cryptoserve 0.2.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/bin/cryptoserve.mjs +61 -1
  2. package/lib/census/aggregator.mjs +226 -0
  3. package/lib/census/collectors/cocoapods-downloads.mjs +72 -0
  4. package/lib/census/collectors/crates-downloads.mjs +71 -0
  5. package/lib/census/collectors/github-advisories.mjs +132 -0
  6. package/lib/census/collectors/go-downloads.mjs +132 -0
  7. package/lib/census/collectors/hex-downloads.mjs +69 -0
  8. package/lib/census/collectors/maven-downloads.mjs +92 -0
  9. package/lib/census/collectors/npm-downloads.mjs +132 -0
  10. package/lib/census/collectors/nuget-downloads.mjs +72 -0
  11. package/lib/census/collectors/nvd-cves.mjs +71 -0
  12. package/lib/census/collectors/packagist-downloads.mjs +65 -0
  13. package/lib/census/collectors/pub-downloads.mjs +65 -0
  14. package/lib/census/collectors/pypi-downloads.mjs +67 -0
  15. package/lib/census/collectors/rubygems-downloads.mjs +67 -0
  16. package/lib/census/index.mjs +173 -0
  17. package/lib/census/package-catalog.mjs +577 -0
  18. package/lib/census/report-html.mjs +540 -0
  19. package/lib/census/report-terminal.mjs +126 -0
  20. package/package.json +1 -1
package/lib/census/package-catalog.mjs ADDED
@@ -0,0 +1,577 @@
1
+ /**
2
+ * Static classification of cryptographic packages across 11 ecosystems:
3
+ * npm, PyPI, Go, Maven, crates.io, Packagist (PHP), NuGet (.NET),
4
+ * RubyGems, Hex (Elixir), pub.dev (Dart), and CocoaPods (Swift/ObjC).
5
+ *
6
+ * Tiers:
7
+ * weak - Broken, deprecated, or quantum-vulnerable primitives
8
+ * modern - Current-generation crypto (not PQC)
9
+ * pqc - Post-quantum cryptography
10
+ */
11
+
12
+ export const TIERS = { WEAK: 'weak', MODERN: 'modern', PQC: 'pqc' };
13
+
14
+ // =========================================================================
15
+ // npm
16
+ // =========================================================================
17
+
18
+ /** @type {import('./types').CatalogEntry[]} */
19
+ export const NPM_PACKAGES = [
20
+ // --- weak ---
21
+ { name: 'md5', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash' },
22
+ { name: 'sha1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'Collision-broken hash (SHAttered)' },
23
+ { name: 'crypto-js', tier: TIERS.WEAK, algorithms: ['DES', 'RC4', 'MD5'], note: 'Bundles weak ciphers, no constant-time ops' },
24
+ { name: 'des.js', tier: TIERS.WEAK, algorithms: ['DES', '3DES'], note: 'Deprecated block cipher' },
25
+ { name: 'js-md5', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash' },
26
+ { name: 'js-sha1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'Collision-broken hash' },
27
+ { name: 'object-hash', tier: TIERS.WEAK, algorithms: ['SHA-1', 'MD5'], note: 'Defaults to SHA-1' },
28
+ { name: 'hash.js', tier: TIERS.WEAK, algorithms: ['SHA-1', 'SHA-256'], note: 'No PQC, legacy API surface' },
29
+ { name: 'node-forge', tier: TIERS.WEAK, algorithms: ['RSA', 'DES', 'RC2'], note: 'Pure JS RSA, bundles weak ciphers' },
30
+ { name: 'jssha', tier: TIERS.WEAK, algorithms: ['SHA-1', 'SHA-256'], note: 'SHA-1 primary, no PQC' },
31
+ { name: 'rc4', tier: TIERS.WEAK, algorithms: ['RC4'], note: 'Stream cipher broken since 2013' },
32
+ { name: 'js-sha256', tier: TIERS.WEAK, algorithms: ['SHA-256'], note: 'Redundant pure JS hash, no audit' },
33
+ { name: 'js-sha512', tier: TIERS.WEAK, algorithms: ['SHA-512'], note: 'Redundant pure JS hash, no audit' },
34
+ { name: 'js-sha3', tier: TIERS.WEAK, algorithms: ['SHA-3'], note: 'Unmaintained, use @noble/hashes' },
35
+ { name: 'sha.js', tier: TIERS.WEAK, algorithms: ['SHA-1', 'SHA-256'], note: 'Legacy streaming hash, unmaintained' },
36
+ { name: 'create-hash', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1', 'SHA-256'], note: 'Legacy polyfill, defaults to SHA-1' },
37
+ { name: 'create-hmac', tier: TIERS.WEAK, algorithms: ['HMAC-SHA-1'], note: 'Legacy polyfill, pairs with create-hash' },
38
+ { name: 'md5.js', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash' },
39
+ { name: 'sha1-uint8array', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'SHA-1 variant for typed arrays' },
40
+ { name: 'ripemd160', tier: TIERS.WEAK, algorithms: ['RIPEMD-160'], note: 'Legacy 160-bit hash, insufficient margin' },
41
+ { name: 'browserify-des', tier: TIERS.WEAK, algorithms: ['DES', '3DES'], note: 'Browserify DES polyfill' },
42
+ { name: 'browserify-cipher', tier: TIERS.WEAK, algorithms: ['DES', 'Blowfish'], note: 'Browserify legacy cipher polyfill' },
43
+ { name: 'blowfish-js', tier: TIERS.WEAK, algorithms: ['Blowfish'], note: '64-bit block cipher, Sweet32 vulnerable' },
44
+ { name: 'tripledes', tier: TIERS.WEAK, algorithms: ['3DES'], note: 'Deprecated by NIST 2023' },
45
+
46
+ // --- modern ---
47
+ { name: '@noble/curves', tier: TIERS.MODERN, algorithms: ['ECDSA', 'EdDSA', 'secp256k1'], note: 'Audited, constant-time elliptic curves' },
48
+ { name: '@noble/hashes', tier: TIERS.MODERN, algorithms: ['SHA-256', 'SHA-3', 'BLAKE2'], note: 'Audited hash functions' },
49
+ { name: '@noble/ciphers', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20-Poly1305', 'XSalsa20'], note: 'Audited symmetric ciphers' },
50
+ { name: 'tweetnacl', tier: TIERS.MODERN, algorithms: ['Curve25519', 'XSalsa20'], note: 'NaCl port, audited' },
51
+ { name: 'sodium-native', tier: TIERS.MODERN, algorithms: ['Curve25519', 'ChaCha20'], note: 'libsodium native bindings' },
52
+ { name: 'jose', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'EdDSA'], note: 'JOSE/JWT/JWE standard library' },
53
+ { name: 'libsodium-wrappers', tier: TIERS.MODERN, algorithms: ['Curve25519', 'ChaCha20'], note: 'libsodium WASM build' },
54
+ { name: 'elliptic', tier: TIERS.MODERN, algorithms: ['ECDSA', 'ECDH'], note: 'Elliptic curve math' },
55
+ { name: 'bcryptjs', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Password hashing' },
56
+ { name: 'scrypt-js', tier: TIERS.MODERN, algorithms: ['scrypt'], note: 'Memory-hard KDF' },
57
+ { name: 'argon2', tier: TIERS.MODERN, algorithms: ['Argon2id', 'Argon2i'], note: 'PHC winner password hashing (native)' },
58
+ { name: '@types/bcryptjs', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'TypeScript types for bcryptjs' },
59
+ { name: 'jsonwebtoken', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256'], note: 'JWT implementation' },
60
+ { name: 'passport-jwt', tier: TIERS.MODERN, algorithms: ['JWT'], note: 'Passport JWT strategy' },
61
+ { name: '@panva/hkdf', tier: TIERS.MODERN, algorithms: ['HKDF'], note: 'HKDF for Web Crypto and Node' },
62
+ { name: 'openpgp', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'EdDSA', 'AES'], note: 'OpenPGP.js v5+ with modern algorithms' },
63
+ { name: 'secp256k1', tier: TIERS.MODERN, algorithms: ['secp256k1', 'ECDSA'], note: 'Bitcoin/Ethereum curve' },
64
+ { name: '@stablelib/x25519', tier: TIERS.MODERN, algorithms: ['X25519'], note: 'X25519 ECDH' },
65
