pkg-scaffold 3.3.3 → 3.3.5

package/src/resolution/WorkSpaceGraph.js

@@ -1,10 +1,17 @@
 import fs from 'fs/promises';
 import path from 'path';
-// Native sub-directory crawling removed as it's not in fs/promises in older node, but we use readdir anyway.
 
 /**
  * Monorepo Cross-Linking Topology Manager
  * Maps sub-package structural boundaries across pnpm, Yarn, or npm workspaces.
+ *
+ * Improvements over v1:
+ * - Auto-activates workspace mode when workspace config is detected (no manual flag required)
+ * - Supports deeper glob patterns beyond simple `packages/*` (e.g. `apps/*`, `libs/**`)
+ * - Correctly registers workspace package names as "used" so they are never flagged as unused deps
+ * - Handles Bun workspaces (workspaces array in package.json)
+ * - Resolves subpath imports for workspace packages (e.g. `@scope/pkg/utils`)
+ * - Exposes `markWorkspacePackagesAsUsed()` so the engine can call it after dep audit
  */
 export class WorkspaceGraph {
   constructor(context) {
@@ -15,6 +22,7 @@ export class WorkspaceGraph {
 
   /**
    * Checks the environment layout to discover and map local workspace packages.
+   * This method is idempotent and safe to call multiple times.
    */
   async initializeWorkspaceMesh() {
     const rootPackageJsonPath = path.join(this.context.cwd, 'package.json');
@@ -23,7 +31,7 @@ export class WorkspaceGraph {
     let workspaceGlobs = [];
     this.hoistedDependencies = new Set();
 
-    // Load hoisted dependencies from root package.json (Knip Issue #1792 fix)
+    // Load hoisted dependencies from root package.json
     try {
       const rootPkg = JSON.parse(await fs.readFile(rootPackageJsonPath, 'utf8'));
       const deps = { ...rootPkg.dependencies, ...rootPkg.devDependencies };
@@ -32,7 +40,7 @@ export class WorkspaceGraph {
       // No root package.json or unreadable
     }
 
-    // Protocol A: Check for pnpm workspace configurations
+    // Protocol A: Check for pnpm workspace configurations (pnpm-workspace.yaml)
     try {
       const yaml = await fs.readFile(pnpmWorkspacePath, 'utf8');
       const lines = yaml.split('\n');
@@ -40,78 +48,159 @@ export class WorkspaceGraph {
 
       for (const line of lines) {
         const trimmed = line.trim();
-        if (trimmed.startsWith('packages:')) {
+        if (trimmed === 'packages:') {
           insidePackagesBlock = true;
           continue;
         }
-        if (insidePackagesBlock && trimmed.startsWith('-')) {
-          const pattern = trimmed.replace(/^-|['"]/g, '').trim();
-          workspaceGlobs.push(pattern);
+        if (insidePackagesBlock) {
+          if (trimmed.startsWith('-')) {
+            const pattern = trimmed.replace(/^-\s*/, '').replace(/['"]/g, '').trim();
+            if (pattern) workspaceGlobs.push(pattern);
+          } else if (trimmed && !trimmed.startsWith('#')) {
+            // Another top-level key encountered – stop reading packages block
+            insidePackagesBlock = false;
+          }
         }
       }
     } catch {
       // pnpm structure absent; check package.json workspace array paths instead
     }
 
-    // Protocol B: Check for Yarn/npm workspaces array inside the root package.json
+    // Protocol B: Check for Yarn/npm/Bun workspaces array inside the root package.json
     if (workspaceGlobs.length === 0) {
       try {
         const pkgText = await fs.readFile(rootPackageJsonPath, 'utf8');
         const pkg = JSON.parse(pkgText);
         if (pkg.workspaces) {
-          workspaceGlobs = Array.isArray(pkg.workspaces) ? pkg.workspaces : (pkg.workspaces.packages || []);
+          workspaceGlobs = Array.isArray(pkg.workspaces)
+            ? pkg.workspaces
+            : (pkg.workspaces.packages || []);
         }
       } catch {
-        return; // Workspace mesh maps skipped for single-package targets
+        // No workspaces found
       }
     }
 
