ghostpatch 1.0.0

package/dist/detectors/secrets.js

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detect = detect;
+exports.detectSecretsOnly = detectSecretsOnly;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const PATTERNS = [
+    {
+        id: 'SEC-AWS-KEY', name: 'AWS Access Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /(?:AKIA|ASIA)[A-Z0-9]{16}/,
+        antiPattern: /(?:example|sample|test|fake|dummy|placeholder|xxx|EXAMPLE)/i,
+        description: 'AWS access key ID found.', remediation: 'Rotate key immediately. Use IAM roles or env vars.',
+    },
+    {
+        id: 'SEC-AWS-SECRET', name: 'AWS Secret Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /(?:aws_secret|AWS_SECRET)\w*\s*[:=]\s*['"][A-Za-z0-9/+=]{40}['"]/,
+        description: 'AWS secret access key found.', remediation: 'Rotate immediately. Use AWS Secrets Manager.',
+    },
+    {
+        id: 'SEC-GITHUB-TOKEN', name: 'GitHub Token', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}/,
+        description: 'GitHub personal access token found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-GOOGLE-KEY', name: 'Google API Key', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-798', pattern: /AIza[A-Za-z0-9_\\-]{35}/,
+        description: 'Google API key found.', remediation: 'Rotate and restrict key scope. Use env vars.',
+    },
+    {
+        id: 'SEC-SLACK-TOKEN', name: 'Slack Token', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /xox[bpors]-[A-Za-z0-9\-]{10,}/,
+        description: 'Slack API token found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-STRIPE-KEY', name: 'Stripe API Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /(?:sk|pk)_(?:live|test)_[A-Za-z0-9]{20,}/,
+        description: 'Stripe API key found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-PRIVATE-KEY', name: 'Private Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-321', pattern: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/,
+        description: 'Private key embedded in source.', remediation: 'Remove from source. Use key management service.',
+    },
+    {
+        id: 'SEC-GENERIC-API-KEY', name: 'Generic API Key', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-798', pattern: /(?:api[-_]?key|apikey|API[-_]?KEY)\s*[:=]\s*['"][a-zA-Z0-9_\-]{20,}['"]/i,
+        antiPattern: /(?:example|sample|test|fake|dummy|placeholder|xxx|your_|process\.env|os\.environ|config\.|env\[)/i,
+        description: 'Hardcoded API key found.', remediation: 'Store API keys in env vars or secrets manager.',
+    },
+    {
+        id: 'SEC-GENERIC-SECRET', name: 'Generic Secret/Password', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-798', pattern: /(?:secret|token|password|passwd|credentials?)\s*[:=]\s*['"][a-zA-Z0-9!@#$%^&*()\-_+=]{12,}['"]/i,
+        antiPattern: /(?:example|sample|test|fake|dummy|placeholder|xxx|your_|process\.env|os\.environ|config\.|env\[|<|TODO|CHANGE|REPLACE|type|interface|const\s+\w+:\s*string)/i,
+        description: 'Potential hardcoded secret.', remediation: 'Use env vars or secrets manager.',
+    },
+    {
+        id: 'SEC-DB-CONN-STRING', name: 'Database Connection String', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-798', pattern: /['"](?:mongodb(?:\+srv)?|postgres(?:ql)?|mysql|mssql|redis|amqp):\/\/[^:]+:[^@]+@[^'"]+['"]/i,
+        antiPattern: /(?:localhost|127\.0\.0\.1|example\.com|process\.env|os\.environ)/i,
