mobbdev 1.0.203 → 1.0.205

package/dist/index.mjs

@@ -569,7 +569,7 @@ var init_FilePatterns = __esm({
 });
 
 // src/features/analysis/scm/services/FileUtils.ts
-import fs2 from "fs";
+import fs from "fs";
 import { promises as fsPromises } from "fs";
 import { isBinary } from "istextorbinary";
 import path from "path";
@@ -603,11 +603,11 @@ var init_FileUtils = __esm({
           return false;
         }
         try {
-          const stats = fs2.statSync(absoluteFilepath);
+          const stats = fs.statSync(absoluteFilepath);
           if (stats.size > maxFileSize) {
             return false;
           }
-          const data = fs2.readFileSync(absoluteFilepath);
+          const data = fs.readFileSync(absoluteFilepath);
           if (isBinary(null, data)) {
             return false;
           }
@@ -644,7 +644,7 @@ var init_FileUtils = __esm({
           return [];
         }
         try {
-          await fsPromises.access(dir, fs2.constants.R_OK);
+          await fsPromises.access(dir, fs.constants.R_OK);
         } catch {
           return [];
         }
@@ -654,7 +654,7 @@ var init_FileUtils = __esm({
         for (const item of items) {
           const fullPath = path.join(dir, item);
           try {
-            await fsPromises.access(fullPath, fs2.constants.R_OK);
+            await fsPromises.access(fullPath, fs.constants.R_OK);
             const stat = await fsPromises.stat(fullPath);
             if (stat.isDirectory()) {
               if (isRootLevel && excludedRootDirectories.includes(item)) {
@@ -689,7 +689,7 @@ var init_FileUtils = __esm({
         isAllFilesScan
       }) {
         try {
-          const stats = fs2.statSync(dir);
+          const stats = fs.statSync(dir);
           if (!stats.isDirectory()) return [];
         } catch {
           return [];
@@ -720,7 +720,7 @@ var GitService_exports = {};
 __export(GitService_exports, {
   GitService: () => GitService
 });
-import fs3 from "fs";
+import fs2 from "fs";
 import ignore from "ignore";
 import * as path2 from "path";
 import { simpleGit } from "simple-git";
@@ -1195,16 +1195,16 @@ var init_GitService = __esm({
         try {
           let combinedContent = "";
           const localGitignorePath = path2.join(this.repositoryPath, ".gitignore");
-          if (fs3.existsSync(localGitignorePath)) {
-            const localContent = fs3.readFileSync(localGitignorePath, "utf8");
+          if (fs2.existsSync(localGitignorePath)) {
+            const localContent = fs2.readFileSync(localGitignorePath, "utf8");
             combinedContent += `${localContent}
 `;
           }
           try {
             const gitRoot = await this.git.revparse(["--show-toplevel"]);
             const rootGitignorePath = path2.join(gitRoot, ".gitignore");
-            if (fs3.existsSync(rootGitignorePath)) {
-              const rootContent = fs3.readFileSync(rootGitignorePath, "utf8");
+            if (fs2.existsSync(rootGitignorePath)) {
+              const rootContent = fs2.readFileSync(rootGitignorePath, "utf8");
               if (rootContent.trim() !== combinedContent.trim()) {
                 combinedContent += `
 ${rootContent}`;
@@ -1265,8 +1265,8 @@ ${rootContent}`;
           const gitRoot = await this.getGitRoot();
           const gitignorePath = path2.join(gitRoot, ".gitignore");
           let gitignoreContent = "";
-          if (fs3.existsSync(gitignorePath)) {
-            gitignoreContent = fs3.readFileSync(gitignorePath, "utf8");
+          if (fs2.existsSync(gitignorePath)) {
+            gitignoreContent = fs2.readFileSync(gitignorePath, "utf8");
             this.log("[GitService] .gitignore file exists", "debug");
           } else {
             this.log("[GitService] Creating .gitignore file", "info", {
@@ -1283,7 +1283,7 @@ ${rootContent}`;
           const newLine = gitignoreContent.endsWith("\n") || gitignoreContent === "" ? "" : "\n";
           const updatedContent = `${gitignoreContent}${newLine}${entry}
 `;
-          fs3.writeFileSync(gitignorePath, updatedContent, "utf8");
+          fs2.writeFileSync(gitignorePath, updatedContent, "utf8");
           this.log("[GitService] .gitignore updated successfully", "debug", {
             entry
           });
@@ -1303,7 +1303,7 @@ ${rootContent}`;
         try {
           const gitRoot = await this.getGitRoot();
           const gitignorePath = path2.join(gitRoot, ".gitignore");
-          const exists = fs3.existsSync(gitignorePath);
+          const exists = fs2.existsSync(gitignorePath);
           this.log("[GitService] .gitignore existence check complete", "debug", {
             exists
           });
@@ -1322,247 +1322,19 @@ ${rootContent}`;
 import Debug20 from "debug";
 import { hideBin } from "yargs/helpers";
 
