{"version":3,"sources":["../lib/colors.ts","../lib/npm-auditor.ts","../lib/common.ts","../lib/config.ts","../lib/nsp-record.ts","../lib/allowlist.ts","../lib/map-vulnerability.ts","../lib/model.ts","../lib/pnpm-auditor.ts","../lib/yarn-auditor.ts","../lib/yarn-version.ts","../lib/audit.ts","../lib/audit-ci.ts","../lib/bin.ts"],"sourcesContent":["export const blue = \"\\u001B[36m%s\\u001B[0m\";\nexport const green = \"\\u001B[32m%s\\u001B[0m\";\nexport const red = \"\\u001B[31m%s\\u001B[0m\";\nexport const yellow = \"\\u001B[33m%s\\u001B[0m\";\n","import type {\n GitHubAdvisoryId,\n NPMAuditReportV1,\n NPMAuditReportV2,\n} from \"audit-types\";\nimport { blue } from \"./colors.js\";\nimport { reportAudit, ReportConfig, runProgram } from \"./common.js\";\nimport {\n AuditCiConfig,\n AuditCiFullConfig,\n mapAuditCiConfigToAuditCiFullConfig,\n} from \"./config.js\";\nimport Model, { Summary } from \"./model.js\";\n\nasync function runNpmAudit(\n config: AuditCiFullConfig,\n): Promise {\n const {\n directory,\n registry,\n _npm,\n \"skip-dev\": skipDevelopmentDependencies,\n \"extra-args\": extraArguments,\n } = config;\n const npmExec = _npm || \"npm\";\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n let stdoutBuffer: any = {};\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n function outListener(data: any) {\n stdoutBuffer = { ...stdoutBuffer, ...data };\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const stderrBuffer: any[] = [];\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n function errorListener(line: any) {\n stderrBuffer.push(line);\n }\n\n const arguments_ = [\"audit\", \"--json\"];\n if (registry) {\n arguments_.push(\"--registry\", registry);\n }\n if (skipDevelopmentDependencies) {\n arguments_.push(\"--production\");\n }\n if (extraArguments) {\n arguments_.push(...extraArguments);\n }\n const options = { cwd: directory };\n await runProgram(npmExec, arguments_, options, outListener, errorListener);\n if (stderrBuffer.length > 0) {\n throw new Error(\n `Invocation of npm audit failed:\\n${stderrBuffer.join(\"\\n\")}`,\n );\n }\n return stdoutBuffer;\n}\nexport function isV2Audit(\n parsedOutput: NPMAuditReportV1.Audit | NPMAuditReportV2.Audit,\n): parsedOutput is NPMAuditReportV2.Audit {\n return (\n \"auditReportVersion\" in parsedOutput &&\n parsedOutput.auditReportVersion === 2\n );\n}\n\nfunction printReport(\n parsedOutput: NPMAuditReportV1.Audit | NPMAuditReportV2.Audit,\n levels: AuditCiFullConfig[\"levels\"],\n reportType: \"full\" | \"important\" | \"summary\",\n outputFormat: \"text\" | \"json\",\n) {\n const printReportObject = (text: string, object: unknown) => {\n if (outputFormat === \"text\") {\n console.log(blue, text);\n }\n console.log(JSON.stringify(object, undefined, 2));\n };\n switch (reportType) {\n case \"full\": {\n printReportObject(\"NPM audit report JSON:\", parsedOutput);\n break;\n }\n case \"important\": {\n const relevantAdvisories = (() => {\n if (isV2Audit(parsedOutput)) {\n const advisories = parsedOutput.vulnerabilities;\n const relevantAdvisoryLevels = Object.keys(advisories).filter(\n (advisory) => {\n const severity = advisories[advisory].severity;\n return severity !== \"info\" && levels[severity];\n },\n );\n\n const relevantAdvisories: Record =\n {};\n for (const advisory of relevantAdvisoryLevels) {\n relevantAdvisories[advisory] = advisories[advisory];\n }\n return relevantAdvisories;\n } else {\n const advisories = parsedOutput.advisories;\n const advisoryKeys = Object.keys(advisories) as GitHubAdvisoryId[];\n const relevantAdvisoryLevels = advisoryKeys.filter((advisory) => {\n const severity = advisories[advisory].severity;\n return severity !== \"info\" && levels[severity];\n });\n\n const relevantAdvisories: Record<\n GitHubAdvisoryId,\n NPMAuditReportV1.Advisory\n > = {};\n for (const advisory of relevantAdvisoryLevels) {\n relevantAdvisories[advisory] = advisories[advisory];\n }\n return relevantAdvisories;\n }\n })();\n\n const keyFindings = {\n advisories: relevantAdvisories,\n metadata: parsedOutput.metadata,\n };\n printReportObject(\"NPM audit report results:\", keyFindings);\n break;\n }\n case \"summary\": {\n printReportObject(\"NPM audit report summary:\", parsedOutput.metadata);\n break;\n }\n default: {\n throw new Error(\n `Invalid report type: ${reportType}. Should be \\`['important', 'full', 'summary']\\`.`,\n );\n }\n }\n}\n\nexport function report(\n parsedOutput: NPMAuditReportV1.Audit | NPMAuditReportV2.Audit,\n config: AuditCiFullConfig,\n reporter: (\n summary: Summary,\n config: ReportConfig,\n audit: NPMAuditReportV1.Audit | NPMAuditReportV2.Audit,\n ) => Summary,\n) {\n const {\n levels,\n \"report-type\": reportType,\n \"output-format\": outputFormat,\n } = config;\n printReport(parsedOutput, levels, reportType, outputFormat);\n const model = new Model(config);\n const summary = model.load(parsedOutput);\n return reporter(summary, config, parsedOutput);\n}\n\n/**\n * Audit your NPM project!\n *\n * @returns Returns the audit report summary on resolve, `Error` on rejection.\n */\nexport async function auditWithFullConfig(\n config: AuditCiFullConfig,\n reporter = reportAudit,\n) {\n const parsedOutput = await runNpmAudit(config);\n if (\"error\" in parsedOutput) {\n const { code, summary } = parsedOutput.error;\n throw new Error(`code ${code}: ${summary}`);\n } else if (\"message\" in parsedOutput) {\n throw new Error(parsedOutput.message);\n }\n return report(parsedOutput, config, reporter);\n}\n\n/**\n * Audit your NPM project!\n *\n * @returns Returns the audit report summary on resolve, `Error` on rejection.\n */\nexport async function audit(config: AuditCiConfig, reporter = reportAudit) {\n const fullConfig = mapAuditCiConfigToAuditCiFullConfig(config);\n return await auditWithFullConfig(fullConfig, reporter);\n}\n","import { GitHubAdvisoryId } from \"audit-types\";\nimport { SpawnOptionsWithoutStdio } from \"child_process\";\nimport { spawn } from \"cross-spawn\";\nimport escapeStringRegexp from \"escape-string-regexp\";\nimport eventStream from \"event-stream\";\nimport * as JSONStream from \"jsonstream-next\";\nimport ReadlineTransform from \"readline-transform\";\nimport Allowlist from \"./allowlist.js\";\nimport { blue, yellow } from \"./colors.js\";\nimport { AuditCiConfig } from \"./config.js\";\nimport { Summary } from \"./model.js\";\n\nexport function partition(a: T[], fun: (parameter: T) => boolean) {\n const returnValue: { truthy: T[]; falsy: T[] } = { truthy: [], falsy: [] };\n for (const item of a) {\n if (fun(item)) {\n returnValue.truthy.push(item);\n } else {\n returnValue.falsy.push(item);\n }\n }\n return returnValue;\n}\n\nexport type ReportConfig = Pick<\n AuditCiConfig,\n \"show-found\" | \"show-not-found\" | \"output-format\"\n> & { allowlist: Allowlist };\n\nexport function reportAudit(summary: Summary, config: ReportConfig) {\n const {\n allowlist,\n \"show-not-found\": showNotFound,\n \"show-found\": showFound,\n \"output-format\": outputFormat,\n } = config;\n const {\n allowlistedModulesFound,\n allowlistedAdvisoriesFound,\n allowlistedModulesNotFound,\n allowlistedAdvisoriesNotFound,\n allowlistedPathsNotFound,\n failedLevelsFound,\n advisoriesFound,\n advisoryPathsFound,\n } = summary;\n\n if (outputFormat === \"text\") {\n if (allowlist.modules.length > 0) {\n console.log(\n blue,\n `Modules to allowlist: ${allowlist.modules.join(\", \")}.`,\n );\n }\n\n if (showFound) {\n if (allowlistedModulesFound.length > 0) {\n const found = allowlistedModulesFound.join(\", \");\n console.warn(yellow, `Found vulnerable allowlisted modules: ${found}.`);\n }\n if (allowlistedAdvisoriesFound.length > 0) {\n const found = allowlistedAdvisoriesFound.join(\", \");\n console.warn(\n yellow,\n `Found vulnerable allowlisted advisories: ${found}.`,\n );\n }\n }\n if (showNotFound) {\n if (allowlistedModulesNotFound.length > 0) {\n const found = allowlistedModulesNotFound\n .sort((a, b) => a.localeCompare(b))\n .join(\", \");\n const allowlistMessage =\n allowlistedModulesNotFound.length === 1\n ? `Consider not allowlisting module: ${found}.`\n : `Consider not allowlisting modules: ${found}.`;\n console.warn(yellow, allowlistMessage);\n }\n if (allowlistedAdvisoriesNotFound.length > 0) {\n const found = allowlistedAdvisoriesNotFound\n .sort((a, b) => a.localeCompare(b))\n .join(\", \");\n const allowlistMessage =\n allowlistedAdvisoriesNotFound.length === 1\n ? `Consider not allowlisting advisory: ${found}.`\n : `Consider not allowlisting advisories: ${found}.`;\n console.warn(yellow, allowlistMessage);\n }\n if (allowlistedPathsNotFound.length > 0) {\n const found = allowlistedPathsNotFound\n .sort((a, b) => a.localeCompare(b))\n .join(\", \");\n const allowlistMessage =\n allowlistedPathsNotFound.length === 1\n ? `Consider not allowlisting path: ${found}.`\n : `Consider not allowlisting paths: ${found}.`;\n console.warn(yellow, allowlistMessage);\n }\n }\n\n if (advisoryPathsFound.length > 0) {\n const found = advisoryPathsFound.join(\"\\n\");\n console.warn(yellow, `Found vulnerable advisory paths:`);\n console.log(found);\n }\n }\n\n if (failedLevelsFound.length > 0) {\n // Get the levels that have failed by filtering the keys with true values\n throw new Error(\n `Failed security audit due to ${failedLevelsFound.join(\n \", \",\n )} vulnerabilities.\\nVulnerable advisories are:\\n${advisoriesFound\n .map((element) => gitHubAdvisoryIdToUrl(element))\n .join(\"\\n\")}`,\n );\n }\n return summary;\n}\n\nfunction hasMessage(value: unknown): value is { message: unknown } {\n return typeof value === \"object\" && value != undefined && \"message\" in value;\n}\n\nfunction hasStatusCode(\n value: unknown,\n): value is { statusCode: unknown; message: unknown } {\n return (\n typeof value === \"object\" && value != undefined && \"statusCode\" in value\n );\n}\n\nexport function runProgram(\n command: string,\n arguments_: readonly string[],\n options: SpawnOptionsWithoutStdio,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n stdoutListener: (data: any) => void,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n stderrListener: (data: any) => void,\n) {\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n const transform = new ReadlineTransform({ skipEmpty: true });\n const proc = spawn(command, arguments_, options);\n let recentMessage: string;\n let errorMessage: string;\n proc.stdout.setEncoding(\"utf8\");\n proc.stdout\n .pipe(\n transform.on(\"error\", (error: unknown) => {\n throw error;\n }),\n )\n .pipe(\n eventStream.mapSync((data: string) => {\n recentMessage = data;\n return data;\n }),\n )\n .pipe(\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-expect-error -- JSONStream.parse() accepts (pattern: any) when it should accept (pattern?: any)\n JSONStream.parse().on(\"error\", () => {\n errorMessage = recentMessage;\n throw new Error(errorMessage);\n }),\n )\n .pipe(\n eventStream.mapSync((data: unknown) => {\n if (!data) return;\n try {\n // due to response without error\n if (\n hasMessage(data) &&\n typeof data.message === \"string\" &&\n data.message.includes(\"ENOTFOUND\")\n ) {\n stderrListener(data.message);\n return;\n }\n // TODO: There are no tests that cover this case, not sure when this happens.