@visulima/vis 1.0.0-alpha.22 → 1.0.0-alpha.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +77 -0
- package/LICENSE.md +135 -2
- package/README.md +1 -1
- package/dashboard/dist/index.html +152 -0
- package/dist/bin.js +1 -1
- package/dist/binx.js +3 -0
- package/dist/config/index.d.ts +28 -41
- package/dist/config/index.js +1 -1
- package/dist/packem_chunks/bin.js +373 -367
- package/dist/packem_chunks/bloom-status.js +2 -2
- package/dist/packem_chunks/bloom-sync.js +2 -2
- package/dist/packem_chunks/config.js +12 -12
- package/dist/packem_chunks/doctor-probe.js +2 -2
- package/dist/packem_chunks/fix.js +3 -3
- package/dist/packem_chunks/handler.js +1 -1
- package/dist/packem_chunks/handler10.js +1 -1
- package/dist/packem_chunks/handler11.js +1 -1
- package/dist/packem_chunks/handler12.js +3 -3
- package/dist/packem_chunks/handler13.js +1 -1
- package/dist/packem_chunks/handler14.js +10 -10
- package/dist/packem_chunks/handler15.js +2 -2
- package/dist/packem_chunks/handler16.js +1 -1
- package/dist/packem_chunks/handler17.js +1 -1
- package/dist/packem_chunks/handler18.js +1 -1
- package/dist/packem_chunks/handler19.js +1 -1
- package/dist/packem_chunks/handler2.js +1 -1
- package/dist/packem_chunks/handler20.js +1 -1
- package/dist/packem_chunks/handler21.js +2 -2
- package/dist/packem_chunks/handler22.js +2 -2
- package/dist/packem_chunks/handler23.js +2 -2
- package/dist/packem_chunks/handler24.js +1 -18
- package/dist/packem_chunks/handler25.js +1 -1
- package/dist/packem_chunks/handler26.js +5 -1
- package/dist/packem_chunks/handler27.js +1 -5
- package/dist/packem_chunks/handler28.js +3 -1
- package/dist/packem_chunks/handler29.js +1 -3
- package/dist/packem_chunks/handler3.js +1 -1
- package/dist/packem_chunks/handler30.js +7 -1
- package/dist/packem_chunks/handler31.js +32 -6
- package/dist/packem_chunks/handler32.js +3 -33
- package/dist/packem_chunks/handler33.js +1 -3
- package/dist/packem_chunks/handler34.js +28 -1
- package/dist/packem_chunks/handler35.js +5 -26
- package/dist/packem_chunks/handler36.js +22 -5
- package/dist/packem_chunks/handler37.js +60 -21
- package/dist/packem_chunks/handler38.js +6 -428
- package/dist/packem_chunks/handler39.js +708 -61
- package/dist/packem_chunks/handler4.js +1 -1
- package/dist/packem_chunks/handler40.js +24 -6
- package/dist/packem_chunks/handler41.js +237 -166
- package/dist/packem_chunks/handler42.js +153 -24
- package/dist/packem_chunks/handler43.js +10 -153
- package/dist/packem_chunks/handler44.js +25 -10
- package/dist/packem_chunks/handler45.js +24 -25
- package/dist/packem_chunks/handler46.js +3 -24
- package/dist/packem_chunks/handler47.js +27 -3
- package/dist/packem_chunks/handler48.js +173 -21
- package/dist/packem_chunks/handler49.js +33 -173
- package/dist/packem_chunks/handler5.js +6 -6
- package/dist/packem_chunks/handler6.js +1 -1
- package/dist/packem_chunks/handler7.js +1 -1
- package/dist/packem_chunks/handler8.js +1 -1
- package/dist/packem_chunks/handler9.js +1 -1
- package/dist/packem_chunks/heal-accept.js +4 -4
- package/dist/packem_chunks/heal.js +1 -1
- package/dist/packem_chunks/help-command.js +2 -2
- package/dist/packem_chunks/index.js +2 -2
- package/dist/packem_chunks/keys-refresh.js +1 -1
- package/dist/packem_chunks/list.js +2 -2
- package/dist/packem_chunks/loader.js +3 -3
- package/dist/packem_chunks/loader2.js +1 -1
- package/dist/packem_chunks/prune.js +1 -1
- package/dist/packem_chunks/run.js +1 -1
- package/dist/packem_chunks/status.js +2 -2
- package/dist/packem_chunks/sync.js +2 -2
- package/dist/packem_chunks/sync2.js +2 -2
- package/dist/packem_chunks/tripwire.js +2 -2
- package/dist/packem_chunks/verify-lockfile.js +2 -2
- package/dist/packem_shared/{advisories-DS8JEB_g.js → advisories-U1QKY_tg.js} +1 -1
- package/dist/packem_shared/{ai-analysis-DGBZYlxF.js → ai-analysis-B8pDCOuT.js} +2 -2
- package/dist/packem_shared/ai-fix-DiGSrGKv.js +43 -0
- package/dist/packem_shared/anolilab-text-CAM_E6uK.js +13 -0
- package/dist/packem_shared/applyDefaults-KxZkvlp3.js +1 -0
- package/dist/packem_shared/build-scripts-3E2pmscY.js +1 -0
- package/dist/packem_shared/{cyclonedx-CO7-Y1B1.js → cyclonedx-DPEW0nwS.js} +3 -3
- package/dist/packem_shared/dependency-scan-BbtivycX.js +1 -0
- package/dist/packem_shared/docker-_pBC9Loj.js +60 -0
- package/dist/packem_shared/failure-log-B0Uh-65U.js +2 -0
- package/dist/packem_shared/index-B8Ko8mwG.js +29 -0
- package/dist/packem_shared/index-D_tAc2nS.js +1 -0
- package/dist/packem_shared/index.server-B7ETiT4C.js +2 -0
- package/dist/packem_shared/lifecycle-DJDsjoic.js +2 -0
- package/dist/packem_shared/{lockfile-C5DYMHVq.js → lockfile-CQLFNyVa.js} +1 -1
- package/dist/packem_shared/manifests-Z3spBpxv.js +1 -0
- package/dist/packem_shared/{min-release-age-D462DvYM.js → min-release-age-Cz6HbF-I.js} +2 -2
- package/dist/packem_shared/native-config-sync-BOeuyrBj.js +21 -0
- package/dist/packem_shared/{osv-bloom-QSAn2Dcw.js → osv-bloom-CyCDpXBl.js} +2 -2
- package/dist/packem_shared/peer-warnings-EvSJ18gE.js +1 -0
- package/dist/packem_shared/pm-runner-Dnj9J3KF.js +1 -0
- package/dist/packem_shared/provenance-yESbF7Vs.js +1 -0
- package/dist/packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js +1 -0
- package/dist/packem_shared/registry-keys-pemEkRM9.js +1 -0
- package/dist/packem_shared/{resolve-explicit-BgFQHUEP.js → resolve-explicit-BpxcFRuk.js} +3 -3
- package/dist/packem_shared/runtime-check-DgXsKCsv.js +1 -0
- package/dist/packem_shared/s1ngularity-B_xjP4lC.js +1 -0
- package/dist/packem_shared/scan-progress-EbvmIh4i.js +2 -0
- package/dist/packem_shared/{selectors-B2ISH581.js → selectors-BE2BCnTR.js} +1 -1
- package/dist/packem_shared/{signatures-b-jJYoZd.js → signatures-DBwSnMBB.js} +1 -1
- package/dist/packem_shared/toolchain-Jx2lkAYy.js +5 -0
- package/dist/packem_shared/typosquats-Citu7BRY.js +1 -0
- package/dist/packem_shared/verify-C8EAHql6.js +1 -0
- package/dist/packem_shared/{vis-update-app-Bnu1EIgE.js → vis-update-app-BWA1kA1q.js} +1 -1
- package/index.js +52 -52
- package/package.json +23 -12
- package/schemas/vis-config.schema.json +61 -12
- package/dist/packem_chunks/handler50.js +0 -34
- package/dist/packem_shared/ai-cache-BjlXWJtl.js +0 -1
- package/dist/packem_shared/ai-fix-BhcTrkuW.js +0 -43
- package/dist/packem_shared/applyDefaults-BOVDw1jD.js +0 -1
- package/dist/packem_shared/build-scripts-DsWMSWDs.js +0 -1
- package/dist/packem_shared/cache-directory-DQak1Vjc.js +0 -1
- package/dist/packem_shared/dependency-scan-DPHTzA5r.js +0 -1
- package/dist/packem_shared/docker-lk0-5Z-i.js +0 -60
- package/dist/packem_shared/failure-log-DF7nrFIs.js +0 -2
- package/dist/packem_shared/flakiness-DKCOYwN7.js +0 -1
- package/dist/packem_shared/index-B4gpNmrG.js +0 -1
- package/dist/packem_shared/lifecycle-boYwVQSE.js +0 -2
- package/dist/packem_shared/manifests-B0fMp872.js +0 -1
- package/dist/packem_shared/native-config-sync-B0_ef78M.js +0 -21
- package/dist/packem_shared/provenance-smHa8efI.js +0 -1
- package/dist/packem_shared/registry-keys-3qaVog76.js +0 -1
- package/dist/packem_shared/run-summary-utils-DIJV_dUD.js +0 -1
- package/dist/packem_shared/runtime-check-DrMx4Q9L.js +0 -1
- package/dist/packem_shared/s1ngularity-CwSBPB3I.js +0 -1
- package/dist/packem_shared/scan-progress-CMynp3eA.js +0 -2
- package/dist/packem_shared/toolchain-OH1PXwbZ.js +0 -5
- package/dist/packem_shared/typosquats-CJ4o1l7U.js +0 -1
- package/dist/packem_shared/verify-CQbzknur.js +0 -1
- package/dist/packem_shared/xxh3-DrAUNq4n.js +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
var i=Object.defineProperty;var a=(r,e)=>i(r,"name",{value:e,configurable:!0});import{p as s}from"./bin.js";import{c as o,f as c}from"../packem_shared/registry-keys-
|
|
1
|
+
var i=Object.defineProperty;var a=(r,e)=>i(r,"name",{value:e,configurable:!0});import{p as s}from"./bin.js";import{c as o,f as c}from"../packem_shared/registry-keys-pemEkRM9.js";var n=Object.defineProperty,f=a((r,e)=>n(r,"name",{value:e,configurable:!0}),"n");const g=f(async({options:r})=>{if(r.clear){const t=o();if(r.json){process.stdout.write(`${JSON.stringify({cleared:t,refetched:!1},void 0,2)}
|
|
2
2
|
`);return}s.success(t?"Cleared cached npm signing keys.":"No cached npm signing keys to clear.");return}const e=await c({forceRefresh:!0});if(e===void 0){if(r.json){process.stdout.write(`${JSON.stringify({cleared:!1,error:"fetch-failed",refetched:!1},void 0,2)}
|
|
3
3
|
`),process.exitCode=1;return}s.error("Failed to fetch npm signing keys (network error and no cached keys available)."),process.exitCode=1;return}if(r.json){process.stdout.write(`${JSON.stringify({cleared:!1,fromCache:e.fromCache,keyCount:e.keys.length,refetched:!e.fromCache,stale:e.stale??!1},void 0,2)}
|
|
4
4
|
`);return}if(e.fromCache&&e.stale===!0){s.warn(`Network fetch failed — falling back to expired cache (${String(e.keys.length)} keys).`);return}s.success(`Refreshed npm signing keys (${String(e.keys.length)} keys).`)},"execute");export{g as default};
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
var x=Object.defineProperty;var w=(t,s)=>x(t,"name",{value:s,configurable:!0});import{createRequire as B}from"node:module";import{
|
|
1
|
+
var x=Object.defineProperty;var w=(t,s)=>x(t,"name",{value:s,configurable:!0});import{createRequire as B}from"node:module";import{a6 as P,p as o,a7 as R}from"./bin.js";import{A as V}from"../packem_shared/pm-runner-Dnj9J3KF.js";import{x as C}from"../packem_shared/build-scripts-3E2pmscY.js";import{M as y,i as k}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{n as q}from"./config.js";const D=B(import.meta.url),v=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,M=w(t=>{if(typeof v<"u"&&v.versions&&v.versions.node){const[s,f]=v.versions.node.split(".").map(Number);if(s>22||s===22&&f>=3||s===20&&f>=16)return v.getBuiltinModule(t)}return D(t)},"__cjs_getBuiltinModule"),{readdirSync:j,statSync:O}=M("node:fs");var A=Object.defineProperty,_=w((t,s)=>A(t,"name",{value:s,configurable:!0}),"p$1");const N=_((t,s={})=>{const f=y(t,"node_modules");if(!k(f))return[];const l=new Map,p=new Set,b=_((n,i,a)=>{const e=`${i}@${a}`;if(p.has(e))return;p.add(e);const r=a.startsWith(t)?a.slice(t.length+1):a;let u=l.get(n);u||(u=[],l.set(n,u)),u.some($=>$.name===i)||u.push({name:i,relativePath:r})},"recordBin"),m=_((n,i="")=>{let a;try{a=j(n)}catch{return}for(const e of a){const r=y(n,e);if(e.startsWith("@")){m(r,`${e}/`);continue}if(e===".pnpm"&&i===""){let c;try{c=j(r)}catch{continue}for(const d of c){const h=y(r,d,"node_modules");k(h)&&m(h)}continue}if(e.startsWith("."))continue;const u=i+e,$=y(r,"package.json");try{if(!O(r).isDirectory()||!k($))continue;const c=q($),d=typeof c.name=="string"?c.name:u;if(typeof c.bin=="string"){const S=d.includes("/")?d.split("/").pop():d;b(S,d,r)}else if(c.bin&&typeof c.bin=="object")for(const S of Object.keys(c.bin))b(S,d,r);const h=y(r,"node_modules");k(h)&&m(h)}catch{}}},"scanDir");m(f);const g=[];for(const[n,i]of l)i.length<2||s[n]===!0||i.every(a=>s[`${a.name}#${n}`]===!0)||g.push({bin:n,packages:i});return g.sort((n,i)=>n.bin.localeCompare(i.bin))},"collectBinShadows");var T=Object.defineProperty,W=w((t,s)=>T(t,"name",{value:s,configurable:!0}),"p");const U=new Set(["bun","npm","pnpm","yarn"]),K=W(({options:t,visConfig:s,workspaceRoot:f})=>{const l=f??process.cwd(),p=V(l),b=s?.security?.policies?.installScripts?.allow??{},m=s?.security?.allowBins??{},g=s?.security?.pinVersions===!0,n=C(l,b,{pinVersions:g}),i=N(l,m),a=s&&U.has(p.name)?P(s,p.name,l):void 0;if(t.json){process.stdout.write(`${JSON.stringify({binConflicts:i,drift:a,excess:n.excess,installed:n.installed.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),packageManager:p.name,pinVersions:g,unapproved:n.unapproved.map(e=>({hooks:e.hooks,name:e.name,version:e.version})),versionDrift:n.versionDrift},void 0,2)}
