audit-trace 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -0
- package/dist/cli.js +55 -2
- package/dist/cli.js.map +1 -1
- package/dist/core/audit-parser/normalize.d.ts.map +1 -1
- package/dist/core/audit-parser/normalize.js +7 -0
- package/dist/core/audit-parser/normalize.js.map +1 -1
- package/dist/ink/ReportTui.d.ts.map +1 -1
- package/dist/ink/ReportTui.js +5 -1
- package/dist/ink/ReportTui.js.map +1 -1
- package/dist/output/brief-reporter.d.ts +42 -0
- package/dist/output/brief-reporter.d.ts.map +1 -0
- package/dist/output/brief-reporter.js +291 -0
- package/dist/output/brief-reporter.js.map +1 -0
- package/dist/output/finding-meta.d.ts +15 -0
- package/dist/output/finding-meta.d.ts.map +1 -0
- package/dist/output/finding-meta.js +39 -0
- package/dist/output/finding-meta.js.map +1 -0
- package/dist/output/html-reporter.d.ts.map +1 -1
- package/dist/output/html-reporter.js +9 -2
- package/dist/output/html-reporter.js.map +1 -1
- package/dist/output/markdown-reporter.d.ts.map +1 -1
- package/dist/output/markdown-reporter.js +9 -1
- package/dist/output/markdown-reporter.js.map +1 -1
- package/dist/output/terminal-renderer.d.ts.map +1 -1
- package/dist/output/terminal-renderer.js +9 -0
- package/dist/output/terminal-renderer.js.map +1 -1
- package/package.json +5 -2
package/README.md
CHANGED
|
@@ -2,6 +2,21 @@
|
|
|
2
2
|
|
|
3
3
|
`audit-trace` is a local-first CLI for **npm / pnpm / Yarn** projects. It combines **lockfile-aware dependency graphs** with **audit output** so you can see **which top-level dependencies introduce a vulnerable package**, short **remediation hints**, and **CI-friendly diagnostics** (structured `CiDiagnostic` codes for logs, job summaries, or PR comments).
|
|
4
4
|
|
|
5
|
+
## Why use this instead of `npm audit` (alone)?
|
|
6
|
+
|
|
7
|
+
`npm audit` is good at one thing: **surfacing advisories** for what is installed. It is weaker at **explaining** them in a way that matches how teams actually fix issues:
|
|
8
|
+
|
|
9
|
+
| What you often need | `npm audit` | `audit-trace` |
|
|
10
|
+
|---------------------|-------------|---------------|
|
|
11
|
+
| **Who owns it?** Which direct dependency pulled in the vulnerable package? | Usually a flat or cryptic path; easy to lose the chain in large trees | **Ownership paths** from the lockfile graph, **grouped** so shared prefixes are not repeated dozens of times |
|
|
12
|
+
| **Clarity** | Severity and package names, but little narrative structure | **Merged dependency trie**, **severity-colored** vulnerable leaves, and **prod / dev** context where the graph allows it |
|
|
13
|
+
| **Action** | “Run npm audit fix” / generic hints | **Remediation-oriented** suggestions (e.g. overrides) when the advisory data supports it |
|
|
14
|
+
| **CI** | Exit codes and JSON, often with little **why** | **`--ci`** + **`diagnostics`** you can pipe to summaries or PR comments; **`--ci-verbose`** for a short human explanation |
|
|
15
|
+
|
|
16
|
+
**Simplicity** here means: one run gives you a **single, readable view**—what is wrong, **where it enters the tree**, and how serious it is—without hunting through `node_modules` or reconstructing chains manually. **Explainability** means: the tool combines **graph + audit**, not audit alone, so answers read as “*this direct dependency → this chain → this package (severity)*” instead of a flat list of advisories.
|
|
17
|
+
|
|
18
|
+
`audit-trace` **does not replace** the registry advisory source: it still relies on your package manager’s audit (or a saved `--audit-file`). It **adds** structure, ownership, and reporting on top.
|
|
19
|
+
|
|
5
20
|
## Requirements
|
|
6
21
|
|
|
7
22
|
- Node.js **18+**
|
package/dist/cli.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import { Command } from "commander";
|
|
3
|
-
import { resolve } from "node:path";
|
|
3
|
+
import { resolve, basename } from "node:path";
|
|
4
4
|
import { readFile } from "node:fs/promises";
|
|
5
5
|
import ora from "ora";
|
|
6
6
|
import { analyze } from "./lib/analyze.js";
|
|
@@ -8,6 +8,7 @@ import { renderPretty, printCiSummary } from "./output/terminal-renderer.js";
|
|
|
8
8
|
import { toJsonReport } from "./output/json-reporter.js";
|
|
9
9
|
import { toMarkdownReport } from "./output/markdown-reporter.js";
|
|
10
10
|
import { toHtmlReport } from "./output/html-reporter.js";
|
|
11
|
+
import { buildBriefReport, toBriefJson, toBriefMarkdown } from "./output/brief-reporter.js";
|
|
11
12
|
import { loadLockfileGraph } from "./core/graph-engine/load-lockfile.js";
|
|
12
13
|
import { buildIndexes, dfsAllPathsWithLimit, impactSet, shortestPathFromRoots, } from "./core/graph-engine/traverse.js";
|
|
13
14
|
import { diffLockfiles } from "./integrations/lockfile-diff/compare.js";
|
|
@@ -48,7 +49,7 @@ program
|
|
|
48
49
|
runtimeEntry: opts.entry,
|
|
49
50
|
assumeReachable: opts.assumeReachable,
|
|
50
51
|
});
|
|
51
|
-
spin.succeed("Done");
|
|
52
|
+
spin.succeed(report.findings.length === 0 ? "Clean — no vulnerabilities found" : "Done");
|
|
52
53
|
if (workspace.isMonorepo) {
|
|
53
54
|
process.stderr.write(`Monorepo markers: ${JSON.stringify(workspace.tools)}\n`);
|
|
54
55
|
}
|
|
@@ -78,6 +79,58 @@ program
|
|
|
78
79
|
if (opts.ci)
|
|
79
80
|
process.exit(exitCode);
|
|
80
81
|
});
|
|
82
|
+
program
|
|
83
|
+
.command("brief")
|
|
84
|
+
.description("AI-ready security brief with prioritized fix plan")
|
|
85
|
+
.option("-C, --cwd <dir>", "project root", process.cwd())
|
|
86
|
+
.option("--top <n>", "max action groups to include", "5")
|
|
87
|
+
.option("--prod-only", "filter devDependency paths when possible")
|
|
88
|
+
.option("--pkg <name>", "focus on one vulnerable package")
|
|
89
|
+
.option("--audit-file <path>", "read audit JSON instead of running pm audit")
|
|
90
|
+
.option("--pm <name>", "npm|pnpm|yarn")
|
|
91
|
+
.option("--json", "machine-readable JSON")
|
|
92
|
+
.option("--no-prompt", "omit the AI prompt block")
|
|
93
|
+
.action(async (opts) => {
|
|
94
|
+
const spin = ora("Analyzing…").start();
|
|
95
|
+
const cwd = resolve(opts.cwd);
|
|
96
|
+
const { report, ownership, workspace } = await analyze({
|
|
97
|
+
cwd,
|
|
98
|
+
useAuditFile: opts.auditFile,
|
|
99
|
+
pm: opts.pm,
|
|
100
|
+
prodOnly: opts.prodOnly,
|
|
101
|
+
});
|
|
102
|
+
const { lock } = await loadLockfileGraph(cwd);
|
|
103
|
+
const pm = opts.pm ?? (lock.kind === "pnpm" ? "pnpm" : lock.kind === "yarn" ? "yarn" : "npm");
|
|
104
|
+
const lockfileKind = lock.kind === "none"
|
|
105
|
+
? "none"
|
|
106
|
+
: lock.kind === "pnpm"
|
|
107
|
+
? "pnpm-lock.yaml"
|
|
108
|
+
: lock.kind === "yarn"
|
|
109
|
+
? "yarn.lock"
|
|
110
|
+
: "package-lock.json";
|
|
111
|
+
const brief = buildBriefReport(report.findings, ownership, report.remediation, report.graph, {
|
|
112
|
+
projectName: basename(cwd),
|
|
113
|
+
pm,
|
|
114
|
+
lockfileKind,
|
|
115
|
+
isMonorepo: workspace.isMonorepo,
|
|
116
|
+
}, {
|
|
117
|
+
top: Number(opts.top) || 5,
|
|
118
|
+
includePrompt: opts.prompt !== false,
|
|
119
|
+
focusPackage: opts.pkg,
|
|
120
|
+
});
|
|
121
|
+
spin.succeed(brief.status === "clean" ? "Clean — no vulnerabilities found" : "Done");
|
|
122
|
+
if (opts.json) {
|
|
123
|
+
process.stdout.write(toBriefJson(brief) + "\n");
|
|
124
|
+
}
|
|
125
|
+
else {
|
|
126
|
+
process.stdout.write(toBriefMarkdown(brief, {
|
|
127
|
+
top: Number(opts.top) || 5,
|
|
128
|
+
includePrompt: opts.prompt !== false,
|
|
129
|
+
focusPackage: opts.pkg,
|
|
130
|
+
}));
|
|
131
|
+
process.stdout.write("\n");
|
|
132
|
+
}
|
|
133
|
+
});
|
|
81
134
|
program
|
|
82
135
|
.command("why")
|
|
83
136
|
.argument("<pkg>", "package name")