+// src/args/yargs.ts
+import chalk11 from "chalk";
+import yargs from "yargs/yargs";
+
 // src/args/commands/convert_to_sarif.ts
 import fs7 from "fs";
 
 // src/commands/convert_to_sarif.ts
 import fs6 from "fs";
 import path5 from "path";
-
-// src/commands/fpr_stream_parser.ts
-import fs from "fs";
-import readline from "readline";
-import sax from "sax";
-var BaseStreamParser = class {
-  constructor(parser) {
-    __publicField(this, "currentPath", []);
-    parser.on("opentag", (tag) => this.onOpenTag(tag));
-    parser.on("closetag", () => this.onCloseTag());
-    parser.on("text", (text) => this.onText(text));
-  }
-  getPathString() {
-    return this.currentPath.join(" > ");
-  }
-  onOpenTag(tag) {
-    this.currentPath.push(tag.name);
-  }
-  onCloseTag() {
-    this.currentPath.pop();
-  }
-  onText(_text) {
-  }
-};
-var AuditMetadataParser = class extends BaseStreamParser {
-  constructor() {
-    super(...arguments);
-    __publicField(this, "suppressedMap", {});
-  }
-  onOpenTag(tag) {
-    super.onOpenTag(tag);
-    switch (this.getPathString()) {
-      case "Audit > IssueList > Issue":
-        this.suppressedMap[String(tag.attributes["instanceId"] ?? "")] = String(
-          tag.attributes["suppressed"] ?? ""
-        );
-        break;
-    }
-  }
-  getAuditMetadata() {
-    return this.suppressedMap;
-  }
-};
-var ReportMetadataParser = class extends BaseStreamParser {
-  constructor() {
-    super(...arguments);
-    __publicField(this, "uuid", "");
-    __publicField(this, "createdTSDate", "");
-    __publicField(this, "createdTSTime", "");
-    __publicField(this, "rules", {});
-    __publicField(this, "ruleId", "");
-    __publicField(this, "groupName", "");
-  }
-  onOpenTag(tag) {
-    super.onOpenTag(tag);
-    switch (this.getPathString()) {
-      case "FVDL > EngineData > RuleInfo > Rule":
-        this.ruleId = String(tag.attributes["id"] ?? "");
-        break;
-      case "FVDL > EngineData > RuleInfo > Rule > MetaInfo > Group":
-        this.groupName = String(tag.attributes["name"] ?? "");
-        break;
-      case "FVDL > CreatedTS":
-        this.createdTSDate = String(tag.attributes["date"] ?? "");
-        this.createdTSTime = String(tag.attributes["time"] ?? "");
-        break;
-    }
-  }
-  onText(text) {
-    super.onText(text);
-    switch (this.getPathString()) {
-      case "FVDL > UUID":
-        this.uuid = text;
-        break;
-      case "FVDL > EngineData > RuleInfo > Rule > MetaInfo > Group": {
-        const ruleMeta = this.rules[this.ruleId] ?? {};
-        ruleMeta[this.groupName] = text;
-        this.rules[this.ruleId] = ruleMeta;
-        break;
-      }
-    }
-  }
-  getReportMetadata() {
-    return {
-      createdTSDate: this.createdTSDate,
-      createdTSTime: this.createdTSTime,
-      uuid: this.uuid,
-      rules: this.rules
-    };
-  }
-};
-var UnifiedNodePoolParser = class extends BaseStreamParser {
-  constructor() {
-    super(...arguments);
-    __publicField(this, "codePoints", {});
-    __publicField(this, "nodeId", "");
-  }
-  onOpenTag(tag) {
-    super.onOpenTag(tag);
-    switch (this.getPathString()) {
-      case "FVDL > UnifiedNodePool > Node":
-        this.nodeId = String(tag.attributes["id"] ?? "");
-        break;
-      case "FVDL > UnifiedNodePool > Node > SourceLocation":
-        this.codePoints[this.nodeId] = {
-          path: String(tag.attributes["path"] ?? ""),
-          colStart: String(tag.attributes["colStart"] ?? ""),
-          colEnd: String(tag.attributes["colEnd"] ?? ""),
-          line: String(tag.attributes["line"] ?? ""),
-          lineEnd: String(tag.attributes["lineEnd"] ?? "")
-        };
-        break;
-    }
-  }
-  getNodesPull() {
-    return this.codePoints;
-  }
-};
-var VulnerabilityParser = class extends BaseStreamParser {
-  constructor(parser, tmpStorageFilePath) {
-    super(parser);
-    __publicField(this, "isInVulnerability", false);
-    __publicField(this, "codePoints", []);
-    __publicField(this, "metadata", {});
-    __publicField(this, "metaInfo", {});
-    __publicField(this, "groupName", "");
-    __publicField(this, "tmpStorageFileWriter");
-    __publicField(this, "tmpStorageFilePath");
-    this.tmpStorageFilePath = tmpStorageFilePath;
-    this.tmpStorageFileWriter = fs.createWriteStream(tmpStorageFilePath);
-  }
-  onOpenTag(tag) {
-    super.onOpenTag(tag);
-    switch (this.getPathString()) {
-      case "FVDL > Vulnerabilities > Vulnerability":
-        this.isInVulnerability = true;
-        this.metadata = {};
-        this.metaInfo = {};
-        this.codePoints = [];
-        break;
-      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > MetaInfo > Group":
-        this.groupName = String(tag.attributes["name"] ?? "");
-        break;
-    }
-    if (this.isInVulnerability) {
-      if (this.getPathString().endsWith(" > Entry > Node > SourceLocation")) {
-        this.codePoints.push({
-          path: String(tag.attributes["path"] ?? ""),
-          colStart: String(tag.attributes["colStart"] ?? ""),
-          colEnd: String(tag.attributes["colEnd"] ?? ""),
-          line: String(tag.attributes["line"] ?? ""),
-          lineEnd: String(tag.attributes["lineEnd"] ?? "")
-        });
-      } else if (this.getPathString().endsWith(" > Entry > NodeRef")) {
-        this.codePoints.push({
-          id: String(tag.attributes["id"] ?? "")
-        });
-      }
-    }
-  }
-  onText(text) {
-    super.onText(text);
-    const lastPathSegment = this.currentPath.at(-1);
-    if (!this.isInVulnerability || !lastPathSegment) {
-      return;
-    }
-    switch (this.getPathString()) {
-      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > InstanceID":
-      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > InstanceSeverity":
-      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > Confidence":
-      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > ClassID":
-      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > Type":
-      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > Subtype":
-        this.metadata[lastPathSegment] = text;
-        break;
-      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > MetaInfo > Group":
-        this.metaInfo[this.groupName] = text;
-        break;
-    }
-  }
-  onCloseTag() {
-    if (this.getPathString() === "FVDL > Vulnerabilities > Vulnerability") {
-      this.isInVulnerability = false;
-      this.tmpStorageFileWriter.write(
-        JSON.stringify({
-          nodes: this.codePoints,
-          instanceID: this.metadata["InstanceID"] ?? "",
-          instanceSeverity: this.metadata["InstanceSeverity"] ?? "",
-          confidence: this.metadata["Confidence"] ?? "",
-          classID: this.metadata["ClassID"] ?? "",
-          type: this.metadata["Type"] ?? "",
-          subtype: this.metadata["Subtype"] ?? "",
-          metaInfo: this.metaInfo
-        }) + "\n"
-      );
-    }
-    super.onCloseTag();
-  }
-  async *getVulnerabilities() {
-    await new Promise((r) => this.tmpStorageFileWriter.end(r));
-    const rl = readline.createInterface({
-      input: fs.createReadStream(this.tmpStorageFilePath),
-      crlfDelay: Infinity
-    });
-    for await (const line of rl) {
-      if (line) {
-        yield JSON.parse(line);
-      }
-    }
-  }
-};
-function initSaxParser(filepath) {
-  const parser = sax.createStream(true, {
-    // All these flags help to improve parsing speed a lot.
-    trim: false,
-    normalize: false,
-    lowercase: false,
-    xmlns: false,
-    position: false
-  });
-  const awaiter = new Promise((resolve, reject) => {
-    parser.on("end", () => resolve(true));
-    parser.on("error", (e) => reject(e));
-  });
-  return {
-    parser,
-    parse: async () => {
-      fs.createReadStream(filepath, {
-        // Set chunk size to 100 MB. The default is 16 KB, which makes the process too slow.
-        highWaterMark: 100 * 1024 * 1024
-      }).pipe(parser);
-      await awaiter;
-    }
-  };
-}
+import multimatch from "multimatch";
+import StreamZip from "node-stream-zip";
+import tmp from "tmp";
 
