supply-chain-guard 4.0.0 → 4.2.0

package/dist/cli.js

@@ -13,13 +13,14 @@ const npm_scanner_js_1 = require("./npm-scanner.js");
 const pypi_scanner_js_1 = require("./pypi-scanner.js");
 const vscode_scanner_js_1 = require("./vscode-scanner.js");
 const dependency_confusion_js_1 = require("./dependency-confusion.js");
+const github_trust_scanner_js_1 = require("./github-trust-scanner.js");
 const solana_monitor_js_1 = require("./solana-monitor.js");
 const reporter_js_1 = require("./reporter.js");
 const program = new commander_1.Command();
 program
     .name("supply-chain-guard")
     .description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
-    .version("4.0.0");
+    .version("4.2.0");
 // ── scan command ────────────────────────────────────────────────────
 program
     .command("scan")
@@ -181,6 +182,53 @@ program
         process.exit(1);
     }
 });
+// ── repo command ──────────────────────────────────────────────────
+program
+    .command("repo")
+    .description("Analyze a GitHub repository for trust signals and malware indicators")
+    .argument("<url>", "GitHub repository URL (e.g., https://github.com/owner/repo)")
+    .option("-f, --format <format>", "Output format: text, json, markdown, sarif, sbom, html", "text")
+    .action(async (url, opts) => {
+    try {
+        const parsed = (0, github_trust_scanner_js_1.parseGitHubUrl)(url);
+        if (!parsed) {
+            throw new Error("Invalid GitHub URL. Expected: https://github.com/owner/repo");
+        }
+        // Run trust analysis
+        const trustFindings = (0, github_trust_scanner_js_1.analyzeGitHubTrust)(parsed.owner, parsed.repo);
+        // Also run a full scan (clone + content analysis)
+        const options = {
+            target: url,
+            format: opts.format,
+        };
+        const report = await (0, scanner_js_1.scan)(options);
+        // Merge trust findings (deduplicate)
+        const existingRules = new Set(report.findings.map((f) => f.rule));
+        for (const tf of trustFindings) {
+            if (!existingRules.has(tf.rule)) {
+                report.findings.push(tf);
+            }
+        }
+        // Recalculate summary
+        report.summary.critical = report.findings.filter((f) => f.severity === "critical").length;
+        report.summary.high = report.findings.filter((f) => f.severity === "high").length;
+        report.summary.medium = report.findings.filter((f) => f.severity === "medium").length;
+        report.summary.low = report.findings.filter((f) => f.severity === "low").length;
+        report.summary.info = report.findings.filter((f) => f.severity === "info").length;
+        console.log((0, reporter_js_1.formatReport)(report, opts.format));
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
 // ── monitor command ─────────────────────────────────────────────────
 program
     .command("monitor")

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,sBAAsB,EACtB,6FAA6F,CAC9F;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAMC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAkE;YAC/E,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,aAAa,GAA2B;gBAC5C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YACF,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CACrD,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,uDAAoD;AACpD,2DAA0D;AAC1D,uEAAoE;AACpE,uEAAgG;AAChG,2DAQ6B;AAC7B,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,sLAAsL,CACvL;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,sBAAsB,EACtB,6FAA6F,CAC9F;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAMC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAkE;YAC/E,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,aAAa,GAA2B;gBAC5C,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;aACjD,CAAC;YACF,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS,CACrD,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,2CAA2C,CAAC;KAClE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,WAAW,EAAE;YAChD,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gFAAgF,CAAC;KAC7F,QAAQ,CACP,UAAU,EACV,iFAAiF,CAClF;KACA,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAmB,EAAC;YACvC,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,UAAU,EAAE,gDAAgD,CAAC;KACtE,MAAM,CAAC,uBAAuB,EAAE,4CAA4C,EAAE,MAAM,CAAC;KACrF,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;KAC5D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAA4D,EAC5D,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,iDAAuB,EAAC;YAC3C,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAyD;YACtE,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,cAAc,EAAE,IAAI,CAAC,GAAG;SACzB,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAyD,CAAC,CAAC,CAAC;QAElG,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,qEAAqE;AAErE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,sEAAsE,CAAC;KACnF,QAAQ,CAAC,OAAO,EAAE,6DAA6D,CAAC;KAChF,MAAM,CAAC,uBAAuB,EAAE,wDAAwD,EAAE,MAAM,CAAC;KACjG,MAAM,CACL,KAAK,EACH,GAAW,EACX,IAAwB,EACxB,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wCAAc,EAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QAED,qBAAqB;QACrB,MAAM,aAAa,GAAG,IAAA,4CAAkB,EAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAEpE,kDAAkD;QAClD,MAAM,OAAO,GAAgB;YAC3B,MAAM,EAAE,GAAG;YACX,MAAM,EAAE,IAAI,CAAC,MAA+B;SAC7C,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QAEnC,qCAAqC;QACrC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAC/B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC1F,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAClF,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QACtF,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAChF,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAElF,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAA+B,CAAC,CAAC,CAAC;QAExE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,+EAA+E;AAE/E,MAAM,SAAS,GAAG,OAAO;KACtB,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,gDAAgD,CAAC,CAAC;AAEjE,SAAS;KACN,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8CAA8C,CAAC;KAC3D,QAAQ,CAAC,WAAW,EAAE,uBAAuB,CAAC;KAC9C,cAAc,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KAC3E,MAAM,CAAC,CAAC,OAAe,EAAE,IAAsB,EAAE,EAAE;IAClD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAA,kCAAc,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,OAAO,GAAG,IAAA,iCAAa,GAAE,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC9D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACxD,MAAM,CAAC,CAAC,OAAe,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,oBAAoB,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,SAAS;KACN,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,EAAE,IAAI,CAAC;KAC3E,MAAM,CAAC,qBAAqB,EAAE,+BAA+B,CAAC;KAC9D,MAAM,CACL,KAAK,EAAE,IAA2D,EAAE,EAAE;IACpE,IAAI,CAAC;QACH,MAAM,IAAA,oCAAgB,EACpB;YACE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,UAAU,EAAE,IAAI,CAAC,OAAO;SACzB,EACD,CAAC,KAAK,EAAE,EAAE;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/correlation-engine.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Correlation engine (v4.2) — CORE FEATURE.
+ *
+ * Aggregates individual findings into incident-level clusters.
+ * Links related findings, boosts confidence, generates attack narratives,
+ * and reduces noise by grouping related indicators.
+ */
+import type { Finding, IncidentCluster } from "./types.js";
+export interface CorrelationResult {
+    /** Grouped incident clusters */
+    incidents: IncidentCluster[];
+    /** Risk score boost from correlations (0-30) */
+    riskBoost: number;
+    /** Human-readable insights */
+    insights: string[];
+}
+/**
+ * Correlate findings into incident clusters.
+ */
+export declare function correlateFindings(findings: Finding[]): CorrelationResult;
+//# sourceMappingURL=correlation-engine.d.ts.map

package/dist/correlation-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"correlation-engine.d.ts","sourceRoot":"","sources":["../src/correlation-engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAY,eAAe,EAAE,MAAM,YAAY,CAAC;AA2JrE,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,iBAAiB,CAoDxE"}

package/dist/correlation-engine.js

@@ -0,0 +1,178 @@
+"use strict";
+/**
+ * Correlation engine (v4.2) — CORE FEATURE.
+ *
+ * Aggregates individual findings into incident-level clusters.
