@visulima/vis 1.0.0-alpha.29 → 1.0.0-alpha.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/dist/bin.js +1 -1
  3. package/dist/binx.js +1 -1
  4. package/dist/packem_chunks/bin.js +368 -367
  5. package/dist/packem_chunks/bloom-status.js +1 -1
  6. package/dist/packem_chunks/bloom-sync.js +1 -1
  7. package/dist/packem_chunks/config.js +15 -15
  8. package/dist/packem_chunks/doctor-probe.js +1 -1
  9. package/dist/packem_chunks/fix.js +1 -1
  10. package/dist/packem_chunks/handler.js +1 -1
  11. package/dist/packem_chunks/handler10.js +1 -1
  12. package/dist/packem_chunks/handler11.js +4 -4
  13. package/dist/packem_chunks/handler12.js +1 -1
  14. package/dist/packem_chunks/handler13.js +2 -2
  15. package/dist/packem_chunks/handler14.js +1 -1
  16. package/dist/packem_chunks/handler15.js +1 -1
  17. package/dist/packem_chunks/handler16.js +1 -1
  18. package/dist/packem_chunks/handler17.js +1 -1
  19. package/dist/packem_chunks/handler18.js +1 -1
  20. package/dist/packem_chunks/handler19.js +1 -1
  21. package/dist/packem_chunks/handler2.js +1 -1
  22. package/dist/packem_chunks/handler20.js +1 -1
  23. package/dist/packem_chunks/handler21.js +2 -2
  24. package/dist/packem_chunks/handler22.js +2 -2
  25. package/dist/packem_chunks/handler23.js +1 -1
  26. package/dist/packem_chunks/handler25.js +1 -1
  27. package/dist/packem_chunks/handler26.js +1 -1
  28. package/dist/packem_chunks/handler27.js +1 -1
  29. package/dist/packem_chunks/handler28.js +1 -1
  30. package/dist/packem_chunks/handler29.js +1 -1
  31. package/dist/packem_chunks/handler30.js +7 -7
  32. package/dist/packem_chunks/handler32.js +1 -1
  33. package/dist/packem_chunks/handler33.js +1 -1
  34. package/dist/packem_chunks/handler34.js +4 -4
  35. package/dist/packem_chunks/handler35.js +1 -1
  36. package/dist/packem_chunks/handler36.js +1 -1
  37. package/dist/packem_chunks/handler37.js +5 -5
  38. package/dist/packem_chunks/handler38.js +4 -4
  39. package/dist/packem_chunks/handler39.js +1 -1
  40. package/dist/packem_chunks/handler4.js +1 -1
  41. package/dist/packem_chunks/handler40.js +2 -2
  42. package/dist/packem_chunks/handler41.js +6 -6
  43. package/dist/packem_chunks/handler42.js +13 -13
  44. package/dist/packem_chunks/handler43.js +5 -5
  45. package/dist/packem_chunks/handler44.js +5 -5
  46. package/dist/packem_chunks/handler45.js +1 -1
  47. package/dist/packem_chunks/handler46.js +12 -12
  48. package/dist/packem_chunks/handler47.js +40 -40
  49. package/dist/packem_chunks/handler48.js +15 -15
  50. package/dist/packem_chunks/handler49.js +3 -3
  51. package/dist/packem_chunks/handler5.js +1 -1
  52. package/dist/packem_chunks/handler50.js +9 -9
  53. package/dist/packem_chunks/handler51.js +1 -1
  54. package/dist/packem_chunks/handler52.js +1 -1
  55. package/dist/packem_chunks/handler6.js +1 -1
  56. package/dist/packem_chunks/handler7.js +1 -1
  57. package/dist/packem_chunks/handler8.js +1 -1
  58. package/dist/packem_chunks/handler9.js +1 -1
  59. package/dist/packem_chunks/heal-accept.js +1 -1
  60. package/dist/packem_chunks/heal.js +1 -1
  61. package/dist/packem_chunks/help-command.js +7 -7
  62. package/dist/packem_chunks/index.js +6 -6
  63. package/dist/packem_chunks/keys-refresh.js +1 -1
  64. package/dist/packem_chunks/list.js +2 -2
  65. package/dist/packem_chunks/loader.js +1 -1
  66. package/dist/packem_chunks/loader2.js +1 -1
  67. package/dist/packem_chunks/prune.js +1 -1
  68. package/dist/packem_chunks/run.js +1 -1
  69. package/dist/packem_chunks/status.js +1 -1
  70. package/dist/packem_chunks/sync.js +1 -1
  71. package/dist/packem_chunks/sync2.js +1 -1
  72. package/dist/packem_chunks/tripwire.js +2 -2
  73. package/dist/packem_chunks/verify-lockfile.js +1 -1
  74. package/dist/packem_shared/Table-DoSoazT6-DwnyTUsA.js +12 -0
  75. package/dist/packem_shared/{advisories-DpgSuWDH.js → advisories-BxXiKFbL.js} +1 -1
  76. package/dist/packem_shared/{affected-shas-BkXXecyi.js → affected-shas-BdnlfiV1.js} +1 -1
  77. package/dist/packem_shared/{ai-fix-CfFWatGY.js → ai-fix-BkPUHA0z.js} +1 -1
  78. package/dist/packem_shared/{applyDefaults-DLvOqXGX.js → applyDefaults-BogleaFi.js} +1 -1
  79. package/dist/packem_shared/build-scripts-DE6U8jVq.js +1 -0
  80. package/dist/packem_shared/{cyclonedx-B04lIvwu.js → cyclonedx-BpGVHqSW.js} +1 -1
  81. package/dist/packem_shared/{dependency-scan-B9wTcLxf.js → dependency-scan-BUbOcMwX.js} +1 -1
  82. package/dist/packem_shared/{docker-DxA80dRx.js → docker-CTE3s4LW.js} +1 -1
  83. package/dist/packem_shared/{failure-log-n3j_-w8s.js → failure-log-34Wl3npC.js} +1 -1
  84. package/dist/packem_shared/glob-D_7bct6p-D8itOHsr.js +1 -0
  85. package/dist/packem_shared/{index-BfG9_znI.js → index-D1xC1Y_R.js} +1 -1
  86. package/dist/packem_shared/index-hoWfZmNo.js +30 -0
  87. package/dist/packem_shared/{lifecycle-NHIKDiCh.js → lifecycle-CXaqPGAQ.js} +2 -2
  88. package/dist/packem_shared/lockfile-CrT86D6d.js +1 -0
  89. package/dist/packem_shared/{lockfile-DAuTDwow.js → lockfile-Cu2BH6bl.js} +1 -1
  90. package/dist/packem_shared/{manifests-B7wUR3Rk.js → manifests-BzWpKW8F.js} +1 -1
  91. package/dist/packem_shared/{min-release-age-YyNI7gqV.js → min-release-age-BPVXwPUg.js} +2 -2
  92. package/dist/packem_shared/{native-config-sync-CgRIIRZV.js → native-config-sync-BRZZetn3.js} +8 -8
  93. package/dist/packem_shared/{osv-bloom-BQSIHt5h.js → osv-bloom-DSZcHLsM.js} +1 -1
  94. package/dist/packem_shared/{pm-runner-Ta_yz2uP.js → pm-runner-DmKT2FqF.js} +1 -1
  95. package/dist/packem_shared/{provenance-DoEp2uOo.js → provenance-DkCA8BrN.js} +1 -1
  96. package/dist/packem_shared/readFileSync-DseCu8sg-DEq4Fn3a.js +1 -0
  97. package/dist/packem_shared/{registry-keys-CD1xHavV.js → registry-keys-Mixm4eAY.js} +1 -1
  98. package/dist/packem_shared/{resolve-explicit-DpSc7RN2.js → resolve-explicit-D5E72FfN.js} +1 -1
  99. package/dist/packem_shared/runtime-check-CilFOqUU.js +1 -0
  100. package/dist/packem_shared/{s1ngularity-CIX7UcT5.js → s1ngularity-Qxc6tRRI.js} +1 -1
  101. package/dist/packem_shared/{scan-progress-CTVVf9WW.js → scan-progress-DVtCtI2z.js} +1 -1
  102. package/dist/packem_shared/{selectors-BU8aTRQm.js → selectors-DkgYFzdq.js} +1 -1
  103. package/dist/packem_shared/{signatures-BHM7cnqB.js → signatures-byuFrtAH.js} +1 -1
  104. package/dist/packem_shared/{toolchain-juKl-WgV.js → toolchain-DoG6b_G_.js} +2 -2
  105. package/dist/packem_shared/{typosquats-DRKU6d2S.js → typosquats-BiDxQj7R.js} +1 -1
  106. package/dist/packem_shared/{verify-DA80ja1b.js → verify-cLcZwKqe.js} +1 -1
  107. package/dist/packem_shared/{watch-DdR-pFzX.js → watch-DEL0yol9.js} +1 -1
  108. package/dist/packem_shared/{watch-loop-C8csFvRU.js → watch-loop-C31Ar7BX.js} +3 -3
  109. package/index.d.ts +201 -201
  110. package/index.js +26 -26
  111. package/package.json +10 -10
  112. package/dist/packem_shared/Table-3pFgIUZ2-DABgc6rj.js +0 -12
  113. package/dist/packem_shared/build-scripts-D-ysm_bS.js +0 -1
  114. package/dist/packem_shared/glob-MHJQjR39-CQ2GC0b_.js +0 -1
  115. package/dist/packem_shared/index-BDF8gawl.js +0 -29
  116. package/dist/packem_shared/lockfile-CoeFxWAv.js +0 -1
  117. package/dist/packem_shared/readFileSync-4c_c6Qey-6SWMDNdw.js +0 -1
  118. package/dist/packem_shared/runtime-check-Cbtb_Utb.js +0 -1
package/dist/packem_chunks/handler47.js CHANGED
@@ -1,4 +1,4 @@
1
- var Kt=Object.defineProperty;var R=(e,t)=>Kt(e,"name",{value:t,configurable:!0});import{createRequire as qt}from"node:module";import{E as L,e as Re,q as jt,P as Rt,T as Ie}from"../packem_shared/Table-3pFgIUZ2-DABgc6rj.js";import{M as U,i as ae,$ as Ee,C as ea}from"../packem_shared/readFileSync-4c_c6Qey-6SWMDNdw.js";import{an as ta,am as aa,ac as ia,ad as ra,ae as na,r as Ye,V as oa,t as sa,aV as ca,Y as la,a1 as pa,p as f,i as gt,c as da,v as ga,f as ua,$ as ut,C as fa,S as ma,a4 as ha,s as Ge}from"./bin.js";import{whichBin as va}from"#native";import{w as ya,r as ba,b as xa}from"../packem_shared/ai-analysis-KP8b5lc0.js";import{q as ft,n as It}from"./config.js";import{s as T,A as ka,P as $a}from"../packem_shared/pm-runner-Ta_yz2uP.js";import{c as Et,s as Ce,g as Sa,p as Aa,e as Na}from"../packem_shared/index-BfG9_znI.js";import{d as Ca}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as ja,b as Ra}from"../packem_shared/cyclonedx-B04lIvwu.js";import{s as Oa}from"../packem_shared/scan-progress-CTVVf9WW.js";import{r as Pa,A as mt,q as ht}from"../packem_shared/advisories-DpgSuWDH.js";import{l as Da,f as La,a as Ma}from"../packem_shared/dependency-scan-B9wTcLxf.js";import{r as Ta}from"../packem_shared/manifests-B7wUR3Rk.js";import{l as Va,p as za,O as Wa}from"../packem_shared/osv-bloom-BQSIHt5h.js";const Jt=qt(import.meta.url),ce=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,ie=R(e=>{if(typeof ce<"u"&&ce.versions&&ce.versions.node){const[t,a]=ce.versions.node.split(".").map(Number);if(t>22||t===22&&a>=3||t===20&&a>=16)return ce.getBuiltinModule(e)}return Jt(e)},"__cjs_getBuiltinModule"),{spawnSync:Yt}=ie("node:child_process"),{existsSync:At,readFileSync:Nt,writeFileSync:Ct,renameSync:Zt,unlinkSync:Xt}=ie("node:fs"),{createInterface:Qt}=ie("node:readline"),{stripVTControlCharacters:wa}=ie("node:util"),{createHash:Ia}=ie("node:crypto"),{relative:Ot,join:Ea}=ie("node:path");var _a=Object.defineProperty,Fa=R((e,t)=>_a(e,"name",{value:t,configurable:!0}),"t$1"),Ua=Object.defineProperty,Ha=Fa((e,t)=>Ua(e,"name",{value:t,configurable:!0}),"s"),Ga=Object.defineProperty,Ba=Ha((e,t)=>Ga(e,"name",{value:t,configurable:!0}),"n");const vt=Ba((e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const a=[];for(const i of ta(e,t))a.push(i.path);return a},"collectSync");var Ka=Object.defineProperty,H=R((e,t)=>Ka(e,"name",{value:t,configurable:!0}),"a");const Oe=H(e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,"explainKey"),qa=H(e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all","isSelectAll"),Ja=H((e,t)=>{if(qa(t))return e;const a=String(t).trim();if(/^\d+$/.test(a)){const r=Number.parseInt(a,10)-1,n=e[r];return n?[n]:[]}const i=a.toLowerCase();return e.filter(r=>{const{aliases:n,id:o}=r.vulnerability;return o.toLowerCase()===i||(n??[]).some(c=>c.toLowerCase()===i)})},"selectTargets"),Ya=H(e=>{const{packageName:t,packageVersion:a,vulnerability:i}=e,r=(i.aliases??[]).join(", ")||"none",n=(i.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
1
+ var Kt=Object.defineProperty;var j=(e,t)=>Kt(e,"name",{value:t,configurable:!0});import{createRequire as qt}from"node:module";import{E as L,e as je,q as Rt,P as jt,T as Ie}from"../packem_shared/Table-DoSoazT6-DwnyTUsA.js";import{M as U,l as ae,B as Ee,C as ea}from"../packem_shared/readFileSync-DseCu8sg-DEq4Fn3a.js";import{an as ta,am as aa,ac as ia,ad as ra,ae as na,r as Ye,V as oa,t as sa,aV as ca,Y as la,a1 as pa,p as f,i as gt,c as da,v as ga,f as ua,$ as ut,C as fa,S as ma,a4 as ha,s as Ge}from"./bin.js";import{whichBin as va}from"#native";import{w as ya,r as ba,b as xa}from"../packem_shared/ai-analysis-KP8b5lc0.js";import{E as ft,s as It}from"./config.js";import{s as T,A as ka,P as $a}from"../packem_shared/pm-runner-DmKT2FqF.js";import{c as Et,s as Ce,g as Sa,p as Aa,e as Na}from"../packem_shared/index-D1xC1Y_R.js";import{d as Ca}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as Ra,b as ja}from"../packem_shared/cyclonedx-BpGVHqSW.js";import{s as Oa}from"../packem_shared/scan-progress-DVtCtI2z.js";import{r as Pa,A as mt,q as ht}from"../packem_shared/advisories-BxXiKFbL.js";import{l as Da,f as La,a as Ma}from"../packem_shared/dependency-scan-BUbOcMwX.js";import{r as Ta}from"../packem_shared/manifests-BzWpKW8F.js";import{l as Va,p as za,O as Wa}from"../packem_shared/osv-bloom-DSZcHLsM.js";const Jt=qt(import.meta.url),ce=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,ie=j(e=>{if(typeof ce<"u"&&ce.versions&&ce.versions.node){const[t,a]=ce.versions.node.split(".").map(Number);if(t>22||t===22&&a>=3||t===20&&a>=16)return ce.getBuiltinModule(e)}return Jt(e)},"__cjs_getBuiltinModule"),{spawnSync:Yt}=ie("node:child_process"),{existsSync:At,readFileSync:Nt,writeFileSync:Ct,renameSync:Zt,unlinkSync:Xt}=ie("node:fs"),{createInterface:Qt}=ie("node:readline"),{stripVTControlCharacters:wa}=ie("node:util"),{createHash:Ia}=ie("node:crypto"),{relative:Ot,join:Ea}=ie("node:path");var _a=Object.defineProperty,Fa=j((e,t)=>_a(e,"name",{value:t,configurable:!0}),"r$1");const vt=Fa((e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const a=[];for(const i of ta(e,t))a.push(i.path);return a},"a");var Ua=Object.defineProperty,H=j((e,t)=>Ua(e,"name",{value:t,configurable:!0}),"a");const Oe=H(e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,"explainKey"),Ha=H(e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all","isSelectAll"),Ga=H((e,t)=>{if(Ha(t))return e;const a=String(t).trim();if(/^\d+$/.test(a)){const r=Number.parseInt(a,10)-1,n=e[r];return n?[n]:[]}const i=a.toLowerCase();return e.filter(r=>{const{aliases:n,id:o}=r.vulnerability;return o.toLowerCase()===i||(n??[]).some(c=>c.toLowerCase()===i)})},"selectTargets"),Ba=H(e=>{const{packageName:t,packageVersion:a,vulnerability:i}=e,r=(i.aliases??[]).join(", ")||"none",n=(i.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
2
2
 
3
3
  Package: ${t}@${a}
4
4
  Advisory: ${i.id} (aliases: ${r})
@@ -11,9 +11,9 @@ Respond ONLY with valid JSON in this exact structure, each value 1-3 plain sente
11
11
  "whatItIs": "what the vulnerability is and how it is exploited",
12
12
  "areYouAtRisk": "what usage pattern makes an app actually exposed; be honest that lockfile presence alone is not exploitation",
13
13
  "whatToDo": "the concrete remediation step"
14
- }`},"buildExplainPrompt"),Ne=H(e=>wa(e).replaceAll(/[\u0000-\u0008\u000B-\u001F\u007F]/gu,"").trim(),"sanitize"),Za=H(e=>`What it is: ${e.whatItIs}
14
+ }`},"buildExplainPrompt"),Ne=H(e=>wa(e).replaceAll(/[\u0000-\u0008\u000B-\u001F\u007F]/gu,"").trim(),"sanitize"),Ka=H(e=>`What it is: ${e.whatItIs}
15
15
  Are you at risk: ${e.areYouAtRisk}
16
- What to do: ${e.whatToDo}`,"formatExplanation"),Xa=H(e=>{const t=ya(e);if(t&&typeof t=="object"){const a=t,i=typeof a.whatItIs=="string"?Ne(a.whatItIs):"",r=typeof a.areYouAtRisk=="string"?Ne(a.areYouAtRisk):"",n=typeof a.whatToDo=="string"?Ne(a.whatToDo):"";if(i||r||n)return Za({areYouAtRisk:r,whatItIs:i,whatToDo:n})}return Ne(e)},"parseExplanation"),Qa=H(async(e,t,a)=>{let i=0;const r=Array.from({length:Math.min(t,e.length)},async()=>{for(;i<e.length;){const n=i;i+=1;const o=e[n];o!==void 0&&await a(o)}});await Promise.all(r)},"mapWithConcurrency"),ei=3,ti={resolveProvider:xa,runWithRetry:ba},ai=H(async(e,t,a,i=ti)=>{const r=new Map;if(e.length===0)return r;const n=i.resolveProvider(t);if(!n)return a?.info?.("No AI CLI provider found on PATH — skipping --explain."),r;const o=aa("security",t?.cacheTtl);return await Qa(e,ei,async c=>{const l=Oe(c),d=ia({id:c.vulnerability.id,kind:"audit-explain",name:c.packageName,provider:n.name,version:c.packageVersion}),m=ra(d);if(typeof m=="string"){r.set(l,m);return}try{const b=await i.runWithRetry(n,Ya(c)),h=Xa(b);h&&(r.set(l,h),na(d,h,o))}catch(b){const h=b instanceof Error?b.message:String(b);a?.warn?.(`Explain failed for ${c.vulnerability.id} (${h}).`)}}),r},"explainFindings");var ii=Object.defineProperty,Y=R((e,t)=>ii(e,"name",{value:t,configurable:!0}),"o$2");const Pe=Y(e=>Array.isArray(e)?e.filter(t=>typeof t=="string"):[],"toStringArray"),Be=Y((e,t)=>{for(const a of t)if(a===e||a.endsWith("*")&&e.startsWith(a.slice(0,-1)))return!0;return!1},"matchesGlobList"),Pt=Y(e=>{const t=U(e,"pnpm-workspace.yaml");if(!ae(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const a=Ye(t);return{excludedPackages:[],ignoredAdvisories:[...Pe(a?.auditConfig?.ignoreCves),...Pe(a?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),Dt=Y(e=>{const t=U(e,".yarnrc.yml");if(!ae(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const a=Ye(t);return{excludedPackages:Pe(a?.npmAuditExcludePackages),ignoredAdvisories:Pe(a?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),ri=Y((e,t)=>{switch(t){case"pnpm":return Pt(e);case"yarn":return Dt(e);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),de=Y((e,t,a)=>{if(Be(e,t.ignoredAdvisories))return!0;if(a){for(const i of a)if(Be(i,t.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),ni=Y((e,t)=>Be(e,t.excludedPackages),"isPackageExcluded"),oi=Y((e,t,a)=>{if(a.length===0)return["No advisory IDs to sync."];const i=[];switch(e){case"bun":{i.push(`bun has no audit config file. Use CLI flags: bun audit ${a.map(r=>`--ignore ${r}`).join(" ")}`);break}case"npm":{i.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const r=U(t,"pnpm-workspace.yaml");if(!ae(r)){i.push("pnpm-workspace.yaml not found. Cannot sync.");break}const n=Pt(t),o=new Set(n.ignoredAdvisories.filter(g=>g.startsWith("CVE-"))),c=new Set(n.ignoredAdvisories.filter(g=>g.startsWith("GHSA-"))),l=a.filter(g=>g.startsWith("CVE-")),d=a.filter(g=>g.startsWith("GHSA-")),m=[...new Set([...o,...l])],b=[...new Set([...c,...d])],h=l.filter(g=>!o.has(g)).length,w=d.filter(g=>!c.has(g)).length;if(h===0&&w===0){i.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let y=Ee(r);if(m.length>0){const g=` ignoreCves:
16
+ What to do: ${e.whatToDo}`,"formatExplanation"),qa=H(e=>{const t=ya(e);if(t&&typeof t=="object"){const a=t,i=typeof a.whatItIs=="string"?Ne(a.whatItIs):"",r=typeof a.areYouAtRisk=="string"?Ne(a.areYouAtRisk):"",n=typeof a.whatToDo=="string"?Ne(a.whatToDo):"";if(i||r||n)return Ka({areYouAtRisk:r,whatItIs:i,whatToDo:n})}return Ne(e)},"parseExplanation"),Ja=H(async(e,t,a)=>{let i=0;const r=Array.from({length:Math.min(t,e.length)},async()=>{for(;i<e.length;){const n=i;i+=1;const o=e[n];o!==void 0&&await a(o)}});await Promise.all(r)},"mapWithConcurrency"),Ya=3,Za={resolveProvider:xa,runWithRetry:ba},Xa=H(async(e,t,a,i=Za)=>{const r=new Map;if(e.length===0)return r;const n=i.resolveProvider(t);if(!n)return a?.info?.("No AI CLI provider found on PATH — skipping --explain."),r;const o=aa("security",t?.cacheTtl);return await Ja(e,Ya,async c=>{const l=Oe(c),d=ia({id:c.vulnerability.id,kind:"audit-explain",name:c.packageName,provider:n.name,version:c.packageVersion}),m=ra(d);if(typeof m=="string"){r.set(l,m);return}try{const b=await i.runWithRetry(n,Ba(c)),h=qa(b);h&&(r.set(l,h),na(d,h,o))}catch(b){const h=b instanceof Error?b.message:String(b);a?.warn?.(`Explain failed for ${c.vulnerability.id} (${h}).`)}}),r},"explainFindings");var Qa=Object.defineProperty,Y=j((e,t)=>Qa(e,"name",{value:t,configurable:!0}),"o$2");const Pe=Y(e=>Array.isArray(e)?e.filter(t=>typeof t=="string"):[],"toStringArray"),Be=Y((e,t)=>{for(const a of t)if(a===e||a.endsWith("*")&&e.startsWith(a.slice(0,-1)))return!0;return!1},"matchesGlobList"),Pt=Y(e=>{const t=U(e,"pnpm-workspace.yaml");if(!ae(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const a=Ye(t);return{excludedPackages:[],ignoredAdvisories:[...Pe(a?.auditConfig?.ignoreCves),...Pe(a?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),Dt=Y(e=>{const t=U(e,".yarnrc.yml");if(!ae(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const a=Ye(t);return{excludedPackages:Pe(a?.npmAuditExcludePackages),ignoredAdvisories:Pe(a?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),ei=Y((e,t)=>{switch(t){case"pnpm":return Pt(e);case"yarn":return Dt(e);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),de=Y((e,t,a)=>{if(Be(e,t.ignoredAdvisories))return!0;if(a){for(const i of a)if(Be(i,t.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),ti=Y((e,t)=>Be(e,t.excludedPackages),"isPackageExcluded"),ai=Y((e,t,a)=>{if(a.length===0)return["No advisory IDs to sync."];const i=[];switch(e){case"bun":{i.push(`bun has no audit config file. Use CLI flags: bun audit ${a.map(r=>`--ignore ${r}`).join(" ")}`);break}case"npm":{i.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const r=U(t,"pnpm-workspace.yaml");if(!ae(r)){i.push("pnpm-workspace.yaml not found. Cannot sync.");break}const n=Pt(t),o=new Set(n.ignoredAdvisories.filter(g=>g.startsWith("CVE-"))),c=new Set(n.ignoredAdvisories.filter(g=>g.startsWith("GHSA-"))),l=a.filter(g=>g.startsWith("CVE-")),d=a.filter(g=>g.startsWith("GHSA-")),m=[...new Set([...o,...l])],b=[...new Set([...c,...d])],h=l.filter(g=>!o.has(g)).length,w=d.filter(g=>!c.has(g)).length;if(h===0&&w===0){i.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let y=Ee(r);if(m.length>0){const g=` ignoreCves:
17
17
  ${m.map($=>` - ${$}`).join(`
18
18
  `)}
19
19
  `;/auditConfig:/.test(y)?y=/ignoreCves:/.test(y)?y.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,g):y.replace(/auditConfig:\s*\n/,`auditConfig:
@@ -28,11 +28,11 @@ ${c.map(b=>` - "${b}"`).join(`
28
28
  `)}
29
29
  `;d=/npmAuditIgnoreAdvisories:/.test(d)?d.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,m):`${d.trimEnd()}
30
30
 
31
- ${m}`,ft(r,d),i.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.yml (${String(c.length)} total)`);break}default:i.push(`Unknown package manager: ${e}`)}return i},"syncAcceptedRisksToNativeConfig");var si=Object.defineProperty,ci=R((e,t)=>si(e,"name",{value:t,configurable:!0}),"c$3");const li="1.0",pi=ci(e=>{const{bloomHits:t,duplicates:a,explanations:i,filtered:r,now:n,packagesScanned:o,policyDecisions:c,tool:l,unknownPolicyTokens:d,workspaceRoot:m}=e,b=r.map(g=>({acceptedRisk:g.acceptedRisk??null,dependencyPaths:g.dependencyPaths?g.dependencyPaths.map($=>$.map(x=>({name:x.name,version:x.version}))):[],name:g.name,socketAlerts:g.socketReport?.alerts??[],socketScore:g.socketReport?.score.overall??null,version:g.version,vulnerabilities:g.vulnerabilities.map($=>{const x=i.get(Oe({packageName:g.name,packageVersion:g.version,vulnerability:$}));return x?{...$,explanation:x}:{...$}})})),h=c.map(g=>({acceptedRisk:g.acceptedRisk??null,data:g.data??null,packageName:g.packageName,policy:g.policy,reason:g.reason,severity:g.severity,version:g.version})),w={accepted:b.filter(g=>g.acceptedRisk!==null).length,duplicatePackages:a.length,issues:b.filter(g=>g.acceptedRisk===null).length,policyBlocks:h.filter(g=>g.severity==="block"&&g.acceptedRisk===null).length,policyDecisions:h.length,total:b.length},y=d.map(g=>({kind:"unknown-policy",token:g}));return{bloomHits:t.map(g=>({name:g.name,version:g.version})),duplicates:a.map(g=>({name:g.name,versionCount:g.versions.length,versions:[...g.versions]})),generatedAt:(n??new Date).toISOString(),packages:o,policies:h,results:b,schemaVersion:li,summary:w,tool:l,warnings:y,workspaceRoot:m}},"buildAuditReport");var di=Object.defineProperty,te=R((e,t)=>di(e,"name",{value:t,configurable:!0}),"r");const gi=["CRITICAL","HIGH","MODERATE","LOW","UNKNOWN"],ui={CRITICAL:"error",HIGH:"error",LOW:"note",MODERATE:"warning",UNKNOWN:"none"},fi={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"none"},mi={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},hi=te(e=>ui[e],"severityToSarifLevel"),Ke=te(e=>fi[e],"severityLabel"),vi=te(e=>mi[e],"severityFallbackScore"),Ze=te(e=>typeof e.cvssScore=="number"&&Number.isFinite(e.cvssScore)?e.cvssScore:vi(e.severity),"cvssScore"),wi=te(e=>Ze(e).toFixed(1),"securitySeverityString"),V=te(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),je=te(e=>e.startsWith("CVE-")?"NVD":e.startsWith("GHSA-")?"GitHub Advisory Database":"OSV","advisorySourceName");var yi=`/*! tailwindcss v4.3.0 | MIT License | https://tailwindcss.com */
