@vyuhlabs/dxkit 2.3.1 → 2.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -7,6 +7,86 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [2.3.2] - 2026-04-24
11
+
12
+ PM-grade bom reports. The xlsx and markdown outputs both restructure
13
+ around decision-making (what to fix, who to call, what to plan) rather
14
+ than enumeration (here are all the packages, figure it out).
15
+
16
+ ### Added — markdown report
17
+
18
+ - **🎯 Executive Summary** at the top: ship-blocker count, sprint-sized
19
+ finding count (risk ≥ 40), license exposure (copyleft-strong + unknown
20
+ counts), staleness (> 3y old packages), highest-leverage upgrade. One
21
+ screen, written for a PM who needs "can we ship?" without scrolling.
22
+
23
+ - **Reconciliation prose** on "Top-Level Dep Groups" explaining why the
24
+ numbers don't sum to the Summary totals — each CVE is counted once per
25
+ top-level parent it reaches through, by design. "Advisories" column
26
+ renamed to "Rolled-up Advisories" to reinforce the different semantics.
27
+
28
+ ### Added — xlsx report (4-sheet workbook, replaces the single `platform` sheet)
29
+
30
+ 1. **`Executive Summary`** — KV grid on one screen: totals, severity
31
+ breakdown, top ship-blocker, highest-leverage upgrade, license-class
32
+ counts (Permissive / Copyleft weak & strong / Proprietary / Unknown),
33
+ staleness counts, tool provenance.
34
+
35
+ 2. **`Triage`** — top 10 findings ranked by composite riskScore.
36
+ Columns: Priority / Risk / Severity / KEV / Reachable /
37
+ Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
38
+ Rationale.
39
+
40
+ 3. **`Inventory`** — the legacy 15-column customer format (unchanged
41
+ byte-for-byte on cols 1–15) with **4 columns appended** (16–19):
42
+ Risk / KEV / Reachable / EPSS, plus a bonus col 20 for CVSS (max).
43
+ Sort by col 16 desc for the same triage ordering sheet 2 uses.
44
+
45
+ 4. **`License Breakdown`** — pivot: license type × count × risk class ×
46
+ sample packages. Copyleft-strong licenses surface at the top; unknown
47
+ bucket flags licenses the classifier didn't recognise (legitimate
48
+ human-review candidates like `CC-BY-4.0`).
49
+
50
+ ### Added — shared pm-signals module
51
+
52
+ New `src/analyzers/bom/pm-signals.ts` with pure helpers the markdown
53
+ and xlsx renderers both use:
54
+
55
+ - `licenseClass(licenseType)` — SPDX-id → `permissive` | `copyleft-weak` |
56
+ `copyleft-strong` | `proprietary` | `unknown`. Handles compound
57
+ expressions (`MIT OR GPL-3.0` classifies as `copyleft-strong`, the
58
+ stricter class), parenthesised forms (`(Apache-2.0 OR UPL-1.0)`),
59
+ legacy `"MIT license"` / `"Apache 2.0 license"` suffixes, and known
60
+ proprietary markers (`UNLICENSED`, `SEE LICENSE IN ...`).
61
+
62
+ - `stalenessTier(releaseDate)` — `fresh` (< 1y) / `aging` (1–3y) /
63
+ `stale` (≥ 3y) / `unknown`. Injectable `now` for deterministic tests.
64
+
65
+ - `effortEstimate(entry)` — `trivial` (patch bump) / `moderate` (minor
66
+ bump) / `major` (breaking) / `blocked` (no fix available). Derived
67
+ from semver delta; multi-vuln entries escalate to the worst tier seen.
68
+
69
+ Derivations deliberately stay in the renderer layer rather than on
70
+ `DepVulnFinding` / `LicenseFinding` so the analyzer contract is
71
+ unchanged — consumers can re-derive trivially if needed.
72
+
73
+ ### Changed (breaking-ish — see note)
74
+
75
+ - Xlsx sheet layout changed from single `"platform"` sheet to a 4-sheet
76
+ workbook. **Consumers hardcoding sheet name `"platform"` will break.**
77
+ The legacy 15-column layout is preserved byte-for-byte on the renamed
78
+ `"Inventory"` sheet. Appended cols 16–19 are additive.
79
+
80
+ ### Validation
81
+
82
+ - 715 tests passing (+18 pm-signals cases: license class mapping,
83
+ compound expressions, staleness thresholds, effort semver deltas).
84
+ - Typecheck + lint + format + architecture + pre-push CI-mirror gate clean.
85
+ - vyuhlabs-platform smoke: all 4 sheets render correctly, exec summary
86
+ surfaces 3 ship-blockers + 9 sprint-risk findings + pm2 flagged
87
+ copyleft-strong, `@loopback/rest` surfaces as highest-leverage upgrade
88
+ (27 transitive advisories, worst CRITICAL).
89
+
10
90
  ## [2.3.1] - 2026-04-24
11
91
 
12
92
  Patch release fixing three install-robustness issues reported on a
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAOH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,SAAS,CAAC;AAEhE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;0EAMsE;IACtE,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;;;yCAKqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,SAAS,CAAC,CAqDpB;AAiCD;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAoD9F;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAwO1E"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,SAAS,CAAC;AAEhE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;0EAMsE;IACtE,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;;;yCAKqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,SAAS,CAAC,CAqDpB;AAiCD;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAoD9F;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAsP1E"}
@@ -56,6 +56,7 @@ const detect_1 = require("../../detect");
56
56
  const runner_1 = require("../tools/runner");
57
57
  const discovery_1 = require("./discovery");
58
58
  const gather_1 = require("./gather");
59
+ const pm_signals_1 = require("./pm-signals");
59
60
  async function analyzeBom(repoPath, options = {}) {
60
61
  const stack = (0, detect_1.detect)(repoPath);
61
62
  const nested = options.nested ?? true;
@@ -207,6 +208,10 @@ function formatBomReport(report, elapsed) {
207
208
  L.push('');
208
209
  L.push('---');
209
210
  L.push('');
211
+ // Executive Summary — one-screen answer to "what's the state of this
212
+ // repo's deps". Written for a PM / security reviewer who needs to
213
+ // decide "can we ship?" without scrolling.
214
+ writeExecutiveSummaryMd(L, report);
210
215
  // "This Week's Triage" — top advisories by riskScore, rendered
211
216
  // before the summary so the reader sees what to fix *first* above
212
217
  // the statistical overview. Only included when at least one
@@ -289,14 +294,21 @@ function formatBomReport(report, elapsed) {
289
294
  'Sorted by severity, then advisory count — the top row is the single ' +
290
295
  'upgrade that resolves the most critical/highest-volume issues.');
291
296
  L.push('');
297
+ L.push('> **Scope note:** this section walks **transitive** advisories too, so its numbers ' +
298
+ "intentionally don't sum to the Summary totals above. `Rolled-up Advisories` counts " +
299
+ 'each CVE once per top-level parent it reaches through — the same CVE under two ' +
300
+ 'parents is counted twice, because upgrading either parent resolves it. A CRITICAL ' +
301
+ 'here can exist even when zero directly-listed packages are CRITICAL — it means ' +
302
+ 'a transitive dep is critical and upgrading this top-level clears it.');
303
+ L.push('');
292
304
  const SEV_RANK = { critical: 0, high: 1, medium: 2, low: 3 };
293
305
  const sorted = topLevelEntries.sort((a, b) => SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
294
306
  b[1].advisoryCount - a[1].advisoryCount ||
295
307
  a[0].localeCompare(b[0]));
296
308
  const cap = 30;
297
309
  const shown = sorted.slice(0, cap);
298
- L.push('| Worst Severity | Top-Level Dep | Advisories | Vulnerable Packages |');
299
- L.push('|----------------|---------------|-----------:|---------------------|');
310
+ L.push('| Worst Severity | Top-Level Dep | Rolled-up Advisories | Vulnerable Packages |');
311
+ L.push('|----------------|---------------|---------------------:|---------------------|');
300
312
  for (const [top, r] of shown) {
301
313
  const pkgCap = 8;
302
314
  const pkgList = r.packages.length > pkgCap
@@ -393,4 +405,68 @@ function formatBomReport(report, elapsed) {
393
405
  L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*');
394
406
  return L.join('\n');
395
407
  }
408
+ // ─── Executive Summary (top of bom markdown) ────────────────────────────────
409
+ /**
410
+ * One-screen exec summary. Four question-driven lines:
411
+ * 1. Can we ship? (0 blockers if no KEV + high-risk reachable finding)
412
+ * 2. What's the sprint list? (count of risk-tier findings)
413
+ * 3. License compliance exposure? (count of copyleft-strong + unknown)
414
+ * 4. Staleness? (count of deps > 2 years old)
415
+ * Plus the single upgrade with biggest blast-radius win (byTopLevelDep top).
