circle-ir-ai 2.8.1 → 2.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/trust/passes/dependency-staleness.d.ts +30 -4
- package/dist/trust/passes/dependency-staleness.d.ts.map +1 -1
- package/dist/trust/passes/dependency-staleness.js +129 -9
- package/dist/trust/passes/dependency-staleness.js.map +1 -1
- package/dist/trust/passes/typosquat-detection.d.ts +34 -4
- package/dist/trust/passes/typosquat-detection.d.ts.map +1 -1
- package/dist/trust/passes/typosquat-detection.js +157 -8
- package/dist/trust/passes/typosquat-detection.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* T3: Dependency Staleness Trust Pass
|
|
2
|
+
* T3: Dependency Staleness & Vulnerability Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Checks
|
|
5
|
-
*
|
|
4
|
+
* Checks dependencies for:
|
|
5
|
+
* 1. Staleness: last publish date via npm registry API
|
|
6
|
+
* 2. Known vulnerabilities: via OSV (Open Source Vulnerabilities) API
|
|
6
7
|
*
|
|
7
8
|
* Uses native fetch() (Node 18+) with p-queue for concurrency limiting.
|
|
8
9
|
* Network errors are handled gracefully (skip, don't penalize).
|
|
9
10
|
*/
|
|
10
11
|
import { type TrustPassResult, type TrustSeverity } from '../types.js';
|
|
11
12
|
declare const NPM_REGISTRY_BASE = "https://registry.npmjs.org";
|
|
13
|
+
declare const OSV_API_BASE = "https://api.osv.dev/v1";
|
|
12
14
|
interface StalenessTier {
|
|
13
15
|
thresholdDays: number;
|
|
14
16
|
severity: TrustSeverity;
|
|
@@ -23,13 +25,37 @@ export interface DependencyStalenessOptions {
|
|
|
23
25
|
includeDevDeps?: boolean;
|
|
24
26
|
/** Packages to skip */
|
|
25
27
|
skipPackages?: string[];
|
|
28
|
+
/** Check for known vulnerabilities via OSV (default: false for speed) */
|
|
29
|
+
checkVulnerabilities?: boolean;
|
|
26
30
|
}
|
|
27
31
|
declare function isLocalDep(version: string): boolean;
|
|
28
32
|
interface RegistryResult {
|
|
29
33
|
lastPublishDate: Date | null;
|
|
34
|
+
latestVersion: string | null;
|
|
30
35
|
maintainerCount: number;
|
|
31
36
|
}
|
|
32
37
|
declare function fetchPackageInfo(packageName: string, timeout: number): Promise<RegistryResult>;
|
|
38
|
+
interface OSVVulnerability {
|
|
39
|
+
id: string;
|
|
40
|
+
summary?: string;
|
|
41
|
+
severity?: Array<{
|
|
42
|
+
type: string;
|
|
43
|
+
score: string;
|
|
44
|
+
}>;
|
|
45
|
+
aliases?: string[];
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Normalize a semver version for OSV query (strip leading ^ ~ etc.)
|
|
49
|
+
*/
|
|
50
|
+
declare function normalizeVersion(version: string): string;
|
|
51
|
+
/**
|
|
52
|
+
* Query OSV API for vulnerabilities affecting a package version.
|
|
53
|
+
*/
|
|
54
|
+
declare function fetchVulnerabilities(packageName: string, version: string, timeout: number): Promise<OSVVulnerability[]>;
|
|
55
|
+
/**
|
|
56
|
+
* Map CVSS score to severity level.
|
|
57
|
+
*/
|
|
58
|
+
declare function cvssToSeverity(cvss: number): TrustSeverity;
|
|
33
59
|
export declare function dependencyStalenessPass(projectPath: string, options?: DependencyStalenessOptions): Promise<TrustPassResult>;
|
|
34
|
-
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, fetchPackageInfo };
|
|
60
|
+
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, OSV_API_BASE, fetchPackageInfo, fetchVulnerabilities, normalizeVersion, cvssToSeverity, };
|
|
35
61
|
//# sourceMappingURL=dependency-staleness.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-staleness.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"dependency-staleness.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,KAAK,eAAe,EAEpB,KAAK,aAAa,EAEnB,MAAM,aAAa,CAAC;AAMrB,QAAA,MAAM,iBAAiB,+BAA+B,CAAC;AACvD,QAAA,MAAM,YAAY,2BAA2B,CAAC;AAI9C,UAAU,aAAa;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,aAAa,CAAC;CACzB;AAED,QAAA,MAAM,eAAe,EAAE,aAAa,EAInC,CAAC;AAMF,MAAM,WAAW,0BAA0B;IACzC,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yEAAyE;IACzE,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAMD,iBAAS,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE5C;AAED,UAAU,cAAc;IACtB,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,iBAAe,gBAAgB,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,cAAc,CAAC,CAmCzB;AAeD,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAMD;;GAEG;AACH,iBAAS,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;GAEG;AACH,iBAAe,oBAAoB,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAkC7B;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAKnD;AAiCD,wBAAsB,uBAAuB,CAC3C,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,eAAe,CAAC,CA6H1B;AAGD,OAAO,EACL,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,GACf,CAAC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* T3: Dependency Staleness Trust Pass
|
|
2
|
+
* T3: Dependency Staleness & Vulnerability Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Checks
|
|
5
|
-
*
|
|
4
|
+
* Checks dependencies for:
|
|
5
|
+
* 1. Staleness: last publish date via npm registry API
|
|
6
|
+
* 2. Known vulnerabilities: via OSV (Open Source Vulnerabilities) API
|
|
6
7
|
*
|
|
7
8
|
* Uses native fetch() (Node 18+) with p-queue for concurrency limiting.
