muaddib-scanner 2.5.10 → 2.5.12

package/logs/alerts/{2026-03-06T20-13-43-891-evil-pkg.json → 2026-03-07T16-18-04-719-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@1.0.0",
-  "timestamp": "2026-03-06T20:13:43.891Z",
+  "timestamp": "2026-03-07T16:18:04.719Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/alerts/{2026-03-06T20-13-43-892-evil-pkg.json → 2026-03-07T16-18-04-720-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@1.0.0",
-  "timestamp": "2026-03-06T20:13:43.892Z",
+  "timestamp": "2026-03-07T16:18:04.720Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/alerts/{2026-03-06T20-13-43-892-suspect-pkg.json → 2026-03-07T16-18-04-720-suspect-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/suspect-pkg@1.0",
-  "timestamp": "2026-03-06T20:13:43.892Z",
+  "timestamp": "2026-03-07T16:18:04.720Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 0,

package/logs/alerts/{2026-03-06T20-13-44-264-evil-pkg.json → 2026-03-07T16-18-05-033-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@2.0.0",
-  "timestamp": "2026-03-06T20:13:44.264Z",
+  "timestamp": "2026-03-07T16:18:05.033Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/daily-reports/{2026-03-06.json → 2026-03-07.json}

@@ -1,6 +1,6 @@
 {
-  "date": "2026-03-06",
-  "timestamp": "2026-03-06T20:13:44.379Z",
+  "date": "2026-03-07",
+  "timestamp": "2026-03-07T16:18:05.131Z",
   "embed": {
     "embeds": [
       {
@@ -34,14 +34,14 @@
           },
           {
             "name": "Top Suspects",
-            "value": "1. **npm/test-dedup-detection-1772828023889@1.0.0** — 1 finding(s)",
+            "value": "1. **npm/test-dedup-detection-1772900284717@1.0.0** — 1 finding(s)",
             "inline": false
           }
         ],
         "footer": {
-          "text": "MUAD'DIB - Daily summary | 2026-03-06 20:13:44 UTC"
+          "text": "MUAD'DIB - Daily summary | 2026-03-07 16:18:05 UTC"
         },
-        "timestamp": "2026-03-06T20:13:44.379Z"
+        "timestamp": "2026-03-07T16:18:05.131Z"
       }
     ]
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.5.10",
+  "version": "2.5.12",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/scripts/fix-permissions.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Fix EROFS/EACCES on /opt/muaddib/logs/ directories
+# Run on VPS: sudo bash scripts/fix-permissions.sh
+
+set -e
+
+MUADDIB_DIR="${MUADDIB_DIR:-/opt/muaddib}"
+LOG_DIR="$MUADDIB_DIR/logs"
+OWNER="${SUDO_USER:-ubuntu}"
+
+echo "[fix-permissions] Fixing log directory permissions..."
+
+sudo mkdir -p "$LOG_DIR/alerts"
+sudo mkdir -p "$LOG_DIR/daily-reports"
+sudo chown -R "$OWNER:$OWNER" "$LOG_DIR"
+sudo chmod -R 755 "$LOG_DIR"
+
+echo "[fix-permissions] Done. Verifying..."
+ls -la "$LOG_DIR/"
+echo "[fix-permissions] Owner: $(stat -c '%U:%G' "$LOG_DIR")"
+
+# Verify writability
+PROBE="$LOG_DIR/alerts/.write-test"
+touch "$PROBE" && rm "$PROBE" && echo "[fix-permissions] Write test OK" || echo "[fix-permissions] ERROR: Still not writable!"

package/src/ioc/yaml-loader.js

@@ -4,6 +4,31 @@ const yaml = require('js-yaml');
 
 const IOCS_DIR = path.join(__dirname, '../../iocs');
 
+/**
+ * Read a YAML file with optional HMAC verification.
+ * If a sibling .hmac file exists, verify integrity. Warn on mismatch but still load
+ * (backward-compatible for pre-HMAC installs).
+ * Uses lazy require to avoid circular dependency with updater.js.
+ * @param {string} filePath - Path to the YAML file
+ * @returns {string} Raw YAML content
+ */
+function readVerifiedYAML(filePath) {
+  const content = fs.readFileSync(filePath, 'utf8');
+  const hmacPath = filePath + '.hmac';
+  if (fs.existsSync(hmacPath)) {
+    try {
+      const { verifyIOCHMAC } = require('./updater.js');
+      const storedHmac = fs.readFileSync(hmacPath, 'utf8').trim();
+      if (!verifyIOCHMAC(content, storedHmac)) {
+        console.error(`[WARN] HMAC verification failed for ${path.basename(filePath)} — possible tampering`);
+      }
+    } catch (e) {
+      console.error(`[WARN] Could not read HMAC file for ${path.basename(filePath)}: ${e.message}`);
+    }
+  }
+  return content;
+}
+
 function loadYAMLIOCs() {
   const iocs = {
     packages: [],
@@ -34,7 +59,7 @@ function loadPackagesYAML(filePath, iocs, seenPkgs) {
   if (!fs.existsSync(filePath)) return;
 
   try {
-    const data = yaml.load(fs.readFileSync(filePath, 'utf8'), { schema: yaml.JSON_SCHEMA });
+    const data = yaml.load(readVerifiedYAML(filePath), { schema: yaml.JSON_SCHEMA });
     if (data && data.packages) {
       for (const p of data.packages) {
         if (!p.name || typeof p.name !== 'string') continue;
@@ -64,7 +89,7 @@ function loadBuiltinYAML(filePath, iocs, seenPkgs, seenHashes, seenMarkers, seen
   if (!fs.existsSync(filePath)) return;
 
   try {
-    const data = yaml.load(fs.readFileSync(filePath, 'utf8'), { schema: yaml.JSON_SCHEMA });
+    const data = yaml.load(readVerifiedYAML(filePath), { schema: yaml.JSON_SCHEMA });
 
     // Packages
     if (data && data.packages) {
@@ -150,7 +175,7 @@ function loadHashesYAML(filePath, iocs, seenHashes, seenMarkers, seenFiles) {
   if (!fs.existsSync(filePath)) return;
 
   try {
-    const data = yaml.load(fs.readFileSync(filePath, 'utf8'), { schema: yaml.JSON_SCHEMA });
+    const data = yaml.load(readVerifiedYAML(filePath), { schema: yaml.JSON_SCHEMA });
 
     if (data && data.hashes) {
       for (const h of data.hashes) {
@@ -220,4 +245,20 @@ function getIOCStats() {
   return _cachedIOCStats;
 }
 
