superjs-core 0.2.0 → 0.3.1

package/dist/dep-exray/cli.js

@@ -0,0 +1,389 @@
+#!/usr/bin/env node
+
+// src/dep-exray/cli.ts
+import { Command } from "commander";
+
+// src/dep-exray/scanner/index.ts
+import { readFileSync, readdirSync, existsSync } from "fs";
+import { join, basename } from "path";
+
+// src/dep-exray/known-mappings.ts
+var KNOWN_MAPPINGS = [
+  {
+    name: "lodash",
+    size: "4.2 MB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "Most lodash functions have direct replacements in jscore-core with 99% API compatibility",
+    detectionPattern: `from ['"]lodash['"]|require\\(['"]lodash['"]\\)`
+  },
+  {
+    name: "moment",
+    size: "2.5 MB",
+    replacement: "jscore-core/date",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "date utilities in jscore-core cover 95% of common moment use cases",
+    detectionPattern: `from ['"]moment['"]|require\\(['"]moment['"]\\)`
+  },
+  {
+    name: "date-fns",
+    size: "1.2 MB (tree-shaked ~50KB)",
+    replacement: "jscore-core/date",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Partially overlapping \u2014 jscore-core covers basic date ops but not all locale support",
+    detectionPattern: `from ['"]date-fns['"]|require\\(['"]date-fns['"]\\)`
+  },
+  {
+    name: "axios",
+    size: "1.6 MB",
+    replacement: "native fetch + jscore-core/async/retry",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Native fetch covers most use cases; needs manual review for interceptors",
+    detectionPattern: `from ['"]axios['"]|require\\(['"]axios['"]\\)`
+  },
+  {
+    name: "uuid",
+    size: "30 KB",
+    replacement: "crypto.randomUUID() (native)",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "crypto.randomUUID() is available in all modern Node.js and browsers",
+    detectionPattern: `from ['"]uuid['"]|require\\(['"]uuid['"]\\)`
+  },
+  {
+    name: "deepmerge",
+    size: "15 KB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides deepMerge out of the box",
+    detectionPattern: `from ['"]deepmerge['"]|require\\(['"]deepmerge['"]\\)`
+  },
+  {
+    name: "lodash.merge",
+    size: "25 KB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides deepMerge out of the box",
+    detectionPattern: `from ['"]lodash\\.(merge|clone|pick|omit|get|set)['"]`
+  },
+  {
+    name: "chalk",
+    size: "45 KB",
+    replacement: "picocolors",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "picocolors is 3KB vs chalk's 45KB with same API",
+    detectionPattern: `from ['"]chalk['"]|require\\(['"]chalk['"]\\)`
+  },
+  {
+    name: "nanoid",
+    size: "8 KB",
+    replacement: "jscore-core/string (nanoid)",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides nanoid with same API",
+    detectionPattern: `from ['"]nanoid['"]|require\\(['"]nanoid['"]\\)`
+  },
+  {
+    name: "dayjs",
+    size: "50 KB",
+    replacement: "jscore-core/date",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Partially overlapping \u2014 covers basics but not all plugins",
+    detectionPattern: `from ['"]dayjs['"]|require\\(['"]dayjs['"]\\)`
+  },
+  {
+    name: "clsx",
+    size: "5 KB",
+    replacement: "native template literals",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "Can be replaced with simple template literal conditional pattern",
+    detectionPattern: `from ['"]clsx['"]|require\\(['"]clsx['"]\\)`
+  }
+];
+var KNOWN_CVES = {
+  "ansi-regex": [
+    { cve: "CVE-2021-3807", severity: "high", fix: "Update to ansi-regex@6.0.1 or later" }
+  ],
+  "semver": [
+    { cve: "CVE-2022-25883", severity: "medium", fix: "Update to semver@7.5.2 or later" }
+  ],
+  "json5": [
+    { cve: "CVE-2022-46175", severity: "high", fix: "Update to json5@2.2.3 or later" }
+  ],
+  "lodash": [
+    { cve: "CVE-2020-28502", severity: "high", fix: "Update to lodash@4.17.21 or later" },
+    { cve: "CVE-2020-8203", severity: "medium", fix: "Update to lodash@4.17.21 or later" }
+  ]
+};
+
+// src/dep-exray/scanner/index.ts
+function parsePackageJson(path) {
+  const raw = readFileSync(path, "utf-8");
+  const json = JSON.parse(raw);
+  return {
+    name: json.name ?? basename(join(path, "..")),
+    dependencies: json.dependencies ?? {},
+    devDependencies: json.devDependencies ?? {}
+  };
+}
+function parseLockfile(projectPath) {
+  const lockPath = join(projectPath, "package-lock.json");
+  if (!existsSync(lockPath)) return null;
+  try {
+    const raw = readFileSync(lockPath, "utf-8");
+    const json = JSON.parse(raw);
+    const packages = {};
+    if (json.packages) {
+      for (const [key, val] of Object.entries(json.packages)) {
+        if (key) {
+          packages[key] = val;
+        }
+      }
+    }
+    if (json.dependencies && Object.keys(packages).length === 0) {
+      for (const [key, val] of Object.entries(json.dependencies)) {
+        packages[key] = { version: val.version, dependencies: val.requires };
+      }
+    }
+    return { packages };
+  } catch {
+    return null;
+  }
+}
+function detectImportInFile(filePath, regex) {
+  try {
+    const content = readFileSync(filePath, "utf-8");
+    return regex.test(content);
+  } catch {
+    return false;
+  }
+}
+function detectImportsInSrc(projectPath, mapping) {
+  const regex = new RegExp(mapping.detectionPattern);
+  const srcDir = join(projectPath, "src");
