@vyuhlabs/dxkit 2.3.2 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/CHANGELOG.md +107 -0
  2. package/README.md +34 -19
  3. package/dist/analyzers/bom/index.d.ts.map +1 -1
  4. package/dist/analyzers/bom/index.js +7 -0
  5. package/dist/analyzers/bom/index.js.map +1 -1
  6. package/dist/analyzers/bom/types.d.ts +11 -0
  7. package/dist/analyzers/bom/types.d.ts.map +1 -1
  8. package/dist/analyzers/security/gather.d.ts.map +1 -1
  9. package/dist/analyzers/security/gather.js +15 -0
  10. package/dist/analyzers/security/gather.js.map +1 -1
  11. package/dist/analyzers/tools/fingerprint.d.ts +63 -0
  12. package/dist/analyzers/tools/fingerprint.d.ts.map +1 -0
  13. package/dist/analyzers/tools/fingerprint.js +82 -0
  14. package/dist/analyzers/tools/fingerprint.js.map +1 -0
  15. package/dist/analyzers/tools/osv-scanner-fix.d.ts +63 -0
  16. package/dist/analyzers/tools/osv-scanner-fix.d.ts.map +1 -0
  17. package/dist/analyzers/tools/osv-scanner-fix.js +202 -0
  18. package/dist/analyzers/tools/osv-scanner-fix.js.map +1 -0
  19. package/dist/analyzers/tools/semver-bump.d.ts +17 -0
  20. package/dist/analyzers/tools/semver-bump.d.ts.map +1 -0
  21. package/dist/analyzers/tools/semver-bump.js +30 -0
  22. package/dist/analyzers/tools/semver-bump.js.map +1 -0
  23. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  24. package/dist/analyzers/tools/tool-registry.js +20 -0
  25. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  26. package/dist/analyzers/tools/upgrade-plan-resolver.d.ts +64 -0
  27. package/dist/analyzers/tools/upgrade-plan-resolver.d.ts.map +1 -0
  28. package/dist/analyzers/tools/upgrade-plan-resolver.js +146 -0
  29. package/dist/analyzers/tools/upgrade-plan-resolver.js.map +1 -0
  30. package/dist/languages/capabilities/types.d.ts +46 -2
  31. package/dist/languages/capabilities/types.d.ts.map +1 -1
  32. package/dist/languages/csharp.d.ts +33 -0
  33. package/dist/languages/csharp.d.ts.map +1 -1
  34. package/dist/languages/csharp.js +77 -38
  35. package/dist/languages/csharp.js.map +1 -1
  36. package/dist/languages/python.d.ts.map +1 -1
  37. package/dist/languages/python.js +13 -0
  38. package/dist/languages/python.js.map +1 -1
  39. package/dist/languages/rust.d.ts.map +1 -1
  40. package/dist/languages/rust.js +17 -1
  41. package/dist/languages/rust.js.map +1 -1
  42. package/dist/languages/typescript.d.ts.map +1 -1
  43. package/dist/languages/typescript.js +12 -1
  44. package/dist/languages/typescript.js.map +1 -1
  45. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -7,6 +7,113 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [2.4.0] - 2026-04-24
11
+
12
+ Phase 10h.6 complete. Tier-2 fix tools + agent-handoff types +
13
+ cross-pack upgrade-plan resolver + C# multi-project attribution.
14
+ Closes defect D003. One user-facing theme: every `DepVulnFinding`
15
+ that has a viable remediation now carries a structured
16
+ `upgradePlan` that agents can consume directly — no more parsing
17
+ free-text `upgradeAdvice` to figure out what to upgrade.
18
+
19
+ ### Added — agent handoff (Phase 10h.6 kickoff)
20
+
21
+ - **Advisory fingerprint** — `DepVulnFinding.fingerprint` is a stable
22
+ 16-char hash of `(package, installedVersion, id)`, stamped by the
23
+ cross-pack aggregator after enrichment. Identity is input-only —
24
+ re-scoring or enrichment changes do not mint a new fingerprint.
25
+ `BomReport.summary.fingerprints` ships the sorted-deduplicated
26
+ manifest so external tooling (suppressions, CI gates, upgrade bots)
27
+ can diff two reports by plain set difference. New helper
28
+ `src/analyzers/tools/fingerprint.ts`.
29
+
30
+ - **Structured upgradePlan** — `DepVulnFinding.upgradePlan` is a typed
31
+ sibling to the existing free-text `upgradeAdvice`:
32
+ `{ parent, parentVersion, patches[], breaking }`. Populated by the
33
+ Tier-2 fix tools landing in 10h.6.1–.4 (`osv-scanner fix`,
34
+ `pip-audit --fix`, `cargo audit fix`, the cross-pack transitive
35
+ resolver). Free-text advice stays for markdown/xlsx readability;
36
+ autonomous upgrade bots consume the structured form. New type
37
+ `DepVulnUpgradePlan`.
38
+
39
+ ### Added — Tier-2 fix tools (Phase 10h.6.1 + 10h.6.2)
40
+
41
+ - **TypeScript `osv-scanner fix` integration** (10h.6.1) — wraps
42
+ `osv-scanner fix --format json --manifest package.json --lockfile
43
+ package-lock.json` and stamps structured `upgradePlan` on each
44
+ matching `DepVulnFinding` surfaced by `npm audit`. Per-patch rollup:
45
+ if one top-level bump resolves N advisories, every finding's
46
+ `upgradePlan.patches[]` lists all N. Breaking detection normalizes
47
+ pre-1.x where a minor bump (0.5 → 0.6) is treated as breaking.
48
+ - **Rust `cargo-audit` upgradePlan population** (10h.6.3) — mirrors the
49
+ Python pattern: cargo-audit's existing JSON output already carries
50
+ per-advisory `versions.patched[]`, so we populate
51
+ `DepVulnFinding.upgradePlan` as a pure transformation (parent equals
52
+ the finding's own crate; Rust has no transitive-parent remediation
53
+ concept at the advisory level). New `isMajorBump` helper shared with
54
+ the TS/Python packs (identical implementation — flagged for
55
+ consolidation in 10h.6.4's cross-pack resolver). 5 new tests.
56
+ - **Python `pip-audit` upgradePlan population** (10h.6.2) — pip-audit
57
+ already returns `fix_versions[]` per advisory; we now map the first
58
+ (minimal-resolving) entry into `DepVulnFinding.upgradePlan` alongside
59
+ the existing `fixedVersion`. Python's flat dep graph means
60
+ `upgradePlan.parent` equals the finding's own package — no transitive
61
+ parent to upgrade, just bump the vulnerable package directly. No new
62
+ subprocess call required; pure transformation of existing output.
63
+ - **New tool in `TOOL_DEFS`** — `osv-scanner` (Node/TS pack, Tier-2).
64
+ Installs via `go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest`
65
+ (macOS also tries `brew install osv-scanner` first). Soft-fails when
66
+ the binary isn't available — existing `upgradeAdvice` (free-text,
67
+ from npm-audit) stays as the fallback and no findings are dropped.
68
+ - **New helper** — `src/analyzers/tools/osv-scanner-fix.ts` exports
69
+ `gatherOsvScannerFixPlans(cwd)`, `parseOsvScannerFixOutput(raw)`, and
70
+ `enrichWithUpgradePlans(findings, plans)`. 19 new tests with a real
71
+ osv-scanner sample as fixture.
72
+ - **New helper in Python pack** — `isMajorBump(from, to)` shared
73
+ between depVulns gather and tests. Same pre-1.x-minor-is-breaking
74
+ convention as the TypeScript pack. 5 new tests.
75
+
76
+ ### Fixed — C# multi-project attribution (Phase 10h.6.7, closes D003)
77
+
78
+ - Multi-project .NET solutions (web app + tests + shared libs) now
79
+ get correct top-level-dep attribution from every project's graph.
80
+ Earlier revisions walked to the **first** `obj/project.assets.json`
81
+ they found and built the attribution index from that one file —
82
+ advisories reachable only through sibling projects' dep chains
83
+ ended up without a `topLevelDep`. Fix: enumerate every
84
+ `project.assets.json` under cwd, merge the edge maps + union
85
+ top-level sets, run BFS against the merged graph. New exports in
86
+ `src/languages/csharp.ts`: `findAllProjectAssetsJson` and
87
+ `mergeAssetParses`. 5 new tests covering the merge semantics + the
88
+ concrete D003 case (advisory reachable through sibling only).
89
+
90
+ ### Added — cross-pack upgrade-plan resolver (Phase 10h.6.4)
91
+
92
+ - **Shared `isMajorBump` helper** — three identical copies
93
+ (TS/Python/Rust from 10h.6.1–.3) consolidated into
94
+ `src/analyzers/tools/semver-bump.ts`. All three packs import from
95
+ the shared module; 7-test suite at `test/semver-bump.test.ts`
96
+ supersedes the inline duplicates.
97
+ - **Cross-pack resolver** — new module
98
+ `src/analyzers/tools/upgrade-plan-resolver.ts` exposing
99
+ `resolveTransitiveUpgradePlans(findings)`. Runs after per-pack
100
+ Tier-2 tools and before riskScore composition. Two passes:
101
+ 1. **Reconciliation** — for every advisory id listed in any
102
+ existing plan's `patches[]`, stamp the same plan onto the
103
+ matching finding (by id only, case-insensitive). Fills gaps
104
+ where a Tier-2 tool's `fixed[]` mentions an id that's carried
105
+ by another finding with a different (package, version) tuple.
106
+ 2. **Free-text parse** — derives a plan from the npm-audit
107
+ transitive-fix template (`"Upgrade X to Y [major] (transitive
108
+ fix)"`) when no structured plan exists. Single-advisory scope
109
+ (patches=[finding.id]) since the free-text doesn't carry
110
+ cross-advisory rollup. Producer-written plans are
111
+ authoritative; resolver never overwrites.
112
+ - **Wire-up** — `gatherDepVulns` in `src/analyzers/security/gather.ts`
113
+ now calls `resolveTransitiveUpgradePlans` after fingerprinting and
114
+ tier-3 enrichment, before composite `riskScore`. 11 new tests at
115
+ `test/upgrade-plan-resolver.test.ts`.
116
+
10
117
  ## [2.3.2] - 2026-04-24
11
118
 
