From a19bd3cc48999a84c76bac54c3553295910a66cc Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Thu, 25 Jun 2026 14:54:32 +0530
Subject: [PATCH 1/7] ignore script related changes

---
 .github/workflows/ci.yml      |  9 ++++++++-
 .github/workflows/release.yml | 10 +++++++++-
 .npmrc                        |  5 +++++
 3 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 .npmrc

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2bfecb6..d0261ca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,12 +18,19 @@ jobs:
           sudo apt-get install git-lfs
           git lfs install
 
+      - name: Verify single lockfile
+        run: |
+          if [ -f package-lock.json ] && [ -f yarn.lock ]; then
+            echo "ERROR: Both lockfiles exist"
+            exit 1
+          fi
+
       - name: Use Node.js 22.11.0
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: 22.11.0
           registry-url: https://npm.pkg.github.com/
-      - run: npm ci
+      - run: npm ci --ignore-scripts
       - name: Code Linting
         run: npm run lint
       - run: npm run build --if-present
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 30b07b1..c000e7a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,6 +77,14 @@ jobs:
           fetch-depth: 0
           lfs: true  # Ensure LFS files are checked out
 
+      # VERIFY SINGLE LOCKFILE
+      - name: Verify single lockfile
+        run: |
+          if [ -f package-lock.json ] && [ -f yarn.lock ]; then
+            echo "ERROR: Both lockfiles exist"
+            exit 1
+          fi
+
       # GIT CONFIGURATION
       - run: |
           git config user.name github-actions
@@ -133,7 +141,7 @@ jobs:
       # RUN NPM INSTALL AND BUILD
       - name: NPM ci and build
         run: |
-          npm ci
+          npm ci --ignore-scripts
           npm run build
 
       # CREATE PR FOR VERSION
diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..18a6ebb
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,5 @@
+Default registry for most packages
+registry=https://npm.echohq.com/
+
+# Supply Chain Security Policy: Block lifecycle scripts
+ignore-scripts=true
\ No newline at end of file

From 601ffb3ec923cad43d6b883b1f291d3e0d07e744 Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Thu, 25 Jun 2026 14:57:08 +0530
Subject: [PATCH 2/7] ignore to npmrc

---
 .github/workflows/ci.yml      | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d0261ca..b4f0c05 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           node-version: 22.11.0
           registry-url: https://npm.pkg.github.com/
-      - run: npm ci --ignore-scripts
+      - run: npm ci
       - name: Code Linting
         run: npm run lint
       - run: npm run build --if-present
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c000e7a..85a5a14 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -141,7 +141,7 @@ jobs:
       # RUN NPM INSTALL AND BUILD
       - name: NPM ci and build
         run: |
-          npm ci --ignore-scripts
+          npm ci
           npm run build
 
       # CREATE PR FOR VERSION

From b211ee4474f03a3d557f2203111aef02b57b2b83 Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Thu, 25 Jun 2026 17:20:40 +0530
Subject: [PATCH 3/7] Verified commit

---
 .npmrc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.npmrc b/.npmrc
index 18a6ebb..3e0d684 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1,5 +1,4 @@
 Default registry for most packages
 registry=https://npm.echohq.com/
 
-# Supply Chain Security Policy: Block lifecycle scripts
 ignore-scripts=true
\ No newline at end of file

From 048cfe53e25c031d857ed669e88085a9686ea26c Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Thu, 25 Jun 2026 17:26:14 +0530
Subject: [PATCH 4/7] npmrc changes

---
 .npmrc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.npmrc b/.npmrc
index 3e0d684..9990ccf 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1,4 +1,4 @@
-Default registry for most packages
+# Default registry for most packages
 registry=https://npm.echohq.com/
 
 ignore-scripts=true
\ No newline at end of file

From 8aa08db33e82f6fd7a9e703d6421f4e1d2fe623e Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Fri, 26 Jun 2026 12:13:31 +0530
Subject: [PATCH 5/7] Verify only one file is present

---
 .github/workflows/ci.yml      | 5 +++++
 .github/workflows/release.yml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b4f0c05..ae6ab87 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,6 +25,11 @@ jobs:
             exit 1
           fi
 
+          if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
+            echo "ERROR: No lockfile found,Policy requires exactly ONE package manager lockfile"
+            exit 1
+          fi
+
       - name: Use Node.js 22.11.0
         uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 85a5a14..e81704b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -85,6 +85,11 @@ jobs:
             exit 1
           fi
 
+          if [ ! -f yarn.lock ] && [ ! -f package-lock.json ]; then
+            echo "ERROR: No lockfile found,Policy requires exactly ONE package manager lockfile"
+            exit 1
+          fi
+
       # GIT CONFIGURATION
       - run: |
           git config user.name github-actions

