@inner-security/scan 0.1.0 → 0.1.2

package/bundle/index.d.ts

@@ -3,10 +3,10 @@ import { ScanClientResult, ResolvedItem } from '@inner/verdict-client';
 export { DEFAULT_API_URL, ResolvedItem, ScanClientResult } from '@inner/verdict-client';
 
 /**
- * Default registry proxy base. PLACEHOLDER — the real Inner proxy host (owned by
- * E1) must be wired in via INNER_PROXY_URL or `inner init --proxy <url>`.
+ * Default registry proxy base — the deployed Inner registry proxy (Cloudflare
+ * Worker). Override with INNER_PROXY_URL or `inner init --proxy <url>`.
  */
-declare const DEFAULT_PROXY_URL = "https://proxy.inner.dev";
+declare const DEFAULT_PROXY_URL = "https://inner-proxy.issa-e8f.workers.dev";
 interface ResolvedConfig {
     /** Verdict API base URL (no trailing slash). */
     apiUrl: string;

package/bundle/index.js

@@ -1,5 +1,5 @@
 // ../verdict-client/dist/client.js
-var DEFAULT_API_URL = "http://localhost:8787";
+var DEFAULT_API_URL = "https://inner-verdict-api.issa-e8f.workers.dev";
 function isPending(item) {
   return item.action === "PENDING";
 }
@@ -204,7 +204,7 @@ var VerdictClient = class {
 };
 
