muaddib-scanner 2.2.11 → 2.2.13

package/README.fr.md

@@ -686,7 +686,7 @@ MUAD'DIB 2.2.11 Scanner
 |   +-- Canary Tokens / Honey Tokens (sandbox)
 |
 +-- Validation & Observabilité (v2.1)
-|   +-- Ground Truth Dataset (5 attaques réelles, 100% détection)
+|   +-- Ground Truth Dataset (51 attaques réelles, 91.8% TPR)
 |   +-- Logging Temps de Détection (first_seen, métriques lead time)
 |   +-- Suivi Taux FP (stats quotidiennes, taux faux positifs)
 |   +-- Décomposition Score (scoring explicable par règle)
@@ -723,11 +723,10 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 
 | Metrique | Resultat | Details |
 |----------|----------|---------|
-| **TPR** (Ground Truth) | **100%** (4/4) | Attaques reelles : event-stream, ua-parser-js, coa, node-ipc |
+| **TPR** (Ground Truth) | **91.8%** (45/49) | 51 attaques reelles (49 actives). 4 hors scope : browser-only (3) + risque FP (1) |
 | **FPR** (Packages standard) | **6.2%** (18/290) | Packages avec <10 fichiers JS — librairies et outils typiques |
-| **FPR** (Benign, global) | **13.1%** (69/527) | 529 packages npm, vrai code source via `npm pack`, seuil > 20 |
-| **ADR** (Adversarial) | **100%** (35/35) | 35 samples evasifs sur 4 vagues red team |
-| **Holdouts** (pre-tuning) | 40/40 pass | Tous les holdouts passent apres corrections |
+| **FPR** (Benign, global) | **~13%** (69/527) | 529 packages npm, vrai code source via `npm pack`, seuil > 20 |
+| **ADR** (Adversarial + Holdout) | **100%** (75/75) | 35 adversariaux + 40 holdouts evasifs sur 5 vagues red team |
 
 **FPR par taille de package** — Le FPR correle lineairement avec la taille du package. Le scoring per-file max (v2.2.11) reduit significativement les FP sur les packages moyens/gros :
 
@@ -738,7 +737,7 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 | Gros (50-100 fichiers JS) | 40 | 10 | 25.0% |
 | Tres gros (100+ fichiers JS) | 62 | 25 | 40.3% |
 
-**Progression FPR** : 0% (invalide, dirs vides, v2.2.0-v2.2.6) → 38% (premiere vraie mesure, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → **13.1%** (v2.2.11, scoring per-file max)
+**Progression FPR** : 0% (invalide, dirs vides, v2.2.0-v2.2.6) → 38% (premiere vraie mesure, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → **~13%** (v2.2.11, scoring per-file max)
 
 **Progression holdout** (scores pre-tuning, regles gelees) :
 
@@ -750,12 +749,12 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 | v4 | **80%** (8/10) | Efficacite desobfuscation |
 | v5 | 50% (5/10) | Dataflow inter-module (nouveau scanner) |
 
-- **TPR** (True Positive Rate) : taux de detection sur 4 attaques supply-chain reelles (event-stream, ua-parser-js, coa, node-ipc)
+- **TPR** (True Positive Rate) : taux de detection sur 49 attaques supply-chain reelles (event-stream, ua-parser-js, coa, flatmap-stream, eslint-scope, solana-web3js, et 43 autres). 4 misses : browser-only (lottie-player, polyfill-io, trojanized-jquery) ou risque FP (websocket-rat) — voir [Threat Model](docs/threat-model.md).
 - **FPR** (False Positive Rate) : packages avec score > 20 sur 529 packages npm reels (code source scanne, pas des dirs vides). Le 6.2% sur les packages standard (<10 fichiers JS, 290 packages) est la metrique la plus representative pour un usage typique — la plupart des packages npm sont petits.
-- **ADR** (Adversarial Detection Rate) : taux de detection sur 35 samples malveillants evasifs sur 4 vagues red team
+- **ADR** (Adversarial Detection Rate) : taux de detection sur 75 samples malveillants evasifs — 35 adversariaux (4 vagues red team) + 40 holdouts (5 batches de 10, testant obfuscation, dataflow inter-module, etc.)
 - **Holdout** (pre-tuning) : taux de detection sur 10 samples jamais vus avec regles gelees (mesure de generalisation)
 
-Datasets : 529 npm + 132 PyPI packages benins, 35 samples adversariaux, 50 samples holdout (5 batches), 65 packages malveillants documentes.
+Datasets : 529 npm + 132 PyPI packages benins, 75 samples adversariaux/holdout, 51 attaques ground-truth (65 packages malveillants documentes).
 
