npm - claude-warden - Versions diffs - 1.6.0 → 1.8.0 - Mend

claude-warden 1.6.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/.claude-plugin/plugin.json +1 -1
package/dist/index.cjs +301 -33
package/package.json +6 -4

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.6.0",
+  "version": "1.8.0",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/dist/index.cjs CHANGED Viewed

@@ -18385,6 +18385,15 @@ function parseCommand(input) {
 // src/evaluator.ts
 var import_os = require("os");
+function safeRegexTest(pattern, input) {
+  try {
+    return new RegExp(pattern).test(input);
+  } catch {
+    process.stderr.write(`[warden] Warning: invalid regex pattern: ${pattern}
+`);
+    return false;
+  }
+}
 function commandMatchesName(cmd, name) {
   if (name.startsWith("/")) {
     return cmd.originalCommand === name;
@@ -18394,7 +18403,11 @@ function commandMatchesName(cmd, name) {
   }
   return cmd.command === name;
 }
-function evaluate(parsed, config) {
+var MAX_RECURSION_DEPTH = 10;
+function evaluate(parsed, config, depth = 0) {
+  if (depth > MAX_RECURSION_DEPTH) {
+    return { decision: "ask", reason: "Maximum recursion depth exceeded", details: [] };
+  }
   if (parsed.parseError) {
     return { decision: "ask", reason: "Could not parse command safely", details: [] };
   }
@@ -18404,7 +18417,7 @@ function evaluate(parsed, config) {
   if (parsed.hasSubshell && parsed.subshellCommands.length > 0) {
     for (const subCmd of parsed.subshellCommands) {
       const subParsed = parseCommand(subCmd);
-      const subResult = evaluate(subParsed, config);
+      const subResult = evaluate(subParsed, config, depth + 1);
       if (subResult.decision === "deny") {
         return { decision: "deny", reason: `Subshell command: ${subResult.reason}`, details: subResult.details };
       }
@@ -18417,7 +18430,7 @@ function evaluate(parsed, config) {
   }
   const details = [];
   for (const cmd of parsed.commands) {
-    details.push(evaluateCommand(cmd, config));
+    details.push(evaluateCommand(cmd, config, depth));
   }
   const decisions = details.map((d) => d.decision);
   if (decisions.includes("deny")) {
@@ -18438,7 +18451,7 @@ function evaluate(parsed, config) {
   }
   return { decision: "allow", reason: "All commands are safe", details };
 }
-function evaluateCommand(cmd, config) {
+function evaluateCommand(cmd, config, depth = 0) {
   const { command, args: args2 } = cmd;
   for (const layer of config.layers) {
     if (layer.alwaysDeny.some((name) => commandMatchesName(cmd, name))) {
@@ -18449,28 +18462,52 @@ function evaluateCommand(cmd, config) {
     }
   }
   if ((command === "ssh" || command === "scp" || command === "rsync") && config.trustedSSHHosts?.length) {
-    const sshResult = evaluateSSHCommand(cmd, config);
+    const sshResult = evaluateSSHCommand(cmd, config, depth);
     if (sshResult) return sshResult;
   }
   if (command === "docker" && config.trustedDockerContainers?.length) {
-    const dockerResult = evaluateDockerExec(cmd, config);
+    const dockerResult = evaluateDockerExec(cmd, config, depth);
     if (dockerResult) return dockerResult;
   }
   if (command === "kubectl" && config.trustedKubectlContexts?.length) {
-    const kubectlResult = evaluateKubectlExec(cmd, config);
+    const kubectlResult = evaluateKubectlExec(cmd, config, depth);
     if (kubectlResult) return kubectlResult;
   }
   if (command === "sprite" && config.trustedSprites?.length) {
-    const spriteResult = evaluateSpriteExec(cmd, config);
+    const spriteResult = evaluateSpriteExec(cmd, config, depth);
     if (spriteResult) return spriteResult;
   }
