@visulima/vis 1.0.0-alpha.21 → 1.0.0-alpha.22

package/dist/packem_chunks/handler45.js

@@ -1,213 +1,25 @@
-var wt=Object.defineProperty;var x=(e,t)=>wt(e,"name",{value:t,configurable:!0});import{createRequire as St}from"node:module";import{ay as Rt,u as Ee,ax as U,h as Ot,k as Pt,a9 as G,a$ as Lt,E as j,e as fe,q as tt,bu as st,a as Ie,a8 as jt,ab as Et,A as It,p as f,i as Dt,J as Wt,T as Mt,N as Ft,y as Ht,m as Vt,ae as Tt,s as Re,af as Ut}from"./bin.js";import{M as H,i as K,$ as ne,B as Ge,n as nt,O as Gt,C as rt}from"./config.js";import{t as _t,n as De,b as qt}from"../packem_shared/cyclonedx-CiHXuG8M.js";import{s as Bt}from"../packem_shared/scan-progress-CMynp3eA.js";import{r as Jt,A as _e,q as qe}from"../packem_shared/advisories-DsynpacV.js";import{L as ot,l as Yt,f as Xt}from"../packem_shared/dependency-scan-DC3nAFHS.js";import{r as Zt}from"../packem_shared/manifests-B0fMp872.js";import{x as Qt}from"../packem_shared/build-scripts-DsWMSWDs.js";import{F as es}from"../packem_shared/lockfile-C5DYMHVq.js";const xt=St(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,je=x(e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,s]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return ee.getBuiltinModule(e)}return xt(e)},"__cjs_getBuiltinModule"),{existsSync:Ze,readFileSync:Qe,writeFileSync:et,renameSync:Ct,unlinkSync:At}=je("node:fs"),{createInterface:Nt}=je("node:readline"),{relative:Kt,join:zt}=je("node:path");var ts=Object.defineProperty,ss=x((e,t)=>ts(e,"name",{value:t,configurable:!0}),"t"),ns=Object.defineProperty,rs=ss((e,t)=>ns(e,"name",{value:t,configurable:!0}),"s"),os=Object.defineProperty,is=rs((e,t)=>os(e,"name",{value:t,configurable:!0}),"n");const Ke=is((e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const s=[];for(const n of Rt(e,t))s.push(n.path);return s},"collectSync");var as=Object.defineProperty,_=x((e,t)=>as(e,"name",{value:t,configurable:!0}),"o$1");const ge=_(e=>Array.isArray(e)?e.filter(t=>typeof t=="string"):[],"toStringArray"),Oe=_((e,t)=>{for(const s of t)if(s===e||s.endsWith("*")&&e.startsWith(s.slice(0,-1)))return!0;return!1},"matchesGlobList"),it=_(e=>{const t=H(e,"pnpm-workspace.yaml");if(!K(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const s=Ee(t);return{excludedPackages:[],ignoredAdvisories:[...ge(s?.auditConfig?.ignoreCves),...ge(s?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),at=_(e=>{const t=H(e,".yarnrc.yml");if(!K(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const s=Ee(t);return{excludedPackages:ge(s?.npmAuditExcludePackages),ignoredAdvisories:ge(s?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),cs=_((e,t)=>{switch(t){case"pnpm":return it(e);case"yarn":return at(e);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),te=_((e,t,s)=>{if(Oe(e,t.ignoredAdvisories))return!0;if(s){for(const n of s)if(Oe(n,t.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),ls=_((e,t)=>Oe(e,t.excludedPackages),"isPackageExcluded"),ps=_((e,t,s)=>{if(s.length===0)return["No advisory IDs to sync."];const n=[];switch(e){case"bun":{n.push(`bun has no audit config file. Use CLI flags: bun audit ${s.map(r=>`--ignore ${r}`).join(" ")}`);break}case"npm":{n.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const r=H(t,"pnpm-workspace.yaml");if(!K(r)){n.push("pnpm-workspace.yaml not found. Cannot sync.");break}const i=it(t),o=new Set(i.ignoredAdvisories.filter($=>$.startsWith("CVE-"))),a=new Set(i.ignoredAdvisories.filter($=>$.startsWith("GHSA-"))),p=s.filter($=>$.startsWith("CVE-")),d=s.filter($=>$.startsWith("GHSA-")),u=[...new Set([...o,...p])],k=[...new Set([...a,...d])],m=p.filter($=>!o.has($)).length,b=d.filter($=>!a.has($)).length;if(m===0&&b===0){n.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let h=ne(r);if(u.length>0){const $=`  ignoreCves:
-${u.map(w=>`    - ${w}`).join(`
-`)}
-`;/auditConfig:/.test(h)?h=/ignoreCves:/.test(h)?h.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,$):h.replace(/auditConfig:\s*\n/,`auditConfig:
-${$}`):h=`${h.trimEnd()}
-
-auditConfig:
-${$}`,m>0&&n.push(`Added ${String(m)} new CVE${m===1?"":"s"} to pnpm-workspace.yaml (${String(u.length)} total)`)}if(k.length>0){const $=`  ignoreGhsas:
-${k.map(w=>`    - ${w}`).join(`
-`)}
-`;/auditConfig:/.test(h)&&(h=/ignoreGhsas:/.test(h)?h.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,$):h.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${$}$2`)),b>0&&n.push(`Added ${String(b)} new GHSA${b===1?"":"s"} to pnpm-workspace.yaml (${String(k.length)} total)`)}Ge(r,h);break}case"yarn":{const r=H(t,".yarnrc.yml");if(!K(r)){n.push(".yarnrc.yml not found. Cannot sync.");break}const i=at(t),o=new Set(i.ignoredAdvisories),a=[...new Set([...o,...s])],p=s.filter(k=>!o.has(k)).length;if(p===0){n.push("All advisory IDs already present in .yarnrc.yml.");break}let d=ne(r);const u=`npmAuditIgnoreAdvisories:
-${a.map(k=>`  - "${k}"`).join(`
-`)}
-`;d=/npmAuditIgnoreAdvisories:/.test(d)?d.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,u):`${d.trimEnd()}
-
-${u}`,Ge(r,d),n.push(`Synced ${String(p)} advisor${p===1?"y":"ies"} to .yarnrc.yml (${String(a.length)} total)`);break}default:n.push(`Unknown package manager: ${e}`)}return n},"syncAcceptedRisksToNativeConfig");var ds=Object.defineProperty,z=x((e,t)=>ds(e,"name",{value:t,configurable:!0}),"p$2");const us=["CRITICAL","HIGH","MODERATE","LOW","UNKNOWN"],C=z(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;"),"escapeHtml"),fs=z(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),gs=z((e,t)=>{if(t.length===0)return{kind:"unknown",label:"no fix"};const s=U.coerce(e);if(!s)return{kind:"unknown",label:"non-semver"};let n,r;for(const i of t){const o=U.coerce(i);if(!o)continue;const a=U.diff(s,o);a==="major"||a==="premajor"?n||(n=i):a&&!r&&(r=i)}return r?{kind:"minor-patch",label:`safe to ${r}`}:n?{kind:"major",label:`requires major bump to ${n}`}:{kind:"unknown",label:"no usable fix"}},"breakingMarker"),ze={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},ms=z(e=>{const{acknowledged:t,packageName:s,packageVersion:n,remediation:r,vulnerability:i}=e,{severity:o}=i,a=gs(n,i.fixedVersions),p=i.fixedVersions.length>0?i.fixedVersions.join(", "):"—",d=r?`<code class="copyable" data-cmd="${C(r)}">${C(r)}</code>`:'<span class="muted">advisory only</span>';return`<tr data-severity="${o}" data-package="${C(s)}" data-advisory="${C(i.id)}">
-  <td><span class="badge badge-${o.toLowerCase()}">${o}</span></td>
-  <td><span class="marker marker-${a.kind}" title="${C(a.label)}"></span></td>
-  <td><code>${C(s)}</code></td>
-  <td><code>${C(n)}</code></td>
-  <td><a href="${C(fs(i.id))}" rel="noreferrer noopener" target="_blank">${C(i.id)}</a>${t?' <span class="ack">[acknowledged]</span>':""}</td>
-  <td>${C(i.summary)}</td>
-  <td><code>${C(p)}</code></td>
-  <td>${d}</td>
-</tr>`},"renderRow"),vs=z(e=>{const t=e.now??new Date,s=[...e.findings].sort((d,u)=>{const k=ze[d.vulnerability.severity??"UNKNOWN"]??4,m=ze[u.vulnerability.severity??"UNKNOWN"]??4;return k!==m?k-m:d.packageName.localeCompare(u.packageName)||d.packageVersion.localeCompare(u.packageVersion)}),n={CRITICAL:0,HIGH:0,LOW:0,MODERATE:0,UNKNOWN:0};for(const d of s)n[d.vulnerability.severity??"UNKNOWN"]+=1;const r=s.map(d=>ms(d)).join(`
-`),i=us.filter(d=>n[d]>0).map(d=>`<span class="badge badge-${d.toLowerCase()}">${n[d]} ${d}</span>`).join(" "),o=s.length===0,a=(e.policyDecisions??[]).filter(d=>d.policy!=="vulnerability"),p=[...a].sort((d,u)=>{const k=z(m=>m==="block"?0:m==="warn"?1:2,"rank");return k(d.severity)-k(u.severity)||d.policy.localeCompare(u.policy)||d.packageName.localeCompare(u.packageName)}).map(d=>{const u=d.acceptedRisk?' <span class="ack">[acknowledged]</span>':"";return`<tr>
-  <td><span class="policy-badge policy-${d.severity}">${d.severity.toUpperCase()}</span></td>
-  <td><code>${C(d.policy)}</code></td>
-  <td><code>${C(d.packageName)}</code></td>
-  <td><code>${C(d.version)}</code></td>
-  <td>${C(d.reason)}${u}</td>
-</tr>`}).join(`
-`);return`<!doctype html>
-<html lang="en">
-<head>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<title>vis audit · ${C(t.toISOString().slice(0,10))}</title>
-<style>
-:root {
-  --bg: #0e1116;
-  --fg: #d6dde6;
-  --muted: #8b95a1;
-  --border: #20262e;
-  --row-hover: #161b22;
-  --critical: #ff4757;
-  --high: #ff8c42;
-  --medium: #fbbf24;
-  --low: #38bdf8;
-  --unknown: #6b7280;
-  --major: #ff4757;
-  --minor: #22c55e;
-}
-@media (prefers-color-scheme: light) {
-  :root {
-    --bg: #ffffff;
-    --fg: #1f2328;
-    --muted: #57606a;
-    --border: #d0d7de;
-    --row-hover: #f6f8fa;
-  }
-}
-* { box-sizing: border-box; }
-body { font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: var(--bg); color: var(--fg); margin: 0; padding: 24px; }
-h1 { font-size: 22px; margin: 0 0 8px; }
-.meta { color: var(--muted); font-size: 13px; margin-bottom: 16px; }
-.summary { display: flex; flex-wrap: wrap; gap: 8px; margin-bottom: 20px; }
-.controls { display: flex; gap: 12px; align-items: center; margin-bottom: 12px; }
-.controls input { background: var(--bg); color: var(--fg); border: 1px solid var(--border); padding: 6px 10px; border-radius: 6px; font-size: 13px; min-width: 240px; }
-.controls select { background: var(--bg); color: var(--fg); border: 1px solid var(--border); padding: 6px 10px; border-radius: 6px; font-size: 13px; }
-table { width: 100%; border-collapse: collapse; font-size: 13px; }
-th, td { padding: 8px 10px; border-bottom: 1px solid var(--border); text-align: left; vertical-align: top; }
-th { font-weight: 600; color: var(--muted); cursor: pointer; user-select: none; }
-th:hover { color: var(--fg); }
-tr:hover td { background: var(--row-hover); }
-code { font-family: ui-monospace, "SF Mono", Menlo, monospace; font-size: 12px; }
-code.copyable { cursor: pointer; padding: 2px 4px; border-radius: 4px; }
-code.copyable:hover { background: var(--row-hover); }
-a { color: var(--low); text-decoration: none; }
-a:hover { text-decoration: underline; }
-.muted { color: var(--muted); }
-.ack { color: var(--muted); font-style: italic; font-size: 12px; }
-.badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: 11px; font-weight: 600; text-transform: uppercase; }
-.badge-critical { background: rgba(255, 71, 87, 0.2); color: var(--critical); }
-.badge-high { background: rgba(255, 140, 66, 0.2); color: var(--high); }
-.badge-moderate { background: rgba(251, 191, 36, 0.2); color: var(--medium); }
-.badge-low { background: rgba(56, 189, 248, 0.2); color: var(--low); }
-.badge-unknown { background: rgba(107, 114, 128, 0.2); color: var(--unknown); }
-.marker { display: inline-block; width: 10px; height: 10px; border-radius: 50%; vertical-align: middle; }
-.marker-major { background: var(--major); }
-.marker-minor-patch { background: var(--minor); }
-.marker-unknown { background: var(--unknown); }
-.clean { padding: 32px; text-align: center; color: var(--muted); font-size: 14px; border: 1px dashed var(--border); border-radius: 8px; }
-h2 { font-size: 16px; margin: 24px 0 12px; }
-.policy-badge { display: inline-block; padding: 2px 8px; border-radius: 12px; font-size: 11px; font-weight: 600; }
-.policy-block { background: rgba(255, 71, 87, 0.2); color: var(--critical); }
-.policy-warn { background: rgba(251, 191, 36, 0.2); color: var(--medium); }
-.policy-info { background: rgba(107, 114, 128, 0.2); color: var(--unknown); }
-</style>
-</head>
-<body>
-<h1>vis audit</h1>
-<div class="meta">${C(e.tool.name)} ${C(e.tool.version)} · ${C(t.toISOString())} · ${e.packagesScanned} packages scanned · ${s.length} findings</div>
-<div class="summary">${i||'<span class="badge badge-low">CLEAN</span>'}</div>
-${o?'<div class="clean">No security issues found.</div>':`
-<div class="controls">
-  <input id="filter" type="search" placeholder="Filter by package or advisory…" aria-label="Filter findings" />
-  <select id="severity" aria-label="Filter by severity">
-    <option value="">All severities</option>
-    <option value="CRITICAL">Critical only</option>
-    <option value="HIGH">High and above</option>
-    <option value="MODERATE">Moderate and above</option>
-    <option value="LOW">Low and above</option>
-  </select>
-</div>
-<table id="findings">
-<thead>
-<tr>
-  <th data-sort="severity">Severity</th>
-  <th title="Green = safe upgrade · Red = requires major bump">Δ</th>
-  <th data-sort="package">Package</th>
-  <th>Version</th>
-  <th>Advisory</th>
-  <th>Summary</th>
-  <th>Fix</th>
-  <th>Remediation</th>
-</tr>
-</thead>
-<tbody>
-${r}
-</tbody>
-</table>`}
-${a.length>0?`
-<h2>Policy Decisions (${a.length})</h2>
-<table id="policies">
-<thead>
-<tr>
-  <th>Severity</th>
-  <th>Policy</th>
-  <th>Package</th>
-  <th>Version</th>
-  <th>Reason</th>
-</tr>
-</thead>
-<tbody>
-${p}
-</tbody>
-</table>`:""}
-<script>
-(() => {
-  const rank = { CRITICAL: 0, HIGH: 1, MODERATE: 2, LOW: 3, UNKNOWN: 4 };
-  const filter = document.getElementById('filter');
-  const severity = document.getElementById('severity');
-  const rows = Array.from(document.querySelectorAll('#findings tbody tr'));
-
-  const apply = () => {
-    const q = (filter?.value ?? '').toLowerCase().trim();
-    const minSev = severity?.value ?? '';
-    const sevCap = minSev ? rank[minSev] ?? 4 : 4;
-    for (const row of rows) {
-      const pkg = row.getAttribute('data-package') ?? '';
-      const adv = row.getAttribute('data-advisory') ?? '';
-      const sev = row.getAttribute('data-severity') ?? 'UNKNOWN';
-      const queryHit = !q || pkg.toLowerCase().includes(q) || adv.toLowerCase().includes(q);
-      const sevHit = !minSev || (rank[sev] ?? 4) <= sevCap;
-      row.style.display = queryHit && sevHit ? '' : 'none';
-    }
-  };
-
-  filter?.addEventListener('input', apply);
-  severity?.addEventListener('change', apply);
-
-  // Click-to-copy on remediation cells.
