@lateos/npm-scan 0.15.4 → 0.15.6

package/backend/vsix-scan/detectors/activation-event-risk.js

@@ -0,0 +1,116 @@
+const ACTIVATION_RISK_MATRIX = {
+  '*': { base: 'critical', label: 'Wildcard (all files)' },
+  'onStartupFinished': { base: 'high', label: 'Startup finished' },
+  'workspaceContains:**/*': { base: 'high', label: 'Workspace contains wildcard' },
+  'workspaceContains': { base: 'high', label: 'Workspace contains' },
+  'onCommand:*': { base: 'low', label: 'Any command' },
+};
+
+const DEFAULT_BASE_RISK = 'medium';
+
+const ESCALATION_KEYWORDS = [
+  'npx', 'bun', 'curl', 'wget', 'fetch(',
+  'exec(', 'spawn(', 'execSync', 'spawnSync',
+  'child_process', 'shell: true', 'detached: true',
+];
+
+const BUNDLED_BUN_PATTERN = /bun|runtime/;
+
+const SIZE_DELTA_THRESHOLD = 400 * 1024;
+
+const SHELL_CMDS = ['npx', 'bun', 'curl', 'wget', 'exec', 'spawn', 'execSync'];
+
+export async function checkActivationEventRisk(extensionManifest, versionHistory = [], priorVersions = []) {
+  const signals = [];
+
+  const activationEvents = extensionManifest?.activationEvents || [];
+  if (activationEvents.length === 0 && extensionManifest?.main) {
+    return { triggered: false, signals: [], riskLevel: null, why: [] };
+  }
+
+  let maxBaseRisk = 0;
+  const riskLabels = ['none', 'low', 'medium', 'high', 'critical'];
+  const riskValues = { none: 0, low: 1, medium: 2, high: 3, critical: 4 };
+
+  let worstEvent = null;
+  const why = [];
+
+  for (const event of activationEvents) {
+    const risk = ACTIVATION_RISK_MATRIX[event];
+    if (risk) {
+      const baseIdx = riskValues[risk.base] || riskValues[DEFAULT_BASE_RISK];
+      if (baseIdx > maxBaseRisk) {
+        maxBaseRisk = baseIdx;
+        worstEvent = event;
+      }
+    } else if (event.includes('*') && event !== 'onCommand:*') {
+      const baseIdx = riskValues['high'];
+      if (baseIdx > maxBaseRisk) {
+        maxBaseRisk = baseIdx;
+        worstEvent = event;
+      }
+    }
+  }
+
+  const contributes = extensionManifest?.contributes || {};
+  const commands = contributes?.commands || [];
+  const cmdTitles = commands.map(c => (c.title || '').toLowerCase()).join(' ');
+
+  const bundledDeps = extensionManifest?.bundledDependencies || [];
+  const bundledStr = Array.isArray(bundledDeps) ? bundledDeps.join(' ') : '';
+
+  const hasShellKeyword = SHELL_CMDS.some(cmd => cmdTitles.includes(cmd));
+  const hasBunBundled = BUNDLED_BUN_PATTERN.test(bundledStr);
+
+  const activationEventsStr = activationEvents.join(' ');
+  const hasShellInActivationContext = ESCALATION_KEYWORDS.some(kw => activationEventsStr.toLowerCase().includes(kw.toLowerCase()));
+
+  let escalateToCritical = false;
+
+  if (hasShellKeyword || hasBunBundled || hasShellInActivationContext) {
+    escalateToCritical = true;
+    why.push('HIGH activation event + shell/execution keywords');
+  }
+
+  if (versionHistory.length >= 2) {
+    const sizes = versionHistory
+      .filter(v => v.assetSize)
+      .map(v => v.assetSize)
+      .sort((a, b) => b - a);
+
+    if (sizes.length >= 2 && (sizes[0] - sizes[sizes.length - 1]) > SIZE_DELTA_THRESHOLD) {
+      escalateToCritical = true;
+      why.push(`HIGH activation event + version size delta > ${SIZE_DELTA_THRESHOLD} bytes`);
+    }
+  }
+
+  const priorActivationEvents = priorVersions
+    .filter(v => v.activationEvents)
+    .flatMap(v => v.activationEvents);
+
+  if (priorActivationEvents.length > 0) {
+    const newEvents = activationEvents.filter(e => !priorActivationEvents.includes(e));
+    if (newEvents.length > 0) {
+      why.push(`First-time activation event(s) added: ${newEvents.join(', ')}`);
+      if (!escalateToCritical && maxBaseRisk >= riskValues['high']) {
+        escalateToCritical = true;
+      }
+    }
+  }
+
+  let riskLevel = maxBaseRisk > 0 ? riskLabels[maxBaseRisk] : null;
+  if (escalateToCritical && riskValues[riskLevel] <= riskValues['high']) {
+    riskLevel = 'critical';
+  }
+
+  if (!riskLevel) return { triggered: false, signals: [], riskLevel: null, why: [] };
+
+  signals.push({
+    type: 'ACTIVATION_EVENT_RISK',
+    activationEvents,
+    riskLevel,
+    why,
+  });
+
+  return { triggered: true, signals, riskLevel, why };
+}

