prscan 1.0.0

package/.vscode/launch.json

@@ -0,0 +1,14 @@
+{
+    "configurations": [
+        {
+            "name": "Launch Program",
+            "program": "${workspaceFolder}/dist/cli/cli.js",
+            "request": "launch",
+            "skipFiles": [
+                "<node_internals>/**"
+            ],
+            "type": "node",
+            "args": ["branch", "master", "feat-monad", "-r", "/Users/ru1n/proj/defi-insight-react"]
+        }
+    ]
+}

package/README.MD

@@ -0,0 +1,32 @@
+# NPM依赖检查
+## 检测规则
+### 使用最新且近期发布的NPM包
+#### 描述
+如果使用的NPM包是最新版，且发布时间小于1个月，则报异常
+#### 依据
+攻击者获取NPM包发布权限后，需要发布一个新NPM包以植入恶意代码，但安全社区往往能在一段时间内发现并发布安全通告
+
+### 访问危险的全局变量
+#### 描述
+使用babel解析js文件，并提取出js文件访问的所有全局变量。对于操作DOM、发起网络请求的全局变量发出告警，需要手工检查这些敏感调用点是否正常
+#### 依据
+从过往的恶意代码Payload来看，攻击者外带信息都是通过fetch，还没有做什么隐藏手段
+
+### 关键字检查
+#### 描述
+如果js文件内出现 ethereum 等关键字，则直接告警
+#### 依据
+非Crypto领域的NPM包不应该出现这类关键字，但从过往的恶意代码Payload看，有时会通过 ethereum 这一全局变量窃取信息
+
+## 使用
+目前支持PNPM, YARN等包管理工具，不支持处理默认的NPM包管理工具
+### CLI
+#### 在本地GIT仓库内使用
+通过对比2个分支的差异，确定NPM依赖变更，并做扫描
+```shell
+npx prscan branch <基础分支> <变更分支> -o <报告输出文件名, 默认输出到stdout> -r <仓库路径, 默认为当前路径>
+```
+#### 在远程GitHub仓库使用
+```shell
+npx prscan github <PR链接> -o <报告输出文件名, 默认输出到stdout> -t <GitHub TOKEN, 公开项目不需要>
+```

package/dist/bot/lark.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=lark.d.ts.map

package/dist/bot/lark.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lark.d.ts","sourceRoot":"","sources":["../../src/bot/lark.ts"],"names":[],"mappings":""}

