=== exit code
0
=== end of exit code

=== stdout - plain
{
  "errors": [],
  "paths": {
    "scanned": [
      "targets/dependency_aware/ansi/ansi.js",
      "targets/dependency_aware/ansi/yarn.lock"
    ]
  },
  "results": [
    {
      "check_id": "rules.dependency_aware.ansi-html-redos",
      "end": {
        "col": 1,
        "line": 15,
        "offset": 0
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "lines": "requires login",
        "message": "This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. There is no upgrade fix at this time (the package is no longer being maintained), but you can change to use the 'ansi-html-community@0.0.8' package instead.\n",
        "metadata": {
          "category": "security",
          "references": [
            "https://github.com/advisories/GHSA-whgm-jr23-g3j9",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-23424",
            "https://github.com/Tjatse/ansi-html/issues/19",
            "https://github.com/mahdyar/ansi-html-community"
          ],
          "sca-kind": "reachable",
          "technology": [
            "js",
            "ts"
          ]
        },
        "sca_info": {
          "dependency_match": {
            "dependency_pattern": {
              "ecosystem": "npm",
              "package": "ansi-html",
              "semver_range": "< 0.0.8"
            },
            "found_dependency": {
              "allowed_hashes": {},
              "children": [],
              "ecosystem": "npm",
              "line_number": 15,
              "lockfile_path": "targets/dependency_aware/ansi/yarn.lock",
              "manifest_path": "targets/dependency_aware/ansi/package.json",
              "package": "ansi-html",
              "resolved_url": "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz",
              "transitivity": "direct",
              "version": "0.0.7"
            },
            "lockfile": "targets/dependency_aware/ansi/yarn.lock"
          },
          "reachability_rule": true,
          "reachable": false,
          "sca_finding_schema": 20220913
        },
        "severity": "ERROR"
      },
      "path": "targets/dependency_aware/ansi/yarn.lock",
      "start": {
        "col": 1,
        "line": 15,
        "offset": 0
      }
    }
  ],
  "skipped_rules": [],
  "time": "<masked in tests>",
  "version": "0.42"
}
=== end of stdout - plain

=== stderr - plain


┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 3 files tracked by git with 0 Code rules, 1 Supply Chain rule:


  CODE RULES
  Nothing to scan.

  SUPPLY CHAIN RULES
  Scanning 1 file and 1 dependency source.

  Dependency Sources                        Resolution Method   Ecosystem   Dependencies   Rules
 ────────────────────────────────────────────────────────────────────────────────────────────────
  targets/dependency_aware/ansi/yarn.lock   Lockfile            Npm         4                  1



┌──────────────┐
│ Scan Summary │
└──────────────┘
✅ Scan completed successfully.
 • Findings: 1 (0 blocking)
 • Rules run: 1
 • Targets scanned: 2
 • Parsed lines: ~100.0%
 • No ignore information available
Ran 1 rule on 2 files: 1 finding.

=== end of stderr - plain

=== stdout - color
<same as above: stdout - plain>
=== end of stdout - color

=== stderr - color
<same as above: stderr - plain>
=== end of stderr - color