circle-ir 3.27.1 → 3.28.0

package/dist/browser/circle-ir.js

@@ -3997,6 +3997,7 @@ var parserInitialized = false;
 var parserInitializing = null;
 var loadedLanguages = /* @__PURE__ */ new Map();
 var loadingLanguages = /* @__PURE__ */ new Map();
+var cachedParsers = /* @__PURE__ */ new Map();
 var configuredLanguagePaths = {};
 var configuredLanguageModules = {};
 async function initParser(options = {}) {
@@ -4066,9 +4067,14 @@ async function loadLanguage(language, wasmPath) {
   return loadPromise;
 }
 async function createParser(language) {
+  const cached = cachedParsers.get(language);
+  if (cached) {
+    return cached;
+  }
   const lang = await loadLanguage(language);
   const parser = new Parser();
   parser.setLanguage(lang);
+  cachedParsers.set(language, parser);
   return parser;
 }
 async function parse(code, language) {
@@ -4079,6 +4085,13 @@ async function parse(code, language) {
   }
   return tree;
 }
+function disposeTree(tree) {
+  if (!tree) return;
+  try {
+    tree.delete();
+  } catch {
+  }
+}
 function walkTree(node, visitor) {
   visitor(node);
   for (let i2 = 0; i2 < node.childCount; i2++) {
@@ -26094,161 +26107,169 @@ async function analyze(code, filePath, language, options = {}) {
   }
   logger.debug("Analyzing file", { filePath, language, codeLength: code.length });
   const tree = await parse(code, language);
-  logger.trace("Parsed AST", { rootNodeType: tree.rootNode.type });
-  const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
-  const meta = extractMeta(code, tree, filePath, language);
-  const types = extractTypes(tree, nodeCache, language);
-  const calls = extractCalls(tree, nodeCache, language);
-  const imports = extractImports(tree, language);
-  const exports = extractExports(types);
-  const cfg = buildCFG(tree, language);
-  const dfg = buildDFG(tree, nodeCache, language);
-  const graph = new CodeGraph({
-    meta,
-    types,
-    calls,
-    cfg,
-    dfg,
-    taint: { sources: [], sinks: [], sanitizers: [] },
-    imports,
-    exports,
-    unresolved: [],
-    enriched: {}
-  });
-  const config = options.taintConfig ?? getDefaultConfig();
-  const disabledPasses = new Set(options.disabledPasses ?? []);
-  const passOpts = options.passOptions ?? {};
-  const pipeline = new AnalysisPipeline();
-  pipeline.add(new TaintMatcherPass());
-  pipeline.add(new ConstantPropagationPass(tree));
-  pipeline.add(new LanguageSourcesPass());
-  pipeline.add(new SinkFilterPass());
-  pipeline.add(new TaintPropagationPass());
-  pipeline.add(new InterproceduralPass());
-  if (!disabledPasses.has("scan-secrets")) pipeline.add(new ScanSecretsPass());
-  if (!disabledPasses.has("dead-code")) pipeline.add(new DeadCodePass());
-  if (!disabledPasses.has("missing-await")) pipeline.add(new MissingAwaitPass());
-  if (!disabledPasses.has("n-plus-one")) pipeline.add(new NPlusOnePass());
-  if (!disabledPasses.has("missing-public-doc")) pipeline.add(new MissingPublicDocPass());
-  if (!disabledPasses.has("todo-in-prod")) pipeline.add(new TodoInProdPass());
-  if (!disabledPasses.has("string-concat-loop")) pipeline.add(new StringConcatLoopPass());
-  if (!disabledPasses.has("sync-io-async")) pipeline.add(new SyncIoAsyncPass());
-  if (!disabledPasses.has("unchecked-return")) pipeline.add(new UncheckedReturnPass());
-  if (!disabledPasses.has("null-deref")) pipeline.add(new NullDerefPass());
-  if (!disabledPasses.has("resource-leak")) pipeline.add(new ResourceLeakPass());
-  if (!disabledPasses.has("variable-shadowing")) pipeline.add(new VariableShadowingPass());
