npm - shield-llm - Versions diffs - 0.1.0 - Mend

shield-llm 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +127 -0
package/bin/shield-llm.js +2 -0
package/dist/chunk-6HLD55BG.js +24282 -0
package/dist/chunk-7D5WVZW5.js +574 -0
package/dist/cli.js +1396 -0
package/dist/index.js +24 -0
package/dist/report-template.hbs +1726 -0
package/dist/token-DULPX7LM.js +68 -0
package/dist/token-util-HNUYLXRD.js +5 -0
package/package.json +66 -0

package/dist/chunk-7D5WVZW5.js ADDED Viewed

@@ -0,0 +1,574 @@
+import { createRequire as __cjs_createRequire } from "module"; import { fileURLToPath as __cjs_fileURLToPath } from "url"; import { dirname as __cjs_dirname } from "path"; const __filename = __cjs_fileURLToPath(import.meta.url); const __dirname = __cjs_dirname(__filename); const require = __cjs_createRequire(import.meta.url);
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __commonJS = (cb, mod) => function __require2() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-error.js
+var require_token_error = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-error.js"(exports, module) {
+    "use strict";
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var token_error_exports = {};
+    __export(token_error_exports, {
+      VercelOidcTokenError: () => VercelOidcTokenError
+    });
+    module.exports = __toCommonJS(token_error_exports);
+    var VercelOidcTokenError = class extends Error {
+      constructor(message, cause) {
+        super(message);
+        this.name = "VercelOidcTokenError";
+        this.cause = cause;
+      }
+      toString() {
+        if (this.cause) {
+          return `${this.name}: ${this.message}: ${this.cause}`;
+        }
+        return `${this.name}: ${this.message}`;
+      }
+    };
+  }
+});
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-io.js
+var require_token_io = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-io.js"(exports, module) {
+    "use strict";
+    var __create2 = Object.create;
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __getProtoOf2 = Object.getPrototypeOf;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toESM2 = (mod, isNodeMode, target) => (target = mod != null ? __create2(__getProtoOf2(mod)) : {}, __copyProps2(
+      // If the importer is in node compatibility mode or this is not an ESM
+      // file that has been converted to a CommonJS file using a Babel-
+      // compatible transform (i.e. "__esModule" has not been set), then set
+      // "default" to the CommonJS "module.exports" for node compatibility.
+      isNodeMode || !mod || !mod.__esModule ? __defProp2(target, "default", { value: mod, enumerable: true }) : target,
+      mod
+    ));
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var token_io_exports = {};
+    __export(token_io_exports, {
+      findRootDir: () => findRootDir,
+      getUserDataDir: () => getUserDataDir
+    });
+    module.exports = __toCommonJS(token_io_exports);
+    var import_path = __toESM2(__require("path"));
+    var import_fs = __toESM2(__require("fs"));
+    var import_os = __toESM2(__require("os"));
+    var import_token_error = require_token_error();
+    function findRootDir() {
+      try {
+        let dir = process.cwd();
+        while (dir !== import_path.default.dirname(dir)) {
+          const pkgPath = import_path.default.join(dir, ".vercel");
+          if (import_fs.default.existsSync(pkgPath)) {
+            return dir;
+          }
+          dir = import_path.default.dirname(dir);
+        }
+      } catch (e) {
+        throw new import_token_error.VercelOidcTokenError(
+          "Token refresh only supported in node server environments"
+        );
+      }
+      return null;
+    }
+    function getUserDataDir() {
+      if (process.env.XDG_DATA_HOME) {
+        return process.env.XDG_DATA_HOME;
+      }
+      switch (import_os.default.platform()) {
+        case "darwin":
+          return import_path.default.join(import_os.default.homedir(), "Library/Application Support");
+        case "linux":
+          return import_path.default.join(import_os.default.homedir(), ".local/share");
+        case "win32":
+          if (process.env.LOCALAPPDATA) {
+            return process.env.LOCALAPPDATA;
+          }
+          return null;
+        default:
+          return null;
+      }
+    }
+  }
+});
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/auth-config.js
+var require_auth_config = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/auth-config.js"(exports, module) {
+    "use strict";
+    var __create2 = Object.create;
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __getProtoOf2 = Object.getPrototypeOf;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toESM2 = (mod, isNodeMode, target) => (target = mod != null ? __create2(__getProtoOf2(mod)) : {}, __copyProps2(
+      // If the importer is in node compatibility mode or this is not an ESM
+      // file that has been converted to a CommonJS file using a Babel-
+      // compatible transform (i.e. "__esModule" has not been set), then set
+      // "default" to the CommonJS "module.exports" for node compatibility.
