npm - supply-chain-guard - Versions diffs - 1.0.0 → 3.0.0 - Mend

supply-chain-guard 1.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/README.md +62 -1
package/dist/cli.d.ts +2 -2
package/dist/cli.js +181 -5
package/dist/cli.js.map +1 -1
package/dist/dependency-confusion.d.ts +25 -0
package/dist/dependency-confusion.d.ts.map +1 -0
package/dist/dependency-confusion.js +496 -0
package/dist/dependency-confusion.js.map +1 -0
package/dist/github-actions-scanner.d.ts +14 -0
package/dist/github-actions-scanner.d.ts.map +1 -0
package/dist/github-actions-scanner.js +420 -0
package/dist/github-actions-scanner.js.map +1 -0
package/dist/index.d.ts +7 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +17 -1
package/dist/index.js.map +1 -1
package/dist/lockfile-checker.d.ts +16 -0
package/dist/lockfile-checker.d.ts.map +1 -0
package/dist/lockfile-checker.js +309 -0
package/dist/lockfile-checker.js.map +1 -0
package/dist/patterns.d.ts +18 -0
package/dist/patterns.d.ts.map +1 -1
package/dist/patterns.js +458 -1
package/dist/patterns.js.map +1 -1
package/dist/pypi-scanner.d.ts +26 -0
package/dist/pypi-scanner.d.ts.map +1 -0
package/dist/pypi-scanner.js +548 -0
package/dist/pypi-scanner.js.map +1 -0
package/dist/reporter.d.ts +2 -2
package/dist/reporter.d.ts.map +1 -1
package/dist/reporter.js +76 -1
package/dist/reporter.js.map +1 -1
package/dist/scanner.d.ts.map +1 -1
package/dist/scanner.js +253 -1
package/dist/scanner.js.map +1 -1
package/dist/solana-monitor.d.ts +28 -2
package/dist/solana-monitor.d.ts.map +1 -1
package/dist/solana-monitor.js +171 -0
package/dist/solana-monitor.js.map +1 -1
package/dist/types.d.ts +20 -2
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/vscode-scanner.d.ts +21 -0
package/dist/vscode-scanner.d.ts.map +1 -0
package/dist/vscode-scanner.js +585 -0
package/dist/vscode-scanner.js.map +1 -0
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -1,9 +1,14 @@
 # 🛡️ supply-chain-guard
-Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions. Detects [GlassWorm](https://www.reversinglabs.com/blog/glassworm-backdoor-campaign-npm-vscode) and similar malware campaigns.
+Open-source supply-chain security scanner for npm, PyPI, VS Code extensions, GitHub Actions workflows and Solana C2. Detects [GlassWorm](https://www.reversinglabs.com/blog/glassworm-backdoor-campaign-npm-vscode) and similar malware campaigns.
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D20-green)](https://nodejs.org)
+[![npm](https://img.shields.io/badge/npm-v3.0.0-blue)](https://www.npmjs.com/package/supply-chain-guard)
+## Background
+For a deep dive into how GlassWorm infiltrates the software supply chain and the detection techniques behind this tool, read the blog post: [How GlassWorm Gets In and How We Locked It Out](https://blog.elvatis.com/how-glassworm-gets-in-and-how-we-locked-it-out/).
 ## What It Does
@@ -19,6 +24,9 @@ supply-chain-guard scans code repositories and npm packages for known indicators
 - 🟡 **Solana blockchain C2** (mainnet-beta, Helius RPC references used as command-and-control channels)
 - 🟡 **Git history manipulation** (committer dates far newer than author dates)
 - 🔵 **Typosquatting package names** (known malicious npm package patterns)
+- 🟠 **PyPI malicious install hooks** (setup.py subprocess, base64 exec, download-and-run in cmdclass)
+- 🟠 **GitHub Actions CI/CD attacks** (unpinned actions, secrets exfiltration, encoded payloads in run blocks)
+- 🟡 **Solana C2 wallet watchlist** (persistent monitoring of known command-and-control wallets with webhook alerts)
 ## Installation
@@ -32,6 +40,41 @@ Or use directly with npx:
 npx supply-chain-guard scan ./my-project
 ```
+## Quickstart
+**Scan a local directory:**
+```bash
+supply-chain-guard scan ./my-project
+```
+**Scan a GitHub repository:**
+```bash
+supply-chain-guard scan https://github.com/user/repo
+```
+**Scan an npm package (without installing it):**
+```bash
+supply-chain-guard npm suspicious-package-name
+```
+Example output:
+```
+  Risk Score: 68/100 (CRITICAL)
+  Findings:  2 critical, 1 high, 1 medium
+  🔴 [CRITICAL] GlassWorm campaign marker variable detected
+     Rule: GLASSWORM_MARKER  |  File: src/index.js:42
+  🔴 [CRITICAL] Base64-encoded eval detected
+     Rule: EVAL_ATOB  |  File: src/loader.js:15
+```
+See the full [Example Output](#example-output) section below for a complete scan report.
