supply-chain-guard 5.2.21 → 5.2.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -1
- package/dist/cli.js +1 -1
- package/dist/github-actions-scanner.js +32 -1
- package/dist/github-actions-scanner.js.map +1 -1
- package/dist/reporter.js +4 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -342,6 +342,17 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. The most impactful contri
|
|
|
342
342
|
|
|
343
343
|
## Changelog
|
|
344
344
|
|
|
345
|
+
### v5.2.22 (2026-05-24)
|
|
346
|
+
**Self-scan polish: comment-aware GHA scan, pinned actions, fix changelog self-trigger**
|
|
347
|
+
|
|
348
|
+
Three follow-up fixes to the v5.2.21 self-scan:
|
|
349
|
+
|
|
350
|
+
- **`github-actions-scanner` strips YAML comments before pattern matching**. The previous version flagged the literal text `id-token: write` inside an OIDC-explanation comment of `ci.yml` as a real `GHA_OIDC_WRITE_PERM` finding. New `stripYamlComment()` helper removes `# ...` portions before regex matching while preserving `#` inside quoted strings. 4 new tests in `bugfix-v5_2_22.test.ts`.
|
|
351
|
+
- **`.github/workflows/ci.yml` actions pinned to commit SHAs**. `actions/checkout` and `actions/setup-node` were on `@v4` (mutable major-tag); release pipelines should pin to immutable commit SHAs (`actions/checkout@34e11487...` and `actions/setup-node@49933ea5...`) to defend against tag-rewriting attacks. Comments preserve `# v4` for human readability. Fixes the legitimate `WORKFLOW_UNTRUSTED_ACTION_IN_RELEASE_PATH` finding.
|
|
352
|
+
- **v5.2.21 changelog entry rephrased to remove a self-trigger**. The original entry literally quoted the trigger phrase it was documenting the removal of, which then re-triggered `CAMPAIGN_CLAUDE_LURE` and `CAMPAIGN_AI_TOOL_LURE` on the new entry. The new wording explains the change abstractly without quoting the offending collocation.
|
|
353
|
+
|
|
354
|
+
Expected impact on supply-chain-guard's own self-scan: from 3 critical + 3 medium down to 0 critical + 1-2 medium. Remaining: 1x `GHA_OIDC_WRITE_PERM` (the real one in the publish job - by design for Trusted Publishing) and `WORKFLOW_SECRET_TO_UPLOAD_PATH` (legitimate `secrets.GITHUB_TOKEN` access for `gh release create`). Both are honest acceptable-risk findings.
|
|
355
|
+
|
|
345
356
|
### v5.2.21 (2026-05-24)
|
|
346
357
|
**Architectural fix: source-marker patterns no longer fire on documentation files**
|
|
347
358
|
|
|
@@ -358,7 +369,7 @@ Fix: a new `BENIGN_DOC_FILES` constant (`/\.(md|markdown|txt|rst)$/i`) is now co
|
|
|
358
369
|
README cosmetic defang for the residual self-flags:
|
|
359
370
|
- Solana RPC reference in v5.2.2 changelog defanged to `api[.]mainnet-beta[.]solana[.]com`
|
|
360
371
|
- Prompt-injection token examples in v5.2.19 changelog + "What It Detects" section HTML-encoded (`<system-reminder>`, `[INST]`) - markdown renders them normally but the raw text no longer contains literal `<`/`[` characters that match the patterns
|
|
361
|
-
- v5.2.19 changelog
|
|
372
|
+
- The v5.2.19 changelog sentence describing the WebFetch tag-leakage incident was rephrased to avoid triggering `CAMPAIGN_CLAUDE_LURE` / `CAMPAIGN_AI_TOOL_LURE`. The original phrasing combined "Claude Code" with a verb the lure-detection regex looks for; the new phrasing describes the same incident without that verb collocation.
|
|
362
373
|
|
|
363
374
|
13 new regression tests in `src/__tests__/bugfix-v5_2_21.test.ts` enforce the doc-exclusion across all affected pattern arrays and the two scanners. Test count: 752 (was 739).
