@vyuhlabs/dxkit 2.3.1 → 2.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +80 -0
- package/dist/analyzers/bom/index.d.ts.map +1 -1
- package/dist/analyzers/bom/index.js +78 -2
- package/dist/analyzers/bom/index.js.map +1 -1
- package/dist/analyzers/bom/pm-signals.d.ts +63 -0
- package/dist/analyzers/bom/pm-signals.d.ts.map +1 -0
- package/dist/analyzers/bom/pm-signals.js +200 -0
- package/dist/analyzers/bom/pm-signals.js.map +1 -0
- package/dist/analyzers/xlsx/bom.d.ts +29 -18
- package/dist/analyzers/xlsx/bom.d.ts.map +1 -1
- package/dist/analyzers/xlsx/bom.js +386 -71
- package/dist/analyzers/xlsx/bom.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,86 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.3.2] - 2026-04-24
|
|
11
|
+
|
|
12
|
+
PM-grade bom reports. The xlsx and markdown outputs both restructure
|
|
13
|
+
around decision-making (what to fix, who to call, what to plan) rather
|
|
14
|
+
than enumeration (here are all the packages, figure it out).
|
|
15
|
+
|
|
16
|
+
### Added — markdown report
|
|
17
|
+
|
|
18
|
+
- **🎯 Executive Summary** at the top: ship-blocker count, sprint-sized
|
|
19
|
+
finding count (risk ≥ 40), license exposure (copyleft-strong + unknown
|
|
20
|
+
counts), staleness (> 3y old packages), highest-leverage upgrade. One
|
|
21
|
+
screen, written for a PM who needs "can we ship?" without scrolling.
|
|
22
|
+
|
|
23
|
+
- **Reconciliation prose** on "Top-Level Dep Groups" explaining why the
|
|
24
|
+
numbers don't sum to the Summary totals — each CVE is counted once per
|
|
25
|
+
top-level parent it reaches through, by design. "Advisories" column
|
|
26
|
+
renamed to "Rolled-up Advisories" to reinforce the different semantics.
|
|
27
|
+
|
|
28
|
+
### Added — xlsx report (4-sheet workbook, replaces the single `platform` sheet)
|
|
29
|
+
|
|
30
|
+
1. **`Executive Summary`** — KV grid on one screen: totals, severity
|
|
31
|
+
breakdown, top ship-blocker, highest-leverage upgrade, license-class
|
|
32
|
+
counts (Permissive / Copyleft weak & strong / Proprietary / Unknown),
|
|
33
|
+
staleness counts, tool provenance.
|
|
34
|
+
|
|
35
|
+
2. **`Triage`** — top 10 findings ranked by composite riskScore.
|
|
36
|
+
Columns: Priority / Risk / Severity / KEV / Reachable /
|
|
37
|
+
Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
|
|
38
|
+
Rationale.
|
|
39
|
+
|
|
40
|
+
3. **`Inventory`** — the legacy 15-column customer format (unchanged
|
|
41
|
+
byte-for-byte on cols 1–15) with **4 columns appended** (16–19):
|
|
42
|
+
Risk / KEV / Reachable / EPSS, plus a bonus col 20 for CVSS (max).
|
|
43
|
+
Sort by col 16 desc for the same triage ordering sheet 2 uses.
|
|
44
|
+
|
|
45
|
+
4. **`License Breakdown`** — pivot: license type × count × risk class ×
|
|
46
|
+
sample packages. Copyleft-strong licenses surface at the top; unknown
|
|
47
|
+
bucket flags licenses the classifier didn't recognise (legitimate
|
|
48
|
+
human-review candidates like `CC-BY-4.0`).
|
|
49
|
+
|
|
50
|
+
### Added — shared pm-signals module
|
|
51
|
+
|
|
52
|
+
New `src/analyzers/bom/pm-signals.ts` with pure helpers the markdown
|
|
53
|
+
and xlsx renderers both use:
|
|
54
|
+
|
|
55
|
+
- `licenseClass(licenseType)` — SPDX-id → `permissive` | `copyleft-weak` |
|
|
56
|
+
`copyleft-strong` | `proprietary` | `unknown`. Handles compound
|
|
57
|
+
expressions (`MIT OR GPL-3.0` classifies as `copyleft-strong`, the
|
|
58
|
+
stricter class), parenthesised forms (`(Apache-2.0 OR UPL-1.0)`),
|
|
59
|
+
legacy `"MIT license"` / `"Apache 2.0 license"` suffixes, and known
|
|
60
|
+
proprietary markers (`UNLICENSED`, `SEE LICENSE IN ...`).
|
|
61
|
+
|
|
62
|
+
- `stalenessTier(releaseDate)` — `fresh` (< 1y) / `aging` (1–3y) /
|
|
63
|
+
`stale` (≥ 3y) / `unknown`. Injectable `now` for deterministic tests.
|
|
64
|
+
|
|
65
|
+
- `effortEstimate(entry)` — `trivial` (patch bump) / `moderate` (minor
|
|
66
|
+
bump) / `major` (breaking) / `blocked` (no fix available). Derived
|
|
67
|
+
from semver delta; multi-vuln entries escalate to the worst tier seen.
|
|
68
|
+
|
|
69
|
+
Derivations deliberately stay in the renderer layer rather than on
|
|
70
|
+
`DepVulnFinding` / `LicenseFinding` so the analyzer contract is
|
|
71
|
+
unchanged — consumers can re-derive trivially if needed.
|
|
72
|
+
|
|
73
|
+
### Changed (breaking-ish — see note)
|
|
74
|
+
|
|
75
|
+
- Xlsx sheet layout changed from single `"platform"` sheet to a 4-sheet
|
|
76
|
+
workbook. **Consumers hardcoding sheet name `"platform"` will break.**
|
|
77
|
+
The legacy 15-column layout is preserved byte-for-byte on the renamed
|
|
78
|
+
`"Inventory"` sheet. Appended cols 16–19 are additive.
|
|
79
|
+
|
|
80
|
+
### Validation
|
|
81
|
+
|
|
82
|
+
- 715 tests passing (+18 pm-signals cases: license class mapping,
|
|
83
|
+
compound expressions, staleness thresholds, effort semver deltas).
|
|
84
|
+
- Typecheck + lint + format + architecture + pre-push CI-mirror gate clean.
|
|
85
|
+
- vyuhlabs-platform smoke: all 4 sheets render correctly, exec summary
|
|
86
|
+
surfaces 3 ship-blockers + 9 sprint-risk findings + pm2 flagged
|
|
87
|
+
copyleft-strong, `@loopback/rest` surfaces as highest-leverage upgrade
|
|
88
|
+
(27 transitive advisories, worst CRITICAL).
|
|
89
|
+
|
|
10
90
|
## [2.3.1] - 2026-04-24
|
|
11
91
|
|
|
12
92
|
Patch release fixing three install-robustness issues reported on a
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,SAAS,CAAC;AAEhE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;0EAMsE;IACtE,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;;;yCAKqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,SAAS,CAAC,CAqDpB;AAiCD;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAoD9F;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAsP1E"}
|
|
@@ -56,6 +56,7 @@ const detect_1 = require("../../detect");
|
|
|
56
56
|
const runner_1 = require("../tools/runner");
|
|
57
57
|
const discovery_1 = require("./discovery");
|
|
58
58
|
const gather_1 = require("./gather");
|
|
59
|
+
const pm_signals_1 = require("./pm-signals");
|
|
59
60
|
async function analyzeBom(repoPath, options = {}) {
|
|
60
61
|
const stack = (0, detect_1.detect)(repoPath);
|
|
61
62
|
const nested = options.nested ?? true;
|
|
@@ -207,6 +208,10 @@ function formatBomReport(report, elapsed) {
|
|
|
207
208
|
L.push('');
|
|
208
209
|
L.push('---');
|
|
209
210
|
L.push('');
|
|
211
|
+
// Executive Summary — one-screen answer to "what's the state of this
|
|
212
|
+
// repo's deps". Written for a PM / security reviewer who needs to
|
|
213
|
+
// decide "can we ship?" without scrolling.
|
|
214
|
+
writeExecutiveSummaryMd(L, report);
|
|
210
215
|
// "This Week's Triage" — top advisories by riskScore, rendered
|
|
211
216
|
// before the summary so the reader sees what to fix *first* above
|
|
212
217
|
// the statistical overview. Only included when at least one
|
|
@@ -289,14 +294,21 @@ function formatBomReport(report, elapsed) {
|
|
|
289
294
|
'Sorted by severity, then advisory count — the top row is the single ' +
|
|
290
295
|
'upgrade that resolves the most critical/highest-volume issues.');
|
|
291
296
|
L.push('');
|
|
297
|
+
L.push('> **Scope note:** this section walks **transitive** advisories too, so its numbers ' +
|
|
298
|
+
"intentionally don't sum to the Summary totals above. `Rolled-up Advisories` counts " +
|
|
299
|
+
'each CVE once per top-level parent it reaches through — the same CVE under two ' +
|
|
300
|
+
'parents is counted twice, because upgrading either parent resolves it. A CRITICAL ' +
|
|
301
|
+
'here can exist even when zero directly-listed packages are CRITICAL — it means ' +
|
|
302
|
+
'a transitive dep is critical and upgrading this top-level clears it.');
|
|
303
|
+
L.push('');
|
|
292
304
|
const SEV_RANK = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
293
305
|
const sorted = topLevelEntries.sort((a, b) => SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
|
|
294
306
|
b[1].advisoryCount - a[1].advisoryCount ||
|
|
295
307
|
a[0].localeCompare(b[0]));
|
|
296
308
|
const cap = 30;
|
|
297
309
|
const shown = sorted.slice(0, cap);
|
|
298
|
-
L.push('| Worst Severity | Top-Level Dep | Advisories | Vulnerable Packages |');
|
|
299
|
-
L.push('
|
|
310
|
+
L.push('| Worst Severity | Top-Level Dep | Rolled-up Advisories | Vulnerable Packages |');
|
|
311
|
+
L.push('|----------------|---------------|---------------------:|---------------------|');
|
|
300
312
|
for (const [top, r] of shown) {
|
|
301
313
|
const pkgCap = 8;
|
|
302
314
|
const pkgList = r.packages.length > pkgCap
|
|
@@ -393,4 +405,68 @@ function formatBomReport(report, elapsed) {
|
|
|
393
405
|
L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*');
|
|
394
406
|
return L.join('\n');
|
|
395
407
|
}
|
|
408
|
+
// ─── Executive Summary (top of bom markdown) ────────────────────────────────
|
|
409
|
+
/**
|
|
410
|
+
* One-screen exec summary. Four question-driven lines:
|
|
411
|
+
* 1. Can we ship? (0 blockers if no KEV + high-risk reachable finding)
|
|
412
|
+
* 2. What's the sprint list? (count of risk-tier findings)
|
|
413
|
+
* 3. License compliance exposure? (count of copyleft-strong + unknown)
|
|
414
|
+
* 4. Staleness? (count of deps > 2 years old)
|
|
415
|
+
* Plus the single upgrade with biggest blast-radius win (byTopLevelDep top).
