npm - hulud-party-scanner - Versions diffs - 1.0.3 → 1.0.5 - Mend

hulud-party-scanner 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/compromised-libs.txt CHANGED Viewed

@@ -561,4 +561,802 @@ voip-callkit:1.0.2
 voip-callkit:1.0.3
 wdio-web-reporter:0.1.3
 yargs-help-output:5.0.3
-yoo-styles:6.0.326
+yoo-styles:6.0.326
+02-echo,= 0.0.7
+@accordproject/concerto-analysis,= 3.24.1
+@accordproject/concerto-linter,= 3.24.1
+@accordproject/concerto-linter-default-ruleset,= 3.24.1
+@accordproject/concerto-metamodel,= 3.12.5
+@accordproject/concerto-types,= 3.24.1
+@accordproject/markdown-it-cicero,= 0.16.26
+@accordproject/template-engine,= 2.7.2
+@actbase/css-to-react-native-transform,= 1.0.3
+@actbase/native,= 0.1.32
+@actbase/node-server,= 1.1.19
+@actbase/react-absolute,= 0.8.3
+@actbase/react-daum-postcode,= 1.0.5
+@actbase/react-kakaosdk,= 0.9.27
+@actbase/react-native-actionsheet,= 1.0.3
+@actbase/react-native-devtools,= 0.1.3
+@actbase/react-native-fast-image,= 8.5.13
+@actbase/react-native-kakao-channel,= 1.0.2
+@actbase/react-native-kakao-navi,= 2.0.4
+@actbase/react-native-less-transformer,= 1.0.6
+@actbase/react-native-naver-login,= 1.0.1
+@actbase/react-native-simple-video,= 1.0.13
+@actbase/react-native-tiktok,= 1.1.3
+@afetcan/api,= 0.0.13
+@afetcan/storage,= 0.0.27
+@alaan/s2s-auth,= 2.0.3
+@alexadark/amadeus-api,= 1.0.4
+@alexadark/gatsby-theme-events,= 1.0.1
+@alexadark/gatsby-theme-wordpress-blog,= 2.0.1
+@alexadark/reusable-functions,= 1.5.1
+@alexcolls/nuxt-socket.io,= 0.0.7 || = 0.0.8
+@alexcolls/nuxt-ux,= 0.6.1 || = 0.6.2
+@antstackio/eslint-config-antstack,= 0.0.3
+@antstackio/express-graphql-proxy,= 0.2.8
+@antstackio/graphql-body-parser,= 0.1.1
+@antstackio/json-to-graphql,= 1.0.3
+@antstackio/shelbysam,= 1.1.7
+@aryanhussain/my-angular-lib,= 0.0.23
+@asyncapi/avro-schema-parser,= 3.0.25 || = 3.0.26
+@asyncapi/bundler,= 0.6.5 || = 0.6.6
+@asyncapi/cli,= 4.1.3 || = 4.1.2
+@asyncapi/converter,= 1.6.3 || = 1.6.4
+@asyncapi/diff,= 0.5.1 || = 0.5.2
+@asyncapi/dotnet-rabbitmq-template,= 1.0.2 || = 1.0.1
+@asyncapi/edavisualiser,= 1.2.2 || = 1.2.1
+@asyncapi/generator,= 2.8.5 || = 2.8.6
+@asyncapi/generator-components,= 0.3.2 || = 0.3.3
+@asyncapi/generator-helpers,= 0.2.1 || = 0.2.2
+@asyncapi/generator-react-sdk,= 1.1.5 || = 1.1.4
+@asyncapi/go-watermill-template,= 0.2.77 || = 0.2.76
+@asyncapi/html-template,= 3.3.2 || = 3.3.3
+@asyncapi/java-spring-cloud-stream-template,= 0.13.5 || = 0.13.6
+@asyncapi/java-spring-template,= 1.6.2 || = 1.6.1
+@asyncapi/java-template,= 0.3.6 || = 0.3.5
+@asyncapi/keeper,= 0.0.2 || = 0.0.3
+@asyncapi/markdown-template,= 1.6.8 || = 1.6.9
+@asyncapi/modelina,= 5.10.3 || = 5.10.2
+@asyncapi/modelina-cli,= 5.10.3 || = 5.10.2
+@asyncapi/multi-parser,= 2.2.1 || = 2.2.2
+@asyncapi/nodejs-template,= 3.0.6 || = 3.0.5
+@asyncapi/nodejs-ws-template,= 0.10.1 || = 0.10.2
+@asyncapi/nunjucks-filters,= 2.1.1 || = 2.1.2
+@asyncapi/openapi-schema-parser,= 3.0.25 || = 3.0.26
+@asyncapi/optimizer,= 1.0.6 || = 1.0.5
+@asyncapi/parser,= 3.4.1 || = 3.4.2
+@asyncapi/php-template,= 0.1.1 || = 0.1.2
+@asyncapi/problem,= 1.0.2 || = 1.0.1
+@asyncapi/protobuf-schema-parser,= 3.5.2 || = 3.6.1 || = 3.5.3
+@asyncapi/python-paho-template,= 0.2.15 || = 0.2.14
+@asyncapi/react-component,= 2.6.7 || = 2.6.6
+@asyncapi/server-api,= 0.16.24 || = 0.16.25
+@asyncapi/specs,= 6.9.1 || = 6.10.1 || = 6.8.3 || = 6.8.2
+@asyncapi/studio,= 1.0.3 || = 1.0.2
+@asyncapi/web-component,= 2.6.7 || = 2.6.6
+@bdkinc/knex-ibmi,= 0.5.7
+@browserbasehq/bb9,= 1.2.21
+@browserbasehq/director-ai,= 1.0.3
+@browserbasehq/mcp,= 2.1.1
+@browserbasehq/mcp-server-browserbase,= 2.4.2
+@browserbasehq/sdk-functions,= 0.0.4
+@browserbasehq/stagehand,= 3.0.4
+@browserbasehq/stagehand-docs,= 1.0.1
+@caretive/caret-cli,= 0.0.2
+@chtijs/eslint-config,= 1.0.1
+@clausehq/flows-step-httprequest,= 0.1.14
+@clausehq/flows-step-jsontoxml,= 0.1.14
+@clausehq/flows-step-mqtt,= 0.1.14
+@clausehq/flows-step-sendgridemail,= 0.1.14
+@clausehq/flows-step-taskscreateurl,= 0.1.14
+@cllbk/ghl,= 1.3.1
+@commute/bloom,= 1.0.3
+@commute/market-data,= 1.0.2
+@commute/market-data-chartjs,= 2.3.1
+@dev-blinq/ai-qa-logic,= 1.0.19
+@dev-blinq/blinqioclient,= 1.0.21
+@dev-blinq/cucumber-js,= 1.0.131
+@dev-blinq/cucumber_client,= 1.0.738
+@dev-blinq/ui-systems,= 1.0.93
+@elsedev/react-csr-sdk,
+@ensdomains/address-encoder,= 1.1.5
