muaddib-scanner 1.0.16 → 1.0.18

package/.muaddib-cache/iocs.json

@@ -12802,5 +12802,5 @@
     "discord-webhook.js",
     "inject.js"
   ],
-  "updated": "2026-01-08T13:42:15.365Z"
+  "updated": "2026-01-08T13:54:17.498Z"
 }

package/bin/muaddib.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 
 const { run } = require('../src/index.js');
 const { updateIOCs } = require('../src/ioc/updater.js');

package/data/iocs.json

@@ -1,6 +1,6 @@
 {
   "version": "1.1.0",
-  "updated": "2026-01-08T10:10:43.130Z",
+  "updated": "2026-01-08T14:00:38.388Z",
   "description": "IOCs communautaires MUAD'DIB - Contribuez via PR",
   "packages": [
     {
@@ -93,636 +93,6 @@
       "source": "typosquat",
       "description": "Typosquat de requests"
     },
-    {
-      "id": "GHSA-GHSA-rwc2-f344-q6w6",
-      "name": "serverless",
-      "version": ">= 4.29.0, < 4.29.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "serverless MCP Server vulnerable to Command Injection in list-projects tool",
-      "references": [
-        "https://github.com/advisories/GHSA-rwc2-f344-q6w6"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-69256"
-    },
-    {
-      "id": "GHSA-GHSA-6rw7-vpxm-498p",
-      "name": "qs",
-      "version": "< 6.14.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
-      "references": [
-        "https://github.com/advisories/GHSA-6rw7-vpxm-498p"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-15284"
-    },
-    {
-      "id": "GHSA-GHSA-xphh-5v4r-r3rx",
-      "name": "psitransfer",
-      "version": "< 2.3.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "PsiTransfer has Zip Slip Path Traversal via TAR Archive Download",
-      "references": [
-        "https://github.com/advisories/GHSA-xphh-5v4r-r3rx"
-      ],
-      "mitre": "T1195.002",
-      "cve": null
-    },
-    {
-      "id": "GHSA-GHSA-6vj3-p34w-xxjp",
-      "name": "apidoc-core",
-      "version": ">= 0.2.0, <= 0.15.0",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "apidoc-core has a prototype pollution vulnerability",
-      "references": [
-        "https://github.com/advisories/GHSA-6vj3-p34w-xxjp"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-13158"
-    },
-    {
-      "id": "GHSA-GHSA-j4p8-h8mh-rh8q",
-      "name": "n8n",
-      "version": ">= 1.2.1, < 2.0.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Self-hosted n8n has Legacy Code node that enables arbitrary file read/write",
-      "references": [
-        "https://github.com/advisories/GHSA-j4p8-h8mh-rh8q"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68697"
-    },
-    {
-      "id": "GHSA-GHSA-jv72-59wq-8rxm",
-      "name": "libxmljs",
-      "version": "<= 1.0.11",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)",
-      "references": [
-        "https://github.com/advisories/GHSA-jv72-59wq-8rxm"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-25341"
-    },
-    {
-      "id": "GHSA-GHSA-r399-636x-v7f6",
-      "name": "@langchain/core",
-      "version": ">= 1.0.0, < 1.1.8",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "LangChain serialization injection vulnerability enables secret extraction",
-      "references": [
-        "https://github.com/advisories/GHSA-r399-636x-v7f6"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68665"
-    },
-    {
-      "id": "GHSA-GHSA-r399-636x-v7f6",
-      "name": "langchain",
-      "version": ">= 1.0.0, < 1.2.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "LangChain serialization injection vulnerability enables secret extraction",
-      "references": [
-        "https://github.com/advisories/GHSA-r399-636x-v7f6"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68665"
-    },
-    {
-      "id": "GHSA-GHSA-rchf-xwx2-hm93",
-      "name": "@fedify/fedify",
-      "version": "< 1.6.13",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Fedify has ReDoS Vulnerability in HTML Parsing Regex",
-      "references": [
-        "https://github.com/advisories/GHSA-rchf-xwx2-hm93"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68475"
-    },
-    {
-      "id": "GHSA-GHSA-8452-54wp-rmv6",
-      "name": "storybook",
-      "version": ">= 7.0.0, < 7.6.21",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Storybook manager bundle may expose environment variables during build",
-      "references": [
-        "https://github.com/advisories/GHSA-8452-54wp-rmv6"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68429"
-    },
-    {
-      "id": "GHSA-GHSA-529f-9qwm-9628",
-      "name": "tinacms",
-      "version": "< 3.1.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "tinacms is vulnerable to arbitrary code execution",
-      "references": [
-        "https://github.com/advisories/GHSA-529f-9qwm-9628"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68278"
-    },
-    {
-      "id": "GHSA-GHSA-529f-9qwm-9628",
-      "name": "@tinacms/cli",
-      "version": "< 2.0.4",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "tinacms is vulnerable to arbitrary code execution",
-      "references": [
-        "https://github.com/advisories/GHSA-529f-9qwm-9628"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68278"
-    },
-    {
-      "id": "GHSA-GHSA-529f-9qwm-9628",