+        description: 'Database connection string with credentials.', remediation: 'Use env vars for connection strings.',
+    },
+    {
+        id: 'SEC-SENDGRID', name: 'SendGrid API Key', severity: severity_1.Severity.HIGH, confidence: 'high',
+        cwe: 'CWE-798', pattern: /SG\.[A-Za-z0-9_\-]{22}\.[A-Za-z0-9_\-]{43}/,
+        description: 'SendGrid API key found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-TWILIO', name: 'Twilio Credentials', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-798', pattern: /(?:AC[a-z0-9]{32}|SK[a-z0-9]{32})/,
+        description: 'Twilio Account SID or API key found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-FIREBASE', name: 'Firebase Config Exposed', severity: severity_1.Severity.MEDIUM, confidence: 'medium',
+        cwe: 'CWE-798', pattern: /(?:firebase|FIREBASE).*(?:apiKey|authDomain|databaseURL)\s*[:=]\s*['"]/i,
+        description: 'Firebase configuration in source.', remediation: 'Use env vars. Secure with Firebase Security Rules.',
+    },
+    {
+        id: 'SEC-HARDCODED-DB-PASS', name: 'Hardcoded Database Password', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /(?:(?:db|database|mysql|postgres|mongo|redis)[-_.]?(?:password|passwd|pass|pwd))\s*[:=]\s*['"][^'"]{4,}['"]/i,
+        antiPattern: /(?:process\.env|os\.environ|config\.|env\[|example|sample|test|your_|placeholder)/i,
+        description: 'Database password hardcoded.', remediation: 'Use env vars or secrets manager.',
+    },
+    {
+        id: 'SEC-OPENAI-KEY', name: 'OpenAI API Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /sk-[A-Za-z0-9]{32,}/,
+        antiPattern: /(?:example|sample|test|fake|placeholder|xxx)/i,
+        description: 'OpenAI API key found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+    {
+        id: 'SEC-ANTHROPIC-KEY', name: 'Anthropic API Key', severity: severity_1.Severity.CRITICAL, confidence: 'high',
+        cwe: 'CWE-798', pattern: /sk-ant-[A-Za-z0-9\-]{32,}/,
+        description: 'Anthropic API key found.', remediation: 'Rotate immediately. Use env vars.',
+    },
+];
+// All languages — secrets can appear anywhere
+const ALL_LANGS = ['javascript', 'typescript', 'python', 'java', 'go', 'rust', 'c', 'cpp', 'csharp', 'php', 'ruby', 'swift', 'kotlin', 'shell', 'sql'];
+function detect(content, filePath, _language) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const pat of PATTERNS) {
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (pat.pattern.test(line)) {
+                if (pat.antiPattern && pat.antiPattern.test(line))
+                    continue;
+                findings.push({
+                    id: `${pat.id}-${filePath}:${i + 1}`,
+                    ruleId: pat.id,
+                    title: pat.name,
+                    description: pat.description,
+                    severity: pat.severity,
+                    confidence: pat.confidence,
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippet(lines, i),
+                    cwe: pat.cwe, owasp: 'A02',
+                    remediation: pat.remediation,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)(pat.id, filePath, line.trim()),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function detectSecretsOnly(content, filePath) {
+    return detect(content, filePath, 'generic');
+}
+function getSnippet(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end)
+        .map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=secrets.js.map

