@lateos/npm-scan 0.15.6 → 0.16.0

package/README.de.md

@@ -228,6 +228,8 @@ npm-scan report --pdf             # alle Scans (Premium)
 | **ATK-010** | Sandbox-Evasion / Anti-Analyse | Verhaltensbasiert | 🟠 mittel | SR-10.3 |
 | **ATK-011** | Transitive Verbreitung (wurmartige laterale Ausbreitung) | Verhaltensbasiert | 🔴 hoch | SR-11.4 |
 | **CVE-2026-48710** | BadHost — Starlette Authentifizierungs-Bypass via Host-Header-Injection (CVE-2026-48710, CVSS 7.0). Python-Abhängigkeitsversionserkennung (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), transitive Heuristik (15 bekannte Downstream-Pakete: fastapi, vllm, litellm, MCP-Server, etc.), statische Code-Pattern-Analyse für gefährliche `request.url.path`-Nutzung in Auth/Middleware-Kontexten mit `request.scope["path"]`-Unterdrückung | Statisch + Registry | 🔴 hoch / 🟠 mittel / ℹ️ info | SR-3.1, SR-5.3 |
+| **TRAPDOOR** | TrapDoor plattformübergreifende Angriffskampagne — Kampagnenmarker P-2024-001, trap-core.js-Payload-Fingerprint, Publisher-Blocklist asdxzxc, Gist-basierter Credential-Exfil, KI-Kontextvergiftung (Zero-Width-Unicode), Crypto/DeFi-Locknamen, Fernet+ECDH-Verschlüsselung, XOR-Key cargo-build-helper-2026, STS/GitHub-API-Validierung | Statisch + Registry | 🟠 mittel / 🔴 hoch / ⚫ kritisch | SR-3.1, SR-5.3, SR-7.5 |
+| **NODE_IPC_COMPROMISE** | node-ipc Supply-Chain-Kompromittierung (14. Mai 2026) — Versions-Blocklist (9.1.6/9.2.3/12.0.1) mit sicheren Pins, Tarball-SHA-256-Verifikation, CJS-Payload-IIFE-Injektion, DNS-over-nicht-Standard-Port-C2, Bootstrap-Resolver sh.azurestaticprovider.net, DNS-TXT-Exfiltrationszone bt.node.js, setImmediate()-Laufzeitauslöser, ~/nt-*/ Staging-Artefakte, unbefugter Publisher atiertant, Lockfile-Blastradius | Statisch + Registry | ⚫ kritisch | SR-3.1, SR-5.3, SR-7.5 |
 
 > **Wie ausweichende Angriffe erkannt werden:** ATK-009 erkennt Pakete, die `process.env.CI` prüfen, Hostnamen sondieren oder zeitbasierte Aktivierung verwenden. ATK-010 markiert `debugger`-Anweisungen, `os.hostname()`-Sonden und Umgebungs-Fingerprinting. ATK-011 verfolgt Peer-Abhängigkeitsgraphen, um wurmartige Verbreitungsmuster zu erkennen.  
 > Vollständige Dokumentation der Ausweichfläche und PoC-Beispiele finden Sie in [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md).
@@ -549,7 +551,7 @@ Siehe den obigen [Docker-Schnellstart-Abschnitt](#-lateosnpm-scan-überall-mit-d
 
 ### Kostenlose Stufe (ausgeliefert)
 
-- Alle 11 ATK-Detektoren (statisch + verhaltensbasiert) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
+- Alle 11 ATK-Detektoren (statisch + verhaltensbasiert) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)** + **TRAPDOOR** (9 Regeln) + **NODE_IPC_COMPROMISE** (11 Regeln)
 - SBOM-Ausgabe (CycloneDX + SPDX)
 - HTML-, Text- und Compliance-Berichte (NIST + EU CRA)
 - Policy-as-Code-Engine (YAML)
@@ -616,6 +618,8 @@ node --test test/detectors-corpus.test.js
 - `test/cve-2026-48710-badhost/transitive.test.js` — 7 transitive Abhängigkeitstests (Tier 1/2, fastapi-Version-Gating, Pin-Unterdrückung)
 - `test/cve-2026-48710-badhost/codePattern.test.js` — 6 statische Code-Pattern-Tests (Auth-Kontext, INFO-Durchgriff, Scope-Unterdrückung)
 - `test/cve-2026-48710-badhost/integration.test.js` — 4 Integrationstests (End-to-End-Composite-Findings, sauberes Projekt, keine Python-Dateien)
+- `test/trapdoor.test.js` — 40 TrapDoor-Kampagnenerkennungstests (D1–D9: Kampagnenmarker, Payload-Fingerprint, Publisher-Blocklist, Gist-Exfil, KI-Vergiftung, Lockname, Krypto-Primitive, XOR-Key, Credential-Validierung)
+- `test/node-ipc.test.js` — 37 node-ipc-Kompromittierungstests (D1–D11: Versions-Blocklist, Tarball-Hash, CJS-Injektion, Payload-Hash, DNS-C2-Muster, Bootstrap-Resolver, DNS-TXT-Exfil, Laufzeitauslöser, Temp-Artefakte, unbefugter Publisher, Blastradius)
 - `test/cli.test.js` — Commander-Integrationstests (Hilfe, Version, Scan, Bericht, Fehlerbehandlung)
 
 ### Hilfe benötigt?

package/README.fr.md

@@ -228,6 +228,8 @@ npm-scan report --pdf             # tous les scans (premium)
 | **ATK-010** | Contournement de sandbox / anti-analyse | Comportementale | 🟠 moyenne | SR-10.3 |
 | **ATK-011** | Propagation transitive (dissémination latérale de type ver) | Comportementale | 🔴 élevée | SR-11.4 |
 | **CVE-2026-48710** | BadHost — contournement d'authentification Starlette par injection d'en-tête Host (CVE-2026-48710, CVSS 7.0). Détection de version de dépendance Python (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), heuristique transitive (15 paquets aval connus : fastapi, vllm, litellm, serveurs MCP, etc.), analyse statique de code pour `request.url.path` dangereux en contexte auth/middleware avec suppression par `request.scope["path"]` | Statique + Registre | 🔴 élevée / 🟠 moyenne / ℹ️ info | SR-3.1, SR-5.3 |
+| **TRAPDOOR** | Campagne d'attaque multi-écosystème TrapDoor — marqueur de campagne P-2024-001, empreinte de charge utile trap-core.js, liste noire d'éditeur asdxzxc, exfiltration d'identifiants via Gist, empoisonnement de contexte IA (Unicode largeur nulle), noms leurres crypto/DeFi, chiffrement Fernet+ECDH, clé XOR cargo-build-helper-2026, validation d'identifiants STS/API GitHub | Statique + Registre | 🟠 moyenne / 🔴 élevée / ⚫ critique | SR-3.1, SR-5.3, SR-7.5 |
+| **NODE_IPC_COMPROMISE** | Compromission de la chaîne d'approvisionnement node-ipc (14 mai 2026) — liste noire de versions (9.1.6/9.2.3/12.0.1) avec épingle de sécurité, vérification SHA-256 du tarball, injection IIFE de charge utile CJS, DNS sur port non standard, résolveur d'amorçage sh.azurestaticprovider.net, zone d'exfiltration DNS TXT bt.node.js, déclencheur d'exécution setImmediate(), artefacts de staging ~/nt-*/, éditeur non autorisé atiertant, détection du rayon d'impact dans les lockfiles avec recommandations d'épingle | Statique + Registre | ⚫ critique | SR-3.1, SR-5.3, SR-7.5 |
 
 > **Comment les attaques furtives sont détectées :** ATK-009 détecte les paquets qui vérifient `process.env.CI`, sondent les noms d'hôte ou utilisent une activation temporelle. ATK-009 signale les instructions `debugger`, les sondes `os.hostname()` et l'empreinte environnementale. ATK-011 trace les graphes de dépendances peer pour détecter les schémas de propagation de type ver.  
 > Voir [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md) pour la documentation complète de la surface d'évasion et des exemples de PoC.
@@ -549,7 +551,7 @@ Voir la [section Démarrage rapide Docker](#-exécutez-lateosnpm-scan-partout-av
 