|
|
8
9
|
* Network errors are handled gracefully (skip, don't penalize).
|
|
@@ -15,6 +16,7 @@ import { SEVERITY_WEIGHTS, } from '../types.js';
|
|
|
15
16
|
// Constants
|
|
16
17
|
// ---------------------------------------------------------------------------
|
|
17
18
|
const NPM_REGISTRY_BASE = 'https://registry.npmjs.org';
|
|
19
|
+
const OSV_API_BASE = 'https://api.osv.dev/v1';
|
|
18
20
|
const LOCAL_PREFIXES = ['file:', 'link:', 'git:', 'git+', 'github:', 'workspace:'];
|
|
19
21
|
const STALENESS_TIERS = [
|
|
20
22
|
{ thresholdDays: 1095, severity: 'high' }, // >3 years
|
|
@@ -38,19 +40,20 @@ async function fetchPackageInfo(packageName, timeout) {
|
|
|
38
40
|
});
|
|
39
41
|
clearTimeout(timeoutId);
|
|
40
42
|
if (!response.ok) {
|
|
41
|
-
return { lastPublishDate: null, maintainerCount: -1 };
|
|
43
|
+
return { lastPublishDate: null, latestVersion: null, maintainerCount: -1 };
|
|
42
44
|
}
|
|
43
45
|
const data = (await response.json());
|
|
44
46
|
const modified = data.time?.modified;
|
|
45
47
|
const lastPublishDate = modified ? new Date(modified) : null;
|
|
48
|
+
const latestVersion = data['dist-tags']?.latest ?? null;
|
|
46
49
|
const maintainerCount = Array.isArray(data.maintainers)
|
|
47
50
|
? data.maintainers.length
|
|
48
51
|
: -1;
|
|
49
|
-
return { lastPublishDate, maintainerCount };
|
|
52
|
+
return { lastPublishDate, latestVersion, maintainerCount };
|
|
50
53
|
}
|
|
51
54
|
catch {
|
|
52
55
|
clearTimeout(timeoutId);
|
|
53
|
-
return { lastPublishDate: null, maintainerCount: -1 };
|
|
56
|
+
return { lastPublishDate: null, latestVersion: null, maintainerCount: -1 };
|
|
54
57
|
}
|
|
55
58
|
}
|
|
56
59
|
function classifyStaleness(daysSincePublish) {
|
|
@@ -61,6 +64,86 @@ function classifyStaleness(daysSincePublish) {
|
|
|
61
64
|
}
|
|
62
65
|
return null;
|
|
63
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Normalize a semver version for OSV query (strip leading ^ ~ etc.)
|
|
69
|
+
*/
|
|
70
|
+
function normalizeVersion(version) {
|
|
71
|
+
return version.replace(/^[\^~>=<]+/, '').split(' ')[0];
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Query OSV API for vulnerabilities affecting a package version.
|
|
75
|
+
*/
|
|
76
|
+
async function fetchVulnerabilities(packageName, version, timeout) {
|
|
77
|
+
const controller = new AbortController();
|
|
78
|
+
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
79
|
+
try {
|
|
80
|
+
const url = `${OSV_API_BASE}/query`;
|
|
81
|
+
const response = await fetch(url, {
|
|
82
|
+
method: 'POST',
|
|
83
|
+
signal: controller.signal,
|
|
84
|
+
headers: {
|
|
85
|
+
'Content-Type': 'application/json',
|
|
86
|
+
Accept: 'application/json',
|
|
87
|
+
},
|
|
88
|
+
body: JSON.stringify({
|
|
89
|
+
package: {
|
|
90
|
+
name: packageName,
|
|
91
|
+
ecosystem: 'npm',
|
|
92
|
+
},
|
|
93
|
+
version: normalizeVersion(version),
|
|
94
|
+
}),
|
|
95
|
+
});
|
|
96
|
+
clearTimeout(timeoutId);
|
|
97
|
+
if (!response.ok) {
|
|
98
|
+
return [];
|
|
99
|
+
}
|
|
100
|
+
const data = (await response.json());
|
|
101
|
+
return data.vulns ?? [];
|
|
102
|
+
}
|
|
103
|
+
catch {
|
|
104
|
+
clearTimeout(timeoutId);
|
|
105
|
+
return [];
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Map CVSS score to severity level.
|
|
110
|
+
*/
|
|
111
|
+
function cvssToSeverity(cvss) {
|
|
112
|
+
if (cvss >= 9.0)
|
|
113
|
+
return 'critical';
|
|
114
|
+
if (cvss >= 7.0)
|
|
115
|
+
return 'high';
|
|
116
|
+
if (cvss >= 4.0)
|
|
117
|
+
return 'medium';
|
|
118
|
+
return 'low';
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Extract the highest CVSS score from OSV severity data.
|
|
122
|
+
*/
|
|
123
|
+
function extractCVSS(vuln) {
|
|
124
|
+
if (!vuln.severity)
|
|
125
|
+
return null;
|
|
126
|
+
for (const sev of vuln.severity) {
|
|
127
|
+
if (sev.type === 'CVSS_V3' || sev.type === 'CVSS_V2') {
|
|
128
|
+
const score = parseFloat(sev.score);
|
|
129
|
+
if (!isNaN(score))
|
|
130
|
+
return score;
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
return null;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Get CVE ID from aliases if available.
