@lateos/npm-scan 0.15.5 → 0.15.6

package/README.de.md

@@ -9,7 +9,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-222%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-85%25-yellowgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -227,6 +227,7 @@ npm-scan report --pdf             # alle Scans (Premium)
 | **ATK-009** | Bedingte/schlafende Auslöser (CI-Erkennung, zeitbasiert) | Verhaltensbasiert | 🔴 hoch | SR-9.2 |
 | **ATK-010** | Sandbox-Evasion / Anti-Analyse | Verhaltensbasiert | 🟠 mittel | SR-10.3 |
 | **ATK-011** | Transitive Verbreitung (wurmartige laterale Ausbreitung) | Verhaltensbasiert | 🔴 hoch | SR-11.4 |
+| **CVE-2026-48710** | BadHost — Starlette Authentifizierungs-Bypass via Host-Header-Injection (CVE-2026-48710, CVSS 7.0). Python-Abhängigkeitsversionserkennung (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), transitive Heuristik (15 bekannte Downstream-Pakete: fastapi, vllm, litellm, MCP-Server, etc.), statische Code-Pattern-Analyse für gefährliche `request.url.path`-Nutzung in Auth/Middleware-Kontexten mit `request.scope["path"]`-Unterdrückung | Statisch + Registry | 🔴 hoch / 🟠 mittel / ℹ️ info | SR-3.1, SR-5.3 |
 
 > **Wie ausweichende Angriffe erkannt werden:** ATK-009 erkennt Pakete, die `process.env.CI` prüfen, Hostnamen sondieren oder zeitbasierte Aktivierung verwenden. ATK-010 markiert `debugger`-Anweisungen, `os.hostname()`-Sonden und Umgebungs-Fingerprinting. ATK-011 verfolgt Peer-Abhängigkeitsgraphen, um wurmartige Verbreitungsmuster zu erkennen.  
 > Vollständige Dokumentation der Ausweichfläche und PoC-Beispiele finden Sie in [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md).
@@ -548,7 +549,7 @@ Siehe den obigen [Docker-Schnellstart-Abschnitt](#-lateosnpm-scan-überall-mit-d
 
 ### Kostenlose Stufe (ausgeliefert)
 
-- Alle 11 ATK-Detektoren (statisch + verhaltensbasiert)
+- Alle 11 ATK-Detektoren (statisch + verhaltensbasiert) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
 - SBOM-Ausgabe (CycloneDX + SPDX)
 - HTML-, Text- und Compliance-Berichte (NIST + EU CRA)
 - Policy-as-Code-Engine (YAML)
@@ -611,6 +612,10 @@ node --test test/detectors-corpus.test.js
 - `test/fetch.test.js` — Tarball-Extraktion, Bereinigung temporärer Verzeichnisse
 - `test/policy-edge-cases.test.js` — Grenzfälle bei Unterdrückung, Überschreibung, Ladevalidierung
 - `test/report-snapshots.test.js` — HTML/Text/CRA/PDF-Format-Assertions
+- `test/cve-2026-48710-badhost/manifest.test.js` — 13 Python-Manifest-Parsing-Tests (requirements.txt, pyproject.toml, poetry.lock, Version-Grenzfälle)
+- `test/cve-2026-48710-badhost/transitive.test.js` — 7 transitive Abhängigkeitstests (Tier 1/2, fastapi-Version-Gating, Pin-Unterdrückung)
+- `test/cve-2026-48710-badhost/codePattern.test.js` — 6 statische Code-Pattern-Tests (Auth-Kontext, INFO-Durchgriff, Scope-Unterdrückung)
+- `test/cve-2026-48710-badhost/integration.test.js` — 4 Integrationstests (End-to-End-Composite-Findings, sauberes Projekt, keine Python-Dateien)
 - `test/cli.test.js` — Commander-Integrationstests (Hilfe, Version, Scan, Bericht, Fehlerbehandlung)
 
 ### Hilfe benötigt?

package/README.fr.md

@@ -9,7 +9,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-222%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-85%25-yellowgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -227,6 +227,7 @@ npm-scan report --pdf             # tous les scans (premium)
 | **ATK-009** | Déclencheurs conditionnels/dormants (détection CI, temporel) | Comportementale | 🔴 élevée | SR-9.2 |
 | **ATK-010** | Contournement de sandbox / anti-analyse | Comportementale | 🟠 moyenne | SR-10.3 |
 | **ATK-011** | Propagation transitive (dissémination latérale de type ver) | Comportementale | 🔴 élevée | SR-11.4 |
+| **CVE-2026-48710** | BadHost — contournement d'authentification Starlette par injection d'en-tête Host (CVE-2026-48710, CVSS 7.0). Détection de version de dépendance Python (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), heuristique transitive (15 paquets aval connus : fastapi, vllm, litellm, serveurs MCP, etc.), analyse statique de code pour `request.url.path` dangereux en contexte auth/middleware avec suppression par `request.scope["path"]` | Statique + Registre | 🔴 élevée / 🟠 moyenne / ℹ️ info | SR-3.1, SR-5.3 |
 
 > **Comment les attaques furtives sont détectées :** ATK-009 détecte les paquets qui vérifient `process.env.CI`, sondent les noms d'hôte ou utilisent une activation temporelle. ATK-009 signale les instructions `debugger`, les sondes `os.hostname()` et l'empreinte environnementale. ATK-011 trace les graphes de dépendances peer pour détecter les schémas de propagation de type ver.  
 > Voir [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md) pour la documentation complète de la surface d'évasion et des exemples de PoC.
@@ -548,7 +549,7 @@ Voir la [section Démarrage rapide Docker](#-exécutez-lateosnpm-scan-partout-av
 
