auditor-lambda 0.10.2 → 0.10.7

package/dist/extractors/graph.js

@@ -3,7 +3,7 @@ import { isAbsolute, relative, resolve } from "node:path";
 import { posix } from "node:path";
 import { buildDispositionMap, isAuditExcludedStatus } from "./disposition.js";
 import { extractChromeExtensionManifestEdges, extractHtmlResourceEdges, } from "./browserExtension.js";
-import { extractCargoWorkspaceMemberEdges, extractGoWorkspaceModuleEdges, extractMavenModuleEdges, extractPackageEntrypointEdges, extractPackageScriptEdges, extractPyprojectTestpathLinks, extractTypescriptProjectReferenceEdges, extractWorkspacePackageEdges, extractYamlPathReferenceEdges, isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, } from "./graphManifestEdges.js";
+import { extractCargoWorkspaceMemberEdges, extractGoWorkspaceModuleEdges, extractMavenModuleEdges, extractPackageEntrypointEdges, extractPackageScriptEdges, extractPyprojectTestpathLinks, extractTypescriptProjectReferenceEdges, extractWorkspacePackageEdges, extractYamlPathReferenceEdges, isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, } from "./graphManifestEdges/index.js";
 import { graphEdge, graphLookupKey, isPytestConftestPath, normalizeGraphPath, resolveCandidate, resolveReferenceLiteral, resolveSpecifier, SOURCE_EXTENSIONS, STRING_LITERAL_PATTERN, } from "./graphPathUtils.js";
 import { extractPythonImportEdges } from "./graphPythonImports.js";
 import { isTestPath, normalizeExtractorPath } from "./pathPatterns.js";
@@ -307,12 +307,13 @@ export async function buildGraphBundleFromFs(repoManifest, root, disposition, op
  * its top-two-segment module root, suggesting shared module ownership.
  */
 function extractHeuristicContainerEdges(filePath) {
-    const parts = filePath.split("/");
+    const normalizedPath = normalizeGraphPath(filePath);
+    const parts = normalizedPath.split("/");
     if (parts.length <= 2)
         return [];
     return [
         graphEdge({
-            from: filePath,
+            from: normalizedPath,
             to: `${parts[0]}/${parts[1]}`,
             kind: EDGE_KIND.heuristicContainer,
             direction: "undirected",
@@ -389,9 +390,15 @@ function logGraphExtractionMetric(graphs) {
     const edgeCount = graphs.imports.length +
         graphs.calls.length +
         graphs.references.length +
-        graphs.routes.length;
+        graphs.routes.length +
+        graphs.heuristics.length;
     const nodes = new Set();
-    for (const edge of [...graphs.imports, ...graphs.calls, ...graphs.references]) {
+    for (const edge of [
+        ...graphs.imports,
+        ...graphs.calls,
+        ...graphs.references,
+        ...graphs.heuristics,
+    ]) {
         nodes.add(edge.from);
         nodes.add(edge.to);
     }
@@ -404,6 +411,7 @@ function logGraphExtractionMetric(graphs) {
         graphs.calls,
         graphs.references,
         graphs.routes,
+        graphs.heuristics,
     ].filter((edges) => edges.length > 0).length;
     process.stderr.write(`[audit-code] graph: built bundle — ${nodes.size} nodes, ${edgeCount} edges across ${graphTypeCount} graph type(s)\n`);
 }
@@ -413,6 +421,7 @@ export function buildGraphBundle(repoManifest, disposition, options = {}) {
         calls: [],
         references: [],
         routes: [],
+        heuristics: [],
     };
     const dispositionMap = buildDispositionMap(disposition);
     const pathLookup = buildPathLookup(repoManifest, dispositionMap);
@@ -421,8 +430,8 @@ export function buildGraphBundle(repoManifest, disposition, options = {}) {
         if (file.excluded || (status && isAuditExcludedStatus(status))) {
             continue;
         }
-        acc.imports.push(...extractHeuristicContainerEdges(file.path));
-        acc.imports.push(...extractHeuristicAuthSessionEdges(file.path, repoManifest, dispositionMap));
+        acc.heuristics.push(...extractHeuristicContainerEdges(file.path));
+        acc.heuristics.push(...extractHeuristicAuthSessionEdges(file.path, repoManifest, dispositionMap));
         const content = options.fileContents?.[file.path];
         const fileRoutes = [];
         if (content) {
@@ -446,6 +455,7 @@ export function buildGraphBundle(repoManifest, disposition, options = {}) {
         calls: uniqueSortedEdges(acc.calls),
         references: uniqueSortedEdges(acc.references),
         routes: uniqueSortedRoutes(acc.routes),
+        heuristics: uniqueSortedEdges(acc.heuristics),
     };
     logGraphExtractionMetric(graphs);
     return { graphs };

