import type { Warning } from "@nodesecure/js-x-ray";
import type { StandardVulnerability, Kind } from "@nodesecure/vulnera";
import type { PackageModuleType } from "@nodesecure/mama";
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
import type { IlluminatedContact, ContactWithMetadata } from "@nodesecure/contact";
import type { Contact, Dist } from "@nodesecure/npm-types";
import type { Path } from "@nodesecure/tarball";
export type Maintainer = ContactWithMetadata & {
    /**
     * Path to publisher's avatar on "https://www.npmjs.com"
     * @example /npm-avatar/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.LwimMJA3puF3ioGeS-tfczR3370GXBZMIL-bdpu4hOU
     */
    npmAvatar?: string;
};
export type Publisher = Omit<Maintainer, "url"> & {
    /**
     * First version published.
     */
    version: string;
    /**
     * Date of the first publication
     * @example 2021-08-10T20:45:08.342Z
     */
    at: string;
};
export interface DependencyLinks {
    /** NPM Registry page */
    npm: string;
    /** Homepage URL */
    homepage?: string;
    /** VCS repository URL */
    repository?: string;
}
export interface Engines {
    node?: string;
    npm?: string;
}
export interface Repository {
    type: string;
    url: string;
}
export interface DependencyVersion {
    /** Id of the package (useful for usedBy relation) */
    id: number;
    type: PackageModuleType;
    isDevDependency: boolean;
    /**
     * Tell if the given package exist on the configured remote registry (npm by default)
     * @default true
     */
    existOnRemoteRegistry: boolean;
    /** By whom (id) is used the package */
    usedBy: Record<string, string>;
    /** Size on disk of the extracted tarball (in bytes) */
    size: number;
    /** Count of dependencies */
    dependencyCount: number;
    /** Package description */
    description: string;
    /** Author of the package. This information is not trustable and can be empty. */
    author: Maintainer | null;
    engines: Engines;
    repository?: Repository | string;
    scripts: Record<string, string>;
    /**
     * JS-X-Ray warnings
     *
     * @see https://github.com/NodeSecure/js-x-ray/blob/master/WARNINGS.md
     */
    warnings: Warning[];
    alias: Record<string, string>;
    /** Tarball composition (files and dependencies) */
    composition: {
        /** Files extensions (.js, .md, .exe etc..) */
        extensions: string[];
        files: string[];
        /** Minified files (foo.min.js etc..) */
        minified: string[];
        required_files: string[];
        required_thirdparty: string[];
        required_nodejs: string[];
        required_subpath: string[];
        unused: string[];
        missing: string[];
    };
    /**
     * All Licenses with their SPDX conformance
     */
    licenses: SpdxFileLicenseConformance[];
    uniqueLicenseIds: string[];
    /**
     * Flags (Array of string)
     *
     * @see https://github.com/NodeSecure/flags/blob/main/FLAGS.md
     */
    flags: string[];
    /**
     * If the dependency is a GIT repository
     */
    gitUrl: null | string;
    /**
     * Version MD5 integrity hash
     * Generated by the scanner to verify manifest/tarball confusion
     *
     * (Not supported on GIT dependency)
     */
    integrity?: string;
    links?: DependencyLinks;
    deprecated?: string;
    attestations?: Dist["attestations"];
}
export interface Dependency {
    /** NPM Registry metadata */
    metadata: {
        /** Number of releases published on npm */
        publishedCount: number;
        lastUpdateAt: Date;
        /** Last version SemVer */
        lastVersion: string;
        hasChangedAuthor: boolean;
        hasManyPublishers: boolean;
        hasReceivedUpdateInOneYear: boolean;
        /** Author of the package. This information is not trustable and can be empty. */
        author: Maintainer | null;
        /** Package home page */
        homepage: string | null;
        /**
         * List of maintainers (list of people in the organization related to the package)
         */
        maintainers: Maintainer[];
        /**
         * List of people who published this package
         */
        publishers: Publisher[];
        /**
         * Version MD5 integrity hash
         * Generated by the scanner to verify manifest/tarball confusion
         */
        integrity: Record<string, string>;
    };
    /** List of versions of this package available in the dependency tree (In the payload) */
    versions: Record<string, DependencyVersion>;
    /**
     * Vulnerabilities fetched dependending on the selected vulnerabilityStrategy
     *
     * @see https://github.com/NodeSecure/vuln
