oauthlint-rules 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +96 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +3 -0
- package/dist/index.js.map +1 -0
- package/dist/loader.d.ts +35 -0
- package/dist/loader.d.ts.map +1 -0
- package/dist/loader.js +72 -0
- package/dist/loader.js.map +1 -0
- package/dist/manifest.d.ts +10 -0
- package/dist/manifest.d.ts.map +1 -0
- package/dist/manifest.js +10 -0
- package/dist/manifest.js.map +1 -0
- package/dist/schema.d.ts +425 -0
- package/dist/schema.d.ts.map +1 -0
- package/dist/schema.js +71 -0
- package/dist/schema.js.map +1 -0
- package/package.json +61 -0
- package/rules/cookie/long-lived.yml +42 -0
- package/rules/cookie/no-httponly.yml +54 -0
- package/rules/cookie/no-samesite.yml +56 -0
- package/rules/cookie/no-secure.yml +58 -0
- package/rules/cors/wildcard-with-credentials.yml +56 -0
- package/rules/flow/insecure-random.yml +56 -0
- package/rules/flow/no-rate-limit.yml +39 -0
- package/rules/flow/password-min-length.yml +44 -0
- package/rules/flow/password-plaintext.yml +82 -0
- package/rules/flow/timing-unsafe-compare.yml +103 -0
- package/rules/jwt/alg-none.yml +46 -0
- package/rules/jwt/algorithm-confusion.yml +67 -0
- package/rules/jwt/in-url.yml +33 -0
- package/rules/jwt/localstorage.yml +39 -0
- package/rules/jwt/no-audience.yml +49 -0
- package/rules/jwt/no-expiration.yml +45 -0
- package/rules/jwt/no-issuer.yml +40 -0
- package/rules/jwt/weak-secret.yml +56 -0
- package/rules/oauth/broad-scope.yml +39 -0
- package/rules/oauth/hardcoded-secret.yml +41 -0
- package/rules/oauth/implicit-flow.yml +36 -0
- package/rules/oauth/long-token-lifetime.yml +57 -0
- package/rules/oauth/no-pkce.yml +50 -0
- package/rules/oauth/no-state-validation.yml +42 -0
- package/rules/oauth/no-state.yml +41 -0
- package/rules/oauth/open-redirect-callback.yml +47 -0
- package/rules/oauth/wildcard-redirect.yml +45 -0
- package/rules/secret/provider-key.yml +44 -0
- package/rules/session/id-in-url.yml +30 -0
- package/rules/session/no-regeneration.yml +53 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Maurice Anney
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
# oauthlint-rules
|
|
2
|
+
|
|
3
|
+
A focused Semgrep rule library targeting the OAuth/OIDC/JWT anti-patterns that
|
|
4
|
+
AI coding tools (Cursor, Claude Code, Copilot, Gemini Code Assist) produce on a
|
|
5
|
+
recurring basis.
|
|
6
|
+
|
|
7
|
+
This package contains:
|
|
8
|
+
|
|
9
|
+
- the YAML rules (Semgrep format) in `rules/`
|
|
10
|
+
- the loader + Zod validation schema in `src/`
|
|
11
|
+
- the test fixtures (vulnerable + safe) in `tests/fixtures/`
|
|
12
|
+
|
|
13
|
+
## Usage
|
|
14
|
+
|
|
15
|
+
```ts
|
|
16
|
+
import { loadAllRules, buildManifest } from 'oauthlint-rules';
|
|
17
|
+
|
|
18
|
+
const rules = await loadAllRules(); // validates everything on load
|
|
19
|
+
const manifest = await buildManifest(); // summary for the CLI
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
To scan code, use the [`oauthlint`](../cli) binary, which invokes Semgrep under
|
|
23
|
+
the hood, passing this package as the `--config` argument.
|
|
24
|
+
|
|
25
|
+
## Rule catalogue (30 rules)
|
|
26
|
+
|
|
27
|
+
`LLM` = how often AI coding tools introduce the anti-pattern (prevalence).
