@lateos/npm-scan 0.16.0 → 0.16.4

package/backend/detectors/axios-poisoning/d3-postinstall-rat.js

@@ -0,0 +1,90 @@
+const SUSPICIOUS_HOOKS = ['postinstall', 'install', 'preinstall'];
+const TEMP_DIR_RE = /(?:os\.tmpdir|tmpdir|temp|%TEMP%|\/tmp|\/var\/tmp)/;
+const POWERSHELL_RE = /powershell|pwsh|cmd\.exe|Invoke-Expression|IEX\s*\(/;
+const LAUNCHD_RE = /\/Library\/Launch(Daemons|Agents)\/|launchctl\s+(load|start|submit)/;
+const SYSTEMD_SERVICE_RE = /\/etc\/systemd\/system\/|systemctl\s+(enable|start|daemon-reload)/;
+const CRON_PERSIST_RE = /crontab\s+-[ei]|@reboot\s+|@daily\s+|@hourly\s+/;
+const DLL_LOAD_RE = /LoadLibrary|dlopen|LoadLibraryEx|lib\.(?:LoadLibrary|dlopen)/;
+const PROCESS_INJECT_RE = /CreateRemoteThread|VirtualAllocEx|WriteProcessMemory|NtCreateThreadEx/;
+const NET_CALLBACK_RE = /(?:https?:\/\/|wss?:\/\/|ws:\/\/)(?:[^\s'"]*\.[^\s'"]{2,})/;
+const BINARY_DROP_RE = /(?:fs\.writeFileSync|writeFile|writeFileSync)\s*\([^)]*(?:\.exe|\.dll|\.bin|\.bat|\.ps1)/;
+
+const SUSPICIOUS_HOOK_PATTERNS = [
+  /curl|wget|fetch|https?:\/\//,
+  /powershell|cmd\.exe|bash\b|sh\b/,
+  /process\.exit|fs\.chmod|exec(?:Sync)?\s*\(/,
+  /spawn|fork|detached/,
+  /systemd|launchctl|crontab|schtasks/,
+  /LoadLibrary|dlopen/,
+  /eval|Function\s*\(/,
+  /__dirname|__filename/,
+];
+
+export function scanPostinstallRAT(pkgJson, files = []) {
+  const scripts = pkgJson?.scripts || {};
+  const code = files.map(f => f.content || '').join('\n');
+
+  const activeHooks = [];
+  for (const hook of SUSPICIOUS_HOOKS) {
+    if (scripts[hook]) {
+      activeHooks.push({ hook, command: scripts[hook] });
+    }
+  }
+
+  if (activeHooks.length === 0) {
+    return { triggered: false, platforms: [], c2Indicators: [], payloadType: null, hooks: [], hasBinaryDrop: false };
+  }
+
+  const combined = code + '\n' + activeHooks.map(h => h.command).join('\n');
+
+  const hasSuspiciousCode = SUSPICIOUS_HOOK_PATTERNS.some(p => p.test(combined));
+
+  if (activeHooks.length > 0 && !hasSuspiciousCode) {
+    return { triggered: false, platforms: [], c2Indicators: [], payloadType: null, hooks: [], hasBinaryDrop: false };
+  }
+
+  const platforms = [];
+  let c2Indicators = [];
+  let hasBinaryDrop = false;
+
+  if (POWERSHELL_RE.test(combined)) platforms.push('windows');
+  if (LAUNCHD_RE.test(combined)) platforms.push('macos');
+  if (SYSTEMD_SERVICE_RE.test(combined) || CRON_PERSIST_RE.test(combined)) platforms.push('linux');
+  if (TEMP_DIR_RE.test(combined) && (POWERSHELL_RE.test(combined) || BINARY_DROP_RE.test(combined))) {
+    if (!platforms.includes('windows')) platforms.push('windows');
+    if (!platforms.includes('linux')) platforms.push('linux');
+    if (!platforms.includes('macos')) platforms.push('macos');
+  }
+
+  if (DLL_LOAD_RE.test(combined)) platforms.push('windows');
+  if (PROCESS_INJECT_RE.test(combined)) platforms.push('windows');
+
+  if (NET_CALLBACK_RE.test(combined)) {
+    const urls = combined.match(NET_CALLBACK_RE);
+    c2Indicators = urls ? [...new Set(urls.map(u => u.replace(/['")]/g, '')))] : ['Network callback to external server'];
+  }
+
+  if (BINARY_DROP_RE.test(combined)) hasBinaryDrop = true;
+
+  let payloadType = null;
+  if (platforms.length >= 2 && c2Indicators.length > 0 && hasBinaryDrop) {
+    payloadType = 'cross_platform_RAT';
+  } else if (hasBinaryDrop && c2Indicators.length > 0) {
+    payloadType = 'network_backdoor';
+  } else if (hasBinaryDrop && platforms.length > 0) {
+    payloadType = 'platform_persistence';
+  }
+
+  if (payloadType) {
+    return {
+      triggered: true,
+      payloadType,
+      platforms: [...new Set(platforms)],
+      c2Indicators,
+      hooks: activeHooks.map(h => h.hook),
+      hasBinaryDrop,
+    };
+  }
+
+  return { triggered: false, platforms: [], c2Indicators: [], payloadType: null, hooks: [], hasBinaryDrop: false };
+}

