@visulima/vis 1.0.0-alpha.40 → 1.0.0-alpha.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/CHANGELOG.md +41 -0
  2. package/LICENSE.md +265 -35
  3. package/dist/bin.js +1 -1
  4. package/dist/binx.js +2 -2
  5. package/dist/config/index.d.ts +19 -1
  6. package/dist/config/index.js +1 -1
  7. package/dist/packem_chunks/bloom-status.js +1 -1
  8. package/dist/packem_chunks/bloom-sync.js +1 -1
  9. package/dist/packem_chunks/cli-exec.js +1 -0
  10. package/dist/packem_chunks/{bin.js → cli-main.js} +282 -274
  11. package/dist/packem_chunks/config.js +8 -11
  12. package/dist/packem_chunks/devtools.js +1 -78
  13. package/dist/packem_chunks/dispatch.js +4 -0
  14. package/dist/packem_chunks/doctor-probe.js +1 -1
  15. package/dist/packem_chunks/fix.js +1 -1
  16. package/dist/packem_chunks/handler.js +1 -1
  17. package/dist/packem_chunks/handler10.js +1 -1
  18. package/dist/packem_chunks/handler11.js +1 -1
  19. package/dist/packem_chunks/handler12.js +1 -1
  20. package/dist/packem_chunks/handler13.js +3 -3
  21. package/dist/packem_chunks/handler14.js +1 -1
  22. package/dist/packem_chunks/handler15.js +1 -1
  23. package/dist/packem_chunks/handler16.js +1 -1
  24. package/dist/packem_chunks/handler17.js +1 -1
  25. package/dist/packem_chunks/handler18.js +1 -1
  26. package/dist/packem_chunks/handler19.js +1 -1
  27. package/dist/packem_chunks/handler2.js +1 -4
  28. package/dist/packem_chunks/handler20.js +1 -1
  29. package/dist/packem_chunks/handler21.js +1 -1
  30. package/dist/packem_chunks/handler22.js +2 -2
  31. package/dist/packem_chunks/handler23.js +5 -1
  32. package/dist/packem_chunks/handler24.js +1 -1
  33. package/dist/packem_chunks/handler25.js +1 -1
  34. package/dist/packem_chunks/handler26.js +1 -5
  35. package/dist/packem_chunks/handler27.js +5 -1
  36. package/dist/packem_chunks/handler28.js +1 -3
  37. package/dist/packem_chunks/handler29.js +3 -1
  38. package/dist/packem_chunks/handler3.js +1 -4
  39. package/dist/packem_chunks/handler30.js +1 -2
  40. package/dist/packem_chunks/handler31.js +1 -2
  41. package/dist/packem_chunks/handler32.js +2 -2
  42. package/dist/packem_chunks/handler33.js +2 -3
  43. package/dist/packem_chunks/handler34.js +2 -6
  44. package/dist/packem_chunks/handler35.js +3 -1
  45. package/dist/packem_chunks/handler36.js +6 -42
  46. package/dist/packem_chunks/handler37.js +1 -8
  47. package/dist/packem_chunks/handler38.js +42 -9
  48. package/dist/packem_chunks/handler39.js +7 -74
  49. package/dist/packem_chunks/handler4.js +4 -6
  50. package/dist/packem_chunks/handler40.js +9 -5
  51. package/dist/packem_chunks/handler41.js +75 -4
  52. package/dist/packem_chunks/handler42.js +5 -3
  53. package/dist/packem_chunks/handler43.js +4 -2
  54. package/dist/packem_chunks/handler44.js +3 -1
  55. package/dist/packem_chunks/handler45.js +2 -1
  56. package/dist/packem_chunks/handler46.js +1 -1
  57. package/dist/packem_chunks/handler47.js +1 -3
  58. package/dist/packem_chunks/handler48.js +1 -1
  59. package/dist/packem_chunks/handler49.js +3 -7
  60. package/dist/packem_chunks/handler5.js +4 -8
  61. package/dist/packem_chunks/handler50.js +1 -33
  62. package/dist/packem_chunks/handler51.js +7 -3
  63. package/dist/packem_chunks/handler52.js +33 -8
  64. package/dist/packem_chunks/handler53.js +3 -4
  65. package/dist/packem_chunks/handler54.js +8 -1
  66. package/dist/packem_chunks/handler55.js +4 -12
  67. package/dist/packem_chunks/handler56.js +1 -7
  68. package/dist/packem_chunks/handler57.js +12 -5
  69. package/dist/packem_chunks/handler58.js +5 -11
  70. package/dist/packem_chunks/handler59.js +11 -3
  71. package/dist/packem_chunks/handler6.js +6 -1
  72. package/dist/packem_chunks/handler60.js +3 -22
  73. package/dist/packem_chunks/handler61.js +21 -60
  74. package/dist/packem_chunks/handler62.js +61 -3
  75. package/dist/packem_chunks/handler63.js +3 -6
  76. package/dist/packem_chunks/handler64.js +6 -708
  77. package/dist/packem_chunks/handler65.js +8 -23
  78. package/dist/packem_chunks/handler66.js +24 -25
  79. package/dist/packem_chunks/handler67.js +25 -153
  80. package/dist/packem_chunks/handler68.js +153 -10
  81. package/dist/packem_chunks/handler69.js +10 -24
  82. package/dist/packem_chunks/handler7.js +8 -1
  83. package/dist/packem_chunks/handler70.js +24 -322
  84. package/dist/packem_chunks/handler71.js +322 -48
  85. package/dist/packem_chunks/handler72.js +700 -19
  86. package/dist/packem_chunks/handler73.js +48 -3
  87. package/dist/packem_chunks/handler74.js +21 -184
  88. package/dist/packem_chunks/handler75.js +3 -38
  89. package/dist/packem_chunks/handler76.js +190 -0
  90. package/dist/packem_chunks/handler77.js +38 -0
  91. package/dist/packem_chunks/handler8.js +1 -1
  92. package/dist/packem_chunks/handler9.js +1 -1
  93. package/dist/packem_chunks/heal-accept.js +1 -1
  94. package/dist/packem_chunks/heal.js +1 -1
  95. package/dist/packem_chunks/help-command.js +4 -4
  96. package/dist/packem_chunks/index2.js +1 -1
  97. package/dist/packem_chunks/index3.js +135 -0
  98. package/dist/packem_chunks/index4.js +74 -0
  99. package/dist/packem_chunks/keys-refresh.js +1 -1
  100. package/dist/packem_chunks/lean.js +4 -0
  101. package/dist/packem_chunks/list.js +1 -1
  102. package/dist/packem_chunks/loader.js +1 -1
  103. package/dist/packem_chunks/loader2.js +1 -1
  104. package/dist/packem_chunks/orchestrator.js +3 -3
  105. package/dist/packem_chunks/prompts.js +1 -1
  106. package/dist/packem_chunks/prune.js +1 -1
  107. package/dist/packem_chunks/registry.js +2 -2
  108. package/dist/packem_chunks/run.js +1 -1
  109. package/dist/packem_chunks/shell-runner.js +1 -1
  110. package/dist/packem_chunks/status.js +1 -1
  111. package/dist/packem_chunks/sync.js +1 -1
  112. package/dist/packem_chunks/sync2.js +1 -1
  113. package/dist/packem_chunks/tar.js +1 -1
  114. package/dist/packem_chunks/tripwire.js +1 -1
  115. package/dist/packem_chunks/ts-loader.js +2 -0
  116. package/dist/packem_chunks/verify-lockfile.js +1 -1
  117. package/dist/packem_chunks/version-resolver.js +2 -2
  118. package/dist/packem_shared/CONFIG_FILES-MsOntfYT.js +1 -0
  119. package/dist/packem_shared/{Table-CcVkyULl-B_ef6zfS.js → Table-CcVkyULl-DLWu6XHL.js} +25 -26
  120. package/dist/packem_shared/{advisories-DLeO5KMN.js → advisories-aiDtubZQ.js} +1 -1
  121. package/dist/packem_shared/{affected-shas-cVnX8-zs.js → affected-shas-C1XuRlvo.js} +1 -1
  122. package/dist/packem_shared/{ai-analysis-BUeX2J2H.js → ai-analysis-CubpCxZJ.js} +4 -4
  123. package/dist/packem_shared/{ai-fix-9Vzlp6XU.js → ai-fix-Btd5AnSr.js} +2 -2
  124. package/dist/packem_shared/augment-8fIWWGSc.js +3 -0
  125. package/dist/packem_shared/bin-CnDBuLh3.js +2 -0
  126. package/dist/packem_shared/build-scripts-Doxce2VM.js +1 -0
  127. package/dist/packem_shared/command-runtime-RiCMa2C8.js +1 -0
  128. package/dist/packem_shared/compile-cache-B_Vf_WxT.js +3 -0
  129. package/dist/packem_shared/{cyclonedx-kYozDyxp.js → cyclonedx-NUJ9R2GQ.js} +1 -1
  130. package/dist/packem_shared/dependency-scan-B0HV_qeB.js +1 -0
  131. package/dist/packem_shared/{docker-BMLrNtWm.js → docker-DKlF-gk3.js} +1 -1
  132. package/dist/packem_shared/failure-log-C7r6UZLP.js +2 -0
  133. package/dist/packem_shared/{giget-DHY1sQZC.js → giget-DVTFJlbR.js} +2 -2
  134. package/dist/packem_shared/glob-fqg4KepW-7Bs2kZuM.js +1 -0
  135. package/dist/packem_shared/index-BKFEWXU_.js +1 -0
  136. package/dist/packem_shared/index-CPhv-r4c.js +28 -0
  137. package/dist/packem_shared/{index-CgcF6_wo.js → index-Cb4x6lWY.js} +1 -1
  138. package/dist/packem_shared/index-DjTWo3sH.js +1 -0
  139. package/dist/packem_shared/{index-BDmTbWX1.js → index-OQZQyN5R.js} +1 -1
  140. package/dist/packem_shared/index.server-J83sowC4.js +2 -0
  141. package/dist/packem_shared/{lifecycle-4z9hHE5b.js → lifecycle-D5roTh0a.js} +2 -2
  142. package/dist/packem_shared/{lockfile-C8Q1_4KK.js → lockfile-DIGyLfmF.js} +1 -1
  143. package/dist/packem_shared/main-B3juSU5z.js +1 -0
  144. package/dist/packem_shared/manifests-pLwnVmCN.js +1 -0
  145. package/dist/packem_shared/{min-release-age-D1alDE3K.js → min-release-age-pUAqTiv3.js} +3 -3
  146. package/dist/packem_shared/missing-package-json-DhYzuKhD.js +1 -0
  147. package/dist/packem_shared/{native-config-sync-BEkJW7g3.js → native-config-sync-4K9wWTj5.js} +1 -1
  148. package/dist/packem_shared/{osv-bloom-B03tUWf3.js → osv-bloom-OuTfu_LE.js} +1 -1
  149. package/dist/packem_shared/{pm-runner-OGResYrA.js → pm-runner-Dws_Bw1y.js} +1 -1
  150. package/dist/packem_shared/provenance-C0P-UYOM.js +1 -0
  151. package/dist/packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js +4 -0
  152. package/dist/packem_shared/registry-keys-D4chF-Wj.js +1 -0
  153. package/dist/packem_shared/{resolve-explicit-CMDl55Nz.js → resolve-explicit-Cgheka3B.js} +3 -3
  154. package/dist/packem_shared/resolve-runtime-CJSWV-K8.js +1 -0
  155. package/dist/packem_shared/run-file-B4TqKa0X.js +1 -0
  156. package/dist/packem_shared/runtime-check-0lUJvgKt.js +1 -0
  157. package/dist/packem_shared/runtime-process-Dmz0vCJy-DUwTvH1J.js +1 -0
  158. package/dist/packem_shared/s1ngularity-Du1NnSFP.js +1 -0
  159. package/dist/packem_shared/scan-progress-CN9ONR0y.js +2 -0
  160. package/dist/packem_shared/{selectors-GCJIe342.js → selectors-UmnAuc26.js} +1 -1
  161. package/dist/packem_shared/{signatures-C730vkyK.js → signatures-BOUhghTv.js} +1 -1
  162. package/dist/packem_shared/{spinner-CV3WVJLv.js → spinner-lhXugSx3.js} +1 -1
  163. package/dist/packem_shared/tabs-DTiU3usb.js +1 -0
  164. package/dist/packem_shared/target-options-ChWcK60i.js +1 -0
  165. package/dist/packem_shared/toolchain-DyCKnGch.js +5 -0
  166. package/dist/packem_shared/typosquats-DBOvXwph.js +1 -0
  167. package/dist/packem_shared/use-measured-height-CK2Co3XI.js +1 -0
  168. package/dist/packem_shared/verify-CVPYlUrF.js +1 -0
  169. package/dist/packem_shared/vis-update-app-DtHkwBca.js +1 -0
  170. package/dist/packem_shared/watch-Bkp_AAbc.js +1 -0
  171. package/dist/packem_shared/watch-loop-D9zbXzRd.js +11 -0
  172. package/dist/runtime/preload.d.ts +1 -0
  173. package/dist/runtime/preload.js +1 -0
  174. package/index.d.ts +14 -0
  175. package/index.js +28 -27
  176. package/package.json +18 -27
  177. package/schemas/vis-config.schema.json +12 -0
  178. package/dist/packem_shared/CONFIG_FILES-BfaR0jKT.js +0 -1
  179. package/dist/packem_shared/build-scripts-CCCi8U66.js +0 -1
  180. package/dist/packem_shared/dependency-scan-DnTgYleU.js +0 -1
  181. package/dist/packem_shared/failure-log-CEWP3bP0.js +0 -2
  182. package/dist/packem_shared/glob-fqg4KepW-B7EjLRvw.js +0 -1
  183. package/dist/packem_shared/index-Du8RWawQ.js +0 -1
  184. package/dist/packem_shared/index-yBikBkHT.js +0 -30
  185. package/dist/packem_shared/manifests-Dj3pRKBT.js +0 -1
  186. package/dist/packem_shared/missing-package-json-8vNHwbqw.js +0 -1
  187. package/dist/packem_shared/provenance-_CJjMKwu.js +0 -1
  188. package/dist/packem_shared/registry-keys-BfFto6vI.js +0 -1
  189. package/dist/packem_shared/runtime-check-Stc9AI78.js +0 -1
  190. package/dist/packem_shared/s1ngularity-Dhr3bPk0.js +0 -1
  191. package/dist/packem_shared/scan-progress-CFhc0CMj.js +0 -2
  192. package/dist/packem_shared/tabs-BuTy5gPV.js +0 -1
  193. package/dist/packem_shared/toolchain-pR7AJ-tB.js +0 -5
  194. package/dist/packem_shared/typosquats-DN78xx1x.js +0 -1
  195. package/dist/packem_shared/use-measured-height-_eVGWtWt.js +0 -1
  196. package/dist/packem_shared/verify-6WCmFmy8.js +0 -1
  197. package/dist/packem_shared/vis-update-app-k3fDxech.js +0 -1
  198. package/dist/packem_shared/watch-BvIwLG4N.js +0 -1
  199. package/dist/packem_shared/watch-loop-DWkvv2tK.js +0 -11
@@ -1,48 +1,322 @@
1
- import{createRequire as ct}from"node:module";import{I as We,s as O,E as P,q as Le,V as G,j as ut}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{m as V,f as U,v as K,I as J,A as dt,T as pt}from"../packem_shared/index-BDmTbWX1.js";import"smol-toml";import{P as ft,ba as gt,bb as mt,bc as ht,bd as $t,u as Re,b0 as yt,r as ae,l as de,j as kt,R as wt,c as vt,V as bt,be as Rt,bf as He,$ as xe,d as M,h as pe,m as L,H as Fe,bg as xt,F as q,B as At,bh as St,bi as Et,o as Ct,G as Tt}from"./bin.js";import{E as jt}from"../packem_shared/public-api-WqUCiyIe.js";import{K as Dt,Z as Ot,W as Ae}from"../packem_shared/ai-analysis-BUeX2J2H.js";import{v as Ut,I as Bt,s as ze}from"../packem_shared/pm-runner-OGResYrA.js";import{r as Vt,a as _t,p as Mt}from"../packem_shared/resolve-explicit-CMDl55Nz.js";import{S as Pt}from"../packem_shared/min-release-age-D1alDE3K.js";import{r as qt,s as Wt}from"../packem_shared/typosquats-DN78xx1x.js";import{U as Lt,b as Ht,u as Se}from"../packem_shared/vis-update-app-k3fDxech.js";import{h as Ge,P as Ke}from"../packem_shared/peer-warnings-BXAzXqY3.js";import{f as Je}from"../packem_shared/utils-Cxree603.js";import{s as ee}from"../packem_shared/index-CgcF6_wo.js";import{r as Ft,q as zt}from"../packem_shared/advisories-DLeO5KMN.js";const lt=ct(import.meta.url),Z=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Pe=e=>{if(typeof Z<"u"&&Z.versions&&Z.versions.node){const[t,n]=Z.versions.node.split(".").map(Number);if(t>22||t===22&&n>=3||t===20&&n>=16)return Z.getBuiltinModule(e)}return lt(e)},{createInterface:qe}=Pe("node:readline"),{existsSync:It,realpathSync:Nt}=Pe("node:fs"),Gt=e=>{const t=[];for(const n of e.filters)t.push("--filter",n);return e.workspaceRoot&&t.push("--filter","."),t.push("update"),e.latest&&t.push("--latest"),e.recursive&&t.push("--recursive"),e.interactive&&t.push("--interactive"),e.dev&&t.push("--dev"),e.prod&&t.push("--prod"),e.noOptional&&t.push("--no-optional"),e.noSave&&t.push("--no-save"),t.push(...e.packages),{args:t,bin:"pnpm"}},Kt=e=>{const t=[];return e.filters.length>0&&t.push("workspace",e.filters[0]),t.push("upgrade"),e.latest&&t.push("--latest"),t.push(...e.packages),{args:t,bin:"yarn"}},Jt=e=>{const t=[];if(e.filters.length>0||e.recursive){t.push("workspaces","foreach","--all");for(const n of e.filters)t.push("--include",n)}return t.push("up"),e.interactive&&t.push("--interactive"),t.push(...e.packages),{args:t,bin:"yarn"}},Yt=(e,t)=>{const n=["update"];e.latest&&t.push("npm does not support --latest flag. Packages will be updated within their semver range."),e.interactive&&t.push("npm does not support --interactive mode.");for(const s of e.filters)n.push("--workspace",s);return e.recursive&&n.push("--workspaces"),e.workspaceRoot&&n.push("--include-workspace-root"),e.dev&&n.push("--dev"),e.prod&&n.push("--production"),e.noOptional&&n.push("--no-optional"),e.noSave&&n.push("--no-save"),n.push(...e.packages),{args:n,bin:"npm"}},Xt=e=>{const t=["update"];e.latest&&t.push("--latest");for(const n of e.filters)t.push("--filter",n);return t.push(...e.packages),{args:t,bin:"bun"}},Zt=(e,t)=>{const n=["outdated","--update"];return e.latest&&n.push("--latest"),e.interactive&&n.push("--interactive"),e.filters.length>0&&t.push("deno outdated has no --filter flag; ignoring."),(e.dev||e.prod)&&t.push("deno outdated has no --dev / --prod flags; dev/prod is governed by deno.json."),e.noOptional&&t.push("deno outdated has no --no-optional flag; ignoring."),e.noSave&&t.push("deno outdated has no --no-save flag; ignoring."),n.push(...e.packages),{args:n,bin:"deno"}},Qt=(e,t,n)=>{const s=[];if(n.global&&e!=="aube"&&e!=="deno")return{command:{args:["update","--global",...n.packages],bin:"npm"},warnings:s};let r;switch(e){case"aube":{const o=Ut(n);r={args:o.args,bin:o.bin},s.push(...o.warnings);break}case"bun":{r=Xt(n);break}case"deno":{r=Zt(n,s);break}case"npm":{r=Yt(n,s);break}case"pnpm":{r=Gt(n);break}case"yarn":{r=t.startsWith("1.")?Kt(n):Jt(n);break}default:{const o=e;throw new Error(`Unsupported package manager: ${String(o)}`)}}return{command:r,warnings:s}},Ye=e=>{const t=e.indexOf("@");return t<=0?e:e.slice(0,t)},en=e=>{switch(e){case"docker":case"docker-compose":return"docker";case"github-actions":return"actions";case"gitlab-ci":return"gitlab";default:return}},tn=(e,t)=>{const n=[".github/dependabot.yml",".github/dependabot.yaml"];for(const s of n){const r=V(e,s);if(!U(r))continue;let o;try{o=jt(K(r))}catch{continue}if(o?.updates){for(const i of o.updates){const a=en(i["package-ecosystem"]);if(!(!a||!Array.isArray(i.ignore)))for(const d of i.ignore){const c=d["dependency-name"];typeof c=="string"&&c.length>0&&t[a].add(Ye(c))}}return}}},nn=Object.freeze({"docker-compose":"docker",dockerfile:"docker","github-actions":"actions",gitlabci:"gitlab","gitlabci-include":"gitlab"}),sn=Object.freeze({docker:"docker","github-tags":"actions"}),fe=(e,t)=>{if(t)for(const n of t)typeof n=="string"&&n.length>0&&e.add(Ye(n))},on=e=>{let t="",n=0;const{length:s}=e;let r=!1,o="";for(;n<s;){const i=e[n]??"";if(r){if(t+=i,i==="\\"&&n+1<s){t+=e[n+1]??"",n+=2;continue}i===o&&(r=!1),n+=1;continue}if(i==='"'||i==="'"){r=!0,o=i,t+=i,n+=1;continue}if(i==="/"&&e[n+1]==="/"){for(;n<s&&e[n]!==`
2
- `;)n+=1;continue}if(i==="/"&&e[n+1]==="*"){for(n+=2;n<s&&!(e[n]==="*"&&e[n+1]==="/");)n+=1;n+=2;continue}if(i===","){let a=n+1;for(;a<s&&/\s/.test(e[a]??"");)a+=1;const d=e[a];if(d==="}"||d==="]"){n+=1;continue}}t+=i,n+=1}return t},rn=(e,t)=>{const n=["renovate.json","renovate.json5",".renovaterc",".renovaterc.json"];for(const s of n){const r=V(e,s);if(!U(r))continue;let o;try{const a=K(r);o=JSON.parse(on(a))}catch{continue}if(!o)continue;if(Array.isArray(o.ignoreDeps))for(const a of["actions","docker","gitlab"])fe(t[a],o.ignoreDeps);const i=[["github-actions","actions"],["dockerfile","docker"],["docker-compose","docker"],["gitlabci","gitlab"],["gitlabci-include","gitlab"]];for(const[a,d]of i){const c=o[a];fe(t[d],c?.ignoreDeps)}if(!Array.isArray(o.packageRules))return;for(const a of o.packageRules){if(a.enabled!==!1)continue;const d=new Set;for(const u of a.matchManagers??[]){const f=nn[u];f&&d.add(f)}for(const u of a.matchDatasources??[]){const f=sn[u];f&&d.add(f)}d.size===0&&(d.add("actions"),d.add("docker"),d.add("gitlab"));const c=[...a.matchPackageNames??[],...a.matchDepNames??[],...a.matchPackagePatterns??[]];for(const u of d)fe(t[u],c)}return}},an=e=>{const t={actions:new Set,docker:new Set,gitlab:new Set};return tn(e,t),rn(e,t),t},he=(e,t,n)=>{const s=n[t];if(s.size===0)return!1;if(s.has(e))return!0;for(const r of s)if(/[*?[\]/.+]/.test(r))try{const o=r.replaceAll(/[.+^${}()|]/g,String.raw`\$&`).replaceAll("*",".*").replaceAll("?",".");if(new RegExp(`^${o}$`).test(e))return!0}catch{}return!1},H=e=>{const t=e.trim();if(t==="")return;const n=t.startsWith("v")||t.startsWith("V")?t.slice(1):t,s=(ee.valid(n)?ee.parse(n):void 0)??ee.coerce(n,{includePrerelease:!0});if(s)return{major:s.major,minor:s.minor,normalized:`${String(s.major)}.${String(s.minor)}.${String(s.patch)}${s.prerelease.length>0?`-${s.prerelease.join(".")}`:""}`,patch:s.patch,prerelease:s.prerelease.length>0,raw:t}},cn=(e,t)=>ee.rcompare(e.normalized,t.normalized),$e=(e,t,n,s)=>{if(!t&&n!=="latest")return;const r=e.filter(o=>o.prerelease?!1:t?n==="patch"&&(o.major!==t.major||o.minor!==t.minor)||n==="minor"&&o.major!==t.major?!1:ee.gt(o.normalized,t.normalized):!0);if(r.length!==0)return r.toSorted(cn)[0]},ye=(e,t)=>!e||!t?"unknown":t.major!==e.major?"major":t.minor!==e.minor?"minor":t.patch!==e.patch?"patch":"unknown",ln="GitHub Actions",Ee=(e,t)=>`${e}@${t}`,un=e=>({fixedVersions:e.fixedVersions,id:e.id,severity:e.severity,summary:e.summary}),dn=(e,t)=>{if(t.length===0)return t;const n=Ft(e);if(!It(n))return t;const s=new Map;for(const o of t){const i=o.currentVersion??o.currentRef;i&&s.set(Ee(o.name,i),{name:o.name,version:i})}if(s.size===0)return t;const r=new Map;try{for(const[o,i]of s){const a=zt([i],{ecosystem:ln,workspaceRoot:e}).get(i.name);a&&a.length>0&&r.set(o,a)}}catch{return t}return r.size===0?t:t.map(o=>{const i=o.currentVersion??o.currentRef;if(!i)return o;const a=r.get(Ee(o.name,i));return a?{...o,advisories:a.map(d=>un(d))}:o})},Xe=e=>{if(!e)return{};const t={};for(const n of e.split(",")){const s=/^\s*<([^>]+)>\s*;\s*(.+)$/.exec(n);if(!s)continue;const r=s[1]??"",o=s[2]??"";switch(/rel\s*=\s*"?