shiplint 0.1.0

package/dist/rules/config/ats-exception-without-justification.js

@@ -0,0 +1,152 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ATSExceptionWithoutJustificationRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const base_js_1 = require("../base.js");
+const ATS_KEY = 'NSAppTransportSecurity';
+const ALLOWS_ARBITRARY_LOADS_KEY = 'NSAllowsArbitraryLoads';
+const ALLOWS_ARBITRARY_LOADS_WEBVIEW_KEY = 'NSAllowsArbitraryLoadsInWebContent';
+const EXCEPTION_DOMAINS_KEY = 'NSExceptionDomains';
+exports.ATSExceptionWithoutJustificationRule = {
+    id: 'config-001-ats-exception-without-justification',
+    name: 'ATS Exception Without Justification',
+    description: 'Checks for insecure App Transport Security configuration',
+    category: index_js_1.RuleCategory.Config,
+    severity: index_js_1.Severity.High,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '2.1',
+    async evaluate(context) {
+        const atsConfig = context.infoPlist[ATS_KEY];
+        if (!atsConfig) {
+            // No ATS configuration, defaults are secure
+            return [];
+        }
+        const findings = [];
+        const allowsArbitraryLoads = atsConfig[ALLOWS_ARBITRARY_LOADS_KEY];
+        const allowsArbitraryLoadsWebView = atsConfig[ALLOWS_ARBITRARY_LOADS_WEBVIEW_KEY];
+        const exceptionDomains = atsConfig[EXCEPTION_DOMAINS_KEY];
+        // Case 1: NSAllowsArbitraryLoads = true without exception domains
+        if (allowsArbitraryLoads === true) {
+            const hasExceptionDomains = exceptionDomains && Object.keys(exceptionDomains).length > 0;
+            if (!hasExceptionDomains) {
+                findings.push((0, base_js_1.makeFinding)(this, {
+                    title: 'Insecure ATS Configuration - Arbitrary Loads Enabled',
+                    description: `Your app has NSAllowsArbitraryLoads set to true without specifying NSExceptionDomains. ` +
+                        `This disables App Transport Security for ALL network connections, which is a significant ` +
+                        `security risk. Apple will require justification during App Store review and may reject ` +
+                        `your app if there's no valid reason.`,
+                    location: 'Info.plist (NSAppTransportSecurity)',
+                    fixGuidance: `Instead of disabling ATS entirely, configure specific exceptions for domains that ` +
+                        `require HTTP:
+
+OPTION 1: Remove NSAllowsArbitraryLoads entirely (recommended)
+Apple strongly recommends using HTTPS for all connections.
+
+OPTION 2: Use targeted exceptions for specific domains
+<key>NSAppTransportSecurity</key>
+<dict>
+    <key>NSExceptionDomains</key>
+    <dict>
+        <key>legacy-api.example.com</key>
+        <dict>
+            <key>NSExceptionAllowsInsecureHTTPLoads</key>
+            <true/>
+            <key>NSExceptionMinimumTLSVersion</key>
+            <string>TLSv1.2</string>
+        </dict>
+    </dict>
+</dict>
+
+If you must use NSAllowsArbitraryLoads, you'll need to provide App Store Connect with a justification. ` +
+                        `Valid reasons include: connecting to servers you don't control, media streaming requirements, ` +
+                        `or supporting legacy enterprise systems.`,
+                    documentationURL: 'https://developer.apple.com/documentation/security/preventing_insecure_network_connections',
+                }));
+            }
+            else {
+                // Has exception domains, but also has global disable - unusual config
+                findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.Medium, index_js_1.Confidence.Medium, {
+                    title: 'Redundant ATS Configuration',
+                    description: `Your app has both NSAllowsArbitraryLoads = true AND specific NSExceptionDomains. ` +
+                        `This is an unusual configuration. If you're using exception domains, you likely don't ` +
+                        `need NSAllowsArbitraryLoads at all.`,
+                    location: 'Info.plist (NSAppTransportSecurity)',