\n if (hasStatusCode(data) && data.statusCode === 404) {\n stderrListener(data.message);\n return;\n }\n\n stdoutListener(data);\n } catch (error) {\n stderrListener(error);\n }\n }),\n );\n return new Promise((resolve, reject) => {\n proc.on(\"close\", () => {\n if (errorMessage) {\n return reject(new Error(errorMessage));\n }\n return resolve();\n });\n proc.on(\"error\", (error) =>\n reject(errorMessage ? new Error(errorMessage) : error),\n );\n });\n}\n\nfunction wildcardToRegex(stringWithWildcard: string) {\n const regexString = stringWithWildcard\n .split(/\\*+/) // split at every wildcard (*) character\n .map((s) => escapeStringRegexp(s)) // escape the substrings to make sure that they aren't evaluated\n .join(\".*\"); // construct a regex matching anything at each wildcard location\n return new RegExp(`^${regexString}$`);\n}\n\nexport function matchString(template: string, string_: string) {\n return template.includes(\"*\")\n ? wildcardToRegex(template).test(string_)\n : template === string_;\n}\n\nexport function isGitHubAdvisoryId(id: unknown): id is GitHubAdvisoryId {\n return typeof id === \"string\" && id.startsWith(\"GHSA\");\n}\n\nexport function gitHubAdvisoryUrlToAdvisoryId(url: string): GitHubAdvisoryId {\n return url.split(\"/\")[4] as GitHubAdvisoryId;\n}\n\nexport function gitHubAdvisoryIdToUrl(\n id: T,\n): `https://github.com/advisories/${T}` {\n return `https://github.com/advisories/${id}`;\n}\n\nexport function deduplicate(array: readonly string[]) {\n return [...new Set(array)];\n}\n","import { existsSync, readFileSync } from \"fs\";\nimport jju from \"jju\";\n// eslint-disable-next-line unicorn/import-style\nimport * as path from \"path\";\nimport { hideBin } from \"yargs/helpers\";\nimport yargs from \"yargs\";\nimport Allowlist, { type AllowlistRecord } from \"./allowlist.js\";\nimport {\n mapVulnerabilityLevelInput,\n type VulnerabilityLevels,\n} from \"./map-vulnerability.js\";\n\nfunction mapReportTypeInput(\n config: Pick,\n) {\n const { \"report-type\": reportType } = config;\n switch (reportType) {\n case \"full\":\n case \"important\":\n case \"summary\": {\n return reportType;\n }\n default: {\n throw new Error(\n `Invalid report type: ${reportType}. Should be \\`['important', 'full', 'summary']\\`.`,\n );\n }\n }\n}\n\nfunction mapExtraArgumentsInput(\n config: Pick,\n) {\n // These args will often be flags for another command, so we\n // want to have some way of escaping args that start with a -.\n // We'll look for and remove a single backslash at the start, if present.\n return config[\"extra-args\"].map((a) => a.replace(/^\\\\/, \"\"));\n}\n\n/**\n * The output of `Yargs`'s `parse` function.\n * This is the type of the `argv` object.\n */\ntype AuditCiPreprocessedConfig = {\n /** Exit for low or above vulnerabilities */\n l: boolean;\n /** Exit for moderate or above vulnerabilities */\n m: boolean;\n /** Exit for high or above vulnerabilities */\n h: boolean;\n /** Exit for critical or above vulnerabilities */\n c: boolean;\n /** Exit for low or above vulnerabilities */\n low: boolean;\n /** Exit for moderate or above vulnerabilities */\n moderate: boolean;\n /** Exit for high or above vulnerabilities */\n high: boolean;\n /** Exit for critical vulnerabilities */\n critical: boolean;\n /** Package manager */\n p: \"auto\" | \"npm\" | \"yarn\" | \"pnpm\";\n /** Show a full audit report */\n r: boolean;\n /** Show a full audit report */\n report: boolean;\n /** Show a summary audit report */\n s: boolean;\n /** Show a summary audit report */\n summary: boolean;\n /** Package manager */\n \"package-manager\": \"auto\" | \"npm\" | \"yarn\" | \"pnpm\";\n a: string[];\n allowlist: AllowlistRecord[];\n /** The directory containing the package.json to audit */\n d: string;\n /** The directory containing the package.json to audit */\n directory: string;\n /** show allowlisted advisories that are not found. */\n \"show-not-found\": boolean;\n /** Show allowlisted advisories that are found */\n \"show-found\": boolean;\n /** the registry to resolve packages by name and version */\n registry?: string;\n /** The format of the output of audit-ci */\n o: \"text\" | \"json\";\n /** The format of the output of audit-ci */\n \"output-format\": \"text\" | \"json\";\n /** how the audit report is displayed. */\n \"report-type\": \"full\" | \"important\" | \"summary\";\n /** The number of attempts audit-ci calls an unavailable registry before failing */\n \"retry-count\": number;\n /** Pass if no audit is performed due to the registry returning ENOAUDIT */\n \"pass-enoaudit\": boolean;\n /** skip devDependencies */\n \"skip-dev\": boolean;\n /** extra positional args for underlying audit command */\n \"extra-args\": string[];\n};\n\n// Rather than exporting a weird union type, we resolve the type to a simple object.\ntype ComplexConfig = Omit<\n AuditCiPreprocessedConfig,\n // Remove single-letter options from the base config to avoid confusion.\n | \"allowlist\"\n | \"a\"\n | \"p\"\n | \"o\"\n | \"d\"\n | \"s\"\n | \"r\"\n | \"l\"\n | \"m\"\n | \"h\"\n | \"c\"\n | \"low\"\n | \"moderate\"\n | \"high\"\n | \"critical\"\n> & {\n /** Package manager */\n \"package-manager\": \"npm\" | \"yarn\" | \"pnpm\";\n /** An object containing a list of modules, advisories, and module paths that should not break the build if their vulnerability is found. */\n allowlist: Allowlist;\n /** The vulnerability levels to fail on, if `moderate` is set `true`, `high` and `critical` should be as well. */\n levels: { [K in keyof VulnerabilityLevels]: VulnerabilityLevels[K] };\n /**\n * A path to npm, uses npm from `$PATH` if not specified\n * @internal\n */\n _npm?: string;\n /**\n * A path to pnpm, uses pnpm from `$PATH` if not specified\n * @internal\n */\n _pnpm?: string;\n /**\n * A path to yarn, uses yarn from `$PATH` if not specified\n * @internal\n */\n _yarn?: string;\n};\n\nexport type AuditCiFullConfig = {\n [K in keyof ComplexConfig]: ComplexConfig[K];\n};\n\ntype AuditCiConfigComplex = Omit<\n Partial,\n \"levels\" | \"allowlist\"\n> & {\n allowlist?: AllowlistRecord[];\n low?: boolean;\n moderate?: boolean;\n high?: boolean;\n critical?: boolean;\n};\n\nexport type AuditCiConfig = {\n [K in keyof AuditCiConfigComplex]: AuditCiConfigComplex[K];\n};\n\n/**\n * @param pmArgument the package manager (including the `auto` option)\n * @param directory the directory where the package manager files exist\n * @returns the non-`auto` package manager\n */\nfunction resolvePackageManagerType(\n pmArgument: \"auto\" | \"npm\" | \"yarn\" | \"pnpm\",\n directory: string,\n): \"npm\" | \"yarn\" | \"pnpm\" {\n switch (pmArgument) {\n case \"npm\":\n case \"pnpm\":\n case \"yarn\": {\n return pmArgument;\n }\n case \"auto\": {\n const getPath = (file: string) => path.resolve(directory, file);\n // TODO: Consider prioritizing `package.json#packageManager` for determining the package manager.\n const packageLockExists = existsSync(getPath(\"package-lock.json\"));\n if (packageLockExists) return \"npm\";\n const shrinkwrapExists = existsSync(getPath(\"npm-shrinkwrap.json\"));\n if (shrinkwrapExists) return \"npm\";\n const yarnLockExists = existsSync(getPath(\"yarn.lock\"));\n if (yarnLockExists) return \"yarn\";\n const pnpmLockExists = existsSync(getPath(\"pnpm-lock.yaml\"));\n if (pnpmLockExists) return \"pnpm\";\n throw new Error(\n \"Cannot establish package-manager type, missing package-lock.json, yarn.lock, and pnpm-lock.yaml.\",\n );\n }\n default: {\n throw new Error(`Unexpected package manager argument: ${pmArgument}`);\n }\n }\n}\n\nconst defaults = {\n low: false,\n moderate: false,\n high: false,\n critical: false,\n \"skip-dev\": false,\n \"pass-enoaudit\": false,\n \"retry-count\": 5,\n \"report-type\": \"important\" as const,\n report: false,\n directory: \"./\",\n \"package-manager\": \"auto\" as const,\n \"show-not-found\": true,\n \"show-found\": true,\n registry: undefined,\n summary: false,\n allowlist: [] as AllowlistRecord[],\n \"output-format\": \"text\" as const,\n \"extra-args\": [] as string[],\n};\n\nfunction mapArgvToAuditCiConfig(argv: AuditCiPreprocessedConfig) {\n const allowlist = Allowlist.mapConfigToAllowlist(argv);\n\n const {\n low,\n moderate,\n high,\n critical,\n \"package-manager\": packageManager,\n directory,\n } = argv;\n\n const resolvedPackageManager = resolvePackageManagerType(\n packageManager,\n directory,\n );\n\n const result: AuditCiFullConfig = {\n ...argv,\n \"package-manager\": resolvedPackageManager,\n levels: mapVulnerabilityLevelInput({\n low,\n moderate,\n high,\n critical,\n }),\n \"report-type\": mapReportTypeInput(argv),\n allowlist: allowlist,\n \"extra-args\": mapExtraArgumentsInput(argv),\n };\n return result;\n}\n\nexport function mapAuditCiConfigToAuditCiFullConfig(\n config: AuditCiConfig,\n): AuditCiFullConfig {\n const packageManager =\n config[\"package-manager\"] ?? defaults[\"package-manager\"];\n const directory = config.directory ?? defaults.directory;\n\n const resolvedPackageManager = resolvePackageManagerType(\n packageManager,\n directory,\n );\n\n const allowlist = Allowlist.mapConfigToAllowlist({\n allowlist: config.allowlist ?? defaults.allowlist,\n });\n\n const levels = mapVulnerabilityLevelInput({\n low: config.low ?? defaults.low,\n moderate: config.moderate ?? defaults.moderate,\n high: config.high ?? defaults.high,\n critical: config.critical ?? defaults.critical,\n });\n\n const fullConfig: AuditCiFullConfig = {\n \"skip-dev\": config[\"skip-dev\"] ?? defaults[\"skip-dev\"],\n \"pass-enoaudit\": config[\"pass-enoaudit\"] ?? defaults[\"pass-enoaudit\"],\n \"retry-count\": config[\"retry-count\"] ?? defaults[\"retry-count\"],\n \"report-type\": config[\"report-type\"] ?? defaults[\"report-type\"],\n \"package-manager\": resolvedPackageManager,\n directory,\n report: config.report ?? defaults.report,\n registry: config.registry ?? defaults.registry,\n \"show-not-found\": config[\"show-not-found\"] ?? defaults[\"show-not-found\"],\n \"show-found\": config[\"show-found\"] ?? defaults[\"show-found\"],\n summary: config.summary ?? defaults.summary,\n \"output-format\": config[\"output-format\"] ?? defaults[\"output-format\"],\n allowlist,\n levels,\n \"extra-args\": config[\"extra-args\"] ?? defaults[\"extra-args\"],\n };\n return fullConfig;\n}\n\nexport async function runYargs(): Promise {\n const { argv } = yargs(hideBin(process.argv))\n .config(\"config\", (configPath) =>\n // Supports JSON, JSONC, & JSON5\n jju.parse(readFileSync(configPath, \"utf8\"), {\n // When passing an allowlist using NSRecord syntax, yargs will throw an error\n // \"Invalid JSON config file\". We need to add this flag to prevent that.