muaddib-scanner 2.5.8 → 2.5.10

package/README.md

@@ -30,7 +30,7 @@
 
 npm and PyPI supply-chain attacks are exploding. Shai-Hulud compromised 25K+ repos in 2025. Existing tools detect threats but don't help you respond.
 
-MUAD'DIB combines static analysis + **deobfuscation engine** (v2.2.5) + **inter-module dataflow** (v2.2.6) + **per-file max scoring** (v2.2.11) + dynamic analysis (Docker sandbox) + **behavioral anomaly detection** (v2.0) + **ground truth validation** (v2.1) to detect threats AND guide your response — even before they appear in any IOC database.
+MUAD'DIB combines static analysis + **deobfuscation engine** (v2.2.5) + **inter-module dataflow** (v2.2.6) + **per-file max scoring** (v2.2.11) + dynamic analysis (Docker sandbox with **monkey-patching preload** for time-bomb detection, v2.4.9) + **behavioral anomaly detection** (v2.0) + **ground truth validation** (v2.1) + **security audit** (41 issues remediated, v2.5.0–v2.5.6) to detect threats AND guide your response — even before they appear in any IOC database.
 
 ---
 
@@ -205,6 +205,7 @@ Multi-layer monitoring:
 - **Data exfiltration detection**: 16 sensitive patterns (tokens, credentials, SSH keys, private keys, .env)
 - **CI-aware environment** (v2.1.2): simulates CI environments (GITHUB_ACTIONS, GITLAB_CI, TRAVIS, CIRCLECI, JENKINS) to trigger CI-aware malware that would otherwise stay dormant
 - **Enriched canary tokens** (v2.1.2): 6 honeypot credentials injected as env vars (GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, SLACK_WEBHOOK_URL, DISCORD_WEBHOOK_URL). If exfiltrated via network, DNS, or filesystem, triggers CRITICAL alert with +50 score
+- **Monkey-patching preload** (v2.4.9): Runtime instrumentation via `NODE_OPTIONS=--require /opt/preload.js`. Patches time APIs (Date.now, setTimeout→0, setInterval→immediate), intercepts network/filesystem/process/env calls. Multi-run mode at [0h, 72h, 7d] offsets to detect time-bomb malware (MITRE T1497.003)
 - **Scoring engine**: 0-100 risk score based on behavioral severity
 
 Use `--strict` to block all non-essential outbound network traffic via iptables.
@@ -285,7 +286,7 @@ Add to `.pre-commit-config.yaml`:
 ```yaml
 repos:
   - repo: https://github.com/DNSZLSK/muad-dib
-    rev: v2.3.1
+    rev: v2.5.8
     hooks:
       - id: muaddib-scan        # Scan all threats
       # - id: muaddib-diff      # Or: only new threats
@@ -641,7 +642,7 @@ Alerts appear in Security > Code scanning alerts.
 ## Architecture
 
