guardvibe 0.6.4 → 0.7.0

package/build/data/rules/nextjs.js

@@ -0,0 +1,148 @@
+// Security rules for Next.js App Router patterns
+export const nextjsRules = [
+    {
+        id: "VG400",
+        name: "Client Component Secret Exposure",
+        severity: "critical",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Server-side environment variable accessed in a 'use client' component. These values are exposed to the browser. Only NEXT_PUBLIC_ variables are safe in client components.",
+        pattern: /["']use client["'][\s\S]*?process\.env\.(?!NEXT_PUBLIC_)\w+/g,
+        languages: ["javascript", "typescript"],
+        fix: "Move this logic to a Server Component or Server Action. Only process.env.NEXT_PUBLIC_* variables are available in client components.",
+        fixCode: '// Move to a Server Component (no \'use client\')\nexport default async function Page() {\n  const secret = process.env.SECRET_KEY;\n  return <ClientComponent data={safeData} />;\n}',
+        compliance: ["SOC2:CC6.1", "HIPAA:§164.312(a)"],
+    },
+    {
+        id: "VG401",
+        name: "Server Action Missing Input Validation",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "Server Action processes form data without schema validation. Unvalidated input can lead to injection attacks.",
+        pattern: /["']use server["'][\s\S]{0,500}?formData\.get\s*\(/g,
+        languages: ["javascript", "typescript"],
+        fix: "Validate all inputs with a schema library (zod, yup, valibot) before processing.",
+        fixCode: '"use server";\nimport { z } from "zod";\n\nconst schema = z.object({ name: z.string().min(1), email: z.string().email() });\n\nexport async function createUser(formData: FormData) {\n  const data = schema.parse(Object.fromEntries(formData));\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    {
+        id: "VG402",
+        name: "Server Action Missing Auth Check",
+        severity: "critical",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Server Action performs data mutations without verifying user authentication. Anyone can invoke Server Actions directly via POST request.",
+        pattern: /["']use server["'][\s\S]{0,200}?export\s+async\s+function\s+\w+\s*\([^)]*\)\s*\{(?:(?!auth\s*\(|getServerSession|currentUser|getUser|requireAuth|clerkClient)[\s\S])*?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always verify authentication at the start of every Server Action.",
+        fixCode: '"use server";\nimport { auth } from "@clerk/nextjs/server";\n\nexport async function deleteItem(id: string) {\n  const { userId } = await auth();\n  if (!userId) throw new Error("Unauthorized");\n}',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10", "HIPAA:§164.312(d)"],
+    },
+    {
+        id: "VG403",
+        name: "Route Handler CORS Wildcard",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Route handler sets Access-Control-Allow-Origin to wildcard (*). This allows any website to make requests to your API.",
+        pattern: /(?:GET|POST|PUT|DELETE|PATCH|OPTIONS)\s*\([\s\S]*?["']Access-Control-Allow-Origin["']\s*[,:]\s*["']\*["']/g,
+        languages: ["javascript", "typescript"],
+        fix: "Restrict CORS to specific trusted origins instead of wildcard.",
+        fixCode: '// Restrict to specific origin\nconst allowedOrigin = process.env.ALLOWED_ORIGIN;\nreturn new Response(data, {\n  headers: { "Access-Control-Allow-Origin": allowedOrigin }\n});',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG404",
+        name: "Middleware Auth Bypass Risk",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Middleware or proxy has overly broad public path matcher that may accidentally expose protected routes.",
+        pattern: /(?:matcher|config)\s*[=:]\s*[\s\S]*?["']\/\(\.\*\)["']/g,
+        languages: ["javascript", "typescript"],
+        fix: "Use specific path matchers instead of catch-all patterns.",
+        fixCode: '// Be specific with matchers\nexport const config = {\n  matcher: ["/dashboard/:path*", "/api/:path*"]\n};',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG405",
+        name: "Missing Security Headers in Next Config",
+        severity: "medium",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "next.config is missing important security headers (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options).",
+        pattern: /(?:async\s+)?headers\s*\(\s*\)\s*\{[\s\S]*?return\s*\[[\s\S]*?\][\s\S]*?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Add security headers in next.config.ts headers() function.",
+        fixCode: '// next.config.ts\nasync headers() {\n  return [{\n    source: "/(.*)",\n    headers: [\n      { key: "X-Frame-Options", value: "DENY" },\n      { key: "X-Content-Type-Options", value: "nosniff" },\n      { key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains" },\n    ]\n  }];\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG406",
+        name: "Unsanitized Dynamic Route Params",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "Dynamic route parameters (params, searchParams) are used directly in database queries or operations without validation.",
