@vltpkg/query 0.0.0-7 → 0.0.0-9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -0
- package/dist/esm/attribute.js +3 -1
- package/dist/esm/attribute.js.map +1 -1
- package/dist/esm/combinator.d.ts.map +1 -1
- package/dist/esm/combinator.js +4 -1
- package/dist/esm/combinator.js.map +1 -1
- package/dist/esm/id.d.ts.map +1 -1
- package/dist/esm/id.js +20 -6
- package/dist/esm/id.js.map +1 -1
- package/dist/esm/index.d.ts +7 -2
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +172 -12
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/parser.d.ts +15 -0
- package/dist/esm/parser.d.ts.map +1 -0
- package/dist/esm/parser.js +92 -0
- package/dist/esm/parser.js.map +1 -0
- package/dist/esm/pseudo/abandoned.d.ts +3 -1
- package/dist/esm/pseudo/abandoned.d.ts.map +1 -1
- package/dist/esm/pseudo/attr.d.ts.map +1 -1
- package/dist/esm/pseudo/attr.js +10 -2
- package/dist/esm/pseudo/attr.js.map +1 -1
- package/dist/esm/pseudo/confused.d.ts +3 -1
- package/dist/esm/pseudo/confused.d.ts.map +1 -1
- package/dist/esm/pseudo/cve.d.ts +3 -1
- package/dist/esm/pseudo/cve.d.ts.map +1 -1
- package/dist/esm/pseudo/cve.js +3 -6
- package/dist/esm/pseudo/cve.js.map +1 -1
- package/dist/esm/pseudo/cwe.d.ts +3 -1
- package/dist/esm/pseudo/cwe.d.ts.map +1 -1
- package/dist/esm/pseudo/cwe.js +3 -6
- package/dist/esm/pseudo/cwe.js.map +1 -1
- package/dist/esm/pseudo/debug.d.ts +3 -1
- package/dist/esm/pseudo/debug.d.ts.map +1 -1
- package/dist/esm/pseudo/deprecated.d.ts +3 -1
- package/dist/esm/pseudo/deprecated.d.ts.map +1 -1
- package/dist/esm/pseudo/dev.d.ts +6 -0
- package/dist/esm/pseudo/dev.d.ts.map +1 -0
- package/dist/esm/pseudo/dev.js +15 -0
- package/dist/esm/pseudo/dev.js.map +1 -0
- package/dist/esm/pseudo/dynamic.d.ts +3 -1
- package/dist/esm/pseudo/dynamic.d.ts.map +1 -1
- package/dist/esm/pseudo/empty.d.ts +7 -0
- package/dist/esm/pseudo/empty.d.ts.map +1 -0
- package/dist/esm/pseudo/empty.js +14 -0
- package/dist/esm/pseudo/empty.js.map +1 -0
- package/dist/esm/pseudo/entropic.d.ts +3 -1
- package/dist/esm/pseudo/entropic.d.ts.map +1 -1
- package/dist/esm/pseudo/env.d.ts +3 -1
- package/dist/esm/pseudo/env.d.ts.map +1 -1
- package/dist/esm/pseudo/eval.d.ts +3 -1
- package/dist/esm/pseudo/eval.d.ts.map +1 -1
- package/dist/esm/pseudo/fs.d.ts +3 -1
- package/dist/esm/pseudo/fs.d.ts.map +1 -1
- package/dist/esm/pseudo/helpers.d.ts +18 -2
- package/dist/esm/pseudo/helpers.d.ts.map +1 -1
- package/dist/esm/pseudo/helpers.js +29 -3
- package/dist/esm/pseudo/helpers.js.map +1 -1
- package/dist/esm/pseudo/license.d.ts +3 -1
- package/dist/esm/pseudo/license.d.ts.map +1 -1
- package/dist/esm/pseudo/license.js +2 -5
- package/dist/esm/pseudo/license.js.map +1 -1
- package/dist/esm/pseudo/link.d.ts +9 -0
- package/dist/esm/pseudo/link.d.ts.map +1 -0
- package/dist/esm/pseudo/link.js +25 -0
- package/dist/esm/pseudo/link.js.map +1 -0
- package/dist/esm/pseudo/malware.d.ts +5 -1
- package/dist/esm/pseudo/malware.d.ts.map +1 -1
- package/dist/esm/pseudo/malware.js +117 -12
- package/dist/esm/pseudo/malware.js.map +1 -1
- package/dist/esm/pseudo/minified.d.ts +3 -1
- package/dist/esm/pseudo/minified.d.ts.map +1 -1
- package/dist/esm/pseudo/missing.d.ts +8 -0
- package/dist/esm/pseudo/missing.d.ts.map +1 -0
- package/dist/esm/pseudo/missing.js +15 -0
- package/dist/esm/pseudo/missing.js.map +1 -0
- package/dist/esm/pseudo/native.d.ts +3 -1
- package/dist/esm/pseudo/native.d.ts.map +1 -1
- package/dist/esm/pseudo/network.d.ts +3 -1
- package/dist/esm/pseudo/network.d.ts.map +1 -1
- package/dist/esm/pseudo/obfuscated.d.ts +3 -1
- package/dist/esm/pseudo/obfuscated.d.ts.map +1 -1
- package/dist/esm/pseudo/optional.d.ts +6 -0
- package/dist/esm/pseudo/optional.d.ts.map +1 -0
- package/dist/esm/pseudo/optional.js +15 -0
- package/dist/esm/pseudo/optional.js.map +1 -0
- package/dist/esm/pseudo/outdated.d.ts +1 -1
- package/dist/esm/pseudo/outdated.d.ts.map +1 -1
- package/dist/esm/pseudo/outdated.js +33 -27
- package/dist/esm/pseudo/outdated.js.map +1 -1
- package/dist/esm/pseudo/peer.d.ts +6 -0
- package/dist/esm/pseudo/peer.d.ts.map +1 -0
- package/dist/esm/pseudo/peer.js +15 -0
- package/dist/esm/pseudo/peer.js.map +1 -0
- package/dist/esm/pseudo/private.d.ts +7 -0
- package/dist/esm/pseudo/private.d.ts.map +1 -0
- package/dist/esm/pseudo/private.js +16 -0
- package/dist/esm/pseudo/private.js.map +1 -0
- package/dist/esm/pseudo/prod.d.ts +6 -0
- package/dist/esm/pseudo/prod.d.ts.map +1 -0
- package/dist/esm/pseudo/prod.js +15 -0
- package/dist/esm/pseudo/prod.js.map +1 -0
- package/dist/esm/pseudo/published.d.ts +40 -0
- package/dist/esm/pseudo/published.d.ts.map +1 -0
- package/dist/esm/pseudo/published.js +159 -0
- package/dist/esm/pseudo/published.js.map +1 -0
- package/dist/esm/pseudo/scanned.d.ts +9 -0
- package/dist/esm/pseudo/scanned.d.ts.map +1 -0
- package/dist/esm/pseudo/scanned.js +17 -0
- package/dist/esm/pseudo/scanned.js.map +1 -0
- package/dist/esm/pseudo/score.d.ts +15 -0
- package/dist/esm/pseudo/score.d.ts.map +1 -0
- package/dist/esm/pseudo/score.js +119 -0
- package/dist/esm/pseudo/score.js.map +1 -0
- package/dist/esm/pseudo/scripts.d.ts +3 -1
- package/dist/esm/pseudo/scripts.d.ts.map +1 -1
- package/dist/esm/pseudo/semver.d.ts.map +1 -1
