:$}:{},notes:[{category:"description",text:p.summary||`Advisory ${n}`,title:"Advisory description"}],product_status:{known_affected:u},references:[{category:"external",summary:`${n} advisory record`,url:ws(n)}],scores:[{cvss_v3:{baseScore:y,baseSeverity:bs[p.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:u}],title:p.summary.split(`
+`)[0]?.slice(0,200)||n,...k.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:k}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${r}`,tracking:{current_release_date:s,id:r,initial_release_date:s,revision_history:[{date:s,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...o.length>0?{product_tree:{branches:o}}:{},...a.length>0?{vulnerabilities:a}:{}}},"emitCsaf");var Ss=Object.defineProperty,se=O((e,t)=>Ss(e,"name",{value:t,configurable:!0}),"c$2");const As={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},Ns={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},Re=se(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Oe=se(e=>e.startsWith("CVE-")?"NVD":e.startsWith("GHSA-")?"GitHub Advisory Database":"OSV","advisorySourceName"),Ze=se((e,t)=>{const s=new Map;for(const r of e){const o=t(r),a=s.get(o);a?a.push(r):s.set(o,[r])}return s},"groupBy"),Cs=se((e,t=new Date)=>{const s=Ze(e,o=>o.vulnerability.id),r=t.toISOString();return[...s.entries()].sort(([o],[a])=>o.localeCompare(a)).map(([o,a])=>{const n=a[0].vulnerability,l=As[n.severity]??"unknown",p=typeof n.cvssScore=="number"&&Number.isFinite(n.cvssScore)?n.cvssScore:Ns[n.severity]??0,u=[...Ze(a,y=>y.packageName).entries()].sort(([y],[k])=>y.localeCompare(k)).map(([y,k])=>{const w=[...new Set(k.map(W=>W.packageVersion))].sort();return{ref:Gt(y,w[0]),versions:w.map(W=>({status:"affected",version:W}))}}),g=(n.aliases??[]).filter(y=>y!==o).map(y=>({id:y,source:{name:Oe(y),url:Re(y)}})),b=a.some(y=>y.acknowledged),v=a.every(y=>y.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:b?{state:"in_triage"}:void 0,$=n.fixedVersions??[];return{"bom-ref":`vuln:${o}`,id:o,source:{name:Oe(o),url:Re(o)},...g.length>0?{references:g}:{},description:n.summary||`Advisory ${o}`,ratings:[{method:"CVSSv31",score:p,severity:l,source:{name:Oe(o),url:Re(o)}}],...$.length>0?{recommendation:`Upgrade to one of: ${$.join(", ")}`}:{},affects:u,created:r,published:r,...v?{analysis:v}:{}}})},"buildCycloneDxVulnerabilities"),Rs=se(e=>{const t=Cs(e.findings,e.now);return{...e.bom,vulnerabilities:t}},"emitCycloneDxVex");var Os=Object.defineProperty,We=O((e,t)=>Os(e,"name",{value:t,configurable:!0}),"a");const Es={CRITICAL:"error",HIGH:"error",LOW:"note",MODERATE:"warning",UNKNOWN:"none"},Is={CRITICAL:"9.5",HIGH:"8.0",LOW:"2.5",MODERATE:"5.5",UNKNOWN:"0.0"},js={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"none"},Ps=We(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Ds=We(e=>typeof e.cvssScore=="number"&&Number.isFinite(e.cvssScore)?e.cvssScore.toFixed(1):Is[e.severity]??"0.0","securitySeverity"),Ls=We(e=>{const t=new Map,s=[],r=e.artifactUri??(Ut(e.workspaceRoot,Bt(e.workspaceRoot,"package.json"))||"package.json");for(const n of e.findings){const{acknowledged:l,packageName:p,packageVersion:u,vulnerability:g}=n,b=Es[g.severity]??"none",v=js[g.severity]??"none";t.has(g.id)||t.set(g.id,{defaultConfiguration:{level:b},fullDescription:{text:g.summary||`Advisory ${g.id}`},helpUri:Ps(g.id),id:g.id,name:g.id,properties:{precision:"very-high","security-severity":Ds(g),"severity-label":v,tags:["security","vulnerability","supply-chain",`severity:${v}`]},shortDescription:{text:(g.summary.split(`
+`)[0]??g.id).slice(0,200)}}),s.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${p}@${u}`}],physicalLocation:{artifactLocation:{uri:r}}}],message:{text:`${g.id}: ${p}@${u} — ${g.summary||"no summary"}${g.fixedVersions.length>0?` (fix: ${g.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:g.id,package:p,version:u},properties:{...l?{acknowledged:!0}:{},...g.aliases&&g.aliases.length>0?{aliases:g.aliases}:{},...typeof g.cvssScore=="number"?{cvssScore:g.cvssScore}:{},...g.fixedVersions.length>0?{fixedVersions:g.fixedVersions}:{},packageName:p,packageVersion:u,severityLabel:v},ruleId:g.id})}const o={block:"error",info:"note",warn:"warning"},a={block:"high",info:"none",warn:"medium"};for(const n of e.policyDecisions??