([^";\s]+)"?/i.exec(o)?.[1]?.toLowerCase()){case"first":{t.first=r;break}case"last":{t.last=r;break}case"next":{t.next=r;break}case"prev":case"previous":{t.previous=r;break}}}return t};class pn{token;apiBase;fetchImpl;tagsCache=new Map;commitCache=new Map;constructor(t){this.token=t.token??process.env.GITHUB_TOKEN??process.env.GH_TOKEN,this.apiBase=t.apiBase??"https://api.github.com",this.fetchImpl=t.fetch??fetch}async listTags(t,n){const s=`${t}/${n}`,r=this.tagsCache.get(s);if(r)return r;const o=this.fetchTags(t,n);return this.tagsCache.set(s,o),o}async resolveRef(t,n,s){const r=`${t}/${n}@${s}`,o=this.commitCache.get(r);if(o)return o;const i=this.fetchCommit(t,n,s);return this.commitCache.set(r,i),i}buildHeaders(){const t={Accept:"application/vnd.github+json","User-Agent":"vis-update-actions","X-GitHub-Api-Version":"2022-11-28"};return this.token&&(t.Authorization=`Bearer ${this.token}`),t}async fetchTags(t,n){const s=`${this.apiBase}/repos/${encodeURIComponent(t)}/${encodeURIComponent(n)}/tags?per_page=100`,r={parsed:[],tags:[]},o=[];let i=s,a=0;for(;i&&a<5;){const c=i;let u;try{u=await this.fetchImpl(c,{headers:this.buildHeaders()})}catch{return r}if(!u.ok)return r;let f;try{f=await u.json()}catch{return r}if(!Array.isArray(f))return r;for(const g of f){const m=typeof g.name=="string"?g.name:"",h=typeof g.commit?.sha=="string"?g.commit.sha:"";m!==""&&h!==""&&o.push({name:m,sha:h})}i=Xe(u.headers.get("link")).next,a+=1}const d=[];for(const c of o){const u=H(c.name);u&&d.push({...u,sha:c.sha})}return{parsed:d,tags:o}}async fetchCommit(t,n,s){const r=`${this.apiBase}/repos/${encodeURIComponent(t)}/${encodeURIComponent(n)}/commits/${encodeURIComponent(s)}`;try{const o=await this.fetchImpl(r,{headers:this.buildHeaders()});if(!o.ok)return;const i=await o.json();return typeof i.sha!="string"?void 0:{committedAt:i.commit?.committer?.date,sha:i.sha}}catch{return}}}const fn=".github/workflows",gn=".github/actions",mn=/^\s*-?\s*uses:\s*(['"]?)([^'"\s#]+)\1(?:\s*#\s*(.+))?\s*$/,hn=/^[a-f0-9]{40}$/i,$n=/actions-up-ignore-next-line(?::\s*(.+))?/i,yn=/actions-up-ignore-start/i,kn=/actions-up-ignore-end/i,wn=e=>{const t=e.split("/");if(t.length<2)return;const[n,s,...r]=t;if(!(!n||!s))return{owner:n,repo:s,subpath:r.length>0?r.join("/"):void 0}},vn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r,o=!1;for(const[i,a]of n.entries()){const d=a??"";if(yn.test(d)&&(o=!0),kn.test(d)){o=!1;continue}const c=d.trim(),u=c===""||c.startsWith("#")?$n.exec(d):void 0;if(u){r=u[1]??"actions-up-ignore-next-line";continue}const f=mn.exec(d);if(!f){r=void 0;continue}const g=f[1]??"",m=g==="'"||g==='"'?g:"",h=f[2]??"",v=f[3]?.trim();if(h.startsWith("./")||h.startsWith("../")||h.startsWith("docker://")){r=void 0;continue}const x=h.lastIndexOf("@");if(x<=0){r=void 0;continue}const $=h.slice(0,x),A=h.slice(x+1),y=wn($);if(!y){r=void 0;continue}let p=r??(o?"actions-up-ignore-block":void 0);if(v){const k=/^actions-up-ignore(?:-next-line)?(?::\s*(.+))?(?:\s|$)/i.exec(v);k&&(p=p??k[1]??"actions-up-ignore")}r=void 0,s.push({file:e,ignoreReason:p,isSha:hn.test(A),line:i+1,original:`${m}${h}${m}`,owner:y.owner,quote:m,ref:A,repo:y.repo,slug:$,subpath:y.subpath,trailingComment:v&&!p?v:void 0})}return s},Ce=e=>e.endsWith(".yml")||e.endsWith(".yaml"),bn=(e,t=[])=>{const n=[],s=new Set,r=a=>{if(s.has(a))return;s.add(a);let d;try{d=K(a)}catch{return}const c=vn(a,d);n.push(...c)},o=V(e,fn);if(U(o))for(const a of J(o,{includeDirs:!1,includeSymlinks:!1,maxDepth:1}))Ce(a.name)&&r(a.path);const i=V(e,gn);if(U(i))for(const a of J(i,{includeDirs:!1,includeSymlinks:!1,maxDepth:3}))(a.name==="action.yml"||a.name==="action.yaml")&&r(a.path);for(const a of["action.yml","action.yaml"]){const d=V(e,a);U(d)&&r(d)}for(const a of t){const d=dt(a)?a:V(e,a);if(U(d))for(const c of J(d,{includeDirs:!1,includeSymlinks:!1}))Ce(c.name)&&r(c.path)}return n},Rn=40,xn=1440*60*1e3,An=new Set(["develop","edge","main","master","stable","trunk"]),Sn=e=>e.length===Rn&&/^[a-f0-9]{40}$/i.test(e)?!1:An.has(e.toLowerCase())?!0:H(e)===void 0,Te=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},En=(e,t,n,s)=>{const r=s==="sha"||e.isSha,{quote:o}=e;return r?`${o}${e.slug}@${t}${o} # ${n}`:`${o}${e.slug}@${n}${o}`},Cn=async(e,t)=>{const{ignoreRules:n,options:s,references:r,resolverOptions:o}=t,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const c=new pn({apiBase:o?.apiBase,fetch:o?.fetch,token:s.githubToken??o?.token}),u=new Map;for(const $ of r){const A=`${$.owner}/${$.repo}`,y=u.get(A)??[];y.push($),u.set(A,y)}const f=Math.max(1,s.maxConcurrentRequests),g=[...u.keys()];let m=0;const h=async $=>{const A=u.get($)??[],[y,p]=$.split("/");if(!y||!p)return;let k;try{k=await c.listTags(y,p)}catch{for(const l of A)d.push({file:l.file,reason:`failed to list tags for ${$}`});return}for(const l of A){const S=l.slug;let w;if(l.ignoreReason?w=l.ignoreReason:Te(S,s.exclude)?w="matched --exclude":s.include.length>0&&!Te(S,s.include)?w="not matched by --include":s.respectDependabotConfig&&n&&he(S,"actions",n)&&(w="ignored by dependabot/renovate config"),w){a.push({currentRef:l.ref,currentVersion:l.isSha?l.trailingComment?.replace(/^#\s*/,""):l.ref,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:w,replacement:l.original,updateType:"unknown"});continue}if(!s.includeBranches&&!l.isSha&&Sn(l.ref)){a.push({currentRef:l.ref,currentVersion:l.ref,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:"branch reference (use --include-branches)",replacement:l.original,updateType:"unknown"});continue}const E=l.isSha?l.trailingComment?.replace(/^#\s*/,"").split(/\s+/)[0]??"":l.ref,C=H(E);if(l.isSha&&!C&&s.mode!=="latest"){a.push({currentRef:l.ref,currentVersion:void 0,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:`SHA pin has no version-hint comment; cannot apply --target=${s.mode}`,replacement:l.original,updateType:"unknown"});continue}const b=$e(k.parsed,C,s.mode);if(!b)continue;if(s.minAgeDays!==void 0){const _=await c.resolveRef(y,p,b.sha),D=_?.committedAt?new Date(_.committedAt).getTime():void 0;if(D&&(Date.now()-D)/xn<s.minAgeDays){a.push({currentRef:l.ref,currentVersion:C?.raw,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:b.raw,original:l.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:l.original,updateType:"unknown"});continue}}const T=s.style==="sha"||l.isSha?b.sha:b.raw,N=En(l,b.sha,b.raw,s.style);i.push({currentRef:l.ref,currentVersion:C?.raw??l.trailingComment?.replace(/^#\s*/,""),ecosystem:"actions",file:l.file,line:l.line,name:S,newRef:T,newVersion:b.raw,original:l.original,replacement:N,updateType:ye(C,b),url:`https://github.com/${y}/${p}/releases/tag/${b.raw}`})}},v=[];for(let $=0;$<Math.min(f,g.length);$++)v.push((async()=>{for(;m<g.length;){const A=g[m];m+=1,A!==void 0&&await h(A)}})());await Promise.all(v);const x=dn(e,i);return{failed:d,ignored:a,updates:x}},Tn=e=>e.toSorted((t,n)=>t.file!==n.file?t.file<n.file?-1:1:t.line-n.line),jn=e=>{const t=[],n=[];if(e.length===0)return{applied:t,skipped:n};const s=Tn(e),r=new Map;for(const o of s){const i=r.get(o.file)??[];i.push(o),r.set(o.file,i)}for(const[o,i]of r){let a;try{a=K(o)}catch(g){for(const m of i)n.push({reason:`read failed: ${g.message}`,update:m});continue}const d=a.includes(`\r
3
- `)?`\r
4
- `:`
5
- `,c=a.split(/\r?\n/),u=[];for(const g of i){const m=g.line-1,h=c[m];if(h===void 0){n.push({reason:`line ${String(g.line)} out of range`,update:g});continue}const v=h.indexOf(g.original);if(v===-1){n.push({reason:"original token not found on expected line",update:g});continue}const x=h.slice(0,v),$=h.slice(v+g.original.length),A=/#\s*v?\d/.test(g.replacement)&&/^\s*#\s*v?\d[\w.+-]*\s*$/i.test($)?"":$;c[m]=`${x}${g.replacement}${A}`,u.push(g)}if(u.length===0)continue;const f=c.join(d);try{pt(o,f),t.push(...u)}catch(g){for(const m of u)n.push({reason:`write failed: ${g.message}`,update:m})}}return{applied:t,skipped:n}};class In{tokens;fetchImpl;tagCache=new Map;constructor(t={}){this.tokens=t.tokens??{},this.fetchImpl=t.fetch??fetch}async listTags(t,n,s){const r=`${t}/${n}/${s}`,o=this.tagCache.get(r);if(o)return o;const i=t==="docker.io"?this.listDockerHubTags(n,s):this.listV2Tags(t,n,s);return this.tagCache.set(r,i),i}async listDockerHubTags(t,n){const s={parsed:[],raw:[]},r=[],o=new Map;let i=`https://hub.docker.com/v2/repositories/${encodeURIComponent(t)}/${encodeURIComponent(n)}/tags?page_size=100`,a=0;for(;i&&a<5;){try{const d=await this.fetchImpl(i,{headers:{Accept:"application/json"}});if(!d.ok)break;const c=await d.json();if(Array.isArray(c.results)){for(const u of c.results)if(typeof u.name=="string"&&(r.push(u.name),typeof u.last_updated=="string")){const f=Date.parse(u.last_updated);Number.isNaN(f)||o.set(u.name,f)}}i=typeof c.next=="string"?c.next:void 0}catch{break}a+=1}return r.length===0?s:{parsed:r.map(d=>{const c=H(d);if(c)return{...c,lastUpdated:o.get(d)}}).filter(d=>d!==void 0),raw:r}}async listV2Tags(t,n,s){const r={parsed:[],raw:[]},o=n==="library"?s:`${n}/${s}`,i={Accept:"application/json"},a=this.tokens[t]??process.env[`DOCKER_REGISTRY_TOKEN_${t.toUpperCase().replaceAll(/[^A-Z0-9]/g,"_")}`];a&&(i.Authorization=`Bearer ${a}`);const d=`https://${t}`,c=[];let u=`${d}/v2/${o}/tags/list?n=100`,f=i,g=0;const m=()=>{const h=[];for(const v of c){const x=H(v);x&&h.push({...x,lastUpdated:void 0})}return{parsed:h,raw:c}};for(;u&&g<5;){try{let h=await this.fetchImpl(u,{headers:f});if(h.status===401&&f===i){const $=Dn(h.headers.get("www-authenticate"));if($){const A=await this.fetchBearerToken($);A&&(f={...i,Authorization:`Bearer ${A}`},h=await this.fetchImpl(u,{headers:f}))}}if(!h.ok)return g===0?r:m();const v=await h.json();if(!Array.isArray(v.tags))return g===0?r:m();for(const $ of v.tags)typeof $=="string"&&c.push($);const x=Xe(h.headers.get("link"));u=x.next?new URL(x.next,d).toString():void 0}catch{return g===0?r:m()}g+=1}return c.length===0?r:m()}async fetchBearerToken(t){const n=new URLSearchParams({scope:t.scope,service:t.service}),s=`${t.realm}?${n.toString()}`;try{const r=await this.fetchImpl(s,{headers:{Accept:"application/json"}});if(!r.ok)return;const o=await r.json();return o.token??o.access_token}catch{return}}}const Nn=e=>{const t=[];let n=0;const{length:s}=e;for(;n<s;){for(;n<s&&/\s/.test(e[n]??"");)n+=1;const r=n;for(;n<s&&e[n]!=="="&&e[n]!==",";)n+=1;const o=e.slice(r,n).trim();if(e[n]!=="="){for(;n<s&&e[n]!==",";)n+=1;n+=1;continue}n+=1;let i="";if(e[n]==='"'){for(n+=1;n<s&&e[n]!=='"';){if(e[n]==="\\"&&n+1<s){i+=e[n+1]??"",n+=2;continue}i+=e[n]??"",n+=1}n+=1}else{for(;n<s&&e[n]!==",";)i+=e[n]??"",n+=1;i=i.trim()}for(o.length>0&&t.push({key:o,value:i});n<s&&(/\s/.test(e[n]??"")||e[n]===",");)n+=1}return t},Dn=e=>{if(!e)return;const t=/^Bearer\s+(.*)$/i.exec(e);if(!t)return;const n=new Map;for(const{key:o,value:i}of Nn(t[1]??""))n.set(o.toLowerCase(),i);const s=n.get("realm"),r=n.get("service");if(s)return{realm:s,scope:n.get("scope")??"",service:r??""}},On="docker.io",Un="sha256:",re=e=>{const t=e.trim();if(t===""||t.startsWith("$")||t.includes("${")||t.includes("$("))return;let n=t,s;const r=n.indexOf(`@${Un}`);r!==-1&&(s=n.slice(r+1),n=n.slice(0,r));let o=On,i=n;const a=n.indexOf("/");if(a>0){const h=n.slice(0,a);(h==="localhost"||h.includes(".")||h.includes(":"))&&(o=h,i=n.slice(a+1))}let d="latest",c=i;const u=i.lastIndexOf(":");u!==-1&&!i.slice(u).includes("/")&&(d=i.slice(u+1),c=i.slice(0,u));let f="library",g=c;const m=c.indexOf("/");if(m!==-1&&(f=c.slice(0,m),g=c.slice(m+1)),g!=="")return{digest:s,name:g,namespace:f,original:t,registry:o,tag:d}},ie=/vis-update-ignore-next-line/i,Ze=/vis-update-ignore(?:\s|$|:)/i,Qe=e=>{const t=e.trim();return t===""||t.startsWith("#")},Bn=/^\s*FROM\s+(?:--\S+\s+)*([^\s#]+)(?:\s[^#]*)?(#.*)?$/i,Vn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of n.entries()){if(ie.test(i)&&Qe(i)){r=!0;continue}const a=Bn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[1]??"";if(d==="scratch"){r=!1;continue}const c=a[2]?.trim();let u=r?"vis-update-ignore-next-line":void 0;c&&ie.test(c)?u=u??"vis-update-ignore-next-line":c&&Ze.test(c)&&(u=u??"vis-update-ignore");const f=re(d);r=!1,f&&s.push({...f,file:e,ignoreReason:u,kind:"dockerfile",line:o+1})}return s},_n=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Mn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of n.entries()){if(ie.test(i)&&Qe(i)){r=!0;continue}const a=_n.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[2]??"",c=a[3]?.trim();let u=r?"vis-update-ignore-next-line":void 0;c&&ie.test(c)?u=u??"vis-update-ignore-next-line":c&&Ze.test(c)&&(u=u??"vis-update-ignore");const f=re(d);r=!1,f&&s.push({...f,file:e,ignoreReason:u,kind:"compose",line:o+1})}return s},je=e=>{const t=e.toLowerCase();return t==="dockerfile"||t.startsWith("dockerfile.")?!0:t.endsWith(".dockerfile")},Pn=e=>{const t=e.toLowerCase();return/^(?:docker-)?compose(?:\..+)?\.ya?ml$/.test(t)},qn=new Set([".cache",".git",".nx",".pnpm-store",".turbo","build","dist","node_modules"]),Wn=/(?:^|\/)(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)(?:\/|$)/,Ln=e=>{const t=[];if(!U(e))return t;const n=new Set,s=(r,o)=>{let i;try{i=Nt.native(r)}catch{i=r}if(n.has(i))return;n.add(i);let a;try{a=K(r)}catch{return}t.push(...o==="dockerfile"?Vn(r,a):Mn(r,a))};for(const r of J(e,{includeDirs:!1,includeSymlinks:!1,skip:[Wn]})){const{name:o}=r;qn.has(o)||(je(o)?s(r.path,"dockerfile"):Pn(o)&&s(r.path,"compose"))}for(const r of["Dockerfile","dockerfile","compose.yml","compose.yaml","docker-compose.yml","docker-compose.yaml"]){const o=V(e,r);U(o)&&s(o,je(r)?"dockerfile":"compose")}return t},Hn=864e5,Ie=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},Ne=e=>{const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return e.registry==="docker.io"?t:`${e.registry}/${t}`},Fn=e=>e.digest!==void 0&&e.digest.length>0,zn=e=>{if(e.registry==="docker.io")return`https://hub.docker.com/${e.namespace==="library"?`_/${e.name}`:`r/${e.namespace}/${e.name}`}/tags`;const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`https://${e.registry}/${t}`},Gn=(e,t)=>{const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`${e.registry==="docker.io"?n:`${e.registry}/${n}`}:${t}`},et=async(e,t)=>{const{ignoreRules:n,options:s,references:r,registryOptions:o}=t,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const c=new In({fetch:o?.fetch,tokens:o?.tokens}),u=new Map;for(const x of r){const $=`${x.registry}|${x.namespace}|${x.name}`,A=u.get($)??[];A.push(x),u.set($,A)}const f=Math.max(1,s.maxConcurrentRequests),g=[...u.keys()];let m=0;const h=async x=>{const $=u.get(x)??[],A=$[0];if(!A)return;let y;try{y=await c.listTags(A.registry,A.namespace,A.name)}catch{for(const p of $)d.push({file:p.file,reason:`failed to list tags for ${Ne(p)}`});return}for(const p of $){const k=Ne(p);let l;if(p.ignoreReason?l=p.ignoreReason:Ie(k,s.exclude)?l="matched --exclude":s.include.length>0&&!Ie(k,s.include)?l="not matched by --include":s.respectDependabotConfig&&n&&he(k,"docker",n)&&(l="ignored by dependabot/renovate config"),l){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:l,replacement:p.original,updateType:"unknown"});continue}if(Fn(p)){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:"digest-pinned image (refresh the pin manually to update)",replacement:p.original,updateType:"digest"});continue}const S=H(p.tag);if(!S&&!s.includeBranches){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:"non-semver tag (use --include-branches)",replacement:p.original,updateType:"unknown"});continue}if(!S&&s.mode!=="latest"){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:`branch ref has no version baseline for --target=${s.mode}`,replacement:p.original,updateType:"unknown"});continue}const w=$e(y.parsed,S,s.mode);if(!w)continue;if(s.minAgeDays!==void 0&&w.lastUpdated!==void 0&&(Date.now()-w.lastUpdated)/Hn<s.minAgeDays){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:w.raw,newVersion:w.raw,original:p.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:p.original,updateType:"unknown"});continue}const E=w.raw,C=Gn(p,E);i.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,line:p.line,name:k,newRef:E,newVersion:E,original:p.original,replacement:C,updateType:ye(S,w),url:zn(p)})}},v=[];for(let x=0;x<Math.min(f,g.length);x++)v.push((async()=>{for(;m<g.length;){const $=g[m];m+=1,$!==void 0&&await h($)}})());return await Promise.all(v),{failed:d,ignored:a,updates:i}};class Kn{token;tokenHeader;defaultApiBase;fetchImpl;tagCache=new Map;constructor(t){const n=t.token??process.env.GITLAB_TOKEN;n?(this.token=n,this.tokenHeader="PRIVATE-TOKEN"):process.env.CI_JOB_TOKEN?(this.token=process.env.CI_JOB_TOKEN,this.tokenHeader="JOB-TOKEN"):(this.token=void 0,this.tokenHeader="PRIVATE-TOKEN"),this.defaultApiBase=t.apiBase??"https://gitlab.com",this.fetchImpl=t.fetch??fetch}async listTags(t){const n=this.tagCache.get(t);if(n)return n;const s=this.fetchTags(t);return this.tagCache.set(t,s),s}resolveHostAndPath(t){const n=t.indexOf("/");if(n>0){const s=t.slice(0,n);if(s.includes("."))return{host:`https://${s}`,path:t.slice(n+1)}}return{host:this.defaultApiBase,path:t}}async fetchTags(t){const{host:n,path:s}=this.resolveHostAndPath(t),r=encodeURIComponent(s),o=`${n}/api/v4/projects/${r}/repository/tags?per_page=100`,i={Accept:"application/json","User-Agent":"vis-update-gitlab"};this.token&&(i[this.tokenHeader]=this.token);try{const a=await this.fetchImpl(o,{headers:i});if(!a.ok)return{error:`HTTP ${String(a.status)} from ${n}`,parsed:[],tags:[]};const d=await a.json();if(!Array.isArray(d))return{error:`unexpected response shape from ${n}`,parsed:[],tags:[]};const c=d.map(f=>({name:typeof f.name=="string"?f.name:"",sha:typeof f.commit?.id=="string"?f.commit.id:""})).filter(f=>f.name!==""),u=[];for(const f of c){const g=H(f.name);g&&u.push({...g,sha:f.sha})}return{parsed:u,tags:c}}catch(a){return{error:a instanceof Error?a.message:"fetch failed",parsed:[],tags:[]}}}}const Jn=/vis-update-ignore-next-line/i,Q=/vis-update-ignore(?:\s|$|:)/i,Yn=new Set([".gitlab-ci.yaml",".gitlab-ci.yml"]),Xn=e=>Yn.has(e)||e.endsWith(".gitlab-ci.yml")||e.endsWith(".gitlab-ci.yaml"),Zn=/^\s*-?\s*project:\s*(['"]?)([^'"\s#]+)\1(?:\s*#.*)?$/,Qn=/^\s*ref:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,es=/^\s*-?\s*component:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,ts=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,ns=/^\s*(?:-\s*)?(?:include:\s*)?\{([^}]*)\}\s*(?:#.*)?$/,ss=/project:\s*(['"]?)([^'"\s,}]+)\1/,os=/ref:\s*(['"]?)([^'"\s,}]+)\1/,rs=/component:\s*(['"]?)([^'"\s,}]+)\1/,is=/^(\s*-\s*name:\s*)(['"]?)([^'"\s#]+)\2(\s*#.*)?$/,as=/^(\s*-\s*)(['"]?)([^'"\s#:]+:[^'"\s#]+)\2(\s*#.*)?$/,cs=/^\s*-?\s*[a-z_][\w-]*:\s*(?:#.*)?$/i,ls=(e,t)=>{const n=t.split(/\r?\n/),s=[],r=[];let o,i=!1,a=!1,d=-1;for(const[c,u]of n.entries()){const f=u??"",g=f.trim(),m=g===""||g.startsWith("#");if(Jn.test(f)&&m){i=!0;continue}const h=/^(\s*)services:\s*(?:#.*)?$/.exec(f);if(h){a=!0,d=h[1]?.length??0;continue}a&&g!==""&&!g.startsWith("-")&&!g.startsWith("#")&&f.search(/\S/)<=d&&(a=!1,d=-1);const v=ts.exec(f);if(v){const p=v[2]??"",k=re(p);if(k){const l=v[3]?.trim();let S=i?"vis-update-ignore-next-line":void 0;l&&Q.test(l)&&(S=S??"vis-update-ignore"),r.push({...k,file:e,ignoreReason:S,kind:"compose",line:c+1})}i=!1;continue}if(a){const p=is.exec(f),k=p?void 0:as.exec(f),l=p??k;if(l){const S=l[3]??"",w=re(S);if(w){const E=l[4]?.trim();let C=i?"vis-update-ignore-next-line":void 0;E&&Q.test(E)&&(C=C??"vis-update-ignore"),r.push({...w,file:e,ignoreReason:C,kind:"compose",line:c+1})}}}const x=Zn.exec(f);if(x){o={line:c+1,project:x[2]??""};continue}const $=Qn.exec(f);if($&&o){const p=$[3]?.trim();let k=i?"vis-update-ignore-next-line":void 0;p&&Q.test(p)&&(k=k??"vis-update-ignore"),s.push({file:e,ignoreReason:k,kind:"project",line:c+1,original:$[2]??"",project:o.project,ref:$[2]??""}),o=void 0,i=!1;continue}const A=es.exec(f);if(A){const p=A[2]??"",k=p.lastIndexOf("@");if(k>0){const l=p.slice(0,k),S=p.slice(k+1),w=l.lastIndexOf("/"),E=w>0?l.slice(0,w):l,C=w>0?l.slice(w+1):void 0,b=A[3]?.trim();let T=i?"vis-update-ignore-next-line":void 0;b&&Q.test(b)&&(T=T??"vis-update-ignore"),s.push({componentName:C,file:e,ignoreReason:T,kind:"component",line:c+1,original:p,project:E,ref:S})}i=!1;continue}const y=ns.exec(f);if(y){const p=y[1]??"",k=/#(.