 Voir [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) pour le protocole experimental complet.
 
@@ -791,14 +790,12 @@ npm test
 
 ### Tests
 
-- **836 tests unitaires/intégration** sur 20 fichiers modulaires - 74% coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
-- **56 tests de fuzzing** - YAML malformé, JSON invalide, fichiers binaires, ReDoS, unicode, inputs 10MB
-- **35 samples adversariaux** - Packages malveillants évasifs, taux de détection 35/35 (100% ADR)
-- **50 samples holdout** - 5 batches de 10, scores pre-tuning : 30% → 40% → 60% → 80% → 50%
-- **8 tests multi-facteur typosquat** - Cas limites et comportement cache
-- **Validation ground truth** - 5/5 attaques réelles détectées (event-stream, ua-parser-js, coa, node-ipc, colors)
-- **Validation faux positifs** - 6.2% FPR sur packages standard (18/290), 13.1% global (69/527) sur vrai code source npm via `npm pack`
-- **Audit ESLint sécurité** - `eslint-plugin-security` avec 14 règles activées
+- **807 tests unitaires/integration** sur 20 fichiers modulaires - 74% coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
+- **56 tests de fuzzing** - YAML malforme, JSON invalide, fichiers binaires, ReDoS, unicode, inputs 10MB
+- **75 samples adversariaux/holdout** - 35 adversariaux + 40 holdouts, 75/75 taux de detection (100% ADR)
+- **Validation ground truth** - 51 attaques reelles (45/49 detectees = 91.8% TPR). 4 hors scope : browser-only (3) + risque FP (1)
+- **Validation faux positifs** - 6.2% FPR sur packages standard (18/290), ~13% global (69/527) sur vrai code source npm via `npm pack`
+- **Audit ESLint securite** - `eslint-plugin-security` avec 14 regles activees
 
 ---
 

package/README.md

@@ -689,7 +689,7 @@ MUAD'DIB 2.2.11 Scanner
 |   +-- Canary Tokens / Honey Tokens (sandbox)
 |
 +-- Validation & Observability (v2.1)
-|   +-- Ground Truth Dataset (5 real-world attacks, 100% detection)
+|   +-- Ground Truth Dataset (51 real-world attacks, 91.8% TPR)
 |   +-- Detection Time Logging (first_seen tracking, lead time metrics)
 |   +-- FP Rate Tracking (daily stats, false positive rate)
 |   +-- Score Breakdown (explainable per-rule scoring)
@@ -726,11 +726,10 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 
 | Metric | Result | Details |
 |--------|--------|---------|
-| **TPR** (Ground Truth) | **100%** (4/4) | Real-world attacks: event-stream, ua-parser-js, coa, node-ipc |
+| **TPR** (Ground Truth) | **91.8%** (45/49) | 51 real-world attacks (49 active). 4 out-of-scope: browser-only (3) + FP-risky (1) |
 | **FPR** (Standard packages) | **6.2%** (18/290) | Packages with <10 JS files — typical libraries and tools |
-| **FPR** (Benign, global) | **13.1%** (69/527) | 529 npm packages, real source code via `npm pack`, threshold > 20 |
-| **ADR** (Adversarial) | **100%** (35/35) | 35 evasive samples across 4 red-team waves |
-| **Holdouts** (pre-tuning) | 40/40 pass | All holdout samples pass after corrections |
+| **FPR** (Benign, global) | **~13%** (69/527) | 529 npm packages, real source code via `npm pack`, threshold > 20 |
+| **ADR** (Adversarial + Holdout) | **100%** (75/75) | 35 adversarial + 40 holdout evasive samples across 5 red-team waves |
 
 **FPR by package size** — FPR correlates linearly with package size. Per-file max scoring (v2.2.11) significantly reduces FP on medium/large packages:
 
@@ -741,7 +740,7 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 | Large (50-100 JS files) | 40 | 10 | 25.0% |
 | Very large (100+ JS files) | 62 | 25 | 40.3% |
 
-**FPR progression**: 0% (invalid, empty dirs, v2.2.0-v2.2.6) → 38% (first real measurement, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → **13.1%** (v2.2.11, per-file max scoring)
+**FPR progression**: 0% (invalid, empty dirs, v2.2.0-v2.2.6) → 38% (first real measurement, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → **~13%** (v2.2.11, per-file max scoring)
 
