laxy-verify 1.2.0 → 1.2.2

package/dist/security-audit.d.ts

@@ -1,9 +1,9 @@
-export interface SecurityAuditResult {
-    totalVulnerabilities: number;
-    critical: number;
-    high: number;
-    moderate: number;
-    low: number;
-    summary: string;
-}
-export declare function runSecurityAudit(cwd: string, timeoutMs?: number): Promise<SecurityAuditResult>;
+export interface SecurityAuditResult {
+    totalVulnerabilities: number;
+    critical: number;
+    high: number;
+    moderate: number;
+    low: number;
+    summary: string;
+}
+export declare function runSecurityAudit(cwd: string, timeoutMs?: number): Promise<SecurityAuditResult>;

package/dist/security-audit.js

@@ -1,64 +1,64 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.runSecurityAudit = runSecurityAudit;
-/**
- * npm audit wrapper for Pro/Pro+ security scanning.
- *
- * Runs `npm audit --json` in the project directory and extracts
- * severity counts + a short summary for the verification report.
- */
-const node_child_process_1 = require("node:child_process");
-async function runSecurityAudit(cwd, timeoutMs = 30000) {
-    console.log("  Running security audit (npm audit)...");
-    return new Promise((resolve) => {
-        const chunks = [];
-        const proc = process.platform === "win32"
-            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npm audit --json"], {
-                stdio: ["ignore", "pipe", "pipe"],
-                cwd,
-            })
-            : (0, node_child_process_1.spawn)("npm", ["audit", "--json"], {
-                shell: true,
-                stdio: ["ignore", "pipe", "pipe"],
-                cwd,
-            });
-        const timer = setTimeout(() => {
-            try {
-                proc.kill();
-            }
-            catch { }
-            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit timed out" });
-        }, timeoutMs);
-        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
-        proc.stderr?.on("data", () => { }); // ignore stderr
-        proc.on("exit", () => {
-            clearTimeout(timer);
-            const raw = chunks.join("");
-            try {
-                const json = JSON.parse(raw);
-                // npm audit v2 format
-                const meta = json.metadata?.vulnerabilities ?? json.vulnerabilities ?? {};
-                const critical = meta.critical ?? 0;
-                const high = meta.high ?? 0;
-                const moderate = meta.moderate ?? 0;
-                const low = meta.low ?? 0;
-                const total = critical + high + moderate + low;
-                const parts = [];
-                if (critical > 0)
-                    parts.push(`${critical} critical`);
-                if (high > 0)
-                    parts.push(`${high} high`);
-                if (moderate > 0)
-                    parts.push(`${moderate} moderate`);
-                if (low > 0)
-                    parts.push(`${low} low`);
-                const summary = total === 0 ? "No known vulnerabilities" : parts.join(", ");
-                console.log(`  Security: ${summary}`);
-                resolve({ totalVulnerabilities: total, critical, high, moderate, low, summary });
-            }
-            catch {
-                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit parse failed" });
-            }
-        });
-    });
-}
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runSecurityAudit = runSecurityAudit;
+/**
+ * npm audit wrapper for Pro/Pro+ security scanning.
+ *
+ * Runs `npm audit --json` in the project directory and extracts
+ * severity counts + a short summary for the verification report.
+ */
+const node_child_process_1 = require("node:child_process");
+async function runSecurityAudit(cwd, timeoutMs = 30000) {
+    console.log("  Running security audit (npm audit)...");
+    return new Promise((resolve) => {
+        const chunks = [];
+        const proc = process.platform === "win32"
+            ? (0, node_child_process_1.spawn)(process.env.ComSpec || "cmd.exe", ["/d", "/c", "npm audit --json"], {
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd,
+            })
+            : (0, node_child_process_1.spawn)("npm", ["audit", "--json"], {
+                shell: true,
+                stdio: ["ignore", "pipe", "pipe"],
+                cwd,
+            });
+        const timer = setTimeout(() => {
+            try {
+                proc.kill();
+            }
+            catch { }
+            resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit timed out" });
+        }, timeoutMs);
+        proc.stdout?.on("data", (chunk) => chunks.push(chunk.toString()));
+        proc.stderr?.on("data", () => { }); // ignore stderr
+        proc.on("exit", () => {
+            clearTimeout(timer);
+            const raw = chunks.join("");
+            try {
+                const json = JSON.parse(raw);
+                // npm audit v2 format
+                const meta = json.metadata?.vulnerabilities ?? json.vulnerabilities ?? {};
+                const critical = meta.critical ?? 0;
+                const high = meta.high ?? 0;
+                const moderate = meta.moderate ?? 0;
+                const low = meta.low ?? 0;
+                const total = critical + high + moderate + low;
+                const parts = [];
+                if (critical > 0)
+                    parts.push(`${critical} critical`);
+                if (high > 0)
+                    parts.push(`${high} high`);
+                if (moderate > 0)
+                    parts.push(`${moderate} moderate`);
+                if (low > 0)
+                    parts.push(`${low} low`);
+                const summary = total === 0 ? "No known vulnerabilities" : parts.join(", ");
+                console.log(`  Security: ${summary}`);
+                resolve({ totalVulnerabilities: total, critical, high, moderate, low, summary });
+            }
+            catch {
+                resolve({ totalVulnerabilities: 0, critical: 0, high: 0, moderate: 0, low: 0, summary: "Audit parse failed" });
+            }
+        });
+    });
+}

