muaddib-scanner 2.5.7 → 2.5.8

package/iocs/builtin.yaml

@@ -7,39 +7,108 @@ packages:
     version: "4.1.1"
     source: shai-hulud-v1
   - name: "ng2-file-upload"
-    version: "*"
+    version: "7.0.2"
+    source: shai-hulud-v1
+  - name: "ng2-file-upload"
+    version: "7.0.3"
+    source: shai-hulud-v1
+  - name: "ng2-file-upload"
+    version: "8.0.1"
+    source: shai-hulud-v1
+  - name: "ng2-file-upload"
+    version: "8.0.2"
+    source: shai-hulud-v1
+  - name: "ng2-file-upload"
+    version: "8.0.3"
+    source: shai-hulud-v1
+  - name: "ng2-file-upload"
+    version: "9.0.1"
     source: shai-hulud-v1
   - name: "ngx-bootstrap"
-    version: "*"
+    version: "18.1.4"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "19.0.3"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "19.0.4"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "20.0.3"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "20.0.4"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "20.0.5"
+    source: shai-hulud-v1
+  - name: "ngx-bootstrap"
+    version: "20.0.6"
     source: shai-hulud-v1
 
   # Shai-Hulud v2 (novembre 2025)
   - name: "@asyncapi/specs"
-    version: "*"
+    version: "6.8.2"
+    source: shai-hulud-v2
+  - name: "@asyncapi/specs"
+    version: "6.8.3"
+    source: shai-hulud-v2
+  - name: "@asyncapi/specs"
+    version: "6.9.1"
+    source: shai-hulud-v2
+  - name: "@asyncapi/specs"
+    version: "6.10.1"
     source: shai-hulud-v2
   - name: "@asyncapi/openapi-schema-parser"
-    version: "*"
+    version: "3.0.25"
+    source: shai-hulud-v2
+  - name: "@asyncapi/openapi-schema-parser"
+    version: "3.0.26"
     source: shai-hulud-v2
   - name: "get-them-args"
-    version: "*"
+    version: "1.3.3"
     source: shai-hulud-v2
   - name: "kill-port"
-    version: "*"
+    version: "2.0.2"
+    source: shai-hulud-v2
+  - name: "kill-port"
+    version: "2.0.3"
     source: shai-hulud-v2
   - name: "shell-exec"
-    version: "*"
+    version: "1.1.3"
+    source: shai-hulud-v2
+  - name: "shell-exec"
+    version: "1.1.4"
     source: shai-hulud-v2
   - name: "posthog-node"
-    version: "*"
+    version: "4.18.1"
+    source: shai-hulud-v2
+  - name: "posthog-node"
+    version: "5.11.3"
+    source: shai-hulud-v2
+  - name: "posthog-node"
+    version: "5.13.3"
     source: shai-hulud-v2
   - name: "posthog-js"
-    version: "*"
+    version: "1.297.3"
     source: shai-hulud-v2
   - name: "@postman/tunnel-agent"
-    version: "*"
+    version: "0.6.5"
+    source: shai-hulud-v2
+  - name: "@postman/tunnel-agent"
+    version: "0.6.6"
+    source: shai-hulud-v2
+  - name: "@postman/tunnel-agent"
+    version: "0.6.7"
     source: shai-hulud-v2
   - name: "@zapier/secret-scrubber"
-    version: "*"
+    version: "1.1.3"
+    source: shai-hulud-v2
+  - name: "@zapier/secret-scrubber"
+    version: "1.1.4"
+    source: shai-hulud-v2
+  - name: "@zapier/secret-scrubber"
+    version: "1.1.5"
     source: shai-hulud-v2
 
   # Shai-Hulud v3 Golden Path (28 decembre 2025)

package/iocs/packages.yaml

@@ -21,9 +21,21 @@ packages:
       - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
     mitre: T1195.002
 
-  - id: SHAI-HULUD-V1-002
+  - id: SHAI-HULUD-V1-002a
     name: "ng2-file-upload"
-    version: "*"
+    version: "7.0.2"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-002b
+    name: "ng2-file-upload"
+    version: "7.0.3"
     severity: critical
     confidence: high
     source: shai-hulud-v1
@@ -33,9 +45,129 @@ packages:
       - https://blog.phylum.io/shai-hulud-npm-worm
     mitre: T1195.002
 
