muaddib-scanner 2.11.113 → 2.11.115

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/audit-data/adjudication-2026-06-14.json +56 -0
  2. package/audit-data/fpr-baseline-2026-06-14.json +2648 -0
  3. package/package.json +1 -1
  4. package/{self-scan-v2.11.113.json → self-scan-v2.11.115.json} +18 -13
  5. package/src/intent-graph.js +34 -192
  6. package/src/pipeline/executor.js +5 -1
  7. package/src/pipeline/processor.js +15 -7
  8. package/src/scanner/ast-detectors/handle-post-walk.js +9 -2
  9. package/src/scanner/module-graph/annotate-sinks.js +8 -5
  10. package/src/scanner/module-graph/constants.js +10 -1
  11. package/src/scanner/module-graph/detect-cross-file.js +56 -4
  12. package/src/scanner/module-graph/index.js +2 -2
  13. package/src/scanner/module-graph/parse-utils.js +13 -1
  14. package/src/scoring.js +41 -0
  15. package/src/sdk-destination.js +328 -0
package/audit-data/fpr-baseline-2026-06-14.json ADDED
@@ -0,0 +1,2648 @@
1
+ {
2
+ "meta": {
3
+ "period": "2026-06-14",
4
+ "method": "blind adjudication via deterministic sink-extraction (evidence.js) + deep-read of every anomalous-sink candidate + spot-checks; archive-only tarballs; do not trust scanner labels",
5
+ "sample": {
6
+ "credential_distinct_with_tarball": 801,
7
+ "lifecycle_distinct_with_tarball": 403,
8
+ "sampled_credential": 54,
9
+ "sampled_lifecycle": 54,
10
+ "union": 105,
11
+ "ecosystem": "npm"
12
+ },
13
+ "interpretation": "per-rule ALERT precision = FP rate among SUSPECTS where the rule fired (NOT full-population FPR; benign denominator needs corpus, absent)",
14
+ "result": {
15
+ "overall": {
16
+ "n": 105,
17
+ "TP": 2,
18
+ "FP": 102,
19
+ "UNCERTAIN": 1,
20
+ "fp_rate": "97.1%"
21
+ },
22
+ "credential": {
23
+ "n": 54,
24
+ "fp_rate": "94.4%",
25
+ "low": "100%",
26
+ "mid": "100%",
27
+ "high": "83.3%"
28
+ },
29
+ "lifecycle": {
30
+ "n": 54,
31
+ "fp_rate": "98.1%",
32
+ "low": "100%",
33
+ "mid": "100%",
34
+ "high": "94.4%"
35
+ }
36
+ }
37
+ },
38
+ "results": [
39
+ {
40
+ "name": "polygram",
41
+ "version": "0.12.0-rc.38",
42
+ "score": 22,
43
+ "band": "low",
44
+ "clusters": [
45
+ "credential"
46
+ ],
47
+ "flagged_rules": [
48
+ "string_mutation_obfuscation",
49
+ "credential_regex_harvest",
50
+ "env_access",
51
+ "ai_agent_abuse",
52
+ "mcp_config_injection",
53
+ "suspicious_dataflow",
54
+ "high_entropy_string"
55
+ ],
56
+ "verdict": "FP",
57
+ "sink": false,
58
+ "hosts": [
59
+ "code.claude.com",
60
+ "api.telegram.org",
61
+ "...'",
62
+ ","
63
+ ],
64
+ "note": null
65
+ },
66
+ {
67
+ "name": "@vtex/gatsby-theme-vtex",
68
+ "version": "0.202.2",
69
+ "score": 34,
70
+ "band": "low",
71
+ "clusters": [
72
+ "credential"
73
+ ],
74
+ "flagged_rules": [
75
+ "lifecycle_script",
76
+ "credential_regex_harvest",
77
+ "dependency_typosquat",
78
+ "dependency_typosquat_used",
79
+ "high_entropy_string",
80
+ "dependency_typosquat_require",
81
+ "typosquat_lifecycle"
82
+ ],
83
+ "verdict": "FP",
84
+ "sink": false,
85
+ "hosts": [
86
+ "www.w3.org",
87
+ "www.facebook.com",
88
+ "storecomponents.vtexassets.com",
89
+ "www.instagram.com"
90
+ ],
91
+ "note": null
92
+ },
93
+ {
94
+ "name": "@aion0/forge",
95
+ "version": "0.10.69",
96
+ "score": 33,
97
+ "band": "low",
98
+ "clusters": [
99
+ "credential"
100
+ ],
101
+ "flagged_rules": [
102
+ "lifecycle_script",
103
+ "dynamic_import",
104
+ "env_access",
105
+ "crypto_decipher",
106
+ "detached_process",
107
+ "credential_regex_harvest",
108
+ "suspicious_dataflow",
109
+ "lifecycle_dataflow"
110
+ ],
111
+ "verdict": "FP",
112
+ "sink": false,
113
+ "hosts": [
114
+ "...",
115
+ "raw.githubusercontent.com",
116
+ "api.telegram.org",
117
+ "api.github.com"
118
+ ],
119
+ "note": null
120
+ },
121
+ {
122
+ "name": "phewsh",
123
+ "version": "0.14.5",
124
+ "score": 24,
125
+ "band": "low",
126
+ "clusters": [
127
+ "credential"
128
+ ],
129
+ "flagged_rules": [
130
+ "credential_regex_harvest",
131
+ "env_access",
132
+ "string_mutation_obfuscation",
133
+ "ollama_local_llm",
134
+ "suspicious_dataflow"
135
+ ],
136
+ "verdict": "FP",
137
+ "sink": false,
138
+ "hosts": [
139
+ "www.youtube.com",
140
+ "api.github.com",
141
+ "news.ycombinator.com",
142
+ "youtube.com"
143
+ ],
144
+ "note": null
145
+ },
146
+ {
147
+ "name": "claude-code-memory-explorer",
148
+ "version": "0.6.0",
149
+ "score": 33,
150
+ "band": "low",
151
+ "clusters": [
152
+ "credential"
153
+ ],
154
+ "flagged_rules": [
155
+ "lifecycle_script",
156
+ "string_mutation_obfuscation",
157
+ "credential_regex_harvest",
158
+ "suspicious_dataflow",
159
+ "lifecycle_dataflow"
160
+ ],
161
+ "verdict": "FP",
162
+ "sink": false,
163
+ "hosts": [
164
+ "code.claude.com"
165
+ ],
166
+ "note": null
167
+ },
168
+ {
169
+ "name": "powerdevbox-admin",
170
+ "version": "0.1.2",
171
+ "score": 20,
172
+ "band": "low",
173
+ "clusters": [
174
+ "credential"
175
+ ],
176
+ "flagged_rules": [
177
+ "credential_regex_harvest",
178
+ "dynamic_import"
179
+ ],
180
+ "verdict": "FP",
181
+ "sink": false,
182
+ "hosts": [
183
+ "make.powerautomate.com",
184
+ "make.powerapps.com",
185
+ "copilotstudio.microsoft.com",
186
+ "service.powerapps.com"
187
+ ],
188
+ "note": null
189
+ },
190
+ {
191
+ "name": "windmill-cli",
192
+ "version": "1.723.0",
193
+ "score": 20,
194
+ "band": "low",
195
+ "clusters": [
196
+ "credential"
197
+ ],
198
+ "flagged_rules": [
199
+ "dynamic_import",
200
+ "sandbox_evasion",
201
+ "env_charcode_reconstruction",
202
+ "env_access",
203
+ "prototype_pollution",
204
+ "prototype_hook",
205
+ "string_mutation_obfuscation",
206
+ "dangerous_call_function",
207
+ "remote_code_load",
208
+ "credential_regex_harvest",
209
+ "stream_credential_intercept",
210
+ "proxy_data_intercept"
211
+ ],
212
+ "verdict": "FP",
213
+ "sink": false,
214
+ "hosts": [
215
+ "$",
216
+ "localhost:8000",
217
+ "www.windmill.dev",
218
+ "app.windmill.dev"
219
+ ],
220
+ "note": null
221
+ },
222
+ {
223
+ "name": "coc-tsserver-dev",
224
+ "version": "2.3.2",
225
+ "score": 22,
226
+ "band": "low",
227
+ "clusters": [
228
+ "credential"
229
+ ],
230
+ "flagged_rules": [
231
+ "lifecycle_script",
232
+ "env_charcode_reconstruction",
233
+ "env_access",
234
+ "credential_regex_harvest",
235
+ "suspicious_dataflow"
236
+ ],
237
+ "verdict": "FP",
238
+ "sink": false,
239
+ "hosts": [
240
+ "go.microsoft.com",
241
+ "code.visualstudio.com",
242
+ "www.typescriptlang.org"
243
+ ],
244
+ "note": null
245
+ },
246
+ {
247
+ "name": "@pushchain/core",
248
+ "version": "6.0.18",
249
+ "score": 21,
250
+ "band": "low",
251
+ "clusters": [
252
+ "credential"
253
+ ],
254
+ "flagged_rules": [
255
+ "blockchain_rpc_endpoint",
256
+ "blockchain_c2_resolution",
257
+ "credential_regex_harvest"
258
+ ],
259
+ "verdict": "FP",
260
+ "sink": false,
261
+ "hosts": [
262
+ "push.org",
263
+ "chainagnostic.org",
264
+ "namespaces.chainagnostic.org",
265
+ "explorer.push.org',"
266
+ ],
267
+ "note": null
268
+ },
269
+ {
270
+ "name": "@tdic/vibe-cloud",
271
+ "version": "0.2.0",
272
+ "score": 25,
273
+ "band": "low",
274
+ "clusters": [
275
+ "credential"
276
+ ],
277
+ "flagged_rules": [
278
+ "env_access",
279
+ "credential_regex_harvest",
280
+ "proxy_data_intercept"
281
+ ],
282
+ "verdict": "FP",
283
+ "sink": false,
284
+ "hosts": [
285
+ "proxy.test",
286
+ "llm.test"
287
+ ],
288
+ "note": null
289
+ },
290
+ {
291
+ "name": "@msssystems/mss-crypto-wasm",
292
+ "version": "0.1.21",
293
+ "score": 22,
294
+ "band": "low",
295
+ "clusters": [
296
+ "credential"
297
+ ],
298
+ "flagged_rules": [
299
+ "lifecycle_script",
300
+ "credential_regex_harvest"
301
+ ],
302
+ "verdict": "FP",
303
+ "sink": false,
304
+ "hosts": [],
305
+ "note": null
306