-  if (!disabledPasses.has("leaked-global")) pipeline.add(new LeakedGlobalPass());
-  if (!disabledPasses.has("unused-variable")) pipeline.add(new UnusedVariablePass());
-  if (!disabledPasses.has("dependency-fan-out")) pipeline.add(new DependencyFanOutPass(passOpts.dependencyFanOut));
-  if (!disabledPasses.has("stale-doc-ref")) pipeline.add(new StaleDocRefPass());
-  if (!disabledPasses.has("infinite-loop")) pipeline.add(new InfiniteLoopPass());
-  if (!disabledPasses.has("deep-inheritance")) pipeline.add(new DeepInheritancePass());
-  if (!disabledPasses.has("redundant-loop-computation")) pipeline.add(new RedundantLoopPass());
-  if (!disabledPasses.has("unbounded-collection")) pipeline.add(new UnboundedCollectionPass(passOpts.unboundedCollection));
-  if (!disabledPasses.has("serial-await")) pipeline.add(new SerialAwaitPass());
-  if (!disabledPasses.has("react-inline-jsx")) pipeline.add(new ReactInlineJsxPass());
-  if (!disabledPasses.has("swallowed-exception")) pipeline.add(new SwallowedExceptionPass());
-  if (!disabledPasses.has("broad-catch")) pipeline.add(new BroadCatchPass());
-  if (!disabledPasses.has("unhandled-exception")) pipeline.add(new UnhandledExceptionPass());
-  if (!disabledPasses.has("double-close")) pipeline.add(new DoubleClosePass());
-  if (!disabledPasses.has("use-after-close")) pipeline.add(new UseAfterClosePass());
-  if (!disabledPasses.has("cleanup-verify")) pipeline.add(new CleanupVerifyPass());
-  if (!disabledPasses.has("missing-override")) pipeline.add(new MissingOverridePass());
-  if (!disabledPasses.has("unused-interface-method")) pipeline.add(new UnusedInterfaceMethodPass());
-  if (!disabledPasses.has("blocking-main-thread")) pipeline.add(new BlockingMainThreadPass());
-  if (!disabledPasses.has("excessive-allocation")) pipeline.add(new ExcessiveAllocationPass());
-  if (!disabledPasses.has("missing-stream")) pipeline.add(new MissingStreamPass());
-  if (!disabledPasses.has("god-class")) pipeline.add(new GodClassPass());
-  if (!disabledPasses.has("naming-convention")) pipeline.add(new NamingConventionPass(passOpts.namingConvention));
-  if (!disabledPasses.has("security-headers")) pipeline.add(new SecurityHeadersPass(passOpts.securityHeaders));
-  const { results, findings } = pipeline.run(graph, code, language, config);
-  const sinkFilter = results.get("sink-filter");
-  const interProc = results.get("interprocedural");
-  const taint = {
-    sources: sinkFilter.sources,
-    sinks: [...sinkFilter.sinks, ...interProc.additionalSinks],
-    sanitizers: sinkFilter.sanitizers,
-    flows: interProc.additionalFlows,
-    interprocedural: interProc.interprocedural
-  };
-  const unresolved = detectUnresolved(calls, types, dfg);
-  const enriched = buildEnriched(types, calls, taint.sources, taint.sinks);
-  const metricValues = new MetricRunner().run(
-    { meta, types, calls, cfg, dfg, taint, imports, exports, unresolved, enriched },
-    code,
-    language
-  );
-  logger.debug("Analysis complete", {
-    filePath,
-    finalSources: taint.sources.length,
-    finalSinks: taint.sinks.length,
-    flows: taint.flows?.length ?? 0,
-    unresolvedItems: unresolved.length
-  });
-  return {
-    meta,
-    types,
-    calls,
-    cfg,
-    dfg,
-    taint,
-    imports,
-    exports,
-    unresolved,
-    enriched,
-    findings: findings.length > 0 ? findings : void 0,
-    metrics: { file: filePath, metrics: metricValues }
-  };
+  try {
+    logger.trace("Parsed AST", { rootNodeType: tree.rootNode.type });
+    const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
