diff --git a/.gitignore b/.gitignore index 648628f..496cf24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,224 +1,3 @@ -# Created by https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux -# Edit at https://www.toptal.com/developers/gitignore?templates=node,macos,windows,linux +node_modules -### Linux ### -*~ - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -### macOS ### -# General -.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -### macOS Patch ### -# iCloud generated files -*.icloud - -### Node ### -# Logs -logs -*.log -npm-debug.log* -yarn-debug.log* -yarn-error.log* -lerna-debug.log* -.pnpm-debug.log* - -# Diagnostic reports (https://nodejs.org/api/report.html) -report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json - -# Runtime data -pids -*.pid -*.seed -*.pid.lock - -# Directory for instrumented libs generated by jscoverage/JSCover -lib-cov - -# Coverage directory used by tools like istanbul -coverage -*.lcov - -# nyc test coverage -.nyc_output - -# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) -.grunt - -# Bower dependency directory (https://bower.io/) -bower_components - -# node-waf configuration -.lock-wscript - -# Compiled binary addons (https://nodejs.org/api/addons.html) -build/Release - -# Dependency directories -node_modules/ -jspm_packages/ - -# Snowpack dependency directory (https://snowpack.dev/) -web_modules/ - -# TypeScript cache -*.tsbuildinfo - -# Optional npm cache directory -.npm - -# Optional eslint cache -.eslintcache - -# Optional stylelint cache -.stylelintcache - -# Microbundle cache -.rpt2_cache/ -.rts2_cache_cjs/ -.rts2_cache_es/ -.rts2_cache_umd/ - -# Optional REPL history -.node_repl_history - -# Output of 'npm pack' -*.tgz - -# Yarn Integrity file -.yarn-integrity - -# dotenv environment variable files -.env -.env.development.local -.env.test.local -.env.production.local -.env.local - -# parcel-bundler cache (https://parceljs.org/) -.cache -.parcel-cache - -# Next.js build output -.next -out - -# Nuxt.js build / generate output -.nuxt -dist - -# Gatsby files -.cache/ -# Comment in the public line in if your project uses Gatsby and not Next.js -# https://nextjs.org/blog/next-9-1#public-directory-support -# public - -# vuepress build output -.vuepress/dist - -# vuepress v2.x temp and cache directory -.temp - -# Docusaurus cache and generated files -.docusaurus - -# Serverless directories -.serverless/ - -# FuseBox cache -.fusebox/ - -# DynamoDB Local files -.dynamodb/ - -# TernJS port file -.tern-port - -# Stores VSCode versions used for testing VSCode extensions -.vscode-test - -# yarn v2 -.yarn/cache -.yarn/unplugged -.yarn/build-state.yml -.yarn/install-state.gz -.pnp.* - -### Node Patch ### -# Serverless Webpack directories -.webpack/ - -# Optional stylelint cache - -# SvelteKit build / generate output -.svelte-kit - -### Windows ### -# Windows thumbnail cache files -Thumbs.db -Thumbs.db:encryptable -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - -#!dist/ -dist/* -packages/frontend/dist -packages/backend/dist -#!dist/*.zip - -# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux \ No newline at end of file +/dist diff --git a/LICENSE b/LICENSE index a9767d0..ffe5545 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 [Author] +Copyright (c) 2024 [caterpii] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/build.zip b/build.zip new file mode 100644 index 0000000..e59eb4c Binary files /dev/null and b/build.zip differ diff --git a/caido.config.ts b/caido.config.ts index 4299bd9..ccab95c 