package/backend/detectors/axios-poisoning/index.js

@@ -0,0 +1,94 @@
+import { scanVersionBlocklist } from './d1-version-fingerprint.js';
+import { scanDecoyDependency } from './d2-decoy-dep.js';
+import { scanPostinstallRAT } from './d3-postinstall-rat.js';
+import { attachProvenance } from '../../provenance.js';
+
+const RULE_SEVERITY = { D1: 'critical', D2: 'critical', D3: 'critical' };
+const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low', 'info', 'none'];
+
+function highestSeverity(severities) {
+  for (const s of SEVERITY_ORDER) if (severities.includes(s)) return s;
+  return 'none';
+}
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const pkgName = pkgJson?.name || 'unknown';
+  const pkgVersion = pkgJson?.version || '0.0.0';
+  const fileList = allFiles || files || [];
+
+  const d1Result = scanVersionBlocklist(pkgJson);
+  if (d1Result.stopCondition) {
+    const evidence = attachProvenance({
+      rule: 'AXS-VER-001',
+      campaign: 'AXIOS_POISONING',
+      triggeredChecks: ['D1'],
+      matchedVersion: d1Result.matchedVersion,
+      action: 'BLOCK_IMMEDIATELY',
+      remediation: `Upgrade to axios@1.14.2 or later, or use pinned safe version`,
+    }, {
+      ruleId: 'AXS-VER-001',
+      ruleName: 'Compromised Axios Version Fingerprinting',
+      severity: 'CRITICAL',
+      campaignName: 'Axios Registry Poisoning',
+      pkgName,
+      pkgVersion,
+      triggered: true,
+      severity: 'critical',
+      indicators: [{ type: 'known_malicious_version', value: `${pkgName}@${pkgVersion}` }],
+      ruleProvenanceUrl: 'https://github.com/lateos/npm-scan/blob/main/backend/detectors/axios-poisoning/d1-version-fingerprint.js',
+      campaignSourceUrl: 'https://security.researcher.org/supply-chain-report',
+    });
+
+    return [{
+      id: 'AXIOS_POISONING',
+      severity: 'critical',
+      title: 'Axios Registry Poisoning campaign',
+      description: `HALT: ${pkgName}@${pkgVersion} is a known compromised version in the Axios registry poisoning campaign. Block install immediately.`,
+      evidence: JSON.stringify(evidence),
+      mitigation: d1Result.reason ? `BLOCK IMMEDIATELY. ${d1Result.reason}. Upgrade to axios@1.14.2 or later, or use pinned safe version.` : 'BLOCK IMMEDIATELY. Upgrade to a safe version.',
+      stopCondition: true,
+    }];
+  }
+
+  const d2Result = scanDecoyDependency(pkgJson);
+  const d3Result = scanPostinstallRAT(pkgJson, fileList);
+
+  const results = { D1: d1Result, D2: d2Result, D3: d3Result };
+
+  const triggered = Object.entries(results)
+    .filter(([_, r]) => r.triggered)
+    .map(([id]) => id);
+
+  if (triggered.length === 0) return [];
+
+  const severity = highestSeverity(triggered.map(id => RULE_SEVERITY[id]));
+
+  const evidence = attachProvenance({
+    campaign: 'AXIOS_POISONING',
+    triggeredChecks: triggered,
+    details: Object.fromEntries(
+      Object.entries(results).filter(([_, r]) => r.triggered)
+    ),
+  }, {
+    ruleId: 'AXIOS_POISONING',
+    ruleName: 'Axios Registry Poisoning Detection',
+    severity: severity.toUpperCase(),
+    campaignName: 'Axios Registry Poisoning',
+    pkgName,
+    pkgVersion,
+    triggered: true,
+    severity,
+    indicators: triggered.map(id => ({ type: `rule_${id}`, value: RULE_SEVERITY[id] })),
+    ruleProvenanceUrl: 'https://github.com/lateos/npm-scan/blob/main/backend/detectors/axios-poisoning/',
+    campaignSourceUrl: 'https://security.researcher.org/supply-chain-report',
+  });
+
+  return [{
+    id: 'AXIOS_POISONING',
+    severity,
+    title: 'Axios Registry Poisoning campaign',
+    description: `${triggered.length} signal(s): ${triggered.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: 'If decoy dependency detected: verify all axios dependencies are legitimate. If RAT payload detected: run full malware scan on the system, rotate all credentials, check for unauthorized network connections. Upgrade to axios@1.14.2+ or pin to a known safe version.',
+  }];
+}