 ### Niveau gratuit (livré)
 
-- Les 11 détecteurs ATK (statique + comportemental) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
+- Les 11 détecteurs ATK (statique + comportemental) + **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)** + **TRAPDOOR** (9 règles) + **NODE_IPC_COMPROMISE** (11 règles)
 - Sortie SBOM (CycloneDX + SPDX)
 - Rapports HTML, texte et conformité (NIST + EU CRA)
 - Moteur de politique en tant que code (YAML)
@@ -616,6 +618,8 @@ node --test test/detectors-corpus.test.js
 - `test/cve-2026-48710-badhost/transitive.test.js` — 7 tests de dépendances transitives (Tier 1/2, contrôle de version fastapi, suppression par épinglage)
 - `test/cve-2026-48710-badhost/codePattern.test.js` — 6 tests de motifs de code statiques (contexte auth, passage INFO, suppression scope)
 - `test/cve-2026-48710-badhost/integration.test.js` — 4 tests d'intégration (résultats composites de bout en bout, projet propre, pas de fichiers Python)
+- `test/trapdoor.test.js` — 40 tests de détection de la campagne TrapDoor (D1–D9 : marqueur de campagne, empreinte de charge utile, liste noire d'éditeur, exfiltration Gist, empoisonnement IA, nom leurre, primitives cryptographiques, clé XOR, validation d'identifiants)
+- `test/node-ipc.test.js` — 37 tests de détection de compromission node-ipc (D1–D11 : liste noire de versions, hachage tarball, injection CJS, hachage de charge utile, motif DNS C2, résolveur d'amorçage, exfiltration DNS TXT, déclencheur d'exécution, artefacts temporaires, éditeur non autorisé, rayon d'impact)
 - `test/cli.test.js` — tests d'intégration commander (aide, version, scan, rapport, gestion d'erreurs)
 
 ### Besoin d'aide ?

package/README.ja.md

@@ -224,6 +224,8 @@ npm-scan report --pdf             # すべてのスキャン（プレミアム
 | **ATK-010** | サンドボックス回避／アンチ解析 | 行動 | 🟠 中 | SR-10.3 |
 | **ATK-011** | 推移的伝播（ワーム型横方向拡散） | 行動 | 🔴 高 | SR-11.4 |
 | **CVE-2026-48710** | BadHost — Starlette Host ヘッダーインジェクション認証バイパス (CVE-2026-48710, CVSS 7.0)。Python 依存関係バージョン検出 (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg)、推移的ヒューリスティック (15 の既知ダウンストリームパッケージ：fastapi, vllm, litellm, MCP サーバー等)、auth/middleware コンテキストでの危険な `request.url.path` 使用の静的コードパターンスキャン、`request.scope["path"]` による抑制対応 | 静的 + レジストリ | 🔴 高 / 🟠 中 / ℹ️ 情報 | SR-3.1, SR-5.3 |
+| **TRAPDOOR** | TrapDoor クロスエコシステム攻撃キャンペーン — キャンペーンマーカー P-2024-001、trap-core.js ペイロードフィンガープリント、パブリッシャーブロックリスト asdxzxc、Gist ベースの認証情報流出、AI コンテキストポイズニング（ゼロ幅 Unicode）、暗号資産/DeFi ルアー名、Fernet+ECDH 暗号化、XOR キー cargo-build-helper-2026、STS/GitHub API 認証情報検証 | 静的 + レジストリ | 🟠 中 / 🔴 高 / ⚫ クリティカル | SR-3.1, SR-5.3, SR-7.5 |
+| **NODE_IPC_COMPROMISE** | node-ipc サプライチェーン侵害（2026年5月14日）— バージョンブロックリスト (9.1.6/9.2.3/12.0.1) と安全な固定、tarball SHA-256 検証、CJS ペイロード IIFE インジェクション、非標準ポート DNS C2 パターン、ブートストラップリゾルバー sh.azurestaticprovider.net、DNS TXT 流出ゾーン bt.node.js、setImmediate() ランタイムトリガー、~/nt-*/ ステージングアーティファクト、未承認パブリッシャー atiertant、ロックファイル影響範囲検出と安全な固定推奨 | 静的 + レジストリ | ⚫ クリティカル | SR-3.1, SR-5.3, SR-7.5 |
 
 > **回避型攻撃の捕捉方法：** ATK-009は`process.env.CI`をチェックする、ホスト名をプローブする、または時間ベースのアクティベーションを使用するパッケージを検出します。ATK-010は`debugger`文、`os.hostname()`プローブ、環境フィンガープリンティングをフラグ付けします。ATK-011はピア依存関係グラフをトレースしてワーム型伝播パターンを検出します。  
 > 完全な回避面のドキュメントとPoC例については、[`docs/attack-taxonomy.md`](docs/attack-taxonomy.md)を参照してください。
@@ -545,7 +547,7 @@ npm-scan report --html > report.html
 
 ### 無料版（出荷済み）
 
-- 全11ATK検出器（静的＋行動）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
+- 全11ATK検出器（静的＋行動）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)** + **TRAPDOOR**（9ルール）+ **NODE_IPC_COMPROMISE**（11ルール）
 - SBOM出力（CycloneDX + SPDX）
 - HTML、テキスト、コンプライアンスレポート（NIST + EU CRA）
 - ポリシー・アズ・コードエンジン（YAML）
@@ -612,6 +614,8 @@ node --test test/detectors-corpus.test.js
 - `test/cve-2026-48710-badhost/transitive.test.js` — 7の推移的依存関係テスト（Tier 1/2, fastapiバージョンゲーティング, 固定抑制）
 - `test/cve-2026-48710-badhost/codePattern.test.js` — 6の静的コードパターンテスト（authコンテキスト, INFOフォールスルー, scope抑制）
 - `test/cve-2026-48710-badhost/integration.test.js` — 4の統合テスト（エンドツーエンド複合発見項目, クリーンプロジェクト, Pythonファイルなし）
+- `test/trapdoor.test.js` — 40のTrapDoorキャンペーン検出テスト（D1–D9：キャンペーンマーカー、ペイロードフィンガープリント、パブリッシャーブロックリスト、Gist流出、AIポイズニング、ルアー名、暗号プリミティブ、XORキー、認証情報検証）
+- `test/node-ipc.test.js` — 37のnode-ipc侵害検出テスト（D1–D11：バージョンブロックリスト、tarballハッシュ、CJSインジェクション、ペイロードハッシュ、DNS C2パターン、ブートストラップリゾルバー、DNS TXT流出、ランタイムトリガー、一時アーティファクト、未承認パブリッシャー、影響範囲）
 - `test/cli.test.js` — commander統合テスト（ヘルプ、バージョン、スキャン、レポート、エラーハンドリング）
 
 ### ヘルプが必要ですか？

package/README.md

@@ -3,7 +3,7 @@
 [![npm version](https://img.shields.io/npm/v/@lateos/npm-scan?style=flat-square)](https://www.npmjs.com/package/@lateos/npm-scan)
 [![License](https://img.shields.io/badge/license-Apache%202.0%20%2B%20Commons%20Clause-blue?style=flat-square)](LICENSING.md)
 [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen?style=flat-square)](package.json)
-[![Tests](https://img.shields.io/badge/tests-459%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
+[![Tests](https://img.shields.io/badge/tests-536%20passing-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Coverage](https://img.shields.io/badge/coverage-90%25-brightgreen?style=flat-square)](https://github.com/lateos-ai/npm-scan)
 [![Docker](https://img.shields.io/badge/docker-lateos%2Fnpm--scan-2496ED?style=flat-square&logo=docker)](https://hub.docker.com/r/lateos/npm-scan)
 [![Sigstore](https://img.shields.io/static/v1?label=Sigstore&message=Provenance&color=green&style=flat-square&logo=sigstore)](https://github.com/lateos-ai/npm-scan/actions/workflows/publish.yml)
@@ -28,6 +28,10 @@ A growing attack vector is **HuggingFace org impersonation** — packages that m
 
 The **Megalodon campaign** (2026) alone compromised 5,500+ repositories via fake GitHub PRs, malicious workflow injection, and cloud credential exfiltration — all coordinated through a single actor automating the entire kill chain. **@lateos/npm-scan** now detects artifacts of this campaign out of the box.
 
+The **TrapDoor campaign** (May 2026) spans npm, PyPI, and Crates.io — 34 malicious packages, 384+ versions attributed to a single publisher, targeting crypto, DeFi, Solana, and AI developers with Fernet + ECDH encrypted payloads, AI context poisoning via zero-width Unicode injection in `.cursorrules`/`CLAUDE.md`, and credential live-validation against AWS STS and GitHub API before exfiltration. **@lateos/npm-scan** now detects all 9 TrapDoor signals.
+
+The **node-ipc compromise** (May 14, 2026) weaponized an expired maintainer email domain to hijack one of npm's most depended-upon packages (822K weekly downloads). Three malicious versions (9.1.6, 9.2.3, 12.0.1) delivered an 80KB credential stealer via DNS TXT tunneling — no HTTP, no postinstall hook, invisible to HTTP-layer firewalls. **@lateos/npm-scan** now detects all 11 node-ipc compromise signals.
+
 Critical infrastructure vulnerabilities in the Python ecosystem are also in scope. The **BadHost (CVE-2026-48710)** vulnerability in Starlette < 1.0.1 enables authentication bypass via unvalidated HTTP Host header injection, affecting FastAPI, vLLM, LiteLLM, MCP servers, and any project using Starlette transitively — now detected across Python manifests, transitive dependency chains, and source code patterns in a single scan.
 