|
|
416
|
+
*/
|
|
417
|
+
function writeExecutiveSummaryMd(L, report) {
|
|
418
|
+
const s = report.summary;
|
|
419
|
+
L.push('## 🎯 Executive Summary');
|
|
420
|
+
L.push('');
|
|
421
|
+
// Ship-blockers: Critical or High + (KEV or reachable) — this is the "drop
|
|
422
|
+
// everything" bucket. Anything severe + evidence of real-world risk.
|
|
423
|
+
let shipBlockers = 0;
|
|
424
|
+
let actionable = 0;
|
|
425
|
+
for (const e of report.entries) {
|
|
426
|
+
for (const v of e.vulns) {
|
|
427
|
+
const sev = v.severity === 'critical' || v.severity === 'high';
|
|
428
|
+
const realRisk = v.kev === true || v.reachable === true;
|
|
429
|
+
if (sev && realRisk)
|
|
430
|
+
shipBlockers++;
|
|
431
|
+
if (typeof v.riskScore === 'number' && v.riskScore >= 40)
|
|
432
|
+
actionable++;
|
|
433
|
+
}
|
|
434
|
+
}
|
|
435
|
+
const blockerLine = shipBlockers === 0
|
|
436
|
+
? '✅ **0 ship-blockers** (no critical/high advisories are KEV-listed AND reachable)'
|
|
437
|
+
: `🚫 **${shipBlockers} ship-blocker${shipBlockers === 1 ? '' : 's'}** — critical/high severity + (KEV or reachable). See "This Week's Triage" below.`;
|
|
438
|
+
L.push(`- ${blockerLine}`);
|
|
439
|
+
L.push(`- 🔥 **${actionable} finding${actionable === 1 ? '' : 's'} for this sprint** (risk score ≥ 40)`);
|
|
440
|
+
// License exposure
|
|
441
|
+
const licByClass = new Map();
|
|
442
|
+
for (const e of report.entries) {
|
|
443
|
+
const c = (0, pm_signals_1.licenseClass)(e.licenseType);
|
|
444
|
+
licByClass.set(c, (licByClass.get(c) ?? 0) + 1);
|
|
445
|
+
}
|
|
446
|
+
const strong = licByClass.get('copyleft-strong') ?? 0;
|
|
447
|
+
const unknownLic = licByClass.get('unknown') ?? 0;
|
|
448
|
+
const licBits = [];
|
|
449
|
+
if (strong > 0)
|
|
450
|
+
licBits.push(`${strong} copyleft-strong (review obligations)`);
|
|
451
|
+
if (unknownLic > 0)
|
|
452
|
+
licBits.push(`${unknownLic} unknown (needs classification)`);
|
|
453
|
+
L.push(`- 📜 **License exposure:** ${licBits.length > 0 ? licBits.join('; ') : 'all permissive — no action needed'}`);
|
|
454
|
+
// Staleness
|
|
455
|
+
const now = new Date();
|
|
456
|
+
const staleCount = report.entries.filter((e) => (0, pm_signals_1.stalenessTier)(e.releaseDate, now) === 'stale').length;
|
|
457
|
+
L.push(`- 🗓️ **Staleness:** ${staleCount} package${staleCount === 1 ? '' : 's'} released > 3 years ago`);
|
|
458
|
+
// Highest-leverage upgrade
|
|
459
|
+
const rollup = Object.entries(s.byTopLevelDep).sort((a, b) => {
|
|
460
|
+
const SEV_RANK = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
461
|
+
return (SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
|
|
462
|
+
b[1].advisoryCount - a[1].advisoryCount);
|
|
463
|
+
});
|
|
464
|
+
if (rollup.length > 0) {
|
|
465
|
+
const [name, r] = rollup[0];
|
|
466
|
+
L.push(`- 🎯 **Highest-leverage upgrade:** \`${name}\` — resolves up to ${r.advisoryCount} transitive advisor${r.advisoryCount === 1 ? 'y' : 'ies'} (worst ${SEV_BADGE[r.maxSeverity]})`);
|
|
467
|
+
}
|
|
468
|
+
L.push('');
|
|
469
|
+
L.push('---');
|
|
470
|
+
L.push('');
|
|
471
|
+
}
|
|
396
472
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCH,gCAwDC;AAgED,0CAoDC;AAED,0CAwOC;AApbD,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AA0BhF,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QAChF,CAAC,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;QAChF,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiCH,gCAwDC;AAgED,0CAoDC;AAED,0CAsPC;AAncD,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AACvF,6CAA8E;AA0BvE,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,qEAAqE;IACrE,kEAAkE;IAClE,2CAA2C;IAC3C,uBAAuB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEnC,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,qFAAqF;YACrF,iFAAiF;YACjF,oFAAoF;YACpF,iFAAiF;YACjF,sEAAsE,CACzE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,CAAW,EAAE,MAAiB;IAC7D,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC;YACxD,IAAI,GAAG,IAAI,QAAQ;gBAAE,YAAY,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE;gBAAE,UAAU,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GACf,YAAY,KAAK,CAAC;QAChB,CAAC,CAAC,kFAAkF;QACpF,CAAC,CAAC,QAAQ,YAAY,gBAAgB,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,mFAAmF,CAAC;IAC3J,CAAC,CAAC,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC,CAAC;IAE3B,CAAC,CAAC,IAAI,CACJ,UAAU,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,sCAAsC,CACjG,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,uCAAuC,CAAC,CAAC;IAC/E,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,iCAAiC,CAAC,CAAC;IACjF,CAAC,CAAC,IAAI,CACJ,8BAA8B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mCAAmC,EAAE,CAC9G,CAAC;IAEF,YAAY;IACZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,OAAO,CACrD,CAAC,MAAM,CAAC;IACT,CAAC,CAAC,IAAI,CACJ,wBAAwB,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,yBAAyB,CAClG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CACxC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC,CAAC,IAAI,CACJ,wCAAwC,IAAI,uBAAuB,CAAC,CAAC,aAAa,sBAAsB,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAClL,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PM-oriented derived signals for bom renderers (2.3.2).
|
|
3
|
+
*
|
|
4
|
+
* Pure helpers that project raw finding fields into categorical
|
|
5
|
+
* signals a non-technical reviewer can sort/filter/decide on without
|
|
6
|
+
* domain expertise:
|
|
7
|
+
*
|
|
8
|
+
* - `licenseClass(licenseType)` — SPDX-id → permissive / copyleft-
|
|
9
|
+
* weak / copyleft-strong / proprietary / unknown. Lets a PM
|
|
10
|
+
* filter the inventory for "anything I need a lawyer to sign off".
|
|
11
|
+
*
|
|
12
|
+
* - `stalenessTier(releaseDate)` — ISO date → fresh (< 1y) / aging
|
|
13
|
+
* (1–3y) / stale (≥ 3y). Lets a PM see deps that may no longer
|
|
14
|
+
* be maintained without knowing semver or npm-registry API.
|
|
15
|
+
*
|
|
16
|
+
* - `effortEstimate(entry)` — packs the entry's upgrade path into
|
|
17
|
+
* trivial / moderate / major / blocked. Derived from
|
|
18
|
+
* installedVersion → fixedVersion semver delta or "no fix available".
|
|
19
|
+
* Helps scope sprint commitments.
|
|
20
|
+
*
|
|
21
|
+
* These deliberately live OUTSIDE `capabilities/types.ts` so the
|
|
22
|
+
* finding types stay the analyzer contract and these are strictly
|
|
23
|
+
* rendering helpers. If downstream consumers later need them in the
|
|
24
|
+
* JSON output, they can be promoted to type fields in a minor bump.
|
|
25
|
+
*/
|
|
26
|
+
import type { BomEntry } from './types';
|
|
27
|
+
export type LicenseClass = 'permissive' | 'copyleft-weak' | 'copyleft-strong' | 'proprietary' | 'unknown';
|
|
28
|
+
/**
|
|
29
|
+
* Classify a license string from a `LicenseFinding`. Accepts raw SPDX
|
|
30
|
+
* ids, compound expressions (`"MIT OR Apache-2.0"` — classifies by the
|
|
31
|
+
* first recognised token), and human-readable variants. Unrecognised
|
|
32
|
+
* input returns `'unknown'` so the caller can surface the raw string
|
|
33
|
+
* for human review.
|
|
34
|
+
*/
|
|
35
|
+
export declare function licenseClass(licenseType: string | undefined): LicenseClass;
|
|
36
|
+
export type StalenessTier = 'fresh' | 'aging' | 'stale' | 'unknown';
|
|
37
|
+
/**
|
|
38
|
+
* Classify package freshness from an ISO-8601 release date. Threshold
|
|
39
|
+
* picked for PM sensibility: "< 1 year" is current, "1–3 years" starts
|
|
40
|
+
* getting stale, "≥ 3 years" warrants a "still maintained?" conversation.
|
|
41
|
+
*
|
|
42
|
+
* `now` is injectable so tests don't drift over time.
|
|
43
|
+
*/
|
|
44
|
+
export declare function stalenessTier(releaseDate: string | undefined, now?: Date): StalenessTier;
|
|
45
|
+
export type EffortEstimate = 'trivial' | 'moderate' | 'major' | 'blocked';
|
|
46
|
+
/**
|
|
47
|
+
* Estimate the effort to remediate a vulnerable package.
|
|
48
|
+
*
|
|
49
|
+
* - `blocked`: no advisory has a `fixedVersion` → requires a drop-in
|
|
50
|
+
* replacement or living-with-it exception.
|
|
51
|
+
* - `trivial`: every advisory's fix is a patch-version bump (same
|
|
52
|
+
* major+minor). Low-risk npm install away.
|
|
53
|
+
* - `moderate`: fix is a minor-version bump (same major). API-additive;
|
|
54
|
+
* contract-stable but light testing warranted.
|
|
55
|
+
* - `major`: fix is a major-version bump. Potential breaking changes;
|
|
56
|
+
* read the changelog before committing.
