secure-scan 1.2.2

package/dist/dependencies/aiDependencyAnalyzer.js

@@ -0,0 +1,435 @@
+"use strict";
+/**
+ * AI Dependency Analyzer
+ * Uses AI/ML for advanced dependency risk analysis
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AIDependencyAnalyzer = void 0;
+const types_1 = require("../types");
+const types_2 = require("./types");
+const logger_1 = require("../utils/logger");
+const utils_1 = require("../utils");
+const securityStandards_1 = require("./detectors/securityStandards");
+/**
+ * AI Dependency Analyzer Class
+ * Provides AI-powered analysis for dependencies
+ */
+class AIDependencyAnalyzer {
+    config;
+    initialized = false;
+    constructor(config) {
+        this.config = config;
+    }
+    /**
+     * Initialize AI analyzer
+     */
+    async initialize() {
+        if (!this.config.apiKey && this.config.provider !== 'local') {
+            logger_1.logger.warn('⚠️ AI API key not provided. AI dependency analysis will be limited.');
+            return;
+        }
+        logger_1.logger.info('🤖 Initializing AI dependency analyzer...');
+        this.initialized = true;
+    }
+    /**
+     * Analyze dependencies with AI
+     */
+    async analyzeDependencies(dependencies, existingVulnerabilities) {
+        if (!this.initialized) {
+            return this.getDefaultResult();
+        }
+        try {
+            switch (this.config.provider) {
+                case 'openai':
+                    return await this.analyzeWithOpenAI(dependencies, existingVulnerabilities);
+                case 'anthropic':
+                    return await this.analyzeWithAnthropic(dependencies, existingVulnerabilities);
+                case 'local':
+                    return await this.analyzeWithLocal(dependencies, existingVulnerabilities);
+                default:
+                    return this.getDefaultResult();
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`AI dependency analysis error: ${error}`);
+            return this.getDefaultResult();
+        }
+    }
+    /**
+     * Analyze single dependency for anomalies
+     */
+    async analyzeForAnomalies(dependency) {
+        if (!this.initialized) {
+            return [];
+        }
+        const vulnerabilities = [];
+        try {
+            const analysis = await this.analyzePackageMetadata(dependency);
+            if (analysis.suspiciousPatterns.length > 0) {
+                vulnerabilities.push({
+                    id: (0, utils_1.generateId)(),
+                    dependency,
+                    severity: analysis.severity,
+                    category: types_2.DependencyRiskCategory.SUPPLY_CHAIN,
+                    title: `AI-Detected Anomaly: ${dependency.name}`,
+                    description: `AI analysis detected suspicious patterns in ${dependency.name}: ${analysis.suspiciousPatterns.join(', ')}`,
+                    supplyChainRisks: analysis.risks,
+                    standards: (0, securityStandards_1.getStandardsForDependencyRisk)(types_2.DependencyRiskCategory.SUPPLY_CHAIN),
+                    recommendation: types_2.DependencyRecommendation.REVIEW,
+                    recommendationDetails: analysis.recommendation,
+                    confidence: analysis.confidence,
+                    timestamp: new Date(),
+                    aiExplanation: analysis.explanation
+                });
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`AI anomaly detection error for ${dependency.name}: ${error}`);
+        }
+        return vulnerabilities;
+    }
+    /**
+     * Prioritize vulnerabilities using AI
+     */
+    async prioritizeVulnerabilities(vulnerabilities) {
+        if (!this.initialized || vulnerabilities.length === 0) {
+            return vulnerabilities;
+        }
+        try {
+            // Get AI-generated priority scores
+            const prioritized = await this.getAIPrioritization(vulnerabilities);
+            return prioritized;
+        }
+        catch (error) {
+            logger_1.logger.debug(`AI prioritization error: ${error}`);
+            return vulnerabilities;
+        }
+    }
+    /**
+     * Generate AI explanation for a vulnerability
+     */
+    async generateExplanation(vulnerability) {
+        if (!this.initialized) {
+            return '';
+        }
+        try {
+            const prompt = this.buildExplanationPrompt(vulnerability);
+            const explanation = await this.callAI(prompt);
+            return explanation;
+        }
+        catch (error) {