*)$/.exec(f)?.[1]?.trim();let l=i?"vis-update-ignore-next-line":void 0;k&&Q.test(k)&&(l=l??"vis-update-ignore");const S=rs.exec(p);if(S){const w=S[2]??"",E=w.lastIndexOf("@");if(E>0){const C=w.slice(0,E),b=w.slice(E+1),T=C.lastIndexOf("/"),N=T>0?C.slice(0,T):C,_=T>0?C.slice(T+1):void 0;s.push({componentName:_,file:e,ignoreReason:l,kind:"component",line:c+1,original:w,project:N,ref:b})}}else{const w=ss.exec(p),E=os.exec(p);w&&E&&s.push({file:e,ignoreReason:l,kind:"project",line:c+1,original:E[2]??"",project:w[2]??"",ref:E[2]??""})}i=!1;continue}g!==""&&!g.startsWith("#")&&!cs.test(f)&&(i=!1)}return{images:r,includes:s}},De=/^(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)$/,us=e=>{const t=[],n=[];if(!U(e))return{images:n,includes:t};const s=o=>{let i;try{i=K(o)}catch{return}const{images:a,includes:d}=ls(o,i);t.push(...d),n.push(...a)};for(const o of[".gitlab-ci.yml",".gitlab-ci.yaml"]){const i=V(e,o);U(i)&&s(i)}const r=V(e,".gitlab");if(U(r))for(const o of J(r,{includeDirs:!1,includeSymlinks:!1,skip:[De]}))(o.name.endsWith(".yml")||o.name.endsWith(".yaml"))&&s(o.path);for(const o of J(e,{includeDirs:!1,includeSymlinks:!1,maxDepth:2,skip:[De]}))Xn(o.name)&&!n.some(i=>i.file===o.path)&&!t.some(i=>i.file===o.path)&&s(o.path);return{images:n,includes:t}},Oe=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},ds=(e,t,n)=>{const s=e.indexOf("/");return s>0&&e.slice(0,s).includes(".")?`https://${e.slice(0,s)}/${e.slice(s+1)}/-/releases/${t}`:`${n}/${e}/-/releases/${t}`},ps=async(e,t)=>{const{ignoreRules:n,imageReferences:s,includes:r,options:o,registryOptions:i,resolverOptions:a}=t,d=[],c=[],u=[];if(s.length>0){const y=await et(e,{ignoreRules:n,options:o,references:s,registryOptions:i});for(const p of y.updates)d.push({...p,ecosystem:"gitlab"});for(const p of y.ignored)c.push({...p,ecosystem:"gitlab"});u.push(...y.failed)}if(r.length===0)return{failed:u,ignored:c,updates:d};const f=new Kn({apiBase:a?.apiBase,fetch:a?.fetch,token:o.gitlabToken??a?.token}),g=a?.apiBase??"https://gitlab.com",m=new Map;for(const y of r){const p=m.get(y.project)??[];p.push(y),m.set(y.project,p)}const h=Math.max(1,o.maxConcurrentRequests),v=[...m.keys()];let x=0;const $=async y=>{const p=m.get(y)??[];let k;try{k=await f.listTags(y)}catch{for(const l of p)u.push({file:l.file,reason:`failed to list tags for ${y}`});return}if(k.error){for(const l of p)u.push({file:l.file,reason:`failed to list tags for ${y}: ${k.error}`});return}for(const l of p){const S=l.kind==="component"&&l.componentName?`${l.project}/${l.componentName}`:l.project;let w;l.ignoreReason?w=l.ignoreReason:Oe(S,o.exclude)?w="matched --exclude":o.include.length>0&&!Oe(S,o.include)?w="not matched by --include":o.respectDependabotConfig&&n&&he(S,"gitlab",n)&&(w="ignored by dependabot/renovate config");const E=N=>({currentRef:l.ref,currentVersion:l.ref,ecosystem:"gitlab",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:N,replacement:l.original,updateType:"unknown"});if(w){c.push(E(w));continue}const C=H(l.ref);if(!C&&!o.includeBranches){c.push(E("branch reference (use --include-branches)"));continue}if(!C&&o.mode!=="latest"){c.push(E(`branch ref has no version baseline for --target=${o.mode}`));continue}const b=$e(k.parsed,C,o.mode);if(!b)continue;let T;l.kind==="component"?T=`${l.componentName?`${l.project}/${l.componentName}`:l.project}@${b.raw}`:T=b.raw,d.push({currentRef:l.ref,currentVersion:C?.raw??l.ref,ecosystem:"gitlab",file:l.file,line:l.line,name:S,newRef:b.raw,newVersion:b.raw,original:l.original,replacement:T,updateType:ye(C,b),url:ds(l.project,b.raw,g)})}},A=[];for(let y=0;y<Math.min(h,v.length);y++)A.push((async()=>{for(;x<v.length;){const p=v[x];x+=1,p!==void 0&&await $(p)}})());return await Promise.all(A),{failed:u,ignored:c,updates:d}},fs={disabled:new Set,exclude:[],githubToken:void 0,gitlabToken:void 0,include:[],includeBranches:!1,maxConcurrentRequests:8,minAgeDays:void 0,mode:"latest",respectDependabotConfig:!0,style:"sha"},gs=async e=>{const t={...fs,...e.options,disabled:e.options?.disabled??new Set},n=t.respectDependabotConfig?an(e.workspaceRoot):void 0,s={actions:{failed:[],ignored:[],updates:[]},docker:{failed:[],ignored:[],updates:[]},gitlab:{failed:[],ignored:[],updates:[]}},r=[];let o=0;if(!t.disabled.has("actions")){const d=bn(e.workspaceRoot);d.length>0&&(o+=1,r.push(Cn(e.workspaceRoot,{ignoreRules:n,options:t,references:d}).then(c=>{s.actions=c})))}if(!t.disabled.has("docker")){const d=Ln(e.workspaceRoot);d.length>0&&(o+=1,r.push(et(e.workspaceRoot,{ignoreRules:n,options:t,references:d}).then(c=>{s.docker=c})))}if(!t.disabled.has("gitlab")){const{images:d,includes:c}=us(e.workspaceRoot);d.length+c.length>0&&(o+=1,r.push(ps(e.workspaceRoot,{ignoreRules:n,imageReferences:d,includes:c,options:t}).then(u=>{s.gitlab=u})))}await Promise.all(r);const i=[...s.actions.updates,...s.docker.updates,...s.gitlab.updates],a=[...s.actions.ignored,...s.docker.ignored,...s.gitlab.ignored];return{failed:[...s.actions.failed,...s.docker.failed,...s.gitlab.failed],ignored:a,perEcosystem:s,scanned:o,updates:i}},ms={actions:"GitHub Actions",docker:"Docker",gitlab:"GitLab CI"},ge=e=>e.updateType==="major",hs=e=>{switch(e){case"major":return G;case"minor":return O;case"patch":return We;default:return Le}},Ue=e=>{const t=hs(e.updateType),n=e.currentVersion??e.currentRef,s=e.newVersion??e.newRef,r=e.url?` ${P(e.url)}`:"",o=e.advisories&&e.advisories.length>0?` ${G(`⚠ ${String(e.advisories.length)} advisor${e.advisories.length===1?"y":"ies"}`)}`:"";return` ${t(e.updateType.padEnd(7))} ${e.name} ${P(n)} → ${s}${o}${r}`},Be=e=>!e.advisories||e.advisories.length===0?[]:e.advisories.map(t=>` ${t.severity==="CRITICAL"||t.severity==="HIGH"?G(t.severity):O(t.severity)} ${t.id} ${P(t.summary)}`),$s=(e,t)=>{const n=[],s=e.updates.length;if(s===0&&e.scanned===0)return"";if(s===0){if(e.failed.length===0&&e.ignored.length===0)return n.push(`${We("✓")} All ecosystem references up to date.`),n.join(`
6
- `);if(n.push(`${O("⚠")} No actionable updates found.`),e.failed.length>0){n.push(`
7
- ${O("Failed lookups:")}`);for(const o of e.failed)n.push(` ${o.file}: ${o.reason}`)}if(t.showIgnored&&e.ignored.length>0){n.push(`
8
- ${P("Ignored:")}`);for(const o of e.ignored)n.push(` ${P(o.name)} ${P(o.reason??"")}`)}return n.join(`
9
- `)}n.push(`
10
- ${Le("Ecosystem updates")} — ${String(s)} reference${s===1?"":"s"} can be bumped:`);const r=e.updates.filter(o=>ge(o));if(r.length>0){n.push(`
11
- ${G(ut(`⚠ Breaking changes (${String(r.length)})`))}`),n.push(` ${P("Review release notes before applying these cross a major-version boundary.")}`);for(const o of r)n.push(Ue(o)),n.push(...Be(o))}for(const o of Object.keys(e.perEcosystem)){const i=e.perEcosystem[o];if(i.updates.length!==0){n.push(`
12
- ${ms[o]} (${String(i.updates.length)})`);for(const a of i.updates)n.push(Ue(a)),n.push(...Be(a))}}if(t.showIgnored&&e.ignored.length>0){n.push(`
13
- ${P("Ignored:")}`);for(const o of e.ignored)n.push(` ${P(o.name)} ${P(o.reason??"")}`)}if(e.failed.length>0){n.push(`
14
- ${O("Failed lookups:")}`);for(const o of e.failed)n.push(` ${o.file}: ${o.reason}`)}return t.previewOnly&&n.push(`
15
- ${O("ℹ")} ${P("Not applied automatically — re-run with `--interactive` to choose which to apply, or `--yes` to apply all.")}`),n.join(`
16
- `)},ys=e=>JSON.stringify({ecosystems:{failed:e.failed,ignored:e.ignored,perEcosystem:e.perEcosystem,scanned:e.scanned,updates:e.updates}},void 0,2),ks=()=>{const e=qe({input:process.stdin,output:process.stdout});return{ask:t=>new Promise(n=>{e.question(t,s=>{n(s.trim())})}),close:()=>{e.close()},write:t=>{process.stdout.write(`${t}
17
- `)}}},ws=(e,t)=>e.split(",").map(n=>Number.parseInt(n.trim(),10)-1).filter(n=>Number.isInteger(n)&&n>=0&&n<t),vs=async(e,t=ks())=>{if(e.length===0)return t.close(),[];t.write(""),t.write("Outdated ecosystem references:");for(const[s,r]of e.entries()){const o=r.currentVersion??r.currentRef,i=r.newVersion??r.newRef,a=ge(r)?" [BREAKING]":"";t.write(` ${String(s+1)}. [${r.ecosystem}] ${r.name}: ${o} → ${i} (${r.updateType})${a}`)}t.write("");const n=(await t.ask("Apply updates? [a]ll / [s]afe / [n]one / numbers: ")).toLowerCase();if(n==="a"||n==="all")return t.close(),e;if(n==="s"||n==="safe")return t.close(),e.filter(s=>!ge(s));if(n==="n"||n==="none"||n==="")return t.close(),[];if(/^[\d ,]+$/.test(n)){const s=ws(n,e.length);return t.close(),s.map(r=>e[r]).filter(r=>r!==void 0)}return t.close(),[]},tt=e=>{const t=e.trim();if(t==="")return;const n=/^(\d+(?:\.\d+)?)\s*([mhdw])?$/i.exec(t);if(!n)return;const s=Number.parseFloat(n[1]);if(!(!Number.isFinite(s)||s<0))switch((n[2]??"m").toLowerCase()){case"d":return s*60*24;case"h":return s*60;case"m":return s;case"w":return s*60*24*7;default:return}},bs=e=>{const t=e.trim();return/^\d+(?:\.\d+)?$/.test(t)?Number.parseFloat(t)*1440:tt(t)},Ks=e=>!Number.isFinite(e)||e<=0?"0m":e%1440===0?`${String(e/1440)}d`:e%60===0?`${String(e/60)}h`:`${String(e)}m`,ke=(e,t)=>{try{switch(t){case"bun":{const n=V(e,"bunfig.toml");if(U(n)){const s=yt(n),r=s?.install?.minimumReleaseAge;return{excludes:Array.isArray(s?.install?.minimumReleaseAgeExcludes)?s.install.minimumReleaseAgeExcludes:void 0,minutes:typeof r=="number"?Math.round(r/60):void 0}}break}case"npm":{const n=V(e,".npmrc");if(U(n)){const s=K(n),r=/^\s*min-release-age\s*=\s*([^\s#;]+)/m.exec(s);return{minutes:r?bs(r[1]):void 0}}break}case"pnpm":{const n=V(e,"pnpm-workspace.yaml");if(U(n)){const s=Re(n);return{excludes:Array.isArray(s?.minimumReleaseAgeExclude)?s.minimumReleaseAgeExclude:void 0,minutes:typeof s?.minimumReleaseAge=="number"?s.minimumReleaseAge:void 0}}break}case"yarn":{const n=V(e,".yarnrc.yml");if(U(n)){const s=Re(n),r=s?.npmMinimalAgeGate,o=Array.isArray(s?.npmPreapprovedPackages)?s.npmPreapprovedPackages:void 0;if(typeof r=="string")return{excludes:o,minutes:tt(r)};if(typeof r=="number")return{excludes:o,minutes:r}}break}}}catch{}return{}},Rs={bun:"minimumReleaseAgeExcludes",pnpm:"minimumReleaseAgeExclude",yarn:"npmPreapprovedPackages"},nt={bun:"bunfig.toml minimumReleaseAgeExcludes",npm:".npmrc",pnpm:"pnpm-workspace.yaml minimumReleaseAgeExclude",yarn:".yarnrc.yml npmPreapprovedPackages"},st=(e,t,n)=>{const s=ke(t,e);if(typeof s.minutes!="number"||s.minutes<=0)return{added:[],unsupported:!1};if(!(e in Rs))return{added:[],unsupported:!0};const r=s.excludes??[],o=[...new Set(n)].filter(i=>!r.includes(i));return o.length===0?{added:[],unsupported:!1}:(Pt(e,t,s.minutes,[...r,...o]),{added:o,unsupported:!1})},ot=(e,t,n)=>{n.added.length>0?e.info(`Added ${String(n.added.length)} package${n.added.length===1?"":"s"} to ${nt[t]??"the package manager config"} so --ignore-release-age versions install: ${n.added.join(", ")}`):n.unsupported&&e.warn(`${O("⚠")} npm has no per-package release-age exclude list, so vis can't exempt just the selected packages. Lower min-release-age in .npmrc or pass --min-release-age=0 to the install.`)},xs=(e,t,n)=>{const s=e.latest?"latest":e.target??t.target??"latest";if(!["latest","minor","patch"].includes(s))throw new Error(`Invalid target "${s}". Use: latest, minor, or patch.`);const r=e.maxConcurrentRequests,o=typeof r=="number"&&r>0?r:t.maxConcurrentRequests,i=typeof e.releaseChannel=="string"?e.releaseChannel.toLowerCase():void 0;if(i!==void 0&&!["any","same","stable"].includes(i))throw new Error(`Invalid --release-channel "${String(e.releaseChannel)}". Use: any, same, or stable.`);const a=i??t.releaseChannel;return{exclude:[...q(e.exclude),...q(t.exclude)],ignore:q(t.ignore),include:[...q(e.include),...q(t.include),...n],includeLocked:e.includeLocked||t.includeLocked||!1,includePrerelease:e.prerelease||t.prerelease||!1,maxConcurrentRequests:o,minimumReleaseAge:t.minimumReleaseAge,minimumReleaseAgeExclude:t.minimumReleaseAgeExclude,packageMode:t.packageMode,releaseChannel:a,security:e.security===!1?!1:e.ai||(t.security??!0),target:s}},Ve=(e,t)=>{if(e.length!==0){t.info(`
18
- ${O("⚠")} ${String(e.length)} package${e.length===1?"":"s"} skipped by target constraint (use --target latest to include):`);for(const n of e)t.info(` ${n.packageName} ${n.currentRange} → ${n.newRange} (${n.updateType})`)}},_e=(e,t,n,s,r)=>{n==="json"?process.stdout.write(`${Et({checkedCount:0,failed:t,filteredByTarget:[],ignored:[],outdated:e})}
19
- `):n==="minimal"?process.stdout.write(`${Ct(e)}
20
- `):(Tt(e,s),s.info(Fe(e,r)))},Me=async(e,t,n,s,r,o,i)=>{const a=St(e,n,t,!0,{useEditorconfig:i}),d=t==="pnpm"?"pnpm-workspace.yaml":"package.json";if(r.info(`
21
- Updated ${d}`),a&&r.info(`Backup saved to ${a}`),s.changelog){r.info(`
22
- Fetching changelogs...`);const c=await He(n,void 0,o);for(const u of c){const f=u.releaseUrl??u.repoUrl??u.npmUrl;r.info(` ${u.packageName}: ${f}`)}}if(s["ignore-release-age"]===!0&&n.length>0&&ot(r,t,st(t,e,n.map(c=>c.packageName))),s.install??!0){const c=t,u=["install"];r.info(`Running ${c} ${u.join(" ")}...
23
- `);try{const{code:f,output:g}=await ze(c,u,{cwd:e,env:process.env});f!==0?r.warn(`${c} ${u.join(" ")} failed. You may need to run it manually.`):s.peer!==!0&&Ge(g)&&r.info(Ke)}catch{r.warn(`${c} ${u.join(" ")} failed. You may need to run it manually.`)}}},me={applied:!1,canceled:!1,jsonEmitted:!1},As=async(e,t,n,s,r,o)=>{const i=n.update??{},a=[["global","--global is not supported in catalog mode"],["recursive","--recursive is not needed in catalog mode (catalogs are workspace-level)"],["filter","--filter is not supported in catalog mode (use --include/--exclude instead)"],["no-save","--no-save is not supported in catalog mode"],["workspace-root","--workspace-root is not needed in catalog mode"],["no-optional","--no-optional is not supported in catalog mode"]];for(const[R,j]of a)s[R]&&o.warn(`${O("⚠")} ${j}, ignoring.`);const d=s["ignore-release-age"]===!0,c=de("minReleaseAge")||d,{excludes:u,minutes:f}=c?{excludes:void 0,minutes:void 0}:ke(e,t),g=c?void 0:i.minimumReleaseAge??f,m=c?void 0:i.minimumReleaseAgeExclude??u;if(d?o.info(`${O("⚠")} --ignore-release-age: selecting the latest versions regardless of minimumReleaseAge.`):c&&(i.minimumReleaseAge!==void 0||f!==void 0)&&o.info("minimumReleaseAge gate disabled via MARSHALL_DISABLE_MIN_RELEASE_AGE."),!c&&i.minimumReleaseAge!==void 0&&f!==void 0&&i.minimumReleaseAge!==f){const R=t==="pnpm"?"pnpm-workspace.yaml":"bunfig.toml";o.warn(`${O("⚠")} minimumReleaseAge mismatch: vis config = ${String(i.minimumReleaseAge)} min, ${R} = ${String(f)} min. Consider keeping them in sync.`)}const h=kt(e),v=s["include-internal"],x=s.peer,$=wt(e,t,{depFields:i.depFields,dev:s.dev,includeInternal:v,peer:x,prod:s.prod});if($.size===0)return o.info("No catalogs found."),me;const A={...i,minimumReleaseAge:g,minimumReleaseAgeExclude:m},y=xs(s,A,r);let p=0;for(const R of $.values())p+=R.size;const k=!!process.stdout.isTTY&&!ae;let l;const S=k?(R,j)=>{l?l.rerender(M.createElement(Se,{current:R,total:j})):(process.stdout.write(`
24
- `),l=xe(M.createElement(Se,{current:R,total:j}),{interactive:!0,patchConsole:!1}))}:(R,j)=>{o.info(`Checking ${String(R)}/${String(j)} dependencies...`)};k||o.info(`Checking ${String(p)} catalog dependencies...
25
- `);const w=new Set;de("socket")&&w.add("socket"),de("depsDev")&&w.add("deps-dev");const E=n.security?.policies?.score?.minimum,C=vt(n.security,{disabled:w,minimumScore:E}),{checkedCount:b,failed:T,filteredByTarget:N,ignored:_,outdated:D}=await bt($,y,h,S,e,C,n.security?.acceptedRisks);l&&(l.clear(),l.unmount());const te=v?{ignored:[],outdated:[]}:Rt(e,{depFields:i.depFields,dev:s.dev,exclude:y.exclude,ignore:y.ignore,include:y.include,packageMode:y.packageMode,peer:x,prod:s.prod,target:y.target});if(te.outdated.length>0){const R=new Set(D.map(j=>`${j.catalogName}|${j.packageName}`));for(const j of te.outdated)R.has(`${j.catalogName}|${j.packageName}`)||D.push(j)}if(te.ignored.length>0)for(const R of te.ignored)_.includes(R)||_.push(R);const we=b-D.length-T.length;if(T.length>0&&o.warn(`Failed to fetch: ${T.join(", ")}`),_.length>0&&o.info(`Skipped ${String(_.length)} ignored package${_.length===1?"":"s"}: ${_.join(", ")}`),!k&&b>D.length){const R=[...$.values()].reduce((X,ce)=>X+ce.size,0),j=R>b?` (${String(R)} catalog entries, ${String(R-b)} duplicates)`:"";o.info(`Checked ${String(b)} unique packages${j}: ${String(D.length)} outdated, ${String(we)} up-to-date${T.length>0?`, ${String(T.length)} failed`:""}${N.length>0?`, ${String(N.length)} skipped by target`:""}`)}if(D.length===0)return N.length>0?o.info(`All catalog dependencies are up to date within the current target.
26
- ${String(N.length)} package${N.length===1?" has":"s have"} newer versions available with --target latest:
27
- ${N.map(R=>` ${R.packageName} ${R.currentRange} ${R.newRange} (${R.updateType})`).join(`
28
- `)}`):o.info("All catalog dependencies are up to date."),me;const F=s.format??i.format??"table";let W;if(s.ai){const R=Dt(s.aiType??"impact");W=await Ot(D,o,n.ai,R)}const ne=!!s.dryRun;if(!ne&&r.length>0&&s.marshallCheck!==!1){const R=await Vt(r);if(R.length>0){const j=await _t(R,{config:n?.security?.marshalls,workspaceRoot:e});if(!await Mt(j))return process.exitCode=1,{applied:!1,canceled:!0,jsonEmitted:!1}}}if(k&&F==="table"){const R=new Lt(D,W??null);let j;if(s.changelog){o.info("Fetching changelogs...");const I=await He(D,void 0,h);j=new Map;for(const B of I){const z=B.releaseUrl??B.repoUrl??B.npmUrl;z&&j.set(B.packageName,z)}}const X=n.tui?.autoExit??!1,ce=X===!0?3:typeof X=="number"?X:0,ve=await xe(M.createElement(Ht,{autoExitSeconds:ce,changelogUrls:j,checkedCount:b,filteredOutEntries:N,isDryRun:ne,store:R,totalCatalogEntries:p}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),le=process.stdout.columns||80;process.stdout.write(`
29
- `);for(const I of D){const B=I.vulnerabilities?.length||I.socketReport&&I.socketReport.alerts.length>0,z=!!I.acceptedRisk,ue=B?z?"✓":"⚠":"✓",it=z?"gray":I.updateType==="major"?"red":I.updateType==="minor"?"yellow":"green",oe=I.socketReport?.score.overall,at=oe===void 0?"":` [${String(Math.round(oe*100))}%]`,be=oe===void 0?void 0:At(oe);process.stdout.write(`${pe(M.createElement(L,null," ",M.createElement(L,{color:it},ue),` ${I.packageName} ${I.currentRange} → ${I.newRange}`,M.createElement(L,{dimColor:!0},` ${I.updateType}`),be?M.createElement(L,{color:be},at):null),{columns:le})}
30
- `)}if(process.stdout.write(`
31
- `),o.info(Fe(D,E)),b>D.length){const I=[...$.values()].reduce((z,ue)=>z+ue.size,0),B=I>b?` (${String(I)} catalog entries, ${String(I-b)} duplicates)`:"";o.log(),o.info(`Checked ${String(b)} unique packages${B}: ${String(we)} up-to-date${T.length>0?`, ${String(T.length)} failed`:""}`)}if(N.length>0){process.stdout.write(`
32
- `);const I=`${String(N.length)} package${N.length===1?"":"s"} skipped by target constraint (use --target latest to include):`;process.stdout.write(`${pe(M.createElement(L,{color:"yellow"},` ${I}`),{columns:le})}
33
- `);for(const B of N)process.stdout.write(`${pe(M.createElement(L,null," ",M.createElement(L,{dimColor:!0},B.packageName),` ${B.currentRange} ${B.newRange}`,M.createElement(L,{dimColor:!0},` ${B.updateType}`)),{columns:le})}
34
- `)}const se=Array.isArray(ve)?ve:[];if(se.length>0&&!ne){o.info(`
35
- Applying ${String(se.length)} updates...
36
- `);const I={...s,install:s.install??i.install};return await Me(e,t,se,I,o,h,n.editorconfig??!0),{applied:!0,canceled:!1,jsonEmitted:!1}}return{applied:!1,canceled:se.length===0,jsonEmitted:!1}}if(ne){if(F==="json"){const R={failed:T,filteredByTarget:N,ignored:_,outdated:D};W&&(R.aiAnalysis=W),process.stdout.write(`${JSON.stringify(R,void 0,2)}
37
- `)}else o.info(`Would update ${String(D.length)} dependencies:
38
- `),_e(D,T,F,o,E),W&&(o.info(""),o.info(Ae(W))),Ve(N,o);return{applied:!1,canceled:!1,jsonEmitted:F==="json"}}W&&F!=="json"&&(o.info(Ae(W)),o.info(""));let Y=D;if(s.interactive&&(Y=await xt(D),Y.length===0))return o.info("No updates selected."),{applied:!1,canceled:!0,jsonEmitted:!1};o.info(`Updating ${String(Y.length)} catalog dependencies...
