@deepv-code/safe-npm 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 DeepV Code
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,120 @@
+# safe-npm 🛡️
+
+[![npm version](https://img.shields.io/npm/v/@deepv-code/safe-npm.svg)](https://www.npmjs.com/package/@deepv-code/safe-npm)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/%3C%2F%3E-TypeScript-blue.svg)](https://www.typescriptlang.org/)
+
+**[中文文档](./README.zh-CN.md) | English Docs**
+
+> **Guard your supply chain.** Detect malicious packages, typosquatting attacks, and known vulnerabilities *before* they touch your disk.
+
+**safe-npm** is a security-focused wrapper for the NPM CLI. It intercepts installation commands, scans target packages using multiple engines (VirusTotal, Static Analysis, etc.), and provides interactive feedback. If a package is suspicious or a typo is detected, it blocks execution and suggests the correct official package.
+
+---
+
+## ✨ Key Features
+
+*   **🔍 Multi-Engine Scanning**
+    *   **VirusTotal Integration**: Checks package hashes against 70+ security vendors. Automatically uploads unknown files for analysis.
+    *   **Static Code Analysis**: Detects crypto-miners, data exfiltration scripts, and suspicious obfuscation.
+    *   **Vulnerability Check**: Cross-references against known CVE databases.
+*   **🚫 Typosquatting Protection**
+    *   Detects package names that mimic popular libraries (e.g., `reacct` vs `react`).
+    *   **Scope Hijacking Defense**: Prevents installing fake unscoped packages that mimic official scoped ones (e.g., detects `claude-code` attempting to impersonate `@anthropic-ai/claude-code`).
+*   **💡 Smart Suggestions**
+    *   Automatically identifies the package you *intended* to install.
+    *   "Did you mean...?" interactive prompt to one-click install the correct package.
+*   **🖥️ Interactive TUI**
+    *   A beautiful Terminal User Interface for exploring checks and managing settings.
+    *   Real-time scanning progress and detailed reports.
+*   **⚡ Drop-in Replacement**
+    *   Works just like `npm`. Use `safe-npm install` instead of `npm install`.
+
+---
+
+## 🚀 Installation
+
+```bash
+npm install -g @deepv-code/safe-npm
+```
+
+---
+
+## 📖 Usage
+
+### 1. Safe Installation (Recommended)
+Use `safe-npm` as a replacement for `npm` when installing packages.
+
+```bash
+# This triggers a full security scan before installation
+safe-npm install react
+```
+
+**Scenario: Typosquatting Interception**
+```bash
+$ safe-npm install qwen
+⚠ Scanning...
+✗ qwen: Package not found / Suspicious
+💡 Suggestion: Did you mean to install the official package "@qwen-code/qwen-code"?
+Do you want to install "@qwen-code/qwen-code" instead? (Y/n)
+```
+
+### 2. Check a Package
+Scan a package without installing it.
+
+```bash
+safe-npm check <package-name>
+```
+
+### 3. Interactive Mode (TUI)
+Launch the dashboard to check popular agents, configure settings, or manually scan packages.
+
+```bash
+safe-npm tui
+```
+
+---
+
+## ⚙️ Configuration
+
+On the first run, `safe-npm` will ask for your preferred language (English/Chinese).
+
+Configuration is stored in `~/.safe-npm/config.json`. You can modify it manually or via the TUI (`safe-npm tui` -> Settings).
+
+```json
+{
+  "language": "en",
+  "virustotal": {
+    "enabled": true,
+    "apiKey": "YOUR_OWN_API_KEY" // Optional: Use your own key for higher rate limits
+  },
+  "offline": false
+}
+```
+
+---
+
+## 🛡️ Security Checks Explained
+
+| Check Type | Description |
+|------------|-------------|
+| **Typosquatting** | Uses Levenshtein distance and pattern matching against a curated list of top 150+ popular packages (React, Vue, NestJS, AI Agents, etc.) to detect impostors. |
+| **VirusTotal** | queries the file hash. If the file is new (404), it **automatically uploads** the tarball to VirusTotal for a fresh scan. |
+| **Code Patterns** | Scans for hardcoded IPs, suspicious domains, `eval()` abuse, and known crypto-mining signatures. |
+| **Registry** | Verifies package existence and metadata consistency. |
+
+---
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+1.  Fork the Project
+2.  Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3.  Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4.  Push to the Branch (`git push origin feature/AmazingFeature`)
+5.  Open a Pull Request
+
+## 📄 License
+
+Distributed under the MIT License. See `LICENSE` for more information.