+    const meta = extractMeta(code, tree, filePath, language);
+    const types = extractTypes(tree, nodeCache, language);
+    const calls = extractCalls(tree, nodeCache, language);
+    const imports = extractImports(tree, language);
+    const exports = extractExports(types);
+    const cfg = buildCFG(tree, language);
+    const dfg = buildDFG(tree, nodeCache, language);
+    const graph = new CodeGraph({
+      meta,
+      types,
+      calls,
+      cfg,
+      dfg,
+      taint: { sources: [], sinks: [], sanitizers: [] },
+      imports,
+      exports,
+      unresolved: [],
+      enriched: {}
+    });
+    const config = options.taintConfig ?? getDefaultConfig();
+    const disabledPasses = new Set(options.disabledPasses ?? []);
+    const passOpts = options.passOptions ?? {};
+    const pipeline = new AnalysisPipeline();
+    pipeline.add(new TaintMatcherPass());
+    pipeline.add(new ConstantPropagationPass(tree));
+    pipeline.add(new LanguageSourcesPass());
+    pipeline.add(new SinkFilterPass());
+    pipeline.add(new TaintPropagationPass());
+    pipeline.add(new InterproceduralPass());
+    if (!disabledPasses.has("scan-secrets")) pipeline.add(new ScanSecretsPass());
+    if (!disabledPasses.has("dead-code")) pipeline.add(new DeadCodePass());
+    if (!disabledPasses.has("missing-await")) pipeline.add(new MissingAwaitPass());
+    if (!disabledPasses.has("n-plus-one")) pipeline.add(new NPlusOnePass());
+    if (!disabledPasses.has("missing-public-doc")) pipeline.add(new MissingPublicDocPass());
+    if (!disabledPasses.has("todo-in-prod")) pipeline.add(new TodoInProdPass());
+    if (!disabledPasses.has("string-concat-loop")) pipeline.add(new StringConcatLoopPass());
+    if (!disabledPasses.has("sync-io-async")) pipeline.add(new SyncIoAsyncPass());
+    if (!disabledPasses.has("unchecked-return")) pipeline.add(new UncheckedReturnPass());
+    if (!disabledPasses.has("null-deref")) pipeline.add(new NullDerefPass());
+    if (!disabledPasses.has("resource-leak")) pipeline.add(new ResourceLeakPass());
+    if (!disabledPasses.has("variable-shadowing")) pipeline.add(new VariableShadowingPass());
+    if (!disabledPasses.has("leaked-global")) pipeline.add(new LeakedGlobalPass());
+    if (!disabledPasses.has("unused-variable")) pipeline.add(new UnusedVariablePass());
+    if (!disabledPasses.has("dependency-fan-out")) pipeline.add(new DependencyFanOutPass(passOpts.dependencyFanOut));
+    if (!disabledPasses.has("stale-doc-ref")) pipeline.add(new StaleDocRefPass());
+    if (!disabledPasses.has("infinite-loop")) pipeline.add(new InfiniteLoopPass());
+    if (!disabledPasses.has("deep-inheritance")) pipeline.add(new DeepInheritancePass());
+    if (!disabledPasses.has("redundant-loop-computation")) pipeline.add(new RedundantLoopPass());
+    if (!disabledPasses.has("unbounded-collection")) pipeline.add(new UnboundedCollectionPass(passOpts.unboundedCollection));
+    if (!disabledPasses.has("serial-await")) pipeline.add(new SerialAwaitPass());
+    if (!disabledPasses.has("react-inline-jsx")) pipeline.add(new ReactInlineJsxPass());
+    if (!disabledPasses.has("swallowed-exception")) pipeline.add(new SwallowedExceptionPass());
+    if (!disabledPasses.has("broad-catch")) pipeline.add(new BroadCatchPass());
+    if (!disabledPasses.has("unhandled-exception")) pipeline.add(new UnhandledExceptionPass());
+    if (!disabledPasses.has("double-close")) pipeline.add(new DoubleClosePass());
+    if (!disabledPasses.has("use-after-close")) pipeline.add(new UseAfterClosePass());
+    if (!disabledPasses.has("cleanup-verify")) pipeline.add(new CleanupVerifyPass());
