muaddib-scanner 2.11.74 → 2.11.76

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.74",
+  "version": "2.11.76",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/{self-scan-v2.11.74.json → self-scan-v2.11.76.json}

@@ -1,6 +1,6 @@
 {
   "target": "node_modules",
-  "timestamp": "2026-06-07T18:51:19.187Z",
+  "timestamp": "2026-06-07T19:47:48.330Z",
   "threats": [
     {
       "type": "string_mutation_obfuscation",

package/src/ioc/ghsa-poller.js

@@ -31,7 +31,7 @@ const path = require('path');
 const https = require('https');
 
 const GHSA_API_HOST = 'api.github.com';
-const GHSA_ECOSYSTEMS = ['npm', 'pypi'];
+const GHSA_ECOSYSTEMS = ['npm', 'pypi', 'crates'];
 const GHSA_CURSOR_FILE = process.env.MUADDIB_GHSA_CURSOR_FILE ||
   path.join(__dirname, '..', '..', 'data', 'ghsa-cursor.json');
 const GHSA_MALWARE_FILE = process.env.MUADDIB_GHSA_MALWARE_FILE ||
@@ -84,9 +84,10 @@ function _httpGetJson(pathName, { token, httpImpl = https, timeoutMs = 20_000 }
  */
 async function _defaultFetch(ecosystem, opts = {}) {
   const token = opts.token || process.env.GITHUB_TOKEN || process.env.GH_TOKEN || null;
-  // GHSA names the Python ecosystem "pip" (not "pypi") in BOTH the query and the response;
-  // querying ecosystem=pypi returns HTTP 422. Map our internal name to GHSA's for the query.
-  const apiEco = ecosystem === 'pypi' ? 'pip' : ecosystem;
+  // GHSA names the Python ecosystem "pip" (not "pypi") and Rust "rust" (we call it
+  // "crates") in BOTH the query and the response; querying ecosystem=pypi returns HTTP
+  // 422. Map our internal name to GHSA's for the query.
+  const apiEco = ecosystem === 'pypi' ? 'pip' : ecosystem === 'crates' ? 'rust' : ecosystem;
   const p = `/advisories?type=malware&ecosystem=${encodeURIComponent(apiEco)}&per_page=100&sort=updated&direction=desc`;
   const { status, json } = await _httpGetJson(p, { token, httpImpl: opts.httpImpl });
   if (status !== 200 || !Array.isArray(json)) {
@@ -112,7 +113,7 @@ function _nextLink(linkHeader) {
 async function fetchAllGhsaMalware(ecosystem, opts = {}) {
   const token = opts.token || process.env.GITHUB_TOKEN || process.env.GH_TOKEN || null;
   const maxPages = Number.isFinite(opts.maxPages) ? opts.maxPages : 30;
-  const apiEco = ecosystem === 'pypi' ? 'pip' : ecosystem;
+  const apiEco = ecosystem === 'pypi' ? 'pip' : ecosystem === 'crates' ? 'rust' : ecosystem;
   let pathName = `/advisories?type=malware&ecosystem=${encodeURIComponent(apiEco)}&per_page=100&sort=published&direction=desc`;
   const rows = [];
   for (let page = 0; page < maxPages && pathName; page++) {
@@ -141,6 +142,7 @@ function parseAdvisory(adv, ecosystems = GHSA_ECOSYSTEMS) {
     if (!pkg || !pkg.name || !pkg.ecosystem) continue;
     let eco = String(pkg.ecosystem).toLowerCase();
     if (eco === 'pip') eco = 'pypi'; // normalize GHSA's "pip" to our internal "pypi"
+    else if (eco === 'rust') eco = 'crates'; // normalize GHSA's "rust" to our internal "crates"
     if (ecosystems && !ecosystems.includes(eco)) continue;
     out.push({
       ghsa_id: adv.ghsa_id,
@@ -210,17 +212,29 @@ function _maybeCompactMalware(file) {
 function buildGhsaPreAlertEmbed(row) {
   const link = row.ecosystem === 'pypi'
     ? `https://pypi.org/project/${encodeURIComponent(row.name)}/`
-    : `https://www.npmjs.com/package/${encodeURIComponent(row.name)}`;
+    : row.ecosystem === 'crates'
+      ? `https://crates.io/crates/${encodeURIComponent(row.name)}`
+      : `https://www.npmjs.com/package/${encodeURIComponent(row.name)}`;
+  const fields = [
+    { name: 'Package', value: `[${row.ecosystem}/${row.name}](${link})`, inline: true },
+    { name: 'Range', value: String(row.versionRange || '*'), inline: true },
+    { name: 'Advisory', value: `[${row.ghsa_id}](https://github.com/advisories/${row.ghsa_id})`, inline: true },
+    { name: 'Source', value: 'GitHub Advisory DB (type=malware) — active poller', inline: false }
+  ];
+  // crates enrichment: flag if the malicious crate name typosquats a popular crate.
+  // Lazy require keeps the poller light; findCratesTyposquatMatch is pure.
+  if (row.ecosystem === 'crates') {
+    try {
+      const { findCratesTyposquatMatch } = require('../scanner/typosquat.js');
+      const m = findCratesTyposquatMatch(row.name);
+      if (m) fields.push({ name: 'Typosquat', value: `looks like \`${m.original}\` (distance ${m.distance})`, inline: true });
+    } catch { /* enrichment is best-effort */ }
+  }
   return {
     embeds: [{
       title: '⚠️ GHSA PRE-ALERT — Fresh Malware Advisory',
       color: 0xe74c3c,
-      fields: [
-        { name: 'Package', value: `[${row.ecosystem}/${row.name}](${link})`, inline: true },
-        { name: 'Range', value: String(row.versionRange || '*'), inline: true },
-        { name: 'Advisory', value: `[${row.ghsa_id}](https://github.com/advisories/${row.ghsa_id})`, inline: true },
-        { name: 'Source', value: 'GitHub Advisory DB (type=malware) — active poller', inline: false }
-      ],
+      fields,
       footer: { text: `MUAD'DIB GHSA Pre-Alert | ${new Date().toISOString().replace('T', ' ').replace(/\.\d+Z$/, ' UTC')}` },
       timestamp: new Date().toISOString()
     }]

