projscan 4.5.0 → 4.6.0

package/dist/core/ast.js

@@ -1,5 +1,7 @@
-import { parse } from '@babel/parser';
-import path from 'node:path';
+import { extractFunctionsFromBabel } from './astFunctionCollector.js';
+import { visitTopLevel } from './astModuleSignals.js';
+import { isParseable, parseBabelFile } from './astParser.js';
+import { collectProgramSignals } from './astProgramSignals.js';
 const EMPTY = {
     ok: false,
     reason: 'unparsed',
@@ -10,15 +12,11 @@ const EMPTY = {
     cyclomaticComplexity: 0,
     functions: [],
 };
-const SOURCE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs', '.mts', '.cts']);
-/** Is this a file we should try to AST-parse at all? */
-export function isParseable(filePath) {
-    return SOURCE_EXTENSIONS.has(path.extname(filePath).toLowerCase());
-}
+export { isParseable } from './astParser.js';
 /**
  * Parse a source file and extract imports, exports, and call sites.
  *
- * Uses @babel/parser with generous options so we accept real-world code:
+ * Uses the Babel parser helper with generous options so we accept real-world code:
  * TypeScript, JSX, decorators, top-level await, class properties, etc.
  *
  * Failures return ok:false with a reason - callers decide whether to fall
@@ -28,77 +26,17 @@ export function parseSource(filePath, content) {
     if (!isParseable(filePath)) {
         return { ...EMPTY, reason: 'non-source extension' };
     }
-    const ext = path.extname(filePath).toLowerCase();
-    const isTypeScript = ext === '.ts' || ext === '.tsx' || ext === '.mts' || ext === '.cts';
-    const isJSX = ext === '.tsx' || ext === '.jsx';
-    const plugins = [];
-    if (isTypeScript)
-        plugins.push('typescript');
-    if (isJSX)
-        plugins.push('jsx');
-    plugins.push('decorators-legacy', 'dynamicImport', 'topLevelAwait');
-    let ast;
-    try {
-        ast = parse(content, {
-            sourceType: 'module',
-            allowImportExportEverywhere: true,
-            allowAwaitOutsideFunction: true,
-            allowReturnOutsideFunction: true,
-            allowSuperOutsideMethod: true,
-            errorRecovery: true,
-            plugins,
-        });
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        return { ...EMPTY, reason: `parse error: ${msg.slice(0, 120)}` };
-    }
+    const parsed = parseBabelFile(filePath, content);
+    if (!parsed.ok)
+        return { ...EMPTY, reason: parsed.reason };
+    const ast = parsed.ast;
     const imports = [];
     const exports = [];
     const callSites = [];
-    let decisionPoints = 0;
     for (const node of ast.program.body) {
         visitTopLevel(node, imports, exports);
     }
-    // Second pass: extract dynamic imports + call sites + cyclomatic decision
-    // points. Walk the whole tree (cheap - we already have the AST in memory).
-    walk(ast.program, (n) => {
-        if (n.type === 'CallExpression') {
-            const callee = n.callee;
-            if (callee.type === 'Identifier') {
-                callSites.push(callee.name);
-            }
-            else if (callee.type === 'MemberExpression' && callee.property.type === 'Identifier') {
-                callSites.push(callee.property.name);
-            }
-            else if (callee.type === 'Import' &&
-                n.arguments[0] &&
-                n.arguments[0].type === 'StringLiteral') {
-                imports.push({
-                    source: n.arguments[0].value,
-                    kind: 'dynamic',
-                    specifiers: [],
-                    typeOnly: false,
-                    line: n.loc?.start.line ?? 0,
-                });
-            }
-            // CommonJS require()
-            if (callee.type === 'Identifier' &&
-                callee.name === 'require' &&
-                n.arguments[0] &&
-                n.arguments[0].type === 'StringLiteral') {
-                imports.push({
-                    source: n.arguments[0].value,
-                    kind: 'require',
-                    specifiers: [],
-                    typeOnly: false,
-                    line: n.loc?.start.line ?? 0,
-                });
-            }
-        }
-        if (isDecisionPoint(n))
-            decisionPoints++;
-    });
+    const decisionPoints = collectProgramSignals(ast.program, imports, callSites);
     const functions = extractFunctionsFromBabel(ast.program);
     return {
         ok: true,
@@ -110,568 +48,4 @@ export function parseSource(filePath, content) {
         functions,
     };
 }
-/**
- * Walk a Babel program and emit one FunctionInfo per function-like node:
- * FunctionDeclaration, FunctionExpression, ArrowFunctionExpression,
- * ClassMethod, ObjectMethod. Each function's CC is computed over its own
- * body only - decision points inside a nested function belong to that
- * nested function, not its parent. This matches eslint's `complexity` rule
- * and most static analyzers.