+  if (command === "xargs") {
+    return evaluateXargsCommand(cmd, config, depth);
+  }
+  const mergedRule = collectMergedRule(cmd, config);
+  if (mergedRule) {
+    return evaluateRule(cmd, mergedRule);
+  }
+  return { command, args: args2, decision: config.defaultDecision, reason: `No rule for "${command}"`, matchedRule: "default" };
+}
+function collectMergedRule(cmd, config) {
+  const matchingRules = [];
   for (const layer of config.layers) {
     const rule = layer.rules.find((r) => commandMatchesName(cmd, r.command));
     if (rule) {
-      return evaluateRule(cmd, rule);
+      matchingRules.push(rule);
+      if (rule.override) break;
     }
   }
-  return { command, args: args2, decision: config.defaultDecision, reason: `No rule for "${command}"`, matchedRule: "default" };
+  if (matchingRules.length === 0) return null;
+  if (matchingRules.length === 1) return matchingRules[0];
+  const mergedPatterns = [];
+  for (const rule of matchingRules) {
+    if (rule.argPatterns) {
+      mergedPatterns.push(...rule.argPatterns);
+    }
+  }
+  return {
+    command: matchingRules[0].command,
+    default: matchingRules[0].default,
+    argPatterns: mergedPatterns
+  };
 }
 function evaluateRule(cmd, rule) {
   const { command, args: args2 } = cmd;
@@ -18482,10 +18519,10 @@ function evaluateRule(cmd, rule) {
       matched = matched && m.noArgs === (args2.length === 0);
     }
     if (m.argsMatch && matched) {
-      matched = m.argsMatch.some((re) => new RegExp(re).test(argsJoined));
+      matched = m.argsMatch.some((re) => safeRegexTest(re, argsJoined));
     }
     if (m.anyArgMatches && matched) {
-      matched = args2.some((arg) => m.anyArgMatches.some((re) => new RegExp(re).test(arg)));
+      matched = args2.some((arg) => m.anyArgMatches.some((re) => safeRegexTest(re, arg)));
     }
     if (m.argCount && matched) {
       if (m.argCount.min !== void 0) matched = matched && args2.length >= m.argCount.min;
@@ -18510,6 +18547,126 @@ function evaluateRule(cmd, rule) {
     matchedRule: `${command}:default`
   };
 }
+var XARGS_SHORT_FLAGS_WITH_VALUE = /* @__PURE__ */ new Set(["E", "I", "L", "n", "P", "s", "S", "d", "a"]);
+var XARGS_SHORT_FLAGS_NO_VALUE = /* @__PURE__ */ new Set(["0", "e", "o", "p", "r", "t", "x"]);
+var XARGS_LONG_FLAGS_WITH_VALUE = /* @__PURE__ */ new Set([
+  "--eof",
+  "--replace",
+  "--max-lines",
+  "--max-args",
+  "--max-procs",
+  "--max-chars",
+  "--arg-file",
+  "--delimiter"
+]);
+var XARGS_LONG_FLAGS_NO_VALUE = /* @__PURE__ */ new Set([
+  "--null",
+  "--exit",
+  "--open-tty",
+  "--interactive",
+  "--no-run-if-empty",
+  "--verbose",
+  "--show-limits"
+]);
+function parseXargsSubcommand(args2) {
+  let i = 0;
+  while (i < args2.length) {
+    const arg = args2[i];
+    if (arg === "--") {
+      i++;
+      break;
+    }
+    if (!arg.startsWith("-") || arg === "-") {
+      break;
+    }
+    if (arg.startsWith("--")) {
+      const eqIndex = arg.indexOf("=");
+      const longFlag = eqIndex === -1 ? arg : arg.slice(0, eqIndex);
+      if (XARGS_LONG_FLAGS_WITH_VALUE.has(longFlag)) {
+        if (eqIndex !== -1) {
+          i++;
+          continue;
+        }
+        if (i + 1 >= args2.length) return { subcommand: null, unresolved: true };
+        i += 2;
+        continue;
+      }
+      if (XARGS_LONG_FLAGS_NO_VALUE.has(longFlag)) {
+        i++;
+        continue;
+      }
+      return { subcommand: null, unresolved: true };
+    }
+    const short = arg[1];
+    if (XARGS_SHORT_FLAGS_WITH_VALUE.has(short)) {
+      if (arg.length > 2) {
+        i++;
+        continue;
+      }
+      if (i + 1 >= args2.length) return { subcommand: null, unresolved: true };
