muaddib-scanner 2.1.3 → 2.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/iocs.json.gz +0 -0
  2. package/package.json +1 -1
  3. package/src/ioc/bootstrap.js +2 -1
  4. package/src/ioc/updater.js +18 -1
package/iocs.json.gz ADDED
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "muaddib-scanner",
3
- "version": "2.1.3",
3
+ "version": "2.1.5",
4
4
  "description": "Supply-chain threat detection & response for npm & PyPI/Python",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/ioc/bootstrap.js CHANGED
@@ -23,7 +23,8 @@ const MAX_REDIRECTS = 5;
23
23
  // Allowed redirect domains (SSRF protection)
24
24
  const ALLOWED_REDIRECT_DOMAINS = [
25
25
  'github.com',
26
- 'objects.githubusercontent.com'
26
+ 'objects.githubusercontent.com',
27
+ 'release-assets.githubusercontent.com'
27
28
  ];
28
29
 
29
30
  /**
package/src/ioc/updater.js CHANGED
@@ -57,6 +57,23 @@ async function updateIOCs() {
57
57
  mergeIOCs(baseIOCs, githubIOCs);
58
58
  console.log(' +' + shaiHulud.packages.length + ' GenSecAI, +' + datadog.packages.length + ' DataDog');
59
59
 
60
+ // Step 3b: Load existing cache IOCs (from bootstrap download or previous update)
61
+ if (fs.existsSync(CACHE_IOC_FILE)) {
62
+ try {
63
+ const existingCache = JSON.parse(fs.readFileSync(CACHE_IOC_FILE, 'utf8'));
64
+ const before = baseIOCs.packages.length;
65
+ const beforePyPI = (baseIOCs.pypi_packages || []).length;
66
+ mergeIOCs(baseIOCs, existingCache);
67
+ const addedNpm = baseIOCs.packages.length - before;
68
+ const addedPyPI = (baseIOCs.pypi_packages || []).length - beforePyPI;
69
+ if (addedNpm > 0 || addedPyPI > 0) {
70
+ console.log(' +' + addedNpm + ' npm, +' + addedPyPI + ' PyPI from existing cache');
71
+ }
72
+ } catch (e) {
73
+ console.log('[WARN] Failed to load existing cache: ' + e.message);
74
+ }
75
+ }
76
+
60
77
  // Step 4: Merge and save to cache (~/.muaddib/data/ — persists across npm updates)
61
78
  if (!fs.existsSync(HOME_DATA_PATH)) {
62
79
  fs.mkdirSync(HOME_DATA_PATH, { recursive: true });
@@ -72,7 +89,7 @@ async function updateIOCs() {
72
89
  }
73
90
 
74
91
  baseIOCs.updated = new Date().toISOString();
75
- baseIOCs.sources = ['compact', 'yaml', 'shai-hulud-detector', 'datadog'];
92
+ baseIOCs.sources = ['compact', 'yaml', 'shai-hulud-detector', 'datadog', 'cache'];
76
93
 
77
94
  // Clean internal dedup sets before serialization
78
95
  delete baseIOCs._pkgKeys;