|
|
137
|
+
*/
|
|
138
|
+
function getCVE(vuln) {
|
|
139
|
+
if (vuln.aliases) {
|
|
140
|
+
for (const alias of vuln.aliases) {
|
|
141
|
+
if (alias.startsWith('CVE-'))
|
|
142
|
+
return alias;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
return null;
|
|
146
|
+
}
|
|
64
147
|
// ---------------------------------------------------------------------------
|
|
65
148
|
// Main pass
|
|
66
149
|
// ---------------------------------------------------------------------------
|
|
@@ -70,6 +153,7 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
70
153
|
const concurrency = options.concurrency ?? 5;
|
|
71
154
|
const timeout = options.timeout ?? 5000;
|
|
72
155
|
const skipSet = new Set(options.skipPackages ?? []);
|
|
156
|
+
const checkVulnerabilities = options.checkVulnerabilities ?? false;
|
|
73
157
|
// Read package.json
|
|
74
158
|
const rootPkgPath = path.join(projectPath, 'package.json');
|
|
75
159
|
let deps = {};
|
|
@@ -93,8 +177,9 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
93
177
|
const depEntries = Object.entries(deps).filter(([name, version]) => !isLocalDep(version) && !skipSet.has(name));
|
|
94
178
|
// Fetch with concurrency limiting
|
|
95
179
|
const queue = new PQueue({ concurrency });
|
|
96
|
-
const tasks = depEntries.map(([depName]) => queue.add(async () => {
|
|
180
|
+
const tasks = depEntries.map(([depName, currentVersion]) => queue.add(async () => {
|
|
97
181
|
const info = await fetchPackageInfo(depName, timeout);
|
|
182
|
+
// Staleness check
|
|
98
183
|
if (info.lastPublishDate) {
|
|
99
184
|
const daysSince = (Date.now() - info.lastPublishDate.getTime()) / (1000 * 60 * 60 * 24);
|
|
100
185
|
const tier = classifyStaleness(daysSince);
|
|
@@ -107,12 +192,16 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
107
192
|
location: { file: 'package.json' },
|
|
108
193
|
meta: {
|
|
109
194
|
dependency: depName,
|
|
195
|
+
currentVersion,
|
|
196
|
+
latestVersion: info.latestVersion,
|
|
110
197
|
daysSincePublish: Math.floor(daysSince),
|
|
111
198
|
lastPublishDate: info.lastPublishDate.toISOString(),
|
|
199
|
+
findingType: 'staleness',
|
|
112
200
|
},
|
|
113
201
|
});
|
|
114
202
|
}
|
|
115
203
|
}
|
|
204
|
+
// Maintainer check
|
|
116
205
|
if (info.maintainerCount === 0) {
|
|
117
206
|
findings.push({
|
|
118
207
|
pass: 'dependency-staleness',
|
|
@@ -120,9 +209,40 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
120
209
|
severity: 'high',
|
|
121
210
|
message: `"${depName}" has zero maintainers`,
|
|
122
211
|
location: { file: 'package.json' },
|
|
123
|
-
meta: {
|
|
212
|
+
meta: {
|
|
213
|
+
dependency: depName,
|
|
214
|
+
currentVersion,
|
|
215
|
+
maintainerCount: 0,
|
|
216
|
+
findingType: 'maintainer',
|
|
217
|
+
},
|
|
124
218
|
});
|
|
125
219
|
}
|
|
220
|
+
// Vulnerability check (if enabled)
|
|
221
|
+
if (checkVulnerabilities) {
|
|
222
|
+
const vulns = await fetchVulnerabilities(depName, currentVersion, timeout);
|
|
223
|
+
for (const vuln of vulns) {
|
|
224
|
+
const cvss = extractCVSS(vuln);
|
|
225
|
+
const severity = cvss !== null ? cvssToSeverity(cvss) : 'medium';
|
|
226
|
+
const cve = getCVE(vuln);
|
|
227
|
+
findings.push({
|
|
228
|
+
pass: 'dependency-staleness',
|
|
229
|
+
ruleId: 'dep-vulnerability',
|
|
230
|
+
severity,
|
|
231
|
+
message: `"${depName}@${normalizeVersion(currentVersion)}" has known vulnerability ${vuln.id}${cve ? ` (${cve})` : ''}`,
|
|
232
|
+
location: { file: 'package.json' },
|
|
233
|
+
meta: {
|
|
234
|
+
dependency: depName,
|
|
235
|
+
currentVersion: normalizeVersion(currentVersion),
|
|
236
|
+
latestVersion: info.latestVersion,
|
|
237
|
+
vulnId: vuln.id,
|
|
238
|
+
cve: cve ?? undefined,
|
|
239
|
+
cvss: cvss ?? undefined,
|
|
240
|
+
summary: vuln.summary ?? undefined,
|
|
241
|
+
findingType: 'vulnerability',
|
|
242
|
+
},
|
|
243
|
+
});
|
|
244
|
+
}
|
|
245
|
+
}
|
|
126
246
|
}));
|
|
127
247
|
await Promise.allSettled(tasks);
|
|
128
248
|
let deduction = 0;
|
|
@@ -138,5 +258,5 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
138
258
|
};
|
|
139
259
|
}
|
|
140
260
|
// Exports for testing
|
|
141
|
-
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, fetchPackageInfo };
|
|
261
|
+
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, OSV_API_BASE, fetchPackageInfo, fetchVulnerabilities, normalizeVersion, cvssToSeverity, };
|
|
142
262
|
