npm - @cyberhub/shieldpm - Versions diffs - 0.1.0 - Mend

@cyberhub/shieldpm 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/LICENSE +21 -0
package/README.md +239 -0
package/dist/analyzer/static.d.ts +35 -0
package/dist/analyzer/static.d.ts.map +1 -0
package/dist/analyzer/static.js +416 -0
package/dist/analyzer/static.js.map +1 -0
package/dist/analyzer/typosquat.d.ts +30 -0
package/dist/analyzer/typosquat.d.ts.map +1 -0
package/dist/analyzer/typosquat.js +211 -0
package/dist/analyzer/typosquat.js.map +1 -0
package/dist/cli.d.ts +10 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +621 -0
package/dist/cli.js.map +1 -0
package/dist/diff/dependency.d.ts +51 -0
package/dist/diff/dependency.d.ts.map +1 -0
package/dist/diff/dependency.js +222 -0
package/dist/diff/dependency.js.map +1 -0
package/dist/fingerprint/profile.d.ts +68 -0
package/dist/fingerprint/profile.d.ts.map +1 -0
package/dist/fingerprint/profile.js +233 -0
package/dist/fingerprint/profile.js.map +1 -0
package/dist/index.d.ts +21 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +22 -0
package/dist/index.js.map +1 -0
package/dist/monitor/permissions.d.ts +45 -0
package/dist/monitor/permissions.d.ts.map +1 -0
package/dist/monitor/permissions.js +265 -0
package/dist/monitor/permissions.js.map +1 -0
package/dist/sandbox/runner.d.ts +46 -0
package/dist/sandbox/runner.d.ts.map +1 -0
package/dist/sandbox/runner.js +216 -0
package/dist/sandbox/runner.js.map +1 -0
package/dist/utils/colors.d.ts +31 -0
package/dist/utils/colors.d.ts.map +1 -0
package/dist/utils/colors.js +54 -0
package/dist/utils/colors.js.map +1 -0
package/dist/utils/logger.d.ts +26 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +77 -0
package/dist/utils/logger.js.map +1 -0
package/package.json +24 -0
package/src/analyzer/static.ts +483 -0
package/src/analyzer/typosquat.ts +272 -0
package/src/cli.ts +700 -0
package/src/diff/dependency.ts +297 -0
package/src/fingerprint/profile.ts +333 -0
package/src/index.ts +34 -0
package/src/monitor/permissions.ts +330 -0
package/src/sandbox/runner.ts +302 -0
package/src/utils/colors.ts +58 -0
package/src/utils/logger.ts +87 -0
package/tsconfig.json +19 -0

package/dist/analyzer/static.js ADDED Viewed

@@ -0,0 +1,416 @@
+/**
+ * ShieldPM — Static Analysis Engine
+ * Scans package source code for suspicious patterns, network calls,
+ * filesystem access, obfuscation, and dynamic code execution.
