Lines 1-80javascript
1var k_=Object.create;var gu=Object.defineProperty;var D_=Object.getOwnPropertyDescriptor;var T_=Object.getOwnPropertyNames;var v_=Object.getPrototypeOf,R_=Object.prototype.hasOwnProperty;var Q=(t=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(t,{get:(e,r)=>(typeof require<"u"?require:e)[r]}):t)(function(t){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+t+'" is not supported')});var je=(t,e)=>()=>(t&&(e=t(t=0)),e);var J=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports),vf=(t,e)=>{for(var r in e)gu(t,r,{get:e[r],enumerable:!0})},O_=(t, ...
2`?(Pr++,Nt=0):t?Nt+=t.length:Nt++,t&&(Lo+=t.length),t}var Ff={default(){switch(Ce){case" ":case"\v":case"\f":case" ":case"\xA0":case"\uFEFF":case`
3`:case"\r":case"\u2028":case"\u2029":H();return;case"/":H(),me="comment";return;case void 0:return H(),Pe("eof")}if($e.isSpaceSeparator(Ce)){H();return}return Ff[et]()},comment(){switch(Ce){case"*":H(),me="multiLineComment";return;case"/":H(),me="singleLineComment";return}throw Ie(H())},multiLineComment(){switch(Ce){case"*":H(),me="multiLineCommentAsterisk";return;case void 0:throw Ie(H())}H()},multiLineCommentAsterisk(){switch(Ce){case"*":H();return;case"/":H(),me="default";return;case void 0:throw Ie(H())}H(),me="multiLineComment"},singleLineComment(){switch(Ce){case`
4`:case"\r":case"\u2028":case"\u2029":H(),me="default";return;case void 0:return H(),Pe("eof")}H()},value(){switch(Ce){case"{":case"[":return Pe("punctuator",H());case"n":return H(),en("ull"),Pe("null",null);case"t":return H(),en("rue"),Pe("boolean",!0);case"f":return H(),en("alse"),Pe("boolean",!1);case"-":case"+":H()==="-"&&(hr=-1),me="sign";return;case".":he=H(),me="decimalPointLeading";return;case"0":he=H(),me="zero";return;case"1":case"2":case"3":case"4":case"5":case"6":case"7":case"8":case"9":he=H(),me="decimalInteger";return;case"I":return H(),en("nfinity"),Pe("numeric",1/0);case"N":retu ...
5`:case"\r":throw Ie(H());case"\u2028":case"\u2029":N_(Ce);break;case void 0:throw Ie(H())}he+=H()},start(){switch(Ce){case
6`;case"r":return H(),"\r";case"t":return H()," ";case"v":return H(),"\v";case"0":if(H(),$e.isDigit(mr()))throw Ie(H());return"\0";case"x":return H(),P_();case"u":return H(),Eu();case`
7`:case"\u2028":case"\u2029":return H(),"";case"\r":return H(),mr()===`
8`&&H(),"";case"1":case"2":case"3":case"4":case"5":case"6":case"7":case"8":case"9":throw Ie(H());case void 0:throw Ie(H())}return H()}function P_(){let t="",e=mr();if(!$e.isHexDigit(e)||(t+=H(),e=mr(),!$e.isHexDigit(e)))throw Ie(H());return t+=H(),String.fromCodePoint(parseInt(t,16))}function Eu(){let t="",e=4;for(;e-- >0;){let r=mr();if(!$e.isHexDigit(r))throw Ie(H());t+=H()}return String.fromCodePoint(parseInt(t,16))}var I_={start(){if(ze.type==="eof")throw tn();bu()},beforePropertyName(){switch(ze.type){case"identifier":case"string":Au=ze.value,et="afterPropertyName";return;case"punctuator": ...
11`+_+"}"}}return s.pop(),i=_,b}function k(y){if(y.length===0)return p(y,!0);let _=String.fromCodePoint(y.codePointAt(0));if(!Su.isIdStartChar(_))return p(y,!0);for(
14`+_+"]"}return s.pop(),i=_,D}}});var ku=J((OT,Mf)=>{var B_=Nf(),j_=jf(),M_={parse:B_,stringify:j_};Mf.exports=M_});var
15`)||n,code:i,status:s},e.data.error)}return Object.assign({message:n,code:i,status:s},e.data.error)}}return{message:n,code:e.status,status:e.statusText}}};wt.GaxiosError=Iu;function pb(t,e){switch(t){case"stream":return e;case"json":return JSON.parse(JSON.stringify(e));case"arraybuffer":return JSON.parse(Buffer.from(e).toString("utf8"));case"blob":return JSON.parse(e.text());default:return e}}function lh(t){let e="<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.";function r(i){i&&i.forEach((u,c)=>{(/^authentication$/i.test(c)||/^authorization$/i.test(c)||/secret/i.test( ...
