circle-ir-ai 2.8.2 → 2.8.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +78 -0
- package/dist/trust/passes/dependency-staleness.d.ts +29 -4
- package/dist/trust/passes/dependency-staleness.d.ts.map +1 -1
- package/dist/trust/passes/dependency-staleness.js +122 -5
- package/dist/trust/passes/dependency-staleness.js.map +1 -1
- package/dist/trust/passes/typosquat-detection.d.ts +34 -4
- package/dist/trust/passes/typosquat-detection.d.ts.map +1 -1
- package/dist/trust/passes/typosquat-detection.js +157 -8
- package/dist/trust/passes/typosquat-detection.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,84 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.8.5] - 2026-06-09
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
|
|
12
|
+
- **#84: CWE-Bench-Java runner produced 2 unrecoverable JSON parse
|
|
13
|
+
errors with `gemma3:12b`** (and any other local Ollama model) on
|
|
14
|
+
the 2026-06-09 run. Root cause turned out to be two distinct bugs
|
|
15
|
+
in `benchmarks/runners/run-cwe-bench-java.ts`:
|
|
16
|
+
|
|
17
|
+
**(1) Deterministic context overflow on large files (#118
|
|
18
|
+
rocketmq).** The Ollama `/v1/chat/completions` (OpenAI-compat)
|
|
19
|
+
endpoint defaults to `num_ctx=8192` — much smaller than the
|
|
20
|
+
model's native context window. `AdminBrokerProcessor.java`
|
|
21
|
+
(2655 lines, ~35K tokens) filled the entire prompt buffer,
|
|
22
|
+
leaving exactly 1 token for the response ("Okay"). The parser
|
|
23
|
+
then logged `No JSON found in response`.
|
|
24
|
+
|
|
25
|
+
Repro confirmed with `num_ctx∈{8192,16384}` → `eval_count=1`,
|
|
26
|
+
`num_ctx∈{32768,49152}` → `eval_count≈630`, valid array of 5
|
|
27
|
+
entries.
|
|
28
|
+
|
|
29
|
+
Fix: the runner now sets `options.num_ctx=32768` for any
|
|
30
|
+
`localhost:11434` / `127.0.0.1:11434` base URL. Honors
|
|
31
|
+
`LLM_OLLAMA_NUM_CTX` override for users with smaller VRAM or
|
|
32
|
+
models that don't support 32K (rare). 32K covers every file
|
|
33
|
+
in CWE-Bench-Java; gemma3:12b / qwen3-coder:30b / llama3 all
|
|
34
|
+
support 32K natively in <10GB VRAM.
|
|
35
|
+
|
|
36
|
+
**(2) Transient temp=0 stochasticity on tiny files (#109
|
|
37
|
+
spring-security).** `DefaultHttpFirewall.java` is 68 lines and
|
|
38
|
+
the parse error did NOT reproduce on 3 fresh repro attempts —
|
|
39
|
+
diagnosed as KV-cache / batch-grouping non-determinism that
|
|
40
|
+
surfaces at ~1% rate even with `temperature=0`.
|
|
41
|
+
|
|
42
|
+
Fix: added a single retry on any JSON parse failure
|
|
43
|
+
(`PARSE_ERR_ARRAY`, `PARSE_ERR_OBJECT`, `NO_JSON`). One retry
|
|
44
|
+
is sufficient because the failure is non-deterministic; a
|
|
45
|
+
second consecutive failure indicates a real prompt/model
|
|
46
|
+
problem worth recording as `parseError` in stats. Adds at
|
|
47
|
+
most ~1% extra LLM calls in the worst case, ~0 in the
|
|
48
|
+
common case.
|
|
49
|
+
|
|
50
|
+
Together these fixes should drop gemma3:12b's failure rate
|
|
51
|
+
from 2/109 (1.8%) to ~0/109. Smoke-tested on #118 only —
|
|
52
|
+
full re-run will happen on next benchmark cycle.
|
|
53
|
+
|
|
54
|
+
New env var: `LLM_OLLAMA_NUM_CTX` (integer, defaults to
|
|
55
|
+
32768). Only consulted when the LLM base URL is local
|
|
56
|
+
Ollama.
|
|
57
|
+
|
|
58
|
+
## [2.8.4] - 2026-06-09
|
|
59
|
+
|
|
60
|
+
### Fixed
|
|
61
|
+
|
|
62
|
+
- **#72: benchmark runners ignored externally-set env vars (e.g.
|
|
63
|
+
`LLM_ENRICHMENT_MODEL`).** Symptom: `LLM_ENRICHMENT_MODEL=gpt-oss-120b
|
|
64
|
+
npm run benchmark:cwe` silently used whatever value was in the local
|
|
65
|
+
`.env` instead — masking LLM uplift in CWE-Bench-Java runs and
|
|
66
|
+
producing static-only numbers when the user had explicitly requested
|
|
67
|
+
an LLM model on the command line.
|
|
68
|
+
|
|
69
|
+
Root cause: 4 benchmark runners loaded `.env` via `dotenv.config()`
|
|
70
|
+
with its default `override: true` behavior, so `.env` clobbered any
|
|
71
|
+
pre-existing `process.env` value (the opposite of POSIX
|
|
72
|
+
precedence).
|
|
73
|
+
|
|
74
|
+
Fix: pass `{ override: false }` in all four call sites:
|
|
75
|
+
- `benchmarks/runners/run-cwe-bench-java.ts`
|
|
76
|
+
- `benchmarks/runners/run-all-benchmarks-parallel.ts`
|
|
77
|
+
- `benchmarks/instruction-safety/run-benchmark.ts`
|
|
78
|
+
- `benchmarks/skills/run-skills-benchmark.ts`
|
|
79
|
+
|
|
80
|
+
External env vars (CLI invocation, exported shell vars) now win;
|
|
81
|
+
`.env` is consulted only for keys not already set. `circle-pack`'s
|
|
82
|
+
`src/api/server.ts` is intentionally left as-is — different threat
|
|
83
|
+
model (production REST server where `.env` is the canonical config
|
|
84
|
+
source).