+                    fixGuidance: `Consider removing NSAllowsArbitraryLoads and keeping only NSExceptionDomains for ` +
+                        `the specific domains that need HTTP access. This provides better security by limiting ` +
+                        `insecure connections to only the domains you've explicitly allowed.
+
+Current configuration appears redundant:
+- NSAllowsArbitraryLoads = true (allows everything)
+- NSExceptionDomains configured (allows specific domains)
+
+The exception domains are ignored when NSAllowsArbitraryLoads is true.`,
+                    documentationURL: 'https://developer.apple.com/documentation/security/preventing_insecure_network_connections',
+                }));
+            }
+        }
+        // Case 2: NSAllowsArbitraryLoadsInWebContent = true
+        if (allowsArbitraryLoadsWebView === true) {
+            findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.Medium, index_js_1.Confidence.High, {
+                title: 'ATS Disabled for Web Content',
+                description: `NSAllowsArbitraryLoadsInWebContent is set to true, allowing web views to load ` +
+                    `insecure HTTP content. While this is less severe than NSAllowsArbitraryLoads, it still ` +
+                    `represents a security consideration.`,
+                location: 'Info.plist (NSAppTransportSecurity)',
+                fixGuidance: `If your app needs to display arbitrary web content (like a browser), this setting ` +
+                    `may be justified. However, if your web views only load content from known sources, consider:
+
+1. Using NSExceptionDomains for specific domains instead
+2. Ensuring your web content servers support HTTPS
+
+<key>NSAppTransportSecurity</key>
+<dict>
+    <key>NSExceptionDomains</key>
+    <dict>
+        <key>trusted-content.example.com</key>
+        <dict>
+            <key>NSExceptionAllowsInsecureHTTPLoads</key>
+            <true/>
+        </dict>
+    </dict>
+</dict>`,
+                documentationURL: 'https://developer.apple.com/documentation/security/preventing_insecure_network_connections',
+            }));
+        }
+        // Case 3: Check for overly permissive exception domains
+        if (exceptionDomains && typeof exceptionDomains === 'object') {
+            for (const [domain, config] of Object.entries(exceptionDomains)) {
+                const domainConfig = config;
+                // Check for wildcard or overly broad domains
+                if (domain.startsWith('*') || domain === 'localhost') {
+                    continue; // Wildcard and localhost are sometimes valid
+                }
+                // Check if exception requires minimum TLS version
+                const allowsInsecure = domainConfig['NSExceptionAllowsInsecureHTTPLoads'];
+                // NSExceptionRequiresForwardSecrecy available in domainConfig if needed
+                const minTLS = domainConfig['NSExceptionMinimumTLSVersion'];
+                if (allowsInsecure === true && !minTLS) {
+                    findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.Low, index_js_1.Confidence.Medium, {
+                        title: `Insecure HTTP Allowed for ${domain}`,
+                        description: `Domain "${domain}" allows insecure HTTP connections without specifying ` +
+                            `a minimum TLS version. Consider if this domain can support HTTPS.`,
+                        location: 'Info.plist (NSExceptionDomains)',
+                        fixGuidance: `If the server supports TLS, add NSExceptionMinimumTLSVersion:
+
+<key>${domain}</key>
+<dict>
+    <key>NSExceptionAllowsInsecureHTTPLoads</key>
+    <true/>
+    <key>NSExceptionMinimumTLSVersion</key>
+    <string>TLSv1.2</string>
+</dict>
+
+Better yet, work with the server operator to enable HTTPS and remove this exception entirely.`,
+                        documentationURL: 'https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity/nsexceptiondomains',
+                    }));
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=ats-exception-without-justification.js.map

