muaddib-scanner 1.4.1 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.fr.md +24 -4
- package/README.md +21 -1
- package/eslint.config.mjs +17 -2
- package/package.json +2 -1
- package/src/ioc/data/iocs.json +1 -1
package/README.fr.md
CHANGED
|
@@ -246,13 +246,21 @@ Ajoutez a `.pre-commit-config.yaml`:
|
|
|
246
246
|
```yaml
|
|
247
247
|
repos:
|
|
248
248
|
- repo: https://github.com/DNSZLSK/muad-dib
|
|
249
|
-
rev: v1.
|
|
249
|
+
rev: v1.4.1
|
|
250
250
|
hooks:
|
|
251
251
|
- id: muaddib-scan # Scanner toutes les menaces
|
|
252
252
|
# - id: muaddib-diff # Ou: seulement les nouvelles
|
|
253
253
|
# - id: muaddib-paranoid # Ou: mode ultra-strict
|
|
254
254
|
```
|
|
255
255
|
|
|
256
|
+
#### Supprimer les hooks
|
|
257
|
+
|
|
258
|
+
```bash
|
|
259
|
+
muaddib remove-hooks [path]
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
Supprime tous les hooks MUAD'DIB (husky et git natif).
|
|
263
|
+
|
|
256
264
|
#### Avec husky
|
|
257
265
|
|
|
258
266
|
```bash
|
|
@@ -261,6 +269,10 @@ npx husky add .husky/pre-commit "npx muaddib scan . --fail-on high"
|
|
|
261
269
|
npx husky add .husky/pre-commit "npx muaddib diff HEAD --fail-on high"
|
|
262
270
|
```
|
|
263
271
|
|
|
272
|
+
### Version check
|
|
273
|
+
|
|
274
|
+
MUAD'DIB verifie automatiquement les nouvelles versions au demarrage et vous notifie si une mise a jour est disponible.
|
|
275
|
+
|
|
264
276
|
---
|
|
265
277
|
|
|
266
278
|
## Features
|
|
@@ -446,7 +458,7 @@ Editez les fichiers YAML dans `iocs/` :
|
|
|
446
458
|
mitre: T1195.002
|
|
447
459
|
```
|
|
448
460
|
|
|
449
|
-
###
|
|
461
|
+
### Developper
|
|
450
462
|
|
|
451
463
|
```bash
|
|
452
464
|
git clone https://github.com/DNSZLSK/muad-dib
|
|
@@ -455,6 +467,13 @@ npm install
|
|
|
455
467
|
npm test
|
|
456
468
|
```
|
|
457
469
|
|
|
470
|
+
### Tests
|
|
471
|
+
|
|
472
|
+
- **145 tests unitaires/integration** — 80% coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
|
|
473
|
+
- **56 tests de fuzzing** — YAML malformé, JSON invalide, fichiers binaires, ReDoS, unicode, inputs 10MB
|
|
474
|
+
- **15 tests adversariaux** — Packages malveillants simulés, taux de détection 15/15
|
|
475
|
+
- **Audit ESLint securité** — `eslint-plugin-security` avec 14 règles activées
|
|
476
|
+
|
|
458
477
|
---
|
|
459
478
|
|
|
460
479
|
## Communauté
|
|
@@ -465,8 +484,9 @@ npm test
|
|
|
465
484
|
|
|
466
485
|
## Documentation
|
|
467
486
|
|
|
468
|
-
- [Threat Model](docs/threat-model.md) - Ce que MUAD'DIB
|
|
469
|
-
- [
|
|
487
|
+
- [Threat Model](docs/threat-model.md) - Ce que MUAD'DIB detecte et ne detecte pas
|
|
488
|
+
- [Rapport d'audit securité v1.4.1](docs/MUADDIB_Security_Audit_Report_v1.4.1.pdf) - Audit complet (58 issues corrigees)
|
|
489
|
+
- [IOCs YAML](iocs/) - Base de donnees des menaces
|
|
470
490
|
|
|
471
491
|
---
|
|
472
492
|
|
package/README.md
CHANGED
|
@@ -264,7 +264,7 @@ Add to `.pre-commit-config.yaml`:
|
|
|
264
264
|
```yaml
|
|
265
265
|
repos:
|
|
266
266
|
- repo: https://github.com/DNSZLSK/muad-dib
|
|
267
|
-
rev: v1.
|
|
267
|
+
rev: v1.4.1
|
|
268
268
|
hooks:
|
|
269
269
|
- id: muaddib-scan # Scan all threats
|
|
270
270
|
# - id: muaddib-diff # Or: only new threats
|
|
@@ -279,6 +279,14 @@ npx husky add .husky/pre-commit "npx muaddib scan . --fail-on high"
|
|
|
279
279
|
npx husky add .husky/pre-commit "npx muaddib diff HEAD --fail-on high"
|
|
280
280
|
```
|
|
281
281
|
|
|
282
|
+
#### Remove hooks
|
|
283
|
+
|
|
284
|
+
```bash
|
|
285
|
+
muaddib remove-hooks [path]
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
Removes all MUAD'DIB hooks (husky and git native).
