muaddib-scanner 2.11.16 → 2.11.18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.16",
+  "version": "2.11.18",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/pipeline/executor.js

@@ -9,6 +9,7 @@ const { scanHashes } = require('../scanner/hash.js');
 const { scanIocStrings } = require('../scanner/ioc-strings.js');
 const { scanAntiForensic } = require('../scanner/anti-forensic.js');
 const { scanStubPackage } = require('../scanner/stub-package.js');
+const { scanMonorepo } = require('../scanner/monorepo.js');
 const { analyzeDataFlow } = require('../scanner/dataflow.js');
 const { scanTyposquatting, findPyPITyposquatMatch } = require('../scanner/typosquat.js');
 const { scanGitHubActions } = require('../scanner/github-actions.js');
@@ -127,12 +128,25 @@ async function execute(targetPath, options, pythonDeps, warnings) {
   // Bounded: 5s timeout to prevent DoS on large/adversarial packages
   const MODULE_GRAPH_TIMEOUT_MS = 5000;
   let crossFileFlows = [];
+  // Threats ABOUT the module graph (audit DF-C1): truncation when the package
+  // exceeds MAX_GRAPH_NODES. Separate from crossFileFlows because the latter
+  // gets filtered/reshaped (line ~316 requires sourceFile && sinkFile).
+  const moduleGraphThreats = [];
   if (!options.noModuleGraph) {
     const moduleGraphWork = async () => {
-      const graph = await yieldThen(() => buildModuleGraph(targetPath));
-      if (Object.keys(graph).length === 0) {
-        // buildModuleGraph returns empty when MAX_GRAPH_NODES exceeded
-        warnings.push('Module graph skipped: package exceeds 100 files limit');
+      const graphMeta = {};
+      const graph = await yieldThen(() => buildModuleGraph(targetPath, graphMeta));
+      if (graphMeta.truncated) {
+        warnings.push(`Module graph skipped: ${graphMeta.fileCount} files exceeds MAX_GRAPH_NODES (${graphMeta.maxNodes})`);
+        moduleGraphThreats.push({
+          type: 'large_package_graph_truncated',
+          severity: 'MEDIUM',
+          message: `Cross-file analysis désactivée : ${graphMeta.fileCount} fichiers dépassent la limite (${graphMeta.maxNodes}). Risque de blind spot sur monorepo / large package — auditer les sous-modules manuellement.`,
+          file: 'package.json',
+          line: 0,
+          fileCount: graphMeta.fileCount,
+          maxNodes: graphMeta.maxNodes
+        });
       }
       const tainted = await yieldThen(() => annotateTaintedExports(graph, targetPath));
       const sinkAnnotations = await yieldThen(() => annotateSinkExports(graph, targetPath));
@@ -187,7 +201,7 @@ async function execute(targetPath, options, pythonDeps, warnings) {
     'scanDependencies', 'scanHashes', 'analyzeDataFlow', 'scanTyposquatting',
     'scanGitHubActions', 'matchPythonIOCs', 'checkPyPITyposquatting',
     'scanEntropy', 'scanAIConfig', 'scanIocStrings', 'scanAntiForensic',
-    'scanStubPackage'
+    'scanStubPackage', 'scanMonorepo'
   ];
 
   const settledResults = await Promise.allSettled([
@@ -206,7 +220,8 @@ async function execute(targetPath, options, pythonDeps, warnings) {
     yieldThen(() => scanAIConfig(targetPath)),
     yieldThen(() => scanIocStrings(targetPath)),
     withTimeout(() => scanAntiForensic(targetPath), 'scanAntiForensic'),
-    yieldThen(() => scanStubPackage(targetPath))
+    yieldThen(() => scanStubPackage(targetPath)),
+    yieldThen(() => scanMonorepo(targetPath))
   ]);
 
   // Extract results: use empty array for rejected scanners, log errors
@@ -234,7 +249,8 @@ async function execute(targetPath, options, pythonDeps, warnings) {
     aiConfigThreats,
     iocStringThreats,
     antiForensicThreats,
-    stubPackageThreats
+    stubPackageThreats,
+    monorepoThreats
   ] = scanResult;
 
   // Emit warning if file count cap was hit + quick-scan overflow files
@@ -313,12 +329,14 @@ async function execute(targetPath, options, pythonDeps, warnings) {
     ...iocStringThreats,
     ...antiForensicThreats,
     ...stubPackageThreats,
+    ...monorepoThreats,
     ...crossFileFlows.filter(f => f && f.sourceFile && f.sinkFile).map(f => ({
       type: f.type,
       severity: f.severity,
       message: `Cross-file dataflow: ${f.source} in ${f.sourceFile} → ${f.sink} in ${f.sinkFile}`,
       file: f.sinkFile
-    }))
+    })),
+    ...moduleGraphThreats
   ];
 