416
+ */
417
+ function writeExecutiveSummaryMd(L, report) {
418
+ const s = report.summary;
419
+ L.push('## 🎯 Executive Summary');
420
+ L.push('');
421
+ // Ship-blockers: Critical or High + (KEV or reachable) — this is the "drop
422
+ // everything" bucket. Anything severe + evidence of real-world risk.
423
+ let shipBlockers = 0;
424
+ let actionable = 0;
425
+ for (const e of report.entries) {
426
+ for (const v of e.vulns) {
427
+ const sev = v.severity === 'critical' || v.severity === 'high';
428
+ const realRisk = v.kev === true || v.reachable === true;
429
+ if (sev && realRisk)
430
+ shipBlockers++;
431
+ if (typeof v.riskScore === 'number' && v.riskScore >= 40)
432
+ actionable++;
433
+ }
434
+ }
435
+ const blockerLine = shipBlockers === 0
436
+ ? '✅ **0 ship-blockers** (no critical/high advisories are KEV-listed AND reachable)'
437
+ : `🚫 **${shipBlockers} ship-blocker${shipBlockers === 1 ? '' : 's'}** — critical/high severity + (KEV or reachable). See "This Week's Triage" below.`;
438
+ L.push(`- ${blockerLine}`);
439
+ L.push(`- 🔥 **${actionable} finding${actionable === 1 ? '' : 's'} for this sprint** (risk score ≥ 40)`);
440
+ // License exposure
441
+ const licByClass = new Map();
442
+ for (const e of report.entries) {
443
+ const c = (0, pm_signals_1.licenseClass)(e.licenseType);
444
+ licByClass.set(c, (licByClass.get(c) ?? 0) + 1);
445
+ }
446
+ const strong = licByClass.get('copyleft-strong') ?? 0;
447
+ const unknownLic = licByClass.get('unknown') ?? 0;
448
+ const licBits = [];
449
+ if (strong > 0)
450
+ licBits.push(`${strong} copyleft-strong (review obligations)`);
451
+ if (unknownLic > 0)
452
+ licBits.push(`${unknownLic} unknown (needs classification)`);
453
+ L.push(`- 📜 **License exposure:** ${licBits.length > 0 ? licBits.join('; ') : 'all permissive — no action needed'}`);
454
+ // Staleness
455
+ const now = new Date();
456
+ const staleCount = report.entries.filter((e) => (0, pm_signals_1.stalenessTier)(e.releaseDate, now) === 'stale').length;
457
+ L.push(`- 🗓️ **Staleness:** ${staleCount} package${staleCount === 1 ? '' : 's'} released > 3 years ago`);
458
+ // Highest-leverage upgrade
459
+ const rollup = Object.entries(s.byTopLevelDep).sort((a, b) => {
460
+ const SEV_RANK = { critical: 0, high: 1, medium: 2, low: 3 };
461
+ return (SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
462
+ b[1].advisoryCount - a[1].advisoryCount);
463
+ });
464
+ if (rollup.length > 0) {
465
+ const [name, r] = rollup[0];
466
+ L.push(`- 🎯 **Highest-leverage upgrade:** \`${name}\` — resolves up to ${r.advisoryCount} transitive advisor${r.advisoryCount === 1 ? 'y' : 'ies'} (worst ${SEV_BADGE[r.maxSeverity]})`);
467
+ }
468
+ L.push('');
469
+ L.push('---');
470
+ L.push('');
471
+ }
396
472
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCH,gCAwDC;AAgED,0CAoDC;AAED,0CAwOC;AApbD,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AA0BhF,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QAChF,CAAC,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QAChF,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiCH,gCAwDC;AAgED,0CAoDC;AAED,0CAsPC;AAncD,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AACvF,6CAA8E;AA0BvE,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,qEAAqE;IACrE,kEAAkE;IAClE,2CAA2C;IAC3C,uBAAuB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEnC,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,qFAAqF;YACrF,iFAAiF;YACjF,oFAAoF;YACpF,iFAAiF;YACjF,sEAAsE,CACzE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,CAAW,EAAE,MAAiB;IAC7D,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC;YACxD,IAAI,GAAG,IAAI,QAAQ;gBAAE,YAAY,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE;gBAAE,UAAU,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GACf,YAAY,KAAK,CAAC;QAChB,CAAC,CAAC,kFAAkF;QACpF,CAAC,CAAC,QAAQ,YAAY,gBAAgB,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,mFAAmF,CAAC;IAC3J,CAAC,CAAC,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC,CAAC;IAE3B,CAAC,CAAC,IAAI,CACJ,UAAU,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,sCAAsC,CACjG,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,uCAAuC,CAAC,CAAC;IAC/E,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,iCAAiC,CAAC,CAAC;IACjF,CAAC,CAAC,IAAI,CACJ,8BAA8B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mCAAmC,EAAE,CAC9G,CAAC;IAEF,YAAY;IACZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,OAAO,CACrD,CAAC,MAAM,CAAC;IACT,CAAC,CAAC,IAAI,CACJ,wBAAwB,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,yBAAyB,CAClG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CACxC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC,CAAC,IAAI,CACJ,wCAAwC,IAAI,uBAAuB,CAAC,CAAC,aAAa,sBAAsB,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAClL,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACb,CAAC"}
@@ -0,0 +1,63 @@
1
+ /**
2
+ * PM-oriented derived signals for bom renderers (2.3.2).
3
+ *
4
+ * Pure helpers that project raw finding fields into categorical
5
+ * signals a non-technical reviewer can sort/filter/decide on without
6
+ * domain expertise:
7
+ *
8
+ * - `licenseClass(licenseType)` — SPDX-id → permissive / copyleft-
9
+ * weak / copyleft-strong / proprietary / unknown. Lets a PM
10
+ * filter the inventory for "anything I need a lawyer to sign off".
11
+ *
12
+ * - `stalenessTier(releaseDate)` — ISO date → fresh (< 1y) / aging
13
+ * (1–3y) / stale (≥ 3y). Lets a PM see deps that may no longer
14
+ * be maintained without knowing semver or npm-registry API.
15
+ *
16
+ * - `effortEstimate(entry)` — packs the entry's upgrade path into
17
+ * trivial / moderate / major / blocked. Derived from
18
+ * installedVersion → fixedVersion semver delta or "no fix available".
19
+ * Helps scope sprint commitments.
20
+ *
21
+ * These deliberately live OUTSIDE `capabilities/types.ts` so the
22
+ * finding types stay the analyzer contract and these are strictly
23
+ * rendering helpers. If downstream consumers later need them in the
24
+ * JSON output, they can be promoted to type fields in a minor bump.
25
+ */
26
+ import type { BomEntry } from './types';
27
+ export type LicenseClass = 'permissive' | 'copyleft-weak' | 'copyleft-strong' | 'proprietary' | 'unknown';
28
+ /**
29
+ * Classify a license string from a `LicenseFinding`. Accepts raw SPDX
30
+ * ids, compound expressions (`"MIT OR Apache-2.0"` — classifies by the
31
+ * first recognised token), and human-readable variants. Unrecognised
32
+ * input returns `'unknown'` so the caller can surface the raw string
33
+ * for human review.
34
+ */
35
+ export declare function licenseClass(licenseType: string | undefined): LicenseClass;
36
+ export type StalenessTier = 'fresh' | 'aging' | 'stale' | 'unknown';
37
+ /**
38
+ * Classify package freshness from an ISO-8601 release date. Threshold
39
+ * picked for PM sensibility: "< 1 year" is current, "1–3 years" starts
40
+ * getting stale, "≥ 3 years" warrants a "still maintained?" conversation.
41
+ *
42
+ * `now` is injectable so tests don't drift over time.
43
+ */
44
+ export declare function stalenessTier(releaseDate: string | undefined, now?: Date): StalenessTier;
45
+ export type EffortEstimate = 'trivial' | 'moderate' | 'major' | 'blocked';
46
+ /**
47
+ * Estimate the effort to remediate a vulnerable package.
48
+ *
49
+ * - `blocked`: no advisory has a `fixedVersion` → requires a drop-in
50
+ * replacement or living-with-it exception.
51
+ * - `trivial`: every advisory's fix is a patch-version bump (same
52
+ * major+minor). Low-risk npm install away.
53
+ * - `moderate`: fix is a minor-version bump (same major). API-additive;
54
+ * contract-stable but light testing warranted.
55
+ * - `major`: fix is a major-version bump. Potential breaking changes;
56
+ * read the changelog before committing.
57
+ *
58
+ * Extracts semver by numeric parse of the first three dotted components
59
+ * (strips a leading `v` Go-style). Non-parseable or multi-vuln mixtures
60
+ * escalate to the highest effort tier seen.