+ */
+import { readdir, readFile } from 'node:fs/promises';
+import { join, extname, relative } from 'node:path';
+const PATTERNS = [
+    // ── Dynamic code execution ──
+    {
+        rule: 'no-eval',
+        pattern: /\beval\s*\(/g,
+        severity: 'critical',
+        category: 'code-execution',
+        message: 'eval() can execute arbitrary code',
+    },
+    {
+        rule: 'no-function-constructor',
+        pattern: /\bnew\s+Function\s*\(/g,
+        severity: 'critical',
+        category: 'code-execution',
+        message: 'Function constructor can execute arbitrary code',
+    },
+    {
+        rule: 'no-vm-runInContext',
+        pattern: /\bvm\s*\.\s*(runInNewContext|runInThisContext|runInContext|compileFunction)\s*\(/g,
+        severity: 'high',
+        category: 'code-execution',
+        message: 'vm module can execute arbitrary code',
+    },
+    {
+        rule: 'no-buffer-eval',
+        pattern: /Buffer\.from\s*\([^)]+\)\s*\.\s*toString\s*\([^)]*\)[\s\S]{0,50}eval/g,
+        severity: 'critical',
+        category: 'code-execution',
+        message: 'Buffer decode + eval pattern — likely obfuscated code execution',
+    },
+    // ── Child process / shell ──
+    {
+        rule: 'no-child-process',
+        pattern: /require\s*\(\s*['"`]child_process['"`]\s*\)/g,
+        severity: 'high',
+        category: 'process',
+        message: 'child_process can spawn arbitrary system commands',
+    },
+    {
+        rule: 'no-child-process-import',
+        pattern: /from\s+['"`]child_process['"`]/g,
+        severity: 'high',
+        category: 'process',
+        message: 'child_process import — can spawn arbitrary system commands',
+    },
+    {
+        rule: 'no-exec-sync',
+        pattern: /\b(execSync|exec|spawn|spawnSync|fork|execFile|execFileSync)\s*\(/g,
+        severity: 'high',
+        category: 'process',
+        message: 'Process execution function detected',
+    },
+    // ── Network access ──
+    {
+        rule: 'no-http-require',
+        pattern: /require\s*\(\s*['"`](https?|net|tls|dgram)['"`]\s*\)/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'Network module require',
+    },
+    {
+        rule: 'no-http-import',
+        pattern: /from\s+['"`](https?|net|tls|dgram)['"`]/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'Network module import',
+    },
+    {
+        rule: 'no-http-request',
+        pattern: /\b(https?)\s*\.\s*(request|get)\s*\(/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'HTTP request detected',
+    },
+    {
+        rule: 'no-fetch',
+        pattern: /\bfetch\s*\(\s*['"`]https?:/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'fetch() call to external URL',
+    },
+    {
+        rule: 'no-fetch-dynamic',
+        pattern: /\bfetch\s*\(\s*[^'"`\s]/g,
+        severity: 'high',
+        category: 'network',
+        message: 'fetch() with dynamic URL — destination unknown',
+    },
+    {
+        rule: 'no-dns-lookup',
+        pattern: /\bdns\s*\.\s*(lookup|resolve|resolve4|resolve6)\s*\(/g,
+        severity: 'low',
+        category: 'network',
+        message: 'DNS lookup detected',
+    },
+    {
+        rule: 'no-xmlhttprequest',
+        pattern: /\bnew\s+XMLHttpRequest\s*\(/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'XMLHttpRequest detected',
+    },
+    {
+        rule: 'no-websocket',
+        pattern: /\bnew\s+WebSocket\s*\(/g,
+        severity: 'medium',
+        category: 'network',
+        message: 'WebSocket connection detected',
+    },
+    // ── File system access ──
+    {
+        rule: 'no-fs-require',
+        pattern: /require\s*\(\s*['"`]fs['"`]\s*\)/g,
+        severity: 'low',
+        category: 'filesystem',
+        message: 'fs module require',
+    },
+    {
+        rule: 'no-fs-import',
+        pattern: /from\s+['"`](fs|node:fs|fs\/promises|node:fs\/promises)['"`]/g,
+        severity: 'low',
+        category: 'filesystem',
+        message: 'fs module import',
+    },
+    {
+        rule: 'no-sensitive-path-read',
+        pattern: /\b(readFile|readFileSync|createReadStream)\s*\(\s*['"`](\/etc\/passwd|\/etc\/shadow|~\/\.ssh|~\/\.aws|~\/\.npmrc|~\/\.env|\/proc\/)/g,
