@lateos/npm-scan 0.15.2 → 0.15.4

package/README.md

@@ -3,7 +3,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-371%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-384%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-90%25-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -24,6 +24,8 @@ The 2025–2026 wave of npm supply chain attacks proved that traditional tooling
 
 Attackers have moved past simple typosquatting. They now ship **obfuscated preinstall hooks**, **credential harvesters hidden behind environment detection**, **dormant backdoors with time-based activation**, and **worm-style transitive propagation** that spreads through peer dependencies.
 
+A growing attack vector is **HuggingFace org impersonation** — packages that masquerade as legitimate HF model repositories (e.g., `0penai/gpt2` instead of `openai/gpt2`) to trick users into downloading malicious model artifacts during CI/CD pipelines, often bundled with suspicious binaries (`.exe`, `.dll`) in model repos that deep-learned tools trust by default.
+
 The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake GitHub PRs, malicious workflow injection, and cloud credential exfiltration — all coordinated through a single actor automating the entire kill chain. **@lateos/npm-scan** now detects artifacts of this campaign out of the box.
 
 **npm audit** checks known CVEs. **Snyk** scans for vulnerabilities. **Socket** looks at package behavior. None of them were designed for the generation of attacks that emerged in 2025 — attacks that look benign until they reach production.
@@ -45,6 +47,7 @@ The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake
 | Sandbox evasion detection (ATK-010) | ❌ | ❌ | ❌ | ✅ |
 | Transitive worm propagation (ATK-011) | ❌ | ❌ | ❌ | ✅ |
 | Campaign detection (Megalodon CI/CD) | ❌ | ❌ | ❌ | ✅ |
+| HF model repo impersonation + README clone | ❌ | ❌ | ❌ | ✅ |
 | Attack taxonomy (ATK series) | ❌ | ❌ | ❌ | ✅ |
 | SBOM output (CycloneDX + SPDX) | ❌ | ✅ | ❌ | ✅ |
 | SARIF v2.1 (GitHub Code Scanning) | ❌ | ❌ | ❌ | ✅ |
@@ -74,6 +77,7 @@ The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake
 | 🛡️ | **Zero telemetry** | No data leaves your machine. No cloud. No callbacks. |
 | 💾 | **Local scan history** | SQLite-backed persistence, zero external dependencies |
 | 🪝 | **Pre-commit hook** | Block threats before commit — one-liner install, scans `package-lock.json` changes |
+| 🤖 | **HF impersonation detection** | Detects typosquatted HuggingFace orgs (Jaro-Winkler), README clones (SimHash), artifact mismatches (`.exe` in model repos), and new-org amplifier — with lazy two-stage evaluation, zero network in Stage 1 |
 | 📎 | **Yarn + pnpm support** | `scan-lockfile` parses `yarn.lock` and `pnpm-lock.yaml` alongside `package-lock.json` |
 
 ---
@@ -283,9 +287,11 @@ npm-scan report --pdf             # all scans (premium)
 | **ATK-010** | Sandbox evasion / anti-analysis | Behavioral | 🟠 medium | SR-10.3 |
 | **ATK-011** | Transitive propagation (worm-style lateral spread) | Behavioral | 🔴 high | SR-11.4 |
 | **MEGALODON** | Megalodon CI/CD campaign — workflow C2 exfil, credential harvest, publish velocity spike, publisher drift | Static + Registry | ⚫ critical | SR-3.1, SR-7.5 |
+| **HF_IMPERSONATION** | HuggingFace org spoof detection — Jaro-Winkler similarity against 15 known-good orgs, SimHash README clone detection, artifact mismatch (`.exe`/`.dll` in model repos), postinstall escalation, new-org amplifier | Static + Network (Stage 2) | 🔴 high / ⚫ critical | SR-2.1 |
 
 > **How evasive attacks are caught:** ATK-009 detects packages that check `process.env.CI`, probe hostnames, or use time-based activation. ATK-010 flags `debugger` statements, `os.hostname()` probes, and env fingerprinting. ATK-011 traces peer dependency graphs to detect worm-like propagation patterns.  
 > **MEGALODON** campaign detection analyzes bundled `.github/workflows/` files for C2 co-occurrence and base64 decode chains, scans tarball files for credential + outbound network patterns, detects version publish velocity spikes via npm registry metadata, and identifies publisher account drift — all without any network calls beyond the initial package fetch.  
+> **HF_IMPERSONATION** detection uses a lazy two-stage evaluation: Stage 1 scans `package.json` scripts and JS/TS sources for HuggingFace references (URLs, `from_pretrained()`, `hub.download()`) and runs Jaro-Winkler similarity against 15 known-good HF orgs — zero network. If spoofs are found, Stage 2 fetches the HF model API, computes SimHash of both READMEs for clone detection, validates artifact type consistency (e.g., `transformers` library with `.exe` files is flagged as critical), applies a new-org amplifier (<30 days), and escalates when the reference appears in a lifecycle script.  
 > See [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md) for full evasion surface documentation and PoC examples.
 
 ---
@@ -632,7 +638,7 @@ See the [Docker quick-start section](#-run-lateosnpm-scan-anywhere-with-docker--
 