From 817ab6cc378f63bf269dff4a9c05841f7f7ae8ff Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Fri, 26 Jun 2026 14:05:36 +0530
Subject: [PATCH 6/7] resolved imports

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index f84d288..19d2f8b 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,8 @@
     "serialize-javascript": "6.0.2",
     "brace-expansion": "2.0.3",
     "lodash": "4.18.0",
-    "uuid": "14.0.0"
+    "uuid": "14.0.0",
+    "js-yaml": "4.2.0"
   },
   "publishConfig": {
     "registry": "https://npm.pkg.github.com"

From 2d3d4a61117d81d9a522f26b6cd7230368158b5f Mon Sep 17 00:00:00 2001
From: Aniket Shinde <aniket.shinde@checkmarx.com>
Date: Fri, 26 Jun 2026 14:46:44 +0530
Subject: [PATCH 7/7] resolved imports

---
 package-lock.json | 111 +++++++++++++++-------------------------------
 1 file changed, 36 insertions(+), 75 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 312187c..5c5d50f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@Checkmarx/ast-cli-javascript-wrapper",
-  "version": "0.0.155",
+  "version": "0.0.158",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@Checkmarx/ast-cli-javascript-wrapper",
-      "version": "0.0.155",
+      "version": "0.0.158",
       "license": "ISC",
       "dependencies": {
         "log4js": "^6.9.1"
@@ -635,30 +635,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": {
-      "version": "1.0.10",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/argparse/-/argparse-1.0.10.tgz",
-      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "sprintf-js": "~1.0.2"
-      }
-    },
-    "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
-      "version": "3.14.2",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/js-yaml/-/js-yaml-3.14.2.tgz",
-      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "argparse": "^1.0.7",
-        "esprima": "^4.0.0"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
-      }
-    },
     "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from": {
       "version": "5.0.0",
       "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/resolve-from/-/resolve-from-5.0.0.tgz",
@@ -1222,9 +1198,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.19.21",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/@types/node/-/node-22.19.21.tgz",
-      "integrity": "sha512-VMeFBSCKQKmm2swI2kW51SFusDqekC6q9trBCvJ/JliDchFSuoYYKN7yVNjPthP1HKZcx3U1gI/wTcEBjEFKTA==",
+      "version": "22.20.0",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/@types/node/-/node-22.20.0.tgz",
+      "integrity": "sha512-QWlFW2wf3nTjC13/DqRnBpR4ZO36VJH/JVBkA/vcnmbTBNQIlnObqyqZE1tUR7+Ni23Lda8R1BxMfbXRpCUx5g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1303,6 +1279,7 @@
       "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==",
       "dev": true,
       "license": "BSD-2-Clause",
+      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "5.62.0",
         "@typescript-eslint/types": "5.62.0",
@@ -1464,6 +1441,7 @@
       "integrity": "sha512-xRQbDb9BnwDafYNn6Vwl839DYVjqXYb1XVGtWAZ1kcDc6iwAL4hg3B1dZlRiuENFeO2H53gFG3in621AdERVAg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -1728,9 +1706,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.37",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/baseline-browser-mapping/-/baseline-browser-mapping-2.10.37.tgz",
-      "integrity": "sha512-girxaJ7WZssDOFhzCGZTDKoTa1gk6A1TbflaYTpykLJ4UU9Fz9kx1aREM8JCuoVHbL8X8T/mJg7w2oYSq72Oig==",
+      "version": "2.10.38",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/baseline-browser-mapping/-/baseline-browser-mapping-2.10.38.tgz",
+      "integrity": "sha512-31/02mVB4yuQU6adKk5SlY6m+mxDwUq5KZkyYgnLrrKl7TEm1+3PyDtDBz2kOv/wxZz41GHsvV1A/u6RmiyBvw==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
@@ -1764,9 +1742,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.28.2",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/browserslist/-/browserslist-4.28.2.tgz",
-      "integrity": "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==",
+      "version": "4.28.4",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/browserslist/-/browserslist-4.28.4.tgz",
+      "integrity": "sha512-MTc8i/x9jBQd1iMw2CFGS+rwMa07eYjLR0CCTLDACl9xhxy+nIs3KeML/biicXtk9JrZ6dnnTatmc7ErPXIxqw==",
       "dev": true,
       "funding": [
         {
@@ -1783,11 +1761,12 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "dependencies": {
-        "baseline-browser-mapping": "^2.10.12",
-        "caniuse-lite": "^1.0.30001782",
-        "electron-to-chromium": "^1.5.328",
-        "node-releases": "^2.0.36",
+        "baseline-browser-mapping": "^2.10.38",