61
+ */
62
+ export declare function effortEstimate(entry: BomEntry): EffortEstimate;
63
+ //# sourceMappingURL=pm-signals.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pm-signals.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/pm-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAIxC,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,eAAe,GACf,iBAAiB,GACjB,aAAa,GACb,SAAS,CAAC;AAuDd;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,GAAG,YAAY,CAgC1E;AAID,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAC;AAIpE;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,GAAG,GAAE,IAAiB,GACrB,aAAa,CAQf;AAID,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAE1E;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,cAAc,CAqB9D"}
@@ -0,0 +1,200 @@
1
+ "use strict";
2
+ /**
3
+ * PM-oriented derived signals for bom renderers (2.3.2).
4
+ *
5
+ * Pure helpers that project raw finding fields into categorical
6
+ * signals a non-technical reviewer can sort/filter/decide on without
7
+ * domain expertise:
8
+ *
9
+ * - `licenseClass(licenseType)` — SPDX-id → permissive / copyleft-
10
+ * weak / copyleft-strong / proprietary / unknown. Lets a PM
11
+ * filter the inventory for "anything I need a lawyer to sign off".
12
+ *
13
+ * - `stalenessTier(releaseDate)` — ISO date → fresh (< 1y) / aging
14
+ * (1–3y) / stale (≥ 3y). Lets a PM see deps that may no longer
15
+ * be maintained without knowing semver or npm-registry API.
16
+ *
17
+ * - `effortEstimate(entry)` — packs the entry's upgrade path into
18
+ * trivial / moderate / major / blocked. Derived from
19
+ * installedVersion → fixedVersion semver delta or "no fix available".
20
+ * Helps scope sprint commitments.
21
+ *
22
+ * These deliberately live OUTSIDE `capabilities/types.ts` so the
23
+ * finding types stay the analyzer contract and these are strictly
24
+ * rendering helpers. If downstream consumers later need them in the
25
+ * JSON output, they can be promoted to type fields in a minor bump.
26
+ */
27
+ Object.defineProperty(exports, "__esModule", { value: true });
28
+ exports.licenseClass = licenseClass;
29
+ exports.stalenessTier = stalenessTier;
30
+ exports.effortEstimate = effortEstimate;
31
+ /** Known-permissive SPDX ids. Matching is forgiving — `MIT`, `MIT license`,
32
+ * `MIT (fork)` all map to the same class. Bench xlsx was full of
33
+ * human-readable suffixes; this logic normalises them away. */
34
+ const PERMISSIVE = new Set([
35
+ 'mit',
36
+ 'mit-0',
37
+ 'apache-2.0',
38
+ 'apache 2.0',
39
+ 'apache-1.1',
40
+ 'bsd',
41
+ 'bsd-2-clause',
42
+ 'bsd-3-clause',
43
+ 'bsd-3-clause-clear',
44
+ '0bsd',
45
+ 'isc',
46
+ 'zlib',
47
+ 'unlicense',
48
+ 'cc0-1.0',
49
+ 'wtfpl',
50
+ 'python-2.0',
51
+ 'python',
52
+ 'psf-2.0',
53
+ 'artistic-2.0',
54
+ 'artistic-1.0',
55
+ 'boost',
56
+ 'bsl-1.0',
57
+ 'upl-1.0', // Universal Permissive License
58
+ ]);
59
+ const COPYLEFT_STRONG = new Set([
60
+ 'gpl-2.0',
61
+ 'gpl-3.0',
62
+ 'gpl',
63
+ 'agpl-3.0',
64
+ 'agpl-1.0',
65
+ 'agpl',
66
+ 'sspl-1.0',
67
+ ]);
68
+ const COPYLEFT_WEAK = new Set([
69
+ 'lgpl-2.1',
70
+ 'lgpl-3.0',
71
+ 'lgpl',
72
+ 'mpl-1.1',
73
+ 'mpl-2.0',
74
+ 'epl-1.0',
75
+ 'epl-2.0',
76
+ 'cddl-1.0',
77
+ 'cddl-1.1',
78
+ ]);
79
+ const PROPRIETARY_MARKERS = ['UNLICENSED', 'SEE LICENSE IN', 'PROPRIETARY', 'COMMERCIAL'];
80
+ /**
81
+ * Classify a license string from a `LicenseFinding`. Accepts raw SPDX
82
+ * ids, compound expressions (`"MIT OR Apache-2.0"` — classifies by the
83
+ * first recognised token), and human-readable variants. Unrecognised
84
+ * input returns `'unknown'` so the caller can surface the raw string
85
+ * for human review.
86
+ */
87
+ function licenseClass(licenseType) {
88
+ if (!licenseType || licenseType === 'UNKNOWN' || licenseType.trim().length === 0) {
89
+ return 'unknown';
90
+ }
91
+ const upper = licenseType.toUpperCase();
92
+ for (const marker of PROPRIETARY_MARKERS) {
93
+ if (upper.includes(marker))
94
+ return 'proprietary';
95
+ }
96
+ // Compound expressions: split on OR/AND, classify each, take the
97
+ // strictest class (copyleft > permissive > unknown). Prevents an
98
+ // `MIT OR GPL-3.0` from reading as harmless MIT when the user can
99
+ // also be tied to GPL obligations. Strip surrounding punctuation
100
+ // (parens/brackets) that license-checker sometimes emits on
101
+ // compound expressions like `(Apache-2.0 OR UPL-1.0)`.
102
+ const cleaned = licenseType.replace(/[()[\]{}]/g, ' ').trim();
103
+ const tokens = cleaned
104
+ .split(/\s+(?:OR|AND|\/|\|)\s+|\s+license\s*$/i)
105
+ .map((t) => t
106
+ .trim()
107
+ .toLowerCase()
108
+ .replace(/^apache\s+/, 'apache-')
109
+ .replace(/\s+/g, '-'))
110
+ .filter(Boolean);
111
+ let worst = 'unknown';
112
+ for (const norm of tokens) {
113
+ if (COPYLEFT_STRONG.has(norm))
114
+ return 'copyleft-strong';
115
+ if (COPYLEFT_WEAK.has(norm))
116
+ worst = 'copyleft-weak';
117
+ else if (PERMISSIVE.has(norm) && worst === 'unknown')
118
+ worst = 'permissive';
119
+ }
120
+ return worst;
121
+ }
122
+ const YEAR_MS = 365 * 24 * 60 * 60 * 1000;
123
+ /**
124
+ * Classify package freshness from an ISO-8601 release date. Threshold
125
+ * picked for PM sensibility: "< 1 year" is current, "1–3 years" starts
126
+ * getting stale, "≥ 3 years" warrants a "still maintained?" conversation.
127
+ *
128
+ * `now` is injectable so tests don't drift over time.
129
+ */
130
+ function stalenessTier(releaseDate, now = new Date()) {
131
+ if (!releaseDate)
132
+ return 'unknown';
133
+ const t = Date.parse(releaseDate);
134
+ if (Number.isNaN(t))
135
+ return 'unknown';
136
+ const ageMs = now.getTime() - t;
137
+ if (ageMs < YEAR_MS)
138
+ return 'fresh';
139
+ if (ageMs < 3 * YEAR_MS)
140
+ return 'aging';
141
+ return 'stale';
142
+ }
143
+ /**
144
+ * Estimate the effort to remediate a vulnerable package.
145
+ *
146
+ * - `blocked`: no advisory has a `fixedVersion` → requires a drop-in
147
+ * replacement or living-with-it exception.
148
+ * - `trivial`: every advisory's fix is a patch-version bump (same
149
+ * major+minor). Low-risk npm install away.
150
+ * - `moderate`: fix is a minor-version bump (same major). API-additive;
151
+ * contract-stable but light testing warranted.
152
+ * - `major`: fix is a major-version bump. Potential breaking changes;
153
+ * read the changelog before committing.
154
+ *
155
+ * Extracts semver by numeric parse of the first three dotted components
156
+ * (strips a leading `v` Go-style). Non-parseable or multi-vuln mixtures
157
+ * escalate to the highest effort tier seen.