 ### Free tier (shipped)
 
-- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6)
+- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6) + **HF_IMPERSONATION** detector
 - SBOM output (CycloneDX + SPDX)
 - HTML, text, and compliance reports (NIST + EU CRA)
 - Policy-as-code engine (YAML)
@@ -701,6 +707,7 @@ node --test test/detectors-corpus.test.js
 - `test/report-snapshots.test.js` — HTML/text/CRA/PDF format assertions
 - `test/report.test.js` — SARIF, CSV, STIG, risk score format tests
 - `test/lockfile.test.js` — npm/yarn/pnpm parser, auto-detect, ATK-007/011 lockfile tests
+- `test/hf-impersonation.test.js` — 13 HF impersonation detection tests (no-ref, exact match, spoof, README clone, artifact mismatch, postinstall escalation, new-org tag)
 - `test/cli.test.js` — commander integration tests (help, version, scan, report, error handling)
 - `test/cli-lockfile.test.js` — scan-lockfile CLI options, yarn/pnpm/monorepo/watch tests
 

package/backend/detectors/hf-impersonation/index.js

@@ -0,0 +1,396 @@
+import { KNOWN_HF_ORGS } from './known-orgs.js';
+import { jaroWinkler } from './jaro-winkler.js';
+import { simhash, similarity as simhashSimilarity } from './simhash.js';
+
+const HF_URL_PATTERN = /(?:huggingface\.co|hf\.co)\/([^\/\s"'>]+)\/([^\/\s"'>]+)/g;
+const FROM_PRETRAINED_PATTERN = /from_pretrained\(\s*["']([^"']+\/[^"']+)["']/g;
+const HUB_DOWNLOAD_SINGLE = /hub\.download\(\s*["']([^"']+\/[^"']+)["']/g;
+const HUB_DOWNLOAD_DOUBLE = /hub\.download\(\s*["']([^"']+)["']\s*,\s*["']([^"']+)["']/g;
+
+const LIFECYCLE_SCRIPTS = new Set(['postinstall', 'prepare', 'install']);
+const API_BASE = 'https://huggingface.co';
+
+const SEVERITY_SCORE = { none: 0, low: 1, medium: 2, high: 3, critical: 4 };
+const SEVERITY_LABELS = ['none', 'low', 'medium', 'high', 'critical'];
+
+const HF_ARTIFACT_LIBS = new Set(['transformers', 'diffusers', 'sentence-transformers', 'gguf', 'safetensors']);
+const SUSPICIOUS_EXTENSIONS = /\.(exe|msi|bat|ps1|dll)$/i;
+
+const _cache = new Map();
+const CACHE_TTL = 3600 * 1000;
+let _lastFetchTime = 0;
+
+function severityIndex(sev) {
+  return SEVERITY_SCORE[sev] || 0;
+}
+
+function maxSeverity(a, b) {
+  return severityIndex(a) >= severityIndex(b) ? a : b;
+}
+
+function sleep(ms) {
+  return new Promise(r => setTimeout(r, ms));
+}
+
+async function fetchWithCache(url) {
+  const cached = _cache.get(url);
+  if (cached && Date.now() - cached.fetchedAt < CACHE_TTL) {
+    return cached.data;
+  }
+  const now = Date.now();
+  const elapsed = now - _lastFetchTime;
+  if (elapsed < 100) {
+    await sleep(100 - elapsed);
+  }
+  _lastFetchTime = Date.now();
+  let res;
+  try {
+    res = await fetch(url);
+    if (res.status === 429) {
+      const retryAfter = parseInt(res.headers.get('Retry-After') || '5', 10);
+      await sleep(retryAfter * 1000);
+      res = await fetch(url);
+    }
+    if (!res.ok) {
+      console.debug(`HF API warning: ${url} returned ${res.status}`);
+      return null;
+    }
+    const data = await res.json();
+    _cache.set(url, { data, fetchedAt: Date.now() });
+    return data;
+  } catch (err) {
+    console.debug(`HF API warning: ${err.message}`);
+    return null;
+  }
+}
+
+async function fetchReadme(url) {
+  const cached = _cache.get(url);
+  if (cached && Date.now() - cached.fetchedAt < CACHE_TTL) {
+    return cached.data;
+  }
+  const now = Date.now();
+  const elapsed = now - _lastFetchTime;
+  if (elapsed < 100) {
+    await sleep(100 - elapsed);
+  }
+  _lastFetchTime = Date.now();
+  try {
+    const res = await fetch(url);
+    if (res.status === 429) {
+      const retryAfter = parseInt(res.headers.get('Retry-After') || '5', 10);
+      await sleep(retryAfter * 1000);
+      const retryRes = await fetch(url);
+      if (!retryRes.ok) return null;
+      const text = await retryRes.text();
+      _cache.set(url, { data: text, fetchedAt: Date.now() });
+      return text;
+    }
+    if (!res.ok) return null;
+    const text = await res.text();
+    _cache.set(url, { data: text, fetchedAt: Date.now() });
+    return text;
+  } catch (err) {
+    console.debug(`HF README warning: ${err.message}`);
+    return null;
+  }
+}
+
+function findClosestOrg(spoofedOrg) {
+  const lowerOrg = String(spoofedOrg).toLowerCase();
+  let best = { org: null, score: 0 };
+  for (const known of KNOWN_HF_ORGS) {
+    const score = jaroWinkler(lowerOrg, known.toLowerCase());
+    if (score >= 0.82 && score > best.score) {
+      best = { org: known, score };
+    }
+  }
+  return best;
+}
+
+function extractHFTuples(pkgJson, allFiles) {
+  const tuples = new Set();
+  let postinstallFetchFlag = false;
+
+  const scripts = pkgJson?.scripts || {};
+  let m;
+  for (const [hook, script] of Object.entries(scripts)) {
+    if (typeof script !== 'string') continue;
+
+    HF_URL_PATTERN.lastIndex = 0;
+    while ((m = HF_URL_PATTERN.exec(script)) !== null) {
+      tuples.add(`${m[1]}/${m[2]}`);
+      if (LIFECYCLE_SCRIPTS.has(hook)) {
+        postinstallFetchFlag = true;
+      }
+    }
+
+    FROM_PRETRAINED_PATTERN.lastIndex = 0;
+    while ((m = FROM_PRETRAINED_PATTERN.exec(script)) !== null) {
+      tuples.add(m[1]);
+      if (LIFECYCLE_SCRIPTS.has(hook)) {
+        postinstallFetchFlag = true;
+      }
+    }
+
+    HUB_DOWNLOAD_SINGLE.lastIndex = 0;
+    while ((m = HUB_DOWNLOAD_SINGLE.exec(script)) !== null) {
+      tuples.add(m[1]);
+      if (LIFECYCLE_SCRIPTS.has(hook)) {
+        postinstallFetchFlag = true;
+      }
+    }
+
+    HUB_DOWNLOAD_DOUBLE.lastIndex = 0;
+    while ((m = HUB_DOWNLOAD_DOUBLE.exec(script)) !== null) {
+      tuples.add(`${m[1]}/${m[2]}`);
+      if (LIFECYCLE_SCRIPTS.has(hook)) {
+        postinstallFetchFlag = true;
+      }
+    }
+  }
+
+  if (allFiles) {
+    for (const file of allFiles) {
+      if (!file.path?.match(/\.(js|ts|jsx|tsx|mjs|cjs)$/i)) continue;
+      const content = typeof file.content === 'string' ? file.content : '';
+
+      HF_URL_PATTERN.lastIndex = 0;
+      while ((m = HF_URL_PATTERN.exec(content)) !== null) {
+        tuples.add(`${m[1]}/${m[2]}`);
+      }
+
+      FROM_PRETRAINED_PATTERN.lastIndex = 0;
+      while ((m = FROM_PRETRAINED_PATTERN.exec(content)) !== null) {
+        tuples.add(m[1]);
+      }
+
+      HUB_DOWNLOAD_SINGLE.lastIndex = 0;
+      while ((m = HUB_DOWNLOAD_SINGLE.exec(content)) !== null) {
+        tuples.add(m[1]);
+      }
+
+      HUB_DOWNLOAD_DOUBLE.lastIndex = 0;
+      while ((m = HUB_DOWNLOAD_DOUBLE.exec(content)) !== null) {
+        tuples.add(`${m[1]}/${m[2]}`);
+      }
+    }
+  }
+
+  return { tuples, postinstallFetchFlag };
+}
+
+function buildHFOrgSpoofFinding(referencedRepo, org, canonicalOrg, similarityScore, postinstallFetchFlag, tags, hfMeta) {
+  const finding = {
+    id: 'HF_ORG_SPOOF',
+    severity: 'high',
+    title: 'HuggingFace org impersonation',
+    description: `Repository "${referencedRepo}" references org "${org}" which is similar to known HF org "${canonicalOrg.org}" (similarity: ${similarityScore.toFixed(3)})`,
+    evidence: JSON.stringify({
+      referencedRepo,
+      canonicalOrg: canonicalOrg.org,