package/dist/rules/config/ats-exception-without-justification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ats-exception-without-justification.js","sourceRoot":"","sources":["../../../src/rules/config/ats-exception-without-justification.ts"],"names":[],"mappings":";;;AAUA,mDAA0E;AAC1E,wCAA4D;AAE5D,MAAM,OAAO,GAAG,wBAAwB,CAAC;AACzC,MAAM,0BAA0B,GAAG,wBAAwB,CAAC;AAC5D,MAAM,kCAAkC,GAAG,oCAAoC,CAAC;AAChF,MAAM,qBAAqB,GAAG,oBAAoB,CAAC;AAEtC,QAAA,oCAAoC,GAAS;IACxD,EAAE,EAAE,gDAAgD;IACpD,IAAI,EAAE,qCAAqC;IAC3C,WAAW,EAAE,0DAA0D;IACvE,QAAQ,EAAE,uBAAY,CAAC,MAAM;IAC7B,QAAQ,EAAE,mBAAQ,CAAC,IAAI;IACvB,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,KAAK;IAEzB,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAwC,CAAC;QAEpF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,4CAA4C;YAC5C,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,oBAAoB,GAAG,SAAS,CAAC,0BAA0B,CAAwB,CAAC;QAC1F,MAAM,2BAA2B,GAAG,SAAS,CAAC,kCAAkC,CAAwB,CAAC;QACzG,MAAM,gBAAgB,GAAG,SAAS,CAAC,qBAAqB,CAAwC,CAAC;QAEjG,kEAAkE;QAClE,IAAI,oBAAoB,KAAK,IAAI,EAAE,CAAC;YAClC,MAAM,mBAAmB,GAAG,gBAAgB,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YAEzF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;oBAC9B,KAAK,EAAE,sDAAsD;oBAC7D,WAAW,EAAE,yFAAyF;wBACpG,2FAA2F;wBAC3F,yFAAyF;wBACzF,sCAAsC;oBACxC,QAAQ,EAAE,qCAAqC;oBAC/C,WAAW,EAAE,oFAAoF;wBAC/F;;;;;;;;;;;;;;;;;;;;wGAoB4F;wBAC5F,gGAAgG;wBAChG,0CAA0C;oBAC5C,gBAAgB,EAAE,4FAA4F;iBAC/G,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,sEAAsE;gBACtE,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,MAAM,EAAE,qBAAU,CAAC,MAAM,EAAE;oBACxE,KAAK,EAAE,6BAA6B;oBACpC,WAAW,EAAE,mFAAmF;wBAC9F,wFAAwF;wBACxF,qCAAqC;oBACvC,QAAQ,EAAE,qCAAqC;oBAC/C,WAAW,EAAE,mFAAmF;wBAC9F,wFAAwF;wBACxF;;;;;;uEAM2D;oBAC7D,gBAAgB,EAAE,4FAA4F;iBAC/G,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,2BAA2B,KAAK,IAAI,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,MAAM,EAAE,qBAAU,CAAC,IAAI,EAAE;gBACtE,KAAK,EAAE,8BAA8B;gBACrC,WAAW,EAAE,gFAAgF;oBAC3F,yFAAyF;oBACzF,sCAAsC;gBACxC,QAAQ,EAAE,qCAAqC;gBAC/C,WAAW,EAAE,oFAAoF;oBAC/F;;;;;;;;;;;;;;;QAeF;gBACA,gBAAgB,EAAE,4FAA4F;aAC/G,CAAC,CAAC,CAAC;QACN,CAAC;QAED,wDAAwD;QACxD,IAAI,gBAAgB,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC7D,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAChE,MAAM,YAAY,GAAG,MAAiC,CAAC;gBAEvD,6CAA6C;gBAC7C,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;oBACrD,SAAS,CAAC,6CAA6C;gBACzD,CAAC;gBAED,kDAAkD;gBAClD,MAAM,cAAc,GAAG,YAAY,CAAC,oCAAoC,CAAY,CAAC;gBACrF,wEAAwE;gBACxE,MAAM,MAAM,GAAG,YAAY,CAAC,8BAA8B,CAAW,CAAC;gBAEtE,IAAI,cAAc,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBACvC,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,GAAG,EAAE,qBAAU,CAAC,MAAM,EAAE;wBACrE,KAAK,EAAE,6BAA6B,MAAM,EAAE;wBAC5C,WAAW,EAAE,WAAW,MAAM,wDAAwD;4BACpF,mEAAmE;wBACrE,QAAQ,EAAE,iCAAiC;wBAC3C,WAAW,EAAE;;OAElB,MAAM;;;;;;;;8FAQiF;wBAClF,gBAAgB,EAAE,+HAA+H;qBAClJ,CAAC,CAAC,CAAC;gBACN,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/config/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Config rules exports
+ */
+export { ATSExceptionWithoutJustificationRule } from './ats-exception-without-justification.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/config/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,oCAAoC,EAAE,MAAM,0CAA0C,CAAC"}