12
119
  PM-grade bom reports. The xlsx and markdown outputs both restructure
package/README.md CHANGED
@@ -41,7 +41,7 @@ Seven deterministic analyzers. Each emits a markdown report to `.dxkit/reports/`
41
41
  | Command | What it does | Runtime | Output |
42
42
  | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | --------------------------------------------- |
43
43
  | `health` | 6-dimension score (Testing, Quality, Docs, Security, Maint, DX) | 10–20s | `.dxkit/reports/health-audit-<date>.md` |
44
- | `vulnerabilities` | gitleaks + semgrep + per-pack dep-audit (per-advisory detail in `--detailed`) | 5–30s | `.dxkit/reports/vulnerability-scan-<date>.md` |
44
+ | `vulnerabilities` | gitleaks + semgrep + per-pack dep-audit (enriched with EPSS exploit probability, CISA KEV catalog, reachability from your source, composite riskScore; per-advisory detail in `--detailed`) | 5–30s | `.dxkit/reports/vulnerability-scan-<date>.md` |
45
45
  | `test-gaps` | Coverage artifact → import-graph → filename (strongest wins) | <1s | `.dxkit/reports/test-gaps-<date>.md` |
46
46
  | `quality` | Slop score + jscpd duplication + eslint/ruff + hygiene | 5–15s | `.dxkit/reports/quality-review-<date>.md` |
47
47
  | `dev-report` | Commits, contributors, hot files, velocity, conventional % | <1s | `.dxkit/reports/developer-report-<date>.md` |
@@ -97,14 +97,14 @@ vyuh-dxkit tools install # interactive: prompts per tool
97
97
 
98
98
  ### Tools integrated
99
99
 
100
- | Layer | Tools |
101
- | --------- | -------------------------------------------------------- |
102
- | Universal | `cloc`, `gitleaks`, `semgrep`, `jscpd`, `graphify` (AST) |
103
- | Node / TS | `eslint`, `npm audit`, `@vitest/coverage-v8` |
104
- | Python | `ruff`, `pip-audit`, `coverage` (coverage.py) |
105
- | Go | `golangci-lint`, `govulncheck` |
106
- | Rust | `clippy`, `cargo-audit`, `cargo-llvm-cov` |
107
- | C# | `dotnet-format` (via SDK) |
100
+ | Layer | Tools |
101
+ | --------- | ------------------------------------------------------------------------- |
102
+ | Universal | `cloc`, `gitleaks`, `semgrep`, `jscpd`, `graphify` (AST) |
103
+ | Node / TS | `eslint`, `npm audit`, `osv-scanner` (fix planner), `@vitest/coverage-v8` |
104
+ | Python | `ruff`, `pip-audit`, `coverage` (coverage.py) |
105
+ | Go | `golangci-lint`, `govulncheck` |
106
+ | Rust | `clippy`, `cargo-audit`, `cargo-llvm-cov` |
107
+ | C# | `dotnet-format` (via SDK — formatter, not a linter) |
108
108
 