package/dist/detectors/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/detectors/secrets.ts"],"names":[],"mappings":";;AA+FA,wBA2BC;AAED,8CAEC;AA9HD,+CAAqD;AACrD,sDAA2D;AAE3D,MAAM,QAAQ,GAAG;IACf;QACE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACnG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,2BAA2B;QACpD,WAAW,EAAE,6DAA6D;QAC1E,WAAW,EAAE,0BAA0B,EAAE,WAAW,EAAE,oDAAoD;KAC3G;IACD;QACE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,kEAAkE;QAC3F,WAAW,EAAE,8BAA8B,EAAE,WAAW,EAAE,8CAA8C;KACzG;IACD;QACE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,2CAA2C;QACpE,WAAW,EAAE,qCAAqC,EAAE,WAAW,EAAE,mCAAmC;KACrG;IACD;QACE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAClG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,yBAAyB;QAClD,WAAW,EAAE,uBAAuB,EAAE,WAAW,EAAE,8CAA8C;KAClG;IACD;QACE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACpG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,+BAA+B;QACxD,WAAW,EAAE,wBAAwB,EAAE,WAAW,EAAE,mCAAmC;KACxF;IACD;QACE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,0CAA0C;QACnE,WAAW,EAAE,uBAAuB,EAAE,WAAW,EAAE,mCAAmC;KACvF;IACD;QACE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACpG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,4CAA4C;QACrE,WAAW,EAAE,iCAAiC,EAAE,WAAW,EAAE,iDAAiD;KAC/G;IACD;QACE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QAC1G,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,0EAA0E;QACnG,WAAW,EAAE,mGAAmG;QAChH,WAAW,EAAE,0BAA0B,EAAE,WAAW,EAAE,gDAAgD;KACvG;IACD;QACE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QACjH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,iGAAiG;QAC1H,WAAW,EAAE,8JAA8J;QAC3K,WAAW,EAAE,6BAA6B,EAAE,WAAW,EAAE,kCAAkC;KAC5F;IACD;QACE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAClH,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,8FAA8F;QACvH,WAAW,EAAE,mEAAmE;QAChF,WAAW,EAAE,8CAA8C,EAAE,WAAW,EAAE,sCAAsC;KACjH;IACD;QACE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,MAAe;QAClG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,4CAA4C;QACrE,WAAW,EAAE,yBAAyB,EAAE,WAAW,EAAE,mCAAmC;KACzF;IACD;QACE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QACpG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,mCAAmC;QAC5D,WAAW,EAAE,sCAAsC,EAAE,WAAW,EAAE,mCAAmC;KACtG;IACD;QACE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAiB;QAC7G,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,yEAAyE;QAClG,WAAW,EAAE,mCAAmC,EAAE,WAAW,EAAE,oDAAoD;KACpH;IACD;QACE,EAAE,EAAE,uBAAuB,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QAC1H,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,8GAA8G;QACvI,WAAW,EAAE,oFAAoF;QACjG,WAAW,EAAE,8BAA8B,EAAE,WAAW,EAAE,kCAAkC;KAC7F;IACD;QACE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QACtG,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,qBAAqB;QAC9C,WAAW,EAAE,+CAA+C;QAC5D,WAAW,EAAE,uBAAuB,EAAE,WAAW,EAAE,mCAAmC;KACvF;IACD;QACE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAe;QAC5G,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,2BAA2B;QACpD,WAAW,EAAE,0BAA0B,EAAE,WAAW,EAAE,mCAAmC;KAC1F;CACF,CAAC;AAEF,8CAA8C;AAC9C,MAAM,SAAS,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAEvJ,SAAgB,MAAM,CAAC,OAAe,EAAE,QAAgB,EAAE,SAAiB;IACzE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAE5D,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,EAAE,GAAG,CAAC,EAAE;oBACd,KAAK,EAAE,GAAG,CAAC,IAAI;oBACf,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;oBACjC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK;oBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,WAAW,EAAE,IAAA,iCAAmB,EAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,iBAAiB,CAAC,OAAe,EAAE,QAAgB;IACjE,OAAO,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC;SAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACZ,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClB,CAAC"}