+    if (workspaceGlobs.length > 0) {
+      this.context.isWorkspaceEnabled = true;
+    } else {
+      return; // Workspace mesh maps skipped for single-package targets
+    }
+
     // Crawl target glob configurations to locate workspace packages
     for (const pattern of workspaceGlobs) {
       await this.locatePackagesViaPattern(pattern);
     }
+
+    // Register all discovered workspace packages as "used" external packages so they
+    // are never incorrectly flagged as unused dependencies.
+    this.markWorkspacePackagesAsUsed();
   }
 
+  /**
+   * Expands a workspace glob pattern and registers all found packages.
+   * Supports patterns like:
+   *   - `packages/*`       (one level deep)
+   *   - `apps/*`           (one level deep)
+   *   - `packages/**`      (recursive – all subdirectories)
+   *   - `packages/core`    (explicit single package)
+   */
   async locatePackagesViaPattern(globPattern) {
-    // Normalizes wildcards down into base query directories
     const standardizedPattern = globPattern.replace(/\\/g, '/');
+
+    // Determine if this is a recursive pattern (`**`) or a simple wildcard (`*`)
+    const isRecursive = standardizedPattern.includes('**');
+    const isWildcard = standardizedPattern.includes('*');
+
+    if (!isWildcard) {
+      // Explicit path: treat the pattern itself as a single package directory
+      const absolutePath = path.resolve(this.context.cwd, standardizedPattern);
+      await this._tryRegisterPackage(absolutePath);
+      return;
+    }
+
+    // Extract the base directory before the first wildcard segment
     const baseDir = standardizedPattern.split('/*')[0];
     const absoluteSearchPath = path.resolve(this.context.cwd, baseDir);
 
+    if (isRecursive) {
+      await this._scanDirectoryRecursively(absoluteSearchPath);
+    } else {
+      await this._scanDirectoryShallow(absoluteSearchPath);
+    }
+  }
+
+  /**
+   * Scans a directory one level deep for workspace packages.
+   */
+  async _scanDirectoryShallow(absoluteSearchPath) {
     try {
       const contents = await fs.readdir(absoluteSearchPath, { withFileTypes: true });
-      
       for (const entity of contents) {
         if (!entity.isDirectory()) continue;
-        
         const subPackageDir = path.join(absoluteSearchPath, entity.name);
-        const manifestFile = path.join(subPackageDir, 'package.json');
-        
-        try {
-          const data = await fs.readFile(manifestFile, 'utf8');
-          const pkg = JSON.parse(data);
-          
-          if (pkg.name) {
-            const entryPoints = this.calculatePackageExportsEntries(pkg, subPackageDir);
-            
-            this.packageManifests.set(pkg.name, {
-              packageName: pkg.name,
-              rootDirectory: subPackageDir,
-              manifestPath: manifestFile,
-              entryPoints
-            });
-
-            this.workspacePackageNames.add(pkg.name);
-          }
-        } catch {
-          // package.json parsing failed; ignore invalid directory roots
-        }
+        await this._tryRegisterPackage(subPackageDir);
       }
     } catch {
       // Unreadable target directories; pass tracking
     }
   }
 