+ { name: '@stablelib/chacha20poly1305', tier: TIERS.MODERN, algorithms: ['ChaCha20-Poly1305'], note: 'AEAD cipher' },
66
+ { name: 'noise-protocol', tier: TIERS.MODERN, algorithms: ['Noise', 'X25519'], note: 'Noise protocol framework' },
67
+
68
+ // --- pqc ---
69
+ { name: '@noble/post-quantum', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA'], note: 'FIPS 203/204/205 implementations' },
70
+ { name: 'crystals-kyber', tier: TIERS.PQC, algorithms: ['Kyber/ML-KEM'], note: 'Lattice-based KEM' },
71
+ { name: 'liboqs-node', tier: TIERS.PQC, algorithms: ['Kyber', 'Dilithium', 'SPHINCS+'], note: 'Open Quantum Safe bindings' },
72
+ { name: 'kyber-crystals', tier: TIERS.PQC, algorithms: ['Kyber/ML-KEM'], note: 'Kyber implementation' },
73
+ ];
74
+
75
+ // =========================================================================
76
+ // PyPI
77
+ // =========================================================================
78
+
79
+ /** @type {import('./types').CatalogEntry[]} */
80
+ export const PYPI_PACKAGES = [
81
+ // --- weak ---
82
+ { name: 'pycrypto', tier: TIERS.WEAK, algorithms: ['DES', 'Blowfish', 'ARC4'], note: 'Unmaintained since 2013, CVEs unfixed' },
83
+ { name: 'simple-crypt', tier: TIERS.WEAK, algorithms: ['AES-CTR'], note: 'Wraps pycrypto, inherits vulnerabilities' },
84
+ { name: 'hashlib', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1'], note: 'Stdlib wrapper often used for MD5/SHA-1' },
85
+ { name: 'tlslite', tier: TIERS.WEAK, algorithms: ['TLS 1.0', 'RC4', 'DES'], note: 'Unmaintained, supports deprecated protocols' },
86
+ { name: 'pyDes', tier: TIERS.WEAK, algorithms: ['DES', '3DES'], note: 'Pure Python DES, deprecated cipher' },
87
+ { name: 'rsa', tier: TIERS.WEAK, algorithms: ['RSA-PKCS1v15'], note: 'Pure Python RSA, no constant-time operations' },
88
+ { name: 'Crypto', tier: TIERS.WEAK, algorithms: ['DES', 'ARC4', 'MD5'], note: 'Alias for pycrypto, unmaintained' },
89
+ { name: 'python-gnupg', tier: TIERS.WEAK, algorithms: ['RSA', 'DSA', 'CAST5'], note: 'GnuPG wrapper, often uses legacy defaults' },
90
+
91
+ // --- modern ---
92
+ { name: 'cryptography', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'X25519'], note: 'PyCA reference library' },
93
+ { name: 'pycryptodome', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ChaCha20'], note: 'PyCrypto fork, maintained' },
94
+ { name: 'pynacl', tier: TIERS.MODERN, algorithms: ['Curve25519', 'XSalsa20'], note: 'libsodium Python bindings' },
95
+ { name: 'bcrypt', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Password hashing' },
96
+ { name: 'argon2-cffi', tier: TIERS.MODERN, algorithms: ['Argon2'], note: 'Winner of Password Hashing Competition' },
97
+ { name: 'nacl', tier: TIERS.MODERN, algorithms: ['Curve25519'], note: 'NaCl bindings (alias)' },
98
+ { name: 'ecdsa', tier: TIERS.MODERN, algorithms: ['ECDSA'], note: 'Pure Python ECDSA' },
99
+ { name: 'ed25519', tier: TIERS.MODERN, algorithms: ['Ed25519'], note: 'EdDSA signing' },
100
+ { name: 'PyJWT', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256'], note: 'JWT implementation' },
101
+ { name: 'python-jose', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256'], note: 'JOSE standard library' },
102
+ { name: 'paramiko', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519'], note: 'SSH protocol implementation' },
103
+ { name: 'Fernet', tier: TIERS.MODERN, algorithms: ['AES-CBC', 'HMAC-SHA256'], note: 'High-level symmetric encryption' },
104
+ { name: 'tink', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ECDSA', 'Ed25519'], note: 'Google Tink Python' },
105
+ { name: 'passlib', tier: TIERS.MODERN, algorithms: ['bcrypt', 'Argon2', 'scrypt'], note: 'Multi-algorithm password hashing' },
106
+ { name: 'pyotp', tier: TIERS.MODERN, algorithms: ['HMAC-SHA1', 'TOTP', 'HOTP'], note: 'One-time password library' },
107
+
108
+ // --- pqc ---
109
+ { name: 'liboqs-python', tier: TIERS.PQC, algorithms: ['Kyber', 'Dilithium', 'SPHINCS+'], note: 'Open Quantum Safe bindings' },
110
+ { name: 'pqcrypto', tier: TIERS.PQC, algorithms: ['Kyber', 'Dilithium'], note: 'PQC algorithm wrappers' },
111
+ { name: 'oqs', tier: TIERS.PQC, algorithms: ['Kyber', 'Dilithium'], note: 'OQS convenience package' },
112
+ ];
113
+
114
+ // =========================================================================
115
+ // Go Modules
116
+ // =========================================================================
117
+
118
+ /** @type {import('./types').CatalogEntry[]} */
119
+ export const GO_PACKAGES = [
120
+ // --- weak (stdlib) ---
121
+ { name: 'crypto/md5', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash' },
122
+ { name: 'crypto/sha1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'Collision-broken hash (SHAttered)' },
123
+ { name: 'crypto/des', tier: TIERS.WEAK, algorithms: ['DES', '3DES'], note: 'DES 56-bit brute-forceable, 3DES deprecated by NIST' },
124
+ { name: 'crypto/rc4', tier: TIERS.WEAK, algorithms: ['RC4'], note: 'Broken stream cipher, prohibited by RFC 7465' },
125
+ { name: 'crypto/dsa', tier: TIERS.WEAK, algorithms: ['DSA'], note: 'Deprecated in Go 1.16+, dropped by NIST FIPS 186-5' },
126
+ { name: 'crypto/elliptic', tier: TIERS.WEAK, algorithms: ['ECDH'], note: 'Low-level API deprecated in Go 1.21' },
127
+
128
+ // --- weak (x/crypto) ---
129
+ { name: 'golang.org/x/crypto/md4', tier: TIERS.WEAK, algorithms: ['MD4'], note: 'Collision-broken, weaker than MD5' },
130
+ { name: 'golang.org/x/crypto/ripemd160', tier: TIERS.WEAK, algorithms: ['RIPEMD-160'], note: '160-bit hash with known weaknesses' },
131
+ { name: 'golang.org/x/crypto/openpgp', tier: TIERS.WEAK, algorithms: ['RSA', 'DSA', 'CAST5'], note: 'Deprecated and frozen' },
132
+ { name: 'golang.org/x/crypto/bn256', tier: TIERS.WEAK, algorithms: ['BN256'], note: 'Deprecated pairing curve, below 128-bit' },
133
+ { name: 'golang.org/x/crypto/cast5', tier: TIERS.WEAK, algorithms: ['CAST5'], note: '64-bit block cipher' },
134
+ { name: 'golang.org/x/crypto/blowfish', tier: TIERS.WEAK, algorithms: ['Blowfish'], note: '64-bit block, Sweet32 vulnerable' },
135
+ { name: 'golang.org/x/crypto/tea', tier: TIERS.WEAK, algorithms: ['TEA'], note: 'Known weaknesses, not for security' },
136
+ { name: 'golang.org/x/crypto/salsa20', tier: TIERS.WEAK, algorithms: ['Salsa20'], note: 'Superseded by ChaCha20, no AEAD' },
137
+
138
+ // --- weak (third-party) ---
139
+ { name: 'github.com/dgrijalva/jwt-go', tier: TIERS.WEAK, algorithms: ['HMAC', 'RSA'], note: 'Unmaintained, CVE-2020-26160 none alg bypass' },
140
+ { name: 'github.com/square/go-jose', tier: TIERS.WEAK, algorithms: ['JWE', 'JWS'], note: 'Deprecated, migrated to go-jose/go-jose' },
141
+ { name: 'github.com/zmap/zcrypto', tier: TIERS.WEAK, algorithms: ['TLS 1.0', 'export ciphers'], note: 'Research TLS, speaks deprecated protocols' },
142
+
143
+ // --- modern (stdlib) ---
144