package/dist/detectors/ssrf.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from '../core/severity';
+export declare function detect(content: string, filePath: string, language: string): Finding[];
+//# sourceMappingURL=ssrf.d.ts.map

package/dist/detectors/ssrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../../src/detectors/ssrf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,kBAAkB,CAAC;AAmCrD,wBAAgB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA8BrF"}

package/dist/detectors/ssrf.js

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detect = detect;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const PATTERNS = [
+    {
+        id: 'SSRF-USER-URL', name: 'SSRF via User-Controlled URL', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-918',
+        pattern: /(?:fetch|axios|http\.get|https\.get|request|urllib|requests\.(?:get|post|put|delete|head)|HttpClient|http\.NewRequest)\s*\(\s*(?:req\.|request\.|input|user|param|query|body|args)/i,
+        description: 'HTTP request URL from user input — SSRF risk.',
+        remediation: 'Validate URLs against an allowlist. Block internal/private IP ranges.',
+    },
+    {
+        id: 'SSRF-URL-PARAM', name: 'URL From Query Parameter', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-918',
+        pattern: /(?:url|uri|endpoint|target|destination|redirect|callback|webhook)\s*[:=]\s*(?:req\.query|req\.params|request\.args|request\.GET|params\[)/i,
+        description: 'URL taken from query parameter.',
+        remediation: 'Validate URL scheme, host, and resolved IP. Use allowlist.',
+    },
+    {
+        id: 'SSRF-IMAGE-FETCH', name: 'Image/File Fetch from URL', severity: severity_1.Severity.MEDIUM, confidence: 'medium',
+        cwe: 'CWE-918',
+        pattern: /(?:download|fetch|grab|load|import)(?:Image|File|URL|Resource|Content)\s*\(\s*(?:url|uri|src|href|link)/i,
+        antiPattern: /(?:allowlist|whitelist|validateUrl|isAllowed|checkUrl|blockPrivate|isExternal)/i,
+        description: 'File/image download from variable URL.',
+        remediation: 'Validate URL and block internal IP ranges before fetching.',
+    },
+    {
+        id: 'SSRF-WEBHOOK', name: 'Webhook URL from User', severity: severity_1.Severity.HIGH, confidence: 'medium',
+        cwe: 'CWE-918',
+        pattern: /(?:webhook|callback|notify)(?:Url|URL|_url|Uri|URI)\s*[:=]\s*(?:req\.|request\.|body\.|input|user)/i,
+        description: 'Webhook URL from user input — can probe internal services.',
+        remediation: 'Validate webhook URLs. Block private IP ranges and localhost.',
+    },
+];
+function detect(content, filePath, language) {
+    const findings = [];
+    const lines = content.split('\n');
+    const backendLangs = ['javascript', 'typescript', 'python', 'java', 'go', 'php', 'ruby', 'csharp', 'kotlin'];
+    if (!backendLangs.includes(language))
+        return findings;
+    for (const pat of PATTERNS) {
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (pat.pattern.test(line)) {
+                if (pat.antiPattern) {
+                    const cs = Math.max(0, i - 3);
+                    const ce = Math.min(lines.length, i + 4);
+                    if (pat.antiPattern.test(lines.slice(cs, ce).join('\n')))
+                        continue;
+                }
+                findings.push({
+                    id: `${pat.id}-${filePath}:${i + 1}`,
+                    ruleId: pat.id, title: pat.name, description: pat.description,
+                    severity: pat.severity, confidence: pat.confidence,
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippet(lines, i),
+                    cwe: pat.cwe, owasp: 'A10',
+                    remediation: pat.remediation,
+                    fingerprint: (0, fingerprint_1.generateFingerprint)(pat.id, filePath, line.trim()),
+                });
+            }
+        }
+    }
+    return findings;
+}
+function getSnippet(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end)
+        .map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=ssrf.js.map

package/dist/detectors/ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../../src/detectors/ssrf.ts"],"names":[],"mappings":";;AAmCA,wBA8BC;AAjED,+CAAqD;AACrD,sDAA2D;AAE3D,MAAM,QAAQ,GAAG;IACf;QACE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QACjH,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,qLAAqL;QAC9L,WAAW,EAAE,+CAA+C;QAC5D,WAAW,EAAE,uEAAuE;KACrF;IACD;QACE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,0BAA0B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QAC9G,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,4IAA4I;QACrJ,WAAW,EAAE,iCAAiC;QAC9C,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,2BAA2B,EAAE,QAAQ,EAAE,mBAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,QAAiB;QACnH,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,0GAA0G;QACnH,WAAW,EAAE,iFAAiF;QAC9F,WAAW,EAAE,wCAAwC;QACrD,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,mBAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,QAAiB;QACzG,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,qGAAqG;QAC9G,WAAW,EAAE,4DAA4D;QACzE,WAAW,EAAE,+DAA+D;KAC7E;CACF,CAAC;AAEF,SAAgB,MAAM,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAgB;IACxE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE7G,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEtD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;oBACpB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBACzC,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAAE,SAAS;gBACrE,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC7D,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU;oBAClD,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;oBACjC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK;oBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,WAAW,EAAE,IAAA,iCAAmB,EAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC;SAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACZ,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClB,CAAC"}

package/dist/detectors/zeroday.d.ts

@@ -0,0 +1,9 @@
+import { Finding, AIFinding } from '../core/severity';
+export interface AIProvider {
+    name: string;
+    analyze(code: string, context: string): Promise<AIFinding[]>;
+    isAvailable(): boolean;
+}
+export declare function detectSuspiciousPatterns(content: string, filePath: string, language: string): Finding[];
+export declare function analyzeWithAI(code: string, filePath: string, language: string, provider: AIProvider): Promise<Finding[]>;
+//# sourceMappingURL=zeroday.d.ts.map