 ## Usage
 ### Scan a Local Directory
@@ -250,6 +293,24 @@ supply-chain-guard was built to detect these specific attack patterns and make t
 See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. The most impactful contribution is adding new detection patterns for emerging threats.
+## Changelog
+### v3.0.0 (2026-03-26)
+- **New:** PyPI scanner detects malicious `setup.py` install hooks (subprocess, base64 exec, cmdclass downloads)
+- **New:** GitHub Actions workflow scanner detects CI/CD pipeline attacks (unpinned actions, secrets exfiltration, encoded payloads)
+- **New:** SARIF 2.1.0 output format for GitHub Code Scanning integration (`--format sarif`)
+- **New:** Solana C2 wallet watchlist with persistent monitoring and webhook alerts (`watchlist` commands)
+- **New:** Blog post reference and improved quickstart guide
+- **Docs:** Example GitHub Actions workflow for SARIF upload at `docs/github-actions-sarif.yml`
+### v2.0.0
+- Multi-platform scanner (npm, PyPI, VS Code)
+- Dependency confusion detection
+- Lockfile integrity checks
+- Solana C2 monitoring
 ## License
 [Apache-2.0](LICENSE) - Copyright 2026 Elvatis - Emre Kohler

package/dist/cli.d.ts CHANGED Viewed

@@ -2,8 +2,8 @@
 /**
  * supply-chain-guard CLI
  *
- * Scan code repositories, npm packages, and VS Code extensions
- * for supply-chain malware indicators.
+ * Scan code repositories, npm packages, PyPI packages, VS Code extensions,
+ * and project dependencies for supply-chain malware indicators.
  */
 export {};
 //# sourceMappingURL=cli.d.ts.map

package/dist/cli.js CHANGED Viewed

@@ -3,26 +3,29 @@
 /**
  * supply-chain-guard CLI
  *
- * Scan code repositories, npm packages, and VS Code extensions
- * for supply-chain malware indicators.
+ * Scan code repositories, npm packages, PyPI packages, VS Code extensions,
+ * and project dependencies for supply-chain malware indicators.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 const commander_1 = require("commander");
 const scanner_js_1 = require("./scanner.js");
 const npm_scanner_js_1 = require("./npm-scanner.js");
+const pypi_scanner_js_1 = require("./pypi-scanner.js");
+const vscode_scanner_js_1 = require("./vscode-scanner.js");
+const dependency_confusion_js_1 = require("./dependency-confusion.js");
 const solana_monitor_js_1 = require("./solana-monitor.js");
 const reporter_js_1 = require("./reporter.js");
 const program = new commander_1.Command();
 program
     .name("supply-chain-guard")
-    .description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, code repos, and VS Code extensions.")
+    .description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
     .version("1.0.0");
 // ── scan command ────────────────────────────────────────────────────
 program
     .command("scan")
     .description("Scan a local directory or GitHub repo for malware indicators")
     .argument("<target>", "Local directory path or GitHub repo URL")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report: critical, high, medium, low, info")
     .option("-e, --exclude <rules>", "Comma-separated list of rule IDs to exclude")
     .option("-d, --depth <depth>", "Maximum directory depth", "20")
@@ -56,7 +59,7 @@ program
     .command("npm")
     .description("Scan an npm package for malware indicators (downloads without installing)")
     .argument("<package>", "npm package name (e.g., express, lodash)")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report")
     .action(async (packageName, opts) => {
     try {
@@ -79,6 +82,92 @@ program
         process.exit(1);
     }
 });
+// ── pypi command ────────────────────────────────────────────────────
+program
+    .command("pypi")
+    .description("Scan a PyPI package for malware indicators (downloads without installing)")
+    .argument("<package>", "PyPI package name (e.g., requests, flask)")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
+    .option("-s, --min-severity <severity>", "Minimum severity to report")
+    .action(async (packageName, opts) => {
+    try {
+        const report = await (0, pypi_scanner_js_1.scanPypiPackage)(packageName, {
+            target: packageName,
+            format: opts.format,
+            minSeverity: opts.minSeverity,
+        });
+        console.log((0, reporter_js_1.formatReport)(report, opts.format));
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+// ── vscode command ──────────────────────────────────────────────────
+program
+    .command("vscode")
+    .description("Scan a VS Code extension (.vsix file or marketplace ID) for malware indicators")
+    .argument("<target>", "Path to .vsix file or marketplace extension ID (e.g., publisher.extension-name)")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
+    .option("-s, --min-severity <severity>", "Minimum severity to report")
+    .action(async (target, opts) => {
+    try {
+        const report = await (0, vscode_scanner_js_1.scanVscodeExtension)({
+            target,
+            format: opts.format,
+            minSeverity: opts.minSeverity,
+        });
+        console.log((0, reporter_js_1.formatReport)(report, opts.format));
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+// ── confusion command ───────────────────────────────────────────────
+program
+    .command("confusion")
+    .description("Detect dependency confusion risks in a project's package.json")
+    .argument("<target>", "Path to project directory or package.json file")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
+    .option("-s, --min-severity <severity>", "Minimum severity to report")