//# sourceMappingURL=dependency-staleness.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-staleness.js","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"dependency-staleness.js","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,MAAM,MAAM,SAAS,CAAC;AAC7B,OAAO,EAIL,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAErB,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;AACvD,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AAOnF,MAAM,eAAe,GAAoB;IACvC,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAI,WAAW;IACxD,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAI,WAAW;IACzD,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAO,UAAU;CACzD,CAAC;AAmBF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACrE,CAAC;AAQD,KAAK,UAAU,gBAAgB,CAC7B,WAAmB,EACnB,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,iBAAiB,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,IAAI,IAAI,CAAC;QACxD,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;YACrD,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM;YACzB,CAAC,CAAC,CAAC,CAAC,CAAC;QAEP,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,gBAAwB;IACjD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,gBAAgB,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAiBD;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,WAAmB,EACnB,OAAe,EACf,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,YAAY,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE;oBACP,IAAI,EAAE,WAAW;oBACjB,SAAS,EAAE,KAAK;iBACjB;gBACD,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC;aACnC,CAAC;SACH,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IACjC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAsB;IACzC,IAAI,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,MAAM,CAAC,IAAsB;IACpC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,WAAmB,EACnB,UAAsC,EAAE;IAExC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IACxC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,KAAK,CAAC;IAEnE,oBAAoB;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAC5C,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAChE,CAAC;IAEF,kCAAkC;IAClC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,EAAE,CACzD,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEtD,kBAAkB;QAClB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,SAAS,GACb,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAE1C,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,MAAM,EAAE,iBAAiB,IAAI,CAAC,QAAQ,EAAE;oBACxC,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,IAAI,OAAO,oBAAoB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW;oBACxE,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;oBAClC,IAAI,EAAE;wBACJ,UAAU,EAAE,OAAO;wBACnB,cAAc;wBACd,aAAa,EAAE,IAAI,CAAC,aAAa;wBACjC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;wBACvC,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE;wBACnD,WAAW,EAAE,WAAW;qBACzB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,eAAe,KAAK,CAAC,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,IAAI,OAAO,wBAAwB;gBAC5C,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,cAAc;oBACd,eAAe,EAAE,CAAC;oBAClB,WAAW,EAAE,YAAY;iBAC1B;aACF,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAC3E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACjE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;gBAEzB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,IAAI,OAAO,IAAI,gBAAgB,CAAC,cAAc,CAAC,6BAA6B,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;oBACvH,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;oBAClC,IAAI,EAAE;wBACJ,UAAU,EAAE,OAAO;wBACnB,cAAc,EAAE,gBAAgB,CAAC,cAAc,CAAC;wBAChD,aAAa,EAAE,IAAI,CAAC,aAAa;wBACjC,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,GAAG,EAAE,GAAG,IAAI,SAAS;wBACrB,IAAI,EAAE,IAAI,IAAI,SAAS;wBACvB,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS;wBAClC,WAAW,EAAE,eAAe;qBAC7B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAEhC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAI,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,sBAAsB;AACtB,OAAO,EACL,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,GACf,CAAC"}
|
|
@@ -1,16 +1,38 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* T5: Typosquat Detection Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Compares dependency names against
|
|
5
|
-
*
|
|
4
|
+
* Compares dependency names against popular npm packages using:
|
|
5
|
+
* - Levenshtein distance (edit distance 1-2)
|
|
6
|
+
* - Homoglyph detection (rn→m, 1→l, 0→O, etc.)
|
|
7
|
+
* - npm registry popularity check (weekly downloads)
|
|
6
8
|
*
|
|
7
9
|
* Score: 100 − Σ(deduction), clamped [0, 100].
|
|
8
|
-
* distance 1 → severity=high (−25 points)
|
|
10
|
+
* distance 1 / homoglyph → severity=high (−25 points)
|
|
9
11
|
* distance 2 → severity=medium (−10 points)
|
|
10
12
|
*/
|
|
11
13
|
import { type TrustPassResult } from '../types.js';
|
|
12
14
|
declare const TOP_PACKAGES: Set<string>;
|
|
13
15
|
declare function levenshtein(a: string, b: string): number;
|
|
16
|
+
/**
|
|
17
|
+
* Common homoglyph substitutions used in typosquatting attacks.
|
|
18
|
+
* Maps visually similar character sequences.
|
|
19
|
+
*/
|
|
20
|
+
declare const HOMOGLYPH_MAP: Array<[string, string]>;
|
|
21
|
+
/**
|
|
22
|
+
* Check if `candidate` could be a homoglyph attack on `target`.
|
|
23
|
+
* Returns the matched homoglyph substitution or null.
|
|
24
|
+
*/
|
|
25
|
+
declare function detectHomoglyph(candidate: string, target: string): string | null;
|
|
26
|
+
/** Minimum weekly downloads to be considered "popular" */
|
|
27
|
+
declare const POPULARITY_THRESHOLD = 100000;
|
|
28
|
+
interface PopularityResult {
|
|
29
|
+
downloads: number;
|
|
30
|
+
isPopular: boolean;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Query npm downloads API for a package's weekly download count.
