muaddib-scanner 2.11.76 → 2.11.78
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.githooks/pre-commit +18 -0
- package/README.md +15 -6
- package/bin/muaddib.js +18 -4
- package/package.json +1 -2
- package/{self-scan-v2.11.76.json → self-scan-v2.11.78.json} +1 -1
- package/src/commands/interactive.js +5 -6
- package/src/commands/safe-install.js +19 -19
- package/src/ioc/scraper.js +46 -10
- package/src/monitor/daemon.js +39 -28
- package/src/monitor/ingestion.js +32 -2
- package/src/monitor/queue.js +84 -21
- package/src/monitor/scan-queue.js +68 -1
- package/src/monitor/state.js +24 -1
- package/src/monitor/webhook.js +32 -11
- package/src/output/formatter.js +3 -4
- package/src/pipeline/executor.js +9 -1
- package/src/runtime/daemon.js +27 -28
- package/src/runtime/watch.js +7 -7
- package/src/sandbox/index.js +11 -9
- package/src/scanner/temporal-analysis.js +8 -0
- package/src/scanner/temporal-ast-diff.js +5 -0
- package/src/utils.js +60 -1
- package/.dockerignore +0 -7
- package/.env.example +0 -43
- package/ml-retrain/auto-labeler/auto_labeler.py +0 -312
- package/ml-retrain/auto-labeler/ghsa_checker.py +0 -169
- package/ml-retrain/auto-labeler/labeler.py +0 -256
- package/ml-retrain/auto-labeler/npm_checker.py +0 -228
- package/ml-retrain/auto-labeler/ossf_index.py +0 -178
- package/ml-retrain/auto-labeler/requirements.txt +0 -1
- package/ml-retrain/confusion-matrix.png +0 -0
- package/ml-retrain/model-trees-retrained.js +0 -12
- package/ml-retrain/retrain-report.json +0 -225
- package/ml-retrain/retrain.py +0 -974
- package/sbom.json +0 -0
- package/src/ml/train-bundler-detector.py +0 -725
- package/src/ml/train-xgboost.py +0 -957
- package/tools/export-model-js.py +0 -160
- package/tools/requirements-ml.txt +0 -5
- package/tools/train-classifier.py +0 -333
|
@@ -1,225 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"generated_at": "2026-04-05T06:55:40.434405+00:00",
|
|
3
|
-
"dataset": {
|
|
4
|
-
"confirmed_malicious_jsonl": 15,
|
|
5
|
-
"confirmed_malicious_alert": 0,
|
|
6
|
-
"confirmed_malicious_no_features": 357,
|
|
7
|
-
"likely_malicious_excluded": 19,
|
|
8
|
-
"unconfirmed_as_clean": 898,
|
|
9
|
-
"pending_excluded": 3971,
|
|
10
|
-
"clean_no_match": 41064,
|
|
11
|
-
"datadog_malicious": 14587
|
|
12
|
-
},
|
|
13
|
-
"best_hyperparams": {
|
|
14
|
-
"learning_rate": 0.05,
|
|
15
|
-
"max_depth": 4,
|
|
16
|
-
"n_estimators": 300
|
|
17
|
-
},
|
|
18
|
-
"grid_search_top5": [
|
|
19
|
-
{
|
|
20
|
-
"learning_rate": 0.05,
|
|
21
|
-
"max_depth": 4,
|
|
22
|
-
"n_estimators": 300,
|
|
23
|
-
