guardvibe 0.4.0

package/build/tools/get-security-docs.js

@@ -0,0 +1,61 @@
+import { frameworkGuides } from "../data/framework-guides.js";
+export function getSecurityDocs(topic) {
+    const normalizedTopic = topic.toLowerCase().trim();
+    // Try exact topic match first
+    const exactMatch = frameworkGuides.find((guide) => guide.topic === normalizedTopic);
+    if (exactMatch)
+        return exactMatch.content;
+    // Try keyword match
+    const keywordMatches = frameworkGuides
+        .map((guide) => {
+        const score = guide.keywords.reduce((acc, keyword) => {
+            if (normalizedTopic.includes(keyword))
+                return acc + 2;
+            if (keyword.includes(normalizedTopic))
+                return acc + 1;
+            return acc;
+        }, 0);
+        return { guide, score };
+    })
+        .filter((m) => m.score > 0)
+        .sort((a, b) => b.score - a.score);
+    if (keywordMatches.length > 0) {
+        // Return the best match, or multiple if scores are close
+        const best = keywordMatches[0];
+        const results = keywordMatches.filter((m) => m.score >= best.score * 0.7);
+        if (results.length === 1) {
+            return results[0].guide.content;
+        }
+        // Multiple relevant guides
+        return [
+            `# Security Guides for "${topic}"`,
+            ``,
+            `Found ${results.length} relevant guides:`,
+            ``,
+            ...results.map((r) => `---\n\n${r.guide.content}`),
+        ].join("\n");
+    }
+    // No match - return available topics
+    const availableTopics = frameworkGuides
+        .map((g) => `- **${g.topic}**: ${g.title}`)
+        .join("\n");
+    return [
+        `# No Guide Found for "${topic}"`,
+        ``,
+        `I don't have a specific security guide for that topic yet.`,
+        ``,
+        `## Available Topics:`,
+        availableTopics,
+        ``,
+        `## General Security Tips:`,
+        `1. Validate all user input with schemas (zod, joi, pydantic)`,
+        `2. Use parameterized queries for database access`,
+        `3. Hash passwords with bcrypt (12+ salt rounds)`,
+        `4. Set security headers (helmet for Express)`,
+        `5. Keep dependencies updated (npm audit)`,
+        `6. Use environment variables for secrets`,
+        `7. Add rate limiting to auth endpoints`,
+        `8. Set secure cookie flags (httpOnly, secure, sameSite)`,
+    ].join("\n");
+}
+//# sourceMappingURL=get-security-docs.js.map

package/build/tools/get-security-docs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-security-docs.js","sourceRoot":"","sources":["../../src/tools/get-security-docs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,MAAM,eAAe,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEnD,8BAA8B;IAC9B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CACrC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,eAAe,CAC3C,CAAC;IACF,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC;IAE1C,oBAAoB;IACpB,MAAM,cAAc,GAAG,eAAe;SACnC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACb,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACnD,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,GAAG,GAAG,CAAC,CAAC;YACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAAE,OAAO,GAAG,GAAG,CAAC,CAAC;YACtD,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,CAAC,CAAC,CAAC;QACN,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;SAC1B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAErC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,yDAAyD;QACzD,MAAM,IAAI,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,GAAG,GAAG,CACnC,CAAC;QAEF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,2BAA2B;QAC3B,OAAO;YACL,0BAA0B,KAAK,GAAG;YAClC,EAAE;YACF,SAAS,OAAO,CAAC,MAAM,mBAAmB;YAC1C,EAAE;YACF,GAAG,OAAO,CAAC,GAAG,CACZ,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,CACnC;SACF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,qCAAqC;IACrC,MAAM,eAAe,GAAG,eAAe;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC;SAC1C,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO;QACL,yBAAyB,KAAK,GAAG;QACjC,EAAE;QACF,4DAA4D;QAC5D,EAAE;QACF,sBAAsB;QACtB,eAAe;QACf,EAAE;QACF,2BAA2B;QAC3B,8DAA8D;QAC9D,kDAAkD;QAClD,iDAAiD;QACjD,8CAA8C;QAC9C,0CAA0C;QAC1C,0CAA0C;QAC1C,wCAAwC;QACxC,yDAAyD;KAC1D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}