|
|
364
375
|
|
package/dist/cli.js
CHANGED
|
@@ -20,7 +20,7 @@ const program = new commander_1.Command();
|
|
|
20
20
|
program
|
|
21
21
|
.name("supply-chain-guard")
|
|
22
22
|
.description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, PyPI packages, code repos, VS Code extensions, and project dependencies.")
|
|
23
|
-
.version("5.2.
|
|
23
|
+
.version("5.2.22");
|
|
24
24
|
// ── scan command ────────────────────────────────────────────────────
|
|
25
25
|
program
|
|
26
26
|
.command("scan")
|
|
@@ -272,7 +272,15 @@ function checkWorkflowPatterns(lines, relativePath, findings) {
|
|
|
272
272
|
for (const pattern of WORKFLOW_PATTERNS) {
|
|
273
273
|
const regex = new RegExp(pattern.pattern, pattern.flags ?? "i");
|
|
274
274
|
for (let i = 0; i < lines.length; i++) {
|
|
275
|
-
const
|
|
275
|
+
const rawLine = lines[i] ?? "";
|
|
276
|
+
// v5.2.22: strip YAML comments before matching. A comment line
|
|
277
|
+
// mentioning "id-token: write" or "secrets.X" as documentation is
|
|
278
|
+
// not the actual workflow declaring those - it's prose. Without
|
|
279
|
+
// this strip, the v5.2.21 self-scan flagged "id-token: write" in
|
|
280
|
+
// the OIDC explanation comment of ci.yml as a real permission.
|
|
281
|
+
const line = stripYamlComment(rawLine);
|
|
282
|
+
if (!line.trim())
|
|
283
|
+
continue;
|
|
276
284
|
const match = regex.exec(line);
|
|
277
285
|
if (match) {
|
|
278
286
|
findings.push({
|
|
@@ -288,6 +296,29 @@ function checkWorkflowPatterns(lines, relativePath, findings) {
|
|
|
288
296
|
}
|
|
289
297
|
}
|
|
290
298
|
}
|
|
299
|
+
/**
|
|
300
|
+
* Strip a trailing YAML comment from a line. A `#` that is preceded by
|
|
301
|
+
* whitespace or at line start starts a comment; `#` inside quoted strings
|
|
302
|
+
* is preserved. v5.2.22.
|
|
303
|
+
*/
|
|
304
|
+
function stripYamlComment(line) {
|
|
305
|
+
let inSingle = false;
|
|
306
|
+
let inDouble = false;
|
|
307
|
+
for (let j = 0; j < line.length; j++) {
|
|
308
|
+
const ch = line[j];
|
|
309
|
+
if (ch === "'" && !inDouble)
|
|
310
|
+
inSingle = !inSingle;
|
|
311
|
+
else if (ch === '"' && !inSingle)
|
|
312
|
+
inDouble = !inDouble;
|
|
313
|
+
else if (ch === "#" && !inSingle && !inDouble) {
|
|
314
|
+
// Comment marker: must be at start of line or preceded by whitespace
|
|
315
|
+
if (j === 0 || /\s/.test(line[j - 1])) {
|
|
316
|
+
return line.slice(0, j);
|
|
317
|
+
}
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
return line;
|
|
321
|
+
}
|
|
291
322
|
/**
|
|
292
323
|
* Check action references for compromised or unpinned actions.