 // src/features/analysis/scm/errors.ts
 var InvalidRepoUrlError = class extends Error {
@@ -9441,142 +9213,394 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateEx
         return scm;
       }
     }
-  } catch (e) {
-    if (e instanceof InvalidRepoUrlError && url) {
-      throw new RepoNoTokenAccessError(
-        "no access to repo",
-        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
-      );
+  } catch (e) {
+    if (e instanceof InvalidRepoUrlError && url) {
+      throw new RepoNoTokenAccessError(
+        "no access to repo",
+        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
+      );
+    }
+    console.error(`error validating scm: ${scmType} `, e);
+    if (propagateExceptions) {
+      throw e;
+    }
+  }
+  return new StubSCMLib(trimmedUrl, void 0, void 0);
+}
+
+// src/utils/index.ts
+var utils_exports = {};
+__export(utils_exports, {
+  CliError: () => CliError,
+  Spinner: () => Spinner,
+  getDirName: () => getDirName,
+  getModuleRootDir: () => getModuleRootDir,
+  getTopLevelDirName: () => getTopLevelDirName,
+  keypress: () => keypress,
+  packageJson: () => packageJson,
+  sleep: () => sleep
+});
+
+// src/utils/dirname.ts
+import fs3 from "fs";
+import path3 from "path";
+import { fileURLToPath } from "url";
+function getModuleRootDir() {
+  let manifestDir = getDirName();
+  for (let i = 0; i < 10; i++) {
+    const manifestPath = path3.join(manifestDir, "package.json");
+    if (fs3.existsSync(manifestPath)) {
+      return manifestDir;
+    }
+    manifestDir = path3.join(manifestDir, "..");
+  }
+  throw new Error("Cannot locate package.json file");
+}
+function getDirName() {
+  if (typeof __filename !== "undefined") {
+    return path3.dirname(__filename);
+  } else {
+    try {
+      const getImportMetaUrl = new Function("return import.meta.url");
+      const importMetaUrl = getImportMetaUrl();
+      return path3.dirname(fileURLToPath(importMetaUrl));
+    } catch (e) {
+      try {
+        const err = new Error();
+        const stack = err.stack || "";
+        const match = stack.match(/file:\/\/[^\s)]+/);
+        if (match) {
+          const fileUrl = match[0];
+          return path3.dirname(fileURLToPath(fileUrl));
+        }
+      } catch {
+      }
+      throw new Error("Unable to determine directory name in this environment");
+    }
+  }
+}
+function getTopLevelDirName(fullPath) {
+  return path3.parse(fullPath).name;
+}
+
+// src/utils/keypress.ts
+import readline from "readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
+
+// src/utils/spinner.ts
+import {
+  createSpinner as _createSpinner
+} from "nanospinner";
+function printToStdError(opts) {
+  if (opts?.text) console.error(opts.text);
+}
+var mockSpinner = {
+  success: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  error: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  warn: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  stop: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  start: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  update: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
+
+// src/utils/check_node_version.ts
+import fs4 from "fs";
+import path4 from "path";
+import semver from "semver";
+function getPackageJson() {
+  return JSON.parse(
+    fs4.readFileSync(path4.join(getModuleRootDir(), "package.json"), "utf8")
+  );
+}
+var packageJson = getPackageJson();
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+  console.error(
+    `
+\u26A0\uFE0F ${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+  );
+  process.exit(1);
+}
+
+// src/utils/index.ts
+var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
+
+// src/commands/fpr_stream_parser.ts
+import fs5 from "fs";
+import readline2 from "readline";
+import sax from "sax";
+var BaseStreamParser = class {
+  constructor(parser) {
+    __publicField(this, "currentPath", []);
+    parser.on("opentag", (tag) => this.onOpenTag(tag));
+    parser.on("closetag", () => this.onCloseTag());
+    parser.on("text", (text) => this.onText(text));
+  }
+  getPathString() {
+    return this.currentPath.join(" > ");
+  }
+  onOpenTag(tag) {
+    this.currentPath.push(tag.name);
+  }
+  onCloseTag() {
+    this.currentPath.pop();
+  }
+  onText(_text) {
+  }
+};
+var AuditMetadataParser = class extends BaseStreamParser {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "suppressedMap", {});
+  }
+  onOpenTag(tag) {
+    super.onOpenTag(tag);
+    switch (this.getPathString()) {
+      case "Audit > IssueList > Issue":