|
|
85
|
+
|
|
8
86
|
## [2.7.19] - 2026-05-28
|
|
9
87
|
|
|
10
88
|
### Versioning policy
|
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* T3: Dependency Staleness Trust Pass
|
|
2
|
+
* T3: Dependency Staleness & Vulnerability Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Checks
|
|
5
|
-
*
|
|
4
|
+
* Checks dependencies for:
|
|
5
|
+
* 1. Staleness: last publish date via npm registry API
|
|
6
|
+
* 2. Known vulnerabilities: via OSV (Open Source Vulnerabilities) API
|
|
6
7
|
*
|
|
7
8
|
* Uses native fetch() (Node 18+) with p-queue for concurrency limiting.
|
|
8
9
|
* Network errors are handled gracefully (skip, don't penalize).
|
|
9
10
|
*/
|
|
10
11
|
import { type TrustPassResult, type TrustSeverity } from '../types.js';
|
|
11
12
|
declare const NPM_REGISTRY_BASE = "https://registry.npmjs.org";
|
|
13
|
+
declare const OSV_API_BASE = "https://api.osv.dev/v1";
|
|
12
14
|
interface StalenessTier {
|
|
13
15
|
thresholdDays: number;
|
|
14
16
|
severity: TrustSeverity;
|
|
@@ -23,6 +25,8 @@ export interface DependencyStalenessOptions {
|
|
|
23
25
|
includeDevDeps?: boolean;
|
|
24
26
|
/** Packages to skip */
|
|
25
27
|
skipPackages?: string[];
|
|
28
|
+
/** Check for known vulnerabilities via OSV (default: false for speed) */
|
|
29
|
+
checkVulnerabilities?: boolean;
|
|
26
30
|
}
|
|
27
31
|
declare function isLocalDep(version: string): boolean;
|
|
28
32
|
interface RegistryResult {
|
|
@@ -31,6 +35,27 @@ interface RegistryResult {
|
|
|
31
35
|
maintainerCount: number;
|
|
32
36
|
}
|
|
33
37
|
declare function fetchPackageInfo(packageName: string, timeout: number): Promise<RegistryResult>;
|
|
38
|
+
interface OSVVulnerability {
|
|
39
|
+
id: string;
|
|
40
|
+
summary?: string;
|
|
41
|
+
severity?: Array<{
|
|
42
|
+
type: string;
|
|
43
|
+
score: string;
|
|
44
|
+
}>;
|
|
45
|
+
aliases?: string[];
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Normalize a semver version for OSV query (strip leading ^ ~ etc.)
|
|
49
|
+
*/
|
|
50
|
+
declare function normalizeVersion(version: string): string;
|
|
51
|
+
/**
|
|
52
|
+
* Query OSV API for vulnerabilities affecting a package version.
|
|
53
|
+
*/
|
|
54
|
+
declare function fetchVulnerabilities(packageName: string, version: string, timeout: number): Promise<OSVVulnerability[]>;
|
|
55
|
+
/**
|
|
56
|
+
* Map CVSS score to severity level.
|
|
57
|
+
*/
|
|
58
|
+
declare function cvssToSeverity(cvss: number): TrustSeverity;
|
|
34
59
|
export declare function dependencyStalenessPass(projectPath: string, options?: DependencyStalenessOptions): Promise<TrustPassResult>;
|
|
35
|
-
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, fetchPackageInfo };
|
|
60
|
+
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, OSV_API_BASE, fetchPackageInfo, fetchVulnerabilities, normalizeVersion, cvssToSeverity, };
|
|
36
61
|
//# sourceMappingURL=dependency-staleness.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-staleness.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"dependency-staleness.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,KAAK,eAAe,EAEpB,KAAK,aAAa,EAEnB,MAAM,aAAa,CAAC;AAMrB,QAAA,MAAM,iBAAiB,+BAA+B,CAAC;AACvD,QAAA,MAAM,YAAY,2BAA2B,CAAC;AAI9C,UAAU,aAAa;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,aAAa,CAAC;CACzB;AAED,QAAA,MAAM,eAAe,EAAE,aAAa,EAInC,CAAC;AAMF,MAAM,WAAW,0BAA0B;IACzC,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yEAAyE;IACzE,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAMD,iBAAS,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE5C;AAED,UAAU,cAAc;IACtB,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,iBAAe,gBAAgB,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,cAAc,CAAC,CAmCzB;AAeD,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAMD;;GAEG;AACH,iBAAS,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;GAEG;AACH,iBAAe,oBAAoB,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAkC7B;AAED;;GAEG;AACH,iBAAS,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CAKnD;AAiCD,wBAAsB,uBAAuB,CAC3C,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,0BAA+B,GACvC,OAAO,CAAC,eAAe,CAAC,CA6H1B;AAGD,OAAO,EACL,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,GACf,CAAC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* T3: Dependency Staleness Trust Pass
|
|
2
|
+
* T3: Dependency Staleness & Vulnerability Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Checks
|
|
5
|
-
*
|
|
4
|
+
* Checks dependencies for:
|
|
5
|
+
* 1. Staleness: last publish date via npm registry API
|
|
6
|
+
* 2. Known vulnerabilities: via OSV (Open Source Vulnerabilities) API
|
|
6
7
|
*
|
|
7
8
|
* Uses native fetch() (Node 18+) with p-queue for concurrency limiting.
|
|
8
9
|
* Network errors are handled gracefully (skip, don't penalize).
|
|
@@ -15,6 +16,7 @@ import { SEVERITY_WEIGHTS, } from '../types.js';
|
|
|
15
16
|
// Constants
|
|
16
17
|
// ---------------------------------------------------------------------------
|
|
17
18
|
const NPM_REGISTRY_BASE = 'https://registry.npmjs.org';
|
|
19
|
+
const OSV_API_BASE = 'https://api.osv.dev/v1';
|
|
18
20
|
const LOCAL_PREFIXES = ['file:', 'link:', 'git:', 'git+', 'github:', 'workspace:'];
|
|
19
21
|
const STALENESS_TIERS = [
|
|
20
22
|
{ thresholdDays: 1095, severity: 'high' }, // >3 years
|
|
@@ -62,6 +64,86 @@ function classifyStaleness(daysSincePublish) {
|
|
|
62
64
|
}
|
|
63
65
|
return null;
|
|
64
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Normalize a semver version for OSV query (strip leading ^ ~ etc.)