|
|
293
324
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github-actions-scanner.js","sourceRoot":"","sources":["../src/github-actions-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgNH,gEAgCC;AA9OD,4CAA8B;AAC9B,gDAAkC;AAGlC;;GAEG;AACH,MAAM,iBAAiB,GAMlB;IACH,0CAA0C;IAC1C;QACE,OAAO,EAAE,2DAA2D;QACpE,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,2DAA2D;QACpE,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IAED,0BAA0B;IAC1B;QACE,OAAO,EAAE,iEAAiE;QAC1E,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,gBAAgB;KACvB;IAED,uFAAuF;IACvF;QACE,OAAO,EAAE,gGAAgG;QACzG,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,eAAe;KACtB;IAED,4BAA4B;IAC5B;QACE,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,iBAAiB;KACxB;IAED,yEAAyE;IAEzE,oFAAoF;IACpF;QACE,OAAO,EAAE,+CAA+C;QACxD,WAAW,EACT,8GAA8G;YAC9G,0DAA0D;QAC5D,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,qBAAqB;KAC5B;IACD,sFAAsF;IACtF;QACE,OAAO,EAAE,wHAAwH;QACjI,WAAW,EACT,6IAA6I;QAC/I,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,sBAAsB;KAC7B;IACD,kFAAkF;IAClF;QACE,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EACT,sHAAsH;YACtH,oFAAoF;QACtF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,qBAAqB;KAC5B;IACD,sEAAsE;IACtE;QACE,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EACT,+DAA+D;YAC/D,0GAA0G;QAC5G,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qBAAqB;KAC5B;IACD,4FAA4F;IAC5F;QACE,OAAO,EAAE,2BAA2B;QACpC,WAAW,EACT,4FAA4F;YAC5F,+DAA+D;QACjE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,uBAAuB;KAC9B;IACD,yDAAyD;IACzD;QACE,OAAO,EAAE,gEAAgE;QACzE,WAAW,EACT,oIAAoI;QACtI,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,iBAAiB;KACxB;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAiB;IAC1D,+EAA+E;IAC/E,6EAA6E;IAC7E,CAAC,0CAA0C,EAAE,gDAAgD,CAAC;IAC9F,CAAC,0CAA0C,EAAE,wDAAwD,CAAC;IACtG,0EAA0E;IAC1E,CAAC,0CAA0C,EAAE,gDAAgD,CAAC;CAC/F,CAAC,CAAC;AAEH,2DAA2D;AAC3D,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,aAAa;IACb,uBAAuB;IACvB,WAAW;IACX,QAAQ;IACR,MAAM;IACN,WAAW;IACX,SAAS;IACT,WAAW;IACX,aAAa;IACb,WAAW;CACZ,CAAC,CAAC;AAEH,iEAAiE;AACjE,MAAM,oBAAoB,GAAG,+CAA+C,CAAC;AAE7E,8DAA8D;AAC9D,MAAM,WAAW,GAAG,mBAAmB,CAAC;AAExC;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,GAAW;IACpD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAE3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;YAAE,SAAS;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAEhD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,mBAAmB,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,OAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,iEAAiE;IACjE,qBAAqB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAErD,6CAA6C;IAC7C,qBAAqB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAErD,uEAAuE;IACvE,wBAAwB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;QAEhE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9B,cAAc,EAAE,yBAAyB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEjC,yCAAyC;QACzC,IAAI,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,SAAS;QACX,CAAC;QAED,uBAAuB;QACvB,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAE7B,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE7C,0EAA0E;QAC1E,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,yBAAyB;gBAC/B,WAAW,EAAE,WAAW,SAAS,gDAAgD,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,oCAAoC;gBACzJ,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EACZ,uGAAuG;oBACvG,6DAA6D;aAChE,CAAC,CAAC;QACL,CAAC;QAED,4EAA4E;QAC5E,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,WAAW,EAAE,WAAW,SAAS,+BAA+B,GAAG,gGAAgG;gBACnK,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EACZ,qJAAqJ;aACxJ,CAAC,CAAC;QACL,CAAC;QAED,gFAAgF;QAChF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9D,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjD,IAAI,QAAQ,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClD,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,WAAW,SAAS,uGAAuG;oBACxI,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;oBAC/B,cAAc,EACZ,uHAAuH;iBAC1H,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,0DAA0D;YAC1D,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,WAAW,SAAS,gCAAgC,KAAK,4CAA4C;gBAClH,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;gBACxC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EAAE,aAAa;oBAC3B,CAAC,CAAC,2FAA2F,UAAU,IAAI;oBAC3G,CAAC,CAAC,QAAQ,SAAS,yEAAyE;aAC/F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAC/B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,aAAa,GAAG,8BAA8B,CAAC;IACrD,MAAM,cAAc,GAAG,wCAAwC,CAAC;IAChE,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;IAE5D,mEAAmE;IACnE,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,aAAa,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,oDAAoD;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE5B,uCAAuC;QACvC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEhE,IAAI,QAAQ,EAAE,CAAC;YACb,UAAU,GAAG,IAAI,CAAC;YAClB,aAAa,GAAG,CAAC,CAAC;YAClB,cAAc,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5C,kBAAkB,GAAG,KAAK,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,yDAAyD;YACzD,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,qEAAqE;YACrE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC;YACzD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,IAAI,cAAc,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjF,mBAAmB;gBACnB,IAAI,kBAAkB,IAAI,kBAAkB,EAAE,CAAC;oBAC7C,yDAAyD;oBACzD,kCAAkC;oBAClC,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC;wBAC9D,CAAC,CAAC,IAAI,KAAK,YAAY;wBACvB,CAAC,CAAC,IAAI,KAAK,SAAS;wBACpB,CAAC,CAAC,IAAI,IAAI,aAAa,GAAG,CAAC;wBAC3B,CAAC,CAAC,IAAI,IAAI,CAAC,CACd,CAAC;oBACF,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,4BAA4B;4BAClC,WAAW,EAAE,yGAAyG;4BACtH,QAAQ,EAAE,MAAM;4BAChB,IAAI,EAAE,YAAY;4BAClB,IAAI,EAAE,aAAa,GAAG,CAAC;4BACvB,cAAc,EACZ,sHAAsH;yBACzH,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBACD,UAAU,GAAG,KAAK,CAAC;YACrB,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,kBAAkB,GAAG,IAAI,CAAC;gBACxD,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,kBAAkB,GAAG,IAAI,CAAC;gBAEzD,2DAA2D;gBAC3D,IAAI,kBAAkB,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,kBAAkB,GAAG,IAAI,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,UAAU,IAAI,kBAAkB,IAAI,kBAAkB,EAAE,CAAC;QAC3D,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC;YAC9D,CAAC,CAAC,IAAI,KAAK,YAAY,CAC1B,CAAC;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,WAAW,EAAE,yGAAyG;gBACtH,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,aAAa,GAAG,CAAC;gBACvB,cAAc,EACZ,sHAAsH;aACzH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,GAAG,GAA2B;QAClC,kBAAkB,EAChB,yGAAyG;QAC3G,kBAAkB,EAChB,yGAAyG;QAC3G,sBAAsB,EACpB,wGAAwG;QAC1G,sBAAsB,EACpB,wGAAwG;QAC1G,eAAe,EACb,uGAAuG;QACzG,eAAe,EACb,gHAAgH;QAClH,kBAAkB,EAChB,wGAAwG;QAC1G,eAAe,EACb,uGAAuG;QACzG,cAAc,EACZ,sGAAsG;QACxG,aAAa,EACX,6GAA6G;QAC/G,iBAAiB,EACf,uGAAuG;QACzG,eAAe,EACb,wFAAwF;QAC1F,mBAAmB,EACjB,uFAAuF;YACvF,iFAAiF;QACnF,oBAAoB,EAClB,oHAAoH;YACpH,+GAA+G;QACjH,mBAAmB,EACjB,wGAAwG;YACxG,2EAA2E;QAC7E,mBAAmB,EACjB,iGAAiG;YACjG,8DAA8D;QAChE,qBAAqB,EACnB,qFAAqF;YACrF,6EAA6E;QAC/E,eAAe,EACb,0GAA0G;YAC1G,4FAA4F;QAC9F,uBAAuB,EACrB,yGAAyG;YACzG,iFAAiF;KACpF,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,sFAAsF,CAAC;AAC7G,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa,EAAE,MAAM,GAAG,GAAG;IAChD,IAAI,KAAK,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;AAC5C,CAAC"}