+      similarityScore,
+      tags: tags || [],
+    }),
+    referencedRepo,
+    canonicalOrg: canonicalOrg.org,
+    similarityScore,
+    tags: tags || [],
+    ipiClass: 'SUPPLY_CHAIN',
+  };
+  if (hfMeta) {
+    finding.hfMeta = hfMeta;
+  }
+  return finding;
+}
+
+async function runStage2(spoofFindings, orgsToCheck, postinstallFetchFlag) {
+  const newFindings = [];
+
+  for (const [referencedRepo, { org, canonicalOrg, similarityScore, finding }] of orgsToCheck) {
+    const tags = [];
+    let hfMeta = null;
+
+    const modelUrl = `${API_BASE}/api/models/${referencedRepo}`;
+    const canonicalUrl = canonicalOrg.org !== org ? `${API_BASE}/api/models/${canonicalOrg.org}/${referencedRepo.split('/')[1]}` : null;
+    const userUrl = `${API_BASE}/api/users/${org}`;
+
+    const spoofedModel = await fetchWithCache(modelUrl);
+    const canonicalModel = canonicalUrl ? await fetchWithCache(canonicalUrl) : null;
+    const userData = await fetchWithCache(userUrl);
+
+    // Org age check for NEW_ORG tag
+    if (userData?.dateCreated) {
+      const created = new Date(userData.dateCreated);
+      const ageDays = (Date.now() - created.getTime()) / (1000 * 60 * 60 * 24);
+      hfMeta = {
+        orgAgeDays: Math.round(ageDays),
+        repoDownloads: spoofedModel?.downloads ?? 0,
+      };
+      if (ageDays < 30) {
+        tags.push('NEW_ORG');
+      }
+    }
+
+    // README clone check
+    if (canonicalOrg.org !== org) {
+      const readmeSpoof = await fetchReadme(`${API_BASE}/${referencedRepo}/resolve/main/README.md`);
+      const readmeCanonical = await fetchReadme(`${API_BASE}/${canonicalOrg.org}/${referencedRepo.split('/')[1]}/resolve/main/README.md`);
+
+      if (readmeSpoof && readmeCanonical) {
+        const fp1 = simhash(readmeSpoof);
+        const fp2 = simhash(readmeCanonical);
+        const simScore = simhashSimilarity(fp1, fp2);
+
+        if (simScore >= 0.9) {
+          const readmeFinding = {
+            id: 'HF_README_CLONE',
+            severity: 'high',
+            title: 'HuggingFace README clone',
+            description: `README of "${referencedRepo}" is highly similar (${(simScore * 100).toFixed(1)}%) to canonical org "${canonicalOrg.org}/${referencedRepo.split('/')[1]}"`,
+            evidence: JSON.stringify({
+              referencedRepo,
+              canonicalOrg: canonicalOrg.org,
+              similarityScore: simScore,
+              tags: [],
+            }),
+            referencedRepo,
+            canonicalOrg: canonicalOrg.org,
+            similarityScore: simScore,
+            tags: [],
+            ipiClass: 'SUPPLY_CHAIN',
+          };
+          if (hfMeta) readmeFinding.hfMeta = hfMeta;
+          newFindings.push(readmeFinding);
+        }
+      }
+    }
+
+    // Artifact mismatch check
+    if (spoofedModel?.cardData?.library_name && spoofedModel?.siblings) {
+      const libName = spoofedModel.cardData.library_name;
+      if (HF_ARTIFACT_LIBS.has(libName)) {
+        for (const sibling of spoofedModel.siblings) {
+          const fn = sibling.rfilename || '';
+          if (SUSPICIOUS_EXTENSIONS.test(fn)) {
+            const artifactFinding = {
+              id: 'HF_ARTIFACT_MISMATCH',
+              severity: 'critical',
+              title: 'HF artifact mismatch — suspicious binary in model repo',
+              description: `Model "${referencedRepo}" declares library "${libName}" but contains suspicious file "${fn}"`,
+              evidence: JSON.stringify({
+                referencedRepo,
+                artifactConflict: { declaredType: libName, suspiciousFilename: fn },
+                tags: [],
+              }),
+              referencedRepo,
+              artifactConflict: { declaredType: libName, suspiciousFilename: fn },
+              tags: [],
+              ipiClass: 'SUPPLY_CHAIN',
+            };
+            if (hfMeta) artifactFinding.hfMeta = hfMeta;
+            newFindings.push(artifactFinding);
+            break;
+          }
+        }
+      }
+    }
+
+    // Apply NEW_ORG and POSTINSTALL_FETCH tags to all findings for this repo
+    const repoSpoofFindings = spoofFindings.filter(f => f.referencedRepo === referencedRepo);
+    for (const sf of repoSpoofFindings) {
+      if (tags.length > 0) {
+        if (!sf.tags) sf.tags = [];
+        for (const t of tags) {
+          if (!sf.tags.includes(t)) sf.tags.push(t);
+        }
+      }
+      if (hfMeta) {
+        sf.hfMeta = hfMeta;
+      }
+    }
+    for (const nf of newFindings) {
+      if (nf.referencedRepo === referencedRepo) {
+        if (tags.length > 0) {
+          if (!nf.tags) nf.tags = [];
+          for (const t of tags) {
+            if (!nf.tags.includes(t)) nf.tags.push(t);
+          }
+        }
+      }
+    }
+  }
+
+  // POSTINSTALL_FETCH escalation
+  if (postinstallFetchFlag) {
+    const allStage2Findings = [...spoofFindings, ...newFindings];
+    const escalatedRepos = new Set();
+    for (const f of allStage2Findings) {
+      if (f.referencedRepo) escalatedRepos.add(f.referencedRepo);
+    }
+    for (const f of allStage2Findings) {
+      if (escalatedRepos.has(f.referencedRepo)) {
+        if (severityIndex(f.severity) < severityIndex('critical')) {
+          f.severity = 'critical';
+        }
+        if (!f.tags) f.tags = [];
+        if (!f.tags.includes('POSTINSTALL_ESCALATED')) {
+          f.tags.push('POSTINSTALL_ESCALATED');
+        }
+      }
+    }
+  }
+
+  return newFindings;
+}
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const { tuples, postinstallFetchFlag } = extractHFTuples(pkgJson, allFiles || files);
+
+  if (tuples.size === 0) return [];
+
+  // Stage 1: org spoof detection (local only)
+  const spoofFindings = [];
+  const orgsToCheck = []; // [referencedRepo, { org, canonicalOrg, similarityScore, finding }]
+
+  for (const tuple of tuples) {
+    const parts = tuple.split('/');
+    if (parts.length < 2) continue;
+    const org = parts[0];
+
+    const canonicalOrg = findClosestOrg(org);
+    if (!canonicalOrg.org) continue;
+    if (org.toLowerCase() === canonicalOrg.org.toLowerCase()) continue;
+
+    const finding = buildHFOrgSpoofFinding(tuple, org, canonicalOrg, canonicalOrg.score, postinstallFetchFlag, []);
+    spoofFindings.push(finding);
+    orgsToCheck.push([tuple, { org, canonicalOrg, similarityScore: canonicalOrg.score, finding }]);
+  }
+
+  if (spoofFindings.length === 0) return [];
+
+  // Stage 2: network checks
+  const stage2Findings = await runStage2(spoofFindings, orgsToCheck, postinstallFetchFlag);
+
+  // Deduplicate POSTINSTALL_ESCALATED tag in evidence
+  for (const f of [...spoofFindings, ...stage2Findings]) {
+    if (f.tags && f.tags.length > 0) {
+      try {
+        const ev = JSON.parse(f.evidence);
+        ev.tags = [...f.tags];
+        f.evidence = JSON.stringify(ev);
+      } catch {
+        // evidence wasn't JSON, leave as-is
+      }
+    }
+  }
+
+  return [...spoofFindings, ...stage2Findings];
+}
+
+export function clearCache() {
+  _cache.clear();
+  _lastFetchTime = 0;
+}
+
+export { KNOWN_HF_ORGS, jaroWinkler, simhash, simhashSimilarity };

