npm - codeslick-cli - Versions diffs - 1.0.0 - Mend

codeslick-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Utility function to create security vulnerability objects for JavaScript analyzer
+ *
+ * This module provides a standardized way to create SecurityVulnerability objects
+ * with proper CVSS scoring, OWASP mapping, and compliance information.
+ */
+import { SecurityVulnerability } from '../../types';
+/**
+ * Parameters for creating a security vulnerability object
+ */
+interface VulnerabilityParams {
+    category: string;
+    severity: string;
+    confidence: string;
+    message: string;
+    line: number;
+    suggestion: string;
+    owasp: string;
+    cwe: string;
+    pciDss: string;
+    securityRelevant?: boolean;
+    remediation: {
+        explanation: string;
+        before: string;
+        after: string;
+    };
+    attackVector: {
+        description: string;
+        exploitExample?: string;
+        realWorldImpact: string[];
+    };
+}
+/**
+ * Creates a standardized security vulnerability object for JavaScript code
+ * Supports both object parameter style (OWASP 2025) and legacy individual parameters
+ *
+ * @param params - Object containing all vulnerability parameters (OWASP 2025 style)
+ * @returns SecurityVulnerability object with all required fields
+ */
+export declare function createJavaScriptSecurityVulnerability(params: VulnerabilityParams): SecurityVulnerability;
+/**
+ * Legacy function signature for backward compatibility
+ *
+ * @param vulnerabilityType - Type identifier for severity scoring (e.g., 'sql-injection')
+ * @param message - User-friendly vulnerability message
+ * @param suggestion - Remediation suggestion
+ * @param lineNumber - Line number where vulnerability was detected
+ * @param attackDescription - Detailed description of the attack vector
+ * @param exploitExample - Example of how the vulnerability can be exploited
+ * @param realWorldImpact - Array of potential real-world impacts
+ * @param remediationBefore - Code example showing vulnerable pattern
+ * @param remediationAfter - Code example showing secure pattern
+ * @param remediationExplanation - Explanation of why the fix works
+ * @returns SecurityVulnerability object with all required fields
+ */
+export declare function createJavaScriptSecurityVulnerability(vulnerabilityType: string, message: string, suggestion: string, lineNumber: number, attackDescription: string, exploitExample: string, realWorldImpact: string[], remediationBefore: string, remediationAfter: string, remediationExplanation: string): SecurityVulnerability;
+export {};
+//# sourceMappingURL=createVulnerability.d.ts.map

package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createVulnerability.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/createVulnerability.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAIpD;;GAEG;AACH,UAAU,mBAAmB;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,YAAY,EAAE;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,qCAAqC,CACnD,MAAM,EAAE,mBAAmB,GAC1B,qBAAqB,CAAC;AAEzB;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,qCAAqC,CACnD,iBAAiB,EAAE,MAAM,EACzB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EAAE,EACzB,iBAAiB,EAAE,MAAM,EACzB,gBAAgB,EAAE,MAAM,EACxB,sBAAsB,EAAE,MAAM,GAC7B,qBAAqB,CAAC"}