+ { name: 'crypto/aes', tier: TIERS.MODERN, algorithms: ['AES'], note: 'AES block cipher' },
145
+ { name: 'crypto/cipher', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-CTR'], note: 'Block cipher modes including AEAD' },
146
+ { name: 'crypto/sha256', tier: TIERS.MODERN, algorithms: ['SHA-256'], note: 'NIST-approved hash' },
147
+ { name: 'crypto/sha512', tier: TIERS.MODERN, algorithms: ['SHA-384', 'SHA-512'], note: 'NIST-approved hash' },
148
+ { name: 'crypto/sha3', tier: TIERS.MODERN, algorithms: ['SHA3-256', 'SHAKE'], note: 'Keccak-based, added Go 1.24' },
149
+ { name: 'crypto/rsa', tier: TIERS.MODERN, algorithms: ['RSA-OAEP', 'RSA-PSS'], note: 'RSA encryption and signing' },
150
+ { name: 'crypto/ecdsa', tier: TIERS.MODERN, algorithms: ['ECDSA'], note: 'Elliptic curve digital signatures' },
151
+ { name: 'crypto/ecdh', tier: TIERS.MODERN, algorithms: ['ECDH', 'X25519'], note: 'ECDH key exchange, added Go 1.20' },
152
+ { name: 'crypto/ed25519', tier: TIERS.MODERN, algorithms: ['Ed25519'], note: 'Edwards-curve signatures' },
153
+ { name: 'crypto/tls', tier: TIERS.MODERN, algorithms: ['TLS 1.3', 'X25519MLKEM768'], note: 'TLS with hybrid PQC since Go 1.24' },
154
+ { name: 'crypto/rand', tier: TIERS.MODERN, algorithms: ['CSPRNG'], note: 'Cryptographic random' },
155
+ { name: 'crypto/hmac', tier: TIERS.MODERN, algorithms: ['HMAC'], note: 'HMAC authentication' },
156
+ { name: 'crypto/hkdf', tier: TIERS.MODERN, algorithms: ['HKDF'], note: 'RFC 5869 KDF, added Go 1.24' },
157
+ { name: 'crypto/x509', tier: TIERS.MODERN, algorithms: ['X.509'], note: 'Certificate handling' },
158
+
159
+ // --- modern (x/crypto) ---
160
+ { name: 'golang.org/x/crypto/chacha20poly1305', tier: TIERS.MODERN, algorithms: ['ChaCha20-Poly1305'], note: 'AEAD, RFC 8439' },
161
+ { name: 'golang.org/x/crypto/curve25519', tier: TIERS.MODERN, algorithms: ['X25519'], note: 'ECDH on Curve25519' },
162
+ { name: 'golang.org/x/crypto/nacl/box', tier: TIERS.MODERN, algorithms: ['X25519', 'XSalsa20-Poly1305'], note: 'NaCl public-key encryption' },
163
+ { name: 'golang.org/x/crypto/nacl/secretbox', tier: TIERS.MODERN, algorithms: ['XSalsa20-Poly1305'], note: 'NaCl symmetric encryption' },
164
+ { name: 'golang.org/x/crypto/argon2', tier: TIERS.MODERN, algorithms: ['Argon2id'], note: 'PHC winner password hashing' },
165
+ { name: 'golang.org/x/crypto/bcrypt', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Adaptive password hashing' },
166
+ { name: 'golang.org/x/crypto/scrypt', tier: TIERS.MODERN, algorithms: ['scrypt'], note: 'Memory-hard KDF' },
167
+ { name: 'golang.org/x/crypto/blake2b', tier: TIERS.MODERN, algorithms: ['BLAKE2b'], note: 'Fast cryptographic hash' },
168
+ { name: 'golang.org/x/crypto/ssh', tier: TIERS.MODERN, algorithms: ['SSH'], note: 'SSH protocol implementation' },
169
+ { name: 'golang.org/x/crypto/acme/autocert', tier: TIERS.MODERN, algorithms: ['ACME', 'TLS'], note: 'Auto TLS certificate provisioning' },
170
+
171
+ // --- modern (third-party) ---
172
+ { name: 'github.com/golang-jwt/jwt/v5', tier: TIERS.MODERN, algorithms: ['HMAC', 'RSA', 'ECDSA', 'EdDSA'], note: 'Most popular Go JWT library' },
173
+ { name: 'github.com/go-jose/go-jose/v4', tier: TIERS.MODERN, algorithms: ['JWE', 'JWS', 'JWT'], note: 'JOSE standards' },
174
+ { name: 'github.com/tink-crypto/tink-go/v2', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ECDSA', 'Ed25519'], note: 'Google Tink misuse-resistant crypto' },
175
+ { name: 'filippo.io/age', tier: TIERS.MODERN, algorithms: ['X25519', 'scrypt', 'ChaCha20-Poly1305'], note: 'Modern file encryption' },
176
+ { name: 'github.com/ProtonMail/go-crypto', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'EdDSA'], note: 'Maintained OpenPGP fork' },
177
+ { name: 'github.com/flynn/noise', tier: TIERS.MODERN, algorithms: ['Noise', 'X25519', 'ChaCha20-Poly1305'], note: 'Noise protocol framework' },
178
+ { name: 'golang.zx2c4.com/wireguard', tier: TIERS.MODERN, algorithms: ['Noise IK', 'X25519', 'ChaCha20-Poly1305'], note: 'WireGuard VPN' },
179
+ { name: 'github.com/aws/aws-sdk-go-v2/service/kms', tier: TIERS.MODERN, algorithms: ['AES-256', 'RSA', 'ECDSA'], note: 'AWS KMS client' },
180
+ { name: 'cloud.google.com/go/kms/apiv1', tier: TIERS.MODERN, algorithms: ['AES-256', 'RSA', 'ECDSA'], note: 'GCP Cloud KMS client' },
181
+
182
+ // --- pqc ---
183
+ { name: 'crypto/mlkem', tier: TIERS.PQC, algorithms: ['ML-KEM-768', 'ML-KEM-1024'], note: 'FIPS 203 in Go stdlib since 1.24' },
184
+ { name: 'github.com/cloudflare/circl', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'HPKE'], note: 'Comprehensive PQC + ECC library' },
185
+ { name: 'github.com/cloudflare/circl/kem/mlkem', tier: TIERS.PQC, algorithms: ['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024'], note: 'FIPS 203 ML-KEM' },
186
+ { name: 'github.com/cloudflare/circl/sign/mldsa', tier: TIERS.PQC, algorithms: ['ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87'], note: 'FIPS 204 ML-DSA' },
187
+ { name: 'github.com/cloudflare/circl/sign/slhdsa', tier: TIERS.PQC, algorithms: ['SLH-DSA'], note: 'FIPS 205 hash-based signatures' },
188
+ { name: 'github.com/open-quantum-safe/liboqs-go', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'Falcon'], note: 'OQS Go bindings' },
189
+ ];
190
+
191
+ // =========================================================================
192
+ // Maven Central (Java/Kotlin)
193
+ // =========================================================================
194
+
195
+ /** @type {import('./types').CatalogEntry[]} */
196
+ export const MAVEN_PACKAGES = [
197
+ // --- weak ---
198
+ { name: 'org.bouncycastle:bcprov-jdk15on', tier: TIERS.WEAK, algorithms: ['AES', 'RSA', 'DES'], note: 'Superseded by jdk18on, no longer maintained' },
199
+ { name: 'org.bouncycastle:bcprov-jdk16', tier: TIERS.WEAK, algorithms: ['AES', 'RSA', 'DES'], note: 'Legacy JDK 1.6 build, unmaintained' },
200
+ { name: 'org.bouncycastle:bcpkix-jdk15on', tier: TIERS.WEAK, algorithms: ['RSA', 'ECDSA', 'X.509'], note: 'Superseded by jdk18on' },
201
+ { name: 'org.bouncycastle:bcpg-jdk15on', tier: TIERS.WEAK, algorithms: ['RSA', 'DSA', 'ElGamal'], note: 'Legacy OpenPGP build' },
202
+ { name: 'com.madgag.spongycastle:core', tier: TIERS.WEAK, algorithms: ['AES', 'RSA', 'DES'], note: 'BC Android fork, deprecated' },
203
+ { name: 'org.jasypt:jasypt', tier: TIERS.WEAK, algorithms: ['PBE', 'DES', 'MD5'], note: 'Defaults to PBEWithMD5AndDES, unmaintained since 2014' },
204
+ { name: 'org.keyczar:keyczar', tier: TIERS.WEAK, algorithms: ['AES', 'RSA', 'DSA'], note: 'Google Keyczar, archived project' },
205
+ { name: 'commons-codec:commons-codec', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1', 'SHA-256'], note: 'DigestUtils md5Hex/sha1Hex widely used' },
206
+ { name: 'com.google.guava:guava', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1'], note: 'Hashing.md5()/sha1() convenience methods' },
207