+            logger_1.logger.debug(`AI explanation error: ${error}`);
+            return '';
+        }
+    }
+    /**
+     * Analyze with OpenAI
+     */
+    async analyzeWithOpenAI(dependencies, vulnerabilities) {
+        const OpenAI = (await Promise.resolve().then(() => __importStar(require('openai')))).default;
+        const client = new OpenAI({
+            apiKey: this.config.apiKey
+        });
+        const prompt = this.buildAnalysisPrompt(dependencies, vulnerabilities);
+        const response = await client.chat.completions.create({
+            model: this.config.model || 'gpt-4',
+            messages: [
+                {
+                    role: 'system',
+                    content: this.getSystemPrompt()
+                },
+                {
+                    role: 'user',
+                    content: prompt
+                }
+            ],
+            max_tokens: this.config.maxTokens || 2000,
+            temperature: this.config.temperature || 0.1
+        });
+        const content = response.choices[0]?.message?.content;
+        return this.parseAIResponse(content || '');
+    }
+    /**
+     * Analyze with Anthropic
+     */
+    async analyzeWithAnthropic(dependencies, vulnerabilities) {
+        const Anthropic = (await Promise.resolve().then(() => __importStar(require('@anthropic-ai/sdk')))).default;
+        const client = new Anthropic({
+            apiKey: this.config.apiKey
+        });
+        const prompt = this.buildAnalysisPrompt(dependencies, vulnerabilities);
+        const response = await client.messages.create({
+            model: this.config.model || 'claude-3-opus-20240229',
+            max_tokens: this.config.maxTokens || 2000,
+            system: this.getSystemPrompt(),
+            messages: [
+                {
+                    role: 'user',
+                    content: prompt
+                }
+            ]
+        });
+        const content = response.content[0]?.type === 'text' ? response.content[0].text : '';
+        return this.parseAIResponse(content);
+    }
+    /**
+     * Analyze with local model
+     */
+    async analyzeWithLocal(dependencies, vulnerabilities) {
+        const endpoint = this.config.endpoint || 'http://localhost:11434/api/generate';
+        const prompt = this.buildAnalysisPrompt(dependencies, vulnerabilities);
+        const response = await fetch(endpoint, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                model: this.config.model || 'llama2',
+                prompt: `${this.getSystemPrompt()}\n\n${prompt}`,
+                stream: false
+            })
+        });
+        const data = await response.json();
+        return this.parseAIResponse(data.response || '');
+    }
+    /**
+     * Build analysis prompt
+     */
+    buildAnalysisPrompt(dependencies, vulnerabilities) {
+        const depSummary = dependencies.slice(0, 50).map(d => `- ${d.name}@${d.version} (${d.ecosystem}, ${d.dependencyType})`).join('\n');
+        const vulnSummary = vulnerabilities.map(v => `- ${v.title} (${v.severity}, ${v.category}): ${v.description.substring(0, 100)}...`).join('\n');
+        return `
+Analyze the following project dependencies for security risks:
+
+## Dependencies (${dependencies.length} total, showing first 50):
+${depSummary}
+
+## Known Vulnerabilities (${vulnerabilities.length}):
+${vulnSummary || 'None detected'}
+
+Please provide:
+1. Overall risk assessment
+2. Any suspicious patterns or anomalies
+3. Priority recommendations for remediation
+4. Risk score (0-100)
+
+Respond in JSON format with keys: riskAssessment, anomalies (array), priorityRecommendations (array), overallRiskScore (number), confidence (number 0-100)
+`;
+    }
+    /**
+     * Build explanation prompt
+     */
+    buildExplanationPrompt(vulnerability) {
+        return `
+Explain this dependency vulnerability in simple terms:
+
+Package: ${vulnerability.dependency.name}@${vulnerability.dependency.version}
+Ecosystem: ${vulnerability.dependency.ecosystem}
+Issue: ${vulnerability.title}
+Description: ${vulnerability.description}
+Severity: ${vulnerability.severity}
+Category: ${vulnerability.category}
+
+Provide:
+1. What the vulnerability means
+2. How it could be exploited
+3. Immediate actions to take
+4. Long-term recommendations
+
+Keep the explanation concise and actionable.
+`;
+    }
+    /**
+     * Get system prompt
+     */
+    getSystemPrompt() {
+        return `You are a security expert specializing in Software Composition Analysis (SCA) and supply chain security. 