package/dist/bot/lark.js

@@ -0,0 +1,156 @@
+// SDK 使用说明 SDK user guide：https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/nodejs-sdk/preparation-before-development
+import http from "http";
+import * as lark from "@larksuiteoapi/node-sdk";
+import { scanPRRisks } from "../tool/prscan.js";
+import { makeReportInMd, md2Img } from "../report/index.js";
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+const encryptKey = process.env.key;
+const verificationToken = process.env.token;
+const appId = process.env.id;
+const appSecret = process.env.secret;
+const bindPath = process.env.path || "/larkbot/event";
+const port = process.env.port || 12345;
+console.log("Lark Bot starting...");
+console.log("App ID:", appId);
+console.log("App Secret:", appSecret);
+console.log("Encrypt Key:", encryptKey);
+console.log("Verification Token:", verificationToken);
+console.log("Event Path:", bindPath);
+console.log("Listening on Port:", port);
+const client = new lark.Client({
+    appId: appId ?? "",
+    appSecret: appSecret ?? "",
+});
+// 注册事件 Register event
+const eventDispatcher = new lark.EventDispatcher({
+    logger: console,
+    loggerLevel: 5,
+    encryptKey: encryptKey ?? "",
+    verificationToken: verificationToken ?? "",
+}).register({
+    "im.message.receive_v1": async (data) => {
+        if (data.message.message_type !== "text") {
+            client.im.message.reply({
+                path: {
+                    message_id: data.message.message_id,
+                },
+                data: {
+                    content: JSON.stringify({
+                        text: "只支持文本消息，收到消息类型：" +
+                            data.message.message_type,
+                    }),
+                    msg_type: "text",
+                },
+            });
+            return "success";
+        }
+        const msg = JSON.parse(data.message.content).text;
+        // 提取PR链接
+        const prRegex = /(https:\/\/github\.com\/[^\s\/]+\/[^\s\/]+\/pull\/\d+)/g;
+        const prLinks = msg.match(prRegex);
+        if (prLinks == null || prLinks.length === 0) {
+            client.im.message.reply({
+                path: {
+                    message_id: data.message.message_id,
+                },
+                data: {
+                    content: JSON.stringify({ text: "未提取到PR链接" }),
+                    msg_type: "text",
+                },
+            });
+            return "success";
+        }
+        for (const prLink of prLinks) {
+            // 提取owner、repo、pr_number
+            const match = prLink.match(/https:\/\/github\.com\/([^\/]+)\/([^\/]+)\/pull\/(\d+)/);
+            if (match) {
+                const owner = match[1];
+                const repo = match[2];
+                const prNumber = match[3];
+                scanPRRisks(owner, repo, prNumber)
+                    .then((result) => {
+                    const report = makeReportInMd(result);
+                    client.im.message.reply({
+                        path: {
+                            message_id: data.message.message_id,
+                        },
+                        data: {
+                            content: JSON.stringify({
+                                zh_cn: {
+                                    title: `PR安全扫描结果 - ${owner}/${repo}#${prNumber}`,
+                                    content: [
+                                        [
+                                            {
+                                                tag: "text",
+                                                text: `摘要: ${report.abstract}\n详细结果见下图:`,
+                                            },
+                                            {
+                                                tag: "md",
+                                                text: report.report,
+                                            },
+                                        ],
+                                    ],
+                                },
+                            }),
+                            msg_type: "post",
+                        },
+                    });
+                })
+                    .catch((error) => {
+                    client.im.message.reply({
+                        path: {
+                            message_id: data.message.message_id,
+                        },
+                        data: {
+                            content: JSON.stringify({
+                                text: `扫描PR ${prLink} 失败: ${error.message}`,
+                            }),
+                            msg_type: "text",
+                        },
+                    });
+                });
+            }
+        }
+        // console.log(data);
+        // client.im.message.reply({
+        //     path: {
+        //       message_id: data.message.message_id,
+        //     },
+        //     data: {
+        //       content: JSON.stringify({"text": "收到消息：" + data.message.text}),
+        //       msg_type: "text"
+        //     }
+        // });
+        return "success";
+    },
+});
+const server = http.createServer();
+// 创建路由处理器 Create route handler
+server.on("request", lark.adaptDefault(bindPath, eventDispatcher, {
+    autoChallenge: true,
+}));
+server.listen(port);
+function createReadStreamFromBuffer(buffer, options = {}) {
+    // 在系统临时目录创建文件
+    const tempDir = os.tmpdir();
+    const tempFile = path.join(tempDir, `buffer-stream-${Date.now()}-${Math.random().toString(36).substr(2)}`);
+    // 同步写入临时文件
+    fs.writeFileSync(tempFile, buffer);
+    // 创建 read stream
+    const readStream = fs.createReadStream(tempFile, options);
+    // 自动清理临时文件
+    const cleanup = () => {
+        fs.unlink(tempFile, (err) => {
+            if (err && err.code !== "ENOENT") {
+                console.error("清理临时文件失败:", err);
+            }
+        });
+    };
+    readStream.on("close", cleanup);
+    readStream.on("error", cleanup);
+    readStream.on("end", cleanup);
+    return readStream;
+}
+//# sourceMappingURL=lark.js.map

