@lateos/npm-scan 0.15.4 → 0.15.6

package/backend/detectors/cve-2026-48710-badhost/manifest.js

@@ -0,0 +1,305 @@
+import { directDependencyFinding, directDependencyUnpinnedFinding } from './findings.js';
+
+function parseReqTxtLine(line) {
+  const trimmed = line.trim();
+  if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) return null;
+  const idx = trimmed.indexOf('#');
+  const spec = idx >= 0 ? trimmed.slice(0, idx).trim() : trimmed;
+  if (!spec || !spec.startsWith('starlette')) return null;
+
+  const eqIdx = spec.indexOf('==');
+  const geIdx = spec.indexOf('>=');
+  const tildeIdx = spec.indexOf('~=');
+  const ltIdx = spec.indexOf('<');
+
+  if (eqIdx >= 0) {
+    const ver = spec.slice(eqIdx + 2).trim();
+    return { name: 'starlette', version: ver, specifier: `==${ver}` };
+  }
+  if (geIdx >= 0) {
+    const rest = spec.slice(geIdx + 2).trim();
+    const parts = rest.split(',');
+    const lower = parts[0]?.trim();
+    const upper = parts[1]?.trim();
+    let specStr = `>=${lower}`;
+    if (upper && upper.startsWith('<')) specStr += `,${upper}`;
+    return { name: 'starlette', version: lower, specifier: specStr };
+  }
+  if (tildeIdx >= 0) {
+    const ver = spec.slice(tildeIdx + 2).trim();
+    return { name: 'starlette', version: ver, specifier: `~=${ver}` };
+  }
+  if (ltIdx >= 0) {
+    const ver = spec.slice(ltIdx + 1).trim();
+    const name = 'starlette';
+    return { name, version: ver, specifier: `<${ver}` };
+  }
+
+  const rest = spec.slice('starlette'.length).trim();
+  if (!rest) return { name: 'starlette', version: null, specifier: null };
+
+  if (!rest.includes('=') && !rest.includes('<') && !rest.includes('>') && !rest.includes('~') && !rest.includes('!')) {
+    return { name: 'starlette', version: rest, specifier: rest };
+  }
+
+  return null;
+}
+
+export function parseRequirementsTxt(content) {
+  const lines = content.split('\n');
+  for (const line of lines) {
+    const result = parseReqTxtLine(line);
+    if (result) return result;
+  }
+  return null;
+}
+
+function parsePEP440(versionStr) {
+  if (!versionStr) return null;
+  const clean = versionStr.trim().replace(/^v/, '');
+  const parts = clean.split('.');
+  return {
+    major: parseInt(parts[0], 10) || 0,
+    minor: parseInt(parts[1], 10) || 0,
+    patch: parseInt(parts[2], 10) || 0,
+  };
+}
+
+function compareVersions(a, b) {
+  if (!a) return 1;
+  if (!b) return -1;
+  if (a.major !== b.major) return a.major - b.major;
+  if (a.minor !== b.minor) return a.minor - b.minor;
+  return a.patch - b.patch;
+}
+
+const STARLETTE_SAFE = parsePEP440('1.0.1');
+
+function isVulnerable(version) {
+  if (!version) return true;
+  const parsed = parsePEP440(version);
+  if (!parsed) return true;
+  return compareVersions(parsed, STARLETTE_SAFE) < 0;
+}
+
+function findStarletteInTOML(obj) {
+  if (!obj || typeof obj !== 'object') return null;
+
+  const sectionPaths = ['dependencies', 'project.dependencies', 'tool.poetry.dependencies'];
+  for (const path of sectionPaths) {
+    const parts = path.split('.');
+    let ptr = obj;
+    let found = true;
+    for (const p of parts) {
+      if (!ptr || typeof ptr !== 'object') { found = false; break; }
+      ptr = ptr[p];
+    }
+    if (!found || !ptr || typeof ptr !== 'object') continue;
+    for (const [key, val] of Object.entries(ptr)) {