-  document.addEventListener('click', (event) => {
-    const target = event.target;
-    if (!(target instanceof HTMLElement) || !target.classList.contains('copyable')) return;
-    const cmd = target.getAttribute('data-cmd') ?? target.textContent ?? '';
-    navigator.clipboard?.writeText(cmd).then(() => {
-      const orig = target.textContent;
-      target.textContent = '✓ copied';
-      setTimeout(() => { target.textContent = orig; }, 900);
-    }).catch(() => {});
-  });
-})();
-<\/script>
-</body>
-</html>
-`},"emitAuditHtml");var ys=Object.defineProperty,me=x((e,t)=>ys(e,"name",{value:t,configurable:!0}),"u$1");const hs={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},ks={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},xe=me((e,t)=>`pkg:npm/${e}@${t}`,"productId"),$s=me(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Be=me((e,t)=>{const s=new Map;for(const n of e){const r=t(n),i=s.get(r);i?i.push(n):s.set(r,[n])}return s},"groupBy"),bs=me(e=>{const t=e.now??new Date,s=t.toISOString(),n=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,r=[...Be(e.findings,o=>o.packageName).entries()].sort(([o],[a])=>o.localeCompare(a)).map(([o,a])=>({branches:[...new Set(a.map(p=>p.packageVersion))].sort().map(p=>{const d=xe(o,p);return{category:"product_version",name:p,product:{name:`${o}@${p}`,product_id:d,product_identification_helper:{purl:d}}}}),category:"product_name",name:o})),i=[...Be(e.findings,o=>o.vulnerability.id).entries()].sort(([o],[a])=>o.localeCompare(a)).map(([o,a])=>{const p=a[0].vulnerability,d=[...new Set(a.map(w=>xe(w.packageName,w.packageVersion)))].sort(),u=o.startsWith("CVE-"),k=[o,...p.aliases??[]],m=u?o:k.find(w=>w.startsWith("CVE-")),b=k.filter(w=>w!==m).map(w=>({system_name:w.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:w})),h=typeof p.cvssScore=="number"&&Number.isFinite(p.cvssScore)?p.cvssScore:ks[p.severity]??0,$=a.filter(w=>w.acknowledged).map(w=>xe(w.packageName,w.packageVersion));return{...m?{cve:m}:{},...b.length>0?{ids:b}:{},notes:[{category:"description",text:p.summary||`Advisory ${o}`,title:"Advisory description"}],product_status:{known_affected:d},references:[{category:"external",summary:`${o} advisory record`,url:$s(o)}],scores:[{cvss_v3:{baseScore:h,baseSeverity:hs[p.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:d}],title:p.summary.split(`
-`)[0]?.slice(0,200)||o,...$.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:$}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${n}`,tracking:{current_release_date:s,id:n,initial_release_date:s,revision_history:[{date:s,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...r.length>0?{product_tree:{branches:r}}:{},...i.length>0?{vulnerabilities:i}:{}}},"emitCsaf");var ws=Object.defineProperty,oe=x((e,t)=>ws(e,"name",{value:t,configurable:!0}),"c$3");const Ss={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},xs={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},Ce=oe(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Ae=oe(e=>e.startsWith("CVE-")?"NVD":e.startsWith("GHSA-")?"GitHub Advisory Database":"OSV","advisorySourceName"),Je=oe((e,t)=>{const s=new Map;for(const n of e){const r=t(n),i=s.get(r);i?i.push(n):s.set(r,[n])}return s},"groupBy"),Cs=oe((e,t=new Date)=>{const s=Je(e,r=>r.vulnerability.id),n=t.toISOString();return[...s.entries()].sort(([r],[i])=>r.localeCompare(i)).map(([r,i])=>{const o=i[0].vulnerability,a=Ss[o.severity]??"unknown",p=typeof o.cvssScore=="number"&&Number.isFinite(o.cvssScore)?o.cvssScore:xs[o.severity]??0,d=[...Je(i,h=>h.packageName).entries()].sort(([h],[$])=>h.localeCompare($)).map(([h,$])=>{const w=[...new Set($.map(D=>D.packageVersion))].sort();return{ref:_t(h,w[0]),versions:w.map(D=>({status:"affected",version:D}))}}),u=(o.aliases??[]).filter(h=>h!==r).map(h=>({id:h,source:{name:Ae(h),url:Ce(h)}})),k=i.some(h=>h.acknowledged),m=i.every(h=>h.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:k?{state:"in_triage"}:void 0,b=o.fixedVersions??[];return{"bom-ref":`vuln:${r}`,id:r,source:{name:Ae(r),url:Ce(r)},...u.length>0?{references:u}:{},description:o.summary||`Advisory ${r}`,ratings:[{method:"CVSSv31",score:p,severity:a,source:{name:Ae(r),url:Ce(r)}}],...b.length>0?{recommendation:`Upgrade to one of: ${b.join(", ")}`}:{},affects:d,created:n,published:n,...m?{analysis:m}:{}}})},"buildCycloneDxVulnerabilities"),As=oe(e=>{const t=Cs(e.findings,e.now);return{...e.bom,vulnerabilities:t}},"emitCycloneDxVex");var Ns=Object.defineProperty,We=x((e,t)=>Ns(e,"name",{value:t,configurable:!0}),"a$1");const Rs={CRITICAL:"error",HIGH:"error",LOW:"note",MODERATE:"warning",UNKNOWN:"none"},Os={CRITICAL:"9.5",HIGH:"8.0",LOW:"2.5",MODERATE:"5.5",UNKNOWN:"0.0"},Ps={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"none"},Ls=We(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),js=We(e=>typeof e.cvssScore=="number"&&Number.isFinite(e.cvssScore)?e.cvssScore.toFixed(1):Os[e.severity]??"0.0","securitySeverity"),Es=We(e=>{const t=new Map,s=[],n=e.artifactUri??(Kt(e.workspaceRoot,zt(e.workspaceRoot,"package.json"))||"package.json");for(const o of e.findings){const{acknowledged:a,packageName:p,packageVersion:d,vulnerability:u}=o,k=Rs[u.severity]??"none",m=Ps[u.severity]??"none";t.has(u.id)||t.set(u.id,{defaultConfiguration:{level:k},fullDescription:{text:u.summary||`Advisory ${u.id}`},helpUri:Ls(u.id),id:u.id,name:u.id,properties:{precision:"very-high","security-severity":js(u),"severity-label":m,tags:["security","vulnerability","supply-chain",`severity:${m}`]},shortDescription:{text:(u.summary.split(`
-`)[0]??u.id).slice(0,200)}}),s.push({level:k,locations:[{logicalLocations:[{kind:"package",name:`${p}@${d}`}],physicalLocation:{artifactLocation:{uri:n}}}],message:{text:`${u.id}: ${p}@${d} — ${u.summary||"no summary"}${u.fixedVersions.length>0?` (fix: ${u.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:u.id,package:p,version:d},properties:{...a?{acknowledged:!0}:{},...u.aliases&&u.aliases.length>0?{aliases:u.aliases}:{},...typeof u.cvssScore=="number"?{cvssScore:u.cvssScore}:{},...u.fixedVersions.length>0?{fixedVersions:u.fixedVersions}:{},packageName:p,packageVersion:d,severityLabel:m},ruleId:u.id})}const r={block:"error",info:"note",warn:"warning"},i={block:"high",info:"none",warn:"medium"};for(const o of e.policyDecisions??[]){if(o.policy==="vulnerability")continue;const a=`vis.policy.${o.policy}`,p=r[o.severity],d=i[o.severity];t.has(a)||t.set(a,{defaultConfiguration:{level:p},fullDescription:{text:`vis policy '${o.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${o.policy}`,id:a,name:a,properties:{precision:"high","security-severity":o.severity==="block"?"8.0":o.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${o.policy}`]},shortDescription:{text:`vis policy: ${o.policy}`}}),s.push({level:p,locations:[{logicalLocations:[{kind:"package",name:`${o.packageName}@${o.version}`}],physicalLocation:{artifactLocation:{uri:n}}}],message:{text:o.reason},partialFingerprints:{package:o.packageName,policy:o.policy,version:o.version},properties:{...o.acceptedRisk?{acknowledged:!0}:{},packageName:o.packageName,packageVersion:o.version,severityLabel:d},ruleId:a})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:s,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Is=Object.defineProperty,B=x((e,t)=>Is(e,"name",{value:t,configurable:!0}),"c$2");const Ds=["dependencies","devDependencies","optionalDependencies","peerDependencies"],Ye=B(e=>{try{return{path:e,pkg:nt(e)}}catch{return}},"readPackageJsonSafe"),Ws=B(e=>{const t=[],s=Ye(H(e,"package.json"));s&&t.push({path:s.path,pkg:s.pkg,workspaceName:s.pkg.name});const n=Ot(e);let r;if(n?r=n:s?.pkg.workspaces&&(Array.isArray(s.pkg.workspaces)?r=s.pkg.workspaces:s.pkg.workspaces.packages&&(r=s.pkg.workspaces.packages)),!r)return t;for(const i of Pt(e,r)){const o=Ye(H(e,i,"package.json"));o&&t.push({path:o.path,pkg:o.pkg,workspaceName:o.pkg.name})}return t},"collectWorkspaceManifests"),Ms=B((e,t)=>{const s=[];for(const n of e)for(const r of Ds){const i=n.pkg[r]?.[t];typeof i=="string"&&s.push({field:r,manifest:n,range:i})}return s},"findDeclarations"),ct=B(e=>{const t=Ws(e.workspaceRoot),s=[],n=[],r=[],i=new Set;for(const o of e.findings){const a=o.vulnerability.fixedVersions[0];if(!a){r.push({packageName:o.packageName,reason:"no-fixed-version"});continue}const p=Ms(t,o.packageName);if(p.length===0){r.push({packageName:o.packageName,reason:"transitive-only"});continue}const d=U.coerce(a),u=d?`^${d.version}`:a,k=d?d.version:a;for(const m of p){const b=`${m.manifest.path}::${m.field}::${o.packageName}::${k}`;if(i.has(b))continue;i.add(b);const h=Hs(k,m.range),$={currentRange:m.range,field:m.field,inRange:h,manifestPath:m.manifest.path,packageName:o.packageName,targetSpec:u,targetVersion:k,workspaceName:m.manifest.workspaceName};h||e.allowMajor===!0?s.push($):n.push($)}}return{apply:s,skippedMajor:n,unmatched:r}},"buildDirectApplyPlan"),Fs=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,Hs=B((e,t)=>{if(Fs.test(t))return!0;const s=U.coerce(e)?.version??e;try{return U.satisfies(s,t)}catch{return!0}},"satisfiesRange"),Vs=B(e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const s of e.apply){const n=s.workspaceName?` [${s.workspaceName}]`:"";t.push(`  + ${s.packageName}: ${s.currentRange} → ${s.targetSpec}${n}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const s of e.skippedMajor){const n=s.workspaceName?` [${s.workspaceName}]`:"";t.push(`  ! ${s.packageName}: ${s.currentRange} → ${s.targetSpec}${n}`)}}if(e.unmatched.length>0){const s=e.unmatched.filter(r=>r.reason==="transitive-only"),n=e.unmatched.filter(r=>r.reason==="no-fixed-version");if(s.length>0){t.push(`Transitive only (${String(s.length)}, requires --fix-transitive):`);for(const r of s)t.push(`  · ${r.packageName}`)}if(n.length>0){t.push(`No fixed version available (${String(n.length)}):`);for(const r of n)t.push(`  · ${r.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