package/dist/serve.d.ts

@@ -1,13 +1,13 @@
-export declare class PortConflictError extends Error {
-    constructor(port: number);
-}
-export declare class DevServerTimeoutError extends Error {
-    constructor(port: number, timeoutSec: number);
-}
-export interface ServeResult {
-    pid: number;
-    port: number;
-}
-export declare function probeServerStatus(port: number): Promise<number | null>;
-export declare function startDevServer(command: string, port: number, timeoutSec: number, cwd?: string): Promise<ServeResult>;
-export declare function stopDevServer(pid: number): Promise<void>;
+export declare class PortConflictError extends Error {
+    constructor(port: number);
+}
+export declare class DevServerTimeoutError extends Error {
+    constructor(port: number, timeoutSec: number);
+}
+export interface ServeResult {
+    pid: number;
+    port: number;
+}
+export declare function probeServerStatus(port: number): Promise<number | null>;
+export declare function startDevServer(command: string, port: number, timeoutSec: number, cwd?: string): Promise<ServeResult>;
+export declare function stopDevServer(pid: number): Promise<void>;

package/dist/serve.js

@@ -1,92 +1,92 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DevServerTimeoutError = exports.PortConflictError = void 0;
-exports.probeServerStatus = probeServerStatus;
-exports.startDevServer = startDevServer;
-exports.stopDevServer = stopDevServer;
-const node_child_process_1 = require("node:child_process");
-const fs = __importStar(require("node:fs"));
-const http = __importStar(require("node:http"));
-const os = __importStar(require("node:os"));
-const path = __importStar(require("node:path"));
-const tree_kill_1 = __importDefault(require("tree-kill"));
-class PortConflictError extends Error {
-    constructor(port) {
-        super(`Port ${port} is already in use. Please free the port or configure a different one in .laxy.yml`);
-        this.name = "PortConflictError";
-    }
-}
-exports.PortConflictError = PortConflictError;
-class DevServerTimeoutError extends Error {
-    constructor(port, timeoutSec) {
-        super(`Dev server did not respond with a healthy page on port ${port} within ${timeoutSec}s`);
-        this.name = "DevServerTimeoutError";
-    }
-}
-exports.DevServerTimeoutError = DevServerTimeoutError;
-async function killProcessTree(pid) {
-    await new Promise((resolve) => {
-        let settled = false;
-        const finish = () => {
-            if (settled)
-                return;
-            settled = true;
-            resolve();
-        };
-        const fallbackTimer = setTimeout(finish, 5000);
-        fallbackTimer.unref?.();
-        try {
-            (0, tree_kill_1.default)(pid, "SIGKILL", () => {
-                clearTimeout(fallbackTimer);
-                finish();
-            });
-        }
-        catch {
-            clearTimeout(fallbackTimer);
-            finish();
-        }
-    });
-}
-function writeWindowsDevWrapper(command, port, cwd) {
-    const wrapperDir = path.join(os.tmpdir(), "laxy-verify");
-    fs.mkdirSync(wrapperDir, { recursive: true });
-    const wrapperPath = path.join(wrapperDir, `dev-wrapper-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}.cjs`);
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DevServerTimeoutError = exports.PortConflictError = void 0;
+exports.probeServerStatus = probeServerStatus;
+exports.startDevServer = startDevServer;
+exports.stopDevServer = stopDevServer;
+const node_child_process_1 = require("node:child_process");
+const fs = __importStar(require("node:fs"));
+const http = __importStar(require("node:http"));
+const os = __importStar(require("node:os"));
+const path = __importStar(require("node:path"));
+const tree_kill_1 = __importDefault(require("tree-kill"));
+class PortConflictError extends Error {
+    constructor(port) {
+        super(`Port ${port} is already in use. Please free the port or configure a different one in .laxy.yml`);
+        this.name = "PortConflictError";
+    }
+}
+exports.PortConflictError = PortConflictError;
+class DevServerTimeoutError extends Error {
+    constructor(port, timeoutSec) {
+        super(`Dev server did not respond with a healthy page on port ${port} within ${timeoutSec}s`);
+        this.name = "DevServerTimeoutError";
+    }
+}
+exports.DevServerTimeoutError = DevServerTimeoutError;
+async function killProcessTree(pid) {
+    await new Promise((resolve) => {
+        let settled = false;
+        const finish = () => {
+            if (settled)
+                return;
+            settled = true;
+            resolve();
+        };
+        const fallbackTimer = setTimeout(finish, 5000);
+        fallbackTimer.unref?.();
+        try {
+            (0, tree_kill_1.default)(pid, "SIGKILL", () => {
+                clearTimeout(fallbackTimer);
+                finish();
+            });
+        }
+        catch {
+            clearTimeout(fallbackTimer);
+            finish();
+        }
+    });
+}
+function writeWindowsDevWrapper(command, port, cwd) {
+    const wrapperDir = path.join(os.tmpdir(), "laxy-verify");
+    fs.mkdirSync(wrapperDir, { recursive: true });
+    const wrapperPath = path.join(wrapperDir, `dev-wrapper-${process.pid}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}.cjs`);
     const source = `"use strict";
 const { spawn } = require("node:child_process");
 
