guardvibe 0.6.3 → 0.7.0

package/build/utils/manifest-parser.js

@@ -8,95 +8,120 @@ export function parseManifest(content, filename) {
         return parseRequirementsTxt(content);
     if (lower === "go.mod")
         return parseGoMod(content);
-    if (lower === "gemfile.lock")
-        return parseGemfileLock(content);
-    if (lower === "cargo.lock")
-        return parseCargoLock(content);
     throw new Error(`Unsupported manifest format: ${filename}`);
 }
+function addPackage(packages, pkg) {
+    const key = `${pkg.ecosystem}:${pkg.name}@${pkg.version}`;
+    packages.set(key, pkg);
+}
+function sanitizeVersion(rawVersion) {
+    const trimmed = rawVersion.trim();
+    if (!trimmed)
+        return null;
+    if (trimmed.startsWith("file:") ||
+        trimmed.startsWith("link:") ||
+        trimmed.startsWith("workspace:") ||
+        trimmed.startsWith("git+") ||
+        trimmed.startsWith("github:") ||
+        trimmed.startsWith("http://") ||
+        trimmed.startsWith("https://")) {
+        return null;
+    }
+    const normalized = trimmed.replace(/^[\^~<>=\sv]*/g, "");
+    return normalized || null;
+}
 function parsePackageJson(content) {
     const pkg = JSON.parse(content);
-    const packages = [];
-    for (const [name, ver] of Object.entries(pkg.dependencies || {})) {
-        const version = String(ver).replace(/^[\^~>=<]*/g, "");
-        if (version)
-            packages.push({ name, version, ecosystem: "npm" });
-    }
-    for (const [name, ver] of Object.entries(pkg.devDependencies || {})) {
-        const version = String(ver).replace(/^[\^~>=<]*/g, "");
-        if (version)
-            packages.push({ name, version, ecosystem: "npm" });
+    const packages = new Map();
+    for (const section of ["dependencies", "devDependencies", "optionalDependencies"]) {
+        for (const [name, ver] of Object.entries(pkg[section] || {})) {
+            const version = sanitizeVersion(String(ver));
+            if (!version)
+                continue;
+            addPackage(packages, { name, version, ecosystem: "npm" });
+        }
     }
-    return packages;
+    return [...packages.values()];
 }
 function parsePackageLock(content) {
     const lock = JSON.parse(content);
-    const packages = [];
-    if (lock.packages) {
-        for (const [path, info] of Object.entries(lock.packages)) {
-            if (path === "")
+    const packages = new Map();
+    if (lock.packages && typeof lock.packages === "object") {
+        for (const [pkgPath, info] of Object.entries(lock.packages)) {
+            if (pkgPath === "")
                 continue;
             const pkg = info;
             if (!pkg.version)
                 continue;
-            const name = path.replace(/^node_modules\//, "");
-            packages.push({ name, version: pkg.version, ecosystem: "npm" });
+            const name = pkgPath.split("node_modules/").filter(Boolean).at(-1);
+            if (!name)
+                continue;
+            addPackage(packages, { name, version: pkg.version, ecosystem: "npm" });
         }
     }
-    return packages;
-}
-function parseRequirementsTxt(content) {
-    return content.split("\n")
-        .map(line => line.trim())
-        .filter(line => line && !line.startsWith("#") && !line.startsWith("-"))
-        .map(line => {
-        const match = line.match(/^([a-zA-Z0-9_.-]+)==([a-zA-Z0-9_.]+)/);
-        if (!match)
-            return null;
-        return { name: match[1], version: match[2], ecosystem: "PyPI" };
-    })
-        .filter((p) => p !== null);
-}
-function parseGoMod(content) {
-    const packages = [];