 **npm audit** checks known CVEs. **Snyk** scans for vulnerabilities. **Socket** looks at package behavior. None of them were designed for the generation of attacks that emerged in 2025 — attacks that look benign until they reach production.
@@ -53,6 +57,8 @@ Critical infrastructure vulnerabilities in the Python ecosystem are also in scop
 | HF model repo impersonation + README clone | ❌ | ❌ | ❌ | ✅ |
 | VS Code extension supply chain scan (--vsix) | ❌ | ❌ | ❌ | ✅ |
 | Python vulnerability detection (CVE-2026-48710 BadHost) | ❌ | ❌ | ❌ | ✅ |
+| Cross-ecosystem attack detection (TrapDoor) | ❌ | ❌ | ❌ | ✅ |
+| Expired-domain hijack detection (node-ipc) | ❌ | ❌ | ❌ | ✅ |
 | Attack taxonomy (ATK series) | ❌ | ❌ | ❌ | ✅ |
 | SBOM output (CycloneDX + SPDX) | ❌ | ✅ | ❌ | ✅ |
 | SARIF v2.1 (GitHub Code Scanning) | ❌ | ❌ | ❌ | ✅ |
@@ -76,6 +82,8 @@ Critical infrastructure vulnerabilities in the Python ecosystem are also in scop
 | 🪱 | **Worm campaign detection** | Mini Shai-Hulud — 6 sub-checks detecting burst publish, sibling compromise, SLSA attestation mismatch, publisher drift, IOC match, and token exfil across 3 waves (TanStack, AntV/atool, Nx Console) |
 | 🧩 | **VSIX extension scanning** | `npm-scan scan --vsix nrwl.angular-console` — detects VS Code Marketplace supply chain attacks: burst publish, publisher anomaly, activation event risk, orphan commit fetch, known IOC, and exfil patterns (Nx Console 18.95.0 CVE-2026-48027) |
 | 🐍 | **Python vulnerability detection** | CVE-2026-48710 (BadHost) — Starlette Host header injection across 6 Python manifest formats, 15 transitive downstream packages (fastapi, vllm, litellm, MCP), and static `request.url.path` code pattern analysis with `scope["path"]` suppression |
+| 🪤 | **Cross-ecosystem attack detection** | TrapDoor — 9 sub-checks: campaign marker P-2024-001, trap-core.js payload fingerprint, publisher blocklist asdxzxc, Gist-based credential exfil, AI config zero-width Unicode poisoning, crypto/DeFi lure name heuristic, Fernet+ECDH encryption, XOR key cargo-build-helper-2026, STS/GitHub API credential validation |
+| 📡 | **Expired-domain hijack detection** | node-ipc compromise — version blocklist (9.1.6/9.2.3/12.0.1), tarball SHA-256 verification, CJS vs ESM size anomaly with IIFE injection, DNS-over-non-standard-port C2, bootstrap resolver sh.azurestaticprovider.net, DNS TXT exfil zone bt.node.js, setImmediate() runtime trigger, ~/nt-*/ staging artifacts, unauthorized publisher atiertant, lockfile blast-radius with safe pin recommendations |
 | 📦 | **SBOM generation** | CycloneDX 1.5 and SPDX 2.3 with findings embedded as vulnerabilities |
 | 🔍 | **SARIF output** | GitHub Advanced Security / CodeQL compatible SARIF v2.1 — shows findings directly in Security tab |
 | 🧾 | **Compliance reporting** | NIST SP 800-161 traceability matrix + EU Cyber Resilience Act mapping (free tier) |
@@ -286,6 +294,8 @@ npm-scan report --pdf             # all scans (premium)
 | **MINI_SHAI_HULUD** | Mini Shai-Hulud worm campaign — burst publish velocity (≥3 versions/30 min), co-temporal sibling compromise, SLSA attestation mismatch (sub-60s gap, first-ever, builder mismatch), publisher drift (<10 min account change), IOC match (scope/sha512/publisher from seed file), token exfil (NPM_TOKEN/.npmrc/atob patterns), Nx Console downstream detection | Static + Registry | 🔴 high / ⚫ critical | SR-3.1, SR-7.5 |
 | **VSIX_SCAN** | VS Code extension supply chain scan — burst publish (≥2 versions/30 min, hot-pull <20 min), publisher anomaly (account substitution, new-account on high-install ext, 15-min add+publish), activation event risk (onStartupFinished→HIGH, *→CRITICAL, escalation on shell keywords), orphan commit fetch (GitHub API SHA refs, npx git URL, MCP-disguised exfil, Bun install), known IOC (extensionId/publisherAccount/commit hash from seed), exfil patterns (cred paths, DNS tunneling, AES+RSA, anti-analysis, Bun APIs) | Static + Registry | 🟠 medium / 🔴 high / ⚫ critical | SR-3.1, SR-5.3 |
 | **CVE-2026-48710** | BadHost — Starlette authentication bypass via Host header injection (CVE-2026-48710, CVSS 7.0). Python dependency version detection (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg), transitive heuristic (15 known downstream packages: fastapi, vllm, litellm, MCP servers, etc.), static code pattern scan for dangerous `request.url.path` usage in auth/middleware context with `request.scope["path"]` suppression | Static + Registry | 🔴 high / 🟠 medium / ℹ️ info | SR-3.1, SR-5.3 |
+| **TRAPDOOR** | TrapDoor cross-ecosystem attack — campaign marker P-2024-001 in files, shared payload trap-core.js filename/48,485-byte fingerprint, publisher blocklist asdxzxc, Gist-based credential exfil (ddjidd564.github.io + credential paths), AI context poisoning via zero-width Unicode in .cursorrules/CLAUDE.md, crypto/DeFi lure name heuristic (<30 days), Fernet+ECDH crypto primitives in postinstall, XOR key cargo-build-helper-2026 in lockfiles, STS/GitHub API credential validation in postinstall | Static + Registry | 🟠 medium / 🔴 high / ⚫ critical | SR-3.1, SR-5.3, SR-7.5 |
+| **NODE_IPC_COMPROMISE** | node-ipc supply chain compromise (May 14, 2026) — version blocklist (9.1.6/9.2.3/12.0.1) with safe pins, tarball SHA-256 verification, CJS payload IIFE injection detection (CJS>ESM size differential), injected payload hash match, DNS-over-non-standard-port C2 (setServers + custom resolver), bootstrap resolver sh.azurestaticprovider.net + C2 IP 37.16.75.69, DNS TXT exfiltration zone bt.node.js, setImmediate() runtime trigger, ~/nt-*/ staging artifact detection, unauthorized publisher atiertant, lockfile blast-radius detection with pin recommendations | Static + Registry | ⚫ critical | SR-3.1, SR-5.3, SR-7.5 |
 
 > **How evasive attacks are caught:** ATK-009 detects packages that check `process.env.CI`, probe hostnames, or use time-based activation. ATK-010 flags `debugger` statements, `os.hostname()` probes, and env fingerprinting. ATK-011 traces peer dependency graphs to detect worm-like propagation patterns.  
 > **MEGALODON** campaign detection analyzes bundled `.github/workflows/` files for C2 co-occurrence and base64 decode chains, scans tarball files for credential + outbound network patterns, detects version publish velocity spikes via npm registry metadata, and identifies publisher account drift — all without any network calls beyond the initial package fetch.  
@@ -293,6 +303,8 @@ npm-scan report --pdf             # all scans (premium)
 > **MINI_SHAI_HULUD** worm campaign detection uses a lazy two-stage evaluation: Stage 1 runs burst velocity, publisher drift, IOC, and token exfil checks (in-memory, no network). If burst triggers, Stage 2 queries npm attestation endpoints for SLSA anomalies and fetches sibling package registry metadata for co-temporal burst detection. Composite finding includes wave attribution (wave1-tanstack, wave2-antv, wave3-nx-console) and critical severity when SLSA or IOC match. NX_CONSOLE_DOWNSTREAM (D7) flags npm packages with `@nx/*` dependencies and checks for `nrwl.angular-console` in `.vscode/extensions.json`.  
 > **VSIX_SCAN** extension scanning wraps both VS Code Marketplace and Open VSX registries with rate-limited (10 req/min), cached (5 min TTL) API clients. All 6 detectors run asynchronously and aggregate into a single composite `VSIX_SCAN` finding. Zero extension code is executed — all analysis is static regex/text-pattern matching. No Bun installation required for Bun pattern detection.  
 > **CVE-2026-48710 (BadHost)** detection uses three independent layers: Layer 1 parses 6 Python manifest formats (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py, setup.cfg) with PEP 440 semver-aware version comparison. Layer 2 scans for 15 known Starlette-downstream packages with Tier 1 (HIGH confidence) and Tier 2 (MEDIUM confidence) transitive heuristics, suppressed by explicit `starlette >= 1.0.1` pin. Layer 3 performs function-boundary static analysis on `.py` files for `request.url.path` usage, escalating to MEDIUM severity in auth/middleware contexts and suppressing when `request.scope["path"]` is used in the same function.  
+> **TRAPDOOR** campaign detection runs 9 sub-detectors across all package files (README.md, package.json, .md, shell scripts, .cursorrules, CLAUDE.md) for the hardcoded marker P-2024-001, scans for trap-core.js by filename or exact 48,485-byte size, unconditionally blocks publisher asdxzxc, detects outbound references to ddjidd564.github.io or gist.github.com combined with credential-path patterns, scans .cursorrules and CLAUDE.md for zero-width Unicode characters (U+200B, U+200C, U+200D, U+FEFF), flags crypto/DeFi-themed packages <30 days old with no prior version history, detects simultaneous Fernet and ECDH/createECDH usage in postinstall JS, and identifies sts.amazonaws.com and api.github.com/user calls in postinstall hooks.  
+> **NODE_IPC_COMPROMISE** detection intercepts the expired-domain takeover attack across 11 dimensions: version blocklist with safe-pin recommendations (9.1.5 for 9.x, 12.0.0 for 12.x), tarball SHA-256 hash verification against known malicious hashes, CJS vs ESM size comparison with IIFE suffix pattern detection for injected payload identification, DNS resolver pattern analysis (dns.promises.Resolver + setServers with non-public IP + resolveTxt), bootstrap domain and C2 IP detection, resolveTxt() with bt.node.js zone references, setImmediate() runtime trigger detection, ~/nt-*/ staging artifact path identification, publisher account verification against unauthorized account atiertant, and lockfile scanning for compromised version resolution with safe-pin suggestions.  
 > See [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md) for full evasion surface documentation and PoC examples.
 