package/dist/rules/config/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ATSExceptionWithoutJustificationRule = void 0;
+/**
+ * Config rules exports
+ */
+var ats_exception_without_justification_js_1 = require("./ats-exception-without-justification.js");
+Object.defineProperty(exports, "ATSExceptionWithoutJustificationRule", { enumerable: true, get: function () { return ats_exception_without_justification_js_1.ATSExceptionWithoutJustificationRule; } });
+//# sourceMappingURL=index.js.map

package/dist/rules/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/config/index.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,mGAAgG;AAAvF,8JAAA,oCAAoC,OAAA"}

package/dist/rules/index.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Rules module - exports all rules and registry
+ */
+import type { Rule } from '../types/index.js';
+export * from './privacy/index.js';
+export * from './auth/index.js';
+export * from './metadata/index.js';
+export * from './config/index.js';
+export * from './base.js';
+/**
+ * All available rules
+ */
+export declare const allRules: Rule[];
+/**
+ * Rule registry - maps rule IDs to rule instances
+ */
+export declare const ruleRegistry: Map<string, Rule>;
+/**
+ * Get a rule by ID
+ */
+export declare function getRule(id: string): Rule | undefined;
+/**
+ * Result of rule lookup with validation info
+ */
+export interface RuleLookupResult {
+    rules: Rule[];
+    unknownIds: string[];
+}
+/**
+ * Get rules by IDs with validation (returns all if no IDs specified)
+ * Returns both found rules and list of unknown IDs for validation
+ */
+export declare function getRulesWithValidation(ids?: string[]): RuleLookupResult;
+/**
+ * Get rules by IDs (returns all if no IDs specified)
+ * @deprecated Use getRulesWithValidation for proper error handling
+ */
+export declare function getRules(ids?: string[]): Rule[];
+/**
+ * Get rules excluding specified IDs
+ */
+export declare function getRulesExcluding(excludeIds: string[]): Rule[];
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,cAAc,oBAAoB,CAAC;AAGnC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,qBAAqB,CAAC;AAGpC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,WAAW,CAAC;AAc1B;;GAEG;AACH,eAAO,MAAM,QAAQ,EAAE,IAAI,EAW1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAE1C,CAAC;AAEF;;GAEG;AACH,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAEpD;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAG9D"}