+      isNodeMode || !mod || !mod.__esModule ? __defProp2(target, "default", { value: mod, enumerable: true }) : target,
+      mod
+    ));
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var auth_config_exports = {};
+    __export(auth_config_exports, {
+      isValidAccessToken: () => isValidAccessToken,
+      readAuthConfig: () => readAuthConfig,
+      writeAuthConfig: () => writeAuthConfig
+    });
+    module.exports = __toCommonJS(auth_config_exports);
+    var fs = __toESM2(__require("fs"));
+    var path = __toESM2(__require("path"));
+    var import_token_util = require_token_util();
+    function getAuthConfigPath() {
+      const dataDir = (0, import_token_util.getVercelDataDir)();
+      if (!dataDir) {
+        throw new Error(
+          `Unable to find Vercel CLI data directory. Your platform: ${process.platform}. Supported: darwin, linux, win32.`
+        );
+      }
+      return path.join(dataDir, "auth.json");
+    }
+    function readAuthConfig() {
+      try {
+        const authPath = getAuthConfigPath();
+        if (!fs.existsSync(authPath)) {
+          return null;
+        }
+        const content = fs.readFileSync(authPath, "utf8");
+        if (!content) {
+          return null;
+        }
+        return JSON.parse(content);
+      } catch (error) {
+        return null;
+      }
+    }
+    function writeAuthConfig(config) {
+      const authPath = getAuthConfigPath();
+      const authDir = path.dirname(authPath);
+      if (!fs.existsSync(authDir)) {
+        fs.mkdirSync(authDir, { mode: 504, recursive: true });
+      }
+      fs.writeFileSync(authPath, JSON.stringify(config, null, 2), { mode: 384 });
+    }
+    function isValidAccessToken(authConfig, expirationBufferMs = 0) {
+      if (!authConfig.token)
+        return false;
+      if (typeof authConfig.expiresAt !== "number")
+        return true;
+      const nowInSeconds = Math.floor(Date.now() / 1e3);
+      const bufferInSeconds = expirationBufferMs / 1e3;
+      return authConfig.expiresAt >= nowInSeconds + bufferInSeconds;
+    }
+  }
+});
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/oauth.js
+var require_oauth = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/oauth.js"(exports, module) {
+    "use strict";
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var oauth_exports = {};
+    __export(oauth_exports, {
+      processTokenResponse: () => processTokenResponse,
+      refreshTokenRequest: () => refreshTokenRequest
+    });
+    module.exports = __toCommonJS(oauth_exports);
+    var import_os = __require("os");
+    var VERCEL_ISSUER = "https://vercel.com";
+    var VERCEL_CLI_CLIENT_ID = "cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp";
+    var userAgent = `@vercel/oidc node-${process.version} ${(0, import_os.platform)()} (${(0, import_os.arch)()}) ${(0, import_os.hostname)()}`;
+    var _tokenEndpoint = null;
+    async function getTokenEndpoint() {
+      if (_tokenEndpoint) {
+        return _tokenEndpoint;
+      }
+      const discoveryUrl = `${VERCEL_ISSUER}/.well-known/openid-configuration`;
+      const response = await fetch(discoveryUrl, {
+        headers: { "user-agent": userAgent }
+      });
+      if (!response.ok) {
+        throw new Error("Failed to discover OAuth endpoints");
+      }
+      const metadata = await response.json();
+      if (!metadata || typeof metadata.token_endpoint !== "string") {
+        throw new Error("Invalid OAuth discovery response");
+      }
+      const endpoint = metadata.token_endpoint;
+      _tokenEndpoint = endpoint;
+      return endpoint;
+    }
+    async function refreshTokenRequest(options) {
+      const tokenEndpoint = await getTokenEndpoint();
+      return await fetch(tokenEndpoint, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          "user-agent": userAgent
+        },
+        body: new URLSearchParams({
+          client_id: VERCEL_CLI_CLIENT_ID,
+          grant_type: "refresh_token",
+          ...options
+        })
+      });
+    }
+    async function processTokenResponse(response) {
+      const json = await response.json();
+      if (!response.ok) {
+        const errorMsg = typeof json === "object" && json && "error" in json ? String(json.error) : "Token refresh failed";
+        return [new Error(errorMsg)];
+      }
+      if (typeof json !== "object" || json === null) {
+        return [new Error("Invalid token response")];
+      }
+      if (typeof json.access_token !== "string") {
+        return [new Error("Missing access_token in response")];
+      }
+      if (json.token_type !== "Bearer") {
+        return [new Error("Invalid token_type in response")];
+      }
+      if (typeof json.expires_in !== "number") {
+        return [new Error("Missing expires_in in response")];
+      }
+      return [null, json];
+    }
+  }
+});
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/auth-errors.js
+var require_auth_errors = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/auth-errors.js"(exports, module) {
+    "use strict";
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var auth_errors_exports = {};
+    __export(auth_errors_exports, {
+      AccessTokenMissingError: () => AccessTokenMissingError,
+      RefreshAccessTokenFailedError: () => RefreshAccessTokenFailedError
+    });
+    module.exports = __toCommonJS(auth_errors_exports);
+    var AccessTokenMissingError = class extends Error {
+      constructor() {
+        super(
+          "No authentication found. Please log in with the Vercel CLI (vercel login)."