 // src/config.ts
-var DEFAULT_PROXY_URL = "https://proxy.inner.dev";
+var DEFAULT_PROXY_URL = "https://inner-proxy.issa-e8f.workers.dev";
 function stripTrailingSlash2(u) {
   return u.replace(/\/+$/, "");
 }
@@ -646,6 +646,181 @@ function formatTally(t) {
 // src/init.ts
 import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
 import { join as join3 } from "path";
+
+// ../contracts/dist/enums.js
+var STATUS_TO_ACTION = {
+  benign: "ALLOW",
+  suspicious: "REVIEW",
+  malicious: "BLOCK",
+  unknown: "PENDING"
+};
+
+// ../contracts/dist/proxy.js
+var PROXY_PATHS = {
+  npm: "/npm",
+  pypiSimple: "/pypi/simple",
+  pypiFiles: "/pypi/files"
+};
+
+// ../contracts/dist/fixtures.js
+var NOW = "2026-06-27T00:00:00Z";
+var WEEK = "2026-07-04T00:00:00Z";
+function v(p) {
+  const status = p.status;
+  return {
+    ecosystem: "npm",
+    action: STATUS_TO_ACTION[status],
+    confidence: status === "malicious" ? 0.97 : status === "suspicious" ? 0.6 : 0.95,
+    behaviors: [],
+    corroboration: "behavioral_only",
+    evidence_uri: `s3://inner-evidence/${p.name}@${p.version}.json`,
+    engine_version: "v0.1.0",
+    scanned_at: NOW,
+    expires_at: WEEK,
+    engine_signature: "ed25519:STUB",
+    version_id: `${p.name}@${p.version}`,
+    ...p
+  };
+}
+var SAMPLE_VERDICTS = [
+  // --- 10 malicious ---
+  // event-stream-style: real-world supply-chain attack (flatmap-stream payload).
+  v({
+    name: "event-stream",
+    version: "3.3.6",
+    status: "malicious",
+    content_hash: "sha256:bad1",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "credential_theft", severity: "critical", evidence_ref: "trace#1" },
+      { category: "c2_communication", severity: "high", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "reads_credentials", source: "hook" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Typosquat of 'react'.
+  v({
+    name: "reaact",
+    version: "1.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad2",
+    corroboration: "corroborated",
+    behaviors: [{ category: "malicious_download", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "self_propagation", source: "static" }]
+  }),
+  // Behavioral-only: spawns shell during install. Behavioral_only → REVIEW until eval-certified.
+  v({
+    name: "left-pad-2",
+    version: "0.0.1",
+    status: "malicious",
+    content_hash: "sha256:bad3",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "command_execution", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "spawns_process", source: "syscall" }]
+  }),
+  // Postinstall script reads ~/.aws/credentials and POSTs to an external host.
+  v({
+    name: "aws-helper-cli",
+    version: "0.4.2",
+    status: "malicious",
+    content_hash: "sha256:bad4",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "credential_theft", severity: "critical", evidence_ref: "trace#1" },
+      { category: "data_exfiltration", severity: "critical", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "reads_credentials", source: "syscall" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Obfuscated eval(atob(...)) payload — dynamic code execution detected statically.
+  v({
+    name: "kazka-utils",
+    version: "2.1.0",
+    status: "malicious",
+    content_hash: "sha256:bad5",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "dynamic_code_execution", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "obfuscated_payload", source: "static" }]
+  }),
+  // PyPI: setup.py performs persistence write to ~/.bashrc.
+  v({
+    ecosystem: "pypi",
+    name: "colorama-utils",
+    version: "0.4.5",
+    status: "malicious",
+    content_hash: "sha256:bad6",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "persistence", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "persistence", source: "syscall" }]
+  }),
+  // C2 beacon over WebSocket on a regular interval — slow-lane confirmed.
+  v({
+    name: "discord-bot-helper",
+    version: "0.0.7",
+    status: "malicious",
+    content_hash: "sha256:bad7",
+    corroboration: "corroborated",
+    behaviors: [{ category: "c2_communication", severity: "critical", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "c2_beacon", source: "network" }]
+  }),
+  // PyPI typosquat: 'requrest' -> 'requests'. Reads env vars and writes /tmp/.x.
+  v({
+    ecosystem: "pypi",
+    name: "requrest",
+    version: "2.31.0",
+    status: "malicious",
+    content_hash: "sha256:bad8",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "data_collection", severity: "medium", evidence_ref: "trace#1" },
+      { category: "file_manipulation", severity: "medium", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "env_recon", source: "hook" },
+      { capability: "modifies_files", source: "syscall" }
+    ]
+  }),
+  // Reverse shell binding /bin/sh to a remote port during import.
+  v({
+    name: "fastly-cdn-uploader",
+    version: "1.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad9",
+    corroboration: "corroborated",
+    behaviors: [{ category: "reverse_shell", severity: "critical", evidence_ref: "trace#1" }],
+    capabilities: [
+      { capability: "spawns_process", source: "syscall" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Web-injection payload: serves modified content on import; common in browser-side attacks.
+  v({
+    name: "analytics-tracker-pro",
+    version: "3.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad10",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "web_injection", severity: "medium", evidence_ref: "trace#1" }]
+  }),
+  // --- 10 benign ---
+  v({ name: "react", version: "18.3.1", status: "benign", content_hash: "sha256:ok1" }),
+  v({ name: "lodash", version: "4.17.21", status: "benign", content_hash: "sha256:ok2" }),
+  v({ name: "axios", version: "1.7.2", status: "benign", content_hash: "sha256:ok3" }),
+  v({ name: "typescript", version: "5.5.4", status: "benign", content_hash: "sha256:ok4" }),
+  v({ name: "express", version: "4.19.2", status: "benign", content_hash: "sha256:ok5" }),
+  v({ name: "vite", version: "5.4.0", status: "benign", content_hash: "sha256:ok6" }),
+  // Heavy native build (node-gyp). Long install time is legitimate, not malicious.
+  v({ name: "node-sass", version: "9.0.0", status: "benign", content_hash: "sha256:ok7" }),
+  v({ ecosystem: "pypi", name: "requests", version: "2.31.0", status: "benign", content_hash: "sha256:ok8" }),
+  v({ ecosystem: "pypi", name: "numpy", version: "1.26.4", status: "benign", content_hash: "sha256:ok9" }),
+  v({ ecosystem: "pypi", name: "pandas", version: "2.2.2", status: "benign", content_hash: "sha256:ok10" })
+];
+
+// src/init.ts
 var ALL_PACKAGE_MANAGERS = [
   "npm",
   "pnpm",
@@ -655,10 +830,10 @@ var ALL_PACKAGE_MANAGERS = [
   "uv"
 ];
 function npmRegistry(proxy) {
-  return `${proxy}/npm/`;
+  return `${proxy}${PROXY_PATHS.npm}/`;
 }
 function pypiSimpleIndex(proxy) {
-  return `${proxy}/pypi/simple/`;
+  return `${proxy}${PROXY_PATHS.pypiSimple}/`;
 }
 function upsertLine(body, key, line) {
   const lines = body.length ? body.split(/\r?\n/) : [];
@@ -774,7 +949,7 @@ function init(opts = {}) {
   const root = opts.root ?? process.cwd();
   const fromOpt = opts.proxyUrl?.trim();
   const fromEnv = process.env.INNER_PROXY_URL?.trim();
-  const DEFAULT_PROXY = "https://proxy.inner.dev";
+  const DEFAULT_PROXY = "https://inner-proxy.issa-e8f.workers.dev";
   const proxyUrl = (fromOpt || fromEnv || DEFAULT_PROXY).replace(/\/+$/, "");
   const proxyUrlIsDefault = !fromOpt && !fromEnv;
   const managers = opts.managers ?? ALL_PACKAGE_MANAGERS;
@@ -818,8 +993,8 @@ function parseArgs(argv) {
   return out;
 }
 function flagString(flags, key) {
-  const v = flags[key];
-  return typeof v === "string" ? v : void 0;
+  const v2 = flags[key];
+  return typeof v2 === "string" ? v2 : void 0;
 }
 function flagBool(flags, key) {
   return flags[key] === true || flags[key] === "true";