109
109
  Install commands are platform-aware (brew on macOS, user-local install on Linux, winget/scoop on Windows). Tools install into `~/.local/bin` or similar user paths — no `sudo` required.
110
110
 
@@ -126,7 +126,7 @@ Three layers merge: bundled defaults → repo `.gitignore` → repo `.dxkit-igno
126
126
 
127
127
  ### `.dxkit-suppressions.json`
128
128
 
129
- Silence known-false positives without touching code. Currently wired to `gitleaks` (semgrep + slop-hook wiring in progress).
129
+ Silence known-false positives without touching code. Wired to `gitleaks` (secrets) and `semgrep` (code patterns). Slop-hook wiring remains a follow-up.
130
130
 
131
131
  ```json
132
132
  {
@@ -136,11 +136,18 @@ Silence known-false positives without touching code. Currently wired to `gitleak
136
136
  "paths": ["test/fixtures/**", "**/*.test.ts"],
137
137
  "reason": "Fake keys in test fixtures"
138
138
  }
139
+ ],
140
+ "semgrep": [
141
+ {
142
+ "rule": "javascript.express.security.audit.express-check-directory-traversal",
143
+ "paths": ["scripts/serve-static.js"],
144
+ "reason": "Controlled internal tool, not user-reachable"
145
+ }
139
146
  ]
140
147
  }
141
148
  ```
142
149
 
143
- A finding is suppressed when its rule matches (exact string, or `*` for any) AND at least one path glob matches. Globs support `**`, `*`, `?`.
150
+ A finding is suppressed when its rule matches (exact string, or `*` for any) AND at least one path glob matches. Globs support `**`, `*`, `?`. Suppressed counts are reported separately in the analyzer output so "zero visible" is distinguishable from "zero real".
144
151
 
145
152
  ### `.project.yaml` (optional, for scaffolding)
146
153
 
@@ -152,13 +159,15 @@ When present (typically written by `@vyuhlabs/create-devstack`), `dxkit init` re
152
159
 
153
160
  Each language is a single `LanguageSupport` implementation in `src/languages/`. Adding a new language is one file — detection, tools, coverage parsing, import extraction, and lint severity mapping in one place.
154
161
 
155
- | Language | Detection | Coverage import | Import-graph | Native tools | Lint severity tiers | Vuln severity tiers |
156
- | -------- | ------------------------------------ | ------------------- | --------------------------- | ----------------------------------- | ---------------------- | ----------------------------------- |
157
- | TS / JS | `package.json` | ✅ Istanbul | ✅ import/require/re-export | eslint, npm audit, vitest-coverage | ✅ ESLint rule ID | ✅ npm audit native |
158
- | Python | `pyproject.toml`, `setup.py`, `*.py` | ✅ coverage.py | ✅ import/from | ruff, pip-audit, coverage | ✅ ruff code prefix | ✅ pip-audit + OSV.dev (CVSS v3+v4) |
159
- | Go | `go.mod` | ✅ coverprofile | ✅ import blocks | golangci-lint, govulncheck | ✅ `FromLinter` family | ✅ govulncheck embedded + OSV.dev |
160
- | Rust | `Cargo.toml` | ✅ lcov + cobertura | use statements | clippy, cargo-audit, cargo-llvm-cov | ✅ clippy group | ✅ cargo-audit native |
161
- | C# | `*.csproj`, `*.sln` | ✅ cobertura XML | using declarations | dotnet-format | (formatter) | ✅ dotnet list --vulnerable |
162
+ | Language | Detection | Coverage import | Import-graph | Native tools | Lint severity tiers | Vuln severity tiers |
163
+ | -------- | ------------------------------------ | ------------------- | -------------------------------------- | ----------------------------------- | ---------------------- | ----------------------------------- |
164
+ | TS / JS | `package.json` | ✅ Istanbul | ✅ import/require/re-export | eslint, npm audit, vitest-coverage | ✅ ESLint rule ID | ✅ npm audit native |
165
+ | Python | `pyproject.toml`, `setup.py`, `*.py` | ✅ coverage.py | ✅ import/from | ruff, pip-audit, coverage | ✅ ruff code prefix | ✅ pip-audit + OSV.dev (CVSS v3+v4) |
166
+ | Go | `go.mod` | ✅ coverprofile | ✅ import blocks | golangci-lint, govulncheck | ✅ `FromLinter` family | ✅ govulncheck embedded + OSV.dev |
167
+ | Rust | `Cargo.toml` | ✅ lcov + cobertura | ⚠️ use statements, extracted only¹ | clippy, cargo-audit, cargo-llvm-cov | ✅ clippy group | ✅ cargo-audit native |
168
+ | C# | `*.csproj`, `*.sln` | ✅ cobertura XML | ⚠️ using declarations, extracted only¹ | dotnet-format (formatter) | (no linter yet) | ✅ dotnet list --vulnerable |
169
+
170
+ ¹ Rust + C# packs populate `imports.extracted` but the file-level resolver is a no-op — Rust's `use` paths and C#'s `using` namespaces don't map 1:1 to source files. Downstream analyses that need an edge graph (reachability for dep-vulns, import-graph credit for test-gaps) degrade to conservative defaults for these two languages. Resolvers are planned; see Phase 10i-L.2 in the roadmap.
162
171
 
163
172
  ✅ full support. Multi-language repos fully supported — every detected language's tools run, and dep-vuln counts aggregate across all language packs via the `depVulns` capability (pip-audit findings don't silently replace npm-audit ones).
164
173
 
