projscan 4.5.0 → 4.7.0

package/dist/utils/config.js

@@ -1,53 +1,17 @@
-import fs from 'node:fs/promises';
-import path from 'node:path';
-const CONFIG_CANDIDATES = ['.projscanrc.json', '.projscanrc'];
-const PKG_KEY = 'projscan';
-const VALID_SEVERITIES = ['info', 'warning', 'error'];
+import { applyBaseRef, applyDisableRules, applyIgnore, applyMinScore } from './configBasics.js';
+import { applyHotspots } from './configHotspots.js';
+import { applyMonorepo } from './configMonorepo.js';
+import { applyReportPolicies } from './configReportPolicies.js';
+import { applyScan } from './configScan.js';
+import { applySeverityOverrides } from './configSeverity.js';
+import { loadConfigSource } from './configSources.js';
+import { applyTaint } from './configTaint.js';
+export { applyConfigToIssues } from './configIssueRules.js';
 export async function loadConfig(rootPath, explicitPath) {
-    if (explicitPath) {
-        const resolved = path.isAbsolute(explicitPath)
-            ? explicitPath
-            : path.join(rootPath, explicitPath);
-        const raw = await fs.readFile(resolved, 'utf-8');
-        const parsed = safeParse(raw, resolved);
-        return { config: normalize(parsed), source: resolved };
-    }
-    for (const name of CONFIG_CANDIDATES) {
-        const candidate = path.join(rootPath, name);
-        let raw;
-        try {
-            raw = await fs.readFile(candidate, 'utf-8');
-        }
-        catch {
-            // File not present - try next candidate.
-            continue;
-        }
-        const parsed = safeParse(raw, candidate);
-        return { config: normalize(parsed), source: candidate };
-    }
-    // Try package.json "projscan" key
-    const pkgPath = path.join(rootPath, 'package.json');
-    try {
-        const raw = await fs.readFile(pkgPath, 'utf-8');
-        const pkg = JSON.parse(raw);
-        const embedded = pkg[PKG_KEY];
-        if (embedded && typeof embedded === 'object') {
-            return { config: normalize(embedded), source: `${pkgPath}#${PKG_KEY}` };
-        }
-    }
-    catch {
-        // No package.json or unreadable
-    }
-    return { config: {}, source: null };
-}
-function safeParse(raw, filePath) {
-    try {
-        return JSON.parse(raw);
-    }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        throw new Error(`Invalid JSON in ${filePath}: ${msg}`, { cause: err });
-    }
+    const source = await loadConfigSource(rootPath, explicitPath);
+    if (!source)
+        return { config: {}, source: null };
+    return { config: normalize(source.value), source: source.source };
 }
 function normalize(input) {
     if (!input || typeof input !== 'object')
@@ -66,166 +30,4 @@ function normalize(input) {
     applyTaint(obj, out);
     return out;
 }
-function applyTaint(obj, out) {
-    if (!obj.taint || typeof obj.taint !== 'object')
-        return;
-    const t = obj.taint;
-    const taint = {};
-    if (Array.isArray(t.sources)) {
-        taint.sources = t.sources.filter((v) => typeof v === 'string' && v.length > 0);
-    }
-    if (Array.isArray(t.sinks)) {
-        taint.sinks = t.sinks.filter((v) => typeof v === 'string' && v.length > 0);
-    }
-    if (Object.keys(taint).length)
-        out.taint = taint;
-}
-function applyMinScore(obj, out) {
-    if (typeof obj.minScore === 'number' && Number.isFinite(obj.minScore)) {
-        out.minScore = Math.max(0, Math.min(100, Math.floor(obj.minScore)));
-    }
-}
-function applyBaseRef(obj, out) {
-    if (typeof obj.baseRef === 'string' && obj.baseRef.trim()) {
-        out.baseRef = obj.baseRef.trim();
-    }
-}
-function applyHotspots(obj, out) {
-    if (!obj.hotspots || typeof obj.hotspots !== 'object')
-        return;
-    const h = obj.hotspots;
-    const hotspots = {};
-    if (typeof h.limit === 'number' && Number.isFinite(h.limit)) {
-        hotspots.limit = Math.max(1, Math.min(100, Math.floor(h.limit)));
-    }
-    if (typeof h.since === 'string' && h.since.trim()) {
-        hotspots.since = h.since.trim();
-    }
-    if (Object.keys(hotspots).length)
-        out.hotspots = hotspots;
-}
-function applyIgnore(obj, out) {
-    if (!Array.isArray(obj.ignore))
-        return;
-    out.ignore = obj.ignore.filter((v) => typeof v === 'string' && v.length > 0);
-}
-function applyScan(obj, out) {