 ### Niveau gratuit (livré)
 
-- Les 11 détecteurs ATK (statique + comportemental)
+- Les 11 détecteurs ATK (statique + comportemental) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
 - Sortie SBOM (CycloneDX + SPDX)
 - Rapports HTML, texte et conformité (NIST + EU CRA)
 - Moteur de politique en tant que code (YAML)
@@ -611,6 +612,10 @@ node --test test/detectors-corpus.test.js
 - `test/fetch.test.js` — extraction de tarball, nettoyage de répertoire temporaire
 - `test/policy-edge-cases.test.js` — cas limites dans la suppression, la surcharge, la validation de chargement
 - `test/report-snapshots.test.js` — assertions de format HTML/texte/CRA/PDF
+- `test/cve-2026-48710-badhost/manifest.test.js` — 13 tests d'analyse de manifeste Python (requirements.txt, pyproject.toml, poetry.lock, cas limites de version)
+- `test/cve-2026-48710-badhost/transitive.test.js` — 7 tests de dépendances transitives (Tier 1/2, contrôle de version fastapi, suppression par épinglage)
+- `test/cve-2026-48710-badhost/codePattern.test.js` — 6 tests de motifs de code statiques (contexte auth, passage INFO, suppression scope)
+- `test/cve-2026-48710-badhost/integration.test.js` — 4 tests d'intégration (résultats composites de bout en bout, projet propre, pas de fichiers Python)
 - `test/cli.test.js` — tests d'intégration commander (aide, version, scan, rapport, gestion d'erreurs)
 
 ### Besoin d'aide ?

package/README.ja.md

@@ -9,7 +9,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-222%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-85%25-yellowgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -223,6 +223,7 @@ npm-scan report --pdf             # すべてのスキャン（プレミアム
 | **ATK-009** | 条件付き／潜伏トリガー（CI検出、時間ベース） | 行動 | 🔴 高 | SR-9.2 |
 | **ATK-010** | サンドボックス回避／アンチ解析 | 行動 | 🟠 中 | SR-10.3 |
 | **ATK-011** | 推移的伝播（ワーム型横方向拡散） | 行動 | 🔴 高 | SR-11.4 |
+| **CVE-2026-48710** | BadHost — Starlette Host ヘッダーインジェクション認証バイパス (CVE-2026-48710, CVSS 7.0)。Python 依存関係バージョン検出 (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg)、推移的ヒューリスティック (15 の既知ダウンストリームパッケージ：fastapi, vllm, litellm, MCP サーバー等)、auth/middleware コンテキストでの危険な `request.url.path` 使用の静的コードパターンスキャン、`request.scope["path"]` による抑制対応 | 静的 + レジストリ | 🔴 高 / 🟠 中 / ℹ️ 情報 | SR-3.1, SR-5.3 |
 
 > **回避型攻撃の捕捉方法：** ATK-009は`process.env.CI`をチェックする、ホスト名をプローブする、または時間ベースのアクティベーションを使用するパッケージを検出します。ATK-010は`debugger`文、`os.hostname()`プローブ、環境フィンガープリンティングをフラグ付けします。ATK-011はピア依存関係グラフをトレースしてワーム型伝播パターンを検出します。  
 > 完全な回避面のドキュメントとPoC例については、[`docs/attack-taxonomy.md`](docs/attack-taxonomy.md)を参照してください。
@@ -544,7 +545,7 @@ npm-scan report --html > report.html
 
 ### 無料版（出荷済み）
 
-- 全11ATK検出器（静的＋行動）
+- 全11ATK検出器（静的＋行動）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
 - SBOM出力（CycloneDX + SPDX）
 - HTML、テキスト、コンプライアンスレポート（NIST + EU CRA）
 - ポリシー・アズ・コードエンジン（YAML）
@@ -607,6 +608,10 @@ node --test test/detectors-corpus.test.js
 - `test/fetch.test.js` — tarball抽出、一時ディレクトリクリーンアップ
 - `test/policy-edge-cases.test.js` — 抑制、上書き、ロード検証のエッジケース
 - `test/report-snapshots.test.js` — HTML/テキスト/CRA/PDF形式のアサーション
+- `test/cve-2026-48710-badhost/manifest.test.js` — 13のPythonマニフェスト解析テスト（requirements.txt, pyproject.toml, poetry.lock, バージョンエッジケース）
+- `test/cve-2026-48710-badhost/transitive.test.js` — 7の推移的依存関係テスト（Tier 1/2, fastapiバージョンゲーティング, 固定抑制）
+- `test/cve-2026-48710-badhost/codePattern.test.js` — 6の静的コードパターンテスト（authコンテキスト, INFOフォールスルー, scope抑制）
+- `test/cve-2026-48710-badhost/integration.test.js` — 4の統合テスト（エンドツーエンド複合発見項目, クリーンプロジェクト, Pythonファイルなし）
 - `test/cli.test.js` — commander統合テスト（ヘルプ、バージョン、スキャン、レポート、エラーハンドリング）
 
 ### ヘルプが必要ですか？

package/README.md

@@ -3,7 +3,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-428%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-90%25-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -28,6 +28,8 @@ A growing attack vector is **HuggingFace org impersonation** — packages that m
 
 The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake GitHub PRs, malicious workflow injection, and cloud credential exfiltration — all coordinated through a single actor automating the entire kill chain. **@lateos/npm-scan** now detects artifacts of this campaign out of the box.
 
+Critical infrastructure vulnerabilities in the Python ecosystem are also in scope. The **BadHost (CVE-2026-48710)** vulnerability in Starlette < 1.0.1 enables authentication bypass via unvalidated HTTP Host header injection, affecting FastAPI, vLLM, LiteLLM, MCP servers, and any project using Starlette transitively — now detected across Python manifests, transitive dependency chains, and source code patterns in a single scan.
+
 **npm audit** checks known CVEs. **Snyk** scans for vulnerabilities. **Socket** looks at package behavior. None of them were designed for the generation of attacks that emerged in 2025 — attacks that look benign until they reach production.
 