158
+ */
159
+ function effortEstimate(entry) {
160
+ if (entry.vulns.length === 0)
161
+ return 'trivial'; // unreachable under normal rendering
162
+ const installed = parseSemverTriple(entry.version);
163
+ let worst = 'trivial';
164
+ let anyFixMissing = false;
165
+ for (const v of entry.vulns) {
166
+ if (!v.fixedVersion) {
167
+ anyFixMissing = true;
168
+ continue;
169
+ }
170
+ const fix = parseSemverTriple(v.fixedVersion);
171
+ if (!installed || !fix) {
172
+ worst = worstOf(worst, 'major');
173
+ continue;
174
+ }
175
+ if (fix[0] > installed[0])
176
+ worst = worstOf(worst, 'major');
177
+ else if (fix[1] > installed[1])
178
+ worst = worstOf(worst, 'moderate');
179
+ // patch bumps or lower stay 'trivial'
180
+ }
181
+ if (anyFixMissing)
182
+ return 'blocked';
183
+ return worst;
184
+ }
185
+ function parseSemverTriple(v) {
186
+ const stripped = v.replace(/^v/, '');
187
+ const parts = stripped.split(/[.+-]/).slice(0, 3).map(Number);
188
+ if (parts.length < 3 || parts.some(Number.isNaN))
189
+ return null;
190
+ return parts;
191
+ }
192
+ function worstOf(a, b) {
193
+ const rank = {
194
+ trivial: 0,
195
+ moderate: 1,
196
+ major: 2,
197
+ };
198
+ return rank[a] >= rank[b] ? a : b;
199
+ }
200
+ //# sourceMappingURL=pm-signals.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pm-signals.js","sourceRoot":"","sources":["../../../src/analyzers/bom/pm-signals.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;;AAyEH,oCAgCC;AAeD,sCAWC;AAsBD,wCAqBC;AAjKD;;gEAEgE;AAChE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK;IACL,OAAO;IACP,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,KAAK;IACL,cAAc;IACd,cAAc;IACd,oBAAoB;IACpB,MAAM;IACN,KAAK;IACL,MAAM;IACN,WAAW;IACX,SAAS;IACT,OAAO;IACP,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,cAAc;IACd,cAAc;IACd,OAAO;IACP,SAAS;IACT,SAAS,EAAE,+BAA+B;CAC3C,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,SAAS;IACT,SAAS;IACT,KAAK;IACL,UAAU;IACV,UAAU;IACV,MAAM;IACN,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,UAAU;IACV,UAAU;IACV,MAAM;IACN,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AAE1F;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,WAA+B;IAC1D,IAAI,CAAC,WAAW,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACxC,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,aAAa,CAAC;IACnD,CAAC;IACD,iEAAiE;IACjE,iEAAiE;IACjE,kEAAkE;IAClE,iEAAiE;IACjE,4DAA4D;IAC5D,uDAAuD;IACvD,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,OAAO;SACnB,KAAK,CAAC,wCAAwC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,CAAC;SACE,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC;SAChC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CACxB;SACA,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,IAAI,KAAK,GAAiB,SAAS,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,iBAAiB,CAAC;QACxD,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,KAAK,GAAG,eAAe,CAAC;aAChD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,SAAS;YAAE,KAAK,GAAG,YAAY,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAMD,MAAM,OAAO,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1C;;;;;;GAMG;AACH,SAAgB,aAAa,CAC3B,WAA+B,EAC/B,MAAY,IAAI,IAAI,EAAE;IAEtB,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACtC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,GAAG,OAAO;QAAE,OAAO,OAAO,CAAC;IACpC,IAAI,KAAK,GAAG,CAAC,GAAG,OAAO;QAAE,OAAO,OAAO,CAAC;IACxC,OAAO,OAAO,CAAC;AACjB,CAAC;AAMD;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,cAAc,CAAC,KAAe;IAC5C,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,qCAAqC;IACrF,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,KAAK,GAAqC,SAAS,CAAC;IACxD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YACpB,aAAa,GAAG,IAAI,CAAC;YACrB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;aACtD,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACnE,sCAAsC;IACxC,CAAC;IACD,IAAI,aAAa;QAAE,OAAO,SAAS,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAS;IAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,KAAiC,CAAC;AAC3C,CAAC;AAED,SAAS,OAAO,CAA6C,CAAI,EAAE,CAAI;IACrE,MAAM,IAAI,GAAqD;QAC7D,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,CAAC;QACX,KAAK,EAAE,CAAC;KACT,CAAC;IACF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC"}
@@ -1,27 +1,38 @@
1
1
  /**
2
- * XLSX converter — bom report.
2
+ * XLSX converter — bom report (2.3.2 PM-grade restructure).
3
3
  *
4
- * Same 15-column header as the licenses converter (10h.2.3) so the
5
- * file is a drop-in replacement for the customer's hand-built sheet,
6
- * but cols 11/12/13 are now mechanically populated from the joined
7
- * dep-vuln data:
8
- * - col 11 "Criticality of usage of this version" — max severity
9
- * across the package's advisories ("Critical (3 vulns)") or
10
- * blank when no known vulns.
11
- * - col 12 "Vulnerability Issues" — semicolon-joined advisory list
12
- * ("GHSA-XXXX: title; CVE-YYYY: title; ..."). Truncated per
13
- * advisory to keep the cell readable.
14
- * - col 13 "Resolution" — the bom entry's `upgradeAdvice` (Tier-1
15
- * "PROPOSAL: Upgrade to ..." or "No fix available — ...").
4
+ * Produces a 4-sheet workbook tuned for a PM / security reviewer:
16
5
  *
17
- * Cols 1-10, 14, 15 mirror the licenses converter exactly so any
18
- * downstream Excel formulas referencing those columns stay valid.
6
+ * 1. `Executive Summary` KV grid on one screen: totals, severity
7
+ * breakdown, top upgrade, license-class counts, staleness counts,
8
+ * tool provenance, analysis time.
9
+ *
10
+ * 2. `Triage` — top 10 findings ranked by composite riskScore, with
11
+ * PM-friendly columns (Priority / Risk / Severity / KEV / Reach /
12
+ * Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
13
+ * Rationale). Sort key is `riskScore desc`; ties resolve by
14
+ * severity then package name. The list shown here is the same
15
+ * one the markdown's "This Week's Triage" section surfaces, so
16
+ * markdown + xlsx tell the same story.
17
+ *
18
+ * 3. `Inventory` — legacy 15-col customer-format sheet with 4 columns
19
+ * appended (cols 16–19): Risk / KEV / Reachable / EPSS. Sorting
20
+ * by col 16 desc gives the same triage order as sheet 2; the
21
+ * legacy cols 1–15 stay byte-identical to the pre-2.3.2 format
22
+ * for reviewers who have hand-built dashboards on specific cells.
23
+ *
24
+ * 4. `License Breakdown` — pivot: license type × count × risk class
25
+ * × sample packages. Lets a PM filter for "copyleft-strong" or
26
+ * "unknown" licenses without eyeballing the full inventory.
27
+ *
28
+ * All derivations (license class, staleness tier, effort estimate)
29
+ * live in `src/analyzers/bom/pm-signals.ts` so the markdown renderer
30
+ * shares the same classification logic — PM sees consistent labels
31
+ * regardless of which report surface they're reading.
19
32
  */
20
33
  import type { BomReport } from '../bom/types';
21
34
  /**
22
- * Render a `BomReport` as an XLSX workbook and return the serialized
23
- * bytes. Sort matches the licenses converter (alphabetical by package)
24
- * for diff-stable output across runs.
35
+ * Render a `BomReport` as a multi-sheet XLSX workbook.
25
36
  */
26
37
  export declare function toBomXlsx(report: BomReport): Promise<Buffer>;
27
38
  //# sourceMappingURL=bom.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAe,MAAM,cAAc,CAAC;AAqC3D;;;;GAIG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAiFlE"}
1
+ {"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,cAAc,CAAC;AAoHrE;;GAEG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAYlE"}
@@ -1,22 +1,35 @@
1
1
  "use strict";
2
2
  /**
3
- * XLSX converter — bom report.
3
+ * XLSX converter — bom report (2.3.2 PM-grade restructure).
4
4
  *
5
- * Same 15-column header as the licenses converter (10h.2.3) so the
6
- * file is a drop-in replacement for the customer's hand-built sheet,
7
- * but cols 11/12/13 are now mechanically populated from the joined
8
- * dep-vuln data:
9
- * - col 11 "Criticality of usage of this version" — max severity
10
- * across the package's advisories ("Critical (3 vulns)") or
11
- * blank when no known vulns.
12
- * - col 12 "Vulnerability Issues" — semicolon-joined advisory list
13
- * ("GHSA-XXXX: title; CVE-YYYY: title; ..."). Truncated per
14
- * advisory to keep the cell readable.
15
- * - col 13 "Resolution" — the bom entry's `upgradeAdvice` (Tier-1
16
- * "PROPOSAL: Upgrade to ..." or "No fix available — ...").
5
+ * Produces a 4-sheet workbook tuned for a PM / security reviewer:
17
6
  *
18
- * Cols 1-10, 14, 15 mirror the licenses converter exactly so any
19
- * downstream Excel formulas referencing those columns stay valid.
7
+ * 1. `Executive Summary` KV grid on one screen: totals, severity
8
+ * breakdown, top upgrade, license-class counts, staleness counts,
9
+ * tool provenance, analysis time.
10
+ *
11
+ * 2. `Triage` — top 10 findings ranked by composite riskScore, with
12
+ * PM-friendly columns (Priority / Risk / Severity / KEV / Reach /
13
+ * Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
14
+ * Rationale). Sort key is `riskScore desc`; ties resolve by
15
+ * severity then package name. The list shown here is the same
16
+ * one the markdown's "This Week's Triage" section surfaces, so
17
+ * markdown + xlsx tell the same story.