+        pattern: /(?:params|searchParams)\s*[\.\[]\s*["']?\w+["']?\s*[\]\)]?\s*(?:;|\))\s*[\s\S]*?(?:query|execute|findUnique|findFirst|findMany|delete|update|create)\s*\(/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always validate and sanitize dynamic route parameters before using them in queries.",
+        fixCode: '// Validate params before use\nimport { z } from "zod";\nconst idSchema = z.string().uuid();\n\nexport default async function Page({ params }: { params: { id: string } }) {\n  const id = idSchema.parse((await params).id);\n  const item = await db.item.findUnique({ where: { id } });\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    {
+        id: "VG407",
+        name: "Server Data Leaked to Client Component",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Sensitive data (tokens, secrets, internal IDs) appears to be passed from server to client component as props.",
+        pattern: /(?:secret|token|password|apiKey|privateKey|internalId|ssn|creditCard)\s*=\s*\{[\s\S]*?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Never pass sensitive data as props to client components. Keep secrets server-side.",
+        fixCode: "// Keep sensitive data server-side\nexport default async function Page() {\n  const secret = process.env.API_SECRET;\n  const publicData = await fetchData(secret);\n  return <ClientComponent data={publicData} />;\n}",
+        compliance: ["SOC2:CC6.1", "HIPAA:§164.312(a)"],
+    },
+    {
+        id: "VG408",
+        name: "Unsafe innerHTML Usage",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "Using dangerouslySetInnerHTML renders unescaped HTML, which can lead to XSS if the content includes user input. This is a security rule detector — it flags vulnerable code patterns.",
+        pattern: /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:/g,
+        languages: ["javascript", "typescript"],
+        fix: "Sanitize HTML with DOMPurify before rendering, or use a markdown renderer instead.",
+        fixCode: '// Use a sanitizer library\nimport DOMPurify from "dompurify";\nconst clean = DOMPurify.sanitize(content);\n\n// Or use a markdown renderer\nimport ReactMarkdown from "react-markdown";\n<ReactMarkdown>{content}</ReactMarkdown>',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
+    },
+    {
+        id: "VG409",
+        name: "Open Redirect via User Input",
+        severity: "medium",
+        owasp: "A01:2025 Broken Access Control",
+        description: "redirect() or NextResponse.redirect() uses user-controlled input (searchParams, query) which can redirect users to malicious sites.",
+        pattern: /redirect\s*\(\s*(?:searchParams|params|req\.query|request\.url|url|query)\s*[\.\[]/g,
+        languages: ["javascript", "typescript"],
+        fix: "Validate redirect URLs against an allowlist of trusted domains.",
+        fixCode: '// Validate redirect URL\nconst ALLOWED_HOSTS = ["example.com"];\nconst target = searchParams.get("next") ?? "/";\ntry {\n  const url = new URL(target, request.url);\n  if (!ALLOWED_HOSTS.includes(url.hostname)) redirect("/");\n  redirect(url.pathname);\n} catch {\n  redirect("/");\n}',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG410",
+        name: "Unauthorized Cache Revalidation",
+        severity: "medium",
+        owasp: "A01:2025 Broken Access Control",
+        description: "revalidateTag() or revalidatePath() is called in a route handler without authentication check. Anyone could trigger cache invalidation.",
+        pattern: /(?:GET|POST|PUT|DELETE)\s*\([\s\S]*?(?:revalidateTag|revalidatePath)\s*\([\s\S]*?(?![\s\S]*?(?:auth\s*\(|getServerSession|currentUser))/g,
+        languages: ["javascript", "typescript"],
+        fix: "Protect revalidation endpoints with authentication or a secret token.",
+        fixCode: 'import { auth } from "@clerk/nextjs/server";\n\nexport async function POST(req: Request) {\n  const { userId } = await auth();\n  if (!userId) return new Response("Unauthorized", { status: 401 });\n  revalidateTag("posts");\n  return Response.json({ revalidated: true });\n}',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG411",
+        name: "NEXT_PUBLIC_ Secret Leak",
+        severity: "critical",
+        owasp: "A07:2025 Sensitive Data Exposure",
+        description: "Environment variable prefixed with NEXT_PUBLIC_ contains a secret keyword (SECRET, KEY, PASSWORD, TOKEN). NEXT_PUBLIC_ variables are embedded in the client bundle and visible to anyone.",
+        pattern: /NEXT_PUBLIC_\w*(?:SECRET|_KEY|PASSWORD|TOKEN|PRIVATE|CREDENTIAL)\w*\s*=/gi,
+        languages: ["javascript", "typescript", "shell"],
+        fix: "Remove NEXT_PUBLIC_ prefix from secret variables. Access them only server-side.",
+        fixCode: "# .env.local — WRONG\n# NEXT_PUBLIC_SECRET_KEY=sk_live_xxx\n\n# .env.local — CORRECT\nSECRET_KEY=sk_live_xxx\n# Access server-side only: process.env.SECRET_KEY",
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
+    },
+];
+//# sourceMappingURL=nextjs.js.map