- package/dist/esm/pseudo/semver.js +11 -25
- package/dist/esm/pseudo/semver.js.map +1 -1
- package/dist/esm/pseudo/severity.d.ts +5 -1
- package/dist/esm/pseudo/severity.d.ts.map +1 -1
- package/dist/esm/pseudo/severity.js +112 -12
- package/dist/esm/pseudo/severity.js.map +1 -1
- package/dist/esm/pseudo/shell.d.ts +3 -1
- package/dist/esm/pseudo/shell.d.ts.map +1 -1
- package/dist/esm/pseudo/shrinkwrap.d.ts +3 -1
- package/dist/esm/pseudo/shrinkwrap.d.ts.map +1 -1
- package/dist/esm/pseudo/squat.d.ts +5 -1
- package/dist/esm/pseudo/squat.d.ts.map +1 -1
- package/dist/esm/pseudo/squat.js +116 -12
- package/dist/esm/pseudo/squat.js.map +1 -1
- package/dist/esm/pseudo/suspicious.d.ts +3 -1
- package/dist/esm/pseudo/suspicious.d.ts.map +1 -1
- package/dist/esm/pseudo/tracker.d.ts +3 -1
- package/dist/esm/pseudo/tracker.d.ts.map +1 -1
- package/dist/esm/pseudo/trivial.d.ts +3 -1
- package/dist/esm/pseudo/trivial.d.ts.map +1 -1
- package/dist/esm/pseudo/undesirable.d.ts +3 -1
- package/dist/esm/pseudo/undesirable.d.ts.map +1 -1
- package/dist/esm/pseudo/unknown.d.ts +3 -1
- package/dist/esm/pseudo/unknown.d.ts.map +1 -1
- package/dist/esm/pseudo/unmaintained.d.ts +3 -1
- package/dist/esm/pseudo/unmaintained.d.ts.map +1 -1
- package/dist/esm/pseudo/unpopular.d.ts +3 -1
- package/dist/esm/pseudo/unpopular.d.ts.map +1 -1
- package/dist/esm/pseudo/unstable.d.ts +3 -1
- package/dist/esm/pseudo/unstable.d.ts.map +1 -1
- package/dist/esm/pseudo/workspace.d.ts +6 -0
- package/dist/esm/pseudo/workspace.d.ts.map +1 -0
- package/dist/esm/pseudo/workspace.js +15 -0
- package/dist/esm/pseudo/workspace.js.map +1 -0
- package/dist/esm/pseudo.d.ts.map +1 -1
- package/dist/esm/pseudo.js +29 -41
- package/dist/esm/pseudo.js.map +1 -1
- package/dist/esm/types.d.ts +74 -5
- package/dist/esm/types.d.ts.map +1 -1
- package/dist/esm/types.js +12 -13
- package/dist/esm/types.js.map +1 -1
- package/package.json +9 -8
- package/dist/esm/class.d.ts +0 -6
- package/dist/esm/class.d.ts.map +0 -1
- package/dist/esm/class.js +0 -128
- package/dist/esm/class.js.map +0 -1
package/dist/esm/pseudo/squat.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { error } from '@vltpkg/error-cause';
|
|
2
2
|
import { asPostcssNodeWithChildren, asStringNode, asTagNode, isStringNode, isTagNode, } from "../types.js";
|
|
3
|
-
import { removeDanglingEdges, removeNode, removeQuotes, } from "./helpers.js";
|
|
3
|
+
import { assertSecurityArchive, removeDanglingEdges, removeNode, removeQuotes, } from "./helpers.js";
|
|
4
4
|
const kindsMap = new Map([
|
|
5
5
|
['critical', 'didYouMean'],
|
|
6
6
|
['medium', 'gptDidYouMean'],
|
|
@@ -8,6 +8,13 @@ const kindsMap = new Map([
|
|
|
8
8
|
['2', 'gptDidYouMean'],
|
|
9
9
|
[undefined, undefined],
|
|
10
10
|
]);
|
|
11
|
+
// Map numerical values to their respective kinds for comparison operations
|
|
12
|
+
const kindLevelMap = new Map([
|
|
13
|
+
['critical', 0],
|
|
14
|
+
['medium', 2],
|
|
15
|
+
['0', 0],
|
|
16
|
+
['2', 2],
|
|
17
|
+
]);
|
|
11
18
|
const kinds = new Set(kindsMap.keys());
|
|
12
19
|
export const isSquatKind = (value) => kinds.has(value);
|
|
13
20
|
export const asSquatKind = (value) => {
|
|
@@ -21,20 +28,48 @@ export const asSquatKind = (value) => {
|
|
|
21
28
|
};
|
|
22
29
|
export const parseInternals = (nodes) => {
|
|
23
30
|
let kind;
|
|
31
|
+
let comparator;
|
|
32
|
+
let kindValue = '';
|
|
24
33
|
if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
25
|
-
|
|
26
|
-
.value)
|
|
34
|
+
kindValue = removeQuotes(asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])
|
|
35
|
+
.value);
|
|
27
36
|
}
|
|
28
37
|
else if (isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {
|
|
29
|
-
|
|
38
|
+
kindValue = asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]).value;
|
|
39
|
+
}
|
|
40
|
+
// Extract comparator if present
|
|
41
|
+
if (kindValue.startsWith('>=')) {
|
|
42
|
+
comparator = '>=';
|
|
43
|
+
kindValue = kindValue.substring(2);
|
|
44
|
+
}
|
|
45
|
+
else if (kindValue.startsWith('<=')) {
|
|
46
|
+
comparator = '<=';
|
|
47
|
+
kindValue = kindValue.substring(2);
|
|
48
|
+
}
|
|
49
|
+
else if (kindValue.startsWith('>')) {
|
|
50
|
+
comparator = '>';
|
|
51
|
+
kindValue = kindValue.substring(1);
|
|
52
|
+
}
|
|
53
|
+
else if (kindValue.startsWith('<')) {
|
|
54
|
+
comparator = '<';
|
|
55
|
+
kindValue = kindValue.substring(1);
|
|
56
|
+
}
|
|
57
|
+
// Parse kind value
|
|
58
|
+
if (kindValue) {
|
|
59
|
+
if (isSquatKind(kindValue)) {
|
|
60
|
+
kind = kindValue;
|
|
61
|
+
}
|
|
62
|
+
else {
|
|
63
|
+
throw error('Expected a valid squat kind for comparison', {
|
|
64
|
+
found: kindValue,
|
|
65
|
+
validOptions: Array.from(kinds),
|
|
66
|
+
});
|
|
67
|
+
}
|
|
30
68
|
}
|
|
31
|
-
return { kind };
|
|
69
|
+
return { kind, comparator };
|
|
32
70
|
};
|
|
33
71
|
export const squat = async (state) => {
|
|
34
|
-
|
|
35
|
-
throw new Error('Missing security archive while trying to parse ' +
|
|
36
|
-
'the :squat security selector');
|
|
37
|
-
}
|
|
72
|
+
assertSecurityArchive(state, 'squat');
|
|
38
73
|
let internals;
|
|
39
74
|
try {
|
|
40
75
|
internals = parseInternals(asPostcssNodeWithChildren(state.current).nodes);
|
|