package/backend/vsix-scan/detectors/burst-publish.js

@@ -0,0 +1,52 @@
+export async function checkBurstPublish(versionHistory, config = {}) {
+  const windowMinutes = config.burstWindowMinutes ?? 30;
+  const threshold = config.burstVersionThreshold ?? 2;
+  const hotPullMinutes = config.hotPullMinutes ?? 20;
+
+  const entries = versionHistory
+    .filter(v => v.publishedAt)
+    .map(v => ({ version: v.version, time: new Date(v.publishedAt).getTime() }))
+    .filter(e => !Number.isNaN(e.time))
+    .sort((a, b) => a.time - b.time);
+
+  if (entries.length < threshold) return { triggered: false };
+
+  const windowMs = windowMinutes * 60 * 1000;
+  let burstFound = false;
+  let burstWindowStart = null;
+  let burstWindowEnd = null;
+  let burstVersionCount = 0;
+  let burstVersions = [];
+
+  for (let i = 0; i < entries.length; i++) {
+    const start = entries[i].time;
+    const end = start + windowMs;
+    const inWindow = entries.filter(e => e.time >= start && e.time <= end);
+
+    if (inWindow.length >= threshold) {
+      burstFound = true;
+      burstWindowStart = new Date(start).toISOString();
+      burstWindowEnd = new Date(end).toISOString();
+      burstVersionCount = inWindow.length;
+      burstVersions = inWindow.map(e => e.version);
+      break;
+    }
+  }
+
+  let hotPullDetected = false;
+  for (let i = 1; i < entries.length; i++) {
+    const gapMinutes = (entries[i].time - entries[i - 1].time) / (1000 * 60);
+    if (gapMinutes > 0 && gapMinutes < hotPullMinutes) {
+      hotPullDetected = true;
+      break;
+    }
+  }
+
+  return {
+    triggered: burstFound || hotPullDetected,
+    burstWindow: burstFound
+      ? { start: burstWindowStart, end: burstWindowEnd, versionCount: burstVersionCount, versions: burstVersions }
+      : null,
+    hotPullDetected,
+  };
+}