package/src/monitor/ingestion.js

@@ -370,7 +370,8 @@ const RECENT_PUBLISH_MAX = 5;
  * @returns {Object|null} - {
  *   version, tarball, unpackedSize, scripts, homepage, description,
  *   latestTagVersion,       // dist-tags.latest (may differ from `version` under ATO)
- *   recentVersions: [{ version, tarball, unpackedSize, scripts }, ...]
+ *   recentVersions: [{ version, tarball, unpackedSize, scripts }, ...],  // capped at maxRecent
+ *   recentWindowCount,      // TRUE (uncapped) count of versions in the window (Phase 2b burst)
  * } or null if no usable version found
  */
 function selectMostRecentVersion(packument, options = {}) {
@@ -419,14 +420,19 @@ function selectMostRecentVersion(packument, options = {}) {
     recentVersions: [],
   };
 
-  // Burst extras: other versions published within the recent window, excluding
-  // the most-recent one. Bounded by maxRecent. Each extra carries enough
-  // metadata for the queue to enqueue it directly without re-fetching the packument.
+  // Burst extras: other versions published within the recent window, excluding the
+  // most-recent one. The enqueue list is bounded by maxRecent, but recentWindowCount is
+  // the TRUE (uncapped) number of versions in the window — Phase 2b burst detection uses it
+  // so a 96-version Miasma burst is distinguishable from a legit 3-5 patch-release day (the
+  // capped list alone tops out at maxRecent+1 and can't tell them apart).
+  result.recentWindowCount = 1; // includes the most-recent version itself
   if (versionTimes.length > 1) {
     const cutoff = versionTimes[0][1] - recentWindowMs;
-    for (let i = 1; i < versionTimes.length && result.recentVersions.length < maxRecent; i++) {
+    for (let i = 1; i < versionTimes.length; i++) {
       const [v, ts] = versionTimes[i];
       if (ts < cutoff) break; // sorted desc, so once we cross the cutoff we're done
+      result.recentWindowCount++;
+      if (result.recentVersions.length >= maxRecent) continue; // enqueue list capped; count continues
       const vData = versions[v];
       if (!vData) continue;
       result.recentVersions.push({
@@ -819,6 +825,7 @@ async function pollNpmChanges(state, scanQueue, stats) {
         unpackedSize: docMeta ? docMeta.unpackedSize : 0,
         registryScripts: docMeta ? docMeta.scripts : null,
         _cacheTrigger: cacheTrigger.shouldCache ? cacheTrigger : null,
+        firstPublish: cacheTrigger.shouldCache && cacheTrigger.reason === 'first_publish',
         isIOCMatch: isKnownIOC
       });
       queued++;