32
- @layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){*,:before,:after,::backdrop{--tw-rotate-x:initial;--tw-rotate-y:initial;--tw-rotate-z:initial;--tw-skew-x:initial;--tw-skew-y:initial;--tw-space-y-reverse:0;--tw-border-style:solid;--tw-leading:initial;--tw-font-weight:initial;--tw-tracking:initial;--tw-ordinal:initial;--tw-slashed-zero:initial;--tw-numeric-figure:initial;--tw-numeric-spacing:initial;--tw-numeric-fraction:initial;--tw-shadow:0 0 #0000;--tw-shadow-color:initial;--tw-shadow-alpha:100%;--tw-inset-shadow:0 0 #0000;--tw-inset-shadow-color:initial;--tw-inset-shadow-alpha:100%;--tw-ring-color:initial;--tw-ring-shadow:0 0 #0000;--tw-inset-ring-color:initial;--tw-inset-ring-shadow:0 0 #0000;--tw-ring-inset:initial;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-offset-shadow:0 0 #0000;--tw-outline-style:solid;--tw-blur:initial;--tw-brightness:initial;--tw-contrast:initial;--tw-grayscale:initial;--tw-hue-rotate:initial;--tw-invert:initial;--tw-opacity:initial;--tw-saturate:initial;--tw-sepia:initial;--tw-drop-shadow:initial;--tw-drop-shadow-color:initial;--tw-drop-shadow-alpha:100%;--tw-drop-shadow-size:initial;--tw-backdrop-blur:initial;--tw-backdrop-brightness:initial;--tw-backdrop-contrast:initial;--tw-backdrop-grayscale:initial;--tw-backdrop-hue-rotate:initial;--tw-backdrop-invert:initial;--tw-backdrop-opacity:initial;--tw-backdrop-saturate:initial;--tw-backdrop-sepia:initial;--tw-duration:initial;--tw-content:""}}}@layer theme{:root,:host{--font-sans:ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-mono:ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--color-white:#fff;--spacing:.25rem;--text-sm:.875rem;--text-sm--line-height:calc(1.25 / .875);--font-weight-light:300;--font-weight-medium:500;--font-weight-semibold:600;--font-weight-bold:700;--tracking-tight:-.025em;--tracking-normal:0em;--leading-tight:1.25;--leading-snug:1.375;--radius-sm:.25rem;--ease-out:cubic-bezier(0, 0, .2, 1);--blur-sm:8px;--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:var(--font-sans);--default-mono-font-family:var(--font-mono)}}@layer base{*,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab, red, red)){::placeholder{color:color-mix(in oklab, currentcolor 50%, transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){appearance:button}::file-selector-button{appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}:root{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d;--mono:ui-monospace, "SF Mono", "JetBrains Mono", "Cascadia Mono", "Roboto Mono", Menlo, Consolas, monospace;--sans:system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", sans-serif}@media (prefers-color-scheme:dark){:root{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}}html[data-theme=light]{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d}html[data-theme=dark]{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}*{box-sizing:border-box}html{-webkit-text-size-adjust:100%}body{font-family:var(--sans);background-color:var(--bg);background-image:radial-gradient(circle, var(--border) .5px, transparent .5px);color:var(--fg);-webkit-font-smoothing:antialiased;font-feature-settings:"ss01";background-size:14px 14px;margin:0;padding:24px;line-height:1.5}a{color:var(--link);text-decoration:none}code{font-family:var(--mono);font-size:12px}h2{font-family:var(--mono);letter-spacing:.16em;text-transform:uppercase;color:var(--muted);margin:48px 0 14px;font-size:11px;font-weight:500}input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select{appearance:none;--tw-shadow:0 0 #0000;background-color:#fff;border-width:1px;border-color:oklch(55.1% .027 264.364);border-radius:0;padding:.5rem .75rem;font-size:1rem;line-height:1.5rem}:is(input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);border-color:oklch(54.6% .245 262.881);outline:2px solid #0000}input::placeholder,textarea::placeholder{color:oklch(55.1% .027 264.364);opacity:1}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-date-and-time-value{min-height:1.5em}::-webkit-date-and-time-value{text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-year-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-month-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-day-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-hour-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-minute-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-second-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-millisecond-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-meridiem-field{padding-top:0;padding-bottom:0}select{-webkit-print-color-adjust:exact;print-color-adjust:exact;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 20 20'%3e%3cpath stroke='oklch(55.1%25 0.027 264.364)' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' d='M6 8l4 4 4-4'/%3e%3c/svg%3e");background-position:right .5rem center;background-repeat:no-repeat;background-size:1.5em 1.5em;padding-right:2.5rem}select:where([multiple]),select:where([size]:not([size="1"])){background-image:initial;background-position:initial;background-repeat:unset;background-size:initial;print-color-adjust:unset;padding-right:.75rem}input:where([type=checkbox]),input:where([type=radio]){appearance:none;-webkit-print-color-adjust:exact;print-color-adjust:exact;vertical-align:middle;-webkit-user-select:none;user-select:none;color:oklch(54.6% .245 262.881);--tw-shadow:0 0 #0000;background-color:#fff;background-origin:border-box;border-width:1px;border-color:oklch(55.1% .027 264.364);flex-shrink:0;width:1rem;height:1rem;padding:0;display:inline-block}input:where([type=checkbox]){border-radius:0}input:where([type=radio]){border-radius:100%}input:where([type=checkbox]):focus,input:where([type=radio]):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:2px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);outline:2px solid #0000}input:where([type=checkbox]):checked,input:where([type=radio]):checked{background-color:currentColor;background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}input:where([type=checkbox]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3cpath d='M12.207 4.793a1 1 0 010 1.414l-5 5a1 1 0 01-1.414 0l-2-2a1 1 0 011.414-1.414L6.5 9.086l4.293-4.293a1 1 0 011.414 0z'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=checkbox]):checked{appearance:auto}}input:where([type=radio]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3ccircle cx='8' cy='8' r='3'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=radio]):checked{appearance:auto}}input:where([type=checkbox]):checked:hover,input:where([type=checkbox]):checked:focus,input:where([type=radio]):checked:hover,input:where([type=radio]):checked:focus{background-color:currentColor;border-color:#0000}input:where([type=checkbox]):indeterminate{background-color:currentColor;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 16 16'%3e%3cpath stroke='white' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M4 8h8'/%3e%3c/svg%3e");background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}@media (forced-colors:active){input:where([type=checkbox]):indeterminate{appearance:auto}}input:where([type=checkbox]):indeterminate:hover,input:where([type=checkbox]):indeterminate:focus{background-color:currentColor;border-color:#0000}input:where([type=file]){background:unset;border-color:inherit;font-size:unset;line-height:inherit;border-width:0;border-radius:0;padding:0}input:where([type=file]):focus{outline:1px solid buttontext;outline:1px auto -webkit-focus-ring-color}}@layer components{.masthead{border-bottom:1px solid var(--border)}.brand{font-family:var(--sans);color:var(--fg);font-size:clamp(30px,5vw,52px);font-weight:600}.brand .slash{color:var(--accent)}.brand .sub{font-family:var(--mono);letter-spacing:.22em;color:var(--faint)}.chip{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2)}.tbtn{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2);transition:border-color .2s,color .2s}.tbtn:hover{color:var(--fg);border-color:var(--fg)}.tbtn-theme{min-width:28px}.tbtn-theme .ticon{line-height:0}.tbtn-theme .ticon-sun{display:none}@media (prefers-color-scheme:dark){.tbtn-theme .ticon-moon{display:none}.tbtn-theme .ticon-sun{display:inline-flex}}html[data-theme=light] .tbtn-theme .ticon-moon{display:inline-flex}html[data-theme=light] .tbtn-theme .ticon-sun,html[data-theme=dark] .tbtn-theme .ticon-moon{display:none}html[data-theme=dark] .tbtn-theme .ticon-sun{display:inline-flex}.verdict{padding:56px 0 36px}.verdict .vnum{font-family:var(--mono);letter-spacing:-.04em;color:var(--fg);font-variant-numeric:tabular-nums;font-size:clamp(64px,14vw,148px);line-height:.85}.verdict .vsub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}.verdict-crit .vnum{color:var(--accent)}.verdict-high .vnum{color:var(--high)}.debugbar{border-bottom:1px solid var(--border)}.dseg+.dseg{border-left:1px solid var(--border);padding-left:1.75rem}.dseg .dk{font-family:var(--mono);letter-spacing:.13em;color:var(--faint)}.dseg .dv{font-family:var(--mono);color:var(--fg);font-variant-numeric:tabular-nums;letter-spacing:-.01em;font-weight:400}.dseg .dvsep{color:var(--faint)}.dseg .dot{background:var(--unknown)}.dseg-critical .dv{color:var(--critical)}.dseg-high .dv{color:var(--high)}.dseg-moderate .dv{color:var(--medium)}.dseg-low .dv{color:var(--low)}.dseg-ok .dot{background:var(--minor)}.dseg-ok .dv,.dseg-fixable .dv{color:var(--minor)}.field{border-bottom:1px solid var(--border2);background:0 0;transition:border-color .2s}.field:focus-within{border-bottom-color:var(--fg)}.field .prompt{font-family:var(--mono);letter-spacing:.12em;color:var(--faint)}.field input,.field select{font-family:var(--mono);color:var(--fg)}.field.sel{margin-left:32px}.field select{text-transform:uppercase;letter-spacing:.06em;font-size:11px}.field select option{background:var(--panel);color:var(--fg);text-transform:none;letter-spacing:0}.field input::placeholder{color:var(--faint);text-transform:uppercase;letter-spacing:.06em;font-size:11px}#findings{border-collapse:collapse}#findings thead th{font-family:var(--mono);letter-spacing:.11em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#findings td,#findings tbody tr:last-child td{border-bottom:1px solid var(--border)}.finding-row:hover td{background:var(--row-hover)}.sev-cell{box-shadow:inset 2px 0 0 var(--border2)}tr[data-severity=CRITICAL] .sev-cell{box-shadow:inset 2px 0 0 var(--critical)}tr[data-severity=HIGH] .sev-cell{box-shadow:inset 2px 0 0 var(--high)}tr[data-severity=MODERATE] .sev-cell{box-shadow:inset 2px 0 0 var(--medium)}tr[data-severity=LOW] .sev-cell{box-shadow:inset 2px 0 0 var(--low)}tr[data-severity=UNKNOWN] .sev-cell{box-shadow:inset 2px 0 0 var(--unknown)}.ack-row td{opacity:.4}.ack-row .summary-cell,.ack-row a{color:var(--muted)}code.pkg{color:var(--fg)}code.ver,code.fix{color:var(--muted)}code.fix{color:var(--minor)}code.copyable{cursor:copy;padding-inline:calc(var(--spacing) * 2);padding-block:calc(var(--spacing) * 1);white-space:nowrap;color:var(--fg);border:1px solid var(--border2);background:0 0;border-radius:3px;font-size:12px;transition:border-color .2s,color .2s;display:inline-block}code.copyable:hover{border-color:var(--fg)}code.copyable.copied{color:var(--minor);border-color:var(--minor)}.adv-cell a{font-family:var(--mono);color:var(--link);border-bottom:1px solid #0000;transition:border-color .2s}.adv-cell a:hover{border-bottom-color:var(--link)}.summary-cell{font-family:var(--sans);color:var(--muted);line-height:1.5}.muted{font-family:var(--mono);letter-spacing:.06em;color:var(--faint)}.ack{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);border:1px solid var(--border2)}.badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.badge:before{content:"";background:currentColor;width:5px;height:5px}.badge-critical{color:var(--critical)}.badge-high{color:var(--high)}.badge-moderate{color:var(--medium)}.badge-low{color:var(--low)}.badge-unknown{color:var(--unknown)}.marker{font-family:var(--mono);letter-spacing:.09em}.marker-major{color:var(--major)}.marker-minor-patch{color:var(--minor)}.marker-unknown{color:var(--unknown)}.empty{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border);border-bottom:1px solid var(--border)}.clean{padding-top:96px;padding-bottom:96px}.clean .big{font-family:var(--mono);letter-spacing:-.03em;color:var(--fg);font-size:clamp(56px,12vw,128px);line-height:1}.clean .sub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}#policies{border-collapse:collapse}#policies th{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#policies td,#policies tr:last-child td{border-bottom:1px solid var(--border)}#policies code{letter-spacing:.04em;color:var(--muted)}.policy-badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.policy-badge:before{content:"";background:currentColor;width:5px;height:5px}.policy-block{color:var(--accent)}.policy-warn{color:var(--high)}.policy-info{color:var(--muted)}.hint{font-family:var(--mono);letter-spacing:.1em;color:var(--faint)}.kbd{font-family:var(--mono);letter-spacing:.06em;color:var(--muted);background:var(--panel2);border:1px solid var(--border2)}.explain-row td{border-top:1px dotted var(--accent);border-bottom:1px solid var(--border);box-shadow:inset 2px 0 0 var(--accent);background:0 0}.finding-row:has(+.explain-row) td{border-bottom:none}.explain-row details{background:0 0}.explain-row summary::-webkit-details-marker{display:none}.intel-tag{font-family:var(--mono);letter-spacing:.16em;color:var(--accent)}.intel-hint{font-family:var(--mono);letter-spacing:.1em;color:var(--muted)}.explain-row details[open] summary .intel-hint:after{content:" [-]"}.explain-row details:not([open]) summary .intel-hint:after{content:" [+]"}.explain-body{animation:.2s both rise}.intel-key{font-family:var(--mono);letter-spacing:.12em;color:var(--accent)}.intel-val{font-family:var(--sans);color:var(--fg);line-height:1.55}.intel-prose{color:var(--muted);grid-template-columns:1fr}.intel-prose .intel-val{color:var(--muted)}.sig{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border)}.sig b{color:var(--muted);font-weight:500}.sig-by{color:var(--muted)}.anolilab-logo{width:auto;height:13px;fill:var(--fg)}.anolilab-accent{fill:#dfff1b}@keyframes rise{0%{opacity:0;transform:translateY(4px)}to{opacity:1;transform:none}}@media (prefers-reduced-motion:reduce){.explain-body{animation:none}}}@layer utilities{.pointer-events-auto{pointer-events:auto}.pointer-events-none{pointer-events:none}.collapse{visibility:collapse}.invisible{visibility:hidden}.visible{visibility:visible}.absolute{position:absolute}.fixed{position:fixed}.relative{position:relative}.static{position:static}.sticky{position:sticky}.inset-0{inset:calc(var(--spacing) * 0)}.inset-x-0{inset-inline:calc(var(--spacing) * 0)}.top-0{top:calc(var(--spacing) * 0)}.top-3{top:calc(var(--spacing) * 3)}.top-4{top:calc(var(--spacing) * 4)}.top-full{top:100%}.right-0{right:calc(var(--spacing) * 0)}.right-4{right:calc(var(--spacing) * 4)}.bottom-4{bottom:calc(var(--spacing) * 4)}.bottom-5{bottom:calc(var(--spacing) * 5)}.left-0{left:calc(var(--spacing) * 0)}.left-4{left:calc(var(--spacing) * 4)}.isolate{isolation:isolate}.z-20{z-index:20}.z-30{z-index:30}.z-\\[2\\]{z-index:2}.container{width:100%}@media (min-width:40rem){.container{max-width:40rem}}@media (min-width:48rem){.container{max-width:48rem}}@media (min-width:64rem){.container{max-width:64rem}}@media (min-width:80rem){.container{max-width:80rem}}@media (min-width:96rem){.container{max-width:96rem}}.mx-1{margin-inline:calc(var(--spacing) * 1)}.mx-12{margin-inline:calc(var(--spacing) * 12)}.mx-\\[0\\.12em\\]{margin-inline:.12em}.mx-auto{margin-inline:auto}.mt-1{margin-top:calc(var(--spacing) * 1)}.mt-2{margin-top:calc(var(--spacing) * 2)}.mt-3{margin-top:calc(var(--spacing) * 3)}.mt-4{margin-top:calc(var(--spacing) * 4)}.mt-6{margin-top:calc(var(--spacing) * 6)}.mt-12{margin-top:calc(var(--spacing) * 12)}.mb-1{margin-bottom:calc(var(--spacing) * 1)}.mb-2{margin-bottom:calc(var(--spacing) * 2)}.mb-3{margin-bottom:calc(var(--spacing) * 3)}.mb-4{margin-bottom:calc(var(--spacing) * 4)}.mb-6{margin-bottom:calc(var(--spacing) * 6)}.mb-10{margin-bottom:calc(var(--spacing) * 10)}.ml-2{margin-left:calc(var(--spacing) * 2)}.ml-8{margin-left:calc(var(--spacing) * 8)}.ml-auto{margin-left:auto}.block{display:block}.contents{display:contents}.flex{display:flex}.grid{display:grid}.hidden{display:none}.inline{display:inline}.inline-block{display:inline-block}.inline-flex{display:inline-flex}.table{display:table}.size-\\[7px\\]{width:7px;height:7px}.h-2{height:calc(var(--spacing) * 2)}.h-5{height:calc(var(--spacing) * 5)}.h-7{height:calc(var(--spacing) * 7)}.h-9{height:calc(var(--spacing) * 9)}.h-10{height:calc(var(--spacing) * 10)}.h-11{height:calc(var(--spacing) * 11)}.h-\\[6px\\]{height:6px}.h-\\[7px\\]{height:7px}.h-\\[8px\\]{height:8px}.h-\\[10px\\]{height:10px}.h-\\[18px\\]{height:18px}.h-full{height:100%}.h-px{height:1px}.max-h-72{max-height:calc(var(--spacing) * 72)}.min-h-\\[400px\\]{min-height:400px}.min-h-\\[480px\\]{min-height:480px}.min-h-screen{min-height:100vh}.w-2{width:calc(var(--spacing) * 2)}.w-3{width:calc(var(--spacing) * 3)}.w-4{width:calc(var(--spacing) * 4)}.w-7{width:calc(var(--spacing) * 7)}.w-9{width:calc(var(--spacing) * 9)}.w-\\[7px\\]{width:7px}.w-\\[8px\\]{width:8px}.w-full{width:100%}.w-px{width:1px}.max-w-\\[380px\\]{max-width:380px}.max-w-\\[1080px\\]{max-width:1080px}.min-w-0{min-width:calc(var(--spacing) * 0)}.min-w-5{min-width:calc(var(--spacing) * 5)}.min-w-\\[200px\\]{min-width:200px}.min-w-\\[220px\\]{min-width:220px}.min-w-\\[260px\\]{min-width:260px}.flex-1{flex:1}.flex-\\[1_1_280px\\]{flex:280px}.flex-auto{flex:auto}.flex-none{flex:none}.shrink{flex-shrink:1}.shrink-0{flex-shrink:0}.grow{flex-grow:1}.caption-bottom{caption-side:bottom}.border-collapse{border-collapse:collapse}.transform{transform:var(--tw-rotate-x,) var(--tw-rotate-y,) var(--tw-rotate-z,) var(--tw-skew-x,) var(--tw-skew-y,)}.cursor-move{cursor:move}.cursor-pointer{cursor:pointer}.resize{resize:both}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.grid-cols-\\[72px_1fr\\]{grid-template-columns:72px 1fr}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-baseline{align-items:baseline}.items-center{align-items:center}.items-end{align-items:flex-end}.items-start{align-items:flex-start}.items-stretch{align-items:stretch}.justify-between{justify-content:space-between}.justify-center{justify-content:center}.gap-0{gap:calc(var(--spacing) * 0)}.gap-1{gap:calc(var(--spacing) * 1)}.gap-1\\.5{gap:calc(var(--spacing) * 1.5)}.gap-2{gap:calc(var(--spacing) * 2)}.gap-3{gap:calc(var(--spacing) * 3)}.gap-4{gap:calc(var(--spacing) * 4)}.gap-6{gap:calc(var(--spacing) * 6)}.gap-8{gap:calc(var(--spacing) * 8)}.gap-12{gap:calc(var(--spacing) * 12)}.gap-16{gap:calc(var(--spacing) * 16)}.gap-\\[0\\.65rem\\]{gap:.65rem}.gap-\\[2px\\]{gap:2px}.gap-\\[7px\\]{gap:7px}.gap-px{gap:1px}:where(.space-y-0\\.5>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * .5) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * .5) * calc(1 - var(--tw-space-y-reverse)))}.gap-x-3{column-gap:calc(var(--spacing) * 3)}.gap-x-6{column-gap:calc(var(--spacing) * 6)}.gap-y-1{row-gap:calc(var(--spacing) * 1)}.gap-y-2{row-gap:calc(var(--spacing) * 2)}.gap-y-3{row-gap:calc(var(--spacing) * 3)}.self-center{align-self:center}.truncate{text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.overflow-auto{overflow:auto}.overflow-y-auto{overflow-y:auto}.rounded{border-radius:.25rem}.rounded-\\[3px\\]{border-radius:3px}.rounded-\\[4px\\]{border-radius:4px}.rounded-full{border-radius:3.40282e38px}.rounded-sm{border-radius:var(--radius-sm)}.border{border-style:var(--tw-border-style);border-width:1px}.border-0{border-style:var(--tw-border-style);border-width:0}.border-t{border-top-style:var(--tw-border-style);border-top-width:1px}.border-b{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}.border-l-2{border-left-style:var(--tw-border-style);border-left-width:2px}.border-dashed{--tw-border-style:dashed;border-style:dashed}.bg-transparent{background-color:#0000}.p-0{padding:calc(var(--spacing) * 0)}.p-5{padding:calc(var(--spacing) * 5)}.p-6{padding:calc(var(--spacing) * 6)}.px-0{padding-inline:calc(var(--spacing) * 0)}.px-0\\.5{padding-inline:calc(var(--spacing) * .5)}.px-1{padding-inline:calc(var(--spacing) * 1)}.px-1\\.5{padding-inline:calc(var(--spacing) * 1.5)}.px-2{padding-inline:calc(var(--spacing) * 2)}.px-3{padding-inline:calc(var(--spacing) * 3)}.px-4{padding-inline:calc(var(--spacing) * 4)}.px-5{padding-inline:calc(var(--spacing) * 5)}.px-6{padding-inline:calc(var(--spacing) * 6)}.px-8{padding-inline:calc(var(--spacing) * 8)}.px-12{padding-inline:calc(var(--spacing) * 12)}.px-\\[5px\\]{padding-inline:5px}.px-\\[6px\\]{padding-inline:6px}.py-0\\.5{padding-block:calc(var(--spacing) * .5)}.py-1{padding-block:calc(var(--spacing) * 1)}.py-2{padding-block:calc(var(--spacing) * 2)}.py-2\\.5{padding-block:calc(var(--spacing) * 2.5)}.py-3{padding-block:calc(var(--spacing) * 3)}.py-4{padding-block:calc(var(--spacing) * 4)}.py-5{padding-block:calc(var(--spacing) * 5)}.py-6{padding-block:calc(var(--spacing) * 6)}.py-8{padding-block:calc(var(--spacing) * 8)}.py-12{padding-block:calc(var(--spacing) * 12)}.py-16{padding-block:calc(var(--spacing) * 16)}.py-\\[3px\\]{padding-block:3px}.py-px{padding-block:1px}.pt-0\\.5{padding-top:calc(var(--spacing) * .5)}.pt-1{padding-top:calc(var(--spacing) * 1)}.pt-2{padding-top:calc(var(--spacing) * 2)}.pt-5{padding-top:calc(var(--spacing) * 5)}.pt-7{padding-top:calc(var(--spacing) * 7)}.pt-8{padding-top:calc(var(--spacing) * 8)}.pt-12{padding-top:calc(var(--spacing) * 12)}.pr-0{padding-right:calc(var(--spacing) * 0)}.pr-2{padding-right:calc(var(--spacing) * 2)}.pr-3{padding-right:calc(var(--spacing) * 3)}.pr-6{padding-right:calc(var(--spacing) * 6)}.pb-1{padding-bottom:calc(var(--spacing) * 1)}.pb-1\\.5{padding-bottom:calc(var(--spacing) * 1.5)}.pb-4{padding-bottom:calc(var(--spacing) * 4)}.pb-5{padding-bottom:calc(var(--spacing) * 5)}.pb-6{padding-bottom:calc(var(--spacing) * 6)}.pb-8{padding-bottom:calc(var(--spacing) * 8)}.pb-12{padding-bottom:calc(var(--spacing) * 12)}.pl-0{padding-left:calc(var(--spacing) * 0)}.pl-3{padding-left:calc(var(--spacing) * 3)}.pl-4{padding-left:calc(var(--spacing) * 