supply-chain-guard 2.0.0 → 3.0.0

package/README.md

@@ -1,9 +1,14 @@
 # 🛡️ supply-chain-guard
 
-Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions. Detects [GlassWorm](https://www.reversinglabs.com/blog/glassworm-backdoor-campaign-npm-vscode) and similar malware campaigns.
+Open-source supply-chain security scanner for npm, PyPI, VS Code extensions, GitHub Actions workflows and Solana C2. Detects [GlassWorm](https://www.reversinglabs.com/blog/glassworm-backdoor-campaign-npm-vscode) and similar malware campaigns.
 
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D20-green)](https://nodejs.org)
+[![npm](https://img.shields.io/badge/npm-v3.0.0-blue)](https://www.npmjs.com/package/supply-chain-guard)
+
+## Background
+
+For a deep dive into how GlassWorm infiltrates the software supply chain and the detection techniques behind this tool, read the blog post: [How GlassWorm Gets In and How We Locked It Out](https://blog.elvatis.com/how-glassworm-gets-in-and-how-we-locked-it-out/).
 
 ## What It Does
 
@@ -19,6 +24,9 @@ supply-chain-guard scans code repositories and npm packages for known indicators
 - 🟡 **Solana blockchain C2** (mainnet-beta, Helius RPC references used as command-and-control channels)
 - 🟡 **Git history manipulation** (committer dates far newer than author dates)
 - 🔵 **Typosquatting package names** (known malicious npm package patterns)
+- 🟠 **PyPI malicious install hooks** (setup.py subprocess, base64 exec, download-and-run in cmdclass)
+- 🟠 **GitHub Actions CI/CD attacks** (unpinned actions, secrets exfiltration, encoded payloads in run blocks)
+- 🟡 **Solana C2 wallet watchlist** (persistent monitoring of known command-and-control wallets with webhook alerts)
 