-module.exports = { loadYAMLIOCs, getIOCStats };
+/**
+ * Generate .hmac signature files for the 3 YAML IOC files.
+ * Call after updating YAML IOCs to sign them for integrity verification.
+ */
+function signYAMLIOCs() {
+  const { generateIOCHMAC } = require('./updater.js');
+  const yamlFiles = ['packages.yaml', 'builtin.yaml', 'hashes.yaml'];
+  for (const file of yamlFiles) {
+    const filePath = path.join(IOCS_DIR, file);
+    if (!fs.existsSync(filePath)) continue;
+    const content = fs.readFileSync(filePath, 'utf8');
+    const hmac = generateIOCHMAC(content);
+    fs.writeFileSync(filePath + '.hmac', hmac);
+  }
+}
+
+module.exports = { loadYAMLIOCs, getIOCStats, readVerifiedYAML, signYAMLIOCs };

package/src/response/playbooks.js

@@ -428,6 +428,26 @@ const PLAYBOOKS = {
     'Persistence IDE detectee. Le code ecrit dans tasks.json ou la configuration VS Code avec execution automatique ' +
     'a l\'ouverture du dossier (runOn: folderOpen, reveal: silent). Pattern FAMOUS CHOLLIMA / StegaBin. ' +
     'Verifier ~/.config/Code/User/tasks.json et supprimer les taches inconnues.',
+
+  vm_code_execution:
+    'CRITIQUE: Execution de code via le module vm de Node.js. Les methodes vm.runInThisContext(), vm.runInNewContext(), ' +
+    'vm.compileFunction() et new vm.Script() permettent d\'executer du code dynamique en contournant la detection eval/Function. ' +
+    'Analyser le code source execute. Verifier s\'il s\'agit d\'un moteur de templates ou d\'un payload malveillant.',
+
+  reflect_code_execution:
+    'CRITIQUE: Execution de code via l\'API Reflect. Reflect.construct(Function, [...]) et Reflect.apply(eval, ...) ' +
+    'contournent la detection directe de eval/new Function(). Technique d\'evasion avancee. ' +
+    'Analyser les arguments passes a Reflect. Supprimer le package si non justifie.',
+
+  process_binding_abuse:
+    'CRITIQUE: Acces direct aux bindings V8 internes via process.binding() ou process._linkedBinding(). ' +
+    'Permet l\'execution de commandes (spawn_sync) ou l\'acces au systeme de fichiers (fs) sans passer par les modules Node.js standards. ' +
+    'Technique d\'evasion avancee contournant toute la couche d\'abstraction. Supprimer immediatement.',
+
+  worker_thread_exec:
+    'new Worker() avec eval:true detecte. Le code s\'execute dans un thread worker separe, contournant la detection AST du thread principal. ' +
+    'Verifier le contenu du code passe au Worker. Si dynamique ou obfusque, supprimer le package. ' +
+    'Analyser les communications inter-threads (parentPort, workerData) pour identifier le payload.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -1197,6 +1197,58 @@ const RULES = {
     ],
     mitre: 'T1546'
   },
+
+  vm_code_execution: {
+    id: 'MUADDIB-AST-036',
+    name: 'VM Module Code Execution',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Execution de code dynamique via le module vm de Node.js (vm.runInThisContext, vm.runInNewContext, vm.compileFunction, new vm.Script). Contourne la detection eval/Function.',
+    references: [
+      'https://nodejs.org/api/vm.html',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
+
+  reflect_code_execution: {
+    id: 'MUADDIB-AST-037',
+    name: 'Reflect API Code Execution',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Execution de code dynamique via Reflect.construct(Function, [...]) ou Reflect.apply(eval, ...). Contourne la detection directe de eval/Function/new Function.',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Reflect',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
+
+  process_binding_abuse: {
+    id: 'MUADDIB-AST-038',
+    name: 'Process Binding Abuse',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Acces direct aux bindings V8 internes via process.binding() ou process._linkedBinding(). Contourne les modules child_process/fs pour execution de commandes ou acces fichiers sans detection.',
+    references: [
+      'https://nodejs.org/api/process.html#processbindingname',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
+
+  worker_thread_exec: {
+    id: 'MUADDIB-AST-039',
+    name: 'Worker Thread Code Execution',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'new Worker() avec eval:true execute du code arbitraire dans un thread worker, contournant la detection du thread principal. Technique d\'evasion pour executer du code dynamique hors du scope AST principal.',
+    references: [
+      'https://nodejs.org/api/worker_threads.html',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
 };
 
 function getRule(type) {

package/src/sarif.js

@@ -10,6 +10,11 @@ const pkgVersion = (() => {
   }
 })();
 
+function sarifUri(filePath) {
+  if (!filePath) return '';
+  return filePath.split(/[/\\]/).map(encodeURIComponent).join('/');
+}
+
 function generateSARIF(results) {
   const sarif = {
     $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
@@ -50,7 +55,7 @@ function generateSARIF(results) {
             {
               physicalLocation: {
                 artifactLocation: {
-                  uri: encodeURI(threat.file || ''),
+                  uri: sarifUri(threat.file),
                   uriBaseId: '%SRCROOT%'
                 },
                 region: {

package/src/scanner/ast-detectors.js

@@ -206,8 +206,12 @@ function resolveStringConcat(node) {
  */
 function extractStringValueDeep(node) {
   const concat = resolveStringConcat(node);
-  if (concat !== null) return concat;
-  return extractStringValue(node);
+  let result = concat !== null ? concat : extractStringValue(node);
+  // Batch 2: strip node: prefix so require('node:child_process') normalizes to 'child_process'
+  if (typeof result === 'string' && result.startsWith('node:')) {
+    result = result.slice(5);
+  }
+  return result;
 }
 