4)}.pl-\\[7px\\]{padding-left:7px}.text-center{text-align:center}.text-left{text-align:left}.text-right{text-align:right}.align-middle{vertical-align:middle}.align-top{vertical-align:top}.font-mono{font-family:var(--font-mono)}.font-sans{font-family:var(--font-sans)}.text-sm{font-size:var(--text-sm);line-height:var(--tw-leading,var(--text-sm--line-height))}.text-\\[9px\\]{font-size:9px}.text-\\[10px\\]{font-size:10px}.text-\\[11px\\]{font-size:11px}.text-\\[12px\\]{font-size:12px}.text-\\[13px\\]{font-size:13px}.text-\\[14px\\]{font-size:14px}.text-\\[15px\\]{font-size:15px}.text-\\[22px\\]{font-size:22px}.text-\\[28px\\]{font-size:28px}.text-\\[44px\\]{font-size:44px}.text-\\[72px\\]{font-size:72px}.text-\\[clamp\\(28px\\,5vw\\,52px\\)\\]{font-size:clamp(28px,5vw,52px)}.leading-\\[0\\.9\\]{--tw-leading:.9;line-height:.9}.leading-none{--tw-leading:1;line-height:1}.leading-snug{--tw-leading:var(--leading-snug);line-height:var(--leading-snug)}.leading-tight{--tw-leading:var(--leading-tight);line-height:var(--leading-tight)}.font-bold{--tw-font-weight:var(--font-weight-bold);font-weight:var(--font-weight-bold)}.font-light{--tw-font-weight:var(--font-weight-light);font-weight:var(--font-weight-light)}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.tracking-\\[-0\\.02em\\]{--tw-tracking:-.02em;letter-spacing:-.02em}.tracking-\\[0\\.1em\\]{--tw-tracking:.1em;letter-spacing:.1em}.tracking-\\[0\\.05em\\]{--tw-tracking:.05em;letter-spacing:.05em}.tracking-\\[0\\.08em\\]{--tw-tracking:.08em;letter-spacing:.08em}.tracking-\\[0\\.11em\\]{--tw-tracking:.11em;letter-spacing:.11em}.tracking-\\[0\\.12em\\]{--tw-tracking:.12em;letter-spacing:.12em}.tracking-\\[0\\.15em\\]{--tw-tracking:.15em;letter-spacing:.15em}.tracking-\\[0\\.16em\\]{--tw-tracking:.16em;letter-spacing:.16em}.tracking-\\[0\\.22em\\]{--tw-tracking:.22em;letter-spacing:.22em}.tracking-normal{--tw-tracking:var(--tracking-normal);letter-spacing:var(--tracking-normal)}.tracking-tight{--tw-tracking:var(--tracking-tight);letter-spacing:var(--tracking-tight)}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.whitespace-nowrap{white-space:nowrap}.capitalize{text-transform:capitalize}.lowercase{text-transform:lowercase}.normal-case{text-transform:none}.uppercase{text-transform:uppercase}.italic{font-style:italic}.tabular-nums{--tw-numeric-spacing:tabular-nums;font-variant-numeric:var(--tw-ordinal,) var(--tw-slashed-zero,) var(--tw-numeric-figure,) var(--tw-numeric-spacing,) var(--tw-numeric-fraction,)}.no-underline{text-decoration-line:none}.opacity-40{opacity:.4}.opacity-70{opacity:.7}.shadow{--tw-shadow:0 1px 3px 0 var(--tw-shadow-color,#0000001a), 0 1px 2px -1px var(--tw-shadow-color,#0000001a);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_4px_12px_rgba\\(0\\,0\\,0\\,0\\.08\\)\\]{--tw-shadow:0 4px 12px var(--tw-shadow-color,#00000014);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_8px_24px_rgba\\(0\\,0\\,0\\,0\\.12\\)\\]{--tw-shadow:0 8px 24px var(--tw-shadow-color,#0000001f);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.ring{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.outline{outline-style:var(--tw-outline-style);outline-width:1px}.outline-0{outline-style:var(--tw-outline-style);outline-width:0}.blur{--tw-blur:blur(8px);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.invert{--tw-invert:invert(100%);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.filter{filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.backdrop-blur-sm{--tw-backdrop-blur:blur(var(--blur-sm));-webkit-backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,);backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-colors{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.duration-150{--tw-duration:.15s;transition-duration:.15s}.select-none{-webkit-user-select:none;user-select:none}.group-data-\\[state\\=off\\]\\:opacity-30:is(:where(.group)[data-state=off] *){opacity:.3}.before\\:absolute:before{content:var(--tw-content);position:absolute}.before\\:left-0:before{content:var(--tw-content);left:calc(var(--spacing) * 0)}.before\\:content-\\[\\'→\\'\\]:before{--tw-content:"→";content:var(--tw-content)}.after\\:ml-auto:after{content:var(--tw-content);margin-left:auto}.after\\:font-mono:after{content:var(--tw-content);font-family:var(--font-mono)}.after\\:text-\\[9px\\]:after{content:var(--tw-content);font-size:9px}.after\\:tracking-\\[0\\.1em\\]:after{content:var(--tw-content);--tw-tracking:.1em;letter-spacing:.1em}.after\\:content-\\[\\'ON\\'\\]:after{--tw-content:"ON";content:var(--tw-content)}.last\\:border-b-0:last-child{border-bottom-style:var(--tw-border-style);border-bottom-width:0}@media (hover:hover){.hover\\:text-white:hover{color:var(--color-white)}.hover\\:opacity-90:hover{opacity:.9}}.focus-visible\\:ring-1:focus-visible{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.focus-visible\\:outline-none:focus-visible{--tw-outline-style:none;outline-style:none}.disabled\\:pointer-events-none:disabled{pointer-events:none}.disabled\\:opacity-40:disabled{opacity:.4}.data-\\[open\\=false\\]\\:hidden[data-open=false]{display:none}.data-\\[pinned\\=true\\]\\:pointer-events-auto[data-pinned=true]{pointer-events:auto}.data-\\[state\\=off\\]\\:line-through[data-state=off]{text-decoration-line:line-through}.data-\\[state\\=off\\]\\:after\\:content-\\[\\'OFF\\'\\][data-state=off]:after{--tw-content:"OFF";content:var(--tw-content)}@media (min-width:40rem){.sm\\:min-w-\\[320px\\]{min-width:320px}}@media (min-width:48rem){.md\\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.md\\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.md\\:grid-cols-\\[1\\.4fr_1fr\\]{grid-template-columns:1.4fr 1fr}}.\\[\\&_svg\\]\\:size-\\[14px\\] svg{width:14px;height:14px}.\\[\\&_svg\\]\\:shrink-0 svg{flex-shrink:0}.\\[\\&_tr\\]\\:border-b-0 tr{border-bottom-style:var(--tw-border-style);border-bottom-width:0}.\\[\\&\\>\\*\\+\\*\\]\\:ml-6>*+*{margin-left:calc(var(--spacing) * 6)}.\\[\\&\\>\\*\\+\\*\\]\\:border-l>*+*{border-left-style:var(--tw-border-style);border-left-width:1px}.\\[\\&\\>\\*\\+\\*\\]\\:pl-6>*+*{padding-left:calc(var(--spacing) * 6)}.\\[\\&\\>td\\]\\:border-b>td{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}}@property --tw-rotate-x{syntax:"*";inherits:false}@property --tw-rotate-y{syntax:"*";inherits:false}@property --tw-rotate-z{syntax:"*";inherits:false}@property --tw-skew-x{syntax:"*";inherits:false}@property --tw-skew-y{syntax:"*";inherits:false}@property --tw-space-y-reverse{syntax:"*";inherits:false;initial-value:0}@property --tw-border-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-leading{syntax:"*";inherits:false}@property --tw-font-weight{syntax:"*";inherits:false}@property --tw-tracking{syntax:"*";inherits:false}@property --tw-ordinal{syntax:"*";inherits:false}@property --tw-slashed-zero{syntax:"*";inherits:false}@property --tw-numeric-figure{syntax:"*";inherits:false}@property --tw-numeric-spacing{syntax:"*";inherits:false}@property --tw-numeric-fraction{syntax:"*";inherits:false}@property --tw-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-shadow-color{syntax:"*";inherits:false}@property --tw-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-inset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-shadow-color{syntax:"*";inherits:false}@property --tw-inset-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-ring-color{syntax:"*";inherits:false}@property --tw-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-ring-color{syntax:"*";inherits:false}@property --tw-inset-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-ring-inset{syntax:"*";inherits:false}@property --tw-ring-offset-width{syntax:"<length>";inherits:false;initial-value:0}@property --tw-ring-offset-color{syntax:"*";inherits:false;initial-value:#fff}@property --tw-ring-offset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-outline-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-blur{syntax:"*";inherits:false}@property --tw-brightness{syntax:"*";inherits:false}@property --tw-contrast{syntax:"*";inherits:false}@property --tw-grayscale{syntax:"*";inherits:false}@property --tw-hue-rotate{syntax:"*";inherits:false}@property --tw-invert{syntax:"*";inherits:false}@property --tw-opacity{syntax:"*";inherits:false}@property --tw-saturate{syntax:"*";inherits:false}@property --tw-sepia{syntax:"*";inherits:false}@property --tw-drop-shadow{syntax:"*";inherits:false}@property --tw-drop-shadow-color{syntax:"*";inherits:false}@property --tw-drop-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-drop-shadow-size{syntax:"*";inherits:false}@property --tw-backdrop-blur{syntax:"*";inherits:false}@property --tw-backdrop-brightness{syntax:"*";inherits:false}@property --tw-backdrop-contrast{syntax:"*";inherits:false}@property --tw-backdrop-grayscale{syntax:"*";inherits:false}@property --tw-backdrop-hue-rotate{syntax:"*";inherits:false}@property --tw-backdrop-invert{syntax:"*";inherits:false}@property --tw-backdrop-opacity{syntax:"*";inherits:false}@property --tw-backdrop-saturate{syntax:"*";inherits:false}@property --tw-backdrop-sepia{syntax:"*";inherits:false}@property --tw-duration{syntax:"*";inherits:false}@property --tw-content{syntax:"*";inherits:false;initial-value:""}`,bi=Object.defineProperty,ee=R((e,t)=>bi(e,"name",{value:t,configurable:!0}),"d$1");const xi=yi,S=ee(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;"),"escapeHtml"),ki={major:"major bump","minor-patch":"safe",unknown:"no fix"},$i=ee((e,t)=>{if(t.length===0)return{kind:"unknown",label:"no fix"};const a=T.coerce(e);if(!a)return{kind:"unknown",label:"non-semver"};let i,r;for(const n of t){const o=T.coerce(n);if(!o)continue;const c=T.diff(a,o);c==="major"||c==="premajor"?i||(i=n):(c==="minor"||c==="patch"||c==="preminor"||c==="prepatch")&&!r&&(r=n)}return r?{kind:"minor-patch",label:`safe to ${r}`}:i?{kind:"major",label:`requires major bump to ${i}`}:{kind:"unknown",label:"no usable fix"}},"breakingMarker"),Si=new Map([["are you at risk","RISK"],["what it is","VECTOR"],["what to do","ACTION"]]),Ai=ee(e=>e.split(`
33
- `).map(t=>{const a=t.trim();if(!a)return"";const i=a.match(/^([^:]{2,40}):\s*(.+)$/u);if(i?.[1]&&i[2]){const r=Si.get(i[1].trim().toLowerCase())??i[1].trim().toUpperCase();return`<div class="intel-line grid grid-cols-[72px_1fr] items-start gap-4"><span class="intel-key pt-0.5 text-[9px] font-bold uppercase">${S(r)}</span><span class="intel-val text-[13px]">${S(i[2].trim())}</span></div>`}return`<div class="intel-line intel-prose grid items-start gap-4"><span class="intel-val text-[13px]">${S(a)}</span></div>`}).join(""),"renderExplanation"),Ni='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"/></svg>',Ci='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><circle cx="12" cy="12" r="4"/><path d="M12 2v2m0 16v2M4.93 4.93l1.41 1.41m11.32 11.32 1.41 1.41M2 12h2m16 0h2M4.93 19.07l1.41-1.41m11.32-11.32 1.41-1.41"/></svg>',K="px-3 py-3 text-left align-middle",q="sticky top-0 z-[2] px-3 py-3 text-left text-[10px] font-medium uppercase whitespace-nowrap select-none",J="px-3 py-3 text-left text-[10px] font-medium uppercase",ji=ee(e=>`<ul class="dep-paths flex flex-col gap-2 px-3 py-3">${e.map(t=>`<li class="dep-path flex flex-wrap items-center gap-y-1">${t.map((a,i)=>{const r=`${a.name}@${a.version}`,n=i<t.length-1?'<span class="dep-arrow muted px-1">→</span>':"";return`<code class="dep-node text-[12px]">${S(r)}</code>${n}`}).join("")}</li>`).join("")}</ul>`,"renderDependencyPaths"),Ri=ee(e=>{const{acknowledged:t,dependencyPaths:a,explanation:i,packageName:r,packageVersion:n,remediation:o,vulnerability:c}=e,{severity:l}=c,d=$i(n,c.fixedVersions),m=c.fixedVersions.length>0?c.fixedVersions.join(", "):"—",b=o?`<code class="copyable" data-cmd="${S(o)}" title="Click to copy">${S(o)}</code>`:'<span class="muted">advisory only</span>',h=`data-severity="${l}" data-package="${S(r)}" data-advisory="${S(c.id)}"`,w=`<tr class="${t?"finding-row ack-row":"finding-row"}" ${h}>
31
+ ${m}`,ft(r,d),i.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.yml (${String(c.length)} total)`);break}default:i.push(`Unknown package manager: ${e}`)}return i},"syncAcceptedRisksToNativeConfig");var ii=Object.defineProperty,ri=j((e,t)=>ii(e,"name",{value:t,configurable:!0}),"c$3");const ni="1.0",oi=ri(e=>{const{bloomHits:t,duplicates:a,explanations:i,filtered:r,now:n,packagesScanned:o,policyDecisions:c,tool:l,unknownPolicyTokens:d,workspaceRoot:m}=e,b=r.map(g=>({acceptedRisk:g.acceptedRisk??null,dependencyPaths:g.dependencyPaths?g.dependencyPaths.map($=>$.map(x=>({name:x.name,version:x.version}))):[],name:g.name,socketAlerts:g.socketReport?.alerts??[],socketScore:g.socketReport?.score.overall??null,version:g.version,vulnerabilities:g.vulnerabilities.map($=>{const x=i.get(Oe({packageName:g.name,packageVersion:g.version,vulnerability:$}));return x?{...$,explanation:x}:{...$}})})),h=c.map(g=>({acceptedRisk:g.acceptedRisk??null,data:g.data??null,packageName:g.packageName,policy:g.policy,reason:g.reason,severity:g.severity,version:g.version})),w={accepted:b.filter(g=>g.acceptedRisk!==null).length,duplicatePackages:a.length,issues:b.filter(g=>g.acceptedRisk===null).length,policyBlocks:h.filter(g=>g.severity==="block"&&g.acceptedRisk===null).length,policyDecisions:h.length,total:b.length},y=d.map(g=>({kind:"unknown-policy",token:g}));return{bloomHits:t.map(g=>({name:g.name,version:g.version})),duplicates:a.map(g=>({name:g.name,versionCount:g.versions.length,versions:[...g.versions]})),generatedAt:(n??new Date).toISOString(),packages:o,policies:h,results:b,schemaVersion:ni,summary:w,tool:l,warnings:y,workspaceRoot:m}},"buildAuditReport");var si=Object.defineProperty,te=j((e,t)=>si(e,"name",{value:t,configurable:!0}),"r");const ci=["CRITICAL","HIGH","MODERATE","LOW","UNKNOWN"],li={CRITICAL:"error",HIGH:"error",LOW:"note",MODERATE:"warning",UNKNOWN:"none"},pi={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"none"},di={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},gi=te(e=>li[e],"severityToSarifLevel"),Ke=te(e=>pi[e],"severityLabel"),ui=te(e=>di[e],"severityFallbackScore"),Ze=te(e=>typeof e.cvssScore=="number"&&Number.isFinite(e.cvssScore)?e.cvssScore:ui(e.severity),"cvssScore"),fi=te(e=>Ze(e).toFixed(1),"securitySeverityString"),V=te(e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,"advisoryUri"),Re=te(e=>e.startsWith("CVE-")?"NVD":e.startsWith("GHSA-")?"GitHub Advisory Database":"OSV","advisorySourceName");var mi=`/*! tailwindcss v4.3.0 | MIT License | https://tailwindcss.com */
32
+ @layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){*,:before,:after,::backdrop{--tw-rotate-x:initial;--tw-rotate-y:initial;--tw-rotate-z:initial;--tw-skew-x:initial;--tw-skew-y:initial;--tw-space-y-reverse:0;--tw-border-style:solid;--tw-leading:initial;--tw-font-weight:initial;--tw-tracking:initial;--tw-ordinal:initial;--tw-slashed-zero:initial;--tw-numeric-figure:initial;--tw-numeric-spacing:initial;--tw-numeric-fraction:initial;--tw-shadow:0 0 #0000;--tw-shadow-color:initial;--tw-shadow-alpha:100%;--tw-inset-shadow:0 0 #0000;--tw-inset-shadow-color:initial;--tw-inset-shadow-alpha:100%;--tw-ring-color:initial;--tw-ring-shadow:0 0 #0000;--tw-inset-ring-color:initial;--tw-inset-ring-shadow:0 0 #0000;--tw-ring-inset:initial;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-offset-shadow:0 0 #0000;--tw-outline-style:solid;--tw-blur:initial;--tw-brightness:initial;--tw-contrast:initial;--tw-grayscale:initial;--tw-hue-rotate:initial;--tw-invert:initial;--tw-opacity:initial;--tw-saturate:initial;--tw-sepia:initial;--tw-drop-shadow:initial;--tw-drop-shadow-color:initial;--tw-drop-shadow-alpha:100%;--tw-drop-shadow-size:initial;--tw-backdrop-blur:initial;--tw-backdrop-brightness:initial;--tw-backdrop-contrast:initial;--tw-backdrop-grayscale:initial;--tw-backdrop-hue-rotate:initial;--tw-backdrop-invert:initial;--tw-backdrop-opacity:initial;--tw-backdrop-saturate:initial;--tw-backdrop-sepia:initial;--tw-duration:initial;--tw-content:""}}}@layer theme{:root,:host{--font-sans:ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-mono:ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--color-white:#fff;--spacing:.25rem;--text-sm:.875rem;--text-sm--line-height:calc(1.25 / .875);--font-weight-light:300;--font-weight-medium:500;--font-weight-semibold:600;--font-weight-bold:700;--tracking-tight:-.025em;--tracking-normal:0em;--leading-tight:1.25;--leading-snug:1.375;--radius-sm:.25rem;--ease-out:cubic-bezier(0, 0, .2, 1);--blur-sm:8px;--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:var(--font-sans);--default-mono-font-family:var(--font-mono)}}@layer base{*,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab, red, red)){::placeholder{color:color-mix(in oklab, currentcolor 50%, transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){appearance:button}::file-selector-button{appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}:root{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d;--mono:ui-monospace, "SF Mono", "JetBrains Mono", "Cascadia Mono", "Roboto Mono", Menlo, Consolas, monospace;--sans:system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", sans-serif}@media (prefers-color-scheme:dark){:root{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}}html[data-theme=light]{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d}html[data-theme=dark]{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}*{box-sizing:border-box}html{-webkit-text-size-adjust:100%}body{font-family:var(--sans);background-color:var(--bg);background-image:radial-gradient(circle, var(--border) .5px, transparent .5px);color:var(--fg);-webkit-font-smoothing:antialiased;font-feature-settings:"ss01";background-size:14px 14px;margin:0;padding:24px;line-height:1.5}a{color:var(--link);text-decoration:none}code{font-family:var(--mono);font-size:12px}h2{font-family:var(--mono);letter-spacing:.16em;text-transform:uppercase;color:var(--muted);margin:48px 0 14px;font-size:11px;font-weight:500}input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select{appearance:none;--tw-shadow:0 0 #0000;background-color:#fff;border-width:1px;border-color:oklch(55.1% .027 264.364);border-radius:0;padding:.5rem .75rem;font-size:1rem;line-height:1.5rem}:is(input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);border-color:oklch(54.6% .245 262.881);outline:2px solid #0000}input::placeholder,textarea::placeholder{color:oklch(55.1% .027 264.364);opacity:1}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-date-and-time-value{min-height:1.5em}::-webkit-date-and-time-value{text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-year-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-month-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-day-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-hour-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-minute-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-second-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-millisecond-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-meridiem-field{padding-top:0;padding-bottom:0}select{-webkit-print-color-adjust:exact;print-color-adjust:exact;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 20 20'%3e%3cpath stroke='oklch(55.1%25 0.027 264.364)' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' d='M6 8l4 4 4-4'/%3e%3c/svg%3e");background-position:right .5rem center;background-repeat:no-repeat;background-size:1.5em 1.5em;padding-right:2.5rem}select:where([multiple]),select:where([size]:not([size="1"])){background-image:initial;background-position:initial;background-repeat:unset;background-size:initial;print-color-adjust:unset;padding-right:.75rem}input:where([type=checkbox]),input:where([type=radio]){appearance:none;-webkit-print-color-adjust:exact;print-color-adjust:exact;vertical-align:middle;-webkit-user-select:none;user-select:none;color:oklch(54.6% .245 262.881);--tw-shadow:0 0 #0000;background-color:#fff;background-origin:border-box;border-width:1px;border-color:oklch(55.1% .027 264.364);flex-shrink:0;width:1rem;height:1rem;padding:0;display:inline-block}input:where([type=checkbox]){border-radius:0}input:where([type=radio]){border-radius:100%}input:where([type=checkbox]):focus,input:where([type=radio]):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:2px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);outline:2px solid #0000}input:where([type=checkbox]):checked,input:where([type=radio]):checked{background-color:currentColor;background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}input:where([type=checkbox]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3cpath d='M12.207 4.793a1 1 0 010 1.414l-5 5a1 1 0 01-1.414 0l-2-2a1 1 0 011.414-1.414L6.5 9.086l4.293-4.293a1 1 0 011.414 0z'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=checkbox]):checked{appearance:auto}}input:where([type=radio]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3ccircle cx='8' cy='8' r='3'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=radio]):checked{appearance:auto}}input:where([type=checkbox]):checked:hover,input:where([type=checkbox]):checked:focus,input:where([type=radio]):checked:hover,input:where([type=radio]):checked:focus{background-color:currentColor;border-color:#0000}input:where([type=checkbox]):indeterminate{background-color:currentColor;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 16 16'%3e%3cpath stroke='white' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M4 8h8'/%3e%3c/svg%3e");background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}@media (forced-colors:active){input:where([type=checkbox]):indeterminate{appearance:auto}}input:where([type=checkbox]):indeterminate:hover,input:where([type=checkbox]):indeterminate:focus{background-color:currentColor;border-color:#0000}input:where([type=file]){background:unset;border-color:inherit;font-size:unset;line-height:inherit;border-width:0;border-radius:0;padding:0}input:where([type=file]):focus{outline:1px solid buttontext;outline:1px auto -webkit-focus-ring-color}}@layer components{.masthead{border-bottom:1px solid var(--border)}.brand{font-family:var(--sans);color:var(--fg);font-size:clamp(30px,5vw,52px);font-weight:600}.brand .slash{color:var(--accent)}.brand .sub{font-family:var(--mono);letter-spacing:.22em;color:var(--faint)}.chip{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2)}.tbtn{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2);transition:border-color .2s,color .2s}.tbtn:hover{color:var(--fg);border-color:var(--fg)}.tbtn-theme{min-width:28px}.tbtn-theme .ticon{line-height:0}.tbtn-theme .ticon-sun{display:none}@media (prefers-color-scheme:dark){.tbtn-theme .ticon-moon{display:none}.tbtn-theme .ticon-sun{display:inline-flex}}html[data-theme=light] .tbtn-theme .ticon-moon{display:inline-flex}html[data-theme=light] .tbtn-theme .ticon-sun,html[data-theme=dark] .tbtn-theme .ticon-moon{display:none}html[data-theme=dark] .tbtn-theme .ticon-sun{display:inline-flex}.verdict{padding:56px 0 36px}.verdict .vnum{font-family:var(--mono);letter-spacing:-.04em;color:var(--fg);font-variant-numeric:tabular-nums;font-size:clamp(64px,14vw,148px);line-height:.85}.verdict .vsub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}.verdict-crit .vnum{color:var(--accent)}.verdict-high .vnum{color:var(--high)}.debugbar{border-bottom:1px solid var(--border)}.dseg+.dseg{border-left:1px solid var(--border);padding-left:1.75rem}.dseg .dk{font-family:var(--mono);letter-spacing:.13em;color:var(--faint)}.dseg .dv{font-family:var(--mono);color:var(--fg);font-variant-numeric:tabular-nums;letter-spacing:-.01em;font-weight:400}.dseg .dvsep{color:var(--faint)}.dseg .dot{background:var(--unknown)}.dseg-critical .dv{color:var(--critical)}.dseg-high .dv{color:var(--high)}.dseg-moderate .dv{color:var(--medium)}.dseg-low .dv{color:var(--low)}.dseg-ok .dot{background:var(--minor)}.dseg-ok .dv,.dseg-fixable .dv{color:var(--minor)}.field{border-bottom:1px solid var(--border2);background:0 0;transition:border-color .2s}.field:focus-within{border-bottom-color:var(--fg)}.field .prompt{font-family:var(--mono);letter-spacing:.12em;color:var(--faint)}.field input,.field select{font-family:var(--mono);color:var(--fg)}.field.sel{margin-left:32px}.field select{text-transform:uppercase;letter-spacing:.06em;font-size:11px}.field select option{background:var(--panel);color:var(--fg);text-transform:none;letter-spacing:0}.field input::placeholder{color:var(--faint);text-transform:uppercase;letter-spacing:.06em;font-size:11px}#findings{border-collapse:collapse}#findings thead th{font-family:var(--mono);letter-spacing:.11em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#findings td,#findings tbody tr:last-child td{border-bottom:1px solid var(--border)}.finding-row:hover td{background:var(--row-hover)}.sev-cell{box-shadow:inset 2px 0 0 var(--border2)}tr[data-severity=CRITICAL] .sev-cell{box-shadow:inset 2px 0 0 var(--critical)}tr[data-severity=HIGH] .sev-cell{box-shadow:inset 2px 0 0 var(--high)}tr[data-severity=MODERATE] .sev-cell{box-shadow:inset 2px 0 0 var(--medium)}tr[data-severity=LOW] .sev-cell{box-shadow:inset 2px 0 0 var(--low)}tr[data-severity=UNKNOWN] .sev-cell{box-shadow:inset 2px 0 0 var(--unknown)}.ack-row td{opacity:.4}.ack-row .summary-cell,.ack-row a{color:var(--muted)}code.pkg{color:var(--fg)}code.ver,code.fix{color:var(--muted)}code.fix{color:var(--minor)}code.copyable{cursor:copy;padding-inline:calc(var(--spacing) * 2);padding-block:calc(var(--spacing) * 1);white-space:nowrap;color:var(--fg);border:1px solid var(--border2);background:0 0;border-radius:3px;font-size:12px;transition:border-color .2s,color .2s;display:inline-block}code.copyable:hover{border-color:var(--fg)}code.copyable.copied{color:var(--minor);border-color:var(--minor)}.adv-cell a{font-family:var(--mono);color:var(--link);border-bottom:1px solid #0000;transition:border-color .2s}.adv-cell a:hover{border-bottom-color:var(--link)}.summary-cell{font-family:var(--sans);color:var(--muted);line-height:1.5}.muted{font-family:var(--mono);letter-spacing:.06em;color:var(--faint)}.ack{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);border:1px solid var(--border2)}.badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.badge:before{content:"";background:currentColor;width:5px;height:5px}.badge-critical{color:var(--critical)}.badge-high{color:var(--high)}.badge-moderate{color:var(--medium)}.badge-low{color:var(--low)}.badge-unknown{color:var(--unknown)}.marker{font-family:var(--mono);letter-spacing:.09em}.marker-major{color:var(--major)}.marker-minor-patch{color:var(--minor)}.marker-unknown{color:var(--unknown)}.empty{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border);border-bottom:1px solid var(--border)}.clean{padding-top:96px;padding-bottom:96px}.clean .big{font-family:var(--mono);letter-spacing:-.03em;color:var(--fg);font-size:clamp(56px,12vw,128px);line-height:1}.clean .sub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}#policies{border-collapse:collapse}#policies th{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#policies td,#policies tr:last-child td{border-bottom:1px solid var(--border)}#policies code{letter-spacing:.04em;color:var(--muted)}.policy-badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.policy-badge:before{content:"";background:currentColor;width:5px;height:5px}.policy-block{color:var(--accent)}.policy-warn{color:var(--high)}.policy-info{color:var(--muted)}.hint{font-family:var(--mono);letter-spacing:.1em;color:var(--faint)}.kbd{font-family:var(--mono);letter-spacing:.06em;color:var(--muted);background:var(--panel2);border:1px solid var(--border2)}.explain-row td{border-top:1px dotted var(--accent);border-bottom:1px solid var(--border);box-shadow:inset 2px 0 0 var(--accent);background:0 0}.finding-row:has(+.explain-row) td{border-bottom:none}.explain-row details{background:0 0}.explain-row summary::-webkit-details-marker{display:none}.intel-tag{font-family:var(--mono);letter-spacing:.16em;color:var(--accent)}.intel-hint{font-family:var(--mono);letter-spacing:.1em;color:var(--muted)}.explain-row details[open] summary .intel-hint:after{content:" [-]"}.explain-row details:not([open]) summary .intel-hint:after{content:" [+]"}.explain-body{animation:.2s both rise}.intel-key{font-family:var(--mono);letter-spacing:.12em;color:var(--accent)}.intel-val{font-family:var(--sans);color:var(--fg);line-height:1.55}.intel-prose{color:var(--muted);grid-template-columns:1fr}.intel-prose .intel-val{color:var(--muted)}.sig{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border)}.sig b{color:var(--muted);font-weight:500}.sig-by{color:var(--muted)}.anolilab-logo{width:auto;height:13px;fill:var(--fg)}.anolilab-accent{fill:#dfff1b}@keyframes rise{0%{opacity:0;transform:translateY(4px)}to{opacity:1;transform:none}}@media (prefers-reduced-motion:reduce){.explain-body{animation:none}}}@layer utilities{.pointer-events-auto{pointer-events:auto}.pointer-events-none{pointer-events:none}.collapse{visibility:collapse}.invisible{visibility:hidden}.visible{visibility:visible}.absolute{position:absolute}.fixed{position:fixed}.relative{position:relative}.static{position:static}.sticky{position:sticky}.inset-0{inset:calc(var(--spacing) * 0)}.inset-x-0{inset-inline:calc(var(--spacing) * 0)}.top-0{top:calc(var(--spacing) * 0)}.top-3{top:calc(var(--spacing) * 3)}.top-4{top:calc(var(--spacing) * 4)}.top-full{top:100%}.right-0{right:calc(var(--spacing) * 0)}.right-4{right:calc(var(--spacing) * 4)}.bottom-4{bottom:calc(var(--spacing) * 4)}.bottom-5{bottom:calc(var(--spacing) * 5)}.left-0{left:calc(var(--spacing) * 0)}.left-4{left:calc(var(--spacing) * 4)}.isolate{isolation:isolate}.z-20{z-index:20}.z-30{z-index:30}.z-\\[2\\]{z-index:2}.container{width:100%}@media (min-width:40rem){.container{max-width:40rem}}@media (min-width:48rem){.container{max-width:48rem}}@media (min-width:64rem){.container{max-width:64rem}}@media (min-width:80rem){.container{max-width:80rem}}@media (min-width:96rem){.container{max-width:96rem}}.mx-1{margin-inline:calc(var(--spacing) * 1)}.mx-12{margin-inline:calc(var(--spacing) * 12)}.mx-\\[0\\.12em\\]{margin-inline:.12em}.mx-auto{margin-inline:auto}.mt-1{margin-top:calc(var(--spacing) * 1)}.mt-2{margin-top:calc(var(--spacing) * 2)}.mt-3{margin-top:calc(var(--spacing) * 3)}.mt-4{margin-top:calc(var(--spacing) * 4)}.mt-6{margin-top:calc(var(--spacing) * 6)}.mt-12{margin-top:calc(var(--spacing) * 12)}.mb-1{margin-bottom:calc(var(--spacing) * 1)}.mb-2{margin-bottom:calc(var(--spacing) * 2)}.mb-3{margin-bottom:calc(var(--spacing) * 3)}.mb-4{margin-bottom:calc(var(--spacing) * 4)}.mb-6{margin-bottom:calc(var(--spacing) * 6)}.mb-10{margin-bottom:calc(var(--spacing) * 10)}.ml-2{margin-left:calc(var(--spacing) * 2)}.ml-8{margin-left:calc(var(--spacing) * 8)}.ml-auto{margin-left:auto}.block{display:block}.contents{display:contents}.flex{display:flex}.grid{display:grid}.hidden{display:none}.inline{display:inline}.inline-block{display:inline-block}.inline-flex{display:inline-flex}.table{display:table}.size-\\[7px\\]{width:7px;height:7px}.h-2{height:calc(var(--spacing) * 2)}.h-5{height:calc(var(--spacing) * 5)}.h-7{height:calc(var(--spacing) * 7)}.h-9{height:calc(var(--spacing) * 9)}.h-10{height:calc(var(--spacing) * 10)}.h-11{height:calc(var(--spacing) * 11)}.h-\\[6px\\]{height:6px}.h-\\[7px\\]{height:7px}.h-\\[8px\\]{height:8px}.h-\\[10px\\]{height:10px}.h-\\[18px\\]{height:18px}.h-full{height:100%}.h-px{height:1px}.max-h-72{max-height:calc(var(--spacing) * 72)}.min-h-\\[400px\\]{min-height:400px}.min-h-\\[480px\\]{min-height:480px}.min-h-screen{min-height:100vh}.w-2{width:calc(var(--spacing) * 2)}.w-3{width:calc(var(--spacing) * 3)}.w-4{width:calc(var(--spacing) * 4)}.w-7{width:calc(var(--spacing) * 7)}.w-9{width:calc(var(--spacing) * 9)}.w-\\[7px\\]{width:7px}.w-\\[8px\\]{width:8px}.w-full{width:100%}.w-px{width:1px}.max-w-\\[380px\\]{max-width:380px}.max-w-\\[1080px\\]{max-width:1080px}.min-w-0{min-width:calc(var(--spacing) * 0)}.min-w-5{min-width:calc(var(--spacing) * 5)}.min-w-\\[200px\\]{min-width:200px}.min-w-\\[220px\\]{min-width:220px}.min-w-\\[260px\\]{min-width:260px}.flex-1{flex:1}.flex-\\[1_1_280px\\]{flex:280px}.flex-auto{flex:auto}.flex-none{flex:none}.shrink{flex-shrink:1}.shrink-0{flex-shrink:0}.grow{flex-grow:1}.caption-bottom{caption-side:bottom}.border-collapse{border-collapse:collapse}.transform{transform:var(--tw-rotate-x,) var(--tw-rotate-y,) var(--tw-rotate-z,) var(--tw-skew-x,) var(--tw-skew-y,)}.cursor-move{cursor:move}.cursor-pointer{cursor:pointer}.resize{resize:both}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.grid-cols-\\[72px_1fr\\]{grid-template-columns:72px 1fr}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-baseline{align-items:baseline}.items-center{align-items:center}.items-end{align-items:flex-end}.items-start{align-items:flex-start}.items-stretch{align-items:stretch}.justify-between{justify-content:space-between}.justify-center{justify-content:center}.gap-0{gap:calc(var(--spacing) * 0)}.gap-1{gap:calc(var(--spacing) * 1)}.gap-1\\.5{gap:calc(var(--spacing) * 1.5)}.gap-2{gap:calc(var(--spacing) * 2)}.gap-3{gap:calc(var(--spacing) * 3)}.gap-4{gap:calc(var(--spacing) * 4)}.gap-6{gap:calc(var(--spacing) * 6)}.gap-8{gap:calc(var(--spacing) * 8)}.gap-12{gap:calc(var(--spacing) * 12)}.gap-16{gap:calc(var(--spacing) * 16)}.gap-\\[0\\.65rem\\]{gap:.65rem}.gap-\\[2px\\]{gap:2px}.gap-\\[7px\\]{gap:7px}.gap-px{gap:1px}:where(.space-y-0\\.5>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * .5) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * .5) * calc(1 - var(--tw-space-y-reverse)))}.gap-x-3{column-gap:calc(var(--spacing) * 3)}.gap-x-6{column-gap:calc(var(--spacing) * 6)}.gap-y-1{row-gap:calc(var(--spacing) * 1)}.gap-y-2{row-gap:calc(var(--spacing) * 2)}.gap-y-3{row-gap:calc(var(--spacing) * 3)}.self-center{align-self:center}.truncate{text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.overflow-auto{overflow:auto}.overflow-y-auto{overflow-y:auto}.rounded{border-radius:.25rem}.rounded-\\[3px\\]{border-radius:3px}.rounded-\\[4px\\]{border-radius:4px}.rounded-full{border-radius:3.40282e38px}.rounded-sm{border-radius:var(--radius-sm)}.border{border-style:var(--tw-border-style);border-width:1px}.border-0{border-style:var(--tw-border-style);border-width:0}.border-t{border-top-style:var(--tw-border-style);border-top-width:1px}.border-b{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}.border-l-2{border-left-style:var(--tw-border-style);border-left-width:2px}.border-dashed{--tw-border-style:dashed;border-style:dashed}.bg-transparent{background-color:#0000}.p-0{padding:calc(var(--spacing) * 0)}.p-5{padding:calc(var(--spacing) * 5)}.p-6{padding:calc(var(--spacing) * 6)}.px-0{padding-inline:calc(var(--spacing) * 0)}.px-0\\.5{padding-inline:calc(var(--spacing) * .5)}.px-1{padding-inline:calc(var(--spacing) * 1)}.px-1\\.5{padding-inline:calc(var(--spacing) * 1.5)}.px-2{padding-inline:calc(var(--spacing) * 2)}.px-3{padding-inline:calc(var(--spacing) * 3)}.px-4{padding-inline:calc(var(--spacing) * 4)}.px-5{padding-inline:calc(var(--spacing) * 5)}.px-6{padding-inline:calc(var(--spacing) * 6)}.px-8{padding-inline:calc(var(--spacing) * 8)}.px-12{padding-inline:calc(var(--spacing) * 12)}.px-\\[5px\\]{padding-inline:5px}.px-\\[6px\\]{padding-inline:6px}.py-0\\.5{padding-block:calc(var(--spacing) * .5)}.py-1{padding-block:calc(var(--spacing) * 1)}.py-2{padding-block:calc(var(--spacing) * 2)}.py-2\\.5{padding-block:calc(var(--spacing) * 2.5)}.py-3{padding-block:calc(var(--spacing) * 3)}.py-4{padding-block:calc(var(--spacing) * 4)}.py-5{padding-block:calc(var(--spacing) * 5)}.py-6{padding-block:calc(var(--spacing) * 6)}.py-8{padding-block:calc(var(--spacing) * 8)}.py-12{padding-block:calc(var(--spacing) * 12)}.py-16{padding-block:calc(var(--spacing) * 16)}.py-\\[3px\\]{padding-block:3px}.py-px{padding-block:1px}.pt-0\\.5{padding-top:calc(var(--spacing) * .5)}.pt-1{padding-top:calc(var(--spacing) * 1)}.pt-2{padding-top:calc(var(--spacing) * 2)}.pt-5{padding-top:calc(var(--spacing) * 5)}.pt-7{padding-top:calc(var(--spacing) * 7)}.pt-8{padding-top:calc(var(--spacing) * 8)}.pt-12{padding-top:calc(var(--spacing) * 12)}.pr-0{padding-right:calc(var(--spacing) * 0)}.pr-2{padding-right:calc(var(--spacing) * 2)}.pr-3{padding-right:calc(var(--spacing) * 3)}.pr-6{padding-right:calc(var(--spacing) * 6)}.pb-1{padding-bottom:calc(var(--spacing) * 1)}.pb-1\\.5{padding-bottom:calc(var(--spacing) * 1.5)}.pb-4{padding-bottom:calc(var(--spacing) * 4)}.pb-5{padding-bottom:calc(var(--spacing) * 5)}.pb-6{padding-bottom:calc(var(--spacing) * 6)}.pb-8{padding-bottom:calc(var(--spacing) * 8)}.pb-12{padding-bottom:calc(var(--spacing) * 12)}.pl-0{padding-left:calc(var(--spacing) * 0)}.pl-3{padding-left:calc(var(--spacing) * 3)}.pl-4{padding-left:calc(var(--spacing) * 4)}.pl-\\[7px\\]{padding-left:7px}.text-center{text-align:center}.text-left{text-align:left}.text-right{text-align:right}.align-middle{vertical-align:middle}.align-top{vertical-align:top}.font-mono{font-family:var(--font-mono)}.font-sans{font-family:var(--font-sans)}.text-sm{font-size:var(--text-sm);line-height:var(--tw-leading,var(--text-sm--line-height))}.text-\\[9px\\]{font-size:9px}.text-\\[10px\\]{font-size:10px}.text-\\[11px\\]{font-size:11px}.text-\\[12px\\]{font-size:12px}.text-\\[13px\\]{font-size:13px}.text-\\[14px\\]{font-size:14px}.text-\\[15px\\]{font-size:15px}.text-\\[22px\\]{font-size:22px}.text-\\[28px\\]{font-size:28px}.text-\\[44px\\]{font-size:44px}.text-\\[72px\\]{font-size:72px}.text-\\[clamp\\(28px\\,5vw\\,52px\\)\\]{font-size:clamp(28px,5vw,52px)}.leading-\\[0\\.9\\]{--tw-leading:.9;line-height:.9}.leading-none{--tw-leading:1;line-height:1}.leading-snug{--tw-leading:var(--leading-snug);line-height:var(--leading-snug)}.leading-tight{--tw-leading:var(--leading-tight);line-height:var(--leading-tight)}.font-bold{--tw-font-weight:var(--font-weight-bold);font-weight:var(--font-weight-bold)}.font-light{--tw-font-weight:var(--font-weight-light);font-weight:var(--font-weight-light)}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.tracking-\\[-0\\.02em\\]{--tw-tracking:-.02em;letter-spacing:-.02em}.tracking-\\[0\\.1em\\]{--tw-tracking:.1em;letter-spacing:.1em}.tracking-\\[0\\.05em\\]{--tw-tracking:.05em;letter-spacing:.05em}.tracking-\\[0\\.08em\\]{--tw-tracking:.08em;letter-spacing:.08em}.tracking-\\[0\\.11em\\]{--tw-tracking:.11em;letter-spacing:.11em}.tracking-\\[0\\.12em\\]{--tw-tracking:.12em;letter-spacing:.12em}.tracking-\\[0\\.15em\\]{--tw-tracking:.15em;letter-spacing:.15em}.tracking-\\[0\\.16em\\]{--tw-tracking:.16em;letter-spacing:.16em}.tracking-\\[0\\.22em\\]{--tw-tracking:.22em;letter-spacing:.22em}.tracking-normal{--tw-tracking:var(--tracking-normal);letter-spacing:var(--tracking-normal)}.tracking-tight{--tw-tracking:var(--tracking-tight);letter-spacing:var(--tracking-tight)}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.whitespace-nowrap{white-space:nowrap}.capitalize{text-transform:capitalize}.lowercase{text-transform:lowercase}.normal-case{text-transform:none}.uppercase{text-transform:uppercase}.italic{font-style:italic}.tabular-nums{--tw-numeric-spacing:tabular-nums;font-variant-numeric:var(--tw-ordinal,) var(--tw-slashed-zero,) var(--tw-numeric-figure,) var(--tw-numeric-spacing,) var(--tw-numeric-fraction,)}.no-underline{text-decoration-line:none}.opacity-40{opacity:.4}.opacity-70{opacity:.7}.shadow{--tw-shadow:0 1px 3px 0 var(--tw-shadow-color,#0000001a), 0 1px 2px -1px var(--tw-shadow-color,#0000001a);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_4px_12px_rgba\\(0\\,0\\,0\\,0\\.08\\)\\]{--tw-shadow:0 4px 12px var(--tw-shadow-color,#00000014);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_8px_24px_rgba\\(0\\,0\\,0\\,0\\.12\\)\\]{--tw-shadow:0 8px 24px var(--tw-shadow-color,#0000001f);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.ring{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.outline{outline-style:var(--tw-outline-style);outline-width:1px}.outline-0{outline-style:var(--tw-outline-style);outline-width:0}.blur{--tw-blur:blur(8px);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.invert{--tw-invert:invert(100%);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.filter{filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.backdrop-blur-sm{--tw-backdrop-blur:blur(var(--blur-sm));-webkit-backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,);backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-colors{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.duration-150{--tw-duration:.15s;transition-duration:.15s}.select-none{-webkit-user-select:none;user-select:none}.group-data-\\[state\\=off\\]\\:opacity-30:is(:where(.group)[data-state=off] *){opacity:.3}.before\\:absolute:before{content:var(--tw-content);position:absolute}.before\\:left-0:before{content:var(--tw-content);left:calc(var(--spacing) * 0)}.before\\:content-\\[\\'→\\'\\]:before{--tw-content:"→";content:var(--tw-content)}.after\\:ml-auto:after{content:var(--tw-content);margin-left:auto}.after\\:font-mono:after{content:var(--tw-content);font-family:var(--font-mono)}.after\\:text-\\[9px\\]:after{content:var(--tw-content);font-size:9px}.after\\:tracking-\\[0\\.1em\\]:after{content:var(--tw-content);--tw-tracking:.1em;letter-spacing:.1em}.after\\:content-\\[\\'ON\\'\\]:after{--tw-content:"ON";content:var(--tw-content)}.last\\:border-b-0:last-child{border-bottom-style:var(--tw-border-style);border-bottom-width:0}@media (hover:hover){.hover\\:text-white:hover{color:var(--color-white)}.hover\\:opacity-90:hover{opacity:.9}}.focus-visible\\:ring-1:focus-visible{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.focus-visible\\:outline-none:focus-visible{--tw-outline-style:none;outline-style:none}.disabled\\:pointer-events-none:disabled{pointer-events:none}.disabled\\:opacity-40:disabled{opacity:.4}.data-\\[open\\=false\\]\\:hidden[data-open=false]{display:none}.data-\\[pinned\\=true\\]\\:pointer-events-auto[data-pinned=true]{pointer-events:auto}.data-\\[state\\=off\\]\\:line-through[data-state=off]{text-decoration-line:line-through}.data-\\[state\\=off\\]\\:after\\:content-\\[\\'OFF\\'\\][data-state=off]:after{--tw-content:"OFF";content:var(--tw-content)}@media (min-width:40rem){.sm\\:min-w-\\[320px\\]{min-width:320px}}@media (min-width:48rem){.md\\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.md\\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.md\\:grid-cols-\\[1\\.4fr_1fr\\]{grid-template-columns:1.4fr 1fr}}.\\[\\&_svg\\]\\:size-\\[14px\\] svg{width:14px;height:14px}.\\[\\&_svg\\]\\:shrink-0 svg{flex-shrink:0}.\\[\\&_tr\\]\\:border-b-0 tr{border-bottom-style:var(--tw-border-style);border-bottom-width:0}.\\[\\&\\>\\*\\+\\*\\]\\:ml-6>*+*{margin-left:calc(var(--spacing) * 6)}.\\[\\&\\>\\*\\+\\*\\]\\:border-l>*+*{border-left-style:var(--tw-border-style);border-left-width:1px}.\\[\\&\\>\\*\\+\\*\\]\\:pl-6>*+*{padding-left:calc(var(--spacing) * 6)}.\\[\\&\\>td\\]\\:border-b>td{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}}@property --tw-rotate-x{syntax:"*";inherits:false}@property --tw-rotate-y{syntax:"*";inherits:false}@property --tw-rotate-z{syntax:"*";inherits:false}@property --tw-skew-x{syntax:"*";inherits:false}@property --tw-skew-y{syntax:"*";inherits:false}@property --tw-space-y-reverse{syntax:"*";inherits:false;initial-value:0}@property --tw-border-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-leading{syntax:"*";inherits:false}@property --tw-font-weight{syntax:"*";inherits:false}@property --tw-tracking{syntax:"*";inherits:false}@property --tw-ordinal{syntax:"*";inherits:false}@property --tw-slashed-zero{syntax:"*";inherits:false}@property --tw-numeric-figure{syntax:"*";inherits:false}@property --tw-numeric-spacing{syntax:"*";inherits:false}@property --tw-numeric-fraction{syntax:"*";inherits:false}@property --tw-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-shadow-color{syntax:"*";inherits:false}@property --tw-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-inset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-shadow-color{syntax:"*";inherits:false}@property --tw-inset-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-ring-color{syntax:"*";inherits:false}@property --tw-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-ring-color{syntax:"*";inherits:false}@property --tw-inset-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-ring-inset{syntax:"*";inherits:false}@property --tw-ring-offset-width{syntax:"<length>";inherits:false;initial-value:0}@property --tw-ring-offset-color{syntax:"*";inherits:false;initial-value:#fff}@property --tw-ring-offset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-outline-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-blur{syntax:"*";inherits:false}@property --tw-brightness{syntax:"*";inherits:false}@property --tw-contrast{syntax:"*";inherits:false}@property --tw-grayscale{syntax:"*";inherits:false}@property --tw-hue-rotate{syntax:"*";inherits:false}@property --tw-invert{syntax:"*";inherits:false}@property --tw-opacity{syntax:"*";inherits:false}@property --tw-saturate{syntax:"*";inherits:false}@property --tw-sepia{syntax:"*";inherits:false}@property --tw-drop-shadow{syntax:"*";inherits:false}@property --tw-drop-shadow-color{syntax:"*";inherits:false}@property --tw-drop-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-drop-shadow-size{syntax:"*";inherits:false}@property --tw-backdrop-blur{syntax:"*";inherits:false}@property --tw-backdrop-brightness{syntax:"*";inherits:false}@property --tw-backdrop-contrast{syntax:"*";inherits:false}@property --tw-backdrop-grayscale{syntax:"*";inherits:false}@property --tw-backdrop-hue-rotate{syntax:"*";inherits:false}@property --tw-backdrop-invert{syntax:"*";inherits:false}@property --tw-backdrop-opacity{syntax:"*";inherits:false}@property --tw-backdrop-saturate{syntax:"*";inherits:false}@property --tw-backdrop-sepia{syntax:"*";inherits:false}@property --tw-duration{syntax:"*";inherits:false}@property --tw-content{syntax:"*";inherits:false;initial-value:""}`,hi=Object.defineProperty,ee=j((e,t)=>hi(e,"name",{value:t,configurable:!0}),"d$1");const vi=mi,S=ee(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;"),"escapeHtml"),wi={major:"major bump","minor-patch":"safe",unknown:"no fix"},yi=ee((e,t)=>{if(t.length===0)return{kind:"unknown",label:"no fix"};const a=T.coerce(e);if(!a)return{kind:"unknown",label:"non-semver"};let i,r;for(const n of t){const o=T.coerce(n);if(!o)continue;const c=T.diff(a,o);c==="major"||c==="premajor"?i||(i=n):(c==="minor"||c==="patch"||c==="preminor"||c==="prepatch")&&!r&&(r=n)}return r?{kind:"minor-patch",label:`safe to ${r}`}:i?{kind:"major",label:`requires major bump to ${i}`}:{kind:"unknown",label:"no usable fix"}},"breakingMarker"),bi=new Map([["are you at risk","RISK"],["what it is","VECTOR"],["what to do","ACTION"]]),xi=ee(e=>e.split(`
33