package/backend/detectors/index.js

@@ -15,6 +15,9 @@ import { scan as miniShaiHuludScan } from './mini-shai-hulud/index.js';
 import { scan as badhostScan } from './cve-2026-48710-badhost/index.js';
 import { scan as trapdoorScan } from './trapdoor/index.js';
 import { scan as nodeIpcScan } from './node-ipc-compromise/index.js';
+import { scan as mshSupplementScan } from './msh-supplement/index.js';
+import { scan as typosquatScan } from './typosquat-vpmdhaj/index.js';
+import { scan as axiosPoisoningScan } from './axios-poisoning/index.js';
 
 export async function runAll(pkgJson, files = [], registryMeta = null, allFiles = null) {
   const findings = [];
@@ -35,5 +38,8 @@ export async function runAll(pkgJson, files = [], registryMeta = null, allFiles
   findings.push(...await badhostScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await trapdoorScan(pkgJson, files, registryMeta, allFiles || files));
   findings.push(...await nodeIpcScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await mshSupplementScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await typosquatScan(pkgJson, files, registryMeta, allFiles || files));
+  findings.push(...await axiosPoisoningScan(pkgJson, files, registryMeta, allFiles || files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/backend/detectors/msh-supplement/d1-obfuscation.js

@@ -0,0 +1,18 @@
+const CTF_SCRAMBLE_RE = /require\(['"](ctf-scramble-v2|ctf-scramble-v\d+)['"]\)/;
+const CTF_SCRAMBLE_ESM_RE = /(?:from|import)\s+['"](ctf-scramble-v2|ctf-scramble-v\d+)['"]/;
+
+export function scanCtfScramble(files = []) {
+  for (const file of files) {
+    const content = file.content || '';
+    if (CTF_SCRAMBLE_RE.test(content) || CTF_SCRAMBLE_ESM_RE.test(content)) {
+      const match = content.match(CTF_SCRAMBLE_RE) || content.match(CTF_SCRAMBLE_ESM_RE);
+      return {
+        triggered: true,
+        stopCondition: true,
+        filePath: file.path,
+        patternMatched: match ? match[1] : 'ctf-scramble-v2',
+      };
+    }
+  }
+  return { triggered: false, stopCondition: false };
+}