-`)},"formatDirectApplyPlan");var Ts=Object.defineProperty,E=x((e,t)=>Ts(e,"name",{value:t,configurable:!0}),"i");const Us={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},Gs={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},lt=E(e=>Gs[e.toLowerCase()]??e,"canonicalEcosystem"),_s=E((e,t)=>{const s=lt(t),n=Us[s]??[];for(const r of n){const i=H(e,r);if(Ze(i))return i}},"findEcosystemLockfile"),qs=E(e=>{const t=new Set,s=[];for(const n of e){const r=`${n.name}@${n.version}`;t.has(r)||(t.add(r),s.push(n))}return s},"dedupe"),Ks=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,zs=/^\s*name\s*=\s*"([^"]+)"\s*$/m,Bs=/^\s*version\s*=\s*"([^"]+)"\s*$/m,Js=E(e=>{const t=[];for(const s of e.matchAll(Ks)){const n=s[1]??"",r=zs.exec(n)?.[1],i=Bs.exec(n)?.[1];r&&i&&t.push({isDev:!1,name:r,version:i})}return t},"parseTomlPackages"),Ys=E(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const s=[];for(const n of["default","develop"]){const r=t[n];if(!(typeof r!="object"||r===null))for(const[i,o]of Object.entries(r)){if(typeof o!="object"||o===null)continue;const a=o.version;if(typeof a!="string")continue;const p=a.replace(/^==/,"").trim();p.length>0&&s.push({isDev:!1,name:i,version:p})}}return s},"parsePipfileLock"),Xs=/<dependency>([\s\S]*?)<\/dependency>/g,Zs=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,Qs=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,en=/<version>\s*([^<\s]+)\s*<\/version>/,tn=E(e=>{const t=[];for(const s of e.matchAll(Xs)){const n=s[1]??"",r=Zs.exec(n)?.[1],i=Qs.exec(n)?.[1],o=en.exec(n)?.[1];!r||!i||!o||o.startsWith("${")||t.push({isDev:!1,name:`${r}:${i}`,version:o})}return t},"parsePomXml"),sn=E(e=>{const t=[];for(const s of e.split(/\r?\n/)){const n=s.trim();if(n.length===0||n.startsWith("#"))continue;const r=n.indexOf("="),i=(r===-1?n:n.slice(0,r)).split(":");if(i.length<3)continue;const[o,a,p]=i;!o||!a||!p||t.push({isDev:!1,name:`${o}:${a}`,version:p})}return t},"parseGradleLockfile"),nn=E(e=>{const t=[];for(const s of e.split(/\r?\n/)){const n=s.trim();if(n.length===0)continue;const r=n.split(/\s+/);if(r.length<3)continue;const[i,o]=r;if(!i||!o?.endsWith("/go.mod"))continue;const a=o.slice(0,-7);a.length!==0&&t.push({isDev:!1,name:i,version:a})}return t},"parseGoSum"),rn=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,on=E(e=>{const t=[];let s=!1,n=!1;for(const r of e.split(/\r?\n/)){if(r.startsWith("GEM")){s=!0,n=!1;continue}if(s&&/^[A-Z]/.test(r)){s=!1,n=!1;continue}if(s&&r.trim()==="specs:"){n=!0;continue}if(n){const i=rn.exec(r);if(i){const[,o,a]=i;o&&a&&t.push({isDev:!1,name:o,version:a})}}}return t},"parseGemfileLock"),an=E((e,t)=>{const s=_s(e,t);if(!s)return[];let n;try{n=Qe(s,"utf8")}catch{return[]}const r=s.split(/[/\\]/).pop()??"";let i;switch(r){case"Cargo.lock":case"poetry.lock":case"uv.lock":{i=Js(n);break}case"Gemfile.lock":{i=on(n);break}case"go.sum":{i=nn(n);break}case"gradle.lockfile":{i=sn(n);break}case"Pipfile.lock":{i=Ys(n);break}case"pom.xml":{i=tn(n);break}default:return[]}return qs(i)},"lockedPackagesForEcosystem"),pt=["firstSeen","installScripts","license","malware","publisherChange","score","unexpectedDeps","vulnerability"];var cn=Object.defineProperty,ln=x((e,t)=>cn(e,"name",{value:t,configurable:!0}),"n$1");const pn=ln((e,t)=>{const s=t.security?.policies?.installScripts;if(!s)return[];const n=s.allow??{},r=s.strict===!0;if(!r&&Object.keys(n).length===0)return[];const i=Qt(e.workspaceRoot,n,{pinVersions:t.security?.pinVersions===!0});if(i.unapproved.length===0)return[];const o=t.security?.acceptedRisks,a=r?"block":"warn";return i.unapproved.map(p=>({acceptedRisk:G(p.name,p.version??"*",o,"installScripts"),data:{hooks:p.hooks},packageName:p.name,policy:"installScripts",reason:`${p.name}${p.version?`@${p.version}`:""} declares unapproved build script(s): ${p.hooks.join(", ")}`,severity:a,version:p.version??"*"}))},"evaluateInstallScriptsPolicy");var dn=Object.defineProperty,ie=x((e,t)=>dn(e,"name",{value:t,configurable:!0}),"a");const un=new Set(["AND","OR"]),fn=ie(e=>{const t=e.replaceAll("("," ").replaceAll(")"," ").split(/\s+/).map(r=>r.trim()).filter(r=>r.length>0),s=[];let n=!1;for(const r of t){const i=r.toUpperCase();if(n){n=!1;continue}if(i==="WITH"){n=!0;continue}if(un.has(i))continue;const o=r.endsWith("+"),a=o?r.slice(0,-1):r,p=De(a)??a;s.push(p),o&&s.push(`${p}-or-later`)}return s},"extractSpdxLeaves"),gn=ie(e=>{if(typeof e.license=="string"){const t=e.license.trim();return t.length>0?t:void 0}if(e.license&&typeof e.license=="object"&&typeof e.license.type=="string"){const t=e.license.type.trim();if(t.length>0)return t}if(Array.isArray(e.licenses)&&e.licenses.length>0){const t=e.licenses.map(s=>s&&typeof s.type=="string"?s.type.trim():"").filter(s=>s.length>0);if(t.length>0)return t.length===1?t[0]:`(${t.join(" OR ")})`}},"declaredLicense"),mn=ie((e,t)=>{if(t.length===0)return;const s=new Set(t.map(n=>De(n)??n).map(n=>n.toLowerCase()));for(const n of e)if(s.has(n.toLowerCase()))return n},"findDeniedLeaf"),vn=ie((e,t)=>{if(t.length===0)return;const s=new Set(t.map(n=>De(n)??n).map(n=>n.toLowerCase()));for(const n of e)if(!s.has(n.toLowerCase()))return n},"findUnallowedLeaf"),yn=ie((e,t)=>{const s=t.security?.policies?.license;if(!s)return[];const n=s.allow??[],r=s.deny??[];if(n.length===0&&r.length===0)return[];const i=t.security?.acceptedRisks,o=[];for(const a of e.packages){const p=e.manifestData?.get(`${a.name}@${a.version}`),d=p?gn(p):void 0;if(!d){n.length>0&&o.push({acceptedRisk:G(a.name,a.version,i,"license"),data:{declaredLicense:null},packageName:a.name,policy:"license",reason:`${a.name}@${a.version} declares no license; allow-list mode requires one of: ${n.join(", ")}`,severity:"block",version:a.version});continue}const u=fn(d),k=mn(u,r);if(k){o.push({acceptedRisk:G(a.name,a.version,i,"license"),data:{declaredLicense:d,deniedLicense:k},packageName:a.name,policy:"license",reason:`${a.name}@${a.version} uses denied license '${k}' (declared: ${d})`,severity:"block",version:a.version});continue}const m=vn(u,n);m&&o.push({acceptedRisk:G(a.name,a.version,i,"license"),data:{allowList:n,declaredLicense:d,unallowedLicense:m},packageName:a.name,policy:"license",reason:`${a.name}@${a.version} uses license '${m}' which is not on the allow-list (declared: ${d})`,severity:"block",version:a.version})}return o},"evaluateLicensePolicy");var hn=Object.defineProperty,ve=x((e,t)=>hn(e,"name",{value:t,configurable:!0}),"l$1");const kn=ve(e=>{for(const t of Object.values(ot))if(e===t.file||e.endsWith(`/${t.file}`)||e.endsWith(`.${t.file}`))return t.type},"detectLockfileType"),$n=ve((e,t,s)=>{const n=Gt(t)?t:rt(e,t);let r;try{r=ne(n)}catch{return}const i=kn(n)??ot[s]?.type;if(!i)return;const o=es(r,i);if(o.length===0)return;const a=new Set;for(const p of o)a.add(`${p.name}@${p.version}`);return a},"loadBaselineKeys"),bn=ve((e,t)=>{for(const s of t)if(s===e||s.endsWith("*")&&e.startsWith(s.slice(0,-1)))return!0;return!1},"matchesAllowList"),wn=ve((e,t)=>{const s=t.security?.policies?.unexpectedDeps;if(!s)return[];const n=s.allow??[],r=s.baselineLockfile;if(n.length===0&&!r)return[];const i=r?$n(e.workspaceRoot,r,e.packageManager):void 0,o=t.security?.acceptedRisks,a=[];for(const p of e.packages){const d=n.length===0||bn(p.name,n),u=i?i.has(`${p.name}@${p.version}`):!0;if(d&&u)continue;const k=[],m={};d||(k.push(`not on allow-list (${n.length} entr${n.length===1?"y":"ies"})`),m.allowList=n),!u&&i&&(k.push(`not present in baseline lockfile (${r})`),m.baselineLockfile=r),a.push({acceptedRisk:G(p.name,p.version,o,"unexpectedDeps"),data:m,packageName:p.name,policy:"unexpectedDeps",reason:`${p.name}@${p.version} is unexpected: ${k.join("; ")}`,severity:"block",version:p.version})}return a},"evaluateUnexpectedDepsPolicy");var Sn=Object.defineProperty,xn=x((e,t)=>Sn(e,"name",{value:t,configurable:!0}),"E$2");const Xe={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},se=xn((e,t)=>{const s=Xe[t.toUpperCase()]??2;return(Xe[e.toUpperCase()]??4)<=s},"severityPassesFilter");var Cn=Object.defineProperty,An=x((e,t)=>Cn(e,"name",{value:t,configurable:!0}),"c$1");const Nn=An((e,t)=>{if(!e.osvFindings||e.osvFindings.size===0)return[];const s=t.security?.policies?.vulnerability?.failOn,n=t.security?.acceptedRisks,r=[];for(const i of e.packages){const o=e.osvFindings.get(i.name);if(!(!o||o.length===0))for(const a of o){const p=s?se(a.severity,s)?"block":"warn":"info";r.push({acceptedRisk:G(i.name,i.version,n,"vulnerability"),data:{advisoryId:a.id,aliases:a.aliases??[],cvssScore:a.cvssScore,fixedVersions:a.fixedVersions,severity:a.severity,summary:a.summary},packageName:i.name,policy:"vulnerability",reason:`${a.severity} ${a.id} affects ${i.name}@${i.version}: ${a.summary}`,severity:p,version:i.version})}}return r},"evaluateVulnerabilityPolicy");var Rn=Object.defineProperty,T=x((e,t)=>Rn(e,"name",{value:t,configurable:!0}),"n");const dt=[{evaluate:Nn,isConfigured:T(e=>e.security?.policies?.vulnerability!==void 0,"isConfigured"),name:"vulnerability",offlineSupported:!0,surfaces:["audit","doctor"]},{evaluate:yn,isConfigured:T(e=>{const t=e.security?.policies?.license;return!!(t&&(t.allow&&t.allow.length>0||t.deny&&t.deny.length>0))},"isConfigured"),name:"license",offlineSupported:!0,surfaces:["audit","doctor","install"]},{evaluate:pn,isConfigured:T(e=>{const t=e.security?.policies?.installScripts;return!!(t&&(t.allow&&Object.keys(t.allow).length>0||t.strict===!0))},"isConfigured"),name:"installScripts",offlineSupported:!0,surfaces:["audit","doctor","install"]},{evaluate:wn,isConfigured:T(e=>{const t=e.security?.policies?.unexpectedDeps;return!!(t&&(t.allow&&t.allow.length>0||typeof t.baselineLockfile=="string"))},"isConfigured"),name:"unexpectedDeps",offlineSupported:!0,surfaces:["audit","doctor","install"]}],On=T((e,t,s)=>dt.filter(n=>n.surfaces.includes(e)?s!==void 0?s.has(n.name):n.isConfigured(t):!1),"selectModules"),Pn=T(async(e,t,s)=>{const n=On(t,s.visConfig,s.enabledPolicies),r=[];for(const i of n){if(e.offline&&!i.offlineSupported){r.push({packageName:"*",policy:i.name,reason:`policy.${i.name} skipped: requires network (--offline)`,severity:"info",version:"*"});continue}try{const o=await i.evaluate(e,s.visConfig);r.push(...o)}catch(o){const a=o instanceof Error?o.message:String(o);r.push({packageName:"*",policy:i.name,reason:`policy.${i.name} failed: ${a}`,severity:"info",version:"*"})}}return r},"evaluatePolicies"),Ln=(()=>{const e=new Map;for(const t of pt)e.set(t.toLowerCase(),t);return e})(),jn=T(()=>dt.map(e=>e.name),"getRegisteredPolicyNames"),En=T((e,t)=>{if(e===void 0)return;const s=e.trim().toLowerCase();if(s===""||s==="none")return new Set;if(s==="all")return new Set(pt);const n=new Set;for(const r of e.split(",").map(i=>i.trim()).filter(i=>i.length>0)){const i=r.replace(/^_+/,"").replaceAll(/_+([a-z])/g,(a,p)=>p.toUpperCase()),o=Ln.get(i.toLowerCase());o===void 0?t?.(r):n.add(o)}return n},"parsePoliciesFlag");var In=Object.defineProperty,re=x((e,t)=>In(e,"name",{value:t,configurable:!0}),"c");const Dn=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Wn=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],Mn=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Fn=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,Hn=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Vn=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Tn=re(e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const s=t.split("/");return s.length<2?void 0:`${s[0]}/${s[1]}`}return t.split("/")[0]}},"normalizePackageName"),Un=re(e=>{const t=new Set,s=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),n=re(r=>{r.lastIndex=0;let i;for(;(i=r.exec(s))!==null;){const o=Tn(i[1]);o&&t.add(o)}},"collect");return n(Fn),n(Hn),n(Vn),t},"extractImportedNames"),Gn=re(e=>{const t=new Set;try{const s=nt(e);for(const n of Mn){const r=s[n];if(r&&typeof r=="object"&&!Array.isArray(r))for(const i of Object.keys(r))t.add(i)}}catch{}return t},"extractPackageJsonNames"),_n=re(e=>{const t=e.skip??Wn,s=e.extensions??Dn,n=new Set;let r=0;const i=Ke(e.workspaceRoot,{extensions:s,includeDirs:!1,skip:t});for(const p of i){r+=1;try{const d=Qe(p,"utf8");for(const u of Un(d))n.add(u)}catch{}}const o=Ke(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(p=>p.endsWith("/package.json")||p.endsWith(String.raw`\package.json`)||p.endsWith("package.json"));for(const p of o)for(const d of Gn(p))n.add(d);if(e.alwaysAssumeUsed)for(const p of e.alwaysAssumeUsed)n.add(p);const a=new Set;for(const p of e.vulnerablePackages)n.has(p)&&a.add(p);return{filesScanned:r,importedTotal:n,reachable:a}},"computeReachableVulnerablePackages");var qn=Object.defineProperty,I=x((e,t)=>qn(e,"name",{value:t,configurable:!0}),"o");const Kn=I(e=>{const t=U.coerce(e)?.major;return t!==void 0&&t>=10},"PNPM_V10_PLUS"),zn=I(e=>Object.fromEntries(Object.entries(e).sort(([t],[s])=>t.localeCompare(s))),"sortByKey"),Bn=I((e,t)=>`${JSON.stringify(e,void 0,t)}
