npm - @lateos/npm-scan - Versions diffs - 0.11.3 → 0.11.5 - Mend

@lateos/npm-scan 0.11.3 → 0.11.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.de.md CHANGED Viewed

@@ -38,7 +38,8 @@ Angreifer haben sich längst über einfaches Typosquatting hinausentwickelt. Sie
 | Bekannte CVE-Übereinstimmung | ✅ | ✅ | ❌ | ✅ |
 | Statische Analyse | ❌ | ✅ | ✅ | ✅ |
 | Erkennung obfuskierter Payloads | ❌ | ❌ | ❌ | ✅ |
-| Verhaltens-/heuristische Analyse | ❌ | ❌ | Teilweise | ✅ |
+| AST-Level heuristische Analyse | ❌ | ❌ | ❌ | ✅ |
+| Runtime-Verhaltenssandbox | ❌ | ❌ | ✅ | ✅ |
 | Erkennung bedingter Auslöser (ATK-009) | ❌ | ❌ | ❌ | ✅ |
 | Sandbox-Evasion-Erkennung (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | Transitive Wurmverbreitung (ATK-011) | ❌ | ❌ | ❌ | ✅ |
@@ -306,10 +307,9 @@ npm-scan scan target --policy .npm-scan.yml
 ### Premium-Lizenzierung
-```bash
-# Einen Entwicklerschlüssel generieren
-node -e "console.log(require('@lateos/npm-scan/backend/license').generateKey('premium'))"
+Kontaktieren Sie leo@lateos.ai, um einen Premium/Enterprise-Lizenzschlüssel zu erhalten.
+```bash
 # Verwenden
 npm-scan scan target --license-key <key>
 npm-scan report --pdf --license-key <key>

package/README.fr.md CHANGED Viewed

@@ -38,7 +38,8 @@ Les attaquants ont dépassé le simple typosquatting. Ils livrent désormais des
 | Correspondance CVE connus | ✅ | ✅ | ❌ | ✅ |
 | Analyse statique | ❌ | ✅ | ✅ | ✅ |
 | Détection de charges utiles obfusquées | ❌ | ❌ | ❌ | ✅ |
-| Analyse comportementale / heuristique | ❌ | ❌ | Partielle | ✅ |
+| Analyse heuristique au niveau AST | ❌ | ❌ | ❌ | ✅ |
+| Bac à sable comportemental runtime | ❌ | ❌ | ✅ | ✅ |
 | Détection de déclencheurs conditionnels (ATK-009) | ❌ | ❌ | ❌ | ✅ |
 | Détection de contournement de sandbox (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | Propagation transitive de ver (ATK-011) | ❌ | ❌ | ❌ | ✅ |
@@ -306,10 +307,9 @@ npm-scan scan target --policy .npm-scan.yml
 ### Licence premium
-```bash
-# Générer une clé de développement
-node -e "console.log(require('@lateos/npm-scan/backend/license').generateKey('premium'))"
+Contactez leo@lateos.ai pour obtenir une clé de licence premium/enterprise.
+```bash
 # L'utiliser
 npm-scan scan target --license-key <key>
 npm-scan report --pdf --license-key <key>

package/README.ja.md CHANGED Viewed

@@ -38,7 +38,8 @@
 | 既知CVEマッチング | ✅ | ✅ | ❌ | ✅ |
 | 静的解析 | ❌ | ✅ | ✅ | ✅ |
 | 難読化ペイロード検出 | ❌ | ❌ | ❌ | ✅ |
-| 行動/ヒューリスティック分析 | ❌ | ❌ | 部分的 | ✅ |
+| ASTレベル、ヒューリスティック解析 | ❌ | ❌ | ❌ | ✅ |
+| ランタイム行動サンドボックス | ❌ | ❌ | ✅ | ✅ |
 | 条件付きトリガー検出 (ATK-009) | ❌ | ❌ | ❌ | ✅ |
 | サンドボックス回避検出 (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | 推移的ワーム伝播 (ATK-011) | ❌ | ❌ | ❌ | ✅ |
@@ -302,10 +303,9 @@ npm-scan scan target --policy .npm-scan.yml
 ### プレミアムライセンス
-```bash
-# 開発用キーを生成
-node -e "console.log(require('@lateos/npm-scan/backend/license').generateKey('premium'))"
+leo@lateos.ai までお問い合わせいただき、高级版/エンタープライズ版ライセンスキーを取得してください。
+```bash
 # それを使用
 npm-scan scan target --license-key <key>
 npm-scan report --pdf --license-key <key>