+    if (!disabledPasses.has("missing-override")) pipeline.add(new MissingOverridePass());
+    if (!disabledPasses.has("unused-interface-method")) pipeline.add(new UnusedInterfaceMethodPass());
+    if (!disabledPasses.has("blocking-main-thread")) pipeline.add(new BlockingMainThreadPass());
+    if (!disabledPasses.has("excessive-allocation")) pipeline.add(new ExcessiveAllocationPass());
+    if (!disabledPasses.has("missing-stream")) pipeline.add(new MissingStreamPass());
+    if (!disabledPasses.has("god-class")) pipeline.add(new GodClassPass());
+    if (!disabledPasses.has("naming-convention")) pipeline.add(new NamingConventionPass(passOpts.namingConvention));
+    if (!disabledPasses.has("security-headers")) pipeline.add(new SecurityHeadersPass(passOpts.securityHeaders));
+    const { results, findings } = pipeline.run(graph, code, language, config);
+    const sinkFilter = results.get("sink-filter");
+    const interProc = results.get("interprocedural");
+    const taint = {
+      sources: sinkFilter.sources,
+      sinks: [...sinkFilter.sinks, ...interProc.additionalSinks],
+      sanitizers: sinkFilter.sanitizers,
+      flows: interProc.additionalFlows,
+      interprocedural: interProc.interprocedural
+    };
+    const unresolved = detectUnresolved(calls, types, dfg);
+    const enriched = buildEnriched(types, calls, taint.sources, taint.sinks);
+    const metricValues = new MetricRunner().run(
+      { meta, types, calls, cfg, dfg, taint, imports, exports, unresolved, enriched },
+      code,
+      language
+    );
+    logger.debug("Analysis complete", {
+      filePath,
+      finalSources: taint.sources.length,
+      finalSinks: taint.sinks.length,
+      flows: taint.flows?.length ?? 0,
+      unresolvedItems: unresolved.length
+    });
+    return {
+      meta,
+      types,
+      calls,
+      cfg,
+      dfg,
+      taint,
+      imports,
+      exports,
+      unresolved,
+      enriched,
+      findings: findings.length > 0 ? findings : void 0,
+      metrics: { file: filePath, metrics: metricValues }
+    };
+  } finally {
+    disposeTree(tree);
+  }
 }
 async function analyzeHtmlFile(code, filePath, options) {
   logger.debug("Analyzing HTML file", { filePath, codeLength: code.length });
   const tree = await parse(code, "html");
-  const meta = extractMeta(code, tree, filePath, "html");
-  const { scriptBlocks, eventHandlers } = extractHtmlContent(tree.rootNode);
-  logger.debug("HTML extraction", {
-    filePath,
-    inlineScripts: scriptBlocks.filter((b) => b.kind === "inline").length,
-    externalScripts: scriptBlocks.filter((b) => b.kind === "external-src").length,
-    eventHandlers: eventHandlers.length
-  });
-  const scriptResults = [];
-  for (const block of scriptBlocks) {
-    if (block.kind !== "inline" || !block.code.trim()) continue;
-    const scriptLang = block.scriptType === "ts" || block.scriptType === "typescript" || block.scriptType === "text/typescript" ? "typescript" : "javascript";
-    try {
-      const ir = await analyze(block.code, filePath, scriptLang, options);
-      scriptResults.push({ ir, lineOffset: block.lineOffset });
-    } catch (e) {
-      logger.warn("Failed to analyze script block", {
-        filePath,
-        lineOffset: block.lineOffset,
-        error: e instanceof Error ? e.message : String(e)
-      });
+  try {
+    const meta = extractMeta(code, tree, filePath, "html");
+    const { scriptBlocks, eventHandlers } = extractHtmlContent(tree.rootNode);
+    logger.debug("HTML extraction", {
+      filePath,
