@mlvscan/wasm-core 1.3.0 → 1.3.2

package/README.md

@@ -104,7 +104,7 @@ const result = await scanAssemblyWithConfig(bytes, 'MyMod.dll', {
 | `isMockScanner()` | `boolean` | True when running in mock mode. |
 | `getScannerStatus()` | `ScannerStatus` | Full status snapshot — ready, mock, explicit mock, and init error. |
 | `getScannerVersion()` | `Promise<string>` | Scanner engine version (e.g. `"1.1.7"`). Returns `"1.0.0-mock"` in mock mode. |
-| `getSchemaVersion()` | `Promise<string>` | Result schema version (e.g. `"1.0.0"`). |
+| `getSchemaVersion()` | `Promise<string>` | Result schema version (e.g. `"1.1.0"`). |
 | `getInitError()` | `Error \| null` | The error that caused WASM fallback, or null if healthy. |
 
 ## Scan Modes
@@ -145,13 +145,14 @@ The root object returned by all scan functions.
 ```ts
 interface ScanResult {
   schemaVersion: string
-  metadata: ScanMetadata       // Scanner version, timestamp, scan mode, platform
+  metadata: ScanMetadata       // Core/platform/scanner versions, timestamp, scan mode, platform
   input: ScanInput             // File name, size, optional SHA-256
   summary: ScanSummary         // Total findings and counts by severity
   findings: Finding[]          // Individual security findings
   callChains?: CallChain[]     // Detailed mode: execution paths
   dataFlows?: DataFlowChain[]  // Developer mode: source-to-sink data flows
   developerGuidance?: DeveloperGuidance[] // Developer mode: remediation suggestions
+  threatFamilies?: ThreatFamily[] // Optional malware family classification matches
 }
 ```
 
@@ -159,11 +160,18 @@ interface ScanResult {
 
 ```ts
 interface Finding {
+  id?: string
   ruleId?: string
   description: string
   severity: 'Low' | 'Medium' | 'High' | 'Critical'
   location: string       // Type/method name or file:line
   codeSnippet?: string
+  riskScore?: number
+  callChainId?: string
+  dataFlowChainId?: string
+  developerGuidance?: DeveloperGuidance
+  callChain?: CallChain
+  dataFlowChain?: DataFlowChain
 }
 ```
 