package/dist/detectors/zeroday.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zeroday.d.ts","sourceRoot":"","sources":["../../src/detectors/zeroday.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAGhE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7D,WAAW,IAAI,OAAO,CAAC;CACxB;AAaD,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAyBvG;AAED,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,UAAU,GACnB,OAAO,CAAC,OAAO,EAAE,CAAC,CA8BpB"}

package/dist/detectors/zeroday.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSuspiciousPatterns = detectSuspiciousPatterns;
+exports.analyzeWithAI = analyzeWithAI;
+const severity_1 = require("../core/severity");
+const fingerprint_1 = require("../utils/fingerprint");
+const SUSPICIOUS_PATTERNS = [
+    { pattern: /(?:setTimeout|setInterval)\s*\(\s*\w+\s*,\s*0\s*\)/, reason: 'Potential race condition with zero-delay timer' },
+    { pattern: /(?:await|async).*(?:parallel|all|race).*(?:db|database|write|update|delete|remove)/i, reason: 'Concurrent database operations may cause race conditions' },
+    { pattern: /if\s*\(\s*!?\s*(?:req|request)\.(?:user|session|auth)\s*\)\s*\{?\s*(?:return|throw|next)?[^}]*\}?\s*(?:\/\/|$)/i, reason: 'Authentication check may have bypass logic' },
+    { pattern: /(?:try\s*\{[^}]*(?:throw|error|reject)[^}]*\}\s*catch\s*\(\s*\w+\s*\)\s*\{[^}]*\})/i, reason: 'Error handling may silently swallow security exceptions' },
+    { pattern: /(?:\.then\s*\([^)]*\)\s*\.catch\s*\(\s*(?:\(\s*\)\s*=>|function\s*\(\s*\))\s*\{?\s*\}?\s*\))/i, reason: 'Empty catch handler silences errors' },
+    { pattern: /(?:Object\.keys|for\s*\(\s*(?:let|var|const)\s+\w+\s+(?:in|of)\s+).*(?:req\.|request\.|body|query|params)/i, reason: 'Iterating over user input keys without validation' },
+    { pattern: /(?:async\s+function|=>\s*\{)(?:(?!(?:try|catch|finally)).)*(?:await\s+)(?:(?!(?:try|catch|finally)).)*$/im, reason: 'Async function without error handling' },
+    { pattern: /(?:password|secret|token|key).*(?:===?|!==?|==).*(?:undefined|null|''|"")/i, reason: 'Null/empty check on credential may allow bypass' },
+];
+function detectSuspiciousPatterns(content, filePath, language) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const { pattern, reason } of SUSPICIOUS_PATTERNS) {
+        for (let i = 0; i < lines.length; i++) {
+            if (pattern.test(lines[i])) {
+                findings.push({
+                    id: `ZDAY-PATTERN-${filePath}:${i + 1}`,
+                    ruleId: 'ZDAY-SUSPICIOUS',
+                    title: 'Suspicious Pattern (AI Analysis Recommended)',
+                    description: reason,
+                    severity: severity_1.Severity.LOW,
+                    confidence: 'low',
+                    filePath, line: i + 1,
+                    codeSnippet: getSnippet(lines, i),
+                    cwe: 'CWE-691',
+                    remediation: 'Enable AI analysis (--ai) for deeper investigation of this pattern.',
+                    fingerprint: (0, fingerprint_1.generateFingerprint)('ZDAY', filePath, lines[i].trim()),
+                });
+            }
+        }
+    }
+    return findings;
+}
+async function analyzeWithAI(code, filePath, language, provider) {
+    if (!provider.isAvailable())
+        return [];
+    try {
+        const context = `File: ${filePath}\nLanguage: ${language}\n\nAnalyze this code for security vulnerabilities including:\n- Logic bugs that could lead to authorization bypass\n- Race conditions in concurrent operations\n- Business logic vulnerabilities\n- Novel attack vectors not caught by pattern matching\n- Time-of-check-to-time-of-use (TOCTOU) issues\n- Integer overflow/underflow\n- Null pointer dereference\n- Information leakage`;
+        const aiFindings = await provider.analyze(code, context);
+        return aiFindings.map((af, index) => ({
+            id: `ZDAY-AI-${filePath}:${index}`,
+            ruleId: 'ZDAY-AI',
+            title: af.title,
+            description: af.description,
+            severity: af.severity,
+            confidence: af.confidence,
+            filePath,
+            line: af.line || 1,
+            codeSnippet: code.split('\n').slice(Math.max(0, (af.line || 1) - 3), (af.line || 1) + 2).join('\n'),
+            cwe: af.cwe,
+            owasp: 'A04',
+            remediation: af.remediation,
+            aiEnhanced: true,
+            fingerprint: (0, fingerprint_1.generateFingerprint)('ZDAY-AI', filePath, af.title),
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+function getSnippet(lines, index, context = 2) {
+    const start = Math.max(0, index - context);
+    const end = Math.min(lines.length, index + context + 1);
+    return lines.slice(start, end).map((l, i) => {
+        const lineNum = start + i + 1;
+        const marker = (start + i === index) ? '>' : ' ';
+        return `${marker} ${lineNum} | ${l}`;
+    }).join('\n');
+}
+//# sourceMappingURL=zeroday.js.map

package/dist/detectors/zeroday.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zeroday.js","sourceRoot":"","sources":["../../src/detectors/zeroday.ts"],"names":[],"mappings":";;AAoBA,4DAyBC;AAED,sCAmCC;AAlFD,+CAAgE;AAChE,sDAA2D;AAQ3D,MAAM,mBAAmB,GAAG;IAC1B,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,gDAAgD,EAAE;IAC3H,EAAE,OAAO,EAAE,qFAAqF,EAAE,MAAM,EAAE,0DAA0D,EAAE;IACtK,EAAE,OAAO,EAAE,iHAAiH,EAAE,MAAM,EAAE,4CAA4C,EAAE;IACpL,EAAE,OAAO,EAAE,qFAAqF,EAAE,MAAM,EAAE,yDAAyD,EAAE;IACrK,EAAE,OAAO,EAAE,+FAA+F,EAAE,MAAM,EAAE,qCAAqC,EAAE;IAC3J,EAAE,OAAO,EAAE,4GAA4G,EAAE,MAAM,EAAE,mDAAmD,EAAE;IACtL,EAAE,OAAO,EAAE,2GAA2G,EAAE,MAAM,EAAE,uCAAuC,EAAE;IACzK,EAAE,OAAO,EAAE,4EAA4E,EAAE,MAAM,EAAE,iDAAiD,EAAE;CACrJ,CAAC;AAEF,SAAgB,wBAAwB,CAAC,OAAe,EAAE,QAAgB,EAAE,QAAgB;IAC1F,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;QACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,gBAAgB,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE;oBACvC,MAAM,EAAE,iBAAiB;oBACzB,KAAK,EAAE,8CAA8C;oBACrD,WAAW,EAAE,MAAM;oBACnB,QAAQ,EAAE,mBAAQ,CAAC,GAAG;oBACtB,UAAU,EAAE,KAAK;oBACjB,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC;oBACrB,WAAW,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;oBACjC,GAAG,EAAE,SAAS;oBACd,WAAW,EAAE,qEAAqE;oBAClF,WAAW,EAAE,IAAA,iCAAmB,EAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,IAAY,EACZ,QAAgB,EAChB,QAAgB,EAChB,QAAoB;IAEpB,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,QAAQ,eAAe,QAAQ,2XAA2X,CAAC;QAEpb,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAEzD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACpC,EAAE,EAAE,WAAW,QAAQ,IAAI,KAAK,EAAE;YAClC,MAAM,EAAE,SAAS;YACjB,KAAK,EAAE,EAAE,CAAC,KAAK;YACf,WAAW,EAAE,EAAE,CAAC,WAAW;YAC3B,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,QAAQ;YACR,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC;YAClB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CACjC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAC/B,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CACnB,CAAC,IAAI,CAAC,IAAI,CAAC;YACZ,GAAG,EAAE,EAAE,CAAC,GAAG;YACX,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,EAAE,CAAC,WAAW;YAC3B,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,IAAA,iCAAmB,EAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC;SAChE,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,KAAa,EAAE,OAAO,GAAG,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,OAAO,GAAG,MAAM,IAAI,OAAO,MAAM,CAAC,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+export { scan, scanFile, scanWithAI } from './core/scanner';
+export { generateReport, reportJSON, reportSARIF, reportHTML, reportTerminal } from './core/reporter';
+export { Finding, AIFinding, ScanResult, ScanSummary, ScanOptions, Rule, GhostPatchConfig, Severity, SEVERITY_ORDER, meetsMinSeverity, severityFromString, } from './core/severity';
+export { ALL_RULES, getRulesForLanguage, getRuleById, getRulesByOwasp, getRulesBySeverity, getEnabledRules } from './core/rules';
+export { getAvailableProvider, AIProvider } from './ai/provider';
+export { loadConfig, getDefaultConfig } from './utils/config';
+export { detectLanguage, isSupportedFile, SUPPORTED_LANGUAGES } from './utils/languages';
+export { generateFingerprint, deduplicateFindings } from './utils/fingerprint';
+export { startMCPServer } from './mcp/server';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtG,OAAO,EACL,OAAO,EACP,SAAS,EACT,UAAU,EACV,WAAW,EACX,WAAW,EACX,IAAI,EACJ,gBAAgB,EAChB,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,WAAW,EAAE,eAAe,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACjI,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,42 @@
+"use strict";
+// GhostPatch — AI-Powered Security Vulnerability Scanner
+// Library API
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startMCPServer = exports.deduplicateFindings = exports.generateFingerprint = exports.SUPPORTED_LANGUAGES = exports.isSupportedFile = exports.detectLanguage = exports.getDefaultConfig = exports.loadConfig = exports.getAvailableProvider = exports.getEnabledRules = exports.getRulesBySeverity = exports.getRulesByOwasp = exports.getRuleById = exports.getRulesForLanguage = exports.ALL_RULES = exports.severityFromString = exports.meetsMinSeverity = exports.SEVERITY_ORDER = exports.Severity = exports.reportTerminal = exports.reportHTML = exports.reportSARIF = exports.reportJSON = exports.generateReport = exports.scanWithAI = exports.scanFile = exports.scan = void 0;
+var scanner_1 = require("./core/scanner");
+Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return scanner_1.scan; } });
+Object.defineProperty(exports, "scanFile", { enumerable: true, get: function () { return scanner_1.scanFile; } });
+Object.defineProperty(exports, "scanWithAI", { enumerable: true, get: function () { return scanner_1.scanWithAI; } });
+var reporter_1 = require("./core/reporter");
+Object.defineProperty(exports, "generateReport", { enumerable: true, get: function () { return reporter_1.generateReport; } });
+Object.defineProperty(exports, "reportJSON", { enumerable: true, get: function () { return reporter_1.reportJSON; } });
+Object.defineProperty(exports, "reportSARIF", { enumerable: true, get: function () { return reporter_1.reportSARIF; } });
+Object.defineProperty(exports, "reportHTML", { enumerable: true, get: function () { return reporter_1.reportHTML; } });
+Object.defineProperty(exports, "reportTerminal", { enumerable: true, get: function () { return reporter_1.reportTerminal; } });
+var severity_1 = require("./core/severity");
+Object.defineProperty(exports, "Severity", { enumerable: true, get: function () { return severity_1.Severity; } });
+Object.defineProperty(exports, "SEVERITY_ORDER", { enumerable: true, get: function () { return severity_1.SEVERITY_ORDER; } });
+Object.defineProperty(exports, "meetsMinSeverity", { enumerable: true, get: function () { return severity_1.meetsMinSeverity; } });
+Object.defineProperty(exports, "severityFromString", { enumerable: true, get: function () { return severity_1.severityFromString; } });
+var rules_1 = require("./core/rules");
+Object.defineProperty(exports, "ALL_RULES", { enumerable: true, get: function () { return rules_1.ALL_RULES; } });
+Object.defineProperty(exports, "getRulesForLanguage", { enumerable: true, get: function () { return rules_1.getRulesForLanguage; } });
+Object.defineProperty(exports, "getRuleById", { enumerable: true, get: function () { return rules_1.getRuleById; } });
+Object.defineProperty(exports, "getRulesByOwasp", { enumerable: true, get: function () { return rules_1.getRulesByOwasp; } });
+Object.defineProperty(exports, "getRulesBySeverity", { enumerable: true, get: function () { return rules_1.getRulesBySeverity; } });
+Object.defineProperty(exports, "getEnabledRules", { enumerable: true, get: function () { return rules_1.getEnabledRules; } });
+var provider_1 = require("./ai/provider");
+Object.defineProperty(exports, "getAvailableProvider", { enumerable: true, get: function () { return provider_1.getAvailableProvider; } });
+var config_1 = require("./utils/config");
+Object.defineProperty(exports, "loadConfig", { enumerable: true, get: function () { return config_1.loadConfig; } });
+Object.defineProperty(exports, "getDefaultConfig", { enumerable: true, get: function () { return config_1.getDefaultConfig; } });
+var languages_1 = require("./utils/languages");
+Object.defineProperty(exports, "detectLanguage", { enumerable: true, get: function () { return languages_1.detectLanguage; } });
+Object.defineProperty(exports, "isSupportedFile", { enumerable: true, get: function () { return languages_1.isSupportedFile; } });
+Object.defineProperty(exports, "SUPPORTED_LANGUAGES", { enumerable: true, get: function () { return languages_1.SUPPORTED_LANGUAGES; } });
+var fingerprint_1 = require("./utils/fingerprint");
+Object.defineProperty(exports, "generateFingerprint", { enumerable: true, get: function () { return fingerprint_1.generateFingerprint; } });
+Object.defineProperty(exports, "deduplicateFindings", { enumerable: true, get: function () { return fingerprint_1.deduplicateFindings; } });
+var server_1 = require("./mcp/server");
+Object.defineProperty(exports, "startMCPServer", { enumerable: true, get: function () { return server_1.startMCPServer; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,yDAAyD;AACzD,cAAc;;;AAEd,0CAA4D;AAAnD,+FAAA,IAAI,OAAA;AAAE,mGAAA,QAAQ,OAAA;AAAE,qGAAA,UAAU,OAAA;AACnC,4CAAsG;AAA7F,0GAAA,cAAc,OAAA;AAAE,sGAAA,UAAU,OAAA;AAAE,uGAAA,WAAW,OAAA;AAAE,sGAAA,UAAU,OAAA;AAAE,0GAAA,cAAc,OAAA;AAC5E,4CAYyB;AAJvB,oGAAA,QAAQ,OAAA;AACR,0GAAA,cAAc,OAAA;AACd,4GAAA,gBAAgB,OAAA;AAChB,8GAAA,kBAAkB,OAAA;AAEpB,sCAAiI;AAAxH,kGAAA,SAAS,OAAA;AAAE,4GAAA,mBAAmB,OAAA;AAAE,oGAAA,WAAW,OAAA;AAAE,wGAAA,eAAe,OAAA;AAAE,2GAAA,kBAAkB,OAAA;AAAE,wGAAA,eAAe,OAAA;AAC1G,0CAAiE;AAAxD,gHAAA,oBAAoB,OAAA;AAC7B,yCAA8D;AAArD,oGAAA,UAAU,OAAA;AAAE,0GAAA,gBAAgB,OAAA;AACrC,+CAAyF;AAAhF,2GAAA,cAAc,OAAA;AAAE,4GAAA,eAAe,OAAA;AAAE,gHAAA,mBAAmB,OAAA;AAC7D,mDAA+E;AAAtE,kHAAA,mBAAmB,OAAA;AAAE,kHAAA,mBAAmB,OAAA;AACjD,uCAA8C;AAArC,wGAAA,cAAc,OAAA"}

package/dist/mcp/server.d.ts

@@ -0,0 +1,2 @@
+export declare function startMCPServer(): Promise<void>;
+//# sourceMappingURL=server.d.ts.map

package/dist/mcp/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAqSA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAqFpD"}