+@ensdomains/blacklist,= 1.0.1
+@ensdomains/buffer,= 0.1.2
+@ensdomains/ccip-read-cf-worker,= 0.0.4
+@ensdomains/ccip-read-dns-gateway,= 0.1.1
+@ensdomains/ccip-read-router,= 0.0.7
+@ensdomains/ccip-read-worker-viem,= 0.0.4
+@ensdomains/content-hash,= 3.0.1
+@ensdomains/curvearithmetics,= 1.0.1
+@ensdomains/cypress-metamask,= 1.2.1
+@ensdomains/dnsprovejs,= 0.5.3
+@ensdomains/dnssec-oracle-anchors,= 0.0.2
+@ensdomains/dnssecoraclejs,= 0.2.9
+@ensdomains/durin,= 0.1.2
+@ensdomains/durin-middleware,= 0.0.2
+@ensdomains/ens-archived-contracts,= 0.0.3
+@ensdomains/ens-avatar,= 1.0.4
+@ensdomains/ens-contracts,= 1.6.1
+@ensdomains/ens-test-env,= 1.0.2
+@ensdomains/ens-validation,= 0.1.1
+@ensdomains/ensjs,= 4.0.3
+@ensdomains/ensjs-react,= 0.0.5
+@ensdomains/eth-ens-namehash,= 2.0.16
+@ensdomains/hackathon-registrar,= 1.0.5
+@ensdomains/hardhat-chai-matchers-viem,= 0.1.15
+@ensdomains/hardhat-toolbox-viem-extended,= 0.0.6
+@ensdomains/mock,= 2.1.52
+@ensdomains/name-wrapper,= 1.0.1
+@ensdomains/offchain-resolver-contracts,= 0.2.2
+@ensdomains/op-resolver-contracts,= 0.0.2
+@ensdomains/react-ens-address,= 0.0.32
+@ensdomains/renewal,= 0.0.13
+@ensdomains/renewal-widget,= 0.1.10
+@ensdomains/reverse-records,= 1.0.1
+@ensdomains/server-analytics,= 0.0.2
+@ensdomains/solsha1,= 0.0.4
+@ensdomains/subdomain-registrar,= 0.2.4
+@ensdomains/test-utils,= 1.3.1
+@ensdomains/thorin,= 0.6.51
+@ensdomains/ui,= 3.4.6
+@ensdomains/unicode-confusables,= 0.1.1
+@ensdomains/unruggable-gateways,= 0.0.3
+@ensdomains/vite-plugin-i18next-loader,= 4.0.4
+@ensdomains/web3modal,= 1.10.2
+@everreal/react-charts,= 2.0.2 || = 2.0.1
+@everreal/validate-esmoduleinterop-imports,= 1.4.5 || = 1.4.4
+@everreal/web-analytics,= 0.0.1 || = 0.0.2
+@faq-component/core,= 0.0.4
+@faq-component/react,= 1.0.1
+@fishingbooker/browser-sync-plugin,= 1.0.5
+@fishingbooker/react-loader,= 1.0.7
+@fishingbooker/react-pagination,= 2.0.6
+@fishingbooker/react-raty,= 2.0.1
+@fishingbooker/react-swiper,= 0.1.5
+@hapheus/n8n-nodes-pgp,= 1.5.1
+@hover-design/core,= 0.0.1
+@hover-design/react,= 0.2.1
+@huntersofbook/auth-vue,= 0.4.2
+@huntersofbook/core,= 0.5.1
+@huntersofbook/core-nuxt,= 0.4.2
+@huntersofbook/form-naiveui,= 0.5.1
+@huntersofbook/i18n,= 0.8.2
+@huntersofbook/ui,= 0.5.1
+@hyperlook/telemetry-sdk,= 1.0.19
+@ifelsedeveloper/protocol-contracts-svm-idl,= 0.1.2 || = 0.1.3
+@ifings/design-system,= 4.9.2
+@ifings/metatron3,= 0.1.5
+@jayeshsadhwani/telemetry-sdk,= 1.0.14
+@kvytech/cli,= 0.0.7
+@kvytech/components,= 0.0.2
+@kvytech/habbit-e2e-test,= 0.0.2
+@kvytech/medusa-plugin-announcement,= 0.0.8
+@kvytech/medusa-plugin-management,= 0.0.5
+@kvytech/medusa-plugin-newsletter,= 0.0.5
+@kvytech/medusa-plugin-product-reviews,= 0.0.9
+@kvytech/medusa-plugin-promotion,= 0.0.2
+@kvytech/web,= 0.0.2
+@lessondesk/api-client,= 9.12.2 || = 9.12.3
+@lessondesk/babel-preset,= 1.0.1
+@lessondesk/electron-group-api-client,= 1.0.3
+@lessondesk/eslint-config,= 1.4.2
+@lessondesk/material-icons,= 1.0.3
+@lessondesk/react-table-context,= 2.0.4
+@lessondesk/schoolbus,= 5.2.2 || = 5.2.3
+@livecms/live-edit,= 0.0.32
+@livecms/nuxt-live-edit,= 1.9.2
+@lokeswari-satyanarayanan/rn-zustand-expo-template,= 1.0.9
+@louisle2/core,= 1.0.1
+@louisle2/cortex-js,= 0.1.6
+@lpdjs/firestore-repo-service,= 1.0.1
+@lui-ui/lui-nuxt,= 0.1.1
+@lui-ui/lui-tailwindcss,= 0.1.2
+@lui-ui/lui-vue,= 1.0.13
+@markvivanco/app-version-checker,= 1.0.2 || = 1.0.1
+@mcp-use/cli,= 2.2.7 || = 2.2.6
+@mcp-use/inspector,= 0.6.3 || = 0.6.2
+@mcp-use/mcp-use,= 1.0.2 || = 1.0.1
+@micado-digital/stadtmarketing-kufstein-external,= 1.9.1
+@mizzle-dev/orm,= 0.0.2
+@mparpaillon/connector-parse,= 1.0.1
+@mparpaillon/imagesloaded,= 4.1.2
+@mparpaillon/page,= 1.0.1
+@ntnx/passport-wso2,= 0.0.3
+@ntnx/t,= 0.0.101
+@oku-ui/accordion,= 0.6.2
+@oku-ui/alert-dialog,= 0.6.2
+@oku-ui/arrow,= 0.6.2
+@oku-ui/aspect-ratio,= 0.6.2
+@oku-ui/avatar,= 0.6.2
+@oku-ui/checkbox,= 0.6.3
+@oku-ui/collapsible,= 0.6.2
+@oku-ui/collection,= 0.6.2
+@oku-ui/dialog,= 0.6.2
+@oku-ui/direction,= 0.6.2
+@oku-ui/dismissable-layer,= 0.6.2
+@oku-ui/focus-guards,= 0.6.2
+@oku-ui/focus-scope,= 0.6.2
+@oku-ui/hover-card,= 0.6.2
+@oku-ui/label,= 0.6.2
+@oku-ui/menu,= 0.6.2
+@oku-ui/motion,= 0.4.4
+@oku-ui/motion-nuxt,= 0.2.2
+@oku-ui/popover,= 0.6.2
+@oku-ui/popper,= 0.6.2
+@oku-ui/portal,= 0.6.2
+@oku-ui/presence,= 0.6.2