+ { name: 'org.apache.commons:commons-crypto', tier: TIERS.WEAK, algorithms: ['AES-CTR', 'AES-CBC'], note: 'No AEAD modes, no GCM support' },
208
+ { name: 'io.jsonwebtoken:jjwt', tier: TIERS.WEAK, algorithms: ['HS256', 'RS256'], note: 'Legacy monolithic artifact, replaced by jjwt-api' },
209
+ { name: 'org.apache.santuario:xmlsec', tier: TIERS.WEAK, algorithms: ['RSA', 'SHA-1', 'DSA'], note: 'XML-DSIG defaults to SHA-1' },
210
+ { name: 'org.apache.wss4j:wss4j-ws-security-common', tier: TIERS.WEAK, algorithms: ['SHA-1', 'AES-CBC'], note: 'WS-Security with legacy defaults' },
211
+ { name: 'org.owasp.esapi:esapi', tier: TIERS.WEAK, algorithms: ['AES-CBC', 'SHA-1'], note: 'Legacy OWASP ESAPI, known CVEs' },
212
+
213
+ // --- modern ---
214
+ { name: 'org.bouncycastle:bcprov-jdk18on', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA', 'Ed25519', 'ChaCha20-Poly1305'], note: 'Comprehensive JCA provider' },
215
+ { name: 'org.bouncycastle:bcpkix-jdk18on', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'X.509', 'CMS'], note: 'PKI operations' },
216
+ { name: 'org.bouncycastle:bctls-jdk18on', tier: TIERS.MODERN, algorithms: ['TLS 1.3', 'AES-GCM'], note: 'BC JSSE TLS provider' },
217
+ { name: 'org.bouncycastle:bcpg-jdk18on', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'OpenPGP'], note: 'Modern OpenPGP' },
218
+ { name: 'org.conscrypt:conscrypt-openjdk', tier: TIERS.MODERN, algorithms: ['TLS 1.3', 'AES-GCM', 'ChaCha20-Poly1305'], note: 'Google BoringSSL-backed provider' },
219
+ { name: 'software.amazon.cryptools:AmazonCorrettoCryptoProvider', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA', 'HKDF'], note: 'AWS high-perf JCA provider' },
220
+ { name: 'com.google.crypto.tink:tink', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-SIV', 'ECDSA', 'Ed25519'], note: 'Google Tink misuse-resistant crypto' },
221
+ { name: 'com.nimbusds:nimbus-jose-jwt', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'AES-GCM'], note: 'Comprehensive JOSE/JWT/JWE' },
222
+ { name: 'org.bitbucket.b_c:jose4j', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'AES-GCM'], note: 'JCA-only JOSE/JWT' },
223
+ { name: 'io.jsonwebtoken:jjwt-api', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA'], note: 'JJWT modular API' },
224
+ { name: 'com.auth0:java-jwt', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'PS256'], note: 'Auth0 JWT library' },
225
+ { name: 'org.springframework.security:spring-security-crypto', tier: TIERS.MODERN, algorithms: ['bcrypt', 'scrypt', 'Argon2'], note: 'Spring Security password encoders' },
226
+ { name: 'org.mindrot:jbcrypt', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Original Java bcrypt' },
227
+ { name: 'com.password4j:password4j', tier: TIERS.MODERN, algorithms: ['Argon2', 'bcrypt', 'scrypt', 'PBKDF2'], note: 'Multi-algorithm password hashing' },
228
+ { name: 'de.mkammerer:argon2-jvm', tier: TIERS.MODERN, algorithms: ['Argon2'], note: 'Argon2 JVM native bindings' },
229
+ { name: 'software.amazon.awssdk:kms', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA'], note: 'AWS KMS SDK v2' },
230
+ { name: 'com.amazonaws:aws-encryption-sdk-java', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA-OAEP', 'HKDF'], note: 'AWS envelope encryption' },
231
+ { name: 'com.google.cloud:google-cloud-kms', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA'], note: 'GCP KMS client' },
232
+ { name: 'com.azure:azure-security-keyvault-keys', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'AES-GCM'], note: 'Azure Key Vault keys' },
233
+ { name: 'io.netty:netty-handler', tier: TIERS.MODERN, algorithms: ['TLS 1.3', 'AES-GCM'], note: 'Netty SSL/TLS handler' },
234
+ { name: 'com.squareup.okhttp3:okhttp', tier: TIERS.MODERN, algorithms: ['TLS 1.3', 'AES-GCM'], note: 'HTTP client with modern TLS' },
235
+ { name: 'org.signal:libsignal-client', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'AES-GCM'], note: 'Signal Protocol primitives' },
236
+
237
+ // --- pqc ---
238
+ { name: 'org.bouncycastle:bcpqc-jdk18on', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'NTRU', 'FrodoKEM'], note: 'BC PQC suite since v1.79' },
239
+ { name: 'org.openquantumsafe:liboqs-java', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'Falcon'], note: 'OQS JNI wrapper' },
240
+ ];
241
+
242
+ // =========================================================================
243
+ // crates.io (Rust)
244
+ // =========================================================================
245
+
246
+ /** @type {import('./types').CatalogEntry[]} */
247
+ export const CRATES_PACKAGES = [
248
+ // --- weak ---
249
+ { name: 'md-5', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash (RustCrypto)' },
250
+ { name: 'md5', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'Collision-broken hash (third-party)' },
251
+ { name: 'sha1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'Collision-broken hash (RustCrypto)' },
252
+ { name: 'sha-1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'Collision-broken hash alias (RustCrypto)' },
253
+ { name: 'des', tier: TIERS.WEAK, algorithms: ['DES', '3DES'], note: 'Deprecated block cipher (RustCrypto)' },
254
+ { name: 'rc4', tier: TIERS.WEAK, algorithms: ['RC4'], note: 'Broken stream cipher' },
255
+ { name: 'blowfish', tier: TIERS.WEAK, algorithms: ['Blowfish'], note: '64-bit block, Sweet32 vulnerable' },
256
+ { name: 'cast5', tier: TIERS.WEAK, algorithms: ['CAST5'], note: 'Legacy 64-bit block cipher' },
257
+ { name: 'idea', tier: TIERS.WEAK, algorithms: ['IDEA'], note: 'Legacy 64-bit block cipher' },
258
+ { name: 'rust-crypto', tier: TIERS.WEAK, algorithms: ['AES', 'DES', 'MD5'], note: 'Unmaintained since 2016, RUSTSEC-2016-0005' },
259
+ { name: 'ripemd', tier: TIERS.WEAK, algorithms: ['RIPEMD-160'], note: 'Legacy 160-bit hash' },
260
+ { name: 'sodiumoxide', tier: TIERS.WEAK, algorithms: ['X25519', 'Ed25519'], note: 'Deprecated on GitHub, use dryoc or libsodium-sys' },
261
+
262
+ // --- modern ---
263
+ { name: 'ring', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20-Poly1305', 'Ed25519', 'X25519', 'RSA', 'ECDSA'], note: 'BoringSSL-backed, audited' },
264
+ { name: 'aws-lc-rs', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20-Poly1305', 'Ed25519', 'X25519', 'RSA'], note: 'AWS-LC backed, FIPS 140-3, ring-compatible' },
265
+ { name: 'rustls', tier: TIERS.MODERN, algorithms: ['TLS 1.2', 'TLS 1.3'], note: 'Pure Rust TLS, audited' },
266
+ { name: 'aes-gcm', tier: TIERS.MODERN, algorithms: ['AES-128-GCM', 'AES-256-GCM'], note: 'Audited AEAD (RustCrypto, Cure53)' },
267
+ { name: 'chacha20poly1305', tier: TIERS.MODERN, algorithms: ['ChaCha20-Poly1305', 'XChaCha20-Poly1305'], note: 'Audited AEAD, RFC 8439 (RustCrypto)' },
268
+ { name: 'aes', tier: TIERS.MODERN, algorithms: ['AES-128', 'AES-256'], note: 'AES block cipher with HW accel (RustCrypto)' },
269
+ { name: 'chacha20', tier: TIERS.MODERN, algorithms: ['ChaCha20', 'XChaCha20'], note: 'Stream cipher (RustCrypto)' },
