Add JavaScript and TypeScript language support

- Add tree-sitter-javascript and tree-sitter-typescript parsers
- Support file extensions: .js, .mjs, .cjs, .jsx, .ts, .mts, .cts, .tsx
- Add patterns for Node.js crypto module (createHash, createCipheriv, etc.)
- Add patterns for Web Crypto API (crypto.subtle.*)
- Add patterns for crypto-js library (CryptoJS.AES, CryptoJS.SHA256, etc.)
- Fix panic in import_like_nodes when checking require() calls
- Add test fixtures for all three JS/TS crypto libraries

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

Author: 3 people

Cargo.lock

@@ -36,9 +36,11 @@ tree-sitter-swift = { version = "0.7", optional = true }
 tree-sitter-php = { version = "0.24", optional = true }
 tree-sitter-objc = { version = "3.0", optional = true }
 tree-sitter-rust = { version = "0.23", optional = true }
+tree-sitter-javascript = { version = "0.25", optional = true }
+tree-sitter-typescript = { version = "0.23", optional = true }
 
 [features]
-default = ["lang-c", "lang-cpp", "lang-java", "lang-python", "lang-go", "lang-swift", "lang-php", "lang-objc", "lang-rust"]
+default = ["lang-c", "lang-cpp", "lang-java", "lang-python", "lang-go", "lang-swift", "lang-php", "lang-objc", "lang-rust", "lang-javascript", "lang-typescript"]
 lang-c = ["tree-sitter-c"]
 lang-cpp = ["tree-sitter-cpp"]
 lang-java = ["tree-sitter-java"]
@@ -48,6 +50,8 @@ lang-swift = ["tree-sitter-swift"]
 lang-php = ["tree-sitter-php"]
 lang-objc = ["tree-sitter-objc"]
 lang-rust = ["tree-sitter-rust"]
+lang-javascript = ["tree-sitter-javascript"]
+lang-typescript = ["tree-sitter-typescript"]
 
 [dev-dependencies]
 assert_cmd = "2.0"

Cargo.toml

@@ -0,0 +1,11 @@
+{"assetType":"library","identifier":"crypto-js","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":2,"column":18}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":17,"column":12},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":32,"column":12},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"AES","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":6,"column":12},"metadata":{"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"AES","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":11,"column":19},"metadata":{"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"SHA-3","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":55,"column":12},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"PBKDF2","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":42,"column":12},"metadata":{"primitive":"kdf","iterations":100000}}
+{"assetType":"algorithm","identifier":"3DES","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":50,"column":12},"metadata":{"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"MD5","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":27,"column":12},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-512","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":22,"column":12},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-512","path":"fixtures/javascript/crypto_js/src/test.js","evidence":{"line":37,"column":12},"metadata":{"primitive":"hash"}}

fixtures/javascript/crypto_js/expected.jsonl

@@ -0,0 +1,69 @@
+// crypto-js library usage examples
+const CryptoJS = require('crypto-js');
+
+// AES encryption
+function encryptAes(plaintext, key) {
+    return CryptoJS.AES.encrypt(plaintext, key).toString();
+}
+
+// AES decryption
+function decryptAes(ciphertext, key) {
+    const bytes = CryptoJS.AES.decrypt(ciphertext, key);
+    return bytes.toString(CryptoJS.enc.Utf8);
+}
+
+// SHA-256 hashing
+function hashSha256(data) {
+    return CryptoJS.SHA256(data).toString();
+}
+
+// SHA-512 hashing
+function hashSha512(data) {
+    return CryptoJS.SHA512(data).toString();
+}
+
+// MD5 hashing (not recommended for security)
+function hashMd5(data) {
+    return CryptoJS.MD5(data).toString();
+}
+
+// HMAC-SHA256
+function hmacSha256(data, key) {
+    return CryptoJS.HmacSHA256(data, key).toString();
+}
+
+// HMAC-SHA512
+function hmacSha512(data, key) {
+    return CryptoJS.HmacSHA512(data, key).toString();
+}
+
+// PBKDF2 key derivation
+function deriveKey(password, salt) {
+    return CryptoJS.PBKDF2(password, salt, {
+        keySize: 256 / 32,
+        iterations: 100000
+    }).toString();
+}
+
+// Triple DES encryption (legacy)
+function encryptTripleDes(plaintext, key) {
+    return CryptoJS.TripleDES.encrypt(plaintext, key).toString();
+}
+
+// SHA-3 hashing
+function hashSha3(data) {
+    return CryptoJS.SHA3(data).toString();
+}
+
+module.exports = {
+    encryptAes,
+    decryptAes,
+    hashSha256,
+    hashSha512,
+    hashMd5,
+    hmacSha256,
+    hmacSha512,
+    deriveKey,
+    encryptTripleDes,
+    hashSha3
+};