+ },
307
+ {
308
+ "name": "@steedos/objectql",
309
+ "version": "3.0.15-beta.10",
310
+ "score": 33,
311
+ "band": "low",
312
+ "clusters": [
313
+ "credential"
314
+ ],
315
+ "flagged_rules": [
316
+ "credential_regex_harvest",
317
+ "env_access",
318
+ "dangerous_call_function",
319
+ "vm_code_execution",
320
+ "vm_dynamic_code",
321
+ "dangerous_call_eval",
322
+ "string_mutation_obfuscation",
323
+ "dynamic_require",
324
+ "require_cache_poison",
325
+ "suspicious_dataflow",
326
+ "typosquat_detected",
327
+ "intent_credential_exfil"
328
+ ],
329
+ "verdict": "FP",
330
+ "sink": false,
331
+ "hosts": [
332
+ "developer.steedos.com",
333
+ "127.0.0.1$1"
334
+ ],
335
+ "note": null
336
+ },
337
+ {
338
+ "name": "@arcgis/core",
339
+ "version": "5.1.0-next.129",
340
+ "score": 25,
341
+ "band": "low",
342
+ "clusters": [
343
+ "credential"
344
+ ],
345
+ "flagged_rules": [
346
+ "dangerous_call_function",
347
+ "possible_obfuscation",
348
+ "wasm_standalone",
349
+ "credential_regex_harvest",
350
+ "remote_code_load",
351
+ "finalization_registry_exec",
352
+ "prototype_pollution",
353
+ "dangerous_exec",
354
+ "obfuscation_detected",
355
+ "high_entropy_string",
356
+ "large_package_graph_truncated"
357
+ ],
358
+ "verdict": "FP",
359
+ "sink": false,
360
+ "hosts": [
361
+ "js.arcgis.com",
362
+ "developers.arcgis.com",
363
+ "www.arcgis.com",
364
+ "www.esri.com"
365
+ ],
366
+ "note": null
367
+ },
368
+ {
369
+ "name": "amis-rev-core",
370
+ "version": "6.13.0",
371
+ "score": 34,
372
+ "band": "low",
373
+ "clusters": [
374
+ "credential"
375
+ ],
376
+ "flagged_rules": [
377
+ "prototype_pollution",
378
+ "dangerous_call_eval",
379
+ "dangerous_call_function",
380
+ "credential_regex_harvest",
381
+ "dangerous_exec"
382
+ ],
383
+ "verdict": "FP",
384
+ "sink": false,
385
+ "hosts": [
386
+ "developer.mozilla.org",
387
+ "stackoverflow.com",
388
+ "aisuda.bce.baidu.com",
389
+ "tc39.es"
390
+ ],
391
+ "note": null
392
+ },
393
+ {
394
+ "name": "@peopl-health/nexus",
395
+ "version": "4.5.28",
396
+ "score": 22,
397
+ "band": "low",
398
+ "clusters": [
399
+ "credential"
400
+ ],
401
+ "flagged_rules": [
402
+ "env_access",
403
+ "credential_regex_harvest",
404
+ "crypto_decipher",
405
+ "possible_obfuscation",
406
+ "suspicious_dataflow"
407
+ ],
408
+ "verdict": "FP",
409
+ "sink": false,
410
+ "hosts": [
411
+ "www.w3.org",
412
+ "picsum.photos",
413
+ "messaging.twilio.com",
414
+ "$"
415
+ ],
416
+ "note": null
417
+ },
418
+ {
419
+ "name": "@psifi/sdk-node",
420
+ "version": "1.126.1",
421
+ "score": 24,
422
+ "band": "low",
423
+ "clusters": [
424
+ "credential"
425
+ ],
426
+ "flagged_rules": [
427
+ "blockchain_rpc_endpoint",
428
+ "credential_regex_harvest",
429
+ "env_access",
430
+ "string_mutation_obfuscation",
431
+ "crypto_decipher",
432
+ "blockchain_c2_resolution",
433
+ "suspicious_dataflow"
434
+ ],
435
+ "verdict": "FP",
436
+ "sink": false,
437
+ "hosts": [
438
+ "psifi.app",
439
+ "api.mainnet-beta.solana.com';",
440
+ "api.mainnet-beta.solana.com',",
441
+ "test.solana.com',"
442
+ ],
443
+ "note": null
444
+ },
445
+ {
446
+ "name": "aicq-chat-plugin",
447
+ "version": "3.9.1",
448
+ "score": 28,
449
+ "band": "low",
450
+ "clusters": [
451
+ "credential"
452
+ ],
453
+ "flagged_rules": [
454
+ "lifecycle_script",
455
+ "credential_regex_harvest",
456
+ "suspicious_dataflow",
457
+ "high_entropy_string"
458
+ ],
459
+ "verdict": "FP",
460
+ "sink": false,
461
+ "hosts": [
462
+ "aicq.online';",
463
+ "aicq.online)",
464
+ "aicq.online",
465
+ "aicq.online')"
466
+ ],
467
+ "note": null
468
+ },
469
+ {
470
+ "name": "github-repo-manager-mcp",
471
+ "version": "1.0.0",
472
+ "score": 26,
473
+ "band": "low",
474
+ "clusters": [
475
+ "credential"
476
+ ],
477
+ "flagged_rules": [
478
+ "env_access",
479
+ "credential_regex_harvest"
480
+ ],
481
+ "verdict": "FP",
482
+ "sink": false,
483
+ "hosts": [],
484
+ "note": null
485
+ },
486
+ {
487
+ "name": "@nextblock-cms/editor",
488
+ "version": "0.8.11",
489
+ "score": 36,
490
+ "band": "mid",
491
+ "clusters": [
492
+ "credential"
493
+ ],
494
+ "flagged_rules": [
495
+ "prototype_pollution",
496
+ "dangerous_call_eval",
497
+ "string_mutation_obfuscation",
498
+ "env_charcode_reconstruction",
499
+ "env_access",
500
+ "remote_code_load",
501
+ "credential_regex_harvest",
502
+ "proxy_data_intercept",
503
+ "suspicious_dataflow",
504
+ "high_entropy_string"
505
+ ],
506
+ "verdict": "FP",
507
+ "sink": false,
508
+ "hosts": [
509
+ "react.dev",
510
+ "prosemirror.net",
511
+ "www.w3.org",
512
+ "w3c.github.io"
513
+ ],
514
+ "note": null
515
+ },
516
+ {
517
+ "name": "litectx",
518
+ "version": "0.5.0",
519
+ "score": 36,
520
+ "band": "mid",
521
+ "clusters": [
522
+ "credential"
523
+ ],
524
+ "flagged_rules": [
525
+ "dynamic_import",
526
+ "credential_regex_harvest"
527
+ ],
528
+ "verdict": "FP",
529
+ "sink": false,
530
+ "hosts": [],
531
+ "note": null
532
+ },
533
+ {
534
+ "name": "@zcouncil/cli",
535
+ "version": "0.5.1",
536
+ "score": 35,
537
+ "band": "mid",
538
+ "clusters": [
539
+ "credential"
540
+ ],
541
+ "flagged_rules": [
542
+ "env_access",
543
+ "dynamic_import",
544
+ "credential_regex_harvest",
545
+ "string_mutation_obfuscation",
546
+ "prototype_hook",
547
+ "suspicious_dataflow",
548
+ "cross_file_dataflow"
549
+ ],
550
+ "verdict": "FP",
551
+ "sink": false,
552
+ "hosts": [
553
+ "api.openai.com",
554
+ "api.zcouncil.com",
555
+ "zcouncil.com",
556
+ "localhost:4321"
557
+ ],
558
+ "note": null
559
+ },
560
+ {
561
+ "name": "bansosdev",
562
+ "version": "0.1.0",
563
+ "score": 35,
564
+ "band": "mid",
565
+ "clusters": [
566
+ "credential"
567
+ ],
568
+ "flagged_rules": [
569
+ "env_access",
570
+ "credential_regex_harvest",
571
+ "suspicious_dataflow"
572
+ ],
573
+ "verdict": "FP",
574
+ "sink": false,
575
+ "hosts": [
576
+ "example.com",
577
+ "api.github.com"
578
+ ],
579
+ "note": null
580
+ },
581
+ {
582
+ "name": "@mokoconsulting/mcp-mokossh",
583
+ "version": "3.4.0",
584
+ "score": 40,
585
+ "band": "mid",
586
+ "clusters": [
587
+ "credential"
588
+ ],
589
+ "flagged_rules": [
590
+ "ssh_access",
591
+ "env_access",
592
+ "dangerous_call_exec",
593
+ "sensitive_string",
594
+ "dynamic_import",
595
+ "credential_regex_harvest",
596
+ "credential_tampering"
597
+ ],
598
+ "verdict": "FP",
599
+ "sink": false,
600
+ "hosts": [
601
+ "git-scm.com",
602
+ "git.mokoconsulting.tech",
603
+ "localhost:2586"
604
+ ],
605
+ "note": null
606
+ },
607
+ {
608
+ "name": "claude-rpc",
609
+ "version": "0.15.0",
610
+ "score": 35,
611
+ "band": "mid",
612
+ "clusters": [
613
+ "credential"
614
+ ],
615
+ "flagged_rules": [
616
+ "string_mutation_obfuscation",
617
+ "detached_process",
618
+ "silent_stealth_process",
619
+ "credential_regex_harvest",
620
+ "env_access",
621
+ "dangerous_call_exec",
622
+ "suspicious_dataflow",
623
+ "detached_credential_exfil"
624
+ ],
625
+ "verdict": "FP",
626
+ "sink": false,
627
+ "hosts": [
628
+ "www.w3.org",
629
+ "claude-rpc.vercel.app",
630
+ "claude-rpc-totals.claude-rpc.workers.dev",
631
+ "claude.com"
632
+ ],
633
+ "note": null
634
+ },
635
+ {
636
+ "name": "@eldwin-ai/extension-teamcity",
637
+ "version": "0.1.1",
638
+ "score": 69,
639
+ "band": "mid",
640
+ "clusters": [
641
+ "credential"
642
+ ],
643
+ "flagged_rules": [
644
+ "credential_regex_harvest",
645
+ "trusted_new_unknown_dependency"
646
+ ],
647
+ "verdict": "FP",
648
+ "sink": false,
649
+ "hosts": [
650
+ "company.okta.com",
651
+ "toolcity.megaleo.com"
652
+ ],
653
+ "note": null
654
+ },
655
+ {
656
+ "name": "@jintonyc/workq-mcp",
657
+ "version": "0.1.0",
658
+ "score": 47,
659
+ "band": "mid",
660
+ "clusters": [
661
+ "credential"