270
+ { name: 'sha2', tier: TIERS.MODERN, algorithms: ['SHA-256', 'SHA-384', 'SHA-512'], note: 'NIST hash family (RustCrypto)' },
271
+ { name: 'sha3', tier: TIERS.MODERN, algorithms: ['SHA3-256', 'SHA3-512', 'SHAKE'], note: 'Keccak-based hash (RustCrypto)' },
272
+ { name: 'blake2', tier: TIERS.MODERN, algorithms: ['BLAKE2b', 'BLAKE2s'], note: 'Fast secure hash, RFC 7693 (RustCrypto)' },
273
+ { name: 'blake3', tier: TIERS.MODERN, algorithms: ['BLAKE3'], note: 'Fastest secure hash (official crate)' },
274
+ { name: 'hmac', tier: TIERS.MODERN, algorithms: ['HMAC'], note: 'HMAC authentication (RustCrypto)' },
275
+ { name: 'hkdf', tier: TIERS.MODERN, algorithms: ['HKDF'], note: 'RFC 5869 KDF (RustCrypto)' },
276
+ { name: 'argon2', tier: TIERS.MODERN, algorithms: ['Argon2id', 'Argon2i'], note: 'PHC winner password hash (RustCrypto)' },
277
+ { name: 'bcrypt', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Password hashing (RustCrypto)' },
278
+ { name: 'scrypt', tier: TIERS.MODERN, algorithms: ['scrypt'], note: 'Memory-hard KDF (RustCrypto)' },
279
+ { name: 'pbkdf2', tier: TIERS.MODERN, algorithms: ['PBKDF2'], note: 'Password KDF, RFC 2898 (RustCrypto)' },
280
+ { name: 'ed25519-dalek', tier: TIERS.MODERN, algorithms: ['Ed25519'], note: 'Fast Ed25519, audited (dalek-cryptography)' },
281
+ { name: 'x25519-dalek', tier: TIERS.MODERN, algorithms: ['X25519'], note: 'X25519 ECDH, audited (dalek-cryptography)' },
282
+ { name: 'curve25519-dalek', tier: TIERS.MODERN, algorithms: ['Curve25519', 'Ristretto255'], note: 'Group operations, audited (dalek-cryptography)' },
283
+ { name: 'rsa', tier: TIERS.MODERN, algorithms: ['RSA-OAEP', 'RSA-PSS'], note: 'Pure Rust RSA, audited (RustCrypto)' },
284
+ { name: 'p256', tier: TIERS.MODERN, algorithms: ['NIST P-256', 'ECDSA', 'ECDH'], note: 'secp256r1 (RustCrypto)' },
285
+ { name: 'p384', tier: TIERS.MODERN, algorithms: ['NIST P-384', 'ECDSA', 'ECDH'], note: 'secp384r1 (RustCrypto)' },
286
+ { name: 'k256', tier: TIERS.MODERN, algorithms: ['secp256k1', 'ECDSA'], note: 'Bitcoin/Ethereum curve, audited (RustCrypto)' },
287
+ { name: 'ecdsa', tier: TIERS.MODERN, algorithms: ['ECDSA'], note: 'ECDSA signing/verification (RustCrypto)' },
288
+ { name: 'orion', tier: TIERS.MODERN, algorithms: ['ChaCha20-Poly1305', 'BLAKE2b', 'Argon2i', 'X25519'], note: 'Pure Rust easy-to-use crypto' },
289
+ { name: 'dryoc', tier: TIERS.MODERN, algorithms: ['X25519', 'XSalsa20-Poly1305', 'Ed25519'], note: 'Pure Rust libsodium-compatible' },
290
+ { name: 'snow', tier: TIERS.MODERN, algorithms: ['Noise', 'X25519', 'ChaCha20-Poly1305'], note: 'Noise Protocol Framework' },
291
+ { name: 'jsonwebtoken', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'HS256'], note: 'JWT for Rust' },
292
+ { name: 'sequoia-openpgp', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'AES'], note: 'Full OpenPGP (RFC 9580)' },
293
+ { name: 'rcgen', tier: TIERS.MODERN, algorithms: ['X.509', 'ECDSA', 'Ed25519', 'RSA'], note: 'X.509 certificate generation' },
294
+ { name: 'subtle', tier: TIERS.MODERN, algorithms: ['constant-time'], note: 'Constant-time ops (dalek-cryptography)' },
295
+ { name: 'zeroize', tier: TIERS.MODERN, algorithms: ['memory zeroing'], note: 'Secure memory zeroing (RustCrypto)' },
296
+ { name: 'crypto-bigint', tier: TIERS.MODERN, algorithms: ['big integer'], note: 'Constant-time bignum (RustCrypto, audited)' },
297
+ { name: 'cryptoki', tier: TIERS.MODERN, algorithms: ['PKCS#11'], note: 'HSM interface' },
298
+
299
+ // --- pqc ---
300
+ { name: 'ml-kem', tier: TIERS.PQC, algorithms: ['ML-KEM-512', 'ML-KEM-768', 'ML-KEM-1024'], note: 'FIPS 203 pure Rust (RustCrypto)' },
301
+ { name: 'ml-dsa', tier: TIERS.PQC, algorithms: ['ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87'], note: 'FIPS 204 pure Rust (RustCrypto)' },
302
+ { name: 'slh-dsa', tier: TIERS.PQC, algorithms: ['SLH-DSA'], note: 'FIPS 205 pure Rust (RustCrypto)' },
303
+ { name: 'pqcrypto', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SPHINCS+'], note: 'Meta-crate, wraps PQClean C' },
304
+ { name: 'pqcrypto-kyber', tier: TIERS.PQC, algorithms: ['Kyber/ML-KEM'], note: 'Kyber KEM (PQClean wrapper)' },
305
+ { name: 'pqcrypto-dilithium', tier: TIERS.PQC, algorithms: ['Dilithium/ML-DSA'], note: 'Dilithium signatures (PQClean wrapper)' },
306
+ { name: 'pqcrypto-sphincsplus', tier: TIERS.PQC, algorithms: ['SPHINCS+/SLH-DSA'], note: 'Hash-based signatures (PQClean wrapper)' },
307
+ { name: 'pqcrypto-classicmceliece', tier: TIERS.PQC, algorithms: ['Classic McEliece'], note: 'Code-based KEM' },
308
+ { name: 'oqs', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'Falcon'], note: 'OQS Rust wrapper' },
309
+ { name: 'quantcrypt', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA'], note: 'High-level PQC with X.509 integration' },
310
+ ];
311
+
312
+ // =========================================================================
313
+ // Packagist (PHP)
314
+ // =========================================================================
315
+
316
+ /** @type {import('./types').CatalogEntry[]} */
317
+ export const PACKAGIST_PACKAGES = [
318
+ // --- weak ---
319
+ { name: 'paragonie/random_compat', tier: TIERS.WEAK, algorithms: ['CSPRNG'], note: 'PHP 5.x polyfill; obsolete on PHP 7+' },
320
+ { name: 'ircmaxell/password-compat', tier: TIERS.WEAK, algorithms: ['bcrypt'], note: 'PHP 5.3/5.4 polyfill; obsolete on PHP 7+' },
321
+ { name: 'phpseclib/mcrypt_compat', tier: TIERS.WEAK, algorithms: ['DES', 'Blowfish', '3DES', 'RC4'], note: 'Polyfill for removed ext-mcrypt' },
322
+ { name: 'namshi/jose', tier: TIERS.WEAK, algorithms: ['JWT', 'HS256', 'RS256'], note: 'Last release 2018; CVEs for alg confusion' },
323
+ { name: 'gree/jose', tier: TIERS.WEAK, algorithms: ['JWT'], note: 'Abandoned by maintainer' },
324
+ { name: 'mdanter/ecc', tier: TIERS.WEAK, algorithms: ['ECDSA', 'ECDH'], note: 'Abandoned; superseded by paragonie/ecc' },
325
+ { name: 'laminas/laminas-crypt', tier: TIERS.WEAK, algorithms: ['AES-CBC', 'RSA', 'bcrypt'], note: 'Marked abandoned by Laminas' },
326
+ { name: 'bordoni/phpass', tier: TIERS.WEAK, algorithms: ['bcrypt'], note: 'Portable phpass; deprecated API' },
327
+ { name: 'ircmaxell/random-lib', tier: TIERS.WEAK, algorithms: ['CSPRNG'], note: 'Pre-PHP-7 random library' },
328
+
329
+ // --- modern ---
330
+ { name: 'phpseclib/phpseclib', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'AES-GCM', 'ChaCha20'], note: 'Pure-PHP crypto; use v3.0.36+' },
331
+ { name: 'defuse/php-encryption', tier: TIERS.MODERN, algorithms: ['AES-256-CTR', 'HMAC-SHA256'], note: 'Audited symmetric encryption; zero CVEs' },
332
+ { name: 'paragonie/sodium_compat', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'ChaCha20-Poly1305'], note: 'libsodium polyfill' },
333