package/dist/_framework/blazor.boot.json

@@ -1,7 +1,7 @@
 {
   "mainAssemblyName": "MLVScan.WASM.dll",
   "resources": {
-    "hash": "sha256-S9I9g3OEWVVXD+q9ftG1DyITG+uRCXv7z2NLRQP/A/Q=",
+    "hash": "sha256-WzaSqsHY/ngA9UnAUjRQExmlVfKt/FZKcrg6r191+KE=",
     "jsModuleNative": {
       "dotnet.native.js": "sha256-clxzGaAFwcQ6QWhwQ7dzpD9ktR/87yTache3B45gqoQ="
     },
@@ -9,7 +9,7 @@
       "dotnet.runtime.js": "sha256-TGUqQm2/C+r+yZ5BCjd72qyLw9wv0KPFKzKXk/giiyY="
     },
     "wasmNative": {
-      "dotnet.native.wasm": "sha256-1r/HLMZN8wCaUAeJ64VS4EurUw6l/LOurifpBTQJwTs="
+      "dotnet.native.wasm": "sha256-PfaTGtSMdfmgXwONKJpmizaQAAEZ8/FrXU/wN3V8u54="
     },
     "wasmSymbols": {
       "dotnet.native.js.symbols": "sha256-/ELUOKLImoJAjzIqE+KihhRrJ03tbCU4XEx8ed80i28="
@@ -20,21 +20,21 @@
       "icudt_no_CJK.dat": "sha256-L7sV7NEYP37/Qr2FPCePo5cJqRgTXRwGHuwF5Q+0Nfs="
     },
     "assembly": {
-      "MLVScan.Core.wasm": "sha256-bcRSGCccOVhJ7/OnmL+dYpnqZeSb4qWCgAkKy3yoU1w=",
-      "MLVScan.WASM.wasm": "sha256-2FCjgRO/c5Oqzj9TKqLclanWvfToeL+yx/Gs4YYJNEg=",
+      "MLVScan.Core.wasm": "sha256-UOVEukjFMh9C0o56flSpP0COom+zTANQ5aWX7eYJRws=",
+      "MLVScan.WASM.wasm": "sha256-zHbvE/pqdDhZDh0Rcb4g6bwI33DzaktmppYrugorFrY=",
       "Mono.Cecil.wasm": "sha256-Wb+vzfNGLnGGDRhJupS658/i47mVwABGEw9O0N97dlY=",
-      "System.Collections.Concurrent.wasm": "sha256-eN14sCdgiwv1l3/db6DYyAZeqPeCzrvBhgjUTJ9Tt50=",
+      "System.Collections.Concurrent.wasm": "sha256-wPVt+aIQOacLbnApfKS4CEzdPtO2romuWNhPI/BrfHw=",
       "System.Collections.wasm": "sha256-TRwwb/PWxTAKfplBNqMkn14z5rNLvuy459MunrnseDo=",
       "System.IO.Compression.wasm": "sha256-zPnVmOjOHN/V1tNLjZurM9T/xj1LXcVlKv+emtlb3gA=",
-      "System.Linq.wasm": "sha256-EaoN/Pq8kexTC9+lrF3dsOItUMaSTH/m800NJbFN1gU=",
+      "System.Linq.wasm": "sha256-6ZZSoscz648hxEttQf2qnpT8NL3KWI5iQpw8xgFCzoM=",
       "System.Memory.wasm": "sha256-csnkwt/JrsppyyW/C58TooGjK2jHvla7al1hV1pbTm4=",
-      "System.Private.CoreLib.wasm": "sha256-A5Lw0hoErVlyCqJTENA4AxGHGQ6th5IDN2bUCSVvHL8=",
+      "System.Private.CoreLib.wasm": "sha256-4YKIybhVOZXF2BNG+gFHVQNY43dFF3PFAcxMadtkDRA=",
       "System.Private.Uri.wasm": "sha256-Bp03tn762qScySUTOuLj6kB8+wrYiW5mmtkkUunGdoE=",
       "System.Runtime.InteropServices.JavaScript.wasm": "sha256-knh9wD83/GTpX28IRzoUJy42zEAtXZdBUcckFTm6bzw=",
       "System.Security.Cryptography.wasm": "sha256-1yetTxYoa9Mv2JdPd07A9bKVQKSs1o/cCS66raJYlMQ=",
       "System.Text.Encodings.Web.wasm": "sha256-nPDcUnKJT3K4bYAjeaZI+9dn3OmAWOVz87kkXfy7znA=",
       "System.Text.Json.wasm": "sha256-YqFU/f7TzL6PVK+O6A8w9jacqj/wZV9AhaJVvQuWNYI=",
-      "System.Text.RegularExpressions.wasm": "sha256-DTmagJTxx7Gf9S3zUZ0drS+twu2qoMpVIHtoWPT85oA="
+      "System.Text.RegularExpressions.wasm": "sha256-siRj+T2Ah8aAKSudsqa7A0+kHH9PjRmdcxD8cWlZtVo="
     },
     "vfs": {
       "runtimeconfig.bin": {

