npm - muaddib-scanner - Versions diffs - 2.11.75 → 2.11.76 - Mend

muaddib-scanner 2.11.75 → 2.11.76

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/{self-scan-v2.11.75.json → self-scan-v2.11.76.json} +1 -1
package/src/monitor/ingestion.js +12 -5
package/src/monitor/queue.js +36 -0
package/src/monitor/scan-queue.js +32 -6
package/src/monitor/webhook.js +39 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.75",
+  "version": "2.11.76",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/{self-scan-v2.11.75.json → self-scan-v2.11.76.json} RENAMED Viewed

@@ -1,6 +1,6 @@
 {
   "target": "node_modules",
-  "timestamp": "2026-06-07T19:18:50.434Z",
+  "timestamp": "2026-06-07T19:47:48.330Z",
   "threats": [
     {
       "type": "string_mutation_obfuscation",

package/src/monitor/ingestion.js CHANGED Viewed

@@ -370,7 +370,8 @@ const RECENT_PUBLISH_MAX = 5;
  * @returns {Object|null} - {
  *   version, tarball, unpackedSize, scripts, homepage, description,
  *   latestTagVersion,       // dist-tags.latest (may differ from `version` under ATO)
- *   recentVersions: [{ version, tarball, unpackedSize, scripts }, ...]
+ *   recentVersions: [{ version, tarball, unpackedSize, scripts }, ...],  // capped at maxRecent
+ *   recentWindowCount,      // TRUE (uncapped) count of versions in the window (Phase 2b burst)
  * } or null if no usable version found
  */
 function selectMostRecentVersion(packument, options = {}) {
@@ -419,14 +420,19 @@ function selectMostRecentVersion(packument, options = {}) {
     recentVersions: [],
   };
-  // Burst extras: other versions published within the recent window, excluding
-  // the most-recent one. Bounded by maxRecent. Each extra carries enough
-  // metadata for the queue to enqueue it directly without re-fetching the packument.
+  // Burst extras: other versions published within the recent window, excluding the
+  // most-recent one. The enqueue list is bounded by maxRecent, but recentWindowCount is
+  // the TRUE (uncapped) number of versions in the window — Phase 2b burst detection uses it
+  // so a 96-version Miasma burst is distinguishable from a legit 3-5 patch-release day (the
+  // capped list alone tops out at maxRecent+1 and can't tell them apart).
+  result.recentWindowCount = 1; // includes the most-recent version itself
   if (versionTimes.length > 1) {
     const cutoff = versionTimes[0][1] - recentWindowMs;
-    for (let i = 1; i < versionTimes.length && result.recentVersions.length < maxRecent; i++) {
+    for (let i = 1; i < versionTimes.length; i++) {
       const [v, ts] = versionTimes[i];
       if (ts < cutoff) break; // sorted desc, so once we cross the cutoff we're done
+      result.recentWindowCount++;
+      if (result.recentVersions.length >= maxRecent) continue; // enqueue list capped; count continues
       const vData = versions[v];
       if (!vData) continue;
       result.recentVersions.push({
@@ -819,6 +825,7 @@ async function pollNpmChanges(state, scanQueue, stats) {
         unpackedSize: docMeta ? docMeta.unpackedSize : 0,
         registryScripts: docMeta ? docMeta.scripts : null,
         _cacheTrigger: cacheTrigger.shouldCache ? cacheTrigger : null,
+        firstPublish: cacheTrigger.shouldCache && cacheTrigger.reason === 'first_publish',
         isIOCMatch: isKnownIOC
       });
       queued++;