package/dist/bot/lark.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lark.js","sourceRoot":"","sources":["../../src/bot/lark.ts"],"names":[],"mappings":"AAAA,0IAA0I;AAC1I,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,IAAI,MAAM,yBAAyB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;AACnC,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC;AAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AAC7B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;AACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,gBAAgB,CAAC;AACtD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,KAAK,CAAC;AAEvC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;AACpC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC9B,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AACtC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;AACxC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,iBAAiB,CAAC,CAAC;AACtD,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;AACrC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;AAExC,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC;IAC3B,KAAK,EAAE,KAAK,IAAI,EAAE;IAClB,SAAS,EAAE,SAAS,IAAI,EAAE;CAC7B,CAAC,CAAC;AAEH,sBAAsB;AACtB,MAAM,eAAe,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC;IAC7C,MAAM,EAAE,OAAO;IACf,WAAW,EAAE,CAAC;IACd,UAAU,EAAE,UAAU,IAAI,EAAE;IAC5B,iBAAiB,EAAE,iBAAiB,IAAI,EAAE;CAC7C,CAAC,CAAC,QAAQ,CAAC;IACR,uBAAuB,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACpC,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,KAAK,MAAM,EAAE,CAAC;YACvC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;gBACpB,IAAI,EAAE;oBACF,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;iBACtC;gBACD,IAAI,EAAE;oBACF,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;wBACpB,IAAI,EACA,iBAAiB;4BACjB,IAAI,CAAC,OAAO,CAAC,YAAY;qBAChC,CAAC;oBACF,QAAQ,EAAE,MAAM;iBACnB;aACJ,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAW,CAAC;QAEzD,SAAS;QACT,MAAM,OAAO,GACT,yDAAyD,CAAC;QAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;gBACpB,IAAI,EAAE;oBACF,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;iBACtC;gBACD,IAAI,EAAE;oBACF,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;oBAC7C,QAAQ,EAAE,MAAM;iBACnB;aACJ,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC3B,yBAAyB;YACzB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CACtB,wDAAwD,CAC3D,CAAC;YACF,IAAI,KAAK,EAAE,CAAC;gBACR,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAE1B,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC;qBAC7B,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;oBACb,MAAM,MAAM,GAAG,cAAc,CAAC,MAAO,CAAC,CAAC;oBAEvC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;wBACpB,IAAI,EAAE;4BACF,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;yBACtC;wBACD,IAAI,EAAE;4BACF,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;gCACpB,KAAK,EAAE;oCACH,KAAK,EAAE,cAAc,KAAK,IAAI,IAAI,IAAI,QAAQ,EAAE;oCAChD,OAAO,EAAE;wCACL;4CACI;gDACI,GAAG,EAAE,MAAM;gDACX,IAAI,EAAE,OAAO,MAAM,CAAC,QAAQ,YAAY;6CAC3C;4CACD;gDACI,GAAG,EAAE,IAAI;gDACT,IAAI,EAAE,MAAM,CAAC,MAAM;6CACtB;yCACJ;qCACJ;iCACJ;6BACJ,CAAC;4BACF,QAAQ,EAAE,MAAM;yBACnB;qBACJ,CAAC,CAAC;gBACP,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;oBACb,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;wBACpB,IAAI,EAAE;4BACF,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;yBACtC;wBACD,IAAI,EAAE;4BACF,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;gCACpB,IAAI,EAAE,QAAQ,MAAM,QAAQ,KAAK,CAAC,OAAO,EAAE;6BAC9C,CAAC;4BACF,QAAQ,EAAE,MAAM;yBACnB;qBACJ,CAAC,CAAC;gBACP,CAAC,CAAC,CAAC;YACX,CAAC;QACL,CAAC;QACD,qBAAqB;QAErB,4BAA4B;QAC5B,cAAc;QACd,6CAA6C;QAC7C,SAAS;QACT,cAAc;QACd,wEAAwE;QACxE,yBAAyB;QACzB,QAAQ;QACR,MAAM;QACN,OAAO,SAAS,CAAC;IACrB,CAAC;CACJ,CAAC,CAAC;AAEH,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;AACnC,+BAA+B;AAC/B,MAAM,CAAC,EAAE,CACL,SAAS,EACT,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,eAAe,EAAE;IACzC,aAAa,EAAE,IAAI;CACtB,CAAC,CACL,CAAC;AAEF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAEpB,SAAS,0BAA0B,CAAC,MAAc,EAAE,OAAO,GAAG,EAAE;IAC5D,cAAc;IACd,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACtB,OAAO,EACP,iBAAiB,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACxE,CAAC;IAEF,WAAW;IACX,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEnC,iBAAiB;IACjB,MAAM,UAAU,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAE1D,WAAW;IACX,MAAM,OAAO,GAAG,GAAG,EAAE;QACjB,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC/B,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACpC,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChC,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAE9B,OAAO,UAAU,CAAC;AACtB,CAAC"}