     */
    vulnerabilities: StandardVulnerability[];
}
export type Dependencies = Record<string, Dependency>;
export type DependencyConfusionWarning = {
    type: "dependency-confusion";
    message: string;
    metadata: {
        name: string;
    };
};
export type GlobalWarning = {
    message: string;
} & ({
    type: "dangerous-dependency" | "integrity-mismatch" | "empty-package";
    metadata?: Record<string, unknown>;
} | {
    type: "typo-squatting";
    metadata: {
        name: string;
        similar: string[];
    };
} | DependencyConfusionWarning);
export type ApiStats = {
    /**
      * UNIX Timestamp just before the api call start
    */
    startedAt: number;
    /**
      * Execution time in milliseconds
    */
    executionTime: number;
    /**
      * Name of the api call
    */
    name: string;
    /**
      * Tarball specific stats
    */
    tarball?: {
        path: Path;
        filesCount: number;
    };
};
export type Error = {
    name: string;
    message?: string;
    stack?: string;
    /**
      * HTTP Status code
    */
    statusCode?: number;
};
export type Stats = {
    /**
      * UNIX Timestamp when the scan started
    */
    startedAt: number;
    /**
      * Execution time in milliseconds
    */
    executionTime: number;
    /**
      * Number of external API calls
    */
    apiCallsCount: number;
    apiCalls: ApiStats[];
    /**
      * Number of errors
    */
    errorCount: number;
    errors: Error[];
};
export type Identifier = {
    value: string;
    spec?: string;
    location: {
        file: string | null;
        lines: [[number, number], [number, number]][];
    };
};
export interface Payload {
    /** Payload unique id */
    id: string;
    /** Name of the analyzed package */
    rootDependency: {
        name: string;
        version: string;
        /** The integrity of the scanned package */
        integrity: string | null;
    };
    /** Global warnings list */
    warnings: GlobalWarning[];
    highlighted: {
        contacts: IlluminatedContact[];
        packages: string[];
        identifiers: Identifier[];
    };
    /** All the dependencies of the package (flattened) */
    dependencies: Dependencies;
    /** Version of the scanner used to generate the result */
    scannerVersion: string;
    /** Vulnerability strategy name (npm, snyk, node) */
    vulnerabilityStrategy: Kind;
    metadata: Stats;
}
export type SemverRange = string | "*";
export type HighlightPackages = string[] | Record<string, string[] | SemverRange>;
export interface Options {
    /**
     * Maximum tree depth
     *
     * @default Infinity
     */
    readonly maxDepth?: number;
    /**
     * Maximum concurrency to fetch and scan NPM tarballs
     * @default 8
     */
    readonly maxConcurrency?: number;
    readonly registry?: string | URL;
    /**
     * Enables the use of Arborist for rapidly walking over the dependency tree.
     * When enabled, it triggers different methods based on the presence of `node_modules`:
     * - `loadActual()` if `node_modules` is available.
     * - `loadVirtual()` otherwise.
     *
     * When disabled, it will iterate on all dependencies by using pacote
     */
    packageLock?: {
        /**
         * Fetches all manifests for additional metadata.
         *
         * @default false
         */
        fetchManifest?: boolean;
        /**
         * Specifies the location of the manifest file for Arborist.
         * This is typically the path to the `package.json` file.
         */
        location: string;
    };
    highlight?: {
        contacts?: Contact[];
        packages?: HighlightPackages;
        identifiers?: string[];
    };
    /**
     * Include project devDependencies (only available for cwd command)
     *
     * @default false
     */
    readonly includeDevDeps?: boolean;
    /**
     * Vulnerability strategy name (npm, snyk, node)
     *
     * @default NONE
     */
    readonly vulnerabilityStrategy?: Kind;
    /**
     * Analyze root package.
     *
     * @default false for from() API
     * @default true  for cwd()  API
     */
    readonly scanRootNode?: boolean;
    /**
     * Enable verbose mode
     *
     * @default false
     */
    isVerbose?: boolean;
    /**
     * Enable worker threads for parallel tarball scanning.
     * - `true` uses the default worker count (4)
     * - `number` sets an explicit worker count
     *
     * @default false
     */
    readonly workers?: boolean | number;
}
export interface TokenStore {
    /**
     * Get the token for the given registry
     */
    get(registry: string): string | undefined;
}
//# sourceMappingURL=types.d.ts.map