@@ -140,110 +140,110 @@ const watchdog = setInterval(() => {
 }, 1000);
 
 watchdog.unref?.();
-`;
-    fs.writeFileSync(wrapperPath, source, "utf-8");
-    return wrapperPath;
-}
-function httpGet(url) {
-    return new Promise((resolve) => {
-        http
-            .get(url, { timeout: 2000 }, (res) => {
-            resolve(res.statusCode ?? null);
-        })
-            .on("error", () => {
-            resolve(null);
-        });
-    });
-}
-function probeServerStatus(port) {
-    return httpGet(`http://localhost:${port}/`);
-}
-async function startDevServer(command, port, timeoutSec, cwd) {
-    return new Promise((resolve, reject) => {
-        console.log(`Starting dev server: ${command}${cwd ? ` (cwd: ${cwd})` : ""}`);
-        let settled = false;
-        const wrapperPath = process.platform === "win32"
-            ? writeWindowsDevWrapper(command, port, cwd)
-            : null;
-        const proc = process.platform === "win32"
-            ? (0, node_child_process_1.spawn)("node", [wrapperPath], {
-                stdio: ["ignore", "pipe", "pipe"],
-                env: {
-                    ...process.env,
-                    PORT: String(port),
-                    LAXY_VERIFY_PARENT_PID: String(process.pid),
-                },
-            })
-            : (0, node_child_process_1.spawn)(command, {
-                shell: true,
-                stdio: ["ignore", "pipe", "pipe"],
-                env: { ...process.env, PORT: String(port) },
-                cwd,
-            });
-        proc.stdout?.on("data", (chunk) => {
-            const lines = chunk.toString().split("\n").filter(Boolean);
-            for (const line of lines)
-                console.log(`  [dev] ${line}`);
-        });
-        proc.stderr?.on("data", (chunk) => {
-            const lines = chunk.toString().split("\n").filter(Boolean);
-            for (const line of lines)
-                console.error(`  [dev] ${line}`);
-        });
-        proc.on("error", (err) => {
-            if (settled)
-                return;
-            settled = true;
-            if (err.code === "EADDRINUSE") {
-                reject(new PortConflictError(port));
-            }
-            else {
-                reject(new Error(`Dev server error: ${err.message}`));
-            }
-        });
-        proc.on("exit", (code) => {
-            if (wrapperPath) {
-                fs.rmSync(wrapperPath, { force: true });
-            }
-            if (settled)
-                return;
-            settled = true;
-            reject(new Error(`Dev server exited before becoming ready (exit code ${code ?? 1}).`));
-        });
-        const deadline = Date.now() + timeoutSec * 1000;
-        const poll = async () => {
-            if (Date.now() >= deadline) {
-                if (settled)
-                    return;
-                settled = true;
-                if (proc.pid) {
-                    await killProcessTree(proc.pid);
-                }
-                if (wrapperPath) {
-                    fs.rmSync(wrapperPath, { force: true });
-                }
-                reject(new DevServerTimeoutError(port, timeoutSec));
-                return;
-            }
-            const status = await probeServerStatus(port);
-            if (status !== null) {
-                if (status >= 200 && status < 400) {
-                    if (settled)
-                        return;
-                    settled = true;
-                    console.log(`Dev server ready on port ${port} (HTTP ${status})`);
-                    resolve({ pid: proc.pid, port });
-                    return;
-                }
-                console.log(`Dev server returned HTTP ${status}, waiting for a healthy app surface...`);
-            }
-            const nextPoll = setTimeout(poll, 500);
-            nextPoll.unref?.();
-        };
-        poll();
-    });
-}
-async function stopDevServer(pid) {
-    console.log(`Stopping dev server (PID ${pid})`);
