supply-chain-guard 3.0.0 → 4.0.0

package/README.md

@@ -4,7 +4,7 @@ Open-source supply-chain security scanner for npm, PyPI, VS Code extensions, Git
 
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Node.js](https://img.shields.io/badge/Node.js-%3E%3D20-green)](https://nodejs.org)
-[![npm](https://img.shields.io/badge/npm-v3.0.0-blue)](https://www.npmjs.com/package/supply-chain-guard)
+[![npm](https://img.shields.io/badge/npm-v3.1.0-blue)](https://www.npmjs.com/package/supply-chain-guard)
 
 ## Background
 
@@ -124,8 +124,31 @@ supply-chain-guard scan ./project --format json
 
 # Markdown (for PR comments)
 supply-chain-guard scan ./project --format markdown
+
+# SARIF 2.1.0 (for GitHub Code Scanning)
+supply-chain-guard scan ./project --format sarif
+
+# CycloneDX 1.5 SBOM (for compliance: NIS2, SSDF, SBOM mandates)
+supply-chain-guard scan ./project --format sbom
 ```
 
+### CI Exit Code Control
+
+By default, the scanner exits 2 on critical findings and 1 on high findings. Use `--fail-on` to set a custom threshold:
+
+```bash
+# Fail only on critical (ignore high/medium/low)
+supply-chain-guard scan ./project --fail-on critical
+
+# Fail on high or above (critical + high)
+supply-chain-guard scan ./project --fail-on high
+
+# Fail on any finding
+supply-chain-guard scan ./project --fail-on info
+```
+
+This is useful for tiered CI pipelines: block deploys on critical, warn on medium.
+
 ### Filtering
 
 ```bash
@@ -296,6 +319,12 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. The most impactful contri
 
 ## Changelog
 
+### v3.1.0 (2026-03-26)
+- **New:** SBOM export in CycloneDX 1.5 JSON format (`--format sbom`) for compliance (NIS2, SSDF)
+- **New:** `--fail-on <severity>` flag for tiered CI pipelines (fail only at specified severity threshold)
+- **Tests:** Full unit test coverage for solana-monitor (23 tests), reporter (39 tests), CLI integration (22 tests)
+- **Total:** 269 tests, all passing
+
 ### v3.0.0 (2026-03-26)
 - **New:** PyPI scanner detects malicious `setup.py` install hooks (subprocess, base64 exec, cmdclass downloads)
 - **New:** GitHub Actions workflow scanner detects CI/CD pipeline attacks (unpinned actions, secrets exfiltration, encoded payloads)

package/dist/cargo-scanner.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Cargo/Rust supply-chain scanner.
+ *
+ * Detects supply-chain risks in Cargo.toml, build.rs, and
+ * Rust procedural macros.
+ */
+import type { Finding, PatternEntry } from "./types.js";
+export declare const CARGO_PATTERNS: PatternEntry[];
+/**
+ * Check if a file is a Cargo-related file.
+ */
+export declare function isCargoFile(filename: string): boolean;
+/**
+ * Scan Cargo-related files in a directory.
+ */
+export declare function scanCargoFiles(dir: string): Finding[];
+/**
+ * Scan content of a Cargo-related file.
+ */
+export declare function scanCargoContent(content: string, relativePath: string, fileType: "toml" | "build" | "proc-macro"): Finding[];
+//# sourceMappingURL=cargo-scanner.d.ts.map

package/dist/cargo-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cargo-scanner.d.ts","sourceRoot":"","sources":["../src/cargo-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,cAAc,EAAE,YAAY,EAuFxC,CAAC;AAMF;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAErD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAyBrD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,YAAY,GACxC,OAAO,EAAE,CAuCX"}