@@ -187,9 +196,15 @@ Running `init` auto-detects your tech stack and generates a complete `.claude/`
187
196
  CLAUDE.md # Main context file for Claude Code
188
197
  .ai/
189
198
  sessions/ # Session checkpoints
190
- reports/ # Generated reports (health, vulnerabilities, etc.)
199
+ features/ # Feature-planning docs produced by `/feature`
200
+ .dxkit/
201
+ reports/ # Generated analyzer output (health, bom, licenses, …)
202
+ .dxkit-ignore # Extra analyzer-only exclusions (on top of .gitignore)
203
+ .dxkit-suppressions.json # Silence known-false positives (gitleaks, semgrep)
191
204
  ```
192
205
 
206
+ The `.dxkit/` directory holds analyzer state and was split out from `.ai/` in v2.3.0 so tool output (regeneratable, safe to gitignore) is separated from agent context (session history, feature plans).
207
+
193
208
  ### Slash commands → native CLI delegation
194
209
 
195
210
  The scaffolded slash commands (`/health`, `/vulnerabilities`, `/test-gaps`, `/quality`, `/dev-report`) use a three-tier fallback:
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,SAAS,CAAC;AAEhE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;0EAMsE;IACtE,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;;;yCAKqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,SAAS,CAAC,CAqDpB;AAiCD;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAoD9F;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAsP1E"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AASH,OAAO,KAAK,EAAY,SAAS,EAAe,MAAM,SAAS,CAAC;AAEhE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,WAAW,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;0EAMsE;IACtE,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB;;;;;yCAKqC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,SAAS,CAAC,CA4DpB;AAiCD;;;;;GAKG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE,CAoD9F;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAsP1E"}
@@ -53,6 +53,7 @@ exports.buildTriageRows = buildTriageRows;
53
53
  exports.formatBomReport = formatBomReport;
54
54
  const path = __importStar(require("path"));
55
55
  const detect_1 = require("../../detect");
56
+ const fingerprint_1 = require("../tools/fingerprint");
56
57
  const runner_1 = require("../tools/runner");
57
58
  const discovery_1 = require("./discovery");
58
59
  const gather_1 = require("./gather");
@@ -85,6 +86,11 @@ async function analyzeBom(repoPath, options = {}) {
85
86
  if (!e.joinedFromBoth)
86
87
  vulnOnlyPackages++;
87
88
  }
89
+ // Manifest of every advisory identity in the (post-filter) report.
90
+ // Drawn from `entries` rather than `rawEntries` so `filter=top-level`
91
+ // reports surface only the fingerprints the caller actually sees —
92
+ // diffing two filtered reports stays consistent.
93
+ const fingerprints = (0, fingerprint_1.collectFingerprints)(entries.flatMap((e) => e.vulns));
88
94
  return {
89
95
  repo: stack.projectName || path.basename(repoPath),
90
96
  analyzedAt: new Date().toISOString(),
@@ -102,6 +108,7 @@ async function analyzeBom(repoPath, options = {}) {
102
108
  filter,
103
109
  unfilteredTotalPackages: rawEntries.length,
104
110
  projectRoots,
111
+ fingerprints,
105
112
  },
106
113
  entries,
107
114
  toolsUsed,
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiCH,gCAwDC;AAgED,0CAoDC;AAED,0CAsPC;AAncD,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AACvF,6CAA8E;AA0BvE,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,qEAAqE;IACrE,kEAAkE;IAClE,2CAA2C;IAC3C,uBAAuB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEnC,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,qFAAqF;YACrF,iFAAiF;YACjF,oFAAoF;YACpF,iFAAiF;YACjF,sEAAsE,CACzE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,CAAW,EAAE,MAAiB;IAC7D,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC;YACxD,IAAI,GAAG,IAAI,QAAQ;gBAAE,YAAY,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE;gBAAE,UAAU,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GACf,YAAY,KAAK,CAAC;QAChB,CAAC,CAAC,kFAAkF;QACpF,CAAC,CAAC,QAAQ,YAAY,gBAAgB,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,mFAAmF,CAAC;IAC3J,CAAC,CAAC,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC,CAAC;IAE3B,CAAC,CAAC,IAAI,CACJ,UAAU,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,sCAAsC,CACjG,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,uCAAuC,CAAC,CAAC;IAC/E,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,iCAAiC,CAAC,CAAC;IACjF,CAAC,CAAC,IAAI,CACJ,8BAA8B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mCAAmC,EAAE,CAC9G,CAAC;IAEF,YAAY;IACZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,OAAO,CACrD,CAAC,MAAM,CAAC;IACT,CAAC,CAAC,IAAI,CACJ,wBAAwB,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,yBAAyB,CAClG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CACxC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC,CAAC,IAAI,CACJ,wCAAwC,IAAI,uBAAuB,CAAC,CAAC,aAAa,sBAAsB,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAClL,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/bom/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCH,gCA+DC;AAgED,0CAoDC;AAED,0CAsPC;AA3cD,2CAA6B;AAC7B,yCAAsC;AACtC,sDAA2D;AAC3D,4CAAsC;AACtC,2CAAmD;AACnD,qCAAuF;AACvF,6CAA8E;AA0BvE,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,UAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;IACtC,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IAC9F,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,EAAE,GAAG,YAAY,CAAC;IAExF,oEAAoE;IACpE,mEAAmE;IACnE,gEAAgE;IAChE,qBAAqB;IACrB,MAAM,aAAa,GAAG,IAAA,2BAAkB,EAAC,UAAU,CAAC,CAAC;IAErD,MAAM,MAAM,GAAc,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC;IAClD,MAAM,OAAO,GACX,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzF,MAAM,UAAU,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC5F,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,WAAW,CAAC;gBAAE,eAAe,EAAE,CAAC;QACjE,CAAC;QACD,eAAe,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,gBAAgB,EAAE,CAAC;IAC5C,CAAC;IAED,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,iDAAiD;IACjD,MAAM,YAAY,GAAG,IAAA,iCAAmB,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAE1E,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,aAAa,EAAE,GAAG;QAClB,OAAO,EAAE;YACP,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,UAAU;YACV,kBAAkB;YAClB,eAAe;YACf,eAAe;YACf,gBAAgB;YAChB,aAAa;YACb,MAAM;YACN,uBAAuB,EAAE,UAAU,CAAC,MAAM;YAC1C,YAAY;YACZ,YAAY;SACb;QACD,OAAO;QACP,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAA,gCAAoB,EAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,gEAAgE;QAChE,wDAAwD;QACxD,OAAO,IAAA,yBAAgB,EAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,GAAG;QAChD,MAAM,EAAE,MAAM,IAAA,yBAAgB,EAAC,OAAO,CAAC;KACxC,CAAC,CAAC,CACJ,CAAC;IACF,OAAO,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,SAAS,GAAgC;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAgBF;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,MAAiB,EAAE,KAAa,EAAE,OAAe;IAW/E,MAAM,IAAI,GAAW,EAAE,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;gBAAE,SAAS;YAC9C,IAAI,CAAC,CAAC,SAAS,GAAG,OAAO;gBAAE,SAAS;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,gBAAgB,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE;gBAC7C,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,IAAI,EAAE,CAAC,CAAC,SAAS;gBACjB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,aAAa,EAAE,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,CAAC,SAAS,KAAK,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5D,+DAA+D;QAC/D,sCAAsC;QACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxF,OAAO;YACL,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,SAAS;YACT,GAAG;SACJ,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,MAAiB,EAAE,OAAe;IAChE,MAAM,CAAC,GAAa,EAAE,CAAC;IAEvB,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,qEAAqE;IACrE,kEAAkE;IAClE,2CAA2C;IAC3C,uBAAuB,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEnC,+DAA+D;IAC/D,kEAAkE;IAClE,4DAA4D;IAC5D,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,OAAO,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,gBAAgB;YAC9E,8EAA8E;YAC9E,yDAAyD,CAC5D,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,CAAC,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC5D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,CAAC,CAAC,IAAI,CACJ,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,gBAAgB,QAAQ,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,GAAG,IAAI,CAC/G,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,UAAU;IACV,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,CAAC,CAAC,IAAI,CACJ,uBAAuB,CAAC,CAAC,YAAY,CAAC,MAAM,qBAAqB;YAC/D,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,aAAa,6BAA6B,CAAC,CAAC,uBAAuB,kDAAkD;YAC1H,+EAA+E;YAC/E,uCAAuC,CAC1C,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,yDAAyD,CAAC,CAAC;IACxF,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,kBAAkB,4CAA4C;YACnE,KAAK,CAAC,CAAC,eAAe,yBAAyB;YAC/C,oEAAoE;YACpE,+BAA+B;YAC/B,KAAK,CAAC,CAAC,eAAe,sDAAsD,CAC/E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,+DAA+D;YAC7D,sCAAsC,CAAC,CAAC,eAAe,mBAAmB;YAC1E,qBAAqB,CAAC,CAAC,kBAAkB,uBAAuB;YAChE,+BAA+B,CAClC,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,IAAI,CAAC,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3B,CAAC,CAAC,IAAI,CACJ,QAAQ,CAAC,CAAC,gBAAgB,2DAA2D;YACnF,sEAAsE;YACtE,qEAAqE,CACxE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oEAAoE;IACpE,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,sEAAsE;YACpE,sEAAsE;YACtE,gEAAgE,CACnE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,qFAAqF;YACrF,iFAAiF;YACjF,oFAAoF;YACpF,iFAAiF;YACjF,sEAAsE,CACzE,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YACvC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;QACF,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,CAAC,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAC;QAC1F,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,CAAC,CAAC;YACjB,MAAM,OAAO,GACX,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM;gBACxB,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,OAAO;gBAClF,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa,MAAM,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,MAAM,CAAC,MAAM,6CAA6C,CAAC,CAAC;QAC3F,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,iEAAiE;IACjE,IAAI,CAAC,CAAC,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qFAAqF;YACnF,uFAAuF;YACvF,yEAAyE,CAC5E,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAU,EAAE;YACtC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;YACd,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,IAAI;oBAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC;YAChF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QACF,MAAM,IAAI,GAAe,MAAM,CAAC,OAAO;aACpC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,oBAAoB;YACnD,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAC1F,CAAC;QACJ,CAAC,CAAC,CAAC;QACL,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,CAAC,CAAC,IAAI,CACJ,oGAAoG,CACrG,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,wEAAwE;YACxE,8DAA8D;YAC9D,iEAAiE;YACjE,gDAAgD;YAChD,MAAM,QAAQ,GACZ,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACjF,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,kCAAkC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,8DAA8D;YAC9D,2DAA2D;YAC3D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,iEAAiE;YACjE,8DAA8D;YAC9D,mDAAmD;YACnD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5D,CAAC,CAAC,IAAI,CACJ,KAAK,QAAQ,MAAM,SAAS,CAAC,CAAC,CAAC,WAAY,CAAC,MAAM,QAAQ,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,WAAW,MAAM,CAAC,CAAC,KAAK,CAAC,MAAM,MAAM,OAAO,MAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IAAI,CAC5L,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,YAAY,GAAG,OAAO,IAAI,CAAC,MAAM,gGAAgG,CAClI,CAAC;QACJ,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAEzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,CAAW,EAAE,MAAiB;IAC7D,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,2EAA2E;IAC3E,qEAAqE;IACrE,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC;YACxD,IAAI,GAAG,IAAI,QAAQ;gBAAE,YAAY,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE;gBAAE,UAAU,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GACf,YAAY,KAAK,CAAC;QAChB,CAAC,CAAC,kFAAkF;QACpF,CAAC,CAAC,QAAQ,YAAY,gBAAgB,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,mFAAmF,CAAC;IAC3J,CAAC,CAAC,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC,CAAC;IAE3B,CAAC,CAAC,IAAI,CACJ,UAAU,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,sCAAsC,CACjG,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,IAAA,yBAAY,EAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,uCAAuC,CAAC,CAAC;IAC/E,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,iCAAiC,CAAC,CAAC;IACjF,CAAC,CAAC,IAAI,CACJ,8BAA8B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,mCAAmC,EAAE,CAC9G,CAAC;IAEF,YAAY;IACZ,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,0BAAa,EAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,OAAO,CACrD,CAAC,MAAM,CAAC;IACT,CAAC,CAAC,IAAI,CACJ,wBAAwB,UAAU,WAAW,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,yBAAyB,CAClG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,MAAM,QAAQ,GAAgC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1F,OAAO,CACL,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CACxC,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC,CAAC,IAAI,CACJ,wCAAwC,IAAI,uBAAuB,CAAC,CAAC,aAAa,sBAAsB,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,WAAW,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAClL,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACb,CAAC"}
@@ -115,6 +115,17 @@ export interface BomReport {
115
115
  * distinct. When nested scan is disabled or only one root was
116
116