 **@lateos/npm-scan** was built for this moment.
@@ -50,6 +52,7 @@ The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake
 | Worm campaign detection (Mini Shai-Hulud Wave 1–3) | ❌ | ❌ | ❌ | ✅ |
 | HF model repo impersonation + README clone | ❌ | ❌ | ❌ | ✅ |
 | VS Code extension supply chain scan (--vsix) | ❌ | ❌ | ❌ | ✅ |
+| Python vulnerability detection (CVE-2026-48710 BadHost) | ❌ | ❌ | ❌ | ✅ |
 | Attack taxonomy (ATK series) | ❌ | ❌ | ❌ | ✅ |
 | SBOM output (CycloneDX + SPDX) | ❌ | ✅ | ❌ | ✅ |
 | SARIF v2.1 (GitHub Code Scanning) | ❌ | ❌ | ❌ | ✅ |
@@ -72,6 +75,7 @@ The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake
 | 🧬 | **ATK attack taxonomy** | 11 classified attack types with NIST 800-161 mappings — versioned, documented, and PR-able |
 | 🪱 | **Worm campaign detection** | Mini Shai-Hulud — 6 sub-checks detecting burst publish, sibling compromise, SLSA attestation mismatch, publisher drift, IOC match, and token exfil across 3 waves (TanStack, AntV/atool, Nx Console) |
 | 🧩 | **VSIX extension scanning** | `npm-scan scan --vsix nrwl.angular-console` — detects VS Code Marketplace supply chain attacks: burst publish, publisher anomaly, activation event risk, orphan commit fetch, known IOC, and exfil patterns (Nx Console 18.95.0 CVE-2026-48027) |
+| 🐍 | **Python vulnerability detection** | CVE-2026-48710 (BadHost) — Starlette Host header injection across 6 Python manifest formats, 15 transitive downstream packages (fastapi, vllm, litellm, MCP), and static `request.url.path` code pattern analysis with `scope["path"]` suppression |
 | 📦 | **SBOM generation** | CycloneDX 1.5 and SPDX 2.3 with findings embedded as vulnerabilities |
 | 🔍 | **SARIF output** | GitHub Advanced Security / CodeQL compatible SARIF v2.1 — shows findings directly in Security tab |
 | 🧾 | **Compliance reporting** | NIST SP 800-161 traceability matrix + EU Cyber Resilience Act mapping (free tier) |
@@ -281,12 +285,14 @@ npm-scan report --pdf             # all scans (premium)
 | **HF_IMPERSONATION** | HuggingFace org spoof detection — Jaro-Winkler similarity against 15 known-good orgs, SimHash README clone detection, artifact mismatch (`.exe`/`.dll` in model repos), postinstall escalation, new-org amplifier | Static + Network (Stage 2) | 🔴 high / ⚫ critical | SR-2.1 |
 | **MINI_SHAI_HULUD** | Mini Shai-Hulud worm campaign — burst publish velocity (≥3 versions/30 min), co-temporal sibling compromise, SLSA attestation mismatch (sub-60s gap, first-ever, builder mismatch), publisher drift (<10 min account change), IOC match (scope/sha512/publisher from seed file), token exfil (NPM_TOKEN/.npmrc/atob patterns), Nx Console downstream detection | Static + Registry | 🔴 high / ⚫ critical | SR-3.1, SR-7.5 |
 | **VSIX_SCAN** | VS Code extension supply chain scan — burst publish (≥2 versions/30 min, hot-pull <20 min), publisher anomaly (account substitution, new-account on high-install ext, 15-min add+publish), activation event risk (onStartupFinished→HIGH, *→CRITICAL, escalation on shell keywords), orphan commit fetch (GitHub API SHA refs, npx git URL, MCP-disguised exfil, Bun install), known IOC (extensionId/publisherAccount/commit hash from seed), exfil patterns (cred paths, DNS tunneling, AES+RSA, anti-analysis, Bun APIs) | Static + Registry | 🟠 medium / 🔴 high / ⚫ critical | SR-3.1, SR-5.3 |
+| **CVE-2026-48710** | BadHost — Starlette authentication bypass via Host header injection (CVE-2026-48710, CVSS 7.0). Python dependency version detection (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), transitive heuristic (15 known downstream packages: fastapi, vllm, litellm, MCP servers, etc.), static code pattern scan for dangerous `request.url.path` usage in auth/middleware context with `request.scope["path"]` suppression | Static + Registry | 🔴 high / 🟠 medium / ℹ️ info | SR-3.1, SR-5.3 |
 
 > **How evasive attacks are caught:** ATK-009 detects packages that check `process.env.CI`, probe hostnames, or use time-based activation. ATK-010 flags `debugger` statements, `os.hostname()` probes, and env fingerprinting. ATK-011 traces peer dependency graphs to detect worm-like propagation patterns.  
 > **MEGALODON** campaign detection analyzes bundled `.github/workflows/` files for C2 co-occurrence and base64 decode chains, scans tarball files for credential + outbound network patterns, detects version publish velocity spikes via npm registry metadata, and identifies publisher account drift — all without any network calls beyond the initial package fetch.  
 > **HF_IMPERSONATION** detection uses a lazy two-stage evaluation: Stage 1 scans `package.json` scripts and JS/TS sources for HuggingFace references (URLs, `from_pretrained()`, `hub.download()`) and runs Jaro-Winkler similarity against 15 known-good HF orgs — zero network. If spoofs are found, Stage 2 fetches the HF model API, computes SimHash of both READMEs for clone detection, validates artifact type consistency (e.g., `transformers` library with `.exe` files is flagged as critical), applies a new-org amplifier (<30 days), and escalates when the reference appears in a lifecycle script.  
 > **MINI_SHAI_HULUD** worm campaign detection uses a lazy two-stage evaluation: Stage 1 runs burst velocity, publisher drift, IOC, and token exfil checks (in-memory, no network). If burst triggers, Stage 2 queries npm attestation endpoints for SLSA anomalies and fetches sibling package registry metadata for co-temporal burst detection. Composite finding includes wave attribution (wave1-tanstack, wave2-antv, wave3-nx-console) and critical severity when SLSA or IOC match. NX_CONSOLE_DOWNSTREAM (D7) flags npm packages with `@nx/*` dependencies and checks for `nrwl.angular-console` in `.vscode/extensions.json`.  
 > **VSIX_SCAN** extension scanning wraps both VS Code Marketplace and Open VSX registries with rate-limited (10 req/min), cached (5 min TTL) API clients. All 6 detectors run asynchronously and aggregate into a single composite `VSIX_SCAN` finding. Zero extension code is executed — all analysis is static regex/text-pattern matching. No Bun installation required for Bun pattern detection.  
+> **CVE-2026-48710 (BadHost)** detection uses three independent layers: Layer 1 parses 6 Python manifest formats (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py, setup.cfg) with PEP 440 semver-aware version comparison. Layer 2 scans for 15 known Starlette-downstream packages with Tier 1 (HIGH confidence) and Tier 2 (MEDIUM confidence) transitive heuristics, suppressed by explicit `starlette >= 1.0.1` pin. Layer 3 performs function-boundary static analysis on `.py` files for `request.url.path` usage, escalating to MEDIUM severity in auth/middleware contexts and suppressing when `request.scope["path"]` is used in the same function.  
 > See [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md) for full evasion surface documentation and PoC examples.
 