 ---
@@ -377,6 +389,8 @@ Campaign detectors use seed IOC files for known-malicious fingerprints:
 | IOC File | Detector | Types |
 |----------|----------|-------|
 | `backend/detectors/mini-shai-hulud/iocs.json` | Mini Shai-Hulud (Waves 1–3) | `packageScope`, `publisherAccount`, `sha512`, `extensionId` |
+| `backend/detectors/trapdoor/iocs.json` | TrapDoor | `publisherAccount`, `campaignMarker`, `payloadFilename`, `payloadSize`, `xorKey`, `c2Domain`, `gistDomain` |
+| `backend/detectors/node-ipc-compromise/iocs.json` | node-ipc compromise | `publisherAccount`, `c2Domain`, `c2IP`, `exfilZone`, `payloadHash` |
 | `backend/vsix-scan/vsix-iocs.json` | VSIX extension scan | `extensionId`, `publisherAccount`, `orphanCommitHash` |
 
 IOC files follow a unified schema (`iocs: [{ type, value, ... }]`) and are loaded at module init. Update them from your threat intel feed to extend detection coverage without code changes.
@@ -651,7 +665,7 @@ See the [Docker quick-start section](#-run-lateosnpm-scan-anywhere-with-docker--
 
 ### Free tier (shipped)
 
-- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6) + **HF_IMPERSONATION** detector + **MINI_SHAI_HULUD** worm campaign (D1–D7, 3 waves) + **VSIX_SCAN** extension supply chain scan (6 detectors) + **CVE-2026-48710 (BadHost)** Python vulnerability detection (3 layers)
+- All 11 ATK detectors + **MEGALODON** CI/CD campaign detection (D1–D6) + **HF_IMPERSONATION** detector + **MINI_SHAI_HULUD** worm campaign (D1–D7, 3 waves) + **VSIX_SCAN** extension supply chain scan (6 detectors) + **CVE-2026-48710 (BadHost)** Python vulnerability detection (3 layers) + **TRAPDOOR** cross-ecosystem attack detection (9 rules) + **NODE_IPC_COMPROMISE** expired-domain hijack detection (11 rules)
 - SBOM output (CycloneDX + SPDX)
 - HTML, text, and compliance reports (NIST + EU CRA)
 - Policy-as-code engine (YAML)
@@ -734,6 +748,8 @@ node --test test/detectors-corpus.test.js
 - `test/cve-2026-48710-badhost/transitive.test.js` — 7 transitive dependency tests (Tier 1/2, fastapi version gating, pin suppression)
 - `test/cve-2026-48710-badhost/codePattern.test.js` — 6 static code pattern tests (auth context, INFO fallthrough, scope suppression)
 - `test/cve-2026-48710-badhost/integration.test.js` — 4 integration tests (end-to-end composite findings, clean project, no Python files)
+- `test/trapdoor.test.js` — 40 TrapDoor campaign detection tests (D1–D9: campaign marker, payload fingerprint, publisher blocklist, Gist exfil, AI poisoning, lure name, crypto primitives, XOR key, credential validation)
+- `test/node-ipc.test.js` — 37 node-ipc compromise detection tests (D1–D11: version blocklist, tarball hash, CJS injection, payload hash, DNS C2 pattern, bootstrap resolver, DNS TXT exfil, runtime trigger, temp artifact, unauthorized publisher, blast radius)
 - `test/cli.test.js` — commander integration tests (help, version, scan, report, error handling)
 - `test/cli-lockfile.test.js` — scan-lockfile CLI options, yarn/pnpm/monorepo/watch tests
 

package/README.zh.md

@@ -228,6 +228,8 @@ npm-scan report --pdf             # 所有扫描（高级版）
 | **ATK-010** | 沙箱逃逸 / 反分析 | 行为 | 🟠 中 | SR-10.3 |
 | **ATK-011** | 传递性传播（蠕虫式横向扩散） | 行为 | 🔴 高 | SR-11.4 |
 | **CVE-2026-48710** | BadHost — Starlette Host 头注入认证绕过 (CVE-2026-48710, CVSS 7.0)。Python 依赖版本检测 (requirements.txt, pyproject.toml, poetry.lock, Pipfile, setup.py/cfg)，传递性启发式检测 (15 个已知下游包：fastapi, vllm, litellm, MCP 服务器等)，auth/middleware 上下文中危险 `request.url.path` 使用的静态代码模式扫描，支持 `request.scope["path"]` 抑制 | 静态 + 注册表 | 🔴 高 / 🟠 中 / ℹ️ 信息 | SR-3.1, SR-5.3 |
+| **TRAPDOOR** | TrapDoor 跨生态系统攻击活动 — 活动标记 P-2024-001，trap-core.js 载荷指纹，发布者黑名单 asdxzxc，基于 Gist 的凭证窃取，AI 上下文注入（零宽 Unicode），加密/DeFi 诱饵名称，Fernet+ECDH 加密，XOR 密钥 cargo-build-helper-2026，STS/GitHub API 凭证验证 | 静态 + 注册表 | 🟠 中 / 🔴 高 / ⚫ 严重 | SR-3.1, SR-5.3, SR-7.5 |
+| **NODE_IPC_COMPROMISE** | node-ipc 供应链入侵（2026年5月14日）— 版本黑名单 (9.1.6/9.2.3/12.0.1) 及安全锁定，tarball SHA-256 验证，CJS 载荷 IIFE 注入检测，DNS 非标准端口 C2 模式，引导解析器 sh.azurestaticprovider.net，DNS TXT 外泄区域 bt.node.js，setImmediate() 运行时触发，~/nt-*/ 临时制品检测，未授权发布者 atiertant，锁定文件影响范围检测并推荐安全固定版本 | 静态 + 注册表 | ⚫ 严重 | SR-3.1, SR-5.3, SR-7.5 |
 
 > **如何捕获逃避式攻击：** ATK-009 检测检查 `process.env.CI`、探测主机名或使用时间激活的包。ATK-010 标记 `debugger` 语句、`os.hostname()` 探测和环境指纹采集。ATK-011 追踪同级依赖图以检测蠕虫式传播模式。  
 > 完整逃避面文档和 PoC 示例请参阅 [`docs/attack-taxonomy.md`](docs/attack-taxonomy.md)。
@@ -549,7 +551,7 @@ npm-scan report --html > report.html
 
 ### 免费版（已发布）
 
-- 全部 11 个 ATK 检测器（静态 + 行为）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)**
+- 全部 11 个 ATK 检测器（静态 + 行为）+ **MEGALODON** + **HF_IMPERSONATION** + **MINI_SHAI_HULUD** + **VSIX_SCAN** + **CVE-2026-48710 (BadHost)** + **TRAPDOOR**（9 条规则）+ **NODE_IPC_COMPROMISE**（11 条规则）
 - SBOM 输出（CycloneDX + SPDX）
 - HTML、文本和合规报告（NIST + EU CRA）
 - 策略即代码引擎（YAML）
@@ -616,6 +618,8 @@ node --test test/detectors-corpus.test.js
 - `test/cve-2026-48710-badhost/transitive.test.js` — 7 个传递性依赖测试（Tier 1/2, fastapi 版本门控, 固定版本抑制）
 - `test/cve-2026-48710-badhost/codePattern.test.js` — 6 个静态代码模式测试（auth 上下文, INFO 穿透, scope 抑制）
 - `test/cve-2026-48710-badhost/integration.test.js` — 4 个集成测试（端到端复合发现项, 清洁项目, 无 Python 文件）
+- `test/trapdoor.test.js` — 40 个 TrapDoor 活动检测测试（D1–D9：活动标记、载荷指纹、发布者黑名单、Gist 外泄、AI 注入、诱饵名称、加密原语、XOR 密钥、凭证验证）
+- `test/node-ipc.test.js` — 37 个 node-ipc 入侵检测测试（D1–D11：版本黑名单、tarball 哈希、CJS 注入、载荷哈希、DNS C2 模式、引导解析器、DNS TXT 外泄、运行时触发、临时制品、未授权发布者、影响范围）
 - `test/cli.test.js` — commander 集成测试（帮助、版本、扫描、报告、错误处理）
 