-  - id: SHAI-HULUD-V1-003
+  - id: SHAI-HULUD-V1-002c
+    name: "ng2-file-upload"
+    version: "8.0.1"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-002d
+    name: "ng2-file-upload"
+    version: "8.0.2"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-002e
+    name: "ng2-file-upload"
+    version: "8.0.3"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-002f
+    name: "ng2-file-upload"
+    version: "9.0.1"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003a
     name: "ngx-bootstrap"
-    version: "*"
+    version: "18.1.4"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003b
+    name: "ngx-bootstrap"
+    version: "19.0.3"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003c
+    name: "ngx-bootstrap"
+    version: "19.0.4"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003d
+    name: "ngx-bootstrap"
+    version: "20.0.3"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003e
+    name: "ngx-bootstrap"
+    version: "20.0.4"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003f
+    name: "ngx-bootstrap"
+    version: "20.0.5"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v1
+    introduced: "2025-09-01"
+    description: "Package compromis par Shai-Hulud v1"
+    references:
+      - https://blog.phylum.io/shai-hulud-npm-worm
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V1-003g
+    name: "ngx-bootstrap"
+    version: "20.0.6"
     severity: critical
     confidence: high
     source: shai-hulud-v1
@@ -48,9 +180,45 @@ packages:
   # ============================================
   # SHAI-HULUD v2 "The Second Coming" (Novembre 2025)
   # ============================================
-  - id: SHAI-HULUD-V2-001
+  - id: SHAI-HULUD-V2-001a
     name: "@asyncapi/specs"
-    version: "*"
+    version: "6.8.2"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2 - inclut dead man's switch"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-001b
+    name: "@asyncapi/specs"
+    version: "6.8.3"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2 - inclut dead man's switch"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-001c
+    name: "@asyncapi/specs"
+    version: "6.9.1"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2 - inclut dead man's switch"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-001d
+    name: "@asyncapi/specs"
+    version: "6.10.1"
     severity: critical
     confidence: high
     source: shai-hulud-v2
@@ -62,7 +230,7 @@ packages:
 
   - id: SHAI-HULUD-V2-002
     name: "get-them-args"
-    version: "*"
+    version: "1.3.3"
     severity: critical
     confidence: high
     source: shai-hulud-v2
@@ -72,9 +240,21 @@ packages:
       - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
     mitre: T1195.002
 
-  - id: SHAI-HULUD-V2-003
+  - id: SHAI-HULUD-V2-003a
     name: "kill-port"
-    version: "*"
+    version: "2.0.2"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-003b
+    name: "kill-port"
+    version: "2.0.3"
     severity: critical
     confidence: high
     source: shai-hulud-v2
@@ -84,9 +264,33 @@ packages:
       - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
     mitre: T1195.002
 
-  - id: SHAI-HULUD-V2-004
+  - id: SHAI-HULUD-V2-004a
     name: "posthog-node"
-    version: "*"
+    version: "4.18.1"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-004b
+    name: "posthog-node"
+    version: "5.11.3"
+    severity: critical
+    confidence: high
+    source: shai-hulud-v2
+    introduced: "2025-11-01"
+    description: "Package compromis par Shai-Hulud v2"
+    references:
+      - https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
+    mitre: T1195.002
+
+  - id: SHAI-HULUD-V2-004c
+    name: "posthog-node"
+    version: "5.13.3"
     severity: critical
     confidence: high
     source: shai-hulud-v2
@@ -98,7 +302,7 @@ packages:
 
   - id: SHAI-HULUD-V2-005
     name: "posthog-js"
-    version: "*"
+    version: "1.297.3"
     severity: critical
     confidence: high
     source: shai-hulud-v2

package/logs/alerts/2026-03-06T13-25-09-667-evil-pkg.json

@@ -0,0 +1,20 @@
+{
+  "target": "npm/evil-pkg@1.0.0",
+  "timestamp": "2026-03-06T13:25:09.667Z",
+  "ecosystem": "npm",
+  "summary": {
+    "critical": 1,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "total": 1,
+    "riskLevel": "CRITICAL",
+    "riskScore": 25
+  },
+  "threats": [
+    {
+      "type": "known_malicious_package",
+      "severity": "CRITICAL"
+    }
+  ]
+}

package/logs/alerts/2026-03-06T13-25-09-668-evil-pkg.json

@@ -0,0 +1,20 @@
+{
+  "target": "npm/evil-pkg@1.0.0",
+  "timestamp": "2026-03-06T13:25:09.668Z",
+  "ecosystem": "npm",
+  "summary": {
+    "critical": 1,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "total": 1,
+    "riskLevel": "CRITICAL",
+    "riskScore": 25
+  },
+  "threats": [
+    {
+      "type": "known_malicious_package",
+      "severity": "CRITICAL"
+    }
+  ]
+}

package/logs/alerts/2026-03-06T13-25-09-668-suspect-pkg.json

@@ -0,0 +1,24 @@
+{
+  "target": "npm/suspect-pkg@1.0",
+  "timestamp": "2026-03-06T13:25:09.668Z",
+  "ecosystem": "npm",
+  "summary": {
+    "critical": 0,
+    "high": 1,
+    "medium": 0,
+    "low": 0,
+    "total": 1,
+    "riskLevel": "HIGH",
+    "riskScore": 15
+  },
+  "threats": [
+    {
+      "type": "dynamic_require",
+      "severity": "HIGH"
+    }
+  ],
+  "sandbox": {
+    "score": 75,
+    "severity": "HIGH"
+  }
+}