[]){if(n.policy==="vulnerability")continue;const l=`vis.policy.${n.policy}`,p=o[n.severity],u=a[n.severity];t.has(l)||t.set(l,{defaultConfiguration:{level:p},fullDescription:{text:`vis policy '${n.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${n.policy}`,id:l,name:l,properties:{precision:"high","security-severity":n.severity==="block"?"8.0":n.severity==="warn"?"5.5":"0.0","severity-label":u,tags:["security","supply-chain","policy",`policy:${n.policy}`]},shortDescription:{text:`vis policy: ${n.policy}`}}),s.push({level:p,locations:[{logicalLocations:[{kind:"package",name:`${n.packageName}@${n.version}`}],physicalLocation:{artifactLocation:{uri:r}}}],message:{text:n.reason},partialFingerprints:{package:n.packageName,policy:n.policy,version:n.version},properties:{...n.acceptedRisk?{acknowledged:!0}:{},packageName:n.packageName,packageVersion:n.version,severityLabel:u},ruleId:l})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:s,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Ws=Object.defineProperty,K=O((e,t)=>Ws(e,"name",{value:t,configurable:!0}),"c$1");const Ms=["dependencies","devDependencies","optionalDependencies","peerDependencies"],Xe=K(e=>{try{return{path:e,pkg:ot(e)}}catch{return}},"readPackageJsonSafe"),Ts=K(e=>{const t=[],s=Xe(H(e,"package.json"));s&&t.push({path:s.path,pkg:s.pkg,workspaceName:s.pkg.name});const r=Ct(e);let o;if(r?o=r:s?.pkg.workspaces&&(Array.isArray(s.pkg.workspaces)?o=s.pkg.workspaces:s.pkg.workspaces.packages&&(o=s.pkg.workspaces.packages)),!o)return t;for(const a of Rt(e,o)){const n=Xe(H(e,a,"package.json"));n&&t.push({path:n.path,pkg:n.pkg,workspaceName:n.pkg.name})}return t},"collectWorkspaceManifests"),Hs=K((e,t)=>{const s=[];for(const r of e)for(const o of Ms){const a=r.pkg[o]?.[t];typeof a=="string"&&s.push({field:o,manifest:r,range:a})}return s},"findDeclarations"),it=K(e=>{const t=Ts(e.workspaceRoot),s=[],r=[],o=[],a=new Set;for(const n of e.findings){const l=n.vulnerability.fixedVersions[0];if(!l){o.push({packageName:n.packageName,reason:"no-fixed-version"});continue}const p=Hs(t,n.packageName);if(p.length===0){o.push({packageName:n.packageName,reason:"transitive-only"});continue}const u=G.coerce(l),g=u?`^${u.version}`:l,b=u?u.version:l;for(const v of p){const $=`${v.manifest.path}::${v.field}::${n.packageName}::${b}`;if(a.has($))continue;a.add($);const y=Fs(b,v.range),k={currentRange:v.range,field:v.field,inRange:y,manifestPath:v.manifest.path,packageName:n.packageName,targetSpec:g,targetVersion:b,workspaceName:v.manifest.workspaceName};y||e.allowMajor===!0?s.push(k):r.push(k)}}return{apply:s,skippedMajor:r,unmatched:o}},"buildDirectApplyPlan"),Vs=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,Fs=K((e,t)=>{if(Vs.test(t))return!0;const s=G.coerce(e)?.version??e;try{return G.satisfies(s,t)}catch{return!0}},"satisfiesRange"),Gs=K(e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const s of e.apply){const r=s.workspaceName?` [${s.workspaceName}]`:"";t.push(`  + ${s.packageName}: ${s.currentRange} → ${s.targetSpec}${r}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const s of e.skippedMajor){const r=s.workspaceName?` [${s.workspaceName}]`:"";t.push(`  ! ${s.packageName}: ${s.currentRange} → ${s.targetSpec}${r}`)}}if(e.unmatched.length>0){const s=e.unmatched.filter(o=>o.reason==="transitive-only"),r=e.unmatched.filter(o=>o.reason==="no-fixed-version");if(s.length>0){t.push(`Transitive only (${String(s.length)}, requires --fix-transitive):`);for(const o of s)t.push(`  · ${o.packageName}`)}if(r.length>0){t.push(`No fixed version available (${String(r.length)}):`);for(const o of r)t.push(`  · ${o.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
