@visulima/vis 1.0.0-alpha.44 → 1.0.0-alpha.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +51 -0
- package/dist/bin.js +1 -1
- package/dist/binx.js +1 -1
- package/dist/packem_chunks/bloom-status.js +1 -1
- package/dist/packem_chunks/bloom-sync.js +1 -1
- package/dist/packem_chunks/catalog.js +63 -62
- package/dist/packem_chunks/cli-exec.js +1 -1
- package/dist/packem_chunks/cli-main.js +172 -973
- package/dist/packem_chunks/detect.js +1 -1
- package/dist/packem_chunks/fix.js +1 -1
- package/dist/packem_chunks/handler.js +1 -1
- package/dist/packem_chunks/handler10.js +1 -1
- package/dist/packem_chunks/handler11.js +1 -1
- package/dist/packem_chunks/handler12.js +2 -2
- package/dist/packem_chunks/handler13.js +1 -1
- package/dist/packem_chunks/handler14.js +1 -1
- package/dist/packem_chunks/handler15.js +1 -1
- package/dist/packem_chunks/handler16.js +1 -1
- package/dist/packem_chunks/handler17.js +1 -1
- package/dist/packem_chunks/handler18.js +1 -1
- package/dist/packem_chunks/handler19.js +1 -1
- package/dist/packem_chunks/handler21.js +1 -1
- package/dist/packem_chunks/handler24.js +1 -1
- package/dist/packem_chunks/handler27.js +1 -1
- package/dist/packem_chunks/handler28.js +1 -1
- package/dist/packem_chunks/handler29.js +1 -1
- package/dist/packem_chunks/handler3.js +1 -1
- package/dist/packem_chunks/handler30.js +1 -1
- package/dist/packem_chunks/handler4.js +1 -1
- package/dist/packem_chunks/handler5.js +3 -3
- package/dist/packem_chunks/handler50.js +4 -4
- package/dist/packem_chunks/handler51.js +3 -3
- package/dist/packem_chunks/handler57.js +4 -4
- package/dist/packem_chunks/handler58.js +1 -1
- package/dist/packem_chunks/handler59.js +1 -1
- package/dist/packem_chunks/handler6.js +6 -6
- package/dist/packem_chunks/handler60.js +1 -1
- package/dist/packem_chunks/handler61.js +1 -1
- package/dist/packem_chunks/handler62.js +2 -2
- package/dist/packem_chunks/handler63.js +4 -4
- package/dist/packem_chunks/handler65.js +2 -2
- package/dist/packem_chunks/handler66.js +13 -13
- package/dist/packem_chunks/handler67.js +5 -5
- package/dist/packem_chunks/handler68.js +16 -16
- package/dist/packem_chunks/handler69.js +5 -5
- package/dist/packem_chunks/handler7.js +1 -1
- package/dist/packem_chunks/handler71.js +1 -1
- package/dist/packem_chunks/handler72.js +2 -2
- package/dist/packem_chunks/handler73.js +13 -13
- package/dist/packem_chunks/handler74.js +3 -3
- package/dist/packem_chunks/handler75.js +3 -3
- package/dist/packem_chunks/handler76.js +5 -5
- package/dist/packem_chunks/handler9.js +1 -1
- package/dist/packem_chunks/heal-accept.js +1 -1
- package/dist/packem_chunks/heal.js +1 -1
- package/dist/packem_chunks/help-command.js +1 -1
- package/dist/packem_chunks/index2.js +802 -7
- package/dist/packem_chunks/index3.js +7 -135
- package/dist/packem_chunks/index4.js +134 -73
- package/dist/packem_chunks/index5.js +74 -0
- package/dist/packem_chunks/keys-refresh.js +1 -1
- package/dist/packem_chunks/lean.js +1 -1
- package/dist/packem_chunks/list.js +1 -1
- package/dist/packem_chunks/loader.js +1 -1
- package/dist/packem_chunks/print-config.js +1 -1
- package/dist/packem_chunks/registry.js +2 -2
- package/dist/packem_chunks/shell-runner.js +1 -1
- package/dist/packem_chunks/sync.js +1 -1
- package/dist/packem_chunks/sync2.js +1 -1
- package/dist/packem_chunks/tripwire.js +2 -2
- package/dist/packem_chunks/ts-loader.js +1 -1
- package/dist/packem_chunks/verify-lockfile.js +1 -1
- package/dist/packem_chunks/version-resolver.js +2 -2
- package/dist/packem_shared/{Table-CcVkyULl-DLWu6XHL.js → Table-BGIHvenQ-D2oJtNQj.js} +1 -1
- package/dist/packem_shared/affected-shas-CCxG4tvm.js +1 -0
- package/dist/packem_shared/{ai-analysis-CO6S0afy.js → ai-analysis-rC48NLfB.js} +4 -4
- package/dist/packem_shared/{ai-fix-CI0Vvqld.js → ai-fix-D_ijV3Rn.js} +3 -3
- package/dist/packem_shared/bin-CPMo34SM.js +1 -0
- package/dist/packem_shared/{command-runtime-BE-vKsGH.js → command-runtime-3FTGuUsK.js} +1 -1
- package/dist/packem_shared/{env-C2ZCnfP_.js → env-Ct3hMEYB.js} +1 -1
- package/dist/packem_shared/{failure-log-jFfZRJK9.js → failure-log-Dy2G-rKi.js} +1 -1
- package/dist/packem_shared/{index-CQjzW7m8.js → index-Cntyu-w8.js} +1 -1
- package/dist/packem_shared/{index-D7EZ612R.js → index-XAb0QGqA.js} +1 -1
- package/dist/packem_shared/{lifecycle-Dyb47wbD.js → lifecycle-CHcFuWf_.js} +1 -1
- package/dist/packem_shared/{osv-bloom-BsQ-aFiM.js → osv-bloom-DVMlkcAO.js} +2 -2
- package/dist/packem_shared/{packument-DquNPIq9.js → packument-C-A3Uhhx.js} +1 -1
- package/dist/packem_shared/pm-runner-CQcraCcu.js +1 -0
- package/dist/packem_shared/{provenance-DIq8KyBV.js → provenance-R2csDSNg.js} +1 -1
- package/dist/packem_shared/{registry-keys-C8K11ets.js → registry-keys-CMnS_Qt_.js} +1 -1
- package/dist/packem_shared/{resolve-explicit-Dr4kIybR.js → resolve-explicit-C4oQMyoB.js} +1 -1
- package/dist/packem_shared/resolve-runtime-QRaQucfL.js +1 -0
- package/dist/packem_shared/{s1ngularity-CtMmtXJo.js → s1ngularity-BCDt28u0.js} +1 -1
- package/dist/packem_shared/scan-progress-YRpDs90j.js +2 -0
- package/dist/packem_shared/{signatures-CE8OAK-i.js → signatures-B3srzCEv.js} +1 -1
- package/dist/packem_shared/use-measured-height-DHi0xOPO.js +1 -0
- package/dist/packem_shared/{vis-update-app-Cpme_3Du.js → vis-update-app-B3I14Vfy.js} +1 -1
- package/index.js +52 -52
- package/package.json +11 -11
- package/dist/packem_shared/affected-shas-CwRY5aoc.js +0 -1
- package/dist/packem_shared/bin-P6Q5tKrP.js +0 -1
- package/dist/packem_shared/pm-runner-D4jM58Oz.js +0 -1
- package/dist/packem_shared/resolve-runtime-Tx0bvg0h.js +0 -1
- package/dist/packem_shared/scan-progress-D4yywI6P.js +0 -2
- package/dist/packem_shared/use-measured-height-XK9YSwtv.js +0 -1
- package/dist/packem_shared/window-ops-DDePlWLV.js +0 -2
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import{createRequire as mt}from"node:module";import{E as v,j as le,q as ke,I as fe,V as ve,s as Re}from"../packem_shared/index.server-J83sowC4.js";import{a5 as
|
|
2
|
-
`)){if(l.length===0)continue;const n=/^\s*(\d+)\s+(.+)$/.exec(l);if(!n)continue;const o=Number.parseInt(n[1]??"",10),c=(n[2]??"").toLowerCase();!Number.isFinite(o)||o===e||(/(?:^|[ /])vis-native(?:\s|$|[-.])/.test(c)||/(?:^|[ /])vis\s+run\b/.test(c)||/(?:^|[ /])task-runner(?:\s|$|[-.])/.test(c))&&i.push(o)}return i},ot=e=>{const t=rt("tasklist",["/FO","CSV","/NH"]),i=[];for(const l of t.split(/\r?\n/)){if(l.length===0)continue;const n=l.split(/","/).map(h=>h.replaceAll(/^"|"$/g,"")),o=(n[0]??"").toLowerCase(),c=Number.parseInt(n[1]??"",10);!Number.isFinite(c)||c===e||(o==="vis.exe"||o.startsWith("vis-native")||o.includes("task-runner"))&&i.push(c)}return i},wi=()=>{let e;try{const t=Te("watchman",["--version"],{encoding:"utf8",timeout:2e3});if(t.error||typeof t.status=="number"&&t.status!==0)throw t.error??new Error("watchman exited non-zero");e=typeof t.stdout=="string"?t.stdout.trim():void 0}catch{return{id:"watchman",message:"Watchman not found — `vis` uses native fs.watch (fine for small repos). Install Watchman + `fb-watchman` to scale watch mode on large monorepos.",status:"skip"}}return{detail:e?{version:e}:void 0,id:"watchman",message:e?`Watchman available (${e}) — scalable watch backend in use.`:"Watchman available — scalable watch backend in use.",status:"ok"}},yi=(e=process.cwd())=>{let t="";try{t=Ze(q(e,".gitattributes"),"utf8")}catch(i){if(i.code!=="ENOENT")return{id:"git-lfs",message:"Could not read .gitattributes.",status:"warn"}}if(!t.includes("filter=lfs"))return{id:"git-lfs",message:"No Git LFS tracking declared in .gitattributes.",status:"skip"};try{const i=Te("git",["lfs","version"],{encoding:"utf8",timeout:2e3});if(i.error||typeof i.status=="number"&&i.status!==0)throw i.error??new Error("git-lfs not available")}catch{return{id:"git-lfs",message:"Repo tracks files via Git LFS but `git-lfs` is not installed — checked-out LFS files are pointer stubs, not real content. Install git-lfs and run `git lfs pull`.",status:"warn"}}return{id:"git-lfs",message:"Git LFS tracking declared and `git-lfs` is installed.",status:"ok"}},ki=e=>[ai(),ci(),wi(),yi(e),ui()],ge=[{id:"dependencies",label:"Deps"},{id:"security",label:"Security"},{id:"optimization",label:"Optimize"},{id:"runtime",label:"Runtime"}],Ce=["dependencies","security","optimization","runtime"],he=e=>{const t=new Map;for(const i of Ce)t.set(i,[]);for(const i of e)t.get(i.section).push(i);for(const[i,l]of t)l.length===0&&t.delete(i);return t},pe=(e,t,i,l)=>{let n=e.filter(o=>o.section===t);if(l&&(n=n.filter(o=>o.severity===l)),i){const o=i.toLowerCase();n=n.filter(c=>c.title.toLowerCase().includes(o))}return[...n]},vi=e=>{const t={dependencies:"idle",optimization:"idle",runtime:"idle",security:"idle"};for(const i of Ce)e.has(i)&&(t[i]="idle");return t};class _e{#e;#i=new Set;constructor(t=[]){const i=Array.isArray(t)?{findings:t}:t,l=i.findings??[],n=i.activeSections??new Set(Ce),o=Ce.find(a=>n.has(a))??"dependencies",c=pe(l,o,"",void 0),h=vi(n);if(l.length>0)for(const a of l)h[a.section]="done";this.#e={all:l,entries:c,filterActive:!1,filterText:"",filterType:o,focusedPanel:"list",grouped:he(c),pendingAction:void 0,sectionError:{},sectionMessage:{},sectionStatus:h,selectedIndex:0,severityFilter:void 0}}getSnapshot=()=>this.#e;subscribe=t=>(this.#i.add(t),()=>{this.#i.delete(t)});setSelectedIndex(t){const i=Math.max(0,Math.min(t,this.#e.entries.length-1));i!==this.#e.selectedIndex&&this.#t({...this.#e,selectedIndex:i})}setFocusedPanel(t){t!==this.#e.focusedPanel&&this.#t({...this.#e,focusedPanel:t})}setFilterType(t){if(t===this.#e.filterType)return;const i=pe(this.#e.all,t,this.#e.filterText,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterType:t,grouped:he(i),selectedIndex:0})}setFilter(t){const i=pe(this.#e.all,this.#e.filterType,t,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterText:t,grouped:he(i),selectedIndex:0})}setFilterActive(t){if(t===this.#e.filterActive)return;if(t){this.#t({...this.#e,filterActive:!0});return}const i=pe(this.#e.all,this.#e.filterType,"",this.#e.severityFilter);this.#t({...this.#e,entries:i,filterActive:!1,filterText:"",grouped:he(i),selectedIndex:0})}setPendingAction(t){this.#t({...this.#e,pendingAction:t})}setSeverityFilter(t){if(t===this.#e.severityFilter)return;const i=pe(this.#e.all,this.#e.filterType,this.#e.filterText,t);this.#t({...this.#e,entries:i,grouped:he(i),selectedIndex:0,severityFilter:t})}startSection(t,i){this.#t({...this.#e,sectionMessage:{...this.#e.sectionMessage,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"running"}})}completeSection(t,i){const l=[...this.#e.all,...i],n=pe(l,this.#e.filterType,this.#e.filterText,this.#e.severityFilter),o={...this.#e.sectionMessage};delete o[t],this.#t({...this.#e,all:l,entries:n,grouped:he(n),sectionMessage:o,sectionStatus:{...this.#e.sectionStatus,[t]:"done"}})}failSection(t,i){this.#t({...this.#e,sectionError:{...this.#e.sectionError,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"error"}})}#t(t){this.#e=t;for(const i of this.#i)try{i()}catch{}}}const Ve={error:0,warn:1},bi=e=>!!e.acceptedRisk,lt=e=>{const t=[];if(e.sections.has("dependencies")){for(const i of e.outdated)t.push({entry:i,id:`outdated:${i.packageName}`,kind:"outdated",section:"dependencies",severity:"warn",subtitle:`${i.currentRange} → ${i.newRange} (${i.updateType})`,title:i.packageName});for(const i of e.duplicates)t.push({id:`duplicate:${i.name}`,kind:"duplicate",pkg:i,section:"dependencies",severity:"warn",subtitle:`${String(i.versions.length)} versions installed`,title:i.name})}if(e.sections.has("security"))for(const i of e.outdated){if(i.vulnerabilities&&i.vulnerabilities.length>0){const l=i.vulnerabilities[0],n=bi(i)?"warn":"error",o=i.vulnerabilities.length;t.push({entry:i,id:`vuln:${i.packageName}`,kind:"vulnerability",packageName:i.packageName,section:"security",severity:n,subtitle:o===1?`${l.severity} · ${l.id}`:`${String(o)} advisories · top: ${l.severity} ${l.id}`,title:i.packageName})}if(i.socketReport&&i.socketReport.alerts.length>0){const l=Math.round(i.socketReport.score.overall*100);t.push({entry:i,id:`socket:${i.packageName}`,kind:"socket",packageName:i.packageName,section:"security",severity:"warn",subtitle:`${String(i.socketReport.alerts.length)} alert${i.socketReport.alerts.length===1?"":"s"} · score ${String(l)}%`,title:i.packageName})}}if(e.sections.has("optimization"))for(const i of e.optimizations)t.push({entry:i,id:`opt:${i.packageName}`,kind:"optimization",section:"optimization",severity:"warn",subtitle:`${i.category} → ${i.replacement}`,title:i.packageName});if(e.sections.has("runtime"))for(const i of e.runtime)i.status==="warn"&&t.push({diagnostic:i,id:`runtime:${i.id}`,kind:"runtime",section:"runtime",severity:"warn",title:i.message});return t.sort((i,l)=>{if(i.section!==l.section){const n=["dependencies","security","optimization","runtime"];return n.indexOf(i.section)-n.indexOf(l.section)}return Ve[i.severity]-Ve[l.severity]}),t},at={dependencies:"Dependencies",optimization:"Optimization",runtime:"Runtime",security:"Security"},ji={error:"red",warn:"yellow"},$i={error:"✖",warn:"⚠"},Si={error:" ERROR ",warn:" WARN "},Ci=({children:e,hint:t,message:i,severity:l,title:n})=>{const o=ji[l];return s.jsxs(u,{borderColor:o,borderStyle:"single",flexDirection:"column",flexShrink:0,paddingX:1,children:[s.jsxs(u,{gap:1,children:[s.jsx(r,{backgroundColor:o,bold:!0,color:"black",children:Si[l]}),s.jsx(r,{bold:!0,color:o,children:$i[l]}),s.jsx(r,{bold:!0,wrap:"truncate-end",children:n})]}),s.jsx(r,{wrap:"truncate-end",children:i}),t?s.jsx(r,{dimColor:!0,wrap:"truncate-end",children:t}):null,e]})},Ri={CRITICAL:"red",HIGH:"red",LOW:"gray",MODERATE:"yellow",UNKNOWN:"gray"},Ti={critical:"red",high:"red",low:"gray",medium:"yellow"},Ai={major:"red",minor:"yellow",patch:"green"},C=({children:e,label:t,width:i=14})=>s.jsxs(u,{children:[s.jsx(u,{width:i,children:s.jsxs(r,{dimColor:!0,children:[t,":"]})}),typeof e=="string"?s.jsx(r,{children:e}):e]}),re=({children:e})=>s.jsx(u,{marginTop:1,children:s.jsx(r,{bold:!0,color:"white",children:e})}),Ii=({finding:e})=>{const{entry:t}=e,i=Ai[t.updateType]??"white";return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Current",children:t.currentRange}),s.jsxs(C,{label:"Target",children:[s.jsx(r,{children:t.newRange}),s.jsxs(r,{bold:!0,color:i,children:[" (",t.updateType,")"]})]}),s.jsx(C,{label:"Catalog",children:t.catalogName}),t.