+@oku-ui/primitive,= 0.6.2
+@oku-ui/primitives,= 0.7.9
+@oku-ui/primitives-nuxt,= 0.3.1
+@oku-ui/progress,= 0.6.2
+@oku-ui/provide,= 0.6.2
+@oku-ui/radio-group,= 0.6.2
+@oku-ui/roving-focus,= 0.6.2
+@oku-ui/scroll-area,= 0.6.2
+@oku-ui/separator,= 0.6.2
+@oku-ui/slider,= 0.6.2
+@oku-ui/slot,= 0.6.2
+@oku-ui/switch,= 0.6.2
+@oku-ui/tabs,= 0.6.2
+@oku-ui/toast,= 0.6.2
+@oku-ui/toggle,= 0.6.2
+@oku-ui/toggle-group,= 0.6.2
+@oku-ui/toolbar,= 0.6.2
+@oku-ui/tooltip,= 0.6.2
+@oku-ui/use-composable,= 0.6.2
+@oku-ui/utils,= 0.6.2
+@oku-ui/visually-hidden,= 0.6.2
+@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode,= 2.0.5
+@orbitgtbelgium/mapbox-gl-draw-scale-rotate-mode,= 1.1.1
+@orbitgtbelgium/orbit-components,= 1.2.9
+@orbitgtbelgium/time-slider,= 1.0.187
+@osmanekrem/bmad,= 1.0.6
+@osmanekrem/error-handler,= 1.2.2
+@pergel/cli,= 0.11.1
+@pergel/module-box,= 0.6.1
+@pergel/module-graphql,= 0.6.1
+@pergel/module-ui,= 0.0.9
+@pergel/nuxt,= 0.25.5
+@posthog/agent,= 1.24.1
+@posthog/ai,= 7.1.2
+@posthog/automatic-cohorts-plugin,= 0.0.8
+@posthog/bitbucket-release-tracker,= 0.0.8
+@posthog/cli,= 0.5.15
+@posthog/clickhouse,= 1.7.1
+@posthog/core,= 1.5.6
+@posthog/currency-normalization-plugin,= 0.0.8
+@posthog/customerio-plugin,= 0.0.8
+@posthog/databricks-plugin,= 0.0.8
+@posthog/drop-events-on-property-plugin,= 0.0.8
+@posthog/event-sequence-timer-plugin,= 0.0.8
+@posthog/filter-out-plugin,= 0.0.8
+@posthog/first-time-event-tracker,= 0.0.8
+@posthog/geoip-plugin,= 0.0.8
+@posthog/github-release-tracking-plugin,= 0.0.8
+@posthog/gitub-star-sync-plugin,= 0.0.8
+@posthog/heartbeat-plugin,= 0.0.8
+@posthog/hedgehog-mode,= 0.0.42
+@posthog/icons,= 0.36.1
+@posthog/ingestion-alert-plugin,= 0.0.8
+@posthog/intercom-plugin,= 0.0.8
+@posthog/kinesis-plugin,= 0.0.8
+@posthog/laudspeaker-plugin,= 0.0.8
+@posthog/lemon-ui,= 0.0.1
+@posthog/maxmind-plugin,= 0.1.6
+@posthog/migrator3000-plugin,= 0.0.8
+@posthog/netdata-event-processing,= 0.0.8
+@posthog/nextjs,= 0.0.3
+@posthog/nextjs-config,= 1.5.1
+@posthog/nuxt,= 1.2.9
+@posthog/pagerduty-plugin,= 0.0.8
+@posthog/piscina,= 3.2.1
+@posthog/plugin-contrib,= 0.0.6
+@posthog/plugin-server,= 1.10.8
+@posthog/plugin-unduplicates,= 0.0.8
+@posthog/postgres-plugin,= 0.0.8
+@posthog/react-rrweb-player,= 1.1.4
+@posthog/rrdom,= 0.0.31
+@posthog/rrweb,= 0.0.31
+@posthog/rrweb-player,= 0.0.31
+@posthog/rrweb-record,= 0.0.31
+@posthog/rrweb-replay,= 0.0.19
+@posthog/rrweb-snapshot,= 0.0.31
+@posthog/rrweb-utils,= 0.0.31
+@posthog/sendgrid-plugin,= 0.0.8
+@posthog/siphash,= 1.1.2
+@posthog/snowflake-export-plugin,= 0.0.8
+@posthog/taxonomy-plugin,= 0.0.8
+@posthog/twilio-plugin,= 0.0.8
+@posthog/twitter-followers-plugin,= 0.0.8
+@posthog/url-normalizer-plugin,= 0.0.8
+@posthog/variance-plugin,= 0.0.8
+@posthog/web-dev-server,= 1.0.5
+@posthog/wizard,= 1.18.1
+@posthog/zendesk-plugin,= 0.0.8
+@postman/aether-icons,= 2.23.2 || = 2.23.3 || = 2.23.4
+@postman/csv-parse,= 4.0.3 || = 4.0.5 || = 4.0.4
+@postman/final-node-keytar,= 7.9.3 || = 7.9.1 || = 7.9.2
+@postman/mcp-ui-client,= 5.5.2 || = 5.5.3 || = 5.5.1
+@postman/node-keytar,= 7.9.4 || = 7.9.5 || = 7.9.6
+@postman/pm-bin-linux-x64,= 1.24.3 || = 1.24.5 || = 1.24.4
+@postman/pm-bin-macos-arm64,= 1.24.3 || = 1.24.5 || = 1.24.4
+@postman/pm-bin-macos-x64,= 1.24.3 || = 1.24.5 || = 1.24.4
+@postman/pm-bin-windows-x64,= 1.24.3 || = 1.24.5 || = 1.24.4
+@postman/postman-collection-fork,= 4.3.3 || = 4.3.5 || = 4.3.4
+@postman/postman-mcp-cli,= 1.0.4 || = 1.0.5 || = 1.0.3
+@postman/postman-mcp-server,= 2.4.12 || = 2.4.10 || = 2.4.11
+@postman/pretty-ms,= 6.1.2 || = 6.1.3 || = 6.1.1
+@postman/secret-scanner-wasm,= 2.1.4 || = 2.1.3 || = 2.1.2
+@postman/tunnel-agent,= 0.6.5 || = 0.6.7 || = 0.6.6
+@postman/wdio-allure-reporter,= 0.0.7 || = 0.0.8 || = 0.0.9
+@postman/wdio-junit-reporter,= 0.0.4 || = 0.0.5 || = 0.0.6
+@pradhumngautam/common-app,= 1.0.2
+@productdevbook/animejs-vue,= 0.2.1
+@productdevbook/auth,= 0.2.2
+@productdevbook/chatwoot,= 2.0.1
+@productdevbook/motion,= 1.0.4
+@productdevbook/ts-i18n,= 1.4.2
+@pruthvi21/use-debounce,= 1.0.3
+@quick-start-soft/quick-document-translator,= 1.4.2511142126
+@quick-start-soft/quick-git-clean-markdown,= 1.4.2511142126
+@quick-start-soft/quick-markdown,= 1.4.2511142126
+@quick-start-soft/quick-markdown-compose,= 1.4.2506300029
+@quick-start-soft/quick-markdown-image,= 1.4.2511142126