100644 --- a/caido.config.ts +++ b/caido.config.ts @@ -1,18 +1,24 @@ -import { defineConfig } from "@caido-community/dev"; +import { defineConfig } from '@caido-community/dev'; export default defineConfig({ - id: "caido-oauth", - name: "Caido OAuth", - description: "Plugin for OAuth", - version: "0.0.0", + id: "oauth-vuln-detector", + name: "OAuth Vuln Detector", + description: "Detects OAuth misconfiguration.", + version: "0.0.1", author: { - name: "WHS Safe Us Team", + name: "caterpii", + email: "dlaha171@gmail.com", + url: "https://github.com/katerpii" }, plugins: [ { kind: "backend", - id: "backend", + id: "oauth-backend", root: "packages/backend", }, ], -}); + watch: { + port: 8081, + }, +} +); diff --git a/package.json b/package.json index 7d2ba1b..3d49425 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "caido-oauth", + "name": "caido-oauth-plugin", "version": "0.0.0", "private": true, "scripts": { @@ -9,7 +9,7 @@ }, "devDependencies": { "@caido-community/dev": "^0.1.3", - "@caido/sdk-backend": "^0.48.1", + "@caido/sdk-backend": "^0.46.0", "typescript": "5.5.4" } } diff --git a/packages/backend/dist/index.js b/packages/backend/dist/index.js new file mode 100644 index 0000000..e138d7c --- /dev/null +++ b/packages/backend/dist/index.js @@ -0,0 +1,190 @@ +// packages/backend/src/controller/PKCECheck.ts +import { RequestSpec } from "caido:utils"; +var PKCECheck = class { + async test(sdk, req) { + const method = req.getMethod(); + if (method !== "GET") { + sdk.console.log("[PKCEDowngradeCheck] Not a GET request. Skipping."); + return false; + } + const query = req.getQuery(); + const searchParams = new URLSearchParams(query); + const requiredKeys = ["client_id", "response_type", "code_challenge", "code_challenge_method"]; + if (!requiredKeys.every((key) => searchParams.has(key))) { + sdk.console.log("[PKCEDowngradeCheck] Required PKCE parameters missing. Skipping."); + return false; + } + const url = req.getUrl(); + const isOpenID = searchParams.get("scope")?.includes("openid") || url.includes("id_token"); + const methodVal = searchParams.get("code_challenge_method"); + const challengeVal = searchParams.get("code_challenge"); + if (!methodVal || !challengeVal) { + sdk.console.log("[PKCEDowngradeCheck] code_challenge or method missing. Skipping."); + await sdk.findings.create({ + title: isOpenID ? "[WARN] OpenID Flow PKCE Parameters Missing" : "[WARN] OAuth2 Flow PKCE Parameters Missing", + description: `PKCE parameters are missing or incomplete for ${url}. This may indicate a misconfiguration.`, + request: req, + reporter: "PKCE Checker" + }); + return false; + } + if (methodVal === "plain") { + sdk.console.log("[PKCEDowngradeCheck] code_challenge_method is 'plain'. Skipping."); + await sdk.findings.create({ + title: isOpenID ? "[WARN] OpenID Flow PKCE Method is 'plain'" : "[WARN] OAuth2 Flow PKCE Method is 'plain'", + description: `PKCE method is set to 'plain' for ${url}. This may indicate a downgrade vulnerability.`, + request: req, + reporter: "PKCE Checker" + }); + return false; + } + searchParams.delete("code_challenge"); + searchParams.delete("code_challenge_method"); + const downgradedQuery = searchParams.toString(); + const scheme = req.getUrl().startsWith("https") ? "https" : "http"; + const downgradedUrl = `${scheme}://${req.getHost()}:${req.getPort()}${req.getPath()}?