.-.-.-.-.-

PK�\�\f�VIIpackage.jsonnu�[���{
  "_id": "npm-audit-report@5.0.0",
  "_inBundle": true,
  "_location": "/npm/npm-audit-report",
  "_phantomChildren": {},
  "_requiredBy": [
    "/npm"
  ],
  "author": {
    "name": "GitHub Inc."
  },
  "bugs": {
    "url": "https://github.com/npm/npm-audit-report/issues"
  },
  "description": "Given a response from the npm security api, render it into a variety of security reports",
  "devDependencies": {
    "@npmcli/eslint-config": "^4.0.0",
    "@npmcli/template-oss": "4.14.1",
    "chalk": "^5.2.0",
    "tap": "^16.0.0"
  },
  "directories": {
    "lib": "lib",
    "test": "test"
  },
  "engines": {
    "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
  },
  "files": [
    "bin/",
    "lib/"
  ],
  "homepage": "https://github.com/npm/npm-audit-report#readme",
  "keywords": [
    "npm",
    "security",
    "report",
    "audit"
  ],
  "license": "ISC",
  "main": "lib/index.js",
  "name": "npm-audit-report",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/npm/npm-audit-report.git"
  },
  "scripts": {
    "lint": "eslint \"**/*.js\"",
    "lintfix": "npm run lint -- --fix",
    "postlint": "template-oss-check",
    "posttest": "npm run lint",
    "snap": "tap",
    "template-oss-apply": "template-oss-apply --force",
    "test": "tap"
  },
  "tap": {
    "check-coverage": true,
    "coverage-map": "map.js",
    "nyc-arg": [
      "--exclude",
      "tap-snapshots/**"
    ]
  },
  "templateOSS": {
    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
    "version": "4.14.1"
  },
  "version": "5.0.0"
}
PK�\�\�ڥ��lib/exit-code.jsnu�[���// return 1 if any vulns in the set are at or above the specified severity
const severities = new Map(Object.entries([
  'info',
  'low',
  'moderate',
  'high',
  'critical',
  'none',
]).map(s => s.reverse()))

module.exports = (data, level) =>
  Object.entries(data.metadata.vulnerabilities)
    .some(([sev, count]) => count > 0 && severities.has(sev) &&
      severities.get(sev) >= severities.get(level)) ? 1 : 0
PK�\�\��Ǐ�lib/index.jsnu�[���'use strict'

const reporters = {
  install: require('./reporters/install'),
  detail: require('./reporters/detail'),
  json: require('./reporters/json'),
  quiet: require('./reporters/quiet'),
}

const exitCode = require('./exit-code.js')

module.exports = Object.assign((data, options = {}) => {
  const {
    reporter = 'install',
    chalk,
    unicode = true,
    indent = 2,
  } = options

// CLI defaults this to `null` so the defaulting method above doesn't work
  const auditLevel = options.auditLevel || 'low'

if (!data) {
    throw Object.assign(
      new TypeError('ENOAUDITDATA'),
      {
        code: 'ENOAUDITDATA',
        message: 'missing audit data',
      }
    )
  }

if (typeof data.toJSON === 'function') {
    data = data.toJSON()
  }

return {
    report: reporters[reporter](data, { chalk, unicode, indent }),
    exitCode: exitCode(data, auditLevel),
  }
}, { reporters })
PK�\�\\��e	e	lib/reporters/detail.jsnu�[���'use strict'

const colors = require('../colors.js')
const install = require('./install.js')

module.exports = (data, { chalk }) => {
  const summary = install.summary(data, { chalk })
  const none = data.metadata.vulnerabilities.total === 0
  return none ? summary : fullReport(data, { chalk, summary })
}

const fullReport = (data, { chalk, summary }) => {
  const c = colors(chalk)
  const output = [c.white('# npm audit report'), '']

const printed = new Set()
  for (const [, vuln] of Object.entries(data.vulnerabilities)) {
    // only print starting from the top-level advisories
    if (vuln.via.filter(v => typeof v !== 'string').length !== 0) {
      output.push(printVuln(vuln, c, data.vulnerabilities, printed))
    }
  }

output.push(summary)

return output.join('\n')
}

const printVuln = (vuln, c, vulnerabilities, printed, indent = '') => {
  if (printed.has(vuln)) {
    return null
  }

printed.add(vuln)
  const output = []

output.push(c.white(vuln.name) + '  ' + vuln.range)

if (indent === '' && (vuln.severity !== 'low' || vuln.severity === 'info')) {
    output.push(`Severity: ${c.severity(vuln.severity)}`)
  }

for (const via of vuln.via) {
    if (typeof via === 'string') {
      output.push(`Depends on vulnerable versions of ${c.white(via)}`)
    } else if (indent === '') {
      output.push(`${c.white(via.title)} - ${via.url}`)
    }
  }

if (indent === '') {
    const { fixAvailable: fa } = vuln
    if (fa === false) {
      output.push(c.red('No fix available'))
    } else if (fa === true) {
      output.push(c.green('fix available') + ' via `npm audit fix`')
    } else {
      /* istanbul ignore else - should be impossible, just being cautious */
      if (typeof fa === 'object' && indent === '') {
        output.push(
          `${c.yellow('fix available')} via \`npm audit fix --force\``,
          `Will install ${fa.name}@${fa.version}` +
          `, which is ${fa.isSemVerMajor ? 'a breaking change' :
            'outside the stated dependency range'}`
        )
      }
    }
  }