package/backend/detectors/hf-impersonation/jaro-winkler.js

@@ -0,0 +1,44 @@
+export function jaroWinkler(s1, s2) {
+  if (s1 === s2) return 1;
+  const len1 = s1.length, len2 = s2.length;
+  if (len1 === 0 || len2 === 0) return 0;
+
+  const matchDist = Math.floor(Math.max(len1, len2) / 2) - 1;
+  const matches1 = new Array(len1).fill(false);
+  const matches2 = new Array(len2).fill(false);
+  let matches = 0;
+
+  for (let i = 0; i < len1; i++) {
+    const start = Math.max(0, i - matchDist);
+    const end = Math.min(len2, i + matchDist + 1);
+    for (let j = start; j < end; j++) {
+      if (matches2[j]) continue;
+      if (s1[i] !== s2[j]) continue;
+      matches1[i] = true;
+      matches2[j] = true;
+      matches++;
+      break;
+    }
+  }
+
+  if (matches === 0) return 0;
+
+  let transpositions = 0, k = 0;
+  for (let i = 0; i < len1; i++) {
+    if (!matches1[i]) continue;
+    while (!matches2[k]) k++;
+    if (s1[i] !== s2[k]) transpositions++;
+    k++;
+  }
+
+  const jaro = (matches / len1 + matches / len2 + (matches - transpositions / 2) / matches) / 3;
+
+  let prefix = 0;
+  const maxPrefix = Math.min(4, len1, len2);
+  for (let i = 0; i < maxPrefix; i++) {
+    if (s1[i] === s2[i]) prefix++;
+    else break;
+  }
+
+  return jaro + prefix * 0.1 * (1 - jaro);
+}