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AACzE,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,SAAS,EACT,qBAAqB,GACtB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AACxE,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,0DAA0D,CAAC;KACvE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;KACtC,WAAW,CAAC,4CAA4C,CAAC;KACzD,MAAM,CAAC,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KACxD,MAAM,CAAC,QAAQ,EAAE,uBAAuB,CAAC;KACzC,MAAM,CAAC,YAAY,EAAE,iBAAiB,CAAC;KACvC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC;KAC/B,MAAM,CAAC,MAAM,EAAE,oCAAoC,CAAC;KACpD,MAAM,CAAC,cAAc,EAAE,gCAAgC,CAAC;KACxD,MAAM,CAAC,mBAAmB,EAAE,sCAAsC,EAAE,MAAM,CAAC;KAC3E,MAAM,CAAC,aAAa,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,qBAAqB,EAAE,6CAA6C,CAAC;KAC5E,MAAM,CAAC,aAAa,EAAE,eAAe,CAAC;KACtC,MAAM,CAAC,gBAAgB,EAAE,8CAA8C,CAAC;KACxE,MAAM,CAAC,oBAAoB,EAAE,mDAAmD,CAAC;KACjF,MAAM,CAAC,mBAAmB,EAAE,+BAA+B,CAAC;KAC5D,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,KAAK,EAAE,CAAC;IACvC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,CAAC;QAC/D,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,YAAY,EAAE,IAAI,CAAC,SAAS;QAC5B,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,KAAK;QACxB,eAAe,EAAE,IAAI,CAAC,eAAe;KACtC,CAAC,CAAC;IACH,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,MAAM,CAC3E,CAAC;IACF,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,YAAY,CAAC,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CACrE,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IACxD,CAAC;SAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE;YACrD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,OAAO,EAAE,IAAI,CAAC,SAAS;SACxB,CAAC,CACH,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,mDAAmD,CAAC;KAChE,MAAM,CAAC,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KACxD,MAAM,CAAC,WAAW,EAAE,8BAA8B,EAAE,GAAG,CAAC;KACxD,MAAM,CAAC,aAAa,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,cAAc,EAAE,iCAAiC,CAAC;KACzD,MAAM,CAAC,qBAAqB,EAAE,6CAA6C,CAAC;KAC5E,MAAM,CAAC,aAAa,EAAE,eAAe,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,uBAAuB,CAAC;KACzC,MAAM,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACjD,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,KAAK,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,OAAO,CAAC;QACrD,GAAG;QACH,YAAY,EAAE,IAAI,CAAC,SAAS;QAC5B,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAC;IAEH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,EAAE,GACN,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACrF,MAAM,YAAY,GAChB,IAAI,CAAC,IAAI,KAAK,MAAM;QAClB,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM;YACpB,CAAC,CAAC,gBAAgB;YAClB,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM;gBACpB,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,mBAAmB,CAAC;IAE9B,MAAM,KAAK,GAAG,gBAAgB,CAC5B,MAAM,CAAC,QAAQ,EACf,SAAS,EACT,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,KAAK,EACZ;QACE,WAAW,EAAE,QAAQ,CAAC,GAAG,CAAC;QAC1B,EAAE;QACF,YAAY;QACZ,UAAU,EAAE,SAAS,CAAC,UAAU;KACjC,EACD;QACE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;QAC1B,aAAa,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;QACpC,YAAY,EAAE,IAAI,CAAC,GAAG;KACvB,CACF,CAAC;IAEF,IAAI,CAAC,OAAO,CACV,KAAK,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,MAAM,CACvE,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,eAAe,CAAC,KAAK,EAAE;YACrB,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;YAC1B,aAAa,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;YACpC,YAAY,EAAE,IAAI,CAAC,GAAG;SACvB,CAAC,CACH,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;KACjC,MAAM,CAAC,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KACxD,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IAC1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,GAAG,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAChC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CACpF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;KACjC,MAAM,CAAC,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KACxD,MAAM,CAAC,aAAa,EAAE,WAAW,EAAE,GAAG,CAAC;KACvC,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IAC1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,oBAAoB,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;KACjC,MAAM,CAAC,iBAAiB,EAAE,cAAc,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KACxD,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IAC1B,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAChC,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,IAAI;gBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAC;KACjD,QAAQ,CAAC,SAAS,EAAE,sBAAsB,CAAC;KAC3C,MAAM,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,KAAK,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;IACpC,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;IAClD,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IACnD,MAAM,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAC3C,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"normalize.d.ts","sourceRoot":"","sources":["../../../src/core/audit-parser/normalize.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAWnE,gCAAgC;AAChC,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,oBAAoB,EAAE,
|
|
1
|
+
{"version":3,"file":"normalize.d.ts","sourceRoot":"","sources":["../../../src/core/audit-parser/normalize.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAWnE,gCAAgC;AAChC,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,oBAAoB,EAAE,CAgFtF;AAED,iFAAiF;AACjF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,oBAAoB,EAAE,CAEvF;AAED,kDAAkD;AAClD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAwC5E"}
|
|
@@ -30,10 +30,17 @@ export function parseNpmAuditJson(raw) {
|
|
|
30
30
|
}
|
|
31
31
|
}
|
|
32
32
|
const id = `${name}:${v.range ?? "*"}`;
|
|
33
|
+
const fixRaw = v
|
|
34
|
+
.fixAvailable;
|
|
35
|
+
let patchedRange;
|
|
36
|
+
if (fixRaw && typeof fixRaw === "object" && fixRaw.version) {
|
|
37
|
+
patchedRange = fixRaw.isSemVerMajor ? `>=${fixRaw.version} (semver-major)` : `>=${fixRaw.version}`;
|
|
38
|
+
}
|
|
33
39
|
out.push({
|
|
34
40
|
id,
|
|
35
41
|
packageName: v.name ?? name,
|
|
36
42
|
vulnerableRange: v.range,
|
|
43
|
+
patchedRange,
|
|
37
44
|
severity: sev(v.severity),
|
|
38
45
|
title: titles[0],
|
|
39
46
|
url: urls[0],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"normalize.js","sourceRoot":"","sources":["../../../src/core/audit-parser/normalize.ts"],"names":[],"mappings":"AAEA,SAAS,GAAG,CAAC,CAAqB;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC;IAC1D,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,iBAAiB,CAAC,GAA4B;IAC5D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,eAYL,CAAC;IAEd,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;YAClB,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;oBACvB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC;wBACrC,IAAI,IAAI,CAAC,KAAK;4BAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;wBAChD,IAAI,IAAI,CAAC,GAAG;4BAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,IAAI,GAAG,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE;gBACF,WAAW,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI;gBAC3B,eAAe,EAAE,CAAC,CAAC,KAAK;gBACxB,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACzB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChB,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;gBACZ,SAAS,EAAE,CAAC,CAAC,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,UAaV,CAAC;IAEd,IAAI,UAAU,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,OAAO,GAAG,EAAE;gBAChB,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,SAAS;gBACvC,eAAe,EAAE,CAAC,CAAC,mBAAmB;gBACtC,YAAY,EAAE,CAAC,CAAC,gBAAgB;gBAChC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACzB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,MAAM,EAAE,CAAC,CAAC,IAAI;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,kBAAkB,CAAC,GAA4B;IAC7D,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,IAAI,GAA4B,CAAC;QACjC,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAA4B,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC;QACrB,IAAI,GAAG,KAAK,eAAe;YAAE,SAAS;QACtC,MAAM,IAAI,GAAG,GAAG,CAAC,IAYJ,CAAC;QACd,MAAM,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;QACzB,IAAI,CAAC,CAAC,EAAE,WAAW;YAAE,SAAS;QAC9B,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,QAAQ,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,mBAAmB,IAAI,EAAE,EAAE;YAC1D,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,eAAe,EAAE,CAAC,CAAC,mBAAmB;YACtC,YAAY,EAAE,CAAC,CAAC,gBAAgB;YAChC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YACzB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,MAAM,EAAE,CAAC,CAAC,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,MAAM,CAAC,CAAyB;IACvC,MAAM,CAAC,GAAG,IAAI,GAAG,EAAgC,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAClB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACzB,CAAC"}
|
|
1
|
+