-      "name": "@tinacms/graphql",
-      "version": "< 2.0.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "tinacms is vulnerable to arbitrary code execution",
-      "references": [
-        "https://github.com/advisories/GHSA-529f-9qwm-9628"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68278"
-    },
-    {
-      "id": "GHSA-GHSA-wphj-fx3q-84ch",
-      "name": "systeminformation",
-      "version": "< 5.27.14",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "systeminformation has a Command Injection vulnerability in fsSize() function on Windows",
-      "references": [
-        "https://github.com/advisories/GHSA-wphj-fx3q-84ch"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68154"
-    },
-    {
-      "id": "GHSA-GHSA-3f5f-xgrj-97pf",
-      "name": "parse-server",
-      "version": ">= 9.0.0, < 9.1.1.alpha.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter",
-      "references": [
-        "https://github.com/advisories/GHSA-3f5f-xgrj-97pf"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68150"
-    },
-    {
-      "id": "GHSA-GHSA-g239-q96q-x4qm",
-      "name": "@vitejs/plugin-rsc",
-      "version": "< 0.5.8",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint",
-      "references": [
-        "https://github.com/advisories/GHSA-g239-q96q-x4qm"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68155"
-    },
-    {
-      "id": "GHSA-GHSA-x732-6j76-qmhm",
-      "name": "better-auth",
-      "version": "< 1.4.5",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits",
-      "references": [
-        "https://github.com/advisories/GHSA-x732-6j76-qmhm"
-      ],
-      "mitre": "T1195.002",
-      "cve": null
-    },
-    {
-      "id": "GHSA-GHSA-43p4-m455-4f4j",
-      "name": "@trpc/server",
-      "version": ">= 10.27.0, < 10.45.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "tRPC has possible prototype pollution in `experimental_nextAppDirCaller`",
-      "references": [
-        "https://github.com/advisories/GHSA-43p4-m455-4f4j"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68130"
-    },
-    {
-      "id": "GHSA-GHSA-vr6p-vq2p-6j74",
-      "name": "likec4",
-      "version": "<= 1.46.1",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions",
-      "references": [
-        "https://github.com/advisories/GHSA-vr6p-vq2p-6j74"
-      ],
-      "mitre": "T1195.002",
-      "cve": null
-    },
-    {
-      "id": "GHSA-GHSA-496g-mmpw-j9x3",
-      "name": "misskey-js",
-      "version": ">= 13.0.0-beta.16, < 2025.12.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "misskey.js's export data contains private post data",
-      "references": [
-        "https://github.com/advisories/GHSA-496g-mmpw-j9x3"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66402"
-    },
-    {
-      "id": "GHSA-GHSA-3jp5-5f8r-q2wg",
-      "name": "vuetify",
-      "version": ">= 2.2.0-beta.2, < 3.0.0-alpha.10",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Vuetify has a Prototype Pollution vulnerability",
-      "references": [
-        "https://github.com/advisories/GHSA-3jp5-5f8r-q2wg"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-8083"
-    },
-    {
-      "id": "GHSA-GHSA-55jh-84jv-8mx8",
-      "name": "lightning-flow-scanner",
-      "version": "< 6.10.6",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule",
-      "references": [
-        "https://github.com/advisories/GHSA-55jh-84jv-8mx8"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67750"
-    },
-    {
-      "id": "GHSA-GHSA-5j59-xgg2-r9c4",
-      "name": "next",
-      "version": ">= 13.3.1-canary.0, < 14.2.35",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up",
-      "references": [
-        "https://github.com/advisories/GHSA-5j59-xgg2-r9c4"
-      ],
-      "mitre": "T1195.002",
-      "cve": null
-    },
-    {
-      "id": "GHSA-GHSA-7gmr-mq3h-m5h9",
-      "name": "react-server-dom-parcel",
-      "version": ">= 19.0.2, < 19.0.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Denial of Service Vulnerability in React Server Components",
-      "references": [
-        "https://github.com/advisories/GHSA-7gmr-mq3h-m5h9"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67779"
-    },
-    {
-      "id": "GHSA-GHSA-7gmr-mq3h-m5h9",
-      "name": "react-server-dom-turbopack",
-      "version": ">= 19.0.2, < 19.0.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Denial of Service Vulnerability in React Server Components",
-      "references": [
-        "https://github.com/advisories/GHSA-7gmr-mq3h-m5h9"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67779"
-    },
-    {
-      "id": "GHSA-GHSA-7gmr-mq3h-m5h9",
-      "name": "react-server-dom-webpack",
-      "version": ">= 19.0.2, < 19.0.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Denial of Service Vulnerability in React Server Components",
-      "references": [
-        "https://github.com/advisories/GHSA-7gmr-mq3h-m5h9"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67779"
-    },
-    {
-      "id": "GHSA-GHSA-qgc4-8p88-4w7m",
-      "name": "servify-express",
-      "version": "<= 1.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Servify-express rate limit issue",