|
|
289
|
+
|
|
282
290
|
#### Native git hooks
|
|
283
291
|
|
|
284
292
|
```bash
|
|
@@ -286,6 +294,10 @@ muaddib init-hooks --type git
|
|
|
286
294
|
# Creates .git/hooks/pre-commit
|
|
287
295
|
```
|
|
288
296
|
|
|
297
|
+
### Version check
|
|
298
|
+
|
|
299
|
+
MUAD'DIB automatically checks for new versions on startup and notifies you if an update is available.
|
|
300
|
+
|
|
289
301
|
---
|
|
290
302
|
|
|
291
303
|
## Features
|
|
@@ -480,6 +492,13 @@ npm install
|
|
|
480
492
|
npm test
|
|
481
493
|
```
|
|
482
494
|
|
|
495
|
+
### Testing
|
|
496
|
+
|
|
497
|
+
- **145 unit/integration tests** — 80% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
|
|
498
|
+
- **56 fuzz tests** — Malformed YAML, invalid JSON, binary files, ReDoS, unicode, 10MB inputs
|
|
499
|
+
- **15 adversarial tests** — Simulated malicious packages, 15/15 detection rate
|
|
500
|
+
- **ESLint security audit** — `eslint-plugin-security` with 14 rules enabled
|
|
501
|
+
|
|
483
502
|
---
|
|
484
503
|
|
|
485
504
|
## Community
|
|
@@ -491,6 +510,7 @@ npm test
|
|
|
491
510
|
## Documentation
|
|
492
511
|
|
|
493
512
|
- [Threat Model](docs/threat-model.md) - What MUAD'DIB detects and doesn't detect
|
|
513
|
+
- [Security Audit Report v1.4.1](docs/MUADDIB_Security_Audit_Report_v1.4.1.pdf) - Full security audit (58 issues fixed)
|
|
494
514
|
- [IOCs YAML](iocs/) - Threat database
|
|
495
515
|
|
|
496
516
|
---
|
package/eslint.config.mjs
CHANGED
|
@@ -1,17 +1,32 @@
|
|
|
1
1
|
import js from "@eslint/js";
|
|
2
2
|
import globals from "globals";
|
|
3
|
+
import security from "eslint-plugin-security";
|
|
3
4
|
import { defineConfig } from "eslint/config";
|
|
4
5
|
|
|
5
6
|
export default defineConfig([
|
|
6
7
|
{
|
|
7
8
|
files: ["**/*.{js,mjs,cjs}"],
|
|
8
|
-
plugins: { js },
|
|
9
|
+
plugins: { js, security },
|
|
9
10
|
extends: ["js/recommended"],
|
|
10
11
|
languageOptions: {
|
|
11
12
|
globals: globals.node
|
|
12
13
|
},
|
|
13
14
|
rules: {
|
|
14
|
-
"no-unused-vars": ["error", { "argsIgnorePattern": "^_", "varsIgnorePattern": "^_" }]
|
|
15
|
+
"no-unused-vars": ["error", { "argsIgnorePattern": "^_", "varsIgnorePattern": "^_" }],
|
|
16
|
+
"security/detect-buffer-noassert": "warn",
|
|
17
|
+
"security/detect-child-process": "warn",
|
|
18
|
+
"security/detect-disable-mustache-escape": "warn",
|
|
19
|
+
"security/detect-eval-with-expression": "warn",
|
|
20
|
+
"security/detect-new-buffer": "warn",
|
|
21
|
+
"security/detect-no-csrf-before-method-override": "warn",
|
|
22
|
+
"security/detect-non-literal-fs-filename": "warn",
|
|
23
|
+
"security/detect-non-literal-regexp": "warn",
|
|
24
|
+
"security/detect-non-literal-require": "warn",
|
|
25
|
+
"security/detect-object-injection": "warn",
|
|
26
|
+
"security/detect-possible-timing-attacks": "warn",
|
|
27
|
+
"security/detect-pseudoRandomBytes": "warn",
|
|
28
|
+
"security/detect-unsafe-regex": "warn",
|
|
29
|
+
"security/detect-bidi-characters": "warn"
|
|
15
30
|
}
|
|
16
31
|
},
|
|
17
32
|
{
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "muaddib-scanner",
|
|
3
|
-
"version": "1.4.
|
|
3
|
+
"version": "1.4.2",
|
|
4
4
|
"description": "Supply-chain threat detection & response for npm",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -47,6 +47,7 @@
|
|
|
47
47
|
"devDependencies": {
|
|
48
48
|
"@eslint/js": "9.39.2",
|
|
49
49
|
"eslint": "9.39.2",
|
|
50
|
+
"eslint-plugin-security": "^3.0.1",
|
|
50
51
|
"globals": "17.3.0"
|
|
51
52
|
}
|
|
52
53
|
}
|
package/src/ioc/data/iocs.json
CHANGED
|
@@ -17564,7 +17564,7 @@
|
|
|
17564
17564
|
"pigS3cr3ts.json"
|
|
17565
17565
|
],
|
|
17566
17566
|
"files": [],
|
|
17567
|
-
"updated": "2026-02-
|
|
17567
|
+
"updated": "2026-02-09T23:17:51.587Z",
|
|
17568
17568
|
"sources": [
|
|
17569
17569
|
"shai-hulud-detector",
|
|
17570
17570
|
"datadog-consolidated",
|