   // Paranoid mode

package/src/response/playbooks.js

@@ -161,6 +161,14 @@ const PLAYBOOKS = {
   typosquat_detected:
     'ATTENTION: Ce package a un nom tres similaire a un package populaire. Verifier que c\'est bien le bon package. Si erreur de frappe, corriger immediatement.',
 
+  // RT-C1: dependency boundary-squat (Axios UNC1069 March 2026)
+  dependency_typosquat:
+    'Une dependance declaree ressemble a un package populaire avec un prefixe/suffixe suspect. Verifier le nom exact dans package.json et confirmer avec npm view <package>. Si erreur de frappe, corriger immediatement.',
+  dependency_typosquat_used:
+    'Le code charge cette dep typosquattee via require/import. Si ce n\'est pas intentionnel, supprimer la dep et la reference, puis reinstaller avec --ignore-scripts.',
+  dependency_typosquat_require:
+    'CRITIQUE — pattern Axios UNC1069 detecte: dep typosquattee declaree ET chargee dans le code. Le wrapper apparent est probablement legitime mais sa dep contient le payload. Bloquer l\'install (--ignore-scripts), supprimer la dep, auditer le history de modifications.',
+
   dangerous_call_function:
     'Appel new Function() detecte. Equivalent a eval(). Verifier la source des donnees.',
 
@@ -675,6 +683,16 @@ const PLAYBOOKS = {
     'Verifier si des donnees sensibles sont envoyees via ce canal. ' +
     'Les proxies HTTP classiques ne filtrent pas ce trafic.',
 
+  large_package_graph_truncated:
+    'Package volumineux (> MAX_GRAPH_NODES fichiers). Cross-file dataflow non analyse. ' +
+    'Auditer les sous-modules manuellement ou scanner par sous-paquet. ' +
+    'Sur un monorepo, scanner chaque workspace independamment.',
+
+  monorepo_detected:
+    'Monorepo detecte — scanner chaque workspace individuellement pour un verdict per-package. ' +
+    'Le score global reflete un perimetre agrege ; muaddib ne supporte pas encore le scoring per-workspace. ' +
+    'Ignorer les FP structurels (.yarn/, packages/*/test/, fixtures/) sera ajoute en v2.12.',
+
   bin_field_hijack:
     'CRITIQUE: Le champ "bin" de package.json shadow une commande systeme (node, npm, git, bash, etc.). ' +
     'A l\'installation, npm cree un symlink dans node_modules/.bin/ qui intercepte la commande reelle. ' +

package/src/rules/index.js

@@ -94,6 +94,17 @@ const RULES = {
     ],
     mitre: 'T1195.002'
   },
+  monorepo_detected: {
+    id: 'MUADDIB-PKG-021',
+    name: 'Monorepo Detected',
+    severity: 'MEDIUM',
+    confidence: 'high',
+    description: 'Workspace monorepo detecte (yarn/pnpm/lerna/turbo). Le perimetre du scan depasse un seul package — auditer chaque workspace separement pour un scoring per-package.',
+    references: [
+      'https://docs.npmjs.com/cli/v10/using-npm/workspaces'
+    ],
+    mitre: 'T1195.002'
+  },
 
   // Obfuscation detections
   obfuscation_detected: {
@@ -335,6 +346,38 @@ const RULES = {
     mitre: 'T1195.002'
   },
 
+  // RT-C1: Dependency boundary-squat (Axios UNC1069 March 2026)
+  dependency_typosquat: {
+    id: 'MUADDIB-TYPO-002',
+    name: 'Dependency Boundary-Squat',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Une dependance declaree porte le nom d\'un package populaire prefixe/suffixe d\'un token suspect (Axios UNC1069, mars 2026). Le wrapper innocent declare un sub-dep malveillant.',
+    references: [
+      'https://snyk.io/blog/typosquatting-attacks/',
+      'https://attack.mitre.org/techniques/T1195/002/'
+    ],
+    mitre: 'T1195.002'
+  },
+  dependency_typosquat_used: {
+    id: 'MUADDIB-TYPO-003',
+    name: 'Boundary-Squat Dependency Used in Code',
+    severity: 'MEDIUM',
+    confidence: 'high',
+    description: 'Le code du package require/import un nom de dependance identifie comme boundary-squat. Signal fort que la dep typosquattee est intentionnellement chargee.',
+    references: ['https://attack.mitre.org/techniques/T1195/002/'],
+    mitre: 'T1195.002'
+  },
+  dependency_typosquat_require: {
+    id: 'MUADDIB-COMPOUND-013',
+    name: 'Boundary-Squat Dep Required at Runtime',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Dependance boundary-squat declaree ET chargee via require/import dans le code: pattern Axios UNC1069 (sub-dep injection avec wrapper innocent).',
+    references: ['https://attack.mitre.org/techniques/T1195/002/'],
+    mitre: 'T1195.002'
+  },
+
   // Package.json script patterns
   curl_pipe_sh: {
     id: 'MUADDIB-PKG-002',
@@ -2078,6 +2121,17 @@ const RULES = {
     ],
     mitre: 'T1071'
   },
+  large_package_graph_truncated: {
+    id: 'MUADDIB-FLOW-006',
+    name: 'Large Package Graph Truncated',
+    severity: 'MEDIUM',
+    confidence: 'medium',
+    description: 'Le graphe de modules depasse la limite (MAX_GRAPH_NODES). Cross-file dataflow non analyse — risque de blind spot sur monorepo ou large package. Auditer les sous-modules manuellement.',
+    references: [
+      'https://attack.mitre.org/techniques/T1195/002/'
+    ],
+    mitre: 'T1195.002'
+  },
 