18
+ *
19
+ * 3. `Inventory` — legacy 15-col customer-format sheet with 4 columns
20
+ * appended (cols 16–19): Risk / KEV / Reachable / EPSS. Sorting
21
+ * by col 16 desc gives the same triage order as sheet 2; the
22
+ * legacy cols 1–15 stay byte-identical to the pre-2.3.2 format
23
+ * for reviewers who have hand-built dashboards on specific cells.
24
+ *
25
+ * 4. `License Breakdown` — pivot: license type × count × risk class
26
+ * × sample packages. Lets a PM filter for "copyleft-strong" or
27
+ * "unknown" licenses without eyeballing the full inventory.
28
+ *
29
+ * All derivations (license class, staleness tier, effort estimate)
30
+ * live in `src/analyzers/bom/pm-signals.ts` so the markdown renderer
31
+ * shares the same classification logic — PM sees consistent labels
32
+ * regardless of which report surface they're reading.
20
33
  */
21
34
  var __importDefault = (this && this.__importDefault) || function (mod) {
22
35
  return (mod && mod.__esModule) ? mod : { "default": mod };
@@ -24,17 +37,46 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
24
37
  Object.defineProperty(exports, "__esModule", { value: true });
25
38
  exports.toBomXlsx = toBomXlsx;
26
39
  const exceljs_1 = __importDefault(require("exceljs"));
40
+ const pm_signals_1 = require("../bom/pm-signals");
27
41
  const licenses_1 = require("./licenses");
28
- /** Excel's hard per-cell character limit. Some advisory summaries
29
- * (e.g. octokit ReDoS write-ups) blow past this when concatenated
30
- * across 5+ vulns on the same package. */
42
+ /** Excel's hard per-cell character limit. */
31
43
  const EXCEL_CELL_MAX = 32767;
32
- /** Per-advisory truncation in col 12 keeps the joined cell readable
33
- * and well under the per-cell limit even on packages with 10+ vulns. */
44
+ /** Per-advisory truncation in the legacy "Vulnerability Issues" cell. */
34
45
  const ADVISORY_SUMMARY_MAX = 200;
35
- /** Same control-char + length scrub as licenses.ts. Inlined rather
36
- * than exported because the rule lives at the xlsx-write boundary,
37
- * not as a general-purpose utility. */
46
+ const SEV_RANK = {
47
+ critical: 0,
48
+ high: 1,
49
+ medium: 2,
50
+ low: 3,
51
+ };
52
+ const SEV_LABEL = {
53
+ critical: 'Critical',
54
+ high: 'High',
55
+ medium: 'Medium',
56
+ low: 'Low',
57
+ };
58
+ const LICENSE_CLASS_LABEL = {
59
+ permissive: 'Permissive',
60
+ 'copyleft-weak': 'Copyleft (weak)',
61
+ 'copyleft-strong': 'Copyleft (strong)',
62
+ proprietary: 'Proprietary',
63
+ unknown: 'Unknown',
64
+ };
65
+ const STALENESS_LABEL = {
66
+ fresh: 'Fresh (< 1y)',
67
+ aging: 'Aging (1–3y)',
68
+ stale: 'Stale (≥ 3y)',
69
+ unknown: 'Unknown',
70
+ };
71
+ const EFFORT_LABEL = {
72
+ trivial: 'Trivial (patch bump)',
73
+ moderate: 'Moderate (minor bump)',
74
+ major: 'Major (breaking)',
75
+ blocked: 'Blocked (no fix)',
76
+ };
77
+ /** XML 1.0 forbids most C0 control chars; Excel refuses to open a sheet
78
+ * containing them. Same scrub as licenses.ts, inlined here so the xlsx
79
+ * write boundary owns the rule. */
38
80
  function xlsxSafe(v) {
39
81
  if (!v)
40
82
  return '';
@@ -51,54 +93,266 @@ function xlsxSafe(v) {
51
93
  }
52
94
  return s;
53
95
  }
54
- const SEV_LABEL = {
55
- critical: 'Critical',
56
- high: 'High',
57
- medium: 'Medium',
58
- low: 'Low',
59
- };
96
+ function pct(n) {
97
+ return typeof n === 'number' ? `${(n * 100).toFixed(2)}%` : '';
98
+ }
99
+ function maxRiskAcrossVulns(e) {
100
+ let best = -1;
101
+ for (const v of e.vulns) {
102
+ if (typeof v.riskScore === 'number' && v.riskScore > best)
103
+ best = v.riskScore;
104
+ }
105
+ return best;
106
+ }
107
+ function maxCvssAcrossVulns(e) {
108
+ let best = -1;
109
+ for (const v of e.vulns) {
110
+ if (typeof v.cvssScore === 'number' && v.cvssScore > best)
111
+ best = v.cvssScore;
112
+ }
113
+ return best;
114
+ }
115
+ function maxEpssAcrossVulns(e) {
116
+ let best = -1;
117
+ for (const v of e.vulns) {
118
+ if (typeof v.epssScore === 'number' && v.epssScore > best)
119
+ best = v.epssScore;
120
+ }
121
+ return best;
122
+ }
123
+ function anyKev(e) {
124
+ return e.vulns.some((v) => v.kev === true);
125
+ }
126
+ function anyReachable(e) {
127
+ let sawTrue = false;
128
+ let sawFalse = false;
129
+ for (const v of e.vulns) {
130
+ if (v.reachable === true)
131
+ sawTrue = true;
132
+ else if (v.reachable === false)
133
+ sawFalse = true;
134
+ }
135
+ if (sawTrue)
136
+ return 'yes';
137
+ if (sawFalse)
138
+ return 'no';
139
+ return 'unknown';
140
+ }
60
141
  /**
61
- * Render a `BomReport` as an XLSX workbook and return the serialized
62
- * bytes. Sort matches the licenses converter (alphabetical by package)
63
- * for diff-stable output across runs.
142
+ * Render a `BomReport` as a multi-sheet XLSX workbook.
64
143
  */
65
144
  async function toBomXlsx(report) {
66
145
  const wb = new exceljs_1.default.Workbook();
67
146
  wb.creator = 'vyuh-dxkit';
68
147
  wb.created = new Date(report.analyzedAt);
69
- const ws = wb.addWorksheet('platform');
70
- ws.addRow(licenses_1.BOM_COLUMNS);
148
+ writeExecutiveSummary(wb, report);
149
+ writeTriage(wb, report);
150
+ writeInventory(wb, report);
151
+ writeLicenseBreakdown(wb, report);
152
+ const buf = await wb.xlsx.writeBuffer();
153
+ return Buffer.from(buf);
154
+ }
155
+ // ─── Sheet 1: Executive Summary ─────────────────────────────────────────────
156
+ function writeExecutiveSummary(wb, report) {
157
+ const ws = wb.addWorksheet('Executive Summary');
158
+ ws.columns = [
159
+ { header: '', key: 'label', width: 42 },
160
+ { header: '', key: 'value', width: 60 },
161
+ ];
162
+ const s = report.summary;
163
+ const now = new Date();
164
+ // Top-line identity
165
+ ws.addRow(['Repository', report.repo]);
166
+ ws.addRow(['Branch', `${report.branch} (${report.commitSha})`]);
167
+ ws.addRow(['Scan date', report.analyzedAt.slice(0, 10)]);
168
+ ws.addRow([
169
+ 'Scope',
170
+ s.filter === 'top-level'
171
+ ? `Top-level packages only (${s.totalPackages} of ${s.unfilteredTotalPackages} installed)`
172
+ : `All installed packages (${s.totalPackages})`,
173
+ ]);
174
+ if (s.projectRoots.length > 1) {
175
+ ws.addRow(['Project roots', `${s.projectRoots.length} — ${s.projectRoots.join(', ')}`]);
176
+ }
177
+ ws.addRow([]);
178
+ // Risk posture
179
+ ws.addRow(['Risk posture', '']).font = { bold: true };
180
+ ws.addRow(['Vulnerable packages', `${s.vulnerablePackages} (of ${s.totalPackages})`]);
181
+ ws.addRow(['Total advisories', `${s.totalAdvisories}`]);
182
+ ws.addRow([
183
+ 'Severity breakdown (worst-of-package)',
184
+ `Critical ${s.bySeverity.critical} · High ${s.bySeverity.high} · Medium ${s.bySeverity.medium} · Low ${s.bySeverity.low}`,
185
+ ]);
186
+ // Highest-risk advisory + top upgrade
187
+ const triage = buildTriageRows(report);
188
