muaddib-scanner 2.11.14 → 2.11.17

package/bin/muaddib.js

@@ -297,6 +297,7 @@ if (command === 'version' || command === '--version' || command === '-v') {
   if (wantHelp) showHelp('watch');
   watch(target);
 } else if (command === 'update') {
+  if (wantHelp) showHelp('update');
   updateIOCs().then(() => {
     process.exit(0);
   }).catch(err => {
@@ -304,6 +305,7 @@ if (command === 'version' || command === '--version' || command === '-v') {
     process.exit(1);
   });
 } else if (command === 'scrape') {
+  if (wantHelp) showHelp('scrape');
   runScraper().then(result => {
     console.log(`[OK] ${result.added} new IOCs (total: ${result.total})`);
     process.exit(0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.14",
+  "version": "2.11.17",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {
@@ -46,7 +46,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@inquirer/prompts": "8.4.2",
+    "@inquirer/prompts": "8.4.3",
     "acorn": "8.16.0",
     "acorn-walk": "8.3.5",
     "adm-zip": "0.5.17",

package/src/monitor/ingestion.js

@@ -10,7 +10,10 @@
 const https = require('https');
 const { acquireRegistrySlot, releaseRegistrySlot } = require('../shared/http-limiter.js');
 const { loadCachedIOCs } = require('../ioc/updater.js');
-const { loadNpmSeq, saveNpmSeq, CHANGES_STREAM_URL, CHANGES_LIMIT, CHANGES_CATCHUP_MAX } = require('./state.js');
+const {
+  loadNpmSeq, saveNpmSeq, CHANGES_STREAM_URL, CHANGES_LIMIT, CHANGES_CATCHUP_MAX,
+  savePypiSerial, PYPI_XMLRPC_URL, PYPI_CATCHUP_MAX
+} = require('./state.js');
 const { sendIOCPreAlert } = require('./webhook.js');
 const { evaluateCacheTrigger, POPULAR_THRESHOLD, downloadsCache, DOWNLOADS_CACHE_TTL } = require('./classify.js');
 
@@ -22,6 +25,14 @@ const POLL_MAX_BACKOFF = 960_000; // 16 minutes max backoff
 // --- Mutable state ---
 let consecutivePollErrors = 0;
 
+// Test seam: code paths that need to be stubbed in tests call these through
+// `_deps` instead of the bare module-local name, so a test can swap
+// `ingestion._deps.httpsPost = fakePost` and have it take effect inside
+// pollPyPIChangelog. Kept tiny on purpose — only network I/O lives here.
+const _deps = {
+  httpsPost: null // populated below once httpsPost is defined
+};
+
 function getConsecutivePollErrors() {
   return consecutivePollErrors;
 }
@@ -64,6 +75,47 @@ function httpsGet(url, timeoutMs = 30_000) {
   });
 }
 
+/**
+ * Minimal HTTPS POST. Used for PyPI XML-RPC; kept inside the ingestion module
+ * (rather than pulled into shared/) because XML-RPC is its only consumer today.
+ */
+function httpsPost(url, body, headers = {}, timeoutMs = 30_000) {
+  return new Promise((resolve, reject) => {
+    const u = new URL(url);
+    const options = {
+      method: 'POST',
+      hostname: u.hostname,
+      port: u.port || 443,
+      path: u.pathname + (u.search || ''),
+      timeout: timeoutMs,
+      headers: {
+        'Content-Type': 'text/xml',
+        'Content-Length': Buffer.byteLength(body),
+        ...headers
+      }
+    };
+    const req = https.request(options, (res) => {
+      if (res.statusCode < 200 || res.statusCode >= 300) {
+        res.resume();
+        return reject(new Error(`HTTP ${res.statusCode} for POST ${url}`));
+      }
+      const chunks = [];
+      res.on('data', (chunk) => chunks.push(chunk));
+      res.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+      res.on('error', reject);
+    });
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error(`Timeout for POST ${url}`));
+    });
+    req.write(body);
+    req.end();
+  });
+}
+
+_deps.httpsPost = httpsPost;
+
 async function getWeeklyDownloads(packageName) {
   const cached = downloadsCache.get(packageName);
   if (cached && (Date.now() - cached.fetchedAt) < DOWNLOADS_CACHE_TTL) {
@@ -186,8 +238,13 @@ function getNpmTarballUrl(pkgData) {
   return (pkgData.dist && pkgData.dist.tarball) || null;
 }
 
-async function getPyPITarballUrl(packageName) {
-  const url = `https://pypi.org/pypi/${encodeURIComponent(packageName)}/json`;
+async function getPyPITarballUrl(packageName, packageVersion = '') {
+  // Per-version endpoint when we know the version (e.g. from the XML-RPC changelog) —
+  // guarantees we scan the artifact that just landed, not whatever became "latest"
+  // between event detection and scan. Falls back to /pypi/<name>/json (latest) otherwise.
+  const url = packageVersion
+    ? `https://pypi.org/pypi/${encodeURIComponent(packageName)}/${encodeURIComponent(packageVersion)}/json`
+    : `https://pypi.org/pypi/${encodeURIComponent(packageName)}/json`;
   const body = await httpsGet(url);
   let data;
   try {
@@ -195,7 +252,7 @@ async function getPyPITarballUrl(packageName) {
   } catch (e) {
     throw new Error(`Invalid JSON from PyPI for ${packageName}: ${e.message}`);
   }
-  const version = (data.info && data.info.version) || '';
+  const version = (data.info && data.info.version) || packageVersion || '';
   const urls = data.urls || [];
   // Prefer sdist (.tar.gz)
   const sdist = urls.find(u => u.packagetype === 'sdist' && u.url);
@@ -386,7 +443,10 @@ async function pollNpmChanges(state, scanQueue, stats) {
       const currentSeq = currentSeqData.update_seq;
       if (typeof currentSeq === 'number' && typeof data.last_seq === 'number' &&
           (currentSeq - data.last_seq) > CHANGES_CATCHUP_MAX) {
-        console.warn(`[MONITOR] Changes stream too far behind (${currentSeq - lastSeq} changes) — skipping to current`);
+        const gap = currentSeq - lastSeq;
+        console.warn(`[MONITOR] Changes stream too far behind (${gap} changes) — skipping to current`);
+        stats.npmCatchupSkips = (stats.npmCatchupSkips || 0) + 1;
+        stats.npmCatchupSkippedSeqs = (stats.npmCatchupSkippedSeqs || 0) + gap;
         state.npmLastSeq = currentSeq;
         saveNpmSeq(currentSeq);
         return 0;
@@ -590,13 +650,271 @@ async function pollNpm(state, scanQueue, stats) {
 