   // Audit v3 Bypass Detections (AST-062 to AST-069)
   reflect_apply_require: {

package/src/scanner/dataflow.js

@@ -24,12 +24,13 @@ const MODULE_SOURCE_METHODS = {
   },
   child_process: {
     exec: 'command_output', execSync: 'command_output',
-    spawn: 'command_output', spawnSync: 'command_output'
+    spawn: 'command_output', spawnSync: 'command_output',
+    execFile: 'command_output', execFileSync: 'command_output', fork: 'command_output'
   }
 };
 
 const MODULE_SINK_METHODS = {
-  child_process: { exec: 'exec_sink', execSync: 'exec_sink', spawn: 'exec_sink' },
+  child_process: { exec: 'exec_sink', execSync: 'exec_sink', spawn: 'exec_sink', execFile: 'exec_sink', execFileSync: 'exec_sink', fork: 'exec_sink' },
   http: { request: 'network_send', get: 'network_send' },
   https: { request: 'network_send', get: 'network_send' },
   net: { connect: 'network_send', createConnection: 'network_send' },
@@ -39,17 +40,43 @@ const MODULE_SINK_METHODS = {
   ws: { send: 'network_send', write: 'network_send' },
   mqtt: { publish: 'network_send', send: 'network_send' },
   'socket.io-client': { emit: 'network_send', send: 'network_send' },
-  'socket.io': { emit: 'network_send', send: 'network_send' }
+  'socket.io': { emit: 'network_send', send: 'network_send' },
+  // audit DF-H1 v2.11.15: 2026 sinks with clean direct call patterns
+  undici: { request: 'network_send', fetch: 'network_send', stream: 'network_send' },
+  'graphql-request': { request: 'network_send', gql: 'network_send' },
+  '@apollo/client': { query: 'network_send', mutate: 'network_send' },
+  '@grpc/grpc-js': {
+    makeUnaryRequest: 'network_send',
+    makeClientStreamRequest: 'network_send',
+    makeServerStreamRequest: 'network_send',
+    makeBidiStreamRequest: 'network_send'
+  }
 };
 
-// All tracked module names (for filtering in buildTaintMap)
+// audit DF-H1 v2.11.15: 2026 exfil-prone modules. When imported, ANY call with a
+// credential/env source in the same file → suspicious_module_sink MEDIUM with
+// module attribution. Catches chained access (bot.telegram.sendMessage), dynamic
+// methods (actor.exfil), and SDK fluent APIs that direct method matching misses.
+const EXFIL_PRONE_MODULES = new Set([
+  'telegraf', 'node-telegram-bot-api',
+  'discord.js',
+  '@dfinity/agent',
+  'undici',
+  '@grpc/grpc-js',
+  '@apollo/client', 'graphql-request'
+]);
+
+// All tracked module names (for filtering in buildTaintMap). EXFIL_PRONE_MODULES
+// must be tracked even when not in MODULE_SINK_METHODS so buildTaintMap registers
+// them (e.g. require('telegraf') populates taintMap, enabling the heuristic).
 const TRACKED_MODULES = new Set([
   ...Object.keys(MODULE_SOURCE_METHODS),
-  ...Object.keys(MODULE_SINK_METHODS)
+  ...Object.keys(MODULE_SINK_METHODS),
+  ...EXFIL_PRONE_MODULES
 ]);
 
 // Methods that execute commands — used for exec result capture detection
-const EXEC_METHODS = new Set(['exec', 'execSync', 'spawn', 'spawnSync']);
+const EXEC_METHODS = new Set(['exec', 'execSync', 'spawn', 'spawnSync', 'execFile', 'execFileSync', 'fork']);
 