|
|
2
2
|
`);return}if(o.info(`Build-script status (${p.name}):
|
|
3
|
-
`),n.installed.length===0&&n.unapproved.length===0&&o.success(" No installed packages declare lifecycle scripts."),n.installed.length>0){o.success(` Approved (${String(n.installed.length)}):`);for(const e of n.installed)o.info(` ✓ ${e.name} — ${e.hooks.join(", ")}`)}if(n.unapproved.length>0){o.info(""),o.warn(` Unapproved (${String(n.unapproved.length)}):`);for(const e of n.unapproved)o.info(` ✗ ${e.name} — ${e.hooks.join(", ")}`);o.notice(" Run 'vis approve-builds' to review.")}if(n.excess.length>0){o.info(""),o.warn(` Stale allowlist entries (${String(n.excess.length)}):`);for(const e of n.excess)o.info(` ! ${e}`);o.notice(" Remove these from vis.config.ts security.policies.installScripts.allow.")}if(n.versionDrift.length>0){o.info(""),o.warn(` Version drift (pinVersions: true) — ${String(n.versionDrift.length)} entr${n.versionDrift.length===1?"y":"ies"} point at outdated versions:`);for(const{from:e,to:r}of n.versionDrift)o.info(` ${e} → ${r}`);o.notice(" Update vis.config.ts security.policies.installScripts.allow keys to migrate.")}if(i.length>0){o.info(""),o.warn(` Bin conflicts (${String(i.length)}) — multiple packages expose the same bin name:`);for(const e of i)o.info(` ${e.bin} ← ${e.packages.map(r=>r.name).join(", ")}`);o.notice(" Add the bin (or 'pkg#bin') to vis.config.ts security.allowBins to silence this.")}if(a?.hasDrift){o.info("");for(const e of
|
|
3
|
+
`),n.installed.length===0&&n.unapproved.length===0&&o.success(" No installed packages declare lifecycle scripts."),n.installed.length>0){o.success(` Approved (${String(n.installed.length)}):`);for(const e of n.installed)o.info(` ✓ ${e.name} — ${e.hooks.join(", ")}`)}if(n.unapproved.length>0){o.info(""),o.warn(` Unapproved (${String(n.unapproved.length)}):`);for(const e of n.unapproved)o.info(` ✗ ${e.name} — ${e.hooks.join(", ")}`);o.notice(" Run 'vis approve-builds' to review.")}if(n.excess.length>0){o.info(""),o.warn(` Stale allowlist entries (${String(n.excess.length)}):`);for(const e of n.excess)o.info(` ! ${e}`);o.notice(" Remove these from vis.config.ts security.policies.installScripts.allow.")}if(n.versionDrift.length>0){o.info(""),o.warn(` Version drift (pinVersions: true) — ${String(n.versionDrift.length)} entr${n.versionDrift.length===1?"y":"ies"} point at outdated versions:`);for(const{from:e,to:r}of n.versionDrift)o.info(` ${e} → ${r}`);o.notice(" Update vis.config.ts security.policies.installScripts.allow keys to migrate.")}if(i.length>0){o.info(""),o.warn(` Bin conflicts (${String(i.length)}) — multiple packages expose the same bin name:`);for(const e of i)o.info(` ${e.bin} ← ${e.packages.map(r=>r.name).join(", ")}`);o.notice(" Add the bin (or 'pkg#bin') to vis.config.ts security.allowBins to silence this.")}if(a?.hasDrift){o.info("");for(const e of R(a))o.warn(e)}},"execute");export{K as default};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
var w=Object.defineProperty;var c=(e,t)=>w(e,"name",{value:t,configurable:!0});import{createRequire as y}from"node:module";import{A as m,
|
|
1
|
+
var w=Object.defineProperty;var c=(e,t)=>w(e,"name",{value:t,configurable:!0});import{createRequire as y}from"node:module";import{A as m,P as $}from"../packem_shared/pm-runner-Dnj9J3KF.js";const _=y(import.meta.url),a=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,v=c(e=>{if(typeof a<"u"&&a.versions&&a.versions.node){const[t,s]=a.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return a.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{createInterface:I}=v("node:readline");var h=Object.defineProperty,o=c((e,t)=>h(e,"name",{value:t,configurable:!0}),"n");const r="sigstore",b=o(()=>!!process.stdout.isTTY&&process.env.CI!=="true","isInteractive"),O=o(e=>new Promise(t=>{const s=I({input:process.stdin,output:process.stderr});s.question(`${e} (Y/n) `,i=>{s.close();const n=i.trim().toLowerCase();t(n===""||n==="y"||n==="yes")})}),"defaultPrompt"),D=o(e=>{const t=m(e),s=$(t,{exact:!1,filter:[],global:!1,optional:!1,packages:[r],peer:!1,saveDev:!0,workspace:!1,workspaceRoot:!1},e,console);return Promise.resolve({exitCode:s})},"defaultRunInstall"),k=o(()=>{try{return import.meta.resolve(r),!0}catch{return!1}},"isSigstoreInstalled"),P=o(e=>{let t="pnpm";try{t=m(e).name}catch{}switch(t){case"bun":return`bun add -d ${r}`;case"npm":return`npm install -D ${r}`;case"yarn":return`yarn add -D ${r}`;default:return`pnpm add -D ${r}`}},"installCommandFor"),R=o(()=>import("sigstore"),"defaultImport"),x=o(async(e={})=>{const t=e.interactive??b(),s=e.prompt??O,i=e.runInstall??D,n=e.importImpl??R,d=e.workspaceRoot??process.cwd(),l=P(d);try{return await n()}catch(p){const{code:f,message:g}=p;if(!(f==="ERR_MODULE_NOT_FOUND"||f==="MODULE_NOT_FOUND")||!g.includes(r))throw p}if(!t)throw new Error(`${r} is not installed. \`vis attest\` needs it for keyless signing/verification. Install it in your repo first:
|
|
2
2
|
${l}`);if(!await s(`${r} isn't installed. Install it now?`))throw new Error(`${r} install declined. Re-run \`vis attest\` after installing manually:
|
|
3
|
-
${l}`);const
|
|
4
|
-
${l}`);return await n()},"loadOptionalSigstore");export{
|
|
3
|
+
${l}`);const u=await i(d);if(u.exitCode!==0)throw new Error(`Install of ${r} failed (exit ${String(u.exitCode)}). Install manually and retry:
|
|
4
|
+
${l}`);return await n()},"loadOptionalSigstore");export{P as installCommandFor,k as isSigstoreInstalled,x as loadOptionalSigstore};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
var u=Object.defineProperty;var o=(t,e)=>u(t,"name",{value:e,configurable:!0});import{K as n}from"
|
|
1
|
+
var u=Object.defineProperty;var o=(t,e)=>u(t,"name",{value:e,configurable:!0});import{K as n}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{createJiti as l}from"jiti";var p=Object.defineProperty,a=o((t,e)=>p(t,"name",{value:e,configurable:!0}),"r");const i=a((t,e)=>{if(!e||typeof e!="object")throw new TypeError(`${t}: default export must be an object (got ${e===null?"null":typeof e}). Use createTemplate({ ... }).`);const r=e;if(typeof r.about!="object"||r.about===null)throw new TypeError(`${t}: default export missing required "about" object`);if(typeof r.produce!="function")throw new TypeError(`${t}: default export missing required "produce" function`);return e},"validateTemplateExport"),s=a(async t=>{const e=await l(n(t),{fsCache:!1,moduleCache:!1}).import(t,{default:!0,try:!0})??null;return i(t,e)},"loadNativeTemplate");export{s as loadNativeTemplate};
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
var f=Object.defineProperty;var i=(o,e)=>f(o,"name",{value:e,configurable:!0});import{createRequire as p}from"node:module";import{p as n}from"./bin.js";import{r as h}from"../packem_shared/advisories-
|
|
1
|
+
var f=Object.defineProperty;var i=(o,e)=>f(o,"name",{value:e,configurable:!0});import{createRequire as p}from"node:module";import{p as n}from"./bin.js";import{r as h}from"../packem_shared/advisories-U1QKY_tg.js";const l=p(import.meta.url),t=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,m=i(o=>{if(typeof t<"u"&&t.versions&&t.versions.node){const[e,s]=t.versions.node.split(".").map(Number);if(e>22||e===22&&s>=3||e===20&&s>=16)return t.getBuiltinModule(o)}return l(o)},"__cjs_getBuiltinModule"),{rm:v}=m("node:fs/promises");var _=Object.defineProperty,g=i((o,e)=>_(o,"name",{value:e,configurable:!0}),"c");const w=g(async({logger:o,options:e,workspaceRoot:s})=>{if(!s)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const r=e.db??h(s),c=e.format==="json";if(!e.force){n.warn(`Prune is destructive. Will remove: ${r}`),n.info("Re-run with --force to proceed."),c&&process.stdout.write(`${JSON.stringify({dbPath:r,reason:"needs --force",removed:!1})}
|
|
2
2
|
`);return}const d=[r,`${r}-wal`,`${r}-shm`,`${r}-journal`],a=[];for(const u of d)try{await v(u,{force:!0}),a.push(u)}catch{}if(c){process.stdout.write(`${JSON.stringify({dbPath:r,files:a,removed:!0})}
|
|
3
3
|
`);return}n.success(`Removed ${r}.`)},"execute"),$=w;export{$ as advisoriesPruneExecute};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
var l=Object.defineProperty;var a=(t,o)=>l(t,"name",{value:o,configurable:!0});import{p as c,
|
|
1
|
+
var l=Object.defineProperty;var a=(t,o)=>l(t,"name",{value:o,configurable:!0});import{p as c,t as p,D as u}from"./bin.js";var w=Object.defineProperty,f=a((t,o)=>w(t,"name",{value:o,configurable:!0}),"c");const m=f(({options:t,visConfig:o,workspaceRoot:n})=>{const i=n??process.cwd(),s=o?.security?.policies?.installScripts?.allow??{},r=Object.entries(s).filter(([,e])=>e).map(([e])=>e);r.length===0&&!t.rootOnly&&(c.warn("No approved packages in security.policies.installScripts.allow — nothing to run."),!t.withRoot)||(t.rootOnly||p(i,r),(t.withRoot||t.rootOnly)&&u(i))},"execute");export{m as default};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var l=Object.defineProperty;var c=(s,e)=>l(s,"name",{value:e,configurable:!0});import{
|
|
2
|
-
`);return}if(r.info(`DB: ${o}`),!t.exists){r.warn(`No advisory DB yet. Run ${v("vis advisories sync")} to populate.`);return}if(r.info(`Schema: v${t.schemaVersion} Size: ${B(t.sizeBytes)}`),t.ecosystems.length===0){r.warn("DB exists but contains no ecosystems. Run `vis advisories sync`.");return}r.info(""),r.info("Ecosystem Advisories Last sync ETag"),r.info(f("────────── ────────── ───────────────── ──────"));for(const n of t.ecosystems){const m=n.name.padEnd(10),u=n.advisoryCount.toLocaleString().padStart(10),d=`${n.lastSyncIso||"never"} (${w(n.lastSyncIso)})`.padEnd(19),y=n.manifestEtag??f("—");r.info(`${
|
|
1
|
+
var l=Object.defineProperty;var c=(s,e)=>l(s,"name",{value:e,configurable:!0});import{e as v,E as f,I as p}from"../packem_shared/index.server-B7ETiT4C.js";import{p as r}from"./bin.js";import{r as g,g as h}from"../packem_shared/advisories-U1QKY_tg.js";var $=Object.defineProperty,i=c((s,e)=>$(s,"name",{value:e,configurable:!0}),"a");const B=i(s=>{if(s===0)return"0 B";const e=["B","KB","MB","GB"],a=Math.min(Math.floor(Math.log(s)/Math.log(1024)),e.length-1),o=s/1024**a;return`${o.toFixed(o<10&&a>0?1:0)} ${e[a]}`},"formatBytes"),w=i(s=>{if(!s)return"never";const e=Date.parse(s);if(Number.isNaN(e))return s;const a=Date.now()-e;if(a<0)return s;const o=Math.floor(a/6e4);if(o<1)return"just now";if(o<60)return`${o}m ago`;const t=Math.floor(o/60);return t<24?`${t}h ago`:`${Math.floor(t/24)}d ago`},"formatRelative"),S=i(async({logger:s,options:e,workspaceRoot:a})=>{if(!a)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const o=e.db??g(a),t=await h(a,o);if(e.format==="json"){process.stdout.write(`${JSON.stringify({dbPath:o,ecosystems:t.ecosystems.map(n=>({advisoryCount:n.advisoryCount,lastSyncIso:n.lastSyncIso,manifestEtag:n.manifestEtag??null,name:n.name})),exists:t.exists,schemaVersion:t.schemaVersion,sizeBytes:t.sizeBytes},void 0,2)}
|
|
2
|
+
