codeslick-cli 1.0.0

package/dist/src/lib/analyzers/typescript-analyzer.js

@@ -0,0 +1,1660 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TypeScriptAnalyzer = void 0;
+const references_1 = require("../standards/references");
+const code_cleaner_1 = require("../utils/code-cleaner");
+// Modular TypeScript Security Checks (2025-12-01)
+const injection_attacks_1 = require("./typescript/security-checks/injection-attacks");
+const credentials_crypto_1 = require("./typescript/security-checks/credentials-crypto");
+const code_injection_1 = require("./typescript/security-checks/code-injection");
+const code_quality_1 = require("./typescript/security-checks/code-quality");
+const type_security_1 = require("./typescript/security-checks/type-security");
+const security_misconfiguration_1 = require("./typescript/security-checks/security-misconfiguration");
+const exception_handling_1 = require("./typescript/security-checks/exception-handling");
+const enhanced_supply_chain_1 = require("./typescript/security-checks/enhanced-supply-chain");
+const access_control_1 = require("./typescript/security-checks/access-control");
+const information_disclosure_1 = require("./typescript/security-checks/information-disclosure");
+const authentication_1 = require("./typescript/security-checks/authentication");
+const logging_failures_1 = require("./typescript/security-checks/logging-failures");
+const secrets_analyzer_1 = require("./secrets/secrets-analyzer");
+const ai_generated_code_1 = require("./typescript/security-checks/ai-generated-code");
+// TypeScript Compiler API Integration (2025-12-02)
+const type_checker_1 = require("./typescript/type-checker");
+class TypeScriptAnalyzer {
+    constructor() {
+        this.language = 'typescript';
+    }
+    /**
+     * Remove string literal content from a line of code
+     * This prevents false positives when analyzing string content as code
+     * Example: 'MyP@ssw0rd!' → '             ' (preserves quotes, replaces content with spaces)
+     *
+     * FIX (2025-11-18): Added to fix false positive detection of ! in string literals
+     * Bug: "const PASSWORD = 'MyP@ssw0rd!';" was detected as non-null assertion
+     */
+    removeStringLiterals(line) {
+        let result = '';
+        let inString = false;
+        let stringChar = '';
+        let escaped = false;
+        for (let i = 0; i < line.length; i++) {
+            const char = line[i];
+            // Handle escape sequences
+            if (escaped) {
+                result += inString ? ' ' : char;
+                escaped = false;
+                continue;
+            }
+            if (char === '\\') {
+                escaped = true;
+                result += inString ? ' ' : char;
+                continue;
+            }
+            // Handle string delimiters
+            if (char === '"' || char === "'" || char === '`') {
+                if (!inString) {
+                    inString = true;
+                    stringChar = char;
+                    result += char; // Keep the quote
+                }
+                else if (char === stringChar) {
+                    inString = false;
+                    stringChar = '';
+                    result += char; // Keep the quote
+                }
+                else {
+                    result += ' '; // Replace with space
+                }
+                continue;
+            }
+            // Inside string - replace content with spaces
+            if (inString) {
+                result += ' ';
+            }
+            else {
+                result += char;
+            }
+        }
+        return result;
+    }
+    async analyze(input) {
+        const result = {
+            syntax: { valid: true, errors: [], lineErrors: [] },
+            quality: { score: 100, issues: [] },
+            performance: { score: 100, suggestions: [] },
+            security: { vulnerabilities: [] },
+            metrics: { complexity: 1, maintainability: 100, lines: 0, functions: 0 }
+        };
+        try {
+            // CRITICAL (Dec 30, 2025): ALL analysis methods run independently
+            // Security checks MUST run even if type errors exist
+            // User testing revealed: "Both security AND type errors should be detected simultaneously"
+            // Fix: Ensure no early returns skip security analysis
+            this.analyzeSyntax(input.code, result);
+            this.analyzeQuality(input.code, result);
+            this.analyzePerformance(input.code, result);
+            // ALWAYS run security analysis, regardless of syntax/type errors
+            this.analyzeSecurity(input.code, result);
+            this.calculateMetrics(input.code, result);
+            // AI-Generated Code Detection (Phase 1.5, Week 5-7)
+            const lines = input.code.split('\n');
+            result.security.vulnerabilities.push(...(0, ai_generated_code_1.checkAIGeneratedCode)(lines, input.filename));
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            result.syntax.valid = false;
+            result.syntax.errors.push(`TypeScript analysis error: ${errorMessage}`);
+        }
+        return result;
+    }
+    async validateSyntax(code) {
+        // Basic TypeScript syntax checks
+        const lines = code.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            if (!line || line.startsWith('//'))
+                continue;
+            // Check basic type annotations
+            if (line.match(/:\s*[A-Z]\w*\s*=/) && !line.includes('interface') && !line.includes('type')) {
+                return true; // Valid TypeScript type annotation
+            }
+        }
+        return true;
+    }
+    getLanguageInfo() {
+        return {
+            name: 'TypeScript',
+            extensions: ['.ts', '.tsx', '.d.ts'],
+            description: 'Typed superset of JavaScript for scalable applications'
+        };
+    }
+    analyzeSyntax(code, result) {
+        const errors = [];
+        const lineErrors = [];
+        // TypeScript-specific advanced detection (16 methods)
+        // PHASE 6 WEEK 1 DAY 1: Added duplicate identifier detection
+        this.detectTypeErrors(code, lineErrors);
+        this.detectTypeAssertions(code, lineErrors);
+        this.detectGenericIssues(code, lineErrors);
+        this.detectUnionIntersectionIssues(code, lineErrors);
+        this.detectClassInterfaceIssues(code, lineErrors);
+        this.detectAsyncPromiseIssues(code, lineErrors);
+        this.detectModuleIssues(code, lineErrors);
+        this.detectDecoratorIssues(code, lineErrors);
+        this.detectMappedConditionalTypes(code, lineErrors);
+        this.detectStrictModeViolations(code, lineErrors);
+        this.detectAnyPropagation(code, lineErrors);
+        this.detectPerformanceIssues(code, lineErrors);
+        this.detectNamingConventions(code, lineErrors);
+        this.detectConfigurationIssues(code, lineErrors);
+        this.detectReactTypeScriptIssues(code, lineErrors);
+        this.detectDuplicateIdentifiers(code, lineErrors); // PHASE 6: NEW
+        // Balance checks
+        this.checkBracketBalance(code, errors, lineErrors);
+        result.syntax.errors = errors;
+        result.syntax.lineErrors = lineErrors;
+        result.syntax.valid = errors.length === 0 && lineErrors.filter(e => e.severity === 'error').length === 0;
+        if (!result.syntax.valid || lineErrors.length > 0) {
+            result.quality.score -= lineErrors.length * 15;
+        }
+    }
+    /**
+     * Detect type errors - Type assignability, null/undefined, property access
+     */
+    detectTypeErrors(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect unsafe null/undefined access
+            if (line.match(/\.\w+/) && !line.includes('?.') && !line.includes('if') && !line.includes('&&')) {
+                const prevLines = lines.slice(Math.max(0, index - 3), index);
+                const hasNullCheck = prevLines.some(l => l.includes('!= null') || l.includes('!== undefined'));
+                if (!hasNullCheck && line.includes('get') && !line.includes('Optional')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Potentially unsafe access: property may be null/undefined',
+                        suggestion: 'Use optional chaining (?.) or check for null: if (obj != null) { ... }',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect missing type annotations on function parameters