-    if (!obj.scan || typeof obj.scan !== 'object')
-        return;
-    const raw = obj.scan;
-    const scan = {};
-    if (typeof raw.includeIgnored === 'boolean')
-        scan.includeIgnored = raw.includeIgnored;
-    if (typeof raw.scanEnvValues === 'boolean')
-        scan.scanEnvValues = raw.scanEnvValues;
-    if (typeof raw.offline === 'boolean')
-        scan.offline = raw.offline;
-    if (Object.keys(scan).length)
-        out.scan = scan;
-}
-function applyDisableRules(obj, out) {
-    if (!Array.isArray(obj.disableRules))
-        return;
-    out.disableRules = obj.disableRules.filter((v) => typeof v === 'string' && v.length > 0);
-}
-function applySeverityOverrides(obj, out) {
-    if (!obj.severityOverrides || typeof obj.severityOverrides !== 'object')
-        return;
-    const raw = obj.severityOverrides;
-    const overrides = {};
-    for (const [key, val] of Object.entries(raw)) {
-        if (typeof val === 'string' && VALID_SEVERITIES.includes(val)) {
-            overrides[key] = val;
-        }
-    }
-    if (Object.keys(overrides).length)
-        out.severityOverrides = overrides;
-}
-function applyReportPolicies(obj, out) {
-    if (!obj.reportPolicies ||
-        typeof obj.reportPolicies !== 'object' ||
-        Array.isArray(obj.reportPolicies)) {
-        return;
-    }
-    const raw = obj.reportPolicies;
-    const policies = {};
-    for (const [rawName, rawPolicy] of Object.entries(raw)) {
-        const name = rawName.trim();
-        const policy = name ? normalizeReportPolicy(rawPolicy) : null;
-        if (policy)
-            policies[name] = policy;
-    }
-    if (Object.keys(policies).length > 0)
-        out.reportPolicies = policies;
-}
-function normalizeReportPolicy(rawPolicy) {
-    if (!rawPolicy || typeof rawPolicy !== 'object' || Array.isArray(rawPolicy))
-        return null;
-    const entry = rawPolicy;
-    const policy = {};
-    if (Array.isArray(entry.reportScope)) {
-        const scopes = entry.reportScope.filter((v) => typeof v === 'string' && v.length > 0);
-        if (scopes.length > 0)
-            policy.reportScope = scopes;
-    }
-    if (typeof entry.redactPaths === 'boolean')
-        policy.redactPaths = entry.redactPaths;
-    return Object.keys(policy).length > 0 ? policy : null;
-}
-function applyMonorepo(obj, out) {
-    if (!obj.monorepo || typeof obj.monorepo !== 'object')
-        return;
-    const m = obj.monorepo;
-    const monorepo = {};
-    if (Array.isArray(m.importPolicy)) {
-        const rules = parseImportPolicyRules(m.importPolicy);
-        if (rules.length > 0)
-            monorepo.importPolicy = rules;
-    }
-    if (Object.keys(monorepo).length)
-        out.monorepo = monorepo;
-}
-function parseImportPolicyRules(raw) {
-    const rules = [];
-    for (const entry of raw) {
-        if (!entry || typeof entry !== 'object')
-            continue;
-        const e = entry;
-        if (typeof e.from !== 'string' || !e.from)
-            continue;
-        const rule = { from: e.from };
-        if (Array.isArray(e.allow)) {
-            rule.allow = e.allow.filter((v) => typeof v === 'string');
-        }
-        if (Array.isArray(e.deny)) {
-            rule.deny = e.deny.filter((v) => typeof v === 'string');
-        }
-        if (rule.allow || rule.deny)
-            rules.push(rule);
-    }
-    return rules;
-}
-/**
- * Apply config rules to a list of issues:
- * - drop issues whose id matches any disableRules entry (exact match or prefix with trailing "*")
- * - remap severities via severityOverrides (exact id match wins)
- */
-export function applyConfigToIssues(issues, config) {
-    const disabled = config.disableRules ?? [];
-    const overrides = config.severityOverrides ?? {};
-    return issues
-        .filter((issue) => !isRuleDisabled(issue.id, disabled))
-        .map((issue) => overrides[issue.id] && overrides[issue.id] !== issue.severity
-        ? { ...issue, severity: overrides[issue.id] }
-        : issue);
-}
-function isRuleDisabled(id, disabled) {
-    for (const rule of disabled) {
-        if (rule === id)
-            return true;
-        if (rule.endsWith('*') && id.startsWith(rule.slice(0, -1)))
-            return true;
-    }
-    return false;
-}
 //# sourceMappingURL=config.js.map