+      if (key === 'starlette' || key === '"starlette"') {
+        const version = typeof val === 'string' ? val : (val?.version || null);
+        const specifier = typeof val === 'string' ? val : null;
+        return { name: 'starlette', version, specifier };
+      }
+    }
+  }
+  return null;
+}
+
+function parseTomlSimple(content) {
+  const result = {};
+  let currentSection = result;
+
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const sectionMatch = trimmed.match(/^\[([^\]]+)\]$/);
+    if (sectionMatch) {
+      const parts = sectionMatch[1].split('.');
+      let ptr = result;
+      for (const p of parts) {
+        const key = p.replace(/^"(.*)"$/, '$1').trim();
+        if (!ptr[key]) ptr[key] = {};
+        ptr = ptr[key];
+      }
+      currentSection = ptr;
+      continue;
+    }
+    const kvMatch = trimmed.match(/^([^=]+)=\s*(.+)$/);
+    if (!kvMatch) continue;
+    const key = kvMatch[1].trim().replace(/^"(.*)"$/, '$1');
+    let val = kvMatch[2].trim();
+    if (val.startsWith('"') && val.endsWith('"')) {
+      val = val.slice(1, -1);
+    } else if (val.startsWith("'") && val.endsWith("'")) {
+      val = val.slice(1, -1);
+    } else if (val.startsWith('^') || val.startsWith('~') || val.startsWith('>') || val.startsWith('<') || val.startsWith('=') || val.startsWith('!')) {
+      val = val.replace(/"/g, '');
+    }
+    currentSection[key] = val;
+  }
+
+  return result;
+}
+
+export function parsePyprojectToml(content) {
+  let obj;
+  try {
+    obj = JSON.parse(content);
+  } catch {
+    obj = parseTomlSimple(content);
+  }
+  return findStarletteInTOML(obj);
+}
+
+function parsePoetryLockEntry(content) {
+  const lines = content.split('\n');
+  let inStarlette = false;
+  let version = null;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith('[[package]]')) {
+      inStarlette = false;
+    }
+    if (trimmed.startsWith('name = "starlette"') || trimmed.startsWith("name = 'starlette'")) {
+      inStarlette = true;
+    }
+    if (inStarlette && trimmed.startsWith('version = ')) {
+      const match = trimmed.match(/version\s*=\s*["'](.+?)["']/);
+      if (match) version = match[1];
+    }
+    if (inStarlette && trimmed.startsWith('[[package]]') && trimmed !== '[[package]]') {
+      break;
+    }
+  }
+  if (version) {
+    return { name: 'starlette', version, specifier: `==${version}` };
+  }
+  return null;
+}
+
+export function parsePoetryLock(content) {
+  return parsePoetryLockEntry(content);
+}
+
+function parsePipfileEntry(content) {
+  try {
+    const obj = JSON.parse(content);
+    const packages = obj?.packages || {};
+    for (const [key, val] of Object.entries(packages)) {
+      if (key === 'starlette' || key === '"starlette"') {
+        const version = typeof val === 'string' ? val : null;
+        return { name: 'starlette', version, specifier: version || null };
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+export function parsePipfile(content) {
+  return parsePipfileEntry(content);
+}
+
+function parseSetupPyContent(content) {
+  const match = content.match(/install_requires\s*=\s*\[([^\]]+)\]/s);
+  if (!match) return null;
+  const block = match[1];
+  const lines = block.split(',').map(l => l.trim().replace(/["']/g, ''));
+  for (const line of lines) {
+    const clean = line.trim();
+    if (!clean) continue;
