opa fmt -w .

confirmed_malicious.rego

@@ -9,24 +9,24 @@ import rego.v1
 
 # Returns a violation if the author is known malicious
 deny contains issue if {
-        some issue in data.issues
-        issue.tag == "CA0001"
+	some issue in data.issues
+	issue.tag == "CA0001"
 }
 
 # Returns a violation if the package contains verified malware
 deny contains issue if {
-        some issue in data.issues
-        issue.tag == "CM0037"
+	some issue in data.issues
+	issue.tag == "CM0037"
 }
 
 # Returns a violation if the package contains a known-bad compiled binary
 deny contains issue if {
-        some issue in data.issues
-        issue.tag == "CM0038"
+	some issue in data.issues
+	issue.tag == "CM0038"
 }
 
 # Returns a violation if the package depends on a known malicious package
 deny contains issue if {
-        some issue in data.issues
-        issue.tag == "CM0039"
+	some issue in data.issues
+	issue.tag == "CM0039"
 }

data_exfiltration.rego

@@ -9,12 +9,12 @@ import rego.v1
 
 # Package contains environment variable enumeration
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "HM0025"
+	some issue in data.issues
+	issue.tag == "HM0025"
 }
 
 # Package contains webhook exfiltration
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "HM0036"
+	some issue in data.issues
+	issue.tag == "HM0036"
 }

dependency_confusion.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Package contains environment variable enumeration
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "HM0018"
+	some issue in data.issues
+	issue.tag == "HM0018"
 }

install_code.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Package contains code execution on install
 deny contains issue if {
-   some issue in data.issues
-   issue.tag in {"IM0042", "IM0043", "IM0044"}
+	some issue in data.issues
+	issue.tag in {"IM0042", "IM0043", "IM0044"}
 }

install_code_suspicious.rego

@@ -9,12 +9,12 @@ import rego.v1
 
 # Package contains suspicious code execution on install
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "CM0007"
+	some issue in data.issues
+	issue.tag == "CM0007"
 }
 
 # Package contains suspicious code execution on install
 deny contains issue if {
-   some issue in data.issues
-   endswith(issue.tag, "M0031")
+	some issue in data.issues
+	endswith(issue.tag, "M0031")
 }

license_mismatch.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # License mismatch
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "IL0022"
+	some issue in data.issues
+	issue.tag == "IL0022"
 }

minimal_code.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Package contains minimal code
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "IE0027"
+	some issue in data.issues
+	issue.tag == "IE0027"
 }

obfuscated_code.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Package contains obfuscated code
 deny contains issue if {
-   some issue in data.issues
-   issue.tag in {"HM0029", "HM0099", "HM0023", "IM0040", "IM0041"}
+	some issue in data.issues
+	issue.tag in {"HM0029", "HM0099", "HM0023", "IM0040", "IM0041"}
 }

runs_remote_code.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Runs remote code
 deny contains issue if {
-   some issue in data.issues
-   issue.tag in {"CM0024", "MM0024", "HM0032"}
+	some issue in data.issues
+	issue.tag in {"CM0024", "MM0024", "HM0032"}
 }

secret_non_test.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Secrets in non-test file
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "ME0016"
+	some issue in data.issues
+	issue.tag == "ME0016"
 }

show_all.rego

@@ -9,5 +9,5 @@ import rego.v1
 
 # Policy Violation
 deny contains issue if {
-   some issue in data.issues
+	some issue in data.issues
 }

suspicious_url.rego

@@ -9,6 +9,6 @@ import rego.v1
 
 # Suspicious URL reference
 deny contains issue if {
-   some issue in data.issues
-   issue.tag == "MM0028"
+	some issue in data.issues
+	issue.tag == "MM0028"
 }

typosquat.rego

@@ -5,15 +5,15 @@
 
 package policy.v1
 
-import rego.v1
 import data.phylum.domain
+import rego.v1
 
 # Potential typosquat with malicious characteristics
 deny contains typosquat_issue if {
-    some dependency in data.dependencies
+	some dependency in data.dependencies
 
-    some typosquat_issue in dependency.issues
-    typosquat_issue.tag == "HM0008"
+	some typosquat_issue in dependency.issues
+	typosquat_issue.tag == "HM0008"
 
-    count([d | dependency.issues[i].domain == domain.MALICIOUS; d := dependency.issues[i].domain]) > 1
+	count([d | dependency.issues[i].domain == domain.MALICIOUS; d := dependency.issues[i].domain]) > 1
 }

vuln_crit.rego

@@ -5,13 +5,13 @@
 
 package policy.v1
 
-import rego.v1
 import data.phylum.domain
 import data.phylum.level
+import rego.v1
 
 # Critical software vulnerability
 deny contains issue if {
-   some issue in data.issues
-   issue.domain == domain.VULNERABILITY
-   issue.severity == level.CRITICAL
+	some issue in data.issues
+	issue.domain == domain.VULNERABILITY
+	issue.severity == level.CRITICAL
 }

vuln_crit_high.rego

@@ -5,13 +5,13 @@
 
 package policy.v1
 
-import rego.v1
 import data.phylum.domain
 import data.phylum.level
+import rego.v1
 
 # Critical or High software vulnerability
 deny contains issue if {
-   some issue in data.issues
-   issue.domain == domain.VULNERABILITY
-   issue.severity > level.MEDIUM
+	some issue in data.issues
+	issue.domain == domain.VULNERABILITY
+	issue.severity > level.MEDIUM
 }