muaddib-scanner 2.10.77 → 2.10.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/monitor/queue.js +3 -1
  3. package/src/monitor/webhook.js +4 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "muaddib-scanner",
3
- "version": "2.10.77",
3
+ "version": "2.10.78",
4
4
  "description": "Supply-chain threat detection & response for npm & PyPI/Python",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/monitor/queue.js CHANGED
@@ -804,7 +804,6 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
804
804
  appendDetection(name, version, ecosystem, findingTypes, maxSeverity);
805
805
  recordTrainingSample(result, { name, version, ecosystem, label: 'suspect', tier, sandboxResult, registryMeta: meta, unpackedSize: meta.unpackedSize, npmRegistryMeta, fileCountTotal, hasTests });
806
806
 
807
- dailyAlerts.push({ name, version, ecosystem, findingsCount: result.summary.total, tier });
808
807
  // Persist alert locally for ALL suspects (independent of webhook filtering)
809
808
  const alertData = buildAlertData(name, version, ecosystem, result, sandboxResult);
810
809
  persistAlert(name, version, ecosystem, alertData);
@@ -832,6 +831,9 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
832
831
  } else if (ecosystem === 'npm' && hasHighConfidenceThreat(result)) {
833
832
  console.log(`[MONITOR] REPUTATION BYPASS: ${name} has high-confidence threat — using raw score`);
834
833
  }
834
+
835
+ // Record daily alert with post-reputation score for top suspects ranking
836
+ dailyAlerts.push({ name, version, ecosystem, findingsCount: result.summary.total, score: adjustedResult.summary.riskScore || 0, tier });
835
837
  // LLM Detective: AI-powered analysis for T1a/T1b suspects
836
838
  let llmResult = null;
837
839
  if ((tier === '1a' || tier === '1b') && (adjustedResult.summary.riskScore || 0) >= 25) {
package/src/monitor/webhook.js CHANGED
@@ -794,7 +794,7 @@ function buildDailyReportEmbed(stats, dailyAlerts) {
794
794
 
795
795
  // Prefer in-memory dailyAlerts for top suspects (richer data), fallback to disk
796
796
  const top3 = dailyAlerts.length > 0
797
- ? dailyAlerts.slice().sort((a, b) => b.findingsCount - a.findingsCount).slice(0, 3)
797
+ ? dailyAlerts.slice().sort((a, b) => (b.score || 0) - (a.score || 0) || b.findingsCount - a.findingsCount).slice(0, 3)
798
798
  : diskTop3;
799
799
 
800
800
  const top3Text = top3.length > 0
@@ -802,7 +802,8 @@ function buildDailyReportEmbed(stats, dailyAlerts) {
802
802
  const name = a.ecosystem ? `${a.ecosystem}/${a.name || a.package}` : (a.name || a.package);
803
803
  const version = a.version || 'N/A';
804
804
  const count = a.findingsCount || (a.findings ? a.findings.length : 0);
805
- return `${i + 1}. **${name}@${version}** ${count} finding(s)`;
805
+ const scoreText = a.score != null ? `score ${a.score}, ` : '';
806
+ return `${i + 1}. **${name}@${version}** — ${scoreText}${count} finding(s)`;
806
807
  }).join('\n')
807
808
  : 'None';
808
809
 
@@ -946,7 +947,7 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
946
947
  deferredProcessed: stats.deferredProcessed || 0,
947
948
  deferredExpired: stats.deferredExpired || 0,
948
949
  changesStreamPackages: stats.changesStreamPackages || 0,
949
- topSuspects: dailyAlerts.slice().sort((a, b) => b.findingsCount - a.findingsCount).slice(0, 10)
950
+ topSuspects: dailyAlerts.slice().sort((a, b) => (b.score || 0) - (a.score || 0) || b.findingsCount - a.findingsCount).slice(0, 10)
950
951
  });
951
952
 
952
953
  // Send webhook only if configured