 ## Installation
 
@@ -32,6 +40,41 @@ Or use directly with npx:
 npx supply-chain-guard scan ./my-project
 ```
 
+## Quickstart
+
+**Scan a local directory:**
+
+```bash
+supply-chain-guard scan ./my-project
+```
+
+**Scan a GitHub repository:**
+
+```bash
+supply-chain-guard scan https://github.com/user/repo
+```
+
+**Scan an npm package (without installing it):**
+
+```bash
+supply-chain-guard npm suspicious-package-name
+```
+
+Example output:
+
+```
+  Risk Score: 68/100 (CRITICAL)
+  Findings:  2 critical, 1 high, 1 medium
+
+  🔴 [CRITICAL] GlassWorm campaign marker variable detected
+     Rule: GLASSWORM_MARKER  |  File: src/index.js:42
+
+  🔴 [CRITICAL] Base64-encoded eval detected
+     Rule: EVAL_ATOB  |  File: src/loader.js:15
+```
+
+See the full [Example Output](#example-output) section below for a complete scan report.
+
 ## Usage
 
 ### Scan a Local Directory
@@ -250,6 +293,24 @@ supply-chain-guard was built to detect these specific attack patterns and make t
 
 See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. The most impactful contribution is adding new detection patterns for emerging threats.
 
+
+## Changelog
+
+### v3.0.0 (2026-03-26)
+- **New:** PyPI scanner detects malicious `setup.py` install hooks (subprocess, base64 exec, cmdclass downloads)
+- **New:** GitHub Actions workflow scanner detects CI/CD pipeline attacks (unpinned actions, secrets exfiltration, encoded payloads)
+- **New:** SARIF 2.1.0 output format for GitHub Code Scanning integration (`--format sarif`)
+- **New:** Solana C2 wallet watchlist with persistent monitoring and webhook alerts (`watchlist` commands)
+- **New:** Blog post reference and improved quickstart guide
+- **Docs:** Example GitHub Actions workflow for SARIF upload at `docs/github-actions-sarif.yml`
+
+### v2.0.0
+- Multi-platform scanner (npm, PyPI, VS Code)
+- Dependency confusion detection
+- Lockfile integrity checks
+- Solana C2 monitoring
+
+
 ## License
 
 [Apache-2.0](LICENSE) - Copyright 2026 Elvatis - Emre Kohler

package/dist/cli.js

@@ -25,7 +25,7 @@ program
     .command("scan")
     .description("Scan a local directory or GitHub repo for malware indicators")
     .argument("<target>", "Local directory path or GitHub repo URL")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report: critical, high, medium, low, info")
     .option("-e, --exclude <rules>", "Comma-separated list of rule IDs to exclude")
     .option("-d, --depth <depth>", "Maximum directory depth", "20")
@@ -59,7 +59,7 @@ program
     .command("npm")
     .description("Scan an npm package for malware indicators (downloads without installing)")
     .argument("<package>", "npm package name (e.g., express, lodash)")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report")
     .action(async (packageName, opts) => {
     try {
@@ -87,7 +87,7 @@ program
     .command("pypi")
     .description("Scan a PyPI package for malware indicators (downloads without installing)")
     .argument("<package>", "PyPI package name (e.g., requests, flask)")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report")
     .action(async (packageName, opts) => {
     try {
@@ -115,7 +115,7 @@ program
     .command("vscode")
     .description("Scan a VS Code extension (.vsix file or marketplace ID) for malware indicators")
     .argument("<target>", "Path to .vsix file or marketplace extension ID (e.g., publisher.extension-name)")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report")
     .action(async (target, opts) => {
     try {
@@ -143,7 +143,7 @@ program
     .command("confusion")
     .description("Detect dependency confusion risks in a project's package.json")
     .argument("<target>", "Path to project directory or package.json file")
-    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report")
     .option("--no-dev", "Exclude devDependencies from the check")
     .action(async (target, opts) => {
@@ -224,5 +224,92 @@ program
         process.exit(1);
     }
 });
+// -- watchlist command -------------------------------------------------------
+const watchlist = program
+    .command("watchlist")
+    .description("Manage a persistent Solana C2 wallet watchlist");
+watchlist
+    .command("add")
+    .description("Add a Solana wallet address to the watchlist")
+    .argument("<address>", "Solana wallet address")
+    .requiredOption("-n, --name <name>", "Human-readable label for this wallet")
+    .action((address, opts) => {
+    try {
+        const entry = (0, solana_monitor_js_1.addToWatchlist)(address, opts.name);
+        console.log(`\n  Added to watchlist:`);
+        console.log(`  Address: ${entry.address}`);
+        console.log(`  Name:    ${entry.name}`);
+        console.log(`  Added:   ${entry.addedAt}\n`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+watchlist
+    .command("list")
+    .description("List all wallets on the watchlist")
+    .action(() => {
+    const entries = (0, solana_monitor_js_1.listWatchlist)();
+    if (entries.length === 0) {
+        console.log("\n  Watchlist is empty.\n");
+        return;
+    }
+    console.log(`\n  Watchlist (${entries.length} wallet(s)):\n`);
+    for (const entry of entries) {
+        console.log(`  Name:    ${entry.name}`);
+        console.log(`  Address: ${entry.address}`);
+        console.log(`  Added:   ${entry.addedAt}`);
+        console.log("");
+    }
+});
+watchlist
+    .command("remove")
+    .description("Remove a wallet from the watchlist")
+    .argument("<address>", "Solana wallet address to remove")
+    .action((address) => {
+    try {
+        (0, solana_monitor_js_1.removeFromWatchlist)(address);
+        console.log(`\n  Removed ${address} from watchlist.\n`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+watchlist
+    .command("monitor")
+    .description("Poll all watched wallets for new memo transactions")
+    .option("-i, --interval <seconds>", "Polling interval in seconds", "30")
+    .option("-l, --limit <count>", "Max transactions per poll per wallet", "20")
+    .option("-w, --webhook <url>", "Webhook URL to POST alerts to")
+    .action(async (opts) => {
+    try {
+        await (0, solana_monitor_js_1.monitorWatchlist)({
+            interval: parseInt(opts.interval, 10),
+            limit: parseInt(opts.limit, 10),
+            webhookUrl: opts.webhook,
+        }, (alert) => {
+            console.log("");
+            console.log("  ====================================");
+            console.log("  !! WATCHLIST ALERT !!");
+            console.log("  ====================================");
+            console.log(`  Name:      ${alert.name}`);
+            console.log(`  Address:   ${alert.address}`);
+            console.log(`  TxID:      ${alert.txid}`);
+            console.log(`  Memo:      ${alert.memo}`);
+            console.log(`  Timestamp: ${alert.timestamp}`);
+            console.log("  ====================================");
+            console.log("");
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
 program.parse();
 //# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAA8E;AAC9E,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/dependency-confusion.d.ts

@@ -12,7 +12,7 @@ export interface ConfusionScanOptions {
     /** Path to the project directory (containing package.json) */
     target: string;
     /** Output format */
-    format: "text" | "json" | "markdown";
+    format: "text" | "json" | "markdown" | "sarif";
     /** Minimum severity to report */
     minSeverity?: Severity;
     /** Include devDependencies in the check */

package/dist/dependency-confusion.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dependency-confusion.d.ts","sourceRoot":"","sources":["../src/dependency-confusion.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAW,UAAU,EAAe,QAAQ,EAAE,MAAM,YAAY,CAAC;AAwD7E,MAAM,WAAW,oBAAoB;IACnC,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IACrC,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,UAAU,CAAC,CA6DrB"}
+{"version":3,"file":"dependency-confusion.d.ts","sourceRoot":"","sources":["../src/dependency-confusion.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAW,UAAU,EAAe,QAAQ,EAAE,MAAM,YAAY,CAAC;AAwD7E,MAAM,WAAW,oBAAoB;IACnC,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC;IAC/C,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,UAAU,CAAC,CA6DrB"}

package/dist/github-actions-scanner.d.ts

@@ -0,0 +1,14 @@
+/**
+ * GitHub Actions Workflow Scanner
+ *
+ * Scans .github/workflows/*.yml files for CI/CD pipeline attack indicators
+ * including remote code execution, secrets exfiltration, compromised action
+ * references, unpinned versions, and encoded payloads.
+ */
+import type { Finding } from "./types.js";
+/**
+ * Scan a directory for GitHub Actions workflow files and return findings.
+ * Called from the main scanner during directory scans.
+ */
+export declare function scanGitHubActionsWorkflows(dir: string): Finding[];
+//# sourceMappingURL=github-actions-scanner.d.ts.map

package/dist/github-actions-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-actions-scanner.d.ts","sourceRoot":"","sources":["../src/github-actions-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAY,MAAM,YAAY,CAAC;AAmIpD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAgCjE"}