package/backend/vsix-scan/detectors/exfil-pattern.js

@@ -0,0 +1,88 @@
+const CREDENTIAL_FILE_PATTERNS = [
+  /~\/\.npmrc/,
+  /~\/\.gitconfig/,
+  /~\/\.aws\/credentials/,
+  /~\/\.ssh\/id_\w+/,
+  /~\/\.vault-token/,
+  /~\/\.claude\/settings\.json/,
+  /~\/Library\/Application\s+Support\/1Password\//,
+  /\/etc\/vault\/token/,
+  /\/proc\/\*\/mem/,
+  /\$GITHUB_ENV/,
+  /\$GITHUB_TOKEN/,
+  /\$NPM_TOKEN/,
+  /\$NODE_AUTH_TOKEN/,
+  /GH_TOKEN/,
+];
+
+const EXFIL_CHANNEL_PATTERNS = [
+  /(?:[a-z0-9_-]{40,})\.[a-z0-9_-]+\.(?:com|io|org|net|app|dev|xyz)(?:\/[^\s"')\]]{0,50})?/i,
+  /\/gists\b.*authorization/i,
+  /\/repos\/[^/]+\/[^/]+\/git\/refs/i,
+  /AES-256-GCM/,
+  /RSA\/(?:PKCS|OAEP)/,
+];
+
+const ANTI_ANALYSIS_PATTERNS = [
+  { pattern: /os\.cpus\(\)\.length\s*<\s*4/, label: 'CPU core count check (< 4)' },
+  { pattern: /Intl\.DateTimeFormat.*(?:timeZone|locale)/, label: 'Timezone/locale check' },
+  { pattern: /Intl\.DateTimeFormat.*\b(?:ru|rus|kz|by|cn|cns)\b/i, label: 'CIS/locale filtering' },
+  { pattern: /\bspawn\(\s*[^,]+,\s*\{[^}]*detached:\s*true\s*\}/, label: 'Detached process spawn' },
+  { pattern: /\bBUN_INSTALL\b/, label: 'BUN_INSTALL env reference' },
+  { pattern: /~\/\.bun\/bin\/bun/, label: 'Bun binary path' },
+  { pattern: /\bBun\.file\(/, label: 'Bun.file() API' },
+  { pattern: /\bBun\.serve\(/, label: 'Bun.serve() API' },
+];
+
+function truncateSnippet(str, maxLen = 200) {
+  if (!str || str.length <= maxLen) return str || '';
+  return str.slice(0, maxLen) + '...';
+}
+
+export async function checkExfilPattern(extensionFiles = []) {
+  const signals = [];
+  const exfilPatterns = [];
+  const antiAnalysisTechniques = [];
+
+  for (const file of extensionFiles) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    for (const cp of CREDENTIAL_FILE_PATTERNS) {
+      const match = content.match(cp);
+      if (match) {
+        const snippet = truncateSnippet(match[0]);
+        if (!exfilPatterns.some(e => e.includes(snippet))) {
+          exfilPatterns.push(`${path}: ${snippet}`);
+          signals.push({ type: 'CREDENTIAL_FILE_TARGET', pattern: cp.source, file: path });
+        }
+      }
+    }
+
+    for (const ep of EXFIL_CHANNEL_PATTERNS) {
+      const match = content.match(ep);
+      if (match) {
+        const snippet = truncateSnippet(match[0]);
+        exfilPatterns.push(`${path}: ${snippet}`);
+        signals.push({ type: 'EXFIL_CHANNEL', pattern: ep.source, file: path });
+      }
+    }
+
+    for (const ap of ANTI_ANALYSIS_PATTERNS) {
+      if (ap.pattern.test(content)) {
+        if (!antiAnalysisTechniques.includes(ap.label)) {
+          antiAnalysisTechniques.push(ap.label);
+          signals.push({ type: 'ANTI_ANALYSIS', technique: ap.label, file: path });
+        }
+      }
+    }
+  }
+
+  return {
+    triggered: signals.length > 0,
+    signals,
+    exfilPatterns,
+    antiAnalysisTechniques,
+  };
+}