 // --- PyPI polling ---
 
+const PYPI_USER_AGENT = `${SELF_PACKAGE_NAME} (security-monitor; +https://github.com/DNSZLSK/muaddib)`;
+
 /**
- * Poll PyPI RSS feed for new packages.
+ * Build an XML-RPC methodCall envelope. PyPI accepts only <int> and <string>
+ * params for the methods we use (changelog_last_serial, changelog_since_serial),
+ * so this builder is deliberately minimal.
+ */
+function buildXmlRpcCall(method, params) {
+  const paramXml = params.map((p) => {
+    if (typeof p === 'number' && Number.isInteger(p)) {
+      return `<param><value><int>${p}</int></value></param>`;
+    }
+    if (typeof p === 'string') {
+      // Method names + serial numbers only — no user-supplied strings reach this path.
+      const escaped = p.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+      return `<param><value><string>${escaped}</string></value></param>`;
+    }
+    throw new Error(`Unsupported XML-RPC param type: ${typeof p}`);
+  }).join('');
+  return `<?xml version="1.0"?><methodCall><methodName>${method}</methodName><params>${paramXml}</params></methodCall>`;
+}
+
+/**
+ * Parse a PyPI changelog_since_serial response.
+ *
+ * Response shape (per https://warehouse.pypa.io/api-reference/xml-rpc.html):
+ *   <array><data>
+ *     <value><array><data>
+ *       <value><string>NAME</string></value>     <!-- index 0 -->
+ *       <value><string>VERSION</string></value>  <!-- index 1, may be empty -->
+ *       <value><int>TIMESTAMP</int></value>      <!-- index 2 -->
+ *       <value><string>ACTION</string></value>   <!-- index 3 -->
+ *       <value><int>SERIAL</int></value>         <!-- index 4 -->
+ *     </data></array></value>
+ *     ...
+ *   </data></array>
+ *
+ * Returns array of { name, version, timestamp, action, serial }. Invalid tuples
+ * are skipped silently — partial data is better than dropping the whole batch.
+ */
+function parseXmlRpcChangelog(xml) {
+  const out = [];
+  if (typeof xml !== 'string' || !xml.includes('<methodResponse>')) return out;
+  if (xml.includes('<fault>')) return out; // PyPI fault → caller should treat as failure
+
+  // The response is a nested array: outer <array><data>...inner tuples...</data></array>.
+  // We strip the outer wrapper first so the inner-tuple regex can't accidentally
+  // greedy-match across the outer boundary (which would swallow tuple #1).
+  const outerArrayStart = xml.indexOf('<array>');
+  if (outerArrayStart === -1) return out;
+  const outerDataStart = xml.indexOf('<data>', outerArrayStart);
+  if (outerDataStart === -1) return out;
+  const outerDataEnd = xml.lastIndexOf('</data>');
+  if (outerDataEnd === -1 || outerDataEnd <= outerDataStart) return out;
+  const body = xml.slice(outerDataStart + '<data>'.length, outerDataEnd);
+
+  // Each tuple inside `body` is exactly: <value><array><data>...</data></array></value>
+  const tupleRegex = /<value>\s*<array>\s*<data>([\s\S]*?)<\/data>\s*<\/array>\s*<\/value>/g;
+  let m;
+  while ((m = tupleRegex.exec(body)) !== null) {
+    const inner = m[1];
+    const values = [];
+    const valRegex = /<value>\s*(?:<string>([\s\S]*?)<\/string>|<int>(-?\d+)<\/int>)\s*<\/value>/g;
+    let v;
+    while ((v = valRegex.exec(inner)) !== null) {
+      if (v[1] !== undefined) {
+        // Decode the XML entities we encode on the way in
+        values.push(v[1].replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&amp;/g, '&'));
+      } else {
+        values.push(parseInt(v[2], 10));
+      }
+    }
+    if (values.length !== 5) continue;
+    const [name, version, timestamp, action, serial] = values;
+    if (typeof name !== 'string' || typeof action !== 'string' ||
+        typeof timestamp !== 'number' || typeof serial !== 'number') continue;
+    out.push({ name, version: typeof version === 'string' ? version : '', timestamp, action, serial });
+  }
+  return out;
+}
+
+/**
+ * Parse a changelog_last_serial response. Returns the integer or null.
+ */
+function parseXmlRpcInt(xml) {
+  if (typeof xml !== 'string' || xml.includes('<fault>')) return null;
+  const m = xml.match(/<value>\s*<int>(-?\d+)<\/int>\s*<\/value>/);
+  return m ? parseInt(m[1], 10) : null;
+}
+
+/**
+ * Decide whether a changelog event introduces scannable content.
+ *
+ * KEEP (something new was published, scan the release):
+ *   - "new release"               → version metadata created
+ *   - "add source file …"         → sdist uploaded
+ *   - "add py3 file …" / "add cp… file …" / "add … file …" → wheel uploaded
+ *
+ * SKIP (no new artifact to scan):
+ *   - "remove …", "yank release", "unyank release" → removal, not a new threat
+ *   - "create"                                      → package shell, no version yet
+ *   - "add Owner", "remove Owner", "accepted Owner" → ACL changes
+ *   - empty version → administrative event at the package level
+ */
+function isPypiScannableAction(action, version) {
+  if (!version) return false;
+  if (typeof action !== 'string') return false;
+  if (action === 'new release') return true;
+  if (action.startsWith('add ') && action.includes(' file ')) return true;
+  return false;
+}
+
+/**
+ * Poll PyPI changelog via XML-RPC (primary path).
+ * Equivalent of pollNpmChanges: strictly monotonic serial, lossless resume.
+ *
+ * @param {Object} state - Monitor state (pypiLastSerial)
+ * @param {Array} scanQueue - Mutable scan queue array
+ * @param {Object} stats - Mutable stats object
+ * @returns {Promise<number>} Number of packages queued, or -1 on error
+ */