-    const requireBlock = content.match(/require\s*\(([\s\S]*?)\)/);
-    const lines = requireBlock ? requireBlock[1].split("\n") : [];
-    const singleRequires = content.matchAll(/require\s+(\S+)\s+v?(\S+)/g);
-    for (const m of singleRequires) {
-        packages.push({ name: m[1], version: m[2].replace(/^v/, ""), ecosystem: "Go" });
+    if (packages.size === 0 && lock.dependencies && typeof lock.dependencies === "object") {
+        walkPackageLockDependencies(lock.dependencies, packages);
     }
-    for (const line of lines) {
-        const match = line.trim().match(/^(\S+)\s+v?(\S+)/);
-        if (match && !match[1].startsWith("//")) {
-            packages.push({ name: match[1], version: match[2].replace(/^v/, ""), ecosystem: "Go" });
+    return [...packages.values()];
+}
+function walkPackageLockDependencies(dependencies, packages) {
+    for (const [name, info] of Object.entries(dependencies)) {
+        if (!info || typeof info !== "object")
+            continue;
+        const pkg = info;
+        if (pkg.version) {
+            addPackage(packages, { name, version: pkg.version, ecosystem: "npm" });
+        }
+        if (pkg.dependencies) {
+            walkPackageLockDependencies(pkg.dependencies, packages);
         }
     }
-    return packages;
 }
-function parseGemfileLock(content) {
-    const packages = [];
-    const specsSection = content.match(/specs:\n([\s\S]*?)(?:\n\S|\n\n|$)/);
-    if (!specsSection)
-        return packages;
-    const lines = specsSection[1].split("\n");
-    for (const line of lines) {
-        const match = line.match(/^\s{4}(\S+)\s+\(([^)]+)\)/);
-        if (match) {
-            packages.push({ name: match[1], version: match[2], ecosystem: "RubyGems" });
-        }
+function parseRequirementsTxt(content) {
+    const packages = new Map();
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-"))
+            continue;
+        const match = trimmed.match(/^([a-zA-Z0-9_.-]+)==([a-zA-Z0-9_.+-]+)/);
+        if (!match)
+            continue;
+        addPackage(packages, {
+            name: match[1],
+            version: match[2],
+            ecosystem: "PyPI",
+        });
     }
-    return packages;
+    return [...packages.values()];
 }
-function parseCargoLock(content) {
-    const packages = [];
-    const blocks = content.split("[[package]]");
-    for (const block of blocks.slice(1)) {
-        const name = block.match(/name\s*=\s*"([^"]+)"/)?.[1];
-        const version = block.match(/version\s*=\s*"([^"]+)"/)?.[1];
-        if (name && version) {
-            packages.push({ name, version, ecosystem: "crates.io" });
+function parseGoMod(content) {
+    const packages = new Map();
+    const lines = content.split("\n");
+    let inRequireBlock = false;
+    for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith("//"))
+            continue;
+        if (line.startsWith("require (")) {
+            inRequireBlock = true;
+            continue;
         }
+        if (inRequireBlock && line === ")") {
+            inRequireBlock = false;
+            continue;
+        }
+        const candidate = inRequireBlock ? line : line.startsWith("require ") ? line.slice("require ".length).trim() : "";
+        if (!candidate)
+            continue;
+        const match = candidate.match(/^(\S+)\s+v?([^\s]+)(?:\s+\/\/.*)?$/);
+        if (!match)
+            continue;
+        addPackage(packages, {
+            name: match[1],
+            version: match[2].replace(/^v/, ""),
+            ecosystem: "Go",
+        });
     }
-    return packages;
+    return [...packages.values()];
 }
 //# sourceMappingURL=manifest-parser.js.map