 /**
  * Pre-pass: builds a taint map from require() assignments.
@@ -60,6 +87,24 @@ function buildTaintMap(ast) {
   const taintMap = new Map();
 
   walk.simple(ast, {
+    // ESM: import fs from 'fs' / import * as fs from 'fs' / import { exec } from 'child_process'
+    // Mirrors module-graph/annotate-tainted.js so ESM and CJS produce symmetric taint maps.
+    ImportDeclaration(node) {
+      if (!node.source || typeof node.source.value !== 'string') return;
+      const modName = node.source.value;
+      if (!TRACKED_MODULES.has(modName)) return;
+      for (const spec of node.specifiers) {
+        if (!spec.local || spec.local.type !== 'Identifier') continue;
+        if (spec.type === 'ImportDefaultSpecifier' || spec.type === 'ImportNamespaceSpecifier') {
+          taintMap.set(spec.local.name, { source: modName, detail: modName });
+        } else if (spec.type === 'ImportSpecifier') {
+          const imported = spec.imported && spec.imported.type === 'Identifier'
+            ? spec.imported.name
+            : (spec.imported && spec.imported.value ? spec.imported.value : spec.local.name);
+          taintMap.set(spec.local.name, { source: modName, detail: `${modName}.${imported}` });
+        }
+      }
+    },
     VariableDeclarator(node) {
       if (!node.init) return;
       let init = node.init;
@@ -471,7 +516,9 @@ function analyzeFile(content, filePath, basePath) {
 
       }
 
-      if (callName === 'exec' || callName === 'execSync') {
+      // DF-H2: extend exec_network classification to all EXEC_METHODS
+      // (execFile/execFileSync/fork were previously missed — trivial evasion vector).
+      if (EXEC_METHODS.has(callName)) {
         const arg = node.arguments[0];
         if (arg && arg.type === 'Literal' && typeof arg.value === 'string') {
           if (arg.value.includes('curl') || arg.value.includes('wget')) {
@@ -480,7 +527,6 @@ function analyzeFile(content, filePath, basePath) {
               name: callName,
               line: node.loc?.start?.line
             });
-    
           }
         }
       }
@@ -891,6 +937,29 @@ function analyzeFile(content, filePath, basePath) {
     });
   }
 
+  // audit DF-H1 v2.11.15: 2026 exfil-prone module heuristic.
+  // If any EXFIL_PRONE_MODULES (telegraf, discord.js, @dfinity/agent, undici, gRPC,
+  // GraphQL clients) is imported AND a credential/env_read source is present in
+  // the same file, emit suspicious_module_sink with module attribution. Catches
+  // chained access (bot.telegram.sendMessage) and dynamic methods (actor.exfil)
+  // that direct MODULE_SINK_METHODS matching cannot reach.
+  const exfilProneInScope = [];
+  for (const taint of taintMap.values()) {
+    if (taint && EXFIL_PRONE_MODULES.has(taint.source)) exfilProneInScope.push(taint.source);
+  }
+  if (exfilProneInScope.length > 0 &&
+      sources.some(s => s.type === 'env_read' || s.type === 'credential_read')) {
+    const moduleList = [...new Set(exfilProneInScope)].join(', ');
+    const firstSourceLine = sources.find(s => s.line)?.line || 0;
+    threats.push({
+      type: 'suspicious_module_sink',
+      severity: 'MEDIUM',
+      message: `Module exfil-prone 2026 (${moduleList}) avec credential/env source dans le meme fichier — canal d'exfiltration potentiel.`,
+      file: path.relative(basePath, filePath),
+      line: firstSourceLine
+    });
+  }
+
   // Detect staged payload: network fetch + eval in same file (no credential source needed)
   const hasNetworkSink = sinks.some(s => s.type === 'network_send' || s.type === 'exec_network');
   const hasEvalSink = sinks.some(s => s.type === 'eval_exec');

package/src/scanner/module-graph/build-graph.js

@@ -8,17 +8,30 @@ const { parseFile, isLocalImport, resolveLocal, toRel } = require('./parse-utils
 /**
  * Build a dependency graph of local modules within a package.
  * Only tracks local imports (./  ../) — node_modules are ignored.
+ *
+ * @param {string} packagePath
+ * @param {Object} [meta] - Optional out-param: mutated with { fileCount, truncated, maxNodes }
+ *                          so the caller can emit a `large_package_graph_truncated` threat
+ *                          when the package exceeds MAX_GRAPH_NODES (audit DF-C1).
  */
-function buildModuleGraph(packagePath) {
+function buildModuleGraph(packagePath, meta = {}) {
   const graph = {};
+  // maxFiles: 0 (unlimited) — we need the true count to detect monorepo / large package
+  // truncation. MAX_GRAPH_NODES below caps the AST work; MODULE_GRAPH_TIMEOUT_MS in
+  // executor.js bounds the wall-time (audit DF-C1).
   const files = findFiles(packagePath, {
     extensions: ['.js', '.mjs', '.cjs'],
     excludedDirs: EXCLUDED_DIRS,
+    maxFiles: 0,
   });
 
