muaddib-scanner 1.0.2 → 1.0.4

package/bin/muaddib.js

@@ -3,6 +3,7 @@
 const { run } = require('../src/index.js');
 const { updateIOCs } = require('../src/ioc/updater.js');
 const { watch } = require('../src/watch.js');
+const { startDaemon } = require('../src/daemon.js');
 
 const args = process.argv.slice(2);
 const command = args[0];
@@ -13,7 +14,8 @@ let jsonOutput = false;
 let htmlOutput = null;
 let sarifOutput = null;
 let explainMode = false;
-let failLevel = 'high'; // Par defaut, fail sur HIGH et CRITICAL
+let failLevel = 'high';
+let webhookUrl = null;
 
 for (let i = 0; i < options.length; i++) {
   if (options[i] === '--json') {
@@ -29,6 +31,9 @@ for (let i = 0; i < options.length; i++) {
   } else if (options[i] === '--fail-on') {
     failLevel = options[i + 1] || 'high';
     i++;
+  } else if (options[i] === '--webhook') {
+    webhookUrl = options[i + 1];
+    i++;
   } else if (!options[i].startsWith('-')) {
     target = options[i];
   }
@@ -51,6 +56,8 @@ if (!command) {
     --explain           Affiche les details de chaque detection
     --fail-on [level]   Niveau de severite pour exit code (critical|high|medium|low)
                         Defaut: high (fail sur HIGH et CRITICAL)
+    --webhook [url]     Envoie une alerte Discord/Slack
+    muaddib daemon [options]        Lance le daemon de surveillance
   `);
   process.exit(0);
 }
@@ -61,7 +68,8 @@ if (command === 'scan') {
     html: htmlOutput, 
     sarif: sarifOutput,
     explain: explainMode,
-    failLevel: failLevel
+    failLevel: failLevel,
+    webhook: webhookUrl
   }).then(exitCode => {
     process.exit(exitCode);
   });
@@ -75,10 +83,12 @@ if (command === 'scan') {
     process.exit(1);
   });
 } else if (command === 'help') {
-  console.log('muaddib scan [path] [--json] [--html file] [--sarif file] [--explain] [--fail-on level]');
+  console.log('muaddib scan [path] [--json] [--html file] [--sarif file] [--explain] [--fail-on level] [--webhook url]');
   console.log('muaddib watch [path] - Surveille un projet en temps reel');
   console.log('muaddib update - Met a jour les IOCs');
+} else if (command === 'daemon') {
+  startDaemon({ webhook: webhookUrl });
 } else {
   console.log(`Commande inconnue: ${command}`);
   process.exit(1);
-}
+} 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Supply-chain threat detection & response for npm",
   "main": "src/index.js",
   "bin": {
@@ -38,6 +38,7 @@
   "dependencies": {
     "acorn": "^8.14.0",
     "acorn-walk": "^8.3.4",
-    "js-yaml": "^4.1.0"
+    "js-yaml": "^4.1.0",
+    "lodash": "^4.17.21"
   }
 }