package/build/utils/manifest-parser.js.map

@@ -1 +1 @@
-{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAErC,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACpE,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACvE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,YAAY;QAAE,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;IAE3D,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,IAAI,IAAI,KAAK,EAAE;gBAAE,SAAS;YAC1B,MAAM,GAAG,GAAG,IAA4B,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,OAAO;gBAAE,SAAS;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;SACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SACtE,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAClE,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE9D,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IACtE,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACpD,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACxE,IAAI,CAAC,YAAY;QAAE,OAAO,QAAQ,CAAC;IAEnC,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAE5C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAQA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAErC,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACpE,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACvE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IAEnD,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,QAA4B,EAAE,GAAkB;IAClE,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;IAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,IACE,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAC3B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAC3B,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC;QAChC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAC1B,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAC7B,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAC7B,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAC9B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IACzD,OAAO,UAAU,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,KAAK,MAAM,OAAO,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,sBAAsB,CAAC,EAAE,CAAC;QAClF,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,IAAI,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACvD,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,IAAI,OAAO,KAAK,EAAE;gBAAE,SAAS;YAC7B,MAAM,GAAG,GAAG,IAA4B,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,OAAO;gBAAE,SAAS;YAE3B,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACnE,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,IAAI,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACtF,2BAA2B,CAAC,IAAI,CAAC,YAAuC,EAAE,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,2BAA2B,CAClC,YAAqC,EACrC,QAA4B;IAE5B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAS;QAChD,MAAM,GAAG,GAAG,IAAoE,CAAC;QAEjF,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,2BAA2B,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE7E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,UAAU,CAAC,QAAQ,EAAE;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YACjB,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAE7C,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,cAAc,GAAG,IAAI,CAAC;YACtB,SAAS;QACX,CAAC;QAED,IAAI,cAAc,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACnC,cAAc,GAAG,KAAK,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClH,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,UAAU,CAAC,QAAQ,EAAE;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC"}

package/build/utils/osv-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,iBAAiB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAClE,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAiD1C;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,GAAG,MAAM,CAmDtE;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CA4BlE"}
+{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,iBAAiB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAClE,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAmD1C;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,GAAG,MAAM,CAmDtE;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CA4BlE"}

package/build/utils/osv-client.js

@@ -26,8 +26,9 @@ export async function queryOsvBatch(packages) {
         signal: AbortSignal.timeout(10000),
     });
     const results = new Map();
-    if (!response.ok)
-        return results;
+    if (!response.ok) {
+        throw new Error(`OSV batch API error: ${response.status} ${response.statusText}`);
+    }
     const data = await response.json();
     // Batch API returns minimal vuln info (just id). Fetch full details for each.
     for (let i = 0; i < packages.length; i++) {

package/build/utils/osv-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,OAAO,CAAC;IAEjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2D,CAAC;IAE5F,8EAA8E;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,gCAAgC,EAAE,CAAC,EAAE,EAAE,EAAE;oBACxE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;iBAClC,CAAC,CAAC;gBACH,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;oBACpB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAsB,CAAC;oBAC/D,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;gBAC9C,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAsB,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAA4B;IAC5D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAC1F,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,yEAAyE;IACzE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACrB,CAAC;SAAM,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1C,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,KAAK,GAAG,MAAM,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,0CAA0C;YAC1C,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,KAAK,UAAU;oBAAE,OAAO,UAAU,CAAC;gBACxC,IAAI,CAAC,KAAK,MAAM;oBAAE,OAAO,MAAM,CAAC;gBAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;oBAAE,OAAO,QAAQ,CAAC;gBACxD,IAAI,CAAC,KAAK,KAAK;oBAAE,OAAO,KAAK,CAAC;YAChC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,KAAK;oBAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,CAAC,CAAC,sBAAsB,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,OAAO,IAAI,CAAC,EAAE,EAAE;QAChB,iBAAiB,QAAQ,EAAE;QAC3B,gBAAgB,IAAI,CAAC,OAAO,EAAE;QAC9B,KAAK,OAAO,IAAI;QAChB,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;KACzC;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}
+{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2D,CAAC;IAE5F,8EAA8E;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,gCAAgC,EAAE,CAAC,EAAE,EAAE,EAAE;oBACxE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;iBAClC,CAAC,CAAC;gBACH,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;oBACpB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAsB,CAAC;oBAC/D,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;gBAC9C,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAsB,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAA4B;IAC5D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAC1F,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,yEAAyE;IACzE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACrB,CAAC;SAAM,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1C,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,KAAK,GAAG,MAAM,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,0CAA0C;YAC1C,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,KAAK,UAAU;oBAAE,OAAO,UAAU,CAAC;gBACxC,IAAI,CAAC,KAAK,MAAM;oBAAE,OAAO,MAAM,CAAC;gBAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;oBAAE,OAAO,QAAQ,CAAC;gBACxD,IAAI,CAAC,KAAK,KAAK;oBAAE,OAAO,KAAK,CAAC;YAChC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,KAAK;oBAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,CAAC,CAAC,sBAAsB,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,OAAO,IAAI,CAAC,EAAE,EAAE;QAChB,iBAAiB,QAAQ,EAAE;QAC3B,gBAAgB,IAAI,CAAC,OAAO,EAAE;QAC9B,KAAK,OAAO,IAAI;QAChB,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;KACzC;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/build/utils/typosquat.d.ts

