npm - dotenv-diff - Versions diffs - 2.4.7 → 2.4.8 - Mend

dotenv-diff 2.4.7 → 2.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/CHANGELOG.md +13 -0
package/dist/src/cli/run.js +2 -2
package/dist/src/cli/run.js.map +1 -1
package/dist/src/commands/compare.js +1 -1
package/dist/src/commands/compare.js.map +1 -1
package/dist/src/commands/ensureFilesOrPrompt.d.ts +22 -0
package/dist/src/commands/ensureFilesOrPrompt.d.ts.map +1 -0
package/dist/src/commands/ensureFilesOrPrompt.js +76 -0
package/dist/src/commands/ensureFilesOrPrompt.js.map +1 -0
package/dist/src/commands/scanUsage.js +6 -6
package/dist/src/commands/scanUsage.js.map +1 -1
package/dist/src/config/types.d.ts +3 -2
package/dist/src/config/types.d.ts.map +1 -1
package/dist/src/config/types.js +2 -2
package/dist/src/config/types.js.map +1 -1
package/dist/src/core/computeHealthScore.d.ts.map +1 -1
package/dist/src/core/computeHealthScore.js +3 -0
package/dist/src/core/computeHealthScore.js.map +1 -1
package/dist/src/core/detectInconsistentNaming.js +0 -7
package/dist/src/core/detectInconsistentNaming.js.map +1 -1
package/dist/src/core/duplicates.d.ts +5 -4
package/dist/src/core/duplicates.d.ts.map +1 -0
package/dist/src/core/duplicates.js +5 -2
package/dist/src/core/duplicates.js.map +1 -0
package/dist/src/core/envDiscovery.d.ts +19 -0
package/dist/src/core/envDiscovery.d.ts.map +1 -0
package/dist/src/core/envDiscovery.js +81 -0
package/dist/src/core/envDiscovery.js.map +1 -0
package/dist/src/core/exampleSecretDetector.d.ts.map +1 -1
package/dist/src/core/exampleSecretDetector.js +2 -2
package/dist/src/core/exampleSecretDetector.js.map +1 -1
package/dist/src/core/frameworks/frameworkDetector.d.ts +14 -0
package/dist/src/core/frameworks/frameworkDetector.d.ts.map +1 -0
package/dist/src/core/frameworks/frameworkDetector.js +40 -0
package/dist/src/core/frameworks/frameworkDetector.js.map +1 -0
package/dist/src/core/frameworks/frameworkValidator.d.ts +10 -0
package/dist/src/core/frameworks/frameworkValidator.d.ts.map +1 -0
package/dist/src/core/frameworks/frameworkValidator.js +21 -0
package/dist/src/core/frameworks/frameworkValidator.js.map +1 -0
package/dist/src/core/frameworks/nextJsRules.d.ts.map +1 -1
package/dist/src/core/frameworks/nextJsRules.js +4 -28
package/dist/src/core/frameworks/nextJsRules.js.map +1 -1
package/dist/src/core/frameworks/sveltekitRules.d.ts.map +1 -1
package/dist/src/core/frameworks/sveltekitRules.js +31 -30
package/dist/src/core/frameworks/sveltekitRules.js.map +1 -1
package/dist/src/core/parseEnv.d.ts.map +1 -1
package/dist/src/core/parseEnv.js +19 -1
package/dist/src/core/parseEnv.js.map +1 -1
package/dist/src/core/patterns.d.ts.map +1 -1
package/dist/src/core/patterns.js +24 -1
package/dist/src/core/patterns.js.map +1 -1
package/dist/src/core/processComparisonFile.js +1 -1
package/dist/src/core/processComparisonFile.js.map +1 -1
package/dist/src/core/scan/scanJsonOutput.d.ts +85 -0
package/dist/src/core/scan/scanJsonOutput.d.ts.map +1 -0
package/dist/src/core/scan/scanJsonOutput.js +97 -0
package/dist/src/core/scan/scanJsonOutput.js.map +1 -0
package/dist/src/core/scan/secretDetectors.d.ts +28 -0
package/dist/src/core/scan/secretDetectors.d.ts.map +1 -0
package/dist/src/core/scan/secretDetectors.js +272 -0
package/dist/src/core/scan/secretDetectors.js.map +1 -0
package/dist/src/core/scanFile.d.ts.map +1 -1
package/dist/src/core/scanFile.js +11 -1
package/dist/src/core/scanFile.js.map +1 -1
package/dist/src/core/security/entropy.d.ts +8 -0
package/dist/src/core/security/entropy.d.ts.map +1 -0
package/dist/src/core/security/entropy.js +23 -0
package/dist/src/core/security/entropy.js.map +1 -0
package/dist/src/core/security/exampleSecretDetector.d.ts +13 -0
package/dist/src/core/security/exampleSecretDetector.d.ts.map +1 -0
package/dist/src/core/security/exampleSecretDetector.js +61 -0
package/dist/src/core/security/exampleSecretDetector.js.map +1 -0
package/dist/src/core/security/secretDetectors.d.ts +28 -0
package/dist/src/core/security/secretDetectors.d.ts.map +1 -0
package/dist/src/core/security/secretDetectors.js +292 -0
package/dist/src/core/security/secretDetectors.js.map +1 -0
package/dist/src/index.js +0 -7
package/dist/src/index.js.map +1 -1
package/dist/src/services/printScanResult.d.ts +17 -0
package/dist/src/services/printScanResult.d.ts.map +1 -0
package/dist/src/services/printScanResult.js +127 -0
package/dist/src/services/printScanResult.js.map +1 -0
package/dist/src/services/scanCodebase.d.ts +8 -0
package/dist/src/services/scanCodebase.d.ts.map +1 -0
package/dist/src/services/scanCodebase.js +110 -0
package/dist/src/services/scanCodebase.js.map +1 -0
package/dist/src/ui/scan/printConsolelogWarning.d.ts.map +1 -1
package/dist/src/ui/scan/printConsolelogWarning.js +5 -4
package/dist/src/ui/scan/printConsolelogWarning.js.map +1 -1
package/dist/src/ui/scan/printExampleWarnings.d.ts +1 -1
package/dist/src/ui/scan/printExampleWarnings.d.ts.map +1 -1
package/dist/src/ui/scan/printFrameworkWarnings.d.ts.map +1 -1
package/dist/src/ui/scan/printFrameworkWarnings.js +4 -2
package/dist/src/ui/scan/printFrameworkWarnings.js.map +1 -1
package/dist/src/ui/scan/printSecrets.d.ts +1 -1
package/dist/src/ui/scan/printSecrets.d.ts.map +1 -1
package/package.json +7 -5