{"version":3,"file":"normalize.js","sourceRoot":"","sources":["../../../src/core/audit-parser/normalize.ts"],"names":[],"mappings":"AAEA,SAAS,GAAG,CAAC,CAAqB;IAChC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC;IAC1D,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,iBAAiB,CAAC,GAA4B;IAC5D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,MAAM,KAAK,GAAG,GAAG,CAAC,eAYL,CAAC;IAEd,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;YAClB,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;oBACvB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,EAAE,CAAC;wBACrC,IAAI,IAAI,CAAC,KAAK;4BAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;wBAChD,IAAI,IAAI,CAAC,GAAG;4BAAE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,IAAI,GAAG,EAAE,CAAC;YACvC,MAAM,MAAM,GAAI,CAAgF;iBAC7F,YAAY,CAAC;YAChB,IAAI,YAAgC,CAAC;YACrC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC3D,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC;YACrG,CAAC;YACD,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE;gBACF,WAAW,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI;gBAC3B,eAAe,EAAE,CAAC,CAAC,KAAK;gBACxB,YAAY;gBACZ,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACzB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChB,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;gBACZ,SAAS,EAAE,CAAC,CAAC,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,UAaV,CAAC;IAEd,IAAI,UAAU,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,IAAI,CAAC;gBACP,EAAE,EAAE,OAAO,GAAG,EAAE;gBAChB,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,SAAS;gBACvC,eAAe,EAAE,CAAC,CAAC,mBAAmB;gBACtC,YAAY,EAAE,CAAC,CAAC,gBAAgB;gBAChC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACzB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,MAAM,EAAE,CAAC,CAAC,IAAI;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,kBAAkB,CAAC,GAA4B;IAC7D,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,IAAI,GAA4B,CAAC;QACjC,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAA4B,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC;QACrB,IAAI,GAAG,KAAK,eAAe;YAAE,SAAS;QACtC,MAAM,IAAI,GAAG,GAAG,CAAC,IAYJ,CAAC;QACd,MAAM,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;QACzB,IAAI,CAAC,CAAC,EAAE,WAAW;YAAE,SAAS;QAC9B,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,QAAQ,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,mBAAmB,IAAI,EAAE,EAAE;YAC1D,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,eAAe,EAAE,CAAC,CAAC,mBAAmB;YACtC,YAAY,EAAE,CAAC,CAAC,gBAAgB;YAChC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YACzB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,MAAM,EAAE,CAAC,CAAC,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,MAAM,CAAC,CAAyB;IACvC,MAAM,CAAC,GAAG,IAAI,GAAG,EAAgC,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAClB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACzB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ReportTui.d.ts","sourceRoot":"","sources":["../../src/ink/ReportTui.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAmB,MAAM,OAAO,CAAC;AAExC,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"ReportTui.d.ts","sourceRoot":"","sources":["../../src/ink/ReportTui.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAmB,MAAM,OAAO,CAAC;AAExC,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAmBjE,wBAAgB,SAAS,CAAC,KAAK,EAAE;IAC/B,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,EAAE,aAAa,EAAE,CAAC;CAC5B,GAAG,KAAK,CAAC,YAAY,CAgDrB"}
|
package/dist/ink/ReportTui.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
|
|
2
2
|
import { useState } from "react";
|
|
3
3
|
import { Box, Text, useInput } from "ink";
|
|
4
|
+
import { formatVersionMetaDimLine, getFindingVersionMeta } from "../output/finding-meta.js";
|
|
4
5
|
function inkSeverityColor(sev) {
|
|
5
6
|
switch (sev) {
|
|
6
7
|
case "critical":
|
|
@@ -27,7 +28,10 @@ export function ReportTui(props) {
|
|
|
27
28
|
process.exit(0);
|
|
28
29
|
});
|
|
29
30
|
const f = props.report.findings[idx];
|
|
30
|
-
|
|
31
|
+
const versionMeta = f
|
|
32
|
+
? formatVersionMetaDimLine(getFindingVersionMeta(f, props.ownership, props.report.graph))
|
|
33
|
+
: undefined;
|
|
34
|
+
return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsx(Text, { bold: true, children: "audit-trace \u2014 interactive (\u2191/\u2193 navigate, q quit)" }), _jsx(Box, { marginTop: 1, children: _jsxs(Text, { dimColor: true, children: ["Finding ", idx + 1, "/", props.report.findings.length] }) }), f ? (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { bold: f.severity === "critical" || f.severity === "high", color: inkSeverityColor(f.severity), children: ["[", f.severity, "] ", f.packageName] }), versionMeta ? (_jsx(Text, { dimColor: true, children: versionMeta })) : null, _jsx(Text, { children: f.title ?? f.id }), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsx(Text, { bold: true, children: "Owners / paths sample" }), props.ownership
|
|
31
35
|
.filter((o) => o.packageName === f.packageName)
|
|
32
36
|
.slice(0, 5)
|
|
33
37
|
.map((o, i) => (_jsxs(Text, { children: ["via ", o.topLevelNames.join(", ") || "?", " \u2014 dev:", String(o.isDevDependency)] }, i)))] })] })) : (_jsx(Text, { children: "No findings." }))] }));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ReportTui.js","sourceRoot":"","sources":["../../src/ink/ReportTui.tsx"],"names":[],"mappings":";AAAA,OAAc,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"ReportTui.js","sourceRoot":"","sources":["../../src/ink/ReportTui.tsx"],"names":[],"mappings":";AAAA,OAAc,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACxC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,KAAK,CAAC;AAG1C,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAE5F,SAAS,gBAAgB,CAAC,GAAa;IACrC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,KAAK;YACR,OAAO,MAAM,CAAC;QAChB,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAGzB;IACC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClC,QAAQ,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACtB,IAAI,GAAG,CAAC,OAAO;YAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,GAAG,CAAC,SAAS;YAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACpF,IAAI,KAAK,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,WAAW,GAAG,CAAC;QACnB,CAAC,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,CAAC,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzF,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,CACL,MAAC,GAAG,IAAC,aAAa,EAAC,QAAQ,EAAC,OAAO,EAAE,CAAC,aACpC,KAAC,IAAI,IAAC,IAAI,sFAAwD,EAClE,KAAC,GAAG,IAAC,SAAS,EAAE,CAAC,YACf,MAAC,IAAI,IAAC,QAAQ,+BACH,GAAG,GAAG,CAAC,OAAG,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,IAC1C,GACH,EACL,CAAC,CAAC,CAAC,CAAC,CACH,MAAC,GAAG,IAAC,aAAa,EAAC,QAAQ,EAAC,SAAS,EAAE,CAAC,aACtC,MAAC,IAAI,IAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,kBAC/F,CAAC,CAAC,QAAQ,QAAI,CAAC,CAAC,WAAW,IACxB,EACN,WAAW,CAAC,CAAC,CAAC,CACb,KAAC,IAAI,IAAC,QAAQ,kBACX,WAAW,GACP,CACR,CAAC,CAAC,CAAC,IAAI,EACR,KAAC,IAAI,cAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,GAAQ,EAC9B,MAAC,GAAG,IAAC,SAAS,EAAE,CAAC,EAAE,aAAa,EAAC,QAAQ,aACvC,KAAC,IAAI,IAAC,IAAI,4CAA6B,EACtC,KAAK,CAAC,SAAS;iCACb,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW,CAAC;iCAC9C,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;iCACX,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CACb,MAAC,IAAI,uBACE,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,kBAAS,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,KAD/D,CAAC,CAEL,CACR,CAAC,IACA,IACF,CACP,CAAC,CAAC,CAAC,CACF,KAAC,IAAI,+BAAoB,CAC1B,IACG,CACP,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { DependencyGraphSnapshot, RemediationSuggestion, Severity, VulnerabilityFinding } from "../core/models.js";
|
|
2
|
+
import type { OwnershipPath } from "../core/ownership/tracer.js";
|
|
3
|
+
export type ActionGroupKind = "upgrade-direct" | "upgrade-transitive" | "override" | "manual";
|
|
4
|
+
export interface ActionGroup {
|
|
5
|
+
id: string;
|
|
6
|
+
kind: ActionGroupKind;
|
|
7
|
+
/** Package to change in package.json (upgrade target or override key) */
|
|
8
|
+
targetPackage: string;
|
|
9
|
+
/** Direct dependency that owns the transitive chain, if any */
|
|
10
|
+
topLevelOwner?: string;
|
|
11
|
+
findings: VulnerabilityFinding[];
|
|
12
|
+
affectedPackages: string[];
|
|
13
|
+
maxSeverity: Severity;
|
|
14
|
+
remediation?: RemediationSuggestion;
|
|
15
|
+
ownershipSample: string[];
|
|
16
|
+
isDevOnly: boolean;
|
|
17
|
+
}
|
|
18
|
+
export interface BriefMeta {
|
|
19
|