@@ -0,0 +1,9 @@
+export declare const POPULAR_PACKAGES: string[];
+export declare function levenshtein(a: string, b: string): number;
+interface TyposquatResult {
+    similarTo: string;
+    confidence: number;
+}
+export declare function detectTyposquat(name: string): TyposquatResult | null;
+export {};
+//# sourceMappingURL=typosquat.d.ts.map

package/build/utils/typosquat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typosquat.d.ts","sourceRoot":"","sources":["../../src/utils/typosquat.ts"],"names":[],"mappings":"AACA,eAAO,MAAM,gBAAgB,UAoD5B,CAAC;AAEF,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAmBxD;AAED,UAAU,eAAe;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAgCpE"}

package/build/utils/typosquat.js

@@ -0,0 +1,101 @@
+// Popular npm packages for typosquat detection
+export const POPULAR_PACKAGES = [
+    // React ecosystem
+    "react", "react-dom", "react-router", "react-router-dom", "react-hook-form",
+    "@tanstack/react-query", "react-icons", "react-select",
+    // Next.js
+    "next", "@next/font", "@next/mdx",
+    // Vue / Svelte / Angular
+    "vue", "svelte", "nuxt", "@angular/core",
+    // State management
+    "zustand", "jotai", "redux", "@reduxjs/toolkit", "mobx", "valtio",
+    // Styling
+    "tailwindcss", "postcss", "autoprefixer", "sass", "styled-components",
+    "@emotion/react", "@emotion/styled", "clsx", "tailwind-merge",
+    // UI frameworks
+    "@radix-ui/react-dialog", "@radix-ui/react-popover", "@radix-ui/react-select",
+    "@radix-ui/react-tooltip", "@radix-ui/react-dropdown-menu",
+    "class-variance-authority", "lucide-react",
+    // Build tools
+    "typescript", "vite", "esbuild", "webpack", "turbo", "tsup", "tsx",
+    // Testing
+    "vitest", "jest", "@testing-library/react", "playwright", "cypress",
+    // HTTP / API
+    "axios", "ky", "got", "node-fetch", "undici",
+    // Validation
+    "zod", "yup", "joi", "valibot", "ajv",
+    // Database / ORM
+    "prisma", "@prisma/client", "drizzle-orm", "drizzle-kit",
+    "mongoose", "typeorm", "knex", "pg", "mysql2", "better-sqlite3",
+    // Auth
+    "@clerk/nextjs", "@clerk/clerk-sdk-node", "next-auth", "@auth/core",
+    "passport", "jsonwebtoken", "bcrypt", "bcryptjs",
+    // Supabase
+    "@supabase/supabase-js", "@supabase/ssr",
+    // Payments
+    "stripe", "@stripe/stripe-js",
+    // Email
+    "resend", "nodemailer", "@sendgrid/mail",
+    // AI
+    "ai", "@ai-sdk/react", "@ai-sdk/openai", "@ai-sdk/anthropic", "@ai-sdk/google",
+    "openai", "@anthropic-ai/sdk",
+    // Server frameworks
+    "express", "fastify", "hono", "koa",
+    // Utilities
+    "lodash", "lodash-es", "date-fns", "dayjs", "uuid", "nanoid",
+    "dotenv", "chalk", "commander", "inquirer", "ora", "execa",
+    "fs-extra", "glob", "minimatch", "semver", "debug",
+    // File handling
+    "sharp", "multer", "formidable",
+    // Logging / monitoring
+    "winston", "pino", "@sentry/nextjs",
+    // MCP
+    "@modelcontextprotocol/sdk",
+];
+export function levenshtein(a, b) {
+    const m = a.length;
+    const n = b.length;
+    const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+    for (let i = 0; i <= m; i++)
+        dp[i][0] = i;
+    for (let j = 0; j <= n; j++)
+        dp[0][j] = j;
+    for (let i = 1; i <= m; i++) {
+        for (let j = 1; j <= n; j++) {
+            if (a[i - 1] === b[j - 1]) {
+                dp[i][j] = dp[i - 1][j - 1];
+            }
+            else {
+                dp[i][j] = 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+            }
+        }
+    }
+    return dp[m][n];
+}
+export function detectTyposquat(name) {
+    const lower = name.toLowerCase();
+    // Exact match = not a typosquat
+    if (POPULAR_PACKAGES.includes(lower))
+        return null;
+    // Strip scope for comparison
+    const bareName = lower.startsWith("@") ? lower.split("/").pop() ?? lower : lower;
+    let bestMatch = null;
+    let bestDistance = Infinity;
+    for (const popular of POPULAR_PACKAGES) {
+        const popularBare = popular.startsWith("@") ? popular.split("/").pop() ?? popular : popular;
+        // Only compare if lengths are within 2 chars
+        if (Math.abs(bareName.length - popularBare.length) > 2)
+            continue;
+        const dist = levenshtein(bareName, popularBare);
+        if (dist > 0 && dist <= 2 && dist < bestDistance) {
+            bestDistance = dist;
+            bestMatch = popular;
+        }
+    }
+    if (!bestMatch)
+        return null;
+    // Confidence: distance 1 = 0.9, distance 2 = 0.7
+    const confidence = bestDistance === 1 ? 0.9 : 0.7;
+    return { similarTo: bestMatch, confidence };
+}
+//# sourceMappingURL=typosquat.js.map