+`)},"formatDirectApplyPlan");var _s=Object.defineProperty,D=O((e,t)=>_s(e,"name",{value:t,configurable:!0}),"i");const Us={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},Bs={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},ct=D(e=>Bs[e.toLowerCase()]??e,"canonicalEcosystem"),qs=D((e,t)=>{const s=ct(t),r=Us[s]??[];for(const o of r){const a=H(e,o);if(Qe(a))return a}},"findEcosystemLockfile"),Ks=D(e=>{const t=new Set,s=[];for(const r of e){const o=`${r.name}@${r.version}`;t.has(o)||(t.add(o),s.push(r))}return s},"dedupe"),zs=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,Js=/^\s*name\s*=\s*"([^"]+)"\s*$/m,Ys=/^\s*version\s*=\s*"([^"]+)"\s*$/m,Zs=D(e=>{const t=[];for(const s of e.matchAll(zs)){const r=s[1]??"",o=Js.exec(r)?.[1],a=Ys.exec(r)?.[1];o&&a&&t.push({isDev:!1,name:o,version:a})}return t},"parseTomlPackages"),Xs=D(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const s=[];for(const r of["default","develop"]){const o=t[r];if(!(typeof o!="object"||o===null))for(const[a,n]of Object.entries(o)){if(typeof n!="object"||n===null)continue;const l=n.version;if(typeof l!="string")continue;const p=l.replace(/^==/,"").trim();p.length>0&&s.push({isDev:!1,name:a,version:p})}}return s},"parsePipfileLock"),Qs=/<dependency>([\s\S]*?)<\/dependency>/g,er=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,tr=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,sr=/<version>\s*([^<\s]+)\s*<\/version>/,rr=D(e=>{const t=[];for(const s of e.matchAll(Qs)){const r=s[1]??"",o=er.exec(r)?.[1],a=tr.exec(r)?.[1],n=sr.exec(r)?.[1];!o||!a||!n||n.startsWith("${")||t.push({isDev:!1,name:`${o}:${a}`,version:n})}return t},"parsePomXml"),or=D(e=>{const t=[];for(const s of e.split(/\r?\n/)){const r=s.trim();if(r.length===0||r.startsWith("#"))continue;const o=r.indexOf("="),a=(o===-1?r:r.slice(0,o)).split(":");if(a.length<3)continue;const[n,l,p]=a;!n||!l||!p||t.push({isDev:!1,name:`${n}:${l}`,version:p})}return t},"parseGradleLockfile"),nr=D(e=>{const t=[];for(const s of e.split(/\r?\n/)){const r=s.trim();if(r.length===0)continue;const o=r.split(/\s+/);if(o.length<3)continue;const[a,n]=o;if(!a||!n?.endsWith("/go.mod"))continue;const l=n.slice(0,-7);l.length!==0&&t.push({isDev:!1,name:a,version:l})}return t},"parseGoSum"),ar=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,ir=D(e=>{const t=[];let s=!1,r=!1;for(const o of e.split(/\r?\n/)){if(o.startsWith("GEM")){s=!0,r=!1;continue}if(s&&/^[A-Z]/.test(o)){s=!1,r=!1;continue}if(s&&o.trim()==="specs:"){r=!0;continue}if(r){const a=ar.exec(o);if(a){const[,n,l]=a;n&&l&&t.push({isDev:!1,name:n,version:l})}}}return t},"parseGemfileLock"),cr=D((e,t)=>{const s=qs(e,t);if(!s)return[];let r;try{r=et(s,"utf8")}catch{return[]}const o=s.split(/[/\\]/).pop()??"";let a;switch(o){case"Cargo.lock":case"poetry.lock":case"uv.lock":{a=Zs(r);break}case"Gemfile.lock":{a=ir(r);break}case"go.sum":{a=nr(r);break}case"gradle.lockfile":{a=or(r);break}case"Pipfile.lock":{a=Xs(r);break}case"pom.xml":{a=rr(r);break}default:return[]}return Ks(a)},"lockedPackagesForEcosystem");var lr=Object.defineProperty,te=O((e,t)=>lr(e,"name",{value:t,configurable:!0}),"c");const dr=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],pr=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],ur=["dependencies","devDependencies","peerDependencies","optionalDependencies"],fr=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,gr=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,mr=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,vr=te(e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const s=t.split("/");return s.length<2?void 0:`${s[0]}/${s[1]}`}return t.split("/")[0]}},"normalizePackageName"),hr=te(e=>{const t=new Set,s=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),r=te(o=>{o.lastIndex=0;let a;for(;(a=o.exec(s))!==null;){const n=vr(a[1]);n&&t.add(n)}},"collect");return r(fr),r(gr),r(mr),t},"extractImportedNames"),yr=te(e=>{const t=new Set;try{const s=ot(e);for(const r of ur){const o=s[r];if(o&&typeof o=="object"&&!Array.isArray(o))for(const a of Object.keys(o))t.add(a)}}catch{}return t},"extractPackageJsonNames"),kr=te(e=>{const t=e.skip??pr,s=e.extensions??dr,r=new Set;let o=0;const a=ze(e.workspaceRoot,{extensions:s,includeDirs:!1,skip:t});for(const p of a){o+=1;try{const u=et(p,"utf8");for(const g of hr(u))r.add(g)}catch{}}const n=ze(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(p=>p.endsWith("/package.json")||p.endsWith(String.raw`\package.json`)||p.endsWith("package.json"));for(const p of n)for(const u of yr(p))r.add(u);if(e.alwaysAssumeUsed)for(const p of e.alwaysAssumeUsed)r.add(p);const l=new Set;for(const p of e.vulnerablePackages)r.has(p)&&l.add(p);return{filesScanned:o,importedTotal:r,reachable:l}},"computeReachableVulnerablePackages");var br=Object.defineProperty,L=O((e,t)=>br(e,"name",{value:t,configurable:!0}),"o");const $r=L(e=>{const t=G.coerce(e)?.major;return t!==void 0&&t>=10},"PNPM_V10_PLUS"),wr=L(e=>Object.fromEntries(Object.entries(e).sort(([t],[s])=>t.localeCompare(s))),"sortByKey"),xr=L((e,t)=>`${JSON.stringify(e,void 0,t)}