|
|
69
|
+
*/
|
|
70
|
+
function normalizeVersion(version) {
|
|
71
|
+
return version.replace(/^[\^~>=<]+/, '').split(' ')[0];
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Query OSV API for vulnerabilities affecting a package version.
|
|
75
|
+
*/
|
|
76
|
+
async function fetchVulnerabilities(packageName, version, timeout) {
|
|
77
|
+
const controller = new AbortController();
|
|
78
|
+
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
79
|
+
try {
|
|
80
|
+
const url = `${OSV_API_BASE}/query`;
|
|
81
|
+
const response = await fetch(url, {
|
|
82
|
+
method: 'POST',
|
|
83
|
+
signal: controller.signal,
|
|
84
|
+
headers: {
|
|
85
|
+
'Content-Type': 'application/json',
|
|
86
|
+
Accept: 'application/json',
|
|
87
|
+
},
|
|
88
|
+
body: JSON.stringify({
|
|
89
|
+
package: {
|
|
90
|
+
name: packageName,
|
|
91
|
+
ecosystem: 'npm',
|
|
92
|
+
},
|
|
93
|
+
version: normalizeVersion(version),
|
|
94
|
+
}),
|
|
95
|
+
});
|
|
96
|
+
clearTimeout(timeoutId);
|
|
97
|
+
if (!response.ok) {
|
|
98
|
+
return [];
|
|
99
|
+
}
|
|
100
|
+
const data = (await response.json());
|
|
101
|
+
return data.vulns ?? [];
|
|
102
|
+
}
|
|
103
|
+
catch {
|
|
104
|
+
clearTimeout(timeoutId);
|
|
105
|
+
return [];
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Map CVSS score to severity level.
|
|
110
|
+
*/
|
|
111
|
+
function cvssToSeverity(cvss) {
|
|
112
|
+
if (cvss >= 9.0)
|
|
113
|
+
return 'critical';
|
|
114
|
+
if (cvss >= 7.0)
|
|
115
|
+
return 'high';
|
|
116
|
+
if (cvss >= 4.0)
|
|
117
|
+
return 'medium';
|
|
118
|
+
return 'low';
|
|
119
|
+
}
|
|
120
|
+
/**
|
|
121
|
+
* Extract the highest CVSS score from OSV severity data.
|
|
122
|
+
*/
|
|
123
|
+
function extractCVSS(vuln) {
|
|
124
|
+
if (!vuln.severity)
|
|
125
|
+
return null;
|
|
126
|
+
for (const sev of vuln.severity) {
|
|
127
|
+
if (sev.type === 'CVSS_V3' || sev.type === 'CVSS_V2') {
|
|
128
|
+
const score = parseFloat(sev.score);
|
|
129
|
+
if (!isNaN(score))
|
|
130
|
+
return score;
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
return null;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Get CVE ID from aliases if available.
|
|
137
|
+
*/
|
|
138
|
+
function getCVE(vuln) {
|
|
139
|
+
if (vuln.aliases) {
|
|
140
|
+
for (const alias of vuln.aliases) {
|
|
141
|
+
if (alias.startsWith('CVE-'))
|
|
142
|
+
return alias;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
return null;
|
|
146
|
+
}
|
|
65
147
|
// ---------------------------------------------------------------------------
|
|
66
148
|
// Main pass
|
|
67
149
|
// ---------------------------------------------------------------------------
|
|
@@ -71,6 +153,7 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
71
153
|
const concurrency = options.concurrency ?? 5;
|
|
72
154
|
const timeout = options.timeout ?? 5000;
|
|
73
155
|
const skipSet = new Set(options.skipPackages ?? []);
|
|
156
|
+
const checkVulnerabilities = options.checkVulnerabilities ?? false;
|
|
74
157
|
// Read package.json
|
|
75
158
|
const rootPkgPath = path.join(projectPath, 'package.json');
|
|
76
159
|
let deps = {};
|
|
@@ -96,6 +179,7 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
96
179
|
const queue = new PQueue({ concurrency });
|
|
97
180
|
const tasks = depEntries.map(([depName, currentVersion]) => queue.add(async () => {
|
|
98
181
|
const info = await fetchPackageInfo(depName, timeout);
|
|
182
|
+
// Staleness check
|
|
99
183
|
if (info.lastPublishDate) {
|
|
100
184
|
const daysSince = (Date.now() - info.lastPublishDate.getTime()) / (1000 * 60 * 60 * 24);
|
|
101
185
|
const tier = classifyStaleness(daysSince);
|
|
@@ -112,10 +196,12 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
112
196
|
latestVersion: info.latestVersion,
|
|
113
197
|
daysSincePublish: Math.floor(daysSince),
|
|
114
198
|
lastPublishDate: info.lastPublishDate.toISOString(),
|
|
199
|
+
findingType: 'staleness',
|
|
115
200
|
},
|
|
116
201
|
});
|
|
117
202
|
}
|
|
118
203
|
}
|
|
204
|
+
// Maintainer check
|
|
119
205
|
if (info.maintainerCount === 0) {
|
|
120
206
|
findings.push({
|
|
121
207
|
pass: 'dependency-staleness',
|
|
@@ -123,9 +209,40 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
123
209
|
severity: 'high',
|
|
124
210
|
message: `"${depName}" has zero maintainers`,
|
|
125
211
|
location: { file: 'package.json' },
|
|
126
|
-
meta: {
|
|
212
|
+
meta: {
|
|
213
|
+
dependency: depName,
|
|
214
|
+
currentVersion,
|
|
215
|
+
maintainerCount: 0,
|
|
216
|
+
findingType: 'maintainer',
|
|
217
|
+
},
|
|
127
218
|
});
|
|
128
219
|
}
|
|
220
|
+
// Vulnerability check (if enabled)
|
|
221
|
+
if (checkVulnerabilities) {
|
|
222
|
+
const vulns = await fetchVulnerabilities(depName, currentVersion, timeout);
|
|
223
|
+
for (const vuln of vulns) {
|
|
224
|
+
const cvss = extractCVSS(vuln);
|
|
225
|
+
const severity = cvss !== null ? cvssToSeverity(cvss) : 'medium';
|
|
226
|
+
const cve = getCVE(vuln);
|
|
227
|
+
findings.push({
|
|
228
|
+
pass: 'dependency-staleness',
|
|
229
|
+
ruleId: 'dep-vulnerability',
|
|
230
|
+
severity,
|
|
231
|
+
message: `"${depName}@${normalizeVersion(currentVersion)}" has known vulnerability ${vuln.id}${cve ? ` (${cve})` : ''}`,
|
|
232
|
+
location: { file: 'package.json' },
|
|
233
|
+
meta: {
|
|
234
|
+
dependency: depName,
|
|
235
|
+
currentVersion: normalizeVersion(currentVersion),
|
|
236
|
+
latestVersion: info.latestVersion,
|
|
237
|
+
vulnId: vuln.id,
|
|
238
|
+
cve: cve ?? undefined,
|
|
239
|
+
cvss: cvss ?? undefined,
|
|
240
|
+
summary: vuln.summary ?? undefined,
|
|
241
|
+
findingType: 'vulnerability',
|
|
242
|
+
},
|
|
243
|
+
});
|
|
244
|
+
}
|
|
245
|
+
}
|
|
129
246
|
}));
|
|
130
247
|
await Promise.allSettled(tasks);
|
|
131
248
|
let deduction = 0;
|
|
@@ -141,5 +258,5 @@ export async function dependencyStalenessPass(projectPath, options = {}) {
|
|
|
141
258
|
};
|