package/backend/detectors/msh-supplement/d2-persistence.js

@@ -0,0 +1,47 @@
+const DAEMON_RE = /\b(daemon|fork)\s*\(/;
+const SPAWN_DETACHED_RE = /spawn\s*\([^)]*detached\s*:\s*true/;
+const SYSTEMD_RE = /\/etc\/systemd\/system\/|systemctl\s+(enable|start)/;
+const CRON_RE = /crontab\s+-e|\/etc\/cron\b/;
+const LAUNCHD_RE = /\/Library\/LaunchDaemons\/|launchctl\s+(load|start)/;
+const TASK_SCHED_RE = /schtasks\.exe|New-ScheduledTask|Register-ScheduledJob/;
+const CI_GUARD_RE = /!process\.env\.CI|process\.env\.CI\s*===?\s*undefined/;
+
+export function scanPersistence(pkgJson, files = []) {
+  const allScripts = [];
+  const hooks = ['preinstall', 'install', 'postinstall', 'preuninstall', 'postuninstall'];
+  for (const hook of hooks) {
+    const script = pkgJson?.scripts?.[hook];
+    if (script) {
+      allScripts.push({ hook, content: script });
+    }
+  }
+
+  const code = files.map(f => f.content || '').join('\n');
+  const codeWithScripts = code + '\n' + allScripts.map(s => s.content).join('\n');
+
+  const detectedApis = [];
+  let hasCiGuard = false;
+  let hasDaemon = false;
+
+  if (DAEMON_RE.test(codeWithScripts)) detectedApis.push('daemon');
+  if (SPAWN_DETACHED_RE.test(codeWithScripts)) detectedApis.push('spawn_detached');
+  if (SYSTEMD_RE.test(codeWithScripts)) detectedApis.push('systemd');
+  if (CRON_RE.test(codeWithScripts)) detectedApis.push('cron');
+  if (LAUNCHD_RE.test(codeWithScripts)) detectedApis.push('launchd');
+  if (TASK_SCHED_RE.test(codeWithScripts)) detectedApis.push('task_scheduler');
+  if (CI_GUARD_RE.test(codeWithScripts)) hasCiGuard = true;
+
+  if (DAEMON_RE.test(codeWithScripts) || SPAWN_DETACHED_RE.test(codeWithScripts)) hasDaemon = true;
+
+  if (hasDaemon || detectedApis.length > 0) {
+    return {
+      triggered: true,
+      detectedApis,
+      hasCiGuard,
+      hooks: allScripts.map(s => s.hook),
+      context: hasCiGuard ? 'Spawns background process when CI env var absent' : 'Suspicious persistence/detached process detected',
+    };
+  }
+
+  return { triggered: false, detectedApis: [], hasCiGuard: false, hooks: [] };
+}

package/backend/detectors/msh-supplement/d3-geo-killswitch.js

@@ -0,0 +1,35 @@
+const LOCALE_CHECKS = [
+  /process\.env\.LANG/,
+  /process\.env\.LC_ALL/,
+  /process\.env\.LC_MESSAGES/,
+  /Intl\.DateTimeFormat\(\)\.resolvedOptions\(\)\.timeZone/,
+  /Intl\.DateTimeFormat\.resolvedOptions\b/,
+];
+const TARGET_LOCALES = /ru_RU|be_BY|uk_UA/;
+const SILENT_EXIT_RE = /process\.exit\s*\(\s*0\s*\)/;
+
+export function scanGeoKillswitch(files = []) {
+  const code = files.map(f => f.content || '').join('\n');
+  if (!code) return { triggered: false, targetedLocales: [], triggerBehavior: null };
+
+  const hasLocaleCheck = LOCALE_CHECKS.some(re => re.test(code));
+  if (!hasLocaleCheck) return { triggered: false, targetedLocales: [], triggerBehavior: null };
+
+  const hasTargetLocale = TARGET_LOCALES.test(code);
+  const hasSilentExit = SILENT_EXIT_RE.test(code);
+
+  if (hasTargetLocale || hasSilentExit) {
+    const matchedLocales = [];
+    if (/ru_RU/.test(code)) matchedLocales.push('ru_RU');
+    if (/be_BY/.test(code)) matchedLocales.push('be_BY');
+    if (/uk_UA/.test(code)) matchedLocales.push('uk_UA');
+
+    return {
+      triggered: true,
+      targetedLocales: matchedLocales.length > 0 ? matchedLocales : ['ru_RU', 'be_BY'],
+      triggerBehavior: hasSilentExit ? 'Silent exit' : 'Locale/timezone match with conditional behavior',
+    };
+  }
+
+  return { triggered: false, targetedLocales: [], triggerBehavior: null };
+}