package/dist/cargo-scanner.js

@@ -0,0 +1,241 @@
+"use strict";
+/**
+ * Cargo/Rust supply-chain scanner.
+ *
+ * Detects supply-chain risks in Cargo.toml, build.rs, and
+ * Rust procedural macros.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CARGO_PATTERNS = void 0;
+exports.isCargoFile = isCargoFile;
+exports.scanCargoFiles = scanCargoFiles;
+exports.scanCargoContent = scanCargoContent;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+// ---------------------------------------------------------------------------
+// Cargo/Rust patterns
+// ---------------------------------------------------------------------------
+exports.CARGO_PATTERNS = [
+    // build.rs risks
+    {
+        name: "cargo-build-rs-exec",
+        pattern: "Command::new\\s*\\(|std::process::Command|process::Command",
+        description: "build.rs executes system commands. Build scripts run during `cargo build` with full privileges.",
+        severity: "critical",
+        rule: "CARGO_BUILD_RS_EXEC",
+    },
+    {
+        name: "cargo-build-rs-network",
+        pattern: "(?:reqwest|hyper|curl|ureq|attohttpc|minreq)\\b.*(?:get|post|request|fetch)|TcpStream::connect",
+        description: "build.rs performs network requests. Build scripts should not access the network.",
+        severity: "high",
+        rule: "CARGO_BUILD_RS_NETWORK",
+    },
+    {
+        name: "cargo-build-rs-env-exfil",
+        pattern: "env::var\\b.*(?:reqwest|hyper|TcpStream|UdpSocket)|(?:reqwest|hyper|TcpStream|UdpSocket).*env::var",
+        description: "build.rs reads environment variables near network code (potential data exfiltration).",
+        severity: "critical",
+        rule: "CARGO_BUILD_RS_ENV_EXFIL",
+    },
+    {
+        name: "cargo-build-rs-download",
+        pattern: "(?:curl|wget|fetch|download).*(?:write_all|copy|save|File::create)",
+        description: "build.rs downloads and writes files to disk.",
+        severity: "high",
+        rule: "CARGO_BUILD_RS_DOWNLOAD",
+    },
+    // Cargo.toml risks
+    {
+        name: "cargo-git-dependency",
+        pattern: "git\\s*=\\s*[\"']https?://(?!github\\.com/rust-lang|github\\.com/tokio-rs|github\\.com/serde-rs)",
+        description: "Cargo dependency from a git URL instead of crates.io. Git sources bypass crates.io integrity checks.",
+        severity: "medium",
+        rule: "CARGO_GIT_DEPENDENCY",
+    },
+    {
+        name: "cargo-patch-section",
+        pattern: "\\[patch\\.",
+        description: "Cargo.toml [patch] section detected. Patches override crate sources and can redirect dependencies.",
+        severity: "high",
+        rule: "CARGO_PATCH_SECTION",
+    },
+    {
+        name: "cargo-replace-section",
+        pattern: "\\[replace\\]",
+        description: "Cargo.toml [replace] section detected (deprecated). Replaces override dependency resolution.",
+        severity: "high",
+        rule: "CARGO_REPLACE_SECTION",
+    },
+    // Proc macro risks
+    {
+        name: "cargo-proc-macro-fs",
+        pattern: "std::fs::|fs::(?:read|write|remove|create)",
+        description: "Procedural macro performs file system operations. Proc macros run at compile time with full access.",
+        severity: "high",
+        rule: "CARGO_PROC_MACRO_FS",
+    },
+    {
+        name: "cargo-proc-macro-network",
+        pattern: "std::net::|TcpStream|UdpSocket|reqwest|hyper",
+        description: "Procedural macro performs network operations. Proc macros should not access the network.",
+        severity: "critical",
+        rule: "CARGO_PROC_MACRO_NETWORK",
+    },
+];
+/** Cargo-related file names */
+const CARGO_FILES = new Set(["Cargo.toml", "Cargo.lock"]);
+const BUILD_RS = "build.rs";
+/**
+ * Check if a file is a Cargo-related file.
+ */
+function isCargoFile(filename) {
+    return CARGO_FILES.has(filename) || filename === BUILD_RS;
+}
+/**
+ * Scan Cargo-related files in a directory.
+ */
+function scanCargoFiles(dir) {
+    const findings = [];
+    // Scan Cargo.toml
+    const cargoToml = path.join(dir, "Cargo.toml");
+    if (fs.existsSync(cargoToml)) {
+        try {
+            const content = fs.readFileSync(cargoToml, "utf-8");
+            findings.push(...scanCargoContent(content, "Cargo.toml", "toml"));
+        }
+        catch { /* skip */ }
+    }
+    // Scan build.rs
