muaddib-scanner 1.2.7 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/action.yml +97 -0
  2. package/bin/muaddib.js +16 -1
  3. package/package.json +5 -5
  4. package/src/ioc/data/iocs.json +16018 -16018
  5. package/.claude/settings.local.json +0 -11
package/action.yml ADDED
@@ -0,0 +1,97 @@
1
+ name: 'MUAD''DIB Scanner'
2
+ description: 'Supply-chain threat detection and response for npm. Detects malicious packages, typosquatting, credential theft, and more.'
3
+ author: 'DNSZLSK'
4
+
5
+ branding:
6
+ icon: 'shield'
7
+ color: 'orange'
8
+
9
+ inputs:
10
+ path:
11
+ description: 'Path to the project to scan'
12
+ required: false
13
+ default: '.'
14
+ fail-on:
15
+ description: 'Minimum severity to fail the workflow (critical, high, medium, low)'
16
+ required: false
17
+ default: 'high'
18
+ sarif:
19
+ description: 'Generate SARIF output file at this path'
20
+ required: false
21
+ default: ''
22
+ paranoid:
23
+ description: 'Enable paranoid mode for ultra-strict detection'
24
+ required: false
25
+ default: 'false'
26
+
27
+ outputs:
28
+ sarif-file:
29
+ description: 'Path to the generated SARIF file (if sarif input was provided)'
30
+ value: ${{ steps.scan.outputs.sarif_file }}
31
+ risk-score:
32
+ description: 'Risk score from 0 to 100'
33
+ value: ${{ steps.scan.outputs.risk_score }}
34
+ threats-count:
35
+ description: 'Number of threats detected'
36
+ value: ${{ steps.scan.outputs.threats_count }}
37
+ exit-code:
38
+ description: 'Exit code of the scan (0 = clean, 1+ = threats found)'
39
+ value: ${{ steps.scan.outputs.exit_code }}
40
+
41
+ runs:
42
+ using: 'composite'
43
+ steps:
44
+ - name: Setup Node.js
45
+ uses: actions/setup-node@v4
46
+ with:
47
+ node-version: '20'
48
+
49
+ - name: Install MUAD'DIB
50
+ shell: bash
51
+ run: npm install -g muaddib-scanner
52
+
53
+ - name: Run MUAD'DIB scan
54
+ id: scan
55
+ shell: bash
56
+ run: |
57
+ # Build command
58
+ CMD="muaddib scan ${{ inputs.path }} --fail-on ${{ inputs.fail-on }}"
59
+
60
+ # Add SARIF output if requested
61
+ SARIF_PATH="${{ inputs.sarif }}"
62
+ if [ -n "$SARIF_PATH" ]; then
63
+ CMD="$CMD --sarif $SARIF_PATH"
64
+ echo "sarif_file=$SARIF_PATH" >> $GITHUB_OUTPUT
65
+ fi
66
+
67
+ # Add paranoid mode if enabled
68
+ if [ "${{ inputs.paranoid }}" = "true" ]; then
69
+ CMD="$CMD --paranoid"
70
+ fi
71
+
72
+ # Run scan and capture output
73
+ set +e
74
+ OUTPUT=$($CMD --json 2>&1)
75
+ EXIT_CODE=$?
76
+ set -e
77
+
78
+ # Extract metrics from JSON output
79
+ RISK_SCORE=$(echo "$OUTPUT" | grep -o '"score":[0-9]*' | head -1 | cut -d':' -f2 || echo "0")
80
+ THREATS_COUNT=$(echo "$OUTPUT" | grep -o '"threats":\[' | wc -l || echo "0")
81
+
82
+ echo "risk_score=$RISK_SCORE" >> $GITHUB_OUTPUT
83
+ echo "threats_count=$THREATS_COUNT" >> $GITHUB_OUTPUT
84
+ echo "exit_code=$EXIT_CODE" >> $GITHUB_OUTPUT
85
+
86
+ # Re-run without --json for human-readable output
87
+ $CMD || true
88
+
89
+ # Exit with the original code
90
+ exit $EXIT_CODE
91
+
92
+ - name: Upload SARIF to GitHub Security
93
+ if: inputs.sarif != '' && always()
94
+ uses: github/codeql-action/upload-sarif@v3
95
+ with:
96
+ sarif_file: ${{ inputs.sarif }}
97
+ continue-on-error: true
package/bin/muaddib.js CHANGED
@@ -1,4 +1,5 @@
1
- #!/usr/bin/env node
1
+ #!/usr/bin/env node
2
+ const { execSync } = require('child_process');
2
3
  const { run } = require('../src/index.js');
3
4
  const { updateIOCs } = require('../src/ioc/updater.js');
4
5
  const { watch } = require('../src/watch.js');
@@ -47,6 +48,20 @@ for (let i = 0; i < options.length; i++) {
47
48
  }
48
49
  }
49
50
 
51
+ // Version check (non-blocking, skip for machine-readable output)
52
+ if (!jsonOutput && !sarifOutput) {
53
+ try {
54
+ const currentVersion = require('../package.json').version;
55
+ const latest = execSync('npm view muaddib-scanner version', { timeout: 5000 }).toString().trim();
56
+ if (latest !== currentVersion) {
57
+ console.log(`\n[UPDATE] New version available: ${currentVersion} -> ${latest}`);
58
+ console.log(` Run: npm install -g muaddib-scanner@latest\n`);
59
+ }
60
+ } catch {
61
+ // No network or npm unavailable, skip silently
62
+ }
63
+ }
64
+
50
65
  // Interactive menu
51
66
  async function interactiveMenu() {
52
67
  const { select, input, confirm } = await import('@inquirer/prompts');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "muaddib-scanner",
3
- "version": "1.2.7",
3
+ "version": "1.3.0",
4
4
  "description": "Supply-chain threat detection & response for npm",
5
5
  "main": "src/index.js",
6
6
  "bin": {
@@ -37,16 +37,16 @@
37
37
  "node": ">=18.0.0"
38
38
  },
39
39
  "dependencies": {
40
- "@inquirer/prompts": "8.1.0",
41
- "acorn": "8.14.0",
40
+ "@inquirer/prompts": "8.2.0",
41
+ "acorn": "8.15.0",
42
42
  "acorn-walk": "8.3.4",
43
43
  "chalk": "5.6.2",
44
- "js-yaml": "4.1.0",
44
+ "js-yaml": "4.1.1",
45
45
  "yargs": "18.0.0"
46
46
  },
47
47
  "devDependencies": {
48
48
  "@eslint/js": "9.39.2",
49
49
  "eslint": "9.39.2",
50
- "globals": "17.0.0"
50
+ "globals": "17.3.0"
51
51
  }
52
52
  }