@visulima/vis 1.0.0-alpha.43 → 1.0.0-alpha.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (156) hide show
  1. package/CHANGELOG.md +78 -0
  2. package/LICENSE.md +256 -0
  3. package/bin/resolve-binary.mjs +85 -0
  4. package/bin/vis.mjs +76 -0
  5. package/dist/bin.d.ts +1 -0
  6. package/dist/bin.js +1 -2
  7. package/dist/binx.js +1 -1
  8. package/dist/packem_chunks/CONFIG_FILES.js +1 -1
  9. package/dist/packem_chunks/bloom-status.js +1 -1
  10. package/dist/packem_chunks/bloom-sync.js +1 -1
  11. package/dist/packem_chunks/catalog.js +63 -62
  12. package/dist/packem_chunks/cli-exec.js +1 -1
  13. package/dist/packem_chunks/cli-main.js +173 -973
  14. package/dist/packem_chunks/detect.js +1 -1
  15. package/dist/packem_chunks/dispatch.js +1 -1
  16. package/dist/packem_chunks/fix.js +1 -1
  17. package/dist/packem_chunks/handler.js +1 -1
  18. package/dist/packem_chunks/handler10.js +1 -1
  19. package/dist/packem_chunks/handler11.js +1 -1
  20. package/dist/packem_chunks/handler12.js +2 -2
  21. package/dist/packem_chunks/handler13.js +1 -1
  22. package/dist/packem_chunks/handler14.js +1 -1
  23. package/dist/packem_chunks/handler15.js +1 -1
  24. package/dist/packem_chunks/handler16.js +1 -1
  25. package/dist/packem_chunks/handler17.js +1 -1
  26. package/dist/packem_chunks/handler18.js +1 -1
  27. package/dist/packem_chunks/handler19.js +1 -1
  28. package/dist/packem_chunks/handler2.js +1 -1
  29. package/dist/packem_chunks/handler20.js +1 -1
  30. package/dist/packem_chunks/handler21.js +1 -1
  31. package/dist/packem_chunks/handler22.js +13 -4
  32. package/dist/packem_chunks/handler23.js +1 -1
  33. package/dist/packem_chunks/handler24.js +1 -1
  34. package/dist/packem_chunks/handler26.js +1 -1
  35. package/dist/packem_chunks/handler27.js +1 -1
  36. package/dist/packem_chunks/handler28.js +1 -1
  37. package/dist/packem_chunks/handler29.js +1 -1
  38. package/dist/packem_chunks/handler3.js +1 -1
  39. package/dist/packem_chunks/handler30.js +1 -1
  40. package/dist/packem_chunks/handler4.js +1 -1
  41. package/dist/packem_chunks/handler5.js +3 -3
  42. package/dist/packem_chunks/handler50.js +4 -4
  43. package/dist/packem_chunks/handler51.js +3 -3
  44. package/dist/packem_chunks/handler53.js +1 -1
  45. package/dist/packem_chunks/handler54.js +2 -2
  46. package/dist/packem_chunks/handler55.js +1 -1
  47. package/dist/packem_chunks/handler57.js +4 -4
  48. package/dist/packem_chunks/handler58.js +1 -1
  49. package/dist/packem_chunks/handler59.js +2 -2
  50. package/dist/packem_chunks/handler6.js +6 -6
  51. package/dist/packem_chunks/handler60.js +18 -18
  52. package/dist/packem_chunks/handler61.js +1 -1
  53. package/dist/packem_chunks/handler62.js +3 -3
  54. package/dist/packem_chunks/handler63.js +4 -4
  55. package/dist/packem_chunks/handler65.js +2 -2
  56. package/dist/packem_chunks/handler66.js +15 -15
  57. package/dist/packem_chunks/handler67.js +5 -5
  58. package/dist/packem_chunks/handler68.js +16 -16
  59. package/dist/packem_chunks/handler69.js +5 -5
  60. package/dist/packem_chunks/handler7.js +1 -1
  61. package/dist/packem_chunks/handler70.js +16 -17
  62. package/dist/packem_chunks/handler71.js +2 -2
  63. package/dist/packem_chunks/handler72.js +2 -2
  64. package/dist/packem_chunks/handler73.js +13 -13
  65. package/dist/packem_chunks/handler74.js +3 -3
  66. package/dist/packem_chunks/handler75.js +3 -3
  67. package/dist/packem_chunks/handler76.js +63 -63
  68. package/dist/packem_chunks/handler77.js +1 -1