+async function pollPyPIChangelog(state, scanQueue, stats) {
+  try {
+    let lastSerial = state.pypiLastSerial;
+
+    // First run: anchor to "now" rather than replaying months of history
+    if (lastSerial == null) {
+      await acquireRegistrySlot();
+      let initBody;
+      try {
+        initBody = await _deps.httpsPost(
+          PYPI_XMLRPC_URL,
+          buildXmlRpcCall('changelog_last_serial', []),
+          { 'User-Agent': PYPI_USER_AGENT },
+          10_000
+        );
+      } finally {
+        releaseRegistrySlot();
+      }
+      const current = parseXmlRpcInt(initBody);
+      if (current == null) {
+        console.warn('[MONITOR] PyPI changelog init: no serial in response');
+        return -1;
+      }
+      state.pypiLastSerial = current;
+      savePypiSerial(current);
+      console.log(`[MONITOR] PyPI changelog initialized at serial ${current}`);
+      return 0;
+    }
+
+    await acquireRegistrySlot();
+    let body;
+    try {
+      body = await _deps.httpsPost(
+        PYPI_XMLRPC_URL,
+        buildXmlRpcCall('changelog_since_serial', [lastSerial]),
+        { 'User-Agent': PYPI_USER_AGENT },
+        60_000
+      );
+    } finally {
+      releaseRegistrySlot();
+    }
+
+    const events = parseXmlRpcChangelog(body);
+    if (events.length === 0) {
+      // Either nothing happened or the response was a fault — distinguish.
+      if (body && body.includes('<fault>')) {
+        console.error('[MONITOR] PyPI changelog returned XML-RPC fault — falling back to RSS');
+        return -1;
+      }
+      return 0;
+    }
+
+    // Catch-up protection: if events span more than PYPI_CATCHUP_MAX serials,
+    // skip to the latest serial to avoid an avalanche after long downtime.
+    const lastEventSerial = events[events.length - 1].serial;
+    const gap = lastEventSerial - lastSerial;
+    if (gap > PYPI_CATCHUP_MAX) {
+      console.warn(`[MONITOR] PyPI changelog too far behind (${gap} events) — skipping to current`);
+      stats.pypiCatchupSkips = (stats.pypiCatchupSkips || 0) + 1;
+      stats.pypiCatchupSkippedEvents = (stats.pypiCatchupSkippedEvents || 0) + gap;
+      state.pypiLastSerial = lastEventSerial;
+      savePypiSerial(lastEventSerial);
+      return 0;
+    }
+
+    // Dedupe (name, version) within the batch: a single release usually emits
+    // multiple events (new release + add source file + add wheel files…), but
+    // there's only one thing to scan.
+    const seen = new Set();
+    let queued = 0;
+    let maxSerial = lastSerial;
+
+    for (const ev of events) {
+      if (ev.serial > maxSerial) maxSerial = ev.serial;
+
+      if (!isPypiScannableAction(ev.action, ev.version)) continue;
+
+      const key = `${ev.name}@${ev.version}`;
+      if (seen.has(key)) continue;
+      seen.add(key);
+
+      // Skip self (mirror of the npm path — defensive even though we don't publish to PyPI)
+      if (ev.name === SELF_PACKAGE_NAME) continue;
+
+      // IOC pre-alert for known-malicious PyPI packages
+      let isKnownIOC = false;
+      try {
+        const iocs = loadCachedIOCs();
+        // PyPI IOCs are namespaced "pypi:<name>" in the wildcardPackages set
+        const pypiKey = `pypi:${ev.name}`;
+        isKnownIOC = iocs.wildcardPackages && (
+          iocs.wildcardPackages.has(pypiKey) || iocs.wildcardPackages.has(ev.name)
+        );
+        if (isKnownIOC) {
+          console.log(`[MONITOR] IOC PRE-ALERT (pypi): ${ev.name} — known malicious package`);
+          stats.iocPreAlerts = (stats.iocPreAlerts || 0) + 1;
+          sendIOCPreAlert(ev.name).catch(err => {
+            console.error(`[MONITOR] IOC pre-alert webhook failed for ${ev.name}: ${err.message}`);
+          });
+        }
+      } catch { /* IOC load failure is non-fatal */ }
+
+      scanQueue.push({
+        name: ev.name,
+        version: ev.version,
+        ecosystem: 'pypi',
+        tarballUrl: null, // resolved lazily via getPyPITarballUrl()
+        isIOCMatch: isKnownIOC
+      });
+      queued++;
+    }
+
+    // Persist the serial both in memory and on disk before returning.
+    // daemon.js also flushes state.json after the queue is saved, but writing the
+    // dedicated serial file here means a crash between the two flush points costs
+    // at most one poll of replay — and re-queuing the same (name, version) is
+    // handled idempotently by the scan-memory dedupe downstream.
+    state.pypiLastSerial = maxSerial;
+    if (maxSerial !== lastSerial) {
+      savePypiSerial(maxSerial);
+    }
+
+    if (queued > 0) {
+      console.log(`[MONITOR] PyPI changelog: ${queued} packages queued (serial ${lastSerial} → ${maxSerial}, ${events.length} events)`);
+    }
+    stats.pypiChangelogPackages = (stats.pypiChangelogPackages || 0) + queued;
+    stats.pypiChangelogEvents = (stats.pypiChangelogEvents || 0) + events.length;
+
+    return queued;
+  } catch (err) {
+    console.error(`[MONITOR] PyPI changelog error: ${err.message} — falling back to RSS`);
+    return -1;
+  }
+}
+
+/**
+ * Poll PyPI RSS feed (legacy fallback).
+ * Only covers newly-registered packages (first-ever publish) and is capped at ~40 items —
+ * a single burst can silently lose events. Used only when the XML-RPC changelog fails.
  *
  * @param {Object} state - Monitor state object (pypiLastPackage)
  * @param {Array} scanQueue - Mutable scan queue array
  */
-async function pollPyPI(state, scanQueue) {
+async function pollPyPIRss(state, scanQueue) {
   const url = 'https://pypi.org/rss/packages.xml';
 