${downgradedQuery}`; + sdk.console.log(`${req.getHost()} Original URL: ` + url); + sdk.console.log(`${req.getHost()} Downgraded URL: ` + downgradedUrl); + try { + const spec = new RequestSpec(downgradedUrl); + spec.setBody(req.getBody()); + for (const [key, value] of Object.entries(req.getHeaders())) { + if (Array.isArray(value)) { + spec.setHeader(key, value.join(", ")); + } else { + spec.setHeader(key, value); + } + } + spec.setHost(req.getHost()); + spec.setMethod(req.getMethod()); + spec.setPath(req.getPath()); + spec.setQuery(downgradedQuery); + spec.setTls(req.getTls()); + spec.setPort(req.getPort()); + let sendDowngradedRequest = await sdk.requests.send(spec); + if (sendDowngradedRequest.response) { + let domain = spec.getHost(); + let port = spec.getPort(); + let path2 = spec.getPath(); + let query2 = spec.getQuery(); + let id = sendDowngradedRequest.response.getId(); + let code = sendDowngradedRequest.response.getCode(); + sdk.console.log(`REQ ${id}: ${domain}:${port}${path2}${query2} received a status code of ${code}`); + } + if (sendDowngradedRequest.response?.getCode() === 302) { + await sdk.findings.create({ + title: isOpenID ? "[CRITICAL] OpenID Flow PKCE Downgrade Vulnerability" : "[CRITICAL] OAuth2 Flow PKCE Downgrade Vulnerability", + description: `The request to ${url} is vulnerable to a PKCE downgrade attack. This may indicate a configuration error.`, + request: req, + reporter: "PKCE Checker" + }); + } + } catch (err) { + sdk.console.error(`PKCE downgrade check failed for ${url}: ${String(err)}`); + } + sdk.console.log("[PKCEDowngradeCheck] No PKCE downgrade detected."); + return false; + } +}; + +// packages/backend/src/controller/redirectUriCheck.ts +import { promises as fs } from "fs"; +import * as path from "path"; +import os from "os"; +var redirectUriCheck = class { + requestMap = /* @__PURE__ */ new Map(); + // constructor(private sdk: SDK) {} + async onRequest(sdk, req) { + try { + const urlString = req.getUrl(); + const url = new URL(urlString); + sdk.console.log(`[OAuthPlugin] Intercepted request: ${urlString}`); + if (!url.pathname.includes("/authorize") && !url.pathname.includes("/auth")) return; + const params = new URLSearchParams(url.search); + const redirectUri = params.get("redirect_uri"); + if (!redirectUri) return; + const reqId = req.getId(); + this.requestMap.set(reqId, redirectUri); + const clientId = params.get("client_id") ?? "(missing)"; + const responseType = params.get("response_type") ?? "(missing)"; + const isScan = params.has("scan"); + if (isScan) return; + const output = { + original_url: urlString, + client_id: clientId, + redirect_uri: redirectUri, + response_type: responseType + }; + try { + const filePath = path.join(os.tmpdir(), "oauth-fuzz-input.json"); + await fs.writeFile(filePath, JSON.stringify(output, null, 2)); + } catch (err) { + await sdk.findings.create({ + title: "[fs] Write Failed", + description: `Could not write to file: ${err}`, + request: req, + reporter: "oauth-open-redirect-detector" + }); + } + await sdk.findings.create({ + title: "[ ] OAuth2 Authorization Request Collected", + description: `client_id: ${clientId} +redirect_uri: ${redirectUri} +response_type: ${responseType}`, + request: req, + reporter: "oauth-open-redirect-detector" + }); + } catch (err) { + sdk.console.error(`Error in onRequest: ${err}`); + } + } + async onResponse(sdk, req, resp) { + try { + const reqId = req.getId(); + const url = new URL(req.getUrl()); + const status = resp.getCode(); + const location = resp.getHeader("location")?.