- */
-function extractFunctionsFromBabel(program) {
-    const out = [];
-    collectFunctions(program, null, null, out, null);
-    return out;
-}
-const FUNCTION_TYPES = new Set([
-    'FunctionDeclaration',
-    'FunctionExpression',
-    'ArrowFunctionExpression',
-    'ClassMethod',
-    'ObjectMethod',
-    'ClassPrivateMethod',
-]);
-function isFunctionNode(n) {
-    return FUNCTION_TYPES.has(n.type);
-}
-function collectFunctions(node, parentClassName, bindingName, out, contextualCallSite) {
-    if (!node || typeof node !== 'object')
-        return;
-    if (isFunctionNode(node)) {
-        const name = nameForFunctionNode(node, parentClassName, bindingName);
-        const line = node.loc?.start.line ?? 0;
-        const endLine = node.loc?.end.line ?? line;
-        const { cc, callSites, memberCallSites, directCallSites, memberAliases, memberReferences, references, } = analyzeBabelBody(node);
-        const parameters = functionParamNames(node);
-        out.push({
-            name,
-            line,
-            endLine,
-            cyclomaticComplexity: cc,
-            callSites,
-            memberCallSites,
-            directCallSites,
-            memberAliases,
-            memberReferences,
-            parameters,
-            ...(contextualCallSite ? { contextualCallSite } : {}),
-            references,
-        });
-        // Recurse into nested functions so they emit their own entries. The body
-        // walker (`countCcInBody`) skips nested functions for CC, but we still need
-        // to descend the whole tree to find all functions.
-        descendForNestedFunctions(node, parentClassName, out);
-        return;
-    }
-    // Track context so nested functions get a useful name.
-    if (node.type === 'ClassDeclaration' || node.type === 'ClassExpression') {
-        const className = node.id?.name ?? null;
-        const body = node.body;
-        if (body)
-            collectFunctions(body, className, null, out, null);
-        return;
-    }
-    if (node.type === 'VariableDeclarator') {
-        const id = node.id;
-        const init = node.init;
-        const name = id && id.type === 'Identifier' ? (id.name ?? null) : null;
-        if (init)
-            collectFunctions(init, parentClassName, name, out, null);
-        return;
-    }
-    if (node.type === 'AssignmentExpression') {
-        const left = node.left;
-        const right = node.right;
-        const name = left && left.type === 'Identifier' ? (left.name ?? null) : null;
-        if (right)
-            collectFunctions(right, parentClassName, name, out, null);
-        return;
-    }
-    if (node.type === 'ExportDefaultDeclaration') {
-        const decl = node.declaration;
-        if (decl)
-            collectFunctions(decl, parentClassName, 'default', out, null);
-        return;
-    }
-    const callContext = callExpressionContext(node);
-    if (callContext) {
-        const args = node.arguments ?? [];
-        for (const arg of args) {
-            if (arg && typeof arg === 'object' && 'type' in arg) {
-                collectFunctions(arg, parentClassName, null, out, callContext);
-            }
-        }
-        return;
-    }
-    for (const key of Object.keys(node)) {
-        if (key === 'loc' || key === 'range' || key === 'leadingComments' || key === 'trailingComments')
-            continue;
-        const child = node[key];
-        if (!child)
-            continue;
-        if (Array.isArray(child)) {
-            for (const item of child) {
-                if (item && typeof item === 'object' && 'type' in item) {
-                    collectFunctions(item, parentClassName, null, out, null);
-                }
-            }
-        }
-        else if (typeof child === 'object' && 'type' in child) {
-            collectFunctions(child, parentClassName, null, out, null);
-        }
-    }
-}
-function callExpressionContext(node) {
-    if (node.type !== 'CallExpression' &&
-        node.type !== 'OptionalCallExpression' &&
-        node.type !== 'NewExpression') {
-        return null;
-    }
-    const callee = node.callee;
-    return babelQualifiedMemberName(callee) ?? babelCalleeName(callee);
-}
-function descendForNestedFunctions(fnNode, parentClassName, out) {
-    const body = fnNode.body;
-    if (!body)
-        return;
-    // Body of a function expression/declaration is a BlockStatement (or, for
-    // arrows, possibly an Expression). Either way, walk it.