`);return}if(r.info(`DB: ${o}`),!t.exists){r.warn(`No advisory DB yet. Run ${v("vis advisories sync")} to populate.`);return}if(r.info(`Schema: v${t.schemaVersion} Size: ${B(t.sizeBytes)}`),t.ecosystems.length===0){r.warn("DB exists but contains no ecosystems. Run `vis advisories sync`.");return}r.info(""),r.info("Ecosystem Advisories Last sync ETag"),r.info(f("────────── ────────── ───────────────── ──────"));for(const n of t.ecosystems){const m=n.name.padEnd(10),u=n.advisoryCount.toLocaleString().padStart(10),d=`${n.lastSyncIso||"never"} (${w(n.lastSyncIso)})`.padEnd(19),y=n.manifestEtag??f("—");r.info(`${p(m)} ${u} ${d} ${y}`)}},"execute"),D=S;export{D as advisoriesStatusExecute};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var w=Object.defineProperty;var y=(e,o)=>w(e,"name",{value:o,configurable:!0});import{
|
|
2
|
-
`)}else{const s=i.filter(a=>a.error),r=i.filter(a=>a.result),t=r[0];t?.result?.dbPath&&l.info($(`DB: ${t.result.dbPath}`)),s.length===0?l.success(`Synced ${r.length} ecosystem${r.length===1?"":"s"}.`):l.error(`${s.length} ecosystem${s.length===1?"":"s"} failed to sync.`)}i.some(s=>s.error)&&(process.exitCode=1)},"execute"),h=c(e=>e>=1e3?`${(e/1e3).toFixed(1)}s`:`${Math.round(e)}ms`,"formatDuration"),
|
|
1
|
+
var w=Object.defineProperty;var y=(e,o)=>w(e,"name",{value:o,configurable:!0});import{E as $}from"../packem_shared/index.server-B7ETiT4C.js";import{p as l}from"./bin.js";import{s as D}from"../packem_shared/scan-progress-EbvmIh4i.js";import{s as b,D as S}from"../packem_shared/advisories-U1QKY_tg.js";var E=Object.defineProperty,c=y((e,o)=>E(e,"name",{value:o,configurable:!0}),"c");const P=c(e=>e?.security?.audit?.advisories??{},"readAdvisoriesConfig"),k=c(e=>e?e.split(",").map(o=>o.trim()).filter(o=>o.length>0):["npm"],"parseEcosystems"),x=c(async({logger:e,options:o,visConfig:g,workspaceRoot:d})=>{if(!d)throw new Error("Could not determine workspace root. Run this command inside a workspace.");const u=o.format==="json",m=P(g),f=o.source??m.source??S,p=k(o.ecosystem),v=p.map(s=>({id:s,label:`Sync ${s} advisories`})),n=D(v,{live:!u}),i=[];try{for(const s of p){n.start(s);const r=Date.now();try{const t=await b({allowedHosts:m.allowedHosts,dbPath:o.db,ecosystem:s,force:!!o.force,source:f,workspaceRoot:d});i.push({ecosystem:s,result:t}),t.upToDate?n.finish(s,"ok",`up to date · ${h(Date.now()-r)}`):n.finish(s,"ok",`${t.advisoriesIngested.toLocaleString()} advisories · ${h(t.durationMs)}`)}catch(t){const a=t instanceof Error?t.message:String(t);i.push({ecosystem:s,error:a}),n.finish(s,"error",a)}}}finally{n.stop()}if(u){const s={ecosystems:i.map(r=>({advisoriesIngested:r.result?.advisoriesIngested??0,dbPath:r.result?.dbPath??null,durationMs:r.result?.durationMs??0,ecosystem:r.ecosystem,error:r.error??null,upToDate:r.result?.upToDate??!1})),source:f};process.stdout.write(`${JSON.stringify(s,void 0,2)}
|
|
2
|
+
`)}else{const s=i.filter(a=>a.error),r=i.filter(a=>a.result),t=r[0];t?.result?.dbPath&&l.info($(`DB: ${t.result.dbPath}`)),s.length===0?l.success(`Synced ${r.length} ecosystem${r.length===1?"":"s"}.`):l.error(`${s.length} ecosystem${s.length===1?"":"s"} failed to sync.`)}i.some(s=>s.error)&&(process.exitCode=1)},"execute"),h=c(e=>e>=1e3?`${(e/1e3).toFixed(1)}s`:`${Math.round(e)}ms`,"formatDuration"),O=x;export{O as advisoriesSyncExecute};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var
|
|
2
|
-
`);for(const c of i
|
|
1
|
+
var m=Object.defineProperty;var f=(e,n)=>m(e,"name",{value:n,configurable:!0});import{p as i}from"./bin.js";import{A as g}from"../packem_shared/pm-runner-Dnj9J3KF.js";import{N as y}from"../packem_shared/native-config-sync-BOeuyrBj.js";import{E as v}from"../packem_shared/min-release-age-Cz6HbF-I.js";var h=Object.defineProperty,w=f((e,n)=>h(e,"name",{value:n,configurable:!0}),"l");const b=new Set(["bun","npm","pnpm","yarn"]),x=w(({options:e,visConfig:n,workspaceRoot:u})=>{const o=u??process.cwd(),t=g(o);if(!b.has(t.name)){i.warn(`Package manager '${t.name}' has no native security config to sync.`);return}if(!n?.security){i.warn("vis.config has no `security` block — nothing to sync.");return}const r=n.security.policies??{},a=Object.fromEntries(Object.entries(r.installScripts?.allow??{}).filter(([,c])=>c)),p=r.firstSeen?.minutes,l=r.firstSeen?.exclude??[],s=[];if(Object.keys(a).length>0&&!e.skipAllowBuilds&&s.push(...y(t.name,o,a)),e.skipMinReleaseAge||s.push(...v(t.name,o,p,l)),s.length===0){i.success("Nothing to sync — vis.config and native PM config are aligned.");return}i.info(`Syncing vis.config security settings to ${t.name} native config…
|
|
2
|
+
`);for(const c of s)i.success(` ${c}`)},"execute");export{x as default};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var y=Object.defineProperty;var d=(r,n)=>y(r,"name",{value:n,configurable:!0});import{createRequire as w}from"node:module";import{M as u,i as f
|
|
2
|
-
`),
|
|
1
|
+
var y=Object.defineProperty;var d=(r,n)=>y(r,"name",{value:n,configurable:!0});import{createRequire as w}from"node:module";import{M as u,i as f}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{n as m,B as k}from"./config.js";import{p as e}from"./bin.js";import{A as j}from"../packem_shared/pm-runner-Dnj9J3KF.js";const v=w(import.meta.url),c=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,h=d(r=>{if(typeof c<"u"&&c.versions&&c.versions.node){const[n,s]=c.versions.node.split(".").map(Number);if(n>22||n===22&&s>=3||n===20&&s>=16)return c.getBuiltinModule(r)}return v(r)},"__cjs_getBuiltinModule"),{spawnSync:$}=h("node:child_process");var _=Object.defineProperty,l=d((r,n)=>_(r,"name",{value:n,configurable:!0}),"c");const t="@lavamoat/preinstall-always-fail",p=l(r=>{const n=u(r,"package.json");if(!f(n))return"no-package-json";try{const s=m(n);if(s.devDependencies?.[t]||s.dependencies?.[t])return"installed"}catch{}return"missing"},"tripwireStatus"),b=l(r=>{const n=u(r,"package.json");if(!f(n))return!1;try{const s=m(n);let o=!1;const a=l(i=>!i||!(t in i)?i:(o=!0,Object.fromEntries(Object.entries(i).filter(([g])=>g!==t))),"stripFrom");return s.devDependencies=a(s.devDependencies),s.dependencies=a(s.dependencies),o&&k(n,`${JSON.stringify(s,null,2)}
|
|
2
|
+
`),o}catch{return!1}},"removeFromPackageJson"),O=l(({options:r,workspaceRoot:n})=>{const s=n??process.cwd();if(r.status){switch(p(s)){case"installed":{e.success(`Preinstall tripwire is installed (${t}).`),e.info("Removing 'ignore-scripts=true' will cause future installs to fail loudly.");break}case"missing":{e.warn("Preinstall tripwire is not installed."),e.info(`Run 'vis security tripwire' to add ${t} as a devDependency.`);break}default:e.error("No package.json found at the workspace root."),process.exitCode=1}return}if(r.remove){b(s)?e.success(`Removed ${t} from package.json. Run your PM's install to clean node_modules.`):e.info(`${t} was not present in package.json.`);return}if(p(s)==="installed"){e.info(`${t} is already installed.`);return}const o=j(s),a={bun:["add","-d",t],npm:["install","--save-dev",t],pnpm:["add","-D","-w",t],yarn:["add","-D",t]}[o.name];if(!a){e.error(`Cannot install tripwire — unsupported package manager '${o.name}'.`),process.exitCode=1;return}e.info(`Installing ${t} via ${o.name}…`);const i=$(o.name,a,{cwd:s,stdio:"inherit"});if(i.error){e.error(`Failed to install tripwire: ${i.error.message}`),process.exitCode=1;return}if(i.signal!==null){e.error(`${o.name} was terminated by signal ${i.signal}`),process.exitCode=1;return}if(i.status!==0){e.error(`${o.name} exited with code ${String(i.status)}`),process.exitCode=i.status??1;return}e.success(`Installed ${t} as a devDependency.`),e.notice(""),e.notice("How the tripwire works:"),e.notice(` ${t} declares a preinstall script that always fails.`),e.notice(" When 'ignore-scripts=true' is set (.npmrc / bunfig.toml / .yarnrc.yml),"),e.notice(" the script is skipped and installs succeed normally. If someone deletes"),e.notice(" that setting, the next install fails — loudly — instead of silently"),e.notice(" running every dependency's lifecycle scripts.")},"execute");export{O as default};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
var $=Object.defineProperty;var k=(e,o)=>$(e,"name",{value:o,configurable:!0});import{A as x
|
|
2
|
-
`),n.status==="fail"&&(process.exitCode=1);return}const[c,...l]=G(n);if(n.status==="skipped"){p.info(c);return}if(n.status==="pass"){p.success(c);return}p.error(c);for(const f of l)p.error(f);process.exitCode=1},"execute");export{
|
|
1
|
+
var $=Object.defineProperty;var k=(e,o)=>$(e,"name",{value:o,configurable:!0});import{p}from"./bin.js";import{A as x}from"../packem_shared/pm-runner-Dnj9J3KF.js";import{r as v,l as C,L as S}from"../packem_shared/dependency-scan-BbtivycX.js";import{$ as M,M as h,i as L}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{F as E}from"../packem_shared/lockfile-CQLFNyVa.js";import{e as P}from"../packem_shared/index-D_tAc2nS.js";var D=Object.defineProperty,m=k((e,o)=>D(e,"name",{value:o,configurable:!0}),"r");const V=m(e=>{const o=e.trim();return o===""?!1:/^(?:git\+|git:\/\/|git@|ssh:\/\/)/i.test(o)||/^(?:github|gitlab|bitbucket|gist):/i.test(o)||/^[\w.-]+\/[\w.-]+(?:#.+)?$/.test(o)&&!o.includes("@")?!0:/^https?:\/\//i.test(o)},"isExoticSpecifier"),N=m((e,o)=>{for(const s of o)if(s===e||s.endsWith("*")&&e.startsWith(s.slice(0,-1)))return!0;return!1},"matchesAllow"),O=m((e,o,s={})=>{const t=v(e,o);if(!t)return[];let i;try{i=M(h(e,t.file))}catch{return[]}const n=E(i,t.type);if(n.length===0)return[];const c=s.allow??[],l=[],f=new Set;for(const r of n){const a=`${r.name}@${r.version}`;for(const g of[r.dependencies,r.optionalDependencies])if(g){for(const[u,w]of Object.entries(g))if(!N(u,c))for(const y of w){if(!V(y))continue;const b=`${a}->${u}@${y}`;f.has(b)||(f.add(b),l.push({declaredBy:a,packageName:u,source:y}))}}}return l.sort((r,a)=>r.packageName.localeCompare(a.packageName)||r.declaredBy.localeCompare(a.declaredBy))},"scanExoticSubdeps");var R=Object.defineProperty,d=k((e,o)=>R(e,"name",{value:o,configurable:!0}),"n");const j=new Set(["firstSeen","publisherChange"]),A=d(e=>e.severity==="block"&&e.acceptedRisk===void 0,"isGatingDecision"),B=d(e=>{const o=e.security?.policies?.firstSeen?.minutes,s=typeof o=="number"&&o>0,t=e.security?.policies?.publisherChange?.mode==="no-downgrade",i=e.security?.blockExoticSubdeps===!0;return s||t||i},"anyPolicyConfigured"),F=d(async e=>{const{offline:o=!1,packageManager:s,visConfig:t,workspaceRoot:i}=e,n=Date.now();if(!B(t))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!1,status:"skipped"};const c=v(i,s);if(!c||!L(h(i,c.file)))return{decisions:[],durationMs:Date.now()-n,entryCount:0,exoticViolations:[],lockfileMissing:!0,status:"fail"};const l=C(i,s,{includeDev:!0}),f=l.length,r=await P({offline:o,packageManager:s,packages:l,workspaceRoot:i},"install",{enabledPolicies:new Set(j),visConfig:t}),a=t.security?.blockExoticSubdeps===!0?O(i,s,{allow:t.security.exoticSubdepsAllow}):[],g=r.some(u=>A(u))||a.length>0;return{decisions:r,durationMs:Date.now()-n,entryCount:f,exoticViolations:a,lockfileMissing:!1,status:g?"fail":"pass"}},"verifyLockfile"),W=d(e=>e<1e3?`${String(e)}ms`:`${(e/1e3).toFixed(1)}s`,"formatElapsed"),G=d(e=>{if(e.status==="skipped")return["– Lockfile supply-chain verification skipped (no firstSeen / publisherChange / blockExoticSubdeps policy configured)"];if(e.lockfileMissing)return["✗ Lockfile supply-chain verification failed — no lockfile found, the resolved closure cannot be attested"];const o=`(${String(e.entryCount)} ${e.entryCount===1?"entry":"entries"}, ${W(e.durationMs)})`;if(e.status==="pass")return[`✓ Lockfile passes supply-chain policies ${o}`];const s=[`✗ Lockfile failed supply-chain policy check ${o}`];for(const t of e.decisions)t.severity==="block"&&t.acceptedRisk===void 0&&s.push(` [${t.policy}] ${t.reason}`);for(const t of e.exoticViolations)s.push(` [blockExoticSubdeps] ${t.packageName} pulled from exotic source by ${t.declaredBy}: ${t.source}`);return s},"formatLockfileVerification");var I=Object.defineProperty,J=k((e,o)=>I(e,"name",{value:o,configurable:!0}),"a");const U=J(async({options:e,visConfig:o,workspaceRoot:s})=>{const t=s??process.cwd(),i=x(t);if(!S[i.name]){p.warn(`Package manager '${i.name}' has no lockfile vis can verify.`);return}const n=await F({offline:!!e.offline,packageManager:i.name,visConfig:o??{},workspaceRoot:t});if(e.json){process.stdout.write(`${JSON.stringify(n,void 0,2)}