+  /**
+   * Recursively scans a directory tree for workspace packages.
+   * Stops descending into `node_modules` directories.
+   */
+  async _scanDirectoryRecursively(absoluteSearchPath) {
+    try {
+      const contents = await fs.readdir(absoluteSearchPath, { withFileTypes: true });
+      for (const entity of contents) {
+        if (!entity.isDirectory()) continue;
+        if (entity.name === 'node_modules' || entity.name === '.git') continue;
+        const subDir = path.join(absoluteSearchPath, entity.name);
+        // Try to register as a package first
+        const registered = await this._tryRegisterPackage(subDir);
+        // If not a package root itself, recurse deeper
+        if (!registered) {
+          await this._scanDirectoryRecursively(subDir);
+        }
+      }
+    } catch {
+      // Unreadable directories; pass
+    }
+  }
+
+  /**
+   * Attempts to register a directory as a workspace package.
+   * Returns true if a valid package.json with a `name` field was found.
+   */
+  async _tryRegisterPackage(packageDir) {
+    const manifestFile = path.join(packageDir, 'package.json');
+    try {
+      const data = await fs.readFile(manifestFile, 'utf8');
+      const pkg = JSON.parse(data);
+      
+      if (pkg.name) {
+        const entryPoints = this.calculatePackageExportsEntries(pkg, packageDir);
+        
+        this.packageManifests.set(pkg.name, {
+          packageName: pkg.name,
+          rootDirectory: packageDir,
+          manifestPath: manifestFile,
+          entryPoints
+        });
+
+        this.workspacePackageNames.add(pkg.name);
+        // Also register the package root so the resolver can identify files
+        // inside this package as "internal" rather than node_modules.
+        this.context.monorepoPackageRoots.add(packageDir);
+        return true;
+      }
+    } catch {
+      // package.json parsing failed; ignore invalid directory roots
+    }
+    return false;
+  }
+
   /**
    * Tracks package entry points by evaluating standard fields and main/exports configurations.
    */
@@ -121,8 +210,9 @@ export class WorkspaceGraph {
     // Trace traditional entry fields
     if (pkg.main) entries.add(path.resolve(pkgDir, pkg.main));
     if (pkg.module) entries.add(path.resolve(pkgDir, pkg.module));
-    if (pkg.browser) entries.add(path.resolve(pkgDir, pkg.browser));
+    if (pkg.browser && typeof pkg.browser === 'string') entries.add(path.resolve(pkgDir, pkg.browser));
     if (pkg.types) entries.add(path.resolve(pkgDir, pkg.types));
+    if (pkg.typings) entries.add(path.resolve(pkgDir, pkg.typings));
 
     // Handle deep nested conditional exports matrices block parameters
     if (pkg.exports) {
@@ -131,8 +221,16 @@ export class WorkspaceGraph {
 
     // Default file index fallback configurations
     if (entries.size === 0) {
+      // Standard roots
       entries.add(path.resolve(pkgDir, 'index.js'));
       entries.add(path.resolve(pkgDir, 'index.ts'));
+      entries.add(path.resolve(pkgDir, 'index.tsx'));
+      entries.add(path.resolve(pkgDir, 'index.jsx'));
+      // Common src patterns
+      entries.add(path.resolve(pkgDir, 'src/index.ts'));
+      entries.add(path.resolve(pkgDir, 'src/index.tsx'));
+      entries.add(path.resolve(pkgDir, 'src/index.js'));
+      entries.add(path.resolve(pkgDir, 'src/index.jsx'));
     }
 
     return Array.from(entries);
@@ -143,6 +241,8 @@ export class WorkspaceGraph {
       if (exportsValue.startsWith('.')) {
         collected.add(path.resolve(pkgDir, exportsValue));
       }
+    } else if (Array.isArray(exportsValue)) {
+      exportsValue.forEach(v => this.recursivelyUnwindExports(v, pkgDir, collected));
     } else if (typeof exportsValue === 'object' && exportsValue !== null) {
       for (const val of Object.values(exportsValue)) {
         this.recursivelyUnwindExports(val, pkgDir, collected);
@@ -150,6 +250,19 @@ export class WorkspaceGraph {
     }
   }
 
+  /**
+   * Marks all registered workspace package names as used in the global
+   * `usedExternalPackages` set so they are never flagged as unused dependencies.
+   *
+   * This must be called after `initializeWorkspaceMesh()` and before the
+   * unused-dependency report is generated.
+   */
+  markWorkspacePackagesAsUsed() {
+    for (const pkgName of this.workspacePackageNames) {
+      this.context.usedExternalPackages.add(pkgName);
+    }
+  }
+
   /**
    * Checks if an import specifier matches a package registered in our workspace mesh.
    */