 ---
@@ -645,7 +651,7 @@ See the [Docker quick-start section](#-run-lateosnpm-scan-anywhere-with-docker--
 
 ### Free tier (shipped)
 
-- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6) + **HF_IMPERSONATION** detector + **MINI_SHAI_HULUD** worm campaign (D1–D7, 3 waves) + **VSIX_SCAN** extension supply chain scan (6 detectors)
+- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6) + **HF_IMPERSONATION** detector + **MINI_SHAI_HULUD** worm campaign (D1–D7, 3 waves) + **VSIX_SCAN** extension supply chain scan (6 detectors) + **CVE-2026-48710 (BadHost)** Python vulnerability detection (3 layers)
 - SBOM output (CycloneDX + SPDX)
 - HTML, text, and compliance reports (NIST + EU CRA)
 - Policy-as-code engine (YAML)
@@ -724,6 +730,10 @@ node --test test/detectors-corpus.test.js
 - `test/vsix-scan/known-ioc.test.js` — 4 known IOC tests (extensionId, publisher window, outside window)
 - `test/vsix-scan/exfil-pattern.test.js` — 5 exfil pattern tests (creds, DNS tunnel, AES+RSA, anti-analysis, silent)
 - `test/vsix-scan/integration.test.js` — 4 integration tests (Nx Console CRITICAL, safe version clean, orphan commit, skipNetwork)
+- `test/cve-2026-48710-badhost/manifest.test.js` — 13 Python manifest parsing tests (requirements.txt, pyproject.toml, poetry.lock, version edge cases)
+- `test/cve-2026-48710-badhost/transitive.test.js` — 7 transitive dependency tests (Tier 1/2, fastapi version gating, pin suppression)
+- `test/cve-2026-48710-badhost/codePattern.test.js` — 6 static code pattern tests (auth context, INFO fallthrough, scope suppression)
+- `test/cve-2026-48710-badhost/integration.test.js` — 4 integration tests (end-to-end composite findings, clean project, no Python files)
 - `test/cli.test.js` — commander integration tests (help, version, scan, report, error handling)
 - `test/cli-lockfile.test.js` — scan-lockfile CLI options, yarn/pnpm/monorepo/watch tests
 

package/README.zh.md

@@ -9,7 +9,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-222%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-85%25-yellowgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -227,6 +227,7 @@ npm-scan report --pdf             # 所有扫描（高级版）
 | **ATK-009** | 条件/潜伏触发器（CI 检测、基于时间） | 行为 | 🔴 高 | SR-9.2 |
 | **ATK-010** | 沙箱逃逸 / 反分析 | 行为 | 🟠 中 | SR-10.3 |
 | **ATK-011** | 传递性传播（蠕虫式横向扩散） | 行为 | 🔴 高 | SR-11.4 |
+| **CVE-2026-48710** | BadHost — Starlette Host 头注入认证绕过 (CVE-2026-48710, CVSS 7.0)。Python 依赖版本检测 (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg)，传递性启发式检测 (15 个已知下游包：fastapi, vllm, litellm, MCP 服务器等)，auth/middleware 上下文中危险 `request.url.path` 使用的静态代码模式扫描，支持 `request.scope["path"]` 抑制 | 静态 + 注册表 | 🔴 高 / 🟠 中 / ℹ️ 信息 | SR-3.1, SR-5.3 |
 
 > **如何捕获逃避式攻击：** ATK-009 检测检查 `process.env.CI`、探测主机名或使用时间激活的包。ATK-010 标记 `debugger` 语句、`os.hostname()` 探测和环境指纹采集。ATK-011 追踪同级依赖图以检测蠕虫式传播模式。  
 > 完整逃避面文档和 PoC 示例请参阅 [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md)。
@@ -548,7 +549,7 @@ npm-scan report --html > report.html
 
 ### 免费版（已发布）
 
-- 全部 11 个 ATK 检测器（静态 + 行为）
+- 全部 11 个 ATK 检测器（静态 + 行为）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
 - SBOM 输出（CycloneDX + SPDX）
 - HTML、文本和合规报告（NIST + EU CRA）
 - 策略即代码引擎（YAML）
@@ -611,6 +612,10 @@ node --test test/detectors-corpus.test.js
 - `test/fetch.test.js` — tarball 提取、临时目录清理
 - `test/policy-edge-cases.test.js` — 抑制、覆盖、加载验证的边缘情况
 - `test/report-snapshots.test.js` — HTML/文本/CRA/PDF 格式断言
+- `test/cve-2026-48710-badhost/manifest.test.js` — 13 个 Python 清单解析测试（requirements.txt, pyproject.toml, poetry.lock, 版本边界情况）
+- `test/cve-2026-48710-badhost/transitive.test.js` — 7 个传递性依赖测试（Tier 1/2, fastapi 版本门控, 固定版本抑制）
+- `test/cve-2026-48710-badhost/codePattern.test.js` — 6 个静态代码模式测试（auth 上下文, INFO 穿透, scope 抑制）
+- `test/cve-2026-48710-badhost/integration.test.js` — 4 个集成测试（端到端复合发现项, 清洁项目, 无 Python 文件）
 - `test/cli.test.js` — commander 集成测试（帮助、版本、扫描、报告、错误处理）
 