package/build/utils/typosquat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typosquat.js","sourceRoot":"","sources":["../../src/utils/typosquat.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,kBAAkB;IAClB,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,iBAAiB;IAC3E,uBAAuB,EAAE,aAAa,EAAE,cAAc;IACtD,UAAU;IACV,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,yBAAyB;IACzB,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe;IACxC,mBAAmB;IACnB,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,QAAQ;IACjE,UAAU;IACV,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB;IACrE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB;IAC7D,gBAAgB;IAChB,wBAAwB,EAAE,yBAAyB,EAAE,wBAAwB;IAC7E,yBAAyB,EAAE,+BAA+B;IAC1D,0BAA0B,EAAE,cAAc;IAC1C,cAAc;IACd,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK;IAClE,UAAU;IACV,QAAQ,EAAE,MAAM,EAAE,wBAAwB,EAAE,YAAY,EAAE,SAAS;IACnE,aAAa;IACb,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IAC5C,aAAa;IACb,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;IACrC,iBAAiB;IACjB,QAAQ,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa;IACxD,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,gBAAgB;IAC/D,OAAO;IACP,eAAe,EAAE,uBAAuB,EAAE,WAAW,EAAE,YAAY;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU;IAChD,WAAW;IACX,uBAAuB,EAAE,eAAe;IACxC,WAAW;IACX,QAAQ,EAAE,mBAAmB;IAC7B,QAAQ;IACR,QAAQ,EAAE,YAAY,EAAE,gBAAgB;IACxC,KAAK;IACL,IAAI,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB;IAC9E,QAAQ,EAAE,mBAAmB;IAC7B,oBAAoB;IACpB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK;IACnC,YAAY;IACZ,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ;IAC5D,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC1D,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO;IAClD,gBAAgB;IAChB,OAAO,EAAE,QAAQ,EAAE,YAAY;IAC/B,uBAAuB;IACvB,SAAS,EAAE,MAAM,EAAE,gBAAgB;IACnC,MAAM;IACN,2BAA2B;CAC5B,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,CAAS,EAAE,CAAS;IAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,EAAE,GAAe,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC1B,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAOD,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAEjC,gCAAgC;IAChC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAElD,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;IAEjF,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,YAAY,GAAG,QAAQ,CAAC;IAE5B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QAE5F,6CAA6C;QAC7C,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC;YAAE,SAAS;QAEjE,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEhD,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG,YAAY,EAAE,CAAC;YACjD,YAAY,GAAG,IAAI,CAAC;YACpB,SAAS,GAAG,OAAO,CAAC;QACtB,CAAC;IACH,CAAC;IAED,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,iDAAiD;IACjD,MAAM,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AAC9C,CAAC"}