+        severity: 'critical',
+        category: 'filesystem',
+        message: 'Reading sensitive system file',
+    },
+    {
+        rule: 'no-sensitive-path-write',
+        pattern: /\b(writeFile|writeFileSync|appendFile|appendFileSync)\s*\(\s*['"`](\/etc\/|\/usr\/|\/bin\/|~\/\.bashrc|~\/\.profile)/g,
+        severity: 'critical',
+        category: 'filesystem',
+        message: 'Writing to sensitive system path',
+    },
+    {
+        rule: 'no-fs-unlink',
+        pattern: /\b(unlink|unlinkSync|rmdir|rmdirSync|rm)\s*\(/g,
+        severity: 'medium',
+        category: 'filesystem',
+        message: 'File/directory deletion detected',
+    },
+    {
+        rule: 'no-home-dir-readdir',
+        pattern: /\b(readdir|readdirSync)\s*\(\s*['"`](~|\/home\/|\/Users\/)/g,
+        severity: 'high',
+        category: 'filesystem',
+        message: 'Listing home directory contents',
+    },
+    // ── Environment variable access ──
+    {
+        rule: 'no-env-access',
+        pattern: /process\.env\b/g,
+        severity: 'low',
+        category: 'environment',
+        message: 'Accesses environment variables',
+    },
+    {
+        rule: 'no-env-sensitive',
+        pattern: /process\.env\s*\[\s*['"`](API_KEY|SECRET|TOKEN|PASSWORD|AWS_|GITHUB_TOKEN|NPM_TOKEN|DATABASE_URL|PRIVATE_KEY)/g,
+        severity: 'high',
+        category: 'environment',
+        message: 'Accesses sensitive environment variable',
+    },
+    {
+        rule: 'no-env-exfiltrate',
+        pattern: /JSON\.stringify\s*\(\s*process\.env\s*\)/g,
+        severity: 'critical',
+        category: 'environment',
+        message: 'Serializing entire process.env — possible credential exfiltration',
+    },
+    // ── Dynamic require / import ──
+    {
+        rule: 'no-dynamic-require',
+        pattern: /require\s*\(\s*[^'"`\s)][^)]*\)/g,
+        severity: 'medium',
+        category: 'code-execution',
+        message: 'Dynamic require with non-literal argument',
+    },
+    {
+        rule: 'no-dynamic-import',
+        pattern: /import\s*\(\s*[^'"`\s)][^)]*\)/g,
+        severity: 'medium',
+        category: 'code-execution',
+        message: 'Dynamic import with non-literal argument',
+    },
+    // ── Obfuscation ──
+    {
+        rule: 'no-charcode-build',
+        pattern: /String\.fromCharCode\s*\(/g,
+        severity: 'high',
+        category: 'obfuscation',
+        message: 'String.fromCharCode — common obfuscation technique',
+    },
+    {
+        rule: 'no-hex-string',
+        pattern: /\\x[0-9a-fA-F]{2}(\\x[0-9a-fA-F]{2}){3,}/g,
+        severity: 'high',
+        category: 'obfuscation',
+        message: 'Long hex escape sequence — possible obfuscated string',
+    },
+    {
+        rule: 'no-unicode-escape',
+        pattern: /\\u[0-9a-fA-F]{4}(\\u[0-9a-fA-F]{4}){5,}/g,
+        severity: 'high',
+        category: 'obfuscation',
+        message: 'Long unicode escape sequence — possible obfuscated string',
+    },
+    {
+        rule: 'no-atob',
+        pattern: /\batob\s*\(/g,
+        severity: 'medium',
+        category: 'obfuscation',
+        message: 'Base64 decode — may hide malicious strings',
+    },
+    {
+        rule: 'no-base64-decode',
+        pattern: /Buffer\.from\s*\([^,]+,\s*['"`]base64['"`]\s*\)/g,
+        severity: 'medium',
+        category: 'obfuscation',
+        message: 'Base64 decode via Buffer — may hide malicious strings',
+    },
+    // ── Prototype pollution ──
+    {
+        rule: 'no-proto-access',
+        pattern: /\[['"`]__proto__['"`]\]/g,
+        severity: 'high',
+        category: 'prototype-pollution',
+        message: '__proto__ access — possible prototype pollution',
+    },
+    {
+        rule: 'no-constructor-prototype',
+        pattern: /\bconstructor\s*\[\s*['"`]prototype['"`]\s*\]/g,
+        severity: 'high',
+        category: 'prototype-pollution',
+        message: 'constructor.prototype access — possible prototype pollution',
+    },
+    // ── Install scripts ──
+    {
+        rule: 'no-preinstall-script',
+        pattern: /"preinstall"\s*:\s*"/g,
+        severity: 'high',
+        category: 'install-script',
+        message: 'preinstall script can execute code before user reviews package',