|
|
57
|
+
*
|
|
58
|
+
* Extracts semver by numeric parse of the first three dotted components
|
|
59
|
+
* (strips a leading `v` Go-style). Non-parseable or multi-vuln mixtures
|
|
60
|
+
* escalate to the highest effort tier seen.
|
|
61
|
+
*/
|
|
62
|
+
export declare function effortEstimate(entry: BomEntry): EffortEstimate;
|
|
63
|
+
//# sourceMappingURL=pm-signals.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pm-signals.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/pm-signals.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAIxC,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,eAAe,GACf,iBAAiB,GACjB,aAAa,GACb,SAAS,CAAC;AAuDd;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,GAAG,YAAY,CAgC1E;AAID,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAC;AAIpE;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,GAAG,GAAE,IAAiB,GACrB,aAAa,CAQf;AAID,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,OAAO,GAAG,SAAS,CAAC;AAE1E;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,QAAQ,GAAG,cAAc,CAqB9D"}
|
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* PM-oriented derived signals for bom renderers (2.3.2).
|
|
4
|
+
*
|
|
5
|
+
* Pure helpers that project raw finding fields into categorical
|
|
6
|
+
* signals a non-technical reviewer can sort/filter/decide on without
|
|
7
|
+
* domain expertise:
|
|
8
|
+
*
|
|
9
|
+
* - `licenseClass(licenseType)` — SPDX-id → permissive / copyleft-
|
|
10
|
+
* weak / copyleft-strong / proprietary / unknown. Lets a PM
|
|
11
|
+
* filter the inventory for "anything I need a lawyer to sign off".
|
|
12
|
+
*
|
|
13
|
+
* - `stalenessTier(releaseDate)` — ISO date → fresh (< 1y) / aging
|
|
14
|
+
* (1–3y) / stale (≥ 3y). Lets a PM see deps that may no longer
|
|
15
|
+
* be maintained without knowing semver or npm-registry API.
|
|
16
|
+
*
|
|
17
|
+
* - `effortEstimate(entry)` — packs the entry's upgrade path into
|
|
18
|
+
* trivial / moderate / major / blocked. Derived from
|
|
19
|
+
* installedVersion → fixedVersion semver delta or "no fix available".
|
|
20
|
+
* Helps scope sprint commitments.
|
|
21
|
+
*
|
|
22
|
+
* These deliberately live OUTSIDE `capabilities/types.ts` so the
|
|
23
|
+
* finding types stay the analyzer contract and these are strictly
|
|
24
|
+
* rendering helpers. If downstream consumers later need them in the
|
|
25
|
+
* JSON output, they can be promoted to type fields in a minor bump.
|
|
26
|
+
*/
|
|
27
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
28
|
+
exports.licenseClass = licenseClass;
|
|
29
|
+
exports.stalenessTier = stalenessTier;
|
|
30
|
+
exports.effortEstimate = effortEstimate;
|
|
31
|
+
/** Known-permissive SPDX ids. Matching is forgiving — `MIT`, `MIT license`,
|
|
32
|
+
* `MIT (fork)` all map to the same class. Bench xlsx was full of
|
|
33
|
+
* human-readable suffixes; this logic normalises them away. */
|
|
34
|
+
const PERMISSIVE = new Set([
|
|
35
|
+
'mit',
|
|
36
|
+
'mit-0',
|
|
37
|
+
'apache-2.0',
|
|
38
|
+
'apache 2.0',
|
|
39
|
+
'apache-1.1',
|
|
40
|
+
'bsd',
|
|
41
|
+
'bsd-2-clause',
|
|
42
|
+
'bsd-3-clause',
|
|
43
|
+
'bsd-3-clause-clear',
|
|
44
|
+
'0bsd',
|
|
45
|
+
'isc',
|
|
46
|
+
'zlib',
|
|
47
|
+
'unlicense',
|
|
48
|
+
'cc0-1.0',
|
|
49
|
+
'wtfpl',
|
|
50
|
+
'python-2.0',
|
|
51
|
+
'python',
|
|
52
|
+
'psf-2.0',
|
|
53
|
+
'artistic-2.0',
|
|
54
|
+
'artistic-1.0',
|
|
55
|
+
'boost',
|
|
56
|
+
'bsl-1.0',
|
|
57
|
+
'upl-1.0', // Universal Permissive License
|
|
58
|
+
]);
|
|
59
|
+
const COPYLEFT_STRONG = new Set([
|
|
60
|
+
'gpl-2.0',
|
|
61
|
+
'gpl-3.0',
|
|
62
|
+
'gpl',
|
|
63
|
+
'agpl-3.0',
|
|
64
|
+
'agpl-1.0',
|
|
65
|
+
'agpl',
|
|
66
|
+
'sspl-1.0',
|
|
67
|
+
]);
|
|
68
|
+
const COPYLEFT_WEAK = new Set([
|
|
69
|
+
'lgpl-2.1',
|
|
70
|
+
'lgpl-3.0',
|
|
71
|
+
'lgpl',
|
|
72
|
+
'mpl-1.1',
|
|
73
|
+
'mpl-2.0',
|
|
74
|
+
'epl-1.0',
|
|
75
|
+
'epl-2.0',
|
|
76
|
+
'cddl-1.0',
|
|
77
|
+
'cddl-1.1',
|
|
78
|
+
]);
|
|
79
|
+
const PROPRIETARY_MARKERS = ['UNLICENSED', 'SEE LICENSE IN', 'PROPRIETARY', 'COMMERCIAL'];
|
|
80
|
+
/**
|
|
81
|
+
* Classify a license string from a `LicenseFinding`. Accepts raw SPDX
|
|
82
|
+
* ids, compound expressions (`"MIT OR Apache-2.0"` — classifies by the
|
|
83
|
+
* first recognised token), and human-readable variants. Unrecognised
|
|
84
|
+
* input returns `'unknown'` so the caller can surface the raw string
|
|
85
|
+
* for human review.
|
|
86
|
+
*/
|
|
87
|
+
function licenseClass(licenseType) {
|
|
88
|
+
if (!licenseType || licenseType === 'UNKNOWN' || licenseType.trim().length === 0) {
|
|
89
|
+
return 'unknown';
|
|
90
|
+
}
|
|
91
|
+
const upper = licenseType.toUpperCase();
|
|
92
|
+
for (const marker of PROPRIETARY_MARKERS) {
|
|
93
|
+
if (upper.includes(marker))
|
|
94
|
+
return 'proprietary';
|
|
95
|
+
}
|
|
96
|
+
// Compound expressions: split on OR/AND, classify each, take the
|
|
97
|
+
// strictest class (copyleft > permissive > unknown). Prevents an
|
|
98
|
+
// `MIT OR GPL-3.0` from reading as harmless MIT when the user can
|
|
99
|
+
// also be tied to GPL obligations. Strip surrounding punctuation
|
|
100
|
+
// (parens/brackets) that license-checker sometimes emits on
|
|
101
|
+
// compound expressions like `(Apache-2.0 OR UPL-1.0)`.
|
|
102
|
+
const cleaned = licenseType.replace(/[()[\]{}]/g, ' ').trim();
|
|
103
|
+
const tokens = cleaned
|
|
104
|
+
.split(/\s+(?:OR|AND|\/|\|)\s+|\s+license\s*$/i)
|
|
105
|
+
.map((t) => t
|
|
106
|
+
.trim()
|
|
107
|
+
.toLowerCase()
|
|
108
|
+
.replace(/^apache\s+/, 'apache-')
|
|
109
|
+
.replace(/\s+/g, '-'))
|
|
110
|
+
.filter(Boolean);
|
|
111
|
+
let worst = 'unknown';
|
|
112
|
+
for (const norm of tokens) {
|
|
113
|
+
if (COPYLEFT_STRONG.has(norm))
|
|
114
|
+
return 'copyleft-strong';
|
|
115
|
+
if (COPYLEFT_WEAK.has(norm))
|
|
116
|
+
worst = 'copyleft-weak';
|
|
117
|
+
else if (PERMISSIVE.has(norm) && worst === 'unknown')
|
|
118
|
+
worst = 'permissive';
|
|
119
|
+
}
|
|
120
|
+
return worst;
|
|
121
|
+
}
|
|
122
|
+
const YEAR_MS = 365 * 24 * 60 * 60 * 1000;
|
|
123
|
+
/**
|
|
124
|
+
* Classify package freshness from an ISO-8601 release date. Threshold
|
|
125
|
+
* picked for PM sensibility: "< 1 year" is current, "1–3 years" starts
|
|
126
|
+
* getting stale, "≥ 3 years" warrants a "still maintained?" conversation.
|
|
127
|
+
*
|
|
128
|
+
* `now` is injectable so tests don't drift over time.
|
|
129
|
+
*/
|
|
130
|
+
function stalenessTier(releaseDate, now = new Date()) {
|
|
131
|
+
if (!releaseDate)
|
|
132
|
+
return 'unknown';
|
|
133
|
+
const t = Date.parse(releaseDate);
|
|
134
|
+
if (Number.isNaN(t))
|
|
135
|
+
return 'unknown';
|
|
136
|
+
const ageMs = now.getTime() - t;
|
|
137
|
+
if (ageMs < YEAR_MS)
|
|
138
|
+
return 'fresh';
|
|
139
|
+
if (ageMs < 3 * YEAR_MS)
|
|
140
|
+
return 'aging';
|
|
141
|
+
return 'stale';
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Estimate the effort to remediate a vulnerable package.
|
|
145
|
+
*
|
|
146
|
+
* - `blocked`: no advisory has a `fixedVersion` → requires a drop-in
|
|
147
|
+
* replacement or living-with-it exception.
|
|
148
|
+
* - `trivial`: every advisory's fix is a patch-version bump (same
|
|
149
|
+
* major+minor). Low-risk npm install away.
|
|
150
|
+
* - `moderate`: fix is a minor-version bump (same major). API-additive;
|
|
151
|
+
* contract-stable but light testing warranted.
|
|
152
|
+
* - `major`: fix is a major-version bump. Potential breaking changes;
|
|
153
|
+
* read the changelog before committing.
|
|
154
|
+
*
|
|
155
|
+
* Extracts semver by numeric parse of the first three dotted components
|
|
156
|
+
* (strips a leading `v` Go-style). Non-parseable or multi-vuln mixtures
|
|
157
|
+
* escalate to the highest effort tier seen.