package/build/tools/scan-dependencies.d.ts

@@ -0,0 +1,2 @@
+export declare function scanDependencies(manifestPath: string): Promise<string>;
+//# sourceMappingURL=scan-dependencies.d.ts.map

package/build/tools/scan-dependencies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-dependencies.d.ts","sourceRoot":"","sources":["../../src/tools/scan-dependencies.ts"],"names":[],"mappings":"AAKA,wBAAsB,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAqE5E"}

package/build/tools/scan-dependencies.js

@@ -0,0 +1,69 @@
+import { readFileSync } from "fs";
+import { basename } from "path";
+import { parseManifest } from "../utils/manifest-parser.js";
+import { queryOsvBatch, formatVulnerability } from "../utils/osv-client.js";
+export async function scanDependencies(manifestPath) {
+    let content;
+    try {
+        content = readFileSync(manifestPath, "utf-8");
+    }
+    catch {
+        return `# GuardVibe Dependency Report\n\nError: Could not read file: ${manifestPath}`;
+    }
+    const filename = basename(manifestPath);
+    let packages;
+    try {
+        packages = parseManifest(content, filename);
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : "Unknown error";
+        return `# GuardVibe Dependency Report\n\nError: ${msg}`;
+    }
+    if (packages.length === 0) {
+        return `# GuardVibe Dependency Report\n\nFile: ${manifestPath}\nPackages found: 0\n\nNo packages to check.`;
+    }
+    const lines = [
+        `# GuardVibe Dependency Report`,
+        ``,
+        `File: ${manifestPath}`,
+        `Packages checked: ${packages.length}`,
+        `Database: OSV (Google Open Source Vulnerabilities)`,
+        ``,
+        `---`,
+        ``,
+    ];
+    let vulnResults;
+    try {
+        vulnResults = await queryOsvBatch(packages);
+    }
+    catch {
+        lines.push(`Error: Could not reach OSV API. Check your network connection.`);
+        return lines.join("\n");
+    }
+    let totalVulns = 0;
+    const criticalPackages = [];
+    for (const pkg of packages) {
+        const key = `${pkg.name}@${pkg.version}`;
+        const vulns = vulnResults.get(key) || [];
+        if (vulns.length === 0)
+            continue;
+        totalVulns += vulns.length;
+        criticalPackages.push(key);
+        lines.push(`## ${key} (${pkg.ecosystem}) — ${vulns.length} vulnerabilities`, ``);
+        for (const vuln of vulns) {
+            lines.push(formatVulnerability(vuln), ``);
+        }
+    }
+    lines.push(`---`, ``, `## Summary`, ``);
+    if (totalVulns === 0) {
+        lines.push(`All ${packages.length} packages are clean. No known vulnerabilities found.`);
+    }
+    else {
+        lines.push(`**${totalVulns} vulnerabilities** found in ${criticalPackages.length} packages:`, ``);
+        for (const pkg of criticalPackages)
+            lines.push(`- ${pkg}`);
+        lines.push(``, `**Action:** Update affected packages to their fixed versions.`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=scan-dependencies.js.map

package/build/tools/scan-dependencies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-dependencies.js","sourceRoot":"","sources":["../../src/tools/scan-dependencies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAChC,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE5E,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,YAAoB;IACzD,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gEAAgE,YAAY,EAAE,CAAC;IACxF,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;IACxC,IAAI,QAAQ,CAAC;IACb,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QAC7D,OAAO,2CAA2C,GAAG,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,0CAA0C,YAAY,8CAA8C,CAAC;IAC9G,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,SAAS,YAAY,EAAE;QACvB,qBAAqB,QAAQ,CAAC,MAAM,EAAE;QACtC,oDAAoD;QACpD,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,IAAI,WAA+B,CAAC;IACpC,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC7E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAEzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;QAC3B,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,GAAG,CAAC,SAAS,OAAO,KAAK,CAAC,MAAM,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACjF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IAExC,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,OAAO,QAAQ,CAAC,MAAM,sDAAsD,CAAC,CAAC;IAC3F,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,KAAK,UAAU,+BAA+B,gBAAgB,CAAC,MAAM,YAAY,EAAE,EAAE,CAAC,CAAC;QAClG,KAAK,MAAM,GAAG,IAAI,gBAAgB;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,+DAA+D,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/scan-directory.d.ts