|
|
2
|
+
`),n.status==="fail"&&(process.exitCode=1);return}const[c,...l]=G(n);if(n.status==="skipped"){p.info(c);return}if(n.status==="pass"){p.success(c);return}p.error(c);for(const f of l)p.error(f);process.exitCode=1},"execute");export{U as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
var I=Object.defineProperty;var d=(s,e)=>I(s,"name",{value:e,configurable:!0});import{createRequire as $}from"node:module";import{
|
|
1
|
+
var I=Object.defineProperty;var d=(s,e)=>I(s,"name",{value:e,configurable:!0});import{createRequire as $}from"node:module";import{K as j}from"../packem_chunks/config.js";import{advisoriesStatus as E,NATIVE_BINDING_VERSION as A,advisoriesIngest as q,advisoriesQuery as B}from"#native";const T=$(import.meta.url),v=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,l=d(s=>{if(typeof v<"u"&&v.versions&&v.versions.node){const[e,t]=v.versions.node.split(".").map(Number);if(e>22||e===22&&t>=3||e===20&&t>=16)return v.getBuiltinModule(s)}return T(s)},"__cjs_getBuiltinModule"),{randomUUID:O}=l("node:crypto"),{createWriteStream:P,existsSync:k}=l("node:fs"),{mkdir:U,unlink:x,stat:C}=l("node:fs/promises"),{join:w,dirname:L}=l("node:path"),{Readable:M}=l("node:stream"),{pipeline:W}=l("node:stream/promises");var F=Object.defineProperty,r=d((s,e)=>F(s,"name",{value:e,configurable:!0}),"s");const b=5;if(A!==b)throw new Error(`vis native binding ABI mismatch in advisories: expected ${b}, got ${A}. Rebuild via \`pnpm --filter @visulima/vis run build:native\` or reinstall the platform binding package.`);const es="https://osv-vulnerabilities.storage.googleapis.com",V=new Set(["osv-vulnerabilities.storage.googleapis.com"]);class H extends Error{static{d(this,"AdvisoryDbNotFoundError")}static{r(this,"AdvisoryDbNotFoundError")}cause="DB_NOT_FOUND";constructor(e){super(`No local advisory DB at ${e}. Run 'vis advisories sync' first.`),this.name="AdvisoryDbNotFoundError"}}class p extends Error{static{d(this,"AdvisorySourceNotAllowedError")}static{r(this,"AdvisorySourceNotAllowedError")}cause="SOURCE_NOT_ALLOWED";constructor(e){super(`Advisory source host '${e}' is not in the built-in allowlist. Add it to \`security.audit.advisories.allowedHosts\` if intentional.`),this.name="AdvisorySourceNotAllowedError"}}class N extends Error{static{d(this,"AdvisorySyncNetworkError")}static{r(this,"AdvisorySyncNetworkError")}cause="SYNC_NETWORK";constructor(e,t){super(`Advisory sync failed for ${e}: ${t}. Check connectivity, proxy env vars, or --source.`),this.name="AdvisorySyncNetworkError"}}const g=r(s=>{const e=j("vis",{create:!0,cwd:s})??w(s,"node_modules",".cache","vis");return w(e,"advisories","db.sqlite")},"resolveAdvisoryDbPath"),z=r((s,e)=>{let t;try{t=new URL(s)}catch{throw new p(s)}if(t.protocol!=="https:")throw new p(`${t.protocol}//${t.host}`);if(!new Set([...V,...e??[]]).has(t.host))throw new p(t.host);return t},"validateAdvisorySource"),ts=r(async s=>{const e=s.dbPath??g(s.workspaceRoot);await U(L(e),{recursive:!0});const t=z(s.source,s.allowedHosts),u=new URL(`${s.ecosystem}/all.zip`,Q(t.toString())),y=await K(e,s.ecosystem);let i=null;if(!s.force){const n=await S(u,{method:"HEAD"});if(n.ok&&(i=n.headers.get("etag"),i&&y&&i===y))return{advisoriesIngested:0,dbPath:e,durationMs:0,upToDate:!0}}const a=`${e}.${s.ecosystem}.${process.pid}.${O()}.zip.tmp`,o=await S(u,{method:"GET"});if(!o.ok||!o.body)throw new N(u.toString(),o.status);i||(i=o.headers.get("etag"));const m=o.headers.get("content-length"),c=m?Number.parseInt(m,10):null;let h=0;const _=P(a),f=M.fromWeb(o.body);s.onProgress&&c&&f.on("data",n=>{h+=n.byteLength,s.onProgress?.(h,c,"download")}),await W(f,_);try{const n=await q({dbPath:e,ecosystem:s.ecosystem,manifestEtag:i??void 0,zipPath:a},(D,R)=>s.onProgress?.(D,R,"ingest"));return{advisoriesIngested:n.advisoriesIngested,dbPath:e,durationMs:n.durationMs,upToDate:!1}}finally{await x(a).catch(()=>{})}},"syncAdvisories"),rs=r((s,e)=>{if(s.length===0)return new Map;const t=e.dbPath??g(e.workspaceRoot),u=e.ecosystem??"npm";if(!k(t))throw new H(t);const y=s.map(o=>({ecosystem:u,name:o.name,version:o.version})),i=B(t,y),a=new Map;for(const[o,m]of s.entries()){const c=i[o];!c||c.vulnerabilities.length===0||a.set(m.name,c.vulnerabilities.map(h=>G(h)))}return a},"queryAdvisories"),os=r(async(s,e)=>{const t=e??g(s);return E(t)},"getAdvisoryStatus"),K=r(async(s,e)=>{try{await C(s)}catch{return null}return E(s).ecosystems.find(t=>t.name===e)?.manifestEtag??null},"readStoredEtag"),G=r(s=>({aliases:s.aliases.length>0?s.aliases:void 0,cvssScore:s.cvssScore??void 0,fixedVersions:s.fixedVersions,id:s.id,severity:Y(s.severity),summary:s.summary}),"toSecurityVulnerability"),Y=r(s=>{const e=s.toUpperCase();return e==="CRITICAL"||e==="HIGH"||e==="MODERATE"||e==="LOW"?e:"UNKNOWN"},"normalizeSeverity"),Q=r(s=>s.endsWith("/")?s:`${s}/`,"ensureTrailingSlash"),S=r(async(s,e)=>{try{return await fetch(s,e)}catch(t){throw new N(s.toString(),t instanceof Error?t.message:String(t))}},"safeFetch");export{H as A,es as D,os as g,rs as q,g as r,ts as s};
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
var H=Object.defineProperty;var k=(e,r)=>H(e,"name",{value:r,configurable:!0});import{createRequire as B}from"node:module";import{renderToString as z}from"@visulima/tui";import{Box as U}from"@visulima/tui/components/box";import{Table as W}from"@visulima/tui/components/table";import{Text as y}from"@visulima/tui/components/text";import v from"react";import{
|
|
2
|
-
`)[0]?.trim();return r&&r.length>0?r:void 0}catch{return}},"whichCommand"),Be=f(e=>{const r=R();if(E){const a=process.env.APPDATA??"",t=process.env.LOCALAPPDATA??"",n=process.env.ProgramFiles??"";return[g(a,"npm",`${e}.cmd`),g(a,"npm",e),g(t,"Programs",e,`${e}.exe`),g(n,e,`${e}.exe`),g(r,".npm-global","bin",`${e}.cmd`)]}return[`/opt/homebrew/bin/${e}`,`/usr/local/bin/${e}`,g(r,".npm-global","bin",e),g(r,".local","bin",e),g(r,".cargo","bin",e)]},"getKnownPaths"),S=f(e=>{try{const r=O(e,["--version"],{encoding:"utf8",stdio:["pipe","pipe","pipe"],timeout:ee}),a=Q.exec(r);return a?a[1]:void 0}catch{return}},"detectVersion"),_=f(e=>{const r=x[e],a={available:!1,name:e},t=process.env[r.envVariable];if(t&&T(
|
|
1
|
+
var H=Object.defineProperty;var k=(e,r)=>H(e,"name",{value:r,configurable:!0});import{createRequire as B}from"node:module";import{renderToString as z}from"@visulima/tui";import{Box as U}from"@visulima/tui/components/box";import{Table as W}from"@visulima/tui/components/table";import{Text as y}from"@visulima/tui/components/text";import v from"react";import{ai as K,aj as G,ak as Y,al as X}from"../packem_chunks/bin.js";const F=B(import.meta.url),w=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$=k(e=>{if(typeof w<"u"&&w.versions&&w.versions.node){const[r,a]=w.versions.node.split(".").map(Number);if(r>22||r===22&&a>=3||r===20&&a>=16)return w.getBuiltinModule(e)}return F(e)},"__cjs_getBuiltinModule"),{spawn:D,execFileSync:O}=$("node:child_process"),{existsSync:C}=$("node:fs"),{platform:J,homedir:R}=$("node:os"),{join:g}=$("node:path"),Q=/v?(\d+\.\d+\.\d+(?:-[\w.]+)?)/,Z=5e3,ee=1e4,re=3e5,te=4096,E=J()==="win32",M=["amp","claude","codex","copilot","crush","cursor","droid","gemini","kimi","opencode","qwen"];var ae=Object.defineProperty,ne=k((e,r)=>ae(e,"name",{value:r,configurable:!0}),"A$1"),ie=Object.defineProperty,m=ne((e,r)=>ie(e,"name",{value:r,configurable:!0}),"o"),oe=Object.defineProperty,se=m((e,r)=>oe(e,"name",{value:r,configurable:!0}),"a$6");const ce={alternateCommands:[],buildArgs:se((e,r,a)=>["-x",e,"--dangerously-allow-all"],"buildArgs"),command:"amp",defaultModel:"",envVariable:"AMP_PATH"};var le=Object.defineProperty,ue=m((e,r)=>le(e,"name",{value:r,configurable:!0}),"t$8");const de={alternateCommands:[],buildArgs:ue((e,r,a)=>["--dangerously-skip-permissions","--model",r,"--output-format","text","-p",e],"buildArgs"),command:"claude",defaultModel:"claude-sonnet-4-20250514",envVariable:"CLAUDE_PATH"};var me=Object.defineProperty,pe=m((e,r)=>me(e,"name",{value:r,configurable:!0}),"a$4");const ge={alternateCommands:["openai-codex"],buildArgs:pe((e,r,a)=>[e,"--approval-mode","full-auto","--quiet","--model",r,"--max-tokens",String(a)],"buildArgs"),command:"codex",defaultModel:"o3",envVariable:"CODEX_PATH"};var fe=Object.defineProperty,he=m((e,r)=>fe(e,"name",{value:r,configurable:!0}),"l");const ve={alternateCommands:[],buildArgs:he((e,r,a)=>{const t=["-p",e,"--allow-all-tools"];return r&&t.push("--model",r),t},"buildArgs"),command:"copilot",defaultModel:"",envVariable:"COPILOT_PATH"};var ye=Object.defineProperty,be=m((e,r)=>ye(e,"name",{value:r,configurable:!0}),"n$2");const ke={alternateCommands:[],buildArgs:be((e,r,a)=>{const t=["run","--yolo"];return r&&t.push("-m",r),t.push(e),t},"buildArgs"),command:"crush",defaultModel:"",envVariable:"CRUSH_PATH"};var we=Object.defineProperty,Ae=m((e,r)=>we(e,"name",{value:r,configurable:!0}),"t$5");const $e={alternateCommands:["cursor"],buildArgs:Ae((e,r,a)=>{const t=["-p","--force","--output-format","text"];return r&&t.push("--model",r),t.push(e),t},"buildArgs"),command:"agent",defaultModel:"",envVariable:"CURSOR_PATH"};var Se=Object.defineProperty,Pe=m((e,r)=>Se(e,"name",{value:r,configurable:!0}),"i");const Ce={alternateCommands:[],buildArgs:Pe((e,r,a)=>{const t=[e,"--skip-permissions-unsafe","-o","text"];return r&&t.push("-m",r),t},"buildArgs"),command:"droid",defaultModel:"",envVariable:"DROID_PATH"};var Te=Object.defineProperty,je=m((e,r)=>Te(e,"name",{value:r,configurable:!0}),"o$1");const Oe={alternateCommands:["gemini-cli"],buildArgs:je((e,r,a)=>["--sandbox","--model",r,"--max-output-tokens",String(a),"-p",e],"buildArgs"),command:"gemini",defaultModel:"gemini-2.5-pro",envVariable:"GEMINI_PATH"};var Re=Object.defineProperty,Ee=m((e,r)=>Re(e,"name",{value:r,configurable:!0}),"o");const Me={alternateCommands:[],buildArgs:Ee((e,r,a)=>{const t=["--quiet","-p",e];return r&&t.push("-m",r),t},"buildArgs"),command:"kimi",defaultModel:"",envVariable:"KIMI_PATH"};var xe=Object.defineProperty,_e=m((e,r)=>xe(e,"name",{value:r,configurable:!0}),"r");const Ie={alternateCommands:[],buildArgs:_e((e,r,a)=>{const t=["run",e];return r&&t.push("-m",r),t},"buildArgs"),command:"opencode",defaultModel:"anthropic/claude-sonnet-4",envVariable:"OPENCODE_PATH"};var Ne=Object.defineProperty,Le=m((e,r)=>Ne(e,"name",{value:r,configurable:!0}),"n");const qe={alternateCommands:["qwen-code"],buildArgs:Le((e,r,a)=>["-p",e,"--yolo","-o","text"],"buildArgs"),command:"qwen",defaultModel:"",envVariable:"QWEN_PATH"};var Ve=Object.defineProperty,f=m((e,r)=>Ve(e,"name",{value:r,configurable:!0}),"s");const x={amp:ce,claude:de,codex:ge,copilot:ve,crush:ke,cursor:$e,droid:Ce,gemini:Oe,kimi:Me,opencode:Ie,qwen:qe},T=f(e=>e.startsWith("~")?g(R(),e.slice(1)):e,"resolveHome"),He=f(e=>{try{const r=O(E?"where":"which",[e],{encoding:"utf8",stdio:["pipe","pipe","pipe"],timeout:Z}).trim().split(`