-      "references": [
-        "https://github.com/advisories/GHSA-qgc4-8p88-4w7m"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67731"
-    },
-    {
-      "id": "GHSA-GHSA-m654-769v-qjv7",
-      "name": "formio",
-      "version": "< 3.5.7",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Formio improperly authorized permission elevation through specially crafted request path",
-      "references": [
-        "https://github.com/advisories/GHSA-m654-769v-qjv7"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67718"
-    },
-    {
-      "id": "GHSA-GHSA-8vch-m3f4-q8jf",
-      "name": "elysia",
-      "version": "< 1.4.18",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Elysia affected by arbitrary code injection through cookie config",
-      "references": [
-        "https://github.com/advisories/GHSA-8vch-m3f4-q8jf"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66457"
-    },
-    {
-      "id": "GHSA-GHSA-8wvc-869r-xfqf",
-      "name": "open-webui",
-      "version": "<= 0.6.36",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'",
-      "references": [
-        "https://github.com/advisories/GHSA-8wvc-869r-xfqf"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-65959"
-    },
-    {
-      "id": "GHSA-GHSA-869p-cjfg-cm3x",
-      "name": "jws",
-      "version": "< 3.2.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "auth0/node-jws Improperly Verifies HMAC Signature",
-      "references": [
-        "https://github.com/advisories/GHSA-869p-cjfg-cm3x"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-65945"
-    },
-    {
-      "id": "GHSA-GHSA-xq4m-mc3c-vvg3",
-      "name": "@anthropic-ai/claude-code",
-      "version": "< 1.0.93",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Claude Code Command Validation Bypass Allows Arbitrary Code Execution",
-      "references": [
-        "https://github.com/advisories/GHSA-xq4m-mc3c-vvg3"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66032"
-    },
-    {
-      "id": "GHSA-GHSA-w48q-cv73-mx4w",
-      "name": "@modelcontextprotocol/sdk",
-      "version": "< 1.24.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default",
-      "references": [
-        "https://github.com/advisories/GHSA-w48q-cv73-mx4w"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66414"
-    },
-    {
-      "id": "GHSA-GHSA-v4hv-rgfq-gp49",
-      "name": "@angular/compiler",
-      "version": ">= 21.0.0-next.0, < 21.0.2",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes",
-      "references": [
-        "https://github.com/advisories/GHSA-v4hv-rgfq-gp49"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66412"
-    },
-    {
-      "id": "GHSA-GHSA-27m7-ffhq-jqrm",
-      "name": "mcp-watch",
-      "version": "<= 0.1.2",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL",
-      "references": [
-        "https://github.com/advisories/GHSA-27m7-ffhq-jqrm"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66401"
-    },
-    {
-      "id": "GHSA-GHSA-vghf-hv5q-vc2g",
-      "name": "validator",
-      "version": "< 13.15.22",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements",
-      "references": [
-        "https://github.com/advisories/GHSA-vghf-hv5q-vc2g"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-12758"
-    },
-    {
-      "id": "GHSA-GHSA-58c5-g7wp-6w37",
-      "name": "@angular/common",
-      "version": ">= 21.0.0-next.0, < 21.0.1",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client",
-      "references": [
-        "https://github.com/advisories/GHSA-58c5-g7wp-6w37"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66035"
-    },
-    {
-      "id": "GHSA-GHSA-554w-wpv2-vw27",
-      "name": "node-forge",
-      "version": "< 1.3.2",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "node-forge has ASN.1 Unbounded Recursion",
-      "references": [
-        "https://github.com/advisories/GHSA-554w-wpv2-vw27"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66031"
-    },
-    {
-      "id": "GHSA-GHSA-vqpr-j7v3-hqw9",
-      "name": "valibot",
-      "version": ">= 0.31.0, < 1.2.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Valibot has a ReDoS vulnerability in `EMOJI_REGEX`",
-      "references": [
-        "https://github.com/advisories/GHSA-vqpr-j7v3-hqw9"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66020"
-    },
-    {
-      "id": "GHSA-GHSA-m449-vh5f-574g",
-      "name": "@oneuptime/common",
-      "version": "< 9.1.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "OneUptime Unauthorized User Creation via API",
-      "references": [
-        "https://github.com/advisories/GHSA-m449-vh5f-574g"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-65966"
-    },
-    {
-      "id": "GHSA-GHSA-4vcf-q4xf-f48m",
-      "name": "@better-auth/passkey",
-      "version": "< 1.4.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Better Auth Passkey Plugin allows passkey deletion through IDOR",
-      "references": [
-        "https://github.com/advisories/GHSA-4vcf-q4xf-f48m"
-      ],
-      "mitre": "T1195.002",
-      "cve": null
-    },
-    {
-      "id": "GHSA-GHSA-p8pf-44ff-93gf",
-      "name": "@workos-inc/authkit-nextjs",