\n null_prototype: false,\n }),\n )\n .options({\n l: {\n alias: \"low\",\n default: defaults.low,\n describe: \"Exit for low vulnerabilities or higher\",\n type: \"boolean\",\n },\n m: {\n alias: \"moderate\",\n default: defaults.moderate,\n describe: \"Exit for moderate vulnerabilities or higher\",\n type: \"boolean\",\n },\n h: {\n alias: \"high\",\n default: defaults.high,\n describe: \"Exit for high vulnerabilities or higher\",\n type: \"boolean\",\n },\n c: {\n alias: \"critical\",\n default: defaults.critical,\n describe: \"Exit for critical vulnerabilities\",\n type: \"boolean\",\n },\n p: {\n alias: \"package-manager\",\n default: defaults[\"package-manager\"],\n describe: \"Choose a package manager\",\n choices: [\"auto\", \"npm\", \"yarn\", \"pnpm\"],\n },\n r: {\n alias: \"report\",\n default: defaults.report,\n describe: \"Show a full audit report\",\n type: \"boolean\",\n },\n s: {\n alias: \"summary\",\n default: defaults.summary,\n describe: \"Show a summary audit report\",\n type: \"boolean\",\n },\n a: {\n alias: \"allowlist\",\n default: [],\n describe:\n \"Allowlist module names (example), advisories (123), and module paths (123|example1>example2)\",\n type: \"array\",\n },\n d: {\n alias: \"directory\",\n default: \"./\",\n describe: \"The directory containing the package.json to audit\",\n type: \"string\",\n },\n o: {\n alias: \"output-format\",\n default: \"text\",\n describe: \"The format of the output of audit-ci\",\n choices: [\"text\", \"json\"],\n },\n \"show-found\": {\n default: defaults[\"show-found\"],\n describe: \"Show allowlisted advisories that are found\",\n type: \"boolean\",\n },\n \"show-not-found\": {\n default: defaults[\"show-not-found\"],\n describe: \"Show allowlisted advisories that are not found\",\n type: \"boolean\",\n },\n registry: {\n default: defaults.registry,\n describe: \"The registry to resolve packages by name and version\",\n type: \"string\",\n },\n \"report-type\": {\n default: defaults[\"report-type\"],\n describe: \"Format for the audit report results\",\n type: \"string\",\n choices: [\"important\", \"summary\", \"full\"],\n },\n \"retry-count\": {\n default: defaults[\"retry-count\"],\n describe:\n \"The number of attempts audit-ci calls an unavailable registry before failing\",\n type: \"number\",\n },\n \"pass-enoaudit\": {\n default: defaults[\"pass-enoaudit\"],\n describe:\n \"Pass if no audit is performed due to the registry returning ENOAUDIT\",\n type: \"boolean\",\n },\n \"skip-dev\": {\n default: defaults[\"skip-dev\"],\n describe: \"Skip devDependencies\",\n type: \"boolean\",\n },\n \"extra-args\": {\n default: [],\n describe: \"Pass additional arguments to the underlying audit command\",\n type: \"array\",\n },\n })\n .help(\"help\");\n\n // yargs doesn't support aliases + TypeScript\n const awaitedArgv = (await argv) as unknown as AuditCiPreprocessedConfig;\n const auditCiConfig = mapArgvToAuditCiConfig(awaitedArgv);\n return auditCiConfig;\n}\n","import type { GitHubAdvisoryId } from \"audit-types\";\n\nexport interface NSPContent {\n readonly active?: boolean;\n readonly notes?: string;\n readonly expiry?: string | number;\n}\n\nexport type NSPRecord = Record;\nexport type GitHubNSPRecord = Record;\n\n/**\n * Retrieves the allowlist id from the NSPRecord.\n *\n * @param nspRecord NSPRecord object.\n * @returns The advisory id.\n */\nexport function getAllowlistId(nspRecord: NSPRecord | GitHubNSPRecord): string {\n return Object.keys(nspRecord)[0];\n}\n\n/**\n * Retrieves the content for the NSPRecord.\n *\n * @param nspRecord NSPRecord object.\n * @returns The NSPContent object.\n */\nexport function getNSPContent(\n nspRecord: NSPRecord | GitHubNSPRecord,\n): NSPContent {\n const values = Object.values(nspRecord);\n if (values.length > 0) {\n return values[0];\n }\n throw new Error(\n `Empty NSPRecord is invalid. Here's an example of a valid NSPRecord:\n{\n \"allowlist\": [\n {\n \"vulnerable-module\": {\n \"active\": true,\n \"notes\": \"This is a note\",\n \"expiry\": \"2022-01-01\"\n }\n }\n ]\n}\n `,\n );\n}\n\n/**\n * Determines if the NSPRecord is active.\n *\n * @param nspRecord NSPRecord object.\n * @param now The current date. The default is initialized to the current date.\n * @returns True if the record is active, false otherwise.\n */\nexport function isNSPRecordActive(\n nspRecord: NSPRecord,\n now = new Date(),\n): boolean {\n const content = getNSPContent(nspRecord);\n if (!content.active) {\n return false;\n }\n\n if (content.expiry) {\n const expiryDate = new Date(content.expiry);\n if (expiryDate.getTime() > 0) {\n // Expiry is valid, check if we've passed it yet.\n return now.getTime() < expiryDate.getTime();\n }\n\n // Expiry isn't valid. For safety, disable the rule.\n return false;\n }\n\n return true;\n}\n","import type { GitHubAdvisoryId } from \"audit-types\";\nimport { isGitHubAdvisoryId } from \"./common.js\";\nimport {\n type NSPContent,\n type NSPRecord,\n type GitHubNSPRecord,\n getAllowlistId,\n isNSPRecordActive,\n} from \"./nsp-record.js\";\n\nexport type AllowlistRecord = string | NSPRecord;\n\nconst DEFAULT_NSP_CONTENT: Readonly = {\n active: true,\n notes: undefined,\n expiry: undefined,\n};\n\n/**\n * Takes a string and converts it into a NSPRecord object. If a NSPRecord\n * is passed in, no modifications are made and the record is returned as is.\n *\n * @param recordOrId A string or NSPRecord object.\n * @returns Normalized NSPRecord object.\n */\nexport function normalizeAllowlistRecord(\n recordOrId: AllowlistRecord,\n): NSPRecord {\n return typeof recordOrId === \"string\"\n ? {\n [recordOrId]: DEFAULT_NSP_CONTENT,\n }\n : recordOrId;\n}\n\n/**\n * Removes duplicate allowlist items from an array based on the allowlist id.\n *\n * @param recordsOrIds An array containing allowlist string ids or NSPRecords.\n * @returns An array of NSPRecords with duplicates removed.\n */\nexport function dedupeAllowlistRecords(\n recordsOrIds: AllowlistRecord[],\n): NSPRecord[] {\n const map = new Map();\n for (const recordOrId of recordsOrIds) {\n const nspRecord = normalizeAllowlistRecord(recordOrId);\n const advisoryId = getAllowlistId(nspRecord);\n\n if (!map.has(advisoryId)) {\n map.set(advisoryId, nspRecord);\n }\n }\n\n return [...map.values()];\n}\n\nclass Allowlist {\n modules: string[];\n advisories: GitHubAdvisoryId[];\n paths: string[];\n moduleRecords: NSPRecord[];\n advisoryRecords: GitHubNSPRecord[];\n pathRecords: NSPRecord[];\n /**\n * @param input the allowlisted module names, advisories, and module paths\n */\n constructor(input?: AllowlistRecord[]) {\n this.modules = [];\n this.advisories = [];\n this.paths = [];\n this.moduleRecords = [];\n this.advisoryRecords = [];\n this.pathRecords = [];\n if (!input) {\n return;\n }\n for (const allowlist of input) {\n if (typeof allowlist === \"number\") {\n throw new TypeError(\n \"Unsupported number as allowlist. Perform codemod to update config to use GitHub advisory as identifiers: https://github.com/quinnturner/audit-ci-codemod with `npx @quinnturner/audit-ci-codemod`. See also: https://github.com/IBM/audit-ci/pull/217\",\n );\n }\n\n const allowlistNspRecord = normalizeAllowlistRecord(allowlist);\n if (!isNSPRecordActive(allowlistNspRecord)) {\n continue;\n }\n\n const allowlistId =\n typeof allowlist === \"string\"\n ? allowlist\n : getAllowlistId(allowlistNspRecord);\n\n if (allowlistId.includes(\">\") || allowlistId.includes(\"|\")) {\n this.paths.push(allowlistId);\n this.pathRecords.push(allowlistNspRecord);\n } else if (isGitHubAdvisoryId(allowlistId)) {\n this.advisories.push(allowlistId);\n this.advisoryRecords.push(allowlistNspRecord);\n } else {\n this.modules.push(allowlistId);\n this.moduleRecords.push(allowlistNspRecord);\n }\n }\n }\n\n static mapConfigToAllowlist(\n config: Readonly<{ allowlist: AllowlistRecord[] }>,\n ) {\n const { allowlist } = config;\n const deduplicatedAllowlist = dedupeAllowlistRecords(allowlist || []);\n const allowlistObject = new Allowlist(deduplicatedAllowlist);\n return allowlistObject;\n }\n}\n\nexport default Allowlist;\n","export type VulnerabilityLevels = {\n low: boolean;\n moderate: boolean;\n high: boolean;\n critical: boolean;\n};\n\nexport function mapVulnerabilityLevelInput({\n low,\n l,\n moderate,\n m,\n high,\n h,\n critical,\n c,\n}: Record): {\n [K in keyof VulnerabilityLevels]: VulnerabilityLevels[K];\n} {\n if (low || l) {\n return { low: true, moderate: true, high: true, critical: true };\n }\n if (moderate || m) {\n return { low: false, moderate: true, high: true, critical: true };\n }\n if (high || h) {\n return { low: false, moderate: false, high: true, critical: true };\n }\n if (critical || c) {\n return { low: false, moderate: false, high: false, critical: true };\n }\n return { low: false, moderate: false, high: false, critical: false };\n}\n","import type { GitHubAdvisoryId, NPMAuditReportV2 } from \"audit-types\";\nimport Allowlist from \"./allowlist.js\";\nimport {\n gitHubAdvisoryUrlToAdvisoryId,\n matchString,\n partition,\n} from \"./common.js\";\nimport type { AuditCiFullConfig } from \"./config.js\";\nimport type { VulnerabilityLevels } from \"./map-vulnerability.js\";\nimport type { DeepReadonly, DeepWriteable } from \"./types.js\";\n\nconst SUPPORTED_SEVERITY_LEVELS = new Set([\n \"critical\",\n \"high\",\n \"moderate\",\n \"low\",\n]);\n\nconst prependPath = (\n newItem: N,\n currentPath: C,\n): `${N}>${C}` => `${newItem}>${currentPath}`;\n\nconst isVia = (via: T | string): via is T => {\n return typeof via !