 /**
@@ -369,6 +373,38 @@ function handleVariableDeclarator(node, ctx) {
       }
     }
   }
+
+  // Batch 2: Detect destructuring of process.env: const { TOKEN, SECRET } = process.env
+  if (node.id?.type === 'ObjectPattern' &&
+      node.init?.type === 'MemberExpression' &&
+      node.init.object?.type === 'Identifier' && node.init.object.name === 'process' &&
+      node.init.property?.type === 'Identifier' && node.init.property.name === 'env') {
+    for (const prop of node.id.properties) {
+      if (prop.type === 'Property' && prop.key?.type === 'Identifier') {
+        const envVar = prop.key.name;
+        if (SAFE_ENV_VARS.includes(envVar)) continue;
+        const envLower = envVar.toLowerCase();
+        if (SAFE_ENV_PREFIXES.some(p => envLower.startsWith(p))) continue;
+        if (ENV_SENSITIVE_KEYWORDS.some(s => envVar.toUpperCase().includes(s))) {
+          ctx.threats.push({
+            type: 'env_access',
+            severity: 'HIGH',
+            message: `Destructured access to sensitive env var: const { ${envVar} } = process.env.`,
+            file: ctx.relFile
+          });
+        }
+      }
+      // RestElement: const { ...all } = process.env → env harvesting
+      if (prop.type === 'RestElement') {
+        ctx.threats.push({
+          type: 'env_harvesting_dynamic',
+          severity: 'HIGH',
+          message: 'Environment variable harvesting via rest destructuring: const { ...rest } = process.env.',
+          file: ctx.relFile
+        });
+      }
+    }
+  }
 }
 
 function handleCallExpression(node, ctx) {
@@ -1035,6 +1071,29 @@ function handleCallExpression(node, ctx) {
     }
   }
 
+  // Batch 2: Detect indirect eval/Function via logical expression: (false || eval)(code), (0 || Function)(code)
+  if (node.callee.type === 'LogicalExpression' && node.callee.operator === '||') {
+    const right = node.callee.right;
+    if (right?.type === 'Identifier') {
+      if (right.name === 'eval') {
+        ctx.hasEvalInFile = true;
+        ctx.threats.push({
+          type: 'dangerous_call_eval',
+          severity: 'HIGH',
+          message: 'Indirect eval via logical expression ((false || eval)) — evasion technique.',
+          file: ctx.relFile
+        });
+      } else if (right.name === 'Function') {
+        ctx.threats.push({
+          type: 'dangerous_call_function',
+          severity: 'MEDIUM',
+          message: 'Indirect Function via logical expression ((false || Function)) — evasion technique.',
+          file: ctx.relFile
+        });
+      }
+    }
+  }
+
   // Detect crypto.createDecipher/createDecipheriv and module._compile
   if (node.callee.type === 'MemberExpression') {
     const prop = node.callee.property;
@@ -1049,24 +1108,41 @@ function handleCallExpression(node, ctx) {
       });
     }
     if (propName === '_compile') {
-      ctx.hasDynamicExec = true;
-      ctx.threats.push({
-        type: 'module_compile',
-        severity: 'CRITICAL',
-        message: 'module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern).',
-        file: ctx.relFile
-      });
-      // SANDWORM_MODE: Module._compile with non-literal argument = dynamic code execution
-      if (node.arguments.length >= 1 && !hasOnlyStringLiteralArgs(node)) {
+      // Context-aware gating: only flag _compile when the Module API is plausibly in scope.
+      // Custom class methods (e.g. blessed's Tput.prototype._compile) are not malware.
+      const calleeObj = node.callee.object;
+      const isThisCall = calleeObj.type === 'ThisExpression';
+      const isModuleIdentifier = calleeObj.type === 'Identifier' &&
+        (calleeObj.name === 'module' || calleeObj.name === 'Module' || calleeObj.name === 'm');
+      const isConstructed = calleeObj.type === 'NewExpression' || calleeObj.type === 'CallExpression';
+      const isMemberChain = calleeObj.type === 'MemberExpression';
+      // Skip: this._compile() is always a custom instance method, not Node Module API
+      // Detect: module/Module/m identifier, new X()._compile(), X()._compile(), X.Y._compile()
+      // Other identifiers: only if require('module') or module.constructor is in file
+      const shouldDetect = !isThisCall && (
+        isModuleIdentifier || isConstructed || isMemberChain ||
+        (calleeObj.type === 'Identifier' && ctx.hasModuleImport)
+      );
+      if (shouldDetect) {
+        ctx.hasDynamicExec = true;
         ctx.threats.push({
-          type: 'module_compile_dynamic',
+          type: 'module_compile',
           severity: 'CRITICAL',
-          message: 'In-memory code execution via Module._compile(). Common malware evasion technique.',
+          message: 'module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern).',
           file: ctx.relFile
         });
+        // SANDWORM_MODE: Module._compile with non-literal argument = dynamic code execution
+        if (node.arguments.length >= 1 && !hasOnlyStringLiteralArgs(node)) {
+          ctx.threats.push({
+            type: 'module_compile_dynamic',
+            severity: 'CRITICAL',
+            message: 'In-memory code execution via Module._compile(). Common malware evasion technique.',
+            file: ctx.relFile
+          });
+        }
+        // Module._compile counts as temp file exec for write-execute-delete pattern
+        ctx.hasTempFileExec = ctx.hasTempFileExec || ctx.hasDevShmInContent;
       }
-      // Module._compile counts as temp file exec for write-execute-delete pattern
-      ctx.hasTempFileExec = ctx.hasTempFileExec || ctx.hasDevShmInContent;
     }
 
     // SANDWORM_MODE: Track writeFileSync/writeFile to temp paths
@@ -1118,6 +1194,79 @@ function handleCallExpression(node, ctx) {
     }
   }
 
+  // Batch 1: vm.* code execution — vm.runInThisContext, vm.runInNewContext, vm.compileFunction, vm.Script
+  if (node.callee.type === 'MemberExpression' && node.callee.property?.type === 'Identifier') {
+    const vmMethod = node.callee.property.name;
+    if (['runInThisContext', 'runInNewContext', 'compileFunction'].includes(vmMethod)) {
+      // NOTE: Do NOT set ctx.hasDynamicExec — vm.* is legitimately used by bundlers
+      // (webpack, jest, etc.) and must not trigger compound detections (zlib_inflate_eval,
+      // fetch_decrypt_exec) which were designed for eval/Function patterns.
+      ctx.threats.push({
+        type: 'vm_code_execution',
+        severity: 'HIGH',
+        message: `vm.${vmMethod}() — dynamic code execution via Node.js vm module bypasses eval detection.`,
+        file: ctx.relFile
+      });
+    }
+  }
+
+  // Batch 1: Reflect.construct(Function, [...]) / Reflect.apply(eval, null, [...])
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.object?.type === 'Identifier' && node.callee.object.name === 'Reflect' &&
+      node.callee.property?.type === 'Identifier') {
+    const reflectMethod = node.callee.property.name;
+    if (reflectMethod === 'construct' && node.arguments.length >= 2) {
+      const target = node.arguments[0];
+      if (target.type === 'Identifier' && target.name === 'Function') {
+        ctx.hasDynamicExec = true;
+        ctx.threats.push({
+          type: 'reflect_code_execution',
+          severity: 'CRITICAL',
+          message: 'Reflect.construct(Function, [...]) — indirect Function construction bypasses new Function() detection.',
+          file: ctx.relFile
+        });
+      }
+    } else if (reflectMethod === 'apply' && node.arguments.length >= 3) {
+      const target = node.arguments[0];
+      if (target.type === 'Identifier' && (target.name === 'eval' || target.name === 'Function')) {
+        ctx.hasDynamicExec = true;
+        ctx.threats.push({
+          type: 'reflect_code_execution',
+          severity: 'CRITICAL',
+          message: `Reflect.apply(${target.name}, ...) — indirect ${target.name} invocation bypasses direct call detection.`,
+          file: ctx.relFile
+        });
+      }
+    }
+  }
+
+  // Batch 1: process.binding('spawn_sync'/'fs') / process._linkedBinding(...)
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.object?.type === 'Identifier' && node.callee.object.name === 'process' &&
+      node.callee.property?.type === 'Identifier' &&
+      (node.callee.property.name === 'binding' || node.callee.property.name === '_linkedBinding') &&
+      node.arguments.length >= 1) {
+    const bindArg = node.arguments[0];
+    const bindStr = bindArg?.type === 'Literal' && typeof bindArg.value === 'string' ? bindArg.value : null;
+    const dangerousBindings = ['spawn_sync', 'fs', 'pipe_wrap', 'tcp_wrap', 'tls_wrap', 'udp_wrap', 'process_wrap'];
+    if (bindStr && dangerousBindings.includes(bindStr)) {
+      ctx.threats.push({
+        type: 'process_binding_abuse',
+        severity: 'CRITICAL',
+        message: `process.${node.callee.property.name}('${bindStr}') — direct V8 binding access bypasses child_process/fs module detection.`,
+        file: ctx.relFile
+      });
+    } else if (!bindStr) {
+      // Dynamic binding argument — suspicious
+      ctx.threats.push({
+        type: 'process_binding_abuse',
+        severity: 'HIGH',
+        message: `process.${node.callee.property.name}() with dynamic argument — potential V8 binding abuse.`,
+        file: ctx.relFile
+      });
+    }
+  }
+
   // SANDWORM_MODE R8: dns.resolve detection moved to walk.ancestor() in ast.js (FIX 5)
 }
 
@@ -1125,8 +1274,10 @@ function handleImportExpression(node, ctx) {
   if (node.source) {
     const src = node.source;
     if (src.type === 'Literal' && typeof src.value === 'string') {
-      const dangerousModules = ['child_process', 'fs', 'http', 'https', 'net', 'dns', 'tls'];
-      if (dangerousModules.includes(src.value)) {
+      const dangerousModules = ['child_process', 'fs', 'http', 'https', 'net', 'dns', 'tls', 'worker_threads'];
+      // Batch 2: strip node: prefix so import('node:child_process') normalizes
+      const modName = src.value.startsWith('node:') ? src.value.slice(5) : src.value;
+      if (dangerousModules.includes(modName)) {
         ctx.threats.push({
           type: 'dynamic_import',
           severity: 'HIGH',
@@ -1159,6 +1310,19 @@ function handleNewExpression(node, ctx) {
     }
   }
 
+  // Batch 1: new vm.Script(code) — dynamic code compilation via vm module
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.property?.type === 'Identifier' && node.callee.property.name === 'Script' &&
+      node.arguments.length >= 1 && !hasOnlyStringLiteralArgs(node)) {
+    // NOTE: Do NOT set ctx.hasDynamicExec — same rationale as vm.runInThisContext above.
+    ctx.threats.push({
+      type: 'vm_code_execution',
+      severity: 'HIGH',
+      message: 'new vm.Script() with dynamic code — vm module code compilation bypasses eval detection.',
+      file: ctx.relFile
+    });
+  }
+
   // Detect new Proxy(process.env, handler)
   if (node.callee.type === 'Identifier' && node.callee.name === 'Proxy' && node.arguments.length >= 2) {
     const target = node.arguments[0];
@@ -1182,6 +1346,25 @@ function handleNewExpression(node, ctx) {
       });
     }
   }
+
+  // Batch 2: new Worker(code, { eval: true }) — worker_threads code execution
+  if (node.callee.type === 'Identifier' && node.callee.name === 'Worker' &&
+      node.arguments.length >= 2) {
+    const opts = node.arguments[1];
+    if (opts?.type === 'ObjectExpression') {
+      const evalProp = opts.properties?.find(p =>
+        p.key?.name === 'eval' && p.value?.value === true);
+      if (evalProp) {
+        ctx.hasDynamicExec = true;
+        ctx.threats.push({
+          type: 'worker_thread_exec',
+          severity: 'HIGH',
+          message: 'new Worker() with eval:true — executes arbitrary code in worker thread, bypasses main thread detection.',
+          file: ctx.relFile
+        });
+      }
+    }
+  }
 }
 