package/src/daemon.js

@@ -0,0 +1,142 @@
+const fs = require('fs');
+const path = require('path');
+const { spawn } = require('child_process');
+const { run } = require('./index.js');
+
+let webhookUrl = null;
+let watchedDirs = [];
+let isRunning = false;
+
+async function startDaemon(options = {}) {
+  webhookUrl = options.webhook || null;
+  isRunning = true;
+
+  console.log(`
+╔════════════════════════════════════════════╗
+║         MUAD'DIB Security Daemon           ║
+║      Surveillance npm install active       ║
+╚════════════════════════════════════════════╝
+  `);
+
+  console.log('[DAEMON] Demarrage...');
+  console.log(`[DAEMON] Webhook: ${webhookUrl ? 'Configure' : 'Non configure'}`);
+  console.log('[DAEMON] Ctrl+C pour arreter\n');
+
+  // Surveille le dossier courant
+  const cwd = process.cwd();
+  watchDirectory(cwd);
+
+  // Garde le processus actif
+  process.on('SIGINT', () => {
+    console.log('\n[DAEMON] Arret...');
+    isRunning = false;
+    process.exit(0);
+  });
+
+  // Boucle infinie
+  while (isRunning) {
+    await sleep(1000);
+  }
+}
+
+function watchDirectory(dir) {
+  const nodeModulesPath = path.join(dir, 'node_modules');
+  const packageLockPath = path.join(dir, 'package-lock.json');
+  const yarnLockPath = path.join(dir, 'yarn.lock');
+
+  console.log(`[DAEMON] Surveillance de ${dir}`);
+
+  // Surveille package-lock.json
+  if (fs.existsSync(packageLockPath)) {
+    watchFile(packageLockPath, dir);
+  }
+
+  // Surveille yarn.lock
+  if (fs.existsSync(yarnLockPath)) {
+    watchFile(yarnLockPath, dir);
+  }
+
+  // Surveille node_modules
+  if (fs.existsSync(nodeModulesPath)) {
+    watchNodeModules(nodeModulesPath, dir);
+  }
+
+  // Surveille la creation de node_modules
+  fs.watch(dir, (eventType, filename) => {
+    if (filename === 'node_modules' && eventType === 'rename') {
+      const nmPath = path.join(dir, 'node_modules');
+      if (fs.existsSync(nmPath)) {
+        console.log('[DAEMON] node_modules detecte, scan en cours...');
+        triggerScan(dir);
+      }
+    }
+    if (filename === 'package-lock.json' || filename === 'yarn.lock') {
+      console.log(`[DAEMON] ${filename} modifie, scan en cours...`);
+      triggerScan(dir);
+    }
+  });
+}
+
+function watchFile(filePath, projectDir) {
+  let lastMtime = fs.statSync(filePath).mtime.getTime();
+
+  fs.watch(filePath, (eventType) => {
+    if (eventType === 'change') {
+      const currentMtime = fs.statSync(filePath).mtime.getTime();
+      if (currentMtime !== lastMtime) {
+        lastMtime = currentMtime;
+        console.log(`[DAEMON] ${path.basename(filePath)} modifie`);
+        triggerScan(projectDir);
+      }
+    }
+  });
+}
+
+function watchNodeModules(nodeModulesPath, projectDir) {
+  fs.watch(nodeModulesPath, { recursive: true }, (eventType, filename) => {
+    if (filename && filename.includes('package.json')) {
+      console.log(`[DAEMON] Nouveau package detecte: ${filename}`);
+      triggerScan(projectDir);
+    }
+  });
+}
+
+let scanTimeout = null;
+let lastScanTime = 0;
+
+function triggerScan(dir) {
+  const now = Date.now();
+  
+  // Debounce: attend 3 secondes avant de scanner
+  if (scanTimeout) {
+    clearTimeout(scanTimeout);
+  }
+
+  // Evite les scans trop frequents (minimum 10 secondes entre chaque)
+  if (now - lastScanTime < 10000) {
+    scanTimeout = setTimeout(() => triggerScan(dir), 10000 - (now - lastScanTime));
+    return;
+  }
+
+  scanTimeout = setTimeout(async () => {
+    lastScanTime = Date.now();
+    console.log(`\n[DAEMON] ========== SCAN AUTOMATIQUE ==========`);
+    console.log(`[DAEMON] Cible: ${dir}`);
+    console.log(`[DAEMON] Heure: ${new Date().toLocaleTimeString()}\n`);
+
+    try {
+      await run(dir, { webhook: webhookUrl });
+    } catch (err) {
+      console.log(`[DAEMON] Erreur scan: ${err.message}`);
+    }
+
+    console.log(`\n[DAEMON] ======================================\n`);
+    console.log('[DAEMON] En attente de modifications...');
+  }, 3000);
+}
+
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+module.exports = { startDaemon };

package/src/index.js

@@ -10,6 +10,7 @@ const { getRule } = require('./rules/index.js');
 const { saveReport } = require('./report.js');
 const { saveSARIF } = require('./sarif.js');
 const { scanTyposquatting } = require('./scanner/typosquat.js');
+const { sendWebhook } = require('./webhook.js');
 
 async function run(targetPath, options = {}) {
   const threats = [];
@@ -53,15 +54,34 @@ async function run(targetPath, options = {}) {
     };
   });
 