package/dist/src/core/security/secretDetectors.js ADDED Viewed

@@ -0,0 +1,292 @@
+import { shannonEntropyNormalized } from './entropy.js';
+// Regular expressions for detecting suspicious keys and provider patterns
+export const SUSPICIOUS_KEYS = /\b(pass(word)?|secret|token|apikey|api_key|key|auth|bearer|private|client_secret|access[_-]?token)\b/i;
+// Regular expressions for detecting provider patterns
+export const PROVIDER_PATTERNS = [
+    /\bAKIA[0-9A-Z]{16}\b/, // AWS access key id
+    /\bASIA[0-9A-Z]{16}\b/, // AWS temp key
+    /\bghp_[0-9A-Za-z]{30,}\b/, // GitHub token
+    /\bsk_live_[0-9a-zA-Z]{24,}\b/, // Stripe live secret
+    /\bsk_test_[0-9a-zA-Z]{24,}\b/, // Stripe test secret
+    /\bAIza[0-9A-Za-z\-_]{20,}\b/, // Google API key
+    /\bya29\.[0-9A-Za-z\-_]+\b/, // Google OAuth access token
+    /\b[A-Za-z0-9_-]{21}:[A-Za-z0-9_-]{140}\b/, // Firebase token
+    /\b0x[a-fA-F0-9]{40}\b/, // Ethereum address
+    /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/, // JWT token
+    /\bAC[0-9a-fA-F]{32}\b/, // Twilio Account SID
+];
+const LONG_LITERAL = /["'`]{1}([A-Za-z0-9+/_\-]{24,})["'`]{1}/g;
+const HTTPS_PATTERN = /["'`](https?:\/\/(?!localhost)[^"'`]*)["'`]/g;
+// List of harmless URL patterns to ignore
+const HARMLESS_URLS = [
+    /https?:\/\/(www\.)?placeholder\.com/i,
+    /https?:\/\/(www\.)?example\.com/i,
+    /https?:\/\/127\.0\.0\.1(:\d+)?/i,
+    /http:\/\/www\.w3\.org\/2000\/svg/i,
+    /xmlns=["']http:\/\/www\.w3\.org\/2000\/svg["']/i, // SVG namespace
+];
+// Known harmless attribute keys commonly used in UI / analytics
+const HARMLESS_ATTRIBUTE_KEYS = /\b(trackingId|trackingContext|data-testid|data-test|aria-label)\b/i;
+// Checks if a line is an HTML text node
+// Checks if a line is an HTML text node or tag
+function isHtmlTextNode(line) {
+    const trimmed = line.trim();
+    // Empty line
+    if (!trimmed)
+        return false;
+    // Starts with <tag> and ends with </tag> with text inside
+    // OR is a self-contained HTML tag (even without closing tag on same line)
+    return ((/^<[^>]+>[^<]*<\/[^>]+>$/.test(trimmed) &&
+        !/=["'`][^"'`]*["'`]/.test(trimmed)) || // complete tag without suspicious assignment
+        /^<[a-z][a-z0-9-]*(?:\s+[a-z-]+(?:=["'][^"']*["'])?)*\s*\/?>$/i.test(trimmed) // opening or self-closing tag
+    );
+}
+/**
+ * Determines the severity of a secret finding.
+ * @param kind 'pattern' | 'entropy'
+ * @param message The message describing the finding
+ * @param literalLength The length of the literal string (if applicable)
+ * @returns The severity level of the secret finding
+ */
+function determineSeverity(kind, message, literalLength) {
+    // HIGH: Known provider key patterns
+    if (message.includes('known provider key pattern')) {
+        return 'high';
+    }
+    // HIGH: Very high-entropy long strings
+    if (kind === 'entropy' && literalLength && literalLength >= 48) {
+        return 'high';
+    }
+    // MEDIUM: Password/secret/token patterns
+    if (message.includes('password/secret/token-like')) {
+        return 'medium';
+    }
+    // MEDIUM: Medium high-entropy strings
+    if (kind === 'entropy' && literalLength && literalLength >= 32) {
+        return 'medium';
+    }
+    // MEDIUM: HTTP URLs
+    if (message.includes('HTTP URL detected')) {
+        return 'medium';
+    }
+    // LOW: HTTPS URLs
+    if (message.includes('HTTPS URL detected')) {
+        return 'low';
+    }
+    // Default to medium if we can't determine
+    return 'medium';
+}
+/**
+ * Checks if a line has an ignore comment
+ * fx: // dotenv-diff-ignore or /* dotenv-diff-ignore *\/ or <!-- dotenv-diff-ignore -->
+ * @param line - The line to check
+ * @returns True if the line should be ignored
+ */
+export function hasIgnoreComment(line) {
+    const normalized = line.trim();
+    // Allow mixed casing, extra spaces, and optional dashes
+    return (/\/\/.*dotenv[\s-]*diff[\s-]*ignore/i.test(normalized) ||
+        /\/\*.*dotenv[\s-]*diff[\s-]*ignore.*\*\//i.test(normalized) ||
+        /<!--.*dotenv[\s-]*diff[\s-]*ignore.*-->/i.test(normalized) ||
+        /\bdotenv[\s-]*diff[\s-]*ignore\b/i.test(normalized));
+}
+/**
+ * Checks if a URL should be ignored based on ignoreUrls from config.
+ * @param url - The URL that might be a potential secret
+ * @param ignoreUrls - List of URLs to ignore (from config)
+ * @returns true if the URL matches any ignore pattern
+ */
+function ignoreUrlsMatch(url, ignoreUrls) {
+    if (!ignoreUrls?.length)
+        return false;
+    // case-insensitive substring match
+    return ignoreUrls.some((pattern) => url.toLowerCase().includes(pattern.toLowerCase()));
+}
+/**
+ * Checks if a string looks like a harmless literal.
+ * @param s - The string to check.
+ * @returns True if the string looks harmless, false otherwise.
+ */
+function looksHarmlessLiteral(s) {
+    return (/\S+@\S+/.test(s) || // emails
+        /^data:[a-z]+\/[a-z0-9.+-]+;base64,/i.test(s) || // data URIs
+        /^\.{0,2}\//.test(s) || // relative paths
+        /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(s) || // UUID
+        /^[0-9a-f]{32,128}$/i.test(s) || // MD5, SHA1, SHA256, etc.
+        /^[A-Za-z0-9+/_\-]{16,20}={0,2}$/.test(s) || // short base64
+        /^[A-Za-z0-9+/_\-]*(_PUBLIC|_PRIVATE|VITE_|NEXT_PUBLIC|VUE_)[A-Za-z0-9+/_\-]*={0,2}$/.test(s) || // env-like keys
+        /^[MmZzLlHhVvCcSsQqTtAa][0-9eE+.\- ,MmZzLlHhVvCcSsQqTtAa]*$/.test(s) || // SVG path data
+        /<svg[\s\S]*?>[\s\S]*?<\/svg>/i.test(s) || // SVG markup
+        HARMLESS_URLS.some((rx) => rx.test(s)) // Allowlisted URLs
+    );
+}
+/**
+ * Checks if a line looks like a URL construction pattern.
+ * @param line - The line to check.
+ * @returns True if the line looks like URL construction, false otherwise.
+ */
+function looksLikeUrlConstruction(line) {
+    // Check for template literals or string concatenation that looks like URLs
+    return (
+    // Template literals with URL-like patterns
+    /=\s*`[^`]*\$\{[^}]+\}[^`]*\/[^`]*`/.test(line) ||
+        // String concatenation with slashes
+        /=\s*["'][^"']*\/[^"']*["']\s*\+/.test(line) ||
+        // Contains common URL patterns
+        /=\s*["'`][^"'`]*\/[^"'`]*(auth|api|login|redirect|callback|protocol)[^"'`]*\/[^"'`]*["'`]/.test(line) ||