package/backend/detectors/msh-supplement/d4-c2-deaddrop.js

@@ -0,0 +1,33 @@
+const OHNO_WHATS_GOING_ON_RE = /OhNoWhatsGoingOnWithGitHub/;
+const GITHUB_COMMIT_SCRAPE_RE = /api\.github\.com\/repos\/[^/]+\/[^/]+\/commits/;
+const GITHUB_GRAPHQL_RE = /api\.github\.com\/graphql/;
+const GITHUB_TOKEN_ACCESS_RE = /process\.env\.(?:GH_TOKEN|GITHUB_TOKEN|GITHUB_ACTOR)/;
+const COMMIT_PARSE_LOOP_RE = /commits?\s*\.\s*(?:map|filter|forEach|for\s*\(|while\s*\()/;
+
+export function scanC2DeadDrop(files = []) {
+  const code = files.map(f => f.content || '').join('\n');
+  if (!code) return { triggered: false, matches: [] };
+
+  const matches = [];
+
+  if (OHNO_WHATS_GOING_ON_RE.test(code)) {
+    matches.push({ type: 'ioc_keyword', value: 'OhNoWhatsGoingOnWithGitHub', attackVector: 'GitHub commit scraping for token recovery' });
+  }
+
+  const hasTokenAccess = GITHUB_TOKEN_ACCESS_RE.test(code);
+  const hasGithubApi = GITHUB_COMMIT_SCRAPE_RE.test(code) || GITHUB_GRAPHQL_RE.test(code);
+  const hasCommitParseLoop = COMMIT_PARSE_LOOP_RE.test(code);
+
+  if (hasTokenAccess && hasGithubApi) {
+    matches.push({ type: 'token_exfil_github_api', value: 'Credential access followed by GitHub API call', attackVector: 'Credential/token extraction followed by GitHub API calls' });
+  }
+
+  if (hasCommitParseLoop && hasGithubApi) {
+    matches.push({ type: 'commit_scraping', value: 'Commit message parsing with GitHub API', attackVector: 'Commit scraping for secret detection' });
+  }
+
+  return {
+    triggered: matches.length > 0,
+    matches,
+  };
+}

