ruvector 0.2.23 → 0.2.25

package/dist/analysis/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analysis/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,YAAY,CAAC"}

package/dist/analysis/index.js

@@ -0,0 +1,38 @@
+"use strict";
+/**
+ * Analysis Module - Consolidated code analysis utilities
+ *
+ * Single source of truth for:
+ * - Security scanning
+ * - Complexity analysis
+ * - Pattern extraction
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.patterns = exports.complexity = exports.security = void 0;
+__exportStar(require("./security"), exports);
+__exportStar(require("./complexity"), exports);
+__exportStar(require("./patterns"), exports);
+// Re-export defaults for convenience
+var security_1 = require("./security");
+Object.defineProperty(exports, "security", { enumerable: true, get: function () { return __importDefault(security_1).default; } });
+var complexity_1 = require("./complexity");
+Object.defineProperty(exports, "complexity", { enumerable: true, get: function () { return __importDefault(complexity_1).default; } });
+var patterns_1 = require("./patterns");
+Object.defineProperty(exports, "patterns", { enumerable: true, get: function () { return __importDefault(patterns_1).default; } });

package/dist/analysis/patterns.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Pattern Extraction Module - Consolidated code pattern detection
+ *
+ * Single source of truth for extracting functions, imports, exports, etc.
+ * Used by native-worker.ts and parallel-workers.ts
+ */
+export interface PatternMatch {
+    type: 'function' | 'class' | 'import' | 'export' | 'todo' | 'variable' | 'type';
+    match: string;
+    file: string;
+    line?: number;
+}
+export interface FilePatterns {
+    file: string;
+    language: string;
+    functions: string[];
+    classes: string[];
+    imports: string[];
+    exports: string[];
+    todos: string[];
+    variables: string[];
+}
+/**
+ * Detect language from file extension
+ */
+export declare function detectLanguage(file: string): string;
+/**
+ * Extract function names from content
+ */
+export declare function extractFunctions(content: string): string[];
+/**
+ * Extract class names from content
+ */
+export declare function extractClasses(content: string): string[];
+/**
+ * Extract import statements from content
+ */
+export declare function extractImports(content: string): string[];
+/**
+ * Extract export statements from content
+ */
+export declare function extractExports(content: string): string[];
+/**
+ * Extract TODO/FIXME comments from content
+ */
+export declare function extractTodos(content: string): string[];
+/**
+ * Extract all patterns from a file
+ */
+export declare function extractAllPatterns(filePath: string, content?: string): FilePatterns;
+/**
+ * Extract patterns from multiple files
+ */
+export declare function extractFromFiles(files: string[], maxFiles?: number): FilePatterns[];
+/**
+ * Convert FilePatterns to PatternMatch array (for native-worker compatibility)
+ */
+export declare function toPatternMatches(patterns: FilePatterns): PatternMatch[];
+declare const _default: {
+    detectLanguage: typeof detectLanguage;
+    extractFunctions: typeof extractFunctions;
+    extractClasses: typeof extractClasses;
+    extractImports: typeof extractImports;
+    extractExports: typeof extractExports;
+    extractTodos: typeof extractTodos;
+    extractAllPatterns: typeof extractAllPatterns;
+    extractFromFiles: typeof extractFromFiles;
+    toPatternMatches: typeof toPatternMatches;
+};
+export default _default;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/analysis/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/analysis/patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,UAAU,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,CAAC;IAChF,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAUnD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CA2B1D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAmBxD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAmBxD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAuBxD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAUtD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,YAAY,CA0BnF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,QAAQ,GAAE,MAAY,GAAG,YAAY,EAAE,CAExF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,YAAY,GAAG,YAAY,EAAE,CAoBvE;;;;;;;;;;;;AAED,wBAUE"}

package/dist/analysis/patterns.js

@@ -0,0 +1,243 @@
+"use strict";
+/**
+ * Pattern Extraction Module - Consolidated code pattern detection
+ *
+ * Single source of truth for extracting functions, imports, exports, etc.
+ * Used by native-worker.ts and parallel-workers.ts
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectLanguage = detectLanguage;
+exports.extractFunctions = extractFunctions;
+exports.extractClasses = extractClasses;
+exports.extractImports = extractImports;
+exports.extractExports = extractExports;
+exports.extractTodos = extractTodos;
+exports.extractAllPatterns = extractAllPatterns;
+exports.extractFromFiles = extractFromFiles;
+exports.toPatternMatches = toPatternMatches;
+const fs = __importStar(require("fs"));
+/**
+ * Detect language from file extension
+ */
+function detectLanguage(file) {
+    const ext = file.split('.').pop()?.toLowerCase() || '';
+    const langMap = {
+        ts: 'typescript', tsx: 'typescript', js: 'javascript', jsx: 'javascript',
+        rs: 'rust', py: 'python', go: 'go', java: 'java', rb: 'ruby',
+        cpp: 'cpp', c: 'c', h: 'c', hpp: 'cpp', cs: 'csharp',
+        md: 'markdown', json: 'json', yaml: 'yaml', yml: 'yaml',
+        sql: 'sql', sh: 'shell', bash: 'shell', zsh: 'shell',
+    };
+    return langMap[ext] || ext || 'unknown';
+}
+/**
+ * Extract function names from content
+ */
+function extractFunctions(content) {
+    const patterns = [
+        /function\s+(\w+)/g,
+        /const\s+(\w+)\s*=\s*(?:async\s*)?\([^)]*\)\s*=>/g,
+        /let\s+(\w+)\s*=\s*(?:async\s*)?\([^)]*\)\s*=>/g,
+        /(?:async\s+)?(?:public|private|protected)?\s+(\w+)\s*\([^)]*\)\s*[:{]/g,
+        /(\w+)\s*:\s*(?:async\s*)?\([^)]*\)\s*=>/g,
+        /def\s+(\w+)\s*\(/g, // Python
+        /fn\s+(\w+)\s*[<(]/g, // Rust
+        /func\s+(\w+)\s*\(/g, // Go
+    ];
+    const funcs = new Set();
+    const reserved = new Set(['if', 'for', 'while', 'switch', 'catch', 'try', 'else', 'return', 'new', 'class', 'function', 'async', 'await']);
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const name = match[1];
+            if (name && !reserved.has(name) && name.length > 1) {
+                funcs.add(name);
+            }
+        }
+    }
+    return Array.from(funcs);
+}
+/**
+ * Extract class names from content
+ */
+function extractClasses(content) {
+    const patterns = [
+        /class\s+(\w+)/g,
+        /interface\s+(\w+)/g,
+        /type\s+(\w+)\s*=/g,
+        /enum\s+(\w+)/g,
+        /struct\s+(\w+)/g,
+    ];
+    const classes = new Set();
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (match[1])
+                classes.add(match[1]);
+        }
+    }
+    return Array.from(classes);
+}
+/**
+ * Extract import statements from content
+ */
+function extractImports(content) {
+    const patterns = [
+        /import\s+.*?from\s+['"]([^'"]+)['"]/g,
+        /import\s+['"]([^'"]+)['"]/g,
+        /require\s*\(['"]([^'"]+)['"]\)/g,
+        /from\s+(\w+)\s+import/g, // Python
+        /use\s+(\w+(?:::\w+)*)/g, // Rust
+    ];
+    const imports = [];
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (match[1])
+                imports.push(match[1]);
+        }
+    }
+    return [...new Set(imports)];
+}
+/**
+ * Extract export statements from content
+ */
+function extractExports(content) {
+    const patterns = [
+        /export\s+(?:default\s+)?(?:class|function|const|let|var|interface|type|enum)\s+(\w+)/g,
+        /export\s*\{\s*([^}]+)\s*\}/g,
+        /module\.exports\s*=\s*(\w+)/g,
+        /exports\.(\w+)\s*=/g,
+        /pub\s+(?:fn|struct|enum|type)\s+(\w+)/g, // Rust
+    ];
+    const exports = [];
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            if (match[1]) {
+                // Handle grouped exports: export { a, b, c }
+                const names = match[1].split(',').map(s => s.trim().split(/\s+as\s+/)[0].trim());
+                exports.push(...names.filter(n => n && /^\w+$/.test(n)));
+            }
+        }
+    }
+    return [...new Set(exports)];
+}
+/**
+ * Extract TODO/FIXME comments from content
+ */
+function extractTodos(content) {
+    const pattern = /\/\/\s*(TODO|FIXME|HACK|XXX|BUG|NOTE):\s*(.+)/gi;
+    const todos = [];
+    let match;
+    while ((match = pattern.exec(content)) !== null) {
+        todos.push(`${match[1]}: ${match[2].trim()}`);
+    }
+    return todos;
+}
+/**
+ * Extract all patterns from a file
+ */
+function extractAllPatterns(filePath, content) {
+    try {
+        const fileContent = content ?? (fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf-8') : '');
+        return {
+            file: filePath,
+            language: detectLanguage(filePath),
+            functions: extractFunctions(fileContent),
+            classes: extractClasses(fileContent),
+            imports: extractImports(fileContent),
+            exports: extractExports(fileContent),
+            todos: extractTodos(fileContent),
+            variables: [], // Could add variable extraction if needed
+        };
+    }
+    catch {
+        return {
+            file: filePath,
+            language: detectLanguage(filePath),
+            functions: [],
+            classes: [],
+            imports: [],
+            exports: [],
+            todos: [],
+            variables: [],
+        };
+    }
+}
+/**
+ * Extract patterns from multiple files
+ */
+function extractFromFiles(files, maxFiles = 100) {
+    return files.slice(0, maxFiles).map(f => extractAllPatterns(f));
+}
+/**
+ * Convert FilePatterns to PatternMatch array (for native-worker compatibility)
+ */
+function toPatternMatches(patterns) {
+    const matches = [];
+    for (const func of patterns.functions) {
+        matches.push({ type: 'function', match: func, file: patterns.file });
+    }
+    for (const cls of patterns.classes) {
+        matches.push({ type: 'class', match: cls, file: patterns.file });
+    }
+    for (const imp of patterns.imports) {
+        matches.push({ type: 'import', match: imp, file: patterns.file });
+    }
+    for (const exp of patterns.exports) {
+        matches.push({ type: 'export', match: exp, file: patterns.file });
+    }
+    for (const todo of patterns.todos) {
+        matches.push({ type: 'todo', match: todo, file: patterns.file });
+    }
+    return matches;
+}
+exports.default = {
+    detectLanguage,
+    extractFunctions,
+    extractClasses,
+    extractImports,
+    extractExports,
+    extractTodos,
+    extractAllPatterns,
+    extractFromFiles,
+    toPatternMatches,
+};

package/dist/analysis/security.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Security Analysis Module - Consolidated security scanning
+ *
+ * Single source of truth for security patterns and vulnerability detection.
+ * Used by native-worker.ts and parallel-workers.ts
+ */
+export interface SecurityPattern {
+    pattern: RegExp;
+    rule: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    message: string;
+    suggestion?: string;
+}
+export interface SecurityFinding {
+    file: string;
+    line: number;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    rule: string;
+    message: string;
+    match?: string;
+    suggestion?: string;
+}
+/**
+ * Default security patterns for vulnerability detection
+ */
+export declare const SECURITY_PATTERNS: SecurityPattern[];
+/**
+ * Scan a single file for security issues
+ */
+export declare function scanFile(filePath: string, content?: string, patterns?: SecurityPattern[]): SecurityFinding[];
+/**
+ * Scan multiple files for security issues
+ */
+export declare function scanFiles(files: string[], patterns?: SecurityPattern[], maxFiles?: number): SecurityFinding[];
+/**
+ * Get severity score (for sorting/filtering)
+ */
+export declare function getSeverityScore(severity: string): number;
+/**
+ * Sort findings by severity (highest first)
+ */
+export declare function sortBySeverity(findings: SecurityFinding[]): SecurityFinding[];
+declare const _default: {
+    SECURITY_PATTERNS: SecurityPattern[];
+    scanFile: typeof scanFile;
+    scanFiles: typeof scanFiles;
+    getSeverityScore: typeof getSeverityScore;
+    sortBySeverity: typeof sortBySeverity;
+};
+export default _default;
+//# sourceMappingURL=security.d.ts.map

package/dist/analysis/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/analysis/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,eAAe,EA0B9C,CAAC;AAEF;;GAEG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,MAAM,EAChB,QAAQ,GAAE,eAAe,EAAsB,GAC9C,eAAe,EAAE,CA4BnB;AAED;;GAEG;AACH,wBAAgB,SAAS,CACvB,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,GAAE,eAAe,EAAsB,EAC/C,QAAQ,GAAE,MAAY,GACrB,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG,eAAe,EAAE,CAE7E;;;;;;;;AAED,wBAME"}