-`,"stringifyJson"),ut=I((e,t)=>{if(t.name==="pnpm"&&Kn(t.version))return{filePath:H(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const s=H(e,"package.json");return t.name==="pnpm"?{filePath:s,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:s,surface:"package.json#resolutions"}:{filePath:s,surface:"package.json#overrides"}},"resolveOverrideSurface"),Jn=I((e,t)=>{const{filePath:s,surface:n}=ut(e,t);if(!K(s))return{};if(n==="pnpm-workspace.yaml")try{return Ee(s)?.overrides??{}}catch{return{}}try{const r=JSON.parse(ne(s));return n==="package.json#pnpm.overrides"?(r.pnpm??{}).overrides??{}:n==="package.json#resolutions"?r.resolutions??{}:r.overrides??{}}catch{return{}}},"readExistingOverrides"),Yn=I((e,t)=>{const s=Object.keys(t).sort();if(s.length===0&&!/^overrides\s*:/m.test(e))return e;const n=`overrides:
-${s.map(r=>`  '${r}': '${t[r]}'`).join(`
-`)}
-`;if(e.length===0)return n;if(/^overrides\s*:/m.test(e)){const r=e.replace(/^overrides\s*:[^\n]*\n(?:[ \t][^\n]*\n)*/m,n);return r.endsWith(`
-`)?r:`${r}
-`}return`${e.endsWith(`
-`)?e:`${e}
-`}
-${n}`},"renderPnpmWorkspaceOverrides"),Xn=I((e,t,s,n)=>{const r=Lt(e,t.length>0?t:void 0),i=t.length>0?JSON.parse(t):{};if(s==="package.json#pnpm.overrides"){const o=i.pnpm??{};o.overrides=n,i.pnpm=o}else s==="package.json#resolutions"?i.resolutions=n:i.overrides=n;return Bn(i,r)},"renderPackageJsonWithOverrides"),Zn=I((e,t,s)=>{const{filePath:n,surface:r}=ut(e,s),i=Jn(e,s),o=K(n)?ne(n):"",a=[],p={...i};for(const m of t.entries){const b=i[m.packageName];if(b===m.spec){a.push({...m,previousSpec:b,status:"unchanged"});continue}b===void 0?a.push({...m,status:"added"}):a.push({...m,previousSpec:b,status:"updated"}),p[m.packageName]=m.spec}const d=zn(p),u=a.some(m=>m.status!=="unchanged"),k=r==="pnpm-workspace.yaml"?Yn(o,d):Xn(n,o,r,d);return{changed:u,entries:a,filePath:n,nextContent:k,previousContent:o,surface:r}},"planOverrideWrite"),Qn=I(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{et(t,e.nextContent),Ct(t,e.filePath)}catch(s){try{At(t)}catch{}throw s}return e},"applyOverridePlan"),er=I(e=>{const t=new Map;for(const s of e){const n=s.vulnerability.fixedVersions[0];if(!n)continue;const r=U.coerce(n),i=r?`^${r.version}`:n;t.set(s.packageName,i)}return{entries:[...t.entries()].sort(([s],[n])=>s.localeCompare(n)).map(([s,n])=>({packageName:s,spec:n}))}},"buildOverridePlanFromFindings");var tr=Object.defineProperty,R=x((e,t)=>tr(e,"name",{value:t,configurable:!0}),"y");const sr={critical:Ie,high:st,low:tt,medium:fe},Pe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),nr=R(e=>{const t=(e??"npm").split(",").map(r=>r.trim()).filter(r=>r.length>0),s=t.length>0?t:["npm"],n=s.filter(r=>!Pe.has(r.toLowerCase()));return{all:s,unsupported:n}},"parseEcosystems"),rr={CRITICAL:Ie,HIGH:st,LOW:tt,MODERATE:fe,UNKNOWN:j},or=R((e,t,s,n)=>{const r=rr[s.severity]??j,i=n?` ${j("[acknowledged]")}`:"",o=s.fixedVersions??[],a=o.length>0?` (fix: ${o.join(", ")})`:"";return`  ${r(s.severity)} ${s.id} — ${e}@${t}${i}
-    ${s.summary}${a}`},"formatVulnLine"),ir=R((e,t)=>{const s=jt(e),n=`${String(Math.round(e.score.overall*100))}%`,r=t?` ${j("[acknowledged]")}`:"",i=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return`  ${n} ${s}@${e.version} (${Et(e.score.overall)}${i})${r}`},"formatSocketLine"),ar=R(async(e,t,s,n)=>{const r=t.severity??"low",i=t.format??"table",o=i==="sarif",a=i==="csaf",p=i==="cyclonedx-vex"||i==="cyclonedx",d=i==="json"||!!t.json,u=t.report,k=s?.security?.audit,m=s?.security?.policies,b=t.offline===void 0?!!k?.offlineByDefault:!!t.offline,h=t.db,$=nr(t.ecosystem),w=!!t.prodOnly,D=t.failOn??m?.vulnerability?.failOn,mt=!!t.showFixes,ae=!!t.showAccepted,vt=s?.security?.socket,ye=s?.security?.acceptedRisks,Me=m?.vulnerability?.usage,yt=t.noUsage?!1:t.usage===void 0?!!Me?.enabled:!!t.usage,W=d||o||a||p,L=It(e),A=cs(e,L.name);if(b){const c=h??Jt(e);if(!Ze(c)){const l=new _e(c);W?process.stderr.write(`${l.message}
-`):f.error(l.message),process.exitCode=1;return}}!W&&(A.ignoredAdvisories.length>0||A.excludedPackages.length>0)&&f.info(`Loaded ${String(A.ignoredAdvisories.length)} ignored advisor${A.ignoredAdvisories.length===1?"y":"ies"} and ${String(A.excludedPackages.length)} excluded package${A.excludedPackages.length===1?"":"s"} from ${L.name} config.`),!W&&$.unsupported.length>0&&f.warn(`Ecosystems ${$.unsupported.map(c=>`'${c}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const M=Yt(e,L.name,{includeDev:!w});if(M.length===0){f.info(`No ${L.name} lockfile entries found. Run ${L.name} install first.`);return}if(!W){const c=w?"production-only packages":"installed packages";f.info(`Scanning ${String(M.length)} ${c}${b?" (offline)":""}…`)}const he=M.map(c=>({name:c.name,version:c.version})),J=b||Dt("socket")?void 0:Wt(vt,m?.score?.minimum),ce=J?.minimumScore??m?.score?.minimum??Tt,V=Xt(e,L.name),ht=[{id:"vulnerabilities",label:b?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...J?[{id:"socket",label:"Socket.dev supply-chain reports"}]:[]],F=Bt(ht,{live:!W}),kt=Date.now(),q=R(c=>{const l=Date.now()-c;return l>=1e3?`${(l/1e3).toFixed(1)}s`:`${String(Math.round(l))}ms`},"fmtElapsed");let ke,$e;try{const c=Date.now(),l=Date.now();F.start("vulnerabilities"),J&&F.start("socket");const v=b?Promise.resolve().then(()=>qe(he,{dbPath:h,ecosystem:$.all.find(g=>Pe.has(g.toLowerCase()))??"npm",workspaceRoot:e})).then(g=>{let y=0;for(const S of g.values())y+=S.length;return F.finish("vulnerabilities",y>0?"warn":"ok",y>0?`${String(y)} found · ${q(c)}`:`none found · ${q(c)}`),g}).catch(g=>{const y=g instanceof Error?g.message:String(g);if(F.finish("vulnerabilities","error",y),g instanceof _e)throw g;return new Map}):Mt(he).then(g=>{let y=0;for(const S of g.values())y+=S.length;return F.finish("vulnerabilities",y>0?"warn":"ok",y>0?`${String(y)} found · ${q(c)}`:`none found · ${q(c)}`),g}).catch(g=>{const y=g instanceof Error?g.message:String(g);return F.finish("vulnerabilities","error",y),new Map});[ke,$e]=await Promise.all([v,J?Ft(he,J).then(g=>{let y=0,S=0;for(const Q of g.values())y+=Q.alerts.length,Q.score.overall<ce&&(S+=1);const P=y+S;return F.finish("socket",P>0?"warn":"ok",P>0?`${String(y)} alert${y===1?"":"s"}, ${String(S)} low-score · ${q(l)}`:`clean · ${q(l)}`),g}).catch(g=>{const y=g instanceof Error?g.message:String(g);return F.finish("socket","error",y),new Map}):Promise.resolve(new Map)])}finally{F.stop()}d||f.info(j(`Scan completed in ${q(kt)}`));const le=[];for(const c of M){if(ls(c.name,A))continue;const l=ke.get(c.name)??[],v=$e.get(`${c.name}@${c.version}`),g=G(c.name,c.version,ye),y=l.length>0,S=v?v.score.overall<ce:!1,P=v?v.alerts.length>0:!1;(y||S||P)&&le.push({acceptedRisk:g,name:c.name,socketReport:v,version:c.version,vulnerabilities:l})}if(b){const c=$.all.filter(l=>Pe.has(l.toLowerCase())&&l.toLowerCase()!=="npm");for(const l of c){const v=lt(l),g=an(e,v);if(g.length!==0){W||f.info(j(`Scanning ${String(g.length)} ${v} packages…`));try{const y=qe(g.map(S=>({name:S.name,version:S.version})),{dbPath:h,ecosystem:v,workspaceRoot:e});for(const S of g){const P=y.get(S.name)??[];P.length!==0&&le.push({acceptedRisk:G(S.name,S.version,ye),name:S.name,version:S.version,vulnerabilities:P})}}catch(y){const S=y instanceof Error?y.message:String(y);f.warn(`Failed to scan ${v}: ${S}`)}}}}let N=le.filter(c=>{const l=c.vulnerabilities.some(y=>se(y.severity,r)),v=c.socketReport?.alerts.some(y=>se(y.severity==="medium"?"MODERATE":y.severity.toUpperCase(),r)),g=c.socketReport&&c.socketReport.score.overall<ce;return l||v||g});const $t=t.policies,be=[],O=await(async()=>{const c=jn().map(P=>`'${P}'`).join(", "),l=En($t,P=>{be.push(P);const Q=`Unknown policy '${P}' — ignoring. Available: ${c}.`;W?process.stderr.write(`vis audit: ${Q}
-`):f.warn(Q)});if(l?.size===0)return[];const v=s?.security?.policies?.license,g=!!(v&&((v.allow?.length??0)>0||(v.deny?.length??0)>0)),y=l===void 0||l.has("license"),S=g&&y?Zt(e):void 0;return Pn({manifestData:S,offline:b,osvFindings:ke,packageManager:L.name,packages:M,socketReports:$e,workspaceRoot:e},"audit",{enabledPolicies:l,visConfig:s??{}})})();if(yt){const c=new Set(N.filter(v=>v.vulnerabilities.length>0).map(v=>v.name)),l=_n({alwaysAssumeUsed:Me?.alwaysAssumeUsed,vulnerablePackages:c,workspaceRoot:e});N=N.filter(v=>v.vulnerabilities.length===0?!0:l.reachable.has(v.name)),W||f.info(j(`Reachability filter: ${String(l.reachable.size)}/${String(c.size)} vulnerable packages reachable (${String(l.filesScanned)} files scanned).`))}const Y=R(()=>N.flatMap(c=>c.vulnerabilities.map(l=>({acknowledged:!!c.acceptedRisk||te(l.id,A,l.aliases),packageName:c.name,packageVersion:c.version,vulnerability:l}))),"findingsForReport"),Fe=!!t.fix,He=!!t.fixTransitive,Ve=!!t.yes,bt=!!t.allowMajor;if(Fe||He){const c=Y().filter(l=>!l.acknowledged);if(Fe){const l=await lr({actionableFindings:c,allowMajor:bt,pm:L,visConfig:s,workspaceRoot:e,yes:Ve});if(l!==void 0){process.exitCode=l;return}}if(He){const l=await pr({actionableFindings:c,pm:L,visConfig:s,workspaceRoot:e,yes:Ve});if(l!==void 0){process.exitCode=l;return}}}if(o){const c=Es({findings:Y(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(c,void 0,2)}
-`),Ne(N,A,t.exitCode,D,O);return}if(a){const c=bs({findings:Y(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(c,void 0,2)}
-`),Ne(N,A,t.exitCode,D,O);return}if(p){const{packageJsons:c,workspace:l}=Ht(e,s),v=Vt(e,l,c),g=qt({includeDev:!w,projectGraph:v,workspace:l,workspaceRoot:e}),y=As({bom:g,findings:Y()});process.stdout.write(`${JSON.stringify(y,void 0,2)}
-`),Ne(N,A,t.exitCode,D,O);return}if(u){const c=vs({findings:Y(),packagesScanned:M.length,policyDecisions:O,tool:{name:"vis-audit",version:"alpha"},workspaceRoot:e}),l=rt(e,u);et(l,c,"utf8"),W||f.success(`HTML report written to ${l}`)}if(d){const c={duplicates:V.map(l=>({name:l.name,versionCount:l.versions.length,versions:l.versions})),packages:M.length,policies:O.map(l=>({acceptedRisk:l.acceptedRisk??null,data:l.data??null,packageName:l.packageName,policy:l.policy,reason:l.reason,severity:l.severity,version:l.version})),results:N.map(l=>({acceptedRisk:l.acceptedRisk??null,name:l.name,socketAlerts:l.socketReport?.alerts??[],socketScore:l.socketReport?.score.overall??null,version:l.version,vulnerabilities:l.vulnerabilities})),summary:{accepted:N.filter(l=>l.acceptedRisk).length,duplicatePackages:V.length,issues:N.filter(l=>!l.acceptedRisk).length,policyBlocks:O.filter(l=>l.severity==="block"&&!l.acceptedRisk).length,policyDecisions:O.length,total:N.length},warnings:be.length>0?be.map(l=>({kind:"unknown-policy",token:l})):[]};process.stdout.write(`${JSON.stringify(c,void 0,2)}