+// Calculer le score de risque (0-100)
+  const criticalCount = threats.filter(t => t.severity === 'CRITICAL').length;
+  const highCount = threats.filter(t => t.severity === 'HIGH').length;
+  const mediumCount = threats.filter(t => t.severity === 'MEDIUM').length;
+  
+  let riskScore = 0;
+  riskScore += criticalCount * 25;  // CRITICAL = 25 points
+  riskScore += highCount * 10;       // HIGH = 10 points
+  riskScore += mediumCount * 3;      // MEDIUM = 3 points
+  riskScore = Math.min(100, riskScore); // Cap a 100
+
+  const riskLevel = riskScore >= 75 ? 'CRITICAL' 
+                  : riskScore >= 50 ? 'HIGH'
+                  : riskScore >= 25 ? 'MEDIUM'
+                  : riskScore > 0 ? 'LOW'
+                  : 'SAFE';
+
   const result = {
     target: targetPath,
     timestamp: new Date().toISOString(),
     threats: enrichedThreats,
     summary: {
       total: threats.length,
-      critical: threats.filter(t => t.severity === 'CRITICAL').length,
-      high: threats.filter(t => t.severity === 'HIGH').length,
-      medium: threats.filter(t => t.severity === 'MEDIUM').length
+      critical: criticalCount,
+      high: highCount,
+      medium: mediumCount,
+      riskScore: riskScore,
+      riskLevel: riskLevel
     }
   };
 
@@ -105,10 +125,14 @@ async function run(targetPath, options = {}) {
       });
     }
   }
-  // Sortie normale
+// Sortie normale
   else {
     console.log(`\n[MUADDIB] Scan de ${targetPath}\n`);
 
+    // Afficher le score de risque
+    const scoreBar = '█'.repeat(Math.floor(result.summary.riskScore / 5)) + '░'.repeat(20 - Math.floor(result.summary.riskScore / 5));
+    console.log(`[SCORE] ${result.summary.riskScore}/100 [${scoreBar}] ${result.summary.riskLevel}\n`);
+
     if (threats.length === 0) {
       console.log('[OK] Aucune menace detectee.\n');
     } else {
@@ -129,7 +153,17 @@ async function run(targetPath, options = {}) {
     }
   }
 
-// Calculer exit code selon le niveau de fail
+// Envoyer webhook si configure
+  if (options.webhook) {
+    try {
+      await sendWebhook(options.webhook, result);
+      console.log(`[OK] Alerte envoyee au webhook`);
+    } catch (err) {
+      console.log(`[WARN] Echec envoi webhook: ${err.message}`);
+    }
+  }
+
+  // Calculer exit code selon le niveau de fail
   const failLevel = options.failLevel || 'high';
   const severityLevels = {
     critical: ['CRITICAL'],

package/src/scanner/typosquat.js

@@ -21,6 +21,34 @@ const POPULAR_PACKAGES = [
   'prop-types', 'cross-env', 'npm', 'yarn', 'pnpm', 'node-fetch', 'got'
 ];
 