package/build/data/rules/nextjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,8DAA8D;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,qDAAqD;QACvD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,2KAA2K;QAC7K,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,2EAA2E;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;CACF,CAAC"}

package/build/index.js

@@ -12,9 +12,10 @@ import { scanSecrets } from "./tools/scan-secrets.js";
 import { scanStaged } from "./tools/scan-staged.js";
 import { complianceReport } from "./tools/compliance-report.js";
 import { exportSarif } from "./tools/export-sarif.js";
+import { checkPackageHealth } from "./tools/check-package-health.js";
 const server = new McpServer({
     name: "guardvibe",
-    version: "0.6.4",
+    version: "0.7.0",
 });
 // Tool 1: Analyze code for security vulnerabilities
 server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
@@ -26,8 +27,9 @@ server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top
         .string()
         .optional()
         .describe("Framework context (e.g. express, nextjs, fastapi, react, django)"),
-}, async ({ code, language, framework }) => {
-    const results = checkCode(code, language, framework);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ code, language, framework, format }) => {
+    const results = checkCode(code, language, framework, undefined, undefined, format);
     return {
         content: [{ type: "text", text: results }],
     };
@@ -40,8 +42,9 @@ server.tool("check_project", "Scan multiple files for security vulnerabilities a
         content: z.string().describe("File source code"),
     }))
         .describe("List of files to scan: [{path, content}]"),
-}, async ({ files }) => {
-    const results = checkProject(files);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ files, format }) => {
+    const results = checkProject(files, format);
     return {
         content: [{ type: "text", text: results }],
     };
@@ -89,36 +92,42 @@ server.tool("scan_directory", "Scan an entire project directory for security vul
     path: z.string().describe("Directory path to scan (e.g. './src', '.')"),
     recursive: z.boolean().optional().default(true).describe("Scan subdirectories"),
     exclude: z.array(z.string()).optional().default([]).describe("Additional directories to exclude"),
-}, async ({ path, recursive, exclude }) => {
-    const results = scanDirectory(path, recursive, exclude);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ path, recursive, exclude, format }) => {
+    const results = scanDirectory(path, recursive, exclude, format);
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 6: Scan manifest/lockfile for dependency vulnerabilities
 server.tool("scan_dependencies", "Parse a lockfile or manifest (package.json, package-lock.json, requirements.txt, go.mod) and check all dependencies for known CVEs via the OSV database. Reads the file directly.", {
     manifest_path: z.string().describe("Path to manifest file (e.g. 'package.json', 'requirements.txt', 'go.mod')"),
-}, async ({ manifest_path }) => {
-    const results = await scanDependencies(manifest_path);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ manifest_path, format }) => {
+    const results = await scanDependencies(manifest_path, format);
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 7: Scan for leaked secrets, API keys, and credentials
 server.tool("scan_secrets", "Scan files and directories for leaked secrets, API keys, tokens, and credentials. Checks .env files, config files, and source code. Verifies .gitignore coverage.", {
     path: z.string().describe("File or directory path to scan"),
     recursive: z.boolean().optional().default(true).describe("Scan subdirectories"),
-}, async ({ path, recursive }) => {
-    const results = scanSecrets(path, recursive);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ path, recursive, format }) => {
+    const results = scanSecrets(path, recursive, format);
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 8: Scan git-staged files before committing
-server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files.", {}, async () => {
-    const results = scanStaged();
+server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files.", {
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ format }) => {
+    const results = scanStaged(process.cwd(), format);
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 9: Generate compliance-focused security report
 server.tool("compliance_report", "Generate a compliance-focused security report mapped to SOC2, PCI-DSS, or HIPAA controls. Scans a directory and groups findings by compliance control.", {
     path: z.string().describe("Directory to scan"),
     framework: z.enum(["SOC2", "PCI-DSS", "HIPAA", "all"]).describe("Compliance framework"),
-}, async ({ path, framework }) => {
-    const results = complianceReport(path, framework);
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ path, framework, format }) => {
+    const results = complianceReport(path, framework, format);
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 10: Export scan results in SARIF v2.1.0 format
@@ -128,6 +137,14 @@ server.tool("export_sarif", "Scan a directory and export results in SARIF v2.1.0
     const results = exportSarif(path);
     return { content: [{ type: "text", text: results }] };
 });
+// Tool 11: Check package health and typosquat risk
+server.tool("check_package_health", "Check npm packages for typosquat risk, maintenance status, adoption metrics, and deprecation. Use this before adding new dependencies to catch suspicious or risky packages.", {
+    packages: z.array(z.string()).describe("List of package names to check (e.g. ['lodash', 'expres', 'react-qeury'])"),
+    format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
+}, async ({ packages, format }) => {
+    const results = await checkPackageHealth(packages, format);
+    return { content: [{ type: "text", text: results }] };
+});
 async function main() {
     const transport = new StdioServerTransport();
     await server.connect(transport);

package/build/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;SAC7G,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;IACtC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;CACxD,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CAClG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE;IACrC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;CAChH,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;IAC1B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACxF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAErE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;SAC7G,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACnF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;IACvD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5C,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACjG,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAChE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IAC/G,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE;IAClC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K;IACE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACnB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,8KAA8K,EAC9K;IACE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IACnH,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7B,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/tools/check-code.d.ts

@@ -5,5 +5,6 @@ export interface Finding {
     line: number;
 }
 export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string): Finding[];
-export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string): string;
+export declare function formatFindingsJson(findings: Finding[], extra?: Record<string, unknown>): string;
+export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json"): string;
 //# sourceMappingURL=check-code.d.ts.map

package/build/tools/check-code.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,EAAE,CAsCX;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,CAQR"}
+{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,EAAE,CAsCX;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAkB/F;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,UAAU,GAAG,MAAmB,GACvC,MAAM,CAYR"}