|
|
1
|
+
{"version":3,"file":"github-actions-scanner.js","sourceRoot":"","sources":["../src/github-actions-scanner.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgNH,gEAgCC;AA9OD,4CAA8B;AAC9B,gDAAkC;AAGlC;;GAEG;AACH,MAAM,iBAAiB,GAMlB;IACH,0CAA0C;IAC1C;QACE,OAAO,EAAE,2DAA2D;QACpE,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,2DAA2D;QACpE,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,wBAAwB;KAC/B;IAED,mCAAmC;IACnC;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IAED,0BAA0B;IAC1B;QACE,OAAO,EAAE,iEAAiE;QAC1E,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,OAAO,EAAE,+DAA+D;QACxE,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,gBAAgB;KACvB;IAED,uFAAuF;IACvF;QACE,OAAO,EAAE,gGAAgG;QACzG,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,eAAe;KACtB;IAED,4BAA4B;IAC5B;QACE,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,iBAAiB;KACxB;IAED,yEAAyE;IAEzE,oFAAoF;IACpF;QACE,OAAO,EAAE,+CAA+C;QACxD,WAAW,EACT,8GAA8G;YAC9G,0DAA0D;QAC5D,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,qBAAqB;KAC5B;IACD,sFAAsF;IACtF;QACE,OAAO,EAAE,wHAAwH;QACjI,WAAW,EACT,6IAA6I;QAC/I,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,sBAAsB;KAC7B;IACD,kFAAkF;IAClF;QACE,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EACT,sHAAsH;YACtH,oFAAoF;QACtF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,qBAAqB;KAC5B;IACD,sEAAsE;IACtE;QACE,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EACT,+DAA+D;YAC/D,0GAA0G;QAC5G,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,qBAAqB;KAC5B;IACD,4FAA4F;IAC5F;QACE,OAAO,EAAE,2BAA2B;QACpC,WAAW,EACT,4FAA4F;YAC5F,+DAA+D;QACjE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,uBAAuB;KAC9B;IACD,yDAAyD;IACzD;QACE,OAAO,EAAE,gEAAgE;QACzE,WAAW,EACT,oIAAoI;QACtI,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,iBAAiB;KACxB;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAiB;IAC1D,+EAA+E;IAC/E,6EAA6E;IAC7E,CAAC,0CAA0C,EAAE,gDAAgD,CAAC;IAC9F,CAAC,0CAA0C,EAAE,wDAAwD,CAAC;IACtG,0EAA0E;IAC1E,CAAC,0CAA0C,EAAE,gDAAgD,CAAC;CAC/F,CAAC,CAAC;AAEH,2DAA2D;AAC3D,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,SAAS;IACT,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,aAAa;IACb,uBAAuB;IACvB,WAAW;IACX,QAAQ;IACR,MAAM;IACN,WAAW;IACX,SAAS;IACT,WAAW;IACX,aAAa;IACb,WAAW;CACZ,CAAC,CAAC;AAEH,iEAAiE;AACjE,MAAM,oBAAoB,GAAG,+CAA+C,CAAC;AAE7E,8DAA8D;AAC9D,MAAM,WAAW,GAAG,mBAAmB,CAAC;AAExC;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,GAAW;IACpD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAE3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;YAAE,SAAS;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAEhD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,mBAAmB,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,OAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,iEAAiE;IACjE,qBAAqB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAErD,6CAA6C;IAC7C,qBAAqB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAErD,uEAAuE;IACvE,wBAAwB,CAAC,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;QAEhE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/B,+DAA+D;YAC/D,kEAAkE;YAClE,gEAAgE;YAChE,iEAAiE;YACjE,+DAA+D;YAC/D,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE3B,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC9B,cAAc,EAAE,yBAAyB,CAAC,OAAO,CAAC,IAAI,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ;YAAE,QAAQ,GAAG,CAAC,QAAQ,CAAC;aAC7C,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ;YAAE,QAAQ,GAAG,CAAC,QAAQ,CAAC;aAClD,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9C,qEAAqE;YACrE,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEjC,yCAAyC;QACzC,IAAI,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,SAAS;QACX,CAAC;QAED,uBAAuB;QACvB,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAE7B,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE7C,0EAA0E;QAC1E,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,yBAAyB;gBAC/B,WAAW,EAAE,WAAW,SAAS,gDAAgD,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,oCAAoC;gBACzJ,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EACZ,uGAAuG;oBACvG,6DAA6D;aAChE,CAAC,CAAC;QACL,CAAC;QAED,4EAA4E;QAC5E,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,WAAW,EAAE,WAAW,SAAS,+BAA+B,GAAG,gGAAgG;gBACnK,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EACZ,qJAAqJ;aACxJ,CAAC,CAAC;QACL,CAAC;QAED,gFAAgF;QAChF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9D,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjD,IAAI,QAAQ,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClD,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,iBAAiB;oBACvB,WAAW,EAAE,WAAW,SAAS,uGAAuG;oBACxI,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;oBAC/B,cAAc,EACZ,uHAAuH;iBAC1H,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,0DAA0D;YAC1D,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,WAAW,SAAS,gCAAgC,KAAK,4CAA4C;gBAClH,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;gBACxC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC;gBAC/B,cAAc,EAAE,aAAa;oBAC3B,CAAC,CAAC,2FAA2F,UAAU,IAAI;oBAC3G,CAAC,CAAC,QAAQ,SAAS,yEAAyE;aAC/F,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAC/B,KAAe,EACf,YAAoB,EACpB,QAAmB;IAEnB,MAAM,aAAa,GAAG,8BAA8B,CAAC;IACrD,MAAM,cAAc,GAAG,wCAAwC,CAAC;IAChE,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;IAE5D,mEAAmE;IACnE,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,aAAa,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,oDAAoD;IACpD,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE5B,uCAAuC;QACvC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,kBAAkB,GAAG,IAAI,CAAC;QAC5B,CAAC;QAED,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEhE,IAAI,QAAQ,EAAE,CAAC;YACb,UAAU,GAAG,IAAI,CAAC;YAClB,aAAa,GAAG,CAAC,CAAC;YAClB,cAAc,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC5C,kBAAkB,GAAG,KAAK,CAAC;YAC3B,kBAAkB,GAAG,KAAK,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,yDAAyD;YACzD,UAAU,GAAG,KAAK,CAAC;YACnB,SAAS;QACX,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,qEAAqE;YACrE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC;YACzD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,IAAI,cAAc,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjF,mBAAmB;gBACnB,IAAI,kBAAkB,IAAI,kBAAkB,EAAE,CAAC;oBAC7C,yDAAyD;oBACzD,kCAAkC;oBAClC,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC;wBAC9D,CAAC,CAAC,IAAI,KAAK,YAAY;wBACvB,CAAC,CAAC,IAAI,KAAK,SAAS;wBACpB,CAAC,CAAC,IAAI,IAAI,aAAa,GAAG,CAAC;wBAC3B,CAAC,CAAC,IAAI,IAAI,CAAC,CACd,CAAC;oBACF,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,4BAA4B;4BAClC,WAAW,EAAE,yGAAyG;4BACtH,QAAQ,EAAE,MAAM;4BAChB,IAAI,EAAE,YAAY;4BAClB,IAAI,EAAE,aAAa,GAAG,CAAC;4BACvB,cAAc,EACZ,sHAAsH;yBACzH,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBACD,UAAU