+`,"stringifyJson"),lt=L((e,t)=>{if(t.name==="pnpm"&&$r(t.version))return{filePath:H(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const s=H(e,"package.json");return t.name==="pnpm"?{filePath:s,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:s,surface:"package.json#resolutions"}:{filePath:s,surface:"package.json#overrides"}},"resolveOverrideSurface"),Sr=L((e,t)=>{const{filePath:s,surface:r}=lt(e,t);if(!B(s))return{};if(r==="pnpm-workspace.yaml")try{return Le(s)?.overrides??{}}catch{return{}}try{const o=JSON.parse(me(s));return r==="package.json#pnpm.overrides"?(o.pnpm??{}).overrides??{}:r==="package.json#resolutions"?o.resolutions??{}:o.overrides??{}}catch{return{}}},"readExistingOverrides"),Ar=L((e,t)=>{const s=Object.keys(t).sort();if(s.length===0&&!/^overrides\s*:/m.test(e))return e;const r=`overrides:
+${s.map(o=>`  '${o}': '${t[o]}'`).join(`
+`)}
+`;if(e.length===0)return r;if(/^overrides\s*:/m.test(e)){const o=e.replace(/^overrides\s*:[^\n]*\n(?:[ \t][^\n]*\n)*/m,r);return o.endsWith(`
+`)?o:`${o}
+`}return`${e.endsWith(`
+`)?e:`${e}
+`}
+${r}`},"renderPnpmWorkspaceOverrides"),Nr=L((e,t,s,r)=>{const o=Ot(e,t.length>0?t:void 0),a=t.length>0?JSON.parse(t):{};if(s==="package.json#pnpm.overrides"){const n=a.pnpm??{};n.overrides=r,a.pnpm=n}else s==="package.json#resolutions"?a.resolutions=r:a.overrides=r;return xr(a,o)},"renderPackageJsonWithOverrides"),Cr=L((e,t,s)=>{const{filePath:r,surface:o}=lt(e,s),a=Sr(e,s),n=B(r)?me(r):"",l=[],p={...a};for(const v of t.entries){const $=a[v.packageName];if($===v.spec){l.push({...v,previousSpec:$,status:"unchanged"});continue}$===void 0?l.push({...v,status:"added"}):l.push({...v,previousSpec:$,status:"updated"}),p[v.packageName]=v.spec}const u=wr(p),g=l.some(v=>v.status!=="unchanged"),b=o==="pnpm-workspace.yaml"?Ar(n,u):Nr(r,n,o,u);return{changed:g,entries:l,filePath:r,nextContent:b,previousContent:n,surface:o}},"planOverrideWrite"),Rr=L(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{tt(t,e.nextContent),xt(t,e.filePath)}catch(s){try{St(t)}catch{}throw s}return e},"applyOverridePlan"),Or=L(e=>{const t=new Map;for(const s of e){const r=s.vulnerability.fixedVersions[0];if(!r)continue;const o=G.coerce(r),a=o?`^${o.version}`:r;t.set(s.packageName,a)}return{entries:[...t.entries()].sort(([s],[r])=>s.localeCompare(r)).map(([s,r])=>({packageName:s,spec:r}))}},"buildOverridePlanFromFindings");var Er=Object.defineProperty,A=O((e,t)=>Er(e,"name",{value:t,configurable:!0}),"m");const Ir={critical:ge,high:rt,low:st,medium:fe},Pe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),jr=A(e=>{const t=(e??"npm").split(",").map(o=>o.trim()).filter(o=>o.length>0),s=t.length>0?t:["npm"],r=s.filter(o=>!Pe.has(o.toLowerCase()));return{all:s,unsupported:r}},"parseEcosystems"),Pr={CRITICAL:ge,HIGH:rt,LOW:st,MODERATE:fe,UNKNOWN:j},Dr=A((e,t,s,r)=>{const o=Pr[s.severity]??j,a=r?` ${j("[acknowledged]")}`:"",n=s.fixedVersions??[],l=n.length>0?` (fix: ${n.join(", ")})`:"";return`  ${o(s.severity)} ${s.id} — ${e}@${t}${a}
+    ${s.summary}${l}`},"formatVulnLine"),Lr=A((e,t)=>{const s=Et(e),r=`${String(Math.round(e.score.overall*100))}%`,o=t?` ${j("[acknowledged]")}`:"",a=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return`  ${r} ${s}@${e.version} (${It(e.score.overall)}${a})${o}`},"formatSocketLine"),Wr=new Set(["aube","auto","vis"]),Q=A(e=>e!==void 0&&Wr.has(e),"isAuditBackend"),Mr=A((e,t,s)=>{if(e!==void 0&&!Q(e))throw new Error(`Invalid --backend value '${e}'. Expected one of: aube, auto, vis.`);const r=process.env.VIS_AUDIT_BACKEND;if(r!==void 0&&r!==""&&!Q(r))throw new Error(`Invalid VIS_AUDIT_BACKEND value '${r}'. Expected one of: aube, auto, vis.`);const o=Q(r)?r:void 0,a=Q(t)?t:void 0,n=(Q(e)?e:void 0)??o??a??"auto";return n==="aube"?"aube":n==="vis"?"vis":(s?.install?.backend??process.env.VIS_INSTALLER)==="aube"&&Ft("aube")!==null?"aube":"vis"},"resolveAuditBackend"),Tr=A(e=>{if(e!