@visulima/vis 1.0.0-alpha.27 → 1.0.0-alpha.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/LICENSE.md +3228 -110
- package/dist/bin.js +1 -1
- package/dist/binx.js +1 -1
- package/dist/packem_chunks/bin.js +468 -364
- package/dist/packem_chunks/bloom-status.js +1 -1
- package/dist/packem_chunks/bloom-sync.js +1 -1
- package/dist/packem_chunks/config.js +15 -15
- package/dist/packem_chunks/devtools.js +82 -0
- package/dist/packem_chunks/doctor-probe.js +1 -1
- package/dist/packem_chunks/fix.js +1 -1
- package/dist/packem_chunks/handler10.js +1 -1
- package/dist/packem_chunks/handler11.js +1 -1
- package/dist/packem_chunks/handler12.js +1 -1
- package/dist/packem_chunks/handler13.js +1 -1
- package/dist/packem_chunks/handler14.js +1 -1
- package/dist/packem_chunks/handler15.js +1 -1
- package/dist/packem_chunks/handler16.js +1 -1
- package/dist/packem_chunks/handler17.js +1 -1
- package/dist/packem_chunks/handler18.js +1 -1
- package/dist/packem_chunks/handler19.js +1 -1
- package/dist/packem_chunks/handler20.js +1 -1
- package/dist/packem_chunks/handler21.js +3 -3
- package/dist/packem_chunks/handler22.js +1 -1
- package/dist/packem_chunks/handler23.js +2 -2
- package/dist/packem_chunks/handler24.js +1 -1
- package/dist/packem_chunks/handler26.js +1 -1
- package/dist/packem_chunks/handler27.js +1 -1
- package/dist/packem_chunks/handler28.js +1 -1
- package/dist/packem_chunks/handler29.js +1 -1
- package/dist/packem_chunks/handler3.js +1 -1
- package/dist/packem_chunks/handler30.js +6 -6
- package/dist/packem_chunks/handler31.js +2 -2
- package/dist/packem_chunks/handler33.js +1 -1
- package/dist/packem_chunks/handler34.js +4 -4
- package/dist/packem_chunks/handler35.js +2 -2
- package/dist/packem_chunks/handler36.js +1 -1
- package/dist/packem_chunks/handler37.js +4 -4
- package/dist/packem_chunks/handler38.js +2 -2
- package/dist/packem_chunks/handler39.js +5 -5
- package/dist/packem_chunks/handler4.js +5 -5
- package/dist/packem_chunks/handler40.js +18 -18
- package/dist/packem_chunks/handler41.js +1 -1
- package/dist/packem_chunks/handler42.js +25 -10
- package/dist/packem_chunks/handler43.js +10 -25
- package/dist/packem_chunks/handler44.js +11 -11
- package/dist/packem_chunks/handler45.js +15 -15
- package/dist/packem_chunks/handler46.js +19 -19
- package/dist/packem_chunks/handler47.js +16 -16
- package/dist/packem_chunks/handler48.js +3 -3
- package/dist/packem_chunks/handler49.js +12 -12
- package/dist/packem_chunks/handler5.js +7 -7
- package/dist/packem_chunks/handler50.js +70 -71
- package/dist/packem_chunks/handler51.js +23 -23
- package/dist/packem_chunks/handler8.js +1 -1
- package/dist/packem_chunks/handler9.js +1 -1
- package/dist/packem_chunks/heal-accept.js +1 -1
- package/dist/packem_chunks/heal.js +1 -1
- package/dist/packem_chunks/help-command.js +7 -17
- package/dist/packem_chunks/index.js +3 -3
- package/dist/packem_chunks/keys-refresh.js +1 -1
- package/dist/packem_chunks/list.js +2 -2
- package/dist/packem_chunks/loader.js +1 -1
- package/dist/packem_chunks/prune.js +1 -1
- package/dist/packem_chunks/run.js +1 -1
- package/dist/packem_chunks/status.js +1 -1
- package/dist/packem_chunks/sync.js +1 -1
- package/dist/packem_chunks/sync2.js +1 -1
- package/dist/packem_chunks/tripwire.js +1 -1
- package/dist/packem_chunks/verify-lockfile.js +1 -1
- package/dist/packem_shared/Table-CwC2kW07-EjFLNV0q.js +12 -0
- package/dist/packem_shared/_commonjsHelpers-CLblCigl.js +1 -0
- package/dist/packem_shared/{advisories-xIOdLbAI.js → advisories-BxXiKFbL.js} +1 -1
- package/dist/packem_shared/{ai-analysis-Csn82p17.js → ai-analysis-BnmDFqc8.js} +5 -5
- package/dist/packem_shared/{ai-fix-BlYyz5bI.js → ai-fix-BGbnrWCz.js} +7 -7
- package/dist/packem_shared/{cyclonedx-B3ILsY74.js → cyclonedx-C2k2HmvI.js} +1 -1
- package/dist/packem_shared/{dependency-scan-s2MD0vi-.js → dependency-scan-Bki15Yi-.js} +1 -1
- package/dist/packem_shared/{docker-BynKrOLe.js → docker-k-Sl8b-w.js} +1 -1
- package/dist/packem_shared/{failure-log-B0Uh-65U.js → failure-log-C3bG1bCA.js} +1 -1
- package/dist/packem_shared/index-2r730kXY.js +29 -0
- package/dist/packem_shared/{index-B_KtN1MB.js → index-DBq4TVu5.js} +1 -1
- package/dist/packem_shared/{lifecycle-CJRNbN3x.js → lifecycle-B91p_ra8.js} +2 -2
- package/dist/packem_shared/{lockfile-BG1HvBzH.js → lockfile-DmDfgKaT.js} +1 -1
- package/dist/packem_shared/{min-release-age-aEn0x8Vy.js → min-release-age-B1Jm1_JY.js} +1 -1
- package/dist/packem_shared/{native-config-sync-DdhTLlKL.js → native-config-sync-Cnpj2xcn.js} +6 -6
- package/dist/packem_shared/{osv-bloom-BJhlc_I2.js → osv-bloom-ep8GlDGT.js} +2 -2
- package/dist/packem_shared/pm-runner-COoPLGKi.js +1 -0
- package/dist/packem_shared/{provenance-BuiEsWbI.js → provenance-DbkJRDqt.js} +1 -1
- package/dist/packem_shared/{registry-keys-pemEkRM9.js → registry-keys-SylX07bs.js} +1 -1
- package/dist/packem_shared/{resolve-explicit-RgRrUDZv.js → resolve-explicit-CJ_5wYSu.js} +1 -1
- package/dist/packem_shared/s1ngularity-DlS-4a6K.js +1 -0
- package/dist/packem_shared/scan-progress-CU4ttEHQ.js +2 -0
- package/dist/packem_shared/{signatures-LYMy8OR5.js → signatures-B-1u4t-c.js} +1 -1
- package/dist/packem_shared/spinner-B9ZPv1iT.js +1 -0
- package/dist/packem_shared/spinners-f91Rbo99-Bjf3NcO0.js +1 -0
- package/dist/packem_shared/tabs-C-qFIoUv.js +1 -0
- package/dist/packem_shared/typosquats-BxCOUvTJ.js +1 -0
- package/dist/packem_shared/use-measured-height-kIDCuc76.js +1 -0
- package/dist/packem_shared/vis-update-app-COYmjGKv.js +1 -0
- package/dist/packem_shared/{watch-loop-DLlMLg_J.js → watch-loop-CP318TfG.js} +2 -2
- package/index.js +26 -26
- package/package.json +9 -9
- package/dist/packem_shared/index-efSniSRN.js +0 -29
- package/dist/packem_shared/index.server-B7ETiT4C.js +0 -2
- package/dist/packem_shared/pm-runner-BwX5AL3W.js +0 -1
- package/dist/packem_shared/s1ngularity-Bs9fUf3q.js +0 -1
- package/dist/packem_shared/scan-progress-DjPT66jy.js +0 -2
- package/dist/packem_shared/typosquats-znskIR5j.js +0 -1
- package/dist/packem_shared/use-measured-height-DjYgUOKk.js +0 -1
- package/dist/packem_shared/vis-update-app-qhQPV97i.js +0 -1
|
@@ -1,24 +1,24 @@
|
|
|
1
|
-
var Fe=Object.defineProperty;var $=(e,o)=>Fe(e,"name",{value:o,configurable:!0});import{createRequire as Ae}from"node:module";import{M as g,i as S,$ as
|
|
1
|
+
var Fe=Object.defineProperty;var $=(e,o)=>Fe(e,"name",{value:o,configurable:!0});import{createRequire as Ae}from"node:module";import{M as g,i as S,$ as N}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{b1 as pe,b2 as X,b3 as Me,b4 as Ne,b5 as Z,b6 as Be,b7 as He,b0 as De,b8 as We,aV as Le,b9 as he,ba as me,bb as ke}from"./bin.js";import{d as ye}from"./config.js";import{NATIVE_BINDING_VERSION as ie,allKnownTags as qe,tagsFromPath as Ge,tagsFromPaths as Je,parseShebang as Ke}from"#native";const _e=Ae(import.meta.url),I=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,V=$(e=>{if(typeof I<"u"&&I.versions&&I.versions.node){const[o,t]=I.versions.node.split(".").map(Number);if(o>22||o===22&&t>=3||o===20&&t>=16)return I.getBuiltinModule(e)}return _e(e)},"__cjs_getBuiltinModule"),{readdirSync:de,statSync:z,readFileSync:B,existsSync:H,writeFileSync:x,unlinkSync:Pe,rmSync:Te,chmodSync:Ce}=V("node:fs"),{cwd:M}=I,{createInterface:Ie}=V("node:readline"),{spawnSync:R}=V("node:child_process"),{basename:Ve}=V("node:path");var Ue=Object.defineProperty,q=$((e,o)=>Ue(e,"name",{value:o,configurable:!0}),"c$5");const ze=/^# ([^:\s]\S*)(?::\s+(.+))?$/,Ye=q(e=>{const o=[],t=e.split(`
|
|
2
2
|
`);let r;for(const s of t){if(s.startsWith("#!")||s.startsWith("# Generated by")||s.startsWith("# NOTE:")||s==="set -e"||s==="")continue;const n=ze.exec(s);if(n){r&&o.push(r),r={command:"",id:n[1]??"",...n[2]?{name:n[2]}:{}};continue}r?r.command=r.command.length>0?`${r.command}
|
|
3
|
-
${s}`:s:r={command:s,id:"(custom)"}}return r&&o.push(r),o},"parseStageScript"),
|
|
4
|
-
`).length,stage:n})}return r.sort((n,i)=>n.stage.localeCompare(i.stage)),{hooksDirectory:o,stages:r}},"listHooks"),
|
|
5
|
-
`).find(i=>i.trim()!=="");if(n){const i=n.length>120?`${n.slice(0,117)}...`:n;o.push(` ${i}`)}}return o},"formatListResult"),Ze=q((e,o)=>{const t=
|
|
3
|
+
${s}`:s:r={command:s,id:"(custom)"}}return r&&o.push(r),o},"parseStageScript"),Qe=q((e,o)=>{const t=g(e,o),r=[],s=new Set(pe);if(S(t))for(const n of de(t)){if(n.startsWith(".")||n==="_"||!s.has(n))continue;const i=g(t,n);if(!z(i).isFile())continue;const a=N(i),c=Ye(a);r.push({blocks:c,rawLineCount:a.split(`
|
|
4
|
+
`).length,stage:n})}return r.sort((n,i)=>n.stage.localeCompare(i.stage)),{hooksDirectory:o,stages:r}},"listHooks"),Xe=q(e=>{const o=[];if(e.stages.length===0)return o.push(`No hooks installed in ${e.hooksDirectory}/.`),o;o.push(`Hooks in ${e.hooksDirectory}/:`);for(const t of e.stages)if(o.push("",`${t.stage} (${t.rawLineCount} lines)`),t.blocks.length===0)o.push(" (empty)");else for(const r of t.blocks){const s=r.name?`${r.id} — ${r.name}`:r.id;o.push(` - ${s}`);const n=r.command.split(`
|
|
5
|
+
`).find(i=>i.trim()!=="");if(n){const i=n.length>120?`${n.slice(0,117)}...`:n;o.push(` ${i}`)}}return o},"formatListResult"),Ze=q((e,o)=>{const t=Qe(M(),e);for(const r of Xe(t))o.info(r)},"runList");var eo=Object.defineProperty,j=$((e,o)=>eo(e,"name",{value:o,configurable:!0}),"o$2");const ae=5;if(ie!==ae)throw new Error(`vis native binding ABI mismatch: expected ${ae}, got ${ie}. Rebuild via \`pnpm --filter @visulima/vis run build:native\` or reinstall the platform binding package.`);const $e={".releaserc":["release-config","vis-config"],".releaserc.json":["release-config","vis-config"],"aube-lock.yaml":["aube-lock","lockfile"],"aube-workspace.yaml":["aube-workspace","vis-config"],"nx.json":["nx-workspace","vis-config"],"packem.config.js":["packem-config","vis-config"],"packem.config.mjs":["packem-config","vis-config"],"packem.config.ts":["packem-config","vis-config"],"pnpm-workspace.yaml":["pnpm-workspace","vis-config"],"project.json":["nx-project","vis-config"],"turbo.json":["turbo-config","vis-config"],"vis.config.js":["vis-config"],"vis.config.ts":["vis-config"]},ve=[[".releaserc.json",["release-config","vis-config"]]],we=j(e=>{const o=new Set,t=Ve(e),r=$e[t];if(r)for(const n of r)o.add(n);const s=t.toLowerCase();for(const[n,i]of ve)if(s.endsWith(n))for(const a of i)o.add(a);return o},"classifyVis"),be=new Set([...Object.values($e).flat(),...ve.flatMap(([,e])=>e)]);let K;const xe=j(()=>(K||(K=new Set(qe())),K),"getPrekUniverse");j(e=>{const o=new Set(Ge(e)),t=we(e);return{all:new Set([...o,...t]),prek:o,vis:t}},"classify");const oo=j(e=>{const o=Je([...e]),t=new Map;for(const[r,s]of e.entries()){const n=new Set(o[r]),i=we(s),a=new Set([...n,...i]);t.set(s,{all:a,prek:n,vis:i})}return t},"classifyMany");j(e=>Ke(e),"parseShebang");const to=j(e=>xe().has(e)||be.has(e),"isKnownTag");j(e=>xe().has(e),"isPrekTag");j(e=>be.has(e),"isVisTag");const ro=j((e,o)=>{const{all:t}=e;if(o.types&&o.types.length>0){for(const r of o.types)if(!t.has(r))return!1}if(o.typesOr&&o.typesOr.length>0){let r=!1;for(const s of o.typesOr)if(t.has(s)){r=!0;break}if(!r)return!1}if(o.excludeTypes&&o.excludeTypes.length>0){for(const r of o.excludeTypes)if(t.has(r))return!1}return!0},"matchesFilter");var no=Object.defineProperty,_=$((e,o)=>no(e,"name",{value:o,configurable:!0}),"i$3");const so=_(e=>{let o=0;const{length:t}=e,r=_(()=>{for(;o<t&&/\s/.test(e[o]);)o+=1},"skipWs"),s=_(()=>{if(e[o]!=='"')throw new Error(`expected string at ${o}`);o+=1;const c=o;for(;o<t&&e[o]!=='"';)o+=e[o]==="\\"?2:1;const l=e.slice(c,o);return o+=1,JSON.parse(`"${l}"`)},"parseString"),n=_(()=>{switch(r(),e[o]){case'"':{s();break}case"[":{i();break}case"{":{a();break}default:for(;o<t&&!",}]".includes(e[o])&&!/\s/.test(e[o]);)o+=1}},"parseValue"),i=_(()=>{if(o+=1,r(),e[o]==="]"){o+=1;return}for(;o<t;)if(n(),r(),e[o]===",")o+=1,r();else if(e[o]==="]"){o+=1;return}},"parseArray"),a=_(()=>{o+=1,r();const c=new Set;if(e[o]==="}"){o+=1;return}for(;o<t;){r();const l=s();if(c.has(l))throw new Error(`Duplicate key: ${l}`);if(c.add(l),r(),e[o]!==":")throw new Error(`expected colon at ${o}`);if(o+=1,n(),r(),e[o]===",")o+=1,r();else if(e[o]==="}"){o+=1;return}}},"parseObject");r(),n()},"detectDuplicateJsonKeys"),io=_((e,o,t)=>{let r=0;for(const s of e){const n=B(g(t.root,s),"utf8");try{JSON.parse(n),so(n)}catch(i){const a=i instanceof Error?i.message:String(i);t.logger.info(`${s}: Failed to json decode (${a})`),r=1}}return r},"runCheckJson");var ao=Object.defineProperty,Ee=$((e,o)=>ao(e,"name",{value:o,configurable:!0}),"c$4");const co=Ee(e=>{const o=R("git",["rev-parse","--git-dir"],{cwd:e,encoding:"utf8"});if(o.status!==0)return!1;const t=o.stdout.trim(),r=t.startsWith("/")?t:g(e,t);return H(g(r,"MERGE_MSG"))?H(g(r,"MERGE_HEAD"))||H(g(r,"rebase-apply"))||H(g(r,"rebase-merge")):!1},"isInMerge"),fo=["<<<<<<< ","======= ",`=======\r
|
|
6
6
|
`,`=======
|
|
7
7
|
`,">>>>>>> "],lo=Ee((e,o,t)=>{if(!o.includes("--assume-in-merge")&&!co(t.root))return 0;let r=0;for(const s of e){const n=B(g(t.root,s),"utf8").split(`
|
|
8
8
|
`);for(let i=0;i<n.length;i+=1){const a=n[i]+(i<n.length-1?`
|
|
9
|
-