package/dist/cli/cli.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/cli/cli.ts"],"names":[],"mappings":""}

package/dist/cli/cli.js

@@ -0,0 +1,77 @@
+import { program } from "commander";
+import { execSync } from "child_process";
+import { scanByFileDiff, scanPRRisks } from "../tool/prscan.js";
+import { writeFileSync } from "fs";
+import { makeReportInMd } from "../report/index.js";
+program
+    .command("branch")
+    .description("根据分支文件变更分析NPM依赖变更")
+    .argument("<base>", "基础分支")
+    .argument("<head>", "变更分支")
+    .option("-r, --repo <repo>", "仓库路径", ".")
+    .option("-o, --output <output>", "输出文件路径，若不指定则输出到控制台", "")
+    .action(async (base, head, options) => {
+    console.log(`分析 ${options.repo} 仓库从 ${base} 到 ${head} 的变更`);
+    const output = execSync(`git diff --name-only ${base} ${head}`, { cwd: options.repo }).toString();
+    const files = [];
+    for (let line of output.split("\n")) {
+        line = line.trim();
+        if (line.endsWith("yarn.lock")) {
+            console.log(`  发现变更: ${line}`);
+        }
+        else if (line.endsWith("pnpm-lock.yaml")) {
+            console.log(`  发现变更: ${line}`);
+        }
+        else if (line.endsWith("package-lock.json")) {
+            console.error(`  发现变更: ${line} (暂不支持分析package-lock.json)`);
+            continue;
+        }
+        else {
+            continue;
+        }
+        const file1 = execSync(`git show ${base}:${line}`, { cwd: options.repo }).toString();
+        const file2 = execSync(`git show ${head}:${line}`, { cwd: options.repo }).toString();
+        files.push({
+            filename: line,
+            oldContent: file1,
+            newContent: file2,
+        });
+    }
+    const sr = await scanByFileDiff(files);
+    const report = makeReportInMd(sr);
+    if (options.output.length > 0) {
+        writeFileSync(options.output, report.report, { encoding: "utf-8" });
+        console.log(`分析报告已写入 ${options.output}`);
+    }
+    else {
+        console.log(report.report);
+    }
+});
+program.command("github").description("根据GitHub Pull Request分析NPM依赖变更")
+    .argument("<link>", "Pull Request链接")
+    .option("-t, --token <token>", "GitHub访问令牌", "")
+    .option("-o, --output <output>", "输出文件路径，若不指定则输出到控制台", "")
+    .action(async (link, options) => {
+    console.log(`分析 Pull Request: ${link}`);
+    const match = link.match(/https:\/\/github\.com\/([^\/]+)\/([^\/]+)\/pull\/(\d+)/);
+    if (match) {
+        const owner = match[1];
+        const repo = match[2];
+        const prNumber = match[3];
+        const sr = await scanPRRisks(owner, repo, parseInt(prNumber), options.token);
+        const report = makeReportInMd(sr);
+        if (options.output.length > 0) {
+            writeFileSync(options.output, report.report, { encoding: "utf-8" });
+            console.log(`分析报告已写入 ${options.output}`);
+        }
+        else {
+            console.log(report.report);
+        }
+    }
+    else {
+        console.error("无法解析Pull Request链接");
+        return;
+    }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO;KACF,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mBAAmB,CAAC;KAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KAC1B,MAAM,CAAC,mBAAmB,EAAE,MAAM,EAAE,GAAG,CAAC;KACxC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,EAAE,EAAE,CAAC;KACzD,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,OAAyC,EAAE,EAAE;IACpF,OAAO,CAAC,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,QAAQ,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,wBAAwB,IAAI,IAAI,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IAClG,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,KAAK,IAAI,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,KAAK,CAAC,WAAW,IAAI,4BAA4B,CAAC,CAAC;YAC3D,SAAS;QACb,CAAC;aAAM,CAAC;YACJ,SAAS;QACb,CAAC;QAED,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACrF,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,IAAI,IAAI,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QACrF,KAAK,CAAC,IAAI,CAAC;YACP,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,KAAK;YACjB,UAAU,EAAE,KAAK;SACpB,CAAC,CAAC;IACP,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;IAEvC,MAAM,MAAM,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;IAClC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAE5B,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;AACL,CAAC,CAAC,CAAC;AAEP,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,gCAAgC,CAAC;KAClE,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KACpC,MAAM,CAAC,qBAAqB,EAAE,YAAY,EAAE,EAAE,CAAC;KAC/C,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,EAAE,EAAE,CAAC;KACzD,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAA0C,EAAE,EAAE;IACvE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;IAExC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAChB,wDAAwD,CAC3D,CAAC;IACF,IAAI,KAAK,EAAE,CAAC;QACR,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1B,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,KAAM,EAAE,IAAK,EAAE,QAAQ,CAAC,QAAS,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QAChF,MAAM,MAAM,GAAG,cAAc,CAAC,EAAG,CAAC,CAAC;QACnC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACpC,OAAO;IACX,CAAC;AACT,CAAC,CAAC,CAAC;AAEP,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,46 @@
+import { Octokit } from "octokit";
+import { GitHubRepo } from "./util/repo.js";
+import { parseSyml } from '@yarnpkg/parsers';
+import { YarnLockParser } from "./util/parse.js";
+import { getNpmPackageInfo, getNpmPackageDownloadStats } from "./util/npm.js";
+import { scanPRRisks } from "./tool/prscan.js";
+import { makeReportInMd, md2Img } from "./report/index.js";
+import { writeFileSync } from "node:fs";
+// https://github.com/DeBankDeFi/defi-insight-react/pull/2323
+const pr = await scanPRRisks("DeBankDeFi", "defi-insight-react", 2323, "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");
+const r = makeReportInMd(pr);
+const img = await md2Img(r.report);
+if (img) {
+    writeFileSync("report.png", img);
+}
+console.log(r.abstract, "\n", r.report);
+// 取消注释来测试
+// await testNpmDownloads();
+// const repo = new GitHubRepo("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");
+// const prinfo = await repo.getPRInfo("RabbyHub", "rabby-mobile", 1082);
+// const prfiles = await repo.getPRChangedFiles("RabbyHub", "rabby-mobile", 1082, 100);
+// // console.log(prfiles);
+// for (let i = 0; i < prfiles.length; i++) {
+//     const file = prfiles[i]!;
+//     if (file.filename !== "yarn.lock") {
+//         continue;
+//     }
+//     if (file.status !== "modified") {
+//         continue;
+//     }
+//     const content = await repo.getTextFileContent(
+//         "RabbyHub",
+//         "rabby-mobile",
+//         file.filename,
+//         prinfo.head.sha
+//     );
+//     if (content === null) {
+//         console.log("Failed to fetch file content");
+//         continue;
+//     }
+//     const parser = new YarnLockParser(content);
+//     const deps = parser.getDependencies();
+//     console.log(YarnLockParser.deps2Set(deps));
+//     debugger
+// }
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAGxC,6DAA6D;AAE7D,MAAM,EAAE,GAAG,MAAM,WAAW,CACxB,YAAY,EACZ,oBAAoB,EACpB,IAAI,EACJ,+FAA+F,CAAC,CAAA;AAEpG,MAAM,CAAC,GAAG,cAAc,CAAC,EAAG,CAAC,CAAC;AAE9B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;AACnC,IAAI,GAAG,EAAE,CAAC;IACN,aAAa,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;AAGxC,UAAU;AACV,4BAA4B;AAG5B,gIAAgI;AAEhI,yEAAyE;AAEzE,uFAAuF;AACvF,2BAA2B;AAE3B,6CAA6C;AAC7C,gCAAgC;AAEhC,2CAA2C;AAC3C,oBAAoB;AACpB,QAAQ;AAER,wCAAwC;AACxC,oBAAoB;AACpB,QAAQ;AAER,qDAAqD;AACrD,sBAAsB;AACtB,0BAA0B;AAC1B,yBAAyB;AACzB,0BAA0B;AAC1B,SAAS;AAET,8BAA8B;AAC9B,uDAAuD;AACvD,oBAAoB;AACpB,QAAQ;AAER,kDAAkD;AAClD,6CAA6C;AAC7C,kDAAkD;AAClD,eAAe;AACf,IAAI"}