+        );
+        this.name = "AccessTokenMissingError";
+      }
+    };
+    var RefreshAccessTokenFailedError = class extends Error {
+      constructor(cause) {
+        super("Failed to refresh authentication token.", { cause });
+        this.name = "RefreshAccessTokenFailedError";
+      }
+    };
+  }
+});
+// ../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-util.js
+var require_token_util = __commonJS({
+  "../../node_modules/.pnpm/@vercel+oidc@3.2.0/node_modules/@vercel/oidc/dist/token-util.js"(exports, module) {
+    var __create2 = Object.create;
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __getProtoOf2 = Object.getPrototypeOf;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toESM2 = (mod, isNodeMode, target) => (target = mod != null ? __create2(__getProtoOf2(mod)) : {}, __copyProps2(
+      // If the importer is in node compatibility mode or this is not an ESM
+      // file that has been converted to a CommonJS file using a Babel-
+      // compatible transform (i.e. "__esModule" has not been set), then set
+      // "default" to the CommonJS "module.exports" for node compatibility.
+      isNodeMode || !mod || !mod.__esModule ? __defProp2(target, "default", { value: mod, enumerable: true }) : target,
+      mod
+    ));
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var token_util_exports = {};
+    __export(token_util_exports, {
+      assertVercelOidcTokenResponse: () => assertVercelOidcTokenResponse,
+      findProjectInfo: () => findProjectInfo,
+      getTokenPayload: () => getTokenPayload,
+      getVercelDataDir: () => getVercelDataDir,
+      getVercelOidcToken: () => getVercelOidcToken,
+      getVercelToken: () => getVercelToken,
+      isExpired: () => isExpired,
+      loadToken: () => loadToken,
+      saveToken: () => saveToken
+    });
+    module.exports = __toCommonJS(token_util_exports);
+    var path = __toESM2(__require("path"));
+    var fs = __toESM2(__require("fs"));
+    var import_token_error = require_token_error();
+    var import_token_io = require_token_io();
+    var import_auth_config = require_auth_config();
+    var import_oauth = require_oauth();
+    var import_auth_errors = require_auth_errors();
+    function getVercelDataDir() {
+      const vercelFolder = "com.vercel.cli";
+      const dataDir = (0, import_token_io.getUserDataDir)();
+      if (!dataDir) {
+        return null;
+      }
+      return path.join(dataDir, vercelFolder);
+    }
+    async function getVercelToken(options) {
+      const authConfig = (0, import_auth_config.readAuthConfig)();
+      if (!authConfig?.token) {
+        throw new import_auth_errors.AccessTokenMissingError();
+      }
+      if ((0, import_auth_config.isValidAccessToken)(authConfig, options?.expirationBufferMs)) {
+        return authConfig.token;
+      }
+      if (!authConfig.refreshToken) {
+        (0, import_auth_config.writeAuthConfig)({});
+        throw new import_auth_errors.RefreshAccessTokenFailedError("No refresh token available");
+      }
+      try {
+        const tokenResponse = await (0, import_oauth.refreshTokenRequest)({
+          refresh_token: authConfig.refreshToken
+        });
+        const [tokensError, tokens] = await (0, import_oauth.processTokenResponse)(tokenResponse);
+        if (tokensError || !tokens) {
+          (0, import_auth_config.writeAuthConfig)({});
+          throw new import_auth_errors.RefreshAccessTokenFailedError(tokensError);
+        }
+        const updatedConfig = {
+          token: tokens.access_token,
+          expiresAt: Math.floor(Date.now() / 1e3) + tokens.expires_in
+        };
+        if (tokens.refresh_token) {
+          updatedConfig.refreshToken = tokens.refresh_token;
+        }
+        (0, import_auth_config.writeAuthConfig)(updatedConfig);
+        return updatedConfig.token;
+      } catch (error) {
+        (0, import_auth_config.writeAuthConfig)({});
+        if (error instanceof import_auth_errors.AccessTokenMissingError || error instanceof import_auth_errors.RefreshAccessTokenFailedError) {
+          throw error;