   try {
@@ -620,7 +938,7 @@ async function pollPyPI(state, scanQueue) {
     }
 
     for (const name of newPackages) {
-      console.log(`[MONITOR] New pypi: ${name}`);
+      console.log(`[MONITOR] New pypi (rss): ${name}`);
       // Queue PyPI packages — tarball URL resolved during scan
       scanQueue.push({
         name,
@@ -637,11 +955,28 @@ async function pollPyPI(state, scanQueue) {
 
     return newPackages.length;
   } catch (err) {
-    console.error(`[MONITOR] PyPI poll error: ${err.message}`);
+    console.error(`[MONITOR] PyPI RSS poll error: ${err.message}`);
     return -1;
   }
 }
 
+/**
+ * Poll PyPI for new packages and versions.
+ * Primary: XML-RPC changelog_since_serial (lossless, captures new versions).
+ * Fallback: RSS feed (new registrations only, lossy on bursts).
+ *
+ * @param {Object} state - Monitor state object
+ * @param {Array} scanQueue - Mutable scan queue array
+ * @param {Object} stats - Mutable stats object
+ */
+async function pollPyPI(state, scanQueue, stats = {}) {
+  const count = await pollPyPIChangelog(state, scanQueue, stats);
+  if (count >= 0) return count;
+  console.log('[MONITOR] Using RSS fallback for PyPI');
+  stats.pypiRssFallbackCount = (stats.pypiRssFallbackCount || 0) + 1;
+  return pollPyPIRss(state, scanQueue);
+}
+
 // --- Main poll orchestrator ---
 
 /**
@@ -686,7 +1021,7 @@ async function poll(state, scanQueue, stats) {
 
   const [npmCount, pypiCount] = await Promise.all([
     pollNpm(state, scanQueue, stats),
-    pollPyPI(state, scanQueue)
+    pollPyPI(state, scanQueue, stats)
   ]);
 
   // Track consecutive poll failures for backoff
@@ -718,6 +1053,7 @@ module.exports = {
 
   // HTTP helpers
   httpsGet,
+  httpsPost,
   getWeeklyDownloads,
   checkTrustedDepDiff,
   TRUSTED_DEP_AGE_THRESHOLD_MS,
@@ -731,6 +1067,12 @@ module.exports = {
   parseNpmRss,
   parsePyPIRss,
 
+  // XML-RPC (PyPI changelog)
+  buildXmlRpcCall,
+  parseXmlRpcChangelog,
+  parseXmlRpcInt,
+  isPypiScannableAction,
+
   // CouchDB doc extraction
   extractTarballFromDoc,
 
@@ -738,6 +1080,11 @@ module.exports = {
   pollNpmChanges,
   pollNpmRss,
   pollNpm,
+  pollPyPIChangelog,
+  pollPyPIRss,
   pollPyPI,
-  poll
+  poll,
+
+  // Test seam — see _deps definition near the top of this file.
+  _deps
 };

package/src/monitor/queue.js

@@ -1138,7 +1138,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
   }
   if (item.ecosystem === 'pypi' && !item.tarballUrl) {
     try {
-      const pypiInfo = await getPyPITarballUrl(item.name);
+      const pypiInfo = await getPyPITarballUrl(item.name, item.version || '');
       if (!pypiInfo.url) {
         console.log(`[MONITOR] SKIP: ${item.name} — no tarball URL found on PyPI`);
         return;

package/src/monitor/state.js

@@ -76,6 +76,20 @@ const CHANGES_STREAM_URL = 'https://replicate.npmjs.com/registry/_changes';
 const CHANGES_LIMIT = 1000;
 const CHANGES_CATCHUP_MAX = 500000; // If behind by more than 500k seqs, skip to "now"
 
+// --- PyPI serial constants ---
+//
+// PyPI's XML-RPC changelog endpoint is the canonical equivalent of npm's CouchDB
+// `_changes` stream: every package event (release, file upload, removal, owner
+// change…) gets a strictly monotonic integer "serial". `changelog_since_serial(n)`
+// returns every event with serial > n, letting us resume losslessly across restarts.
+//
+// PYPI_CATCHUP_MAX is the staleness cap: if we are behind by more than this many
+// serials (≈ days of activity at ~30k events/day in 2026), skip to "now" rather
+// than fetch a monster batch. Mirrors CHANGES_CATCHUP_MAX for npm.
+const PYPI_SERIAL_FILE = path.join(__dirname, '..', '..', 'data', 'pypi-serial.json');
+const PYPI_XMLRPC_URL = 'https://pypi.org/pypi';
+const PYPI_CATCHUP_MAX = 100000;
+
 // --- Scan memory constants ---
 
 const SCAN_MEMORY_FILE = path.join(__dirname, '..', '..', 'data', 'scan-memory.json');
@@ -191,6 +205,37 @@ function saveNpmSeq(seq) {
   atomicWriteFileSync(NPM_SEQ_FILE, JSON.stringify({ lastSeq: seq, updatedAt: new Date().toISOString() }, null, 2));
 }
 