 function handleLiteral(node, ctx) {
@@ -1259,7 +1442,9 @@ function handleAssignmentExpression(node, ctx) {
       // Assigning require('child_process') or its methods to an object property
       if (node.right.type === 'CallExpression' && getCallName(node.right) === 'require' &&
           node.right.arguments.length > 0 && node.right.arguments[0]?.type === 'Literal') {
-        const mod = node.right.arguments[0].value;
+        const rawMod = node.right.arguments[0].value;
+        // Batch 2: strip node: prefix
+        const mod = typeof rawMod === 'string' && rawMod.startsWith('node:') ? rawMod.slice(5) : rawMod;
         if (mod === 'child_process' || mod === 'fs' || mod === 'net' || mod === 'dns') {
           ctx.threats.push({
             type: 'dynamic_require',
@@ -1272,16 +1457,20 @@ function handleAssignmentExpression(node, ctx) {
       // Assigning require('child_process').exec to an object property
       if (node.right.type === 'MemberExpression' && node.right.object?.type === 'CallExpression' &&
           getCallName(node.right.object) === 'require' &&
-          node.right.object.arguments.length > 0 && node.right.object.arguments[0]?.type === 'Literal' &&
-          node.right.object.arguments[0].value === 'child_process') {
-        const method = node.right.property?.type === 'Identifier' ? node.right.property.name : null;
-        if (method && ['exec', 'execSync', 'spawn', 'execFile'].includes(method)) {
-          ctx.threats.push({
-            type: 'dangerous_exec',
-            severity: 'HIGH',
-            message: `Object property indirection: ${propName} = require('child_process').${method} — hiding exec in object property.`,
-            file: ctx.relFile
-          });
+          node.right.object.arguments.length > 0 && node.right.object.arguments[0]?.type === 'Literal') {
+        const reqModRaw = node.right.object.arguments[0].value;
+        // Batch 2: strip node: prefix
+        const reqMod = typeof reqModRaw === 'string' && reqModRaw.startsWith('node:') ? reqModRaw.slice(5) : reqModRaw;
+        if (reqMod === 'child_process') {
+          const method = node.right.property?.type === 'Identifier' ? node.right.property.name : null;
+          if (method && ['exec', 'execSync', 'spawn', 'execFile'].includes(method)) {
+            ctx.threats.push({
+              type: 'dangerous_exec',
+              severity: 'HIGH',
+              message: `Object property indirection: ${propName} = require('child_process').${method} — hiding exec in object property.`,
+              file: ctx.relFile
+            });
+          }
         }
       }
       // Assigning eval or Function to an object property
@@ -1560,8 +1749,10 @@ function handleWithStatement(node, ctx) {
   // When used with require(), it allows calling exec(), spawn() etc. without explicit reference.
   if (node.object?.type === 'CallExpression' && getCallName(node.object) === 'require') {
     const arg = node.object.arguments[0];
-    const modName = arg?.type === 'Literal' ? arg.value : null;
-    const dangerousModules = ['child_process', 'fs', 'http', 'https', 'net', 'dns'];
+    const rawModName = arg?.type === 'Literal' ? arg.value : null;
+    // Batch 2: strip node: prefix
+    const modName = typeof rawModName === 'string' && rawModName.startsWith('node:') ? rawModName.slice(5) : rawModName;
+    const dangerousModules = ['child_process', 'fs', 'http', 'https', 'net', 'dns', 'worker_threads'];
     if (modName && dangerousModules.includes(modName)) {
       ctx.hasDynamicExec = true;
       ctx.threats.push({

package/src/scanner/ast.js

@@ -116,6 +116,8 @@ function analyzeFile(content, filePath, basePath) {
     // Content-level MCP detection: MCP keyword + writeFileSync + MCP config path in same file
     // Path co-occurrence prevents FPs where a file reads MCP config but writes elsewhere.
     // Read-only pattern (readFileSync without writeFileSync to MCP) is not injection.
+    // Module API context: require('module') or module.constructor usage
+    hasModuleImport: /require\s*\(\s*['"]module['"]\s*\)/.test(content) || /module\.constructor/.test(content),
     hasMcpContentKeywords: (/\bmcpServers\b/.test(content) || /\bmcp\.json\b/.test(content) || /\bclaude_desktop_config\b/.test(content)) &&
       /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content) &&
       (/\.claude[/\\]/.test(content) || /\.cursor[/\\]/.test(content) || /\.vscode[/\\]/.test(content) || /\.windsurf[/\\]/.test(content) || /\.codeium[/\\]/.test(content) || /\.continue[/\\]/.test(content) || /claude_desktop_config/.test(content) || /\bmcp\.json\b/.test(content))

package/src/scanner/dataflow.js

@@ -17,6 +17,9 @@ const MODULE_SOURCE_METHODS = {
     readFileSync: 'credential_read', readFile: 'credential_read',
     readdirSync: 'credential_read', readdir: 'credential_read'
   },
+  'fs/promises': {
+    readFile: 'credential_read', readdir: 'credential_read'
+  },
   child_process: {
     exec: 'command_output', execSync: 'command_output',
     spawn: 'command_output', spawnSync: 'command_output'
@@ -53,12 +56,14 @@ function buildTaintMap(ast) {
   walk.simple(ast, {
     VariableDeclarator(node) {
       if (!node.init) return;
+      let init = node.init;
+      if (init.type === 'AwaitExpression') init = init.argument;
 
       // Pattern: const x = require("os")
-      if (node.id.type === 'Identifier' && node.init.type === 'CallExpression') {
-        const callee = node.init.callee;
-        if (callee.type === 'Identifier' && callee.name === 'require' && node.init.arguments.length > 0) {
-          const arg = node.init.arguments[0];
+      if (node.id.type === 'Identifier' && init.type === 'CallExpression') {
+        const callee = init.callee;
+        if (callee.type === 'Identifier' && callee.name === 'require' && init.arguments.length > 0) {
+          const arg = init.arguments[0];
           if (arg.type === 'Literal' && typeof arg.value === 'string' && TRACKED_MODULES.has(arg.value)) {
             taintMap.set(node.id.name, { source: arg.value, detail: arg.value });
           }
@@ -66,10 +71,10 @@ function buildTaintMap(ast) {
       }
 
       // Pattern: const { exec, spawn } = require("child_process")
-      if (node.id.type === 'ObjectPattern' && node.init.type === 'CallExpression') {
-        const callee = node.init.callee;
-        if (callee.type === 'Identifier' && callee.name === 'require' && node.init.arguments.length > 0) {
-          const arg = node.init.arguments[0];
+      if (node.id.type === 'ObjectPattern' && init.type === 'CallExpression') {
+        const callee = init.callee;
+        if (callee.type === 'Identifier' && callee.name === 'require' && init.arguments.length > 0) {
+          const arg = init.arguments[0];
           if (arg.type === 'Literal' && typeof arg.value === 'string' && TRACKED_MODULES.has(arg.value)) {
             for (const prop of node.id.properties) {
               if (prop.type === 'Property' && prop.value?.type === 'Identifier') {
@@ -82,9 +87,9 @@ function buildTaintMap(ast) {
       }
 