fixtures/javascript/crypto_js/src/test.js

@@ -0,0 +1,8 @@
+{"assetType":"library","identifier":"Node.js crypto","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":2,"column":16}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":6,"column":25},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":13,"column":25},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"scrypt","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":64,"column":19},"metadata":{"primitive":"kdf"}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":21,"column":27},"metadata":{"primitive":"symmetric","keySize":256}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":30,"column":29},"metadata":{"primitive":"symmetric","keySize":256}}
+{"assetType":"algorithm","identifier":"RSA","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":40,"column":16},"metadata":{"keySize":4096,"primitive":"asymmetric"}}
+{"assetType":"algorithm","identifier":"PBKDF2","path":"fixtures/javascript/node_crypto/src/test.js","evidence":{"line":59,"column":19},"metadata":{"iterations":100000,"primitive":"kdf"}}

fixtures/javascript/node_crypto/expected.jsonl

@@ -0,0 +1,75 @@
+// Node.js crypto module usage examples
+const crypto = require('crypto');
+
+// SHA-256 hashing
+function hashData(data) {
+    const hash = crypto.createHash('sha256');
+    hash.update(data);
+    return hash.digest('hex');
+}
+
+// HMAC-SHA256
+function hmacSign(data, key) {
+    const hmac = crypto.createHmac('sha256', key);
+    hmac.update(data);
+    return hmac.digest('hex');
+}
+
+// AES-256-GCM encryption
+function encryptAesGcm(plaintext, key) {
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+    let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag();
+    return { encrypted, iv, authTag };
+}
+
+// AES-256-GCM decryption
+function decryptAesGcm(encrypted, key, iv, authTag) {
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+
+// RSA key pair generation
+async function generateRsaKeyPair() {
+    return new Promise((resolve, reject) => {
+        crypto.generateKeyPair('rsa', {
+            modulusLength: 4096,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem'
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem'
+            }
+        }, (err, publicKey, privateKey) => {
+            if (err) reject(err);
+            else resolve({ publicKey, privateKey });
+        });
+    });
+}
+
+// PBKDF2 key derivation
+function deriveKey(password, salt) {
+    return crypto.pbkdf2Sync(password, salt, 100000, 32, 'sha256');
+}
+
+// scrypt key derivation
+function deriveKeyScrypt(password, salt) {
+    return crypto.scryptSync(password, salt, 32);
+}
+
+module.exports = {
+    hashData,
+    hmacSign,
+    encryptAesGcm,
+    decryptAesGcm,
+    generateRsaKeyPair,
+    deriveKey,
+    deriveKeyScrypt
+};

fixtures/javascript/node_crypto/src/test.js

@@ -0,0 +1,11 @@
+{"assetType":"library","identifier":"Web Crypto API","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":1,"column":1}}
+{"assetType":"algorithm","identifier":"PBKDF2","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":86,"column":13},"metadata":{"iterations":100000,"primitive":"kdf"}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":4,"column":11},"metadata":{"keySize":256,"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":92,"column":11},"metadata":{"keySize":256,"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"ECDSA","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":45,"column":11},"metadata":{"primitive":"signature","curve":"P-384"}}
+{"assetType":"algorithm","identifier":"SHA-384","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":54,"column":26},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-384","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":63,"column":26},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"RSA-OAEP","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":33,"column":13},"metadata":{"keySize":4096,"primitive":"asymmetric"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":36,"column":13},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":72,"column":32},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/javascript/webcrypto/src/test.js","evidence":{"line":89,"column":13},"metadata":{"primitive":"hash"}}