package/dist/rules/index.js

@@ -0,0 +1,103 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ruleRegistry = exports.allRules = void 0;
+exports.getRule = getRule;
+exports.getRulesWithValidation = getRulesWithValidation;
+exports.getRules = getRules;
+exports.getRulesExcluding = getRulesExcluding;
+// Privacy rules
+__exportStar(require("./privacy/index.js"), exports);
+// Auth rules
+__exportStar(require("./auth/index.js"), exports);
+// Metadata rules
+__exportStar(require("./metadata/index.js"), exports);
+// Config rules
+__exportStar(require("./config/index.js"), exports);
+// Base utilities
+__exportStar(require("./base.js"), exports);
+// Import all rules for registry
+const missing_camera_purpose_js_1 = require("./privacy/missing-camera-purpose.js");
+const missing_location_purpose_js_1 = require("./privacy/missing-location-purpose.js");
+const location_always_unjustified_js_1 = require("./privacy/location-always-unjustified.js");
+const att_tracking_mismatch_js_1 = require("./privacy/att-tracking-mismatch.js");
+const missing_photo_library_purpose_js_1 = require("./privacy/missing-photo-library-purpose.js");
+const missing_microphone_purpose_js_1 = require("./privacy/missing-microphone-purpose.js");
+const missing_contacts_purpose_js_1 = require("./privacy/missing-contacts-purpose.js");
+const third_party_login_no_siwa_js_1 = require("./auth/third-party-login-no-siwa.js");
+const missing_privacy_manifest_js_1 = require("./metadata/missing-privacy-manifest.js");
+const ats_exception_without_justification_js_1 = require("./config/ats-exception-without-justification.js");
+/**
+ * All available rules
+ */
+exports.allRules = [
+    missing_camera_purpose_js_1.MissingCameraPurposeRule,
+    missing_location_purpose_js_1.MissingLocationPurposeRule,
+    location_always_unjustified_js_1.LocationAlwaysUnjustifiedRule,
+    att_tracking_mismatch_js_1.ATTTrackingMismatchRule,
+    missing_photo_library_purpose_js_1.MissingPhotoLibraryPurposeRule,
+    missing_microphone_purpose_js_1.MissingMicrophonePurposeRule,
+    missing_contacts_purpose_js_1.MissingContactsPurposeRule,
+    third_party_login_no_siwa_js_1.ThirdPartyLoginNoSIWARule,
+    missing_privacy_manifest_js_1.MissingPrivacyManifestRule,
+    ats_exception_without_justification_js_1.ATSExceptionWithoutJustificationRule,
+];
+/**
+ * Rule registry - maps rule IDs to rule instances
+ */
+exports.ruleRegistry = new Map(exports.allRules.map(rule => [rule.id, rule]));
+/**
+ * Get a rule by ID
+ */
+function getRule(id) {
+    return exports.ruleRegistry.get(id);
+}
+/**
+ * Get rules by IDs with validation (returns all if no IDs specified)
+ * Returns both found rules and list of unknown IDs for validation
+ */
+function getRulesWithValidation(ids) {
+    if (!ids || ids.length === 0) {
+        return { rules: exports.allRules, unknownIds: [] };
+    }
+    const rules = [];
+    const unknownIds = [];
+    for (const id of ids) {
+        const rule = exports.ruleRegistry.get(id);
+        if (rule) {
+            rules.push(rule);
+        }
+        else {
+            unknownIds.push(id);
+        }
+    }
+    return { rules, unknownIds };
+}
+/**
+ * Get rules by IDs (returns all if no IDs specified)
+ * @deprecated Use getRulesWithValidation for proper error handling
+ */
+function getRules(ids) {
+    return getRulesWithValidation(ids).rules;
+}
+/**
+ * Get rules excluding specified IDs
+ */
+function getRulesExcluding(excludeIds) {
+    const excludeSet = new Set(excludeIds);
+    return exports.allRules.filter(rule => !excludeSet.has(rule.id));
+}
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AA0DA,0BAEC;AAcD,wDAkBC;AAMD,4BAEC;AAKD,8CAGC;AAvGD,gBAAgB;AAChB,qDAAmC;AAEnC,aAAa;AACb,kDAAgC;AAEhC,iBAAiB;AACjB,sDAAoC;AAEpC,eAAe;AACf,oDAAkC;AAElC,iBAAiB;AACjB,4CAA0B;AAE1B,gCAAgC;AAChC,mFAA+E;AAC/E,uFAAmF;AACnF,6FAAyF;AACzF,iFAA6E;AAC7E,iGAA4F;AAC5F,2FAAuF;AACvF,uFAAmF;AACnF,sFAAgF;AAChF,wFAAoF;AACpF,4GAAuG;AAEvG;;GAEG;AACU,QAAA,QAAQ,GAAW;IAC9B,oDAAwB;IACxB,wDAA0B;IAC1B,8DAA6B;IAC7B,kDAAuB;IACvB,iEAA8B;IAC9B,4DAA4B;IAC5B,wDAA0B;IAC1B,wDAAyB;IACzB,wDAA0B;IAC1B,6EAAoC;CACrC,CAAC;AAEF;;GAEG;AACU,QAAA,YAAY,GAAsB,IAAI,GAAG,CACpD,gBAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CACtC,CAAC;AAEF;;GAEG;AACH,SAAgB,OAAO,CAAC,EAAU;IAChC,OAAO,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAUD;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,GAAc;IACnD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,gBAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAW,EAAE,CAAC;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,QAAQ,CAAC,GAAc;IACrC,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,UAAoB;IACpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,OAAO,gBAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/rules/metadata/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Metadata rules exports
+ */
+export { MissingPrivacyManifestRule } from './missing-privacy-manifest.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/metadata/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/metadata/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/rules/metadata/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingPrivacyManifestRule = void 0;
+/**
+ * Metadata rules exports
+ */
+var missing_privacy_manifest_js_1 = require("./missing-privacy-manifest.js");
+Object.defineProperty(exports, "MissingPrivacyManifestRule", { enumerable: true, get: function () { return missing_privacy_manifest_js_1.MissingPrivacyManifestRule; } });
+//# sourceMappingURL=index.js.map

package/dist/rules/metadata/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/metadata/index.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,6EAA2E;AAAlE,yIAAA,0BAA0B,OAAA"}

package/dist/rules/metadata/missing-privacy-manifest.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Rule: Missing Privacy Manifest
+ *
+ * iOS 17+ requires PrivacyInfo.xcprivacy for apps that use certain APIs
+ * known as "Required Reason APIs". This rule checks for common indicators
+ * that an app may need a privacy manifest.
+ *
+ * App Store Review Guideline: 5.1.1
+ */
+import type { Rule } from '../../types/index.js';
+export declare const MissingPrivacyManifestRule: Rule;
+//# sourceMappingURL=missing-privacy-manifest.d.ts.map

package/dist/rules/metadata/missing-privacy-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-privacy-manifest.d.ts","sourceRoot":"","sources":["../../../src/rules/metadata/missing-privacy-manifest.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AA4DvE,eAAO,MAAM,0BAA0B,EAAE,IAuGxC,CAAC"}

package/dist/rules/metadata/missing-privacy-manifest.js

@@ -0,0 +1,186 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingPrivacyManifestRule = void 0;
+const index_js_1 = require("../../types/index.js");
+// Note: using Privacy category as privacy manifest relates to data privacy compliance
+const base_js_1 = require("../base.js");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * SDK dependencies commonly known to require privacy manifests
+ */
+const SDK_REQUIRING_PRIVACY_MANIFEST = [
+    { pattern: 'Firebase', name: 'Firebase', note: 'Firebase SDKs require privacy manifests as of May 2024' },
+    { pattern: 'Facebook', name: 'Facebook SDK', note: 'Facebook SDK requires privacy manifests' },
+    { pattern: 'FBSDK', name: 'Facebook SDK', note: 'Facebook SDK requires privacy manifests' },
+    { pattern: 'GoogleMobileAds', name: 'Google Mobile Ads', note: 'Google Ad SDK requires privacy manifests' },
+    { pattern: 'Google-Mobile-Ads', name: 'Google Mobile Ads', note: 'Google Ad SDK requires privacy manifests' },
+    { pattern: 'Crashlytics', name: 'Crashlytics', note: 'Crashlytics requires privacy manifests' },
+    { pattern: 'Amplitude', name: 'Amplitude', note: 'Amplitude SDK requires privacy manifests' },
+    { pattern: 'Mixpanel', name: 'Mixpanel', note: 'Mixpanel SDK requires privacy manifests' },
+    { pattern: 'Adjust', name: 'Adjust', note: 'Adjust SDK requires privacy manifests' },
+    { pattern: 'AppsFlyer', name: 'AppsFlyer', note: 'AppsFlyer SDK requires privacy manifests' },
+];
+/**
+ * Check if a privacy manifest exists in the project
+ */
+function findPrivacyManifest(projectPath) {
+    const searchPaths = [
+        path.join(projectPath, 'PrivacyInfo.xcprivacy'),
+        path.join(projectPath, 'Resources', 'PrivacyInfo.xcprivacy'),
+    ];
+    // Also search in subdirectories (common app structure)
+    try {
+        const entries = fs.readdirSync(projectPath);
+        for (const entry of entries) {
+            const fullPath = path.join(projectPath, entry);
+            try {
+                const stat = fs.statSync(fullPath);
+                if (stat.isDirectory()) {
+                    searchPaths.push(path.join(fullPath, 'PrivacyInfo.xcprivacy'));
+                    searchPaths.push(path.join(fullPath, 'Resources', 'PrivacyInfo.xcprivacy'));
+                }
+            }
+            catch {
+                // Ignore stat errors
+            }
+        }
+    }
+    catch {
+        // Ignore readdir errors
+    }
+    for (const searchPath of searchPaths) {
+        if (fs.existsSync(searchPath)) {
+            return searchPath;
+        }
+    }
+    return null;
+}
+exports.MissingPrivacyManifestRule = {
+    id: 'metadata-001-missing-privacy-manifest',
+    name: 'Missing Privacy Manifest',
+    description: 'Checks for presence of PrivacyInfo.xcprivacy when using Required Reason APIs or common SDKs',
+    category: index_js_1.RuleCategory.Metadata,
+    severity: index_js_1.Severity.High,
+    confidence: index_js_1.Confidence.Medium,
+    guidelineReference: '5.1.1',
+    async evaluate(context) {
+        // Check if privacy manifest exists
+        const privacyManifestPath = findPrivacyManifest(context.projectPath);
+        if (privacyManifestPath) {
+            // Privacy manifest exists, no issue
+            return [];
+        }
+        const findings = [];
+        // Check for SDKs that commonly require privacy manifests
+        const detectedSDKs = [];
+        for (const sdk of SDK_REQUIRING_PRIVACY_MANIFEST) {
+            const hasSDK = context.dependencies.some(dep => dep.name.toLowerCase().includes(sdk.pattern.toLowerCase()));
+            if (hasSDK && !detectedSDKs.includes(sdk.name)) {
+                detectedSDKs.push(sdk.name);
+            }
+        }
+        if (detectedSDKs.length > 0) {
+            findings.push((0, base_js_1.makeFinding)(this, {
+                title: 'Missing Privacy Manifest for Third-Party SDKs',
+                description: `Your app uses SDKs that require privacy manifests: ${detectedSDKs.join(', ')}. ` +
+                    `Starting Spring 2024, apps submitted to the App Store must include a privacy manifest ` +
+                    `(PrivacyInfo.xcprivacy) that declares the data collection and Required Reason API usage ` +
+                    `from these SDKs.`,
+                location: context.projectPath,
+                fixGuidance: `Create a PrivacyInfo.xcprivacy file in your project root and declare the Required Reason APIs ` +
+                    `used by your app and its dependencies.
+
+1. In Xcode, File > New > File > iOS > Resource > App Privacy
+2. Add entries for each Required Reason API category your app uses
+3. Ensure third-party SDK privacy manifests are bundled with your app
+
+Most SDK vendors now provide privacy manifests with their SDKs. Update to the latest versions.
+
+Example PrivacyInfo.xcprivacy structure:
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>NSPrivacyTracking</key>
+    <false/>
+    <key>NSPrivacyCollectedDataTypes</key>
+    <array/>
+    <key>NSPrivacyAccessedAPITypes</key>
+    <array>
+        <dict>
+            <key>NSPrivacyAccessedAPIType</key>
+            <string>NSPrivacyAccessedAPICategoryUserDefaults</string>
+            <key>NSPrivacyAccessedAPITypeReasons</key>
+            <array>
+                <string>CA92.1</string>
+            </array>
+        </dict>
+    </array>
+</dict>
+</plist>`,
+                documentationURL: 'https://developer.apple.com/documentation/bundleresources/privacy_manifest_files',
+            }));
+        }
+        // If no SDK indicators but this is a newer project, provide informational warning
+        if (findings.length === 0) {
+            // Check for frameworks that might use Required Reason APIs
+            const commonFrameworks = ['Foundation', 'UIKit'];
+            const hasCommonFrameworks = commonFrameworks.some(f => context.hasFramework(f));
+            if (hasCommonFrameworks && context.dependencies.length > 0) {
+                findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.Info, index_js_1.Confidence.Low, {
+                    title: 'Consider Adding Privacy Manifest',
+                    description: `Your app uses third-party dependencies which may use Required Reason APIs. ` +
+                        `Consider adding a PrivacyInfo.xcprivacy to avoid potential App Store submission issues.`,
+                    location: context.projectPath,
+                    fixGuidance: `Review Apple's Required Reason API documentation and check if your app or its ` +
+                        `dependencies use any of these APIs:
+
+- File timestamp APIs (NSFileCreationDate, NSFileModificationDate)
+- System boot time APIs (systemUptime)  
+- Disk space APIs (volumeAvailableCapacity)
+- User defaults (UserDefaults.standard)
+- Active keyboard APIs (activeInputModes)
+
+If any are used, create a PrivacyInfo.xcprivacy and declare the appropriate reasons.`,
+                    documentationURL: 'https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api',
+                }));
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=missing-privacy-manifest.js.map