+ `).map(t=>{const a=t.trim();if(!a)return"";const i=a.match(/^([^:]{2,40}):\s*(.+)$/u);if(i?.[1]&&i[2]){const r=bi.get(i[1].trim().toLowerCase())??i[1].trim().toUpperCase();return`<div class="intel-line grid grid-cols-[72px_1fr] items-start gap-4"><span class="intel-key pt-0.5 text-[9px] font-bold uppercase">${S(r)}</span><span class="intel-val text-[13px]">${S(i[2].trim())}</span></div>`}return`<div class="intel-line intel-prose grid items-start gap-4"><span class="intel-val text-[13px]">${S(a)}</span></div>`}).join(""),"renderExplanation"),ki='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"/></svg>',$i='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><circle cx="12" cy="12" r="4"/><path d="M12 2v2m0 16v2M4.93 4.93l1.41 1.41m11.32 11.32 1.41 1.41M2 12h2m16 0h2M4.93 19.07l1.41-1.41m11.32-11.32 1.41-1.41"/></svg>',K="px-3 py-3 text-left align-middle",q="sticky top-0 z-[2] px-3 py-3 text-left text-[10px] font-medium uppercase whitespace-nowrap select-none",J="px-3 py-3 text-left text-[10px] font-medium uppercase",Si=ee(e=>`<ul class="dep-paths flex flex-col gap-2 px-3 py-3">${e.map(t=>`<li class="dep-path flex flex-wrap items-center gap-y-1">${t.map((a,i)=>{const r=`${a.name}@${a.version}`,n=i<t.length-1?'<span class="dep-arrow muted px-1">→</span>':"";return`<code class="dep-node text-[12px]">${S(r)}</code>${n}`}).join("")}</li>`).join("")}</ul>`,"renderDependencyPaths"),Ai=ee(e=>{const{acknowledged:t,dependencyPaths:a,explanation:i,packageName:r,packageVersion:n,remediation:o,vulnerability:c}=e,{severity:l}=c,d=yi(n,c.fixedVersions),m=c.fixedVersions.length>0?c.fixedVersions.join(", "):"—",b=o?`<code class="copyable" data-cmd="${S(o)}" title="Click to copy">${S(o)}</code>`:'<span class="muted">advisory only</span>',h=`data-severity="${l}" data-package="${S(r)}" data-advisory="${S(c.id)}"`,w=`<tr class="${t?"finding-row ack-row":"finding-row"}" ${h}>
34
34
  <td class="sev-cell whitespace-nowrap ${K}"><span class="badge badge-${l.toLowerCase()} inline-flex items-center gap-[7px] rounded-[3px] py-1 pr-2 pl-[7px] text-[9px] font-bold uppercase">${l}</span></td>
35
- <td class="${K}"><span class="marker marker-${d.kind} inline-block whitespace-nowrap align-middle text-[9px] font-bold uppercase" title="${S(d.label)}">${ki[d.kind]}</span></td>
35
+ <td class="${K}"><span class="marker marker-${d.kind} inline-block whitespace-nowrap align-middle text-[9px] font-bold uppercase" title="${S(d.label)}">${wi[d.kind]}</span></td>
36
36
  <td class="${K}"><code class="pkg font-medium">${S(r)}</code></td>
37
37
  <td class="${K}"><code class="ver whitespace-nowrap">${S(n)}</code></td>
38
38
  <td class="adv-cell whitespace-nowrap ${K}"><a href="${S(V(c.id))}" class="text-[12px] no-underline" rel="noreferrer noopener" target="_blank">${S(c.id)}</a>${t?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">acknowledged</span>':""}</td>
@@ -40,22 +40,22 @@ ${m}`,ft(r,d),i.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.y
40
40
  <td class="${K}"><code class="fix whitespace-nowrap">${S(m)}</code></td>
41
41
  <td class="${K}">${b}</td>
42
42
  </tr>`,y=a&&a.length>0?`<tr class="paths-row" ${h}>
43
- <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ DEPENDENCY PATHS ]</span><span class="intel-hint text-[9px] uppercase">${String(a.length)} root${a.length===1?"":"s"} reach this finding · click to expand</span></summary>${ji(a)}</details></td>
43
+ <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ DEPENDENCY PATHS ]</span><span class="intel-hint text-[9px] uppercase">${String(a.length)} root${a.length===1?"":"s"} reach this finding · click to expand</span></summary>${Si(a)}</details></td>
44
44
  </tr>`:"";return i?`${w}${y}
45
45
  <tr class="explain-row" ${h}>
46
- <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ AI INTEL ]</span><span class="intel-hint text-[9px] uppercase">threat analysis · click to expand</span></summary><div class="explain-body grid gap-3 px-3 pt-1 pb-4">${Ai(i)}</div></details></td>
47
- </tr>`:`${w}${y}`},"renderRow"),Ii=ee(e=>{const t=e.now??new Date,a=[...e.findings].sort(Et),i={CRITICAL:0,HIGH:0,LOW:0,MODERATE:0,UNKNOWN:0};let r=0,n=0;for(const x of a)i[x.vulnerability.severity??"UNKNOWN"]+=1,x.acknowledged||(n+=1,x.vulnerability.fixedVersions.length>0&&(r+=1));const o=a.map(x=>Ri(x)).join(`
48
- `),c=a.length===0,l=gi.filter(x=>i[x]>0).map(x=>`<div class="dseg dseg-sev dseg-${x.toLowerCase()}"><span class="dk text-[10px] font-medium uppercase">${x}</span><span class="dv text-[22px]">${String(i[x])}</span></div>`),d=!c&&n>0?`<div class="dseg dseg-fixable"><span class="dk text-[10px] font-medium uppercase">fixable</span><span class="dv text-[22px]">${String(r)}<span class="dvsep mx-1 font-light">/</span>${String(n)}</span></div>`:"",m=[`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">scanned</span><span class="dv text-[22px]">${String(e.packagesScanned)}</span></div>`,`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">findings</span><span class="dv text-[22px]"><span id="shown">${String(a.length)}</span>${c?"":`<span class="dvsep mx-1 font-light">/</span>${String(a.length)}`}</span></div>`,d,l.length>0?'<span class="flex-auto"></span>':"",...l,c?'<div class="dseg dseg-ok"><span class="dot inline-block size-[7px] self-center"></span><span class="dk text-[10px] font-medium uppercase">status</span><span class="dv text-[22px]">CLEAN</span></div>':""].join(""),b=c?"ok":i.CRITICAL>0?"crit":i.HIGH>0?"high":"warn",h=[...e.report?.duplicates??[]].sort((x,j)=>x.name.localeCompare(j.name)),w=h.map(x=>`<tr>
46
+ <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ AI INTEL ]</span><span class="intel-hint text-[9px] uppercase">threat analysis · click to expand</span></summary><div class="explain-body grid gap-3 px-3 pt-1 pb-4">${xi(i)}</div></details></td>
47
+ </tr>`:`${w}${y}`},"renderRow"),Ni=ee(e=>{const t=e.now??new Date,a=[...e.findings].sort(Et),i={CRITICAL:0,HIGH:0,LOW:0,MODERATE:0,UNKNOWN:0};let r=0,n=0;for(const x of a)i[x.vulnerability.severity??"UNKNOWN"]+=1,x.acknowledged||(n+=1,x.vulnerability.fixedVersions.length>0&&(r+=1));const o=a.map(x=>Ai(x)).join(`
48
+ `),c=a.length===0,l=ci.filter(x=>i[x]>0).map(x=>`<div class="dseg dseg-sev dseg-${x.toLowerCase()}"><span class="dk text-[10px] font-medium uppercase">${x}</span><span class="dv text-[22px]">${String(i[x])}</span></div>`),d=!c&&n>0?`<div class="dseg dseg-fixable"><span class="dk text-[10px] font-medium uppercase">fixable</span><span class="dv text-[22px]">${String(r)}<span class="dvsep mx-1 font-light">/</span>${String(n)}</span></div>`:"",m=[`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">scanned</span><span class="dv text-[22px]">${String(e.packagesScanned)}</span></div>`,`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">findings</span><span class="dv text-[22px]"><span id="shown">${String(a.length)}</span>${c?"":`<span class="dvsep mx-1 font-light">/</span>${String(a.length)}`}</span></div>`,d,l.length>0?'<span class="flex-auto"></span>':"",...l,c?'<div class="dseg dseg-ok"><span class="dot inline-block size-[7px] self-center"></span><span class="dk text-[10px] font-medium uppercase">status</span><span class="dv text-[22px]">CLEAN</span></div>':""].join(""),b=c?"ok":i.CRITICAL>0?"crit":i.HIGH>0?"high":"warn",h=[...e.report?.duplicates??[]].sort((x,R)=>x.name.localeCompare(R.name)),w=h.map(x=>`<tr>
49
49
  <td class="px-3 py-3 align-top"><code class="font-medium">${S(x.name)}</code></td>
50
50
  <td class="px-3 py-3 align-top text-[12px] font-medium tabular-nums">${String(x.versionCount)}</td>
51
- <td class="px-3 py-3 align-top"><code class="text-[12px]">${x.versions.map(j=>S(j)).join(", ")}</code></td>
51
+ <td class="px-3 py-3 align-top"><code class="text-[12px]">${x.versions.map(R=>S(R)).join(", ")}</code></td>
52
52
  </tr>`).join(`
53
- `),y=(e.policyDecisions??[]).filter(x=>x.policy!=="vulnerability"),g=[...y].sort((x,j)=>{const M=ee(fe=>fe==="block"?0:fe==="warn"?1:2,"rank");return M(x.severity)-M(j.severity)||x.policy.localeCompare(j.policy)||x.packageName.localeCompare(j.packageName)}).map(x=>{const j=x.acceptedRisk?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">[acknowledged]</span>':"";return`<tr>
53
+ `),y=(e.policyDecisions??[]).filter(x=>x.policy!=="vulnerability"),g=[...y].sort((x,R)=>{const M=ee(fe=>fe==="block"?0:fe==="warn"?1:2,"rank");return M(x.severity)-M(R.severity)||x.policy.localeCompare(R.policy)||x.packageName.localeCompare(R.packageName)}).map(x=>{const R=x.acceptedRisk?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">[acknowledged]</span>':"";return`<tr>
54
54
  <td class="px-3 py-3 align-top"><span class="policy-badge policy-${x.severity} inline-flex items-center gap-[7px] rounded-[3px] py-1 pr-2 pl-[7px] text-[10px] font-bold uppercase">${x.severity.toUpperCase()}</span></td>
55
55
  <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.policy)}</code></td>
56
56
  <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.packageName)}</code></td>
57
57
  <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.version)}</code></td>
58
- <td class="px-3 py-3 align-top">${S(x.reason)}${j}</td>
58
+ <td class="px-3 py-3 align-top">${S(x.reason)}${R}</td>
59
59
  </tr>`}).join(`
60
60
  `),$=e.report?`
61
61
  <script type="application/json" id="vis-audit-report">${JSON.stringify(e.report).replaceAll("</",String.raw`<\/`)}<\/script>`:"";return`<!doctype html>
@@ -64,15 +64,15 @@ ${m}`,ft(r,d),i.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.y
64
64
  <meta charset="utf-8">
65
65
  <meta name="viewport" content="width=device-width, initial-scale=1">
66
66
  <title>vis audit · ${S(t.toISOString().slice(0,10))}</title>
67
- <style>${xi}</style>${$}
67
+ <style>${vi}</style>${$}
68
68
  </head>
69
69
  <body>
70
70
  <main class="mx-auto max-w-[1080px]">
71
71
  <header class="masthead flex flex-wrap items-end gap-4 px-0 pt-8 pb-5">
72
- <div class="brand leading-none tracking-tight">${(()=>{const[x,...j]=e.tool.name.split("-");return j.length>0?`${S(x??e.tool.name)}<span class="slash mx-[0.12em] font-light">/</span>${S(j.join("-"))}`:S(e.tool.name)})()}<span class="sub mt-3 block text-[11px] font-medium uppercase">dependency security report</span></div>
72
+ <div class="brand leading-none tracking-tight">${(()=>{const[x,...R]=e.tool.name.split("-");return R.length>0?`${S(x??e.tool.name)}<span class="slash mx-[0.12em] font-light">/</span>${S(R.join("-"))}`:S(e.tool.name)})()}<span class="sub mt-3 block text-[11px] font-medium uppercase">dependency security report</span></div>
73
73
  <span class="flex-auto"></span>
74
74
  <span class="chip inline-flex h-7 items-center justify-center rounded-[4px] px-3 text-[11px] font-medium uppercase">v${S(e.tool.version)}</span>
75
- <button id="theme" class="tbtn tbtn-theme inline-flex h-7 cursor-pointer items-center justify-center rounded-[4px] bg-transparent px-3 text-[11px] font-medium uppercase" type="button" aria-label="Toggle color theme" title="Toggle color theme"><span class="ticon ticon-moon inline-flex items-center justify-center">${Ni}</span><span class="ticon ticon-sun inline-flex items-center justify-center">${Ci}</span></button>
75
+ <button id="theme" class="tbtn tbtn-theme inline-flex h-7 cursor-pointer items-center justify-center rounded-[4px] bg-transparent px-3 text-[11px] font-medium uppercase" type="button" aria-label="Toggle color theme" title="Toggle color theme"><span class="ticon ticon-moon inline-flex items-center justify-center">${ki}</span><span class="ticon ticon-sun inline-flex items-center justify-center">${$i}</span></button>
76
76
  </header>
77
77
  ${c?"":`<section class="verdict verdict-${b} flex flex-wrap items-baseline gap-x-6 gap-y-1"><span class="vnum font-light">${String(a.length)}</span><span class="vsub text-[12px] uppercase">${a.length===1?"vulnerability detected":"vulnerabilities detected"}</span></section>`}
78
78
  <div class="debugbar flex flex-wrap items-stretch gap-0 pt-7 pb-1">${m}</div>
@@ -278,23 +278,23 @@ ${w}
278
278
  <\/script>
279
279
  </body>
280
280
  </html>
281
- `},"emitAuditHtml");var Ei=Object.defineProperty,Xe=R((e,t)=>Ei(e,"name",{value:t,configurable:!0}),"u$1");const Oi={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},He=Xe((e,t)=>`pkg:npm/${e}@${t}`,"productId"),wt=Xe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),Pi=Xe(e=>{const t=e.now??new Date,a=t.toISOString(),i=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,r=[...wt(e.findings,o=>o.packageName).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>({branches:[...new Set(c.map(l=>l.packageVersion))].sort().map(l=>{const d=He(o,l);return{category:"product_version",name:l,product:{name:`${o}@${l}`,product_id:d,product_identification_helper:{purl:d}}}}),category:"product_name",name:o})),n=[...wt(e.findings,o=>o.vulnerability.id).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>{const l=c[0].vulnerability,d=[...new Set(c.map($=>He($.packageName,$.packageVersion)))].sort(),m=o.startsWith("CVE-"),b=[o,...l.aliases??[]],h=m?o:b.find($=>$.startsWith("CVE-")),w=b.filter($=>$!==h).map($=>({system_name:$.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:$})),y=Ze(l),g=c.filter($=>$.acknowledged).map($=>He($.packageName,$.packageVersion));return{...h?{cve:h}:{},...w.length>0?{ids:w}:{},notes:[{category:"description",text:l.summary||`Advisory ${o}`,title:"Advisory description"}],product_status:{known_affected:d},references:[{category:"external",summary:`${o} advisory record`,url:V(o)}],scores:[{cvss_v3:{baseScore:y,baseSeverity:Oi[l.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:d}],title:l.summary.split(`
282
- `)[0]?.slice(0,200)||o,...g.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:g}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${i}`,tracking:{current_release_date:a,id:i,initial_release_date:a,revision_history:[{date:a,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...r.length>0?{product_tree:{branches:r}}:{},...n.length>0?{vulnerabilities:n}:{}}},"emitCsaf");var Di=Object.defineProperty,Qe=R((e,t)=>Di(e,"name",{value:t,configurable:!0}),"l$2");const Li={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},yt=Qe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),Mi=Qe((e,t=new Date)=>{const a=yt(e,r=>r.vulnerability.id),i=t.toISOString();return[...a.entries()].sort(([r],[n])=>r.localeCompare(n)).map(([r,n])=>{const o=n[0].vulnerability,c=Li[o.severity]??"unknown",l=Ze(o),d=[...yt(n,y=>y.packageName).entries()].sort(([y],[g])=>y.localeCompare(g)).map(([y,g])=>{const $=[...new Set(g.map(x=>x.packageVersion))].sort();return{ref:ja(y,$[0]),versions:$.map(x=>({status:"affected",version:x}))}}),m=(o.aliases??[]).filter(y=>y!==r).map(y=>({id:y,source:{name:je(y),url:V(y)}})),b=n.some(y=>y.acknowledged),h=n.every(y=>y.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:b?{state:"in_triage"}:void 0,w=o.fixedVersions??[];return{"bom-ref":`vuln:${r}`,id:r,source:{name:je(r),url:V(r)},...m.length>0?{references:m}:{},description:o.summary||`Advisory ${r}`,ratings:[{method:"CVSSv31",score:l,severity:c,source:{name:je(r),url:V(r)}}],...w.length>0?{recommendation:`Upgrade to one of: ${w.join(", ")}`}:{},affects:d,created:i,published:i,...h?{analysis:h}:{}}})},"buildCycloneDxVulnerabilities"),Ti=Qe(e=>{const t=Mi(e.findings,e.now);return{...e.bom,vulnerabilities:t}},"emitCycloneDxVex");var Vi=Object.defineProperty,et=R((e,t)=>Vi(e,"name",{value:t,configurable:!0}),"c$2");const Lt="15.2.1",zi=`https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v${Lt}/dist/dependency-scanning-report-format.json`,Wi={CRITICAL:"Critical",HIGH:"High",LOW:"Low",MODERATE:"Medium",UNKNOWN:"Unknown"},_i={block:"High",info:"Info",warn:"Medium"},Fi=Uint8Array.from([107,167,184,18,157,173,17,209,128,180,0,192,79,212,48,200]),bt=et(e=>{const t=Ia("sha1");t.update(Fi),t.update(e,"utf8");const a=t.digest();a[6]=(a[6]??0)&15|80,a[8]=(a[8]??0)&63|128;const i=a.subarray(0,16).toString("hex");return`${i.slice(0,8)}-${i.slice(8,12)}-${i.slice(12,16)}-${i.slice(16,20)}-${i.slice(20,32)}`},"uuidV5"),xt=et(e=>e.startsWith("CVE-")?{name:e,type:"cve",url:V(e),value:e}:e.startsWith("GHSA-")?{name:e,type:"ghsa",url:V(e),value:e}:{name:e,type:"osv",url:V(e),value:e},"identifierFromAdvisoryId"),Ui=et(e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),a=e.artifactUri??(Ot(e.workspaceRoot,`${e.workspaceRoot}/package.json`)||"package.json"),i=[];for(const r of e.findings){const{acknowledged:n,packageName:o,packageVersion:c,vulnerability:l}=r,d=[xt(l.id)];for(const w of l.aliases??[])w!==l.id&&d.push(xt(w));const m=[{name:`${je(l.id)} advisory`,url:V(l.id)}],b=l.summary||`Advisory ${l.id}`,h=l.fixedVersions.length>0?`Upgrade ${o} to ${l.fixedVersions.join(" or ")}`:void 0;i.push({description:b,...n?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${l.id}|${o}@${c}`),identifiers:d,links:m,location:{dependency:{package:{name:o},version:c},file:a},name:`${l.id}: ${o}@${c}`,severity:Wi[l.severity],...h?{solution:h}:{}})}for(const r of e.policyDecisions??[]){if(r.policy==="vulnerability")continue;const n=`vis.policy.${r.policy}`;i.push({description:r.reason,...r.acceptedRisk?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${n}|${r.packageName}@${r.version}`),identifiers:[{name:n,type:"vis_policy",url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`,value:n}],links:[{name:`vis policy: ${r.policy}`,url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`}],location:{dependency:{package:{name:r.packageName},version:r.version},file:a},name:`vis policy '${r.policy}': ${r.packageName}@${r.version}`,severity:_i[r.severity]})}return{scan:{analyzer:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},end_time:t,scanner:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},start_time:t,status:"success",type:"dependency_scanning"},schema:zi,version:Lt,vulnerabilities:i}},"emitGitlabDepScan");var Hi=Object.defineProperty,ue=R((e,t)=>Hi(e,"name",{value:t,configurable:!0}),"p$1");const Q=ue(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&apos;"),"escapeAttribute"),kt=ue(e=>`<![CDATA[${e.replaceAll("]]>","]]]]><![CDATA[>")}]]>`,"cdata"),Gi=ue(e=>{let t="";return e.status==="skipped"?t=` <skipped/>
281
+ `},"emitAuditHtml");var Ci=Object.defineProperty,Xe=j((e,t)=>Ci(e,"name",{value:t,configurable:!0}),"u$1");const Ri={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},He=Xe((e,t)=>`pkg:npm/${e}@${t}`,"productId"),wt=Xe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),ji=Xe(e=>{const t=e.now??new Date,a=t.toISOString(),i=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,r=[...wt(e.findings,o=>o.packageName).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>({branches:[...new Set(c.map(l=>l.packageVersion))].sort().map(l=>{const d=He(o,l);return{category:"product_version",name:l,product:{name:`${o}@${l}`,product_id:d,product_identification_helper:{purl:d}}}}),category:"product_name",name:o})),n=[...wt(e.findings,o=>o.vulnerability.id).entries()].sort(([o],[c])=>o.localeCompare(c)).map(([o,c])=>{const l=c[0].vulnerability,d=[...new Set(c.map($=>He($.packageName,$.packageVersion)))].sort(),m=o.startsWith("CVE-"),b=[o,...l.aliases??[]],h=m?o:b.find($=>$.startsWith("CVE-")),w=b.filter($=>$!==h).map($=>({system_name:$.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:$})),y=Ze(l),g=c.filter($=>$.acknowledged).map($=>He($.packageName,$.packageVersion));return{...h?{cve:h}:{},...w.length>0?{ids:w}:{},notes:[{category:"description",text:l.summary||`Advisory ${o}`,title:"Advisory description"}],product_status:{known_affected:d},references:[{category:"external",summary:`${o} advisory record`,url:V(o)}],scores:[{cvss_v3:{baseScore:y,baseSeverity:Ri[l.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:d}],title:l.summary.split(`
282
+ `)[0]?.slice(0,200)||o,...g.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:g}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${i}`,tracking:{current_release_date:a,id:i,initial_release_date:a,revision_history:[{date:a,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...r.length>0?{product_tree:{branches:r}}:{},...n.length>0?{vulnerabilities:n}:{}}},"emitCsaf");var Ii=Object.defineProperty,Qe=j((e,t)=>Ii(e,"name",{value:t,configurable:!0}),"l$2");const Ei={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},yt=Qe((e,t)=>{const a=new Map;for(const i of e){const r=t(i),n=a.get(r);n?n.push(i):a.set(r,[i])}return a},"groupBy"),Oi=Qe((e,t=new Date)=>{const a=yt(e,r=>r.vulnerability.id),i=t.toISOString();return[...a.entries()].sort(([r],[n])=>r.localeCompare(n)).map(([r,n])=>{const o=n[0].vulnerability,c=Ei[o.severity]??"unknown",l=Ze(o),d=[...yt(n,y=>y.packageName).entries()].sort(([y],[g])=>y.localeCompare(g)).map(([y,g])=>{const $=[...new Set(g.map(x=>x.packageVersion))].sort();return{ref:Ra(y,$[0]),versions:$.map(x=>({status:"affected",version:x}))}}),m=(o.aliases??[]).filter(y=>y!==r).map(y=>({id:y,source:{name:Re(y),url:V(y)}})),b=n.some(y=>y.acknowledged),h=n.every(y=>y.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:b?{state:"in_triage"}:void 0,w=o.fixedVersions??[];return{"bom-ref":`vuln:${r}`,id:r,source:{name:Re(r),url:V(r)},...m.length>0?{references:m}:{},description:o.summary||`Advisory ${r}`,ratings:[{method:"CVSSv31",score:l,severity:c,source:{name:Re(r),url:V(r)}}],...w.length>0?{recommendation:`Upgrade to one of: ${w.join(", ")}`}:{},affects:d,created:i,published:i,...h?{analysis:h}:{}}})},"buildCycloneDxVulnerabilities"),Pi=Qe(e=>{const t=Oi(e.findings,e.now);return{...e.bom,vulnerabilities:t}},"emitCycloneDxVex");var Di=Object.defineProperty,et=j((e,t)=>Di(e,"name",{value:t,configurable:!0}),"c$2");const Lt="15.2.1",Li=`https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v${Lt}/dist/dependency-scanning-report-format.json`,Mi={CRITICAL:"Critical",HIGH:"High",LOW:"Low",MODERATE:"Medium",UNKNOWN:"Unknown"},Ti={block:"High",info:"Info",warn:"Medium"},Vi=Uint8Array.from([107,167,184,18,157,173,17,209,128,180,0,192,79,212,48,200]),bt=et(e=>{const t=Ia("sha1");t.update(Vi),t.update(e,"utf8");const a=t.digest();a[6]=(a[6]??0)&15|80,a[8]=(a[8]??0)&63|128;const i=a.subarray(0,16).toString("hex");return`${i.slice(0,8)}-${i.slice(8,12)}-${i.slice(12,16)}-${i.slice(16,20)}-${i.slice(20,32)}`},"uuidV5"),xt=et(e=>e.startsWith("CVE-")?{name:e,type:"cve",url:V(e),value:e}:e.startsWith("GHSA-")?{name:e,type:"ghsa",url:V(e),value:e}:{name:e,type:"osv",url:V(e),value:e},"identifierFromAdvisoryId"),zi=et(e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),a=e.artifactUri??(Ot(e.workspaceRoot,`${e.workspaceRoot}/package.json`)||"package.json"),i=[];for(const r of e.findings){const{acknowledged:n,packageName:o,packageVersion:c,vulnerability:l}=r,d=[xt(l.id)];for(const w of l.aliases??[])w!==l.id&&d.push(xt(w));const m=[{name:`${Re(l.id)} advisory`,url:V(l.id)}],b=l.summary||`Advisory ${l.id}`,h=l.fixedVersions.length>0?`Upgrade ${o} to ${l.fixedVersions.join(" or ")}`:void 0;i.push({description:b,...n?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${l.id}|${o}@${c}`),identifiers:d,links:m,location:{dependency:{package:{name:o},version:c},file:a},name:`${l.id}: ${o}@${c}`,severity:Mi[l.severity],...h?{solution:h}:{}})}for(const r of e.policyDecisions??[]){if(r.policy==="vulnerability")continue;const n=`vis.policy.${r.policy}`;i.push({description:r.reason,...r.acceptedRisk?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:bt(`vis-audit|${n}|${r.packageName}@${r.version}`),identifiers:[{name:n,type:"vis_policy",url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`,value:n}],links:[{name:`vis policy: ${r.policy}`,url:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`}],location:{dependency:{package:{name:r.packageName},version:r.version},file:a},name:`vis policy '${r.policy}': ${r.packageName}@${r.version}`,severity:Ti[r.severity]})}return{scan:{analyzer:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},end_time:t,scanner:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},start_time:t,status:"success",type:"dependency_scanning"},schema:Li,version:Lt,vulnerabilities:i}},"emitGitlabDepScan");var Wi=Object.defineProperty,ue=j((e,t)=>Wi(e,"name",{value:t,configurable:!0}),"p$1");const Q=ue(e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&apos;"),"escapeAttribute"),kt=ue(e=>`<![CDATA[${e.replaceAll("]]>","]]]]><![CDATA[>")}]]>`,"cdata"),_i=ue(e=>{let t="";return e.status==="skipped"?t=` <skipped/>