|
|
28
|
+
|
|
29
|
+
### JWT — RFC 7519 / 7515 / 7518
|
|
30
|
+
|
|
31
|
+
| ID | Severity | LLM | CWE | Description |
|
|
32
|
+
|----|----------|-----|-----|-------------|
|
|
33
|
+
| `auth.jwt.alg-none` | ERROR | HIGH | CWE-327 | `alg: none` accepted in the verifier's allow-list |
|
|
34
|
+
| `auth.jwt.weak-secret` | ERROR | HIGH | CWE-798 | Hard-coded or trivial JWT signing secret |
|
|
35
|
+
| `auth.jwt.algorithm-confusion` | ERROR | MEDIUM | CWE-327 | HS256 verification against an asymmetric (RS/ES) key |
|
|
36
|
+
| `auth.jwt.in-url` | ERROR | MEDIUM | CWE-598 | JWT (`eyJ…`) passed in a URL query string |
|
|
37
|
+
| `auth.jwt.no-expiration` | WARNING | HIGH | CWE-613 | JWT signed/verified without an `exp` / `expiresIn` claim |
|
|
38
|
+
| `auth.jwt.no-audience` | WARNING | MEDIUM | CWE-345 | JWT verified without checking the `aud` (audience) claim |
|
|
39
|
+
| `auth.jwt.localstorage` | WARNING | HIGH | CWE-922 | Auth token written to `localStorage` |
|
|
40
|
+
| `auth.jwt.no-issuer` | INFO | LOW | CWE-345 | JWT verified without checking the `iss` (issuer) claim |
|
|
41
|
+
|
|
42
|
+
### OAuth 2.0 — RFC 6749 / 7636 / 8252 / 9700
|
|
43
|
+
|
|
44
|
+
| ID | Severity | LLM | CWE | Description |
|
|
45
|
+
|----|----------|-----|-----|-------------|
|
|
46
|
+
| `auth.oauth.no-state` | ERROR | HIGH | CWE-352 | Authorization request built without a `state` parameter |
|
|
47
|
+
| `auth.oauth.wildcard-redirect` | ERROR | MEDIUM | CWE-601 | `redirect_uri` allow-list with a wildcard / `http://` URL |
|
|
48
|
+
| `auth.oauth.hardcoded-secret` | ERROR | HIGH | CWE-798 | `client_secret` hard-coded in source |
|
|
49
|
+
| `auth.oauth.implicit-flow` | ERROR | MEDIUM | CWE-1004 | OAuth implicit flow (deprecated) |
|
|
50
|
+
| `auth.oauth.open-redirect-callback` | ERROR | HIGH | CWE-601 | Callback redirects to a user-controlled URL |
|
|
51
|
+
| `auth.oauth.no-pkce` | WARNING | HIGH | CWE-345 | Public client without PKCE |
|
|
52
|
+
| `auth.oauth.no-state-validation` | WARNING | HIGH | CWE-352 | `state` received but never validated |
|
|
53
|
+
| `auth.oauth.long-token-lifetime` | WARNING | MEDIUM | CWE-613 | Over-long `expires_in` / token lifetime |
|
|
54
|
+
| `auth.oauth.broad-scope` | INFO | HIGH | CWE-272 | Over-broad scope requested (`admin`, `*`) |
|
|
55
|
+
|
|
56
|
+
### Cookies — RFC 6265
|
|
57
|
+
|
|
58
|
+
| ID | Severity | LLM | CWE | Description |
|
|
59
|
+
|----|----------|-----|-----|-------------|
|
|
60
|
+
| `auth.cookie.no-secure` | WARNING | HIGH | CWE-614 | Auth cookie set without the `Secure` flag |
|
|
61
|
+
| `auth.cookie.no-httponly` | WARNING | HIGH | CWE-1004 | Auth cookie set without the `HttpOnly` flag |
|
|
62
|
+
| `auth.cookie.no-samesite` | INFO | MEDIUM | CWE-1275 | Auth cookie set without `SameSite` |
|
|
63
|
+
| `auth.cookie.long-lived` | INFO | MEDIUM | CWE-613 | Auth cookie with an excessively long `maxAge` |
|
|
64
|
+
|
|
65
|
+
### Sessions
|
|
66
|
+
|
|
67
|
+
| ID | Severity | LLM | CWE | Description |
|
|