+Your role is to analyze project dependencies for:
+- Known vulnerabilities (CVEs)
+- Supply chain risks (typosquatting, abandoned packages, suspicious releases)
+- Malicious packages (backdoors, cryptominers, data exfiltration)
+- Outdated or deprecated components
+
+Provide clear, actionable recommendations following security best practices.
+Reference OWASP, CWE, and MITRE ATT&CK frameworks where applicable.
+Always prioritize critical and high-severity issues.`;
+    }
+    /**
+     * Parse AI response
+     */
+    parseAIResponse(content) {
+        try {
+            // Try to extract JSON from the response
+            const jsonMatch = content.match(/\{[\s\S]*\}/);
+            if (jsonMatch) {
+                const parsed = JSON.parse(jsonMatch[0]);
+                return {
+                    riskAssessment: parsed.riskAssessment || 'Unable to assess',
+                    confidence: parsed.confidence || 50,
+                    anomalies: parsed.anomalies || [],
+                    priorityRecommendations: parsed.priorityRecommendations || [],
+                    overallRiskScore: parsed.overallRiskScore || 50
+                };
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`Failed to parse AI response: ${error}`);
+        }
+        return this.getDefaultResult();
+    }
+    /**
+     * Get default result when AI is unavailable
+     */
+    getDefaultResult() {
+        return {
+            riskAssessment: 'AI analysis not available',
+            confidence: 0,
+            anomalies: [],
+            priorityRecommendations: [],
+            overallRiskScore: 0
+        };
+    }
+    /**
+     * Analyze package metadata for anomalies
+     */
+    async analyzePackageMetadata(dependency) {
+        // Heuristic-based analysis (can be enhanced with actual package metadata)
+        const suspiciousPatterns = [];
+        const risks = [];
+        // Check package name patterns
+        const name = dependency.name.toLowerCase();
+        // Check for suspicious naming patterns
+        if (/^[a-z]+-[a-z]+-[a-z]+-[a-z]+$/.test(name)) {
+            // Random-looking name pattern
+            suspiciousPatterns.push('Unusual naming pattern');
+        }
+        // Check version for pre-release or suspicious versions
+        const version = dependency.version;
+        if (version.includes('alpha') || version.includes('beta') || version.includes('rc')) {
+            suspiciousPatterns.push('Pre-release version in production');
+        }
+        // Check for 0.0.x versions
+        if (/^0\.0\.\d+/.test(version)) {
+            suspiciousPatterns.push('Very early version (0.0.x)');
+            risks.push(types_2.SupplyChainRisk.NEW_PACKAGE);
+        }
+        const severity = suspiciousPatterns.length >= 2 ? types_1.Severity.MEDIUM : types_1.Severity.LOW;
+        const confidence = 40 + (suspiciousPatterns.length * 20);
+        return {
+            suspiciousPatterns,
+            risks,
+            severity,
+            confidence: Math.min(confidence, 90),
+            recommendation: suspiciousPatterns.length > 0
+                ? `Review ${dependency.name} before using in production. Verify package authenticity and check for recent changes.`
+                : 'No suspicious patterns detected.',
+            explanation: suspiciousPatterns.length > 0
+                ? `The package ${dependency.name} exhibits patterns that may indicate supply chain risk: ${suspiciousPatterns.join(', ')}`
+                : ''
+        };
+    }
+    /**
+     * Get AI-based prioritization
+     */
+    async getAIPrioritization(vulnerabilities) {
+        // For now, use heuristic-based prioritization
+        // In production, this would call the AI model
+        return vulnerabilities.sort((a, b) => {
+            // Priority factors:
+            // 1. Severity
+            const severityOrder = {
+                [types_1.Severity.CRITICAL]: 0,
+                [types_1.Severity.HIGH]: 1,
+                [types_1.Severity.MEDIUM]: 2,
+                [types_1.Severity.LOW]: 3,
+                [types_1.Severity.INFO]: 4
+            };
+            const severityDiff = severityOrder[a.severity] - severityOrder[b.severity];
+            if (severityDiff !== 0)
+                return severityDiff;
+            // 2. Category priority (malicious > vulnerability > supply chain > outdated)
+            const categoryOrder = {
+                [types_2.DependencyRiskCategory.MALICIOUS]: 0,
+                [types_2.DependencyRiskCategory.VULNERABILITY]: 1,
+                [types_2.DependencyRiskCategory.SUPPLY_CHAIN]: 2,