 ```
-MUAD'DIB 2.3.1 Scanner
+MUAD'DIB 2.5.8 Scanner
 |
 +-- IOC Match (225,000+ packages, JSON DB)
 |   +-- OSV.dev npm dump (200K+ MAL-* entries)
@@ -663,7 +664,7 @@ MUAD'DIB 2.3.1 Scanner
 |   +-- 3-hop re-export chains, class method analysis
 |   +-- Cross-file credential read -> network sink detection
 |
-+-- 14 Parallel Scanners (102 rules)
++-- 14 Parallel Scanners (113 rules)
 |   +-- AST Parse (acorn) — eval/Function, credential CLI theft, binary droppers, prototype hooks
 |   +-- Pattern Matching (shell, scripts)
 |   +-- Obfuscation Detection (skip .min.js, ignore hex/unicode alone)
@@ -690,21 +691,31 @@ MUAD'DIB 2.3.1 Scanner
 |   +-- Score Breakdown (explainable per-rule scoring)
 |   +-- Threat Feed API (HTTP server, JSON feed for SIEM)
 |
-+-- FP Reduction Post-processing (v2.2.8-v2.2.9, v2.3.0-v2.3.1)
++-- FP Reduction Post-processing (v2.2.8-v2.2.9, v2.3.0-v2.3.1, v2.5.7-v2.5.8)
 |   +-- Count-based severity downgrade (dynamic_require, dataflow, module_compile, etc.)
 |   +-- Framework prototype scoring cap + HTTP client whitelist
 |   +-- Obfuscation in dist/build/.cjs/.mjs → LOW
 |   +-- Safe env var + prefix filtering
 |   +-- Dataflow telemetry source categorization (os.platform/arch → telemetry_read)
 |   +-- DEP whitelist (es5-ext, bootstrap-sass) + npm alias skip
+|   +-- IOC wildcard audit (v2.5.8): FPR 10.8% → 6.0%
 |
 +-- Per-File Max Scoring (v2.2.11)
 |   +-- Score = max(file_scores) + package_level_score
 |   +-- Eliminates score accumulation across many files
 |   +-- Package-level threats (lifecycle, typosquat, IOC) scored separately
 |
++-- Sandbox Monkey-Patching Preload (v2.4.9)
+|   +-- Runtime time manipulation (Date.now, setTimeout→0, setInterval→immediate)
+|   +-- Network/filesystem/process/env interception and logging
+|   +-- Multi-run [0h, 72h, 7d] for time-bomb detection (T1497.003)
+|
++-- Security Audit (v2.5.0-v2.5.6)
+|   +-- 41 issues remediated (14 CRITICAL, 18 HIGH, 9 MEDIUM)
+|   +-- Native addon path traversal, atomic writes, AST bypasses
+|
 +-- Paranoid Mode (ultra-strict)
-+-- Docker Sandbox (behavioral analysis, network capture, canary tokens, CI-aware)
++-- Docker Sandbox (behavioral analysis, network capture, canary tokens, CI-aware, preload)
 +-- Zero-Day Monitor (internal: npm + PyPI RSS polling, Discord alerts, daily report)
 |
 v
@@ -725,8 +736,8 @@ Output (CLI, JSON, HTML, SARIF, Webhook, Threat Feed)
 |--------|--------|---------|
 | **Wild TPR** (Datadog 17K) | **88.2%** raw · **~100%** adjusted | 17,922 real malware samples. 2,077 misses are all out-of-scope (see below) |
 | **TPR** (Ground Truth) | **91.8%** (45/49) | 51 real-world attacks (49 active). 4 out-of-scope: browser-only (3) + FP-risky (1) |
-| **FPR** (Benign, global) | **7.4%** (39/525) | 529 npm packages (525 scanned), real source code via `npm pack`, threshold > 20 |
-| **ADR** (Adversarial + Holdout) | **98.7%** (77/78) | 38 adversarial + 40 holdout evasive samples. 1 documented miss: `require-cache-poison` (accepted trade-off) |
+| **FPR** (Benign, global) | **6.0%** (32/529) | 529 npm packages, real source code via `npm pack`, threshold > 20 |
+| **ADR** (Adversarial + Holdout) | **98.8%** (82/83) | 43 adversarial + 40 holdout evasive samples. 1 documented miss: `require-cache-poison` (accepted trade-off) |
 
 **Datadog 17K benchmark** — [DataDog Malicious Software Packages Dataset](https://github.com/DataDog/malicious-software-packages-dataset), 17,922 real malware samples (npm). Raw TPR: 88.2% (15,810/17,922). The 2,077 misses (score=0) were manually categorized:
 
@@ -747,7 +758,7 @@ All 2,077 misses lack Node.js malware patterns. MUAD'DIB performs AST-based Node
 | Large (50-100 JS files) | 40 | 10 | 25.0% |
 | Very large (100+ JS files) | 62 | 25 | 40.3% |
 
-**FPR progression**: 0% (invalid, empty dirs, v2.2.0-v2.2.6) → 38% (first real measurement, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → ~13% (v2.2.11, per-file max scoring) → 8.9% (v2.3.0, P2) → **7.4%** (v2.3.1, P3)
+**FPR progression**: 0% (invalid, empty dirs, v2.2.0-v2.2.6) → 38% (first real measurement, v2.2.7) → 19.4% (v2.2.8) → 17.5% (v2.2.9) → ~13% (v2.2.11, per-file max scoring) → 8.9% (v2.3.0, P2) → 7.4% (v2.3.1, P3) → **6.0%** (v2.5.8, P4 + IOC wildcard audit)
 