package/dist/report/index.d.ts

@@ -0,0 +1,7 @@
+import { type PRScanResult } from '../tool/prscan.js';
+export declare function makeReportInMd(sr: PRScanResult): {
+    report: string;
+    abstract: string;
+};
+export declare function md2Img(md: string): Promise<Buffer | null>;
+//# sourceMappingURL=index.d.ts.map

package/dist/report/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGtD,wBAAgB,cAAc,CAAC,EAAE,EAAE,YAAY,GAAG;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CACpB,CAmCA;AAED,wBAAsB,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAM/D"}

package/dist/report/index.js

@@ -0,0 +1,45 @@
+import {} from '../tool/prscan.js';
+import got from 'got';
+export function makeReportInMd(sr) {
+    const risksCount = sr.changedDeps.reduce((acc, dep) => acc + dep.risks.length, 0);
+    let abstract = "共有 " + sr.changedDeps.length + " 个依赖变更, 包含 " + risksCount + " 个风险";
+    let md = "# PR扫描结果\n";
+    md += `## 依赖变更\n\n`;
+    if (sr.changedDeps.length === 0) {
+        md += "无依赖变更\n";
+    }
+    else {
+        md += "```\n";
+        md += "| 依赖 | 版本 | 风险 | 下载 | 周下载量 | 最新版 |\n";
+        md += "|:---- |:---- |:---- |:---- |:---- |:---- |\n";
+        const depSorted = sr.changedDeps.sort((a, b) => b.risks.length - a.risks.length);
+        for (const dep of depSorted) {
+            md += `| ${dep.name} | ${dep.version} | ${dep.risks.length} | ${dep.packageInfo.versions[dep.version].dist.tarball} | ${dep.downloadInfo.downloads} | ${dep.packageInfo["dist-tags"].latest} |\n`;
+        }
+        md += "\n```\n\n";
+        md += "\n## 详细风险信息\n\n";
+        for (const dep of depSorted) {
+            if (dep.risks.length === 0) {
+                continue;
+            }
+            md += `### ${dep.name} @ ${dep.version}\n\n`;
+            for (const risk of dep.risks) {
+                md += `- **【${risk.level === "low" ? "低危" : (risk.level === "medium" ? "中危" : "高危")}】** ${risk.desc}:\n\n\`\`\`\n${risk.info}\n\`\`\`\n\n`;
+            }
+            md += "\n";
+        }
+    }
+    return {
+        report: md,
+        abstract
+    };
+}
+export async function md2Img(md) {
+    try {
+        return (await got(`https://readpo.com/p/${encodeURIComponent(md)}`)).rawBody;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/report/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/report/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,MAAM,mBAAmB,CAAC;AACtD,OAAO,GAAG,MAAM,KAAK,CAAC;AAEtB,MAAM,UAAU,cAAc,CAAC,EAAgB;IAI3C,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClF,IAAI,QAAQ,GAAG,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;IAEnF,IAAI,EAAE,GAAG,YAAY,CAAC;IACtB,EAAE,IAAI,aAAa,CAAC;IACpB,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,EAAE,IAAI,SAAS,CAAC;IACpB,CAAC;SAAM,CAAC;QACJ,EAAE,IAAI,OAAO,CAAC;QACd,EAAE,IAAI,sCAAsC,CAAC;QAC7C,EAAE,IAAI,+CAA+C,CAAC;QACtD,MAAM,SAAS,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjF,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC1B,EAAE,IAAI,KAAK,GAAG,CAAC,IAAI,MAAM,GAAG,CAAC,OAAO,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,MAAM,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,MAAM,GAAG,CAAC,YAAY,CAAC,SAAS,MAAM,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,MAAM,MAAM,CAAC;QACvM,CAAC;QACD,EAAE,IAAI,WAAW,CAAC;QAElB,EAAE,IAAI,iBAAiB,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC1B,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,SAAS;YACb,CAAC;YACD,EAAE,IAAI,OAAO,GAAG,CAAC,IAAI,MAAM,GAAG,CAAC,OAAO,MAAM,CAAC;YAC7C,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC3B,EAAE,IAAI,QAAQ,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,gBAAgB,IAAI,CAAC,IAAI,cAAc,CAAC;YAC/I,CAAC;YACD,EAAE,IAAI,IAAI,CAAC;QACf,CAAC;IACL,CAAC;IAED,OAAO;QACH,MAAM,EAAE,EAAE;QACV,QAAQ;KACX,CAAA;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,EAAU;IACnC,IAAI,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,wBAAwB,kBAAkB,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;IACjF,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC"}