package/backend/detectors/hf-impersonation/known-orgs.js

@@ -0,0 +1,5 @@
+export const KNOWN_HF_ORGS = [
+  'openai', 'meta-llama', 'mistralai', 'google', 'microsoft',
+  'stabilityai', 'EleutherAI', 'huggingface', 'tiiuae', 'cohere',
+  'anthropic', 'deepseek-ai', 'Qwen', 'NousResearch', 'teknium',
+];

package/backend/detectors/hf-impersonation/simhash.js

@@ -0,0 +1,46 @@
+function hashToken(str) {
+  let hash = 5381;
+  for (let i = 0; i < str.length; i++) {
+    hash = ((hash << 5) + hash) + str.charCodeAt(i);
+    hash = hash & hash;
+  }
+  return hash >>> 0;
+}
+
+export function simhash(text) {
+  const v = new Array(64).fill(0);
+  const tokens = text.toLowerCase().split(/\s+/).filter(Boolean);
+
+  for (const token of tokens) {
+    const h = hashToken(token);
+    for (let i = 0; i < 64; i++) {
+      if ((h >> i) & 1) {
+        v[i] += 1;
+      } else {
+        v[i] -= 1;
+      }
+    }
+  }
+
+  let fingerprint = 0n;
+  for (let i = 0; i < 64; i++) {
+    if (v[i] > 0) {
+      fingerprint |= (1n << BigInt(i));
+    }
+  }
+  return fingerprint;
+}
+
+export function hammingDistance(a, b) {
+  let xor = a ^ b;
+  let count = 0;
+  while (xor > 0n) {
+    count += Number(xor & 1n);
+    xor >>= 1n;
+  }
+  return count;
+}
+
+export function similarity(a, b) {
+  return 1 - hammingDistance(a, b) / 64;
+}

package/backend/detectors/index.js

@@ -10,6 +10,8 @@ import * as atk009 from './atk-009-dormant-trigger.js';
 import * as atk010 from './atk-010-sandbox-evasion.js';
 import * as atk011 from './atk-011-transitive-prop.js';
 import { scanAll as megalodonScan } from './megalodon/index.js';
+import { scan as hfScan } from './hf-impersonation/index.js';
+import { scan as miniShaiHuludScan } from './mini-shai-hulud/index.js';
 
 export async function runAll(pkgJson, files = [], registryMeta = null, allFiles = null) {
   const findings = [];
@@ -25,5 +27,7 @@ export async function runAll(pkgJson, files = [], registryMeta = null, allFiles
   findings.push(...await atk010.scan(pkgJson, files));
   findings.push(...await atk011.scan(pkgJson, files));
   findings.push(...await megalodonScan(pkgJson, allFiles || files, registryMeta));
+  findings.push(...await hfScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await miniShaiHuludScan(pkgJson, files, registryMeta, allFiles || files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/backend/detectors/mini-shai-hulud/d1-burst-publish.js

@@ -0,0 +1,42 @@
+export async function checkBurstPublish(registryMeta, config = {}) {
+  const windowMinutes = config.burstWindowMinutes ?? 30;
+  const threshold = config.burstVersionThreshold ?? 3;
+
+  const times = registryMeta?.time || {};
+  const entries = Object.entries(times)
+    .filter(([v]) => v !== 'created' && v !== 'modified')
+    .filter(([, t]) => t)
+    .map(([v, t]) => [v, new Date(t).getTime()])
+    .filter(([, ts]) => !Number.isNaN(ts))
+    .sort((a, b) => a[1] - b[1]);
+
+  if (entries.length === 0) return { triggered: false };
+
+  const windowMs = windowMinutes * 60 * 1000;
+
+  for (let i = 0; i < entries.length; i++) {
+    const windowStart = entries[i][1];
+    const windowEnd = windowStart + windowMs;
+    const inWindow = [];
+
+    for (let j = i; j < entries.length; j++) {
+      if (entries[j][1] <= windowEnd) {
+        inWindow.push(entries[j][0]);
+      } else {
+        break;
+      }
+    }
+
+    if (inWindow.length >= threshold) {
+      return {
+        triggered: true,
+        windowStart: new Date(windowStart).toISOString(),
+        windowEnd: new Date(windowEnd).toISOString(),
+        versionCount: inWindow.length,
+        versions: inWindow,
+      };
+    }
+  }
+
+  return { triggered: false };
+}