+    if (clean.startsWith('starlette')) {
+      const eqIdx = clean.indexOf('==');
+      const geIdx = clean.indexOf('>=');
+      const tildeIdx = clean.indexOf('~=');
+      const ltIdx = clean.indexOf('<');
+      let version = null;
+      let specifier = null;
+      if (eqIdx >= 0) { version = clean.slice(eqIdx + 2).trim(); specifier = `==${version}`; }
+      else if (geIdx >= 0) { version = clean.slice(geIdx + 2).split(',')[0].trim(); specifier = `>=${version}`; }
+      else if (tildeIdx >= 0) { version = clean.slice(tildeIdx + 2).trim(); specifier = `~=${version}`; }
+      else if (ltIdx >= 0) { version = clean.slice(ltIdx + 1).trim(); specifier = `<${version}`; }
+      else if (clean === 'starlette') { return { name: 'starlette', version: null, specifier: null }; }
+      return { name: 'starlette', version, specifier };
+    }
+  }
+  return null;
+}
+
+export function parseSetupPy(content) {
+  return parseSetupPyContent(content);
+}
+
+function parseSetupCfgContent(content) {
+  const lines = content.split('\n');
+  let inInstallRequires = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith('install_requires')) {
+      inInstallRequires = true;
+      continue;
+    }
+    if (inInstallRequires) {
+      if (trimmed.startsWith('[')) break;
+      if (trimmed.startsWith('starlette')) {
+        const eqIdx = trimmed.indexOf('==');
+        const geIdx = trimmed.indexOf('>=');
+        const tildeIdx = trimmed.indexOf('~=');
+        const ltIdx = trimmed.indexOf('<');
+        let version = null;
+        let specifier = null;
+        if (eqIdx >= 0) { version = trimmed.slice(eqIdx + 2).trim(); specifier = `==${version}`; }
+        else if (geIdx >= 0) { version = trimmed.slice(geIdx + 2).split(',')[0].trim(); specifier = `>=${version}`; }
+        else if (tildeIdx >= 0) { version = trimmed.slice(tildeIdx + 2).trim(); specifier = `~=${version}`; }
+        else if (ltIdx >= 0) { version = trimmed.slice(ltIdx + 1).trim(); specifier = `<${version}`; }
+        else if (trimmed === 'starlette') { return { name: 'starlette', version: null, specifier: null }; }
+        if (trimmed.startsWith('starlette')) {
+          return { name: 'starlette', version, specifier };
+        }
+      }
+    }
+  }
+  return null;
+}
+
+export function parseSetupCfg(content) {
+  return parseSetupCfgContent(content);
+}
+
+export function scanFiles(allFiles) {
+  const findings = [];
+
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let result = null;
+
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      result = parseRequirementsTxt(content);
+    } else if (path === 'pyproject.toml') {
+      result = parsePyprojectToml(content);
+    } else if (path === 'poetry.lock') {
+      result = parsePoetryLock(content);
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      result = parsePipfile(content);
+    } else if (path === 'setup.py') {
+      result = parseSetupPy(content);
+    } else if (path === 'setup.cfg') {
+      result = parseSetupCfg(content);
+    }
+
+    if (!result) continue;
+
+    if (result.version === null && result.specifier === null) {
+      findings.push(directDependencyUnpinnedFinding());
+    } else if (isVulnerable(result.version)) {
+      findings.push(directDependencyFinding(result.version, result.specifier || 'unknown'));
+    }
+  }
+
+  return findings;
+}