|
|
34
|
+
*/
|
|
35
|
+
declare function fetchPackagePopularity(packageName: string, timeout: number): Promise<PopularityResult | null>;
|
|
14
36
|
export interface TyposquatDetectionOptions {
|
|
15
37
|
/** Maximum edit distance to flag (default: 2) */
|
|
16
38
|
maxDistance?: number;
|
|
@@ -18,6 +40,14 @@ export interface TyposquatDetectionOptions {
|
|
|
18
40
|
additionalKnownPackages?: string[];
|
|
19
41
|
/** Include devDependencies (default: true) */
|
|
20
42
|
includeDevDeps?: boolean;
|
|
43
|
+
/** Enable homoglyph detection (default: true) */
|
|
44
|
+
checkHomoglyphs?: boolean;
|
|
45
|
+
/** Query npm for popularity data (default: false for speed) */
|
|
46
|
+
checkPopularity?: boolean;
|
|
47
|
+
/** Concurrency for npm registry requests (default: 5) */
|
|
48
|
+
concurrency?: number;
|
|
49
|
+
/** Timeout per request in ms (default: 3000) */
|
|
50
|
+
timeout?: number;
|
|
21
51
|
}
|
|
22
52
|
/**
|
|
23
53
|
* Strip npm scope prefix for comparison.
|
|
@@ -29,5 +59,5 @@ declare function stripScope(name: string): string;
|
|
|
29
59
|
* Run the typosquat-detection trust pass.
|
|
30
60
|
*/
|
|
31
61
|
export declare function typosquatDetectionPass(projectPath: string, options?: TyposquatDetectionOptions): Promise<TrustPassResult>;
|
|
32
|
-
export { levenshtein, stripScope, TOP_PACKAGES };
|
|
62
|
+
export { levenshtein, stripScope, detectHomoglyph, fetchPackagePopularity, TOP_PACKAGES, HOMOGLYPH_MAP, POPULARITY_THRESHOLD, };
|
|
33
63
|
//# sourceMappingURL=typosquat-detection.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typosquat-detection.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"typosquat-detection.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,EACL,KAAK,eAAe,EAErB,MAAM,aAAa,CAAC;AAMrB,QAAA,MAAM,YAAY,aAqBhB,CAAC;AAMH,iBAAS,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAsBjD;AAMD;;;GAGG;AACH,QAAA,MAAM,aAAa,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAW1C,CAAC;AAEF;;;GAGG;AACH,iBAAS,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAoBzE;AAQD,0DAA0D;AAC1D,QAAA,MAAM,oBAAoB,SAAU,CAAC;AAErC,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,iBAAe,sBAAsB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CA4BlC;AAMD,MAAM,WAAW,yBAAyB;IACxC,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mDAAmD;IACnD,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,8CAA8C;IAC9C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iDAAiD;IACjD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+DAA+D;IAC/D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAgBD;;;;GAIG;AACH,iBAAS,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAExC;AAcD;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,eAAe,CAAC,CA0K1B;AAGD,OAAO,EACL,WAAW,EACX,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,CAAC"}
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* T5: Typosquat Detection Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Compares dependency names against
|
|
5
|
-
*
|
|
4
|
+
* Compares dependency names against popular npm packages using:
|
|
5
|
+
* - Levenshtein distance (edit distance 1-2)
|
|
6
|
+
* - Homoglyph detection (rn→m, 1→l, 0→O, etc.)
|
|
7
|
+
* - npm registry popularity check (weekly downloads)
|
|
6
8
|
*
|
|
7
9
|
* Score: 100 − Σ(deduction), clamped [0, 100].
|
|
8
|
-
* distance 1 → severity=high (−25 points)
|
|
10
|
+
* distance 1 / homoglyph → severity=high (−25 points)
|
|
9
11
|
* distance 2 → severity=medium (−10 points)
|
|
10
12
|
*/
|
|
11
13
|
import * as fs from 'fs';
|
|
12
14
|
import * as path from 'path';
|
|
15
|
+
import PQueue from 'p-queue';
|
|
13
16
|
// ---------------------------------------------------------------------------
|
|
14
17
|
// Top npm packages (popular targets for typosquatting)
|
|
15
18
|
// ---------------------------------------------------------------------------
|
|
@@ -59,6 +62,81 @@ function levenshtein(a, b) {
|
|
|
59
62
|
}
|
|
60
63
|
return prev[b.length];
|
|
61
64
|
}
|
|
65
|
+
// ---------------------------------------------------------------------------
|
|
66
|
+
// Homoglyph Detection
|
|
67
|
+
// ---------------------------------------------------------------------------
|
|
68
|
+
/**
|
|
69
|
+
* Common homoglyph substitutions used in typosquatting attacks.
|
|
70
|
+
* Maps visually similar character sequences.
|
|
71
|
+
*/
|
|
72
|
+
const HOMOGLYPH_MAP = [
|
|
73
|
+
['rn', 'm'], // Most common: "rn" looks like "m"
|
|
74
|
+
['cl', 'd'], // "cl" looks like "d"
|
|
75
|
+
['vv', 'w'], // "vv" looks like "w"
|
|
76
|
+
['1', 'l'], // Number 1 looks like lowercase L
|
|
77
|
+
['l', '1'], // Reverse
|
|
78
|
+
['0', 'o'], // Number 0 looks like letter O
|
|
79
|
+
['o', '0'], // Reverse
|
|
80
|
+
['i', 'j'], // i and j are similar
|
|
81
|
+
['nn', 'm'], // "nn" looks like "m"
|
|
82
|
+
['ii', 'u'], // "ii" can look like "u"
|
|
83
|
+
];
|
|
84
|
+
/**
|
|
85
|
+
* Check if `candidate` could be a homoglyph attack on `target`.
|
|
86
|
+
* Returns the matched homoglyph substitution or null.
