muaddib-scanner 2.10.48 → 2.10.49

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.48",
+  "version": "2.10.49",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/monitor/daemon.js

@@ -411,6 +411,14 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
   process.on('SIGINT', () => gracefulShutdown('SIGINT'));
   process.on('SIGTERM', () => gracefulShutdown('SIGTERM'));
 
+  // ─── Deferred sandbox worker ───
+  // Started BEFORE the first processQueue so it can process T1b/T2 packages
+  // that get deferred during the initial batch (which blocks for 30min-2h).
+  if (isSandboxEnabled() && sandboxAvailableRef.value) {
+    startDeferredWorker(stats);
+    console.log('[MONITOR] Deferred sandbox worker started (30s interval, dedicated slot)');
+  }
+
   // Initial poll + scan (sequential for first run)
   await poll(state, scanQueue, stats);
   saveState(state, stats);
@@ -448,14 +456,6 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
     persistDeferredQueue(); // Piggyback: persist deferred sandbox queue on same interval
   }, QUEUE_PERSIST_INTERVAL);
 
-  // ─── Deferred sandbox worker ───
-  // Retries T1b/T2 packages that were skipped when sandbox slots were full.
-  // Runs every 30s, processes at most 1 item per tick, yields to T1a.
-  if (isSandboxEnabled() && sandboxAvailableRef.value) {
-    startDeferredWorker(stats);
-    console.log('[MONITOR] Deferred sandbox worker started (30s interval, T1a-safe)');
-  }
-
   // ─── Continuous processing loop ───
   // Consumes scanQueue independently of polling. Workers inside processQueue
   // check scanQueue.length > 0 after each item, so items added by a concurrent