package/dist/tool/prscan.d.ts

@@ -0,0 +1,72 @@
+import { type GlobalUsageMap } from "../util/analyze.js";
+import { type NpmDownloadStats, type NpmPackageInfo } from "../util/npm.js";
+export interface RelatedPackage {
+    package: NpmPackageInfo;
+    downloadInfo: NpmDownloadStats;
+}
+export declare abstract class BaseRisk {
+    abstract desc: string;
+    abstract level: "low" | "medium" | "high";
+    package: RelatedPackage;
+    info: string;
+    constructor(pkg: RelatedPackage, info: string);
+}
+export declare class VersionRisk extends BaseRisk {
+    desc: string;
+    level: "low" | "medium" | "high";
+    static build(pkg: RelatedPackage, version: string): VersionRisk | null;
+}
+export declare class NotWidelyUsedRisk extends BaseRisk {
+    desc: string;
+    level: "low" | "medium" | "high";
+    static build(pkg: RelatedPackage): NotWidelyUsedRisk | null;
+}
+type RiskRecord = Record<string, {
+    perm: "r" | "rw";
+    type: "网络请求" | "操作DOM" | "动态执行代码" | "读取本地储存" | "访问chrome扩展API";
+    desc: string;
+}>;
+export declare class RiskyGlobalUsageRisk extends BaseRisk {
+    desc: string;
+    level: "low" | "medium" | "high";
+    globals: RiskRecord;
+    constructor(pkg: RelatedPackage, info: string, globals: RiskRecord);
+    static build(pkg: RelatedPackage, globals: Record<string, "r" | "rw">): RiskyGlobalUsageRisk | null;
+}
+export declare class ObfuscationRisk extends BaseRisk {
+    desc: string;
+    level: "low" | "medium" | "high";
+    static build(pkg: RelatedPackage, files: Record<string, string>): ObfuscationRisk | null;
+}
+export declare class RuleRisk extends BaseRisk {
+    desc: string;
+    level: "low" | "medium" | "high";
+    static build(pkg: RelatedPackage, files: Record<string, string>): RuleRisk | null;
+}
+export type Risk = VersionRisk | NotWidelyUsedRisk | RiskyGlobalUsageRisk | ObfuscationRisk | RuleRisk;
+export interface PRScanResult {
+    changedDeps: Array<{
+        name: string;
+        version: string;
+        packageInfo: NpmPackageInfo;
+        downloadInfo: NpmDownloadStats;
+        analyze: {
+            global: GlobalUsageMap;
+        };
+        risks: Risk[];
+    }>;
+}
+export declare function scanPkgRisks(name: string, version: string): Promise<{
+    risks: Risk[];
+    package: NpmPackageInfo;
+    downloadInfo: NpmDownloadStats;
+    globalUsage: GlobalUsageMap;
+}>;
+export declare function scanByFileDiff(files: Array<{
+    filename: string;
+    oldContent: string;
+    newContent: string;
+}>): Promise<PRScanResult>;
+export declare function scanPRRisks(owner: string, repo: string, pull_no: number, auth?: string | undefined): Promise<PRScanResult | null>;
+export {};
+//# sourceMappingURL=prscan.d.ts.map