|
142
259
|
}
|
|
143
260
|
// Exports for testing
|
|
144
|
-
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, fetchPackageInfo };
|
|
261
|
+
export { isLocalDep, STALENESS_TIERS, NPM_REGISTRY_BASE, OSV_API_BASE, fetchPackageInfo, fetchVulnerabilities, normalizeVersion, cvssToSeverity, };
|
|
145
262
|
//# sourceMappingURL=dependency-staleness.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-staleness.js","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"dependency-staleness.js","sourceRoot":"","sources":["../../../src/trust/passes/dependency-staleness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,MAAM,MAAM,SAAS,CAAC;AAC7B,OAAO,EAIL,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAErB,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;AACvD,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AAOnF,MAAM,eAAe,GAAoB;IACvC,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAI,WAAW;IACxD,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAI,WAAW;IACzD,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAO,UAAU;CACzD,CAAC;AAmBF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACrE,CAAC;AAQD,KAAK,UAAU,gBAAgB,CAC7B,WAAmB,EACnB,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,iBAAiB,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC;QAC7E,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,IAAI,IAAI,CAAC;QACxD,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;YACrD,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM;YACzB,CAAC,CAAC,CAAC,CAAC,CAAC;QAEP,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,gBAAwB;IACjD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,IAAI,gBAAgB,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAiBD;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,OAAO,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,WAAmB,EACnB,OAAe,EACf,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,YAAY,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE;oBACP,IAAI,EAAE,WAAW;oBACjB,SAAS,EAAE,KAAK;iBACjB;gBACD,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC;aACnC,CAAC;SACH,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,IAAI,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IACjC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAsB;IACzC,IAAI,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEhC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,MAAM,CAAC,IAAsB;IACpC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC7C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,WAAmB,EACnB,UAAsC,EAAE;IAExC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IACxC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;IACpD,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,IAAI,KAAK,CAAC;IAEnE,oBAAoB;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAC5C,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAChE,CAAC;IAEF,kCAAkC;IAClC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,EAAE,CACzD,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEtD,kBAAkB;QAClB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,SAAS,GACb,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAE1C,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,MAAM,EAAE,iBAAiB,IAAI,CAAC,QAAQ,EAAE;oBACxC,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,IAAI,OAAO,oBAAoB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW;oBACxE,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;oBAClC,IAAI,EAAE;wBACJ,UAAU,EAAE,OAAO;wBACnB,cAAc;wBACd,aAAa,EAAE,IAAI,CAAC,aAAa;wBACjC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;wBACvC,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE;wBACnD,WAAW,EAAE,WAAW;qBACzB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,eAAe,KAAK,CAAC,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,IAAI,OAAO,wBAAwB;gBAC5C,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,cAAc;oBACd,eAAe,EAAE,CAAC;oBAClB,WAAW,EAAE,YAAY;iBAC1B;aACF,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAC3E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACjE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;gBAEzB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,IAAI,OAAO,IAAI,gBAAgB,CAAC,cAAc,CAAC,6BAA6B,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;oBACvH,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;oBAClC,IAAI,EAAE;wBACJ,UAAU,EAAE,OAAO;wBACnB,cAAc,EAAE,gBAAgB,CAAC,cAAc,CAAC;wBAChD,aAAa,EAAE,IAAI,CAAC,aAAa;wBACjC,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,GAAG,EAAE,GAAG,IAAI,SAAS;wBACrB,IAAI,EAAE,IAAI,IAAI,SAAS;wBACvB,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS;wBAClC,WAAW,EAAE,eAAe;qBAC7B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAEhC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAI,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,sBAAsB;AACtB,OAAO,EACL,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,GACf,CAAC"}
|
|
@@ -1,16 +1,38 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* T5: Typosquat Detection Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Compares dependency names against
|
|
5
|
-
*
|
|
4
|
+
* Compares dependency names against popular npm packages using:
|
|
5
|
+
* - Levenshtein distance (edit distance 1-2)
|
|
6
|
+
* - Homoglyph detection (rn→m, 1→l, 0→O, etc.)
|
|
7
|
+
* - npm registry popularity check (weekly downloads)
|
|
6
8
|
*
|
|
7
9
|
* Score: 100 − Σ(deduction), clamped [0, 100].
|
|
8
|
-
* distance 1 → severity=high (−25 points)
|
|
10
|
+
* distance 1 / homoglyph → severity=high (−25 points)
|
|
9
11
|
* distance 2 → severity=medium (−10 points)
|
|
10
12
|
*/
|
|
11
13
|
import { type TrustPassResult } from '../types.js';
|
|
12
14
|
declare const TOP_PACKAGES: Set<string>;
|
|
13
15
|
declare function levenshtein(a: string, b: string): number;
|
|
16
|
+
/**
|
|
17
|
+
* Common homoglyph substitutions used in typosquatting attacks.
|
|
18
|
+
* Maps visually similar character sequences.