-    await killProcessTree(pid);
-}
+`;
+    fs.writeFileSync(wrapperPath, source, "utf-8");
+    return wrapperPath;
+}
+function httpGet(url) {
+    return new Promise((resolve) => {
+        http
+            .get(url, { timeout: 2000 }, (res) => {
+            resolve(res.statusCode ?? null);
+        })
+            .on("error", () => {
+            resolve(null);
+        });
+    });
+}
+function probeServerStatus(port) {
+    return httpGet(`http://localhost:${port}/`);
+}
+async function startDevServer(command, port, timeoutSec, cwd) {
+    return new Promise((resolve, reject) => {
+        console.log(`Starting dev server: ${command}${cwd ? ` (cwd: ${cwd})` : ""}`);
+        let settled = false;
+        const wrapperPath = process.platform === "win32"
+            ? writeWindowsDevWrapper(command, port, cwd)
+            : null;
+        const proc = process.platform === "win32"
+            ? (0, node_child_process_1.spawn)("node", [wrapperPath], {
+                stdio: ["ignore", "pipe", "pipe"],
+                env: {
+                    ...process.env,
+                    PORT: String(port),
+                    LAXY_VERIFY_PARENT_PID: String(process.pid),
+                },
+            })
+            : (0, node_child_process_1.spawn)(command, {
+                shell: true,
+                stdio: ["ignore", "pipe", "pipe"],
+                env: { ...process.env, PORT: String(port) },
+                cwd,
+            });
+        proc.stdout?.on("data", (chunk) => {
+            const lines = chunk.toString().split("\n").filter(Boolean);
+            for (const line of lines)
+                console.log(`  [dev] ${line}`);
+        });
+        proc.stderr?.on("data", (chunk) => {
+            const lines = chunk.toString().split("\n").filter(Boolean);
+            for (const line of lines)
+                console.error(`  [dev] ${line}`);
+        });
+        proc.on("error", (err) => {
+            if (settled)
+                return;
+            settled = true;
+            if (err.code === "EADDRINUSE") {
+                reject(new PortConflictError(port));
+            }
+            else {
+                reject(new Error(`Dev server error: ${err.message}`));
+            }
+        });
+        proc.on("exit", (code) => {
+            if (wrapperPath) {
+                fs.rmSync(wrapperPath, { force: true });
+            }
+            if (settled)
+                return;
+            settled = true;
+            reject(new Error(`Dev server exited before becoming ready (exit code ${code ?? 1}).`));
+        });
+        const deadline = Date.now() + timeoutSec * 1000;
+        const poll = async () => {
+            if (Date.now() >= deadline) {
+                if (settled)
+                    return;
+                settled = true;
+                if (proc.pid) {
+                    await killProcessTree(proc.pid);
+                }
+                if (wrapperPath) {
+                    fs.rmSync(wrapperPath, { force: true });
+                }
+                reject(new DevServerTimeoutError(port, timeoutSec));
+                return;
+            }
+            const status = await probeServerStatus(port);
+            if (status !== null) {
+                if (status >= 200 && status < 400) {
+                    if (settled)
+                        return;
+                    settled = true;
+                    console.log(`Dev server ready on port ${port} (HTTP ${status})`);
+                    resolve({ pid: proc.pid, port });
+                    return;
+                }
+                console.log(`Dev server returned HTTP ${status}, waiting for a healthy app surface...`);
+            }
+            const nextPoll = setTimeout(poll, 500);
+            nextPoll.unref?.();
+        };
+        poll();
+    });
+}
+async function stopDevServer(pid) {
+    console.log(`Stopping dev server (PID ${pid})`);
+    await killProcessTree(pid);
+}