+            if (line.match(/function\s+\w+\s*\([^)]*\w+[^:)]*\)/) || line.match(/\(\s*\w+\s*\)\s*=>/)) {
+                const hasTypeAnnotation = line.match(/:\s*\w+/);
+                if (!hasTypeAnnotation && !line.includes('any')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Function parameter missing type annotation',
+                        suggestion: 'Add type to parameter: (param: string) => ...',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // FIX (2025-11-18): Detect assignment in condition (= instead of == or ===)
+            // Pattern: if (variable = value) or while (variable = value)
+            // This is a critical bug where = (assignment) is used instead of === (comparison)
+            const assignmentInCondition = line.match(/\b(if|while|for)\s*\([^)]*[^=!<>]=[^=][^)]*\)/);
+            if (assignmentInCondition) {
+                // Verify it's not part of an arrow function or initialization (for loops)
+                const isForLoopInit = assignmentInCondition[1] === 'for' && (line.includes('let ') || line.includes('var ') || line.includes('const '));
+                const isArrowFunction = line.includes('=>');
+                if (!isForLoopInit && !isArrowFunction) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Assignment in condition - did you mean === or == ?',
+                        suggestion: 'Use === for comparison. If assignment is intentional, wrap in parentheses: if ((x = getValue()))',
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect type compatibility issues with common patterns
+            if (line.includes('=') && line.includes(':') && !line.includes('//')) {
+                // Check for common type mismatches
+                if (line.match(/:\s*string.*=\s*\d+/) || line.match(/:\s*number.*=\s*["']/)) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Type incompatibility: value does not match type annotation',
+                        suggestion: 'Ensure the value matches the declared type',
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // FIX (2025-11-18): Detect type guard bypass pattern
+            // Pattern: function that returns boolean but should use type predicate
+            // Example: function isString(value: unknown): boolean { return typeof value === 'string'; }
+            // Should be: function isString(value: unknown): value is string { ... }
+            const typeGuardPattern = line.match(/function\s+(\w+)\s*\([^)]*(\w+):\s*(unknown|any)[^)]*\):\s*boolean/);
+            if (typeGuardPattern) {
+                const functionName = typeGuardPattern[1];
+                const paramName = typeGuardPattern[2];
+                // Check next 5 lines for typeof checks (function body)
+                const nextLines = lines.slice(index, Math.min(index + 6, lines.length));
+                const hasTypeOfCheck = nextLines.some(l => l.includes('typeof') && (l.includes("=== 'string'") ||
+                    l.includes("=== 'number'") ||
+                    l.includes("=== 'boolean'") ||
+                    l.includes("=== 'object'") ||
+                    l.includes('instanceof')));
+                if (hasTypeOfCheck) {
+                    // Determine the type being checked
+                    let detectedType = 'Type';
+                    if (nextLines.some(l => l.includes("=== 'string'")))
+                        detectedType = 'string';
+                    else if (nextLines.some(l => l.includes("=== 'number'")))
+                        detectedType = 'number';
+                    else if (nextLines.some(l => l.includes("=== 'boolean'")))
+                        detectedType = 'boolean';
+                    else if (nextLines.some(l => l.includes("=== 'object'")))
+                        detectedType = 'object';
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Type guard function should use type predicate instead of boolean`,
+                        suggestion: `Change return type to: ${paramName} is ${detectedType}`,
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // AI Hallucination: Check for .push() on strings (Python/list confusion)
+            // Strings in TS/JS are immutable, use += or array methods
+            // CRITICAL FIX: Remove comments before checking to prevent false positives
+            // Example: str += value;  // ERROR: Don't use .push() on strings
+            //                                              ^^^^^ This would trigger false positive!
+            const lineWithoutComments = code_cleaner_1.CodeCleaner.removeLineComments(line, 'javascript'); // TypeScript uses JS comment syntax
+            // Check current line for string indicators
+            const hasStringIndicator = lineWithoutComments.includes("''") || lineWithoutComments.includes('""') || lineWithoutComments.includes('``') ||
+                lineWithoutComments.match(/=\s*['"`]/) || lineWithoutComments.match(/:\s*string/);
+            // Check previous lines for string type annotations (multi-line function params)
+            let prevLineHasStringType = false;
+            if (index > 0) {
+                const prevLine = lines[index - 1];
+                prevLineHasStringType = prevLine.match(/:\s*string/) !== null;
+            }
+            if (lineWithoutComments.match(/(['"`].*['"`]|String\(|\.toString\(\)|\.toLowerCase\(\)|\.toUpperCase\(\)).*\.push\(/) ||
+                (lineWithoutComments.match(/\w+\.push\(/) && (hasStringIndicator || prevLineHasStringType))) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'AI Hallucination: .push() does not exist on TypeScript strings',
+                    suggestion: 'Strings are immutable in TS. Use: str += value, str = str + value, or convert to array: str.split("").push()',
+                    severity: 'error',
+                    references: references_1.typescriptStandards['type-errors'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Assignment in condition (common error: = instead of ===)
+            // Pattern: if (x = y) instead of if (x === y)
+            if (line.match(/if\s*\([^)]*[^=!<>]=\s*[^=]/) && !line.includes('==')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Assignment in condition detected - likely mistake',
+                    suggestion: 'Use === or == for comparison, not = for assignment: if (x === y)',
+                    severity: 'error',
+                    references: references_1.typescriptStandards['type-errors'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect type assertions - Unsafe 'as', non-null assertions '!', type predicates
+     */
+    detectTypeAssertions(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect 'as any' or 'as unknown' - unsafe type assertions
+            if (line.match(/as\s+any\b/) || line.match(/as\s+unknown\b/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Unsafe type assertion: use of "as any" or "as unknown"',
+                    suggestion: 'Avoid "as any". Use specific types or type guards for type safety',
+                    severity: 'error', // Changed from 'warning' to 'error' for Monaco highlighting
+                    references: references_1.typescriptStandards['type-assertions'] || [],
+                    securityRelevant: true
+                });
+            }
+            // CRITICAL FIX: Detect type assertions on 'unknown' parameter without validation
+            // Pattern: function foo(data: unknown) { return data as SomeType; }
+            // This is risky because it bypasses runtime validation
+            if (line.match(/\bdata\s+as\s+[A-Z]\w+/) || line.match(/\bvalue\s+as\s+[A-Z]\w+/)) {
+                // Look backward to see if the parameter is typed as unknown
+                const lookBackLines = lines.slice(Math.max(0, index - 5), index + 1);
+                const hasUnknownParam = lookBackLines.some(l => l.includes('data: unknown') || l.includes('value: unknown'));
+                if (hasUnknownParam) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Type assertion on unknown without runtime validation',
+                        suggestion: 'Add runtime validation before type assertion: if (typeof data === "object" && data !== null && "requiredField" in data) { ... }',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['type-assertions'] || [],
+                        securityRelevant: true
+                    });
+                }
+            }
+            // Detect non-null assertion operator (!)