+                [types_2.DependencyRiskCategory.OUTDATED]: 3,
+                [types_2.DependencyRiskCategory.MAINTENANCE]: 4,
+                [types_2.DependencyRiskCategory.LICENSE]: 5
+            };
+            const categoryDiff = categoryOrder[a.category] - categoryOrder[b.category];
+            if (categoryDiff !== 0)
+                return categoryDiff;
+            // 3. Direct dependencies over transitive
+            const depTypeOrder = { direct: 0, dev: 1, peer: 2, optional: 3, transitive: 4 };
+            return (depTypeOrder[a.dependency.dependencyType] || 4) -
+                (depTypeOrder[b.dependency.dependencyType] || 4);
+        });
+    }
+    /**
+     * Call AI API
+     */
+    async callAI(prompt) {
+        switch (this.config.provider) {
+            case 'openai':
+                const OpenAI = (await Promise.resolve().then(() => __importStar(require('openai')))).default;
+                const openaiClient = new OpenAI({ apiKey: this.config.apiKey });
+                const openaiResponse = await openaiClient.chat.completions.create({
+                    model: this.config.model || 'gpt-4',
+                    messages: [
+                        { role: 'system', content: this.getSystemPrompt() },
+                        { role: 'user', content: prompt }
+                    ],
+                    max_tokens: 1000
+                });
+                return openaiResponse.choices[0]?.message?.content || '';
+            case 'anthropic':
+                const Anthropic = (await Promise.resolve().then(() => __importStar(require('@anthropic-ai/sdk')))).default;
+                const anthropicClient = new Anthropic({ apiKey: this.config.apiKey });
+                const anthropicResponse = await anthropicClient.messages.create({
+                    model: this.config.model || 'claude-3-opus-20240229',
+                    max_tokens: 1000,
+                    system: this.getSystemPrompt(),
+                    messages: [{ role: 'user', content: prompt }]
+                });
+                return anthropicResponse.content[0]?.type === 'text'
+                    ? anthropicResponse.content[0].text
+                    : '';
+            default:
+                return '';
+        }
+    }
+}
+exports.AIDependencyAnalyzer = AIDependencyAnalyzer;
+exports.default = AIDependencyAnalyzer;
+//# sourceMappingURL=aiDependencyAnalyzer.js.map

package/dist/dependencies/aiDependencyAnalyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aiDependencyAnalyzer.js","sourceRoot":"","sources":["../../src/dependencies/aiDependencyAnalyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oCAA8C;AAC9C,mCAMiB;AACjB,4CAAyC;AACzC,oCAAsC;AACtC,qEAA8E;AAkB9E;;;GAGG;AACH,MAAa,oBAAoB;IACvB,MAAM,CAAW;IACjB,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,MAAgB;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC5D,eAAM,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;YACnF,OAAO;QACT,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CACvB,YAA0B,EAC1B,uBAAkD;QAElD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;QAED,IAAI,CAAC;YACH,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,QAAQ;oBACX,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,uBAAuB,CAAC,CAAC;gBAC7E,KAAK,WAAW;oBACd,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,uBAAuB,CAAC,CAAC;gBAChF,KAAK,OAAO;oBACV,OAAO,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE,uBAAuB,CAAC,CAAC;gBAC5E;oBACE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAM,CAAC,KAAK,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;YACvD,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,UAAsB;QAC9C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA8B,EAAE,CAAC;QAEtD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;YAE/D,IAAI,QAAQ,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,IAAA,kBAAU,GAAE;oBAChB,UAAU;oBACV,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,QAAQ,EAAE,8BAAsB,CAAC,YAAY;oBAC7C,KAAK,EAAE,wBAAwB,UAAU,CAAC,IAAI,EAAE;oBAChD,WAAW,EAAE,+CAA+C,UAAU,CAAC,IAAI,KAAK,QAAQ,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBACxH,gBAAgB,EAAE,QAAQ,CAAC,KAAK;oBAChC,SAAS,EAAE,IAAA,iDAA6B,EAAC,8BAAsB,CAAC,YAAY,CAAC;oBAC7E,cAAc,EAAE,gCAAwB,CAAC,MAAM;oBAC/C,qBAAqB,EAAE,QAAQ,CAAC,cAAc;oBAC9C,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,SAAS,EAAE,IAAI,IAAI,EAAE;oBACrB,aAAa,EAAE,QAAQ,CAAC,WAAW;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAM,CAAC,KAAK,CAAC,kCAAkC,UAAU,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,yBAAyB,CAC7B,eAA0C;QAE1C,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtD,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