|
|
2
|
+
`)[0]?.trim();return r&&r.length>0?r:void 0}catch{return}},"whichCommand"),Be=f(e=>{const r=R();if(E){const a=process.env.APPDATA??"",t=process.env.LOCALAPPDATA??"",n=process.env.ProgramFiles??"";return[g(a,"npm",`${e}.cmd`),g(a,"npm",e),g(t,"Programs",e,`${e}.exe`),g(n,e,`${e}.exe`),g(r,".npm-global","bin",`${e}.cmd`)]}return[`/opt/homebrew/bin/${e}`,`/usr/local/bin/${e}`,g(r,".npm-global","bin",e),g(r,".local","bin",e),g(r,".cargo","bin",e)]},"getKnownPaths"),S=f(e=>{try{const r=O(e,["--version"],{encoding:"utf8",stdio:["pipe","pipe","pipe"],timeout:ee}),a=Q.exec(r);return a?a[1]:void 0}catch{return}},"detectVersion"),_=f(e=>{const r=x[e],a={available:!1,name:e},t=process.env[r.envVariable];if(t&&C(T(t))){const i=T(t);return{...a,available:!0,detectionMethod:"envvar",path:i,version:S(i)}}const n=[r.command,...r.alternateCommands];for(const i of n){const o=He(i);if(o)return{...a,available:!0,detectionMethod:"which",path:o,version:S(o)}}for(const i of n)for(const o of Be(i))if(C(o))return{...a,available:!0,detectionMethod:"known-path",path:o,version:S(o)};return a},"detectProvider"),Fe=f(()=>M.map(e=>_(e)),"detectAllProviders"),De=f(()=>Fe().filter(e=>e.available),"detectAvailableProviders"),Je=f((e,r,a={})=>{const t=x[e],n=a.model??t.defaultModel,i=a.maxTokens??te;return t.buildArgs(r,n,i)},"buildCliArgs"),ze=f(async(e,r,a={})=>{if(!e.available||!e.path)throw new Error(`AI provider "${e.name}" is not available.`);const t=Je(e.name,r,a),n=a.timeoutMs??re;return new Promise((i,o)=>{const p={env:{...process.env,FORCE_COLOR:"0",NO_COLOR:"1"},stdio:["pipe","pipe","pipe"]},s=D(e.path,t,p);s.stdin.end();let c="",d="",u=!1;const b=setTimeout(()=>{u=!0,s.kill("SIGTERM"),o(new Error(`${e.name} CLI timed out after ${String(n)}ms`))},n);s.stdout.on("data",h=>{c+=h.toString("utf8")}),s.stderr.on("data",h=>{d+=h.toString("utf8")}),s.on("close",h=>{clearTimeout(b),!u&&(h===0?i({provider:e.name,stderr:d,stdout:c}):o(new Error(`${e.name} CLI exited with code ${String(h)}: ${d||c}`)))}),s.on("error",h=>{clearTimeout(b),u||o(new Error(`Failed to spawn ${e.name} CLI: ${h.message}`))})})},"runProvider");var Ue=Object.defineProperty,I=k((e,r)=>Ue(e,"name",{value:r,configurable:!0}),"i");const We=12e4,Ke=2,Ge=1e3,Ye=I(e=>new Promise(r=>{setTimeout(r,e)}),"sleep"),N=I(async(e,r,a=Ke)=>{let t;for(let n=0;n<=a;n+=1)try{return(await ze(e,r,{timeoutMs:We})).stdout}catch(i){if(t=i instanceof Error?i:new Error(String(i)),t.message.includes("timed out"))throw t;if(n<a){const o=Ge*2**n;await Ye(o)}}throw t??new Error("AI request failed after retries")},"runWithRetry");var Xe=Object.defineProperty,l=k((e,r)=>Xe(e,"name",{value:r,configurable:!0}),"c");const Qe={amp:30,claude:80,codex:60,copilot:50,crush:35,cursor:40,droid:20,gemini:100,kimi:25,opencode:35,qwen:30},Ze=l(e=>{if(e?.provider){if(!M.includes(e.provider))return;const t=_(e.provider);return t.available?t:void 0}const r=De();if(r.length===0)return;const a={...Qe,...e?.priority};return r.toSorted((t,n)=>(a[n.name]??0)-(a[t.name]??0))[0]},"resolveProvider"),er=new Set(["defer","review","skip","update"]),rr=new Set(["critical","high","low","medium"]),tr=new Set(["high","low","medium"]),ar=50,P=30,nr=l(e=>e.map(r=>{const a=r.vulnerabilities&&r.vulnerabilities.length>0?` [VULNERABILITIES: ${r.vulnerabilities.map(n=>`${n.severity} ${n.id}`).join(", ")}]`:"";let t="";if(r.socketReport){const n=Math.round(r.socketReport.score.overall*100),i=[`score:${String(n)}%`];if(r.socketReport.alerts.length>0){const o={};for(const s of r.socketReport.alerts)o[s.severity]=(o[s.severity]??0)+1;const p=Object.entries(o).map(([s,c])=>`${String(c)} ${s}`).join(", ");i.push(`alerts: ${p}`)}i.push(`supply-chain:${String(Math.round(r.socketReport.score.supplyChain*100))}%`),i.push(`quality:${String(Math.round(r.socketReport.score.quality*100))}%`),t=` [SOCKET.DEV: ${i.join(", ")}]`}return`- ${r.packageName}: ${r.currentRange} → ${r.newRange} (${r.updateType})${a}${t}`}).join(`
|
|
3
3
|
`),"buildPackageList"),A=`Respond ONLY with valid JSON in this exact structure:
|
|
4
4
|
{
|
|
5
5
|
"summary": "Brief overall summary",
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
var O=Object.defineProperty;var f=(e,t)=>O(e,"name",{value:t,configurable:!0});import{createRequire as F}from"node:module";import{readLastRunSummary as T}from"@visulima/task-runner";import{a as k}from"./failure-log-B0Uh-65U.js";import{n as j,r as D,$ as y,a0 as _,a1 as N,a2 as R,a3 as A,a4 as M}from"../packem_chunks/bin.js";import{a as $,C as b,M as H,z as W}from"./readFileSync-CGmzMUF2-D6rUjGDn.js";import{w as q,b as L,r as Y}from"./ai-analysis-B8pDCOuT.js";const C=F(import.meta.url),d=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,I=f(e=>{if(typeof d<"u"&&d.versions&&d.versions.node){const[t,a]=d.versions.node.split(".").map(Number);if(t>22||t===22&&a>=3||t===20&&a>=16)return d.getBuiltinModule(e)}return C(e)},"__cjs_getBuiltinModule"),{readFile:E,writeFile:B}=I("node:fs/promises");var z=Object.defineProperty,m=f((e,t)=>z(e,"name",{value:t,configurable:!0}),"u");const J=32*1024,K=m((e,t)=>{if(e.length<=t)return e;const a=e.slice(-t),o=e.length-a.length;return`[…${String(o)} bytes truncated from head…]
|
|
2
|
+
${a}`},"truncateHead"),U=m(async(e,t)=>t===void 0?T(e,{dataDirectory:j(e)}):D(e,t),"loadSummary"),ge=m(async(e,t,a={})=>{const o=a.terminalOutputLimit??J,[r,n]=await Promise.all([k(e,t),U(e,a.runId)]),i=n?y(n,t):void 0;if(!r&&!i)return;let s,c;if(n&&i){const l=await _(e,n.id),g=l?y(l,t):void 0;s=N(i.hashDetails,g?.hashDetails),c=l?.id}const h=r?.terminalOutput??"";return{command:r?.command??void 0,cwd:r?.cwd??void 0,dependencies:i?.dependencies??[],duration:i?.duration,exitCode:r?.exitCode??i?.exitCode,hash:i?.hash??r?.hash,hashDetails:i?.hashDetails,hashDiff:s,previousRunId:c,project:i?.target.project,runId:n?.id??r?.runId,status:r?.status??(i?G(i):void 0),target:i?.target.target,taskId:t,terminalOutput:K(h,o),terminalOutputCaptured:!!r,timestamp:r?.timestamp??i?.endTime??i?.startTime}},"aggregateFailureContext"),G=m(e=>{if(e.exitCode!==void 0&&e.exitCode!==0)return"failure";switch(e.cacheStatus){case"HIT":return"local-cache";case"REMOTE_HIT":return"remote-cache";case"SKIPPED":return"skipped";default:return e.exitCode===0?"success":void 0}},"mapCacheStatusToTaskStatus");var V=Object.defineProperty,u=f((e,t)=>V(e,"name",{value:t,configurable:!0}),"a");const Q=3600*1e3,S=80,X=new Set(["high","low","medium"]),Z=u(()=>`You are an expert software engineer helping fix a failing build/test/lint task.
|
|
3
|
+
|
|
4
|
+
You will be given:
|
|
5
|
+
- The terminal output (stdout/stderr) from the failed task.
|
|
6
|
+
- Optional metadata: command, working directory, project, task hash, and a diff describing what changed in the task's hash inputs since the previous run that did not fail.
|
|
7
|
+
|
|
8
|
+
Your job:
|
|
9
|
+
1. Identify the root cause from the terminal output.
|
|
10
|
+
2. Propose a minimal set of source-file patches that fix the cause.
|
|
11
|
+
3. If you cannot determine a safe fix, set "cannotFix" with a clear, actionable explanation.
|
|
12
|
+
|
|
13
|
+
Constraints:
|
|
14
|
+
- Patches MUST be exact string replacements. The "oldString" must appear verbatim in the named file. Paths are relative to the working directory.
|
|
15
|
+
- Each "oldString" must be unique within its file. Include surrounding context so the match is unambiguous.
|
|
16
|
+
- Do NOT include unrelated cleanup, formatting changes, or speculative refactors.
|
|
17
|
+
- If the failure is environmental (missing tool, network) or requires running commands, prefer "cannotFix" over a guess.
|
|
18
|
+
- Keep "explanation" short (1-3 sentences). Reserve "reason" on each patch for why that specific edit fixes the cause.
|
|
19
|
+
|
|
20
|
+
Respond ONLY with valid JSON in this exact structure:
|
|
21
|
+
{
|
|
22
|
+
"explanation": "Brief root-cause analysis and what the fix does.",
|
|
23
|
+
"confidence": "low|medium|high",
|
|
24
|
+
"patches": [
|
|
25
|
+
{
|
|
26
|
+
"file": "path/relative/to/cwd.ts",
|
|
27
|
+
"oldString": "exact text to find",
|
|
28
|
+
"newString": "exact replacement text",
|
|
29
|
+
"reason": "why this change fixes it"
|
|
30
|
+
}
|
|
31
|
+
],
|
|
32
|
+
"cannotFix": "optional — set when no safe patch can be proposed"
|
|
33
|
+
}`,"buildSystemPrompt"),v=u((e,t)=>{const a=[];if(t.added.length>0&&a.push(` added: ${t.added.join(", ")}`),t.changed.length>0&&a.push(` changed: ${t.changed.join(", ")}`),t.removed.length>0&&a.push(` removed: ${t.removed.join(", ")}`),a.length!==0)return`- ${e}:
|
|
34
|
+
${a.join(`
|
|
35
|
+
`)}`},"formatBucket"),ee=u(e=>{if(!e.hashDiff)return"No hash-diff available — there is no previous run to compare against.";const t=[];e.hashDiff.commandChanged&&t.push("- command line changed since previous run");const a=v("file inputs",e.hashDiff.nodes),o=v("implicit deps",e.hashDiff.implicitDeps),r=v("runtime/env",e.hashDiff.runtime);return a&&t.push(a),o&&t.push(o),r&&t.push(r),t.length===0?"No detectable changes between this run and the previous run.":t.join(`
|
|
36
|
+
`)},"buildHashDiffSummary"),te=u(e=>{const t=[`Task: ${e.taskId}`];return e.project&&t.push(`Project: ${e.project}`),e.target&&t.push(`Target: ${e.target}`),e.command&&t.push(`Command: ${e.command}`),e.cwd&&t.push(`CWD: ${e.cwd}`),e.exitCode!==void 0&&t.push(`Exit code: ${String(e.exitCode)}`),e.hash&&t.push(`Task hash: ${e.hash}`),t.push("","Hash-diff since previous run:",ee(e),""),e.terminalOutputCaptured?t.push("Terminal output:","```",e.terminalOutput,"```"):t.push("Terminal output: <no failure log was captured for this task>",'Set "cannotFix" and tell the user to re-run with `vis run` so logs can be captured.'),t.join(`
|
|
37
|
+
`)},"buildUserPrompt"),ae=u(e=>`${Z()}
|
|
38
|
+
|
|
39
|
+
${te(e)}`,"buildFixPrompt"),ie=u((e,t)=>{const a=Array.isArray(e.patches)?e.patches:[],o=[];for(const n of a)typeof n.file!="string"||n.file.length===0||typeof n.oldString!="string"||n.oldString.length===0||typeof n.newString=="string"&&o.push({file:n.file,newString:n.newString,oldString:n.oldString,reason:typeof n.reason=="string"&&n.reason.length>0?n.reason:void 0});const r=typeof e.cannotFix=="string"&&e.cannotFix.length>0?e.cannotFix:void 0;return{cannotFix:r,confidence:X.has(e.confidence)?e.confidence:"low",explanation:typeof e.explanation=="string"?e.explanation:"",patches:r?[]:o,provider:t}},"normalizeFixProposal"),ne=u((e,t)=>{const a=q(e);return!a||typeof a!="object"?{cannotFix:"AI response was not valid JSON.",confidence:"low",explanation:"Failed to parse AI response.",patches:[],provider:t}:ie(a,t)},"parseFixResponse"),re=u((e,t)=>R({cwd:t.cwd??null,flow:"ai-fix",hash:t.hash??null,provider:e,taskId:t.taskId,terminalOutput:t.terminalOutput,terminalOutputCaptured:t.terminalOutputCaptured}),"buildFixCacheKey"),ve=u(async(e,t,a={})=>{const o=L(a.config);if(!o){t.warn(`No AI provider available — install one of: claude, gemini, copilot, codex.
|
|
40
|
+
`);return}const r=a.cache!==!1,n=re(o.name,e);if(r){const i=A(n);if(i)return t.info(`Using cached fix proposal from ${i.provider}.
|
|
41
|
+
`),i}t.info(`Generating fix proposal with ${o.name}...
|
|
42
|
+
`);try{const i=await Y(o,ae(e)),s=ne(i,o.name);return r&&s.patches.length>0&&!s.cannotFix&&M(n,s,Q),s}catch(i){const s=i instanceof Error?i.message:String(i);t.warn(`AI fix proposal failed (${s}).