  * found, this is `["."]` so consumers can treat it uniformly. */
117
117
  projectRoots: string[];
118
+ /** Sorted, deduplicated list of every advisory `fingerprint`
119
+ * covered by this report. Each fingerprint is a stable hash of
120
+ * `(package, installedVersion, id)` stamped by the cross-pack
121
+ * dep-vuln aggregator. Consumers diff two reports by set
122
+ * difference on this list — added fingerprints are new
123
+ * advisories, removed ones are resolved. The per-finding
124
+ * fingerprint also lives on each `BomEntry.vulns[].fingerprint`
125
+ * for attribution; this field is a convenience manifest so
126
+ * external tooling (suppressions, CI gates, upgrade bots) can
127
+ * diff without walking every entry. */
128
+ fingerprints: string[];
118
129
  };
119
130
  entries: ReadonlyArray<BomEntry>;
120
131
  toolsUsed: string[];
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEjE,MAAM,WAAW,QAAQ;IAEvB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAGhB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,KAAK,EAAE,cAAc,EAAE,CAAC;IAExB;uEACmE;IACnE,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAEhC;;;gDAG4C;IAC5C,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;oEAIgE;IAChE,cAAc,EAAE,OAAO,CAAC;IAExB;;;;;mEAK+D;IAC/D,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;;mBAQe;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,aAAa,EAAE,MAAM,CAAC;IACtB,wDAAwD;IACxD,WAAW,EAAE,WAAW,CAAC;IACzB;wEACoE;IACpE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,aAAa,EAAE,GAAG,CAAC;IACnB,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB;;qCAE6B;QAC7B,UAAU,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACxC;;sDAE8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B;oEAC4D;QAC5D,eAAe,EAAE,MAAM,CAAC;QACxB;;;2DAGmD;QACnD,eAAe,EAAE,MAAM,CAAC;QACxB;wDACgD;QAChD,gBAAgB,EAAE,MAAM,CAAC;QACzB;;;;;oEAK4D;QAC5D,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACjD;wEACgE;QAChE,MAAM,EAAE,KAAK,GAAG,WAAW,CAAC;QAC5B;;;mCAG2B;QAC3B,uBAAuB,EAAE,MAAM,CAAC;QAChC;;;0EAGkE;QAClE,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,OAAO,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IACjC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analyzers/bom/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEjE,MAAM,WAAW,QAAQ;IAEvB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAGhB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,KAAK,EAAE,cAAc,EAAE,CAAC;IAExB;uEACmE;IACnE,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IAEhC;;;gDAG4C;IAC5C,aAAa,EAAE,MAAM,CAAC;IAEtB;;;;oEAIgE;IAChE,cAAc,EAAE,OAAO,CAAC;IAExB;;;;;mEAK+D;IAC/D,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;;mBAQe;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,aAAa,EAAE,MAAM,CAAC;IACtB,wDAAwD;IACxD,WAAW,EAAE,WAAW,CAAC;IACzB;wEACoE;IACpE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,aAAa,EAAE,GAAG,CAAC;IACnB,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB;;qCAE6B;QAC7B,UAAU,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACxC;;sDAE8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B;oEAC4D;QAC5D,eAAe,EAAE,MAAM,CAAC;QACxB;;;2DAGmD;QACnD,eAAe,EAAE,MAAM,CAAC;QACxB;wDACgD;QAChD,gBAAgB,EAAE,MAAM,CAAC;QACzB;;;;;oEAK4D;QAC5D,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACjD;wEACgE;QAChE,MAAM,EAAE,KAAK,GAAG,WAAW,CAAC;QAC5B;;;mCAG2B;QAC3B,uBAAuB,EAAE,MAAM,CAAC;QAChC;;;0EAGkE;QAClE,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB;;;;;;;;;gDASwC;QACxC,YAAY,EAAE,MAAM,EAAE,CAAC;KACxB,CAAC;IACF,OAAO,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IACjC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B"}
@@ -1 +1 @@
1
- {"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAe1D;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACxD,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAeD;AAID,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CAuCjE;AAID;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7D,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAeD;AAcD;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAyFzE"}
1
+ {"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAe1D;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACxD,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAeD;AAID,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CAuCjE;AAID;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7D,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAeD;AAcD;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAuGzE"}
@@ -15,10 +15,12 @@ exports.gatherDepVulns = gatherDepVulns;
15
15
  */
16
16
  const runner_1 = require("../tools/runner");
17
17
  const epss_1 = require("../tools/epss");
18
+ const fingerprint_1 = require("../tools/fingerprint");
18
19
  const kev_1 = require("../tools/kev");
19
20
  const osv_1 = require("../tools/osv");
20
21
  const reachability_1 = require("../tools/reachability");
21
22
  const risk_score_1 = require("../tools/risk-score");
23
+ const upgrade_plan_resolver_1 = require("../tools/upgrade-plan-resolver");
22
24
  const exclusions_1 = require("../tools/exclusions");
23
25
  const dispatcher_1 = require("../dispatcher");
24
26
  const languages_1 = require("../../languages");
@@ -154,6 +156,11 @@ async function gatherDepVulns(cwd) {
154
156
  // alias list including the CVE. One OSV roundtrip resolves the
155
157
  // whole batch; one EPSS roundtrip scores them all.
156
158
  const findings = envelope.findings ?? [];
159
+ // Stamp durable identity on every finding before enrichment. The hash
160
+ // inputs are package/version/id only, so stamping is independent of
161
+ // EPSS/KEV/reachability results — keeps `fingerprint` stable across
162
+ // runs even if enrichment tooling changes underneath.
163
+ (0, fingerprint_1.stampFingerprints)(findings);
157
164
  if (findings.length > 0) {
158
165
  const cveByFinding = new Map();
159
166
  const needsAliasLookup = [];
@@ -204,6 +211,14 @@ async function gatherDepVulns(cwd) {
204
211
  (0, reachability_1.markReachable)(findings, reachable);
205
212
  }
206
213
  }
214
+ // Cross-pack upgrade-plan resolver (Phase 10h.6.4). Runs after
215
+ // per-pack Tier-2 tools have stamped what they can, and before
216
+ // risk scoring so the composite riskScore can factor in the
217
+ // "actionable" bit (future 10h.9.2 CI gate uses it too). Fills
218
+ // gaps by (a) reconciling advisories across plans' `patches[]`
219
+ // lists and (b) parsing the npm-audit transitive-fix free-text
220
+ // template into a structured plan when no tool produced one.
221
+ (0, upgrade_plan_resolver_1.resolveTransitiveUpgradePlans)(findings);
207
222
  // Composite riskScore = f(cvss, epss, kev, reachable). Runs last
208
223
  // so every signal is populated. Formula is documented in
209
224
  // risk-score.ts; skipped for findings without CVSS so we don't
@@ -1 +1 @@
1