+      i += 2;
+      continue;
+    }
+    const grouped = arg.slice(1).split("");
+    const allKnownNoValue = grouped.every((ch) => XARGS_SHORT_FLAGS_NO_VALUE.has(ch));
+    if (allKnownNoValue) {
+      i++;
+      continue;
+    }
+    return { subcommand: null, unresolved: true };
+  }
+  if (i >= args2.length) {
+    return {
+      unresolved: false,
+      subcommand: {
+        command: "echo",
+        originalCommand: "echo",
+        args: [],
+        envPrefixes: [],
+        raw: "echo"
+      }
+    };
+  }
+  const subcommand = args2[i];
+  const subArgs = args2.slice(i + 1);
+  return {
+    unresolved: false,
+    subcommand: {
+      command: subcommand,
+      originalCommand: subcommand,
+      args: subArgs,
+      envPrefixes: [],
+      raw: [subcommand, ...subArgs].join(" ")
+    }
+  };
+}
+function evaluateXargsCommand(cmd, config, depth = 0) {
+  const { command, args: args2 } = cmd;
+  const { subcommand, unresolved } = parseXargsSubcommand(args2);
+  if (unresolved || !subcommand) {
+    return {
+      command,
+      args: args2,
+      decision: "ask",
+      reason: "xargs subcommand could not be resolved safely",
+      matchedRule: "xargs:subcommand"
+    };
+  }
+  const parsed = {
+    commands: [subcommand],
+    hasSubshell: false,
+    subshellCommands: [],
+    parseError: false
+  };
+  const result = evaluate(parsed, config, depth + 1);
+  return {
+    command,
+    args: args2,
+    decision: result.decision,
+    reason: `xargs subcommand "${subcommand.command}": ${result.reason}`,
+    matchedRule: "xargs:subcommand"
+  };
+}
 var SSH_FLAGS_WITH_VALUE = /* @__PURE__ */ new Set([
   "-b",
   "-c",
@@ -18604,7 +18761,7 @@ function parseSSHArgs(args2) {
   }
   return {
     host,
-    remoteCommand: remoteArgs.length > 0 ? remoteArgs.join(" ") : null
+    remoteCommand: remoteArgs.length > 0 ? remoteArgs.map(shellQuote).join(" ") : null
   };
 }
 function extractHostFromRemotePath(args2) {
@@ -18614,7 +18771,7 @@ function extractHostFromRemotePath(args2) {
   }
   return null;
 }
-function evaluateSSHCommand(cmd, config) {
+function evaluateSSHCommand(cmd, config, depth = 0) {
   const { command, args: args2 } = cmd;
   const trustedHosts = config.trustedSSHHosts || [];
   if (command === "scp" || command === "rsync") {
@@ -18622,6 +18779,24 @@ function evaluateSSHCommand(cmd, config) {
     if (!host2) return null;
     const target2 = findMatchingTarget(host2, trustedHosts);
     if (!target2) return null;
+    if (target2.allowAll || !target2.overrides) {
+      return {
+        command,
+        args: args2,
+        decision: "allow",
+        reason: `Trusted SSH host "${host2}"${target2.allowAll ? " (allowAll)" : ""}`,
+        matchedRule: "trustedSSHHosts"
+      };
+    }
+    if (target2.overrides.alwaysDeny.some((name) => name === command)) {
+      return {
+        command,
+        args: args2,
+        decision: "deny",
+        reason: `Trusted SSH host "${host2}": "${command}" blocked by overrides`,
+        matchedRule: "trustedSSHHosts"
+      };
+    }
     return {
       command,
       args: args2,
@@ -18653,7 +18828,7 @@ function evaluateSSHCommand(cmd, config) {
     };
   }
   const parsed = parseCommand(remoteCommand);
-  const result = evaluate(parsed, configWithContextOverrides(config, target));
+  const result = evaluate(parsed, configWithContextOverrides(config, target), depth + 1);
   return {
     command,
     args: args2,
@@ -18673,6 +18848,12 @@ var DOCKER_EXEC_FLAGS_WITH_VALUE = /* @__PURE__ */ new Set([
   "--detach-keys"
 ]);
 var INTERACTIVE_SHELLS = /* @__PURE__ */ new Set(["bash", "sh", "zsh"]);