package/README.md CHANGED Viewed

@@ -37,7 +37,8 @@ Attackers have moved past simple typosquatting. They now ship **obfuscated prein
 | Known CVE matching | ✅ | ✅ | ❌ | ✅ |
 | Static analysis | ❌ | ✅ | ✅ | ✅ |
 | Obfuscated payload detection | ❌ | ❌ | ❌ | ✅ |
-| Behavioral / heuristic analysis | ❌ | ❌ | Partial | ✅ |
+| AST-level heuristic analysis | ❌ | ❌ | ❌ | ✅ |
+| Runtime behavioral sandbox | ❌ | ❌ | ✅ | ✅ |
 | Conditional trigger detection (ATK-009) | ❌ | ❌ | ❌ | ✅ |
 | Sandbox evasion detection (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | Transitive worm propagation (ATK-011) | ❌ | ❌ | ❌ | ✅ |
@@ -343,10 +344,9 @@ npm-scan scan target --policy .npm-scan.yml
 ### Premium licensing
-```bash
-# Generate a development key
-node -e "console.log(require('@lateos/npm-scan/backend/license').generateKey('premium'))"
+Contact leo@lateos.ai for a premium/enterprise license key.
+```bash
 # Use it
 npm-scan scan target --license-key <key>
 npm-scan report --pdf --license-key <key>

package/README.zh.md CHANGED Viewed

@@ -38,7 +38,8 @@
 | 已知 CVE 匹配 | ✅ | ✅ | ❌ | ✅ |
 | 静态分析 | ❌ | ✅ | ✅ | ✅ |
 | 混淆载荷检测 | ❌ | ❌ | ❌ | ✅ |
-| 行为/启发式分析 | ❌ | ❌ | 部分 | ✅ |
+| AST 级启发式分析 | ❌ | ❌ | ❌ | ✅ |
+| 运行时行为沙箱 | ❌ | ❌ | ✅ | ✅ |
 | 条件触发器检测 (ATK-009) | ❌ | ❌ | ❌ | ✅ |
 | 沙箱逃逸检测 (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | 传递性蠕虫传播 (ATK-011) | ❌ | ❌ | ❌ | ✅ |
@@ -306,10 +307,9 @@ npm-scan scan target --policy .npm-scan.yml
 ### 高级版许可
-```bash
-# 生成开发密钥
-node -e "console.log(require('@lateos/npm-scan/backend/license').generateKey('premium'))"
+请联系 leo@lateos.ai 获取高级版/企业版许可密钥。
+```bash
 # 使用它
 npm-scan scan target --license-key <key>
 npm-scan report --pdf --license-key <key>

package/cli/cli.js CHANGED Viewed

@@ -7,7 +7,7 @@ function requirePremium(feature, licenseKey) {
   if (!isFeatureEnabled(feature, licenseKey)) {
     console.error(`Error: "${feature}" requires a premium license key.`);
     console.error(`  Pass --license-key <key> or set NPM_SCAN_LICENSE_KEY env var.`);
-    console.error(`  Generate a dev key: require('@lateos/npm-scan/backend/license').generateKey('premium')`);
+    console.error(`  Contact leo@lateos.ai for a premium license.`);
     process.exit(1);
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.11.3",
+  "version": "0.11.5",
   "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
   "main": "backend/index.js",
   "bin": {