package/logs/alerts/2026-03-06T13-25-10-228-evil-pkg.json

@@ -0,0 +1,24 @@
+{
+  "target": "npm/evil-pkg@2.0.0",
+  "timestamp": "2026-03-06T13:25:10.228Z",
+  "ecosystem": "npm",
+  "summary": {
+    "critical": 1,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "total": 1,
+    "riskLevel": "CRITICAL",
+    "riskScore": 25
+  },
+  "threats": [
+    {
+      "type": "known_malicious_package",
+      "severity": "CRITICAL"
+    }
+  ],
+  "sandbox": {
+    "score": 85,
+    "severity": "CRITICAL"
+  }
+}

package/logs/daily-reports/2026-03-06.json

@@ -0,0 +1,61 @@
+{
+  "date": "2026-03-06",
+  "timestamp": "2026-03-06T13:25:10.394Z",
+  "embed": {
+    "embeds": [
+      {
+        "title": "📊 MUAD'DIB Daily Report",
+        "color": 3447003,
+        "fields": [
+          {
+            "name": "Packages Scanned",
+            "value": "3",
+            "inline": true
+          },
+          {
+            "name": "Clean",
+            "value": "1",
+            "inline": true
+          },
+          {
+            "name": "Suspects",
+            "value": "0",
+            "inline": true
+          },
+          {
+            "name": "Errors",
+            "value": "0",
+            "inline": true
+          },
+          {
+            "name": "Avg Scan Time",
+            "value": "2.0s/pkg",
+            "inline": true
+          },
+          {
+            "name": "Top Suspects",
+            "value": "1. **npm/test-dedup-detection-1772803509664@1.0.0** — 1 finding(s)",
+            "inline": false
+          }
+        ],
+        "footer": {
+          "text": "MUAD'DIB - Daily summary | 2026-03-06 13:25:10 UTC"
+        },
+        "timestamp": "2026-03-06T13:25:10.394Z"
+      }
+    ]
+  },
+  "metrics": {
+    "scanned": 3,
+    "clean": 1,
+    "suspect": 0,
+    "errors": 0,
+    "avgScanTimeMs": 2000,
+    "suspectByTier": {
+      "t1": 0,
+      "t2": 0,
+      "t3": 0
+    },
+    "topSuspects": []
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.5.7",
+  "version": "2.5.8",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/ioc/scraper.js

@@ -958,7 +958,7 @@ async function scrapeSnykMalware() {
     { name: 'event-stream', version: '3.3.6', description: 'Flatmap-stream backdoor (2018)' },
     { name: 'flatmap-stream', version: '*', description: 'Malicious dependency of event-stream' },
     { name: 'eslint-scope', version: '3.7.2', description: 'Credential theft (2018)' },
-    { name: 'eslint-config-eslint', version: '*', description: 'Credential theft (2018)' },
+    { name: 'eslint-config-eslint', version: '5.0.2', description: 'Credential theft (2018)' },
     { name: 'getcookies', version: '*', description: 'Backdoor malware' },
     { name: 'mailparser', version: '2.3.0', description: 'Compromised version' },
     { name: 'node-ipc', version: '10.1.1', description: 'Protestware - file deletion' },

package/src/scanner/ast-detectors.js

@@ -56,6 +56,14 @@ const SAFE_STRINGS = [
   'npmjs.com'
 ];
 
+// Domains where fetch is legitimate (not C2) — used to suppress download_exec_binary compound
+const SAFE_FETCH_DOMAINS = [
+  'registry.npmjs.org', 'npmjs.com',
+  'github.com', 'objects.githubusercontent.com', 'raw.githubusercontent.com',
+  'nodejs.org', 'yarnpkg.com',
+  'pypi.org', 'files.pythonhosted.org'
+];
+
 // Credential-stealing CLI commands (s1ngularity/Nx, Shai-Hulud)
 const CREDENTIAL_CLI_COMMANDS = [
   'gh auth token',
@@ -1182,15 +1190,22 @@ function handleLiteral(node, ctx) {
       }
     }
 