 ### 需要帮助？

package/backend/detectors/index.js

@@ -13,6 +13,8 @@ import { scanAll as megalodonScan } from './megalodon/index.js';
 import { scan as hfScan } from './hf-impersonation/index.js';
 import { scan as miniShaiHuludScan } from './mini-shai-hulud/index.js';
 import { scan as badhostScan } from './cve-2026-48710-badhost/index.js';
+import { scan as trapdoorScan } from './trapdoor/index.js';
+import { scan as nodeIpcScan } from './node-ipc-compromise/index.js';
 
 export async function runAll(pkgJson, files = [], registryMeta = null, allFiles = null) {
   const findings = [];
@@ -31,5 +33,7 @@ export async function runAll(pkgJson, files = [], registryMeta = null, allFiles
   findings.push(...await hfScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await miniShaiHuludScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await badhostScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await trapdoorScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await nodeIpcScan(pkgJson, files, registryMeta, allFiles || files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/backend/detectors/node-ipc-compromise/d1-version-blocklist.js

@@ -0,0 +1,24 @@
+const BLOCKED_VERSIONS = new Set(['9.1.6', '9.2.3', '12.0.1']);
+
+const SAFE_PINS = {
+  '9.1.6': '9.1.5',
+  '9.2.3': '9.1.5',
+  '12.0.1': '12.0.0',
+};
+
+export function scanVersionBlocklist(pkgJson, registryMeta) {
+  const pkgName = pkgJson?.name || '';
+  if (pkgName !== 'node-ipc') return { triggered: false };
+
+  const version = pkgJson?.version || '';
+  if (BLOCKED_VERSIONS.has(version)) {
+    return {
+      triggered: true,
+      version,
+      safePin: SAFE_PINS[version],
+      maliciousVersions: ['9.1.6', '9.2.3', '12.0.1'],
+    };
+  }
+
+  return { triggered: false, version };
+}

package/backend/detectors/node-ipc-compromise/d10-unauthorized-publisher.js

@@ -0,0 +1,19 @@
+export function scanUnauthorizedPublisher(pkgJson, registryMeta) {
+  const pkgName = pkgJson?.name || '';
+  if (pkgName !== 'node-ipc') return { triggered: false };
+
+  const publisherAccount = registryMeta?.versions?.[pkgJson?.version]?._npmUser?.name
+    || registryMeta?.versions?.[Object.keys(registryMeta.versions || {})[0]]?._npmUser?.name
+    || null;
+
+  if (publisherAccount === 'atiertant') {
+    return {
+      triggered: true,
+      publisher: publisherAccount,
+      package: pkgName,
+      detail: 'Account atiertant has no prior release history on node-ipc — account recovery via expired email domain takeover',
+    };
+  }
+
+  return { triggered: false, publisher: publisherAccount };
+}

package/backend/detectors/node-ipc-compromise/d11-blast-radius.js

@@ -0,0 +1,40 @@
+const COMPROMISED_VERSIONS = {
+  '9.1.6': { safePin: '9.1.5', ranges: ['~9.1.x', '^9.1', '^9'] },
+  '9.2.3': { safePin: '9.1.5', ranges: ['~9.2.x', '^9.2'] },
+  '12.0.1': { safePin: '12.0.0', ranges: ['~12.0.x', '^12'] },
+};
+
+const LOCKFILE_PATTERNS = [
+  /package-lock\.json$/i,
+  /yarn\.lock$/i,
+  /pnpm-lock\.yaml$/i,
+  /pnpm-lock\.yml$/i,
+];
+
+export function scanBlastRadius(allFiles) {
+  const matches = [];
+
+  for (const file of allFiles) {
+    const path = file.path?.replace(/\\/g, '/') || '';
+    const isLockfile = LOCKFILE_PATTERNS.some(p => p.test(path));
+    if (!isLockfile) continue;
+
+    const content = file.content || '';
+    const hasNodeIpc = /\bnode-ipc\b/i.test(content);
+    if (!hasNodeIpc) continue;
+
+    for (const [badVersion, info] of Object.entries(COMPROMISED_VERSIONS)) {
+      const versionInQuotes = `"${badVersion}"`;
+      if (content.includes(versionInQuotes)) {
+        matches.push({
+          file: path,
+          compromisedVersion: badVersion,
+          safePin: info.safePin,
+          detail: `node-ipc resolved to compromised version ${badVersion} in lockfile. Pin to ${info.safePin}.`,
+        });
+      }
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d2-tarball-hash.js

@@ -0,0 +1,31 @@
+import { createHash } from 'crypto';
+
+const MALICIOUS_HASHES = new Set([
+  '449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75e',
+  'c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9ea',
+  '78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981',
+]);
+
+export function scanTarballHash(allFiles) {
+  const matches = [];
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (!path.endsWith('.tgz') && !path.endsWith('.tar.gz')) continue;
+
+    const content = file.content || '';
+    const hash = createHash('sha256').update(content, 'utf8').digest('hex');
+
+    if (MALICIOUS_HASHES.has(hash)) {
+      matches.push({
+        file: path,
+        sha256: hash,
+        version: hash === '449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75e'
+          ? '9.1.6' : hash === 'c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9ea'
+          ? '9.2.3' : '12.0.1',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d3-cjs-payload-injection.js

@@ -0,0 +1,73 @@
+const IIFE_END_PATTERN = /}\)\(\);\s*$/;
+const SIZE_DIFFERENTIAL_THRESHOLD = 50 * 1024;
+
+export function scanCjsPayloadInjection(allFiles) {
+  const matches = [];
+
+  let cjsContent = null;
+  let mjsContent = null;
+  let cjsPath = null;
+  let mjsPath = null;
+
+  for (const file of allFiles) {
+    const path = file.path?.replace(/\\/g, '/') || '';
+    if (path.endsWith('node-ipc.cjs')) {
+      cjsContent = file.content || '';
+      cjsPath = path;
+    }
+    if (path.endsWith('node-ipc.mjs')) {
+      mjsContent = file.content || '';
+      mjsPath = path;
+    }
+  }
+
+  if (cjsContent && !mjsContent) {
+    matches.push({
+      file: cjsPath,
+      finding: 'cjs-present-no-esm',
+      detail: 'node-ipc.cjs present but node-ipc.mjs not found — unable to cross-reference size',
+    });
+  }
+
+  if (cjsContent && mjsContent) {
+    const cjsSize = Buffer.byteLength(cjsContent, 'utf8');
+    const mjsSize = Buffer.byteLength(mjsContent, 'utf8');
+    const sizeDiff = cjsSize - mjsSize;
+
+    if (sizeDiff > SIZE_DIFFERENTIAL_THRESHOLD) {
+      matches.push({
+        file: cjsPath,
+        finding: 'size-anomaly',
+        cjsSize,
+        mjsSize,
+        sizeDiff,
+        detail: `CJS (${cjsSize} bytes) exceeds ESM (${mjsSize} bytes) by ${sizeDiff} bytes — potential injected payload`,
+      });
+    }
+
+    if (IIFE_END_PATTERN.test(cjsContent.trim())) {
+      const trimmed = cjsContent.trim();
+      const iifeMatch = trimmed.match(IIFE_END_PATTERN);
+      if (iifeMatch) {
+        matches.push({
+          file: cjsPath,
+          finding: 'iife-suffix',
+          detail: 'node-ipc.cjs ends with IIFE pattern — potential obfuscated payload appended after module closure',
+        });
+      }
+    }
+  }
+
+  if (cjsContent && IIFE_END_PATTERN.test(cjsContent.trim())) {
+    const alreadyReported = matches.some(m => m.finding === 'iife-suffix');
+    if (!alreadyReported) {
+      matches.push({
+        file: cjsPath,
+        finding: 'iife-suffix',
+        detail: 'node-ipc.cjs ends with IIFE pattern — potential obfuscated payload appended after module closure',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d4-injected-payload-hash.js