|
|
87
|
+
*/
|
|
88
|
+
function detectHomoglyph(candidate, target) {
|
|
89
|
+
const candidateLower = candidate.toLowerCase();
|
|
90
|
+
const targetLower = target.toLowerCase();
|
|
91
|
+
// Try each homoglyph substitution
|
|
92
|
+
for (const [from, to] of HOMOGLYPH_MAP) {
|
|
93
|
+
// Forward: candidate has `from`, target has `to`
|
|
94
|
+
const candidateNormalized = candidateLower.replace(new RegExp(from, 'g'), to);
|
|
95
|
+
if (candidateNormalized === targetLower && candidateLower !== targetLower) {
|
|
96
|
+
return `${from}→${to}`;
|
|
97
|
+
}
|
|
98
|
+
// Reverse: candidate has `to`, target has `from`
|
|
99
|
+
const candidateReverse = candidateLower.replace(new RegExp(to, 'g'), from);
|
|
100
|
+
if (candidateReverse === targetLower && candidateLower !== targetLower) {
|
|
101
|
+
return `${to}→${from}`;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
// ---------------------------------------------------------------------------
|
|
107
|
+
// npm Registry Popularity Check
|
|
108
|
+
// ---------------------------------------------------------------------------
|
|
109
|
+
const NPM_DOWNLOADS_API = 'https://api.npmjs.org/downloads/point/last-week';
|
|
110
|
+
/** Minimum weekly downloads to be considered "popular" */
|
|
111
|
+
const POPULARITY_THRESHOLD = 100_000;
|
|
112
|
+
/**
|
|
113
|
+
* Query npm downloads API for a package's weekly download count.
|
|
114
|
+
*/
|
|
115
|
+
async function fetchPackagePopularity(packageName, timeout) {
|
|
116
|
+
const controller = new AbortController();
|
|
117
|
+
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
118
|
+
try {
|
|
119
|
+
const url = `${NPM_DOWNLOADS_API}/${encodeURIComponent(packageName)}`;
|
|
120
|
+
const response = await fetch(url, {
|
|
121
|
+
signal: controller.signal,
|
|
122
|
+
headers: { Accept: 'application/json' },
|
|
123
|
+
});
|
|
124
|
+
clearTimeout(timeoutId);
|
|
125
|
+
if (!response.ok) {
|
|
126
|
+
return null;
|
|
127
|
+
}
|
|
128
|
+
const data = (await response.json());
|
|
129
|
+
const downloads = data.downloads ?? 0;
|
|
130
|
+
return {
|
|
131
|
+
downloads,
|
|
132
|
+
isPopular: downloads >= POPULARITY_THRESHOLD,
|
|
133
|
+
};
|
|
134
|
+
}
|
|
135
|
+
catch {
|
|
136
|
+
clearTimeout(timeoutId);
|
|
137
|
+
return null;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
62
140
|
/**
|
|
63
141
|
* Well-known scope prefixes that are not typosquatting vectors.
|
|
64
142
|
* Packages under these scopes compare the full scoped name, not just the bare part.
|
|
@@ -98,7 +176,11 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
98
176
|
const findings = [];
|
|
99
177
|
const maxDist = options.maxDistance ?? 2;
|
|
100
178
|
const includeDevDeps = options.includeDevDeps ?? true;
|
|
101
|
-
|
|
179
|
+
const checkHomoglyphs = options.checkHomoglyphs ?? true;
|
|
180
|
+
const checkPopularity = options.checkPopularity ?? false;
|
|
181
|
+
const concurrency = options.concurrency ?? 5;
|
|
182
|
+
const timeout = options.timeout ?? 3000;
|
|
183
|
+
// Build known-good set from hardcoded list
|
|
102
184
|
const knownGood = new Set(TOP_PACKAGES);
|
|
103
185
|
for (const pkg of options.additionalKnownPackages ?? []) {
|
|
104
186
|
knownGood.add(pkg);
|
|
@@ -122,6 +204,41 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
122
204
|
durationMs: Date.now() - start,
|
|
123
205
|
};
|
|
124
206
|
}
|
|
207
|
+
// If checking popularity, fetch download counts for potential matches
|
|
208
|
+
const popularityCache = new Map();
|
|
209
|
+
if (checkPopularity) {
|
|
210
|
+
const queue = new PQueue({ concurrency });
|
|
211
|
+
const packagesToCheck = new Set();
|
|
212
|
+
// Collect packages that might be typosquats (similar to deps)
|
|
213
|
+
for (const depName of Object.keys(deps)) {
|
|
214
|
+
const bare = stripScope(depName);
|
|
215
|
+
if (knownGood.has(bare) || knownGood.has(depName))
|
|
216
|
+
continue;
|
|
217
|
+
const scope = getScope(depName);
|
|
218
|
+
if (scope && TRUSTED_SCOPES.has(scope))
|
|
219
|
+
continue;
|
|
220
|
+
if (bare.length < MIN_NAME_LENGTH)
|
|
221
|
+
continue;
|
|
222
|
+
// Find similar packages to check popularity
|
|
223
|
+
for (const known of knownGood) {
|
|
224
|
+
if (Math.abs(bare.length - known.length) <= maxDist) {
|
|
225
|
+
const dist = levenshtein(bare, known);
|
|
226
|
+
if (dist >= 1 && dist <= maxDist) {
|
|
227
|
+
packagesToCheck.add(known);
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
// Fetch popularity for similar packages
|
|
233
|
+
const tasks = [...packagesToCheck].map((pkg) => queue.add(async () => {
|
|
234
|
+
const result = await fetchPackagePopularity(pkg, timeout);
|
|
235
|
+
if (result) {
|
|
236
|
+
popularityCache.set(pkg, result);
|
|
237
|
+
}
|
|
238
|
+
}));
|
|
239
|
+
await Promise.allSettled(tasks);
|
|
240
|
+
}
|
|
241
|
+
// Check each dependency
|
|
125
242
|
for (const depName of Object.keys(deps)) {
|
|
126
243
|
const bare = stripScope(depName);
|
|
127
244
|
// Skip exact matches (they ARE the popular package)
|
|
@@ -134,7 +251,36 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
134
251
|
// Skip very short bare names (too many false positives)
|
|
135
252
|
if (bare.length < MIN_NAME_LENGTH)
|
|
136
253
|
continue;
|
|
137
|
-
//
|
|
254
|
+
// Check for homoglyph attacks first (higher priority)
|
|
255
|
+
if (checkHomoglyphs) {
|
|
256
|
+
for (const known of knownGood) {
|
|
257
|
+
const homoglyph = detectHomoglyph(bare, known);
|
|
258
|
+
if (homoglyph) {
|
|
259
|
+
const popularity = popularityCache.get(known);
|
|
260
|
+
findings.push({
|
|
261
|
+
pass: 'typosquat-detection',
|
|
262
|
+
ruleId: 'typosquat-homoglyph',
|
|
263
|
+
severity: 'high',
|
|
264
|
+
message: `"${depName}" uses homoglyph substitution (${homoglyph}) to mimic "${known}"`,
|
|
265
|
+
location: { file: 'package.json' },
|
|
266
|
+
meta: {
|
|
267
|
+
dependency: depName,
|
|
268
|
+