@@ -42,11 +77,80 @@ export const squat = async (state) => {
|
|
|
42
77
|
catch (err) {
|
|
43
78
|
throw error('Failed to parse :squat selector', { cause: err });
|
|
44
79
|
}
|
|
45
|
-
const { kind } = internals;
|
|
46
|
-
|
|
80
|
+
const { kind, comparator } = internals;
|
|
81
|
+
// First pass: Remove nodes without security data
|
|
82
|
+
for (const node of state.partial.nodes) {
|
|
83
|
+
const report = state.securityArchive.get(node.id);
|
|
84
|
+
// Always exclude nodes that don't have security data or alerts
|
|
85
|
+
if (!report?.alerts || report.alerts.length === 0) {
|
|
86
|
+
removeNode(state, node);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
// Second pass: Apply comparison filtering
|
|
47
90
|
for (const node of state.partial.nodes) {
|
|
48
91
|
const report = state.securityArchive.get(node.id);
|
|
49
|
-
|
|
92
|
+
// Skip if report is undefined
|
|
93
|
+
// (should never happen since we filtered above)
|
|
94
|
+
/* c8 ignore next - impossible */
|
|
95
|
+
if (!report)
|
|
96
|
+
continue;
|
|
97
|
+
// At this point we know report exists and has alerts
|
|
98
|
+
let exclude = true;
|
|
99
|
+
if (comparator) {
|
|
100
|
+
// Get the value to compare against
|
|
101
|
+
const kindLevel = kindLevelMap.get(kind);
|
|
102
|
+
/* c8 ignore next - impossible */
|
|
103
|
+
if (kindLevel === undefined)
|
|
104
|
+
break;
|
|
105
|
+
// For each alert, check if it matches the comparison criteria
|
|
106
|
+
let matchesComparison = false;
|
|
107
|
+
for (const alert of report.alerts) {
|
|
108
|
+
// Get the alert type
|
|
109
|
+
const alertType = alert.type;
|
|
110
|
+
// Find the corresponding kind for this alert type
|
|
111
|
+
const alertLevelKey = [...kindsMap.entries()].find(([_, value]) => value === alertType)?.[0];
|
|
112
|
+
if (alertLevelKey) {
|
|
113
|
+
// Get the numeric level for this alert
|
|
114
|
+
const alertLevel = kindLevelMap.get(alertLevelKey);
|
|
115
|
+
/* c8 ignore next - impossible */
|
|
116
|
+
if (alertLevel === undefined)
|
|
117
|
+
continue;
|
|
118
|
+
// Apply the comparison based on the comparator
|
|
119
|
+
switch (comparator) {
|
|
120
|
+
case '>':
|
|
121
|
+
if (alertLevel > kindLevel) {
|
|
122
|
+
matchesComparison = true;
|
|
123
|
+
}
|
|
124
|
+
break;
|
|
125
|
+
case '<':
|
|
126
|
+
if (alertLevel < kindLevel) {
|
|
127
|
+
matchesComparison = true;
|
|
128
|
+
}
|
|
129
|
+
break;
|
|
130
|
+
case '>=':
|
|
131
|
+
if (alertLevel >= kindLevel) {
|
|
132
|
+
matchesComparison = true;
|
|
133
|
+
}
|
|
134
|
+
break;
|
|
135
|
+
case '<=':
|
|
136
|
+
if (alertLevel <= kindLevel) {
|
|
137
|
+
matchesComparison = true;
|
|
138
|
+
}
|
|
139
|
+
break;
|
|
140
|
+
}
|
|
141
|
+
// If we found a match, we can stop checking other alerts
|
|
142
|
+
if (matchesComparison)
|
|
143
|
+
break;
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
// Exclude the node if it doesn't match the comparison
|
|
147
|
+
exclude = !matchesComparison;
|
|
148
|
+
}
|
|
149
|
+
else {
|
|
150
|
+
// Original exact match behavior
|
|
151
|
+
const alertName = kindsMap.get(kind);
|
|
152
|
+
exclude = !report.alerts.some(alert => alert.type === alertName);
|
|
153
|
+
}
|
|
50
154
|
if (exclude) {
|
|
51
155
|
removeNode(state, node);
|
|
52
156
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"squat.js","sourceRoot":"","sources":["../../../src/pseudo/squat.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,mBAAmB,EACnB,UAAU,EACV,YAAY,GACb,MAAM,cAAc,CAAA;AASrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAA8B;IACpD,CAAC,UAAU,EAAE,YAAY,CAAC;IAC1B,CAAC,QAAQ,EAAE,eAAe,CAAC;IAC3B,CAAC,GAAG,EAAE,YAAY,CAAC;IACnB,CAAC,GAAG,EAAE,eAAe,CAAC;IACtB,CAAC,SAAS,EAAE,SAAS,CAAC;CACvB,CAAC,CAAA;AACF,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;AAEtC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAuB,EAAE,CACjE,KAAK,CAAC,GAAG,CAAC,KAAmB,CAAC,CAAA;AAEhC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAc,EAAE;IACxD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,CAAC,6BAA6B,EAAE;YACzC,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EACE,EAAE;IACxB,IAAI,IAAgB,CAAA;IAEpB,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,IAAI,GAAG,WAAW,CAChB,YAAY,CACV,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CACF,CAAA;IACH,CAAC;SAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;QACD,IAAI,GAAG,WAAW,CAChB,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAC9D,CAAA;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAA;AACjB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IAChD,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,iDAAiD;YAC/C,8BAA8B,CACjC,CAAA;IACH,CAAC;IAED,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAC/C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,iCAAiC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAA;IAC1B,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACpC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAClC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAClC,CAAA;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import { error } from '@vltpkg/error-cause'\nimport {\n asPostcssNodeWithChildren,\n asStringNode,\n asTagNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport {\n removeDanglingEdges,\n removeNode,\n removeQuotes,\n} from './helpers.ts'\n\nexport type SquatKinds = '0' | '2' | 'critical' | 'medium' | undefined\n\nexport type SquatAlertTypes =\n | 'didYouMean'\n | 'gptDidYouMean'\n | undefined\n\nconst kindsMap = new Map<SquatKinds, SquatAlertTypes>([\n ['critical', 'didYouMean'],\n ['medium', 'gptDidYouMean'],\n ['0', 'didYouMean'],\n ['2', 'gptDidYouMean'],\n [undefined, undefined],\n])\nconst kinds = new Set(kindsMap.keys())\n\nexport const isSquatKind = (value?: string): value is SquatKinds =>\n kinds.has(value as SquatKinds)\n\nexport const asSquatKind = (value?: string): SquatKinds => {\n if (!isSquatKind(value)) {\n throw error('Expected a valid squat kind', {\n found: value,\n validOptions: Array.from(kinds),\n })\n }\n return value\n}\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n): { kind: SquatKinds } => {\n let kind: SquatKinds\n\n if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {\n kind = asSquatKind(\n removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n ),\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n kind = asSquatKind(\n asTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0]).value,\n )\n }\n\n return { kind }\n}\n\nexport const squat = async (state: ParserState) => {\n if (!state.securityArchive) {\n throw new Error(\n 'Missing security archive while trying to parse ' +\n 'the :squat security selector',\n )\n }\n\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n )\n } catch (err) {\n throw error('Failed to parse :squat selector', { cause: err })\n }\n\n const { kind } = internals\n const alertName = kindsMap.get(kind)\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n const exclude = !report?.alerts.some(\n alert => alert.type === alertName,\n )\n if (exclude) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
|
1
|
+
{"version":3,"file":"squat.js","sourceRoot":"","sources":["../../../src/pseudo/squat.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAC3C,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,SAAS,GACV,MAAM,aAAa,CAAA;AAEpB,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,UAAU,EACV,YAAY,GACb,MAAM,cAAc,CAAA;AAWrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAA8B;IACpD,CAAC,UAAU,EAAE,YAAY,CAAC;IAC1B,CAAC,QAAQ,EAAE,eAAe,CAAC;IAC3B,CAAC,GAAG,EAAE,YAAY,CAAC;IACnB,CAAC,GAAG,EAAE,eAAe,CAAC;IACtB,CAAC,SAAS,EAAE,SAAS,CAAC;CACvB,CAAC,CAAA;AAEF,2EAA2E;AAC3E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAqB;IAC/C,CAAC,UAAU,EAAE,CAAC,CAAC;IACf,CAAC,QAAQ,EAAE,CAAC,CAAC;IACb,CAAC,GAAG,EAAE,CAAC,CAAC;IACR,CAAC,GAAG,EAAE,CAAC,CAAC;CACT,CAAC,CAAA;AAEF,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;AAEtC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAuB,EAAE,CACjE,KAAK,CAAC,GAAG,CAAC,KAAmB,CAAC,CAAA;AAEhC,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,KAAc,EAAc,EAAE;IACxD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,CAAC,6BAA6B,EAAE;YACzC,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,KAAoB,EAIpB,EAAE;IACF,IAAI,IAAgB,CAAA;IACpB,IAAI,UAA2B,CAAA;IAE/B,IAAI,SAAS,GAAG,EAAE,CAAA;IAClB,IAAI,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,SAAS,GAAG,YAAY,CACtB,YAAY,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;aACvD,KAAK,CACT,CAAA;IACH,CAAC;SAAM,IACL,SAAS,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EACvD,CAAC;QACD,SAAS,GAAG,SAAS,CACnB,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAC7C,CAAC,KAAK,CAAA;IACT,CAAC;IAED,gCAAgC;IAChC,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,UAAU,GAAG,IAAI,CAAA;QACjB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,UAAU,GAAG,IAAI,CAAA;QACjB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,UAAU,GAAG,GAAG,CAAA;QAChB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,UAAU,GAAG,GAAG,CAAA;QAChB,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IACpC,CAAC;IAED,mBAAmB;IACnB,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,IAAI,GAAG,SAAS,CAAA;QAClB,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC,4CAA4C,EAAE;gBACxD,KAAK,EAAE,SAAS;gBAChB,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aAChC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAA;AAC7B,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IAChD,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAErC,IAAI,SAAS,CAAA;IACb,IAAI,CAAC;QACH,SAAS,GAAG,cAAc,CACxB,yBAAyB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAC/C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,iCAAiC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,SAAS,CAAA;IAEtC,iDAAiD;IACjD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjD,+DAA+D;QAC/D,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClD,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAEjD,8BAA8B;QAC9B,gDAAgD;QAChD,iCAAiC;QACjC,IAAI,CAAC,MAAM;YAAE,SAAQ;QAErB,qDAAqD;QACrD,IAAI,OAAO,GAAG,IAAI,CAAA;QAElB,IAAI,UAAU,EAAE,CAAC;YACf,mCAAmC;YACnC,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACxC,iCAAiC;YACjC,IAAI,SAAS,KAAK,SAAS;gBAAE,MAAK;YAElC,8DAA8D;YAC9D,IAAI,iBAAiB,GAAG,KAAK,CAAA;YAC7B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,qBAAqB;gBACrB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAA;gBAE5B,kDAAkD;gBAClD,MAAM,aAAa,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAChD,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CACpC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEN,IAAI,aAAa,EAAE,CAAC;oBAClB,uCAAuC;oBACvC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;oBAClD,iCAAiC;oBACjC,IAAI,UAAU,KAAK,SAAS;wBAAE,SAAQ;oBAEtC,+CAA+C;oBAC/C,QAAQ,UAAU,EAAE,CAAC;wBACnB,KAAK,GAAG;4BACN,IAAI,UAAU,GAAG,SAAS,EAAE,CAAC;gCAC3B,iBAAiB,GAAG,IAAI,CAAA;4BAC1B,CAAC;4BACD,MAAK;wBACP,KAAK,GAAG;4BACN,IAAI,UAAU,GAAG,SAAS,EAAE,CAAC;gCAC3B,iBAAiB,GAAG,IAAI,CAAA;4BAC1B,CAAC;4BACD,MAAK;wBACP,KAAK,IAAI;4BACP,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;gCAC5B,iBAAiB,GAAG,IAAI,CAAA;4BAC1B,CAAC;4BACD,MAAK;wBACP,KAAK,IAAI;4BACP,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;gCAC5B,iBAAiB,GAAG,IAAI,CAAA;4BAC1B,CAAC;4BACD,MAAK;oBACT,CAAC;oBAED,yDAAyD;oBACzD,IAAI,iBAAiB;wBAAE,MAAK;gBAC9B,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,OAAO,GAAG,CAAC,iBAAiB,CAAA;QAC9B,CAAC;aAAM,CAAC;YACN,gCAAgC;YAChC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACpC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAA;QAClE,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import { error } from '@vltpkg/error-cause'\nimport {\n asPostcssNodeWithChildren,\n asStringNode,\n asTagNode,\n isStringNode,\n isTagNode,\n} from '../types.ts'\nimport type { ParserState, PostcssNode } from '../types.ts'\nimport {\n assertSecurityArchive,\n removeDanglingEdges,\n removeNode,\n removeQuotes,\n} from './helpers.ts'\n\nexport type SquatKinds = '0' | '2' | 'critical' | 'medium' | undefined\n\nexport type SquatAlertTypes =\n | 'didYouMean'\n | 'gptDidYouMean'\n | undefined\n\nexport type SquatComparator = '>' | '<' | '>=' | '<=' | undefined\n\nconst kindsMap = new Map<SquatKinds, SquatAlertTypes>([\n ['critical', 'didYouMean'],\n ['medium', 'gptDidYouMean'],\n ['0', 'didYouMean'],\n ['2', 'gptDidYouMean'],\n [undefined, undefined],\n])\n\n// Map numerical values to their respective kinds for comparison operations\nconst kindLevelMap = new Map<SquatKinds, number>([\n ['critical', 0],\n ['medium', 2],\n ['0', 0],\n ['2', 2],\n])\n\nconst kinds = new Set(kindsMap.keys())\n\nexport const isSquatKind = (value?: string): value is SquatKinds =>\n kinds.has(value as SquatKinds)\n\nexport const asSquatKind = (value?: string): SquatKinds => {\n if (!isSquatKind(value)) {\n throw error('Expected a valid squat kind', {\n found: value,\n validOptions: Array.from(kinds),\n })\n }\n return value\n}\n\nexport const parseInternals = (\n nodes: PostcssNode[],\n): {\n kind: SquatKinds\n comparator: SquatComparator\n} => {\n let kind: SquatKinds\n let comparator: SquatComparator\n\n let kindValue = ''\n if (isStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])) {\n kindValue = removeQuotes(\n asStringNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n .value,\n )\n } else if (\n isTagNode(asPostcssNodeWithChildren(nodes[0]).nodes[0])\n ) {\n kindValue = asTagNode(\n asPostcssNodeWithChildren(nodes[0]).nodes[0],\n ).value\n }\n\n // Extract comparator if present\n if (kindValue.startsWith('>=')) {\n comparator = '>='\n kindValue = kindValue.substring(2)\n } else if (kindValue.startsWith('<=')) {\n comparator = '<='\n kindValue = kindValue.substring(2)\n } else if (kindValue.startsWith('>')) {\n comparator = '>'\n kindValue = kindValue.substring(1)\n } else if (kindValue.startsWith('<')) {\n comparator = '<'\n kindValue = kindValue.substring(1)\n }\n\n // Parse kind value\n if (kindValue) {\n if (isSquatKind(kindValue)) {\n kind = kindValue\n } else {\n throw error('Expected a valid squat kind for comparison', {\n found: kindValue,\n validOptions: Array.from(kinds),\n })\n }\n }\n\n return { kind, comparator }\n}\n\nexport const squat = async (state: ParserState) => {\n assertSecurityArchive(state, 'squat')\n\n let internals\n try {\n internals = parseInternals(\n asPostcssNodeWithChildren(state.current).nodes,\n )\n } catch (err) {\n throw error('Failed to parse :squat selector', { cause: err })\n }\n\n const { kind, comparator } = internals\n\n // First pass: Remove nodes without security data\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n // Always exclude nodes that don't have security data or alerts\n if (!report?.alerts || report.alerts.length === 0) {\n removeNode(state, node)\n }\n }\n\n // Second pass: Apply comparison filtering\n for (const node of state.partial.nodes) {\n const report = state.securityArchive.get(node.id)\n\n // Skip if report is undefined\n // (should never happen since we filtered above)\n /* c8 ignore next - impossible */\n if (!report) continue\n\n // At this point we know report exists and has alerts\n let exclude = true\n\n if (comparator) {\n // Get the value to compare against\n const kindLevel = kindLevelMap.get(kind)\n /* c8 ignore next - impossible */\n if (kindLevel === undefined) break\n\n // For each alert, check if it matches the comparison criteria\n let matchesComparison = false\n for (const alert of report.alerts) {\n // Get the alert type\n const alertType = alert.type\n\n // Find the corresponding kind for this alert type\n const alertLevelKey = [...kindsMap.entries()].find(\n ([_, value]) => value === alertType,\n )?.