662
+ ],
663
+ "flagged_rules": [
664
+ "env_access",
665
+ "credential_regex_harvest",
666
+ "suspicious_dataflow"
667
+ ],
668
+ "verdict": "FP",
669
+ "sink": false,
670
+ "hosts": [
671
+ "work-q.nado.ai.kr"
672
+ ],
673
+ "note": null
674
+ },
675
+ {
676
+ "name": "@quasar/app-vite",
677
+ "version": "3.0.0-rc.1",
678
+ "score": 35,
679
+ "band": "mid",
680
+ "clusters": [
681
+ "credential"
682
+ ],
683
+ "flagged_rules": [
684
+ "dynamic_import",
685
+ "credential_regex_harvest",
686
+ "sensitive_string",
687
+ "string_mutation_obfuscation",
688
+ "env_access",
689
+ "dangerous_call_function",
690
+ "high_entropy_string"
691
+ ],
692
+ "verdict": "FP",
693
+ "sink": false,
694
+ "hosts": [
695
+ "www.electron.build",
696
+ "v2.quasar.dev",
697
+ "gist.github.com",
698
+ "quasar.dev"
699
+ ],
700
+ "note": null
701
+ },
702
+ {
703
+ "name": "abmp-npm",
704
+ "version": "10.3.9",
705
+ "score": 70,
706
+ "band": "mid",
707
+ "clusters": [
708
+ "credential",
709
+ "lifecycle"
710
+ ],
711
+ "flagged_rules": [
712
+ "lifecycle_script",
713
+ "credential_regex_harvest",
714
+ "string_mutation_obfuscation",
715
+ "suspicious_dataflow",
716
+ "typosquat_detected",
717
+ "trusted_new_dependency",
718
+ "lifecycle_typosquat",
719
+ "lifecycle_dataflow"
720
+ ],
721
+ "verdict": "FP",
722
+ "sink": false,
723
+ "hosts": [
724
+ "members.abmp.com",
725
+ "members-test.abmp.com",
726
+ "psdevteamenterpris.wixstudio.com",
727
+ "members.professionalassistcorp.com"
728
+ ],
729
+ "note": null
730
+ },
731
+ {
732
+ "name": "nowsecure-mcp-server",
733
+ "version": "1.0.1",
734
+ "score": 44,
735
+ "band": "mid",
736
+ "clusters": [
737
+ "credential"
738
+ ],
739
+ "flagged_rules": [
740
+ "env_access",
741
+ "string_mutation_obfuscation",
742
+ "credential_regex_harvest",
743
+ "suspicious_dataflow"
744
+ ],
745
+ "verdict": "FP",
746
+ "sink": false,
747
+ "hosts": [
748
+ "api.nowsecure.com).",
749
+ "www.linkedin.com",
750
+ "api.nowsecure.com"
751
+ ],
752
+ "note": null
753
+ },
754
+ {
755
+ "name": "contextdevkit",
756
+ "version": "2.6.3",
757
+ "score": 43,
758
+ "band": "mid",
759
+ "clusters": [
760
+ "credential"
761
+ ],
762
+ "flagged_rules": [
763
+ "string_mutation_obfuscation",
764
+ "sensitive_string",
765
+ "env_access",
766
+ "credential_regex_harvest",
767
+ "dynamic_import",
768
+ "suspicious_dataflow",
769
+ "cross_file_dataflow"
770
+ ],
771
+ "verdict": "FP",
772
+ "sink": false,
773
+ "hosts": [
774
+ "json.schemastore.org",
775
+ "aistudio.google.com",
776
+ "ai.google.dev",
777
+ "generativelanguage.googleapis.com"
778
+ ],
779
+ "note": null
780
+ },
781
+ {
782
+ "name": "@shadegpt/connect",
783
+ "version": "0.2.6",
784
+ "score": 53,
785
+ "band": "mid",
786
+ "clusters": [
787
+ "credential"
788
+ ],
789
+ "flagged_rules": [
790
+ "credential_regex_harvest",
791
+ "detached_process",
792
+ "silent_stealth_process"
793
+ ],
794
+ "verdict": "FP",
795
+ "sink": false,
796
+ "hosts": [
797
+ "my-mcp.example.com",
798
+ "shadegpt.app"
799
+ ],
800
+ "note": null
801
+ },
802
+ {
803
+ "name": "future-lang",
804
+ "version": "0.3.2",
805
+ "score": 38,
806
+ "band": "mid",
807
+ "clusters": [
808
+ "credential"
809
+ ],
810
+ "flagged_rules": [
811
+ "dangerous_call_function",
812
+ "ollama_local_llm",
813
+ "credential_regex_harvest",
814
+ "env_access",
815
+ "detached_process",
816
+ "silent_stealth_process",
817
+ "dynamic_import"
818
+ ],
819
+ "verdict": "FP",
820
+ "sink": false,
821
+ "hosts": [
822
+ "api.venice.ai",
823
+ "api.anthropic.com',",
824
+ "api.openai.com",
825
+ "generativelanguage.googleapis.com"
826
+ ],
827
+ "note": null
828
+ },
829
+ {
830
+ "name": "@nubjs/nub-linux-x64-musl",
831
+ "version": "0.0.32",
832
+ "score": 35,
833
+ "band": "mid",
834
+ "clusters": [
835
+ "credential"
836
+ ],
837
+ "flagged_rules": [
838
+ "dynamic_require",
839
+ "dynamic_import",
840
+ "module_internals_hijack",
841
+ "credential_regex_harvest"
842
+ ],
843
+ "verdict": "FP",
844
+ "sink": false,
845
+ "hosts": [
846
+ "www.typescriptlang.org"
847
+ ],
848
+ "note": null
849
+ },
850
+ {
851
+ "name": "@riddledc/riddle-proof",
852
+ "version": "0.8.62",
853
+ "score": 65,
854
+ "band": "mid",
855
+ "clusters": [
856
+ "credential"
857
+ ],
858
+ "flagged_rules": [
859
+ "env_access",
860
+ "credential_regex_harvest",
861
+ "string_mutation_obfuscation",
862
+ "dynamic_import",
863
+ "dangerous_constructor",
864
+ "detached_process",
865
+ "remote_code_load",
866
+ "detached_credential_exfil",
867
+ "stego_binary_exec",
868
+ "suspicious_dataflow"
869
+ ],
870
+ "verdict": "FP",
871
+ "sink": false,
872
+ "hosts": [
873
+ "riddle-proof.local",
874
+ "api.riddledc.com",
875
+ "example.com",
876
+ "riddledc.com"
877
+ ],
878
+ "note": null
879
+ },
880
+ {
881
+ "name": "@ntl-team/ntl-lang",
882
+ "version": "4.1.0",
883
+ "score": 42,
884
+ "band": "mid",
885
+ "clusters": [
886
+ "credential"
887
+ ],
888
+ "flagged_rules": [
889
+ "dynamic_require",
890
+ "vm_dynamic_code",
891
+ "remote_code_load",
892
+ "env_access",
893
+ "ollama_local_llm",
894
+ "credential_regex_harvest",
895
+ "crypto_decipher",
896
+ "string_mutation_obfuscation",
897
+ "dangerous_call_function",
898
+ "vm_code_execution",
899
+ "require_cache_poison",
900
+ "suspicious_dataflow"
901
+ ],
902
+ "verdict": "FP",
903
+ "sink": false,
904
+ "hosts": [
905
+ "raw.githubusercontent.com",
906
+ "api.openai.com';",
907
+ "api.anthropic.com';"
908
+ ],
909
+ "note": null
910
+ },
911
+ {
912
+ "name": "geowiki-cli",
913
+ "version": "3.0.43",
914
+ "score": 45,
915
+ "band": "mid",
916
+ "clusters": [
917
+ "credential"
918
+ ],
919
+ "flagged_rules": [
920
+ "dynamic_import",
921
+ "string_mutation_obfuscation",
922
+ "credential_regex_harvest",
923
+ "suspicious_dataflow"
924
+ ],
925
+ "verdict": "FP",
926
+ "sink": false,
927
+ "hosts": [
928
+ "')",
929
+ "your-site:9002"
930
+ ],
931
+ "note": null
932
+ },
933
+ {
934
+ "name": "chalk-plus-js",
935
+ "version": "7.0.4",
936
+ "score": 100,
937
+ "band": "high",
938
+ "clusters": [
939
+ "credential",
940
+ "lifecycle"
941
+ ],
942
+ "flagged_rules": [
943
+ "lifecycle_script",
944
+ "string_mutation_obfuscation",
945
+ "credential_regex_harvest",
946
+ "env_access",
947
+ "detached_process",
948
+ "silent_stealth_process",
949
+ "crypto_decipher",
950
+ "suspicious_dataflow",
951
+ "high_entropy_string",
952
+ "fragmented_high_entropy_cluster",
953
+ "lifecycle_file_exec"
954
+ ],
955
+ "verdict": "TP",
956
+ "sink": true,
957
+ "hosts": [
958
+ "tools.ietf.org",
959
+ "domain",
960
+ "'",
961
+ "www.w3.org"
962
+ ],
963
+ "note": "nodemailer published as \"chalk-plus-js\" + postinstall lib/utils/index.js detached-spawns smtp-connection -> jsonkeeper loader (chalk-pro campaign)"
964
+ },
965
+ {
966
+ "name": "ecto-corsair-whisper-6f3b9",
967
+ "version": "1.0.14",
968
+ "score": 100,
969
+ "band": "high",
970
+ "clusters": [
971
+ "credential"
972
+ ],
973
+ "flagged_rules": [
974
+ "lifecycle_script",
975
+ "suspicious_domain",
976
+ "direct_ip_exfil",
977
+ "dangerous_call_exec",
978
+ "credential_regex_harvest",
979
+ "suspicious_dataflow",
980
+ "lifecycle_file_exec",
981
+ "lifecycle_dataflow",
982
+ "intent_credential_exfil"
983
+ ],
984
+ "verdict": "TP",
985
+ "sink": true,
986
+ "hosts": [
987
+ "webhook.site",
988
+ "127.0.0.1:31250",
989
+ "127.0.0.1:31289",
990
+ "127.0.0.1:30569"
991
+ ],
992
+ "note": "postinstall: HTB-flag hunt + AWS secretsmanager dump + exfil to webhook.site + C2 154.57.164.x (gated to target container)"
993
+ },
994
+ {
995
+ "name": "@policysynth/agents",
996
+ "version": "1.3.187",
997
+ "score": 100,
998
+ "band": "high",
999
+ "clusters": [
1000
+ "credential"
