hulud-party-scanner 1.0.1 → 1.0.2

package/README.md

@@ -1,3 +1,15 @@
+# hulud-party-scanner
+
 Project integrity scanner for known vulnerabilities and suspicious patterns related to the Shai-Hulud supply-chain attack.
 
-This project is a Node.js implementation based on the original shell script from [sng-jroji/hulud-party](https://github.com/sng-jroji/hulud-party).
+This project is a Node.js implementation based on the original shell script from [sngular/shai-hulud-integrity-scanner](https://github.com/sngular/shai-hulud-integrity-scanner).
+
+## Usage
+
+To scan a project, run the following command in your terminal. You can target a specific directory or run it in your current directory.
+
+```bash
+npx hulud-party-scanner "/path/to/your/project"
+```
+
+Si no se especifica una ruta, el escáner se ejecutará en el directorio actual.

package/compromised-libs.txt

@@ -1,7 +1,3 @@
-# This file contains 517 confirmed compromised package versions from the complete JFrog analysis
-# The Shai-Hulud attack was self-replicating, so new compromised packages may still be discovered
-#
-# Sources: StepSecurity, Wiz.io, Semgrep, JFrog security advisories
 # Format: package_name:version
 #
 # MAINTAINING THIS LIST:
@@ -14,56 +10,39 @@
 #   * https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages
 # - Format: one package:version per line
 # - Lines starting with # are comments and will be ignored
-#
-# DO NOT REMOVE EXISTING PACKAGES - only add new ones as they are discovered
-
-# @ctrl namespace - primary targets
-@ctrl/tinycolor:4.1.0
-@ctrl/tinycolor:4.1.1
-@ctrl/tinycolor:4.1.2
-@ctrl/deluge:1.2.0
-@ctrl/deluge:7.2.1
-@ctrl/deluge:7.2.2
-@ctrl/golang-template:1.4.2
-@ctrl/golang-template:1.4.3
-@ctrl/magnet-link:4.0.3
-@ctrl/magnet-link:4.0.4
 