package/bundle/inner-cli.js

@@ -33,15 +33,15 @@ function parseArgs(argv) {
   return out;
 }
 function flagString(flags, key) {
-  const v = flags[key];
-  return typeof v === "string" ? v : void 0;
+  const v2 = flags[key];
+  return typeof v2 === "string" ? v2 : void 0;
 }
 function flagBool(flags, key) {
   return flags[key] === true || flags[key] === "true";
 }
 
 // ../verdict-client/dist/client.js
-var DEFAULT_API_URL = "http://localhost:8787";
+var DEFAULT_API_URL = "https://inner-verdict-api.issa-e8f.workers.dev";
 function isPending(item) {
   return item.action === "PENDING";
 }
@@ -246,7 +246,7 @@ var VerdictClient = class {
 };
 
 // src/config.ts
-var DEFAULT_PROXY_URL = "https://proxy.inner.dev";
+var DEFAULT_PROXY_URL = "https://inner-proxy.issa-e8f.workers.dev";
 function stripTrailingSlash2(u) {
   return u.replace(/\/+$/, "");
 }
@@ -746,12 +746,6 @@ function writeText(result) {
   if (result.degraded) {
     process.stdout.write(
       `  (API unreachable \u2014 ${t.fromCache} resolved from fail-open cache, others marked unknown)
-`
-    );
-  }
-  if (result.apiUrlIsDefault) {
-    process.stdout.write(
-      `  note: using default Verdict API ${result.apiUrl} \u2014 set INNER_API_URL to the production endpoint.
 `
     );
   }
@@ -770,6 +764,181 @@ function writeText(result) {
 // src/init.ts
 import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
 import { join as join3 } from "path";
+
+// ../contracts/dist/enums.js
+var STATUS_TO_ACTION = {
+  benign: "ALLOW",
+  suspicious: "REVIEW",
+  malicious: "BLOCK",
+  unknown: "PENDING"
+};
+
+// ../contracts/dist/proxy.js
+var PROXY_PATHS = {
+  npm: "/npm",
+  pypiSimple: "/pypi/simple",
+  pypiFiles: "/pypi/files"
+};
+
+// ../contracts/dist/fixtures.js
+var NOW = "2026-06-27T00:00:00Z";
+var WEEK = "2026-07-04T00:00:00Z";
+function v(p) {
+  const status = p.status;
+  return {
+    ecosystem: "npm",
+    action: STATUS_TO_ACTION[status],
+    confidence: status === "malicious" ? 0.97 : status === "suspicious" ? 0.6 : 0.95,
+    behaviors: [],
+    corroboration: "behavioral_only",
+    evidence_uri: `s3://inner-evidence/${p.name}@${p.version}.json`,
+    engine_version: "v0.1.0",
+    scanned_at: NOW,
+    expires_at: WEEK,
+    engine_signature: "ed25519:STUB",
+    version_id: `${p.name}@${p.version}`,
+    ...p
+  };
+}
+var SAMPLE_VERDICTS = [
+  // --- 10 malicious ---
+  // event-stream-style: real-world supply-chain attack (flatmap-stream payload).
+  v({
+    name: "event-stream",
+    version: "3.3.6",
+    status: "malicious",
+    content_hash: "sha256:bad1",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "credential_theft", severity: "critical", evidence_ref: "trace#1" },
+      { category: "c2_communication", severity: "high", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "reads_credentials", source: "hook" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Typosquat of 'react'.
+  v({
+    name: "reaact",
+    version: "1.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad2",
+    corroboration: "corroborated",
+    behaviors: [{ category: "malicious_download", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "self_propagation", source: "static" }]
+  }),
+  // Behavioral-only: spawns shell during install. Behavioral_only → REVIEW until eval-certified.
+  v({
+    name: "left-pad-2",
+    version: "0.0.1",
+    status: "malicious",
+    content_hash: "sha256:bad3",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "command_execution", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "spawns_process", source: "syscall" }]
+  }),
+  // Postinstall script reads ~/.aws/credentials and POSTs to an external host.
+  v({
+    name: "aws-helper-cli",
+    version: "0.4.2",
+    status: "malicious",
+    content_hash: "sha256:bad4",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "credential_theft", severity: "critical", evidence_ref: "trace#1" },
+      { category: "data_exfiltration", severity: "critical", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "reads_credentials", source: "syscall" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Obfuscated eval(atob(...)) payload — dynamic code execution detected statically.
+  v({
+    name: "kazka-utils",
+    version: "2.1.0",
+    status: "malicious",