17`+i),t.push(s+"m+"+ti.exports.humanize(this.diff)+"\x1B[0m")}else t[0]=Nb()+e+" "+t[0]}function Nb(){return We.inspectOpts.hideDate?"":new Date().toISOString()+
18`)}function jb(t){t?process.env.DEBUG=t:delete process.env.DEBUG}function Mb(){return process.env.DEBUG}function Lb(t){t.inspectOpts={};let e=Object.keys(We.inspectOpts);
19`).map(e=>e.trim()).join(" ")};Eh.O=function(t){return this.inspectOpts.colors=this.useColors,ei.inspect(t,this.inspectOpts)}});var zu=J((jv,$u)=>{typeof process>
20`).some(n=>n.indexOf("(https.js:")!==-1||n.indexOf("node:https:")!==-1)}incrementSockets(e){if(this.maxSockets===1/0&&this.maxTotalSockets===1/0)return null;this.sockets[e]||(this.sockets[e]=[]);let r=new Vb.Socket({writable:!1});return this.sockets[e].push(r),this.totalSocketCount++,r}decrementSockets(e,r){if(!this.sockets[e]||r===null)return;let n=this.sockets[e],s=n.indexOf(r);s!==-1&&(n.splice(s,1),this.totalSocketCount--,n.length===0&&delete this.sockets[e])}getName(e){return this.isSecureEndpoint(e)?Kb.Agent.prototype.getName.call(this,e):super.getName(e)}createSocket(e,r,n){let s={...r, ...
22`);if(g===-1){ri("have not received end of HTTP headers yet..."),i();return}let k=p.slice(0,g).toString("ascii").split(`\r
23`),E=k.shift();if(!E)return t.destroy(),r(new Error("No header received from proxy CONNECT response"));let y=E.split(" "),_=+y[1],m=y.slice(2).join(" "),D={};for
24`;if(n.username||n.password){let g=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;i["Proxy-Authorization"]=`Basic ${Buffer.from(g).toString("base64")}`}i.Host=`${u}:${r.port}`,
25`;let l=(0,oC.parseProxyResponse)(s);s.write(`${c}\r
26`);let{connect:d,buffered:h}=await l;if(e.emit("proxyConnect",d),this.emit("proxyConnect",d,e),d.statusCode===200)return e.once("socket",iC),r.secureEndpoint?(As("Upgrading socket connection to TLS"),Fh.connect({...Ih(Ph(r),"host","path","port"),socket:s})):s;s.destroy();let p=new ni.Socket({writable:!1});return p.readable=!0,e.once("socket",g=>{As("Replaying proxy buffer for failed request"),(0,tC.default)(g.listenerCount("data")>0),g.push(h),g.push(null)}),p}};si.protocols=["http","https"];At.HttpsProxyAgent=si;function iC(t){t.resume()}function Ih(t,...e){let r={},n;for(n in t)e.includes(n) ...