package/README.zh-CN.md

@@ -0,0 +1,121 @@
+# safe-npm 🛡️
+
+[![npm version](https://img.shields.io/npm/v/@deepv-code/safe-npm.svg)](https://www.npmjs.com/package/@deepv-code/safe-npm)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/%3C%2F%3E-TypeScript-blue.svg)](https://www.typescriptlang.org/)
+
+**[English Docs](./README.md) | 中文文档**
+
+> **守护您的软件供应链安全。** 在恶意代码触达您的硬盘之前，精准拦截恶意包、误拼包及已知漏洞。
+
+**safe-npm** 是一个专注于安全性的 NPM 命令行包装器。它拦截安装命令，使用多种引擎（VirusTotal、静态分析、拼写检查等）对目标包进行全面扫描，并提供交互式反馈。如果检测到恶意包或拼写错误，它会阻止执行并为您推荐正确的官方包。
+
+---
+
+## ✨ 核心功能
+
+*   **🔍 多引擎扫描**
+    *   **集成 VirusTotal**: 将包的 Hash 与全球 70+ 家安全厂商的数据库进行比对。对于未收录的新文件，支持**自动上传**进行云端查杀。
+    *   **静态代码分析**: 内置规则引擎，自动检测加密货币挖矿脚本、数据窃取代码及可疑混淆逻辑。
+    *   **漏洞检测**: 实时核对 CVE 漏洞数据库。
+*   **🚫 防误拼与防劫持 (Typosquatting)**
+    *   **误拼检测**: 基于 Levenshtein 距离和模式匹配，识别模仿热门库（如 `reacct` vs `react`）的恶意包。
+    *   **Scope 劫持防御**: 针对近期高发的 Scope 攻击进行专项防护（例如：拦截试图冒充 `@anthropic-ai/claude-code` 的 `claude-code` 伪造包）。
+*   **💡 智能纠错与建议**
+    *   自动识别您原本*想要*安装的包。
+    *   提供 "Did you mean...?" 交互式提示，一键安装正确的官方正版包。
+*   **🖥️ 交互式终端 (TUI)**
+    *   提供精美的终端用户界面，可视化查看扫描进度、检测详情及管理设置。
+    *   内置热门 AI Agent 工具推荐列表。
+*   **⚡ 无缝替换**
+    *   用法与 `npm` 完全一致。只需用 `safe-npm install` 代替 `npm install` 即可。
+
+---
+
+## 🚀 安装
+
+```bash
+npm install -g @deepv-code/safe-npm
+```
+
+---
+
+## 📖 使用方法
+
+### 1. 安全安装（推荐）
+在日常开发中，使用 `safe-npm` 替代 `npm` 来安装依赖。
+
+```bash
+# 此命令会在安装前触发完整的安全扫描
+safe-npm install react
+```
+
+**场景演示：拦截恶意抢注包**
+```bash
+$ safe-npm install qwen
+⚠ Scanning...
+✗ qwen: Package not found / Suspicious (未找到包或疑似恶意)
+💡 Suggestion: Did you mean to install the official package "@qwen-code/qwen-code"?
+(建议：您是否想安装官方包 "@qwen-code/qwen-code"?)
+Do you want to install "@qwen-code/qwen-code" instead? (Y/n)
+```
+
+### 2. 仅扫描
+在不安装的情况下，检查某个包的安全性。
+
+```bash
+safe-npm check <package-name>
+```
+
+### 3. 交互模式 (TUI)
+启动图形化仪表盘，查看热门工具、配置设置或手动扫描。
+
+```bash
+safe-npm tui
+```
+
+---
+
+## ⚙️ 配置说明
+
+首次运行时，`safe-npm` 会询问您的语言偏好（中文/英文）。
+
+配置文件位于 `~/.safe-npm/config.json`。您可以通过 TUI (`safe-npm tui` -> Settings) 或手动修改配置。
+
+```json
+{
+  "language": "zh",
+  "virustotal": {
+    "enabled": true,
+    "apiKey": "YOUR_OWN_API_KEY" // 可选：配置您自己的 Key 以获得更高的 API 速率限制
+  },
+  "offline": false // 设置为 true 可开启离线模式（仅本地检查）
+}
+```
+
+---
+
+## 🛡️ 安全检测机制详情
+
+| 检测类型 | 说明 |
+|------------|-------------|
+| **近似名检测 (Typosquatting)** | 内置 150+ 个热门包（含 React, Vue, NestJS, 及各类 AI Agent）的正版名单。通过算法检测名称相似度，严防“李鬼”包。 |
+| **VirusTotal 查杀** | 查询文件 Hash。如果该文件是全网首次出现（404），工具会**自动提取并上传**该包到 VirusTotal 服务器进行新鲜查杀。 |
+| **代码模式分析** | 扫描硬编码 IP、可疑域名、`eval()` 滥用、挖矿脚本特征等潜在威胁。 |
+| **注册表核验** | 验证包是否存在，以及元数据是否合规。 |
+
+---
+
+## 🤝 贡献指南
+
+欢迎提交 Pull Request 来改进这个项目！
+
+1.  Fork 本项目
+2.  创建您的特性分支 (`git checkout -b feature/AmazingFeature`)
+3.  提交您的修改 (`git commit -m 'Add some AmazingFeature'`)
+4.  推送到分支 (`git push origin feature/AmazingFeature`)
+5.  提交 Pull Request
+
+## 📄 许可证
+
+本项目采用 MIT 许可证。详情请参阅 `LICENSE` 文件。