|
|
158
|
+
*/
|
|
159
|
+
function effortEstimate(entry) {
|
|
160
|
+
if (entry.vulns.length === 0)
|
|
161
|
+
return 'trivial'; // unreachable under normal rendering
|
|
162
|
+
const installed = parseSemverTriple(entry.version);
|
|
163
|
+
let worst = 'trivial';
|
|
164
|
+
let anyFixMissing = false;
|
|
165
|
+
for (const v of entry.vulns) {
|
|
166
|
+
if (!v.fixedVersion) {
|
|
167
|
+
anyFixMissing = true;
|
|
168
|
+
continue;
|
|
169
|
+
}
|
|
170
|
+
const fix = parseSemverTriple(v.fixedVersion);
|
|
171
|
+
if (!installed || !fix) {
|
|
172
|
+
worst = worstOf(worst, 'major');
|
|
173
|
+
continue;
|
|
174
|
+
}
|
|
175
|
+
if (fix[0] > installed[0])
|
|
176
|
+
worst = worstOf(worst, 'major');
|
|
177
|
+
else if (fix[1] > installed[1])
|
|
178
|
+
worst = worstOf(worst, 'moderate');
|
|
179
|
+
// patch bumps or lower stay 'trivial'
|
|
180
|
+
}
|
|
181
|
+
if (anyFixMissing)
|
|
182
|
+
return 'blocked';
|
|
183
|
+
return worst;
|
|
184
|
+
}
|
|
185
|
+
function parseSemverTriple(v) {
|
|
186
|
+
const stripped = v.replace(/^v/, '');
|
|
187
|
+
const parts = stripped.split(/[.+-]/).slice(0, 3).map(Number);
|
|
188
|
+
if (parts.length < 3 || parts.some(Number.isNaN))
|
|
189
|
+
return null;
|
|
190
|
+
return parts;
|
|
191
|
+
}
|
|
192
|
+
function worstOf(a, b) {
|
|
193
|
+
const rank = {
|
|
194
|
+
trivial: 0,
|
|
195
|
+
moderate: 1,
|
|
196
|
+
major: 2,
|
|
197
|
+
};
|
|
198
|
+
return rank[a] >= rank[b] ? a : b;
|
|
199
|
+
}
|
|
200
|
+
//# sourceMappingURL=pm-signals.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pm-signals.js","sourceRoot":"","sources":["../../../src/analyzers/bom/pm-signals.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;;AAyEH,oCAgCC;AAeD,sCAWC;AAsBD,wCAqBC;AAjKD;;gEAEgE;AAChE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK;IACL,OAAO;IACP,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,KAAK;IACL,cAAc;IACd,cAAc;IACd,oBAAoB;IACpB,MAAM;IACN,KAAK;IACL,MAAM;IACN,WAAW;IACX,SAAS;IACT,OAAO;IACP,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,cAAc;IACd,cAAc;IACd,OAAO;IACP,SAAS;IACT,SAAS,EAAE,+BAA+B;CAC3C,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,SAAS;IACT,SAAS;IACT,KAAK;IACL,UAAU;IACV,UAAU;IACV,MAAM;IACN,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,UAAU;IACV,UAAU;IACV,MAAM;IACN,SAAS;IACT,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AAE1F;;;;;;GAMG;AACH,SAAgB,YAAY,CAAC,WAA+B;IAC1D,IAAI,CAAC,WAAW,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjF,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACxC,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,aAAa,CAAC;IACnD,CAAC;IACD,iEAAiE;IACjE,iEAAiE;IACjE,kEAAkE;IAClE,iEAAiE;IACjE,4DAA4D;IAC5D,uDAAuD;IACvD,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,OAAO;SACnB,KAAK,CAAC,wCAAwC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,CAAC;SACE,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,YAAY,EAAE,SAAS,CAAC;SAChC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CACxB;SACA,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,IAAI,KAAK,GAAiB,SAAS,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,iBAAiB,CAAC;QACxD,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,KAAK,GAAG,eAAe,CAAC;aAChD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,SAAS;YAAE,KAAK,GAAG,YAAY,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAMD,MAAM,OAAO,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1C;;;;;;GAMG;AACH,SAAgB,aAAa,CAC3B,WAA+B,EAC/B,MAAY,IAAI,IAAI,EAAE;IAEtB,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACtC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,GAAG,OAAO;QAAE,OAAO,OAAO,CAAC;IACpC,IAAI,KAAK,GAAG,CAAC,GAAG,OAAO;QAAE,OAAO,OAAO,CAAC;IACxC,OAAO,OAAO,CAAC;AACjB,CAAC;AAMD;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,cAAc,CAAC,KAAe;IAC5C,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC,CAAC,qCAAqC;IACrF,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,KAAK,GAAqC,SAAS,CAAC;IACxD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YACpB,aAAa,GAAG,IAAI,CAAC;YACrB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;aACtD,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACnE,sCAAsC;IACxC,CAAC;IACD,IAAI,aAAa;QAAE,OAAO,SAAS,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAS;IAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,KAAiC,CAAC;AAC3C,CAAC;AAED,SAAS,OAAO,CAA6C,CAAI,EAAE,CAAI;IACrE,MAAM,IAAI,GAAqD;QAC7D,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,CAAC;QACX,KAAK,EAAE,CAAC;KACT,CAAC;IACF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC"}
|
|
@@ -1,27 +1,38 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* XLSX converter — bom report.
|
|
2
|
+
* XLSX converter — bom report (2.3.2 PM-grade restructure).
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
* file is a drop-in replacement for the customer's hand-built sheet,
|
|
6
|
-
* but cols 11/12/13 are now mechanically populated from the joined
|
|
7
|
-
* dep-vuln data:
|
|
8
|
-
* - col 11 "Criticality of usage of this version" — max severity
|
|
9
|
-
* across the package's advisories ("Critical (3 vulns)") or
|
|
10
|
-
* blank when no known vulns.
|
|
11
|
-
* - col 12 "Vulnerability Issues" — semicolon-joined advisory list
|
|
12
|
-
* ("GHSA-XXXX: title; CVE-YYYY: title; ..."). Truncated per
|
|
13
|
-
* advisory to keep the cell readable.
|
|
14
|
-
* - col 13 "Resolution" — the bom entry's `upgradeAdvice` (Tier-1
|
|
15
|
-
* "PROPOSAL: Upgrade to ..." or "No fix available — ...").
|
|
4
|
+
* Produces a 4-sheet workbook tuned for a PM / security reviewer:
|
|
16
5
|
*
|
|
17
|
-
*
|
|
18
|
-
*
|
|
6
|
+
* 1. `Executive Summary` — KV grid on one screen: totals, severity
|
|
7
|
+
* breakdown, top upgrade, license-class counts, staleness counts,
|
|
8
|
+
* tool provenance, analysis time.
|
|
9
|
+
*
|
|
10
|
+
* 2. `Triage` — top 10 findings ranked by composite riskScore, with
|
|
11
|
+
* PM-friendly columns (Priority / Risk / Severity / KEV / Reach /
|
|
12
|
+
* Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
|
|
13
|
+
* Rationale). Sort key is `riskScore desc`; ties resolve by
|
|
14
|
+
* severity then package name. The list shown here is the same
|
|
15
|
+
* one the markdown's "This Week's Triage" section surfaces, so
|
|
16
|
+
* markdown + xlsx tell the same story.
|
|
17
|
+
*
|
|
18
|
+
* 3. `Inventory` — legacy 15-col customer-format sheet with 4 columns
|
|
19
|
+
* appended (cols 16–19): Risk / KEV / Reachable / EPSS. Sorting
|
|
20
|
+
* by col 16 desc gives the same triage order as sheet 2; the
|
|
21
|
+
* legacy cols 1–15 stay byte-identical to the pre-2.3.2 format
|
|
22
|
+
* for reviewers who have hand-built dashboards on specific cells.
|
|
23
|
+
*
|
|
24
|
+
* 4. `License Breakdown` — pivot: license type × count × risk class
|
|
25
|
+
* × sample packages. Lets a PM filter for "copyleft-strong" or
|
|
26
|
+
* "unknown" licenses without eyeballing the full inventory.
|
|
27
|
+
*
|
|
28
|
+
* All derivations (license class, staleness tier, effort estimate)
|
|
29
|
+
* live in `src/analyzers/bom/pm-signals.ts` so the markdown renderer
|
|
30
|
+
* shares the same classification logic — PM sees consistent labels
|
|
31
|
+
* regardless of which report surface they're reading.
|
|
19
32
|
*/
|
|
20
33
|
import type { BomReport } from '../bom/types';
|
|
21
34
|
/**
|
|
22
|
-
* Render a `BomReport` as
|
|
23
|
-
* bytes. Sort matches the licenses converter (alphabetical by package)
|
|
24
|
-
* for diff-stable output across runs.
|
|
35
|
+
* Render a `BomReport` as a multi-sheet XLSX workbook.
|
|
25
36
|
*/
|
|
26
37
|
export declare function toBomXlsx(report: BomReport): Promise<Buffer>;
|
|
27
38
|
//# sourceMappingURL=bom.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,cAAc,CAAC;AAoHrE;;GAEG;AACH,wBAAsB,SAAS,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAYlE"}
|
|
@@ -1,22 +1,35 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/**
|
|
3
|
-
* XLSX converter — bom report.
|
|
3
|
+
* XLSX converter — bom report (2.3.2 PM-grade restructure).
|
|
4
4
|
*
|
|
5
|
-
*
|
|
6
|
-
* file is a drop-in replacement for the customer's hand-built sheet,
|
|
7
|
-
* but cols 11/12/13 are now mechanically populated from the joined
|
|
8
|
-
* dep-vuln data:
|
|
9
|
-
* - col 11 "Criticality of usage of this version" — max severity
|
|
10
|
-
* across the package's advisories ("Critical (3 vulns)") or
|
|
11
|
-
* blank when no known vulns.
|
|
12
|
-
* - col 12 "Vulnerability Issues" — semicolon-joined advisory list
|
|
13
|
-
* ("GHSA-XXXX: title; CVE-YYYY: title; ..."). Truncated per
|
|
14
|
-
* advisory to keep the cell readable.
|
|
15
|
-
* - col 13 "Resolution" — the bom entry's `upgradeAdvice` (Tier-1
|
|
16
|
-
* "PROPOSAL: Upgrade to ..." or "No fix available — ...").
|
|
5
|
+
* Produces a 4-sheet workbook tuned for a PM / security reviewer:
|
|
17
6
|
*
|
|
18
|
-
*
|
|
19
|
-
*
|
|
7
|
+
* 1. `Executive Summary` — KV grid on one screen: totals, severity
|
|
8
|
+
* breakdown, top upgrade, license-class counts, staleness counts,
|
|
9
|
+
* tool provenance, analysis time.