+    const buildRs = path.join(dir, BUILD_RS);
+    if (fs.existsSync(buildRs)) {
+        try {
+            const content = fs.readFileSync(buildRs, "utf-8");
+            findings.push(...scanCargoContent(content, BUILD_RS, "build"));
+        }
+        catch { /* skip */ }
+    }
+    // Scan proc-macro crates (look in src/ for files with proc_macro attribute)
+    scanProcMacros(dir, findings);
+    return findings;
+}
+/**
+ * Scan content of a Cargo-related file.
+ */
+function scanCargoContent(content, relativePath, fileType) {
+    const findings = [];
+    const lines = content.split("\n");
+    const patterns = fileType === "toml"
+        ? exports.CARGO_PATTERNS.filter((p) => p.rule.startsWith("CARGO_GIT") ||
+            p.rule.startsWith("CARGO_PATCH") ||
+            p.rule.startsWith("CARGO_REPLACE"))
+        : fileType === "build"
+            ? exports.CARGO_PATTERNS.filter((p) => p.rule.startsWith("CARGO_BUILD_RS"))
+            : exports.CARGO_PATTERNS.filter((p) => p.rule.startsWith("CARGO_PROC_MACRO"));
+    for (const pattern of patterns) {
+        const regex = new RegExp(pattern.pattern, "i");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i] ?? "";
+            const match = regex.exec(line);
+            if (match) {
+                findings.push({
+                    rule: pattern.rule,
+                    description: pattern.description,
+                    severity: pattern.severity,
+                    file: relativePath,
+                    line: i + 1,
+                    match: match[0].length > 120
+                        ? match[0].substring(0, 120) + "..."
+                        : match[0],
+                    recommendation: getCargoRecommendation(pattern.rule),
+                });
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Look for proc-macro source files and scan them.
+ */
+function scanProcMacros(dir, findings) {
+    // Check if Cargo.toml declares proc-macro = true
+    const cargoToml = path.join(dir, "Cargo.toml");
+    if (!fs.existsSync(cargoToml))
+        return;
+    let tomlContent;
+    try {
+        tomlContent = fs.readFileSync(cargoToml, "utf-8");
+    }
+    catch {
+        return;
+    }
+    if (!tomlContent.includes("proc-macro") && !tomlContent.includes("proc_macro"))
+        return;
+    // Scan .rs files in src/
+    const srcDir = path.join(dir, "src");
+    if (!fs.existsSync(srcDir))
+        return;
+    try {
+        const entries = fs.readdirSync(srcDir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (!entry.isFile() || !entry.name.endsWith(".rs"))
+                continue;
+            const fullPath = path.join(srcDir, entry.name);
+            try {
+                const content = fs.readFileSync(fullPath, "utf-8");
+                const relPath = `src/${entry.name}`;
+                findings.push(...scanCargoContent(content, relPath, "proc-macro"));
+            }
+            catch { /* skip */ }
+        }
+    }
+    catch { /* skip */ }
+}
+function getCargoRecommendation(rule) {
+    const map = {
+        CARGO_BUILD_RS_EXEC: "Audit build.rs command execution. Build scripts run with full access during `cargo build`.",
+        CARGO_BUILD_RS_NETWORK: "Build scripts should not make network requests. Use vendored dependencies or cargo's built-in mechanisms.",
+        CARGO_BUILD_RS_ENV_EXFIL: "Environment variable access combined with network code in build.rs is a data exfiltration risk.",
+        CARGO_BUILD_RS_DOWNLOAD: "Build script downloads files. Verify the source is trusted and integrity is checked.",
+        CARGO_GIT_DEPENDENCY: "Use crates.io dependencies when possible. Git dependencies bypass registry integrity checks.",
+        CARGO_PATCH_SECTION: "Verify [patch] entries are intentional. Patches override dependency resolution.",
+        CARGO_REPLACE_SECTION: "The [replace] section is deprecated. Migrate to [patch] and audit the override.",
+        CARGO_PROC_MACRO_FS: "Proc macros should not perform file I/O. They run at compile time with full file system access.",
+        CARGO_PROC_MACRO_NETWORK: "Proc macros must not access the network. This is a strong indicator of a compromised crate.",
+    };
+    return map[rule] ?? "Review this Cargo configuration manually.";
+}
+//# sourceMappingURL=cargo-scanner.js.map