-    // Detect AI agent dangerous flags as string literals
+    // Detect AI agent dangerous flags as string literals (MEDIUM signal only —
+    // CRITICAL reserved for CallExpression context where flag is actually used in exec/spawn)
     for (const flag of AI_AGENT_DANGEROUS_FLAGS) {
       if (node.value === flag) {
-        ctx.threats.push({
-          type: 'ai_agent_abuse',
-          severity: 'CRITICAL',
-          message: `AI agent security bypass flag "${flag}" found — weaponized AI coding assistant (s1ngularity/Nx pattern).`,
-          file: ctx.relFile
-        });
+        // Skip if already detected in a CallExpression context (avoid double-counting)
+        const alreadyDetected = ctx.threats.some(t =>
+          t.type === 'ai_agent_abuse' && t.severity === 'CRITICAL' && t.file === ctx.relFile
+        );
+        if (!alreadyDetected) {
+          ctx.threats.push({
+            type: 'ai_agent_abuse',
+            severity: 'MEDIUM',
+            message: `AI agent security bypass flag "${flag}" referenced in code — verify it is not used in exec/spawn invocations.`,
+            file: ctx.relFile
+          });
+        }
       }
     }
 
@@ -1495,7 +1510,8 @@ function handlePostWalk(ctx) {
   }
 
   // Wave 4: Download-execute-cleanup — https download + chmod executable + execSync + unlink
-  if (ctx.hasRemoteFetch && ctx.hasChmodExecutable && ctx.hasExecSyncCall) {
+  // Exclude when all URLs in the file point to safe registries (npm, GitHub, nodejs.org)
+  if (ctx.hasRemoteFetch && ctx.hasChmodExecutable && ctx.hasExecSyncCall && !ctx.fetchOnlySafeDomains) {
     ctx.threats.push({
       type: 'download_exec_binary',
       severity: 'CRITICAL',

package/src/scanner/ast.js

@@ -101,6 +101,8 @@ function analyzeFile(content, filePath, basePath) {
     ideConfigPathVars: new Map(),
     // Wave 4: compound detection — fetch + decrypt + eval chain
     hasRemoteFetch: /\bhttps?\.(get|request)\b/.test(content) || /\bfetch\s*\(/.test(content),
+    // Safe domain exclusion: if ALL URLs in file are from known registries, suppress download_exec_binary
+    fetchOnlySafeDomains: false, // computed below after URL extraction
     hasCryptoDecipher: /\bcreateDecipher(iv)?\s*\(/.test(content),
     // Wave 4: native addon camouflage signals
     hasRequireNodeFile: false,
@@ -111,10 +113,28 @@ function analyzeFile(content, filePath, basePath) {
     hasRunOnInContent: /\brunOn\b|\bfolderOpen\b/.test(content),
     hasWriteFileSyncInContent: /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content),
     // Wave 4: MCP content keyword detection (must also have writeFileSync in same file)
+    // Content-level MCP detection: MCP keyword + writeFileSync + MCP config path in same file
+    // Path co-occurrence prevents FPs where a file reads MCP config but writes elsewhere.
+    // Read-only pattern (readFileSync without writeFileSync to MCP) is not injection.
     hasMcpContentKeywords: (/\bmcpServers\b/.test(content) || /\bmcp\.json\b/.test(content) || /\bclaude_desktop_config\b/.test(content)) &&
-      /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content)
+      /\bwriteFileSync\b|\bwriteFile\s*\(/.test(content) &&
+      (/\.claude[/\\]/.test(content) || /\.cursor[/\\]/.test(content) || /\.vscode[/\\]/.test(content) || /\.windsurf[/\\]/.test(content) || /\.codeium[/\\]/.test(content) || /\.continue[/\\]/.test(content) || /claude_desktop_config/.test(content) || /\bmcp\.json\b/.test(content))
   };
 
+  // Compute fetchOnlySafeDomains: check if ALL URLs in file point to known registries
+  if (ctx.hasRemoteFetch) {
+    const urlMatches = content.match(/https?:\/\/[^\s'"`)]+/g) || [];
+    const SAFE_FETCH_DOMAINS = [
+      'registry.npmjs.org', 'npmjs.com',
+      'github.com', 'objects.githubusercontent.com', 'raw.githubusercontent.com',
+      'nodejs.org', 'yarnpkg.com',
+      'pypi.org', 'files.pythonhosted.org'
+    ];
+    if (urlMatches.length > 0 && urlMatches.every(u => SAFE_FETCH_DOMAINS.some(d => u.includes(d)))) {
+      ctx.fetchOnlySafeDomains = true;
+    }
+  }
+
   walk.simple(ast, {
     VariableDeclarator(node) { handleVariableDeclarator(node, ctx); },
     CallExpression(node) { handleCallExpression(node, ctx); },

package/src/scanner/typosquat.js

@@ -108,7 +108,11 @@ const WHITELIST = new Set([
   'docdash',    // resembles lodash
   'yarpm',      // resembles yargs
   'canvg',      // resembles canvas
-  'obug'        // internal sub-dependency
+  'obug',       // internal sub-dependency
+
+  // FPR P4: Benign packages falsely flagged as typosquat in evaluation
+  'mocks',      // karma dep, resembles mocha (wrong_char)
+  'reactor'     // stencil dep, resembles react (suffix)
 ]);