[0]\n\n if (alertLevelKey) {\n // Get the numeric level for this alert\n const alertLevel = kindLevelMap.get(alertLevelKey)\n /* c8 ignore next - impossible */\n if (alertLevel === undefined) continue\n\n // Apply the comparison based on the comparator\n switch (comparator) {\n case '>':\n if (alertLevel > kindLevel) {\n matchesComparison = true\n }\n break\n case '<':\n if (alertLevel < kindLevel) {\n matchesComparison = true\n }\n break\n case '>=':\n if (alertLevel >= kindLevel) {\n matchesComparison = true\n }\n break\n case '<=':\n if (alertLevel <= kindLevel) {\n matchesComparison = true\n }\n break\n }\n\n // If we found a match, we can stop checking other alerts\n if (matchesComparison) break\n }\n }\n\n // Exclude the node if it doesn't match the comparison\n exclude = !matchesComparison\n } else {\n // Original exact match behavior\n const alertName = kindsMap.get(kind)\n exclude = !report.alerts.some(alert => alert.type === alertName)\n }\n\n if (exclude) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **suspiciousStarActivity** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const suspicious: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const suspicious: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=suspicious.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"suspicious.d.ts","sourceRoot":"","sources":["../../../src/pseudo/suspicious.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,UAAU,
|
|
1
|
+
{"version":3,"file":"suspicious.d.ts","sourceRoot":"","sources":["../../../src/pseudo/suspicious.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,UAAU;;EAGtB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **telemetry** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const tracker: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const tracker: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=tracker.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../../src/pseudo/tracker.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../../src/pseudo/tracker.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO;;EAGnB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **trivialPackage** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const trivial: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const trivial: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=trivial.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"trivial.d.ts","sourceRoot":"","sources":["../../../src/pseudo/trivial.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"trivial.d.ts","sourceRoot":"","sources":["../../../src/pseudo/trivial.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO;;EAGnB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **troll** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const undesirable: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const undesirable: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=undesirable.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"undesirable.d.ts","sourceRoot":"","sources":["../../../src/pseudo/undesirable.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"undesirable.d.ts","sourceRoot":"","sources":["../../../src/pseudo/undesirable.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,WAAW;;EAGvB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **newAuthor** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const unknown: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const unknown: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=unknown.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unknown.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unknown.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"unknown.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unknown.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,OAAO;;EAGnB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **unmaintained** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const unmaintained: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const unmaintained: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=unmaintained.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unmaintained.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unmaintained.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,YAAY,
|
|
1
|
+
{"version":3,"file":"unmaintained.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unmaintained.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,YAAY;;EAGxB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **unpopularPackage** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const unpopular: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const unpopular: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=unpopular.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unpopular.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unpopular.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,SAAS,
|
|
1
|
+
{"version":3,"file":"unpopular.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unpopular.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,SAAS;;EAGrB,CAAA"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Filters out any node that does not have a **unstableOwnership** report alert.