package/dist/cargo-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cargo-scanner.js","sourceRoot":"","sources":["../src/cargo-scanner.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0GH,kCAEC;AAKD,wCAyBC;AAKD,4CA2CC;AAxLD,4CAA8B;AAC9B,gDAAkC;AAGlC,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAEjE,QAAA,cAAc,GAAmB;IAC5C,iBAAiB;IACjB;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EACL,4DAA4D;QAC9D,WAAW,EACT,iGAAiG;QACnG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EACL,gGAAgG;QAClG,WAAW,EACT,kFAAkF;QACpF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EACL,oGAAoG;QACtG,WAAW,EACT,uFAAuF;QACzF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,0BAA0B;KACjC;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EACL,oEAAoE;QACtE,WAAW,EACT,8CAA8C;QAChD,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,yBAAyB;KAChC;IAED,mBAAmB;IACnB;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EACL,kGAAkG;QACpG,WAAW,EACT,sGAAsG;QACxG,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,sBAAsB;KAC7B;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EACL,aAAa;QACf,WAAW,EACT,oGAAoG;QACtG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EACL,eAAe;QACjB,WAAW,EACT,8FAA8F;QAChG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,uBAAuB;KAC9B;IAED,mBAAmB;IACnB;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EACL,4CAA4C;QAC9C,WAAW,EACT,qGAAqG;QACvG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EACL,8CAA8C;QAChD,WAAW,EACT,0FAA0F;QAC5F,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,0BAA0B;KACjC;CACF,CAAC;AAEF,+BAA+B;AAC/B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,UAAU,CAAC;AAE5B;;GAEG;AACH,SAAgB,WAAW,CAAC,QAAgB;IAC1C,OAAO,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,QAAQ,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,kBAAkB;IAClB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACpD,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC,CAAC;QACpE,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,gBAAgB;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACzC,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QACjE,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,4EAA4E;IAC5E,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAE9B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAC9B,OAAe,EACf,YAAoB,EACpB,QAAyC;IAEzC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,MAAM,QAAQ,GACZ,QAAQ,KAAK,MAAM;QACjB,CAAC,CAAC,sBAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1B,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAC9B,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CACnC;QACH,CAAC,CAAC,QAAQ,KAAK,OAAO;YACpB,CAAC,CAAC,sBAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACnE,CAAC,CAAC,sBAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAE5E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EACH,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG;wBACnB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;wBACpC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;oBACd,cAAc,EAAE,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACrD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW,EAAE,QAAmB;IACtD,iDAAiD;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO;IAEtC,IAAI,WAAmB,CAAC;IACxB,IAAI,CAAC;QACH,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO;IAEvF,yBAAyB;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO;IAEnC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,SAAS;YAE7D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,GAAG,GAA2B;QAClC,mBAAmB,EACjB,4FAA4F;QAC9F,sBAAsB,EACpB,2GAA2G;QAC7G,wBAAwB,EACtB,iGAAiG;QACnG,uBAAuB,EACrB,sFAAsF;QACxF,oBAAoB,EAClB,8FAA8F;QAChG,mBAAmB,EACjB,iFAAiF;QACnF,qBAAqB,EACnB,iFAAiF;QACnF,mBAAmB,EACjB,iGAAiG;QACnG,wBAAwB,EACtB,6FAA6F;KAChG,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,2CAA2C,CAAC;AAClE,CAAC"}

package/dist/cli.js

@@ -19,16 +19,17 @@ const program = new commander_1.Command();
 program
     .name("supply-chain-guard")
     .description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
-    .version("1.0.0");
+    .version("4.0.0");
 // ── scan command ────────────────────────────────────────────────────
 program
     .command("scan")
     .description("Scan a local directory or GitHub repo for malware indicators")
     .argument("<target>", "Local directory path or GitHub repo URL")
-    .option("-f, --format <format>", "Output format: text, json, markdown, sarif", "text")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif, sbom, html", "text")
     .option("-s, --min-severity <severity>", "Minimum severity to report: critical, high, medium, low, info")
     .option("-e, --exclude <rules>", "Comma-separated list of rule IDs to exclude")
     .option("-d, --depth <depth>", "Maximum directory depth", "20")
+    .option("--fail-on <severity>", "Exit non-zero only if findings at or above this severity: critical, high, medium, low, info")
     .action(async (target, opts) => {
     try {
         const options = {
@@ -40,12 +41,24 @@ program
         };
         const report = await (0, scanner_js_1.scan)(options);
         console.log((0, reporter_js_1.formatReport)(report, options.format));
-        // Exit with non-zero if critical findings
-        if (report.summary.critical > 0) {
-            process.exit(2);
+        // Exit code logic
+        if (opts.failOn) {
+            const severityOrder = {
+                critical: 4, high: 3, medium: 2, low: 1, info: 0,
+            };
+            const threshold = severityOrder[opts.failOn] ?? 0;
+            const hasFindings = report.findings.some((f) => (severityOrder[f.severity] ?? 0) >= threshold);
+            if (hasFindings) {
+                process.exit(1);
+            }
         }
-        if (report.summary.high > 0) {
-            process.exit(1);
+        else {
+            if (report.summary.critical > 0) {
+                process.exit(2);
+            }
+            if (report.summary.high > 0) {
+                process.exit(1);
+            }
         }
     }
     catch (err) {

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAgD;YAC7D,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAgD,CAAC,CAAC,CAAC;QAEzF,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,sBAAsB,EACtB,6FAA6F,CAC9F;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAMC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAkE;YAC/E,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,aAAa,GAA2B;gBAC5C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YACF,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CACrD,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/config-scanner.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Package manager configuration file scanner.
+ *
+ * Detects supply-chain risks in .npmrc, .yarnrc, .pnpmrc,
+ * pip.conf, .pypirc, and pyproject.toml config files.
+ */
+import type { Finding, PatternEntry } from "./types.js";
+export declare const CONFIG_PATTERNS: PatternEntry[];
+/**
+ * Check whether a filename is a package manager config file.
+ */
+export declare function isConfigFile(filename: string): boolean;
+/**
+ * Scan a single config file for supply-chain risks.
+ */
+export declare function scanConfigFile(content: string, relativePath: string): Finding[];
+/**
+ * Scan a directory for package manager config files.
+ */
+export declare function scanConfigFiles(dir: string): Finding[];
+//# sourceMappingURL=config-scanner.d.ts.map

package/dist/config-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-scanner.d.ts","sourceRoot":"","sources":["../src/config-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAMxD,eAAO,MAAM,eAAe,EAAE,YAAY,EA4DzC,CAAC;AAYF;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA8BX;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAsBtD"}