+@quick-start-soft/quick-markdown-print,= 1.4.2511142126
+@quick-start-soft/quick-markdown-translator,= 1.4.2509202331
+@quick-start-soft/quick-remove-image-background,= 1.4.2511142126
+@quick-start-soft/quick-task-refine,= 1.4.2511142126
+@relyt/claude-context-core,= 0.1.1
+@relyt/claude-context-mcp,= 0.1.1
+@relyt/mcp-server-relytone,= 0.0.3
+@sameepsi/sor,= 1.0.3
+@sameepsi/sor2,= 2.0.2
+@seezo/sdr-mcp-server,= 0.0.5
+@seung-ju/next,= 0.0.2
+@seung-ju/openapi-generator,= 0.0.4
+@seung-ju/react-hooks,= 0.0.2
+@seung-ju/react-native-action-sheet,= 0.2.1
+@silgi/better-auth,= 0.8.1
+@silgi/drizzle,= 0.8.4
+@silgi/ecosystem,= 0.7.6
+@silgi/graphql,= 0.7.15
+@silgi/module-builder,= 0.8.8
+@silgi/openapi,= 0.7.4
+@silgi/permission,= 0.6.8
+@silgi/ratelimit,= 0.2.1
+@silgi/scalar,= 0.6.2
+@silgi/yoga,= 0.7.1
+@sme-ui/aoma-vevasound-metadata-lib,= 0.1.3
+@strapbuild/react-native-date-time-picker,= 2.0.4
+@strapbuild/react-native-perspective-image-cropper,= 0.4.15
+@strapbuild/react-native-perspective-image-cropper-2,= 0.4.7
+@strapbuild/react-native-perspective-image-cropper-poojan31,= 0.4.6
+@suraj_h/medium-common,= 1.0.5
+@thedelta/eslint-config,= 1.0.2
+@tiaanduplessis/json,= 2.0.2 || = 2.0.3
+@tiaanduplessis/react-progressbar,= 1.0.2 || = 1.0.1
+@trackstar/angular-trackstar-link,= 1.0.2
+@trackstar/react-trackstar-link,= 2.0.21
+@trackstar/react-trackstar-link-upgrade,= 1.1.10
+@trackstar/test-angular-package,= 0.0.9
+@trackstar/test-package,= 1.1.5
+@trefox/sleekshop-js,= 0.1.6
+@trigo/atrix,= 7.0.1
+@trigo/atrix-acl,= 4.0.2
+@trigo/atrix-elasticsearch,= 2.0.1
+@trigo/atrix-mongoose,= 1.0.2
+@trigo/atrix-orientdb,= 1.0.2
+@trigo/atrix-postgres,= 1.0.3
+@trigo/atrix-pubsub,= 4.0.3
+@trigo/atrix-redis,= 1.0.2
+@trigo/atrix-soap,= 1.0.2
+@trigo/atrix-swagger,= 3.0.1
+@trigo/bool-expressions,= 4.1.3
+@trigo/eslint-config-trigo,= 3.3.1
+@trigo/fsm,= 3.4.2
+@trigo/hapi-auth-signedlink,= 1.3.1
+@trigo/jsdt,= 0.2.1
+@trigo/keycloak-api,= 1.3.1
+@trigo/node-soap,= 0.5.4
+@trigo/pathfinder-ui-css,= 0.1.1
+@trigo/trigo-hapijs,= 5.0.1
+@trpc-rate-limiter/cloudflare,= 0.1.4
+@trpc-rate-limiter/hono,= 0.1.4
+@varsityvibe/api-client,= 1.3.36 || = 1.3.37
+@varsityvibe/utils,= 5.0.6
+@varsityvibe/validation-schemas,= 0.6.7 || = 0.6.8
+@viapip/eslint-config,= 0.2.4
+@vishadtyagi/full-year-calendar,= 0.1.11
+@voiceflow/alexa-types,= 2.15.60 || = 2.15.61
+@voiceflow/anthropic,= 0.4.4 || = 0.4.5
+@voiceflow/api-sdk,= 3.28.59 || = 3.28.58
+@voiceflow/backend-utils,= 5.0.1 || = 5.0.2
+@voiceflow/base-types,= 2.136.3 || = 2.136.2
+@voiceflow/body-parser,= 1.21.3 || = 1.21.2
+@voiceflow/chat-types,= 2.14.59 || = 2.14.58
+@voiceflow/circleci-config-sdk-orb-import,= 0.2.1 || = 0.2.2
+@voiceflow/commitlint-config,= 2.6.2 || = 2.6.1
+@voiceflow/common,= 8.9.1 || = 8.9.2
+@voiceflow/default-prompt-wrappers,= 1.7.4 || = 1.7.3
+@voiceflow/dependency-cruiser-config,= 1.8.11 || = 1.8.12
+@voiceflow/dtos-interact,= 1.40.2 || = 1.40.1
+@voiceflow/encryption,= 0.3.2 || = 0.3.3
+@voiceflow/eslint-config,= 7.16.4 || = 7.16.5
+@voiceflow/eslint-plugin,= 1.6.2 || = 1.6.1
+@voiceflow/exception,= 1.10.1 || = 1.10.2
+@voiceflow/fetch,= 1.11.1 || = 1.11.2
+@voiceflow/general-types,= 3.2.22 || = 3.2.23
+@voiceflow/git-branch-check,= 1.4.3 || = 1.4.4
+@voiceflow/google-dfes-types,= 2.17.12 || = 2.17.13
+@voiceflow/google-types,= 2.21.12 || = 2.21.13
+@voiceflow/husky-config,= 1.3.2 || = 1.3.1
+@voiceflow/logger,= 2.4.3 || = 2.4.2
+@voiceflow/metrics,= 1.5.2 || = 1.5.1
+@voiceflow/natural-language-commander,= 0.5.2 || = 0.5.3
+@voiceflow/nestjs-common,= 2.75.3 || = 2.75.2
+@voiceflow/nestjs-mongodb,= 1.3.2 || = 1.3.1
+@voiceflow/nestjs-rate-limit,= 1.3.2 || = 1.3.3
+@voiceflow/nestjs-redis,= 1.3.2 || = 1.3.1
+@voiceflow/nestjs-timeout,= 1.3.2 || = 1.3.1
+@voiceflow/npm-package-json-lint-config,= 1.1.2 || = 1.1.1
+@voiceflow/openai,= 3.2.3 || = 3.2.2
+@voiceflow/pino,= 6.11.4 || = 6.11.3
+@voiceflow/pino-pretty,= 4.4.1 || = 4.4.2
+@voiceflow/prettier-config,= 1.10.1 || = 1.10.2
+@voiceflow/react-chat,= 1.65.3 || = 1.65.4
+@voiceflow/runtime,= 1.29.2 || = 1.29.1
+@voiceflow/runtime-client-js,= 1.17.2 || = 1.17.3
+@voiceflow/sdk-runtime,= 1.43.2 || = 1.43.1
+@voiceflow/secrets-provider,= 1.9.2 || = 1.9.3
+@voiceflow/semantic-release-config,= 1.4.2 || = 1.4.1
+@voiceflow/serverless-plugin-typescript,= 2.1.8 || = 2.1.7