+function shellQuote(arg) {
+  if (/[\s"'\\$`!#&|;()<>]/.test(arg)) {
+    return `'${arg.replace(/'/g, "'\\''")}'`;
+  }
+  return arg;
+}
 function configWithContextOverrides(config, target) {
   const overrideLayers = [];
   if (target?.overrides) overrideLayers.push(target.overrides);
@@ -18683,7 +18864,7 @@ function configWithContextOverrides(config, target) {
     layers: [...overrideLayers, ...config.layers]
   };
 }
-function evaluateRemoteCommand(remoteArgs, config, target) {
+function evaluateRemoteCommand(remoteArgs, config, target, depth = 0) {
   if (target?.allowAll) {
     return { decision: "allow", reason: "allowAll target", details: [] };
   }
@@ -18698,7 +18879,7 @@ function evaluateRemoteCommand(remoteArgs, config, target) {
   if (INTERACTIVE_SHELLS.has(remoteCmd) && remoteArgs[1] === "-c" && remoteArgs.length >= 3) {
     const innerCommand = remoteArgs.slice(2).join(" ");
     const parsed2 = parseCommand(innerCommand);
-    return evaluate(parsed2, overriddenConfig);
+    return evaluate(parsed2, overriddenConfig, depth + 1);
   }
   const parsed = {
     commands: [{ command: remoteCmd, originalCommand: remoteCmd, args: remoteArgs.slice(1), envPrefixes: [], raw: remoteArgs.join(" ") }],
@@ -18706,7 +18887,7 @@ function evaluateRemoteCommand(remoteArgs, config, target) {
     subshellCommands: [],
     parseError: false
   };
-  return evaluate(parsed, overriddenConfig);
+  return evaluate(parsed, overriddenConfig, depth + 1);
 }
 function parseDockerExecArgs(args2) {
   let target = null;
@@ -18735,14 +18916,14 @@ function parseDockerExecArgs(args2) {
   }
   return { target, remoteArgs };
 }
-function evaluateDockerExec(cmd, config) {
+function evaluateDockerExec(cmd, config, depth = 0) {
   const { command, args: args2 } = cmd;
   if (args2[0] !== "exec") return null;
   const { target: containerName, remoteArgs } = parseDockerExecArgs(args2.slice(1));
   if (!containerName) return null;
   const matched = findMatchingTarget(containerName, config.trustedDockerContainers || []);
   if (!matched) return null;
-  const result = evaluateRemoteCommand(remoteArgs, config, matched);
+  const result = evaluateRemoteCommand(remoteArgs, config, matched, depth);
   return {
     command,
     args: args2,
@@ -18815,14 +18996,14 @@ function parseKubectlExecArgs(args2) {
   }
   return { context, pod, remoteArgs };
 }
-function evaluateKubectlExec(cmd, config) {
+function evaluateKubectlExec(cmd, config, depth = 0) {
   const { command, args: args2 } = cmd;
   if (args2[0] !== "exec") return null;
   const { context, pod, remoteArgs } = parseKubectlExecArgs(args2.slice(1));
   if (!context) return null;
   const matched = findMatchingTarget(context, config.trustedKubectlContexts || []);
   if (!matched) return null;
-  const result = evaluateRemoteCommand(remoteArgs, config, matched);
+  const result = evaluateRemoteCommand(remoteArgs, config, matched, depth);
   return {
     command,
     args: args2,
@@ -18882,13 +19063,13 @@ function parseSpriteExecArgs(args2) {
   }
   return { spriteName, remoteArgs };
 }
-function evaluateSpriteExec(cmd, config) {
+function evaluateSpriteExec(cmd, config, depth = 0) {
   const { command, args: args2 } = cmd;
   const { spriteName, remoteArgs } = parseSpriteExecArgs(args2);
   if (!spriteName) return null;
   const matched = findMatchingTarget(spriteName, config.trustedSprites || []);
   if (!matched) return null;
-  const result = evaluateRemoteCommand(remoteArgs, config, matched);
+  const result = evaluateRemoteCommand(remoteArgs, config, matched, depth);
   return {
     command,
     args: args2,