+        this.suppressedMap[String(tag.attributes["instanceId"] ?? "")] = String(
+          tag.attributes["suppressed"] ?? ""
+        );
+        break;
+    }
+  }
+  getAuditMetadata() {
+    return this.suppressedMap;
+  }
+};
+var ReportMetadataParser = class extends BaseStreamParser {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "uuid", "");
+    __publicField(this, "createdTSDate", "");
+    __publicField(this, "createdTSTime", "");
+    __publicField(this, "rules", {});
+    __publicField(this, "ruleId", "");
+    __publicField(this, "groupName", "");
+  }
+  onOpenTag(tag) {
+    super.onOpenTag(tag);
+    switch (this.getPathString()) {
+      case "FVDL > EngineData > RuleInfo > Rule":
+        this.ruleId = String(tag.attributes["id"] ?? "");
+        break;
+      case "FVDL > EngineData > RuleInfo > Rule > MetaInfo > Group":
+        this.groupName = String(tag.attributes["name"] ?? "");
+        break;
+      case "FVDL > CreatedTS":
+        this.createdTSDate = String(tag.attributes["date"] ?? "");
+        this.createdTSTime = String(tag.attributes["time"] ?? "");
+        break;
+    }
+  }
+  onText(text) {
+    super.onText(text);
+    switch (this.getPathString()) {
+      case "FVDL > UUID":
+        this.uuid = text;
+        break;
+      case "FVDL > EngineData > RuleInfo > Rule > MetaInfo > Group": {
+        const ruleMeta = this.rules[this.ruleId] ?? {};
+        ruleMeta[this.groupName] = text;
+        this.rules[this.ruleId] = ruleMeta;
+        break;
+      }
+    }
+  }
+  getReportMetadata() {
+    return {
+      createdTSDate: this.createdTSDate,
+      createdTSTime: this.createdTSTime,
+      uuid: this.uuid,
+      rules: this.rules
+    };
+  }
+};
+var UnifiedNodePoolParser = class extends BaseStreamParser {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "codePoints", {});
+    __publicField(this, "nodeId", "");
+  }
+  onOpenTag(tag) {
+    super.onOpenTag(tag);
+    switch (this.getPathString()) {
+      case "FVDL > UnifiedNodePool > Node":
+        this.nodeId = String(tag.attributes["id"] ?? "");
+        break;
+      case "FVDL > UnifiedNodePool > Node > SourceLocation":
+        this.codePoints[this.nodeId] = {
+          path: String(tag.attributes["path"] ?? ""),
+          colStart: String(tag.attributes["colStart"] ?? ""),
+          colEnd: String(tag.attributes["colEnd"] ?? ""),
+          line: String(tag.attributes["line"] ?? ""),
+          lineEnd: String(tag.attributes["lineEnd"] ?? "")
+        };
+        break;
+    }
+  }
+  getNodesPull() {
+    return this.codePoints;
+  }
+};
+var VulnerabilityParser = class extends BaseStreamParser {
+  constructor(parser, tmpStorageFilePath) {
+    super(parser);
+    __publicField(this, "isInVulnerability", false);
+    __publicField(this, "codePoints", []);
+    __publicField(this, "metadata", {});
+    __publicField(this, "metaInfo", {});
+    __publicField(this, "groupName", "");
+    __publicField(this, "tmpStorageFileWriter");
+    __publicField(this, "tmpStorageFilePath");
+    this.tmpStorageFilePath = tmpStorageFilePath;
+    this.tmpStorageFileWriter = fs5.createWriteStream(tmpStorageFilePath);
+  }
+  onOpenTag(tag) {
+    super.onOpenTag(tag);
+    switch (this.getPathString()) {
+      case "FVDL > Vulnerabilities > Vulnerability":
+        this.isInVulnerability = true;
+        this.metadata = {};
+        this.metaInfo = {};
+        this.codePoints = [];
+        break;
+      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > MetaInfo > Group":
+        this.groupName = String(tag.attributes["name"] ?? "");
+        break;
+    }
+    if (this.isInVulnerability) {
+      if (this.getPathString().endsWith(" > Entry > Node > SourceLocation")) {
+        this.codePoints.push({
+          path: String(tag.attributes["path"] ?? ""),
+          colStart: String(tag.attributes["colStart"] ?? ""),
+          colEnd: String(tag.attributes["colEnd"] ?? ""),
+          line: String(tag.attributes["line"] ?? ""),
+          lineEnd: String(tag.attributes["lineEnd"] ?? "")
+        });
+      } else if (this.getPathString().endsWith(" > Entry > NodeRef")) {
+        this.codePoints.push({
+          id: String(tag.attributes["id"] ?? "")
+        });
+      }
+    }
+  }
+  onText(text) {
+    super.onText(text);
+    const lastPathSegment = this.currentPath.at(-1);
+    if (!this.isInVulnerability || !lastPathSegment) {
+      return;
     }
-    console.error(`error validating scm: ${scmType} `, e);
-    if (propagateExceptions) {
-      throw e;