+@voiceflow/slate-serializer,= 1.7.4 || = 1.7.3
+@voiceflow/stitches-react,= 2.3.3 || = 2.3.2
+@voiceflow/storybook-config,= 1.2.3 || = 1.2.2
+@voiceflow/stylelint-config,= 1.1.2 || = 1.1.1
+@voiceflow/test-common,= 2.1.1 || = 2.1.2
+@voiceflow/tsconfig,= 1.12.1 || = 1.12.2
+@voiceflow/tsconfig-paths,= 1.1.5 || = 1.1.4
+@voiceflow/utils-designer,= 1.74.20 || = 1.74.19
+@voiceflow/verror,= 1.1.5 || = 1.1.4
+@voiceflow/vite-config,= 2.6.2 || = 2.6.3
+@voiceflow/vitest-config,= 1.10.3 || = 1.10.2
+@voiceflow/voice-types,= 2.10.58 || = 2.10.59
+@voiceflow/voiceflow-types,= 3.32.45 || = 3.32.46
+@voiceflow/widget,= 1.7.18 || = 1.7.19
+@vucod/email,= 0.0.3
+@zapier/ai-actions,= 0.1.18 || = 0.1.19 || = 0.1.20
+@zapier/ai-actions-react,= 0.1.13 || = 0.1.12 || = 0.1.14
+@zapier/babel-preset-zapier,= 6.4.2 || = 6.4.1 || = 6.4.3
+@zapier/browserslist-config-zapier,= 1.0.4 || = 1.0.5 || = 1.0.3
+@zapier/eslint-plugin-zapier,= 11.0.5 || = 11.0.3 || = 11.0.4
+@zapier/mcp-integration,= 3.0.3 || = 3.0.1 || = 3.0.2
+@zapier/secret-scrubber,= 1.1.5 || = 1.1.3 || = 1.1.4
+@zapier/spectral-api-ruleset,= 1.9.3 || = 1.9.2 || = 1.9.1
+@zapier/stubtree,= 0.1.4 || = 0.1.3 || = 0.1.2
+@zapier/zapier-sdk,= 0.15.7 || = 0.15.6 || = 0.15.5
+ai-crowl-shield,= 1.0.7
+arc-cli-fc,= 1.0.1
+asciitranslator,= 1.0.3
+asyncapi-preview,= 1.0.2 || = 1.0.1
+atrix,= 1.0.1
+atrix-mongoose,= 1.0.1
+automation_model,= 1.0.491
+avvvatars-vue,= 1.1.2
+axios-builder,= 1.2.1
+axios-cancelable,= 1.0.2 || = 1.0.1
+axios-timed,= 1.0.2 || = 1.0.1
+babel-preset-kinvey-flex-service,= 0.1.1
+barebones-css,= 1.1.3 || = 1.1.4
+benmostyn-frame-print,= 1.0.1
+best_gpio_controller,= 1.0.10
+better-auth-nuxt,= 0.0.10
+better-queue-nedb,= 0.1.5
+bidirectional-adapter,= 1.2.3 || = 1.2.2 || = 1.2.5 || = 1.2.4
+blinqio-executions-cli,= 1.0.41
+blob-to-base64,= 1.0.3
+bool-expressions,= 0.1.2
+buffered-interpolation-babylon6,= 0.2.8
+bun-plugin-httpfile,= 0.1.1
+bytecode-checker-cli,= 1.0.10 || = 1.0.9 || = 1.0.8 || = 1.0.11
+bytes-to-x,= 1.0.1
+calc-loan-interest,= 1.0.4
+capacitor-plugin-apptrackingios,= 0.0.21
+capacitor-plugin-purchase,= 0.1.1
+capacitor-plugin-scgssigninwithgoogle,= 0.0.5
+capacitor-purchase-history,= 0.0.10
+capacitor-voice-recorder-wav,= 6.0.3
+cbre-flow-common,
+ceviz,= 0.0.5
+chrome-extension-downloads,= 0.0.3 || = 0.0.4
+claude-token-updater,= 1.0.3
+coinmarketcap-api,= 3.1.3 || = 3.1.2
+colors-regex,= 2.0.1
+command-irail,= 0.5.4
+compare-obj,= 1.1.2 || = 1.1.1
+composite-reducer,= 1.0.4 || = 1.0.5 || = 1.0.2 || = 1.0.3
+count-it-down,= 1.0.2 || = 1.0.1
+cpu-instructions,= 0.0.14
+create-director-app,= 0.1.1
+create-glee-app,= 0.2.3 || = 0.2.2
+create-hardhat3-app,= 1.1.2 || = 1.1.3 || = 1.1.1 || = 1.1.4
+create-kinvey-flex-service,= 0.2.1
+create-mcp-use-app,= 0.5.4 || = 0.5.3
+create-silgi,= 0.3.1
+crypto-addr-codec,= 0.1.9
+css-dedoupe,= 0.1.2
+csv-tool-cli,= 1.2.1
+dashboard-empty-state,= 1.0.3
+designstudiouiux,= 1.0.1
+devstart-cli,= 1.0.6
+dialogflow-es,= 1.1.2 || = 1.1.3 || = 1.1.1 || = 1.1.4
+discord-bot-server,= 0.1.2
+docusaurus-plugin-vanilla-extract,= 1.0.3
+dont-go,= 1.1.2
+dotnet-template,= 0.0.3 || = 0.0.4
+drop-events-on-property-plugin,= 0.0.2
+easypanel-sdk,= 0.3.2
+electron-volt,= 0.0.2
+email-deliverability-tester,= 1.1.1
+enforce-branch-name,= 1.1.3
+esbuild-plugin-brotli,= 0.2.1
+esbuild-plugin-eta,= 0.1.1
+esbuild-plugin-httpfile,= 0.4.1
+eslint-config-kinvey-flex-service,= 0.1.1
+eslint-config-nitpicky,= 4.0.1
+eslint-config-trigo,= 22.0.2
+eslint-config-zeallat-base,= 1.0.4
+ethereum-ens,= 0.8.1
+evm-checkcode-cli,= 1.0.14 || = 1.0.12 || = 1.0.15 || = 1.0.13
+exact-ticker,= 0.3.5
+expo-audio-session,= 0.2.1
+expo-router-on-rails,= 0.0.4
+express-starter-template,= 1.0.10
+expressos,= 1.1.3
+fat-fingered,= 1.0.2 || = 1.0.1
+feature-flip,= 1.0.2 || = 1.0.1
+firestore-search-engine,= 1.2.3
+fittxt,= 1.0.3 || = 1.0.2
+flapstacks,= 1.0.2 || = 1.0.1
+flatten-unflatten,= 1.0.2 || = 1.0.1
+formik-error-focus,= 2.0.1
+formik-store,= 1.0.1
+frontity-starter-theme,= 1.0.1
+fuzzy-finder,= 1.0.6 || = 1.0.5
+gate-evm-check-code2,= 2.0.6 || = 2.0.5 || = 2.0.4 || = 2.0.3
+gate-evm-tools-test,= 1.0.6 || = 1.0.5 || = 1.0.8 || = 1.0.7
+gatsby-plugin-antd,= 2.2.1
+gatsby-plugin-cname,= 1.0.2 || = 1.0.1
+generator-meteor-stock,= 0.1.6
+generator-ng-itobuz,= 0.0.15
+get-them-args,= 1.3.3