package/dist/extractors/graphManifestEdges/cargo.d.ts

@@ -0,0 +1,4 @@
+import type { GraphEdge } from "@audit-tools/shared";
+import { WorkspacePattern } from "./workspace.js";
+export declare function cargoWorkspacePatterns(content: string): WorkspacePattern[];
+export declare function extractCargoWorkspaceMemberEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];

package/dist/extractors/graphManifestEdges/cargo.js

@@ -0,0 +1,107 @@
+import { graphEdge, isCargoManifestPath } from "../graphPathUtils.js";
+import { addWorkspacePattern, normalizeWorkspacePattern, workspacePatternMatchesManifest } from "./workspace.js";
+import { stripTomlComment, tomlArrayIsClosed, tomlStringArrayValues } from "./toml.js";
+const CARGO_WORKSPACE_MEMBER_EDGE_CONFIDENCE = 0.87;
+export function cargoWorkspacePatterns(content) {
+    const patterns = [];
+    let currentSection;
+    let collectingKey;
+    let collectedValue = "";
+    const flushCollectedValue = () => {
+        if (!collectingKey) {
+            return;
+        }
+        for (const value of tomlStringArrayValues(collectedValue)) {
+            addWorkspacePattern(patterns, collectingKey === "exclude" ? `!${value}` : value);
+        }
+        collectingKey = undefined;
+        collectedValue = "";
+    };
+    for (const rawLine of content.split(/\r?\n/)) {
+        const withoutComment = stripTomlComment(rawLine);
+        const trimmed = withoutComment.trim();
+        if (trimmed.length === 0) {
+            continue;
+        }
+        const sectionMatch = /^\[([^\]]+)\]\s*$/.exec(trimmed);
+        if (sectionMatch?.[1]) {
+            if (collectingKey) {
+                flushCollectedValue();
+            }
+            currentSection = sectionMatch[1].trim();
+            continue;
+        }
+        if (collectingKey) {
+            collectedValue = `${collectedValue}\n${trimmed}`;
+            if (tomlArrayIsClosed(collectedValue)) {
+                flushCollectedValue();
+            }
+            continue;
+        }
+        if (currentSection !== "workspace") {
+            continue;
+        }
+        const arrayMatch = /^(members|exclude)\s*=\s*(.+)$/.exec(trimmed);
+        if (!arrayMatch?.[1] || !arrayMatch[2]) {
+            continue;
+        }
+        const value = arrayMatch[2].trim();
+        if (!value.startsWith("[")) {
+            continue;
+        }
+        collectingKey = arrayMatch[1];
+        collectedValue = value;
+        if (tomlArrayIsClosed(collectedValue)) {
+            flushCollectedValue();
+        }
+    }
+    if (collectingKey) {
+        flushCollectedValue();
+    }
+    return patterns;
+}
+export function extractCargoWorkspaceMemberEdges(fromPath, content, pathLookup) {
+    if (!isCargoManifestPath(fromPath)) {
+        return [];
+    }
+    const rawPatterns = cargoWorkspacePatterns(content);
+    if (rawPatterns.length === 0) {
+        return [];
+    }
+    const positivePatterns = [];
+    const negativePatterns = [];
+    for (const { pattern, negated } of rawPatterns) {
+        const normalized = normalizeWorkspacePattern(fromPath, pattern);
+        if (!normalized) {
+            continue;
+        }
+        if (negated) {
+            negativePatterns.push(normalized);
+        }
+        else {
+            positivePatterns.push(normalized);
+        }
+    }
+    const edges = [];
+    for (const pattern of positivePatterns) {
+        for (const target of pathLookup.values()) {
+            if (target === fromPath || !isCargoManifestPath(target)) {
+                continue;
+            }
+            if (!workspacePatternMatchesManifest(pattern, target, "Cargo.toml")) {
+                continue;
+            }
+            if (negativePatterns.some((negativePattern) => workspacePatternMatchesManifest(negativePattern, target, "Cargo.toml"))) {
+                continue;
+            }
+            edges.push(graphEdge({
+                from: fromPath,
+                to: target,
+                kind: "cargo-workspace-member-link",
+                confidence: CARGO_WORKSPACE_MEMBER_EDGE_CONFIDENCE,
+                reason: `Cargo workspace pattern '${pattern}' includes member manifest '${target}'.`,
+            }));
+        }
+    }
+    return edges;
+}