==void 0)switch(e){case"critical":return"critical";case"high":return"high";case"low":return"low";case"medium":return"moderate";default:return e}},"mapSeverityToAube"),Hr=A((e,t,s)=>{const r=["audit"],o=Tr(t.severity);o!==void 0&&r.push("--audit-level",o),(t.prodOnly===!0||t.prod===!0)&&r.push("--prod"),(t.json===!0||t.format==="json")&&r.push("--json");const a=t.fix===!0;t["fix-transitive"]===!0||t.fixTransitive===!0?r.push("--fix=override"):a&&r.push("--fix=update");const n=[];t.offline===!0&&n.push("--offline (aube has its own offline cache)"),(t.format==="sarif"||t.format==="csaf"||t.format==="cyclonedx"||t.format==="cyclonedx-vex")&&n.push(`--format=${String(t.format)} (only json/text is forwarded to aube)`),n.length>0&&d.warn(`Delegating to 'aube audit'. Skipping vis-only flags: ${n.join(", ")}`);const l=wt("aube",r,{cwd:e,stdio:"inherit"});if(l.error){const{code:p}=l.error;return p==="ENOENT"?d.error("Backend 'aube' selected but the 'aube' binary was not found on PATH. Install aube or run with --backend vis."):d.error(`Failed to spawn aube: ${l.error.message}`),1}return l.status??1},"runAubeAudit"),Vr=A(async(e,t,s,r)=>{if(Mr(t.backend,s?.security?.audit?.backend,s)==="aube"){process.exitCode=Hr(e,t,s);return}const o=t.severity??"low",a=t.format??"table",n=a==="sarif",l=a==="csaf",p=a==="cyclonedx-vex"||a==="cyclonedx",u=a==="json"||!!t.json,g=t.report,b=s?.security?.audit,v=s?.security?.policies,$=t.offline===void 0?!!b?.offlineByDefault:!!t.offline,y=t.db,k=jr(t.ecosystem),w=!!t.prodOnly,W=t.failOn??v?.vulnerability?.failOn,ut=!!t.showFixes,re=!!t.showAccepted,ke=s?.security?.acceptedRisks,Me=v?.vulnerability?.usage,ft=t.noUsage?!1:t.usage===void 0?!!Me?.enabled:!!t.usage,R=u||n||l||p,P=jt(e),N=ds(e,P.name);if($){const i=y??Kt(e);if(!Qe(i)){const c=new qe(i);R?process.stderr.write(`${c.message}
+`):d.error(c.message),process.exitCode=1;return}}!R&&(N.ignoredAdvisories.length>0||N.excludedPackages.length>0)&&d.info(`Loaded ${String(N.ignoredAdvisories.length)} ignored advisor${N.ignoredAdvisories.length===1?"y":"ies"} and ${String(N.excludedPackages.length)} excluded package${N.excludedPackages.length===1?"":"s"} from ${P.name} config.`),!R&&k.unsupported.length>0&&d.warn(`Ecosystems ${k.unsupported.map(i=>`'${i}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const M=zt(e,P.name,{includeDev:!w});if(M.length===0){d.info(`No ${P.name} lockfile entries found. Run ${P.name} install first.`);return}if(!R){const i=w?"production-only packages":"installed packages";d.info(`Scanning ${String(M.length)} ${i}${$?" (offline)":""}…`)}const oe=M.map(i=>({name:i.name,version:i.version})),ne=s?.security?.audit?.advisories?.bloom?.mode??"off";let V=[];if(ne!=="off")try{const i=await Zt(e,{softFail:ne==="on"});if(i){if(V=Xt(i,oe).map(c=>({name:c.name,version:c.version})),!R&&V.length>0){d.warn(`osv-bloom prefilter flagged ${String(V.length)} package${V.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const c=10;for(const f of V.slice(0,c))d.warn(`  ${ge("[bloom]")} ${f.name}@${f.version}`);V.length>c&&d.warn(`  …and ${String(V.length-c)} more (full list in --format json output)`)}}else R||d.info(j("osv-bloom cache absent — skipping prefilter (run `vis advisories bloom sync` to enable)."))}catch(i){if(i instanceof Qt&&ne==="required"){const f=`${i.message} (security.audit.advisories.bloom.mode = "required")`;R?process.stderr.write(`${f}
+`):d.error(f),process.exitCode=1;return}const c=i instanceof Error?i.message:String(i);if(ne==="required"){R?process.stderr.write(`osv-bloom prefilter failed: ${c}
+`):d.error(`osv-bloom prefilter failed: ${c}`),process.exitCode=1;return}R||d.warn(`osv-bloom prefilter failed (continuing): ${c}`)}const ae=new Set;$?ae.add("socket").add("deps-dev"):(_e("socket")&&ae.add("socket"),_e("depsDev")&&ae.add("deps-dev"));const be=Pt(s?.security,{disabled:ae,minimumScore:v?.score?.minimum}),$e=be.length>0,gt=be.map(i=>i.displayName).join(" + "),ie=v?.score?.minimum??Tt,F=Jt(e,P.name),mt=[{id:"vulnerabilities",label:$?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...$e?[{id:"security",label:`Supply-chain reports (${gt})`}]:[]],T=qt(mt,{live:!R}),vt=Date.now(),U=A(i=>{const c=Date.now()-i;return c>=1e3?