1001
+ ],
1002
+ "flagged_rules": [
1003
+ "env_access",
1004
+ "credential_regex_harvest",
1005
+ "dangerous_call_eval",
1006
+ "llm_api_key_harvesting",
1007
+ "string_mutation_obfuscation",
1008
+ "crypto_decipher",
1009
+ "suspicious_dataflow",
1010
+ "credential_tampering",
1011
+ "intent_credential_exfil"
1012
+ ],
1013
+ "verdict": "FP",
1014
+ "sink": false,
1015
+ "hosts": [
1016
+ "aoi-storage-production.citizens.is",
1017
+ "cognitiveservices.azure.com",
1018
+ "bedrock-runtime.$",
1019
+ "eu.api.openai.com"
1020
+ ],
1021
+ "note": null
1022
+ },
1023
+ {
1024
+ "name": "@raysonmeng/agentbridge",
1025
+ "version": "0.1.14",
1026
+ "score": 100,
1027
+ "band": "high",
1028
+ "clusters": [
1029
+ "credential"
1030
+ ],
1031
+ "flagged_rules": [
1032
+ "lifecycle_script",
1033
+ "dangerous_call_function",
1034
+ "env_charcode_reconstruction",
1035
+ "env_access",
1036
+ "detached_process",
1037
+ "silent_stealth_process",
1038
+ "remote_code_load",
1039
+ "credential_regex_harvest",
1040
+ "proxy_data_intercept",
1041
+ "websocket_c2",
1042
+ "ai_agent_abuse",
1043
+ "obfuscation_detected"
1044
+ ],
1045
+ "verdict": "FP",
1046
+ "sink": false,
1047
+ "hosts": [
1048
+ "bun.sh",
1049
+ "raw.githubusercontent.com",
1050
+ "json-schema.org"
1051
+ ],
1052
+ "note": null
1053
+ },
1054
+ {
1055
+ "name": "@nuiisweety/baileys",
1056
+ "version": "0.1.13",
1057
+ "score": 87,
1058
+ "band": "high",
1059
+ "clusters": [
1060
+ "credential"
1061
+ ],
1062
+ "flagged_rules": [
1063
+ "lifecycle_script",
1064
+ "credential_regex_harvest",
1065
+ "crypto_decipher",
1066
+ "dynamic_import",
1067
+ "newsletter_auto_follow",
1068
+ "credential_tampering",
1069
+ "suspicious_dataflow",
1070
+ "lifecycle_newsletter_hijack"
1071
+ ],
1072
+ "verdict": "UNCERTAIN",
1073
+ "sink": false,
1074
+ "hosts": [
1075
+ "web.whatsapp.com",
1076
+ "call.whatsapp.com",
1077
+ "stackoverflow.com",
1078
+ "saweria.co"
1079
+ ],
1080
+ "note": "Baileys fork; benign preinstall version-check; stock newsletter code; saweria.co reference -> needs upstream diff"
1081
+ },
1082
+ {
1083
+ "name": "amicus",
1084
+ "version": "1.1.0",
1085
+ "score": 100,
1086
+ "band": "high",
1087
+ "clusters": [
1088
+ "credential"
1089
+ ],
1090
+ "flagged_rules": [
1091
+ "lifecycle_script",
1092
+ "credential_regex_harvest",
1093
+ "string_mutation_obfuscation",
1094
+ "ai_agent_abuse",
1095
+ "mcp_config_injection",
1096
+ "env_access",
1097
+ "dynamic_require",
1098
+ "suspicious_dataflow",
1099
+ "cross_file_dataflow",
1100
+ "lifecycle_file_exec",
1101
+ "lifecycle_dataflow"
1102
+ ],
1103
+ "verdict": "FP",
1104
+ "sink": false,
1105
+ "hosts": [
1106
+ "www.w3.org",
1107
+ "'))",
1108
+ "aistudio.google.com",
1109
+ "platform.openai.com"
1110
+ ],
1111
+ "note": null
1112
+ },
1113
+ {
1114
+ "name": "scratch-mcp",
1115
+ "version": "1.1.2",
1116
+ "score": 79,
1117
+ "band": "high",
1118
+ "clusters": [
1119
+ "credential"
1120
+ ],
1121
+ "flagged_rules": [
1122
+ "git_dependency_rce",
1123
+ "dynamic_require",
1124
+ "credential_regex_harvest",
1125
+ "trusted_new_unknown_dependency"
1126
+ ],
1127
+ "verdict": "FP",
1128
+ "sink": false,
1129
+ "hosts": [
1130
+ "localhost');",
1131
+ "www.npmjs.com"
1132
+ ],
1133
+ "note": null
1134
+ },
1135
+ {
1136
+ "name": "proxypro-harness",
1137
+ "version": "0.2.1",
1138
+ "score": 100,
1139
+ "band": "high",
1140
+ "clusters": [
1141
+ "credential"
1142
+ ],
1143
+ "flagged_rules": [
1144
+ "lifecycle_script",
1145
+ "dangerous_call_function",
1146
+ "vm_code_execution",
1147
+ "env_charcode_reconstruction",
1148
+ "env_access",
1149
+ "remote_code_load",
1150
+ "credential_regex_harvest",
1151
+ "proxy_data_intercept",
1152
+ "obfuscation_detected",
1153
+ "suspicious_dataflow",
1154
+ "intent_credential_exfil"
1155
+ ],
1156
+ "verdict": "FP",
1157
+ "sink": false,
1158
+ "hosts": [
1159
+ "grpc.io",
1160
+ "$",
1161
+ "example.com",
1162
+ "tools.ietf.org"
1163
+ ],
1164
+ "note": null
1165
+ },
1166
+ {
1167
+ "name": "agent-systems",
1168
+ "version": "1.1.1",
1169
+ "score": 100,
1170
+ "band": "high",
1171
+ "clusters": [
1172
+ "credential",
1173
+ "lifecycle"
1174
+ ],
1175
+ "flagged_rules": [
1176
+ "lifecycle_script",
1177
+ "env_access",
1178
+ "credential_regex_harvest",
1179
+ "suspicious_dataflow",
1180
+ "lifecycle_file_exec",
1181
+ "lifecycle_dataflow",
1182
+ "intent_credential_exfil"
1183
+ ],
1184
+ "verdict": "FP",
1185
+ "sink": false,
1186
+ "hosts": [
1187
+ "raw.githubusercontent.com",
1188
+ "generativelanguage.googleapis.com",
1189
+ "api.anthropic.com"
1190
+ ],
1191
+ "note": null
1192
+ },
1193
+ {
1194
+ "name": "wtt-connect",
1195
+ "version": "0.2.61",
1196
+ "score": 93,
1197
+ "band": "high",
1198
+ "clusters": [
1199
+ "credential"
1200
+ ],
1201
+ "flagged_rules": [
1202
+ "systemd_persistence",
1203
+ "ai_agent_abuse",
1204
+ "env_access",
1205
+ "credential_regex_harvest",
1206
+ "string_mutation_obfuscation",
1207
+ "download_exec_binary",
1208
+ "dangerous_call_exec",
1209
+ "dynamic_require",
1210
+ "dynamic_import",
1211
+ "suspicious_dataflow",
1212
+ "credential_tampering"
1213
+ ],
1214
+ "verdict": "FP",
1215
+ "sink": false,
1216
+ "hosts": [
1217
+ "www.apple.com",
1218
+ "www.waxbyte.com)",
1219
+ "www.waxbyte.com",
1220
+ "www.waxbyte.com';"
1221
+ ],
1222
+ "note": null
1223
+ },
1224
+ {
1225
+ "name": "@remnic/plugin-codex",
1226
+ "version": "9.3.634",
1227
+ "score": 75,
1228
+ "band": "high",
1229
+ "clusters": [
1230
+ "credential"
1231
+ ],
1232
+ "flagged_rules": [
1233
+ "env_access",
1234
+ "detached_process",
1235
+ "silent_stealth_process",
1236
+ "binary_dropper",
1237
+ "download_exec_binary",
1238
+ "credential_regex_harvest",
1239
+ "detached_credential_exfil",
1240
+ "suspicious_dataflow",
1241
+ "intent_credential_exfil"
1242
+ ],
1243
+ "verdict": "FP",
1244
+ "sink": false,
1245
+ "hosts": [
1246
+ "localhost:4318"
1247
+ ],
1248
+ "note": null
1249
+ },
1250
+ {
1251
+ "name": "@central-icons-react/round-filled-radius-2-stroke-1",
1252
+ "version": "1.1.264",
1253
+ "score": 100,
1254
+ "band": "high",
1255
+ "clusters": [
1256
+ "credential"
1257
+ ],
1258
+ "flagged_rules": [
1259
+ "lifecycle_script",
1260
+ "env_access",
1261
+ "credential_regex_harvest",
1262
+ "suspicious_dataflow",
1263
+ "lifecycle_file_exec",
1264
+ "lifecycle_dataflow"
1265
+ ],
1266
+ "verdict": "FP",
1267
+ "sink": false,
1268
+ "hosts": [
1269
+ "www.w3.org",
1270
+ "centralicons.com",
1271
+ "iconists.co"
1272
+ ],
1273
+ "note": null
1274
+ },
1275
+ {
1276
+ "name": "@central-icons-react/square-outlined-radius-0-stroke-1",
1277
+ "version": "1.1.264",
1278
+ "score": 100,
1279
+ "band": "high",
1280
+ "clusters": [
1281
+ "credential"
1282
+ ],
1283
+ "flagged_rules": [
1284
+ "lifecycle_script",
1285
+ "env_access",
1286
+ "credential_regex_harvest",
1287
+ "suspicious_dataflow",
1288
+ "lifecycle_file_exec",
1289
+ "lifecycle_dataflow"
1290
+ ],
1291
+ "verdict": "FP",
1292
+ "sink": false,
1293
+ "hosts": [
1294
+ "www.w3.org",
1295
+ "centralicons.com",
1296
+ "iconists.co"
1297
+ ],
1298
+ "note": null
1299
+ },
1300
+ {
1301
+ "name": "@central-icons-react-native/round-outlined-radius-1-stroke-1.5",
1302
+ "version": "1.1.264",
1303
+ "score": 100,
1304
+ "band": "high",
1305
+ "clusters": [
1306
+ "credential"
1307
+ ],
1308
+ "flagged_rules": [
1309
+ "lifecycle_script",
1310
+ "env_access",
1311
+ "credential_regex_harvest",
1312
+ "suspicious_dataflow",
1313
+ "lifecycle_file_exec",
1314
+ "lifecycle_dataflow"
1315
+ ],
1316
+ "verdict": "FP",
1317
+ "sink": false,
1318
+ "hosts": [
1319
+ "centralicons.com",
1320
+ "iconists.co"
1321
+ ],
1322
+ "note": null
1323
+ },
1324
+ {