+            // FIX (2025-11-18): Remove string content first to avoid false positives
+            // Previous bug: 'MyP@ssw0rd!' was detected as non-null assertion
+            // CRITICAL FIX: Added pattern for array access with non-null assertion: array[0]!
+            const lineWithoutStrings = this.removeStringLiterals(line);
+            if (lineWithoutStrings.match(/\w+!\s*\./) || lineWithoutStrings.match(/\w+!\s*\[/) || lineWithoutStrings.match(/\w+!\s*;/) || lineWithoutStrings.match(/\]\s*!/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Non-null assertion (!) detected - bypasses null checks',
+                    suggestion: 'Use optional chaining (?.) or check explicitly: if (value != null) or check array length',
+                    severity: 'error', // Changed from 'warning' to 'error' for Monaco highlighting
+                    references: references_1.typescriptStandards['type-assertions'] || [],
+                    securityRelevant: true
+                });
+            }
+            // Detect empty type assertion (casting empty object to interface/type)
+            // Pattern: {} as User, {} as Config, etc.
+            if (line.match(/\{\s*\}\s+as\s+[A-Z]\w+/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Empty type assertion - creating invalid object',
+                    suggestion: 'Initialize with actual values or use a factory function',
+                    severity: 'error',
+                    references: references_1.typescriptStandards['type-assertions'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect double type assertions (as X as Y)
+            if (line.match(/as\s+\w+\s+as\s+\w+/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Double type assertion detected - dangerous practice',
+                    suggestion: 'Avoid double assertions. Redesign code for correct types',
+                    severity: 'error',
+                    references: references_1.typescriptStandards['type-assertions'] || [],
+                    securityRelevant: true
+                });
+            }
+            // FIX #1 (Dec 16, 2025): Detect general type assertions and classify by security relevance
+            // Pattern: something as Type (but not 'as any', 'as unknown', double assertions handled above)
+            const typeAssertionPattern = /\s+as\s+([A-Za-z]\w*)/;
+            const assertionMatch = line.match(typeAssertionPattern);
+            if (assertionMatch &&
+                !line.includes('as any') &&
+                !line.includes('as unknown') &&
+                !line.match(/as\s+\w+\s+as\s+\w+/)) { // Not double assertion
+                // Check if this is a security-relevant type assertion
+                const isSecurityRelevant = this.isSecurityRelevantAssertion(line);
+                if (isSecurityRelevant) {
+                    // Security-relevant assertions: Medium severity
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Unsafe type assertion with potential security implications',
+                        suggestion: 'Add runtime validation before type assertion, especially for authentication or authorization contexts',
+                        severity: 'warning', // Medium severity for security issues
+                        references: references_1.typescriptStandards['type-assertions'] || [],
+                        securityRelevant: true
+                    });
+                }
+                else {
+                    // Non-security type assertions (environment variables, config): INFO severity
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Type assertion without runtime validation (code quality)',
+                        suggestion: 'Consider adding runtime type check or use a type-safe alternative. For environment variables, connection failure will occur if undefined.',
+                        severity: 'info', // INFO severity for code quality
+                        references: references_1.typescriptStandards['type-assertions'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Determine if a type assertion is security-relevant
+     * Security-relevant: authentication, authorization, input validation, cryptography
+     * Non-security: environment variables, config values, type conversions
+     */
+    isSecurityRelevantAssertion(line) {
+        const lowerLine = line.toLowerCase();
+        // Security-relevant keywords
+        const securityKeywords = [
+            'auth', 'token', 'password', 'secret', 'key', 'credential',
+            'session', 'user', 'role', 'permission', 'access',
+            'validate', 'sanitize', 'escape'
+        ];
+        // Non-security keywords (environment/config)
+        const configKeywords = [
+            'process.env', 'config.', 'settings.', 'options.',
+            'port', 'host', 'url', 'path'
+        ];
+        // Check if line contains config keywords (non-security)
+        const hasConfigKeyword = configKeywords.some(keyword => lowerLine.includes(keyword.toLowerCase()));
+        if (hasConfigKeyword) {
+            return false; // Not security-relevant
+        }
+        // Check if line contains security keywords
+        const hasSecurityKeyword = securityKeywords.some(keyword => lowerLine.includes(keyword));
+        if (hasSecurityKeyword) {
+            return true; // Security-relevant
+        }
+        // Default: treat as non-security (INFO) to avoid false positives
+        return false;
+    }
+    /**
+     * Detect generic issues - Missing type arguments, constraint violations
+     */
+    detectGenericIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect Array without type argument
+            if (line.match(/:\s*Array\s*[^<]/) && !line.includes('//')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Array without generic type argument',
+                    suggestion: 'Specify the type: Array<string> or use string[]',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['generics'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect Promise without type argument
+            if (line.match(/:\s*Promise\s*[^<]/) || line.match(/new\s+Promise\s*\(/)) {
+                if (!line.includes('<')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Promise without generic type specified',
+                        suggestion: 'Specify the return type: Promise<string>',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['generics'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect generic constraint violations
+            if (line.match(/<T\s+extends\s+\w+>/) && line.includes('=')) {
+                const constraintMatch = line.match(/<T\s+extends\s+(\w+)>/);
+                if (constraintMatch && line.includes('as')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Possible generic constraint violation',
+                        suggestion: 'Ensure the type satisfies the specified constraint',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['generics'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect union/intersection issues - Discriminated unions, type narrowing failures
+     */
+    detectUnionIntersectionIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect union type without discriminant property
+            if (line.match(/type\s+\w+\s*=\s*\{[^}]*\}\s*\|\s*\{[^}]*\}/)) {
+                if (!line.includes('kind:') && !line.includes('type:') && !line.includes('tag:')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Union type without discriminant property',
+                        suggestion: 'Add discriminant property: { kind: "A", ... } | { kind: "B", ... }',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['unions-intersections'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect accessing union type property without narrowing
+            // FIXED: Only match union type pipe |, not OR operator ||
+            // FIXED: Recognize optional chaining ?. as a form of null narrowing
+            const hasUnionTypePipe = line.match(/[^|]\|[^|]/) !== null; // Single | not ||
+            const hasOptionalChaining = line.includes('?.'); // ?. is null-safe access
+            if (line.match(/\.\w+/) && hasUnionTypePipe && !hasOptionalChaining) {
+                const prevLines = lines.slice(Math.max(0, index - 3), index);
+                const hasNarrowing = prevLines.some(l => l.includes('typeof') || l.includes('instanceof') || l.includes('in '));
+                if (!hasNarrowing) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Union type property access without narrowing',
+                        suggestion: 'Use type guard: if (typeof x === "string") or if ("prop" in obj)',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['unions-intersections'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect complex intersection types
+            if ((line.match(/&/g) || []).length > 3) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Intersection type too complex',
+                    suggestion: 'Consider using interface or type alias to simplify',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['unions-intersections'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect class/interface issues - Implementation errors, abstract violations
+     */
+    detectClassInterfaceIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect class implementing interface without all methods
+            if (line.match(/class\s+\w+\s+implements\s+\w+/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Verify that all interface methods are implemented',