|
|
19
|
+
*/
|
|
20
|
+
declare const HOMOGLYPH_MAP: Array<[string, string]>;
|
|
21
|
+
/**
|
|
22
|
+
* Check if `candidate` could be a homoglyph attack on `target`.
|
|
23
|
+
* Returns the matched homoglyph substitution or null.
|
|
24
|
+
*/
|
|
25
|
+
declare function detectHomoglyph(candidate: string, target: string): string | null;
|
|
26
|
+
/** Minimum weekly downloads to be considered "popular" */
|
|
27
|
+
declare const POPULARITY_THRESHOLD = 100000;
|
|
28
|
+
interface PopularityResult {
|
|
29
|
+
downloads: number;
|
|
30
|
+
isPopular: boolean;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Query npm downloads API for a package's weekly download count.
|
|
34
|
+
*/
|
|
35
|
+
declare function fetchPackagePopularity(packageName: string, timeout: number): Promise<PopularityResult | null>;
|
|
14
36
|
export interface TyposquatDetectionOptions {
|
|
15
37
|
/** Maximum edit distance to flag (default: 2) */
|
|
16
38
|
maxDistance?: number;
|
|
@@ -18,6 +40,14 @@ export interface TyposquatDetectionOptions {
|
|
|
18
40
|
additionalKnownPackages?: string[];
|
|
19
41
|
/** Include devDependencies (default: true) */
|
|
20
42
|
includeDevDeps?: boolean;
|
|
43
|
+
/** Enable homoglyph detection (default: true) */
|
|
44
|
+
checkHomoglyphs?: boolean;
|
|
45
|
+
/** Query npm for popularity data (default: false for speed) */
|
|
46
|
+
checkPopularity?: boolean;
|
|
47
|
+
/** Concurrency for npm registry requests (default: 5) */
|
|
48
|
+
concurrency?: number;
|
|
49
|
+
/** Timeout per request in ms (default: 3000) */
|
|
50
|
+
timeout?: number;
|
|
21
51
|
}
|
|
22
52
|
/**
|
|
23
53
|
* Strip npm scope prefix for comparison.
|
|
@@ -29,5 +59,5 @@ declare function stripScope(name: string): string;
|
|
|
29
59
|
* Run the typosquat-detection trust pass.
|
|
30
60
|
*/
|
|
31
61
|
export declare function typosquatDetectionPass(projectPath: string, options?: TyposquatDetectionOptions): Promise<TrustPassResult>;
|
|
32
|
-
export { levenshtein, stripScope, TOP_PACKAGES };
|
|
62
|
+
export { levenshtein, stripScope, detectHomoglyph, fetchPackagePopularity, TOP_PACKAGES, HOMOGLYPH_MAP, POPULARITY_THRESHOLD, };
|
|
33
63
|
//# sourceMappingURL=typosquat-detection.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typosquat-detection.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"typosquat-detection.d.ts","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,EACL,KAAK,eAAe,EAErB,MAAM,aAAa,CAAC;AAMrB,QAAA,MAAM,YAAY,aAqBhB,CAAC;AAMH,iBAAS,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAsBjD;AAMD;;;GAGG;AACH,QAAA,MAAM,aAAa,EAAE,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAW1C,CAAC;AAEF;;;GAGG;AACH,iBAAS,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAoBzE;AAQD,0DAA0D;AAC1D,QAAA,MAAM,oBAAoB,SAAU,CAAC;AAErC,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,iBAAe,sBAAsB,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CA4BlC;AAMD,MAAM,WAAW,yBAAyB;IACxC,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mDAAmD;IACnD,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,8CAA8C;IAC9C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iDAAiD;IACjD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+DAA+D;IAC/D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAgBD;;;;GAIG;AACH,iBAAS,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAExC;AAcD;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,eAAe,CAAC,CA0K1B;AAGD,OAAO,EACL,WAAW,EACX,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,CAAC"}
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* T5: Typosquat Detection Trust Pass
|
|
3
3
|
*
|
|
4
|
-
* Compares dependency names against
|
|
5
|
-
*
|
|
4
|
+
* Compares dependency names against popular npm packages using:
|
|
5
|
+
* - Levenshtein distance (edit distance 1-2)
|
|
6
|
+
* - Homoglyph detection (rn→m, 1→l, 0→O, etc.)
|
|
7
|
+
* - npm registry popularity check (weekly downloads)
|
|
6
8
|
*
|
|
7
9
|
* Score: 100 − Σ(deduction), clamped [0, 100].
|
|
8
|
-
* distance 1 → severity=high (−25 points)
|
|
10
|
+
* distance 1 / homoglyph → severity=high (−25 points)
|
|
9
11
|
* distance 2 → severity=medium (−10 points)
|
|
10
12
|
*/
|
|
11
13
|
import * as fs from 'fs';
|
|
12
14
|
import * as path from 'path';
|
|
15
|
+
import PQueue from 'p-queue';
|
|
13
16
|
// ---------------------------------------------------------------------------
|
|
14
17
|
// Top npm packages (popular targets for typosquatting)
|
|
15
18
|
// ---------------------------------------------------------------------------
|
|
@@ -59,6 +62,81 @@ function levenshtein(a, b) {
|
|
|
59
62
|
}
|
|
60
63
|
return prev[b.length];
|
|
61
64
|
}
|
|
65
|
+
// ---------------------------------------------------------------------------
|
|
66
|
+
// Homoglyph Detection
|
|
67
|
+
// ---------------------------------------------------------------------------
|
|
68
|
+
/**
|
|
69
|
+
* Common homoglyph substitutions used in typosquatting attacks.
|
|
70
|
+
* Maps visually similar character sequences.
|
|
71
|
+
*/
|
|
72
|
+
const HOMOGLYPH_MAP = [
|
|
73
|
+
['rn', 'm'], // Most common: "rn" looks like "m"
|
|
74
|
+
['cl', 'd'], // "cl" looks like "d"
|
|
75
|
+
['vv', 'w'], // "vv" looks like "w"
|
|
76
|
+
['1', 'l'], // Number 1 looks like lowercase L
|
|
77
|
+
['l', '1'], // Reverse
|
|
78
|
+
['0', 'o'], // Number 0 looks like letter O
|
|
79
|
+
['o', '0'], // Reverse
|
|
80
|
+
['i', 'j'], // i and j are similar
|
|
81
|
+
['nn', 'm'], // "nn" looks like "m"
|
|
82
|
+
['ii', 'u'], // "ii" can look like "u"
|
|
83
|
+
];
|
|
84
|
+
/**
|
|
85
|
+
* Check if `candidate` could be a homoglyph attack on `target`.