-# @ahmedhfarag namespace
 @ahmedhfarag/ngx-perfect-scrollbar:20.0.20
 @ahmedhfarag/ngx-virtual-scroller:4.0.4
-
-# @art-ws namespace - 16+ packages
 @art-ws/common:2.0.22
 @art-ws/common:2.0.28
 @art-ws/config-eslint:2.0.4
 @art-ws/config-eslint:2.0.5
 @art-ws/config-ts:2.0.7
 @art-ws/config-ts:2.0.8
+@art-ws/db-context:2.0.21
 @art-ws/db-context:2.0.24
+@art-ws/di-node:2.0.13
 @art-ws/di:2.0.28
 @art-ws/di:2.0.32
-@art-ws/di-node:2.0.13
 @art-ws/eslint:1.0.5
 @art-ws/eslint:1.0.6
 @art-ws/fastify-http-server:2.0.24
 @art-ws/fastify-http-server:2.0.27
 @art-ws/http-server:2.0.21
 @art-ws/http-server:2.0.25
-@art-ws/openapi:0.1.9
 @art-ws/openapi:0.1.12
+@art-ws/openapi:0.1.9
 @art-ws/package-base:1.0.5
 @art-ws/package-base:1.0.6
 @art-ws/prettier:1.0.5
 @art-ws/prettier:1.0.6
 @art-ws/slf:2.0.15
 @art-ws/slf:2.0.22
-@art-ws/ssl-info:1.0.9
 @art-ws/ssl-info:1.0.10
+@art-ws/ssl-info:1.0.9
 @art-ws/web-app:1.0.3
 @art-ws/web-app:1.0.4
-
-# @crowdstrike namespace - 25+ packages
+@basic-ui-components-stc/basic-ui-components:1.0.5
 @crowdstrike/commitlint:8.1.1
 @crowdstrike/commitlint:8.1.2
 @crowdstrike/falcon-shoelace:0.4.1
@@ -82,12 +61,104 @@
 @crowdstrike/logscale-search:1.205.2
 @crowdstrike/tailwind-toucan-base:5.0.1
 @crowdstrike/tailwind-toucan-base:5.0.2
-
-# @hestjs namespace
-@hestjs/core:1.0.1
-@hestjs/core:1.0.2
-
-# @nstudio namespace - multiple packages with various versions
+@ctrl/deluge:7.2.1
+@ctrl/deluge:7.2.2
+@ctrl/golang-template:1.4.2
+@ctrl/golang-template:1.4.3
+@ctrl/magnet-link:4.0.3
+@ctrl/magnet-link:4.0.4
+@ctrl/ngx-codemirror:7.0.1
+@ctrl/ngx-codemirror:7.0.2
+@ctrl/ngx-csv:6.0.1
+@ctrl/ngx-csv:6.0.2
+@ctrl/ngx-emoji-mart:9.2.1
+@ctrl/ngx-emoji-mart:9.2.2
+@ctrl/ngx-rightclick:4.0.1
+@ctrl/ngx-rightclick:4.0.2
+@ctrl/qbittorrent:9.7.1
+@ctrl/qbittorrent:9.7.2
+@ctrl/react-adsense:2.0.1
+@ctrl/react-adsense:2.0.2
+@ctrl/shared-torrent:6.3.1
+@ctrl/shared-torrent:6.3.2
+@ctrl/tinycolor:4.1.1
+@ctrl/tinycolor:4.1.2
+@ctrl/torrent-file:4.1.1
+@ctrl/torrent-file:4.1.2
+@ctrl/transmission:7.3.1
+@ctrl/ts-base32:4.0.1
+@ctrl/ts-base32:4.0.2
+@hestjs/core:0.2.1
+@hestjs/cqrs:0.1.6
+@hestjs/demo:0.1.2
+@hestjs/eslint-config:0.1.2
+@hestjs/logger:0.1.6
+@hestjs/scalar:0.1.7
+@hestjs/validation:0.1.6
+@nativescript-community/arraybuffers:1.1.6
+@nativescript-community/arraybuffers:1.1.7
+@nativescript-community/arraybuffers:1.1.8
+@nativescript-community/gesturehandler:2.0.35
+@nativescript-community/perms:3.0.5
+@nativescript-community/perms:3.0.6
+@nativescript-community/perms:3.0.7
+@nativescript-community/perms:3.0.8
+@nativescript-community/perms:3.0.9
+@nativescript-community/sentry:4.6.43
+@nativescript-community/sqlite:3.5.3
+@nativescript-community/sqlite:3.5.4
+@nativescript-community/sqlite:3.5.5
+@nativescript-community/text:1.6.10
+@nativescript-community/text:1.6.11
+@nativescript-community/text:1.6.12
+@nativescript-community/text:1.6.13
+@nativescript-community/text:1.6.9
+@nativescript-community/typeorm:0.2.30
+@nativescript-community/typeorm:0.2.31
+@nativescript-community/typeorm:0.2.32
+@nativescript-community/typeorm:0.2.33
+@nativescript-community/ui-collectionview:6.0.6
+@nativescript-community/ui-document-picker:1.1.27
+@nativescript-community/ui-document-picker:1.1.28
+@nativescript-community/ui-drawer:0.1.30
+@nativescript-community/ui-image:4.5.6
+@nativescript-community/ui-label:1.3.35
+@nativescript-community/ui-label:1.3.36
+@nativescript-community/ui-label:1.3.37
+@nativescript-community/ui-material-bottom-navigation:7.2.72
+@nativescript-community/ui-material-bottom-navigation:7.2.73
+@nativescript-community/ui-material-bottom-navigation:7.2.74
+@nativescript-community/ui-material-bottom-navigation:7.2.75
+@nativescript-community/ui-material-bottomsheet:7.2.72
+@nativescript-community/ui-material-core-tabs:7.2.72
+@nativescript-community/ui-material-core-tabs:7.2.73
+@nativescript-community/ui-material-core-tabs:7.2.74
+@nativescript-community/ui-material-core-tabs:7.2.75
+@nativescript-community/ui-material-core-tabs:7.2.76
+@nativescript-community/ui-material-core:7.2.72
+@nativescript-community/ui-material-core:7.2.73
+@nativescript-community/ui-material-core:7.2.74
+@nativescript-community/ui-material-core:7.2.75
+@nativescript-community/ui-material-core:7.2.76
+@nativescript-community/ui-material-ripple:7.2.72
+@nativescript-community/ui-material-ripple:7.2.73
+@nativescript-community/ui-material-ripple:7.2.74
+@nativescript-community/ui-material-ripple:7.2.75
+@nativescript-community/ui-material-tabs:7.2.72
+@nativescript-community/ui-material-tabs:7.2.73
+@nativescript-community/ui-material-tabs:7.2.74
+@nativescript-community/ui-material-tabs:7.2.75
+@nativescript-community/ui-pager:14.1.35
+@nativescript-community/ui-pager:14.1.36
+@nativescript-community/ui-pager:14.1.37
+@nativescript-community/ui-pager:14.1.38
+@nativescript-community/ui-pulltorefresh:2.5.4
+@nativescript-community/ui-pulltorefresh:2.5.5
+@nativescript-community/ui-pulltorefresh:2.5.6
+@nativescript-community/ui-pulltorefresh:2.5.7
+@nexe/config-manager:0.1.1
+@nexe/eslint-config:0.1.1
+@nexe/logger:0.1.3
 @nstudio/angular:20.0.4
 @nstudio/angular:20.0.5
 @nstudio/angular:20.0.6
@@ -108,10 +179,15 @@
 @nstudio/ui-collectionview:5.1.14
 @nstudio/web-angular:20.0.4
 @nstudio/web:20.0.4
+@nstudio/xplat-utils:20.0.4
 @nstudio/xplat-utils:20.0.5
 @nstudio/xplat-utils:20.0.6
-
-# @operato namespace - multiple packages with 9.0.x versions
+@nstudio/xplat-utils:20.0.7
+@nstudio/xplat:20.0.4
+@nstudio/xplat:20.0.5
+@nstudio/xplat:20.0.6
+@nstudio/xplat:20.0.7
+@operato/board:9.0.35
 @operato/board:9.0.36
 @operato/board:9.0.37
 @operato/board:9.0.38
@@ -123,6 +199,11 @@
 @operato/board:9.0.44
 @operato/board:9.0.45
 @operato/board:9.0.46
+@operato/board:9.0.47
+@operato/board:9.0.48
+@operato/board:9.0.49
+@operato/board:9.0.50
+@operato/board:9.0.51
 @operato/data-grist:9.0.29
 @operato/data-grist:9.0.35
 @operato/data-grist:9.0.36
@@ -140,6 +221,11 @@
 @operato/graphql:9.0.44
 @operato/graphql:9.0.45
 @operato/graphql:9.0.46