package/dist/config-scanner.js

@@ -0,0 +1,186 @@
+"use strict";
+/**
+ * Package manager configuration file scanner.
+ *
+ * Detects supply-chain risks in .npmrc, .yarnrc, .pnpmrc,
+ * pip.conf, .pypirc, and pyproject.toml config files.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONFIG_PATTERNS = void 0;
+exports.isConfigFile = isConfigFile;
+exports.scanConfigFile = scanConfigFile;
+exports.scanConfigFiles = scanConfigFiles;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+// ---------------------------------------------------------------------------
+// Config patterns
+// ---------------------------------------------------------------------------
+exports.CONFIG_PATTERNS = [
+    {
+        name: "config-http-registry",
+        pattern: "registry\\s*=\\s*http://(?!localhost|127\\.0\\.0\\.1)",
+        description: "Package manager configured to use plain HTTP registry. Packages can be intercepted via MITM.",
+        severity: "critical",
+        rule: "CONFIG_HTTP_REGISTRY",
+    },
+    {
+        name: "config-custom-registry",
+        pattern: "registry\\s*=\\s*https?://(?!registry\\.npmjs\\.org|registry\\.yarnpkg\\.com|pypi\\.org|files\\.pythonhosted\\.org)",
+        description: "Package manager points to a non-default registry. Verify this is intentional.",
+        severity: "high",
+        rule: "CONFIG_CUSTOM_REGISTRY",
+    },
+    {
+        name: "config-auth-token",
+        pattern: "(?:_authToken|_auth|_password|token|npm_token)\\s*=\\s*[A-Za-z0-9+/=_-]{8,}",
+        description: "Authentication token found in config file. Tokens committed to version control can be stolen.",
+        severity: "critical",
+        rule: "CONFIG_AUTH_TOKEN_EXPOSED",
+    },
+    {
+        name: "config-unsafe-perm",
+        pattern: "unsafe-perm\\s*=\\s*true",
+        description: "unsafe-perm=true allows install scripts to run as root, increasing attack surface.",
+        severity: "medium",
+        rule: "CONFIG_UNSAFE_PERM",
+    },
+    {
+        name: "config-ignore-scripts-false",
+        pattern: "ignore-scripts\\s*=\\s*false",
+        description: "ignore-scripts explicitly set to false. Install scripts will execute on npm install.",
+        severity: "low",
+        rule: "CONFIG_IGNORE_SCRIPTS_OFF",
+    },
+    {
+        name: "config-extra-index-url",
+        pattern: "extra-index-url\\s*=\\s*https?://(?!pypi\\.org|files\\.pythonhosted\\.org)",
+        description: "pip configured with extra-index-url pointing to a non-PyPI source. Dependency confusion risk.",
+        severity: "high",
+        rule: "CONFIG_EXTRA_INDEX",
+    },
+    {
+        name: "config-pip-trusted-host",
+        pattern: "trusted-host\\s*=",
+        description: "pip trusted-host disables SSL verification for a host. Packages can be intercepted.",
+        severity: "high",
+        rule: "CONFIG_TRUSTED_HOST",
+    },
+];
+/** Config file names to scan */
+const CONFIG_FILES = new Set([
+    ".npmrc",
+    ".yarnrc",
+    ".yarnrc.yml",
+    ".pnpmrc",
+    "pip.conf",
+    ".pypirc",
+]);
+/**
+ * Check whether a filename is a package manager config file.
+ */
+function isConfigFile(filename) {
+    return CONFIG_FILES.has(filename);
+}
+/**
+ * Scan a single config file for supply-chain risks.
+ */
+function scanConfigFile(content, relativePath) {
+    const findings = [];
+    const lines = content.split("\n");
+    for (const pattern of exports.CONFIG_PATTERNS) {
+        const regex = new RegExp(pattern.pattern, "i");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i] ?? "";
+            if (line.trimStart().startsWith("#") || line.trimStart().startsWith(";"))
+                continue; // skip comments
+            const match = regex.exec(line);
+            if (match) {
+                findings.push({
+                    rule: pattern.rule,
+                    description: pattern.description,
+                    severity: pattern.severity,
+                    file: relativePath,
+                    line: i + 1,
+                    match: match[0].length > 120
+                        ? match[0].substring(0, 120) + "..."
+                        : match[0],
+                    recommendation: getConfigRecommendation(pattern.rule),
+                });
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Scan a directory for package manager config files.
+ */
+function scanConfigFiles(dir) {
+    const findings = [];
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (!entry.isFile())
+                continue;
+            if (!isConfigFile(entry.name))
+                continue;
+            const fullPath = path.join(dir, entry.name);
+            try {
+                const content = fs.readFileSync(fullPath, "utf-8");
+                findings.push(...scanConfigFile(content, entry.name));
+            }
+            catch {
+                // skip
+            }
+        }
+    }
+    catch {
+        // directory not readable
+    }
+    return findings;
+}
+function getConfigRecommendation(rule) {
+    const map = {
+        CONFIG_HTTP_REGISTRY: "Switch to HTTPS registry URL. HTTP registries allow man-in-the-middle attacks on packages.",
+        CONFIG_CUSTOM_REGISTRY: "Verify this registry is trusted. Custom registries can serve tampered packages.",
+        CONFIG_AUTH_TOKEN_EXPOSED: "Remove tokens from config files. Use environment variables (NPM_TOKEN) or credential managers.",
+        CONFIG_UNSAFE_PERM: "Remove unsafe-perm=true. Running install scripts as root increases attack impact.",
+        CONFIG_IGNORE_SCRIPTS_OFF: "Consider setting ignore-scripts=true and running build steps explicitly.",
+        CONFIG_EXTRA_INDEX: "Verify the extra-index-url is trusted. Extra indexes enable dependency confusion attacks.",
+        CONFIG_TRUSTED_HOST: "Remove trusted-host entries. Fix SSL certificate issues instead of bypassing verification.",
+    };
+    return map[rule] ?? "Review this configuration setting manually.";
+}
+//# sourceMappingURL=config-scanner.js.map