+        // Keycloak-specific patterns
+        /realms\/.*\/protocol\/openid-connect/.test(line));
+}
+/**
+ * Checks if a file path is probably a test path.
+ * This is determined by looking for common test folder names and file extensions.
+ * @param p - The file path to check.
+ * @returns True if the file path is probably a test path, false otherwise.
+ */
+function isProbablyTestPath(p) {
+    return (/\b(__tests__|__mocks__|fixtures|sandbox|samples)\b/i.test(p) ||
+        /\.(spec|test)\.[jt]sx?$/.test(p));
+}
+/**
+ * Checks if a string is a pure interpolation template.
+ * @param s - The string to check.
+ * @returns True if the string is a pure interpolation template, false otherwise.
+ */
+function isPureInterpolationTemplate(s) {
+    // Matches templates like `${a}`, `${a}:${b}`, `${a}|${b}|${c}`
+    // i.e. no meaningful static content
+    const withoutInterpolations = s.replace(/\$\{[^}]+\}/g, '');
+    return /^[\s:|,._-]*$/.test(withoutInterpolations);
+}
+// Threshold is the value between 0 and 1 that determines the sensitivity of the detection.
+const DEFAULT_SECRET_THRESHOLD = 0.85;
+/**
+ * Optimized for sveltekit and vite env accessors
+ * @param line - A line of code to check.
+ * @returns True if the line is an environment variable accessor, false otherwise.
+ */
+function isEnvAccessor(line) {
+    return /\b(process\.env|import\.meta\.env|\$env\/(static|dynamic)\/(public|private))\b/.test(line);
+}
+/**
+ * Detects secrets in the source code of a file.
+ * @param file - The file path to check.
+ * @param source - The source code to scan for secrets.
+ * @returns An array of secret findings.
+ */
+export function detectSecretsInSource(file, source, opts) {
+    const threshold = isProbablyTestPath(file) ? 0.95 : DEFAULT_SECRET_THRESHOLD;
+    const findings = [];
+    const lines = source.split(/\r?\n/);
+    let insideIgnoreBlock = false;
+    for (let i = 0; i < lines.length; i++) {
+        const lineNo = i + 1;
+        const line = lines[i] || '';
+        if (/<!--\s*dotenv[\s-]*diff[\s-]*ignore[\s-]*start\s*-->/i.test(line)) {
+            insideIgnoreBlock = true;
+            continue;
+        }
+        if (/<!--\s*dotenv[\s-]*diff[\s-]*ignore[\s-]*end\s*-->/i.test(line)) {
+            insideIgnoreBlock = false;
+            continue;
+        }
+        // Skip if inside ignore block
+        if (insideIgnoreBlock)
+            continue;
+        // Skip comments
+        if (/^\s*\/\//.test(line))
+            continue;
+        // Check if line has ignore comment
+        if (hasIgnoreComment(line))
+            continue;
+        // Check for HTTPS URLs
+        HTTPS_PATTERN.lastIndex = 0;
+        let httpsMatch;
+        while ((httpsMatch = HTTPS_PATTERN.exec(line))) {
+            const url = httpsMatch[1] || '';
+            if (url && !looksHarmlessLiteral(url)) {
+                if (ignoreUrlsMatch(url, opts?.ignoreUrls))
+                    continue;
+                const protocol = url.startsWith('https') ? 'HTTPS' : 'HTTP';
+                findings.push({
+                    file,
+                    line: lineNo,
+                    kind: 'pattern',
+                    message: `${protocol} URL detected – consider moving to an environment variable`,
+                    snippet: line.trim().slice(0, 180),
+                    severity: protocol === 'HTTP' ? 'medium' : 'low',
+                });
+            }
+        }
+        // 1) Suspicious key literal assignments
+        if (SUSPICIOUS_KEYS.test(line)) {
+            // Ignore known harmless UI / analytics attributes
+            if (HARMLESS_ATTRIBUTE_KEYS.test(line))
+                continue;
+            // Ignore HTML text nodes
+            if (isHtmlTextNode(line))
+                continue;
+            // Ignore if inside HTML tag content
+            if (/<[^>]*>.*<\/[^>]*>/.test(line.trim()))
+                continue;
+            const m = line.match(/=\s*["'`](.+?)["'`]/);
+            if (m &&
+                m[1] &&
+                !looksHarmlessLiteral(m[1]) &&
+                !looksLikeUrlConstruction(line) &&
+                m[1].length >= 12 &&
+                !isEnvAccessor(line) &&
+                !isPureInterpolationTemplate(m[1])) {
+                findings.push({
+                    file,
+                    line: lineNo,
+                    kind: 'pattern',
+                    message: 'matches password/secret/token-like literal assignment',
+                    snippet: line.trim().slice(0, 180),
+                    severity: 'medium',
+                });
+            }
+        }
+        // 2) Provider patterns
+        for (const rx of PROVIDER_PATTERNS) {
+            if (rx.test(line)) {
+                findings.push({
+                    file,
+                    line: lineNo,
+                    kind: 'pattern',
+                    message: 'matches known provider key pattern',
+                    snippet: line.trim().slice(0, 180),
+                    severity: 'high',
+                });
+            }
+        }
+        // 3) High-entropy long literals
+        LONG_LITERAL.lastIndex = 0;
+        let lm;
+        while ((lm = LONG_LITERAL.exec(line))) {
+            const literal = lm[1] || '';
+            if (looksHarmlessLiteral(literal))
+                continue;
+            if (literal.length < 32)
+                continue;
+            const ent = shannonEntropyNormalized(literal);
+            if (ent >= threshold) {
+                const message = `found high-entropy string (len ${literal.length}, H≈${ent.toFixed(2)})`;
+                findings.push({
+                    file,
+                    line: lineNo,
+                    kind: 'entropy',
+                    message,
+                    snippet: line.trim().slice(0, 180),
+                    severity: determineSeverity('entropy', message, literal.length),
+                });
+            }
+        }
+    }
+    const uniqueFindings = findings.filter((f, idx, arr) => idx ===
+        arr.findIndex((other) => other.file === f.file &&
+            other.line === f.line &&
+            other.snippet === f.snippet));
+    return uniqueFindings;
+}
+//# sourceMappingURL=secretDetectors.js.map