39
- `),_e(Y,[],F,o,E),Ve(N,o);const rt={...s,install:s.install??i.install};return await Me(e,t,Y,rt,o,h),{applied:!0,canceled:!1,jsonEmitted:F==="json"}},Ss=async(e,t,n,s,r,o)=>{if(s["ignore-release-age"]===!0){const u=ke(e,t),f=typeof u.minutes=="number"&&u.minutes>0;if(f&&r.length>0){const g=r.map(m=>Je(m).name);ot(o,t,st(t,e,g))}else f&&o.warn(`${O("⚠")} --ignore-release-age without package names can't pre-exempt packages in pm-wrapper mode (vis doesn't know which will change). Pass explicit package names, use catalog mode, or lower the gate in ${nt[t]??"your package manager config"}.`)}const i={dev:s.dev,filters:q(s.filter),global:s.global,interactive:s.interactive,latest:s.latest||s.target==="latest",noOptional:s.optional===!1,noSave:s.save===!1,packages:r,prod:s.prod,recursive:s.recursive,workspaceRoot:s.workspaceRoot},{command:a,warnings:d}=Qt(t,n,i);for(const u of d)o.warn(u);const c=`${a.bin} ${a.args.join(" ")}`.trim();if(s.dryRun)return o.info(`Would run: ${c}`),me;o.info(`Running: ${c}`);try{const{code:u,output:f}=await ze(a.bin,a.args,{cwd:e,env:process.env});if(u!==0)return o.error(`
40
- ${G("")} Update failed (exit code ${String(u)})`),o.error(` Command: ${c}`),o.error(` Directory: ${e}
41
- `),process.exitCode=u,{applied:!1,canceled:!1,jsonEmitted:!1};s.peer!==!0&&Ge(f)&&o.info(Ke)}catch(u){const f=u.status??1;return o.error(`
42
- ${G("")} Update failed (exit code ${String(f)})`),o.error(` Command: ${c}`),o.error(` Directory: ${e}
43
- `),process.exitCode=f,{applied:!1,canceled:!1,jsonEmitted:!1}}return{applied:!0,canceled:!1,jsonEmitted:!1}},Es=async(e,t,n)=>{const s=e.latest===!0||e.target==="latest";if(t||!s||e.dryRun===!0||e.yes===!0||e.interactive===!0)return!0;if(!(process.stdout.isTTY&&!ae))return n.error(`${G("")} Refusing to run blanket --latest update in a non-interactive context.`),n.error(" Re-run with --yes to confirm, --dry-run to preview, or pass explicit package names."),process.exitCode=1,!1;const r=qe({input:process.stdin,output:process.stdout});try{const o=(await new Promise(i=>{r.question(`${O("")} About to upgrade ALL dependencies to their latest versions. This may include breaking changes.
44
- Continue? [y/N] `,i)})).trim().toLowerCase();return o==="y"||o==="yes"?!0:(n.info("Aborted."),!1)}finally{r.close()}},Cs=(e,t)=>{const n=new Set;e.actions===!1&&n.add("actions"),e.docker===!1&&n.add("docker"),e.gitlab===!1&&n.add("gitlab");const s=e.style??"sha";if(s!=="sha"&&s!=="preserve")throw new Error(`Invalid --style "${s}". Use: sha or preserve.`);const r=e.latest===!0?"latest":e.target??"latest";if(r!=="latest"&&r!=="minor"&&r!=="patch")throw new Error(`Invalid target "${r}". Use: latest, minor, or patch.`);const o=r,i=t.update??{};return{disabled:n,exclude:[...q(e.exclude),...q(i.exclude)],githubToken:e.actionsToken??void 0,gitlabToken:e.gitlabToken??void 0,include:q(e.include),includeBranches:e.includeBranches===!0,maxConcurrentRequests:typeof e.maxConcurrentRequests=="number"&&e.maxConcurrentRequests>0?e.maxConcurrentRequests:8,minAgeDays:typeof i.minimumReleaseAge=="number"&&i.minimumReleaseAge>0?i.minimumReleaseAge/1440:void 0,mode:o,respectDependabotConfig:!0,style:s}},Ts=(e,t)=>e.dryRun===!0||process.exitCode!==void 0&&process.exitCode!==0||t.canceled?!1:e.yes===!0?!0:e.interactive===!0&&!!process.stdout.isTTY&&!ae,js=async(e,t,n,s,r)=>{const o=Cs(t,n);if(o.disabled.size===3)return;let i;try{i=await gs({options:o,workspaceRoot:e})}catch(m){s.warn(`${O("⚠")} Ecosystem update scan failed: ${m.message}`);return}if(i.scanned===0)return i;const a=t.format??"table",d=!!t.dryRun,c=Ts(t,r);if(a==="json")r.jsonEmitted?s.warn(`${O("⚠")} ${String(i.updates.length)} ecosystem update${i.updates.length===1?"":"s"} available but not emitted in --format=json (catalog already wrote one JSON document). Rerun with --format=table or --no-catalog to see them.`):process.stdout.write(`${ys(i)}
45
- `);else if(a!=="minimal"){const m=$s(i,{previewOnly:!c&&!d,showIgnored:t.interactive===!0});m&&s.info(m)}if(i.updates.length===0)return i;if(d)return a==="minimal"&&s.info(`
46
- ${O("")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped not applied (--dry-run). Re-run without --dry-run and with \`--interactive\` or \`--yes\` to apply.`),i;if(!c)return a==="minimal"&&s.info(`
47
- ${O("ℹ")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped — not applied automatically. Re-run with \`--interactive\` to choose, or \`--yes\` to apply all (or \`--no-actions\` / \`--no-docker\` / \`--no-gitlab\` to silence by ecosystem).`),i;let u=i.updates;if(t.interactive===!0&&process.stdout.isTTY&&!ae&&(u=await vs(i.updates),u.length===0))return s.info(`${O("ℹ")} No ecosystem updates selected.`),i;const{applied:f,skipped:g}=jn(u);if(f.length>0&&s.info(`
48
- ${String(f.length)} ecosystem reference${f.length===1?"":"s"} updated.`),g.length>0){s.warn(`${O("⚠")} ${String(g.length)} ecosystem update${g.length===1?"":"s"} skipped:`);for(const m of g)s.warn(` ${m.update.name} (${m.update.file}:${String(m.update.line)}): ${m.reason}`)}return i},Is=e=>{const t=e.style;if(t!==void 0&&t!=="sha"&&t!=="preserve")throw new Error(`Invalid --style "${t}". Use: sha or preserve.`);const n=e.target;if(n!==void 0&&n!=="latest"&&n!=="minor"&&n!=="patch")throw new Error(`Invalid --target "${n}". Use: latest, minor, or patch.`)},Js=async({argument:e,logger:t,options:n,visConfig:s,workspaceRoot:r})=>{if(!r)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");Is(n);let o=e;const i=r,{packageManager:a}=ft(i);if(n.typosquatCheck!==!1){if(o.length>0){const u=o.map(m=>Je(m)),f=s?.security?.typosquatAllowlist,g=await qt(u.map(m=>m.name),f);if(!g.ok){process.exitCode=1;return}o=u.map((m,h)=>{const v=g.packages[h];return v!==m.name?m.versionSpec?`${v}@${m.versionSpec}`:v??"":o[h]??""})}else if(!await Wt(i,s?.security?.typosquatAllowlist)){process.exitCode=1;return}}if(n.rollback){if(!gt(i,a)){t.info("No backup found. Run 'vis update' first to create a backup.");return}if(mt(i,a))t.info("Restored from backup.");else throw new Error("Failed to restore from backup.");return}if(!await Es(n,o.length>0,t))return;const d=n.catalog!==!1&&ht(i,a);let c;if(d)c=await As(i,a,s??{},n,o,t);else{const u=Bt(i,{configBackend:s?.install?.backend,configCorepack:s?.install?.corepack}),f=u.name==="aube"?"":$t(u.name);c=await Ss(i,u.name,f,n,o,t)}o.length===0&&await js(i,n,s??{},t,c)};export{st as addReleaseAgeExcludesForInstall,Js as default,Ks as formatMinutesAsTimeString,bs as parseNpmReleaseAgeValue,tt as parseTimeStringToMinutes,ke as readPmNativeMinimumReleaseAge,Es as requireBlanketUpdateConfirmation,js as runEcosystemUpdate,Ts as shouldApplyEcosystem};
1
+ import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/index.server-J83sowC4.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-OQZQyN5R.js";import{I as De}from"../packem_shared/bin-CnDBuLh3.js";import{whichBin as Pt}from"#native";import{r as zt,R as Wt,b as _t}from"../packem_shared/ai-analysis-CubpCxZJ.js";import{aa as Ht,a8 as Ut,a9 as Ft,az as Gt,u as Ve,i as Bt,W as Kt,aO as qt,p as u,l as Qe,c as Jt,N as Yt,f as Zt,S as Xe,b as Qt,O as Xt,a0 as ei,Y as ti,_ as ii}from"./cli-main.js";import"../packem_shared/public-api-WqUCiyIe.js";import{w as ai,M as ni}from"../packem_shared/pm-runner-Dws_Bw1y.js";import{s as L}from"../packem_shared/index-Cb4x6lWY.js";import{c as gt,s as he,p as ri,e as oi,g as si}from"../packem_shared/index-BKFEWXU_.js";import{d as ci}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as li,b as pi}from"../packem_shared/cyclonedx-NUJ9R2GQ.js";import{s as fi}from"../packem_shared/scan-progress-CN9ONR0y.js";import{r as ui,A as et,q as tt}from"../packem_shared/advisories-aiDtubZQ.js";import{a as ut}from"../packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js";import{l as mi,f as hi,a as vi}from"../packem_shared/dependency-scan-B0HV_qeB.js";import{r as wi}from"../packem_shared/manifests-pLwnVmCN.js";import{l as $i,p as Si,O as Ni}from"../packem_shared/osv-bloom-OuTfu_LE.js";const Ot=Et(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Y=e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,i]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ee.getBuiltinModule(e)}return Ot(e)},{spawnSync:Dt}=Y("node:child_process"),{createInterface:Mt}=Y("node:readline"),{stripVTControlCharacters:Vt}=Y("node:util"),{createHash:di}=Y("node:crypto"),{relative:ft,join:gi}=Y("node:path"),{readFileSync:mt,existsSync:yi,writeFileSync:bi,renameSync:xi,unlinkSync:ki}=Y("node:fs"),it=(e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const i=[];for(const a of Lt(e,t))i.push(a.path);return i},xe=e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,Ai=e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all",Ci=(e,t)=>{if(Ai(t))return e;const i=String(t).trim();if(/^\d+$/.test(i)){const n=Number.parseInt(i,10)-1,o=e[n];return o?[o]:[]}const a=i.toLowerCase();return e.filter(n=>{const{aliases:o,id:r}=n.vulnerability;return r.toLowerCase()===a||(o??[]).some(c=>c.toLowerCase()===a)})},Ri=e=>{const{packageName:t,packageVersion:i,vulnerability:a}=e,n=(a.aliases??[]).join(", ")||"none",o=(a.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
2
+
3
+ Package: ${t}@${i}
4
+ Advisory: ${a.id} (aliases: ${n})
5
+ Severity: ${a.severity}
6
+ Fixed in: ${o}
7
+ Summary: ${a.summary}
8
+
9
+ Respond ONLY with valid JSON in this exact structure, each value 1-3 plain sentences, no markdown:
10
+ {
11
+ "whatItIs": "what the vulnerability is and how it is exploited",
12
+ "areYouAtRisk": "what usage pattern makes an app actually exposed; be honest that lockfile presence alone is not exploitation",
13
+ "whatToDo": "the concrete remediation step"
14
+ }`},me=e=>Vt(e).replaceAll(/[\u0000-\u0008\u000B-\u001F\u007F]/gu,"").trim(),Ii=e=>`What it is: ${e.whatItIs}
15
+ Are you at risk: ${e.areYouAtRisk}
16
+ What to do: ${e.whatToDo}`,ji=e=>{const t=_t(e);if(t&&typeof t=="object"){const i=t,a=typeof i.whatItIs=="string"?me(i.whatItIs):"",n=typeof i.areYouAtRisk=="string"?me(i.areYouAtRisk):"",o=typeof i.whatToDo=="string"?me(i.whatToDo):"";if(a||n||o)return Ii({areYouAtRisk:n,whatItIs:a,whatToDo:o})}return me(e)},Ei=async(e,t,i)=>{let a=0;const n=Array.from({length:Math.min(t,e.length)},async()=>{for(;a<e.length;){const o=a;a+=1;const r=e[o];r!==void 0&&await i(r)}});await Promise.all(n)},Oi=3,Di={resolveProvider:Wt,runWithRetry:zt},Mi=async(e,t,i,a=Di)=>{const n=new Map;if(e.length===0)return n;const o=a.resolveProvider(t);if(!o)return i?.info?.("No AI CLI provider found on PATH — skipping --explain."),n;const r=Gt("security",t?.cacheTtl);return await Ei(e,Oi,async c=>{const l=xe(c),d=Ht({id:c.vulnerability.id,kind:"audit-explain",name:c.packageName,provider:o.name,version:c.packageVersion}),m=Ut(d);if(typeof m=="string"){n.set(l,m);return}try{const b=await a.runWithRetry(o,Ri(c)),h=ji(b);h&&(n.set(l,h),Ft(d,h,r))}catch(b){const h=b instanceof Error?b.message:String(b);i?.warn?.(`Explain failed for ${c.vulnerability.id} (${h}).`)}}),n},ke=e=>Array.isArray(e)?e.filter(t=>typeof t=="string"):[],Me=(e,t)=>{for(const i of t)if(i===e||i.endsWith("*")&&e.startsWith(i.slice(0,-1)))return!0;return!1},ht=e=>{const t=z(e,"pnpm-workspace.yaml");if(!J(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const i=Ve(t);return{excludedPackages:[],ignoredAdvisories:[...ke(i?.auditConfig?.ignoreCves),...ke(i?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},vt=e=>{const t=z(e,".yarnrc.yml");if(!J(t))return{excludedPackages:[],ignoredAdvisories:[]};try{const i=Ve(t);return{excludedPackages:ke(i?.npmAuditExcludePackages),ignoredAdvisories:ke(i?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},Li=(e,t)=>{switch(t){case"pnpm":return ht(e);case"yarn":return vt(e);default:return{excludedPackages:[],ignoredAdvisories:[]}}},ae=(e,t,i)=>{if(Me(e,t.ignoredAdvisories))return!0;if(i){for(const a of i)if(Me(a,t.ignoredAdvisories))return!0}return!1},Ti=(e,t)=>Me(e,t.excludedPackages),Pi=(e,t,i)=>{if(i.length===0)return["No advisory IDs to sync."];const a=[];switch(e){case"bun":{a.push(`bun has no audit config file. Use CLI flags: bun audit ${i.map(n=>`--ignore ${n}`).join(" ")}`);break}case"npm":{a.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const n=z(t,"pnpm-workspace.yaml");if(!J(n)){a.push("pnpm-workspace.yaml not found. Cannot sync.");break}const o=ht(t),r=new Set(o.ignoredAdvisories.filter(g=>g.startsWith("CVE-"))),c=new Set(o.ignoredAdvisories.filter(g=>g.startsWith("GHSA-"))),l=i.filter(g=>g.startsWith("CVE-")),d=i.filter(g=>g.startsWith("GHSA-")),m=[...new Set([...r,...l])],b=[...new Set([...c,...d])],h=l.filter(g=>!r.has(g)).length,v=d.filter(g=>!c.has(g)).length;if(h===0&&v===0){a.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let y=be(n);if(m.length>0){const g=` ignoreCves:
17
+ ${m.map($=>` - ${$}`).join(`
18
+ `)}
19
+ `;/auditConfig:/.test(y)?y=/ignoreCves:/.test(y)?y.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,g):y.replace(/auditConfig:\s*\n/,`auditConfig:
20
+ ${g}`):y=`${y.trimEnd()}
21
+
22
+ auditConfig:
23
+ ${g}`,h>0&&a.push(`Added ${String(h)} new CVE${h===1?"":"s"} to pnpm-workspace.yaml (${String(m.length)} total)`)}if(b.length>0){const g=` ignoreGhsas:
24
+ ${b.map($=>` - ${$}`).join(`
25
+ `)}
26
+ `;/auditConfig:/.test(y)&&(y=/ignoreGhsas:/.test(y)?y.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,g):y.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${g}$2`)),v>0&&a.push(`Added ${String(v)} new GHSA${v===1?"":"s"} to pnpm-workspace.yaml (${String(b.length)} total)`)}Ze(n,y);break}case"yarn":{const n=z(t,".yarnrc.yml");if(!J(n)){a.push(".yarnrc.yml not found. Cannot sync.");break}const o=vt(t),r=new Set(o.ignoredAdvisories),c=[...new Set([...r,...i])],l=i.filter(b=>!r.has(b)).length;if(l===0){a.push("All advisory IDs already present in .yarnrc.yml.");break}let d=be(n);const m=`npmAuditIgnoreAdvisories:
27
+ ${c.map(b=>` - "${b}"`).join(`
28
+ `)}
29
+ `;d=/npmAuditIgnoreAdvisories:/.test(d)?d.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,m):`${d.trimEnd()}
30
+
31
+ ${m}`,Ze(n,d),a.push(`Synced ${String(l)} advisor${l===1?"y":"ies"} to .yarnrc.yml (${String(c.length)} total)`);break}default:a.push(`Unknown package manager: ${e}`)}return a},Vi="1.0",zi=e=>{const{bloomHits:t,duplicates:i,explanations:a,filtered:n,now:o,packagesScanned:r,policyDecisions:c,tool:l,unknownPolicyTokens:d,workspaceRoot:m}=e,b=n.map(g=>({acceptedRisk:g.acceptedRisk??null,dependencyPaths:g.dependencyPaths?g.dependencyPaths.map($=>$.map(x=>({name:x.name,version:x.version}))):[],name:g.name,socketAlerts:g.socketReport?.alerts??[],socketScore:g.socketReport?.score.overall??null,version:g.version,vulnerabilities:g.vulnerabilities.map($=>{const x=a.get(xe({packageName:g.name,packageVersion:g.version,vulnerability:$}));return x?{...$,explanation:x}:{...$}})})),h=c.map(g=>({acceptedRisk:g.acceptedRisk??null,data:g.data??null,packageName:g.packageName,policy:g.policy,reason:g.reason,severity:g.severity,version:g.version})),v={accepted:b.filter(g=>g.acceptedRisk!==null).length,duplicatePackages:i.length,issues:b.filter(g=>g.acceptedRisk===null).length,policyBlocks:h.filter(g=>g.severity==="block"&&g.acceptedRisk===null).length,policyDecisions:h.length,total:b.length},y=d.map(g=>({kind:"unknown-policy",token:g}));return{bloomHits:t.map(g=>({name:g.name,version:g.version})),duplicates:i.map(g=>({name:g.name,versionCount:g.versions.length,versions:[...g.versions]})),generatedAt:(o??new Date).toISOString(),packages:r,policies:h,results:b,schemaVersion:Vi,summary:v,tool:l,warnings:y,workspaceRoot:m}},Wi=["CRITICAL","HIGH","MODERATE","LOW","UNKNOWN"],_i={CRITICAL:"error",HIGH:"error",LOW:"note",MODERATE:"warning",UNKNOWN:"none"},Hi={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"none"},Ui={CRITICAL:9.5,HIGH:8,LOW:2.5,MODERATE:5.5,UNKNOWN:0},Fi=e=>_i[e],Le=e=>Hi[e],Gi=e=>Ui[e],ze=e=>typeof e.cvssScore=="number"&&Number.isFinite(e.cvssScore)?e.cvssScore:Gi(e.severity),Bi=e=>ze(e).toFixed(1),T=e=>e.startsWith("CVE-")?`https://nvd.nist.gov/vuln/detail/${e}`:e.startsWith("GHSA-")?`https://github.com/advisories/${e}`:`https://osv.dev/vulnerability/${e}`,ve=e=>e.startsWith("CVE-")?"NVD":e.startsWith("GHSA-")?"GitHub Advisory Database":"OSV";var Ki=`/*! tailwindcss v4.3.0 | MIT License | https://tailwindcss.com */
32
+ @layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){*,:before,:after,::backdrop{--tw-rotate-x:initial;--tw-rotate-y:initial;--tw-rotate-z:initial;--tw-skew-x:initial;--tw-skew-y:initial;--tw-space-y-reverse:0;--tw-border-style:solid;--tw-leading:initial;--tw-font-weight:initial;--tw-tracking:initial;--tw-ordinal:initial;--tw-slashed-zero:initial;--tw-numeric-figure:initial;--tw-numeric-spacing:initial;--tw-numeric-fraction:initial;--tw-shadow:0 0 #0000;--tw-shadow-color:initial;--tw-shadow-alpha:100%;--tw-inset-shadow:0 0 #0000;--tw-inset-shadow-color:initial;--tw-inset-shadow-alpha:100%;--tw-ring-color:initial;--tw-ring-shadow:0 0 #0000;--tw-inset-ring-color:initial;--tw-inset-ring-shadow:0 0 #0000;--tw-ring-inset:initial;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-offset-shadow:0 0 #0000;--tw-outline-style:solid;--tw-blur:initial;--tw-brightness:initial;--tw-contrast:initial;--tw-grayscale:initial;--tw-hue-rotate:initial;--tw-invert:initial;--tw-opacity:initial;--tw-saturate:initial;--tw-sepia:initial;--tw-drop-shadow:initial;--tw-drop-shadow-color:initial;--tw-drop-shadow-alpha:100%;--tw-drop-shadow-size:initial;--tw-backdrop-blur:initial;--tw-backdrop-brightness:initial;--tw-backdrop-contrast:initial;--tw-backdrop-grayscale:initial;--tw-backdrop-hue-rotate:initial;--tw-backdrop-invert:initial;--tw-backdrop-opacity:initial;--tw-backdrop-saturate:initial;--tw-backdrop-sepia:initial;--tw-duration:initial;--tw-content:""}}}@layer theme{:root,:host{--font-sans:ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-mono:ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--color-white:#fff;--spacing:.25rem;--text-sm:.875rem;--text-sm--line-height:calc(1.25 / .875);--font-weight-light:300;--font-weight-medium:500;--font-weight-semibold:600;--font-weight-bold:700;--tracking-tight:-.025em;--tracking-normal:0em;--leading-tight:1.25;--leading-snug:1.375;--radius-sm:.25rem;--ease-out:cubic-bezier(0, 0, .2, 1);--blur-sm:8px;--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:var(--font-sans);--default-mono-font-family:var(--font-mono)}}@layer base{*,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab, red, red)){::placeholder{color:color-mix(in oklab, currentcolor 50%, transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){appearance:button}::file-selector-button{appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}:root{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d;--mono:ui-monospace, "SF Mono", "JetBrains Mono", "Cascadia Mono", "Roboto Mono", Menlo, Consolas, monospace;--sans:system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", sans-serif}@media (prefers-color-scheme:dark){:root{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}}html[data-theme=light]{--bg:#f5f5f5;--panel:#fff;--panel2:#f0f0f0;--fg:#000;--muted:#555;--faint:#707070;--border:#e0e0e0;--border2:#bdbdbd;--row-hover:#f0f0f0;--accent:#d71921;--accent-soft:#d719210d;--link:#0050c0;--critical:#d71921;--high:#8a5a00;--medium:#555;--low:#707070;--unknown:#707070;--major:#d71921;--minor:#1f7a3d}html[data-theme=dark]{--bg:#141414;--panel:#1c1c1c;--panel2:#242424;--fg:#fff;--muted:#b8b8b8;--faint:#8a8a8a;--border:#2e2e2e;--border2:#3e3e3e;--row-hover:#1f1f1f;--accent:#ff4d54;--accent-soft:#ff4d5414;--link:#7eb0f9;--critical:#ff4d54;--high:#e0b860;--medium:#b8b8b8;--low:#8a8a8a;--unknown:#8a8a8a;--major:#ff4d54;--minor:#6dbf80}*{box-sizing:border-box}html{-webkit-text-size-adjust:100%}body{font-family:var(--sans);background-color:var(--bg);background-image:radial-gradient(circle, var(--border) .5px, transparent .5px);color:var(--fg);-webkit-font-smoothing:antialiased;font-feature-settings:"ss01";background-size:14px 14px;margin:0;padding:24px;line-height:1.5}a{color:var(--link);text-decoration:none}code{font-family:var(--mono);font-size:12px}h2{font-family:var(--mono);letter-spacing:.16em;text-transform:uppercase;color:var(--muted);margin:48px 0 14px;font-size:11px;font-weight:500}input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select{appearance:none;--tw-shadow:0 0 #0000;background-color:#fff;border-width:1px;border-color:oklch(55.1% .027 264.364);border-radius:0;padding:.5rem .75rem;font-size:1rem;line-height:1.5rem}:is(input:where([type=text]),input:where(:not([type])),input:where([type=email]),input:where([type=url]),input:where([type=password]),input:where([type=number]),input:where([type=date]),input:where([type=datetime-local]),input:where([type=month]),input:where([type=search]),input:where([type=tel]),input:where([type=time]),input:where([type=week]),select:where([multiple]),textarea,select):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);border-color:oklch(54.6% .245 262.881);outline:2px solid #0000}input::placeholder,textarea::placeholder{color:oklch(55.1% .027 264.364);opacity:1}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-date-and-time-value{min-height:1.5em}::-webkit-date-and-time-value{text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-year-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-month-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-day-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-hour-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-minute-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-second-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-millisecond-field{padding-top:0;padding-bottom:0}::-webkit-datetime-edit-meridiem-field{padding-top:0;padding-bottom:0}select{-webkit-print-color-adjust:exact;print-color-adjust:exact;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 20 20'%3e%3cpath stroke='oklch(55.1%25 0.027 264.364)' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' d='M6 8l4 4 4-4'/%3e%3c/svg%3e");background-position:right .5rem center;background-repeat:no-repeat;background-size:1.5em 