package/backend/detectors/msh-supplement/index.js

@@ -0,0 +1,107 @@
+import { scanCtfScramble } from './d1-obfuscation.js';
+import { scanPersistence } from './d2-persistence.js';
+import { scanGeoKillswitch } from './d3-geo-killswitch.js';
+import { scanC2DeadDrop } from './d4-c2-deaddrop.js';
+import { attachProvenance } from '../../provenance.js';
+
+const RULE_SEVERITY = {
+  D1: 'critical',
+  D2: 'critical',
+  D3: 'high',
+  D4: 'critical',
+};
+
+const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low', 'info', 'none'];
+
+function highestSeverity(severities) {
+  for (const s of SEVERITY_ORDER) {
+    if (severities.includes(s)) return s;
+  }
+  return 'none';
+}
+
+export async function scan(pkgJson, files = [], registryMeta = null, allFiles = null) {
+  const fileList = allFiles || files || [];
+  const pkgName = pkgJson?.name || 'unknown';
+  const pkgVersion = pkgJson?.version || '0.0.0';
+
+  const d1Results = scanCtfScramble(fileList);
+  if (d1Results.stopCondition) {
+    const evidence = attachProvenance({
+      rule: 'MSH-OBF-001',
+      campaign: 'MINI_SHAI_HULUD',
+      triggeredChecks: ['D1'],
+      filePath: d1Results.filePath,
+      patternMatched: d1Results.patternMatched,
+      action: 'BLOCK_IMMEDIATELY',
+    }, {
+      ruleId: 'MSH-OBF-001',
+      ruleName: 'ctf-scramble-v2 Obfuscation Detection',
+      severity: 'CRITICAL',
+      campaignName: 'Mini Shai-Hulud',
+      pkgName,
+      pkgVersion,
+      triggered: true,
+      severity: 'critical',
+      indicators: [{ type: 'obfuscation_found', value: d1Results.patternMatched }],
+      ruleProvenanceUrl: 'https://github.com/lateos/npm-scan/blob/main/backend/detectors/msh-supplement/d1-obfuscation.js',
+      campaignSourceUrl: 'https://security.researcher.org/supply-chain-report',
+    });
+
+    return [{
+      id: 'MINI_SHAI_HULUD',
+      severity: 'critical',
+      title: 'Mini Shai-Hulud worm campaign — ctf-scramble-v2 malware obfuscation detected',
+      description: 'HALT: ctf-scramble-v2 obfuscation layer detected. Package is compromised. Block install immediately.',
+      evidence: JSON.stringify(evidence),
+      mitigation: 'BLOCK IMMEDIATELY. Do not install this package version. Revoke any npm tokens exposed to this package. Rotate all CI/CD secrets. Run full malware scan on any system that processed this package.',
+      stopCondition: true,
+    }];
+  }
+
+  const results = {
+    D2: scanPersistence(pkgJson, fileList),
+    D3: scanGeoKillswitch(fileList),
+    D4: scanC2DeadDrop(fileList),
+  };
+
+  const triggered = Object.entries(results)
+    .filter(([_, r]) => r.triggered)
+    .map(([id]) => id);
+
+  if (triggered.length === 0) return [];
+
+  const severity = highestSeverity(triggered.map(id => RULE_SEVERITY[id]));
+
+  const evidence = attachProvenance({
+    campaign: 'MINI_SHAI_HULUD',
+    triggeredChecks: triggered,
+    details: Object.fromEntries(
+      Object.entries(results).filter(([_, r]) => r.triggered)
+    ),
+  }, {
+    ruleId: 'MSH-SUPPLEMENT',
+    ruleName: 'Mini Shai-Hulud Supplement Detection',
+    severity: severity.toUpperCase(),
+    campaignName: 'Mini Shai-Hulud',
+    pkgName,
+    pkgVersion,
+    triggered: true,
+    severity,
+    indicators: triggered.map(id => ({
+      type: `rule_${id}`,
+      value: RULE_SEVERITY[id],
+    })),
+    ruleProvenanceUrl: 'https://github.com/lateos/npm-scan/blob/main/backend/detectors/msh-supplement/',
+    campaignSourceUrl: 'https://security.researcher.org/supply-chain-report',
+  });
+
+  return [{
+    id: 'MINI_SHAI_HULUD',
+    severity,
+    title: 'Mini Shai-Hulud worm campaign — supplement indicators',
+    description: `${triggered.length} signal(s): ${triggered.join(', ')}`,
+    evidence: JSON.stringify(evidence),
+    mitigation: 'If daemonization detected: revoke npm tokens and rotate CI/CD secrets. If geographic killswitch detected: verify running in expected region; attacker may be avoiding certain locales. If C2 dead-drop detected: check for unauthorized GitHub API access and token exfiltration. Review recent version publish history for anomalous bursts.',
+  }];
+}