 ### 需要帮助？

package/backend/detectors/cve-2026-48710-badhost/codePattern.js

@@ -0,0 +1,99 @@
+import { codePatternAuthFinding, codePatternInfoFinding } from './findings.js';
+
+const AUTH_CONTEXT_PATHS = [
+  'middleware',
+  'auth',
+  'security',
+  'router',
+  'depends',
+  'guard',
+  'permission',
+];
+
+const URL_PATH_PATTERN = /request\.url\.path|req\.url\.path|self\.request\.url\.path/g;
+const SCOPE_PATH_PATTERN = /request\.scope\s*\[\s*["']path["']\s*\]|request\.scope\.get\s*\(\s*["']path["']\s*\)/g;
+
+function hasAuthContext(filePath) {
+  const lower = filePath.toLowerCase();
+  return AUTH_CONTEXT_PATHS.some(ctx => lower.includes(ctx));
+}
+
+function findFunctionBoundaries(lines) {
+  const functions = [];
+  let currentFn = null;
+  let fnBodyStart = -1;
+  let indent = 0;
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const defMatch = line.match(/^(def\s+\w+|async\s+def\s+\w+)/);
+    if (defMatch) {
+      if (currentFn) {
+        functions.push({ name: currentFn, startLine: fnBodyStart, endLine: i - 1 });
+      }
+      currentFn = defMatch[1];
+      fnBodyStart = i;
+      indent = line.length - line.trimStart().length;
+    } else if (currentFn && line.trim() && line.length - line.trimStart().length <= indent && !line.trim().startsWith('#') && !line.trim().startsWith('@')) {
+      functions.push({ name: currentFn, startLine: fnBodyStart, endLine: i - 1 });
+      currentFn = null;
+    }
+  }
+  if (currentFn) {
+    functions.push({ name: currentFn, startLine: fnBodyStart, endLine: lines.length - 1 });
+  }
+
+  return functions;
+}
+
+function hasScopePathInFunction(lines, fnStart, fnEnd) {
+  for (let i = fnStart; i <= fnEnd && i < lines.length; i++) {
+    if (SCOPE_PATH_PATTERN.test(lines[i])) return true;
+  }
+  return false;
+}
+
+export function scanCodePatterns(allFiles) {
+  const findings = [];
+
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+    if (!path.endsWith('.py')) continue;
+
+    const lines = content.split('\n');
+    const isAuthContext = hasAuthContext(path);
+    const functions = findFunctionBoundaries(lines);
+    const suppressedLines = new Set();
+
+    for (const fn of functions) {
+      if (hasScopePathInFunction(lines, fn.startLine, fn.endLine)) {
+        for (let i = fn.startLine; i <= fn.endLine && i < lines.length; i++) {
+          if (URL_PATH_PATTERN.test(lines[i])) {
+            suppressedLines.add(i + 1);
+          }
+          URL_PATH_PATTERN.lastIndex = 0;
+        }
+      }
+    }
+
+    if (isAuthContext) {
+      let m;
+      while ((m = URL_PATH_PATTERN.exec(content)) !== null) {
+        const lineNumber = content.slice(0, m.index).split('\n').length;
+        if (suppressedLines.has(lineNumber)) continue;
+        findings.push(codePatternAuthFinding(path, lineNumber));
+      }
+    } else {
+      let m;
+      while ((m = URL_PATH_PATTERN.exec(content)) !== null) {
+        const lineNumber = content.slice(0, m.index).split('\n').length;
+        if (suppressedLines.has(lineNumber)) continue;
+        findings.push(codePatternInfoFinding(path, lineNumber));
+      }
+    }
+  }
+
+  return findings;
+}

package/backend/detectors/cve-2026-48710-badhost/findings.js

@@ -0,0 +1,105 @@
+const CVE = 'CVE-2026-48710';
+const NICKNAME = 'BadHost';
+const CVSS = 7.0;
+const REFERENCES = [
+  'https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette/',
+  'https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr',
+  'https://badhost.org/',
+  'https://osv.dev/vulnerability/PYSEC-2026-161',
+];
+
+const MITIGATION_NOTE = 'Partial mitigation: Cloudflare and AWS ALB reject malformed Host headers for properly proxied deployments. Direct uvicorn/hypercorn/daphne/granian exposure with no reverse proxy in front is highest risk.';
+
+const DEPENDENCY_REMEDIATION = 'Upgrade starlette to >= 1.0.1. If starlette is inherited transitively through fastapi, vllm, litellm, or an MCP server package, upgrade the top-level package to a version that pins starlette >= 1.0.1. Verify with: pip show starlette.';
+
+const CODE_REMEDIATION = 'Replace request.url.path with request.scope["path"] for all security-sensitive decisions (auth checks, path allowlists, rate limiting gates). The reconstructed request.url is influenced by the unvalidated Host header in Starlette < 1.0.1.';
+
+function makeFinding(overrides = {}) {
+  return {
+    id: CVE,
+    severity: 'high',
+    title: `${NICKNAME} — ${overrides.source || 'unknown'}`,
+    description: '',
+    remediation: '',
+    evidence: JSON.stringify({
+      cve: CVE,
+      nickname: NICKNAME,
+      cvss: CVSS,
+      references: REFERENCES,
+      ...overrides,
+    }),
+    ...overrides,
+  };
+}
+
+export function directDependencyFinding(version, specifier) {
+  return makeFinding({
+    severity: 'high',
+    confidence: 'HIGH',
+    source: 'direct-dependency',
+    title: `${NICKNAME}: Starlette ${version} vulnerable`,
+    description: `Starlette ${version} (${specifier}) is vulnerable to CVE-2026-48710 (BadHost) — authentication bypass via Host header injection. Upgrade to starlette >= 1.0.1.`,
+    remediation: `${DEPENDENCY_REMEDIATION} ${MITIGATION_NOTE}`,
+    file: null,
+    line: null,
+    via: null,
+  });
+}
+
+export function directDependencyUnpinnedFinding() {
+  return makeFinding({
+    severity: 'high',
+    confidence: 'HIGH',
+    source: 'direct-dependency-unpinned',
+    title: `${NICKNAME}: Starlette unpinned`,
+    description: 'Starlette is declared with no version constraint — assume vulnerable to CVE-2026-48710 (BadHost) until pinned to >= 1.0.1.',
+    remediation: `${DEPENDENCY_REMEDIATION} ${MITIGATION_NOTE}`,
+    file: null,
+    line: null,
+    via: null,
+  });
+}
+
+export function transitiveDependencyFinding(packageName, tier) {
+  const confidence = tier === 1 ? 'HIGH' : 'MEDIUM';
+  const tierLabel = tier === 1 ? 'Tier 1' : 'Tier 2';
+  return makeFinding({
+    severity: 'high',
+    confidence,
+    source: 'transitive-dependency',
+    title: `${NICKNAME}: Transitive via ${packageName}`,
+    description: `Starlette not directly pinned; inherited through ${packageName} (${tierLabel}). ${packageName} depends on Starlette — if its version constraint allows Starlette < 1.0.1, your deployment is vulnerable.`,
+    remediation: `${DEPENDENCY_REMEDIATION} ${MITIGATION_NOTE}`,
+    file: null,
+    line: null,
+    via: packageName,
+  });
+}
+
+export function codePatternAuthFinding(filePath, lineNumber) {
+  return makeFinding({
+    severity: 'medium',
+    confidence: 'MEDIUM',
+    source: 'code-pattern',
+    title: `${NICKNAME}: Dangerous path extraction in auth/middleware`,
+    description: `request.url.path used in auth/middleware context at ${filePath}:${lineNumber} — use request.scope['path'] instead. The reconstructed request.url is influenced by the unvalidated Host header in Starlette < 1.0.1.`,
+    remediation: `${CODE_REMEDIATION} ${MITIGATION_NOTE}`,
+    file: filePath,
+    line: lineNumber,
+    via: null,
+  });
+}
+
+export function codePatternInfoFinding(filePath, lineNumber) {
+  return makeFinding({
+    severity: 'info',
+    confidence: 'LOW',
+    source: 'code-pattern',
+    title: `${NICKNAME}: request.url.path usage detected`,
+    description: `request.url.path used at ${filePath}:${lineNumber} — may be influenced by unvalidated Host header in Starlette < 1.0.1. Verify request.scope['path'] is used for security decisions.`,
+    remediation: `${CODE_REMEDIATION} ${MITIGATION_NOTE}`,
+    file: filePath,
+    line: lineNumber,
+    via: null,
+  });
+}