-    walkChildren(body, (child) => collectFunctions(child, parentClassName, null, out, null));
-}
-function nameForFunctionNode(node, parentClassName, bindingName) {
-    // FunctionDeclaration: function foo() {}
-    if (node.type === 'FunctionDeclaration') {
-        const id = node.id;
-        return id?.name ?? bindingName ?? '<anonymous>';
-    }
-    // ClassMethod / ObjectMethod / ClassPrivateMethod
-    if (node.type === 'ClassMethod' ||
-        node.type === 'ObjectMethod' ||
-        node.type === 'ClassPrivateMethod') {
-        const key = node.key;
-        let methodName = '<anonymous>';
-        if (key) {
-            if (key.type === 'Identifier')
-                methodName = key.name ?? '<anonymous>';
-            else if (key.type === 'StringLiteral')
-                methodName = key.value ?? '<anonymous>';
-            else if (key.type === 'PrivateName') {
-                const inner = key.id;
-                methodName = inner?.name ? `#${inner.name}` : '<anonymous>';
-            }
-        }
-        return parentClassName ? `${parentClassName}.${methodName}` : methodName;
-    }
-    // FunctionExpression with an inner id: const x = function named() {}
-    if (node.type === 'FunctionExpression') {
-        const id = node.id;
-        if (id?.name)
-            return id.name;
-    }
-    // Arrow / unnamed function expression: use the binding name if we have it.
-    return bindingName ?? '<anonymous>';
-}
-/**
- * Count McCabe decision points and collect call-site bare names in a
- * function body. Nested functions are opaque (their decisions and calls
- * belong to them). Used to populate per-function CC + fan-out.
- */
-function analyzeBabelBody(fnNode) {
-    const body = fnNode.body;
-    if (!body)
-        return {
-            cc: 1,
-            callSites: [],
-            memberCallSites: [],
-            directCallSites: [],
-            memberAliases: [],
-            memberReferences: [],
-            references: [],
-        };
-    let decisions = 0;
-    const calls = new Set();
-    const directCalls = new Set();
-    const memberCalls = new Set();
-    const aliases = new Set();
-    const memberRefs = new Set();
-    const refs = new Set();
-    // MemberExpression nodes that ARE in callee position get their rightmost
-    // identifier added to callSites instead of references — track them here so
-    // we can skip them during the read walk.