+    content_hash: "sha256:bad5",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "dynamic_code_execution", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "obfuscated_payload", source: "static" }]
+  }),
+  // PyPI: setup.py performs persistence write to ~/.bashrc.
+  v({
+    ecosystem: "pypi",
+    name: "colorama-utils",
+    version: "0.4.5",
+    status: "malicious",
+    content_hash: "sha256:bad6",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "persistence", severity: "high", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "persistence", source: "syscall" }]
+  }),
+  // C2 beacon over WebSocket on a regular interval — slow-lane confirmed.
+  v({
+    name: "discord-bot-helper",
+    version: "0.0.7",
+    status: "malicious",
+    content_hash: "sha256:bad7",
+    corroboration: "corroborated",
+    behaviors: [{ category: "c2_communication", severity: "critical", evidence_ref: "trace#1" }],
+    capabilities: [{ capability: "c2_beacon", source: "network" }]
+  }),
+  // PyPI typosquat: 'requrest' -> 'requests'. Reads env vars and writes /tmp/.x.
+  v({
+    ecosystem: "pypi",
+    name: "requrest",
+    version: "2.31.0",
+    status: "malicious",
+    content_hash: "sha256:bad8",
+    corroboration: "corroborated",
+    behaviors: [
+      { category: "data_collection", severity: "medium", evidence_ref: "trace#1" },
+      { category: "file_manipulation", severity: "medium", evidence_ref: "trace#2" }
+    ],
+    capabilities: [
+      { capability: "env_recon", source: "hook" },
+      { capability: "modifies_files", source: "syscall" }
+    ]
+  }),
+  // Reverse shell binding /bin/sh to a remote port during import.
+  v({
+    name: "fastly-cdn-uploader",
+    version: "1.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad9",
+    corroboration: "corroborated",
+    behaviors: [{ category: "reverse_shell", severity: "critical", evidence_ref: "trace#1" }],
+    capabilities: [
+      { capability: "spawns_process", source: "syscall" },
+      { capability: "network_exfil", source: "network" }
+    ]
+  }),
+  // Web-injection payload: serves modified content on import; common in browser-side attacks.
+  v({
+    name: "analytics-tracker-pro",
+    version: "3.0.0",
+    status: "malicious",
+    content_hash: "sha256:bad10",
+    corroboration: "behavioral_only",
+    behaviors: [{ category: "web_injection", severity: "medium", evidence_ref: "trace#1" }]
+  }),
+  // --- 10 benign ---
+  v({ name: "react", version: "18.3.1", status: "benign", content_hash: "sha256:ok1" }),
+  v({ name: "lodash", version: "4.17.21", status: "benign", content_hash: "sha256:ok2" }),
+  v({ name: "axios", version: "1.7.2", status: "benign", content_hash: "sha256:ok3" }),
+  v({ name: "typescript", version: "5.5.4", status: "benign", content_hash: "sha256:ok4" }),
+  v({ name: "express", version: "4.19.2", status: "benign", content_hash: "sha256:ok5" }),
+  v({ name: "vite", version: "5.4.0", status: "benign", content_hash: "sha256:ok6" }),
+  // Heavy native build (node-gyp). Long install time is legitimate, not malicious.
+  v({ name: "node-sass", version: "9.0.0", status: "benign", content_hash: "sha256:ok7" }),
+  v({ ecosystem: "pypi", name: "requests", version: "2.31.0", status: "benign", content_hash: "sha256:ok8" }),
+  v({ ecosystem: "pypi", name: "numpy", version: "1.26.4", status: "benign", content_hash: "sha256:ok9" }),
+  v({ ecosystem: "pypi", name: "pandas", version: "2.2.2", status: "benign", content_hash: "sha256:ok10" })
+];
+
+// src/init.ts
 var ALL_PACKAGE_MANAGERS = [
   "npm",
   "pnpm",
@@ -779,10 +948,10 @@ var ALL_PACKAGE_MANAGERS = [
   "uv"
 ];
 function npmRegistry(proxy) {
-  return `${proxy}/npm/`;
+  return `${proxy}${PROXY_PATHS.npm}/`;
 }
 function pypiSimpleIndex(proxy) {
-  return `${proxy}/pypi/simple/`;
+  return `${proxy}${PROXY_PATHS.pypiSimple}/`;
 }
 function upsertLine(body, key, line) {
   const lines = body.length ? body.split(/\r?\n/) : [];
@@ -898,7 +1067,7 @@ function init(opts = {}) {
   const root = opts.root ?? process.cwd();
   const fromOpt = opts.proxyUrl?.trim();
   const fromEnv = process.env.INNER_PROXY_URL?.trim();
-  const DEFAULT_PROXY = "https://proxy.inner.dev";
+  const DEFAULT_PROXY = "https://inner-proxy.issa-e8f.workers.dev";
   const proxyUrl = (fromOpt || fromEnv || DEFAULT_PROXY).replace(/\/+$/, "");
   const proxyUrlIsDefault = !fromOpt && !fromEnv;
   const managers = opts.managers ?? ALL_PACKAGE_MANAGERS;
@@ -918,12 +1087,12 @@ Usage:
 