`${(c/1e3).toFixed(1)}s`:`${String(Math.round(c))}ms`},"fmtElapsed");let we,xe;try{const i=Date.now(),c=Date.now();T.start("vulnerabilities"),$e&&T.start("security");const f=$?Promise.resolve().then(()=>Ke(oe,{dbPath:y,ecosystem:k.all.find(m=>Pe.has(m.toLowerCase()))??"npm",workspaceRoot:e})).then(m=>{let h=0;for(const x of m.values())h+=x.length;return T.finish("vulnerabilities",h>0?"warn":"ok",h>0?`${String(h)} found · ${U(i)}`:`none found · ${U(i)}`),m}).catch(m=>{const h=m instanceof Error?m.message:String(m);if(T.finish("vulnerabilities","error",h),m instanceof qe)throw m;return new Map}):Dt(oe).then(m=>{let h=0;for(const x of m.values())h+=x.length;return T.finish("vulnerabilities",h>0?"warn":"ok",h>0?`${String(h)} found · ${U(i)}`:`none found · ${U(i)}`),m}).catch(m=>{const h=m instanceof Error?m.message:String(m);return T.finish("vulnerabilities","error",h),new Map});[we,xe]=await Promise.all([f,$e?Lt(be,oe).then(m=>{let h=0,x=0;for(const Z of m.values())h+=Z.alerts.length,Z.score.overall<ie&&(x+=1);const I=h+x;return T.finish("security",I>0?"warn":"ok",I>0?`${String(h)} alert${h===1?"":"s"}, ${String(x)} low-score · ${U(c)}`:`clean · ${U(c)}`),m}).catch(m=>{const h=m instanceof Error?m.message:String(m);return T.finish("security","error",h),new Map}):Promise.resolve(new Map)])}finally{T.stop()}u||d.info(j(`Scan completed in ${U(vt)}`));const ce=[];for(const i of M){if(ps(i.name,N))continue;const c=we.get(i.name)??[],f=xe.get(`${i.name}@${i.version}`),m=Ue(i.name,i.version,ke),h=c.length>0,x=f?f.score.overall<ie:!1,I=f?f.alerts.length>0:!1;(h||x||I)&&ce.push({acceptedRisk:m,name:i.name,socketReport:f,version:i.version,vulnerabilities:c})}if($){const i=k.all.filter(c=>Pe.has(c.toLowerCase())&&c.toLowerCase()!=="npm");for(const c of i){const f=ct(c),m=cr(e,f);if(m.length!==0){R||d.info(j(`Scanning ${String(m.length)} ${f} packages…`));try{const h=Ke(m.map(x=>({name:x.name,version:x.version})),{dbPath:y,ecosystem:f,workspaceRoot:e});for(const x of m){const I=h.get(x.name)??[];I.length!==0&&ce.push({acceptedRisk:Ue(x.name,x.version,ke),name:x.name,version:x.version,vulnerabilities:I})}}catch(h){const x=h instanceof Error?h.message:String(h);d.warn(`Failed to scan ${f}: ${x}`)}}}}let C=ce.filter(i=>{const c=i.vulnerabilities.some(h=>ue(h.severity,o)),f=i.socketReport?.alerts.some(h=>ue(h.severity==="medium"?"MODERATE":h.severity.toUpperCase(),o)),m=i.socketReport&&i.socketReport.score.overall<ie;return c||f||m});const ht=t.policies,Se=[],E=await(async()=>{const i=es().map(I=>`'${I}'`).join(", "),c=ts(ht,I=>{Se.push(I);const Z=`Unknown policy '${I}' — ignoring. Available: ${i}.`;R?process.stderr.write(`vis audit: ${Z}
+`):d.warn(Z)});if(c?.size===0)return[];const f=s?.security?.policies?.license,m=!!(f&&((f.allow?.length??0)>0||(f.deny?.length??0)>0)),h=c===void 0||c.has("license"),x=m&&h?Yt(e):void 0;return ss({manifestData:x,offline:$,osvFindings:we,packageManager:P.name,packages:M,socketReports:xe,workspaceRoot:e},"audit",{enabledPolicies:c,visConfig:s??{}})})();if(ft){const i=new Set(C.filter(f=>f.vulnerabilities.length>0).map(f=>f.name)),c=kr({alwaysAssumeUsed:Me?.alwaysAssumeUsed,vulnerablePackages:i,workspaceRoot:e});C=C.filter(f=>f.vulnerabilities.length===0?!0:c.reachable.has(f.name)),R||d.info(j(`Reachability filter: ${String(c.reachable.size)}/${String(i.size)} vulnerable packages reachable (${String(c.filesScanned)} files scanned).`))}const z=A(()=>C.flatMap(i=>i.vulnerabilities.map(c=>({acknowledged:!!i.acceptedRisk||ee(c.id,N,c.aliases),packageName:i.name,packageVersion:i.version,vulnerability:c}))),"findingsForReport"),Te=!!t.fix,He=!!t.fixTransitive,Ve=!!t.yes,yt=!!t.allowMajor;if(Te||He){const i=z().filter(c=>!c.acknowledged);if(Te){const c=await Gr({actionableFindings:i,allowMajor:yt,pm:P,visConfig:s,workspaceRoot:e,yes:Ve});if(c!==void 0){process.exitCode=c;return}}if(He){const c=await _r({actionableFindings:i,pm:P,visConfig:s,workspaceRoot:e,yes:Ve});if(c!==void 0){process.exitCode=c;return}}}if(n){const i=Ls({findings:z(),policyDecisions:E,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(i,void 0,2)}
+`),Ee(C,N,t.exitCode,W,E);return}if(l){const i=xs({findings:z(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(i,void 0,2)}