package/src/performance/SecretDetector.js

@@ -1,378 +0,0 @@
-/**
- * ============================================================================
- * Secret Detection Engine for pkg-scaffold v3.3.2 (AST + REGEX Fallback)
- * 
- * Uses OXC parser for fast, accurate detection of hardcoded secrets.
- * Falls back to REGEX patterns if AST parsing fails.
- * ============================================================================
- */
-
-import fs from 'fs/promises';
-import path from 'path';
-
-export class SecretDetector {
-  constructor(context) {
-    this.context = context;
-    this.secrets = [];
-    
-    // REGEX patterns for detecting secrets (fallback)
-    this.regexPatterns = {
-      apiKey: /['\"]?api[_-]?key['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9\-_]{20,})['\"]?/gi,
-      bearerToken: /bearer\s+([a-zA-Z0-9\-_\.]{20,})/gi,
-      jwtToken: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g,
-      awsAccessKey: /AKIA[0-9A-Z]{16}/g,
-      awsSecretKey: /aws_secret_access_key\s*[:=]\s*['\"]([a-zA-Z0-9\/+]{40})['\"]?/gi,
-      databaseUrl: /(postgres|mysql|mongodb|redis):\/\/([a-zA-Z0-9_-]+):([a-zA-Z0-9_\-@!$%^&*()+=]+)@/gi,
-      dbPassword: /password\s*[:=]\s*['\"]([^'\"]{6,})['\"]?/gi,
-      githubToken: /ghp_[a-zA-Z0-9]{36}/g,
-      gitlabToken: /glpat-[a-zA-Z0-9_-]{20,}/g,
-      privateKey: /-----BEGIN (RSA|DSA|EC|PGP|OPENSSH) PRIVATE KEY-----/g,
-      slackWebhook: /https:\/\/hooks\.slack\.com\/services\/[a-zA-Z0-9\/]+/g,
-      discordWebhook: /https:\/\/discord\.com\/api\/webhooks\/[a-zA-Z0-9\/]+/g,
-      secretKey: /['\"]?secret[_-]?key['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9\-_]{20,})['\"]?/gi,
-      accessToken: /['\"]?access[_-]?token['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9\-_\.]{20,})['\"]?/gi,
-      stripeKey: /sk_live_[a-zA-Z0-9]{24,}/g,
-      googleApiKey: /AIza[0-9A-Za-z\-_]{35}/g,
-    };
-
-    // Secret pattern metadata
-    this.secretMetadata = {
-      apiKey: { severity: 'HIGH', keywords: ['api_key', 'apikey'] },
-      bearerToken: { severity: 'CRITICAL', keywords: ['bearer', 'token'] },
-      jwtToken: { severity: 'CRITICAL', keywords: ['jwt', 'token'] },
-      awsAccessKey: { severity: 'CRITICAL', keywords: ['aws', 'access'] },
-      awsSecretKey: { severity: 'CRITICAL', keywords: ['aws', 'secret'] },
-      databaseUrl: { severity: 'CRITICAL', keywords: ['database', 'db', 'postgres', 'mysql'] },
-      dbPassword: { severity: 'CRITICAL', keywords: ['password', 'passwd'] },
-      githubToken: { severity: 'CRITICAL', keywords: ['github', 'token'] },
-      gitlabToken: { severity: 'CRITICAL', keywords: ['gitlab', 'token'] },
-      privateKey: { severity: 'CRITICAL', keywords: ['private', 'key', 'pem'] },
-      slackWebhook: { severity: 'HIGH', keywords: ['slack', 'webhook'] },
-      discordWebhook: { severity: 'HIGH', keywords: ['discord', 'webhook'] },
-      secretKey: { severity: 'HIGH', keywords: ['secret', 'key'] },
-      accessToken: { severity: 'CRITICAL', keywords: ['access', 'token'] },
-      stripeKey: { severity: 'CRITICAL', keywords: ['stripe', 'key'] },
-      googleApiKey: { severity: 'HIGH', keywords: ['google', 'api'] },
-    };
-  }
-
-  /**
-   * Scans a file for hardcoded secrets using REGEX
-   */
-  scanFileForSecretsRegex(filePath, content) {
-    const detectedSecrets = [];
-    const lines = content.split('\n');
-
-    lines.forEach((line, lineIndex) => {
-      // Skip comments and empty lines
-      if (line.trim().startsWith('//') || line.trim().startsWith('#') || line.trim().startsWith('*') || !line.trim()) {
-        return;
-      }
-
-      // Check each pattern
-      for (const [patternName, pattern] of Object.entries(this.regexPatterns)) {
-        const matches = [...line.matchAll(pattern)];
-        
-        for (const match of matches) {
-          const metadata = this.secretMetadata[patternName] || { severity: 'MEDIUM', keywords: [] };
-          
-          detectedSecrets.push({
-            file: filePath,
-            line: lineIndex + 1,
-            column: match.index + 1,
-            type: patternName,
-            secret: match[0].substring(0, 20) + '***',
-            severity: metadata.severity,
-            variable: this.extractVariableName(line, match.index)