package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js ADDED Viewed

@@ -0,0 +1,71 @@
+"use strict";
+/**
+ * Utility function to create security vulnerability objects for JavaScript analyzer
+ *
+ * This module provides a standardized way to create SecurityVulnerability objects
+ * with proper CVSS scoring, OWASP mapping, and compliance information.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJavaScriptSecurityVulnerability = createJavaScriptSecurityVulnerability;
+const severity_scoring_1 = require("../../../security/severity-scoring");
+const compliance_mapping_1 = require("../../../security/compliance-mapping");
+function createJavaScriptSecurityVulnerability(paramsOrType, message, suggestion, lineNumber, attackDescription, exploitExample, realWorldImpact, remediationBefore, remediationAfter, remediationExplanation) {
+    // Check if using new object-style parameters (OWASP 2025)
+    if (typeof paramsOrType === 'object') {
+        const params = paramsOrType;
+        const scoring = (0, severity_scoring_1.calculateSeverityScore)(params.category);
+        const compliance = (0, compliance_mapping_1.getComplianceMapping)(params.category);
+        return {
+            severity: params.severity.toUpperCase(),
+            message: params.message,
+            suggestion: params.suggestion,
+            line: params.line,
+            category: params.category,
+            securityRelevant: params.securityRelevant, // P3: Propagate security relevance flag
+            cvssScore: scoring.cvssScore,
+            exploitLikelihood: scoring.exploitLikelihood,
+            impact: scoring.impact,
+            owasp: params.owasp,
+            cwe: params.cwe,
+            pciDss: params.pciDss,
+            attackVector: {
+                description: params.attackVector.description,
+                exploitExample: params.attackVector.exploitExample || '',
+                realWorldImpact: params.attackVector.realWorldImpact
+            },
+            remediation: {
+                before: params.remediation.before,
+                after: params.remediation.after,
+                explanation: params.remediation.explanation
+            }
+        };
+    }
+    // Legacy individual parameters (backward compatibility)
+    const vulnerabilityType = paramsOrType;
+    const scoring = (0, severity_scoring_1.calculateSeverityScore)(vulnerabilityType);
+    const compliance = (0, compliance_mapping_1.getComplianceMapping)(vulnerabilityType);
+    return {
+        severity: scoring.severity,
+        message: message,
+        suggestion: suggestion,
+        line: lineNumber,
+        category: vulnerabilityType, // PHASE 6 (2025-11-21): Added category for test compatibility
+        cvssScore: scoring.cvssScore,
+        exploitLikelihood: scoring.exploitLikelihood,
+        impact: scoring.impact,
+        owasp: compliance.owasp,
+        cwe: compliance.cwe,
+        pciDss: compliance.pciDss,
+        attackVector: {
+            description: attackDescription,
+            exploitExample: exploitExample,
+            realWorldImpact: realWorldImpact
+        },
+        remediation: {
+            before: remediationBefore,
+            after: remediationAfter,
+            explanation: remediationExplanation
+        }
+    };
+}
+//# sourceMappingURL=createVulnerability.js.map

package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"createVulnerability.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/createVulnerability.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuEH,sFAyEC;AA7ID,yEAA4E;AAC5E,6EAA4E;AAmE5E,SAAgB,qCAAqC,CACnD,YAA0C,EAC1C,OAAgB,EAChB,UAAmB,EACnB,UAAmB,EACnB,iBAA0B,EAC1B,cAAuB,EACvB,eAA0B,EAC1B,iBAA0B,EAC1B,gBAAyB,EACzB,sBAA+B;IAE/B,0DAA0D;IAC1D,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,YAAmC,CAAC;QAEnD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEzD,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAS;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,wCAAwC;YACnF,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,YAAY,EAAE;gBACZ,WAAW,EAAE,MAAM,CAAC,YAAY,CAAC,WAAW;gBAC5C,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,cAAc,IAAI,EAAE;gBACxD,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,eAAe;aACrD;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM;gBACjC,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK;gBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW;aAC5C;SACF,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,MAAM,iBAAiB,GAAG,YAAsB,CAAC;IACjD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,iBAAiB,CAAC,CAAC;IAE3D,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAQ;QACjB,UAAU,EAAE,UAAW;QACvB,IAAI,EAAE,UAAW;QACjB,QAAQ,EAAE,iBAAiB,EAAG,8DAA8D;QAC5F,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,GAAG,EAAE,UAAU,CAAC,GAAG;QACnB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,YAAY,EAAE;YACZ,WAAW,EAAE,iBAAkB;YAC/B,cAAc,EAAE,cAAe;YAC/B,eAAe,EAAE,eAAgB;SAClC;QACD,WAAW,EAAE;YACX,MAAM,EAAE,iBAAkB;YAC1B,KAAK,EAAE,gBAAiB;YACxB,WAAW,EAAE,sBAAuB;SACrC;KACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * JavaScript Metrics Calculator Module
+ *
+ * Calculates code quality metrics:
+ * - Line count
+ * - Function count
+ * - Cyclomatic complexity
+ * - Maintainability score
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module metrics-calculator
+ */
+/**
+ * Helper function type for checking if code is TypeScript
+ */
+export type IsTypeScriptCodeFn = (code: string) => boolean;
+/**
+ * Code metrics interface
+ */
+export interface CodeMetrics {
+    lines: number;
+    functions: number;
+    complexity: number;
+    maintainability: number;
+}
+/**
+ * Calculate code quality metrics
+ *
+ * @param code - Full source code
+ * @param isTypeScriptCode - Function to check if code is TypeScript
+ * @returns Calculated metrics
+ */
+export declare function calculateMetrics(code: string, isTypeScriptCode: IsTypeScriptCodeFn): CodeMetrics;
+//# sourceMappingURL=metrics-calculator.d.ts.map