1325
+ "name": "@central-icons-react-native/round-filled-radius-0-stroke-2",
1326
+ "version": "1.1.264",
1327
+ "score": 100,
1328
+ "band": "high",
1329
+ "clusters": [
1330
+ "credential"
1331
+ ],
1332
+ "flagged_rules": [
1333
+ "lifecycle_script",
1334
+ "env_access",
1335
+ "credential_regex_harvest",
1336
+ "suspicious_dataflow",
1337
+ "lifecycle_file_exec",
1338
+ "lifecycle_dataflow"
1339
+ ],
1340
+ "verdict": "FP",
1341
+ "sink": false,
1342
+ "hosts": [
1343
+ "centralicons.com",
1344
+ "iconists.co"
1345
+ ],
1346
+ "note": null
1347
+ },
1348
+ {
1349
+ "name": "@central-icons-react-native/square-filled-radius-0-stroke-1.5",
1350
+ "version": "1.1.263",
1351
+ "score": 100,
1352
+ "band": "high",
1353
+ "clusters": [
1354
+ "credential"
1355
+ ],
1356
+ "flagged_rules": [
1357
+ "lifecycle_script",
1358
+ "env_access",
1359
+ "credential_regex_harvest",
1360
+ "suspicious_dataflow",
1361
+ "lifecycle_file_exec",
1362
+ "lifecycle_dataflow"
1363
+ ],
1364
+ "verdict": "FP",
1365
+ "sink": false,
1366
+ "hosts": [
1367
+ "centralicons.com",
1368
+ "iconists.co"
1369
+ ],
1370
+ "note": null
1371
+ },
1372
+ {
1373
+ "name": "@dfosco/storyboard",
1374
+ "version": "0.11.0-beta.2",
1375
+ "score": 76,
1376
+ "band": "high",
1377
+ "clusters": [
1378
+ "credential"
1379
+ ],
1380
+ "flagged_rules": [
1381
+ "dynamic_import",
1382
+ "credential_regex_harvest",
1383
+ "detached_process",
1384
+ "silent_stealth_process",
1385
+ "string_mutation_obfuscation",
1386
+ "builtin_override_exfil",
1387
+ "sensitive_string",
1388
+ "suspicious_dataflow",
1389
+ "credential_tampering",
1390
+ "cross_file_dataflow"
1391
+ ],
1392
+ "verdict": "FP",
1393
+ "sink": false,
1394
+ "hosts": [
1395
+ "tailwindcss.com",
1396
+ "v3.tailwindcss.com",
1397
+ "base-ui.com",
1398
+ "www.w3.org"
1399
+ ],
1400
+ "note": null
1401
+ },
1402
+ {
1403
+ "name": "free-mcp-core",
1404
+ "version": "0.1.0-rc.7",
1405
+ "score": 100,
1406
+ "band": "high",
1407
+ "clusters": [
1408
+ "credential"
1409
+ ],
1410
+ "flagged_rules": [
1411
+ "lifecycle_script",
1412
+ "bun_runtime_evasion",
1413
+ "env_access",
1414
+ "string_mutation_obfuscation",
1415
+ "env_charcode_reconstruction",
1416
+ "credential_regex_harvest",
1417
+ "proxy_data_intercept",
1418
+ "mcp_config_injection",
1419
+ "prototype_hook",
1420
+ "suspicious_dataflow",
1421
+ "dependency_typosquat",
1422
+ "dependency_typosquat_used"
1423
+ ],
1424
+ "verdict": "FP",
1425
+ "sink": false,
1426
+ "hosts": [
1427
+ "api.freee.co.jp",
1428
+ "accounts.secure.freee.co.jp",
1429
+ "localhost",
1430
+ "127.0.0.1"
1431
+ ],
1432
+ "note": null
1433
+ },
1434
+ {
1435
+ "name": "@redocly/cli",
1436
+ "version": "2.32.2",
1437
+ "score": 20,
1438
+ "band": "low",
1439
+ "clusters": [
1440
+ "lifecycle"
1441
+ ],
1442
+ "flagged_rules": [
1443
+ "lifecycle_script",
1444
+ "crypto_decipher",
1445
+ "credential_regex_harvest",
1446
+ "dynamic_import",
1447
+ "typosquat_detected",
1448
+ "dependency_typosquat",
1449
+ "dependency_typosquat_used",
1450
+ "lifecycle_typosquat",
1451
+ "dependency_typosquat_require",
1452
+ "typosquat_lifecycle"
1453
+ ],
1454
+ "verdict": "FP",
1455
+ "sink": false,
1456
+ "hosts": [
1457
+ "www.thespanner.co.uk",
1458
+ "spec.openapis.org",
1459
+ "redocly.com",
1460
+ "app.cloud.redocly.com"
1461
+ ],
1462
+ "note": null
1463
+ },
1464
+ {
1465
+ "name": "web-manager",
1466
+ "version": "4.3.2",
1467
+ "score": 20,
1468
+ "band": "low",
1469
+ "clusters": [
1470
+ "lifecycle"
1471
+ ],
1472
+ "flagged_rules": [
1473
+ "lifecycle_script",
1474
+ "node_inline_exec",
1475
+ "credential_regex_harvest",
1476
+ "dynamic_require",
1477
+ "suspicious_dataflow",
1478
+ "lifecycle_inline_exec",
1479
+ "lifecycle_dataflow"
1480
+ ],
1481
+ "verdict": "FP",
1482
+ "sink": false,
1483
+ "hosts": [
1484
+ "developer.mozilla.org",
1485
+ "gomakethings.com",
1486
+ "jonathancreamer.com",
1487
+ "makandracards.com"
1488
+ ],
1489
+ "note": null
1490
+ },
1491
+ {
1492
+ "name": "@unabridged/midwest",
1493
+ "version": "0.20.1",
1494
+ "score": 28,
1495
+ "band": "low",
1496
+ "clusters": [
1497
+ "lifecycle"
1498
+ ],
1499
+ "flagged_rules": [
1500
+ "lifecycle_script",
1501
+ "credential_regex_harvest",
1502
+ "dependency_typosquat",
1503
+ "typosquat_lifecycle"
1504
+ ],
1505
+ "verdict": "FP",
1506
+ "sink": false,
1507
+ "hosts": [
1508
+ "www.w3.org",
1509
+ "floating-ui.com",
1510
+ "developer.mozilla.org",
1511
+ "drafts.csswg.org"
1512
+ ],
1513
+ "note": null
1514
+ },
1515
+ {
1516
+ "name": "another-meet",
1517
+ "version": "1.0.9",
1518
+ "score": 20,
1519
+ "band": "low",
1520
+ "clusters": [
1521
+ "lifecycle"
1522
+ ],
1523
+ "flagged_rules": [
1524
+ "lifecycle_script",
1525
+ "suspicious_dataflow",
1526
+ "lifecycle_dataflow"
1527
+ ],
1528
+ "verdict": "FP",
1529
+ "sink": false,
1530
+ "hosts": [],
1531
+ "note": null
1532
+ },
1533
+ {
1534
+ "name": "@ucropit/unit-system",
1535
+ "version": "1.0.23",
1536
+ "score": 20,
1537
+ "band": "low",
1538
+ "clusters": [
1539
+ "lifecycle"
1540
+ ],
1541
+ "flagged_rules": [
1542
+ "lifecycle_script",
1543
+ "typosquat_detected",
1544
+ "dependency_typosquat",
1545
+ "lifecycle_typosquat",
1546
+ "typosquat_lifecycle"
1547
+ ],
1548
+ "verdict": "FP",
1549
+ "sink": false,
1550
+ "hosts": [],
1551
+ "note": null
1552
+ },
1553
+ {
1554
+ "name": "fullstacked",
1555
+ "version": "1.0.0-alpha.1676",
1556
+ "score": 25,
1557
+ "band": "low",
1558
+ "clusters": [
1559
+ "lifecycle"
1560
+ ],
1561
+ "flagged_rules": [
1562
+ "lifecycle_script",
1563
+ "proxy_data_intercept",
1564
+ "suspicious_dataflow",
1565
+ "high_entropy_string",
1566
+ "trusted_new_dependency",
1567
+ "lifecycle_dataflow"
1568
+ ],
1569
+ "verdict": "FP",
1570
+ "sink": false,
1571
+ "hosts": [
1572
+ "fullstacked.org"
1573
+ ],
1574
+ "note": null
1575
+ },
1576
+ {
1577
+ "name": "@vived/host",
1578
+ "version": "5.2.4",
1579
+ "score": 20,
1580
+ "band": "low",
1581
+ "clusters": [
1582
+ "lifecycle"
1583
+ ],
1584
+ "flagged_rules": [
1585
+ "lifecycle_script",
1586
+ "typosquat_detected",
1587
+ "dependency_typosquat",
1588
+ "lifecycle_typosquat",
1589
+ "typosquat_lifecycle"
1590
+ ],
1591
+ "verdict": "FP",
1592
+ "sink": false,
1593
+ "hosts": [
1594
+ "bitbucket.org"
1595
+ ],
1596
+ "note": null
1597
+ },
1598
+ {
1599
+ "name": "@itwin/certa",
1600
+ "version": "5.10.2",
1601
+ "score": 20,
1602
+ "band": "low",
1603
+ "clusters": [
1604
+ "lifecycle"
1605
+ ],
1606
+ "flagged_rules": [
1607
+ "lifecycle_script",
1608
+ "dynamic_require",
1609
+ "suspicious_dataflow",
1610
+ "lifecycle_dataflow"
1611
+ ],
1612
+ "verdict": "FP",
1613
+ "sink": false,
1614
+ "hosts": [
1615
+ "json-schema.org",
1616
+ "dev.bentley.com",
1617
+ "localhost:3000",
1618
+ "chromium.googlesource.com"
1619
+ ],
1620
+ "note": null
1621
+ },
1622
+ {
1623
+ "name": "@plurnk/plurnk-mimetypes",
1624
+ "version": "0.15.5",
1625
+ "score": 28,
1626
+ "band": "low",
1627
+ "clusters": [
1628
+ "lifecycle"
1629
+ ],
1630
+ "flagged_rules": [
1631
+ "lifecycle_script",
1632
+ "dependency_typosquat",
1633
+ "typosquat_lifecycle"
1634
+ ],
1635
+ "verdict": "FP",
1636
+ "sink": false,
1637
+ "hosts": [
1638
+ "plurnk.dev"
1639
+ ],
1640
+ "note": null
1641
+ },
1642
+ {
1643
+ "name": "@company-semantics/contracts",
1644
+ "version": "13.5.0",
1645
+ "score": 30,
1646
+ "band": "low",
1647
+ "clusters": [
1648
+ "lifecycle"
1649
+ ],
1650
+ "flagged_rules": [
1651
+ "lifecycle_script",
1652
+ "dependency_typosquat",
1653
+ "typosquat_lifecycle"
1654
+ ],
1655
+ "verdict": "FP",
1656
+ "sink": false,
1657
+ "hosts": [
1658
+ "json-schema.org",
1659
+ "company-semantics.dev",
1660
+ "example.com",
1661
+ "..."