package/dist/cli/args-parser.d.ts

@@ -0,0 +1,11 @@
+export interface ParsedArgs {
+    command: string;
+    packages: string[];
+    flags: string[];
+    isInstall: boolean;
+    isForce: boolean;
+    isGlobal: boolean;
+    isTui: boolean;
+    isCheck: boolean;
+}
+export declare function parseArgs(args: string[]): ParsedArgs;

package/dist/cli/args-parser.js

@@ -0,0 +1,36 @@
+const INSTALL_COMMANDS = ['install', 'i', 'add', 'isntall'];
+export function parseArgs(args) {
+    const command = args[0] || '';
+    const restArgs = args.slice(1);
+    const flags = [];
+    const packages = [];
+    let isForce = false;
+    let isGlobal = false;
+    for (const arg of restArgs) {
+        if (arg.startsWith('-')) {
+            flags.push(arg);
+            if (arg === '--force' || arg === '-f') {
+                isForce = true;
+            }
+            if (arg === '-g' || arg === '--global') {
+                isGlobal = true;
+            }
+        }
+        else {
+            packages.push(arg);
+        }
+    }
+    const isInstall = INSTALL_COMMANDS.includes(command.toLowerCase());
+    const isTui = command === 'tui';
+    const isCheck = command === 'check';
+    return {
+        command,
+        packages,
+        flags,
+        isInstall,
+        isForce,
+        isGlobal,
+        isTui,
+        isCheck,
+    };
+}