+ { name: 'paragonie/halite', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'ChaCha20-Poly1305', 'Argon2id'], note: 'Misuse-resistant API over libsodium' },
334
+ { name: 'firebase/php-jwt', tier: TIERS.MODERN, algorithms: ['HS256', 'RS256', 'ES256', 'EdDSA'], note: 'Most-downloaded PHP JWT; use v7.0+' },
335
+ { name: 'lcobucci/jwt', tier: TIERS.MODERN, algorithms: ['HS256', 'RS256', 'ES256', 'EdDSA'], note: 'Strict JWT; use v5.x' },
336
+ { name: 'web-token/jwt-framework', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'AES-GCM', 'ECDH-ES'], note: 'Full JOSE/JWE/JWS' },
337
+ { name: 'symfony/password-hasher', tier: TIERS.MODERN, algorithms: ['bcrypt', 'Argon2id'], note: 'Symfony password hasher' },
338
+ { name: 'illuminate/hashing', tier: TIERS.MODERN, algorithms: ['bcrypt', 'Argon2id'], note: 'Laravel hashing' },
339
+ { name: 'paragonie/paseto', tier: TIERS.MODERN, algorithms: ['Ed25519', 'XChaCha20-Poly1305'], note: 'PASETO v4; preferred over JWT' },
340
+ { name: 'spomky-labs/pki-framework', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'X.509'], note: 'Comprehensive PHP PKI' },
341
+ { name: 'paragonie/ciphersweet', tier: TIERS.MODERN, algorithms: ['AES-256-CTR', 'XChaCha20-Poly1305'], note: 'Searchable field-level encryption' },
342
+
343
+ // --- pqc ---
344
+ { name: 'secudoc/php-liboqs', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA'], note: 'PHP C extension wrapping liboqs; experimental' },
345
+ ];
346
+
347
+ // =========================================================================
348
+ // NuGet (.NET / C#)
349
+ // =========================================================================
350
+
351
+ /** @type {import('./types').CatalogEntry[]} */
352
+ export const NUGET_PACKAGES = [
353
+ // --- weak ---
354
+ { name: 'Portable.BouncyCastle', tier: TIERS.WEAK, algorithms: ['AES', 'RSA', 'DES'], note: 'EOL since 2021; superseded by BouncyCastle.Cryptography' },
355
+ { name: 'BouncyCastle.NetCore', tier: TIERS.WEAK, algorithms: ['AES', 'RSA'], note: 'Unofficial, unmaintained since 2022' },
356
+ { name: 'BouncyCastle', tier: TIERS.WEAK, algorithms: ['AES', 'RSA'], note: 'Original namespaced package, EOL' },
357
+ { name: 'Microsoft.Owin.Security.Jwt', tier: TIERS.WEAK, algorithms: ['JWT', 'RS256'], note: 'OWIN-era; no ECDSA/EdDSA' },
358
+ { name: 'Microsoft.Azure.KeyVault', tier: TIERS.WEAK, algorithms: ['RSA', 'AES'], note: 'Deprecated v1 SDK; use Azure.Security.KeyVault.*' },
359
+ { name: 'DotNetOpenAuth.Core', tier: TIERS.WEAK, algorithms: ['RSA', 'HMAC'], note: 'Archived, unmaintained since 2015' },
360
+ { name: 'CryptSharpOfficial', tier: TIERS.WEAK, algorithms: ['SCrypt', 'MD5-crypt'], note: 'Legacy crypt implementations' },
361
+ { name: 'CryptoHelper', tier: TIERS.WEAK, algorithms: ['bcrypt'], note: 'Unmaintained since 2020' },
362
+
363
+ // --- modern ---
364
+ { name: 'BouncyCastle.Cryptography', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20-Poly1305', 'Ed25519', 'X25519', 'TLS 1.3'], note: 'Official BC .NET; actively maintained' },
365
+ { name: 'System.IdentityModel.Tokens.Jwt', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256'], note: 'Microsoft JWT library' },
366
+ { name: 'Microsoft.IdentityModel.Tokens', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA'], note: 'Token validation infrastructure' },
367
+ { name: 'Microsoft.AspNetCore.DataProtection', tier: TIERS.MODERN, algorithms: ['AES-256-CBC', 'HMAC-SHA256'], note: 'ASP.NET Core data protection' },
368
+ { name: 'BCrypt.Net-Next', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Well-maintained bcrypt' },
369
+ { name: 'Konscious.Security.Cryptography.Argon2', tier: TIERS.MODERN, algorithms: ['Argon2id', 'Argon2i'], note: 'Pure C# Argon2' },
370
+ { name: 'Isopoh.Cryptography.Argon2', tier: TIERS.MODERN, algorithms: ['Argon2'], note: 'Argon2 with memory security' },
371
+ { name: 'NSec.Cryptography', tier: TIERS.MODERN, algorithms: ['Ed25519', 'X25519', 'AES-256-GCM', 'ChaCha20-Poly1305'], note: 'Modern .NET 8+ libsodium API' },
372
+ { name: 'libsodium', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'ChaCha20-Poly1305'], note: 'Native libsodium binaries' },
373
+ { name: 'NaCl.Net', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305'], note: 'libsodium .NET bindings' },
374
+ { name: 'Sodium.Core', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519'], note: 'libsodium managed wrapper' },
375
+ { name: 'JWT', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256', 'PS256'], note: 'Lightweight JWT' },
376
+ { name: 'jose-jwt', tier: TIERS.MODERN, algorithms: ['JWS', 'JWE', 'AES-GCM', 'ECDH-ES', 'EdDSA'], note: 'Full JOSE' },
377
+ { name: 'Azure.Security.KeyVault.Keys', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'AES-GCM'], note: 'Azure KV keys' },
378
+ { name: 'AWSSDK.KeyManagementService', tier: TIERS.MODERN, algorithms: ['AES-256', 'RSA', 'ECDSA'], note: 'AWS KMS .NET SDK' },
379
+ { name: 'MimeKit', tier: TIERS.MODERN, algorithms: ['S/MIME', 'RSA-OAEP', 'AES-GCM', 'EdDSA'], note: 'S/MIME and OpenPGP' },
380
+ { name: 'Pkcs11Interop', tier: TIERS.MODERN, algorithms: ['PKCS#11'], note: 'HSM interface' },
381
+ { name: 'Inferno', tier: TIERS.MODERN, algorithms: ['AES-CBC', 'HMAC-SHA2'], note: 'SuiteB authenticated encryption' },
382
+
383
+ // --- pqc ---
384
+ { name: 'BouncyCastle.Cryptography', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'NTRU', 'FrodoKEM'], note: 'BC PQC suite since v2.0' },
385
+ { name: 'LibOQS.NET', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'Falcon', 'SPHINCS+'], note: 'OQS .NET wrapper' },
386
+ ];
387
+
388
+ // =========================================================================
389
+ // RubyGems (Ruby)
390
+ // =========================================================================
391
+
392
+ /** @type {import('./types').CatalogEntry[]} */
393
+ export const RUBYGEMS_PACKAGES = [
394
+ // --- weak ---
395
+ { name: 'digest', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1'], note: 'Stdlib; Digest::MD5 and Digest::SHA1 widely used' },
396
+ { name: 'digest-crc', tier: TIERS.WEAK, algorithms: ['CRC32', 'CRC16'], note: 'CRC checksums, not cryptographic' },
397
+ { name: 'crypt', tier: TIERS.WEAK, algorithms: ['DES-crypt', 'MD5-crypt'], note: 'Unix crypt() wrapper, legacy password hashing' },
398
+ { name: 'fast-aes', tier: TIERS.WEAK, algorithms: ['AES-ECB'], note: 'AES in ECB mode only, no IV, no authentication' },
399
+ { name: 'gibberish', tier: TIERS.WEAK, algorithms: ['AES-256-CBC', 'SHA-1'], note: 'Uses SHA-1 for key derivation' },
400
+ { name: 'ezcrypto', tier: TIERS.WEAK, algorithms: ['Blowfish', 'DES'], note: 'Unmaintained since 2009' },
401
+ { name: 'crypt19', tier: TIERS.WEAK, algorithms: ['Blowfish', 'GOST'], note: 'Legacy ciphers, unmaintained' },
402
+ { name: 'gpgme', tier: TIERS.WEAK, algorithms: ['RSA', 'DSA', 'CAST5'], note: 'GnuPG bindings, often uses legacy defaults' },
403
+
404
+ // --- modern ---