package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"metrics-calculator.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/metrics-calculator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,gBAAgB,EAAE,kBAAkB,GACnC,WAAW,CA8Cb"}

package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js ADDED Viewed

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * JavaScript Metrics Calculator Module
+ *
+ * Calculates code quality metrics:
+ * - Line count
+ * - Function count
+ * - Cyclomatic complexity
+ * - Maintainability score
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module metrics-calculator
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateMetrics = calculateMetrics;
+/**
+ * Calculate code quality metrics
+ *
+ * @param code - Full source code
+ * @param isTypeScriptCode - Function to check if code is TypeScript
+ * @returns Calculated metrics
+ */
+function calculateMetrics(code, isTypeScriptCode) {
+    const lines = code.split('\n');
+    const lineCount = lines.length;
+    // Count functions
+    const functions = (code.match(/function\s+\w+|const\s+\w+\s*=.*=>/g) || []).length;
+    // Calculate cyclomatic complexity
+    let complexity = 1;
+    const safeKeywords = ['if', 'else', 'for', 'while', 'switch', 'case', 'catch'];
+    safeKeywords.forEach(keyword => {
+        const matches = code.match(new RegExp(`\\b${keyword}\\b`, 'g'));
+        if (matches)
+            complexity += matches.length;
+    });
+    // Logical operators (exclude TypeScript syntax)
+    const isTypeScript = isTypeScriptCode(code);
+    if (!isTypeScript) {
+        // Only in pure JavaScript, count logical operators
+        const andOperators = code.match(/&&/g);
+        const orOperators = code.match(/\|\|/g);
+        const ternaryOperators = code.match(/\?[^:]*:/g);
+        if (andOperators)
+            complexity += andOperators.length;
+        if (orOperators)
+            complexity += orOperators.length;
+        if (ternaryOperators)
+            complexity += ternaryOperators.length;
+    }
+    else {
+        // In TypeScript, be more conservative with complexity
+        // Only count logical operators in code context, not types
+        const logicalAnd = code.match(/\s&&\s/g); // With spaces = probably logic
+        const logicalOr = code.match(/\s\|\|\s/g); // With spaces = probably logic
+        if (logicalAnd)
+            complexity += logicalAnd.length;
+        if (logicalOr)
+            complexity += logicalOr.length;
+    }
+    const maintainability = Math.max(0, 100 - complexity * 3);
+    return {
+        lines: lineCount,
+        functions,
+        complexity,
+        maintainability
+    };
+}
+//# sourceMappingURL=metrics-calculator.js.map

package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"metrics-calculator.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/metrics-calculator.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAwBH,4CAiDC;AAxDD;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAC9B,IAAY,EACZ,gBAAoC;IAEpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;IAE/B,kBAAkB;IAClB,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,qCAAqC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IAEnF,kCAAkC;IAClC,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/E,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAChE,IAAI,OAAO;YAAE,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAE5C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,mDAAmD;QACnD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAEjD,IAAI,YAAY;YAAE,UAAU,IAAI,YAAY,CAAC,MAAM,CAAC;QACpD,IAAI,WAAW;YAAE,UAAU,IAAI,WAAW,CAAC,MAAM,CAAC;QAClD,IAAI,gBAAgB;YAAE,UAAU,IAAI,gBAAgB,CAAC,MAAM,CAAC;IAC9D,CAAC;SAAM,CAAC;QACN,sDAAsD;QACtD,0DAA0D;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;QACzE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,+BAA+B;QAE1E,IAAI,UAAU;YAAE,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC;QAChD,IAAI,SAAS;YAAE,UAAU,IAAI,SAAS,CAAC,MAAM,CAAC;IAChD,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;IAE1D,OAAO;QACL,KAAK,EAAE,SAAS;QAChB,SAAS;QACT,UAAU;QACV,eAAe;KAChB,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * JavaScript Performance Analyzer Module
+ *
+ * Analyzes code for performance issues:
+ * - Uncached array .length in loops
+ * - String concatenation in loops
+ * - Repeated DOM queries
+ * - setTimeout(0) usage
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module performance-analyzer
+ */
+/**
+ * Performance analysis result interface
+ */
+export interface PerformanceAnalysis {
+    score: number;
+    suggestions: string[];
+}
+/**
+ * Analyze code for performance issues
+ *
+ * @param code - Full source code
+ * @returns Performance analysis with score and suggestions
+ */
+export declare function analyzePerformance(code: string): PerformanceAnalysis;
+//# sourceMappingURL=performance-analyzer.d.ts.map