`:"");for(const c of fo)a.startsWith(c)&&(t.logger.info(`${s}:${i+1}: Merge conflict string ${JSON.stringify(c.trim())} found`),r=1)}}return r},"runCheckMergeConflict");var uo=Object.defineProperty,go=$((e,o)=>uo(e,"name",{value:o,configurable:!0}),"c$3");const po=go((e,o,t)=>{let r=0;for(const s of e){const n=g(t.root,s),i=B(n);if(i.length===0)continue;let a=i.length;const c=i[a-1];if(c!==10&&c!==13){x(n,Buffer.concat([i,Buffer.from([10])])),t.logger.info(`Fixing ${s}`),r=1;continue}for(;a>0&&(i[a-1]===10||i[a-1]===13);)a-=1;if(a===0){x(n,Buffer.alloc(0)),t.logger.info(`Fixing ${s}`),r=1;continue}const l=i.subarray(a);let d;l[0]===13&&l[1]===10?d=Buffer.from([13,10]):l[0]===13?d=Buffer.from([13]):d=Buffer.from([10]),!l.equals(d)&&(x(n,Buffer.concat([i.subarray(0,a),d])),t.logger.info(`Fixing ${s}`),r=1)}return r},"runEndOfFileFixer");var ho=Object.defineProperty,ce=$((e,o)=>ho(e,"name",{value:o,configurable:!0}),"h$2");const mo={cr:Buffer.from([13]),crlf:Buffer.from([13,10]),lf:Buffer.from([10])},ko=new Set(["auto","cr","crlf","lf","no"]),yo=ce((e,o,t)=>{let r="auto";for(let n=0;n<o.length;n+=1){const i=o[n];if(i==="-f"||i==="--fix"){n+=1;const a=o[n];if(a===void 0)return t.logger.error(`mixed-line-ending: ${i} requires a value (auto|no|lf|crlf|cr)`),2;r=a}else i.startsWith("--fix=")&&(r=i.slice(6))}if(!ko.has(r))return t.logger.error(`mixed-line-ending: invalid --fix value ${r}`),2;let s=0;for(const n of e){const i=g(t.root,n),a=B(i),c=[],l=ce(f=>{const p=c.find(b=>b.kind===f);p?p.count+=1:c.push({count:1,kind:f})},"bumpCount"),d=[];let u=0;for(let f=0;f<a.length;f+=1){const p=a[f];p===13&&a[f+1]===10?(d.push({content:a.subarray(u,f),ending:"crlf"}),l("crlf"),f+=1,u=f+1):p===13?(d.push({content:a.subarray(u,f),ending:"cr"}),l("cr"),u=f+1):p===10&&(d.push({content:a.subarray(u,f),ending:"lf"}),l("lf"),u=f+1)}u<a.length&&d.push({content:a.subarray(u),ending:null});const m=c.length>1;if(r==="no"){m&&(t.logger.info(`${n}: mixed line endings`),s=1);continue}let k;if(r==="auto"){if(!m)continue;let f;for(const p of c)(!f||p.count>f.count)&&(f=p);k=f?.kind}else if(k=r,!c.some(f=>f.kind!==k&&f.count>0))continue;const w=mo[k],h=[];for(const f of d)h.push(f.content),f.ending!==null&&h.push(w);x(i,Buffer.concat(h)),t.logger.info(`${n}: fixed mixed line endings`),s=1}return s},"runMixedLineEnding");var $o=Object.defineProperty,vo=$((e,o)=>$o(e,"name",{value:o,configurable:!0}),"g$3");const fe=new Set([9,11,12,13,32]),wo=/\.(?:md|markdown|mdown|mdx)$/i,bo=vo((e,o,t)=>{let r=0;for(const s of e){const n=wo.test(s),i=g(t.root,s),a=B(i),c=[];let l=0;for(;l<=a.length;){let u=l;for(;u<a.length&&a[u]!==10;)u+=1;const m=u<a.length&&a[u]===10;let k=u,w=!1;m&&u>l&&a[u-1]===13&&(w=!0,k=u-1);const h=a.subarray(l,k);let f=h.length;for(;f>0&&fe.has(h[f-1]);)f-=1;const p=h.some(b=>!fe.has(b));if(n&&h.length>=2&&h[h.length-1]===32&&h[h.length-2]===32&&p&&(f=Math.min(f+2,h.length)),c.push(h.subarray(0,f)),w&&c.push(Buffer.from([13])),m&&c.push(Buffer.from([10])),!m)break;l=u+1}const d=Buffer.concat(c);d.equals(a)||(x(i,d),t.logger.info(`Fixing ${s}`),r=1)}return r},"runTrailingWhitespace");var xo=Object.defineProperty,Se=$((e,o)=>xo(e,"name",{value:o,configurable:!0}),"t");const ee={"check-json":io,"check-merge-conflict":lo,"end-of-file-fixer":po,"mixed-line-ending":yo,"trailing-whitespace":bo},Eo=Object.keys(ee).sort();Se(e=>Object.hasOwn(ee,e),"isBuiltin");const So=Se(e=>ee[e],"getBuiltin");var Ro=Object.defineProperty,
|
|
10
|
-
`,"utf8")},"writeHookConfig");var To=Object.defineProperty,v=$((e,o)=>To(e,"name",{value:o,configurable:!0}),"d");const Co=new Map([["pre-commit/pre-commit-hooks#check-json","check-json"],["pre-commit/pre-commit-hooks#check-merge-conflict","check-merge-conflict"],["pre-commit/pre-commit-hooks#end-of-file-fixer","end-of-file-fixer"],["pre-commit/pre-commit-hooks#mixed-line-ending","mixed-line-ending"],["pre-commit/pre-commit-hooks#trailing-whitespace","trailing-whitespace"]]),Io=/[<>=!~]=/,
|
|
11
|
-
${
|
|
9
|
+
`:"");for(const c of fo)a.startsWith(c)&&(t.logger.info(`${s}:${i+1}: Merge conflict string ${JSON.stringify(c.trim())} found`),r=1)}}return r},"runCheckMergeConflict");var uo=Object.defineProperty,go=$((e,o)=>uo(e,"name",{value:o,configurable:!0}),"c$3");const po=go((e,o,t)=>{let r=0;for(const s of e){const n=g(t.root,s),i=B(n);if(i.length===0)continue;let a=i.length;const c=i[a-1];if(c!==10&&c!==13){x(n,Buffer.concat([i,Buffer.from([10])])),t.logger.info(`Fixing ${s}`),r=1;continue}for(;a>0&&(i[a-1]===10||i[a-1]===13);)a-=1;if(a===0){x(n,Buffer.alloc(0)),t.logger.info(`Fixing ${s}`),r=1;continue}const l=i.subarray(a);let d;l[0]===13&&l[1]===10?d=Buffer.from([13,10]):l[0]===13?d=Buffer.from([13]):d=Buffer.from([10]),!l.equals(d)&&(x(n,Buffer.concat([i.subarray(0,a),d])),t.logger.info(`Fixing ${s}`),r=1)}return r},"runEndOfFileFixer");var ho=Object.defineProperty,ce=$((e,o)=>ho(e,"name",{value:o,configurable:!0}),"h$2");const mo={cr:Buffer.from([13]),crlf:Buffer.from([13,10]),lf:Buffer.from([10])},ko=new Set(["auto","cr","crlf","lf","no"]),yo=ce((e,o,t)=>{let r="auto";for(let n=0;n<o.length;n+=1){const i=o[n];if(i==="-f"||i==="--fix"){n+=1;const a=o[n];if(a===void 0)return t.logger.error(`mixed-line-ending: ${i} requires a value (auto|no|lf|crlf|cr)`),2;r=a}else i.startsWith("--fix=")&&(r=i.slice(6))}if(!ko.has(r))return t.logger.error(`mixed-line-ending: invalid --fix value ${r}`),2;let s=0;for(const n of e){const i=g(t.root,n),a=B(i),c=[],l=ce(f=>{const p=c.find(b=>b.kind===f);p?p.count+=1:c.push({count:1,kind:f})},"bumpCount"),d=[];let u=0;for(let f=0;f<a.length;f+=1){const p=a[f];p===13&&a[f+1]===10?(d.push({content:a.subarray(u,f),ending:"crlf"}),l("crlf"),f+=1,u=f+1):p===13?(d.push({content:a.subarray(u,f),ending:"cr"}),l("cr"),u=f+1):p===10&&(d.push({content:a.subarray(u,f),ending:"lf"}),l("lf"),u=f+1)}u<a.length&&d.push({content:a.subarray(u),ending:null});const m=c.length>1;if(r==="no"){m&&(t.logger.info(`${n}: mixed line endings`),s=1);continue}let k;if(r==="auto"){if(!m)continue;let f;for(const p of c)(!f||p.count>f.count)&&(f=p);k=f?.kind}else if(k=r,!c.some(f=>f.kind!==k&&f.count>0))continue;const w=mo[k],h=[];for(const f of d)h.push(f.content),f.ending!==null&&h.push(w);x(i,Buffer.concat(h)),t.logger.info(`${n}: fixed mixed line endings`),s=1}return s},"runMixedLineEnding");var $o=Object.defineProperty,vo=$((e,o)=>$o(e,"name",{value:o,configurable:!0}),"g$3");const fe=new Set([9,11,12,13,32]),wo=/\.(?:md|markdown|mdown|mdx)$/i,bo=vo((e,o,t)=>{let r=0;for(const s of e){const n=wo.test(s),i=g(t.root,s),a=B(i),c=[];let l=0;for(;l<=a.length;){let u=l;for(;u<a.length&&a[u]!==10;)u+=1;const m=u<a.length&&a[u]===10;let k=u,w=!1;m&&u>l&&a[u-1]===13&&(w=!0,k=u-1);const h=a.subarray(l,k);let f=h.length;for(;f>0&&fe.has(h[f-1]);)f-=1;const p=h.some(b=>!fe.has(b));if(n&&h.length>=2&&h[h.length-1]===32&&h[h.length-2]===32&&p&&(f=Math.min(f+2,h.length)),c.push(h.subarray(0,f)),w&&c.push(Buffer.from([13])),m&&c.push(Buffer.from([10])),!m)break;l=u+1}const d=Buffer.concat(c);d.equals(a)||(x(i,d),t.logger.info(`Fixing ${s}`),r=1)}return r},"runTrailingWhitespace");var xo=Object.defineProperty,Se=$((e,o)=>xo(e,"name",{value:o,configurable:!0}),"t");const ee={"check-json":io,"check-merge-conflict":lo,"end-of-file-fixer":po,"mixed-line-ending":yo,"trailing-whitespace":bo},Eo=Object.keys(ee).sort();Se(e=>Object.hasOwn(ee,e),"isBuiltin");const So=Se(e=>ee[e],"getBuiltin");var Ro=Object.defineProperty,O=$((e,o)=>Ro(e,"name",{value:o,configurable:!0}),"r");const F="config.json",W=1,jo=new Set(["alwaysRun","args","builtin","entry","exclude","excludeTypes","fail","files","id","name","passFilenames","types","typesOr","verbose"]),Oo=new Set(["failFast","stages","version"]),Fo=["args","exclude","excludeTypes","files","passFilenames","types","typesOr"],Re=O((e,o)=>g(e,o,F),"configPath"),Y=O(e=>e!==null&&typeof e=="object"&&!Array.isArray(e),"isStringRecord"),D=O(e=>{if(!Array.isArray(e))return;const o=[];for(const t of e){if(typeof t!="string")return;o.push(t)}return o},"asStringArray"),L=O(e=>typeof e=="boolean"?e:void 0,"asBoolean"),C=O(e=>typeof e=="string"&&e.length>0?e:void 0,"asNonEmptyString"),Ao=O((e,o,t)=>{if(!Y(e))throw new TypeError("hook entry must be an object");if(typeof e.id!="string"||e.id.length===0)throw new TypeError("hook entry is missing `id`");const r={id:e.id},s=L(e.alwaysRun);s!==void 0&&(r.alwaysRun=s);const n=D(e.args);n&&(r.args=n);const i=C(e.builtin);i&&(r.builtin=i);const a=C(e.entry);a&&(r.entry=a);const c=C(e.exclude);c&&(r.exclude=c);const l=D(e.excludeTypes);l&&(r.excludeTypes=l);const d=C(e.fail);d&&(r.fail=d);const u=C(e.files);u&&(r.files=u);const m=C(e.name);m&&(r.name=m);const k=L(e.passFilenames);k!==void 0&&(r.passFilenames=k);const w=D(e.types);w&&(r.types=w);const h=D(e.typesOr);h&&(r.typesOr=h);const f=L(e.verbose);if(f!==void 0&&(r.verbose=f),[r.builtin,r.entry,r.fail].filter(p=>p!==void 0).length!==1)throw new TypeError(`hook "${r.id}" must set exactly one of \`builtin\`, \`entry\`, \`fail\``);if(r.fail!==void 0){const p=Fo.filter(b=>r[b]!==void 0);if(p.length>0)throw new TypeError(`hook "${r.id}" is a \`fail\` entry — remove ${p.join(", ")} (filters do not apply)`)}for(const p of Object.keys(e))jo.has(p)||o.push({hookId:r.id,message:`unknown field "${p}" ignored`,stage:t});return r},"parseEntry"),_o=O((e,o)=>{if(!Y(e))throw new TypeError("hook config must be an object");if(e.version!==W)throw new TypeError(`unsupported hook config version: expected ${W}, got ${String(e.version)}`);if(!Y(e.stages))throw new TypeError("hook config is missing `stages` map");const t={};for(const[n,i]of Object.entries(e.stages)){if(!Array.isArray(i))throw new TypeError(`hook config: stage "${n}" must be an array`);t[n]=i.map(a=>Ao(a,o,n))}const r={stages:t,version:W},s=L(e.failFast);s!==void 0&&(r.failFast=s);for(const n of Object.keys(e))Oo.has(n)||o.push({message:`unknown top-level field "${n}" ignored`});return r},"parseConfig"),je=O((e,o=X,t)=>{const r=Re(e,o);if(!S(r))return;const s=N(r);let n;try{n=JSON.parse(s)}catch(i){const a=i instanceof Error?i.message:String(i);throw new TypeError(`failed to parse ${r}: ${a}`,{cause:i})}return _o(n,t??[])},"loadHookConfig"),Po=O((e,o,t)=>{const r=Re(e,o);x(r,`${JSON.stringify(t,void 0,4)}
|
|
10
|
+
`,"utf8")},"writeHookConfig");var To=Object.defineProperty,v=$((e,o)=>To(e,"name",{value:o,configurable:!0}),"d");const Co=new Map([["pre-commit/pre-commit-hooks#check-json","check-json"],["pre-commit/pre-commit-hooks#check-merge-conflict","check-merge-conflict"],["pre-commit/pre-commit-hooks#end-of-file-fixer","end-of-file-fixer"],["pre-commit/pre-commit-hooks#mixed-line-ending","mixed-line-ending"],["pre-commit/pre-commit-hooks#trailing-whitespace","trailing-whitespace"]]),Io=/[<>=!~]=/,Mo=/github\.com[/:]([^/\s]+\/[^/\s.]+)/i,No="# Generated by `vis hook migrate` from prek",Bo=v(e=>`#!/usr/bin/env sh
|
|
11
|
+
${No}
|
|
12
12
|
exec vis hook run ${e} "$@"
|
|
13
|
-
`,"stageScriptBody"),oe=v(e=>{for(const o of
|
|
14
|
-
`,"utf8"),{added:s,skipped:n}},"mergeAdditionalDependencies"),
|
|
15
|
-
`),"utf8")},"writeConfigReadme"),Xo=v((e,o)=>{R("prek",["--version"],{cwd:e,encoding:"utf8"}).status===0?R("prek",["uninstall"],{cwd:e,encoding:"utf8"}).status===0?o.info("Detached prek via `prek uninstall`."):o.info("`prek uninstall` did not exit cleanly — continuing. You may need to run it manually."):o.info("prek binary not found on PATH — skipping `prek uninstall`. Run it manually if prek is installed elsewhere.")},"detachPrek"),je=v((e,o,t,r={})=>{const s=oe(e),n=r.dryRun===!0;if(!s)return{isError:!0,message:"No prek configuration found (.pre-commit-config.yaml, .pre-commit-config.yml, or prek.toml)"};t.info(`Found prek config at ${s}`);const i=g(e,s),a=M(i),c=Uo(i);if(!c)return{isError:!0,message:`Could not parse ${s}`};const{additionalDeps:l,config:d,droppedFilters:u,manualSteps:m,skippedHooks:k}=Jo(c),w=Object.keys(d.stages);if(w.length===0&&k.length===0)return{isError:!0,message:`${s} has no hooks to migrate`};if(!n){const y=R("git",["config","--local","core.hooksPath"],{cwd:e,encoding:"utf8"});if(y.status===0){const J=y.stdout?.toString().trim();J&&(J.includes(".prek")||J.includes("prek-hooks"))&&R("git",["config","--local","--unset","core.hooksPath"],{cwd:e})}const T=he(o);if(T.isError)return T;T.message&&t.info(T.message)}const h=g(e,o);n||ye(h),n?t.info(` (would write) ${o}/${F}`):(_o(e,o,d),Qo(e,o),t.info(` Wrote ${o}/${F}`));let f=0;for(const y of w){const T=Bo(y);n?t.info(` (would write) ${o}/${y}`):(x(g(h,y),T,{mode:493}),t.info(` Wrote ${o}/${y}`)),f+=1}const{added:p,skipped:b}=n?{added:l.map(y=>y.name),skipped:[]}:zo(e,l,r.useEditorconfig);if(p.length>0){const y=n?"would add":"Added";t.info(`${y} ${p.length} package${p.length===1?"":"s"} to devDependencies: ${p.join(", ")}`),n||t.info("Run your package manager's install (e.g. `pnpm install`) to pick up the new devDependencies.")