package/backend/detectors/mini-shai-hulud/d2-sibling-compromise.js

@@ -0,0 +1,116 @@
+const siblingCache = new Map();
+
+export function clearSiblingCache() {
+  siblingCache.clear();
+}
+
+function checkBurstOnTimeMap(timeMap, windowMinutes, threshold) {
+  const entries = Object.entries(timeMap)
+    .filter(([v]) => v !== 'created' && v !== 'modified')
+    .filter(([, t]) => t)
+    .map(([v, t]) => [v, new Date(t).getTime()])
+    .filter(([, ts]) => !Number.isNaN(ts))
+    .sort((a, b) => a[1] - b[1]);
+
+  if (entries.length === 0) return null;
+
+  const windowMs = windowMinutes * 60 * 1000;
+
+  for (let i = 0; i < entries.length; i++) {
+    const wStart = entries[i][1];
+    const wEnd = wStart + windowMs;
+    const inWindow = [];
+
+    for (let j = i; j < entries.length; j++) {
+      if (entries[j][1] <= wEnd) {
+        inWindow.push(entries[j][0]);
+      } else {
+        break;
+      }
+    }
+
+    if (inWindow.length >= threshold) {
+      return {
+        windowStart: new Date(wStart).toISOString(),
+        windowEnd: new Date(wEnd).toISOString(),
+        versionCount: inWindow.length,
+      };
+    }
+  }
+
+  return null;
+}
+
+export async function checkSiblingCompromise(pkgJson, config = {}) {
+  const windowMinutes = config.burstWindowMinutes ?? 30;
+  const threshold = config.burstVersionThreshold ?? 3;
+
+  const deps = {
+    ...pkgJson.dependencies,
+    ...pkgJson.devDependencies,
+    ...pkgJson.peerDependencies,
+  };
+
+  const scopedDeps = {};
+  for (const name of Object.keys(deps)) {
+    if (name.startsWith('@')) {
+      const scope = name.split('/')[0];
+      if (!scopedDeps[scope]) scopedDeps[scope] = [];
+      scopedDeps[scope].push(name);
+    }
+  }
+
+  if (Object.keys(scopedDeps).length === 0) return { triggered: false };
+
+  const results = [];
+
+  for (const [scope, packages] of Object.entries(scopedDeps)) {
+    if (packages.length < 2) continue;
+
+    const burstSiblings = [];
+
+    for (const pkg of packages) {
+      let timeData = siblingCache.get(pkg);
+      if (!timeData) {
+        try {
+          const url = `https://registry.npmjs.org/${encodeURIComponent(pkg)}`;
+          const res = await fetch(url);
+          if (!res.ok) continue;
+          const data = await res.json();
+          timeData = data.time || {};
+          siblingCache.set(pkg, timeData);
+        } catch {
+          continue;
+        }
+      }
+
+      const burstInfo = checkBurstOnTimeMap(timeData, windowMinutes, threshold);
+      if (burstInfo) {
+        burstSiblings.push({ name: pkg, ...burstInfo });
+      }
+    }
+
+    if (burstSiblings.length >= 2) {
+      const windows = burstSiblings.map(s => ({
+        start: new Date(s.windowStart).getTime(),
+        end: new Date(s.windowEnd).getTime(),
+      }));
+
+      const overlapStart = Math.max(...windows.map(w => w.start));
+      const overlapEnd = Math.min(...windows.map(w => w.end));
+
+      if (overlapStart < overlapEnd) {
+        results.push({
+          triggered: true,
+          scope,
+          siblingPackages: burstSiblings.map(s => s.name),
+          windowStart: new Date(overlapStart).toISOString(),
+          windowEnd: new Date(overlapEnd).toISOString(),
+        });
+      }
+    }
+  }
+
+  if (results.length === 0) return { triggered: false };
+  return { triggered: true, results };
+}

package/backend/detectors/mini-shai-hulud/d3-slsa-mismatch.js

@@ -0,0 +1,72 @@
+export async function checkSlsaMismatch(packageName, version, burstWindow, timeMap = {}, config = {}) {
+  if (!burstWindow?.triggered) return { triggered: false };
+
+  const anomalies = [];
+  const publishTime = timeMap?.[version];
+  if (!publishTime) return { triggered: false };
+
+  try {
+    const url = `https://registry.npmjs.org/-/npm/v1/attestations/${encodeURIComponent(packageName)}/${encodeURIComponent(version)}`;
+    const res = await fetch(url);
+    if (!res.ok) return { triggered: false };
+
+    const data = await res.json();
+    const attestations = data?.attestations || [];
+    if (attestations.length === 0) return { triggered: false };
+
+    const publishMs = new Date(publishTime).getTime();
+    if (Number.isNaN(publishMs)) return { triggered: false };
+
+    // Check if this is the first-ever attested version for this package
+    const allVersions = Object.keys(timeMap).filter(v => v !== 'created' && v !== 'modified');
+    const currentIdx = allVersions.indexOf(version);
+    let prevHadAttestation = false;
+
+    if (currentIdx > 0) {
+      const priorVersions = allVersions.slice(0, currentIdx).slice(-2);
+      for (const pv of priorVersions) {
+        try {
+          const purl = `https://registry.npmjs.org/-/npm/v1/attestations/${encodeURIComponent(packageName)}/${encodeURIComponent(pv)}`;
+          const pres = await fetch(purl);
+          if (pres.ok) {
+            const pdata = await pres.json();
+            if (pdata?.attestations?.length > 0) {
+              prevHadAttestation = true;
+              break;
+            }
+          }
+        } catch {
+          // skip prior version check
+        }
+      }
+
+      if (!prevHadAttestation && priorVersions.length > 0) {
+        anomalies.push(`First-ever SLSA attestation for ${packageName}, published in burst window`);
+      }
+    }
+
+    for (const att of attestations) {
+      const ts = att?.timestamp;
+      if (ts) {
+        const attMs = new Date(ts).getTime();
+        if (!Number.isNaN(attMs) && attMs >= publishMs && (attMs - publishMs) < 60000) {
+          const gapMs = attMs - publishMs;
+          anomalies.push(`Sub-60s attestation gap for ${version}: ${gapMs}ms`);
+        }
+      }
+
+      const builderId = att?.predicate?.runDetails?.builder?.id;
+      if (builderId) {
+        const knownPrefixes = ['https://github.com/', 'https://gitlab.com/', 'https://circleci.com/'];
+        const isKnown = knownPrefixes.some(p => builderId.startsWith(p));
+        if (!isKnown) {
+          anomalies.push(`Unrecognized builder ID for ${version}: ${builderId}`);
+        }
+      }
+    }
+  } catch {
+    return { triggered: false };
+  }
+
+  return { triggered: anomalies.length > 0, anomalies };
+}

package/backend/detectors/mini-shai-hulud/d4-maintainer-anomaly.js

@@ -0,0 +1,45 @@
+export async function checkMaintainerAnomaly(registryMeta, config = {}) {
+  const versions = registryMeta?.versions || {};
+  const timeMap = registryMeta?.time || {};
+
+  const sorted = Object.entries(timeMap)
+    .filter(([v]) => v !== 'created' && v !== 'modified')
+    .filter(([, t]) => t)
+    .map(([v, t]) => ({
+      version: v,
+      time: new Date(t).getTime(),
+      user: versions[v]?._npmUser?.name,
+    }))
+    .filter(e => !Number.isNaN(e.time) && e.user)
+    .sort((a, b) => a.time - b.time);
+
+  if (sorted.length < 2) return { triggered: false };
+
+  for (let i = 1; i < sorted.length; i++) {
+    const prev = sorted[i - 1];
+    const curr = sorted[i];
+
+    if (curr.user !== prev.user) {
+      const gapMinutes = (curr.time - prev.time) / (1000 * 60);
+      if (gapMinutes <= 10) {
+        const newUserVersions = sorted.filter(e => e.user === curr.user);
+        if (newUserVersions.length >= 2) {
+          return {
+            triggered: true,
+            signals: [{
+              type: 'PUBLISHER_DRIFT_RAPID',
+              previousPublisher: prev.user,
+              newPublisher: curr.user,
+              gapMinutes,
+              newUserVersionCount: newUserVersions.length,
+              driftVersion: curr.version,
+              driftWindowStart: new Date(curr.time).toISOString(),
+            }],
+          };
+        }
+      }
+    }
+  }
+
+  return { triggered: false };
+}