package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"performance-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/performance-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAmCpE"}

package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js ADDED Viewed

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * JavaScript Performance Analyzer Module
+ *
+ * Analyzes code for performance issues:
+ * - Uncached array .length in loops
+ * - String concatenation in loops
+ * - Repeated DOM queries
+ * - setTimeout(0) usage
+ *
+ * Part of modularized JavaScript analyzer (150-300 LOC per module)
+ * Extracted from monolithic javascript-analyzer.ts (2,672 LOC)
+ *
+ * @module performance-analyzer
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzePerformance = analyzePerformance;
+/**
+ * Analyze code for performance issues
+ *
+ * @param code - Full source code
+ * @returns Performance analysis with score and suggestions
+ */
+function analyzePerformance(code) {
+    let score = 100;
+    const suggestions = [];
+    // Check for loops with uncached .length
+    if (code.includes('.length') && code.includes('for')) {
+        if (!code.includes('len =') && !code.includes('length =')) {
+            suggestions.push('Cache array .length in loops for better performance');
+            score -= 8;
+        }
+    }
+    // Check for string concatenation in loops
+    if (code.match(/for.*\{[\s\S]*?\+\s*=.*string|string.*\+\s*=/)) {
+        suggestions.push('Avoid string concatenation in loops - use array.join()');
+        score -= 15;
+    }
+    // Check for repeated DOM queries
+    const domQueries = (code.match(/document\.(getElementById|querySelector)/g) || []).length;
+    if (domQueries > 2) {
+        suggestions.push('Cache DOM references to avoid repeated queries');
+        score -= 10;
+    }
+    // Check for setTimeout(0)
+    if (code.includes('setTimeout') && code.includes('0')) {
+        suggestions.push('Use requestAnimationFrame instead of setTimeout(0)');
+        score -= 5;
+    }
+    return {
+        score: Math.max(0, score),
+        suggestions
+    };
+}
+//# sourceMappingURL=performance-analyzer.js.map

package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"performance-analyzer.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/javascript/utils/performance-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAgBH,gDAmCC;AAzCD;;;;;GAKG;AACH,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,wCAAwC;IACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;YACxE,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,EAAE,CAAC;QAC/D,WAAW,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC3E,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;IAED,iCAAiC;IACjC,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,2CAA2C,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IAC1F,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,WAAW,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACnE,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,WAAW,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QACvE,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC;QACzB,WAAW;KACZ,CAAC;AACJ,CAAC"}