1.5em;padding-right:2.5rem}select:where([multiple]),select:where([size]:not([size="1"])){background-image:initial;background-position:initial;background-repeat:unset;background-size:initial;print-color-adjust:unset;padding-right:.75rem}input:where([type=checkbox]),input:where([type=radio]){appearance:none;-webkit-print-color-adjust:exact;print-color-adjust:exact;vertical-align:middle;-webkit-user-select:none;user-select:none;color:oklch(54.6% .245 262.881);--tw-shadow:0 0 #0000;background-color:#fff;background-origin:border-box;border-width:1px;border-color:oklch(55.1% .027 264.364);flex-shrink:0;width:1rem;height:1rem;padding:0;display:inline-block}input:where([type=checkbox]){border-radius:0}input:where([type=radio]){border-radius:100%}input:where([type=checkbox]):focus,input:where([type=radio]):focus{outline-offset:2px;--tw-ring-inset:var(--tw-empty, );--tw-ring-offset-width:2px;--tw-ring-offset-color:#fff;--tw-ring-color:oklch(54.6% .245 262.881);--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color);box-shadow:var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);outline:2px solid #0000}input:where([type=checkbox]):checked,input:where([type=radio]):checked{background-color:currentColor;background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}input:where([type=checkbox]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3cpath d='M12.207 4.793a1 1 0 010 1.414l-5 5a1 1 0 01-1.414 0l-2-2a1 1 0 011.414-1.414L6.5 9.086l4.293-4.293a1 1 0 011.414 0z'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=checkbox]):checked{appearance:auto}}input:where([type=radio]):checked{background-image:url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='white' xmlns='http://www.w3.org/2000/svg'%3e%3ccircle cx='8' cy='8' r='3'/%3e%3c/svg%3e")}@media (forced-colors:active){input:where([type=radio]):checked{appearance:auto}}input:where([type=checkbox]):checked:hover,input:where([type=checkbox]):checked:focus,input:where([type=radio]):checked:hover,input:where([type=radio]):checked:focus{background-color:currentColor;border-color:#0000}input:where([type=checkbox]):indeterminate{background-color:currentColor;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' fill='none' viewBox='0 0 16 16'%3e%3cpath stroke='white' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='M4 8h8'/%3e%3c/svg%3e");background-position:50%;background-repeat:no-repeat;background-size:100% 100%;border-color:#0000}@media (forced-colors:active){input:where([type=checkbox]):indeterminate{appearance:auto}}input:where([type=checkbox]):indeterminate:hover,input:where([type=checkbox]):indeterminate:focus{background-color:currentColor;border-color:#0000}input:where([type=file]){background:unset;border-color:inherit;font-size:unset;line-height:inherit;border-width:0;border-radius:0;padding:0}input:where([type=file]):focus{outline:1px solid buttontext;outline:1px auto -webkit-focus-ring-color}}@layer components{.masthead{border-bottom:1px solid var(--border)}.brand{font-family:var(--sans);color:var(--fg);font-size:clamp(30px,5vw,52px);font-weight:600}.brand .slash{color:var(--accent)}.brand .sub{font-family:var(--mono);letter-spacing:.22em;color:var(--faint)}.chip{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2)}.tbtn{font-family:var(--mono);letter-spacing:.08em;color:var(--muted);border:1px solid var(--border2);transition:border-color .2s,color .2s}.tbtn:hover{color:var(--fg);border-color:var(--fg)}.tbtn-theme{min-width:28px}.tbtn-theme .ticon{line-height:0}.tbtn-theme .ticon-sun{display:none}@media (prefers-color-scheme:dark){.tbtn-theme .ticon-moon{display:none}.tbtn-theme .ticon-sun{display:inline-flex}}html[data-theme=light] .tbtn-theme .ticon-moon{display:inline-flex}html[data-theme=light] .tbtn-theme .ticon-sun,html[data-theme=dark] .tbtn-theme .ticon-moon{display:none}html[data-theme=dark] .tbtn-theme .ticon-sun{display:inline-flex}.verdict{padding:56px 0 36px}.verdict .vnum{font-family:var(--mono);letter-spacing:-.04em;color:var(--fg);font-variant-numeric:tabular-nums;font-size:clamp(64px,14vw,148px);line-height:.85}.verdict .vsub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}.verdict-crit .vnum{color:var(--accent)}.verdict-high .vnum{color:var(--high)}.debugbar{border-bottom:1px solid var(--border)}.dseg+.dseg{border-left:1px solid var(--border);padding-left:1.75rem}.dseg .dk{font-family:var(--mono);letter-spacing:.13em;color:var(--faint)}.dseg .dv{font-family:var(--mono);color:var(--fg);font-variant-numeric:tabular-nums;letter-spacing:-.01em;font-weight:400}.dseg .dvsep{color:var(--faint)}.dseg .dot{background:var(--unknown)}.dseg-critical .dv{color:var(--critical)}.dseg-high .dv{color:var(--high)}.dseg-moderate .dv{color:var(--medium)}.dseg-low .dv{color:var(--low)}.dseg-ok .dot{background:var(--minor)}.dseg-ok .dv,.dseg-fixable .dv{color:var(--minor)}.field{border-bottom:1px solid var(--border2);background:0 0;transition:border-color .2s}.field:focus-within{border-bottom-color:var(--fg)}.field .prompt{font-family:var(--mono);letter-spacing:.12em;color:var(--faint)}.field input,.field select{font-family:var(--mono);color:var(--fg)}.field.sel{margin-left:32px}.field select{text-transform:uppercase;letter-spacing:.06em;font-size:11px}.field select option{background:var(--panel);color:var(--fg);text-transform:none;letter-spacing:0}.field input::placeholder{color:var(--faint);text-transform:uppercase;letter-spacing:.06em;font-size:11px}#findings{border-collapse:collapse}#findings thead th{font-family:var(--mono);letter-spacing:.11em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#findings td,#findings tbody tr:last-child td{border-bottom:1px solid var(--border)}.finding-row:hover td{background:var(--row-hover)}.sev-cell{box-shadow:inset 2px 0 0 var(--border2)}tr[data-severity=CRITICAL] .sev-cell{box-shadow:inset 2px 0 0 var(--critical)}tr[data-severity=HIGH] .sev-cell{box-shadow:inset 2px 0 0 var(--high)}tr[data-severity=MODERATE] .sev-cell{box-shadow:inset 2px 0 0 var(--medium)}tr[data-severity=LOW] .sev-cell{box-shadow:inset 2px 0 0 var(--low)}tr[data-severity=UNKNOWN] .sev-cell{box-shadow:inset 2px 0 0 var(--unknown)}.ack-row td{opacity:.4}.ack-row .summary-cell,.ack-row a{color:var(--muted)}code.pkg{color:var(--fg)}code.ver,code.fix{color:var(--muted)}code.fix{color:var(--minor)}code.copyable{cursor:copy;padding-inline:calc(var(--spacing) * 2);padding-block:calc(var(--spacing) * 1);white-space:nowrap;color:var(--fg);border:1px solid var(--border2);background:0 0;border-radius:3px;font-size:12px;transition:border-color .2s,color .2s;display:inline-block}code.copyable:hover{border-color:var(--fg)}code.copyable.copied{color:var(--minor);border-color:var(--minor)}.adv-cell a{font-family:var(--mono);color:var(--link);border-bottom:1px solid #0000;transition:border-color .2s}.adv-cell a:hover{border-bottom-color:var(--link)}.summary-cell{font-family:var(--sans);color:var(--muted);line-height:1.5}.muted{font-family:var(--mono);letter-spacing:.06em;color:var(--faint)}.ack{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);border:1px solid var(--border2)}.badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.badge:before{content:"";background:currentColor;width:5px;height:5px}.badge-critical{color:var(--critical)}.badge-high{color:var(--high)}.badge-moderate{color:var(--medium)}.badge-low{color:var(--low)}.badge-unknown{color:var(--unknown)}.marker{font-family:var(--mono);letter-spacing:.09em}.marker-major{color:var(--major)}.marker-minor-patch{color:var(--minor)}.marker-unknown{color:var(--unknown)}.empty{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border);border-bottom:1px solid var(--border)}.clean{padding-top:96px;padding-bottom:96px}.clean .big{font-family:var(--mono);letter-spacing:-.03em;color:var(--fg);font-size:clamp(56px,12vw,128px);line-height:1}.clean .sub{font-family:var(--mono);letter-spacing:.16em;color:var(--faint)}#policies{border-collapse:collapse}#policies th{font-family:var(--mono);letter-spacing:.12em;color:var(--faint);background:var(--bg);border-bottom:1px solid var(--border2)}#policies td,#policies tr:last-child td{border-bottom:1px solid var(--border)}#policies code{letter-spacing:.04em;color:var(--muted)}.policy-badge{font-family:var(--mono);letter-spacing:.1em;border:1px solid}.policy-badge:before{content:"";background:currentColor;width:5px;height:5px}.policy-block{color:var(--accent)}.policy-warn{color:var(--high)}.policy-info{color:var(--muted)}.hint{font-family:var(--mono);letter-spacing:.1em;color:var(--faint)}.kbd{font-family:var(--mono);letter-spacing:.06em;color:var(--muted);background:var(--panel2);border:1px solid var(--border2)}.explain-row td{border-top:1px dotted var(--accent);border-bottom:1px solid var(--border);box-shadow:inset 2px 0 0 var(--accent);background:0 0}.finding-row:has(+.explain-row) td{border-bottom:none}.explain-row details{background:0 0}.explain-row summary::-webkit-details-marker{display:none}.intel-tag{font-family:var(--mono);letter-spacing:.16em;color:var(--accent)}.intel-hint{font-family:var(--mono);letter-spacing:.1em;color:var(--muted)}.explain-row details[open] summary .intel-hint:after{content:" [-]"}.explain-row details:not([open]) summary .intel-hint:after{content:" [+]"}.explain-body{animation:.2s both rise}.intel-key{font-family:var(--mono);letter-spacing:.12em;color:var(--accent)}.intel-val{font-family:var(--sans);color:var(--fg);line-height:1.55}.intel-prose{color:var(--muted);grid-template-columns:1fr}.intel-prose .intel-val{color:var(--muted)}.sig{font-family:var(--mono);letter-spacing:.1em;color:var(--faint);border-top:1px solid var(--border)}.sig b{color:var(--muted);font-weight:500}.sig-by{color:var(--muted)}.anolilab-logo{width:auto;height:13px;fill:var(--fg)}.anolilab-accent{fill:#dfff1b}@keyframes rise{0%{opacity:0;transform:translateY(4px)}to{opacity:1;transform:none}}@media (prefers-reduced-motion:reduce){.explain-body{animation:none}}}@layer utilities{.pointer-events-auto{pointer-events:auto}.pointer-events-none{pointer-events:none}.collapse{visibility:collapse}.invisible{visibility:hidden}.visible{visibility:visible}.absolute{position:absolute}.fixed{position:fixed}.relative{position:relative}.static{position:static}.sticky{position:sticky}.inset-0{inset:calc(var(--spacing) * 0)}.inset-x-0{inset-inline:calc(var(--spacing) * 0)}.top-0{top:calc(var(--spacing) * 0)}.top-3{top:calc(var(--spacing) * 3)}.top-4{top:calc(var(--spacing) * 4)}.top-full{top:100%}.right-0{right:calc(var(--spacing) * 0)}.right-4{right:calc(var(--spacing) * 4)}.bottom-4{bottom:calc(var(--spacing) * 4)}.bottom-5{bottom:calc(var(--spacing) * 5)}.left-0{left:calc(var(--spacing) * 0)}.left-4{left:calc(var(--spacing) * 4)}.isolate{isolation:isolate}.z-20{z-index:20}.z-30{z-index:30}.z-\\[2\\]{z-index:2}.container{width:100%}@media (min-width:40rem){.container{max-width:40rem}}@media (min-width:48rem){.container{max-width:48rem}}@media (min-width:64rem){.container{max-width:64rem}}@media (min-width:80rem){.container{max-width:80rem}}@media (min-width:96rem){.container{max-width:96rem}}.m-8{margin:calc(var(--spacing) * 8)}.m-9{margin:calc(var(--spacing) * 9)}.mx-1{margin-inline:calc(var(--spacing) * 1)}.mx-12{margin-inline:calc(var(--spacing) * 12)}.mx-\\[0\\.12em\\]{margin-inline:.12em}.mx-auto{margin-inline:auto}.mt-1{margin-top:calc(var(--spacing) * 1)}.mt-2{margin-top:calc(var(--spacing) * 2)}.mt-3{margin-top:calc(var(--spacing) * 3)}.mt-4{margin-top:calc(var(--spacing) * 4)}.mt-6{margin-top:calc(var(--spacing) * 6)}.mt-12{margin-top:calc(var(--spacing) * 12)}.mb-1{margin-bottom:calc(var(--spacing) * 1)}.mb-2{margin-bottom:calc(var(--spacing) * 2)}.mb-3{margin-bottom:calc(var(--spacing) * 3)}.mb-4{margin-bottom:calc(var(--spacing) * 4)}.mb-6{margin-bottom:calc(var(--spacing) * 6)}.mb-10{margin-bottom:calc(var(--spacing) * 10)}.ml-2{margin-left:calc(var(--spacing) * 2)}.ml-8{margin-left:calc(var(--spacing) * 8)}.ml-auto{margin-left:auto}.block{display:block}.contents{display:contents}.flex{display:flex}.grid{display:grid}.hidden{display:none}.inline{display:inline}.inline-block{display:inline-block}.inline-flex{display:inline-flex}.table{display:table}.size-\\[7px\\]{width:7px;height:7px}.h-2{height:calc(var(--spacing) * 2)}.h-5{height:calc(var(--spacing) * 5)}.h-7{height:calc(var(--spacing) * 7)}.h-9{height:calc(var(--spacing) * 9)}.h-10{height:calc(var(--spacing) * 10)}.h-11{height:calc(var(--spacing) * 11)}.h-\\[6px\\]{height:6px}.h-\\[7px\\]{height:7px}.h-\\[8px\\]{height:8px}.h-\\[10px\\]{height:10px}.h-\\[18px\\]{height:18px}.h-full{height:100%}.h-px{height:1px}.max-h-72{max-height:calc(var(--spacing) * 72)}.min-h-\\[400px\\]{min-height:400px}.min-h-\\[480px\\]{min-height:480px}.min-h-screen{min-height:100vh}.w-2{width:calc(var(--spacing) * 2)}.w-3{width:calc(var(--spacing) * 3)}.w-4{width:calc(var(--spacing) * 4)}.w-7{width:calc(var(--spacing) * 7)}.w-9{width:calc(var(--spacing) * 9)}.w-\\[7px\\]{width:7px}.w-\\[8px\\]{width:8px}.w-full{width:100%}.w-px{width:1px}.max-w-\\[380px\\]{max-width:380px}.max-w-\\[1080px\\]{max-width:1080px}.min-w-0{min-width:calc(var(--spacing) * 0)}.min-w-5{min-width:calc(var(--spacing) * 5)}.min-w-\\[200px\\]{min-width:200px}.min-w-\\[220px\\]{min-width:220px}.min-w-\\[260px\\]{min-width:260px}.flex-1{flex:1}.flex-\\[1_1_280px\\]{flex:280px}.flex-auto{flex:auto}.flex-none{flex:none}.shrink{flex-shrink:1}.shrink-0{flex-shrink:0}.grow{flex-grow:1}.caption-bottom{caption-side:bottom}.border-collapse{border-collapse:collapse}.transform{transform:var(--tw-rotate-x,) var(--tw-rotate-y,) var(--tw-rotate-z,) var(--tw-skew-x,) var(--tw-skew-y,)}.cursor-move{cursor:move}.cursor-pointer{cursor:pointer}.resize{resize:both}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.grid-cols-\\[72px_1fr\\]{grid-template-columns:72px 1fr}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-baseline{align-items:baseline}.items-center{align-items:center}.items-end{align-items:flex-end}.items-start{align-items:flex-start}.items-stretch{align-items:stretch}.justify-between{justify-content:space-between}.justify-center{justify-content:center}.gap-0{gap:calc(var(--spacing) * 0)}.gap-1{gap:calc(var(--spacing) * 1)}.gap-1\\.5{gap:calc(var(--spacing) * 1.5)}.gap-2{gap:calc(var(--spacing) * 2)}.gap-3{gap:calc(var(--spacing) * 3)}.gap-4{gap:calc(var(--spacing) * 4)}.gap-6{gap:calc(var(--spacing) * 6)}.gap-8{gap:calc(var(--spacing) * 8)}.gap-12{gap:calc(var(--spacing) * 12)}.gap-16{gap:calc(var(--spacing) * 16)}.gap-\\[0\\.65rem\\]{gap:.65rem}.gap-\\[2px\\]{gap:2px}.gap-\\[7px\\]{gap:7px}.gap-px{gap:1px}:where(.space-y-0\\.5>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * .5) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * .5) * calc(1 - var(--tw-space-y-reverse)))}.gap-x-3{column-gap:calc(var(--spacing) * 3)}.gap-x-6{column-gap:calc(var(--spacing) * 6)}.gap-y-1{row-gap:calc(var(--spacing) * 1)}.gap-y-2{row-gap:calc(var(--spacing) * 2)}.gap-y-3{row-gap:calc(var(--spacing) * 3)}.self-center{align-self:center}.truncate{text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.overflow-auto{overflow:auto}.overflow-y-auto{overflow-y:auto}.rounded{border-radius:.25rem}.rounded-\\[3px\\]{border-radius:3px}.rounded-\\[4px\\]{border-radius:4px}.rounded-full{border-radius:3.40282e38px}.rounded-sm{border-radius:var(--radius-sm)}.border{border-style:var(--tw-border-style);border-width:1px}.border-0{border-style:var(--tw-border-style);border-width:0}.border-t{border-top-style:var(--tw-border-style);border-top-width:1px}.border-b{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}.border-l-2{border-left-style:var(--tw-border-style);border-left-width:2px}.border-dashed{--tw-border-style:dashed;border-style:dashed}.bg-transparent{background-color:#0000}.p-0{padding:calc(var(--spacing) * 0)}.p-5{padding:calc(var(--spacing) * 5)}.p-6{padding:calc(var(--spacing) * 6)}.px-0{padding-inline:calc(var(--spacing) * 0)}.px-0\\.5{padding-inline:calc(var(--spacing) * .5)}.px-1{padding-inline:calc(var(--spacing) * 1)}.px-1\\.5{padding-inline:calc(var(--spacing) * 1.5)}.px-2{padding-inline:calc(var(--spacing) * 2)}.px-3{padding-inline:calc(var(--spacing) * 3)}.px-4{padding-inline:calc(var(--spacing) * 4)}.px-5{padding-inline:calc(var(--spacing) * 5)}.px-6{padding-inline:calc(var(--spacing) * 6)}.px-8{padding-inline:calc(var(--spacing) * 8)}.px-12{padding-inline:calc(var(--spacing) * 12)}.px-\\[5px\\]{padding-inline:5px}.px-\\[6px\\]{padding-inline:6px}.py-0\\.5{padding-block:calc(var(--spacing) * .5)}.py-1{padding-block:calc(var(--spacing) * 1)}.py-2{padding-block:calc(var(--spacing) * 2)}.py-2\\.5{padding-block:calc(var(--spacing) * 2.5)}.py-3{padding-block:calc(var(--spacing) * 3)}.py-4{padding-block:calc(var(--spacing) * 4)}.py-5{padding-block:calc(var(--spacing) * 5)}.py-6{padding-block:calc(var(--spacing) * 6)}.py-8{padding-block:calc(var(--spacing) * 8)}.py-12{padding-block:calc(var(--spacing) * 12)}.py-16{padding-block:calc(var(--spacing) * 16)}.py-\\[3px\\]{padding-block:3px}.py-px{padding-block:1px}.pt-0\\.5{padding-top:calc(var(--spacing) * .5)}.pt-1{padding-top:calc(var(--spacing) * 1)}.pt-2{padding-top:calc(var(--spacing) * 2)}.pt-5{padding-top:calc(var(--spacing) * 5)}.pt-7{padding-top:calc(var(--spacing) * 7)}.pt-8{padding-top:calc(var(--spacing) * 8)}.pt-12{padding-top:calc(var(--spacing) * 12)}.pr-0{padding-right:calc(var(--spacing) * 0)}.pr-1{padding-right:calc(var(--spacing) * 1)}.pr-2{padding-right:calc(var(--spacing) * 2)}.pr-3{padding-right:calc(var(--spacing) * 3)}.pr-6{padding-right:calc(var(--spacing) * 6)}.pr-1234{padding-right:calc(var(--spacing) * 1234)}.pb-1{padding-bottom:calc(var(--spacing) * 1)}.pb-1\\.5{padding-bottom:calc(var(--spacing) * 1.5)}.pb-4{padding-bottom:calc(var(--spacing) * 4)}.pb-5{padding-bottom:calc(var(--spacing) * 5)}.pb-6{padding-bottom:calc(var(--spacing) * 6)}.pb-8{padding-bottom:calc(var(--spacing) * 8)}.pb-12{padding-bottom:calc(var(--spacing) * 12)}.pl-0{padding-left:calc(var(--spacing) * 0)}.pl-3{padding-left:calc(var(--spacing) * 3)}.pl-4{padding-left:calc(var(--spacing) * 4)}.pl-\\[7px\\]{padding-left:7px}.text-center{text-align:center}.text-left{text-align:left}.text-right{text-align:right}.align-middle{vertical-align:middle}.align-top{vertical-align:top}.font-mono{font-family:var(--font-mono)}.font-sans{font-family:var(--font-sans)}.text-sm{font-size:var(--text-sm);line-height:var(--tw-leading,var(--text-sm--line-height))}.text-\\[9px\\]{font-size:9px}.text-\\[10px\\]{font-size:10px}.text-\\[11px\\]{font-size:11px}.text-\\[12px\\]{font-size:12px}.text-\\[13px\\]{font-size:13px}.text-\\[14px\\]{font-size:14px}.text-\\[15px\\]{font-size:15px}.text-\\[22px\\]{font-size:22px}.text-\\[28px\\]{font-size:28px}.text-\\[44px\\]{font-size:44px}.text-\\[72px\\]{font-size:72px}.text-\\[clamp\\(28px\\,5vw\\,52px\\)\\]{font-size:clamp(28px,5vw,52px)}.leading-\\[0\\.9\\]{--tw-leading:.9;line-height:.9}.leading-none{--tw-leading:1;line-height:1}.leading-snug{--tw-leading:var(--leading-snug);line-height:var(--leading-snug)}.leading-tight{--tw-leading:var(--leading-tight);line-height:var(--leading-tight)}.font-bold{--tw-font-weight:var(--font-weight-bold);font-weight:var(--font-weight-bold)}.font-light{--tw-font-weight:var(--font-weight-light);font-weight:var(--font-weight-light)}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.tracking-\\[-0\\.02em\\]{--tw-tracking:-.02em;letter-spacing:-.02em}.tracking-\\[0\\.1em\\]{--tw-tracking:.1em;letter-spacing:.1em}.tracking-\\[0\\.05em\\]{--tw-tracking:.05em;letter-spacing:.05em}.tracking-\\[0\\.08em\\]{--tw-tracking:.08em;letter-spacing:.08em}.tracking-\\[0\\.11em\\]{--tw-tracking:.11em;letter-spacing:.11em}.tracking-\\[0\\.12em\\]{--tw-tracking:.12em;letter-spacing:.12em}.tracking-\\[0\\.15em\\]{--tw-tracking:.15em;letter-spacing:.15em}.tracking-\\[0\\.16em\\]{--tw-tracking:.16em;letter-spacing:.16em}.tracking-\\[0\\.22em\\]{--tw-tracking:.22em;letter-spacing:.22em}.tracking-normal{--tw-tracking:var(--tracking-normal);letter-spacing:var(--tracking-normal)}.tracking-tight{--tw-tracking:var(--tracking-tight);letter-spacing:var(--tracking-tight)}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.whitespace-nowrap{white-space:nowrap}.capitalize{text-transform:capitalize}.lowercase{text-transform:lowercase}.normal-case{text-transform:none}.uppercase{text-transform:uppercase}.italic{font-style:italic}.tabular-nums{--tw-numeric-spacing:tabular-nums;font-variant-numeric:var(--tw-ordinal,) var(--tw-slashed-zero,) var(--tw-numeric-figure,) var(--tw-numeric-spacing,) var(--tw-numeric-fraction,)}.no-underline{text-decoration-line:none}.opacity-40{opacity:.4}.opacity-70{opacity:.7}.shadow{--tw-shadow:0 1px 3px 0 var(--tw-shadow-color,#0000001a), 0 1px 2px -1px var(--tw-shadow-color,#0000001a);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_4px_12px_rgba\\(0\\,0\\,0\\,0\\.08\\)\\]{--tw-shadow:0 4px 12px var(--tw-shadow-color,#00000014);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.shadow-\\[0_8px_24px_rgba\\(0\\,0\\,0\\,0\\.12\\)\\]{--tw-shadow:0 8px 24px var(--tw-shadow-color,#0000001f);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.ring{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.outline{outline-style:var(--tw-outline-style);outline-width:1px}.outline-0{outline-style:var(--tw-outline-style);outline-width:0}.blur{--tw-blur:blur(8px);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.invert{--tw-invert:invert(100%);filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.filter{filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.backdrop-blur-sm{--tw-backdrop-blur:blur(var(--blur-sm));-webkit-backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,);backdrop-filter:var(--tw-backdrop-blur,) var(--tw-backdrop-brightness,) var(--tw-backdrop-contrast,) var(--tw-backdrop-grayscale,) var(--tw-backdrop-hue-rotate,) var(--tw-backdrop-invert,) var(--tw-backdrop-opacity,) var(--tw-backdrop-saturate,) var(--tw-backdrop-sepia,)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-colors{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.duration-150{--tw-duration:.15s;transition-duration:.15s}.select-none{-webkit-user-select:none;user-select:none}.\\[notifications\\:\\<id\\>\\]{notifications:<id>}.\\[notifications\\:slack\\]{notifications:slack}.\\[notifications\\:teams\\]{notifications:teams}.