 **Holdout progression** (pre-tuning scores, rules frozen):
 
@@ -753,12 +752,12 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 | v4 | **80%** (8/10) | Deobfuscation effectiveness |
 | v5 | 50% (5/10) | Inter-module dataflow (new scanner) |
 
-- **TPR** (True Positive Rate): detection rate on 4 real-world supply-chain attacks (event-stream, ua-parser-js, coa, node-ipc)
+- **TPR** (True Positive Rate): detection rate on 49 real-world supply-chain attacks (event-stream, ua-parser-js, coa, flatmap-stream, eslint-scope, solana-web3js, and 43 more). 4 misses are browser-only (lottie-player, polyfill-io, trojanized-jquery) or risky to fix (websocket-rat) — see [Threat Model](docs/threat-model.md).
 - **FPR** (False Positive Rate): packages scoring > 20 out of 529 real npm packages (source code scanned, not empty dirs). The 6.2% on standard packages (<10 JS files, 290 packages) is the most representative metric for typical use — most npm packages are small.
-- **ADR** (Adversarial Detection Rate): detection rate on 35 evasive malicious samples across 4 red-team waves
+- **ADR** (Adversarial Detection Rate): detection rate on 75 evasive malicious samples — 35 adversarial (4 red-team waves) + 40 holdout (5 batches of 10, testing obfuscation, inter-module dataflow, etc.)
 - **Holdout** (pre-tuning): detection rate on 10 unseen samples with rules frozen (measures generalization)
 
-Datasets: 529 npm + 132 PyPI benign packages, 35 adversarial samples, 50 holdout samples (5 batches), 65 documented malware packages.
+Datasets: 529 npm + 132 PyPI benign packages, 75 adversarial/holdout samples, 51 ground-truth attacks (65 documented malware packages).
 
 See [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) for the full experimental protocol.
 
@@ -794,13 +793,11 @@ npm test
 
 ### Testing
 
-- **836 unit/integration tests** across 20 modular test files - 74% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
+- **807 unit/integration tests** across 20 modular test files - 74% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
 - **56 fuzz tests** - Malformed YAML, invalid JSON, binary files, ReDoS, unicode, 10MB inputs
-- **35 adversarial samples** - Evasive malicious packages, 35/35 detection rate (100% ADR)
-- **50 holdout samples** - 5 batches of 10, pre-tuning scores: 30% → 40% → 60% → 80% → 50%
-- **8 multi-factor typosquat tests** - Edge cases and cache behavior
-- **Ground truth validation** - 5/5 real-world attacks detected (event-stream, ua-parser-js, coa, node-ipc, colors)
-- **False positive validation** - 6.2% FPR on standard packages (18/290), 13.1% global (69/527) on real npm source code via `npm pack`
+- **75 adversarial/holdout samples** - 35 adversarial + 40 holdout, 75/75 detection rate (100% ADR)
+- **Ground truth validation** - 51 real-world attacks (45/49 detected = 91.8% TPR). 4 out-of-scope: browser-only (3) + FP-risky (1)
+- **False positive validation** - 6.2% FPR on standard packages (18/290), ~13% global (69/527) on real npm source code via `npm pack`
 - **ESLint security audit** - `eslint-plugin-security` with 14 rules enabled
 
 ---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.2.11",
+  "version": "2.2.13",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {
@@ -8,6 +8,7 @@
   },
   "scripts": {
     "test": "node tests/run-tests.js",
+    "test:integration": "node tests/run-tests-integration.js",
     "scan": "node bin/muaddib.js scan .",
     "update": "node bin/muaddib.js update",
     "lint": "eslint src bin --ext .js",

package/src/commands/evaluate.js

@@ -22,6 +22,12 @@ const BENIGN_DIR = path.join(ROOT, 'datasets', 'benign');
 const ADVERSARIAL_DIR = path.join(ROOT, 'datasets', 'adversarial');
 const METRICS_DIR = path.join(ROOT, 'metrics');
 const CACHE_DIR = path.join(ROOT, '.muaddib-cache', 'benign-tarballs');
+const HOLDOUT_DIRS = [
+  path.join(ROOT, 'datasets', 'holdout-v2'),
+  path.join(ROOT, 'datasets', 'holdout-v3'),
+  path.join(ROOT, 'datasets', 'holdout-v4'),
+  path.join(ROOT, 'datasets', 'holdout-v5'),
+];
 
 const GT_THRESHOLD = 3;
 const BENIGN_THRESHOLD = 20;
@@ -68,6 +74,33 @@ const ADVERSARIAL_THRESHOLDS = {
   'browser-api-hook': 20
 };
 