+@operato/graphql:9.0.47
+@operato/graphql:9.0.48
+@operato/graphql:9.0.49
+@operato/graphql:9.0.50
+@operato/graphql:9.0.51
 @operato/headroom:9.0.2
 @operato/headroom:9.0.35
 @operato/headroom:9.0.36
@@ -156,10 +242,14 @@
 @operato/help:9.0.44
 @operato/help:9.0.45
 @operato/help:9.0.46
+@operato/help:9.0.47
+@operato/help:9.0.48
+@operato/help:9.0.49
+@operato/help:9.0.50
+@operato/help:9.0.51
 @operato/i18n:9.0.35
 @operato/i18n:9.0.36
 @operato/i18n:9.0.37
-@operato/input:9.0.27
 @operato/input:9.0.35
 @operato/input:9.0.36
 @operato/input:9.0.37
@@ -172,10 +262,10 @@
 @operato/input:9.0.44
 @operato/input:9.0.45
 @operato/input:9.0.46
+@operato/input:9.0.47
+@operato/input:9.0.48
 @operato/layout:9.0.35
-@operato/layout:9.0.36
 @operato/layout:9.0.37
-@operato/popup:9.0.22
 @operato/popup:9.0.35
 @operato/popup:9.0.36
 @operato/popup:9.0.37
@@ -188,6 +278,12 @@
 @operato/popup:9.0.44
 @operato/popup:9.0.45
 @operato/popup:9.0.46
+@operato/popup:9.0.47
+@operato/popup:9.0.48
+@operato/popup:9.0.49
+@operato/popup:9.0.50
+@operato/popup:9.0.51
+@operato/pull-to-refresh:9.0.35
 @operato/pull-to-refresh:9.0.36
 @operato/pull-to-refresh:9.0.37
 @operato/pull-to-refresh:9.0.38
@@ -195,6 +291,11 @@
 @operato/pull-to-refresh:9.0.40
 @operato/pull-to-refresh:9.0.41
 @operato/pull-to-refresh:9.0.42
+@operato/pull-to-refresh:9.0.43
+@operato/pull-to-refresh:9.0.44
+@operato/pull-to-refresh:9.0.45
+@operato/pull-to-refresh:9.0.46
+@operato/pull-to-refresh:9.0.47
 @operato/shell:9.0.22
 @operato/shell:9.0.35
 @operato/shell:9.0.36
@@ -218,8 +319,11 @@
 @operato/utils:9.0.44
 @operato/utils:9.0.45
 @operato/utils:9.0.46
-
-# @teselagen namespace - multiple packages with 0.x versions
+@operato/utils:9.0.47
+@operato/utils:9.0.48
+@operato/utils:9.0.49
+@operato/utils:9.0.50
+@operato/utils:9.0.51
 @teselagen/bio-parsers:0.4.29
 @teselagen/bio-parsers:0.4.30
 @teselagen/bounce-loader:0.3.16
@@ -239,10 +343,10 @@
 @teselagen/react-table:6.10.22
 @teselagen/sequence-utils:0.3.33
 @teselagen/sequence-utils:0.3.34
-@teselagen/ui:0.9.9
 @teselagen/ui:0.9.10
-
-# @things-factory namespace - multiple packages with 9.0.x versions
+@teselagen/ui:0.9.9
+@thangved/callback-window:1.1.4
+@things-factory/attachment-base:9.0.42
 @things-factory/attachment-base:9.0.43
 @things-factory/attachment-base:9.0.44
 @things-factory/attachment-base:9.0.45
@@ -251,6 +355,12 @@
 @things-factory/attachment-base:9.0.48
 @things-factory/attachment-base:9.0.49
 @things-factory/attachment-base:9.0.50
+@things-factory/attachment-base:9.0.51
+@things-factory/attachment-base:9.0.52
+@things-factory/attachment-base:9.0.53
+@things-factory/attachment-base:9.0.54
+@things-factory/attachment-base:9.0.55
+@things-factory/auth-base:9.0.42
 @things-factory/auth-base:9.0.43
 @things-factory/auth-base:9.0.44
 @things-factory/auth-base:9.0.45
@@ -267,178 +377,23 @@
 @things-factory/email-base:9.0.52
 @things-factory/email-base:9.0.53
 @things-factory/email-base:9.0.54
+@things-factory/email-base:9.0.55
+@things-factory/email-base:9.0.56
+@things-factory/email-base:9.0.57
+@things-factory/email-base:9.0.58
+@things-factory/email-base:9.0.59
 @things-factory/env:9.0.42
 @things-factory/env:9.0.43
 @things-factory/env:9.0.44
 @things-factory/env:9.0.45
+@things-factory/integration-base:9.0.42
 @things-factory/integration-base:9.0.43
 @things-factory/integration-base:9.0.44
 @things-factory/integration-base:9.0.45
+@things-factory/integration-marketplace:9.0.42
 @things-factory/integration-marketplace:9.0.43
 @things-factory/integration-marketplace:9.0.44
 @things-factory/integration-marketplace:9.0.45
-
-# @nativescript-community namespace - 40+ packages
-@nativescript-community/push:1.0.0
-@nativescript-community/sqlite:3.5.2
-@nativescript-community/sqlite:3.5.3
-@nativescript-community/sqlite:3.5.4
-@nativescript-community/sqlite:3.5.5
-@nativescript-community/ui-material-activityindicator:7.2.49
-@nativescript-community/ui-material-bottomnavigationbar:7.2.49
-@nativescript-community/ui-material-bottomsheet:7.2.49
-@nativescript-community/ui-material-button:7.2.49
-@nativescript-community/ui-material-cardview:7.2.49
-@nativescript-community/ui-material-core:7.2.49
-@nativescript-community/ui-material-dialogs:7.2.49
-@nativescript-community/ui-material-floatingactionbutton:7.2.49
-@nativescript-community/ui-material-progress:7.2.49
-@nativescript-community/ui-material-ripple:7.2.49
-@nativescript-community/ui-material-slider:7.2.49
-@nativescript-community/ui-material-snackbar:7.2.49
-@nativescript-community/ui-material-tabs:7.2.49
-@nativescript-community/ui-material-textfield:7.2.49
-@nativescript-community/ui-material-textview:7.2.49
-
-# Popular standalone packages compromised
-angulartics2:14.1.2
-koa2-swagger-ui:5.11.1
-koa2-swagger-ui:5.11.2
-ngx-bootstrap:18.1.4
-ngx-bootstrap:19.0.3
-ngx-bootstrap:20.0.4
-ngx-bootstrap:20.0.5
-ngx-bootstrap:20.0.6
-ngx-toastr:19.0.1
-ngx-toastr:19.0.2
-
-# Additional compromised packages from JFrog comprehensive list
-@art-ws/db-context:2.0.21
-@basic-ui-components-stc/basic-ui-components:1.0.5
-@ctrl/ngx-codemirror:7.0.1
-@ctrl/ngx-csv:6.0.1
-@ctrl/ngx-emoji-mart:9.2.1
-@ctrl/ngx-rightclick:4.0.1
-@ctrl/qbittorrent:9.7.1
-@ctrl/react-adsense:2.0.1
-@ctrl/shared-torrent:6.3.1
-@ctrl/torrent-file:4.1.1
-@ctrl/ts-base32:4.0.1
-@hestjs/core:0.2.1
-@hestjs/cqrs:0.1.6
-@hestjs/demo:0.1.2
-@hestjs/eslint-config:0.1.2
-@hestjs/logger:0.1.6
-@hestjs/scalar:0.1.7
-@hestjs/validation:0.1.6
-@nativescript-community/arraybuffers:1.1.6
-@nativescript-community/arraybuffers:1.1.7
-@nativescript-community/arraybuffers:1.1.8
-@nativescript-community/perms:3.0.5
-@nativescript-community/perms:3.0.6
-@nativescript-community/perms:3.0.7
-@nativescript-community/perms:3.0.8
-@nativescript-community/perms:3.0.9
-@nativescript-community/sentry:4.6.43
-@nativescript-community/text:1.6.10
-@nativescript-community/text:1.6.11
-@nativescript-community/text:1.6.12
-@nativescript-community/text:1.6.9
-@nativescript-community/typeorm:0.2.30
-@nativescript-community/typeorm:0.2.31
-@nativescript-community/typeorm:0.2.32