@@ -19064,7 +19245,6 @@ var DEFAULT_CONFIG = {
       "wc",
       "sort",
       "uniq",
-      "tee",
       "diff",
       "comm",
       "cut",
@@ -19088,7 +19268,6 @@ var DEFAULT_CONFIG = {
       "rg",
       "ag",
       "ack",
-      "find",
       "fd",
       "fzf",
       "locate",
@@ -19135,11 +19314,8 @@ var DEFAULT_CONFIG = {
       "du",
       "lsof",
       // Text processing
-      "sed",
-      "awk",
       "jq",
       "yq",
-      "xargs",
       "seq",
       // Network diagnostics (read-only)
       "nslookup",
@@ -19236,6 +19412,7 @@ var DEFAULT_CONFIG = {
       "xcode-select",
       "xcrun",
       "xcodebuild",
+      "networkQuality",
       // Misc safe
       "cd",
       "pushd",
@@ -19253,7 +19430,6 @@ var DEFAULT_CONFIG = {
       "shasum",
       "cksum",
       "base64",
-      "openssl",
       "watch",
       "timeout",
       "nohup",
@@ -19345,6 +19521,7 @@ var DEFAULT_CONFIG = {
       // npx / bunx — package runners
       pkgRunnerRule("npx"),
       pkgRunnerRule("bunx"),
+      pkgRunnerRule("pnpx"),
       // npm / pnpm / yarn — package managers
       pkgManagerRule("npm", ["ci", "search", "explain", "prefix", "root", "fund", "doctor", "diff", "pkg", "query", "shrinkwrap"]),
       pkgManagerRule("pnpm", ["store", "fetch", "doctor", "patch"]),
@@ -19437,6 +19614,49 @@ var DEFAULT_CONFIG = {
           VERSION_HELP_FLAGS
         ]
       },
+      // --- Potentially dangerous text/file tools ---
+      {
+        command: "find",
+        default: "allow",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-exec$", "^-execdir$", "^-delete$", "^-ok$", "^-okdir$"] }, decision: "ask", reason: "find can execute or delete files" }
+        ]
+      },
+      {
+        command: "sed",
+        default: "allow",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-i$", "^-i\\b", "^--in-place"] }, decision: "ask", reason: "In-place file modification" }
+        ]
+      },
+      {
+        command: "awk",
+        default: "allow",
+        argPatterns: [
+          { match: { argsMatch: ["system\\s*\\(", "\\|\\s*getline", "print\\s*>"] }, decision: "ask", reason: "awk can execute commands or write files" }
+        ]
+      },
+      {
+        command: "xargs",
+        default: "ask",
+        argPatterns: [
+          { match: { noArgs: true }, decision: "allow", description: "xargs with no args runs echo (safe)" }
+        ]
+      },
+      {
+        command: "tee",
+        default: "allow",
+        argPatterns: [
+          { match: { anyArgMatches: ["^/(etc|usr|var|sys|proc|boot|root|lib)"] }, decision: "ask", reason: "Writing to system directory" }
+        ]
+      },
+      {
+        command: "openssl",
+        default: "allow",
+        argPatterns: [
+          { match: { anyArgMatches: ["^(enc|rsautl|pkeyutl|smime|cms)$"] }, decision: "ask", reason: "Encryption/signing operations" }
+        ]
+      },
       // --- File operations ---
       {
         command: "rm",
@@ -19555,6 +19775,12 @@ var DEFAULT_CONFIG = {
       { command: "codesign", default: "ask", argPatterns: [
         { match: { anyArgMatches: ["^(-vv|--verify|--display|-d)$"] }, decision: "allow", description: "Verify codesign" }
       ] },
+      { command: "networksetup", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^-(get|list|show)"] }, decision: "allow", description: "Read-only network configuration queries" }
+      ] },
+      { command: "scutil", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^--get$", "^--dns$", "^--proxy$", "^--nwi$"] }, decision: "allow", description: "Read-only system configuration queries" }
+      ] },