+    },
+    {
+        rule: 'no-postinstall-script',
+        pattern: /"postinstall"\s*:\s*"/g,
+        severity: 'medium',
+        category: 'install-script',
+        message: 'postinstall script detected',
+    },
+];
+// ── Severity weights for scoring ─────────────────────────────────────────
+const SEVERITY_WEIGHT = {
+    critical: 3.0,
+    high: 2.0,
+    medium: 1.0,
+    low: 0.3,
+    info: 0.0,
+};
+// ── File collection ──────────────────────────────────────────────────────
+const SCANNABLE_EXTENSIONS = new Set(['.js', '.mjs', '.cjs', '.ts', '.mts', '.cts', '.json']);
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', 'coverage', '.shieldpm']);
+async function collectFiles(dir) {
+    const files = [];
+    async function walk(d) {
+        let entries;
+        try {
+            entries = await readdir(d, { withFileTypes: true });
+        }
+        catch {
+            return; // skip unreadable dirs
+        }
+        for (const entry of entries) {
+            const full = join(d, entry.name);
+            if (entry.isDirectory()) {
+                if (!SKIP_DIRS.has(entry.name)) {
+                    await walk(full);
+                }
+            }
+            else if (entry.isFile() && SCANNABLE_EXTENSIONS.has(extname(entry.name))) {
+                files.push(full);
+            }
+        }
+    }
+    await walk(dir);
+    return files;
+}
+// ── Core scan logic ──────────────────────────────────────────────────────
+function scanContent(content, filePath, rules) {
+    const findings = [];
+    const lines = content.split('\n');
+    for (const rule of rules) {
+        // Reset lastIndex for global regexes
+        rule.pattern.lastIndex = 0;
+        let match;
+        while ((match = rule.pattern.exec(content)) !== null) {
+            // Calculate line and column
+            const beforeMatch = content.slice(0, match.index);
+            const line = (beforeMatch.match(/\n/g) || []).length + 1;
+            const lastNewline = beforeMatch.lastIndexOf('\n');
+            const column = match.index - lastNewline;
+            // Grab the snippet (the matched line)
+            const snippet = lines[line - 1]?.trim() ?? '';
+            findings.push({
+                severity: rule.severity,
+                category: rule.category,
+                message: rule.message,
+                file: filePath,
+                line,
+                column,
+                snippet: snippet.length > 120 ? snippet.slice(0, 117) + '...' : snippet,
+                rule: rule.rule,
+            });
+        }
+    }
+    return findings;
+}
+// ── Risk score calculation ───────────────────────────────────────────────
+function calculateScore(findings) {
+    if (findings.length === 0)
+        return 0;
+    let raw = 0;
+    for (const f of findings) {
+        raw += SEVERITY_WEIGHT[f.severity];
+    }
+    // Diminishing returns — many low findings shouldn't max the score
+    // Score = 10 * (1 - e^(-raw/8))
+    const score = 10 * (1 - Math.exp(-raw / 8));
+    return Math.round(score * 10) / 10; // one decimal
+}
+function buildSummary(findings, score) {
+    if (findings.length === 0)
+        return 'No suspicious patterns found.';
+    const critical = findings.filter((f) => f.severity === 'critical').length;
+    const high = findings.filter((f) => f.severity === 'high').length;
+    const medium = findings.filter((f) => f.severity === 'medium').length;
+    const low = findings.filter((f) => f.severity === 'low').length;
+    const parts = [];
+    if (critical > 0)
+        parts.push(`${critical} critical`);
+    if (high > 0)
+        parts.push(`${high} high`);
+    if (medium > 0)
+        parts.push(`${medium} medium`);
+    if (low > 0)
+        parts.push(`${low} low`);
+    const riskLabel = score >= 7 ? 'DANGEROUS' : score >= 4 ? 'SUSPICIOUS' : score >= 2 ? 'CAUTION' : 'LOW RISK';
+    return `Risk: ${riskLabel} (${score}/10) — ${findings.length} findings: ${parts.join(', ')}`;
+}
+// ── Public API ───────────────────────────────────────────────────────────
+/**
+ * Analyze a package directory for security risks via static pattern matching.