}b.length>0&&t.info(`Skipped ${b.length} already-declared package${b.length===1?"":"s"}: ${b.join(", ")}`),n||Xo(e,t);const se=`${i}.bak`;if(n?t.info(` (would remove) ${s} and back it up to ${s}.bak`):(S(se)||x(se,a,"utf8"),_e(i),t.info(`Removed ${s} (backup at ${s}.bak)`)),k.length>0){t.warn(`Skipped ${k.length} hook${k.length===1?"":"s"} that cannot run without prek:`);for(const y of k)t.warn(` - ${y.repo}::${y.hookId} — ${y.reason}`)}if(u.length>0){t.warn("Partial filter translations:");for(const y of u)t.warn(` - ${y}`)}if(m.length>0){t.warn("Manual follow-up required:");for(const y of m)t.warn(` - ${y}`)}return{isError:!1,message:`${n?"would migrate":"Migration complete:"} ${f} stage script${f===1?"":"s"} ${n?"into":"written to"} ${o}/`}},"migrateFromPrek");var Yo=Object.defineProperty,te=$((e,o)=>Yo(e,"name",{value:o,configurable:!0}),"i$2");const Zo=te(e=>{const o=[];let t=0;for(let r=0;r<e.length;r+=1)e[r]===0&&(r>t&&o.push(e.subarray(t,r).toString("utf8")),t=r+1);return t<e.length&&o.push(e.subarray(t).toString("utf8")),o},"splitNulBuffer"),U=te((e,o,t)=>{const r=R("git",[...e],{cwd:t,encoding:"buffer"});if(r.status!==0){const s=r.stderr?r.stderr.toString():"";throw new Error(`git ${o} failed${s?`: ${s.trim()}`:""}`)}return r.stdout.length===0?[]:Zo(r.stdout)},"gitListFiles"),et=te((e,o)=>{switch(e.kind){case"all":return U(["ls-files","-z"],"ls-files",o);case"range":return U(["diff","--name-only","--diff-filter=ACM","-z",e.fromRef,e.toRef],"diff --from-ref/--to-ref",o);case"staged":return U(["diff","--cached","--name-only","--diff-filter=ACM","-z"],"diff --cached",o);default:{const t=e;throw new Error(`unknown discover mode: ${JSON.stringify(t)}`)}}},"discoverFiles");var ot=Object.defineProperty,re=$((e,o)=>ot(e,"name",{value:o,configurable:!0}),"i$1");const le=re((e,o)=>{try{return new RegExp(e)}catch(t){const r=t instanceof Error?t.message:String(t);throw new Error(`invalid ${o} regex ${JSON.stringify(e)}: ${r}`,{cause:t})}},"compileRegex"),tt=re(e=>e.types&&e.types.length>0||e.typesOr&&e.typesOr.length>0||e.excludeTypes&&e.excludeTypes.length>0||!1,"hasTagFilters"),rt=re((e,o)=>{let t=e;if(o.files){const n=le(o.files,"files");t=t.filter(i=>n.test(i))}if(o.exclude){const n=le(o.exclude,"exclude");t=t.filter(i=>!n.test(i))}if(!tt(o))return[...t];const r=oo(t),s={excludeTypes:o.excludeTypes,types:o.types,typesOr:o.typesOr};return t.filter(n=>{const i=r.get(n);return i?ro(i,s):!1})},"applyHookFilter");var nt=Object.defineProperty,A=$((e,o)=>nt(e,"name",{value:o,configurable:!0}),"u$2");const st=32*1024,it=A((e,o)=>{const t=[],r=Math.max(1024,st-o);let s=[],n=0;for(const i of e){const a=Buffer.byteLength(i,"utf8")+8;n+a>r&&s.length>0&&(t.push(s),s=[],n=0),s.push(i),n+=a}return s.length>0&&t.push(s),t},"chunkFiles"),at=A(e=>({error:A(o=>{e.error(o)},"error"),info:A(o=>{e.info(o)},"info")}),"builtinLoggerFor"),ue=A((e,o,t)=>t?t.message:o?`terminated by signal ${o}`:`exited with status ${String(e)}`,"describeSpawnFailure"),ct=A((e,o,t,r,s)=>{const n=r?s.extraArgs:[];if(!t||o.length===0){const c=R("sh",["-c",e,"sh",...n],{cwd:s.root,stdio:"inherit"});return c.status===null?(s.logger.error(`hook command failed: ${ue(c.status,c.signal,c.error)}`),1):c.status}const i=Buffer.byteLength(e,"utf8")+Buffer.byteLength("sh","utf8")+Buffer.byteLength("-c","utf8")+n.reduce((c,l)=>c+Buffer.byteLength(l,"utf8")+8,0)+64;let a=0;for(const c of it(o,i)){const l=R("sh",["-c",`${e} "$@"`,"sh",...n,...c],{cwd:s.root,stdio:"inherit"});l.status===null?(s.logger.error(`hook command failed: ${ue(l.status,l.signal,l.error)}`),a|=1):a|=l.status}return a},"runShellCommand"),ft=A((e,o,t)=>{if(e.fail!==void 0)return t.logger.info(e.fail),1;const r=Z.has(t.stage);let s;try{s=rt(o,e)}catch(c){const l=c instanceof Error?c.message:String(c);return t.logger.error(`hook "${e.id}": ${l}`),2}if(s.length===0&&e.alwaysRun!==!0&&!r)return 0;const n=e.passFilenames!==!1;if(e.verbose){const c=e.name??e.id;t.logger.info(`+ ${c}`)}if(e.builtin){const c=So(e.builtin);if(!c)return t.logger.error(`unknown builtin "${e.builtin}" referenced by hook "${e.id}"`),2;const l={logger:at(t.logger),root:t.root};try{return c(s,e.args??[],l)}catch(d){const u=d instanceof Error?d.message:String(d);return t.logger.error(`builtin "${e.builtin}" crashed: ${u}`),1}}if(e.entry===void 0)return t.logger.error(`hook "${e.id}" has no \`entry\`, \`builtin\`, or \`fail\` to run`),2;const i=(e.args??[]).map(c=>`'${c.replaceAll("'",String.raw`'\''`)}'`).join(" "),a=i?`${e.entry} ${i}`:e.entry;return ct(a,s,n,r,t)},"runHookEntry"),lt=A((e,o,t,r)=>{const s=e.stages[o];if(!s||s.length===0)return 0;let n=0;for(const i of s){const a=ft(i,t,r);if(a!==0&&(n|=a,e.failFast))return n}return n},"runStage");var ut=Object.defineProperty,ne=$((e,o)=>ut(e,"name",{value:o,configurable:!0}),"s");const gt="pre-commit",dt=ne(e=>{if(e.lastCommit&&(e.fromRef||e.toRef))throw new Error("--last-commit cannot be combined with --from-ref or --to-ref");const o=e.lastCommit?"HEAD~1":e.fromRef,t=e.lastCommit?"HEAD":e.toRef;if(o&&!t||t&&!o)throw new Error("--from-ref and --to-ref must be specified together");return o&&t?{fromRef:o,kind:"range",toRef:t}:e.allFiles?{kind:"all"}:{kind:"staged"}},"resolveDiscoverMode"),pt=ne((e,o,t,r)=>{const s=t.stage??gt,n=Oe(e,o);if(!n)throw new Error(`No hook config found at ${o}/config.json. Install or migrate hooks first.`);const i=n.stages[s];if(!i||i.length===0)return r.info(`No hooks configured for stage "${s}".`),0;const a=Z.has(s)?void 0:dt(t),c=a?.kind==="all"?" (--all-files)":a?.kind==="range"?` (${a.fromRef}..${a.toRef})`:"";r.info(`Running ${s}${c}`);const l=a?et(a,e):[],d={extraArgs:t.extraArgs??[],logger:r,root:e,stage:s};return lt(n,s,l,d)},"runHookStage"),ht=ne((e,o,t)=>{const r=pt(N(),e,o,t);if(r!==0)throw new Error(`Hook stage exited with code ${r}`)},"runRun");var mt=Object.defineProperty,kt=$((e,o)=>mt(e,"name",{value:o,configurable:!0}),"e");const yt=kt((e=Y)=>{if(R("git",["config","--local","core.hooksPath"]).status!==0)return{isError:!1,message:"No custom hooks path configured"};const{status:o,stderr:t}=R("git",["config","--local","--unset","core.hooksPath"]);if(o===null)return{isError:!0,message:"git command not found"};if(o&&o!==5)return{isError:!0,message:String(t)};const r=g(e,"_");return S(r)&&Te(r,{force:!0,recursive:!0}),{isError:!1,message:""}},"uninstallHooks");var $t=Object.defineProperty,G=$((e,o)=>$t(e,"name",{value:o,configurable:!0}),"u");const vt=new Set(pe),wt=G(e=>{const o=R("sh",["-n",e],{encoding:"utf8"});if(o.status===null)return`failed to run "sh -n" (${o.error?.message??"unknown error"})`;if(o.status!==0)return o.stderr.trim()||`sh -n exited with ${o.status}`},"runSyntaxCheck"),bt=G((e,o)=>{const t=[],r=g(e,o),s=R("git",["config","--local","core.hooksPath"],{cwd:e,encoding:"utf8"});if(s.status===0){const i=s.stdout.trim(),a=`${o}/_`;i&&i!==a&&t.push({kind:"warning",message:`core.hooksPath is "${i}" — expected "${a}". Re-run \`vis hook install\` to fix.`})}else t.push({kind:"warning",message:"core.hooksPath is not set — run `vis hook install`."});if(S(g(r,"_"))||t.push({kind:"error",message:`Dispatcher directory ${o}/_ is missing. Run \`vis hook install\`.`}),!S(r))return t.push({kind:"error",message:`Hooks directory ${o}/ is missing.`}),{issues:t,ok:!1};let n=!1;for(const i of de(r)){if(i.startsWith(".")||i==="_"||i===F||i==="README.md")continue;if(!vt.has(i)){t.push({kind:"warning",message:`Unknown hook "${i}" — not a standard git hook.`,path:g(o,i)});continue}const a=g(r,i);if(!z(a).isFile())continue;n=!0;const c=z(a).mode&511;(c&64)===0&&t.push({kind:"warning",message:`Script is not owner-executable (mode ${c.toString(8)}).`,path:g(o,i)});const l=wt(a);l&&t.push({kind:"error",message:`Shell syntax error: ${l}`,path:g(o,i)})}if(n){const i=g(r,F);if(S(i))try{Oe(e,o)}catch(a){t.push({kind:"error",message:`${F} is malformed: ${a instanceof Error?a.message:String(a)}`,path:g(o,F)})}else t.push({kind:"error",message:`Stage scripts are present but ${o}/${F} is missing. Re-run \`vis hook migrate\`.`})}return{issues:t,ok:!t.some(i=>i.kind==="error")}},"validateHooks"),xt=G((e,o)=>{if(e.issues.length===0)return[`Hook directory ${o}/ looks good.`];const t=[];for(const r of e.issues){const s=r.kind==="error"?"ERROR":"WARN ",n=r.path?` (${r.path})`:"";t.push(`${s} ${r.message}${n}`)}return t.push("",e.ok?"No errors — warnings only.":`${e.issues.filter(r=>r.kind==="error").length} error(s).`),t},"formatValidationResult"),Et=G((e,o)=>{const t=bt(N(),e),r=xt(t,e);for(const s of r)s.startsWith("ERROR")||s.startsWith("WARN")?o.warn(s):o.info(s);if(!t.ok)throw new Error("Hook validation failed")},"runValidate");var St=Object.defineProperty,E=$((e,o)=>St(e,"name",{value:o,configurable:!0}),"i");const _=E(e=>e.hooksDir??Y,"resolveHooksDirectory"),ge=E(e=>new Promise(o=>{const t=Ie({input:process.stdin,output:process.stdout});t.question(`${e} (y/N) `,r=>{t.close();const s=r.trim().toLowerCase();o(s==="y"||s==="yes")})}),"confirmPrompt"),Rt=E(async(e,o,t)=>{const r=N(),s=me(r),n=oe(r);if(s&&n)throw new Error(`Found both husky (${s}/) and prek (${n}). Remove or migrate one before running \`vis hook install\`.`);if(s){if(o.info(`Existing husky installation found at ${s}/`),await ge("Would you like to migrate your husky hooks to vis?")){const a=ke(r,e,o,{useEditorconfig:t});if(a.isError)throw new Error(a.message);a.message&&o.info(a.message);return}o.info("Aborting install. Remove husky first or run 'vis hook migrate' to migrate.");return}if(n){if(o.info(`Existing prek configuration found at ${n}`),await ge("Would you like to migrate your prek hooks to vis?")){const a=je(r,e,o,{useEditorconfig:t});if(a.isError)throw new Error(a.message);a.message&&o.info(a.message);return}o.info("Aborting install. Remove the prek config first or run 'vis hook migrate' to migrate.");return}o.info(`Installing git hooks in ${e}/...`);const i=he(e);if(i.message){if(i.isError)throw new Error(i.message);o.info(i.message);return}S(g(r,e,"pre-commit"))||x(g(r,e,"pre-commit"),`#!/usr/bin/env sh
|
|
16
|
-
`,{mode:493}),o.info("Git hooks installed successfully.")},"executeInstall"),
|
|
17
|
-
${
|
|
13
|
+
`,"stageScriptBody"),oe=v(e=>{for(const o of Me)if(S(g(e,o)))return o},"detectPrekConfig"),Ho=v(e=>Ne[e]??e,"mapPrekStage"),Do=v(e=>Mo.exec(e)?.[1]??e,"normalizeRepoKey"),Wo=v(e=>{if(Io.test(e))return;if(e.startsWith("@")){const r=e.indexOf("@",1);if(r===-1)return{name:e,version:"latest"};const s=e.slice(r+1).trim();return{name:e.slice(0,r),version:s||"latest"}}const o=e.indexOf("@");if(o===-1)return{name:e,version:"latest"};const t=e.slice(o+1).trim();return{name:e.slice(0,o),version:t||"latest"}},"parseAdditionalDep"),Lo=v(e=>{const o=[];for(const t of[e.types,e.types_or,e.exclude_types])for(const r of t??[])to(r)||o.push(r);return o},"unknownTypes"),Vo=v((e,o)=>(e.stages&&e.stages.length>0?e.stages:o??["pre-commit"]).map(t=>Ho(t)),"resolveStages"),qo=v((e,o,t)=>{const r=e.id??"<unknown>",s=Z.has(o),n={id:r};return e.name&&(n.name=e.name),e.language==="fail"?(n.fail=e.entry??e.name??r,n):(t?n.builtin=t:e.entry&&(n.entry=e.entry),Array.isArray(e.args)&&e.args.length>0&&(n.args=[...e.args]),s||(e.files&&(n.files=e.files),e.exclude&&(n.exclude=e.exclude),e.types&&e.types.length>0&&(n.types=[...e.types]),e.types_or&&e.types_or.length>0&&(n.typesOr=[...e.types_or]),e.exclude_types&&e.exclude_types.length>0&&(n.excludeTypes=[...e.exclude_types])),(e.pass_filenames===!1||s)&&(n.passFilenames=!1),(e.always_run||s)&&(n.alwaysRun=!0),e.verbose&&(n.verbose=!0),n)},"buildHookEntry"),Go=v((e,o,t,r)=>{if(Array.isArray(e.additional_dependencies))for(const s of e.additional_dependencies){const n=Wo(s);if(!n){r.push(`"${o}": additional_dependency "${s}" uses a pip-style pin and cannot be added to package.json — install manually.`);continue}t.push({hookId:o,name:n.name,raw:s,version:n.version})}},"collectAdditionalDeps"),Jo=v(e=>{const o={},t=[],r=[],s=[],n=[];(e.files||e.exclude)&&r.push("top-level files/exclude filter dropped — apply it per hook if needed");for(const a of e.repos??[]){const c=a.repo??"<unknown>",l=c==="local",d=l?void 0:Do(c);for(const u of a.hooks??[]){const m=u.id??"<unknown>";let k;if(l){const f=u.language??"system";if(!Be.has(f)){t.push({hookId:m,reason:`language "${f}" needs an isolated toolchain — run via prek or reimplement as a system command`,repo:c});continue}if(f!=="fail"&&!u.entry){t.push({hookId:m,reason:"missing `entry`",repo:c});continue}}else if(d&&(k=Co.get(`${d}#${m}`)),!k){t.push({hookId:m,reason:`remote repo "${c}"@${a.rev??"?"} has no bundled equivalent — run via prek or replace with a system command`,repo:c});continue}Go(u,m,n,s);const w=Lo(u);w.length>0&&r.push(`hook "${m}": unsupported types ${w.join(", ")} — those entries are ignored by the dispatcher`);const h=Vo(u,e.default_stages);for(const f of h){if(f==="manual")continue;if(!He.has(f)){t.push({hookId:m,reason:`unsupported stage "${f}"`,repo:c});continue}const p=qo(u,f,k),b=o[f];b?b.push(p):o[f]=[p]}}}const i={stages:o,version:W};return e.fail_fast&&(i.failFast=!0),{additionalDeps:n,config:i,droppedFilters:r,manualSteps:s,skippedHooks:t}},"convertPrekConfig"),Ko=v(e=>{const o=De(e);if(o&&typeof o=="object")return o},"parsePrekConfig"),Uo=v(e=>{if(e.endsWith(".toml")){const t=We(e);return t&&typeof t=="object"?t:void 0}const o=N(e);return Ko(o)},"loadPrekConfig"),zo=v((e,o,t)=>{const r=g(e,"package.json"),s=[],n=[];if(!S(r)||o.length===0)return{added:s,skipped:n};const i=N(r),a=JSON.parse(i),c=a.devDependencies??{},l=a.dependencies??{};for(const u of o){if(u.name in c||u.name in l){n.push(u.name);continue}c[u.name]=u.version,s.push(u.name)}if(s.length===0)return{added:s,skipped:n};a.devDependencies=c;const d=Le(r,i,{defaultIndent:" ",useEditorconfig:t});return x(r,`${JSON.stringify(a,void 0,d)}
