verimu 0.0.17 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +15 -13
  2. package/dist/cli.mjs +1120 -95
  3. package/dist/cli.mjs.map +1 -1
  4. package/dist/index.cjs +1081 -83
  5. package/dist/index.cjs.map +1 -1
  6. package/dist/index.mjs +1075 -77
  7. package/dist/index.mjs.map +1 -1
  8. package/package.json +1 -1
package/README.md CHANGED
@@ -46,19 +46,21 @@ You can configure snippet context size with:
46
46
  - `--context-lines <n>` (default `4`, clamped to `0..20`)
47
47
  - Programmatic API: `numContextLines?: number` in `scan()` config
48
48
 
49
- ### Analyzer Matrix
50
-
51
- | Ecosystem in Verimu | Primary parser choice | Tree-sitter fallback | v1 evidence target |
52
- |---|---|---|---|
53
- | npm / yarn / pnpm | `@babel/parser` + `@babel/traverse` | `tree-sitter-javascript` + `tree-sitter-typescript` | imports/requires + nearby calls |
54
- | deno | `@babel/parser` (JS/TS/TSX + specifier handling) | same JS/TS tree-sitter fallback | import and call evidence |
55
- | pip / poetry / uv | Python stdlib `ast` (`python3`) | `tree-sitter-python` | import/from-import + call evidence |
56
- | maven | `java-parser` | `tree-sitter-java` | import + method invocation evidence |
57
- | nuget | Roslyn helper (`dotnet` + `Microsoft.CodeAnalysis.CSharp`) | `tree-sitter-c-sharp` | `using` + invocation evidence |
58
- | cargo | Rust helper using `syn` | `tree-sitter-rust` | `use` + function/method call evidence |
59
- | go | `go/parser` + `go/ast` | `tree-sitter-go` | import + selector/call evidence |
60
- | ruby | stdlib `Ripper` (`ruby`) | `tree-sitter-ruby` | require/include + call evidence |
61
- | composer (PHP) | `php-parser` | `tree-sitter-php` | `use`/`require` + call evidence |
49
+ ### Analyzer Matrix (v0.0.19)
50
+
51
+ | Ecosystem in Verimu | Analyzer strategy | Evidence targets |
52
+ |---|---|---|
53
+ | npm / yarn / pnpm | Babel parse + traverse | imports/requires/exports + nearby calls |
54
+ | deno | Babel parse + traverse | imports + nearby calls |
55
+ | pip / poetry / uv | Python source pattern analyzer | `import` / `from ... import ...` + calls |
56
+ | maven | Java source pattern analyzer | `import` + method/static calls |
57
+ | nuget | C# source pattern analyzer | `using` + namespace/type calls |
58
+ | cargo | Rust source pattern analyzer | `use` / `extern crate` + `::`/method calls |
59
+ | go | Go source pattern analyzer | `import` + selector/function calls |
60
+ | ruby | Ruby source pattern analyzer | `require` / `include` + constant/module calls |
61
+ | composer (PHP) | PHP source pattern analyzer | `use` / `require` + static/constructor calls |
62
+
63
+ All analyzers are fail-open (non-fatal): a parser/runtime issue only downgrades usage-context status for that ecosystem/package and never aborts SBOM/CVE scanning.
62
64
 
63
65
  ## Development
64
66