package/dist/src/core/security/secretDetectors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secretDetectors.js","sourceRoot":"","sources":["../../../../src/core/security/secretDetectors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAcxD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,eAAe,GAC1B,uGAAuG,CAAC;AAE1G,sDAAsD;AACtD,MAAM,CAAC,MAAM,iBAAiB,GAAa;IACzC,sBAAsB,EAAE,oBAAoB;IAC5C,sBAAsB,EAAE,eAAe;IACvC,0BAA0B,EAAE,eAAe;IAC3C,8BAA8B,EAAE,qBAAqB;IACrD,8BAA8B,EAAE,qBAAqB;IACrD,6BAA6B,EAAE,iBAAiB;IAChD,2BAA2B,EAAE,4BAA4B;IACzD,0CAA0C,EAAE,iBAAiB;IAC7D,uBAAuB,EAAE,mBAAmB;IAC5C,uDAAuD,EAAE,YAAY;IACrE,uBAAuB,EAAE,qBAAqB;CAC/C,CAAC;AAEF,MAAM,YAAY,GAAG,0CAA0C,CAAC;AAEhE,MAAM,aAAa,GAAG,8CAA8C,CAAC;AAErE,0CAA0C;AAC1C,MAAM,aAAa,GAAG;IACpB,sCAAsC;IACtC,kCAAkC;IAClC,iCAAiC;IACjC,mCAAmC;IACnC,iDAAiD,EAAE,gBAAgB;CACpE,CAAC;AAEF,gEAAgE;AAChE,MAAM,uBAAuB,GAC3B,oEAAoE,CAAC;AAEvE,wCAAwC;AACxC,+CAA+C;AAC/C,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,aAAa;IACb,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,0DAA0D;IAC1D,0EAA0E;IAC1E,OAAO,CACL,CAAC,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC;QACtC,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,6CAA6C;QACvF,+DAA+D,CAAC,IAAI,CAClE,OAAO,CACR,CAAC,8BAA8B;KACjC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB,CACxB,IAA2B,EAC3B,OAAe,EACf,aAAsB;IAEtB,oCAAoC;IACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;QACnD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,uCAAuC;IACvC,IAAI,IAAI,KAAK,SAAS,IAAI,aAAa,IAAI,aAAa,IAAI,EAAE,EAAE,CAAC;QAC/D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,EAAE,CAAC;QACnD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,sCAAsC;IACtC,IAAI,IAAI,KAAK,SAAS,IAAI,aAAa,IAAI,aAAa,IAAI,EAAE,EAAE,CAAC;QAC/D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC1C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,kBAAkB;IAClB,IAAI,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,0CAA0C;IAC1C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE/B,wDAAwD;IACxD,OAAO,CACL,qCAAqC,CAAC,IAAI,CAAC,UAAU,CAAC;QACtD,2CAA2C,CAAC,IAAI,CAAC,UAAU,CAAC;QAC5D,0CAA0C,CAAC,IAAI,CAAC,UAAU,CAAC;QAC3D,mCAAmC,CAAC,IAAI,CAAC,UAAU,CAAC,CACrD,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,GAAW,EAAE,UAAqB;IACzD,IAAI,CAAC,UAAU,EAAE,MAAM;QAAE,OAAO,KAAK,CAAC;IAEtC,mCAAmC;IACnC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACjC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAClD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,CAAS;IACrC,OAAO,CACL,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,SAAS;QAC9B,qCAAqC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,YAAY;QAC7D,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,iBAAiB;QACzC,iEAAiE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO;QACpF,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,0BAA0B;QAC3D,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,eAAe;QAC5D,qFAAqF,CAAC,IAAI,CACxF,CAAC,CACF,IAAI,gBAAgB;QACrB,4DAA4D,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,gBAAgB;QACxF,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,aAAa;QACxD,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;KAC3D,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,IAAY;IAC5C,2EAA2E;IAC3E,OAAO;IACL,2CAA2C;IAC3C,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC;QAC/C,oCAAoC;QACpC,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5C,+BAA+B;QAC/B,2FAA2F,CAAC,IAAI,CAC9F,IAAI,CACL;QACD,6BAA6B;QAC7B,sCAAsC,CAAC,IAAI,CAAC,IAAI,CAAC,CAClD,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,CAAS;IACnC,OAAO,CACL,qDAAqD,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAClC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,2BAA2B,CAAC,CAAS;IAC5C,+DAA+D;IAC/D,oCAAoC;IACpC,MAAM,qBAAqB,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IAC5D,OAAO,eAAe,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;AACrD,CAAC;AAED,2FAA2F;AAC3F,MAAM,wBAAwB,GAAG,IAAa,CAAC;AAE/C;;;;GAIG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,gFAAgF,CAAC,IAAI,CAC1F,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,IAAY,EACZ,MAAc,EACd,IAAgC;IAEhC,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,wBAAwB,CAAC;IAE7E,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEpC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE5B,IAAI,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvE,iBAAiB,GAAG,IAAI,CAAC;YACzB,SAAS;QACX,CAAC;QAED,IAAI,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,iBAAiB,GAAG,KAAK,CAAC;YAC1B,SAAS;QACX,CAAC;QAED,8BAA8B;QAC9B,IAAI,iBAAiB;YAAE,SAAS;QAEhC,gBAAgB;QAChB,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEpC,mCAAmC;QACnC,IAAI,gBAAgB,CAAC,IAAI,CAAC;YAAE,SAAS;QAErC,uBAAuB;QACvB,aAAa,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,IAAI,UAAkC,CAAC;QACvC,OAAO,CAAC,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAChC,IAAI,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtC,IAAI,eAAe,CAAC,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC;oBAAE,SAAS;gBACrD,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;gBAE5D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,GAAG,QAAQ,4DAA4D;oBAChF,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,QAAQ,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;iBACjD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,kDAAkD;YAClD,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjD,yBAAyB;YACzB,IAAI,cAAc,CAAC,IAAI,CAAC;gBAAE,SAAS;YACnC,oCAAoC;YACpC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAAE,SAAS;YAErD,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YAC5C,IACE,CAAC;gBACD,CAAC,CAAC,CAAC,CAAC;gBACJ,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3B,CAAC,wBAAwB,CAAC,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE;gBACjB,CAAC,aAAa,CAAC,IAAI,CAAC;gBACpB,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAClC,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,uDAAuD;oBAChE,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,oCAAoC;oBAC7C,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,YAAY,CAAC,SAAS,GAAG,CAAC,CAAC;QAC3B,IAAI,EAA0B,CAAC;QAC/B,OAAO,CAAC,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,oBAAoB,CAAC,OAAO,CAAC;gBAAE,SAAS;YAC5C,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS;YAClC,MAAM,GAAG,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC9C,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;gBACrB,MAAM,OAAO,GAAG,kCAAkC,OAAO,CAAC,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzF,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,SAAS;oBACf,OAAO;oBACP,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,QAAQ,EAAE,iBAAiB,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CACd,GAAG;QACH,GAAG,CAAC,SAAS,CACX,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI;YACrB,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI;YACrB,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC,OAAO,CAC9B,CACJ,CAAC;IAEF,OAAO,cAAc,CAAC;AACxB,CAAC"}