@@ -0,0 +1,2 @@
+export declare function scanDirectory(path: string, recursive?: boolean, exclude?: string[]): string;
+//# sourceMappingURL=scan-directory.d.ts.map

package/build/tools/scan-directory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-directory.d.ts","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AAqDA,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,OAAc,EACzB,OAAO,GAAE,MAAM,EAAO,GACrB,MAAM,CA2FR"}

package/build/tools/scan-directory.js

@@ -0,0 +1,120 @@
+import { readdirSync, readFileSync, statSync } from "fs";
+import { join, extname } from "path";
+import { analyzeCode } from "./check-code.js";
+const DEFAULT_EXCLUDES = new Set([
+    "node_modules", ".git", "build", "dist", "vendor", "__pycache__",
+    ".next", ".nuxt", ".svelte-kit", "target", "bin", "obj",
+    "coverage", ".turbo", ".venv", "venv",
+]);
+const EXTENSION_MAP = {
+    ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
+    ".ts": "typescript", ".tsx": "typescript", ".mts": "typescript", ".cts": "typescript",
+    ".py": "python", ".go": "go", ".java": "java",
+    ".php": "php", ".rb": "ruby", ".html": "html",
+    ".sql": "sql", ".sh": "shell", ".bash": "shell",
+};
+const MAX_FILE_SIZE = 500 * 1024; // 500KB
+function walkDirectory(dir, recursive, excludes, results) {
+    let entries;
+    try {
+        entries = readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (excludes.has(entry.name))
+            continue;
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory() && recursive) {
+            walkDirectory(fullPath, recursive, excludes, results);
+        }
+        else if (entry.isFile()) {
+            const ext = extname(entry.name).toLowerCase();
+            if (EXTENSION_MAP[ext]) {
+                results.push(fullPath);
+            }
+        }
+    }
+}
+export function scanDirectory(path, recursive = true, exclude = []) {
+    const excludes = new Set([...DEFAULT_EXCLUDES, ...exclude]);
+    const filePaths = [];
+    walkDirectory(path, recursive, excludes, filePaths);
+    const scanResults = [];
+    const skippedFiles = [];
+    for (const filePath of filePaths) {
+        try {
+            const stat = statSync(filePath);
+            if (stat.size > MAX_FILE_SIZE) {
+                skippedFiles.push(`${filePath} (too large: ${Math.round(stat.size / 1024)}KB)`);
+                continue;
+            }
+            const content = readFileSync(filePath, "utf-8");
+            const ext = extname(filePath).toLowerCase();
+            const language = EXTENSION_MAP[ext];
+            if (!language)
+                continue;
+            const findings = analyzeCode(content, language);
+            if (findings.length > 0) {
+                scanResults.push({ path: filePath, findings });
+            }
+        }
+        catch {
+            skippedFiles.push(`${filePath} (read error)`);
+        }
+    }
+    // Scoring
+    const allFindings = scanResults.flatMap(r => r.findings);
+    const totalCritical = allFindings.filter(f => f.rule.severity === "critical").length;
+    const totalHigh = allFindings.filter(f => f.rule.severity === "high").length;
+    const totalMedium = allFindings.filter(f => f.rule.severity === "medium").length;
+    const totalIssues = totalCritical + totalHigh + totalMedium;
+    const score = Math.max(0, Math.min(100, 100 - totalCritical * 25 - totalHigh * 10 - totalMedium * 5));
+    const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 60 ? "C" : score >= 40 ? "D" : "F";
+    const lines = [
+        `# GuardVibe Directory Security Report`,
+        ``,
+        `Directory: ${path}`,
+        `Files scanned: ${filePaths.length - skippedFiles.length}`,
+        `Total issues: ${totalIssues}`,
+        `Security Score: ${grade} (${score}/100)`,
+        ``,
+    ];
+    if (totalIssues > 0) {
+        lines.push(`## Summary`, ``, `| Severity | Count |`, `|----------|-------|`);
+        if (totalCritical > 0)
+            lines.push(`| Critical | ${totalCritical}     |`);
+        if (totalHigh > 0)
+            lines.push(`| High     | ${totalHigh}     |`);
+        if (totalMedium > 0)
+            lines.push(`| Medium   | ${totalMedium}     |`);
+        lines.push(``);
+        const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+        const topIssues = scanResults.flatMap(r => r.findings.map(f => ({
+            text: `[${f.rule.severity.toUpperCase()}] ${f.rule.name} in ${r.path} (${f.rule.id})`,
+            order: severityOrder[f.rule.severity] ?? 99,
+        }))).sort((a, b) => a.order - b.order).slice(0, 10);
+        lines.push(`## Top Issues`);
+        topIssues.forEach((issue, i) => lines.push(`${i + 1}. ${issue.text}`));
+        lines.push(``, `---`, ``);
+        for (const result of scanResults) {
+            lines.push(`## File: ${result.path} (${result.findings.length} issues)`, ``);
+            for (const f of result.findings) {
+                const icon = f.rule.severity.toUpperCase();
+                lines.push(`### [${icon}] ${f.rule.name} (${f.rule.id})`, `**Line:** ~${f.line} | **Match:** \`${f.match}\``, `${f.rule.description}`, `**Fix:** ${f.rule.fix}`, ``);
+            }
+            lines.push(`---`, ``);
+        }
+    }
+    else {
+        lines.push(`## No Issues Found`, ``, `All files passed security checks.`);
+    }
+    if (skippedFiles.length > 0) {
+        lines.push(``, `**Skipped files:**`);
+        for (const s of skippedFiles)
+            lines.push(`- ${s}`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=scan-directory.js.map