-@nativescript-community/typeorm:0.2.33
-@nativescript-community/ui-document-picker:1.1.27
-@nativescript-community/ui-document-picker:1.1.28
-@nativescript-community/ui-label:1.3.35
-@nativescript-community/ui-label:1.3.36
-@nativescript-community/ui-label:1.3.37
-@nativescript-community/ui-material-bottom-navigation:7.2.72
-@nativescript-community/ui-material-bottom-navigation:7.2.73
-@nativescript-community/ui-material-bottom-navigation:7.2.74
-@nativescript-community/ui-material-bottom-navigation:7.2.75
-@nativescript-community/ui-material-core-tabs:7.2.72
-@nativescript-community/ui-material-core-tabs:7.2.73
-@nativescript-community/ui-material-core-tabs:7.2.74
-@nativescript-community/ui-material-core-tabs:7.2.75
-@nativescript-community/ui-material-core:7.2.72
-@nativescript-community/ui-material-core:7.2.73
-@nativescript-community/ui-material-core:7.2.74
-@nativescript-community/ui-material-core:7.2.75
-@nativescript-community/ui-material-ripple:7.2.72
-@nativescript-community/ui-material-ripple:7.2.73
-@nativescript-community/ui-material-ripple:7.2.74
-@nativescript-community/ui-material-ripple:7.2.75
-@nativescript-community/ui-material-tabs:7.2.72
-@nativescript-community/ui-material-tabs:7.2.73
-@nativescript-community/ui-material-tabs:7.2.74
-@nativescript-community/ui-material-tabs:7.2.75
-@nativescript-community/ui-pager:14.1.35
-@nativescript-community/ui-pager:14.1.36
-@nativescript-community/ui-pager:14.1.37
-@nativescript-community/ui-pager:14.1.38
-@nativescript-community/ui-pulltorefresh:2.5.4
-@nativescript-community/ui-pulltorefresh:2.5.5
-@nativescript-community/ui-pulltorefresh:2.5.6
-@nativescript-community/ui-pulltorefresh:2.5.7
-@nexe/config-manager:0.1.1
-@nexe/eslint-config:0.1.1
-@nexe/logger:0.1.3
-@nstudio/xplat-utils:20.0.4
-@nstudio/xplat-utils:20.0.7
-@nstudio/xplat:20.0.4
-@nstudio/xplat:20.0.5
-@nstudio/xplat:20.0.6
-@nstudio/xplat:20.0.7
-@operato/board:9.0.35
-@operato/board:9.0.47
-@operato/board:9.0.48
-@operato/board:9.0.49
-@operato/board:9.0.50
-@operato/board:9.0.51
-@operato/graphql:9.0.47
-@operato/graphql:9.0.48
-@operato/graphql:9.0.49
-@operato/graphql:9.0.50
-@operato/graphql:9.0.51
-@operato/help:9.0.47
-@operato/help:9.0.48
-@operato/help:9.0.49
-@operato/help:9.0.50
-@operato/help:9.0.51
-@operato/input:9.0.47
-@operato/input:9.0.48
-@operato/popup:9.0.47
-@operato/popup:9.0.48
-@operato/popup:9.0.49
-@operato/popup:9.0.50
-@operato/popup:9.0.51
-@operato/pull-to-refresh:9.0.35
-@operato/pull-to-refresh:9.0.43
-@operato/pull-to-refresh:9.0.44
-@operato/pull-to-refresh:9.0.45
-@operato/pull-to-refresh:9.0.46
-@operato/pull-to-refresh:9.0.47
-@operato/utils:9.0.47
-@operato/utils:9.0.48
-@operato/utils:9.0.49
-@operato/utils:9.0.50
-@operato/utils:9.0.51
-@thangved/callback-window:1.1.4
-@things-factory/attachment-base:9.0.42
-@things-factory/attachment-base:9.0.51
-@things-factory/attachment-base:9.0.52
-@things-factory/attachment-base:9.0.53
-@things-factory/attachment-base:9.0.54
-@things-factory/attachment-base:9.0.55
-@things-factory/auth-base:9.0.42
-@things-factory/email-base:9.0.55
-@things-factory/email-base:9.0.56
-@things-factory/email-base:9.0.57
-@things-factory/email-base:9.0.58
-@things-factory/email-base:9.0.59
-@things-factory/integration-base:9.0.42
-@things-factory/integration-marketplace:9.0.42
 @things-factory/shell:9.0.42
 @things-factory/shell:9.0.43
 @things-factory/shell:9.0.44
@@ -457,6 +412,7 @@ ace-colorpicker-rpk:0.0.14
 airchief:0.3.1
 airpilot:0.8.8
 angulartics2:14.1.1
+angulartics2:14.1.2
 browser-webdriver-downloader:3.0.8
 capacitor-notificationhandler:0.0.2
 capacitor-notificationhandler:0.0.3
@@ -490,6 +446,7 @@ ember-velcro:2.2.2
 encounter-playground:0.0.2
 encounter-playground:0.0.3
 encounter-playground:0.0.4
+encounter-playground:0.0.5
 eslint-config-crowdstrike-node:4.0.3
 eslint-config-crowdstrike-node:4.0.4
 eslint-config-crowdstrike:11.0.2
@@ -505,6 +462,8 @@ json-rules-engine-simplified:0.2.2
 json-rules-engine-simplified:0.2.3
 json-rules-engine-simplified:0.2.4
 jumpgate:0.0.2
+koa2-swagger-ui:5.11.1
+koa2-swagger-ui:5.11.2
 mcfly-semantic-release:1.3.1
 mcp-knowledge-base:0.0.2
 mcp-knowledge-graph:1.2.1
@@ -522,9 +481,18 @@ ng2-file-upload:8.0.1
 ng2-file-upload:8.0.2
 ng2-file-upload:8.0.3
 ng2-file-upload:9.0.1
+ngx-bootstrap:18.1.4
+ngx-bootstrap:19.0.3
 ngx-bootstrap:19.0.4
 ngx-bootstrap:20.0.3
+ngx-bootstrap:20.0.4
+ngx-bootstrap:20.0.5
+ngx-bootstrap:20.0.6
 ngx-color:10.0.1
+ngx-color:10.0.2
+ngx-toastr:19.0.1
+ngx-toastr:19.0.2
+ngx-trend:8.0.1
 ngx-ws:1.1.5
 ngx-ws:1.1.6
 oradm-to-gql:35.0.14
@@ -541,12 +509,15 @@ printjs-rpk:1.6.1
 react-complaint-image:0.0.32
 react-complaint-image:0.0.33
 react-complaint-image:0.0.34
+react-complaint-image:0.0.35
 react-jsonschema-form-conditionals:0.3.18
 react-jsonschema-form-conditionals:0.3.19
 react-jsonschema-form-conditionals:0.3.20
+react-jsonschema-form-conditionals:0.3.21
 react-jsonschema-form-extras:1.0.1
 react-jsonschema-form-extras:1.0.2
 react-jsonschema-form-extras:1.0.3
+react-jsonschema-form-extras:1.0.4
 react-jsonschema-rxnt-extras:0.4.6
 react-jsonschema-rxnt-extras:0.4.7
 react-jsonschema-rxnt-extras:0.4.8
@@ -556,13 +527,17 @@ remark-preset-lint-crowdstrike:4.0.2
 rxnt-authentication:0.0.3
 rxnt-authentication:0.0.4
 rxnt-authentication:0.0.5
+rxnt-authentication:0.0.6
 rxnt-healthchecks-nestjs:1.0.2
 rxnt-healthchecks-nestjs:1.0.3
 rxnt-healthchecks-nestjs:1.0.4
+rxnt-healthchecks-nestjs:1.0.5
 rxnt-kue:1.0.4
 rxnt-kue:1.0.5
 rxnt-kue:1.0.6
+rxnt-kue:1.0.7
 swc-plugin-component-annotate:1.9.1
+swc-plugin-component-annotate:1.9.2
 tbssnch:1.0.2
 teselagen-interval-tree:1.1.2
 tg-client-query-builder:2.14.4
@@ -573,6 +548,7 @@ tg-seq-gen:1.0.10
 tg-seq-gen:1.0.9
 thangved-react-grid:1.0.3
 ts-gaussian:3.0.5
+ts-gaussian:3.0.6
 ts-imports:1.0.1
 ts-imports:1.0.2
 tvi-cli:0.1.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hulud-party-scanner",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "preferGlobal": true,
   "bin": {
     "hulud-party-scanner": "./scan.js"