+                    suggestion: 'Implement all required interface methods',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['classes-interfaces'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect abstract method without abstract keyword on class
+            if (line.match(/abstract\s+\w+\s*\(/) && !lines.slice(Math.max(0, index - 5), index).some(l => l.includes('abstract class'))) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Abstract method in non-abstract class',
+                    suggestion: 'Declare the class as abstract or implement the method',
+                    severity: 'error',
+                    references: references_1.typescriptStandards['classes-interfaces'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect missing access modifiers
+            if (line.match(/^\s*\w+\s*\(/) && !line.includes('function') && !line.includes('//')) {
+                const prevLine = lines[index - 1]?.trim();
+                if (prevLine && prevLine.includes('class')) {
+                    if (!line.includes('public') && !line.includes('private') && !line.includes('protected')) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'Class method without explicit access modifier',
+                            suggestion: 'Add public, private, or protected for clarity',
+                            severity: 'info',
+                            references: references_1.typescriptStandards['classes-interfaces'] || [],
+                            securityRelevant: false
+                        });
+                    }
+                }
+            }
+            // Detect interface with 'I' prefix (anti-pattern)
+            if (line.match(/interface\s+I[A-Z]\w+/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Interface with "I" prefix - anti-pattern in TypeScript',
+                    suggestion: 'Remove the "I" prefix: interface User instead of IUser',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['classes-interfaces'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect async/Promise issues - Untyped Promises, async without await
+     */
+    detectAsyncPromiseIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect async function without await
+            if (line.includes('async') && line.includes('function')) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 20, lines.length));
+                const hasAwait = nextLines.some(l => l.includes('await'));
+                if (!hasAwait) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Async function without await usage',
+                        suggestion: 'Remove async or use await for asynchronous operations',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['async-promises'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect Promise without error handling
+            if (line.includes('.then(') && !line.includes('.catch(')) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 5, lines.length));
+                const hasCatch = nextLines.some(l => l.includes('.catch('));
+                if (!hasCatch) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Promise without error handling (.catch)',
+                        suggestion: 'Add .catch() or use try/catch with async/await',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['async-promises'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect floating Promise (not awaited or returned)
+            // FIXED: Recognize .then()/.catch() chaining as valid promise handling
+            if (line.match(/^\s*\w+\(/) && !line.includes('await') && !line.includes('return')) {
+                if (line.includes('fetch') || line.includes('Promise')) {
+                    // Check if the next lines have .then() or .catch() (promise chaining)
+                    const nextLines = lines.slice(index + 1, Math.min(index + 4, lines.length));
+                    const hasPromiseChaining = line.includes('.then') ||
+                        nextLines.some(l => l.trim().startsWith('.then') || l.trim().startsWith('.catch'));
+                    if (!hasPromiseChaining) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'Promise not awaited - floating Promise',
+                            suggestion: 'Use await or return to ensure Promise is handled',
+                            severity: 'error',
+                            references: references_1.typescriptStandards['async-promises'] || [],
+                            securityRelevant: false
+                        });
+                    }
+                }
+            }
+        });
+    }
+    /**
+     * Detect module issues - Import/export problems, circular dependencies
+     */
+    detectModuleIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        const imports = new Set();
+        let inMultiLineComment = false;
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // CRITICAL: Track multi-line comment blocks (/* ... */)
+            if (trimmed.includes('/*')) {
+                inMultiLineComment = true;
+            }
+            if (trimmed.includes('*/')) {
+                inMultiLineComment = false;
+                return; // Skip the line with */
+            }
+            // CRITICAL: Skip all lines inside multi-line comments and single-line comments
+            if (!trimmed ||
+                inMultiLineComment ||
+                trimmed.startsWith('//') ||
+                trimmed.startsWith('*')) {
+                return;
+            }
+            // Track imports
+            if (line.includes('import')) {
+                const importMatch = line.match(/import\s+.*\s+from\s+['"]([^'"]+)['"]/);
+                if (importMatch) {
+                    imports.add(importMatch[1]);
+                }
+            }
+            // Detect import without type-only when importing types
+            if (line.match(/import\s+\{[^}]*\}\s+from/) && !line.includes('type ')) {
+                if (line.includes('Interface') || line.includes('Type')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Type import without "type" keyword',
+                        suggestion: 'Use: import type { Interface } from "..." for type-only imports',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['modules'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect dynamic imports without proper typing
+            if (line.includes('import(') && !line.includes('await')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Dynamic import without await',
+                    suggestion: 'Use: const module = await import("...")',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['modules'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect potential circular dependency patterns
+            if (line.includes('export') && line.includes('*') && line.includes('from')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Export * may cause circular dependencies',
+                    suggestion: 'Export only what is necessary to avoid circular dependencies',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['modules'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect decorator issues - Experimental decorators usage
+     */
+    detectDecoratorIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect decorator usage
+            if (line.trim().startsWith('@')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Decorator detected - experimental feature',
+                    suggestion: 'Enable experimentalDecorators in tsconfig.json',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['decorators'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect parameter decorators without reflect-metadata
+            if (line.match(/@\w+\s*\([^)]*\)\s*\w+:/)) {
+                if (!code.includes('reflect-metadata')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Parameter decorator without reflect-metadata',
+                        suggestion: 'Install and import reflect-metadata for decorator metadata',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['decorators'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect mapped/conditional type issues - Complex types, recursive limits
+     */
+    detectMappedConditionalTypes(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect conditional types
+            if (line.includes('extends') && line.includes('?') && line.includes(':')) {
+                if ((line.match(/\?/g) || []).length > 2) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Conditional type too complex',
+                        suggestion: 'Simplify or split into multiple type aliases',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['mapped-conditional'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect mapped types with complex transformations
+            if (line.match(/\[K\s+in\s+keyof/) && line.includes('?') && line.includes('-')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Mapped type with multiple transformations',
+                    suggestion: 'Consider breaking into intermediate types for better readability',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['mapped-conditional'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect recursive type aliases
+            if (line.match(/type\s+(\w+)\s*=/) && line.includes('Array<')) {
+                const typeNameMatch = line.match(/type\s+(\w+)\s*=/);
+                if (typeNameMatch && line.includes(typeNameMatch[1])) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Recursive type alias detected',
