shiplint 0.1.0

package/dist/rules/privacy/missing-location-purpose.js

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingLocationPurposeRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const plist_parser_js_1 = require("../../parsers/plist-parser.js");
+const base_js_1 = require("../base.js");
+const LOCATION_FRAMEWORKS = ['CoreLocation', 'MapKit'];
+const WHEN_IN_USE_KEY = 'NSLocationWhenInUseUsageDescription';
+const ALWAYS_AND_WHEN_IN_USE_KEY = 'NSLocationAlwaysAndWhenInUseUsageDescription';
+const ALWAYS_KEY = 'NSLocationAlwaysUsageDescription';
+exports.MissingLocationPurposeRule = {
+    id: 'privacy-002-missing-location-purpose',
+    name: 'Missing Location Usage Description',
+    description: 'Checks for location framework usage without required usage descriptions',
+    category: index_js_1.RuleCategory.Privacy,
+    severity: index_js_1.Severity.Critical,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '5.1.1',
+    async evaluate(context) {
+        // Check if any location-related framework is linked
+        const detectedFrameworks = LOCATION_FRAMEWORKS.filter(f => context.hasFramework(f));
+        if (detectedFrameworks.length === 0) {
+            return [];
+        }
+        const findings = [];
+        const whenInUseDescription = context.plistString(WHEN_IN_USE_KEY);
+        const hasAlwaysDescription = context.hasPlistKey(ALWAYS_KEY) ||
+            context.hasPlistKey(ALWAYS_AND_WHEN_IN_USE_KEY);
+        // Case 1: Completely missing WhenInUse description
+        if (whenInUseDescription === undefined) {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                description: `Your app links against location-related frameworks (${detectedFrameworks.join(', ')}) ` +
+                    `but Info.plist is missing NSLocationWhenInUseUsageDescription. Apps that access location services ` +
+                    `must provide a purpose string explaining why access is needed.`,
+                location: 'Info.plist',
+                fixGuidance: `Add NSLocationWhenInUseUsageDescription to your Info.plist with a clear, user-facing explanation ` +
+                    `of why your app needs location access. For example:
+
+<key>NSLocationWhenInUseUsageDescription</key>
+<string>We use your location to show nearby restaurants and provide directions.</string>
+
+This key is required for any location access. The description should explain the specific feature ` +
+                    `that uses location and be written from the user's perspective.`,
+                documentationURL: 'https://developer.apple.com/documentation/corelocation/requesting_authorization_to_use_location_services',
+            }));
+        }
+        // Case 2: WhenInUse description is empty
+        else if (whenInUseDescription.trim() === '') {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                title: 'Empty Location Usage Description',
+                description: `NSLocationWhenInUseUsageDescription exists in Info.plist but is empty. ` +
+                    `Apple requires a meaningful description explaining why your app needs location access.`,
+                location: 'Info.plist',
+                fixGuidance: `Update NSLocationWhenInUseUsageDescription with a clear, specific explanation of why your app ` +
+                    `needs location access. Generic or empty descriptions will be rejected.
+
+Good example: "Find coffee shops near your current location."
+Bad example: "Location access required" or ""`,
+                documentationURL: 'https://developer.apple.com/documentation/corelocation/requesting_authorization_to_use_location_services',
+            }));
+        }
+        // Case 3: WhenInUse description is a placeholder
+        else if ((0, plist_parser_js_1.isPlaceholder)(whenInUseDescription)) {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                title: 'Placeholder Location Usage Description',
+                description: `NSLocationWhenInUseUsageDescription appears to contain placeholder text: "${whenInUseDescription}". ` +
+                    `Apple requires meaningful, user-facing descriptions.`,
+                location: 'Info.plist',
+                fixGuidance: `Replace the placeholder text with a clear explanation of why your app needs location access. ` +
+                    `The description should be specific to your app's features.
+
+Current value: "${whenInUseDescription}"
+
+Write a description that helps users understand what feature uses location and why.`,
+                documentationURL: 'https://developer.apple.com/documentation/corelocation/requesting_authorization_to_use_location_services',
+            }));
+        }
+        // Check Always permission configuration
+        if (hasAlwaysDescription) {
+            const alwaysAndWhenInUseDescription = context.plistString(ALWAYS_AND_WHEN_IN_USE_KEY);
+            // iOS 11+ requires NSLocationAlwaysAndWhenInUseUsageDescription for Always permission
+            if (alwaysAndWhenInUseDescription === undefined) {
+                // Only flag if they have the legacy key but not the new one
+                if (context.hasPlistKey(ALWAYS_KEY)) {
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'Missing Always And When In Use Description',
+                        description: `Your app has NSLocationAlwaysUsageDescription but is missing ` +
+                            `NSLocationAlwaysAndWhenInUseUsageDescription. Since iOS 11, both keys are required ` +
+                            `when requesting Always location permission.`,
+                        location: 'Info.plist',
+                        fixGuidance: `Add NSLocationAlwaysAndWhenInUseUsageDescription to your Info.plist. This key is required ` +
+                            `for iOS 11+ when requesting Always permission.