fixtures/javascript/webcrypto/expected.jsonl

@@ -0,0 +1,108 @@
+// Web Crypto API usage examples
+async function generateAesKey() {
+    return await crypto.subtle.generateKey(
+        { name: 'AES-GCM', length: 256 },
+        true,
+        ['encrypt', 'decrypt']
+    );
+}
+
+async function encryptData(key, data) {
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encoded = new TextEncoder().encode(data);
+    const ciphertext = await crypto.subtle.encrypt(
+        { name: 'AES-GCM', iv },
+        key,
+        encoded
+    );
+    return { ciphertext, iv };
+}
+
+async function decryptData(key, ciphertext, iv) {
+    const decrypted = await crypto.subtle.decrypt(
+        { name: 'AES-GCM', iv },
+        key,
+        ciphertext
+    );
+    return new TextDecoder().decode(decrypted);
+}
+
+async function generateRsaKeyPair() {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'RSA-OAEP',
+            modulusLength: 4096,
+            publicExponent: new Uint8Array([1, 0, 1]),
+            hash: 'SHA-256'
+        },
+        true,
+        ['encrypt', 'decrypt']
+    );
+}
+
+async function generateEcdsaKeyPair() {
+    return await crypto.subtle.generateKey(
+        { name: 'ECDSA', namedCurve: 'P-384' },
+        true,
+        ['sign', 'verify']
+    );
+}
+
+async function signData(privateKey, data) {
+    const encoded = new TextEncoder().encode(data);
+    return await crypto.subtle.sign(
+        { name: 'ECDSA', hash: 'SHA-384' },
+        privateKey,
+        encoded
+    );
+}
+
+async function verifySignature(publicKey, signature, data) {
+    const encoded = new TextEncoder().encode(data);
+    return await crypto.subtle.verify(
+        { name: 'ECDSA', hash: 'SHA-384' },
+        publicKey,
+        signature,
+        encoded
+    );
+}
+
+async function hashSha256(data) {
+    const encoded = new TextEncoder().encode(data);
+    return await crypto.subtle.digest('SHA-256', encoded);
+}
+
+async function deriveKeyPbkdf2(password, salt) {
+    const encoded = new TextEncoder().encode(password);
+    const keyMaterial = await crypto.subtle.importKey(
+        'raw',
+        encoded,
+        'PBKDF2',
+        false,
+        ['deriveBits', 'deriveKey']
+    );
+    return await crypto.subtle.deriveKey(
+        {
+            name: 'PBKDF2',
+            salt,
+            iterations: 100000,
+            hash: 'SHA-256'
+        },
+        keyMaterial,
+        { name: 'AES-GCM', length: 256 },
+        true,
+        ['encrypt', 'decrypt']
+    );
+}
+
+export {
+    generateAesKey,
+    encryptData,
+    decryptData,
+    generateRsaKeyPair,
+    generateEcdsaKeyPair,
+    signData,
+    verifySignature,
+    hashSha256,
+    deriveKeyPbkdf2
+};

fixtures/javascript/webcrypto/src/test.js

@@ -0,0 +1,14 @@
+{"assetType":"library","identifier":"Node.js crypto","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":2,"column":1}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":17,"column":25},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"SHA-256","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":31,"column":25},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"scrypt","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":108,"column":19},"metadata":{"primitive":"kdf"}}
+{"assetType":"algorithm","identifier":"SHA-512","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":24,"column":25},"metadata":{"primitive":"hash"}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":39,"column":27},"metadata":{"primitive":"symmetric","keySize":256}}
+{"assetType":"algorithm","identifier":"AES-GCM","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":53,"column":29},"metadata":{"primitive":"symmetric","keySize":256}}
+{"assetType":"algorithm","identifier":"ChaCha20-Poly1305","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":122,"column":27},"metadata":{"primitive":"symmetric"}}
+{"assetType":"algorithm","identifier":"ECDSA","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":93,"column":46},"metadata":{"curve":"P-384","primitive":"signature"}}
+{"assetType":"algorithm","identifier":"RSA","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":80,"column":16},"metadata":{"primitive":"asymmetric","keySize":4096}}
+{"assetType":"algorithm","identifier":"HKDF","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":117,"column":19},"metadata":{"primitive":"kdf"}}
+{"assetType":"algorithm","identifier":"Ed25519","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":70,"column":46},"metadata":{"primitive":"signature"}}
+{"assetType":"algorithm","identifier":"PBKDF2","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":103,"column":19},"metadata":{"primitive":"kdf","iterations":100000}}
+{"assetType":"algorithm","identifier":"AES-CBC","path":"fixtures/typescript/node_crypto/src/test.ts","evidence":{"line":62,"column":27},"metadata":{"primitive":"symmetric","keySize":256}}