+  if (!existsSync(srcDir)) return false;
+  try {
+    const files = collectSourceFiles(srcDir);
+    for (const file of files) {
+      if (detectImportInFile(file, regex)) return true;
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+function collectSourceFiles(dir) {
+  const results = [];
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.name === "node_modules" || entry.name === "dist" || entry.name === ".git" || entry.name === "coverage" || entry.name === ".tsup") {
+        continue;
+      }
+      const full = join(dir, entry.name);
+      if (entry.isDirectory()) {
+        results.push(...collectSourceFiles(full));
+      } else if (entry.isFile()) {
+        const ext = entry.name.split(".").pop();
+        if (ext === "ts" || ext === "tsx" || ext === "js" || ext === "jsx" || ext === "mjs" || ext === "cjs") {
+          results.push(full);
+        }
+      }
+    }
+  } catch {
+  }
+  return results;
+}
+function estimateTransitiveCount(lockfile, directNames) {
+  if (!lockfile) return 0;
+  let count = 0;
+  for (const key of Object.keys(lockfile.packages)) {
+    if (!key || key === "") continue;
+    const name = key.startsWith("node_modules/") ? key.slice("node_modules/".length) : key;
+    const rootName = name.startsWith("@") ? `${name.split("/")[0]}/${name.split("/")[1]}` : name.split("/")[0];
+    if (rootName && !directNames.has(rootName)) {
+      count++;
+    }
+  }
+  return count;
+}
+function parseSize(value) {
+  const cleaned = value.replace(/\(.*?\)/g, "").trim();
+  const match = cleaned.match(/^([\d.]+)\s*(KB|MB)/i);
+  if (!match) return 0;
+  const num = Number.parseFloat(match[1]);
+  if (!match[2]) return 0;
+  if (match[2].toUpperCase() === "MB") return num * 1024;
+  return num;
+}
+async function scanProject(config) {
+  const projectPath = config.path ?? ".";
+  const pkgPath = join(projectPath, "package.json");
+  if (!existsSync(pkgPath)) {
+    throw new Error(`No package.json found at ${projectPath}. Run dep-exray in a JavaScript/TypeScript project directory.`);
+  }
+  const pkg = parsePackageJson(pkgPath);
+  const lockfile = parseLockfile(projectPath);
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+  const directNames = new Set(Object.keys(allDeps));
+  const transitiveCount = estimateTransitiveCount(lockfile, directNames);
+  const highImpactReplacements = [];
+  const mediumImpactReplacements = [];
+  const securityIssues = [];
+  const sizeMap = {};
+  for (const m of KNOWN_MAPPINGS) {
+    sizeMap[m.name] = m.size;
+  }
+  for (const mapping of KNOWN_MAPPINGS) {
+    const isDirect = directNames.has(mapping.name);
+    if (!isDirect) continue;
+    const isUsed = detectImportsInSrc(projectPath, mapping);
+    if (!isUsed && !config.verbose) continue;
+    const mappingSize = parseSize(sizeMap[mapping.name] ?? "0 KB");
+    const replacementSize = mapping.replacement.startsWith("native") ? 0 : 5;
+    const reductionStr = mappingSize > 1024 ? `${(mappingSize / 1024).toFixed(1)} MB \u2192 ${replacementSize} KB` : `${mappingSize.toFixed(0)} KB \u2192 ${replacementSize} KB`;
+    const suggestion = {
+      packageName: mapping.name,
+      reason: mapping.reason,
+      replacement: mapping.replacement,
+      estimatedSizeReduction: reductionStr,
+      confidence: mapping.confidence,
+      autoPrReady: mapping.autoPrReady
+    };
+    if (mapping.confidence === "high") {
+      highImpactReplacements.push(suggestion);
+    } else {
+      mediumImpactReplacements.push(suggestion);
+    }
+  }
+  for (const [name, cves] of Object.entries(KNOWN_CVES)) {
+    if (directNames.has(name)) {
+      for (const cveItem of cves) {
+        securityIssues.push({
+          packageName: name,
+          cveId: cveItem.cve,
+          severity: cveItem.severity,
+          fix: cveItem.fix
+        });
+      }
+    }
+  }
+  let totalSizeKB = 0;
+  for (const depName of directNames) {
+    const sizeStr = sizeMap[depName];
+    if (sizeStr) {
+      totalSizeKB += parseSize(sizeStr);
+    } else {
+      totalSizeKB += 50;
+    }
+  }
+  totalSizeKB += transitiveCount * 30;
+  const totalSizeStr = totalSizeKB > 1024 ? `${(totalSizeKB / 1024).toFixed(1)} MB` : `${totalSizeKB.toFixed(0)} KB`;
+  return {
+    projectName: pkg.name,
+    directDeps: directNames.size,
+    transitiveDeps: transitiveCount,
+    totalEstimatedSize: totalSizeStr,
+    highImpactReplacements,
+    mediumImpactReplacements,
+    securityIssues
+  };
+}
+
+// src/dep-exray/reporter/index.ts
+import pc from "picocolors";
+function severityColor(severity) {
+  switch (severity) {
+    case "critical":
+      return pc.bold(pc.red(severity.toUpperCase()));
+    case "high":
+      return pc.red(severity.toUpperCase());
+    case "medium":
+      return pc.yellow(severity.toUpperCase());
+    case "low":
+      return pc.dim(severity.toUpperCase());
+  }
+}
+function confidenceIcon(confidence) {
+  switch (confidence) {
+    case "high":
+      return pc.green("\u25CF");
+    case "medium":
+      return pc.yellow("\u25CF");
+    case "low":
+      return pc.red("\u25CF");
+  }
+}
+function generateReport(result, jsonOutput) {
+  if (jsonOutput) {
+    return JSON.stringify(result, null, 2);
+  }
+  const lines = [];
+  lines.push(pc.bold(pc.cyan(`\u250C${"\u2500".repeat(58)}\u2510`)));
+  lines.push(pc.bold(pc.cyan(`\u2502${" ".repeat(18)}dep-exray Report${" ".repeat(21)}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4E6} PROJECT:")} ${pc.bold(result.projectName)}${" ".repeat(Math.max(1, 47 - result.projectName.length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4CA} DEPENDENCIES:")} ${pc.bold(String(result.directDeps))} direct + ${pc.bold(String(result.transitiveDeps))} transitive${" ".repeat(Math.max(1, 27 - String(result.transitiveDeps).length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4BE} TOTAL SIZE:")} ${pc.bold(result.totalEstimatedSize)}${" ".repeat(Math.max(1, 42 - result.totalEstimatedSize.length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+  if (result.highImpactReplacements.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.green("\u{1F7E2}")} ${pc.bold(pc.green("HIGH IMPACT REPLACEMENTS"))}${" ".repeat(23)}\u2502`)));
+    for (const item of result.highImpactReplacements) {
+      const autoPr = item.autoPrReady ? pc.green("\u2713 Auto-PR ready") : pc.dim("Manual review needed");
+      const confIcon = confidenceIcon(item.confidence);
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u2717")} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${" ".repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${pc.cyan(item.replacement)}${" ".repeat(Math.max(1, 51 - item.replacement.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2514\u2500")} ${autoPr}  ${confIcon} ${item.confidence}${" ".repeat(Math.max(1, 35))}\u2502`)));
+    }
+  }
+  if (result.mediumImpactReplacements.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.yellow("\u{1F7E1}")} ${pc.bold(pc.yellow("MEDIUM IMPACT REPLACEMENTS"))}${" ".repeat(20)}\u2502`)));
+    for (const item of result.mediumImpactReplacements) {
+      const autoPr = item.autoPrReady ? pc.green("\u2713 Auto-PR ready") : pc.dim("Manual review needed");
+      const confIcon = confidenceIcon(item.confidence);
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u2717")} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${" ".repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${pc.cyan(item.replacement)}${" ".repeat(Math.max(1, 51 - item.replacement.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2514\u2500")} ${autoPr}  ${confIcon} ${item.confidence}${" ".repeat(Math.max(1, 35))}\u2502`)));
+    }
+  }
+  if (result.securityIssues.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u{1F534}")} ${pc.bold(pc.red("SECURITY ISSUES"))}${" ".repeat(33)}\u2502`)));
+    for (const issue of result.securityIssues) {
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${severityColor(issue.severity)} ${pc.bold(issue.cveId)} in ${issue.packageName}${" ".repeat(Math.max(1, 40 - issue.packageName.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${issue.fix}${" ".repeat(Math.max(1, 52 - issue.fix.length))}\u2502`)));
+    }
+  }
+  lines.push(pc.bold(pc.cyan(`\u2514${"\u2500".repeat(58)}\u2518`)));
+  return lines.join("\n");
+}
+
+// src/dep-exray/cli.ts
+var program = new Command();
+program.name("dep-exray").description("Dependency health scanner for JavaScript/TypeScript projects").version("0.1.0").argument("[path]", "Project path to scan", ".").option("-j, --json", "Output as JSON").option("-v, --verbose", "Verbose output").option("--fix", "Auto-generate migration PRs").action(async (path, options) => {
+  try {
+    const result = await scanProject({ path, verbose: options.verbose, jsonOutput: options.json });
+    console.log(generateReport(result, options.json));
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    console.error(`
+  \u2716 ${message}
+`);
+    process.exit(1);
+  }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/dep-exray/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/dep-exray/cli.ts","../../src/dep-exray/scanner/index.ts","../../src/dep-exray/known-mappings.ts","../../src/dep-exray/reporter/index.ts"],"sourcesContent":["#!/usr/bin/env node\r\nimport { Command } from 'commander'\r\nimport { scanProject } from './scanner/index.js'\r\nimport { generateReport } from './reporter/index.js'\r\n\r\nconst program = new Command()\r\n\r\nprogram\r\n  .name('dep-exray')\r\n  .description('Dependency health scanner for JavaScript/TypeScript projects')\r\n  .version('0.1.0')\r\n  .argument('[path]', 'Project path to scan', '.')\r\n  .option('-j, --json', 'Output as JSON')\r\n  .option('-v, --verbose', 'Verbose output')\r\n  .option('--fix', 'Auto-generate migration PRs')\r\n  .action(async (path: string, options: { json?: boolean; verbose?: boolean; fix?: boolean }) => {\r\n    try {\r\n      const result = await scanProject({ path, verbose: options.verbose, jsonOutput: options.json })\r\n      console.log(generateReport(result, options.json))\r\n    } catch (error) {\r\n      const message = error instanceof Error ? error.message : String(error)\r\n      console.error(`\\n  ✖ ${message}\\n`)\r\n      process.exit(1)\r\n    }\r\n  })\r\n\r\nprogram.parse()\r\n","import { readFileSync, readdirSync, existsSync } from 'node:fs'\r\nimport { join, basename } from 'node:path'\r\nimport type { ScanResult, ReplacementSuggestion, SecurityIssue, ScannerConfig } from '../types.js'\r\nimport { KNOWN_MAPPINGS, KNOWN_CVES, type PackageMapping } from '../known-mappings.js'\r\n\r\ninterface LockfilePackages {\r\n  [key: string]: { version?: string; dependencies?: Record<string, string> } | undefined\r\n}\r\n\r\ninterface LockfileData {\r\n  packages: LockfilePackages\r\n}\r\n\r\nfunction parsePackageJson(path: string): { name: string; dependencies: Record<string, string>; devDependencies: Record<string, string> } {\r\n  const raw = readFileSync(path, 'utf-8')\r\n  const json = JSON.parse(raw)\r\n  return {\r\n    name: json.name ?? basename(join(path, '..')),\r\n    dependencies: (json.dependencies as Record<string, string>) ?? {},\r\n    devDependencies: (json.devDependencies as Record<string, string>) ?? {},\r\n  }\r\n}\r\n\r\nfunction parseLockfile(projectPath: string): LockfileData | null {\r\n  const lockPath = join(projectPath, 'package-lock.json')\r\n  if (!existsSync(lockPath)) return null\r\n  try {\r\n    const raw = readFileSync(lockPath, 'utf-8')\r\n    const json = JSON.parse(raw)\r\n    const packages: LockfilePackages = {}\r\n\r\n    if (json.packages) {\r\n      for (const [key, val] of Object.entries(json.packages as Record<string, { version?: string }>)) {\r\n        if (key) {\r\n          packages[key] = val\r\n        }\r\n      }\r\n    }\r\n\r\n    if (json.dependencies && Object.keys(packages).length === 0) {\r\n      for (const [key, val] of Object.entries(json.dependencies as Record<string, { version?: string; requires?: Record<string, string> }>)) {\r\n        packages[key] = { version: val.version, dependencies: val.requires }\r\n      }\r\n    }\r\n\r\n    return { packages }\r\n  } catch {\r\n    return null\r\n  }\r\n}\r\n\r\nfunction detectImportInFile(filePath: string, regex: RegExp): boolean {\r\n  try {\r\n    const content = readFileSync(filePath, 'utf-8')\r\n    return regex.test(content)\r\n  } catch {\r\n    return false\r\n  }\r\n}\r\n\r\nfunction detectImportsInSrc(projectPath: string, mapping: PackageMapping): boolean {\r\n  const regex = new RegExp(mapping.detectionPattern)\r\n  const srcDir = join(projectPath, 'src')\r\n  if (!existsSync(srcDir)) return false\r\n\r\n  try {\r\n    const files = collectSourceFiles(srcDir)\r\n    for (const file of files) {\r\n      if (detectImportInFile(file, regex)) return true\r\n    }\r\n  } catch {\r\n    return false\r\n  }\r\n  return false\r\n}\r\n\r\nfunction collectSourceFiles(dir: string): string[] {\r\n  const results: string[] = []\r\n  try {\r\n    const entries = readdirSync(dir, { withFileTypes: true })\r\n    for (const entry of entries) {\r\n      if (entry.name === 'node_modules' || entry.name === 'dist' || entry.name === '.git' || entry.name === 'coverage' || entry.name === '.tsup') {\r\n        continue\r\n      }\r\n      const full = join(dir, entry.name)\r\n      if (entry.isDirectory()) {\r\n        results.push(...collectSourceFiles(full))\r\n      } else if (entry.isFile()) {\r\n        const ext = entry.name.split('.').pop()\r\n        if (ext === 'ts' || ext === 'tsx' || ext === 'js' || ext === 'jsx' || ext === 'mjs' || ext === 'cjs') {\r\n          results.push(full)\r\n        }\r\n      }\r\n    }\r\n  } catch {\r\n    // skip inaccessible dirs\r\n  }\r\n  return results\r\n}\r\n\r\nfunction estimateTransitiveCount(lockfile: LockfileData | null, directNames: Set<string>): number {\r\n  if (!lockfile) return 0\r\n  let count = 0\r\n  for (const key of Object.keys(lockfile.packages)) {\r\n    if (!key || key === '') continue\r\n    const name = key.startsWith('node_modules/') ? key.slice('node_modules/'.length) : key\r\n    const rootName = name.startsWith('@') ? `${name.split('/')[0]}/${name.split('/')[1]}` : name.split('/')[0]\r\n    if (rootName && !directNames.has(rootName)) {\r\n      count++\r\n    }\r\n  }\r\n  return count\r\n}\r\n\r\nfunction parseSize(value: string): number {\r\n  const cleaned = value.replace(/\\(.*?\\)/g, '').trim()\r\n  const match = cleaned.match(/^([\\d.]+)\\s*(KB|MB)/i)\r\n  if (!match) return 0\r\n  const num = Number.parseFloat(match[1]!)\r\n  if (!match[2]) return 0\r\n  if (match[2].toUpperCase() === 'MB') return num * 1024\r\n  return num\r\n}\r\n\r\nexport async function scanProject(config: ScannerConfig): Promise<ScanResult> {\r\n  const projectPath = config.path ?? '.'\r\n  const pkgPath = join(projectPath, 'package.json')\r\n\r\n  if (!existsSync(pkgPath)) {\r\n    throw new Error(`No package.json found at ${projectPath}. Run dep-exray in a JavaScript/TypeScript project directory.`)\r\n  }\r\n\r\n  const pkg = parsePackageJson(pkgPath)\r\n  const lockfile = parseLockfile(projectPath)\r\n\r\n  const allDeps: Record<string, string> = { ...pkg.dependencies, ...pkg.devDependencies }\r\n  const directNames = new Set(Object.keys(allDeps))\r\n\r\n  const transitiveCount = estimateTransitiveCount(lockfile, directNames)\r\n\r\n  const highImpactReplacements: ReplacementSuggestion[] = []\r\n  const mediumImpactReplacements: ReplacementSuggestion[] = []\r\n  const securityIssues: SecurityIssue[] = []\r\n\r\n  const sizeMap: Record<string, string> = {}\r\n  for (const m of KNOWN_MAPPINGS) {\r\n    sizeMap[m.name] = m.size\r\n  }\r\n\r\n  for (const mapping of KNOWN_MAPPINGS) {\r\n    const isDirect = directNames.has(mapping.name)\r\n    if (!isDirect) continue\r\n\r\n    const isUsed = detectImportsInSrc(projectPath, mapping)\r\n    if (!isUsed && !config.verbose) continue\r\n\r\n    const mappingSize = parseSize(sizeMap[mapping.name] ?? '0 KB')\r\n    const replacementSize = mapping.replacement.startsWith('native') ? 