       // Pattern: const e = process.env
-      if (node.id.type === 'Identifier' && node.init.type === 'MemberExpression') {
-        const obj = node.init.object;
-        const prop = node.init.property;
+      if (node.id.type === 'Identifier' && init.type === 'MemberExpression') {
+        const obj = init.object;
+        const prop = init.property;
         if (obj?.type === 'Identifier' && obj.name === 'process' &&
             prop?.type === 'Identifier' && prop.name === 'env') {
           taintMap.set(node.id.name, { source: 'process.env', detail: 'process.env' });
@@ -92,9 +97,9 @@ function buildTaintMap(ast) {
       }
 
       // Pattern: const h = x.homedir where x is tainted as "os"
-      if (node.id.type === 'Identifier' && node.init.type === 'MemberExpression') {
-        const obj = node.init.object;
-        const prop = node.init.property;
+      if (node.id.type === 'Identifier' && init.type === 'MemberExpression') {
+        const obj = init.object;
+        const prop = init.property;
         if (obj?.type === 'Identifier' && prop?.type === 'Identifier') {
           const parentTaint = taintMap.get(obj.name);
           if (parentTaint && TRACKED_MODULES.has(parentTaint.source)) {
@@ -162,16 +167,19 @@ function analyzeFile(content, filePath, basePath) {
 
     VariableDeclarator(node) {
       if (node.id?.type === 'Identifier' && node.init) {
-        if (containsSensitiveLiteral(node.init)) {
+        let initNode = node.init;
+        if (initNode.type === 'AwaitExpression') initNode = initNode.argument;
+
+        if (containsSensitiveLiteral(initNode)) {
           sensitivePathVars.add(node.id.name);
         }
         // Propagate sensitive vars through path.join/resolve
-        if (node.init?.type === 'CallExpression' && node.init.callee?.type === 'MemberExpression') {
-          const obj = node.init.callee.object;
-          const prop = node.init.callee.property;
+        if (initNode.type === 'CallExpression' && initNode.callee?.type === 'MemberExpression') {
+          const obj = initNode.callee.object;
+          const prop = initNode.callee.property;
           if (obj?.type === 'Identifier' && obj.name === 'path' &&
               prop?.type === 'Identifier' && (prop.name === 'join' || prop.name === 'resolve')) {
-            if (node.init.arguments.some(a =>
+            if (initNode.arguments.some(a =>
               (a.type === 'Identifier' && sensitivePathVars.has(a.name)) ||
               (a.type === 'MemberExpression' && a.object?.type === 'Identifier' && sensitivePathVars.has(a.object.name))
             )) {
@@ -179,10 +187,26 @@ function analyzeFile(content, filePath, basePath) {
             }
           }
         }
+        // Propagate taint through spread: const payload = { ...creds }
+        if (initNode.type === 'ObjectExpression') {
+          for (const prop of initNode.properties) {
+            if (prop.type === 'SpreadElement' && prop.argument?.type === 'Identifier') {
+              if (sensitivePathVars.has(prop.argument.name)) {
+                sensitivePathVars.add(node.id.name);
+                break;
+              }
+              const taint = taintMap.get(prop.argument.name);
+              if (taint && (taint.source === 'process.env' || MODULE_SOURCE_METHODS[taint.source])) {
+                sensitivePathVars.add(node.id.name);
+                break;
+              }
+            }
+          }
+        }
         // Track exec result capture: const output = execSync('cmd')
-        if (node.init.type === 'CallExpression') {
+        if (initNode.type === 'CallExpression') {
           let execName = null;
-          const initCallee = node.init.callee;
+          const initCallee = initNode.callee;
           if (initCallee?.type === 'Identifier' && EXEC_METHODS.has(initCallee.name)) {
             const taint = taintMap.get(initCallee.name);
             if (taint && taint.source === 'child_process') {
@@ -198,7 +222,7 @@ function analyzeFile(content, filePath, basePath) {
             }
           }
           if (execName) {
-            execResultNodes.add(node.init);
+            execResultNodes.add(initNode);
             sources.push({
               type: 'command_output',
               name: execName,
@@ -225,6 +249,24 @@ function analyzeFile(content, filePath, basePath) {
         }
       }
 
+      // fs.promises.readFile(path) — 3-level member chain
+      if (node.callee.type === 'MemberExpression' &&
+          node.callee.object?.type === 'MemberExpression') {
+        const outerObj = node.callee.object.object;
+        const mid = node.callee.object.property;
+        const method = node.callee.property;
+        if (outerObj?.type === 'Identifier' && mid?.type === 'Identifier' && mid.name === 'promises' &&
+            method?.type === 'Identifier' && (method.name === 'readFile' || method.name === 'readdir')) {
+          const isFs = outerObj.name === 'fs' || (taintMap.get(outerObj.name)?.source === 'fs');
+          if (isFs) {
+            const arg = node.arguments[0];
+            if (arg && isCredentialPath(arg, sensitivePathVars)) {
+              sources.push({ type: 'credential_read', name: `fs.promises.${method.name}`, line: node.loc?.start?.line });
+            }
+          }
+        }
+      }
+
       if (callName === 'request' || callName === 'fetch' || callName === 'post' || callName === 'get') {
         sinks.push({
           type: 'network_send',

package/src/scanner/module-graph.js

@@ -157,8 +157,22 @@ function analyzeExports(filePath) {
     }
   });
 