 **Holdout progression** (pre-tuning scores, rules frozen):
 
@@ -761,11 +772,11 @@ All 2,077 misses lack Node.js malware patterns. MUAD'DIB performs AST-based Node
 
 - **Wild TPR** (Datadog Benchmark): detection rate on 17,922 real malware packages from the [DataDog Malicious Software Packages Dataset](https://github.com/DataDog/malicious-software-packages-dataset). Raw 88.2% (15,810/17,922). Adjusted ~100% on JS/Node.js malware when excluding out-of-scope samples (1,233 phishing HTML pages, 824 native binaries, 20 corrected libraries). See [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md#14-datadog-17k-benchmark).
 - **TPR** (True Positive Rate): detection rate on 49 real-world supply-chain attacks (event-stream, ua-parser-js, coa, flatmap-stream, eslint-scope, solana-web3js, and 43 more). 4 misses are browser-only (lottie-player, polyfill-io, trojanized-jquery) or risky to fix (websocket-rat) — see [Threat Model](docs/threat-model.md).
-- **FPR** (False Positive Rate): packages scoring > 20 out of 529 real npm packages (source code scanned, not empty dirs). The 6.2% on standard packages (<10 JS files, 290 packages) is the most representative metric for typical use — most npm packages are small.
-- **ADR** (Adversarial Detection Rate): detection rate on 78 evasive malicious samples — 38 adversarial + 40 holdout (5 batches of 10, testing obfuscation, inter-module dataflow, etc.). 1 documented miss: `require-cache-poison` (score 10 < threshold 20, accepted trade-off from FP reduction P3).
+- **FPR** (False Positive Rate): packages scoring > 20 out of 529 real npm packages (source code scanned, not empty dirs).
+- **ADR** (Adversarial Detection Rate): detection rate on 83 evasive malicious samples — 43 adversarial + 40 holdout (5 batches of 10, testing obfuscation, inter-module dataflow, etc.). 1 documented miss: `require-cache-poison` (score 10 < threshold 20, accepted trade-off from FP reduction P3).
 - **Holdout** (pre-tuning): detection rate on 10 unseen samples with rules frozen (measures generalization)
 
-Datasets: 17,922 Datadog malware samples, 529 npm + 132 PyPI benign packages, 78 adversarial/holdout samples, 51 ground-truth attacks (65 documented malware packages). **1387 tests**, 86% code coverage.
+Datasets: 17,922 Datadog malware samples, 529 npm + 132 PyPI benign packages, 83 adversarial/holdout samples, 51 ground-truth attacks (65 documented malware packages). **1656 tests**, 86% code coverage.
 
 See [Evaluation Methodology](docs/EVALUATION_METHODOLOGY.md) for the full experimental protocol.
 
@@ -801,12 +812,12 @@ npm test
 
 ### Testing
 
-- **1387 unit/integration tests** across 20 modular test files - 86% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
+- **1656 unit/integration tests** across 42 modular test files - 86% code coverage via [Codecov](https://codecov.io/gh/DNSZLSK/muad-dib)
 - **56 fuzz tests** - Malformed YAML, invalid JSON, binary files, ReDoS, unicode, 10MB inputs
 - **Datadog 17K benchmark** - 17,922 real malware samples, 88.2% raw TPR, ~100% on JS/Node.js malware (2,077 out-of-scope misses: phishing, binaries, corrected libs)
-- **78 adversarial/holdout samples** - 38 adversarial + 40 holdout, 77/78 detection rate (98.7% ADR). 1 documented miss: `require-cache-poison` (accepted trade-off)
+- **83 adversarial/holdout samples** - 43 adversarial + 40 holdout, 82/83 detection rate (98.8% ADR). 1 documented miss: `require-cache-poison` (accepted trade-off)
 - **Ground truth validation** - 51 real-world attacks (45/49 detected = 91.8% TPR). 4 out-of-scope: browser-only (3) + FP-risky (1)
-- **False positive validation** - 7.4% FPR global (39/525) on real npm source code via `npm pack`
+- **False positive validation** - 6.0% FPR global (32/529) on real npm source code via `npm pack`
 - **ESLint security audit** - `eslint-plugin-security` with 14 rules enabled
 