+    switch (this.getPathString()) {
+      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > InstanceID":
+      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > InstanceSeverity":
+      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > Confidence":
+      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > ClassID":
+      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > Type":
+      case "FVDL > Vulnerabilities > Vulnerability > ClassInfo > Subtype":
+        this.metadata[lastPathSegment] = text;
+        break;
+      case "FVDL > Vulnerabilities > Vulnerability > InstanceInfo > MetaInfo > Group":
+        this.metaInfo[this.groupName] = text;
+        break;
     }
   }
-  return new StubSCMLib(trimmedUrl, void 0, void 0);
-}
-
-// src/utils/index.ts
-var utils_exports = {};
-__export(utils_exports, {
-  CliError: () => CliError,
-  Spinner: () => Spinner,
-  getDirName: () => getDirName,
-  getModuleRootDir: () => getModuleRootDir,
-  getTopLevelDirName: () => getTopLevelDirName,
-  keypress: () => keypress,
-  packageJson: () => packageJson,
-  sleep: () => sleep
-});
-
-// src/utils/dirname.ts
-import fs4 from "fs";
-import path3 from "path";
-import { fileURLToPath } from "url";
-function getModuleRootDir() {
-  let manifestDir = getDirName();
-  for (let i = 0; i < 10; i++) {
-    const manifestPath = path3.join(manifestDir, "package.json");
-    if (fs4.existsSync(manifestPath)) {
-      return manifestDir;
+  onCloseTag() {
+    if (this.getPathString() === "FVDL > Vulnerabilities > Vulnerability") {
+      this.isInVulnerability = false;
+      this.tmpStorageFileWriter.write(
+        JSON.stringify({
+          nodes: this.codePoints,
+          instanceID: this.metadata["InstanceID"] ?? "",
+          instanceSeverity: this.metadata["InstanceSeverity"] ?? "",
+          confidence: this.metadata["Confidence"] ?? "",
+          classID: this.metadata["ClassID"] ?? "",
+          type: this.metadata["Type"] ?? "",
+          subtype: this.metadata["Subtype"] ?? "",
+          metaInfo: this.metaInfo
+        }) + "\n"
+      );
     }
-    manifestDir = path3.join(manifestDir, "..");
+    super.onCloseTag();
   }
-  throw new Error("Cannot locate package.json file");
-}
-function getDirName() {
-  return path3.dirname(fileURLToPath(import.meta.url));
-}
-function getTopLevelDirName(fullPath) {
-  return path3.parse(fullPath).name;
-}
-
-// src/utils/keypress.ts
-import readline2 from "readline";
-async function keypress() {
-  const rl = readline2.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve) => {
-    rl.question("", (answer) => {
-      rl.close();
-      process.stderr.moveCursor(0, -1);
-      process.stderr.clearLine(1);
-      resolve(answer);
+  async *getVulnerabilities() {
+    await new Promise((r) => this.tmpStorageFileWriter.end(r));
+    const rl = readline2.createInterface({
+      input: fs5.createReadStream(this.tmpStorageFilePath),
+      crlfDelay: Infinity
     });
-  });
-}
-
-// src/utils/spinner.ts
-import {
-  createSpinner as _createSpinner
-} from "nanospinner";
-function printToStdError(opts) {
-  if (opts?.text) console.error(opts.text);
-}
-var mockSpinner = {
-  success: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  error: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  warn: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  stop: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  start: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  update: (opts) => {
-    printToStdError(opts);
-    return mockSpinner;
-  },
-  reset: () => mockSpinner,
-  clear: () => mockSpinner,
-  spin: () => mockSpinner
+    for await (const line of rl) {
+      if (line) {
+        yield JSON.parse(line);
+      }
+    }
+  }
 };
-function Spinner({ ci = false } = {}) {
+function initSaxParser(filepath) {
+  const parser = sax.createStream(true, {
+    // All these flags help to improve parsing speed a lot.
+    trim: false,
+    normalize: false,
+    lowercase: false,
+    xmlns: false,
+    position: false
+  });
+  const awaiter = new Promise((resolve, reject) => {
+    parser.on("end", () => resolve(true));
+    parser.on("error", (e) => reject(e));
+  });
   return {
-    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+    parser,
+    parse: async () => {
+      fs5.createReadStream(filepath, {
+        // Set chunk size to 100 MB. The default is 16 KB, which makes the process too slow.
+        highWaterMark: 100 * 1024 * 1024
+      }).pipe(parser);
+      await awaiter;
+    }
   };
 }
 