1662
+ ],
1663
+ "note": null
1664
+ },
1665
+ {
1666
+ "name": "@adobe/aio-cli-plugin-aem-edge-functions",
1667
+ "version": "0.9.1",
1668
+ "score": 33,
1669
+ "band": "low",
1670
+ "clusters": [
1671
+ "lifecycle"
1672
+ ],
1673
+ "flagged_rules": [
1674
+ "lifecycle_script",
1675
+ "env_access",
1676
+ "credential_regex_harvest",
1677
+ "suspicious_dataflow",
1678
+ "lifecycle_dataflow"
1679
+ ],
1680
+ "verdict": "FP",
1681
+ "sink": false,
1682
+ "hosts": [
1683
+ "www.apache.org",
1684
+ "developer.adobe.com",
1685
+ "$",
1686
+ "experienceleague.adobe.com"
1687
+ ],
1688
+ "note": null
1689
+ },
1690
+ {
1691
+ "name": "openfin-fdc3",
1692
+ "version": "0.2.5-alpha.10",
1693
+ "score": 22,
1694
+ "band": "low",
1695
+ "clusters": [
1696
+ "lifecycle"
1697
+ ],
1698
+ "flagged_rules": [
1699
+ "lifecycle_script",
1700
+ "dependency_typosquat",
1701
+ "typosquat_lifecycle"
1702
+ ],
1703
+ "verdict": "FP",
1704
+ "sink": false,
1705
+ "hosts": [
1706
+ "fdc3.finos.org",
1707
+ "www.isin.org",
1708
+ "www.cusip.com",
1709
+ "www.londonstockexchange.com"
1710
+ ],
1711
+ "note": null
1712
+ },
1713
+ {
1714
+ "name": "@shgysk8zer0/jwk-utils",
1715
+ "version": "1.2.0",
1716
+ "score": 20,
1717
+ "band": "low",
1718
+ "clusters": [
1719
+ "lifecycle"
1720
+ ],
1721
+ "flagged_rules": [
1722
+ "lifecycle_script",
1723
+ "credential_regex_harvest",
1724
+ "suspicious_dataflow",
1725
+ "lifecycle_dataflow"
1726
+ ],
1727
+ "verdict": "FP",
1728
+ "sink": false,
1729
+ "hosts": [
1730
+ "www.googleapis.com",
1731
+ "securetoken.google.com",
1732
+ "example.com').",
1733
+ "liberapay.com"
1734
+ ],
1735
+ "note": null
1736
+ },
1737
+ {
1738
+ "name": "neonctl",
1739
+ "version": "2.26.1",
1740
+ "score": 22,
1741
+ "band": "low",
1742
+ "clusters": [
1743
+ "lifecycle"
1744
+ ],
1745
+ "flagged_rules": [
1746
+ "lifecycle_script",
1747
+ "detached_process",
1748
+ "string_mutation_obfuscation",
1749
+ "dynamic_import",
1750
+ "env_access",
1751
+ "dangerous_call_exec",
1752
+ "credential_regex_harvest",
1753
+ "unicode_variation_decoder",
1754
+ "suspicious_dataflow",
1755
+ "lifecycle_dataflow"
1756
+ ],
1757
+ "verdict": "FP",
1758
+ "sink": false,
1759
+ "hosts": [
1760
+ "track.neon.tech',",
1761
+ "datatracker.ietf.org",
1762
+ "console.neon.tech",
1763
+ "$"
1764
+ ],
1765
+ "note": null
1766
+ },
1767
+ {
1768
+ "name": "@pmxt/cli",
1769
+ "version": "2.49.11",
1770
+ "score": 20,
1771
+ "band": "low",
1772
+ "clusters": [
1773
+ "lifecycle"
1774
+ ],
1775
+ "flagged_rules": [
1776
+ "lifecycle_script",
1777
+ "credential_regex_harvest",
1778
+ "detached_process",
1779
+ "silent_stealth_process",
1780
+ "suspicious_dataflow",
1781
+ "lifecycle_dataflow"
1782
+ ],
1783
+ "verdict": "FP",
1784
+ "sink": false,
1785
+ "hosts": [
1786
+ "api.pmxt.dev",
1787
+ "localhost:3847"
1788
+ ],
1789
+ "note": null
1790
+ },
1791
+ {
1792
+ "name": "stream-chat-react-native-core",
1793
+ "version": "9.4.0-beta.1",
1794
+ "score": 21,
1795
+ "band": "low",
1796
+ "clusters": [
1797
+ "lifecycle"
1798
+ ],
1799
+ "flagged_rules": [
1800
+ "lifecycle_script",
1801
+ "dangerous_exec",
1802
+ "lifecycle_dangerous_exec"
1803
+ ],
1804
+ "verdict": "FP",
1805
+ "sink": false,
1806
+ "hosts": [
1807
+ "'",
1808
+ "www.getstream.io',",
1809
+ "www.getstream.io",
1810
+ "www.getstream.io)'"
1811
+ ],
1812
+ "note": null
1813
+ },
1814
+ {
1815
+ "name": "run402",
1816
+ "version": "2.47.1",
1817
+ "score": 20,
1818
+ "band": "low",
1819
+ "clusters": [
1820
+ "lifecycle"
1821
+ ],
1822
+ "flagged_rules": [
1823
+ "lifecycle_script",
1824
+ "credential_regex_harvest",
1825
+ "env_access",
1826
+ "dynamic_import",
1827
+ "detached_process",
1828
+ "silent_stealth_process",
1829
+ "suspicious_dataflow",
1830
+ "credential_tampering",
1831
+ "lifecycle_dataflow"
1832
+ ],
1833
+ "verdict": "FP",
1834
+ "sink": false,
1835
+ "hosts": [
1836
+ "run402.com",
1837
+ "api.run402.com",
1838
+ "api.run402.com.",
1839
+ "example.com"
1840
+ ],
1841
+ "note": null
1842
+ },
1843
+ {
1844
+ "name": "@salesforce/cli",
1845
+ "version": "2.140.3",
1846
+ "score": 20,
1847
+ "band": "low",
1848
+ "clusters": [
1849
+ "lifecycle"
1850
+ ],
1851
+ "flagged_rules": [
1852
+ "lifecycle_script",
1853
+ "dynamic_import",
1854
+ "lifecycle_file_exec"
1855
+ ],
1856
+ "verdict": "FP",
1857
+ "sink": false,
1858
+ "hosts": [
1859
+ "opensource.org",
1860
+ "opencollective.com",
1861
+ "www.patreon.com",
1862
+ "feross.org"
1863
+ ],
1864
+ "note": null
1865
+ },
1866
+ {
1867
+ "name": "@agntdev/cli",
1868
+ "version": "0.9.0",
1869
+ "score": 55,
1870
+ "band": "mid",
1871
+ "clusters": [
1872
+ "lifecycle"
1873
+ ],
1874
+ "flagged_rules": [
1875
+ "lifecycle_script",
1876
+ "dependency_typosquat",
1877
+ "typosquat_lifecycle"
1878
+ ],
1879
+ "verdict": "FP",
1880
+ "sink": false,
1881
+ "hosts": [
1882
+ "api.agnt-gm.ai",
1883
+ "...)",
1884
+ "agnt-gm.ai",
1885
+ "snake-game.agnt-gm.ai"
1886
+ ],
1887
+ "note": null
1888
+ },
1889
+ {
1890
+ "name": "@sdsrs/code-graph",
1891
+ "version": "0.48.0",
1892
+ "score": 68,
1893
+ "band": "mid",
1894
+ "clusters": [
1895
+ "lifecycle"
1896
+ ],
1897
+ "flagged_rules": [
1898
+ "lifecycle_script",
1899
+ "detached_process",
1900
+ "silent_stealth_process",
1901
+ "suspicious_dataflow",
1902
+ "high_entropy_string",
1903
+ "cross_file_dataflow",
1904
+ "lifecycle_dataflow"
1905
+ ],
1906
+ "verdict": "FP",
1907
+ "sink": false,
1908
+ "hosts": [
1909
+ "api.github.com",
1910
+ "example.com",
1911
+ "example"
1912
+ ],
1913
+ "note": null
1914
+ },
1915
+ {
1916
+ "name": "@amos.com/node",
1917
+ "version": "0.1.10",
1918
+ "score": 48,
1919
+ "band": "mid",
1920
+ "clusters": [
1921
+ "lifecycle"
1922
+ ],
1923
+ "flagged_rules": [
1924
+ "lifecycle_script",
1925
+ "dependency_typosquat",
1926
+ "typosquat_lifecycle"
1927
+ ],
1928
+ "verdict": "FP",
1929
+ "sink": false,
1930
+ "hosts": [
1931
+ "pay.amos.com",
1932
+ "pay-sandbox.amos.com"
1933
+ ],
1934
+ "note": null
1935
+ },
1936
+ {
1937
+ "name": "@loczer/storefront-sdk",
1938
+ "version": "0.154.0",
1939
+ "score": 55,
1940
+ "band": "mid",
1941
+ "clusters": [
1942
+ "lifecycle"
1943
+ ],
1944
+ "flagged_rules": [
1945
+ "lifecycle_script",
1946
+ "dependency_typosquat",
1947
+ "typosquat_lifecycle"
1948
+ ],
1949
+ "verdict": "FP",
1950
+ "sink": false,
1951
+ "hosts": [
1952
+ "www.w3.org",
1953
+ "api.mapbox.com",
1954
+ "www.google.com",
1955
+ "loczer.com"
1956
+ ],
1957
+ "note": null
1958
+ },
1959
+ {
1960
+ "name": "auditor-lambda",
1961
+ "version": "0.17.0",
1962
+ "score": 66,
1963
+ "band": "mid",
1964
+ "clusters": [
1965
+ "lifecycle"
1966
+ ],
1967
+ "flagged_rules": [
1968
+ "lifecycle_script",
1969
+ "dynamic_import",
1970
+ "credential_tampering",
1971
+ "lifecycle_file_exec"
1972
+ ],
1973
+ "verdict": "FP",
1974
+ "sink": false,
1975
+ "hosts": [
1976
+ "opencode.ai",
1977
+ "json-schema.org",
1978
+ "example.invalid"
1979
+ ],
1980
+ "note": null
1981
+ },
1982
+ {
1983
+ "name": "su7",
1984
+ "version": "0.1.7",
1985
+ "score": 69,
1986
+ "band": "mid",
1987
+ "clusters": [
1988
+ "lifecycle"
1989
+ ],
1990
+ "flagged_rules": [
1991
+ "lifecycle_script",
1992
+ "dependency_typosquat",
1993
+ "high_entropy_string",
1994
+ "typosquat_lifecycle"
1995
+ ],
1996
+ "verdict": "FP",
1997
+ "sink": false,
1998
+ "hosts": [],