package/scan.js

@@ -3,27 +3,67 @@ const fs = require('fs');
 const https = require('https');
 const path = require('path');
 const crypto = require('crypto');
- 
+const { execSync } = require('child_process');
+
 // --- Configuration ---
-const COMPROMISED_LIST_URL = "https://raw.githubusercontent.com/migohe14/hulud-scanner/refs/heads/main/compromised-libs.txt";
-const MALICIOUS_HASH = "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09";
+const COMPROMISED_LIST_URL = "https://raw.githubusercontent.com/sngular/shai-hulud-integrity-scanner/refs/heads/main/compromised-libs.txt";
+const MALICIOUS_HASHES = new Set([
+    "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09",
+    "de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6",
+    "81d2a004a1bca6ef87a1caf7d0e0b355ad1764238e40ff6d1b1cb77ad4f595c3",
+    "83a650ce44b2a9854802a7fb4c202877815274c129af49e6c2d1d5d5d55c501e",
+    "4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db",
+    "dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c",
+    "b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777",
+    "86532ed94c5804e1ca32fa67257e1bb9de628e3e48a1f56e67042dc055effb5b",
+    "aba1fcbd15c6ba6d9b96e34cec287660fff4a31632bf76f2a766c499f55ca1ee",
+]);
+const COMPROMISED_NAMESPACES = [
+    "@crowdstrike", "@art-ws", "@ngx", "@ctrl", "@nativescript-community",
+    "@ahmedhfarag", "@operato", "@teselagen", "@things-factory", "@hestjs",
+    "@nstudio", "@basic-ui-components-stc", "@nexe", "@thangved",
+    "@tnf-dev", "@ui-ux-gang", "@yoobic"
+];
+const EXFIL_PATTERNS = ['webhook.site', 'bb8ca5f6-4175-45d2-b042-fc9ebb8170b7', 'exfiltrat'];
+const ENV_PATTERNS = ['process\\.env', 'os\\.environ', 'getenv', 'AWS_ACCESS_KEY', 'GITHUB_TOKEN', 'NPM_TOKEN'];
 
 // --- Console Colors ---
 const colors = {
     RED: '\x1b[31m',
     GREEN: '\x1b[32m',
     YELLOW: '\x1b[33m',
-    CYAN: '\x1b[36m',
     BLUE: '\x1b[34m',
+    BOLD: '\x1b[1m',
     RESET: '\x1b[0m'
 };
 
+const log = {
+    info: (msg) => console.log(`${colors.GREEN}INFO:${colors.RESET} ${msg}`),
+    warn: (msg) => console.warn(`${colors.YELLOW}${colors.BOLD}WARN:${colors.RESET} ${msg}`),
+    error: (msg) => console.error(`${colors.RED}${colors.BOLD}ERROR:${colors.RESET} ${msg}`),
+    header: (msg) => console.log(`\n${colors.BLUE}${colors.BOLD}--- ${msg} ---${colors.RESET}`),
+};
+
+/**
+ * Checks if a command exists on the system.
+ * @param {string} cmd The command to check.
+ * @returns {boolean} True if the command exists.
+ */
+function commandExists(cmd) {
+    try {
+        execSync(process.platform === 'win32' ? `where ${cmd}` : `command -v ${cmd}`, { stdio: 'ignore' });
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
 /** 
  * Downloads the list of compromised packages from GitHub.
  * @returns {Promise<Set<string>>} A Set of packages in "name@version" format.
  */
 async function getCompromisedPackages() {
-    console.log(`${colors.CYAN}🌐 Downloading compromised packages list...${colors.RESET}`);
+    log.info("Downloading compromised packages list...");
     return new Promise((resolve, reject) => {
         https.get(COMPROMISED_LIST_URL, (res) => {
             let data = '';
@@ -33,17 +73,7 @@ async function getCompromisedPackages() {
                     .split('\n')
                     .map(line => line.trim())
                     .filter(line => line && !line.startsWith('#')) // Ignore comments and empty lines
-                    .map(line => line.replace(':', '@')) // Change 'pkg:1.0.0' to 'pkg@1.0.0'
-                    .reduce((acc, line) => {
-                        // Handle lines with multiple versions like 'pkg:1.0.0, 1.0.1'
-                        const [name, versions] = line.split('@');
-                        if (versions) {
-                            versions.split(',').forEach(version => {
-                                acc.add(`${name}@${version.trim()}`);
-                            });
-                        }
-                        return acc;
-                    }, new Set());
+                    .map(line => line.replace(':', '@')); // Change 'pkg:1.0.0' to 'pkg@1.0.0'
                 resolve(packages);
             });
         }).on('error', (err) => {
@@ -52,6 +82,48 @@ async function getCompromisedPackages() {
     });
 }
 