+                        suggestion: 'Beware of infinite recursion. Use interface for recursive types',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['mapped-conditional'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect strict mode violations - Implicit any, null checks violations
+     */
+    detectStrictModeViolations(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect implicit any from function parameters without types
+            // CRITICAL FIX: Improved regex to catch more patterns
+            // Matches: function foo(a, b) or function foo(param) without type annotations
+            const functionMatch = line.match(/function\s+\w+\s*\(([^)]*)\)/);
+            if (functionMatch) {
+                const params = functionMatch[1].trim();
+                // Check if params exist and don't have type annotations (no : character)
+                if (params.length > 0 && !params.includes(':')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Implicit any - function parameters without type annotations',
+                        suggestion: 'Add types to parameters: function calculate(a: number, b: number) { ... }',
+                        severity: 'error', // Changed from 'warning' to 'error' for Monaco highlighting
+                        references: references_1.typescriptStandards['strict-mode'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect potential null/undefined without strict null checks
+            if (line.match(/\?\s*:/) && !line.includes('null') && !line.includes('undefined')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Optional type may include undefined',
+                    suggestion: 'Enable strictNullChecks for better type safety',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['strict-mode'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect this without explicit typing
+            if (line.includes('this.') && !line.includes('function') && !line.includes('class')) {
+                if (!code.includes('// @ts-ignore')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Use of "this" without explicit context',
+                        suggestion: 'Consider adding explicit type or using arrow functions',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['strict-mode'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect any propagation - 'any' type spreading through code
+     */
+    detectAnyPropagation(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect explicit 'any' type annotations
+            if (line.match(/:\s*any\b/) && !line.includes('// @ts-')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Type "any" detected - eliminates type checking',
+                    suggestion: 'Use specific type or unknown for type safety',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['any-propagation'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect any[] arrays
+            if (line.match(/:\s*any\[\]/) || line.match(/Array<any>/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Array of any detected',
+                    suggestion: 'Specify array type: string[] or Array<string>',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['any-propagation'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect functions returning any
+            if (line.match(/\):\s*any\b/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Function returns any - propagates lack of typing',
+                    suggestion: 'Specify the correct return type',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['any-propagation'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect performance issues - Type complexity, compilation performance
+     */
+    detectPerformanceIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect excessive union types
+            const unionCount = (line.match(/\|/g) || []).length;
+            if (unionCount > 5) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: `Union type too large (${unionCount} types)`,
+                    suggestion: 'Simplify union or use type narrowing for better performance',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['performance'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect deep nesting of generic types
+            const genericDepth = (line.match(/</g) || []).length;
+            if (genericDepth > 4) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: `Generics nested too deeply (depth ${genericDepth})`,
+                    suggestion: 'Simplify type structure for better compilation performance',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['performance'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect indexed access with complex types
+            if (line.match(/\[.*\[.*\]/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Complex indexed access may affect performance',
+                    suggestion: 'Consider creating intermediate type aliases',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['performance'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect naming convention violations - TypeScript-specific naming
+     */
+    detectNamingConventions(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect interface with 'I' prefix (anti-pattern in TypeScript)
+            if (line.match(/interface\s+I[A-Z]\w+/)) {
+                const interfaceMatch = line.match(/interface\s+(I[A-Z]\w+)/);
+                if (interfaceMatch) {
+                    const interfaceName = interfaceMatch[1];
+                    const suggestedName = interfaceName.substring(1);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Interface "${interfaceName}" uses "I" prefix - anti-pattern in TypeScript`,
+                        suggestion: `Rename to: interface ${suggestedName}`,
+                        severity: 'info',
+                        references: references_1.typescriptStandards['classes-interfaces'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect type aliases not in PascalCase
+            if (line.match(/type\s+([a-z][a-zA-Z0-9]*)\s*=/)) {
+                const typeMatch = line.match(/type\s+([a-z][a-zA-Z0-9]*)\s*=/);
+                if (typeMatch) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Type alias should start with uppercase: "${typeMatch[1]}"`,
+                        suggestion: `Use PascalCase: ${typeMatch[1].charAt(0).toUpperCase() + typeMatch[1].slice(1)}`,
+                        severity: 'info',
+                        references: references_1.typescriptStandards['classes-interfaces'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect enum members not in UPPER_CASE
+            if (line.match(/enum\s+\w+/)) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                nextLines.forEach((nextLine, offset) => {
+                    if (nextLine.match(/^\s*[a-z]\w*\s*[,=]/) && !nextLine.includes('}')) {
+                        lineErrors.push({
+                            line: lineNumber + offset + 1,
+                            error: 'Enum member should be in PascalCase or UPPER_CASE',
+                            suggestion: 'Use: SUCCESS or Success for enum members',
+                            severity: 'info',
+                            references: references_1.typescriptStandards['classes-interfaces'] || [],
+                            securityRelevant: false
+                        });
+                    }
+                });
+            }
+        });
+    }
+    /**
+     * Detect configuration issues - tsconfig problems, module resolution
+     */
+    detectConfigurationIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect usage of features requiring specific tsconfig
+            if (line.includes('experimentalDecorators') || line.trim().startsWith('@')) {
+                if (!code.includes('// experimentalDecorators: true')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Decorators require experimentalDecorators in tsconfig',
+                        suggestion: 'Add "experimentalDecorators": true in tsconfig.json',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['decorators'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect JSX usage without proper configuration
+            if (line.includes('<') && line.includes('/>') && !line.includes('//')) {
+                if (!code.includes('jsx:')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'JSX requires configuration in tsconfig',
+                        suggestion: 'Add "jsx": "react" or "jsx": "react-jsx" in tsconfig.json',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['modules'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect module resolution issues
+            if (line.includes('import') && line.includes('"@/')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Path alias "@/" requires paths configuration',
+                    suggestion: 'Configure "paths" and "baseUrl" in tsconfig.json',
+                    severity: 'info',
+                    references: references_1.typescriptStandards['modules'] || [],
+                    securityRelevant: false
+                });
+            }
+        });
+    }
+    /**
+     * Detect React + TypeScript specific issues
+     */
+    detectReactTypeScriptIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        const isReactFile = code.includes('React') || code.includes('react');
+        if (!isReactFile)
+            return;
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect React.FC without props typing
+            if (line.match(/React\.FC\b/) && !line.includes('<')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'React.FC without props type',