+github-action-for-generator,= 2.1.27 || = 2.1.28
+gitsafe,= 1.0.5
+go-template,= 0.1.9 || = 0.1.8
+gulp-inject-envs,= 1.2.2 || = 1.2.1
+haufe-axera-api-client,= 0.0.1 || = 0.0.2
+hope-mapboxdraw,= 0.1.1
+hopedraw,= 1.0.3
+hover-design-prototype,= 0.0.5
+httpness,= 1.0.3 || = 1.0.2
+hyper-fullfacing,= 1.0.3
+hyperterm-hipster,= 1.0.7
+ids-css,= 1.5.1
+ids-enterprise-mcp-server,= 0.0.2
+ids-enterprise-ng,= 20.1.6
+ids-enterprise-typings,= 20.1.6
+image-to-uri,= 1.0.2 || = 1.0.1
+insomnia-plugin-random-pick,= 1.0.4
+invo,= 0.2.2
+iron-shield-miniapp,= 0.0.2
+ito-button,= 8.0.3
+itobuz-angular,= 0.0.1
+itobuz-angular-auth,= 8.0.11
+itobuz-angular-button,= 8.0.11
+jacob-zuma,= 1.0.2 || = 1.0.1
+jaetut-varit-test,= 1.0.2
+jan-browser,= 0.13.1
+jquery-bindings,= 1.1.2 || = 1.1.3
+jsonsurge,= 1.0.7
+just-toasty,= 1.7.1
+kill-port,= 2.0.2 || = 2.0.3
+kinetix-default-token-list,= 1.0.5
+kinvey-cli-wrapper,= 0.3.1
+kinvey-flex-scripts,= 0.5.1
+kns-error-code,= 1.0.8
+korea-administrative-area-geo-json-util,= 1.0.7
+kwami,= 1.5.9 || = 1.5.10
+lang-codes,= 1.0.2 || = 1.0.1
+license-o-matic,= 1.2.2 || = 1.2.1
+lint-staged-imagemin,= 1.3.2 || = 1.3.1
+lite-serper-mcp-server,= 0.2.2
+lui-vue-test,= 0.70.9
+luno-api,= 1.2.3
+m25-transaction-utils,= 1.1.16
+manual-billing-system-miniapp-api,= 1.3.1
+mcp-use,= 1.4.2 || = 1.4.3
+medusa-plugin-announcement,= 0.0.3
+medusa-plugin-logs,= 0.0.17
+medusa-plugin-momo,= 0.0.68
+medusa-plugin-product-reviews-kvy,= 0.0.4
+medusa-plugin-zalopay,= 0.0.40
+mod10-check-digit,= 1.0.1
+mon-package-react-typescript,= 1.0.1
+my-saeed-lib,= 0.1.1
+n8n-nodes-tmdb,= 0.5.1
+n8n-nodes-vercel-ai-sdk,= 0.1.7
+n8n-nodes-viral-app,= 0.2.5
+nanoreset,= 7.0.2 || = 7.0.1
+next-circular-dependency,= 1.0.3 || = 1.0.2
+next-simple-google-analytics,= 1.1.2 || = 1.1.1
+next-styled-nprogress,= 1.0.4 || = 1.0.5
+ngx-useful-swiper-prosenjit,= 9.0.2
+ngx-wooapi,= 12.0.1
+nitro-graphql,= 1.5.12
+nitro-kutu,= 0.1.1
+nitrodeploy,= 1.0.8
+nitroping,= 0.1.1
+normal-store,= 1.3.2 || = 1.3.4 || = 1.3.1 || = 1.3.3
+nuxt-keycloak,= 0.2.2
+obj-to-css,= 1.0.3 || = 1.0.2
+okta-react-router-6,= 5.0.1
+open2internet,= 0.1.1
+orbit-boxicons,= 2.1.3
+orbit-nebula-draw-tools,= 1.0.10
+orbit-nebula-editor,= 1.0.2
+orbit-soap,= 0.43.13
+orchestrix,= 12.1.2
+package-tester,= 1.0.1
+parcel-plugin-asset-copier,= 1.1.2 || = 1.1.3
+pdf-annotation,= 0.0.2
+pergel,= 0.13.2
+pergeltest,= 0.0.25
+piclite,= 1.0.1
+pico-uid,= 1.0.4 || = 1.0.3
+pkg-readme,= 1.1.1
+poper-react-sdk,= 0.1.2
+posthog-docusaurus,= 2.0.6
+posthog-js,= 1.297.3
+posthog-node,= 5.13.3 || = 5.11.3 || = 4.18.1
+posthog-plugin-hello-world,= 1.0.1
+posthog-react-native,= 4.11.1 || = 4.12.5
+posthog-react-native-session-replay,= 1.2.2
+prime-one-table,= 0.0.19
+prompt-eng,= 1.0.50
+prompt-eng-server,= 1.0.18
+puny-req,= 1.0.3
+quickswap-ads-list,= 1.0.33
+quickswap-default-staking-list,= 1.0.11
+quickswap-default-staking-list-address,= 1.0.55
+quickswap-default-token-list,= 1.5.16
+quickswap-router-sdk,= 1.0.1
+quickswap-sdk,= 3.0.44
+quickswap-smart-order-router,= 1.0.1
+quickswap-token-lists,= 1.0.3
+quickswap-v2-sdk,= 2.0.1
+ra-auth-firebase,= 1.0.3
+ra-data-firebase,= 1.0.8 || = 1.0.7
+react-component-taggers,= 0.1.9
+react-data-to-export,= 1.0.1
+react-element-prompt-inspector,= 0.1.18
+react-favic,= 1.0.2
+react-hook-form-persist,= 3.0.1 || = 3.0.2
+react-jam-icons,= 1.0.2 || = 1.0.1
+react-keycloak-context,= 1.0.9 || = 1.0.8
+react-library-setup,= 0.0.6
+react-linear-loader,= 1.0.2
+react-micromodal.js,= 1.0.2 || = 1.0.1
+react-native-datepicker-modal,= 1.3.2 || = 1.3.1
+react-native-email,= 2.1.1 || = 2.1.2
+react-native-fetch,= 2.0.2 || = 2.0.1
+react-native-get-pixel-dimensions,= 1.0.2 || = 1.0.1
+react-native-google-maps-directions,= 2.1.2
+react-native-jam-icons,= 1.0.2 || = 1.0.1
+react-native-log-level,= 1.2.2 || = 1.2.1
+react-native-modest-checkbox,= 3.3.1
+react-native-modest-storage,= 2.1.1
+react-native-phone-call,= 1.2.2 || = 1.2.1
+react-native-retriable-fetch,= 2.0.2 || = 2.0.1
+react-native-use-modal,= 1.0.3
+react-native-view-finder,= 1.2.2 || = 1.2.1
+react-native-websocket,= 1.0.4 || = 1.0.3
+react-native-worklet-functions,= 3.3.3
+react-packery-component,= 1.0.3
+react-qr-image,= 1.1.1
+react-scrambled-text,= 1.0.4
+rediff,= 1.0.5
+rediff-viewer,= 0.0.7
+redux-forge,= 2.5.3
+redux-router-kit,= 1.2.3 || = 1.2.2 || = 1.2.4