1999
+ "note": null
2000
+ },
2001
+ {
2002
+ "name": "@signa-app/dto",
2003
+ "version": "0.3.7",
2004
+ "score": 50,
2005
+ "band": "mid",
2006
+ "clusters": [
2007
+ "lifecycle"
2008
+ ],
2009
+ "flagged_rules": [
2010
+ "lifecycle_script",
2011
+ "dependency_typosquat",
2012
+ "typosquat_lifecycle"
2013
+ ],
2014
+ "verdict": "FP",
2015
+ "sink": false,
2016
+ "hosts": [
2017
+ "example.com"
2018
+ ],
2019
+ "note": null
2020
+ },
2021
+ {
2022
+ "name": "muonroi-cli",
2023
+ "version": "1.4.1",
2024
+ "score": 48,
2025
+ "band": "mid",
2026
+ "clusters": [
2027
+ "lifecycle"
2028
+ ],
2029
+ "flagged_rules": [
2030
+ "lifecycle_script",
2031
+ "dependency_typosquat",
2032
+ "monorepo_detected",
2033
+ "typosquat_lifecycle"
2034
+ ],
2035
+ "verdict": "FP",
2036
+ "sink": false,
2037
+ "hosts": [
2038
+ "localhost",
2039
+ "discord.com",
2040
+ "bitwarden.com",
2041
+ "example"
2042
+ ],
2043
+ "note": null
2044
+ },
2045
+ {
2046
+ "name": "@nulib/dc-api-mcp",
2047
+ "version": "2.11.5",
2048
+ "score": 48,
2049
+ "band": "mid",
2050
+ "clusters": [
2051
+ "lifecycle"
2052
+ ],
2053
+ "flagged_rules": [
2054
+ "lifecycle_script",
2055
+ "bun_runtime_evasion",
2056
+ "dependency_typosquat",
2057
+ "typosquat_lifecycle"
2058
+ ],
2059
+ "verdict": "FP",
2060
+ "sink": false,
2061
+ "hosts": [
2062
+ "raw.githubusercontent.com",
2063
+ "json-schema.org",
2064
+ "api.dc.library.northwestern.edu",
2065
+ "iiif.dc.library.northwestern.edu"
2066
+ ],
2067
+ "note": null
2068
+ },
2069
+ {
2070
+ "name": "encode-ai-cli",
2071
+ "version": "0.1.2",
2072
+ "score": 63,
2073
+ "band": "mid",
2074
+ "clusters": [
2075
+ "lifecycle"
2076
+ ],
2077
+ "flagged_rules": [
2078
+ "lifecycle_script",
2079
+ "bun_runtime_evasion",
2080
+ "wasm_standalone",
2081
+ "dangerous_exec",
2082
+ "typosquat_detected",
2083
+ "lifecycle_typosquat",
2084
+ "lifecycle_dangerous_exec"
2085
+ ],
2086
+ "verdict": "FP",
2087
+ "sink": false,
2088
+ "hosts": [
2089
+ "json.schemastore.org",
2090
+ "$",
2091
+ "docs.github.com",
2092
+ "opencode.ai"
2093
+ ],
2094
+ "note": null
2095
+ },
2096
+ {
2097
+ "name": "paddle-checkout-accelerator",
2098
+ "version": "3.7.0",
2099
+ "score": 35,
2100
+ "band": "mid",
2101
+ "clusters": [
2102
+ "lifecycle"
2103
+ ],
2104
+ "flagged_rules": [
2105
+ "lifecycle_script",
2106
+ "string_mutation_obfuscation",
2107
+ "credential_regex_harvest",
2108
+ "suspicious_dataflow",
2109
+ "credential_tampering",
2110
+ "lifecycle_dataflow"
2111
+ ],
2112
+ "verdict": "FP",
2113
+ "sink": false,
2114
+ "hosts": [
2115
+ "api.paddle.com$",
2116
+ "localhost:3000",
2117
+ "api.paddle.com"
2118
+ ],
2119
+ "note": null
2120
+ },
2121
+ {
2122
+ "name": "doc-detective",
2123
+ "version": "4.7.0",
2124
+ "score": 35,
2125
+ "band": "mid",
2126
+ "clusters": [
2127
+ "lifecycle"
2128
+ ],
2129
+ "flagged_rules": [
2130
+ "lifecycle_script",
2131
+ "lifecycle_missing_script",
2132
+ "env_access",
2133
+ "credential_regex_harvest",
2134
+ "dynamic_import",
2135
+ "suspicious_dataflow",
2136
+ "dependency_typosquat",
2137
+ "typosquat_lifecycle",
2138
+ "typosquat_dataflow",
2139
+ "lifecycle_dataflow"
2140
+ ],
2141
+ "verdict": "FP",
2142
+ "sink": false,
2143
+ "hosts": [
2144
+ "raw.githubusercontent.com",
2145
+ "codeload.github.com",
2146
+ "example.com",
2147
+ "doc-detective.com"
2148
+ ],
2149
+ "note": null
2150
+ },
2151
+ {
2152
+ "name": "ultravisor",
2153
+ "version": "1.3.21",
2154
+ "score": 35,
2155
+ "band": "mid",
2156
+ "clusters": [
2157
+ "lifecycle"
2158
+ ],
2159
+ "flagged_rules": [
2160
+ "lifecycle_script",
2161
+ "dynamic_require",
2162
+ "env_access",
2163
+ "credential_regex_harvest",
2164
+ "string_mutation_obfuscation",
2165
+ "suspicious_dataflow",
2166
+ "credential_tampering",
2167
+ "lifecycle_dataflow"
2168
+ ],
2169
+ "verdict": "FP",
2170
+ "sink": false,
2171
+ "hosts": [
2172
+ "www.w3.org",
2173
+ "console.anthropic.com",
2174
+ "ollama.com",
2175
+ "platform.openai.com"
2176
+ ],
2177
+ "note": null
2178
+ },
2179
+ {
2180
+ "name": "hubspot-cms-sync",
2181
+ "version": "0.5.0",
2182
+ "score": 45,
2183
+ "band": "mid",
2184
+ "clusters": [
2185
+ "lifecycle"
2186
+ ],
2187
+ "flagged_rules": [
2188
+ "lifecycle_script",
2189
+ "credential_regex_harvest",
2190
+ "env_access",
2191
+ "dynamic_import",
2192
+ "string_mutation_obfuscation",
2193
+ "suspicious_dataflow",
2194
+ "lifecycle_dataflow"
2195
+ ],
2196
+ "verdict": "FP",
2197
+ "sink": false,
2198
+ "hosts": [
2199
+ "api.hubapi.com';",
2200
+ "cdn2.hubspot.net",
2201
+ "www2.7thsense.io).",
2202
+ "cta-redirect.hubspot.com"
2203
+ ],
2204
+ "note": null
2205
+ },
2206
+ {
2207
+ "name": "graphile-realtime-test",
2208
+ "version": "0.8.5",
2209
+ "score": 48,
2210
+ "band": "mid",
2211
+ "clusters": [
2212
+ "lifecycle"
2213
+ ],
2214
+ "flagged_rules": [
2215
+ "lifecycle_script",
2216
+ "dependency_typosquat",
2217
+ "typosquat_lifecycle"
2218
+ ],
2219
+ "verdict": "FP",
2220
+ "sink": false,
2221
+ "hosts": [],
2222
+ "note": null
2223
+ },
2224
+ {
2225
+ "name": "@seemseam/archi",
2226
+ "version": "0.2.17",
2227
+ "score": 56,
2228
+ "band": "mid",
2229
+ "clusters": [
2230
+ "lifecycle"
2231
+ ],
2232
+ "flagged_rules": [
2233
+ "lifecycle_script",
2234
+ "env_access",
2235
+ "suspicious_dataflow",
2236
+ "lifecycle_dataflow"
2237
+ ],
2238
+ "verdict": "FP",
2239
+ "sink": false,
2240
+ "hosts": [
2241
+ "your-llm-endpoint",
2242
+ "api.github.com"
2243
+ ],
2244
+ "note": null
2245
+ },
2246
+ {
2247
+ "name": "@react-native-ohos/rn-tourguide",
2248
+ "version": "3.4.0-beta.3",
2249
+ "score": 42,
2250
+ "band": "mid",
2251
+ "clusters": [
2252
+ "lifecycle"
2253
+ ],
2254
+ "flagged_rules": [
2255
+ "lifecycle_script",
2256
+ "typosquat_detected",
2257
+ "dependency_typosquat",
2258
+ "lifecycle_typosquat",
2259
+ "typosquat_lifecycle"
2260
+ ],
2261
+ "verdict": "FP",
2262
+ "sink": false,
2263
+ "hosts": [
2264
+ "gitcode.com"
2265
+ ],
2266
+ "note": null
2267
+ },
2268
+ {
2269
+ "name": "@railway/cli",
2270
+ "version": "5.11.0",
2271
+ "score": 85,
2272
+ "band": "high",
2273
+ "clusters": [
2274
+ "lifecycle"
2275
+ ],
2276
+ "flagged_rules": [
2277
+ "lifecycle_script",
2278
+ "suspicious_dataflow",
2279
+ "compromised_email_domain",
2280
+ "lifecycle_file_exec",
2281
+ "lifecycle_dataflow"
2282
+ ],
2283
+ "verdict": "FP",
2284
+ "sink": false,
2285
+ "hosts": [],
2286
+ "note": null
2287
+ },
2288
+ {
2289
+ "name": "@vita-mojo/aggregator",
2290
+ "version": "1.436.0-8264",
2291
+ "score": 86,
2292
+ "band": "high",
2293
+ "clusters": [
2294
+ "lifecycle"
2295
+ ],
2296
+ "flagged_rules": [
2297
+ "lifecycle_script",
2298
+ "env_access",
2299
+ "crypto_decipher",
2300
+ "dependency_typosquat",
2301
+ "lifecycle_file_exec",
2302
+ "typosquat_lifecycle"
2303
+ ],
2304
+ "verdict": "FP",
2305
+ "sink": false,
2306
+ "hosts": [],
2307
+ "note": null
2308
+ },
2309
+ {
2310
+ "name": "chai-check-error",
2311
+ "version": "2.1.6",
2312
+ "score": 84,
2313
+ "band": "high",
2314
+ "clusters": [
2315
+ "lifecycle"
2316
+ ],
2317
+ "flagged_rules": [
2318
+ "lifecycle_script",
2319
+ "crypto_decipher",
2320
+ "dangerous_call_function",
2321
+ "lifecycle_file_exec"
2322
+ ],
2323
+ "verdict": "FP",
2324
+ "sink": false,
2325
+ "hosts": [
2326
+ "alogicalparadox.com)"
2327
+ ],
2328
+ "note": null
2329
+ },