+ */
+export async function analyzePackage(packageDir) {
+    const files = await collectFiles(packageDir);
+    const allFindings = [];
+    for (const file of files) {
+        let content;
+        try {
+            content = await readFile(file, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        const relPath = relative(packageDir, file);
+        const findings = scanContent(content, relPath, PATTERNS);
+        allFindings.push(...findings);
+    }
+    // Deduplicate same rule+file+line
+    const seen = new Set();
+    const deduped = allFindings.filter((f) => {
+        const key = `${f.rule}:${f.file}:${f.line}`;
+        if (seen.has(key))
+            return false;
+        seen.add(key);
+        return true;
+    });
+    // Sort: critical first, then by file/line
+    deduped.sort((a, b) => {
+        const sw = SEVERITY_WEIGHT[b.severity] - SEVERITY_WEIGHT[a.severity];
+        if (sw !== 0)
+            return sw;
+        return a.file.localeCompare(b.file) || a.line - b.line;
+    });
+    const score = calculateScore(deduped);
+    const categoryCounts = {};
+    for (const f of deduped) {
+        categoryCounts[f.category] = (categoryCounts[f.category] ?? 0) + 1;
+    }
+    return {
+        score,
+        findings: deduped,
+        summary: buildSummary(deduped, score),
+        categoryCounts,
+        filesScanned: files.length,
+    };
+}
+/**
+ * Analyze a single source string (useful for quick checks).
+ */
+export function analyzeSource(source, filename = '<input>') {
+    return scanContent(source, filename, PATTERNS);
+}
+//# sourceMappingURL=static.js.map

package/dist/analyzer/static.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"static.js","sourceRoot":"","sources":["../../src/analyzer/static.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAQ,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAsCpD,MAAM,QAAQ,GAAkB;IAC9B,+BAA+B;IAC/B;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,mCAAmC;KAC7C;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,iDAAiD;KAC3D;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,mFAAmF;QAC5F,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,sCAAsC;KAChD;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,iEAAiE;KAC3E;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,mDAAmD;KAC7D;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,4DAA4D;KACtE;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,qCAAqC;KAC/C;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,wBAAwB;KAClC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,uBAAuB;KACjC;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,uBAAuB;KACjC;IACD;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,8BAA8B;KACxC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,gDAAgD;KAC1D;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,qBAAqB;KAC/B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,yBAAyB;KACnC;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,+BAA+B;KACzC;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,mBAAmB;KAC7B;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,kBAAkB;KAC5B;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,sIAAsI;QAC/I,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,+BAA+B;KACzC;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,uHAAuH;QAChI,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,kCAAkC;KAC5C;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,kCAAkC;KAC5C;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,6DAA6D;QACtE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,YAAY;QACtB,OAAO,EAAE,iCAAiC;KAC3C;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,gCAAgC;KAC1C;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,gHAAgH;QACzH,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,yCAAyC;KACnD;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,mEAAmE;KAC7E;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,kCAAkC;QAC3C,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,2CAA2C;KACrD;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,iCAAiC;QAC1C,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,0CAA0C;KACpD;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,oDAAoD;KAC9D;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,2DAA2D;KACrE;IACD;QACE,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,cAAc;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,4CAA4C;KACtD;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,kDAAkD;QAC3D,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,uDAAuD;KACjE;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,iDAAiD;KAC3D;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,6DAA6D;KACvE;IAED,wBAAwB;IACxB;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,gEAAgE;KAC1E;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,6BAA6B;KACvC;CACF,CAAC;AAEF,4EAA4E;AAE5E,MAAM,eAAe,GAA6B;IAChD,QAAQ,EAAE,GAAG;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,GAAG;IACX,GAAG,EAAE,GAAG;IACR,IAAI,EAAE,GAAG;CACV,CAAC;AAEF,4EAA4E;AAE5E,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC9F,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;AAE9F,KAAK,UAAU,YAAY,CAAC,GAAW;IACrC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,CAAS;QAC3B,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