package/build/tools/check-code.js

@@ -57,8 +57,29 @@ export function analyzeCode(code, language, framework, filePath, configDir) {
     }
     return findings;
 }
-export function checkCode(code, language, framework, filePath, configDir) {
+export function formatFindingsJson(findings, extra) {
+    const critical = findings.filter(f => f.rule.severity === "critical").length;
+    const high = findings.filter(f => f.rule.severity === "high").length;
+    const medium = findings.filter(f => f.rule.severity === "medium").length;
+    const low = findings.filter(f => f.rule.severity === "low").length;
+    return JSON.stringify({
+        summary: {
+            total: findings.length, critical, high, medium, low,
+            blocked: critical > 0 || high > 0,
+            ...extra,
+        },
+        findings: findings.map(f => ({
+            id: f.rule.id, name: f.rule.name, severity: f.rule.severity,
+            owasp: f.rule.owasp, line: f.line, match: f.match,
+            fix: f.rule.fix, fixCode: f.rule.fixCode, compliance: f.rule.compliance,
+        })),
+    });
+}
+export function checkCode(code, language, framework, filePath, configDir, format = "markdown") {
     const findings = analyzeCode(code, language, framework, filePath, configDir);
+    if (format === "json") {
+        return formatFindingsJson(findings);
+    }
     if (findings.length === 0) {
         return formatCleanReport(language, framework);
     }

package/build/tools/check-code.js.map

@@ -1 +1 @@
-{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB;IAElB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,uDAAuD;QACvD,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS,CAAC,yBAAyB;QAChF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB;IAElB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE7E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB;IAElB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,uDAAuD;QACvD,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS,CAAC,yBAAyB;QAChF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAmB,EAAE,KAA+B;IACrF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAEnE,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE;YACP,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG;YACnD,OAAO,EAAE,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YACjC,GAAG,KAAK;SACT;QACD,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;YACjD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SACxE,CAAC,CAAC;KACJ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,SAA8B,UAAU;IAExC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE7E,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/check-package-health.d.ts

@@ -0,0 +1,29 @@
+interface RegistryData {
+    exists: boolean;
+    downloads: number;
+    lastPublish: string;
+    maintainers: number;
+    deprecated: boolean;
+}
+interface HealthFlag {
+    type: "typosquat" | "deprecated" | "unmaintained" | "low_adoption" | "single_maintainer" | "new_package";
+    message: string;
+    confidence?: number;
+}
+export interface PackageHealthResult {
+    name: string;
+    exists: boolean;
+    risk: "critical" | "high" | "medium" | "low";
+    flags: HealthFlag[];
+    registry?: {
+        downloads: number;
+        lastPublish: string;
+        maintainers: number;
+        deprecated: boolean;
+    };
+    similarTo?: string;
+}
+export declare function assessPackageRisk(name: string, data: RegistryData): PackageHealthResult;
+export declare function checkPackageHealth(packages: string[], format?: "markdown" | "json"): Promise<string>;
+export {};
+//# sourceMappingURL=check-package-health.d.ts.map

package/build/tools/check-package-health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-package-health.d.ts","sourceRoot":"","sources":["../../src/tools/check-package-health.ts"],"names":[],"mappings":"AAEA,UAAU,YAAY;IACpB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,WAAW,GAAG,YAAY,GAAG,cAAc,GAAG,cAAc,GAAG,mBAAmB,GAAG,aAAa,CAAC;IACzG,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAC7C,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,mBAAmB,CA2EvF;AAmCD,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAAE,EAClB,MAAM,GAAE,UAAU,GAAG,MAAmB,GACvC,OAAO,CAAC,MAAM,CAAC,CAuDjB"}