== \"string\";\n};\n\nexport interface Summary {\n advisoriesFound: GitHubAdvisoryId[];\n failedLevelsFound: (\"low\" | \"moderate\" | \"high\" | \"critical\")[];\n allowlistedAdvisoriesNotFound: string[];\n allowlistedModulesNotFound: string[];\n allowlistedPathsNotFound: string[];\n allowlistedAdvisoriesFound: GitHubAdvisoryId[];\n allowlistedModulesFound: string[];\n allowlistedPathsFound: string[];\n advisoryPathsFound: string[];\n}\n\ninterface ProcessedAdvisory {\n id: number;\n github_advisory_id: GitHubAdvisoryId;\n severity: \"critical\" | \"high\" | \"moderate\" | \"low\" | \"info\";\n module_name: string;\n url: `https://github.com/advisories/${GitHubAdvisoryId}`;\n findings: { paths: string[] }[];\n}\n\n// These are hre to simplify testing by requiring only the relevant parts of the\n// audit report.\ninterface PartialNPMAuditReportV1Audit {\n advisories: Readonly>;\n}\ninterface PartialPNPMAuditReportAudit {\n advisories: Readonly>;\n}\ninterface PartialNPMAuditReportV2Audit {\n vulnerabilities: Readonly<\n Record<\n string,\n Pick &\n Partial\n >\n >;\n}\n\nclass Model {\n failingSeverities: {\n [K in keyof VulnerabilityLevels]: VulnerabilityLevels[K];\n };\n allowlist: Allowlist;\n allowlistedModulesFound: string[];\n allowlistedAdvisoriesFound: GitHubAdvisoryId[];\n allowlistedPathsFound: `${GitHubAdvisoryId}|${string}`[];\n advisoriesFound: ProcessedAdvisory[];\n advisoryPathsFound: string[];\n\n constructor(config: Pick) {\n const unsupported = Object.keys(config.levels).filter(\n (level) => !SUPPORTED_SEVERITY_LEVELS.has(level),\n );\n if (unsupported.length > 0) {\n throw new Error(\n `Unsupported severity levels found: ${unsupported.sort().join(\", \")}`,\n );\n }\n this.failingSeverities = config.levels;\n\n this.allowlist = config.allowlist;\n\n this.allowlistedModulesFound = [];\n this.allowlistedAdvisoriesFound = [];\n this.allowlistedPathsFound = [];\n this.advisoriesFound = [];\n this.advisoryPathsFound = [];\n }\n\n process(advisory: ProcessedAdvisory) {\n const {\n severity,\n module_name: moduleName,\n github_advisory_id: githubAdvisoryId,\n findings,\n } = advisory;\n if (severity !== \"info\" && !this.failingSeverities[severity]) {\n return;\n }\n\n if (this.allowlist.modules.includes(moduleName)) {\n if (!this.allowlistedModulesFound.includes(moduleName)) {\n this.allowlistedModulesFound.push(moduleName);\n }\n return;\n }\n\n if (this.allowlist.advisories.includes(githubAdvisoryId)) {\n if (!this.allowlistedAdvisoriesFound.includes(githubAdvisoryId)) {\n this.allowlistedAdvisoriesFound.push(githubAdvisoryId);\n }\n return;\n }\n\n const allowlistedPathsFoundSet = new Set<`${GitHubAdvisoryId}|${string}`>();\n\n const flattenedPaths = findings.flatMap((finding) => finding.paths);\n const flattenedAllowlist = flattenedPaths.map(\n (path) => `${githubAdvisoryId}|${path}` as const,\n );\n const { truthy, falsy } = partition(flattenedAllowlist, (path) =>\n this.allowlist.paths.some((allowedPath) =>\n matchString(allowedPath, path),\n ),\n );\n for (const path of truthy) {\n allowlistedPathsFoundSet.add(path);\n }\n\n this.allowlistedPathsFound.push(...allowlistedPathsFoundSet);\n\n const isAllowListed = falsy.length === 0;\n if (isAllowListed) {\n return;\n }\n\n this.advisoriesFound.push(advisory);\n this.advisoryPathsFound.push(...falsy);\n }\n\n load(\n parsedOutput:\n | PartialNPMAuditReportV2Audit\n | PartialNPMAuditReportV1Audit\n | PartialPNPMAuditReportAudit,\n ) {\n /** NPM 6 & PNPM */\n if (\"advisories\" in parsedOutput && parsedOutput.advisories) {\n for (const advisory of Object.values<\n DeepWriteable<\n | PartialNPMAuditReportV1Audit[\"advisories\"][GitHubAdvisoryId]\n | PartialPNPMAuditReportAudit[\"advisories\"][GitHubAdvisoryId]\n >\n >(parsedOutput.advisories)) {\n advisory.github_advisory_id = gitHubAdvisoryUrlToAdvisoryId(\n advisory.url,\n );\n // PNPM paths have a leading `.>`\n // \"paths\": [\n // \".>module-name\"\n //]\n for (const finding of advisory.findings) {\n finding.paths = finding.paths.map((path) => path.replace(\".>\", \"\"));\n }\n this.process(advisory);\n }\n return this.getSummary();\n }\n\n /** NPM 7+ */\n if (\"vulnerabilities\" in parsedOutput && parsedOutput.vulnerabilities) {\n const advisoryMap = new Map<\n number,\n ProcessedAdvisory & {\n findingsSet: Set;\n }\n >();\n // First, let's deal with building a structure that's as close to NPM 6 as we can\n // without dealing with the findings.\n for (const vulnerability of Object.values<\n PartialNPMAuditReportV2Audit[\"vulnerabilities\"][GitHubAdvisoryId]\n >(parsedOutput.vulnerabilities)) {\n const { via: vias, isDirect } = vulnerability;\n // https://github.com/microsoft/TypeScript/issues/33591\n for (const via of vias as Array) {\n if (!isVia(via)) {\n continue;\n }\n const { source, url, name, severity } = via;\n if (!advisoryMap.has(source)) {\n advisoryMap.set(source, {\n id: source,\n github_advisory_id: gitHubAdvisoryUrlToAdvisoryId(url),\n module_name: name,\n severity: severity,\n url: url,\n // This will eventually be an array.\n // However, to improve the performance of deduplication,\n // start with a set.\n findingsSet: new Set(isDirect ? [name] : []),\n findings: [],\n });\n }\n }\n }\n\n // Now, all we have to deal with is develop the 'findings' property by traversing\n // the audit tree.\n\n const visitedModules = new Map();\n\n for (const vuln of Object.entries<\n DeepReadonly<\n PartialNPMAuditReportV2Audit[\"vulnerabilities\"][GitHubAdvisoryId]\n >\n >(parsedOutput.vulnerabilities)) {\n // Did this approach rather than destructuring within the forEach to type vulnerability\n const moduleName = vuln[0];\n const vulnerability = vuln[1];\n const { via: vias, isDirect } = vulnerability;\n\n if (vias.length === 0 || typeof vias[0] === \"string\") {\n continue;\n }\n\n const visited = new Set();\n\n const recursiveMagic = (\n cVuln: DeepReadonly<\n PartialNPMAuditReportV2Audit[\"vulnerabilities\"][GitHubAdvisoryId]\n >,\n dependencyPath: string,\n ): string[] => {\n const visitedModule = visitedModules.get(cVuln.name);\n if (visitedModule) {\n return visitedModule.map((name) => {\n const resultWithExtraCarat = prependPath(name, dependencyPath);\n return resultWithExtraCarat.slice(\n 0,\n Math.max(0, resultWithExtraCarat.length - 1),\n );\n });\n }\n\n if (visited.has(cVuln.name)) {\n // maybe undefined and filter?\n return [dependencyPath];\n }\n visited.add(cVuln.name);\n const newPath = prependPath(cVuln.name, dependencyPath);\n if (cVuln.effects.length === 0) {\n return [newPath.slice(0, Math.max(0, newPath.length - 1))];\n }\n const result = cVuln.effects.flatMap((effect) =>\n recursiveMagic(parsedOutput.vulnerabilities[effect], newPath),\n );\n return result;\n };\n\n const result = recursiveMagic(vulnerability, \"\");\n if (isDirect) {\n result.push(moduleName);\n }\n const advisories = (\n (vias as Array).filter(\n (via) => typeof via !== \"string\",\n ) as NPMAuditReportV2.Via[]\n )\n .map((via) => via.source)\n // Filter boolean makes the next line non-nullable.\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n .map((id) => advisoryMap.get(id)!)\n .filter(Boolean);\n for (const advisory of advisories) {\n for (const path of result) {\n advisory.findingsSet.add(path);\n }\n }\n // Optimization to prevent extra traversals.\n visitedModules.set(moduleName, result);\n }\n for (const [, advisory] of advisoryMap) {\n advisory.findings = [{ paths: [...advisory.findingsSet] }];\n // @ts-expect-error don't care about findingSet anymore\n delete advisory.findingsSet;\n this.process(advisory);\n }\n }\n return this.getSummary();\n }\n\n getSummary(\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n advisoryMapper: (advisory: any) => GitHubAdvisoryId = (a) =>\n a.github_advisory_id,\n ) {\n // Clean up the data structures for more consistent output.\n this.advisoriesFound.sort();\n this.advisoryPathsFound = [...new Set(this.advisoryPathsFound)].sort();\n this.allowlistedAdvisoriesFound.sort();\n this.allowlistedModulesFound.sort();\n this.allowlistedPathsFound.sort();\n\n const foundSeverities = new Set<\"low\" | \"moderate\" | \"high\" | \"critical\">();\n for (const { severity } of this.advisoriesFound) {\n if (severity !== \"info\") {\n foundSeverities.add(severity);\n }\n }\n const failedLevelsFound = [...foundSeverities].sort();\n\n const advisoriesFound = [\n ...new Set(this.advisoriesFound.map((a) => advisoryMapper(a))),\n ].sort();\n\n const allowlistedAdvisoriesNotFound = this.allowlist.advisories\n .filter((id) => !this.allowlistedAdvisoriesFound.includes(id))\n .sort();\n const allowlistedModulesNotFound = this.allowlist.modules\n .filter((id) => !this.allowlistedModulesFound.includes(id))\n .sort();\n const allowlistedPathsNotFound = this.allowlist.paths\n .filter(\n (id) =>\n !this.allowlistedPathsFound.some((foundPath) =>\n matchString(id, foundPath),\n ),\n )\n .sort();\n\n const summary: Summary = {\n advisoriesFound,\n failedLevelsFound,\n allowlistedAdvisoriesNotFound,\n allowlistedModulesNotFound,\n allowlistedPathsNotFound,\n allowlistedAdvisoriesFound: this.allowlistedAdvisoriesFound,\n allowlistedModulesFound: this.allowlistedModulesFound,\n allowlistedPathsFound: this.allowlistedPathsFound,\n advisoryPathsFound: this.advisoryPathsFound,\n };\n return summary;\n }\n}\n\nexport default Model;\n","import type { GitHubAdvisoryId, PNPMAuditReport } from \"audit-types\";\nimport { execSync } from \"child_process\";\nimport * as semver from \"semver\";\nimport { blue, yellow } from \"./colors.js\";\nimport { ReportConfig, reportAudit, runProgram } from \"./common.js\";\nimport {\n AuditCiConfig,\n AuditCiFullConfig,\n mapAuditCiConfigToAuditCiFullConfig,\n} from \"./config.js\";\nimport Model, { type Summary } from \"./model.js\";\n\nconst MINIMUM_PNPM_AUDIT_REGISTRY_VERSION = \"5.4.0\";\n\nasync function runPnpmAudit(\n config: AuditCiFullConfig,\n): Promise {\n const {\n directory,\n registry,\n _pnpm,\n \"skip-dev\": skipDevelopmentDependencies,\n \"extra-args\": extraArguments,\n } = config;\n const pnpmExec = _pnpm || \"pnpm\";\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const stdoutBuffer: any = {};\n function outListener(data: unknown) {\n // Object.assign is used here instead of the spread operator for minor performance gains.