+// Packages legitimes qui ressemblent a des populaires mais sont OK
+const WHITELIST = [
+  'acorn',
+  'acorn-walk',
+  'js-yaml',
+  'cross-env',
+  'node-fetch',
+  'node-gyp',
+  'core-js',
+  'lodash-es',
+  'date-fns',
+  'ts-node',
+  'ts-jest',
+  'css-loader',
+  'style-loader',
+  'file-loader',
+  'url-loader',
+  'babel-loader',
+  'vue-loader',
+  'react-dom',
+  'react-router',
+  'react-redux',
+  'vue-router',
+  'express-session',
+  'body-parser',
+  'cookie-parser'
+];
+
 // Techniques de typosquatting connues
 const TYPOSQUAT_PATTERNS = [
   { type: 'missing_char', fn: (name) => generateMissingChar(name) },
@@ -69,6 +97,9 @@ async function scanTyposquatting(targetPath) {
 }
 
 function findTyposquatMatch(name) {
+  // Ignore les packages whitelistes
+  if (WHITELIST.includes(name)) return null;
+  
   // Ignore les packages scoped (@org/package)
   if (name.startsWith('@')) return null;
 

package/src/webhook.js

@@ -0,0 +1,176 @@
+const https = require('https');
+const http = require('http');
+
+async function sendWebhook(url, results) {
+  const isDiscord = url.includes('discord.com');
+  const isSlack = url.includes('hooks.slack.com');
+
+  let payload;
+
+  if (isDiscord) {
+    payload = formatDiscord(results);
+  } else if (isSlack) {
+    payload = formatSlack(results);
+  } else {
+    payload = formatGeneric(results);
+  }
+
+  return send(url, payload);
+}
+
+function formatDiscord(results) {
+  const { summary, threats, target } = results;
+  
+  const color = summary.riskLevel === 'CRITICAL' ? 0xe74c3c
+              : summary.riskLevel === 'HIGH' ? 0xe67e22
+              : summary.riskLevel === 'MEDIUM' ? 0xf1c40f
+              : summary.riskLevel === 'LOW' ? 0x3498db
+              : 0x2ecc71;
+
+  const criticalThreats = threats
+    .filter(t => t.severity === 'CRITICAL')
+    .slice(0, 5)
+    .map(t => `- ${t.message}`)
+    .join('\n');
+
+  return {
+    embeds: [{
+      title: 'MUAD\'DIB Security Scan',
+      description: `Scan de **${target}**`,
+      color: color,
+      fields: [
+        {
+          name: 'Score de risque',
+          value: `**${summary.riskScore}/100** (${summary.riskLevel})`,
+          inline: true
+        },
+        {
+          name: 'Menaces',
+          value: `${summary.critical} CRITICAL\n${summary.high} HIGH\n${summary.medium} MEDIUM`,
+          inline: true
+        },
+        {
+          name: 'Total',
+          value: `**${summary.total}** menace(s)`,
+          inline: true
+        }
+      ],
+      footer: {
+        text: 'MUAD\'DIB - Supply-chain threat detection'
+      },
+      timestamp: results.timestamp
+    }]
+  };
+}
+
+function formatSlack(results) {
+  const { summary, threats, target } = results;
+
+  const emoji = summary.riskLevel === 'CRITICAL' ? ':rotating_light:'
+              : summary.riskLevel === 'HIGH' ? ':warning:'
+              : summary.riskLevel === 'MEDIUM' ? ':large_yellow_circle:'
+              : summary.riskLevel === 'LOW' ? ':information_source:'
+              : ':white_check_mark:';
+
+  const criticalList = threats
+    .filter(t => t.severity === 'CRITICAL')
+    .slice(0, 5)
+    .map(t => `• ${t.message}`)
+    .join('\n');
+
+  return {
+    blocks: [
+      {
+        type: 'header',
+        text: {
+          type: 'plain_text',
+          text: `${emoji} MUAD'DIB Security Scan`
+        }
+      },
+      {
+        type: 'section',
+        fields: [
+          {
+            type: 'mrkdwn',
+            text: `*Cible:*\n${target}`
+          },
+          {
+            type: 'mrkdwn',
+            text: `*Score:*\n${summary.riskScore}/100 (${summary.riskLevel})`
+          }
+        ]
+      },
+      {
+        type: 'section',
+        fields: [
+          {
+            type: 'mrkdwn',
+            text: `*CRITICAL:* ${summary.critical}`
+          },
+          {
+            type: 'mrkdwn',
+            text: `*HIGH:* ${summary.high}`
+          },
+          {
+            type: 'mrkdwn',
+            text: `*MEDIUM:* ${summary.medium}`
+          },
+          {
+            type: 'mrkdwn',
+            text: `*Total:* ${summary.total}`
+          }
+        ]
+      }
+    ]
+  };
+}
+
+function formatGeneric(results) {
+  return {
+    tool: 'MUADDIB',
+    target: results.target,
+    timestamp: results.timestamp,
+    summary: results.summary,
+    threats: results.threats.map(t => ({
+      type: t.type,
+      severity: t.severity,
+      message: t.message,
+      file: t.file
+    }))
+  };
+}
+
+function send(url, payload) {
+  return new Promise((resolve, reject) => {
+    const urlObj = new URL(url);
+    const protocol = urlObj.protocol === 'https:' ? https : http;
+
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname + urlObj.search,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      }
+    };
+
+    const req = protocol.request(options, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          resolve({ success: true, status: res.statusCode });
+        } else {
+          reject(new Error(`Webhook failed: HTTP ${res.statusCode}`));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.write(JSON.stringify(payload));
+    req.end();
+  });
+}
+
+module.exports = { sendWebhook };