package/backend/vsix-scan/detectors/known-ioc.js

@@ -0,0 +1,105 @@
+import { readFileSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+let iocsData = null;
+let iocsLoaded = false;
+let iocLoadError = null;
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const IOC_PATH = join(__dirname, '..', 'vsix-iocs.json');
+
+function loadIOCData() {
+  if (iocsLoaded) return iocsData;
+  iocsLoaded = true;
+  try {
+    iocsData = JSON.parse(readFileSync(IOC_PATH, 'utf8'));
+  } catch (err) {
+    iocLoadError = err;
+    iocsData = null;
+  }
+  return iocsData;
+}
+
+export function getIOCLoadError() {
+  return iocLoadError;
+}
+
+export function reloadIOCData() {
+  iocsLoaded = false;
+  iocLoadError = null;
+  return loadIOCData();
+}
+
+export async function checkKnownIOC(extensionId, version, publisherAccount, orphanCommits = [], versionHistory = []) {
+  const data = loadIOCData();
+  if (!data) return { triggered: false, matches: [] };
+
+  const matches = [];
+  const iocs = data.iocs || [];
+
+  for (const ioc of iocs) {
+    switch (ioc.type) {
+      case 'extensionId': {
+        if (ioc.value === extensionId) {
+          if (!ioc.maliciousVersions || ioc.maliciousVersions.length === 0 || ioc.maliciousVersions.includes(version)) {
+            matches.push({
+              type: 'extensionId',
+              value: extensionId,
+              maliciousVersion: version,
+              wave: ioc.wave,
+              cve: ioc.cve,
+              exposureWindowStart: ioc.exposureWindowStart,
+              exposureWindowEnd: ioc.exposureWindowEnd,
+            });
+          }
+        }
+        break;
+      }
+
+      case 'publisherAccount': {
+        if (ioc.value === publisherAccount) {
+          const pubTime = versionHistory.length > 0
+            ? new Date(versionHistory[versionHistory.length - 1]?.publishedAt).getTime()
+            : null;
+
+          const windowStart = new Date(ioc.compromiseWindowStart).getTime();
+          const windowEnd = ioc.compromiseWindowEnd
+            ? new Date(ioc.compromiseWindowEnd).getTime()
+            : Infinity;
+
+          if (pubTime && !Number.isNaN(pubTime) && pubTime >= windowStart && pubTime <= windowEnd) {
+            matches.push({
+              type: 'publisherAccount',
+              value: publisherAccount,
+              wave: ioc.wave,
+              compromiseWindowStart: ioc.compromiseWindowStart,
+              compromiseWindowEnd: ioc.compromiseWindowEnd,
+            });
+          }
+        }
+        break;
+      }
+
+      case 'orphanCommitHash': {
+        for (const commit of orphanCommits) {
+          if (ioc.value === commit || (ioc.value === 'PLACEHOLDER_UPDATE_FROM_THREAT_INTEL')) {
+            continue;
+          }
+          if (ioc.value && commit && ioc.value.toLowerCase() === commit.toLowerCase()) {
+            matches.push({
+              type: 'orphanCommitHash',
+              value: commit,
+              repo: ioc.repo,
+              wave: ioc.wave,
+            });
+          }
+        }
+        break;
+      }
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/vsix-scan/detectors/orphan-commit-fetch.js

@@ -0,0 +1,69 @@
+const GITHUB_COMMIT_SHA_PATTERN = /api\.github\.com\/repos\/[^/]+\/[^/]+\/git\/commits\/[a-f0-9]{40}/;
+const NPX_GIT_URL_PATTERN = /npx\s+.*github\.com.*#[a-f0-9]{8,}/;
+const MCP_KEYWORDS = ['mcp', 'model-context-protocol', 'claude', 'setup', 'init'];
+const EXTERNAL_FETCH_PATTERN = /(?:https?:\/\/)[^\s"')\]]+(?:\.com|\.io|\.org|\.dev|\.app|\.net)[^\s"')\]]*/;
+const NON_NPMJS_FETCH = /(?:fetch|curl|wget)\s*\(?\s*["']https?:\/\/(?!(?:.*npmjs\.org|.*npm\.js\.org|.*github\.com))[^"']+/;
+const BUN_PATTERNS = [/bun\s+install/, /install\s+.*bun/, /\bbunx\b/, /\.bun\/bin\//];
+const NPX_GIT_SHORT = /npx\s+.*github\.com.*#[a-f0-9]{8,}/;
+
+export async function checkOrphanCommitFetch(extensionFiles = []) {
+  const signals = [];
+  const indicators = [];
+
+  for (const file of extensionFiles) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    if (GITHUB_COMMIT_SHA_PATTERN.test(content)) {
+      const matches = content.match(GITHUB_COMMIT_SHA_PATTERN);
+      if (matches) {
+        indicators.push(`${path}: GitHub git commit SHA reference`);
+        signals.push({
+          type: 'ORPHAN_COMMIT_GITHUB_API',
+          indicator: 'GitHub API direct commit SHA resolution',
+          file: path,
+        });
+      }
+    }
+
+    if (NPX_GIT_URL_PATTERN.test(content)) {
+      const matches = content.match(NPX_GIT_URL_PATTERN);
+      if (matches) {
+        indicators.push(`${path}: npx with git URL`);
+        signals.push({
+          type: 'NPX_GIT_URL',
+          indicator: 'npx resolves from git URL (non-registry)',
+          file: path,
+        });
+      }
+    }
+
+    const hasMCPKeywords = MCP_KEYWORDS.some(kw =>
+        new RegExp(`\\b${kw}\\b`, 'i').test(content));
+    const hasExternalFetch = NON_NPMJS_FETCH.test(content);
+
+    if (hasMCPKeywords && hasExternalFetch) {
+      indicators.push(`${path}: MCP-adjacent keywords + external fetch`);
+      signals.push({
+        type: 'MCP_DISGUISED_EXFIL',
+        indicator: 'Shell command disguised as MCP setup',
+        file: path,
+      });
+    }
+
+    for (const bp of BUN_PATTERNS) {
+      if (bp.test(content)) {
+        indicators.push(`${path}: Bun installation pattern`);
+        signals.push({
+          type: 'BUN_INSTALL',
+          indicator: `Bun runtime install pattern: ${bp.source}`,
+          file: path,
+        });
+        break;
+      }
+    }
+  }
+
+  return { triggered: signals.length > 0, signals, indicators };
+}