package/dist/tool/prscan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prscan.d.ts","sourceRoot":"","sources":["../../src/tool/prscan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,EAGH,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACtB,MAAM,gBAAgB,CAAC;AAYxB,MAAM,WAAW,cAAc;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,EAAE,gBAAgB,CAAC;CAClC;AAED,8BAAsB,QAAQ;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACnC,OAAO,EAAE,cAAc,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;gBAER,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM;CAIhD;AAED,qBAAa,WAAY,SAAQ,QAAQ;IAC9B,IAAI,EAAE,MAAM,CAAmB;IAC/B,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAS;IAEhD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;CAiCzE;AAED,qBAAa,iBAAkB,SAAQ,QAAQ;IACpC,IAAI,EAAE,MAAM,CAAiB;IAC7B,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAY;IAEnD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,GAAG,iBAAiB,GAAG,IAAI;CAS9D;AAED,KAAK,UAAU,GAAG,MAAM,CACpB,MAAM,EACN;IACI,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC;IACjB,IAAI,EACE,MAAM,GACN,OAAO,GACP,QAAQ,GACR,QAAQ,GACR,eAAe,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;CAChB,CACJ,CAAC;AACF,qBAAa,oBAAqB,SAAQ,QAAQ;IAC9C,IAAI,EAAE,MAAM,CAAgB;IAC5B,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAU;IAEnC,OAAO,EAAE,UAAU,CAAC;gBAEf,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;IAKlE,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC;CAoMxE;AAED,qBAAa,eAAgB,SAAQ,QAAQ;IAClC,IAAI,EAAE,MAAM,CAAY;IACxB,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAY;IAEnD,MAAM,CAAC,KAAK,CACR,GAAG,EAAE,cAAc,EACnB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC9B,eAAe,GAAG,IAAI;CAqB5B;AAED,qBAAa,QAAS,SAAQ,QAAQ;IAC3B,IAAI,EAAE,MAAM,CAAa;IACzB,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAS;IAEhD,MAAM,CAAC,KAAK,CACR,GAAG,EAAE,cAAc,EACnB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC9B,QAAQ,GAAG,IAAI;CAWrB;AAED,MAAM,MAAM,IAAI,GACV,WAAW,GACX,iBAAiB,GACjB,oBAAoB,GACpB,eAAe,GACf,QAAQ,CAAC;AAEf,MAAM,WAAW,YAAY;IACzB,WAAW,EAAE,KAAK,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,cAAc,CAAC;QAC5B,YAAY,EAAE,gBAAgB,CAAC;QAC/B,OAAO,EAAE;YACL,MAAM,EAAE,cAAc,CAAC;SAC1B,CAAC;QACF,KAAK,EAAE,IAAI,EAAE,CAAC;KACjB,CAAC,CAAC;CACN;AAED,wBAAsB,YAAY,CAC9B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC;IACP,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,EAAE,gBAAgB,CAAC;IAC/B,WAAW,EAAE,cAAc,CAAC;CAC/B,CAAC,CAwFD;AAED,wBAAsB,cAAc,CAChC,KAAK,EAAE,KAAK,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACtB,CAAC,yBA6CL;AAED,wBAAsB,WAAW,CAC7B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,GAAG,SAAqB,GACrC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAiG9B"}