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:t.acceptedRisk.reason??"(no reason recorded)"})}):null,s.jsx(re,{children:"Action"}),s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis update"})," ","to apply this change."]})]})},Ni=({finding:e})=>s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Versions",children:s.jsx(r,{children:String(e.pkg.versions.length)})}),s.jsx(re,{children:"Installed versions"}),e.pkg.versions.map(t=>s.jsxs(r,{children:[" · ",t]},t)),s.jsx(re,{children:"Action"}),s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis dedupe"})," ","to consolidate to a single resolution."]})]}),Mi=({finding:e})=>{const t=e.entry.vulnerabilities??[];return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:e.packageName}),s.jsx(C,{label:"Current",children:e.entry.currentRange}),s.jsx(C,{label:"Advisories",children:String(t.length)}),e.entry.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,t.map(i=>{const l=Ri[i.severity]??"gray";return s.jsxs(u,{flexDirection:"column",marginTop:1,children:[s.jsxs(u,{children:[s.jsx(r,{bold:!0,color:l,children:i.severity}),s.jsx(r,{children:" "}),s.jsx(r,{children:i.id}),typeof i.cvssScore=="number"?s.jsxs(r,{dimColor:!0,children:[" · CVSS ",i.cvssScore.toFixed(1)]}):null]}),s.jsx(r,{wrap:"wrap",children:i.summary}),i.fixedVersions.length>0?s.jsxs(r,{dimColor:!0,children:["Fixed in: ",i.fixedVersions.join(", ")]}):null,i.aliases&&i.aliases.length>0?s.jsxs(r,{dimColor:!0,children:["Aliases: ",i.aliases.join(", ")]}):null]},i.id)})]})},Ei=({finding:e})=>{const t=e.entry.socketReport;if(!t)return s.jsx(r,{dimColor:!0,children:"No Socket report attached."});const i=Math.round(t.score.overall*100),l=ze(t.score.overall);return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:e.packageName}),s.jsx(C,{label:"Overall",children:s.jsxs(r,{color:l,children:[String(i),"%"]})}),s.jsx(C,{label:"Alerts",children:String(t.alerts.length)}),e.entry.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,s.jsx(re,{children:"Score breakdown"}),Object.entries(t.score).map(([n,o])=>{if(n==="overall")return null;const c=typeof o=="number"?o:0,h=Math.round(c*100),a=ze(c);return s.jsxs(u,{children:[s.jsx(u,{width:14,children:s.jsxs(r,{dimColor:!0,children:[n,":"]})}),s.jsxs(r,{color:a,children:[String(h),"%"]})]},n)}),s.jsx(re,{children:"Alerts"}),t.alerts.map((n,o)=>{const c=Ti[n.severity]??"gray";return s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{children:[s.jsx(r,{bold:!0,color:c,children:n.severity}),s.jsx(r,{children:" "}),s.jsx(r,{children:n.type})]}),n.props?s.jsx(r,{dimColor:!0,wrap:"wrap",children:JSON.stringify(n.props)}):null]},`${n.type}-${String(o)}`)})]})},Di=({finding:e})=>{const{entry:t}=e;return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:t.packageName}),s.jsx(C,{label:"Category",children:t.category}),s.jsx(C,{label:"Replacement",children:t.replacement}),t.overrideSpec?s.jsx(C,{label:"Override",children:t.overrideSpec}):null,s.jsx(C,{label:"Codemod",children:s.jsx(r,{color:t.hasCodemod?"green":"gray",children:t.hasCodemod?"available":"not available"})}),t.docUrl?s.jsx(C,{label:"Guide",children:s.jsx(r,{color:"cyan",underline:!0,children:t.docUrl})}):null,s.jsx(re,{children:"Action"}),t.hasCodemod?s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis optimize"})," ","to apply the codemod interactively."]}):t.overrideSpec?s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis optimize"})," ","to install the package override."]}):t.docUrl?s.jsx(r,{dimColor:!0,children:"No automated codemod. Open the migration guide above for the recommended alternative and steps."}):s.jsx(r,{dimColor:!0,children:"No automated codemod. Consult the package's docs or the e18e module-replacements guide for an alternative."})]})},Fi=({finding:e})=>{const{diagnostic:t}=e,i=t.status==="warn"?"yellow":t.status==="ok"?"green":"gray";return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Check",children:t.id}),s.jsx(C,{label:"Status",children:s.jsx(r,{color:i,children:t.status})}),s.jsx(re,{children:"Message"}),s.jsx(r,{wrap:"wrap",children:t.message}),t.detail&&Object.keys(t.detail).length>0?s.jsxs(s.Fragment,{children:[s.jsx(re,{children:"Details"}),Object.entries(t.detail).map(([l,n])=>s.jsxs(u,{children:[s.jsx(u,{width:20,children:s.jsxs(r,{dimColor:!0,children:[l,":"]})}),s.jsx(r,{children:String(n)})]},l))]}):null]})},Pi=({finding:e,focused:t,scrollRef:i})=>{const l=t?"white":"gray";if(!e)return s.jsx(u,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:s.jsx(r,{dimColor:!0,children:"No finding selected"})});let n;switch(e.kind){case"duplicate":{n=s.jsx(Ni,{finding:e});break}case"optimization":{n=s.jsx(Di,{finding:e});break}case"outdated":{n=s.jsx(Ii,{finding:e});break}case"runtime":{n=s.jsx(Fi,{finding:e});break}case"socket":{n=s.jsx(Ei,{finding:e});break}case"vulnerability":{n=s.jsx(Mi,{finding:e});break}default:{n=s.jsx(r,{dimColor:!0,children:"Unknown finding kind."});break}}return s.jsxs(u,{borderColor:l,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[s.jsxs(u,{flexShrink:0,paddingTop:1,paddingX:2,children:[s.jsx(r,{bold:!0,color:"white",children:e.title}),s.jsxs(r,{dimColor:!0,children:[" ",at[e.section]]})]}),s.jsxs(yt,{flexGrow:1,flexShrink:1,paddingX:2,ref:i,scrollbar:!0,scrollbarColor:"gray",scrollbarStyle:"block",children:[s.jsx(r,{}),n]})]})},ct={error:"red",warn:"yellow"},zi={error:"✖",warn:"⚠"},Oi=e=>e.kind==="outdated"||e.kind==="vulnerability"||e.kind==="socket"?!!e.entry.acceptedRisk:!1,Bi=({finding:e,isSelected:t})=>{const i=ct[e.severity],l=Oi(e);return s.jsxs(u,{flexShrink:0,height:1,children:[s.jsx(r,{children:t?">":" "}),s.jsxs(r,{color:i,children:[" ",zi[e.severity]," "]}),s.jsx(u,{flexGrow:1,children:s.jsx(r,{bold:t,inverse:t,wrap:"truncate",children:e.title})}),l?s.jsx(r,{color:"cyan",children:" ack"}):null,e.subtitle?s.jsxs(r,{dimColor:!0,wrap:"truncate",children:[" ",e.subtitle]}):null]})},Li=({count:e,section:t})=>s.jsxs(u,{flexShrink:0,height:1,marginTop:1,children:[s.jsx(r,{dimColor:!0,children:"▼ "}),s.jsx(r,{bold:!0,color:"white",children:at[t].toUpperCase()}),s.jsxs(r,{dimColor:!0,children:[" (",e,")"]})]}),_i=({count:e,label:t,status:i})=>s.jsxs(r,{children:[t,i==="running"?s.jsxs(r,{children:[" ",s.jsx(st,{type:"dots"})]}):null,i==="error"?s.jsx(r,{bold:!0,color:"red",children:" ✖"}):s.jsxs(r,{dimColor:!0,children:[" (",String(e),")"]})]}),Vi=({elapsedMs:e,entries:t,filterActive:i,filterText:l,filterType:n,focused:o,fromCache:c=!1,grouped:h,onViewportHeightChange:a,scrollOffset:p,sectionCounts:w,sectionMessage:j,sectionStatus:k,selectedIndex:D,severityFilter:$,totalAll:f,viewportHeight:T})=>{const M=o?"white":"gray",{measuredHeight:F,ref:E}=ei(T,a);let R=0,P=0;for(const b of t)b.severity==="error"?R+=1:b.severity==="warn"&&(P+=1);const Y=[];R>0&&Y.push(`${String(R)} error${R===1?"":"s"}`),P>0&&Y.push(`${String(P)} warn${P===1?"":"s"}`);const Z=Y.length>0?` (${Y.join(", ")})`:"",ee=(e/1e3).toFixed(1),W=[];for(const[b,S]of h){W.push(s.jsx(Li,{count:S.length,section:b},`hdr-${b}`));for(const _ of S){const V=t.indexOf(_);W.push(s.jsx(Bi,{finding:_,isSelected:V===D},_.id))}}let B=0;for(const[,b]of h)B+=2+b.length;const L=B>F&&F>0;return s.jsxs(u,{borderColor:M,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[s.jsxs(u,{flexShrink:0,gap:1,paddingX:1,children:[s.jsx(r,{bold:!0,inverse:!0,children:" DOCTOR "}),s.jsxs(r,{wrap:"truncate",children:[t.length,t.length===f?"":`/${String(f)}`," finding",t.length===1?"":"s",Z]}),$?s.jsx(r,{bold:!0,color:ct[$],inverse:!0,children:` ${$.toUpperCase()} ONLY `}):null,c?s.jsx(r,{bold:!0,color:"cyan",inverse:!0,children:" CACHED "}):null,s.jsxs(r,{dimColor:!0,children:[" · ",ee,"s"]})]}),s.jsx(u,{flexShrink:0,paddingX:1,paddingY:1,children:s.jsx(Qt,{isFocused:o,keyMap:{next:[],previous:[],useNumbers:!1,useTab:!1},onChange:()=>{},showIndex:!1,value:n,children:ge.map(({id:b,label:S})=>s.jsx(Zt,{name:b,children:s.jsx(_i,{count:w[b],label:S,status:k[b]})},b))})}),(()=>{const b=Object.keys(k).filter(S=>k[S]==="running"&&j[S]).map(S=>j[S]);return b.length===0?null:s.jsx(u,{flexShrink:0,paddingX:1,children:s.jsxs(r,{dimColor:!0,wrap:"truncate",children:[s.jsx(st,{type:"dots"})," ",b.join(" · ")]})})})(),i&&s.jsxs(u,{flexShrink:0,paddingX:1,children:[s.jsx(r,{bold:!0,color:"white",children:"/ "}),s.jsx(r,{children:l}),s.jsx(r,{inverse:!0,children:" "})]}),s.jsxs(u,{flexDirection:"row",flexGrow:1,overflow:"hidden",ref:E,children:[s.jsx(u,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:s.jsx(u,{flexDirection:"column",marginTop:-p,children:W.length>0?W:s.jsx(u,{marginTop:1,children:s.jsx(r,{dimColor:!0,children:"No findings match the current filter."})})})}),L&&s.jsx(u,{flexShrink:0,marginLeft:1,marginRight:1,children:s.jsx(kt,{contentHeight:B,placement:"inset",scrollOffset:p,style:"block",viewportHeight:F})})]},`list-${n}-${l}`)]})},Gi=e=>{if(e.kind==="outdated")return{command:`vis update ${e.entry.packageName}`,description:`Update ${e.entry.packageName} to ${e.entry.newRange}`};if(e.kind==="duplicate")return{command:`vis dedupe ${e.pkg.name}`,description:`Dedupe ${e.pkg.name} (${String(e.pkg.versions.length)} versions)`}},Ui=e=>{if(e.kind==="optimization")return{command:`vis optimize ${e.entry.packageName}`,description:`Replace ${e.entry.packageName} with ${e.entry.replacement}`}},Hi=e=>{if(e.kind!=="outdated"&&e.kind!=="vulnerability"&&e.kind!=="socket")return;const t=e.kind==="outdated"?e.entry.packageName:e.packageName,i=["// Add to vis.config.ts:","security: {"," acceptedRisks: {",` "${t}": {`,' reason: "explain why this risk is acceptable",',' expiresAt: "YYYY-MM-DD",'," },"," },","},"].join(`
|
|
3
|
-
`);return{command:i,configSnippet:i,description:`Acknowledge risk for ${t}`}},Yi=100,Wi=40,qi=10,Xi=({autoExitSeconds:e=0,banner:t,fromCache:i=!1,startedAt:l,store:n})=>{const{exit:o}=vt(),{columns:c,rows:h}=bt(),a=O.useSyncExternalStore(n.subscribe,n.getSnapshot),[p,w]=O.useState(!1),[j,k]=O.useState(!1),[D,$]=O.useState(0),[f,T]=O.useState(()=>Date.now());O.useEffect(()=>{const x=setInterval(()=>{T(Date.now())},1e3);return()=>{clearInterval(x)}},[]);const M=f-l,F=O.useRef(null),E=O.useRef(null),R=a.entries[a.selectedIndex]??null,P=O.useMemo(()=>{const x={dependencies:0,optimization:0,runtime:0,security:0};for(const m of a.all)x[m.section]+=1;return x},[a.all]),Y=t?t.hint?5:4:0,Z=O.useMemo(()=>{for(const x of Object.keys(a.sectionStatus))if(a.sectionStatus[x]==="running"&&a.sectionMessage[x])return 1;return 0},[a.sectionStatus,a.sectionMessage]),ee=c>=Yi,W=ee?Math.max(1,h-Y-2):Math.floor(h*.55),B=Math.max(1,W-6-Z-(a.filterActive?1:0)),[L,b]=O.useState(B),S=L>0?L:B,_=O.useMemo(()=>{let x=0;for(const[,m]of a.grouped)x+=2+m.length;return x},[a.grouped]),V=Math.max(0,_-S),G=Math.min(D,V),ne=O.useCallback(x=>{let m=0,y=0;for(const[,xe]of a.grouped){m+=2;for(let oe=0;oe<xe.length;oe++){if(y===x)return m;m+=1,y+=1}}return m},[a.grouped]),Q=O.useCallback(x=>{const m=ne(x);$(y=>m>y+S-2?Math.min(V,Math.max(0,m-S+2)):m<y+1?Math.max(0,m-1):y)},[ne,S,V]);if(O.useEffect(()=>{E.current?.scrollToTop()},[R?.id]),jt((x,m)=>{if(x==="c"&&m.ctrl){o();return}if(!j){if(p){m.escape||x==="?"?w(!1):x==="q"?(w(!1),k(!0)):m.downArrow||x==="j"?F.current?.scrollBy(1):(m.upArrow||x==="k")&&F.current?.scrollBy(-1);return}if(x==="?"){w(!0);return}if(x==="q"){k(!0);return}if(m.tab){n.setFocusedPanel(a.focusedPanel==="list"?"detail":"list");return}if(a.filterActive){if(m.escape||m.return){n.setFilterActive(!1);return}if(m.backspace){$(0),n.setFilter(a.filterText.slice(0,-1));return}x&&!m.ctrl&&!m.meta&&($(0),n.setFilter(a.filterText+x));return}if(a.focusedPanel==="list"&&(m.leftArrow||m.rightArrow)){const y=ge.findIndex(oe=>oe.id===a.filterType),xe=m.rightArrow?(y+1)%ge.length:(y-1+ge.length)%ge.length;$(0),E.current?.scrollToTop(),n.setFilterType(ge[xe].id);return}if(a.focusedPanel==="list"){if(m.downArrow||x==="j"){const y=Math.min(a.selectedIndex+1,a.entries.length-1);n.setSelectedIndex(y),Q(y);return}if(m.upArrow||x==="k"){const y=Math.max(a.selectedIndex-1,0);n.setSelectedIndex(y),Q(y);return}if(m.pageDown){const y=Math.min(a.selectedIndex+10,a.entries.length-1);n.setSelectedIndex(y),Q(y);return}if(m.pageUp){const y=Math.max(a.selectedIndex-10,0);n.setSelectedIndex(y),Q(y);return}if(m.home){n.setSelectedIndex(0),$(0);return}if(m.end){const y=a.entries.length-1;n.setSelectedIndex(y),Q(y);return}if(x==="/"){n.setFilterActive(!0);return}if(x==="e"){n.setSeverityFilter(a.severityFilter==="error"?void 0:"error"),$(0);return}if(x==="w"){n.setSeverityFilter(a.severityFilter==="warn"?void 0:"warn"),$(0);return}if(x==="u"&&R){const y=Gi(R);y&&(n.setPendingAction(y),o());return}if(x==="o"&&R){const y=Ui(R);y&&(n.setPendingAction(y),o());return}if(x==="a"&&R){const y=Hi(R);y&&(n.setPendingAction(y),o());return}if(x==="d"){n.setFocusedPanel("detail");return}return}if(m.escape||m.leftArrow){n.setFocusedPanel("list");return}if(m.downArrow||x==="j"){E.current?.scrollBy(1);return}if(m.upArrow||x==="k"){E.current?.scrollBy(-1);return}if(m.pageDown){E.current?.scrollBy(10);return}if(m.pageUp){E.current?.scrollBy(-10);return}if(m.home){E.current?.scrollToTop();return}m.end&&E.current?.scrollToBottom()}},{isActive:!0}),c<Wi||h<qi)return s.jsx(u,{alignItems:"center",height:h,justifyContent:"center",width:c,children:s.jsxs(r,{color:"yellow",children:["Terminal too small (",c,"x",h,")"]})});const z=a.focusedPanel==="detail",U=[s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"q"}),s.jsx(r,{dimColor:!0,children:"QUIT"})]},"q"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"?"}),s.jsx(r,{dimColor:!0,children:"HELP"})]},"?"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"↑↓"}),s.jsx(r,{dimColor:!0,children:z?"SCROLL":"NAV"})]},"nav"),z?s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"←/Esc"}),s.jsx(r,{dimColor:!0,children:"LIST"})]},"lr"):s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"←→"}),s.jsx(r,{dimColor:!0,children:"SECTION"})]},"lr"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"/"}),s.jsx(r,{dimColor:!0,children:"SEARCH"})]},"search"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"e/w"}),s.jsx(r,{dimColor:!0,children:"SEVERITY"})]},"sev"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"u/o/a"}),s.jsx(r,{dimColor:!0,children:"ACTION"})]},"actions"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"Tab"}),s.jsx(r,{dimColor:!0,children:"PANEL"})]},"tab")],te=s.jsx(u,{borderBottom:!1,borderColor:"gray",borderLeft:!1,borderRight:!1,borderStyle:"single",flexShrink:0,children:s.jsx(u,{gap:2,overflow:"hidden",paddingX:1,children:U})}),ce=s.jsxs($t,{footer:s.jsxs(r,{dimColor:!0,children:[s.jsx(r,{bold:!0,color:"white",children:"↑↓"})," scroll ",s.jsx(r,{bold:!0,color:"white",children:"?"