+// --- PyPI serial persistence ---
+
+/**
+ * Load the last processed PyPI changelog serial from the dedicated file.
+ * Returns null if no file exists or file is invalid (triggers "now" initialization).
+ */
+function loadPypiSerial() {
+  try {
+    if (fs.existsSync(PYPI_SERIAL_FILE)) {
+      const data = JSON.parse(fs.readFileSync(PYPI_SERIAL_FILE, 'utf8'));
+      if (typeof data.lastSerial === 'number' && Number.isFinite(data.lastSerial)) {
+        return data.lastSerial;
+      }
+    }
+  } catch (err) {
+    console.warn(`[MONITOR] Failed to load PyPI serial: ${err.message}`);
+  }
+  return null;
+}
+
+/**
+ * Persist the last processed PyPI changelog serial to a dedicated file.
+ * Atomic write (crash-safe). Also mirrored in monitor-state.json via saveState().
+ */
+function savePypiSerial(serial) {
+  atomicWriteFileSync(
+    PYPI_SERIAL_FILE,
+    JSON.stringify({ lastSerial: serial, updatedAt: new Date().toISOString() }, null, 2)
+  );
+}
+
 // --- C3: Scan Memory Management ---
 
 /**
@@ -649,10 +694,16 @@ function loadState(stats) {
     return {
       npmLastPackage: typeof state.npmLastPackage === 'string' ? state.npmLastPackage : '',
       pypiLastPackage: typeof state.pypiLastPackage === 'string' ? state.pypiLastPackage : '',
-      npmLastSeq: state.npmLastSeq != null ? state.npmLastSeq : loadNpmSeq()
+      npmLastSeq: state.npmLastSeq != null ? state.npmLastSeq : loadNpmSeq(),
+      pypiLastSerial: state.pypiLastSerial != null ? state.pypiLastSerial : loadPypiSerial()
     };
   } catch {
-    return { npmLastPackage: '', pypiLastPackage: '', npmLastSeq: loadNpmSeq() };
+    return {
+      npmLastPackage: '',
+      pypiLastPackage: '',
+      npmLastSeq: loadNpmSeq(),
+      pypiLastSerial: loadPypiSerial()
+    };
   }
 }
 
@@ -1180,6 +1231,9 @@ module.exports = {
   CHANGES_STREAM_URL,
   CHANGES_LIMIT,
   CHANGES_CATCHUP_MAX,
+  PYPI_SERIAL_FILE,
+  PYPI_XMLRPC_URL,
+  PYPI_CATCHUP_MAX,
   SCAN_MEMORY_FILE,
   SCAN_MEMORY_EXPIRY_MS,
   MAX_MEMORY_ENTRIES,
@@ -1211,6 +1265,8 @@ module.exports = {
   atomicWriteFileSync,
   loadNpmSeq,
   saveNpmSeq,
+  loadPypiSerial,
+  savePypiSerial,
   loadScanMemory,
   saveScanMemory,
   recordScanMemory,

package/src/response/playbooks.js

@@ -161,6 +161,14 @@ const PLAYBOOKS = {
   typosquat_detected:
     'ATTENTION: Ce package a un nom tres similaire a un package populaire. Verifier que c\'est bien le bon package. Si erreur de frappe, corriger immediatement.',
 
+  // RT-C1: dependency boundary-squat (Axios UNC1069 March 2026)
+  dependency_typosquat:
+    'Une dependance declaree ressemble a un package populaire avec un prefixe/suffixe suspect. Verifier le nom exact dans package.json et confirmer avec npm view <package>. Si erreur de frappe, corriger immediatement.',
+  dependency_typosquat_used:
+    'Le code charge cette dep typosquattee via require/import. Si ce n\'est pas intentionnel, supprimer la dep et la reference, puis reinstaller avec --ignore-scripts.',
+  dependency_typosquat_require:
+    'CRITIQUE — pattern Axios UNC1069 detecte: dep typosquattee declaree ET chargee dans le code. Le wrapper apparent est probablement legitime mais sa dep contient le payload. Bloquer l\'install (--ignore-scripts), supprimer la dep, auditer le history de modifications.',
+
   dangerous_call_function:
     'Appel new Function() detecte. Equivalent a eval(). Verifier la source des donnees.',
 

package/src/rules/index.js

@@ -335,6 +335,38 @@ const RULES = {
     mitre: 'T1195.002'
   },
 
+  // RT-C1: Dependency boundary-squat (Axios UNC1069 March 2026)
+  dependency_typosquat: {
+    id: 'MUADDIB-TYPO-002',
+    name: 'Dependency Boundary-Squat',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Une dependance declaree porte le nom d\'un package populaire prefixe/suffixe d\'un token suspect (Axios UNC1069, mars 2026). Le wrapper innocent declare un sub-dep malveillant.',
+    references: [
+      'https://snyk.io/blog/typosquatting-attacks/',
+      'https://attack.mitre.org/techniques/T1195/002/'
+    ],
+    mitre: 'T1195.002'
+  },
+  dependency_typosquat_used: {
+    id: 'MUADDIB-TYPO-003',
+    name: 'Boundary-Squat Dependency Used in Code',
+    severity: 'MEDIUM',
+    confidence: 'high',
+    description: 'Le code du package require/import un nom de dependance identifie comme boundary-squat. Signal fort que la dep typosquattee est intentionnellement chargee.',
+    references: ['https://attack.mitre.org/techniques/T1195/002/'],
+    mitre: 'T1195.002'
+  },
+  dependency_typosquat_require: {
+    id: 'MUADDIB-COMPOUND-013',
+    name: 'Boundary-Squat Dep Required at Runtime',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Dependance boundary-squat declaree ET chargee via require/import dans le code: pattern Axios UNC1069 (sub-dep injection avec wrapper innocent).',
+    references: ['https://attack.mitre.org/techniques/T1195/002/'],
+    mitre: 'T1195.002'
+  },
+
   // Package.json script patterns
   curl_pipe_sh: {
     id: 'MUADDIB-PKG-002',