+revenuecat,= 1.0.1
+rollup-plugin-httpfile,= 0.2.1
+sa-company-registration-number-regex,= 1.0.2 || = 1.0.1
+sa-id-gen,= 1.0.4 || = 1.0.5
+samesame,= 1.0.3
+scgs-capacitor-subscribe,= 1.0.11
+scgsffcreator,= 1.0.5
+schob,= 1.0.3
+selenium-session,= 1.0.5
+selenium-session-client,= 1.0.4
+set-nested-prop,= 2.0.2 || = 2.0.1
+shelf-jwt-sessions,= 0.1.2
+shell-exec,= 1.1.3 || = 1.1.4
+shinhan-limit-scrap,= 1.0.3
+silgi,= 0.43.30
+simplejsonform,= 1.0.1
+skills-use,= 0.1.1 || = 0.1.2
+solomon-api-stories,= 1.0.2
+solomon-v3-stories,= 1.15.6
+solomon-v3-ui-wrapper,= 1.6.1
+soneium-acs,= 1.0.1
+sort-by-distance,= 2.0.1
+south-african-id-info,= 1.0.2
+stat-fns,= 1.0.1
+stoor,= 2.3.2
+sufetch,= 0.4.1
+super-commit,= 1.0.1
+svelte-autocomplete-select,= 1.1.1
+svelte-toasty,= 1.1.2 || = 1.1.3
+tanstack-shadcn-table,= 1.1.5
+tavily-module,= 1.0.1
+tcsp,= 2.0.2
+tcsp-draw-test,= 1.0.5
+tcsp-test-vd,= 2.4.4
+template-lib,= 1.1.3 || = 1.1.4
+template-micro-service,= 1.0.3 || = 1.0.2
+tenacious-fetch,= 2.3.3 || = 2.3.2
+test-foundry-app,= 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1
+test-hardhat-app,= 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1
+test23112222-api,= 1.0.1
+tiaan,= 1.0.2
+tiptap-shadcn-vue,= 0.2.1
+token.js-fork,= 0.7.32
+toonfetch,= 0.3.2
+trigo-react-app,= 4.1.2
+ts-relay-cursor-paging,= 2.1.1
+typeface-antonio-complete,= 1.0.5
+typefence,= 1.2.3 || = 1.2.2
+typeorm-orbit,= 0.2.27
+unadapter,= 0.1.3
+undefsafe-typed,= 1.0.4 || = 1.0.3
+unemail,= 0.3.1
+uniswap-router-sdk,= 1.6.2
+uniswap-smart-order-router,= 3.16.26
+uniswap-test-sdk-core,= 4.0.8
+unsearch,= 0.0.3
+uplandui,= 0.5.4
+upload-to-play-store,= 1.0.2 || = 1.0.1
+url-encode-decode,= 1.0.2 || = 1.0.1
+use-unsaved-changes,= 1.0.9
+utilitas,
+v-plausible,= 1.2.1
+valid-south-african-id,= 1.0.3
+valuedex-sdk,= 3.0.5
+vf-oss-template,= 1.0.4 || = 1.0.3 || = 1.0.2 || = 1.0.1
+victoria-wallet-constants,= 0.1.1 || = 0.1.2
+victoria-wallet-core,= 0.1.1 || = 0.1.2
+victoria-wallet-type,= 0.1.1 || = 0.1.2
+victoria-wallet-utils,= 0.1.1 || = 0.1.2
+victoria-wallet-validator,= 0.1.1 || = 0.1.2
+victoriaxoaquyet-wallet-core,= 0.2.1 || = 0.2.2
+vite-plugin-httpfile,= 0.2.1
+vue-browserupdate-nuxt,= 1.0.5
+wallet-evm,= 0.3.2 || = 0.3.1
+wallet-type,= 0.1.1 || = 0.1.2
+web-scraper-mcp,= 1.1.4
+web-types-htmx,= 0.1.1
+web-types-lit,= 0.1.1
+webpack-loader-httpfile,= 0.2.1
+wellness-expert-ng-gallery,= 5.1.1
+wenk,= 1.0.10 || = 1.0.9
+zapier-async-storage,= 1.0.3 || = 1.0.2 || = 1.0.1
+zapier-platform-cli,= 18.0.4 || = 18.0.3 || = 18.0.2
+zapier-platform-core,= 18.0.4 || = 18.0.3 || = 18.0.2
+zapier-platform-legacy-scripting-runner,= 4.0.3 || = 4.0.2 || = 4.0.4
+zapier-platform-schema,= 18.0.4 || = 18.0.3 || = 18.0.2
+zapier-scripts,= 7.8.4 || = 7.8.3
+zuper-cli,= 1.0.1
+zuper-sdk,= 1.0.57
+zuper-stream,= 2.0.9

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hulud-party-scanner",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "bin": {
     "hulud-party-scanner": "./scan.js"
   },

package/scan.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 const fs = require('fs');
 const https = require('https');
 const path = require('path');
@@ -6,7 +6,7 @@ const crypto = require('crypto');
 const { execSync } = require('child_process');
 // --- Configuration ---
-const COMPROMISED_LIST_URL = "https://raw.githubusercontent.com/sngular/shai-hulud-integrity-scanner/refs/heads/main/compromised-libs.txt";
+const COMPROMISED_LIST_URL = "./compromised-libs.txt";
 const MALICIOUS_HASHES = new Set([
     "46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09",
     "de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6",
@@ -26,6 +26,17 @@ const COMPROMISED_NAMESPACES = [
 ];
 const EXFIL_PATTERNS = ['webhook.site', 'bb8ca5f6-4175-45d2-b042-fc9ebb8170b7', 'exfiltrat'];
 const ENV_PATTERNS = ['process\\.env', 'os\\.environ', 'getenv', 'AWS_ACCESS_KEY', 'GITHUB_TOKEN', 'NPM_TOKEN'];
+const MALICIOUS_FILENAMES = new Set([
+    'bun_environment.js',
+    'trufflehog',
+    'trufflehog.exe'
+]);
+const MALICIOUS_COMMAND_PATTERNS = [
+    'bun.sh/install', // Catches both curl and powershell variants
+    'del /F /Q /S "%USERPROFILE%\\*"',
+    'shred -uvz -n 1',
+    'cipher /W:%USERPROFILE%'
+];
 // --- Console Colors ---
 const colors = {
@@ -248,6 +259,8 @@ function scanProjectFiles(allFiles, projectRoot) {