package/package.json

@@ -1,12 +1,11 @@
 {
   "name": "guardvibe",
-  "version": "0.6.3",
-  "description": "GuardVibe — Security MCP server for vibe-coders. OWASP rules, dependency CVE checks, secret detection, and framework security guides — right inside your AI coding assistant.",
-  "author": "GokLab <info@goklab.com>",
+  "version": "0.7.0",
+  "description": "Local-first security MCP for vibe coding. Focused on TypeScript, JavaScript, Python, Go, Dockerfile, YAML, and Terraform.",
   "type": "module",
   "bin": {
-    "guardvibe": "./build/index.js",
-    "guardvibe-init": "./build/cli.js"
+    "guardvibe": "build/index.js",
+    "guardvibe-init": "build/cli.js"
   },
   "files": [
     "build"

package/build/data/rules/java.d.ts

@@ -1,3 +0,0 @@
-import type { SecurityRule } from "./types.js";
-export declare const javaRules: SecurityRule[];
-//# sourceMappingURL=java.d.ts.map

package/build/data/rules/java.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"java.d.ts","sourceRoot":"","sources":["../../../src/data/rules/java.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EAyEnC,CAAC"}

package/build/data/rules/java.js

@@ -1,70 +0,0 @@
-// === Java-specific rules ===
-export const javaRules = [
-    {
-        id: "VG120",
-        name: "Java SQL injection via string concat",
-        severity: "critical",
-        owasp: "A02:2025 Injection",
-        description: "String concatenation in SQL queries allows SQL injection attacks.",
-        pattern: /(?:executeQuery|executeUpdate|prepareStatement|createQuery|createNativeQuery)\s*\(\s*['"][^'"]*['"]\s*\+/gi,
-        languages: ["java"],
-        fix: "Use PreparedStatement with parameter binding: stmt.setString(1, userInput). Never concatenate strings into SQL.",
-        fixCode: "// Use PreparedStatement\nPreparedStatement stmt = conn.prepareStatement(\"SELECT * FROM users WHERE id = ?\");\nstmt.setString(1, userId);",
-    },
-    {
-        id: "VG121",
-        name: "Java command injection",
-        severity: "critical",
-        owasp: "A02:2025 Injection",
-        description: "User input passed to Runtime.exec() allows arbitrary command execution.",
-        pattern: /Runtime\.getRuntime\(\)\.exec\s*\(\s*(?:[^")]*\+|.*(?:request|param|input|args))/gi,
-        languages: ["java"],
-        fix: "Use ProcessBuilder with a list of arguments. Validate input against an allowlist.",
-        fixCode: "// Use ProcessBuilder with list args\nProcessBuilder pb = new ProcessBuilder(\"ls\", \"-la\", dir);\nProcess p = pb.start();",
-    },
-    {
-        id: "VG122",
-        name: "Java XSS via JSP",
-        severity: "high",
-        owasp: "A02:2025 Injection",
-        description: "Unescaped output in JSP pages enables Cross-Site Scripting attacks.",
-        pattern: /<%=\s*(?:request\.getParameter|session\.getAttribute)/gi,
-        languages: ["java"],
-        fix: "Use JSTL <c:out> tag or fn:escapeXml() for output encoding. Never use <%= with user input.",
-        fixCode: "<!-- Use JSTL c:out for auto-escaping -->\n<c:out value=\"${param.name}\" />",
-    },
-    {
-        id: "VG123",
-        name: "Java endpoint without auth annotation",
-        severity: "high",
-        owasp: "A01:2025 Broken Access Control",
-        description: "Spring endpoint without security annotation may be publicly accessible.",
-        pattern: /@(?:RequestMapping|GetMapping|PostMapping|PutMapping|DeleteMapping)\s*\([^)]*(?:\/api|\/admin|\/users|\/account)/gi,
-        languages: ["java"],
-        fix: "Add @PreAuthorize, @Secured, or @RolesAllowed annotation to protect endpoints.",
-        fixCode: "// Add Spring Security annotation\n@PreAuthorize(\"hasRole('USER')\")\n@GetMapping(\"/api/data\")\npublic ResponseEntity<?> getData() { }",
-    },
-    {
-        id: "VG124",
-        name: "Java weak hashing",
-        severity: "critical",
-        owasp: "A07:2025 Auth Failures",
-        description: "Using MessageDigest with MD5 or SHA-1. These are cryptographically weak for passwords.",
-        pattern: /MessageDigest\.getInstance\s*\(\s*['"](?:MD5|SHA-?1)['"]\s*\)/gi,
-        languages: ["java"],
-        fix: "Use BCryptPasswordEncoder or Argon2PasswordEncoder for password hashing.",
-        fixCode: "// Use BCrypt for passwords\nimport org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\nBCryptPasswordEncoder encoder = new BCryptPasswordEncoder();\nString hash = encoder.encode(password);",
-    },
-    {
-        id: "VG125",
-        name: "Java CORS wildcard",
-        severity: "high",
-        owasp: "A05:2025 Security Misconfiguration",
-        description: "Spring @CrossOrigin with wildcard allows any website to access your API.",
-        pattern: /@CrossOrigin\s*\(\s*(?:origins\s*=\s*)?['"]?\s*\*/gi,
-        languages: ["java"],
-        fix: "Set specific allowed origins in @CrossOrigin annotation.",
-        fixCode: "// Specify allowed origins\n@CrossOrigin(origins = \"https://myapp.com\")\n@GetMapping(\"/api/data\")",
-    },
-];
-//# sourceMappingURL=java.js.map