+
projectName: string;
|
|
20
|
+
pm: string;
|
|
21
|
+
lockfileKind: string;
|
|
22
|
+
isMonorepo: boolean;
|
|
23
|
+
}
|
|
24
|
+
export interface BriefReport {
|
|
25
|
+
status: "clean" | "actionable";
|
|
26
|
+
findingsCount: number;
|
|
27
|
+
actionGroupCount: number;
|
|
28
|
+
meta: BriefMeta;
|
|
29
|
+
actionGroups: ActionGroup[];
|
|
30
|
+
skippedGroups: ActionGroup[];
|
|
31
|
+
}
|
|
32
|
+
export interface BriefOptions {
|
|
33
|
+
top?: number;
|
|
34
|
+
includePrompt?: boolean;
|
|
35
|
+
focusPackage?: string;
|
|
36
|
+
}
|
|
37
|
+
export declare function buildActionGroups(findings: VulnerabilityFinding[], ownership: OwnershipPath[], remediation: RemediationSuggestion[], graph: DependencyGraphSnapshot | null): ActionGroup[];
|
|
38
|
+
export declare function rankActionGroups(groups: ActionGroup[]): ActionGroup[];
|
|
39
|
+
export declare function buildBriefReport(findings: VulnerabilityFinding[], ownership: OwnershipPath[], remediation: RemediationSuggestion[], graph: DependencyGraphSnapshot | null, meta: BriefMeta, opts?: BriefOptions): BriefReport;
|
|
40
|
+
export declare function toBriefMarkdown(brief: BriefReport, opts?: BriefOptions): string;
|
|
41
|
+
export declare function toBriefJson(brief: BriefReport): string;
|
|
42
|
+
//# sourceMappingURL=brief-reporter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"brief-reporter.d.ts","sourceRoot":"","sources":["../../src/output/brief-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,qBAAqB,EACrB,QAAQ,EACR,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAGjE,MAAM,MAAM,eAAe,GAAG,gBAAgB,GAAG,oBAAoB,GAAG,UAAU,GAAG,QAAQ,CAAC;AAE9F,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,eAAe,CAAC;IACtB,yEAAyE;IACzE,aAAa,EAAE,MAAM,CAAC;IACtB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,oBAAoB,EAAE,CAAC;IACjC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,EAAE,QAAQ,CAAC;IACtB,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,OAAO,GAAG,YAAY,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,aAAa,EAAE,WAAW,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAyFD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,oBAAoB,EAAE,EAChC,SAAS,EAAE,aAAa,EAAE,EAC1B,WAAW,EAAE,qBAAqB,EAAE,EACpC,KAAK,EAAE,uBAAuB,GAAG,IAAI,GACpC,WAAW,EAAE,CAoDf;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,EAAE,CAQrE;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,oBAAoB,EAAE,EAChC,SAAS,EAAE,aAAa,EAAE,EAC1B,WAAW,EAAE,qBAAqB,EAAE,EACpC,KAAK,EAAE,uBAAuB,GAAG,IAAI,EACrC,IAAI,EAAE,SAAS,EACf,IAAI,GAAE,YAAiB,GACtB,WAAW,CA6Bb;AAgGD,wBAAgB,eAAe,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,MAAM,CAkEnF;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAEtD"}
|
|
@@ -0,0 +1,291 @@
|
|
|
1
|
+
import { formatChain } from "./tree-format.js";
|
|
2
|
+
const SEVERITY_RANK = {
|
|
3
|
+
critical: 5,
|
|
4
|
+
high: 4,
|
|
5
|
+
moderate: 3,
|
|
6
|
+
low: 2,
|
|
7
|
+
info: 1,
|
|
8
|
+
};
|
|
9
|
+
function maxSeverity(findings) {
|
|
10
|
+
return findings.reduce((best, f) => (SEVERITY_RANK[f.severity] > SEVERITY_RANK[best] ? f.severity : best), "info");
|
|
11
|
+
}
|
|
12
|
+
function severitySummary(findings) {
|
|
13
|
+
const counts = new Map();
|
|
14
|
+
for (const f of findings) {
|
|
15
|
+
counts.set(f.severity, (counts.get(f.severity) ?? 0) + 1);
|
|
16
|
+
}
|
|
17
|
+
const order = ["critical", "high", "moderate", "low", "info"];
|
|
18
|
+
const parts = order
|
|
19
|
+
.filter((s) => counts.has(s))
|
|
20
|
+
.map((s) => `${counts.get(s)} ${s}`);
|
|
21
|
+
return parts.join(", ");
|
|
22
|
+
}
|
|
23
|
+
function primaryOwner(paths) {
|
|
24
|
+
const freq = new Map();
|
|
25
|
+
for (const p of paths) {
|
|
26
|
+
const name = p.topLevelNames[0];
|
|
27
|
+
if (!name)
|
|
28
|
+
continue;
|
|
29
|
+
freq.set(name, (freq.get(name) ?? 0) + 1);
|
|
30
|
+
}
|
|
31
|
+
let best;
|
|
32
|
+
let bestN = 0;
|
|
33
|
+
for (const [name, n] of freq) {
|
|
34
|
+
if (n > bestN) {
|
|
35
|
+
best = name;
|
|
36
|
+
bestN = n;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
return best;
|
|
40
|
+
}
|
|
41
|
+
function sampleChain(finding, ownership, graph) {
|
|
42
|
+
const row = ownership.find((o) => o.findingId === finding.id);
|
|
43
|
+
if (!row || !graph) {
|
|
44
|
+
return finding.packageName;
|
|
45
|
+
}
|
|
46
|
+
const names = row.pathNodeIds.map((id) => graph.nodes.get(id)?.name ?? id);
|
|
47
|
+
return formatChain(names);
|
|
48
|
+
}
|
|
49
|
+
function remediationFor(pkg, remediation) {
|
|
50
|
+
return remediation.find((r) => r.targetPackage === pkg);
|
|
51
|
+
}
|
|
52
|
+
function groupKey(finding, owner, rem) {
|
|
53
|
+
if (rem?.kind === "overrides" || rem?.kind === "resolutions") {
|
|
54
|
+
return { key: `${rem.kind}:${rem.targetPackage}`, kind: "override", target: rem.targetPackage };
|
|
55
|
+
}
|
|
56
|
+
if (owner && owner === finding.packageName) {
|
|
57
|
+
return {
|
|
58
|
+
key: `direct:${finding.packageName}`,
|
|
59
|
+
kind: "upgrade-direct",
|
|
60
|
+
target: finding.packageName,
|
|
61
|
+
owner,
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
if (owner) {
|
|
65
|
+
return { key: `chain:${owner}`, kind: "upgrade-transitive", target: owner, owner };
|
|
66
|
+
}
|
|
67
|
+
return { key: `manual:${finding.packageName}`, kind: "manual", target: finding.packageName };
|
|
68
|
+
}
|
|
69
|
+
export function buildActionGroups(findings, ownership, remediation, graph) {
|
|
70
|
+
const byFinding = new Map();
|
|
71
|
+
for (const o of ownership) {
|
|
72
|
+
const list = byFinding.get(o.findingId) ?? [];
|
|
73
|
+
list.push(o);
|
|
74
|
+
byFinding.set(o.findingId, list);
|
|
75
|
+
}
|
|
76
|
+
const buckets = new Map();
|
|
77
|
+
for (const f of findings) {
|
|
78
|
+
const paths = byFinding.get(f.id) ?? [];
|
|
79
|
+
const owner = primaryOwner(paths);
|
|
80
|
+
const rem = remediationFor(f.packageName, remediation);
|
|
81
|
+
const { key, kind, target, owner: topOwner } = groupKey(f, owner, rem);
|
|
82
|
+
const devOnly = paths.length > 0 && paths.every((p) => p.isDevDependency);
|
|
83
|
+
let group = buckets.get(key);
|
|
84
|
+
if (!group) {
|
|
85
|
+
group = {
|
|
86
|
+
id: key,
|
|
87
|
+
kind,
|
|
88
|
+
targetPackage: target,
|
|
89
|
+
topLevelOwner: topOwner,
|
|
90
|
+
findings: [],
|
|
91
|
+
affectedPackages: [],
|
|
92
|
+
maxSeverity: "info",
|
|
93
|
+
remediation: rem?.kind === "overrides" || rem?.kind === "resolutions" ? rem : undefined,
|
|
94
|
+
ownershipSample: [],
|
|
95
|
+
isDevOnly: devOnly,
|
|
96
|
+
};
|
|
97
|
+
buckets.set(key, group);
|
|
98
|
+
}
|
|
99
|
+
group.findings.push(f);
|
|
100
|
+
group.maxSeverity = maxSeverity(group.findings);
|
|
101
|
+
group.isDevOnly = group.isDevOnly && devOnly;
|
|
102
|
+
if (!group.affectedPackages.includes(f.packageName)) {
|
|
103
|
+
group.affectedPackages.push(f.packageName);
|
|
104
|
+
}
|
|
105
|
+
if (group.ownershipSample.length < 2) {
|
|
106
|
+
const chain = sampleChain(f, ownership, graph);
|
|
107
|
+
if (!group.ownershipSample.includes(chain)) {
|
|
108
|
+
group.ownershipSample.push(chain);
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
if (!group.remediation && rem && (kind === "upgrade-direct" || kind === "upgrade-transitive")) {
|
|
112
|
+
group.remediation = rem;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
return [...buckets.values()];
|
|
116
|
+
}
|
|
117
|
+
export function rankActionGroups(groups) {
|
|
118
|
+
return [...groups].sort((a, b) => {
|
|
119
|
+
const sev = SEVERITY_RANK[b.maxSeverity] - SEVERITY_RANK[a.maxSeverity];
|
|
120
|
+
if (sev !== 0)
|
|
121
|
+
return sev;
|
|
122
|
+
const prod = Number(a.isDevOnly) - Number(b.isDevOnly);
|
|
123
|
+
if (prod !== 0)
|
|
124
|
+
return prod;
|
|
125
|
+
return b.findings.length - a.findings.length;
|
|
126
|
+
});
|
|
127
|
+
}
|
|
128
|
+
export function buildBriefReport(findings, ownership, remediation, graph, meta, opts = {}) {
|
|
129
|
+
const filtered = opts.focusPackage
|
|
130
|
+
? findings.filter((f) => f.packageName === opts.focusPackage)
|
|
131
|
+
: findings;
|
|
132
|
+
if (filtered.length === 0) {
|
|
133
|
+
return {
|
|
134
|
+
status: "clean",
|
|
135
|
+
findingsCount: 0,
|
|
136
|
+
actionGroupCount: 0,
|
|
137
|
+
meta,
|
|
138
|
+
actionGroups: [],
|
|
139
|
+
skippedGroups: [],
|
|
140
|
+
};
|
|
141
|
+
}
|
|
142
|
+