|
|
14
|
+
`,"utf8"),{added:s,skipped:n}},"mergeAdditionalDependencies"),Yo=v((e,o)=>{const t=g(e,o);ye(t),x(g(t,"README.md"),["# Vis hook config","","`config.json` is the single source of truth for what each stage","script runs. Auto-generated by `vis hook migrate`. Edit by hand","or re-run the migrator after updating your prek config.","",`Bundled builtins: ${Eo.join(", ")}`,""].join(`
|
|
15
|
+
`),"utf8")},"writeConfigReadme"),Qo=v((e,o)=>{R("prek",["--version"],{cwd:e,encoding:"utf8"}).status===0?R("prek",["uninstall"],{cwd:e,encoding:"utf8"}).status===0?o.info("Detached prek via `prek uninstall`."):o.info("`prek uninstall` did not exit cleanly — continuing. You may need to run it manually."):o.info("prek binary not found on PATH — skipping `prek uninstall`. Run it manually if prek is installed elsewhere.")},"detachPrek"),Oe=v((e,o,t,r={})=>{const s=oe(e),n=r.dryRun===!0;if(!s)return{isError:!0,message:"No prek configuration found (.pre-commit-config.yaml, .pre-commit-config.yml, or prek.toml)"};t.info(`Found prek config at ${s}`);const i=g(e,s),a=N(i),c=Uo(i);if(!c)return{isError:!0,message:`Could not parse ${s}`};const{additionalDeps:l,config:d,droppedFilters:u,manualSteps:m,skippedHooks:k}=Jo(c),w=Object.keys(d.stages);if(w.length===0&&k.length===0)return{isError:!0,message:`${s} has no hooks to migrate`};if(!n){const y=R("git",["config","--local","core.hooksPath"],{cwd:e,encoding:"utf8"});if(y.status===0){const J=y.stdout?.toString().trim();J&&(J.includes(".prek")||J.includes("prek-hooks"))&&R("git",["config","--local","--unset","core.hooksPath"],{cwd:e})}const T=he(o);if(T.isError)return T;T.message&&t.info(T.message)}const h=g(e,o);n||ye(h),n?t.info(` (would write) ${o}/${F}`):(Po(e,o,d),Yo(e,o),t.info(` Wrote ${o}/${F}`));let f=0;for(const y of w){const T=Bo(y);n?t.info(` (would write) ${o}/${y}`):(x(g(h,y),T,{mode:493}),t.info(` Wrote ${o}/${y}`)),f+=1}const{added:p,skipped:b}=n?{added:l.map(y=>y.name),skipped:[]}:zo(e,l,r.useEditorconfig);if(p.length>0){const y=n?"would add":"Added";t.info(`${y} ${p.length} package${p.length===1?"":"s"} to devDependencies: ${p.join(", ")}`),n||t.info("Run your package manager's install (e.g. `pnpm install`) to pick up the new devDependencies.")}b.length>0&&t.info(`Skipped ${b.length} already-declared package${b.length===1?"":"s"}: ${b.join(", ")}`),n||Qo(e,t);const se=`${i}.bak`;if(n?t.info(` (would remove) ${s} and back it up to ${s}.bak`):(S(se)||x(se,a,"utf8"),Pe(i),t.info(`Removed ${s} (backup at ${s}.bak)`)),k.length>0){t.warn(`Skipped ${k.length} hook${k.length===1?"":"s"} that cannot run without prek:`);for(const y of k)t.warn(` - ${y.repo}::${y.hookId} — ${y.reason}`)}if(u.length>0){t.warn("Partial filter translations:");for(const y of u)t.warn(` - ${y}`)}if(m.length>0){t.warn("Manual follow-up required:");for(const y of m)t.warn(` - ${y}`)}return{isError:!1,message:`${n?"would migrate":"Migration complete:"} ${f} stage script${f===1?"":"s"} ${n?"into":"written to"} ${o}/`}},"migrateFromPrek");var Xo=Object.defineProperty,te=$((e,o)=>Xo(e,"name",{value:o,configurable:!0}),"i$2");const Zo=te(e=>{const o=[];let t=0;for(let r=0;r<e.length;r+=1)e[r]===0&&(r>t&&o.push(e.subarray(t,r).toString("utf8")),t=r+1);return t<e.length&&o.push(e.subarray(t).toString("utf8")),o},"splitNulBuffer"),U=te((e,o,t)=>{const r=R("git",[...e],{cwd:t,encoding:"buffer"});if(r.status!==0){const s=r.stderr?r.stderr.toString():"";throw new Error(`git ${o} failed${s?`: ${s.trim()}`:""}`)}return r.stdout.length===0?[]:Zo(r.stdout)},"gitListFiles"),et=te((e,o)=>{switch(e.kind){case"all":return U(["ls-files","-z"],"ls-files",o);case"range":return U(["diff","--name-only","--diff-filter=ACM","-z",e.fromRef,e.toRef],"diff --from-ref/--to-ref",o);case"staged":return U(["diff","--cached","--name-only","--diff-filter=ACM","-z"],"diff --cached",o);default:{const t=e;throw new Error(`unknown discover mode: ${JSON.stringify(t)}`)}}},"discoverFiles");var ot=Object.defineProperty,re=$((e,o)=>ot(e,"name",{value:o,configurable:!0}),"i$1");const le=re((e,o)=>{try{return new RegExp(e)}catch(t){const r=t instanceof Error?t.message:String(t);throw new Error(`invalid ${o} regex ${JSON.stringify(e)}: ${r}`,{cause:t})}},"compileRegex"),tt=re(e=>e.types&&e.types.length>0||e.typesOr&&e.typesOr.length>0||e.excludeTypes&&e.excludeTypes.length>0||!1,"hasTagFilters"),rt=re((e,o)=>{let t=e;if(o.files){const n=le(o.files,"files");t=t.filter(i=>n.test(i))}if(o.exclude){const n=le(o.exclude,"exclude");t=t.filter(i=>!n.test(i))}if(!tt(o))return[...t];const r=oo(t),s={excludeTypes:o.excludeTypes,types:o.types,typesOr:o.typesOr};return t.filter(n=>{const i=r.get(n);return i?ro(i,s):!1})},"applyHookFilter");var nt=Object.defineProperty,A=$((e,o)=>nt(e,"name",{value:o,configurable:!0}),"u$2");const st=32*1024,it=A((e,o)=>{const t=[],r=Math.max(1024,st-o);let s=[],n=0;for(const i of e){const a=Buffer.byteLength(i,"utf8")+8;n+a>r&&s.length>0&&(t.push(s),s=[],n=0),s.push(i),n+=a}return s.length>0&&t.push(s),t},"chunkFiles"),at=A(e=>({error:A(o=>{e.error(o)},"error"),info:A(o=>{e.info(o)},"info")}),"builtinLoggerFor"),ue=A((e,o,t)=>t?t.message:o?`terminated by signal ${o}`:`exited with status ${String(e)}`,"describeSpawnFailure"),ct=A((e,o,t,r,s)=>{const n=r?s.extraArgs:[];if(!t||o.length===0){const c=R("sh",["-c",e,"sh",...n],{cwd:s.root,stdio:"inherit"});return c.status===null?(s.logger.error(`hook command failed: ${ue(c.status,c.signal,c.error)}`),1):c.status}const i=Buffer.byteLength(e,"utf8")+Buffer.byteLength("sh","utf8")+Buffer.byteLength("-c","utf8")+n.reduce((c,l)=>c+Buffer.byteLength(l,"utf8")+8,0)+64;let a=0;for(const c of it(o,i)){const l=R("sh",["-c",`${e} "$@"`,"sh",...n,...c],{cwd:s.root,stdio:"inherit"});l.status===null?(s.logger.error(`hook command failed: ${ue(l.status,l.signal,l.error)}`),a|=1):a|=l.status}return a},"runShellCommand"),ft=A((e,o,t)=>{if(e.fail!==void 0)return t.logger.info(e.fail),1;const r=Z.has(t.stage);let s;try{s=rt(o,e)}catch(c){const l=c instanceof Error?c.message:String(c);return t.logger.error(`hook "${e.id}": ${l}`),2}if(s.length===0&&e.alwaysRun!==!0&&!r)return 0;const n=e.passFilenames!==!1;if(e.verbose){const c=e.name??e.id;t.logger.info(`+ ${c}`)}if(e.builtin){const c=So(e.builtin);if(!c)return t.logger.error(`unknown builtin "${e.builtin}" referenced by hook "${e.id}"`),2;const l={logger:at(t.logger),root:t.root};try{return c(s,e.args??[],l)}catch(d){const u=d instanceof Error?d.message:String(d);return t.logger.error(`builtin "${e.builtin}" crashed: ${u}`),1}}if(e.entry===void 0)return t.logger.error(`hook "${e.id}" has no \`entry\`, \`builtin\`, or \`fail\` to run`),2;const i=(e.args??[]).map(c=>`'${c.replaceAll("'",String.raw`'\''`)}'`).join(" "),a=i?`${e.entry} ${i}`:e.entry;return ct(a,s,n,r,t)},"runHookEntry"),lt=A((e,o,t,r)=>{const s=e.stages[o];if(!s||s.length===0)return 0;let n=0;for(const i of s){const a=ft(i,t,r);if(a!==0&&(n|=a,e.failFast))return n}return n},"runStage");var ut=Object.defineProperty,ne=$((e,o)=>ut(e,"name",{value:o,configurable:!0}),"s");const gt="pre-commit",dt=ne(e=>{if(e.lastCommit&&(e.fromRef||e.toRef))throw new Error("--last-commit cannot be combined with --from-ref or --to-ref");const o=e.lastCommit?"HEAD~1":e.fromRef,t=e.lastCommit?"HEAD":e.toRef;if(o&&!t||t&&!o)throw new Error("--from-ref and --to-ref must be specified together");return o&&t?{fromRef:o,kind:"range",toRef:t}:e.allFiles?{kind:"all"}:{kind:"staged"}},"resolveDiscoverMode"),pt=ne((e,o,t,r)=>{const s=t.stage??gt,n=je(e,o);if(!n)throw new Error(`No hook config found at ${o}/config.json. Install or migrate hooks first.`);const i=n.stages[s];if(!i||i.length===0)return r.info(`No hooks configured for stage "${s}".`),0;const a=Z.has(s)?void 0:dt(t),c=a?.kind==="all"?" (--all-files)":a?.kind==="range"?` (${a.fromRef}..${a.toRef})`:"";r.info(`Running ${s}${c}`);const l=a?et(a,e):[],d={extraArgs:t.extraArgs??[],logger:r,root:e,stage:s};return lt(n,s,l,d)},"runHookStage"),ht=ne((e,o,t)=>{const r=pt(M(),e,o,t);if(r!==0)throw new Error(`Hook stage exited with code ${r}`)},"runRun");var mt=Object.defineProperty,kt=$((e,o)=>mt(e,"name",{value:o,configurable:!0}),"e");const yt=kt((e=X)=>{if(R("git",["config","--local","core.hooksPath"]).status!==0)return{isError:!1,message:"No custom hooks path configured"};const{status:o,stderr:t}=R("git",["config","--local","--unset","core.hooksPath"]);if(o===null)return{isError:!0,message:"git command not found"};if(o&&o!==5)return{isError:!0,message:String(t)};const r=g(e,"_");return S(r)&&Te(r,{force:!0,recursive:!0}),{isError:!1,message:""}},"uninstallHooks");var $t=Object.defineProperty,G=$((e,o)=>$t(e,"name",{value:o,configurable:!0}),"u");const vt=new Set(pe),wt=G(e=>{const o=R("sh",["-n",e],{encoding:"utf8"});if(o.status===null)return`failed to run "sh -n" (${o.error?.message??"unknown error"})`;if(o.status!==0)return o.stderr.trim()||`sh -n exited with ${o.status}`},"runSyntaxCheck"),bt=G((e,o)=>{const t=[],r=g(e,o),s=R("git",["config","--local","core.hooksPath"],{cwd:e,encoding:"utf8"});if(s.status===0){const i=s.stdout.trim(),a=`${o}/_`;i&&i!==a&&t.push({kind:"warning",message:`core.hooksPath is "${i}" — expected "${a}". Re-run \`vis hook install\` to fix.`})}else t.push({kind:"warning",message:"core.hooksPath is not set — run `vis hook install`."});if(S(g(r,"_"))||t.push({kind:"error",message:`Dispatcher directory ${o}/_ is missing. Run \`vis hook install\`.`}),!S(r))return t.push({kind:"error",message:`Hooks directory ${o}/ is missing.`}),{issues:t,ok:!1};let n=!1;for(const i of de(r)){if(i.startsWith(".")||i==="_"||i===F||i==="README.md")continue;if(!vt.has(i)){t.push({kind:"warning",message:`Unknown hook "${i}" — not a standard git hook.`,path:g(o,i)});continue}const a=g(r,i);if(!z(a).isFile())continue;n=!0;const c=z(a).mode&511;(c&64)===0&&t.push({kind:"warning",message:`Script is not owner-executable (mode ${c.toString(8)}).`,path:g(o,i)});const l=wt(a);l&&t.push({kind:"error",message:`Shell syntax error: ${l}`,path:g(o,i)})}if(n){const i=g(r,F);if(S(i))try{je(e,o)}catch(a){t.push({kind:"error",message:`${F} is malformed: ${a instanceof Error?a.message:String(a)}`,path:g(o,F)})}else t.push({kind:"error",message:`Stage scripts are present but ${o}/${F} is missing. Re-run \`vis hook migrate\`.`})}return{issues:t,ok:!t.some(i=>i.kind==="error")}},"validateHooks"),xt=G((e,o)=>{if(e.issues.length===0)return[`Hook directory ${o}/ looks good.`];const t=[];for(const r of e.issues){const s=r.kind==="error"?"ERROR":"WARN ",n=r.path?` (${r.path})`:"";t.push(`${s} ${r.message}${n}`)}return t.push("",e.ok?"No errors — warnings only.":`${e.issues.filter(r=>r.kind==="error").length} error(s).`),t},"formatValidationResult"),Et=G((e,o)=>{const t=bt(M(),e),r=xt(t,e);for(const s of r)s.startsWith("ERROR")||s.startsWith("WARN")?o.warn(s):o.info(s);if(!t.ok)throw new Error("Hook validation failed")},"runValidate");var St=Object.defineProperty,E=$((e,o)=>St(e,"name",{value:o,configurable:!0}),"i");const P=E(e=>e.hooksDir??X,"resolveHooksDirectory"),ge=E(e=>new Promise(o=>{const t=Ie({input:process.stdin,output:process.stdout});t.question(`${e} (y/N) `,r=>{t.close();const s=r.trim().toLowerCase();o(s==="y"||s==="yes")})}),"confirmPrompt"),Rt=E(async(e,o,t)=>{const r=M(),s=me(r),n=oe(r);if(s&&n)throw new Error(`Found both husky (${s}/) and prek (${n}). Remove or migrate one before running \`vis hook install\`.`);if(s){if(o.info(`Existing husky installation found at ${s}/`),await ge("Would you like to migrate your husky hooks to vis?")){const a=ke(r,e,o,{useEditorconfig:t});if(a.isError)throw new Error(a.message);a.message&&o.info(a.message);return}o.info("Aborting install. Remove husky first or run 'vis hook migrate' to migrate.");return}if(n){if(o.info(`Existing prek configuration found at ${n}`),await ge("Would you like to migrate your prek hooks to vis?")){const a=Oe(r,e,o,{useEditorconfig:t});if(a.isError)throw new Error(a.message);a.message&&o.info(a.message);return}o.info("Aborting install. Remove the prek config first or run 'vis hook migrate' to migrate.");return}o.info(`Installing git hooks in ${e}/...`);const i=he(e);if(i.message){if(i.isError)throw new Error(i.message);o.info(i.message);return}S(g(r,e,"pre-commit"))||x(g(r,e,"pre-commit"),`#!/usr/bin/env sh
|
|
16
|
+
`,{mode:493}),o.info("Git hooks installed successfully.")},"executeInstall"),jt=E((e,o,t,r)=>{const s=M(),n=me(s),i=oe(s);if(n&&i)throw new Error(`Found both husky (${n}/) and prek (${i}). Migrate one at a time — rename or remove one before retrying.`);if(!n&&!i)throw new Error("No husky (.husky/) or prek (.pre-commit-config.yaml / prek.toml) configuration found to migrate.");o&&t.info("(dry-run) no files will be written");const a=n?ke(s,e,t,{dryRun:o,useEditorconfig:r}):Oe(s,e,t,{dryRun:o,useEditorconfig:r});if(a.isError)throw new Error(a.message);a.message&&t.info(a.message)},"executeMigrate"),Q="# vis:secrets-hook",Ot=`#!/usr/bin/env sh