|
|
3
3
|
*/
|
|
4
|
-
export declare const unstable: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState
|
|
4
|
+
export declare const unstable: (state: import("../types.ts").ParserState) => Promise<import("../types.ts").ParserState & {
|
|
5
|
+
securityArchive: NonNullable<import("../types.ts").ParserState["securityArchive"]>;
|
|
6
|
+
}>;
|
|
5
7
|
//# sourceMappingURL=unstable.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unstable.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unstable.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,QAAQ,
|
|
1
|
+
{"version":3,"file":"unstable.d.ts","sourceRoot":"","sources":["../../../src/pseudo/unstable.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,QAAQ;;EAGpB,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace.d.ts","sourceRoot":"","sources":["../../../src/pseudo/workspace.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAG9C;;GAEG;AACH,eAAO,MAAM,SAAS,UAAiB,WAAW,yBAWjD,CAAA"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { removeDanglingEdges, removeNode } from "./helpers.js";
|
|
2
|
+
/**
|
|
3
|
+
* :workspace Pseudo-Selector will only match workspace dependencies.
|
|
4
|
+
*/
|
|
5
|
+
export const workspace = async (state) => {
|
|
6
|
+
// Filter out the root node and any nodes that are not marked as workspaces
|
|
7
|
+
for (const node of state.partial.nodes) {
|
|
8
|
+
if (!node.importer || node.mainImporter) {
|
|
9
|
+
removeNode(state, node);
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
removeDanglingEdges(state);
|
|
13
|
+
return state;
|
|
14
|
+
};
|
|
15
|
+
//# sourceMappingURL=workspace.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace.js","sourceRoot":"","sources":["../../../src/pseudo/workspace.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAE9D;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,EAAE,KAAkB,EAAE,EAAE;IACpD,2EAA2E;IAC3E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAE1B,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["import type { ParserState } from '../types.ts'\nimport { removeDanglingEdges, removeNode } from './helpers.ts'\n\n/**\n * :workspace Pseudo-Selector will only match workspace dependencies.\n */\nexport const workspace = async (state: ParserState) => {\n // Filter out the root node and any nodes that are not marked as workspaces\n for (const node of state.partial.nodes) {\n if (!node.importer || node.mainImporter) {\n removeNode(state, node)\n }\n }\n\n removeDanglingEdges(state)\n\n return state\n}\n"]}
|
package/dist/esm/pseudo.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pseudo.d.ts","sourceRoot":"","sources":["../../src/pseudo.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pseudo.d.ts","sourceRoot":"","sources":["../../src/pseudo.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAY,WAAW,EAAE,MAAM,YAAY,CAAA;AAgXvD;;GAEG;AACH,eAAO,MAAM,MAAM,UAAiB,WAAW,yBAiB9C,CAAA"}
|
package/dist/esm/pseudo.js
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { splitDepID } from '@vltpkg/dep-id/browser';
|
|
2
2
|
import { error } from '@vltpkg/error-cause';
|
|
3
|
-
import { asManifest } from '@vltpkg/types';
|
|
4
3
|
import { removeDanglingEdges, removeNode } from "./pseudo/helpers.js";
|
|
5
4
|
import { asPostcssNodeWithChildren, asPseudoNode, asTagNode, isSelectorNode, } from "./types.js";
|
|
6
5
|
// imported pseudo selectors
|
|
@@ -11,18 +10,29 @@ import { cve } from "./pseudo/cve.js";
|
|
|
11
10
|
import { cwe } from "./pseudo/cwe.js";
|
|
12
11
|
import { debug } from "./pseudo/debug.js";
|
|
13
12
|
import { deprecated } from "./pseudo/deprecated.js";
|
|
13
|
+
import { dev } from "./pseudo/dev.js";
|
|
14
14
|
import { dynamic } from "./pseudo/dynamic.js";
|
|
15
|
+
import { empty } from "./pseudo/empty.js";
|
|
15
16
|
import { entropic } from "./pseudo/entropic.js";
|
|
16
17
|
import { env } from "./pseudo/env.js";
|
|
17
18
|
import { evalParser } from "./pseudo/eval.js";
|
|
18
19
|
import { fs } from "./pseudo/fs.js";
|
|
19
20
|
import { license } from "./pseudo/license.js";
|
|
21
|
+
import { link } from "./pseudo/link.js";
|
|
20
22
|
import { malware } from "./pseudo/malware.js";
|
|
21
23
|
import { minified } from "./pseudo/minified.js";
|
|
24
|
+
import { missing } from "./pseudo/missing.js";
|
|
22
25
|
import { nativeParser } from "./pseudo/native.js";
|
|
23
26
|
import { network } from "./pseudo/network.js";
|
|
24
27
|
import { obfuscated } from "./pseudo/obfuscated.js";
|
|
28
|
+
import { optional } from "./pseudo/optional.js";
|
|
25
29
|
import { outdated } from "./pseudo/outdated.js";
|
|
30
|
+
import { peer } from "./pseudo/peer.js";
|
|
31
|
+
import { published } from "./pseudo/published.js";
|
|
32
|
+
import { privateParser } from "./pseudo/private.js";
|
|
33
|
+
import { prod } from "./pseudo/prod.js";
|
|
34
|
+
import { scanned } from "./pseudo/scanned.js";
|
|
35
|
+
import { score } from "./pseudo/score.js";
|
|
26
36
|
import { scripts } from "./pseudo/scripts.js";
|
|
27
37
|
import { shell } from "./pseudo/shell.js";
|
|
28
38
|
import { semverParser as semver } from "./pseudo/semver.js";
|
|
@@ -37,17 +47,7 @@ import { unknown } from "./pseudo/unknown.js";
|
|
|
37
47
|
import { unmaintained } from "./pseudo/unmaintained.js";
|
|
38
48
|
import { unpopular } from "./pseudo/unpopular.js";
|
|
39
49
|
import { unstable } from "./pseudo/unstable.js";
|
|
40
|
-
|
|
41
|
-
* :empty Pseudo-Selector, matches only nodes that have no children.
|
|
42
|
-
*/
|
|
43
|
-
const empty = async (state) => {
|
|
44
|
-
for (const node of state.partial.nodes) {
|
|
45
|
-
if (node.edgesOut.size > 0) {
|
|
46
|
-
removeNode(state, node);
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
return state;
|
|
50
|
-
};
|
|
50
|
+
import { workspace } from "./pseudo/workspace.js";
|
|
51
51
|
/**
|
|
52
52
|
* :has Pseudo-Selector, matches only nodes that have valid results
|
|
53
53
|
* for its nested selector expressions.
