muaddib-scanner 2.11.88 → 2.11.90

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.88",
+  "version": "2.11.90",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/{self-scan-v2.11.88.json → self-scan-v2.11.90.json}

@@ -1,6 +1,6 @@
 {
   "target": "node_modules",
-  "timestamp": "2026-06-11T08:02:35.162Z",
+  "timestamp": "2026-06-11T08:32:51.994Z",
   "threats": [
     {
       "type": "string_mutation_obfuscation",

package/src/monitor/queue.js

@@ -150,10 +150,14 @@ const BURST_PREALERT_MIN_VERSIONS = (() => {
   const n = parseInt(process.env.MUADDIB_BURST_MIN_VERSIONS, 10);
   return Number.isFinite(n) && n >= 2 ? n : 10;
 })();
-// Dedup burst pings: one per name per process window (bounded — cleared at the cap so it
-// can never grow without limit, CLAUDE.md §2).
-const _burstAlerted = new Set();
+// Burst ping throttle (FPR/notif audit 2026-06): name -> last burst-alert timestamp.
+// Was a lifetime Set (dedup once per process), which both (a) silenced a genuine
+// re-burst days later and (b) on a process that runs for weeks accumulated spam from
+// every monorepo/CI nightly that re-bursts. Now a 24h-cooldown Map: one alert per
+// package per day max. Bounded — cleared at the cap so it can never grow without limit.
+const _burstAlerted = new Map();
 const BURST_ALERTED_MAX = 20_000;
+const BURST_ALERT_COOLDOWN_MS = 24 * 60 * 60 * 1000; // 24h
 
 // Stage 3 — sandbox gate. Static-score threshold below which T1b/T2 packages
 // are NOT sandboxed (static result alone is authoritative). Tightens the prior
@@ -1530,9 +1534,22 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
         const isBurst = burstCount >= BURST_PREALERT_MIN_VERSIONS;
         if (isBurst) {
           item.isBurst = true;
-          if (!_burstAlerted.has(item.name)) {
+          // Anti-flood (notification only — the burst versions are STILL queued and scanned
+          // below regardless; muting the heads-up never weakens detection):
+          //  1) Established packages (mature + many versions) bursting are monorepo / CI
+          //     nightly churn, not the Shai-Hulud account-takeover signal (that is a NEW /
+          //     low-reputation package suddenly bursting). A real takeover of an established
+          //     package is still caught by the per-version scan + the atoSignal above.
+          //  2) 24h cooldown per package so a package re-bursting all day pings at most once.
+          const _np = item._npmInfo || npmInfo || {};
+          const _established = Number.isFinite(_np.age_days) && _np.age_days > 730 &&
+            Number.isFinite(_np.version_count) && _np.version_count > 100;
+          const _now = Date.now();
+          const _last = _burstAlerted.get(item.name);
+          const _onCooldown = _last && (_now - _last) < BURST_ALERT_COOLDOWN_MS;
+          if (!_established && !_onCooldown) {
             if (_burstAlerted.size >= BURST_ALERTED_MAX) _burstAlerted.clear();
-            _burstAlerted.add(item.name);
+            _burstAlerted.set(item.name, _now);
             stats.burstPreAlerts = (stats.burstPreAlerts || 0) + 1;
             console.log(`[MONITOR] BURST PRE-ALERT: ${item.name} — ${burstCount} versions in the recent window`);
             sendBurstPreAlert(item.name, burstCount, item.ecosystem).catch(err => {

package/src/scanner/npm-registry.js

@@ -217,6 +217,10 @@ async function getPackageMetadata(packageName) {
     // / pinned-old / vendored versions bypass the cap so we don't mask attacks
     // captured in static fixtures (e.g. eslint-scope 3.7.2, chalk 5.6.1).
     latest_version: latestVersion || null,
+    // P4 : full dist-tags map ({ latest, next, canary, ... }) so scoring can tell a
+    // maintainer-controlled pre-release channel version (inherits partial reputation)
+    // from a historical / pinned-old version (no reputation).
+    dist_tags: (meta['dist-tags'] && typeof meta['dist-tags'] === 'object') ? meta['dist-tags'] : null,
     // F3 : list of maintainer email addresses (lowercased, unique) for DNS
     // MX / RDAP downstream checks. Empty array if no emails published.
     maintainer_emails: maintainerEmails,

package/src/scoring.js

@@ -1874,6 +1874,23 @@ function _hasMaliceSignal(threats) {
   return threats.some(t => t.severity === 'HIGH' || t.severity === 'CRITICAL');
 }
 
+// P4 (pre-release reputation): known maintainer-controlled pre-release dist-tag names.
+const _PRERELEASE_TAG_RE = /^(next|canary|nightly|rc|beta|alpha|dev|experimental|preview|snapshot|edge|insider|insiders)$/i;
+
+// True when the scanned version is published on a NON-latest pre-release dist-tag
+// (e.g. dist-tags = { latest: "3.19.1", next: "3.19.0-nightly-..." } and we scan the
+// nightly). Maintainer-controlled, so an attacker cannot put a payload on `next`
+// without the account — and Track R still floors confirmed malice regardless.
+function _isPrereleaseChannelVersion(metadata) {
+  const dt = metadata && metadata.dist_tags;
+  const sv = metadata && metadata.scan_version;
+  if (!dt || typeof dt !== 'object' || typeof sv !== 'string') return false;
+  for (const [tag, ver] of Object.entries(dt)) {
+    if (ver === sv && tag !== 'latest' && _PRERELEASE_TAG_RE.test(tag)) return true;
+  }
+  return false;
+}
+
 function applyReputationFactor(result, metadata) {
   if (!result || !result.summary || !metadata) return null;
   // FPR plan : the reputation factor describes "how trustworthy this package
@@ -1884,12 +1901,21 @@ function applyReputationFactor(result, metadata) {
   // scan version is unknown (CLI scanning a directory without version field),
   // we fail open : skip the factor entirely rather than apply a multiplier
   // we cannot situate in time.
+  // P4 (pre-release reputation): a canary/nightly/rc of an established package is a NEW
+  // (not historical) version on a maintainer-controlled pre-release dist-tag, so it should
+  // inherit the package's reputation — but only PARTIALLY (it is not the verified latest).
+  // Any OTHER non-latest version (historical / pinned-old / vendored) keeps the full skip.
+  let _prereleaseAttenuation = 1.0;
   if (
     typeof metadata.latest_version === 'string' &&
     typeof metadata.scan_version === 'string' &&
     metadata.latest_version !== metadata.scan_version
   ) {
-    return null;
+    if (_isPrereleaseChannelVersion(metadata)) {
+      _prereleaseAttenuation = 0.85;
+    } else {
+      return null;
+    }
   }
   if (
     typeof metadata.latest_version === 'string' &&
@@ -1900,9 +1926,14 @@ function applyReputationFactor(result, metadata) {
   // P3 hardening: a valid attestation must NOT earn a trust bonus on a package that
   // also shows malice (TeamPCP attested-malware scenario). Withhold it here, where
   // the threat list is available.
-  const factor = _factorFromMetadata(metadata, {
+  let factor = _factorFromMetadata(metadata, {
     allowProvenanceBonus: !_hasMaliceSignal(result.threats)
   });
+  // P4: blend the factor toward neutral (1.0) for pre-release channel versions — they
+  // get most of the reputation suppression but not 100% (they are not the verified latest).
+  if (_prereleaseAttenuation !== 1.0) {
+    factor = 1.0 + (factor - 1.0) * _prereleaseAttenuation;
+  }
   if (factor === 1.0) {
     result.summary.reputationFactor = 1.0;
     return null;