package/dist/cli/check.d.ts

@@ -0,0 +1,5 @@
+export interface CheckOptions {
+    isForce?: boolean;
+    install?: boolean;
+}
+export declare function checkPackages(packages: string[], options?: CheckOptions): Promise<boolean>;

package/dist/cli/check.js

@@ -0,0 +1,126 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import * as readline from 'readline';
+import { t } from '../i18n/index.js';
+import { scanPackage } from '../scanner/index.js';
+import { runNpm } from '../utils/npm-runner.js';
+async function promptInstallCorrect(correctPackage) {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        console.log(chalk.cyan(`\n${t('suggestionTitle')} "${chalk.bold(correctPackage)}"?`));
+        rl.question(`${t('suggestionPrompt')} "${correctPackage}"? (Y/n) `, (answer) => {
+            rl.close();
+            if (answer.toLowerCase() === 'n') {
+                resolve(false);
+            }
+            else {
+                resolve(true);
+            }
+        });
+    });
+}
+function formatResult(result) {
+    const { packageName, riskLevel, issues, canBypass, checks } = result;
+    const levelColors = {
+        fatal: chalk.bgRed.white,
+        high: chalk.red,
+        warning: chalk.yellow,
+        safe: chalk.green,
+    };
+    const riskLabels = {
+        fatal: t('riskFatal'),
+        high: t('riskHigh'),
+        warning: t('riskWarning'),
+        safe: t('riskSafe'),
+    };
+    const levelColor = levelColors[riskLevel];
+    if (riskLevel === 'safe') {
+        console.log(chalk.green(`✓ ${packageName}: ${riskLabels[riskLevel]}`));
+    }
+    else {
+        console.log('');
+        // Special handling for "Not Found" case to be friendlier
+        if (checks.some(c => c.name === 'Registry Check' && c.status === 'fail')) {
+            console.log(chalk.red(`✗ ${packageName}: ${t('packageNotFound')}`));
+        }
+        else {
+            console.log(levelColor(`⚠ ${packageName}: ${riskLabels[riskLevel]}`));
+        }
+    }
+    // Print Details
+    if (checks && checks.length > 0) {
+        console.log(chalk.dim('\n  Scan Details:'));
+        for (const check of checks) {
+            const icon = check.status === 'pass' ? chalk.green('✓') :
+                check.status === 'fail' ? chalk.red('✗') :
+                    chalk.gray('○');
+            const desc = check.description ? chalk.dim(`- ${check.description}`) : '';
+            console.log(`  ${icon} ${check.name} ${desc}`);
+        }
+        console.log('');
+    }
+    if (issues.length > 0) {
+        for (const issue of issues) {
+            console.log(`  [!] ${issue.message}`);
+            if (issue.details) {
+                console.log(chalk.dim(`      ${issue.details}`));
+            }
+        }
+        console.log('');
+    }
+    if (riskLevel === 'safe')
+        return;
+    if (!canBypass) {
+        console.log(chalk.red(`✗ ${t('blocked')} - ${t('cannotBypass')}`));
+    }
+    else if (riskLevel === 'high') {
+        console.log(chalk.red(`✗ ${t('blocked')}`));
+        console.log(chalk.dim(`  ${t('useForce')}`));
+    }
+    else {
+        console.log(chalk.yellow(`⚠ ${t('continuing')}`));
+    }
+}
+export async function checkPackages(packages, options = {}) {
+    if (packages.length === 0) {
+        console.log('No packages specified to check');
+        return true;
+    }
+    const spinner = ora(`${t('scanning')}...`).start();
+    let allSafe = true;
+    const results = [];
+    for (const pkg of packages) {
+        spinner.text = `${t('scanning')}: ${pkg}`;
+        const result = await scanPackage(pkg, {}, (msg, completed, total) => {
+            spinner.text = `${t('scanning')} ${pkg}: ${msg} (${completed}/${total})`;
+        });
+        results.push(result);
+        if (result.riskLevel === 'fatal') {
+            allSafe = false;
+        }
+        else if (result.riskLevel === 'high' && !options.isForce) {
+            allSafe = false;
+        }
+    }
+    spinner.stop();
+    console.log(chalk.bold(`\n${t('scanComplete')}\n`));
+    for (const result of results) {
+        formatResult(result);
+        // Auto-fix suggestion for install mode
+        if (options.install && result.riskLevel === 'fatal' && result.suggestedPackage) {
+            const shouldInstall = await promptInstallCorrect(result.suggestedPackage);
+            if (shouldInstall) {
+                console.log(chalk.green(`\n${t('installingCorrect')}: ${result.suggestedPackage}...`));
+                await runNpm(['install', result.suggestedPackage]);
+                // Return false to stop the original (malicious) installation logic
+                // But we essentially succeeded in the user's intent.
+                // However, to keep flow clean, we exit the process here or return false to block original.
+                process.exit(0);
+            }
+        }
+    }
+    return allSafe;
+}