package/src/scanner/dataflow.js

@@ -24,12 +24,13 @@ const MODULE_SOURCE_METHODS = {
   },
   child_process: {
     exec: 'command_output', execSync: 'command_output',
-    spawn: 'command_output', spawnSync: 'command_output'
+    spawn: 'command_output', spawnSync: 'command_output',
+    execFile: 'command_output', execFileSync: 'command_output', fork: 'command_output'
   }
 };
 
 const MODULE_SINK_METHODS = {
-  child_process: { exec: 'exec_sink', execSync: 'exec_sink', spawn: 'exec_sink' },
+  child_process: { exec: 'exec_sink', execSync: 'exec_sink', spawn: 'exec_sink', execFile: 'exec_sink', execFileSync: 'exec_sink', fork: 'exec_sink' },
   http: { request: 'network_send', get: 'network_send' },
   https: { request: 'network_send', get: 'network_send' },
   net: { connect: 'network_send', createConnection: 'network_send' },
@@ -49,7 +50,7 @@ const TRACKED_MODULES = new Set([
 ]);
 
 // Methods that execute commands — used for exec result capture detection
-const EXEC_METHODS = new Set(['exec', 'execSync', 'spawn', 'spawnSync']);
+const EXEC_METHODS = new Set(['exec', 'execSync', 'spawn', 'spawnSync', 'execFile', 'execFileSync', 'fork']);
 
 /**
  * Pre-pass: builds a taint map from require() assignments.
@@ -60,6 +61,24 @@ function buildTaintMap(ast) {
   const taintMap = new Map();
 
   walk.simple(ast, {
+    // ESM: import fs from 'fs' / import * as fs from 'fs' / import { exec } from 'child_process'
+    // Mirrors module-graph/annotate-tainted.js so ESM and CJS produce symmetric taint maps.
+    ImportDeclaration(node) {
+      if (!node.source || typeof node.source.value !== 'string') return;
+      const modName = node.source.value;
+      if (!TRACKED_MODULES.has(modName)) return;
+      for (const spec of node.specifiers) {
+        if (!spec.local || spec.local.type !== 'Identifier') continue;
+        if (spec.type === 'ImportDefaultSpecifier' || spec.type === 'ImportNamespaceSpecifier') {
+          taintMap.set(spec.local.name, { source: modName, detail: modName });
+        } else if (spec.type === 'ImportSpecifier') {
+          const imported = spec.imported && spec.imported.type === 'Identifier'
+            ? spec.imported.name
+            : (spec.imported && spec.imported.value ? spec.imported.value : spec.local.name);
+          taintMap.set(spec.local.name, { source: modName, detail: `${modName}.${imported}` });
+        }
+      }
+    },
     VariableDeclarator(node) {
       if (!node.init) return;
       let init = node.init;
@@ -471,7 +490,9 @@ function analyzeFile(content, filePath, basePath) {
 
       }
 
-      if (callName === 'exec' || callName === 'execSync') {
+      // DF-H2: extend exec_network classification to all EXEC_METHODS
+      // (execFile/execFileSync/fork were previously missed — trivial evasion vector).
+      if (EXEC_METHODS.has(callName)) {
         const arg = node.arguments[0];
         if (arg && arg.type === 'Literal' && typeof arg.value === 'string') {
           if (arg.value.includes('curl') || arg.value.includes('wget')) {
@@ -480,7 +501,6 @@ function analyzeFile(content, filePath, basePath) {
               name: callName,
               line: node.loc?.start?.line
             });
-    
           }
         }
       }

package/src/scanner/reachability.js

@@ -142,8 +142,12 @@ function getEntryPoints(packagePath) {
     candidates.push(pkg.module);
   }
 
-  // Lifecycle scripts: extract .js files from preinstall/install/postinstall/prepare
-  const lifecycleKeys = ['preinstall', 'install', 'postinstall', 'prepare'];
+  // Lifecycle scripts: extract .js files from npm lifecycle hooks
+  const lifecycleKeys = [
+    'preinstall', 'install', 'postinstall', 'prepare',
+    'prepack', 'postpack', 'prepublishOnly', 'prepublish',
+    'preuninstall', 'uninstall', 'postuninstall'
+  ];
   if (pkg.scripts) {
     for (const key of lifecycleKeys) {
       if (typeof pkg.scripts[key] === 'string') {
@@ -210,6 +214,20 @@ function walkForSpawnTargets(node, fileDir, packagePath, targets) {
     }
   }
 
+  // RC-C3: new Worker('./worker.js') / new w.Worker(...) — worker_threads spawn.
+  // Stable since Node 12 (2019). Resolves only when first arg points to a real .js/.mjs/.cjs.
+  if (node.type === 'NewExpression' && node.callee && node.arguments && node.arguments.length >= 1) {
+    const ctorName = node.callee.type === 'Identifier'
+      ? node.callee.name
+      : (node.callee.type === 'MemberExpression' && node.callee.property
+          ? (node.callee.property.name || node.callee.property.value || '')
+          : '');
+    if (ctorName === 'Worker') {
+      const target = resolvePathArg(node.arguments[0], fileDir, packagePath);
+      if (target) targets.push(target);
+    }
+  }
+
   for (const key of Object.keys(node)) {
     if (key === 'type') continue;
     const child = node[key];

package/src/scanner/typosquat.js

@@ -24,9 +24,30 @@ const POPULAR_PACKAGES = [
   'mobx', 'redux', 'zustand', 'formik', 'yup', 'ajv', 'validator',
   'date-fns', 'dayjs', 'luxon', 'numeral', 'accounting', 'currency.js',
   'lodash-es', 'core-js', 'regenerator-runtime', 'tslib', 'classnames',
-  'prop-types', 'cross-env', 'node-fetch', 'got'
+  'prop-types', 'cross-env', 'node-fetch', 'got',
+  // RT-C1 (Axios UNC1069 March 2026): crypto-js missing — wrapper packages declared
+  // `plain-crypto-js` as sub-dep. Added so dependency boundary-squat catches it.
+  'crypto-js'
 ];
 