27Content-Disposition: form-data; name="`;return t.forEach((i,u)=>typeof i=="string"?n.push(s+Vu(u)+`"\r
29${i.replace(/\r(?!\n)|(?<!\r)\n/g,`\r
31`):n.push(s+Vu(u)+`"; filename="${Vu(i.name,1)}"\r
32Content-Type: ${i.type||"application/octet-stream"}\r
35`)),n.push(`--${r}--`),new e(n,{type:"multipart/form-data; boundary="+r})}var ks,dC,fC,Wh,hC,Gh,Vu,sn,jr,ii=je(()=>{Ss();Ju();({toStringTag:ks,iterator:dC,hasInstance:fC}=Symbol),Wh=Math.random,hC="append,set,get,getAll,delete,keys,values,entries,forEach,constructor".split(","),Gh=(t,e,r)=>(t+="",/^(Blob|File)$/.test(e&&e[ks])?[(r=r!==void 0?r+"":e[ks]=="File"?e.name:"blob",t),e.name!==r||e[ks]=="blob"?new Br([e],r,e):e]:[t,e+""]),Vu=(t,e)=>(e?t:t.replace(/\r?\n|\r/g,`\r
36`)).replace(/\n/g,"%0A").replace(/\r/g,"%0D").replace(/"/g,"%22"),sn=(t,e,r)=>{if(e.length<r)throw new TypeError(`Failed to execute '${t}' on 'FormData': ${r} arguments required, but only ${e.length} present.`)},jr=class
37--`+e;let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e.charCodeAt(n),this.boundaryChars[r[n]]=!0;this.boundary=r,this.lookbehind=new Uint8Array(this.boundary.length+8),this.state=xe.START_BOUNDARY
39`),n=!1,s=!1,i;t.on("response",u=>{let{headers:c}=u;n=c["transfer-encoding"]==="chunked"&&!c["content-length"]}),t.on("socket",u=>{let c=()=>{if(n&&!s){let d=new Error("Premature close");d.code="ERR_STREAM_PREMATURE_CLOSE",e(d)}},l=d=>{s=_i.compare(d.slice(-5),r)===0,!s&&i&&(s=_i.compare(i.slice(-3),r.slice(0,3))===0&&_i.compare(d.slice(-2),r.slice(3))===0),i=d};u.prependListener("close",c),u.on("data",l),t.on("close",()=>{u.removeListener("close",c),u.removeListener("data",l)})})}var NC,xp=je(()=>{Lh();pi();gp();yi();Dp();Ku();Tp();nc();ii();ci();sc();Qu();NC=new Set(["data:","http:","https:" ...
42`,typeof s.content=="string"?yield s.content:yield*s.content,yield`\r
43`}yield n}static#o;static#i;static async#a(){return this.#o||=(await Promise.resolve().then(()=>Fr(jh()))).HttpsProxyAgent,this.#o}static async#u(){let e=typeof window<"u"&&!!window;return this.#i||=e?window.fetch
46`+y+"]":"["+_.join(",")+"]",n=y,k}if(u&&typeof u=="object")for(E=u.length,p=0;p<E;p+=1)typeof u[p]=="string"&&(g=u[p],k=l(g,m),k&&_.push(c(g)+(n?": ":":")+k));else Object.keys(m).forEach(function(b){var A=l(b,m);A&&_.push(c(b)+(n?": ":":")+A)});return k=_.length===0?"{}":n?`{
49`+y+"}":"{"+_.join(",")+"}",n=y,k}}typeof Mp.stringify!="function"&&(Mp.stringify=function(d,h,p){var g;if(n="",s="",typeof p=="number")for(g=0;g<p;g+=1)s+=" ";else typeof p=="string"&&(s=p);if(u=h,h&&typeof h!="function"&&(typeof h!="object"||typeof h.length!="number"))throw new Error("JSON.stringify");return l("",{"":d})})})()});var $p=J((u1,qp)=>{var wi=null,GC=/(?:_|\\u005[Ff])(?:_|\\u005[Ff])(?:p|\\u0070)(?:r|\\u0072)(?:o|\\u006[Ff])(?:t|\\u0074)(?:o|\\u006[Ff])(?:_|\\u005[Ff])(?:_|\\u005[Ff])/,JC=/(?:c|\\u0063)(?:o|\\u006[Ff])(?:n|\\u006[Ee])(?:s|\\u0073)(?:t|\\u0074)(?:r|\\u0072)(?:u|\\ ...
50`,r:"\r",t:" "},i,u=function(y){throw{name:"SyntaxError",message:y,at:r,text:i}},c=function(y){return y&&y!==n&&u("Expected '"+y+"' instead of '"+n+"'"),n=i.charAt(r),r+=1,n},l
51 Supported algorithms are:
52 "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".`,Ls="secret must be a string or buffer",Jn="key must be a string or a buffer",SE="key must be a string, a buffer or an object",zc=typeof Dt.createPublicKey=="function";zc&&(Jn+=" or a KeyObject",Ls+="or a KeyObject");function Mm(t){if(!Vn.isBuffer(t)&&typeof t!="string"&&(!zc||typeof t!="object"||typeof t.type!="string"||typeof t.asymmetricKeyType!="string"||typeof t.export!="function"))throw $t(Jn)}function Lm(t){if(!Vn.isBuffer(t)&&typeof t!="string"&&typeof t!="object")th ...
CriticalCredential Exfiltration
Source appears to send environment or credential material to an external endpoint.
dist/esm/server.mjsView on unpkg · L7 HighCloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/esm/server.mjs 53`});let h=d.join(";"),p=await t.crypto.sha256DigestHex(r),g=`${t.method.toUpperCase()}
55${t.canonicalQuerystring}
58${p}`,k=`${u}/${t.region}/${n}/${HA}`,E=`${Ig}
61`+await t.crypto.sha256DigestHex(g),y=await WA(t.crypto,t.securityCredentials.secretAccessKey,u,t.region,n),_=await Gs(t.crypto,y,E),m
62To learn more about authentication and Google APIs, visit:
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/esm/server.mjsView on unpkg · L49 HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/esm/server.mjsView on unpkg · L49 HighChild Process
Package source references child process execution.
dist/esm/server.mjsView on unpkg · L60 63https://cloud.google.com/docs/authentication/getting-started`,NO_CREDENTIALS_FOUND:`Unable to find credentials in current environment.
64To learn more about authentication and Google APIs, visit:
65https://cloud.google.com/docs/authentication/getting-started`,NO_ADC_FOUND:"Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.",NO_UNIVERSE_DOMAIN_FOUND:`Unable to detect a Universe Domain in the current environment.
66To learn more about Universe Domain retrieval, visit:
67https://cloud.google.com/compute/docs/metadata/predefined-metadata-keys`};var Hl=class{checkIsGCE=void 0;useJWTAccessWithScope;defaultServicePath;get isGCE(){return this.checkIsGCE}_findProjectIdPromise;_cachedProjectId;jsonContent=null;apiKey;cachedCredential=null;#e=null;defaultScopes;keyFilename;scopes;clientOptions={};constructor(e={}){if(this._cachedProjectId=e.projectId||null,this.cachedCredential=e.authClient||null,this.keyFilename=e.keyFilename||e.keyFile,this.keyFilename&&console.warn("The `keyFilename` option is deprecated. Please use the `credentials` option instead. For more detail ...
68`+(this.config.colors?`${this.colors.dim}`:""),c+="Metadata: "+JSON.stringify(u,null,2),this.config.colors&&(c+=this.colors.reset)),c}toMarkdown(e,r=0){let n=" ".repeat(r);return Array.isArray(e)?e.map(s=>typeof s=="object"?`${n}-
69${this.toMarkdown(s,r+1)}`:`${n}- ${s}`).join(`
70`):typeof e=="object"&&e!==null?Object.entries(e).map(([s,i])=>typeof i=="object"&&i!==null?`${n}${s}:
71${this.toMarkdown(i,r+1)}`:`${n}${s}: ${i}`).join(`
72`):`${n}${e}`}async output(e,r={}){try{let n=this.formatData(e,r);switch(this.config.level||"log"){case"info":console.info(n);break;case"warn":console.warn(n);break;case"error":console.error(n);break;case"debug":console.debug(n);break;case"log":default:console.log(n);break}return!0}catch(n){return console.error("[ConsoleOutputHandler] Output failed:",n),!1}}}});var oo,Cd=je(()=>{"use strict";oo=class{type="webhook";config;defaultTimeout=3e4;constructor(e){if(!e.url)throw new Error("Webhook URL is required");this.config={method:"POST",retry:{maxAttempts:3,backoffMs:1e3},silent:!1,...e}}buildHea ...
73`);this.buffer=n.pop()||"";for(let s of n){let i=this.processLine(s);i&&r.enqueue(i)}},flush:e=>{if(this.buffer.trim()){let r=[];this.processLine(this.buffer.
74`),e.id&&(n+=`id: ${e.id}
75`),e.retry&&(n+=`retry: ${e.retry}
76`),e.data&&(e.data.type==="done"?n+=`data: [DONE]
77`:n+=`data: ${JSON.stringify(e.data)}
79`,r.enqueue(n)}})}};var $o=(t,e)=>{let r=t.getReader();return new ReadableStream({async start(n){try{for(;;){let{done:s,value:i}=await r.read();if(s){n.close();break}
80`));let l=i.content.filter(h=>h.type==="tool_use"&&h.id);l.length&&(u.tool_calls=l.map(h=>{let p=h.input;return(typeof p!="object"||p===null)&&(p=p?{text:String(p)}:{}),{id:h.id,type:"function",function:{name:h.name,arguments:JSON.stringify(p)}}}));let d=i.content.find(h=>h.type==="thinking"&&h.signature);d&&(u.thinking={content:d.thinking,signature:d.signature}),r.push(u)}return}}});let s={messages:r,model:e.model,max_tokens:e.max_tokens,temperature:e.temperature,stream:e.stream,tools:e.tools?.length?this.convertAnthropicToolsToUnified(e.tools):void 0,tool_choice:e.tool_choice};return e.think ...
Long lines were clipped for display.