|
|
10
|
+
*
|
|
11
|
+
* 2. `Triage` — top 10 findings ranked by composite riskScore, with
|
|
12
|
+
* PM-friendly columns (Priority / Risk / Severity / KEV / Reach /
|
|
13
|
+
* Package@Version / Advisory / CVSS / EPSS / Upgrade to / Effort /
|
|
14
|
+
* Rationale). Sort key is `riskScore desc`; ties resolve by
|
|
15
|
+
* severity then package name. The list shown here is the same
|
|
16
|
+
* one the markdown's "This Week's Triage" section surfaces, so
|
|
17
|
+
* markdown + xlsx tell the same story.
|
|
18
|
+
*
|
|
19
|
+
* 3. `Inventory` — legacy 15-col customer-format sheet with 4 columns
|
|
20
|
+
* appended (cols 16–19): Risk / KEV / Reachable / EPSS. Sorting
|
|
21
|
+
* by col 16 desc gives the same triage order as sheet 2; the
|
|
22
|
+
* legacy cols 1–15 stay byte-identical to the pre-2.3.2 format
|
|
23
|
+
* for reviewers who have hand-built dashboards on specific cells.
|
|
24
|
+
*
|
|
25
|
+
* 4. `License Breakdown` — pivot: license type × count × risk class
|
|
26
|
+
* × sample packages. Lets a PM filter for "copyleft-strong" or
|
|
27
|
+
* "unknown" licenses without eyeballing the full inventory.
|
|
28
|
+
*
|
|
29
|
+
* All derivations (license class, staleness tier, effort estimate)
|
|
30
|
+
* live in `src/analyzers/bom/pm-signals.ts` so the markdown renderer
|
|
31
|
+
* shares the same classification logic — PM sees consistent labels
|
|
32
|
+
* regardless of which report surface they're reading.
|
|
20
33
|
*/
|
|
21
34
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
22
35
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
@@ -24,17 +37,46 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
24
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
38
|
exports.toBomXlsx = toBomXlsx;
|
|
26
39
|
const exceljs_1 = __importDefault(require("exceljs"));
|
|
40
|
+
const pm_signals_1 = require("../bom/pm-signals");
|
|
27
41
|
const licenses_1 = require("./licenses");
|
|
28
|
-
/** Excel's hard per-cell character limit.
|
|
29
|
-
* (e.g. octokit ReDoS write-ups) blow past this when concatenated
|
|
30
|
-
* across 5+ vulns on the same package. */
|
|
42
|
+
/** Excel's hard per-cell character limit. */
|
|
31
43
|
const EXCEL_CELL_MAX = 32767;
|
|
32
|
-
/** Per-advisory truncation in
|
|
33
|
-
* and well under the per-cell limit even on packages with 10+ vulns. */
|
|
44
|
+
/** Per-advisory truncation in the legacy "Vulnerability Issues" cell. */
|
|
34
45
|
const ADVISORY_SUMMARY_MAX = 200;
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
46
|
+
const SEV_RANK = {
|
|
47
|
+
critical: 0,
|
|
48
|
+
high: 1,
|
|
49
|
+
medium: 2,
|
|
50
|
+
low: 3,
|
|
51
|
+
};
|
|
52
|
+
const SEV_LABEL = {
|
|
53
|
+
critical: 'Critical',
|
|
54
|
+
high: 'High',
|
|
55
|
+
medium: 'Medium',
|
|
56
|
+
low: 'Low',
|
|
57
|
+
};
|
|
58
|
+
const LICENSE_CLASS_LABEL = {
|
|
59
|
+
permissive: 'Permissive',
|
|
60
|
+
'copyleft-weak': 'Copyleft (weak)',
|
|
61
|
+
'copyleft-strong': 'Copyleft (strong)',
|
|
62
|
+
proprietary: 'Proprietary',
|
|
63
|
+
unknown: 'Unknown',
|
|
64
|
+
};
|
|
65
|
+
const STALENESS_LABEL = {
|
|
66
|
+
fresh: 'Fresh (< 1y)',
|
|
67
|
+
aging: 'Aging (1–3y)',
|
|
68
|
+
stale: 'Stale (≥ 3y)',
|
|
69
|
+
unknown: 'Unknown',
|
|
70
|
+
};
|
|
71
|
+
const EFFORT_LABEL = {
|
|
72
|
+
trivial: 'Trivial (patch bump)',
|
|
73
|
+
moderate: 'Moderate (minor bump)',
|
|
74
|
+
major: 'Major (breaking)',
|
|
75
|
+
blocked: 'Blocked (no fix)',
|
|
76
|
+
};
|
|
77
|
+
/** XML 1.0 forbids most C0 control chars; Excel refuses to open a sheet
|
|
78
|
+
* containing them. Same scrub as licenses.ts, inlined here so the xlsx
|
|
79
|
+
* write boundary owns the rule. */
|
|
38
80
|
function xlsxSafe(v) {
|
|
39
81
|
if (!v)
|
|
40
82
|
return '';
|
|
@@ -51,54 +93,266 @@ function xlsxSafe(v) {
|
|
|
51
93
|
}
|
|
52
94
|
return s;
|
|
53
95
|
}
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
96
|
+
function pct(n) {
|
|
97
|
+
return typeof n === 'number' ? `${(n * 100).toFixed(2)}%` : '—';
|
|
98
|
+
}
|
|
99
|
+
function maxRiskAcrossVulns(e) {
|
|
100
|
+
let best = -1;
|
|
101
|
+
for (const v of e.vulns) {
|
|
102
|
+
if (typeof v.riskScore === 'number' && v.riskScore > best)
|
|
103
|
+
best = v.riskScore;
|
|
104
|
+
}
|
|
105
|
+
return best;
|
|
106
|
+
}
|
|
107
|
+
function maxCvssAcrossVulns(e) {
|
|
108
|
+
let best = -1;
|
|
109
|
+
for (const v of e.vulns) {
|
|
110
|
+
if (typeof v.cvssScore === 'number' && v.cvssScore > best)
|
|
111
|
+
best = v.cvssScore;
|
|
112
|
+
}
|
|
113
|
+
return best;
|
|
114
|
+
}
|
|
115
|
+
function maxEpssAcrossVulns(e) {
|
|
116
|
+
let best = -1;
|
|
117
|
+
for (const v of e.vulns) {
|
|
118
|
+
if (typeof v.epssScore === 'number' && v.epssScore > best)
|
|
119
|
+
best = v.epssScore;
|
|
120
|
+
}
|
|
121
|
+
return best;
|
|
122
|
+
}
|
|
123
|
+
function anyKev(e) {
|
|
124
|
+
return e.vulns.some((v) => v.kev === true);
|
|
125
|
+
}
|
|
126
|
+
function anyReachable(e) {
|
|
127
|
+
let sawTrue = false;
|
|
128
|
+
let sawFalse = false;
|
|
129
|
+
for (const v of e.vulns) {
|
|
130
|
+
if (v.reachable === true)
|
|
131
|
+
sawTrue = true;
|
|
132
|
+
else if (v.reachable === false)
|
|
133
|
+
sawFalse = true;
|
|
134
|
+
}
|
|
135
|
+
if (sawTrue)
|
|
136
|
+
return 'yes';
|
|
137
|
+
if (sawFalse)
|
|
138
|
+
return 'no';
|
|
139
|
+
return 'unknown';
|
|
140
|
+
}
|
|
60
141
|
/**
|
|
61
|
-
* Render a `BomReport` as
|
|
62
|
-
* bytes. Sort matches the licenses converter (alphabetical by package)
|
|
63
|
-
* for diff-stable output across runs.
|
|
142
|
+
* Render a `BomReport` as a multi-sheet XLSX workbook.