  69. package/dist/packem_chunks/handler8.js +1 -1
  70. package/dist/packem_chunks/handler9.js +1 -1
  71. package/dist/packem_chunks/heal-accept.js +1 -1
  72. package/dist/packem_chunks/heal.js +1 -1
  73. package/dist/packem_chunks/help-command.js +1 -1
  74. package/dist/packem_chunks/index2.js +802 -7
  75. package/dist/packem_chunks/index3.js +7 -135
  76. package/dist/packem_chunks/index4.js +134 -73
  77. package/dist/packem_chunks/index5.js +74 -0
  78. package/dist/packem_chunks/keys-refresh.js +1 -1
  79. package/dist/packem_chunks/lean.js +3 -3
  80. package/dist/packem_chunks/list.js +1 -1
  81. package/dist/packem_chunks/loader.js +1 -1
  82. package/dist/packem_chunks/loader2.js +1 -1
  83. package/dist/packem_chunks/print-config.js +1 -1
  84. package/dist/packem_chunks/registry.js +2 -2
  85. package/dist/packem_chunks/shell-runner.js +1 -1
  86. package/dist/packem_chunks/sync.js +1 -1
  87. package/dist/packem_chunks/sync2.js +1 -1
  88. package/dist/packem_chunks/tripwire.js +2 -2
  89. package/dist/packem_chunks/ts-loader.js +22 -2
  90. package/dist/packem_chunks/verify-lockfile.js +1 -1
  91. package/dist/packem_chunks/version-resolver.js +2 -2
  92. package/dist/packem_shared/{Table-CcVkyULl-DLWu6XHL.js → Table-BGIHvenQ-D2oJtNQj.js} +1 -1
  93. package/dist/packem_shared/affected-shas-CCxG4tvm.js +1 -0
  94. package/dist/packem_shared/{ai-analysis-Co-b15d_.js → ai-analysis-rC48NLfB.js} +5 -5
  95. package/dist/packem_shared/{ai-fix-DnJDgPN-.js → ai-fix-D_ijV3Rn.js} +3 -3
  96. package/dist/packem_shared/augment-DaSS2Lgs.js +4 -0
  97. package/dist/packem_shared/bin-CPMo34SM.js +1 -0
  98. package/dist/packem_shared/{build-scripts-Doxce2VM.js → build-scripts-MTSK6TNr.js} +1 -1
  99. package/dist/packem_shared/{command-runtime-RiCMa2C8.js → command-runtime-3FTGuUsK.js} +1 -1
  100. package/dist/packem_shared/{cyclonedx-BTBzGCBW.js → cyclonedx-BeUmPgfO.js} +1 -1
  101. package/dist/packem_shared/{dependency-scan-DEv-scN6.js → dependency-scan-DpOFiZuI.js} +1 -1
  102. package/dist/packem_shared/{docker-DKlF-gk3.js → docker-CViFYtmM.js} +1 -1
  103. package/dist/packem_shared/{env-XJzocuUP.js → env-Ct3hMEYB.js} +2 -2
  104. package/dist/packem_shared/{failure-log-Sp1j-5qo.js → failure-log-Dy2G-rKi.js} +1 -1
  105. package/dist/packem_shared/glob-fqg4KepW-1S3z30c8.js +1 -0
  106. package/dist/packem_shared/index-CE6MsgcV.js +22 -0
  107. package/dist/packem_shared/{index-CkZnT2Fe.js → index-Cntyu-w8.js} +1 -1
  108. package/dist/packem_shared/{index-DJAnbLEh.js → index-XAb0QGqA.js} +1 -1
  109. package/dist/packem_shared/{lifecycle-C4nRsXxc.js → lifecycle-CHcFuWf_.js} +1 -1
  110. package/dist/packem_shared/{lockfile-DIGyLfmF.js → lockfile-C1qCKGH6.js} +1 -1
  111. package/dist/packem_shared/{manifests-pLwnVmCN.js → manifests-WBnsV_Eb.js} +1 -1
  112. package/dist/packem_shared/{min-release-age-B23Mr7NO.js → min-release-age-C71MO72F.js} +1 -1
  113. package/dist/packem_shared/{missing-package-json-DdMNbe_j.js → missing-package-json-CTF71tE5.js} +1 -1
  114. package/dist/packem_shared/{native-config-sync-4K9wWTj5.js → native-config-sync-BFDVK9LH.js} +4 -4
  115. package/dist/packem_shared/{osv-bloom-BsQ-aFiM.js → osv-bloom-DVMlkcAO.js} +2 -2
  116. package/dist/packem_shared/{packument-QjOLAMSk.js → packument-C-A3Uhhx.js} +1 -1
  117. package/dist/packem_shared/pm-runner-CQcraCcu.js +1 -0
  118. package/dist/packem_shared/{provenance-CilBg0Ee.js → provenance-R2csDSNg.js} +1 -1