-      "version": "<= 2.11.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "authkit-nextjs may let session cookies be cached in CDNs",
-      "references": [
-        "https://github.com/advisories/GHSA-p8pf-44ff-93gf"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-64762"
-    },
-    {
-      "id": "GHSA-GHSA-547r-qmjm-8hvw",
-      "name": "md-to-pdf",
-      "version": "< 5.2.5",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter",
-      "references": [
-        "https://github.com/advisories/GHSA-547r-qmjm-8hvw"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-65108"
-    },
-    {
-      "id": "GHSA-GHSA-73g8-5h73-26h4",
-      "name": "@hpke/core",
-      "version": "<= 1.7.4",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "@hpke/core reuses AEAD nonces",
-      "references": [
-        "https://github.com/advisories/GHSA-73g8-5h73-26h4"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-64767"
-    },
-    {
-      "id": "GHSA-GHSA-wrwg-2hg8-v723",
-      "name": "astro",
-      "version": "<= 5.15.6",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Astro vulnerable to reflected XSS via the server islands feature",
-      "references": [
-        "https://github.com/advisories/GHSA-wrwg-2hg8-v723"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-64764"
-    },
     {
       "id": "SOCKET-@pnpm.exe/pnpm",
       "name": "@pnpm.exe/pnpm",
@@ -2143,34 +1513,6 @@
       "references": [],
       "mitre": "T1195.002"
     },
-    {
-      "id": "GHSA-gvq6-hvvp-h34h",
-      "name": "@adonisjs/bodyparser",
-      "version": "< 10.1.2",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "AdonisJS Path Traversal in Multipart File Handling",
-      "references": [
-        "https://github.com/advisories/GHSA-gvq6-hvvp-h34h"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2026-21440"
-    },
-    {
-      "id": "GHSA-fq56-hvg6-wvm5",
-      "name": "signalk-server",
-      "version": "< 2.19.0",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling",
-      "references": [
-        "https://github.com/advisories/GHSA-fq56-hvg6-wvm5"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68620"
-    },
     {
       "id": "SHAI-HULUD-02-echo",
       "name": "02-echo",
@@ -12505,104 +11847,6 @@
         "https://github.com/gensecaihq/Shai-Hulud-2.0-Detector"
       ],
       "mitre": "T1195.002"
-    },
-    {
-      "id": "GHSA-36hm-qxxp-pg3m",
-      "name": "preact",
-      "version": ">= 10.26.5, < 10.26.10",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Preact has JSON VNode Injection issue",
-      "references": [
-        "https://github.com/advisories/GHSA-36hm-qxxp-pg3m"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2026-22028"
-    },
-    {
-      "id": "GHSA-379q-355j-w6rj",
-      "name": "pnpm",
-      "version": ">= 10.0.0, < 10.26.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "pnpm v10+ Bypass \"Dependency lifecycle scripts execution disabled by default\"",
-      "references": [
-        "https://github.com/advisories/GHSA-379q-355j-w6rj"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-69264"
-    },
-    {
-      "id": "GHSA-6fg3-hvw7-2fwq",
-      "name": "@playwright/mcp",
-      "version": "< 0.0.40",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools",
-      "references": [
-        "https://github.com/advisories/GHSA-6fg3-hvw7-2fwq"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-9611"
-    },
-    {
-      "id": "GHSA-m9rg-mr6g-75gm",
-      "name": "vega-functions",
-      "version": "<= 6.1.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "`vega-functions` vulnerable to Cross-site Scripting via `setdata` function",
-      "references": [
-        "https://github.com/advisories/GHSA-m9rg-mr6g-75gm"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-66648"
-    },
-    {
-      "id": "GHSA-829q-m3qg-ph8r",
-      "name": "vega-selections",
-      "version": "< 5.6.3",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope",
-      "references": [
-        "https://github.com/advisories/GHSA-829q-m3qg-ph8r"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-65110"
-    },
-    {
-      "id": "GHSA-m2q5-xhqg-92r2",
-      "name": "@evershop/evershop",
-      "version": "<= 2.1.0",
-      "severity": "high",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "evershop allows unauthenticated attackers to exhaust application server's resources via \"GET /images\" API",
-      "references": [
-        "https://github.com/advisories/GHSA-m2q5-xhqg-92r2"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-67419"
-    },
-    {
-      "id": "GHSA-f8cm-6447-x5h2",
-      "name": "jspdf",
-      "version": "<= 3.0.4",
-      "severity": "critical",
-      "confidence": "high",
-      "source": "github-advisory",
-      "description": "jsPDF has Local File Inclusion/Path Traversal vulnerability",
-      "references": [
-        "https://github.com/advisories/GHSA-f8cm-6447-x5h2"
-      ],
-      "mitre": "T1195.002",
-      "cve": "CVE-2025-68428"
     }
   ],
   "hashes": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "1.0.16",
+  "version": "1.0.18",
   "description": "Supply-chain threat detection & response for npm",
   "main": "src/index.js",
   "bin": {