|
|
64
143
|
*/
|
|
65
144
|
async function toBomXlsx(report) {
|
|
66
145
|
const wb = new exceljs_1.default.Workbook();
|
|
67
146
|
wb.creator = 'vyuh-dxkit';
|
|
68
147
|
wb.created = new Date(report.analyzedAt);
|
|
69
|
-
|
|
70
|
-
|
|
148
|
+
writeExecutiveSummary(wb, report);
|
|
149
|
+
writeTriage(wb, report);
|
|
150
|
+
writeInventory(wb, report);
|
|
151
|
+
writeLicenseBreakdown(wb, report);
|
|
152
|
+
const buf = await wb.xlsx.writeBuffer();
|
|
153
|
+
return Buffer.from(buf);
|
|
154
|
+
}
|
|
155
|
+
// ─── Sheet 1: Executive Summary ─────────────────────────────────────────────
|
|
156
|
+
function writeExecutiveSummary(wb, report) {
|
|
157
|
+
const ws = wb.addWorksheet('Executive Summary');
|
|
158
|
+
ws.columns = [
|
|
159
|
+
{ header: '', key: 'label', width: 42 },
|
|
160
|
+
{ header: '', key: 'value', width: 60 },
|
|
161
|
+
];
|
|
162
|
+
const s = report.summary;
|
|
163
|
+
const now = new Date();
|
|
164
|
+
// Top-line identity
|
|
165
|
+
ws.addRow(['Repository', report.repo]);
|
|
166
|
+
ws.addRow(['Branch', `${report.branch} (${report.commitSha})`]);
|
|
167
|
+
ws.addRow(['Scan date', report.analyzedAt.slice(0, 10)]);
|
|
168
|
+
ws.addRow([
|
|
169
|
+
'Scope',
|
|
170
|
+
s.filter === 'top-level'
|
|
171
|
+
? `Top-level packages only (${s.totalPackages} of ${s.unfilteredTotalPackages} installed)`
|
|
172
|
+
: `All installed packages (${s.totalPackages})`,
|
|
173
|
+
]);
|
|
174
|
+
if (s.projectRoots.length > 1) {
|
|
175
|
+
ws.addRow(['Project roots', `${s.projectRoots.length} — ${s.projectRoots.join(', ')}`]);
|
|
176
|
+
}
|
|
177
|
+
ws.addRow([]);
|
|
178
|
+
// Risk posture
|
|
179
|
+
ws.addRow(['Risk posture', '']).font = { bold: true };
|
|
180
|
+
ws.addRow(['Vulnerable packages', `${s.vulnerablePackages} (of ${s.totalPackages})`]);
|
|
181
|
+
ws.addRow(['Total advisories', `${s.totalAdvisories}`]);
|
|
182
|
+
ws.addRow([
|
|
183
|
+
'Severity breakdown (worst-of-package)',
|
|
184
|
+
`Critical ${s.bySeverity.critical} · High ${s.bySeverity.high} · Medium ${s.bySeverity.medium} · Low ${s.bySeverity.low}`,
|
|
185
|
+
]);
|
|
186
|
+
// Highest-risk advisory + top upgrade
|
|
187
|
+
const triage = buildTriageRows(report);
|
|
188
|
+
if (triage.length > 0) {
|
|
189
|
+
const top = triage[0];
|
|
190
|
+
ws.addRow([
|
|
191
|
+
'Top ship-blocker',
|
|
192
|
+
`${top.packageAtVersion} — ${top.advisoryId} (Risk ${top.risk.toFixed(0)})`,
|
|
193
|
+
]);
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
ws.addRow(['Top ship-blocker', 'None — no advisory crossed the moderate-risk threshold']);
|
|
197
|
+
}
|
|
198
|
+
// byTopLevelDep: the single upgrade with the biggest blast-radius win
|
|
199
|
+
const rollupEntries = Object.entries(s.byTopLevelDep).sort((a, b) => SEV_RANK[a[1].maxSeverity] - SEV_RANK[b[1].maxSeverity] ||
|
|
200
|
+
b[1].advisoryCount - a[1].advisoryCount);
|
|
201
|
+
if (rollupEntries.length > 0) {
|
|
202
|
+
const [name, r] = rollupEntries[0];
|
|
203
|
+
ws.addRow([
|
|
204
|
+
'Highest-leverage upgrade',
|
|
205
|
+
`${name} — resolves up to ${r.advisoryCount} transitive advisories (worst ${SEV_LABEL[r.maxSeverity]})`,
|
|
206
|
+
]);
|
|
207
|
+
}
|
|
208
|
+
ws.addRow([]);
|
|
209
|
+
// License risk
|
|
210
|
+
ws.addRow(['License risk', '']).font = { bold: true };
|
|
211
|
+
const licBuckets = new Map();
|
|
212
|
+
for (const e of report.entries) {
|
|
213
|
+
const c = (0, pm_signals_1.licenseClass)(e.licenseType);
|
|
214
|
+
licBuckets.set(c, (licBuckets.get(c) ?? 0) + 1);
|
|
215
|
+
}
|
|
216
|
+
for (const c of [
|
|
217
|
+
'permissive',
|
|
218
|
+
'copyleft-weak',
|
|
219
|
+
'copyleft-strong',
|
|
220
|
+
'proprietary',
|
|
221
|
+
'unknown',
|
|
222
|
+
]) {
|
|
223
|
+
ws.addRow([LICENSE_CLASS_LABEL[c], licBuckets.get(c) ?? 0]);
|
|
224
|
+
}
|
|
225
|
+
ws.addRow([]);
|
|
226
|
+
// Staleness
|
|
227
|
+
ws.addRow(['Staleness', '']).font = { bold: true };
|
|
228
|
+
const staleBuckets = new Map();
|
|
229
|
+
for (const e of report.entries) {
|
|
230
|
+
const t = (0, pm_signals_1.stalenessTier)(e.releaseDate, now);
|
|
231
|
+
staleBuckets.set(t, (staleBuckets.get(t) ?? 0) + 1);
|
|
232
|
+
}
|
|
233
|
+
for (const t of ['fresh', 'aging', 'stale', 'unknown']) {
|
|
234
|
+
ws.addRow([STALENESS_LABEL[t], staleBuckets.get(t) ?? 0]);
|
|
235
|
+
}
|
|
236
|
+
ws.addRow([]);
|
|
237
|
+
// Tools + provenance
|
|
238
|
+
ws.addRow(['Tools used', report.toolsUsed.join(', ') || '(none)']);
|
|
239
|
+
if (report.toolsUnavailable.length > 0) {
|
|
240
|
+
ws.addRow(['Tools unavailable', report.toolsUnavailable.join(', ')]);
|
|
241
|
+
}
|
|
242
|
+
ws.addRow(['Schema version', report.schemaVersion]);
|
|
243
|
+
// Bold the label column
|
|
244
|
+
for (let i = 1; i <= ws.rowCount; i++) {
|
|
245
|
+
const cell = ws.getRow(i).getCell(1);
|
|
246
|
+
if (!cell.font?.bold)
|
|
247
|
+
cell.font = { bold: true };
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
function buildTriageRows(report, limit = 10, minRisk = 15) {
|
|
251
|
+
const flat = [];
|
|
252
|
+
for (const e of report.entries) {
|
|
253
|
+
if (e.vulns.length === 0)
|
|
254
|
+
continue;
|
|
255
|
+
const effort = (0, pm_signals_1.effortEstimate)(e);
|
|
256
|
+
for (const v of e.vulns) {
|
|
257
|
+
if (typeof v.riskScore !== 'number' || v.riskScore < minRisk)
|
|
258
|
+
continue;
|
|
259
|
+
const rationale = buildRationale(v);
|
|
260
|
+
flat.push({
|
|
261
|
+
risk: v.riskScore,
|
|
262
|
+
severity: v.severity,
|
|
263
|
+
kev: v.kev === true,
|
|
264
|
+
reachable: v.reachable === true ? 'yes' : v.reachable === false ? 'no' : 'unknown',
|
|
265
|
+
packageAtVersion: `${e.package}@${e.version}`,
|
|
266
|
+
advisoryId: v.id,
|
|
267
|
+
cvss: v.cvssScore,
|
|
268
|
+
epss: v.epssScore,
|
|
269
|
+
fix: v.fixedVersion ?? e.upgradeAdvice.replace(/^PROPOSAL:\s*/, '') ?? undefined,
|
|
270
|
+
effort,
|
|
271
|
+
rationale,
|
|
272
|
+
});
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
flat.sort((a, b) => b.risk - a.risk ||
|
|
276
|
+
SEV_RANK[a.severity] - SEV_RANK[b.severity] ||
|
|
277
|
+
a.packageAtVersion.localeCompare(b.packageAtVersion));
|
|
278
|
+
return flat.slice(0, limit);
|
|
279
|
+
}
|
|
280
|
+
function buildRationale(v) {
|
|
281
|
+
const parts = [];
|
|
282
|
+
if (v.kev)
|
|
283
|
+
parts.push('KEV');
|
|
284
|
+
if (v.reachable === true)
|
|
285
|
+
parts.push('reachable');
|
|
286
|
+
if (v.reachable === false)
|
|
287
|
+
parts.push('not reachable');
|
|
288
|
+
if (typeof v.cvssScore === 'number')
|
|
289
|
+
parts.push(`CVSS ${v.cvssScore.toFixed(1)}`);
|
|
290
|
+
if (typeof v.epssScore === 'number' && v.epssScore >= 0.01) {
|
|
291
|
+
parts.push(`EPSS ${(v.epssScore * 100).toFixed(1)}%`);
|
|
292
|
+
}
|
|
293
|
+
return parts.length > 0 ? parts.join(', ') : '—';
|
|
294
|
+
}
|
|
295
|
+
function writeTriage(wb, report) {
|
|
296
|
+
const ws = wb.addWorksheet('Triage');
|
|
297
|
+
ws.columns = [
|
|
298
|
+
{ header: 'Priority', key: 'priority', width: 10 },
|
|
299
|
+
{ header: 'Risk', key: 'risk', width: 8 },
|
|
300
|
+
{ header: 'Severity', key: 'severity', width: 12 },
|
|
301
|
+
{ header: 'KEV', key: 'kev', width: 6 },
|
|
302
|
+
{ header: 'Reachable', key: 'reachable', width: 12 },
|
|
303
|
+
{ header: 'Package@Version', key: 'pkg', width: 40 },
|
|
304
|
+
{ header: 'Advisory', key: 'id', width: 24 },
|
|
305
|
+
{ header: 'CVSS', key: 'cvss', width: 8 },
|
|
306
|
+
{ header: 'EPSS', key: 'epss', width: 10 },
|
|
307
|
+
{ header: 'Upgrade to', key: 'fix', width: 14 },
|
|
308
|
+
{ header: 'Effort', key: 'effort', width: 22 },
|
|
309
|
+
{ header: 'Rationale', key: 'rationale', width: 42 },
|
|
310
|
+
];
|
|
311
|
+
ws.getRow(1).font = { bold: true };
|
|
312
|
+
const triage = buildTriageRows(report);
|
|
313
|
+
triage.forEach((t, i) => {
|
|
314
|
+
ws.addRow({
|
|
315
|
+
priority: i + 1,
|
|
316
|
+
risk: Math.round(t.risk),
|
|
317
|
+
severity: SEV_LABEL[t.severity],
|
|
318
|
+
kev: t.kev ? '⚠' : '',
|
|
319
|
+
reachable: t.reachable,
|
|
320
|
+
pkg: t.packageAtVersion,
|
|
321
|
+
id: t.advisoryId,
|
|
322
|
+
cvss: typeof t.cvss === 'number' ? t.cvss.toFixed(1) : '—',
|
|
323
|
+
epss: pct(t.epss),
|
|
324
|
+
fix: t.fix ? xlsxSafe(t.fix) : '—',
|
|
325
|
+
effort: EFFORT_LABEL[t.effort],
|
|
326
|
+
rationale: t.rationale,
|
|
327
|
+
});
|
|
328
|
+
});
|
|
329
|
+
if (triage.length === 0) {
|
|
330
|
+
ws.addRow({
|
|
331
|
+
priority: '—',
|
|
332
|
+
rationale: 'No advisories crossed the moderate-risk threshold (Risk ≥ 15).',
|
|
333
|
+
});
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
// ─── Sheet 3: Inventory (legacy 15 + 4 appended) ────────────────────────────
|
|
337
|
+
function writeInventory(wb, report) {
|
|
338
|
+
const ws = wb.addWorksheet('Inventory');
|
|
339
|
+
// Append the 4 PM-signal columns to the legacy header.
|
|
340
|
+
const header = [...licenses_1.BOM_COLUMNS, 'Risk', 'KEV', 'Reachable', 'EPSS'];
|
|
341
|
+
ws.addRow(header);
|
|
71
342
|
ws.getRow(1).font = { bold: true };
|
|
72
343
|
const reportDate = report.analyzedAt.slice(0, 10);
|
|
73
344
|
const rows = [...report.entries].sort((a, b) => a.package.localeCompare(b.package));
|
|
74
|
-
// Non-vulnerable rows still need a signal in cols 11/12/13 so a reviewer
|
|
75
|
-
// can distinguish "scanned, clean" from "not scanned / unknown". Blank
|
|
76
|
-
// leaves the same ambiguity the customer's hand-built sheet had.