       { command: "osascript", default: "ask" },
       { command: "say", default: "ask" },
       // --- Process management ---
@@ -19567,6 +19793,10 @@ var DEFAULT_CONFIG = {
 };
 // src/rules.ts
+var VALID_DECISIONS = /* @__PURE__ */ new Set(["allow", "deny", "ask"]);
+function isValidDecision(value) {
+  return VALID_DECISIONS.has(value);
+}
 var USER_CONFIG_PATHS = [
   (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.yaml"),
   (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.json")
@@ -19617,15 +19847,36 @@ function tryLoadFile(filePath) {
     if (parsed && typeof parsed === "object") {
       return parsed;
     }
-  } catch {
+  } catch (err) {
+    process.stderr.write(`[warden] Warning: failed to parse config ${filePath}: ${err instanceof Error ? err.message : String(err)}
+`);
   }
   return null;
 }
 function extractLayer(raw) {
+  const rules = Array.isArray(raw.rules) ? raw.rules : [];
+  for (const rule of rules) {
+    if (rule && typeof rule === "object") {
+      if (rule.default && !isValidDecision(rule.default)) {
+        process.stderr.write(`[warden] Warning: invalid rule default "${rule.default}" for "${rule.command}", using "ask"
+`);
+        rule.default = "ask";
+      }
+      if (Array.isArray(rule.argPatterns)) {
+        for (const pattern of rule.argPatterns) {
+          if (pattern?.decision && !isValidDecision(pattern.decision)) {
+            process.stderr.write(`[warden] Warning: invalid pattern decision "${pattern.decision}" for "${rule.command}", using "ask"
+`);
+            pattern.decision = "ask";
+          }
+        }
+      }
+    }
+  }
   return {
     alwaysAllow: Array.isArray(raw.alwaysAllow) ? raw.alwaysAllow : [],
     alwaysDeny: Array.isArray(raw.alwaysDeny) ? raw.alwaysDeny : [],
-    rules: Array.isArray(raw.rules) ? raw.rules : []
+    rules
   };
 }
 function parseTrustedList(raw) {
@@ -19657,7 +19908,12 @@ function mergeNonLayerFields(config, raw) {
     config.trustedSprites = [...config.trustedSprites || [], ...parseTrustedList(raw.trustedSprites)];
   }
   if (typeof raw.defaultDecision === "string") {
-    config.defaultDecision = raw.defaultDecision;
+    if (isValidDecision(raw.defaultDecision)) {
+      config.defaultDecision = raw.defaultDecision;
+    } else {
+      process.stderr.write(`[warden] Warning: invalid defaultDecision "${raw.defaultDecision}", ignoring
+`);
+    }
   }
   if (typeof raw.askOnSubshell === "boolean") {
     config.askOnSubshell = raw.askOnSubshell;
@@ -19813,10 +20069,22 @@ function sendNotification(title, message, config) {
 }
 // src/index.ts
+var MAX_STDIN_SIZE = 1024 * 1024;
 async function main() {
   let raw = "";
   for await (const chunk of process.stdin) {
     raw += chunk;
+    if (raw.length > MAX_STDIN_SIZE) {
+      const output2 = {
+        hookSpecificOutput: {
+          hookEventName: "PreToolUse",
+          permissionDecision: "ask",
+          permissionDecisionReason: "[warden] Input exceeds size limit"
+        }
+      };
+      process.stdout.write(JSON.stringify(output2));
+      process.exit(0);
+    }
   }
   let input;
   try {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.6.0",
+  "version": "1.8.0",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",
@@ -28,13 +28,15 @@
     "README.md",
     "LICENSE"
   ],
+  "dependencies": {
+    "bash-parser": "^0.5.0",
+    "yaml": "^2.4.0"
+  },
   "devDependencies": {
     "@types/node": "^20.0.0",
-    "bash-parser": "^0.5.0",
     "tsup": "^8.0.0",
     "typescript": "^5.4.0",
-    "vitest": "^1.6.0",
-    "yaml": "^2.4.0"
+    "vitest": "^1.6.0"
   },
   "scripts": {
     "build": "tsup",