0 : 5\r\n    const reductionStr = mappingSize > 1024\r\n      ? `${(mappingSize / 1024).toFixed(1)} MB → ${replacementSize} KB`\r\n      : `${mappingSize.toFixed(0)} KB → ${replacementSize} KB`\r\n\r\n    const suggestion: ReplacementSuggestion = {\r\n      packageName: mapping.name,\r\n      reason: mapping.reason,\r\n      replacement: mapping.replacement,\r\n      estimatedSizeReduction: reductionStr,\r\n      confidence: mapping.confidence,\r\n      autoPrReady: mapping.autoPrReady,\r\n    }\r\n\r\n    if (mapping.confidence === 'high') {\r\n      highImpactReplacements.push(suggestion)\r\n    } else {\r\n      mediumImpactReplacements.push(suggestion)\r\n    }\r\n  }\r\n\r\n  for (const [name, cves] of Object.entries(KNOWN_CVES)) {\r\n    if (directNames.has(name)) {\r\n      for (const cveItem of cves) {\r\n        securityIssues.push({\r\n          packageName: name,\r\n          cveId: cveItem.cve,\r\n          severity: cveItem.severity as SecurityIssue['severity'],\r\n          fix: cveItem.fix,\r\n        })\r\n      }\r\n    }\r\n  }\r\n\r\n  let totalSizeKB = 0\r\n  for (const depName of directNames) {\r\n    const sizeStr = sizeMap[depName]\r\n    if (sizeStr) {\r\n      totalSizeKB += parseSize(sizeStr)\r\n    } else {\r\n      totalSizeKB += 50\r\n    }\r\n  }\r\n  totalSizeKB += transitiveCount * 30\r\n\r\n  const totalSizeStr = totalSizeKB > 1024\r\n    ? `${(totalSizeKB / 1024).toFixed(1)} MB`\r\n    : `${totalSizeKB.toFixed(0)} KB`\r\n\r\n  return {\r\n    projectName: pkg.name,\r\n    directDeps: directNames.size,\r\n    transitiveDeps: transitiveCount,\r\n    totalEstimatedSize: totalSizeStr,\r\n    highImpactReplacements,\r\n    mediumImpactReplacements,\r\n    securityIssues,\r\n  }\r\n}\r\n","\r\n\r\nexport interface PackageMapping {\r\n  name: string\r\n  size: string\r\n  replacement: string\r\n  confidence: 'high' | 'medium' | 'low'\r\n  autoPrReady: boolean\r\n  reason: string\r\n  detectionPattern: string\r\n}\r\n\r\nexport const KNOWN_MAPPINGS: PackageMapping[] = [\r\n  {\r\n    name: 'lodash',\r\n    size: '4.2 MB',\r\n    replacement: 'jscore-core',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'Most lodash functions have direct replacements in jscore-core with 99% API compatibility',\r\n    detectionPattern: 'from [\\'\"]lodash[\\'\"]|require\\\\([\\'\"]lodash[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'moment',\r\n    size: '2.5 MB',\r\n    replacement: 'jscore-core/date',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'date utilities in jscore-core cover 95% of common moment use cases',\r\n    detectionPattern: 'from [\\'\"]moment[\\'\"]|require\\\\([\\'\"]moment[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'date-fns',\r\n    size: '1.2 MB (tree-shaked ~50KB)',\r\n    replacement: 'jscore-core/date',\r\n    confidence: 'medium',\r\n    autoPrReady: false,\r\n    reason: 'Partially overlapping — jscore-core covers basic date ops but not all locale support',\r\n    detectionPattern: 'from [\\'\"]date-fns[\\'\"]|require\\\\([\\'\"]date-fns[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'axios',\r\n    size: '1.6 MB',\r\n    replacement: 'native fetch + jscore-core/async/retry',\r\n    confidence: 'medium',\r\n    autoPrReady: false,\r\n    reason: 'Native fetch covers most use cases; needs manual review for interceptors',\r\n    detectionPattern: 'from [\\'\"]axios[\\'\"]|require\\\\([\\'\"]axios[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'uuid',\r\n    size: '30 KB',\r\n    replacement: 'crypto.randomUUID() (native)',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'crypto.randomUUID() is available in all modern Node.js and browsers',\r\n    detectionPattern: 'from [\\'\"]uuid[\\'\"]|require\\\\([\\'\"]uuid[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'deepmerge',\r\n    size: '15 KB',\r\n    replacement: 'jscore-core',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'jscore-core provides deepMerge out of the box',\r\n    detectionPattern: 'from [\\'\"]deepmerge[\\'\"]|require\\\\([\\'\"]deepmerge[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'lodash.merge',\r\n    size: '25 KB',\r\n    replacement: 'jscore-core',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'jscore-core provides deepMerge out of the box',\r\n    detectionPattern: 'from [\\'\"]lodash\\\\.(merge|clone|pick|omit|get|set)[\\'\"]',\r\n  },\r\n  {\r\n    name: 'chalk',\r\n    size: '45 KB',\r\n    replacement: 'picocolors',\r\n    confidence: 'medium',\r\n    autoPrReady: false,\r\n    reason: \"picocolors is 3KB vs chalk's 45KB with same API\",\r\n    detectionPattern: 'from [\\'\"]chalk[\\'\"]|require\\\\([\\'\"]chalk[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'nanoid',\r\n    size: '8 KB',\r\n    replacement: 'jscore-core/string (nanoid)',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'jscore-core provides nanoid with same API',\r\n    detectionPattern: 'from [\\'\"]nanoid[\\'\"]|require\\\\([\\'\"]nanoid[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'dayjs',\r\n    size: '50 KB',\r\n    replacement: 'jscore-core/date',\r\n    confidence: 'medium',\r\n    autoPrReady: false,\r\n    reason: 'Partially