-    const calleeMembers = new Set();
-    walkSkippingNestedFunctions(body, (n) => {
-        if (isDecisionPoint(n)) {
-            decisions++;
-            return;
-        }
-        if (n.type === 'CallExpression' ||
-            n.type === 'OptionalCallExpression' ||
-            n.type === 'NewExpression') {
-            const callee = n.callee;
-            const name = babelCalleeName(callee);
-            if (name)
-                calls.add(name);
-            if (name && callee?.type === 'Identifier')
-                directCalls.add(name);
-            const memberName = babelQualifiedMemberName(callee);
-            if (memberName)
-                memberCalls.add(memberName);
-            if (callee &&
-                (callee.type === 'MemberExpression' || callee.type === 'OptionalMemberExpression')) {
-                calleeMembers.add(callee);
-            }
-        }
-        if (n.type === 'VariableDeclarator')
-            collectMemberAliases(n, aliases);
-        if (n.type === 'MemberExpression' || n.type === 'OptionalMemberExpression') {
-            if (calleeMembers.has(n))
-                return;
-            const qualified = babelQualifiedMemberName(n);
-            if (qualified)
-                memberRefs.add(qualified);
-            collectMemberReadIdents(n, refs);
-        }
-    });
-    return {
-        cc: decisions + 1,
-        callSites: [...calls],
-        memberCallSites: [...memberCalls],
-        directCallSites: [...directCalls],
-        memberAliases: [...aliases],
-        memberReferences: [...memberRefs],
-        references: [...refs],
-    };
-}
-function functionParamNames(fnNode) {
-    const params = fnNode.params ?? [];
-    const out = new Set();
-    for (const param of params) {
-        const name = bindingIdentifierName(param);
-        if (name)
-            out.add(name);
-    }
-    return [...out];
-}
-function bindingIdentifierName(node) {
-    if (!node)
-        return null;
-    if (node.type === 'Identifier')
-        return node.name ?? null;
-    if (node.type === 'AssignmentPattern') {
-        return bindingIdentifierName(node.left);
-    }
-    if (node.type === 'RestElement') {
-        return bindingIdentifierName(node.argument);
-    }
-    return null;
-}
-/**
- * Walk a member-expression chain (`a.b.c`, `req.body.x`, `process.env.SECRET`)
- * and add the rightmost ident of each link to `out`. Skips the leftmost root
- * (which is usually a binding name like `req` or `obj` — not interesting for
- * taint matching). Computed-property accesses (`a[i]`) contribute nothing.
- */
-function collectMemberReadIdents(node, out) {
-    let cur = node;
-    while (cur && (cur.type === 'MemberExpression' || cur.type === 'OptionalMemberExpression')) {
-        const m = cur;
-        if (!m.computed && m.property && m.property.type === 'Identifier') {
-            const name = m.property.name;
-            if (name)
-                out.add(name);
-        }
-        cur = m.object ?? null;
-    }
-}
-function collectMemberAliases(node, out) {
-    const decl = node;
-    if (!decl.id || decl.id.type !== 'ObjectPattern' || !decl.init)
-        return;
-    const objectName = babelQualifiedMemberName(decl.init) ?? babelCalleeName(decl.init);
-    if (!objectName)
-        return;
-    const properties = decl.id.properties ?? [];
-    for (const property of properties) {
-        if (!property || property.type !== 'ObjectProperty')
-            continue;
-        const prop = property;
-        if (prop.computed || !prop.key || !prop.value)
-            continue;
-        const keyName = babelMemberPropertyName(prop.key);
-        const aliasName = bindingIdentifierName(prop.value);
-        if (keyName && aliasName)
-            out.add(aliasName + '=' + objectName + '.' + keyName);
-    }
-}
-function babelCalleeName(node) {
-    if (!node)
-        return null;
-    if (node.type === 'Identifier')
-        return node.name ?? null;
-    if (node.type === 'MemberExpression' || node.type === 'OptionalMemberExpression') {
-        const property = node.property;
-        if (property)
-            return babelCalleeName(property);
-    }
-    return null;
-}
-function babelQualifiedMemberName(node) {
-    if (!node || (node.type !== 'MemberExpression' && node.type !== 'OptionalMemberExpression')) {
-        return null;
-    }
-    const member = node;
-    if (member.computed || !member.object || !member.property)
-        return null;
-    const objectName = babelMemberObjectName(member.object);
-    const propertyName = babelMemberPropertyName(member.property);
-    return objectName && propertyName ? `${objectName}.${propertyName}` : null;
-}
-function babelMemberObjectName(node) {
-    if (node.type === 'Identifier' || node.type === 'ThisExpression')
-        return babelCalleeName(node);
-    return babelQualifiedMemberName(node);
-}
-function babelMemberPropertyName(node) {
-    if (node.type === 'Identifier')
-        return node.name ?? null;
-    if (node.type === 'StringLiteral')
-        return node.value ?? null;
-    return null;
-}
-function walkChildren(node, visit) {