-`),t.exitCode&&(c.summary.issues>0||c.summary.policyBlocks>0)&&(process.exitCode=1),Le(N,A,D,O);return}if(N.length===0){f.success(`No security issues found across ${String(M.length)} packages.`);return}const X={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const c of N)for(const l of c.vulnerabilities)if(se(l.severity,r)){const v=l.severity==="UNKNOWN"?"LOW":l.severity;X[v]?.push({entry:c,vuln:l})}let pe=0,we=0;for(const c of["CRITICAL","HIGH","MODERATE","LOW"]){const l=X[c];if(!(!l||l.length===0)){f.info(`
-── ${c} (${String(l.length)}) ──`);for(const{entry:v,vuln:g}of l){const y=!!v.acceptedRisk||te(g.id,A,g.aliases);y&&(we++,!ae)||(pe++,f.info(or(v.name,v.version,g,y)),mt&&(g.fixedVersions??[]).length>0&&f.notice(`    Fix: update to ${g.fixedVersions.at(-1)}`))}}}const Z=N.filter(c=>c.socketReport&&(c.socketReport.score.overall<ce||c.socketReport.alerts.length>0));if(Z.length>0){f.info(`
-── Socket.dev Supply Chain (${String(Z.length)}) ──`);for(const c of Z){if(!c.socketReport)continue;const l=!!c.acceptedRisk;if(!(l&&!ae)){f.info(ir(c.socketReport,l));for(const v of c.socketReport.alerts){const g=sr[v.severity]??j;f.info(`    ${g(`[${v.severity.toUpperCase()}]`)} ${v.type} — ${v.category}`)}}}}if(V.length>0){f.info(`
-── Duplicate Dependencies (${String(V.length)}) ──`);for(const c of V){const l=c.versions.join(", ");f.info(`  ${c.name} — ${String(c.versions.length)} versions: ${fe(l)}`)}}const Te=new Set;for(const c of["CRITICAL","HIGH","MODERATE","LOW"]){const l=X[c];if(l)for(const{vuln:v}of l)Te.add(v.id)}const Se=O.filter(c=>{if(c.policy!=="vulnerability")return!0;const l=typeof c.data?.advisoryId=="string"?c.data.advisoryId:void 0;return c.severity==="block"&&l!==void 0&&!Te.has(l)});if(Se.length>0){f.info(`
-── Policy Decisions (${String(Se.length)}) ──`);for(const c of Se){const l=!!c.acceptedRisk;if(l&&!ae)continue;const v=c.severity==="block"?Ie:c.severity==="warn"?fe:j,g=l?` ${j("[acknowledged]")}`:"";f.info(`  ${v(`[${c.severity}]`)} ${c.policy} — ${c.reason}${g}`)}}const de=R(c=>!!c.acceptedRisk||c.vulnerabilities.length>0&&c.vulnerabilities.every(l=>te(l.id,A,l.aliases)),"isEntryExcluded"),Ue=N.filter(c=>!de(c)).length;if(f.info(""),f.info("─ Audit Summary"),f.info(`  ${String(M.length)} packages scanned`),A.ignoredAdvisories.length>0&&f.info(`  ${String(A.ignoredAdvisories.length)} ${L.name} audit exclusion${A.ignoredAdvisories.length===1?"":"s"} applied`),pe>0){const c=X.CRITICAL?.filter(v=>!de(v.entry)).length??0,l=X.HIGH?.filter(v=>!de(v.entry)).length??0;f.error(`  ${String(pe)} vulnerabilit${pe===1?"y":"ies"} found`),c>0&&f.error(`    ${String(c)} critical`),l>0&&f.warn(`    ${String(l)} high`)}else f.success("  No vulnerabilities found");if(Z.length>0){const c=Z.filter(l=>!de(l)).length;f.warn(`  ${String(c)} package${c===1?"":"s"} with Socket.dev supply chain issues`)}V.length>0&&(f.warn(`  ${String(V.length)} package${V.length===1?"":"s"} with duplicate versions`),f.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const ue=O.filter(c=>c.severity==="block"&&!c.acceptedRisk);if(ue.length>0&&f.error(`  ${String(ue.length)} policy block${ue.length===1?"":"s"}`),we>0&&(f.info(`  ${String(we)} acknowledged (accepted risks)`),ae||f.notice("  Use --show-accepted to see acknowledged issues.")),Ue===0&&f.success(`
-  All issues are acknowledged. No action required.`),t.sync&&ye){const c=new Set;for(const v of le)if(v.acceptedRisk){for(const g of v.vulnerabilities)if((g.id.startsWith("CVE-")||g.id.startsWith("GHSA-"))&&c.add(g.id),g.aliases)for(const y of g.aliases)(y.startsWith("CVE-")||y.startsWith("GHSA-"))&&c.add(y)}const l=[...c];if(l.length>0){f.info("");const v=ps(L.name,e,l);for(const g of v)f.success(`  ${g}`)}else f.info(`
-No advisory IDs to sync to native PM config.`)}t.exitCode&&(Ue>0||ue.length>0)&&(process.exitCode=1),Le(N,A,D,O)},"executeAudit"),ft=R(e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),"hasBlockingPolicy"),Le=R((e,t,s,n)=>{ft(n)&&(process.exitCode=1),s&&e.some(r=>r.vulnerabilities.some(i=>r.acceptedRisk||te(i.id,t,i.aliases)?!1:se(i.severity,s)))&&(process.exitCode=1)},"applyFailOnGate"),Ne=R((e,t,s,n,r)=>{s&&(e.filter(i=>!i.acceptedRisk&&i.vulnerabilities.some(o=>!te(o.id,t,o.aliases))).length>0||ft(r))&&(process.exitCode=1),Le(e,t,n,r)},"applyExitGate"),gt=R(async(e,t)=>{if(!process.stdin.isTTY)return t;const s=Nt({input:process.stdin,output:process.stderr});try{const n=t?"[Y/n]":"[y/N]",r=await new Promise(i=>{s.question(`${e} ${j(n)} `,o=>{i(o.trim())})});return r.length===0?t:r.toLowerCase().startsWith("y")}finally{s.close()}},"promptYesNo"),cr=R(e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun","isTransitiveOnlyPm"),lr=R(async e=>{const t=ct({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(f.info(""),f.info("─ Apply (direct deps)"),f.info(Vs(t)),t.apply.length===0){f.info("Nothing to apply for direct deps.");return}if(Re&&!e.yes)return f.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await gt("Apply these direct-dep upgrades?",!1))return f.info("Aborted — no changes made."),0;const s=new Map;for(const n of t.apply){const r=n.workspaceName??"",i=s.get(r);i?i.push(n):s.set(r,[n])}for(const[n,r]of s){const i=r.map(p=>`${p.packageName}@${p.targetSpec}`),o=n.length>0?[n]:[];f.info(`Running ${e.pm.name} add ${i.join(" ")}${n.length>0?` --filter ${n}`:""}`);const a=Ut(e.pm,{exact:!1,filter:o,global:!1,optional:!1,packages:i,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(a!==0)return f.error(`${e.pm.name} add exited ${String(a)} — aborting before rescan.`),a}return f.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},"runApplyDirect"),pr=R(async e=>{if(!cr(e.pm.name))return f.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(Re&&(!e.yes||!t))return f.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const s=new Set(ct({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(o=>o.packageName)),n=e.actionableFindings.filter(o=>!s.has(o.packageName)),r=er(n);if(r.entries.length===0){f.info(""),f.info("─ Apply transitive (overrides)"),f.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const i=Zn(e.workspaceRoot,r,{name:e.pm.name,version:e.pm.version});f.info(""),f.info("─ Apply transitive (overrides)"),f.info(`Target: ${i.filePath} (${i.surface})`);for(const o of i.entries){const a=o.status==="added"?"+":o.status==="updated"?"~":"·",p=o.previousSpec?` (was ${o.previousSpec})`:"";f.info(`  ${a} ${o.packageName}: ${o.spec}${p}`)}if(!i.changed){f.info("No changes — overrides already match the plan.");return}if(!e.yes){if(Re)return 1;if(!await gt("Write these overrides?",!1))return f.info("Aborted — no changes made."),0}try{Qn(i)}catch(o){const a=o instanceof Error?o.message:String(o);return f.error(`Failed to write overrides: ${a}`),1}return f.success(`Wrote ${String(i.entries.filter(o=>o.status!=="unchanged").length)} override${i.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},"runApplyTransitive"),wr=R(async({logger:e,options:t,visConfig:s,workspaceRoot:n})=>{if(!n)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await ar(n,t,s,e)},"execute");export{wr as default};
+var he=Object.defineProperty;var D=(e,s)=>he(e,"name",{value:s,configurable:!0});import{createRequire as ke}from"node:module";import{r as re,t as ee,ae as E,aX as Pe,aW as L,aD as G,aZ as ve,S as te,be as oe,I as w,j as v,E as u,q as R,e as x,a as b,an as we,R as De,bf as be,bg as xe,bh as Ne,bi as Je}from"./bin.js";import{M as W,i as I,n as j,$ as Te,B as Se,w as C,C as X,z as P}from"./config.js";import{o as ie}from"../packem_shared/index-DH-5hsrC.js";const ye=ke(import.meta.url),z=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$e=D(e=>{if(typeof z<"u"&&z.versions&&z.versions.node){const[s,o]=z.versions.node.split(".").map(Number);if(s>22||s===22&&o>=3||s===20&&o>=16)return z.getBuiltinModule(e)}return ye(e)},"__cjs_getBuiltinModule"),{readFileSync:pe,writeFileSync:se}=$e("node:fs");var Re=Object.defineProperty,O=D((e,s)=>Re(e,"name",{value:s,configurable:!0}),"r$3");const We=O(e=>/[*?[\]{}!]/.test(e),"isGlob"),je=O(e=>typeof e=="string"?e:e.reason,"ruleReason"),Me=O(e=>typeof e=="string"?void 0:e.replacement,"ruleReplacement"),ae=O((e,s)=>e.some(o=>ie(o,s)),"matchesAnyGlob"),ne=O((e,s)=>{if(typeof e=="string")return!0;const o=Array.isArray(e.packages)&&e.packages.length>0,t=Array.isArray(e.paths)&&e.paths.length>0;return!!(!o&&!t||o&&s.packageName!==void 0&&ae(e.packages,s.packageName)||t&&ae(e.paths,s.packageDir))},"ruleAppliesToInstance"),Fe=O((e,s)=>{const o=s[e.depName];if(o!==void 0&&ne(o,e))return{pattern:e.depName,rule:o};for(const[t,r]of Object.entries(s))if(We(t)&&ie(t,e.depName)&&ne(r,e))return{pattern:t,rule:r}},"findMatchingRule"),Ie=O((e,s)=>{if(Object.keys(s).length===0)return[];const o=[];for(const t of e){if(t.isInternal)continue;const r=Fe(t,s);r&&o.push({depName:t.depName,depType:t.depType,matchedPattern:r.pattern,packageDir:t.packageDir,packageJsonPath:t.packageJsonPath,packageName:t.packageName,reason:je(r.rule),replacement:Me(r.rule),specifier:t.specifier})}return o},"lintBannedDeps");var Ee=Object.defineProperty,_=D((e,s)=>Ee(e,"name",{value:s,configurable:!0}),"m");const Ce=new Set(["dependencies","devDependencies","peerDependencies"]),Ve=_(e=>e.startsWith("catalog:"),"isCatalogReference"),Ae=_(e=>e.startsWith("workspace:"),"isWorkspaceReference"),Oe=_((e,s)=>{if(!e)return!1;for(const o of e.values())if(o.has(s))return!0;return!1},"isPinnedInAnyCatalog"),He=_((e,s={})=>{const o=s.min??3,t=new Set(s.ignoreDeps),r=e.filter(i=>i.isInternal||!Ce.has(i.depType)||Ae(i.specifier)||s.dep!==void 0&&i.depName!==s.dep?!1:!t.has(i.depName)),n=new Map;for(const i of r){const p=n.get(i.depName);p?p.push(i):n.set(i.depName,[i])}const a=[];for(const[i,p]of n){if(Oe(s.catalogs,i)||p.some(m=>Ve(m.specifier)))continue;const c=new Map;for(const m of p){let d=c.get(m.specifier);d||(d=new Set,c.set(m.specifier,d)),d.add(m.packageJsonPath)}const f=[...c.entries()].sort((m,d)=>m[1].size!==d[1].size?d[1].size-m[1].size:m[0].localeCompare(d[0]))[0];!f||f[1].size<o||a.push({catalogName:"default",depName:i,instanceCount:f[1].size,specifier:f[0]})}return a.sort((i,p)=>i.depName.localeCompare(p.depName))},"proposeCatalogAdditions"),_e=_((e,s)=>{if(s.length===0)return;const o=W(e,"pnpm-workspace.yaml"),t=I(o)?pe(o,"utf8"):"",r=t.includes(`\r
+`)?`\r
+`:`
+`,n=s.filter(d=>d.catalogName==="default").sort((d,g)=>d.depName.localeCompare(g.depName));if(n.length===0)return;const a=t.length>0?t.split(r):[],i=a.findIndex(d=>/^catalog\s*:\s*$/.test(d));if(i===-1){const d=["catalog:"];for(const $ of n)d.push(`  ${$.depName}: "${$.specifier}"`);let g=0;for(;g<a.length&&(a[g]??"").trim().length===0;)g+=1;const h=[...a.slice(0,g),...d,"",...a.slice(g)].join(r);return se(o,h.endsWith(r)?h:`${h}${r}`),o}let p=a.length;const c=new Set;for(let d=i+1;d<a.length;d+=1){const g=a[d]??"",h=g.trimStart();if(g.length===0)continue;if(g.length-h.length===0&&h.length>0&&!h.startsWith("#")){p=d;break}const $=/^([\w./@-]+)\s*:/.exec(h);$?.[1]&&c.add($[1])}const f=[];for(const d of n)c.has(d.depName)||f.push(`  ${d.depName}: "${d.specifier}"`);if(f.length===0)return;const m=[...a.slice(0,p),...f,...a.slice(p)].join(r);return se(o,m.endsWith(r)?m:`${m}${r}`),o},"applyCatalogProposals"),ze=_((e,s)=>{if(s.length===0)return"";const o=W(e,"pnpm-workspace.yaml"),t=I(o)?pe(o,"utf8"):"",r=[...s].sort((i,p)=>i.depName.localeCompare(p.depName)),n=["--- pnpm-workspace.yaml","+++ pnpm-workspace.yaml"],a=t.includes(`\r