+ * Links related findings, boosts confidence, generates attack narratives,
+ * and reduces noise by grouping related indicators.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.correlateFindings = correlateFindings;
+const CORRELATION_RULES = [
+    // --- Known campaigns ---
+    {
+        rules: ["GLASSWORM_MARKER", "EVAL_ATOB", "ENV_EXFILTRATION", "SOLANA_MAINNET"],
+        minMatch: 2,
+        incident: "GlassWorm Campaign",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Multiple GlassWorm indicators detected. This matches the GlassWorm supply-chain malware campaign that uses Solana blockchain for C2 communication.",
+    },
+    {
+        rules: ["CAMPAIGN_CLAUDE_LURE", "RELEASE_EXE_ARTIFACT", "DEAD_DROP_STEAM", "VIDAR_BROWSER_THEFT"],
+        minMatch: 2,
+        incident: "Claude Code Leak Campaign (Vidar/GhostSocks)",
+        severity: "critical",
+        confidenceBoost: 0.30,
+        narrative: "Matches the April 2026 fake Claude Code campaign distributing Vidar stealer and GhostSocks proxy via GitHub releases with star-farmed repos.",
+    },
+    {
+        rules: ["SHAI_HULUD_WORM", "SHAI_HULUD_CRED_STEAL", "INSTALL_HOOK_NPMRC_READ"],
+        minMatch: 2,
+        incident: "Shai-Hulud npm Worm",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Self-replicating npm worm that steals .npmrc tokens and publishes infected copies of packages.",
+    },
+    // --- Infostealer chains ---
+    {
+        rules: ["DEAD_DROP_STEAM", "DEAD_DROP_TELEGRAM", "VIDAR_BROWSER_THEFT", "VIDAR_WALLET_THEFT", "DROPPER_TEMP_EXEC"],
+        minMatch: 2,
+        incident: "Infostealer Infection (Vidar/Lumma/RedLine)",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Multiple infostealer indicators: dead-drop resolvers for C2, browser credential theft, and crypto wallet targeting. Likely Vidar, Lumma, or RedLine stealer.",
+    },
+    {
+        rules: ["GHOSTSOCKS_SOCKS5", "PROXY_BACKCONNECT", "DROPPER_TEMP_EXEC"],
+        minMatch: 2,
+        incident: "Proxy Malware (GhostSocks)",
+        severity: "critical",
+        confidenceBoost: 0.20,
+        narrative: "SOCKS5 proxy infrastructure detected. Infected machines are enrolled as residential proxy nodes for criminal traffic routing.",
+    },
+    // --- Supply-chain attack chains ---
+    {
+        rules: ["PUBLISH_MAINTAINER_CHANGE", "INSTALL_HOOK_NETWORK", "IOC_KNOWN_C2_DOMAIN"],
+        minMatch: 2,
+        incident: "npm Account Takeover",
+        severity: "critical",
+        confidenceBoost: 0.30,
+        narrative: "Maintainer change combined with new install hooks contacting known C2 infrastructure. Strong indicator of npm account compromise.",
+    },
+    {
+        rules: ["PUBLISH_MAINTAINER_CHANGE", "PUBLISH_SCRIPT_ADDED", "INSTALL_HOOK_ENV_HARVEST"],
+        minMatch: 2,
+        incident: "npm Package Hijack (Credential Theft)",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Package maintainer changed and install scripts added that harvest environment variables. Classic account-takeover-to-credential-theft chain.",
+    },
+    {
+        rules: ["TYPOSQUAT_LEVENSHTEIN", "INSTALL_HOOK_NETWORK", "ENV_EXFILTRATION"],
+        minMatch: 2,
+        incident: "Typosquatting Attack with Data Exfiltration",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Typosquatted package name combined with install-time network access and environment exfiltration. Active data theft via name confusion.",
+    },
+    // --- Fake repo chains ---
+    {
+        rules: ["README_LURE_CRACK", "RELEASE_EXE_ARTIFACT", "REPO_RECENT_CREATION", "REPO_SINGLE_COMMIT"],
+        minMatch: 2,
+        incident: "Fake Repository Malware Distribution",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Recently created repository with piracy/crack lures and executable releases. Classic fake-repo malware distribution pattern.",
+    },
+    {
+        rules: ["CAMPAIGN_AI_TOOL_LURE", "RELEASE_EXE_ARTIFACT", "RELEASE_7Z_ARCHIVE"],
+        minMatch: 2,
+        incident: "Fake AI Tool Campaign",
+        severity: "critical",
+        confidenceBoost: 0.25,
+        narrative: "Matches the 2026 campaign impersonating 25+ AI tool brands to distribute infostealers via GitHub releases.",
+    },