similarTo: known,
|
|
269
|
+
homoglyph,
|
|
270
|
+
detectionMethod: 'homoglyph',
|
|
271
|
+
deductionPoints: 25,
|
|
272
|
+
...(popularity && { targetDownloads: popularity.downloads }),
|
|
273
|
+
},
|
|
274
|
+
});
|
|
275
|
+
break; // Only report first homoglyph match
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
// Skip Levenshtein check if already flagged as homoglyph
|
|
280
|
+
const alreadyFlagged = findings.some((f) => f.meta?.dependency === depName);
|
|
281
|
+
if (alreadyFlagged)
|
|
282
|
+
continue;
|
|
283
|
+
// Compare against all known-good packages using Levenshtein
|
|
138
284
|
let bestDist = Infinity;
|
|
139
285
|
let bestMatch = '';
|
|
140
286
|
for (const known of knownGood) {
|
|
@@ -152,6 +298,7 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
152
298
|
if (bestDist >= 1 && bestDist <= maxDist) {
|
|
153
299
|
const severity = bestDist === 1 ? 'high' : 'medium';
|
|
154
300
|
const deductionPoints = bestDist === 1 ? 25 : 10;
|
|
301
|
+
const popularity = popularityCache.get(bestMatch);
|
|
155
302
|
findings.push({
|
|
156
303
|
pass: 'typosquat-detection',
|
|
157
304
|
ruleId: `typosquat-distance-${bestDist}`,
|
|
@@ -160,9 +307,11 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
160
307
|
location: { file: 'package.json' },
|
|
161
308
|
meta: {
|
|
162
309
|
dependency: depName,
|
|
163
|
-
|
|
164
|
-
|
|
310
|
+
similarTo: bestMatch,
|
|
311
|
+
distance: bestDist,
|
|
312
|
+
detectionMethod: 'levenshtein',
|
|
165
313
|
deductionPoints,
|
|
314
|
+
...(popularity && { targetDownloads: popularity.downloads }),
|
|
166
315
|
},
|
|
167
316
|
});
|
|
168
317
|
}
|
|
@@ -181,5 +330,5 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
181
330
|
};
|
|
182
331
|
}
|
|
183
332
|
// Export for testing
|
|
184
|
-
export { levenshtein, stripScope, TOP_PACKAGES };
|
|
333
|
+
export { levenshtein, stripScope, detectHomoglyph, fetchPackagePopularity, TOP_PACKAGES, HOMOGLYPH_MAP, POPULARITY_THRESHOLD, };
|
|
185
334
|
//# sourceMappingURL=typosquat-detection.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typosquat-detection.js","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAM7B,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;IACzD,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO;IAC3D,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IAC7D,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAC/D,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACvD,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW;IACzD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc;IAC/D,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU;IACpD,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAClD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IACtD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAC9C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAClD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACjD,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB;IAC7D,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO;IACjD,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC1B,MAAM,EAAE,QAAQ,EAAE,KAAK;CACxB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACpC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IAEpC,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAChB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAQ,WAAW;YAC9B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAI,YAAY;YAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CACnB,CAAC;QACJ,CAAC;QACD,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAeD;;;GAGG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;IACnD,kBAAkB,EAAE,oBAAoB,EAAE,SAAS;IACnD,UAAU,EAAE,QAAQ,EAAE,eAAe;IACrC,UAAU,EAAE,SAAS,EAAE,OAAO;IAC9B,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,WAAW,EAAE,OAAO,EAAE,SAAS;IAC/B,SAAS,EAAE,SAAS;CACrB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,oEAAoE;AACpE,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,UAAqC,EAAE;IAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC;IAEtD,uBAAuB;IACvB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,uBAAuB,IAAI,EAAE,EAAE,CAAC;QACxD,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAEjC,oDAAoD;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAE5D,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAEjD,wDAAwD;QACxD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;YAAE,SAAS;QAE5C,0CAA0C;QAC1C,IAAI,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,SAAS,GAAG,EAAE,CAAC;QAEnB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,4BAA4B;YAC5B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,OAAO;gBAAE,SAAS;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;YACD,IAAI,IAAI,KAAK,CAAC;gBAAE,MAAM,CAAC,2CAA2C;QACpE,CAAC;QAED,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAe,CAAC,CAAC,CAAC,QAAiB,CAAC;YACtE,MAAM,eAAe,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAEjD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,MAAM,EAAE,sBAAsB,QAAQ,EAAE;gBACxC,QAAQ;gBACR,OAAO,EAAE,IAAI,OAAO,QAAQ,QAAQ,uCAAuC,SAAS,GAAG;gBACvF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,cAAc,EAAE,SAAS;oBACzB,YAAY,EAAE,QAAQ;oBACtB,eAAe;iBAChB;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAK,CAAC,CAAC,IAAI,EAAE,eAA0B,IAAI,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,qBAAqB;AACrB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"typosquat-detection.js","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,MAAM,MAAM,SAAS,CAAC;AAM7B,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;IACzD,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO;IAC3D,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IAC7D,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAC/D,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACvD,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW;IACzD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc;IAC/D,