package/build/tools/check-package-health.js

@@ -0,0 +1,142 @@
+import { detectTyposquat } from "../utils/typosquat.js";
+export function assessPackageRisk(name, data) {
+    const flags = [];
+    let similarTo;
+    if (!data.exists) {
+        return {
+            name, exists: false, risk: "critical",
+            flags: [{ type: "typosquat", message: `Package "${name}" does not exist on npm. Possible typosquat or misspelling.` }],
+        };
+    }
+    // Typosquat check
+    const typo = detectTyposquat(name);
+    if (typo) {
+        flags.push({
+            type: "typosquat",
+            message: `Suspicious similarity to "${typo.similarTo}" (popular package). Possible typosquat.`,
+            confidence: typo.confidence,
+        });
+        similarTo = typo.similarTo;
+    }
+    // Deprecated
+    if (data.deprecated) {
+        flags.push({ type: "deprecated", message: "Package is marked as deprecated." });
+    }
+    // Unmaintained: last publish > 2 years ago
+    if (data.lastPublish) {
+        const lastPub = new Date(data.lastPublish);
+        const twoYearsAgo = new Date();
+        twoYearsAgo.setFullYear(twoYearsAgo.getFullYear() - 2);
+        if (lastPub < twoYearsAgo) {
+            flags.push({ type: "unmaintained", message: `Last published ${lastPub.toISOString().split("T")[0]} (over 2 years ago).` });
+        }
+        // New package: < 30 days old with low downloads
+        const thirtyDaysAgo = new Date();
+        thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
+        if (lastPub > thirtyDaysAgo && data.downloads < 100) {
+            flags.push({ type: "new_package", message: "New package (published within 30 days) with low downloads." });
+        }
+    }
+    // Low adoption
+    if (data.downloads < 100) {
+        flags.push({ type: "low_adoption", message: `Very low weekly downloads (${data.downloads}).` });
+    }
+    // Single maintainer + low downloads
+    if (data.maintainers === 1 && data.downloads < 100) {
+        flags.push({ type: "single_maintainer", message: "Only 1 maintainer with low adoption." });
+    }
+    // Determine risk level
+    let risk = "low";
+    if (flags.some(f => f.type === "typosquat")) {
+        risk = "critical";
+    }
+    else if (flags.some(f => f.type === "deprecated" || f.type === "unmaintained") ||
+        (flags.some(f => f.type === "single_maintainer") && data.downloads < 100)) {
+        risk = "high";
+    }
+    else if (flags.some(f => f.type === "low_adoption" || f.type === "new_package")) {
+        risk = "medium";
+    }
+    return {
+        name, exists: true, risk, flags,
+        registry: {
+            downloads: data.downloads,
+            lastPublish: data.lastPublish,
+            maintainers: data.maintainers,
+            deprecated: data.deprecated,
+        },
+        similarTo,
+    };
+}
+async function fetchRegistryData(name) {
+    try {
+        const [metaRes, downloadsRes] = await Promise.all([