+    // --- CI/CD poisoning ---
+    {
+        rules: ["GHA_CURL_PIPE_EXEC", "GHA_SECRET_CURL", "GHA_UNPINNED_ACTION"],
+        minMatch: 2,
+        incident: "CI/CD Pipeline Poisoning",
+        severity: "critical",
+        confidenceBoost: 0.20,
+        narrative: "GitHub Actions workflow downloads and executes remote code while accessing secrets. CI/CD pipeline compromise risk.",
+    },
+    // --- Obfuscation + exfil = malware ---
+    {
+        rules: ["EVAL_ATOB", "HIGH_ENTROPY_STRING", "ENV_EXFILTRATION", "DEAD_DROP_TELEGRAM"],
+        minMatch: 3,
+        incident: "Obfuscated Malware with C2",
+        severity: "critical",
+        confidenceBoost: 0.20,
+        narrative: "Heavy code obfuscation combined with data exfiltration and dead-drop C2 resolution. Confirmed malicious payload.",
+    },
+    // --- Secrets exposure ---
+    {
+        rules: ["SECRETS_AWS_KEY", "SECRETS_GITHUB_TOKEN", "SECRETS_PRIVATE_KEY", "SECRETS_NPM_TOKEN", "SECRETS_SSH_KEY_READ"],
+        minMatch: 2,
+        incident: "Multi-Credential Exposure",
+        severity: "critical",
+        confidenceBoost: 0.15,
+        narrative: "Multiple credential types exposed in code. Either a secrets leak or targeted credential harvesting malware.",
+    },
+    // --- Lockfile + IOC = compromised dependency ---
+    {
+        rules: ["IOC_KNOWN_BAD_VERSION", "IOC_KNOWN_C2_DOMAIN"],
+        minMatch: 2,
+        incident: "Known Compromised Dependency",
+        severity: "critical",
+        confidenceBoost: 0.30,
+        narrative: "Known-bad package version detected alongside C2 infrastructure. This dependency has been confirmed compromised.",
+    },
+];
+// ---------------------------------------------------------------------------
+// Main correlation function
+// ---------------------------------------------------------------------------
+/**
+ * Correlate findings into incident clusters.
+ */
+function correlateFindings(findings) {
+    const ruleSet = new Set(findings.map((f) => f.rule));
+    const incidents = [];
+    let riskBoost = 0;
+    const insights = [];
+    let clusterId = 0;
+    for (const rule of CORRELATION_RULES) {
+        const minMatch = rule.minMatch ?? rule.rules.length;
+        const matchedRules = rule.rules.filter((r) => ruleSet.has(r));
+        if (matchedRules.length >= minMatch) {
+            const id = `incident-${++clusterId}`;
+            // Collect all findings matching this correlation
+            const clusterFindings = findings.filter((f) => matchedRules.includes(f.rule));
+            // Boost confidence on matched findings
+            for (const f of clusterFindings) {
+                f.correlationId = id;
+                f.confidence = Math.min(1.0, (f.confidence ?? 0.8) + rule.confidenceBoost);
+            }
+            // Calculate compound confidence
+            const avgConfidence = clusterFindings.reduce((sum, f) => sum + (f.confidence ?? 0.8), 0) / clusterFindings.length;
+            incidents.push({
+                id,
+                name: rule.incident,
+                severity: rule.severity,
+                confidence: Math.min(1.0, avgConfidence),
+                findings: clusterFindings,
+                narrative: rule.narrative,
+                indicators: matchedRules,
+            });
+            riskBoost += Math.round(rule.confidenceBoost * 30);
+            insights.push(`${rule.incident}: ${matchedRules.length}/${rule.rules.length} indicators matched (confidence ${(avgConfidence * 100).toFixed(0)}%)`);
+        }
+    }
+    // Cap risk boost at 30
+    riskBoost = Math.min(30, riskBoost);
+    // Sort by confidence descending
+    incidents.sort((a, b) => b.confidence - a.confidence);
+    return { incidents, riskBoost, insights };
+}
+//# sourceMappingURL=correlation-engine.js.map