+`)?`\r
+`:`
+`;if((t.length>0?t.split(a):[]).findIndex(i=>/^catalog\s*:\s*$/.test(i))===-1){n.push("@@ +1 @@","+catalog:");for(const i of r)n.push(`+  ${i.depName}: "${i.specifier}"`)}else{n.push("@@ catalog: @@");for(const i of r)n.push(`+  ${i.depName}: "${i.specifier}"`)}return n.join(a)},"renderCatalogProposalsDiff");var Be=Object.defineProperty,ce=D((e,s)=>Be(e,"name",{value:s,configurable:!0}),"l");const Le=ce(e=>{const s=[],o=re(e);if(o){const r=W(e,"pnpm-workspace.yaml");for(const n of o)n.startsWith("!")||ee(e,[n]).length===0&&s.push({pattern:n,source:"pnpm-workspace.yaml",sourcePath:r})}const t=W(e,"package.json");if(I(t)){const r=j(t).workspaces,n=Array.isArray(r)?r:r?.packages;if(n)for(const a of n)typeof a!="string"||a.startsWith("!")||ee(e,[a]).length===0&&s.push({pattern:a,source:"package.json",sourcePath:t})}return s},"lintDeadWorkspacePatterns"),qe=ce((e,s={})=>{const{useEditorconfig:o}=s,t=new Map;for(const n of e){const a=t.get(n.sourcePath);a?a.push(n):t.set(n.sourcePath,[n])}const r=[];for(const[n,a]of t){const i=new Set(a.map(f=>f.pattern));if(n.endsWith(".yaml")||n.endsWith(".yml")){const f=Te(n).split(`
+`).filter(m=>{const d=m.trim();if(!d.startsWith("- "))return!0;const g=d.slice(2).replaceAll(/^['"]|['"]$/g,"");return!i.has(g)}).join(`
+`);Se(n,f,{overwrite:!0}),r.push(n);continue}const p=j(n),c=p.workspaces;Array.isArray(c)?p.workspaces=c.filter(f=>typeof f!="string"||!i.has(f)):c&&Array.isArray(c.packages)&&(c.packages=c.packages.filter(f=>typeof f!="string"||!i.has(f))),C(n,p,{indent:E(n,{useEditorconfig:o}),overwrite:!0}),r.push(n)}return r},"applyDeadWorkspacePatternFixes");var Ue=Object.defineProperty,fe=D((e,s)=>Ue(e,"name",{value:s,configurable:!0}),"f$2");const Ge=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Xe=fe((e,s={})=>{const o=new Set(s.ignoreBlocks),t=Pe(e),r=[];for(const n of t){const a=W(e,n,"package.json"),i=L(a);if(!i)continue;const p=typeof i.name=="string"?i.name:void 0;for(const c of Ge){if(o.has(c))continue;const f=i[c];typeof f=="object"&&f!==null&&!Array.isArray(f)&&Object.keys(f).length===0&&r.push({depType:c,packageDir:n,packageJsonPath:a,packageName:p})}}return r},"lintEmptyDeps"),Ze=fe((e,s={})=>{const{useEditorconfig:o}=s,t=new Map;for(const n of e){const a=t.get(n.packageJsonPath);a?a.push(n):t.set(n.packageJsonPath,[n])}const r=[];for(const[n,a]of t){const i=j(n);for(const p of a){const c=i[p.depType];typeof c=="object"&&c!==null&&!Array.isArray(c)&&Object.keys(c).length===0&&Reflect.deleteProperty(i,p.depType)}C(n,i,{indent:E(n,{useEditorconfig:o}),overwrite:!0}),r.push(n)}return r},"applyEmptyDepsFixes");var Ke=Object.defineProperty,le=D((e,s)=>Ke(e,"name",{value:s,configurable:!0}),"o");const Qe=/\/+$/,Z=/node_modules/,K=/\.git/,Ye=/[$()+.?[\\\]^{|}]/g,et=/\/\*\*$|\/\*\/\*$/,tt=le((e,s)=>{const o=s.replace(Qe,"");if(o.startsWith("!"))return[];const t=[];if(o.endsWith("/*")){const n=o.slice(0,-2),a=X(e,n);if(!I(a))return[];for(const i of G(a,{includeFiles:!1,includeSymlinks:!1,maxDepth:1,skip:[Z,K]}))i.path===a||i.name.startsWith(".")||t.push(W(n,i.name));return t}if(o.endsWith("/**")||o.endsWith("/*/*")){const n=o.replace(et,""),a=X(e,n);if(!I(a))return[];for(const i of G(a,{includeFiles:!1,includeSymlinks:!1,skip:[Z,K]})){if(i.path===a)continue;const p=i.path.slice(a.length+1);t.push(`${n}/${p}`)}return t}if(!o.includes("/")&&o.includes("*")){const n=o.replaceAll(Ye,String.raw`\$&`).replaceAll("*",".*"),a=new RegExp(`^${n}$`);for(const i of G(e,{includeFiles:!1,includeSymlinks:!1,maxDepth:1,skip:[Z,K]}))i.path!==e&&a.test(i.name)&&t.push(i.name);return t}const r=X(e,o);return I(r)&&t.push(o),t},"collectPatternMatches"),ot=le(e=>{const s=re(e)??ve(e)??[],o=new Set,t=[];for(const r of s)for(const n of tt(e,r))n==="."||o.has(n)||(o.add(n),I(W(e,n,"package.json"))||t.push({packageDir:n}));return t},"lintMissingPackageJson");var st=Object.defineProperty,at=D((e,s)=>st(e,"name",{value:s,configurable:!0}),"r$2");const nt=["dependencies","devDependencies","optionalDependencies","peerDependencies"],rt=at((e,s={})=>{const o=new Set(s.depTypes??nt),t=new Set(s.ignoreDeps),r=new Map;for(const a of e)a.packageDir!=="."||!o.has(a.depType)||r.set(a.depName,{depType:a.depType,specifier:a.specifier});if(r.size===0)return[];const n=[];for(const a of e){if(a.packageDir==="."||!o.has(a.depType)||t.has(a.depName))continue;const i=r.get(a.depName);i&&n.push({childSpecifier:a.specifier,depName:a.depName,depType:a.depType,packageDir:a.packageDir,packageJsonPath:a.packageJsonPath,packageName:a.packageName,rootDepType:i.depType,rootSpecifier:i.specifier})}return n},"lintRedefineRoot");var it=Object.defineProperty,ge=D((e,s)=>it(e,"name",{value:s,configurable:!0}),"a$1");const pt=ge((e,s)=>{if(!s)return[];const o=W(e,"package.json"),t=L(o);if(!t)return[];if(t.private!==!0)return[];const r=t.dependencies;if(typeof r!="object"||r===null||Array.isArray(r))return[];const n=Object.keys(r);return n.length===0?[]:[{depNames:n,packageJsonPath:o}]},"lintRootDeps"),ct=ge((e,s={})=>{const{useEditorconfig:o}=s,t=[];for(const r of e){const n=j(r.packageJsonPath),a=n.dependencies;if(typeof a!="object"||a===null)continue;const i=a;n.devDependencies??={};const p=n.devDependencies;for(const c of r.depNames){const f=i[c];typeof f=="string"&&(c in p||(p[c]=f),Reflect.deleteProperty(i,c))}Object.keys(i).length===0&&Reflect.deleteProperty(n,"dependencies"),C(r.packageJsonPath,n,{indent:E(r.packageJsonPath,{useEditorconfig:o}),overwrite:!0}),t.push(r.packageJsonPath)}return t},"applyRootDepsFixes");var ft=Object.defineProperty,de=D((e,s)=>ft(e,"name",{value:s,configurable:!0}),"r$1");const lt=/^[a-z][\w-]*@\S+$/i,gt=de((e,s,o={})=>{if(!s)return[];const t=W(e,"package.json"),r=L(t);if(!r)return[];const n=r.packageManager;return typeof n=="string"&&lt.test(n)?[]:[{packageJsonPath:t,suggested:o.suggested}]},"lintRootPackageManager"),dt=de((e,s={})=>{const{useEditorconfig:o}=s,t=[];for(const r of e){if(!r.suggested)continue;const n=j(r.packageJsonPath);n.packageManager=r.suggested,C(r.packageJsonPath,n,{indent:E(r.packageJsonPath,{useEditorconfig:o}),overwrite:!0}),t.push(r.packageJsonPath)}return t},"applyRootPackageManagerFixes");var ut=Object.defineProperty,ue=D((e,s)=>ut(e,"name",{value:s,configurable:!0}),"a");const mt=ue((e,s)=>{if(!s)return[];const o=W(e,"package.json"),t=L(o);return t?t.private===!0?[]:[{packageJsonPath:o,rawValue:t.private}]:[]},"lintRootPrivate"),ht=ue((e,s={})=>{const{useEditorconfig:o}=s,t=[];for(const r of e){const n=j(r.packageJsonPath);let a=n;if("private"in n)n.private=!0;else{const{name:i,version:p,...c}=n,f={};i!==void 0&&(f.name=i),p!==void 0&&(f.version=p),f.private=!0;for(const[m,d]of Object.entries(c))f[m]=d;a=f}C(r.packageJsonPath,a,{indent:E(r.packageJsonPath,{useEditorconfig:o}),overwrite:!0}),t.push(r.packageJsonPath)}return t},"applyRootPrivateFixes");var kt=Object.defineProperty,Y=D((e,s)=>kt(e,"name",{value:s,configurable:!0}),"p$1");const yt=[{id:"react",label:"React",members:["react","react-dom","react-test-renderer"]},{id:"next",label:"Next.js",members:["next","@next/font","@next/bundle-analyzer","@next/mdx","@next/third-parties","@next/eslint-plugin-next","eslint-config-next"]},{id:"babel",label:"Babel",prefixes:["@babel/"]},{id:"storybook",label:"Storybook",members:["storybook","sb"],prefixes:["@storybook/"]},{id:"vitest",label:"Vitest",members:["vitest"],prefixes:["@vitest/"]},{id:"playwright",label:"Playwright",members:["playwright","@playwright/test"]},{id:"trpc",label:"tRPC",prefixes:["@trpc/"]},{id:"prisma",label:"Prisma",members:["prisma"],prefixes:["@prisma/"]},{id:"turborepo",label:"Turborepo",members:["turbo","turbo-ignore","@turbo/gen","eslint-config-turbo","eslint-plugin-turbo"]},{id:"typescript-eslint",label:"typescript-eslint",members:["typescript-eslint"],prefixes:["@typescript-eslint/"]},{id:"eslint-stylistic",label:"ESLint Stylistic",prefixes:["@stylistic/"]},{id:"lexical",label:"Lexical",members:["lexical"],prefixes:["@lexical/"]},{id:"nx",label:"Nx",prefixes:["@nx/","@nrwl/"]}],$t=new Set(["dependencies","devDependencies","peerDependencies"]),Pt=Y((e,s)=>{for(const o of e)if(o.members?.includes(s)||o.prefixes?.some(t=>s.startsWith(t)))return o},"familyForDep"),vt=Y(e=>e.startsWith("workspace:")||e.startsWith("catalog:"),"isWorkspaceOrCatalogReference"),wt=Y((e,s={})=>{const o=new Set(s.ignoreFamilies),t=new Map;for(const i of yt)t.set(i.id,i);for(const i of s.extraFamilies??[])t.set(i.id,i);const r=[...t.values()],n=new Map;for(const i of e){if(i.isInternal||!$t.has(i.depType)||vt(i.specifier))continue;const p=Pt(r,i.depName);if(!p||o.has(p.id))continue;const c=n.get(p.id),f={depName:i.depName,depType:i.depType,packageDir:i.packageDir,packageJsonPath:i.packageJsonPath,packageName:i.packageName,specifier:i.specifier};c?c.push(f):n.set(p.id,[f])}const a=[];for(const[i,p]of n){const c=[...new Set(p.map(m=>m.specifier))];if(c.length<2)continue;const f=t.get(i);f&&a.push({family:i,familyLabel:f.label??i,members:p,specifiers:c})}return a},"lintSimilarDeps");var Dt=Object.defineProperty,B=D((e,s)=>Dt(e,"name",{value:s,configurable:!0}),"r");const bt=B(e=>e.startsWith("@types/"),"isTypesPackage"),xt=B((e,s={})=>{const o=new Set(s.ignoreDeps),t=new Map,r=B(a=>{const i=t.get(a);if(i!==void 0)return i;try{const p=j(a).private===!0;return t.set(a,p),p}catch{return t.set(a,!1),!1}},"isPrivate"),n=[];for(const a of e)a.depType==="dependencies"&&bt(a.depName)&&(o.has(a.depName)||r(a.packageJsonPath)&&n.push({childSpecifier:a.specifier,depName:a.depName,packageDir:a.packageDir,packageJsonPath:a.packageJsonPath,packageName:a.packageName}));return n},"lintTypesInDeps"),Nt=B((e,s={})=>{const{useEditorconfig:o}=s,t=new Map;for(const n of e){const a=t.get(n.packageJsonPath);a?a.push(n):t.set(n.packageJsonPath,[n])}const r=[];for(const[n,a]of t){const i=j(n),p=i.dependencies;if(typeof p!="object"||p===null)continue;const c=p;i.devDependencies??={};const f=i.devDependencies;for(const m of a){const d=c[m.depName];typeof d=="string"&&(m.depName in f||(f[m.depName]=d),Reflect.deleteProperty(c,m.depName))}Object.keys(c).length===0&&Reflect.deleteProperty(i,"dependencies"),C(n,i,{indent:E(n,{useEditorconfig:o}),overwrite:!0}),r.push(n)}return r},"applyTypesInDepsFixes");var Jt=Object.defineProperty,q=D((e,s)=>Jt(e,"name",{value:s,configurable:!0}),"f");const Tt=q(e=>e.startsWith("workspace:"),"isWorkspaceSpecifier"),St=q((e,s={})=>{const o=s.fixSpecifier??"workspace:*",t=[];for(const r of e)r.isInternal&&(Tt(r.specifier)||t.push({depName:r.depName,depType:r.depType,fix:o,packageDir:r.packageDir,packageJsonPath:r.packageJsonPath,packageName:r.packageName,specifier:r.specifier}));return t},"lintWorkspaceProtocol"),Rt=q((e,s,o,t)=>{const r=s.split(".");let n=e;for(let p=0;p<r.length-1;p+=1){const c=r[p],f=n[c];(typeof f!="object"||f===null)&&(n[c]={}),n=n[c]}const a=r.at(-1);let i=n[a];(typeof i!