package/dist/generated/mlvscan-schema.d.ts

@@ -0,0 +1,132 @@
+export type CallChainNodeType = 'EntryPoint' | 'IntermediateCall' | 'SuspiciousDeclaration';
+export type DataFlowNodeType = 'Source' | 'Transform' | 'Sink' | 'Intermediate';
+export type DataFlowPattern = 'Legitimate' | 'DownloadAndExecute' | 'DataExfiltration' | 'DynamicCodeLoading' | 'CredentialTheft' | 'RemoteConfigLoad' | 'ObfuscatedPersistence' | 'EmbeddedResourceDropAndExecute' | 'Unknown';
+export type FindingVisibility = 'Default' | 'Advanced';
+export type ScanMode = 'summary' | 'detailed' | 'developer';
+export type ScanPlatform = 'core' | 'wasm' | 'cli' | 'server' | 'desktop' | 'mcp';
+export declare const MLVSCAN_SCHEMA_VERSION: "1.2.0";
+export type SchemaVersion = typeof MLVSCAN_SCHEMA_VERSION;
+export type Severity = 'Low' | 'Medium' | 'High' | 'Critical';
+export type ThreatDispositionClassification = 'Clean' | 'Suspicious' | 'KnownThreat';
+export type ThreatMatchKind = 'ExactSampleHash' | 'BehaviorVariant';
+export interface ScanResult {
+    schemaVersion: SchemaVersion;
+    metadata: ScanMetadata;
+    input: ScanInput;
+    summary: ScanSummary;
+    findings: Finding[];
+    callChains?: CallChain[] | null;
+    dataFlows?: DataFlowChain[] | null;
+    developerGuidance?: DeveloperGuidance[] | null;
+    threatFamilies?: ThreatFamily[] | null;
+    disposition?: ThreatDisposition | null;
+}
+export interface CallChain {
+    id?: string | null;
+    ruleId?: string | null;
+    description: string;
+    severity: Severity;
+    nodes: CallChainNode[];
+}
+export interface CallChainNode {
+    nodeType: CallChainNodeType;
+    location: string;
+    description: string;
+    codeSnippet?: string | null;
+}
+export interface DataFlowChain {
+    id?: string | null;
+    description: string;
+    severity: Severity;
+    pattern: DataFlowPattern;
+    sourceVariable?: string | null;
+    methodLocation?: string | null;
+    isCrossMethod: boolean;
+    isSuspicious: boolean;
+    callDepth: number;
+    involvedMethods?: string[] | null;
+    nodes: DataFlowNode[];
+}
+export interface DataFlowNode {
+    nodeType: DataFlowNodeType;
+    location: string;
+    operation: string;
+    dataDescription: string;
+    instructionOffset: number;
+    methodKey?: string | null;
+    isMethodBoundary: boolean;
+    targetMethodKey?: string | null;
+    codeSnippet?: string | null;
+}
+export interface DeveloperGuidance {
+    ruleId?: string | null;
+    ruleIds?: string[] | null;
+    remediation: string;
+    documentationUrl?: string | null;
+    alternativeApis?: string[] | null;
+    isRemediable: boolean;
+}
+export interface Finding {
+    id?: string | null;
+    ruleId?: string | null;
+    description: string;
+    severity: Severity;
+    location: string;
+    codeSnippet?: string | null;
+    riskScore?: number | null;
+    callChainId?: string | null;
+    dataFlowChainId?: string | null;
+    developerGuidance?: DeveloperGuidance | null;
+    callChain?: CallChain | null;
+    dataFlowChain?: DataFlowChain | null;
+    visibility?: FindingVisibility | null;
+}
+export interface ScanInput {
+    fileName: string;
+    sizeBytes: number;
+    sha256Hash?: string | null;
+}
+export interface ScanMetadata {
+    coreVersion: string;
+    platformVersion: string;
+    timestamp: string;
+    scanMode: ScanMode;
+    platform: ScanPlatform;
+    scannerVersion: string;
+}
+export interface ScanSummary {
+    totalFindings: number;
+    countBySeverity: Record<string, number>;
+    triggeredRules: string[];
+}
+export interface ThreatDisposition {
+    classification: ThreatDispositionClassification;
+    headline: string;
+    summary: string;
+    blockingRecommended: boolean;
+    primaryThreatFamilyId?: string | null;
+    relatedFindingIds: string[];
+}
+export interface ThreatFamily {
+    familyId: string;
+    variantId: string;
+    displayName: string;
+    summary: string;
+    matchKind: ThreatMatchKind;
+    confidence: number;
+    exactHashMatch: boolean;
+    matchedRules: string[];
+    advisorySlugs: string[];
+    evidence: ThreatFamilyEvidence[];
+}
+export interface ThreatFamilyEvidence {
+    kind: string;
+    value: string;
+    ruleId?: string | null;
+    location?: string | null;
+    callChainId?: string | null;
+    dataFlowChainId?: string | null;
+    pattern?: string | null;
+    methodLocation?: string | null;
+    confidence?: number | null;
+}

package/dist/generated/mlvscan-schema.js

@@ -0,0 +1,3 @@
+// <auto-generated />
+// Generated by MLVScan.SchemaGen. Do not edit manually.
+export const MLVSCAN_SCHEMA_VERSION = '1.2.0';