2330
+ {
2331
+ "name": "koishi-plugin-live-monitor",
2332
+ "version": "0.1.10",
2333
+ "score": 78,
2334
+ "band": "high",
2335
+ "clusters": [
2336
+ "lifecycle"
2337
+ ],
2338
+ "flagged_rules": [
2339
+ "lifecycle_script",
2340
+ "string_mutation_obfuscation",
2341
+ "credential_regex_harvest",
2342
+ "dependency_typosquat",
2343
+ "high_entropy_string",
2344
+ "typosquat_lifecycle"
2345
+ ],
2346
+ "verdict": "FP",
2347
+ "sink": false,
2348
+ "hosts": [
2349
+ "www.w3.org"
2350
+ ],
2351
+ "note": null
2352
+ },
2353
+ {
2354
+ "name": "hellyeah",
2355
+ "version": "1.1.0",
2356
+ "score": 100,
2357
+ "band": "high",
2358
+ "clusters": [
2359
+ "lifecycle"
2360
+ ],
2361
+ "flagged_rules": [
2362
+ "lifecycle_script",
2363
+ "curl_pipe_shell",
2364
+ "credential_regex_harvest",
2365
+ "suspicious_dataflow",
2366
+ "lifecycle_file_exec",
2367
+ "lifecycle_dataflow"
2368
+ ],
2369
+ "verdict": "FP",
2370
+ "sink": false,
2371
+ "hosts": [
2372
+ "us.i.posthog.com",
2373
+ "releases.hellyeahai.com",
2374
+ "hellyeah.sh",
2375
+ "docs.hellyeahai.com"
2376
+ ],
2377
+ "note": null
2378
+ },
2379
+ {
2380
+ "name": "@ladybugdb/core",
2381
+ "version": "0.18.0-dev.20260612",
2382
+ "score": 100,
2383
+ "band": "high",
2384
+ "clusters": [
2385
+ "lifecycle"
2386
+ ],
2387
+ "flagged_rules": [
2388
+ "lifecycle_script",
2389
+ "dynamic_require",
2390
+ "env_access",
2391
+ "process_binding_abuse",
2392
+ "suspicious_dataflow",
2393
+ "lifecycle_file_exec",
2394
+ "lifecycle_dataflow"
2395
+ ],
2396
+ "verdict": "FP",
2397
+ "sink": false,
2398
+ "hosts": [
2399
+ "ladybugdb.com"
2400
+ ],
2401
+ "note": null
2402
+ },
2403
+ {
2404
+ "name": "@muuktest/amikoo-reporter",
2405
+ "version": "1.2.2",
2406
+ "score": 81,
2407
+ "band": "high",
2408
+ "clusters": [
2409
+ "lifecycle"
2410
+ ],
2411
+ "flagged_rules": [
2412
+ "lifecycle_script",
2413
+ "credential_tampering",
2414
+ "lifecycle_file_exec"
2415
+ ],
2416
+ "verdict": "FP",
2417
+ "sink": false,
2418
+ "hosts": [
2419
+ "prgm4fborb.execute-api.us-east-2.amazonaws.com",
2420
+ "localhost:3000",
2421
+ "app.amikoo.ai'",
2422
+ "app.amikoo.ai';"
2423
+ ],
2424
+ "note": null
2425
+ },
2426
+ {
2427
+ "name": "loadninja-shared",
2428
+ "version": "9.9.99",
2429
+ "score": 100,
2430
+ "band": "high",
2431
+ "clusters": [
2432
+ "lifecycle"
2433
+ ],
2434
+ "flagged_rules": [
2435
+ "lifecycle_script",
2436
+ "suspicious_domain",
2437
+ "credential_regex_harvest",
2438
+ "suspicious_dataflow",
2439
+ "lifecycle_file_exec",
2440
+ "lifecycle_dataflow",
2441
+ "intent_credential_exfil"
2442
+ ],
2443
+ "verdict": "FP",
2444
+ "sink": false,
2445
+ "hosts": [],
2446
+ "note": null
2447
+ },
2448
+ {
2449
+ "name": "obsidian-agent-fleet",
2450
+ "version": "0.11.0",
2451
+ "score": 100,
2452
+ "band": "high",
2453
+ "clusters": [
2454
+ "lifecycle"
2455
+ ],
2456
+ "flagged_rules": [
2457
+ "lifecycle_script",
2458
+ "string_mutation_obfuscation",
2459
+ "dangerous_call_eval",
2460
+ "env_access",
2461
+ "suspicious_domain",
2462
+ "staged_binary_payload",
2463
+ "credential_regex_harvest",
2464
+ "stego_binary_exec",
2465
+ "obfuscation_detected",
2466
+ "suspicious_dataflow",
2467
+ "lifecycle_file_exec",
2468
+ "lifecycle_dataflow"
2469
+ ],
2470
+ "verdict": "FP",
2471
+ "sink": false,
2472
+ "hosts": [
2473
+ "example.com",
2474
+ "api.example.com",
2475
+ "cdnjs.cloudflare.com",
2476
+ "fonts.googleapis.com"
2477
+ ],
2478
+ "note": null
2479
+ },
2480
+ {
2481
+ "name": "@central-icons-react/round-filled-radius-0-stroke-2",
2482
+ "version": "1.1.264",
2483
+ "score": 100,
2484
+ "band": "high",
2485
+ "clusters": [
2486
+ "lifecycle"
2487
+ ],
2488
+ "flagged_rules": [
2489
+ "lifecycle_script",
2490
+ "env_access",
2491
+ "credential_regex_harvest",
2492
+ "suspicious_dataflow",
2493
+ "lifecycle_file_exec",
2494
+ "lifecycle_dataflow"
2495
+ ],
2496
+ "verdict": "FP",
2497
+ "sink": false,
2498
+ "hosts": [
2499
+ "www.w3.org",
2500
+ "centralicons.com",
2501
+ "iconists.co"
2502
+ ],
2503
+ "note": null
2504
+ },
2505
+ {
2506
+ "name": "@central-icons-react/round-filled-radius-3-stroke-1.5",
2507
+ "version": "1.1.262",
2508
+ "score": 100,
2509
+ "band": "high",
2510
+ "clusters": [
2511
+ "lifecycle"
2512
+ ],
2513
+ "flagged_rules": [
2514
+ "lifecycle_script",
2515
+ "env_access",
2516
+ "credential_regex_harvest",
2517
+ "suspicious_dataflow",
2518
+ "lifecycle_file_exec",
2519
+ "lifecycle_dataflow"
2520
+ ],
2521
+ "verdict": "FP",
2522
+ "sink": false,
2523
+ "hosts": [
2524
+ "www.w3.org",
2525
+ "centralicons.com",
2526
+ "iconists.co"
2527
+ ],
2528
+ "note": null
2529
+ },
2530
+ {
2531
+ "name": "@central-icons-react/square-outlined-radius-0-stroke-1.5",
2532
+ "version": "1.1.264",
2533
+ "score": 100,
2534
+ "band": "high",
2535
+ "clusters": [
2536
+ "lifecycle"
2537
+ ],
2538
+ "flagged_rules": [
2539
+ "lifecycle_script",
2540
+ "env_access",
2541
+ "credential_regex_harvest",
2542
+ "suspicious_dataflow",
2543
+ "lifecycle_file_exec",
2544
+ "lifecycle_dataflow"
2545
+ ],
2546
+ "verdict": "FP",
2547
+ "sink": false,
2548
+ "hosts": [
2549
+ "www.w3.org",
2550
+ "centralicons.com",
2551
+ "iconists.co"
2552
+ ],
2553
+ "note": null
2554
+ },
2555
+ {
2556
+ "name": "@central-icons-react-native/round-filled-radius-0-stroke-1",
2557
+ "version": "1.1.264",
2558
+ "score": 100,
2559
+ "band": "high",
2560
+ "clusters": [
2561
+ "lifecycle"
2562
+ ],
2563
+ "flagged_rules": [
2564
+ "lifecycle_script",
2565
+ "env_access",
2566
+ "credential_regex_harvest",
2567
+ "suspicious_dataflow",
2568
+ "lifecycle_file_exec",
2569
+ "lifecycle_dataflow"
2570
+ ],
2571
+ "verdict": "FP",
2572
+ "sink": false,
2573
+ "hosts": [
2574
+ "centralicons.com",
2575
+ "iconists.co"
2576
+ ],
2577
+ "note": null
2578
+ },
2579
+ {
2580
+ "name": "@central-icons-react-native/round-outlined-radius-0-stroke-1",
2581
+ "version": "1.1.264",
2582
+ "score": 100,
2583
+ "band": "high",
2584
+ "clusters": [
2585
+ "lifecycle"
2586
+ ],
2587
+ "flagged_rules": [
2588
+ "lifecycle_script",
2589
+ "env_access",
2590
+ "credential_regex_harvest",
2591
+ "suspicious_dataflow",
2592
+ "lifecycle_file_exec",
2593
+ "lifecycle_dataflow"
2594
+ ],
2595
+ "verdict": "FP",
2596
+ "sink": false,
2597
+ "hosts": [
2598
+ "centralicons.com",
2599
+ "iconists.co"
2600
+ ],
2601
+ "note": null
2602
+ },
2603
+ {
2604
+ "name": "@central-icons-react-native/square-outlined-radius-0-stroke-2",
2605
+ "version": "1.1.264",
2606
+ "score": 100,
2607
+ "band": "high",
2608
+ "clusters": [
2609
+ "lifecycle"
2610
+ ],
2611
+ "flagged_rules": [
2612
+ "lifecycle_script",
2613
+ "env_access",
2614
+ "credential_regex_harvest",
2615
+ "suspicious_dataflow",
2616
+ "lifecycle_file_exec",
2617
+ "lifecycle_dataflow"
2618
+ ],
2619
+ "verdict": "FP",
2620
+ "sink": false,
2621
+ "hosts": [
2622
+ "centralicons.com",
2623
+ "iconists.co"
2624
+ ],
2625
+ "note": null
2626
+ },
2627
+ {
2628
+ "name": "lystn-cli",
2629
+ "version": "0.1.5",
2630
+ "score": 100,
2631
+ "band": "high",
2632
+ "clusters": [
2633
+ "lifecycle"
2634
+ ],
2635
+ "flagged_rules": [
2636
+ "lifecycle_script",
2637
+ "dynamic_require",
2638
+ "lifecycle_file_exec"
2639
+ ],
2640
+ "verdict": "FP",
2641
+ "sink": false,
2642
+ "hosts": [
2643
+ "www.python.org"
2644
+ ],
2645
+ "note": null
2646
+ }
2647
+ ]
2648
+ }