const allGroups = rankActionGroups(buildActionGroups(filtered, ownership, remediation, graph));
|
|
143
|
+
const top = opts.top ?? 5;
|
|
144
|
+
const actionGroups = allGroups.filter((g) => !g.isDevOnly).slice(0, top);
|
|
145
|
+
const skippedGroups = allGroups.filter((g) => g.isDevOnly);
|
|
146
|
+
return {
|
|
147
|
+
status: "actionable",
|
|
148
|
+
findingsCount: filtered.length,
|
|
149
|
+
actionGroupCount: actionGroups.length,
|
|
150
|
+
meta,
|
|
151
|
+
actionGroups,
|
|
152
|
+
skippedGroups,
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
function metaLine(meta) {
|
|
156
|
+
const mono = meta.isMonorepo ? " · **Monorepo:** yes" : "";
|
|
157
|
+
return `**Project:** ${meta.projectName} · **PM:** ${meta.pm} · **Lockfile:** ${meta.lockfileKind}${mono}`;
|
|
158
|
+
}
|
|
159
|
+
function kindLabel(kind) {
|
|
160
|
+
switch (kind) {
|
|
161
|
+
case "upgrade-direct":
|
|
162
|
+
return "Upgrade direct dependency";
|
|
163
|
+
case "upgrade-transitive":
|
|
164
|
+
return "Upgrade top-level owner";
|
|
165
|
+
case "override":
|
|
166
|
+
return "Add override/resolution";
|
|
167
|
+
case "manual":
|
|
168
|
+
return "Manual investigation";
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
function actionTitle(group, index) {
|
|
172
|
+
const n = group.findings.length;
|
|
173
|
+
const sev = severitySummary(group.findings);
|
|
174
|
+
const fixes = n === 1 ? "1 finding" : `${n} findings`;
|
|
175
|
+
const target = group.targetPackage;
|
|
176
|
+
switch (group.kind) {
|
|
177
|
+
case "upgrade-direct":
|
|
178
|
+
return `${index}. Upgrade \`${target}\` → fixes ${fixes} (${sev})`;
|
|
179
|
+
case "upgrade-transitive":
|
|
180
|
+
return `${index}. Upgrade \`${target}\` → fixes ${fixes} (${sev})`;
|
|
181
|
+
case "override":
|
|
182
|
+
return `${index}. Override \`${target}\` → fixes ${fixes} (${sev})`;
|
|
183
|
+
case "manual":
|
|
184
|
+
return `${index}. Investigate \`${target}\` → ${fixes} (${sev})`;
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
function whyLine(group) {
|
|
188
|
+
switch (group.kind) {
|
|
189
|
+
case "upgrade-direct":
|
|
190
|
+
return `Direct dependency; upgrading \`${group.targetPackage}\` addresses the advisory.`;
|
|
191
|
+
case "upgrade-transitive":
|
|
192
|
+
return `Transitive via \`${group.topLevelOwner ?? group.targetPackage}\`; upgrading the direct dependency may resolve the chain.`;
|
|
193
|
+
case "override":
|
|
194
|
+
return `No direct upgrade path; pin a patched version via overrides/resolutions.`;
|
|
195
|
+
case "manual":
|
|
196
|
+
return `Ownership unclear or no patched range in audit data; inspect with \`audit-trace why ${group.targetPackage}\`.`;
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
function suggestedChange(group, pm) {
|
|
200
|
+
if (group.remediation?.manifestPatch) {
|
|
201
|
+
return "```json\n" + JSON.stringify(group.remediation.manifestPatch, null, 2) + "\n```";
|
|
202
|
+
}
|
|
203
|
+
if (group.kind === "upgrade-direct" || group.kind === "upgrade-transitive") {
|
|
204
|
+
const constraint = group.remediation?.constraint ?? "latest compatible";
|
|
205
|
+
const field = group.isDevOnly ? "devDependencies" : "dependencies";
|
|
206
|
+
const patch = pm === "yarn"
|
|
207
|
+
? { resolutions: { [group.targetPackage]: constraint } }
|
|
208
|
+
: pm === "pnpm"
|
|
209
|
+
? { pnpm: { overrides: { [group.targetPackage]: constraint } } }
|
|
210
|
+
: {
|
|
211
|
+
[field]: { [group.targetPackage]: constraint },
|
|
212
|
+
};
|
|
213
|
+
return "```json\n" + JSON.stringify(patch, null, 2) + "\n```";
|
|
214
|
+
}
|
|
215
|
+
return "_No automatic patch; verify advisory and upgrade manually._";
|
|
216
|
+
}
|
|
217
|
+
function buildPromptBlock(groups) {
|
|
218
|
+
if (groups.length === 0) {
|
|
219
|
+
return [
|
|
220
|
+
"## Prompt for AI assistant",
|
|
221
|
+
"",
|
|
222
|
+
"No security fixes are needed right now. Continue with your current task.",
|
|
223
|
+
].join("\n");
|
|
224
|
+
}
|
|
225
|
+
const lines = [
|
|
226
|
+
"## Prompt for AI assistant",
|
|
227
|
+
"",
|
|
228
|
+
"Apply the dependency security fixes above. Rules:",
|
|
229
|
+
"- Minimize scope; only change what is needed",
|
|
230
|
+
"- Run install, then tests",
|
|
231
|
+
"- Re-run `npx audit-trace` to verify zero findings",
|
|
232
|
+
"- Do not commit unless asked",
|
|
233
|
+
"",
|
|
234
|
+
"Packages to address:",
|
|
235
|
+
];
|
|
236
|
+
for (const g of groups) {
|
|
237
|
+
lines.push(`- ${g.targetPackage} (${g.findings.length} finding(s), max ${g.maxSeverity})`);
|
|
238
|
+
}
|
|
239
|
+
return lines.join("\n");
|
|
240
|
+
}
|
|
241
|
+
export function toBriefMarkdown(brief, opts = {}) {
|
|
242
|
+
const lines = ["# Dependency security brief", ""];
|
|
243
|
+
if (brief.status === "clean") {
|
|
244
|
+
lines.push("**Status:** Clean — no vulnerabilities found", "");
|
|
245
|
+
lines.push(metaLine(brief.meta), "");
|
|
246
|
+
lines.push("---", "");
|
|
247
|
+
lines.push("No dependency security issues were detected. Your audit is clear — no fixes required.", "");
|
|
248
|
+
if (opts.includePrompt !== false) {
|
|
249
|
+
lines.push(buildPromptBlock([]), "");
|
|
250
|
+
}
|
|
251
|
+
return lines.join("\n");
|
|
252
|
+
}
|
|
253
|
+
lines.push(metaLine(brief.meta), "");
|
|
254
|
+
lines.push(`**Findings:** ${brief.findingsCount} total · **Action groups:** ${brief.actionGroupCount}`, "", "---", "");
|
|
255
|
+
if (brief.actionGroups.length === 0) {
|
|
256
|
+
lines.push("**Status:** Findings present, but all are dev-only (skipped from the fix plan).", "", "Use `audit-trace report` for the full list or drop `--prod-only` to include dev paths.", "");
|
|
257
|
+
}
|
|
258
|
+
else {
|
|
259
|
+
lines.push("## Fix plan (do this in order)", "");
|
|
260
|
+
}
|
|
261
|
+
brief.actionGroups.forEach((group, i) => {
|
|
262
|
+
lines.push(`### ${actionTitle(group, i + 1)}`);
|
|
263
|
+
lines.push(`**Action:** ${kindLabel(group.kind)}`, "");
|
|
264
|
+
lines.push(`**Why:** ${whyLine(group)}`, "");
|
|
265
|
+
if (group.ownershipSample.length) {
|
|
266
|
+
lines.push("**Chain sample:**");
|
|
267
|
+
lines.push("```");
|
|
268
|
+
lines.push(group.ownershipSample[0]);
|
|
269
|
+
lines.push("```", "");
|
|
270
|
+
}
|
|
271
|
+
lines.push(`**Affected:** ${group.affectedPackages.map((p) => `\`${p}\``).join(", ")}`, "");
|
|
272
|
+
lines.push("**Suggested change** (`package.json`):");
|
|
273
|
+
lines.push(suggestedChange(group, brief.meta.pm), "");
|
|
274
|
+
lines.push("---", "");
|
|
275
|
+
});
|
|
276
|
+
if (brief.skippedGroups.length) {
|
|
277
|
+
lines.push("## Skipped (dev-only, lower priority)", "");
|
|
278
|
+
for (const g of brief.skippedGroups) {
|
|
279
|
+
lines.push(`- \`${g.targetPackage}\` — ${g.findings.length} finding(s), max ${g.maxSeverity}`);
|
|
280
|
+
}
|
|
281
|
+
lines.push("");
|
|
282
|
+
}
|
|
283
|
+
if (opts.includePrompt !== false) {
|
|
284
|
+
lines.push(buildPromptBlock(brief.actionGroups), "");
|
|
285
|
+
}
|
|
286
|
+
return lines.join("\n");
|
|
287
|
+
}
|
|
288
|
+
export function toBriefJson(brief) {
|
|
289
|
+
return JSON.stringify(brief, null, 2);
|
|
290
|
+
}
|
|
291
|
+