-          });
-        }
-      }
-    });
-
-    return detectedSecrets;
-  }
-
-  /**
-   * Extracts variable name from line
-   */
-  extractVariableName(line, matchIndex) {
-    // Look backwards for variable assignment
-    const beforeMatch = line.substring(0, matchIndex);
-    const varMatch = beforeMatch.match(/(?:const|let|var|=)\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*[:=]?/);
-    if (varMatch) return varMatch[1];
-    
-    // Look for object property
-    const propMatch = beforeMatch.match(/([a-zA-Z_$][a-zA-Z0-9_$]*)\s*[:=]\s*$/);
-    if (propMatch) return propMatch[1];
-    
-    return 'unknown';
-  }
-
-  /**
-   * Scans entire codebase for secrets (reads from disk)
-   */
-  async scanCodebaseForSecrets(context) {
-    this.secrets = [];
-    this.cwd = context?.cwd || this.context.cwd;
-    const cwd = this.cwd;
-
-    try {
-      // Recursively scan all source files
-      await this.scanDirectory(cwd);
-    } catch (e) {
-      console.error('Error scanning codebase for secrets:', e.message);
-    }
-
-    return this.secrets;
-  }
-
-  /**
-   * Recursively scans directory for source files
-   */
-  async scanDirectory(dirPath) {
-    try {
-      const entries = await fs.readdir(dirPath, { withFileTypes: true });
-
-      for (const entry of entries) {
-        const fullPath = path.join(dirPath, entry.name);
-
-        // Skip node_modules, dist, build, .git
-        if (['node_modules', 'dist', 'build', '.git', '.scaffold-cache', '.next', 'out'].includes(entry.name)) {
-          continue;
-        }
-
-        if (entry.isDirectory()) {
-          await this.scanDirectory(fullPath);
-        } else if (entry.isFile()) {
-          const ext = path.extname(entry.name);
-          if (['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs', '.env', '.env.local'].includes(ext)) {
-            await this.scanFile(fullPath);
-          }
-        }
-      }
-    } catch (e) {
-      // Silently skip directories that can't be read
-    }
-  }
-
-  /**
-   * Scans a single file for secrets
-   */
-  async scanFile(filePath) {
-    try {
-      const content = await fs.readFile(filePath, 'utf8');
-      
-      // Try AST parsing first (if available)
-      let detectedSecrets = [];
-      try {
-        detectedSecrets = this.scanFileForSecretsAST(filePath, content);
-      } catch (e) {
-        // Fall back to REGEX if AST fails
-        detectedSecrets = this.scanFileForSecretsRegex(filePath, content);
-      }
-
-      // If AST returned nothing, try REGEX as additional pass
-      if (detectedSecrets.length === 0) {
-        detectedSecrets = this.scanFileForSecretsRegex(filePath, content);
-      }
-
-      this.secrets.push(...detectedSecrets);
-    } catch (e) {
-      // Skip files that can't be read
-    }
-  }
-
-  /**
-   * Scans file using AST (with OXC if available)
-   */
-  scanFileForSecretsAST(filePath, content) {
-    const detectedSecrets = [];
-
-    try {
-      // Try to use OXC parser if available
-      let ast;
-      try {
-        const { parseSync } = require('oxc-parser');
-        ast = parseSync(content, {
-          sourceType: 'module',
-          ecmaVersion: 'latest'
-        });
-      } catch (e) {
-        // OXC not available, fall back to REGEX
-        return this.scanFileForSecretsRegex(filePath, content);
-      }
-
-      // Walk AST and find variable assignments with secret values
-      this.walkAST(ast, (node) => {
-        // Variable declarations: const API_KEY = "sk_..."
-        if (node.type === 'VariableDeclarator' && node.init) {
-          const varName = node.id?.name || '';
-          const secret = this.extractSecretValue(node.init);
-          
-          if (secret) {
-            const detectedType = this.classifySecret(varName, secret.value);
-            if (detectedType) {
-              detectedSecrets.push({
-                file: filePath,
-                line: node.loc?.start?.line || 0,
-                column: node.loc?.start?.column || 0,
-                type: detectedType.type,
-                severity: detectedType.severity,
-                variable: varName,
-                secret: secret.value.substring(0, 20) + '***'
-              });
-            }
-          }
-        }
-