\\[verdaccio\\:dry-run\\]{verdaccio:dry-run}.group-data-\\[state\\=off\\]\\:opacity-30:is(:where(.group)[data-state=off] *){opacity:.3}.before\\:absolute:before{content:var(--tw-content);position:absolute}.before\\:left-0:before{content:var(--tw-content);left:calc(var(--spacing) * 0)}.before\\:content-\\[\\'→\\'\\]:before{--tw-content:"→";content:var(--tw-content)}.after\\:ml-auto:after{content:var(--tw-content);margin-left:auto}.after\\:font-mono:after{content:var(--tw-content);font-family:var(--font-mono)}.after\\:text-\\[9px\\]:after{content:var(--tw-content);font-size:9px}.after\\:tracking-\\[0\\.1em\\]:after{content:var(--tw-content);--tw-tracking:.1em;letter-spacing:.1em}.after\\:content-\\[\\'ON\\'\\]:after{--tw-content:"ON";content:var(--tw-content)}.last\\:border-b-0:last-child{border-bottom-style:var(--tw-border-style);border-bottom-width:0}@media (hover:hover){.hover\\:text-white:hover{color:var(--color-white)}.hover\\:opacity-90:hover{opacity:.9}}.focus-visible\\:ring-1:focus-visible{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(1px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.focus-visible\\:outline-none:focus-visible{--tw-outline-style:none;outline-style:none}.disabled\\:pointer-events-none:disabled{pointer-events:none}.disabled\\:opacity-40:disabled{opacity:.4}.data-\\[open\\=false\\]\\:hidden[data-open=false]{display:none}.data-\\[pinned\\=true\\]\\:pointer-events-auto[data-pinned=true]{pointer-events:auto}.data-\\[state\\=off\\]\\:line-through[data-state=off]{text-decoration-line:line-through}.data-\\[state\\=off\\]\\:after\\:content-\\[\\'OFF\\'\\][data-state=off]:after{--tw-content:"OFF";content:var(--tw-content)}@media (min-width:40rem){.sm\\:min-w-\\[320px\\]{min-width:320px}}@media (min-width:48rem){.md\\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.md\\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.md\\:grid-cols-\\[1\\.4fr_1fr\\]{grid-template-columns:1.4fr 1fr}}.\\[\\&_svg\\]\\:size-\\[14px\\] svg{width:14px;height:14px}.\\[\\&_svg\\]\\:shrink-0 svg{flex-shrink:0}.\\[\\&_tr\\]\\:border-b-0 tr{border-bottom-style:var(--tw-border-style);border-bottom-width:0}.\\[\\&\\>\\*\\+\\*\\]\\:ml-6>*+*{margin-left:calc(var(--spacing) * 6)}.\\[\\&\\>\\*\\+\\*\\]\\:border-l>*+*{border-left-style:var(--tw-border-style);border-left-width:1px}.\\[\\&\\>\\*\\+\\*\\]\\:pl-6>*+*{padding-left:calc(var(--spacing) * 6)}.\\[\\&\\>td\\]\\:border-b>td{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}}@property --tw-rotate-x{syntax:"*";inherits:false}@property --tw-rotate-y{syntax:"*";inherits:false}@property --tw-rotate-z{syntax:"*";inherits:false}@property --tw-skew-x{syntax:"*";inherits:false}@property --tw-skew-y{syntax:"*";inherits:false}@property --tw-space-y-reverse{syntax:"*";inherits:false;initial-value:0}@property --tw-border-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-leading{syntax:"*";inherits:false}@property --tw-font-weight{syntax:"*";inherits:false}@property --tw-tracking{syntax:"*";inherits:false}@property --tw-ordinal{syntax:"*";inherits:false}@property --tw-slashed-zero{syntax:"*";inherits:false}@property --tw-numeric-figure{syntax:"*";inherits:false}@property --tw-numeric-spacing{syntax:"*";inherits:false}@property --tw-numeric-fraction{syntax:"*";inherits:false}@property --tw-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-shadow-color{syntax:"*";inherits:false}@property --tw-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-inset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-shadow-color{syntax:"*";inherits:false}@property --tw-inset-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-ring-color{syntax:"*";inherits:false}@property --tw-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-ring-color{syntax:"*";inherits:false}@property --tw-inset-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-ring-inset{syntax:"*";inherits:false}@property --tw-ring-offset-width{syntax:"<length>";inherits:false;initial-value:0}@property --tw-ring-offset-color{syntax:"*";inherits:false;initial-value:#fff}@property --tw-ring-offset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-outline-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-blur{syntax:"*";inherits:false}@property --tw-brightness{syntax:"*";inherits:false}@property --tw-contrast{syntax:"*";inherits:false}@property --tw-grayscale{syntax:"*";inherits:false}@property --tw-hue-rotate{syntax:"*";inherits:false}@property --tw-invert{syntax:"*";inherits:false}@property --tw-opacity{syntax:"*";inherits:false}@property --tw-saturate{syntax:"*";inherits:false}@property --tw-sepia{syntax:"*";inherits:false}@property --tw-drop-shadow{syntax:"*";inherits:false}@property --tw-drop-shadow-color{syntax:"*";inherits:false}@property --tw-drop-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-drop-shadow-size{syntax:"*";inherits:false}@property --tw-backdrop-blur{syntax:"*";inherits:false}@property --tw-backdrop-brightness{syntax:"*";inherits:false}@property --tw-backdrop-contrast{syntax:"*";inherits:false}@property --tw-backdrop-grayscale{syntax:"*";inherits:false}@property --tw-backdrop-hue-rotate{syntax:"*";inherits:false}@property --tw-backdrop-invert{syntax:"*";inherits:false}@property --tw-backdrop-opacity{syntax:"*";inherits:false}@property --tw-backdrop-saturate{syntax:"*";inherits:false}@property --tw-backdrop-sepia{syntax:"*";inherits:false}@property --tw-duration{syntax:"*";inherits:false}@property --tw-content{syntax:"*";inherits:false;initial-value:""}`;const qi=Ki,S=e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&#39;"),Ji={major:"major bump","minor-patch":"safe",unknown:"no fix"},Yi=(e,t)=>{if(t.length===0)return{kind:"unknown",label:"no fix"};const i=L.coerce(e);if(!i)return{kind:"unknown",label:"non-semver"};let a,n;for(const o of t){const r=L.coerce(o);if(!r)continue;const c=L.diff(i,r);c==="major"||c==="premajor"?a||(a=o):(c==="minor"||c==="patch"||c==="preminor"||c==="prepatch")&&!n&&(n=o)}return n?{kind:"minor-patch",label:`safe to ${n}`}:a?{kind:"major",label:`requires major bump to ${a}`}:{kind:"unknown",label:"no usable fix"}},Zi=new Map([["are you at risk","RISK"],["what it is","VECTOR"],["what to do","ACTION"]]),Qi=e=>e.split(`
33
+ `).map(t=>{const i=t.trim();if(!i)return"";const a=i.match(/^([^:]{2,40}):\s*(.+)$/u);if(a?.[1]&&a[2]){const n=Zi.get(a[1].trim().toLowerCase())??a[1].trim().toUpperCase();return`<div class="intel-line grid grid-cols-[72px_1fr] items-start gap-4"><span class="intel-key pt-0.5 text-[9px] font-bold uppercase">${S(n)}</span><span class="intel-val text-[13px]">${S(a[2].trim())}</span></div>`}return`<div class="intel-line intel-prose grid items-start gap-4"><span class="intel-val text-[13px]">${S(i)}</span></div>`}).join(""),Xi='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"/></svg>',ea='<svg class="ticon-svg" viewBox="0 0 24 24" width="14" height="14" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" focusable="false"><circle cx="12" cy="12" r="4"/><path d="M12 2v2m0 16v2M4.93 4.93l1.41 1.41m11.32 11.32 1.41 1.41M2 12h2m16 0h2M4.93 19.07l1.41-1.41m11.32-11.32 1.41-1.41"/></svg>',H="px-3 py-3 text-left align-middle",U="sticky top-0 z-[2] px-3 py-3 text-left text-[10px] font-medium uppercase whitespace-nowrap select-none",F="px-3 py-3 text-left text-[10px] font-medium uppercase",ta=e=>`<ul class="dep-paths flex flex-col gap-2 px-3 py-3">${e.map(t=>`<li class="dep-path flex flex-wrap items-center gap-y-1">${t.map((i,a)=>{const n=`${i.name}@${i.version}`,o=a<t.length-1?'<span class="dep-arrow muted px-1">→</span>':"";return`<code class="dep-node text-[12px]">${S(n)}</code>${o}`}).join("")}</li>`).join("")}</ul>`,ia=e=>{const{acknowledged:t,dependencyPaths:i,explanation:a,packageName:n,packageVersion:o,remediation:r,vulnerability:c}=e,{severity:l}=c,d=Yi(o,c.fixedVersions),m=c.fixedVersions.length>0?c.fixedVersions.join(", "):"—",b=r?`<code class="copyable" data-cmd="${S(r)}" title="Click to copy">${S(r)}</code>`:'<span class="muted">advisory only</span>',h=`data-severity="${l}" data-package="${S(n)}" data-advisory="${S(c.id)}"`,v=`<tr class="${t?"finding-row ack-row":"finding-row"}" ${h}>
34
+ <td class="sev-cell whitespace-nowrap ${H}"><span class="badge badge-${l.toLowerCase()} inline-flex items-center gap-[7px] rounded-[3px] py-1 pr-2 pl-[7px] text-[9px] font-bold uppercase">${l}</span></td>
35
+ <td class="${H}"><span class="marker marker-${d.kind} inline-block whitespace-nowrap align-middle text-[9px] font-bold uppercase" title="${S(d.label)}">${Ji[d.kind]}</span></td>
36
+ <td class="${H}"><code class="pkg font-medium">${S(n)}</code></td>
37
+ <td class="${H}"><code class="ver whitespace-nowrap">${S(o)}</code></td>
38
+ <td class="adv-cell whitespace-nowrap ${H}"><a href="${S(T(c.id))}" class="text-[12px] no-underline" rel="noreferrer noopener" target="_blank">${S(c.id)}</a>${t?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">acknowledged</span>':""}</td>
39
+ <td class="summary-cell ${H} min-w-[220px] text-[13px]">${S(c.summary)}</td>
40
+ <td class="${H}"><code class="fix whitespace-nowrap">${S(m)}</code></td>
41
+ <td class="${H}">${b}</td>
42
+ </tr>`,y=i&&i.length>0?`<tr class="paths-row" ${h}>
43
+ <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ DEPENDENCY PATHS ]</span><span class="intel-hint text-[9px] uppercase">${String(i.length)} root${i.length===1?"":"s"} reach this finding · click to expand</span></summary>${ta(i)}</details></td>
44
+ </tr>`:"";return a?`${v}${y}
45
+ <tr class="explain-row" ${h}>
46
+ <td colspan="8" class="p-0"><details><summary class="flex cursor-pointer items-center gap-3 px-3 py-2 select-none"><span class="intel-tag text-[9px] font-bold uppercase">[ AI INTEL ]</span><span class="intel-hint text-[9px] uppercase">threat analysis · click to expand</span></summary><div class="explain-body grid gap-3 px-3 pt-1 pb-4">${Qi(a)}</div></details></td>
47
+ </tr>`:`${v}${y}`},aa=e=>{const t=e.now??new Date,i=[...e.findings].sort(gt),a={CRITICAL:0,HIGH:0,LOW:0,MODERATE:0,UNKNOWN:0};let n=0,o=0;for(const x of i)a[x.vulnerability.severity??"UNKNOWN"]+=1,x.acknowledged||(o+=1,x.vulnerability.fixedVersions.length>0&&(n+=1));const r=i.map(x=>ia(x)).join(`
48
+ `),c=i.length===0,l=Wi.filter(x=>a[x]>0).map(x=>`<div class="dseg dseg-sev dseg-${x.toLowerCase()}"><span class="dk text-[10px] font-medium uppercase">${x}</span><span class="dv text-[22px]">${String(a[x])}</span></div>`),d=!c&&o>0?`<div class="dseg dseg-fixable"><span class="dk text-[10px] font-medium uppercase">fixable</span><span class="dv text-[22px]">${String(n)}<span class="dvsep mx-1 font-light">/</span>${String(o)}</span></div>`:"",m=[`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">scanned</span><span class="dv text-[22px]">${String(e.packagesScanned)}</span></div>`,`<div class="dseg"><span class="dk text-[10px] font-medium uppercase">findings</span><span class="dv text-[22px]"><span id="shown">${String(i.length)}</span>${c?"":`<span class="dvsep mx-1 font-light">/</span>${String(i.length)}`}</span></div>`,d,l.length>0?'<span class="flex-auto"></span>':"",...l,c?'<div class="dseg dseg-ok"><span class="dot inline-block size-[7px] self-center"></span><span class="dk text-[10px] font-medium uppercase">status</span><span class="dv text-[22px]">CLEAN</span></div>':""].join(""),b=c?"ok":a.CRITICAL>0?"crit":a.HIGH>0?"high":"warn",h=[...e.report?.duplicates??[]].sort((x,A)=>x.name.localeCompare(A.name)),v=h.map(x=>`<tr>
49
+ <td class="px-3 py-3 align-top"><code class="font-medium">${S(x.name)}</code></td>
50
+ <td class="px-3 py-3 align-top text-[12px] font-medium tabular-nums">${String(x.versionCount)}</td>
51
+ <td class="px-3 py-3 align-top"><code class="text-[12px]">${x.versions.map(A=>S(A)).join(", ")}</code></td>
52
+ </tr>`).join(`
53
+ `),y=(e.policyDecisions??[]).filter(x=>x.policy!=="vulnerability"),g=[...y].sort((x,A)=>{const q=M=>M==="block"?0:M==="warn"?1:2;return q(x.severity)-q(A.severity)||x.policy.localeCompare(A.policy)||x.packageName.localeCompare(A.packageName)}).map(x=>{const A=x.acceptedRisk?' <span class="ack ml-2 inline-block px-[5px] py-px text-[9px] uppercase">[acknowledged]</span>':"";return`<tr>
54
+ <td class="px-3 py-3 align-top"><span class="policy-badge policy-${x.severity} inline-flex items-center gap-[7px] rounded-[3px] py-1 pr-2 pl-[7px] text-[10px] font-bold uppercase">${x.severity.toUpperCase()}</span></td>
55
+ <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.policy)}</code></td>
56
+ <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.packageName)}</code></td>
57
+ <td class="px-3 py-3 align-top"><code class="uppercase">${S(x.version)}</code></td>
58
+ <td class="px-3 py-3 align-top">${S(x.reason)}${A}</td>
59
+ </tr>`}).join(`
60
+ `),$=e.report?`
61
+ <script type="application/json" id="vis-audit-report">${JSON.stringify(e.report).replaceAll("</",String.raw`<\/`)}<\/script>`:"";return`<!doctype html>
62
+ <html lang="en">
63
+ <head>
64
+ <meta charset="utf-8">
65
+ <meta name="viewport" content="width=device-width, initial-scale=1">
66
+ <title>vis audit · ${S(t.toISOString().slice(0,10))}</title>
67
+ <style>${qi}</style>${$}
68
+ </head>
69
+ <body>
70
+ <main class="mx-auto max-w-[1080px]">
71
+ <header class="masthead flex flex-wrap items-end gap-4 px-0 pt-8 pb-5">
72
+ <div class="brand leading-none tracking-tight">${(()=>{const[x,...A]=e.tool.name.split("-");return A.length>0?`${S(x??e.tool.name)}<span class="slash mx-[0.12em] font-light">/</span>${S(A.join("-"))}`:S(e.tool.name)})()}<span class="sub mt-3 block text-[11px] font-medium uppercase">dependency security report</span></div>
73
+ <span class="flex-auto"></span>
74
+ <span class="chip inline-flex h-7 items-center justify-center rounded-[4px] px-3 text-[11px] font-medium uppercase">v${S(e.tool.version)}</span>
75
+ <button id="theme" class="tbtn tbtn-theme inline-flex h-7 cursor-pointer items-center justify-center rounded-[4px] bg-transparent px-3 text-[11px] font-medium uppercase" type="button" aria-label="Toggle color theme" title="Toggle color theme"><span class="ticon ticon-moon inline-flex items-center justify-center">${Xi}</span><span class="ticon ticon-sun inline-flex items-center justify-center">${ea}</span></button>
76
+ </header>
77
+ ${c?"":`<section class="verdict verdict-${b} flex flex-wrap items-baseline gap-x-6 gap-y-1"><span class="vnum font-light">${String(i.length)}</span><span class="vsub text-[12px] uppercase">${i.length===1?"vulnerability detected":"vulnerabilities detected"}</span></section>`}
78
+ <div class="debugbar flex flex-wrap items-stretch gap-0 pt-7 pb-1">${m}</div>
79
+ <div class="pt-8">
80
+ ${c?'<div class="clean px-6 text-center"><div class="big font-light">CLEAN</div><div class="sub mt-6 text-[12px] uppercase">No security issues found.</div></div>':`
81
+ <div class="mb-6 flex flex-wrap items-center gap-0">
82
+ <label class="field flex flex-[1_1_280px] items-center"><span class="prompt pr-3 text-[10px] uppercase select-none">filter:</span><input id="filter" type="search" class="w-full border-0 bg-transparent py-2.5 pr-0 pl-0 text-[13px] outline-0" placeholder="package or advisory id…" aria-label="Filter findings" /></label>
83
+ <label class="field sel flex flex-none items-center"><span class="prompt pr-3 text-[10px] uppercase select-none">sev</span><select id="severity" class="w-full cursor-pointer border-0 bg-transparent py-2.5 pr-6 pl-0 text-[13px] outline-0" aria-label="Filter by severity">
84
+ <option value="">all severities</option>
85
+ <option value="CRITICAL">critical only</option>
86
+ <option value="HIGH">high and above</option>
87
+ <option value="MODERATE">moderate and above</option>
88
+ <option value="LOW">low and above</option>
89
+ </select></label>
90
+ <span class="hint ml-8 text-[10px] uppercase"><span class="kbd rounded-[3px] px-[6px] py-px text-[10px] font-medium uppercase">/</span> to search · <span class="kbd rounded-[3px] px-[6px] py-px text-[10px] font-medium uppercase">esc</span> to clear</span>
91
+ </div>
92
+ <table id="findings" class="w-full text-[13px]">
93
+ <thead>
94
+ <tr>
95
+ <th class="${U}">Severity</th>
96
+ <th class="${U}">Upgrade</th>
97
+ <th class="${U}">Package</th>
98
+ <th class="${U}">Version</th>
99
+ <th class="${U}">Advisory</th>
100
+ <th class="${U}">Summary</th>
101
+ <th class="${U}">Fix</th>
102
+ <th class="${U}">Remediation</th>
103
+ </tr>
104
+ </thead>
105
+ <tbody>
106
+ ${r}
107
+ </tbody>
108
+ </table>
109
+ <div id="empty" class="empty hidden px-5 py-12 text-center text-[12px] uppercase">No findings match the current filter.</div>`}
110
+ ${y.length>0?`
111
+ <h2>Policy Decisions (${y.length})</h2>
112
+ <table id="policies" class="w-full text-[13px]">
113
+ <thead>
114
+ <tr>
115
+ <th class="${F}">Severity</th>
116
+ <th class="${F}">Policy</th>
117
+ <th class="${F}">Package</th>
118
+ <th class="${F}">Version</th>
119
+ <th class="${F}">Reason</th>
120
+ </tr>
121
+ </thead>
122
+ <tbody>
123
+ ${g}
124
+ </tbody>
125
+ </table>`:""}
126
+ ${h.length>0?`
127
+ <h2>Duplicate Versions (${h.length})</h2>
128
+ <p class="mt-1 mb-3 text-[12px] uppercase opacity-70">Packages installed at multiple versions. Consolidating these via overrides shrinks the install footprint and the attack surface.</p>
129
+ <table id="duplicates" class="w-full text-[13px]">
130
+ <thead>
131
+ <tr>
132
+ <th class="${F}">Package</th>
133
+ <th class="${F}">Versions</th>
134
+ <th class="${F}">Installed</th>
135
+ </tr>
136
+ </thead>
137
+ <tbody>
138
+ ${v}
139
+ </tbody>
140
+ </table>`:""}
141
+ <footer class="sig mt-12 flex flex-wrap items-center justify-between gap-x-6 gap-y-3 pt-5 text-[10px] uppercase"><span class="sig-meta"><b>${S(e.tool.name)}</b> ${S(e.tool.version)} · generated ${S(t.toISOString())} · powered by OSV.dev</span><span class="sig-by inline-flex items-center gap-2"><span class="sig-by-label">built by</span><a class="sig-by-link inline-flex items-center" href="https://anolilab.com" rel="noreferrer noopener" target="_blank" aria-label="Anolilab">${ci}</a></span></footer>
142
+ </div>
143
+ </main>
144
+ <script>
145
+ (() => {
146
+ const root = document.documentElement;
147
+ const themeBtn = document.getElementById('theme');
148
+ const mql = window.matchMedia('(prefers-color-scheme: dark)');
149
+
150
+ // Theme: persisted choice wins, else follow OS. JS only flips data-theme;
151
+ // CSS handles the colors and the moon/sun icon swap.
152
+ try {
153
+ const stored = localStorage.getItem('vis-audit-theme');
154
+ if (stored === 'light' || stored === 'dark') {
155
+ root.dataset.theme = stored;
156
+ }
157
+ } catch {}
158
+
159
+ themeBtn?.addEventListener('click', () => {
160
+ const isDark = root.dataset.theme ? root.dataset.theme === 'dark' : mql.matches;
161
+ const next = isDark ? 'light' : 'dark';
162
+ root.dataset.theme = next;
163
+ try {
164
+ localStorage.setItem('vis-audit-theme', next);
165
+ } catch {}
166
+ });
167
+
168
+ // Filter index: read each row's data-* once, lowercase strings ahead of
169
+ // time, and pre-rank severity. Subsequent keystrokes only compare cached
170
+ // primitives — no per-row getAttribute / toLowerCase in the hot loop.
171
+ const RANK = { CRITICAL: 0, HIGH: 1, MODERATE: 2, LOW: 3, UNKNOWN: 4 };
172
+ const UNKNOWN = RANK.UNKNOWN;
173
+ const filterInput = document.getElementById('filter');
174
+ const sevSelect = document.getElementById('severity');
175
+ const shown = document.getElementById('shown');
176
+ const empty = document.getElementById('empty');
177
+ const index = [];
178
+ for (const el of document.querySelectorAll('#findings tbody tr')) {
179
+ const d = el.dataset;
180
+ index.push({
181
+ el,
182
+ pkg: (d.package || '').toLowerCase(),
183
+ adv: (d.advisory || '').toLowerCase(),
184
+ rank: RANK[d.severity] ?? UNKNOWN,
185
+ finding: el.classList.contains('finding-row'),
186
+ hidden: false,
187
+ });
188
+ }
189
+ let emptyShown = false;
190
+
191
+ const apply = () => {
192
+ const q = (filterInput?.value || '').toLowerCase().trim();
193
+ const sevValue = sevSelect?.value || '';
194
+ const cap = sevValue ? (RANK[sevValue] ?? UNKNOWN) : UNKNOWN;
195
+ let visible = 0;
196
+ for (const row of index) {
197
+ const queryHit = !q || row.pkg.includes(q) || row.adv.includes(q);
198
+ const sevHit = !sevValue || row.rank <= cap;
199
+ const visibleNow = queryHit && sevHit;
200
+ if (visibleNow && row.finding) {
201
+ visible += 1;
202
+ }
203
+ // Only touch the DOM when this row's state actually changes — keeps
204
+ // continued typing from re-laying out every row on every keystroke.
205
+ if (visibleNow === !row.hidden) {
206
+ continue;
207
+ }
208
+ row.el.style.display = visibleNow ? '' : 'none';
209
+ row.hidden = !visibleNow;
210
+ }
211
+ if (shown) {
212
+ shown.textContent = String(visible);
213
+ }
214
+ const showEmpty = visible === 0;
215
+ if (empty && showEmpty !== emptyShown) {
216
+ empty.style.display = showEmpty ? 'block' : 'none';
217
+ emptyShown = showEmpty;
218
+ }
219
+ };
220
+
221
+ // Coalesce typing-driven updates to one pass per frame; rapid keystrokes
222
+ // (paste, IME) collapse into a single filter sweep.
223
+ let pending = 0;
224
+ const scheduleApply = () => {
225
+ if (pending) {
226
+ return;
227
+ }
228
+ pending = requestAnimationFrame(() => {
229
+ pending = 0;
230
+ apply();
231
+ });
232
+ };
233
+
234
+ filterInput?.addEventListener('input', scheduleApply);
235
+ sevSelect?.addEventListener('change', apply);
236
+
237
+ // Keyboard: "/" focuses the filter, Esc clears every active filter.
238
+ document.addEventListener('keydown', (event) => {
239
+ if (event.key === '/' && document.activeElement !== filterInput) {
240
+ event.preventDefault();
241
+ filterInput?.focus();
242
+ return;
243
+ }
244
+ if (event.key === 'Escape') {
245
+ if (filterInput) {
246
+ filterInput.value = '';
247
+ }
248
+ if (sevSelect) {
249
+ sevSelect.value = '';
250
+ }
251
+ apply();
252
+ filterInput?.blur();
253
+ }
254
+ });
255
+
256
+ // Click-to-copy on remediation command bars (event-delegated).
257
+ document.addEventListener('click', (event) => {
258
+ const target = event.target?.closest?.('.copyable');
259
+ // Guard re-entry during the 1s revert: a second click would otherwise
260
+ // capture "✓ copied to clipboard" as the original and never restore it.