68
|
+
|----|----------|-----|-----|-------------|
|
|
69
|
+
| `auth.session.id-in-url` | ERROR | MEDIUM | CWE-598 | Session id / token in a URL query string |
|
|
70
|
+
| `auth.session.no-regeneration` | WARNING | MEDIUM | CWE-384 | Session not regenerated on login (fixation) |
|
|
71
|
+
|
|
72
|
+
### CORS
|
|
73
|
+
|
|
74
|
+
| ID | Severity | LLM | CWE | Description |
|
|
75
|
+
|----|----------|-----|-----|-------------|
|
|
76
|
+
| `auth.cors.wildcard-with-credentials` | ERROR | HIGH | CWE-942 | `Allow-Origin: *` combined with credentials |
|
|
77
|
+
|
|
78
|
+
### Secrets
|
|
79
|
+
|
|
80
|
+
| ID | Severity | LLM | CWE | Description |
|
|
81
|
+
|----|----------|-----|-----|-------------|
|
|
82
|
+
| `auth.secret.provider-key` | ERROR | HIGH | CWE-798 | Hard-coded key matching a known provider's format |
|
|
83
|
+
|
|
84
|
+
### Auth flow
|
|
85
|
+
|
|
86
|
+
| ID | Severity | LLM | CWE | Description |
|
|
87
|
+
|----|----------|-----|-----|-------------|
|
|
88
|
+
| `auth.flow.password-plaintext` | ERROR | MEDIUM | CWE-256 | Password persisted without hashing |
|
|
89
|
+
| `auth.flow.insecure-random` | ERROR | HIGH | CWE-338 | `Math.random()` used for a security-sensitive value |
|
|
90
|
+
| `auth.flow.timing-unsafe-compare` | WARNING | MEDIUM | CWE-208 | Secret compared with `===` (non-constant-time) |
|
|
91
|
+
| `auth.flow.password-min-length` | WARNING | MEDIUM | CWE-521 | Password policy enforces too short a minimum length |
|
|
92
|
+
| `auth.flow.no-rate-limit` | INFO | HIGH | CWE-307 | Auth endpoint (`/login`, etc.) without rate limiting |
|
|
93
|
+
|
|
94
|
+
## License
|
|
95
|
+
|
|
96
|
+
MIT — see [LICENSE](../LICENSE).
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export { OAuthLintMetadataSchema, type OAuthLintMetadata, RuleFileSchema, type RuleFile, RuleSchema, type Rule, SeveritySchema, type Severity, } from './schema.js';
|
|
2
|
+
export { buildManifest, loadAllRules, type LoadedRule, type RuleManifestEntry, RULES_ROOT, } from './loader.js';
|
|
3
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,cAAc,EACd,KAAK,QAAQ,EACb,UAAU,EACV,KAAK,IAAI,EACT,cAAc,EACd,KAAK,QAAQ,GACd,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,UAAU,GACX,MAAM,aAAa,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EAEvB,cAAc,EAEd,UAAU,EAEV,cAAc,GAEf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,aAAa,EACb,YAAY,EAGZ,UAAU,GACX,MAAM,aAAa,CAAC"}
|
package/dist/loader.d.ts
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { type Rule } from './schema.js';
|
|
2
|
+
/**
|
|
3
|
+
* Root directory containing the bundled rule YAML files.
|
|
4
|
+
* When the package is published, the rules/ folder ships next to dist/.
|
|
5
|
+
* In development, we walk up to the package root.
|
|
6
|
+
*/
|
|
7
|
+
export declare const RULES_ROOT: string;
|
|
8
|
+
export interface LoadedRule {
|
|
9
|
+
rule: Rule;
|
|
10
|
+
sourceFile: string;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Recursively load every rule shipped with this package.