package/backend/detectors/cve-2026-48710-badhost/index.js

@@ -0,0 +1,15 @@
+import { scanFiles } from './manifest.js';
+import { scanTransitive } from './transitive.js';
+import { scanCodePatterns } from './codePattern.js';
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const targetFiles = allFiles || files;
+
+  const manifestFindings = scanFiles(targetFiles);
+  const transitiveFindings = scanTransitive(targetFiles);
+  const codeFindings = scanCodePatterns(targetFiles);
+
+  const allFindings = [...manifestFindings, ...transitiveFindings, ...codeFindings];
+
+  return allFindings;
+}

package/backend/detectors/cve-2026-48710-badhost/manifest.js

@@ -0,0 +1,305 @@
+import { directDependencyFinding, directDependencyUnpinnedFinding } from './findings.js';
+
+function parseReqTxtLine(line) {
+  const trimmed = line.trim();
+  if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) return null;
+  const idx = trimmed.indexOf('#');
+  const spec = idx >= 0 ? trimmed.slice(0, idx).trim() : trimmed;
+  if (!spec || !spec.startsWith('starlette')) return null;
+
+  const eqIdx = spec.indexOf('==');
+  const geIdx = spec.indexOf('>=');
+  const tildeIdx = spec.indexOf('~=');
+  const ltIdx = spec.indexOf('<');
+
+  if (eqIdx >= 0) {
+    const ver = spec.slice(eqIdx + 2).trim();
+    return { name: 'starlette', version: ver, specifier: `==${ver}` };
+  }
+  if (geIdx >= 0) {
+    const rest = spec.slice(geIdx + 2).trim();
+    const parts = rest.split(',');
+    const lower = parts[0]?.trim();
+    const upper = parts[1]?.trim();
+    let specStr = `>=${lower}`;
+    if (upper && upper.startsWith('<')) specStr += `,${upper}`;
+    return { name: 'starlette', version: lower, specifier: specStr };
+  }
+  if (tildeIdx >= 0) {
+    const ver = spec.slice(tildeIdx + 2).trim();
+    return { name: 'starlette', version: ver, specifier: `~=${ver}` };
+  }
+  if (ltIdx >= 0) {
+    const ver = spec.slice(ltIdx + 1).trim();
+    const name = 'starlette';
+    return { name, version: ver, specifier: `<${ver}` };
+  }
+
+  const rest = spec.slice('starlette'.length).trim();
+  if (!rest) return { name: 'starlette', version: null, specifier: null };
+
+  if (!rest.includes('=') && !rest.includes('<') && !rest.includes('>') && !rest.includes('~') && !rest.includes('!')) {
+    return { name: 'starlette', version: rest, specifier: rest };
+  }
+
+  return null;
+}
+
+export function parseRequirementsTxt(content) {
+  const lines = content.split('\n');
+  for (const line of lines) {
+    const result = parseReqTxtLine(line);
+    if (result) return result;
+  }
+  return null;
+}
+
+function parsePEP440(versionStr) {
+  if (!versionStr) return null;
+  const clean = versionStr.trim().replace(/^v/, '');
+  const parts = clean.split('.');
+  return {
+    major: parseInt(parts[0], 10) || 0,
+    minor: parseInt(parts[1], 10) || 0,
+    patch: parseInt(parts[2], 10) || 0,
+  };
+}
+
+function compareVersions(a, b) {
+  if (!a) return 1;
+  if (!b) return -1;
+  if (a.major !== b.major) return a.major - b.major;
+  if (a.minor !== b.minor) return a.minor - b.minor;
+  return a.patch - b.patch;
+}
+
+const STARLETTE_SAFE = parsePEP440('1.0.1');
+
+function isVulnerable(version) {
+  if (!version) return true;
+  const parsed = parsePEP440(version);
+  if (!parsed) return true;
+  return compareVersions(parsed, STARLETTE_SAFE) < 0;
+}
+
+function findStarletteInTOML(obj) {
+  if (!obj || typeof obj !== 'object') return null;
+
+  const sectionPaths = ['dependencies', 'project.dependencies', 'tool.poetry.dependencies'];
+  for (const path of sectionPaths) {
+    const parts = path.split('.');
+    let ptr = obj;
+    let found = true;
+    for (const p of parts) {
+      if (!ptr || typeof ptr !== 'object') { found = false; break; }
+      ptr = ptr[p];
+    }
+    if (!found || !ptr || typeof ptr !== 'object') continue;
+    for (const [key, val] of Object.entries(ptr)) {
+      if (key === 'starlette' || key === '"starlette"') {
+        const version = typeof val === 'string' ? val : (val?.version || null);
+        const specifier = typeof val === 'string' ? val : null;
+        return { name: 'starlette', version, specifier };
+      }
+    }
+  }
+  return null;
+}
+
+function parseTomlSimple(content) {
+  const result = {};
+  let currentSection = result;
+
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const sectionMatch = trimmed.match(/^\[([^\]]+)\]$/);
+    if (sectionMatch) {
+      const parts = sectionMatch[1].split('.');
+      let ptr = result;
+      for (const p of parts) {
+        const key = p.replace(/^"(.*)"$/, '$1').trim();
+        if (!ptr[key]) ptr[key] = {};
+        ptr = ptr[key];
+      }
+      currentSection = ptr;
+      continue;
+    }
+    const kvMatch = trimmed.match(/^([^=]+)=\s*(.+)$/);
+    if (!kvMatch) continue;
+    const key = kvMatch[1].trim().replace(/^"(.*)"$/, '$1');
+    let val = kvMatch[2].trim();
+    if (val.startsWith('"') && val.endsWith('"')) {
+      val = val.slice(1, -1);
+    } else if (val.startsWith("'") && val.endsWith("'")) {
+      val = val.slice(1, -1);
+    } else if (val.startsWith('^') || val.startsWith('~') || val.startsWith('>') || val.startsWith('<') || val.startsWith('=') || val.startsWith('!')) {
+      val = val.replace(/"/g, '');
+    }
+    currentSection[key] = val;