package/dist/utils/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAS7B,MAAM,iBAAiB,GAAG,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAC9D,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,MAAM,gBAAgB,GAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAEvE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,YAAqB;IACtE,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,QAAgB;IAC9C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACjC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,GAA4B,EAAE,GAAmB;IACnE,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO;IACxD,MAAM,CAAC,GAAG,GAAG,CAAC,KAAgC,CAAC;IAC/C,MAAM,KAAK,GAAyC,EAAE,CAAC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;AACnD,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B,EAAE,GAAmB;IACtE,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAA4B,EAAE,GAAmB;IACrE,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B,EAAE,GAAmB;IACtE,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO;IAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;IAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;IAC7D,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAClD,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5D,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B,EAAE,GAAmB;IACpE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO;IACvC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,SAAS,SAAS,CAAC,GAA4B,EAAE,GAAmB;IAClE,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO;IACtD,MAAM,GAAG,GAAG,GAAG,CAAC,IAA+B,CAAC;IAChD,MAAM,IAAI,GAAwC,EAAE,CAAC;IACrD,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,SAAS;QAAE,IAAI,CAAC,cAAc,GAAG,GAAG,CAAC,cAAc,CAAC;IACtF,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,SAAS;QAAE,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IACnF,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IACjE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;AAChD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAA4B,EAAE,GAAmB;IAC1E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO;IAC7C,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CACxC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,GAA4B,EAAE,GAAmB;IAC/E,IAAI,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ;QAAE,OAAO;IAChF,MAAM,GAAG,GAAG,GAAG,CAAC,iBAA4C,CAAC;IAC7D,MAAM,SAAS,GAAkC,EAAE,CAAC;IACpD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAK,gBAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5E,SAAS,CAAC,GAAG,CAAC,GAAG,GAAoB,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,iBAAiB,GAAG,SAAS,CAAC;AACvE,CAAC;AAED,SAAS,mBAAmB,CAAC,GAA4B,EAAE,GAAmB;IAC5E,IACE,CAAC,GAAG,CAAC,cAAc;QACnB,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ;QACtC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EACjC,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,cAAyC,CAAC;IAC1D,MAAM,QAAQ,GAAuC,EAAE,CAAC;IAExD,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9D,IAAI,MAAM;YAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;IACtC,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,CAAC,cAAc,GAAG,QAAQ,CAAC;AACtE,CAAC;AAED,SAAS,qBAAqB,CAAC,SAAkB;IAC/C,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACzF,MAAM,KAAK,GAAG,SAAoC,CAAC;IACnD,MAAM,MAAM,GAAuB,EAAE,CAAC;IACtC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CACrC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;QACF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC;IACrD,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,SAAS;QAAE,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IACnF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC;AAED,SAAS,aAAa,CAAC,GAA4B,EAAE,GAAmB;IACtE,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO;IAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;IAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;IAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,sBAAsB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5D,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAc;IAC5C,MAAM,KAAK,GAAuB,EAAE,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,GAAG,EAAE,CAAC;QACxB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAClD,MAAM,CAAC,GAAG,KAAgC,CAAC;QAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,IAAI;YAAE,SAAS;QACpD,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAe,EAAE,MAAsB;IACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAEjD,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACb,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,QAAQ;QAC3D,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE;QAC7C,CAAC,CAAC,KAAK,CACV,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,EAAU,EAAE,QAAkB;IACpD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAChG,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,YAAqB;IACtE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACjC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/utils/configBasics.d.ts