package/dist/index.d.ts

@@ -18,7 +18,7 @@
  * const result = await scanAssembly(dllBytes, 'MyMod.dll')
  * ```
  */
-import type { ScanConfigInput, ScanResult } from './types';
+import { type ScanConfigInput, type ScanResult } from './types.js';
 /**
  * Options for initializing the WASM scanner.
  *
@@ -118,8 +118,8 @@ export declare function getScannerStatus(): ScannerStatus;
  */
 export declare function getScannerVersion(): Promise<string>;
 /**
- * Returns the scan result schema version (e.g. `"1.0.0"`). In mock mode returns
- * `"1.0.0"`. Initializes the scanner if not yet initialized.
+ * Returns the scan result schema version (e.g. `"1.2.0"`). In mock mode returns
+ * the generated schema version constant. Initializes the scanner if not yet initialized.
  *
  * @throws When the real WASM is loaded but the schema version call fails.
  */

package/dist/index.js

@@ -18,6 +18,7 @@
  * const result = await scanAssembly(dllBytes, 'MyMod.dll')
  * ```
  */
+import { MLVSCAN_SCHEMA_VERSION, } from './types.js';
 let scannerExports = null;
 let scannerLoaded = false;
 let dotnetModule = null;
@@ -27,8 +28,10 @@ let initError = null;
 /** True when mock was explicitly requested via options; false when fallback due to error. */
 let mockRequestedExplicitly = false;
 const mockScanResult = {
-    schemaVersion: '1.0.0',
+    schemaVersion: MLVSCAN_SCHEMA_VERSION,
     metadata: {
+        coreVersion: '1.0.0-mock',
+        platformVersion: '1.0.0-mock',
         scannerVersion: '1.0.0-mock',
         timestamp: new Date().toISOString(),
         scanMode: 'summary',
@@ -248,8 +251,8 @@ export async function getScannerVersion() {
     }
 }
 /**
- * Returns the scan result schema version (e.g. `"1.0.0"`). In mock mode returns
- * `"1.0.0"`. Initializes the scanner if not yet initialized.
+ * Returns the scan result schema version (e.g. `"1.2.0"`). In mock mode returns
+ * the generated schema version constant. Initializes the scanner if not yet initialized.
  *
  * @throws When the real WASM is loaded but the schema version call fails.
  */
@@ -258,7 +261,7 @@ export async function getSchemaVersion() {
         await initScanner();
     }
     if (useMockScanner || !scannerExports?.MLVScan?.WASM?.ScannerExports) {
-        return '1.0.0';
+        return MLVSCAN_SCHEMA_VERSION;
     }
     try {
         return scannerExports.MLVScan.WASM.ScannerExports.GetSchemaVersion();