package/dist/extractors/graphManifestEdges/go.d.ts

@@ -0,0 +1,5 @@
+import type { GraphEdge } from "@audit-tools/shared";
+export declare const GO_WORKSPACE_MODULE_EDGE_CONFIDENCE = 0.87;
+export declare function stripGoLineComment(line: string): string;
+export declare function splitGoWorkspaceSpecifiers(value: string): string[];
+export declare function extractGoWorkspaceModuleEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];

package/dist/extractors/graphManifestEdges/go.js

@@ -0,0 +1,151 @@
+import { posix } from "node:path";
+import { scanStringAware } from "@audit-tools/shared";
+import { graphEdge, normalizeGraphPath, isGoModuleManifestPath, isGoWorkspaceManifestPath } from "../graphPathUtils.js";
+export const GO_WORKSPACE_MODULE_EDGE_CONFIDENCE = 0.87;
+const GO_SCAN_OPTIONS = {
+    quoteChars: ['"', "`"],
+    // Backtick raw strings do not honour backslash escapes.
+    escapedQuotes: ['"'],
+};
+export function stripGoLineComment(line) {
+    let commentIndex;
+    scanStringAware(line, GO_SCAN_OPTIONS, {
+        onUnquoted(char, i) {
+            if (char === "/" && line[i + 1] === "/") {
+                commentIndex = i;
+                return false;
+            }
+        },
+    });
+    return commentIndex !== undefined ? line.slice(0, commentIndex) : line;
+}
+function unquoteGoWorkspaceSpecifier(value) {
+    const trimmed = value.trim();
+    if (trimmed.length < 2) {
+        return trimmed;
+    }
+    if (trimmed[0] === '"' && trimmed.at(-1) === '"') {
+        try {
+            const parsed = JSON.parse(trimmed);
+            return typeof parsed === "string" ? parsed.trim() : trimmed;
+        }
+        catch {
+            return trimmed.slice(1, -1).trim();
+        }
+    }
+    if (trimmed[0] === "`" && trimmed.at(-1) === "`") {
+        return trimmed.slice(1, -1).trim();
+    }
+    return trimmed;
+}
+export function splitGoWorkspaceSpecifiers(value) {
+    const specifiers = [];
+    let tokenStart;
+    // Use scanStringAware to correctly skip over quoted string content, and
+    // detect whitespace-delimited token boundaries in unquoted regions.
+    // Quoted tokens are captured from the opening quote (tokenStart) through
+    // the closing quote (flushed on the next whitespace event), so that
+    // unquoteGoWorkspaceSpecifier sees the delimiters and can strip them.
+    scanStringAware(value, GO_SCAN_OPTIONS, {
+        onQuoteOpen(_q, i) {
+            tokenStart ??= i; // quoted token begins at the opening quote
+        },
+        onUnquoted(char, i) {
+            if (/\s/.test(char)) {
+                if (tokenStart !== undefined) {
+                    const specifier = unquoteGoWorkspaceSpecifier(value.slice(tokenStart, i));
+                    if (specifier.length > 0) {
+                        specifiers.push(specifier);
+                    }
+                    tokenStart = undefined;
+                }
+            }
+            else {
+                tokenStart ??= i;
+            }
+        },
+    });
+    // Flush final token (no trailing whitespace).
+    if (tokenStart !== undefined) {
+        const specifier = unquoteGoWorkspaceSpecifier(value.slice(tokenStart));
+        if (specifier.length > 0) {
+            specifiers.push(specifier);
+        }
+    }
+    return specifiers;
+}
+function goWorkspaceUseSpecifiers(content) {
+    const specifiers = [];