-    if (!node || typeof node !== 'object')
-        return;
-    for (const key of Object.keys(node)) {
-        if (key === 'loc' || key === 'range' || key === 'leadingComments' || key === 'trailingComments')
-            continue;
-        const child = node[key];
-        if (!child)
-            continue;
-        if (Array.isArray(child)) {
-            for (const item of child) {
-                if (item && typeof item === 'object' && 'type' in item)
-                    visit(item);
-            }
-        }
-        else if (typeof child === 'object' && 'type' in child) {
-            visit(child);
-        }
-    }
-}
-function walkSkippingNestedFunctions(node, visit) {
-    if (!node || typeof node !== 'object')
-        return;
-    visit(node);
-    for (const key of Object.keys(node)) {
-        if (key === 'loc' || key === 'range' || key === 'leadingComments' || key === 'trailingComments')
-            continue;
-        const child = node[key];
-        if (!child)
-            continue;
-        if (Array.isArray(child)) {
-            for (const item of child) {
-                if (item && typeof item === 'object' && 'type' in item) {
-                    if (isFunctionNode(item))
-                        continue;
-                    walkSkippingNestedFunctions(item, visit);
-                }
-            }
-        }
-        else if (typeof child === 'object' && 'type' in child) {
-            if (isFunctionNode(child))
-                continue;
-            walkSkippingNestedFunctions(child, visit);
-        }
-    }
-}
-/**
- * McCabe decision points for JavaScript/TypeScript. Default switch cases and
- * optional-chaining do NOT count - this matches eslint's `complexity` rule
- * and most static analyzers. The result is summed across the whole file
- * (module + all nested functions) and offset by +1 in the caller.
- */
-function isDecisionPoint(n) {
-    switch (n.type) {
-        case 'IfStatement':
-        case 'ConditionalExpression':
-        case 'ForStatement':
-        case 'ForInStatement':
-        case 'ForOfStatement':
-        case 'WhileStatement':
-        case 'DoWhileStatement':
-        case 'CatchClause':
-            return true;
-        case 'SwitchCase':
-            // Default case is the fall-through path, not a branch.
-            return n.test !== null;
-        case 'LogicalExpression': {
-            const op = n.operator;
-            return op === '&&' || op === '||' || op === '??';
-        }
-        default:
-            return false;
-    }
-}
-function visitTopLevel(node, imports, exports) {
-    switch (node.type) {
-        case 'ImportDeclaration': {
-            imports.push(importFromNode(node));
-            return;
-        }
-        case 'ExportNamedDeclaration': {
-            collectNamedExport(node, exports, imports);
-            return;
-        }
-        case 'ExportDefaultDeclaration': {
-            exports.push({
-                name: 'default',
-                kind: 'default',
-                typeOnly: false,
-                line: node.loc?.start.line ?? 0,
-            });
-            return;
-        }
-        case 'ExportAllDeclaration': {
-            const source = node.source.value;
-            imports.push({
-                source,
-                kind: 'reexport',
-                specifiers: [],
-                typeOnly: Boolean(node.exportKind === 'type'),
-                line: node.loc?.start.line ?? 0,
-            });
-            return;
-        }
-        default:
-            return;
-    }
-}
-function importFromNode(node) {
-    const specifiers = node.specifiers.map((s) => {
-        if (s.type === 'ImportDefaultSpecifier')
-            return 'default';
-        if (s.type === 'ImportNamespaceSpecifier')
-            return '*';
-        if (s.type === 'ImportSpecifier') {
-            const imported = s.imported;
-            if (imported.type === 'Identifier')
-                return imported.name;
-            return imported.value;
-        }
-        return '';
-    });
-    return {
-        source: node.source.value,
-        kind: 'static',
-        specifiers: specifiers.filter(Boolean),
-        typeOnly: node.importKind === 'type',
-        line: node.loc?.start.line ?? 0,
-    };
-}
-function collectNamedExport(node, exports, imports) {
-    // Re-export: export { X } from 'source'
-    if (node.source) {
-        imports.push({
-            source: node.source.value,
-            kind: 'reexport',
-            specifiers: node.specifiers
-                .map((s) => {
-                if (s.type === 'ExportSpecifier') {
-                    const exported = s.exported;
-                    return exported.type === 'Identifier'
-                        ? exported.name
-                        : exported.value;
-                }
-                return '';
-            })
-                .filter(Boolean),
-            typeOnly: node.exportKind === 'type',
-            line: node.loc?.start.line ?? 0,
-        });
-    }
-    // Inline declaration: export function foo() {} / export const x = ... / etc.