+  meta.fileCount = files.length;
+  meta.maxNodes = MAX_GRAPH_NODES;
+
   // Bounded path: skip module graph for very large packages
   if (files.length > MAX_GRAPH_NODES) {
     debugLog(`[MODULE-GRAPH] Skipping: ${files.length} files exceeds MAX_GRAPH_NODES (${MAX_GRAPH_NODES})`);
+    meta.truncated = true;
     return graph;
   }
 

package/src/scanner/module-graph/constants.js

@@ -3,7 +3,7 @@
 const { ACORN_OPTIONS: BASE_ACORN_OPTIONS } = require('../../shared/constants.js');
 
 // --- Bounded path limits ---
-const MAX_GRAPH_NODES = 100;  // Max files in dependency graph (covers ~86% of npm packages)
+const MAX_GRAPH_NODES = 5000; // Max files in dependency graph (covers ~99.5% of npm packages — audit DF-C1 v2.11.15)
 const MAX_GRAPH_EDGES = 400;  // Max total import edges
 const MAX_FLOWS = 20;         // Max cross-file flow findings per package
 const MAX_TAINT_DEPTH = 50;   // Max AST recursion depth (DoS guard)

package/src/scanner/monorepo.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Monorepo Detection Scanner (audit 2026-05 MR-C1)
+ *
+ * Detects when the scan target is a monorepo root (Yarn/npm workspaces, pnpm,
+ * Lerna, Turbo). Emits ONE informational MEDIUM threat `monorepo_detected`
+ * so the user knows the score reflects an aggregated perimeter rather than a
+ * single package, and that per-workspace scanning is the correct strategy
+ * until full workspace-aware scoring lands (backlog v2.13).
+ *
+ * Detection precedence (manager priority on first match):
+ *   1. pnpm-workspace.yaml         → manager='pnpm'
+ *   2. lerna.json                  → manager='lerna'
+ *   3. turbo.json + pkg.workspaces → manager='turbo'
+ *   4. pkg.workspaces (array or {packages: [...]}) → manager='yarn' (also npm 8+)
+ *
+ * @param {string} targetPath
+ * @returns {Array} threats — empty if not a monorepo, one entry otherwise.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+function readJsonSafe(filePath) {
+  try {
+    return JSON.parse(fs.readFileSync(filePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function countYamlListEntries(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, 'utf8');
+    const matches = content.match(/^\s*-\s+\S/gm);
+    return matches ? matches.length : 0;
+  } catch {
+    return 0;
+  }
+}
+
+function workspacesCount(workspaces) {
+  if (Array.isArray(workspaces)) return workspaces.length;
+  if (workspaces && typeof workspaces === 'object' && Array.isArray(workspaces.packages)) {
+    return workspaces.packages.length;
+  }
+  return 0;
+}
+
+function scanMonorepo(targetPath) {
+  const threats = [];
+
+  const pnpmWs = path.join(targetPath, 'pnpm-workspace.yaml');
+  const lernaJson = path.join(targetPath, 'lerna.json');
+  const turboJson = path.join(targetPath, 'turbo.json');
+  const pkgJson = path.join(targetPath, 'package.json');
+
+  let manager = null;
+  let manifest = 'package.json';
+  let workspaceCount = 0;
+
+  if (fs.existsSync(pnpmWs)) {
+    manager = 'pnpm';
+    manifest = 'pnpm-workspace.yaml';
+    workspaceCount = countYamlListEntries(pnpmWs);
+  } else if (fs.existsSync(lernaJson)) {
+    manager = 'lerna';
+    manifest = 'lerna.json';
+    const lerna = readJsonSafe(lernaJson);
+    workspaceCount = lerna && Array.isArray(lerna.packages) ? lerna.packages.length : 0;
+    if (workspaceCount === 0 && lerna && lerna.workspaces) {
+      workspaceCount = workspacesCount(lerna.workspaces);
+    }
+  } else {
+    const pkg = fs.existsSync(pkgJson) ? readJsonSafe(pkgJson) : null;
+    const wsCount = pkg && pkg.workspaces ? workspacesCount(pkg.workspaces) : 0;
+    if (fs.existsSync(turboJson) && wsCount > 0) {
+      manager = 'turbo';
+      manifest = 'turbo.json';
+      workspaceCount = wsCount;
+    } else if (wsCount > 0) {
+      manager = 'yarn';
+      manifest = 'package.json';
+      workspaceCount = wsCount;
+    }
+  }
+
+  if (!manager) return threats;
+
+  threats.push({
+    type: 'monorepo_detected',
+    severity: 'MEDIUM',
+    message: `Monorepo ${manager} detecte (${workspaceCount} workspace${workspaceCount > 1 ? 's' : ''}). Perimetre elargi — scanner chaque package independamment pour un verdict per-workspace.`,
+    file: manifest,
+    line: 0,
+    manager,
+    workspaceCount
+  });
+
+  return threats;
+}
+
+module.exports = { scanMonorepo };

package/src/scanner/reachability.js

@@ -214,6 +214,20 @@ function walkForSpawnTargets(node, fileDir, packagePath, targets) {
     }
   }
 