package/vscode-extension/.vscode/launch.json

@@ -0,0 +1,13 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Run Extension",
+      "type": "extensionHost",
+      "request": "launch",
+      "args": [
+        "--extensionDevelopmentPath=${workspaceFolder}"
+      ]
+    }
+  ]
+}

package/vscode-extension/extension.js

@@ -0,0 +1,264 @@
+const vscode = require('vscode');
+const { exec } = require('child_process');
+const path = require('path');
+
+let diagnosticCollection;
+
+function activate(context) {
+  console.log('MUAD\'DIB Security Scanner active');
+
+  // Collection de diagnostics pour afficher les erreurs
+  diagnosticCollection = vscode.languages.createDiagnosticCollection('muaddib');
+  context.subscriptions.push(diagnosticCollection);
+
+  // Commande: Scanner le projet
+  const scanCommand = vscode.commands.registerCommand('muaddib.scan', async () => {
+    await scanProject();
+  });
+  context.subscriptions.push(scanCommand);
+
+  // Commande: Scanner le fichier actuel
+  const scanFileCommand = vscode.commands.registerCommand('muaddib.scanFile', async () => {
+    await scanCurrentFile();
+  });
+  context.subscriptions.push(scanFileCommand);
+
+  // Auto-scan a l'ouverture si active
+  const config = vscode.workspace.getConfiguration('muaddib');
+  if (config.get('autoScan')) {
+    scanProject();
+  }
+
+  // Re-scan quand package.json change
+  const watcher = vscode.workspace.createFileSystemWatcher('**/package.json');
+  watcher.onDidChange(() => {
+    const config = vscode.workspace.getConfiguration('muaddib');
+    if (config.get('autoScan')) {
+      scanProject();
+    }
+  });
+  context.subscriptions.push(watcher);
+}
+
+async function scanProject() {
+  const workspaceFolder = vscode.workspace.workspaceFolders?.[0];
+  if (!workspaceFolder) {
+    vscode.window.showWarningMessage('MUAD\'DIB: Aucun projet ouvert');
+    return;
+  }
+
+  const projectPath = workspaceFolder.uri.fsPath;
+
+  vscode.window.withProgress({
+    location: vscode.ProgressLocation.Notification,
+    title: 'MUAD\'DIB: Scan en cours...',
+    cancellable: false
+  }, async () => {
+    return new Promise((resolve) => {
+      const config = vscode.workspace.getConfiguration('muaddib');
+      const webhookUrl = config.get('webhookUrl');
+      const failLevel = config.get('failLevel');
+
+      let cmd = `npx muaddib-scanner scan "${projectPath}" --json`;
+      if (webhookUrl) {
+        cmd += ` --webhook "${webhookUrl}"`;
+      }
+
+      exec(cmd, { maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+        try {
+          const result = JSON.parse(stdout);
+          displayResults(result, projectPath);
+        } catch (e) {
+          if (stdout.includes('Aucune menace')) {
+            vscode.window.showInformationMessage('MUAD\'DIB: Aucune menace detectee');
+            diagnosticCollection.clear();
+          } else {
+            vscode.window.showErrorMessage(`MUAD\'DIB: Erreur de scan - ${e.message}`);
+          }
+        }
+        resolve();
+      });
+    });
+  });
+}
+
+async function scanCurrentFile() {
+  const editor = vscode.window.activeTextEditor;
+  if (!editor) {
+    vscode.window.showWarningMessage('MUAD\'DIB: Aucun fichier ouvert');
+    return;
+  }
+
+  const filePath = editor.document.uri.fsPath;
+  if (!filePath.endsWith('.js') && !filePath.endsWith('.json')) {
+    vscode.window.showWarningMessage('MUAD\'DIB: Seuls les fichiers JS et JSON sont scannes');
+    return;
+  }
+
+  const dirPath = path.dirname(filePath);
+  
+  vscode.window.withProgress({
+    location: vscode.ProgressLocation.Notification,
+    title: 'MUAD\'DIB: Scan du fichier...',
+    cancellable: false
+  }, async () => {
+    return new Promise((resolve) => {
+      exec(`npx muaddib-scanner scan "${dirPath}" --json`, { maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+        try {
+          const result = JSON.parse(stdout);
+          // Filtrer les menaces pour ce fichier seulement
+          const fileThreats = result.threats.filter(t => 
+            t.file === path.basename(filePath) || t.file.includes(path.basename(filePath))
+          );
+          if (fileThreats.length > 0) {
+            result.threats = fileThreats;
+            result.summary.total = fileThreats.length;
+            displayResults(result, dirPath);
+          } else {
+            vscode.window.showInformationMessage('MUAD\'DIB: Aucune menace dans ce fichier');