package/dist/src/index.js CHANGED Viewed

@@ -1,10 +1,3 @@
 export { parseEnvFile } from './core/parseEnv.js';
 export { diffEnv } from './core/diffEnv.js';
-const api = process.env.API_KEY;
-const dbUrl = process.env.DATABASE_URL;
-const fgKey = process.env.FGG_KE;
-const fgKey2 = process.env.FGG_KE;
-const secret = process.env.SECRET_TOKEN;
-const secret2 = process.env.SECRET_TOKEN;
-const secret3 = process.env.SECRET_TOKEN;
 //# sourceMappingURL=index.js.map

package/dist/src/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAmB,MAAM,mBAAmB,CAAC;AAE7D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;AAEhC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AAEvC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;AAEjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;AAElC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AAExC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AAEzC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAmB,MAAM,mBAAmB,CAAC"}

package/dist/src/services/printScanResult.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { ScanUsageOptions, ScanResult, ExitResult } from '../config/types.js';
+interface FixContext {
+    fixApplied: boolean;
+    removedDuplicates: string[];
+    addedEnv: string[];
+    gitignoreUpdated: boolean;
+}
+/**
+ * Prints the scan result to the console.
+ * @param scanResult - The result of the scan.
+ * @param opts - The scan options.
+ * @param comparedAgainst - The file being compared against.
+ * @returns An object indicating whether to exit with an error.
+ */
+export declare function printScanResult(scanResult: ScanResult, opts: ScanUsageOptions, comparedAgainst: string, fixContext?: FixContext): ExitResult;
+export {};
+//# sourceMappingURL=printScanResult.d.ts.map

package/dist/src/services/printScanResult.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"printScanResult.d.ts","sourceRoot":"","sources":["../../../src/services/printScanResult.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,UAAU,EACV,UAAU,EACX,MAAM,oBAAoB,CAAC;AAqB5B,UAAU,UAAU;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,gBAAgB,EACtB,eAAe,EAAE,MAAM,EACvB,UAAU,CAAC,EAAE,UAAU,GACtB,UAAU,CAkLZ"}