+                    suggestion: 'Specify props: React.FC<Props> or use function component',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['generics'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect event handlers without proper typing
+            if (line.includes('onClick') || line.includes('onChange') || line.includes('onSubmit')) {
+                if (line.match(/\([^)]*\)/) && !line.includes('event:') && !line.includes('e:')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Event handler without event type',
+                        suggestion: 'Use: (event: React.MouseEvent) => ... or (e: React.ChangeEvent<HTMLInputElement>)',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect useState without generic type
+            if (line.includes('useState(') && !line.includes('<')) {
+                if (!line.match(/useState\(\s*[0-9'"]/)) { // Skip primitive initializers
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'useState without explicit generic type',
+                        suggestion: 'Specify type: useState<Type>(initialValue)',
+                        severity: 'info',
+                        references: references_1.typescriptStandards['generics'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+            // Detect useRef without type
+            if (line.includes('useRef(') && !line.includes('<')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'useRef without generic type',
+                    suggestion: 'Specify type: useRef<HTMLDivElement>(null)',
+                    severity: 'warning',
+                    references: references_1.typescriptStandards['generics'] || [],
+                    securityRelevant: false
+                });
+            }
+            // Detect useEffect without proper dependency typing
+            if (line.includes('useEffect(')) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                const hasDepsArray = nextLines.some(l => l.includes(']'));
+                if (!hasDepsArray) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'useEffect without dependency array',
+                        suggestion: 'Add dependency array: useEffect(() => { ... }, [deps])',
+                        severity: 'warning',
+                        references: references_1.typescriptStandards['async-promises'] || [],
+                        securityRelevant: false
+                    });
+                }
+            }
+        });
+    }
+    checkBracketBalance(code, errors, lineErrors) {
+        let parenBalance = 0;
+        let braceBalance = 0;
+        let bracketBalance = 0;
+        let inLineComment = false;
+        let inBlockComment = false; // NEW: Track multi-line /* */ comments
+        let inString = false;
+        let stringChar = '';
+        let stringStartLine = 0; // Track where string started
+        let currentLine = 1;
+        let inTemplateLiteralExpression = false; // FIX (2025-11-18): Track ${ } inside template literals
+        let templateExpressionDepth = 0; // Track nested braces inside ${...}
+        const openBraces = [];
+        for (let i = 0; i < code.length; i++) {
+            const char = code[i];
+            const nextChar = code[i + 1];
+            if (char === '\n') {
+                currentLine++;
+                inLineComment = false;
+                // CRITICAL FIX: If we're still in a string at end of line, report unclosed string
+                // BUT: Allow multi-line template literals (backticks can span multiple lines)
+                if (inString && stringChar !== '`') {
+                    lineErrors.push({
+                        line: stringStartLine,
+                        error: `Unclosed ${stringChar === '"' ? 'double quote' : 'single quote'} string`,
+                        suggestion: `Add ${stringChar} to close the string on line ${stringStartLine}`,
+                        severity: 'error',
+                        securityRelevant: false
+                    });
+                    // Reset string state
+                    inString = false;
+                    stringChar = '';
+                    stringStartLine = 0;
+                }
+            }
+            // NEW: Detect block comment start /* (but not inside strings)
+            if (!inString && !inLineComment && char === '/' && nextChar === '*') {
+                inBlockComment = true;
+                i++; // Skip the *
+                continue;
+            }
+            // NEW: Detect block comment end */ (but not inside strings)
+            if (!inString && inBlockComment && char === '*' && nextChar === '/') {
+                inBlockComment = false;
+                i++; // Skip the /
+                continue;
+            }
+            if (!inString && char === '/' && nextChar === '/') {
+                inLineComment = true;
+                i++;
+                continue;
+            }
+            // NEW: Skip all processing while in any type of comment
+            if (inLineComment || inBlockComment)
+                continue;
+            // FIX (2025-11-18): Handle template literal expressions ${...}
+            // When inside a template literal (`), check for ${ which starts an expression
+            if (inString && stringChar === '`' && char === '$' && nextChar === '{') {
+                inTemplateLiteralExpression = true;
+                templateExpressionDepth = 1;
+                i++; // Skip the {
+                continue;
+            }
+            // Track braces inside template literal expressions
+            if (inTemplateLiteralExpression) {
+                if (char === '{') {
+                    templateExpressionDepth++;
+                }
+                else if (char === '}') {
+                    templateExpressionDepth--;
+                    if (templateExpressionDepth === 0) {
+                        inTemplateLiteralExpression = false; // Exit expression mode
+                    }
+                }
+                continue; // Don't process other chars while in expression
+            }
+            if ((char === '"' || char === "'" || char === '`') && code[i - 1] !== '\\') {
+                if (!inString) {
+                    inString = true;
+                    stringChar = char;
+                    stringStartLine = currentLine; // Track line where string opened
+                }
+                else if (char === stringChar) {
+                    inString = false;
+                    stringChar = '';
+                    stringStartLine = 0;
+                }
+                continue;
+            }
+            if (!inLineComment && !inString) {
+                if (char === '(') {
+                    parenBalance++;
+                    openBraces.push({ line: currentLine, char: '(' });
+                }
+                else if (char === ')') {
+                    parenBalance--;
+                    for (let j = openBraces.length - 1; j >= 0; j--) {
+                        if (openBraces[j].char === '(') {
+                            openBraces.splice(j, 1);
+                            break;
+                        }
+                    }
+                }
+                else if (char === '{') {
+                    braceBalance++;
+                    openBraces.push({ line: currentLine, char: '{' });
+                }
+                else if (char === '}') {
+                    braceBalance--;
+                    for (let j = openBraces.length - 1; j >= 0; j--) {
+                        if (openBraces[j].char === '{') {
+                            openBraces.splice(j, 1);
+                            break;
+                        }
+                    }
+                }
+                else if (char === '[') {
+                    bracketBalance++;
+                    openBraces.push({ line: currentLine, char: '[' });
+                }
+                else if (char === ']') {
+                    bracketBalance--;
+                    for (let j = openBraces.length - 1; j >= 0; j--) {
+                        if (openBraces[j].char === '[') {
+                            openBraces.splice(j, 1);
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        // CRITICAL FIX: Check for unclosed strings at end of file (including template literals)
+        if (inString && stringStartLine > 0) {
+            const stringTypeName = stringChar === '`' ? 'template literal' :
+                stringChar === '"' ? 'double quote string' : 'single quote string';
+            lineErrors.push({
+                line: stringStartLine,
+                error: `Unclosed ${stringTypeName}`,
+                suggestion: `Add ${stringChar} to close the ${stringTypeName}`,
+                severity: 'error',
+                securityRelevant: false
+            });
+        }
+        openBraces.forEach(brace => {
+            const closingChar = brace.char === '{' ? '}' : brace.char === '(' ? ')' : ']';
+            const typeName = brace.char === '{' ? 'brace' : brace.char === '(' ? 'parenthesis' : 'bracket';
+            lineErrors.push({
+                line: brace.line,
+                error: `${typeName.charAt(0).toUpperCase() + typeName.slice(1)} "${brace.char}" was not closed`,
+                suggestion: `Add "${closingChar}" to close the ${typeName} opened on line ${brace.line}`,
+                severity: 'error',
+                securityRelevant: false
+            });
+        });
+        // DON'T add general balance errors - the code above already adds specific line errors
+        // with proper line numbers, enabling Auto-Fix functionality
+    }
+    analyzeQuality(code, result) {
+        const issues = [];