-// src/utils/check_node_version.ts
-import fs5 from "fs";
-import path4 from "path";
-import semver from "semver";
-function getPackageJson() {
-  return JSON.parse(
-    fs5.readFileSync(path4.join(getModuleRootDir(), "package.json"), "utf8")
-  );
-}
-var packageJson = getPackageJson();
-if (!semver.satisfies(process.version, packageJson.engines.node)) {
-  console.error(
-    `
-\u26A0\uFE0F ${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
-  );
-  process.exit(1);
-}
-
-// src/utils/index.ts
-var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
-var CliError = class extends Error {
-};
-
 // src/commands/convert_to_sarif.ts
-import multimatch from "multimatch";
-import StreamZip from "node-stream-zip";
-import tmp from "tmp";
 async function convertToSarif(options) {
   switch (options.inputFileFormat) {
     case "FortifyFPR" /* FortifyFPR */:
@@ -9984,16 +10008,18 @@ var ScanContext = {
   BUGSY: "BUGSY"
 };
 
-// src/args/yargs.ts
-import chalk11 from "chalk";
-import yargs from "yargs/yargs";
-
 // src/args/commands/analyze.ts
 import fs10 from "fs";
+import chalk8 from "chalk";
 
 // src/commands/index.ts
 import crypto from "crypto";
 import os from "os";
+import chalk6 from "chalk";
+import chalkAnimation from "chalk-animation";
+import Configstore2 from "configstore";
+import Debug19 from "debug";
+import open3 from "open";
 