+ if (triage.length > 0) {
189
+ const top = triage[0];
190
+ ws.addRow([
191
+ 'Top ship-blocker',
192
+ `${top.packageAtVersion} — ${top.advisoryId} (Risk ${top.risk.toFixed(0)})`,
193
+ ]);
194
+ }
195
+ else {
196
+ ws.addRow(['Top ship-blocker', 'None — no advisory crossed the moderate-risk threshold']);
197
+ }
198
+ // byTopLevelDep: the single upgrade with the biggest blast-radius win
199
+ const rollupEntries = Object.entries(s.byTopLevelDep).sort((a, b) => SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
200
+ b[1].advisoryCount - a[1].advisoryCount);
201
+ if (rollupEntries.length > 0) {
202
+ const [name, r] = rollupEntries[0];
203
+ ws.addRow([
204
+ 'Highest-leverage upgrade',
205
+ `${name} — resolves up to ${r.advisoryCount} transitive advisories (worst ${SEV_LABEL[r.maxSeverity]})`,
206
+ ]);
207
+ }
208
+ ws.addRow([]);
209
+ // License risk
210
+ ws.addRow(['License risk', '']).font = { bold: true };
211
+ const licBuckets = new Map();
212
+ for (const e of report.entries) {
213
+ const c = (0, pm_signals_1.licenseClass)(e.licenseType);
214
+ licBuckets.set(c, (licBuckets.get(c) ?? 0) + 1);
215
+ }
216
+ for (const c of [
217
+ 'permissive',
218
+ 'copyleft-weak',
219
+ 'copyleft-strong',
220
+ 'proprietary',
221
+ 'unknown',
222
+ ]) {
223
+ ws.addRow([LICENSE_CLASS_LABEL[c], licBuckets.get(c) ?? 0]);
224
+ }
225
+ ws.addRow([]);
226
+ // Staleness
227
+ ws.addRow(['Staleness', '']).font = { bold: true };
228
+ const staleBuckets = new Map();
229
+ for (const e of report.entries) {
230
+ const t = (0, pm_signals_1.stalenessTier)(e.releaseDate, now);
231
+ staleBuckets.set(t, (staleBuckets.get(t) ?? 0) + 1);
232
+ }
233
+ for (const t of ['fresh', 'aging', 'stale', 'unknown']) {
234
+ ws.addRow([STALENESS_LABEL[t], staleBuckets.get(t) ?? 0]);
235
+ }
236
+ ws.addRow([]);
237
+ // Tools + provenance
238
+ ws.addRow(['Tools used', report.toolsUsed.join(', ') || '(none)']);
239
+ if (report.toolsUnavailable.length > 0) {
240
+ ws.addRow(['Tools unavailable', report.toolsUnavailable.join(', ')]);
241
+ }
242
+ ws.addRow(['Schema version', report.schemaVersion]);
243
+ // Bold the label column
244
+ for (let i = 1; i <= ws.rowCount; i++) {
245
+ const cell = ws.getRow(i).getCell(1);
246
+ if (!cell.font?.bold)
247
+ cell.font = { bold: true };
248
+ }
249
+ }
250
+ function buildTriageRows(report, limit = 10, minRisk = 15) {
251
+ const flat = [];
252
+ for (const e of report.entries) {
253
+ if (e.vulns.length === 0)
254
+ continue;
255
+ const effort = (0, pm_signals_1.effortEstimate)(e);
256
+ for (const v of e.vulns) {
257
+ if (typeof v.riskScore !== 'number' || v.riskScore < minRisk)
258
+ continue;
259
+ const rationale = buildRationale(v);
260
+ flat.push({
261
+ risk: v.riskScore,
262
+ severity: v.severity,
263
+ kev: v.kev === true,
264
+ reachable: v.reachable === true ? 'yes' : v.reachable === false ? 'no' : 'unknown',
265
+ packageAtVersion: `${e.package}@${e.version}`,
266
+ advisoryId: v.id,
267
+ cvss: v.cvssScore,
268
+ epss: v.epssScore,
269
+ fix: v.fixedVersion ?? e.upgradeAdvice.replace(/^PROPOSAL:\s*/, '') ?? undefined,
270
+ effort,
271
+ rationale,
272
+ });
273
+ }
274
+ }
275
+ flat.sort((a, b) => b.risk - a.risk ||
276
+ SEV_RANK[a.severity] - SEV_RANK[b.severity] ||
277
+ a.packageAtVersion.localeCompare(b.packageAtVersion));
278
+ return flat.slice(0, limit);
279
+ }
280
+ function buildRationale(v) {
281
+ const parts = [];
282
+ if (v.kev)
283
+ parts.push('KEV');
284
+ if (v.reachable === true)
285
+ parts.push('reachable');
286
+ if (v.reachable === false)
287
+ parts.push('not reachable');
288
+ if (typeof v.cvssScore === 'number')
289
+ parts.push(`CVSS ${v.cvssScore.toFixed(1)}`);
290
+ if (typeof v.epssScore === 'number' && v.epssScore >= 0.01) {
291
+ parts.push(`EPSS ${(v.epssScore * 100).toFixed(1)}%`);
292
+ }
293
+ return parts.length > 0 ? parts.join(', ') : '—';
294
+ }
295
+ function writeTriage(wb, report) {
296
+ const ws = wb.addWorksheet('Triage');
297
+ ws.columns = [
298
+ { header: 'Priority', key: 'priority', width: 10 },
299
+ { header: 'Risk', key: 'risk', width: 8 },
300
+ { header: 'Severity', key: 'severity', width: 12 },
301
+ { header: 'KEV', key: 'kev', width: 6 },
302
+ { header: 'Reachable', key: 'reachable', width: 12 },
303
+ { header: 'Package@Version', key: 'pkg', width: 40 },
304
+ { header: 'Advisory', key: 'id', width: 24 },
305
+ { header: 'CVSS', key: 'cvss', width: 8 },
306
+ { header: 'EPSS', key: 'epss', width: 10 },
307
+ { header: 'Upgrade to', key: 'fix', width: 14 },
308
+ { header: 'Effort', key: 'effort', width: 22 },
309
+ { header: 'Rationale', key: 'rationale', width: 42 },
310
+ ];
311
+ ws.getRow(1).font = { bold: true };
312
+ const triage = buildTriageRows(report);
313
+ triage.forEach((t, i) => {
314
+ ws.addRow({
315
+ priority: i + 1,
316
+ risk: Math.round(t.risk),
317
+ severity: SEV_LABEL[t.severity],
318
+ kev: t.kev ? '⚠' : '',
319
+ reachable: t.reachable,
320
+ pkg: t.packageAtVersion,
321
+ id: t.advisoryId,
322
+ cvss: typeof t.cvss === 'number' ? t.cvss.toFixed(1) : '—',
323
+ epss: pct(t.epss),
324
+ fix: t.fix ? xlsxSafe(t.fix) : '—',
325
+ effort: EFFORT_LABEL[t.effort],
326
+ rationale: t.rationale,
327
+ });
328
+ });
329
+ if (triage.length === 0) {
330
+ ws.addRow({
331
+ priority: '—',
332
+ rationale: 'No advisories crossed the moderate-risk threshold (Risk ≥ 15).',
333
+ });
334
+ }
335
+ }
336
+ // ─── Sheet 3: Inventory (legacy 15 + 4 appended) ────────────────────────────
337
+ function writeInventory(wb, report) {
338
+ const ws = wb.addWorksheet('Inventory');
339
+ // Append the 4 PM-signal columns to the legacy header.
340
+ const header = [...licenses_1.BOM_COLUMNS, 'Risk', 'KEV', 'Reachable', 'EPSS'];
341
+ ws.addRow(header);
71
342
  ws.getRow(1).font = { bold: true };
72
343
  const reportDate = report.analyzedAt.slice(0, 10);
73
344
  const rows = [...report.entries].sort((a, b) => a.package.localeCompare(b.package));
74
- // Non-vulnerable rows still need a signal in cols 11/12/13 so a reviewer
75
- // can distinguish "scanned, clean" from "not scanned / unknown". Blank
76
- // leaves the same ambiguity the customer's hand-built sheet had.
77
345
  const NO_VULNS_CRITICALITY = 'None';
78
346
  const NO_VULNS_ISSUES = 'None';
79
347
  const NO_VULNS_RESOLUTION = 'No action required';
80
348
  for (const e of rows) {
81
- // col 11: severity badge + count, e.g. "Critical (3 vulns)".
82
349
  const criticality = e.maxSeverity
83
350
  ? `${SEV_LABEL[e.maxSeverity]} (${e.vulns.length} vuln${e.vulns.length === 1 ? '' : 's'})`
84
351
  : NO_VULNS_CRITICALITY;
85
- // col 12: per-advisory list. "ID: summary" with summary truncated
86
- // per entry. Sorted by severity within the package so the most
87
- // serious issues appear first when the cell is rendered.