|
|
17
|
+
${Q}
|
|
18
18
|
# Scan staged files for secrets before each commit. Remove this block or the whole file to disable.
|
|
19
19
|
pnpm exec vis secrets --staged --quiet || exit 1
|
|
20
|
-
`,Ft=E((e,o,t)=>{if(e!=="secrets")throw new Error(`Unknown hook add target "${String(e)}". Currently supported: "secrets".`);const r=
|
|
20
|
+
`,Ft=E((e,o,t)=>{if(e!=="secrets")throw new Error(`Unknown hook add target "${String(e)}". Currently supported: "secrets".`);const r=M(),s=g(r,o,"pre-commit");if(!S(g(r,o)))throw new Error(`Hooks directory ${o}/ does not exist. Run \`vis hook install\` first.`);if(S(s)){const n=N(s);if(n.includes(Q)){t.info(`Secrets hook already present in ${s}.`);return}if(/\bvis secrets\b/.test(n)){t.warn(`Found a \`vis secrets\` invocation in ${s} without the managed marker — leaving it untouched.`);return}const i=`${n.trimEnd()}
|
|
21
21
|
|
|
22
|
-
${
|
|
22
|
+
${Q}
|
|
23
23
|
pnpm exec vis secrets --staged --quiet || exit 1
|
|
24
|
-
`;x(s,i),Ce(s,493),t.info(`Appended secrets scan to ${s}.`);return}x(s,
|
|
24
|
+
`;x(s,i),Ce(s,493),t.info(`Appended secrets scan to ${s}.`);return}x(s,Ot,{mode:493}),t.info(`Created ${s} with a secrets-scan pre-commit check.`)},"executeAdd"),At=E((e,o)=>{o.info("Removing git hooks...");const t=yt(e);if(t.message){if(t.isError)throw new Error(t.message);o.info(t.message);return}o.info("Git hooks removed successfully.")},"executeUninstall"),_t=E(async({logger:e,options:o,visConfig:t})=>{await Rt(P(o),e,t?.editorconfig??!0)},"hookInstallImpl"),Pt=E(({logger:e,options:o})=>{At(P(o),e)},"hookUninstallImpl"),Tt=E(({logger:e,options:o,visConfig:t})=>{jt(P(o),!!o.dryRun,e,t?.editorconfig??!0)},"hookMigrateImpl"),Ct=E(({logger:e,options:o})=>{Ze(P(o),e)},"hookListImpl"),It=E(({logger:e,options:o})=>{Et(P(o),e)},"hookValidateImpl"),Mt=E(({argument:e,logger:o,options:t})=>{ht(P(t),{allFiles:!!t.allFiles,extraArgs:e.slice(1),fromRef:t.fromRef,lastCommit:!!t.lastCommit,stage:e[0],toRef:t.toRef},o)},"hookRunImpl"),Nt=E(({argument:e,logger:o,options:t})=>{Ft(e[0],P(t),o)},"hookAddImpl"),qt=_t,Gt=Pt,Jt=Tt,Kt=Ct,Ut=It,zt=Mt,Yt=Nt;export{Yt as hookAddExecute,qt as hookInstallExecute,Kt as hookListExecute,Jt as hookMigrateExecute,zt as hookRunExecute,Gt as hookUninstallExecute,Ut as hookValidateExecute};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
var Kt=Object.defineProperty;var R=(e,t)=>Kt(e,"name",{value:t,configurable:!0});import{createRequire as qt}from"node:module";import{E as
|
|
1
|
+
var Kt=Object.defineProperty;var R=(e,t)=>Kt(e,"name",{value:t,configurable:!0});import{createRequire as qt}from"node:module";import{E as M,e as Re,q as jt,P as Rt,T as Ie}from"../packem_shared/Table-CwC2kW07-EjFLNV0q.js";import{M as U,i as ae,$ as Ee,C as ea}from"../packem_shared/readFileSync-CGmzMUF2-D6rUjGDn.js";import{an as ta,am as aa,ac as ia,ad as ra,ae as na,o as Ye,l as oa,J as sa,aV as ca,Y as la,a1 as pa,p as f,i as gt,b as da,T as ga,f as ua,$ as ut,C as fa,S as ma,a4 as ha,s as Ge}from"./bin.js";import{whichBin as va}from"#native";import{w as ya,r as ba,b as xa}from"../packem_shared/ai-analysis-BnmDFqc8.js";import{B as ft,n as It}from"./config.js";import{s as T,A as ka,P as $a}from"../packem_shared/pm-runner-COoPLGKi.js";import{c as Et,s as Ce,g as Sa,p as Aa,e as Na}from"../packem_shared/index-DBq4TVu5.js";import{d as Ca}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as ja,b as Ra}from"../packem_shared/cyclonedx-C2k2HmvI.js";import{s as Oa}from"../packem_shared/scan-progress-CU4ttEHQ.js";import{r as Pa,A as mt,q as ht}from"../packem_shared/advisories-BxXiKFbL.js";import{l as Da,f as Ma,a as La}from"../packem_shared/dependency-scan-Bki15Yi-.js";import{r as Ta}from"../packem_shared/manifests-Z3spBpxv.js";import{l as Va,p as za,O as Wa}from"../packem_shared/osv-bloom-ep8GlDGT.js";const Jt=qt(import.meta.url),ce=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,ie=R(e=>{if(typeof ce<"u"&&ce.versions&&ce.versions.node){const[t,a]=ce.versions.node.split(".").map(Number);if(t>22||t===22&&a>=3||t===20&&a>=16)return ce.getBuiltinModule(e)}return Jt(e)},"__cjs_getBuiltinModule"),{spawnSync:Yt}=ie("node:child_process"),{existsSync:At,readFileSync:Nt,writeFileSync:Ct,renameSync:Zt,unlinkSync:Xt}=ie("node:fs"),{createInterface:Qt}=ie("node:readline"),{stripVTControlCharacters:wa}=ie("node:util"),{createHash:Ia}=ie("node:crypto"),{relative:Ot,join:Ea}=ie("node:path");var _a=Object.defineProperty,Fa=R((e,t)=>_a(e,"name",{value:t,configurable:!0}),"t$1"),Ua=Object.defineProperty,Ha=Fa((e,t)=>Ua(e,"name",{value:t,configurable:!0}),"s"),Ga=Object.defineProperty,Ba=Ha((e,t)=>Ga(e,"name",{value:t,configurable:!0}),"n");const vt=Ba((e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const a=[];for(const i of ta(e,t))a.push(i.path);return a},"collectSync");var Ka=Object.defineProperty,H=R((e,t)=>Ka(e,"name",{value:t,configurable:!0}),"a");const Oe=H(e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,"explainKey"),qa=H(e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all","isSelectAll"),Ja=H((e,t)=>{if(qa(t))return e;const a=String(t).trim();if(/^\d+$/.test(a)){const r=Number.parseInt(a,10)-1,n=e[r];return n?[n]:[]}const i=a.toLowerCase();return e.filter(r=>{const{aliases:n,id:o}=r.vulnerability;return o.toLowerCase()===i||(n??[]).some(c=>c.toLowerCase()===i)})},"selectTargets"),Ya=H(e=>{const{packageName:t,packageVersion:a,vulnerability:i}=e,r=(i.aliases??[]).join(", ")||"none",n=(i.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
|
|
2
2
|
|
|
3
3
|
Package: ${t}@${a}
|
|
4
4
|
Advisory: ${i.id} (aliases: ${r})
|
|
@@ -50,7 +50,7 @@ ${m}`,ft(r,d),i.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.y
|
|
|
50
50
|
<td class="px-3 py-3 align-top text-[12px] font-medium tabular-nums">${String(x.versionCount)}</td>
|
|
51
51
|
<td class="px-3 py-3 align-top"><code class="text-[12px]">${x.versions.map(j=>S(j)).join(", ")}</code></td>
|
|
52
52
|
</tr>`).join(`
|
|
53
|
-
`),y=(e.policyDecisions??[]).filter(x=>x.policy!=="vulnerability"),g=[...y].sort((x,j)=>{const
|
|
53
|
+
`),y=(e.policyDecisions??[]).filter(x=>x.policy!=="vulnerability"),g=[...y].sort((x,j)=>{const L=ee(fe=>fe==="block"?0:fe==="warn"?1:2,"rank");return L(x.severity)-L(j.severity)||x.policy.localeCompare(j.policy)||x.packageName.localeCompare(j.packageName)}).map(x=>{const j=x.acceptedRisk?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">[acknowledged]</span>':"";return`<tr>
|
|
54
54
|
<td class="px-3 py-3 align-top"><span class="policy-badge policy-${x.severity} inline-flex items-center gap-[7px] rounded-[3px] py-1 pr-2 pl-[7px] text-[10px] font-bold uppercase">${x.severity.toUpperCase()}</span></td>
|
|
55
55
|
<td class="px-3 py-3 align-top"><code class="uppercase">${S(x.policy)}</code></td>
|
|
56
56
|
<td class="px-3 py-3 align-top"><code class="uppercase">${S(x.packageName)}</code></td>
|
|
@@ -279,7 +279,7 @@ ${w}
|
|
|
279
279
|
</body>
|
|
280
280
|
</html>
|
|
281
281
|
`},"emitAuditHtml");var Ei=Object.defineProperty,Xe=R((e,t)=>Ei(e,"name",{value:t,configurable:!0}),"u$1");const Oi={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},He=Xe((e,t)=>`pkg:npm/${e}@${t}`,"productId"),wt=Xe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),Pi=Xe(e=>{const t=e.now??new Date,a=t.toISOString(),i=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,r=[...wt(e.findings,o=>o.packageName).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>({branches:[...new Set(c.map(l=>l.packageVersion))].sort().map(l=>{const d=He(o,l);return{category:"product_version",name:l,product:{name:`${o}@${l}`,product_id:d,product_identification_helper:{purl:d}}}}),category:"product_name",name:o})),n=[...wt(e.findings,o=>o.vulnerability.id).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>{const l=c[0].vulnerability,d=[...new Set(c.map($=>He($.packageName,$.packageVersion)))].sort(),m=o.startsWith("CVE-"),b=[o,...l.aliases??[]],h=m?o:b.find($=>$.startsWith("CVE-")),w=b.filter($=>$!==h).map($=>({system_name:$.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:$})),y=Ze(l),g=c.filter($=>$.acknowledged).map($=>He($.packageName,$.packageVersion));return{...h?{cve:h}:{},...w.length>0?{ids:w}:{},notes:[{category:"description",text:l.summary||`Advisory ${o}`,title:"Advisory description"}],product_status:{known_affected:d},references:[{category:"external",summary:`${o} advisory record`,url:V(o)}],scores:[{cvss_v3:{baseScore:y,baseSeverity:Oi[l.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:d}],title:l.summary.split(`
|
|
282
|
-
`)[0]?.slice(0,200)||o,...g.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:g}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${i}`,tracking:{current_release_date:a,id:i,initial_release_date:a,revision_history:[{date:a,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...r.length>0?{product_tree:{branches:r}}:{},...n.length>0?{vulnerabilities:n}:{}}},"emitCsaf");var Di=Object.defineProperty,Qe=R((e,t)=>Di(e,"name",{value:t,configurable:!0}),"l$2");const
|
|
282
|
+
`)[0]?.slice(0,200)||o,...g.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:g}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${i}`,tracking:{current_release_date:a,id:i,initial_release_date:a,revision_history:[{date:a,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...r.length>0?{product_tree:{branches:r}}:{},...n.length>0?{vulnerabilities:n}:{}}},"emitCsaf");var Di=Object.defineProperty,Qe=R((e,t)=>Di(e,"name",{value:t,configurable:!0}),"l$2");const Mi={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},yt=Qe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),Li=Qe((e,t=new Date)=>{const a=yt(e,r=>r.vulnerability.id),i=t.toISOString();return[...a.entries()].sort(([r],[n])=>r.localeCompare(n)).map(([r,n])=>{const o=n[0].vulnerability,c=Mi[o.severity]??"unknown",l=Ze(o),d=[...yt(n,y=>y.packageName).entries()].sort(([y],[g])=>y.localeCompare(g)).map(([y,g])=>{const $=[...new Set(g.map(x=>x.packageVersion))].sort();return{ref:ja(y,$[0]),versions:$.map(x=>({status:"affected",version:x}))}}),m=(o.aliases??[]).filter(y=>y!==r).map(y=>({id:y,source:{name:je(y),url:V(y)}})),b=n.some(y=>y.acknowledged),h=n.every(y=>y.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:b?{state:"in_triage"}:void 0,w=o.fixedVersions??[];return{"bom-ref":`vuln:${r}`,id:r,source:{name:je(r),url:V(r)},...m.length>0?{references:m}:{},description:o.summary||`Advisory ${r}`,ratings:[{method:"CVSSv31",score:l,severity:c,source:{name:je(r),url:V(r)}}],...w.length>0?{recommendation:`Upgrade to one of: ${w.join(", ")}`}:{},affects:d,created:i,published:i,...h?{analysis:h}:{}}})},"buildCycloneDxVulnerabilities"),Ti=Qe(e=>{const t=Li(e.findings,e.now);return{...e.bom,vulnerabilities:t}},"emitCycloneDxVex");var Vi=Object.defineProperty,et=R((e,t)=>Vi(e,"name",{value:t,configurable:!0}),"c$2");const Mt="15.2.1",zi=`https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v${Mt}/dist/dependency-scanning-report-format.json`,Wi={CRITICAL:"Critical",HIGH:"High",LOW:"Low",MODERATE:"Medium",UNKNOWN:"Unknown"},_i={block:"High",info:"Info",warn:"Medium"},Fi=Uint8Array.from([107,167,184,18,157,173,17,209,128,180,0,192,79,212,48,200]),bt=et(e=>{const t=Ia("sha1");t.update(Fi),t.update(e,"utf8");const a=t.digest();a[6]=(a[6]??0)&15|80,a[8]=(a[8]??0)&63|128;const i=a.subarray(0,16).toString("hex");return`${i.slice(0,8)}-${i.slice(8,12)}-${i.slice(12,16)}-${i.slice(16,20)}-${i.slice(20,32)}`},"uuidV5"),xt=et(e=>e.startsWith("CVE-")?{name:e,type:"cve",url:V(e),value:e}:e.startsWith("GHSA-")?{name:e,type:"ghsa",url:V(e),value:e}:{name:e,type:"osv",url:V(e),value:e},"identifierFromAdvisoryId"),Ui=et(e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),a=e.artifactUri??(Ot(e.workspaceRoot,`${e.workspaceRoot}/package.json`)||"package.json"),i=[];for(const r of e.findings){const{acknowledged:n,packageName:o,packageVersion:c,vulnerability:l}=r,d=[xt(l.id)];for(const w of l.aliases??[])w!==l.id&&d.push(xt(w));const m=[{name:`${je(l.id)} advisory`,url:V(l.id)}],b=l.summary||`Advisory ${l.id}`,h=l.fixedVersions.length>0?`Upgrade ${o} to ${l.fixedVersions.join(" or ")}`:void 0;i.push({description:b,...n?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${l.id}|${o}@${c}`),identifiers:d,links:m,location:{dependency:{package:{name:o},version:c},file:a},name:`${l.id}: ${o}@${c}`,severity:Wi[l.severity],...h?{solution:h}:{}})}for(const r of e.policyDecisions??[]){if(r.policy==="vulnerability")continue;const n=`vis.policy.${r.policy}`;i.push({description:r.reason,...r.acceptedRisk?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${n}|${r.packageName}@${r.version}`),identifiers:[{name:n,type:"vis_policy",url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`,value:n}],links:[{name:`vis policy: ${r.policy}`,url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`}],location:{dependency:{package:{name:r.packageName},version:r.version},file:a},name:`vis policy '${r.policy}': ${r.packageName}@${r.version}`,severity:_i[r.severity]})}return{scan:{analyzer:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},end_time:t,scanner:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},start_time:t,status:"success",type:"dependency_scanning"},schema:zi,version:Mt,vulnerabilities:i}},"emitGitlabDepScan");var Hi=Object.defineProperty,ue=R((e,t)=>Hi(e,"name",{value:t,configurable:!0}),"p$1");const Q=ue(e=>e.replaceAll("&","&").replaceAll("<","<").replaceAll(">",">").replaceAll('"',""").replaceAll("'","'"),"escapeAttribute"),kt=ue(e=>`<![CDATA[${e.replaceAll("]]>","]]]]><![CDATA[>")}]]>`,"cdata"),Gi=ue(e=>{let t="";return e.status==="skipped"?t=` <skipped/>
|
|
283
283
|
`:e.status==="failure"?t=` <failure type="${Q(e.failureType)}" message="${Q(e.failureMessage)}">${kt(e.failureText)}</failure>
|
|
284
284
|
`:e.systemOut!==void 0&&(t=` <system-out>${kt(e.systemOut)}</system-out>
|
|
285
285
|
`),` <testcase classname="${Q(e.classname)}" name="${Q(e.name)}">
|
|
@@ -292,8 +292,8 @@ ${w.summary||`Advisory ${w.id}`}${y}`,failureType:Ke(w.severity).toUpperCase(),n
|
|
|
292
292
|
<testsuites name="${Q(a)}" tests="${String(n)}" failures="${String(o)}" skipped="${String(c)}" errors="0" time="0">
|
|
293
293
|
`;return l+=$t("vulnerabilities",i,t),r.length>0&&(l+=$t("policies",r,t)),l+=`</testsuites>
|
|
294
294
|
`,l},"emitJUnitAudit");var Ki=Object.defineProperty,qi=R((e,t)=>Ki(e,"name",{value:t,configurable:!0}),"g$1");const Ji=qi(e=>{const t=new Map,a=[],i=e.artifactUri??(Ot(e.workspaceRoot,Ea(e.workspaceRoot,"package.json"))||"package.json");for(const o of e.findings){const{acknowledged:c,packageName:l,packageVersion:d,vulnerability:m}=o,b=hi(m.severity),h=Ke(m.severity);t.has(m.id)||t.set(m.id,{defaultConfiguration:{level:b},fullDescription:{text:m.summary||`Advisory ${m.id}`},helpUri:V(m.id),id:m.id,name:m.id,properties:{precision:"very-high","security-severity":wi(m),"severity-label":h,tags:["security","vulnerability","supply-chain",`severity:${h}`]},shortDescription:{text:(m.summary.split(`
|
|
295
|
-