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU;IACpD,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAClD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IACtD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAC9C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAClD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACjD,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB;IAC7D,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO;IACjD,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC1B,MAAM,EAAE,QAAQ,EAAE,KAAK;CACxB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACpC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IAEpC,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAChB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAQ,WAAW;YAC9B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAI,YAAY;YAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CACnB,CAAC;QACJ,CAAC;QACD,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,aAAa,GAA4B;IAC7C,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,mCAAmC;IAClD,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,kCAAkC;IACjD,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,UAAU;IACzB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,+BAA+B;IAC9C,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,UAAU;IACzB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,yBAAyB;CACzC,CAAC;AAEF;;;GAGG;AACH,SAAS,eAAe,CAAC,SAAiB,EAAE,MAAc;IACxD,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,kCAAkC;IAClC,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC;QACvC,iDAAiD;QACjD,MAAM,mBAAmB,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9E,IAAI,mBAAmB,KAAK,WAAW,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;YAC1E,OAAO,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACzB,CAAC;QAED,iDAAiD;QACjD,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3E,IAAI,gBAAgB,KAAK,WAAW,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;YACvE,OAAO,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,iDAAiD,CAAC;AAE5E,0DAA0D;AAC1D,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAOrC;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,WAAmB,EACnB,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,iBAAiB,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC;QAEtC,OAAO;YACL,SAAS;YACT,SAAS,EAAE,SAAS,IAAI,oBAAoB;SAC7C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAuBD;;;GAGG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;IACnD,kBAAkB,EAAE,oBAAoB,EAAE,SAAS;IACnD,UAAU,EAAE,QAAQ,EAAE,eAAe;IACrC,UAAU,EAAE,SAAS,EAAE,OAAO;IAC9B,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,WAAW,EAAE,OAAO,EAAE,SAAS;IAC/B,SAAS,EAAE,SAAS;CACrB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,oEAAoE;AACpE,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,UAAqC,EAAE;IAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC;IACtD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,IAAI,CAAC;IACxD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IAExC,2CAA2C;IAC3C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,uBAAuB,IAAI,EAAE,EAAE,CAAC;QACxD,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,eAAe,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC5D,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YACjD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;gBAAE,SAAS;YAE5C,4CAA4C;YAC5C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;oBACpD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;wBACjC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,MAAM,KAAK,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC7C,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC1D,IAAI,MAAM,EAAE,CAAC;gBACX,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACnC,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QACF,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAEjC,oDAAoD;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAE5D,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAEjD,wDAAwD;QACxD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;YAAE,SAAS;QAE5C,sDAAsD;QACtD,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC/C,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC9C,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,qBAAqB;wBAC3B,MAAM,EAAE,qBAAqB;wBAC7B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,IAAI,OAAO,kCAAkC,SAAS,eAAe,KAAK,GAAG;wBACtF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;wBAClC,IAAI,EAAE;4BACJ,UAAU,EAAE,OAAO;4BACnB,SAAS,EAAE,KAAK;4BAChB,SAAS;4BACT,eAAe,EAAE,WAAW;4BAC5B,eAAe,EAAE,EAAE;4BACnB,GAAG,CAAC,UAAU,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;yBAC7D;qBACF,CAAC,CAAC;oBACH,MAAM,CAAC,oCAAoC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAE,CAAC,CAAC,IAAI,EAAE,UAAqB,KAAK,OAAO,CAClD,CAAC;QACF,IAAI,cAAc;YAAE,SAAS;QAE7B,4DAA4D;QAC5D,IAAI,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,SAAS,GAAG,EAAE,CAAC;QAEnB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,4BAA4B;YAC5B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,OAAO;gBAAE,SAAS;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;YACD,IAAI,IAAI,KAAK,CAAC;gBAAE,MAAM,CAAC,2CAA2C;QACpE,CAAC;QAED,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAe,CAAC,CAAC,CAAC,QAAiB,CAAC;YACtE,MAAM,eAAe,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAElD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,MAAM,EAAE,sBAAsB,QAAQ,EAAE;gBACxC,QAAQ;gBACR,OAAO,EAAE,IAAI,OAAO,QAAQ,QAAQ,uCAAuC,SAAS,GAAG;gBACvF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,SAAS,EAAE,SAAS;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,eAAe,EAAE,aAAa;oBAC9B,eAAe;oBACf,GAAG,CAAC,UAAU,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;iBAC7D;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAK,CAAC,CAAC,IAAI,EAAE,eAA0B,IAAI,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,qBAAqB;AACrB,OAAO,EACL,WAAW,EACX,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,CAAC"}
|