  119. package/dist/packem_shared/readJsonSync-CvkZyKmL-ihoybKvs.js +1 -0
  120. package/dist/packem_shared/{registry-keys-BEavOCPz.js → registry-keys-CMnS_Qt_.js} +1 -1
  121. package/dist/packem_shared/{resolve-explicit-C4o8_-SE.js → resolve-explicit-C4oQMyoB.js} +1 -1
  122. package/dist/packem_shared/resolve-runtime-QRaQucfL.js +1 -0
  123. package/dist/packem_shared/run-file-DD7Ne23Z.js +1 -0
  124. package/dist/packem_shared/{runtime-check-0lUJvgKt.js → runtime-check-BXehSP06.js} +1 -1
  125. package/dist/packem_shared/{s1ngularity-DuG-LLaX.js → s1ngularity-BCDt28u0.js} +1 -1
  126. package/dist/packem_shared/scan-progress-YRpDs90j.js +2 -0
  127. package/dist/packem_shared/{selectors-UmnAuc26.js → selectors-D4iCvITE.js} +1 -1
  128. package/dist/packem_shared/{signatures-CYheSqd3.js → signatures-B3srzCEv.js} +1 -1
  129. package/dist/packem_shared/target-options-CR0OuYJr.js +1 -0
  130. package/dist/packem_shared/toolchain-C44mPKPu.js +5 -0
  131. package/dist/packem_shared/{typosquats-hCtH-23t.js → typosquats-CQz-1Y6K.js} +1 -1
  132. package/dist/packem_shared/use-measured-height-DHi0xOPO.js +1 -0
  133. package/dist/packem_shared/utils-CRueU43T.js +1 -0
  134. package/dist/packem_shared/verify-DStfg3nb.js +1 -0
  135. package/dist/packem_shared/{vis-update-app-K-qATSeh.js → vis-update-app-B3I14Vfy.js} +1 -1
  136. package/dist/packem_shared/{watch-Bkp_AAbc.js → watch-BXNI7dC6.js} +1 -1
  137. package/dist/packem_shared/{watch-loop-WE7nWIEt.js → watch-loop-JfGKIgKB.js} +1 -1
  138. package/dist/runtime/preload.js +1 -1
  139. package/index.js +52 -52
  140. package/package.json +18 -14
  141. package/dist/packem_shared/affected-shas-C1XuRlvo.js +0 -1
  142. package/dist/packem_shared/augment-8fIWWGSc.js +0 -3
  143. package/dist/packem_shared/bin-DDq2oszw.js +0 -1
  144. package/dist/packem_shared/glob-fqg4KepW-7Bs2kZuM.js +0 -1
  145. package/dist/packem_shared/index-OQZQyN5R.js +0 -19
  146. package/dist/packem_shared/pm-runner-CIH0wPh-.js +0 -1
  147. package/dist/packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js +0 -4
  148. package/dist/packem_shared/resolve-runtime-CJSWV-K8.js +0 -1
  149. package/dist/packem_shared/run-file-B4TqKa0X.js +0 -1
  150. package/dist/packem_shared/scan-progress-RTMsE3Z4.js +0 -2
  151. package/dist/packem_shared/target-options-ChWcK60i.js +0 -1
  152. package/dist/packem_shared/toolchain-DyCKnGch.js +0 -5
  153. package/dist/packem_shared/use-measured-height-BKUjhm_3.js +0 -1
  154. package/dist/packem_shared/utils-Cxree603.js +0 -1
  155. package/dist/packem_shared/verify-CVPYlUrF.js +0 -1
  156. package/dist/packem_shared/window-ops-DDePlWLV.js +0 -2
@@ -1,4 +1,4 @@
1
- import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/index.server-J83sowC4.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-OQZQyN5R.js";import{I as De}from"../packem_shared/index-B0EsgdzO.js";import{whichBin as Pt}from"#native";import{r as zt,R as Wt,b as _t}from"../packem_shared/ai-analysis-Co-b15d_.js";import{N as Ht,O as Ut,B as Ft,T as Gt,u as Ve,p as u,i as Qe}from"./cli-main.js";import"../packem_shared/public-api-WqUCiyIe.js";import{e as Bt,W as Kt,v as qt,a as Jt,N as Yt,f as Zt,b as Qt,O as Xt}from"./catalog.js";import{w as ei,M as ti}from"../packem_shared/pm-runner-CIH0wPh-.js";import{s as L}from"../packem_shared/index-Cg0IHaFI.js";import{c as gt,s as he,p as ii,e as ai,g as ni}from"../packem_shared/index-CkZnT2Fe.js";import{d as ri}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as oi,b as