283
283
  `:e.status==="failure"?t=` <failure type="${Q(e.failureType)}" message="${Q(e.failureMessage)}">${kt(e.failureText)}</failure>
284
284
  `:e.systemOut!==void 0&&(t=` <system-out>${kt(e.systemOut)}</system-out>
285
285
  `),` <testcase classname="${Q(e.classname)}" name="${Q(e.name)}">
286
286
  ${t} </testcase>
287
- `},"renderTestcase"),$t=ue((e,t,a)=>{const i=t.filter(c=>c.status==="failure").length,r=t.filter(c=>c.status==="skipped").length,n=t.length,o=t.map(c=>Gi(c)).join("");return` <testsuite name="${Q(e)}" tests="${String(n)}" failures="${String(i)}" skipped="${String(r)}" errors="0" timestamp="${Q(a)}" time="0">
287
+ `},"renderTestcase"),$t=ue((e,t,a)=>{const i=t.filter(c=>c.status==="failure").length,r=t.filter(c=>c.status==="skipped").length,n=t.length,o=t.map(c=>_i(c)).join("");return` <testsuite name="${Q(e)}" tests="${String(n)}" failures="${String(i)}" skipped="${String(r)}" errors="0" timestamp="${Q(a)}" time="0">
288
288
  ${o} </testsuite>
289
- `},"renderTestsuite"),Bi=ue(e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),a=e.suiteName??"vis-audit",i=e.findings.map(d=>{const{acknowledged:m,packageName:b,packageVersion:h,vulnerability:w}=d,y=w.fixedVersions.length>0?` (fix: ${w.fixedVersions.join(", ")})`:"";return{classname:`${b}@${h}`,failureMessage:`${Ke(w.severity).toUpperCase()} ${w.id} — ${w.summary.split(`
289
+ `},"renderTestsuite"),Fi=ue(e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),a=e.suiteName??"vis-audit",i=e.findings.map(d=>{const{acknowledged:m,packageName:b,packageVersion:h,vulnerability:w}=d,y=w.fixedVersions.length>0?` (fix: ${w.fixedVersions.join(", ")})`:"";return{classname:`${b}@${h}`,failureMessage:`${Ke(w.severity).toUpperCase()} ${w.id} — ${w.summary.split(`
290
290
  `)[0]?.slice(0,200)??w.id}`,failureText:`${w.id}: ${b}@${h}
291
291
  ${w.summary||`Advisory ${w.id}`}${y}`,failureType:Ke(w.severity).toUpperCase(),name:w.id,status:m?"skipped":"failure"}}),r=(e.policyDecisions??[]).filter(d=>d.policy!=="vulnerability").map(d=>{let m;return d.acceptedRisk?m="skipped":d.severity==="info"?m="passing":m="failure",{classname:`${d.packageName}@${d.version}`,failureMessage:`${d.severity.toUpperCase()} vis.policy.${d.policy}`,failureText:d.reason,failureType:d.severity.toUpperCase(),name:`vis.policy.${d.policy}`,status:m,...m==="passing"?{systemOut:d.reason}:{}}}),n=i.length+r.length,o=i.filter(d=>d.status==="failure").length+r.filter(d=>d.status==="failure").length,c=i.filter(d=>d.status==="skipped").length+r.filter(d=>d.status==="skipped").length;let l=`<?xml version="1.0" encoding="UTF-8"?>
292
292
  <testsuites name="${Q(a)}" tests="${String(n)}" failures="${String(o)}" skipped="${String(c)}" errors="0" time="0">
293
293
  `;return l+=$t("vulnerabilities",i,t),r.length>0&&(l+=$t("policies",r,t)),l+=`</testsuites>
294
- `,l},"emitJUnitAudit");var Ki=Object.defineProperty,qi=R((e,t)=>Ki(e,"name",{value:t,configurable:!0}),"g$1");const Ji=qi(e=>{const t=new Map,a=[],i=e.artifactUri??(Ot(e.workspaceRoot,Ea(e.workspaceRoot,"package.json"))||"package.json");for(const o of e.findings){const{acknowledged:c,packageName:l,packageVersion:d,vulnerability:m}=o,b=hi(m.severity),h=Ke(m.severity);t.has(m.id)||t.set(m.id,{defaultConfiguration:{level:b},fullDescription:{text:m.summary||`Advisory ${m.id}`},helpUri:V(m.id),id:m.id,name:m.id,properties:{precision:"very-high","security-severity":wi(m),"severity-label":h,tags:["security","vulnerability","supply-chain",`severity:${h}`]},shortDescription:{text:(m.summary.split(`
295
- `)[0]??m.id).slice(0,200)}}),a.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${l}@${d}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:`${m.id}: ${l}@${d} — ${m.summary||"no summary"}${m.fixedVersions.length>0?` (fix: ${m.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:m.id,package:l,version:d},properties:{...c?{acknowledged:!0}:{},...m.aliases&&m.aliases.length>0?{aliases:m.aliases}:{},...typeof m.cvssScore=="number"?{cvssScore:m.cvssScore}:{},...m.fixedVersions.length>0?{fixedVersions:m.fixedVersions}:{},packageName:l,packageVersion:d,severityLabel:h},ruleId:m.id})}const r={block:"error",info:"note",warn:"warning"},n={block:"high",info:"none",warn:"medium"};for(const o of e.policyDecisions??[]){if(o.policy==="vulnerability")continue;const c=`vis.policy.${o.policy}`,l=r[o.severity],d=n[o.severity];t.has(c)||t.set(c,{defaultConfiguration:{level:l},fullDescription:{text:`vis policy '${o.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${o.policy}`,id:c,name:c,properties:{precision:"high","security-severity":o.severity==="block"?"8.0":o.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${o.policy}`]},shortDescription:{text:`vis policy: ${o.policy}`}}),a.push({level:l,locations:[{logicalLocations:[{kind:"package",name:`${o.packageName}@${o.version}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:o.reason},partialFingerprints:{package:o.packageName,policy:o.policy,version:o.version},properties:{...o.acceptedRisk?{acknowledged:!0}:{},packageName:o.packageName,packageVersion:o.version,severityLabel:d},ruleId:c})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:a,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Yi=Object.defineProperty,re=R((e,t)=>Yi(e,"name",{value:t,configurable:!0}),"c$1");const Zi=["dependencies","devDependencies","optionalDependencies","peerDependencies"],St=re(e=>{try{return{path:e,pkg:It(e)}}catch{return}},"readPackageJsonSafe"),Xi=re(e=>{const t=[],a=St(U(e,"package.json"));a&&t.push({path:a.path,pkg:a.pkg,workspaceName:a.pkg.name});const i=oa(e);let r;if(i?r=i:a?.pkg.workspaces&&(Array.isArray(a.pkg.workspaces)?r=a.pkg.workspaces:a.pkg.workspaces.packages&&(r=a.pkg.workspaces.packages)),!r)return t;for(const n of sa(e,r)){const o=St(U(e,n,"package.json"));o&&t.push({path:o.path,pkg:o.pkg,workspaceName:o.pkg.name})}return t},"collectWorkspaceManifests"),Qi=re((e,t)=>{const a=[];for(const i of e)for(const r of Zi){const n=i.pkg[r]?.[t];typeof n=="string"&&a.push({field:r,manifest:i,range:n})}return a},"findDeclarations"),Mt=re(e=>{const t=Xi(e.workspaceRoot),a=[],i=[],r=[],n=new Set;for(const o of e.findings){const c=o.vulnerability.fixedVersions[0];if(!c){r.push({packageName:o.packageName,reason:"no-fixed-version"});continue}const l=Qi(t,o.packageName);if(l.length===0){r.push({packageName:o.packageName,reason:"transitive-only"});continue}const d=T.coerce(c),m=d?`^${d.version}`:c,b=d?d.version:c;for(const h of l){const w=`${h.manifest.path}::${h.field}::${o.packageName}::${b}`;if(n.has(w))continue;n.add(w);const y=tr(b,h.range),g={currentRange:h.range,field:h.field,inRange:y,manifestPath:h.manifest.path,packageName:o.packageName,targetSpec:m,targetVersion:b,workspaceName:h.manifest.workspaceName};y||e.allowMajor===!0?a.push(g):i.push(g)}}return{apply:a,skippedMajor:i,unmatched:r}},"buildDirectApplyPlan"),er=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,tr=re((e,t)=>{if(er.test(t))return!0;const a=T.coerce(e)?.version??e;try{return T.satisfies(a,t)}catch{return!0}},"satisfiesRange"),ar=re(e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const a of e.apply){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` + ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const a of e.skippedMajor){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` ! ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.unmatched.length>0){const a=e.unmatched.filter(r=>r.reason==="transitive-only"),i=e.unmatched.filter(r=>r.reason==="no-fixed-version");if(a.length>0){t.push(`Transitive only (${String(a.length)}, requires --fix-transitive):`);for(const r of a)t.push(` · ${r.packageName}`)}if(i.length>0){t.push(`No fixed version available (${String(i.length)}):`);for(const r of i)t.push(` · ${r.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
296
- `)},"formatDirectApplyPlan");var ir=Object.defineProperty,De=R((e,t)=>ir(e,"name",{value:t,configurable:!0}),"l");const rr=5,nr=64,or=De((e,t)=>{if(t.length===0)return[];const a=new Set;for(const i of e){if(t.includes(i)){a.add(i);continue}let r=!1;for(const n of t)try{T.satisfies(n,i)&&(a.add(n),r=!0)}catch{}!r&&t.length===1&&a.add(t[0])}return[...a]},"resolveSpecifierVersions"),sr=De(e=>{const t=new Map;for(const r of e.entries){let n=t.get(r.name);n||(n=[],t.set(r.name,n)),n.includes(r.version)||n.push(r.version)}const a=new Map;for(const r of e.entries){const n=`${r.name}@${r.version}`;let o=a.get(n);o||(o=new Map,a.set(n,o));for(const c of[r.dependencies,r.peerDependencies,r.optionalDependencies])if(c)for(const[l,d]of Object.entries(c)){const m=t.get(l)??[],b=or(d,m);for(const h of b){const w=`${l}@${h}`;o.has(w)||o.set(w,{name:l,version:h})}}}const i=new Map;for(const[r,n]of a)i.set(r,{children:[...n.values()]});return{adjacency:i,versionsByName:t}},"buildAdjacency"),cr=De((e,t)=>{const a=t.get(e.name);if(!(!a||a.length===0)){if(a.includes(e.version))return{name:e.name,version:e.version};for(const i of a)try{if(T.satisfies(i,e.version))return{name:e.name,version:i}}catch{}if(a.length===1)return{name:e.name,version:a[0]}}},"resolveRootNode"),lr=De((e,t,a={})=>{const i=a.maxPathsPerTarget??rr,r=a.maxDepth??nr;if(i<=0)return[];const{adjacency:n,versionsByName:o}=sr(e),c=`${t.name}@${t.version}`,l=[],d=[],m=new Set;for(const w of e.roots){const y=cr(w,o);if(!y)continue;const g=`${y.name}@${y.version}`;m.has(g)||(m.add(g),d.push(y))}const b=[];for(const w of d){const y=`${w.name}@${w.version}`;if(y===c){if(l.push([w]),l.length>=i)return l;continue}b.push({node:w,path:[w],visited:new Set([y])})}let h=0;for(;h<b.length&&l.length<i;){const w=b[h];if(h+=1,w.path.length>=r)continue;const y=n.get(`${w.node.name}@${w.node.version}`)?.children??[];for(const g of y){const $=`${g.name}@${g.version}`;if(w.visited.has($))continue;const x=[...w.path,g];if($===c){if(l.push(x),l.length>=i)return l;continue}const j=new Set(w.visited);j.add($),b.push({node:g,path:x,visited:j})}}return l},"buildDependencyPaths");var pr=Object.defineProperty,z=R((e,t)=>pr(e,"name",{value:t,configurable:!0}),"i");const dr={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},gr={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},Tt=z(e=>gr[e.toLowerCase()]??e,"canonicalEcosystem"),ur=z((e,t)=>{const a=Tt(t),i=dr[a]??[];for(const r of i){const n=U(e,r);if(At(n))return n}},"findEcosystemLockfile"),fr=z(e=>{const t=new Set,a=[];for(const i of e){const r=`${i.name}@${i.version}`;t.has(r)||(t.add(r),a.push(i))}return a},"dedupe"),mr=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,hr=/^\s*name\s*=\s*"([^"]+)"\s*$/m,vr=/^\s*version\s*=\s*"([^"]+)"\s*$/m,wr=z(e=>{const t=[];for(const a of e.matchAll(mr)){const i=a[1]??"",r=hr.exec(i)?.[1],n=vr.exec(i)?.[1];r&&n&&t.push({isDev:!1,name:r,version:n})}return t},"parseTomlPackages"),yr=z(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const a=[];for(const i of["default","develop"]){const r=t[i];if(!(typeof r!="object"||r===null))for(const[n,o]of Object.entries(r)){if(typeof o!="object"||o===null)continue;const c=o.version;if(typeof c!="string")continue;const l=c.replace(/^==/,"").trim();l.length>0&&a.push({isDev:!1,name:n,version:l})}}return a},"parsePipfileLock"),br=/<dependency>([\s\S]*?)<\/dependency>/g,xr=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,kr=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,$r=/<version>\s*([^<\s]+)\s*<\/version>/,Sr=z(e=>{const t=[];for(const a of e.matchAll(br)){const i=a[1]??"",r=xr.exec(i)?.[1],n=kr.exec(i)?.[1],o=$r.exec(i)?.[1];!r||!n||!o||o.startsWith("${")||t.push({isDev:!1,name:`${r}:${n}`,version:o})}return t},"parsePomXml"),Ar=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0||i.startsWith("#"))continue;const r=i.indexOf("="),n=(r===-1?i:i.slice(0,r)).split(":");if(n.length<3)continue;const[o,c,l]=n;!o||!c||!l||t.push({isDev:!1,name:`${o}:${c}`,version:l})}return t},"parseGradleLockfile"),Nr=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0)continue;const r=i.split(/\s+/);if(r.length<3)continue;const[n,o]=r;if(!n||!o?.endsWith("/go.mod"))continue;const c=o.slice(0,-7);c.length!==0&&t.push({isDev:!1,name:n,version:c})}return t},"parseGoSum"),Cr=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,jr=z(e=>{const t=[];let a=!1,i=!1;for(const r of e.split(/\r?\n/)){if(r.startsWith("GEM")){a=!0,i=!1;continue}if(a&&/^[A-Z]/.test(r)){a=!1,i=!1;continue}if(a&&r.trim()==="specs:"){i=!0;continue}if(i){const n=Cr.exec(r);if(n){const[,o,c]=n;o&&c&&t.push({isDev:!1,name:o,version:c})}}}return t},"parseGemfileLock"),Rr=z((e,t)=>{const a=ur(e,t);if(!a)return[];let i;try{i=Nt(a,"utf8")}catch{return[]}const r=a.split(/[/\\]/).pop()??"";let n;switch(r){case"Cargo.lock":case"poetry.lock":case"uv.lock":{n=wr(i);break}case"Gemfile.lock":{n=jr(i);break}case"go.sum":{n=Nr(i);break}case"gradle.lockfile":{n=Ar(i);break}case"Pipfile.lock":{n=yr(i);break}case"pom.xml":{n=Sr(i);break}default:return[]}return fr(n)},"lockedPackagesForEcosystem");var Ir=Object.defineProperty,ge=R((e,t)=>Ir(e,"name",{value:t,configurable:!0}),"c");const Er=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Or=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],Pr=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Dr=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,Lr=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Mr=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Tr=ge(e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const a=t.split("/");return a.length<2?void 0:`${a[0]}/${a[1]}`}return t.split("/")[0]}},"normalizePackageName"),Vr=ge(e=>{const t=new Set,a=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),i=ge(r=>{r.lastIndex=0;let n;for(;(n=r.exec(a))!==null;){const o=Tr(n[1]);o&&t.add(o)}},"collect");return i(Dr),i(Lr),i(Mr),t},"extractImportedNames"),zr=ge(e=>{const t=new Set;try{const a=It(e);for(const i of Pr){const r=a[i];if(r&&typeof r=="object"&&!Array.isArray(r))for(const n of Object.keys(r))t.add(n)}}catch{}return t},"extractPackageJsonNames"),Wr=ge(e=>{const t=e.skip??Or,a=e.extensions??Er,i=new Set;let r=0;const n=vt(e.workspaceRoot,{extensions:a,includeDirs:!1,skip:t});for(const l of n){r+=1;try{const d=Nt(l,"utf8");for(const m of Vr(d))i.add(m)}catch{}}const o=vt(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(l=>l.endsWith("/package.json")||l.endsWith(String.raw`\package.json`)||l.endsWith("package.json"));for(const l of o)for(const d of zr(l))i.add(d);if(e.alwaysAssumeUsed)for(const l of e.alwaysAssumeUsed)i.add(l);const c=new Set;for(const l of e.vulnerablePackages)i.has(l)&&c.add(l);return{filesScanned:r,importedTotal:i,reachable:c}},"computeReachableVulnerablePackages");var _r=Object.defineProperty,W=R((e,t)=>_r(e,"name",{value:t,configurable:!0}),"o");const Fr=W(e=>{const t=T.coerce(e)?.major;return t!==void 0&&t>=10},"PNPM_V10_PLUS"),Ur=W(e=>Object.fromEntries(Object.entries(e).sort(([t],[a])=>t.localeCompare(a))),"sortByKey"),Hr=W((e,t)=>`${JSON.stringify(e,void 0,t)}
297
- `,"stringifyJson"),Vt=W((e,t)=>{if(t.name==="pnpm"&&Fr(t.version))return{filePath:U(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const a=U(e,"package.json");return t.name==="pnpm"?{filePath:a,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:a,surface:"package.json#resolutions"}:{filePath:a,surface:"package.json#overrides"}},"resolveOverrideSurface"),Gr=W((e,t)=>{const{filePath:a,surface:i}=Vt(e,t);if(!ae(a))return{};if(i==="pnpm-workspace.yaml")try{return Ye(a)?.overrides??{}}catch{return{}}try{const r=JSON.parse(Ee(a));return i==="package.json#pnpm.overrides"?(r.pnpm??{}).overrides??{}:i==="package.json#resolutions"?r.resolutions??{}:r.overrides??{}}catch{return{}}},"readExistingOverrides"),Br=W((e,t)=>{const a=Object.keys(t).sort();if(a.length===0&&!/^overrides\s*:/m.test(e))return e;const i=`overrides:
294
+ `,l},"emitJUnitAudit");var Ui=Object.defineProperty,Hi=j((e,t)=>Ui(e,"name",{value:t,configurable:!0}),"g$1");const Gi=Hi(e=>{const t=new Map,a=[],i=e.artifactUri??(Ot(e.workspaceRoot,Ea(e.workspaceRoot,"package.json"))||"package.json");for(const o of e.findings){const{acknowledged:c,packageName:l,packageVersion:d,vulnerability:m}=o,b=gi(m.severity),h=Ke(m.severity);t.has(m.id)||t.set(m.id,{defaultConfiguration:{level:b},fullDescription:{text:m.summary||`Advisory ${m.id}`},helpUri:V(m.id),id:m.id,name:m.id,properties:{precision:"very-high","security-severity":fi(m),"severity-label":h,tags:["security","vulnerability","supply-chain",`severity:${h}`]},shortDescription:{text:(m.summary.split(`
295
+ `)[0]??m.id).slice(0,200)}}),a.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${l}@${d}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:`${m.id}: ${l}@${d} — ${m.summary||"no summary"}${m.fixedVersions.length>0?` (fix: ${m.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:m.id,package:l,version:d},properties:{...c?{acknowledged:!0}:{},...m.aliases&&m.aliases.length>0?{aliases:m.aliases}:{},...typeof m.cvssScore=="number"?{cvssScore:m.cvssScore}:{},...m.fixedVersions.length>0?{fixedVersions:m.fixedVersions}:{},packageName:l,packageVersion:d,severityLabel:h},ruleId:m.id})}const r={block:"error",info:"note",warn:"warning"},n={block:"high",info:"none",warn:"medium"};for(const o of e.policyDecisions??[]){if(o.policy==="vulnerability")continue;const c=`vis.policy.${o.policy}`,l=r[o.severity],d=n[o.severity];t.has(c)||t.set(c,{defaultConfiguration:{level:l},fullDescription:{text:`vis policy '${o.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${o.policy}`,id:c,name:c,properties:{precision:"high","security-severity":o.severity==="block"?"8.0":o.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${o.policy}`]},shortDescription:{text:`vis policy: ${o.policy}`}}),a.push({level:l,locations:[{logicalLocations:[{kind:"package",name:`${o.packageName}@${o.version}`}],physicalLocation:{artifactLocation:{uri:i}}}],message:{text:o.reason},partialFingerprints:{package:o.packageName,policy:o.policy,version:o.version},properties:{...o.acceptedRisk?{acknowledged:!0}:{},packageName:o.packageName,packageVersion:o.version,severityLabel:d},ruleId:c})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:a,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},"emitSarif");var Bi=Object.defineProperty,re=j((e,t)=>Bi(e,"name",{value:t,configurable:!0}),"c$1");const Ki=["dependencies","devDependencies","optionalDependencies","peerDependencies"],St=re(e=>{try{return{path:e,pkg:It(e)}}catch{return}},"readPackageJsonSafe"),qi=re(e=>{const t=[],a=St(U(e,"package.json"));a&&t.push({path:a.path,pkg:a.pkg,workspaceName:a.pkg.name});const i=oa(e);let r;if(i?r=i:a?.pkg.workspaces&&(Array.isArray(a.pkg.workspaces)?r=a.pkg.workspaces:a.pkg.workspaces.packages&&(r=a.pkg.workspaces.packages)),!r)return t;for(const n of sa(e,r)){const o=St(U(e,n,"package.json"));o&&t.push({path:o.path,pkg:o.pkg,workspaceName:o.pkg.name})}return t},"collectWorkspaceManifests"),Ji=re((e,t)=>{const a=[];for(const i of e)for(const r of Ki){const n=i.pkg[r]?.[t];typeof n=="string"&&a.push({field:r,manifest:i,range:n})}return a},"findDeclarations"),Mt=re(e=>{const t=qi(e.workspaceRoot),a=[],i=[],r=[],n=new Set;for(const o of e.findings){const c=o.vulnerability.fixedVersions[0];if(!c){r.push({packageName:o.packageName,reason:"no-fixed-version"});continue}const l=Ji(t,o.packageName);if(l.length===0){r.push({packageName:o.packageName,reason:"transitive-only"});continue}const d=T.coerce(c),m=d?`^${d.version}`:c,b=d?d.version:c;for(const h of l){const w=`${h.manifest.path}::${h.field}::${o.packageName}::${b}`;if(n.has(w))continue;n.add(w);const y=Zi(b,h.range),g={currentRange:h.range,field:h.field,inRange:y,manifestPath:h.manifest.path,packageName:o.packageName,targetSpec:m,targetVersion:b,workspaceName:h.manifest.workspaceName};y||e.allowMajor===!0?a.push(g):i.push(g)}}return{apply:a,skippedMajor:i,unmatched:r}},"buildDirectApplyPlan"),Yi=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,Zi=re((e,t)=>{if(Yi.test(t))return!0;const a=T.coerce(e)?.version??e;try{return T.satisfies(a,t)}catch{return!0}},"satisfiesRange"),Xi=re(e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const a of e.apply){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` + ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const a of e.skippedMajor){const i=a.workspaceName?` [${a.workspaceName}]`:"";t.push(` ! ${a.packageName}: ${a.currentRange} → ${a.targetSpec}${i}`)}}if(e.unmatched.length>0){const a=e.unmatched.filter(r=>r.reason==="transitive-only"),i=e.unmatched.filter(r=>r.reason==="no-fixed-version");if(a.length>0){t.push(`Transitive only (${String(a.length)}, requires --fix-transitive):`);for(const r of a)t.push(` · ${r.packageName}`)}if(i.length>0){t.push(`No fixed version available (${String(i.length)}):`);for(const r of i)t.push(` · ${r.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
296