- {"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AAsCA,sCAkBC;AAID,gDAuCC;AAWD,gDAkBC;AAuBD,wCAyFC;AAhPD;;;;;;;;GAQG;AACH,4CAAsC;AACtC,wCAAyD;AACzD,sCAAyC;AACzC,sCAA8C;AAC9C,wDAAgF;AAChF,oDAAoD;AACpD,oDAA0D;AAE1D,8CAAkD;AAClD,+CAAwD;AACxD,0EAKkD;AAClD,+DAA4D;AAI5D,gFAAgF;AAEhF;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAW;IAI7C,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,QAAiB;QAC3B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;QAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAIlD,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,2BAAa,EAAE,IAAA,2BAAY,EAAC,2BAAa,CAAC,CAAC,CAAC;IAC/F,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAe;QACzB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,MAAM,eAAe,GAAmB;IACtC,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF;;;;;;;;GAQG;AACI,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,SAAS,GAAwC,EAAE,CAAC;IAC1D,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,uBAAS,EAAE,SAAS,CAAC,CAAC;IAC3E,IAAI,CAAC,QAAQ;QAAE,OAAO,eAAe,CAAC;IAEtC,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mEAAmE;IACnE,kEAAkE;IAClE,gDAAgD;IAChD,EAAE;IACF,gEAAgE;IAChE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,mDAAmD;IACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAc,EAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9E,KAAK,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;gBACtD,IAAI,GAAG;oBAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QACD,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvD,+DAA+D;YAC/D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAA,iBAAU,EAAC,UAAU,CAAC,EAAE,IAAA,eAAS,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7F,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,KAAK,KAAK,SAAS;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC;YACjD,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,kEAAkE;QAClE,+DAA+D;QAC/D,2DAA2D;QAC3D,gEAAgE;QAChE,uBAAuB;QACvB,MAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC;QAC/C,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,gBAAgB,CAAC,CAAC;YACvF,IAAI,eAAe,IAAI,eAAe,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,IAAA,uCAAwB,EAAC,eAAe,CAAC,CAAC;gBAC5D,IAAA,4BAAa,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,yDAAyD;QACzD,+DAA+D;QAC/D,wCAAwC;QACxC,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC;IACxD,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,KAAK,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG;QACrC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ;KACT,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AAwCA,sCAkBC;AAID,gDAuCC;AAWD,gDAkBC;AAuBD,wCAuGC;AAhQD;;;;;;;;GAQG;AACH,4CAAsC;AACtC,wCAAyD;AACzD,sDAAyD;AACzD,sCAAyC;AACzC,sCAA8C;AAC9C,wDAAgF;AAChF,oDAAoD;AACpD,0EAA+E;AAC/E,oDAA0D;AAE1D,8CAAkD;AAClD,+CAAwD;AACxD,0EAKkD;AAClD,+DAA4D;AAI5D,gFAAgF;AAEhF;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAW;IAI7C,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,QAAiB;QAC3B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;QAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAIlD,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,2BAAa,EAAE,IAAA,2BAAY,EAAC,2BAAa,CAAC,CAAC,CAAC;IAC/F,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAe;QACzB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,MAAM,eAAe,GAAmB;IACtC,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF;;;;;;;;GAQG;AACI,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,SAAS,GAAwC,EAAE,CAAC;IAC1D,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,uBAAS,EAAE,SAAS,CAAC,CAAC;IAC3E,IAAI,CAAC,QAAQ;QAAE,OAAO,eAAe,CAAC;IAEtC,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mEAAmE;IACnE,kEAAkE;IAClE,gDAAgD;IAChD,EAAE;IACF,gEAAgE;IAChE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,mDAAmD;IACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IACzC,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,sDAAsD;IACtD,IAAA,+BAAiB,EAAC,QAAQ,CAAC,CAAC;IAC5B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAc,EAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9E,KAAK,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;gBACtD,IAAI,GAAG;oBAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QACD,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvD,+DAA+D;YAC/D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAA,iBAAU,EAAC,UAAU,CAAC,EAAE,IAAA,eAAS,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7F,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,KAAK,KAAK,SAAS;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC;YACjD,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,kEAAkE;QAClE,+DAA+D;QAC/D,2DAA2D;QAC3D,gEAAgE;QAChE,uBAAuB;QACvB,MAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC;QAC/C,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,gBAAgB,CAAC,CAAC;YACvF,IAAI,eAAe,IAAI,eAAe,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,IAAA,uCAAwB,EAAC,eAAe,CAAC,CAAC;gBAC5D,IAAA,4BAAa,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,4DAA4D;QAC5D,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,6DAA6D;QAC7D,IAAA,qDAA6B,EAAC,QAAQ,CAAC,CAAC;QAExC,iEAAiE;QACjE,yDAAyD;QACzD,+DAA+D;QAC/D,wCAAwC;QACxC,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC;IACxD,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,KAAK,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG;QACrC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ;KACT,CAAC;AACJ,CAAC"}
@@ -0,0 +1,63 @@
1
+ /**
2
+ * Advisory fingerprints — durable per-finding identity across runs.
3
+ *
4
+ * The dispatcher's dep-vuln aggregator (src/analyzers/security/gather.ts)
5
+ * stamps every finding with a stable hash of `(package, installedVersion,
6
+ * id)` before scoring + reporting. The same advisory against the same
7
+ * installed version produces the same fingerprint on every run, so
8
+ * consumers (agent-driven upgrade bots, suppressions, CI gates) can diff
9
+ * a current bom against a stored prior to detect:
10
+ *
11
+ * - new advisories (fingerprint present now, absent before)
12
+ * - resolved advisories (fingerprint absent now, present before)
13
+ * - unchanged advisories (fingerprint in both sets)
14
+ *
15
+ * Excluded from the hash:
16
+ * - severity / cvssScore — re-scoring the same advisory against the
17
+ * same install must not mint a new identity
18
+ * - enrichment fields (epssScore, kev, reachable, riskScore) — same
19
+ * reason; these are signals about the advisory, not part of it
20
+ * - producer `tool` — the same advisory hit by two producers (e.g.
21
+ * npm-audit + snyk) should collapse to one identity
22
+ * - `upgradeAdvice` / `upgradePlan` — resolution suggestions change
23
+ * across releases of the fix tooling; identity must outlive them
24
+ *
25
+ * Format: 16-char lowercase hex (first 8 bytes of SHA-1). Short enough
26
+ * to embed inline in reports, long enough to make collisions between