+        // Check for 'any' usage
+        const anyCount = (code.match(/:\s*any\b/g) || []).length;
+        if (anyCount > 0) {
+            issues.push({
+                type: 'warning',
+                message: `${anyCount} use(s) of "any" found - compromises type safety`,
+                severity: 'medium'
+            });
+            result.quality.score -= anyCount * 5;
+        }
+        // Check for missing return types
+        const functionsWithoutReturnType = (code.match(/function\s+\w+\s*\([^)]*\)\s*\{/g) || []).length;
+        if (functionsWithoutReturnType > 0) {
+            issues.push({
+                type: 'info',
+                message: 'Functions without explicit return type found',
+                severity: 'low'
+            });
+            result.quality.score -= functionsWithoutReturnType * 3;
+        }
+        // Check for interface I-prefix
+        const iPrefixCount = (code.match(/interface\s+I[A-Z]\w+/g) || []).length;
+        if (iPrefixCount > 0) {
+            issues.push({
+                type: 'info',
+                message: 'Interfaces with "I" prefix - anti-pattern in TypeScript',
+                severity: 'low'
+            });
+            result.quality.score -= iPrefixCount * 2;
+        }
+        result.quality.issues = issues;
+        result.quality.score = Math.max(0, result.quality.score);
+    }
+    analyzePerformance(code, result) {
+        const suggestions = [];
+        // Check for excessive union types
+        const lines = code.split('\n');
+        lines.forEach(line => {
+            const unionCount = (line.match(/\|/g) || []).length;
+            if (unionCount > 5) {
+                suggestions.push('Simplify large union types for better compilation performance');
+                result.performance.score -= 10;
+            }
+        });
+        // Check for deep generic nesting
+        const deepGenerics = code.match(/<<<</g);
+        if (deepGenerics) {
+            suggestions.push('Reduce generic nesting for better performance');
+            result.performance.score -= 15;
+        }
+        result.performance.suggestions = suggestions;
+        result.performance.score = Math.max(0, result.performance.score);
+    }
+    analyzeSecurity(code, result) {
+        const lines = code.split('\n');
+        const vulnerabilities = [];
+        // MODULAR SECURITY CHECKS (2025-12-01)
+        // All security checks extracted to focused modules for better maintainability
+        // Injection Attacks (Checks #1-7)
+        vulnerabilities.push(...(0, injection_attacks_1.checkInjectionAttacks)(lines));
+        // Credentials & Cryptography (Checks #8-10)
+        vulnerabilities.push(...(0, credentials_crypto_1.checkCredentialsAndCrypto)(lines));
+        // Code Injection (Checks #11-14)
+        vulnerabilities.push(...(0, code_injection_1.checkCodeInjection)(lines));
+        // Code Quality (Checks #15-18)
+        vulnerabilities.push(...(0, code_quality_1.checkCodeQuality)(code, lines));
+        // TypeScript Type Security (Checks #19-20)
+        vulnerabilities.push(...(0, type_security_1.checkTypeSecurity)(lines));
+        // OWASP A02:2025 - Security Misconfiguration (NEW - Phase 7B)
+        vulnerabilities.push(...(0, security_misconfiguration_1.checkSecurityMisconfiguration)(lines));
+        // OWASP A10:2025 - Mishandling of Exceptional Conditions (NEW - Phase 7B)
+        vulnerabilities.push(...(0, exception_handling_1.checkExceptionHandling)(lines));
+        // OWASP A03:2025 - Software Supply Chain Failures (Enhanced - Phase 7B)
+        vulnerabilities.push(...(0, enhanced_supply_chain_1.checkEnhancedSupplyChain)(lines));
+        // OWASP A01:2021 - Broken Access Control (Check #85 - Dec 16, 2025)
+        vulnerabilities.push(...(0, access_control_1.checkAccessControl)(lines));
+        // OWASP A05:2021 - Security Misconfiguration - Information Disclosure (Check #86 - Dec 16, 2025)
+        vulnerabilities.push(...(0, information_disclosure_1.checkInformationDisclosure)(lines));
+        // OWASP A07:2021 - Identification and Authentication Failures (Checks #88, #89, #90, #91 - Dec 31, 2025)
+        vulnerabilities.push(...(0, authentication_1.checkAuthentication)(lines));
+        // OWASP A09:2025 - Security Logging and Monitoring Failures (Checks #92, #93 - Dec 31, 2025)
+        vulnerabilities.push(...(0, logging_failures_1.checkLoggingFailures)(lines));
+        // NEW: TypeScript Compiler API Type Checking (2025-12-02)
+        // This adds comprehensive type error detection (95%+ coverage)
+        try {
+            const diagnostics = (0, type_checker_1.getTypeScriptDiagnostics)(code, 'temp.ts');
+            const typeIssues = (0, type_checker_1.convertDiagnosticsToIssues)(diagnostics);
+            // Convert SecurityIssue[] to SecurityVulnerability[]
+            const typeVulnerabilities = typeIssues.map(issue => ({
+                severity: issue.severity,
+                message: issue.message,
+                line: issue.line,
+                suggestion: issue.suggestion,
+                category: 'type-checking',
+                cvssScore: issue.cvssScore,
+                exploitLikelihood: issue.exploitLikelihood,
+                impact: issue.impact,
+                owasp: issue.owasp,
+                cwe: issue.cwe
+            }));
+            vulnerabilities.push(...typeVulnerabilities);
+        }
+        catch (error) {
+            // Gracefully degrade - if type checking fails, continue with pattern-based checks
+            console.error('TypeScript type checking error:', error);
+        }
+        // Secrets Detection (Phase 1.5, Week 1)
+        const secretsAnalyzer = (0, secrets_analyzer_1.createSecretsAnalyzer)();
+        vulnerabilities.push(...secretsAnalyzer.analyzeCode(code, 'unknown.ts', 'typescript'));
+        // P1-5: Deduplicate vulnerabilities on same line (Dec 30, 2025)
+        // Fix for Beta Testing Issue: Same vulnerability detected multiple times on same line
+        result.security.vulnerabilities = this.deduplicateVulnerabilities(vulnerabilities);
+    }
+    /**
+     * P1-5: Generic deduplication for ALL vulnerability types (Dec 30, 2025)
+     * Prevents same vulnerability from being reported multiple times on the same line
+     *
+     * Strategy: Use line + category as unique key, keep highest CVSS score
+     */
+    deduplicateVulnerabilities(vulnerabilities) {
+        const getCategory = (message) => {
+            const lower = message.toLowerCase();
+            if (lower.includes('hardcoded credential'))
+                return 'hardcoded-credential';
+            if (lower.includes('sql injection'))
+                return 'sql-injection';
+            if (lower.includes('nosql injection'))
+                return 'nosql-injection';
+            if (lower.includes('command injection'))
+                return 'command-injection';
+            if (lower.includes('ldap injection'))
+                return 'ldap-injection';
+            if (lower.includes('xss') || lower.includes('cross-site scripting'))
+                return 'xss';
+            if (lower.includes('ssrf'))
+                return 'ssrf';
+            if (lower.includes('xxe') || lower.includes('xml external entity'))
+                return 'xxe';
+            if (lower.includes('deserialization'))
+                return 'deserialization';
+            if (lower.includes('prototype pollution'))
+                return 'prototype-pollution';
+            if (lower.includes('weak hash') || lower.includes('md5') || lower.includes('sha1'))
+                return 'weak-hash';
+            if (lower.includes('insecure random'))
+                return 'insecure-random';
+            if (lower.includes('missing helmet'))
+                return 'missing-helmet';
+            if (lower.includes('missing csrf'))
+                return 'missing-csrf';
+            if (lower.includes('eval'))
+                return 'eval';
+            if (lower.includes('path traversal'))
+                return 'path-traversal';
+            if (lower.includes('open redirect'))
+                return 'open-redirect';
+            if (lower.includes('jwt'))
+                return 'jwt';
+            if (lower.includes('cors'))
+                return 'cors';
+            if (lower.includes('insecure tls') || lower.includes('reject unauthorized'))
+                return 'insecure-tls';
+            // Fallback: use first 30 chars as category
+            return message.substring(0, 30);
+        };
+        const uniqueMap = new Map();
+        vulnerabilities.forEach(vuln => {
+            const line = vuln.line || 0;
+            const category = getCategory(vuln.message || '');
+            const key = `${line}:${category}`;
+            const existing = uniqueMap.get(key);
+            if (!existing) {
+                uniqueMap.set(key, vuln);
+            }
+            else {
+                // Keep higher CVSS score
+                const existingScore = existing.cvssScore || 0;
+                const currentScore = vuln.cvssScore || 0;
+                if (currentScore > existingScore) {
+                    uniqueMap.set(key, vuln);
+                }
+            }
+        });
+        return Array.from(uniqueMap.values());
+    }
+    /**
+     * PHASE 6 WEEK 1 DAY 1: Detect duplicate identifier declarations
+     *
+     * Detects when variables, functions, classes, interfaces, or types are declared
+     * multiple times in the same scope, which causes TypeScript compilation errors.