+    let inUseBlock = false;
+    for (const rawLine of content.split(/\r?\n/)) {
+        const trimmed = stripGoLineComment(rawLine).trim();
+        if (trimmed.length === 0) {
+            continue;
+        }
+        if (inUseBlock) {
+            const closeIndex = trimmed.indexOf(")");
+            const body = closeIndex >= 0 ? trimmed.slice(0, closeIndex).trim() : trimmed;
+            specifiers.push(...splitGoWorkspaceSpecifiers(body));
+            if (closeIndex >= 0) {
+                inUseBlock = false;
+            }
+            continue;
+        }
+        const useMatch = /^use(?:\s+(.+)|\s*)$/.exec(trimmed);
+        if (!useMatch) {
+            continue;
+        }
+        let body = useMatch[1]?.trim() ?? "";
+        if (!body.startsWith("(")) {
+            specifiers.push(...splitGoWorkspaceSpecifiers(body));
+            continue;
+        }
+        body = body.slice(1).trim();
+        const closeIndex = body.indexOf(")");
+        if (closeIndex >= 0) {
+            specifiers.push(...splitGoWorkspaceSpecifiers(body.slice(0, closeIndex).trim()));
+        }
+        else {
+            specifiers.push(...splitGoWorkspaceSpecifiers(body));
+            inUseBlock = true;
+        }
+    }
+    return specifiers;
+}
+function resolveGoWorkspaceModuleReference(fromPath, specifier, pathLookup) {
+    const normalizedSpecifier = normalizeGraphPath(specifier);
+    if (normalizedSpecifier.length === 0 ||
+        normalizedSpecifier.startsWith("/") ||
+        /^[a-z][a-z0-9+.-]*:/i.test(normalizedSpecifier)) {
+        return undefined;
+    }
+    const workspaceDir = posix.dirname(normalizeGraphPath(fromPath));
+    const target = workspaceDir === "."
+        ? normalizedSpecifier
+        : posix.join(workspaceDir, normalizedSpecifier);
+    const direct = pathLookup.get(target.toLowerCase());
+    if (direct && isGoModuleManifestPath(direct)) {
+        return direct;
+    }
+    return pathLookup.get(posix.join(target, "go.mod").toLowerCase());
+}
+export function extractGoWorkspaceModuleEdges(fromPath, content, pathLookup) {
+    if (!isGoWorkspaceManifestPath(fromPath)) {
+        return [];
+    }
+    const edges = [];
+    for (const specifier of goWorkspaceUseSpecifiers(content)) {
+        const target = resolveGoWorkspaceModuleReference(fromPath, specifier, pathLookup);
+        if (!target) {
+            continue;
+        }
+        edges.push(graphEdge({
+            from: fromPath,
+            to: target,
+            kind: "go-workspace-module-link",
+            confidence: GO_WORKSPACE_MODULE_EDGE_CONFIDENCE,
+            reason: `Go workspace use directive '${specifier}' resolves to module '${target}'.`,
+        }));
+    }
+    return edges;
+}

package/dist/extractors/graphManifestEdges/index.d.ts

@@ -0,0 +1,8 @@
+export { isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, } from "../graphPathUtils.js";
+export { extractPackageEntrypointEdges, extractPackageScriptEdges, extractWorkspacePackageEdges } from "./packageJson.js";
+export { extractCargoWorkspaceMemberEdges } from "./cargo.js";
+export { extractTypescriptProjectReferenceEdges } from "./typescript.js";
+export { extractGoWorkspaceModuleEdges } from "./go.js";
+export { extractMavenModuleEdges } from "./maven.js";
+export { extractPyprojectTestpathLinks } from "./pyproject.js";
+export { extractYamlPathReferenceEdges } from "./yamlPaths.js";