+const HOLDOUT_THRESHOLDS = {
+  // holdout-v2 (10 samples)
+  'conditional-os-payload': 25, 'env-var-reconstruction': 25,
+  'github-workflow-inject': 20, 'homedir-ssh-key-steal': 25,
+  'npm-cache-poison': 20, 'npm-lifecycle-preinstall-curl': 25,
+  'process-env-proxy-getter': 20, 'readable-stream-hijack': 20,
+  'setTimeout-chain': 25, 'wasm-loader': 20,
+  // holdout-v3 (10 samples)
+  'dns-txt-payload': 25, 'electron-rce': 30,
+  'env-file-parse-exfil': 20, 'git-credential-steal': 20,
+  'npm-hook-hijack': 25, 'postinstall-reverse-shell': 35,
+  'require-cache-poison': 20, 'steganography-payload': 15,
+  'symlink-escape': 25, 'timezone-trigger': 30,
+  // holdout-v4 (10 samples — deobfuscation)
+  'atob-eval': 20, 'base64-require': 35,
+  'charcode-fetch': 25, 'charcode-spread-homedir': 30,
+  'concat-env-steal': 20, 'double-decode-exfil': 40,
+  'hex-array-exec': 20, 'mixed-obfuscation-stealer': 30,
+  'nested-base64-concat': 25, 'template-literal-hide': 40,
+  // holdout-v5 (10 samples — inter-module dataflow)
+  'callback-exfil': 3, 'class-method-exfil': 20,
+  'conditional-split': 25, 'event-emitter-flow': 3,
+  'mixed-inline-split': 20, 'named-export-steal': 20,
+  'reexport-chain': 20, 'split-env-exfil': 20,
+  'split-npmrc-steal': 20, 'three-hop-chain': 20
+};
+
 /**
  * Scan a directory silently and return the result
  */
@@ -300,23 +333,39 @@ async function evaluateAdversarial() {
   const details = [];
   let detected = 0;
 
-  const sampleNames = Object.keys(ADVERSARIAL_THRESHOLDS);
-  for (const name of sampleNames) {
+  // --- Adversarial samples (35) ---
+  for (const [name, threshold] of Object.entries(ADVERSARIAL_THRESHOLDS)) {
     const sampleDir = path.join(ADVERSARIAL_DIR, name);
     if (!fs.existsSync(sampleDir)) {
-      details.push({ name, score: 0, threshold: ADVERSARIAL_THRESHOLDS[name], detected: false, error: 'directory not found' });
+      details.push({ name, score: 0, threshold, detected: false, error: 'directory not found', source: 'adversarial' });
       continue;
     }
+    const result = await silentScan(sampleDir);
+    const score = result.summary.riskScore;
+    const isDetected = score >= threshold;
+    if (isDetected) detected++;
+    details.push({ name, score, threshold, detected: isDetected, source: 'adversarial' });
+  }
 
+  // --- Holdout samples (40) ---
+  for (const [name, threshold] of Object.entries(HOLDOUT_THRESHOLDS)) {
+    let sampleDir = null;
+    for (const hDir of HOLDOUT_DIRS) {
+      const candidate = path.join(hDir, name);
+      if (fs.existsSync(candidate)) { sampleDir = candidate; break; }
+    }
+    if (!sampleDir) {
+      details.push({ name, score: 0, threshold, detected: false, error: 'directory not found', source: 'holdout' });
+      continue;
+    }
     const result = await silentScan(sampleDir);
     const score = result.summary.riskScore;
-    const threshold = ADVERSARIAL_THRESHOLDS[name];
     const isDetected = score >= threshold;
     if (isDetected) detected++;
-    details.push({ name, score, threshold, detected: isDetected });
+    details.push({ name, score, threshold, detected: isDetected, source: 'holdout' });
   }
 