package/dist/src/services/printScanResult.js ADDED Viewed

@@ -0,0 +1,127 @@
+import path from 'path';
+import { checkGitignoreStatus } from './git.js';
+import { printGitignoreWarning } from '../ui/shared/printGitignore.js';
+import { DEFAULT_ENV_FILE } from '../config/constants.js';
+import { printHeader } from '../ui/scan/printHeader.js';
+import { printStats } from '../ui/scan/printStats.js';
+import { printMissing } from '../ui/scan/printMissing.js';
+import { printUnused } from '../ui/scan/printUnused.js';
+import { printDuplicates } from '../ui/shared/printDuplicates.js';
+import { printSecrets } from '../ui/scan/printSecrets.js';
+import { printSuccess } from '../ui/shared/printSuccess.js';
+import { printStrictModeError } from '../ui/shared/printStrictModeError.js';
+import { printFixTips } from '../ui/shared/printFixTips.js';
+import { printAutoFix } from '../ui/shared/printAutoFix.js';
+import { printFrameworkWarnings } from '../ui/scan/printFrameworkWarnings.js';
+import { printExampleWarnings } from '../ui/scan/printExampleWarnings.js';
+import { printConsolelogWarning } from '../ui/scan/printConsolelogWarning.js';
+import { printUppercaseWarning } from '../ui/scan/printUppercaseWarning.js';
+import { computeHealthScore } from '../core/computeHealthScore.js';
+import { printHealthScore } from '../ui/scan/printHealthScore.js';
+import { printExpireWarnings } from '../ui/scan/printExpireWarnings.js';
+import { printInconsistentNamingWarning } from '../ui/scan/printInconsistentNamingWarning.js';
+/**
+ * Prints the scan result to the console.
+ * @param scanResult - The result of the scan.
+ * @param opts - The scan options.
+ * @param comparedAgainst - The file being compared against.
+ * @returns An object indicating whether to exit with an error.
+ */
+export function printScanResult(scanResult, opts, comparedAgainst, fixContext) {
+    let exitWithError = false;
+    // Determine if output should be in JSON format
+    const isJson = opts.json ?? false;
+    printHeader(comparedAgainst);
+    // Show stats if requested
+    printStats(scanResult.stats, isJson, opts.showStats ?? true);
+    // Missing variables (used in code but not in env file)
+    if (printMissing(scanResult.missing, scanResult.used, comparedAgainst, opts.isCiMode ?? false, isJson)) {
+        exitWithError = true;
+    }
+    if (scanResult.frameworkWarnings && scanResult.frameworkWarnings.length > 0) {
+        printFrameworkWarnings(scanResult.frameworkWarnings, isJson);
+    }
+    if (scanResult.uppercaseWarnings && scanResult.uppercaseWarnings.length > 0) {
+        printUppercaseWarning(scanResult.uppercaseWarnings, comparedAgainst, isJson);
+    }
+    if (scanResult.inconsistentNamingWarnings &&
+        scanResult.inconsistentNamingWarnings.length > 0) {
+        printInconsistentNamingWarning(scanResult.inconsistentNamingWarnings, isJson);
+    }
+    printExampleWarnings(scanResult.exampleWarnings ?? [], isJson);
+    // Unused
+    printUnused(scanResult.unused, comparedAgainst, opts.showUnused ?? false, isJson);
+    // Duplicates
+    printDuplicates(comparedAgainst || DEFAULT_ENV_FILE, 'example file', scanResult.duplicates?.env ?? [], scanResult.duplicates?.example ?? [], isJson);
+    // Print potential secrets found
+    printSecrets(scanResult.secrets ?? [], isJson);
+    // Console log usage warning
+    printConsolelogWarning(scanResult.logged ?? [], isJson);
+    // Expiration warnings
+    printExpireWarnings(scanResult.expireWarnings ?? [], isJson);
+    // Check for high severity secrets - ALWAYS exit with error
+    const hasHighSeveritySecrets = (scanResult.secrets ?? []).some((s) => s.severity === 'high');
+    if (hasHighSeveritySecrets) {
+        exitWithError = true;
+    }
+    // Check for high severity example secrets - ALWAYS exit with error
+    const hasHighSeverityExampleSecrets = (scanResult.exampleWarnings ?? []).some((w) => w.severity === 'high');
+    if (hasHighSeverityExampleSecrets) {
+        exitWithError = true;
+    }
+    // Success message for env file comparison
+    if (comparedAgainst &&
+        scanResult.missing.length === 0 &&
+        (scanResult.secrets?.length ?? 0) === 0 &&
+        scanResult.used.length > 0) {
+        printSuccess(isJson, 'scan', comparedAgainst, scanResult.unused, opts.showUnused ?? true);
+    }
+    // Gitignore check
+    const gitignoreIssue = checkGitignoreStatus({
+        cwd: opts.cwd,
+        envFile: DEFAULT_ENV_FILE,
+    });
+    if (gitignoreIssue && !opts.json) {
+        printGitignoreWarning({
+            envFile: DEFAULT_ENV_FILE,
+            reason: gitignoreIssue.reason,
+        });
+    }
+    const hasGitignoreIssue = gitignoreIssue !== null;
+    if (opts.strict) {
+        const exit = printStrictModeError({
+            unused: scanResult.unused.length,
+            duplicatesEnv: scanResult.duplicates?.env?.length ?? 0,
+            duplicatesEx: scanResult.duplicates?.example?.length ?? 0,
+            secrets: scanResult.secrets?.length ?? 0,
+            exampleSecrets: scanResult.exampleWarnings?.length ?? 0,
+            hasGitignoreIssue,
+            frameworkWarnings: scanResult.frameworkWarnings?.length ?? 0,
+            logged: scanResult.logged?.length ?? 0,
+            uppercaseWarnings: scanResult.uppercaseWarnings?.length ?? 0,
+            expireWarnings: scanResult.expireWarnings?.length ?? 0,
+            inconsistentNamingWarnings: scanResult.inconsistentNamingWarnings?.length ?? 0,
+        }, isJson);
+        if (exit)
+            exitWithError = true;
+    }
+    if (opts.fix && fixContext) {
+        printAutoFix(fixContext.fixApplied, {
+            removedDuplicates: fixContext.removedDuplicates,
+            addedEnv: fixContext.addedEnv,
+            addedExample: opts.examplePath ? fixContext.addedEnv : [],
+        }, comparedAgainst || DEFAULT_ENV_FILE, opts.examplePath ? path.basename(opts.examplePath) : 'example file', isJson, fixContext.gitignoreUpdated);
+    }
+    // Health score
+    const score = computeHealthScore(scanResult);
+    printHealthScore(score);
+    // Filtered results for fix tips
+    printFixTips({
+        missing: scanResult.missing,
+        duplicatesEnv: scanResult.duplicates?.env ?? [],
+        duplicatesEx: scanResult.duplicates?.example ?? [],
+        gitignoreIssue: hasGitignoreIssue ? { reason: 'not-ignored' } : null,
+    }, hasGitignoreIssue, isJson, opts.fix ?? false);
+    return { exitWithError };
+}
+//# sourceMappingURL=printScanResult.js.map