,uBAAuB;QACjC,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC3E,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,4EAA4E;AAE5E,SAAS,WAAW,CAAC,OAAe,EAAE,QAAgB,EAAE,KAAoB;IAC1E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,qCAAqC;QACrC,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC3B,IAAI,KAA6B,CAAC;QAElC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,4BAA4B;YAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YACzD,MAAM,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC;YAEzC,sCAAsC;YACtC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAE9C,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,IAAI,EAAE,QAAQ;gBACd,IAAI;gBACJ,MAAM;gBACN,OAAO,EAAE,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO;gBACvE,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4EAA4E;AAE5E,SAAS,cAAc,CAAC,QAAmB;IACzC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAEpC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,GAAG,IAAI,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,kEAAkE;IAClE,gCAAgC;IAChC,MAAM,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,cAAc;AACpD,CAAC;AAED,SAAS,YAAY,CAAC,QAAmB,EAAE,KAAa;IACtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,+BAA+B,CAAC;IAElE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC1E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAClE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACtE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,WAAW,CAAC,CAAC;IACrD,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;IACzC,IAAI,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,SAAS,CAAC,CAAC;IAC/C,IAAI,GAAG,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC;IAEtC,MAAM,SAAS,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC;IAE7G,OAAO,SAAS,SAAS,KAAK,KAAK,UAAU,QAAQ,CAAC,MAAM,cAAc,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AAC/F,CAAC;AAED,4EAA4E;AAE5E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAc,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzD,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,kCAAkC;IAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACvC,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,0CAA0C;IAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACpB,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACrE,IAAI,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACxB,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAEtC,MAAM,cAAc,GAA2B,EAAE,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IAED,OAAO;QACL,KAAK;QACL,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC;QACrC,cAAc;QACd,YAAY,EAAE,KAAK,CAAC,MAAM;KAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,QAAQ,GAAG,SAAS;IAChE,OAAO,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACjD,CAAC"}

package/dist/analyzer/typosquat.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * ShieldPM — Typosquatting Detector
+ * Checks package names against popular npm packages to detect
+ * typosquatting attempts using multiple heuristics.
+ */
+export declare const POPULAR_PACKAGES: string[];
+export type DetectionMethod = 'levenshtein' | 'character-swap' | 'hyphen-underscore' | 'scope-confusion' | 'repeated-character' | 'missing-character' | 'extra-character';
+export interface TyposquatResult {
+    /** Whether the package name is suspicious */
+    isSuspicious: boolean;
+    /** The popular package it resembles */
+    similarTo: string;
+    /** Edit distance or similarity metric */
+    distance: number;
+    /** How the similarity was detected */
+    method: DetectionMethod;
+    /** Human-readable explanation */
+    reason: string;
+}
+export declare function levenshtein(a: string, b: string): number;
+/**
+ * Check a package name for typosquatting against known popular packages.
+ * Returns null if the name appears safe.
+ */
+export declare function checkTyposquatting(packageName: string, knownPackages?: string[]): TyposquatResult | null;
+/**
+ * Batch-check multiple package names.
+ */
+export declare function checkMultiple(packageNames: string[], knownPackages?: string[]): Map<string, TyposquatResult>;
+//# sourceMappingURL=typosquat.d.ts.map

package/dist/analyzer/typosquat.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"typosquat.d.ts","sourceRoot":"","sources":["../../src/analyzer/typosquat.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,eAAO,MAAM,gBAAgB,EAAE,MAAM,EASpC,CAAC;AAIF,MAAM,MAAM,eAAe,GACvB,aAAa,GACb,gBAAgB,GAChB,mBAAmB,GACnB,iBAAiB,GACjB,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,CAAC;AAEtB,MAAM,WAAW,eAAe;IAC9B,6CAA6C;IAC7C,YAAY,EAAE,OAAO,CAAC;IACtB,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,sCAAsC;IACtC,MAAM,EAAE,eAAe,CAAC;IACxB,iCAAiC;IACjC,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CA2BxD;AA4FD;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,MAAM,EACnB,aAAa,GAAE,MAAM,EAAqB,GACzC,eAAe,GAAG,IAAI,CAiFxB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EAAE,EACtB,aAAa,GAAE,MAAM,EAAqB,GACzC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAW9B"}

package/dist/analyzer/typosquat.js ADDED Viewed

@@ -0,0 +1,211 @@
+/**
+ * ShieldPM — Typosquatting Detector
+ * Checks package names against popular npm packages to detect
+ * typosquatting attempts using multiple heuristics.