,IAAI,CAAC;YACH,mCAAmC;YACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YACpE,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,OAAO,eAAe,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,aAAsC;QAC9D,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC9C,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAM,CAAC,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YAC/C,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,YAA0B,EAC1B,eAA0C;QAE1C,MAAM,MAAM,GAAG,CAAC,wDAAa,QAAQ,GAAC,CAAC,CAAC,OAAO,CAAC;QAEhD,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC;YACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;SAC3B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;YACpD,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO;YACnC,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,IAAI,CAAC,eAAe,EAAE;iBAChC;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,MAAM;iBAChB;aACF;YACD,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI;YACzC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,GAAG;SAC5C,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC;QACtD,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAChC,YAA0B,EAC1B,eAA0C;QAE1C,MAAM,SAAS,GAAG,CAAC,wDAAa,mBAAmB,GAAC,CAAC,CAAC,OAAO,CAAC;QAE9D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;YAC3B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;SAC3B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,wBAAwB;YACpD,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI;YACzC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE;YAC9B,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,MAAM;iBAChB;aACF;SACF,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrF,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,YAA0B,EAC1B,eAA0C;QAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,qCAAqC,CAAC;QAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,QAAQ;gBACpC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,EAAE,OAAO,MAAM,EAAE;gBAChD,MAAM,EAAE,KAAK;aACd,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2B,CAAC;QAC5D,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,YAA0B,EAC1B,eAA0C;QAE1C,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACnD,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,cAAc,GAAG,CACjE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAC1C,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,CACrF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,OAAO;;;mBAGQ,YAAY,CAAC,MAAM;EACpC,UAAU;;4BAEgB,eAAe,CAAC,MAAM;EAChD,WAAW,IAAI,eAAe;;;;;;;;;CAS/B,CAAC;IACA,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,aAAsC;QACnE,OAAO;;;WAGA,aAAa,CAAC,UAAU,CAAC,IAAI,IAAI,aAAa,CAAC,UAAU,CAAC,OAAO;aAC/D,aAAa,CAAC,UAAU,CAAC,SAAS;SACtC,aAAa,CAAC,KAAK;eACb,aAAa,CAAC,WAAW;YAC5B,aAAa,CAAC,QAAQ;YACtB,aAAa,CAAC,QAAQ;;;;;;;;;CASjC,CAAC;IACA,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,OAAO;;;;;;;;;qDAS0C,CAAC;IACpD,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAC/C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,OAAO;oBACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,kBAAkB;oBAC3D,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE;oBACnC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;oBACjC,uBAAuB,EAAE,MAAM,CAAC,uBAAuB,IAAI,EAAE;oBAC7D,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;iBAChD,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,eAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,gBAAgB;QACtB,OAAO;YACL,cAAc,EAAE,2BAA2B;YAC3C,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,EAAE;YACb,uBAAuB,EAAE,EAAE;YAC3B,gBAAgB,EAAE,CAAC;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,UAAsB;QAQzD,0EAA0E;QAC1E,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,KAAK,GAAsB,EAAE,CAAC;QAEpC,8BAA8B;QAC9B,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QAE3C,uCAAuC;QACvC,IAAI,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,8BAA8B;YAC9B,kBAAkB,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACpD,CAAC;QAED,uDAAuD;QACvD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC;QACnC,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACpF,kBAAkB,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAC/D,CAAC;QAED,2BAA2B;QAC3B,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,kBAAkB,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YACtD,KAAK,CAAC,IAAI,CAAC,uBAAe,CAAC,WAAW,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,gBAAQ,CAAC,GAAG,CAAC;QACjF,MAAM,UAAU,GAAG,EAAE,GAAG,CAAC,kBAAkB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QAEzD,OAAO;YACL,kBAAkB;YAClB,KAAK;YACL,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC;YACpC,cAAc,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC;gBAC3C,CAAC,CAAC,UAAU,UAAU,CAAC,IAAI,wFAAwF;gBACnH,CAAC,CAAC,kCAAkC;YACtC,WAAW,EAAE,kBAAkB,CAAC,MAAM,GAAG,CAAC;gBACxC,CAAC,CAAC,eAAe,UAAU,CAAC,IAAI,2DAA2D,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC1H,CAAC,CAAC,EAAE;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAC/B,eAA0C;QAE1C,8CAA8C;QAC9C,8CAA8C;QAE9C,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACnC,oBAAoB;YACpB,cAAc;YACd,MAAM,aAAa,GAA6B;gBAC9C,CAAC,gBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,CAAC,gBAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpB,CAAC,gBAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;aACnB,CAAC;YAEF,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC3E,IAAI,YAAY,KAAK,CAAC;gBAAE,OAAO,YAAY,CAAC;YAE5C,6EAA6E;YAC7E,MAAM,aAAa,GAA2C;gBAC5D,CAAC,8BAAsB,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,CAAC,8BAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACzC,CAAC,8BAAsB,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxC,CAAC,8BAAsB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,CAAC,8BAAsB,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvC,CAAC,8BAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;aACpC,CAAC;YAEF,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC3E,IAAI,YAAY,KAAK,CAAC;gBAAE,OAAO,YAAY,CAAC;YAE5C,yCAAyC;YACzC,MAAM,YAAY,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;YAChF,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAChD,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,MAAM,CAAC,MAAc;QACjC,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC7B,KAAK,QAAQ;gBACX,MAAM,MAAM,GAAG,CAAC,wDAAa,QAAQ,GAAC,CAAC,CAAC,OAAO,CAAC;gBAChD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBAChE,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;oBAChE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO;oBACnC,QAAQ,EAAE;wBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,eAAe,EAAE,EAAE;wBACnD,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE;qBAClC;oBACD,UAAU,EAAE,IAAI;iBACjB,CAAC,CAAC;gBACH,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YAE3D,KAAK,WAAW;gBACd,MAAM,SAAS,GAAG,CAAC,wDAAa,mBAAmB,GAAC,CAAC,CAAC,OAAO,CAAC;gBAC9D,MAAM,eAAe,GAAG,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACtE,MAAM,iBAAiB,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC9D,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,wBAAwB;oBACpD,UAAU,EAAE,IAAI;oBAChB,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE;oBAC9B,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;iBAC9C,CAAC,CAAC;gBACH,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,MAAM;oBAClD,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;oBACnC,CAAC,CAAC,EAAE,CAAC;YAET;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAxcD,oDAwcC;AAED,kBAAe,oBAAoB,CAAC"}

package/dist/dependencies/database/cveDatabase.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Known Vulnerable Packages Database
+ * Static database of known CVEs for offline vulnerability detection
+ * This is a sample database - in production, integrate with OSV, NVD, or Snyk APIs
+ */
+import { CVEInfo, PackageEcosystem } from '../types';
+/**
+ * CVE database entry
+ */
+export interface CVEDatabaseEntry {
+    ecosystem: PackageEcosystem;
+    packageName: string;
+    cve: CVEInfo;
+    vulnerableVersions: string[];
+}
+/**
+ * Sample CVE database with well-known vulnerabilities
+ */
+export declare const CVE_DATABASE: CVEDatabaseEntry[];
+/**
+ * Check if a version matches a vulnerable version pattern
+ */
+export declare function isVersionVulnerable(version: string, vulnerablePatterns: string[]): boolean;
+/**
+ * Get CVEs for a package
+ */
+export declare function getCVEsForPackage(packageName: string, ecosystem: PackageEcosystem, version?: string): CVEInfo[];
+/**
+ * Get all CVEs in the database
+ */
+export declare function getAllCVEs(): CVEDatabaseEntry[];
+//# sourceMappingURL=cveDatabase.d.ts.map

package/dist/dependencies/database/cveDatabase.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cveDatabase.d.ts","sourceRoot":"","sources":["../../../src/dependencies/database/cveDatabase.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAY,MAAM,UAAU,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,gBAAgB,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,OAAO,CAAC;IACb,kBAAkB,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,gBAAgB,EAiT1C,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,GAAG,OAAO,CAW1F;AA2DD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,EAAE,CAc/G;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,gBAAgB,EAAE,CAE/C"}