package/src/monitor/queue.js

@@ -57,6 +57,7 @@ const {
   buildAlertData,
   persistAlert,
   sendIOCPreAlert,
+  sendBurstPreAlert,
   matchVersionedIOC,
   buildCanaryExfiltrationWebhookEmbed,
   getWebhookUrl,
@@ -130,6 +131,21 @@ const RECENTLY_SCANNED_MAX = 50_000; // FIFO cap for the dedup Set (P0c — boun
 const FIRST_PUBLISH_SANDBOX_MAX_QUEUE = parseInt(process.env.MUADDIB_FIRST_PUBLISH_SANDBOX_MAX_QUEUE, 10) || 10;
 const FIRST_PUBLISH_SANDBOX_ENABLED = process.env.MUADDIB_FIRST_PUBLISH_SANDBOX !== '0';
 
+// Phase 2b: burst (Miasma) pre-alert. A burst = >= this many versions of ONE name in the
+// recent-publish window (the TRUE uncapped count, selectMostRecentVersion.recentWindowCount).
+// Default 10: detection is PER-NAME, so legit multi-PLATFORM publishers (different names,
+// e.g. @opencode-ai/cli-*-* binaries) are never caught; legit same-name release days rarely
+// reach 10; Miasma's 96-in-72s clears it easily. Per-name + deduped + non-scoring (Discord
+// heads-up only, no FPR impact). Env-tunable up if a feed proves noisy.
+const BURST_PREALERT_MIN_VERSIONS = (() => {
+  const n = parseInt(process.env.MUADDIB_BURST_MIN_VERSIONS, 10);
+  return Number.isFinite(n) && n >= 2 ? n : 10;
+})();
+// Dedup burst pings: one per name per process window (bounded — cleared at the cap so it
+// can never grow without limit, CLAUDE.md §2).
+const _burstAlerted = new Set();
+const BURST_ALERTED_MAX = 20_000;
+
 // Stage 3 — sandbox gate. Static-score threshold below which T1b/T2 packages
 // are NOT sandboxed (static result alone is authoritative). Tightens the prior
 // "T1b sandbox if score >= 25 or queue < 20" to remove low-signal sandbox runs
@@ -1429,6 +1445,25 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
         // only scan whichever version happened to be the most recent at resolution
         // time, racing the publish stream.
         const recents = Array.isArray(npmInfo.recentVersions) ? npmInfo.recentVersions : [];
+        // Phase 2b: burst = TRUE count of versions of this name in the recent window
+        // (uncapped recentWindowCount), NOT the capped extras list — so a 96-version Miasma
+        // burst is distinguishable from a legit multi-version day. At/above the threshold,
+        // flag the item (protects it + its extras from queue-cap eviction) and fire ONE
+        // burst pre-alert per name (deduped, bounded).
+        const burstCount = Number.isFinite(npmInfo.recentWindowCount) ? npmInfo.recentWindowCount : (recents.length + 1);
+        const isBurst = burstCount >= BURST_PREALERT_MIN_VERSIONS;
+        if (isBurst) {
+          item.isBurst = true;
+          if (!_burstAlerted.has(item.name)) {
+            if (_burstAlerted.size >= BURST_ALERTED_MAX) _burstAlerted.clear();
+            _burstAlerted.add(item.name);
+            stats.burstPreAlerts = (stats.burstPreAlerts || 0) + 1;
+            console.log(`[MONITOR] BURST PRE-ALERT: ${item.name} — ${burstCount} versions in the recent window`);
+            sendBurstPreAlert(item.name, burstCount, item.ecosystem).catch(err => {
+              console.error(`[MONITOR] burst pre-alert webhook failed for ${item.name}: ${err.message}`);
+            });
+          }
+        }
         for (const recent of recents) {
           if (!recent || !recent.tarball || !recent.version) continue;
           const dedupeKey = `${item.name}@${recent.version}`;
@@ -1441,6 +1476,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
             unpackedSize: recent.unpackedSize || 0,
             registryScripts: recent.scripts || null,
             atoSignal: item.atoSignal === true,
+            isBurst,
             isATOBurstExtra: true,
           }, stats);
         }