+      inlineScripts: scriptBlocks.filter((b) => b.kind === "inline").length,
+      externalScripts: scriptBlocks.filter((b) => b.kind === "external-src").length,
+      eventHandlers: eventHandlers.length
+    });
+    const scriptResults = [];
+    for (const block of scriptBlocks) {
+      if (block.kind !== "inline" || !block.code.trim()) continue;
+      const scriptLang = block.scriptType === "ts" || block.scriptType === "typescript" || block.scriptType === "text/typescript" ? "typescript" : "javascript";
+      try {
+        const ir = await analyze(block.code, filePath, scriptLang, options);
+        scriptResults.push({ ir, lineOffset: block.lineOffset });
+      } catch (e) {
+        logger.warn("Failed to analyze script block", {
+          filePath,
+          lineOffset: block.lineOffset,
+          error: e instanceof Error ? e.message : String(e)
+        });
+      }
     }
-  }
-  for (const handler of eventHandlers) {
-    const wrappedCode = `function __${handler.eventName}_handler() { ${handler.code} }`;
-    try {
-      const ir = await analyze(wrappedCode, filePath, "javascript", options);
-      scriptResults.push({ ir, lineOffset: handler.line });
-    } catch (e) {
-      logger.warn("Failed to analyze event handler", {
-        filePath,
-        eventName: handler.eventName,
-        line: handler.line,
-        error: e instanceof Error ? e.message : String(e)
-      });
+    for (const handler of eventHandlers) {
+      const wrappedCode = `function __${handler.eventName}_handler() { ${handler.code} }`;
+      try {
+        const ir = await analyze(wrappedCode, filePath, "javascript", options);
+        scriptResults.push({ ir, lineOffset: handler.line });
+      } catch (e) {
+        logger.warn("Failed to analyze event handler", {
+          filePath,
+          eventName: handler.eventName,
+          line: handler.line,
+          error: e instanceof Error ? e.message : String(e)
+        });
+      }
     }
+    const attributeFindings = runHtmlAttributeSecurityChecks(tree.rootNode, filePath);
+    const result = mergeHtmlResults(meta, scriptResults, attributeFindings);
+    logger.debug("HTML analysis complete", {
+      filePath,
+      scriptBlocks: scriptResults.length,
+      attributeFindings: attributeFindings.length,
+      totalFindings: result.findings?.length ?? 0
+    });
+    return result;
+  } finally {
+    disposeTree(tree);
   }
-  const attributeFindings = runHtmlAttributeSecurityChecks(tree.rootNode, filePath);
-  const result = mergeHtmlResults(meta, scriptResults, attributeFindings);
-  logger.debug("HTML analysis complete", {
-    filePath,
-    scriptBlocks: scriptResults.length,
-    attributeFindings: attributeFindings.length,
-    totalFindings: result.findings?.length ?? 0
-  });
-  return result;
 }
 async function analyzeForAPI(code, filePath, language, options = {}) {
   const startTime = performance.now();
@@ -26258,75 +26279,79 @@ async function analyzeForAPI(code, filePath, language, options = {}) {
   const parseStart = performance.now();
   const tree = await parse(code, language);
   const parseTime = performance.now() - parseStart;
-  const analysisStart = performance.now();
-  const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
-  const types = extractTypes(tree, nodeCache, language);
-  const calls = extractCalls(tree, nodeCache, language);
-  const constPropResult = analyzeConstantPropagation(tree, code);
-  const config = options.taintConfig ?? getDefaultConfig();
-  const taint = analyzeTaint(calls, types, config);