\n Object.assign(stdoutBuffer, data);\n }\n\n const stderrBuffer: unknown[] = [];\n function errorListener(line: unknown) {\n stderrBuffer.push(line);\n }\n\n const arguments_ = [\"audit\", \"--json\"];\n if (registry) {\n const pnpmVersion = getPnpmVersion(directory);\n\n if (pnpmAuditSupportsRegistry(pnpmVersion)) {\n arguments_.push(\"--registry\", registry);\n } else {\n console.warn(\n yellow,\n `Update PNPM to version >=${MINIMUM_PNPM_AUDIT_REGISTRY_VERSION} to use the --registry flag`,\n );\n }\n }\n if (skipDevelopmentDependencies) {\n arguments_.push(\"--prod\");\n }\n if (extraArguments) {\n arguments_.push(...extraArguments);\n }\n const options = { cwd: directory };\n await runProgram(pnpmExec, arguments_, options, outListener, errorListener);\n if (stderrBuffer.length > 0) {\n throw new Error(\n `Invocation of pnpm audit failed:\\n${stderrBuffer.join(\"\\n\")}`,\n );\n }\n return stdoutBuffer;\n}\n\nfunction printReport(\n parsedOutput: PNPMAuditReport.Audit,\n levels: AuditCiFullConfig[\"levels\"],\n reportType: \"full\" | \"important\" | \"summary\",\n outputFormat: \"text\" | \"json\",\n) {\n const printReportObject = (text: string, object: unknown) => {\n if (outputFormat === \"text\") {\n console.log(blue, text);\n }\n console.log(JSON.stringify(object, undefined, 2));\n };\n switch (reportType) {\n case \"full\": {\n printReportObject(\"PNPM audit report JSON:\", parsedOutput);\n break;\n }\n case \"important\": {\n const { advisories, metadata } = parsedOutput;\n\n const advisoryKeys = Object.keys(advisories) as GitHubAdvisoryId[];\n\n const relevantAdvisoryLevels = advisoryKeys.filter((advisory) => {\n const severity = advisories[advisory].severity;\n return severity !== \"info\" && levels[severity];\n });\n\n const relevantAdvisories: Record = {};\n for (const advisory of relevantAdvisoryLevels) {\n relevantAdvisories[advisory] = advisories[advisory];\n }\n\n const keyFindings = {\n advisories: relevantAdvisories,\n metadata: metadata,\n };\n printReportObject(\"PNPM audit report results:\", keyFindings);\n break;\n }\n case \"summary\": {\n printReportObject(\"PNPM audit report summary:\", parsedOutput.metadata);\n break;\n }\n default: {\n throw new Error(\n `Invalid report type: ${reportType}. Should be \\`['important', 'full', 'summary']\\`.`,\n );\n }\n }\n}\n\nexport function report(\n parsedOutput: PNPMAuditReport.Audit,\n config: AuditCiFullConfig,\n reporter: (\n summary: Summary,\n config: ReportConfig,\n audit?: PNPMAuditReport.Audit,\n ) => Summary,\n) {\n const {\n levels,\n \"report-type\": reportType,\n \"output-format\": outputFormat,\n } = config;\n printReport(parsedOutput, levels, reportType, outputFormat);\n const model = new Model(config);\n const summary = model.load(parsedOutput);\n return reporter(summary, config, parsedOutput);\n}\n\n/**\n * Audit your PNPM project!\n *\n * @returns Returns the audit report summary on resolve, `Error` on rejection.\n */\nexport async function auditWithFullConfig(\n config: AuditCiFullConfig,\n reporter = reportAudit,\n) {\n const parsedOutput = await runPnpmAudit(config);\n if (\"error\" in parsedOutput) {\n const { code, summary } = parsedOutput.error;\n throw new Error(`code ${code}: ${summary}`);\n }\n return report(parsedOutput, config, reporter);\n}\n\n/**\n * Run audit-ci with PNPM.\n */\nexport async function audit(config: AuditCiConfig, reporter = reportAudit) {\n const fullConfig = mapAuditCiConfigToAuditCiFullConfig(config);\n return await auditWithFullConfig(fullConfig, reporter);\n}\n\nfunction pnpmAuditSupportsRegistry(\n pnpmVersion: string | semver.SemVer,\n): boolean {\n return semver.gte(pnpmVersion, MINIMUM_PNPM_AUDIT_REGISTRY_VERSION);\n}\n\nfunction getPnpmVersion(cwd?: string): string {\n return execSync(\"pnpm -v\", { cwd }).toString().replace(\"\\n\", \"\");\n}\n","import type { YarnAudit, Yarn2And3AuditReport } from \"audit-types\";\nimport { blue, red, yellow } from \"./colors.js\";\nimport { reportAudit, runProgram } from \"./common.js\";\nimport {\n mapAuditCiConfigToAuditCiFullConfig,\n type AuditCiConfig,\n type AuditCiFullConfig,\n} from \"./config.js\";\nimport Model, { type Summary } from \"./model.js\";\nimport {\n MINIMUM_YARN_BERRY_VERSION,\n MINIMUM_YARN_CLASSIC_VERSION,\n getYarnVersion,\n yarnAuditSupportsRegistry,\n yarnSupportsAudit,\n yarnSupportsClassicAudit,\n} from \"./yarn-version.js\";\n\nconst printJson = (data: unknown) => {\n console.log(JSON.stringify(data, undefined, 2));\n};\n\nconst isClassicAuditAdvisory = (\n data: unknown,\n type: unknown,\n): data is YarnAudit.AuditAdvisoryResponse => {\n return type === \"auditAdvisory\";\n};\n\nconst isClassicAuditSummary = (\n data: unknown,\n type: unknown,\n): data is YarnAudit.AuditSummary => {\n return type === \"auditSummary\";\n};\n\n/**\n * Audit your Yarn project!\n *\n * @returns Returns the audit report summary on resolve, `Error` on rejection.\n */\nexport async function auditWithFullConfig(\n config: AuditCiFullConfig,\n reporter = reportAudit,\n): Promise {\n const {\n levels,\n registry,\n \"report-type\": reportType,\n \"skip-dev\": skipDevelopmentDependencies,\n \"output-format\": outputFormat,\n _yarn,\n directory,\n \"extra-args\": extraArguments,\n } = config;\n const yarnExec = _yarn || \"yarn\";\n let missingLockFile = false;\n const model = new Model(config);\n\n const yarnVersion = getYarnVersion(yarnExec, directory);\n const isYarnVersionSupported = yarnSupportsAudit(yarnVersion);\n if (!isYarnVersionSupported) {\n throw new Error(\n `Yarn ${yarnVersion} not supported, must be ^${MINIMUM_YARN_CLASSIC_VERSION} or >=${MINIMUM_YARN_BERRY_VERSION}`,\n );\n }\n const isYarnClassic = yarnSupportsClassicAudit(yarnVersion);\n const yarnName = isYarnClassic ? `Yarn` : `Yarn Berry`;\n\n function isClassicGuard(\n response: YarnAudit.AuditResponse | Yarn2And3AuditReport.AuditResponse,\n ): response is YarnAudit.AuditResponse {\n return isYarnClassic;\n }\n\n const printHeader = (text: string) => {\n if (outputFormat === \"text\") {\n console.log(blue, text);\n }\n };\n switch (reportType) {\n case \"full\": {\n printHeader(`${yarnName} audit report JSON:`);\n break;\n }\n case \"important\": {\n printHeader(`${yarnName} audit report results:`);\n break;\n }\n case \"summary\": {\n printHeader(`${yarnName} audit report summary:`);\n break;\n }\n default: {\n throw new Error(\n `Invalid report type: ${reportType}. Should be \\`['important', 'full', 'summary']\\`.`,\n );\n }\n }\n\n // Define a function to print based on the report type.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n let printAuditData: any;\n switch (reportType) {\n case \"full\": {\n printAuditData = (line: unknown) => {\n printJson(line);\n };\n break;\n }\n case \"important\": {\n printAuditData = isYarnClassic\n ? // eslint-disable-next-line @typescript-eslint/no-explicit-any\n ({ type, data }: any) => {\n if (isClassicAuditAdvisory(data, type)) {\n const severity = data.advisory.severity;\n if (severity !== \"info\" && levels[severity]) {\n printJson(data);\n }\n } else if (isClassicAuditSummary(data, type)) {\n printJson(data);\n }\n }\n : ({ metadata }: { metadata: Yarn2And3AuditReport.AuditMetadata }) => {\n printJson(metadata);\n };\n break;\n }\n case \"summary\": {\n printAuditData = isYarnClassic\n ? ({ type, data }: { type: unknown; data: unknown }) => {\n if (isClassicAuditAdvisory(data, type)) {\n printJson(data);\n }\n }\n : ({ metadata }: { metadata: Yarn2And3AuditReport.AuditMetadata }) => {\n printJson(metadata);\n };\n break;\n }\n default: {\n throw new Error(\n `Invalid report type: ${reportType}. Should be \\`['important', 'full', 'summary']\\`.`,\n );\n }\n }\n\n function outListener(\n line: YarnAudit.AuditResponse | Yarn2And3AuditReport.AuditResponse,\n ) {\n try {\n if (isClassicGuard(line)) {\n const { type, data } = line;\n printAuditData(line);\n\n if (type === \"info\" && data === \"No lockfile found.\") {\n missingLockFile = true;\n return;\n }\n\n if (type !== \"auditAdvisory\") {\n return;\n }\n\n model.process(data.advisory);\n } else {\n printAuditData(line);\n\n if (\"advisories\" in line) {\n for (const advisory of Object.values(\n line.advisories,\n )) {\n model.process(advisory);\n }\n }\n }\n } catch (error) {\n console.error(red, `ERROR: Cannot JSONStream.parse response:`);\n console.error(line);\n throw error;\n }\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const stderrBuffer: any[] = [];\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n function errorListener(line: any) {\n stderrBuffer.push(line);\n\n if (line.type === \"error\") {\n throw new Error(line.data);\n }\n }\n const options = { cwd: directory };\n const arguments_ = isYarnClassic\n ? [\n \"audit\",\n \"--json\",\n ...(skipDevelopmentDependencies ? [\"--groups\", \"dependencies\"] : []),\n ]\n : [\n \"npm\",\n \"audit\",\n \"--recursive\",\n \"--json\",\n \"--all\",\n ...(skipDevelopmentDependencies ? [\"--environment\", \"production\"] : []),\n ];\n if (registry) {\n const auditRegistrySupported = yarnAuditSupportsRegistry(yarnVersion);\n if (auditRegistrySupported) {\n arguments_.push(\"--registry\", registry);\n } else {\n console.warn(\n yellow,\n \"Yarn audit does not support the registry flag yet.\",\n );\n }\n }\n if (extraArguments) {\n arguments_.push(...extraArguments);\n }\n await runProgram(yarnExec, arguments_, options, outListener, errorListener);\n if (missingLockFile) {\n console.warn(\n yellow,\n \"No yarn.lock file. This does not affect auditing, but it may be a mistake.\",\n );\n }\n\n const summary = model.getSummary((a) => a.github_advisory_id);\n return reporter(summary, config);\n}\n\n/**\n * Run audit-ci with Yarn Classic or Yarn Berry.