-    if (node.declaration) {
-        const typeOnly = node.exportKind === 'type';
-        const line = node.declaration.loc?.start.line ?? node.loc?.start.line ?? 0;
-        switch (node.declaration.type) {
-            case 'FunctionDeclaration': {
-                const name = node.declaration.id?.name;
-                if (name)
-                    exports.push({ name, kind: 'function', typeOnly, line });
-                return;
-            }
-            case 'ClassDeclaration': {
-                const name = node.declaration.id?.name;
-                if (name)
-                    exports.push({ name, kind: 'class', typeOnly, line });
-                return;
-            }
-            case 'VariableDeclaration': {
-                for (const decl of node.declaration.declarations) {
-                    if (decl.id.type === 'Identifier') {
-                        exports.push({ name: decl.id.name, kind: 'variable', typeOnly, line });
-                    }
-                }
-                return;
-            }
-            case 'TSInterfaceDeclaration': {
-                const name = node.declaration.id.name;
-                exports.push({ name, kind: 'interface', typeOnly: true, line });
-                return;
-            }
-            case 'TSTypeAliasDeclaration': {
-                const name = node.declaration.id.name;
-                exports.push({ name, kind: 'type', typeOnly: true, line });
-                return;
-            }
-            case 'TSEnumDeclaration': {
-                const name = node.declaration.id.name;
-                exports.push({ name, kind: 'enum', typeOnly, line });
-                return;
-            }
-            default:
-                return;
-        }
-    }
-    // Named re-export of local symbols: export { foo, bar }
-    for (const spec of node.specifiers) {
-        if (spec.type !== 'ExportSpecifier')
-            continue;
-        const exported = spec.exported;
-        const name = exported.type === 'Identifier' ? exported.name : exported.value;
-        exports.push({
-            name,
-            kind: 'unknown',
-            typeOnly: node.exportKind === 'type',
-            line: spec.loc?.start.line ?? node.loc?.start.line ?? 0,
-        });
-    }
-}
-/**
- * Lightweight AST walker. We only care about recursing through node properties
- * to find CallExpressions (for call sites + dynamic imports + require).
- * Avoids the full babel-traverse dependency.
- */
-function walk(node, visit) {
-    if (!node || typeof node !== 'object')
-        return;
-    visit(node);
-    for (const key of Object.keys(node)) {
-        if (key === 'loc' || key === 'range' || key === 'leadingComments' || key === 'trailingComments')
-            continue;
-        const child = node[key];
-        if (!child)
-            continue;
-        if (Array.isArray(child)) {
-            for (const item of child) {
-                if (item && typeof item === 'object' && 'type' in item) {
-                    walk(item, visit);
-                }
-            }
-        }
-        else if (typeof child === 'object' && 'type' in child) {
-            walk(child, visit);
-        }
-    }
-}
 //# sourceMappingURL=ast.js.map