+ `)},"formatDirectApplyPlan");var Qi=Object.defineProperty,De=j((e,t)=>Qi(e,"name",{value:t,configurable:!0}),"l");const er=5,tr=64,ar=De((e,t)=>{if(t.length===0)return[];const a=new Set;for(const i of e){if(t.includes(i)){a.add(i);continue}let r=!1;for(const n of t)try{T.satisfies(n,i)&&(a.add(n),r=!0)}catch{}!r&&t.length===1&&a.add(t[0])}return[...a]},"resolveSpecifierVersions"),ir=De(e=>{const t=new Map;for(const r of e.entries){let n=t.get(r.name);n||(n=[],t.set(r.name,n)),n.includes(r.version)||n.push(r.version)}const a=new Map;for(const r of e.entries){const n=`${r.name}@${r.version}`;let o=a.get(n);o||(o=new Map,a.set(n,o));for(const c of[r.dependencies,r.peerDependencies,r.optionalDependencies])if(c)for(const[l,d]of Object.entries(c)){const m=t.get(l)??[],b=ar(d,m);for(const h of b){const w=`${l}@${h}`;o.has(w)||o.set(w,{name:l,version:h})}}}const i=new Map;for(const[r,n]of a)i.set(r,{children:[...n.values()]});return{adjacency:i,versionsByName:t}},"buildAdjacency"),rr=De((e,t)=>{const a=t.get(e.name);if(!(!a||a.length===0)){if(a.includes(e.version))return{name:e.name,version:e.version};for(const i of a)try{if(T.satisfies(i,e.version))return{name:e.name,version:i}}catch{}if(a.length===1)return{name:e.name,version:a[0]}}},"resolveRootNode"),nr=De((e,t,a={})=>{const i=a.maxPathsPerTarget??er,r=a.maxDepth??tr;if(i<=0)return[];const{adjacency:n,versionsByName:o}=ir(e),c=`${t.name}@${t.version}`,l=[],d=[],m=new Set;for(const w of e.roots){const y=rr(w,o);if(!y)continue;const g=`${y.name}@${y.version}`;m.has(g)||(m.add(g),d.push(y))}const b=[];for(const w of d){const y=`${w.name}@${w.version}`;if(y===c){if(l.push([w]),l.length>=i)return l;continue}b.push({node:w,path:[w],visited:new Set([y])})}let h=0;for(;h<b.length&&l.length<i;){const w=b[h];if(h+=1,w.path.length>=r)continue;const y=n.get(`${w.node.name}@${w.node.version}`)?.children??[];for(const g of y){const $=`${g.name}@${g.version}`;if(w.visited.has($))continue;const x=[...w.path,g];if($===c){if(l.push(x),l.length>=i)return l;continue}const R=new Set(w.visited);R.add($),b.push({node:g,path:x,visited:R})}}return l},"buildDependencyPaths");var or=Object.defineProperty,z=j((e,t)=>or(e,"name",{value:t,configurable:!0}),"i");const sr={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},cr={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},Tt=z(e=>cr[e.toLowerCase()]??e,"canonicalEcosystem"),lr=z((e,t)=>{const a=Tt(t),i=sr[a]??[];for(const r of i){const n=U(e,r);if(At(n))return n}},"findEcosystemLockfile"),pr=z(e=>{const t=new Set,a=[];for(const i of e){const r=`${i.name}@${i.version}`;t.has(r)||(t.add(r),a.push(i))}return a},"dedupe"),dr=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,gr=/^\s*name\s*=\s*"([^"]+)"\s*$/m,ur=/^\s*version\s*=\s*"([^"]+)"\s*$/m,fr=z(e=>{const t=[];for(const a of e.matchAll(dr)){const i=a[1]??"",r=gr.exec(i)?.[1],n=ur.exec(i)?.[1];r&&n&&t.push({isDev:!1,name:r,version:n})}return t},"parseTomlPackages"),mr=z(e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const a=[];for(const i of["default","develop"]){const r=t[i];if(!(typeof r!="object"||r===null))for(const[n,o]of Object.entries(r)){if(typeof o!="object"||o===null)continue;const c=o.version;if(typeof c!="string")continue;const l=c.replace(/^==/,"").trim();l.length>0&&a.push({isDev:!1,name:n,version:l})}}return a},"parsePipfileLock"),hr=/<dependency>([\s\S]*?)<\/dependency>/g,vr=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,wr=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,yr=/<version>\s*([^<\s]+)\s*<\/version>/,br=z(e=>{const t=[];for(const a of e.matchAll(hr)){const i=a[1]??"",r=vr.exec(i)?.[1],n=wr.exec(i)?.[1],o=yr.exec(i)?.[1];!r||!n||!o||o.startsWith("${")||t.push({isDev:!1,name:`${r}:${n}`,version:o})}return t},"parsePomXml"),xr=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0||i.startsWith("#"))continue;const r=i.indexOf("="),n=(r===-1?i:i.slice(0,r)).split(":");if(n.length<3)continue;const[o,c,l]=n;!o||!c||!l||t.push({isDev:!1,name:`${o}:${c}`,version:l})}return t},"parseGradleLockfile"),kr=z(e=>{const t=[];for(const a of e.split(/\r?\n/)){const i=a.trim();if(i.length===0)continue;const r=i.split(/\s+/);if(r.length<3)continue;const[n,o]=r;if(!n||!o?.endsWith("/go.mod"))continue;const c=o.slice(0,-7);c.length!==0&&t.push({isDev:!1,name:n,version:c})}return t},"parseGoSum"),$r=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,Sr=z(e=>{const t=[];let a=!1,i=!1;for(const r of e.split(/\r?\n/)){if(r.startsWith("GEM")){a=!0,i=!1;continue}if(a&&/^[A-Z]/.test(r)){a=!1,i=!1;continue}if(a&&r.trim()==="specs:"){i=!0;continue}if(i){const n=$r.exec(r);if(n){const[,o,c]=n;o&&c&&t.push({isDev:!1,name:o,version:c})}}}return t},"parseGemfileLock"),Ar=z((e,t)=>{const a=lr(e,t);if(!a)return[];let i;try{i=Nt(a,"utf8")}catch{return[]}const r=a.split(/[/\\]/).pop()??"";let n;switch(r){case"Cargo.lock":case"poetry.lock":case"uv.lock":{n=fr(i);break}case"Gemfile.lock":{n=Sr(i);break}case"go.sum":{n=kr(i);break}case"gradle.lockfile":{n=xr(i);break}case"Pipfile.lock":{n=mr(i);break}case"pom.xml":{n=br(i);break}default:return[]}return pr(n)},"lockedPackagesForEcosystem");var Nr=Object.defineProperty,ge=j((e,t)=>Nr(e,"name",{value:t,configurable:!0}),"c");const Cr=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Rr=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],jr=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Ir=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,Er=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Or=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Pr=ge(e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const a=t.split("/");return a.length<2?void 0:`${a[0]}/${a[1]}`}return t.split("/")[0]}},"normalizePackageName"),Dr=ge(e=>{const t=new Set,a=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),i=ge(r=>{r.lastIndex=0;let n;for(;(n=r.exec(a))!==null;){const o=Pr(n[1]);o&&t.add(o)}},"collect");return i(Ir),i(Er),i(Or),t},"extractImportedNames"),Lr=ge(e=>{const t=new Set;try{const a=It(e);for(const i of jr){const r=a[i];if(r&&typeof r=="object"&&!Array.isArray(r))for(const n of Object.keys(r))t.add(n)}}catch{}return t},"extractPackageJsonNames"),Mr=ge(e=>{const t=e.skip??Rr,a=e.extensions??Cr,i=new Set;let r=0;const n=vt(e.workspaceRoot,{extensions:a,includeDirs:!1,skip:t});for(const l of n){r+=1;try{const d=Nt(l,"utf8");for(const m of Dr(d))i.add(m)}catch{}}const o=vt(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(l=>l.endsWith("/package.json")||l.endsWith(String.raw`\package.json`)||l.endsWith("package.json"));for(const l of o)for(const d of Lr(l))i.add(d);if(e.alwaysAssumeUsed)for(const l of e.alwaysAssumeUsed)i.add(l);const c=new Set;for(const l of e.vulnerablePackages)i.has(l)&&c.add(l);return{filesScanned:r,importedTotal:i,reachable:c}},"computeReachableVulnerablePackages");var Tr=Object.defineProperty,W=j((e,t)=>Tr(e,"name",{value:t,configurable:!0}),"o");const Vr=W(e=>{const t=T.coerce(e)?.major;return t!==void 0&&t>=10},"PNPM_V10_PLUS"),zr=W(e=>Object.fromEntries(Object.entries(e).sort(([t],[a])=>t.localeCompare(a))),"sortByKey"),Wr=W((e,t)=>`${JSON.stringify(e,void 0,t)}
297
+ `,"stringifyJson"),Vt=W((e,t)=>{if(t.name==="pnpm"&&Vr(t.version))return{filePath:U(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const a=U(e,"package.json");return t.name==="pnpm"?{filePath:a,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:a,surface:"package.json#resolutions"}:{filePath:a,surface:"package.json#overrides"}},"resolveOverrideSurface"),_r=W((e,t)=>{const{filePath:a,surface:i}=Vt(e,t);if(!ae(a))return{};if(i==="pnpm-workspace.yaml")try{return Ye(a)?.overrides??{}}catch{return{}}try{const r=JSON.parse(Ee(a));return i==="package.json#pnpm.overrides"?(r.pnpm??{}).overrides??{}:i==="package.json#resolutions"?r.resolutions??{}:r.overrides??{}}catch{return{}}},"readExistingOverrides"),Fr=W((e,t)=>{const a=Object.keys(t).sort();if(a.length===0&&!/^overrides\s*:/m.test(e))return e;const i=`overrides:
298
298
  ${a.map(r=>` '${r}': '${t[r]}'`).join(`
299
299
  `)}
300
300
  `;if(e.length===0)return i;if(/^overrides\s*:/m.test(e)){const r=e.replace(/^overrides\s*:[^\n]*\n(?:[ \t][^\n]*\n)*/m,i);return r.endsWith(`
@@ -302,21 +302,21 @@ ${a.map(r=>` '${r}': '${t[r]}'`).join(`
302
302
  `}return`${e.endsWith(`
303
303
  `)?e:`${e}
304
304
  `}
305
- ${i}`},"renderPnpmWorkspaceOverrides"),Kr=W((e,t,a,i)=>{const r=ca(e,t.length>0?t:void 0),n=t.length>0?JSON.parse(t):{};if(a==="package.json#pnpm.overrides"){const o=n.pnpm??{};o.overrides=i,n.pnpm=o}else a==="package.json#resolutions"?n.resolutions=i:n.overrides=i;return Hr(n,r)},"renderPackageJsonWithOverrides"),qr=W((e,t,a)=>{const{filePath:i,surface:r}=Vt(e,a),n=Gr(e,a),o=ae(i)?Ee(i):"",c=[],l={...n};for(const h of t.entries){const w=n[h.packageName];if(w===h.spec){c.push({...h,previousSpec:w,status:"unchanged"});continue}w===void 0?c.push({...h,status:"added"}):c.push({...h,previousSpec:w,status:"updated"}),l[h.packageName]=h.spec}const d=Ur(l),m=c.some(h=>h.status!=="unchanged"),b=r==="pnpm-workspace.yaml"?Br(o,d):Kr(i,o,r,d);return{changed:m,entries:c,filePath:i,nextContent:b,previousContent:o,surface:r}},"planOverrideWrite"),Jr=W(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{Ct(t,e.nextContent),Zt(t,e.filePath)}catch(a){try{Xt(t)}catch{}throw a}return e},"applyOverridePlan"),Yr=W(e=>{const t=new Map;for(const a of e){const i=a.vulnerability.fixedVersions[0];if(!i)continue;const r=T.coerce(i),n=r?`^${r.version}`:i;t.set(a.packageName,n)}return{entries:[...t.entries()].sort(([a],[i])=>a.localeCompare(i)).map(([a,i])=>({packageName:a,spec:i}))}},"buildOverridePlanFromFindings");var Zr=Object.defineProperty,N=R((e,t)=>Zr(e,"name",{value:t,configurable:!0}),"m");const Xr={critical:Ie,high:Rt,low:jt,medium:Re},qe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),Qr=N(e=>{const t=(e??"npm").split(",").map(r=>r.trim()).filter(r=>r.length>0),a=t.length>0?t:["npm"],i=a.filter(r=>!qe.has(r.toLowerCase()));return{all:a,unsupported:i}},"parseEcosystems"),en={CRITICAL:Ie,HIGH:Rt,LOW:jt,MODERATE:Re,UNKNOWN:L},tn=N((e,t,a,i)=>{const r=en[a.severity]??L,n=i?` ${L("[acknowledged]")}`:"",o=a.fixedVersions??[],c=o.length>0?` (fix: ${o.join(", ")})`:"";return` ${r(a.severity)} ${a.id} — ${e}@${t}${n}
306
- ${a.summary}${c}`},"formatVulnLine"),an=N((e,t)=>{const a=la(e),i=`${String(Math.round(e.score.overall*100))}%`,r=t?` ${L("[acknowledged]")}`:"",n=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return` ${i} ${a}@${e.version} (${pa(e.score.overall)}${n})${r}`},"formatSocketLine"),rn=new Set(["aube","auto","vis"]),le=N(e=>e!==void 0&&rn.has(e),"isAuditBackend"),nn=N((e,t,a)=>{if(e!==void 0&&!le(e))throw new Error(`Invalid --backend value '${e}'. Expected one of: aube, auto, vis.`);const i=process.env.VIS_AUDIT_BACKEND;if(i!==void 0&&i!==""&&!le(i))throw new Error(`Invalid VIS_AUDIT_BACKEND value '${i}'. Expected one of: aube, auto, vis.`);const r=le(i)?i:void 0,n=le(t)?t:void 0,o=(le(e)?e:void 0)??r??n??"auto";return o==="aube"?"aube":o==="vis"?"vis":(a?.install?.backend??process.env.VIS_INSTALLER)==="aube"&&va("aube")!==null?"aube":"vis"},"resolveAuditBackend"),on=N(e=>{if(e!==void 0)switch(e){case"critical":return"critical";case"high":return"high";case"low":return"low";case"medium":return"moderate";default:return e}},"mapSeverityToAube"),sn=N((e,t,a)=>{const i=["audit"],r=on(t.severity);r!==void 0&&i.push("--audit-level",r),(t.prodOnly===!0||t.prod===!0)&&i.push("--prod"),(t.json===!0||t.format==="json")&&i.push("--json");const n=t.fix===!0;t["fix-transitive"]===!0||t.fixTransitive===!0?i.push("--fix=override"):n&&i.push("--fix=update");const o=[];t.offline===!0&&o.push("--offline (aube has its own offline cache)"),(t.format==="sarif"||t.format==="csaf"||t.format==="cyclonedx"||t.format==="cyclonedx-vex"||t.format==="gitlab"||t.format==="junit")&&o.push(`--format=${String(t.format)} (only json/text is forwarded to aube)`),o.length>0&&f.warn(`Delegating to 'aube audit'. Skipping vis-only flags: ${o.join(", ")}`);const c=Yt("aube",i,{cwd:e,stdio:"inherit"});if(c.error){const{code:l}=c.error;return l==="ENOENT"?f.error("Backend 'aube' selected but the 'aube' binary was not found on PATH. Install aube or run with --backend vis."):f.error(`Failed to spawn aube: ${c.error.message}`),1}return c.status??1},"runAubeAudit"),cn=N(async(e,t,a,i)=>{if(nn(t.backend,a?.security?.audit?.backend,a)==="aube"){process.exitCode=sn(e,t,a);return}const r=t.severity??"low",n=t.format??"table",o=n==="sarif",c=n==="csaf",l=n==="cyclonedx-vex"||n==="cyclonedx",d=n==="gitlab",m=n==="junit",b=n==="json"||!!t.json,h=t.report,w=a?.security?.audit,y=a?.security?.policies,g=t.offline===void 0?!!w?.offlineByDefault:!!t.offline,$=t.db,x=Qr(t.ecosystem),j=!!t.prodOnly,M=t.failOn??y?.vulnerability?.failOn,fe=!!t.showFixes,me=!!t.showAccepted,Le=a?.security?.acceptedRisks,tt=y?.vulnerability?.usage,_t=t.noUsage?!1:t.usage===void 0?!!tt?.enabled:!!t.usage,E=b||o||c||l||d||m,at=t.explain,Me=at!==void 0,it=Me&&!o&&!c&&!l&&!d&&!m;if(Me&&g){f.error("`--explain` needs network access and cannot run in offline mode (--offline or security.audit.offlineByDefault)."),process.exitCode=1;return}Me&&!it&&f.warn(`\`--explain\` has no effect with --format=${n}; explanations are only rendered in table, json, and HTML output.`);const D=ka(e),C=ri(e,D.name);if(g){const s=$??Pa(e);if(!At(s)){const p=new mt(s);E?process.stderr.write(`${p.message}
307
- `):f.error(p.message),process.exitCode=1;return}}!E&&(C.ignoredAdvisories.length>0||C.excludedPackages.length>0)&&f.info(`Loaded ${String(C.ignoredAdvisories.length)} ignored advisor${C.ignoredAdvisories.length===1?"y":"ies"} and ${String(C.excludedPackages.length)} excluded package${C.excludedPackages.length===1?"":"s"} from ${D.name} config.`),!E&&x.unsupported.length>0&&f.warn(`Ecosystems ${x.unsupported.map(s=>`'${s}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const _=Da(e,D.name,{includeDev:!j});if(_.length===0){f.info(`No ${D.name} lockfile entries found. Run ${D.name} install first.`);return}if(!E){const s=j?"production-only packages":"installed packages";f.info(`Scanning ${String(_.length)} ${s}${g?" (offline)":""}…`)}const he=_.map(s=>({name:s.name,version:s.version})),ve=a?.security?.audit?.advisories?.bloom?.mode??"off";let G=[];if(ve!=="off")try{const s=await Va(e,{softFail:ve==="on"});if(s){if(G=za(s,he).map(p=>({name:p.name,version:p.version})),!E&&G.length>0){f.warn(`osv-bloom prefilter flagged ${String(G.length)} package${G.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const p=10;for(const u of G.slice(0,p))f.warn(` ${Ie("[bloom]")} ${u.name}@${u.version}`);G.length>p&&f.warn(` …and ${String(G.length-p)} more (full list in --format json output)`)}}else E||f.info(L("osv-bloom cache absent — skipping prefilter (run `vis advisories bloom sync` to enable)."))}catch(s){if(s instanceof Wa&&ve==="required"){const u=`${s.message} (security.audit.advisories.bloom.mode = "required")`;E?process.stderr.write(`${u}
305
+ ${i}`},"renderPnpmWorkspaceOverrides"),Ur=W((e,t,a,i)=>{const r=ca(e,t.length>0?t:void 0),n=t.length>0?JSON.parse(t):{};if(a==="package.json#pnpm.overrides"){const o=n.pnpm??{};o.overrides=i,n.pnpm=o}else a==="package.json#resolutions"?n.resolutions=i:n.overrides=i;return Wr(n,r)},"renderPackageJsonWithOverrides"),Hr=W((e,t,a)=>{const{filePath:i,surface:r}=Vt(e,a),n=_r(e,a),o=ae(i)?Ee(i):"",c=[],l={...n};for(const h of t.entries){const w=n[h.packageName];if(w===h.spec){c.push({...h,previousSpec:w,status:"unchanged"});continue}w===void 0?c.push({...h,status:"added"}):c.push({...h,previousSpec:w,status:"updated"}),l[h.packageName]=h.spec}const d=zr(l),m=c.some(h=>h.status!=="unchanged"),b=r==="pnpm-workspace.yaml"?Fr(o,d):Ur(i,o,r,d);return{changed:m,entries:c,filePath:i,nextContent:b,previousContent:o,surface:r}},"planOverrideWrite"),Gr=W(e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{Ct(t,e.nextContent),Zt(t,e.filePath)}catch(a){try{Xt(t)}catch{}throw a}return e},"applyOverridePlan"),Br=W(e=>{const t=new Map;for(const a of e){const i=a.vulnerability.fixedVersions[0];if(!i)continue;const r=T.coerce(i),n=r?`^${r.version}`:i;t.set(a.packageName,n)}return{entries:[...t.entries()].sort(([a],[i])=>a.localeCompare(i)).map(([a,i])=>({packageName:a,spec:i}))}},"buildOverridePlanFromFindings");var Kr=Object.defineProperty,N=j((e,t)=>Kr(e,"name",{value:t,configurable:!0}),"m");const qr={critical:Ie,high:jt,low:Rt,medium:je},qe=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),Jr=N(e=>{const t=(e??"npm").split(",").map(r=>r.trim()).filter(r=>r.length>0),a=t.length>0?t:["npm"],i=a.filter(r=>!qe.has(r.toLowerCase()));return{all:a,unsupported:i}},"parseEcosystems"),Yr={CRITICAL:Ie,HIGH:jt,LOW:Rt,MODERATE:je,UNKNOWN:L},Zr=N((e,t,a,i)=>{const r=Yr[a.severity]??L,n=i?` ${L("[acknowledged]")}`:"",o=a.fixedVersions??[],c=o.length>0?` (fix: ${o.join(", ")})`:"";return` ${r(a.severity)} ${a.id} — ${e}@${t}${n}
306
+ ${a.summary}${c}`},"formatVulnLine"),Xr=N((e,t)=>{const a=la(e),i=`${String(Math.round(e.score.overall*100))}%`,r=t?` ${L("[acknowledged]")}`:"",n=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return` ${i} ${a}@${e.version} (${pa(e.score.overall)}${n})${r}`},"formatSocketLine"),Qr=new Set(["aube","auto","vis"]),le=N(e=>e!==void 0&&Qr.has(e),"isAuditBackend"),en=N((e,t,a)=>{if(e!==void 0&&!le(e))throw new Error(`Invalid --backend value '${e}'. Expected one of: aube, auto, vis.`);const i=process.env.VIS_AUDIT_BACKEND;if(i!==void 0&&i!==""&&!le(i))throw new Error(`Invalid VIS_AUDIT_BACKEND value '${i}'. Expected one of: aube, auto, vis.`);const r=le(i)?i:void 0,n=le(t)?t:void 0,o=(le(e)?e:void 0)??r??n??"auto";return o==="aube"?"aube":o==="vis"?"vis":(a?.install?.backend??process.env.VIS_INSTALLER)==="aube"&&va("aube")!==null?"aube":"vis"},"resolveAuditBackend"),tn=N(e=>{if(e!==void 0)switch(e){case"critical":return"critical";case"high":return"high";case"low":return"low";case"medium":return"moderate";default:return e}},"mapSeverityToAube"),an=N((e,t,a)=>{const i=["audit"],r=tn(t.severity);r!==void 0&&i.push("--audit-level",r),(t.prodOnly===!0||t.prod===!0)&&i.push("--prod"),(t.json===!0||t.format==="json")&&i.push("--json");const n=t.fix===!0;t["fix-transitive"]===!0||t.fixTransitive===!0?i.push("--fix=override"):n&&i.push("--fix=update");const o=[];t.offline===!0&&o.push("--offline (aube has its own offline cache)"),(t.format==="sarif"||t.format==="csaf"||t.format==="cyclonedx"||t.format==="cyclonedx-vex"||t.format==="gitlab"||t.format==="junit")&&o.push(`--format=${String(t.format)} (only json/text is forwarded to aube)`),o.length>0&&f.warn(`Delegating to 'aube audit'. Skipping vis-only flags: ${o.join(", ")}`);const c=Yt("aube",i,{cwd:e,stdio:"inherit"});if(c.error){const{code:l}=c.error;return l==="ENOENT"?f.error("Backend 'aube' selected but the 'aube' binary was not found on PATH. Install aube or run with --backend vis."):f.error(`Failed to spawn aube: ${c.error.message}`),1}return c.status??1},"runAubeAudit"),rn=N(async(e,t,a,i)=>{if(en(t.backend,a?.security?.audit?.backend,a)==="aube"){process.exitCode=an(e,t,a);return}const r=t.severity??"low",n=t.format??"table",o=n==="sarif",c=n==="csaf",l=n==="cyclonedx-vex"||n==="cyclonedx",d=n==="gitlab",m=n==="junit",b=n==="json"||!!t.json,h=t.report,w=a?.security?.audit,y=a?.security?.policies,g=t.offline===void 0?!!w?.offlineByDefault:!!t.offline,$=t.db,x=Jr(t.ecosystem),R=!!t.prodOnly,M=t.failOn??y?.vulnerability?.failOn,fe=!!t.showFixes,me=!!t.showAccepted,Le=a?.security?.acceptedRisks,tt=y?.vulnerability?.usage,_t=t.noUsage?!1:t.usage===void 0?!!tt?.enabled:!!t.usage,E=b||o||c||l||d||m,at=t.explain,Me=at!==void 0,it=Me&&!o&&!c&&!l&&!d&&!m;if(Me&&g){f.error("`--explain` needs network access and cannot run in offline mode (--offline or security.audit.offlineByDefault)."),process.exitCode=1;return}Me&&!it&&f.warn(`\`--explain\` has no effect with --format=${n}; explanations are only rendered in table, json, and HTML output.`);const D=ka(e),C=ei(e,D.name);if(g){const s=$??Pa(e);if(!At(s)){const p=new mt(s);E?process.stderr.write(`${p.message}
307
+ `):f.error(p.message),process.exitCode=1;return}}!E&&(C.ignoredAdvisories.length>0||C.excludedPackages.length>0)&&f.info(`Loaded ${String(C.ignoredAdvisories.length)} ignored advisor${C.ignoredAdvisories.length===1?"y":"ies"} and ${String(C.excludedPackages.length)} excluded package${C.excludedPackages.length===1?"":"s"} from ${D.name} config.`),!E&&x.unsupported.length>0&&f.warn(`Ecosystems ${x.unsupported.map(s=>`'${s}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const _=Da(e,D.name,{includeDev:!R});if(_.length===0){f.info(`No ${D.name} lockfile entries found. Run ${D.name} install first.`);return}if(!E){const s=R?"production-only packages":"installed packages";f.info(`Scanning ${String(_.length)} ${s}${g?" (offline)":""}…`)}const he=_.map(s=>({name:s.name,version:s.version})),ve=a?.security?.audit?.advisories?.bloom?.mode??"off";let G=[];if(ve!=="off")try{const s=await Va(e,{softFail:ve==="on"});if(s){if(G=za(s,he).map(p=>({name:p.name,version:p.version})),!E&&G.length>0){f.warn(`osv-bloom prefilter flagged ${String(G.length)} package${G.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const p=10;for(const u of G.slice(0,p))f.warn(` ${Ie("[bloom]")} ${u.name}@${u.version}`);G.length>p&&f.warn(` …and ${String(G.length-p)} more (full list in --format json output)`)}}else E||f.info(L("osv-bloom cache absent — skipping prefilter (run `vis advisories bloom sync` to enable)."))}catch(s){if(s instanceof Wa&&ve==="required"){const u=`${s.message} (security.audit.advisories.bloom.mode = "required")`;E?process.stderr.write(`${u}
308
308
  `):f.error(u),process.exitCode=1;return}const p=s instanceof Error?s.message:String(s);if(ve==="required"){E?process.stderr.write(`osv-bloom prefilter failed: ${p}
309
- `):f.error(`osv-bloom prefilter failed: ${p}`),process.exitCode=1;return}E||f.warn(`osv-bloom prefilter failed (continuing): ${p}`)}const we=new Set;g?we.add("socket").add("deps-dev"):(gt("socket")&&we.add("socket"),gt("depsDev")&&we.add("deps-dev"));const Te=da(a?.security,{disabled:we,minimumScore:y?.score?.minimum}),Ve=Te.length>0,Ft=Te.map(s=>s.displayName).join(" + "),ye=y?.score?.minimum??ha,Z=La(e,D.name),Ut=[{id:"vulnerabilities",label:g?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...Ve?[{id:"security",label:`Supply-chain reports (${Ft})`}]:[]],F=Oa(Ut,{live:!E}),Ht=Date.now(),X=N(s=>{const p=Date.now()-s;return p>=1e3?`${(p/1e3).toFixed(1)}s`:`${String(Math.round(p))}ms`},"fmtElapsed");let ze,We;try{const s=Date.now(),p=Date.now();F.start("vulnerabilities"),Ve&&F.start("security");const u=g?Promise.resolve().then(()=>ht(he,{dbPath:$,ecosystem:x.all.find(v=>qe.has(v.toLowerCase()))??"npm",workspaceRoot:e})).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);if(F.finish("vulnerabilities","error",k),v instanceof mt)throw v;return new Map}):ga(he).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("vulnerabilities","error",k),new Map});[ze,We]=await Promise.all([u,Ve?ua(Te,he).then(v=>{let k=0,A=0;for(const se of v.values())k+=se.alerts.length,se.score.overall<ye&&(A+=1);const P=k+A;return F.finish("security",P>0?"warn":"ok",P>0?`${String(k)} alert${k===1?"":"s"}, ${String(A)} low-score · ${X(p)}`:`clean · ${X(p)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("security","error",k),new Map}):Promise.resolve(new Map)])}finally{F.stop()}b||f.info(L(`Scan completed in ${X(Ht)}`));const be=[];for(const s of _){if(ni(s.name,C))continue;const p=ze.get(s.name)??[],u=We.get(`${s.name}@${s.version}`),v=ut(s.name,s.version,Le),k=p.length>0,A=u?u.score.overall<ye:!1,P=u?u.alerts.length>0:!1;(k||A||P)&&be.push({acceptedRisk:v,name:s.name,socketReport:u,version:s.version,vulnerabilities:p})}if(g){const s=x.all.filter(p=>qe.has(p.toLowerCase())&&p.toLowerCase()!=="npm");for(const p of s){const u=Tt(p),v=Rr(e,u);if(v.length!==0){E||f.info(L(`Scanning ${String(v.length)} ${u} packages…`));try{const k=ht(v.map(A=>({name:A.name,version:A.version})),{dbPath:$,ecosystem:u,workspaceRoot:e});for(const A of v){const P=k.get(A.name)??[];P.length!==0&&be.push({acceptedRisk:ut(A.name,A.version,Le),name:A.name,version:A.version,vulnerabilities:P})}}catch(k){const A=k instanceof Error?k.message:String(k);f.warn(`Failed to scan ${u}: ${A}`)}}}}let I=be.filter(s=>{const p=s.vulnerabilities.some(k=>Ce(k.severity,r)),u=s.socketReport?.alerts.some(k=>Ce(k.severity==="medium"?"MODERATE":k.severity.toUpperCase(),r)),v=s.socketReport&&s.socketReport.score.overall<ye;return p||u||v});const Gt=t.policies,rt=[],O=await(async()=>{const s=Sa().map(P=>`'${P}'`).join(", "),p=Aa(Gt,P=>{rt.push(P);const se=`Unknown policy '${P}' — ignoring. Available: ${s}.`;E?process.stderr.write(`vis audit: ${se}
310