package/dist/cli/proxy.d.ts

@@ -0,0 +1 @@
+export declare function proxyToNpm(args: string[]): Promise<number>;

package/dist/cli/proxy.js

@@ -0,0 +1,4 @@
+import { runNpmPassthrough } from '../utils/npm-runner.js';
+export async function proxyToNpm(args) {
+    return runNpmPassthrough(args);
+}

package/dist/data/popular-packages.d.ts

@@ -0,0 +1,9 @@
+export declare const popularPackages: string[];
+export declare const popularGlobalTools: {
+    name: string;
+    desc: string;
+}[];
+export declare const popularAgents: {
+    name: string;
+    desc: string;
+}[];

package/dist/data/popular-packages.js

@@ -0,0 +1,83 @@
+// Popular packages that are commonly typosquatted
+// Source: Top NPM packages by downloads
+export const popularPackages = [
+    // --- Frameworks & Libraries ---
+    'react', 'react-dom', 'vue', 'angular', 'svelte', 'preact', 'solid-js', 'qwik',
+    'next', 'nuxt', 'gatsby', 'remix', 'astro',
+    'express', 'fastify', 'koa', 'nestjs', 'meteor', 'sails',
+    'jquery', 'backbone', 'ember-cli', 'bootstrap', 'tailwindcss', 'bulma',
+    'three', 'pixi.js', 'd3', 'chart.js', 'recharts',
+    'socket.io', 'socket.io-client', 'ws',
+    // --- State Management ---
+    'redux', 'react-redux', '@reduxjs/toolkit', 'mobx', 'mobx-react', 'vuex', 'pinia', 'zustand', 'jotai', 'recoil', 'xstate',
+    // --- Utilities & Helpers ---
+    'lodash', 'underscore', 'ramda', 'immutable', 'rxjs',
+    'moment', 'dayjs', 'date-fns', 'luxon',
+    'uuid', 'nanoid', 'shortid',
+    'chalk', 'colors', 'kleur', 'ansi-styles',
+    'classnames', 'clsx',
+    'qs', 'query-string',
+    'semver', 'minimist', 'yargs', 'commander', 'inquirer', 'prompts', 'ora',
+    'debug', 'ms', 'dotenv', 'cross-env', 'rimraf', 'mkdirp', 'fs-extra',
+    'glob', 'minimatch', 'chokidar',
+    // --- Network & Requests ---
+    'axios', 'node-fetch', 'got', 'request', 'superagent', 'undici', 'ky', 'swr', 'react-query', '@tanstack/react-query',
+    // --- Build Tools & Compilers ---
+    'typescript', 'ts-node', 'tslib',
+    'webpack', 'webpack-cli', 'webpack-dev-server',
+    'vite', 'rollup', 'esbuild', 'parcel', 'turbopack',
+    'babel-core', '@babel/core', '@babel/preset-env', '@babel/preset-react',
+    'swc', 'postcss', 'autoprefixer', 'sass', 'less', 'stylus',
+    // --- Testing ---
+    'jest', 'mocha', 'chai', 'jasmine', 'karma',