|
|
43
|
+
`);return}},"runFixAnalysis"),se=u((e,t,a)=>$(a)?b(a):b(H(t??e,a)),"resolvePatchPath"),oe=u((e,t)=>{const a=W(e,t);return a===""?!0:!a.startsWith("..")&&!$(a)},"isInsideWorkspace"),ce=u((e,t,a)=>{const o=e.indexOf(t),r=Math.max(0,o-S),n=Math.min(e.length,o+t.length+S),i=e.slice(r,n);return{previewAfter:`${e.slice(r,o)}${a}${e.slice(o+t.length,n)}`,previewBefore:i}},"buildPreview"),xe=u(async(e,t,a,o={})=>{const r=o.dryRun===!0,n=new Map,i=[];for(const s of a.patches){const c=se(e,t,s.file);if(!oe(e,c)){i.push({absolutePath:c,patch:s,status:"outside-workspace"});continue}let h=n.get(c);if(h===void 0){try{h=await E(c,"utf8")}catch(p){const w=p.code;i.push({absolutePath:c,error:w==="ENOENT"?void 0:p.message,patch:s,status:w==="ENOENT"?"missing-file":"error"});continue}n.set(c,h)}const l=h.indexOf(s.oldString);if(l===-1){i.push({absolutePath:c,patch:s,status:"no-match"});continue}if(h.indexOf(s.oldString,l+s.oldString.length)!==-1){i.push({absolutePath:c,patch:s,status:"ambiguous-match"});continue}const{previewAfter:g,previewBefore:P}=ce(h,s.oldString,s.newString),x=`${h.slice(0,l)}${s.newString}${h.slice(l+s.oldString.length)}`;if(!r)try{await B(c,x,"utf8")}catch(p){n.delete(c),i.push({absolutePath:c,error:p.message,patch:s,status:"error"});continue}n.set(c,x),i.push({absolutePath:c,patch:s,previewAfter:g,previewBefore:P,status:"applied"})}return i},"applyFixProposal");export{ge as a,ve as b,xe as c,se as r};
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
const C=`<svg class="anolilab-logo" viewBox="0 0 354 71" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false">
|
|
2
|
+
<path d="M330.912 70.56C328.8 70.56 326.784 70.336 324.864 69.888C323.008 69.44 321.248 68.736 319.584 67.776C317.984 66.752 316.544 65.504 315.264 64.032L315.169 45.102C315.168 45.0121 315.168 44.9221 315.168 44.832L315.169 45.102C315.198 47.9463 315.677 50.6403 316.608 53.184C317.632 55.744 319.232 57.824 321.408 59.424C323.584 61.024 326.4 61.824 329.856 61.824C333.376 61.824 336.16 61.024 338.208 59.424C340.256 57.824 341.728 55.712 342.624 53.088C343.52 50.464 343.968 47.648 343.968 44.64C343.968 41.504 343.488 38.656 342.528 36.096C341.632 33.536 340.128 31.488 338.016 29.952C335.968 28.416 333.216 27.648 329.76 27.648C326.624 27.648 323.968 28.512 321.792 30.24C319.616 31.904 317.952 34.048 316.8 36.672L315 41H305.376V2.112H315.264V26.208C317.056 23.776 319.456 21.92 322.464 20.64C325.472 19.36 328.576 18.72 331.776 18.72C336.832 18.72 340.992 19.872 344.256 22.176C347.52 24.416 349.92 27.488 351.456 31.392C353.056 35.232 353.856 39.616 353.856 44.544C353.856 49.408 353.024 53.824 351.36 57.792C349.696 61.696 347.168 64.8 343.776 67.104C340.448 69.408 336.16 70.56 330.912 70.56Z"/>
|
|
3
|
+
<path class="anolilab-accent" d="M305 70L315 42H324.686L315 70H305Z"/>
|
|
4
|
+
<path d="M267.879 70.56C265.575 70.56 263.335 70.272 261.159 69.696C259.047 69.056 257.159 68.128 255.495 66.912C253.831 65.632 252.487 64.064 251.463 62.208C250.503 60.288 250.023 58.048 250.023 55.488C250.023 52.416 250.599 49.888 251.751 47.904C252.967 45.856 254.567 44.288 256.551 43.2C258.535 42.048 260.807 41.248 263.367 40.8C265.991 40.288 268.711 40.032 271.527 40.032H283.911C283.911 37.536 283.527 35.36 282.759 33.504C281.991 31.584 280.775 30.112 279.111 29.088C277.511 28 275.367 27.456 272.679 27.456C271.079 27.456 269.543 27.648 268.071 28.032C266.663 28.352 265.447 28.896 264.423 29.664C263.399 30.432 262.695 31.456 262.311 32.736H251.943C252.327 30.304 253.191 28.224 254.535 26.496C255.879 24.704 257.543 23.232 259.527 22.08C261.511 20.928 263.623 20.096 265.863 19.584C268.167 19.008 270.503 18.72 272.871 18.72C280.167 18.72 285.415 20.864 288.615 25.152C291.879 29.376 293.511 35.2 293.511 42.624V69.984H284.967L284.583 63.552C283.111 65.536 281.351 67.04 279.303 68.064C277.319 69.088 275.335 69.76 273.351 70.08C271.367 70.4 269.543 70.56 267.879 70.56ZM269.415 62.208C272.295 62.208 274.823 61.728 276.999 60.768C279.175 59.744 280.871 58.304 282.087 56.448C283.303 54.528 283.911 52.288 283.911 49.728V47.616H274.887C273.031 47.616 271.207 47.68 269.415 47.808C267.687 47.872 266.087 48.128 264.615 48.576C263.207 48.96 262.055 49.632 261.159 50.592C260.327 51.552 259.911 52.928 259.911 54.72C259.911 56.448 260.359 57.856 261.255 58.944C262.151 60.032 263.335 60.864 264.807 61.44C266.279 61.952 267.815 62.208 269.415 62.208Z"/>
|
|
5
|
+
<path d="M229.328 41.0556V1.98401H239.328V41.0556H229.328Z"/>
|
|
6
|
+
<path class="anolilab-accent" d="M229.314 70L239.314 42H249L239.314 70H229.314Z"/>
|
|
7
|
+
<path d="M207.501 69.984V19.392H217.389V69.984H207.501ZM212.397 12.672C210.477 12.672 208.909 12.096 207.693 10.944C206.541 9.728 205.965 8.192 205.965 6.336C205.965 4.48 206.573 2.976 207.789 1.824C209.005 0.608 210.541 0 212.397 0C214.125 0 215.629 0.608 216.909 1.824C218.253 2.976 218.925 4.48 218.925 6.336C218.925 8.192 218.285 9.728 217.005 10.944C215.789 12.096 214.253 12.672 212.397 12.672Z"/>
|
|
8
|
+
<path d="M185.376 69.984V2.112H195.264V69.984H185.376Z"/>
|
|
9
|
+
<path d="M150.749 70.56C145.501 70.56 141.053 69.504 137.405 67.392C133.757 65.216 130.973 62.176 129.053 58.272C127.197 54.368 126.269 49.856 126.269 44.736C126.269 39.552 127.228 35.04 129.148 31.2C131.068 27.296 133.853 24.256 137.501 22.08C141.149 19.84 145.597 18.72 150.845 18.72C156.093 18.72 160.541 19.84 164.189 22.08C167.837 24.256 170.589 27.296 172.445 31.2C174.301 35.104 175.229 39.648 175.229 44.832C175.229 49.888 174.269 54.368 172.349 58.272C170.493 62.176 167.74 65.216 164.092 67.392C160.508 69.504 156.061 70.56 150.749 70.56ZM150.749 61.728C154.205 61.728 156.989 60.96 159.101 59.424C161.277 57.888 162.877 55.84 163.901 53.28C164.925 50.656 165.437 47.808 165.437 44.736C165.437 41.664 164.925 38.848 163.901 36.288C162.877 33.728 161.277 31.68 159.101 30.144C156.989 28.544 154.205 27.744 150.749 27.744C147.357 27.744 144.572 28.544 142.396 30.144C140.22 31.68 138.62 33.728 137.596 36.288C136.636 38.848 136.157 41.664 136.157 44.736C136.157 47.872 136.636 50.72 137.596 53.28C138.62 55.84 140.22 57.888 142.396 59.424C144.572 60.96 147.357 61.728 150.749 61.728Z"/>
|
|
10
|
+
<path d="M71.001 69.984V19.392H80.409L80.889 26.496C82.169 24.64 83.705 23.168 85.497 22.08C87.289 20.928 89.209 20.096 91.257 19.584C93.305 19.008 95.289 18.72 97.209 18.72C102.073 18.72 105.881 19.776 108.633 21.888C111.449 23.936 113.433 26.72 114.585 30.24C115.801 33.696 116.409 37.632 116.409 42.048V69.984H106.425V44.064C106.425 42.016 106.297 40 106.041 38.016C105.785 36.032 105.241 34.272 104.409 32.736C103.641 31.136 102.521 29.888 101.049 28.992C99.577 28.032 97.593 27.552 95.097 27.552C92.025 27.552 89.433 28.384 87.321 30.048C85.209 31.712 83.609 33.952 82.521 36.768C81.433 39.584 80.889 42.752 80.889 46.272V69.984H71.001Z"/>
|
|
11
|
+
<path d="M0 69.984L25.632 2.112H38.784L64.32 69.984H53.376L48.384 56.352H15.936L10.944 69.984H0ZM19.296 47.232H45.024L32.16 11.808L19.296 47.232Z"/>
|
|
12
|
+
</svg>
|
|
13
|
+
`;export{C as d};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
import{createRequire as e}from"node:module";import{h as _,H as p,l as d,V as u,m as c,c as g,a as m,j as T,G as E,e as C,r as F}from"../packem_chunks/config.js";import"./readFileSync-CGmzMUF2-D6rUjGDn.js";import"jiti";import{otelPlugin as S}from"./otelPlugin-CJR2T_lk.js";import{definePlugin as A}from"./definePlugin-CWm4Dv_t.js";const n=e(import.meta.url),r=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process;export{_ as CONFIG_FILES,p as DEFAULT_MIN_RELEASE_AGE_MINUTES,d as SECURITY_DEFAULTS,u as TASK_CONFIG_FILES,c as applyDefaults,g as defineConfig,A as definePlugin,m as defineTaskConfig,T as findVisConfigFile,E as findVisTaskConfigFile,C as loadVisConfig,F as loadVisTaskConfig,S as otelPlugin};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var k=Object.defineProperty;var b=(e,t)=>k(e,"name",{value:t,configurable:!0});import{createRequire as M}from"node:module";import{M as h,i as _}from"./readFileSync-CGmzMUF2-D6rUjGDn.js";import{n as w}from"../packem_chunks/config.js";const $=M(import.meta.url),y=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,B=b(e=>{if(typeof y<"u"&&y.versions&&y.versions.node){const[t,s]=y.versions.node.split(".").map(Number);if(t>22||t===22&&s>=3||t===20&&s>=16)return y.getBuiltinModule(e)}return $(e)},"__cjs_getBuiltinModule"),{readdirSync:j,statSync:O}=B("node:fs");var x=Object.defineProperty,v=b((e,t)=>x(e,"name",{value:t,configurable:!0}),"g");const P=["preinstall","install","postinstall","prepare"],q=v(e=>{const t=h(e,"node_modules");if(!_(t))return[];const s=new Map,i=v((p,f="")=>{let u;try{u=j(p)}catch{return}for(const r of u){const o=h(p,r);if(r.startsWith("@")){i(o,`${r}/`);continue}if(r===".pnpm"&&f===""){let l;try{l=j(o)}catch{continue}for(const a of l){const c=h(o,a,"node_modules");_(c)&&i(c)}continue}if(r.startsWith("."))continue;const m=f+r,n=h(o,"package.json");try{if(!O(o).isDirectory()||!_(n))continue;const l=w(n),a=l.scripts??{},c=P.filter(g=>a[g]);!a.preinstall&&!a.install&&!a.postinstall&&_(h(o,"binding.gyp"))&&c.push("install (binding.gyp)"),c.length>0&&!s.has(m)&&s.set(m,{directory:o,hooks:c,name:m,version:typeof l.version=="string"?l.version:void 0});const d=h(o,"node_modules");_(d)&&i(d)}catch{}}},"scanDir");return i(t),[...s.values()]},"collectBuildScriptPackages"),W=v(e=>{const t=e.startsWith("@"),s=e.indexOf("@",t?1:0);return s===-1?{name:e}:{name:e.slice(0,s),version:e.slice(s+1)}},"splitAllowKey"),D=v((e,t,s)=>{for(const[i,p]of Object.entries(t)){if(!p)continue;if(i.endsWith("@*")){if(i.slice(0,-2)===e.name)return!0;continue}if(i.endsWith("*")){if(e.name.startsWith(i.slice(0,-1)))return!0;continue}const{name:f,version:u}=W(i);if(f===e.name&&(!s||u===void 0||e.version===u))return!0}return!1},"isPatternAllowed"),T=v((e,t,s={})=>{const i=s.pinVersions===!0,p=q(e),f=[],u=[],r=new Map(p.map(n=>[n.name,n]));for(const n of p)D(n,t,i)?u.push(n):f.push(n);const o=[],m=[];for(const[n,l]of Object.entries(t)){if(!l)continue;if(n.endsWith("@*")){const g=n.slice(0,-2);r.has(g)||o.push(n);continue}if(n.endsWith("*")){const g=n.slice(0,-1);[...r.keys()].some(S=>S.startsWith(g))||o.push(n);continue}const{name:a,version:c}=W(n),d=r.get(a);if(!d){o.push(n);continue}i&&c!==void 0&&c!=="*"&&d.version&&d.version!==c&&m.push({from:n,to:`${a}@${d.version}`})}return{excess:o,installed:u,unapproved:f,versionDrift:m}},"scanBuildScriptStatus"),N=v((e,t)=>T(e,t).unapproved.map(s=>`${s.name} (${s.hooks.join(", ")})`),"scanUnapprovedBuildScripts");export{N as O,T as x};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
var de=Object.defineProperty;var w=(e,n)=>de(e,"name",{value:n,configurable:!0});import{createRequire as he}from"node:module";import{n as ie
|
|
1
|
+