package/backend/detectors/cve-2026-48710-badhost/transitive.js

@@ -0,0 +1,189 @@
+import { transitiveDependencyFinding } from './findings.js';
+import { parseRequirementsTxt, parsePyprojectToml, parsePoetryLock, parsePipfile, parseSetupPy, parseSetupCfg } from './manifest.js';
+
+const TIER_1_PACKAGES = [
+  'fastapi',
+  'vllm',
+  'litellm',
+  'bentoml',
+  'text-generation-inference',
+  'ray-serve',
+  'ray[serve]',
+];
+
+const TIER_2_PACKAGES = [
+  'langserve',
+  'fastapi-mcp',
+  'mcp',
+  'starlette-admin',
+  'piccolo-api',
+  'fastapi-users',
+  'broadcaster',
+];
+
+function normalizePkgName(name) {
+  return name.replace(/["'\[\]]/g, '').trim().toLowerCase();
+}
+
+function findPackagesInManifests(allFiles) {
+  const packages = new Set();
+
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let deps = [];
+
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      const lines = content.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) continue;
+        const idx = trimmed.indexOf('#');
+        const spec = idx >= 0 ? trimmed.slice(0, idx).trim() : trimmed;
+        const eqIdx = spec.indexOf('==');
+        const geIdx = spec.indexOf('>=');
+        const name = eqIdx >= 0 ? spec.slice(0, eqIdx).trim() : (geIdx >= 0 ? spec.slice(0, geIdx).trim() : spec);
+        if (name && !name.includes('=') && !name.includes('<') && !name.includes('>')) {
+          deps.push(normalizePkgName(name));
+        }
+      }
+    } else if (path === 'pyproject.toml') {
+      try {
+        const obj = JSON.parse(content);
+        const allDeps = { ...(obj?.tool?.poetry?.dependencies || {}), ...(obj?.dependencies || {}), ...(obj?.['dev-dependencies'] || {}) };
+        for (const key of Object.keys(allDeps)) {
+          deps.push(normalizePkgName(key));
+        }
+      } catch {}
+    } else if (path === 'poetry.lock') {
+      const pattern = /name\s*=\s*["']([^"']+)["']/g;
+      let m;
+      while ((m = pattern.exec(content)) !== null) {
+        deps.push(normalizePkgName(m[1]));
+      }
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      try {
+        const obj = JSON.parse(content);
+        for (const key of Object.keys(obj?.packages || {})) {
+          deps.push(normalizePkgName(key));
+        }
+      } catch {}
+    }
+    for (const dep of deps) packages.add(dep);
+  }
+
+  return packages;
+}
+
+function hasStarlettePin(allFiles) {
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let result = null;
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      result = parseRequirementsTxt(content);
+    } else if (path === 'pyproject.toml') {
+      result = parsePyprojectToml(content);
+    } else if (path === 'poetry.lock') {
+      result = parsePoetryLock(content);
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      result = parsePipfile(content);
+    } else if (path === 'setup.py') {
+      result = parseSetupPy(content);
+    } else if (path === 'setup.cfg') {
+      result = parseSetupCfg(content);
+    }
+
+    if (result) {
+      if (result.version === null && result.specifier === null) return false;
+      const parsed = parsePEP440(result.version);
+      const safe = parsePEP440('1.0.1');
+      if (parsed && compareVersions(parsed, safe) >= 0) return true;
+    }
+  }
+
+  return false;
+}
+
+function parsePEP440(versionStr) {
+  if (!versionStr) return null;
+  const clean = versionStr.trim().replace(/^v/, '');
+  const parts = clean.split('.');
+  return {
+    major: parseInt(parts[0], 10) || 0,
+    minor: parseInt(parts[1], 10) || 0,
+    patch: parseInt(parts[2], 10) || 0,
+  };
+}
+
+function compareVersions(a, b) {
+  if (!a) return 1;
+  if (!b) return -1;
+  if (a.major !== b.major) return a.major - b.major;
+  if (a.minor !== b.minor) return a.minor - b.minor;
+  return a.patch - b.patch;
+}
+
+export function scanTransitive(allFiles) {
+  const findings = [];
+
+  if (!allFiles || allFiles.length === 0) return findings;
+
+  const packages = findPackagesInManifests(allFiles);
+
+  if (hasStarlettePin(allFiles)) return findings;
+
+  const handled = new Set();
+
+  for (const pkg of packages) {
+    if (TIER_1_PACKAGES.includes(pkg)) {
+      handled.add(pkg);
+      if (pkg === 'fastapi') {
+        const version = findFastapiVersion(allFiles);
+        if (version) {
+          const parsed = parsePEP440(version);
+          const safeFastapi = parsePEP440('0.116.0');
+          if (parsed && compareVersions(parsed, safeFastapi) >= 0) continue;
+        }
+      }
+      findings.push(transitiveDependencyFinding(pkg, 1));
+      break;
+    }
+  }
+
+  if (findings.length === 0) {
+    for (const pkg of packages) {
+      if (handled.has(pkg)) continue;
+      if (TIER_2_PACKAGES.includes(pkg)) {
+        findings.push(transitiveDependencyFinding(pkg, 2));
+        break;
+      }
+    }
+  }
+
+  return findings;
+}
+
+function findFastapiVersion(allFiles) {
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      const lines = content.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) continue;
+        if (trimmed.startsWith('fastapi')) {
+          const eqIdx = trimmed.indexOf('==');
+          if (eqIdx >= 0) return trimmed.slice(eqIdx + 2).trim();
+        }
+      }
+    }
+  }
+  return null;
+}

package/backend/detectors/index.js

@@ -12,6 +12,7 @@ import * as atk011 from './atk-011-transitive-prop.js';
 import { scanAll as megalodonScan } from './megalodon/index.js';
 import { scan as hfScan } from './hf-impersonation/index.js';
 import { scan as miniShaiHuludScan } from './mini-shai-hulud/index.js';
+import { scan as badhostScan } from './cve-2026-48710-badhost/index.js';
 
 export async function runAll(pkgJson, files = [], registryMeta = null, allFiles = null) {
   const findings = [];
@@ -29,5 +30,6 @@ export async function runAll(pkgJson, files = [], registryMeta = null, allFiles
   findings.push(...await megalodonScan(pkgJson, allFiles || files, registryMeta));
   findings.push(...await hfScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await miniShaiHuludScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await badhostScan(pkgJson, files, registryMeta, allFiles || files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/backend/detectors/mini-shai-hulud/d5-ioc-check.js