-  let filteredSinks = taint.sinks.filter((sink) => !constPropResult.unreachableLines.has(sink.line));
-  filteredSinks = filterCleanVariableSinks(
-    filteredSinks,
-    calls,
-    constPropResult.tainted,
-    constPropResult.symbols,
-    void 0,
-    constPropResult.sanitizedVars,
-    constPropResult.synchronizedLines
-  );
-  filteredSinks = filterSanitizedSinks(filteredSinks, taint.sanitizers ?? [], calls);
-  let pythonTaintedVars = /* @__PURE__ */ new Map();
-  if (language === "python") {
-    pythonTaintedVars = buildPythonTaintedVars(code);
-    const pythonSanitizedVars = buildPythonSanitizedVars(code, pythonTaintedVars);
-    const sourceLines = code.split("\n");
-    filteredSinks = filteredSinks.filter((sink) => {
-      if (sink.type !== "xpath_injection") return true;
-      const sinkLineText = sourceLines[sink.line - 1] ?? "";
-      const taintedVarOnLine = [...pythonTaintedVars.keys()].find(
-        (v) => new RegExp(`\\b${v}\\b`).test(sinkLineText)
-      );
-      if (!taintedVarOnLine) return false;
-      if (pythonSanitizedVars.has(taintedVarOnLine)) return false;
-      if (new RegExp(`\\.xpath\\s*\\([^)]*\\b\\w+\\s*=\\s*\\b${taintedVarOnLine}\\b`).test(sinkLineText)) return false;
-      return true;
-    });
-  }
-  const vulnerabilities = findVulnerabilities(taint.sources, filteredSinks, calls, constPropResult);
-  if (language === "python") {
-    const trustViolations = findPythonTrustBoundaryViolations(code, pythonTaintedVars);
-    for (const v of trustViolations) {
-      const alreadyReported = vulnerabilities.some(
-        (existing) => existing.sink.line === v.sinkLine && existing.type === "trust_boundary"
-      );
-      if (!alreadyReported) {
-        vulnerabilities.push({
-          type: "trust_boundary",
-          cwe: "CWE-501",
-          severity: "medium",
-          source: { line: v.sourceLine, type: "http_param" },
-          sink: { line: v.sinkLine, type: "trust_boundary" },
-          confidence: 0.85
-        });
+  try {
+    const analysisStart = performance.now();
+    const nodeCache = collectAllNodes(tree.rootNode, getNodeTypesForLanguage(language));
+    const types = extractTypes(tree, nodeCache, language);
+    const calls = extractCalls(tree, nodeCache, language);
+    const constPropResult = analyzeConstantPropagation(tree, code);
+    const config = options.taintConfig ?? getDefaultConfig();
+    const taint = analyzeTaint(calls, types, config);
+    let filteredSinks = taint.sinks.filter((sink) => !constPropResult.unreachableLines.has(sink.line));
+    filteredSinks = filterCleanVariableSinks(
+      filteredSinks,
+      calls,
+      constPropResult.tainted,
+      constPropResult.symbols,
+      void 0,
+      constPropResult.sanitizedVars,
+      constPropResult.synchronizedLines
+    );
+    filteredSinks = filterSanitizedSinks(filteredSinks, taint.sanitizers ?? [], calls);
+    let pythonTaintedVars = /* @__PURE__ */ new Map();
+    if (language === "python") {
+      pythonTaintedVars = buildPythonTaintedVars(code);
+      const pythonSanitizedVars = buildPythonSanitizedVars(code, pythonTaintedVars);
+      const sourceLines = code.split("\n");
+      filteredSinks = filteredSinks.filter((sink) => {
+        if (sink.type !== "xpath_injection") return true;
+        const sinkLineText = sourceLines[sink.line - 1] ?? "";
+        const taintedVarOnLine = [...pythonTaintedVars.keys()].find(
+          (v) => new RegExp(`\\b${v}\\b`).test(sinkLineText)
+        );
+        if (!taintedVarOnLine) return false;
+        if (pythonSanitizedVars.has(taintedVarOnLine)) return false;