si}from"../packem_shared/cyclonedx-BTBzGCBW.js";import{s as pi}from"../packem_shared/scan-progress-RTMsE3Z4.js";import{r as di,A as Xe,q as et}from"../packem_shared/advisories-CefYKEPe.js";import{a as ut}from"../packem_shared/readJsonSync-CvkZyKmL-CY7PZob_.js";import{l as gi,f as fi,a as ui}from"../packem_shared/dependency-scan-DEv-scN6.js";import{r as mi}from"../packem_shared/manifests-pLwnVmCN.js";import{l as bi,p as xi,O as ki}from"../packem_shared/osv-bloom-BsQ-aFiM.js";import{H as tt,h as $i,D as Si,y as Ni}from"../packem_shared/env-XJzocuUP.js";const Ot=Et(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Y=e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,i]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ee.getBuiltinModule(e)}return Ot(e)},{spawnSync:Dt}=Y("node:child_process"),{createInterface:Mt}=Y("node:readline"),{stripVTControlCharacters:Vt}=Y("node:util"),{createHash:ci}=Y("node:crypto"),{relative:ft,join:li}=Y("node:path"),{readFileSync:mt,existsSync:hi,writeFileSync:vi,renameSync:wi,unlinkSync:yi}=Y("node:fs"),it=(e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const i=[];for(const a of Lt(e,t))i.push(a.path);return i},xe=e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,Ai=e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all",Ci=(e,t)=>{if(Ai(t))return e;const i=String(t).trim();if(/^\d+$/.test(i)){const n=Number.parseInt(i,10)-1,o=e[n];return o?[o]:[]}const a=i.toLowerCase();return e.filter(n=>{const{aliases:o,id:r}=n.vulnerability;return r.toLowerCase()===a||(o??[]).some(c=>c.toLowerCase()===a)})},Ri=e=>{const{packageName:t,packageVersion:i,vulnerability:a}=e,n=(a.aliases??[]).join(", ")||"none",o=(a.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
1
+ import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/index.server-J83sowC4.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-CE6MsgcV.js";import{I as De}from"../packem_shared/index-B0EsgdzO.js";import{whichBin as Pt}from"#native";import{r as zt,R as Wt,b as _t}from"../packem_shared/ai-analysis-rC48NLfB.js";import{N as Ht,O as Ut,B as Ft,M as Gt,p as u,i as Qe}from"./cli-main.js";import"../packem_shared/public-api-WqUCiyIe.js";import{u as Ve}from"./ts-loader.js";import{e as Bt,W as Kt,v as qt,c as Jt,N as Yt,f as Zt,b as Qt,O as Xt}from"./catalog.js";import{A as ei,j as ti}from"../packem_shared/pm-runner-CQcraCcu.js";import{s as L}from"../packem_shared/index-Cg0IHaFI.js";import{c as gt,s as he,p as ii,e as ai,g as ni}from"../packem_shared/index-Cntyu-w8.js";import{d as ri}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as oi,b as si}from"../packem_shared/cyclonedx-BeUmPgfO.js";import{s as pi}from"../packem_shared/scan-progress-YRpDs90j.js";import{r as di,A as Xe,q as et}from"../packem_shared/advisories-CefYKEPe.js";import{a as ut}from"../packem_shared/readJsonSync-CvkZyKmL-ihoybKvs.js";import{l as gi,f as fi,a as ui}from"../packem_shared/dependency-scan-DpOFiZuI.js";import{r as mi}from"../packem_shared/manifests-WBnsV_Eb.js";import{l as bi,p as xi,O as ki}from"../packem_shared/osv-bloom-DVMlkcAO.js";import{H as tt,h as $i,D as Si,y as Ni}from"../packem_shared/env-Ct3hMEYB.js";const Ot=Et(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Y=e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,i]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ee.getBuiltinModule(e)}return Ot(e)},{spawnSync:Dt}=Y("node:child_process"),{createInterface:Mt}=Y("node:readline"),{stripVTControlCharacters:Vt}=Y("node:util"),{createHash:ci}=Y("node:crypto"),{relative:ft,join:li}=Y("node:path"),{readFileSync:mt,existsSync:hi,writeFileSync:vi,renameSync:wi,unlinkSync:yi}=Y("node:fs"),it=(e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const i=[];for(const a of Lt(e,t))i.push(a.path);return i},xe=e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,Ai=e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all",Ci=(e,t)=>{if(Ai(t))return e;const i=String(t).trim();if(/^\d+$/.test(i)){const n=Number.parseInt(i,10)-1,o=e[n];return o?