-  // First pass: collect require assignments and tainted variable assignments
+  // First pass: collect require assignments, ES imports, and tainted variable assignments
   walkAST(ast, (node) => {
+    // import fs from 'fs' / import { readFileSync } from 'fs'
+    if (node.type === 'ImportDeclaration' && node.source && typeof node.source.value === 'string') {
+      const modName = node.source.value;
+      if (SENSITIVE_MODULES.has(modName)) {
+        for (const spec of node.specifiers) {
+          if (spec.type === 'ImportDefaultSpecifier' || spec.type === 'ImportNamespaceSpecifier') {
+            moduleVars[spec.local.name] = modName;
+          } else if (spec.type === 'ImportSpecifier') {
+            moduleVars[spec.local.name] = modName;
+          }
+        }
+      }
+    }
+
     // const fs = require('fs')
     if (node.type === 'VariableDeclaration') {
       for (const decl of node.declarations) {
@@ -197,6 +211,64 @@ function analyzeExports(filePath) {
   // Second pass: find exports and check if they are tainted
   const exports = {};
   walkAST(ast, (node) => {
+    // export function foo() {...} / export const foo = expr
+    if (node.type === 'ExportNamedDeclaration' && node.declaration) {
+      const decl = node.declaration;
+      if (decl.type === 'FunctionDeclaration' && decl.id) {
+        const funcBody = decl.body && decl.body.type === 'BlockStatement' ? decl.body.body : null;
+        if (funcBody) {
+          const bodyTaint = scanBodyForTaint(funcBody, moduleVars, taintedVars);
+          if (bodyTaint) {
+            exports[decl.id.name] = { tainted: true, source: bodyTaint.source, detail: bodyTaint.detail };
+          }
+        }
+      }
+      if (decl.type === 'VariableDeclaration') {
+        for (const vDecl of decl.declarations) {
+          if (!vDecl.id || vDecl.id.type !== 'Identifier') continue;
+          if (vDecl.init) {
+            const taint = checkNodeTaint(vDecl.init, moduleVars);
+            if (taint) {
+              exports[vDecl.id.name] = { tainted: true, source: taint.source, detail: taint.detail };
+            } else if (vDecl.init.type === 'Identifier' && taintedVars[vDecl.init.name]) {
+              const t = taintedVars[vDecl.init.name];
+              exports[vDecl.id.name] = { tainted: true, source: t.source, detail: t.detail };
+            } else {
+              const funcBody = getFunctionBody(vDecl.init);
+              if (funcBody) {
+                const bodyTaint = scanBodyForTaint(funcBody, moduleVars, taintedVars);
+                if (bodyTaint) {
+                  exports[vDecl.id.name] = { tainted: true, source: bodyTaint.source, detail: bodyTaint.detail };
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+
+    // export default function() {...} / export default expr
+    if (node.type === 'ExportDefaultDeclaration' && node.declaration) {
+      const decl = node.declaration;
+      const taint = checkNodeTaint(decl, moduleVars);
+      if (taint) {
+        exports['default'] = { tainted: true, source: taint.source, detail: taint.detail };
+      } else if (decl.type === 'Identifier' && taintedVars[decl.name]) {
+        const t = taintedVars[decl.name];
+        exports['default'] = { tainted: true, source: t.source, detail: t.detail };
+      } else {
+        const funcBody = (decl.type === 'FunctionDeclaration' || decl.type === 'FunctionExpression' || decl.type === 'ArrowFunctionExpression')
+          ? (decl.body && decl.body.type === 'BlockStatement' ? decl.body.body : (decl.body ? [{ type: 'ReturnStatement', argument: decl.body }] : null))
+          : getFunctionBody(decl);
+        if (funcBody) {
+          const bodyTaint = scanBodyForTaint(funcBody, moduleVars, taintedVars);
+          if (bodyTaint) {
+            exports['default'] = { tainted: true, source: bodyTaint.source, detail: bodyTaint.detail };
+          }
+        }
+      }
+    }
+
     // module.exports = value  OR  module.exports = { ... }
     if (isModuleExportsAssign(node)) {
       const value = node.expression.right;
@@ -416,6 +488,9 @@ function detectCrossFileFlows(graph, taintedExports, packagePath) {
     const localTaint = collectImportTaint(ast, relFile, graph, expandedTaint, packagePath);
     if (Object.keys(localTaint).length === 0) continue;
 
+    // Propagate taint through local variable assignments (e.g., const data = read())
+    propagateLocalTaint(ast, localTaint);
+
     // Find sinks that use tainted variables
     const sinks = findSinksUsingTainted(ast, localTaint);
     for (const sink of sinks) {
@@ -464,6 +539,69 @@ function expandTaintThroughReexports(graph, taintedExports, packagePath) {
       if (!expanded[relFile]) expanded[relFile] = {};
       const fileDir = path.dirname(absFile);
       walkAST(ast, (node) => {
+        // ES re-export: export { foo } from './reader'
+        if (node.type === 'ExportNamedDeclaration' && node.source && typeof node.source.value === 'string') {
+          const spec = node.source.value;
+          if (isLocalImport(spec)) {
+            const resolved = resolveLocal(fileDir, spec, packagePath);
+            if (resolved && expanded[resolved]) {
+              for (const specifier of node.specifiers) {
+                const importedName = specifier.exported.name || specifier.exported.value;
+                const sourceName = specifier.local.name || specifier.local.value;
+                const srcTaint = expanded[resolved][sourceName];
+                if (srcTaint && srcTaint.tainted && !expanded[relFile][importedName]) {
+                  expanded[relFile][importedName] = {
+                    tainted: true,
+                    source: srcTaint.source,
+                    detail: srcTaint.detail,
+                    sourceFile: srcTaint.sourceFile || resolved,
+                  };
+                  changed = true;
+                }
+              }
+            }
+          }
+          return;
+        }
+
+        // ES export of tainted variable: export const x = taintedVar
+        if (node.type === 'ExportNamedDeclaration' && node.declaration) {
+          const decl = node.declaration;
+          if (decl.type === 'VariableDeclaration') {
+            for (const vDecl of decl.declarations) {
+              if (vDecl.id?.type === 'Identifier' && vDecl.init?.type === 'Identifier' && localTaint[vDecl.init.name]) {
+                if (!expanded[relFile][vDecl.id.name]) {
+                  expanded[relFile][vDecl.id.name] = {
+                    tainted: true,
+                    source: localTaint[vDecl.init.name].source,
+                    detail: localTaint[vDecl.init.name].detail,
+                    sourceFile: localTaint[vDecl.init.name].sourceFile,
+                  };
+                  changed = true;
+                }
+              }
+            }
+          }
+          return;
+        }
+
+        // ES export default of tainted variable
+        if (node.type === 'ExportDefaultDeclaration' && node.declaration) {
+          const decl = node.declaration;
+          if (decl.type === 'Identifier' && localTaint[decl.name]) {
+            if (!expanded[relFile]['default']) {
+              expanded[relFile]['default'] = {
+                tainted: true,
+                source: localTaint[decl.name].source,
+                detail: localTaint[decl.name].detail,
+                sourceFile: localTaint[decl.name].sourceFile,
+              };
+              changed = true;
+            }
+          }
+          return;
+        }
+
         if (!isModuleExportsAssign(node)) return;
         const value = node.expression.right;
         const exportName = getExportName(node.expression.left);
@@ -582,6 +720,42 @@ function collectImportTaint(ast, currentFile, graph, taintedExports, packagePath
   const localTaint = {};
   const fileDir = path.dirname(path.resolve(packagePath, currentFile));
 