|
|
86
|
+
* Returns the matched homoglyph substitution or null.
|
|
87
|
+
*/
|
|
88
|
+
function detectHomoglyph(candidate, target) {
|
|
89
|
+
const candidateLower = candidate.toLowerCase();
|
|
90
|
+
const targetLower = target.toLowerCase();
|
|
91
|
+
// Try each homoglyph substitution
|
|
92
|
+
for (const [from, to] of HOMOGLYPH_MAP) {
|
|
93
|
+
// Forward: candidate has `from`, target has `to`
|
|
94
|
+
const candidateNormalized = candidateLower.replace(new RegExp(from, 'g'), to);
|
|
95
|
+
if (candidateNormalized === targetLower && candidateLower !== targetLower) {
|
|
96
|
+
return `${from}→${to}`;
|
|
97
|
+
}
|
|
98
|
+
// Reverse: candidate has `to`, target has `from`
|
|
99
|
+
const candidateReverse = candidateLower.replace(new RegExp(to, 'g'), from);
|
|
100
|
+
if (candidateReverse === targetLower && candidateLower !== targetLower) {
|
|
101
|
+
return `${to}→${from}`;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
// ---------------------------------------------------------------------------
|
|
107
|
+
// npm Registry Popularity Check
|
|
108
|
+
// ---------------------------------------------------------------------------
|
|
109
|
+
const NPM_DOWNLOADS_API = 'https://api.npmjs.org/downloads/point/last-week';
|
|
110
|
+
/** Minimum weekly downloads to be considered "popular" */
|
|
111
|
+
const POPULARITY_THRESHOLD = 100_000;
|
|
112
|
+
/**
|
|
113
|
+
* Query npm downloads API for a package's weekly download count.
|
|
114
|
+
*/
|
|
115
|
+
async function fetchPackagePopularity(packageName, timeout) {
|
|
116
|
+
const controller = new AbortController();
|
|
117
|
+
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
118
|
+
try {
|
|
119
|
+
const url = `${NPM_DOWNLOADS_API}/${encodeURIComponent(packageName)}`;
|
|
120
|
+
const response = await fetch(url, {
|
|
121
|
+
signal: controller.signal,
|
|
122
|
+
headers: { Accept: 'application/json' },
|
|
123
|
+
});
|
|
124
|
+
clearTimeout(timeoutId);
|
|
125
|
+
if (!response.ok) {
|
|
126
|
+
return null;
|
|
127
|
+
}
|
|
128
|
+
const data = (await response.json());
|
|
129
|
+
const downloads = data.downloads ?? 0;
|
|
130
|
+
return {
|
|
131
|
+
downloads,
|
|
132
|
+
isPopular: downloads >= POPULARITY_THRESHOLD,
|
|
133
|
+
};
|
|
134
|
+
}
|
|
135
|
+
catch {
|
|
136
|
+
clearTimeout(timeoutId);
|
|
137
|
+
return null;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
62
140
|
/**
|
|
63
141
|
* Well-known scope prefixes that are not typosquatting vectors.
|
|
64
142
|
* Packages under these scopes compare the full scoped name, not just the bare part.
|
|
@@ -98,7 +176,11 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
98
176
|
const findings = [];
|
|
99
177
|
const maxDist = options.maxDistance ?? 2;
|
|
100
178
|
const includeDevDeps = options.includeDevDeps ?? true;
|
|
101
|
-
|
|
179
|
+
const checkHomoglyphs = options.checkHomoglyphs ?? true;
|
|
180
|
+
const checkPopularity = options.checkPopularity ?? false;
|
|
181
|
+
const concurrency = options.concurrency ?? 5;
|
|
182
|
+
const timeout = options.timeout ?? 3000;
|
|
183
|
+
// Build known-good set from hardcoded list
|
|
102
184
|
const knownGood = new Set(TOP_PACKAGES);
|
|
103
185
|
for (const pkg of options.additionalKnownPackages ?? []) {
|
|
104
186
|
knownGood.add(pkg);
|
|
@@ -122,6 +204,41 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
122
204
|
durationMs: Date.now() - start,
|
|
123
205
|
};
|
|
124
206
|
}
|
|
207
|
+
// If checking popularity, fetch download counts for potential matches
|
|
208
|
+
const popularityCache = new Map();
|
|
209
|
+
if (checkPopularity) {
|
|
210
|
+
const queue = new PQueue({ concurrency });
|
|
211
|
+
const packagesToCheck = new Set();
|
|
212
|
+
// Collect packages that might be typosquats (similar to deps)
|
|
213
|
+
for (const depName of Object.keys(deps)) {
|
|
214
|
+
const bare = stripScope(depName);
|
|
215
|
+
if (knownGood.has(bare) || knownGood.has(depName))
|
|
216
|
+
continue;
|
|
217
|
+
const scope = getScope(depName);
|
|
218
|
+
if (scope && TRUSTED_SCOPES.has(scope))
|
|
219
|
+
continue;
|
|
220
|
+
if (bare.length < MIN_NAME_LENGTH)
|
|
221
|
+
continue;
|
|
222
|
+
// Find similar packages to check popularity
|
|
223
|
+
for (const known of knownGood) {
|
|
224
|
+
if (Math.abs(bare.length - known.length) <= maxDist) {
|
|
225
|
+
const dist = levenshtein(bare, known);
|
|
226
|
+
if (dist >= 1 && dist <= maxDist) {
|
|
227
|
+
packagesToCheck.add(known);
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
// Fetch popularity for similar packages
|
|
233
|
+
const tasks = [...packagesToCheck].map((pkg) => queue.add(async () => {
|
|
234
|
+
const result = await fetchPackagePopularity(pkg, timeout);
|
|
235
|
+
if (result) {
|
|
236
|
+
popularityCache.set(pkg, result);
|
|
237
|
+
}
|
|
238
|
+
}));
|
|
239
|
+
await Promise.allSettled(tasks);
|
|
240
|
+
}
|
|
241
|
+
// Check each dependency
|
|
125
242
|
for (const depName of Object.keys(deps)) {
|
|
126
243
|
const bare = stripScope(depName);
|
|
127
244
|
// Skip exact matches (they ARE the popular package)
|
|
@@ -134,7 +251,36 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
134
251
|
// Skip very short bare names (too many false positives)
|
|
135
252
|
if (bare.length < MIN_NAME_LENGTH)
|
|
136
253
|
continue;
|
|
137
|
-
//
|
|
254
|
+
// Check for homoglyph attacks first (higher priority)
|
|
255
|
+
if (checkHomoglyphs) {
|
|
256
|
+
for (const known of knownGood) {
|
|
257
|
+
const homoglyph = detectHomoglyph(bare, known);
|
|
258
|
+
if (homoglyph) {
|
|
259
|
+
const popularity = popularityCache.get(known);
|
|
260
|
+
findings.push({
|
|
261
|
+
pass: 'typosquat-detection',
|
|
262
|
+
ruleId: 'typosquat-homoglyph',
|
|
263
|
+
severity: 'high',
|
|
264
|
+
message: `"${depName}" uses homoglyph substitution (${homoglyph}) to mimic "${known}"`,
|
|
265
|
+
location: { file: 'package.json' },
|
|
266
|
+
meta: {
|
|
267
|
+
dependency: depName,
|
|
268
|
+
similarTo: known,
|
|
269
|
+
homoglyph,
|
|
270
|
+
detectionMethod: 'homoglyph',
|
|
271
|
+
deductionPoints: 25,
|
|
272
|
+
...(popularity && { targetDownloads: popularity.downloads }),
|
|
273
|
+
},
|
|
274
|
+
});
|
|
275
|
+
break; // Only report first homoglyph match
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
// Skip Levenshtein check if already flagged as homoglyph
|
|
280
|
+