package/src/monitor/scan-queue.js

@@ -24,32 +24,58 @@ const MAX_SCAN_QUEUE = (() => {
 const HARD_DROP_LOG_INTERVAL_MS = 10_000;
 let _lastHardDropLog = 0;
 
+// Phase 2b: classes we never want to drop blindly when the queue caps out — the
+// specifically-targeted scans (known-malicious, burst/ATO, first-publish). Eviction drops
+// the oldest UNPROTECTED item instead; only if a bounded head-window is entirely protected
+// do we fall back to strict-oldest (still ledgered, with a distinct source).
+function _isProtected(item) {
+  return !!(item && (item.isIOCMatch || item.isBurst || item.firstPublish || item.atoSignal || item.isATOBurstExtra));
+}
+
+// How far from the head we scan for an unprotected victim. Protected items are a small
+// fraction of the flood, so a victim is almost always found within a few slots; the bound
+// keeps eviction O(window) under sustained overflow (CLAUDE.md §2 bounded resources).
+const PROTECTED_EVICTION_SCAN_MAX = (() => {
+  const v = parseInt(process.env.MUADDIB_PROTECTED_EVICTION_SCAN_MAX, 10);
+  return Number.isFinite(v) && v > 0 ? v : 1024;
+})();
+
 /**
- * Push an item onto the scan queue, enforcing the hard cap by dropping the oldest item
- * when at capacity. `max` defaults to MAX_SCAN_QUEUE (overridable for tests). Returns
- * true iff an item was dropped to make room.
+ * Push an item onto the scan queue, enforcing the hard cap when at capacity. Evicts the
+ * oldest UNPROTECTED item (within a bounded head-window), falling back to strict-oldest if
+ * that window is all-protected. `max` defaults to MAX_SCAN_QUEUE (overridable for tests).
+ * Returns true iff an item was dropped to make room.
  */
 function enqueueScan(scanQueue, item, stats, max = MAX_SCAN_QUEUE) {
   let dropped = false;
   if (scanQueue.length >= max) {
-    const evicted = scanQueue.shift(); // drop oldest
+    // Victim = oldest unprotected item within the bounded head-window; else strict oldest.
+    let victimIdx = -1;
+    const scanLimit = Math.min(scanQueue.length, PROTECTED_EVICTION_SCAN_MAX);
+    for (let i = 0; i < scanLimit; i++) {
+      if (!_isProtected(scanQueue[i])) { victimIdx = i; break; }
+    }
+    const protectedFallback = victimIdx === -1;
+    const evicted = protectedFallback ? scanQueue.shift() : scanQueue.splice(victimIdx, 1)[0];
     dropped = true;
     if (stats) stats.queueHardDrops = (stats.queueHardDrops || 0) + 1;
     // Phase 0a: record the dropped item so a coverage loss keeps an identity — answers
     // "which versions were never scanned" (e.g. the Miasma 72s/96-version burst). Lazy
     // require avoids any top-level coupling with state.js; best-effort, never throws.
+    // A dropped PROTECTED item (all-protected head-window) gets a distinct source so the
+    // rare case stays visible in the 0b ledger rollup.
     try {
       if (evicted && evicted.name) {
         require('./state.js').appendScanLedger({
           name: evicted.name, version: evicted.version, ecosystem: evicted.ecosystem,
-          outcome: 'dropped', source: 'queue_cap'
+          outcome: 'dropped', source: protectedFallback ? 'queue_cap_protected' : 'queue_cap'
         });
       }
     } catch { /* ledger is best-effort */ }
     const now = Date.now();
     if (now - _lastHardDropLog > HARD_DROP_LOG_INTERVAL_MS) {
       _lastHardDropLog = now;
-      console.warn(`[MONITOR] QUEUE_HARD_DROP: scan queue at cap ${max} — dropping oldest item(s) (total dropped this session: ${stats ? stats.queueHardDrops : '?'}). Ingestion is outrunning scanning.`);
+      console.warn(`[MONITOR] QUEUE_HARD_DROP: scan queue at cap ${max} — dropping ${protectedFallback ? 'OLDEST (head-window all protected)' : 'oldest unprotected'} item(s) (total dropped this session: ${stats ? stats.queueHardDrops : '?'}). Ingestion is outrunning scanning.`);
     }
   }
   scanQueue.push(item);