//# sourceMappingURL=brief-reporter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"brief-reporter.js","sourceRoot":"","sources":["../../src/output/brief-reporter.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAyC/C,MAAM,aAAa,GAA6B;IAC9C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,WAAW,CAAC,QAAgC;IACnD,OAAO,QAAQ,CAAC,MAAM,CACpB,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAClF,MAAM,CACP,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAgC;IACvD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,MAAM,KAAK,GAAe,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,KAAK;SAChB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,YAAY,CAAC,KAAsB;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,IAAI,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAwB,CAAC;IAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC;YACd,IAAI,GAAG,IAAI,CAAC;YACZ,KAAK,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAClB,OAA6B,EAC7B,SAA0B,EAC1B,KAAqC;IAErC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9D,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,OAAO,CAAC,WAAW,CAAC;IAC7B,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC3E,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,cAAc,CACrB,GAAW,EACX,WAAoC;IAEpC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,QAAQ,CACf,OAA6B,EAC7B,KAAyB,EACzB,GAA2B;IAE3B,IAAI,GAAG,EAAE,IAAI,KAAK,WAAW,IAAI,GAAG,EAAE,IAAI,KAAK,aAAa,EAAE,CAAC;QAC7D,OAAO,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,aAAa,EAAE,CAAC;IAClG,CAAC;IACD,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3C,OAAO;YACL,GAAG,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE;YACpC,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,OAAO,CAAC,WAAW;YAC3B,KAAK;SACN,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,EAAE,GAAG,EAAE,SAAS,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACrF,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,QAAgC,EAChC,SAA0B,EAC1B,WAAoC,EACpC,KAAqC;IAErC,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;IACrD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE/C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAE1E,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG;gBACN,EAAE,EAAE,GAAG;gBACP,IAAI;gBACJ,aAAa,EAAE,MAAM;gBACrB,aAAa,EAAE,QAAQ;gBACvB,QAAQ,EAAE,EAAE;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,WAAW,EAAE,MAAM;gBACnB,WAAW,EAAE,GAAG,EAAE,IAAI,KAAK,WAAW,IAAI,GAAG,EAAE,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;gBACvF,eAAe,EAAE,EAAE;gBACnB,SAAS,EAAE,OAAO;aACnB,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,CAAC,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAChD,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC;QAC7C,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3C,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,KAAK,oBAAoB,CAAC,EAAE,CAAC;YAC9F,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QACxE,IAAI,GAAG,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,IAAI,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5B,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAgC,EAChC,SAA0B,EAC1B,WAAoC,EACpC,KAAqC,EACrC,IAAe,EACf,OAAqB,EAAE;IAEvB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY;QAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,YAAY,CAAC;QAC7D,CAAC,CAAC,QAAQ,CAAC;IAEb,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,OAAO;YACf,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,IAAI;YACJ,YAAY,EAAE,EAAE;YAChB,aAAa,EAAE,EAAE;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,iBAAiB,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAE3D,OAAO;QACL,MAAM,EAAE,YAAY;QACpB,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,gBAAgB,EAAE,YAAY,CAAC,MAAM;QACrC,IAAI;QACJ,YAAY;QACZ,aAAa;KACd,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,IAAe;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3D,OAAO,gBAAgB,IAAI,CAAC,WAAW,cAAc,IAAI,CAAC,EAAE,oBAAoB,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,CAAC;AAC7G,CAAC;AAED,SAAS,SAAS,CAAC,IAAqB;IACtC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,gBAAgB;YACnB,OAAO,2BAA2B,CAAC;QACrC,KAAK,oBAAoB;YACvB,OAAO,yBAAyB,CAAC;QACnC,KAAK,UAAU;YACb,OAAO,yBAAyB,CAAC;QACnC,KAAK,QAAQ;YACX,OAAO,sBAAsB,CAAC;IAClC,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAkB,EAAE,KAAa;IACpD,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;IAChC,MAAM,GAAG,GAAG,eAAe,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;IACtD,MAAM,MAAM,GAAG,KAAK,CAAC,aAAa,CAAC;IACnC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,gBAAgB;YACnB,OAAO,GAAG,KAAK,eAAe,MAAM,cAAc,KAAK,KAAK,GAAG,GAAG,CAAC;QACrE,KAAK,oBAAoB;YACvB,OAAO,GAAG,KAAK,eAAe,MAAM,cAAc,KAAK,KAAK,GAAG,GAAG,CAAC;QACrE,KAAK,UAAU;YACb,OAAO,GAAG,KAAK,gBAAgB,MAAM,cAAc,KAAK,KAAK,GAAG,GAAG,CAAC;QACtE,KAAK,QAAQ;YACX,OAAO,GAAG,KAAK,mBAAmB,MAAM,QAAQ,KAAK,KAAK,GAAG,GAAG,CAAC;IACrE,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,KAAkB;IACjC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,gBAAgB;YACnB,OAAO,kCAAkC,KAAK,CAAC,aAAa,4BAA4B,CAAC;QAC3F,KAAK,oBAAoB;YACvB,OAAO,oBAAoB,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,aAAa,4DAA4D,CAAC;QACpI,KAAK,UAAU;YACb,OAAO,0EAA0E,CAAC;QACpF,KAAK,QAAQ;YACX,OAAO,uFAAuF,KAAK,CAAC,aAAa,KAAK,CAAC;IAC3H,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAkB,EAAE,EAAU;IACrD,IAAI,KAAK,CAAC,WAAW,EAAE,aAAa,EAAE,CAAC;QACrC,OAAO,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC;IAC1F,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;QAC3E,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,UAAU,IAAI,mBAAmB,CAAC;QACxE,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC;QACnE,MAAM,KAAK,GACT,EAAE,KAAK,MAAM;YACX,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,EAAE;YACxD,CAAC,CAAC,EAAE,KAAK,MAAM;gBACb,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE;gBAChE,CAAC,CAAC;oBACE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE;iBAC/C,CAAC;QACV,OAAO,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC;IAChE,CAAC;IACD,OAAO,6DAA6D,CAAC;AACvE,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAqB;IAC7C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,4BAA4B;YAC5B,EAAE;YACF,0EAA0E;SAC3E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,4BAA4B;QAC5B,EAAE;QACF,mDAAmD;QACnD,8CAA8C;QAC9C,2BAA2B;QAC3B,oDAAoD;QACpD,8BAA8B;QAC9B,EAAE;QACF,sBAAsB;KACvB,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,oBAAoB,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;IAC7F,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAkB,EAAE,OAAqB,EAAE;IACzE,MAAM,KAAK,GAAa,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC;IAE5D,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,8CAA8C,EAAE,EAAE,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACtB,KAAK,CAAC,IAAI,CACR,uFAAuF,EACvF,EAAE,CACH,CAAC;QACF,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CACR,iBAAiB,KAAK,CAAC,aAAa,+BAA+B,KAAK,CAAC,gBAAgB,EAAE,EAC3F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;IAEF,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CACR,iFAAiF,EACjF,EAAE,EACF,wFAAwF,EACxF,EAAE,CACH,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QACtC,KAAK,CAAC,IAAI,CAAC,OAAO,WAAW,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,eAAe,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAClB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAE,CAAC,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5F,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QACrD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,CAAC,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CACR,OAAO,CAAC,CAAC,aAAa,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,oBAAoB,CAAC,CAAC,WAAW,EAAE,CACnF,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAkB;IAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { DependencyGraphSnapshot, VulnerabilityFinding } from "../core/models.js";
|
|
2
|
+
import type { OwnershipPath } from "../core/ownership/tracer.js";
|
|
3
|
+
export interface FindingVersionMeta {
|
|
4
|
+
installed?: string;
|
|
5
|
+
/** Range or versions considered vulnerable (from audit). */
|
|
6
|
+
vulnerableRange?: string;
|
|
7
|
+
/** Suggested patched range or version (from audit / fixAvailable). */
|
|
8
|
+
patchedRange?: string;
|
|
9
|
+
}
|
|
10
|
+
/** Resolved versions from lockfile graph for this advisory package. */
|
|
11
|
+
export declare function installedVersionsForFinding(f: VulnerabilityFinding, ownership: OwnershipPath[], graph: DependencyGraphSnapshot | null): string | undefined;
|
|
12
|
+
export declare function getFindingVersionMeta(f: VulnerabilityFinding, ownership: OwnershipPath[], graph: DependencyGraphSnapshot | null): FindingVersionMeta;
|
|
13
|
+
/** Human-readable fragment for terminal (no leading spaces). */
|
|
14
|
+
export declare function formatVersionMetaDimLine(meta: FindingVersionMeta): string | undefined;
|
|
15
|
+
//# sourceMappingURL=finding-meta.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-meta.d.ts","sourceRoot":"","sources":["../../src/output/finding-meta.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,WAAW,kBAAkB;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,uEAAuE;AACvE,wBAAgB,2BAA2B,CACzC,CAAC,EAAE,oBAAoB,EACvB,SAAS,EAAE,aAAa,EAAE,EAC1B,KAAK,EAAE,uBAAuB,GAAG,IAAI,GACpC,MAAM,GAAG,SAAS,CAWpB;AAED,wBAAgB,qBAAqB,CACnC,CAAC,EAAE,oBAAoB,EACvB,SAAS,EAAE,aAAa,EAAE,EAC1B,KAAK,EAAE,uBAAuB,GAAG,IAAI,GACpC,kBAAkB,CAMpB;AAED,gEAAgE;AAChE,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,kBAAkB,GAAG,MAAM,GAAG,SAAS,CAOrF"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/** Resolved versions from lockfile graph for this advisory package. */
|
|
2
|
+
export function installedVersionsForFinding(f, ownership, graph) {
|
|
3
|
+
if (f.versions?.length)
|
|
4
|
+
return [...new Set(f.versions)].sort().join(", ");
|
|
5
|
+
if (!graph)
|
|
6
|
+
return undefined;
|
|
7
|
+
const vers = new Set();
|
|
8
|
+
for (const o of ownership) {
|
|
9
|
+
if (o.packageName !== f.packageName)
|
|
10
|
+
continue;
|
|
11
|
+
const n = graph.nodes.get(o.nodeId);
|
|
12
|
+
if (n?.version)
|
|
13
|
+
vers.add(n.version);
|
|
14
|
+
}
|
|
15
|
+
if (vers.size === 0)
|
|
16
|
+
return undefined;
|
|
17
|
+
return [...vers].sort().join(", ");
|
|
18
|
+
}
|
|
19
|
+
export function getFindingVersionMeta(f, ownership, graph) {
|
|
20
|
+
return {
|
|
21
|
+
installed: installedVersionsForFinding(f, ownership, graph),
|
|
22
|
+
vulnerableRange: f.vulnerableRange,
|
|
23
|
+
patchedRange: f.patchedRange,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
/** Human-readable fragment for terminal (no leading spaces). */
|
|
27
|
+
export function formatVersionMetaDimLine(meta) {
|
|
28
|
+
const parts = [];
|
|
29
|
+
if (meta.installed)
|
|
30
|
+
parts.push(`installed: ${meta.installed}`);
|
|
31
|
+
if (meta.vulnerableRange)
|
|
32
|
+
parts.push(`affected: ${meta.vulnerableRange}`);
|
|
33
|
+
if (meta.patchedRange)
|
|
34
|
+
parts.push(`fix: ${meta.patchedRange}`);
|
|
35
|
+
if (parts.length === 0)
|
|
36
|
+
return undefined;
|
|
37
|
+
return parts.join(" · ");
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=finding-meta.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"finding-meta.js","sourceRoot":"","sources":["../../src/output/finding-meta.ts"],"names":[],"mappings":"AAWA,uEAAuE;AACvE,MAAM,UAAU,2BAA2B,CACzC,CAAuB,EACvB,SAA0B,EAC1B,KAAqC;IAErC,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM;QAAE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC,WAAW;YAAE,SAAS;QAC9C,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,EAAE,OAAO;YAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACtC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,CAAuB,EACvB,SAA0B,EAC1B,KAAqC;IAErC,OAAO;QACL,SAAS,EAAE,2BAA2B,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC;QAC3D,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,YAAY,EAAE,CAAC,CAAC,YAAY;KAC7B,CAAC;AACJ,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,wBAAwB,CAAC,IAAwB;IAC/D,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,CAAC,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/D,IAAI,IAAI,CAAC,eAAe;QAAE,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;IAC1E,IAAI,IAAI,CAAC,YAAY;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"html-reporter.d.ts","sourceRoot":"","sources":["../../src/output/html-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"html-reporter.d.ts","sourceRoot":"","sources":["../../src/output/html-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAGjE,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,CA0BpF"}
|
|
@@ -1,7 +1,14 @@
|
|
|
1
|
+
import { getFindingVersionMeta } from "./finding-meta.js";
|
|
1
2
|
export function toHtmlReport(report, ownership) {
|
|
2
3
|
const esc = (s) => s.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
|
|
3
4
|
const rows = report.findings
|
|
4
|
-
.map((f) =>
|
|
5
|
+
.map((f) => {
|
|
6
|
+
const m = getFindingVersionMeta(f, ownership, report.graph);
|
|
7
|
+
const inst = m.installed ? esc(m.installed) : "—";
|
|
8
|
+
const aff = m.vulnerableRange ? esc(m.vulnerableRange) : "—";
|
|
9
|
+
const fix = m.patchedRange ? esc(m.patchedRange) : "—";
|
|
10
|
+
return `<tr><td>${esc(f.severity)}</td><td>${esc(f.packageName)}</td><td>${inst}</td><td>${aff}</td><td>${fix}</td><td>${esc(f.title ?? f.id)}</td></tr>`;
|
|
11
|
+
})
|
|
5
12
|
.join("\n");
|
|
6
13
|
const own = ownership
|
|
7
14
|
.slice(0, 100)
|
|
@@ -10,7 +17,7 @@ export function toHtmlReport(report, ownership) {
|
|
|
10
17
|
return `<!DOCTYPE html><html><head><meta charset="utf-8"/><title>audit-trace</title></head><body>
|
|
11
18
|
<h1>audit-trace report</h1>
|
|
12
19
|
<h2>Findings</h2>
|
|
13
|
-
<table border="1" cellpadding="4"><thead><tr><th>Severity</th><th>Package</th><th>Title</th></tr></thead><tbody>${rows}</tbody></table>
|
|
20
|
+
<table border="1" cellpadding="4"><thead><tr><th>Severity</th><th>Package</th><th>Installed</th><th>Affected</th><th>Fix</th><th>Title</th></tr></thead><tbody>${rows}</tbody></table>
|
|
14
21
|
<h2>Ownership</h2><ul>${own}</ul>
|
|
15
22
|
<h2>Diagnostics</h2><pre>${esc(JSON.stringify(report.diagnostics, null, 2))}</pre>
|
|
16
23
|
</body></html>`;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"html-reporter.js","sourceRoot":"","sources":["../../src/output/html-reporter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"html-reporter.js","sourceRoot":"","sources":["../../src/output/html-reporter.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE1D,MAAM,UAAU,YAAY,CAAC,MAAmB,EAAE,SAA0B;IAC1E,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CACxB,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,CAAC,GAAG,qBAAqB,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAClD,MAAM,GAAG,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAC7D,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACvD,OAAO,WAAW,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,YAAY,IAAI,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC;IAC5J,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,MAAM,GAAG,GAAG,SAAS;SAClB,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;SACb,GAAG,CACF,CAAC,CAAC,EAAE,EAAE,CACJ,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,CAAC,eAAe,OAAO,CAC7H;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO;;;iKAGwJ,IAAI;wBAC7I,GAAG;2BACA,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;eAC5D,CAAC;AAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdown-reporter.d.ts","sourceRoot":"","sources":["../../src/output/markdown-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"markdown-reporter.d.ts","sourceRoot":"","sources":["../../src/output/markdown-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAGjE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,CAuCxF"}
|
|
@@ -1,8 +1,16 @@
|
|
|
1
|
+
import { formatVersionMetaDimLine, getFindingVersionMeta } from "./finding-meta.js";
|
|
1
2
|
export function toMarkdownReport(report, ownership) {
|
|
2
3
|
const lines = ["# audit-trace report", ""];
|
|
4
|
+
if (report.findings.length === 0) {
|
|
5
|
+
lines.push("**Status:** Clean — no vulnerabilities found", "");
|
|
6
|
+
lines.push("Your dependencies pass the current audit. No action required.", "");
|
|
7
|
+
return lines.join("\n");
|
|
8
|
+
}
|
|
3
9
|
lines.push(`## Findings (${report.findings.length})`);
|
|
4
10
|
for (const f of report.findings) {
|
|
5
|
-
|
|
11
|
+
const meta = formatVersionMetaDimLine(getFindingVersionMeta(f, ownership, report.graph));
|
|
12
|
+
const ver = meta ? ` — *${meta}*` : "";
|
|
13
|
+
lines.push(`- **${f.severity.toUpperCase()}** \`${f.packageName}\`${ver} — ${f.title ?? f.id}`);
|
|
6
14
|
}
|
|
7
15
|
lines.push("");
|
|
8
16
|
lines.push("## Ownership paths");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"markdown-reporter.js","sourceRoot":"","sources":["../../src/output/markdown-reporter.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"markdown-reporter.js","sourceRoot":"","sources":["../../src/output/markdown-reporter.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAEpF,MAAM,UAAU,gBAAgB,CAAC,MAAmB,EAAE,SAA0B;IAC9E,MAAM,KAAK,GAAa,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC;IAErD,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,8CAA8C,EAAE,EAAE,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,+DAA+D,EAAE,EAAE,CAAC,CAAC;QAChF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACtD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,wBAAwB,CAAC,qBAAqB,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACzF,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,WAAW,KAAK,GAAG,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CACR,OAAO,CAAC,CAAC,WAAW,OAAO,CAAC,CAAC,QAAQ,uBAAuB,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC,CAAC,eAAe,EAAE,CAC9H,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE;QAAE,KAAK,CAAC,IAAI,CAAC,SAAS,SAAS,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;IAE7E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,aAAa,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,CAAC,aAAa;YACjB,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;IACjF,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"terminal-renderer.d.ts","sourceRoot":"","sources":["../../src/output/terminal-renderer.ts"],"names":[],"mappings":"AAAA,OAAc,EAAE,KAAK,aAAa,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EACV,uBAAuB,EACvB,QAAQ,EACR,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"terminal-renderer.d.ts","sourceRoot":"","sources":["../../src/output/terminal-renderer.ts"],"names":[],"mappings":"AAAA,OAAc,EAAE,KAAK,aAAa,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,KAAK,EACV,uBAAuB,EACvB,QAAQ,EACR,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAwEjE,wBAAgB,aAAa,CAAC,GAAG,EAAE,QAAQ,GAAG,aAAa,CAc1D;AAID,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,oBAAoB,EAAE,EAChC,SAAS,EAAE,aAAa,EAAE,EAC1B,KAAK,EAAE,uBAAuB,GAAG,IAAI,EACrC,IAAI,EAAE;IAAE,EAAE,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,MAAM,CA8GR;AAED,wBAAgB,cAAc,CAC5B,WAAW,EAAE,OAAO,mBAAmB,EAAE,YAAY,EAAE,EACvD,OAAO,EAAE,OAAO,GACf,MAAM,CAWR"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import chalk from "chalk";