|
|
14
|
+
* Throws a descriptive error if any rule fails schema validation —
|
|
15
|
+
* we'd rather fail loud at import time than silently ship a broken rule.
|
|
16
|
+
*/
|
|
17
|
+
export declare function loadAllRules(root?: string): Promise<LoadedRule[]>;
|
|
18
|
+
/**
|
|
19
|
+
* Build a manifest summarising every shipped rule.
|
|
20
|
+
* Useful for the CLI's `oauthlint list` command and for the docs site.
|
|
21
|
+
*/
|
|
22
|
+
export declare function buildManifest(root?: string): Promise<{
|
|
23
|
+
id: string;
|
|
24
|
+
severity: "INFO" | "WARNING" | "ERROR";
|
|
25
|
+
languages: string[];
|
|
26
|
+
oauthlintId: string;
|
|
27
|
+
docUrl: string;
|
|
28
|
+
llmPrevalence: "HIGH" | "MEDIUM" | "LOW";
|
|
29
|
+
cwe: string | undefined;
|
|
30
|
+
owasp: string | undefined;
|
|
31
|
+
description: string;
|
|
32
|
+
sourceFile: string;
|
|
33
|
+
}[]>;
|
|
34
|
+
export type RuleManifestEntry = Awaited<ReturnType<typeof buildManifest>>[number];
|
|
35
|
+
//# sourceMappingURL=loader.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,IAAI,EAAkB,MAAM,aAAa,CAAC;AAIxD;;;;GAIG;AACH,eAAO,MAAM,UAAU,QAA+B,CAAC;AAEvD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,IAAI,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,GAAE,MAAmB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAuCnF;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,IAAI,GAAE,MAAmB;;;;;;;;;;;KAc5D;AAED,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC"}
|
package/dist/loader.js
ADDED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { readFile } from 'node:fs/promises';
|
|
2
|
+
import { dirname, resolve } from 'node:path';
|
|
3
|
+
import { fileURLToPath } from 'node:url';
|
|
4
|
+
import fastGlob from 'fast-glob';
|
|
5
|
+
import { parse as parseYaml } from 'yaml';
|
|
6
|
+
import { RuleFileSchema } from './schema.js';
|
|
7
|
+
const HERE = dirname(fileURLToPath(import.meta.url));
|
|
8
|
+
/**
|
|
9
|
+
* Root directory containing the bundled rule YAML files.
|
|
10
|
+
* When the package is published, the rules/ folder ships next to dist/.
|
|
11
|
+
* In development, we walk up to the package root.
|
|
12
|
+
*/
|
|
13
|
+
export const RULES_ROOT = resolve(HERE, '..', 'rules');
|
|
14
|
+
/**
|
|
15
|
+
* Recursively load every rule shipped with this package.
|
|
16
|
+
* Throws a descriptive error if any rule fails schema validation —
|
|
17
|
+
* we'd rather fail loud at import time than silently ship a broken rule.
|
|
18
|
+
*/
|
|
19
|
+
export async function loadAllRules(root = RULES_ROOT) {
|
|
20
|
+
const files = await fastGlob(['**/*.yml', '**/*.yaml'], {
|
|
21
|
+
cwd: root,
|
|
22
|
+
absolute: true,
|
|
23
|
+
ignore: ['**/node_modules/**'],
|
|
24
|
+
});
|
|
25
|
+
const loaded = [];
|
|
26
|
+
const seenIds = new Set();
|
|
27
|
+
for (const file of files) {
|
|
28
|
+
const content = await readFile(file, 'utf8');
|
|
29
|
+
let parsed;
|
|
30
|
+
try {
|
|
31
|
+
parsed = parseYaml(content);
|
|
32
|
+
}
|
|
33
|
+
catch (err) {
|
|
34
|
+
throw new Error(`Invalid YAML in ${file}: ${err.message}`);
|
|
35
|
+
}
|
|
36
|
+
const result = RuleFileSchema.safeParse(parsed);
|
|
37
|
+
if (!result.success) {
|
|
38
|
+
throw new Error(`Schema validation failed for ${file}:\n${result.error.issues
|
|
39
|
+
.map((i) => ` - ${i.path.join('.')}: ${i.message}`)
|
|
40
|
+
.join('\n')}`);
|
|
41
|
+
}
|
|
42
|
+
for (const rule of result.data.rules) {
|
|
43
|
+
if (seenIds.has(rule.id)) {
|
|
44
|
+
throw new Error(`Duplicate rule id ${rule.id} (also found in ${file})`);
|
|
45
|
+
}
|
|
46
|
+
seenIds.add(rule.id);
|
|
47
|
+
loaded.push({ rule, sourceFile: file });
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
loaded.sort((a, b) => a.rule.id.localeCompare(b.rule.id));
|
|
51
|
+
return loaded;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Build a manifest summarising every shipped rule.