+
+<key>NSLocationWhenInUseUsageDescription</key>
+<string>See nearby places while you're using the app.</string>
+
+<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
+<string>Send you alerts when you're near saved places, even when the app is closed.</string>
+
+Note: Always permission is heavily scrutinized. Only request it if you have a visible, ` +
+                            `continuous location feature like navigation or fitness tracking.`,
+                        documentationURL: 'https://developer.apple.com/documentation/corelocation/choosing_the_location_services_authorization_to_request',
+                    }));
+                }
+            }
+            // Case: Always description exists but is empty
+            else if (alwaysAndWhenInUseDescription.trim() === '') {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Empty Always Location Description',
+                    description: `NSLocationAlwaysAndWhenInUseUsageDescription exists but is empty. ` +
+                        `Apple requires a meaningful description for Always location access.`,
+                    location: 'Info.plist',
+                    fixGuidance: `Provide a clear explanation of why your app needs Always location access. ` +
+                        `This should describe a user-facing feature that requires continuous location.
+
+Example: "Track your runs in the background so you can see your route even ` +
+                        `when the screen is off."`,
+                    documentationURL: 'https://developer.apple.com/documentation/corelocation/choosing_the_location_services_authorization_to_request',
+                }));
+            }
+            // Case: Always description is a placeholder
+            else if ((0, plist_parser_js_1.isPlaceholder)(alwaysAndWhenInUseDescription)) {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Placeholder Always Location Description',
+                    description: `NSLocationAlwaysAndWhenInUseUsageDescription contains placeholder text: ` +
+                        `"${alwaysAndWhenInUseDescription}".`,
+                    location: 'Info.plist',
+                    fixGuidance: `Replace the placeholder with a real description of your continuous location feature. ` +
+                        `Always permission requires a clear, user-visible justification.`,
+                    documentationURL: 'https://developer.apple.com/documentation/corelocation/choosing_the_location_services_authorization_to_request',
+                }));
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=missing-location-purpose.js.map

package/dist/rules/privacy/missing-location-purpose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-location-purpose.js","sourceRoot":"","sources":["../../../src/rules/privacy/missing-location-purpose.ts"],"names":[],"mappings":";;;AAUA,mDAA0E;AAC1E,mEAA8D;AAC9D,wCAAyC;AAEzC,MAAM,mBAAmB,GAAG,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;AACvD,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAC9D,MAAM,0BAA0B,GAAG,8CAA8C,CAAC;AAClF,MAAM,UAAU,GAAG,kCAAkC,CAAC;AAEzC,QAAA,0BAA0B,GAAS;IAC9C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,oCAAoC;IAC1C,WAAW,EAAE,yEAAyE;IACtF,QAAQ,EAAE,uBAAY,CAAC,OAAO;IAC9B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,oDAAoD;QACpD,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAEpF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;QAClE,MAAM,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC;YAC9B,OAAO,CAAC,WAAW,CAAC,0BAA0B,CAAC,CAAC;QAE9E,mDAAmD;QACnD,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,WAAW,EAAE,uDAAuD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACnG,oGAAoG;oBACpG,gEAAgE;gBAClE,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,mGAAmG;oBAC9G;;;;;mGAKyF;oBACzF,gEAAgE;gBAClE,gBAAgB,EAAE,0GAA0G;aAC7H,CAAC,CAAC,CAAC;QACN,CAAC;QACD,yCAAyC;aACpC,IAAI,oBAAoB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,kCAAkC;gBACzC,WAAW,EAAE,yEAAyE;oBACpF,wFAAwF;gBAC1F,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,gGAAgG;oBAC3G;;;8CAGoC;gBACtC,gBAAgB,EAAE,0GAA0G;aAC7H,CAAC,CAAC,CAAC;QACN,CAAC;QACD,iDAAiD;aAC5C,IAAI,IAAA,+BAAa,EAAC,oBAAoB,CAAC,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,wCAAwC;gBAC/C,WAAW,EAAE,6EAA6E,oBAAoB,KAAK;oBACjH,sDAAsD;gBACxD,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,+FAA+F;oBAC1G;;kBAEQ,oBAAoB;;oFAE8C;gBAC5E,gBAAgB,EAAE,0GAA0G;aAC7H,CAAC,CAAC,CAAC;QACN,CAAC;QAED,wCAAwC;QACxC,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,6BAA6B,GAAG,OAAO,CAAC,WAAW,CAAC,0BAA0B,CAAC,CAAC;YAEtF,sFAAsF;YACtF,IAAI,6BAA6B,KAAK,SAAS,EAAE,CAAC;gBAChD,4DAA4D;gBAC5D,IAAI,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,4CAA4C;wBACnD,WAAW,EAAE,+DAA+D;4BAC1E,qFAAqF;4BACrF,6CAA6C;wBAC/C,QAAQ,EAAE,YAAY;wBACtB,WAAW,EAAE,4FAA4F;4BACvG;;;;;;;;wFAQ0E;4BAC1E,kEAAkE;wBACpE,gBAAgB,EAAE,gHAAgH;qBACnI,CAAC,CAAC,CAAC;gBACN,CAAC;YACH,CAAC;YACD,+CAA+C;iBAC1C,IAAI,6BAA6B,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACrD,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,mCAAmC;oBAC1C,WAAW,EAAE,oEAAoE;wBAC/E,qEAAqE;oBACvE,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,4EAA4E;wBACvF;;4EAEgE;wBAChE,0BAA0B;oBAC5B,gBAAgB,EAAE,gHAAgH;iBACnI,CAAC,CAAC,CAAC;YACN,CAAC;YACD,4CAA4C;iBACvC,IAAI,IAAA,+BAAa,EAAC,6BAA6B,CAAC,EAAE,CAAC;gBACtD,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,yCAAyC;oBAChD,WAAW,EAAE,0EAA0E;wBACrF,IAAI,6BAA6B,IAAI;oBACvC,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,uFAAuF;wBAClG,iEAAiE;oBACnE,gBAAgB,EAAE,gHAAgH;iBACnI,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/privacy/missing-microphone-purpose.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Rule: Missing Microphone Usage Description
+ *
+ * Detects when an app uses audio recording frameworks without the required
+ * NSMicrophoneUsageDescription in Info.plist.
+ *
+ * App Store Review Guideline: 5.1.1
+ */
+import type { Rule } from '../../types/index.js';
+export declare const MissingMicrophonePurposeRule: Rule;
+//# sourceMappingURL=missing-microphone-purpose.d.ts.map

package/dist/rules/privacy/missing-microphone-purpose.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-microphone-purpose.d.ts","sourceRoot":"","sources":["../../../src/rules/privacy/missing-microphone-purpose.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AAUvE,eAAO,MAAM,4BAA4B,EAAE,IA+H1C,CAAC"}

package/dist/rules/privacy/missing-microphone-purpose.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingMicrophonePurposeRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const plist_parser_js_1 = require("../../parsers/plist-parser.js");
+const base_js_1 = require("../base.js");
+// Frameworks that definitely use microphone for recording
+const MICROPHONE_FRAMEWORKS = ['AVFAudio', 'Speech'];
+const MICROPHONE_KEY = 'NSMicrophoneUsageDescription';
+const SPEECH_KEY = 'NSSpeechRecognitionUsageDescription';
+exports.MissingMicrophonePurposeRule = {
+    id: 'privacy-005-missing-microphone-purpose',
+    name: 'Missing Microphone Usage Description',
+    description: 'Checks for audio recording framework usage without NSMicrophoneUsageDescription',
+    category: index_js_1.RuleCategory.Privacy,
+    severity: index_js_1.Severity.Critical,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '5.1.1',
+    async evaluate(context) {
+        // Check if any audio recording framework is linked
+        const detectedFrameworks = MICROPHONE_FRAMEWORKS.filter(f => context.hasFramework(f));
+        // AVFoundation CAN record audio but is also used by virtually every app that plays video/audio.
+        // Only flag it with lower confidence when no other microphone frameworks are present.
+        const hasAVFoundation = context.hasFramework('AVFoundation');
+        const hasOnlyAVFoundation = hasAVFoundation && detectedFrameworks.length === 0;
+        if (detectedFrameworks.length === 0 && !hasAVFoundation) {
+            return [];
+        }
+        const findings = [];
+        const microphoneDescription = context.plistString(MICROPHONE_KEY);
+        const speechDescription = context.plistString(SPEECH_KEY);
+        // Determine which frameworks to report
+        const frameworksToReport = hasAVFoundation
+            ? [...detectedFrameworks, 'AVFoundation']
+            : detectedFrameworks;
+        // If Speech framework is linked, check for speech recognition description
+        if (context.hasFramework('Speech')) {
+            if (speechDescription === undefined) {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Missing Speech Recognition Usage Description',
+                    description: `Your app links against the Speech framework but Info.plist is missing ` +
+                        `NSSpeechRecognitionUsageDescription. Apps using speech recognition must provide a ` +
+                        `purpose string explaining why access is needed.`,
+                    location: 'Info.plist',
+                    fixGuidance: `Add NSSpeechRecognitionUsageDescription to your Info.plist:
+
+<key>NSSpeechRecognitionUsageDescription</key>
+<string>We use speech recognition to transcribe your voice notes.</string>
+
+Note: You'll also need NSMicrophoneUsageDescription since speech recognition requires microphone access.`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsspeechrecognitionusagedescription',
+                }));
+            }
+            else if (speechDescription.trim() === '') {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Empty Speech Recognition Usage Description',
+                    description: `NSSpeechRecognitionUsageDescription exists but is empty.`,
+                    location: 'Info.plist',
+                    fixGuidance: `Provide a meaningful description for speech recognition usage.`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsspeechrecognitionusagedescription',
+                }));
+            }
+            else if ((0, plist_parser_js_1.isPlaceholder)(speechDescription)) {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Placeholder Speech Recognition Usage Description',
+                    description: `NSSpeechRecognitionUsageDescription contains placeholder text: "${speechDescription}".`,
+                    location: 'Info.plist',
+                    fixGuidance: `Replace the placeholder with a real description of your speech recognition feature.`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsspeechrecognitionusagedescription',
+                }));
+            }
+        }
+        // When only AVFoundation is detected (no AVFAudio/Speech), use Medium confidence
+        // since AVFoundation is commonly used for audio/video playback, not just recording
+        const confidenceLevel = hasOnlyAVFoundation ? index_js_1.Confidence.Medium : index_js_1.Confidence.High;
+        const avFoundationCaveat = hasOnlyAVFoundation
+            ? `\n\nNote: AVFoundation is commonly used for audio/video playback. If your app only plays ` +
+                `media and doesn't record audio, you may not need this permission.`
+            : '';
+        // Case 1: Completely missing microphone description
+        if (microphoneDescription === undefined) {
+            findings.push((0, base_js_1.makeCustomFinding)(this, this.severity, confidenceLevel, {
+                title: 'Missing Microphone Usage Description',
+                description: `Your app links against audio frameworks (${frameworksToReport.join(', ')}) ` +
+                    `but Info.plist is missing NSMicrophoneUsageDescription. Apps that access the microphone ` +
+                    `must provide a purpose string explaining why access is needed.${avFoundationCaveat}`,
+                location: 'Info.plist',
+                fixGuidance: `Add NSMicrophoneUsageDescription to your Info.plist with a clear, user-facing explanation ` +
+                    `of why your app needs microphone access. For example:
+
+<key>NSMicrophoneUsageDescription</key>
+<string>We need microphone access to record voice messages and make calls.</string>
+
+The description should explain the specific feature that uses the microphone.`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsmicrophoneusagedescription',
+            }));
+        }
+        // Case 2: Empty description
+        else if (microphoneDescription.trim() === '') {
+            findings.push((0, base_js_1.makeCustomFinding)(this, this.severity, confidenceLevel, {
+                title: 'Empty Microphone Usage Description',
+                description: `NSMicrophoneUsageDescription exists in Info.plist but is empty. ` +
+                    `Apple requires a meaningful description explaining why your app needs microphone access.${avFoundationCaveat}`,
+                location: 'Info.plist',
+                fixGuidance: `Update NSMicrophoneUsageDescription with a clear, specific explanation of why your app ` +
+                    `needs microphone access. Generic or empty descriptions will be rejected.
+
+Good example: "Record audio for your video messages."
+Bad example: "Microphone access required" or ""`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsmicrophoneusagedescription',
+            }));
+        }
+        // Case 3: Placeholder text detected
+        else if ((0, plist_parser_js_1.isPlaceholder)(microphoneDescription)) {
+            findings.push((0, base_js_1.makeCustomFinding)(this, this.severity, confidenceLevel, {
+                title: 'Placeholder Microphone Usage Description',
+                description: `NSMicrophoneUsageDescription appears to contain placeholder text: "${microphoneDescription}". ` +
+                    `Apple requires meaningful, user-facing descriptions.${avFoundationCaveat}`,
+                location: 'Info.plist',
+                fixGuidance: `Replace the placeholder text with a clear explanation of why your app needs microphone access. ` +
+                    `The description should be specific to your app's features.
+
+Current value: "${microphoneDescription}"
+
+Write a description that helps users understand what feature uses the microphone and why.`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsmicrophoneusagedescription',
+            }));
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=missing-microphone-purpose.js.map

package/dist/rules/privacy/missing-microphone-purpose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-microphone-purpose.js","sourceRoot":"","sources":["../../../src/rules/privacy/missing-microphone-purpose.ts"],"names":[],"mappings":";;;AASA,mDAA0E;AAC1E,mEAA8D;AAC9D,wCAA4D;AAE5D,0DAA0D;AAC1D,MAAM,qBAAqB,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,cAAc,GAAG,8BAA8B,CAAC;AACtD,MAAM,UAAU,GAAG,qCAAqC,CAAC;AAE5C,QAAA,4BAA4B,GAAS;IAChD,EAAE,EAAE,wCAAwC;IAC5C,IAAI,EAAE,sCAAsC;IAC5C,WAAW,EAAE,iFAAiF;IAC9F,QAAQ,EAAE,uBAAY,CAAC,OAAO;IAC9B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,mDAAmD;QACnD,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAEtF,gGAAgG;QAChG,sFAAsF;QACtF,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC;QAC7D,MAAM,mBAAmB,GAAG,eAAe,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,CAAC;QAE/E,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACxD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,qBAAqB,GAAG,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAClE,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE1D,uCAAuC;QACvC,MAAM,kBAAkB,GAAG,eAAe;YACxC,CAAC,CAAC,CAAC,GAAG,kBAAkB,EAAE,cAAc,CAAC;YACzC,CAAC,CAAC,kBAAkB,CAAC;QAEvB,0EAA0E;QAC1E,IAAI,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,8CAA8C;oBACrD,WAAW,EAAE,wEAAwE;wBACnF,oFAAoF;wBACpF,iDAAiD;oBACnD,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE;;;;;yGAKkF;oBAC/F,gBAAgB,EAAE,yHAAyH;iBAC5I,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,IAAI,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,4CAA4C;oBACnD,WAAW,EAAE,0DAA0D;oBACvE,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,gEAAgE;oBAC7E,gBAAgB,EAAE,yHAAyH;iBAC5I,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,IAAI,IAAA,+BAAa,EAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC5C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,kDAAkD;oBACzD,WAAW,EAAE,mEAAmE,iBAAiB,IAAI;oBACrG,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,qFAAqF;oBAClG,gBAAgB,EAAE,yHAAyH;iBAC5I,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAED,iFAAiF;QACjF,mFAAmF;QACnF,MAAM,eAAe,GAAG,mBAAmB,CAAC,CAAC,CAAC,qBAAU,CAAC,MAAM,CAAC,CAAC,CAAC,qBAAU,CAAC,IAAI,CAAC;QAClF,MAAM,kBAAkB,GAAG,mBAAmB;YAC5C,CAAC,CAAC,2FAA2F;gBAC3F,mEAAmE;YACrE,CAAC,CAAC,EAAE,CAAC;QAEP,oDAAoD;QACpD,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE;gBACpE,KAAK,EAAE,sCAAsC;gBAC7C,WAAW,EAAE,4CAA4C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACxF,0FAA0F;oBAC1F,iEAAiE,kBAAkB,EAAE;gBACvF,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,4FAA4F;oBACvG;;;;;8EAKoE;gBACtE,gBAAgB,EAAE,kHAAkH;aACrI,CAAC,CAAC,CAAC;QACN,CAAC;QACD,4BAA4B;aACvB,IAAI,qBAAqB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC7C,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE;gBACpE,KAAK,EAAE,oCAAoC;gBAC3C,WAAW,EAAE,kEAAkE;oBAC7E,2FAA2F,kBAAkB,EAAE;gBACjH,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,yFAAyF;oBACpG;;;gDAGsC;gBACxC,gBAAgB,EAAE,kHAAkH;aACrI,CAAC,CAAC,CAAC;QACN,CAAC;QACD,oCAAoC;aAC/B,IAAI,IAAA,+BAAa,EAAC,qBAAqB,CAAC,EAAE,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE;gBACpE,KAAK,EAAE,0CAA0C;gBACjD,WAAW,EAAE,sEAAsE,qBAAqB,KAAK;oBAC3G,uDAAuD,kBAAkB,EAAE;gBAC7E,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,iGAAiG;oBAC5G;;kBAEQ,qBAAqB;;0FAEmD;gBAClF,gBAAgB,EAAE,kHAAkH;aACrI,CAAC,CAAC,CAAC;QACN,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/privacy/missing-photo-library-purpose.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Rule: Missing Photo Library Usage Description
+ *
+ * Detects when an app uses Photos framework without the required
+ * NSPhotoLibraryUsageDescription in Info.plist.
+ *
+ * App Store Review Guideline: 5.1.1
+ */
+import type { Rule } from '../../types/index.js';
+export declare const MissingPhotoLibraryPurposeRule: Rule;
+//# sourceMappingURL=missing-photo-library-purpose.d.ts.map

package/dist/rules/privacy/missing-photo-library-purpose.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-photo-library-purpose.d.ts","sourceRoot":"","sources":["../../../src/rules/privacy/missing-photo-library-purpose.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AASvE,eAAO,MAAM,8BAA8B,EAAE,IAgG5C,CAAC"}

package/dist/rules/privacy/missing-photo-library-purpose.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingPhotoLibraryPurposeRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const plist_parser_js_1 = require("../../parsers/plist-parser.js");
+const base_js_1 = require("../base.js");
+const PHOTO_LIBRARY_FRAMEWORKS = ['Photos', 'PhotosUI'];
+const PHOTO_LIBRARY_KEY = 'NSPhotoLibraryUsageDescription';
+const PHOTO_LIBRARY_ADD_KEY = 'NSPhotoLibraryAddUsageDescription';
+exports.MissingPhotoLibraryPurposeRule = {
+    id: 'privacy-004-missing-photo-library-purpose',
+    name: 'Missing Photo Library Usage Description',
+    description: 'Checks for Photos framework usage without NSPhotoLibraryUsageDescription',
+    category: index_js_1.RuleCategory.Privacy,
+    severity: index_js_1.Severity.Critical,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '5.1.1',
+    async evaluate(context) {
+        // Check if any Photos-related framework is linked
+        const detectedFrameworks = PHOTO_LIBRARY_FRAMEWORKS.filter(f => context.hasFramework(f));
+        if (detectedFrameworks.length === 0) {
+            return [];
+        }
+        const findings = [];
+        const photoLibraryDescription = context.plistString(PHOTO_LIBRARY_KEY);
+        const photoLibraryAddDescription = context.plistString(PHOTO_LIBRARY_ADD_KEY);
+        // Case 1: Completely missing read access description
+        if (photoLibraryDescription === undefined) {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                description: `Your app links against photo library frameworks (${detectedFrameworks.join(', ')}) ` +
+                    `but Info.plist is missing NSPhotoLibraryUsageDescription. Apps that access the photo library ` +
+                    `must provide a purpose string explaining why access is needed.`,
+                location: 'Info.plist',
+                fixGuidance: `Add NSPhotoLibraryUsageDescription to your Info.plist with a clear, user-facing explanation ` +
+                    `of why your app needs photo library access. For example:
+
+<key>NSPhotoLibraryUsageDescription</key>
+<string>We need access to your photos to let you select images for your posts.</string>
+
+If your app only needs to save photos (not read), you can use NSPhotoLibraryAddUsageDescription instead.`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsphotolibraryusagedescription',
+            }));
+        }
+        // Case 2: Empty description
+        else if (photoLibraryDescription.trim() === '') {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                title: 'Empty Photo Library Usage Description',
+                description: `NSPhotoLibraryUsageDescription exists in Info.plist but is empty. ` +
+                    `Apple requires a meaningful description explaining why your app needs photo library access.`,
+                location: 'Info.plist',
+                fixGuidance: `Update NSPhotoLibraryUsageDescription with a clear, specific explanation of why your app ` +
+                    `needs photo library access. Generic or empty descriptions will be rejected.
+
+Good example: "Choose photos to share with your friends."
+Bad example: "Photo access required" or ""`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsphotolibraryusagedescription',
+            }));
+        }
+        // Case 3: Placeholder text detected
+        else if ((0, plist_parser_js_1.isPlaceholder)(photoLibraryDescription)) {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                title: 'Placeholder Photo Library Usage Description',
+                description: `NSPhotoLibraryUsageDescription appears to contain placeholder text: "${photoLibraryDescription}". ` +
+                    `Apple requires meaningful, user-facing descriptions.`,
+                location: 'Info.plist',
+                fixGuidance: `Replace the placeholder text with a clear explanation of why your app needs photo library access. ` +
+                    `The description should be specific to your app's features.
+
+Current value: "${photoLibraryDescription}"
+
+Write a description that helps users understand what feature uses the photo library and why.`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsphotolibraryusagedescription',
+            }));
+        }
+        // Also check for add-only permission if it exists but is empty/placeholder
+        if (photoLibraryAddDescription !== undefined) {
+            if (photoLibraryAddDescription.trim() === '') {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Empty Photo Library Add Usage Description',
+                    description: `NSPhotoLibraryAddUsageDescription exists in Info.plist but is empty. ` +
+                        `Apple requires a meaningful description explaining why your app needs to save photos.`,
+                    location: 'Info.plist',
+                    fixGuidance: `Update NSPhotoLibraryAddUsageDescription with a clear explanation of why your app needs to save photos.
+
+Good example: "Save edited photos to your library."`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsphotolibraryaddusagedescription',
+                }));
+            }
+            else if ((0, plist_parser_js_1.isPlaceholder)(photoLibraryAddDescription)) {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Placeholder Photo Library Add Usage Description',
+                    description: `NSPhotoLibraryAddUsageDescription contains placeholder text: "${photoLibraryAddDescription}".`,
+                    location: 'Info.plist',
+                    fixGuidance: `Replace the placeholder with a real description of why your app needs to save photos.`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsphotolibraryaddusagedescription',
+                }));
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=missing-photo-library-purpose.js.map

package/dist/rules/privacy/missing-photo-library-purpose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-photo-library-purpose.js","sourceRoot":"","sources":["../../../src/rules/privacy/missing-photo-library-purpose.ts"],"names":[],"mappings":";;;AASA,mDAA0E;AAC1E,mEAA8D;AAC9D,wCAAyC;AAEzC,MAAM,wBAAwB,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;AACxD,MAAM,iBAAiB,GAAG,gCAAgC,CAAC;AAC3D,MAAM,qBAAqB,GAAG,mCAAmC,CAAC;AAErD,QAAA,8BAA8B,GAAS;IAClD,EAAE,EAAE,2CAA2C;IAC/C,IAAI,EAAE,yCAAyC;IAC/C,WAAW,EAAE,0EAA0E;IACvF,QAAQ,EAAE,uBAAY,CAAC,OAAO;IAC9B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,kDAAkD;QAClD,MAAM,kBAAkB,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;QACvE,MAAM,0BAA0B,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC;QAE9E,qDAAqD;QACrD,IAAI,uBAAuB,KAAK,SAAS,EAAE,CAAC;YAC1C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,WAAW,EAAE,oDAAoD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBAChG,+FAA+F;oBAC/F,gEAAgE;gBAClE,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,8FAA8F;oBACzG;;;;;yGAK+F;gBACjG,gBAAgB,EAAE,oHAAoH;aACvI,CAAC,CAAC,CAAC;QACN,CAAC;QACD,4BAA4B;aACvB,IAAI,uBAAuB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,uCAAuC;gBAC9C,WAAW,EAAE,oEAAoE;oBAC/E,6FAA6F;gBAC/F,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,2FAA2F;oBACtG;;;2CAGiC;gBACnC,gBAAgB,EAAE,oHAAoH;aACvI,CAAC,CAAC,CAAC;QACN,CAAC;QACD,oCAAoC;aAC/B,IAAI,IAAA,+BAAa,EAAC,uBAAuB,CAAC,EAAE,CAAC;YAChD,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,6CAA6C;gBACpD,WAAW,EAAE,wEAAwE,uBAAuB,KAAK;oBAC/G,sDAAsD;gBACxD,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,oGAAoG;oBAC/G;;kBAEQ,uBAAuB;;6FAEoD;gBACrF,gBAAgB,EAAE,oHAAoH;aACvI,CAAC,CAAC,CAAC;QACN,CAAC;QAED,2EAA2E;QAC3E,IAAI,0BAA0B,KAAK,SAAS,EAAE,CAAC;YAC7C,IAAI,0BAA0B,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC7C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,2CAA2C;oBAClD,WAAW,EAAE,uEAAuE;wBAClF,uFAAuF;oBACzF,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE;;oDAE6B;oBAC1C,gBAAgB,EAAE,uHAAuH;iBAC1I,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,IAAI,IAAA,+BAAa,EAAC,0BAA0B,CAAC,EAAE,CAAC;gBACrD,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,iDAAiD;oBACxD,WAAW,EAAE,iEAAiE,0BAA0B,IAAI;oBAC5G,QAAQ,EAAE,YAAY;oBACtB,WAAW,EAAE,uFAAuF;oBACpG,gBAAgB,EAAE,uHAAuH;iBAC1I,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,140 @@
+/**
+ * TypeScript interfaces for ReviewShield
+ */
+/**
+ * Severity level of a finding
+ */
+export declare enum Severity {
+    Critical = "critical",
+    High = "high",
+    Medium = "medium",
+    Low = "low",
+    Info = "info"
+}
+/**
+ * Confidence level of a finding
+ */
+export declare enum Confidence {
+    High = "high",
+    Medium = "medium",
+    Low = "low"
+}
+/**
+ * Category of a rule
+ */
+export declare enum RuleCategory {
+    Privacy = "privacy",
+    Auth = "auth",
+    Entitlements = "entitlements",
+    Performance = "performance",
+    Content = "content",
+    Metadata = "metadata",
+    Config = "config"
+}
+/**
+ * Source of a dependency
+ */
+export declare enum DependencySource {
+    CocoaPods = "cocoapods",
+    SPM = "spm",
+    Carthage = "carthage",
+    Manual = "manual"
+}
+/**
+ * A third-party dependency
+ */
+export interface Dependency {
+    name: string;
+    version?: string;
+    source: DependencySource;
+}
+/**
+ * A single finding from a rule evaluation
+ */
+export interface Finding {
+    ruleId: string;
+    severity: Severity;
+    confidence: Confidence;
+    title: string;
+    description: string;
+    location?: string;
+    guideline: string;
+    fixGuidance: string;
+    documentationURL?: string;
+}
+/**
+ * Result of a scan
+ */
+export interface ScanResult {
+    projectPath: string;
+    timestamp: Date;
+    findings: Finding[];
+    rulesRun: string[];
+    duration: number;
+}
+/**
+ * Parsed Info.plist data
+ */
+export interface ParsedInfoPlist {
+    bundleIdentifier?: string;
+    displayName?: string;
+    bundleName?: string;
+    minimumOSVersion?: string;
+    requiredDeviceCapabilities: string[];
+    backgroundModes: string[];
+    usageDescriptions: Record<string, string>;
+    raw: Record<string, unknown>;
+}
+/**
+ * Scan context containing all parsed project data
+ */
+export interface ScanContext {
+    projectPath: string;
+    infoPlist: Record<string, unknown>;
+    entitlements: Record<string, unknown>;
+    linkedFrameworks: Set<string>;
+    dependencies: Dependency[];
+    plistString(key: string): string | undefined;
+    plistArray(key: string): unknown[] | undefined;
+    plistBool(key: string): boolean | undefined;
+    hasPlistKey(key: string): boolean;
+    hasFramework(name: string): boolean;
+    hasEntitlement(key: string): boolean;
+    entitlementString(key: string): string | undefined;
+    entitlementArray(key: string): unknown[] | undefined;
+}
+/**
+ * Rule interface - each rule must implement this
+ */
+export interface Rule {
+    id: string;
+    name: string;
+    description: string;
+    category: RuleCategory;
+    severity: Severity;
+    confidence: Confidence;
+    guidelineReference: string;
+    /**
+     * Evaluate the rule against the scan context
+     */
+    evaluate(context: ScanContext): Promise<Finding[]>;
+}
+/**
+ * Output format options
+ */
+export declare enum OutputFormat {
+    Text = "text",
+    JSON = "json",
+    SARIF = "sarif"
+}
+/**
+ * CLI options
+ */
+export interface ScanOptions {
+    path: string;
+    format?: OutputFormat;
+    verbose?: boolean;
+    rules?: string[];
+    exclude?: string[];
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,oBAAY,QAAQ;IAClB,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;IACX,IAAI,SAAS;CACd;AAED;;GAEG;AACH,oBAAY,UAAU;IACpB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;CACZ;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,OAAO,YAAY;IACnB,IAAI,SAAS;IACb,YAAY,iBAAiB;IAC7B,WAAW,gBAAgB;IAC3B,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,oBAAY,gBAAgB;IAC1B,SAAS,cAAc;IACvB,GAAG,QAAQ;IACX,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,gBAAgB,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0BAA0B,EAAE,MAAM,EAAE,CAAC;IACrC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9B,YAAY,EAAE,UAAU,EAAE,CAAC;IAG3B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IAC7C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,GAAG,SAAS,CAAC;IAC/C,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5C,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACpC,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACrC,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IACnD,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,GAAG,SAAS,CAAC;CACtD;AAED;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;CACpD;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,IAAI,SAAS;IACb,IAAI,SAAS;IACb,KAAK,UAAU;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB"}

package/dist/types/index.js

@@ -0,0 +1,59 @@
+"use strict";
+/**
+ * TypeScript interfaces for ReviewShield
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OutputFormat = exports.DependencySource = exports.RuleCategory = exports.Confidence = exports.Severity = void 0;
+/**
+ * Severity level of a finding
+ */
+var Severity;
+(function (Severity) {
+    Severity["Critical"] = "critical";
+    Severity["High"] = "high";
+    Severity["Medium"] = "medium";
+    Severity["Low"] = "low";
+    Severity["Info"] = "info";
+})(Severity || (exports.Severity = Severity = {}));
+/**
+ * Confidence level of a finding
+ */
+var Confidence;
+(function (Confidence) {
+    Confidence["High"] = "high";
+    Confidence["Medium"] = "medium";
+    Confidence["Low"] = "low";
+})(Confidence || (exports.Confidence = Confidence = {}));
+/**
+ * Category of a rule
+ */
+var RuleCategory;
+(function (RuleCategory) {
+    RuleCategory["Privacy"] = "privacy";
+    RuleCategory["Auth"] = "auth";
+    RuleCategory["Entitlements"] = "entitlements";
+    RuleCategory["Performance"] = "performance";
+    RuleCategory["Content"] = "content";
+    RuleCategory["Metadata"] = "metadata";
+    RuleCategory["Config"] = "config";
+})(RuleCategory || (exports.RuleCategory = RuleCategory = {}));
+/**
+ * Source of a dependency
+ */
+var DependencySource;
+(function (DependencySource) {
+    DependencySource["CocoaPods"] = "cocoapods";
+    DependencySource["SPM"] = "spm";
+    DependencySource["Carthage"] = "carthage";
+    DependencySource["Manual"] = "manual";
+})(DependencySource || (exports.DependencySource = DependencySource = {}));
+/**
+ * Output format options
+ */
+var OutputFormat;
+(function (OutputFormat) {
+    OutputFormat["Text"] = "text";
+    OutputFormat["JSON"] = "json";
+    OutputFormat["SARIF"] = "sarif";
+})(OutputFormat || (exports.OutputFormat = OutputFormat = {}));
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH;;GAEG;AACH,IAAY,QAMX;AAND,WAAY,QAAQ;IAClB,iCAAqB,CAAA;IACrB,yBAAa,CAAA;IACb,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,yBAAa,CAAA;AACf,CAAC,EANW,QAAQ,wBAAR,QAAQ,QAMnB;AAED;;GAEG;AACH,IAAY,UAIX;AAJD,WAAY,UAAU;IACpB,2BAAa,CAAA;IACb,+BAAiB,CAAA;IACjB,yBAAW,CAAA;AACb,CAAC,EAJW,UAAU,0BAAV,UAAU,QAIrB;AAED;;GAEG;AACH,IAAY,YAQX;AARD,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,6BAAa,CAAA;IACb,6CAA6B,CAAA;IAC7B,2CAA2B,CAAA;IAC3B,mCAAmB,CAAA;IACnB,qCAAqB,CAAA;IACrB,iCAAiB,CAAA;AACnB,CAAC,EARW,YAAY,4BAAZ,YAAY,QAQvB;AAED;;GAEG;AACH,IAAY,gBAKX;AALD,WAAY,gBAAgB;IAC1B,2CAAuB,CAAA;IACvB,+BAAW,CAAA;IACX,yCAAqB,CAAA;IACrB,qCAAiB,CAAA;AACnB,CAAC,EALW,gBAAgB,gCAAhB,gBAAgB,QAK3B;AA0FD;;GAEG;AACH,IAAY,YAIX;AAJD,WAAY,YAAY;IACtB,6BAAa,CAAA;IACb,6BAAa,CAAA;IACb,+BAAe,CAAA;AACjB,CAAC,EAJW,YAAY,4BAAZ,YAAY,QAIvB"}