[o]:[]}const a=i.toLowerCase();return e.filter(n=>{const{aliases:o,id:r}=n.vulnerability;return r.toLowerCase()===a||(o??[]).some(c=>c.toLowerCase()===a)})},Ri=e=>{const{packageName:t,packageVersion:i,vulnerability:a}=e,n=(a.aliases??[]).join(", ")||"none",o=(a.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
2
2
 
3
3
  Package: ${t}@${i}
4
4
  Advisory: ${a.id} (aliases: ${n})
@@ -319,4 +319,4 @@ ${a}`},pn=(e,t,i,a)=>{const n=qt(e,t.length>0?t:void 0),o=t.length>0?JSON.parse(
319
319
  ── Duplicate Dependencies (${String(G.length)}) ──`);for(const s of G){const p=s.versions.join(", ");u.info(` ${s.name} — ${String(s.versions.length)} versions: ${ye(p)}`)}}const Je=new Set;for(const s of["CRITICAL","HIGH","MODERATE","LOW"]){const p=Z[s];if(p)for(const{vuln:f}of p)Je.add(f.id)}const Ee=j.filter(s=>{if(s.policy!=="vulnerability")return!0;const p=typeof s.data?.advisoryId=="string"?s.data.advisoryId:void 0;return s.severity==="block"&&p!==void 0&&!Je.has(p)});if(Ee.length>0){u.info(`
320
320
  ── Policy Decisions (${String(Ee.length)}) ──`);for(const s of Ee){const p=!!s.acceptedRisk;if(p&&!ne)continue;const f=s.severity==="block"?we:s.severity==="warn"?ye:D,w=p?` ${D("[acknowledged]")}`:"";u.info(` ${f(`[${s.severity}]`)} ${s.policy} — ${s.reason}${w}`)}}const fe=s=>!!s.acceptedRisk||s.vulnerabilities.length>0&&s.vulnerabilities.every(p=>ae(p.id,C,p.aliases)),Ye=R.filter(s=>!fe(s)).length;if(u.info(""),u.info("─ Audit Summary"),u.info(` ${String(P.length)} packages scanned`),C.ignoredAdvisories.length>0&&u.info(` ${String(C.ignoredAdvisories.length)} ${O.name} audit exclusion${C.ignoredAdvisories.length===1?"":"s"} applied`),ge>0){const s=Z.CRITICAL?.filter(f=>!fe(f.entry)).length??0,p=Z.HIGH?.filter(f=>!fe(f.entry)).length??0;u.error(` ${String(ge)} vulnerabilit${ge===1?"y":"ies"} found`),s>0&&u.error(` ${String(s)} critical`),p>0&&u.warn(` ${String(p)} high`)}else u.success(" No vulnerabilities found");if(Q.length>0){const s=Q.filter(p=>!fe(p)).length;u.warn(` ${String(s)} package${s===1?"":"s"} with Socket.dev supply chain issues`)}G.length>0&&(u.warn(` ${String(G.length)} package${G.length===1?"":"s"} with duplicate versions`),u.notice(" Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates."));const ue=j.filter(s=>s.severity==="block"&&!s.acceptedRisk);if(ue.length>0&&u.error(` ${String(ue.length)} policy block${ue.length===1?"":"s"}`),je>0&&(u.info(` ${String(je)} acknowledged (accepted risks)`),ne||u.notice(" Use --show-accepted to see acknowledged issues.")),Ye===0&&u.success(`
321
321
  All issues are acknowledged. No action required.`),i.sync&&$e){const s=new Set;for(const f of le)if(f.acceptedRisk){for(const w of f.vulnerabilities)if((w.id.startsWith("CVE-")||w.id.startsWith("GHSA-"))&&s.add(w.id),w.aliases)for(const k of w.aliases)(k.startsWith("CVE-")||k.startsWith("GHSA-"))&&s.add(k)}const p=[...s];if(p.length>0){u.info("");const f=Pi(O.name,t,p);for(const w of f)u.success(` ${w}`)}else u.info(`
322