package/backend/vsix-scan/detectors/publisher-anomaly.js

@@ -0,0 +1,70 @@
+export async function checkPublisherAnomaly(extensionMetadata, publisherProfile, versionHistory, config = {}) {
+  const signals = [];
+
+  const crossNamespaceThreshold = config.crossNamespaceThreshold ?? 3;
+  const crossNamespaceDays = config.crossNamespaceDays ?? 14;
+  const newAccountAgeDays = config.newAccountAgeDays ?? 30;
+  const highInstallThreshold = config.highInstallThreshold ?? 100000;
+  const addPublishWindowMinutes = config.addPublishWindowMinutes ?? 15;
+
+  const versions = versionHistory || [];
+  if (versions.length === 0) return { triggered: false, signals: [] };
+
+  const publishers = [...new Set(versions.map(v => v.publishedBy).filter(Boolean))];
+  if (publishers.length === 0) return { triggered: false, signals: [] };
+
+  const sortedVersions = [...versions]
+    .filter(v => v.publishedAt)
+    .sort((a, b) => new Date(a.publishedAt) - new Date(b.publishedAt));
+
+  const extPublisher = publishers[0];
+  const allSame = publishers.every(p => p === extPublisher);
+
+  if (!allSame) {
+    for (const pub of publishers) {
+      if (pub !== extPublisher) {
+        signals.push({
+          type: 'PUBLISHER_ACCOUNT_SUBSTITUTION',
+          expectedPublisher: extPublisher,
+          unexpectedPublisher: pub,
+        });
+      }
+    }
+  }
+
+  const extInstallCount = extensionMetadata?.statistics?.find(s => s.statisticName === 'install')?.value || 0;
+
+  const extAgeDays = publisherProfile?.dateCreated
+    ? (Date.now() - new Date(publisherProfile.dateCreated).getTime()) / (1000 * 60 * 60 * 24)
+    : null;
+
+  if (extAgeDays !== null && extAgeDays < newAccountAgeDays && extInstallCount >= highInstallThreshold) {
+    signals.push({
+      type: 'NEW_ACCOUNT_HIGH_INSTALL',
+      accountAgeDays: Math.round(extAgeDays),
+      installCount: extInstallCount,
+    });
+  }
+
+  if (sortedVersions.length >= 2) {
+    const sorted = sortedVersions;
+    for (let i = 1; i < sorted.length; i++) {
+      const prev = sorted[i - 1];
+      const curr = sorted[i];
+      if (curr.publishedBy !== prev.publishedBy) {
+        const gapMinutes = (new Date(curr.publishedAt) - new Date(prev.publishedAt)) / (1000 * 60);
+        if (gapMinutes <= addPublishWindowMinutes) {
+          signals.push({
+            type: 'ADD_PUBLISH_RAPID',
+            version: curr.version,
+            previousPublisher: prev.publishedBy,
+            newPublisher: curr.publishedBy,
+            gapMinutes: Math.round(gapMinutes * 100) / 100,
+          });
+        }
+      }
+    }
+  }
+
+  return { triggered: signals.length > 0, signals };
+}