+// RT-C1: Hyphen tokens that legitimately PREFIX or SUFFIX popular package names.
+// `<token>-<popular>` or `<popular>-<token>` is considered benign when the extra
+// token is in this set (ecosystem qualifiers, framework prefixes, official scopes).
+const LEGIT_BOUNDARY_TOKENS = new Set([
+  // Frameworks / build tools (also common official sub-packages)
+  'react', 'vue', 'angular', 'svelte', 'next', 'nuxt', 'gatsby', 'expo',
+  'eslint', 'babel', 'webpack', 'rollup', 'vite', 'parcel', 'esbuild',
+  'jest', 'mocha', 'vitest', 'karma', 'cypress', 'playwright',
+  'typescript', 'ts', 'tsdx', 'koa', 'fastify', 'express', 'nest',
+  'redux', 'mobx', 'apollo', 'graphql', 'rxjs',
+  // Build / runtime variants
+  'cli', 'core', 'utils', 'plugin', 'loader', 'preset', 'config',
+  'common', 'browser', 'node', 'native', 'web', 'mobile',
+  'esm', 'cjs', 'umd', 'es', 'types', 'typings',
+  // Versions / channels
+  'v2', 'v3', 'v4', 'next', 'latest', 'stable', 'lts', 'legacy', 'beta', 'alpha'
+]);
+
 // Packages legitimes courts ou qui ressemblent a des populaires
 const WHITELIST = new Set([
   // Packages tres courts legitimes
@@ -275,8 +296,6 @@ async function scanTyposquatting(targetPath) {
     }
   }
 
-  if (candidates.length === 0) return threats;
-
   // Phase 2: API enrichment (batched to avoid socket exhaustion)
   const BATCH_SIZE = 10;
   const metadataResults = [];
@@ -333,9 +352,152 @@ async function scanTyposquatting(targetPath) {
     });
   }
 
+  // ============================================
+  // RT-C1: dependency boundary-squat detection (Axios UNC1069 March 2026)
+  // ============================================
+  // Runs on deps that did NOT match Levenshtein (length filter excludes them).
+  // Catches `<prefix>-<popular>` / `<popular>-<suffix>` injections in package.json
+  // deps, plus require/import usage cross-check inside the package source.
+  const levenshteinMatches = new Set(candidates.map(c => c.depName));
+  const RT_C1_MAX_DEPS = 50;
+  let depsEvaluated = 0;
+  for (const depName of Object.keys(dependencies)) {
+    if (depsEvaluated >= RT_C1_MAX_DEPS) break;
+    if (levenshteinMatches.has(depName)) continue; // already flagged by Levenshtein path
+    const bMatch = findDependencyBoundarySquat(depName);
+    if (!bMatch) continue;
+    depsEvaluated++;
+
+    const declMsg = 'Dependency "' + depName + '" looks like a boundary-squat of "'
+      + bMatch.original + '" (extra token: "' + bMatch.extra + '"). Axios UNC1069 pattern.';
+    threats.push({
+      type: 'dependency_typosquat',
+      severity: 'HIGH',
+      message: declMsg,
+      file: 'package.json',
+      details: {
+        suspicious: depName,
+        legitimate: bMatch.original,
+        technique: bMatch.type,
+        extra: bMatch.extra,
+        distance: bMatch.distance
+      }
+    });
+
+    // Cross-check: scan package source for require/import of this dep name
+    const usages = findDependencyUsages(targetPath, depName);
+    for (const u of usages) {
+      threats.push({
+        type: 'dependency_typosquat_used',
+        severity: 'MEDIUM',
+        message: 'Boundary-squat dep "' + depName + '" is require()/import()d in source code',
+        file: u.file,
+        line: u.line,
+        details: {
+          suspicious: depName,
+          legitimate: bMatch.original
+        }
+      });
+    }
+  }
+
   return threats;
 }
 