}),"/",s.jsx(r,{bold:!0,color:"white",children:"Esc"})," close"]}),scrollRef:F,title:"DOCTOR — KEYBOARD SHORTCUTS",visible:p,width:56,children:[s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"NAVIGATION"})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" ↑/k "}),s.jsx(r,{dimColor:!0,children:"Move up"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" ↓/j "}),s.jsx(r,{dimColor:!0,children:"Move down"})]})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" PgUp"}),s.jsx(r,{dimColor:!0,children:" Jump up 10"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" PgDn"}),s.jsx(r,{dimColor:!0,children:" Jump down 10"})]})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Home"}),s.jsx(r,{dimColor:!0,children:" Jump to top"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" End"}),s.jsx(r,{dimColor:!0,children:" Jump to bottom"})]})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Tab"}),s.jsx(r,{dimColor:!0,children:" Switch panel"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" →/←"}),s.jsx(r,{dimColor:!0,children:" Section tabs (list) / Focus list (detail)"})]})]}),s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"FILTER"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" /"}),s.jsx(r,{dimColor:!0,children:" Open text filter (Esc/Enter to close)"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" e"}),s.jsx(r,{dimColor:!0,children:" Toggle errors-only filter"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" w"}),s.jsx(r,{dimColor:!0,children:" Toggle warns-only filter"})]})]}),s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"ACTIONS"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" u"}),s.jsx(r,{dimColor:!0,children:" Exit + suggest update / dedupe command"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" o"}),s.jsx(r,{dimColor:!0,children:" Exit + suggest optimize command"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" a"}),s.jsx(r,{dimColor:!0,children:" Exit + print risk-ack snippet"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" d"}),s.jsx(r,{dimColor:!0,children:" Focus detail panel"})]})]}),s.jsxs(u,{flexDirection:"column",children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"EXIT"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" q"}),s.jsx(r,{dimColor:!0,children:" Quit (with countdown)"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Ctrl+C"}),s.jsx(r,{dimColor:!0,children:" Quit immediately"})]})]})]}),de=s.jsx(Vi,{elapsedMs:M,entries:a.entries,filterActive:a.filterActive,filterText:a.filterText,filterType:a.filterType,focused:a.focusedPanel==="list",fromCache:i,grouped:a.grouped,onViewportHeightChange:b,scrollOffset:G,sectionCounts:P,sectionMessage:a.sectionMessage,sectionStatus:a.sectionStatus,selectedIndex:a.selectedIndex,severityFilter:a.severityFilter,totalAll:a.all.length,viewportHeight:S}),ue=t?s.jsx(Ci,{hint:t.hint,message:t.message,severity:t.severity,title:t.title}):null,me=s.jsx(Pi,{finding:R,focused:a.focusedPanel==="detail",scrollRef:E});if(ee){const x=Math.floor(c*.4);return s.jsxs(u,{flexDirection:"column",height:h,width:c,children:[ue,s.jsxs(u,{flexDirection:"row",flexGrow:1,children:[s.jsx(u,{flexGrow:1,children:de}),s.jsx(u,{width:x,children:me})]}),te,s.jsx(Pe,{autoExitSeconds:e||3,onCancel:()=>{k(!1)},visible:j}),ce]})}return s.jsxs(u,{flexDirection:"column",height:h,width:c,children:[ue,s.jsx(u,{height:W,children:de}),s.jsx(u,{flexGrow:1,children:me}),te,s.jsx(Pe,{autoExitSeconds:e||3,onCancel:()=>{k(!1)},visible:j}),ce]})},Ki=e=>e.replaceAll(/[$()+.?[\\\]^{|}]/g,String.raw`\$&`),Ji=e=>{const t=e.split("*").map(i=>Ki(i));return new RegExp(`^${t.join(".*")}$`,"i")},Qi=e=>e?e.split(",").map(t=>t.trim()).filter(t=>t.length>0).map(t=>Ji(t)):[],Se=(e,t)=>{for(const i of t)if(i.test(e))return!0;return!1},Zi=(e,t,i)=>{if(t.length===0)return e;const l=e.outdated.filter(p=>Se(p.packageName,t)),n=e.duplicates.filter(p=>Se(p.name,t)),o=e.optimizations.filter(p=>Se(p.packageName,t));let c=0,h=0,a=0;for(const p of l)p.vulnerabilities&&(c+=p.vulnerabilities.length),p.socketReport&&(h+=p.socketReport.alerts.length,p.socketReport.score.overall<i&&(a+=1));return{...e,duplicates:n,optimizations:o,outdated:l,socketIssues:{alerts:h,lowScore:a},vulnCount:c}},dt=(e,t)=>t.length===0?[...e]:e.filter(i=>{if(i.kind==="runtime")return!0;const l=i.kind==="duplicate"?i.pkg.name:i.kind==="outdated"||i.kind==="optimization"?i.entry.packageName:i.packageName;return Se(l,t)}),ut=["dependencies","security","optimization","runtime"],Ge=e=>{const t=new Set;if(!e)return t;for(const i of e.split(",")){const l=i.trim().toLowerCase();ut.includes(l)&&t.add(l)}return t},es=(e,t)=>{if(e!==void 0&&e!=="")return Ge(e);const i=Ge(t);return new Set(ut.filter(l=>!i.has(l)))},ht=e=>{const t={micro:0,native:0,preferred:0,socket:0,total:e.length};for(const i of e)switch(i.category){case"micro-utility":{t.micro+=1;break}case"native":{t.native+=1;break}case"preferred":{t.preferred+=1;break}case"socket":{t.socket+=1;break}}return t},se=(e,t)=>{if(!e.sections.has(t))return"skip";switch(t){case"dependencies":return e.outdated.length>0||e.duplicates.length>0?"warn":"ok";case"optimization":return e.optimizations.length>0?"warn":"ok";case"runtime":return e.runtime.some(i=>i.status==="warn")?"warn":"ok";case"security":return e.vulnCount>0||e.socketIssues.alerts>0?"error":e.socketIssues.lowScore>0?"warn":"ok";default:return"ok"}},ts=(e,t)=>{const i=ht(e.optimizations),l={dependencies:se(e,"dependencies"),optimization:se(e,"optimization"),runtime:se(e,"runtime"),security:se(e,"security")},n=new Set([...Object.values(l),e.supplyChain.status]),o=n.has("error")?"error":n.has("warn")?"warn":"ok";return{dependencies:{duplicates:e.duplicates.length,installed:e.installedCount,outdated:e.outdated.length,status:l.dependencies},elapsedMs:e.elapsedMs,optimizations:{microUtilities:i.micro,native:i.native,preferred:i.preferred,socket:i.socket,status:l.optimization,total:i.total},packageManager:t,runtime:e.runtime.map(c=>({detail:c.detail,id:c.id,message:c.message,status:c.status})),runtimeStatus:l.runtime,security:{alerts:e.socketIssues.alerts,lowScorePackages:e.socketIssues.lowScore,status:l.security,vulnerabilities:e.vulnCount},status:o,supplyChain:{findings:e.supplyChain.findings.map(c=>({detail:c.detail,label:c.label,severity:c.severity})),status:e.supplyChain.status},workspaces:e.workspaceCount}},Ue=(e,t)=>{const i=e.runtime.some(n=>n.status==="warn"),l=e.vulnCount>0||e.socketIssues.alerts>0;return t?l||e.outdated.length>0||e.duplicates.length>0||i:l},is=["aube-workspace.yaml","pnpm-workspace.yaml"],ye=e=>typeof e=="boolean"?e:void 0,ss=e=>{if(e==="no-downgrade"||e==="off")return e},rs=e=>{const t={allowBuildsCount:0,blockExoticSubdeps:void 0,jailBuilds:void 0,minimumReleaseAge:void 0,minimumReleaseAgeStrict:void 0,paranoid:void 0,source:void 0,strictDepBuilds:void 0,trustPolicy:void 0};for(const i of is){const l=q(e,i);if(!be(l))continue;let n;try{n=Tt(Ct(l))}catch{continue}if(typeof n!="object"||n===null)continue;const o=n;return t.source=i,t.paranoid=ye(o.paranoid),t.trustPolicy=ss(o.trustPolicy),t.blockExoticSubdeps=ye(o.blockExoticSubdeps),t.jailBuilds=ye(o.jailBuilds),t.strictDepBuilds=ye(o.strictDepBuilds),t.minimumReleaseAgeStrict=ye(o.minimumReleaseAgeStrict),typeof o.minimumReleaseAge=="number"&&Number.isFinite(o.minimumReleaseAge)&&(t.minimumReleaseAge=o.minimumReleaseAge),o.allowBuilds&&typeof o.allowBuilds=="object"&&!Array.isArray(o.allowBuilds)&&(t.allowBuildsCount=Object.keys(o.allowBuilds).length),t}return t},ns=e=>e.paranoid?{...e,jailBuilds:!0,minimumReleaseAgeStrict:!0,strictDepBuilds:!0,trustPolicy:"no-downgrade"}:e,os=/^(@[\w./-]+\/[\w./-]+|[\w.-]+)@(.+)$/,ls=e=>{const t=os.exec(e);if(t)return{name:t[1],version:t[2]}},as=(e,t)=>{let i;try{if(t==="pnpm"){const n=q(e,"pnpm-workspace.yaml");be(n)&&(i=ti(n)?.patchedDependencies)}else if(t==="bun"){const n=q(e,"package.json");be(n)&&(i=et(n)?.patchedDependencies)}}catch{return[]}if(!i||typeof i!="object")return[];const l=[];for(const[n,o]of Object.entries(i)){if(typeof o!="string"||o.length===0)continue;const c=ls(n);c&&l.push({name:c.name,patchFile:o,resolvedPatchFile:Rt(o)?o:Xe(e,o),version:c.version})}return l},cs=e=>{const t=[];for(const i of e)be(i.resolvedPatchFile)||t.push({entry:i,kind:"missing-file"});return t},He=e=>e.some(t=>t.severity==="error")?"error":e.some(t=>t.severity==="warn")?"warn":"ok",ds=(e,t={})=>{const i=[],l=e?.security;if(!l)return i.push({detail:"Use defineConfig() from '@visulima/vis/config' to apply secure defaults.",label:"No security config — running with the PM's native defaults",severity:"warn"}),{findings:i,status:He(i)};const n=l.policies?.firstSeen?.minutes,o=l.policies?.publisherChange,c=l.policies?.installScripts;n===void 0?i.push({detail:"Set security.policies.firstSeen.minutes to block packages published in the last N minutes (mitigates supply-chain attacks).",label:"policies.firstSeen.minutes is not set",severity:"warn"}):n===0?i.push({detail:"New packages can be installed immediately after publishing. Consider setting a non-zero cooldown.",label:"policies.firstSeen.minutes is explicitly 0",severity:"warn"}):i.push({label:`policies.firstSeen.minutes: ${String(n)} minutes`,severity:"ok"}),o?.mode===void 0||o.mode==="off"?i.push({detail:"Packages whose trust level has decreased will not be blocked. Consider 'no-downgrade'.",label:`policies.publisherChange.mode: ${o?.mode??"not set"}`,severity:"warn"}):i.push({label:`policies.publisherChange.mode: ${o.mode}`,severity:"ok"}),l.blockExoticSubdeps===void 0||!l.blockExoticSubdeps?i.push({detail:"Transitive dependencies can pull code from git repos or tarball URLs. Set to true to block.",label:`blockExoticSubdeps: ${String(l.blockExoticSubdeps??!1)}`,severity:"warn"}):i.push({label:"blockExoticSubdeps: true",severity:"ok"});const h=c?.allow?Object.keys(c.allow).length:0;if(h===0?i.push({detail:"Lifecycle scripts are blocked by default. List trusted packages here to opt them back in (e.g. esbuild, @prisma/client).",label:"policies.installScripts.allow: not configured",severity:"warn"}):i.push({label:`policies.installScripts.allow: ${String(h)} ${h===1?"entry":"entries"}`,severity:"ok"}),c?.strict&&h===0&&i.push({detail:"All dependencies with build scripts will be blocked. Run 'vis approve-builds' to populate the allow list.",label:"policies.installScripts.strict is on but allow is empty",severity:"error"}),t.workspaceRoot){const a=ii(t.workspaceRoot);if(a.length>0){const p=[...new Set(a.map(w=>w.tool))].sort((w,j)=>w.localeCompare(j)).join(", ");i.push({detail:"Run `vis migrate verify` for the full list, then re-run `vis migrate <tool>` to clean up.",label:`${String(a.length)} leftover ${a.length===1?"reference":"references"} to ${p}`,severity:"warn"})}}if(t.workspaceRoot&&t.packageManager==="aube"){const a=rs(t.workspaceRoot),p=ns(a),w=p.source?` (from ${p.source})`:"";p.paranoid===!0&&i.push({detail:"Forces jailBuilds, trustPolicy=no-downgrade, minimumReleaseAgeStrict, strictStoreIntegrity, and strictDepBuilds on.",label:`aube paranoid: true${w}`,severity:"ok"}),p.trustPolicy==="off"&&i.push({detail:"Trust downgrades between releases will not be blocked. Set trustPolicy: no-downgrade in aube-workspace.yaml.",label:`aube trustPolicy: off${w}`,severity:"warn"}),p.blockExoticSubdeps===!1&&i.push({detail:"Transitive deps from git+, file:, and tarball URLs will not be blocked. Re-enable with blockExoticSubdeps: true.",label:`aube blockExoticSubdeps: false${w}`,severity:"warn"}),p.minimumReleaseAge===0&&i.push({detail:"Newly published versions are not held in a cooling window. Restore with minimumReleaseAge: 1440 (24h) or higher.",label:`aube minimumReleaseAge: 0${w}`,severity:"warn"}),p.jailBuilds===!0&&i.push({label:`aube jailBuilds: true${w}`,severity:"ok"}),p.strictDepBuilds===!0&&i.push({label:`aube strictDepBuilds: true${w}`,severity:"ok"}),p.allowBuildsCount>0&&i.push({label:`aube allowBuilds: ${String(p.allowBuildsCount)} ${p.allowBuildsCount===1?"entry":"entries"}${w}`,severity:"ok"})}if(t.workspaceRoot&&t.packageManager){const a=as(t.workspaceRoot,t.packageManager);if(a.length>0){const p=cs(a);if(p.length===0)i.push({label:`patchedDependencies: ${String(a.length)} ${a.length===1?"entry":"entries"} resolved`,severity:"ok"});else for(const w of p)i.push({detail:`Referenced from ${t.packageManager==="pnpm"?"pnpm-workspace.yaml":"package.json"} but the file is not present at ${w.entry.patchFile}.`,label:`patchedDependencies: missing patch file for ${w.entry.name}@${w.entry.version}`,severity:"error"})}}return{findings:i,status:He(i)}},H=e=>e>=1e3?`${(e/1e3).toFixed(1)}s`:`${String(Math.round(e))}ms`,je=async(e,t,i,l)=>{if(!e)return i();e.start(t);const n=Date.now();try{const o=await i(),c=Date.now()-n,{status:h,summary:a}=l(o,c);return e.finish(t,h,a),o}catch(o){const c=Date.now()-n,h=o instanceof Error?o.message:String(o);throw e.finish(t,"error",`${h} (${H(c)})`),o}},us=(e,t)=>{const i={duplicates:t.duplicates,optimizations:t.optimizations,outdated:t.outdated,runtime:t.runtime,sections:new Set([e])};return lt(i)},Ye=async e=>{const{filterPatterns:t,installed:i,progress:l,resolveCodemods:n,sections:o,store:c,visConfig:h,workspaceRoot:a}=e,p=o.has("dependencies"),w=o.has("security"),j=o.has("optimization"),k=o.has("runtime"),D=(g,A)=>dt(us(g,A),t),$=it(a),{packageManager:f}=qe(a),T=Be(q(a,"package.json"),!1),M=tt(a),F=new Set(T);for(const g of M){const A=Be(q(Xe(a,g),"package.json"),!1);for(const I of A)F.add(I)}const E=Nt(a),R=Ke(a,f),P=Je(h?.security,{minimumScore:h?.security?.policies?.score?.minimum}),Y=h?.security?.policies?.score?.minimum??Qe,Z=h?.security?.acceptedRisks,ee=Lt(a,$.name),W={exclude:[],ignore:[],include:[],includeLocked:!1,includePrerelease:!1,security:!0,target:"latest"},B=p?Jt(a,$.name):[],L=j?_t(F):[],b=j?Vt(F,ee,$,!1):[],S=new Set(L.map(g=>g.packageName)),_=b.filter(g=>!S.has(g.packageName)),V=[...L,..._],G=k?ki(a):[];c&&(p&&c.startSection("dependencies",R.size>0?"checking outdated catalog dependencies":"scanning duplicates"),w&&c.startSection("security",i.length>0?