package/backend/vsix-scan/index.js

@@ -0,0 +1,183 @@
+import { checkBurstPublish } from './detectors/burst-publish.js';
+import { checkPublisherAnomaly } from './detectors/publisher-anomaly.js';
+import { checkActivationEventRisk } from './detectors/activation-event-risk.js';
+import { checkOrphanCommitFetch } from './detectors/orphan-commit-fetch.js';
+import { checkKnownIOC } from './detectors/known-ioc.js';
+import { checkExfilPattern } from './detectors/exfil-pattern.js';
+import { getExtensionMetadata, getVersionHistory, getPublisherProfile, getOpenVsxMetadata, getOpenVsxVersionHistory } from './marketplace-client.js';
+
+const SEVERITY_SCORE = { none: 0, low: 1, medium: 2, high: 3, critical: 4 };
+const SEVERITY_LABELS = ['none', 'low', 'medium', 'high', 'critical'];
+
+export async function vsixScan(extensionId, options = {}) {
+  const { publisherId, extensionName } = parseExtensionId(extensionId);
+
+  const marketplaceMeta = options.marketplaceMeta || (options.skipNetwork ? null : await getExtensionMetadata(publisherId, extensionName));
+  const marketplaceVersions = options.marketplaceVersions || (marketplaceMeta ? await getVersionHistory(publisherId, extensionName) : []);
+  const openVsxVersions = options.openVsxVersions || (options.skipNetwork ? [] : await getOpenVsxVersionHistory(publisherId, extensionName));
+  const publisherProfile = options.publisherProfile || (options.skipNetwork ? null : await getPublisherProfile(publisherId));
+
+  const allVersions = mergeVersionHistories(marketplaceVersions, openVsxVersions);
+  const manifest = options.manifest || extractManifest(marketplaceMeta, extensionId);
+
+  const config = options.config || {};
+
+  const activationResult = await checkActivationEventRisk(
+    manifest,
+    allVersions,
+    options.priorVersions || [],
+  );
+
+  const burstResult = await checkBurstPublish(allVersions, config);
+
+  const publisherResult = await checkPublisherAnomaly(
+    manifest || {},
+    publisherProfile || {},
+    allVersions,
+    config,
+  );
+
+  const orphanResult = await checkOrphanCommitFetch(options.extensionFiles || []);
+
+  const iocResult = await checkKnownIOC(
+    extensionId,
+    options.version || (allVersions.length > 0 ? allVersions[allVersions.length - 1].version : 'unknown'),
+    publisherId,
+    orphanResult.signals
+      .filter(s => s.type === 'ORPHAN_COMMIT_GITHUB_API')
+      .map(s => s.indicator),
+    allVersions,
+  );
+
+  const exfilResult = await checkExfilPattern(options.extensionFiles || []);
+
+  const triggeredSignals = [];
+  if (burstResult.triggered) triggeredSignals.push('VSIX_BURST_PUBLISH');
+  if (publisherResult.triggered) triggeredSignals.push('VSIX_PUBLISHER_ANOMALY');
+  if (activationResult.triggered) triggeredSignals.push('VSIX_ACTIVATION_EVENT_RISK');
+  if (orphanResult.triggered) triggeredSignals.push('VSIX_ORPHAN_COMMIT_FETCH');
+  if (iocResult.triggered) triggeredSignals.push('VSIX_KNOWN_IOC');
+  if (exfilResult.triggered) triggeredSignals.push('VSIX_EXFIL_PATTERN');
+
+  if (triggeredSignals.length === 0) return [];
+
+  const registryLabels = [];
+  if (marketplaceVersions.length > 0) registryLabels.push('marketplace');
+  if (openVsxVersions.length > 0) registryLabels.push('open-vsx');
+
+  const maxSeverity = triggeredSignals.reduce((max, s) => {
+    if (s === 'VSIX_KNOWN_IOC' || s === 'VSIX_ORPHAN_COMMIT_FETCH') return Math.max(max, 4);
+    if (s === 'VSIX_BURST_PUBLISH' || s === 'VSIX_PUBLISHER_ANOMALY' || s === 'VSIX_EXFIL_PATTERN') return Math.max(max, 3);
+    if (s === 'VSIX_ACTIVATION_EVENT_RISK') return Math.max(max, 3);
+    return max;
+  }, 0);
+
+  const finalSeverity = SEVERITY_LABELS[maxSeverity] || 'high';
+
+  const latestVersion = allVersions.length > 0 ? allVersions[allVersions.length - 1].version : 'unknown';
+  let exposureWindowMinutes = null;
+  if (burstResult.hotPullDetected && allVersions.length >= 2) {