+  }
+
+  return result;
+}
+
+export function parsePyprojectToml(content) {
+  let obj;
+  try {
+    obj = JSON.parse(content);
+  } catch {
+    obj = parseTomlSimple(content);
+  }
+  return findStarletteInTOML(obj);
+}
+
+function parsePoetryLockEntry(content) {
+  const lines = content.split('\n');
+  let inStarlette = false;
+  let version = null;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith('[[package]]')) {
+      inStarlette = false;
+    }
+    if (trimmed.startsWith('name = "starlette"') || trimmed.startsWith("name = 'starlette'")) {
+      inStarlette = true;
+    }
+    if (inStarlette && trimmed.startsWith('version = ')) {
+      const match = trimmed.match(/version\s*=\s*["'](.+?)["']/);
+      if (match) version = match[1];
+    }
+    if (inStarlette && trimmed.startsWith('[[package]]') && trimmed !== '[[package]]') {
+      break;
+    }
+  }
+  if (version) {
+    return { name: 'starlette', version, specifier: `==${version}` };
+  }
+  return null;
+}
+
+export function parsePoetryLock(content) {
+  return parsePoetryLockEntry(content);
+}
+
+function parsePipfileEntry(content) {
+  try {
+    const obj = JSON.parse(content);
+    const packages = obj?.packages || {};
+    for (const [key, val] of Object.entries(packages)) {
+      if (key === 'starlette' || key === '"starlette"') {
+        const version = typeof val === 'string' ? val : null;
+        return { name: 'starlette', version, specifier: version || null };
+      }
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+export function parsePipfile(content) {
+  return parsePipfileEntry(content);
+}
+
+function parseSetupPyContent(content) {
+  const match = content.match(/install_requires\s*=\s*\[([^\]]+)\]/s);
+  if (!match) return null;
+  const block = match[1];
+  const lines = block.split(',').map(l => l.trim().replace(/["']/g, ''));
+  for (const line of lines) {
+    const clean = line.trim();
+    if (!clean) continue;
+    if (clean.startsWith('starlette')) {
+      const eqIdx = clean.indexOf('==');
+      const geIdx = clean.indexOf('>=');
+      const tildeIdx = clean.indexOf('~=');
+      const ltIdx = clean.indexOf('<');
+      let version = null;
+      let specifier = null;
+      if (eqIdx >= 0) { version = clean.slice(eqIdx + 2).trim(); specifier = `==${version}`; }
+      else if (geIdx >= 0) { version = clean.slice(geIdx + 2).split(',')[0].trim(); specifier = `>=${version}`; }
+      else if (tildeIdx >= 0) { version = clean.slice(tildeIdx + 2).trim(); specifier = `~=${version}`; }
+      else if (ltIdx >= 0) { version = clean.slice(ltIdx + 1).trim(); specifier = `<${version}`; }
+      else if (clean === 'starlette') { return { name: 'starlette', version: null, specifier: null }; }
+      return { name: 'starlette', version, specifier };
+    }
+  }
+  return null;
+}
+
+export function parseSetupPy(content) {
+  return parseSetupPyContent(content);
+}
+
+function parseSetupCfgContent(content) {
+  const lines = content.split('\n');
+  let inInstallRequires = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith('install_requires')) {
+      inInstallRequires = true;
+      continue;
+    }
+    if (inInstallRequires) {
+      if (trimmed.startsWith('[')) break;
+      if (trimmed.startsWith('starlette')) {
+        const eqIdx = trimmed.indexOf('==');
+        const geIdx = trimmed.indexOf('>=');
+        const tildeIdx = trimmed.indexOf('~=');
+        const ltIdx = trimmed.indexOf('<');
+        let version = null;
+        let specifier = null;
+        if (eqIdx >= 0) { version = trimmed.slice(eqIdx + 2).trim(); specifier = `==${version}`; }
+        else if (geIdx >= 0) { version = trimmed.slice(geIdx + 2).split(',')[0].trim(); specifier = `>=${version}`; }
+        else if (tildeIdx >= 0) { version = trimmed.slice(tildeIdx + 2).trim(); specifier = `~=${version}`; }
+        else if (ltIdx >= 0) { version = trimmed.slice(ltIdx + 1).trim(); specifier = `<${version}`; }
+        else if (trimmed === 'starlette') { return { name: 'starlette', version: null, specifier: null }; }
+        if (trimmed.startsWith('starlette')) {
+          return { name: 'starlette', version, specifier };
+        }
+      }
+    }
+  }
+  return null;
+}
+
+export function parseSetupCfg(content) {
+  return parseSetupCfgContent(content);
+}
+
+export function scanFiles(allFiles) {
+  const findings = [];
+
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let result = null;
+
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      result = parseRequirementsTxt(content);
+    } else if (path === 'pyproject.toml') {
+      result = parsePyprojectToml(content);
+    } else if (path === 'poetry.lock') {
+      result = parsePoetryLock(content);
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      result = parsePipfile(content);
+    } else if (path === 'setup.py') {
+      result = parseSetupPy(content);
+    } else if (path === 'setup.cfg') {
+      result = parseSetupCfg(content);
+    }
+
+    if (!result) continue;
+
+    if (result.version === null && result.specifier === null) {
+      findings.push(directDependencyUnpinnedFinding());
+    } else if (isVulnerable(result.version)) {
+      findings.push(directDependencyFinding(result.version, result.specifier || 'unknown'));
+    }
+  }
+
+  return findings;
+}