package/dist/analysis/security.js

@@ -0,0 +1,139 @@
+"use strict";
+/**
+ * Security Analysis Module - Consolidated security scanning
+ *
+ * Single source of truth for security patterns and vulnerability detection.
+ * Used by native-worker.ts and parallel-workers.ts
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECURITY_PATTERNS = void 0;
+exports.scanFile = scanFile;
+exports.scanFiles = scanFiles;
+exports.getSeverityScore = getSeverityScore;
+exports.sortBySeverity = sortBySeverity;
+const fs = __importStar(require("fs"));
+/**
+ * Default security patterns for vulnerability detection
+ */
+exports.SECURITY_PATTERNS = [
+    // Critical: Hardcoded secrets
+    { pattern: /password\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-password', severity: 'critical', message: 'Hardcoded password detected', suggestion: 'Use environment variables or secret management' },
+    { pattern: /api[_-]?key\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-apikey', severity: 'critical', message: 'Hardcoded API key detected', suggestion: 'Use environment variables' },
+    { pattern: /secret\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-secret', severity: 'critical', message: 'Hardcoded secret detected', suggestion: 'Use environment variables or secret management' },
+    { pattern: /private[_-]?key\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-private-key', severity: 'critical', message: 'Hardcoded private key detected', suggestion: 'Use secure key management' },
+    // High: Code execution risks
+    { pattern: /eval\s*\(/g, rule: 'no-eval', severity: 'high', message: 'Avoid eval() - code injection risk', suggestion: 'Use safer alternatives like JSON.parse()' },
+    { pattern: /exec\s*\(/g, rule: 'no-exec', severity: 'high', message: 'Avoid exec() - command injection risk', suggestion: 'Use execFile or spawn with args array' },
+    { pattern: /Function\s*\(/g, rule: 'no-function-constructor', severity: 'high', message: 'Avoid Function constructor - code injection risk' },
+    { pattern: /child_process.*exec\(/g, rule: 'no-shell-exec', severity: 'high', message: 'Shell execution detected', suggestion: 'Use execFile or spawn instead' },
+    // High: SQL injection
+    { pattern: /SELECT\s+.*\s+FROM.*\+/gi, rule: 'sql-injection-risk', severity: 'high', message: 'Potential SQL injection - string concatenation in query', suggestion: 'Use parameterized queries' },
+    { pattern: /`SELECT.*\$\{/gi, rule: 'sql-injection-template', severity: 'high', message: 'Template literal in SQL query', suggestion: 'Use parameterized queries' },
+    // Medium: XSS risks
+    { pattern: /dangerouslySetInnerHTML/g, rule: 'xss-risk', severity: 'medium', message: 'XSS risk: dangerouslySetInnerHTML', suggestion: 'Sanitize content before rendering' },
+    { pattern: /innerHTML\s*=/g, rule: 'no-inner-html', severity: 'medium', message: 'Avoid innerHTML - XSS risk', suggestion: 'Use textContent or sanitize content' },
+    { pattern: /document\.write\s*\(/g, rule: 'no-document-write', severity: 'medium', message: 'Avoid document.write - XSS risk' },
+    // Medium: Other risks
+    { pattern: /\$\{.*\}/g, rule: 'template-injection', severity: 'low', message: 'Template literal detected - verify no injection' },
+    { pattern: /new\s+RegExp\s*\([^)]*\+/g, rule: 'regex-injection', severity: 'medium', message: 'Dynamic RegExp - potential ReDoS risk', suggestion: 'Validate/sanitize regex input' },
+    { pattern: /\.on\s*\(\s*['"]error['"]/g, rule: 'unhandled-error', severity: 'low', message: 'Error handler detected - verify proper error handling' },
+];
+/**
+ * Scan a single file for security issues
+ */
+function scanFile(filePath, content, patterns = exports.SECURITY_PATTERNS) {
+    const findings = [];
+    try {
+        const fileContent = content ?? (fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf-8') : '');
+        if (!fileContent)
+            return findings;
+        for (const { pattern, rule, severity, message, suggestion } of patterns) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(fileContent)) !== null) {
+                const lineNum = fileContent.slice(0, match.index).split('\n').length;
+                findings.push({
+                    file: filePath,
+                    line: lineNum,
+                    severity,
+                    rule,
+                    message,
+                    match: match[0].slice(0, 50),
+                    suggestion,
+                });
+            }
+        }
+    }
+    catch {
+        // Skip unreadable files
+    }
+    return findings;
+}
+/**
+ * Scan multiple files for security issues
+ */
+function scanFiles(files, patterns = exports.SECURITY_PATTERNS, maxFiles = 100) {
+    const findings = [];
+    for (const file of files.slice(0, maxFiles)) {
+        findings.push(...scanFile(file, undefined, patterns));
+    }
+    return findings;
+}
+/**
+ * Get severity score (for sorting/filtering)
+ */
+function getSeverityScore(severity) {
+    switch (severity) {
+        case 'critical': return 4;
+        case 'high': return 3;
+        case 'medium': return 2;
+        case 'low': return 1;
+        default: return 0;
+    }
+}
+/**
+ * Sort findings by severity (highest first)
+ */
+function sortBySeverity(findings) {
+    return [...findings].sort((a, b) => getSeverityScore(b.severity) - getSeverityScore(a.severity));
+}
+exports.default = {
+    SECURITY_PATTERNS: exports.SECURITY_PATTERNS,
+    scanFile,
+    scanFiles,
+    getSeverityScore,
+    sortBySeverity,
+};