="object"||i===null)&&(i={},n[a]=i),i[o]=t},"setNestedField"),Wt=q((e,s={})=>{const{useEditorconfig:o}=s,t=new Map;for(const n of e){const a=t.get(n.packageJsonPath);a?a.push(n):t.set(n.packageJsonPath,[n])}const r=[];for(const[n,a]of t){const i=j(n);for(const p of a)if(p.depType.includes("."))Rt(i,p.depType,p.depName,p.fix);else{const c=i[p.depType];typeof c=="object"&&c!==null&&(c[p.depName]=p.fix)}C(n,i,{indent:E(n,{useEditorconfig:o}),overwrite:!0}),r.push(n)}return r},"applyWorkspaceProtocolFixes");var jt=Object.defineProperty,V=D((e,s)=>jt(e,"name",{value:s,configurable:!0}),"p");const Mt=new Set(["dependencies","devDependencies","peerDependencies"]),Ft=V(e=>e.startsWith("catalog:"),"isCatalogReference"),It=V(e=>e.startsWith("workspace:"),"isWorkspaceReference"),Et=V(e=>{if(!e.startsWith("catalog:"))return;const s=e.slice(8);return s===""?"default":s},"catalogNameOf"),Ct=V((e,s)=>{if(e.get("default")?.has(s))return"default";const o=[...e.keys()].filter(t=>t!=="default").sort();for(const t of o)if(e.get(t)?.has(s))return t},"findCatalogPinning"),Vt=V(e=>e==="default"?"catalog:":`catalog:${e}`,"buildCatalogSpecifier"),At=V((e,s)=>{const o=[...e].sort((r,n)=>(r.packageName??r.packageDir).localeCompare(n.packageName??n.packageDir));let t;for(const r of o){const n=te(r.specifier);if(!n)continue;if(!t){t=r;continue}const a=te(t.specifier);if(!a){t=r;continue}const i=oe(a,n),p=oe(n,a);(s==="highest"&&i||s==="lowest"&&p)&&(t=r)}if(t)return{canonical:t,canonicalSource:t.packageName??t.packageDir}},"pickCanonicalBySemver"),Ot=V((e,s={})=>{const o=s.resolve??"highest",t=new Set(s.ignoreDeps),r=[],n=e.filter(i=>i.isInternal||!Mt.has(i.depType)||It(i.specifier)||s.dep!==void 0&&i.depName!==s.dep?!1:!t.has(i.depName)),a=new Map;for(const i of n){const p=a.get(i.depName);p?p.push(i):a.set(i.depName,[i])}for(const[i,p]of a){const c=s.pinned?.get(i);if(c!==void 0){for(const g of p)g.specifier!==c&&r.push({canonicalSource:"cli:--pin",depName:i,depType:g.depType,fix:c,packageDir:g.packageDir,packageJsonPath:g.packageJsonPath,packageName:g.packageName,specifier:g.specifier});continue}if(o==="catalog"){const{catalogs:g}=s;if(!g)continue;const h=Ct(g,i);if(!h)continue;const $=Vt(h);for(const T of p)Et(T.specifier)!==h&&r.push({canonicalSource:`catalog:${h}`,depName:i,depType:T.depType,fix:$,packageDir:T.packageDir,packageJsonPath:T.packageJsonPath,packageName:T.packageName,specifier:T.specifier});continue}const f=p.filter(g=>!Ft(g.specifier));if(f.length<2||new Set(f.map(g=>g.specifier)).size<=1)continue;const m=At(f,o);if(!m)continue;const d=m.canonical.specifier;for(const g of f)g.specifier!==d&&r.push({canonicalSource:m.canonicalSource,depName:i,depType:g.depType,fix:d,packageDir:g.packageDir,packageJsonPath:g.packageJsonPath,packageName:g.packageName,specifier:g.specifier})}return r},"lintWorkspaceVersions"),Ht=V((e,s={})=>{const{useEditorconfig:o}=s,t=new Map;for(const n of e){const a=t.get(n.packageJsonPath);a?a.push(n):t.set(n.packageJsonPath,[n])}const r=[];for(const[n,a]of t){const i=j(n);for(const p of a){const c=i[p.depType];typeof c=="object"&&c!==null&&(c[p.depName]=p.fix)}C(n,i,{indent:E(n,{useEditorconfig:o}),overwrite:!0}),r.push(n)}return r},"applyWorkspaceVersionsFixes");var _t=Object.defineProperty,y=D((e,s)=>_t(e,"name",{value:s,configurable:!0}),"u");const zt=y(e=>{if(I(W(e,"pnpm-workspace.yaml")))return!0;const s=W(e,"package.json");if(!I(s))return!1;try{return j(s).workspaces!==void 0}catch{return!1}},"detectWorkspaceConfig"),A=y((e,s)=>{const o=new Map;for(const t of e){const r=s(t),n=o.get(r);n?n.push(t):o.set(r,[t])}return o},"groupBy"),Bt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ workspace-protocol: no violations"));return}const r=o?"Fixed":"Found",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} workspace-protocol violation${e.length===1?"":"s"}`)));for(const[a,i]of A(e,p=>p.packageName??p.packageJsonPath)){const p=P(s,i[0].packageJsonPath);t.info(`  ${v(a)} ${u(`(${p})`)}`);for(const c of i){const f=o?R("→"):x("→");t.info(`    ${u(c.depType)} ${c.depName}: ${b(c.specifier)} ${f} ${w(c.fix)}`)}}o||t.info(u("  Run with --fix to rewrite specifiers in place."))},"printWorkspaceProtocolHuman"),Lt=y((e,s,o)=>{if(e.length===0){o.info(w("✓ redefine-root: no violations"));return}o.info(x(v(`Found ${String(e.length)} dep${e.length===1?"":"s"} re-declared from root`)));for(const[t,r]of A(e,n=>n.packageName??n.packageJsonPath)){const n=P(s,r[0].packageJsonPath);o.info(`  ${v(t)} ${u(`(${n})`)}`);for(const a of r)o.info(`    ${u(a.depType)} ${a.depName}: ${b(a.childSpecifier)} ${u(`(root ${a.rootDepType}: ${a.rootSpecifier})`)}`)}o.info(u("  Remove these from child package.json files — root pin will resolve."))},"printRedefineRootHuman"),qt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ workspace-versions: no drift"));return}const r=o?"Fixed":"Found",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} workspace-version drift${e.length===1?"":"s"}`)));for(const[a,i]of A(e,p=>p.depName)){const p=i[0].fix,c=i[0].canonicalSource;t.info(`  ${v(a)} ${u(`canonical: ${p} (from ${c})`)}`);for(const f of i){const m=P(s,f.packageJsonPath),d=f.packageName??m,g=o?R("→"):x("→");t.info(`    ${d} ${u(`(${m})`)} ${u(f.depType)}: ${b(f.specifier)} ${g} ${w(f.fix)}`)}}o||t.info(u("  Run with --fix to align drifting specifiers."))},"printWorkspaceVersionsHuman"),Ut=y((e,s,o)=>{if(e.length===0){o.info(w("✓ banned-deps: no violations"));return}o.info(b(v(`Found ${String(e.length)} banned dep${e.length===1?"":"s"}`)));for(const[t,r]of A(e,n=>n.packageName??n.packageJsonPath)){const n=P(s,r[0].packageJsonPath);o.info(`  ${v(t)} ${u(`(${n})`)}`);for(const a of r){const i=a.replacement?` ${u("→")} ${w(a.replacement)}`:"";o.info(`    ${u(a.depType)} ${b(a.depName)}${i}`),o.info(`      ${u(a.reason)}`)}}},"printBannedDepsHuman"),Gt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ catalog-proposals: nothing worth promoting"));return}const r=o?"Added":"Would add",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} catalog entr${e.length===1?"y":"ies"}`)));for(const a of e)t.info(`  ${v(a.depName)}: ${w(a.specifier)} ${u(`(${String(a.instanceCount)} packages agree)`)}`);if(!o){const a=ze(s,e);if(a){t.info(""),t.info(u("Proposed pnpm-workspace.yaml changes:"));for(const i of a.split(`
+`))i.startsWith("+")?t.info(w(i)):i.startsWith("-")?t.info(b(i)):t.info(u(i))}t.info(u("  Run with --fix to write these entries to pnpm-workspace.yaml."))}},"printCatalogProposalsHuman"),Xt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ custom-types: no engines / packageManager / volta drift"));return}const r=o?"Fixed":"Found",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} custom-type drift${e.length===1?"":"s"}`)));for(const[a,i]of A(e,p=>`${p.customType} ${p.depName}`)){const p=i[0].fix,c=i[0].canonicalSource;t.info(`  ${v(a)} ${u(`canonical: ${p} (from ${c})`)}`);for(const f of i){const m=P(s,f.packageJsonPath),d=f.packageName??m,g=o?R("→"):x("→");t.info(`    ${d} ${u(`(${m})`)}: ${b(f.specifier)} ${g} ${w(f.fix)}`)}}o||t.info(u("  Run with --fix to align engines/packageManager/volta versions."))},"printCustomTypesHuman"),Zt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ empty-deps: no empty dependency blocks"));return}const r=o?"Removed":"Found",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} empty dependency block${e.length===1?"":"s"}`)));for(const[a,i]of A(e,p=>p.packageName??p.packageJsonPath)){const p=P(s,i[0].packageJsonPath);t.info(`  ${v(a)} ${u(`(${p})`)}`);for(const c of i)t.info(`    ${u(c.depType)}: ${b("{}")}`)}o||t.info(u("  Run with --fix to drop empty blocks."))},"printEmptyDepsHuman"),Kt=y((e,s,o,t)=>{if(e.length===0){t.info(w('✓ root-private: root package.json is "private": true'));return}const r=o?"Set":"Missing",n=o?R:b;for(const a of e){const i=P(s,a.packageJsonPath);if(t.info(n(v(`${r} "private": true on root ${u(`(${i})`)}`))),!o){const p=a.rawValue===void 0?"absent":JSON.stringify(a.rawValue);t.info(`    ${u("current:")} ${b(p)}`)}}o||t.info(u('  Run with --fix to set "private": true.'))},"printRootPrivateHuman"),Qt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ root-package-manager: packageManager field present"));return}const r=o?"Set":"Missing",n=o?R:b;for(const a of e){const i=P(s,a.packageJsonPath);t.info(n(v(`${r} packageManager on root ${u(`(${i})`)}`))),!o&&!a.suggested&&t.info(u("    no canonical specifier configured (set policy.rootPackageManager.suggested to enable --fix)"))}o||t.info(u('  e.g. "packageManager": "pnpm@10.32.1"'))},"printRootPackageManagerHuman"),Yt=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ root-deps: no runtime dependencies on private root"));return}const r=o?"Moved":"Found",n=o?R:x;for(const a of e){const i=P(s,a.packageJsonPath);t.info(n(v(`${r} ${String(a.depNames.length)} runtime dep${a.depNames.length===1?"":"s"} on private root ${u(`(${i})`)}`)));for(const p of a.depNames)t.info(`    ${b(p)}`)}o||t.info(u("  Run with --fix to move them to devDependencies."))},"printRootDepsHuman"),eo=y((e,s)=>{if(e.length===0){s.info(w("✓ missing-package-json: every workspace dir has a package.json"));return}s.info(x(v(`Found ${String(e.length)} workspace dir${e.length===1?"":"s"} without a package.json`)));for(const o of e)s.info(`    ${b(o.packageDir)}`);s.info(u("  Either delete the directory or scaffold a package.json (vis create)."))},"printMissingPackageJsonHuman"),to=y((e,s,o)=>{if(e.length===0){o.info(w("✓ dead-workspace-pattern: every workspace pattern matches at least one package"));return}const t=s?"Removed":"Found",r=s?R:x;o.info(r(v(`${t} ${String(e.length)} unmatched workspace pattern${e.length===1?"":"s"}`)));for(const[n,a]of A(e,i=>i.source)){o.info(`  ${v(n)}`);for(const i of a)o.info(`    ${b(i.pattern)}`)}s||o.info(u("  Run with --fix to drop dead patterns."))},"printDeadWorkspacePatternsHuman"),oo=y((e,s,o,t)=>{if(e.length===0){t.info(w("✓ types-in-deps: no @types/* in dependencies of private packages"));return}const r=o?"Moved":"Found",n=o?R:x;t.info(n(v(`${r} ${String(e.length)} @types/* dep${e.length===1?"":"s"} in dependencies`)));for(const[a,i]of A(e,p=>p.packageName??p.packageJsonPath)){const p=P(s,i[0].packageJsonPath);t.info(`  ${v(a)} ${u(`(${p})`)}`);for(const c of i)t.info(`    ${b(c.depName)} ${u(c.childSpecifier)}`)}o||t.info(u("  Run with --fix to move them to devDependencies."))},"printTypesInDepsHuman"),so=y((e,s,o)=>{if(e.length===0){o.info(w("✓ similar-deps: every related dep family is in sync"));return}o.info(x(v(`Found ${String(e.length)} family${e.length===1?"":" families"} with version drift`)));for(const t of e){o.info(`  ${v(t.familyLabel)} ${u(`(${t.specifiers.join(", ")})`)}`);for(const r of t.members){const n=P(s,r.packageJsonPath),a=r.packageName??n;o.info(`    ${a} ${u(`(${n})`)} ${u(r.depType)}: ${b(r.depName)}@${x(r.specifier)}`)}}o.info(u("  Pick a single specifier per family and align by hand — auto-fix is unsafe across name boundaries."))},"printSimilarDepsHuman"),ao=y((e,s,o,t,r)=>{let n=!0;const a=y(i=>{n||r.info(""),n=!1,i()},"section");t.workspaceProtocol&&a(()=>{Bt(e.workspaceProtocol??[],s,o.workspaceProtocol,r)}),t.redefineRoot&&a(()=>{Lt(e.redefineRoot??[],s,r)}),t.workspaceVersions&&a(()=>{qt(e.workspaceVersions??[],s,o.workspaceVersions,r)}),t.customTypes&&a(()=>{Xt(e.customTypes??[],s,o.customTypes,r)}),e.catalogProposals!==void 0&&a(()=>{Gt(e.catalogProposals??[],s,o.catalogProposals,r)}),t.bannedDeps&&a(()=>{Ut(e.bannedDeps??[],s,r)}),t.emptyDeps&&a(()=>{Zt(e.emptyDeps??[],s,o.emptyDeps,r)}),t.rootPrivate&&a(()=>{Kt(e.rootPrivate??[],s,o.rootPrivate,r)}),t.rootPackageManager&&a(()=>{Qt(e.rootPackageManager??[],s,o.rootPackageManager,r)}),t.rootDeps&&a(()=>{Yt(e.rootDeps??[],s,o.rootDeps,r)}),t.missingPackageJson&&a(()=>{eo(e.missingPackageJson??[],r)}),t.deadWorkspacePatterns&&a(()=>{to(e.deadWorkspacePatterns??[],o.deadWorkspacePatterns,r)}),t.typesInDeps&&a(()=>{oo(e.typesInDeps??[],s,o.typesInDeps,r)}),t.similarDeps&&a(()=>{so(e.similarDeps??[],s,r)})},"printHuman"),no=y((e,s)=>{for(const o of e.workspaceProtocol??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`workspace-protocol	${t}	${o.depType}	${o.depName}	${o.specifier} → ${o.fix}