+        if (new RegExp(`\\.xpath\\s*\\([^)]*\\b\\w+\\s*=\\s*\\b${taintedVarOnLine}\\b`).test(sinkLineText)) return false;
+        return true;
+      });
+    }
+    const vulnerabilities = findVulnerabilities(taint.sources, filteredSinks, calls, constPropResult);
+    if (language === "python") {
+      const trustViolations = findPythonTrustBoundaryViolations(code, pythonTaintedVars);
+      for (const v of trustViolations) {
+        const alreadyReported = vulnerabilities.some(
+          (existing) => existing.sink.line === v.sinkLine && existing.type === "trust_boundary"
+        );
+        if (!alreadyReported) {
+          vulnerabilities.push({
+            type: "trust_boundary",
+            cwe: "CWE-501",
+            severity: "medium",
+            source: { line: v.sourceLine, type: "http_param" },
+            sink: { line: v.sinkLine, type: "trust_boundary" },
+            confidence: 0.85
+          });
+        }
       }
     }
+    const analysisTime = performance.now() - analysisStart;
+    const totalTime = performance.now() - startTime;
+    return {
+      success: true,
+      analysis: {
+        sources: taint.sources,
+        sinks: filteredSinks,
+        vulnerabilities
+      },
+      meta: {
+        parseTimeMs: Math.round(parseTime),
+        analysisTimeMs: Math.round(analysisTime),
+        totalTimeMs: Math.round(totalTime)
+      }
+    };
+  } finally {
+    disposeTree(tree);
   }
-  const analysisTime = performance.now() - analysisStart;
-  const totalTime = performance.now() - startTime;
-  return {
-    success: true,
-    analysis: {
-      sources: taint.sources,
-      sinks: filteredSinks,
-      vulnerabilities
-    },
-    meta: {
-      parseTimeMs: Math.round(parseTime),
-      analysisTimeMs: Math.round(analysisTime),
-      totalTimeMs: Math.round(totalTime)
-    }
-  };
 }
 function findVulnerabilities(sources, sinks, calls, constPropResult) {
   const vulnerabilities = [];

package/dist/core/circle-ir-core.cjs

@@ -4062,6 +4062,7 @@ var parserInitialized = false;
 var parserInitializing = null;
 var loadedLanguages = /* @__PURE__ */ new Map();
 var loadingLanguages = /* @__PURE__ */ new Map();
+var cachedParsers = /* @__PURE__ */ new Map();
 var configuredLanguagePaths = {};
 var configuredLanguageModules = {};
 async function initParser(options = {}) {
@@ -4131,9 +4132,14 @@ async function loadLanguage(language, wasmPath) {
   return loadPromise;
 }
 async function createParser(language) {
+  const cached = cachedParsers.get(language);
+  if (cached) {
+    return cached;
+  }
   const lang = await loadLanguage(language);
   const parser = new Parser();
   parser.setLanguage(lang);
+  cachedParsers.set(language, parser);
   return parser;
 }
 async function parse(code, language) {
@@ -4230,9 +4236,19 @@ function isLanguageLoaded(language) {
   return loadedLanguages.has(language);
 }
 function resetParser() {
-  parserInitialized = false;
+  for (const parser of cachedParsers.values()) {
+    try {
+      parser.delete();
+    } catch {
+    }
+  }
+  cachedParsers.clear();
   loadedLanguages.clear();
+  loadingLanguages.clear();
   configuredLanguagePaths = {};
+  configuredLanguageModules = {};
+  parserInitialized = false;
+  parserInitializing = null;
 }
 
 // src/core/extractors/meta.ts

package/dist/core/circle-ir-core.js

@@ -3997,6 +3997,7 @@ var parserInitialized = false;
 var parserInitializing = null;
 var loadedLanguages = /* @__PURE__ */ new Map();
 var loadingLanguages = /* @__PURE__ */ new Map();
+var cachedParsers = /* @__PURE__ */ new Map();