- `):f.warn(se)});if(p?.size===0)return[];const u=a?.security?.policies?.license,v=!!(u&&((u.allow?.length??0)>0||(u.deny?.length??0)>0)),k=p===void 0||p.has("license"),A=v&&k?Ta(e):void 0;return Na({manifestData:A,offline:g,osvFindings:ze,packageManager:D.name,packages:_,socketReports:We,workspaceRoot:e},"audit",{enabledPolicies:p,visConfig:a??{}})})();if(_t){const s=new Set(I.filter(u=>u.vulnerabilities.length>0).map(u=>u.name)),p=Wr({alwaysAssumeUsed:tt?.alwaysAssumeUsed,vulnerablePackages:s,workspaceRoot:e});I=I.filter(u=>u.vulnerabilities.length===0?!0:p.reachable.has(u.name)),E||f.info(L(`Reachability filter: ${String(p.reachable.size)}/${String(s.size)} vulnerable packages reachable (${String(p.filesScanned)} files scanned).`))}const nt=Ma(e,D.name),ot=nt?I.map(s=>{const p=lr(nt,{name:s.name,version:s.version});return{...s,dependencyPaths:p}}):I.map(s=>({...s,dependencyPaths:[]})),B=N(()=>ot.flatMap(s=>s.vulnerabilities.map(p=>({acknowledged:!!s.acceptedRisk||de(p.id,C,p.aliases),dependencyPaths:s.dependencyPaths,packageName:s.name,packageVersion:s.version,vulnerability:p}))),"findingsForReport"),st=!!t.fix,ct=!!t.fixTransitive,lt=!!t.yes,Bt=!!t.allowMajor;if(st||ct){const s=B().filter(p=>!p.acknowledged);if(st){const p=await pn({actionableFindings:s,allowMajor:Bt,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}if(ct){const p=await dn({actionableFindings:s,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}}const xe=new Map;if(it){const s=Ja(B().filter(u=>!u.acknowledged).map(u=>({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability})).sort(Et),at),p=await ai(s,a?.ai,{info:N(u=>{f.info(u)},"info"),warn:N(u=>{f.warn(u)},"warn")});for(const[u,v]of p)xe.set(u,v)}if(o){const s=Ji({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
311
- `),pe(I,C,t.exitCode,M,O);return}if(c){const s=Pi({findings:B(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
312
- `),pe(I,C,t.exitCode,M,O);return}if(l){const{packageJsons:s,workspace:p}=fa(e,a),u=ma(e,p,s),v=Ra({includeDev:!j,projectGraph:u,workspace:p,workspaceRoot:e}),k=Ti({bom:v,findings:B()});process.stdout.write(`${JSON.stringify(k,void 0,2)}
313
- `),pe(I,C,t.exitCode,M,O);return}if(d){const s=Ui({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
314
- `),pe(I,C,t.exitCode,M,O);return}if(m){const s=Bi({findings:B(),policyDecisions:O});process.stdout.write(s),pe(I,C,t.exitCode,M,O);return}const _e={informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},ke=pi({bloomHits:G,duplicates:Z,explanations:xe,filtered:ot,packagesScanned:_.length,policyDecisions:O,tool:_e,unknownPolicyTokens:rt,workspaceRoot:e});if(h){const s=Ii({findings:B().map(u=>{const v=xe.get(Oe({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability}));return v?{...u,explanation:v}:u}),packagesScanned:_.length,policyDecisions:O,report:ke,tool:{name:_e.name,version:_e.version},workspaceRoot:e}),p=ea(e,h);Ct(p,s,"utf8"),E||f.success(`HTML report written to ${p}`)}if(b){process.stdout.write(`${JSON.stringify(ke,void 0,2)}
309
+ `):f.error(`osv-bloom prefilter failed: ${p}`),process.exitCode=1;return}E||f.warn(`osv-bloom prefilter failed (continuing): ${p}`)}const we=new Set;g?we.add("socket").add("deps-dev"):(gt("socket")&&we.add("socket"),gt("depsDev")&&we.add("deps-dev"));const Te=da(a?.security,{disabled:we,minimumScore:y?.score?.minimum}),Ve=Te.length>0,Ft=Te.map(s=>s.displayName).join(" + "),ye=y?.score?.minimum??ha,Z=La(e,D.name),Ut=[{id:"vulnerabilities",label:g?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...Ve?[{id:"security",label:`Supply-chain reports (${Ft})`}]:[]],F=Oa(Ut,{live:!E}),Ht=Date.now(),X=N(s=>{const p=Date.now()-s;return p>=1e3?`${(p/1e3).toFixed(1)}s`:`${String(Math.round(p))}ms`},"fmtElapsed");let ze,We;try{const s=Date.now(),p=Date.now();F.start("vulnerabilities"),Ve&&F.start("security");const u=g?Promise.resolve().then(()=>ht(he,{dbPath:$,ecosystem:x.all.find(v=>qe.has(v.toLowerCase()))??"npm",workspaceRoot:e})).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);if(F.finish("vulnerabilities","error",k),v instanceof mt)throw v;return new Map}):ga(he).then(v=>{let k=0;for(const A of v.values())k+=A.length;return F.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${X(s)}`:`none found · ${X(s)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("vulnerabilities","error",k),new Map});[ze,We]=await Promise.all([u,Ve?ua(Te,he).then(v=>{let k=0,A=0;for(const se of v.values())k+=se.alerts.length,se.score.overall<ye&&(A+=1);const P=k+A;return F.finish("security",P>0?"warn":"ok",P>0?`${String(k)} alert${k===1?"":"s"}, ${String(A)} low-score · ${X(p)}`:`clean · ${X(p)}`),v}).catch(v=>{const k=v instanceof Error?v.message:String(v);return F.finish("security","error",k),new Map}):Promise.resolve(new Map)])}finally{F.stop()}b||f.info(L(`Scan completed in ${X(Ht)}`));const be=[];for(const s of _){if(ti(s.name,C))continue;const p=ze.get(s.name)??[],u=We.get(`${s.name}@${s.version}`),v=ut(s.name,s.version,Le),k=p.length>0,A=u?u.score.overall<ye:!1,P=u?u.alerts.length>0:!1;(k||A||P)&&be.push({acceptedRisk:v,name:s.name,socketReport:u,version:s.version,vulnerabilities:p})}if(g){const s=x.all.filter(p=>qe.has(p.toLowerCase())&&p.toLowerCase()!=="npm");for(const p of s){const u=Tt(p),v=Ar(e,u);if(v.length!==0){E||f.info(L(`Scanning ${String(v.length)} ${u} packages…`));try{const k=ht(v.map(A=>({name:A.name,version:A.version})),{dbPath:$,ecosystem:u,workspaceRoot:e});for(const A of v){const P=k.get(A.name)??[];P.length!==0&&be.push({acceptedRisk:ut(A.name,A.version,Le),name:A.name,version:A.version,vulnerabilities:P})}}catch(k){const A=k instanceof Error?k.message:String(k);f.warn(`Failed to scan ${u}: ${A}`)}}}}let I=be.filter(s=>{const p=s.vulnerabilities.some(k=>Ce(k.severity,r)),u=s.socketReport?.alerts.some(k=>Ce(k.severity==="medium"?"MODERATE":k.severity.toUpperCase(),r)),v=s.socketReport&&s.socketReport.score.overall<ye;return p||u||v});const Gt=t.policies,rt=[],O=await(async()=>{const s=Sa().map(P=>`'${P}'`).join(", "),p=Aa(Gt,P=>{rt.push(P);const se=`Unknown policy '${P}' — ignoring. Available: ${s}.`;E?process.stderr.write(`vis audit: ${se}
310
+ `):f.warn(se)});if(p?.size===0)return[];const u=a?.security?.policies?.license,v=!!(u&&((u.allow?.length??0)>0||(u.deny?.length??0)>0)),k=p===void 0||p.has("license"),A=v&&k?Ta(e):void 0;return Na({manifestData:A,offline:g,osvFindings:ze,packageManager:D.name,packages:_,socketReports:We,workspaceRoot:e},"audit",{enabledPolicies:p,visConfig:a??{}})})();if(_t){const s=new Set(I.filter(u=>u.vulnerabilities.length>0).map(u=>u.name)),p=Mr({alwaysAssumeUsed:tt?.alwaysAssumeUsed,vulnerablePackages:s,workspaceRoot:e});I=I.filter(u=>u.vulnerabilities.length===0?!0:p.reachable.has(u.name)),E||f.info(L(`Reachability filter: ${String(p.reachable.size)}/${String(s.size)} vulnerable packages reachable (${String(p.filesScanned)} files scanned).`))}const nt=Ma(e,D.name),ot=nt?I.map(s=>{const p=nr(nt,{name:s.name,version:s.version});return{...s,dependencyPaths:p}}):I.map(s=>({...s,dependencyPaths:[]})),B=N(()=>ot.flatMap(s=>s.vulnerabilities.map(p=>({acknowledged:!!s.acceptedRisk||de(p.id,C,p.aliases),dependencyPaths:s.dependencyPaths,packageName:s.name,packageVersion:s.version,vulnerability:p}))),"findingsForReport"),st=!!t.fix,ct=!!t.fixTransitive,lt=!!t.yes,Bt=!!t.allowMajor;if(st||ct){const s=B().filter(p=>!p.acknowledged);if(st){const p=await on({actionableFindings:s,allowMajor:Bt,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}if(ct){const p=await sn({actionableFindings:s,pm:D,visConfig:a,workspaceRoot:e,yes:lt});if(p!==void 0){process.exitCode=p;return}}}const xe=new Map;if(it){const s=Ga(B().filter(u=>!u.acknowledged).map(u=>({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability})).sort(Et),at),p=await Xa(s,a?.ai,{info:N(u=>{f.info(u)},"info"),warn:N(u=>{f.warn(u)},"warn")});for(const[u,v]of p)xe.set(u,v)}if(o){const s=Gi({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
311
+ `),pe(I,C,t.exitCode,M,O);return}if(c){const s=ji({findings:B(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
312
+ `),pe(I,C,t.exitCode,M,O);return}if(l){const{packageJsons:s,workspace:p}=fa(e,a),u=ma(e,p,s),v=ja({includeDev:!R,projectGraph:u,workspace:p,workspaceRoot:e}),k=Pi({bom:v,findings:B()});process.stdout.write(`${JSON.stringify(k,void 0,2)}
313
+ `),pe(I,C,t.exitCode,M,O);return}if(d){const s=zi({findings:B(),policyDecisions:O,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:e});process.stdout.write(`${JSON.stringify(s,void 0,2)}
314
+ `),pe(I,C,t.exitCode,M,O);return}if(m){const s=Fi({findings:B(),policyDecisions:O});process.stdout.write(s),pe(I,C,t.exitCode,M,O);return}const _e={informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},ke=oi({bloomHits:G,duplicates:Z,explanations:xe,filtered:ot,packagesScanned:_.length,policyDecisions:O,tool:_e,unknownPolicyTokens:rt,workspaceRoot:e});if(h){const s=Ni({findings:B().map(u=>{const v=xe.get(Oe({packageName:u.packageName,packageVersion:u.packageVersion,vulnerability:u.vulnerability}));return v?{...u,explanation:v}:u}),packagesScanned:_.length,policyDecisions:O,report:ke,tool:{name:_e.name,version:_e.version},workspaceRoot:e}),p=ea(e,h);Ct(p,s,"utf8"),E||f.success(`HTML report written to ${p}`)}if(b){process.stdout.write(`${JSON.stringify(ke,void 0,2)}
315
315
  `),t.exitCode&&(ke.summary.issues>0||ke.summary.policyBlocks>0)&&(process.exitCode=1),Je(I,C,M,O);return}if(I.length===0){f.success(`No security issues found across ${String(_.length)} packages.`);return}const ne={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const s of I)for(const p of s.vulnerabilities)if(Ce(p.severity,r)){const u=p.severity==="UNKNOWN"?"LOW":p.severity;ne[u]?.push({entry:s,vuln:p})}let $e=0,Fe=0;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=ne[s];if(!(!p||p.length===0)){f.info(`
316
- ── ${s} (${String(p.length)}) ──`);for(const{entry:u,vuln:v}of p){const k=!!u.acceptedRisk||de(v.id,C,v.aliases);if(k&&(Fe++,!me))continue;$e++,f.info(tn(u.name,u.version,v,k)),fe&&(v.fixedVersions??[]).length>0&&f.notice(` Fix: update to ${v.fixedVersions.at(-1)}`);const A=xe.get(Oe({packageName:u.name,packageVersion:u.version,vulnerability:v}));if(A)for(const P of A.split(`
316
+ ── ${s} (${String(p.length)}) ──`);for(const{entry:u,vuln:v}of p){const k=!!u.acceptedRisk||de(v.id,C,v.aliases);if(k&&(Fe++,!me))continue;$e++,f.info(Zr(u.name,u.version,v,k)),fe&&(v.fixedVersions??[]).length>0&&f.notice(` Fix: update to ${v.fixedVersions.at(-1)}`);const A=xe.get(Oe({packageName:u.name,packageVersion:u.version,vulnerability:v}));if(A)for(const P of A.split(`
317
317
  `))f.info(` ${P}`)}}}const oe=I.filter(s=>s.socketReport&&(s.socketReport.score.overall<ye||s.socketReport.alerts.length>0));if(oe.length>0){f.info(`
318
- ── Socket.dev Supply Chain (${String(oe.length)}) ──`);for(const s of oe){if(!s.socketReport)continue;const p=!!s.acceptedRisk;if(!(p&&!me)){f.info(an(s.socketReport,p));for(const u of s.socketReport.alerts){const v=Xr[u.severity]??L;f.info(` ${v(`[${u.severity.toUpperCase()}]`)} ${u.type} — ${u.category}`)}}}}if(Z.length>0){f.info(`
319
- ── Duplicate Dependencies (${String(Z.length)}) ──`);for(const s of Z){const p=s.versions.join(", ");f.info(` ${s.name} — ${String(s.versions.length)} versions: ${Re(p)}`)}}const pt=new Set;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=ne[s];if(p)for(const{vuln:u}of p)pt.add(u.id)}const Ue=O.filter(s=>{if(s.policy!=="vulnerability")return!0;const p=typeof s.data?.advisoryId=="string"?s.data.advisoryId:void 0;return s.severity==="block"&&p!==void 0&&!pt.has(p)});if(Ue.length>0){f.info(`
320
- ── Policy Decisions (${String(Ue.length)}) ──`);for(const s of Ue){const p=!!s.acceptedRisk;if(p&&!me)continue;const u=s.severity==="block"?Ie:s.severity==="warn"?Re:L,v=p?` ${L("[acknowledged]")}`:"";f.info(` ${u(`[${s.severity}]`)} ${s.policy} — ${s.reason}${v}`)}}const Se=N(s=>!!s.acceptedRisk||s.vulnerabilities.length>0&&s.vulnerabilities.every(p=>de(p.id,C,p.aliases)),"isEntryExcluded"),dt=I.filter(s=>!Se(s)).length;if(f.info(""),f.info("─ Audit Summary"),f.info(` ${String(_.length)} packages scanned`),C.ignoredAdvisories.length>0&&f.info(` ${String(C.ignoredAdvisories.length)} ${D.name} audit exclusion${C.ignoredAdvisories.length===1?"":"s"} applied`),$e>0){const s=ne.CRITICAL?.filter(u=>!Se(u.entry)).length??0,p=ne.HIGH?.filter(u=>!Se(u.entry)).length??0;f.error(` ${String($e)} vulnerabilit${$e===1?"y":"ies"} found`),s>0&&f.error(` ${String(s)} critical`),p>0&&f.warn(` ${String(p)} high`)}else f.success(" No vulnerabilities found");if(oe.length>0){const s=oe.filter(p=>!Se(p)).length;f.warn(` ${String(s)} package${s===1?"":"s"} with Socket.dev supply chain issues`)}Z.length>0&&(f.warn(` ${String(Z.length)} package${Z.length===1?"":"s"} with duplicate versions`),f.notice(" Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const Ae=O.filter(s=>s.severity==="block"&&!s.acceptedRisk);if(Ae.length>0&&f.error(` ${String(Ae.length)} policy block${Ae.length===1?"":"s"}`),Fe>0&&(f.info(` ${String(Fe)} acknowledged (accepted risks)`),me||f.notice(" Use --show-accepted to see acknowledged issues.")),dt===0&&f.success(`
321
- All issues are acknowledged. No action required.`),t.sync&&Le){const s=new Set;for(const u of be)if(u.acceptedRisk){for(const v of u.vulnerabilities)if((v.id.startsWith("CVE-")||v.id.startsWith("GHSA-"))&&s.add(v.id),v.aliases)for(const k of v.aliases)(k.startsWith("CVE-")||k.startsWith("GHSA-"))&&s.add(k)}const p=[...s];if(p.length>0){f.info("");const u=oi(D.name,e,p);for(const v of u)f.success(` ${v}`)}else f.info(`
322
- No advisory IDs to sync to native PM config.`)}t.exitCode&&(dt>0||Ae.length>0)&&(process.exitCode=1),Je(I,C,M,O)},"executeAudit"),zt=N(e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),"hasBlockingPolicy"),Je=N((e,t,a,i)=>{zt(i)&&(process.exitCode=1),a&&e.some(r=>r.vulnerabilities.some(n=>r.acceptedRisk||de(n.id,t,n.aliases)?!1:Ce(n.severity,a)))&&(process.exitCode=1)},"applyFailOnGate"),pe=N((e,t,a,i,r)=>{a&&(e.filter(n=>!n.acceptedRisk&&n.vulnerabilities.some(o=>!de(o.id,t,o.aliases))).length>0||zt(r))&&(process.exitCode=1),Je(e,t,i,r)},"applyExitGate"),Wt=N(async(e,t)=>{if(!process.stdin.isTTY)return t;const a=Qt({input:process.stdin,output:process.stderr});try{const i=t?"[Y/n]":"[y/N]",r=await new Promise(n=>{a.question(`${e} ${L(i)} `,o=>{n(o.trim())})});return r.length===0?t:r.toLowerCase().startsWith("y")}finally{a.close()}},"promptYesNo"),ln=N(e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun","isTransitiveOnlyPm"),pn=N(async e=>{const t=Mt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(f.info(""),f.info("─ Apply (direct deps)"),f.info(ar(t)),t.apply.length===0){f.info("Nothing to apply for direct deps.");return}if(Ge&&!e.yes)return f.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await Wt("Apply these direct-dep upgrades?",!1))return f.info("Aborted — no changes made."),0;const a=new Map;for(const i of t.apply){const r=i.workspaceName??"",n=a.get(r);n?n.push(i):a.set(r,[i])}for(const[i,r]of a){const n=r.map(l=>`${l.packageName}@${l.targetSpec}`),o=i.length>0?[i]:[];f.info(`Running ${e.pm.name} add ${n.join(" ")}${i.length>0?` --filter ${i}`:""}`);const c=$a(e.pm,{exact:!1,filter:o,global:!1,optional:!1,packages:n,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return f.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return f.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},"runApplyDirect"),dn=N(async e=>{if(!ln(e.pm.name))return f.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(Ge&&(!e.yes||!t))return f.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const a=new Set(Mt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(o=>o.packageName)),i=e.actionableFindings.filter(o=>!a.has(o.packageName)),r=Yr(i);if(r.entries.length===0){f.info(""),f.info("─ Apply transitive (overrides)"),f.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const n=qr(e.workspaceRoot,r,{name:e.pm.name,version:e.pm.version});f.info(""),f.info("─ Apply transitive (overrides)"),f.info(`Target: ${n.filePath} (${n.surface})`);for(const o of n.entries){const c=o.status==="added"?"+":o.status==="updated"?"~":"·",l=o.previousSpec?` (was ${o.previousSpec})`:"";f.info(` ${c} ${o.packageName}: ${o.spec}${l}`)}if(!n.changed){f.info("No changes — overrides already match the plan.");return}if(!e.yes){if(Ge)return 1;if(!await Wt("Write these overrides?",!1))return f.info("Aborted — no changes made."),0}try{Jr(n)}catch(o){const c=o instanceof Error?o.message:String(o);return f.error(`Failed to write overrides: ${c}`),1}return f.success(`Wrote ${String(n.entries.filter(o=>o.status!=="unchanged").length)} override${n.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},"runApplyTransitive"),Rn=N(async({logger:e,options:t,visConfig:a,workspaceRoot:i})=>{if(!i)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await cn(i,t,a,e)},"execute");export{Rn as default,on as mapSeverityToAube,nn as resolveAuditBackend};
318
+ ── Socket.dev Supply Chain (${String(oe.length)}) ──`);for(const s of oe){if(!s.socketReport)continue;const p=!!s.acceptedRisk;if(!(p&&!me)){f.info(Xr(s.socketReport,p));for(const u of s.socketReport.alerts){const v=qr[u.severity]??L;f.info(` ${v(`[${u.severity.toUpperCase()}]`)} ${u.type} — ${u.category}`)}}}}if(Z.length>0){f.info(`
319
+ ── Duplicate Dependencies (${String(Z.length)}) ──`);for(const s of Z){const p=s.versions.join(", ");f.info(` ${s.name} — ${String(s.versions.length)} versions: ${je(p)}`)}}const pt=new Set;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=ne[s];if(p)for(const{vuln:u}of p)pt.add(u.id)}const Ue=O.filter(s=>{if(s.policy!=="vulnerability")return!0;const p=typeof s.data?.advisoryId=="string"?s.data.advisoryId:void 0;return s.severity==="block"&&p!==void 0&&!pt.has(p)});if(Ue.length>0){f.info(`
320
+ ── Policy Decisions (${String(Ue.length)}) ──`);for(const s of Ue){const p=!!s.acceptedRisk;if(p&&!me)continue;const u=s.severity==="block"?Ie:s.severity==="warn"?je:L,v=p?` ${L("[acknowledged]")}`:"";f.info(` ${u(`[${s.severity}]`)} ${s.policy} — ${s.reason}${v}`)}}const Se=N(s=>!!s.acceptedRisk||s.vulnerabilities.length>0&&s.vulnerabilities.every(p=>de(p.id,C,p.aliases)),"isEntryExcluded"),dt=I.filter(s=>!Se(s)).length;if(f.info(""),f.info("─ Audit Summary"),f.info(` ${String(_.length)} packages scanned`),C.ignoredAdvisories.length>0&&f.info(` ${String(C.ignoredAdvisories.length)} ${D.name} audit exclusion${C.ignoredAdvisories.length===1?"":"s"} applied`),$e>0){const s=ne.CRITICAL?.filter(u=>!Se(u.entry)).length??0,p=ne.HIGH?.filter(u=>!Se(u.entry)).length??0;f.error(` ${String($e)} vulnerabilit${$e===1?"y":"ies"} found`),s>0&&f.error(` ${String(s)} critical`),p>0&&f.warn(` ${String(p)} high`)}else f.success(" No vulnerabilities found");if(oe.length>0){const s=oe.filter(p=>!Se(p)).length;f.warn(` ${String(s)} package${s===1?"":"s"} with Socket.dev supply chain issues`)}Z.length>0&&(f.warn(` ${String(Z.length)} package${Z.length===1?"":"s"} with duplicate versions`),f.notice(" Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const Ae=O.filter(s=>s.severity==="block"&&!s.acceptedRisk);if(Ae.length>0&&f.error(` ${String(Ae.length)} policy block${Ae.length===1?"":"s"}`),Fe>0&&(f.info(` ${String(Fe)} acknowledged (accepted risks)`),me||f.notice(" Use --show-accepted to see acknowledged issues.")),dt===0&&f.success(`
321
+ All issues are acknowledged. No action required.`),t.sync&&Le){const s=new Set;for(const u of be)if(u.acceptedRisk){for(const v of u.vulnerabilities)if((v.id.startsWith("CVE-")||v.id.startsWith("GHSA-"))&&s.add(v.id),v.aliases)for(const k of v.aliases)(k.startsWith("CVE-")||k.startsWith("GHSA-"))&&s.add(k)}const p=[...s];if(p.length>0){f.info("");const u=ai(D.name,e,p);for(const v of u)f.success(` ${v}`)}else f.info(`
322
+ No advisory IDs to sync to native PM config.`)}t.exitCode&&(dt>0||Ae.length>0)&&(process.exitCode=1),Je(I,C,M,O)},"executeAudit"),zt=N(e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),"hasBlockingPolicy"),Je=N((e,t,a,i)=>{zt(i)&&(process.exitCode=1),a&&e.some(r=>r.vulnerabilities.some(n=>r.acceptedRisk||de(n.id,t,n.aliases)?!1:Ce(n.severity,a)))&&(process.exitCode=1)},"applyFailOnGate"),pe=N((e,t,a,i,r)=>{a&&(e.filter(n=>!n.acceptedRisk&&n.vulnerabilities.some(o=>!de(o.id,t,o.aliases))).length>0||zt(r))&&(process.exitCode=1),Je(e,t,i,r)},"applyExitGate"),Wt=N(async(e,t)=>{if(!process.stdin.isTTY)return t;const a=Qt({input:process.stdin,output:process.stderr});try{const i=t?"[Y/n]":"[y/N]",r=await new Promise(n=>{a.question(`${e} ${L(i)} `,o=>{n(o.trim())})});return r.length===0?t:r.toLowerCase().startsWith("y")}finally{a.close()}},"promptYesNo"),nn=N(e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun","isTransitiveOnlyPm"),on=N(async e=>{const t=Mt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(f.info(""),f.info("─ Apply (direct deps)"),f.info(Xi(t)),t.apply.length===0){f.info("Nothing to apply for direct deps.");return}if(Ge&&!e.yes)return f.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await Wt("Apply these direct-dep upgrades?",!1))return f.info("Aborted — no changes made."),0;const a=new Map;for(const i of t.apply){const r=i.workspaceName??"",n=a.get(r);n?n.push(i):a.set(r,[i])}for(const[i,r]of a){const n=r.map(l=>`${l.packageName}@${l.targetSpec}`),o=i.length>0?[i]:[];f.info(`Running ${e.pm.name} add ${n.join(" ")}${i.length>0?` --filter ${i}`:""}`);const c=$a(e.pm,{exact:!1,filter:o,global:!1,optional:!1,packages:n,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return f.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return f.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},"runApplyDirect"),sn=N(async e=>{if(!nn(e.pm.name))return f.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(Ge&&(!e.yes||!t))return f.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const a=new Set(Mt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(o=>o.packageName)),i=e.actionableFindings.filter(o=>!a.has(o.packageName)),r=Br(i);if(r.entries.length===0){f.info(""),f.info("─ Apply transitive (overrides)"),f.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const n=Hr(e.workspaceRoot,r,{name:e.pm.name,version:e.pm.version});f.info(""),f.info("─ Apply transitive (overrides)"),f.info(`Target: ${n.filePath} (${n.surface})`);for(const o of n.entries){const c=o.status==="added"?"+":o.status==="updated"?"~":"·",l=o.previousSpec?` (was ${o.previousSpec})`:"";f.info(` ${c} ${o.packageName}: ${o.spec}${l}`)}if(!n.changed){f.info("No changes — overrides already match the plan.");return}if(!e.yes){if(Ge)return 1;if(!await Wt("Write these overrides?",!1))return f.info("Aborted — no changes made."),0}try{Gr(n)}catch(o){const c=o instanceof Error?o.message:String(o);return f.error(`Failed to write overrides: ${c}`),1}return f.success(`Wrote ${String(n.entries.filter(o=>o.status!=="unchanged").length)} override${n.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},"runApplyTransitive"),An=N(async({logger:e,options:t,visConfig:a,workspaceRoot:i})=>{if(!i)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await rn(i,t,a,e)},"execute");export{An as default,tn as mapSeverityToAube,en as resolveAuditBackend};