package/src/monitor/webhook.js

@@ -240,6 +240,43 @@ async function sendCampaignPreAlert(name, campaign, ecosystem = 'npm') {
   await sendWebhook(url, buildCampaignPreAlertEmbed(name, campaign, ecosystem), { rawPayload: true });
 }
 
+/**
+ * Layer 1c: Build the burst pre-alert embed (pure — no network). Exported for tests.
+ * Fires when ≥K versions of one package land in a short window (account-takeover /
+ * "Miasma" burst-publish). Amber to distinguish from IOC (red) and campaign (orange).
+ * @param {string} name - Package name
+ * @param {number} count - Number of versions seen in the burst window
+ * @param {string} [ecosystem='npm'] - 'npm' | 'pypi' | 'crates' (link target)
+ */
+function buildBurstPreAlertEmbed(name, count, ecosystem = 'npm') {
+  return {
+    embeds: [{
+      title: '⚠️ BURST PRE-ALERT — Rapid Multi-Version Publish',
+      color: 0xf39c12,
+      fields: [
+        { name: 'Package', value: `[${ecosystem}/${name}](${registryLink(ecosystem, name)})`, inline: true },
+        { name: 'Versions', value: `${count} in a short window`, inline: true },
+        { name: 'Detection', value: 'Burst-publish (possible ATO / Miasma)', inline: true },
+        { name: 'Status', value: 'Multiple versions published rapidly — every version queued for scan and protected from queue-cap eviction. Treat as suspect until verdicts land.', inline: false }
+      ],
+      footer: {
+        text: `MUAD'DIB Burst Pre-Alert | ${new Date().toISOString().replace('T', ' ').replace(/\.\d+Z$/, ' UTC')}`
+      },
+      timestamp: new Date().toISOString()
+    }]
+  };
+}
+
+/**
+ * Layer 1c: Send a burst pre-alert webhook. Fire-and-forget; callers dedupe per
+ * name/window so a burst pings once, not once per version.
+ */
+async function sendBurstPreAlert(name, count, ecosystem = 'npm') {
+  const url = getWebhookUrl();
+  if (!url) return;
+  await sendWebhook(url, buildBurstPreAlertEmbed(name, count, ecosystem), { rawPayload: true });
+}
+
 /**
  * Check if a specific package@version matches a versioned IOC entry.
  * Returns the matching IOC entry or null.
@@ -1399,6 +1436,8 @@ module.exports = {
   sendIOCPreAlert,
   buildCampaignPreAlertEmbed,
   sendCampaignPreAlert,
+  buildBurstPreAlertEmbed,
+  sendBurstPreAlert,
   matchVersionedIOC,
   computeRiskLevel,
   computeRiskScore,