package/build/data/rules/java.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"java.js","sourceRoot":"","sources":["../../../src/data/rules/java.ts"],"names":[],"mappings":"AAEA,8BAA8B;AAC9B,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sCAAsC;QAC5C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,mEAAmE;QACrE,OAAO,EAAE,4GAA4G;QACrH,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,iHAAiH;QACtH,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yEAAyE;QAC3E,OAAO,EAAE,oFAAoF;QAC7F,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,mFAAmF;QACxF,OAAO,EAAE,8HAA8H;KACxI;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qEAAqE;QACvE,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,4FAA4F;QACjG,OAAO,EAAE,8EAA8E;KACxF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uCAAuC;QAC7C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EAAE,oHAAoH;QAC7H,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,gFAAgF;QACrF,OAAO,EAAE,2IAA2I;KACrJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,wFAAwF;QAC1F,OAAO,EAAE,iEAAiE;QAC1E,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,0EAA0E;QAC/E,OAAO,EAAE,8MAA8M;KACxN;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0EAA0E;QAC5E,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EAAE,uGAAuG;KACjH;CACF,CAAC"}

package/build/data/rules/php.d.ts

@@ -1,3 +0,0 @@
-import type { SecurityRule } from "./types.js";
-export declare const phpRules: SecurityRule[];
-//# sourceMappingURL=php.d.ts.map

package/build/data/rules/php.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"php.d.ts","sourceRoot":"","sources":["../../../src/data/rules/php.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,QAAQ,EAAE,YAAY,EA6DlC,CAAC"}