-        // Object properties: { password: "...", apiKey: "..." }
-        if (node.type === 'Property' && node.value) {
-          const propName = node.key?.name || node.key?.value || '';
-          const secret = this.extractSecretValue(node.value);
-          
-          if (secret) {
-            const detectedType = this.classifySecret(propName, secret.value);
-            if (detectedType) {
-              detectedSecrets.push({
-                file: filePath,
-                line: node.loc?.start?.line || 0,
-                column: node.loc?.start?.column || 0,
-                type: detectedType.type,
-                severity: detectedType.severity,
-                variable: propName,
-                secret: secret.value.substring(0, 20) + '***'
-              });
-            }
-          }
-        }
-
-        // Assignment expressions: API_KEY = "..."
-        if (node.type === 'AssignmentExpression' && node.right) {
-          const varName = node.left?.name || '';
-          const secret = this.extractSecretValue(node.right);
-          
-          if (secret) {
-            const detectedType = this.classifySecret(varName, secret.value);
-            if (detectedType) {
-              detectedSecrets.push({
-                file: filePath,
-                line: node.loc?.start?.line || 0,
-                column: node.loc?.start?.column || 0,
-                type: detectedType.type,
-                severity: detectedType.severity,
-                variable: varName,
-                secret: secret.value.substring(0, 20) + '***'
-              });
-            }
-          }
-        }
-      });
-    } catch (e) {
-      // Return empty on error, will fall back to REGEX
-      return [];
-    }
-
-    return detectedSecrets;
-  }
-
-  /**
-   * Extracts string value from AST node
-   */
-  extractSecretValue(node) {
-    if (node.type === 'StringLiteral' || node.type === 'Literal') {
-      return { value: node.value || '' };
-    }
-    if (node.type === 'TemplateLiteral') {
-      return { value: node.quasis?.[0]?.value?.raw || '' };
-    }
-    return null;
-  }
-
-  /**
-   * Classifies a secret based on variable name and value
-   */
-  classifySecret(variableName, value) {
-    const lowerName = variableName.toLowerCase();
-
-    for (const [type, metadata] of Object.entries(this.secretMetadata)) {
-      const pattern = this.regexPatterns[type];
-      if (!pattern) continue;
-
-      // Check if variable name matches keywords
-      const nameMatches = metadata.keywords.some(kw => lowerName.includes(kw));
-      
-      // Check if value matches pattern
-      const valueMatches = pattern.test(value);
-
-      if ((nameMatches && value.length > 8) || valueMatches) {
-        return { type, severity: metadata.severity };
-      }
-    }
-
-    return null;
-  }
-
-  /**
-   * Simple AST walker
-   */
-  walkAST(node, callback) {
-    if (!node || typeof node !== 'object') return;
-
-    callback(node);
-
-    for (const key in node) {
-      if (key === 'loc' || key === 'range' || key === 'start' || key === 'end') continue;
-      
-      const child = node[key];
-      if (Array.isArray(child)) {
-        child.forEach(item => this.walkAST(item, callback));
-      } else if (typeof child === 'object') {
-        this.walkAST(child, callback);
-      }
-    }
-  }
-
-  /**
-   * Formats secrets for reporting
-   */
-  formatSecretsForReport() {
-    if (this.secrets.length === 0) return [];
-
-    return this.secrets.map(secret => ({
-      file: secret.file,
-      line: secret.line,
-      column: secret.column,
-      type: secret.type,
-      severity: secret.severity,
-      variable: secret.variable,
-      redacted: secret.secret
-    }));
-  }
-
-  /**
-   * Gets secrets by severity level
-   */
-  getSecretsBySeverity(severity) {
-    return this.secrets.filter(s => s.severity === severity);
-  }
-
-  /**
-   * Gets critical secrets only
-   */
-  getCriticalSecrets() {
-    return this.getSecretsBySeverity('CRITICAL');
-  }
-
-  /**
-   * Gets count of secrets by type
-   */
-  getSecretStats() {
-    const stats = {};
-    this.secrets.forEach(secret => {
-      stats[secret.type] = (stats[secret.type] || 0) + 1;
-    });
-    return stats;
-  }
-}
-
-export default SecretDetector;