\n */\nexport async function audit(config: AuditCiConfig, reporter = reportAudit) {\n const fullConfig = mapAuditCiConfigToAuditCiFullConfig(config);\n return await auditWithFullConfig(fullConfig, reporter);\n}\n","import { execSync } from \"child_process\";\nimport semver from \"semver\";\n\nexport const MINIMUM_YARN_CLASSIC_VERSION = \"1.12.3\";\nexport const MINIMUM_YARN_BERRY_VERSION = \"2.4.0\";\n/**\n * Change this to the appropriate version when\n * yarn audit --registry is supported:\n * @see https://github.com/yarnpkg/yarn/issues/7012\n */\nconst MINIMUM_YARN_AUDIT_REGISTRY_VERSION = \"99.99.99\";\n\nexport function yarnSupportsClassicAudit(yarnVersion: string | semver.SemVer) {\n return semver.satisfies(yarnVersion, `^${MINIMUM_YARN_CLASSIC_VERSION}`);\n}\n\nexport function yarnSupportsBerryAudit(yarnVersion: string | semver.SemVer) {\n return semver.gte(yarnVersion, MINIMUM_YARN_BERRY_VERSION);\n}\n\nexport function yarnSupportsAudit(yarnVersion: string | semver.SemVer) {\n return (\n yarnSupportsClassicAudit(yarnVersion) || yarnSupportsBerryAudit(yarnVersion)\n );\n}\n\nexport function yarnAuditSupportsRegistry(yarnVersion: string | semver.SemVer) {\n return semver.gte(yarnVersion, MINIMUM_YARN_AUDIT_REGISTRY_VERSION);\n}\n\nconst versionMap = new Map();\nexport function getYarnVersion(yarnExec = \"yarn\", cwd?: string) {\n const key = `${yarnExec}:${cwd}`;\n let version = versionMap.get(key);\n if (version) return version;\n version = execSync(`${yarnExec} -v`, { cwd }).toString().replace(\"\\n\", \"\");\n versionMap.set(key, version);\n return version;\n}\n","import { yellow } from \"./colors.js\";\nimport { ReportConfig } from \"./common.js\";\nimport type { AuditCiFullConfig } from \"./config.js\";\nimport type { Summary } from \"./model.js\";\nimport * as npmAuditor from \"./npm-auditor.js\";\nimport * as pnpmAuditor from \"./pnpm-auditor.js\";\nimport * as yarnAuditor from \"./yarn-auditor.js\";\n\nconst PARTIAL_RETRY_ERROR_MSG = {\n // The three ENOAUDIT error messages for NPM are:\n // `Either your login credentials are invalid or your registry (${opts.registry}) does not support audit.`\n // `Your configured registry (${opts.registry}) does not support audit requests.`\n // `Your configured registry (${opts.registry}) may not support audit requests, or the audit endpoint may be temporarily unavailable.`\n // Between them, all three use the phrasing 'not support audit'.\n npm: [`not support audit`],\n yarn: [\"503 Service Unavailable\"],\n // TODO: Identify retry-able error message for pnpm\n pnpm: [],\n} as const;\n\nfunction getAuditor(\n packageManager: \"npm\" | \"yarn\" | \"pnpm\",\n): typeof yarnAuditor | typeof npmAuditor | typeof pnpmAuditor {\n switch (packageManager) {\n case \"yarn\": {\n return yarnAuditor;\n }\n case \"npm\": {\n return npmAuditor;\n }\n case \"pnpm\": {\n return pnpmAuditor;\n }\n default: {\n throw new Error(`Invalid package manager: ${packageManager}`);\n }\n }\n}\n\nasync function audit(\n config: AuditCiFullConfig,\n reporter?: (summary: Summary, config: ReportConfig) => Summary,\n) {\n const {\n \"pass-enoaudit\": passENoAudit,\n \"retry-count\": maxRetryCount,\n \"package-manager\": packageManager,\n \"output-format\": outputFormat,\n } = config;\n const auditor = getAuditor(packageManager);\n\n async function run(attempt = 0): Promise {\n try {\n const result = await auditor.auditWithFullConfig(config, reporter);\n return result;\n } catch (error: unknown) {\n const message =\n error && typeof error === \"object\" && \"message\" in error\n ? error.message\n : error;\n const isRetryableMessage =\n typeof message === \"string\" &&\n PARTIAL_RETRY_ERROR_MSG[packageManager].some((retryErrorMessage) =>\n message.includes(retryErrorMessage),\n );\n const shouldRetry = attempt < maxRetryCount && isRetryableMessage;\n if (shouldRetry) {\n if (outputFormat === \"text\") {\n console.log(\"Retrying audit...\");\n }\n return run(attempt + 1);\n }\n const shouldPassWithoutAuditing = passENoAudit && isRetryableMessage;\n if (shouldPassWithoutAuditing) {\n console.warn(\n yellow,\n `ACTION RECOMMENDED: An audit could not performed due to ${maxRetryCount} audits that resulted in ENOAUDIT. Perform an audit manually and verify that no significant vulnerabilities exist before merging.`,\n );\n return;\n }\n throw error;\n }\n }\n\n return await run();\n}\n\nexport default audit;\n","import audit from \"./audit.js\";\nimport { green, red } from \"./colors.js\";\nimport { runYargs } from \"./config.js\";\n\n/**\n * Runs the audit-ci CLI.\n */\nexport async function runAuditCi() {\n const auditCiConfig = await runYargs();\n\n const { \"package-manager\": packageManager, \"output-format\": outputFormat } =\n auditCiConfig;\n\n try {\n await audit(auditCiConfig);\n if (outputFormat === \"text\") {\n console.log(green, `Passed ${packageManager} security audit.`);\n }\n } catch (error: unknown) {\n if (outputFormat === \"text\") {\n const message = error instanceof Error ? error.message : error;\n console.error(red, message);\n console.error(red, \"Exiting...\");\n }\n process.exitCode = 1;\n }\n}\n","#!/usr/bin/env node\nimport { runAuditCi } from \"./audit-ci.js\";\n\n// eslint-disable-next-line unicorn/prefer-top-level-await\nrunAuditCi().catch((error) => {\n console.error(error);\n process.exit(1);\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,OAAO;AACb,IAAM,QAAQ;AACd,IAAM,MAAM;AACZ,IAAM,SAAS;;;ACHtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEA,yBAAsB;AACtB,kCAA+B;AAC/B,0BAAwB;AACxB,iBAA4B;AAC5B,gCAA8B;AAMvB,SAAS,UAAa,GAAQ,KAAgC;AACnE,QAAM,cAA2C,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,EAAE;AACzE,aAAW,QAAQ,GAAG;AACpB,QAAI,IAAI,IAAI,GAAG;AACb,kBAAY,OAAO,KAAK,IAAI;AAAA,IAC9B,OAAO;AACL,kBAAY,MAAM,KAAK,IAAI;AAAA,IAC7B;AAAA,EACF;AACA,SAAO;AACT;AAOO,SAAS,YAAY,SAAkB,QAAsB;AAClE,QAAM;AAAA,IACJ;AAAA,IACA,kBAAkB;AAAA,IAClB,cAAc;AAAA,IACd,iBAAiB;AAAA,EACnB,IAAI;AACJ,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,iBAAiB,QAAQ;AAC3B,QAAI,UAAU,QAAQ,SAAS,GAAG;AAChC,cAAQ;AAAA,QACN;AAAA,QACA,yBAAyB,UAAU,QAAQ,KAAK,IAAI,CAAC;AAAA,MACvD;AAAA,IACF;AAEA,QAAI,WAAW;AACb,UAAI,wBAAwB,SAAS,GAAG;AACtC,cAAM,QAAQ,wBAAwB,KAAK,IAAI;AAC/C,gBAAQ,KAAK,QAAQ,yCAAyC,KAAK,GAAG;AAAA,MACxE;AACA,UAAI,2BAA2B,SAAS,GAAG;AACzC,cAAM,QAAQ,2BAA2B,KAAK,IAAI;AAClD,gBAAQ;AAAA,UACN;AAAA,UACA,4CAA4C,KAAK;AAAA,QACnD;AAAA,MACF;AAAA,IACF;AACA,QAAI,cAAc;AAChB,UAAI,2BAA2B,SAAS,GAAG;AACzC,cAAM,QAAQ,2BACX,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC,EACjC,KAAK,IAAI;AACZ,cAAM,mBACJ,2BAA2B,WAAW,IAClC,qCAAqC,KAAK,MAC1C,sCAAsC,KAAK;AACjD,gBAAQ,KAAK,QAAQ,gBAAgB;AAAA,MACvC;AACA,UAAI,8BAA8B,SAAS,GAAG;AAC5C,cAAM,QAAQ,8BACX,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC,EACjC,KAAK,IAAI;AACZ,cAAM,mBACJ,8BAA8B,WAAW,IACrC,uCAAuC,KAAK,MAC5C,yCAAyC,KAAK;AACpD,gBAAQ,KAAK,QAAQ,gBAAgB;AAAA,MACvC;AACA,UAAI,yBAAyB,SAAS,GAAG;AACvC,cAAM,QAAQ,yBACX,KAAK,CAAC,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC,EACjC,KAAK,IAAI;AACZ,cAAM,mBACJ,yBAAyB,WAAW,IAChC,mCAAmC,KAAK,MACxC,oCAAoC,KAAK;AAC/C,gBAAQ,KAAK,QAAQ,gBAAgB;AAAA,MACvC;AAAA,IACF;AAEA,QAAI,mBAAmB,SAAS,GAAG;AACjC,YAAM,QAAQ,mBAAmB,KAAK,IAAI;AAC1C,cAAQ,KAAK,QAAQ,kCAAkC;AACvD,cAAQ,IAAI,KAAK;AAAA,IACnB;AAAA,EACF;AAEA,MAAI,kBAAkB,SAAS,GAAG;AAEhC,UAAM,IAAI;AAAA,MACR,gCAAgC,kBAAkB;AAAA,QAChD;AAAA,MACF,CAAC;AAAA;AAAA,EAAkD,gBAChD,IAAI,CAAC,YAAY,sBAAsB,OAAO,CAAC,EAC/C,KAAK,IAAI,CAAC;AAAA,IACf;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,WAAW,OAA+C;AACjE,SAAO,OAAO,UAAU,YAAY,SAAS,UAAa,aAAa;AACzE;AAEA,SAAS,cACP,OACoD;AACpD,SACE,OAAO,UAAU,YAAY,SAAS,UAAa,gBAAgB;AAEvE;AAEO,SAAS,WACd,SACA,YACA,SAEA,gBAEA,gBACA;AAGA,QAAM,YAAY,IAAI,0BAAAA,QAAkB,EAAE,WAAW,KAAK,CAAC;AAC3D,QAAM,WAAO,0BAAM,SAAS,YAAY,OAAO;AAC/C,MAAI;AACJ,MAAI;AACJ,OAAK,OAAO,YAAY,MAAM;AAC9B,OAAK,OACF;AAAA,IACC,UAAU,GAAG,SAAS,CAAC,UAAmB;AACxC,YAAM;AAAA,IACR,CAAC;AAAA,EACH,EACC;AAAA,IACC,oBAAAC,QAAY,QAAQ,CAAC,SAAiB;AACpC,sBAAgB;AAChB,aAAO;AAAA,IACT,CAAC;AAAA,EACH,EACC;AAAA;AAAA;AAAA,IAGY,iBAAM,EAAE,GAAG,SAAS,MAAM;AACnC,qBAAe;AACf,YAAM,IAAI,MAAM,YAAY;AAAA,IAC9B,CAAC;AAAA,EACH,EACC;AAAA,IACC,oBAAAA,QAAY,QAAQ,CAAC,SAAkB;AACrC,UAAI,CAAC;AAAM;AACX,UAAI;AAEF,YACE,WAAW,IAAI,KACf,OAAO,KAAK,YAAY,YACxB,KAAK,QAAQ,SAAS,WAAW,GACjC;AACA,yBAAe,KAAK,OAAO;AAC3B;AAAA,QACF;AAEA,YAAI,cAAc,IAAI,KAAK,KAAK,eAAe,KAAK;AAClD,yBAAe,KAAK,OAAO;AAC3B;AAAA,QACF;AAEA,uBAAe,IAAI;AAAA,MACrB,SAAS,OAAO;AACd,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF,CAAC;AAAA,EACH;AACF,SAAO,IAAI,QAAc,CAACC,UAAS,WAAW;AAC5C,SAAK,GAAG,SAAS,MAAM;AACrB,UAAI,cAAc;AAChB,eAAO,OAAO,IAAI,MAAM,YAAY,CAAC;AAAA,MACvC;AACA,aAAOA,SAAQ;AAAA,IACjB,CAAC;AACD,SAAK;AAAA,MAAG;AAAA,MAAS,CAAC,UAChB,OAAO,eAAe,IAAI,MAAM,YAAY,IAAI,KAAK;AAAA,IACvD;AAAA,EACF,CAAC;AACH;AAEA,SAAS,gBAAgB,oBAA4B;AACnD,QAAM,cAAc,mBACjB,MAAM,KAAK,EACX,IAAI,CAAC,UAAM,4BAAAC,SAAmB,CAAC,CAAC,EAChC,KAAK,IAAI;AACZ,SAAO,IAAI,OAAO,IAAI,WAAW,GAAG;AACtC;AAEO,SAAS,YAAY,UAAkB,SAAiB;AAC7D,SAAO,SAAS,SAAS,GAAG,IACxB,gBAAgB,QAAQ,EAAE,KAAK,OAAO,IACtC,aAAa;AACnB;AAEO,SAAS,mBAAmB,IAAqC;AACtE,SAAO,OAAO,OAAO,YAAY,GAAG,WAAW,MAAM;AACvD;AAEO,SAAS,8BAA8B,KAA+B;AAC3E,SAAO,IAAI,MAAM,GAAG,EAAE,CAAC;AACzB;AAEO,SAAS,sBACd,IACsC;AACtC,SAAO,iCAAiC,EAAE;AAC5C;;;ACzOA,gBAAyC;AACzC,iBAAgB;AAEhB,WAAsB;AACtB,qBAAwB;AACxB,mBAAkB;;;ACYX,SAAS,eAAe,WAAgD;AAC7E,SAAO,OAAO,KAAK,SAAS,EAAE,CAAC;AACjC;AAQO,SAAS,cACd,WACY;AACZ,QAAM,SAAS,OAAO,OAAO,SAAS;AACtC,MAAI,OAAO,SAAS,GAAG;AACrB,WAAO,OAAO,CAAC;AAAA,EACjB;AACA,QAAM,IAAI;AAAA,IACR;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaF;AACF;AASO,SAAS,kBACd,WACA,MAAM,oBAAI,KAAK,GACN;AACT,QAAM,UAAU,cAAc,SAAS;AACvC,MAAI,CAAC,QAAQ,QAAQ;AACnB,WAAO;AAAA,EACT;AAEA,MAAI,QAAQ,QAAQ;AAClB,UAAM,aAAa,IAAI,KAAK,QAAQ,MAAM;AAC1C,QAAI,WAAW,QAAQ,IAAI,GAAG;AAE5B,aAAO,IAAI,QAAQ,IAAI,WAAW,QAAQ;AAAA,IAC5C;AAGA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;;;ACnEA,IAAM,sBAA4C;AAAA,EAChD,QAAQ;AAAA,EACR,OAAO;AAAA,EACP,QAAQ;AACV;AASO,SAAS,yBACd,YACW;AACX,SAAO,OAAO,eAAe,WACzB;AAAA,IACE,CAAC,UAAU,GAAG;AAAA,EAChB,IACA;AACN;AAQO,SAAS,uBACd,cACa;AACb,QAAM,MAAM,oBAAI,IAAuB;AACvC,aAAW,cAAc,cAAc;AACrC,UAAM,YAAY,yBAAyB,UAAU;AACrD,UAAM,aAAa,eAAe,SAAS;AAE3C,QAAI,CAAC,IAAI,IAAI,UAAU,GAAG;AACxB,UAAI,IAAI,YAAY,SAAS;AAAA,IAC/B;AAAA,EACF;AAEA,SAAO,CAAC,GAAG,IAAI,OAAO,CAAC;AACzB;AAEA,IAAM,YAAN,MAAM,WAAU;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA,EAIA,YAAY,OAA2B;AACrC,SAAK,UAAU,CAAC;AAChB,SAAK,aAAa,CAAC;AACnB,SAAK,QAAQ,CAAC;AACd,SAAK,gBAAgB,CAAC;AACtB,SAAK,kBAAkB,CAAC;AACxB,SAAK,cAAc,CAAC;AACpB,QAAI,CAAC,OAAO;AACV;AAAA,IACF;AACA,eAAW,aAAa,OAAO;AAC7B,UAAI,OAAO,cAAc,UAAU;AACjC,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,YAAM,qBAAqB,yBAAyB,SAAS;AAC7D,UAAI,CAAC,kBAAkB,kBAAkB,GAAG;AAC1C;AAAA,MACF;AAEA,YAAM,cACJ,OAAO,cAAc,WACjB,YACA,eAAe,kBAAkB;AAEvC,UAAI,YAAY,SAAS,GAAG,KAAK,YAAY,SAAS,GAAG,GAAG;AAC1D,aAAK,MAAM,KAAK,WAAW;AAC3B,aAAK,YAAY,KAAK,kBAAkB;AAAA,MAC1C,WAAW,mBAAmB,WAAW,GAAG;AAC1C,aAAK,WAAW,KAAK,WAAW;AAChC,aAAK,gBAAgB,KAAK,kBAAkB;AAAA,MAC9C,OAAO;AACL,aAAK,QAAQ,KAAK,WAAW;AAC7B,aAAK,cAAc,KAAK,kBAAkB;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,qBACL,QACA;AACA,UAAM,EAAE,UAAU,IAAI;AACtB,UAAM,wBAAwB,uBAAuB,aAAa,CAAC,CAAC;AACpE,UAAM,kBAAkB,IAAI,WAAU,qBAAqB;AAC3D,WAAO;AAAA,EACT;AACF;AAEA,IAAO,oBAAQ;;;AC9GR,SAAS,2BAA2B;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAEE;AACA,MAAI,OAAO,GAAG;AACZ,WAAO,EAAE,KAAK,MAAM,UAAU,MAAM,MAAM,MAAM,UAAU,KAAK;AAAA,EACjE;AACA,MAAI,YAAY,GAAG;AACjB,WAAO,EAAE,KAAK,OAAO,UAAU,MAAM,MAAM,MAAM,UAAU,KAAK;AAAA,EAClE;AACA,MAAI,QAAQ,GAAG;AACb,WAAO,EAAE,KAAK,OAAO,UAAU,OAAO,MAAM,MAAM,UAAU,KAAK;AAAA,EACnE;AACA,MAAI,YAAY,GAAG;AACjB,WAAO,EAAE,KAAK,OAAO,UAAU,OAAO,MAAM,OAAO,UAAU,KAAK;AAAA,EACpE;AACA,SAAO,EAAE,KAAK,OAAO,UAAU,OAAO,MAAM,OAAO,UAAU,MAAM;AACrE;;;AHpBA,SAAS,mBACP,QACA;AACA,QAAM,EAAE,eAAe,WAAW,IAAI;AACtC,UAAQ,YAAY;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,WAAW;AACd,aAAO;AAAA,IACT;AAAA,IACA,SAAS;AACP,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,uBACP,QACA;AAIA,SAAO,OAAO,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,OAAO,EAAE,CAAC;AAC7D;AAkIA,SAAS,0BACP,YACA,WACyB;AACzB,UAAQ,YAAY;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,QAAQ;AACX,aAAO;AAAA,IACT;AAAA,IACA,KAAK,QAAQ;AACX,YAAM,UAAU,CAAC,SAAsB,aAAQ,WAAW,IAAI;AAE9D,YAAM,wBAAoB,sBAAW,QAAQ,mBAAmB,CAAC;AACjE,UAAI;AAAmB,eAAO;AAC9B,YAAM,uBAAmB,sBAAW,QAAQ,qBAAqB,CAAC;AAClE,UAAI;AAAkB,eAAO;AAC7B,YAAM,qBAAiB,sBAAW,QAAQ,WAAW,CAAC;AACtD,UAAI;AAAgB,eAAO;AAC3B,YAAM,qBAAiB,sBAAW,QAAQ,gBAAgB,CAAC;AAC3D,UAAI;AAAgB,eAAO;AAC3B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAAA,IACA,SAAS;AACP,YAAM,IAAI,MAAM,wCAAwC,UAAU,EAAE;AAAA,IACtE;AAAA,EACF;AACF;AAEA,IAAM,WAAW;AAAA,EACf,KAAK;AAAA,EACL,UAAU;AAAA,EACV,MAAM;AAAA,EACN,UAAU;AAAA,EACV,YAAY;AAAA,EACZ,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,eAAe;AAAA,EACf,QAAQ;AAAA,EACR,WAAW;AAAA,EACX,mBAAmB;AAAA,EACnB,kBAAkB;AAAA,EAClB,cAAc;AAAA,EACd,UAAU;AAAA,EACV,SAAS;AAAA,EACT,WAAW,CAAC;AAAA,EACZ,iBAAiB;AAAA,EACjB,cAAc,CAAC;AACjB;AAEA,SAAS,uBAAuB,MAAiC;AAC/D,QAAM,YAAY,kBAAU,qBAAqB,IAAI;AAErD,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,mBAAmB;AAAA,IACnB;AAAA,EACF,IAAI;AAEJ,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,EACF;AAEA,QAAM,SAA4B;AAAA,IAChC,GAAG;AAAA,IACH,mBAAmB;AAAA,IACnB,QAAQ,2BAA2B;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,IACD,eAAe,mBAAmB,IAAI;AAAA,IACtC;AAAA,IACA,cAAc,uBAAuB,IAAI;AAAA,EAC3C;AACA,SAAO;AACT;AAEO,SAAS,oCACd,QACmB;AACnB,QAAM,iBACJ,OAAO,iBAAiB,KAAK,SAAS,iBAAiB;AACzD,QAAM,YAAY,OAAO,aAAa,SAAS;AAE/C,QAAM,yBAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,EACF;AAEA,QAAM,YAAY,kBAAU,qBAAqB;AAAA,IAC/C,WAAW,OAAO,aAAa,SAAS;AAAA,EAC1C,CAAC;AAED,QAAM,SAAS,2BAA2B;AAAA,IACxC,KAAK,OAAO,OAAO,SAAS;AAAA,IAC5B,UAAU,OAAO,YAAY,SAAS;AAAA,IACtC,MAAM,OAAO,QAAQ,SAAS;AAAA,IAC9B,UAAU,OAAO,YAAY,SAAS;AAAA,EACxC,CAAC;AAED,QAAM,aAAgC;AAAA,IACpC,YAAY,OAAO,UAAU,KAAK,SAAS,UAAU;AAAA,IACrD,iBAAiB,OAAO,eAAe,KAAK,SAAS,eAAe;AAAA,IACpE,eAAe,OAAO,aAAa,KAAK,SAAS,aAAa;AAAA,IAC9D,eAAe,OAAO,aAAa,KAAK,SAAS,aAAa;AAAA,IAC9D,mBAAmB;AAAA,IACnB;AAAA,IACA,QAAQ,OAAO,UAAU,SAAS;AAAA,IAClC,UAAU,OAAO,YAAY,SAAS;AAAA,IACtC,kBAAkB,OAAO,gBAAgB,KAAK,SAAS,gBAAgB;AAAA,IACvE,cAAc,OAAO,YAAY,KAAK,SAAS,YAAY;AAAA,IAC3D,SAAS,OAAO,WAAW,SAAS;AAAA,IACpC,iBAAiB,OAAO,eAAe,KAAK,SAAS,eAAe;AAAA,IACpE;AAAA,IACA;AAAA,IACA,cAAc,OAAO,YAAY,KAAK,SAAS,YAAY;AAAA,EAC7D;AACA,SAAO;AACT;AAEA,eAAsB,WAAuC;AAC3D,QAAM,EAAE,KAAK,QAAI,aAAAC,aAAM,wBAAQ,QAAQ,IAAI,CAAC,EACzC;AAAA,IAAO;AAAA,IAAU,CAAC;AAAA;AAAA,MAEjB,WAAAC,QAAI,UAAM,wBAAa,YAAY,MAAM,GAAG;AAAA;AAAA;AAAA,QAG1C,gBAAgB;AAAA,MAClB,CAAC;AAAA;AAAA,EACH,EACC,QAAQ;AAAA,IACP,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS,iBAAiB;AAAA,MACnC,UAAU;AAAA,MACV,SAAS,CAAC,QAAQ,OAAO,QAAQ,MAAM;AAAA,IACzC;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS,CAAC;AAAA,MACV,UACE;AAAA,MACF,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,GAAG;AAAA,MACD,OAAO;AAAA,MACP,SAAS;AAAA,MACT,UAAU;AAAA,MACV,SAAS,CAAC,QAAQ,MAAM;AAAA,IAC1B;AAAA,IACA,cAAc;AAAA,MACZ,SAAS,SAAS,YAAY;AAAA,MAC9B,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,kBAAkB;AAAA,MAChB,SAAS,SAAS,gBAAgB;AAAA,MAClC,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,UAAU;AAAA,MACR,SAAS,SAAS;AAAA,MAClB,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,eAAe;AAAA,MACb,SAAS,SAAS,aAAa;AAAA,MAC/B,UAAU;AAAA,MACV,MAAM;AAAA,MACN,SAAS,CAAC,aAAa,WAAW,MAAM;AAAA,IAC1C;AAAA,IACA,eAAe;AAAA,MACb,SAAS,SAAS,aAAa;AAAA,MAC/B,UACE;AAAA,MACF,MAAM;AAAA,IACR;AAAA,IACA,iBAAiB;AAAA,MACf,SAAS,SAAS,eAAe;AAAA,MACjC,UACE;AAAA,MACF,MAAM;AAAA,IACR;AAAA,IACA,YAAY;AAAA,MACV,SAAS,SAAS,UAAU;AAAA,MAC5B,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,IACA,cAAc;AAAA,MACZ,SAAS,CAAC;AAAA,MACV,UAAU;AAAA,MACV,MAAM;AAAA,IACR;AAAA,EACF,CAAC,EACA,KAAK,MAAM;AAGd,QAAM,cAAe,MAAM;AAC3B,QAAM,gBAAgB,uBAAuB,WAAW;AACxD,SAAO;AACT;;;AItZA,IAAM,4BAA4B,oBAAI,IAAI;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,cAAc,CAClB,SACA,gBACgB,GAAG,OAAO,IAAI,WAAW;AAE3C,IAAM,QAAQ,CAAI,QAA8B;AAC9C,SAAO,OAAO,QAAQ;AACxB;AAyCA,IAAM,QAAN,MAAY;AAAA,EACV;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YAAY,QAAyD;AACnE,UAAM,cAAc,OAAO,KAAK,OAAO,MAAM,EAAE;AAAA,MAC7C,CAAC,UAAU,CAAC,0BAA0B,IAAI,KAAK;AAAA,IACjD;AACA,QAAI,YAAY,SAAS,GAAG;AAC1B,YAAM,IAAI;AAAA,QACR,sCAAsC,YAAY,KAAK,EAAE,KAAK,IAAI,CAAC;AAAA,MACrE;AAAA,IACF;AACA,SAAK,oBAAoB,OAAO;AAEhC,SAAK,YAAY,OAAO;AAExB,SAAK,0BAA0B,CAAC;AAChC,SAAK,6BAA6B,CAAC;AACnC,SAAK,wBAAwB,CAAC;AAC9B,SAAK,kBAAkB,CAAC;AACxB,SAAK,qBAAqB,CAAC;AAAA,EAC7B;AAAA,EAEA,QAAQ,UAA6B;AACnC,UAAM;AAAA,MACJ;AAAA,MACA,aAAa;AAAA,MACb,oBAAoB;AAAA,MACpB;AAAA,IACF,IAAI;AACJ,QAAI,aAAa,UAAU,CAAC,KAAK,kBAAkB,QAAQ,GAAG;AAC5D;AAAA,IACF;AAEA,QAAI,KAAK,UAAU,QAAQ,SAAS,UAAU,GAAG;AAC/C,UAAI,CAAC,KAAK,wBAAwB,SAAS,UAAU,GAAG;AACtD,aAAK,wBAAwB,KAAK,UAAU;AAAA,MAC9C;AACA;AAAA,IACF;AAEA,QAAI,KAAK,UAAU,WAAW,SAAS,gBAAgB,GAAG;AACxD,UAAI,CAAC,KAAK,2BAA2B,SAAS,gBAAgB,GAAG;AAC/D,aAAK,2BAA2B,KAAK,gBAAgB;AAAA,MACvD;AACA;AAAA,IACF;AAEA,UAAM,2BAA2B,oBAAI,IAAqC;AAE1E,UAAM,iBAAiB,SAAS,QAAQ,CAAC,YAAY,QAAQ,KAAK;AAClE,UAAM,qBAAqB,eAAe;AAAA,MACxC,CAACC,UAAS,GAAG,gBAAgB,IAAIA,KAAI;AAAA,IACvC;AACA,UAAM,EAAE,QAAQ,MAAM,IAAI;AAAA,MAAU;AAAA,MAAoB,CAACA,UACvD,KAAK,UAAU,MAAM;AAAA,QAAK,CAAC,gBACzB,YAAY,aAAaA,KAAI;AAAA,MAC/B;AAAA,IACF;AACA,eAAWA,SAAQ,QAAQ;AACzB,+BAAyB,IAAIA,KAAI;AAAA,IACnC;AAEA,SAAK,sBAAsB,KAAK,GAAG,wBAAwB;AAE3D,UAAM,gBAAgB,MAAM,WAAW;AACvC,QAAI,eAAe;AACjB;AAAA,IACF;AAEA,SAAK,gBAAgB,KAAK,QAAQ;AAClC,SAAK,mBAAmB,KAAK,GAAG,KAAK;AAAA,EACvC;AAAA,EAEA,KACE,cAIA;AAEA,QAAI,gBAAgB,gBAAgB,aAAa,YAAY;AAC3D,iBAAW,YAAY,OAAO,OAK5B,aAAa,UAAU,GAAG;AAC1B,iBAAS,qBAAqB;AAAA,UAC5B,SAAS;AAAA,QACX;AAKA,mBAAW,WAAW,SAAS,UAAU;AACvC,kBAAQ,QAAQ,QAAQ,MAAM,IAAI,CAACA,UAASA,MAAK,QAAQ,MAAM,EAAE,CAAC;AAAA,QACpE;AACA,aAAK,QAAQ,QAAQ;AAAA,MACvB;AACA,aAAO,KAAK,WAAW;AAAA,IACzB;AAGA,QAAI,qBAAqB,gBAAgB,aAAa,iBAAiB;AACrE,YAAM,cAAc,oBAAI,IAKtB;AAGF,iBAAW,iBAAiB,OAAO,OAEjC,aAAa,eAAe,GAAG;AAC/B,cAAM,EAAE,KAAK,MAAM,SAAS,IAAI;AAEhC,mBAAW,OAAO,MAA8C;AAC9D,cAAI,CAAC,MAAM,GAAG,GAAG;AACf;AAAA,UACF;AACA,gBAAM,EAAE,QAAQ,KAAK,MAAM,SAAS,IAAI;AACxC,cAAI,CAAC,YAAY,IAAI,MAAM,GAAG;AAC5B,wBAAY,IAAI,QAAQ;AAAA,cACtB,IAAI;AAAA,cACJ,oBAAoB,8BAA8B,GAAG;AAAA,cACrD,aAAa;AAAA,cACb;AAAA,cACA;AAAA;AAAA;AAAA;AAAA,cAIA,aAAa,IAAI,IAAI,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC;AAAA,cAC3C,UAAU,CAAC;AAAA,YACb,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAKA,YAAM,iBAAiB,oBAAI,IAAsB;AAEjD,iBAAW,QAAQ,OAAO,QAIxB,aAAa,eAAe,GAAG;AAE/B,cAAM,aAAa,KAAK,CAAC;AACzB,cAAM,gBAAgB,KAAK,CAAC;AAC5B,cAAM,EAAE,KAAK,MAAM,SAAS,IAAI;AAEhC,YAAI,KAAK,WAAW,KAAK,OAAO,KAAK,CAAC,MAAM,UAAU;AACpD;AAAA,QACF;AAEA,cAAM,UAAU,oBAAI,IAAY;AAEhC,cAAM,iBAAiB,CACrB,OAGA,mBACa;AACb,gBAAM,gBAAgB,eAAe,IAAI,MAAM,IAAI;AACnD,cAAI,eAAe;AACjB,mBAAO,cAAc,IAAI,CAAC,SAAS;AACjC,oBAAM,uBAAuB,YAAY,MAAM,cAAc;AAC7D,qBAAO,qBAAqB;AAAA,gBAC1B;AAAA,gBACA,KAAK,IAAI,GAAG,qBAAqB,SAAS,CAAC;AAAA,cAC7C;AAAA,YACF,CAAC;AAAA,UACH;AAEA,cAAI,QAAQ,IAAI,MAAM,IAAI,GAAG;AAE3B,mBAAO,CAAC,cAAc;AAAA,UACxB;AACA,kBAAQ,IAAI,MAAM,IAAI;AACtB,gBAAM,UAAU,YAAY,MAAM,MAAM,cAAc;AACtD,cAAI,MAAM,QAAQ,WAAW,GAAG;AAC9B,mBAAO,CAAC,QAAQ,MAAM,GAAG,KAAK,IAAI,GAAG,QAAQ,SAAS,CAAC,CAAC,CAAC;AAAA,UAC3D;AACA,gBAAMC,UAAS,MAAM,QAAQ;AAAA,YAAQ,CAAC,WACpC,eAAe,aAAa,gBAAgB,MAAM,GAAG,OAAO;AAAA,UAC9D;AACA,iBAAOA;AAAA,QACT;AAEA,cAAM,SAAS,eAAe,eAAe,EAAE;AAC/C,YAAI,UAAU;AACZ,iBAAO,KAAK,UAAU;AAAA,QACxB;AACA,cAAM,aACH,KAA8C;AAAA,UAC7C,CAAC,QAAQ,OAAO,QAAQ;AAAA,QAC1B,EAEC,IAAI,CAAC,QAAQ,IAAI,MAAM,EAGvB,IAAI,CAAC,OAAO,YAAY,IAAI,EAAE,CAAE,EAChC,OAAO,OAAO;AACjB,mBAAW,YAAY,YAAY;AACjC,qBAAWD,SAAQ,QAAQ;AACzB,qBAAS,YAAY,IAAIA,KAAI;AAAA,UAC/B;AAAA,QACF;AAEA,uBAAe,IAAI,YAAY,MAAM;AAAA,MACvC;AACA,iBAAW,CAAC,EAAE,QAAQ,KAAK,aAAa;AACtC,iBAAS,WAAW,CAAC,EAAE,OAAO,CAAC,GAAG,SAAS,WAAW,EAAE,CAAC;AAEzD,eAAO,SAAS;AAChB,aAAK,QAAQ,QAAQ;AAAA,MACvB;AAAA,IACF;AACA,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,WAEE,iBAAsD,CAAC,MACrD,EAAE,oBACJ;AAEA,SAAK,gBAAgB,KAAK;AAC1B,SAAK,qBAAqB,CAAC,GAAG,IAAI,IAAI,KAAK,kBAAkB,CAAC,EAAE,KAAK;AACrE,SAAK,2BAA2B,KAAK;AACrC,SAAK,wBAAwB,KAAK;AAClC,SAAK,sBAAsB,KAAK;AAEhC,UAAM,kBAAkB,oBAAI,IAA8C;AAC1E,eAAW,EAAE,SAAS,KAAK,KAAK,iBAAiB;AAC/C,UAAI,aAAa,QAAQ;AACvB,wBAAgB,IAAI,QAAQ;AAAA,MAC9B;AAAA,IACF;AACA,UAAM,oBAAoB,CAAC,GAAG,eAAe,EAAE,KAAK;AAEpD,UAAM,kBAAkB;AAAA,MACtB,GAAG,IAAI,IAAI,KAAK,gBAAgB,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC;AAAA,IAC/D,EAAE,KAAK;AAEP,UAAM,gCAAgC,KAAK,UAAU,WAClD,OAAO,CAAC,OAAO,CAAC,KAAK,2BAA2B,SAAS,EAAE,CAAC,EAC5D,KAAK;AACR,UAAM,6BAA6B,KAAK,UAAU,QAC/C,OAAO,CAAC,OAAO,CAAC,KAAK,wBAAwB,SAAS,EAAE,CAAC,EACzD,KAAK;AACR,UAAM,2BAA2B,KAAK,UAAU,MAC7C;AAAA,MACC,CAAC,OACC,CAAC,KAAK,sBAAsB;AAAA,QAAK,CAAC,cAChC,YAAY,IAAI,SAAS;AAAA,MAC3B;AAAA,IACJ,EACC,KAAK;AAER,UAAM,UAAmB;AAAA,MACvB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,4BAA4B,KAAK;AAAA,MACjC,yBAAyB,KAAK;AAAA,MAC9B,uBAAuB,KAAK;AAAA,MAC5B,oBAAoB,KAAK;AAAA,IAC3B;AACA,WAAO;AAAA,EACT;AACF;AAEA,IAAO,gBAAQ;;;ANnVf,eAAe,YACb,QAC0E;AAC1E,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ,cAAc;AAAA,EAChB,IAAI;AACJ,QAAM,UAAU,QAAQ;AAGxB,MAAI,eAAoB,CAAC;AAEzB,WAAS,YAAY,MAAW;AAC9B,mBAAe,EAAE,GAAG,cAAc,GAAG,KAAK;AAAA,EAC5C;AAGA,QAAM,eAAsB,CAAC;AAE7B,WAAS,cAAc,MAAW;AAChC,iBAAa,KAAK,IAAI;AAAA,EACxB;AAEA,QAAM,aAAa,CAAC,SAAS,QAAQ;AACrC,MAAI,UAAU;AACZ,eAAW,KAAK,cAAc,QAAQ;AAAA,EACxC;AACA,MAAI,6BAA6B;AAC/B,eAAW,KAAK,cAAc;AAAA,EAChC;AACA,MAAI,gBAAgB;AAClB,eAAW,KAAK,GAAG,cAAc;AAAA,EACnC;AACA,QAAM,UAAU,EAAE,KAAK,UAAU;AACjC,QAAM,WAAW,SAAS,YAAY,SAAS,aAAa,aAAa;AACzE,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,EAAoC,aAAa,KAAK,IAAI,CAAC;AAAA,IAC7D;AAAA,EACF;AACA,SAAO;AACT;AACO,SAAS,UACd,cACwC;AACxC,SACE,wBAAwB,gBACxB,aAAa,uBAAuB;AAExC;AAEA,SAAS,YACP,cACA,QACA,YACA,cACA;AACA,QAAM,oBAAoB,CAAC,MAAc,WAAoB;AAC3D,QAAI,iBAAiB,QAAQ;AAC3B,cAAQ,IAAI,MAAM,IAAI;AAAA,IACxB;AACA,YAAQ,IAAI,KAAK,UAAU,QAAQ,QAAW,CAAC,CAAC;AAAA,EAClD;AACA,UAAQ,YAAY;AAAA,IAClB,KAAK,QAAQ;AACX,wBAAkB,0BAA0B,YAAY;AACxD;AAAA,IACF;AAAA,IACA,KAAK,aAAa;AAChB,YAAM,sBAAsB,MAAM;AAChC,YAAI,UAAU,YAAY,GAAG;AAC3B,gBAAM,aAAa,aAAa;AAChC,gBAAM,yBAAyB,OAAO,KAAK,UAAU,EAAE;AAAA,YACrD,CAAC,aAAa;AACZ,oBAAM,WAAW,WAAW,QAAQ,EAAE;AACtC,qBAAO,aAAa,UAAU,OAAO,QAAQ;AAAA,YAC/C;AAAA,UACF;AAEA,gBAAME,sBACJ,CAAC;AACH,qBAAW,YAAY,wBAAwB;AAC7C,YAAAA,oBAAmB,QAAQ,IAAI,WAAW,QAAQ;AAAA,UACpD;AACA,iBAAOA;AAAA,QACT,OAAO;AACL,gBAAM,aAAa,aAAa;AAChC,gBAAM,eAAe,OAAO,KAAK,UAAU;AAC3C,gBAAM,yBAAyB,aAAa,OAAO,CAAC,aAAa;AAC/D,kBAAM,WAAW,WAAW,QAAQ,EAAE;AACtC,mBAAO,aAAa,UAAU,OAAO,QAAQ;AAAA,UAC/C,CAAC;AAED,gBAAMA,sBAGF,CAAC;AACL,qBAAW,YAAY,wBAAwB;AAC7C,YAAAA,oBAAmB,QAAQ,IAAI,WAAW,QAAQ;AAAA,UACpD;AACA,iBAAOA;AAAA,QACT;AAAA,MACF,GAAG;AAEH,YAAM,cAAc;AAAA,QAClB,YAAY;AAAA,QACZ,UAAU,aAAa;AAAA,MACzB;AACA,wBAAkB,6BAA6B,WAAW;AAC1D;AAAA,IACF;AAAA,IACA,KAAK,WAAW;AACd,wBAAkB,6BAA6B,aAAa,QAAQ;AACpE;AAAA,IACF;AAAA,IACA,SAAS;AACP,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAAS,OACd,cACA,QACA,UAKA;AACA,QAAM;AAAA,IACJ;AAAA,IACA,eAAe;AAAA,IACf,iBAAiB;AAAA,EACnB,IAAI;AACJ,cAAY,cAAc,QAAQ,YAAY,YAAY;AAC1D,QAAM,QAAQ,IAAI,cAAM,MAAM;AAC9B,QAAM,UAAU,MAAM,KAAK,YAAY;AACvC,SAAO,SAAS,SAAS,QAAQ,YAAY;AAC/C;AAOA,eAAsB,oBACpB,QACA,WAAW,aACX;AACA,QAAM,eAAe,MAAM,YAAY,MAAM;AAC7C,MAAI,WAAW,cAAc;AAC3B,UAAM,EAAE,MAAM,QAAQ,IAAI,aAAa;AACvC,UAAM,IAAI,MAAM,QAAQ,IAAI,KAAK,OAAO,EAAE;AAAA,EAC5C,WAAW,aAAa,cAAc;AACpC,UAAM,IAAI,MAAM,aAAa,OAAO;AAAA,EACtC;AACA,SAAO,OAAO,cAAc,QAAQ,QAAQ;AAC9C;AAOA,eAAsB,MAAM,QAAuB,WAAW,aAAa;AACzE,QAAM,aAAa,oCAAoC,MAAM;AAC7D,SAAO,MAAM,oBAAoB,YAAY,QAAQ;AACvD;;;AO3LA;AAAA;AAAA,eAAAC;AAAA,EAAA,2BAAAC;AAAA,EAAA,cAAAC;AAAA;AACA,2BAAyB;AACzB,aAAwB;AAUxB,IAAM,sCAAsC;AAE5C,eAAe,aACb,QACwC;AACxC,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ,cAAc;AAAA,EAChB,IAAI;AACJ,QAAM,WAAW,SAAS;AAG1B,QAAM,eAAoB,CAAC;AAC3B,WAAS,YAAY,MAAe;AAElC,WAAO,OAAO,cAAc,IAAI;AAAA,EAClC;AAEA,QAAM,eAA0B,CAAC;AACjC,WAAS,cAAc,MAAe;AACpC,iBAAa,KAAK,IAAI;AAAA,EACxB;AAEA,QAAM,aAAa,CAAC,SAAS,QAAQ;AACrC,MAAI,UAAU;AACZ,UAAM,cAAc,eAAe,SAAS;AAE5C,QAAI,0BAA0B,WAAW,GAAG;AAC1C,iBAAW,KAAK,cAAc,QAAQ;AAAA,IACxC,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,QACA,4BAA4B,mCAAmC;AAAA,MACjE;AAAA,IACF;AAAA,EACF;AACA,MAAI,6BAA6B;AAC/B,eAAW,KAAK,QAAQ;AAAA,EAC1B;AACA,MAAI,gBAAgB;AAClB,eAAW,KAAK,GAAG,cAAc;AAAA,EACnC;AACA,QAAM,UAAU,EAAE,KAAK,UAAU;AACjC,QAAM,WAAW,UAAU,YAAY,SAAS,aAAa,aAAa;AAC1E,MAAI,aAAa,SAAS,GAAG;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,EAAqC,aAAa,KAAK,IAAI,CAAC;AAAA,IAC9D;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAASC,aACP,cACA,QACA,YACA,cACA;AACA,QAAM,oBAAoB,CAAC,MAAc,WAAoB;AAC3D,QAAI,iBAAiB,QAAQ;AAC3B,cAAQ,IAAI,MAAM,IAAI;AAAA,IACxB;AACA,YAAQ,IAAI,KAAK,UAAU,QAAQ,QAAW,CAAC,CAAC;AAAA,EAClD;AACA,UAAQ,YAAY;AAAA,IAClB,KAAK,QAAQ;AACX,wBAAkB,2BAA2B,YAAY;AACzD;AAAA,IACF;AAAA,IACA,KAAK,aAAa;AAChB,YAAM,EAAE,YAAY,SAAS,IAAI;AAEjC,YAAM,eAAe,OAAO,KAAK,UAAU;AAE3C,YAAM,yBAAyB,aAAa,OAAO,CAAC,aAAa;AAC/D,cAAM,WAAW,WAAW,QAAQ,EAAE;AACtC,eAAO,aAAa,UAAU,OAAO,QAAQ;AAAA,MAC/C,CAAC;AAED,YAAM,qBAA+D,CAAC;AACtE,iBAAW,YAAY,wBAAwB;AAC7C,2BAAmB,QAAQ,IAAI,WAAW,QAAQ;AAAA,MACpD;AAEA,YAAM,cAAc;AAAA,QAClB,YAAY;AAAA,QACZ;AAAA,MACF;AACA,wBAAkB,8BAA8B,WAAW;AAC3D;AAAA,IACF;AAAA,IACA,KAAK,WAAW;AACd,wBAAkB,8BAA8B,aAAa,QAAQ;AACrE;AAAA,IACF;AAAA,IACA,SAAS;AACP,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AACF;AAEO,SAASC,QACd,cACA,QACA,UAKA;AACA,QAAM;AAAA,IACJ;AAAA,IACA,eAAe;AAAA,IACf,iBAAiB;AAAA,EACnB,IAAI;AACJ,EAAAD,aAAY,cAAc,QAAQ,YAAY,YAAY;AAC1D,QAAM,QAAQ,IAAI,cAAM,MAAM;AAC9B,QAAM,UAAU,MAAM,KAAK,YAAY;AACvC,SAAO,SAAS,SAAS,QAAQ,YAAY;AAC/C;AAOA,eAAsBE,qBACpB,QACA,WAAW,aACX;AACA,QAAM,eAAe,MAAM,aAAa,MAAM;AAC9C,MAAI,WAAW,cAAc;AAC3B,UAAM,EAAE,MAAM,QAAQ,IAAI,aAAa;AACvC,UAAM,IAAI,MAAM,QAAQ,IAAI,KAAK,OAAO,EAAE;AAAA,EAC5C;AACA,SAAOD,QAAO,cAAc,QAAQ,QAAQ;AAC9C;AAKA,eAAsBE,OAAM,QAAuB,WAAW,aAAa;AACzE,QAAM,aAAa,oCAAoC,MAAM;AAC7D,SAAO,MAAMD,qBAAoB,YAAY,QAAQ;AACvD;AAEA,SAAS,0BACP,aACS;AACT,SAAc,WAAI,aAAa,mCAAmC;AACpE;AAEA,SAAS,eAAe,KAAsB;AAC5C,aAAO,+BAAS,WAAW,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE;AACjE;;;AC3KA;AAAA;AAAA,eAAAE;AAAA,EAAA,2BAAAC;AAAA;;;ACAA,IAAAC,wBAAyB;AACzB,oBAAmB;AAEZ,IAAM,+BAA+B;AACrC,IAAM,6BAA6B;AAM1C,IAAM,sCAAsC;AAErC,SAAS,yBAAyB,aAAqC;AAC5E,SAAO,cAAAC,QAAO,UAAU,aAAa,IAAI,4BAA4B,EAAE;AACzE;AAEO,SAAS,uBAAuB,aAAqC;AAC1E,SAAO,cAAAA,QAAO,IAAI,aAAa,0BAA0B;AAC3D;AAEO,SAAS,kBAAkB,aAAqC;AACrE,SACE,yBAAyB,WAAW,KAAK,uBAAuB,WAAW;AAE/E;AAEO,SAAS,0BAA0B,aAAqC;AAC7E,SAAO,cAAAA,QAAO,IAAI,aAAa,mCAAmC;AACpE;AAEA,IAAM,aAAa,oBAAI,IAAoB;AACpC,SAAS,eAAe,WAAW,QAAQ,KAAc;AAC9D,QAAM,MAAM,GAAG,QAAQ,IAAI,GAAG;AAC9B,MAAI,UAAU,WAAW,IAAI,GAAG;AAChC,MAAI;AAAS,WAAO;AACpB,gBAAU,gCAAS,GAAG,QAAQ,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE;AACzE,aAAW,IAAI,KAAK,OAAO;AAC3B,SAAO;AACT;;;ADpBA,IAAM,YAAY,CAAC,SAAkB;AACnC,UAAQ,IAAI,KAAK,UAAU,MAAM,QAAW,CAAC,CAAC;AAChD;AAEA,IAAM,yBAAyB,CAC7B,MACA,SAC4C;AAC5C,SAAO,SAAS;AAClB;AAEA,IAAM,wBAAwB,CAC5B,MACA,SACmC;AACnC,SAAO,SAAS;AAClB;AAOA,eAAsBC,qBACpB,QACA,WAAW,aACO;AAClB,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,eAAe;AAAA,IACf,YAAY;AAAA,IACZ,iBAAiB;AAAA,IACjB;AAAA,IACA;AAAA,IACA,cAAc;AAAA,EAChB,IAAI;AACJ,QAAM,WAAW,SAAS;AAC1B,MAAI,kBAAkB;AACtB,QAAM,QAAQ,IAAI,cAAM,MAAM;AAE9B,QAAM,cAAc,eAAe,UAAU,SAAS;AACtD,QAAM,yBAAyB,kBAAkB,WAAW;AAC5D,MAAI,CAAC,wBAAwB;AAC3B,UAAM,IAAI;AAAA,MACR,QAAQ,WAAW,4BAA4B,4BAA4B,SAAS,0BAA0B;AAAA,IAChH;AAAA,EACF;AACA,QAAM,gBAAgB,yBAAyB,WAAW;AAC1D,QAAM,WAAW,gBAAgB,SAAS;AAE1C,WAAS,eACP,UACqC;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,CAAC,SAAiB;AACpC,QAAI,iBAAiB,QAAQ;AAC3B,cAAQ,IAAI,MAAM,IAAI;AAAA,IACxB;AAAA,EACF;AACA,UAAQ,YAAY;AAAA,IAClB,KAAK,QAAQ;AACX,kBAAY,GAAG,QAAQ,qBAAqB;AAC5C;AAAA,IACF;AAAA,IACA,KAAK,aAAa;AAChB,kBAAY,GAAG,QAAQ,wBAAwB;AAC/C;AAAA,IACF;AAAA,IACA,KAAK,WAAW;AACd,kBAAY,GAAG,QAAQ,wBAAwB;AAC/C;AAAA,IACF;AAAA,IACA,SAAS;AACP,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAIA,MAAI;AACJ,UAAQ,YAAY;AAAA,IAClB,KAAK,QAAQ;AACX,uBAAiB,CAAC,SAAkB;AAClC,kBAAU,IAAI;AAAA,MAChB;AACA;AAAA,IACF;AAAA,IACA,KAAK,aAAa;AAChB,uBAAiB;AAAA;AAAA,QAEb,CAAC,EAAE,MAAM,KAAK,MAAW;AACvB,cAAI,uBAAuB,MAAM,IAAI,GAAG;AACtC,kBAAM,WAAW,KAAK,SAAS;AAC/B,gBAAI,aAAa,UAAU,OAAO,QAAQ,GAAG;AAC3C,wBAAU,IAAI;AAAA,YAChB;AAAA,UACF,WAAW,sBAAsB,MAAM,IAAI,GAAG;AAC5C,sBAAU,IAAI;AAAA,UAChB;AAAA,QACF;AAAA,UACA,CAAC,EAAE,SAAS,MAAwD;AAClE,kBAAU,QAAQ;AAAA,MACpB;AACJ;AAAA,IACF;AAAA,IACA,KAAK,WAAW;AACd,uBAAiB,gBACb,CAAC,EAAE,MAAM,KAAK,MAAwC;AACpD,YAAI,uBAAuB,MAAM,IAAI,GAAG;AACtC,oBAAU,IAAI;AAAA,QAChB;AAAA,MACF,IACA,CAAC,EAAE,SAAS,MAAwD;AAClE,kBAAU,QAAQ;AAAA,MACpB;AACJ;AAAA,IACF;AAAA,IACA,SAAS;AACP,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AAEA,WAAS,YACP,MACA;AACA,QAAI;AACF,UAAI,eAAe,IAAI,GAAG;AACxB,cAAM,EAAE,MAAM,KAAK,IAAI;AACvB,uBAAe,IAAI;AAEnB,YAAI,SAAS,UAAU,SAAS,sBAAsB;AACpD,4BAAkB;AAClB;AAAA,QACF;AAEA,YAAI,SAAS,iBAAiB;AAC5B;AAAA,QACF;AAEA,cAAM,QAAQ,KAAK,QAAQ;AAAA,MAC7B,OAAO;AACL,uBAAe,IAAI;AAEnB,YAAI,gBAAgB,MAAM;AACxB,qBAAW,YAAY,OAAO;AAAA,YAC5B,KAAK;AAAA,UACP,GAAG;AACD,kBAAM,QAAQ,QAAQ;AAAA,UACxB;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,KAAK,0CAA0C;AAC7D,cAAQ,MAAM,IAAI;AAClB,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAsB,CAAC;AAE7B,WAAS,cAAc,MAAW;AAChC,iBAAa,KAAK,IAAI;AAEtB,QAAI,KAAK,SAAS,SAAS;AACzB,YAAM,IAAI,MAAM,KAAK,IAAI;AAAA,IAC3B;AAAA,EACF;AACA,QAAM,UAAU,EAAE,KAAK,UAAU;AACjC,QAAM,aAAa,gBACf;AAAA,IACE;AAAA,IACA;AAAA,IACA,GAAI,8BAA8B,CAAC,YAAY,cAAc,IAAI,CAAC;AAAA,EACpE,IACA;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,GAAI,8BAA8B,CAAC,iBAAiB,YAAY,IAAI,CAAC;AAAA,EACvE;AACJ,MAAI,UAAU;AACZ,UAAM,yBAAyB,0BAA0B,WAAW;AACpE,QAAI,wBAAwB;AAC1B,iBAAW,KAAK,cAAc,QAAQ;AAAA,IACxC,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,MAAI,gBAAgB;AAClB,eAAW,KAAK,GAAG,cAAc;AAAA,EACnC;AACA,QAAM,WAAW,UAAU,YAAY,SAAS,aAAa,aAAa;AAC1E,MAAI,iBAAiB;AACnB,YAAQ;AAAA,MACN;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,QAAM,UAAU,MAAM,WAAW,CAAC,MAAM,EAAE,kBAAkB;AAC5D,SAAO,SAAS,SAAS,MAAM;AACjC;AAKA,eAAsBC,OAAM,QAAuB,WAAW,aAAa;AACzE,QAAM,aAAa,oCAAoC,MAAM;AAC7D,SAAO,MAAMD,qBAAoB,YAAY,QAAQ;AACvD;;;AExOA,IAAM,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9B,KAAK,CAAC,mBAAmB;AAAA,EACzB,MAAM,CAAC,yBAAyB;AAAA;AAAA,EAEhC,MAAM,CAAC;AACT;AAEA,SAAS,WACP,gBAC6D;AAC7D,UAAQ,gBAAgB;AAAA,IACtB,KAAK,QAAQ;AACX,aAAO;AAAA,IACT;AAAA,IACA,KAAK,OAAO;AACV,aAAO;AAAA,IACT;AAAA,IACA,KAAK,QAAQ;AACX,aAAO;AAAA,IACT;AAAA,IACA,SAAS;AACP,YAAM,IAAI,MAAM,4BAA4B,cAAc,EAAE;AAAA,IAC9D;AAAA,EACF;AACF;AAEA,eAAeE,OACb,QACA,UACA;AACA,QAAM;AAAA,IACJ,iBAAiB;AAAA,IACjB,eAAe;AAAA,IACf,mBAAmB;AAAA,IACnB,iBAAiB;AAAA,EACnB,IAAI;AACJ,QAAM,UAAU,WAAW,cAAc;AAEzC,iBAAe,IAAI,UAAU,GAAiC;AAC5D,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,oBAAoB,QAAQ,QAAQ;AACjE,aAAO;AAAA,IACT,SAAS,OAAgB;AACvB,YAAM,UACJ,SAAS,OAAO,UAAU,YAAY,aAAa,QAC/C,MAAM,UACN;AACN,YAAM,qBACJ,OAAO,YAAY,YACnB,wBAAwB,cAAc,EAAE;AAAA,QAAK,CAAC,sBAC5C,QAAQ,SAAS,iBAAiB;AAAA,MACpC;AACF,YAAM,cAAc,UAAU,iBAAiB;AAC/C,UAAI,aAAa;AACf,YAAI,iBAAiB,QAAQ;AAC3B,kBAAQ,IAAI,mBAAmB;AAAA,QACjC;AACA,eAAO,IAAI,UAAU,CAAC;AAAA,MACxB;AACA,YAAM,4BAA4B,gBAAgB;AAClD,UAAI,2BAA2B;AAC7B,gBAAQ;AAAA,UACN;AAAA,UACA,2DAA2D,aAAa;AAAA,QAC1E;AACA;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO,MAAM,IAAI;AACnB;AAEA,IAAO,gBAAQA;;;AChFf,eAAsB,aAAa;AACjC,QAAM,gBAAgB,MAAM,SAAS;AAErC,QAAM,EAAE,mBAAmB,gBAAgB,iBAAiB,aAAa,IACvE;AAEF,MAAI;AACF,UAAM,cAAM,aAAa;AACzB,QAAI,iBAAiB,QAAQ;AAC3B,cAAQ,IAAI,OAAO,UAAU,cAAc,kBAAkB;AAAA,IAC/D;AAAA,EACF,SAAS,OAAgB;AACvB,QAAI,iBAAiB,QAAQ;AAC3B,YAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AACzD,cAAQ,MAAM,KAAK,OAAO;AAC1B,cAAQ,MAAM,KAAK,YAAY;AAAA,IACjC;AACA,YAAQ,WAAW;AAAA,EACrB;AACF;;;ACtBA,WAAW,EAAE,MAAM,CAAC,UAAU;AAC5B,UAAQ,MAAM,KAAK;AACnB,UAAQ,KAAK,CAAC;AAChB,CAAC;","names":["ReadlineTransform","eventStream","resolve","escapeStringRegexp","yargs","jju","path","result","relevantAdvisories","audit","auditWithFullConfig","report","printReport","report","auditWithFullConfig","audit","audit","auditWithFullConfig","import_child_process","semver","auditWithFullConfig","audit","audit"]}