+  // RC-C3: new Worker('./worker.js') / new w.Worker(...) — worker_threads spawn.
+  // Stable since Node 12 (2019). Resolves only when first arg points to a real .js/.mjs/.cjs.
+  if (node.type === 'NewExpression' && node.callee && node.arguments && node.arguments.length >= 1) {
+    const ctorName = node.callee.type === 'Identifier'
+      ? node.callee.name
+      : (node.callee.type === 'MemberExpression' && node.callee.property
+          ? (node.callee.property.name || node.callee.property.value || '')
+          : '');
+    if (ctorName === 'Worker') {
+      const target = resolvePathArg(node.arguments[0], fileDir, packagePath);
+      if (target) targets.push(target);
+    }
+  }
+
   for (const key of Object.keys(node)) {
     if (key === 'type') continue;
     const child = node[key];

package/src/scanner/typosquat.js

@@ -24,9 +24,30 @@ const POPULAR_PACKAGES = [
   'mobx', 'redux', 'zustand', 'formik', 'yup', 'ajv', 'validator',
   'date-fns', 'dayjs', 'luxon', 'numeral', 'accounting', 'currency.js',
   'lodash-es', 'core-js', 'regenerator-runtime', 'tslib', 'classnames',
-  'prop-types', 'cross-env', 'node-fetch', 'got'
+  'prop-types', 'cross-env', 'node-fetch', 'got',
+  // RT-C1 (Axios UNC1069 March 2026): crypto-js missing — wrapper packages declared
+  // `plain-crypto-js` as sub-dep. Added so dependency boundary-squat catches it.
+  'crypto-js'
 ];
 
+// RT-C1: Hyphen tokens that legitimately PREFIX or SUFFIX popular package names.
+// `<token>-<popular>` or `<popular>-<token>` is considered benign when the extra
+// token is in this set (ecosystem qualifiers, framework prefixes, official scopes).
+const LEGIT_BOUNDARY_TOKENS = new Set([
+  // Frameworks / build tools (also common official sub-packages)
+  'react', 'vue', 'angular', 'svelte', 'next', 'nuxt', 'gatsby', 'expo',
+  'eslint', 'babel', 'webpack', 'rollup', 'vite', 'parcel', 'esbuild',
+  'jest', 'mocha', 'vitest', 'karma', 'cypress', 'playwright',
+  'typescript', 'ts', 'tsdx', 'koa', 'fastify', 'express', 'nest',
+  'redux', 'mobx', 'apollo', 'graphql', 'rxjs',
+  // Build / runtime variants
+  'cli', 'core', 'utils', 'plugin', 'loader', 'preset', 'config',
+  'common', 'browser', 'node', 'native', 'web', 'mobile',
+  'esm', 'cjs', 'umd', 'es', 'types', 'typings',
+  // Versions / channels
+  'v2', 'v3', 'v4', 'next', 'latest', 'stable', 'lts', 'legacy', 'beta', 'alpha'
+]);
+
 // Packages legitimes courts ou qui ressemblent a des populaires
 const WHITELIST = new Set([
   // Packages tres courts legitimes
@@ -275,8 +296,6 @@ async function scanTyposquatting(targetPath) {
     }
   }
 
-  if (candidates.length === 0) return threats;
-
   // Phase 2: API enrichment (batched to avoid socket exhaustion)
   const BATCH_SIZE = 10;
   const metadataResults = [];
@@ -333,9 +352,152 @@ async function scanTyposquatting(targetPath) {
     });
   }
 