+ */
+// ── Top 50 popular npm packages ──────────────────────────────────────────
+export const POPULAR_PACKAGES = [
+    'express', 'lodash', 'react', 'axios', 'chalk', 'commander', 'moment',
+    'debug', 'uuid', 'dotenv', 'typescript', 'webpack', 'eslint', 'prettier',
+    'jest', 'mocha', 'bluebird', 'underscore', 'async', 'request', 'yargs',
+    'inquirer', 'glob', 'minimist', 'semver', 'mkdirp', 'rimraf', 'cheerio',
+    'socket.io', 'mongoose', 'sequelize', 'passport', 'nodemon', 'pm2',
+    'next', 'nuxt', 'vue', 'angular', 'svelte', 'fastify', 'koa', 'hapi',
+    'body-parser', 'cors', 'helmet', 'jsonwebtoken', 'bcrypt', 'sharp',
+    'puppeteer', 'redis',
+];
+// ── Levenshtein distance ─────────────────────────────────────────────────
+export function levenshtein(a, b) {
+    const m = a.length;
+    const n = b.length;
+    if (m === 0)
+        return n;
+    if (n === 0)
+        return m;
+    // Use two rows instead of full matrix for memory efficiency
+    let prev = new Array(n + 1);
+    let curr = new Array(n + 1);
+    for (let j = 0; j <= n; j++)
+        prev[j] = j;
+    for (let i = 1; i <= m; i++) {
+        curr[0] = i;
+        for (let j = 1; j <= n; j++) {
+            const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+            curr[j] = Math.min(prev[j] + 1, // deletion
+            curr[j - 1] + 1, // insertion
+            prev[j - 1] + cost // substitution
+            );
+        }
+        [prev, curr] = [curr, prev];
+    }
+    return prev[n];
+}
+// ── Detection functions ──────────────────────────────────────────────────
+function normalizePackageName(name) {
+    const match = name.match(/^(@[^/]+)\/(.+)$/);
+    if (match) {
+        return { scope: match[1], base: match[2] };
+    }
+    return { scope: '', base: name };
+}
+/**
+ * Check for character swaps (transpositions) — e.g. "exprses" vs "express"
+ */
+function detectCharacterSwap(input, target) {
+    if (input.length !== target.length)
+        return false;
+    if (input === target)
+        return false;
+    let diffs = 0;
+    const diffPositions = [];
+    for (let i = 0; i < input.length; i++) {
+        if (input[i] !== target[i]) {
+            diffs++;
+            diffPositions.push(i);
+        }
+    }
+    // Exactly two adjacent characters swapped
+    if (diffs === 2) {
+        const [p1, p2] = diffPositions;
+        return (p2 - p1 === 1 &&
+            input[p1] === target[p2] &&
+            input[p2] === target[p1]);
+    }
+    return false;
+}
+/**
+ * Check for hyphen/underscore confusion — e.g. "lodash" vs "lo-dash", "lo_dash"
+ */
+function detectHyphenUnderscore(input, target) {
+    const normalize = (s) => s.replace(/[-_.]/g, '');
+    return normalize(input) === normalize(target) && input !== target;
+}
+/**
+ * Check for scope confusion — e.g. "@tyeps/react" vs "@types/react"
+ */
+function detectScopeConfusion(input, knownPackages) {
+    const { scope, base } = normalizePackageName(input);
+    if (!scope)
+        return null;
+    // Common scope typos
+    const knownScopes = ['@types', '@babel', '@angular', '@vue', '@react-native'];
+    for (const known of knownScopes) {
+        if (scope !== known && levenshtein(scope, known) <= 2) {
+            const fullKnown = `${known}/${base}`;
+            return {
+                isSuspicious: true,
+                similarTo: fullKnown,
+                distance: levenshtein(scope, known),
+                method: 'scope-confusion',
+                reason: `Scope "${scope}" looks like a typo of "${known}"`,
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Check for repeated characters — e.g. "expresss" vs "express"
+ */
+function detectRepeatedChar(input, target) {
+    if (input.length !== target.length + 1)
+        return false;
+    // Try removing each character from input and see if it matches target
+    for (let i = 0; i < input.length; i++) {
+        const reduced = input.slice(0, i) + input.slice(i + 1);
+        if (reduced === target)
+            return true;
+    }
+    return false;
+}
+// ── Main detection ───────────────────────────────────────────────────────
+/**
+ * Check a package name for typosquatting against known popular packages.