for (const path of vuln.nodes) {
    output.push(c.dim(path))
  }

for (const effect of vuln.effects) {
    const e = printVuln(vulnerabilities[effect], c, vulnerabilities, printed, '  ')
    if (e) {
      output.push(...e.split('\n'))
    }
  }

if (indent === '') {
    output.push('')
  }

return output.map(l => `${indent}${l}`).join('\n')
}
PK�\�\$A�		lib/reporters/install.jsnu�[���const colors = require('../colors.js')

const calculate = (data, { chalk }) => {
  const c = colors(chalk)
  const output = []
  const { metadata: { vulnerabilities } } = data
  const vulnCount = vulnerabilities.total

let someFixable = false
  let someForceFixable = false
  let forceFixSemVerMajor = false
  let someUnfixable = false

if (vulnCount === 0) {
    output.push(`found ${c.green('0')} vulnerabilities`)
  } else {
    for (const [, vuln] of Object.entries(data.vulnerabilities)) {
      const { fixAvailable } = vuln
      someFixable = someFixable || fixAvailable === true
      someUnfixable = someUnfixable || fixAvailable === false
      if (typeof fixAvailable === 'object') {
        someForceFixable = true
        forceFixSemVerMajor = forceFixSemVerMajor || fixAvailable.isSemVerMajor
      }
    }
    const total = vulnerabilities.total
    const sevs = Object.entries(vulnerabilities).filter(([s, count]) => {
      return (s === 'low' || s === 'moderate' || s === 'high' || s === 'critical') &&
        count > 0
    })

if (sevs.length > 1) {
      const severities = sevs.map(([s, count]) => {
        return `${count} ${c.severity(s)}`
      }).join(', ')
      output.push(`${c.red(total)} vulnerabilities (${severities})`)
    } else {
      const [sev, count] = sevs[0]
      output.push(`${count} ${c.severity(sev)} severity vulnerabilit${count === 1 ? 'y' : 'ies'}`)
    }

// XXX use a different footer line if some aren't fixable easily.
    // just 'run `npm audit` for details' maybe?

if (someFixable) {
      output.push('', 'To address ' +
        (someForceFixable || someUnfixable ? 'issues that do not require attention'
        : 'all issues') + ', run:\n  npm audit fix')
    }

if (someForceFixable) {
      output.push('', 'To address all issues' +
        (someUnfixable ? ' possible' : '') +
        (forceFixSemVerMajor ? ' (including breaking changes)' : '') +
        ', run:\n  npm audit fix --force')
    }

if (someUnfixable) {
      output.push('',
        'Some issues need review, and may require choosing',
        'a different dependency.')
    }
  }

const summary = output.join('\n')
  return {
    summary,
    report: vulnCount > 0 ? `${summary}\n\nRun \`npm audit\` for details.`
    : summary,
  }
}

module.exports = Object.assign((data, opt) => calculate(data, opt).report, {
  summary: (data, opt) => calculate(data, opt).summary,
})
PK�\�\�:�Tlib/reporters/quiet.jsnu�[���module.exports = () => ''
PK�\�\��%JJlib/reporters/json.jsnu�[���module.exports = (data, { indent }) => JSON.stringify(data, null, indent)
PK�\�\R{WA??
lib/colors.jsnu�[���module.exports = (chalk) => {
  const green = s => chalk.green.bold(s)
  const red = s => chalk.red.bold(s)
  const magenta = s => chalk.magenta.bold(s)
  const yellow = s => chalk.yellow.bold(s)
  const white = s => chalk.bold(s)
  const severity = (sev, s) => sev.toLowerCase() === 'moderate' ? yellow(s || sev)
    : sev.toLowerCase() === 'high' ? red(s || sev)
    : sev.toLowerCase() === 'critical' ? magenta(s || sev)
    : white(s || sev)
  const dim = s => chalk.dim(s)

return {
    dim,
    green,
    red,
    magenta,
    yellow,
    white,
    severity,
  }
}
PK�\�\g����LICENSEnu�[���ISC License

Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE COPYRIGHT HOLDER DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
USE OR PERFORMANCE OF THIS SOFTWARE.
PK�\�\f�VIIpackage.jsonnu�[���PK�\�\�ڥ���lib/exit-code.jsnu�[���PK�\�\��Ǐ�hlib/index.jsnu�[���PK�\�\\��e	e	3lib/reporters/detail.jsnu�[���PK�\�\$A�		�lib/reporters/install.jsnu�[���PK�\�\�:�T�lib/reporters/quiet.jsnu�[���PK�\�\��%JJ lib/reporters/json.jsnu�[���PK�\�\R{WA??
� lib/colors.jsnu�[���PK�\�\g����#LICENSEnu�[���PK		�;&

/home/emeraadmin/www/CBNA/../node_modules/array-slice/../debug/../../4d695/npm-audit-report.zip