@@ -0,0 +1,5 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyMinScore(obj: Record<string, unknown>, out: ProjscanConfig): void;
+export declare function applyBaseRef(obj: Record<string, unknown>, out: ProjscanConfig): void;
+export declare function applyIgnore(obj: Record<string, unknown>, out: ProjscanConfig): void;
+export declare function applyDisableRules(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configBasics.js

@@ -0,0 +1,21 @@
+export function applyMinScore(obj, out) {
+    if (typeof obj.minScore === 'number' && Number.isFinite(obj.minScore)) {
+        out.minScore = Math.max(0, Math.min(100, Math.floor(obj.minScore)));
+    }
+}
+export function applyBaseRef(obj, out) {
+    if (typeof obj.baseRef === 'string' && obj.baseRef.trim()) {
+        out.baseRef = obj.baseRef.trim();
+    }
+}
+export function applyIgnore(obj, out) {
+    if (!Array.isArray(obj.ignore))
+        return;
+    out.ignore = obj.ignore.filter((v) => typeof v === 'string' && v.length > 0);
+}
+export function applyDisableRules(obj, out) {
+    if (!Array.isArray(obj.disableRules))
+        return;
+    out.disableRules = obj.disableRules.filter((v) => typeof v === 'string' && v.length > 0);
+}
+//# sourceMappingURL=configBasics.js.map

package/dist/utils/configBasics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configBasics.js","sourceRoot":"","sources":["../../src/utils/configBasics.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa,CAAC,GAA4B,EAAE,GAAmB;IAC7E,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAA4B,EAAE,GAAmB;IAC5E,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACnC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAA4B,EAAE,GAAmB;IAC3E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO;IACvC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAA4B,EAAE,GAAmB;IACjF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO;IAC7C,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CACxC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;AACJ,CAAC"}

package/dist/utils/configHotspots.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyHotspots(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configHotspots.js

@@ -0,0 +1,15 @@
+export function applyHotspots(obj, out) {
+    if (!obj.hotspots || typeof obj.hotspots !== 'object')
+        return;
+    const h = obj.hotspots;
+    const hotspots = {};
+    if (typeof h.limit === 'number' && Number.isFinite(h.limit)) {
+        hotspots.limit = Math.max(1, Math.min(100, Math.floor(h.limit)));
+    }
+    if (typeof h.since === 'string' && h.since.trim()) {
+        hotspots.since = h.since.trim();
+    }
+    if (Object.keys(hotspots).length)
+        out.hotspots = hotspots;
+}
+//# sourceMappingURL=configHotspots.js.map

package/dist/utils/configHotspots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configHotspots.js","sourceRoot":"","sources":["../../src/utils/configHotspots.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa,CAAC,GAA4B,EAAE,GAAmB;IAC7E,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO;IAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;IAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;IAC7D,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAClD,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5D,CAAC"}

package/dist/utils/configIssueRules.d.ts

@@ -0,0 +1,8 @@
+import type { Issue } from '../types/common.js';
+import type { ProjscanConfig } from '../types/config.js';
+/**
+ * Apply config rules to a list of issues:
+ * - drop issues whose id matches any disableRules entry (exact match or prefix with trailing "*")
+ * - remap severities via severityOverrides (exact id match wins)
+ */
+export declare function applyConfigToIssues(issues: Issue[], config: ProjscanConfig): Issue[];