261
+ if (!target || target.classList.contains('copied')) {
262
+ return;
263
+ }
264
+ const cmd = target.dataset.cmd ?? target.textContent ?? '';
265
+ navigator.clipboard?.writeText(cmd).then(() => {
266
+ const orig = target.textContent;
267
+ target.classList.add('copied');
268
+ target.textContent = '✓ copied to clipboard';
269
+ setTimeout(() => {
270
+ target.textContent = orig;
271
+ target.classList.remove('copied');
272
+ }, 1000);
273
+ }).catch(() => {});
274
+ });
275
+
276
+ apply();
277
+ })();
278
+ <\/script>
279
+ </body>
280
+ </html>
281
+ `},na={CRITICAL:"CRITICAL",HIGH:"HIGH",LOW:"LOW",MODERATE:"MEDIUM",UNKNOWN:"NONE"},Oe=(e,t)=>`pkg:npm/${e}@${t}`,at=(e,t)=>{const i=new Map;for(const a of e){const n=t(a),o=i.get(n);o?o.push(a):i.set(n,[a])}return i},ra=e=>{const t=e.now??new Date,i=t.toISOString(),a=e.trackingId??`vis-audit-${t.toISOString().slice(0,10)}`,n=[...at(e.findings,r=>r.packageName).entries()].sort(([r],[c])=>r.localeCompare(c)).map(([r,c])=>({branches:[...new Set(c.map(l=>l.packageVersion))].sort().map(l=>{const d=Oe(r,l);return{category:"product_version",name:l,product:{name:`${r}@${l}`,product_id:d,product_identification_helper:{purl:d}}}}),category:"product_name",name:r})),o=[...at(e.findings,r=>r.vulnerability.id).entries()].sort(([r],[c])=>r.localeCompare(c)).map(([r,c])=>{const l=c[0].vulnerability,d=[...new Set(c.map($=>Oe($.packageName,$.packageVersion)))].sort(),m=r.startsWith("CVE-"),b=[r,...l.aliases??[]],h=m?r:b.find($=>$.startsWith("CVE-")),v=b.filter($=>$!==h).map($=>({system_name:$.startsWith("GHSA-")?"GitHub Security Advisory":"OSV",text:$})),y=ze(l),g=c.filter($=>$.acknowledged).map($=>Oe($.packageName,$.packageVersion));return{...h?{cve:h}:{},...v.length>0?{ids:v}:{},notes:[{category:"description",text:l.summary||`Advisory ${r}`,title:"Advisory description"}],product_status:{known_affected:d},references:[{category:"external",summary:`${r} advisory record`,url:T(r)}],scores:[{cvss_v3:{baseScore:y,baseSeverity:na[l.severity]??"NONE",vectorString:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",version:"3.1"},products:d}],title:l.summary.split(`
282
+ `)[0]?.slice(0,200)||r,...g.length>0?{flags:[{label:"inline_mitigations_already_exist",product_ids:g}]}:{}}});return{document:{category:"csaf_vex",csaf_version:"2.0",distribution:{tlp:{label:"WHITE"}},publisher:{category:"vendor",name:e.tool.name,namespace:e.tool.informationUri},title:`vis audit · ${a}`,tracking:{current_release_date:i,id:a,initial_release_date:i,revision_history:[{date:i,number:"1",summary:"Initial audit emission"}],status:"final",version:"1"}},...n.length>0?{product_tree:{branches:n}}:{},...o.length>0?{vulnerabilities:o}:{}}},oa={CRITICAL:"critical",HIGH:"high",LOW:"low",MODERATE:"medium",UNKNOWN:"unknown"},nt=(e,t)=>{const i=new Map;for(const a of e){const n=t(a),o=i.get(n);o?o.push(a):i.set(n,[a])}return i},sa=(e,t=new Date)=>{const i=nt(e,n=>n.vulnerability.id),a=t.toISOString();return[...i.entries()].sort(([n],[o])=>n.localeCompare(o)).map(([n,o])=>{const r=o[0].vulnerability,c=oa[r.severity]??"unknown",l=ze(r),d=[...nt(o,y=>y.packageName).entries()].sort(([y],[g])=>y.localeCompare(g)).map(([y,g])=>{const $=[...new Set(g.map(x=>x.packageVersion))].sort();return{ref:li(y,$[0]),versions:$.map(x=>({status:"affected",version:x}))}}),m=(r.aliases??[]).filter(y=>y!==n).map(y=>({id:y,source:{name:ve(y),url:T(y)}})),b=o.some(y=>y.acknowledged),h=o.every(y=>y.acknowledged)?{justification:"code_not_reachable",response:["will_not_fix"],state:"not_affected"}:b?{state:"in_triage"}:void 0,v=r.fixedVersions??[];return{"bom-ref":`vuln:${n}`,id:n,source:{name:ve(n),url:T(n)},...m.length>0?{references:m}:{},description:r.summary||`Advisory ${n}`,ratings:[{method:"CVSSv31",score:l,severity:c,source:{name:ve(n),url:T(n)}}],...v.length>0?{recommendation:`Upgrade to one of: ${v.join(", ")}`}:{},affects:d,created:a,published:a,...h?{analysis:h}:{}}})},ca=e=>{const t=sa(e.findings,e.now);return{...e.bom,vulnerabilities:t}},wt="15.2.1",la=`https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/raw/v${wt}/dist/dependency-scanning-report-format.json`,pa={CRITICAL:"Critical",HIGH:"High",LOW:"Low",MODERATE:"Medium",UNKNOWN:"Unknown"},da={block:"High",info:"Info",warn:"Medium"},ga=Uint8Array.from([107,167,184,18,157,173,17,209,128,180,0,192,79,212,48,200]),rt=e=>{const t=di("sha1");t.update(ga),t.update(e,"utf8");const i=t.digest();i[6]=(i[6]??0)&15|80,i[8]=(i[8]??0)&63|128;const a=i.subarray(0,16).toString("hex");return`${a.slice(0,8)}-${a.slice(8,12)}-${a.slice(12,16)}-${a.slice(16,20)}-${a.slice(20,32)}`},ot=e=>e.startsWith("CVE-")?{name:e,type:"cve",url:T(e),value:e}:e.startsWith("GHSA-")?{name:e,type:"ghsa",url:T(e),value:e}:{name:e,type:"osv",url:T(e),value:e},fa=e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),i=e.artifactUri??(ft(e.workspaceRoot,`${e.workspaceRoot}/package.json`)||"package.json"),a=[];for(const n of e.findings){const{acknowledged:o,packageName:r,packageVersion:c,vulnerability:l}=n,d=[ot(l.id)];for(const v of l.aliases??[])v!==l.id&&d.push(ot(v));const m=[{name:`${ve(l.id)} advisory`,url:T(l.id)}],b=l.summary||`Advisory ${l.id}`,h=l.fixedVersions.length>0?`Upgrade ${r} to ${l.fixedVersions.join(" or ")}`:void 0;a.push({description:b,...o?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:rt(`vis-audit|${l.id}|${r}@${c}`),identifiers:d,links:m,location:{dependency:{package:{name:r},version:c},file:i},name:`${l.id}: ${r}@${c}`,severity:pa[l.severity],...h?{solution:h}:{}})}for(const n of e.policyDecisions??[]){if(n.policy==="vulnerability")continue;const o=`vis.policy.${n.policy}`;a.push({description:n.reason,...n.acceptedRisk?{flags:[{description:"Acknowledged via vis accepted-risks",origin:"vis",type:"flagged-as-likely-false-positive"}]}:{},id:rt(`vis-audit|${o}|${n.packageName}@${n.version}`),identifiers:[{name:o,type:"vis_policy",url:`https://visulima.com/packages/vis/commands/audit#policy-${n.policy}`,value:o}],links:[{name:`vis policy: ${n.policy}`,url:`https://visulima.com/packages/vis/commands/audit#policy-${n.policy}`}],location:{dependency:{package:{name:n.packageName},version:n.version},file:i},name:`vis policy '${n.policy}': ${n.packageName}@${n.version}`,severity:da[n.severity]})}return{scan:{analyzer:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},end_time:t,scanner:{id:e.tool.name,name:e.tool.name,url:e.tool.informationUri,vendor:{name:"Visulima"},version:e.tool.version},start_time:t,status:"success",type:"dependency_scanning"},schema:la,version:wt,vulnerabilities:a}},K=e=>e.replaceAll("&","&amp;").replaceAll("<","&lt;").replaceAll(">","&gt;").replaceAll('"',"&quot;").replaceAll("'","&apos;"),st=e=>`<![CDATA[${e.replaceAll("]]>","]]]]><![CDATA[>")}]]>`,ua=e=>{let t="";return e.status==="skipped"?t=` <skipped/>
283
+ `:e.status==="failure"?t=` <failure type="${K(e.failureType)}" message="${K(e.failureMessage)}">${st(e.failureText)}</failure>
284
+ `:e.systemOut!==void 0&&(t=` <system-out>${st(e.systemOut)}</system-out>
285
+ `),` <testcase classname="${K(e.classname)}" name="${K(e.name)}">
286
+ ${t} </testcase>
287
+ `},ct=(e,t,i)=>{const a=t.filter(c=>c.status==="failure").length,n=t.filter(c=>c.status==="skipped").length,o=t.length,r=t.map(c=>ua(c)).join("");return` <testsuite name="${K(e)}" tests="${String(o)}" failures="${String(a)}" skipped="${String(n)}" errors="0" timestamp="${K(i)}" time="0">
288
+ ${r} </testsuite>
289
+ `},ma=e=>{const t=(e.now??new Date).toISOString().replace(/\.\d{3}Z$/,""),i=e.suiteName??"vis-audit",a=e.findings.map(d=>{const{acknowledged:m,packageName:b,packageVersion:h,vulnerability:v}=d,y=v.fixedVersions.length>0?` (fix: ${v.fixedVersions.join(", ")})`:"";return{classname:`${b}@${h}`,failureMessage:`${Le(v.severity).toUpperCase()} ${v.id} — ${v.summary.split(`
290
+ `)[0]?.slice(0,200)??v.id}`,failureText:`${v.id}: ${b}@${h}
291
+ ${v.summary||`Advisory ${v.id}`}${y}`,failureType:Le(v.severity).toUpperCase(),name:v.id,status:m?"skipped":"failure"}}),n=(e.policyDecisions??[]).filter(d=>d.policy!=="vulnerability").map(d=>{let m;return d.acceptedRisk?m="skipped":d.severity==="info"?m="passing":m="failure",{classname:`${d.packageName}@${d.version}`,failureMessage:`${d.severity.toUpperCase()} vis.policy.${d.policy}`,failureText:d.reason,failureType:d.severity.toUpperCase(),name:`vis.policy.${d.policy}`,status:m,...m==="passing"?{systemOut:d.reason}:{}}}),o=a.length+n.length,r=a.filter(d=>d.status==="failure").length+n.filter(d=>d.status==="failure").length,c=a.filter(d=>d.status==="skipped").length+n.filter(d=>d.status==="skipped").length;let l=`<?xml version="1.0" encoding="UTF-8"?>
292
+ <testsuites name="${K(i)}" tests="${String(o)}" failures="${String(r)}" skipped="${String(c)}" errors="0" time="0">
293
+ `;return l+=ct("vulnerabilities",a,t),n.length>0&&(l+=ct("policies",n,t)),l+=`</testsuites>
294
+ `,l},ha=e=>{const t=new Map,i=[],a=e.artifactUri??(ft(e.workspaceRoot,gi(e.workspaceRoot,"package.json"))||"package.json");for(const r of e.findings){const{acknowledged:c,packageName:l,packageVersion:d,vulnerability:m}=r,b=Fi(m.severity),h=Le(m.severity);t.has(m.id)||t.set(m.id,{defaultConfiguration:{level:b},fullDescription:{text:m.summary||`Advisory ${m.id}`},helpUri:T(m.id),id:m.id,name:m.id,properties:{precision:"very-high","security-severity":Bi(m),"severity-label":h,tags:["security","vulnerability","supply-chain",`severity:${h}`]},shortDescription:{text:(m.summary.split(`
295
+ `)[0]??m.id).slice(0,200)}}),i.push({level:b,locations:[{logicalLocations:[{kind:"package",name:`${l}@${d}`}],physicalLocation:{artifactLocation:{uri:a}}}],message:{text:`${m.id}: ${l}@${d} — ${m.summary||"no summary"}${m.fixedVersions.length>0?` (fix: ${m.fixedVersions.join(", ")})`:""}`},partialFingerprints:{advisoryId:m.id,package:l,version:d},properties:{...c?{acknowledged:!0}:{},...m.aliases&&m.aliases.length>0?{aliases:m.aliases}:{},...typeof m.cvssScore=="number"?{cvssScore:m.cvssScore}:{},...m.fixedVersions.length>0?{fixedVersions:m.fixedVersions}:{},packageName:l,packageVersion:d,severityLabel:h},ruleId:m.id})}const n={block:"error",info:"note",warn:"warning"},o={block:"high",info:"none",warn:"medium"};for(const r of e.policyDecisions??[]){if(r.policy==="vulnerability")continue;const c=`vis.policy.${r.policy}`,l=n[r.severity],d=o[r.severity];t.has(c)||t.set(c,{defaultConfiguration:{level:l},fullDescription:{text:`vis policy '${r.policy}' (Socket.dev-style supply-chain gate)`},helpUri:`https://visulima.com/packages/vis/commands/audit#policy-${r.policy}`,id:c,name:c,properties:{precision:"high","security-severity":r.severity==="block"?"8.0":r.severity==="warn"?"5.5":"0.0","severity-label":d,tags:["security","supply-chain","policy",`policy:${r.policy}`]},shortDescription:{text:`vis policy: ${r.policy}`}}),i.push({level:l,locations:[{logicalLocations:[{kind:"package",name:`${r.packageName}@${r.version}`}],physicalLocation:{artifactLocation:{uri:a}}}],message:{text:r.reason},partialFingerprints:{package:r.packageName,policy:r.policy,version:r.version},properties:{...r.acceptedRisk?{acknowledged:!0}:{},packageName:r.packageName,packageVersion:r.version,severityLabel:d},ruleId:c})}return{$schema:"https://json.schemastore.org/sarif-2.1.0.json",runs:[{results:i,tool:{driver:{informationUri:e.tool.informationUri,name:e.tool.name,rules:[...t.values()],version:e.tool.version}}}],version:"2.1.0"}},va=["dependencies","devDependencies","optionalDependencies","peerDependencies"],lt=e=>{try{return{path:e,pkg:ut(e)}}catch{return}},wa=e=>{const t=[],i=lt(z(e,"package.json"));i&&t.push({path:i.path,pkg:i.pkg,workspaceName:i.pkg.name});const a=Bt(e);let n;if(a?n=a:i?.pkg.workspaces&&(Array.isArray(i.pkg.workspaces)?n=i.pkg.workspaces:i.pkg.workspaces.packages&&(n=i.pkg.workspaces.packages)),!n)return t;for(const o of Kt(e,n)){const r=lt(z(e,o,"package.json"));r&&t.push({path:r.path,pkg:r.pkg,workspaceName:r.pkg.name})}return t},ya=(e,t)=>{const i=[];for(const a of e)for(const n of va){const o=a.pkg[n]?.[t];typeof o=="string"&&i.push({field:n,manifest:a,range:o})}return i},yt=e=>{const t=wa(e.workspaceRoot),i=[],a=[],n=[],o=new Set;for(const r of e.findings){const c=r.vulnerability.fixedVersions[0];if(!c){n.push({packageName:r.packageName,reason:"no-fixed-version"});continue}const l=ya(t,r.packageName);if(l.length===0){n.push({packageName:r.packageName,reason:"transitive-only"});continue}const d=L.coerce(c),m=d?`^${d.version}`:c,b=d?d.version:c;for(const h of l){const v=`${h.manifest.path}::${h.field}::${r.packageName}::${b}`;if(o.has(v))continue;o.add(v);const y=xa(b,h.range),g={currentRange:h.range,field:h.field,inRange:y,manifestPath:h.manifest.path,packageName:r.packageName,targetSpec:m,targetVersion:b,workspaceName:h.manifest.workspaceName};y||e.allowMajor===!0?i.push(g):a.push(g)}}return{apply:i,skippedMajor:a,unmatched:n}},ba=/^(?:workspace|file|link|portal|patch|git\+|git:|github:|npm:|catalog|jsr|http|https):/i,xa=(e,t)=>{if(ba.test(t))return!0;const i=L.coerce(e)?.version??e;try{return L.satisfies(i,t)}catch{return!0}},ka=e=>{const t=[];if(e.apply.length>0){t.push(`Apply (${String(e.apply.length)}):`);for(const i of e.apply){const a=i.workspaceName?` [${i.workspaceName}]`:"";t.push(` + ${i.packageName}: ${i.currentRange} → ${i.targetSpec}${a}`)}}if(e.skippedMajor.length>0){t.push(`Skipped — major bump (${String(e.skippedMajor.length)}, requires --allow-major):`);for(const i of e.skippedMajor){const a=i.workspaceName?` [${i.workspaceName}]`:"";t.push(` ! ${i.packageName}: ${i.currentRange} → ${i.targetSpec}${a}`)}}if(e.unmatched.length>0){const i=e.unmatched.filter(n=>n.reason==="transitive-only"),a=e.unmatched.filter(n=>n.reason==="no-fixed-version");if(i.length>0){t.push(`Transitive only (${String(i.length)}, requires --fix-transitive):`);for(const n of i)t.push(` · ${n.packageName}`)}if(a.length>0){t.push(`No fixed version available (${String(a.length)}):`);for(const n of a)t.push(` · ${n.packageName}`)}}return t.length===0?"No direct-dep fixes to apply.":t.join(`
296
+ `)},$a=5,Sa=64,Na=(e,t)=>{if(t.length===0)return[];const i=new Set;for(const a of e){if(t.includes(a)){i.add(a);continue}let n=!1;for(const o of t)try{L.satisfies(o,a)&&(i.add(o),n=!0)}catch{}!n&&t.length===1&&i.add(t[0])}return[...i]},Aa=e=>{const t=new Map;for(const n of e.entries){let o=t.get(n.name);o||(o=[],t.set(n.name,o)),o.includes(n.version)||o.push(n.version)}const i=new Map;for(const n of e.entries){const o=`${n.name}@${n.version}`;let r=i.get(o);r||(r=new Map,i.set(o,r));for(const c of[n.dependencies,n.peerDependencies,n.optionalDependencies])if(c)for(const[l,d]of Object.entries(c)){const m=t.get(l)??[],b=Na(d,m);for(const h of b){const v=`${l}@${h}`;r.has(v)||r.set(v,{name:l,version:h})}}}const a=new Map;for(const[n,o]of i)a.set(n,{children:[...o.values()]});return{adjacency:a,versionsByName:t}},Ca=(e,t)=>{const i=t.get(e.name);if(!(!i||i.length===0)){if(i.includes(e.version))return{name:e.name,version:e.version};for(const a of i)try{if(L.satisfies(a,e.version))return{name:e.name,version:a}}catch{}if(i.length===1)return{name:e.name,version:i[0]}}},Ra=(e,t,i={})=>{const a=i.maxPathsPerTarget??$a,n=i.maxDepth??Sa;if(a<=0)return[];const{adjacency:o,versionsByName:r}=Aa(e),c=`${t.name}@${t.version}`,l=[],d=[],m=new Set;for(const v of e.roots){const y=Ca(v,r);if(!y)continue;const g=`${y.name}@${y.version}`;m.has(g)||(m.add(g),d.push(y))}const b=[];for(const v of d){const y=`${v.name}@${v.version}`;if(y===c){if(l.push([v]),l.length>=a)return l;continue}b.push({node:v,path:[v],visited:new Set([y])})}let h=0;for(;h<b.length&&l.length<a;){const v=b[h];if(h+=1,v.path.length>=n)continue;const y=o.get(`${v.node.name}@${v.node.version}`)?.children??[];for(const g of y){const $=`${g.name}@${g.version}`;if(v.visited.has($))continue;const x=[...v.path,g];if($===c){if(l.push(x),l.length>=a)return l;continue}const A=new Set(v.visited);A.add($),b.push({node:g,path:x,visited:A})}}return l},Ia={"crates.io":["Cargo.lock"],Go:["go.sum"],Maven:["gradle.lockfile","pom.xml"],PyPI:["uv.lock","poetry.lock","Pipfile.lock"],RubyGems:["Gemfile.lock"]},ja={cargo:"crates.io","crates.io":"crates.io",go:"Go",maven:"Maven",npm:"npm",pypi:"PyPI",rubygems:"RubyGems"},bt=e=>ja[e.toLowerCase()]??e,Ea=(e,t)=>{const i=bt(t),a=Ia[i]??[];for(const n of a){const o=z(e,n);if(yi(o))return o}},Oa=e=>{const t=new Set,i=[];for(const a of e){const n=`${a.name}@${a.version}`;t.has(n)||(t.add(n),i.push(a))}return i},Da=/\[\[package\]\]([\s\S]*?)(?=\[\[|$)/g,Ma=/^\s*name\s*=\s*"([^"]+)"\s*$/m,La=/^\s*version\s*=\s*"([^"]+)"\s*$/m,Ta=e=>{const t=[];for(const i of e.matchAll(Da)){const a=i[1]??"",n=Ma.exec(a)?.[1],o=La.exec(a)?.[1];n&&o&&t.push({isDev:!1,name:n,version:o})}return t},Pa=e=>{let t;try{t=JSON.parse(e)}catch{return[]}if(typeof t!="object"||t===null)return[];const i=[];for(const a of["default","develop"]){const n=t[a];if(!(typeof n!="object"||n===null))for(const[o,r]of Object.entries(n)){if(typeof r!="object"||r===null)continue;const c=r.version;if(typeof c!="string")continue;const l=c.replace(/^==/,"").trim();l.length>0&&i.push({isDev:!1,name:o,version:l})}}return i},Va=/<dependency>([\s\S]*?)<\/dependency>/g,za=/<groupId>\s*([^<\s]+)\s*<\/groupId>/,Wa=/<artifactId>\s*([^<\s]+)\s*<\/artifactId>/,_a=/<version>\s*([^<\s]+)\s*<\/version>/,Ha=e=>{const t=[];for(const i of e.matchAll(Va)){const a=i[1]??"",n=za.exec(a)?.[1],o=Wa.exec(a)?.[1],r=_a.exec(a)?.[1];!n||!o||!r||r.startsWith("${")||t.push({isDev:!1,name:`${n}:${o}`,version:r})}return t},Ua=e=>{const t=[];for(const i of e.split(/\r?\n/)){const a=i.trim();if(a.length===0||a.startsWith("#"))continue;const n=a.indexOf("="),o=(n===-1?a:a.slice(0,n)).split(":");if(o.length<3)continue;const[r,c,l]=o;!r||!c||!l||t.push({isDev:!1,name:`${r}:${c}`,version:l})}return t},Fa=e=>{const t=[];for(const i of e.split(/\r?\n/)){const a=i.trim();if(a.length===0)continue;const n=a.split(/\s+/);if(n.length<3)continue;const[o,r]=n;if(!o||!r?.endsWith("/go.mod"))continue;const c=r.slice(0,-7);c.length!==0&&t.push({isDev:!1,name:o,version:c})}return t},Ga=/^ {4}([^ ()]+) \(([^()]+)\)\s*$/,Ba=e=>{const t=[];let i=!1,a=!1;for(const n of e.split(/\r?\n/)){if(n.startsWith("GEM")){i=!0,a=!1;continue}if(i&&/^[A-Z]/.test(n)){i=!1,a=!1;continue}if(i&&n.trim()==="specs:"){a=!0;continue}if(a){const o=Ga.exec(n);if(o){const[,r,c]=o;r&&c&&t.push({isDev:!1,name:r,version:c})}}}return t},Ka=(e,t)=>{const i=Ea(e,t);if(!i)return[];let a;try{a=mt(i,"utf8")}catch{return[]}const n=i.split(/[/\\]/).pop()??"";let o;switch(n){case"Cargo.lock":case"poetry.lock":case"uv.lock":{o=Ta(a);break}case"Gemfile.lock":{o=Ba(a);break}case"go.sum":{o=Fa(a);break}case"gradle.lockfile":{o=Ua(a);break}case"Pipfile.lock":{o=Pa(a);break}case"pom.xml":{o=Ha(a);break}default:return[]}return Oa(o)},qa=["ts","tsx","js","jsx","mjs","cjs","mts","cts"],Ja=[/node_modules/,/\.git/,/\.next/,/\.cache/,/dist/,/build/,/coverage/,/\.turbo/,/\.nx/,/\.parcel-cache/],Ya=["dependencies","devDependencies","peerDependencies","optionalDependencies"],Za=/(?:import|export)\s+(?:[\s\S]*?from\s+)?["']([^"'\n]+)["']/g,Qa=/(?:^|[^.\w$])require\s*\(\s*["']([^"'\n]+)["']\s*\)/g,Xa=/\bimport\s*\(\s*["']([^"'\n]+)["']\s*\)/g,en=e=>{if(e.startsWith(".")||e.startsWith("/")||/^[a-z][a-z0-9+.-]*:/i.test(e))return;const t=e.trim();if(t.length!==0){if(t.startsWith("@")){const i=t.split("/");return i.length<2?void 0:`${i[0]}/${i[1]}`}return t.split("/")[0]}},tn=e=>{const t=new Set,i=e.replaceAll(/\/\*[\s\S]*?\*\//g,"").replaceAll(/(^|[^:])\/\/.*$/gm,"$1"),a=n=>{n.lastIndex=0;let o;for(;(o=n.exec(i))!==null;){const r=en(o[1]);r&&t.add(r)}};return a(Za),a(Qa),a(Xa),t},an=e=>{const t=new Set;try{const i=ut(e);for(const a of Ya){const n=i[a];if(n&&typeof n=="object"&&!Array.isArray(n))for(const o of Object.keys(n))t.add(o)}}catch{}return t},nn=e=>{const t=e.skip??Ja,i=e.extensions??qa,a=new Set;let n=0;const o=it(e.workspaceRoot,{extensions:i,includeDirs:!1,skip:t});for(const l of o){n+=1;try{const d=mt(l,"utf8");for(const m of tn(d))a.add(m)}catch{}}const r=it(e.workspaceRoot,{extensions:["json"],includeDirs:!1,skip:t}).filter(l=>l.endsWith("/package.json")||l.endsWith(String.raw`\package.json`)||l.endsWith("package.json"));for(const l of r)for(const d of an(l))a.add(d);if(e.alwaysAssumeUsed)for(const l of e.alwaysAssumeUsed)a.add(l);const c=new Set;for(const l of e.vulnerablePackages)a.has(l)&&c.add(l);return{filesScanned:n,importedTotal:a,reachable:c}},rn=e=>{const t=L.coerce(e)?.major;return t!==void 0&&t>=10},on=e=>Object.fromEntries(Object.entries(e).sort(([t],[i])=>t.localeCompare(i))),sn=(e,t)=>`${JSON.stringify(e,void 0,t)}
297
+ `,xt=(e,t)=>{if(t.name==="pnpm"&&rn(t.version))return{filePath:z(e,"pnpm-workspace.yaml"),surface:"pnpm-workspace.yaml"};const i=z(e,"package.json");return t.name==="pnpm"?{filePath:i,surface:"package.json#pnpm.overrides"}:t.name==="yarn"?{filePath:i,surface:"package.json#resolutions"}:{filePath:i,surface:"package.json#overrides"}},cn=(e,t)=>{const{filePath:i,surface:a}=xt(e,t);if(!J(i))return{};if(a==="pnpm-workspace.yaml")try{return Ve(i)?.overrides??{}}catch{return{}}try{const n=JSON.parse(be(i));return a==="package.json#pnpm.overrides"?(n.pnpm??{}).overrides??{}:a==="package.json#resolutions"?n.resolutions??{}:n.overrides??{}}catch{return{}}},ln=(e,t)=>{const i=Object.keys(t).sort();if(i.length===0&&!/^overrides\s*:/m.test(e))return e;const a=`overrides:
298
+ ${i.map(n=>` '${n}': '${t[n]}'`).join(`
299
+ `)}
300
+ `;if(e.length===0)return a;if(/^overrides\s*:/m.test(e)){const n=e.replace(/^overrides\s*:[^\n]*\n(?:[ \t][^\n]*\n)*/m,a);return n.endsWith(`
301
+ `)?n:`${n}
302
+ `}return`${e.endsWith(`
303
+ `)?e:`${e}
304
+ `}
305
+ ${a}`},pn=(e,t,i,a)=>{const n=qt(e,t.length>0?t:void 0),o=t.length>0?JSON.parse(t):{};if(i==="package.json#pnpm.overrides"){const r=o.pnpm??{};r.overrides=a,o.pnpm=r}else i==="package.json#resolutions"?o.resolutions=a:o.overrides=a;return sn(o,n)},dn=(e,t,i)=>{const{filePath:a,surface:n}=xt(e,i),o=cn(e,i),r=J(a)?be(a):"",c=[],l={...o};for(const h of t.entries){const v=o[h.packageName];if(v===h.spec){c.push({...h,previousSpec:v,status:"unchanged"});continue}v===void 0?c.push({...h,status:"added"}):c.push({...h,previousSpec:v,status:"updated"}),l[h.packageName]=h.spec}const d=on(l),m=c.some(h=>h.status!=="unchanged"),b=n==="pnpm-workspace.yaml"?ln(r,d):pn(a,r,n,d);return{changed:m,entries:c,filePath:a,nextContent:b,previousContent:r,surface:n}},gn=e=>{if(!e.changed)return e;if(e.surface==="pnpm-workspace.yaml"&&e.previousContent.length===0)throw new Error(`${e.filePath} not found. Run \`pnpm init\` or create pnpm-workspace.yaml before applying overrides for pnpm v10+.`);const t=`${e.filePath}.tmp`;try{bi(t,e.nextContent),xi(t,e.filePath)}catch(i){try{ki(t)}catch{}throw i}return e},fn=e=>{const t=new Map;for(const i of e){const a=i.vulnerability.fixedVersions[0];if(!a)continue;const n=L.coerce(a),o=n?`^${n.version}`:a;t.set(i.packageName,o)}return{entries:[...t.entries()].sort(([i],[a])=>i.localeCompare(a)).map(([i,a])=>({packageName:i,spec:a}))}},un={critical:we,high:dt,low:pt,medium:ye},Te=new Set(["cargo","crates.io","go","maven","npm","pypi","rubygems"]),mn=e=>{const t=(e??"npm").split(",").map(n=>n.trim()).filter(n=>n.length>0),i=t.length>0?t:["npm"],a=i.filter(n=>!Te.has(n.toLowerCase()));return{all:i,unsupported:a}},hn={CRITICAL:we,HIGH:dt,LOW:pt,MODERATE:ye,UNKNOWN:D},vn=(e,t,i,a)=>{const n=hn[i.severity]??D,o=a?` ${D("[acknowledged]")}`:"",r=i.fixedVersions??[],c=r.length>0?` (fix: ${r.join(", ")})`:"";return` ${n(i.severity)} ${i.id} — ${e}@${t}${o}
306
+ ${i.summary}${c}`},wn=(e,t)=>{const i=ii(e),a=`${String(Math.round(e.score.overall*100))}%`,n=t?` ${D("[acknowledged]")}`:"",o=e.alerts.length>0?`, ${String(e.alerts.length)} alert${e.alerts.length===1?"":"s"}`:"";return` ${a} ${i}@${e.version} (${ti(e.score.overall)}${o})${n}`},yn=new Set(["aube","auto","vis"]),te=e=>e!==void 0&&yn.has(e),bn=(e,t,i)=>{if(e!==void 0&&!te(e))throw new Error(`Invalid --backend value '${e}'. Expected one of: aube, auto, vis.`);const a=process.env.VIS_AUDIT_BACKEND;if(a!==void 0&&a!==""&&!te(a))throw new Error(`Invalid VIS_AUDIT_BACKEND value '${a}'. Expected one of: aube, auto, vis.`);const n=te(a)?a:void 0,o=te(t)?t:void 0,r=(te(e)?e:void 0)??n??o??"auto";return r==="aube"?"aube":r==="vis"?"vis":(i?.install?.backend??process.env.VIS_INSTALLER)==="aube"&&Pt("aube")!==null?"aube":"vis"},xn=e=>{if(e!==void 0)switch(e){case"critical":return"critical";case"high":return"high";case"low":return"low";case"medium":return"moderate";default:return e}},kn=(e,t,i)=>{const a=["audit"],n=xn(t.severity);n!==void 0&&a.push("--audit-level",n),(t.prodOnly===!0||t.prod===!0)&&a.push("--prod"),(t.json===!0||t.format==="json")&&a.push("--json");const o=t.fix===!0;t["fix-transitive"]===!0||t.fixTransitive===!0?a.push("--fix=override"):o&&a.push("--fix=update");const r=[];t.offline===!0&&r.push("--offline (aube has its own offline cache)"),(t.format==="sarif"||t.format==="csaf"||t.format==="cyclonedx"||t.format==="cyclonedx-vex"||t.format==="gitlab"||t.format==="junit")&&r.push(`--format=${String(t.format)} (only json/text is forwarded to aube)`),r.length>0&&u.warn(`Delegating to 'aube audit'. Skipping vis-only flags: ${r.join(", ")}`);const c=Dt("aube",a,{cwd:e,stdio:"inherit"});if(c.error){const{code:l}=c.error;return l==="ENOENT"?u.error("Backend 'aube' selected but the 'aube' binary was not found on PATH. Install aube or run with --backend vis."):u.error(`Failed to spawn aube: ${c.error.message}`),1}return c.status??1},$n=async(e,t,i,a,n)=>{if(bn(i.backend,a?.security?.audit?.backend,a)==="aube"){process.exitCode=kn(t,i);return}const o=i.severity??"low",r=i.format??"table",c=r==="sarif",l=r==="csaf",d=r==="cyclonedx-vex"||r==="cyclonedx",m=r==="gitlab",b=r==="junit",h=r==="json"||!!i.json,v=i.report,y=a?.security?.audit,g=a?.security?.policies,$=i.offline===void 0?!!y?.offlineByDefault:!!i.offline,x=i.db,A=mn(i.ecosystem),q=!!i.prodOnly,M=i.failOn??g?.vulnerability?.failOn,St=!!i.showFixes,ne=!!i.showAccepted,$e=a?.security?.acceptedRisks,We=g?.vulnerability?.usage,Nt=i.noUsage?!1:i.usage===void 0?!!We?.enabled:!!i.usage,I=h||c||l||d||m||b,_e=i.explain,Se=_e!==void 0,He=Se&&!c&&!l&&!d&&!m&&!b;if(Se&&$){u.error("`--explain` needs network access and cannot run in offline mode (--offline or security.audit.offlineByDefault)."),process.exitCode=1;return}Se&&!He&&u.warn(`\`--explain\` has no effect with --format=${r}; explanations are only rendered in table, json, and HTML output.`);const O=ai(t),C=Li(t,O.name);if($){const s=x??ui(t);if(!await e.access(s).then(()=>!0).catch(()=>!1)){const p=new et(s);I?process.stderr.write(`${p.message}
307
+ `):u.error(p.message),process.exitCode=1;return}}!I&&(C.ignoredAdvisories.length>0||C.excludedPackages.length>0)&&u.info(`Loaded ${String(C.ignoredAdvisories.length)} ignored advisor${C.ignoredAdvisories.length===1?"y":"ies"} and ${String(C.excludedPackages.length)} excluded package${C.excludedPackages.length===1?"":"s"} from ${O.name} config.`),!I&&A.unsupported.length>0&&u.warn(`Ecosystems ${A.unsupported.map(s=>`'${s}'`).join(", ")} are not yet supported by the audit matcher. Supported: npm, pypi, crates.io, cargo, maven, go, rubygems.`);const P=mi(t,O.name,{includeDev:!q});if(P.length===0){u.info(`No ${O.name} lockfile entries found. Run ${O.name} install first.`);return}if(!I){const s=q?"production-only packages":"installed packages";u.info(`Scanning ${String(P.length)} ${s}${$?" (offline)":""}…`)}const re=P.map(s=>({name:s.name,version:s.version})),oe=a?.security?.audit?.advisories?.bloom?.mode??"off";let W=[];if(oe!=="off")try{const s=await $i(t,{softFail:oe==="on"});if(s){if(W=Si(s,re).map(p=>({name:p.name,version:p.version})),!I&&W.length>0){u.warn(`osv-bloom prefilter flagged ${String(W.length)} package${W.length===1?"":"s"} as possibly malicious (MAL-*). Confirming via the advisory query path…`);const p=10;for(const f of W.slice(0,p))u.warn(` ${we("[bloom]")} ${f.name}@${f.version}`);W.length>p&&u.warn(` …and ${String(W.length-p)} more (full list in --format json output)`)}}else I||u.info(D("osv-bloom cache absent — skipping prefilter (run `vis advisories bloom sync` to enable)."))}catch(s){if(s instanceof Ni&&oe==="required"){const f=`${s.message} (security.audit.advisories.bloom.mode = "required")`;I?process.stderr.write(`${f}
308
+ `):u.error(f),process.exitCode=1;return}const p=s instanceof Error?s.message:String(s);if(oe==="required"){I?process.stderr.write(`osv-bloom prefilter failed: ${p}
309
+ `):u.error(`osv-bloom prefilter failed: ${p}`),process.exitCode=1;return}I||u.warn(`osv-bloom prefilter failed (continuing): ${p}`)}const se=new Set;$?se.add("socket").add("deps-dev"):(Qe("socket")&&se.add("socket"),Qe("depsDev")&&se.add("deps-dev"));const Ne=Jt(a?.security,{disabled:se,minimumScore:g?.score?.minimum}),Ae=Ne.length>0,At=Ne.map(s=>s.displayName).join(" + "),ce=g?.score?.minimum??ei,G=hi(t,O.name),Ct=[{id:"vulnerabilities",label:$?"Known vulnerabilities (offline OSV cache)":"Known vulnerabilities (OSV)"},...Ae?[{id:"security",label:`Supply-chain reports (${At})`}]:[]],V=fi(Ct,{live:!I}),Rt=Date.now(),B=s=>{const p=Date.now()-s;return p>=1e3?`${(p/1e3).toFixed(1)}s`:`${String(Math.round(p))}ms`};let Ce,Re;try{const s=Date.now(),p=Date.now();V.start("vulnerabilities"),Ae&&V.start("security");const f=$?Promise.resolve().then(()=>tt(re,{dbPath:x,ecosystem:A.all.find(w=>Te.has(w.toLowerCase()))??"npm",workspaceRoot:t})).then(w=>{let k=0;for(const N of w.values())k+=N.length;return V.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${B(s)}`:`none found · ${B(s)}`),w}).catch(w=>{const k=w instanceof Error?w.message:String(w);if(V.finish("vulnerabilities","error",k),w instanceof et)throw w;return new Map}):Yt(re).then(w=>{let k=0;for(const N of w.values())k+=N.length;return V.finish("vulnerabilities",k>0?"warn":"ok",k>0?`${String(k)} found · ${B(s)}`:`none found · ${B(s)}`),w}).catch(w=>{const k=w instanceof Error?w.message:String(w);return V.finish("vulnerabilities","error",k),new Map});[Ce,Re]=await Promise.all([f,Ae?Zt(Ne,re).then(w=>{let k=0,N=0;for(const X of w.values())k+=X.alerts.length,X.score.overall<ce&&(N+=1);const E=k+N;return V.finish("security",E>0?"warn":"ok",E>0?`${String(k)} alert${k===1?"":"s"}, ${String(N)} low-score · ${B(p)}`:`clean · ${B(p)}`),w}).catch(w=>{const k=w instanceof Error?w.message:String(w);return V.finish("security","error",k),new Map}):Promise.resolve(new Map)])}finally{V.stop()}h||u.info(D(`Scan completed in ${B(Rt)}`));const le=[];for(const s of P){if(Ti(s.name,C))continue;const p=Ce.get(s.name)??[],f=Re.get(`${s.name}@${s.version}`),w=Xe(s.name,s.version,$e),k=p.length>0,N=f?f.score.overall<ce:!1,E=f?f.alerts.length>0:!1;(k||N||E)&&le.push({acceptedRisk:w,name:s.name,socketReport:f,version:s.version,vulnerabilities:p})}if($){const s=A.all.filter(p=>Te.has(p.toLowerCase())&&p.toLowerCase()!=="npm");for(const p of s){const f=bt(p),w=Ka(t,f);if(w.length!==0){I||u.info(D(`Scanning ${String(w.length)} ${f} packages…`));try{const k=tt(w.map(N=>({name:N.name,version:N.version})),{dbPath:x,ecosystem:f,workspaceRoot:t});for(const N of w){const E=k.get(N.name)??[];E.length!==0&&le.push({acceptedRisk:Xe(N.name,N.version,$e),name:N.name,version:N.version,vulnerabilities:E})}}catch(k){const N=k instanceof Error?k.message:String(k);u.warn(`Failed to scan ${f}: ${N}`)}}}}let R=le.filter(s=>{const p=s.vulnerabilities.some(k=>he(k.severity,o)),f=s.socketReport?.alerts.some(k=>he(k.severity==="medium"?"MODERATE":k.severity.toUpperCase(),o)),w=s.socketReport&&s.socketReport.score.overall<ce;return p||f||w});const It=i.policies,Ue=[],j=await(async()=>{const s=si().map(E=>`'${E}'`).join(", "),p=ri(It,E=>{Ue.push(E);const X=`Unknown policy '${E}' — ignoring. Available: ${s}.`;I?process.stderr.write(`vis audit: ${X}
310
+ `):u.warn(X)});if(p?.size===0)return[];const f=a?.security?.policies?.license,w=!!(f&&((f.allow?.length??0)>0||(f.deny?.length??0)>0)),k=p===void 0||p.has("license"),N=w&&k?wi(t):void 0;return oi({manifestData:N,offline:$,osvFindings:Ce,packageManager:O.name,packages:P,socketReports:Re,workspaceRoot:t},"audit",{enabledPolicies:p,visConfig:a??{}})})();if(Nt){const s=new Set(R.filter(f=>f.vulnerabilities.length>0).map(f=>f.name)),p=nn({alwaysAssumeUsed:We?.alwaysAssumeUsed,vulnerablePackages:s,workspaceRoot:t});R=R.filter(f=>f.vulnerabilities.length===0?!0:p.reachable.has(f.name)),I||u.info(D(`Reachability filter: ${String(p.reachable.size)}/${String(s.size)} vulnerable packages reachable (${String(p.filesScanned)} files scanned).`))}const Fe=vi(t,O.name),Ge=Fe?R.map(s=>{const p=Ra(Fe,{name:s.name,version:s.version});return{...s,dependencyPaths:p}}):R.map(s=>({...s,dependencyPaths:[]})),_=()=>Ge.flatMap(s=>s.vulnerabilities.map(p=>({acknowledged:!!s.acceptedRisk||ae(p.id,C,p.aliases),dependencyPaths:s.dependencyPaths,packageName:s.name,packageVersion:s.version,vulnerability:p}))),Be=!!i.fix,Ke=!!i.fixTransitive,qe=!!i.yes,jt=!!i.allowMajor;if(Be||Ke){const s=_().filter(p=>!p.acknowledged);if(Be){const p=await Nn({actionableFindings:s,allowMajor:jt,pm:O,workspaceRoot:t,yes:qe});if(p!==void 0){process.exitCode=p;return}}if(Ke){const p=await An({actionableFindings:s,pm:O,visConfig:a,workspaceRoot:t,yes:qe});if(p!==void 0){process.exitCode=p;return}}}const pe=new Map;if(He){const s=Ci(_().filter(f=>!f.acknowledged).map(f=>({packageName:f.packageName,packageVersion:f.packageVersion,vulnerability:f.vulnerability})).sort(gt),_e),p=await Mi(s,a?.ai,{info:f=>{u.info(f)},warn:f=>{u.warn(f)}});for(const[f,w]of p)pe.set(f,w)}if(c){const s=ha({findings:_(),policyDecisions:j,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:t});process.stdout.write(`${JSON.stringify(s,void 0,2)}
311
+ `),ie(R,C,i.exitCode,M,j);return}if(l){const s=ra({findings:_(),tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"}});process.stdout.write(`${JSON.stringify(s,void 0,2)}
312
+ `),ie(R,C,i.exitCode,M,j);return}if(d){const{packageJsons:s,workspace:p}=Qt(t,a),f=Xt(t,p,s),w=pi({includeDev:!q,projectGraph:f,workspace:p,workspaceRoot:t}),k=ca({bom:w,findings:_()});process.stdout.write(`${JSON.stringify(k,void 0,2)}
313
+ `),ie(R,C,i.exitCode,M,j);return}if(m){const s=fa({findings:_(),policyDecisions:j,tool:{informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},workspaceRoot:t});process.stdout.write(`${JSON.stringify(s,void 0,2)}
314
+ `),ie(R,C,i.exitCode,M,j);return}if(b){const s=ma({findings:_(),policyDecisions:j});process.stdout.write(s),ie(R,C,i.exitCode,M,j);return}const Ie={informationUri:"https://github.com/visulima/visulima",name:"vis-audit",version:"alpha"},de=zi({bloomHits:W,duplicates:G,explanations:pe,filtered:Ge,packagesScanned:P.length,policyDecisions:j,tool:Ie,unknownPolicyTokens:Ue,workspaceRoot:t});if(v){const s=aa({findings:_().map(f=>{const w=pe.get(xe({packageName:f.packageName,packageVersion:f.packageVersion,vulnerability:f.vulnerability}));return w?{...f,explanation:w}:f}),packagesScanned:P.length,policyDecisions:j,report:de,tool:{name:Ie.name,version:Ie.version}}),p=Tt(t,v);await e.writeFile(p,s,"utf8"),I||u.success(`HTML report written to ${p}`)}if(h){process.stdout.write(`${JSON.stringify(de,void 0,2)}
315
+ `),i.exitCode&&(de.summary.issues>0||de.summary.policyBlocks>0)&&(process.exitCode=1),Pe(R,C,M,j);return}if(R.length===0){u.success(`No security issues found across ${String(P.length)} packages.`);return}const Z={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const s of R)for(const p of s.vulnerabilities)if(he(p.severity,o)){const f=p.severity==="UNKNOWN"?"LOW":p.severity;Z[f]?.push({entry:s,vuln:p})}let ge=0,je=0;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=Z[s];if(!(!p||p.length===0)){u.info(`
316
+ ── ${s} (${String(p.length)}) ──`);for(const{entry:f,vuln:w}of p){const k=!!f.acceptedRisk||ae(w.id,C,w.aliases);if(k&&(je++,!ne))continue;ge++,u.info(vn(f.name,f.version,w,k)),St&&(w.fixedVersions??[]).length>0&&u.notice(` Fix: update to ${w.fixedVersions.at(-1)}`);const N=pe.get(xe({packageName:f.name,packageVersion:f.version,vulnerability:w}));if(N)for(const E of N.split(`
317
+ `))u.info(` ${E}`)}}}const Q=R.filter(s=>s.socketReport&&(s.socketReport.score.overall<ce||s.socketReport.alerts.length>0));if(Q.length>0){u.info(`
318
+ ── Socket.dev Supply Chain (${String(Q.length)}) ──`);for(const s of Q){if(!s.socketReport)continue;const p=!!s.acceptedRisk;if(!(p&&!ne)){u.info(wn(s.socketReport,p));for(const f of s.socketReport.alerts){const w=un[f.severity]??D;u.info(` ${w(`[${f.severity.toUpperCase()}]`)} ${f.type} — ${f.category}`)}}}}if(G.length>0){u.info(`
319
+ ── Duplicate Dependencies (${String(G.length)}) ──`);for(const s of G){const p=s.versions.join(", ");u.info(` ${s.name} — ${String(s.versions.length)} versions: ${ye(p)}`)}}const Je=new Set;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=Z[s];if(p)for(const{vuln:f}of p)Je.add(f.id)}const Ee=j.filter(s=>{if(s.policy!=="vulnerability")return!0;const p=typeof s.data?.advisoryId=="string"?s.data.advisoryId:void 0;return s.severity==="block"&&p!==void 0&&!Je.has(p)});if(Ee.length>0){u.info(`
320
+ ── Policy Decisions (${String(Ee.length)}) ──`);for(const s of Ee){const p=!!s.acceptedRisk;if(p&&!ne)continue;const f=s.severity==="block"?we:s.severity==="warn"?ye:D,w=p?` ${D("[acknowledged]")}`:"";u.info(` ${f(`[${s.severity}]`)} ${s.policy} — ${s.reason}${w}`)}}const fe=s=>!!s.acceptedRisk||s.vulnerabilities.length>0&&s.vulnerabilities.every(p=>ae(p.id,C,p.aliases)),Ye=R.filter(s=>!fe(s)).length;if(u.info(""),u.info("─ Audit Summary"),u.info(` ${String(P.length)} packages scanned`),C.ignoredAdvisories.length>0&&u.info(` ${String(C.ignoredAdvisories.length)} ${O.name} audit exclusion${C.ignoredAdvisories.length===1?"":"s"} applied`),ge>0){const s=Z.CRITICAL?.filter(f=>!fe(f.entry)).length??0,p=Z.HIGH?.filter(f=>!fe(f.entry)).length??0;u.error(` ${String(ge)} vulnerabilit${ge===1?"y":"ies"} found`),s>0&&u.error(` ${String(s)} critical`),p>0&&u.warn(` ${String(p)} high`)}else u.success(" No vulnerabilities found");if(Q.length>0){const s=Q.filter(p=>!fe(p)).length;u.warn(` ${String(s)} package${s===1?"":"s"} with Socket.dev supply chain issues`)}G.length>0&&(u.warn(` ${String(G.length)} package${G.length===1?"":"s"} with duplicate versions`),u.notice(" Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const ue=j.filter(s=>s.severity==="block"&&!s.acceptedRisk);if(ue.length>0&&u.error(` ${String(ue.length)} policy block${ue.length===1?"":"s"}`),je>0&&(u.info(` ${String(je)} acknowledged (accepted risks)`),ne||u.notice(" Use --show-accepted to see acknowledged issues.")),Ye===0&&u.success(`
321
+ All issues are acknowledged. No action required.`),i.sync&&$e){const s=new Set;for(const f of le)if(f.acceptedRisk){for(const w of f.vulnerabilities)if((w.id.startsWith("CVE-")||w.id.startsWith("GHSA-"))&&s.add(w.id),w.aliases)for(const k of w.aliases)(k.startsWith("CVE-")||k.startsWith("GHSA-"))&&s.add(k)}const p=[...s];if(p.length>0){u.info("");const f=Pi(O.name,t,p);for(const w of f)u.success(` ${w}`)}else u.info(`
322
+ No advisory IDs to sync to native PM config.`)}i.exitCode&&(Ye>0||ue.length>0)&&(process.exitCode=1),Pe(R,C,M,j)},kt=e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),Pe=(e,t,i,a)=>{kt(a)&&(process.exitCode=1),i&&e.some(n=>n.vulnerabilities.some(o=>n.acceptedRisk||ae(o.id,t,o.aliases)?!1:he(o.severity,i)))&&(process.exitCode=1)},ie=(e,t,i,a,n)=>{i&&(e.filter(o=>!o.acceptedRisk&&o.vulnerabilities.some(r=>!ae(r.id,t,r.aliases))).length>0||kt(n))&&(process.exitCode=1),Pe(e,t,a,n)},$t=async(e,t)=>{if(!process.stdin.isTTY)return t;const i=Mt({input:process.stdin,output:process.stderr});try{const a="[y/N]",n=await new Promise(o=>{i.question(`${e} ${D(a)} `,r=>{o(r.trim())})});return n.length===0?t:n.toLowerCase().startsWith("y")}finally{i.close()}},Sn=e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun",Nn=async e=>{const t=yt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(u.info(""),u.info("─ Apply (direct deps)"),u.info(ka(t)),t.apply.length===0){u.info("Nothing to apply for direct deps.");return}if(De&&!e.yes)return u.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await $t("Apply these direct-dep upgrades?",!1))return u.info("Aborted — no changes made."),0;const i=new Map;for(const a of t.apply){const n=a.workspaceName??"",o=i.get(n);o?o.push(a):i.set(n,[a])}for(const[a,n]of i){const o=n.map(l=>`${l.packageName}@${l.targetSpec}`),r=a.length>0?[a]:[];u.info(`Running ${e.pm.name} add ${o.join(" ")}${a.length>0?` --filter ${a}`:""}`);const c=ni(e.pm,{exact:!1,filter:r,global:!1,optional:!1,packages:o,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return u.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return u.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},An=async e=>{if(!Sn(e.pm.name))return u.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(De&&(!e.yes||!t))return u.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const i=new Set(yt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(r=>r.packageName)),a=e.actionableFindings.filter(r=>!i.has(r.packageName)),n=fn(a);if(n.entries.length===0){u.info(""),u.info("─ Apply transitive (overrides)"),u.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const o=dn(e.workspaceRoot,n,{name:e.pm.name,version:e.pm.version});u.info(""),u.info("─ Apply transitive (overrides)"),u.info(`Target: ${o.filePath} (${o.surface})`);for(const r of o.entries){const c=r.status==="added"?"+":r.status==="updated"?"~":"·",l=r.previousSpec?` (was ${r.previousSpec})`:"";u.info(` ${c} ${r.packageName}: ${r.spec}${l}`)}if(!o.changed){u.info("No changes — overrides already match the plan.");return}if(!e.yes){if(De)return 1;if(!await $t("Write these overrides?",!1))return u.info("Aborted — no changes made."),0}try{gn(o)}catch(r){const c=r instanceof Error?r.message:String(r);return u.error(`Failed to write overrides: ${c}`),1}return u.success(`Wrote ${String(o.entries.filter(r=>r.status!=="unchanged").length)} override${o.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},Bn=async({fs:e,logger:t,options:i,visConfig:a,workspaceRoot:n})=>{if(!n)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await $n(e,n,i,a)};export{Bn as default,xn as mapSeverityToAube,bn as resolveAuditBackend};