 init options:
   --dir <path>          Project root to write config into (default: cwd)
-  --proxy <url>         Registry proxy base URL (default: $INNER_PROXY_URL or placeholder)
+  --proxy <url>         Registry proxy base URL (default: $INNER_PROXY_URL or the Inner proxy)
   --managers <list>     Comma-separated subset of: ${ALL_PACKAGE_MANAGERS.join(",")}
 
 scan options:
   --dir <path>          Project root to scan (default: cwd)
-  --api-url <url>       Verdict API base URL (default: $INNER_API_URL or local mock)
+  --api-url <url>       Verdict API base URL (default: $INNER_API_URL or the Inner Verdict API)
   --json                Machine-readable JSON output
   --no-cache            Skip the fail-open .inner-cache/
 
@@ -952,12 +1121,6 @@ async function runInit(flags) {
     process.stdout.write(`            registry: ${c.registry}
 `);
   }
-  if (result.proxyUrlIsDefault) {
-    process.stdout.write(
-      `  note: using placeholder proxy ${result.proxyUrl} \u2014 set INNER_PROXY_URL or --proxy to the production proxy host.
-`
-    );
-  }
   return 0;
 }
 async function runScan(flags) {

package/bundle/scan-cli.js

@@ -41,7 +41,7 @@ function flagBool(flags, key) {
 }
 
 // ../verdict-client/dist/client.js
-var DEFAULT_API_URL = "http://localhost:8787";
+var DEFAULT_API_URL = "https://inner-verdict-api.issa-e8f.workers.dev";
 function isPending(item) {
   return item.action === "PENDING";
 }
@@ -246,7 +246,7 @@ var VerdictClient = class {
 };
 
 // src/config.ts
-var DEFAULT_PROXY_URL = "https://proxy.inner.dev";
+var DEFAULT_PROXY_URL = "https://inner-proxy.issa-e8f.workers.dev";
 function stripTrailingSlash2(u) {
   return u.replace(/\/+$/, "");
 }
@@ -746,12 +746,6 @@ function writeText(result) {
   if (result.degraded) {
     process.stdout.write(
       `  (API unreachable \u2014 ${t.fromCache} resolved from fail-open cache, others marked unknown)
-`
-    );
-  }
-  if (result.apiUrlIsDefault) {
-    process.stdout.write(
-      `  note: using default Verdict API ${result.apiUrl} \u2014 set INNER_API_URL to the production endpoint.
 `
     );
   }
@@ -775,7 +769,7 @@ Usage:
 
 Options:
   --dir <path>      Project root to scan (default: cwd)
-  --api-url <url>   Verdict API base URL (default: $INNER_API_URL or local mock)
+  --api-url <url>   Verdict API base URL (default: $INNER_API_URL or the Inner Verdict API)
   --json            Emit machine-readable JSON instead of the text tally
   --no-cache        Do not read/write the fail-open .inner-cache/
   -h, --help        Show this help

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inner-security/scan",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Inner CLI: `@inner-security/scan` zero-auth instant dependency scan + `inner init` to route the 6 package managers through the Inner proxy. A thin client of Inner's Verdict API, gated by an org API key.",
   "type": "module",
   "license": "MIT",