package/dist/extractors/graphManifestEdges/index.js

@@ -0,0 +1,11 @@
+// Re-exported for the graph builder, which imports these manifest predicates
+// from here for historical reasons; the canonical definitions live in
+// graphPathUtils.
+export { isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, } from "../graphPathUtils.js";
+export { extractPackageEntrypointEdges, extractPackageScriptEdges, extractWorkspacePackageEdges } from "./packageJson.js";
+export { extractCargoWorkspaceMemberEdges } from "./cargo.js";
+export { extractTypescriptProjectReferenceEdges } from "./typescript.js";
+export { extractGoWorkspaceModuleEdges } from "./go.js";
+export { extractMavenModuleEdges } from "./maven.js";
+export { extractPyprojectTestpathLinks } from "./pyproject.js";
+export { extractYamlPathReferenceEdges } from "./yamlPaths.js";

package/dist/extractors/graphManifestEdges/jsonc.d.ts

@@ -0,0 +1,3 @@
+export declare function stripJsonComments(content: string): string;
+export declare function removeTrailingJsonCommas(content: string): string;
+export declare function parseJsoncObject(content: string): Record<string, unknown> | undefined;

package/dist/extractors/graphManifestEdges/jsonc.js

@@ -0,0 +1,97 @@
+import { scanStringAware } from "@audit-tools/shared";
+const JSON_SCAN_OPTIONS = { quoteChars: ['"'], escapedQuotes: ['"'] };
+export function stripJsonComments(content) {
+    let result = "";
+    let inString = false;
+    let escaped = false;
+    for (let index = 0; index < content.length; index++) {
+        const char = content[index];
+        const next = content[index + 1];
+        if (inString) {
+            result += char;
+            if (escaped) {
+                escaped = false;
+            }
+            else if (char === "\\") {
+                escaped = true;
+            }
+            else if (char === '"') {
+                inString = false;
+            }
+            continue;
+        }
+        if (char === '"') {
+            inString = true;
+            result += char;
+            continue;
+        }
+        if (char === "/" && next === "/") {
+            while (index < content.length && content[index] !== "\n") {
+                index++;
+            }
+            if (index < content.length) {
+                result += content[index];
+            }
+            continue;
+        }
+        if (char === "/" && next === "*") {
+            index += 2;
+            while (index < content.length &&
+                !(content[index] === "*" && content[index + 1] === "/")) {
+                if (content[index] === "\n") {
+                    result += "\n";
+                }
+                index++;
+            }
+            if (index < content.length) {
+                index++;
+            }
+            continue;
+        }
+        result += char;
+    }
+    return result;
+}
+export function removeTrailingJsonCommas(content) {
+    let result = "";
+    let pos = 0;
+    scanStringAware(content, JSON_SCAN_OPTIONS, {
+        onQuoteOpen(_q, i) {
+            result += content.slice(pos, i + 1);
+            pos = i + 1;
+        },
+        onQuoteClose(_q, i) {
+            result += content.slice(pos, i + 1);
+            pos = i + 1;
+        },
+        onUnquoted(char, i) {
+            if (char === ",") {
+                let lookahead = i + 1;
+                while (/\s/.test(content[lookahead] ?? "")) {
+                    lookahead++;
+                }
+                if (content[lookahead] === "}" || content[lookahead] === "]") {
+                    // Flush up to (not including) the comma; skip it.
+                    result += content.slice(pos, i);
+                    pos = i + 1;
+                }
+            }
+        },
+    });
+    // Flush anything after the last event.
+    result += content.slice(pos);
+    return result;
+}
+export function parseJsoncObject(content) {
+    let parsed;
+    try {
+        parsed = JSON.parse(removeTrailingJsonCommas(stripJsonComments(content)));
+    }
+    catch {
+        return undefined;
+    }
+    if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+        return undefined;
+    }
+    return parsed;
+}

package/dist/extractors/graphManifestEdges/maven.d.ts

@@ -0,0 +1,3 @@
+import type { GraphEdge } from "@audit-tools/shared";
+export declare const MAVEN_MODULE_EDGE_CONFIDENCE = 0.87;
+export declare function extractMavenModuleEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];