 // src/features/analysis/index.ts
 import fs9 from "fs";
@@ -10764,7 +10790,11 @@ function createWSClient(options) {
   );
   const CustomWebSocket = class extends WebSocket {
     constructor(address, protocols) {
-      super(address, protocols, proxy ? { agent: proxy } : void 0);
+      super(
+        address,
+        protocols,
+        proxy ? { agent: proxy } : void 0
+      );
     }
   };
   return createClient({
@@ -11458,6 +11488,12 @@ async function snykArticlePrompt() {
 
 // src/features/analysis/scanners/checkmarx.ts
 import { createRequire } from "module";
+import chalk3 from "chalk";
+import Debug15 from "debug";
+import { existsSync } from "fs";
+import { createSpinner as createSpinner2 } from "nanospinner";
+import { type } from "os";
+import path8 from "path";
 
 // src/post_install/constants.mjs
 var cxOperatingSystemSupportMessage = `Your operating system does not support checkmarx.
@@ -11513,19 +11549,31 @@ function createChildProcess({ childProcess, name }, options) {
 }
 
 // src/features/analysis/scanners/checkmarx.ts
-import chalk3 from "chalk";
-import Debug15 from "debug";
-import { existsSync } from "fs";
-import { createSpinner as createSpinner2 } from "nanospinner";
-import { type } from "os";
-import path8 from "path";
 var debug15 = Debug15("mobbdev:checkmarx");
-var require2 = createRequire(import.meta.url);
+var moduleUrl;
+if (typeof __filename !== "undefined") {
+  moduleUrl = __filename;
+} else {
+  try {
+    const getImportMetaUrl = new Function("return import.meta.url");
+    moduleUrl = getImportMetaUrl();
+  } catch {
+    const err = new Error();
+    const stack = err.stack || "";
+    const match = stack.match(/file:\/\/[^\s)]+/);
+    if (match) {
+      moduleUrl = match[0];
+    } else {
+      throw new Error("Unable to determine module URL in this environment");
+    }
+  }
+}
+var costumeRequire = createRequire(moduleUrl);
 var getCheckmarxPath = () => {
   const os6 = type();
   const cxFileName = os6 === "Windows_NT" ? "cx.exe" : "cx";
   try {
-    return require2.resolve(`.bin/${cxFileName}`);
+    return costumeRequire.resolve(`.bin/${cxFileName}`);
   } catch (e) {
     throw new CliError(cxOperatingSystemSupportMessage);
   }
@@ -11639,8 +11687,26 @@ import Debug16 from "debug";
 import { createSpinner as createSpinner3 } from "nanospinner";
 import open from "open";
 var debug16 = Debug16("mobbdev:snyk");
-var require3 = createRequire2(import.meta.url);
-var SNYK_PATH = require3.resolve("snyk/bin/snyk");
+var moduleUrl2;
+if (typeof __filename !== "undefined") {
+  moduleUrl2 = __filename;
+} else {
+  try {
+    const getImportMetaUrl = new Function("return import.meta.url");
+    moduleUrl2 = getImportMetaUrl();
+  } catch {
+    const err = new Error();
+    const stack = err.stack || "";
+    const match = stack.match(/file:\/\/[^\s)]+/);
+    if (match) {
+      moduleUrl2 = match[0];
+    } else {
+      throw new Error("Unable to determine module URL in this environment");
+    }
+  }
+}
+var costumeRequire2 = createRequire2(moduleUrl2);
+var SNYK_PATH = costumeRequire2.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
 debug16("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
@@ -12404,11 +12470,6 @@ async function waitForAnaysisAndReviewPr({
 }
 
 // src/commands/index.ts
-import chalk6 from "chalk";
-import chalkAnimation from "chalk-animation";
-import Configstore2 from "configstore";
-import Debug19 from "debug";
-import open3 from "open";
 var debug19 = Debug19("mobbdev:commands");
 async function review(params, { skipPrompts = true } = {}) {
   const {
@@ -12630,9 +12691,6 @@ async function handleMobbLogin({
   return newGqlClient;
 }
 
-// src/args/commands/analyze.ts
-import chalk8 from "chalk";
-
 // src/args/validation.ts
 import chalk7 from "chalk";
 import path10 from "path";
@@ -13057,8 +13115,8 @@ var GetLatestReportByRepoUrlResponseSchema = z31.object({
 });
 
 // src/mcp/services/ConfigStoreService.ts
-init_configs();
 import Configstore4 from "configstore";
+init_configs();
 function createConfigStore(defaultValues = { apiToken: "" }) {
   const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
   let domain = "";
@@ -13082,8 +13140,8 @@ var configStore = getConfigStore();
 // src/mcp/services/McpAuthService.ts
 import crypto2 from "crypto";
 import os2 from "os";
-init_configs();
 import open4 from "open";
+init_configs();
 var McpAuthService = class {
   constructor(client) {
     __publicField(this, "client");
@@ -14146,10 +14204,10 @@ var getHostInfo = (additionalMcpList) => {
 };
 