"mean_f1": 0.9603269422604979
|
|
24
|
-
},
|
|
25
|
-
{
|
|
26
|
-
"learning_rate": 0.2,
|
|
27
|
-
"max_depth": 4,
|
|
28
|
-
"n_estimators": 200,
|
|
29
|
-
"mean_f1": 0.960326424181845
|
|
30
|
-
},
|
|
31
|
-
{
|
|
32
|
-
"learning_rate": 0.2,
|
|
33
|
-
"max_depth": 4,
|
|
34
|
-
"n_estimators": 300,
|
|
35
|
-
"mean_f1": 0.960326424181845
|
|
36
|
-
},
|
|
37
|
-
{
|
|
38
|
-
"learning_rate": 0.2,
|
|
39
|
-
"max_depth": 6,
|
|
40
|
-
"n_estimators": 200,
|
|
41
|
-
"mean_f1": 0.960326424181845
|
|
42
|
-
},
|
|
43
|
-
{
|
|
44
|
-
"learning_rate": 0.2,
|
|
45
|
-
"max_depth": 6,
|
|
46
|
-
"n_estimators": 300,
|
|
47
|
-
"mean_f1": 0.960326424181845
|
|
48
|
-
}
|
|
49
|
-
],
|
|
50
|
-
"cv_metrics": {
|
|
51
|
-
"precision": 0.9361788617886179,
|
|
52
|
-
"recall": 0.9857045026536552,
|
|
53
|
-
"f1": 0.9603035610040864
|
|
54
|
-
},
|
|
55
|
-
"holdout_metrics": {
|
|
56
|
-
"precision": 0.9243,
|
|
57
|
-
"recall": 0.9993,
|
|
58
|
-
"f1": 0.9603,
|
|
59
|
-
"auc_roc": 0.9989,
|
|
60
|
-
"fpr": 0.0285,
|
|
61
|
-
"tpr": 0.9993,
|
|
62
|
-
"confusion_matrix": [
|
|
63
|
-
[
|
|
64
|
-
8154,
|
|
65
|
-
239
|
|
66
|
-
],
|
|
67
|
-
[
|
|
68
|
-
2,
|
|
69
|
-
2918
|
|
70
|
-
]
|
|
71
|
-
],
|
|
72
|
-
"tp": 2918,
|
|
73
|
-
"fp": 239,
|
|
74
|
-
"fn": 2,
|
|
75
|
-
"tn": 8154,
|
|
76
|
-
"top_20_features": [
|
|
77
|
-
[
|
|
78
|
-
"unpacked_size_bytes",
|
|
79
|
-
2504.6235
|
|
80
|
-
],
|
|
81
|
-
[
|
|
82
|
-
"file_count_total",
|
|
83
|
-
654.4614
|
|
84
|
-
],
|
|
85
|
-
[
|
|
86
|
-
"version_count",
|
|
87
|
-
610.4544
|
|
88
|
-
],
|
|
89
|
-
[
|
|
90
|
-
"max_single_points",
|
|
91
|
-
607.4086
|
|
92
|
-
],
|
|
93
|
-
[
|
|
94
|
-
"score",
|
|
95
|
-
366.6144
|
|
96
|
-
],
|
|
97
|
-
[
|
|
98
|
-
"global_risk_score",
|
|
99
|
-
337.9385
|
|
100
|
-
],
|
|
101
|
-
[
|
|
102
|
-
"has_tests",
|
|
103
|
-
171.9633
|
|
104
|
-
],
|
|
105
|
-
[
|
|
106
|
-
"distinct_threat_types",
|
|
107
|
-
60.4275
|
|
108
|
-
],
|
|
109
|
-
[
|
|
110
|
-
"points_concentration",
|
|
111
|
-
50.8792
|
|
112
|
-
],
|
|
113
|
-
[
|
|
114
|
-
"has_env_access",
|
|
115
|
-
31.3521
|
|
116
|
-
],
|
|
117
|
-
[
|
|
118
|
-
"count_low",
|
|
119
|
-
28.3965
|
|
120
|
-
],
|
|
121
|
-
[
|
|
122
|
-
"type_env_access",
|
|
123
|
-
27.3926
|
|
124
|
-
],
|
|
125
|
-
[
|
|
126
|
-
"file_score_mean",
|
|
127
|
-
19.4835
|
|
128
|
-
],
|
|
129
|
-
[
|
|
130
|
-
"author_package_count",
|
|
131
|
-
18.6849
|
|
132
|
-
],
|
|
133
|
-
[
|
|
134
|
-
"package_score",
|
|
135
|
-
13.6326
|
|
136
|
-
],
|
|
137
|
-
[
|
|
138
|
-
"count_total",
|
|
139
|
-
9.09
|
|
140
|
-
],
|
|