 ---

package/logs/alerts/{2026-03-06T13-25-09-667-evil-pkg.json → 2026-03-06T20-13-43-891-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@1.0.0",
-  "timestamp": "2026-03-06T13:25:09.667Z",
+  "timestamp": "2026-03-06T20:13:43.891Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/alerts/{2026-03-06T13-25-09-668-evil-pkg.json → 2026-03-06T20-13-43-892-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@1.0.0",
-  "timestamp": "2026-03-06T13:25:09.668Z",
+  "timestamp": "2026-03-06T20:13:43.892Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/alerts/{2026-03-06T13-25-09-668-suspect-pkg.json → 2026-03-06T20-13-43-892-suspect-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/suspect-pkg@1.0",
-  "timestamp": "2026-03-06T13:25:09.668Z",
+  "timestamp": "2026-03-06T20:13:43.892Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 0,

package/logs/alerts/{2026-03-06T13-25-10-228-evil-pkg.json → 2026-03-06T20-13-44-264-evil-pkg.json}

@@ -1,6 +1,6 @@
 {
   "target": "npm/evil-pkg@2.0.0",
-  "timestamp": "2026-03-06T13:25:10.228Z",
+  "timestamp": "2026-03-06T20:13:44.264Z",
   "ecosystem": "npm",
   "summary": {
     "critical": 1,

package/logs/daily-reports/2026-03-06.json

@@ -1,6 +1,6 @@
 {
   "date": "2026-03-06",
-  "timestamp": "2026-03-06T13:25:10.394Z",
+  "timestamp": "2026-03-06T20:13:44.379Z",
   "embed": {
     "embeds": [
       {
@@ -34,14 +34,14 @@
           },
           {
             "name": "Top Suspects",
-            "value": "1. **npm/test-dedup-detection-1772803509664@1.0.0** — 1 finding(s)",
+            "value": "1. **npm/test-dedup-detection-1772828023889@1.0.0** — 1 finding(s)",
             "inline": false
           }
         ],
         "footer": {
-          "text": "MUAD'DIB - Daily summary | 2026-03-06 13:25:10 UTC"
+          "text": "MUAD'DIB - Daily summary | 2026-03-06 20:13:44 UTC"
         },
-        "timestamp": "2026-03-06T13:25:10.394Z"
+        "timestamp": "2026-03-06T20:13:44.379Z"
       }
     ]
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.5.8",
+  "version": "2.5.10",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/src/canary-tokens.js

@@ -1,31 +1,51 @@
 const crypto = require('crypto');
 