 var configuredLanguagePaths = {};
 var configuredLanguageModules = {};
 async function initParser(options = {}) {
@@ -4066,9 +4067,14 @@ async function loadLanguage(language, wasmPath) {
   return loadPromise;
 }
 async function createParser(language) {
+  const cached = cachedParsers.get(language);
+  if (cached) {
+    return cached;
+  }
   const lang = await loadLanguage(language);
   const parser = new Parser();
   parser.setLanguage(lang);
+  cachedParsers.set(language, parser);
   return parser;
 }
 async function parse(code, language) {
@@ -4165,9 +4171,19 @@ function isLanguageLoaded(language) {
   return loadedLanguages.has(language);
 }
 function resetParser() {
-  parserInitialized = false;
+  for (const parser of cachedParsers.values()) {
+    try {
+      parser.delete();
+    } catch {
+    }
+  }
+  cachedParsers.clear();
   loadedLanguages.clear();
+  loadingLanguages.clear();
   configuredLanguagePaths = {};
+  configuredLanguageModules = {};
+  parserInitialized = false;
+  parserInitializing = null;
 }
 
 // src/core/extractors/meta.ts

package/dist/core/index.d.ts

@@ -1,6 +1,6 @@
 /**
  * Core module index - re-exports parser and extractors
  */
-export { initParser, loadLanguage, createParser, parse, walkTree, findNodes, findAncestor, getNodeText, collectAllNodes, getNodesFromCache, isInitialized, isLanguageLoaded, resetParser, type SupportedLanguage, type SyntaxNode, type Node, type NodeCache, type Language, type Tree, } from './parser.js';
+export { initParser, loadLanguage, createParser, createFreshParser, parse, disposeTree, walkTree, findNodes, findAncestor, getNodeText, collectAllNodes, getNodesFromCache, isInitialized, isLanguageLoaded, resetParser, type SupportedLanguage, type SyntaxNode, type Node, type NodeCache, type Language, type Tree, } from './parser.js';
 export { extractMeta, extractTypes, extractCalls, extractImports, extractExports, buildCFG, buildDFG, } from './extractors/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,IAAI,EACT,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,IAAI,GACV,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,IAAI,EACT,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,IAAI,GACV,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,uBAAuB,CAAC"}

package/dist/core/index.js

@@ -2,7 +2,7 @@
  * Core module index - re-exports parser and extractors
  */
 // Parser
-export { initParser, loadLanguage, createParser, parse, walkTree, findNodes, findAncestor, getNodeText, collectAllNodes, getNodesFromCache, isInitialized, isLanguageLoaded, resetParser, } from './parser.js';
+export { initParser, loadLanguage, createParser, createFreshParser, parse, disposeTree, walkTree, findNodes, findAncestor, getNodeText, collectAllNodes, getNodesFromCache, isInitialized, isLanguageLoaded, resetParser, } from './parser.js';
 // Extractors
 export { extractMeta, extractTypes, extractCalls, extractImports, extractExports, buildCFG, buildDFG, } from './extractors/index.js';
 //# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,SAAS;AACT,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,KAAK,EACL,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,GAOZ,MAAM,aAAa,CAAC;AAErB,aAAa;AACb,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,SAAS;AACT,OAAO,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,KAAK,EACL,WAAW,EACX,QAAQ,EACR,SAAS,EACT,YAAY,EACZ,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,WAAW,GAOZ,MAAM,aAAa,CAAC;AAErB,aAAa;AACb,OAAO,EACL,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,GACT,MAAM,uBAAuB,CAAC"}