- No advisory IDs to sync to native PM config.`)}i.exitCode&&(Ye>0||ue.length>0)&&(process.exitCode=1),Pe(R,C,M,j)},kt=e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),Pe=(e,t,i,a)=>{kt(a)&&(process.exitCode=1),i&&e.some(n=>n.vulnerabilities.some(o=>n.acceptedRisk||ae(o.id,t,o.aliases)?!1:he(o.severity,i)))&&(process.exitCode=1)},ie=(e,t,i,a,n)=>{i&&(e.filter(o=>!o.acceptedRisk&&o.vulnerabilities.some(r=>!ae(r.id,t,r.aliases))).length>0||kt(n))&&(process.exitCode=1),Pe(e,t,a,n)},$t=async(e,t)=>{if(!process.stdin.isTTY)return t;const i=Mt({input:process.stdin,output:process.stderr});try{const a="[y/N]",n=await new Promise(o=>{i.question(`${e} ${D(a)} `,r=>{o(r.trim())})});return n.length===0?t:n.toLowerCase().startsWith("y")}finally{i.close()}},Sn=e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun",Nn=async e=>{const t=yt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(u.info(""),u.info("─ Apply (direct deps)"),u.info(ka(t)),t.apply.length===0){u.info("Nothing to apply for direct deps.");return}if(De&&!e.yes)return u.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await $t("Apply these direct-dep upgrades?",!1))return u.info("Aborted — no changes made."),0;const i=new Map;for(const a of t.apply){const n=a.workspaceName??"",o=i.get(n);o?o.push(a):i.set(n,[a])}for(const[a,n]of i){const o=n.map(l=>`${l.packageName}@${l.targetSpec}`),r=a.length>0?[a]:[];u.info(`Running ${e.pm.name} add ${o.join(" ")}${a.length>0?` --filter ${a}`:""}`);const c=ti(e.pm,{exact:!1,filter:r,global:!1,optional:!1,packages:o,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return u.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return u.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},An=async e=>{if(!Sn(e.pm.name))return u.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(De&&(!e.yes||!t))return u.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const i=new Set(yt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(r=>r.packageName)),a=e.actionableFindings.filter(r=>!i.has(r.packageName)),n=fn(a);if(n.entries.length===0){u.info(""),u.info("─ Apply transitive (overrides)"),u.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const o=dn(e.workspaceRoot,n,{name:e.pm.name,version:e.pm.version});u.info(""),u.info("─ Apply transitive (overrides)"),u.info(`Target: ${o.filePath} (${o.surface})`);for(const r of o.entries){const c=r.status==="added"?"+":r.status==="updated"?"~":"·",l=r.previousSpec?` (was ${r.previousSpec})`:"";u.info(` ${c} ${r.packageName}: ${r.spec}${l}`)}if(!o.changed){u.info("No changes — overrides already match the plan.");return}if(!e.yes){if(De)return 1;if(!await $t("Write these overrides?",!1))return u.info("Aborted — no changes made."),0}try{gn(o)}catch(r){const c=r instanceof Error?r.message:String(r);return u.error(`Failed to write overrides: ${c}`),1}return u.success(`Wrote ${String(o.entries.filter(r=>r.status!=="unchanged").length)} override${o.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},qn=async({fs:e,logger:t,options:i,visConfig:a,workspaceRoot:n})=>{if(!n)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await $n(e,n,i,a)};export{qn as default,xn as mapSeverityToAube,bn as resolveAuditBackend};
322