 /**
- * Canary token definitions.
- * Each key is an env var name, value is a prefix.
- * A random suffix is appended at generation time.
+ * Generate a base32-encoded string of the given length.
+ * Uses characters A-Z and 2-7 (RFC 4648 base32 alphabet).
  */
-const CANARY_PREFIXES = {
-  GITHUB_TOKEN: 'ghp_MUADDIB_CANARY_',
-  NPM_TOKEN: 'npm_MUADDIB_CANARY_',
-  AWS_ACCESS_KEY_ID: 'AKIA_MUADDIB_CANARY_',
-  AWS_SECRET_ACCESS_KEY: 'MUADDIB_CANARY_SECRET_',
-  GITLAB_TOKEN: 'glpat-MUADDIB_CANARY_',
-  DOCKER_PASSWORD: 'dckr_MUADDIB_CANARY_',
-  NPM_AUTH_TOKEN: 'npm_MUADDIB_CANARY_AUTH_',
-  GH_TOKEN: 'ghp_MUADDIB_CANARY_GH_'
+function generateBase32(length) {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+  const bytes = crypto.randomBytes(length);
+  return Array.from(bytes).map(b => chars[b % 32]).join('');
+}
+
+/**
+ * Canary token generators.
+ * Each generator produces a format-valid token that matches the real service format.
+ * No common marker (like "MUADDIB_CANARY") — detection relies on exact value matching.
+ */
+const CANARY_GENERATORS = {
+  // GitHub PAT: ghp_ + 36 alphanumeric chars
+  GITHUB_TOKEN: () => 'ghp_' + crypto.randomBytes(27).toString('base64url').substring(0, 36),
+  // npm token: npm_ + 36 hex chars
+  NPM_TOKEN: () => 'npm_' + crypto.randomBytes(18).toString('hex'),
+  // AWS Access Key: AKIA + 16 chars [A-Z2-7]
+  AWS_ACCESS_KEY_ID: () => 'AKIA' + generateBase32(16),
+  // AWS Secret: 40 chars base64
+  AWS_SECRET_ACCESS_KEY: () => crypto.randomBytes(30).toString('base64').substring(0, 40),
+  // GitLab PAT: glpat- + 20 alphanumeric
+  GITLAB_TOKEN: () => 'glpat-' + crypto.randomBytes(15).toString('base64url').substring(0, 20),
+  // Docker: dckr_pat_ + 56 alphanumeric
+  DOCKER_PASSWORD: () => 'dckr_pat_' + crypto.randomBytes(42).toString('base64url').substring(0, 56),
+  // npm auth token: same as NPM_TOKEN format
+  NPM_AUTH_TOKEN: () => 'npm_' + crypto.randomBytes(18).toString('hex'),
+  // GH_TOKEN: same as GITHUB_TOKEN format
+  GH_TOKEN: () => 'ghp_' + crypto.randomBytes(27).toString('base64url').substring(0, 36)
 };
 
 /**
- * Generate a unique set of canary tokens with random suffixes.
+ * Generate a unique set of canary tokens with format-valid values.
+ * Each token matches its real service format (ghp_, AKIA, npm_, etc.).
  * @returns {{ tokens: Record<string, string>, suffix: string }}
  */
 function generateCanaryTokens() {
-  const suffix = crypto.randomBytes(8).toString('hex');
   const tokens = {};
-  for (const [key, prefix] of Object.entries(CANARY_PREFIXES)) {
-    tokens[key] = prefix + suffix;
+  for (const [key, generator] of Object.entries(CANARY_GENERATORS)) {
+    tokens[key] = generator();
   }
+  // Suffix retained for backward compatibility (used in some callers)
+  const suffix = crypto.randomBytes(8).toString('hex');
   return { tokens, suffix };
 }
 
@@ -175,7 +195,7 @@ function detectCanaryInOutput(stdout, stderr, tokens) {
 }
 
 module.exports = {
-  CANARY_PREFIXES,
+  CANARY_GENERATORS,
   generateCanaryTokens,
   createCanaryEnvFile,
   createCanaryNpmrc,

package/src/sandbox/index.js

@@ -51,14 +51,15 @@ const SAFE_SANDBOX_CMDS = new Set(['timeout', 'node', 'npm', 'npx', 'su', 'env']
 
 // Static canary tokens injected by sandbox-runner.sh (fallback honeypots).
 // These are searched in the sandbox report as a complement to the dynamic
-// tokens from canary-tokens.js (which use random suffixes per session).
+// tokens from canary-tokens.js (which use random values per session).
+// Format-valid: match real service token formats to resist format-based detection.
 const STATIC_CANARY_TOKENS = {
-  GITHUB_TOKEN: 'MUADDIB_CANARY_GITHUB_f8k3t0k3n',
-  NPM_TOKEN: 'MUADDIB_CANARY_NPM_s3cr3tt0k3n',
-  AWS_ACCESS_KEY_ID: 'MUADDIB_CANARY_AKIAIOSFODNN7EXAMPLE',
-  AWS_SECRET_ACCESS_KEY: 'MUADDIB_CANARY_wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
-  SLACK_WEBHOOK_URL: 'MUADDIB_CANARY_SLACK',
-  DISCORD_WEBHOOK_URL: 'MUADDIB_CANARY_DISCORD'
+  GITHUB_TOKEN: 'ghp_R8kLmN2pQ4vW7xY9aB3cD5eF6gH8jK0mN2pQ4vW',
+  NPM_TOKEN: 'npm_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8',
+  AWS_ACCESS_KEY_ID: 'AKIAIOSFODNN7EXAMPLE',
+  AWS_SECRET_ACCESS_KEY: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  SLACK_WEBHOOK_URL: 'https://hooks.example.com/services/TCANARY/BCANARY/canary-slack-token',
+  DISCORD_WEBHOOK_URL: 'https://discord.com/api/webhooks/000000000000000000/abcdefghijklmnopqrstuvwxyz'
 };
 