+/** 
+ * Parses dependencies from pnpm-lock.yaml by shelling out to `pnpm`.
+ * @param {string} projectPath The root of the project.
+ * @returns {Set<string>} A Set of local dependencies.
+ */
+function parsePnpmLock(projectPath) {
+    log.info("Found pnpm-lock.yaml. Analyzing full dependency tree with PNPM...");
+    try {
+        const pnpmOutput = execSync('pnpm list --json --prod --dev', { cwd: projectPath, encoding: 'utf8', stdio: ['pipe', 'pipe', 'ignore'] });
+        const deps = JSON.parse(pnpmOutput);
+        const packages = new Set();
+        const projects = Array.isArray(deps) ? deps : [deps];
+        projects.forEach(project => {
+            if (!project.dependencies) return;
+            Object.entries(project.dependencies).forEach(([name, details]) => {
+                packages.add(`${name}@${details.version}`);
+            });
+        });
+        return packages;
+    } catch (e) {
+        log.warn("The 'pnpm list' command failed. Please run 'pnpm install'.");
+        return new Set();
+    }
+}
+
+/** 
+ * Parses dependencies from package.json as a fallback.
+ * @param {string} pkgJsonPath Path to package.json.
+ * @returns {Set<string>} A Set of local dependencies.
+ */
+function parsePackageJson(pkgJsonPath) {
+    log.warn("No lockfile found. Falling back to package.json (will miss transitive dependencies).");
+    log.info("Scanning package.json...");
+    const pkg = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf-8'));
+    const packages = new Set();
+    const allDeps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+    for (const [name, version] of Object.entries(allDeps)) {
+        packages.add(`${name}@${version.replace(/[\^~]/g, '')}`);
+    }
+    return packages;
+}
+
 /** 
  * Extracts all dependencies from a package-lock.json file.
  * Supports v1/v2 (npm 6) and v2/v3 (npm 7+) formats.
@@ -59,7 +131,7 @@ async function getCompromisedPackages() {
  * @returns {Set<string>} A Set of local dependencies in "name@version" format.
  */
 function getLocalPackages(lockfilePath) {
-    console.log(`${colors.CYAN}📦 Extracting dependencies from ${lockfilePath}...${colors.RESET}`);
+    log.info(`Extracting dependencies from ${path.basename(lockfilePath)}...`);
     if (!fs.existsSync(lockfilePath)) {
         throw new Error(`File not found: ${lockfilePath}`);
     }
@@ -67,9 +139,33 @@ function getLocalPackages(lockfilePath) {
     const lockfile = JSON.parse(fs.readFileSync(lockfilePath, 'utf-8'));
     const packages = new Set();
 
+    // Heuristic to check for yarn.lock v1 by looking for a characteristic header
+    if (path.basename(lockfilePath) === 'yarn.lock') {
+        log.info("Classic Yarn (v1) detected. Using 'yarn list'...");
+        try {
+            // Yarn v1 `list` is very slow, so we give it more time.
+            const yarnOutput = execSync('yarn list --json --no-progress', { cwd: path.dirname(lockfilePath), encoding: 'utf8', stdio: ['pipe', 'pipe', 'ignore'], timeout: 120000 });
+            const data = JSON.parse(yarnOutput);
+            if (data.type === 'tree' && data.data && data.data.trees) {
+                const extractYarnDeps = (trees) => {
+                    trees.forEach(tree => {
+                        const [name, version] = tree.name.split('@');
+                        if (version) packages.add(`${name}@${version}`);
+                        if (tree.children) extractYarnDeps(tree.children);
+                    });
+                };
+                extractYarnDeps(data.data.trees);
+            }
+            return packages;
+        } catch (e) {
+            log.warn("The 'yarn list' command failed. The project may have no dependencies installed.");
+            return new Set();
+        }
+    }
+
     // Modern format (npm 7+), 'packages' key
     if (lockfile.packages) {
-        console.log(`🔍 Analyzing lockfile format v2/v3 (npm 7+)...`);
+        log.info(`Analyzing lockfile format v2/v3 (npm 7+)...`);
         for (const [pkgPath, details] of Object.entries(lockfile.packages)) {
             if (pkgPath && details.version) {
                 // La ruta es como "node_modules/express" o "" para el root.
@@ -82,7 +178,7 @@ function getLocalPackages(lockfilePath) {
     }
     // Legacy format (npm 6), 'dependencies' key
     else if (lockfile.dependencies) {
-        console.log(`🔍 Analyzing lockfile format v1 (npm 6)...`);
+        log.info(`Analyzing lockfile format v1 (npm 6)...`);
         const extractDeps = (deps) => {
             if (!deps) return;
             for (const [name, details] of Object.entries(deps)) {
@@ -104,22 +200,27 @@ function getLocalPackages(lockfilePath) {
 }
 
 /**
- * Recursively scans a directory for files matching a known malicious hash.
+ * Recursively finds all files in a directory, ignoring node_modules, .git, and binary-like extensions.
  * @param {string} directory - The directory to scan.
- * @returns {string[]} A list of paths to malicious files.
+ * @returns {string[]} A list of file paths.
  */
-function scanForMaliciousFiles(directory) {
-    console.log(`${colors.CYAN}🔍 Scanning file signatures in ${directory}...${colors.RESET}`);
-    const maliciousFiles = [];
+function getAllFiles(directory) {
     const filesToScan = [];
+    const ignoredDirs = new Set(['node_modules', '.git']);
+    const ignoredExtensions = new Set(['.md', '.d.ts', '.png', '.jpg', '.jpeg', '.gif', '.svg', '.woff', '.woff2', '.eot', '.ttf', '.ico']);
 