+        "caniuse-lite": "^1.0.30001799",
+        "electron-to-chromium": "^1.5.376",
+        "node-releases": "^2.0.48",
         "update-browserslist-db": "^1.2.3"
       },
       "bin": {
@@ -2144,9 +2123,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.372",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/electron-to-chromium/-/electron-to-chromium-1.5.372.tgz",
-      "integrity": "sha512-M3yhbAlilnwqC8D21t28UCDGHyitShTmmLRU/H+b74P6Ski16Nb9HONYEaVpMj/pwC7BEo5B95FpjODLCWbtfA==",
+      "version": "1.5.378",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/electron-to-chromium/-/electron-to-chromium-1.5.378.tgz",
+      "integrity": "sha512-VinvOAuuPmdD1guEgGv5f2Qp7/vlfqOrUOMYNnOD4wj3pit8kRsQHzfIf6teyUGWo15Tg5+bOJaRunvyltpVWQ==",
       "dev": true,
       "license": "ISC"
     },
@@ -2234,6 +2213,7 @@
       "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@eslint/eslintrc": "^1.0.3",
         "@humanwhocodes/config-array": "^0.6.0",
@@ -2392,20 +2372,6 @@
         "url": "https://opencollective.com/eslint"
       }
     },
-    "node_modules/esprima": {
-      "version": "4.0.1",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/esprima/-/esprima-4.0.1.tgz",
-      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
-      "dev": true,
-      "license": "BSD-2-Clause",
-      "bin": {
-        "esparse": "bin/esparse.js",
-        "esvalidate": "bin/esvalidate.js"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/esquery": {
       "version": "1.7.0",
       "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/esquery/-/esquery-1.7.0.tgz",
@@ -3230,6 +3196,7 @@
       "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@jest/core": "^29.7.0",
         "@jest/types": "^29.6.3",
@@ -3425,9 +3392,9 @@
       }
     },
     "node_modules/jest-cli/node_modules/yargs": {
-      "version": "17.7.2",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/yargs/-/yargs-17.7.2.tgz",
-      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
+      "version": "17.7.3",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/yargs/-/yargs-17.7.3.tgz",
+      "integrity": "sha512-GZtjxm/J/4TSxuL3FNYjCmLktBTnIw/rVmKSIyKeYAZpmJB2ig9VauCC5xsa82GNKVKDAqpOn3KVzNt0zmrU0g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4540,9 +4507,9 @@
       "license": "MIT"
     },
     "node_modules/node-releases": {
-      "version": "2.0.47",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/node-releases/-/node-releases-2.0.47.tgz",
-      "integrity": "sha512-Uzmd6LXpouKo8EUK68IjH4+E01w/hXyV3R3g/geCJo+rXLNfh1xucB+LOzYEOQPSiUK3h/xZf0cQGcSsmyL2Og==",
+      "version": "2.0.49",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/node-releases/-/node-releases-2.0.49.tgz",
+      "integrity": "sha512-f06bl1D+8ZDkn2oOQQKAh5/otFWqVnM1Q5oerA8Pex7UfT66Tx4IPHIqVVFKqFT3FUtaDstdgkM7yT7JWhqxfw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -5095,9 +5062,9 @@
       "license": "MIT"
     },
     "node_modules/semver": {
-      "version": "7.8.4",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/semver/-/semver-7.8.4.tgz",
-      "integrity": "sha512-rUCObTnP32Q08R2uuIrt7r9PlEonuTmtuXYcW6s5kjdlj3xbnwe+21yXptAUYcMAABLkYYTtnmzb3w3EDZfueA==",
+      "version": "7.8.5",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/semver/-/semver-7.8.5.tgz",
+      "integrity": "sha512-Y7/KDsb8LjooZpwaqGyulO6DQlksgCncchHGk+sZIY4SBvUocMBEFH5Ur1fI4dV+Jvl0w6cjvucaIi40puRioA==",
       "dev": true,
       "license": "ISC",
       "bin": {
@@ -5175,13 +5142,6 @@
         "source-map": "^0.6.0"
       }
     },
-    "node_modules/sprintf-js": {
-      "version": "1.0.3",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==",
-      "dev": true,
-      "license": "BSD-3-Clause"
-    },
     "node_modules/stack-utils": {
       "version": "2.0.6",
       "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/stack-utils/-/stack-utils-2.0.6.tgz",
@@ -5554,6 +5514,7 @@
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
+      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -5782,9 +5743,9 @@
       "license": "ISC"
     },
     "node_modules/yargs": {
-      "version": "16.2.0",
-      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/yargs/-/yargs-16.2.0.tgz",
-      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
+      "version": "16.2.2",
+      "resolved": "https://packages.echohq.com/artifactory/api/npm/npm/yargs/-/yargs-16.2.2.tgz",
+      "integrity": "sha512-Nt9ZJjXTv5R8MHbqby/wXQ6Gi0Bb3TcYZkR1bzuL4yB2OxWPkXknz513gEF0GoA6tn00UpbPvERW8rzCuWCA6w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {