verification-layer 0.20.0 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +251 -615
- package/dist/cli.js +542 -0
- package/dist/cli.js.map +1 -1
- package/dist/marketplace/index.d.ts +8 -0
- package/dist/marketplace/index.d.ts.map +1 -0
- package/dist/marketplace/index.js +7 -0
- package/dist/marketplace/index.js.map +1 -0
- package/dist/marketplace/installer.d.ts +62 -0
- package/dist/marketplace/installer.d.ts.map +1 -0
- package/dist/marketplace/installer.js +254 -0
- package/dist/marketplace/installer.js.map +1 -0
- package/dist/marketplace/registry.d.ts +52 -0
- package/dist/marketplace/registry.d.ts.map +1 -0
- package/dist/marketplace/registry.js +759 -0
- package/dist/marketplace/registry.js.map +1 -0
- package/dist/marketplace/types.d.ts +123 -0
- package/dist/marketplace/types.d.ts.map +1 -0
- package/dist/marketplace/types.js +6 -0
- package/dist/marketplace/types.js.map +1 -0
- package/dist/reporters/audit-report.d.ts.map +1 -1
- package/dist/reporters/audit-report.js +180 -0
- package/dist/reporters/audit-report.js.map +1 -1
- package/dist/reporters/index.d.ts.map +1 -1
- package/dist/reporters/index.js +2612 -5
- package/dist/reporters/index.js.map +1 -1
- package/dist/scan.d.ts.map +1 -1
- package/dist/scan.js +15 -1
- package/dist/scan.js.map +1 -1
- package/dist/scanners/api-security/index.d.ts +7 -0
- package/dist/scanners/api-security/index.d.ts.map +1 -0
- package/dist/scanners/api-security/index.js +139 -0
- package/dist/scanners/api-security/index.js.map +1 -0
- package/dist/scanners/api-security/index.test.d.ts +5 -0
- package/dist/scanners/api-security/index.test.d.ts.map +1 -0
- package/dist/scanners/api-security/index.test.js +360 -0
- package/dist/scanners/api-security/index.test.js.map +1 -0
- package/dist/scanners/api-security/patterns.d.ts +32 -0
- package/dist/scanners/api-security/patterns.d.ts.map +1 -0
- package/dist/scanners/api-security/patterns.js +159 -0
- package/dist/scanners/api-security/patterns.js.map +1 -0
- package/dist/scanners/authentication/index.d.ts +7 -0
- package/dist/scanners/authentication/index.d.ts.map +1 -0
- package/dist/scanners/authentication/index.js +107 -0
- package/dist/scanners/authentication/index.js.map +1 -0
- package/dist/scanners/authentication/index.test.d.ts +5 -0
- package/dist/scanners/authentication/index.test.d.ts.map +1 -0
- package/dist/scanners/authentication/index.test.js +379 -0
- package/dist/scanners/authentication/index.test.js.map +1 -0
- package/dist/scanners/authentication/patterns.d.ts +32 -0
- package/dist/scanners/authentication/patterns.d.ts.map +1 -0
- package/dist/scanners/authentication/patterns.js +133 -0
- package/dist/scanners/authentication/patterns.js.map +1 -0
- package/dist/scanners/configuration/index.d.ts +8 -0
- package/dist/scanners/configuration/index.d.ts.map +1 -0
- package/dist/scanners/configuration/index.js +87 -0
- package/dist/scanners/configuration/index.js.map +1 -0
- package/dist/scanners/configuration/index.test.d.ts +5 -0
- package/dist/scanners/configuration/index.test.d.ts.map +1 -0
- package/dist/scanners/configuration/index.test.js +344 -0
- package/dist/scanners/configuration/index.test.js.map +1 -0
- package/dist/scanners/configuration/patterns.d.ts +32 -0
- package/dist/scanners/configuration/patterns.d.ts.map +1 -0
- package/dist/scanners/configuration/patterns.js +146 -0
- package/dist/scanners/configuration/patterns.js.map +1 -0
- package/dist/scanners/credentials/index.d.ts +7 -0
- package/dist/scanners/credentials/index.d.ts.map +1 -0
- package/dist/scanners/credentials/index.js +129 -0
- package/dist/scanners/credentials/index.js.map +1 -0
- package/dist/scanners/credentials/index.test.d.ts +5 -0
- package/dist/scanners/credentials/index.test.d.ts.map +1 -0
- package/dist/scanners/credentials/index.test.js +395 -0
- package/dist/scanners/credentials/index.test.js.map +1 -0
- package/dist/scanners/credentials/patterns.d.ts +32 -0
- package/dist/scanners/credentials/patterns.d.ts.map +1 -0
- package/dist/scanners/credentials/patterns.js +140 -0
- package/dist/scanners/credentials/patterns.js.map +1 -0
- package/dist/scanners/errors/index.d.ts +8 -0
- package/dist/scanners/errors/index.d.ts.map +1 -0
- package/dist/scanners/errors/index.js +78 -0
- package/dist/scanners/errors/index.js.map +1 -0
- package/dist/scanners/errors/index.test.d.ts +5 -0
- package/dist/scanners/errors/index.test.d.ts.map +1 -0
- package/dist/scanners/errors/index.test.js +330 -0
- package/dist/scanners/errors/index.test.js.map +1 -0
- package/dist/scanners/errors/patterns.d.ts +27 -0
- package/dist/scanners/errors/patterns.d.ts.map +1 -0
- package/dist/scanners/errors/patterns.js +97 -0
- package/dist/scanners/errors/patterns.js.map +1 -0
- package/dist/scanners/hipaa2026/index.d.ts +8 -0
- package/dist/scanners/hipaa2026/index.d.ts.map +1 -0
- package/dist/scanners/hipaa2026/index.js +345 -0
- package/dist/scanners/hipaa2026/index.js.map +1 -0
- package/dist/scanners/hipaa2026/index.test.d.ts +5 -0
- package/dist/scanners/hipaa2026/index.test.d.ts.map +1 -0
- package/dist/scanners/hipaa2026/index.test.js +332 -0
- package/dist/scanners/hipaa2026/index.test.js.map +1 -0
- package/dist/scanners/hipaa2026/patterns.d.ts +57 -0
- package/dist/scanners/hipaa2026/patterns.d.ts.map +1 -0
- package/dist/scanners/hipaa2026/patterns.js +268 -0
- package/dist/scanners/hipaa2026/patterns.js.map +1 -0
- package/dist/scanners/operational/index.d.ts +7 -0
- package/dist/scanners/operational/index.d.ts.map +1 -0
- package/dist/scanners/operational/index.js +171 -0
- package/dist/scanners/operational/index.js.map +1 -0
- package/dist/scanners/operational/index.test.d.ts +5 -0
- package/dist/scanners/operational/index.test.d.ts.map +1 -0
- package/dist/scanners/operational/index.test.js +406 -0
- package/dist/scanners/operational/index.test.js.map +1 -0
- package/dist/scanners/operational/patterns.d.ts +33 -0
- package/dist/scanners/operational/patterns.d.ts.map +1 -0
- package/dist/scanners/operational/patterns.js +151 -0
- package/dist/scanners/operational/patterns.js.map +1 -0
- package/dist/scanners/rbac/index.d.ts +7 -0
- package/dist/scanners/rbac/index.d.ts.map +1 -0
- package/dist/scanners/rbac/index.js +145 -0
- package/dist/scanners/rbac/index.js.map +1 -0
- package/dist/scanners/rbac/index.test.d.ts +5 -0
- package/dist/scanners/rbac/index.test.d.ts.map +1 -0
- package/dist/scanners/rbac/index.test.js +422 -0
- package/dist/scanners/rbac/index.test.js.map +1 -0
- package/dist/scanners/rbac/patterns.d.ts +32 -0
- package/dist/scanners/rbac/patterns.d.ts.map +1 -0
- package/dist/scanners/rbac/patterns.js +124 -0
- package/dist/scanners/rbac/patterns.js.map +1 -0
- package/dist/scanners/revocation/index.d.ts +8 -0
- package/dist/scanners/revocation/index.d.ts.map +1 -0
- package/dist/scanners/revocation/index.js +83 -0
- package/dist/scanners/revocation/index.js.map +1 -0
- package/dist/scanners/revocation/index.test.d.ts +5 -0
- package/dist/scanners/revocation/index.test.d.ts.map +1 -0
- package/dist/scanners/revocation/index.test.js +332 -0
- package/dist/scanners/revocation/index.test.js.map +1 -0
- package/dist/scanners/revocation/patterns.d.ts +27 -0
- package/dist/scanners/revocation/patterns.d.ts.map +1 -0
- package/dist/scanners/revocation/patterns.js +109 -0
- package/dist/scanners/revocation/patterns.js.map +1 -0
- package/dist/scanners/sanitization/index.d.ts +8 -0
- package/dist/scanners/sanitization/index.d.ts.map +1 -0
- package/dist/scanners/sanitization/index.js +98 -0
- package/dist/scanners/sanitization/index.js.map +1 -0
- package/dist/scanners/sanitization/index.test.d.ts +5 -0
- package/dist/scanners/sanitization/index.test.d.ts.map +1 -0
- package/dist/scanners/sanitization/index.test.js +370 -0
- package/dist/scanners/sanitization/index.test.js.map +1 -0
- package/dist/scanners/sanitization/patterns.d.ts +27 -0
- package/dist/scanners/sanitization/patterns.d.ts.map +1 -0
- package/dist/scanners/sanitization/patterns.js +117 -0
- package/dist/scanners/sanitization/patterns.js.map +1 -0
- package/dist/training/certificate.d.ts +26 -0
- package/dist/training/certificate.d.ts.map +1 -0
- package/dist/training/certificate.js +92 -0
- package/dist/training/certificate.js.map +1 -0
- package/dist/training/index.d.ts +3 -0
- package/dist/training/index.d.ts.map +1 -0
- package/dist/training/index.js +243 -0
- package/dist/training/index.js.map +1 -0
- package/dist/training/modules.d.ts +13 -0
- package/dist/training/modules.d.ts.map +1 -0
- package/dist/training/modules.js +608 -0
- package/dist/training/modules.js.map +1 -0
- package/dist/training/questions.d.ts +9 -0
- package/dist/training/questions.d.ts.map +1 -0
- package/dist/training/questions.js +505 -0
- package/dist/training/questions.js.map +1 -0
- package/dist/types.d.ts +45 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/npm-audit.d.ts +6 -0
- package/dist/utils/npm-audit.d.ts.map +1 -0
- package/dist/utils/npm-audit.js +95 -0
- package/dist/utils/npm-audit.js.map +1 -0
- package/dist/utils/scan-history.d.ts +59 -0
- package/dist/utils/scan-history.d.ts.map +1 -0
- package/dist/utils/scan-history.js +170 -0
- package/dist/utils/scan-history.js.map +1 -0
- package/package.json +4 -1
- package/templates/baa-verification-letter.md +105 -0
- package/templates/irp.md +545 -0
- package/templates/notice-of-privacy-practices.md +491 -0
- package/templates/physical-safeguards-checklist.md +247 -0
- package/templates/security-officer-designation.md +237 -0
|
@@ -0,0 +1,505 @@
|
|
|
1
|
+
export const questions = [
|
|
2
|
+
// MODULE 1: What is PHI/ePHI?
|
|
3
|
+
{
|
|
4
|
+
moduleId: 1,
|
|
5
|
+
question: 'Which of the following is considered PHI?',
|
|
6
|
+
options: [
|
|
7
|
+
'A. Anonymous health statistics from a research study',
|
|
8
|
+
'B. An email saying "John Smith has an appointment on March 15"',
|
|
9
|
+
'C. A de-identified dataset with patient ages but no names',
|
|
10
|
+
'D. General medical information on a public health website',
|
|
11
|
+
],
|
|
12
|
+
correctAnswer: 1,
|
|
13
|
+
explanation: 'Name (John Smith) + healthcare information (appointment) = PHI. The other options are either de-identified or don\'t link to an individual.',
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
moduleId: 1,
|
|
17
|
+
question: 'How many HIPAA identifiers must be removed for data to be considered de-identified?',
|
|
18
|
+
options: [
|
|
19
|
+
'A. Only the patient name',
|
|
20
|
+
'B. All 18 identifiers',
|
|
21
|
+
'C. Just the SSN and medical record number',
|
|
22
|
+
'D. 10 of the 18 identifiers',
|
|
23
|
+
],
|
|
24
|
+
correctAnswer: 1,
|
|
25
|
+
explanation: 'All 18 HIPAA identifiers must be removed for data to be considered properly de-identified under the Safe Harbor method.',
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
moduleId: 1,
|
|
29
|
+
question: 'What is the difference between PHI and ePHI?',
|
|
30
|
+
options: [
|
|
31
|
+
'A. PHI is more sensitive than ePHI',
|
|
32
|
+
'B. ePHI is PHI in electronic form',
|
|
33
|
+
'C. ePHI only includes medical diagnoses',
|
|
34
|
+
'D. There is no difference',
|
|
35
|
+
],
|
|
36
|
+
correctAnswer: 1,
|
|
37
|
+
explanation: 'ePHI (electronic PHI) is simply PHI that is created, stored, transmitted, or processed electronically. The HIPAA Security Rule applies to ePHI.',
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
moduleId: 1,
|
|
41
|
+
question: 'Which of these is NOT one of the 18 HIPAA identifiers?',
|
|
42
|
+
options: [
|
|
43
|
+
'A. Email address',
|
|
44
|
+
'B. IP address',
|
|
45
|
+
'C. Job title',
|
|
46
|
+
'D. Biometric data (fingerprints)',
|
|
47
|
+
],
|
|
48
|
+
correctAnswer: 2,
|
|
49
|
+
explanation: 'Job title is not one of the 18 HIPAA identifiers. Email, IP address, and biometric data are all identifiers that must be removed for de-identification.',
|
|
50
|
+
},
|
|
51
|
+
// MODULE 2: The HIPAA Security Rule
|
|
52
|
+
{
|
|
53
|
+
moduleId: 2,
|
|
54
|
+
question: 'Which of the following is a TECHNICAL safeguard?',
|
|
55
|
+
options: [
|
|
56
|
+
'A. Security awareness training',
|
|
57
|
+
'B. Facility access controls',
|
|
58
|
+
'C. Automatic logoff (session timeout)',
|
|
59
|
+
'D. Contingency planning',
|
|
60
|
+
],
|
|
61
|
+
correctAnswer: 2,
|
|
62
|
+
explanation: 'Automatic logoff is a technical safeguard (§164.312). Training is administrative, facility access is physical, and contingency planning is administrative.',
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
moduleId: 2,
|
|
66
|
+
question: 'What is the difference between Required and Addressable specifications?',
|
|
67
|
+
options: [
|
|
68
|
+
'A. Required must be implemented; Addressable can be ignored',
|
|
69
|
+
'B. Required must be implemented; Addressable must be implemented OR documented why not + alternative',
|
|
70
|
+
'C. There is no difference anymore',
|
|
71
|
+
'D. Addressable only applies to small organizations',
|
|
72
|
+
],
|
|
73
|
+
correctAnswer: 1,
|
|
74
|
+
explanation: 'Addressable does NOT mean optional. You must either implement it OR document why it\'s not reasonable/appropriate and provide an equivalent alternative. The 2024 NPRM proposes eliminating this distinction.',
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
moduleId: 2,
|
|
78
|
+
question: 'What is the maximum annual penalty for a single type of HIPAA violation?',
|
|
79
|
+
options: [
|
|
80
|
+
'A. $50,000',
|
|
81
|
+
'B. $250,000',
|
|
82
|
+
'C. $1.5 million',
|
|
83
|
+
'D. $10 million',
|
|
84
|
+
],
|
|
85
|
+
correctAnswer: 2,
|
|
86
|
+
explanation: 'The annual maximum penalty is $1.5 million per violation type. Individual violations can be $100-$50,000 each depending on the tier.',
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
moduleId: 2,
|
|
90
|
+
question: 'How long do you have to notify affected individuals after discovering a breach?',
|
|
91
|
+
options: [
|
|
92
|
+
'A. 24 hours',
|
|
93
|
+
'B. 30 days',
|
|
94
|
+
'C. 60 days',
|
|
95
|
+
'D. 90 days',
|
|
96
|
+
],
|
|
97
|
+
correctAnswer: 2,
|
|
98
|
+
explanation: 'Covered entities must notify affected individuals within 60 days of discovering a breach. Business associates must notify the covered entity within 24 hours.',
|
|
99
|
+
},
|
|
100
|
+
// MODULE 3: Access Control in Code
|
|
101
|
+
{
|
|
102
|
+
moduleId: 3,
|
|
103
|
+
question: 'Which of the following violates HIPAA access control requirements?',
|
|
104
|
+
options: [
|
|
105
|
+
'A. Each user has their own unique login ID',
|
|
106
|
+
'B. Developers use a shared "dev" account to access production for troubleshooting',
|
|
107
|
+
'C. Sessions timeout after 15 minutes of inactivity',
|
|
108
|
+
'D. Users can only access records they need for their job',
|
|
109
|
+
],
|
|
110
|
+
correctAnswer: 1,
|
|
111
|
+
explanation: 'Shared accounts violate §164.312(a)(2)(i) which REQUIRES unique user identification. Every person must have their own account to track who accessed what.',
|
|
112
|
+
},
|
|
113
|
+
{
|
|
114
|
+
moduleId: 3,
|
|
115
|
+
question: 'What is the recommended maximum session timeout for systems with ePHI?',
|
|
116
|
+
options: [
|
|
117
|
+
'A. 5 minutes',
|
|
118
|
+
'B. 15 minutes',
|
|
119
|
+
'C. 30 minutes',
|
|
120
|
+
'D. 1 hour',
|
|
121
|
+
],
|
|
122
|
+
correctAnswer: 1,
|
|
123
|
+
explanation: 'The industry standard for ePHI systems is ≤15 minutes of inactivity. This is an addressable specification under §164.312(a)(2)(iii).',
|
|
124
|
+
},
|
|
125
|
+
{
|
|
126
|
+
moduleId: 3,
|
|
127
|
+
question: 'What does "minimum necessary" mean for access control?',
|
|
128
|
+
options: [
|
|
129
|
+
'A. Users can only access the minimum amount of PHI needed for their job function',
|
|
130
|
+
'B. All authenticated users can access all patient records',
|
|
131
|
+
'C. Only administrators need access controls',
|
|
132
|
+
'D. Minimum necessary only applies to disclosures, not access',
|
|
133
|
+
],
|
|
134
|
+
correctAnswer: 0,
|
|
135
|
+
explanation: 'Minimum necessary means users should only have access to the PHI required to perform their specific job duties. This is a core HIPAA principle.',
|
|
136
|
+
},
|
|
137
|
+
{
|
|
138
|
+
moduleId: 3,
|
|
139
|
+
question: 'When should user access be removed?',
|
|
140
|
+
options: [
|
|
141
|
+
'A. Within 30 days of termination',
|
|
142
|
+
'B. At the end of the quarter',
|
|
143
|
+
'C. Immediately upon termination',
|
|
144
|
+
'D. After the final paycheck is issued',
|
|
145
|
+
],
|
|
146
|
+
correctAnswer: 2,
|
|
147
|
+
explanation: 'Access to ePHI must be terminated immediately when an employee leaves or changes roles. This is a critical security control.',
|
|
148
|
+
},
|
|
149
|
+
// MODULE 4: Encryption
|
|
150
|
+
{
|
|
151
|
+
moduleId: 4,
|
|
152
|
+
question: 'Which encryption algorithm should be used for ePHI at rest?',
|
|
153
|
+
options: [
|
|
154
|
+
'A. MD5',
|
|
155
|
+
'B. DES',
|
|
156
|
+
'C. AES-256',
|
|
157
|
+
'D. SHA-1',
|
|
158
|
+
],
|
|
159
|
+
correctAnswer: 2,
|
|
160
|
+
explanation: 'AES-256 is the industry standard for encrypting data at rest. MD5 and SHA-1 are hashing algorithms (not encryption) and are outdated. DES is weak.',
|
|
161
|
+
},
|
|
162
|
+
{
|
|
163
|
+
moduleId: 4,
|
|
164
|
+
question: 'What is the minimum TLS version that should be used for transmitting ePHI?',
|
|
165
|
+
options: [
|
|
166
|
+
'A. TLS 1.0',
|
|
167
|
+
'B. TLS 1.1',
|
|
168
|
+
'C. TLS 1.2',
|
|
169
|
+
'D. SSL 3.0',
|
|
170
|
+
],
|
|
171
|
+
correctAnswer: 2,
|
|
172
|
+
explanation: 'TLS 1.2 is the minimum; TLS 1.3 is preferred. SSL 3.0, TLS 1.0, and TLS 1.1 have known vulnerabilities and should not be used.',
|
|
173
|
+
},
|
|
174
|
+
{
|
|
175
|
+
moduleId: 4,
|
|
176
|
+
question: 'Where should encryption keys be stored?',
|
|
177
|
+
options: [
|
|
178
|
+
'A. Hardcoded in the source code',
|
|
179
|
+
'B. In the same database as the encrypted data',
|
|
180
|
+
'C. In environment variables or a secret manager (AWS KMS, Vault)',
|
|
181
|
+
'D. In a configuration file committed to Git',
|
|
182
|
+
],
|
|
183
|
+
correctAnswer: 2,
|
|
184
|
+
explanation: 'Encryption keys must be stored separately from encrypted data, preferably in environment variables or dedicated secret managers like AWS KMS or HashiCorp Vault.',
|
|
185
|
+
},
|
|
186
|
+
{
|
|
187
|
+
moduleId: 4,
|
|
188
|
+
question: 'If ePHI is encrypted according to NIST standards, what happens in a breach?',
|
|
189
|
+
options: [
|
|
190
|
+
'A. No notification is required at all',
|
|
191
|
+
'B. You still must report to OCR, but may not need to notify individuals (Safe Harbor)',
|
|
192
|
+
'C. The penalty is reduced by 50%',
|
|
193
|
+
'D. It is not considered a breach',
|
|
194
|
+
],
|
|
195
|
+
correctAnswer: 1,
|
|
196
|
+
explanation: 'Properly encrypted ePHI may qualify for Safe Harbor, meaning individual notification might not be required. However, you must still report the incident to OCR.',
|
|
197
|
+
},
|
|
198
|
+
// MODULE 5: Authentication & MFA
|
|
199
|
+
{
|
|
200
|
+
moduleId: 5,
|
|
201
|
+
question: 'By what percentage does MFA reduce account compromise?',
|
|
202
|
+
options: [
|
|
203
|
+
'A. 50%',
|
|
204
|
+
'B. 75%',
|
|
205
|
+
'C. 90%',
|
|
206
|
+
'D. 99.9%',
|
|
207
|
+
],
|
|
208
|
+
correctAnswer: 3,
|
|
209
|
+
explanation: 'According to Microsoft research, MFA blocks 99.9% of account compromise attacks. This makes it one of the most effective security controls.',
|
|
210
|
+
},
|
|
211
|
+
{
|
|
212
|
+
moduleId: 5,
|
|
213
|
+
question: 'When is MFA REQUIRED for ePHI access?',
|
|
214
|
+
options: [
|
|
215
|
+
'A. Only for administrator accounts',
|
|
216
|
+
'B. For remote access to ePHI systems',
|
|
217
|
+
'C. Never, it is only recommended',
|
|
218
|
+
'D. Only for Business Associates, not Covered Entities',
|
|
219
|
+
],
|
|
220
|
+
correctAnswer: 1,
|
|
221
|
+
explanation: 'MFA is required for remote access to ePHI systems. It is strongly recommended for all ePHI access as a best practice.',
|
|
222
|
+
},
|
|
223
|
+
{
|
|
224
|
+
moduleId: 5,
|
|
225
|
+
question: 'Which of the following is the MOST secure MFA method?',
|
|
226
|
+
options: [
|
|
227
|
+
'A. SMS text message codes',
|
|
228
|
+
'B. Email verification codes',
|
|
229
|
+
'C. TOTP (Google Authenticator)',
|
|
230
|
+
'D. Passkeys/WebAuthn (hardware tokens)',
|
|
231
|
+
],
|
|
232
|
+
correctAnswer: 3,
|
|
233
|
+
explanation: 'Passkeys/WebAuthn (hardware tokens like YubiKey) are the most secure. TOTP is good, but SMS and email are vulnerable to interception.',
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
moduleId: 5,
|
|
237
|
+
question: 'What is the current NIST recommendation on password expiration?',
|
|
238
|
+
options: [
|
|
239
|
+
'A. Change passwords every 30 days',
|
|
240
|
+
'B. Change passwords every 90 days',
|
|
241
|
+
'C. Do NOT require periodic password changes',
|
|
242
|
+
'D. Change passwords every 6 months',
|
|
243
|
+
],
|
|
244
|
+
correctAnswer: 2,
|
|
245
|
+
explanation: 'NIST no longer recommends forced periodic password changes, as they lead to weaker passwords. Instead, focus on length, complexity, and breach detection.',
|
|
246
|
+
},
|
|
247
|
+
// MODULE 6: Audit Logging
|
|
248
|
+
{
|
|
249
|
+
moduleId: 6,
|
|
250
|
+
question: 'What are the "5 W\'s" that should be in every audit log?',
|
|
251
|
+
options: [
|
|
252
|
+
'A. Who, What, When, Where, Why',
|
|
253
|
+
'B. Who, What, When, Where, Outcome',
|
|
254
|
+
'C. User, Action, Time, Location, Status',
|
|
255
|
+
'D. Both B and C (they mean the same thing)',
|
|
256
|
+
],
|
|
257
|
+
correctAnswer: 3,
|
|
258
|
+
explanation: 'Audit logs should capture: WHO (user), WHAT (action), WHEN (timestamp), WHERE (resource), and OUTCOME (success/failure). "Why" is not typically logged.',
|
|
259
|
+
},
|
|
260
|
+
{
|
|
261
|
+
moduleId: 6,
|
|
262
|
+
question: 'Which of the following should NEVER be in audit logs?',
|
|
263
|
+
options: [
|
|
264
|
+
'A. Patient ID',
|
|
265
|
+
'B. User ID',
|
|
266
|
+
'C. Patient name and diagnosis',
|
|
267
|
+
'D. Timestamp',
|
|
268
|
+
],
|
|
269
|
+
correctAnswer: 2,
|
|
270
|
+
explanation: 'PHI (like patient names and diagnoses) should NEVER be in logs. Use patient IDs instead. Also never log passwords, auth tokens, or encryption keys.',
|
|
271
|
+
},
|
|
272
|
+
{
|
|
273
|
+
moduleId: 6,
|
|
274
|
+
question: 'How long must audit logs be retained?',
|
|
275
|
+
options: [
|
|
276
|
+
'A. 1 year',
|
|
277
|
+
'B. 3 years',
|
|
278
|
+
'C. 6 years',
|
|
279
|
+
'D. 10 years',
|
|
280
|
+
],
|
|
281
|
+
correctAnswer: 2,
|
|
282
|
+
explanation: 'HIPAA requires audit logs to be retained for a minimum of 6 years. Some state laws may require longer retention.',
|
|
283
|
+
},
|
|
284
|
+
{
|
|
285
|
+
moduleId: 6,
|
|
286
|
+
question: 'What should be audit logged?',
|
|
287
|
+
options: [
|
|
288
|
+
'A. Only failed login attempts',
|
|
289
|
+
'B. Only successful ePHI access',
|
|
290
|
+
'C. All ePHI access (read, write, update, delete) and authentication events',
|
|
291
|
+
'D. Only administrative actions',
|
|
292
|
+
],
|
|
293
|
+
correctAnswer: 2,
|
|
294
|
+
explanation: 'All ePHI access, authentication events, authorization changes, and administrative actions should be logged. This creates a complete audit trail.',
|
|
295
|
+
},
|
|
296
|
+
// MODULE 7: Input Validation & Injection Prevention
|
|
297
|
+
{
|
|
298
|
+
moduleId: 7,
|
|
299
|
+
question: 'Which of the following prevents SQL injection?',
|
|
300
|
+
options: [
|
|
301
|
+
'A. Concatenating user input into SQL queries',
|
|
302
|
+
'B. Using parameterized queries / prepared statements',
|
|
303
|
+
'C. Sanitizing input by removing special characters',
|
|
304
|
+
'D. Limiting query result size',
|
|
305
|
+
],
|
|
306
|
+
correctAnswer: 1,
|
|
307
|
+
explanation: 'Parameterized queries (prepared statements) are the correct defense against SQL injection. Never concatenate user input into queries.',
|
|
308
|
+
},
|
|
309
|
+
{
|
|
310
|
+
moduleId: 7,
|
|
311
|
+
question: 'Why is SQL injection especially critical in PHI systems?',
|
|
312
|
+
options: [
|
|
313
|
+
'A. It can expose all patient records in the database',
|
|
314
|
+
'B. It only affects test databases',
|
|
315
|
+
'C. It is not a serious threat for healthcare apps',
|
|
316
|
+
'D. It only affects payment information, not medical records',
|
|
317
|
+
],
|
|
318
|
+
correctAnswer: 0,
|
|
319
|
+
explanation: 'SQL injection can allow attackers to bypass access controls and extract entire databases of patient records, making it extremely critical for PHI systems.',
|
|
320
|
+
},
|
|
321
|
+
{
|
|
322
|
+
moduleId: 7,
|
|
323
|
+
question: 'How should file uploads be validated in a healthcare application?',
|
|
324
|
+
options: [
|
|
325
|
+
'A. No validation needed if the user is authenticated',
|
|
326
|
+
'B. Block files with .exe extension only',
|
|
327
|
+
'C. Whitelist allowed file types (JPEG, PNG, PDF), scan for malware, limit size',
|
|
328
|
+
'D. Allow any file type but store it securely',
|
|
329
|
+
],
|
|
330
|
+
correctAnswer: 2,
|
|
331
|
+
explanation: 'File uploads (medical records, insurance cards) must be validated using a whitelist of allowed types, scanned for malware, size-limited, and stored securely.',
|
|
332
|
+
},
|
|
333
|
+
{
|
|
334
|
+
moduleId: 7,
|
|
335
|
+
question: 'What is the correct defense against XSS (Cross-Site Scripting)?',
|
|
336
|
+
options: [
|
|
337
|
+
'A. Disable JavaScript in the browser',
|
|
338
|
+
'B. Escape/sanitize user input before rendering in HTML',
|
|
339
|
+
'C. Use HTTP instead of HTTPS',
|
|
340
|
+
'D. Store all user input in cookies',
|
|
341
|
+
],
|
|
342
|
+
correctAnswer: 1,
|
|
343
|
+
explanation: 'XSS is prevented by escaping/sanitizing user input before rendering it in HTML, and using Content-Security-Policy headers.',
|
|
344
|
+
},
|
|
345
|
+
// MODULE 8: Error Handling
|
|
346
|
+
{
|
|
347
|
+
moduleId: 8,
|
|
348
|
+
question: 'What should you do with stack traces in production?',
|
|
349
|
+
options: [
|
|
350
|
+
'A. Display them to users so they can report the error',
|
|
351
|
+
'B. Send them to the client for debugging',
|
|
352
|
+
'C. Log them server-side but never expose to users',
|
|
353
|
+
'D. Disable error logging to improve performance',
|
|
354
|
+
],
|
|
355
|
+
correctAnswer: 2,
|
|
356
|
+
explanation: 'Stack traces reveal system architecture and should NEVER be shown to users. Log them server-side for debugging, but show generic errors to users.',
|
|
357
|
+
},
|
|
358
|
+
{
|
|
359
|
+
moduleId: 8,
|
|
360
|
+
question: 'Which error message is appropriate?',
|
|
361
|
+
options: [
|
|
362
|
+
'A. "Patient John Smith, SSN 123-45-6789 not found"',
|
|
363
|
+
'B. "Patient record not found"',
|
|
364
|
+
'C. "SELECT * FROM patients WHERE ssn=\'123-45-6789\' returned 0 rows"',
|
|
365
|
+
'D. "Database error: Table \'patients\' doesn\'t exist"',
|
|
366
|
+
],
|
|
367
|
+
correctAnswer: 1,
|
|
368
|
+
explanation: 'Error messages should be generic and not include PHI, table names, column names, or query details. Log patient IDs server-side if needed.',
|
|
369
|
+
},
|
|
370
|
+
{
|
|
371
|
+
moduleId: 8,
|
|
372
|
+
question: 'What should be included in a user-facing error response?',
|
|
373
|
+
options: [
|
|
374
|
+
'A. Full stack trace and database error',
|
|
375
|
+
'B. Generic message, error code, and request ID for support',
|
|
376
|
+
'C. Patient data that caused the error',
|
|
377
|
+
'D. SQL query that failed',
|
|
378
|
+
],
|
|
379
|
+
correctAnswer: 1,
|
|
380
|
+
explanation: 'User-facing errors should include a generic message, an error code, and a request ID for support lookup. Never expose technical details or PHI.',
|
|
381
|
+
},
|
|
382
|
+
// MODULE 9: Secure API Design
|
|
383
|
+
{
|
|
384
|
+
moduleId: 9,
|
|
385
|
+
question: 'Why should PHI never be in URL parameters?',
|
|
386
|
+
options: [
|
|
387
|
+
'A. It makes the URL too long',
|
|
388
|
+
'B. URLs are logged in browsers, proxies, and load balancers',
|
|
389
|
+
'C. It slows down the API',
|
|
390
|
+
'D. It is fine to put PHI in URLs if using HTTPS',
|
|
391
|
+
],
|
|
392
|
+
correctAnswer: 1,
|
|
393
|
+
explanation: 'URLs are logged everywhere (browser history, server logs, proxy logs, load balancers). PHI in URLs = PHI in logs. Use request bodies or non-PHI IDs instead.',
|
|
394
|
+
},
|
|
395
|
+
{
|
|
396
|
+
moduleId: 9,
|
|
397
|
+
question: 'What is the purpose of rate limiting on authentication endpoints?',
|
|
398
|
+
options: [
|
|
399
|
+
'A. To improve server performance',
|
|
400
|
+
'B. To prevent brute force password attacks',
|
|
401
|
+
'C. To reduce bandwidth costs',
|
|
402
|
+
'D. To force users to remember their passwords',
|
|
403
|
+
],
|
|
404
|
+
correctAnswer: 1,
|
|
405
|
+
explanation: 'Rate limiting prevents attackers from making unlimited login attempts to guess passwords. Example: limit to 5 attempts per 15 minutes.',
|
|
406
|
+
},
|
|
407
|
+
{
|
|
408
|
+
moduleId: 9,
|
|
409
|
+
question: 'What is the correct CORS configuration for a patient portal API?',
|
|
410
|
+
options: [
|
|
411
|
+
'A. Allow all origins with credentials: cors({ origin: \'*\', credentials: true })',
|
|
412
|
+
'B. Allow specific origin: cors({ origin: \'https://portal.example.com\', credentials: true })',
|
|
413
|
+
'C. Disable CORS entirely',
|
|
414
|
+
'D. Allow all origins without credentials',
|
|
415
|
+
],
|
|
416
|
+
correctAnswer: 1,
|
|
417
|
+
explanation: 'CORS should whitelist specific origins, never use "*" with credentials. This prevents unauthorized sites from accessing your API.',
|
|
418
|
+
},
|
|
419
|
+
{
|
|
420
|
+
moduleId: 9,
|
|
421
|
+
question: 'What should be stored in a JWT for a healthcare application?',
|
|
422
|
+
options: [
|
|
423
|
+
'A. User ID, roles, and patient SSN',
|
|
424
|
+
'B. User ID and roles only (no PHI)',
|
|
425
|
+
'C. Full patient medical records',
|
|
426
|
+
'D. Encryption keys and passwords',
|
|
427
|
+
],
|
|
428
|
+
correctAnswer: 1,
|
|
429
|
+
explanation: 'JWTs should contain minimal information: user ID and roles. Never store PHI, passwords, or encryption keys in JWTs as they are not encrypted by default.',
|
|
430
|
+
},
|
|
431
|
+
{
|
|
432
|
+
moduleId: 9,
|
|
433
|
+
question: 'What is a recommended JWT expiration time for ePHI systems?',
|
|
434
|
+
options: [
|
|
435
|
+
'A. 24 hours',
|
|
436
|
+
'B. 7 days',
|
|
437
|
+
'C. 15-30 minutes',
|
|
438
|
+
'D. Never expire',
|
|
439
|
+
],
|
|
440
|
+
correctAnswer: 2,
|
|
441
|
+
explanation: 'Short-lived JWTs (15-30 minutes) with refresh tokens provide better security. Long-lived tokens increase risk if compromised.',
|
|
442
|
+
},
|
|
443
|
+
// MODULE 10: Incident Response for Developers
|
|
444
|
+
{
|
|
445
|
+
moduleId: 10,
|
|
446
|
+
question: 'Which of the following is a security incident?',
|
|
447
|
+
options: [
|
|
448
|
+
'A. A developer accidentally logs patient names in application logs',
|
|
449
|
+
'B. A failed login attempt',
|
|
450
|
+
'C. A user forgets their password',
|
|
451
|
+
'D. A scheduled system maintenance',
|
|
452
|
+
],
|
|
453
|
+
correctAnswer: 0,
|
|
454
|
+
explanation: 'PHI in logs is a security incident (potential unauthorized disclosure). Failed logins are monitored but typically not incidents unless part of an attack pattern.',
|
|
455
|
+
},
|
|
456
|
+
{
|
|
457
|
+
moduleId: 10,
|
|
458
|
+
question: 'What is the FIRST thing you should do when you discover a potential breach?',
|
|
459
|
+
options: [
|
|
460
|
+
'A. Delete the logs to remove evidence of the breach',
|
|
461
|
+
'B. Fix the vulnerability quietly and don\'t tell anyone',
|
|
462
|
+
'C. Notify your Security Officer / Incident Response Team immediately',
|
|
463
|
+
'D. Post about it on social media to warn users',
|
|
464
|
+
],
|
|
465
|
+
correctAnswer: 2,
|
|
466
|
+
explanation: 'Immediately notify your Security Officer or Incident Response Team. Never delete evidence, hide the incident, or communicate publicly without authorization.',
|
|
467
|
+
},
|
|
468
|
+
{
|
|
469
|
+
moduleId: 10,
|
|
470
|
+
question: 'How long does a Business Associate have to notify a Covered Entity after discovering a breach?',
|
|
471
|
+
options: [
|
|
472
|
+
'A. Immediately',
|
|
473
|
+
'B. Within 24 hours',
|
|
474
|
+
'C. Within 60 days',
|
|
475
|
+
'D. Within 30 days',
|
|
476
|
+
],
|
|
477
|
+
correctAnswer: 1,
|
|
478
|
+
explanation: 'Business Associates must notify the Covered Entity within 24 hours of discovering a breach. The Covered Entity then has 60 days to notify individuals.',
|
|
479
|
+
},
|
|
480
|
+
{
|
|
481
|
+
moduleId: 10,
|
|
482
|
+
question: 'What should you do with logs after discovering a security incident?',
|
|
483
|
+
options: [
|
|
484
|
+
'A. Delete them to prevent legal liability',
|
|
485
|
+
'B. Preserve them as evidence (even if they contain evidence of the breach)',
|
|
486
|
+
'C. Only keep logs that show you did nothing wrong',
|
|
487
|
+
'D. Send them to the press',
|
|
488
|
+
],
|
|
489
|
+
correctAnswer: 1,
|
|
490
|
+
explanation: 'Preserve ALL logs and evidence, even if they show mistakes or vulnerabilities. Deleting evidence is obstruction and makes penalties much worse.',
|
|
491
|
+
},
|
|
492
|
+
{
|
|
493
|
+
moduleId: 10,
|
|
494
|
+
question: 'What is worse than causing a HIPAA breach?',
|
|
495
|
+
options: [
|
|
496
|
+
'A. Reporting the breach late',
|
|
497
|
+
'B. Hiding or covering up the breach',
|
|
498
|
+
'C. Not having encryption',
|
|
499
|
+
'D. Having weak passwords',
|
|
500
|
+
],
|
|
501
|
+
correctAnswer: 1,
|
|
502
|
+
explanation: 'Hiding or covering up a breach is worse than the breach itself. It demonstrates willful neglect and can result in criminal penalties. Federal law protects whistleblowers.',
|
|
503
|
+
},
|
|
504
|
+
];
|
|
505
|
+
//# sourceMappingURL=questions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"questions.js","sourceRoot":"","sources":["../../src/training/questions.ts"],"names":[],"mappings":"AAQA,MAAM,CAAC,MAAM,SAAS,GAAe;IACnC,8BAA8B;IAC9B;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,2CAA2C;QACrD,OAAO,EAAE;YACP,sDAAsD;YACtD,gEAAgE;YAChE,2DAA2D;YAC3D,2DAA2D;SAC5D;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,6IAA6I;KAChJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,qFAAqF;QAC/F,OAAO,EAAE;YACP,0BAA0B;YAC1B,uBAAuB;YACvB,2CAA2C;YAC3C,6BAA6B;SAC9B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,yHAAyH;KAC5H;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,8CAA8C;QACxD,OAAO,EAAE;YACP,oCAAoC;YACpC,mCAAmC;YACnC,yCAAyC;YACzC,2BAA2B;SAC5B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,iJAAiJ;KACpJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,wDAAwD;QAClE,OAAO,EAAE;YACP,kBAAkB;YAClB,eAAe;YACf,cAAc;YACd,kCAAkC;SACnC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,yJAAyJ;KAC5J;IAED,oCAAoC;IACpC;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,kDAAkD;QAC5D,OAAO,EAAE;YACP,gCAAgC;YAChC,6BAA6B;YAC7B,uCAAuC;YACvC,yBAAyB;SAC1B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,4JAA4J;KAC/J;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,yEAAyE;QACnF,OAAO,EAAE;YACP,6DAA6D;YAC7D,sGAAsG;YACtG,mCAAmC;YACnC,oDAAoD;SACrD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,+MAA+M;KAClN;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,0EAA0E;QACpF,OAAO,EAAE;YACP,YAAY;YACZ,aAAa;YACb,iBAAiB;YACjB,gBAAgB;SACjB;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,sIAAsI;KACzI;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,iFAAiF;QAC3F,OAAO,EAAE;YACP,aAAa;YACb,YAAY;YACZ,YAAY;YACZ,YAAY;SACb;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,+JAA+J;KAClK;IAED,mCAAmC;IACnC;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,oEAAoE;QAC9E,OAAO,EAAE;YACP,4CAA4C;YAC5C,mFAAmF;YACnF,oDAAoD;YACpD,0DAA0D;SAC3D;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,2JAA2J;KAC9J;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,wEAAwE;QAClF,OAAO,EAAE;YACP,cAAc;YACd,eAAe;YACf,eAAe;YACf,WAAW;SACZ;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,sIAAsI;KACzI;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,wDAAwD;QAClE,OAAO,EAAE;YACP,kFAAkF;YAClF,2DAA2D;YAC3D,6CAA6C;YAC7C,8DAA8D;SAC/D;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,iJAAiJ;KACpJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,qCAAqC;QAC/C,OAAO,EAAE;YACP,kCAAkC;YAClC,8BAA8B;YAC9B,iCAAiC;YACjC,uCAAuC;SACxC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,8HAA8H;KACjI;IAED,uBAAuB;IACvB;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,6DAA6D;QACvE,OAAO,EAAE;YACP,QAAQ;YACR,QAAQ;YACR,YAAY;YACZ,UAAU;SACX;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,oJAAoJ;KACvJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,4EAA4E;QACtF,OAAO,EAAE;YACP,YAAY;YACZ,YAAY;YACZ,YAAY;YACZ,YAAY;SACb;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,gIAAgI;KACnI;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,yCAAyC;QACnD,OAAO,EAAE;YACP,iCAAiC;YACjC,+CAA+C;YAC/C,kEAAkE;YAClE,6CAA6C;SAC9C;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,kKAAkK;KACrK;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,6EAA6E;QACvF,OAAO,EAAE;YACP,uCAAuC;YACvC,uFAAuF;YACvF,kCAAkC;YAClC,kCAAkC;SACnC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,iKAAiK;KACpK;IAED,iCAAiC;IACjC;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,wDAAwD;QAClE,OAAO,EAAE;YACP,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,UAAU;SACX;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,6IAA6I;KAChJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uCAAuC;QACjD,OAAO,EAAE;YACP,oCAAoC;YACpC,sCAAsC;YACtC,kCAAkC;YAClC,uDAAuD;SACxD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,uHAAuH;KAC1H;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uDAAuD;QACjE,OAAO,EAAE;YACP,2BAA2B;YAC3B,6BAA6B;YAC7B,gCAAgC;YAChC,wCAAwC;SACzC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,uIAAuI;KAC1I;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,iEAAiE;QAC3E,OAAO,EAAE;YACP,mCAAmC;YACnC,mCAAmC;YACnC,6CAA6C;YAC7C,oCAAoC;SACrC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,2JAA2J;KAC9J;IAED,0BAA0B;IAC1B;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,0DAA0D;QACpE,OAAO,EAAE;YACP,gCAAgC;YAChC,oCAAoC;YACpC,yCAAyC;YACzC,4CAA4C;SAC7C;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,yJAAyJ;KAC5J;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uDAAuD;QACjE,OAAO,EAAE;YACP,eAAe;YACf,YAAY;YACZ,+BAA+B;YAC/B,cAAc;SACf;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,qJAAqJ;KACxJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,uCAAuC;QACjD,OAAO,EAAE;YACP,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,aAAa;SACd;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,kHAAkH;KACrH;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,8BAA8B;QACxC,OAAO,EAAE;YACP,+BAA+B;YAC/B,gCAAgC;YAChC,4EAA4E;YAC5E,gCAAgC;SACjC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,kJAAkJ;KACrJ;IAED,oDAAoD;IACpD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,gDAAgD;QAC1D,OAAO,EAAE;YACP,8CAA8C;YAC9C,sDAAsD;YACtD,oDAAoD;YACpD,+BAA+B;SAChC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,uIAAuI;KAC1I;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,0DAA0D;QACpE,OAAO,EAAE;YACP,sDAAsD;YACtD,mCAAmC;YACnC,mDAAmD;YACnD,6DAA6D;SAC9D;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,4JAA4J;KAC/J;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,mEAAmE;QAC7E,OAAO,EAAE;YACP,sDAAsD;YACtD,yCAAyC;YACzC,gFAAgF;YAChF,8CAA8C;SAC/C;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,+JAA+J;KAClK;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,iEAAiE;QAC3E,OAAO,EAAE;YACP,sCAAsC;YACtC,wDAAwD;YACxD,8BAA8B;YAC9B,oCAAoC;SACrC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,4HAA4H;KAC/H;IAED,2BAA2B;IAC3B;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,qDAAqD;QAC/D,OAAO,EAAE;YACP,uDAAuD;YACvD,0CAA0C;YAC1C,mDAAmD;YACnD,iDAAiD;SAClD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,mJAAmJ;KACtJ;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,qCAAqC;QAC/C,OAAO,EAAE;YACP,oDAAoD;YACpD,+BAA+B;YAC/B,uEAAuE;YACvE,wDAAwD;SACzD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,2IAA2I;KAC9I;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,0DAA0D;QACpE,OAAO,EAAE;YACP,wCAAwC;YACxC,4DAA4D;YAC5D,uCAAuC;YACvC,0BAA0B;SAC3B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,iJAAiJ;KACpJ;IAED,8BAA8B;IAC9B;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,4CAA4C;QACtD,OAAO,EAAE;YACP,8BAA8B;YAC9B,6DAA6D;YAC7D,0BAA0B;YAC1B,iDAAiD;SAClD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,8JAA8J;KACjK;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,mEAAmE;QAC7E,OAAO,EAAE;YACP,kCAAkC;YAClC,4CAA4C;YAC5C,8BAA8B;YAC9B,+CAA+C;SAChD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,wIAAwI;KAC3I;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,kEAAkE;QAC5E,OAAO,EAAE;YACP,mFAAmF;YACnF,+FAA+F;YAC/F,0BAA0B;YAC1B,0CAA0C;SAC3C;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,mIAAmI;KACtI;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,8DAA8D;QACxE,OAAO,EAAE;YACP,oCAAoC;YACpC,oCAAoC;YACpC,iCAAiC;YACjC,kCAAkC;SACnC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,0JAA0J;KAC7J;IACD;QACE,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,6DAA6D;QACvE,OAAO,EAAE;YACP,aAAa;YACb,WAAW;YACX,kBAAkB;YAClB,iBAAiB;SAClB;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,+HAA+H;KAClI;IAED,8CAA8C;IAC9C;QACE,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,gDAAgD;QAC1D,OAAO,EAAE;YACP,oEAAoE;YACpE,2BAA2B;YAC3B,kCAAkC;YAClC,mCAAmC;SACpC;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,mKAAmK;KACtK;IACD;QACE,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,6EAA6E;QACvF,OAAO,EAAE;YACP,qDAAqD;YACrD,yDAAyD;YACzD,sEAAsE;YACtE,gDAAgD;SACjD;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,8JAA8J;KACjK;IACD;QACE,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,gGAAgG;QAC1G,OAAO,EAAE;YACP,gBAAgB;YAChB,oBAAoB;YACpB,mBAAmB;YACnB,mBAAmB;SACpB;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,wJAAwJ;KAC3J;IACD;QACE,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,qEAAqE;QAC/E,OAAO,EAAE;YACP,2CAA2C;YAC3C,4EAA4E;YAC5E,mDAAmD;YACnD,2BAA2B;SAC5B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,iJAAiJ;KACpJ;IACD;QACE,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,4CAA4C;QACtD,OAAO,EAAE;YACP,8BAA8B;YAC9B,qCAAqC;YACrC,0BAA0B;YAC1B,0BAA0B;SAC3B;QACD,aAAa,EAAE,CAAC;QAChB,WAAW,EACT,4KAA4K;KAC/K;CACF,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -103,15 +103,60 @@ export interface Report {
|
|
|
103
103
|
medium: number;
|
|
104
104
|
low: number;
|
|
105
105
|
info: number;
|
|
106
|
+
vulnerabilities?: {
|
|
107
|
+
total: number;
|
|
108
|
+
critical: number;
|
|
109
|
+
high: number;
|
|
110
|
+
moderate: number;
|
|
111
|
+
low: number;
|
|
112
|
+
};
|
|
106
113
|
};
|
|
107
114
|
findings: Finding[];
|
|
108
115
|
scannedFiles: number;
|
|
109
116
|
scanDuration: number;
|
|
110
117
|
stack?: StackInfo;
|
|
118
|
+
vulnerabilities?: DependencyVulnerability[];
|
|
111
119
|
}
|
|
112
120
|
export interface ReportOptions {
|
|
113
121
|
format: 'json' | 'html' | 'markdown';
|
|
114
122
|
outputPath?: string;
|
|
123
|
+
vulnerabilities?: DependencyVulnerability[];
|
|
124
|
+
scanComparison?: ScanComparison | null;
|
|
125
|
+
}
|
|
126
|
+
export interface ScanComparison {
|
|
127
|
+
previousScan?: {
|
|
128
|
+
timestamp: string;
|
|
129
|
+
date: string;
|
|
130
|
+
complianceScore: number;
|
|
131
|
+
severity: {
|
|
132
|
+
critical: number;
|
|
133
|
+
high: number;
|
|
134
|
+
medium: number;
|
|
135
|
+
low: number;
|
|
136
|
+
};
|
|
137
|
+
failedRuleIds: string[];
|
|
138
|
+
totalFilesScanned: number;
|
|
139
|
+
};
|
|
140
|
+
scoreChange: number;
|
|
141
|
+
severityChanges: {
|
|
142
|
+
critical: number;
|
|
143
|
+
high: number;
|
|
144
|
+
medium: number;
|
|
145
|
+
low: number;
|
|
146
|
+
};
|
|
147
|
+
newIssues: string[];
|
|
148
|
+
resolvedIssues: string[];
|
|
149
|
+
}
|
|
150
|
+
export interface DependencyVulnerability {
|
|
151
|
+
name: string;
|
|
152
|
+
severity: 'critical' | 'high' | 'moderate' | 'low' | 'info';
|
|
153
|
+
via: string;
|
|
154
|
+
range: string;
|
|
155
|
+
fixAvailable: boolean | {
|
|
156
|
+
name: string;
|
|
157
|
+
version: string;
|
|
158
|
+
};
|
|
159
|
+
url?: string;
|
|
115
160
|
}
|
|
116
161
|
export interface AcknowledgedFinding {
|
|
117
162
|
pattern: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,MAAM,kBAAkB,GAC1B,cAAc,GACd,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,OAAO,GACf,wBAAwB,GACxB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,GACjB,UAAU,GACV,uBAAuB,GACvB,kBAAkB,GAClB,eAAe,GACf,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,CAAC;AAEzB,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEnD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE;QACf,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACnC,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IAC5D,SAAS,EAAE;QACT,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,UAAU,CAAC;CAC5B;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;CACjE;AAED,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,MAAM,kBAAkB,GAC1B,cAAc,GACd,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,OAAO,GACf,wBAAwB,GACxB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,GACjB,UAAU,GACV,uBAAuB,GACvB,kBAAkB,GAClB,eAAe,GACf,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,CAAC;AAEzB,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEnD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE;QACf,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACnC,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IAC5D,SAAS,EAAE;QACT,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,UAAU,CAAC;CAC5B;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;CACjE;AAED,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,CAAC,EAAE;YAChB,KAAK,EAAE,MAAM,CAAC;YACd,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,QAAQ,EAAE,MAAM,CAAC;YACjB,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,eAAe,CAAC,EAAE,uBAAuB,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,uBAAuB,EAAE,CAAC;IAC5C,cAAc,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,EAAE;YACR,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;QACF,aAAa,EAAE,MAAM,EAAE,CAAC;QACxB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,UAAU,GAAG,KAAK,GAAG,MAAM,CAAC;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,OAAO,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1D,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC7C,EAAE,CAAC,EAAE;QACH,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,SAAS,EAAE,CAAC;CACpB;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,KAAK,EAAE,YAAY,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,kBAAkB,GAC1B,gBAAgB,GAChB,UAAU,GACV,aAAa,GACb,UAAU,GACV,eAAe,CAAC;AAEpB,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,gBAAgB,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE;QACR,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC,CAAC;IAC7D,yBAAyB,CAAC,EAAE,OAAO,CAAC;CACrC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"npm-audit.d.ts","sourceRoot":"","sources":["../../src/utils/npm-audit.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AA0B3D,wBAAsB,WAAW,CAC/B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,eAAe,EAAE,uBAAuB,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAkGzE"}
|