package/src/scanner/typosquat.js

@@ -764,4 +764,80 @@ function findPyPITyposquatMatch(name) {
   return null;
 }
 
-module.exports = { scanTyposquatting, levenshteinDistance, clearMetadataCache, findPyPITyposquatMatch, findTyposquatMatch };
+// ============================================
+// crates.io (Rust) TYPOSQUATTING — Phase 4
+// ============================================
+// Pre-alert enrichment ONLY: flags when an incoming crate name (from the GHSA rust
+// malware feed) typosquats a popular crate. No crates ingestion / build.rs / scan-time
+// Cargo parsing (non-goal). Mirrors the PyPI block above.
+
+// Top crates.io packages by downloads (typosquat targets). Hardcoded snapshot.
+const POPULAR_CRATES = [
+  'serde', 'serde_json', 'serde_derive', 'serde_yaml', 'syn', 'quote', 'proc-macro2',
+  'libc', 'rand', 'rand_core', 'log', 'cfg-if', 'bitflags', 'itertools', 'once_cell',
+  'lazy_static', 'regex', 'regex-syntax', 'aho-corasick', 'base64', 'num-traits',
+  'unicode-ident', 'tokio', 'tokio-util', 'futures', 'futures-util', 'bytes',
+  'hashbrown', 'smallvec', 'parking_lot', 'anyhow', 'thiserror', 'indexmap', 'memchr',
+  'chrono', 'semver', 'getrandom', 'clap', 'time', 'uuid', 'hyper', 'reqwest',
+  'async-trait', 'tracing', 'tracing-core', 'tracing-subscriber', 'url',
+  'percent-encoding', 'idna', 'socket2', 'httparse', 'tower', 'rayon', 'num_cpus',
+  'either', 'toml', 'winapi', 'windows-sys', 'env_logger', 'generic-array', 'digest',
+  'sha2', 'typenum', 'subtle', 'rustls', 'ring', 'openssl', 'flate2', 'miniz_oxide',
+  'crc32fast', 'walkdir', 'tempfile', 'dirs', 'nix', 'backtrace', 'scopeguard',
+  'pin-project', 'pin-project-lite', 'slab', 'lock_api', 'crossbeam-utils',
+  'crossbeam-channel', 'crossbeam-epoch', 'ahash', 'fnv', 'mio', 'h2', 'http'
+];
+
+// crates.io treats '-' and '_' as equivalent and is case-insensitive for name
+// uniqueness; normalize the same way for typosquat comparison.
+function normalizeCrate(name) {
+  return name.toLowerCase().replace(/[-_]+/g, '-');
+}
+
+const POPULAR_CRATES_NORMALIZED = POPULAR_CRATES.map(normalizeCrate);
+const POPULAR_CRATES_SET = new Set(POPULAR_CRATES_NORMALIZED);
+
+// Legitimate crates within edit-distance of a popular crate but not squats.
+const CRATES_WHITELIST = new Set([
+  'mime',         // distance 1 from 'time' — both real & popular
+  'rand-chacha',  // rand ecosystem sibling (normalized)
+  'serde-with',   // serde ecosystem sibling
+  'futures-core',
+]);
+
+const MIN_CRATE_LENGTH = 4;
+
+/**
+ * Find a crates.io typosquat match (Levenshtein over the popular-crate list).
+ * Pure + IOC-independent. Used by the GHSA rust pre-alert to enrich the embed.
+ *
+ * @param {string} name - crate name
+ * @returns {{original: string, type: string, distance: number}|null}
+ */
+function findCratesTyposquatMatch(name) {
+  if (typeof name !== 'string' || !name) return null;
+  const normalized = normalizeCrate(name);
+
+  if (POPULAR_CRATES_SET.has(normalized)) return null; // it IS a popular crate
+  if (CRATES_WHITELIST.has(normalized)) return null;
+  if (normalized.length < MIN_CRATE_LENGTH) return null;
+
+  for (let i = 0; i < POPULAR_CRATES.length; i++) {
+    const popularNorm = POPULAR_CRATES_NORMALIZED[i];
+    const popular = POPULAR_CRATES[i];
+    if (normalized === popularNorm) continue;
+    if (popularNorm.length < MIN_CRATE_LENGTH) continue;
+    if (Math.abs(normalized.length - popularNorm.length) > 2) continue;
+
+    const distance = levenshteinDistance(normalized, popularNorm);
+    if (distance === 1) {
+      return { original: popular, type: detectTyposquatType(normalized, popularNorm), distance };
+    }
+    if (distance === 2 && popularNorm.length >= 5) {
+      return { original: popular, type: detectTyposquatType(normalized, popularNorm), distance };
+    }
+  }
+  return null;
+}
+
+module.exports = { scanTyposquatting, levenshteinDistance, clearMetadataCache, findPyPITyposquatMatch, findCratesTyposquatMatch, findTyposquatMatch };