[0]; + const params = new URLSearchParams(url.search); + const isScan = params.has("scan"); + if (!isScan) { + this.requestMap.delete(reqId); + return; + } + if (status >= 300 && status < 400 && location) { + const redirectUri = this.requestMap.get(reqId) ?? "(unknown)"; + await sdk.findings.create({ + title: "[+] Redirect URI Misconfiguration Detected", + description: `Status: ${status} +Location: ${location} +Request URL: ${url.href} +Redirect URI: ${redirectUri}`, + request: req, + reporter: "oauth-open-redirect-detector" + }); + } + this.requestMap.delete(reqId); + } catch (err) { + sdk.console.error(`Error in onResponse: ${err}`); + } + } +}; + +// packages/backend/src/index.ts +var pkceCheckController = new PKCECheck(); +var redirectUriCheckController = new redirectUriCheck(); +function init(sdk) { + sdk.events.onInterceptRequest( + async (sdk2, req) => { + await redirectUriCheckController.onRequest(sdk2, req); + } + ); + sdk.events.onInterceptResponse( + async (sdk2, req, resp) => { + await pkceCheckController.test(sdk2, req); + await redirectUriCheckController.onResponse(sdk2, req, resp); + } + ); +} +export { + init +}; diff --git a/packages/backend/package.json b/packages/backend/package.json index 840a266..938e95c 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -6,8 +6,5 @@ "scripts": { "typecheck": "tsc --noEmit", "build": "vite build" - }, - "devDependencies": { - "@caido/sdk-backend": "^0.46.0" } } diff --git a/packages/backend/pnpm-lock.yaml b/packages/backend/pnpm-lock.yaml new file mode 100644 index 0000000..f6c167c --- /dev/null +++ b/packages/backend/pnpm-lock.yaml @@ -0,0 +1,35 @@ +lockfileVersion: '9.0' + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +importers: + + .: + devDependencies: + '@caido/sdk-backend': + specifier: ^0.46.0 + version: 0.46.0 + +packages: + + '@caido/quickjs-types@0.17.2': + resolution: {integrity: sha512-5kcucGORMNEbcdU91yKLYZG/TFDqsO6XmCZ1TnU6V48E61mmqrJg6kjrfOFP1WOugDm+ZcGd/Su3p3XkFXfaPg==} + + '@caido/sdk-backend@0.46.0': + resolution: {integrity: sha512-peUKW/4Nrw9WVxIahc+6KrVtxA7vsbpuJqOoBxudxq7tQJ+cV9IEqzvYoFFo8KlnrTkeUQUJvd0W4WsM3HgxEg==} + + '@caido/sdk-shared@0.1.1': + resolution: {integrity: sha512-JAV5ajUqxZdXYPTmDEvIKBZon8I5uHq44ATj0Nj3BVpllRDUGY9kcBd+PXMD50+3lv1CvhR3/f6q24T0+4aVJQ==} + +snapshots: + + '@caido/quickjs-types@0.17.2': {} + + '@caido/sdk-backend@0.46.0': + dependencies: + '@caido/quickjs-types': 0.17.2 + '@caido/sdk-shared': 0.1.1 + + '@caido/sdk-shared@0.1.1': {} diff --git a/packages/backend/src/controller/redirectUriCheck.ts b/packages/backend/src/controller/redirectUriCheck.ts new file mode 100644 index 0000000..c15a0d2 --- /dev/null +++ b/packages/backend/src/controller/redirectUriCheck.ts @@ -0,0 +1,95 @@ +// oauth-plugin.ts +import type { SDK } from "caido:plugin"; +import type { Request, Response } from "caido:utils"; +import { promises as fs } from "fs"; +import * as path from "path"; +import os from "os"; + +export class redirectUriCheck { + private requestMap = new Map(); + +// constructor(private sdk: SDK) {} + + public async onRequest(sdk: SDK, req: Request) { + try { + const urlString = req.getUrl(); + const url = new URL(urlString); + sdk.console.log(`[OAuthPlugin] Intercepted request: ${urlString}`); + + if (!url.pathname.includes("/authorize") && !url.pathname.includes("/auth")) return; + + const params = new URLSearchParams(url.search); + const redirectUri = params.get("redirect_uri"); + if (!redirectUri) return; + + const reqId = req.getId(); + this.requestMap.set(reqId, redirectUri); + + const clientId = params.get("client_id") ?? "(missing)"; + const responseType = params.get("response_type") ?? "(missing)"; + const isScan = params.has("scan"); + if (isScan) return; + + const