`scanning ${String(i.length)} packages for advisories`:"no installed packages to scan"),j&&c.startSection("optimization","matching e18e + socket overrides"),k&&c.startSection("runtime","running runtime diagnostics")),c&&k&&c.completeSection("runtime",D("runtime",{duplicates:[],optimizations:[],outdated:[],runtime:G}));const ne=(p||w)&&R.size>0?je(l,"outdated",()=>Mt(R,W,E,void 0,a,P,Z),(g,A)=>{const I=g.outdated.length;return{status:I>0?"warn":"ok",summary:I>0?`${String(I)} outdated · ${H(A)}`:`up to date · ${H(A)}`}}):Promise.resolve({failed:[],ignored:[],outdated:[]}),Q=w&&i.length>0?je(l,"vulnerabilities",()=>Et(i.map(g=>({name:g.name,version:g.version}))),(g,A)=>{let I=0;for(const ie of g.values())I+=ie.length;return{status:I>0?"error":"ok",summary:I>0?`${String(I)} found · ${H(A)}`:`none found · ${H(A)}`}}):Promise.resolve(new Map),z=w&&P.length>0&&i.length>0?je(l,"socket",()=>Dt(P,i.map(g=>({name:g.name,version:g.version}))),(g,A)=>{let I=0,ie=0;for(const Fe of g.values())I+=Fe.alerts.length,Fe.score.overall<Y&&(ie+=1);const De=I+ie;return{status:De>0?"warn":"ok",summary:De>0?`${String(I)} alert${I===1?"":"s"}, ${String(ie)} low-score · ${H(A)}`:`clean · ${H(A)}`}}):Promise.resolve(new Map);let U,te,ce,de;const ue=ne.catch(g=>(U=g instanceof Error?g.message:String(g),c||d.warn(`Outdated scan failed: ${U}`),{failed:[],ignored:[],outdated:[]})),me=Q.catch(g=>(te=g instanceof Error?g.message:String(g),c||d.warn(`Vulnerability scan failed: ${te}`),new Map)),x=z.catch(g=>(ce=g instanceof Error?g.message:String(g),c||d.warn(`Socket scan failed: ${ce}`),new Map)),m=c&&p?ue.then(g=>{if(U){c.failSection("dependencies",U);return}c.completeSection("dependencies",D("dependencies",{duplicates:B,optimizations:[],outdated:g.outdated,runtime:[]}))}):void 0,y=c&&w?Promise.all([ue,me,x]).then(([g])=>{const A=U??te??ce;if(A){c.failSection("security",A);return}c.completeSection("security",D("security",{duplicates:[],optimizations:[],outdated:g.outdated,runtime:[]}))}):void 0,xe=(async()=>{if(n&&j&&V.length>0&&await je(l,"codemods",async()=>(await Ht(V),V),(g,A)=>{const I=g.filter(ie=>ie.hasCodemod||ie.category==="socket").length;return{status:"ok",summary:`${String(I)} auto-fixable · ${H(A)}`}}).catch(g=>{de=g instanceof Error?g.message:String(g)}),c&&j){if(de){c.failSection("optimization",de);return}c.completeSection("optimization",D("optimization",{duplicates:[],optimizations:V,outdated:[],runtime:[]}))}})(),[oe,gt,ft]=await Promise.all([ue,me,x]);await Promise.all([m,y,xe]);let Me=0,Ee=0;if(w&&P.length>0)for(const g of ft.values())Me+=g.alerts.length,g.score.overall<Y&&(Ee+=1);let Ae=0;if(w){for(const g of oe.outdated)g.vulnerabilities&&g.vulnerabilities.length>0&&(Ae+=g.vulnerabilities.length);for(const g of gt.values())Ae+=g.length}return{duplicates:B,installedCount:i.length,optimizations:j?V:[],outdated:p?oe.outdated:[],runtime:G,sections:o,socketIssues:{alerts:Me,lowScore:Ee},supplyChain:ds(h,{packageManager:f,workspaceRoot:a}),vulnCount:Ae,workspaceCount:M.length}},hs=e=>{switch(e){case"error":return ve(N.failure);case"skip":return v(N.dash);case"warn":return Re(N.warning);default:return fe(N.success)}},ae=(e,t)=>{const i=process.stderr.columns??80,l=Math.max(20,Math.min(i-2,60)),n=N.dash.repeat(2),o=`${hs(t)} ${le(e)}`,c=o.replaceAll(/\[[0-9;]*m/g,"").length,h=Math.max(0,l-c-n.length-2);return`${n} ${o} ${v(N.dash.repeat(h))}`},J=e=>` ${fe(N.success)} ${e}`,X=e=>` ${Re(N.warning)} ${e}`,Ne=e=>` ${ve(N.failure)} ${e}`,pt=e=>` ${v(N.dash)} ${v(e)}`,K=(e,t,i)=>{const l=`${le(String(e))} ${v(t)}`;return i?`${l} ${v(`(${i})`)}`:l},ps=e=>{if(e.sections.has("dependencies")){if(d.log(""),d.log(ae("Dependencies",se(e,"dependencies"))),d.log(J(K(e.installedCount,"packages installed"))),e.outdated.length>0){const t=e.outdated.filter(o=>o.updateType==="major").length,i=e.outdated.filter(o=>o.updateType==="minor").length,l=e.outdated.filter(o=>o.updateType==="patch").length,n=[];t>0&&n.push(`${String(t)} major`),i>0&&n.push(`${String(i)} minor`),l>0&&n.push(`${String(l)} patch`),d.log(X(K(e.outdated.length,"outdated",n.join(", "))))}else d.log(J("All dependencies up to date"));e.duplicates.length>0?d.log(X(K(e.duplicates.length,"packages with duplicate versions"))):d.log(J("No duplicate dependencies"))}},gs=e=>{e.sections.has("security")&&(d.log(""),d.log(ae("Security",se(e,"security"))),e.vulnCount>0?d.log(Ne(K(e.vulnCount,`vulnerabilit${e.vulnCount===1?"y":"ies"} found`))):d.log(J("No known vulnerabilities")),e.socketIssues.alerts>0&&d.log(X(K(e.socketIssues.alerts,`Socket.dev security alert${e.socketIssues.alerts===1?"":"s"}`))),e.socketIssues.lowScore>0&&d.log(X(K(e.socketIssues.lowScore,`package${e.socketIssues.lowScore===1?"":"s"} with low security score`))),e.socketIssues.alerts===0&&e.socketIssues.lowScore===0&&e.vulnCount===0&&d.log(J("No security issues detected")))},fs=e=>{if(!e.sections.has("optimization"))return;d.log(""),d.log(ae("Optimization",se(e,"optimization")));const t=ht(e.optimizations);if(t.total===0){d.log(J("No optimizations available"));return}t.native>0&&d.log(X(K(t.native,"replaceable with native APIs"))),t.preferred>0&&d.log(X(K(t.preferred,"with lighter alternatives"))),t.micro>0&&d.log(X(K(t.micro,"trivial micro-utilities"))),t.socket>0&&d.log(X(K(t.socket,"@socketregistry overrides available")))},ms=e=>{d.log(""),d.log(ae("Supply Chain",e.supplyChain.status));for(const t of e.supplyChain.findings){const i=t.severity==="ok"?J(t.label):t.severity==="error"?Ne(t.label):X(t.label);d.log(i),t.detail&&d.log(` ${v(N.arrow)} ${v(t.detail)}`)}e.supplyChain.status!=="ok"&&d.log(` ${v(N.arrow)} ${v("Configure with security.* in vis.config.ts. See `vis check --security-config` for details.")}`)},xs=e=>{if(e.sections.has("runtime")){d.log(""),d.log(ae("Runtime",se(e,"runtime")));for(const t of e.runtime)t.status==="ok"?d.log(J(t.message)):t.status==="skip"?d.log(pt(t.message)):d.log(X(t.message))}},ws=(e,t)=>{const i=e.vulnCount,l=e.runtime.filter(o=>o.status==="warn").length,n=e.outdated.length+e.duplicates.length+e.optimizations.length+l;if(t){if(i===0&&n===0)d.success(`Everything looks good! ${v(`(${H(e.elapsedMs)})`)}`);else{const o=[];i>0&&o.push(ve(`${String(i)} security`)),n>0&&o.push(Re(`${String(n)} improvement${n===1?"":"s"}`)),d.log(`${ve(N.failure)} ${o.join(", ")} ${v(`(${H(e.elapsedMs)})`)}`)}return}d.log(""),d.log(ae("Summary","ok")),i===0&&n===0?d.success(`Everything looks good! ${v(`(${H(e.elapsedMs)})`)}`):(i>0&&d.error(`${String(i)} security issue${i===1?"":"s"}`),n>0&&d.log(` ${ke(N.arrow)} ${le(String(n))} ${v(`improvement${n===1?"":"s"} available`)} ${v(`(${H(e.elapsedMs)})`)}`))},ys=e=>{const t=[];if(e.outdated.length>0&&t.push("vis update — update outdated dependencies"),(e.vulnCount>0||e.socketIssues.alerts>0)&&t.push("vis audit — detailed security analysis"),e.optimizations.length>0&&t.push("vis optimize — apply optimizations interactively"),e.duplicates.length>0&&t.push("vis dedupe — reduce duplicate versions"),t.length>0){d.log(""),d.log(le("Next steps:"));for(const i of t)d.log(` ${v(N.arrow)} ${i}`)}d.log("")},ks=(e,t)=>{t||(ps(e),gs(e),fs(e),xs(e),ms(e)),ws(e,t)},vs=(e,t,i,l,n)=>{const o=[],c=e.has("dependencies"),h=e.has("security"),a=e.has("optimization");return(c||h)&&t>0&&o.push({id:"outdated",label:"Outdated catalog dependencies"}),h&&l>0&&o.push({id:"vulnerabilities",label:"Known vulnerabilities (OSV)"}),h&&i&&l>0&&o.push({id:"socket",label:"Socket.dev supply-chain reports"}),a&&n&&o.push({id:"codemods",label:"Codemod availability"}),o},bs=e=>{if(d.log(""),d.log(`${le(ke("vis doctor"))} ${v("— project health check")}`),d.log(J(`Detected ${e.packageManagerName} v${e.packageManagerVersion}`)),e.runtimeFindings.length===0)d.log(J(`Node.js ${e.nodeVersion}`));else{for(const t of e.runtimeFindings){const i=t.severity==="error"?ve:Re;d.log(Ne(`Runtime: ${i(t.message)}`))}d.log(` ${v(N.arrow)} Run ${fe("vis toolchain install")} to install pinned versions, or ${fe("vis toolchain status")} for the per-tool breakdown.`)}d.log("")},Hs=async({fs:e,logger:t,options:i,visConfig:l,visConfigError:n,workspaceRoot:o})=>{if(!o)throw new Error("Could not determine workspace root.");const c=i.format==="json"||i.json===!0,h=es(i.only,i.skip),a=!!i.quiet,p=i.progress===!1,w=Qi(i.filter);if(h.size===0){d.error("No sections selected. Check your --only / --skip values."),process.exitCode=2;return}const j=Date.now(),k=it(o),D=Wt(o),$=!!process.stdout.isTTY,f=!c&&$&&!Ot&&!a&&!p;!c&&!f&&bs({nodeVersion:process.versions.node,packageManagerName:k.name,packageManagerVersion:k.version,runtimeFindings:D});const T=Ke(o,qe(o).packageManager),M=Xt(o,k.name),F=M.length,E=Je(l?.security).length>0,R=l?.security?.policies?.score?.minimum??Qe,P=tt(o);if(!c&&!a&&!f){const z=P.length>0?v(` · ${String(P.length)} workspace package${P.length===1?"":"s"}`):"";d.log(`${v("·")} ${v("Found")} ${le(String(F))} ${v(`installed package${F===1?"":"s"}`)}${z}`)}const Y=n?{hint:n.file?`Continuing with default settings — fix or regenerate ${n.file} (vis init --force).`:"Continuing with default settings.",message:n.message,severity:"error",title:n.file?`Failed to load ${n.file}`:"Failed to load vis.config"}:void 0,Z=Kt(o,k.name)?.file,ee=Z?q(o,Z):void 0,W=Bt(o),B=i.cache!==!1&&!i.fix?ni({configPath:W,lockfilePath:ee,sections:h,socketEnabled:E,workspaceRoot:o}):void 0,L=B?oi(B):void 0,b=L!==void 0;let S,_;if(f){const z=L?new _e({activeSections:h,findings:dt(lt(L),w)}):new _e({activeSections:h}),U=At(It.createElement(Xi,{banner:Y,fromCache:b,startedAt:j,store:z}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0});try{S=L??await Ye({filterPatterns:w,installed:M,resolveCodemods:!!i.fix,sections:h,store:z,visConfig:l,workspaceRoot:o})}catch(te){throw U.unmount(),te}await U.waitUntilExit(),_=z.getSnapshot().pendingAction}else if(L)S=L;else{const z=vs(h,T.size,E,F,!!i.fix),U=qt(z,{live:!c&&!a&&!p});try{S=await Ye({filterPatterns:w,installed:M,progress:U,resolveCodemods:!!i.fix,sections:h,visConfig:l,workspaceRoot:o})}finally{U.stop()}}const V={...S,elapsedMs:Date.now()-j};if(B&&!b)try{li(B,V)}catch{}const G=Zi(V,w,R);if(c){process.stdout.write(`${JSON.stringify(ts(G,k.name),void 0,2)}
|
|
4
|
-
`),i.exitCode&&Ue(G,!!i.strict)&&(process.exitCode=1);return}b&&!a&&d.log(`${v("·")} Cached results (use --no-cache to refresh)`),
|
|
1
|
+
import{createRequire as mt}from"node:module";import{E as v,j as le,q as ke,I as fe,V as ve,s as Re}from"../packem_shared/index.server-J83sowC4.js";import{a5 as yt,T as wt,_ as kt,U as vt,Q as bt,y as jt,V as $t,W as Pe,p as d,P as qe,S as N}from"./cli-main.js";import{m as q,f as be,a as St,v as Ct,A as Rt,B as Xe}from"../packem_shared/index-CE6MsgcV.js";import{E as At}from"../packem_shared/public-api-WqUCiyIe.js";import{m as s,n as u,i as r,r as O,R as Ke,c as Je,$ as Tt,d as It,g as Nt,V as Mt,N as Et,f as Dt}from"./catalog.js";import{g as Ft,B as ze,h as Qe}from"../packem_shared/env-Ct3hMEYB.js";import{I as Ot}from"../packem_shared/index-B0EsgdzO.js";import{a as et}from"../packem_shared/readJsonSync-CvkZyKmL-ihoybKvs.js";import{findVisConfigFile as Bt}from"./CONFIG_FILES.js";import{A as tt,x as Be,N as Lt,F as _t,T as Vt,a as Gt,I as Ut,U as Ht}from"./handler66.js";import{A as it,y as Yt}from"../packem_shared/pm-runner-CQcraCcu.js";import{c as Wt}from"../packem_shared/runtime-check-BXehSP06.js";import{s as qt}from"../packem_shared/scan-progress-YRpDs90j.js";import{l as Xt,r as Kt,f as Jt}from"../packem_shared/dependency-scan-DpOFiZuI.js";import{o as st}from"../packem_shared/spinner-DuJJvFTl.js";import{F as Qt,a as Zt}from"../packem_shared/tabs-CgxCvjCY.js";import{u as ei}from"../packem_shared/use-measured-height-DHi0xOPO.js";import{u as ti}from"./ts-loader.js";import{s as ii}from"../packem_shared/verify-DStfg3nb.js";const xt=mt(import.meta.url),ye=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,We=e=>{if(typeof ye<"u"&&ye.versions&&ye.versions.node){const[t,i]=ye.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ye.getBuiltinModule(e)}return xt(e)},{spawnSync:Ae}=We("node:child_process"),{rmSync:Oe,writeFileSync:Pt,statSync:zt,readFileSync:Ze}=We("node:fs"),Ie=()=>q(Ft(),"doctor"),si=1800*1e3,Le=e=>{if(!e)return"";try{return String(zt(e).mtimeMs)}catch{return""}},ri=2,ni=e=>{const t=JSON.stringify({configMtime:Le(e.configPath),lockfileMtime:Le(e.lockfilePath),schema:ri,sections:[...e.sections].toSorted(),socketEnabled:e.socketEnabled,workspaceRoot:e.workspaceRoot});return yt(Buffer.from(t))},oi=e=>{const t=q(Ie(),`${e}.json`);if(be(t))try{const i=et(t);if(Date.now()-i.createdAt>i.ttlMs){Oe(t,{force:!0});return}return{...i.results,sections:new Set(i.results.sections)}}catch{Oe(t,{force:!0});return}},li=(e,t,i=si)=>{St(Ie());const l={createdAt:Date.now(),results:{...t,sections:[...t.sections]},ttlMs:i};Pt(q(Ie(),`${e}.json`),JSON.stringify(l,void 0,2),"utf8")},$e="orphans",ai=()=>{if(process.platform!=="linux")return{id:"inotify",message:"inotify capacity check skipped (not Linux).",status:"skip"};let e;try{const t=Ze("/proc/sys/fs/inotify/max_user_watches","utf8").trim(),i=Number.parseInt(t,10);Number.isFinite(i)&&i>0&&(e=i)}catch{return{id:"inotify",message:"Could not read /proc/sys/fs/inotify/max_user_watches.",status:"warn"}}return e===void 0?{id:"inotify",message:"inotify max_user_watches reported a non-numeric value.",status:"warn"}:e<65536?{detail:{maxWatches:e},id:"inotify",message:`inotify watcher limit is ${String(e)} — large monorepos can exhaust this. Bump now with \`sudo sysctl fs.inotify.max_user_watches=524288\` and persist via \`/etc/sysctl.d/99-vis.conf\` so it survives reboot.`,status:"warn"}:{detail:{maxWatches:e},id:"inotify",message:`inotify capacity OK (${String(e)} watches).`,status:"ok"}},ci=()=>{const e=!!process.stdin.isTTY,t=!!process.stdout.isTTY;return e&&t?{id:"tty",message:"Interactive TTY available — watch keybinds enabled.",status:"ok"}:!e&&!t?{id:"tty",message:"No TTY on stdin/stdout — running in CI / piped mode (keybinds disabled).",status:"skip"}:{detail:{stdin:String(e),stdout:String(t)},id:"tty",message:e?"stdin is a TTY but stdout is not — output is being captured; keybinds still work.":"stdout is a TTY but stdin is not — keybinds disabled (input is piped).",status:"skip"}},di=()=>{const e=process.pid;try{return process.platform==="win32"?ot(e):nt(e)}catch{return[]}},ui=()=>{const e=process.pid;let t;try{t=process.platform==="win32"?ot(e):nt(e)}catch{return{id:$e,message:"Could not enumerate processes (ps/tasklist failed).",status:"warn"}}if(t.length===0)return{id:$e,message:"No orphaned vis/task-runner processes detected.",status:"ok"};if(t.length<=2)return{detail:{count:t.length,pids:t.join(",")},id:$e,message:`${String(t.length)} possibly orphaned process(es) detected (PIDs: ${t.join(", ")}). Likely benign.`,status:"skip"};const i=process.platform==="win32"?t.map(l=>`taskkill /F /PID ${String(l)}`).join(" & "):`kill ${t.join(" ")}`;return{detail:{count:t.length,pids:t.join(",")},id:"orphans",message:`${String(t.length)} possibly orphaned vis/task-runner processes — run \`vis doctor --fix\` to clean them up, or kill them manually: ${i}`,status:"warn"}},hi=(e={})=>{const t=e.enumerate??di,i=e.force===!0?"SIGKILL":"SIGTERM",l=e.kill??xi,n=t(),o=[],c=[];for(const h of n)try{l(h,i),o.push(h)}catch(a){const p=a.code??a.message;if(p==="ESRCH"){o.push(h);continue}c.push({pid:h,reason:p})}return{failed:c,killed:o}},pi=e=>Ae("taskkill",e,{encoding:"utf8",timeout:1e4}),gi=(e,t)=>{process.kill(e,t)},fi=(e,t,i=pi)=>{const l=t==="SIGKILL"?["/F","/PID",String(e)]:["/PID",String(e)],n=i(l);if(n.error)throw n.error;if(typeof n.status=="number"&&n.status!==0){const o=n.status===128?"ESRCH":`taskkill exited with code ${String(n.status)}`,c=new Error(o);throw c.code=o,c}},mi=(e,t,i=gi)=>{i(e,t)},xi=(e,t)=>{if(process.platform==="win32"){fi(e,t);return}mi(e,t)},rt=(e,t)=>{const i=Ae(e,t,{encoding:"utf8",timeout:1e4});if(i.error)throw i.error;if(typeof i.status=="number"&&i.status!==0)throw new Error(`${e} exited with code ${String(i.status)}`);return typeof i.stdout=="string"?i.stdout:""},nt=e=>{const t=rt("ps",["-Ao","pid=,command="]),i=[];for(const l of t.split(`