+  // ============================================
+  // RT-C1: dependency boundary-squat detection (Axios UNC1069 March 2026)
+  // ============================================
+  // Runs on deps that did NOT match Levenshtein (length filter excludes them).
+  // Catches `<prefix>-<popular>` / `<popular>-<suffix>` injections in package.json
+  // deps, plus require/import usage cross-check inside the package source.
+  const levenshteinMatches = new Set(candidates.map(c => c.depName));
+  const RT_C1_MAX_DEPS = 50;
+  let depsEvaluated = 0;
+  for (const depName of Object.keys(dependencies)) {
+    if (depsEvaluated >= RT_C1_MAX_DEPS) break;
+    if (levenshteinMatches.has(depName)) continue; // already flagged by Levenshtein path
+    const bMatch = findDependencyBoundarySquat(depName);
+    if (!bMatch) continue;
+    depsEvaluated++;
+
+    const declMsg = 'Dependency "' + depName + '" looks like a boundary-squat of "'
+      + bMatch.original + '" (extra token: "' + bMatch.extra + '"). Axios UNC1069 pattern.';
+    threats.push({
+      type: 'dependency_typosquat',
+      severity: 'HIGH',
+      message: declMsg,
+      file: 'package.json',
+      details: {
+        suspicious: depName,
+        legitimate: bMatch.original,
+        technique: bMatch.type,
+        extra: bMatch.extra,
+        distance: bMatch.distance
+      }
+    });
+
+    // Cross-check: scan package source for require/import of this dep name
+    const usages = findDependencyUsages(targetPath, depName);
+    for (const u of usages) {
+      threats.push({
+        type: 'dependency_typosquat_used',
+        severity: 'MEDIUM',
+        message: 'Boundary-squat dep "' + depName + '" is require()/import()d in source code',
+        file: u.file,
+        line: u.line,
+        details: {
+          suspicious: depName,
+          legitimate: bMatch.original
+        }
+      });
+    }
+  }
+
   return threats;
 }
 
+/**
+ * RT-C1: Detects "boundary squat" patterns: <prefix>-<popular> or <popular>-<suffix>
+ * where the hyphenated tokens fully contain a popular package name and the extra
+ * material is NOT in LEGIT_BOUNDARY_TOKENS. This catches Axios UNC1069-style
+ * sub-dependency injection like `plain-crypto-js` (resembles `crypto-js`) that
+ * the Levenshtein matcher misses because length-diff is too large.
+ */
+function findDependencyBoundarySquat(name) {
+  const lower = name.toLowerCase();
+  if (!lower || lower.startsWith('@')) return null;            // skip scoped
+  if (lower.length < MIN_PACKAGE_LENGTH) return null;
+  if (WHITELIST.has(lower)) return null;
+  if (isLegitimateVariant(lower)) return null;
+  if (!lower.includes('-')) return null;                       // need a boundary
+  // If it's an exact match to a popular package, not a squat
+  if (POPULAR_PACKAGES_LOWER.indexOf(lower) !== -1) return null;
+
+  for (let i = 0; i < POPULAR_PACKAGES.length; i++) {
+    const popular = POPULAR_PACKAGES_LOWER[i];
+    if (popular.length < MIN_PACKAGE_LENGTH) continue;
+    if (lower === popular) continue;
+
+    if (popular.includes('-')) {
+      // Multi-token popular (e.g. crypto-js): match prefix or suffix at hyphen boundary
+      let extra = null;
+      if (lower.endsWith('-' + popular)) {
+        extra = lower.slice(0, lower.length - popular.length - 1);
+      } else if (lower.startsWith(popular + '-')) {
+        extra = lower.slice(popular.length + 1);
+      }
+      if (extra === null || extra.length === 0) continue;
+      // Reject if extra is a legit boundary token (single token only)
+      if (!extra.includes('-') && LEGIT_BOUNDARY_TOKENS.has(extra)) continue;
+      return { original: POPULAR_PACKAGES[i], type: 'boundary_squat', distance: extra.length, extra };
+    } else {
+      // Single-token popular: must appear as a full hyphen-bounded token in name
+      const tokens = lower.split('-');
+      const idx = tokens.indexOf(popular);
+      if (idx === -1) continue;
+      if (tokens.length === 1) continue;
+      const siblings = tokens.filter((_, j) => j !== idx);
+      // If all siblings are legit boundary tokens → benign variant (e.g. react-router)
+      if (siblings.every(t => LEGIT_BOUNDARY_TOKENS.has(t) || isLegitimateVariant(t))) continue;
+      const extra = siblings.join('-');
+      return { original: POPULAR_PACKAGES[i], type: 'boundary_squat', distance: extra.length, extra };
+    }
+  }
+  return null;
+}
+
+// RT-C1: Bounded scan of the package source for require/import of a given dep name.
+// Returns array of { file, line } usage sites. Bounds: 200 files, 256KB per file.
+const _DEP_USE_MAX_FILES = 200;
+const _DEP_USE_MAX_FILE_BYTES = 256 * 1024;
+function findDependencyUsages(targetPath, depName) {
+  const out = [];
+  if (!depName) return out;
+
+  let files;
+  try {
+    // Use a local require to avoid a circular import surface — utils.js is stable.
+    const { findFiles } = require('../utils.js');
+    files = findFiles(targetPath, { extensions: ['.js', '.mjs', '.cjs'], maxFiles: _DEP_USE_MAX_FILES });
+  } catch {
+    return out;
+  }
+  if (!files || files.length === 0) return out;
+
+  // Pre-build matchers — escape regex metacharacters in dep name
+  const escaped = depName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+  const reRequire = new RegExp(`require\\s*\\(\\s*['\"]${escaped}['\"]\\s*\\)`);
+  const reFrom = new RegExp(`from\\s+['\"]${escaped}['\"]`);
+  const reDynamic = new RegExp(`import\\s*\\(\\s*['\"]${escaped}['\"]\\s*\\)`);
+
+  for (const abs of files) {
+    let stat;
+    try { stat = fs.statSync(abs); } catch { continue; }
+    if (!stat.isFile() || stat.size > _DEP_USE_MAX_FILE_BYTES) continue;
+    let content;
+    try { content = fs.readFileSync(abs, 'utf8'); } catch { continue; }
+    // Fast-path early bail
+    if (!content.includes(depName)) continue;
+    const lines = content.split(/\r?\n/);
+    for (let i = 0; i < lines.length; i++) {
+      const ln = lines[i];
+      if (reRequire.test(ln) || reFrom.test(ln) || reDynamic.test(ln)) {
+        out.push({ file: path.relative(targetPath, abs), line: i + 1 });
+        break; // one match per file is enough — keeps signal density honest
+      }
+    }
+  }
+  return out;
+}
+
 function findTyposquatMatch(name) {
   const nameLower = name.toLowerCase();
   