+    const sorted = [...allVersions].sort((a, b) => new Date(b.publishedAt) - new Date(a.publishedAt));
+    const gap = (new Date(sorted[0].publishedAt) - new Date(sorted[1].publishedAt)) / (1000 * 60);
+    exposureWindowMinutes = Math.round(gap);
+  }
+
+  const evidence = {
+    extensionId,
+    maliciousVersion: latestVersion,
+    registries: registryLabels,
+    exposureWindowMinutes,
+    triggeredSignals,
+    burstWindow: burstResult.burstWindow,
+    hotPullDetected: burstResult.hotPullDetected,
+    publisherSignals: publisherResult.triggered ? publisherResult.signals : null,
+    activationEvents: manifest?.activationEvents || null,
+    activationRisk: activationResult.triggered ? { riskLevel: activationResult.riskLevel, why: activationResult.why } : null,
+    orphanCommitIndicators: orphanResult.triggered ? orphanResult.indicators : null,
+    iocMatches: iocResult.triggered ? iocResult.matches : null,
+    exfilPatterns: exfilResult.triggered ? exfilResult.exfilPatterns : null,
+    antiAnalysisTechniques: exfilResult.triggered ? exfilResult.antiAnalysisTechniques : null,
+  };
+
+  const remediationGuidance = buildRemediation(triggeredSignals, extensionId);
+
+  return [{
+    id: 'VSIX_SCAN',
+    severity: finalSeverity,
+    title: `VS Code extension risk: ${extensionId}`,
+    description: `${triggeredSignals.length} signal(s): ${triggeredSignals.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: remediationGuidance,
+  }];
+}
+
+function parseExtensionId(id) {
+  const idx = id.indexOf('.');
+  if (idx === -1 || idx === 0 || idx === id.length - 1) {
+    throw new Error(`Invalid extension ID: ${id}. Expected format: publisher.extension-name`);
+  }
+  return { publisherId: id.slice(0, idx), extensionName: id.slice(idx + 1) };
+}
+
+function mergeVersionHistories(marketplace, openVsx) {
+  const seen = new Set();
+  const merged = [];
+
+  for (const v of marketplace) {
+    if (!seen.has(v.version)) {
+      seen.add(v.version);
+      merged.push({ ...v, registries: ['marketplace'] });
+    }
+  }
+
+  for (const v of openVsx) {
+    if (!seen.has(v.version)) {
+      seen.add(v.version);
+      merged.push({ ...v, registries: ['open-vsx'] });
+    } else {
+      const existing = merged.find(m => m.version === v.version);
+      if (existing) {
+        existing.registries.push('open-vsx');
+      }
+    }
+  }
+
+  return merged.sort((a, b) => new Date(a.publishedAt) - new Date(b.publishedAt));
+}
+
+function extractManifest(marketplaceMeta, extensionId) {
+  if (!marketplaceMeta?.results?.[0]?.extensions?.[0]) return {};
+  const ext = marketplaceMeta.results[0].extensions[0];
+  const manifestStr = ext.galleryApiUrl || ext.manifest;
+  if (!manifestStr) return {};
+
+  try {
+    if (typeof manifestStr === 'object') return manifestStr;
+    return JSON.parse(manifestStr);
+  } catch {
+    return {};
+  }
+}
+
+function buildRemediation(triggeredSignals, extensionId) {
+  const parts = [];
+  if (triggeredSignals.includes('VSIX_KNOWN_IOC')) {
+    parts.push(`Extension ${extensionId} matches known campaign IOC. Remove immediately.`);
+  }
+  if (triggeredSignals.includes('VSIX_BURST_PUBLISH')) {
+    parts.push('Suspicious publish velocity detected. Verify publisher release history.');
+  }
+  if (triggeredSignals.includes('VSIX_PUBLISHER_ANOMALY')) {
+    parts.push('Publisher account anomaly detected. Verify publisher identity.');
+  }
+  if (triggeredSignals.includes('VSIX_ACTIVATION_EVENT_RISK')) {
+    parts.push('Risky activation events detected. Review extension activation scope.');
+  }
+  if (triggeredSignals.includes('VSIX_ORPHAN_COMMIT_FETCH')) {
+    parts.push('Dangling orphan commit fetch detected — technical signature of Nx Console attack.');
+  }
+  if (triggeredSignals.includes('VSIX_EXFIL_PATTERN')) {
+    parts.push('Credential exfiltration patterns detected. Revoke all tokens.');
+  }
+  return parts.join(' ');
+}