+    'vitest', 'cypress', 'playwright', 'puppeteer', 'selenium-webdriver',
+    'testing-library', '@testing-library/react',
+    'supertest',
+    // --- Linting & Formatting ---
+    'eslint', 'prettier', 'stylelint', 'husky', 'lint-staged', 'commitizen',
+    // --- Node.js Core & Server ---
+    'cookie-parser', 'body-parser', 'cors', 'morgan', 'helmet', 'compression',
+    'multer', 'jsonwebtoken', 'passport', 'bcrypt', 'bcryptjs',
+    'mongoose', 'sequelize', 'typeorm', 'prisma', '@prisma/client',
+    'pg', 'mysql2', 'mysql', 'sqlite3', 'redis', 'mongodb',
+    // --- Cloud & DevOps ---
+    'aws-sdk', '@aws-sdk/client-s3', 'firebase', 'firebase-admin', '@google-cloud/storage',
+    'serverless', 'pm2', 'nodemon', 'forever',
+    // --- CI/CD & Others ---
+    'npm-run-all', 'concurrently',
+    'shelljs', 'execa',
+    'xml2js', 'js-yaml',
+    'winston', 'bunyan', 'pino',
+    'sharp', 'jimp',
+    // --- Scoped Packages Protection ---
+    '@anthropic-ai/claude-code',
+    '@qwen-code/qwen-code',
+    '@openai/codex',
+    // --- Recent Hot Packages ---
+    'clawdbot',
+];
+export const popularGlobalTools = [
+    { name: 'typescript', desc: 'TypeScript compiler' },
+    { name: 'eslint', desc: 'JavaScript linter' },
+    { name: 'prettier', desc: 'Code formatter' },
+    { name: 'npm-check-updates', desc: 'Update dependencies' },
+    { name: 'nodemon', desc: 'Auto-restart Node.js' },
+    { name: 'tsx', desc: 'TypeScript execute' },
+    { name: 'pnpm', desc: 'Fast package manager' },
+    { name: 'yarn', desc: 'Alternative package manager' },
+    { name: 'vercel', desc: 'Vercel CLI' },
+    { name: 'netlify-cli', desc: 'Netlify CLI' },
+    { name: 'create-react-app', desc: 'React project generator' },
+    { name: 'create-next-app', desc: 'Next.js project generator' },
+    { name: 'vue-cli', desc: 'Vue CLI' },
+    { name: '@vue/cli', desc: 'Vue CLI' },
+    { name: 'nest', desc: 'NestJS CLI' },
+    { name: '@nestjs/cli', desc: 'NestJS CLI' },
+];
+export const popularAgents = [
+    { name: 'deepv-code', desc: 'DeepV Code AI Assistant' },
+    { name: '@qwen-code/qwen-code', desc: 'Qwen Code Official' },
+    { name: '@anthropic-ai/claude-code', desc: 'Claude Code Official' },
+    { name: '@openai/codex', desc: 'OpenAI Codex Official' },
+    { name: 'clawdbot', desc: 'WhatsApp Gateway Agent' },
+];