+ * Returns null if the name appears safe.
+ */
+export function checkTyposquatting(packageName, knownPackages = POPULAR_PACKAGES) {
+    const { base: inputBase } = normalizePackageName(packageName);
+    // Exact match — it's a real popular package, not suspicious
+    if (knownPackages.includes(packageName) || knownPackages.includes(inputBase)) {
+        return null;
+    }
+    // Check scope confusion first
+    const scopeResult = detectScopeConfusion(packageName, knownPackages);
+    if (scopeResult)
+        return scopeResult;
+    // Check against each known package
+    let bestMatch = null;
+    let bestDistance = Infinity;
+    for (const known of knownPackages) {
+        const { base: knownBase } = normalizePackageName(known);
+        // Skip if the lengths are too different for meaningful comparison
+        if (Math.abs(inputBase.length - knownBase.length) > 2)
+            continue;
+        // Hyphen/underscore confusion
+        if (detectHyphenUnderscore(inputBase, knownBase)) {
+            return {
+                isSuspicious: true,
+                similarTo: known,
+                distance: 0,
+                method: 'hyphen-underscore',
+                reason: `"${packageName}" differs from "${known}" only by hyphen/underscore/dot`,
+            };
+        }
+        // Character swap
+        if (detectCharacterSwap(inputBase, knownBase)) {
+            return {
+                isSuspicious: true,
+                similarTo: known,
+                distance: 1,
+                method: 'character-swap',
+                reason: `"${packageName}" has swapped characters compared to "${known}"`,
+            };
+        }
+        // Repeated character
+        if (detectRepeatedChar(inputBase, knownBase)) {
+            return {
+                isSuspicious: true,
+                similarTo: known,
+                distance: 1,
+                method: 'repeated-character',
+                reason: `"${packageName}" has a repeated character compared to "${known}"`,
+            };
+        }
+        // Missing character
+        if (detectRepeatedChar(knownBase, inputBase)) {
+            return {
+                isSuspicious: true,
+                similarTo: known,
+                distance: 1,
+                method: 'missing-character',
+                reason: `"${packageName}" is missing a character compared to "${known}"`,
+            };
+        }
+        // General Levenshtein distance
+        const dist = levenshtein(inputBase, knownBase);
+        if (dist <= 2 && dist < bestDistance) {
+            bestDistance = dist;
+            bestMatch = {
+                isSuspicious: true,
+                similarTo: known,
+                distance: dist,
+                method: 'levenshtein',
+                reason: `"${packageName}" is ${dist} edit(s) away from "${known}"`,
+            };
+        }
+    }
+    return bestMatch;
+}
+/**
+ * Batch-check multiple package names.
+ */
+export function checkMultiple(packageNames, knownPackages = POPULAR_PACKAGES) {
+    const results = new Map();
+    for (const name of packageNames) {
+        const result = checkTyposquatting(name, knownPackages);
+        if (result) {
+            results.set(name, result);
+        }
+    }
+    return results;
+}
+//# sourceMappingURL=typosquat.js.map