,GAAG,KAAK,CAAC;YACrB,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,kBAAkB,GAAG,IAAI,CAAC;gBACxD,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,kBAAkB,GAAG,IAAI,CAAC;gBAEzD,2DAA2D;gBAC3D,IAAI,kBAAkB,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,kBAAkB,GAAG,IAAI,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,UAAU,IAAI,kBAAkB,IAAI,kBAAkB,EAAE,CAAC;QAC3D,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC;YAC9D,CAAC,CAAC,IAAI,KAAK,YAAY,CAC1B,CAAC;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,WAAW,EAAE,yGAAyG;gBACtH,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,aAAa,GAAG,CAAC;gBACvB,cAAc,EACZ,sHAAsH;aACzH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,GAAG,GAA2B;QAClC,kBAAkB,EAChB,yGAAyG;QAC3G,kBAAkB,EAChB,yGAAyG;QAC3G,sBAAsB,EACpB,wGAAwG;QAC1G,sBAAsB,EACpB,wGAAwG;QAC1G,eAAe,EACb,uGAAuG;QACzG,eAAe,EACb,gHAAgH;QAClH,kBAAkB,EAChB,wGAAwG;QAC1G,eAAe,EACb,uGAAuG;QACzG,cAAc,EACZ,sGAAsG;QACxG,aAAa,EACX,6GAA6G;QAC/G,iBAAiB,EACf,uGAAuG;QACzG,eAAe,EACb,wFAAwF;QAC1F,mBAAmB,EACjB,uFAAuF;YACvF,iFAAiF;QACnF,oBAAoB,EAClB,oHAAoH;YACpH,+GAA+G;QACjH,mBAAmB,EACjB,wGAAwG;YACxG,2EAA2E;QAC7E,mBAAmB,EACjB,iGAAiG;YACjG,8DAA8D;QAChE,qBAAqB,EACnB,qFAAqF;YACrF,6EAA6E;QAC/E,eAAe,EACb,0GAA0G;YAC1G,4FAA4F;QAC9F,uBAAuB,EACrB,yGAAyG;YACzG,iFAAiF;KACpF,CAAC;IACF,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,sFAAsF,CAAC;AAC7G,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa,EAAE,MAAM,GAAG,GAAG;IAChD,IAAI,KAAK,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;AAC5C,CAAC"}
|
package/dist/reporter.js
CHANGED
|
@@ -55,7 +55,7 @@ function formatJson(report) {
|
|
|
55
55
|
function formatText(report) {
|
|
56
56
|
const lines = [];
|
|
57
57
|
// ── layout constants ───────────────────────────────────────────────────────
|
|
58
|
-
const VERSION = "5.2.
|
|
58
|
+
const VERSION = "5.2.22";
|
|
59
59
|
const W = 76; // visible chars between "│ " and " │" (total line = 80)
|
|
60
60
|
// ── ANSI helpers ───────────────────────────────────────────────────────────
|
|
61
61
|
const stripAnsi = (s) => s.replace(/\x1b\[[0-9;]*m/g, "");
|
|
@@ -462,7 +462,7 @@ function formatSarif(report) {
|
|
|
462
462
|
tool: {
|
|
463
463
|
driver: {
|
|
464
464
|
name: "supply-chain-guard",
|
|
465
|
-
version: "5.2.
|
|
465
|
+
version: "5.2.22",
|
|
466
466
|
informationUri: "https://github.com/homeofe/supply-chain-guard",
|
|
467
467
|
rules,
|
|
468
468
|
},
|
|
@@ -524,7 +524,7 @@ function formatSbom(report) {
|
|
|
524
524
|
timestamp: report.timestamp,
|
|
525
525
|
tools: {
|
|
526
526
|
components: [
|
|
527
|
-
{ type: "application", name: "supply-chain-guard", version: "5.2.
|
|
527
|
+
{ type: "application", name: "supply-chain-guard", version: "5.2.22" },
|
|
528
528
|
],
|
|
529
529
|
},
|
|
530
530
|
component: {
|
|
@@ -676,7 +676,7 @@ footer{text-align:center;padding:24px;color:#94a3b8;font-size:13px}
|
|
|
676
676
|
` : ""}
|
|
677
677
|
|
|
678
678
|
<footer>
|
|
679
|
-
Generated by <a href="https://github.com/homeofe/supply-chain-guard">supply-chain-guard</a> v5.2.
|
|
679
|
+
Generated by <a href="https://github.com/homeofe/supply-chain-guard">supply-chain-guard</a> v5.2.22
|
|
680
680
|
</footer>
|
|
681
681
|
</div>
|
|
682
682
|
<script>
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "supply-chain-guard",
|
|
3
|
-
"version": "5.2.
|
|
3
|
+
"version": "5.2.22",
|
|
4
4
|
"description": "Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs and verifies SLSA provenance.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|