405
+ { name: 'openssl', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA', 'Ed25519', 'ChaCha20-Poly1305'], note: 'Ruby stdlib OpenSSL bindings' },
406
+ { name: 'bcrypt', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'OpenBSD bcrypt password hashing' },
407
+ { name: 'argon2', tier: TIERS.MODERN, algorithms: ['Argon2id', 'Argon2i'], note: 'PHC winner password hashing' },
408
+ { name: 'scrypt', tier: TIERS.MODERN, algorithms: ['scrypt'], note: 'Memory-hard KDF' },
409
+ { name: 'rbnacl', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305', 'ChaCha20-Poly1305', 'BLAKE2b'], note: 'libsodium FFI bindings' },
410
+ { name: 'ed25519', tier: TIERS.MODERN, algorithms: ['Ed25519'], note: 'Ed25519 digital signatures' },
411
+ { name: 'x25519', tier: TIERS.MODERN, algorithms: ['X25519'], note: 'X25519 Diffie-Hellman key exchange' },
412
+ { name: 'lockbox', tier: TIERS.MODERN, algorithms: ['AES-256-GCM'], note: 'Modern encryption for Ruby/Rails' },
413
+ { name: 'attr_encrypted', tier: TIERS.MODERN, algorithms: ['AES-256-GCM'], note: 'ActiveRecord attribute encryption' },
414
+ { name: 'symmetric-encryption', tier: TIERS.MODERN, algorithms: ['AES-256-CBC', 'AES-256-GCM'], note: 'Enterprise symmetric encryption for Rails' },
415
+ { name: 'encryptor', tier: TIERS.MODERN, algorithms: ['AES-256-GCM'], note: 'Simple OpenSSL cipher wrapper' },
416
+ { name: 'jwt', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256'], note: 'Ruby JWT implementation' },
417
+ { name: 'json-jwt', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA'], note: 'JSON JWT/JWS/JWE for Ruby' },
418
+ { name: 'jose', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'AES-GCM'], note: 'JOSE/JWT standards library' },
419
+ { name: 'rotp', tier: TIERS.MODERN, algorithms: ['HMAC-SHA1', 'TOTP', 'HOTP'], note: 'RFC 6238/4226 one-time passwords' },
420
+ { name: 'net-ssh', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'ChaCha20-Poly1305'], note: 'SSH protocol implementation' },
421
+ { name: 'digest-sha3', tier: TIERS.MODERN, algorithms: ['SHA-3', 'Keccak'], note: 'SHA-3 hash function' },
422
+ { name: 'fernet', tier: TIERS.MODERN, algorithms: ['AES-128-CBC', 'HMAC-SHA256'], note: 'Fernet symmetric encryption' },
423
+
424
+ // --- pqc ---
425
+ { name: 'liboqs', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'Falcon'], note: 'Open Quantum Safe Ruby bindings' },
426
+ ];
427
+
428
+ // =========================================================================
429
+ // Hex (Elixir/Erlang)
430
+ // =========================================================================
431
+
432
+ /** @type {import('./types').CatalogEntry[]} */
433
+ export const HEX_PACKAGES = [
434
+ // --- weak ---
435
+ { name: 'cipher', tier: TIERS.WEAK, algorithms: ['AES-256-CBC', 'MD5'], note: 'Uses MD5 for key derivation' },
436
+ { name: 'crypto', tier: TIERS.WEAK, algorithms: ['DES', 'RC4', 'MD5'], note: 'Erlang stdlib with access to weak algorithms' },
437
+ { name: 'keccakf1600', tier: TIERS.WEAK, algorithms: ['Keccak-f1600'], note: 'Low-level Keccak permutation NIF' },
438
+
439
+ // --- modern ---
440
+ { name: 'comeonin', tier: TIERS.MODERN, algorithms: ['bcrypt', 'Argon2', 'Pbkdf2'], note: 'Password hashing behaviour' },
441
+ { name: 'bcrypt_elixir', tier: TIERS.MODERN, algorithms: ['bcrypt'], note: 'Bcrypt password hashing' },
442
+ { name: 'argon2_elixir', tier: TIERS.MODERN, algorithms: ['Argon2id', 'Argon2i'], note: 'PHC winner password hashing' },
443
+ { name: 'pbkdf2_elixir', tier: TIERS.MODERN, algorithms: ['PBKDF2-SHA512'], note: 'PBKDF2 password hashing' },
444
+ { name: 'plug_crypto', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'HMAC', 'SHA-256'], note: 'Crypto utilities for Plug/Phoenix' },
445
+ { name: 'ex_crypto', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-CBC', 'RSA'], note: 'Wrapper around Erlang :crypto' },
446
+ { name: 'cloak', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-CTR'], note: 'Encryption library, pluggable ciphers' },
447
+ { name: 'cloak_ecto', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-CTR'], note: 'Ecto types for field encryption via Cloak' },
448
+ { name: 'enacl', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305', 'ChaCha20-Poly1305'], note: 'NIF bindings to libsodium' },
449
+ { name: 'salty', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305'], note: 'NIF bindings to libsodium' },
450
+ { name: 'jose', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'AES-GCM'], note: 'JOSE/JWT/JWS/JWE for Erlang and Elixir' },
451
+ { name: 'joken', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256'], note: 'JWT token utility' },
452
+ { name: 'guardian', tier: TIERS.MODERN, algorithms: ['HS256', 'RS256', 'ES256'], note: 'Token-based auth for Phoenix' },
453
+ { name: 'x509', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'X.509'], note: 'X.509 certificate handling' },
454
+ { name: 'ex_sha3', tier: TIERS.MODERN, algorithms: ['SHA-3', 'Keccak'], note: 'Pure Elixir SHA-3' },
455
+ { name: 'nimble_totp', tier: TIERS.MODERN, algorithms: ['HMAC-SHA1', 'TOTP'], note: 'TOTP for 2FA' },
456
+ { name: 'curve25519', tier: TIERS.MODERN, algorithms: ['Curve25519'], note: 'Curve25519 Diffie-Hellman' },
457
+
458
+ // --- pqc ---
459
+ { name: 'pqclean', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'Classic McEliece'], note: 'PQClean NIF bindings' },
460
+ { name: 'ex_tholos_pq', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA'], note: 'Elixir NIF bindings for PQC' },
461
+ ];
462
+
463
+ // =========================================================================
464
+ // pub.dev (Dart/Flutter)
465
+ // =========================================================================
466
+
467
+ /** @type {import('./types').CatalogEntry[]} */
468
+ export const PUB_PACKAGES = [
469
+ // --- weak ---
470
+ { name: 'crypto', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1', 'SHA-256', 'HMAC'], note: 'Dart team package; includes MD5/SHA-1' },
471
+ { name: 'crypto_dart', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1', 'AES-CBC'], note: 'CryptoJS-like API, includes weak algorithms' },
472
+ { name: 'md5_plugin', tier: TIERS.WEAK, algorithms: ['MD5'], note: 'MD5 hash only, collision-broken' },
473
+ { name: 'sha1', tier: TIERS.WEAK, algorithms: ['SHA-1'], note: 'SHA-1 only, collision-broken' },
474
+
475
+ // --- modern ---
476
+ { name: 'cryptography', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20', 'Ed25519', 'X25519', 'Argon2id', 'BLAKE2'], note: 'Comprehensive cross-platform crypto' },
477
+ { name: 'cryptography_flutter', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ChaCha20', 'Ed25519', 'X25519'], note: 'Flutter plugin for OS crypto APIs' },
478
+ { name: 'pointycastle', tier: TIERS.MODERN, algorithms: ['AES', 'RSA', 'ECDSA', 'SHA-256', 'SHA-3', 'ChaCha20'], note: 'BouncyCastle port for Dart' },