package/dist/i18n/en.d.ts

@@ -0,0 +1,43 @@
+export declare const en: {
+    appName: string;
+    version: string;
+    riskFatal: string;
+    riskHigh: string;
+    riskWarning: string;
+    riskSafe: string;
+    virusDetected: string;
+    typosquatDetected: string;
+    suspiciousCode: string;
+    cveFound: string;
+    minerDetected: string;
+    obfuscatedCode: string;
+    dangerousScript: string;
+    blacklisted: string;
+    blocked: string;
+    useForce: string;
+    cannotBypass: string;
+    continuing: string;
+    scanning: string;
+    scanComplete: string;
+    downloadingPackage: string;
+    analyzingCode: string;
+    checkingVirustotal: string;
+    checkingBlacklist: string;
+    networkError: string;
+    offlineMode: string;
+    vtNoApiKey: string;
+    tuiWelcome: string;
+    tuiPopular: string;
+    tuiCheck: string;
+    tuiSettings: string;
+    tuiQuit: string;
+    tuiLanguage: string;
+    suggestionTitle: string;
+    suggestionPrompt: string;
+    installingCorrect: string;
+    packageNotFound: string;
+    didYouMean: string;
+    checkName: string;
+    registryCheckFail: string;
+};
+export type I18nKey = keyof typeof en;

package/dist/i18n/en.js

@@ -0,0 +1,50 @@
+export const en = {
+    // General
+    appName: 'safe-npm',
+    version: 'Version',
+    // Risk levels
+    riskFatal: 'FATAL',
+    riskHigh: 'HIGH RISK',
+    riskWarning: 'WARNING',
+    riskSafe: 'SAFE',
+    // Detection messages
+    virusDetected: 'Known malware detected',
+    typosquatDetected: 'Typosquatting detected - this may be a fake package',
+    suspiciousCode: 'Suspicious code pattern detected',
+    cveFound: 'Known vulnerability found',
+    minerDetected: 'Crypto-miner pattern detected',
+    obfuscatedCode: 'Obfuscated code detected - may hide malicious behavior',
+    dangerousScript: 'Dangerous install script detected',
+    blacklisted: 'Package is in known malicious packages list',
+    // Actions
+    blocked: 'Installation blocked',
+    useForce: 'Use --force to install anyway if you are sure it is safe',
+    cannotBypass: 'This threat cannot be bypassed',
+    continuing: 'Continuing with installation...',
+    // Scanner
+    scanning: 'Scanning package',
+    scanComplete: 'Scan complete',
+    downloadingPackage: 'Downloading package for analysis',
+    analyzingCode: 'Analyzing code patterns',
+    checkingVirustotal: 'Checking VirusTotal database',
+    checkingBlacklist: 'Checking against known malicious packages',
+    // Errors
+    networkError: 'Network error - falling back to local cache',
+    offlineMode: 'Running in offline mode',
+    vtNoApiKey: 'VirusTotal API key not configured - skipping online scan',
+    // TUI
+    tuiWelcome: 'Welcome to safe-npm',
+    tuiPopular: 'Popular Packages',
+    tuiCheck: 'Check Package',
+    tuiSettings: 'Settings',
+    tuiQuit: 'Quit',
+    tuiLanguage: 'Language',
+    // Suggestions
+    suggestionTitle: '💡 Suggestion: Did you mean to install the official package',
+    suggestionPrompt: 'Do you want to install',
+    installingCorrect: '🚀 Installing correct package',
+    packageNotFound: 'Package not found in registry',
+    didYouMean: 'Did you mean',
+    checkName: 'Please check the package name',
+    registryCheckFail: 'Package does not exist',
+};

package/dist/i18n/index.d.ts

@@ -0,0 +1,5 @@
+import { type I18nKey } from './en.js';
+export type Language = 'en' | 'zh';
+export declare function t(key: I18nKey): string;
+export declare function setLanguage(lang: Language): void;
+export type { I18nKey };

package/dist/i18n/index.js

@@ -0,0 +1,11 @@
+import { en } from './en.js';
+import { zh } from './zh.js';
+import { getConfig } from '../utils/config.js';
+const translations = { en, zh };
+export function t(key) {
+    const lang = getConfig().language;
+    return translations[lang]?.[key] ?? translations.en[key] ?? key;
+}
+export function setLanguage(lang) {
+    // Will be handled via config
+}

package/dist/i18n/zh.d.ts

@@ -0,0 +1,2 @@
+import type { I18nKey } from './en.js';
+export declare const zh: Record<I18nKey, string>;