+     *
+     * Examples:
+     * - const API_KEY = 'key1'; const API_KEY = 'key2';  → Duplicate
+     * - function foo() {} function foo() {}  → Duplicate
+     * - interface User {} interface User {}  → Duplicate (unless extending)
+     *
+     * Note: This is a simplified implementation that tracks identifiers at file scope.
+     * Full scope tracking (block scope, function scope) would require AST parsing.
+     */
+    detectDuplicateIdentifiers(code, lineErrors) {
+        const lines = code.split('\n');
+        const declaredIdentifiers = new Map();
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments and empty lines
+            if (!trimmed || trimmed.startsWith('//') || trimmed.startsWith('/*') || trimmed.startsWith('*')) {
+                return;
+            }
+            // Pattern 1: const/let/var declarations (with optional export)
+            const varMatch = trimmed.match(/^\s*(?:export\s+)?(const|let|var)\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (varMatch) {
+                const identifierType = varMatch[1]; // const, let, or var
+                const identifierName = varMatch[2];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Duplicate identifier: '${identifierName}' was already declared on line ${previous.line}`,
+                        suggestion: `Rename this ${identifierType} or remove the duplicate declaration`,
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: identifierType });
+                }
+            }
+            // Pattern 2: Function declarations
+            const funcMatch = trimmed.match(/^\s*function\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (funcMatch) {
+                const identifierName = funcMatch[1];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Duplicate function declaration: '${identifierName}' was already declared on line ${previous.line}`,
+                        suggestion: `Rename this function or remove the duplicate declaration`,
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: 'function' });
+                }
+            }
+            // Pattern 3: Class declarations
+            const classMatch = trimmed.match(/^\s*(?:export\s+)?class\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (classMatch) {
+                const identifierName = classMatch[1];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Duplicate class declaration: '${identifierName}' was already declared on line ${previous.line}`,
+                        suggestion: `Rename this class or remove the duplicate declaration`,
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: 'class' });
+                }
+            }
+            // Pattern 4: Interface declarations (allow interface merging - only warn if suspicious)
+            const interfaceMatch = trimmed.match(/^\s*(?:export\s+)?interface\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (interfaceMatch) {
+                const identifierName = interfaceMatch[1];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    // Interface merging is allowed in TypeScript, but warn if it might be unintentional
+                    if (previous.type === 'interface') {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Duplicate interface declaration: '${identifierName}' was already declared on line ${previous.line} (interface merging may be intentional)`,
+                            suggestion: `If intentional (interface merging), this is OK. Otherwise, rename one of the interfaces.`,
+                            severity: 'warning', // Warning, not error, because interface merging is valid
+                            references: references_1.typescriptStandards['class-interface'] || [],
+                            securityRelevant: false
+                        });
+                    }
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: 'interface' });
+                }
+            }
+            // Pattern 5: Type alias declarations
+            const typeMatch = trimmed.match(/^\s*(?:export\s+)?type\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (typeMatch) {
+                const identifierName = typeMatch[1];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Duplicate type alias: '${identifierName}' was already declared on line ${previous.line}`,
+                        suggestion: `Rename this type or remove the duplicate declaration`,
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: 'type' });
+                }
+            }
+            // Pattern 6: Enum declarations
+            const enumMatch = trimmed.match(/^\s*(?:export\s+)?enum\s+([a-zA-Z_$][a-zA-Z0-9_$]*)/);
+            if (enumMatch) {
+                const identifierName = enumMatch[1];
+                if (declaredIdentifiers.has(identifierName)) {
+                    const previous = declaredIdentifiers.get(identifierName);
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Duplicate enum declaration: '${identifierName}' was already declared on line ${previous.line}`,
+                        suggestion: `Rename this enum or remove the duplicate declaration`,
+                        severity: 'error',
+                        references: references_1.typescriptStandards['type-errors'] || [],
+                        securityRelevant: false
+                    });
+                }
+                else {
+                    declaredIdentifiers.set(identifierName, { line: lineNumber, type: 'enum' });
+                }
+            }
+        });
+    }
+    calculateMetrics(code, result) {
+        const lines = code.split('\n');
+        result.metrics.lines = lines.length;
+        const functions = (code.match(/function\s+\w+/g) || []).length;
+        const arrowFunctions = (code.match(/=>\s*\{/g) || []).length;
+        result.metrics.functions = functions + arrowFunctions;
+        let complexity = 1;
+        const keywords = ['if', 'else', 'for', 'while', 'switch', 'case', 'catch', '&&', '||', '?'];
+        keywords.forEach(keyword => {
+            // Escape special regex characters
+            const escapedKeyword = keyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+            const matches = code.match(new RegExp(`\\b${escapedKeyword}\\b`, 'g'));
+            if (matches)
+                complexity += matches.length;
+        });
+        result.metrics.complexity = complexity;
+        result.metrics.maintainability = Math.max(0, 100 - complexity * 3);
+    }
+}
+exports.TypeScriptAnalyzer = TypeScriptAnalyzer;
+//# sourceMappingURL=typescript-analyzer.js.map