package/build/tools/scan-directory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-directory.js","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAE5D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK;IACvD,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM;CACtC,CAAC,CAAC;AAEH,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;CAChD,CAAC;AAEF,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,QAAQ;AAO1C,SAAS,aAAa,CACpB,GAAW,EACX,SAAkB,EAClB,QAAqB,EACrB,OAAiB;IAEjB,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,YAAqB,IAAI,EACzB,UAAoB,EAAE;IAEtB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAiB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,aAAa,EAAE,CAAC;gBAC9B,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,gBAAgB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;gBAChF,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAChD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,eAAe,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACrF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,GAAG,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElG,MAAM,KAAK,GAAa;QACtB,uCAAuC;QACvC,EAAE;QACF,cAAc,IAAI,EAAE;QACpB,kBAAkB,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE;QAC1D,iBAAiB,WAAW,EAAE;QAC9B,mBAAmB,KAAK,KAAK,KAAK,OAAO;QACzC,EAAE;KACH,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QAC7E,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,aAAa,QAAQ,CAAC,CAAC;QACzE,IAAI,SAAS,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,QAAQ,CAAC,CAAC;QACjE,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,WAAW,QAAQ,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACxC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;YACrF,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;SAC5C,CAAC,CAAC,CACJ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1B,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7E,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAC3C,KAAK,CAAC,IAAI,CACR,QAAQ,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,EAC7C,cAAc,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,KAAK,IAAI,EAClD,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,EACvB,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAC7B,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/scan-secrets.d.ts

@@ -0,0 +1,11 @@
+export interface SecretFinding {
+    provider: string;
+    severity: "critical" | "high" | "medium";
+    file: string;
+    line: number;
+    match: string;
+    fix: string;
+}
+export declare function scanContent(content: string, filename: string): SecretFinding[];
+export declare function scanSecrets(path: string, recursive?: boolean): string;
+//# sourceMappingURL=scan-secrets.d.ts.map

package/build/tools/scan-secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-secrets.d.ts","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CA8C9E;AA4BD,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAE,OAAc,GAAG,MAAM,CAgF3E"}