`)[0]??m.id).slice(0,200)}}),a.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${l}@${d}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:`${m.id}: ${l}@${d} — ${m.summary||"no summary"}${m.fixedVersions.length>0?` (fix: ${m.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:m.id,package:l,version:d},properties:{...c?{acknowledged:!0}:{},...m.aliases&&m.aliases.length>0?{aliases:m.aliases}:{},...typeof m.cvssScore=="number"?{cvssScore:m.cvssScore}:{},...m.fixedVersions.length>0?{fixedVersions:m.fixedVersions}:{},packageName:l,packageVersion:d,severityLabel:h},ruleId:m.id})}const r={block:"error",info:"note",warn:"warning"},n={block:"high",info:"none",warn:"medium"};for(const o of e.policyDecisions??[]){if(o.policy==="vulnerability")continue;const c=`vis.policy.${o.policy}`,l=r[o.severity],d=n[o.severity];t.has(c)||t.set(c,{defaultConfiguration:{level:l},fullDescription:{text:`vis policy '${o.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${o.policy}`,id:c,name:c,properties:{precision:"high","security-severity":o.severity==="block"?"8.0":o.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${o.policy}`]},shortDescription:{text:`vis policy: ${o.policy}`}}),a.push({level:l,locations:[{logicalLocations:[{kind:"package",name:`${o.packageName}@${o.version}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:o.reason},partialFingerprints:{package:o.packageName,policy:o.policy,version:o.version},properties:{...o.acceptedRisk?{acknowledged:!0}:{},packageName:o.packageName,packageVersion:o.version,severityLabel:d},ruleId:c})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:a,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Yi=Object.defineProperty,re=R((e,t)=>Yi(e,"name",{value:t,configurable:!0}),"c$1");const Zi=["dependencies","devDependencies","optionalDependencies","peerDependencies"],St=re(e=>{try{return{path:e,pkg:It(e)}}catch{return}},"readPackageJsonSafe"),Xi=re(e=>{const t=[],a=St(U(e,"package.json"));a&&t.push({path:a.path,pkg:a.pkg,workspaceName:a.pkg.name});const i=oa(e);let r;if(i?r=i:a?.pkg.workspaces&&(Array.isArray(a.pkg.workspaces)?r=a.pkg.workspaces:a.pkg.workspaces.packages&&(r=a.pkg.workspaces.packages)),!r)return t;for(const n of sa(e,r)){const o=St(U(e,n,"package.json"));o&&t.push({path:o.path,pkg:o.pkg,workspaceName:o.pkg.name})}return t},"collectWorkspaceManifests"),Qi=re((e,t)=>{const a=[];for(const i of e)for(const r of Zi){const n=i.pkg[r]?.[t];typeof n=="string"&&a.push({field:r,manifest:i,range:n})}return a},"findDeclarations"),
|
|
296
|
-
`)},"formatDirectApplyPlan");var ir=Object.defineProperty,De=R((e,t)=>ir(e,"name",{value:t,configurable:!0}),"l");const rr=5,nr=64,or=De((e,t)=>{if(t.length===0)return[];const a=new Set;for(const i of e){if(t.includes(i)){a.add(i);continue}let r=!1;for(const n of t)try{T.satisfies(n,i)&&(a.add(n),r=!0)}catch{}!r&&t.length===1&&a.add(t[0])}return[...a]},"resolveSpecifierVersions"),sr=De(e=>{const t=new Map;for(const r of e.entries){let n=t.get(r.name);n||(n=[],t.set(r.name,n)),n.includes(r.version)||n.push(r.version)}const a=new Map;for(const r of e.entries){const n=`${r.name}@${r.version}`;let o=a.get(n);o||(o=new Map,a.set(n,o));for(const c of[r.dependencies,r.peerDependencies,r.optionalDependencies])if(c)for(const[l,d]of Object.entries(c)){const m=t.get(l)??[],b=or(d,m);for(const h of b){const w=`${l}@${h}`;o.has(w)||o.set(w,{name:l,version:h})}}}const i=new Map;for(const[r,n]of a)i.set(r,{children:[...n.values()]});return{adjacency:i,versionsByName:t}},"buildAdjacency"),cr=De((e,t)=>{const a=t.get(e.name);if(!(!a||a.length===0)){if(a.includes(e.version))return{name:e.name,version:e.version};for(const i of a)try{if(T.satisfies(i,e.version))return{name:e.name,version:i}}catch{}if(a.length===1)return{name:e.name,version:a[0]}}},"resolveRootNode"),lr=De((e,t,a={})=>{const i=a.maxPathsPerTarget??rr,r=a.maxDepth??nr;if(i<=0)return[];const{adjacency:n,versionsByName:o}=sr(e),c=`${t.name}@${t.version}`,l=[],d=[],m=new Set;for(const w of e.roots){const y=cr(w,o);if(!y)continue;const g=`${y.name}@${y.version}`;m.has(g)||(m.add(g),d.push(y))}const b=[];for(const w of d){const y=`${w.name}@${w.version}`;if(y===c){if(l.push([w]),l.length>=i)return l;continue}b.push({node:w,path:[w],visited:new Set([y])})}let h=0;for(;h<b.length&&l.length<i;){const w=b[h];if(h+=1,w.path.length>=r)continue;const y=n.get(`${w.node.name}@${w.node.version}`)?.children??[];for(const g of y){const $=`${g.name}@${g.version}`;if(w.visited.has($))continue;const x=[...w.path,g];if($===c){if(l.push(x),l.length>=i)return l;continue}const j=new Set(w.visited);j.add($),b.push({node:g,path:x,visited:j})}}return l},"buildDependencyPaths");var pr=Object.defineProperty,z=R((e,t)=>pr(e,"name",{value:t,configurable:!0}),"i");const dr={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},gr={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},Tt=z(e=>gr[e.toLowerCase()]??e,"canonicalEcosystem"),ur=z((e,t)=>{const a=Tt(t),i=dr[a]??[];for(const r of i){const n=U(e,r);if(At(n))return n}},"findEcosystemLockfile"),fr=z(e=>{const t=new Set,a=[];for(const i of e){const r=`${i.name}@${i.version}`;t.has(r)||(t.add(r),a.push(i))}return a},"dedupe"),mr=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,hr=/^\s*name\s*=\s*"([^"]+)"\s*$/m,vr=/^\s*version\s*=\s*"([^"]+)"\s*$/m,wr=z(e=>{const t=[];for(const a of e.matchAll(mr)){const i=a[1]??"",r=hr.exec(i)?.[1],n=vr.exec(i)?.[1];r&&n&&t.push({isDev:!1,name:r,version:n})}return t},"parseTomlPackages"),yr=z(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const a=[];for(const i of["default","develop"]){const r=t[i];if(!(typeof r!="object"||r===null))for(const[n,o]of Object.entries(r)){if(typeof o!="object"||o===null)continue;const c=o.version;if(typeof c!="string")continue;const l=c.replace(/^==/,"").trim();l.length>0&&a.push({isDev:!1,name:n,version:l})}}return a},"parsePipfileLock"),br=/<dependency>([\s\S]*?)<\/dependency>/g,xr=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,kr=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,$r=/<version>\s*([^<\s]+)\s*<\/version>/,Sr=z(e=>{const t=[];for(const a of e.matchAll(br)){const i=a[1]??"",r=xr.exec(i)?.[1],n=kr.exec(i)?.[1],o=$r.exec(i)?.[1];!r||!n||!o||o.startsWith("${")||t.push({isDev:!1,name:`${r}:${n}`,version:o})}return t},"parsePomXml"),Ar=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0||i.startsWith("#"))continue;const r=i.indexOf("="),n=(r===-1?i:i.slice(0,r)).split(":");if(n.length<3)continue;const[o,c,l]=n;!o||!c||!l||t.push({isDev:!1,name:`${o}:${c}`,version:l})}return t},"parseGradleLockfile"),Nr=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0)continue;const r=i.split(/\s+/);if(r.length<3)continue;const[n,o]=r;if(!n||!o?.endsWith("/go.mod"))continue;const c=o.slice(0,-7);c.length!==0&&t.push({isDev:!1,name:n,version:c})}return t},"parseGoSum"),Cr=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,jr=z(e=>{const t=[];let a=!1,i=!1;for(const r of e.split(/\r?\n/)){if(r.startsWith("GEM")){a=!0,i=!1;continue}if(a&&/^[A-Z]/.test(r)){a=!1,i=!1;continue}if(a&&r.trim()==="specs:"){i=!0;continue}if(i){const n=Cr.exec(r);if(n){const[,o,c]=n;o&&c&&t.push({isDev:!1,name:o,version:c})}}}return t},"parseGemfileLock"),Rr=z((e,t)=>{const a=ur(e,t);if(!a)return[];let i;try{i=Nt(a,"utf8")}catch{return[]}const r=a.split(/[/\\]/).pop()??"";let n;switch(r){case"Cargo.lock":case"poetry.lock":case"uv.lock":{n=wr(i);break}case"Gemfile.lock":{n=jr(i);break}case"go.sum":{n=Nr(i);break}case"gradle.lockfile":{n=Ar(i);break}case"Pipfile.lock":{n=yr(i);break}case"pom.xml":{n=Sr(i);break}default:return[]}return fr(n)},"lockedPackagesForEcosystem");var Ir=Object.defineProperty,ge=R((e,t)=>Ir(e,"name",{value:t,configurable:!0}),"c");const Er=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Or=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],Pr=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Dr=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,
|
|
295
|
+
`)[0]??m.id).slice(0,200)}}),a.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${l}@${d}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:`${m.id}: ${l}@${d} — ${m.summary||"no summary"}${m.fixedVersions.length>0?` (fix: ${m.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:m.id,package:l,version:d},properties:{...c?{acknowledged:!0}:{},...m.aliases&&m.aliases.length>0?{aliases:m.aliases}:{},...typeof m.cvssScore=="number"?{cvssScore:m.cvssScore}:{},...m.fixedVersions.length>0?{fixedVersions:m.fixedVersions}:{},packageName:l,packageVersion:d,severityLabel:h},ruleId:m.id})}const r={block:"error",info:"note",warn:"warning"},n={block:"high",info:"none",warn:"medium"};for(const o of e.policyDecisions??[]){if(o.policy==="vulnerability")continue;const c=`vis.policy.${o.policy}`,l=r[o.severity],d=n[o.severity];t.has(c)||t.set(c,{defaultConfiguration:{level:l},fullDescription:{text:`vis policy '${o.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${o.policy}`,id:c,name:c,properties:{precision:"high","security-severity":o.severity==="block"?"8.0":o.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${o.policy}`]},shortDescription:{text:`vis policy: ${o.policy}`}}),a.push({level:l,locations:[{logicalLocations:[{kind:"package",name:`${o.packageName}@${o.version}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:o.reason},partialFingerprints:{package:o.packageName,policy:o.policy,version:o.version},properties:{...o.acceptedRisk?{acknowledged:!0}:{},packageName:o.packageName,packageVersion:o.version,severityLabel:d},ruleId:c})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:a,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Yi=Object.defineProperty,re=R((e,t)=>Yi(e,"name",{value:t,configurable:!0}),"c$1");const Zi=["dependencies","devDependencies","optionalDependencies","peerDependencies"],St=re(e=>{try{return{path:e,pkg:It(e)}}catch{return}},"readPackageJsonSafe"),Xi=re(e=>{const t=[],a=St(U(e,"package.json"));a&&t.push({path:a.path,pkg:a.pkg,workspaceName:a.pkg.name});const i=oa(e);let r;if(i?r=i:a?.pkg.workspaces&&(Array.isArray(a.pkg.workspaces)?r=a.pkg.workspaces:a.pkg.workspaces.packages&&(r=a.pkg.workspaces.packages)),!r)return t;for(const n of sa(e,r)){const o=St(U(e,n,"package.json"));o&&t.push({path:o.path,pkg:o.pkg,workspaceName:o.pkg.name})}return t},"collectWorkspaceManifests"),Qi=re((e,t)=>{const a=[];for(const i of e)for(const r of Zi){const n=i.pkg[r]?.[t];typeof n=="string"&&a.push({field:r,manifest:i,range:n})}return a},"findDeclarations"),Lt=re(e=>{const t=Xi(e.workspaceRoot),a=[],i=[],r=[],n=new Set;for(const o of e.findings){const c=o.vulnerability.fixedVersions[0];if(!c){r.push({packageName:o.packageName,reason:"no-fixed-version"});continue}const l=Qi(t,o.packageName);if(l.length===0){r.push({packageName:o.packageName,reason:"transitive-only"});continue}const d=T.coerce(c),m=d?`^${d.version}`:c,b=d?d.version:c;for(const h of l){const w=`${h.manifest.path}::${h.field}::${o.packageName}::${b}`;if(n.has(w))continue;n.add(w);const y=tr(b,h.range),g={currentRange:h.range,field:h.field,inRange:y,manifestPath:h.manifest.path,packageName:o.packageName,targetSpec:m,targetVersion:b,workspaceName:h.manifest.workspaceName};y||e.allowMajor===!0?a.push(g):i.push(g)}}return{apply:a,skippedMajor:i,unmatched:r}},"buildDirectApplyPlan"),er=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,tr=re((e,t)=>{if(er.test(t))return!0;const a=T.coerce(e)?.version??e;try{return T.satisfies(a,t)}catch{return!0}},"satisfiesRange"),ar=re(e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const a of e.apply){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` + ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const a of e.skippedMajor){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` ! ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.unmatched.length>0){const a=e.unmatched.filter(r=>r.reason==="transitive-only"),i=e.unmatched.filter(r=>r.reason==="no-fixed-version");if(a.length>0){t.push(`Transitive only (${String(a.length)}, requires --fix-transitive):`);for(const r of a)t.push(` · ${r.packageName}`)}if(i.length>0){t.push(`No fixed version available (${String(i.length)}):`);for(const r of i)t.push(` · ${r.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
|
|
296
|
+
`)},"formatDirectApplyPlan");var ir=Object.defineProperty,De=R((e,t)=>ir(e,"name",{value:t,configurable:!0}),"l");const rr=5,nr=64,or=De((e,t)=>{if(t.length===0)return[];const a=new Set;for(const i of e){if(t.includes(i)){a.add(i);continue}let r=!1;for(const n of t)try{T.satisfies(n,i)&&(a.add(n),r=!0)}catch{}!r&&t.length===1&&a.add(t[0])}return[...a]},"resolveSpecifierVersions"),sr=De(e=>{const t=new Map;for(const r of e.entries){let n=t.get(r.name);n||(n=[],t.set(r.name,n)),n.includes(r.version)||n.push(r.version)}const a=new Map;for(const r of e.entries){const n=`${r.name}@${r.version}`;let o=a.get(n);o||(o=new Map,a.set(n,o));for(const c of[r.dependencies,r.peerDependencies,r.optionalDependencies])if(c)for(const[l,d]of Object.entries(c)){const m=t.get(l)??[],b=or(d,m);for(const h of b){const w=`${l}@${h}`;o.has(w)||o.set(w,{name:l,version:h})}}}const i=new Map;for(const[r,n]of a)i.set(r,{children:[...n.values()]});return{adjacency:i,versionsByName:t}},"buildAdjacency"),cr=De((e,t)=>{const a=t.get(e.name);if(!(!a||a.length===0)){if(a.includes(e.version))return{name:e.name,version:e.version};for(const i of a)try{if(T.satisfies(i,e.version))return{name:e.name,version:i}}catch{}if(a.length===1)return{name:e.name,version:a[0]}}},"resolveRootNode"),lr=De((e,t,a={})=>{const i=a.maxPathsPerTarget??rr,r=a.maxDepth??nr;if(i<=0)return[];const{adjacency:n,versionsByName:o}=sr(e),c=`${t.name}@${t.version}`,l=[],d=[],m=new Set;for(const w of e.roots){const y=cr(w,o);if(!y)continue;const g=`${y.name}@${y.version}`;m.has(g)||(m.add(g),d.push(y))}const b=[];for(const w of d){const y=`${w.name}@${w.version}`;if(y===c){if(l.push([w]),l.length>=i)return l;continue}b.push({node:w,path:[w],visited:new Set([y])})}let h=0;for(;h<b.length&&l.length<i;){const w=b[h];if(h+=1,w.path.length>=r)continue;const y=n.get(`${w.node.name}@${w.node.version}`)?.children??[];for(const g of y){const $=`${g.name}@${g.version}`;if(w.visited.has($))continue;const x=[...w.path,g];if($===c){if(l.push(x),l.length>=i)return l;continue}const j=new Set(w.visited);j.add($),b.push({node:g,path:x,visited:j})}}return l},"buildDependencyPaths");var pr=Object.defineProperty,z=R((e,t)=>pr(e,"name",{value:t,configurable:!0}),"i");const dr={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},gr={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},Tt=z(e=>gr[e.toLowerCase()]??e,"canonicalEcosystem"),ur=z((e,t)=>{const a=Tt(t),i=dr[a]??[];for(const r of i){const n=U(e,r);if(At(n))return n}},"findEcosystemLockfile"),fr=z(e=>{const t=new Set,a=[];for(const i of e){const r=`${i.name}@${i.version}`;t.has(r)||(t.add(r),a.push(i))}return a},"dedupe"),mr=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,hr=/^\s*name\s*=\s*"([^"]+)"\s*$/m,vr=/^\s*version\s*=\s*"([^"]+)"\s*$/m,wr=z(e=>{const t=[];for(const a of e.matchAll(mr)){const i=a[1]??"",r=hr.exec(i)?.[1],n=vr.exec(i)?.[1];r&&n&&t.push({isDev:!1,name:r,version:n})}return t},"parseTomlPackages"),yr=z(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const a=[];for(const i of["default","develop"]){const r=t[i];if(!(typeof r!="object"||r===null))for(const[n,o]of Object.entries(r)){if(typeof o!