 // src/mcp/services/McpUsageService/McpUsageService.ts
-init_configs();
 import fetch5 from "node-fetch";
 import os5 from "os";
 import { v4 as uuidv43, v5 as uuidv5 } from "uuid";
+init_configs();
 
 // src/mcp/services/McpUsageService/system.ts
 init_configs();
@@ -18697,8 +18755,8 @@ var McpCheckerTool = class extends BaseTool {
 };
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
-init_configs();
 import z37 from "zod";
+init_configs();
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
 init_configs();
@@ -19168,9 +19226,34 @@ async function addScmTokenHandler(args) {
 }
 
 // src/args/commands/upload_ai_blame.ts
-import fs18 from "fs/promises";
+import fsPromises3 from "fs/promises";
 import path16 from "path";
 import chalk10 from "chalk";
+import { withFile } from "tmp-promise";
+import z38 from "zod";
+var PromptItemZ = z38.object({
+  type: z38.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION"]),
+  attachedFiles: z38.array(
+    z38.object({
+      relativePath: z38.string(),
+      startLine: z38.number().optional()
+    })
+  ).optional(),
+  tokens: z38.object({
+    inputCount: z38.number(),
+    outputCount: z38.number()
+  }).optional(),
+  text: z38.string().optional(),
+  date: z38.date().optional(),
+  tool: z38.object({
+    name: z38.string(),
+    parameters: z38.string(),
+    result: z38.string(),
+    rawArguments: z38.string().optional(),
+    accepted: z38.boolean().optional()
+  }).optional()
+});
+var PromptItemArrayZ = z38.array(PromptItemZ);
 function uploadAiBlameBuilder(args) {
   return args.option("prompt", {
     type: "string",
@@ -19200,17 +19283,19 @@ function uploadAiBlameBuilder(args) {
     describe: chalk10.bold("Tool/IDE name(s) (optional, one per session)")
   }).strict();
 }
-async function uploadAiBlameHandler(args) {
+async function uploadAiBlameHandler(args, exitOnError = true) {
   const prompts = args.prompt || [];
   const inferences = args.inference || [];
   const models = args.model || [];
   const tools = args.toolName || args["tool-name"] || [];
   const responseTimes = args.aiResponseAt || args["ai-response-at"] || [];
   if (prompts.length !== inferences.length) {
-    console.error(
-      chalk10.red("prompt and inference must have the same number of entries")
-    );
-    process.exit(1);
+    const errorMsg = "prompt and inference must have the same number of entries";
+    console.error(chalk10.red(errorMsg));
+    if (exitOnError) {
+      process.exit(1);
+    }
+    throw new Error(errorMsg);
   }
   const nowIso = (/* @__PURE__ */ new Date()).toISOString();
   const sessions = [];
@@ -19218,10 +19303,17 @@ async function uploadAiBlameHandler(args) {
     const promptPath = String(prompts[i]);
     const inferencePath = String(inferences[i]);
     try {
-      await Promise.all([fs18.access(promptPath), fs18.access(inferencePath)]);
+      await Promise.all([
+        fsPromises3.access(promptPath),
+        fsPromises3.access(inferencePath)
+      ]);
     } catch {
-      console.error(chalk10.red(`File not found for session ${i + 1}`));
-      process.exit(1);
+      const errorMsg = `File not found for session ${i + 1}`;
+      console.error(chalk10.red(errorMsg));
+      if (exitOnError) {
+        process.exit(1);
+      }
+      throw new Error(errorMsg);
     }
     sessions.push({
       promptFileName: path16.basename(promptPath),
@@ -19235,10 +19327,12 @@ async function uploadAiBlameHandler(args) {
   const initRes = await gqlClient.uploadAIBlameInferencesInitRaw({ sessions });
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
-    console.error(
-      chalk10.red("Init failed to return expected number of sessions")
-    );
-    process.exit(1);
+    const errorMsg = "Init failed to return expected number of sessions";
+    console.error(chalk10.red(errorMsg));
+    if (exitOnError) {
+      process.exit(1);
+    }
+    throw new Error(errorMsg);
   }
   for (let i = 0; i < uploadSessions.length; i++) {
     const us = uploadSessions[i];
@@ -19273,12 +19367,12 @@ async function uploadAiBlameHandler(args) {
   });
   const status = finRes?.finalizeAIBlameInferencesUpload?.status;
   if (status !== "OK") {
-    console.error(
-      chalk10.red(
-        `Finalize failed: ${finRes?.finalizeAIBlameInferencesUpload?.error || "unknown error"}`
-      )
-    );
-    process.exit(1);
+    const errorMsg = finRes?.finalizeAIBlameInferencesUpload?.error || "unknown error";
+    console.error(chalk10.red(errorMsg));
+    if (exitOnError) {
+      process.exit(1);
+    }
+    throw new Error(errorMsg);
   }
   console.log(chalk10.green("AI Blame uploads finalized successfully"));
 }