package/src/index.js

@@ -19,12 +19,15 @@ function scanParanoid(targetPath) {
   const threats = [];
   
   function scanFile(filePath) {
-    try {
-      const content = fs.readFileSync(filePath, 'utf8');
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    
+      // Ignorer les URLs (contiennent souvent des patterns comme .git)
+      const contentWithoutUrls = content.replace(/https?:\/\/[^\s"']+/g, '');
       
       for (const [ruleKey, rule] of Object.entries(PARANOID_RULES)) {
         for (const pattern of rule.patterns) {
-          if (content.includes(pattern)) {
+          if (contentWithoutUrls.includes(pattern)) {
             threats.push({
               type: rule.id,
               severity: rule.severity.toUpperCase(),
@@ -41,7 +44,7 @@ function scanParanoid(targetPath) {
   }
   
   function walkDir(dir) {
-    const excluded = ['node_modules', '.git', 'test', 'tests', 'src', 'vscode-extension'];
+    const excluded = ['node_modules', '.git', 'test', 'tests', 'src', 'vscode-extension', '.muaddib-cache', 'data', 'iocs'];
     try {
       const files = fs.readdirSync(dir);
       for (const file of files) {

package/src/ioc/scraper.js

@@ -485,7 +485,6 @@ async function runScraper() {
 const [
   shaiHuludPackages,
   datadogResult,
-  githubPackages,
   osvPackages,
   socketPackages,
   phylumPackages,
@@ -495,7 +494,6 @@ const [
 ] = await Promise.all([
   scrapeShaiHuludDetector(),
   scrapeDatadogIOCs(),
-  scrapeGitHubAdvisories(),
   scrapeOSV(),
   scrapeSocketReports(),
   scrapePhylum(),
@@ -508,7 +506,6 @@ const [
 const allPackages = [
   ...shaiHuludPackages,
   ...datadogResult.packages,
-  ...githubPackages,
   ...osvPackages,
   ...socketPackages,
   ...phylumPackages,

package/src/scanner/typosquat.js

@@ -28,7 +28,7 @@ const WHITELIST = [
   'co', 'q', 'n', 'i', 'a', 'v', 'x', 'y', 'z',
   'ejs', 'nyc', 'ini', 'joi', 'vue', 'npm', 'got', 'ora',
   'vary', 'mime', 'send', 'etag', 'raw', 'tar', 'uid', 'cjs',
-  'rxjs', 'yarn', 'pnpm', 'next',
+  'rxjs', 'yarn', 'pnpm', 'next', 'targz',
   
   // Packages legitimes avec noms similaires
   'acorn', 'acorn-walk', 'js-yaml', 'cross-env', 'node-fetch', 'node-gyp',