="object"||o===null)continue;const c=o.version;if(typeof c!="string")continue;const l=c.replace(/^==/,"").trim();l.length>0&&a.push({isDev:!1,name:n,version:l})}}return a},"parsePipfileLock"),br=/<dependency>([\s\S]*?)<\/dependency>/g,xr=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,kr=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,$r=/<version>\s*([^<\s]+)\s*<\/version>/,Sr=z(e=>{const t=[];for(const a of e.matchAll(br)){const i=a[1]??"",r=xr.exec(i)?.[1],n=kr.exec(i)?.[1],o=$r.exec(i)?.[1];!r||!n||!o||o.startsWith("${")||t.push({isDev:!1,name:`${r}:${n}`,version:o})}return t},"parsePomXml"),Ar=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0||i.startsWith("#"))continue;const r=i.indexOf("="),n=(r===-1?i:i.slice(0,r)).split(":");if(n.length<3)continue;const[o,c,l]=n;!o||!c||!l||t.push({isDev:!1,name:`${o}:${c}`,version:l})}return t},"parseGradleLockfile"),Nr=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0)continue;const r=i.split(/\s+/);if(r.length<3)continue;const[n,o]=r;if(!n||!o?.endsWith("/go.mod"))continue;const c=o.slice(0,-7);c.length!==0&&t.push({isDev:!1,name:n,version:c})}return t},"parseGoSum"),Cr=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,jr=z(e=>{const t=[];let a=!1,i=!1;for(const r of e.split(/\r?\n/)){if(r.startsWith("GEM")){a=!0,i=!1;continue}if(a&&/^[A-Z]/.test(r)){a=!1,i=!1;continue}if(a&&r.trim()==="specs:"){i=!0;continue}if(i){const n=Cr.exec(r);if(n){const[,o,c]=n;o&&c&&t.push({isDev:!1,name:o,version:c})}}}return t},"parseGemfileLock"),Rr=z((e,t)=>{const a=ur(e,t);if(!a)return[];let i;try{i=Nt(a,"utf8")}catch{return[]}const r=a.split(/[/\\]/).pop()??"";let n;switch(r){case"Cargo.lock":case"poetry.lock":case"uv.lock":{n=wr(i);break}case"Gemfile.lock":{n=jr(i);break}case"go.sum":{n=Nr(i);break}case"gradle.lockfile":{n=Ar(i);break}case"Pipfile.lock":{n=yr(i);break}case"pom.xml":{n=Sr(i);break}default:return[]}return fr(n)},"lockedPackagesForEcosystem");var Ir=Object.defineProperty,ge=R((e,t)=>Ir(e,"name",{value:t,configurable:!0}),"c");const Er=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Or=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],Pr=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Dr=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,Mr=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Lr=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Tr=ge(e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const a=t.split("/");return a.length<2?void 0:`${a[0]}/${a[1]}`}return t.split("/")[0]}},"normalizePackageName"),Vr=ge(e=>{const t=new Set,a=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),i=ge(r=>{r.lastIndex=0;let n;for(;(n=r.exec(a))!==null;){const o=Tr(n[1]);o&&t.add(o)}},"collect");return i(Dr),i(Mr),i(Lr),t},"extractImportedNames"),zr=ge(e=>{const t=new Set;try{const a=It(e);for(const i of Pr){const r=a[i];if(r&&typeof r=="object"&&!Array.isArray(r))for(const n of Object.keys(r))t.add(n)}}catch{}return t},"extractPackageJsonNames"),Wr=ge(e=>{const t=e.skip??Or,a=e.extensions??Er,i=new Set;let r=0;const n=vt(e.workspaceRoot,{extensions:a,includeDirs:!1,skip:t});for(const l of n){r+=1;try{const d=Nt(l,"utf8");for(const m of Vr(d))i.add(m)}catch{}}const o=vt(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(l=>l.endsWith("/package.json")||l.endsWith(String.raw`\package.json`)||l.endsWith("package.json"));for(const l of o)for(const d of zr(l))i.add(d);if(e.alwaysAssumeUsed)for(const l of e.alwaysAssumeUsed)i.add(l);const c=new Set;for(const l of e.vulnerablePackages)i.has(l)&&c.add(l);return{filesScanned:r,importedTotal:i,reachable:c}},"computeReachableVulnerablePackages");var _r=Object.defineProperty,W=R((e,t)=>_r(e,"name",{value:t,configurable:!0}),"o");const Fr=W(e=>{const t=T.coerce(e)?.major;return t!==void 0&&t>=10},"PNPM_V10_PLUS"),Ur=W(e=>Object.fromEntries(Object.entries(e).sort(([t],[a])=>t.localeCompare(a))),"sortByKey"),Hr=W((e,t)=>`${JSON.stringify(e,void 0,t)}
|
|
297
297
|
`,"stringifyJson"),Vt=W((e,t)=>{if(t.name==="pnpm"&&Fr(t.version))return{filePath:U(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const a=U(e,"package.json");return t.name==="pnpm"?{filePath:a,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:a,surface:"package.json#resolutions"}:{filePath:a,surface:"package.json#overrides"}},"resolveOverrideSurface"),Gr=W((e,t)=>{const{filePath:a,surface:i}=Vt(e,t);if(!ae(a))return{};if(i==="pnpm-workspace.yaml")try{return Ye(a)?.overrides??{}}catch{return{}}try{const r=JSON.parse(Ee(a));return i==="package.json#pnpm.overrides"?(r.pnpm??{}).overrides??{}:i==="package.json#resolutions"?r.resolutions??{}:r.overrides??{}}catch{return{}}},"readExistingOverrides"),Br=W((e,t)=>{const a=Object.keys(t).sort();if(a.length===0&&!/^overrides\s*:/m.test(e))return e;const i=`overrides:
|
|
298
298
|
${a.map(r=>` '${r}': '${t[r]}'`).join(`
|
|
299
299
|
`)}
|
|
@@ -302,21 +302,21 @@ ${a.map(r=>` '${r}': '${t[r]}'`).join(`
|
|
|
302
302
|
`}return`${e.endsWith(`
|
|
303
303
|
`)?e:`${e}
|
|
304
304
|
`}
|
|
305
|
-
${i}`},"renderPnpmWorkspaceOverrides"),Kr=W((e,t,a,i)=>{const r=ca(e,t.length>0?t:void 0),n=t.length>0?JSON.parse(t):{};if(a==="package.json#pnpm.overrides"){const o=n.pnpm??{};o.overrides=i,n.pnpm=o}else a==="package.json#resolutions"?n.resolutions=i:n.overrides=i;return Hr(n,r)},"renderPackageJsonWithOverrides"),qr=W((e,t,a)=>{const{filePath:i,surface:r}=Vt(e,a),n=Gr(e,a),o=ae(i)?Ee(i):"",c=[],l={...n};for(const h of t.entries){const w=n[h.packageName];if(w===h.spec){c.push({...h,previousSpec:w,status:"unchanged"});continue}w===void 0?c.push({...h,status:"added"}):c.push({...h,previousSpec:w,status:"updated"}),l[h.packageName]=h.spec}const d=Ur(l),m=c.some(h=>h.status!=="unchanged"),b=r==="pnpm-workspace.yaml"?Br(o,d):Kr(i,o,r,d);return{changed:m,entries:c,filePath:i,nextContent:b,previousContent:o,surface:r}},"planOverrideWrite"),Jr=W(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{Ct(t,e.nextContent),Zt(t,e.filePath)}catch(a){try{Xt(t)}catch{}throw a}return e},"applyOverridePlan"),Yr=W(e=>{const t=new Map;for(const a of e){const i=a.vulnerability.fixedVersions[0];if(!i)continue;const r=T.coerce(i),n=r?`^${r.version}`:i;t.set(a.packageName,n)}return{entries:[...t.entries()].sort(([a],[i])=>a.localeCompare(i)).map(([a,i])=>({packageName:a,spec:i}))}},"buildOverridePlanFromFindings");var Zr=Object.defineProperty,N=R((e,t)=>Zr(e,"name",{value:t,configurable:!0}),"m");const Xr={critical:Ie,high:Rt,low:jt,medium:Re},qe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),Qr=N(e=>{const t=(e??"npm").split(",").map(r=>r.trim()).filter(r=>r.length>0),a=t.length>0?t:["npm"],i=a.filter(r=>!qe.has(r.toLowerCase()));return{all:a,unsupported:i}},"parseEcosystems"),en={CRITICAL:Ie,HIGH:Rt,LOW:jt,MODERATE:Re,UNKNOWN:
|
|
306
|
-
${a.summary}${c}`},"formatVulnLine"),an=N((e,t)=>{const a=la(e),i=`${String(Math.round(e.score.overall*100))}%`,r=t?` ${
|
|
307
|
-
`):f.error(p.message),process.exitCode=1;return}}!E&&(C.ignoredAdvisories.length>0||C.excludedPackages.length>0)&&f.info(`Loaded ${String(C.ignoredAdvisories.length)} ignored advisor${C.ignoredAdvisories.length===1?"y":"ies"} and ${String(C.excludedPackages.length)} excluded package${C.excludedPackages.length===1?"":"s"} from ${D.name} config.`),!E&&x.unsupported.length>0&&f.warn(`Ecosystems ${x.unsupported.map(s=>`'${s}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const _=Da(e,D.name,{includeDev:!j});if(_.length===0){f.info(`No ${D.name} lockfile entries found. Run ${D.name} install first.`);return}if(!E){const s=j?"production-only packages":"installed packages";f.info(`Scanning ${String(_.length)} ${s}${g?" (offline)":""}…`)}const he=_.map(s=>({name:s.name,version:s.version})),ve=a?.security?.audit?.advisories?.bloom?.mode??"off";let G=[];if(ve!=="off")try{const s=await Va(e,{softFail:ve==="on"});if(s){if(G=za(s,he).map(p=>({name:p.name,version:p.version})),!E&&G.length>0){f.warn(`osv-bloom prefilter flagged ${String(G.length)} package${G.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const p=10;for(const u of G.slice(0,p))f.warn(` ${Ie("[bloom]")} ${u.name}@${u.version}`);G.length>p&&f.warn(` …and ${String(G.length-p)} more (full list in --format json output)`)}}else E||f.info(
|
|
305
|
+
${i}`},"renderPnpmWorkspaceOverrides"),Kr=W((e,t,a,i)=>{const r=ca(e,t.length>0?t:void 0),n=t.length>0?JSON.parse(t):{};if(a==="package.json#pnpm.overrides"){const o=n.pnpm??{};o.overrides=i,n.pnpm=o}else a==="package.json#resolutions"?n.resolutions=i:n.overrides=i;return Hr(n,r)},"renderPackageJsonWithOverrides"),qr=W((e,t,a)=>{const{filePath:i,surface:r}=Vt(e,a),n=Gr(e,a),o=ae(i)?Ee(i):"",c=[],l={...n};for(const h of t.entries){const w=n[h.packageName];if(w===h.spec){c.push({...h,previousSpec:w,status:"unchanged"});continue}w===void 0?c.push({...h,status:"added"}):c.push({...h,previousSpec:w,status:"updated"}),l[h.packageName]=h.spec}const d=Ur(l),m=c.some(h=>h.status!=="unchanged"),b=r==="pnpm-workspace.yaml"?Br(o,d):Kr(i,o,r,d);return{changed:m,entries:c,filePath:i,nextContent:b,previousContent:o,surface:r}},"planOverrideWrite"),Jr=W(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{Ct(t,e.nextContent),Zt(t,e.filePath)}catch(a){try{Xt(t)}catch{}throw a}return e},"applyOverridePlan"),Yr=W(e=>{const t=new Map;for(const a of e){const i=a.vulnerability.fixedVersions[0];if(!i)continue;const r=T.coerce(i),n=r?`^${r.version}`:i;t.set(a.packageName,n)}return{entries:[...t.entries()].sort(([a],[i])=>a.localeCompare(i)).map(([a,i])=>({packageName:a,spec:i}))}},"buildOverridePlanFromFindings");var Zr=Object.defineProperty,N=R((e,t)=>Zr(e,"name",{value:t,configurable:!0}),"m");const Xr={critical:Ie,high:Rt,low:jt,medium:Re},qe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),Qr=N(e=>{const t=(e??"npm").split(",").map(r=>r.trim()).filter(r=>r.length>0),a=t.length>0?t:["npm"],i=a.filter(r=>!qe.has(r.toLowerCase()));return{all:a,unsupported:i}},"parseEcosystems"),en={CRITICAL:Ie,HIGH:Rt,LOW:jt,MODERATE:Re,UNKNOWN:M},tn=N((e,t,a,i)=>{const r=en[a.severity]??M,n=i?` ${M("[acknowledged]")}`:"",o=a.fixedVersions??[],c=o.length>0?` (fix: ${o.join(", ")})`:"";return` ${r(a.severity)} ${a.id} — ${e}@${t}${n}
|
|
306
|
+
${a.summary}${c}`},"formatVulnLine"),an=N((e,t)=>{const a=la(e),i=`${String(Math.round(e.score.overall*100))}%`,r=t?` ${M("[acknowledged]")}`:"",n=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return` ${i} ${a}@${e.version} (${pa(e.score.overall)}${n})${r}`},"formatSocketLine"),rn=new Set(["aube","auto","vis"]),le=N(e=>e!==void 0&&rn.has(e),"isAuditBackend"),nn=N((e,t,a)=>{if(e!==void 0&&!le(e))throw new Error(`Invalid --backend value '${e}'. Expected one of: aube, auto, vis.`);const i=process.env.VIS_AUDIT_BACKEND;if(i!==void 0&&i!==""&&!le(i))throw new Error(`Invalid VIS_AUDIT_BACKEND value '${i}'. Expected one of: aube, auto, vis.`);const r=le(i)?i:void 0,n=le(t)?t:void 0,o=(le(e)?e:void 0)??r??n??"auto";return o==="aube"?"aube":o==="vis"?"vis":(a?.install?.backend??process.env.VIS_INSTALLER)==="aube"&&va("aube")!==null?"aube":"vis"},"resolveAuditBackend"),on=N(e=>{if(e!==void 0)switch(e){case"critical":return"critical";case"high":return"high";case"low":return"low";case"medium":return"moderate";default:return e}},"mapSeverityToAube"),sn=N((e,t,a)=>{const i=["audit"],r=on(t.severity);r!==void 0&&i.push("--audit-level",r),(t.prodOnly===!0||t.prod===!0)&&i.push("--prod"),(t.json===!0||t.format==="json")&&i.push("--json");const n=t.fix===!0;t["fix-transitive"]===!0||t.fixTransitive===!0?i.push("--fix=override"):n&&i.push("--fix=update");const o=[];t.offline===!0&&o.push("--offline (aube has its own offline cache)"),(t.format==="sarif"||t.format==="csaf"||t.format==="cyclonedx"||t.format==="cyclonedx-vex"||t.format==="gitlab"||t.format==="junit")&&o.push(`--format=${String(t.format)} (only json/text is forwarded to aube)`),o.length>0&&f.warn(`Delegating to 'aube audit'. Skipping vis-only flags: ${o.join(", ")}`);const c=Yt("aube",i,{cwd:e,stdio:"inherit"});if(c.error){const{code:l}=c.error;return l==="ENOENT"?f.error("Backend 'aube' selected but the 'aube' binary was not found on PATH. Install aube or run with --backend vis."):f.error(`Failed to spawn aube: ${c.error.message}`),1}return c.status??1},"runAubeAudit"),cn=N(async(e,t,a,i)=>{if(nn(t.backend,a?.security?.audit?.backend,a)==="aube"){process.exitCode=sn(e,t,a);return}const r=t.severity??"low",n=t.format??"table",o=n==="sarif",c=n==="csaf",l=n==="cyclonedx-vex"||n==="cyclonedx",d=n==="gitlab",m=n==="junit",b=n==="json"||!!t.json,h=t.report,w=a?.security?.audit,y=a?.security?.policies,g=t.offline===void 0?!!w?.offlineByDefault:!!t.offline,$=t.db,x=Qr(t.ecosystem),j=!!t.prodOnly,L=t.failOn??y?.vulnerability?.failOn,fe=!!t.showFixes,me=!!t.showAccepted,Me=a?.security?.acceptedRisks,tt=y?.vulnerability?.usage,_t=t.noUsage?!1:t.usage===void 0?!!tt?.enabled:!!t.usage,E=b||o||c||l||d||m,at=t.explain,Le=at!==void 0,it=Le&&!o&&!c&&!l&&!d&&!m;if(Le&&g){f.error("`--explain` needs network access and cannot run in offline mode (--offline or security.audit.offlineByDefault)."),process.exitCode=1;return}Le&&!it&&f.warn(`\`--explain\` has no effect with --format=${n}; explanations are only rendered in table, json, and HTML output.`);const D=ka(e),C=ri(e,D.name);if(g){const s=$??Pa(e);if(!At(s)){const p=new mt(s);E?process.stderr.write(`${p.message}
|
|
307
|
+
`):f.error(p.message),process.exitCode=1;return}}!E&&(C.ignoredAdvisories.length>0||C.excludedPackages.length>0)&&f.info(`Loaded ${String(C.ignoredAdvisories.length)} ignored advisor${C.ignoredAdvisories.length===1?"y":"ies"} and ${String(C.excludedPackages.length)} excluded package${C.excludedPackages.length===1?"":"s"} from ${D.name} config.`),!E&&x.unsupported.length>0&&f.warn(`Ecosystems ${x.unsupported.map(s=>`'${s}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const _=Da(e,D.name,{includeDev:!j});if(_.length===0){f.info(`No ${D.name} lockfile entries found. Run ${D.name} install first.`);return}if(!E){const s=j?"production-only packages":"installed packages";f.info(`Scanning ${String(_.length)} ${s}${g?" (offline)":""}…`)}const he=_.map(s=>({name:s.name,version:s.version})),ve=a?.security?.audit?.advisories?.bloom?.mode??"off";let G=[];if(ve!=="off")try{const s=await Va(e,{softFail:ve==="on"});if(s){if(G=za(s,he).map(p=>({name:p.name,version:p.version})),!E&&G.length>0){f.warn(`osv-bloom prefilter flagged ${String(G.length)} package${G.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const p=10;for(const u of G.slice(0,p))f.warn(` ${Ie("[bloom]")} ${u.name}@${u.version}`);G.length>p&&f.warn(` …and ${String(G.length-p)} more (full list in --format json output)`)}}else E||f.info(M("osv-bloom cache absent — skipping prefilter (run `vis advisories bloom sync` to enable)."))}catch(s){if(s instanceof Wa&&ve==="required"){const u=`${s.message} (security.audit.advisories.bloom.mode = "required")`;E?process.stderr.write(`${u}
|
|
308
308
|
`):f.error(u),process.exitCode=1;return}const p=s instanceof Error?s.message:String(s);if(ve==="required"){E?process.stderr.write(`osv-bloom prefilter failed: ${p}
|
|
309
|
-