package/build/tools/scan-secrets.js

@@ -0,0 +1,150 @@
+import { readdirSync, readFileSync, statSync } from "fs";
+import { join, extname, basename } from "path";
+import { secretPatterns, calculateEntropy } from "../data/secret-patterns.js";
+export function scanContent(content, filename) {
+    const findings = [];
+    for (const sp of secretPatterns) {
+        sp.pattern.lastIndex = 0;
+        let match;
+        while ((match = sp.pattern.exec(content)) !== null) {
+            const beforeMatch = content.substring(0, match.index);
+            const lineNumber = beforeMatch.split("\n").length;
+            findings.push({
+                provider: sp.provider,
+                severity: sp.severity,
+                file: filename,
+                line: lineNumber,
+                match: match[0].substring(0, 40) + (match[0].length > 40 ? "..." : ""),
+                fix: sp.fix,
+            });
+        }
+    }
+    // Entropy-based detection for .env files
+    if (basename(filename).startsWith(".env")) {
+        const lines = content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            if (!line || line.startsWith("#"))
+                continue;
+            const eqIdx = line.indexOf("=");
+            if (eqIdx === -1)
+                continue;
+            const value = line.substring(eqIdx + 1).replace(/^['"]|['"]$/g, "");
+            if (value.length >= 20 && calculateEntropy(value) > 4.5) {
+                const alreadyFound = findings.some(f => f.line === i + 1);
+                if (!alreadyFound) {
+                    findings.push({
+                        provider: "High-Entropy Secret",
+                        severity: "high",
+                        file: filename,
+                        line: i + 1,
+                        match: line.substring(0, 40) + "...",
+                        fix: "This looks like a secret (high entropy). Ensure this file is in .gitignore.",
+                    });
+                }
+            }
+        }
+    }
+    return findings;
+}
+function walkForSecrets(dir, recursive, results) {
+    let entries;
+    try {
+        entries = readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.name === "node_modules" || entry.name === ".git" || entry.name === "build" || entry.name === "dist")
+            continue;
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory() && recursive) {
+            walkForSecrets(fullPath, recursive, results);
+        }
+        else if (entry.isFile()) {
+            const name = entry.name;
+            const ext = extname(name).toLowerCase();
+            // Check env files and config files
+            if (name.startsWith(".env") || [".yml", ".yaml", ".toml", ".json", ".cfg", ".ini", ".conf"].includes(ext)) {
+                results.push(fullPath);
+            }
+            // Also scan source files
+            if ([".ts", ".js", ".py", ".go", ".java", ".php", ".rb"].includes(ext)) {
+                results.push(fullPath);
+            }
+        }
+    }
+}
+export function scanSecrets(path, recursive = true) {
+    const filePaths = [];
+    try {
+        const stat = statSync(path);
+        if (stat.isFile()) {
+            filePaths.push(path);
+        }
+        else {
+            walkForSecrets(path, recursive, filePaths);
+        }
+    }
+    catch {
+        return `# GuardVibe Secret Scan Report\n\nError: Could not access path: ${path}`;
+    }
+    const uniquePaths = [...new Set(filePaths)];
+    const allFindings = [];
+    for (const filePath of uniquePaths) {
+        try {
+            const stat = statSync(filePath);
+            if (stat.size > 500 * 1024)
+                continue;
+            const content = readFileSync(filePath, "utf-8");
+            const findings = scanContent(content, filePath);
+            allFindings.push(...findings);
+        }
+        catch { /* skip */ }
+    }
+    // Check .gitignore for .env coverage
+    let gitignoreContent = "";
+    try {
+        const gitignorePath = statSync(path).isDirectory() ? join(path, ".gitignore") : ".gitignore";
+        gitignoreContent = readFileSync(gitignorePath, "utf-8");
+    }
+    catch { /* no gitignore */ }
+    const envFiles = uniquePaths.filter(f => basename(f).startsWith(".env"));
+    for (const envFile of envFiles) {
+        const envName = basename(envFile);
+        if (!gitignoreContent.includes(envName) && !gitignoreContent.includes(".env*") && !gitignoreContent.includes(".env")) {
+            allFindings.push({
+                provider: ".env not in .gitignore",
+                severity: "critical",
+                file: envFile,
+                line: 0,
+                match: `${envName} is not listed in .gitignore`,
+                fix: `Add '${envName}' or '.env*' to .gitignore immediately.`,
+            });
+        }
+    }
+    // Format report
+    const lines = [
+        `# GuardVibe Secret Scan Report`,
+        ``,
+        `Files scanned: ${uniquePaths.length}`,
+        `Secrets found: ${allFindings.length}`,
+    ];
+    if (allFindings.length > 0) {
+        const critCount = allFindings.filter(f => f.severity === "critical").length;
+        const highCount = allFindings.filter(f => f.severity === "high").length;
+        lines.push(`Risk Level: ${critCount > 0 ? "Critical" : highCount > 0 ? "High" : "Medium"}`);
+        lines.push(``, `---`, ``, `## Findings`, ``);
+        const order = { critical: 0, high: 1, medium: 2 };
+        allFindings.sort((a, b) => order[a.severity] - order[b.severity]);
+        for (const f of allFindings) {
+            lines.push(`### [${f.severity.toUpperCase()}] ${f.provider}`, `**File:** ${f.file}${f.line > 0 ? `:${f.line}` : ""}`, `**Match:** \`${f.match}\``, `**Fix:** ${f.fix}`, ``);
+        }
+    }
+    else {
+        lines.push(`Risk Level: None`, ``, `No secrets detected. Good job keeping your code clean!`);
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=scan-secrets.js.map