package/dist/src/services/printScanResult.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"printScanResult.js","sourceRoot":"","sources":["../../../src/services/printScanResult.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAMvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAS9F;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAsB,EACtB,IAAsB,EACtB,eAAuB,EACvB,UAAuB;IAEvB,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,+CAA+C;IAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC;IAElC,WAAW,CAAC,eAAe,CAAC,CAAC;IAE7B,0BAA0B;IAC1B,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC;IAE7D,uDAAuD;IACvD,IACE,YAAY,CACV,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,IAAI,EACf,eAAe,EACf,IAAI,CAAC,QAAQ,IAAI,KAAK,EACtB,MAAM,CACP,EACD,CAAC;QACD,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,IAAI,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,sBAAsB,CAAC,UAAU,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,UAAU,CAAC,iBAAiB,IAAI,UAAU,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,qBAAqB,CACnB,UAAU,CAAC,iBAAiB,EAC5B,eAAe,EACf,MAAM,CACP,CAAC;IACJ,CAAC;IAED,IACE,UAAU,CAAC,0BAA0B;QACrC,UAAU,CAAC,0BAA0B,CAAC,MAAM,GAAG,CAAC,EAChD,CAAC;QACD,8BAA8B,CAC5B,UAAU,CAAC,0BAA0B,EACrC,MAAM,CACP,CAAC;IACJ,CAAC;IAED,oBAAoB,CAAC,UAAU,CAAC,eAAe,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IAE/D,SAAS;IACT,WAAW,CACT,UAAU,CAAC,MAAM,EACjB,eAAe,EACf,IAAI,CAAC,UAAU,IAAI,KAAK,EACxB,MAAM,CACP,CAAC;IAEF,aAAa;IACb,eAAe,CACb,eAAe,IAAI,gBAAgB,EACnC,cAAc,EACd,UAAU,CAAC,UAAU,EAAE,GAAG,IAAI,EAAE,EAChC,UAAU,CAAC,UAAU,EAAE,OAAO,IAAI,EAAE,EACpC,MAAM,CACP,CAAC;IAEF,gCAAgC;IAChC,YAAY,CAAC,UAAU,CAAC,OAAO,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IAE/C,4BAA4B;IAC5B,sBAAsB,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IAExD,sBAAsB;IACtB,mBAAmB,CAAC,UAAU,CAAC,cAAc,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;IAE7D,2DAA2D;IAC3D,MAAM,sBAAsB,GAAG,CAAC,UAAU,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC7B,CAAC;IAEF,IAAI,sBAAsB,EAAE,CAAC;QAC3B,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,mEAAmE;IACnE,MAAM,6BAA6B,GAAG,CAAC,UAAU,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,IAAI,CAC3E,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC7B,CAAC;IAEF,IAAI,6BAA6B,EAAE,CAAC;QAClC,aAAa,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,0CAA0C;IAC1C,IACE,eAAe;QACf,UAAU,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAC/B,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC;QACvC,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAC1B,CAAC;QACD,YAAY,CACV,MAAM,EACN,MAAM,EACN,eAAe,EACf,UAAU,CAAC,MAAM,EACjB,IAAI,CAAC,UAAU,IAAI,IAAI,CACxB,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,cAAc,GAAG,oBAAoB,CAAC;QAC1C,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,OAAO,EAAE,gBAAgB;KAC1B,CAAC,CAAC;IAEH,IAAI,cAAc,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACjC,qBAAqB,CAAC;YACpB,OAAO,EAAE,gBAAgB;YACzB,MAAM,EAAE,cAAc,CAAC,MAAM;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,iBAAiB,GAAG,cAAc,KAAK,IAAI,CAAC;IAElD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,IAAI,GAAG,oBAAoB,CAC/B;YACE,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,MAAM;YAChC,aAAa,EAAE,UAAU,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC;YACtD,YAAY,EAAE,UAAU,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;YACzD,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;YACxC,cAAc,EAAE,UAAU,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YACvD,iBAAiB;YACjB,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;YAC5D,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC;YACtC,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;YAC5D,cAAc,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC;YACtD,0BAA0B,EACxB,UAAU,CAAC,0BAA0B,EAAE,MAAM,IAAI,CAAC;SACrD,EACD,MAAM,CACP,CAAC;QAEF,IAAI,IAAI;YAAE,aAAa,GAAG,IAAI,CAAC;IACjC,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,IAAI,UAAU,EAAE,CAAC;QAC3B,YAAY,CACV,UAAU,CAAC,UAAU,EACrB;YACE,iBAAiB,EAAE,UAAU,CAAC,iBAAiB;YAC/C,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;SAC1D,EACD,eAAe,IAAI,gBAAgB,EACnC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,cAAc,EACnE,MAAM,EACN,UAAU,CAAC,gBAAgB,CAC5B,CAAC;IACJ,CAAC;IAED,eAAe;IACf,MAAM,KAAK,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAC7C,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExB,gCAAgC;IAChC,YAAY,CACV;QACE,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,aAAa,EAAE,UAAU,CAAC,UAAU,EAAE,GAAG,IAAI,EAAE;QAC/C,YAAY,EAAE,UAAU,CAAC,UAAU,EAAE,OAAO,IAAI,EAAE;QAClD,cAAc,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI;KACrE,EACD,iBAAiB,EACjB,MAAM,EACN,IAAI,CAAC,GAAG,IAAI,KAAK,CAClB,CAAC;IAEF,OAAO,EAAE,aAAa,EAAE,CAAC;AAC3B,CAAC"}

package/dist/src/services/scanCodebase.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { ScanOptions, ScanResult } from '../config/types.js';
+/**
+ * Scans the codebase for environment variable usage based on the provided options.
+ * @param opts - Options for scanning the codebase.
+ * @returns A promise that resolves to the scan result containing used, missing, and unused variables.
+ */
+export declare function scanCodebase(opts: ScanOptions): Promise<ScanResult>;
+//# sourceMappingURL=scanCodebase.d.ts.map

package/dist/src/services/scanCodebase.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"scanCodebase.d.ts","sourceRoot":"","sources":["../../../src/services/scanCodebase.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAY,WAAW,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAU5E;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAsEzE"}