+/**
+ * RT-C1: Detects "boundary squat" patterns: <prefix>-<popular> or <popular>-<suffix>
+ * where the hyphenated tokens fully contain a popular package name and the extra
+ * material is NOT in LEGIT_BOUNDARY_TOKENS. This catches Axios UNC1069-style
+ * sub-dependency injection like `plain-crypto-js` (resembles `crypto-js`) that
+ * the Levenshtein matcher misses because length-diff is too large.
+ */
+function findDependencyBoundarySquat(name) {
+  const lower = name.toLowerCase();
+  if (!lower || lower.startsWith('@')) return null;            // skip scoped
+  if (lower.length < MIN_PACKAGE_LENGTH) return null;
+  if (WHITELIST.has(lower)) return null;
+  if (isLegitimateVariant(lower)) return null;
+  if (!lower.includes('-')) return null;                       // need a boundary
+  // If it's an exact match to a popular package, not a squat
+  if (POPULAR_PACKAGES_LOWER.indexOf(lower) !== -1) return null;
+
+  for (let i = 0; i < POPULAR_PACKAGES.length; i++) {
+    const popular = POPULAR_PACKAGES_LOWER[i];
+    if (popular.length < MIN_PACKAGE_LENGTH) continue;
+    if (lower === popular) continue;
+
+    if (popular.includes('-')) {
+      // Multi-token popular (e.g. crypto-js): match prefix or suffix at hyphen boundary
+      let extra = null;
+      if (lower.endsWith('-' + popular)) {
+        extra = lower.slice(0, lower.length - popular.length - 1);
+      } else if (lower.startsWith(popular + '-')) {
+        extra = lower.slice(popular.length + 1);
+      }
+      if (extra === null || extra.length === 0) continue;
+      // Reject if extra is a legit boundary token (single token only)
+      if (!extra.includes('-') && LEGIT_BOUNDARY_TOKENS.has(extra)) continue;
+      return { original: POPULAR_PACKAGES[i], type: 'boundary_squat', distance: extra.length, extra };
+    } else {
+      // Single-token popular: must appear as a full hyphen-bounded token in name
+      const tokens = lower.split('-');
+      const idx = tokens.indexOf(popular);
+      if (idx === -1) continue;
+      if (tokens.length === 1) continue;
+      const siblings = tokens.filter((_, j) => j !== idx);
+      // If all siblings are legit boundary tokens → benign variant (e.g. react-router)
+      if (siblings.every(t => LEGIT_BOUNDARY_TOKENS.has(t) || isLegitimateVariant(t))) continue;
+      const extra = siblings.join('-');
+      return { original: POPULAR_PACKAGES[i], type: 'boundary_squat', distance: extra.length, extra };
+    }
+  }
+  return null;
+}
+
+// RT-C1: Bounded scan of the package source for require/import of a given dep name.
+// Returns array of { file, line } usage sites. Bounds: 200 files, 256KB per file.
+const _DEP_USE_MAX_FILES = 200;
+const _DEP_USE_MAX_FILE_BYTES = 256 * 1024;
+function findDependencyUsages(targetPath, depName) {
+  const out = [];
+  if (!depName) return out;
+
+  let files;
+  try {
+    // Use a local require to avoid a circular import surface — utils.js is stable.
+    const { findFiles } = require('../utils.js');
+    files = findFiles(targetPath, { extensions: ['.js', '.mjs', '.cjs'], maxFiles: _DEP_USE_MAX_FILES });
+  } catch {
+    return out;
+  }
+  if (!files || files.length === 0) return out;
+
+  // Pre-build matchers — escape regex metacharacters in dep name
+  const escaped = depName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  const reRequire = new RegExp(`require\\s*\\(\\s*['\"]${escaped}['\"]\\s*\\)`);
+  const reFrom = new RegExp(`from\\s+['\"]${escaped}['\"]`);
+  const reDynamic = new RegExp(`import\\s*\\(\\s*['\"]${escaped}['\"]\\s*\\)`);
+
+  for (const abs of files) {
+    let stat;
+    try { stat = fs.statSync(abs); } catch { continue; }
+    if (!stat.isFile() || stat.size > _DEP_USE_MAX_FILE_BYTES) continue;
+    let content;
+    try { content = fs.readFileSync(abs, 'utf8'); } catch { continue; }
+    // Fast-path early bail
+    if (!content.includes(depName)) continue;
+    const lines = content.split(/\r?\n/);
+    for (let i = 0; i < lines.length; i++) {
+      const ln = lines[i];
+      if (reRequire.test(ln) || reFrom.test(ln) || reDynamic.test(ln)) {
+        out.push({ file: path.relative(targetPath, abs), line: i + 1 });
+        break; // one match per file is enough — keeps signal density honest
+      }
+    }
+  }
+  return out;
+}
+
 function findTyposquatMatch(name) {
   const nameLower = name.toLowerCase();
   

package/src/scoring.js

@@ -112,6 +112,8 @@ const PACKAGE_LEVEL_TYPES = new Set([
   // Compound scoring rules — package-level co-occurrences
   'lifecycle_typosquat', 'lifecycle_inline_exec', 'lifecycle_remote_require',
   'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env',
+  // RT-C1: dependency boundary-squat family (Axios UNC1069 March 2026)
+  'dependency_typosquat', 'dependency_typosquat_require',
   // Blue Team v8: package-level boost signals
   'isolated_suspicious_file', 'deep_suspicious_file',
   // Blue Team v8b: phantom lifecycle scripts
@@ -380,7 +382,9 @@ const DIST_EXEMPT_TYPES = new Set([
   'crypto_staged_payload', 'lifecycle_typosquat',
   'lifecycle_inline_exec', 'lifecycle_remote_require',
   'lifecycle_file_exec',  // B6: lifecycle → malicious file compound
-  'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env'
+  'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env',
+  // RT-C1: Boundary-squat compound is never coincidental (dep declared AND require()d)
+  'dependency_typosquat_require'
   // P6: remote_code_load and proxy_data_intercept removed — in bundled dist/ files,
   // fetch + eval co-occurrence is coincidental (bundler combines HTTP client + template compilation).
   // fetch_decrypt_exec (fetch+decrypt+eval triple) remains exempt — never coincidental.
@@ -488,6 +492,15 @@ const SCORING_COMPOUNDS = [
     message: 'Lifecycle hook on typosquat package — dependency confusion attack vector (scoring compound).',
     fileFrom: 'typosquat_detected'
   },
+  {
+    // RT-C1: Boundary-squat dep declared AND require()d in code → CRITICAL.
+    // Pattern Axios UNC1069 (March 2026): wrapper looks benign, payload is in the dep.
+    type: 'dependency_typosquat_require',
+    requires: ['dependency_typosquat', 'dependency_typosquat_used'],
+    severity: 'CRITICAL',
+    message: 'Boundary-squat dependency declared AND require()d in code — Axios UNC1069 pattern (scoring compound).',
+    fileFrom: 'dependency_typosquat_used'
+  },
   {
     type: 'lifecycle_inline_exec',
     requires: ['lifecycle_script', 'node_inline_exec'],
@@ -1186,7 +1199,7 @@ function applyFPReductions(threats, reachableFiles, packageName, packageDeps, re
   // MUST run AFTER benign_lifecycle reduction to correctly detect LOW lifecycle_script.
   const LIFECYCLE_GUARD_TYPES = new Set([
     'obfuscation_detected', 'dynamic_require', 'dangerous_call_function',
-    'dangerous_call_eval', 'staged_payload'
+    'dangerous_call_eval', 'staged_payload', 'env_access'
   ]);
 
   const lifecycleThreats = threats.filter(t => t.type === 'lifecycle_script');