+        }
+        throw new import_auth_errors.RefreshAccessTokenFailedError(error);
+      }
+    }
+    async function getVercelOidcToken(authToken, projectId, teamId) {
+      const url = `https://api.vercel.com/v1/projects/${projectId}/token?source=vercel-oidc-refresh${teamId ? `&teamId=${teamId}` : ""}`;
+      const res = await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${authToken}`
+        }
+      });
+      if (!res.ok) {
+        throw new import_token_error.VercelOidcTokenError(
+          `Failed to refresh OIDC token: ${res.statusText}`
+        );
+      }
+      const tokenRes = await res.json();
+      assertVercelOidcTokenResponse(tokenRes);
+      return tokenRes;
+    }
+    function assertVercelOidcTokenResponse(res) {
+      if (!res || typeof res !== "object") {
+        throw new TypeError(
+          "Vercel OIDC token is malformed. Expected an object. Please run `vc env pull` and try again"
+        );
+      }
+      if (!("token" in res) || typeof res.token !== "string") {
+        throw new TypeError(
+          "Vercel OIDC token is malformed. Expected a string-valued token property. Please run `vc env pull` and try again"
+        );
+      }
+    }
+    function findProjectInfo() {
+      const dir = (0, import_token_io.findRootDir)();
+      if (!dir) {
+        throw new import_token_error.VercelOidcTokenError(
+          "Unable to find project root directory. Have you linked your project with `vc link?`"
+        );
+      }
+      const prjPath = path.join(dir, ".vercel", "project.json");
+      if (!fs.existsSync(prjPath)) {
+        throw new import_token_error.VercelOidcTokenError(
+          "project.json not found, have you linked your project with `vc link?`"
+        );
+      }
+      const prj = JSON.parse(fs.readFileSync(prjPath, "utf8"));
+      if (typeof prj.projectId !== "string" && typeof prj.orgId !== "string") {
+        throw new TypeError(
+          "Expected a string-valued projectId property. Try running `vc link` to re-link your project."
+        );
+      }
+      return { projectId: prj.projectId, teamId: prj.orgId };
+    }
+    function saveToken(token, projectId) {
+      const dir = (0, import_token_io.getUserDataDir)();
+      if (!dir) {
+        throw new import_token_error.VercelOidcTokenError(
+          "Unable to find user data directory. Please reach out to Vercel support."
+        );
+      }
+      const tokenPath = path.join(dir, "com.vercel.token", `${projectId}.json`);
+      const tokenJson = JSON.stringify(token);
+      fs.mkdirSync(path.dirname(tokenPath), { mode: 504, recursive: true });
+      fs.writeFileSync(tokenPath, tokenJson);
+      fs.chmodSync(tokenPath, 432);
+      return;
+    }
+    function loadToken(projectId) {
+      const dir = (0, import_token_io.getUserDataDir)();
+      if (!dir) {
+        throw new import_token_error.VercelOidcTokenError(
+          "Unable to find user data directory. Please reach out to Vercel support."
+        );
+      }
+      const tokenPath = path.join(dir, "com.vercel.token", `${projectId}.json`);
+      if (!fs.existsSync(tokenPath)) {
+        return null;
+      }
+      const token = JSON.parse(fs.readFileSync(tokenPath, "utf8"));
+      assertVercelOidcTokenResponse(token);
+      return token;
+    }
+    function getTokenPayload(token) {
+      const tokenParts = token.split(".");
+      if (tokenParts.length !== 3) {
+        throw new import_token_error.VercelOidcTokenError(
+          "Invalid token. Please run `vc env pull` and try again"
+        );
+      }
+      const base64 = tokenParts[1].replace(/-/g, "+").replace(/_/g, "/");
+      const padded = base64.padEnd(
+        base64.length + (4 - base64.length % 4) % 4,
+        "="
+      );
+      return JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+    }
+    function isExpired(token, bufferMs = 0) {
+      return token.exp * 1e3 < Date.now() + bufferMs;
+    }
+  }
+});
+export {
+  __commonJS,
+  __toESM,
+  require_token_error,
+  require_auth_errors,
+  require_token_util
+};