@@ -0,0 +1,37 @@
+import { createHash } from 'crypto';
+
+const INJECTED_PAYLOAD_HASH = '3427a90c8cb9af764445448648176e120ebc6af0a538158340cf6220de4d01b7';
+
+const IIFE_BOUNDARY = /}\)\(\);\s*$/;
+
+export function scanInjectedPayloadHash(allFiles) {
+  const matches = [];
+
+  for (const file of allFiles) {
+    const path = file.path?.replace(/\\/g, '/') || '';
+    if (!path.endsWith('node-ipc.cjs')) continue;
+
+    const content = file.content || '';
+
+    if (content.includes(INJECTED_PAYLOAD_HASH)) {
+      matches.push({
+        file: path,
+        finding: 'hash-string-present',
+        sha256: INJECTED_PAYLOAD_HASH,
+        detail: 'Known injected payload SHA-256 found within node-ipc.cjs content',
+      });
+    }
+
+    const fileHash = createHash('sha256').update(content, 'utf8').digest('hex');
+    if (fileHash === INJECTED_PAYLOAD_HASH) {
+      matches.push({
+        file: path,
+        finding: 'file-hash-match',
+        sha256: fileHash,
+        detail: 'node-ipc.cjs SHA-256 matches known injected payload hash',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d5-dns-c2-pattern.js

@@ -0,0 +1,49 @@
+const PUBLIC_RESOLVERS = new Set([
+  '1.1.1.1',
+  '8.8.8.8',
+  '8.8.4.4',
+  '9.9.9.9',
+]);
+
+const IP_PATTERN = /setServers\(\s*\[?\s*['"`](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})['"`]/;
+
+export function scanDnsC2Pattern(allFiles, pkgJson) {
+  const matches = [];
+
+  const sources = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, content] of Object.entries(scripts)) {
+    if (/preinstall|install|postinstall|prepare/.test(hook)) {
+      sources.push({ file: `script:${hook}`, content });
+    }
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (!path.endsWith('.js') && !path.endsWith('.mjs') && !path.endsWith('.cjs')) continue;
+    sources.push({ file: path, content: file.content || '' });
+  }
+
+  for (const { file, content } of sources) {
+    const hasDnsResolver = /\bdns\.promises\s*\.\s*Resolver\b/.test(content);
+    if (!hasDnsResolver) continue;
+
+    const ipMatch = content.match(IP_PATTERN);
+    if (!ipMatch) continue;
+
+    const customIP = ipMatch[1];
+    if (PUBLIC_RESOLVERS.has(customIP)) continue;
+
+    const hasResolveTxt = /\bresolveTxt\b/.test(content);
+
+    matches.push({
+      file,
+      customResolverIP: customIP,
+      hasResolveTxt,
+      detail: `Custom DNS resolver at ${customIP}${hasResolveTxt ? ' with resolveTxt() — TXT tunneling fingerprint' : ''}`,
+    });
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d6-bootstrap-resolver.js

@@ -0,0 +1,40 @@
+const BOOTSTRAP_DOMAIN = /sh\.azurestaticprovider\.net/i;
+const C2_IP = /37\.16\.75\.69/;
+
+export function scanBootstrapResolver(allFiles, pkgJson) {
+  const matches = [];
+
+  const sources = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, content] of Object.entries(scripts)) {
+    sources.push({ file: `script:${hook}`, content });
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    sources.push({ file: path, content: file.content || '' });
+  }
+
+  for (const { file, content } of sources) {
+    if (BOOTSTRAP_DOMAIN.test(content)) {
+      matches.push({
+        file,
+        finding: 'c2-domain',
+        value: 'sh.azurestaticprovider.net',
+        detail: 'Bootstrap resolver domain — lookalike, not a Microsoft domain',
+      });
+    }
+
+    if (C2_IP.test(content)) {
+      matches.push({
+        file,
+        finding: 'c2-ip',
+        value: '37.16.75.69',
+        detail: 'Known C2 IP address for DNS TXT tunneling',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d7-dns-txt-exfil.js

@@ -0,0 +1,42 @@
+const EXFIL_ZONE = /bt\.node\.js/i;
+const RESOLVE_TXT_DYNAMIC = /\bresolveTxt\s*\(/;
+
+export function scanDnsTxtExfil(allFiles, pkgJson) {
+  const matches = [];
+
+  const sources = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, content] of Object.entries(scripts)) {
+    if (/preinstall|install|postinstall|prepare/.test(hook)) {
+      sources.push({ file: `script:${hook}`, content });
+    }
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (!path.endsWith('.js') && !path.endsWith('.mjs') && !path.endsWith('.cjs')) continue;
+    sources.push({ file: path, content: file.content || '' });
+  }
+
+  for (const { file, content } of sources) {
+    if (EXFIL_ZONE.test(content)) {
+      matches.push({
+        file,
+        finding: 'exfil-zone',
+        value: 'bt.node.js',
+        detail: 'DNS TXT exfiltration zone reference found',
+      });
+    }
+
+    if (RESOLVE_TXT_DYNAMIC.test(content)) {
+      matches.push({
+        file,
+        finding: 'resolve-txt',
+        detail: 'resolveTxt() call detected — potential DNS TXT tunneling',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d8-runtime-trigger.js

@@ -0,0 +1,27 @@
+export function scanRuntimeTrigger(allFiles, pkgJson) {
+  const matches = [];
+
+  const sources = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, content] of Object.entries(scripts)) {
+    sources.push({ file: `script:${hook}`, content });
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (!path.endsWith('.js') && !path.endsWith('.mjs') && !path.endsWith('.cjs')) continue;
+    sources.push({ file: path, content: file.content || '' });
+  }
+
+  for (const { file, content } of sources) {
+    if (/\bsetImmediate\s*\(/.test(content)) {
+      matches.push({
+        file,
+        detail: 'setImmediate() call found — node-ipc malware fires at require() time, not via postinstall',
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/d9-temp-artifact.js

@@ -0,0 +1,20 @@
+const NT_DIR_PATTERN = /~\/(nt-(?:[\w-]+))\/.*\.tar\.gz/;
+
+export function scanTempArtifact(allFiles) {
+  const matches = [];
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+
+    const artifactMatch = path.match(NT_DIR_PATTERN);
+    if (artifactMatch) {
+      matches.push({
+        file: path,
+        dirName: artifactMatch[1],
+        detail: `Staging artifact found in ~/${artifactMatch[1]}/ — exfil may have been interrupted`,
+      });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/node-ipc-compromise/index.js

@@ -0,0 +1,93 @@
+import { scanVersionBlocklist } from './d1-version-blocklist.js';
+import { scanTarballHash } from './d2-tarball-hash.js';
+import { scanCjsPayloadInjection } from './d3-cjs-payload-injection.js';
+import { scanInjectedPayloadHash } from './d4-injected-payload-hash.js';
+import { scanDnsC2Pattern } from './d5-dns-c2-pattern.js';
+import { scanBootstrapResolver } from './d6-bootstrap-resolver.js';
+import { scanDnsTxtExfil } from './d7-dns-txt-exfil.js';
+import { scanRuntimeTrigger } from './d8-runtime-trigger.js';
+import { scanTempArtifact } from './d9-temp-artifact.js';
+import { scanUnauthorizedPublisher } from './d10-unauthorized-publisher.js';
+import { scanBlastRadius } from './d11-blast-radius.js';
+
+const RULE_SEVERITY = {
+  D1: 'critical',
+  D2: 'critical',
+  D3: 'critical',
+  D4: 'critical',
+  D5: 'critical',
+  D6: 'critical',
+  D7: 'critical',
+  D8: 'info',
+  D9: 'critical',
+  D10: 'critical',
+  D11: 'critical',
+};
+
+const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low', 'info', 'none'];
+
+function highestSeverity(severities) {
+  for (const s of SEVERITY_ORDER) {
+    if (severities.includes(s)) return s;
+  }
+  return 'none';
+}
+
+function buildRemediation(triggered) {
+  const lines = [];
+  if (triggered.includes('D1') || triggered.includes('D11')) {
+    lines.push('Pin node-ipc to safe version: 9.1.5 or 12.0.0');
+  }
+  if (triggered.includes('D9')) {
+    lines.push('PRESERVE ~/nt-*/ artifacts for incident response');
+  }
+  if (triggered.includes('D5') || triggered.includes('D6') || triggered.includes('D7')) {
+    lines.push('Review DNS egress logs for sh.azurestaticprovider.net and 37.16.75.69 post May 14, 2026');
+  }
+  lines.push('Rotate all CI/CD secrets and OIDC tokens');
+  lines.push('Audit maintainer email domain expiry for all critical dependencies');
+  return lines.join('. ');
+}
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const fileList = allFiles || files || [];
+
+  const results = {
+    D1: scanVersionBlocklist(pkgJson, registryMeta),
+    D2: scanTarballHash(fileList),
+    D3: scanCjsPayloadInjection(fileList),
+    D4: scanInjectedPayloadHash(fileList),
+    D5: scanDnsC2Pattern(fileList, pkgJson),
+    D6: scanBootstrapResolver(fileList, pkgJson),
+    D7: scanDnsTxtExfil(fileList, pkgJson),
+    D8: scanRuntimeTrigger(fileList, pkgJson),
+    D9: scanTempArtifact(fileList),
+    D10: scanUnauthorizedPublisher(pkgJson, registryMeta),
+    D11: scanBlastRadius(fileList),
+  };
+
+  const triggered = Object.entries(results)
+    .filter(([_, r]) => r.triggered)
+    .map(([id]) => id);
+
+  if (triggered.length === 0) return [];
+
+  const severity = highestSeverity(triggered.map(id => RULE_SEVERITY[id]));
+
+  const evidence = {
+    campaign: 'NODE_IPC_COMPROMISE',
+    triggeredRules: triggered,
+    details: Object.fromEntries(
+      Object.entries(results).filter(([_, r]) => r.triggered)
+    ),
+  };
+
+  return [{
+    id: 'NODE_IPC_COMPROMISE',
+    severity,
+    title: 'node-ipc supply chain compromise (May 14, 2026)',
+    description: `${triggered.length} signal(s): ${triggered.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: buildRemediation(triggered),
+  }];
+}