+          }
+        } catch (e) {
+          vscode.window.showInformationMessage('MUAD\'DIB: Aucune menace detectee');
+        }
+        resolve();
+      });
+    });
+  });
+}
+
+function displayResults(result, projectPath) {
+  const { threats, summary } = result;
+
+  // Clear previous diagnostics
+  diagnosticCollection.clear();
+
+  if (threats.length === 0) {
+    vscode.window.showInformationMessage('MUAD\'DIB: Aucune menace detectee');
+    return;
+  }
+
+  // Afficher le score
+  const scoreMessage = `MUAD'DIB: Score ${summary.riskScore}/100 (${summary.riskLevel}) - ${summary.total} menace(s)`;
+  
+  if (summary.riskLevel === 'CRITICAL' || summary.riskLevel === 'HIGH') {
+    vscode.window.showErrorMessage(scoreMessage, 'Voir details').then(selection => {
+      if (selection === 'Voir details') {
+        showDetailPanel(result);
+      }
+    });
+  } else {
+    vscode.window.showWarningMessage(scoreMessage, 'Voir details').then(selection => {
+      if (selection === 'Voir details') {
+        showDetailPanel(result);
+      }
+    });
+  }
+
+  // Creer les diagnostics pour chaque menace
+  const diagnosticsMap = new Map();
+
+  for (const threat of threats) {
+    const filePath = path.join(projectPath, threat.file);
+    const uri = vscode.Uri.file(filePath);
+
+    const severity = threat.severity === 'CRITICAL' ? vscode.DiagnosticSeverity.Error
+                   : threat.severity === 'HIGH' ? vscode.DiagnosticSeverity.Error
+                   : threat.severity === 'MEDIUM' ? vscode.DiagnosticSeverity.Warning
+                   : vscode.DiagnosticSeverity.Information;
+
+    const line = (threat.line || 1) - 1;
+    const range = new vscode.Range(line, 0, line, 100);
+
+    const diagnostic = new vscode.Diagnostic(
+      range,
+      `[${threat.severity}] ${threat.message}`,
+      severity
+    );
+    diagnostic.source = 'MUAD\'DIB';
+    diagnostic.code = threat.rule_id || threat.type;
+
+    if (!diagnosticsMap.has(uri.toString())) {
+      diagnosticsMap.set(uri.toString(), []);
+    }
+    diagnosticsMap.get(uri.toString()).push(diagnostic);
+  }
+
+  // Appliquer les diagnostics
+  for (const [uriString, diagnostics] of diagnosticsMap) {
+    diagnosticCollection.set(vscode.Uri.parse(uriString), diagnostics);
+  }
+}
+
+function showDetailPanel(result) {
+  const panel = vscode.window.createWebviewPanel(
+    'muaddibResults',
+    'MUAD\'DIB - Resultats',
+    vscode.ViewColumn.Two,
+    { enableScripts: true }
+  );
+
+  const { threats, summary } = result;
+
+  const threatRows = threats.map(t => `
+    <tr class="${t.severity.toLowerCase()}">
+      <td>${t.severity}</td>
+      <td>${t.type}</td>
+      <td>${t.message}</td>
+      <td>${t.file}</td>
+      <td>${t.playbook || '-'}</td>
+    </tr>
+  `).join('');
+
+  panel.webview.html = `
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, sans-serif; padding: 20px; background: #1e1e1e; color: #fff; }
+        h1 { color: #e94560; }
+        .score { font-size: 24px; margin: 20px 0; }
+        .critical { color: #e74c3c; }
+        .high { color: #e67e22; }
+        .medium { color: #f1c40f; }
+        .low { color: #3498db; }
+        table { width: 100%; border-collapse: collapse; margin-top: 20px; }
+        th, td { padding: 10px; text-align: left; border-bottom: 1px solid #333; }
+        th { background: #2d2d2d; color: #e94560; }
+        tr.critical { background: rgba(231, 76, 60, 0.2); }
+        tr.high { background: rgba(230, 126, 34, 0.2); }
+        tr.medium { background: rgba(241, 196, 15, 0.1); }
+      </style>
+    </head>
+    <body>
+      <h1>MUAD'DIB Security Scan</h1>
+      <div class="score">
+        Score: <strong>${summary.riskScore}/100</strong> 
+        (<span class="${summary.riskLevel.toLowerCase()}">${summary.riskLevel}</span>)
+      </div>
+      <p>CRITICAL: ${summary.critical} | HIGH: ${summary.high} | MEDIUM: ${summary.medium}</p>
+      <table>
+        <thead>
+          <tr>
+            <th>Severite</th>
+            <th>Type</th>
+            <th>Message</th>
+            <th>Fichier</th>
+            <th>Recommandation</th>
+          </tr>
+        </thead>
+        <tbody>
+          ${threatRows}
+        </tbody>
+      </table>
+    </body>
+    </html>
+  `;
+}
+
+function deactivate() {
+  if (diagnosticCollection) {
+    diagnosticCollection.dispose();
+  }
+}
+
+module.exports = { activate, deactivate };