package/dist/config-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-scanner.js","sourceRoot":"","sources":["../src/config-scanner.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqFH,oCAEC;AAKD,wCAiCC;AAKD,0CAsBC;AAtJD,4CAA8B;AAC9B,gDAAkC;AAGlC,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAEjE,QAAA,eAAe,GAAmB;IAC7C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,uDAAuD;QAChE,WAAW,EACT,8FAA8F;QAChG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,sBAAsB;KAC7B;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EACL,qHAAqH;QACvH,WAAW,EACT,+EAA+E;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EACL,6EAA6E;QAC/E,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,2BAA2B;KAClC;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,0BAA0B;QACnC,WAAW,EACT,oFAAoF;QACtF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,8BAA8B;QACvC,WAAW,EACT,sFAAsF;QACxF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,2BAA2B;KAClC;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EACL,4EAA4E;QAC9E,WAAW,EACT,+FAA+F;QACjG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EACT,qFAAqF;QACvF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qBAAqB;KAC5B;CACF,CAAC;AAEF,gCAAgC;AAChC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,QAAQ;IACR,SAAS;IACT,aAAa;IACb,SAAS;IACT,UAAU;IACV,SAAS;CACV,CAAC,CAAC;AAEH;;GAEG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAC5B,OAAe,EACf,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,uBAAe,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;gBACtE,SAAS,CAAC,gBAAgB;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EACH,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG;wBACnB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;wBACpC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;oBACd,cAAc,EAAE,uBAAuB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACtD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,GAAW;IACzC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;gBAAE,SAAS;YAC9B,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAY;IAC3C,MAAM,GAAG,GAA2B;QAClC,oBAAoB,EAClB,4FAA4F;QAC9F,sBAAsB,EACpB,iFAAiF;QACnF,yBAAyB,EACvB,gGAAgG;QAClG,kBAAkB,EAChB,mFAAmF;QACrF,yBAAyB,EACvB,0EAA0E;QAC5E,kBAAkB,EAChB,2FAA2F;QAC7F,mBAAmB,EACjB,4FAA4F;KAC/F,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,6CAA6C,CAAC;AACpE,CAAC"}