package/build/tools/scan-secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-secrets.js","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAW9E,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,EAAE,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACzB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,SAAS;YAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACpE,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,gBAAgB,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBACxD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ,EAAE,qBAAqB;wBAC/B,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACpC,GAAG,EAAE,6EAA6E;qBACnF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,SAAkB,EAAE,OAAiB;IACxE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAE9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;YAAE,SAAS;QACxH,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,EAAE,CAAC;YACrC,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC/C,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;YACxB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAExC,mCAAmC;YACnC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1G,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,yBAAyB;YACzB,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,YAAqB,IAAI;IACjE,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YAClB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mEAAmE,IAAI,EAAE,CAAC;IACnF,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI;gBAAE,SAAS;YACrC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAChD,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,qCAAqC;IACrC,IAAI,gBAAgB,GAAG,EAAE,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;QAC7F,gBAAgB,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAE9B,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrH,WAAW,CAAC,IAAI,CAAC;gBACf,QAAQ,EAAE,wBAAwB;gBAClC,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,GAAG,OAAO,8BAA8B;gBAC/C,GAAG,EAAE,QAAQ,OAAO,yCAAyC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,MAAM,KAAK,GAAa;QACtB,gCAAgC;QAChC,EAAE;QACF,kBAAkB,WAAW,CAAC,MAAM,EAAE;QACtC,kBAAkB,WAAW,CAAC,MAAM,EAAE;KACvC,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC5E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACxE,KAAK,CAAC,IAAI,CAAC,eAAe,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5F,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QAE7C,MAAM,KAAK,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAC1E,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAElE,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,EAAE,EACjD,aAAa,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EACtD,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAC3B,YAAY,CAAC,CAAC,GAAG,EAAE,EACnB,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/utils/manifest-parser.d.ts

@@ -0,0 +1,7 @@
+export interface ParsedPackage {
+    name: string;
+    version: string;
+    ecosystem: string;
+}
+export declare function parseManifest(content: string, filename: string): ParsedPackage[];
+//# sourceMappingURL=manifest-parser.d.ts.map

package/build/utils/manifest-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAWhF"}

