muaddib-scanner 2.11.24 → 2.11.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/package.json +6 -7
- package/self-scan-v2.11.32.json +1423 -0
- package/src/ml/feature-extractor.js +281 -17
- package/src/monitor/daemon.js +9 -3
- package/src/monitor/ingestion.js +49 -103
- package/src/monitor/queue.js +34 -41
- package/src/monitor/tarball-archive.js +58 -3
- package/src/monitor/webhook.js +36 -0
- package/src/pipeline/executor.js +12 -3
- package/src/pipeline/processor.js +12 -0
- package/src/pipeline/scan-worker.js +6 -1
- package/src/rules/index.js +12 -0
- package/src/scanner/release-zero.js +46 -0
- package/src/scanner/trusted-dep-diff.js +205 -0
- package/src/scanner/typosquat.js +10 -2
- package/src/scoring.js +17 -0
package/README.md
CHANGED
|
@@ -296,7 +296,7 @@ repos:
|
|
|
296
296
|
| **FPR** (Benign random, v2.10.95 measure) | **7.0%** (14/200) | 200 random npm packages, stratified sampling |
|
|
297
297
|
| **ADR** (Adversarial + Holdout) | **96.3%** (103/107) | 67 adversarial + 40 holdout (107 available on disk), global threshold=20 |
|
|
298
298
|
|
|
299
|
-
**
|
|
299
|
+
**3664 tests** across 93 files. **234 rules** (229 RULES + 5 PARANOID).
|
|
300
300
|
|
|
301
301
|
> **ML retrain methodology (v2.10.51):**
|
|
302
302
|
> - Ground truth: 377 confirmed_malicious via auto-labeler (OSSF malicious-packages, GitHub Advisory Database, npm registry takedown correlation)
|
|
@@ -344,7 +344,7 @@ npm test
|
|
|
344
344
|
|
|
345
345
|
### Testing
|
|
346
346
|
|
|
347
|
-
- **
|
|
347
|
+
- **3664 tests** across 93 modular test files
|
|
348
348
|
- **56 fuzz tests** - Malformed inputs, ReDoS, unicode, binary
|
|
349
349
|
- **Datadog 17K benchmark** - 14,587 confirmed malware samples (in-scope)
|
|
350
350
|
- **Ground truth validation** - 67 real-world attacks (93.85% TPR@3, 86.2% TPR@20 — v2.10.95 measure)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "muaddib-scanner",
|
|
3
|
-
"version": "2.11.
|
|
3
|
+
"version": "2.11.32",
|
|
4
4
|
"description": "Supply-chain threat detection & response for npm & PyPI/Python",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -14,7 +14,8 @@
|
|
|
14
14
|
"scan": "node bin/muaddib.js scan .",
|
|
15
15
|
"update": "node bin/muaddib.js update",
|
|
16
16
|
"lint": "eslint src bin --ext .js",
|
|
17
|
-
"compress-iocs": "node -e \"const fs=require('fs');const zlib=require('zlib');zlib.gzip(fs.readFileSync('src/ioc/data/iocs.json'),(e,b)=>{if(e)throw e;fs.writeFileSync('iocs.json.gz',b);console.log('Compressed: '+b.length+' bytes')})\""
|
|
17
|
+
"compress-iocs": "node -e \"const fs=require('fs');const zlib=require('zlib');zlib.gzip(fs.readFileSync('src/ioc/data/iocs.json'),(e,b)=>{if(e)throw e;fs.writeFileSync('iocs.json.gz',b);console.log('Compressed: '+b.length+' bytes')})\"",
|
|
18
|
+
"prepublishOnly": "node -e \"if(!process.env.CI){console.error('ERR: Publish via CI workflow (tag v* push). Local publishes are disabled.');process.exit(1)}\""
|
|
18
19
|
},
|
|
19
20
|
"keywords": [
|
|
20
21
|
"security",
|
|
@@ -50,14 +51,12 @@
|
|
|
50
51
|
"acorn": "8.16.0",
|
|
51
52
|
"acorn-walk": "8.3.5",
|
|
52
53
|
"adm-zip": "0.5.17",
|
|
53
|
-
"js-yaml": "4.1.1"
|
|
54
|
-
|
|
55
|
-
"overrides": {
|
|
56
|
-
"loadash": "0.0.0-security"
|
|
54
|
+
"js-yaml": "4.1.1",
|
|
55
|
+
"loadash": "^1.0.0"
|
|
57
56
|
},
|
|
58
57
|
"devDependencies": {
|
|
59
58
|
"@eslint/js": "10.0.1",
|
|
60
|
-
"eslint": "10.
|
|
59
|
+
"eslint": "10.4.0",
|
|
61
60
|
"eslint-plugin-security": "^4.0.0",
|
|
62
61
|
"globals": "17.6.0"
|
|
63
62
|
}
|