package/dist/utils/configIssueRules.js

@@ -0,0 +1,24 @@
+/**
+ * Apply config rules to a list of issues:
+ * - drop issues whose id matches any disableRules entry (exact match or prefix with trailing "*")
+ * - remap severities via severityOverrides (exact id match wins)
+ */
+export function applyConfigToIssues(issues, config) {
+    const disabled = config.disableRules ?? [];
+    const overrides = config.severityOverrides ?? {};
+    return issues
+        .filter((issue) => !isRuleDisabled(issue.id, disabled))
+        .map((issue) => overrides[issue.id] && overrides[issue.id] !== issue.severity
+        ? { ...issue, severity: overrides[issue.id] }
+        : issue);
+}
+function isRuleDisabled(id, disabled) {
+    for (const rule of disabled) {
+        if (rule === id)
+            return true;
+        if (rule.endsWith('*') && id.startsWith(rule.slice(0, -1)))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=configIssueRules.js.map

package/dist/utils/configIssueRules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configIssueRules.js","sourceRoot":"","sources":["../../src/utils/configIssueRules.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAe,EAAE,MAAsB;IACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAEjD,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACb,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,QAAQ;QAC3D,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE;QAC7C,CAAC,CAAC,KAAK,CACV,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,EAAU,EAAE,QAAkB;IACpD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/utils/configMonorepo.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyMonorepo(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configMonorepo.js

@@ -0,0 +1,38 @@
+export function applyMonorepo(obj, out) {
+    if (!obj.monorepo || typeof obj.monorepo !== 'object')
+        return;
+    const m = obj.monorepo;
+    const monorepo = {};
+    if (Array.isArray(m.importPolicy)) {
+        const rules = parseImportPolicyRules(m.importPolicy);
+        if (rules.length > 0)
+            monorepo.importPolicy = rules;
+    }
+    if (Object.keys(monorepo).length)
+        out.monorepo = monorepo;
+}
+function parseImportPolicyRules(raw) {
+    return raw.map(parseImportPolicyRule).filter(isImportPolicyRule);
+}
+function parseImportPolicyRule(entry) {
+    if (!entry || typeof entry !== 'object')
+        return null;
+    const e = entry;
+    if (typeof e.from !== 'string' || !e.from)
+        return null;
+    const rule = { from: e.from };
+    const allow = stringList(e.allow);
+    const deny = stringList(e.deny);
+    if (allow)
+        rule.allow = allow;
+    if (deny)
+        rule.deny = deny;
+    return rule.allow || rule.deny ? rule : null;
+}
+function stringList(value) {
+    return Array.isArray(value) ? value.filter((v) => typeof v === 'string') : null;
+}
+function isImportPolicyRule(rule) {
+    return rule !== null;
+}
+//# sourceMappingURL=configMonorepo.js.map

package/dist/utils/configMonorepo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configMonorepo.js","sourceRoot":"","sources":["../../src/utils/configMonorepo.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa,CAAC,GAA4B,EAAE,GAAmB;IAC7E,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO;IAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;IAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;IAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,sBAAsB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5D,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAc;IAC5C,OAAO,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,CAAC,GAAG,KAAgC,CAAC;IAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvD,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,KAAK;QAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAC9B,IAAI,IAAI;QAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IAC3B,OAAO,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/F,CAAC;AAED,SAAS,kBAAkB,CAAC,IAA6B;IACvD,OAAO,IAAI,KAAK,IAAI,CAAC;AACvB,CAAC"}

package/dist/utils/configReportPolicies.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyReportPolicies(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configReportPolicies.js

@@ -0,0 +1,32 @@
+export function applyReportPolicies(obj, out) {
+    if (!obj.reportPolicies ||
+        typeof obj.reportPolicies !== 'object' ||
+        Array.isArray(obj.reportPolicies)) {
+        return;
+    }
+    const raw = obj.reportPolicies;
+    const policies = {};
+    for (const [rawName, rawPolicy] of Object.entries(raw)) {
+        const name = rawName.trim();
+        const policy = name ? normalizeReportPolicy(rawPolicy) : null;
+        if (policy)
+            policies[name] = policy;
+    }
+    if (Object.keys(policies).length > 0)
+        out.reportPolicies = policies;
+}
+function normalizeReportPolicy(rawPolicy) {
+    if (!rawPolicy || typeof rawPolicy !== 'object' || Array.isArray(rawPolicy))
+        return null;
+    const entry = rawPolicy;
+    const policy = {};
+    if (Array.isArray(entry.reportScope)) {
+        const scopes = entry.reportScope.filter((v) => typeof v === 'string' && v.length > 0);
+        if (scopes.length > 0)
+            policy.reportScope = scopes;
+    }
+    if (typeof entry.redactPaths === 'boolean')
+        policy.redactPaths = entry.redactPaths;
+    return Object.keys(policy).length > 0 ? policy : null;
+}
+//# sourceMappingURL=configReportPolicies.js.map