package/backend/detectors/node-ipc-compromise/iocs.json

@@ -0,0 +1,59 @@
+{
+  "lastUpdated": "2026-05-28T00:00:00.000Z",
+  "campaign": {
+    "id": "node-ipc-compromise",
+    "description": "node-ipc supply chain compromise (May 14, 2026) — 3 malicious versions (9.1.6, 9.2.3, 12.0.1) published via expired maintainer email domain takeover. 80KB credential stealer delivered via DNS TXT tunneling.",
+    "firstObserved": "2026-05-14T00:00:00.000Z",
+    "attribution": {
+      "npmPublisher": "atiertant",
+      "c2Domain": "sh.azurestaticprovider.net",
+      "c2IP": "37.16.75.69",
+      "exfilZone": "bt.node.js"
+    }
+  },
+  "versions": {
+    "9.1.6": {
+      "tarballSha256": "449e4265979b5fdb2d3446c021af437e815debd66de7da2fe54f1ad93cbcc75e",
+      "safePin": "9.1.5",
+      "semverRanges": ["~9.1.x", "^9.1", "^9"]
+    },
+    "9.2.3": {
+      "tarballSha256": "c2f4dc64aec4631540a568e88932b61daebbfb7e8281b812fa01b7215f9be9ea",
+      "safePin": "9.1.5",
+      "semverRanges": ["~9.2.x", "^9.2"]
+    },
+    "12.0.1": {
+      "tarballSha256": "78a82d93b4f580835f5823b85a3d9ee1f03a15ee6f0e01b4eac86252a7002981",
+      "safePin": "12.0.0",
+      "semverRanges": ["~12.0.x", "^12"]
+    }
+  },
+  "iocs": [
+    {
+      "type": "publisherAccount",
+      "value": "atiertant",
+      "ecosystem": "npm",
+      "notes": "Unauthorized publisher — no prior history on node-ipc, exclusively used for malicious versions."
+    },
+    {
+      "type": "c2Domain",
+      "value": "sh.azurestaticprovider.net",
+      "notes": "Bootstrap resolver domain (lookalike, not Microsoft). DNS TXT tunneling C2."
+    },
+    {
+      "type": "c2IP",
+      "value": "37.16.75.69",
+      "notes": "C2 IP address for DNS TXT tunneling."
+    },
+    {
+      "type": "exfilZone",
+      "value": "bt.node.js",
+      "notes": "DNS TXT exfiltration zone. Queries encode stolen data into subdomain labels."
+    },
+    {
+      "type": "payloadHash",
+      "value": "3427a90c8cb9af764445448648176e120ebc6af0a538158340cf6220de4d01b7",
+      "notes": "SHA-256 of injected payload blob within node-ipc.cjs."
+    }
+  ]
+}

package/backend/detectors/trapdoor/d1-campaign-marker.js

@@ -0,0 +1,20 @@
+const TARGET_EXTENSIONS = ['.md', '.sh', '.json'];
+const TARGET_FILENAMES = new Set(['.cursorrules', 'CLAUDE.md', 'README.md', 'package.json']);
+
+export function scanCampaignMarker(allFiles) {
+  const matches = [];
+  for (const file of allFiles) {
+    const path = file.path || '';
+    const content = file.content || '';
+    const basename = path.split(/[\\/]/).pop();
+    const ext = path.includes('.') ? '.' + path.split('.').pop() : '';
+
+    const isTarget = TARGET_FILENAMES.has(basename) || TARGET_EXTENSIONS.includes(ext);
+    if (!isTarget) continue;
+
+    if (content.includes('P-2024-001')) {
+      matches.push({ file: path });
+    }
+  }
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d2-payload-fingerprint.js

@@ -0,0 +1,22 @@
+export function scanPayloadFingerprint(allFiles) {
+  const matches = [];
+  for (const file of allFiles) {
+    const path = file.path || '';
+    const content = file.content || '';
+    const basename = path.split(/[\\/]/).pop();
+
+    const byteSize = Buffer.byteLength(content, 'utf8');
+
+    if (basename === 'trap-core.js') {
+      matches.push({ file: path, matchType: 'filename', byteSize });
+    }
+
+    if (byteSize === 48485) {
+      const alreadyMatched = matches.some(m => m.file === path);
+      if (!alreadyMatched) {
+        matches.push({ file: path, matchType: 'byteSize', byteSize });
+      }
+    }
+  }
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d3-publisher-blocklist.js

@@ -0,0 +1,10 @@
+export function scanPublisherBlocklist(pkgJson, registryMeta) {
+  const publisherAccount = registryMeta?.versions?.[pkgJson?.version]?._npmUser?.name
+    || registryMeta?.versions?.[Object.keys(registryMeta.versions || {})[0]]?._npmUser?.name
+    || null;
+
+  if (publisherAccount === 'asdxzxc') {
+    return { triggered: true, publisher: publisherAccount };
+  }
+  return { triggered: false, publisher: publisherAccount };
+}

package/backend/detectors/trapdoor/d4-gists-exfil.js

@@ -0,0 +1,34 @@
+const CRED_PATH_PATTERNS = /\.aws\/|id_rsa|\.env|keystore|credentials|\.npmrc|\.ssh\//i;
+const C2_PATTERNS = [/ddjidd564\.github\.io/i, /gist\.github\.com/i];
+
+function scanContent(content, filePath) {
+  const matches = [];
+  const hasC2 = C2_PATTERNS.some(p => p.test(content));
+  if (!hasC2) return matches;
+
+  const hasCredPath = CRED_PATH_PATTERNS.test(content);
+  if (hasCredPath) {
+    matches.push({ file: filePath });
+  }
+  return matches;
+}
+
+export function scanGistsExfil(allFiles, pkgJson) {
+  const matches = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, scriptContent] of Object.entries(scripts)) {
+    if (/preinstall|install|postinstall|prepare/.test(hook)) {
+      matches.push(...scanContent(scriptContent, `script:${hook}`));
+    }
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (path.endsWith('.js') || path.endsWith('.mjs') || path.endsWith('.cjs')) {
+      matches.push(...scanContent(file.content || '', path));
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d5-ai-poisoning.js

@@ -0,0 +1,35 @@
+const ZERO_WIDTH_RANGES = [
+  [0x200B, 0x200D],
+  [0xFEFF, 0xFEFF],
+];
+
+function isZeroWidthChar(code) {
+  return ZERO_WIDTH_RANGES.some(([lo, hi]) => code >= lo && code <= hi);
+}
+
+const TARGET_FILES = /(^|[\\/])(\.cursorrules|CLAUDE\.md)$/i;
+
+export function scanAIPoisoning(allFiles) {
+  const matches = [];
+
+  for (const file of allFiles) {
+    const path = file.path?.replace(/\\/g, '/') || '';
+    if (!TARGET_FILES.test(path)) continue;
+
+    const content = file.content || '';
+    const found = [];
+
+    for (let i = 0; i < content.length; i++) {
+      const code = content.charCodeAt(i);
+      if (isZeroWidthChar(code)) {
+        found.push({ char: `U+${code.toString(16).toUpperCase()}`, position: i });
+      }
+    }
+
+    if (found.length > 0) {
+      matches.push({ file: path, zeroWidthChars: found, count: found.length });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d6-lure-name.js