package/dist/types.d.ts

@@ -1,143 +1,5 @@
-/**
- * MLVScan scan result and finding types.
- *
- * These match the JSON schema produced by MLVScan.WASM. Use with {@link scanAssembly}
- * from the main package.
- */
-/** Root object returned by a scan. Contains metadata, input info, summary, and findings. */
-export interface ScanResult {
-    /** Schema version of this result (e.g. "1.0.0"). */
-    schemaVersion: string;
-    /** Scanner and scan run metadata. */
-    metadata: ScanMetadata;
-    /** The assembly that was scanned. */
-    input: ScanInput;
-    /** Aggregated counts and triggered rules. */
-    summary: ScanSummary;
-    /** Individual security/relevance findings. */
-    findings: Finding[];
-    /** Optional call chains for detailed mode. */
-    callChains?: CallChain[];
-    /** Optional data flow chains for developer mode. */
-    dataFlows?: DataFlowChain[];
-    /** Optional remediation guidance for developer mode. */
-    developerGuidance?: DeveloperGuidance[];
-    /** Optional known malware family matches derived from threat-intel classification. */
-    threatFamilies?: ThreatFamily[];
-}
-/** Metadata about the scanner and this scan run. */
-export interface ScanMetadata {
-    scannerVersion: string;
-    /** ISO 8601 timestamp of the scan. */
-    timestamp: string;
-    /** Level of detail: summary, detailed (with call chains), or developer (with data flows and guidance). */
-    scanMode: 'summary' | 'detailed' | 'developer';
-    /** Where the scan ran: wasm, cli, server, or desktop. */
-    platform: 'wasm' | 'cli' | 'server' | 'desktop';
-}
-/** Describes the assembly that was scanned. */
-export interface ScanInput {
-    fileName: string;
-    sizeBytes: number;
-    /** SHA-256 hash of the file when available. */
-    sha256Hash?: string;
-}
-/** Aggregated scan summary: total findings and counts by severity. */
-export interface ScanSummary {
-    totalFindings: number;
-    /** Map of severity (e.g. "Low", "Critical") to count. */
-    countBySeverity: Record<string, number>;
-    /** Rule IDs that produced at least one finding. */
-    triggeredRules: string[];
-}
-/** Finding severity level. */
-export type Severity = 'Low' | 'Medium' | 'High' | 'Critical';
-/** A single finding: one triggered rule or suspicious pattern in the assembly. */
-export interface Finding {
-    id?: string;
-    ruleId?: string;
-    description: string;
-    severity: Severity;
-    /** Human-readable location (e.g. type/method name or file:line). */
-    location: string;
-    codeSnippet?: string;
-    /** Present in detailed/developer mode when a call chain was analyzed. */
-    callChain?: CallChain;
-    /** Present in developer mode when a data flow was analyzed. */
-    dataFlowChain?: DataFlowChain;
-}
-/** A call chain from entry point to a suspicious declaration. */
-export interface CallChain {
-    id?: string;
-    ruleId?: string;
-    description: string;
-    severity: Severity;
-    nodes: CallChainNode[];
-}
-/** Role of a node in a call chain. */
-export type CallChainNodeType = 'EntryPoint' | 'IntermediateCall' | 'SuspiciousDeclaration';
-/** One node in a call chain (method or declaration). */
-export interface CallChainNode {
-    nodeType: CallChainNodeType;
-    location: string;
-    description: string;
-    codeSnippet?: string;
-}
-/** A data flow from source to sink (e.g. download and execute). */
-export interface DataFlowChain {
-    id?: string;
-    description: string;
-    severity: Severity;
-    pattern: DataFlowPattern;
-    /** Confidence score (e.g. 0–1). */
-    confidence: number;
-    sourceVariable?: string;
-    methodLocation?: string;
-    isCrossMethod: boolean;
-    involvedMethods?: string[];
-    nodes: DataFlowNode[];
-}
-/** Class of data flow pattern the chain represents. */
-export type DataFlowPattern = 'Legitimate' | 'DownloadAndExecute' | 'DataExfiltration' | 'DynamicCodeLoading' | 'CredentialTheft' | 'RemoteConfigLoad' | 'ObfuscatedPersistence' | 'Unknown';
-/** Role of a node in a data flow (source, transform, sink, or intermediate). */
-export type DataFlowNodeType = 'Source' | 'Transform' | 'Sink' | 'Intermediate';
-/** One node in a data flow chain. */
-export interface DataFlowNode {
-    nodeType: DataFlowNodeType;
-    location: string;
-    operation: string;
-    dataDescription: string;
-    instructionOffset: number;
-    methodKey?: string;
-    isMethodBoundary: boolean;
-    targetMethodKey?: string;
-    codeSnippet?: string;
-}
-/** Remediation suggestion for a rule or finding (developer mode). */
-export interface DeveloperGuidance {
-    ruleId?: string;
-    remediation: string;
-    documentationUrl?: string;
-    alternativeApis?: string[];
-    isRemediable: boolean;
-}
-export type ThreatMatchKind = 'ExactSampleHash' | 'BehaviorVariant';
-export interface ThreatFamilyEvidence {
-    kind: string;
-    value: string;
-}
-export interface ThreatFamily {
-    familyId: string;
-    variantId: string;
-    displayName: string;
-    summary: string;
-    matchKind: ThreatMatchKind;
-    confidence: number;
-    exactHashMatch: boolean;
-    matchedRules: string[];
-    advisorySlugs: string[];
-    evidence: ThreatFamilyEvidence[];
-}
+export { MLVSCAN_SCHEMA_VERSION, } from './generated/mlvscan-schema.js';
+export type { CallChain, CallChainNode, CallChainNodeType, DataFlowChain, DataFlowNode, DataFlowNodeType, DataFlowPattern, DeveloperGuidance, Finding, FindingVisibility, ScanInput, ScanMetadata, ScanMode, ScanPlatform, ScanResult, ScanSummary, SchemaVersion, Severity, ThreatDisposition, ThreatDispositionClassification, ThreatFamily, ThreatFamilyEvidence, ThreatMatchKind, } from './generated/mlvscan-schema.js';
 export interface DeepBehaviorAnalysisConfig {
     enableDeepAnalysis?: boolean;
     emitDiagnosticFindings?: boolean;

package/dist/types.js

@@ -1,7 +1 @@
-/**
- * MLVScan scan result and finding types.
- *
- * These match the JSON schema produced by MLVScan.WASM. Use with {@link scanAssembly}
- * from the main package.
- */
-export {};
+export { MLVSCAN_SCHEMA_VERSION, } from './generated/mlvscan-schema.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mlvscan/wasm-core",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "WebAssembly core for MLVScan - scanning Unity mods in the browser",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",