|
|
@@ -74,6 +74,7 @@ const has = async (state) => {
|
|
|
74
74
|
edges: new Set(state.partial.edges),
|
|
75
75
|
nodes: new Set(state.partial.nodes),
|
|
76
76
|
},
|
|
77
|
+
retries: state.retries,
|
|
77
78
|
securityArchive: state.securityArchive,
|
|
78
79
|
specOptions: state.specOptions,
|
|
79
80
|
});
|
|
@@ -149,6 +150,7 @@ const is = async (state) => {
|
|
|
149
150
|
edges: new Set(state.partial.edges),
|
|
150
151
|
},
|
|
151
152
|
walk: state.walk,
|
|
153
|
+
retries: state.retries,
|
|
152
154
|
securityArchive: state.securityArchive,
|
|
153
155
|
specOptions: state.specOptions,
|
|
154
156
|
});
|
|
@@ -164,19 +166,6 @@ const is = async (state) => {
|
|
|
164
166
|
}
|
|
165
167
|
return state;
|
|
166
168
|
};
|
|
167
|
-
/**
|
|
168
|
-
* :missing Pseudo-Selector, matches only
|
|
169
|
-
* edges that are not linked to any node.
|
|
170
|
-
*/
|
|
171
|
-
const missing = async (state) => {
|
|
172
|
-
for (const edge of state.partial.edges) {
|
|
173
|
-
if (edge.to) {
|
|
174
|
-
state.partial.edges.delete(edge);
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
state.partial.nodes.clear();
|
|
178
|
-
return state;
|
|
179
|
-
};
|
|
180
169
|
/**
|
|
181
170
|
* :not Pseudo-class, serves to create negate expressions, anything that
|
|
182
171
|
* matches selectors declared inside the `:not()` expression is going to be
|
|
@@ -200,6 +189,7 @@ const not = async (state) => {
|
|
|
200
189
|
edges: new Set(state.partial.edges),
|
|
201
190
|
},
|
|
202
191
|
walk: state.walk,
|
|
192
|
+
retries: state.retries,
|
|
203
193
|
securityArchive: state.securityArchive,
|
|
204
194
|
specOptions: state.specOptions,
|
|
205
195
|
});
|
|
@@ -223,19 +213,6 @@ const not = async (state) => {
|
|
|
223
213
|
}
|
|
224
214
|
return state;
|
|
225
215
|
};
|
|
226
|
-
/**
|
|
227
|
-
* :private Pseudo-Selector will only match packages that have
|
|
228
|
-
* a `private: true` key set in their `package.json` metadata.
|
|
229
|
-
*/
|
|
230
|
-
const privateFn = async (state) => {
|
|
231
|
-
for (const node of state.partial.nodes) {
|
|
232
|
-
if (!node.manifest || !asManifest(node.manifest).private) {
|
|
233
|
-
removeNode(state, node);
|
|
234
|
-
}
|
|
235
|
-
}
|
|
236
|
-
removeDanglingEdges(state);
|
|
237
|
-
return state;
|
|
238
|
-
};
|
|
239
216
|
/**
|
|
240
217
|
* :root Pseudo-Element will return the project root node for the graph.
|
|
241
218
|
*/
|
|
@@ -323,6 +300,7 @@ const pseudoSelectors = new Map(Object.entries({
|
|
|
323
300
|
cwe,
|
|
324
301
|
debug,
|
|
325
302
|
deprecated,
|
|
303
|
+
dev,
|
|
326
304
|
dynamic,
|
|
327
305
|
eval: evalParser,
|
|
328
306
|
empty,
|
|
@@ -331,8 +309,8 @@ const pseudoSelectors = new Map(Object.entries({
|
|
|
331
309
|
fs,
|
|
332
310
|
has,
|
|
333
311
|
is,
|
|
334
|
-
// TODO: link
|
|
335
312
|
license,
|
|
313
|
+
link,
|
|
336
314
|
malware,
|
|
337
315
|
minified,
|
|
338
316
|
missing,
|
|
@@ -340,12 +318,18 @@ const pseudoSelectors = new Map(Object.entries({
|
|
|
340
318
|
network,
|
|
341
319
|
not,
|
|
342
320
|
obfuscated,
|
|
321
|
+
optional,
|
|
343
322
|
outdated,
|
|
323
|
+
peer,
|
|
324
|
+
published,
|
|
344
325
|
// TODO: overridden
|
|
345
|
-
private:
|
|
326
|
+
private: privateParser,
|
|
327
|
+
prod,
|
|
346
328
|
project,
|
|
347
329
|
root,
|
|
330
|
+
scanned,
|
|
348
331
|
scope,
|
|
332
|
+
score,
|
|
349
333
|
scripts,
|
|
350
334
|
semver,
|
|
351
335
|
sev: severity,
|
|
@@ -362,6 +346,8 @@ const pseudoSelectors = new Map(Object.entries({
|
|
|
362
346
|
unmaintained,
|
|
363
347
|
unpopular,
|
|
364
348
|
unstable,
|
|
349
|
+
v: semver,
|
|
350
|
+
workspace,
|
|
365
351
|
}));
|
|
366
352
|
/**
|
|
367
353
|
* Parsers the `pseudo` node types.
|
|
@@ -374,7 +360,9 @@ export const pseudo = async (state) => {
|
|
|
374
360
|
if (state.loose) {
|
|
375
361
|
return state;
|
|
376
362
|
}
|
|
377
|
-
throw
|
|
363
|
+
throw error(`Unsupported pseudo-class: ${state.current.value}`, {
|
|
364
|
+
found: state.current,
|
|
365
|
+
});
|
|
378
366
|
}
|
|
379
367
|
return parserFn(state);
|
|
380
368
|
};
|