package/src/scoring.js

@@ -112,6 +112,8 @@ const PACKAGE_LEVEL_TYPES = new Set([
   // Compound scoring rules — package-level co-occurrences
   'lifecycle_typosquat', 'lifecycle_inline_exec', 'lifecycle_remote_require',
   'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env',
+  // RT-C1: dependency boundary-squat family (Axios UNC1069 March 2026)
+  'dependency_typosquat', 'dependency_typosquat_require',
   // Blue Team v8: package-level boost signals
   'isolated_suspicious_file', 'deep_suspicious_file',
   // Blue Team v8b: phantom lifecycle scripts
@@ -124,7 +126,11 @@ const PACKAGE_LEVEL_TYPES = new Set([
   // intel-triage P1.3: stub-package detector closes ltidi gap (memory project_detection_gap_ltidi_chain)
   'stub_package_external_payload', 'stub_package_external_dep',
   // intel-triage P3.1 family compounds
-  'axios_family', 'stub_with_string_ioc'
+  'axios_family', 'stub_with_string_ioc',
+  // audit DF-C1: emitted when MAX_GRAPH_NODES exceeded so cross-file blind spot is visible in scoring
+  'large_package_graph_truncated',
+  // audit MR-C1: informational signal that the scan target is a monorepo root (per-workspace scoring TBD)
+  'monorepo_detected'
 ]);
 
 // ============================================
@@ -380,7 +386,9 @@ const DIST_EXEMPT_TYPES = new Set([
   'crypto_staged_payload', 'lifecycle_typosquat',
   'lifecycle_inline_exec', 'lifecycle_remote_require',
   'lifecycle_file_exec',  // B6: lifecycle → malicious file compound
-  'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env'
+  'lifecycle_dataflow', 'lifecycle_dangerous_exec', 'obfuscated_lifecycle_env',
+  // RT-C1: Boundary-squat compound is never coincidental (dep declared AND require()d)
+  'dependency_typosquat_require'
   // P6: remote_code_load and proxy_data_intercept removed — in bundled dist/ files,
   // fetch + eval co-occurrence is coincidental (bundler combines HTTP client + template compilation).
   // fetch_decrypt_exec (fetch+decrypt+eval triple) remains exempt — never coincidental.
@@ -488,6 +496,15 @@ const SCORING_COMPOUNDS = [
     message: 'Lifecycle hook on typosquat package — dependency confusion attack vector (scoring compound).',
     fileFrom: 'typosquat_detected'
   },
+  {
+    // RT-C1: Boundary-squat dep declared AND require()d in code → CRITICAL.
+    // Pattern Axios UNC1069 (March 2026): wrapper looks benign, payload is in the dep.
+    type: 'dependency_typosquat_require',
+    requires: ['dependency_typosquat', 'dependency_typosquat_used'],
+    severity: 'CRITICAL',
+    message: 'Boundary-squat dependency declared AND require()d in code — Axios UNC1069 pattern (scoring compound).',
+    fileFrom: 'dependency_typosquat_used'
+  },
   {
     type: 'lifecycle_inline_exec',
     requires: ['lifecycle_script', 'node_inline_exec'],