|
|
77
345
|
const NO_VULNS_CRITICALITY = 'None';
|
|
78
346
|
const NO_VULNS_ISSUES = 'None';
|
|
79
347
|
const NO_VULNS_RESOLUTION = 'No action required';
|
|
80
348
|
for (const e of rows) {
|
|
81
|
-
// col 11: severity badge + count, e.g. "Critical (3 vulns)".
|
|
82
349
|
const criticality = e.maxSeverity
|
|
83
350
|
? `${SEV_LABEL[e.maxSeverity]} (${e.vulns.length} vuln${e.vulns.length === 1 ? '' : 's'})`
|
|
84
351
|
: NO_VULNS_CRITICALITY;
|
|
85
|
-
// col 12: per-advisory list. "ID: summary" with summary truncated
|
|
86
|
-
// per entry. Sorted by severity within the package so the most
|
|
87
|
-
// serious issues appear first when the cell is rendered.
|
|
88
|
-
const SEV_RANK = {
|
|
89
|
-
critical: 0,
|
|
90
|
-
high: 1,
|
|
91
|
-
medium: 2,
|
|
92
|
-
low: 3,
|
|
93
|
-
};
|
|
94
352
|
const sortedVulns = [...e.vulns].sort((a, b) => SEV_RANK[a.severity] - SEV_RANK[b.severity] || a.id.localeCompare(b.id));
|
|
95
353
|
const vulnLines = sortedVulns.map((v) => {
|
|
96
354
|
const title = (v.summary ?? '').replace(/\s+/g, ' ').trim().slice(0, ADVISORY_SUMMARY_MAX);
|
|
97
355
|
const cvss = v.cvssScore !== undefined ? ` [CVSS ${v.cvssScore.toFixed(1)}]` : '';
|
|
98
|
-
// Top-level attribution: tells the reviewer which direct manifest
|
|
99
|
-
// dep to upgrade. Missing when the pack couldn't parse the graph
|
|
100
|
-
// (e.g. TS repo with no lockfile) — silent in that case so the
|
|
101
|
-
// column stays clean.
|
|
102
356
|
const tops = v.topLevelDep ?? [];
|
|
103
357
|
let via = '';
|
|
104
358
|
if (tops.length === 1)
|
|
@@ -109,32 +363,93 @@ async function toBomXlsx(report) {
|
|
|
109
363
|
});
|
|
110
364
|
const vulnerabilityIssues = e.vulns.length === 0 ? NO_VULNS_ISSUES : vulnLines.join('; ');
|
|
111
365
|
const resolution = e.vulns.length === 0 ? NO_VULNS_RESOLUTION : e.upgradeAdvice;
|
|
366
|
+
// PM signals — appended cols 16–19. Use max-across-vulns for sortability.
|
|
367
|
+
const risk = maxRiskAcrossVulns(e);
|
|
368
|
+
const cvssMax = maxCvssAcrossVulns(e);
|
|
369
|
+
const epssMax = maxEpssAcrossVulns(e);
|
|
370
|
+
const kevCell = anyKev(e) ? 'Yes' : '';
|
|
371
|
+
const reachCell = anyReachable(e);
|
|
112
372
|
ws.addRow([
|
|
113
|
-
xlsxSafe(e.package),
|
|
114
|
-
xlsxSafe(e.version),
|
|
115
|
-
xlsxSafe(e.description),
|
|
116
|
-
'Dependency',
|
|
117
|
-
`Reported ${reportDate}`,
|
|
118
|
-
xlsxSafe(e.sourceUrl),
|
|
119
|
-
xlsxSafe(e.licenseType),
|
|
120
|
-
xlsxSafe(e.licenseText),
|
|
121
|
-
xlsxSafe(e.supplier),
|
|
122
|
-
xlsxSafe(e.releaseDate ? e.releaseDate.slice(0, 10) : ''),
|
|
123
|
-
xlsxSafe(criticality),
|
|
124
|
-
xlsxSafe(vulnerabilityIssues),
|
|
125
|
-
xlsxSafe(resolution),
|
|
126
|
-
'',
|
|
127
|
-
`${e.package}@${e.version}`,
|
|
373
|
+
xlsxSafe(e.package),
|
|
374
|
+
xlsxSafe(e.version),
|
|
375
|
+
xlsxSafe(e.description),
|
|
376
|
+
'Dependency',
|
|
377
|
+
`Reported ${reportDate}`,
|
|
378
|
+
xlsxSafe(e.sourceUrl),
|
|
379
|
+
xlsxSafe(e.licenseType),
|
|
380
|
+
xlsxSafe(e.licenseText),
|
|
381
|
+
xlsxSafe(e.supplier),
|
|
382
|
+
xlsxSafe(e.releaseDate ? e.releaseDate.slice(0, 10) : ''),
|
|
383
|
+
xlsxSafe(criticality),
|
|
384
|
+
xlsxSafe(vulnerabilityIssues),
|
|
385
|
+
xlsxSafe(resolution),
|
|
386
|
+
'',
|
|
387
|
+
`${e.package}@${e.version}`,
|
|
388
|
+
// 16–19: PM-signals (numeric so sort asc/desc works correctly)
|
|
389
|
+
risk >= 0 ? Math.round(risk) : '',
|
|
390
|
+
kevCell,
|
|
391
|
+
reachCell === 'unknown' ? '' : reachCell,
|
|
392
|
+
epssMax >= 0 ? pct(epssMax) : '',
|
|
393
|
+
// Keep CVSS-max for power users; col 20 is an extra that helps
|
|
394
|
+
// pivot tables without cluttering the main table.
|
|
395
|
+
cvssMax >= 0 ? cvssMax.toFixed(1) : '',
|
|
128
396
|
]);
|
|
129
397
|
}
|
|
130
|
-
//
|
|
131
|
-
|
|
132
|
-
const widths = [30, 14, 50, 14, 18, 50, 18, 50, 24, 18, 22, 50, 40, 12, 40];
|
|
398
|
+
// Legacy widths (15 cols) + PM-signal widths (4 + 1 for cvss-max).
|
|
399
|
+
const widths = [30, 14, 50, 14, 18, 50, 18, 50, 24, 18, 22, 50, 40, 12, 40, 8, 6, 12, 10, 8];
|
|
133
400
|
ws.columns.forEach((col, i) => {
|
|
134
401
|
if (col && widths[i])
|
|
135
402
|
col.width = widths[i];
|
|
136
403
|
});
|
|
137
|
-
|
|
138
|
-
|
|
404
|
+
// Header for the bonus col 20 (CVSS max)
|
|
405
|
+
ws.getRow(1).getCell(20).value = 'CVSS (max)';
|
|
406
|
+
ws.getRow(1).getCell(20).font = { bold: true };
|
|
407
|
+
}
|
|
408
|
+
// ─── Sheet 4: License Breakdown ─────────────────────────────────────────────
|
|
409
|
+
function writeLicenseBreakdown(wb, report) {
|
|
410
|
+
const ws = wb.addWorksheet('License Breakdown');
|
|
411
|
+
ws.columns = [
|
|
412
|
+
{ header: 'License', key: 'license', width: 30 },
|
|
413
|
+
{ header: 'Class', key: 'class', width: 22 },
|
|
414
|
+
{ header: 'Count', key: 'count', width: 8 },
|
|
415
|
+
{ header: 'Sample packages', key: 'samples', width: 80 },
|
|
416
|
+
];
|
|
417
|
+
ws.getRow(1).font = { bold: true };
|
|
418
|
+
// Group entries by license type, remember up to 5 sample package names
|
|
419
|
+
const buckets = new Map();
|
|
420
|
+
for (const e of report.entries) {
|
|
421
|
+
const lic = e.licenseType || '(empty)';
|
|
422
|
+
const list = buckets.get(lic) ?? [];
|
|
423
|
+
list.push(e.package);
|
|
424
|
+
buckets.set(lic, list);
|
|
425
|
+
}
|
|
426
|
+
// Sort: worst class first (copyleft-strong), then count desc, then name
|
|
427
|
+
const rows = [...buckets.entries()]
|
|
428
|
+
.map(([lic, pkgs]) => ({
|
|
429
|
+
license: lic,
|
|
430
|
+
cls: (0, pm_signals_1.licenseClass)(lic),
|
|
431
|
+
count: pkgs.length,
|
|
432
|
+
samples: pkgs.slice(0, 5).join(', ') + (pkgs.length > 5 ? `, +${pkgs.length - 5} more` : ''),
|
|
433
|
+
}))
|
|
434
|
+
.sort((a, b) => {
|
|
435
|
+
const classRank = {
|
|
436
|
+
'copyleft-strong': 0,
|
|
437
|
+
'copyleft-weak': 1,
|
|
438
|
+
proprietary: 2,
|
|
439
|
+
unknown: 3,
|
|
440
|
+
permissive: 4,
|
|
441
|
+
};
|
|
442
|
+
return (classRank[a.cls] - classRank[b.cls] ||
|
|
443
|
+
b.count - a.count ||
|
|
444
|
+
a.license.localeCompare(b.license));
|
|
445
|
+
});
|
|
446
|
+
for (const r of rows) {
|
|
447
|
+
ws.addRow({
|
|
448
|
+
license: r.license,
|
|
449
|
+
class: LICENSE_CLASS_LABEL[r.cls],
|
|
450
|
+
count: r.count,
|
|
451
|
+
samples: r.samples,
|
|
452
|
+
});
|
|
453
|
+
}
|
|
139
454
|
}
|
|
140
455
|
//# sourceMappingURL=bom.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bom.js","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;;;AA8CH,8BAiFC;AA7HD,sDAA8B;AAG9B,yCAAyC;AAEzC;;2CAE2C;AAC3C,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B;yEACyE;AACzE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC;;wCAEwC;AACxC,SAAS,QAAQ,CAAC,CAAqB;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;YAAE,SAAS;QAC7E,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,wEAAwE,CAAC;QACxF,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF;;;;GAIG;AACI,KAAK,UAAU,SAAS,CAAC,MAAiB;IAC/C,MAAM,EAAE,GAAG,IAAI,iBAAO,CAAC,QAAQ,EAAE,CAAC;IAClC,EAAE,CAAC,OAAO,GAAG,YAAY,CAAC;IAC1B,EAAE,CAAC,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzC,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACvC,EAAE,CAAC,MAAM,CAAC,sBAAuB,CAAC,CAAC;IACnC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpF,yEAAyE;IACzE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,oBAAoB,GAAG,MAAM,CAAC;IACpC,MAAM,eAAe,GAAG,MAAM,CAAC;IAC/B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,6DAA6D;QAC7D,MAAM,WAAW,GAAG,CAAC,CAAC,WAAW;YAC/B,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG;YAC1F,CAAC,CAAC,oBAAoB,CAAC;QAEzB,kEAAkE;QAClE,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,QAAQ,GAAgC;YAC5C,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;SACP,CAAC;QACF,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAClF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;YAC3F,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,kEAAkE;YAClE,iEAAiE;YACjE,+DAA+D;YAC/D,sBAAsB;YACtB,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YACjC,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC1C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;YAC7E,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;QAC3E,CAAC,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QAEhF,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ;YAC7B,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ;YAC7B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,YAAY,EAAE,iBAAiB;YAC/B,YAAY,UAAU,EAAE,EAAE,0BAA0B;YACpD,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,QAAQ;YAC/B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ;YACjC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,QAAQ;YAC9B,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,yGAAyG;YACpK,QAAQ,CAAC,WAAW,CAAC,EAAE,oBAAoB;YAC3C,QAAQ,CAAC,mBAAmB,CAAC,EAAE,oBAAoB;YACnD,QAAQ,CAAC,UAAU,CAAC,EAAE,oBAAoB;YAC1C,EAAE,EAAE,gEAAgE;YACpE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,SAAS;SACvC,CAAC,CAAC;IACL,CAAC;IAED,oEAAoE;IACpE,iEAAiE;IACjE,MAAM,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,IAAI,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC;YAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAkB,CAAC,CAAC;AACzC,CAAC"}
|
|
1
|
+