package/backend/detectors/mini-shai-hulud/d5-ioc-check.js

@@ -0,0 +1,95 @@
+import { readFileSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+let iocsData = null;
+let iocsLoaded = false;
+let iocLoadError = null;
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const IOC_PATH = join(__dirname, 'iocs.json');
+
+function loadIOCData() {
+  if (iocsLoaded) return iocsData;
+  iocsLoaded = true;
+  try {
+    iocsData = JSON.parse(readFileSync(IOC_PATH, 'utf8'));
+  } catch (err) {
+    iocLoadError = err;
+    iocsData = null;
+  }
+  return iocsData;
+}
+
+export function getIOCLoadError() {
+  return iocLoadError;
+}
+
+export function reloadIOCData() {
+  iocsLoaded = false;
+  iocLoadError = null;
+  return loadIOCData();
+}
+
+export async function checkIOC(pkgName, pkgVersion, sha512, publisherAccount, timeMap = {}) {
+  const data = loadIOCData();
+  if (!data) return { triggered: false, matches: [] };
+
+  const matches = [];
+  const allIOCs = [];
+
+  allIOCs.push(...(data.iocs || []));
+
+  for (const waveKey of Object.keys(data.waves || {})) {
+    const wave = data.waves[waveKey];
+    const waveNum = waveKey === 'wave1' ? 1 : 2;
+    for (const ioc of (wave.iocs || [])) {
+      allIOCs.push({ ...ioc, wave: waveNum });
+    }
+  }
+
+  for (const ioc of allIOCs) {
+    switch (ioc.type) {
+      case 'packageName': {
+        if (ioc.value === pkgName) {
+          if (!ioc.maliciousVersions || ioc.maliciousVersions.length === 0 || ioc.maliciousVersions.includes(pkgVersion)) {
+            matches.push({ type: 'packageName', value: pkgName, wave: ioc.wave });
+          }
+        }
+        break;
+      }
+
+      case 'packageScope': {
+        if (pkgName.startsWith(ioc.value)) {
+          matches.push({ type: 'packageScope', value: ioc.value, wave: ioc.wave });
+        }
+        break;
+      }
+
+      case 'sha512': {
+        if (ioc.value === sha512 && ioc.package === pkgName) {
+          matches.push({ type: 'sha512', value: sha512, wave: ioc.wave, package: pkgName });
+        }
+        break;
+      }
+
+      case 'publisherAccount': {
+        if (ioc.value === publisherAccount) {
+          const pubTime = new Date(timeMap?.[pkgVersion]).getTime();
+          const windowStart = new Date(ioc.compromiseWindowStart).getTime();
+          const windowEnd = ioc.compromiseWindowEnd
+            ? new Date(ioc.compromiseWindowEnd).getTime()
+            : Infinity;
+
+          if (!Number.isNaN(pubTime) && pubTime >= windowStart && pubTime <= windowEnd) {
+            matches.push({ type: 'publisherAccount', value: publisherAccount, wave: ioc.wave });
+          }
+        }
+        break;
+      }
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/mini-shai-hulud/d6-token-exfil.js

@@ -0,0 +1,38 @@
+const EXFIL_PATTERNS = [
+  /NPM_TOKEN|NODE_AUTH_TOKEN|GH_TOKEN|GITHUB_TOKEN|npm_token|node_auth_token/i,
+  /~\/(\.npmrc|\.gitconfig|\.aws\/credentials)/,
+  /\/run\/secrets\//,
+  /\$GITHUB_ENV/,
+  /process\.env\.(NPM_TOKEN|NODE_AUTH_TOKEN|GH_TOKEN|GITHUB_TOKEN)/,
+  /Buffer\.from\s*\([^)]*\)\s*\.\s*toString\s*\(\s*['"]base64['"]\s*\)/,
+  /\batob\s*\(/,
+  /\bbtoa\s*\(/,
+];
+
+const SUSPICIOUS_SCRIPTS = ['preinstall', 'install', 'postinstall', 'prepare'];
+
+const MAX_SNIPPET_LENGTH = 200;
+
+function truncateSnippet(text) {
+  if (text.length <= MAX_SNIPPET_LENGTH) return text;
+  return text.slice(0, MAX_SNIPPET_LENGTH - 3) + '...';
+}
+
+export function checkTokenExfil(allFiles, pkgJson) {
+  const scripts = pkgJson?.scripts || {};
+  const snippets = [];
+
+  for (const hook of SUSPICIOUS_SCRIPTS) {
+    const scriptContent = scripts[hook];
+    if (!scriptContent) continue;
+
+    for (const pattern of EXFIL_PATTERNS) {
+      if (pattern.test(scriptContent)) {
+        snippets.push(truncateSnippet(scriptContent));
+        break;
+      }
+    }
+  }
+
+  return { triggered: snippets.length > 0, snippets };
+}