|
|
2
|
+
`)){if(l.length===0)continue;const n=/^\s*(\d+)\s+(.+)$/.exec(l);if(!n)continue;const o=Number.parseInt(n[1]??"",10),c=(n[2]??"").toLowerCase();!Number.isFinite(o)||o===e||(/(?:^|[ /])vis-native(?:\s|$|[-.])/.test(c)||/(?:^|[ /])vis\s+run\b/.test(c)||/(?:^|[ /])task-runner(?:\s|$|[-.])/.test(c))&&i.push(o)}return i},ot=e=>{const t=rt("tasklist",["/FO","CSV","/NH"]),i=[];for(const l of t.split(/\r?\n/)){if(l.length===0)continue;const n=l.split(/","/).map(h=>h.replaceAll(/^"|"$/g,"")),o=(n[0]??"").toLowerCase(),c=Number.parseInt(n[1]??"",10);!Number.isFinite(c)||c===e||(o==="vis.exe"||o.startsWith("vis-native")||o.includes("task-runner"))&&i.push(c)}return i},yi=()=>{let e;try{const t=Ae("watchman",["--version"],{encoding:"utf8",timeout:2e3});if(t.error||typeof t.status=="number"&&t.status!==0)throw t.error??new Error("watchman exited non-zero");e=typeof t.stdout=="string"?t.stdout.trim():void 0}catch{return{id:"watchman",message:"Watchman not found — `vis` uses native fs.watch (fine for small repos). Install Watchman + `fb-watchman` to scale watch mode on large monorepos.",status:"skip"}}return{detail:e?{version:e}:void 0,id:"watchman",message:e?`Watchman available (${e}) — scalable watch backend in use.`:"Watchman available — scalable watch backend in use.",status:"ok"}},wi=(e=process.cwd())=>{let t="";try{t=Ze(q(e,".gitattributes"),"utf8")}catch(i){if(i.code!=="ENOENT")return{id:"git-lfs",message:"Could not read .gitattributes.",status:"warn"}}if(!t.includes("filter=lfs"))return{id:"git-lfs",message:"No Git LFS tracking declared in .gitattributes.",status:"skip"};try{const i=Ae("git",["lfs","version"],{encoding:"utf8",timeout:2e3});if(i.error||typeof i.status=="number"&&i.status!==0)throw i.error??new Error("git-lfs not available")}catch{return{id:"git-lfs",message:"Repo tracks files via Git LFS but `git-lfs` is not installed — checked-out LFS files are pointer stubs, not real content. Install git-lfs and run `git lfs pull`.",status:"warn"}}return{id:"git-lfs",message:"Git LFS tracking declared and `git-lfs` is installed.",status:"ok"}},ki=e=>[ai(),ci(),yi(),wi(e),ui()],ge=[{id:"dependencies",label:"Deps"},{id:"security",label:"Security"},{id:"optimization",label:"Optimize"},{id:"runtime",label:"Runtime"}],Ce=["dependencies","security","optimization","runtime"],he=e=>{const t=new Map;for(const i of Ce)t.set(i,[]);for(const i of e)t.get(i.section).push(i);for(const[i,l]of t)l.length===0&&t.delete(i);return t},pe=(e,t,i,l)=>{let n=e.filter(o=>o.section===t);if(l&&(n=n.filter(o=>o.severity===l)),i){const o=i.toLowerCase();n=n.filter(c=>c.title.toLowerCase().includes(o))}return[...n]},vi=e=>{const t={dependencies:"idle",optimization:"idle",runtime:"idle",security:"idle"};for(const i of Ce)e.has(i)&&(t[i]="idle");return t};class _e{#e;#i=new Set;constructor(t=[]){const i=Array.isArray(t)?{findings:t}:t,l=i.findings??[],n=i.activeSections??new Set(Ce),o=Ce.find(a=>n.has(a))??"dependencies",c=pe(l,o,"",void 0),h=vi(n);if(l.length>0)for(const a of l)h[a.section]="done";this.#e={all:l,entries:c,filterActive:!1,filterText:"",filterType:o,focusedPanel:"list",grouped:he(c),pendingAction:void 0,sectionError:{},sectionMessage:{},sectionStatus:h,selectedIndex:0,severityFilter:void 0}}getSnapshot=()=>this.#e;subscribe=t=>(this.#i.add(t),()=>{this.#i.delete(t)});setSelectedIndex(t){const i=Math.max(0,Math.min(t,this.#e.entries.length-1));i!==this.#e.selectedIndex&&this.#t({...this.#e,selectedIndex:i})}setFocusedPanel(t){t!==this.#e.focusedPanel&&this.#t({...this.#e,focusedPanel:t})}setFilterType(t){if(t===this.#e.filterType)return;const i=pe(this.#e.all,t,this.#e.filterText,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterType:t,grouped:he(i),selectedIndex:0})}setFilter(t){const i=pe(this.#e.all,this.#e.filterType,t,this.#e.severityFilter);this.#t({...this.#e,entries:i,filterText:t,grouped:he(i),selectedIndex:0})}setFilterActive(t){if(t===this.#e.filterActive)return;if(t){this.#t({...this.#e,filterActive:!0});return}const i=pe(this.#e.all,this.#e.filterType,"",this.#e.severityFilter);this.#t({...this.#e,entries:i,filterActive:!1,filterText:"",grouped:he(i),selectedIndex:0})}setPendingAction(t){this.#t({...this.#e,pendingAction:t})}setSeverityFilter(t){if(t===this.#e.severityFilter)return;const i=pe(this.#e.all,this.#e.filterType,this.#e.filterText,t);this.#t({...this.#e,entries:i,grouped:he(i),selectedIndex:0,severityFilter:t})}startSection(t,i){this.#t({...this.#e,sectionMessage:{...this.#e.sectionMessage,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"running"}})}completeSection(t,i){const l=[...this.#e.all,...i],n=pe(l,this.#e.filterType,this.#e.filterText,this.#e.severityFilter),o={...this.#e.sectionMessage};delete o[t],this.#t({...this.#e,all:l,entries:n,grouped:he(n),sectionMessage:o,sectionStatus:{...this.#e.sectionStatus,[t]:"done"}})}failSection(t,i){this.#t({...this.#e,sectionError:{...this.#e.sectionError,[t]:i},sectionStatus:{...this.#e.sectionStatus,[t]:"error"}})}#t(t){this.#e=t;for(const i of this.#i)try{i()}catch{}}}const Ve={error:0,warn:1},bi=e=>!!e.acceptedRisk,lt=e=>{const t=[];if(e.sections.has("dependencies")){for(const i of e.outdated)t.push({entry:i,id:`outdated:${i.packageName}`,kind:"outdated",section:"dependencies",severity:"warn",subtitle:`${i.currentRange} → ${i.newRange} (${i.updateType})`,title:i.packageName});for(const i of e.duplicates)t.push({id:`duplicate:${i.name}`,kind:"duplicate",pkg:i,section:"dependencies",severity:"warn",subtitle:`${String(i.versions.length)} versions installed`,title:i.name})}if(e.sections.has("security"))for(const i of e.outdated){if(i.vulnerabilities&&i.vulnerabilities.length>0){const l=i.vulnerabilities[0],n=bi(i)?"warn":"error",o=i.vulnerabilities.length;t.push({entry:i,id:`vuln:${i.packageName}`,kind:"vulnerability",packageName:i.packageName,section:"security",severity:n,subtitle:o===1?`${l.severity} · ${l.id}`:`${String(o)} advisories · top: ${l.severity} ${l.id}`,title:i.packageName})}if(i.socketReport&&i.socketReport.alerts.length>0){const l=Math.round(i.socketReport.score.overall*100);t.push({entry:i,id:`socket:${i.packageName}`,kind:"socket",packageName:i.packageName,section:"security",severity:"warn",subtitle:`${String(i.socketReport.alerts.length)} alert${i.socketReport.alerts.length===1?"":"s"} · score ${String(l)}%`,title:i.packageName})}}if(e.sections.has("optimization"))for(const i of e.optimizations)t.push({entry:i,id:`opt:${i.packageName}`,kind:"optimization",section:"optimization",severity:"warn",subtitle:`${i.category} → ${i.replacement}`,title:i.packageName});if(e.sections.has("runtime"))for(const i of e.runtime)i.status==="warn"&&t.push({diagnostic:i,id:`runtime:${i.id}`,kind:"runtime",section:"runtime",severity:"warn",title:i.message});return t.sort((i,l)=>{if(i.section!==l.section){const n=["dependencies","security","optimization","runtime"];return n.indexOf(i.section)-n.indexOf(l.section)}return Ve[i.severity]-Ve[l.severity]}),t},at={dependencies:"Dependencies",optimization:"Optimization",runtime:"Runtime",security:"Security"},ji={error:"red",warn:"yellow"},$i={error:"✖",warn:"⚠"},Si={error:" ERROR ",warn:" WARN "},Ci=({children:e,hint:t,message:i,severity:l,title:n})=>{const o=ji[l];return s.jsxs(u,{borderColor:o,borderStyle:"single",flexDirection:"column",flexShrink:0,paddingX:1,children:[s.jsxs(u,{gap:1,children:[s.jsx(r,{backgroundColor:o,bold:!0,color:"black",children:Si[l]}),s.jsx(r,{bold:!0,color:o,children:$i[l]}),s.jsx(r,{bold:!0,wrap:"truncate-end",children:n})]}),s.jsx(r,{wrap:"truncate-end",children:i}),t?s.jsx(r,{dimColor:!0,wrap:"truncate-end",children:t}):null,e]})},Ri={CRITICAL:"red",HIGH:"red",LOW:"gray",MODERATE:"yellow",UNKNOWN:"gray"},Ai={critical:"red",high:"red",low:"gray",medium:"yellow"},Ti={major:"red",minor:"yellow",patch:"green"},C=({children:e,label:t,width:i=14})=>s.jsxs(u,{children:[s.jsx(u,{width:i,children:s.jsxs(r,{dimColor:!0,children:[t,":"]})}),typeof e=="string"?s.jsx(r,{children:e}):e]}),re=({children:e})=>s.jsx(u,{marginTop:1,children:s.jsx(r,{bold:!0,color:"white",children:e})}),Ii=({finding:e})=>{const{entry:t}=e,i=Ti[t.updateType]??"white";return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Current",children:t.currentRange}),s.jsxs(C,{label:"Target",children:[s.jsx(r,{children:t.newRange}),s.jsxs(r,{bold:!0,color:i,children:[" (",t.updateType,")"]})]}),s.jsx(C,{label:"Catalog",children:t.catalogName}),t.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:t.acceptedRisk.reason??"(no reason recorded)"})}):null,s.jsx(re,{children:"Action"}),s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis update"})," ","to apply this change."]})]})},Ni=({finding:e})=>s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Versions",children:s.jsx(r,{children:String(e.pkg.versions.length)})}),s.jsx(re,{children:"Installed versions"}),e.pkg.versions.map(t=>s.jsxs(r,{children:[" · ",t]},t)),s.jsx(re,{children:"Action"}),s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis dedupe"})," ","to consolidate to a single resolution."]})]}),Mi=({finding:e})=>{const t=e.entry.vulnerabilities??[];return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:e.packageName}),s.jsx(C,{label:"Current",children:e.entry.currentRange}),s.jsx(C,{label:"Advisories",children:String(t.length)}),e.entry.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,t.map(i=>{const l=Ri[i.severity]??"gray";return s.jsxs(u,{flexDirection:"column",marginTop:1,children:[s.jsxs(u,{children:[s.jsx(r,{bold:!0,color:l,children:i.severity}),s.jsx(r,{children:" "}),s.jsx(r,{children:i.id}),typeof i.cvssScore=="number"?s.jsxs(r,{dimColor:!0,children:[" · CVSS ",i.cvssScore.toFixed(1)]}):null]}),s.jsx(r,{wrap:"wrap",children:i.summary}),i.fixedVersions.length>0?s.jsxs(r,{dimColor:!0,children:["Fixed in: ",i.fixedVersions.join(", ")]}):null,i.aliases&&i.aliases.length>0?s.jsxs(r,{dimColor:!0,children:["Aliases: ",i.aliases.join(", ")]}):null]},i.id)})]})},Ei=({finding:e})=>{const t=e.entry.socketReport;if(!t)return s.jsx(r,{dimColor:!0,children:"No Socket report attached."});const i=Math.round(t.score.overall*100),l=ze(t.score.overall);return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:e.packageName}),s.jsx(C,{label:"Overall",children:s.jsxs(r,{color:l,children:[String(i),"%"]})}),s.jsx(C,{label:"Alerts",children:String(t.alerts.length)}),e.entry.acceptedRisk?s.jsx(C,{label:"Risk ack",children:s.jsx(r,{dimColor:!0,children:e.entry.acceptedRisk.reason??"(no reason recorded)"})}):null,s.jsx(re,{children:"Score breakdown"}),Object.entries(t.score).map(([n,o])=>{if(n==="overall")return null;const c=typeof o=="number"?o:0,h=Math.round(c*100),a=ze(c);return s.jsxs(u,{children:[s.jsx(u,{width:14,children:s.jsxs(r,{dimColor:!0,children:[n,":"]})}),s.jsxs(r,{color:a,children:[String(h),"%"]})]},n)}),s.jsx(re,{children:"Alerts"}),t.alerts.map((n,o)=>{const c=Ai[n.severity]??"gray";return s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{children:[s.jsx(r,{bold:!0,color:c,children:n.severity}),s.jsx(r,{children:" "}),s.jsx(r,{children:n.type})]}),n.props?s.jsx(r,{dimColor:!0,wrap:"wrap",children:JSON.stringify(n.props)}):null]},`${n.type}-${String(o)}`)})]})},Di=({finding:e})=>{const{entry:t}=e;return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Package",children:t.packageName}),s.jsx(C,{label:"Category",children:t.category}),s.jsx(C,{label:"Replacement",children:t.replacement}),t.overrideSpec?s.jsx(C,{label:"Override",children:t.overrideSpec}):null,s.jsx(C,{label:"Codemod",children:s.jsx(r,{color:t.hasCodemod?"green":"gray",children:t.hasCodemod?"available":"not available"})}),t.docUrl?s.jsx(C,{label:"Guide",children:s.jsx(r,{color:"cyan",underline:!0,children:t.docUrl})}):null,s.jsx(re,{children:"Action"}),t.hasCodemod?s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis optimize"})," ","to apply the codemod interactively."]}):t.overrideSpec?s.jsxs(r,{dimColor:!0,children:["Run"," ",s.jsx(r,{bold:!0,color:"white",children:"vis optimize"})," ","to install the package override."]}):t.docUrl?s.jsx(r,{dimColor:!0,children:"No automated codemod. Open the migration guide above for the recommended alternative and steps."}):s.jsx(r,{dimColor:!0,children:"No automated codemod. Consult the package's docs or the e18e module-replacements guide for an alternative."