package/dist/src/services/scanCodebase.js ADDED Viewed

@@ -0,0 +1,110 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { detectSecretsInSource, } from '../core/security/secretDetectors.js';
+import { DEFAULT_EXCLUDE_PATTERNS } from '../core/patterns.js';
+import { scanFile } from '../core/scanFile.js';
+import { findFiles } from './fileWalker.js';
+import { printProgress } from '../ui/scan/printProgress.js';
+/**
+ * Scans the codebase for environment variable usage based on the provided options.
+ * @param opts - Options for scanning the codebase.
+ * @returns A promise that resolves to the scan result containing used, missing, and unused variables.
+ */
+export async function scanCodebase(opts) {
+    const files = await findFiles(opts.cwd, {
+        include: opts.include,
+        exclude: [...DEFAULT_EXCLUDE_PATTERNS, ...opts.exclude],
+        ...(opts.files ? { files: opts.files } : {}), // Pass files option
+    });
+    const allUsages = [];
+    let filesScanned = 0;
+    const allSecrets = [];
+    const fileContentMap = new Map();
+    for (const filePath of files) {
+        const content = await safeReadFile(filePath);
+        if (!content)
+            continue;
+        // Scan the file for environment variable usages
+        const fileUsages = scanFile(filePath, content, opts);
+        allUsages.push(...fileUsages);
+        // Store file content for later use (e.g., framework validation 'use client')
+        const relativePath = path.relative(opts.cwd, filePath);
+        fileContentMap.set(relativePath, content);
+        // Detect secrets in the file content
+        const secrets = safeDetectSecrets(relativePath, content, opts);
+        if (secrets.length)
+            allSecrets.push(...secrets);
+        // Count successfully scanned files
+        filesScanned++;
+        if (shouldPrintProgress(filesScanned, files.length)) {
+            printProgress({
+                isJson: opts.json,
+                current: filesScanned,
+                total: files.length,
+            });
+        }
+    }
+    // Filter out ignored variables
+    const filteredUsages = allUsages.filter((usage) => !opts.ignore.includes(usage.variable) &&
+        !opts.ignoreRegex.some((regex) => regex.test(usage.variable)));
+    const uniqueVariables = [...new Set(filteredUsages.map((u) => u.variable))];
+    const loggedVariables = filteredUsages.filter((u) => u.isLogged);
+    return {
+        used: filteredUsages,
+        missing: [],
+        unused: [],
+        secrets: allSecrets,
+        stats: {
+            filesScanned,
+            totalUsages: filteredUsages.length,
+            uniqueVariables: uniqueVariables.length,
+            warningsCount: 0,
+            duration: 0,
+        },
+        duplicates: {
+            env: [],
+            example: [],
+        },
+        logged: loggedVariables,
+        fileContentMap,
+    };
+}
+/**
+ * Detects secrets in the given file content if secret detection is enabled.
+ * @param relativePath - The relative path of the file being scanned.
+ * @param content - The content of the file.
+ * @param opts - The scan options.
+ * @returns An array of secret findings.
+ */
+function safeDetectSecrets(relativePath, content, opts) {
+    if (!opts.secrets)
+        return [];
+    try {
+        return detectSecretsInSource(relativePath, content, opts).filter((s) => s.severity !== 'low');
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Safely reads a file and returns its content or null if reading fails.
+ * @param filePath - The path to the file to read.
+ * @returns The file content as a string, or null if an error occurs.
+ */
+async function safeReadFile(filePath) {
+    try {
+        return await fs.readFile(filePath, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+/** * Determines whether to print progress based on the number of files scanned.
+ * @param scanned - The number of files scanned so far.
+ * @param total - The total number of files to scan.
+ * @returns True if progress should be printed, false otherwise.
+ */
+function shouldPrintProgress(scanned, total) {
+    return scanned === 1 || scanned % 10 === 0 || scanned === total;
+}
+//# sourceMappingURL=scanCodebase.js.map

package/dist/src/services/scanCodebase.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanCodebase.js","sourceRoot":"","sources":["../../../src/services/scanCodebase.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,aAAa,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EACL,qBAAqB,GAEtB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAiB;IAClD,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE;QACtC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,CAAC,GAAG,wBAAwB,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QACvD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,oBAAoB;KACnE,CAAC,CAAC;IAEH,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,gDAAgD;QAChD,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACrD,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QAE9B,6EAA6E;QAC7E,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACvD,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAE1C,qCAAqC;QACrC,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC/D,IAAI,OAAO,CAAC,MAAM;YAAE,UAAU,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAEhD,mCAAmC;QACnC,YAAY,EAAE,CAAC;QAEf,IAAI,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YACpD,aAAa,CAAC;gBACZ,MAAM,EAAE,IAAI,CAAC,IAAI;gBACjB,OAAO,EAAE,YAAY;gBACrB,KAAK,EAAE,KAAK,CAAC,MAAM;aACpB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,cAAc,GAAG,SAAS,CAAC,MAAM,CACrC,CAAC,KAAK,EAAE,EAAE,CACR,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC;QACrC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAChE,CAAC;IAEF,MAAM,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE5E,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAEjE,OAAO;QACL,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,EAAE;QACX,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE;YACL,YAAY;YACZ,WAAW,EAAE,cAAc,CAAC,MAAM;YAClC,eAAe,EAAE,eAAe,CAAC,MAAM;YACvC,aAAa,EAAE,CAAC;YAChB,QAAQ,EAAE,CAAC;SACZ;QACD,UAAU,EAAE;YACV,GAAG,EAAE,EAAE;YACP,OAAO,EAAE,EAAE;SACZ;QACD,MAAM,EAAE,eAAe;QACvB,cAAc;KACf,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB,CACxB,YAAoB,EACpB,OAAe,EACf,IAAiB;IAEjB,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,OAAO,qBAAqB,CAAC,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,CAC9D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAC5B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC1C,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,OAAe,EAAE,KAAa;IACzD,OAAO,OAAO,KAAK,CAAC,IAAI,OAAO,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,KAAK,KAAK,CAAC;AAClE,CAAC"}

package/dist/src/ui/scan/printConsolelogWarning.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"printConsolelogWarning.d.ts","sourceRoot":"","sources":["../../../../src/ui/scan/printConsolelogWarning.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAkB,MAAM,uBAAuB,CAAC;AAGtE;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,OAAO,GACZ,OAAO,~~CAmCT~~"}
1	+ {"version":3,"file":"printConsolelogWarning.d.ts","sourceRoot":"","sources":["../../../../src/ui/scan/printConsolelogWarning.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAkB,MAAM,uBAAuB,CAAC;AAGtE;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,OAAO,GACZ,OAAO,CAyCT"}

package/dist/src/ui/scan/printConsolelogWarning.js CHANGED Viewed

@@ -13,7 +13,6 @@ export function printConsolelogWarning(logged, json) {
     if (!logged || logged.length === 0)
         return false;
     console.log(chalk.yellow(`⚠️  Environment variables logged to console:`));
-    // Group by variable name
     const grouped = logged.reduce((acc, entry) => {
         if (!acc[entry.variable])
             acc[entry.variable] = [];
@@ -22,14 +21,16 @@ export function printConsolelogWarning(logged, json) {
     }, {});
     for (const [variable, usages] of Object.entries(grouped)) {
         console.log(chalk.yellow(`   - ${variable}`));
+        // Deduplicate by file + line (unique locations)
+        const uniqueUsages = Array.from(new Map(usages.map((u) => [`${u.file}:${u.line}`, u])).values());
         const maxShow = 3;
-        usages.slice(0, maxShow).forEach((usage) => {
+        uniqueUsages.slice(0, maxShow).forEach((usage) => {
             const normalizedFile = normalizePath(usage.file);
             console.log(chalk.yellow.dim(`     Logged at: ${normalizedFile}:${usage.line}`));
             console.log(chalk.gray(`       ${usage.context.trim()}`));
         });
-        if (usages.length > maxShow) {
-            console.log(chalk.gray(`     ... and ${usages.length - maxShow} more locations`));
+        if (uniqueUsages.length > maxShow) {
+            console.log(chalk.gray(`     ... and ${uniqueUsages.length - maxShow} more locations`));
         }
     }
     console.log();