package/dist/correlation-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"correlation-engine.js","sourceRoot":"","sources":["../src/correlation-engine.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AA6KH,8CAoDC;AA1MD,MAAM,iBAAiB,GAAsB;IAC3C,0BAA0B;IAC1B;QACE,KAAK,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,kBAAkB,EAAE,gBAAgB,CAAC;QAC9E,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,oJAAoJ;KAChK;IACD;QACE,KAAK,EAAE,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,qBAAqB,CAAC;QACjG,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,8CAA8C;QACxD,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,8IAA8I;KAC1J;IACD;QACE,KAAK,EAAE,CAAC,iBAAiB,EAAE,uBAAuB,EAAE,yBAAyB,CAAC;QAC9E,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,gGAAgG;KAC5G;IAED,6BAA6B;IAC7B;QACE,KAAK,EAAE,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,mBAAmB,CAAC;QAClH,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,6CAA6C;QACvD,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,8JAA8J;KAC1K;IACD;QACE,KAAK,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;QACtE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,4BAA4B;QACtC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,+HAA+H;KAC3I;IAED,qCAAqC;IACrC;QACE,KAAK,EAAE,CAAC,2BAA2B,EAAE,sBAAsB,EAAE,qBAAqB,CAAC;QACnF,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,mIAAmI;KAC/I;IACD;QACE,KAAK,EAAE,CAAC,2BAA2B,EAAE,sBAAsB,EAAE,0BAA0B,CAAC;QACxF,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uCAAuC;QACjD,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,8IAA8I;KAC1J;IACD;QACE,KAAK,EAAE,CAAC,uBAAuB,EAAE,sBAAsB,EAAE,kBAAkB,CAAC;QAC5E,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,6CAA6C;QACvD,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,yIAAyI;KACrJ;IAED,2BAA2B;IAC3B;QACE,KAAK,EAAE,CAAC,mBAAmB,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,oBAAoB,CAAC;QAClG,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,sCAAsC;QAChD,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,8HAA8H;KAC1I;IACD;QACE,KAAK,EAAE,CAAC,uBAAuB,EAAE,sBAAsB,EAAE,oBAAoB,CAAC;QAC9E,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uBAAuB;QACjC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,4GAA4G;KACxH;IAED,0BAA0B;IAC1B;QACE,KAAK,EAAE,CAAC,oBAAoB,EAAE,iBAAiB,EAAE,qBAAqB,CAAC;QACvE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,0BAA0B;QACpC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,qHAAqH;KACjI;IAED,wCAAwC;IACxC;QACE,KAAK,EAAE,CAAC,WAAW,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,oBAAoB,CAAC;QACrF,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,4BAA4B;QACtC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,kHAAkH;KAC9H;IAED,2BAA2B;IAC3B;QACE,KAAK,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,sBAAsB,CAAC;QACtH,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,2BAA2B;QACrC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,6GAA6G;KACzH;IAED,kDAAkD;IAClD;QACE,KAAK,EAAE,CAAC,uBAAuB,EAAE,qBAAqB,CAAC;QACvD,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,8BAA8B;QACxC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,iHAAiH;KAC7H;CACF,CAAC;AAeF,8EAA8E;AAC9E,4BAA4B;AAC5B,8EAA8E;AAE9E;;GAEG;AACH,SAAgB,iBAAiB,CAAC,QAAmB;IACnD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAsB,EAAE,CAAC;IACxC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,IAAI,YAAY,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,YAAY,EAAE,SAAS,EAAE,CAAC;YAErC,iDAAiD;YACjD,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YAE9E,uCAAuC;YACvC,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;gBAChC,CAAC,CAAC,aAAa,GAAG,EAAE,CAAC;gBACrB,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;YAC7E,CAAC;YAED,gCAAgC;YAChC,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAC1C,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,EAAE,CAAC,CAC3C,GAAG,eAAe,CAAC,MAAM,CAAC;YAE3B,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE;gBACF,IAAI,EAAE,IAAI,CAAC,QAAQ;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC;gBACxC,QAAQ,EAAE,eAAe;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,UAAU,EAAE,YAAY;aACzB,CAAC,CAAC;YAEH,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC,CAAC;YACnD,QAAQ,CAAC,IAAI,CACX,GAAG,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,mCAAmC,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CACrI,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IAEpC,gCAAgC;IAChC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAEtD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC5C,CAAC"}

package/dist/dependency-risk-analyzer.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Dependency risk analyzer (v4.2).