27
+ * non-identical tuples effectively impossible for repo-scale sets.
28
+ */
29
+ import type { DepVulnFinding } from '../../languages/capabilities/types';
30
+ /**
31
+ * Stable 16-char hex fingerprint for one DepVulnFinding. Input tuple
32
+ * is NUL-separated (not present in any legal package / version / id)
33
+ * so distinct tuples can never collide via concatenation tricks.
34
+ *
35
+ * `installedVersion` is normalized to the empty string when absent so
36
+ * version-less findings (rare — some providers omit it when the lock
37
+ * file is missing) still get a deterministic fingerprint instead of
38
+ * mixing an ambient `undefined` into the hash input.
39
+ */
40
+ export declare function computeFingerprint(finding: Pick<DepVulnFinding, 'package' | 'installedVersion' | 'id'>): string;
41
+ /**
42
+ * Stamp `fingerprint` on every finding in place. Called once in
43
+ * `gatherDepVulns` after cross-pack merge + enrichment so every
44
+ * downstream consumer (bom, security/detailed, JSON export) sees a
45
+ * fully-stamped finding.
46
+ *
47
+ * Idempotent: re-stamping a finding that already has a fingerprint
48
+ * overwrites it with the same value. Safe to call multiple times,
49
+ * though the gather path only invokes it once.
50
+ */
51
+ export declare function stampFingerprints(findings: DepVulnFinding[]): void;
52
+ /**
53
+ * Sorted, deduplicated fingerprint list for a set of findings. Used by
54
+ * `analyzeBom` to populate `BomReport.summary.fingerprints` — a single
55
+ * manifest of every advisory identity the report covers, convenient
56
+ * for external diff tooling without walking `entries[].vulns[]`.
57
+ *
58
+ * Silently skips findings missing a fingerprint (should not happen
59
+ * post-gather, but a safety net against a future producer that emits
60
+ * findings outside the `gatherDepVulns` path).
61
+ */
62
+ export declare function collectFingerprints(findings: ReadonlyArray<DepVulnFinding>): string[];
63
+ //# sourceMappingURL=fingerprint.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,SAAS,GAAG,kBAAkB,GAAG,IAAI,CAAC,GACnE,MAAM,CAGR;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI,CAIlE;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,CAAC,GAAG,MAAM,EAAE,CAMrF"}
@@ -0,0 +1,82 @@
1
+ "use strict";
2
+ /**
3
+ * Advisory fingerprints — durable per-finding identity across runs.
4
+ *
5
+ * The dispatcher's dep-vuln aggregator (src/analyzers/security/gather.ts)
6
+ * stamps every finding with a stable hash of `(package, installedVersion,
7
+ * id)` before scoring + reporting. The same advisory against the same
8
+ * installed version produces the same fingerprint on every run, so
9
+ * consumers (agent-driven upgrade bots, suppressions, CI gates) can diff
10
+ * a current bom against a stored prior to detect:
11
+ *
12
+ * - new advisories (fingerprint present now, absent before)
13
+ * - resolved advisories (fingerprint absent now, present before)
14
+ * - unchanged advisories (fingerprint in both sets)
15
+ *
16
+ * Excluded from the hash:
17
+ * - severity / cvssScore — re-scoring the same advisory against the
18
+ * same install must not mint a new identity
19
+ * - enrichment fields (epssScore, kev, reachable, riskScore) — same
20
+ * reason; these are signals about the advisory, not part of it
21
+ * - producer `tool` — the same advisory hit by two producers (e.g.
22
+ * npm-audit + snyk) should collapse to one identity
23
+ * - `upgradeAdvice` / `upgradePlan` — resolution suggestions change
24
+ * across releases of the fix tooling; identity must outlive them
25
+ *
26
+ * Format: 16-char lowercase hex (first 8 bytes of SHA-1). Short enough
27
+ * to embed inline in reports, long enough to make collisions between
28
+ * non-identical tuples effectively impossible for repo-scale sets.
29
+ */
30
+ Object.defineProperty(exports, "__esModule", { value: true });
31
+ exports.computeFingerprint = computeFingerprint;
32
+ exports.stampFingerprints = stampFingerprints;
33
+ exports.collectFingerprints = collectFingerprints;
34
+ const crypto_1 = require("crypto");
35
+ /**
36
+ * Stable 16-char hex fingerprint for one DepVulnFinding. Input tuple
37
+ * is NUL-separated (not present in any legal package / version / id)
38
+ * so distinct tuples can never collide via concatenation tricks.
39
+ *
40
+ * `installedVersion` is normalized to the empty string when absent so
41
+ * version-less findings (rare — some providers omit it when the lock
42
+ * file is missing) still get a deterministic fingerprint instead of
43
+ * mixing an ambient `undefined` into the hash input.
44
+ */
45
+ function computeFingerprint(finding) {
46
+ const input = `${finding.package}\0${finding.installedVersion ?? ''}\0${finding.id}`;
47
+ return (0, crypto_1.createHash)('sha1').update(input).digest('hex').slice(0, 16);
48
+ }
49
+ /**
50
+ * Stamp `fingerprint` on every finding in place. Called once in
51
+ * `gatherDepVulns` after cross-pack merge + enrichment so every
52
+ * downstream consumer (bom, security/detailed, JSON export) sees a
53
+ * fully-stamped finding.
54
+ *
55
+ * Idempotent: re-stamping a finding that already has a fingerprint
56
+ * overwrites it with the same value. Safe to call multiple times,
57
+ * though the gather path only invokes it once.
58
+ */
59
+ function stampFingerprints(findings) {
60
+ for (const f of findings) {
61
+ f.fingerprint = computeFingerprint(f);
62
+ }
63
+ }
64
+ /**
65
+ * Sorted, deduplicated fingerprint list for a set of findings. Used by
66
+ * `analyzeBom` to populate `BomReport.summary.fingerprints` — a single
67
+ * manifest of every advisory identity the report covers, convenient
68
+ * for external diff tooling without walking `entries[].vulns[]`.
69
+ *
70
+ * Silently skips findings missing a fingerprint (should not happen
71
+ * post-gather, but a safety net against a future producer that emits
72
+ * findings outside the `gatherDepVulns` path).
73
+ */
74
+ function collectFingerprints(findings) {
75
+ const set = new Set();
76
+ for (const f of findings) {
77
+ if (f.fingerprint)
78
+ set.add(f.fingerprint);
79
+ }
80
+ return [...set].sort();
81
+ }
82
+ //# sourceMappingURL=fingerprint.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"fingerprint.js","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAeH,gDAKC;AAYD,8CAIC;AAYD,kDAMC;AApDD,mCAAoC;AAGpC;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,OAAoE;IAEpE,MAAM,KAAK,GAAG,GAAG,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,gBAAgB,IAAI,EAAE,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;IACrF,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,iBAAiB,CAAC,QAA0B;IAC1D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,CAAC,CAAC,WAAW,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CAAC,QAAuC;IACzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC"}