package/src/monitor/queue.js CHANGED Viewed

@@ -57,6 +57,7 @@ const {
   buildAlertData,
   persistAlert,
   sendIOCPreAlert,
+  sendBurstPreAlert,
   matchVersionedIOC,
   buildCanaryExfiltrationWebhookEmbed,
   getWebhookUrl,
@@ -130,6 +131,21 @@ const RECENTLY_SCANNED_MAX = 50_000; // FIFO cap for the dedup Set (P0c — boun
 const FIRST_PUBLISH_SANDBOX_MAX_QUEUE = parseInt(process.env.MUADDIB_FIRST_PUBLISH_SANDBOX_MAX_QUEUE, 10) || 10;
 const FIRST_PUBLISH_SANDBOX_ENABLED = process.env.MUADDIB_FIRST_PUBLISH_SANDBOX !== '0';
+// Phase 2b: burst (Miasma) pre-alert. A burst = >= this many versions of ONE name in the
+// recent-publish window (the TRUE uncapped count, selectMostRecentVersion.recentWindowCount).
+// Default 10: detection is PER-NAME, so legit multi-PLATFORM publishers (different names,
+// e.g. @opencode-ai/cli-*-* binaries) are never caught; legit same-name release days rarely
+// reach 10; Miasma's 96-in-72s clears it easily. Per-name + deduped + non-scoring (Discord
+// heads-up only, no FPR impact). Env-tunable up if a feed proves noisy.
+const BURST_PREALERT_MIN_VERSIONS = (() => {
+  const n = parseInt(process.env.MUADDIB_BURST_MIN_VERSIONS, 10);
+  return Number.isFinite(n) && n >= 2 ? n : 10;
+})();
+// Dedup burst pings: one per name per process window (bounded — cleared at the cap so it
+// can never grow without limit, CLAUDE.md §2).
+const _burstAlerted = new Set();
+const BURST_ALERTED_MAX = 20_000;
 // Stage 3 — sandbox gate. Static-score threshold below which T1b/T2 packages
 // are NOT sandboxed (static result alone is authoritative). Tightens the prior
 // "T1b sandbox if score >= 25 or queue < 20" to remove low-signal sandbox runs
@@ -1429,6 +1445,25 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
         // only scan whichever version happened to be the most recent at resolution
         // time, racing the publish stream.
         const recents = Array.isArray(npmInfo.recentVersions) ? npmInfo.recentVersions : [];
+        // Phase 2b: burst = TRUE count of versions of this name in the recent window
+        // (uncapped recentWindowCount), NOT the capped extras list — so a 96-version Miasma
+        // burst is distinguishable from a legit multi-version day. At/above the threshold,
+        // flag the item (protects it + its extras from queue-cap eviction) and fire ONE
+        // burst pre-alert per name (deduped, bounded).
+        const burstCount = Number.isFinite(npmInfo.recentWindowCount) ? npmInfo.recentWindowCount : (recents.length + 1);
+        const isBurst = burstCount >= BURST_PREALERT_MIN_VERSIONS;
+        if (isBurst) {
+          item.isBurst = true;
+          if (!_burstAlerted.has(item.name)) {
+            if (_burstAlerted.size >= BURST_ALERTED_MAX) _burstAlerted.clear();
+            _burstAlerted.add(item.name);
+            stats.burstPreAlerts = (stats.burstPreAlerts || 0) + 1;
+            console.log(`[MONITOR] BURST PRE-ALERT: ${item.name} — ${burstCount} versions in the recent window`);
+            sendBurstPreAlert(item.name, burstCount, item.ecosystem).catch(err => {
+              console.error(`[MONITOR] burst pre-alert webhook failed for ${item.name}: ${err.message}`);
+            });
+          }
+        }
         for (const recent of recents) {
           if (!recent || !recent.tarball || !recent.version) continue;
           const dedupeKey = `${item.name}@${recent.version}`;
@@ -1441,6 +1476,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
             unpackedSize: recent.unpackedSize || 0,
             registryScripts: recent.scripts || null,
             atoSignal: item.atoSignal === true,
+            isBurst,
             isATOBurstExtra: true,
           }, stats);
         }