@@ -0,0 +1,42 @@
+const LURE_PATTERNS = [
+  /solidity/i,
+  /defi/i,
+  /solana/i,
+  /sui\b/i,
+  /move-lang/i,
+  /^eth-/i,
+  /prompt-engineering/i,
+  /token-usage/i,
+  /dev-env-bootstrap/i,
+];
+
+export function scanLureName(pkgJson, registryMeta) {
+  const pkgName = pkgJson?.name || '';
+  const matchedPattern = LURE_PATTERNS.find(p => p.test(pkgName));
+  if (!matchedPattern) return { triggered: false };
+
+  const timeMap = registryMeta?.time || {};
+  const versions = Object.keys(timeMap).filter(v => v !== 'created' && v !== 'modified');
+  const firstVersion = versions.length > 0
+    ? versions.sort((a, b) => new Date(timeMap[a]) - new Date(timeMap[b]))[0]
+    : null;
+
+  if (!firstVersion) return { triggered: false };
+
+  const firstPubDate = new Date(timeMap[firstVersion]);
+  const now = new Date();
+  const daysSinceFirstPub = (now - firstPubDate) / (1000 * 60 * 60 * 24);
+
+  if (daysSinceFirstPub < 30 && versions.length <= 2) {
+    return {
+      triggered: true,
+      packageName: pkgName,
+      matchedPattern: matchedPattern.source,
+      firstPublished: timeMap[firstVersion],
+      ageDays: Math.round(daysSinceFirstPub),
+      versionCount: versions.length,
+    };
+  }
+
+  return { triggered: false };
+}

package/backend/detectors/trapdoor/d7-crypto-primitives.js

@@ -0,0 +1,22 @@
+export function scanCryptoPrimitives(allFiles, pkgJson) {
+  const matches = [];
+
+  const scripts = pkgJson?.scripts || {};
+  const scriptEntries = Object.entries(scripts)
+    .filter(([hook]) => /preinstall|install|postinstall|prepare/.test(hook))
+    .map(([hook, content]) => ({ file: `script:${hook}`, content }));
+
+  const jsFiles = allFiles
+    .filter(f => f.path?.endsWith('.js') || f.path?.endsWith('.mjs') || f.path?.endsWith('.cjs'))
+    .map(f => ({ file: f.path, content: f.content || '' }));
+
+  for (const { file, content } of [...scriptEntries, ...jsFiles]) {
+    const hasFernet = /Fernet/i.test(content);
+    const hasECDH = /\bECDH\b|\bcreateECDH\b/i.test(content);
+    if (hasFernet && hasECDH) {
+      matches.push({ file });
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d8-xor-key.js

@@ -0,0 +1,15 @@
+export function scanXorKey(allFiles) {
+  const matches = [];
+  for (const file of allFiles) {
+    const path = file.path?.replace(/\\/g, '/') || '';
+    const isLockFile = /(package-lock\.json|yarn\.lock|pnpm-lock\.yaml|pnpm-lock\.yml|Cargo\.lock|Cargo\.toml)/i.test(path);
+    const isBundled = /\.node$|vendor|native/i.test(path);
+    if (!isLockFile && !isBundled) continue;
+
+    const content = file.content || '';
+    if (content.includes('cargo-build-helper-2026')) {
+      matches.push({ file: path });
+    }
+  }
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/d9-cred-validation.js

@@ -0,0 +1,32 @@
+const CRED_VALIDATION_PATTERNS = [
+  /sts\.amazonaws\.com/i,
+  /api\.github\.com\/user/i,
+];
+
+export function scanCredValidation(allFiles, pkgJson) {
+  const matches = [];
+
+  const scripts = pkgJson?.scripts || {};
+  for (const [hook, content] of Object.entries(scripts)) {
+    if (/preinstall|install|postinstall|prepare/.test(hook)) {
+      for (const pattern of CRED_VALIDATION_PATTERNS) {
+        if (pattern.test(content)) {
+          matches.push({ file: `script:${hook}`, pattern: pattern.source });
+        }
+      }
+    }
+  }
+
+  for (const file of allFiles) {
+    const path = file.path || '';
+    if (!path.endsWith('.js') && !path.endsWith('.mjs') && !path.endsWith('.cjs')) continue;
+    const content = file.content || '';
+    for (const pattern of CRED_VALIDATION_PATTERNS) {
+      if (pattern.test(content)) {
+        matches.push({ file: path, pattern: pattern.source });
+      }
+    }
+  }
+
+  return { triggered: matches.length > 0, matches };
+}

package/backend/detectors/trapdoor/index.js

@@ -0,0 +1,77 @@
+import { scanCampaignMarker } from './d1-campaign-marker.js';
+import { scanPayloadFingerprint } from './d2-payload-fingerprint.js';
+import { scanPublisherBlocklist } from './d3-publisher-blocklist.js';
+import { scanGistsExfil } from './d4-gists-exfil.js';
+import { scanAIPoisoning } from './d5-ai-poisoning.js';
+import { scanLureName } from './d6-lure-name.js';
+import { scanCryptoPrimitives } from './d7-crypto-primitives.js';
+import { scanXorKey } from './d8-xor-key.js';
+import { scanCredValidation } from './d9-cred-validation.js';
+
+const RULE_SEVERITY = {
+  D1: 'critical',
+  D2: 'critical',
+  D3: 'critical',
+  D4: 'critical',
+  D5: 'high',
+  D6: 'medium',
+  D7: 'high',
+  D8: 'high',
+  D9: 'critical',
+};
+
+const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low', 'info', 'none'];
+
+function highestSeverity(severities) {
+  for (const s of SEVERITY_ORDER) {
+    if (severities.includes(s)) return s;
+  }
+  return 'none';
+}
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const fileList = allFiles || files || [];
+
+  const results = {
+    D1: scanCampaignMarker(fileList),
+    D2: scanPayloadFingerprint(fileList),
+    D3: scanPublisherBlocklist(pkgJson, registryMeta),
+    D4: scanGistsExfil(fileList, pkgJson),
+    D5: scanAIPoisoning(fileList),
+    D6: scanLureName(pkgJson, registryMeta),
+    D7: scanCryptoPrimitives(fileList, pkgJson),
+    D8: scanXorKey(fileList),
+    D9: scanCredValidation(fileList, pkgJson),
+  };
+
+  const triggered = Object.entries(results)
+    .filter(([_, r]) => r.triggered)
+    .map(([id]) => id);
+
+  if (triggered.length === 0) return [];
+
+  const severity = highestSeverity(triggered.map(id => RULE_SEVERITY[id]));
+
+  const evidence = {
+    campaign: 'TRAPDOOR',
+    triggeredRules: triggered,
+    details: Object.fromEntries(
+      Object.entries(results).filter(([_, r]) => r.triggered)
+    ),
+    iocSummary: {
+      publisher: 'asdxzxc',
+      c2Domain: 'ddjidd564.github.io',
+      campaignMarker: 'P-2024-001',
+      payloadFile: 'trap-core.js',
+    },
+  };
+
+  return [{
+    id: 'TRAPDOOR',
+    severity,
+    title: 'TrapDoor cross-ecosystem supply chain attack campaign',
+    description: `${triggered.length} signal(s): ${triggered.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: 'Block install immediately. Revoke any npm tokens associated with this package. Rotate CI/CD secrets. Audit for postinstall scripts accessing credentials. Check for AI config poisoning (.cursorrules/CLAUDE.md). Verify all package versions from publisher asdxzxc. If confirmed compromise, follow incident response procedures per SECURITY.md.',
+  }];
+}

package/backend/detectors/trapdoor/iocs.json

@@ -0,0 +1,51 @@
+{
+  "lastUpdated": "2026-05-28T00:00:00.000Z",
+  "campaign": {
+    "id": "trapdoor",
+    "description": "TrapDoor cross-ecosystem supply chain attack (npm, PyPI, Crates.io) targeting crypto, DeFi, Solana, and AI developer communities.",
+    "firstObserved": "2026-05-22T00:00:00.000Z",
+    "attribution": {
+      "npmPublisher": "asdxzxc",
+      "githubAccount": "ddjidd564",
+      "githubPages": "ddjidd564.github.io"
+    }
+  },
+  "iocs": [
+    {
+      "type": "publisherAccount",
+      "value": "asdxzxc",
+      "ecosystem": "npm",
+      "notes": "TrapDoor campaign — known malicious npm publisher account."
+    },
+    {
+      "type": "campaignMarker",
+      "value": "P-2024-001",
+      "notes": "Hardcoded campaign marker found in package files (README.md, .cursorrules, CLAUDE.md)."
+    },
+    {
+      "type": "payloadFilename",
+      "value": "trap-core.js",
+      "notes": "Shared payload filename in TrapDoor packages."
+    },
+    {
+      "type": "payloadSize",
+      "value": 48485,
+      "notes": "Exact byte size of trap-core.js payload."
+    },
+    {
+      "type": "xorKey",
+      "value": "cargo-build-helper-2026",
+      "notes": "XOR key string found in Crates.io / cross-ecosystem packages."
+    },
+    {
+      "type": "c2Domain",
+      "value": "ddjidd564.github.io",
+      "notes": "GitHub Pages C2 infrastructure."
+    },
+    {
+      "type": "gistDomain",
+      "value": "gist.github.com",
+      "notes": "GitHub Gist used for exfiltration."
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.15.6",
+  "version": "0.16.0",
   "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
   "main": "backend/index.js",
   "bin": {