package/dist/src/lib/analyzers/javascript-analyzer.d.ts ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * ⚠️ SHARED MODULE: JavaScript Security Analyzer
+ *
+ * CRITICAL: This module is used by BOTH WebTool and GitHub App
+ *
+ * WebTool uses this for:
+ * - /api/analyze endpoint - Interactive single-file analysis (<3s target)
+ * - Real-time vulnerability detection for individual developers
+ *
+ * GitHub App uses this for:
+ * - /api/github/webhook - Batch PR analysis (10-30s OK)
+ * - Automated security checks for professional teams
+ *
+ * ⚠️ BEFORE MODIFYING THIS FILE:
+ * 1. Run all 96 analyzer tests: npm test analyzers
+ * 2. Test WebTool: Paste code at /analyze → Verify results appear
+ * 3. Test GitHub: Open PR → Verify webhook comment appears
+ * 4. Verify performance: Analysis must complete in <2s per file
+ * 5. Check detection rate: All test cases must still be detected
+ *
+ * CRITICAL OUTPUT FORMAT (DO NOT CHANGE):
+ * - result.security.vulnerabilities - Used by both systems
+ * - Each vulnerability has: line, message, severity, cvssScore, owasp, cwe
+ * - Changing this structure breaks BOTH WebTool and GitHub UI parsing
+ *
+ * PROVEN INTERFERENCE:
+ * - Version 20251117.14:30: Phase 7 GitHub work broke WebTool
+ * - Root cause: Shared module modified without cross-system testing
+ *
+ * See: docs/technical/WEBTOOL_GITHUB_SEPARATION.md
+ *
+ * Last modified: 2025-11-18
+ * Last verified (both systems): 2025-11-18
+ */
+import { ICodeAnalyzer, AnalyzerInput, AnalyzerResult } from './types';
+import { SupportedLanguage } from '../types';
+export declare class JavaScriptAnalyzer implements ICodeAnalyzer {
+    readonly language: SupportedLanguage;
+    analyze(input: AnalyzerInput): Promise<AnalyzerResult>;
+    validateSyntax(code: string): Promise<boolean>;
+    getLanguageInfo(): {
+        name: string;
+        extensions: string[];
+        description: string;
+    };
+    private isTypeScriptCode;
+    private checkBasicTypeScriptSyntax;
+    private validateTypeScriptStructure;
+    private isValidPropertyDefinition;
+    private isIncompleteProperty;
+    private shouldHaveSemicolon;
+    private hasUnclosedString;
+    private hasTypeScriptTypeError;
+    private suggestTypeCorrection;
+    private isMissingComma;
+    private analyzeSyntax;
+    private findErrorLine;
+    private getSuggestionForSyntaxError;
+    private detectAIHallucinations;
+    private detectReferenceErrors;
+    private detectComparisonIssues;
+    private detectUnhandledPromises;
+    private detectThisContextIssues;
+    private detectCallbackHell;
+    private detectArrayMutations;
+    private detectDOMNullChecks;
+    /**
+     * Option B: Detect blocking operations that can impact performance
+     * - JSON.parse() in loops
+     * - Heavy synchronous operations in loops
+     * - Large string operations in loops
+     * - Regex operations in loops
+     * - DOM manipulation in loops
+     */
+    private detectBlockingOperations;
+    private analyzeQuality;
+    private analyzePerformance;
+    private createSecurityVulnerability;
+    private analyzeSecurity;
+    private calculateMetrics;
+    /**
+     * Deduplicate vulnerabilities on the same line
+     *
+     * P1-5: Generic deduplication for ALL vulnerability types (Dec 30, 2025)
+     * Previous: Only handled command injection and callback hell
+     * Now: Handles all duplicates (hardcoded credentials, XSS, SQL injection, etc.)
+     *
+     * Strategy: Use line + category as unique key, keep highest CVSS score
+     *
+     * @param vulnerabilities - Array of vulnerabilities to deduplicate
+     * @returns Deduplicated array with one vulnerability per line+category
+     */
+    private deduplicateVulnerabilities;
+}
+//# sourceMappingURL=javascript-analyzer.d.ts.map

package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"javascript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/javascript-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAIH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AA0C7C,qBAAa,kBAAmB,YAAW,aAAa;IACtD,SAAgB,QAAQ,EAAE,iBAAiB,CAAgB;IAErD,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmEtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAapD,eAAe;;;;;IAQf,OAAO,CAAC,gBAAgB;IAoBxB,OAAO,CAAC,0BAA0B;IA8ElC,OAAO,CAAC,2BAA2B;IAsEnC,OAAO,CAAC,yBAAyB;IAmCjC,OAAO,CAAC,oBAAoB;IAsC5B,OAAO,CAAC,mBAAmB;IAoC3B,OAAO,CAAC,iBAAiB;IAuBzB,OAAO,CAAC,sBAAsB;IAgG9B,OAAO,CAAC,qBAAqB;IAiD7B,OAAO,CAAC,cAAc;YAiCR,aAAa;IAmR3B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,2BAA2B;IAoBnC,OAAO,CAAC,sBAAsB;IAyG9B,OAAO,CAAC,qBAAqB;IAgC7B,OAAO,CAAC,sBAAsB;IAqE9B,OAAO,CAAC,uBAAuB;IAwF/B,OAAO,CAAC,uBAAuB;IAwD/B,OAAO,CAAC,kBAAkB;IAkE1B,OAAO,CAAC,oBAAoB;IAyD5B,OAAO,CAAC,mBAAmB;IAsD3B;;;;;;;OAOG;IACH,OAAO,CAAC,wBAAwB;IA0KhC,OAAO,CAAC,cAAc;IAmDtB,OAAO,CAAC,kBAAkB;IAkC1B,OAAO,CAAC,2BAA2B;IAwCnC,OAAO,CAAC,eAAe;IAivBvB,OAAO,CAAC,gBAAgB;IA2CxB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,0BAA0B;CAkDnC"}