package/backend/detectors/cve-2026-48710-badhost/transitive.js

@@ -0,0 +1,189 @@
+import { transitiveDependencyFinding } from './findings.js';
+import { parseRequirementsTxt, parsePyprojectToml, parsePoetryLock, parsePipfile, parseSetupPy, parseSetupCfg } from './manifest.js';
+
+const TIER_1_PACKAGES = [
+  'fastapi',
+  'vllm',
+  'litellm',
+  'bentoml',
+  'text-generation-inference',
+  'ray-serve',
+  'ray[serve]',
+];
+
+const TIER_2_PACKAGES = [
+  'langserve',
+  'fastapi-mcp',
+  'mcp',
+  'starlette-admin',
+  'piccolo-api',
+  'fastapi-users',
+  'broadcaster',
+];
+
+function normalizePkgName(name) {
+  return name.replace(/["'\[\]]/g, '').trim().toLowerCase();
+}
+
+function findPackagesInManifests(allFiles) {
+  const packages = new Set();
+
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let deps = [];
+
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      const lines = content.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) continue;
+        const idx = trimmed.indexOf('#');
+        const spec = idx >= 0 ? trimmed.slice(0, idx).trim() : trimmed;
+        const eqIdx = spec.indexOf('==');
+        const geIdx = spec.indexOf('>=');
+        const name = eqIdx >= 0 ? spec.slice(0, eqIdx).trim() : (geIdx >= 0 ? spec.slice(0, geIdx).trim() : spec);
+        if (name && !name.includes('=') && !name.includes('<') && !name.includes('>')) {
+          deps.push(normalizePkgName(name));
+        }
+      }
+    } else if (path === 'pyproject.toml') {
+      try {
+        const obj = JSON.parse(content);
+        const allDeps = { ...(obj?.tool?.poetry?.dependencies || {}), ...(obj?.dependencies || {}), ...(obj?.['dev-dependencies'] || {}) };
+        for (const key of Object.keys(allDeps)) {
+          deps.push(normalizePkgName(key));
+        }
+      } catch {}
+    } else if (path === 'poetry.lock') {
+      const pattern = /name\s*=\s*["']([^"']+)["']/g;
+      let m;
+      while ((m = pattern.exec(content)) !== null) {
+        deps.push(normalizePkgName(m[1]));
+      }
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      try {
+        const obj = JSON.parse(content);
+        for (const key of Object.keys(obj?.packages || {})) {
+          deps.push(normalizePkgName(key));
+        }
+      } catch {}
+    }
+    for (const dep of deps) packages.add(dep);
+  }
+
+  return packages;
+}
+
+function hasStarlettePin(allFiles) {
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+
+    let result = null;
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      result = parseRequirementsTxt(content);
+    } else if (path === 'pyproject.toml') {
+      result = parsePyprojectToml(content);
+    } else if (path === 'poetry.lock') {
+      result = parsePoetryLock(content);
+    } else if (path === 'Pipfile' || path === 'Pipfile.lock') {
+      result = parsePipfile(content);
+    } else if (path === 'setup.py') {
+      result = parseSetupPy(content);
+    } else if (path === 'setup.cfg') {
+      result = parseSetupCfg(content);
+    }
+
+    if (result) {
+      if (result.version === null && result.specifier === null) return false;
+      const parsed = parsePEP440(result.version);
+      const safe = parsePEP440('1.0.1');
+      if (parsed && compareVersions(parsed, safe) >= 0) return true;
+    }
+  }
+
+  return false;
+}
+
+function parsePEP440(versionStr) {
+  if (!versionStr) return null;
+  const clean = versionStr.trim().replace(/^v/, '');
+  const parts = clean.split('.');
+  return {
+    major: parseInt(parts[0], 10) || 0,
+    minor: parseInt(parts[1], 10) || 0,
+    patch: parseInt(parts[2], 10) || 0,
+  };
+}
+
+function compareVersions(a, b) {
+  if (!a) return 1;
+  if (!b) return -1;
+  if (a.major !== b.major) return a.major - b.major;
+  if (a.minor !== b.minor) return a.minor - b.minor;
+  return a.patch - b.patch;
+}
+
+export function scanTransitive(allFiles) {
+  const findings = [];
+
+  if (!allFiles || allFiles.length === 0) return findings;
+
+  const packages = findPackagesInManifests(allFiles);
+
+  if (hasStarlettePin(allFiles)) return findings;
+
+  const handled = new Set();
+
+  for (const pkg of packages) {
+    if (TIER_1_PACKAGES.includes(pkg)) {
+      handled.add(pkg);
+      if (pkg === 'fastapi') {
+        const version = findFastapiVersion(allFiles);
+        if (version) {
+          const parsed = parsePEP440(version);
+          const safeFastapi = parsePEP440('0.116.0');
+          if (parsed && compareVersions(parsed, safeFastapi) >= 0) continue;
+        }
+      }
+      findings.push(transitiveDependencyFinding(pkg, 1));
+      break;
+    }
+  }
+
+  if (findings.length === 0) {
+    for (const pkg of packages) {
+      if (handled.has(pkg)) continue;
+      if (TIER_2_PACKAGES.includes(pkg)) {
+        findings.push(transitiveDependencyFinding(pkg, 2));
+        break;
+      }
+    }
+  }
+
+  return findings;
+}
+
+function findFastapiVersion(allFiles) {
+  for (const file of (allFiles || [])) {
+    const content = typeof file.content === 'string' ? file.content : '';
+    if (!content) continue;
+    const path = file.path || '';
+    if (path === 'requirements.txt' || path.match(/^requirements\/.*\.txt$/)) {
+      const lines = content.split('\n');
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#') || trimmed.startsWith('-')) continue;
+        if (trimmed.startsWith('fastapi')) {
+          const eqIdx = trimmed.indexOf('==');
+          if (eqIdx >= 0) return trimmed.slice(eqIdx + 2).trim();
+        }
+      }
+    }
+  }
+  return null;
+}

package/backend/detectors/index.js

@@ -12,6 +12,7 @@ import * as atk011 from './atk-011-transitive-prop.js';
 import { scanAll as megalodonScan } from './megalodon/index.js';
 import { scan as hfScan } from './hf-impersonation/index.js';
 import { scan as miniShaiHuludScan } from './mini-shai-hulud/index.js';
+import { scan as badhostScan } from './cve-2026-48710-badhost/index.js';
 
 export async function runAll(pkgJson, files = [], registryMeta = null, allFiles = null) {
   const findings = [];
@@ -29,5 +30,6 @@ export async function runAll(pkgJson, files = [], registryMeta = null, allFiles
   findings.push(...await megalodonScan(pkgJson, allFiles || files, registryMeta));
   findings.push(...await hfScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await miniShaiHuludScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await badhostScan(pkgJson, files, registryMeta, allFiles || files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.15.5",
+  "version": "0.15.6",
   "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
   "main": "backend/index.js",
   "bin": {