+ *
+ * Levenshtein-based typosquat detection and namespace squatting.
+ * Checks package names against popular packages to detect mimicry.
+ */
+import type { Finding } from "./types.js";
+/**
+ * Calculate Levenshtein distance between two strings.
+ */
+export declare function levenshtein(a: string, b: string): number;
+/**
+ * Analyze dependencies for typosquatting and confusion risks.
+ */
+export declare function analyzeDependencyRisks(dependencies: Record<string, string>, relativePath: string): Finding[];
+//# sourceMappingURL=dependency-risk-analyzer.d.ts.map

package/dist/dependency-risk-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency-risk-analyzer.d.ts","sourceRoot":"","sources":["../src/dependency-risk-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAiC1C;;GAEG;AACH,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAsBxD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CAoEX"}

package/dist/dependency-risk-analyzer.js

@@ -0,0 +1,130 @@
+"use strict";
+/**
+ * Dependency risk analyzer (v4.2).
+ *
+ * Levenshtein-based typosquat detection and namespace squatting.
+ * Checks package names against popular packages to detect mimicry.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.levenshtein = levenshtein;
+exports.analyzeDependencyRisks = analyzeDependencyRisks;
+/** Top 80 most popular npm packages (targets for typosquatting) */
+const POPULAR_PACKAGES = [
+    "lodash", "chalk", "express", "react", "axios", "commander", "debug",
+    "glob", "minimist", "semver", "uuid", "mkdirp", "rimraf", "yargs",
+    "moment", "bluebird", "underscore", "async", "request", "inquirer",
+    "colors", "path", "dotenv", "body-parser", "webpack", "typescript",
+    "eslint", "prettier", "jest", "mocha", "chai", "sinon", "supertest",
+    "mongoose", "sequelize", "pg", "mysql2", "redis", "ioredis",
+    "socket.io", "cors", "helmet", "morgan", "cookie-parser", "jsonwebtoken",
+    "bcrypt", "passport", "nodemailer", "multer", "sharp", "puppeteer",
+    "cheerio", "node-fetch", "got", "superagent", "http-proxy-middleware",
+    "ws", "next", "gatsby", "vue", "angular", "svelte", "tailwindcss",
+    "postcss", "autoprefixer", "sass", "less", "babel", "esbuild",
+    "rollup", "vite", "turbo", "nx", "lerna", "husky", "lint-staged",
+    "cross-env", "concurrently", "nodemon", "pm2", "fastify", "koa",
+    "hapi", "restify",
+];
+/** Patterns that suggest internal/private package names */
+const INTERNAL_PATTERNS = [
+    /^@[^/]+\/internal-/,
+    /^@[^/]+\/private-/,
+    /^@[^/]+\/.+-service$/,
+    /^@[^/]+\/.+-api$/,
+    /^@[^/]+\/.+-lib$/,
+    /^@[^/]+\/.+-utils$/,
+    /^@[^/]+\/.+-common$/,
+    /^@[^/]+\/.+-core$/,
+    /^@[^/]+\/.+-shared$/,
+];
+/**
+ * Calculate Levenshtein distance between two strings.
+ */
+function levenshtein(a, b) {
+    const m = a.length;
+    const n = b.length;
+    const dp = Array.from({ length: m + 1 }, () => Array.from({ length: n + 1 }, () => 0));
+    for (let i = 0; i <= m; i++)
+        dp[i][0] = i;
+    for (let j = 0; j <= n; j++)
+        dp[0][j] = j;
+    for (let i = 1; i <= m; i++) {
+        for (let j = 1; j <= n; j++) {
+            const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+            dp[i][j] = Math.min(dp[i - 1][j] + 1, dp[i][j - 1] + 1, dp[i - 1][j - 1] + cost);
+        }
+    }
+    return dp[m][n];
+}
+/**
+ * Analyze dependencies for typosquatting and confusion risks.
+ */
+function analyzeDependencyRisks(dependencies, relativePath) {
+    const findings = [];
+    const depNames = Object.keys(dependencies);
+    for (const name of depNames) {
+        // Skip scoped packages for Levenshtein (handled separately)
+        if (name.startsWith("@")) {
+            // Check internal name patterns on public registry
+            for (const pattern of INTERNAL_PATTERNS) {
+                if (pattern.test(name)) {
+                    findings.push({
+                        rule: "DEP_INTERNAL_NAME_PUBLIC",
+                        description: `Dependency "${name}" looks like an internal package name. If this is on a public registry, it may be a dependency confusion attack.`,
+                        severity: "critical",
+                        file: relativePath,
+                        confidence: 0.7,
+                        category: "supply-chain",
+                        recommendation: `Verify "${name}" is your organization's real package. If not, this is dependency confusion.`,
+                    });
+                    break;
+                }
+            }
+            continue;
+        }
+        // Levenshtein check against popular packages
+        for (const popular of POPULAR_PACKAGES) {
+            if (name === popular)
+                continue; // Exact match = legitimate
+            if (Math.abs(name.length - popular.length) > 2)
+                continue; // Quick skip
+            const dist = levenshtein(name, popular);
+            if (dist > 0 && dist <= 2) {
+                findings.push({
+                    rule: "TYPOSQUAT_LEVENSHTEIN",
+                    description: `Dependency "${name}" is ${dist} edit(s) away from popular package "${popular}". Likely a typosquat.`,
+                    severity: "high",
+                    file: relativePath,
+                    confidence: dist === 1 ? 0.85 : 0.65,
+                    category: "supply-chain",
+                    recommendation: `Did you mean "${popular}"? Typosquatting replaces popular packages with malicious copies.`,
+                });
+                break; // One match per dep is enough
+            }
+        }
+        // Check if name is similar to another direct dependency
+        for (const otherName of depNames) {
+            if (name === otherName)
+                continue;
+            if (name.startsWith("@") || otherName.startsWith("@"))
+                continue;
+            if (Math.abs(name.length - otherName.length) > 2)
+                continue;
+            const dist = levenshtein(name, otherName);
+            if (dist > 0 && dist <= 1) {
+                findings.push({
+                    rule: "TYPOSQUAT_SIMILAR_TO_DEP",
+                    description: `Dependencies "${name}" and "${otherName}" differ by only ${dist} character(s). One may be a typosquat of the other.`,
+                    severity: "high",
+                    file: relativePath,
+                    confidence: 0.7,
+                    category: "supply-chain",
+                    recommendation: `Review both "${name}" and "${otherName}". Only one should be in your dependencies.`,
+                });
+                break;
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=dependency-risk-analyzer.js.map

package/dist/dependency-risk-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency-risk-analyzer.js","sourceRoot":"","sources":["../src/dependency-risk-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAsCH,kCAsBC;AAKD,wDAuEC;AApID,mEAAmE;AACnE,MAAM,gBAAgB,GAAa;IACjC,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO;IACpE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO;IACjE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU;IAClE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY;IAClE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW;IACnE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS;IAC3D,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe,EAAE,cAAc;IACxE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW;IAClE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,EAAE,uBAAuB;IACrE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa;IACjE,SAAS,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS;IAC7D,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa;IAChE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;IAC/D,MAAM,EAAE,SAAS;CAClB,CAAC;AAEF,2DAA2D;AAC3D,MAAM,iBAAiB,GAAG;IACxB,oBAAoB;IACpB,mBAAmB;IACnB,sBAAsB;IACtB,kBAAkB;IAClB,kBAAkB;IAClB,oBAAoB;IACpB,qBAAqB;IACrB,mBAAmB;IACnB,qBAAqB;CACtB,CAAC;AAEF;;GAEG;AACH,SAAgB,WAAW,CAAC,CAAS,EAAE,CAAS;IAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,EAAE,GAAe,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CACxD,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CACvC,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CACjB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAChB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAChB,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,YAAoC,EACpC,YAAoB;IAEpB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,4DAA4D;QAC5D,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,kDAAkD;YAClD,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,0BAA0B;wBAChC,WAAW,EAAE,eAAe,IAAI,kHAAkH;wBAClJ,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,YAAY;wBAClB,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,cAAc;wBACxB,cAAc,EAAE,WAAW,IAAI,8EAA8E;qBAC9G,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,6CAA6C;QAC7C,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,IAAI,KAAK,OAAO;gBAAE,SAAS,CAAC,2BAA2B;YAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,aAAa;YAEvE,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,uBAAuB;oBAC7B,WAAW,EAAE,eAAe,IAAI,QAAQ,IAAI,uCAAuC,OAAO,wBAAwB;oBAClH,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,YAAY;oBAClB,UAAU,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;oBACpC,QAAQ,EAAE,cAAc;oBACxB,cAAc,EAAE,iBAAiB,OAAO,mEAAmE;iBAC5G,CAAC,CAAC;gBACH,MAAM,CAAC,8BAA8B;YACvC,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,KAAK,MAAM,SAAS,IAAI,QAAQ,EAAE,CAAC;YACjC,IAAI,IAAI,KAAK,SAAS;gBAAE,SAAS;YACjC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAChE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;gBAAE,SAAS;YAE3D,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC1C,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,0BAA0B;oBAChC,WAAW,EAAE,iBAAiB,IAAI,UAAU,SAAS,oBAAoB,IAAI,qDAAqD;oBAClI,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,YAAY;oBAClB,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,cAAc;oBACxB,cAAc,EAAE,gBAAgB,IAAI,UAAU,SAAS,6CAA6C;iBACrG,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/github-trust-scanner.d.ts

@@ -0,0 +1,24 @@
+/**
+ * GitHub repository trust signal scanner.
+ *
+ * Analyzes GitHub repo metadata for indicators of fake/malicious repos:
+ * star-farming, new accounts, suspicious releases, lure READMEs, etc.
+ * Uses `gh` CLI for API access (no token configuration needed).
+ */
+import type { Finding } from "./types.js";
+/**
+ * Parse a GitHub URL into owner/repo.
+ */
+export declare function parseGitHubUrl(url: string): {
+    owner: string;
+    repo: string;
+} | null;
+/**
+ * Analyze a GitHub repo for trust signals.
+ */
+export declare function analyzeGitHubTrust(owner: string, repo: string): Finding[];
+/**
+ * Scan README content for lure patterns.
+ */
+export declare function scanReadmeLures(readmeContent: string, relativePath: string): Finding[];
+//# sourceMappingURL=github-trust-scanner.d.ts.map

package/dist/github-trust-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-trust-scanner.d.ts","sourceRoot":"","sources":["../src/github-trust-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAyH1C;;GAEG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,GACV;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAMxC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,GACX,OAAO,EAAE,CAiKX;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,GACnB,OAAO,EAAE,CA6BX"}