+  // Handle ES import declarations
+  walkAST(ast, (node) => {
+    if (node.type !== 'ImportDeclaration' || !node.source || typeof node.source.value !== 'string') return;
+    const spec = node.source.value;
+    if (!isLocalImport(spec)) return;
+    const resolved = resolveLocal(fileDir, spec, packagePath);
+    if (!resolved || !taintedExports[resolved]) return;
+    const modTaint = taintedExports[resolved];
+
+    for (const specifier of node.specifiers) {
+      if (specifier.type === 'ImportDefaultSpecifier') {
+        const defTaint = modTaint['default'];
+        if (defTaint && defTaint.tainted) {
+          localTaint[specifier.local.name] = {
+            source: defTaint.source,
+            detail: defTaint.detail || '',
+            sourceFile: defTaint.sourceFile || resolved,
+          };
+        }
+        localTaint['__module__' + specifier.local.name] = { resolved, modTaint };
+      } else if (specifier.type === 'ImportNamespaceSpecifier') {
+        localTaint['__module__' + specifier.local.name] = { resolved, modTaint };
+      } else if (specifier.type === 'ImportSpecifier') {
+        const importedName = specifier.imported.name || specifier.imported.value;
+        if (modTaint[importedName] && modTaint[importedName].tainted) {
+          localTaint[specifier.local.name] = {
+            source: modTaint[importedName].source,
+            detail: modTaint[importedName].detail || '',
+            sourceFile: modTaint[importedName].sourceFile || resolved,
+          };
+        }
+      }
+    }
+  });
+
+  // Handle CommonJS require() imports
   walkAST(ast, (node) => {
     if (node.type !== 'VariableDeclaration') return;
     for (const decl of node.declarations) {
@@ -765,6 +939,10 @@ function findTaintedArgument(args, taintedNames) {
         if (prop.value && prop.value.type === 'Identifier' && taintedNames.has(prop.value.name)) {
           return prop.value.name;
         }
+        // Spread: { ...data }
+        if (prop.type === 'SpreadElement' && prop.argument?.type === 'Identifier' && taintedNames.has(prop.argument.name)) {
+          return prop.argument.name;
+        }
       }
     }
   }
@@ -889,6 +1067,8 @@ function resolveLocal(fileDir, spec, packagePath) {
   const abs = path.resolve(fileDir, spec);
   if (isFileExists(abs)) return toRel(abs, packagePath);
   if (isFileExists(abs + '.js')) return toRel(abs + '.js', packagePath);
+  if (isFileExists(abs + '.mjs')) return toRel(abs + '.mjs', packagePath);
+  if (isFileExists(abs + '.cjs')) return toRel(abs + '.cjs', packagePath);
   if (isFileExists(path.join(abs, 'index.js'))) return toRel(path.join(abs, 'index.js'), packagePath);
   return null;
 }

package/src/scoring.js

@@ -111,6 +111,8 @@ const FP_COUNT_THRESHOLDS = {
   module_compile_dynamic: { maxCount: 3, from: 'CRITICAL', to: 'LOW' },
   module_compile: { maxCount: 3, from: 'CRITICAL', to: 'LOW' },
   zlib_inflate_eval: { maxCount: 2, from: 'CRITICAL', to: 'LOW' },
+  // Build tools (webpack, jest) legitimately use vm.runInThisContext for module evaluation
+  vm_code_execution: { maxCount: 3, from: 'HIGH', to: 'LOW' },
   // P4: plugin loaders legitimately use many dynamic imports (webpack, eslint, knex, gatsby)
   dynamic_import: { maxCount: 5, from: 'HIGH', to: 'LOW' },
   // P4: hash algorithms contain bit manipulation that triggers obfuscation heuristics
@@ -194,7 +196,12 @@ function applyFPReductions(threats, reachableFiles, packageName) {
       // Complex apps (SMTP, monitoring) have 50-80% dataflow findings — still downgrade.
       // But if dataflow is >80% of ALL findings, it may be real targeted exfiltration.
       // (Audit fix: full bypass was exploitable — 4+ dataflow patterns = all LOW.)
-      if (typeRatio < 0.5 || (t.type === 'suspicious_dataflow' && typeRatio < 0.8)) {
+      // vm_code_execution: full bypass — packages with only vm.Script calls (cassandra-driver,
+      // webpack, jest) are legitimate. Real malware using vm always has other signals
+      // (network, fs, obfuscation). The >3 count threshold is sufficient protection.
+      if (typeRatio < 0.5 ||
+          (t.type === 'suspicious_dataflow' && typeRatio < 0.8) ||
+          t.type === 'vm_code_execution') {
         t.severity = rule.to;
       }
     }

package/src/shared/download.js

@@ -196,7 +196,7 @@ function extractTarGz(tgzPath, destDir) {
   const tgzDir = path.dirname(path.resolve(tgzPath));
   const tgzName = path.basename(tgzPath);
   const relDest = path.relative(tgzDir, path.resolve(destDir)) || '.';
-  execFileSync('tar', ['xzf', tgzName, '-C', relDest], { cwd: tgzDir, timeout: 60_000, stdio: 'pipe' });
+  execFileSync('tar', ['xzf', tgzName, '-C', relDest, '--no-same-owner'], { cwd: tgzDir, timeout: 60_000, stdio: 'pipe' });
   // npm tarballs extract into a package/ subdirectory; detect it
   const packageSubdir = path.join(destDir, 'package');
   try {

package/src/utils.js

@@ -215,7 +215,12 @@ function getCallName(node) {
     return node.callee.name;
   }
   if (node.callee.type === 'MemberExpression' && node.callee.property) {
-    return node.callee.property.name;
+    // Batch 2: handle bracket notation cp['exec']('cmd') — computed property with string literal
+    if (node.callee.computed && node.callee.property.type === 'Literal'
+        && typeof node.callee.property.value === 'string') {
+      return node.callee.property.value;
+    }
+    return node.callee.property.name || '';
   }
   return '';
 }