})]})},Fi=({finding:e})=>{const{diagnostic:t}=e,i=t.status==="warn"?"yellow":t.status==="ok"?"green":"gray";return s.jsxs(u,{flexDirection:"column",children:[s.jsx(C,{label:"Check",children:t.id}),s.jsx(C,{label:"Status",children:s.jsx(r,{color:i,children:t.status})}),s.jsx(re,{children:"Message"}),s.jsx(r,{wrap:"wrap",children:t.message}),t.detail&&Object.keys(t.detail).length>0?s.jsxs(s.Fragment,{children:[s.jsx(re,{children:"Details"}),Object.entries(t.detail).map(([l,n])=>s.jsxs(u,{children:[s.jsx(u,{width:20,children:s.jsxs(r,{dimColor:!0,children:[l,":"]})}),s.jsx(r,{children:String(n)})]},l))]}):null]})},Pi=({finding:e,focused:t,scrollRef:i})=>{const l=t?"white":"gray";if(!e)return s.jsx(u,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:s.jsx(r,{dimColor:!0,children:"No finding selected"})});let n;switch(e.kind){case"duplicate":{n=s.jsx(Ni,{finding:e});break}case"optimization":{n=s.jsx(Di,{finding:e});break}case"outdated":{n=s.jsx(Ii,{finding:e});break}case"runtime":{n=s.jsx(Fi,{finding:e});break}case"socket":{n=s.jsx(Ei,{finding:e});break}case"vulnerability":{n=s.jsx(Mi,{finding:e});break}default:{n=s.jsx(r,{dimColor:!0,children:"Unknown finding kind."});break}}return s.jsxs(u,{borderColor:l,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[s.jsxs(u,{flexShrink:0,paddingTop:1,paddingX:2,children:[s.jsx(r,{bold:!0,color:"white",children:e.title}),s.jsxs(r,{dimColor:!0,children:[" ",at[e.section]]})]}),s.jsxs(wt,{flexGrow:1,flexShrink:1,paddingX:2,ref:i,scrollbar:!0,scrollbarColor:"gray",scrollbarStyle:"block",children:[s.jsx(r,{}),n]})]})},ct={error:"red",warn:"yellow"},zi={error:"✖",warn:"⚠"},Oi=e=>e.kind==="outdated"||e.kind==="vulnerability"||e.kind==="socket"?!!e.entry.acceptedRisk:!1,Bi=({finding:e,isSelected:t})=>{const i=ct[e.severity],l=Oi(e);return s.jsxs(u,{flexShrink:0,height:1,children:[s.jsx(r,{children:t?">":" "}),s.jsxs(r,{color:i,children:[" ",zi[e.severity]," "]}),s.jsx(u,{flexGrow:1,children:s.jsx(r,{bold:t,inverse:t,wrap:"truncate",children:e.title})}),l?s.jsx(r,{color:"cyan",children:" ack"}):null,e.subtitle?s.jsxs(r,{dimColor:!0,wrap:"truncate",children:[" ",e.subtitle]}):null]})},Li=({count:e,section:t})=>s.jsxs(u,{flexShrink:0,height:1,marginTop:1,children:[s.jsx(r,{dimColor:!0,children:"▼ "}),s.jsx(r,{bold:!0,color:"white",children:at[t].toUpperCase()}),s.jsxs(r,{dimColor:!0,children:[" (",e,")"]})]}),_i=({count:e,label:t,status:i})=>s.jsxs(r,{children:[t,i==="running"?s.jsxs(r,{children:[" ",s.jsx(st,{type:"dots"})]}):null,i==="error"?s.jsx(r,{bold:!0,color:"red",children:" ✖"}):s.jsxs(r,{dimColor:!0,children:[" (",String(e),")"]})]}),Vi=({elapsedMs:e,entries:t,filterActive:i,filterText:l,filterType:n,focused:o,fromCache:c=!1,grouped:h,onViewportHeightChange:a,scrollOffset:p,sectionCounts:y,sectionMessage:j,sectionStatus:k,selectedIndex:D,severityFilter:$,totalAll:f,viewportHeight:A})=>{const M=o?"white":"gray",{measuredHeight:F,ref:E}=ei(A,a);let R=0,P=0;for(const b of t)b.severity==="error"?R+=1:b.severity==="warn"&&(P+=1);const Y=[];R>0&&Y.push(`${String(R)} error${R===1?"":"s"}`),P>0&&Y.push(`${String(P)} warn${P===1?"":"s"}`);const Z=Y.length>0?` (${Y.join(", ")})`:"",ee=(e/1e3).toFixed(1),W=[];for(const[b,S]of h){W.push(s.jsx(Li,{count:S.length,section:b},`hdr-${b}`));for(const _ of S){const V=t.indexOf(_);W.push(s.jsx(Bi,{finding:_,isSelected:V===D},_.id))}}let B=0;for(const[,b]of h)B+=2+b.length;const L=B>F&&F>0;return s.jsxs(u,{borderColor:M,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[s.jsxs(u,{flexShrink:0,gap:1,paddingX:1,children:[s.jsx(r,{bold:!0,inverse:!0,children:" DOCTOR "}),s.jsxs(r,{wrap:"truncate",children:[t.length,t.length===f?"":`/${String(f)}`," finding",t.length===1?"":"s",Z]}),$?s.jsx(r,{bold:!0,color:ct[$],inverse:!0,children:` ${$.toUpperCase()} ONLY `}):null,c?s.jsx(r,{bold:!0,color:"cyan",inverse:!0,children:" CACHED "}):null,s.jsxs(r,{dimColor:!0,children:[" · ",ee,"s"]})]}),s.jsx(u,{flexShrink:0,paddingX:1,paddingY:1,children:s.jsx(Qt,{isFocused:o,keyMap:{next:[],previous:[],useNumbers:!1,useTab:!1},onChange:()=>{},showIndex:!1,value:n,children:ge.map(({id:b,label:S})=>s.jsx(Zt,{name:b,children:s.jsx(_i,{count:y[b],label:S,status:k[b]})},b))})}),(()=>{const b=Object.keys(k).filter(S=>k[S]==="running"&&j[S]).map(S=>j[S]);return b.length===0?null:s.jsx(u,{flexShrink:0,paddingX:1,children:s.jsxs(r,{dimColor:!0,wrap:"truncate",children:[s.jsx(st,{type:"dots"})," ",b.join(" · ")]})})})(),i&&s.jsxs(u,{flexShrink:0,paddingX:1,children:[s.jsx(r,{bold:!0,color:"white",children:"/ "}),s.jsx(r,{children:l}),s.jsx(r,{inverse:!0,children:" "})]}),s.jsxs(u,{flexDirection:"row",flexGrow:1,overflow:"hidden",ref:E,children:[s.jsx(u,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:s.jsx(u,{flexDirection:"column",marginTop:-p,children:W.length>0?W:s.jsx(u,{marginTop:1,children:s.jsx(r,{dimColor:!0,children:"No findings match the current filter."})})})}),L&&s.jsx(u,{flexShrink:0,marginLeft:1,marginRight:1,children:s.jsx(kt,{contentHeight:B,placement:"inset",scrollOffset:p,style:"block",viewportHeight:F})})]},`list-${n}-${l}`)]})},Gi=e=>{if(e.kind==="outdated")return{command:`vis update ${e.entry.packageName}`,description:`Update ${e.entry.packageName} to ${e.entry.newRange}`};if(e.kind==="duplicate")return{command:`vis dedupe ${e.pkg.name}`,description:`Dedupe ${e.pkg.name} (${String(e.pkg.versions.length)} versions)`}},Ui=e=>{if(e.kind==="optimization")return{command:`vis optimize ${e.entry.packageName}`,description:`Replace ${e.entry.packageName} with ${e.entry.replacement}`}},Hi=e=>{if(e.kind!=="outdated"&&e.kind!=="vulnerability"&&e.kind!=="socket")return;const t=e.kind==="outdated"?e.entry.packageName:e.packageName,i=["// Add to vis.config.ts:","security: {"," acceptedRisks: {",` "${t}": {`,' reason: "explain why this risk is acceptable",',' expiresAt: "YYYY-MM-DD",'," },"," },","},"].join(`
|
|
3
|
+
`);return{command:i,configSnippet:i,description:`Acknowledge risk for ${t}`}},Yi=100,Wi=40,qi=10,Xi=({autoExitSeconds:e=0,banner:t,fromCache:i=!1,startedAt:l,store:n})=>{const{exit:o}=vt(),{columns:c,rows:h}=bt(),a=O.useSyncExternalStore(n.subscribe,n.getSnapshot),[p,y]=O.useState(!1),[j,k]=O.useState(!1),[D,$]=O.useState(0),[f,A]=O.useState(()=>Date.now());O.useEffect(()=>{const x=setInterval(()=>{A(Date.now())},1e3);return()=>{clearInterval(x)}},[]);const M=f-l,F=O.useRef(null),E=O.useRef(null),R=a.entries[a.selectedIndex]??null,P=O.useMemo(()=>{const x={dependencies:0,optimization:0,runtime:0,security:0};for(const m of a.all)x[m.section]+=1;return x},[a.all]),Y=t?t.hint?5:4:0,Z=O.useMemo(()=>{for(const x of Object.keys(a.sectionStatus))if(a.sectionStatus[x]==="running"&&a.sectionMessage[x])return 1;return 0},[a.sectionStatus,a.sectionMessage]),ee=c>=Yi,W=ee?Math.max(1,h-Y-2):Math.floor(h*.55),B=Math.max(1,W-6-Z-(a.filterActive?1:0)),[L,b]=O.useState(B),S=L>0?L:B,_=O.useMemo(()=>{let x=0;for(const[,m]of a.grouped)x+=2+m.length;return x},[a.grouped]),V=Math.max(0,_-S),G=Math.min(D,V),ne=O.useCallback(x=>{let m=0,w=0;for(const[,xe]of a.grouped){m+=2;for(let oe=0;oe<xe.length;oe++){if(w===x)return m;m+=1,w+=1}}return m},[a.grouped]),Q=O.useCallback(x=>{const m=ne(x);$(w=>m>w+S-2?Math.min(V,Math.max(0,m-S+2)):m<w+1?Math.max(0,m-1):w)},[ne,S,V]);if(O.useEffect(()=>{E.current?.scrollToTop()},[R?.id]),jt((x,m)=>{if(x==="c"&&m.ctrl){o();return}if(!j){if(p){m.escape||x==="?"?y(!1):x==="q"?(y(!1),k(!0)):m.downArrow||x==="j"?F.current?.scrollBy(1):(m.upArrow||x==="k")&&F.current?.scrollBy(-1);return}if(x==="?"){y(!0);return}if(x==="q"){k(!0);return}if(m.tab){n.setFocusedPanel(a.focusedPanel==="list"?"detail":"list");return}if(a.filterActive){if(m.escape||m.return){n.setFilterActive(!1);return}if(m.backspace){$(0),n.setFilter(a.filterText.slice(0,-1));return}x&&!m.ctrl&&!m.meta&&($(0),n.setFilter(a.filterText+x));return}if(a.focusedPanel==="list"&&(m.leftArrow||m.rightArrow)){const w=ge.findIndex(oe=>oe.id===a.filterType),xe=m.rightArrow?(w+1)%ge.length:(w-1+ge.length)%ge.length;$(0),E.current?.scrollToTop(),n.setFilterType(ge[xe].id);return}if(a.focusedPanel==="list"){if(m.downArrow||x==="j"){const w=Math.min(a.selectedIndex+1,a.entries.length-1);n.setSelectedIndex(w),Q(w);return}if(m.upArrow||x==="k"){const w=Math.max(a.selectedIndex-1,0);n.setSelectedIndex(w),Q(w);return}if(m.pageDown){const w=Math.min(a.selectedIndex+10,a.entries.length-1);n.setSelectedIndex(w),Q(w);return}if(m.pageUp){const w=Math.max(a.selectedIndex-10,0);n.setSelectedIndex(w),Q(w);return}if(m.home){n.setSelectedIndex(0),$(0);return}if(m.end){const w=a.entries.length-1;n.setSelectedIndex(w),Q(w);return}if(x==="/"){n.setFilterActive(!0);return}if(x==="e"){n.setSeverityFilter(a.severityFilter==="error"?void 0:"error"),$(0);return}if(x==="w"){n.setSeverityFilter(a.severityFilter==="warn"?void 0:"warn"),$(0);return}if(x==="u"&&R){const w=Gi(R);w&&(n.setPendingAction(w),o());return}if(x==="o"&&R){const w=Ui(R);w&&(n.setPendingAction(w),o());return}if(x==="a"&&R){const w=Hi(R);w&&(n.setPendingAction(w),o());return}if(x==="d"){n.setFocusedPanel("detail");return}return}if(m.escape||m.leftArrow){n.setFocusedPanel("list");return}if(m.downArrow||x==="j"){E.current?.scrollBy(1);return}if(m.upArrow||x==="k"){E.current?.scrollBy(-1);return}if(m.pageDown){E.current?.scrollBy(10);return}if(m.pageUp){E.current?.scrollBy(-10);return}if(m.home){E.current?.scrollToTop();return}m.end&&E.current?.scrollToBottom()}},{isActive:!0}),c<Wi||h<qi)return s.jsx(u,{alignItems:"center",height:h,justifyContent:"center",width:c,children:s.jsxs(r,{color:"yellow",children:["Terminal too small (",c,"x",h,")"]})});const z=a.focusedPanel==="detail",U=[s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"q"}),s.jsx(r,{dimColor:!0,children:"QUIT"})]},"q"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"?"}),s.jsx(r,{dimColor:!0,children:"HELP"})]},"?"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"↑↓"}),s.jsx(r,{dimColor:!0,children:z?"SCROLL":"NAV"})]},"nav"),z?s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"←/Esc"}),s.jsx(r,{dimColor:!0,children:"LIST"})]},"lr"):s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"←→"}),s.jsx(r,{dimColor:!0,children:"SECTION"})]},"lr"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"/"}),s.jsx(r,{dimColor:!0,children:"SEARCH"})]},"search"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"e/w"}),s.jsx(r,{dimColor:!0,children:"SEVERITY"})]},"sev"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"u/o/a"}),s.jsx(r,{dimColor:!0,children:"ACTION"})]},"actions"),s.jsxs(u,{gap:1,children:[s.jsx(r,{bold:!0,color:"white",children:"Tab"}),s.jsx(r,{dimColor:!0,children:"PANEL"})]},"tab")],te=s.jsx(u,{borderBottom:!1,borderColor:"gray",borderLeft:!1,borderRight:!1,borderStyle:"single",flexShrink:0,children:s.jsx(u,{gap:2,overflow:"hidden",paddingX:1,children:U})}),ce=s.jsxs($t,{footer:s.jsxs(r,{dimColor:!0,children:[s.jsx(r,{bold:!0,color:"white",children:"↑↓"})," scroll ",s.jsx(r,{bold:!0,color:"white",children:"?"}),"/",s.jsx(r,{bold:!0,color:"white",children:"Esc"})," close"]}),scrollRef:F,title:"DOCTOR — KEYBOARD SHORTCUTS",visible:p,width:56,children:[s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"NAVIGATION"})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" ↑/k "}),s.jsx(r,{dimColor:!0,children:"Move up"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" ↓/j "}),s.jsx(r,{dimColor:!0,children:"Move down"})]})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" PgUp"}),s.jsx(r,{dimColor:!0,children:" Jump up 10"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" PgDn"}),s.jsx(r,{dimColor:!0,children:" Jump down 10"})]})]}),s.jsxs(u,{children:[s.jsx(u,{width:26,children:s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Home"}),s.jsx(r,{dimColor:!0,children:" Jump to top"})]})}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" End"}),s.jsx(r,{dimColor:!0,children:" Jump to bottom"})]})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Tab"}),s.jsx(r,{dimColor:!0,children:" Switch panel"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" →/←"}),s.jsx(r,{dimColor:!0,children:" Section tabs (list) / Focus list (detail)"})]})]}),s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"FILTER"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" /"}),s.jsx(r,{dimColor:!0,children:" Open text filter (Esc/Enter to close)"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" e"}),s.jsx(r,{dimColor:!0,children:" Toggle errors-only filter"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" w"}),s.jsx(r,{dimColor:!0,children:" Toggle warns-only filter"})]})]}),s.jsxs(u,{flexDirection:"column",marginBottom:1,children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"ACTIONS"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" u"}),s.jsx(r,{dimColor:!0,children:" Exit + suggest update / dedupe command"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" o"}),s.jsx(r,{dimColor:!0,children:" Exit + suggest optimize command"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" a"}),s.jsx(r,{dimColor:!0,children:" Exit + print risk-ack snippet"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" d"}),s.jsx(r,{dimColor:!0,children:" Focus detail panel"})]})]}),s.jsxs(u,{flexDirection:"column",children:[s.jsxs(u,{marginBottom:1,children:[s.jsx(r,{dimColor:!0,children:"── "}),s.jsx(r,{bold:!0,color:"white",children:"EXIT"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" q"}),s.jsx(r,{dimColor:!0,children:" Quit (with countdown)"})]}),s.jsxs(r,{children:[s.jsx(r,{bold:!0,color:"white",children:" Ctrl+C"}),s.jsx(r,{dimColor:!0,children:" Quit immediately"})]})]})]}),de=s.jsx(Vi,{elapsedMs:M,entries:a.entries,filterActive:a.filterActive,filterText:a.filterText,filterType:a.filterType,focused:a.focusedPanel==="list",fromCache:i,grouped:a.grouped,onViewportHeightChange:b,scrollOffset:G,sectionCounts:P,sectionMessage:a.sectionMessage,sectionStatus:a.sectionStatus,selectedIndex:a.selectedIndex,severityFilter:a.severityFilter,totalAll:a.all.length,viewportHeight:S}),ue=t?s.jsx(Ci,{hint:t.hint,message:t.message,severity:t.severity,title:t.title}):null,me=s.jsx(Pi,{finding:R,focused:a.focusedPanel==="detail",scrollRef:E});if(ee){const x=Math.floor(c*.4);return s.jsxs(u,{flexDirection:"column",height:h,width:c,children:[ue,s.jsxs(u,{flexDirection:"row",flexGrow:1,children:[s.jsx(u,{flexGrow:1,children:de}),s.jsx(u,{width:x,children:me})]}),te,s.jsx(Pe,{autoExitSeconds:e||3,onCancel:()=>{k(!1)},visible:j}),ce]})}return s.jsxs(u,{flexDirection:"column",height:h,width:c,children:[ue,s.jsx(u,{height:W,children:de}),s.jsx(u,{flexGrow:1,children:me}),te,s.jsx(Pe,{autoExitSeconds:e||3,onCancel:()=>{k(!1)},visible:j}),ce]})},Ki=e=>e.replaceAll(/[$()+.?