package/dist/extractors/graphManifestEdges/maven.js

@@ -0,0 +1,73 @@
+import { posix } from "node:path";
+import { graphEdge, normalizeGraphPath, isMavenPomPath } from "../graphPathUtils.js";
+export const MAVEN_MODULE_EDGE_CONFIDENCE = 0.87;
+function stripXmlComments(content) {
+    return content.replace(/<!--[\s\S]*?-->/g, "");
+}
+function decodeXmlText(value) {
+    return value
+        .replace(/&lt;/g, "<")
+        .replace(/&gt;/g, ">")
+        .replace(/&quot;/g, "\"")
+        .replace(/&apos;/g, "'")
+        .replace(/&amp;/g, "&");
+}
+function mavenModuleSpecifiers(content) {
+    const specifiers = [];
+    const withoutComments = stripXmlComments(content);
+    const modulesPattern = /<modules(?:\s[^>]*)?>([\s\S]*?)<\/modules>/gi;
+    let modulesMatch;
+    while ((modulesMatch = modulesPattern.exec(withoutComments))) {
+        const body = modulesMatch[1] ?? "";
+        const modulePattern = /<module(?:\s[^>]*)?>([\s\S]*?)<\/module>/gi;
+        let moduleMatch;
+        while ((moduleMatch = modulePattern.exec(body))) {
+            const specifier = decodeXmlText(moduleMatch[1] ?? "").trim();
+            if (specifier.length > 0) {
+                specifiers.push(specifier);
+            }
+        }
+    }
+    return specifiers;
+}
+function resolveMavenModuleReference(fromPath, specifier, pathLookup) {
+    const normalizedSpecifier = normalizeGraphPath(specifier);
+    if (normalizedSpecifier.length === 0 ||
+        normalizedSpecifier.startsWith("/") ||
+        /^[a-z][a-z0-9+.-]*:/i.test(normalizedSpecifier)) {
+        return undefined;
+    }
+    const manifestDir = posix.dirname(normalizeGraphPath(fromPath));
+    const target = manifestDir === "."
+        ? normalizedSpecifier
+        : posix.join(manifestDir, normalizedSpecifier);
+    const normalizedTarget = normalizeGraphPath(target);
+    if (normalizedTarget === ".." || normalizedTarget.startsWith("../")) {
+        return undefined;
+    }
+    const direct = pathLookup.get(normalizedTarget.toLowerCase());
+    if (direct && isMavenPomPath(direct)) {
+        return direct;
+    }
+    return pathLookup.get(posix.join(normalizedTarget, "pom.xml").toLowerCase());
+}
+export function extractMavenModuleEdges(fromPath, content, pathLookup) {
+    if (!isMavenPomPath(fromPath)) {
+        return [];
+    }
+    const edges = [];
+    for (const specifier of mavenModuleSpecifiers(content)) {
+        const target = resolveMavenModuleReference(fromPath, specifier, pathLookup);
+        if (!target || target === fromPath) {
+            continue;
+        }
+        edges.push(graphEdge({
+            from: fromPath,
+            to: target,
+            kind: "maven-module-link",
+            confidence: MAVEN_MODULE_EDGE_CONFIDENCE,
+            reason: `Maven module '${specifier}' resolves to module manifest '${target}'.`,
+        }));
+    }
+    return edges;
+}

package/dist/extractors/graphManifestEdges/packageJson.d.ts

@@ -0,0 +1,19 @@
+import type { GraphEdge } from "@audit-tools/shared";
+import { WorkspacePattern } from "./workspace.js";
+export declare const PACKAGE_ENTRYPOINT_EDGE_CONFIDENCE = 0.9;
+export declare const PACKAGE_SCRIPT_EDGE_CONFIDENCE = 0.88;
+export declare const WORKSPACE_PACKAGE_EDGE_CONFIDENCE = 0.86;
+export declare const PACKAGE_SCRIPT_REFERENCE_PATTERN: RegExp;
+export declare function packageEntrypointCandidates(content: string): Array<{
+    field: string;
+    specifier: string;
+}>;
+export declare function resolvePackageEntrypoint(packagePath: string, specifier: string, pathLookup: Map<string, string>): string | undefined;
+export declare function extractPackageEntrypointEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
+export declare function packageScriptCandidates(content: string): Array<{
+    script: string;
+    specifier: string;
+}>;
+export declare function extractPackageScriptEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
+export declare function packageWorkspacePatterns(content: string): WorkspacePattern[];
+export declare function extractWorkspacePackageEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];