package/backend/detectors/typosquat-vpmdhaj/d1-maintainer.js

@@ -0,0 +1,77 @@
+const BLOCKED_MAINTAINERS = ['vpmdhaj'];
+const VPMDHAJ_PREFIX_RE = /^vpmdhaj-/;
+const TYPOSQUAT_TARGETS = [
+  'opensearch-setup', 'env-config-manager',
+  'express', 'lodash', 'axios', 'react', 'vue', 'angular',
+  'babel', 'webpack', 'typescript', 'moment', 'dotenv',
+];
+
+function levenshteinDistance(a, b) {
+  const m = a.length, n = b.length;
+  const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+  for (let i = 0; i <= m; i++) dp[i][0] = i;
+  for (let j = 0; j <= n; j++) dp[0][j] = j;
+  for (let i = 1; i <= m; i++) {
+    for (let j = 1; j <= n; j++) {
+      dp[i][j] = a[i - 1] === b[j - 1] ? dp[i - 1][j - 1] : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+    }
+  }
+  return dp[m][n];
+}
+
+export function scanMaintainerAnomaly(pkgJson, registryMeta) {
+  const pkgName = pkgJson?.name || '';
+  const currentVersion = pkgJson?.version || '';
+  const versionMeta = registryMeta?.versions?.[currentVersion];
+  const publisherName = versionMeta?._npmUser?.name || '';
+
+  if (BLOCKED_MAINTAINERS.includes(publisherName)) {
+    return {
+      triggered: true,
+      stopCondition: true,
+      maintainer: publisherName,
+      suspiciousAliases: [],
+      reason: 'Blocked maintainer detected',
+    };
+  }
+
+  if (VPMDHAJ_PREFIX_RE.test(pkgName)) {
+    return {
+      triggered: true,
+      stopCondition: true,
+      maintainer: publisherName || 'unknown',
+      suspiciousAliases: [pkgName],
+      reason: 'Package name matches vpmdhaj attacker namespace',
+    };
+  }
+
+  const suspiciousAliases = [];
+  for (const target of TYPOSQUAT_TARGETS) {
+    if (pkgName.includes(target) && pkgName !== target && !pkgName.startsWith('@')) {
+      const dist = levenshteinDistance(pkgName.toLowerCase(), target.toLowerCase());
+      if (dist <= 2 && dist > 0) {
+        suspiciousAliases.push(pkgName);
+      }
+    }
+  }
+  if (pkgName.toLowerCase().includes('opensearch')) {
+    suspiciousAliases.push(pkgName);
+  }
+  if (pkgName.toLowerCase().includes('env-config') || pkgName.toLowerCase().includes('envconfig')) {
+    suspiciousAliases.push(pkgName);
+  }
+
+  if (suspiciousAliases.length > 0) {
+    return {
+      triggered: true,
+      stopCondition: false,
+      maintainer: publisherName || 'unknown',
+      suspiciousAliases,
+      reason: 'Package name typosquats popular package',
+    };
+  }
+
+  return { triggered: false, stopCondition: false, maintainer: '', suspiciousAliases: [], reason: '' };
+}
+
+export { BLOCKED_MAINTAINERS };

package/backend/detectors/typosquat-vpmdhaj/d2-preinstall-loader.js

@@ -0,0 +1,37 @@
+const SUSPICIOUS_HOOKS = ['preinstall'];
+const LOADER_SCRIPTS = ['setup.mjs', 'loader.js', 'stager.js', 'init.mjs'];
+const BUN_RUN_RE = /\bbun\s+run\b/;
+const NODE_SETUP_RE = /\bnode\s+(setup\.mjs|init\.mjs|loader\.js|stager\.js)\b/;
+const PREINSTALL_STAGER_RE = /preinstall\s*[:=]/;
+
+export function scanPreinstallLoader(pkgJson) {
+  const scripts = pkgJson?.scripts || {};
+  const triggered = [];
+
+  for (const hook of SUSPICIOUS_HOOKS) {
+    const cmd = scripts[hook];
+    if (!cmd) continue;
+
+    const details = { hookType: hook, hookCommand: cmd };
+
+    if (BUN_RUN_RE.test(cmd)) {
+      details.runtimeAbuse = 'Bun as stealthy loader';
+      triggered.push(details);
+    } else if (NODE_SETUP_RE.test(cmd)) {
+      const match = cmd.match(/node\s+(setup\.mjs|init\.mjs|loader\.js|stager\.js)\b/);
+      details.generation = match && match[1] === 'stager.js' ? 2 : 1;
+      triggered.push(details);
+    } else {
+      triggered.push(details);
+    }
+  }
+
+  if (triggered.length > 0) {
+    return {
+      triggered: true,
+      details: triggered,
+    };
+  }
+
+  return { triggered: false, details: [] };
+}