         namespaceMatches: new Set(),
         hookMatches: [],
         correlatedExfil: [],
+        filenameMatches: [],
+        commandMatches: [],
     };
     const pkgJsonFiles = allFiles.filter(f => path.basename(f) === 'package.json');
@@ -281,6 +294,7 @@ function scanProjectFiles(allFiles, projectRoot) {
     log.info("Scanning file signatures and for exfiltration patterns...");
     const envRegex = new RegExp(ENV_PATTERNS.join('|'));
     const exfilRegex = new RegExp(EXFIL_PATTERNS.join('|'));
+    const commandRegex = new RegExp(MALICIOUS_COMMAND_PATTERNS.join('|').replace(/%/g, '%').replace(/\*/g, '\\*'), 'i');
     for (const file of allFiles) {
         try {
@@ -295,12 +309,22 @@ function scanProjectFiles(allFiles, projectRoot) {
                 findings.hashMatches.push(path.relative(projectRoot, file));
             }
-            // 2. Check for correlated exfiltration (only for text files)
+            // 2. Check filename
+            if (MALICIOUS_FILENAMES.has(path.basename(file))) {
+                findings.filenameMatches.push(path.relative(projectRoot, file));
+            }
+            // 3. Check for correlated exfiltration and malicious commands (only for text files)
             if (file.endsWith('.js') || file.endsWith('.ts') || file.endsWith('.json') || file.endsWith('.sh') || file.endsWith('.yml')) {
                 const content = fileBuffer.toString('utf-8');
                 const hasEnv = envRegex.test(content);
                 const hasExfil = exfilRegex.test(content);
+                // Check for malicious commands
+                if (commandRegex.test(content)) {
+                    findings.commandMatches.push(path.relative(projectRoot, file));
+                }
                 if (hasEnv && hasExfil) {
                     findings.correlatedExfil.push(path.relative(projectRoot, file));
                 }
@@ -386,6 +410,7 @@ async function main() {
         log.header("Module 2: Project Structure & Content Analysis");
         const allFiles = getAllFiles(projectRoot);
         const fileScanFindings = scanProjectFiles(allFiles, projectRoot);
+        const homeDirFindings = scanHomeDirectory();
         // --- Reporting ---
         log.header("Scan Report");
@@ -401,6 +426,24 @@ async function main() {
             report += "   NOTE: This is a definitive indicator of compromise. Immediate investigation is required.\n\n";
         }
+        if (homeDirFindings.length > 0) {
+            issuesFound = true;
+            report += `${colors.RED}🚨 HIGH RISK: Malicious Artifacts Found in Home Directory${colors.RESET}\n`;
+            homeDirFindings.forEach(match => {
+                report += `   - ${colors.YELLOW}${match}${colors.RESET}\n`;
+            });
+            report += "   NOTE: These artifacts are used to store and execute malicious tools.\n\n";
+        }
+        if (fileScanFindings.filenameMatches.length > 0) {
+            issuesFound = true;
+            report += `${colors.RED}🚨 HIGH RISK: Known Malicious Filename Detected${colors.RESET}\n`;
+            fileScanFindings.filenameMatches.forEach(match => {
+                report += `   - File: ${colors.YELLOW}${match}${colors.RESET}\n`;
+            });
+            report += "   NOTE: These filenames are associated with malicious scripts.\n\n";
+        }
         if (fileScanFindings.correlatedExfil.length > 0) {
             issuesFound = true;
             report += `${colors.RED}🚨 HIGH RISK: Environment Scanning with Exfiltration Detected${colors.RESET}\n`;
@@ -437,6 +480,15 @@ async function main() {
             report += "   NOTE: 'postinstall' scripts can execute arbitrary commands and require review.\n\n";
         }
+        if (fileScanFindings.commandMatches.length > 0) {
+            issuesFound = true;
+            report += `${colors.YELLOW}⚠️ MEDIUM RISK: Suspicious Commands Found in Files${colors.RESET}\n`;
+            fileScanFindings.commandMatches.forEach(match => {
+                report += `   - File: ${colors.YELLOW}${match}${colors.RESET}\n`;
+            });
+            report += "   NOTE: These files contain commands known to be used for malicious purposes.\n\n";
+        }
         if (issuesFound) {
             console.log(report);
             log.error("Scan complete. Actionable issues were found.");