+            fetch(`https://registry.npmjs.org/${encodeURIComponent(name)}`, { signal: AbortSignal.timeout(5000) }),
+            fetch(`https://api.npmjs.org/downloads/point/last-week/${encodeURIComponent(name)}`, { signal: AbortSignal.timeout(5000) }),
+        ]);
+        if (metaRes.status === 404) {
+            return { exists: false, downloads: 0, lastPublish: "", maintainers: 0, deprecated: false };
+        }
+        if (!metaRes.ok) {
+            throw new Error(`npm registry error: ${metaRes.status}`);
+        }
+        const meta = await metaRes.json();
+        const latestVersion = meta["dist-tags"]?.latest;
+        const lastPublish = meta.time?.modified ?? meta.time?.[latestVersion] ?? "";
+        const maintainers = meta.maintainers?.length ?? 0;
+        const deprecated = !!meta.versions?.[latestVersion]?.deprecated;
+        let downloads = 0;
+        if (downloadsRes.ok) {
+            const dlData = await downloadsRes.json();
+            downloads = dlData.downloads ?? 0;
+        }
+        return { exists: true, downloads, lastPublish, maintainers, deprecated };
+    }
+    catch {
+        return { exists: false, downloads: 0, lastPublish: "", maintainers: 0, deprecated: false };
+    }
+}
+export async function checkPackageHealth(packages, format = "markdown") {
+    const results = [];
+    for (const name of packages) {
+        const data = await fetchRegistryData(name);
+        results.push(assessPackageRisk(name, data));
+    }
+    if (format === "json") {
+        return JSON.stringify({ packages: results });
+    }
+    // Markdown output
+    const lines = [
+        "# GuardVibe Package Health Report",
+        "",
+        `Packages checked: ${packages.length}`,
+        "",
+    ];
+    const riskyPackages = results.filter(r => r.risk !== "low");
+    if (riskyPackages.length === 0) {
+        lines.push("All packages look healthy. No issues detected.");
+        return lines.join("\n");
+    }
+    lines.push(`Issues found in ${riskyPackages.length} package(s):`, "", "---", "");
+    for (const result of results) {
+        if (result.flags.length === 0)
+            continue;
+        lines.push(`## ${result.name} — Risk: ${result.risk.toUpperCase()}`, "");
+        if (!result.exists) {
+            lines.push("**Package does not exist on npm.**", "");
+            continue;
+        }
+        if (result.registry) {
+            lines.push(`- Weekly downloads: ${result.registry.downloads.toLocaleString()}`, `- Last published: ${result.registry.lastPublish.split("T")[0]}`, `- Maintainers: ${result.registry.maintainers}`, `- Deprecated: ${result.registry.deprecated ? "Yes" : "No"}`, "");
+        }
+        for (const flag of result.flags) {
+            lines.push(`- **[${flag.type.toUpperCase()}]** ${flag.message}`);
+        }
+        if (result.similarTo) {
+            lines.push(`- Did you mean **${result.similarTo}**?`);
+        }
+        lines.push("", "---", "");
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=check-package-health.js.map