+`)}for(const o of e.redefineRoot??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`redefine-root	${t}	${o.depType}	${o.depName}	${o.childSpecifier}
+`)}for(const o of e.workspaceVersions??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`workspace-versions	${t}	${o.depType}	${o.depName}	${o.specifier} → ${o.fix}
+`)}for(const o of e.customTypes??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`custom-types	${t}	${o.customType}	${o.depName}	${o.specifier} → ${o.fix}
+`)}for(const o of e.bannedDeps??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`banned-deps	${t}	${o.depType}	${o.depName}	${o.reason}
+`)}for(const o of e.catalogProposals??[])process.stdout.write(`catalog-proposal	${o.catalogName}	${o.depName}	${o.specifier}	${String(o.instanceCount)}
+`);for(const o of e.emptyDeps??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`empty-deps	${t}	${o.depType}
+`)}for(const o of e.rootPrivate??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`root-private	${t}
+`)}for(const o of e.rootPackageManager??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`root-package-manager	${t}	${o.suggested??""}
+`)}for(const o of e.rootDeps??[]){const t=P(s,o.packageJsonPath);for(const r of o.depNames)process.stdout.write(`root-deps	${t}	${r}
+`)}for(const o of e.missingPackageJson??[])process.stdout.write(`missing-package-json	${o.packageDir}
+`);for(const o of e.deadWorkspacePatterns??[])process.stdout.write(`dead-workspace-pattern	${o.source}	${o.pattern}
+`);for(const o of e.typesInDeps??[]){const t=P(s,o.packageJsonPath);process.stdout.write(`types-in-deps	${t}	${o.depName}	${o.childSpecifier}
+`)}for(const o of e.similarDeps??[])for(const t of o.members){const r=P(s,t.packageJsonPath);process.stdout.write(`similar-deps	${o.family}	${r}	${t.depType}	${t.depName}	${t.specifier}
+`)}},"printMinimal"),ro=y((e,s,o,t)=>{const r=y(a=>({...a,packageJsonPath:P(s,a.packageJsonPath)}),"relativize"),n={fixed:o};if(t.workspaceProtocol){const a=(e.workspaceProtocol??[]).map(i=>r(i));n.workspaceProtocol={issues:a,total:a.length}}if(t.redefineRoot){const a=(e.redefineRoot??[]).map(i=>r(i));n.redefineRoot={issues:a,total:a.length}}if(t.workspaceVersions){const a=(e.workspaceVersions??[]).map(i=>r(i));n.workspaceVersions={issues:a,total:a.length}}if(t.customTypes){const a=(e.customTypes??[]).map(i=>r(i));n.customTypes={issues:a,total:a.length}}if(t.bannedDeps){const a=(e.bannedDeps??[]).map(i=>r(i));n.bannedDeps={issues:a,total:a.length}}if(e.catalogProposals!==void 0){const a=e.catalogProposals;n.catalogProposals={proposals:a,total:a.length}}if(t.emptyDeps){const a=(e.emptyDeps??[]).map(i=>r(i));n.emptyDeps={issues:a,total:a.length}}if(t.rootPrivate){const a=(e.rootPrivate??[]).map(i=>r(i));n.rootPrivate={issues:a,total:a.length}}if(t.rootPackageManager){const a=(e.rootPackageManager??[]).map(i=>r(i));n.rootPackageManager={issues:a,total:a.length}}if(t.rootDeps){const a=(e.rootDeps??[]).map(i=>r(i));n.rootDeps={issues:a,total:a.length}}if(t.missingPackageJson){const a=e.missingPackageJson??[];n.missingPackageJson={issues:a,total:a.length}}if(t.deadWorkspacePatterns){const a=e.deadWorkspacePatterns??[];n.deadWorkspacePatterns={issues:a,total:a.length}}if(t.typesInDeps){const a=(e.typesInDeps??[]).map(i=>r(i));n.typesInDeps={issues:a,total:a.length}}if(t.similarDeps){const a=(e.similarDeps??[]).map(i=>({...i,members:i.members.map(p=>({...p,packageJsonPath:P(s,p.packageJsonPath)}))}));n.similarDeps={issues:a,total:a.length}}process.stdout.write(`${JSON.stringify(n,void 0,2)}
+`)},"printJson"),S=y((e,s,o)=>{const t=e[s];return typeof t=="boolean"?t:e[o]===!0},"flag"),io=y(e=>{const s=e,o=(e.ban?.length??0)>0,t=(e.pin?.length??0)>0,r=S(s,"workspaceProtocol","workspace-protocol"),n=S(s,"redefineRoot","redefine-root"),a=S(s,"bannedDeps","banned-deps"),i=S(s,"workspaceVersions","workspace-versions"),p=S(s,"customTypes","custom-types"),c=S(s,"emptyDeps","empty-deps"),f=S(s,"rootPrivate","root-private"),m=S(s,"rootPackageManager","root-package-manager"),d=S(s,"rootDeps","root-deps"),g=S(s,"missingPackageJson","missing-package-json"),h=S(s,"deadWorkspacePatterns","dead-workspace-patterns"),$=S(s,"typesInDeps","types-in-deps"),T=S(s,"similarDeps","similar-deps");return r||n||a||i||p||c||f||m||d||g||h||$||T||o||t?{bannedDeps:a||o,customTypes:p,deadWorkspacePatterns:h,emptyDeps:c,missingPackageJson:g,redefineRoot:n,rootDeps:d,rootPackageManager:m,rootPrivate:f,similarDeps:T,typesInDeps:$,workspaceProtocol:r,workspaceVersions:i||t}:{bannedDeps:!0,customTypes:!0,deadWorkspacePatterns:!0,emptyDeps:!0,missingPackageJson:!0,redefineRoot:!0,rootDeps:!0,rootPackageManager:!0,rootPrivate:!0,similarDeps:!0,typesInDeps:!0,workspaceProtocol:!0,workspaceVersions:!0}},"resolveSelection"),po=y(e=>{const s=new Map;for(const o of e??[]){const t=o.lastIndexOf("@");if(t<=0||t===o.length-1)throw new Error(`Invalid --pin "${o}". Use: name@<specifier> (e.g. react@^18.2.0).`);const r=o.slice(0,t),n=o.slice(t+1);s.set(r,n)}return s},"parsePinFlags"),co=new Set(["catalog","highest","lowest"]),fo=y(e=>{if(e===void 0)return"highest";if(!co.has(e))throw new Error(`Invalid --resolve "${e}". Use: highest, lowest, or catalog.`);return e},"parseResolveStrategy"),F=y((e,s)=>e?s===void 0||s===!0:!1,"isAutofixAllowed"),lo={"custom-types":"policy.customTypes.autofix","workspace-protocol":"policy.workspaceProtocol.autofix","workspace-versions":"policy.workspaceVersions.autofix"},Q=y((e,s,o,t)=>{const r=lo[s],n=o==="prompt"?`${r} = "prompt" (interactive mode not yet implemented; report-only)`:`${r} = false`,a=`Set "${r}": true (or remove it) to enable rewrites.`;e.warn(`${s}: ${String(t)} issue${t===1?"":"s"} not rewritten — ${n}. ${a}`)},"warnAutofixDenied"),yo=y(async({logger:e,options:s,visConfig:o,workspaceRoot:t})=>{if(!t)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const r=t,n=s.fix??!1,a=s.format??"human",i=s.quiet??!1;if(!["human","json","minimal"].includes(a))throw new Error(`Invalid --format "${a}". Use: human, json, or minimal.`);const p=io(s),c=o?.policy??{},f=o?.editorconfig??!0,m=po(s.pin),d=s.ban??[];(s.dep!==void 0||s.resolve!==void 0)&&!p.workspaceVersions&&!i&&e.warn("--dep / --resolve only apply to --workspace-versions; ignored.");const g=we(r),h={},$={catalogProposals:!1,customTypes:!1,deadWorkspacePatterns:!1,emptyDeps:!1,rootDeps:!1,rootPackageManager:!1,rootPrivate:!1,typesInDeps:!1,workspaceProtocol:!1,workspaceVersions:!1},T=zt(r);let N=0;if(p.workspaceProtocol){const l=St(g,{fixSpecifier:s.fixSpecifier}),k=F(n,c.workspaceProtocol?.autofix);k&&l.length>0&&(Wt(l,{useEditorconfig:f}),$.workspaceProtocol=!0),h.workspaceProtocol=l,k||(N+=l.length),n&&!k&&l.length>0&&!i&&Q(e,"workspace-protocol",c.workspaceProtocol?.autofix,l.length)}if(p.redefineRoot){const l=rt(g,{ignoreDeps:c.redefineRoot?.ignore});h.redefineRoot=l,N+=l.length}if(p.workspaceVersions){const l=fo(s.resolve??c.workspaceVersions?.resolve),k=l==="catalog"?De(r):void 0;l==="catalog"&&(!k||k.size===0)&&!i&&e.warn("--resolve catalog: no catalog found in pnpm-workspace.yaml or root package.json — nothing to align.");const J=Ot(g,{catalogs:k,dep:s.dep,ignoreDeps:c.workspaceVersions?.ignore,pinned:m.size>0?m:void 0,resolve:l}),H=F(n,c.workspaceVersions?.autofix);if(H&&J.length>0&&(Ht(J,{useEditorconfig:f}),$.workspaceVersions=!0),h.workspaceVersions=J,H||(N+=J.length),n&&!H&&J.length>0&&!i&&Q(e,"workspace-versions",c.workspaceVersions?.autofix,J.length),s.proposeMin!==void 0){if(l!=="catalog"&&!i)e.warn("--propose-min only runs under --resolve catalog; ignored.");else if(l==="catalog"){const M=He(g,{catalogs:k,ignoreDeps:c.workspaceVersions?.ignore,min:s.proposeMin});H&&M.length>0&&(_e(r,M),$.catalogProposals=!0),h.catalogProposals=M}}}if(p.customTypes){const l=c.customTypes?.extraTypes,k=be(l);if(k.length>0){for(const me of k)e.error(`policy.customTypes.${me}`);process.exitCode=1;return}const J=xe(r,l),H=(s.resolve??c.customTypes?.resolve)==="lowest"?"lowest":"highest",M=Ne(J,{dep:s.dep,ignoreDeps:c.customTypes?.ignore,resolve:H}),U=F(n,c.customTypes?.autofix);U&&M.length>0&&(Je(M,{useEditorconfig:f}),$.customTypes=!0),h.customTypes=M,U||(N+=M.length),n&&!U&&M.length>0&&!i&&Q(e,"custom-types",c.customTypes?.autofix,M.length)}if(p.bannedDeps){const l={...c.bannedDeps};for(const J of d)l[J]={reason:"banned via --ban CLI flag"};Object.keys(l).length===0&&s.bannedDeps&&!i&&e.warn("--banned-deps: no policy.bannedDeps in vis config, nothing to check.");const k=Ie(g,l);h.bannedDeps=k,N+=k.length}if(p.emptyDeps){const l=Xe(r,{ignoreBlocks:c.emptyDeps?.ignoreBlocks}),k=F(n,c.emptyDeps?.autofix);k&&l.length>0&&(Ze(l,{useEditorconfig:f}),$.emptyDeps=!0),h.emptyDeps=l,k||(N+=l.length)}if(p.rootPrivate){const l=mt(r,T),k=F(n,c.rootPrivate?.autofix);k&&l.length>0&&(ht(l,{useEditorconfig:f}),$.rootPrivate=!0),h.rootPrivate=l,k||(N+=l.length)}if(p.rootPackageManager){const l=gt(r,T,{suggested:c.rootPackageManager?.suggested}),k=F(n,c.rootPackageManager?.autofix);k&&l.some(J=>J.suggested!==void 0)&&(dt(l,{useEditorconfig:f}),$.rootPackageManager=!0),h.rootPackageManager=l,(!k||!$.rootPackageManager)&&(N+=l.filter(J=>J.suggested===void 0||!$.rootPackageManager).length)}if(p.rootDeps){const l=pt(r,T),k=F(n,c.rootDeps?.autofix);k&&l.length>0&&(ct(l,{useEditorconfig:f}),$.rootDeps=!0),h.rootDeps=l,k||(N+=l.length)}if(p.missingPackageJson){const l=ot(r);h.missingPackageJson=l,N+=l.length}if(p.deadWorkspacePatterns){const l=Le(r),k=F(n,c.deadWorkspacePatterns?.autofix);k&&l.length>0&&(qe(l,{useEditorconfig:f}),$.deadWorkspacePatterns=!0),h.deadWorkspacePatterns=l,k||(N+=l.length)}if(p.typesInDeps){const l=xt(g,{ignoreDeps:c.typesInDeps?.ignore}),k=F(n,c.typesInDeps?.autofix);k&&l.length>0&&(Nt(l,{useEditorconfig:f}),$.typesInDeps=!0),h.typesInDeps=l,k||(N+=l.length)}if(p.similarDeps){const l=wt(g,{extraFamilies:c.similarDeps?.extraFamilies,ignoreFamilies:c.similarDeps?.ignoreFamilies});h.similarDeps=l,N+=l.length}i||(a==="json"?ro(h,r,$,p):a==="minimal"?no(h,r):ao(h,r,$,p,e)),N>0&&(process.exitCode=1)},"execute");export{yo as default};