-    // Get all files recursively, ignoring node_modules and .git
     function findFiles(dir) {
-        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        } catch (e) {
+            return; // Ignore permission errors
+        }
+
         for (const entry of entries) {
             const fullPath = path.join(dir, entry.name);
             if (entry.isDirectory()) {
-                if (entry.name !== 'node_modules' && entry.name !== '.git') {
+                if (!ignoredDirs.has(entry.name)) {
                     findFiles(fullPath);
                 }
             } else if (entry.isFile()) {
@@ -130,98 +231,222 @@ function scanForMaliciousFiles(directory) {
 
     findFiles(directory);
 
-    for (const file of filesToScan) {
-        const fileBuffer = fs.readFileSync(file);
-        const hashSum = crypto.createHash('sha256');
-        hashSum.update(fileBuffer);
-        const hex = hashSum.digest('hex');
+    return filesToScan.filter(file => !ignoredExtensions.has(path.extname(file)));
+}
+
+/**
+ * Scans a list of files for multiple types of threats.
+ * @param {string[]} allFiles - A list of absolute file paths to scan.
+ * @param {string} projectRoot - The root directory of the project for relative paths.
+ * @returns {object} An object containing arrays of different findings.
+ */
+function scanProjectFiles(allFiles, projectRoot) {
+    log.info(`Scanning ${allFiles.length} project files for malicious indicators...`);
+
+    const findings = {
+        hashMatches: [],
+        namespaceMatches: new Set(),
+        hookMatches: [],
+        correlatedExfil: [],
+    };
+
+    const pkgJsonFiles = allFiles.filter(f => path.basename(f) === 'package.json');
 
-        if (hex === MALICIOUS_HASH) {
-            maliciousFiles.push(path.relative(directory, file));
+    // Scan for compromised namespaces and postinstall hooks in package.json files
+    log.info("Checking for compromised namespaces and package.json hooks...");
+    for (const file of pkgJsonFiles) {
+        try {
+            const content = fs.readFileSync(file, 'utf-8');
+            const pkg = JSON.parse(content);
+
+            // Check namespaces
+            const allDeps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+            for (const depName in allDeps) {
+                const namespace = depName.split('/')[0];
+                if (COMPROMISED_NAMESPACES.includes(namespace)) {
+                    findings.namespaceMatches.add(`Warning: Contains packages from compromised namespace: ${namespace} (Found in ${path.relative(projectRoot, file)})`);
+                }
+            }
+
+            // Check for postinstall hooks
+            if (pkg.scripts && pkg.scripts.postinstall) {
+                findings.hookMatches.push(`File: ${path.relative(projectRoot, file)}`);
+            }
+        } catch (e) {
+            log.warn(`Could not parse ${path.relative(projectRoot, file)}: ${e.message}`);
         }
     }
-    return maliciousFiles;
+
+    // Scan file contents for hashes and exfiltration patterns
+    log.info("Scanning file signatures and for exfiltration patterns...");
+    const envRegex = new RegExp(ENV_PATTERNS.join('|'));
+    const exfilRegex = new RegExp(EXFIL_PATTERNS.join('|'));
+
+    for (const file of allFiles) {
+        try {
+            const fileBuffer = fs.readFileSync(file);
+
+            // 1. Check hash
+            const hashSum = crypto.createHash('sha256');
+            hashSum.update(fileBuffer);
+            const hex = hashSum.digest('hex');
+
+            if (MALICIOUS_HASHES.has(hex)) {
+                findings.hashMatches.push(path.relative(projectRoot, file));
+            }
+
+            // 2. Check for correlated exfiltration (only for text files)
+            if (file.endsWith('.js') || file.endsWith('.ts') || file.endsWith('.json') || file.endsWith('.sh') || file.endsWith('.yml')) {
+                const content = fileBuffer.toString('utf-8');
+                const hasEnv = envRegex.test(content);
+                const hasExfil = exfilRegex.test(content);
+
+                if (hasEnv && hasExfil) {
+                    findings.correlatedExfil.push(path.relative(projectRoot, file));
+                }
+            }
+        } catch (e) {
+            // Ignore errors for files that might be deleted during scan, etc.
+        }
+    }
+
+    log.info("File scanning complete.");
+    return findings;
 }
 
+/**
+ * Orchestrates the dependency analysis.
+ * @param {string} projectRoot The root of the project.
+ * @returns {Promise<Set<string>>} A set of matched compromised dependencies.
+ */
+async function runDependencyAnalysis(projectRoot) {
+    log.header("Module 1: Dependency Analysis");
+    const pnpmLockFile = path.join(projectRoot, 'pnpm-lock.yaml');
+    const yarnLockFile = path.join(projectRoot, 'yarn.lock');
+    const npmLockFile = path.join(projectRoot, 'package-lock.json');
+    const pkgFile = path.join(projectRoot, 'package.json');
+
+    if (!fs.existsSync(pkgFile)) {
+        log.warn("No package.json found. Skipping all dependency analysis.");
+        return new Set();
+    }
+
+    let localPackages = new Set();
+    if (fs.existsSync(pnpmLockFile) && commandExists('pnpm')) {
+        localPackages = parsePnpmLock(projectRoot);
+    } else if (fs.existsSync(yarnLockFile) && commandExists('yarn')) {
+        // Simple check for Yarn v1. Modern yarn doesn't use `yarn list` in the same way.
+        const yarnVersion = execSync('yarn --version', { encoding: 'utf8' });
+        if (yarnVersion.startsWith('1.')) {
+            localPackages = getLocalPackages(yarnLockFile);
+        } else {
+            log.warn("Modern Yarn (v2+) detected. This script's dependency analysis for Yarn currently only supports v1. Skipping.");
+        }
+    } else if (fs.existsSync(npmLockFile)) {
+        localPackages = getLocalPackages(npmLockFile);
+    } else {
+        localPackages = parsePackageJson(pkgFile);
+    }
+
+    if (localPackages.size === 0) {
+        log.warn("Could not determine local packages. Skipping version check.");
+        return new Set();
+    }
+
+    log.info("Checking for vulnerable versions...");
+    const compromisedPackages = new Set(await getCompromisedPackages());
+    const matches = new Set();
+    for (const localPkg of localPackages) {
+        if (compromisedPackages.has(localPkg)) {
+            matches.add(localPkg);
+        }
+    }
+    log.info("Dependency analysis complete.");
+    return matches;
+}
 /** 
  * Main function to orchestrate the scan.
  */
 async function main() {
     try {
         // Use the provided path or the current directory.
-        // This handles arguments like `npx tool .` or `npx tool -- /path/to/project`
-        const args = process.argv.slice(2);
-        const doubleDashIndex = args.indexOf('--');
-        
-        let targetArg;
-        if (doubleDashIndex !== -1) {
-            // If '--' is present, the path is the argument right after it.
-            targetArg = args[doubleDashIndex + 1];
-        } else {
-            // Otherwise, it's the first argument.
-            targetArg = args[0];
-        }
-        const targetPath = targetArg || '.';
+        const targetPath = process.argv[2] || '.';
         const projectRoot = path.resolve(targetPath);
 