package/dist/rules/metadata/missing-privacy-manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-privacy-manifest.js","sourceRoot":"","sources":["../../../src/rules/metadata/missing-privacy-manifest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,mDAA0E;AAC1E,sFAAsF;AACtF,wCAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAE7B;;GAEG;AACH,MAAM,8BAA8B,GAAG;IACrC,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,wDAAwD,EAAE;IACzG,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,yCAAyC,EAAE;IAC9F,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,yCAAyC,EAAE;IAC3F,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,0CAA0C,EAAE;IAC3G,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,0CAA0C,EAAE;IAC7G,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,wCAAwC,EAAE;IAC/F,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,0CAA0C,EAAE;IAC7F,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,yCAAyC,EAAE;IAC1F,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,uCAAuC,EAAE;IACpF,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,0CAA0C,EAAE;CAC9F,CAAC;AAEF;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,MAAM,WAAW,GAAG;QAClB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,uBAAuB,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,uBAAuB,CAAC;KAC7D,CAAC;IAEF,uDAAuD;IACvD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACnC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;oBACvB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC,CAAC;oBAC/D,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAEY,QAAA,0BAA0B,GAAS;IAC9C,EAAE,EAAE,uCAAuC;IAC3C,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,6FAA6F;IAC1G,QAAQ,EAAE,uBAAY,CAAC,QAAQ;IAC/B,QAAQ,EAAE,mBAAQ,CAAC,IAAI;IACvB,UAAU,EAAE,qBAAU,CAAC,MAAM;IAC7B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,mCAAmC;QACnC,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAErE,IAAI,mBAAmB,EAAE,CAAC;YACxB,oCAAoC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,yDAAyD;QACzD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,8BAA8B,EAAE,CAAC;YACjD,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC7C,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAC3D,CAAC;YACF,IAAI,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,+CAA+C;gBACtD,WAAW,EAAE,sDAAsD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBAC5F,wFAAwF;oBACxF,0FAA0F;oBAC1F,kBAAkB;gBACpB,QAAQ,EAAE,OAAO,CAAC,WAAW;gBAC7B,WAAW,EAAE,gGAAgG;oBAC3G;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SA6BD;gBACD,gBAAgB,EAAE,kFAAkF;aACrG,CAAC,CAAC,CAAC;QACN,CAAC;QAED,kFAAkF;QAClF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,2DAA2D;YAC3D,MAAM,gBAAgB,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACjD,MAAM,mBAAmB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;YAEhF,IAAI,mBAAmB,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3D,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,IAAI,EAAE,qBAAU,CAAC,GAAG,EAAE;oBACnE,KAAK,EAAE,kCAAkC;oBACzC,WAAW,EAAE,6EAA6E;wBACxF,yFAAyF;oBAC3F,QAAQ,EAAE,OAAO,CAAC,WAAW;oBAC7B,WAAW,EAAE,gFAAgF;wBAC3F;;;;;;;;qFAQyE;oBAC3E,gBAAgB,EAAE,wHAAwH;iBAC3I,CAAC,CAAC,CAAC;YACN,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/privacy/att-tracking-mismatch.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Rule: Tracking SDK Without App Tracking Transparency
+ *
+ * Detects when an app includes tracking/attribution SDKs but is missing
+ * NSUserTrackingUsageDescription in Info.plist and/or the AppTrackingTransparency
+ * framework.
+ *
+ * App Store Review Guideline: 5.1.2
+ */
+import type { Rule } from '../../types/index.js';
+export declare const ATTTrackingMismatchRule: Rule;
+//# sourceMappingURL=att-tracking-mismatch.d.ts.map

package/dist/rules/privacy/att-tracking-mismatch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"att-tracking-mismatch.d.ts","sourceRoot":"","sources":["../../../src/rules/privacy/att-tracking-mismatch.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AASvE,eAAO,MAAM,uBAAuB,EAAE,IA6GrC,CAAC"}