88
- const SEV_RANK = {
89
- critical: 0,
90
- high: 1,
91
- medium: 2,
92
- low: 3,
93
- };
94
352
  const sortedVulns = [...e.vulns].sort((a, b) => SEV_RANK[a.severity] - SEV_RANK[b.severity] || a.id.localeCompare(b.id));
95
353
  const vulnLines = sortedVulns.map((v) => {
96
354
  const title = (v.summary ?? '').replace(/\s+/g, ' ').trim().slice(0, ADVISORY_SUMMARY_MAX);
97
355
  const cvss = v.cvssScore !== undefined ? ` [CVSS ${v.cvssScore.toFixed(1)}]` : '';
98
- // Top-level attribution: tells the reviewer which direct manifest
99
- // dep to upgrade. Missing when the pack couldn't parse the graph
100
- // (e.g. TS repo with no lockfile) — silent in that case so the
101
- // column stays clean.
102
356
  const tops = v.topLevelDep ?? [];
103
357
  let via = '';
104
358
  if (tops.length === 1)
@@ -109,32 +363,93 @@ async function toBomXlsx(report) {
109
363
  });
110
364
  const vulnerabilityIssues = e.vulns.length === 0 ? NO_VULNS_ISSUES : vulnLines.join('; ');
111
365
  const resolution = e.vulns.length === 0 ? NO_VULNS_RESOLUTION : e.upgradeAdvice;
366
+ // PM signals — appended cols 16–19. Use max-across-vulns for sortability.
367
+ const risk = maxRiskAcrossVulns(e);
368
+ const cvssMax = maxCvssAcrossVulns(e);
369
+ const epssMax = maxEpssAcrossVulns(e);
370
+ const kevCell = anyKev(e) ? 'Yes' : '';
371
+ const reachCell = anyReachable(e);
112
372
  ws.addRow([
113
- xlsxSafe(e.package), // col 1
114
- xlsxSafe(e.version), // col 2
115
- xlsxSafe(e.description), // col 3
116
- 'Dependency', // col 4 — static
117
- `Reported ${reportDate}`, // col 5 — freshness stamp
118
- xlsxSafe(e.sourceUrl), // col 6
119
- xlsxSafe(e.licenseType), // col 7
120
- xlsxSafe(e.licenseText), // col 8
121
- xlsxSafe(e.supplier), // col 9
122
- xlsxSafe(e.releaseDate ? e.releaseDate.slice(0, 10) : ''), // col 10 — ISO date truncated to YYYY-MM-DD; populated by npm-registry enrichment (10h.5.1, closes D006)
123
- xlsxSafe(criticality), // col 11 — bom-only
124
- xlsxSafe(vulnerabilityIssues), // col 12 — bom-only
125
- xlsxSafe(resolution), // col 13 — bom-only
126
- '', // col 14 — intentionally blank (human workflow: OK/Pending/etc)
127
- `${e.package}@${e.version}`, // col 15
373
+ xlsxSafe(e.package),
374
+ xlsxSafe(e.version),
375
+ xlsxSafe(e.description),
376
+ 'Dependency',
377
+ `Reported ${reportDate}`,
378
+ xlsxSafe(e.sourceUrl),
379
+ xlsxSafe(e.licenseType),
380
+ xlsxSafe(e.licenseText),
381
+ xlsxSafe(e.supplier),
382
+ xlsxSafe(e.releaseDate ? e.releaseDate.slice(0, 10) : ''),
383
+ xlsxSafe(criticality),
384
+ xlsxSafe(vulnerabilityIssues),
385
+ xlsxSafe(resolution),
386
+ '',
387
+ `${e.package}@${e.version}`,
388
+ // 16–19: PM-signals (numeric so sort asc/desc works correctly)
389
+ risk >= 0 ? Math.round(risk) : '',
390
+ kevCell,
391
+ reachCell === 'unknown' ? '' : reachCell,
392
+ epssMax >= 0 ? pct(epssMax) : '',
393
+ // Keep CVSS-max for power users; col 20 is an extra that helps
394
+ // pivot tables without cluttering the main table.
395
+ cvssMax >= 0 ? cvssMax.toFixed(1) : '',
128
396
  ]);
129
397
  }
130
- // Same widths as the licenses converter preserves visual fidelity
131
- // when reviewers diff a licenses-only sheet against a bom sheet.
132
- const widths = [30, 14, 50, 14, 18, 50, 18, 50, 24, 18, 22, 50, 40, 12, 40];
398
+ // Legacy widths (15 cols) + PM-signal widths (4 + 1 for cvss-max).
399
+ const widths = [30, 14, 50, 14, 18, 50, 18, 50, 24, 18, 22, 50, 40, 12, 40, 8, 6, 12, 10, 8];
133
400
  ws.columns.forEach((col, i) => {
134
401
  if (col && widths[i])
135
402
  col.width = widths[i];
136
403
  });
137
- const buf = await wb.xlsx.writeBuffer();
138
- return Buffer.from(buf);
404
+ // Header for the bonus col 20 (CVSS max)
405
+ ws.getRow(1).getCell(20).value = 'CVSS (max)';
406
+ ws.getRow(1).getCell(20).font = { bold: true };
407
+ }
408
+ // ─── Sheet 4: License Breakdown ─────────────────────────────────────────────
409
+ function writeLicenseBreakdown(wb, report) {
410
+ const ws = wb.addWorksheet('License Breakdown');
411
+ ws.columns = [
412
+ { header: 'License', key: 'license', width: 30 },
413
+ { header: 'Class', key: 'class', width: 22 },
414
+ { header: 'Count', key: 'count', width: 8 },
415
+ { header: 'Sample packages', key: 'samples', width: 80 },
416
+ ];
417
+ ws.getRow(1).font = { bold: true };
418
+ // Group entries by license type, remember up to 5 sample package names
419
+ const buckets = new Map();
420
+ for (const e of report.entries) {
421
+ const lic = e.licenseType || '(empty)';
422
+ const list = buckets.get(lic) ?? [];
423
+ list.push(e.package);
424
+ buckets.set(lic, list);
425
+ }
426
+ // Sort: worst class first (copyleft-strong), then count desc, then name
427
+ const rows = [...buckets.entries()]
428
+ .map(([lic, pkgs]) => ({
429
+ license: lic,
430
+ cls: (0, pm_signals_1.licenseClass)(lic),
431
+ count: pkgs.length,
432
+ samples: pkgs.slice(0, 5).join(', ') + (pkgs.length > 5 ? `, +${pkgs.length - 5} more` : ''),
433
+ }))
434
+ .sort((a, b) => {
435
+ const classRank = {
436
+ 'copyleft-strong': 0,
437
+ 'copyleft-weak': 1,
438
+ proprietary: 2,
439
+ unknown: 3,
440
+ permissive: 4,
441
+ };
442
+ return (classRank[a.cls] - classRank[b.cls] ||
443
+ b.count - a.count ||
444
+ a.license.localeCompare(b.license));
445
+ });
446
+ for (const r of rows) {
447
+ ws.addRow({
448
+ license: r.license,
449
+ class: LICENSE_CLASS_LABEL[r.cls],
450
+ count: r.count,
451
+ samples: r.samples,
452
+ });
453
+ }
139
454
  }
140
455
  //# sourceMappingURL=bom.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"bom.js","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;;;AA8CH,8BAiFC;AA7HD,sDAA8B;AAG9B,yCAAyC;AAEzC;;2CAE2C;AAC3C,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B;yEACyE;AACzE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC;;wCAEwC;AACxC,SAAS,QAAQ,CAAC,CAAqB;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;YAAE,SAAS;QAC7E,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,wEAAwE,CAAC;QACxF,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF;;;;GAIG;AACI,KAAK,UAAU,SAAS,CAAC,MAAiB;IAC/C,MAAM,EAAE,GAAG,IAAI,iBAAO,CAAC,QAAQ,EAAE,CAAC;IAClC,EAAE,CAAC,OAAO,GAAG,YAAY,CAAC;IAC1B,EAAE,CAAC,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzC,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACvC,EAAE,CAAC,MAAM,CAAC,sBAAuB,CAAC,CAAC;IACnC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpF,yEAAyE;IACzE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,oBAAoB,GAAG,MAAM,CAAC;IACpC,MAAM,eAAe,GAAG,MAAM,CAAC;IAC/B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,6DAA6D;QAC7D,MAAM,WAAW,GAAG,CAAC,CAAC,WAAW;YAC/B,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG;YAC1F,CAAC,CAAC,oBAAoB,CAAC;QAEzB,kEAAkE;QAClE,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,QAAQ,GAAgC;YAC5C,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;SACP,CAAC;QACF,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAClF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;YAC3F,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,kEAAkE;YAClE,iEAAiE;YACjE,+DAA+D;YAC/D,sBAAsB;YACtB,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YACjC,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC1C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;YAC7E,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;QAC3E,CAAC,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QAEhF,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ;YAC7B,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ;YAC7B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,YAAY,EAAE,iBAAiB;YAC/B,YAAY,UAAU,EAAE,EAAE,0BAA0B;YACpD,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,QAAQ;YAC/B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,QAAQ;YAC9B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,yGAAyG;YACpK,QAAQ,CAAC,WAAW,CAAC,EAAE,oBAAoB;YAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,oBAAoB;YACnD,QAAQ,CAAC,UAAU,CAAC,EAAE,oBAAoB;YAC1C,EAAE,EAAE,gEAAgE;YACpE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,SAAS;SACvC,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,iEAAiE;IACjE,MAAM,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,IAAI,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC;YAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAkB,CAAC,CAAC;AACzC,CAAC"}
1
+ {"version":3,"file":"bom.js","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;;;AA2HH,8BAYC;AArID,sDAA8B;AAI9B,kDAO2B;AAC3B,yCAAyC;AAEzC,6CAA6C;AAC7C,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,yEAAyE;AACzE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,QAAQ,GAAgC;IAC5C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF,MAAM,mBAAmB,GAAiC;IACxD,UAAU,EAAE,YAAY;IACxB,eAAe,EAAE,iBAAiB;IAClC,iBAAiB,EAAE,mBAAmB;IACtC,WAAW,EAAE,aAAa;IAC1B,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,MAAM,eAAe,GAAkC;IACrD,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,cAAc;IACrB,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,MAAM,YAAY,GAAmC;IACnD,OAAO,EAAE,sBAAsB;IAC/B,QAAQ,EAAE,uBAAuB;IACjC,KAAK,EAAE,kBAAkB;IACzB,OAAO,EAAE,kBAAkB;CAC5B,CAAC;AAEF;;oCAEoC;AACpC,SAAS,QAAQ,CAAC,CAAqB;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;YAAE,SAAS;QAC7E,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,wEAAwE,CAAC;QACxF,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,GAAG,CAAC,CAAqB;IAChC,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAClE,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,CAAW;IACzB,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,YAAY,CAAC,CAAW;IAC/B,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,OAAO,GAAG,IAAI,CAAC;aACpC,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,QAAQ,GAAG,IAAI,CAAC;IAClD,CAAC;IACD,IAAI,OAAO;QAAE,OAAO,KAAK,CAAC;IAC1B,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,SAAS,CAAC,MAAiB;IAC/C,MAAM,EAAE,GAAG,IAAI,iBAAO,CAAC,QAAQ,EAAE,CAAC;IAClC,EAAE,CAAC,OAAO,GAAG,YAAY,CAAC;IAC1B,EAAE,CAAC,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzC,qBAAqB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAClC,WAAW,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACxB,cAAc,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3B,qBAAqB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAElC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAkB,CAAC,CAAC;AACzC,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,EAAoB,EAAE,MAAiB;IACpE,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAChD,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;QACvC,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;KACxC,CAAC;IAEF,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,oBAAoB;IACpB,EAAE,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,EAAE,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAChE,EAAE,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACzD,EAAE,CAAC,MAAM,CAAC;QACR,OAAO;QACP,CAAC,CAAC,MAAM,KAAK,WAAW;YACtB,CAAC,CAAC,4BAA4B,CAAC,CAAC,aAAa,OAAO,CAAC,CAAC,uBAAuB,aAAa;YAC1F,CAAC,CAAC,2BAA2B,CAAC,CAAC,aAAa,GAAG;KAClD,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,MAAM,CAAC,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,eAAe;IACf,EAAE,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACtD,EAAE,CAAC,MAAM,CAAC,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC,kBAAkB,QAAQ,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;IACtF,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IACxD,EAAE,CAAC,MAAM,CAAC;QACR,uCAAuC;QACvC,YAAY,CAAC,CAAC,UAAU,CAAC,QAAQ,WAAW,CAAC,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,CAAC,UAAU,CAAC,MAAM,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE;KAC1H,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,EAAE,CAAC,MAAM,CAAC;YACR,kBAAkB;YAClB,GAAG,GAAG,CAAC,gBAAgB,MAAM,GAAG,CAAC,UAAU,UAAU,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;SAC5E,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,wDAAwD,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,sEAAsE;IACtE,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CACxD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAC1C,CAAC;IACF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QACnC,EAAE,CAAC,MAAM,CAAC;YACR,0BAA0B;YAC1B,GAAG,IAAI,qBAAqB,CAAC,CAAC,aAAa,iCAAiC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG;SACxG,CAAC,CAAC;IACL,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,eAAe;IACf,EAAE,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACtD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI;QACd,YAAY;QACZ,eAAe;QACf,iBAAiB;QACjB,aAAa;QACb,SAAS;KACQ,EAAE,CAAC;QACpB,EAAE,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,YAAY;IACZ,EAAE,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAyB,CAAC;IACtD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAC5C,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAoB,EAAE,CAAC;QAC1E,EAAE,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,qBAAqB;IACrB,EAAE,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,EAAE,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,CAAC,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpD,wBAAwB;IACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI;YAAE,IAAI,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;AACH,CAAC;AAkBD,SAAS,eAAe,CAAC,MAAiB,EAAE,KAAK,GAAG,EAAE,EAAE,OAAO,GAAG,EAAE;IAClE,MAAM,IAAI,GAAoB,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACnC,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC,CAAC,CAAC,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACvE,MAAM,SAAS,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,GAAG,EAAE,CAAC,CAAC,GAAG,KAAK,IAAI;gBACnB,SAAS,EAAE,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBAClF,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,UAAU,EAAE,CAAC,CAAC,EAAE;gBAChB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,IAAI,SAAS;gBAChF,MAAM;gBACN,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CACP,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI;QACf,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC3C,CAAC,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC,CACvD,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,CAAiB;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC,CAAC,GAAG;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAClF,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AACnD,CAAC;AAED,SAAS,WAAW,CAAC,EAAoB,EAAE,MAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE;QAClD,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE;QACzC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE;QAClD,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE;QACvC,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;QACpD,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE;QACpD,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;QAC5C,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE;QACzC,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE;QAC1C,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE;QAC/C,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE;QAC9C,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;KACrD,CAAC;IACF,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACtB,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,EAAE,CAAC,GAAG,CAAC;YACf,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACxB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC/B,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;YACrB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,GAAG,EAAE,CAAC,CAAC,gBAAgB;YACvB,EAAE,EAAE,CAAC,CAAC,UAAU;YAChB,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YAC1D,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YACjB,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG;YAClC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;YAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;SACvB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,gEAAgE;SAC5E,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAS,cAAc,CAAC,EAAoB,EAAE,MAAiB;IAC7D,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAExC,uDAAuD;IACvD,MAAM,MAAM,GAAG,CAAC,GAAG,sBAAW,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IACpE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpF,MAAM,oBAAoB,GAAG,MAAM,CAAC;IACpC,MAAM,eAAe,GAAG,MAAM,CAAC;IAC/B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,CAAC,CAAC,WAAW;YAC/B,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG;YAC1F,CAAC,CAAC,oBAAoB,CAAC;QAEzB,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAClF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;YAC3F,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YACjC,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC1C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;YAC7E,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;QAC3E,CAAC,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QAEhF,0EAA0E;QAC1E,MAAM,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAElC,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;YACnB,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;YACnB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,YAAY;YACZ,YAAY,UAAU,EAAE;YACxB,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACrB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;YACpB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,WAAW,CAAC;YACrB,QAAQ,CAAC,mBAAmB,CAAC;YAC7B,QAAQ,CAAC,UAAU,CAAC;YACpB,EAAE;YACF,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;YAC3B,+DAA+D;YAC/D,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;YACjC,OAAO;YACP,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;YACxC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YAChC,+DAA+D;YAC/D,kDAAkD;YAClD,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,MAAM,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7F,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,IAAI,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC;YAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,yCAAyC;IACzC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,YAAY,CAAC;IAC9C,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,EAAoB,EAAE,MAAiB;IACpE,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAChD,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE;QAChD,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;QAC5C,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE;QAC3C,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE;KACzD,CAAC;IACF,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,uEAAuE;IACvE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,IAAI,SAAS,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACpC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,wEAAwE;IACxE,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACrB,OAAO,EAAE,GAAG;QACZ,GAAG,EAAE,IAAA,yBAAY,EAAC,GAAG,CAAC;QACtB,KAAK,EAAE,IAAI,CAAC,MAAM;QAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7F,CAAC,CAAC;SACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,SAAS,GAAiC;YAC9C,iBAAiB,EAAE,CAAC;YACpB,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,CAAC;YACd,OAAO,EAAE,CAAC;YACV,UAAU,EAAE,CAAC;SACd,CAAC;QACF,OAAO,CACL,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;YACnC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK;YACjB,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CACnC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEL,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,EAAE,CAAC,MAAM,CAAC;YACR,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,KAAK,EAAE,mBAAmB,CAAC,CAAC,CAAC,GAAG,CAAC;YACjC,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vyuhlabs/dxkit",
3
- "version": "2.3.1",
3
+ "version": "2.3.2",
4
4
  "description": "AI-native developer experience toolkit for any repository",
5
5
  "license": "MIT",
6
6
  "author": "Vyuh Labs",