{"version":3,"file":"bom.js","sourceRoot":"","sources":["../../../src/analyzers/xlsx/bom.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;;;AA2HH,8BAYC;AArID,sDAA8B;AAI9B,kDAO2B;AAC3B,yCAAyC;AAEzC,6CAA6C;AAC7C,MAAM,cAAc,GAAG,KAAK,CAAC;AAE7B,yEAAyE;AACzE,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,MAAM,QAAQ,GAAgC;IAC5C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF,MAAM,mBAAmB,GAAiC;IACxD,UAAU,EAAE,YAAY;IACxB,eAAe,EAAE,iBAAiB;IAClC,iBAAiB,EAAE,mBAAmB;IACtC,WAAW,EAAE,aAAa;IAC1B,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,MAAM,eAAe,GAAkC;IACrD,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,cAAc;IACrB,KAAK,EAAE,cAAc;IACrB,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,MAAM,YAAY,GAAmC;IACnD,OAAO,EAAE,sBAAsB;IAC/B,QAAQ,EAAE,uBAAuB;IACjC,KAAK,EAAE,kBAAkB;IACzB,OAAO,EAAE,kBAAkB;CAC5B,CAAC;AAEF;;oCAEoC;AACpC,SAAS,QAAQ,CAAC,CAAqB;IACrC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;YAAE,SAAS;QAC7E,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,wEAAwE,CAAC;QACxF,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,GAAG,CAAC,CAAqB;IAChC,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAClE,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAW;IACrC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;YAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,CAAW;IACzB,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,YAAY,CAAC,CAAW;IAC/B,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,OAAO,GAAG,IAAI,CAAC;aACpC,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,QAAQ,GAAG,IAAI,CAAC;IAClD,CAAC;IACD,IAAI,OAAO;QAAE,OAAO,KAAK,CAAC;IAC1B,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,SAAS,CAAC,MAAiB;IAC/C,MAAM,EAAE,GAAG,IAAI,iBAAO,CAAC,QAAQ,EAAE,CAAC;IAClC,EAAE,CAAC,OAAO,GAAG,YAAY,CAAC;IAC1B,EAAE,CAAC,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzC,qBAAqB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAClC,WAAW,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACxB,cAAc,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3B,qBAAqB,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAElC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAkB,CAAC,CAAC;AACzC,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,EAAoB,EAAE,MAAiB;IACpE,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAChD,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;QACvC,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;KACxC,CAAC;IAEF,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,oBAAoB;IACpB,EAAE,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,EAAE,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAChE,EAAE,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACzD,EAAE,CAAC,MAAM,CAAC;QACR,OAAO;QACP,CAAC,CAAC,MAAM,KAAK,WAAW;YACtB,CAAC,CAAC,4BAA4B,CAAC,CAAC,aAAa,OAAO,CAAC,CAAC,uBAAuB,aAAa;YAC1F,CAAC,CAAC,2BAA2B,CAAC,CAAC,aAAa,GAAG;KAClD,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,MAAM,CAAC,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,eAAe;IACf,EAAE,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACtD,EAAE,CAAC,MAAM,CAAC,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC,kBAAkB,QAAQ,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;IACtF,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IACxD,EAAE,CAAC,MAAM,CAAC;QACR,uCAAuC;QACvC,YAAY,CAAC,CAAC,UAAU,CAAC,QAAQ,WAAW,CAAC,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,CAAC,UAAU,CAAC,MAAM,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE;KAC1H,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,EAAE,CAAC,MAAM,CAAC;YACR,kBAAkB;YAClB,GAAG,GAAG,CAAC,gBAAgB,MAAM,GAAG,CAAC,UAAU,UAAU,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;SAC5E,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,wDAAwD,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,sEAAsE;IACtE,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CACxD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAC1C,CAAC;IACF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QACnC,EAAE,CAAC,MAAM,CAAC;YACR,0BAA0B;YAC1B,GAAG,IAAI,qBAAqB,CAAC,CAAC,aAAa,iCAAiC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG;SACxG,CAAC,CAAC;IACL,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,eAAe;IACf,EAAE,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACtD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI;QACd,YAAY;QACZ,eAAe;QACf,iBAAiB;QACjB,aAAa;QACb,SAAS;KACQ,EAAE,CAAC;QACpB,EAAE,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,YAAY;IACZ,EAAE,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAyB,CAAC;IACtD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAC5C,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAoB,EAAE,CAAC;QAC1E,EAAE,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEd,qBAAqB;IACrB,EAAE,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,EAAE,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,EAAE,CAAC,MAAM,CAAC,CAAC,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpD,wBAAwB;IACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI;YAAE,IAAI,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,CAAC;AACH,CAAC;AAkBD,SAAS,eAAe,CAAC,MAAiB,EAAE,KAAK,GAAG,EAAE,EAAE,OAAO,GAAG,EAAE;IAClE,MAAM,IAAI,GAAoB,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACnC,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC,CAAC,CAAC,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACvE,MAAM,SAAS,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,GAAG,EAAE,CAAC,CAAC,GAAG,KAAK,IAAI;gBACnB,SAAS,EAAE,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;gBAClF,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,UAAU,EAAE,CAAC,CAAC,EAAE;gBAChB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,IAAI,SAAS;gBAChF,MAAM;gBACN,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CACP,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI;QACf,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC3C,CAAC,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC,CACvD,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,CAAiB;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC,CAAC,GAAG;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAClF,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AACnD,CAAC;AAED,SAAS,WAAW,CAAC,EAAoB,EAAE,MAAiB;IAC1D,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE;QAClD,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE;QACzC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE;QAClD,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE;QACvC,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;QACpD,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE;QACpD,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE;QAC5C,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE;QACzC,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE;QAC1C,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE;QAC/C,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE;QAC9C,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE;KACrD,CAAC;IACF,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACtB,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,EAAE,CAAC,GAAG,CAAC;YACf,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YACxB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC/B,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;YACrB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,GAAG,EAAE,CAAC,CAAC,gBAAgB;YACvB,EAAE,EAAE,CAAC,CAAC,UAAU;YAChB,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;YAC1D,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YACjB,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG;YAClC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;YAC9B,SAAS,EAAE,CAAC,CAAC,SAAS;SACvB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,gEAAgE;SAC5E,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAS,cAAc,CAAC,EAAoB,EAAE,MAAiB;IAC7D,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAExC,uDAAuD;IACvD,MAAM,MAAM,GAAG,CAAC,GAAG,sBAAW,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;IACpE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAEpF,MAAM,oBAAoB,GAAG,MAAM,CAAC;IACpC,MAAM,eAAe,GAAG,MAAM,CAAC;IAC/B,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;IAEjD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,CAAC,CAAC,WAAW;YAC/B,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG;YAC1F,CAAC,CAAC,oBAAoB,CAAC;QAEzB,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAClF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;YAC3F,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;YACjC,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC1C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,QAAQ,CAAC;YAC7E,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;QAC3E,CAAC,CAAC,CAAC;QACH,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QAEhF,0EAA0E;QAC1E,MAAM,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAElC,EAAE,CAAC,MAAM,CAAC;YACR,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;YACnB,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;YACnB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,YAAY;YACZ,YAAY,UAAU,EAAE;YACxB,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YACrB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YACvB,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;YACpB,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,WAAW,CAAC;YACrB,QAAQ,CAAC,mBAAmB,CAAC;YAC7B,QAAQ,CAAC,UAAU,CAAC;YACpB,EAAE;YACF,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;YAC3B,+DAA+D;YAC/D,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;YACjC,OAAO;YACP,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;YACxC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YAChC,+DAA+D;YAC/D,kDAAkD;YAClD,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,MAAM,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7F,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,IAAI,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC;YAAE,GAAG,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,yCAAyC;IACzC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,YAAY,CAAC;IAC9C,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC;AAED,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,EAAoB,EAAE,MAAiB;IACpE,MAAM,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAChD,EAAE,CAAC,OAAO,GAAG;QACX,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE;QAChD,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;QAC5C,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE;QAC3C,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE;KACzD,CAAC;IACF,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEnC,uEAAuE;IACvE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,IAAI,SAAS,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACpC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,wEAAwE;IACxE,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACrB,OAAO,EAAE,GAAG;QACZ,GAAG,EAAE,IAAA,yBAAY,EAAC,GAAG,CAAC;QACtB,KAAK,EAAE,IAAI,CAAC,MAAM;QAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7F,CAAC,CAAC;SACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,SAAS,GAAiC;YAC9C,iBAAiB,EAAE,CAAC;YACpB,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,CAAC;YACd,OAAO,EAAE,CAAC;YACV,UAAU,EAAE,CAAC;SACd,CAAC;QACF,OAAO,CACL,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;YACnC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK;YACjB,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CACnC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEL,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,EAAE,CAAC,MAAM,CAAC;YACR,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,KAAK,EAAE,mBAAmB,CAAC,CAAC,CAAC,GAAG,CAAC;YACjC,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|