-  const total = sampleNames.length;
+  const total = Object.keys(ADVERSARIAL_THRESHOLDS).length + Object.keys(HOLDOUT_THRESHOLDS).length;
   const adr = total > 0 ? detected / total : 0;
   return { detected, total, adr, details };
 }
@@ -425,6 +474,7 @@ module.exports = {
   saveMetrics,
   silentScan,
   ADVERSARIAL_THRESHOLDS,
+  HOLDOUT_THRESHOLDS,
   GT_THRESHOLD,
   BENIGN_THRESHOLD
 };

package/src/response/playbooks.js

@@ -328,6 +328,16 @@ const PLAYBOOKS = {
     'CRITIQUE: eval() ou Function() recoit un argument decode en base64 (atob/Buffer.from). ' +
     'Technique de staged payload: le code malveillant est encode puis decode et execute dynamiquement. ' +
     'Isoler la machine. Decoder le payload manuellement pour analyser le code execute. Supprimer le package.',
+
+  crypto_decipher:
+    'crypto.createDecipher/createDecipheriv detecte. Dechiffrement de payload embarque a runtime. ' +
+    'Pattern canonique de l\'attaque event-stream/flatmap-stream. Extraire et decoder le payload manuellement ' +
+    'pour analyser le code execute. Verifier la source des donnees chiffrees.',
+
+  module_compile:
+    'CRITIQUE: module._compile() detecte. Cette API Node.js interne execute du code arbitraire ' +
+    'a partir d\'une chaine dans le contexte d\'un module. Utilisee dans flatmap-stream pour executer ' +
+    'un payload dechiffre sans ecrire sur disque. Isoler immediatement. Analyser la source de la chaine compilee.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -649,6 +649,32 @@ const RULES = {
     mitre: 'T1565.001'
   },
 
+  crypto_decipher: {
+    id: 'MUADDIB-AST-022',
+    name: 'Encrypted Payload Decryption',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'crypto.createDecipher/createDecipheriv detecte. Dechiffrement runtime de payload embarque. Pattern canonique de flatmap-stream/event-stream.',
+    references: [
+      'https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream/',
+      'https://attack.mitre.org/techniques/T1140/'
+    ],
+    mitre: 'T1140'
+  },
+
+  module_compile: {
+    id: 'MUADDIB-AST-023',
+    name: 'Module Compile Execution',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'module._compile() detecte. Execution de code arbitraire a partir d\'une chaine dans le contexte module. Technique cle de flatmap-stream.',
+    references: [
+      'https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident',
+      'https://attack.mitre.org/techniques/T1059/007/'
+    ],
+    mitre: 'T1059'
+  },
+
   ai_agent_abuse: {
     id: 'MUADDIB-AST-013',
     name: 'AI Agent Weaponization',

package/src/scanner/ast.js

@@ -719,6 +719,30 @@ function analyzeFile(content, filePath, basePath) {
           });
         }
       }
+
+      // Detect crypto.createDecipher/createDecipheriv — encrypted payload pattern (flatmap-stream)
+      // Also detect module._compile — in-memory code execution
+      if (node.callee.type === 'MemberExpression') {
+        const prop = node.callee.property;
+        const propName = prop.type === 'Identifier' ? prop.name :
+                         (prop.type === 'Literal' ? prop.value : null);
+        if (propName === 'createDecipher' || propName === 'createDecipheriv') {
+          threats.push({
+            type: 'crypto_decipher',
+            severity: 'HIGH',
+            message: `${propName}() detected — runtime decryption of embedded payload (event-stream/flatmap-stream pattern).`,
+            file: path.relative(basePath, filePath)
+          });
+        }
+        if (propName === '_compile') {
+          threats.push({
+            type: 'module_compile',
+            severity: 'CRITICAL',
+            message: 'module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern).',
+            file: path.relative(basePath, filePath)
+          });
+        }
+      }
     },
 
     ImportExpression(node) {

package/src/scanner/dataflow.js

@@ -95,7 +95,10 @@ function analyzeFile(content, filePath, basePath) {
           const prop = node.init.callee.property;
           if (obj?.type === 'Identifier' && obj.name === 'path' &&
               prop?.type === 'Identifier' && (prop.name === 'join' || prop.name === 'resolve')) {
-            if (node.init.arguments.some(a => a.type === 'Identifier' && sensitivePathVars.has(a.name))) {
+            if (node.init.arguments.some(a =>
+              (a.type === 'Identifier' && sensitivePathVars.has(a.name)) ||
+              (a.type === 'MemberExpression' && a.object?.type === 'Identifier' && sensitivePathVars.has(a.object.name))
+            )) {
               sensitivePathVars.add(node.id.name);
             }
           }
@@ -241,6 +244,17 @@ function analyzeFile(content, filePath, basePath) {
           });
         }
       }
+
+      // Detect property access to secret key material
+      const propName = node.property?.type === 'Identifier' ? node.property.name :
+                       (node.property?.type === 'Literal' ? node.property.value : null);
+      if (propName && ['secretKey', '_secretKey', 'privateKey', '_privateKey', 'mnemonic', 'seedPhrase'].includes(propName)) {
+        sources.push({
+          type: 'credential_read',
+          name: propName,
+          line: node.loc?.start?.line
+        });
+      }
     }
   });
 