package/vscode-extension/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "muaddib-vscode",
+  "displayName": "MUAD'DIB Security Scanner",
+  "description": "Detecte les attaques supply chain npm directement dans VS Code",
+  "version": "1.0.0",
+  "publisher": "dnszlsk",
+  "engines": {
+    "vscode": "^1.85.0"
+  },
+  "categories": [
+    "Linters",
+    "Other"
+  ],
+  "keywords": [
+    "security",
+    "npm",
+    "supply-chain",
+    "malware",
+    "scanner"
+  ],
+  "icon": "icon.png",
+  "activationEvents": [
+    "workspaceContains:package.json"
+  ],
+  "main": "./extension.js",
+  "contributes": {
+    "commands": [
+      {
+        "command": "muaddib.scan",
+        "title": "MUAD'DIB: Scan Project"
+      },
+      {
+        "command": "muaddib.scanFile",
+        "title": "MUAD'DIB: Scan Current File"
+      }
+    ],
+    "configuration": {
+      "title": "MUAD'DIB",
+      "properties": {
+        "muaddib.autoScan": {
+          "type": "boolean",
+          "default": true,
+          "description": "Scanner automatiquement a l'ouverture du projet"
+        },
+        "muaddib.webhookUrl": {
+          "type": "string",
+          "default": "",
+          "description": "URL du webhook Discord/Slack pour les alertes"
+        },
+        "muaddib.failLevel": {
+          "type": "string",
+          "enum": ["critical", "high", "medium", "low"],
+          "default": "high",
+          "description": "Niveau de severite pour afficher les alertes"
+        }
+      }
+    }
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DNSZLSK/muad-dib"
+  },
+  "license": "MIT"
+}