package/dist/utils/configReportPolicies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configReportPolicies.js","sourceRoot":"","sources":["../../src/utils/configReportPolicies.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,mBAAmB,CAAC,GAA4B,EAAE,GAAmB;IACnF,IACE,CAAC,GAAG,CAAC,cAAc;QACnB,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ;QACtC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EACjC,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,cAAyC,CAAC;IAC1D,MAAM,QAAQ,GAAuC,EAAE,CAAC;IAExD,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9D,IAAI,MAAM;YAAE,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;IACtC,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,CAAC,cAAc,GAAG,QAAQ,CAAC;AACtE,CAAC;AAED,SAAS,qBAAqB,CAAC,SAAkB;IAC/C,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACzF,MAAM,KAAK,GAAG,SAAoC,CAAC;IACnD,MAAM,MAAM,GAAuB,EAAE,CAAC;IACtC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CACrC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;QACF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC;IACrD,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,SAAS;QAAE,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IACnF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC"}

package/dist/utils/configScan.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyScan(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configScan.js

@@ -0,0 +1,15 @@
+export function applyScan(obj, out) {
+    if (!obj.scan || typeof obj.scan !== 'object')
+        return;
+    const raw = obj.scan;
+    const scan = {};
+    if (typeof raw.includeIgnored === 'boolean')
+        scan.includeIgnored = raw.includeIgnored;
+    if (typeof raw.scanEnvValues === 'boolean')
+        scan.scanEnvValues = raw.scanEnvValues;
+    if (typeof raw.offline === 'boolean')
+        scan.offline = raw.offline;
+    if (Object.keys(scan).length)
+        out.scan = scan;
+}
+//# sourceMappingURL=configScan.js.map

package/dist/utils/configScan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configScan.js","sourceRoot":"","sources":["../../src/utils/configScan.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,SAAS,CAAC,GAA4B,EAAE,GAAmB;IACzE,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO;IACtD,MAAM,GAAG,GAAG,GAAG,CAAC,IAA+B,CAAC;IAChD,MAAM,IAAI,GAAwC,EAAE,CAAC;IACrD,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,SAAS;QAAE,IAAI,CAAC,cAAc,GAAG,GAAG,CAAC,cAAc,CAAC;IACtF,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,SAAS;QAAE,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IACnF,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS;QAAE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IACjE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;AAChD,CAAC"}

package/dist/utils/configSeverity.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applySeverityOverrides(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configSeverity.js

@@ -0,0 +1,15 @@
+const VALID_SEVERITIES = ['info', 'warning', 'error'];
+export function applySeverityOverrides(obj, out) {
+    if (!obj.severityOverrides || typeof obj.severityOverrides !== 'object')
+        return;
+    const raw = obj.severityOverrides;
+    const overrides = {};
+    for (const [key, val] of Object.entries(raw)) {
+        if (typeof val === 'string' && VALID_SEVERITIES.includes(val)) {
+            overrides[key] = val;
+        }
+    }
+    if (Object.keys(overrides).length)
+        out.severityOverrides = overrides;
+}
+//# sourceMappingURL=configSeverity.js.map

package/dist/utils/configSeverity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configSeverity.js","sourceRoot":"","sources":["../../src/utils/configSeverity.ts"],"names":[],"mappings":"AAGA,MAAM,gBAAgB,GAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAEvE,MAAM,UAAU,sBAAsB,CACpC,GAA4B,EAC5B,GAAmB;IAEnB,IAAI,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ;QAAE,OAAO;IAChF,MAAM,GAAG,GAAG,GAAG,CAAC,iBAA4C,CAAC;IAC7D,MAAM,SAAS,GAAkC,EAAE,CAAC;IACpD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAK,gBAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5E,SAAS,CAAC,GAAG,CAAC,GAAG,GAAoB,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,iBAAiB,GAAG,SAAS,CAAC;AACvE,CAAC"}