`):f.error(`osv-bloom prefilter failed: ${p}`),process.exitCode=1;return}E||f.warn(`osv-bloom prefilter failed (continuing): ${p}`)}const we=new Set;g?we.add("socket").add("deps-dev"):(gt("socket")&&we.add("socket"),gt("depsDev")&&we.add("deps-dev"));const Te=da(a?.security,{disabled:we,minimumScore:y?.score?.minimum}),Ve=Te.length>0,Ft=Te.map(s=>s.displayName).join(" + "),ye=y?.score?.minimum??ha,Z=
|
|
310
|
-
`):f.warn(se)});if(p?.size===0)return[];const u=a?.security?.policies?.license,v=!!(u&&((u.allow?.length??0)>0||(u.deny?.length??0)>0)),k=p===void 0||p.has("license"),A=v&&k?Ta(e):void 0;return Na({manifestData:A,offline:g,osvFindings:ze,packageManager:D.name,packages:_,socketReports:We,workspaceRoot:e},"audit",{enabledPolicies:p,visConfig:a??{}})})();if(_t){const s=new Set(I.filter(u=>u.vulnerabilities.length>0).map(u=>u.name)),p=Wr({alwaysAssumeUsed:tt?.alwaysAssumeUsed,vulnerablePackages:s,workspaceRoot:e});I=I.filter(u=>u.vulnerabilities.length===0?!0:p.reachable.has(u.name)),E||f.info(
|
|
311
|
-
`),pe(I,C,t.exitCode,
|
|
312
|
-
`),pe(I,C,t.exitCode,
|
|
313
|
-
`),pe(I,C,t.exitCode,
|
|
314
|
-
`),pe(I,C,t.exitCode,
|
|
315
|
-
`),t.exitCode&&(ke.summary.issues>0||ke.summary.policyBlocks>0)&&(process.exitCode=1),Je(I,C,
|
|
309
|
+
`):f.error(`osv-bloom prefilter failed: ${p}`),process.exitCode=1;return}E||f.warn(`osv-bloom prefilter failed (continuing): ${p}`)}const we=new Set;g?we.add("socket").add("deps-dev"):(gt("socket")&&we.add("socket"),gt("depsDev")&&we.add("deps-dev"));const Te=da(a?.security,{disabled:we,minimumScore:y?.score?.minimum}),Ve=Te.length>0,Ft=Te.map(s=>s.displayName).join(" + "),ye=y?.score?.minimum??ha,Z=Ma(e,D.name),Ut=[{id:"vulnerabilities",label:g?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...Ve?[{id:"security",label:`Supply-chain reports (${Ft})`}]:[]],F=Oa(Ut,{live:!E}),Ht=Date.now(),X=N(s=>{const p=Date.now()-s;return p>=1e3?`${(p/1e3).toFixed(1)}s`:`${String(Math.round(p))}ms`},"fmtElapsed");let ze,We;try{const s=Date.now(),p=Date.now();F.start("vulnerabilities"),Ve&&F.start("security");const u=g?Promise.resolve().then(()=>ht(he,{dbPath:$,ecosystem:x.all.find(v=>qe.has(v.toLowerCase()))??"npm",workspaceRoot:e})).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);if(F.finish("vulnerabilities","error",k),v instanceof mt)throw v;return new Map}):ga(he).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("vulnerabilities","error",k),new Map});[ze,We]=await Promise.all([u,Ve?ua(Te,he).then(v=>{let k=0,A=0;for(const se of v.values())k+=se.alerts.length,se.score.overall<ye&&(A+=1);const P=k+A;return F.finish("security",P>0?"warn":"ok",P>0?`${String(k)} alert${k===1?"":"s"}, ${String(A)} low-score · ${X(p)}`:`clean · ${X(p)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("security","error",k),new Map}):Promise.resolve(new Map)])}finally{F.stop()}b||f.info(M(`Scan completed in ${X(Ht)}`));const be=[];for(const s of _){if(ni(s.name,C))continue;const p=ze.get(s.name)??[],u=We.get(`${s.name}@${s.version}`),v=ut(s.name,s.version,Me),k=p.length>0,A=u?u.score.overall<ye:!1,P=u?u.alerts.length>0:!1;(k||A||P)&&be.push({acceptedRisk:v,name:s.name,socketReport:u,version:s.version,vulnerabilities:p})}if(g){const s=x.all.filter(p=>qe.has(p.toLowerCase())&&p.toLowerCase()!=="npm");for(const p of s){const u=Tt(p),v=Rr(e,u);if(v.length!==0){E||f.info(M(`Scanning ${String(v.length)} ${u} packages…`));try{const k=ht(v.map(A=>({name:A.name,version:A.version})),{dbPath:$,ecosystem:u,workspaceRoot:e});for(const A of v){const P=k.get(A.name)??[];P.length!==0&&be.push({acceptedRisk:ut(A.name,A.version,Me),name:A.name,version:A.version,vulnerabilities:P})}}catch(k){const A=k instanceof Error?k.message:String(k);f.warn(`Failed to scan ${u}: ${A}`)}}}}let I=be.filter(s=>{const p=s.vulnerabilities.some(k=>Ce(k.severity,r)),u=s.socketReport?.alerts.some(k=>Ce(k.severity==="medium"?"MODERATE":k.severity.toUpperCase(),r)),v=s.socketReport&&s.socketReport.score.overall<ye;return p||u||v});const Gt=t.policies,rt=[],O=await(async()=>{const s=Sa().map(P=>`'${P}'`).join(", "),p=Aa(Gt,P=>{rt.push(P);const se=`Unknown policy '${P}' — ignoring. Available: ${s}.`;E?process.stderr.write(`vis audit: ${se}
|
|
310
|
+
`):f.warn(se)});if(p?.size===0)return[];const u=a?.security?.policies?.license,v=!!(u&&((u.allow?.length??0)>0||(u.deny?.length??0)>0)),k=p===void 0||p.has("license"),A=v&&k?Ta(e):void 0;return Na({manifestData:A,offline:g,osvFindings:ze,packageManager:D.name,packages:_,socketReports:We,workspaceRoot:e},"audit",{enabledPolicies:p,visConfig:a??{}})})();if(_t){const s=new Set(I.filter(u=>u.vulnerabilities.length>0).map(u=>u.name)),p=Wr({alwaysAssumeUsed:tt?.alwaysAssumeUsed,vulnerablePackages:s,workspaceRoot:e});I=I.filter(u=>u.vulnerabilities.length===0?!0:p.reachable.has(u.name)),E||f.info(M(`Reachability filter: ${String(p.reachable.size)}/${String(s.size)} vulnerable packages reachable (${String(p.filesScanned)} files scanned).`))}const nt=La(e,D.name),ot=nt?I.map(s=>{const p=lr(nt,{name:s.name,version:s.version});return{...s,dependencyPaths:p}}):I.map(s=>({...s,dependencyPaths:[]})),B=N(()=>ot.flatMap(s=>s.vulnerabilities.map(p=>({acknowledged:!!s.acceptedRisk||de(p.id,C,p.aliases),dependencyPaths:s.dependencyPaths,packageName:s.name,packageVersion:s.version,vulnerability:p}))),"findingsForReport"),st=!!t.fix,ct=!!t.fixTransitive,lt=!!t.yes,Bt=!!t.allowMajor;if(st||ct){const s=B().filter(p=>!p.acknowledged);if(st){const p=await pn({actionableFindings:s,allowMajor:Bt,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}if(ct){const p=await dn({actionableFindings:s,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}}const xe=new Map;if(it){const s=Ja(B().filter(u=>!u.acknowledged).map(u=>({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability})).sort(Et),at),p=await ai(s,a?.ai,{info:N(u=>{f.info(u)},"info"),warn:N(u=>{f.warn(u)},"warn")});for(const[u,v]of p)xe.set(u,v)}if(o){const s=Ji({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
|
|
311
|
+
`),pe(I,C,t.exitCode,L,O);return}if(c){const s=Pi({findings:B(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
|
|
312
|
+
`),pe(I,C,t.exitCode,L,O);return}if(l){const{packageJsons:s,workspace:p}=fa(e,a),u=ma(e,p,s),v=Ra({includeDev:!j,projectGraph:u,workspace:p,workspaceRoot:e}),k=Ti({bom:v,findings:B()});process.stdout.write(`${JSON.stringify(k,void 0,2)}
|
|
313
|
+
`),pe(I,C,t.exitCode,L,O);return}if(d){const s=Ui({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
|
|
314
|
+
`),pe(I,C,t.exitCode,L,O);return}if(m){const s=Bi({findings:B(),policyDecisions:O});process.stdout.write(s),pe(I,C,t.exitCode,L,O);return}const _e={informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},ke=pi({bloomHits:G,duplicates:Z,explanations:xe,filtered:ot,packagesScanned:_.length,policyDecisions:O,tool:_e,unknownPolicyTokens:rt,workspaceRoot:e});if(h){const s=Ii({findings:B().map(u=>{const v=xe.get(Oe({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability}));return v?{...u,explanation:v}:u}),packagesScanned:_.length,policyDecisions:O,report:ke,tool:{name:_e.name,version:_e.version},workspaceRoot:e}),p=ea(e,h);Ct(p,s,"utf8"),E||f.success(`HTML report written to ${p}`)}if(b){process.stdout.write(`${JSON.stringify(ke,void 0,2)}
|
|
315
|
+
`),t.exitCode&&(ke.summary.issues>0||ke.summary.policyBlocks>0)&&(process.exitCode=1),Je(I,C,L,O);return}if(I.length===0){f.success(`No security issues found across ${String(_.length)} packages.`);return}const ne={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const s of I)for(const p of s.vulnerabilities)if(Ce(p.severity,r)){const u=p.severity==="UNKNOWN"?"LOW":p.severity;ne[u]?.push({entry:s,vuln:p})}let $e=0,Fe=0;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=ne[s];if(!(!p||p.length===0)){f.info(`
|
|
316
316
|
── ${s} (${String(p.length)}) ──`);for(const{entry:u,vuln:v}of p){const k=!!u.acceptedRisk||de(v.id,C,v.aliases);if(k&&(Fe++,!me))continue;$e++,f.info(tn(u.name,u.version,v,k)),fe&&(v.fixedVersions??[]).length>0&&f.notice(` Fix: update to ${v.fixedVersions.at(-1)}`);const A=xe.get(Oe({packageName:u.name,packageVersion:u.version,vulnerability:v}));if(A)for(const P of A.split(`
|
|
317
317
|
`))f.info(` ${P}`)}}}const oe=I.filter(s=>s.socketReport&&(s.socketReport.score.overall<ye||s.socketReport.alerts.length>0));if(oe.length>0){f.info(`
|
|
318
|
-
── Socket.dev Supply Chain (${String(oe.length)}) ──`);for(const s of oe){if(!s.socketReport)continue;const p=!!s.acceptedRisk;if(!(p&&!me)){f.info(an(s.socketReport,p));for(const u of s.socketReport.alerts){const v=Xr[u.severity]??
|
|
318
|
+
── Socket.dev Supply Chain (${String(oe.length)}) ──`);for(const s of oe){if(!s.socketReport)continue;const p=!!s.acceptedRisk;if(!(p&&!me)){f.info(an(s.socketReport,p));for(const u of s.socketReport.alerts){const v=Xr[u.severity]??M;f.info(` ${v(`[${u.severity.toUpperCase()}]`)} ${u.type} — ${u.category}`)}}}}if(Z.length>0){f.info(`
|
|
319
319
|
── Duplicate Dependencies (${String(Z.length)}) ──`);for(const s of Z){const p=s.versions.join(", ");f.info(` ${s.name} — ${String(s.versions.length)} versions: ${Re(p)}`)}}const pt=new Set;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=ne[s];if(p)for(const{vuln:u}of p)pt.add(u.id)}const Ue=O.filter(s=>{if(s.policy!=="vulnerability")return!0;const p=typeof s.data?.advisoryId=="string"?s.data.advisoryId:void 0;return s.severity==="block"&&p!==void 0&&!pt.has(p)});if(Ue.length>0){f.info(`
|
|
320
|
-
── Policy Decisions (${String(Ue.length)}) ──`);for(const s of Ue){const p=!!s.acceptedRisk;if(p&&!me)continue;const u=s.severity==="block"?Ie:s.severity==="warn"?Re:
|
|
321
|
-
All issues are acknowledged. No action required.`),t.sync&&
|
|
322
|
-
No advisory IDs to sync to native PM config.`)}t.exitCode&&(dt>0||Ae.length>0)&&(process.exitCode=1),Je(I,C,
|
|
320
|
+
── Policy Decisions (${String(Ue.length)}) ──`);for(const s of Ue){const p=!!s.acceptedRisk;if(p&&!me)continue;const u=s.severity==="block"?Ie:s.severity==="warn"?Re:M,v=p?` ${M("[acknowledged]")}`:"";f.info(` ${u(`[${s.severity}]`)} ${s.policy} — ${s.reason}${v}`)}}const Se=N(s=>!!s.acceptedRisk||s.vulnerabilities.length>0&&s.vulnerabilities.every(p=>de(p.id,C,p.aliases)),"isEntryExcluded"),dt=I.filter(s=>!Se(s)).length;if(f.info(""),f.info("─ Audit Summary"),f.info(` ${String(_.length)} packages scanned`),C.ignoredAdvisories.length>0&&f.info(` ${String(C.ignoredAdvisories.length)} ${D.name} audit exclusion${C.ignoredAdvisories.length===1?"":"s"} applied`),$e>0){const s=ne.CRITICAL?.filter(u=>!Se(u.entry)).length??0,p=ne.HIGH?.filter(u=>!Se(u.entry)).length??0;f.error(` ${String($e)} vulnerabilit${$e===1?"y":"ies"} found`),s>0&&f.error(` ${String(s)} critical`),p>0&&f.warn(` ${String(p)} high`)}else f.success(" No vulnerabilities found");if(oe.length>0){const s=oe.filter(p=>!Se(p)).length;f.warn(` ${String(s)} package${s===1?"":"s"} with Socket.dev supply chain issues`)}Z.length>0&&(f.warn(` ${String(Z.length)} package${Z.length===1?"":"s"} with duplicate versions`),f.notice(" Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const Ae=O.filter(s=>s.severity==="block"&&!s.acceptedRisk);if(Ae.length>0&&f.error(` ${String(Ae.length)} policy block${Ae.length===1?"":"s"}`),Fe>0&&(f.info(` ${String(Fe)} acknowledged (accepted risks)`),me||f.notice(" Use --show-accepted to see acknowledged issues.")),dt===0&&f.success(`
|
|
321
|
+
All issues are acknowledged. No action required.`),t.sync&&Me){const s=new Set;for(const u of be)if(u.acceptedRisk){for(const v of u.vulnerabilities)if((v.id.startsWith("CVE-")||v.id.startsWith("GHSA-"))&&s.add(v.id),v.aliases)for(const k of v.aliases)(k.startsWith("CVE-")||k.startsWith("GHSA-"))&&s.add(k)}const p=[...s];if(p.length>0){f.info("");const u=oi(D.name,e,p);for(const v of u)f.success(` ${v}`)}else f.info(`
|
|
322
|
+
No advisory IDs to sync to native PM config.`)}t.exitCode&&(dt>0||Ae.length>0)&&(process.exitCode=1),Je(I,C,L,O)},"executeAudit"),zt=N(e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),"hasBlockingPolicy"),Je=N((e,t,a,i)=>{zt(i)&&(process.exitCode=1),a&&e.some(r=>r.vulnerabilities.some(n=>r.acceptedRisk||de(n.id,t,n.aliases)?!1:Ce(n.severity,a)))&&(process.exitCode=1)},"applyFailOnGate"),pe=N((e,t,a,i,r)=>{a&&(e.filter(n=>!n.acceptedRisk&&n.vulnerabilities.some(o=>!de(o.id,t,o.aliases))).length>0||zt(r))&&(process.exitCode=1),Je(e,t,i,r)},"applyExitGate"),Wt=N(async(e,t)=>{if(!process.stdin.isTTY)return t;const a=Qt({input:process.stdin,output:process.stderr});try{const i=t?"[Y/n]":"[y/N]",r=await new Promise(n=>{a.question(`${e} ${M(i)} `,o=>{n(o.trim())})});return r.length===0?t:r.toLowerCase().startsWith("y")}finally{a.close()}},"promptYesNo"),ln=N(e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun","isTransitiveOnlyPm"),pn=N(async e=>{const t=Lt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(f.info(""),f.info("─ Apply (direct deps)"),f.info(ar(t)),t.apply.length===0){f.info("Nothing to apply for direct deps.");return}if(Ge&&!e.yes)return f.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await Wt("Apply these direct-dep upgrades?",!1))return f.info("Aborted — no changes made."),0;const a=new Map;for(const i of t.apply){const r=i.workspaceName??"",n=a.get(r);n?n.push(i):a.set(r,[i])}for(const[i,r]of a){const n=r.map(l=>`${l.packageName}@${l.targetSpec}`),o=i.length>0?[i]:[];f.info(`Running ${e.pm.name} add ${n.join(" ")}${i.length>0?` --filter ${i}`:""}`);const c=$a(e.pm,{exact:!1,filter:o,global:!1,optional:!1,packages:n,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return f.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return f.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},"runApplyDirect"),dn=N(async e=>{if(!ln(e.pm.name))return f.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(Ge&&(!e.yes||!t))return f.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const a=new Set(Lt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(o=>o.packageName)),i=e.actionableFindings.filter(o=>!a.has(o.packageName)),r=Yr(i);if(r.entries.length===0){f.info(""),f.info("─ Apply transitive (overrides)"),f.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const n=qr(e.workspaceRoot,r,{name:e.pm.name,version:e.pm.version});f.info(""),f.info("─ Apply transitive (overrides)"),f.info(`Target: ${n.filePath} (${n.surface})`);for(const o of n.entries){const c=o.status==="added"?"+":o.status==="updated"?"~":"·",l=o.previousSpec?` (was ${o.previousSpec})`:"";f.info(` ${c} ${o.packageName}: ${o.spec}${l}`)}if(!n.changed){f.info("No changes — overrides already match the plan.");return}if(!e.yes){if(Ge)return 1;if(!await Wt("Write these overrides?",!1))return f.info("Aborted — no changes made."),0}try{Jr(n)}catch(o){const c=o instanceof Error?o.message:String(o);return f.error(`Failed to write overrides: ${c}`),1}return f.success(`Wrote ${String(n.entries.filter(o=>o.status!=="unchanged").length)} override${n.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},"runApplyTransitive"),Rn=N(async({logger:e,options:t,visConfig:a,workspaceRoot:i})=>{if(!i)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await cn(i,t,a,e)},"execute");export{Rn as default,on as mapSeverityToAube,nn as resolveAuditBackend};
|