|
|
55
|
+
* Useful for the CLI's `oauthlint list` command and for the docs site.
|
|
56
|
+
*/
|
|
57
|
+
export async function buildManifest(root = RULES_ROOT) {
|
|
58
|
+
const loaded = await loadAllRules(root);
|
|
59
|
+
return loaded.map(({ rule, sourceFile }) => ({
|
|
60
|
+
id: rule.id,
|
|
61
|
+
severity: rule.severity,
|
|
62
|
+
languages: rule.languages,
|
|
63
|
+
oauthlintId: rule.metadata['oauthlint-rule-id'],
|
|
64
|
+
docUrl: rule.metadata['oauthlint-doc-url'],
|
|
65
|
+
llmPrevalence: rule.metadata['llm-prevalence'],
|
|
66
|
+
cwe: rule.metadata.cwe,
|
|
67
|
+
owasp: rule.metadata.owasp,
|
|
68
|
+
description: rule.message.split('\n')[0]?.trim() ?? '',
|
|
69
|
+
sourceFile,
|
|
70
|
+
}));
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=loader.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,QAAQ,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAa,cAAc,EAAE,MAAM,aAAa,CAAC;AAExD,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAErD;;;;GAIG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAOvD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAe,UAAU;IAC1D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE;QACtD,GAAG,EAAE,IAAI;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,oBAAoB,CAAC;KAC/B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAiB,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,gCAAgC,IAAI,MAAM,MAAM,CAAC,KAAK,CAAC,MAAM;iBAC1D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;iBACnD,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,CAAC,EAAE,mBAAmB,IAAI,GAAG,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe,UAAU;IAC3D,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACxC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3C,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAC/C,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAC1C,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAC9C,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;QACtB,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;QAC1B,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;QACtD,UAAU;KACX,CAAC,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pre-computed manifest entry-point used by consumers that want
|
|
3
|
+
* the rule list without filesystem access (e.g. browser docs site).
|
|
4
|
+
*
|
|
5
|
+
* The actual manifest is generated at build time by `scripts/generate-manifest.ts`
|
|
6
|
+
* (added in Sprint 1.2). For now, consumers should call `buildManifest()`
|
|
7
|
+
* directly from `./loader.js`.
|
|
8
|
+
*/
|
|
9
|
+
export { buildManifest, type RuleManifestEntry } from './loader.js';
|
|
10
|
+
//# sourceMappingURL=manifest.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manifest.d.ts","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,aAAa,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/manifest.js
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pre-computed manifest entry-point used by consumers that want
|
|
3
|
+
* the rule list without filesystem access (e.g. browser docs site).
|
|
4
|
+
*
|
|
5
|
+
* The actual manifest is generated at build time by `scripts/generate-manifest.ts`
|
|
6
|
+
* (added in Sprint 1.2). For now, consumers should call `buildManifest()`
|
|
7
|
+
* directly from `./loader.js`.
|
|
8
|
+
*/
|
|
9
|
+
export { buildManifest } from './loader.js';
|
|
10
|
+
//# sourceMappingURL=manifest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,aAAa,EAA0B,MAAM,aAAa,CAAC"}
|