@@ -43,7 +43,7 @@ export async function checkIOC(pkgName, pkgVersion, sha512, publisherAccount, ti
 
   for (const waveKey of Object.keys(data.waves || {})) {
     const wave = data.waves[waveKey];
-    const waveNum = waveKey === 'wave1' ? 1 : 2;
+    const waveNum = waveKey === 'wave1' ? 1 : waveKey === 'wave2' ? 2 : 3;
     for (const ioc of (wave.iocs || [])) {
       allIOCs.push({ ...ioc, wave: waveNum });
     }

package/backend/detectors/mini-shai-hulud/index.js

@@ -28,6 +28,8 @@ export async function scan(pkgJson, files = [], registryMeta = null, allFiles =
     slsaResult = await checkSlsaMismatch(pkgName, pkgVersion, burstResult, timeMap, config);
   }
 
+  const nxDownstreamResult = checkNxConsoleDownstream(pkgJson, allFiles || files);
+
   const triggeredChecks = [];
   if (burstResult.triggered) triggeredChecks.push('D1_BURST');
   if (siblingResult.triggered) triggeredChecks.push('D2_SIBLING');
@@ -35,6 +37,7 @@ export async function scan(pkgJson, files = [], registryMeta = null, allFiles =
   if (maintainerResult.triggered) triggeredChecks.push('D4_MAINTAINER');
   if (iocResult.triggered) triggeredChecks.push('D5_IOC');
   if (exfilResult.triggered) triggeredChecks.push('D6_EXFIL');
+  if (nxDownstreamResult.triggered) triggeredChecks.push('D7_NX_CONSOLE');
 
   if (triggeredChecks.length === 0) return [];
 
@@ -43,14 +46,16 @@ export async function scan(pkgJson, files = [], registryMeta = null, allFiles =
     waveAttribution = 'wave1-tanstack';
   } else if (pkgName.startsWith('@antv')) {
     waveAttribution = 'wave2-antv';
+  } else if (nxDownstreamResult.triggered) {
+    waveAttribution = 'wave3-nx-console';
   } else if (iocResult.matches && iocResult.matches.length > 0) {
     const waves = [...new Set(iocResult.matches.map(m => m.wave))];
     if (waves.length === 1) {
-      waveAttribution = waves[0] === 1 ? 'wave1-tanstack' : 'wave2-antv';
+      waveAttribution = waves[0] === 1 ? 'wave1-tanstack' : waves[0] === 2 ? 'wave2-antv' : 'wave3-nx-console';
     }
   }
 
-  const isCritical = slsaResult.triggered || iocResult.triggered;
+  const isCritical = slsaResult.triggered || iocResult.triggered || nxDownstreamResult.triggered;
 
   const evidence = {
     campaign: 'MINI_SHAI_HULUD',
@@ -65,6 +70,9 @@ export async function scan(pkgJson, files = [], registryMeta = null, allFiles =
     attestationAnomalies: slsaResult.triggered ? slsaResult.anomalies : null,
     iocMatches: iocResult.triggered ? iocResult.matches : null,
     installScriptSnippets: exfilResult.triggered ? exfilResult.snippets : null,
+    nxConsoleDownstream: nxDownstreamResult.triggered
+      ? { nxDeps: nxDownstreamResult.nxDeps, vsCodeExtensions: nxDownstreamResult.vsCodeExtensions }
+      : null,
   };
 