+`),Ee(C,N,t.exitCode,W,E);return}if(p){const{packageJsons:i,workspace:c}=Wt(e,s),f=Mt(e,c,i),m=_t({includeDev:!w,projectGraph:f,workspace:c,workspaceRoot:e}),h=Rs({bom:m,findings:z()});process.stdout.write(`${JSON.stringify(h,void 0,2)}
+`),Ee(C,N,t.exitCode,W,E);return}if(g){const i=ys({findings:z(),packagesScanned:M.length,policyDecisions:E,tool:{name:"vis-audit",version:"alpha"},workspaceRoot:e}),c=Vt(e,g);tt(c,i,"utf8"),R||d.success(`HTML report written to ${c}`)}if(u){const i={bloomHits:V,duplicates:F.map(c=>({name:c.name,versionCount:c.versions.length,versions:c.versions})),packages:M.length,policies:E.map(c=>({acceptedRisk:c.acceptedRisk??null,data:c.data??null,packageName:c.packageName,policy:c.policy,reason:c.reason,severity:c.severity,version:c.version})),results:C.map(c=>({acceptedRisk:c.acceptedRisk??null,name:c.name,socketAlerts:c.socketReport?.alerts??[],socketScore:c.socketReport?.score.overall??null,version:c.version,vulnerabilities:c.vulnerabilities})),summary:{accepted:C.filter(c=>c.acceptedRisk).length,duplicatePackages:F.length,issues:C.filter(c=>!c.acceptedRisk).length,policyBlocks:E.filter(c=>c.severity==="block"&&!c.acceptedRisk).length,policyDecisions:E.length,total:C.length},warnings:Se.length>0?Se.map(c=>({kind:"unknown-policy",token:c})):[]};process.stdout.write(`${JSON.stringify(i,void 0,2)}
+`),t.exitCode&&(i.summary.issues>0||i.summary.policyBlocks>0)&&(process.exitCode=1),De(C,N,W,E);return}if(C.length===0){d.success(`No security issues found across ${String(M.length)} packages.`);return}const J={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const i of C)for(const c of i.vulnerabilities)if(ue(c.severity,o)){const f=c.severity==="UNKNOWN"?"LOW":c.severity;J[f]?.push({entry:i,vuln:c})}let le=0,Ae=0;for(const i of["CRITICAL","HIGH","MODERATE","LOW"]){const c=J[i];if(!(!c||c.length===0)){d.info(`
+── ${i} (${String(c.length)}) ──`);for(const{entry:f,vuln:m}of c){const h=!!f.acceptedRisk||ee(m.id,N,m.aliases);h&&(Ae++,!re)||(le++,d.info(Dr(f.name,f.version,m,h)),ut&&(m.fixedVersions??[]).length>0&&d.notice(`    Fix: update to ${m.fixedVersions.at(-1)}`))}}}const Y=C.filter(i=>i.socketReport&&(i.socketReport.score.overall<ie||i.socketReport.alerts.length>0));if(Y.length>0){d.info(`
+── Socket.dev Supply Chain (${String(Y.length)}) ──`);for(const i of Y){if(!i.socketReport)continue;const c=!!i.acceptedRisk;if(!(c&&!re)){d.info(Lr(i.socketReport,c));for(const f of i.socketReport.alerts){const m=Ir[f.severity]??j;d.info(`    ${m(`[${f.severity.toUpperCase()}]`)} ${f.type} — ${f.category}`)}}}}if(F.length>0){d.info(`
+── Duplicate Dependencies (${String(F.length)}) ──`);for(const i of F){const c=i.versions.join(", ");d.info(`  ${i.name} — ${String(i.versions.length)} versions: ${fe(c)}`)}}const Fe=new Set;for(const i of["CRITICAL","HIGH","MODERATE","LOW"]){const c=J[i];if(c)for(const{vuln:f}of c)Fe.add(f.id)}const Ne=E.filter(i=>{if(i.policy!=="vulnerability")return!0;const c=typeof i.data?.advisoryId=="string"?i.data.advisoryId:void 0;return i.severity==="block"&&c!==void 0&&!Fe.has(c)});if(Ne.length>0){d.info(`
+── Policy Decisions (${String(Ne.length)}) ──`);for(const i of Ne){const c=!!i.acceptedRisk;if(c&&!re)continue;const f=i.severity==="block"?ge:i.severity==="warn"?fe:j,m=c?` ${j("[acknowledged]")}`:"";d.info(`  ${f(`[${i.severity}]`)} ${i.policy} — ${i.reason}${m}`)}}const de=A(i=>!!i.acceptedRisk||i.vulnerabilities.length>0&&i.vulnerabilities.every(c=>ee(c.id,N,c.aliases)),"isEntryExcluded"),Ge=C.filter(i=>!de(i)).length;if(d.info(""),d.info("─ Audit Summary"),d.info(`  ${String(M.length)} packages scanned`),N.ignoredAdvisories.length>0&&d.info(`  ${String(N.ignoredAdvisories.length)} ${P.name} audit exclusion${N.ignoredAdvisories.length===1?"":"s"} applied`),le>0){const i=J.CRITICAL?.filter(f=>!de(f.entry)).length??0,c=J.HIGH?.filter(f=>!de(f.entry)).length??0;d.error(`  ${String(le)} vulnerabilit${le===1?"y":"ies"} found`),i>0&&d.error(`    ${String(i)} critical`),c>0&&d.warn(`    ${String(c)} high`)}else d.success("  No vulnerabilities found");if(Y.length>0){const i=Y.filter(c=>!de(c)).length;d.warn(`  ${String(i)} package${i===1?"":"s"} with Socket.dev supply chain issues`)}F.length>0&&(d.warn(`  ${String(F.length)} package${F.length===1?"":"s"} with duplicate versions`),d.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const pe=E.filter(i=>i.severity==="block"&&!i.acceptedRisk);if(pe.length>0&&d.error(`  ${String(pe.length)} policy block${pe.length===1?"":"s"}`),Ae>0&&(d.info(`  ${String(Ae)} acknowledged (accepted risks)`),re||d.notice("  Use --show-accepted to see acknowledged issues.")),Ge===0&&d.success(`