output = { + original_url: urlString, + client_id: clientId, + redirect_uri: redirectUri, + response_type: responseType, + }; + + try { + const filePath = path.join(os.tmpdir(), "oauth-fuzz-input.json"); + await fs.writeFile(filePath, JSON.stringify(output, null, 2)); + } catch (err) { + await sdk.findings.create({ + title: "[fs] Write Failed", + description: `Could not write to file: ${err}`, + request: req, + reporter: "oauth-open-redirect-detector" + }); + } + + await sdk.findings.create({ + title: "[ ] OAuth2 Authorization Request Collected", + description: `client_id: ${clientId}\nredirect_uri: ${redirectUri}\nresponse_type: ${responseType}`, + request: req, + reporter: "oauth-open-redirect-detector" + }); + + } catch (err) { + sdk.console.error(`Error in onRequest: ${err}`); + } + } + + public async onResponse(sdk: SDK, req: Request, resp: Response) { + try { + const reqId = req.getId(); + const url = new URL(req.getUrl()); + const status = resp.getCode(); + const location = resp.getHeader("location")?.[0]; + + const params = new URLSearchParams(url.search); + const isScan = params.has("scan"); + + if (!isScan) { + this.requestMap.delete(reqId); + return; + } + + if (status >= 300 && status < 400 && location) { + const redirectUri = this.requestMap.get(reqId) ?? "(unknown)"; + + await sdk.findings.create({ + title: "[+] Redirect URI Misconfiguration Detected", + description: `Status: ${status}\nLocation: ${location}\nRequest URL: ${url.href}\nRedirect URI: ${redirectUri}`, + request: req, + reporter: "oauth-open-redirect-detector", + }); + } + + this.requestMap.delete(reqId); + } catch (err) { + sdk.console.error(`Error in onResponse: ${err}`); + } + } +} diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 2eccd6d..10f796c 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -1,49 +1,55 @@ import type { SDK, DefineAPI } from "caido:plugin"; -import type { Request } from "caido:utils"; -import { ImplicitGrantController } from "./controller/implictGrant"; -import { AuthZCodeGrantController } from "./controller/authZCodeGrant"; +import type { Request, Response } from "caido:utils"; +// import { ImplicitGrantController } from "./controller/implictGrant"; +// import { AuthZCodeGrantController } from "./controller/authZCodeGrant"; import { PKCECheck } from "./controller/PKCECheck"; +import { redirectUriCheck } from "./controller/redirectUriCheck"; export type API = DefineAPI<{}>; -const implicitGrantController = new ImplicitGrantController(); -const authZCodeGrantController = new AuthZCodeGrantController(); +// const implicitGrantController = new ImplicitGrantController(); +// const authZCodeGrantController = new AuthZCodeGrantController(); const pkceCheckController = new PKCECheck(); - -// function matchSSORequest(req: Request): boolean { -// const raw = req.getRaw().toString(); - -// // 조건 3: Raw request에 SAMLRequest 또는 SAMLResponse 포함 -// if (raw.includes("SAMLRequest=") || raw.includes("SAMLResponse=")) { -// return true; -// } - -// return false; -// } - -// function matchAccessTokenResponse(resp: Response): boolean { -// const raw = resp.getRaw().toString(); - -// const match = /"access_token"\s*:\s*"([^"]+)"/.exec(raw); -// return !!match; -// } +const redirectUriCheckController = new redirectUriCheck(); export function init(sdk: SDK) { - sdk.events.onInterceptRequest(async (sdk, req: Request) => { - const result = - authZCodeGrantController.testReq(req) || - implicitGrantController.testReq(req); + // sdk.events.onInterceptRequest(async (sdk, req: Request) => { + // const result = csrfCheck.checker(req); - if (result) { - await pkceCheckController.test(sdk, req); - - await sdk.findings.create({ - title: "Possible SSO Request Detected", - description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, - request: req, - reporter: "", - }); + // if (result) { + // await sdk.findings.create({ + // title: "Possible SSO Request Detected", + // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, + // request: req, + // reporter: "", + // }); + // } + // }); + sdk.events.onInterceptRequest( + async(sdk: SDK, {}>, req: Request) => { + await redirectUriCheckController.onRequest(sdk, req); } + ); - }); -} + sdk.events.onInterceptResponse( + async (sdk: SDK, {}>, req: Request, resp: Response) => { + await pkceCheckController.test(sdk, req); + await redirectUriCheckController.onResponse(sdk, req, resp); + + // sdk.events.onInterceptRequest(async (sdk, req: Request) => { + // const result = + // authZCodeGrantController.testReq(req) || + // implicitGrantController.testReq(req); + + // if (result) { + // await pkceCheckController.test(sdk, req); + + // await sdk.findings.create({ + // title: "Possible SSO Request Detected", + // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, + // request: req, + // reporter: "", + // }); + } + ); +} \ No newline at end of file diff --git a/packages/backend/tsconfig.json b/packages/backend/tsconfig.json index 022c0b2..dc746b1 100644 --- a/packages/backend/tsconfig.json +++ b/packages/backend/tsconfig.json @@ -2,6 +2,7 @@ "extends": "../../tsconfig.json", "compilerOptions": { "types": ["@caido/sdk-backend"], + "lib": ["ESNext", "DOM"] }, "include": ["./src/**/*.ts"] } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 67de64e..c26ccf3 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,21 +10,20 @@ importers: devDependencies: '@caido-community/dev': specifier: ^0.1.3 - version: 0.1.5(postcss@8.5.3)(typescript@5.5.4) + version: 0.1.6(postcss@8.5.3)(typescript@5.5.4) + '@caido/sdk-backend': + specifier: ^0.46.0 + version: 0.46.0 typescript: specifier: 5.5.4 version: 5.5.4 - packages/backend: - devDependencies: - '@caido/sdk-backend': - specifier: ^0.46.0 - version: 0.46.0 + packages/backend: {} packages: - '@caido-community/dev@0.1.5': - resolution: {integrity: sha512-mM+komusTlKNViTlAR055KS9pQJk+jKzbFlUb+MKaFuopMG6qS93z6PSz/08uc7u7/i+U7YiiQvaa7c1IXvl6Q==} + '@caido-community/dev@0.1.6': + resolution: {integrity: sha512-WAWmPdEahh4e24sO4crt+nvqZryhKsy4yP5QYGoyUKqEYVAct5S/lI9fHdoIRQPJDSds3ayB6jgMKAlifd8BAg==} engines: {node: '>=20', pnpm: '>=9'} hasBin: true @@ -598,8 +597,8 @@ packages: jackspeak@3.4.3: resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} - jackspeak@4.1.0: - resolution: {integrity: sha512-9DDdhb5j6cpeitCbvLO7n7J4IxnbM6hoF6O1g4HQ5TfhvvKN8ywDM7668ZhMHRqVmxqhps/F6syWK2KcPxYlkw==} + jackspeak@4.1.1: + resolution: {integrity: sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==} engines: {node: 20 || >=22} jiti@2.4.2: @@ -1056,7 +1055,7 @@ packages: snapshots: - '@caido-community/dev@0.1.5(postcss@8.5.3)(typescript@5.5.4)': + '@caido-community/dev@0.1.6(postcss@8.5.3)(typescript@5.5.4)': dependencies: '@caido/plugin-manifest': 0.3.0 chalk: 5.4.1 @@ -1533,7 +1532,7 @@ snapshots: glob@11.0.1: dependencies: foreground-child: 3.3.1 - jackspeak: 4.1.0 + jackspeak: 4.1.1 minimatch: 10.0.1 minipass: 7.1.2 package-json-from-dist: 1.0.1 @@ -1579,7 +1578,7 @@ snapshots: optionalDependencies: '@pkgjs/parseargs': 0.11.0 - jackspeak@4.1.0: + jackspeak@4.1.1: dependencies: '@isaacs/cliui': 8.0.2