package/backend/detectors/mini-shai-hulud/index.js

@@ -0,0 +1,80 @@
+import { checkBurstPublish } from './d1-burst-publish.js';
+import { checkSiblingCompromise, clearSiblingCache } from './d2-sibling-compromise.js';
+import { checkSlsaMismatch } from './d3-slsa-mismatch.js';
+import { checkMaintainerAnomaly } from './d4-maintainer-anomaly.js';
+import { checkIOC } from './d5-ioc-check.js';
+import { checkTokenExfil } from './d6-token-exfil.js';
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const config = {};
+
+  const burstResult = await checkBurstPublish(registryMeta, config);
+  const maintainerResult = await checkMaintainerAnomaly(registryMeta, config);
+
+  const pkgName = pkgJson?.name || '';
+  const pkgVersion = pkgJson?.version || '';
+  const sha512 = registryMeta?.versions?.[pkgVersion]?.dist?.integrity || null;
+  const publisherAccount = registryMeta?.versions?.[pkgVersion]?._npmUser?.name || null;
+  const timeMap = registryMeta?.time || {};
+
+  const iocResult = await checkIOC(pkgName, pkgVersion, sha512, publisherAccount, timeMap);
+  const exfilResult = checkTokenExfil(allFiles || files, pkgJson);
+
+  let siblingResult = { triggered: false };
+  let slsaResult = { triggered: false };
+
+  if (burstResult.triggered) {
+    siblingResult = await checkSiblingCompromise(pkgJson, config);
+    slsaResult = await checkSlsaMismatch(pkgName, pkgVersion, burstResult, timeMap, config);
+  }
+
+  const triggeredChecks = [];
+  if (burstResult.triggered) triggeredChecks.push('D1_BURST');
+  if (siblingResult.triggered) triggeredChecks.push('D2_SIBLING');
+  if (slsaResult.triggered) triggeredChecks.push('D3_SLSA');
+  if (maintainerResult.triggered) triggeredChecks.push('D4_MAINTAINER');
+  if (iocResult.triggered) triggeredChecks.push('D5_IOC');
+  if (exfilResult.triggered) triggeredChecks.push('D6_EXFIL');
+
+  if (triggeredChecks.length === 0) return [];
+
+  let waveAttribution = 'unknown';
+  if (pkgName.startsWith('@tanstack')) {
+    waveAttribution = 'wave1-tanstack';
+  } else if (pkgName.startsWith('@antv')) {
+    waveAttribution = 'wave2-antv';
+  } else if (iocResult.matches && iocResult.matches.length > 0) {
+    const waves = [...new Set(iocResult.matches.map(m => m.wave))];
+    if (waves.length === 1) {
+      waveAttribution = waves[0] === 1 ? 'wave1-tanstack' : 'wave2-antv';
+    }
+  }
+
+  const isCritical = slsaResult.triggered || iocResult.triggered;
+
+  const evidence = {
+    campaign: 'MINI_SHAI_HULUD',
+    waveAttribution,
+    triggeredChecks,
+    burstWindow: burstResult.triggered
+      ? { start: burstResult.windowStart, end: burstResult.windowEnd, versionCount: burstResult.versionCount }
+      : null,
+    siblingPackages: siblingResult.triggered
+      ? siblingResult.results.flatMap(r => r.siblingPackages)
+      : null,
+    attestationAnomalies: slsaResult.triggered ? slsaResult.anomalies : null,
+    iocMatches: iocResult.triggered ? iocResult.matches : null,
+    installScriptSnippets: exfilResult.triggered ? exfilResult.snippets : null,
+  };
+
+  return [{
+    id: 'MINI_SHAI_HULUD',
+    severity: isCritical ? 'critical' : 'high',
+    title: 'Mini Shai-Hulud worm campaign',
+    description: `${triggeredChecks.length} signal(s): ${triggeredChecks.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: 'Revoke all npm tokens immediately. Rotate CI/CD secrets. Audit maintainer access on all scoped packages. Review recent version publish history for anomalous bursts. Check for postinstall scripts accessing credentials or environment variables. If Wave 1 (TanStack scope): inspect GitHub Actions workflow logs for unauthorized build steps. If Wave 2 (atool/AntV scope): rotate all npm tokens associated with @antv/* packages.',
+  }];
+}
+
+export { clearSiblingCache } from './d2-sibling-compromise.js';

package/backend/detectors/mini-shai-hulud/iocs.json

@@ -0,0 +1,47 @@
+{
+  "lastUpdated": "2026-05-24T00:00:00.000Z",
+  "waves": {
+    "wave1": {
+      "id": "mini-shai-hulud-wave1",
+      "description": "TanStack CI/CD hijack (mid-May 2026) — 84 malicious versions across 42 packages in ~6 minutes via compromised GitHub Actions CI. Forged SLSA BL3 provenance attestations.",
+      "windowMinutes": 6,
+      "iocs": [
+        {
+          "type": "packageScope",
+          "value": "@tanstack",
+          "maliciousVersionRanges": [],
+          "notes": "Seed IOC — update from threat intel feed. Affected: @tanstack/router, @tanstack/react-router, @tanstack/query, @tanstack/form, @tanstack/store, @tanstack/virtual, @tanstack/ranger, @tanstack/table."
+        }
+      ]
+    },
+    "wave2": {
+      "id": "mini-shai-hulud-wave2",
+      "description": "AntV/atool maintainer account compromise (late May 2026) — 600+ malicious versions across 300+ packages in ~22 minutes. ~16M weekly download blast radius.",
+      "windowMinutes": 22,
+      "iocs": [
+        {
+          "type": "publisherAccount",
+          "value": "atool",
+          "compromiseWindowStart": "2026-05-20T00:00:00.000Z",
+          "compromiseWindowEnd": null,
+          "notes": "Seed IOC — compromised @antv/atool maintainer account. Update compromise window from threat intel."
+        },
+        {
+          "type": "packageScope",
+          "value": "@antv",
+          "maliciousVersionRanges": [],
+          "notes": "Blast radius: @antv/g2, @antv/g6, @antv/x6, @antv/l7, echarts-for-react, timeago.js. Seed IOC — update from threat intel."
+        }
+      ]
+    }
+  },
+  "iocs": [
+    {
+      "type": "sha512",
+      "value": "sha512-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+      "package": "@antv/g2",
+      "wave": 2,
+      "notes": "Placeholder sha512 — replace with actual SHA-512 integrity hash from npm dist.integrity of a confirmed malicious version."
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.15.2",
+  "version": "0.15.4",
   "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
   "main": "backend/index.js",
   "bin": {