package/backend/detectors/typosquat-vpmdhaj/d3-cred-exfil.js

@@ -0,0 +1,66 @@
+const AWS_IMDS_RE = /169\.254\.169\.254/;
+const ECS_CRED_RE = /AWS_CONTAINER_AUTHORIZATION_TOKEN|AWS_CONTAINER_CREDENTIALS_FULL_URI/;
+const VAULT_CRED_RE = /VAULT_ADDR|VAULT_TOKEN/;
+const GITHUB_TOKEN_RE = /GITHUB_TOKEN|GH_TOKEN/;
+const AWS_ACCESS_KEY_RE = /AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AWS_SESSION_TOKEN/;
+const BASE64_OBFUSCATION_RE = /Buffer\.from\([^)]+['"]base64['"]\)|btoa\(|atob\(/;
+const HTTP_POST_EXFIL_RE = /(?:fetch|axios|request|got|curl)\s*\([^)]*(?:https?:\/\/[^'"\s)\]]+)[^)]*(?:method\s*[:=]\s*['"]POST['"]|\.post\s*\()/;
+const DOMAIN_EXFIL_RE = /(?:fetch|axios|request|got|curl)\s*\(['"](?:https?:\/\/)?[^'"\s)\]]*\.[^'"\s)\]]{2,}[^)]*\)/;
+
+const TARGET_ENV_VARS = {
+  AWS: ['AWS_CONTAINER_CREDENTIALS_FULL_URI', 'AWS_CONTAINER_AUTHORIZATION_TOKEN', 'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN'],
+  VAULT: ['VAULT_ADDR', 'VAULT_TOKEN'],
+  GITHUB: ['GITHUB_TOKEN', 'GH_TOKEN'],
+};
+
+export function scanCredExfil(files = [], pkgJson) {
+  const code = files.map(f => f.content || '').join('\n');
+  if (!code) return { triggered: false, targets: [], exfilMethod: null, detectedEnvVars: [] };
+
+  const targets = [];
+  const detectedEnvVars = [];
+
+  if (AWS_IMDS_RE.test(code)) targets.push('AWS_IMDSv2');
+  if (ECS_CRED_RE.test(code)) {
+    targets.push('ECS_TASK_ROLE');
+    for (const v of TARGET_ENV_VARS.AWS) {
+      if (code.includes(v)) detectedEnvVars.push(v);
+    }
+  }
+  if (VAULT_CRED_RE.test(code)) {
+    targets.push('VAULT_CREDENTIALS');
+    for (const v of TARGET_ENV_VARS.VAULT) {
+      if (code.includes(v)) detectedEnvVars.push(v);
+    }
+  }
+  if (GITHUB_TOKEN_RE.test(code)) {
+    targets.push('GITHUB_TOKEN');
+    for (const v of TARGET_ENV_VARS.GITHUB) {
+      if (code.includes(v)) detectedEnvVars.push(v);
+    }
+  }
+  if (AWS_ACCESS_KEY_RE.test(code)) {
+    targets.push('AWS_ACCESS_KEYS');
+    for (const v of TARGET_ENV_VARS.AWS) {
+      if (code.includes(v) && !detectedEnvVars.includes(v)) detectedEnvVars.push(v);
+    }
+  }
+
+  if (targets.length === 0) return { triggered: false, targets: [], exfilMethod: null, detectedEnvVars: [] };
+
+  let exfilMethod = null;
+  if (HTTP_POST_EXFIL_RE.test(code)) {
+    exfilMethod = 'HTTP POST to attacker domain';
+  } else if (DOMAIN_EXFIL_RE.test(code)) {
+    exfilMethod = 'HTTP request to external domain';
+  } else if (BASE64_OBFUSCATION_RE.test(code)) {
+    exfilMethod = 'Base64 obfuscation of credential strings';
+  }
+
+  return {
+    triggered: true,
+    targets,
+    exfilMethod: exfilMethod || 'Suspicious credential access pattern',
+    detectedEnvVars,
+  };
+}