package/src/monitor/scan-queue.js CHANGED Viewed

@@ -24,32 +24,58 @@ const MAX_SCAN_QUEUE = (() => {
 const HARD_DROP_LOG_INTERVAL_MS = 10_000;
 let _lastHardDropLog = 0;
+// Phase 2b: classes we never want to drop blindly when the queue caps out — the
+// specifically-targeted scans (known-malicious, burst/ATO, first-publish). Eviction drops
+// the oldest UNPROTECTED item instead; only if a bounded head-window is entirely protected
+// do we fall back to strict-oldest (still ledgered, with a distinct source).
+function _isProtected(item) {
+  return !!(item && (item.isIOCMatch || item.isBurst || item.firstPublish || item.atoSignal || item.isATOBurstExtra));
+}
+// How far from the head we scan for an unprotected victim. Protected items are a small
+// fraction of the flood, so a victim is almost always found within a few slots; the bound
+// keeps eviction O(window) under sustained overflow (CLAUDE.md §2 bounded resources).
+const PROTECTED_EVICTION_SCAN_MAX = (() => {
+  const v = parseInt(process.env.MUADDIB_PROTECTED_EVICTION_SCAN_MAX, 10);
+  return Number.isFinite(v) && v > 0 ? v : 1024;
+})();
 /**
- * Push an item onto the scan queue, enforcing the hard cap by dropping the oldest item
- * when at capacity. `max` defaults to MAX_SCAN_QUEUE (overridable for tests). Returns
- * true iff an item was dropped to make room.
+ * Push an item onto the scan queue, enforcing the hard cap when at capacity. Evicts the
+ * oldest UNPROTECTED item (within a bounded head-window), falling back to strict-oldest if
+ * that window is all-protected. `max` defaults to MAX_SCAN_QUEUE (overridable for tests).
+ * Returns true iff an item was dropped to make room.
  */
 function enqueueScan(scanQueue, item, stats, max = MAX_SCAN_QUEUE) {
   let dropped = false;
   if (scanQueue.length >= max) {
-    const evicted = scanQueue.shift(); // drop oldest
+    // Victim = oldest unprotected item within the bounded head-window; else strict oldest.
+    let victimIdx = -1;
+    const scanLimit = Math.min(scanQueue.length, PROTECTED_EVICTION_SCAN_MAX);
+    for (let i = 0; i < scanLimit; i++) {
+      if (!_isProtected(scanQueue[i])) { victimIdx = i; break; }
+    }
+    const protectedFallback = victimIdx === -1;
+    const evicted = protectedFallback ? scanQueue.shift() : scanQueue.splice(victimIdx, 1)[0];
     dropped = true;
     if (stats) stats.queueHardDrops = (stats.queueHardDrops || 0) + 1;
     // Phase 0a: record the dropped item so a coverage loss keeps an identity — answers
     // "which versions were never scanned" (e.g. the Miasma 72s/96-version burst). Lazy
     // require avoids any top-level coupling with state.js; best-effort, never throws.
+    // A dropped PROTECTED item (all-protected head-window) gets a distinct source so the
+    // rare case stays visible in the 0b ledger rollup.
     try {
       if (evicted && evicted.name) {
         require('./state.js').appendScanLedger({
           name: evicted.name, version: evicted.version, ecosystem: evicted.ecosystem,
-          outcome: 'dropped', source: 'queue_cap'
+          outcome: 'dropped', source: protectedFallback ? 'queue_cap_protected' : 'queue_cap'
         });
       }
     } catch { /* ledger is best-effort */ }
     const now = Date.now();
     if (now - _lastHardDropLog > HARD_DROP_LOG_INTERVAL_MS) {
       _lastHardDropLog = now;
-      console.warn(`[MONITOR] QUEUE_HARD_DROP: scan queue at cap ${max} — dropping oldest item(s) (total dropped this session: ${stats ? stats.queueHardDrops : '?'}). Ingestion is outrunning scanning.`);
+      console.warn(`[MONITOR] QUEUE_HARD_DROP: scan queue at cap ${max} — dropping ${protectedFallback ? 'OLDEST (head-window all protected)' : 'oldest unprotected'} item(s) (total dropped this session: ${stats ? stats.queueHardDrops : '?'}). Ingestion is outrunning scanning.`);
     }
   }
   scanQueue.push(item);

package/src/monitor/webhook.js CHANGED Viewed

@@ -240,6 +240,43 @@ async function sendCampaignPreAlert(name, campaign, ecosystem = 'npm') {
   await sendWebhook(url, buildCampaignPreAlertEmbed(name, campaign, ecosystem), { rawPayload: true });
 }
+/**
+ * Layer 1c: Build the burst pre-alert embed (pure — no network). Exported for tests.
+ * Fires when ≥K versions of one package land in a short window (account-takeover /
+ * "Miasma" burst-publish). Amber to distinguish from IOC (red) and campaign (orange).
+ * @param {string} name - Package name
+ * @param {number} count - Number of versions seen in the burst window
+ * @param {string} [ecosystem='npm'] - 'npm' | 'pypi' | 'crates' (link target)
+ */
+function buildBurstPreAlertEmbed(name, count, ecosystem = 'npm') {
+  return {
+    embeds: [{
+      title: '⚠️ BURST PRE-ALERT — Rapid Multi-Version Publish',
+      color: 0xf39c12,
+      fields: [
+        { name: 'Package', value: `[${ecosystem}/${name}](${registryLink(ecosystem, name)})`, inline: true },
+        { name: 'Versions', value: `${count} in a short window`, inline: true },
+        { name: 'Detection', value: 'Burst-publish (possible ATO / Miasma)', inline: true },
+        { name: 'Status', value: 'Multiple versions published rapidly — every version queued for scan and protected from queue-cap eviction. Treat as suspect until verdicts land.', inline: false }
+      ],
+      footer: {
+        text: `MUAD'DIB Burst Pre-Alert | ${new Date().toISOString().replace('T', ' ').replace(/\.\d+Z$/, ' UTC')}`
+      },
+      timestamp: new Date().toISOString()
+    }]
+  };
+}
+/**
+ * Layer 1c: Send a burst pre-alert webhook. Fire-and-forget; callers dedupe per
+ * name/window so a burst pings once, not once per version.
+ */
+async function sendBurstPreAlert(name, count, ecosystem = 'npm') {
+  const url = getWebhookUrl();
+  if (!url) return;
+  await sendWebhook(url, buildBurstPreAlertEmbed(name, count, ecosystem), { rawPayload: true });
+}
 /**
  * Check if a specific package@version matches a versioned IOC entry.
  * Returns the matching IOC entry or null.
@@ -1399,6 +1436,8 @@ module.exports = {
   sendIOCPreAlert,
   buildCampaignPreAlertEmbed,
   sendCampaignPreAlert,
+  buildBurstPreAlertEmbed,
+  sendBurstPreAlert,
   matchVersionedIOC,
   computeRiskLevel,
   computeRiskScore,