package/build/utils/manifest-parser.js

@@ -0,0 +1,102 @@
+export function parseManifest(content, filename) {
+    const lower = filename.toLowerCase();
+    if (lower === "package-lock.json")
+        return parsePackageLock(content);
+    if (lower === "package.json")
+        return parsePackageJson(content);
+    if (lower === "requirements.txt")
+        return parseRequirementsTxt(content);
+    if (lower === "go.mod")
+        return parseGoMod(content);
+    if (lower === "gemfile.lock")
+        return parseGemfileLock(content);
+    if (lower === "cargo.lock")
+        return parseCargoLock(content);
+    throw new Error(`Unsupported manifest format: ${filename}`);
+}
+function parsePackageJson(content) {
+    const pkg = JSON.parse(content);
+    const packages = [];
+    for (const [name, ver] of Object.entries(pkg.dependencies || {})) {
+        const version = String(ver).replace(/^[\^~>=<]*/g, "");
+        if (version)
+            packages.push({ name, version, ecosystem: "npm" });
+    }
+    for (const [name, ver] of Object.entries(pkg.devDependencies || {})) {
+        const version = String(ver).replace(/^[\^~>=<]*/g, "");
+        if (version)
+            packages.push({ name, version, ecosystem: "npm" });
+    }
+    return packages;
+}
+function parsePackageLock(content) {
+    const lock = JSON.parse(content);
+    const packages = [];
+    if (lock.packages) {
+        for (const [path, info] of Object.entries(lock.packages)) {
+            if (path === "")
+                continue;
+            const pkg = info;
+            if (!pkg.version)
+                continue;
+            const name = path.replace(/^node_modules\//, "");
+            packages.push({ name, version: pkg.version, ecosystem: "npm" });
+        }
+    }
+    return packages;
+}
+function parseRequirementsTxt(content) {
+    return content.split("\n")
+        .map(line => line.trim())
+        .filter(line => line && !line.startsWith("#") && !line.startsWith("-"))
+        .map(line => {
+        const match = line.match(/^([a-zA-Z0-9_.-]+)==([a-zA-Z0-9_.]+)/);
+        if (!match)
+            return null;
+        return { name: match[1], version: match[2], ecosystem: "PyPI" };
+    })
+        .filter((p) => p !== null);
+}
+function parseGoMod(content) {
+    const packages = [];
+    const requireBlock = content.match(/require\s*\(([\s\S]*?)\)/);
+    const lines = requireBlock ? requireBlock[1].split("\n") : [];
+    const singleRequires = content.matchAll(/require\s+(\S+)\s+v?(\S+)/g);
+    for (const m of singleRequires) {
+        packages.push({ name: m[1], version: m[2].replace(/^v/, ""), ecosystem: "Go" });
+    }
+    for (const line of lines) {
+        const match = line.trim().match(/^(\S+)\s+v?(\S+)/);
+        if (match && !match[1].startsWith("//")) {
+            packages.push({ name: match[1], version: match[2].replace(/^v/, ""), ecosystem: "Go" });
+        }
+    }
+    return packages;
+}
+function parseGemfileLock(content) {
+    const packages = [];
+    const specsSection = content.match(/specs:\n([\s\S]*?)(?:\n\S|\n\n|$)/);
+    if (!specsSection)
+        return packages;
+    const lines = specsSection[1].split("\n");
+    for (const line of lines) {
+        const match = line.match(/^\s{4}(\S+)\s+\(([^)]+)\)/);
+        if (match) {
+            packages.push({ name: match[1], version: match[2], ecosystem: "RubyGems" });
+        }
+    }
+    return packages;
+}
+function parseCargoLock(content) {
+    const packages = [];
+    const blocks = content.split("[[package]]");
+    for (const block of blocks.slice(1)) {
+        const name = block.match(/name\s*=\s*"([^"]+)"/)?.[1];
+        const version = block.match(/version\s*=\s*"([^"]+)"/)?.[1];
+        if (name && version) {
+            packages.push({ name, version, ecosystem: "crates.io" });
+        }
+    }
+    return packages;
+}
+//# sourceMappingURL=manifest-parser.js.map

package/build/utils/manifest-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAErC,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACpE,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACvE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,YAAY;QAAE,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;IAE3D,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,IAAI,IAAI,KAAK,EAAE;gBAAE,SAAS;YAC1B,MAAM,GAAG,GAAG,IAA4B,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,OAAO;gBAAE,SAAS;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;SACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SACtE,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAClE,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE9D,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IACtE,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACpD,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACxE,IAAI,CAAC,YAAY;QAAE,OAAO,QAAQ,CAAC;IAEnC,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAE5C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/build/utils/osv-client.d.ts

@@ -0,0 +1,37 @@
+interface OsvVulnerability {
+    id: string;
+    summary: string;
+    details?: string;
+    severity?: Array<{
+        type: string;
+        score: string;
+    }>;
+    affected?: Array<{
+        package?: {
+            name: string;
+            ecosystem: string;
+        };
+        ranges?: Array<{
+            type: string;
+            events: Array<{
+                introduced?: string;
+                fixed?: string;
+            }>;
+        }>;
+    }>;
+    references?: Array<{
+        type: string;
+        url: string;
+    }>;
+}
+export declare function queryOsv(name: string, version: string, ecosystem: string): Promise<OsvVulnerability[]>;
+interface BatchQuery {
+    name: string;
+    version: string;
+    ecosystem: string;
+}
+export declare function queryOsvBatch(packages: BatchQuery[]): Promise<Map<string, any[]>>;
+export declare function normalizeSeverity(vuln: any): string;
+export declare function formatVulnerability(vuln: OsvVulnerability): string;
+export {};
+//# sourceMappingURL=osv-client.d.ts.map

package/build/utils/osv-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAwB7B;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,GAAG,GAAG,MAAM,CASnD;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CA4BlE"}