@@ -300,7 +314,8 @@ const SENSITIVE_PATH_PATTERNS = [
   '.ethereum', '.electrum', '.config/solana', '.exodus',
   '.atomic', '.metamask', '.ledger-live', '.trezor',
   '.bitcoin', '.monero', '.gnupg',
-  '_cacache', '.cache/yarn', '.cache/pip'
+  '_cacache', '.cache/yarn', '.cache/pip',
+  'discord', 'leveldb'
 ];
 
 function isSensitivePath(val) {
@@ -327,6 +342,9 @@ function containsSensitiveLiteral(node) {
   if (node.type === 'CallExpression' && node.arguments) {
     return node.arguments.some(a => containsSensitiveLiteral(a));
   }
+  if (node.type === 'ObjectExpression' && node.properties) {
+    return node.properties.some(p => p.value && containsSensitiveLiteral(p.value));
+  }
   return false;
 }
 
@@ -346,6 +364,11 @@ function isCredentialPath(arg, sensitivePathVars) {
   if (arg.type === 'Identifier' && sensitivePathVars && sensitivePathVars.has(arg.name)) {
     return true;
   }
+  // Handle property access on tracked objects: _0x.a where _0x is tracked as sensitive
+  if (arg.type === 'MemberExpression' && arg.object?.type === 'Identifier' &&
+      sensitivePathVars && sensitivePathVars.has(arg.object.name)) {
+    return true;
+  }
   // Handle path.join(dir, '.npmrc') or path.join(sshDir, 'id_rsa') where sshDir is tracked
   if (arg.type === 'CallExpression' && arg.callee.type === 'MemberExpression') {
     const obj = arg.callee.object;

package/src/scanner/deobfuscate.js

@@ -97,6 +97,26 @@ function deobfuscate(sourceCode) {
         return;
       }
 
+      // Buffer.from('...', 'hex').toString() → decoded string
+      if (isBufferHexToString(node)) {
+        const hexStr = extractBufferHexArg(node);
+        if (hexStr === null) return;
+        try {
+          const decoded = Buffer.from(hexStr, 'hex').toString();
+          if (!isPrintable(decoded)) return;
+          const before = sourceCode.slice(node.start, node.end);
+          const after = quoteString(decoded);
+          replacements.push({
+            start: node.start,
+            end: node.end,
+            value: after,
+            type: 'hex',
+            before
+          });
+        } catch { /* decode failure — skip */ }
+        return;
+      }
+
       // atob('...') → decoded string
       if (isAtobCall(node)) {
         const b64str = node.arguments[0]?.value;
@@ -430,6 +450,34 @@ function extractBufferBase64Arg(node) {
   return inner.arguments[0].value;
 }
 
+/**
+ * Check if node is Buffer.from('...', 'hex').toString()
+ */
+function isBufferHexToString(node) {
+  if (node.type !== 'CallExpression') return false;
+  const callee = node.callee;
+  if (callee.type !== 'MemberExpression') return false;
+  if (callee.property?.type !== 'Identifier' || callee.property.name !== 'toString') return false;
+  const inner = callee.object;
+  if (inner?.type !== 'CallExpression') return false;
+  const innerCallee = inner.callee;
+  if (innerCallee?.type !== 'MemberExpression') return false;
+  if (innerCallee.object?.type !== 'Identifier' || innerCallee.object.name !== 'Buffer') return false;
+  if (innerCallee.property?.type !== 'Identifier' || innerCallee.property.name !== 'from') return false;
+  if (inner.arguments.length < 2) return false;
+  if (inner.arguments[1]?.type !== 'Literal' || inner.arguments[1].value !== 'hex') return false;
+  if (inner.arguments[0]?.type !== 'Literal' || typeof inner.arguments[0].value !== 'string') return false;
+  return true;
+}
+
+/**
+ * Extract the hex string argument from Buffer.from(str, 'hex').toString()
+ */
+function extractBufferHexArg(node) {
+  const inner = node.callee.object;
+  return inner.arguments[0].value;
+}
+
 /**
  * Check if node is atob('...')
  */