var de=Object.defineProperty;var w=(e,n)=>de(e,"name",{value:n,configurable:!0});import{createRequire as he}from"node:module";import{n as ie}from"../packem_chunks/config.js";import{M as B,$ as _e}from"./readFileSync-CGmzMUF2-D6rUjGDn.js";import{r as be}from"./docker-_pBC9Loj.js";import{e as $e}from"./license-zZU7aavK.js";import{F as Oe}from"./lockfile-CQLFNyVa.js";import{x as ke}from"./pm-runner-Dnj9J3KF.js";const ge=he(import.meta.url),W=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,ae=w(e=>{if(typeof W<"u"&&W.versions&&W.versions.node){const[n,t]=W.versions.node.split(".").map(Number);if(n>22||n===22&&t>=3||n===20&&t>=16)return W.getBuiltinModule(e)}return ge(e)},"__cjs_getBuiltinModule"),{randomUUID:ye}=ae("node:crypto"),{readdirSync:ve}=ae("node:fs");var je=Object.defineProperty,pe=w((e,n)=>je(e,"name",{value:n,configurable:!0}),"r$1");const z=pe(e=>e.replaceAll(/[^\w.~-]/g,n=>`%${(n.codePointAt(0)??0).toString(16).toUpperCase().padStart(2,"0")}`),"encodeSegment"),M=pe((e,n)=>{const t=e.toLowerCase();if(t.startsWith("@")){const o=t.indexOf("/");if(o>0){const r=t.slice(0,o),p=t.slice(o+1);return`pkg:npm/${z(r)}/${z(p)}@${z(n)}`}}return`pkg:npm/${z(t)}@${z(n)}`},"toNpmPurl");var Se=Object.defineProperty,j=w((e,n)=>Se(e,"name",{value:n,configurable:!0}),"a");const m={ARRAY:"array",BOOLEAN:"boolean",DATE:"date",FUNCTION:"function",JSTOXML_OBJECT:"jstoxml-object",NULL:"null",NUMBER:"number",OBJECT:"object",STRING:"string"},Te=[m.STRING,m.NUMBER,m.BOOLEAN],Ae='<?xml version="1.0" encoding="UTF-8"?>',se=["_selfCloseTag","_attrs"],xe=j((e="",n=0)=>e.repeat(n),"getIndentStr"),Q=j(e=>Array.isArray(e)&&m.ARRAY||typeof e===m.OBJECT&&e!==null&&e._name&&m.JSTOXML_OBJECT||e instanceof Date&&m.DATE||e===null&&m.NULL||typeof e,"getType"),le=j(e=>e.startsWith("<![CDATA["),"isCDATA"),ue=j((e="",n={},t)=>{let o=e;if(typeof e===m.STRING){if(le(e))return e;const r=new RegExp(`(${Object.keys(n).join("|")})(?!(\\w|#)*;)`,"g");o=String(e).replace(r,(p,g)=>n[g]||"")}return typeof t=="function"?t(o):o},"mapStr"),Ce=j((e={},n,t,o)=>(Array.isArray(e)?e:Object.entries(e).map(([r,p])=>({[r]:p}))).reduce((r,p)=>{const g=Object.keys(p)[0],y=p[g];if(typeof t===m.FUNCTION&&t(g,y))return r;const b=n?ue(y,n):y,$=!o&&b===!0?"":`="${b}"`;return r.push(`${g}${$}`),r},[]),"getAttributeKeyVals"),Ne=j((e={},n,t,o)=>{const r=Ce(e,n,t,o);return r.length===0?"":` ${r.join(" ")}`},"formatAttributes"),Re=j((e={})=>Object.keys(e).map(n=>({_name:n,_content:e[n]})),"objToArray"),we=j(e=>Te.includes(Q(e)),"isPrimitive"),Pe=j(e=>!e.match("<"),"isSimpleXML"),De=j(({header:e,isOutputStart:n})=>e&&n?typeof e===m.BOOLEAN?Ae:e:"","getHeaderString"),re={"<":"<",">":">","&":"&",'"':"""},J=j((e={},n={})=>{const{depth:t=0,indent:o,_isFirstItem:r,_isOutputStart:p=!0,header:g,attributeReplacements:y={},attributeFilter:b,attributeExplicitTrue:$=!1,contentReplacements:q={},contentMap:L,selfCloseTags:I=!0}=n,H=typeof y=="boolean"&&!y?{}:{...re,...y},Y=typeof q=="boolean"&&!q?{}:{...re,...q},P=typeof o=="string",T=xe(o,t),G=Q(e),U=De({header:g,indent:o,depth:t,isOutputStart:p}),D=p&&!U&&r&&t===0,E=P&&!D?`
|
|
2
2
|
`:"";let v="";switch(G){case m.JSTOXML_OBJECT:{const{_name:f,_content:l}=e;if(l===null&&typeof L!="function"){v=`${E}${T}${f}`;break}if(Array.isArray(l)&&l.every(we))return l.map(S=>J({_name:f,_content:S},{...n,depth:t,_isOutputStart:!1})).join("");if(se.includes(f))break;const _=J(l,{...n,depth:t+1,_isOutputStart:D}),N=Q(_),O=Pe(_),k=le(_),R=`${E}${T}`;if(f==="_comment"){v+=`${R}<!-- ${l} -->`;break}const K=N==="undefined"||_==="",c=I,s=e._selfCloseTag,i=typeof s===m.BOOLEAN?K&&s:K&&c,a=i?"/":"",u=Ne(e._attrs,H,b,$),d=`<${f}${u}${a}>`,A=P&&!O&&!k?`
|
|
3
|
-
${T}`:"",x=i?"":`${_}${A}</${f}>`;v+=`${R}${d}${x}`;break}case m.OBJECT:{const f=Object.keys(e);v=f.map((l,_)=>{const N={...n,_isFirstItem:_===0,_isLastItem:_+1===f.length,_isOutputStart:D},O={_name:l};if(Q(e[l])===m.OBJECT&&(se.forEach(k=>{const R=e[l][k];typeof R<"u"&&(O[k]=R,delete e[l][k])}),typeof e[l]._content<"u"&&Object.keys(e[l]).length>1)){const k=Object.assign({},e[l]);delete k._content,O._content=[...Re(k),e[l]._content]}return typeof O._content>"u"&&(O._content=e[l]),J(O,N)},n).join("");break}case m.FUNCTION:{const f=e(n);v=J(f,n);break}case m.ARRAY:{v=e.map((f,l)=>{const _={...n,_isFirstItem:l===0,_isLastItem:l+1===e.length,_isOutputStart:D};return J(f,_)}).join("");break}default:{v=ue(e,Y,L);break}}return`${U}${v}`},"toXML");var Ee=Object.defineProperty,X=w((e,n)=>Ee(e,"name",{value:n,configurable:!0}),"r");const te=X(e=>{try{return ie(e)}catch{return}},"readJsonSafe"),Me=X(e=>{if(e.length===0||e.includes("..")||e.startsWith(".")||e.includes("\0")||e.includes("\\"))return!1;if(e.startsWith("@")){const n=e.indexOf("/");return n>1&&!e.includes("/",n+1)}return!e.includes("/")},"isSafePackageName"),Be=X(e=>e.length>0&&!e.includes("/")&&!e.includes("\\")&&!e.includes("..")&&!e.includes("\0"),"isSafeVersion"),Le=X((e,n,t)=>{const o=`${n.replaceAll("/","+")}@${t}`,r=B(e,"node_modules",".pnpm"),p=te(B(r,o,"node_modules",n,"package.json"));if(p)return p;let g;try{g=ve(r)}catch{return}const y=`${o}_`;for(const b of g){if(!b.startsWith(y))continue;const $=te(B(r,b,"node_modules",n,"package.json"));if($)return $}},"readPnpmVirtualStore"),Ie=X((e,n,t)=>{const o=te(B(e,"node_modules",n,"package.json"));return o?.version===t?o:void 0},"readHoistedCopy"),Ue=X((e,n,t)=>{if(!(!Me(n)||!Be(t)))return Le(e,n,t)??Ie(e,n,t)},"readInstalledPackageMetadata");var Fe=Object.defineProperty,me=w((e,n)=>Fe(e,"name",{value:n,configurable:!0}),"t");const Je={sha256:"SHA-256",sha384:"SHA-384",sha512:"SHA-512"},Xe={sha256:64,sha384:96,sha512:128},qe=me(e=>{const n={name:e.name,version:e.version},{integrity:t}=e;return t&&t.hex.length===Xe[t.algorithm]&&(n.hash={alg:Je[t.algorithm],content:t.hex}),e.dependencies&&(n.dependencies=e.dependencies),e.peerDependencies&&(n.peerDependencies=e.peerDependencies),e.optionalDependencies&&(n.optionalDependencies=e.optionalDependencies),n},"toResolvedPackage"),He=[{file:"pnpm-lock.yaml",type:"pnpm"},{file:"npm-shrinkwrap.json",type:"npm"},{file:"package-lock.json",type:"npm"},{file:"yarn.lock",type:"yarn"},{file:"bun.lock",type:"bun"}],Ve=me(e=>{for(const{file:n,type:t}of He){let o;try{o=_e(B(e,n))}catch{continue}const r=new Map;for(const p of Oe(o,t))r.set(`${p.name}@${p.version}`,qe(p));return{packages:r,type:t}}},"readLockfilePackages");var We=Object.defineProperty,fe=w((e,n)=>We(e,"name",{value:n,configurable:!0}),"s");const ze=fe(e=>{const n=e.indexOf(":");return n<=0?e:e.slice(0,n)==="npm"?e.slice(n+1):e},"stripProtocolPrefix"),ee=fe((e,n,t)=>{const o=t.get(e);if(!o||o.size===0)return;if(o.has(n))return n;const r=ze(n);if(r!==n&&o.has(r))return r;const p=[...o];return ke.maxSatisfying(p,r,{includePrerelease:!0})||p[0]},"resolveSpecifier");var Ye=Object.defineProperty,h=w((e,n)=>Ye(e,"name",{value:n,configurable:!0}),"p");const Ge="1.7",Ke="CycloneDX",Qe="http://cyclonedx.org/schema/bom-1.7.schema.json",Ze="@visulima/vis",ce=h(e=>{try{return ie(e)}catch{return}},"readPackageJson"),en=h(e=>{if(e){if(typeof e=="string")return e;if(typeof e=="object"&&e.name)return e.email?`${e.name} <${e.email}>`:e.name}},"toAuthorString"),nn=h(e=>{if(e)return typeof e=="string"?e:e.url},"toRepositoryUrl"),tn=h(e=>{if(e)return typeof e=="string"?e:e.url},"toBugsUrl"),on=h(e=>{const n=[];e.homepage&&n.push({type:"website",url:e.homepage});const t=nn(e.repository);t&&n.push({type:"vcs",url:t});const o=tn(e.bugs);return o&&n.push({type:"issue-tracker",url:o}),n.length>0?n:void 0},"buildExternalReferences"),sn=h(e=>e==="application"||e==="service"||e==="tool"?"application":"library","toCycloneDxComponentType"),ne=h((e,n)=>{if(!n)return;n.description&&(e.description=n.description);const t=en(n.author);t&&(e.author=t);const o=$e(n);o&&(e.licenses=o);const r=on(n);r&&(e.externalReferences=r)},"decoratePackageComponent"),
|
|
4
|
-
`},"serializeBomToXml"),rn=h(e=>{const n=[];return e.timestamp&&n.push({timestamp:e.timestamp}),e.lifecycles&&e.lifecycles.length>0&&n.push({_content:e.lifecycles.map(t=>{const o=[];return t.phase&&o.push({phase:t.phase}),t.name&&o.push({name:t.name}),t.description&&o.push({description:t.description}),{_content:o,_name:"lifecycle"}}),_name:"lifecycles"}),e.tools?.components&&n.push({_content:[{_content:e.tools.components.map(t=>oe(t)),_name:"components"}],_name:"tools"}),e.component&&n.push(oe(e.component)),{_content:n,_name:"metadata"}},"metadataToXmlElement"),oe=h(e=>{const n={type:e.type};e["bom-ref"]&&(n["bom-ref"]=e["bom-ref"]);const t=[];e.group&&t.push({group:e.group}),t.push({name:e.name}),e.version&&t.push({version:e.version}),e.description&&t.push({description:e.description}),e.author&&t.push({author:e.author}),e.hashes&&e.hashes.length>0&&t.push({_content:e.hashes.map(r=>({_attrs:{alg:r.alg},_content:r.content,_name:"hash"})),_name:"hashes"});const o=cn(e.licenses);return o&&t.push(o),e.purl&&t.push({purl:e.purl}),e.scope&&t.push({scope:e.scope}),e.externalReferences&&e.externalReferences.length>0&&t.push({_content:e.externalReferences.map(r=>({_attrs:{type:r.type},_content:[{url:r.url}],_name:"reference"})),_name:"externalReferences"}),{_attrs:n,_content:t,_name:"component"}},"componentToXmlElement"),cn=h(e=>{if(!e||e.length===0)return;const n=[];for(const t of e){if("expression"in t){n.push({expression:t.expression});continue}const o=[];"id"in t.license&&t.license.id?o.push({id:t.license.id}):"name"in t.license&&t.license.name&&o.push({name:t.license.name}),n.push({_content:o,_name:"license"})}return{_content:n,_name:"licenses"}},"licensesToXmlElement"),an=h(e=>e.dependsOn&&e.dependsOn.length>0?{_attrs:{ref:e.ref},_content:e.dependsOn.map(n=>({_attrs:{ref:n},_name:"dependency"})),_name:"dependency"}:{_attrs:{ref:e.ref},_name:"dependency"},"dependencyToXmlElement");export{
|
|
3
|
+