overlapping — covers basics but not all plugins',\r\n    detectionPattern: 'from [\\'\"]dayjs[\\'\"]|require\\\\([\\'\"]dayjs[\\'\"]\\\\)',\r\n  },\r\n  {\r\n    name: 'clsx',\r\n    size: '5 KB',\r\n    replacement: 'native template literals',\r\n    confidence: 'high',\r\n    autoPrReady: true,\r\n    reason: 'Can be replaced with simple template literal conditional pattern',\r\n    detectionPattern: 'from [\\'\"]clsx[\\'\"]|require\\\\([\\'\"]clsx[\\'\"]\\\\)',\r\n  },\r\n]\r\n\r\nexport const KNOWN_CVES: Record<string, { cve: string; severity: string; fix: string }[]> = {\r\n  'ansi-regex': [\r\n    { cve: 'CVE-2021-3807', severity: 'high', fix: 'Update to ansi-regex@6.0.1 or later' },\r\n  ],\r\n  'semver': [\r\n    { cve: 'CVE-2022-25883', severity: 'medium', fix: 'Update to semver@7.5.2 or later' },\r\n  ],\r\n  'json5': [\r\n    { cve: 'CVE-2022-46175', severity: 'high', fix: 'Update to json5@2.2.3 or later' },\r\n  ],\r\n  'lodash': [\r\n    { cve: 'CVE-2020-28502', severity: 'high', fix: 'Update to lodash@4.17.21 or later' },\r\n    { cve: 'CVE-2020-8203', severity: 'medium', fix: 'Update to lodash@4.17.21 or later' },\r\n  ],\r\n}\r\n","import pc from 'picocolors'\r\nimport type { ScanResult, ReplacementSuggestion, SecurityIssue } from '../types.js'\r\n\r\nfunction severityColor(severity: SecurityIssue['severity']): string {\r\n  switch (severity) {\r\n    case 'critical': return pc.bold(pc.red(severity.toUpperCase()))\r\n    case 'high': return pc.red(severity.toUpperCase())\r\n    case 'medium': return pc.yellow(severity.toUpperCase())\r\n    case 'low': return pc.dim(severity.toUpperCase())\r\n  }\r\n}\r\n\r\nfunction confidenceIcon(confidence: ReplacementSuggestion['confidence']): string {\r\n  switch (confidence) {\r\n    case 'high': return pc.green('●')\r\n    case 'medium': return pc.yellow('●')\r\n    case 'low': return pc.red('●')\r\n  }\r\n}\r\n\r\nexport function generateReport(result: ScanResult, jsonOutput?: boolean): string {\r\n  if (jsonOutput) {\r\n    return JSON.stringify(result, null, 2)\r\n  }\r\n\r\n  const lines: string[] = []\r\n\r\n  // ┌─┐│└┘─\r\n  lines.push(pc.bold(pc.cyan(`┌${'─'.repeat(58)}┐`)))\r\n  lines.push(pc.bold(pc.cyan(`│${' '.repeat(18)}dep-exray Report${' '.repeat(21)}│`)))\r\n  lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n  lines.push(pc.bold(pc.cyan(`│  ${pc.white('📦 PROJECT:')} ${pc.bold(result.projectName)}${' '.repeat(Math.max(1, 47 - result.projectName.length))}│`)))\r\n  lines.push(pc.bold(pc.cyan(`│  ${pc.white('📊 DEPENDENCIES:')} ${pc.bold(String(result.directDeps))} direct + ${pc.bold(String(result.transitiveDeps))} transitive${' '.repeat(Math.max(1, 27 - String(result.transitiveDeps).length))}│`)))\r\n  lines.push(pc.bold(pc.cyan(`│  ${pc.white('💾 TOTAL SIZE:')} ${pc.bold(result.totalEstimatedSize)}${' '.repeat(Math.max(1, 42 - result.totalEstimatedSize.length))}│`)))\r\n  lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n\r\n  if (result.highImpactReplacements.length > 0) {\r\n    lines.push(pc.bold(pc.cyan(`│  ${pc.green('🟢')} ${pc.bold(pc.green('HIGH IMPACT REPLACEMENTS'))}${' '.repeat(23)}│`)))\r\n    for (const item of result.highImpactReplacements) {\r\n      const autoPr = item.autoPrReady ? pc.green('✓ Auto-PR ready') : pc.dim('Manual review needed')\r\n      const confIcon = confidenceIcon(item.confidence)\r\n      lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.red('✗')} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${' '.repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}│`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.dim('→')} ${pc.cyan(item.replacement)}${' '.repeat(Math.max(1, 51 - item.replacement.length))}│`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.dim('└─')} ${autoPr}  ${confIcon} ${item.confidence}${' '.repeat(Math.max(1, 35))}│`)))\r\n    }\r\n  }\r\n\r\n  if (result.mediumImpactReplacements.length > 0) {\r\n    lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n    lines.push(pc.bold(pc.cyan(`│  ${pc.yellow('🟡')} ${pc.bold(pc.yellow('MEDIUM IMPACT REPLACEMENTS'))}${' '.repeat(20)}│`)))\r\n    for (const item of result.mediumImpactReplacements) {\r\n      const autoPr = item.autoPrReady ? pc.green('✓ Auto-PR ready') : pc.dim('Manual review needed')\r\n      const confIcon = confidenceIcon(item.confidence)\r\n      lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.red('✗')} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${' '.repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}│`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.dim('→')} ${pc.cyan(item.replacement)}${' '.repeat(Math.max(1, 51 - item.replacement.length))}│`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.dim('└─')} ${autoPr}  ${confIcon} ${item.confidence}${' '.repeat(Math.max(1, 35))}│`)))\r\n    }\r\n  }\r\n\r\n  if (result.securityIssues.length > 0) {\r\n    lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n    lines.push(pc.bold(pc.cyan(`│  ${pc.red('🔴')} ${pc.bold(pc.red('SECURITY ISSUES'))}${' '.repeat(33)}│`)))\r\n    for (const issue of result.securityIssues) {\r\n      lines.push(pc.bold(pc.cyan(`├${'─'.repeat(58)}┤`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${severityColor(issue.severity)} ${pc.bold(issue.cveId)} in ${issue.packageName}${' '.repeat(Math.max(1, 40 - issue.packageName.length))}│`)))\r\n      lines.push(pc.bold(pc.cyan(`│  ${pc.dim('→')} ${issue.fix}${' '.repeat(Math.max(1, 52 - issue.fix.length))}│`)))\r\n    }\r\n  }\r\n\r\n  lines.push(pc.bold(pc.cyan(`└${'─'.repeat(58)}┘`)))\r\n\r\n  return lines.join('\\n')\r\n}\r\n"],"mappings":";;;AACA,SAAS,eAAe;;;ACDxB,SAAS,cAAc,aAAa,kBAAkB;AACtD,SAAS,MAAM,gBAAgB;;;ACWxB,IAAM,iBAAmC;AAAA,EAC9C;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,QAAQ;AAAA,IACR,kBAAkB;AAAA,EACpB;AACF;AAEO,IAAM,aAA+E;AAAA,EAC1F,cAAc;AAAA,IACZ,EAAE,KAAK,iBAAiB,UAAU,QAAQ,KAAK,sCAAsC;AAAA,EACvF;AAAA,EACA,UAAU;AAAA,IACR,EAAE,KAAK,kBAAkB,UAAU,UAAU,KAAK,kCAAkC;AAAA,EACtF;AAAA,EACA,SAAS;AAAA,IACP,EAAE,KAAK,kBAAkB,UAAU,QAAQ,KAAK,iCAAiC;AAAA,EACnF;AAAA,EACA,UAAU;AAAA,IACR,EAAE,KAAK,kBAAkB,UAAU,QAAQ,KAAK,oCAAoC;AAAA,IACpF,EAAE,KAAK,iBAAiB,UAAU,UAAU,KAAK,oCAAoC;AAAA,EACvF;AACF;;;ADnHA,SAAS,iBAAiB,MAA+G;AACvI,QAAM,MAAM,aAAa,MAAM,OAAO;AACtC,QAAM,OAAO,KAAK,MAAM,GAAG;AAC3B,SAAO;AAAA,IACL,MAAM,KAAK,QAAQ,SAAS,KAAK,MAAM,IAAI,CAAC;AAAA,IAC5C,cAAe,KAAK,gBAA2C,CAAC;AAAA,IAChE,iBAAkB,KAAK,mBAA8C,CAAC;AAAA,EACxE;AACF;AAEA,SAAS,cAAc,aAA0C;AAC/D,QAAM,WAAW,KAAK,aAAa,mBAAmB;AACtD,MAAI,CAAC,WAAW,QAAQ,EAAG,QAAO;AAClC,MAAI;AACF,UAAM,MAAM,aAAa,UAAU,OAAO;AAC1C,UAAM,OAAO,KAAK,MAAM,GAAG;AAC3B,UAAM,WAA6B,CAAC;AAEpC,QAAI,KAAK,UAAU;AACjB,iBAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAK,QAAgD,GAAG;AAC9F,YAAI,KAAK;AACP,mBAAS,GAAG,IAAI;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAEA,QAAI,KAAK,gBAAgB,OAAO,KAAK,QAAQ,EAAE,WAAW,GAAG;AAC3D,iBAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAK,YAAuF,GAAG;AACrI,iBAAS,GAAG,IAAI,EAAE,SAAS,IAAI,SAAS,cAAc,IAAI,SAAS;AAAA,MACrE;AAAA,IACF;AAEA,WAAO,EAAE,SAAS;AAAA,EACpB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,mBAAmB,UAAkB,OAAwB;AACpE,MAAI;AACF,UAAM,UAAU,aAAa,UAAU,OAAO;AAC9C,WAAO,MAAM,KAAK,OAAO;AAAA,EAC3B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,mBAAmB,aAAqB,SAAkC;AACjF,QAAM,QAAQ,IAAI,OAAO,QAAQ,gBAAgB;AACjD,QAAM,SAAS,KAAK,aAAa,KAAK;AACtC,MAAI,CAAC,WAAW,MAAM,EAAG,QAAO;AAEhC,MAAI;AACF,UAAM,QAAQ,mBAAmB,MAAM;AACvC,eAAW,QAAQ,OAAO;AACxB,UAAI,mBAAmB,MAAM,KAAK,EAAG,QAAO;AAAA,IAC9C;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,mBAAmB,KAAuB;AACjD,QAAM,UAAoB,CAAC;AAC3B,MAAI;AACF,UAAM,UAAU,YAAY,KAAK,EAAE,eAAe,KAAK,CAAC;AACxD,eAAW,SAAS,SAAS;AAC3B,UAAI,MAAM,SAAS,kBAAkB,MAAM,SAAS,UAAU,MAAM,SAAS,UAAU,MAAM,SAAS,cAAc,MAAM,SAAS,SAAS;AAC1I;AAAA,MACF;AACA,YAAM,OAAO,KAAK,KAAK,MAAM,IAAI;AACjC,UAAI,MAAM,YAAY,GAAG;AACvB,gBAAQ,KAAK,GAAG,mBAAmB,IAAI,CAAC;AAAA,MAC1C,WAAW,MAAM,OAAO,GAAG;AACzB,cAAM,MAAM,MAAM,KAAK,MAAM,GAAG,EAAE,IAAI;AACtC,YAAI,QAAQ,QAAQ,QAAQ,SAAS,QAAQ,QAAQ,QAAQ,SAAS,QAAQ,SAAS,QAAQ,OAAO;AACpG,kBAAQ,KAAK,IAAI;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,SAAS,wBAAwB,UAA+B,aAAkC;AAChG,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI,QAAQ;AACZ,aAAW,OAAO,OAAO,KAAK,SAAS,QAAQ,GAAG;AAChD,QAAI,CAAC,OAAO,QAAQ,GAAI;AACxB,UAAM,OAAO,IAAI,WAAW,eAAe,IAAI,IAAI,MAAM,gBAAgB,MAAM,IAAI;AACnF,UAAM,WAAW,KAAK,WAAW,GAAG,IAAI,GAAG,KAAK,MAAM,GAAG,EAAE,CAAC,CAAC,IAAI,KAAK,MAAM,GAAG,EAAE,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,EAAE,CAAC;AACzG,QAAI,YAAY,CAAC,YAAY,IAAI,QAAQ,GAAG;AAC1C;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,UAAU,OAAuB;AACxC,QAAM,UAAU,MAAM,QAAQ,YAAY,EAAE,EAAE,KAAK;AACnD,QAAM,QAAQ,QAAQ,MAAM,sBAAsB;AAClD,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,MAAM,OAAO,WAAW,MAAM,CAAC,CAAE;AACvC,MAAI,CAAC,MAAM,CAAC,EAAG,QAAO;AACtB,MAAI,MAAM,CAAC,EAAE,YAAY,MAAM,KAAM,QAAO,MAAM;AAClD,SAAO;AACT;AAEA,eAAsB,YAAY,QAA4C;AAC5E,QAAM,cAAc,OAAO,QAAQ;AACnC,QAAM,UAAU,KAAK,aAAa,cAAc;AAEhD,MAAI,CAAC,WAAW,OAAO,GAAG;AACxB,UAAM,IAAI,MAAM,4BAA4B,WAAW,+DAA+D;AAAA,EACxH;AAEA,QAAM,MAAM,iBAAiB,OAAO;AACpC,QAAM,WAAW,cAAc,WAAW;AAE1C,QAAM,UAAkC,EAAE,GAAG,IAAI,cAAc,GAAG,IAAI,gBAAgB;AACtF,QAAM,cAAc,IAAI,IAAI,OAAO,KAAK,OAAO,CAAC;AAEhD,QAAM,kBAAkB,wBAAwB,UAAU,WAAW;AAErE,QAAM,yBAAkD,CAAC;AACzD,QAAM,2BAAoD,CAAC;AAC3D,QAAM,iBAAkC,CAAC;AAEzC,QAAM,UAAkC,CAAC;AACzC,aAAW,KAAK,gBAAgB;AAC9B,YAAQ,EAAE,IAAI,IAAI,EAAE;AAAA,EACtB;AAEA,aAAW,WAAW,gBAAgB;AACpC,UAAM,WAAW,YAAY,IAAI,QAAQ,IAAI;AAC7C,QAAI,CAAC,SAAU;AAEf,UAAM,SAAS,mBAAmB,aAAa,OAAO;AACtD,QAAI,CAAC,UAAU,CAAC,OAAO,QAAS;AAEhC,UAAM,cAAc,UAAU,QAAQ,QAAQ,IAAI,KAAK,MAAM;AAC7D,UAAM,kBAAkB,QAAQ,YAAY,WAAW,QAAQ,IAAI,IAAI;AACvE,UAAM,eAAe,cAAc,OAC/B,IAAI,cAAc,MAAM,QAAQ,CAAC,CAAC,cAAS,eAAe,QAC1D,GAAG,YAAY,QAAQ,CAAC,CAAC,cAAS,eAAe;AAErD,UAAM,aAAoC;AAAA,MACxC,aAAa,QAAQ;AAAA,MACrB,QAAQ,QAAQ;AAAA,MAChB,aAAa,QAAQ;AAAA,MACrB,wBAAwB;AAAA,MACxB,YAAY,QAAQ;AAAA,MACpB,aAAa,QAAQ;AAAA,IACvB;AAEA,QAAI,QAAQ,eAAe,QAAQ;AACjC,6BAAuB,KAAK,UAAU;AAAA,IACxC,OAAO;AACL,+BAAyB,KAAK,UAAU;AAAA,IAC1C;AAAA,EACF;AAEA,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,UAAU,GAAG;AACrD,QAAI,YAAY,IAAI,IAAI,GAAG;AACzB,iBAAW,WAAW,MAAM;AAC1B,uBAAe,KAAK;AAAA,UAClB,aAAa;AAAA,UACb,OAAO,QAAQ;AAAA,UACf,UAAU,QAAQ;AAAA,UAClB,KAAK,QAAQ;AAAA,QACf,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,MAAI,cAAc;AAClB,aAAW,WAAW,aAAa;AACjC,UAAM,UAAU,QAAQ,OAAO;AAC/B,QAAI,SAAS;AACX,qBAAe,UAAU,OAAO;AAAA,IAClC,OAAO;AACL,qBAAe;AAAA,IACjB;AAAA,EACF;AACA,iBAAe,kBAAkB;AAEjC,QAAM,eAAe,cAAc,OAC/B,IAAI,cAAc,MAAM,QAAQ,CAAC,CAAC,QAClC,GAAG,YAAY,QAAQ,CAAC,CAAC;AAE7B,SAAO;AAAA,IACL,aAAa,IAAI;AAAA,IACjB,YAAY,YAAY;AAAA,IACxB,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AEvNA,OAAO,QAAQ;AAGf,SAAS,cAAc,UAA6C;AAClE,UAAQ,UAAU;AAAA,IAChB,KAAK;AAAY,aAAO,GAAG,KAAK,GAAG,IAAI,SAAS,YAAY,CAAC,CAAC;AAAA,IAC9D,KAAK;AAAQ,aAAO,GAAG,IAAI,SAAS,YAAY,CAAC;AAAA,IACjD,KAAK;AAAU,aAAO,GAAG,OAAO,SAAS,YAAY,CAAC;AAAA,IACtD,KAAK;AAAO,aAAO,GAAG,IAAI,SAAS,YAAY,CAAC;AAAA,EAClD;AACF;AAEA,SAAS,eAAe,YAAyD;AAC/E,UAAQ,YAAY;AAAA,IAClB,KAAK;AAAQ,aAAO,GAAG,MAAM,QAAG;AAAA,IAChC,KAAK;AAAU,aAAO,GAAG,OAAO,QAAG;AAAA,IACnC,KAAK;AAAO,aAAO,GAAG,IAAI,QAAG;AAAA,EAC/B;AACF;AAEO,SAAS,eAAe,QAAoB,YAA8B;AAC/E,MAAI,YAAY;AACd,WAAO,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,EACvC;AAEA,QAAM,QAAkB,CAAC;AAGzB,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,IAAI,OAAO,EAAE,CAAC,mBAAmB,IAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AACnF,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,MAAM,oBAAa,CAAC,IAAI,GAAG,KAAK,OAAO,WAAW,CAAC,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,OAAO,YAAY,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AACtJ,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,MAAM,yBAAkB,CAAC,IAAI,GAAG,KAAK,OAAO,OAAO,UAAU,CAAC,CAAC,aAAa,GAAG,KAAK,OAAO,OAAO,cAAc,CAAC,CAAC,cAAc,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,OAAO,OAAO,cAAc,EAAE,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AAC3O,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,MAAM,uBAAgB,CAAC,IAAI,GAAG,KAAK,OAAO,kBAAkB,CAAC,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,OAAO,mBAAmB,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AACvK,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAElD,MAAI,OAAO,uBAAuB,SAAS,GAAG;AAC5C,UAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,MAAM,WAAI,CAAC,IAAI,GAAG,KAAK,GAAG,MAAM,0BAA0B,CAAC,CAAC,GAAG,IAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AACtH,eAAW,QAAQ,OAAO,wBAAwB;AAChD,YAAM,SAAS,KAAK,cAAc,GAAG,MAAM,sBAAiB,IAAI,GAAG,IAAI,sBAAsB;AAC7F,YAAM,WAAW,eAAe,KAAK,UAAU;AAC/C,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,QAAG,CAAC,IAAI,GAAG,KAAK,KAAK,WAAW,CAAC,KAAK,KAAK,sBAAsB,IAAI,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,uBAAuB,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AAClL,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,QAAG,CAAC,IAAI,GAAG,KAAK,KAAK,WAAW,CAAC,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,YAAY,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AACtI,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,cAAI,CAAC,IAAI,MAAM,KAAK,QAAQ,IAAI,KAAK,UAAU,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,EAAE,CAAC,CAAC,QAAG,CAAC,CAAC;AAAA,IAC5H;AAAA,EACF;AAEA,MAAI,OAAO,yBAAyB,SAAS,GAAG;AAC9C,UAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,UAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,OAAO,WAAI,CAAC,IAAI,GAAG,KAAK,GAAG,OAAO,4BAA4B,CAAC,CAAC,GAAG,IAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAC1H,eAAW,QAAQ,OAAO,0BAA0B;AAClD,YAAM,SAAS,KAAK,cAAc,GAAG,MAAM,sBAAiB,IAAI,GAAG,IAAI,sBAAsB;AAC7F,YAAM,WAAW,eAAe,KAAK,UAAU;AAC/C,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,QAAG,CAAC,IAAI,GAAG,KAAK,KAAK,WAAW,CAAC,KAAK,KAAK,sBAAsB,IAAI,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,uBAAuB,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AAClL,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,QAAG,CAAC,IAAI,GAAG,KAAK,KAAK,WAAW,CAAC,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,KAAK,YAAY,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AACtI,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,cAAI,CAAC,IAAI,MAAM,KAAK,QAAQ,IAAI,KAAK,UAAU,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,EAAE,CAAC,CAAC,QAAG,CAAC,CAAC;AAAA,IAC5H;AAAA,EACF;AAEA,MAAI,OAAO,eAAe,SAAS,GAAG;AACpC,UAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,UAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,WAAI,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,iBAAiB,CAAC,CAAC,GAAG,IAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AACzG,eAAW,SAAS,OAAO,gBAAgB;AACzC,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAClD,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,cAAc,MAAM,QAAQ,CAAC,IAAI,GAAG,KAAK,MAAM,KAAK,CAAC,OAAO,MAAM,WAAW,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,MAAM,YAAY,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AAC5K,YAAM,KAAK,GAAG,KAAK,GAAG,KAAK,WAAM,GAAG,IAAI,QAAG,CAAC,IAAI,MAAM,GAAG,GAAG,IAAI,OAAO,KAAK,IAAI,GAAG,KAAK,MAAM,IAAI,MAAM,CAAC,CAAC,QAAG,CAAC,CAAC;AAAA,IACjH;AAAA,EACF;AAEA,QAAM,KAAK,GAAG,KAAK,GAAG,KAAK,SAAI,SAAI,OAAO,EAAE,CAAC,QAAG,CAAC,CAAC;AAElD,SAAO,MAAM,KAAK,IAAI;AACxB;;;AHrEA,IAAM,UAAU,IAAI,QAAQ;AAE5B,QACG,KAAK,WAAW,EAChB,YAAY,8DAA8D,EAC1E,QAAQ,OAAO,EACf,SAAS,UAAU,wBAAwB,GAAG,EAC9C,OAAO,cAAc,gBAAgB,EACrC,OAAO,iBAAiB,gBAAgB,EACxC,OAAO,SAAS,6BAA6B,EAC7C,OAAO,OAAO,MAAc,YAAkE;AAC7F,MAAI;AACF,UAAM,SAAS,MAAM,YAAY,EAAE,MAAM,SAAS,QAAQ,SAAS,YAAY,QAAQ,KAAK,CAAC;AAC7F,YAAQ,IAAI,eAAe,QAAQ,QAAQ,IAAI,CAAC;AAAA,EAClD,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,YAAQ,MAAM;AAAA,WAAS,OAAO;AAAA,CAAI;AAClC,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF,CAAC;AAEH,QAAQ,MAAM;","names":[]}

package/dist/dep-exray/index.d.ts

@@ -0,0 +1,5 @@
+export { scanProject } from './scanner/index.js';
+export { generateReport } from './reporter/index.js';
+export { analyzeUsage } from './analyzer/index.js';
+export { DependencyInfo, ReplacementSuggestion, ScanResult, ScannerConfig, SecurityIssue } from './types.js';
+export { KNOWN_CVES, KNOWN_MAPPINGS } from './known-mappings.js';