+  All issues are acknowledged. No action required.`),t.sync&&ke){const i=new Set;for(const f of ce)if(f.acceptedRisk){for(const m of f.vulnerabilities)if((m.id.startsWith("CVE-")||m.id.startsWith("GHSA-"))&&i.add(m.id),m.aliases)for(const h of m.aliases)(h.startsWith("CVE-")||h.startsWith("GHSA-"))&&i.add(h)}const c=[...i];if(c.length>0){d.info("");const f=us(P.name,e,c);for(const m of f)d.success(`  ${m}`)}else d.info(`
+No advisory IDs to sync to native PM config.`)}t.exitCode&&(Ge>0||pe.length>0)&&(process.exitCode=1),De(C,N,W,E)},"executeAudit"),dt=A(e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),"hasBlockingPolicy"),De=A((e,t,s,r)=>{dt(r)&&(process.exitCode=1),s&&e.some(o=>o.vulnerabilities.some(a=>o.acceptedRisk||ee(a.id,t,a.aliases)?!1:ue(a.severity,s)))&&(process.exitCode=1)},"applyFailOnGate"),Ee=A((e,t,s,r,o)=>{s&&(e.filter(a=>!a.acceptedRisk&&a.vulnerabilities.some(n=>!ee(n.id,t,n.aliases))).length>0||dt(o))&&(process.exitCode=1),De(e,t,r,o)},"applyExitGate"),pt=A(async(e,t)=>{if(!process.stdin.isTTY)return t;const s=At({input:process.stdin,output:process.stderr});try{const r=t?"[Y/n]":"[y/N]",o=await new Promise(a=>{s.question(`${e} ${j(r)} `,n=>{a(n.trim())})});return o.length===0?t:o.toLowerCase().startsWith("y")}finally{s.close()}},"promptYesNo"),Fr=A(e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun","isTransitiveOnlyPm"),Gr=A(async e=>{const t=it({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(d.info(""),d.info("─ Apply (direct deps)"),d.info(Gs(t)),t.apply.length===0){d.info("Nothing to apply for direct deps.");return}if(Ie&&!e.yes)return d.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await pt("Apply these direct-dep upgrades?",!1))return d.info("Aborted — no changes made."),0;const s=new Map;for(const r of t.apply){const o=r.workspaceName??"",a=s.get(o);a?a.push(r):s.set(o,[r])}for(const[r,o]of s){const a=o.map(p=>`${p.packageName}@${p.targetSpec}`),n=r.length>0?[r]:[];d.info(`Running ${e.pm.name} add ${a.join(" ")}${r.length>0?` --filter ${r}`:""}`);const l=Ht(e.pm,{exact:!1,filter:n,global:!1,optional:!1,packages:a,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(l!==0)return d.error(`${e.pm.name} add exited ${String(l)} — aborting before rescan.`),l}return d.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},"runApplyDirect"),_r=A(async e=>{if(!Fr(e.pm.name))return d.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(Ie&&(!e.yes||!t))return d.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const s=new Set(it({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(n=>n.packageName)),r=e.actionableFindings.filter(n=>!s.has(n.packageName)),o=Or(r);if(o.entries.length===0){d.info(""),d.info("─ Apply transitive (overrides)"),d.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const a=Cr(e.workspaceRoot,o,{name:e.pm.name,version:e.pm.version});d.info(""),d.info("─ Apply transitive (overrides)"),d.info(`Target: ${a.filePath} (${a.surface})`);for(const n of a.entries){const l=n.status==="added"?"+":n.status==="updated"?"~":"·",p=n.previousSpec?` (was ${n.previousSpec})`:"";d.info(`  ${l} ${n.packageName}: ${n.spec}${p}`)}if(!a.changed){d.info("No changes — overrides already match the plan.");return}if(!e.yes){if(Ie)return 1;if(!await pt("Write these overrides?",!1))return d.info("Aborted — no changes made."),0}try{Rr(a)}catch(n){const l=n instanceof Error?n.message:String(n);return d.error(`Failed to write overrides: ${l}`),1}return d.success(`Wrote ${String(a.entries.filter(n=>n.status!=="unchanged").length)} override${a.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},"runApplyTransitive"),so=A(async({logger:e,options:t,visConfig:s,workspaceRoot:r})=>{if(!r)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await Vr(r,t,s,e)},"execute");export{so as default,Tr as mapSeverityToAube,Mr as resolveAuditBackend};