${T}`:"",x=i?"":`${_}${A}</${f}>`;v+=`${R}${d}${x}`;break}case m.OBJECT:{const f=Object.keys(e);v=f.map((l,_)=>{const N={...n,_isFirstItem:_===0,_isLastItem:_+1===f.length,_isOutputStart:D},O={_name:l};if(Q(e[l])===m.OBJECT&&(se.forEach(k=>{const R=e[l][k];typeof R<"u"&&(O[k]=R,delete e[l][k])}),typeof e[l]._content<"u"&&Object.keys(e[l]).length>1)){const k=Object.assign({},e[l]);delete k._content,O._content=[...Re(k),e[l]._content]}return typeof O._content>"u"&&(O._content=e[l]),J(O,N)},n).join("");break}case m.FUNCTION:{const f=e(n);v=J(f,n);break}case m.ARRAY:{v=e.map((f,l)=>{const _={...n,_isFirstItem:l===0,_isLastItem:l+1===e.length,_isOutputStart:D};return J(f,_)}).join("");break}default:{v=ue(e,Y,L);break}}return`${U}${v}`},"toXML");var Ee=Object.defineProperty,X=w((e,n)=>Ee(e,"name",{value:n,configurable:!0}),"r");const te=X(e=>{try{return ie(e)}catch{return}},"readJsonSafe"),Me=X(e=>{if(e.length===0||e.includes("..")||e.startsWith(".")||e.includes("\0")||e.includes("\\"))return!1;if(e.startsWith("@")){const n=e.indexOf("/");return n>1&&!e.includes("/",n+1)}return!e.includes("/")},"isSafePackageName"),Be=X(e=>e.length>0&&!e.includes("/")&&!e.includes("\\")&&!e.includes("..")&&!e.includes("\0"),"isSafeVersion"),Le=X((e,n,t)=>{const o=`${n.replaceAll("/","+")}@${t}`,r=B(e,"node_modules",".pnpm"),p=te(B(r,o,"node_modules",n,"package.json"));if(p)return p;let g;try{g=ve(r)}catch{return}const y=`${o}_`;for(const b of g){if(!b.startsWith(y))continue;const $=te(B(r,b,"node_modules",n,"package.json"));if($)return $}},"readPnpmVirtualStore"),Ie=X((e,n,t)=>{const o=te(B(e,"node_modules",n,"package.json"));return o?.version===t?o:void 0},"readHoistedCopy"),Ue=X((e,n,t)=>{if(!(!Me(n)||!Be(t)))return Le(e,n,t)??Ie(e,n,t)},"readInstalledPackageMetadata");var Fe=Object.defineProperty,me=w((e,n)=>Fe(e,"name",{value:n,configurable:!0}),"t");const Je={sha256:"SHA-256",sha384:"SHA-384",sha512:"SHA-512"},Xe={sha256:64,sha384:96,sha512:128},qe=me(e=>{const n={name:e.name,version:e.version},{integrity:t}=e;return t&&t.hex.length===Xe[t.algorithm]&&(n.hash={alg:Je[t.algorithm],content:t.hex}),e.dependencies&&(n.dependencies=e.dependencies),e.peerDependencies&&(n.peerDependencies=e.peerDependencies),e.optionalDependencies&&(n.optionalDependencies=e.optionalDependencies),n},"toResolvedPackage"),He=[{file:"pnpm-lock.yaml",type:"pnpm"},{file:"npm-shrinkwrap.json",type:"npm"},{file:"package-lock.json",type:"npm"},{file:"yarn.lock",type:"yarn"},{file:"bun.lock",type:"bun"}],Ve=me(e=>{for(const{file:n,type:t}of He){let o;try{o=_e(B(e,n))}catch{continue}const r=new Map;for(const p of Oe(o,t))r.set(`${p.name}@${p.version}`,qe(p));return{packages:r,type:t}}},"readLockfilePackages");var We=Object.defineProperty,fe=w((e,n)=>We(e,"name",{value:n,configurable:!0}),"s");const ze=fe(e=>{const n=e.indexOf(":");return n<=0?e:e.slice(0,n)==="npm"?e.slice(n+1):e},"stripProtocolPrefix"),ee=fe((e,n,t)=>{const o=t.get(e);if(!o||o.size===0)return;if(o.has(n))return n;const r=ze(n);if(r!==n&&o.has(r))return r;const p=[...o];return ke.maxSatisfying(p,r,{includePrerelease:!0})||p[0]},"resolveSpecifier");var Ye=Object.defineProperty,h=w((e,n)=>Ye(e,"name",{value:n,configurable:!0}),"p");const Ge="1.7",Ke="CycloneDX",Qe="http://cyclonedx.org/schema/bom-1.7.schema.json",Ze="@visulima/vis",ce=h(e=>{try{return ie(e)}catch{return}},"readPackageJson"),en=h(e=>{if(e){if(typeof e=="string")return e;if(typeof e=="object"&&e.name)return e.email?`${e.name} <${e.email}>`:e.name}},"toAuthorString"),nn=h(e=>{if(e)return typeof e=="string"?e:e.url},"toRepositoryUrl"),tn=h(e=>{if(e)return typeof e=="string"?e:e.url},"toBugsUrl"),on=h(e=>{const n=[];e.homepage&&n.push({type:"website",url:e.homepage});const t=nn(e.repository);t&&n.push({type:"vcs",url:t});const o=tn(e.bugs);return o&&n.push({type:"issue-tracker",url:o}),n.length>0?n:void 0},"buildExternalReferences"),sn=h(e=>e==="application"||e==="service"||e==="tool"?"application":"library","toCycloneDxComponentType"),ne=h((e,n)=>{if(!n)return;n.description&&(e.description=n.description);const t=en(n.author);t&&(e.author=t);const o=$e(n);o&&(e.licenses=o);const r=on(n);r&&(e.externalReferences=r)},"decoratePackageComponent"),yn=h(e=>{const{focus:n,generatorVersion:t,includeDev:o=!1,now:r=new Date,projectGraph:p,serialNumber:g,workspace:y,workspaceRoot:b}=e,$=n&&n.length>0?[...be(n,p)].sort():Object.keys(y.projects).sort(),q=new Set($),L=new Map;for(const c of $){const s=y.projects[c];s&&L.set(c,ce(B(b,s.root,"package.json")))}const I=[],H=new Map;for(const c of $){const s=y.projects[c];if(!s)continue;const i=L.get(c),a=i?.version??"0.0.0",u=M(c,a);H.set(c,u);const d={"bom-ref":u,name:c,purl:u,type:sn(s.projectType),version:a};ne(d,i),I.push(d)}const Y=Ve(b),P=new Map,T=new Map;if(Y)for(const c of Y.packages.values()){P.set(`${c.name}@${c.version}`,c);let s=T.get(c.name);s||(s=new Set,T.set(c.name,s)),s.add(c.version)}const G=[],U=[],D=new Map;for(const c of $){const s=L.get(c);if(!s)continue;const i=[s.dependencies,s.peerDependencies];o&&i.push(s.devDependencies);const a=new Set,u=h((d,A)=>{if(A)for(const[x,S]of Object.entries(A)){if(q.has(x)){const F=H.get(x);F&&a.add(F);continue}const C=ee(x,S,T);C&&(a.add(M(x,C)),d.push(`${x}@${C}`))}},"seedRef");for(const d of i)u(G,d);u(U,s.optionalDependencies),D.set(c,a)}const E=new Map,v=new Map,f=h((c,s)=>{const i=[...c];for(;i.length>0;){const a=i.pop(),u=E.get(a);if(u==="required"||u==="optional"&&s==="optional")continue;E.set(a,s);const d=P.get(a);if(!d)continue;const A=v.get(a)??new Set,x=[d.dependencies,d.peerDependencies];for(const S of x)if(S)for(const[C,F]of Object.entries(S))for(const V of F){const Z=ee(C,V,T);Z&&(A.add(M(C,Z)),i.push(`${C}@${Z}`))}if(d.optionalDependencies)for(const[S,C]of Object.entries(d.optionalDependencies))for(const F of C){const V=ee(S,F,T);V&&(A.add(M(S,V)),U.push(`${S}@${V}`))}A.size>0&&v.set(a,A)}},"walk");f(G,"required"),f(U,"optional");const l=[],_=[...E.keys()].sort();for(const c of _){const s=P.get(c);if(!s)continue;const i=M(s.name,s.version),a={"bom-ref":i,name:s.name,purl:i,scope:E.get(c)??"required",type:"library",version:s.version};s.hash&&(a.hashes=[s.hash]),ne(a,Ue(b,s.name,s.version)),l.push(a)}const N=[];for(const[c,s]of D){const i=H.get(c);if(!i)continue;const a=[...s].sort();N.push(a.length>0?{dependsOn:a,ref:i}:{ref:i})}for(const c of _){const s=P.get(c);if(!s)continue;const i=M(s.name,s.version),a=v.get(c),u=a?[...a].sort():[];N.push(u.length>0?{dependsOn:u,ref:i}:{ref:i})}N.sort((c,s)=>c.ref.localeCompare(s.ref));const O=ce(B(b,"package.json")),k=(()=>{if(n?.length===1){const u=I.find(d=>d.name===n[0]);if(u)return{"bom-ref":u["bom-ref"],name:u.name,purl:u.purl,type:u.type,version:u.version}}const c=O?.name??"workspace",s=O?.version??"0.0.0",i=M(c,s),a={"bom-ref":i,name:c,purl:i,type:"application",version:s};return ne(a,O),a})(),R=k["bom-ref"],K=R?I.filter(c=>c["bom-ref"]!==R):I;return{$schema:Qe,bomFormat:Ke,components:[...K,...l],dependencies:N,metadata:{component:k,lifecycles:[{phase:"build"}],timestamp:r.toISOString(),tools:{components:[{name:Ze,type:"application",...t?{version:t}:{}}]}},serialNumber:g??`urn:uuid:${ye()}`,specVersion:Ge,version:1}},"buildCycloneDxBom"),_n=h(e=>{const n={version:e.version??1,xmlns:"http://cyclonedx.org/schema/bom/1.7"};e.serialNumber&&(n.serialNumber=e.serialNumber);const t=[];return e.metadata&&t.push(rn(e.metadata)),e.components&&e.components.length>0&&t.push({_content:e.components.map(o=>oe(o)),_name:"components"}),e.dependencies&&e.dependencies.length>0&&t.push({_content:e.dependencies.map(o=>an(o)),_name:"dependencies"}),`${J({_attrs:n,_content:t,_name:"bom"},{header:!0,indent:" ",selfCloseTags:!0})}
|
|
4
|
+
`},"serializeBomToXml"),rn=h(e=>{const n=[];return e.timestamp&&n.push({timestamp:e.timestamp}),e.lifecycles&&e.lifecycles.length>0&&n.push({_content:e.lifecycles.map(t=>{const o=[];return t.phase&&o.push({phase:t.phase}),t.name&&o.push({name:t.name}),t.description&&o.push({description:t.description}),{_content:o,_name:"lifecycle"}}),_name:"lifecycles"}),e.tools?.components&&n.push({_content:[{_content:e.tools.components.map(t=>oe(t)),_name:"components"}],_name:"tools"}),e.component&&n.push(oe(e.component)),{_content:n,_name:"metadata"}},"metadataToXmlElement"),oe=h(e=>{const n={type:e.type};e["bom-ref"]&&(n["bom-ref"]=e["bom-ref"]);const t=[];e.group&&t.push({group:e.group}),t.push({name:e.name}),e.version&&t.push({version:e.version}),e.description&&t.push({description:e.description}),e.author&&t.push({author:e.author}),e.hashes&&e.hashes.length>0&&t.push({_content:e.hashes.map(r=>({_attrs:{alg:r.alg},_content:r.content,_name:"hash"})),_name:"hashes"});const o=cn(e.licenses);return o&&t.push(o),e.purl&&t.push({purl:e.purl}),e.scope&&t.push({scope:e.scope}),e.externalReferences&&e.externalReferences.length>0&&t.push({_content:e.externalReferences.map(r=>({_attrs:{type:r.type},_content:[{url:r.url}],_name:"reference"})),_name:"externalReferences"}),{_attrs:n,_content:t,_name:"component"}},"componentToXmlElement"),cn=h(e=>{if(!e||e.length===0)return;const n=[];for(const t of e){if("expression"in t){n.push({expression:t.expression});continue}const o=[];"id"in t.license&&t.license.id?o.push({id:t.license.id}):"name"in t.license&&t.license.name&&o.push({name:t.license.name}),n.push({_content:o,_name:"license"})}return{_content:n,_name:"licenses"}},"licensesToXmlElement"),an=h(e=>e.dependsOn&&e.dependsOn.length>0?{_attrs:{ref:e.ref},_content:e.dependsOn.map(n=>({_attrs:{ref:n},_name:"dependency"})),_name:"dependency"}:{_attrs:{ref:e.ref},_name:"dependency"},"dependencyToXmlElement");export{yn as b,_n as s,M as t};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var g=Object.defineProperty;var m=(o,s)=>g(o,"name",{value:s,configurable:!0});import{i as v,M as u,$ as d}from"./readFileSync-CGmzMUF2-D6rUjGDn.js";import{F as h}from"./lockfile-CQLFNyVa.js";import{E as w,A as D}from"../packem_chunks/bin.js";var b=Object.defineProperty,f=m((o,s)=>b(o,"name",{value:s,configurable:!0}),"l");const j={bun:{file:"bun.lock",type:"bun"},npm:{aliases:["npm-shrinkwrap.json"],file:"package-lock.json",type:"npm"},pnpm:{file:"pnpm-lock.yaml",type:"pnpm"},yarn:{file:"yarn.lock",type:"yarn"}},S=f(o=>{const s=j[o];return s?[...s.aliases??[],s.file].map(e=>({file:e,type:s.type})):[]},"lockfileCandidates"),y=f((o,s)=>{const e=S(s);if(e.length!==0)return e.find(r=>v(u(o,r.file)))??e[e.length-1]},"resolveLockfile"),k=f(o=>{try{return JSON.parse(d(o))}catch{return}},"readPackageJsonShape"),L=f(o=>{const s=[],e=k(u(o,"package.json"));e&&s.push(e);const r=w(o);let a;if(r?a=r:e?.workspaces&&(Array.isArray(e.workspaces)?a=e.workspaces:e.workspaces.packages&&(a=e.workspaces.packages)),!a)return s;const c=D(o,a);for(const t of c){const n=k(u(o,t,"package.json"));n&&s.push(n)}return s},"collectWorkspacePackageJsons"),P=f((o,s)=>{const e=new Set,r=[],a=new Map;for(const t of s){const n=a.get(t.name);n?n.push(t):a.set(t.name,[t])}const c=f(t=>{if(t)for(const n of Object.keys(t))e.has(n)||(e.add(n),r.push(n))},"enqueueRoots");for(const t of L(o))c(t.dependencies),c(t.peerDependencies),c(t.optionalDependencies);for(;r.length>0;){const t=r.shift(),n=a.get(t);if(n){for(const p of n)for(const i of[p.dependencies,p.peerDependencies,p.optionalDependencies])if(i)for(const l of Object.keys(i))e.has(l)||(e.add(l),r.push(l))}}return e},"computeProdReachable"),E=f((o,s,e={})=>{const r=y(o,s);if(!r)return[];let a;try{a=d(u(o,r.file))}catch{return[]}const c=h(a,r.type);if(c.length===0)return[];const t=e.includeDev??!0?void 0:P(o,c),n=new Set,p=[];for(const i of c){if(t&&!t.has(i.name))continue;const l=`${i.name}@${i.version}`;n.has(l)||(n.add(l),p.push({isDev:!1,name:i.name,version:i.version}))}return p},"lockedPackages"),J=f((o,s)=>{const e=y(o,s);if(!e)return[];let r;try{r=d(u(o,e.file))}catch{return[]}const a=h(r,e.type);if(a.length===0)return[];const c=new Map;for(const n of a)c.has(n.name)||c.set(n.name,new Set),c.get(n.name).add(n.version);const t=[];for(const[n,p]of c)p.size<=1||t.push({name:n,versions:[...p]});return t.sort((n,p)=>n.name.localeCompare(p.name))},"findDuplicateDependencies");export{j as L,J as f,E as l,y as r};
|