[\\\]^{|}]/g,String.raw`\$&`),Ji=e=>{const t=e.split("*").map(i=>Ki(i));return new RegExp(`^${t.join(".*")}$`,"i")},Qi=e=>e?e.split(",").map(t=>t.trim()).filter(t=>t.length>0).map(t=>Ji(t)):[],Se=(e,t)=>{for(const i of t)if(i.test(e))return!0;return!1},Zi=(e,t,i)=>{if(t.length===0)return e;const l=e.outdated.filter(p=>Se(p.packageName,t)),n=e.duplicates.filter(p=>Se(p.name,t)),o=e.optimizations.filter(p=>Se(p.packageName,t));let c=0,h=0,a=0;for(const p of l)p.vulnerabilities&&(c+=p.vulnerabilities.length),p.socketReport&&(h+=p.socketReport.alerts.length,p.socketReport.score.overall<i&&(a+=1));return{...e,duplicates:n,optimizations:o,outdated:l,socketIssues:{alerts:h,lowScore:a},vulnCount:c}},dt=(e,t)=>t.length===0?[...e]:e.filter(i=>{if(i.kind==="runtime")return!0;const l=i.kind==="duplicate"?i.pkg.name:i.kind==="outdated"||i.kind==="optimization"?i.entry.packageName:i.packageName;return Se(l,t)}),ut=["dependencies","security","optimization","runtime"],Ge=e=>{const t=new Set;if(!e)return t;for(const i of e.split(",")){const l=i.trim().toLowerCase();ut.includes(l)&&t.add(l)}return t},es=(e,t)=>{if(e!==void 0&&e!=="")return Ge(e);const i=Ge(t);return new Set(ut.filter(l=>!i.has(l)))},ht=e=>{const t={micro:0,native:0,preferred:0,socket:0,total:e.length};for(const i of e)switch(i.category){case"micro-utility":{t.micro+=1;break}case"native":{t.native+=1;break}case"preferred":{t.preferred+=1;break}case"socket":{t.socket+=1;break}}return t},se=(e,t)=>{if(!e.sections.has(t))return"skip";switch(t){case"dependencies":return e.outdated.length>0||e.duplicates.length>0?"warn":"ok";case"optimization":return e.optimizations.length>0?"warn":"ok";case"runtime":return e.runtime.some(i=>i.status==="warn")?"warn":"ok";case"security":return e.vulnCount>0||e.socketIssues.alerts>0?"error":e.socketIssues.lowScore>0?"warn":"ok";default:return"ok"}},ts=(e,t)=>{const i=ht(e.optimizations),l={dependencies:se(e,"dependencies"),optimization:se(e,"optimization"),runtime:se(e,"runtime"),security:se(e,"security")},n=new Set([...Object.values(l),e.supplyChain.status]),o=n.has("error")?"error":n.has("warn")?"warn":"ok";return{dependencies:{duplicates:e.duplicates.length,installed:e.installedCount,outdated:e.outdated.length,status:l.dependencies},elapsedMs:e.elapsedMs,optimizations:{microUtilities:i.micro,native:i.native,preferred:i.preferred,socket:i.socket,status:l.optimization,total:i.total},packageManager:t,runtime:e.runtime.map(c=>({detail:c.detail,id:c.id,message:c.message,status:c.status})),runtimeStatus:l.runtime,security:{alerts:e.socketIssues.alerts,lowScorePackages:e.socketIssues.lowScore,status:l.security,vulnerabilities:e.vulnCount},status:o,supplyChain:{findings:e.supplyChain.findings.map(c=>({detail:c.detail,label:c.label,severity:c.severity})),status:e.supplyChain.status},workspaces:e.workspaceCount}},Ue=(e,t)=>{const i=e.runtime.some(n=>n.status==="warn"),l=e.vulnCount>0||e.socketIssues.alerts>0;return t?l||e.outdated.length>0||e.duplicates.length>0||i:l},is=["aube-workspace.yaml","pnpm-workspace.yaml"],we=e=>typeof e=="boolean"?e:void 0,ss=e=>{if(e==="no-downgrade"||e==="off")return e},rs=e=>{const t={allowBuildsCount:0,blockExoticSubdeps:void 0,jailBuilds:void 0,minimumReleaseAge:void 0,minimumReleaseAgeStrict:void 0,paranoid:void 0,source:void 0,strictDepBuilds:void 0,trustPolicy:void 0};for(const i of is){const l=q(e,i);if(!be(l))continue;let n;try{n=At(Ct(l))}catch{continue}if(typeof n!="object"||n===null)continue;const o=n;return t.source=i,t.paranoid=we(o.paranoid),t.trustPolicy=ss(o.trustPolicy),t.blockExoticSubdeps=we(o.blockExoticSubdeps),t.jailBuilds=we(o.jailBuilds),t.strictDepBuilds=we(o.strictDepBuilds),t.minimumReleaseAgeStrict=we(o.minimumReleaseAgeStrict),typeof o.minimumReleaseAge=="number"&&Number.isFinite(o.minimumReleaseAge)&&(t.minimumReleaseAge=o.minimumReleaseAge),o.allowBuilds&&typeof o.allowBuilds=="object"&&!Array.isArray(o.allowBuilds)&&(t.allowBuildsCount=Object.keys(o.allowBuilds).length),t}return t},ns=e=>e.paranoid?{...e,jailBuilds:!0,minimumReleaseAgeStrict:!0,strictDepBuilds:!0,trustPolicy:"no-downgrade"}:e,os=/^(@[\w./-]+\/[\w./-]+|[\w.-]+)@(.+)$/,ls=e=>{const t=os.exec(e);if(t)return{name:t[1],version:t[2]}},as=(e,t)=>{let i;try{if(t==="pnpm"){const n=q(e,"pnpm-workspace.yaml");be(n)&&(i=ti(n)?.patchedDependencies)}else if(t==="bun"){const n=q(e,"package.json");be(n)&&(i=et(n)?.patchedDependencies)}}catch{return[]}if(!i||typeof i!="object")return[];const l=[];for(const[n,o]of Object.entries(i)){if(typeof o!="string"||o.length===0)continue;const c=ls(n);c&&l.push({name:c.name,patchFile:o,resolvedPatchFile:Rt(o)?o:Xe(e,o),version:c.version})}return l},cs=e=>{const t=[];for(const i of e)be(i.resolvedPatchFile)||t.push({entry:i,kind:"missing-file"});return t},He=e=>e.some(t=>t.severity==="error")?"error":e.some(t=>t.severity==="warn")?"warn":"ok",ds=(e,t={})=>{const i=[],l=e?.security;if(!l)return i.push({detail:"Use defineConfig() from '@visulima/vis/config' to apply secure defaults.",label:"No security config — running with the PM's native defaults",severity:"warn"}),{findings:i,status:He(i)};const n=l.policies?.firstSeen?.minutes,o=l.policies?.publisherChange,c=l.policies?.installScripts;n===void 0?i.push({detail:"Set security.policies.firstSeen.minutes to block packages published in the last N minutes (mitigates supply-chain attacks).",label:"policies.firstSeen.minutes is not set",severity:"warn"}):n===0?i.push({detail:"New packages can be installed immediately after publishing. Consider setting a non-zero cooldown.",label:"policies.firstSeen.minutes is explicitly 0",severity:"warn"}):i.push({label:`policies.firstSeen.minutes: ${String(n)} minutes`,severity:"ok"}),o?.mode===void 0||o.mode==="off"?i.push({detail:"Packages whose trust level has decreased will not be blocked. Consider 'no-downgrade'.",label:`policies.publisherChange.mode: ${o?.mode??"not set"}`,severity:"warn"}):i.push({label:`policies.publisherChange.mode: ${o.mode}`,severity:"ok"}),l.blockExoticSubdeps===void 0||!l.blockExoticSubdeps?i.push({detail:"Transitive dependencies can pull code from git repos or tarball URLs. Set to true to block.",label:`blockExoticSubdeps: ${String(l.blockExoticSubdeps??!1)}`,severity:"warn"}):i.push({label:"blockExoticSubdeps: true",severity:"ok"});const h=c?.allow?Object.keys(c.allow).length:0;if(h===0?i.push({detail:"Lifecycle scripts are blocked by default. List trusted packages here to opt them back in (e.g. esbuild, @prisma/client).",label:"policies.installScripts.allow: not configured",severity:"warn"}):i.push({label:`policies.installScripts.allow: ${String(h)} ${h===1?"entry":"entries"}`,severity:"ok"}),c?.strict&&h===0&&i.push({detail:"All dependencies with build scripts will be blocked. Run 'vis approve-builds' to populate the allow list.",label:"policies.installScripts.strict is on but allow is empty",severity:"error"}),t.workspaceRoot){const a=ii(t.workspaceRoot);if(a.length>0){const p=[...new Set(a.map(y=>y.tool))].sort((y,j)=>y.localeCompare(j)).join(", ");i.push({detail:"Run `vis migrate verify` for the full list, then re-run `vis migrate <tool>` to clean up.",label:`${String(a.length)} leftover ${a.length===1?"reference":"references"} to ${p}`,severity:"warn"})}}if(t.workspaceRoot&&t.packageManager==="aube"){const a=rs(t.workspaceRoot),p=ns(a),y=p.source?` (from ${p.source})`:"";p.paranoid===!0&&i.push({detail:"Forces jailBuilds, trustPolicy=no-downgrade, minimumReleaseAgeStrict, strictStoreIntegrity, and strictDepBuilds on.",label:`aube paranoid: true${y}`,severity:"ok"}),p.trustPolicy==="off"&&i.push({detail:"Trust downgrades between releases will not be blocked. Set trustPolicy: no-downgrade in aube-workspace.yaml.",label:`aube trustPolicy: off${y}`,severity:"warn"}),p.blockExoticSubdeps===!1&&i.push({detail:"Transitive deps from git+, file:, and tarball URLs will not be blocked. Re-enable with blockExoticSubdeps: true.",label:`aube blockExoticSubdeps: false${y}`,severity:"warn"}),p.minimumReleaseAge===0&&i.push({detail:"Newly published versions are not held in a cooling window. Restore with minimumReleaseAge: 1440 (24h) or higher.",label:`aube minimumReleaseAge: 0${y}`,severity:"warn"}),p.jailBuilds===!0&&i.push({label:`aube jailBuilds: true${y}`,severity:"ok"}),p.strictDepBuilds===!0&&i.push({label:`aube strictDepBuilds: true${y}`,severity:"ok"}),p.allowBuildsCount>0&&i.push({label:`aube allowBuilds: ${String(p.allowBuildsCount)} ${p.allowBuildsCount===1?"entry":"entries"}${y}`,severity:"ok"})}if(t.workspaceRoot&&t.packageManager){const a=as(t.workspaceRoot,t.packageManager);if(a.length>0){const p=cs(a);if(p.length===0)i.push({label:`patchedDependencies: ${String(a.length)} ${a.length===1?"entry":"entries"} resolved`,severity:"ok"});else for(const y of p)i.push({detail:`Referenced from ${t.packageManager==="pnpm"?"pnpm-workspace.yaml":"package.json"} but the file is not present at ${y.entry.patchFile}.`,label:`patchedDependencies: missing patch file for ${y.entry.name}@${y.entry.version}`,severity:"error"})}}return{findings:i,status:He(i)}},H=e=>e>=1e3?`${(e/1e3).toFixed(1)}s`:`${String(Math.round(e))}ms`,je=async(e,t,i,l)=>{if(!e)return i();e.start(t);const n=Date.now();try{const o=await i(),c=Date.now()-n,{status:h,summary:a}=l(o,c);return e.finish(t,h,a),o}catch(o){const c=Date.now()-n,h=o instanceof Error?o.message:String(o);throw e.finish(t,"error",`${h} (${H(c)})`),o}},us=(e,t)=>{const i={duplicates:t.duplicates,optimizations:t.optimizations,outdated:t.outdated,runtime:t.runtime,sections:new Set([e])};return lt(i)},Ye=async e=>{const{filterPatterns:t,installed:i,progress:l,resolveCodemods:n,sections:o,store:c,visConfig:h,workspaceRoot:a}=e,p=o.has("dependencies"),y=o.has("security"),j=o.has("optimization"),k=o.has("runtime"),D=(g,T)=>dt(us(g,T),t),$=it(a),{packageManager:f}=qe(a),A=Be(q(a,"package.json"),!1),M=tt(a),F=new Set(A);for(const g of M){const T=Be(q(Xe(a,g),"package.json"),!1);for(const I of T)F.add(I)}const E=Nt(a),R=Ke(a,f),P=Je(h?.security,{minimumScore:h?.security?.policies?.score?.minimum}),Y=h?.security?.policies?.score?.minimum??Qe,Z=h?.security?.acceptedRisks,ee=Lt(a,$.name),W={exclude:[],ignore:[],include:[],includeLocked:!1,includePrerelease:!1,security:!0,target:"latest"},B=p?Jt(a,$.name):[],L=j?_t(F):[],b=j?Vt(F,ee,$,!1):[],S=new Set(L.map(g=>g.packageName)),_=b.filter(g=>!S.has(g.packageName)),V=[...L,..._],G=k?ki(a):[];c&&(p&&c.startSection("dependencies",R.size>0?"checking outdated catalog dependencies":"scanning duplicates"),y&&c.startSection("security",i.length>0?`scanning ${String(i.length)} packages for advisories`:"no installed packages to scan"),j&&c.startSection("optimization","matching e18e + socket overrides"),k&&c.startSection("runtime","running runtime diagnostics")),c&&k&&c.completeSection("runtime",D("runtime",{duplicates:[],optimizations:[],outdated:[],runtime:G}));const ne=(p||y)&&R.size>0?je(l,"outdated",()=>Mt(R,W,E,void 0,a,P,Z),(g,T)=>{const I=g.outdated.length;return{status:I>0?"warn":"ok",summary:I>0?`${String(I)} outdated · ${H(T)}`:`up to date · ${H(T)}`}}):Promise.resolve({failed:[],ignored:[],outdated:[]}),Q=y&&i.length>0?je(l,"vulnerabilities",()=>Et(i.map(g=>({name:g.name,version:g.version}))),(g,T)=>{let I=0;for(const ie of g.values())I+=ie.length;return{status:I>0?"error":"ok",summary:I>0?`${String(I)} found · ${H(T)}`:`none found · ${H(T)}`}}):Promise.resolve(new Map),z=y&&P.length>0&&i.length>0?je(l,"socket",()=>Dt(P,i.map(g=>({name:g.name,version:g.version}))),(g,T)=>{let I=0,ie=0;for(const Fe of g.values())I+=Fe.alerts.length,Fe.score.overall<Y&&(ie+=1);const De=I+ie;return{status:De>0?"warn":"ok",summary:De>0?`${String(I)} alert${I===1?"":"s"}, ${String(ie)} low-score · ${H(T)}`:`clean · ${H(T)}`}}):Promise.resolve(new Map);let U,te,ce,de;const ue=ne.catch(g=>(U=g instanceof Error?g.message:String(g),c||d.warn(`Outdated scan failed: ${U}`),{failed:[],ignored:[],outdated:[]})),me=Q.catch(g=>(te=g instanceof Error?g.message:String(g),c||d.warn(`Vulnerability scan failed: ${te}`),new Map)),x=z.catch(g=>(ce=g instanceof Error?g.message:String(g),c||d.warn(`Socket scan failed: ${ce}`),new Map)),m=c&&p?ue.then(g=>{if(U){c.failSection("dependencies",U);return}c.completeSection("dependencies",D("dependencies",{duplicates:B,optimizations:[],outdated:g.outdated,runtime:[]}))}):void 0,w=c&&y?Promise.all([ue,me,x]).then(([g])=>{const T=U??te??ce;if(T){c.failSection("security",T);return}c.completeSection("security",D("security",{duplicates:[],optimizations:[],outdated:g.outdated,runtime:[]}))}):void 0,xe=(async()=>{if(n&&j&&V.length>0&&await je(l,"codemods",async()=>(await Ht(V),V),(g,T)=>{const I=g.filter(ie=>ie.hasCodemod||ie.category==="socket").length;return{status:"ok",summary:`${String(I)} auto-fixable · ${H(T)}`}}).catch(g=>{de=g instanceof Error?g.message:String(g)}),c&&j){if(de){c.failSection("optimization",de);return}c.completeSection("optimization",D("optimization",{duplicates:[],optimizations:V,outdated:[],runtime:[]}))}})(),[oe,gt,ft]=await Promise.all([ue,me,x]);await Promise.all([m,w,xe]);let Me=0,Ee=0;if(y&&P.length>0)for(const g of ft.values())Me+=g.alerts.length,g.score.overall<Y&&(Ee+=1);let Te=0;if(y){for(const g of oe.outdated)g.vulnerabilities&&g.vulnerabilities.length>0&&(Te+=g.vulnerabilities.length);for(const g of gt.values())Te+=g.length}return{duplicates:B,installedCount:i.length,optimizations:j?V:[],outdated:p?oe.outdated:[],runtime:G,sections:o,socketIssues:{alerts:Me,lowScore:Ee},supplyChain:ds(h,{packageManager:f,workspaceRoot:a}),vulnCount:Te,workspaceCount:M.length}},hs=e=>{switch(e){case"error":return ve(N.failure);case"skip":return v(N.dash);case"warn":return Re(N.warning);default:return fe(N.success)}},ae=(e,t)=>{const i=process.stderr.columns??80,l=Math.max(20,Math.min(i-2,60)),n=N.dash.repeat(2),o=`${hs(t)} ${le(e)}`,c=o.replaceAll(/\[[0-9;]*m/g,"").length,h=Math.max(0,l-c-n.length-2);return`${n} ${o} ${v(N.dash.repeat(h))}`},J=e=>` ${fe(N.success)} ${e}`,X=e=>` ${Re(N.warning)} ${e}`,Ne=e=>` ${ve(N.failure)} ${e}`,pt=e=>` ${v(N.dash)} ${v(e)}`,K=(e,t,i)=>{const l=`${le(String(e))} ${v(t)}`;return i?