package/vscode-extension/vscode-extension/README.md

@@ -0,0 +1,44 @@
+# MUAD'DIB Security Scanner for VS Code
+
+Detecte les attaques supply chain npm directement dans VS Code.
+
+## Features
+
+- Scan automatique a l'ouverture d'un projet npm
+- Detection des packages malveillants (Shai-Hulud, event-stream, etc.)
+- Detection du typosquatting
+- Analyse AST et dataflow
+- Score de risque 0-100
+- Alertes Discord/Slack
+- Diagnostics inline dans l'editeur
+
+## Installation
+
+1. Installer l'extension depuis VS Code Marketplace
+2. Ouvrir un projet npm
+3. Le scan se lance automatiquement
+
+## Commandes
+
+- `MUAD'DIB: Scan Project` — Scanner tout le projet
+- `MUAD'DIB: Scan Current File` — Scanner le fichier actuel
+
+## Configuration
+
+- `muaddib.autoScan` — Scanner automatiquement (defaut: true)
+- `muaddib.webhookUrl` — URL webhook Discord/Slack
+- `muaddib.failLevel` — Niveau d'alerte (critical/high/medium/low)
+
+## Prerequis
+
+- Node.js >= 18
+- muaddib-scanner installe globalement : `npm install -g muaddib-scanner`
+```
+
+Sauvegarde.
+
+Ouvre `vscode-extension/.vscodeignore` et mets :
+```
+.git
+node_modules
+*.md

package/vscode-extension/vscode-extension/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "muaddib-vscode",
+  "displayName": "MUAD'DIB Security Scanner",
+  "description": "Detecte les attaques supply chain npm directement dans VS Code",
+  "version": "1.0.0",
+  "publisher": "dnszlsk",
+  "engines": {
+    "vscode": "^1.85.0"
+  },
+  "categories": [
+    "Linters",
+    "Other"
+  ],
+  "keywords": [
+    "security",
+    "npm",
+    "supply-chain",
+    "malware",
+    "scanner"
+  ],
+  "activationEvents": [
+    "workspaceContains:package.json"
+  ],
+  "main": "./extension.js",
+  "icon": "icon.png",
+  "contributes": {
+    "commands": [
+      {
+        "command": "muaddib.scan",
+        "title": "MUAD'DIB: Scan Project"
+      },
+      {
+        "command": "muaddib.scanFile",
+        "title": "MUAD'DIB: Scan Current File"
+      }
+    ],
+    "configuration": {
+      "title": "MUAD'DIB",
+      "properties": {
+        "muaddib.autoScan": {
+          "type": "boolean",
+          "default": true,
+          "description": "Scanner automatiquement a l'ouverture du projet"
+        },
+        "muaddib.webhookUrl": {
+          "type": "string",
+          "default": "",
+          "description": "URL du webhook Discord/Slack pour les alertes"
+        },
+        "muaddib.failLevel": {
+          "type": "string",
+          "enum": ["critical", "high", "medium", "low"],
+          "default": "high",
+          "description": "Niveau de severite pour afficher les alertes"
+        }
+      }
+    }
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DNSZLSK/muad-dib"
+  },
+  "license": "MIT"
+}