package/dist/utils/configSources.d.ts

@@ -0,0 +1,5 @@
+export interface ConfigSource {
+    value: unknown;
+    source: string;
+}
+export declare function loadConfigSource(rootPath: string, explicitPath?: string): Promise<ConfigSource | null>;

package/dist/utils/configSources.js

@@ -0,0 +1,55 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+const CONFIG_CANDIDATES = ['.projscanrc.json', '.projscanrc'];
+const PKG_KEY = 'projscan';
+export async function loadConfigSource(rootPath, explicitPath) {
+    if (explicitPath)
+        return await loadExplicitConfigSource(rootPath, explicitPath);
+    const candidateSource = await loadCandidateConfigSource(rootPath);
+    if (candidateSource)
+        return candidateSource;
+    return await loadPackageConfigSource(rootPath);
+}
+async function loadExplicitConfigSource(rootPath, explicitPath) {
+    const resolved = path.isAbsolute(explicitPath) ? explicitPath : path.join(rootPath, explicitPath);
+    return { value: safeParse(await fs.readFile(resolved, 'utf-8'), resolved), source: resolved };
+}
+async function loadCandidateConfigSource(rootPath) {
+    for (const name of CONFIG_CANDIDATES) {
+        const candidate = path.join(rootPath, name);
+        let raw;
+        try {
+            raw = await fs.readFile(candidate, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        return { value: safeParse(raw, candidate), source: candidate };
+    }
+    return null;
+}
+async function loadPackageConfigSource(rootPath) {
+    const pkgPath = path.join(rootPath, 'package.json');
+    try {
+        const raw = await fs.readFile(pkgPath, 'utf-8');
+        const pkg = JSON.parse(raw);
+        const embedded = pkg[PKG_KEY];
+        if (embedded && typeof embedded === 'object') {
+            return { value: embedded, source: `${pkgPath}#${PKG_KEY}` };
+        }
+    }
+    catch {
+        return null;
+    }
+    return null;
+}
+function safeParse(raw, filePath) {
+    try {
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`Invalid JSON in ${filePath}: ${msg}`, { cause: err });
+    }
+}
+//# sourceMappingURL=configSources.js.map

package/dist/utils/configSources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configSources.js","sourceRoot":"","sources":["../../src/utils/configSources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,iBAAiB,GAAG,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAC9D,MAAM,OAAO,GAAG,UAAU,CAAC;AAO3B,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,YAAqB;IAErB,IAAI,YAAY;QAAE,OAAO,MAAM,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEhF,MAAM,eAAe,GAAG,MAAM,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IAClE,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,OAAO,MAAM,uBAAuB,CAAC,QAAQ,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,QAAgB,EAChB,YAAoB;IAEpB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAClG,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAChG,CAAC;AAED,KAAK,UAAU,yBAAyB,CAAC,QAAgB;IACvD,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,uBAAuB,CAAC,QAAgB;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,QAAgB;IAC9C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC"}

package/dist/utils/configTaint.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyTaint(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configTaint.js

@@ -0,0 +1,15 @@
+export function applyTaint(obj, out) {
+    if (!obj.taint || typeof obj.taint !== 'object')
+        return;
+    const t = obj.taint;
+    const taint = {};
+    if (Array.isArray(t.sources)) {
+        taint.sources = t.sources.filter((v) => typeof v === 'string' && v.length > 0);
+    }
+    if (Array.isArray(t.sinks)) {
+        taint.sinks = t.sinks.filter((v) => typeof v === 'string' && v.length > 0);
+    }
+    if (Object.keys(taint).length)
+        out.taint = taint;
+}
+//# sourceMappingURL=configTaint.js.map

package/dist/utils/configTaint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configTaint.js","sourceRoot":"","sources":["../../src/utils/configTaint.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,UAAU,CAAC,GAA4B,EAAE,GAAmB;IAC1E,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO;IACxD,MAAM,CAAC,GAAG,GAAG,CAAC,KAAgC,CAAC;IAC/C,MAAM,KAAK,GAAyC,EAAE,CAAC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM;QAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC;AACnD,CAAC"}