`${l} ${v(`(${i})`)}`:l},ps=e=>{if(e.sections.has("dependencies")){if(d.log(""),d.log(ae("Dependencies",se(e,"dependencies"))),d.log(J(K(e.installedCount,"packages installed"))),e.outdated.length>0){const t=e.outdated.filter(o=>o.updateType==="major").length,i=e.outdated.filter(o=>o.updateType==="minor").length,l=e.outdated.filter(o=>o.updateType==="patch").length,n=[];t>0&&n.push(`${String(t)} major`),i>0&&n.push(`${String(i)} minor`),l>0&&n.push(`${String(l)} patch`),d.log(X(K(e.outdated.length,"outdated",n.join(", "))))}else d.log(J("All dependencies up to date"));e.duplicates.length>0?d.log(X(K(e.duplicates.length,"packages with duplicate versions"))):d.log(J("No duplicate dependencies"))}},gs=e=>{e.sections.has("security")&&(d.log(""),d.log(ae("Security",se(e,"security"))),e.vulnCount>0?d.log(Ne(K(e.vulnCount,`vulnerabilit${e.vulnCount===1?"y":"ies"} found`))):d.log(J("No known vulnerabilities")),e.socketIssues.alerts>0&&d.log(X(K(e.socketIssues.alerts,`Socket.dev security alert${e.socketIssues.alerts===1?"":"s"}`))),e.socketIssues.lowScore>0&&d.log(X(K(e.socketIssues.lowScore,`package${e.socketIssues.lowScore===1?"":"s"} with low security score`))),e.socketIssues.alerts===0&&e.socketIssues.lowScore===0&&e.vulnCount===0&&d.log(J("No security issues detected")))},fs=e=>{if(!e.sections.has("optimization"))return;d.log(""),d.log(ae("Optimization",se(e,"optimization")));const t=ht(e.optimizations);if(t.total===0){d.log(J("No optimizations available"));return}t.native>0&&d.log(X(K(t.native,"replaceable with native APIs"))),t.preferred>0&&d.log(X(K(t.preferred,"with lighter alternatives"))),t.micro>0&&d.log(X(K(t.micro,"trivial micro-utilities"))),t.socket>0&&d.log(X(K(t.socket,"@socketregistry overrides available")))},ms=e=>{d.log(""),d.log(ae("Supply Chain",e.supplyChain.status));for(const t of e.supplyChain.findings){const i=t.severity==="ok"?J(t.label):t.severity==="error"?Ne(t.label):X(t.label);d.log(i),t.detail&&d.log(` ${v(N.arrow)} ${v(t.detail)}`)}e.supplyChain.status!=="ok"&&d.log(` ${v(N.arrow)} ${v("Configure with security.* in vis.config.ts. See `vis check --security-config` for details.")}`)},xs=e=>{if(e.sections.has("runtime")){d.log(""),d.log(ae("Runtime",se(e,"runtime")));for(const t of e.runtime)t.status==="ok"?d.log(J(t.message)):t.status==="skip"?d.log(pt(t.message)):d.log(X(t.message))}},ys=(e,t)=>{const i=e.vulnCount,l=e.runtime.filter(o=>o.status==="warn").length,n=e.outdated.length+e.duplicates.length+e.optimizations.length+l;if(t){if(i===0&&n===0)d.success(`Everything looks good! ${v(`(${H(e.elapsedMs)})`)}`);else{const o=[];i>0&&o.push(ve(`${String(i)} security`)),n>0&&o.push(Re(`${String(n)} improvement${n===1?"":"s"}`)),d.log(`${ve(N.failure)} ${o.join(", ")} ${v(`(${H(e.elapsedMs)})`)}`)}return}d.log(""),d.log(ae("Summary","ok")),i===0&&n===0?d.success(`Everything looks good! ${v(`(${H(e.elapsedMs)})`)}`):(i>0&&d.error(`${String(i)} security issue${i===1?"":"s"}`),n>0&&d.log(` ${ke(N.arrow)} ${le(String(n))} ${v(`improvement${n===1?"":"s"} available`)} ${v(`(${H(e.elapsedMs)})`)}`))},ws=e=>{const t=[];if(e.outdated.length>0&&t.push("vis update — update outdated dependencies"),(e.vulnCount>0||e.socketIssues.alerts>0)&&t.push("vis audit — detailed security analysis"),e.optimizations.length>0&&t.push("vis optimize — apply optimizations interactively"),e.duplicates.length>0&&t.push("vis dedupe — reduce duplicate versions"),t.length>0){d.log(""),d.log(le("Next steps:"));for(const i of t)d.log(` ${v(N.arrow)} ${i}`)}d.log("")},ks=(e,t)=>{t||(ps(e),gs(e),fs(e),xs(e),ms(e)),ys(e,t)},vs=(e,t,i,l,n)=>{const o=[],c=e.has("dependencies"),h=e.has("security"),a=e.has("optimization");return(c||h)&&t>0&&o.push({id:"outdated",label:"Outdated catalog dependencies"}),h&&l>0&&o.push({id:"vulnerabilities",label:"Known vulnerabilities (OSV)"}),h&&i&&l>0&&o.push({id:"socket",label:"Socket.dev supply-chain reports"}),a&&n&&o.push({id:"codemods",label:"Codemod availability"}),o},bs=e=>{if(d.log(""),d.log(`${le(ke("vis doctor"))} ${v("— project health check")}`),d.log(J(`Detected ${e.packageManagerName} v${e.packageManagerVersion}`)),e.runtimeFindings.length===0)d.log(J(`Node.js ${e.nodeVersion}`));else{for(const t of e.runtimeFindings){const i=t.severity==="error"?ve:Re;d.log(Ne(`Runtime: ${i(t.message)}`))}d.log(` ${v(N.arrow)} Run ${fe("vis toolchain install")} to install pinned versions, or ${fe("vis toolchain status")} for the per-tool breakdown.`)}d.log("")},Us=async({fs:e,logger:t,options:i,visConfig:l,visConfigError:n,workspaceRoot:o})=>{if(!o)throw new Error("Could not determine workspace root.");const c=i.format==="json"||i.json===!0,h=es(i.only,i.skip),a=!!i.quiet,p=i.progress===!1,y=Qi(i.filter);if(h.size===0){d.error("No sections selected. Check your --only / --skip values."),process.exitCode=2;return}const j=Date.now(),k=it(o),D=Wt(o),$=!!process.stdout.isTTY,f=!c&&$&&!Ot&&!a&&!p;!c&&!f&&bs({nodeVersion:process.versions.node,packageManagerName:k.name,packageManagerVersion:k.version,runtimeFindings:D});const A=Ke(o,qe(o).packageManager),M=Xt(o,k.name),F=M.length,E=Je(l?.security).length>0,R=l?.security?.policies?.score?.minimum??Qe,P=tt(o);if(!c&&!a&&!f){const z=P.length>0?v(` · ${String(P.length)} workspace package${P.length===1?"":"s"}`):"";d.log(`${v("·")} ${v("Found")} ${le(String(F))} ${v(`installed package${F===1?"":"s"}`)}${z}`)}const Y=n?{hint:n.file?`Continuing with default settings — fix or regenerate ${n.file} (vis init --force).`:"Continuing with default settings.",message:n.message,severity:"error",title:n.file?`Failed to load ${n.file}`:"Failed to load vis.config"}:void 0,Z=Kt(o,k.name)?.file,ee=Z?q(o,Z):void 0,W=Bt(o),B=i.cache!==!1&&!i.fix?ni({configPath:W,lockfilePath:ee,sections:h,socketEnabled:E,workspaceRoot:o}):void 0,L=B?oi(B):void 0,b=L!==void 0;let S,_;if(f){const z=L?new _e({activeSections:h,findings:dt(lt(L),y)}):new _e({activeSections:h}),U=Tt(It.createElement(Xi,{banner:Y,fromCache:b,startedAt:j,store:z}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0});try{S=L??await Ye({filterPatterns:y,installed:M,resolveCodemods:!!i.fix,sections:h,store:z,visConfig:l,workspaceRoot:o})}catch(te){throw U.unmount(),te}await U.waitUntilExit(),_=z.getSnapshot().pendingAction}else if(L)S=L;else{const z=vs(h,A.size,E,F,!!i.fix),U=qt(z,{live:!c&&!a&&!p});try{S=await Ye({filterPatterns:y,installed:M,progress:U,resolveCodemods:!!i.fix,sections:h,visConfig:l,workspaceRoot:o})}finally{U.stop()}}const V={...S,elapsedMs:Date.now()-j};if(B&&!b)try{li(B,V)}catch{}const G=Zi(V,y,R);if(c){process.stdout.write(`${JSON.stringify(ts(G,k.name),void 0,2)}
|
|
4
|
+
`),i.exitCode&&Ue(G,!!i.strict)&&(process.exitCode=1);return}b&&!a&&d.log(`${v("·")} Cached results (use --no-cache to refresh)`),y.length>0&&!a&&d.log(`${v("·")} Filter active: ${ke(i.filter??"")}`),ks(G,a);const ne=G.runtime.some(z=>z.id===$e&&z.status==="warn"),Q=G.sections.has("optimization")&&G.optimizations.length>0;i.fix&&(Q||ne)?await js({force:!!i.fixForce,fs:e,logger:t,pm:k,recoverOrphans:ne,results:G,useEditorconfig:l?.editorconfig??!0,workspaceRoot:o}):a||ws(G),_&&(process.stdout.write(`
|
|
5
5
|
`),process.stdout.write(`${le("→ ")}${_.description}
|
|
6
6
|
`),_.configSnippet?(process.stdout.write(`
|
|
7
7
|
`),process.stdout.write(`${v(_.configSnippet)}
|
|
8
8
|
`)):process.stdout.write(` ${ke(_.command)}
|
|
9
9
|
`),process.stdout.write(`
|
|
10
|
-
`)),i.exitCode&&Ue(G,!!i.strict)&&(process.exitCode=1)},js=async e=>{const{force:t,fs:i,logger:l,pm:n,recoverOrphans:o,results:c,useEditorconfig:h,workspaceRoot:a}=e;d.log(""),d.log(ae("Applying fixes","ok"));const p=c.optimizations.filter(f=>f.category==="socket"&&f.overrideSpec).map(f=>({original:f.packageName,spec:f.overrideSpec})),
|
|
10
|
+
`)),i.exitCode&&Ue(G,!!i.strict)&&(process.exitCode=1)},js=async e=>{const{force:t,fs:i,logger:l,pm:n,recoverOrphans:o,results:c,useEditorconfig:h,workspaceRoot:a}=e;d.log(""),d.log(ae("Applying fixes","ok"));const p=c.optimizations.filter(f=>f.category==="socket"&&f.overrideSpec).map(f=>({original:f.packageName,spec:f.overrideSpec})),y=c.optimizations.filter(f=>f.category!=="socket"&&f.hasCodemod),j=c.optimizations.filter(f=>f.category!=="socket"&&!f.hasCodemod);let k=!1,D=0;const $=[];if(o){const f=hi({force:t});if(f.killed.length>0&&(d.success(`Cleaned up ${String(f.killed.length)} orphaned process${f.killed.length===1?"":"es"} (PIDs: ${f.killed.join(", ")}).`),k=!0),f.failed.length>0){const A=t?"":" Re-run with `--fix --fix-force` to escalate to SIGKILL.";d.warn(`Could not signal ${String(f.failed.length)} orphan${f.failed.length===1?"":"s"}: ${f.failed.map(M=>`${String(M.pid)} (${M.reason})`).join(", ")}.${A}`)}}if(p.length>0){const f=Gt(a,q(a,"package.json"),p,n,h);f.added.length>0&&(d.success(`Added ${String(f.added.length)} security override${f.added.length===1?"":"s"}.`),k=!0),f.updated.length>0&&(d.success(`Updated ${String(f.updated.length)} override${f.updated.length===1?"":"s"}.`),k=!0)}for(const f of y)try{const A=await Ut(i,a,f.packageName);A.filesChanged>0&&(d.success(`${f.packageName}: ${String(A.filesChanged)} file${A.filesChanged===1?"":"s"} updated`),D+=1,k=!0)}catch(A){const M=A instanceof Error?A.message:String(A);$.push({error:M,package:f.packageName}),d.warn(`${f.packageName}: codemod failed — ${M}`)}p.length>0&&(d.log(`${ke(N.arrow)} Running ${n.name} install to update lockfile…`),Yt(n,{dev:!1,filter:[],force:!1,frozenLockfile:!1,ignoreScripts:!1,lockfileOnly:!1,noOptional:!1,offline:!1,prod:!1,recursive:!1,silent:!1,workspaceRoot:!1},a,l),k=!0),d.log(""),k?d.success(`Fixes applied. ${D>0?`${String(D)} codemod${D===1?"":"s"} applied.`:""}`.trim()):d.log(pt("No auto-fixable items in the current run.")),$.length>0&&d.warn(`${String($.length)} codemod${$.length===1?"":"s"} failed (run ${fe("vis optimize")} for the interactive picker).`),j.length>0&&d.notice(`${String(j.length)} optimization${j.length===1?"":"s"} need manual review (no codemod). Run ${fe("vis optimize")} to inspect them.`)};export{Us as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{r as g}from"../packem_shared/affected-shas-
|
|
1
|
+
import{r as g}from"../packem_shared/affected-shas-CCxG4tvm.js";import{r as m}from"../packem_shared/toolchain-C44mPKPu.js";const w=async({argument:d,logger:t,options:o,runtime:r,visConfig:s,workspaceRoot:e})=>{const l=d[0];if(!l)throw new Error("Missing targets. Usage: vis ci <target>[,<target>…]");const f=l.split(",").map(a=>a.trim()).filter(Boolean);if(f.length===0)throw new Error("Missing targets. Usage: vis ci <target>[,<target>…]");if(!e)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const i=g({defaultBase:s?.defaultBase,workspaceRoot:e}),p=o.base??i.base,c=o.head??i.head;!o.base&&!o.head&&t.info(`▸ Resolved affected refs from ${i.provider} (${i.notes.join("; ")})`),o.skipToolchain||t.info("▸ Toolchain pre-flight"),await m(e,s?.toolchain,{error:a=>{t.error(a)},info:a=>{t.info(a)},warn:a=>{t.warn(a)}},!!o.skipToolchain),o.install===!1?t.info("▸ Skipping install (--no-install)"):(t.info("▸ Installing dependencies"),await r.runCommand("install",{argv:["--ci","--frozen-lockfile"]}));for(const a of f){t.info(`▸ Running affected ${a} (base=${p}, head=${c})`);const n=[a,`--base=${p}`,`--head=${c}`,`--upstream=${String(o.upstream??"none")}`,`--downstream=${String(o.downstream??"deep")}`];o.parallel!==void 0&&n.push(`--parallel=${String(o.parallel)}`),o.partition&&n.push(`--partition=${String(o.partition)}`),o.query&&n.push(`--query=${String(o.query)}`),await r.runCommand("affected",{argv:n})}t.info("▸ CI pipeline complete")};export{w as default};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/index.server-J83sowC4.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-CE6MsgcV.js";import{I as De}from"../packem_shared/index-B0EsgdzO.js";import{whichBin as Pt}from"#native";import{r as zt,R as Wt,b as _t}from"../packem_shared/ai-analysis-
|
|
1
|
+
import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/index.server-J83sowC4.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-CE6MsgcV.js";import{I as De}from"../packem_shared/index-B0EsgdzO.js";import{whichBin as Pt}from"#native";import{r as zt,R as Wt,b as _t}from"../packem_shared/ai-analysis-rC48NLfB.js";import{N as Ht,O as Ut,B as Ft,M as Gt,p as u,i as Qe}from"./cli-main.js";import"../packem_shared/public-api-WqUCiyIe.js";import{u as Ve}from"./ts-loader.js";import{e as Bt,W as Kt,v as qt,c as Jt,N as Yt,f as Zt,b as Qt,O as Xt}from"./catalog.js";import{A as ei,j as ti}from"../packem_shared/pm-runner-CQcraCcu.js";import{s as L}from"../packem_shared/index-Cg0IHaFI.js";import{c as gt,s as he,p as ii,e as ai,g as ni}from"../packem_shared/index-Cntyu-w8.js";import{d as ri}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as oi,b as si}from"../packem_shared/cyclonedx-BeUmPgfO.js";import{s as pi}from"../packem_shared/scan-progress-YRpDs90j.js";import{r as di,A as Xe,q as et}from"../packem_shared/advisories-CefYKEPe.js";import{a as ut}from"../packem_shared/readJsonSync-CvkZyKmL-ihoybKvs.js";import{l as gi,f as fi,a as ui}from"../packem_shared/dependency-scan-DpOFiZuI.js";import{r as mi}from"../packem_shared/manifests-WBnsV_Eb.js";import{l as bi,p as xi,O as ki}from"../packem_shared/osv-bloom-DVMlkcAO.js";import{H as tt,h as $i,D as Si,y as Ni}from"../packem_shared/env-Ct3hMEYB.js";const Ot=Et(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Y=e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,i]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ee.getBuiltinModule(e)}return Ot(e)},{spawnSync:Dt}=Y("node:child_process"),{createInterface:Mt}=Y("node:readline"),{stripVTControlCharacters:Vt}=Y("node:util"),{createHash:ci}=Y("node:crypto"),{relative:ft,join:li}=Y("node:path"),{readFileSync:mt,existsSync:hi,writeFileSync:vi,renameSync:wi,unlinkSync:yi}=Y("node:fs"),it=(e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const i=[];for(const a of Lt(e,t))i.push(a.path);return i},xe=e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,Ai=e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all",Ci=(e,t)=>{if(Ai(t))return e;const i=String(t).trim();if(/^\d+$/.test(i)){const n=Number.parseInt(i,10)-1,o=e[n];return o?[o]:[]}const a=i.toLowerCase();return e.filter(n=>{const{aliases:o,id:r}=n.vulnerability;return r.toLowerCase()===a||(o??[]).some(c=>c.toLowerCase()===a)})},Ri=e=>{const{packageName:t,packageVersion:i,vulnerability:a}=e,n=(a.aliases??[]).join(", ")||"none",o=(a.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
|
|
2
2
|
|
|
3
3
|
Package: ${t}@${i}
|
|
4
4
|
Advisory: ${a.id} (aliases: ${n})
|