   return [{
@@ -73,8 +81,38 @@ export async function scan(pkgJson, files = [], registryMeta = null, allFiles =
     title: 'Mini Shai-Hulud worm campaign',
     description: `${triggeredChecks.length} signal(s): ${triggeredChecks.join(', ')}`,
     evidence: JSON.stringify(evidence),
-    mitigation: 'Revoke all npm tokens immediately. Rotate CI/CD secrets. Audit maintainer access on all scoped packages. Review recent version publish history for anomalous bursts. Check for postinstall scripts accessing credentials or environment variables. If Wave 1 (TanStack scope): inspect GitHub Actions workflow logs for unauthorized build steps. If Wave 2 (atool/AntV scope): rotate all npm tokens associated with @antv/* packages.',
+    mitigation: 'Revoke all npm tokens immediately. Rotate CI/CD secrets. Audit maintainer access on all scoped packages. Review recent version publish history for anomalous bursts. Check for postinstall scripts accessing credentials or environment variables. If Wave 1 (TanStack scope): inspect GitHub Actions workflow logs for unauthorized build steps. If Wave 2 (atool/AntV scope): rotate all npm tokens associated with @antv/* packages. If Wave 3 (Nx Console): remove nrwl.angular-console extension immediately, revoke all npm tokens used in CI/CD, and audit @nx/* dependency versions.',
   }];
 }
 
+function checkNxConsoleDownstream(pkgJson, allFiles) {
+  const deps = { ...pkgJson?.dependencies, ...pkgJson?.devDependencies, ...pkgJson?.peerDependencies };
+  const nxDeps = Object.keys(deps).filter(d => d.startsWith('@nx/') || d.startsWith('nrwl/'));
+  if (nxDeps.length === 0) return { triggered: false, nxDeps: [], vsCodeExtensions: [] };
+
+  let vsCodeExtensions = [];
+  if (allFiles && Array.isArray(allFiles)) {
+    for (const file of allFiles) {
+      if (file.path && (file.path.endsWith('.vscode/extensions.json') || file.path.endsWith('.vscode/extensions.json'))) {
+        try {
+          const content = typeof file.content === 'string' ? file.content : '';
+          const parsed = JSON.parse(content);
+          const allExts = [
+            ...(parsed.recommendations || []),
+            ...(parsed.unwantedRecommendations || []),
+          ];
+          const matched = allExts.filter(e => e.includes('nrwl.angular-console'));
+          if (matched.length > 0) {
+            vsCodeExtensions = matched;
+          }
+        } catch {
+          // non-JSON extensions.json, skip
+        }
+      }
+    }
+  }
+
+  return { triggered: true, nxDeps, vsCodeExtensions };
+}
+
 export { clearSiblingCache } from './d2-sibling-compromise.js';

package/backend/detectors/mini-shai-hulud/iocs.json

@@ -33,6 +33,38 @@
           "notes": "Blast radius: @antv/g2, @antv/g6, @antv/x6, @antv/l7, echarts-for-react, timeago.js. Seed IOC — update from threat intel."
         }
       ]
+    },
+    "wave3": {
+      "id": "nx-console-wave3",
+      "description": "Nx Console 18.95.0 VS Code extension compromise (May 18, 2026, CVE-2026-48027, TeamPCP) — contributor token stolen via TanStack wave1 (May 11), 7-day dwell, malicious extension published using npx to fetch 498KB obfuscated Bun payload from dangling orphan commit on nrwl/nx repo. ~3M installs exposed.",
+      "windowMinutes": 36,
+      "iocs": [
+        {
+          "type": "extensionId",
+          "value": "nrwl.angular-console",
+          "maliciousVersionRanges": ["18.95.0"],
+          "notes": "Nx Console v18.95.0 — malicious VS Code extension. CVE-2026-48027. Exposure window: 11 min on Marketplace, 36 min on Open VSX."
+        },
+        {
+          "type": "publisherAccount",
+          "value": "nrwl",
+          "compromiseWindowStart": "2026-05-11T00:00:00.000Z",
+          "compromiseWindowEnd": "2026-05-18T13:09:00.000Z",
+          "notes": "Nx contributor token stolen via TanStack wave1 on May 11; 7-day dwell before publishing malicious extension on May 18."
+        },
+        {
+          "type": "packageScope",
+          "value": "@nx",
+          "maliciousVersionRanges": [],
+          "notes": "NX_CONSOLE_DOWNSTREAM: npm packages under @nx scope deployed by compromised Nx contributor. Check for versions published within 7 days of 2026-05-18."
+        },
+        {
+          "type": "packageScope",
+          "value": "nrwl",
+          "maliciousVersionRanges": [],
+          "notes": "NX_CONSOLE_DOWNSTREAM: nrwl-scoped npm packages — monitor for anomalous burst publishing."
+        }
+      ]
     }
   },
   "iocs": [