         if (!fs.existsSync(projectRoot) || !fs.statSync(projectRoot).isDirectory()) {
             throw new Error(`Project directory not found: ${projectRoot}`);
         }
 
-        console.log(`\n${colors.BLUE}--- Shai-Hulud Integrity Scanner (Node.js) ---${colors.RESET}`);
-        console.log(`Scanning project at: ${projectRoot}`);
+        console.log(`\n${colors.BLUE}${colors.BOLD}--- Shai-Hulud Integrity Scanner (Node.js) ---${colors.RESET}`);
+        log.info(`Scanning project at: ${projectRoot}`);
 
-        // --- Vector 1: Dependency Analysis ---
-        let dependencyMatches = new Set();
-        const lockfilePath = path.join(projectRoot, 'package-lock.json');
+        // --- Run Analyses ---
+        const dependencyMatches = await runDependencyAnalysis(projectRoot);
 
-        if (fs.existsSync(lockfilePath)) {
-            const localPackages = getLocalPackages(lockfilePath);
-            const compromisedPackages = await getCompromisedPackages();
-            console.log(`${colors.CYAN}🔍 Comparing dependencies...${colors.RESET}`);
-            for (const localPkg of localPackages) {
-                if (compromisedPackages.has(localPkg)) {
-                    dependencyMatches.add(localPkg);
-                }
-            }
-        } else {
-            console.log(`${colors.YELLOW}⚠️  No package-lock.json found. Skipping dependency scan.${colors.RESET}`);
-        }
-
-        // --- Vector 2: File Signature Analysis ---
-        const fileMatches = scanForMaliciousFiles(projectRoot);
+        log.header("Module 2: Project Structure & Content Analysis");
+        const allFiles = getAllFiles(projectRoot);
+        const fileScanFindings = scanProjectFiles(allFiles, projectRoot);
 
         // --- Reporting ---
-        console.log('\n' + '-'.repeat(50));
+        log.header("Scan Report");
         let issuesFound = false;
+        let report = "";
 
-        if (fileMatches.length > 0) {
+        if (fileScanFindings.hashMatches.length > 0) {
             issuesFound = true;
-            console.log(`${colors.RED}🚨 CRITICAL RISK: Known Malware Signature Detected${colors.RESET}`);
-            fileMatches.forEach(match => {
-                console.log(`  - File: ${colors.YELLOW}${match}${colors.RESET}`);
+            report += `${colors.RED}🚨 CRITICAL RISK: Known Malware Signature Detected${colors.RESET}\n`;
+            fileScanFindings.hashMatches.forEach(match => {
+                report += `   - File with matching signature: ${colors.YELLOW}${match}${colors.RESET}\n`;
             });
-            console.log('');
+            report += "   NOTE: This is a definitive indicator of compromise. Immediate investigation is required.\n\n";
+        }
+
+        if (fileScanFindings.correlatedExfil.length > 0) {
+            issuesFound = true;
+            report += `${colors.RED}🚨 HIGH RISK: Environment Scanning with Exfiltration Detected${colors.RESET}\n`;
+            fileScanFindings.correlatedExfil.forEach(match => {
+                report += `   - File: ${colors.YELLOW}${match}${colors.RESET}\n`;
+            });
+            report += "   NOTE: These files access secrets AND contain data exfiltration patterns.\n\n";
         }
 
         if (dependencyMatches.size > 0) {
             issuesFound = true;
-            console.log(`${colors.RED}🚨 HIGH RISK: Compromised Package Versions Detected${colors.RESET}`);
+            report += `${colors.RED}🚨 HIGH RISK: Compromised Package Versions Detected${colors.RESET}\n`;
             dependencyMatches.forEach(match => {
-                console.log(`  - ${colors.YELLOW}${match}${colors.RESET}`);
+                report += `   - Package: ${colors.YELLOW}${match}${colors.RESET}\n`;
+            });
+            report += "   NOTE: These specific package versions are known to be compromised.\n\n";
+        }
+
+        if (fileScanFindings.namespaceMatches.size > 0) {
+            issuesFound = true;
+            report += `${colors.YELLOW}⚠️ MEDIUM RISK: Packages from Compromised Namespaces${colors.RESET}\n`;
+            fileScanFindings.namespaceMatches.forEach(match => {
+                report += `   - ${match}\n`;
+            });
+            report += "   NOTE: Review packages from these organizations carefully.\n\n";
+        }
+
+        if (fileScanFindings.hookMatches.length > 0) {
+            issuesFound = true;
+            report += `${colors.YELLOW}⚠️ MEDIUM RISK: Potentially Malicious package.json Hooks${colors.RESET}\n`;
+            fileScanFindings.hookMatches.forEach(match => {
+                report += `   - ${match}\n`;
             });
+            report += "   NOTE: 'postinstall' scripts can execute arbitrary commands and require review.\n\n";
         }
 
-        console.log('-'.repeat(50));
         if (issuesFound) {
-            console.log(`${colors.RED}Scan complete. Actionable issues were found.${colors.RESET}`);
+            console.log(report);
+            log.error("Scan complete. Actionable issues were found.");
             process.exit(2);
         } else {
-            console.log(`${colors.GREEN}✅ All good! No known integrity issues found.${colors.RESET}`);
+            log.info(`${colors.GREEN}✅ No actionable project integrity issues found.${colors.RESET}`);
         }
 
     } catch (error) {
-        console.error(`${colors.RED}❌ ERROR: ${error.message}${colors.RESET}`);
+        log.error(error.message);
         process.exit(1);
     }
 }