+    .option("--no-dev", "Exclude devDependencies from the check")
+    .action(async (target, opts) => {
+    try {
+        const report = await (0, dependency_confusion_js_1.scanDependencyConfusion)({
+            target,
+            format: opts.format,
+            minSeverity: opts.minSeverity,
+            includeDevDeps: opts.dev,
+        });
+        console.log((0, reporter_js_1.formatReport)(report, opts.format));
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
 // ── monitor command ─────────────────────────────────────────────────
 program
     .command("monitor")
@@ -135,5 +224,92 @@ program
         process.exit(1);
     }
 });
+// -- watchlist command -------------------------------------------------------
+const watchlist = program
+    .command("watchlist")
+    .description("Manage a persistent Solana C2 wallet watchlist");
+watchlist
+    .command("add")
+    .description("Add a Solana wallet address to the watchlist")
+    .argument("<address>", "Solana wallet address")
+    .requiredOption("-n, --name <name>", "Human-readable label for this wallet")
+    .action((address, opts) => {
+    try {
+        const entry = (0, solana_monitor_js_1.addToWatchlist)(address, opts.name);
+        console.log(`\n  Added to watchlist:`);
+        console.log(`  Address: ${entry.address}`);
+        console.log(`  Name:    ${entry.name}`);
+        console.log(`  Added:   ${entry.addedAt}\n`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+watchlist
+    .command("list")
+    .description("List all wallets on the watchlist")
+    .action(() => {
+    const entries = (0, solana_monitor_js_1.listWatchlist)();
+    if (entries.length === 0) {
+        console.log("\n  Watchlist is empty.\n");
+        return;
+    }
+    console.log(`\n  Watchlist (${entries.length} wallet(s)):\n`);
+    for (const entry of entries) {
+        console.log(`  Name:    ${entry.name}`);
+        console.log(`  Address: ${entry.address}`);
+        console.log(`  Added:   ${entry.addedAt}`);
+        console.log("");
+    }
+});
+watchlist
+    .command("remove")
+    .description("Remove a wallet from the watchlist")
+    .argument("<address>", "Solana wallet address to remove")
+    .action((address) => {
+    try {
+        (0, solana_monitor_js_1.removeFromWatchlist)(address);
+        console.log(`\n  Removed ${address} from watchlist.\n`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+watchlist
+    .command("monitor")
+    .description("Poll all watched wallets for new memo transactions")
+    .option("-i, --interval <seconds>", "Polling interval in seconds", "30")
+    .option("-l, --limit <count>", "Max transactions per poll per wallet", "20")
+    .option("-w, --webhook <url>", "Webhook URL to POST alerts to")
+    .action(async (opts) => {
+    try {
+        await (0, solana_monitor_js_1.monitorWatchlist)({
+            interval: parseInt(opts.interval, 10),
+            limit: parseInt(opts.limit, 10),
+            webhookUrl: opts.webhook,
+        }, (alert) => {
+            console.log("");
+            console.log("  ====================================");
+            console.log("  !! WATCHLIST ALERT !!");
+            console.log("  ====================================");
+            console.log(`  Name:      ${alert.name}`);
+            console.log(`  Address:   ${alert.address}`);
+            console.log(`  TxID:      ${alert.txid}`);
+            console.log(`  Memo:      ${alert.memo}`);
+            console.log(`  Timestamp: ${alert.timestamp}`);
+            console.log("  ====================================");
+            console.log("");
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
 program.parse();
 //# sourceMappingURL=cli.js.map

package/dist/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,2DAA8E;AAC9E,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,iJAAiJ,CAClJ;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/dependency-confusion.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Dependency Confusion Detector
+ *
+ * Analyzes a project's package.json to detect potential dependency confusion attacks.
+ * Checks if dependencies exist on the public npm registry and flags suspicious ones:
+ * - Unscoped packages that look like internal names
+ * - Packages with no README, very recent publish, or low download counts
+ * - Packages where the public version was published AFTER the project started using it
+ */
+import type { ScanReport, Severity } from "./types.js";
+export interface ConfusionScanOptions {
+    /** Path to the project directory (containing package.json) */
+    target: string;
+    /** Output format */
+    format: "text" | "json" | "markdown" | "sarif";
+    /** Minimum severity to report */
+    minSeverity?: Severity;
+    /** Include devDependencies in the check */
+    includeDevDeps?: boolean;
+}
+/**
+ * Scan a project for dependency confusion risks.
+ */
+export declare function scanDependencyConfusion(options: ConfusionScanOptions): Promise<ScanReport>;
+//# sourceMappingURL=dependency-confusion.d.ts.map

package/dist/dependency-confusion.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dependency-confusion.d.ts","sourceRoot":"","sources":["../src/dependency-confusion.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAW,UAAU,EAAe,QAAQ,EAAE,MAAM,YAAY,CAAC;AAwD7E,MAAM,WAAW,oBAAoB;IACnC,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC;IAC/C,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,UAAU,CAAC,CA6DrB"}