+ No advisory IDs to sync to native PM config.`)}i.exitCode&&(Ye>0||ue.length>0)&&(process.exitCode=1),Pe(R,C,M,j)},kt=e=>!e||e.length===0?!1:e.some(t=>t.severity==="block"&&!t.acceptedRisk),Pe=(e,t,i,a)=>{kt(a)&&(process.exitCode=1),i&&e.some(n=>n.vulnerabilities.some(o=>n.acceptedRisk||ae(o.id,t,o.aliases)?!1:he(o.severity,i)))&&(process.exitCode=1)},ie=(e,t,i,a,n)=>{i&&(e.filter(o=>!o.acceptedRisk&&o.vulnerabilities.some(r=>!ae(r.id,t,r.aliases))).length>0||kt(n))&&(process.exitCode=1),Pe(e,t,a,n)},$t=async(e,t)=>{if(!process.stdin.isTTY)return t;const i=Mt({input:process.stdin,output:process.stderr});try{const a="[y/N]",n=await new Promise(o=>{i.question(`${e} ${D(a)} `,r=>{o(r.trim())})});return n.length===0?t:n.toLowerCase().startsWith("y")}finally{i.close()}},Sn=e=>e==="pnpm"||e==="npm"||e==="yarn"||e==="bun",Nn=async e=>{const t=yt({allowMajor:e.allowMajor,findings:e.actionableFindings,workspaceRoot:e.workspaceRoot});if(u.info(""),u.info("─ Apply (direct deps)"),u.info(ka(t)),t.apply.length===0){u.info("Nothing to apply for direct deps.");return}if(De&&!e.yes)return u.error("Refusing to run --fix in CI without --yes. Re-run with --yes once the plan above looks right."),1;if(!e.yes&&!await $t("Apply these direct-dep upgrades?",!1))return u.info("Aborted — no changes made."),0;const i=new Map;for(const a of t.apply){const n=a.workspaceName??"",o=i.get(n);o?o.push(a):i.set(n,[a])}for(const[a,n]of i){const o=n.map(l=>`${l.packageName}@${l.targetSpec}`),r=a.length>0?[a]:[];u.info(`Running ${e.pm.name} add ${o.join(" ")}${a.length>0?` --filter ${a}`:""}`);const c=ti(e.pm,{exact:!1,filter:r,global:!1,optional:!1,packages:o,peer:!1,saveDev:!1,workspace:!1,workspaceRoot:!1},e.workspaceRoot,console);if(c!==0)return u.error(`${e.pm.name} add exited ${String(c)} — aborting before rescan.`),c}return u.success("Direct-dep upgrades applied. Re-run `vis audit` to confirm the fixes landed."),0},An=async e=>{if(!Sn(e.pm.name))return u.error(`--fix-transitive is not supported for package manager "${e.pm.name}". Use pnpm, npm, yarn, or bun.`),1;const t=!!e.visConfig?.security?.audit?.apply?.transitive?.enabled;if(De&&(!e.yes||!t))return u.error("Refusing to run --fix-transitive in CI without both --yes and security.audit.apply.transitive.enabled = true. Overrides have a higher blast radius than direct bumps — gate on config."),1;const i=new Set(yt({findings:e.actionableFindings,workspaceRoot:e.workspaceRoot}).apply.map(r=>r.packageName)),a=e.actionableFindings.filter(r=>!i.has(r.packageName)),n=fn(a);if(n.entries.length===0){u.info(""),u.info("─ Apply transitive (overrides)"),u.info("Nothing to override — all vulnerable packages are direct deps or have no fixed version.");return}const o=dn(e.workspaceRoot,n,{name:e.pm.name,version:e.pm.version});u.info(""),u.info("─ Apply transitive (overrides)"),u.info(`Target: ${o.filePath} (${o.surface})`);for(const r of o.entries){const c=r.status==="added"?"+":r.status==="updated"?"~":"·",l=r.previousSpec?` (was ${r.previousSpec})`:"";u.info(` ${c} ${r.packageName}: ${r.spec}${l}`)}if(!o.changed){u.info("No changes — overrides already match the plan.");return}if(!e.yes){if(De)return 1;if(!await $t("Write these overrides?",!1))return u.info("Aborted — no changes made."),0}try{gn(o)}catch(r){const c=r instanceof Error?r.message:String(r);return u.error(`Failed to write overrides: ${c}`),1}return u.success(`Wrote ${String(o.entries.filter(r=>r.status!=="unchanged").length)} override${o.entries.length===1?"":"s"}. Run \`${e.pm.name} install\` then re-run \`vis audit\` to confirm the fixes landed.`),0},Jn=async({fs:e,logger:t,options:i,visConfig:a,workspaceRoot:n})=>{if(!n)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await $n(e,n,i,a)};export{Jn as default,xn as mapSeverityToAube,bn as resolveAuditBackend};