package/build/data/rules/php.js

@@ -1,59 +0,0 @@
-// === PHP-specific rules ===
-export const phpRules = [
-    {
-        id: "VG130",
-        name: "PHP SQL injection via user input",
-        severity: "critical",
-        owasp: "A02:2025 Injection",
-        description: "User input ($_GET, $_POST, $_REQUEST) directly used in SQL queries enables SQL injection.",
-        pattern: /(?:mysql_query|mysqli_query|->query|->exec)\s*\([^)]*(?:\$_GET|\$_POST|\$_REQUEST|\$_COOKIE)/gi,
-        languages: ["php"],
-        fix: "Use prepared statements: $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?'); $stmt->execute([$id]);",
-        fixCode: "// Use prepared statements\n$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');\n$stmt->execute([$_GET['id']]);",
-    },
-    {
-        id: "VG131",
-        name: "PHP command injection",
-        severity: "critical",
-        owasp: "A02:2025 Injection",
-        description: "User input passed to shell execution functions allows arbitrary command execution.",
-        pattern: /(?:shell_exec|passthru|popen|proc_open)\s*\([^)]*(?:\$_GET|\$_POST|\$_REQUEST|\$_COOKIE|\$(?:input|cmd|command))/gi,
-        languages: ["php"],
-        fix: "Use escapeshellarg() and escapeshellcmd() for any shell input. Prefer built-in PHP functions over shell commands.",
-        fixCode: "// Escape shell arguments\n$safe = escapeshellarg($input);\n$output = shell_exec('ls ' . $safe);",
-    },
-    {
-        id: "VG132",
-        name: "PHP XSS via echo",
-        severity: "high",
-        owasp: "A02:2025 Injection",
-        description: "Echoing user input without escaping enables Cross-Site Scripting.",
-        pattern: /(?:echo|print)\s+(?:\$_GET|\$_POST|\$_REQUEST|\$_COOKIE)/gi,
-        languages: ["php"],
-        fix: "Use htmlspecialchars($input, ENT_QUOTES, 'UTF-8') before outputting user data.",
-        fixCode: "// Escape output\necho htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');",
-    },
-    {
-        id: "VG133",
-        name: "PHP weak hashing",
-        severity: "critical",
-        owasp: "A07:2025 Auth Failures",
-        description: "Using md5() or sha1() for password hashing. These are not secure for passwords.",
-        pattern: /(?:md5|sha1)\s*\(\s*\$/gi,
-        languages: ["php"],
-        fix: "Use password_hash($password, PASSWORD_BCRYPT) and password_verify() for passwords.",
-        fixCode: "// Use password_hash\n$hash = password_hash($password, PASSWORD_BCRYPT);\n$valid = password_verify($input, $hash);",
-    },
-    {
-        id: "VG134",
-        name: "PHP dynamic code execution",
-        severity: "critical",
-        owasp: "A02:2025 Injection",
-        description: "eval() with user input allows arbitrary code execution.",
-        pattern: /eval\s*\([^)]*(?:\$_GET|\$_POST|\$_REQUEST|\$_COOKIE|\$(?:input|data|code))/gi,
-        languages: ["php"],
-        fix: "Never use eval() with user input. Refactor to use safe alternatives.",
-        fixCode: "// Avoid eval entirely\n// Use JSON for data: $data = json_decode($input, true);\n// Use match/switch for dynamic behavior",
-    },
-];
-//# sourceMappingURL=php.js.map

package/build/data/rules/php.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"php.js","sourceRoot":"","sources":["../../../src/data/rules/php.ts"],"names":[],"mappings":"AAEA,6BAA6B;AAC7B,MAAM,CAAC,MAAM,QAAQ,GAAmB;IACtC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,2FAA2F;QAC7F,OAAO,EAAE,gGAAgG;QACzG,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,4GAA4G;QACjH,OAAO,EAAE,wHAAwH;KAClI;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,oHAAoH;QAC7H,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,kGAAkG;KAC5G;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,mEAAmE;QACrE,OAAO,EAAE,4DAA4D;QACrE,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,gFAAgF;QACrF,OAAO,EAAE,8EAA8E;KACxF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,iFAAiF;QACnF,OAAO,EAAE,0BAA0B;QACnC,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,oFAAoF;QACzF,OAAO,EAAE,oHAAoH;KAC9H;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yDAAyD;QAC3D,OAAO,EAAE,+EAA+E;QACxF,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,sEAAsE;QAC3E,OAAO,EAAE,4HAA4H;KACtI;CACF,CAAC"}

package/build/data/rules/ruby.d.ts

@@ -1,3 +0,0 @@
-import type { SecurityRule } from "./types.js";
-export declare const rubyRules: SecurityRule[];
-//# sourceMappingURL=ruby.d.ts.map

package/build/data/rules/ruby.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"ruby.d.ts","sourceRoot":"","sources":["../../../src/data/rules/ruby.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EA6DnC,CAAC"}