package/build/tools/check-package-health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-package-health.js","sourceRoot":"","sources":["../../src/tools/check-package-health.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA8BxD,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,IAAkB;IAChE,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,IAAI,SAA6B,CAAC;IAElC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO;YACL,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU;YACrC,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,YAAY,IAAI,6DAA6D,EAAE,CAAC;SACvH,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,IAAI,EAAE,CAAC;QACT,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,6BAA6B,IAAI,CAAC,SAAS,0CAA0C;YAC9F,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QACH,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAC7B,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,2CAA2C;IAC3C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,kBAAkB,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB,EAAE,CAAC,CAAC;QAC7H,CAAC;QAED,gDAAgD;QAChD,MAAM,aAAa,GAAG,IAAI,IAAI,EAAE,CAAC;QACjC,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,IAAI,OAAO,GAAG,aAAa,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACpD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,4DAA4D,EAAE,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,eAAe;IACf,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,8BAA8B,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAClG,CAAC;IAED,oCAAoC;IACpC,IAAI,IAAI,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,uBAAuB;IACvB,IAAI,IAAI,GAA2C,KAAK,CAAC;IACzD,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,EAAE,CAAC;QAC5C,IAAI,GAAG,UAAU,CAAC;IACpB,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC;QACrE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,EAAE,CAAC;QACrF,IAAI,GAAG,MAAM,CAAC;IAChB,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,EAAE,CAAC;QAClF,IAAI,GAAG,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK;QAC/B,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B;QACD,SAAS;KACV,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,IAAY;IAC3C,IAAI,CAAC;QACH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAChD,KAAK,CAAC,8BAA8B,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACtG,KAAK,CAAC,mDAAmD,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;SAC5H,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;QAC7F,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uBAAuB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAS,CAAC;QACzC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAChD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC;QAEhE,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAS,CAAC;YAChD,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;IAC7F,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAkB,EAClB,SAA8B,UAAU;IAExC,MAAM,OAAO,GAA0B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GAAa;QACtB,mCAAmC;QACnC,EAAE;QACF,qBAAqB,QAAQ,CAAC,MAAM,EAAE;QACtC,EAAE;KACH,CAAC;IAEF,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC;IAC5D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,mBAAmB,aAAa,CAAC,MAAM,cAAc,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IAEjF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAExC,KAAK,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAC;YACrD,SAAS;QACX,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CACR,uBAAuB,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,EACnE,qBAAqB,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAChE,kBAAkB,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,EAC/C,iBAAiB,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,EAC5D,EAAE,CACH,CAAC;QACJ,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/build/tools/check-project.d.ts

@@ -2,6 +2,6 @@ interface FileInput {
     path: string;
     content: string;
 }
-export declare function checkProject(files: FileInput[]): string;
+export declare function checkProject(files: FileInput[], format?: "markdown" | "json"): string;
 export {};
 //# sourceMappingURL=check-project.d.ts.map

package/build/tools/check-project.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAiDD,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,CAkJvD"}
+{"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAgED,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,MAAM,GAAE,UAAU,GAAG,MAAmB,GAAG,MAAM,CAsJjG"}