141
|
-
[
|
|
142
|
-
"max_file_score",
|
|
143
|
-
6.8378
|
|
144
|
-
],
|
|
145
|
-
[
|
|
146
|
-
"severity_ratio_high",
|
|
147
|
-
4.6229
|
|
148
|
-
],
|
|
149
|
-
[
|
|
150
|
-
"has_repository",
|
|
151
|
-
3.9423
|
|
152
|
-
],
|
|
153
|
-
[
|
|
154
|
-
"package_age_days",
|
|
155
|
-
3.6351
|
|
156
|
-
]
|
|
157
|
-
]
|
|
158
|
-
},
|
|
159
|
-
"active_features": [
|
|
160
|
-
"score",
|
|
161
|
-
"max_file_score",
|
|
162
|
-
"package_score",
|
|
163
|
-
"global_risk_score",
|
|
164
|
-
"count_total",
|
|
165
|
-
"count_critical",
|
|
166
|
-
"count_high",
|
|
167
|
-
"count_medium",
|
|
168
|
-
"count_low",
|
|
169
|
-
"distinct_threat_types",
|
|
170
|
-
"type_suspicious_dataflow",
|
|
171
|
-
"type_env_access",
|
|
172
|
-
"type_sensitive_string",
|
|
173
|
-
"type_dangerous_call_eval",
|
|
174
|
-
"type_dangerous_call_exec",
|
|
175
|
-
"type_dangerous_call_function",
|
|
176
|
-
"type_obfuscation_detected",
|
|
177
|
-
"type_high_entropy_string",
|
|
178
|
-
"type_dynamic_require",
|
|
179
|
-
"type_dynamic_import",
|
|
180
|
-
"type_lifecycle_script",
|
|
181
|
-
"type_typosquat_detected",
|
|
182
|
-
"type_staged_payload",
|
|
183
|
-
"type_staged_binary_payload",
|
|
184
|
-
"type_network_require",
|
|
185
|
-
"type_sandbox_evasion",
|
|
186
|
-
"type_credential_regex_harvest",
|
|
187
|
-
"type_remote_code_load",
|
|
188
|
-
"type_suspicious_domain",
|
|
189
|
-
"type_prototype_hook",
|
|
190
|
-
"type_intent_credential_exfil",
|
|
191
|
-
"type_crypto_decipher",
|
|
192
|
-
"type_env_charcode_reconstruction",
|
|
193
|
-
"type_reverse_shell",
|
|
194
|
-
"type_mcp_config_injection",
|
|
195
|
-
"type_js_obfuscation_pattern",
|
|
196
|
-
"type_other",
|
|
197
|
-
"has_lifecycle_script",
|
|
198
|
-
"has_network_access",
|
|
199
|
-
"has_obfuscation",
|
|
200
|
-
"has_env_access",
|
|
201
|
-
"has_eval",
|
|
202
|
-
"has_staged_payload",
|
|
203
|
-
"has_typosquat",
|
|
204
|
-
"has_ioc_match",
|
|
205
|
-
"has_intent_pair",
|
|
206
|
-
"has_sandbox_finding",
|
|
207
|
-
"file_count_with_threats",
|
|
208
|
-
"file_score_mean",
|
|
209
|
-
"file_score_max",
|
|
210
|
-
"severity_ratio_high",
|
|
211
|
-
"max_single_points",
|
|
212
|
-
"points_concentration",
|
|
213
|
-
"unpacked_size_bytes",
|
|
214
|
-
"reputation_factor",
|
|
215
|
-
"package_age_days",
|
|
216
|
-
"weekly_downloads",
|
|
217
|
-
"version_count",
|
|
218
|
-
"author_package_count",
|
|
219
|
-
"has_repository",
|
|
220
|
-
"readme_size",
|
|
221
|
-
"file_count_total",
|
|
222
|
-
"has_tests",
|
|
223
|
-
"threat_density"
|
|
224
|
-
]
|
|
225
|
-
}
|