const alreadyFlagged = findings.some((f) => f.meta?.dependency === depName);
|
|
281
|
+
if (alreadyFlagged)
|
|
282
|
+
continue;
|
|
283
|
+
// Compare against all known-good packages using Levenshtein
|
|
138
284
|
let bestDist = Infinity;
|
|
139
285
|
let bestMatch = '';
|
|
140
286
|
for (const known of knownGood) {
|
|
@@ -152,6 +298,7 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
152
298
|
if (bestDist >= 1 && bestDist <= maxDist) {
|
|
153
299
|
const severity = bestDist === 1 ? 'high' : 'medium';
|
|
154
300
|
const deductionPoints = bestDist === 1 ? 25 : 10;
|
|
301
|
+
const popularity = popularityCache.get(bestMatch);
|
|
155
302
|
findings.push({
|
|
156
303
|
pass: 'typosquat-detection',
|
|
157
304
|
ruleId: `typosquat-distance-${bestDist}`,
|
|
@@ -160,9 +307,11 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
160
307
|
location: { file: 'package.json' },
|
|
161
308
|
meta: {
|
|
162
309
|
dependency: depName,
|
|
163
|
-
|
|
164
|
-
|
|
310
|
+
similarTo: bestMatch,
|
|
311
|
+
distance: bestDist,
|
|
312
|
+
detectionMethod: 'levenshtein',
|
|
165
313
|
deductionPoints,
|
|
314
|
+
...(popularity && { targetDownloads: popularity.downloads }),
|
|
166
315
|
},
|
|
167
316
|
});
|
|
168
317
|
}
|
|
@@ -181,5 +330,5 @@ export async function typosquatDetectionPass(projectPath, options = {}) {
|
|
|
181
330
|
};
|
|
182
331
|
}
|
|
183
332
|
// Export for testing
|
|
184
|
-
export { levenshtein, stripScope, TOP_PACKAGES };
|
|
333
|
+
export { levenshtein, stripScope, detectHomoglyph, fetchPackagePopularity, TOP_PACKAGES, HOMOGLYPH_MAP, POPULARITY_THRESHOLD, };
|
|
185
334
|
//# sourceMappingURL=typosquat-detection.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typosquat-detection.js","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAM7B,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;IACzD,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO;IAC3D,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IAC7D,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAC/D,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACvD,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW;IACzD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc;IAC/D,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU;IACpD,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAClD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IACtD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAC9C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAClD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACjD,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB;IAC7D,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO;IACjD,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC1B,MAAM,EAAE,QAAQ,EAAE,KAAK;CACxB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACpC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IAEpC,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAChB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAQ,WAAW;YAC9B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAI,YAAY;YAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CACnB,CAAC;QACJ,CAAC;QACD,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAeD;;;GAGG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;IACnD,kBAAkB,EAAE,oBAAoB,EAAE,SAAS;IACnD,UAAU,EAAE,QAAQ,EAAE,eAAe;IACrC,UAAU,EAAE,SAAS,EAAE,OAAO;IAC9B,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,WAAW,EAAE,OAAO,EAAE,SAAS;IAC/B,SAAS,EAAE,SAAS;CACrB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,oEAAoE;AACpE,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,UAAqC,EAAE;IAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC;IAEtD,uBAAuB;IACvB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,uBAAuB,IAAI,EAAE,EAAE,CAAC;QACxD,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAEjC,oDAAoD;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAE5D,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAEjD,wDAAwD;QACxD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;YAAE,SAAS;QAE5C,0CAA0C;QAC1C,IAAI,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,SAAS,GAAG,EAAE,CAAC;QAEnB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,4BAA4B;YAC5B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,OAAO;gBAAE,SAAS;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;YACD,IAAI,IAAI,KAAK,CAAC;gBAAE,MAAM,CAAC,2CAA2C;QACpE,CAAC;QAED,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAe,CAAC,CAAC,CAAC,QAAiB,CAAC;YACtE,MAAM,eAAe,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAEjD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,MAAM,EAAE,sBAAsB,QAAQ,EAAE;gBACxC,QAAQ;gBACR,OAAO,EAAE,IAAI,OAAO,QAAQ,QAAQ,uCAAuC,SAAS,GAAG;gBACvF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,cAAc,EAAE,SAAS;oBACzB,YAAY,EAAE,QAAQ;oBACtB,eAAe;iBAChB;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAK,CAAC,CAAC,IAAI,EAAE,eAA0B,IAAI,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,qBAAqB;AACrB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"typosquat-detection.js","sourceRoot":"","sources":["../../../src/trust/passes/typosquat-detection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,MAAM,MAAM,SAAS,CAAC;AAM7B,8EAA8E;AAC9E,uDAAuD;AACvD,8EAA8E;AAE9E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS;IACzD,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO;IAC3D,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;IAC7D,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;IAC/D,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACvD,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW;IACzD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc;IAC/D,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU;IACpD,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAClD,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IACtD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAC9C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU;IAClD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACjD,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB;IAC7D,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO;IACjD,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IAC1B,MAAM,EAAE,QAAQ,EAAE,KAAK;CACxB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;IACvC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtB,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IACpC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC,MAAM,CAAC;IAEpC,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAChB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAQ,WAAW;YAC9B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAI,YAAY;YAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CACnB,CAAC;QACJ,CAAC;QACD,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,aAAa,GAA4B;IAC7C,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,mCAAmC;IAClD,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,kCAAkC;IACjD,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,UAAU;IACzB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,+BAA+B;IAC9C,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,UAAU;IACzB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAK,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,sBAAsB;IACrC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAI,yBAAyB;CACzC,CAAC;AAEF;;;GAGG;AACH,SAAS,eAAe,CAAC,SAAiB,EAAE,MAAc;IACxD,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IAEzC,kCAAkC;IAClC,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC;QACvC,iDAAiD;QACjD,MAAM,mBAAmB,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9E,IAAI,mBAAmB,KAAK,WAAW,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;YAC1E,OAAO,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACzB,CAAC;QAED,iDAAiD;QACjD,MAAM,gBAAgB,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3E,IAAI,gBAAgB,KAAK,WAAW,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;YACvE,OAAO,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,iDAAiD,CAAC;AAE5E,0DAA0D;AAC1D,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAOrC;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,WAAmB,EACnB,OAAe;IAEf,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,iBAAiB,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC;QAEtC,OAAO;YACL,SAAS;YACT,SAAS,EAAE,SAAS,IAAI,oBAAoB;SAC7C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,CAAC,SAAS,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAuBD;;;GAGG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;IACnD,kBAAkB,EAAE,oBAAoB,EAAE,SAAS;IACnD,UAAU,EAAE,QAAQ,EAAE,eAAe;IACrC,UAAU,EAAE,SAAS,EAAE,OAAO;IAC9B,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,WAAW,EAAE,OAAO,EAAE,SAAS;IAC/B,SAAS,EAAE,SAAS;CACrB,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,IAAY;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,oEAAoE;AACpE,MAAM,eAAe,GAAG,CAAC,CAAC;AAE1B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,UAAqC,EAAE;IAEvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC;IACtD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,IAAI,CAAC;IACxD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IAExC,2CAA2C;IAC3C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,uBAAuB,IAAI,EAAE,EAAE,CAAC;QACxD,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3D,IAAI,IAAI,GAA2B,EAAE,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACvC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,GAAG;YACV,QAAQ,EAAE,EAAE;YACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC/B,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,eAAe,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC5D,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,8DAA8D;QAC9D,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC5D,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS;YACjD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;gBAAE,SAAS;YAE5C,4CAA4C;YAC5C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;oBACpD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBACtC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;wBACjC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,MAAM,KAAK,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAC7C,KAAK,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC1D,IAAI,MAAM,EAAE,CAAC;gBACX,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACnC,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QACF,MAAM,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAEjC,oDAAoD;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAE5D,2CAA2C;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,KAAK,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAEjD,wDAAwD;QACxD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe;YAAE,SAAS;QAE5C,sDAAsD;QACtD,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC/C,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC9C,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,qBAAqB;wBAC3B,MAAM,EAAE,qBAAqB;wBAC7B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,IAAI,OAAO,kCAAkC,SAAS,eAAe,KAAK,GAAG;wBACtF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;wBAClC,IAAI,EAAE;4BACJ,UAAU,EAAE,OAAO;4BACnB,SAAS,EAAE,KAAK;4BAChB,SAAS;4BACT,eAAe,EAAE,WAAW;4BAC5B,eAAe,EAAE,EAAE;4BACnB,GAAG,CAAC,UAAU,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;yBAC7D;qBACF,CAAC,CAAC;oBACH,MAAM,CAAC,oCAAoC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAE,CAAC,CAAC,IAAI,EAAE,UAAqB,KAAK,OAAO,CAClD,CAAC;QACF,IAAI,cAAc;YAAE,SAAS;QAE7B,4DAA4D;QAC5D,IAAI,QAAQ,GAAG,QAAQ,CAAC;QACxB,IAAI,SAAS,GAAG,EAAE,CAAC;QAEnB,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,4BAA4B;YAC5B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,OAAO;gBAAE,SAAS;YAE7D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,SAAS,GAAG,KAAK,CAAC;YACpB,CAAC;YACD,IAAI,IAAI,KAAK,CAAC;gBAAE,MAAM,CAAC,2CAA2C;QACpE,CAAC;QAED,IAAI,QAAQ,IAAI,CAAC,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAe,CAAC,CAAC,CAAC,QAAiB,CAAC;YACtE,MAAM,eAAe,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAElD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,MAAM,EAAE,sBAAsB,QAAQ,EAAE;gBACxC,QAAQ;gBACR,OAAO,EAAE,IAAI,OAAO,QAAQ,QAAQ,uCAAuC,SAAS,GAAG;gBACvF,QAAQ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAClC,IAAI,EAAE;oBACJ,UAAU,EAAE,OAAO;oBACnB,SAAS,EAAE,SAAS;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,eAAe,EAAE,aAAa;oBAC9B,eAAe;oBACf,GAAG,CAAC,UAAU,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC;iBAC7D;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,SAAS,IAAK,CAAC,CAAC,IAAI,EAAE,eAA0B,IAAI,CAAC,CAAC;IACxD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,KAAK;QACL,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC/B,CAAC;AACJ,CAAC;AAED,qBAAqB;AACrB,OAAO,EACL,WAAW,EACX,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,oBAAoB,GACrB,CAAC"}
|