|
|
2
2
|
import { buildIndexes, shortestPathFromRoots, formatPathNames } from "../core/graph-engine/traverse.js";
|
|
3
3
|
import { formatChain } from "./tree-format.js";
|
|
4
|
+
import { formatVersionMetaDimLine, getFindingVersionMeta } from "./finding-meta.js";
|
|
4
5
|
import { maxSeverity, trieInsert } from "./path-trie.js";
|
|
5
6
|
function bumpOptional(prev, next) {
|
|
6
7
|
return prev === undefined ? next : maxSeverity(prev, next);
|
|
@@ -71,9 +72,17 @@ export function renderPretty(findings, ownership, graph, opts) {
|
|
|
71
72
|
const sev = severityStyle;
|
|
72
73
|
lines.push(chalk.bold("audit-trace"));
|
|
73
74
|
lines.push("");
|
|
75
|
+
if (findings.length === 0) {
|
|
76
|
+
lines.push(chalk.green("Clean — no vulnerabilities found."));
|
|
77
|
+
lines.push(chalk.dim("Your dependencies pass the current audit."));
|
|
78
|
+
return lines.join("\n");
|
|
79
|
+
}
|
|
74
80
|
for (const f of findings) {
|
|
75
81
|
const label = sev(f.severity);
|
|
76
82
|
lines.push(label(`[${f.severity.toUpperCase()}] ${f.packageName}`));
|
|
83
|
+
const metaLine = formatVersionMetaDimLine(getFindingVersionMeta(f, ownership, graph));
|
|
84
|
+
if (metaLine)
|
|
85
|
+
lines.push(chalk.dim(` ${metaLine}`));
|
|
77
86
|
if (f.title)
|
|
78
87
|
lines.push(` ${f.title}`);
|
|
79
88
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"terminal-renderer.js","sourceRoot":"","sources":["../../src/output/terminal-renderer.ts"],"names":[],"mappings":"AAAA,OAAO,KAA6B,MAAM,OAAO,CAAC;AAOlD,OAAO,EAAE,YAAY,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxG,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"terminal-renderer.js","sourceRoot":"","sources":["../../src/output/terminal-renderer.ts"],"names":[],"mappings":"AAAA,OAAO,KAA6B,MAAM,OAAO,CAAC;AAOlD,OAAO,EAAE,YAAY,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxG,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAEpF,OAAO,EAAE,WAAW,EAAE,UAAU,EAAqB,MAAM,gBAAgB,CAAC;AAE5E,SAAS,YAAY,CAAC,IAA0B,EAAE,IAAc;IAC9D,OAAO,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC;AAED,8DAA8D;AAC9D,SAAS,kBAAkB,CACzB,KAAgC,EAChC,MAAc,EACd,KAAe,EACf,KAAuC;IAEvC,MAAM,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7E,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3B,kBAAkB,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,IAAkB,EAClB,KAAe,EACf,KAAuC;IAEvC,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;QAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3B,kBAAkB,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,SAA0B,EAC1B,CAAgB,EAChB,KAA8B;IAE9B,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvC,OAAO,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QACzB,OAAO,eAAe,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,CAAC,CAAC,WAAW,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa,EAAE,MAAc;IAChD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK;SACT,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACpC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAa;IACzC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;QAChC,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;QACnC,KAAK,UAAU;YACb,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9B,KAAK,KAAK;YACR,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9B,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;AACH,CAAC;AAID,MAAM,UAAU,YAAY,CAC1B,QAAgC,EAChC,SAA0B,EAC1B,KAAqC,EACrC,IAAyC;IAEzC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,aAAa,CAAC;IAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,wBAAwB,CAAC,qBAAqB,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;QACtF,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,CAAC,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,KAAK,GAAW,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtD,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAClF,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,CAAC,IAAU,EAAU,EAAE;YACxC,MAAM,EAAE,CAAC,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;YAC9B,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC;gBAAE,OAAO,SAAS,CAAC,CAAC,CAAE,CAAC;YAC7D,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;QACnC,CAAC,CAAC;QAEF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;YAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YAC/B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACpB,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QACnE,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC;YAE9B,MAAM,IAAI,GAAiB,IAAI,GAAG,EAAE,CAAC;YACrC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAoB,CAAC;YACtD,MAAM,UAAU,GAAa,EAAE,CAAC;YAEhC,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;gBACzB,MAAM,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;gBACxB,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACxB,IAAI,EAAE,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACnC,CAAC;qBAAM,IAAI,EAAE,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACjC,MAAM,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;oBAC7B,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;oBAC1C,IAAI,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wBACtB,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;oBACzC,CAAC;yBAAM,IAAI,EAAE,EAAE,CAAC;wBACd,iBAAiB,CAAC,GAAG,CAAC,EAAE,EAAE,YAAY,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;oBACxE,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,WAAW,GAAG,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,CAAC;iBACjD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;iBACxC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAE7C,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;YAE/E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,CAAC;gBAC5B,IAAI,CAAC,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;YAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,CAAC;oBAC3B,IAAI,CAAC,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC;wBAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAClB,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACpE,yBAAyB,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9C,CAAC;YAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YACpD,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IACD,IAAI,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,WAAuD,EACvD,OAAgB;IAEhB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,MAAM,GAAG,GACP,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;QACzF,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC5C,IAAI,OAAO,IAAI,CAAC,CAAC,MAAM;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACzD,IAAI,OAAO,IAAI,CAAC,CAAC,eAAe;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "audit-trace",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.6",
|
|
4
4
|
"description": "Dependency vulnerability analysis with ownership tracing and actionable remediation",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -53,6 +53,9 @@
|
|
|
53
53
|
"@types/react": "^18.3.12",
|
|
54
54
|
"@types/semver": "^7.5.8",
|
|
55
55
|
"typescript": "^5.7.2",
|
|
56
|
-
"vitest": "^
|
|
56
|
+
"vitest": "^4.1.8"
|
|
57
|
+
},
|
|
58
|
+
"overrides": {
|
|
59
|
+
"ws": "^8.21.0"
|
|
57
60
|
}
|
|
58
61
|
}
|