479
+ { name: 'encrypt', tier: TIERS.MODERN, algorithms: ['AES-CBC', 'AES-GCM', 'RSA', 'Salsa20'], note: 'High-level API over PointyCastle' },
480
+ { name: 'webcrypto', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'AES-CTR', 'RSA-OAEP', 'ECDSA', 'ECDH', 'HMAC'], note: 'Web Crypto API on all platforms' },
481
+ { name: 'fast_rsa', tier: TIERS.MODERN, algorithms: ['RSA-OAEP', 'RSA-PKCS1v15', 'RSA-PSS'], note: 'Native RSA operations' },
482
+ { name: 'steel_crypt', tier: TIERS.MODERN, algorithms: ['AES', 'ChaCha20', 'SHA-256', 'HMAC'], note: 'High-level crypto APIs' },
483
+ { name: 'pinenacl', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305', 'BLAKE2b'], note: 'TweetNaCl Dart port' },
484
+ { name: 'hashlib', tier: TIERS.MODERN, algorithms: ['SHA-256', 'SHA-3', 'BLAKE2', 'Argon2', 'bcrypt', 'scrypt'], note: 'Optimized hash and KDF library' },
485
+ { name: 'basic_utils', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'X.509'], note: 'Key parsing, CSR generation, X.509' },
486
+ { name: 'dart_jsonwebtoken', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'HS256', 'EdDSA'], note: 'JWT for Dart' },
487
+ { name: 'jose', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'EdDSA', 'AES-GCM'], note: 'JOSE/JWS/JWE/JWK for Dart' },
488
+ { name: 'sodium_libs', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'ChaCha20-Poly1305', 'Argon2id'], note: 'FFI bindings to native libsodium' },
489
+
490
+ // --- pqc ---
491
+ { name: 'pqcrypto', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA'], note: 'Pure Dart NIST PQC' },
492
+ { name: 'xkyber_crypto', tier: TIERS.PQC, algorithms: ['Kyber/ML-KEM'], note: 'Kyber KEM for Dart' },
493
+ { name: 'custom_post_quantum', tier: TIERS.PQC, algorithms: ['Kyber/ML-KEM', 'Dilithium/ML-DSA'], note: 'Dart NIST PQC candidates' },
494
+ ];
495
+
496
+ // =========================================================================
497
+ // CocoaPods (Swift/Objective-C)
498
+ // =========================================================================
499
+
500
+ /** @type {import('./types').CatalogEntry[]} */
501
+ export const COCOAPODS_PACKAGES = [
502
+ // --- weak ---
503
+ { name: 'OpenSSL', tier: TIERS.WEAK, algorithms: ['RSA', 'DES', 'RC4', 'MD5'], note: 'Deprecated by Apple, bundles weak ciphers' },
504
+ { name: 'OpenSSL-Universal', tier: TIERS.WEAK, algorithms: ['RSA', 'DES', 'RC4', 'MD5'], note: 'Universal OpenSSL build, legacy algorithms' },
505
+ { name: 'AESCrypt-ObjC', tier: TIERS.WEAK, algorithms: ['AES-256-CBC'], note: 'AES-CBC without authentication' },
506
+ { name: 'Arcane', tier: TIERS.WEAK, algorithms: ['MD5', 'SHA-1', 'AES-CBC', 'HMAC'], note: 'CommonCrypto wrapper; exposes MD5, SHA-1' },
507
+ { name: 'CommonCryptoSwift', tier: TIERS.WEAK, algorithms: ['DES', '3DES', 'MD5', 'SHA-1', 'AES-CBC'], note: 'CommonCrypto Swift wrapper' },
508
+
509
+ // --- modern ---
510
+ { name: 'CryptoSwift', tier: TIERS.MODERN, algorithms: ['AES', 'ChaCha20', 'Poly1305', 'RSA', 'PBKDF2', 'scrypt', 'HMAC', 'BLAKE2'], note: 'Pure Swift comprehensive crypto' },
511
+ { name: 'IDZSwiftCommonCrypto', tier: TIERS.MODERN, algorithms: ['AES', 'SHA-256', 'SHA-512', 'HMAC'], note: 'Swift wrapper for CommonCrypto' },
512
+ { name: 'SCrypto', tier: TIERS.MODERN, algorithms: ['SHA-256', 'HMAC', 'PBKDF2', 'AES'], note: 'CommonCrypto digest/HMAC/AES extensions' },
513
+ { name: 'SwCrypt', tier: TIERS.MODERN, algorithms: ['RSA', 'AES', 'ECDSA'], note: 'RSA key gen, AES via CommonCrypto' },
514
+ { name: 'SwiftyRSA', tier: TIERS.MODERN, algorithms: ['RSA-OAEP', 'RSA-PKCS1v15'], note: 'RSA encryption and signing' },
515
+ { name: 'Sodium', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'ChaCha20-Poly1305', 'Argon2id', 'BLAKE2b'], note: 'Swift libsodium bindings' },
516
+ { name: 'TweetNacl', tier: TIERS.MODERN, algorithms: ['X25519', 'Ed25519', 'XSalsa20-Poly1305'], note: 'TweetNaCl Swift port' },
517
+ { name: 'RNCryptor', tier: TIERS.MODERN, algorithms: ['AES-256-CBC', 'HMAC-SHA256', 'PBKDF2'], note: 'Cross-platform AES encryption' },
518
+ { name: 'themis', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'RSA', 'ECDSA', 'Ed25519'], note: 'Cossack Labs data security' },
519
+ { name: 'ObjectivePGP', tier: TIERS.MODERN, algorithms: ['RSA', 'ECDSA', 'Ed25519', 'AES'], note: 'OpenPGP for iOS/macOS' },
520
+ { name: 'JOSESwift', tier: TIERS.MODERN, algorithms: ['RS256', 'ES256', 'AES-GCM', 'ECDH-ES'], note: 'JOSE/JWS/JWE/JWK framework' },
521
+ { name: 'BlueRSA', tier: TIERS.MODERN, algorithms: ['RSA-OAEP', 'RSA-PSS'], note: 'IBM Kitura RSA' },
522
+ { name: 'BlueCryptor', tier: TIERS.MODERN, algorithms: ['AES', 'SHA-256', 'SHA-512', 'HMAC'], note: 'IBM Kitura CommonCrypto wrapper' },
523
+ { name: 'Tink', tier: TIERS.MODERN, algorithms: ['AES-GCM', 'ECDSA', 'Ed25519'], note: 'Google Tink for iOS' },
524
+
525
+ // --- pqc ---
526
+ { name: 'liboqs', tier: TIERS.PQC, algorithms: ['ML-KEM', 'ML-DSA', 'SLH-DSA', 'Falcon'], note: 'Open Quantum Safe via bridging header' },
527
+ ];
528
+
529
+ // =========================================================================
530
+ // API
531
+ // =========================================================================
532
+
533
+ /**
534
+ * Get all packages for an ecosystem.
535
+ * @param {'npm'|'pypi'|'go'|'maven'|'crates'|'packagist'|'nuget'|'rubygems'|'hex'|'pub'|'cocoapods'} ecosystem
536
+ * @returns {import('./types').CatalogEntry[]}
537
+ */
538
+ export function getPackages(ecosystem) {
539
+ switch (ecosystem) {
540
+ case 'npm': return NPM_PACKAGES;
541
+ case 'pypi': return PYPI_PACKAGES;
542
+ case 'go': return GO_PACKAGES;
543
+ case 'maven': return MAVEN_PACKAGES;
544
+ case 'crates': return CRATES_PACKAGES;
545
+ case 'packagist': return PACKAGIST_PACKAGES;
546
+ case 'nuget': return NUGET_PACKAGES;
547
+ case 'rubygems': return RUBYGEMS_PACKAGES;
548
+ case 'hex': return HEX_PACKAGES;
549
+ case 'pub': return PUB_PACKAGES;
550
+ case 'cocoapods': return COCOAPODS_PACKAGES;
551
+ default: return [];
552
+ }
553
+ }
554
+
555
+ /**
556
+ * Get package names filtered by tier.
557
+ * @param {'npm'|'pypi'|'go'|'maven'|'crates'|'packagist'|'nuget'|'rubygems'|'hex'|'pub'|'cocoapods'} ecosystem
558
+ * @param {string} tier
559
+ * @returns {string[]}
560
+ */
561
+ export function getNamesByTier(ecosystem, tier) {
562
+ return getPackages(ecosystem)
563
+ .filter(p => p.tier === tier)
564
+ .map(p => p.name);
565
+ }
566
+
567
+ /**
568
+ * Total number of packages in the catalog across all ecosystems.
569
+ * @returns {number}
570
+ */
571
+ export function getCatalogSize() {
572
+ return NPM_PACKAGES.length + PYPI_PACKAGES.length + GO_PACKAGES.length +
573
+ MAVEN_PACKAGES.length + CRATES_PACKAGES.length +
574
+ PACKAGIST_PACKAGES.length + NUGET_PACKAGES.length +
575
+ RUBYGEMS_PACKAGES.length + HEX_PACKAGES.length +
576
+ PUB_PACKAGES.length + COCOAPODS_PACKAGES.length;
577
+ }