 // Patterns indicating data exfiltration in HTTP bodies
@@ -151,7 +152,7 @@ async function runSingleSandbox(packageName, options = {}) {
     let stdout = '';
     let stderr = '';
     let timedOut = false;
-    const containerName = `muaddib-sandbox-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+    const containerName = `npm-audit-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
 
     const dockerArgs = [
       'run',
@@ -175,7 +176,7 @@ async function runSingleSandbox(packageName, options = {}) {
     }
 
     // Inject time offset (preload.js deferred to entry point in sandbox-runner.sh)
-    dockerArgs.push('-e', `MUADDIB_TIME_OFFSET_MS=${timeOffset}`);
+    dockerArgs.push('-e', `NODE_TIMING_OFFSET=${timeOffset}`);
 
     // Both modes need NET_RAW for tcpdump (runs as root in entrypoint).
     // Strict mode also needs NET_ADMIN for iptables network blocking.

package/src/sandbox.js

@@ -41,12 +41,12 @@ const DANGEROUS_CMDS = ['curl', 'wget', 'nc', 'netcat', 'python', 'python3', 'ba
 // These are searched in the sandbox report as a complement to the dynamic
 // tokens from canary-tokens.js (which use random suffixes per session).
 const STATIC_CANARY_TOKENS = {
-  GITHUB_TOKEN: 'MUADDIB_CANARY_GITHUB_f8k3t0k3n',
-  NPM_TOKEN: 'MUADDIB_CANARY_NPM_s3cr3tt0k3n',
-  AWS_ACCESS_KEY_ID: 'MUADDIB_CANARY_AKIAIOSFODNN7EXAMPLE',
-  AWS_SECRET_ACCESS_KEY: 'MUADDIB_CANARY_wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
-  SLACK_WEBHOOK_URL: 'MUADDIB_CANARY_SLACK',
-  DISCORD_WEBHOOK_URL: 'MUADDIB_CANARY_DISCORD'
+  GITHUB_TOKEN: 'ghp_R8kLmN2pQ4vW7xY9aB3cD5eF6gH8jK0mN2pQ4vW',
+  NPM_TOKEN: 'npm_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8',
+  AWS_ACCESS_KEY_ID: 'AKIAIOSFODNN7EXAMPLE',
+  AWS_SECRET_ACCESS_KEY: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+  SLACK_WEBHOOK_URL: 'https://hooks.example.com/services/TCANARY/BCANARY/canary-slack-token',
+  DISCORD_WEBHOOK_URL: 'https://discord.com/api/webhooks/000000000000000000/abcdefghijklmnopqrstuvwxyz'
 };
 
 // Patterns indicating data exfiltration in HTTP bodies

package/src/scanner/ast-detectors.js

@@ -858,12 +858,24 @@ function handleCallExpression(node, ctx) {
       });
     } else {
       const isConstant = hasOnlyStringLiteralArgs(node);
+      let severity = isConstant ? 'LOW' : 'HIGH';
+      let message = isConstant
+        ? 'eval() with constant string literal (low risk, globalThis polyfill pattern).'
+        : 'Dangerous call "eval" with dynamic expression detected.';
+
+      // Audit fix: even string-literal eval is dangerous if content contains dangerous APIs
+      if (isConstant && node.arguments[0]?.value) {
+        const val = node.arguments[0].value;
+        if (/\b(require|import|exec|execSync|spawn|child_process|\.readFile|\.writeFile|process\.env|\.homedir)\b/.test(val)) {
+          severity = 'HIGH';
+          message = `eval() with dangerous API in string literal: "${val.substring(0, 100)}"`;
+        }
+      }
+
       ctx.threats.push({
         type: 'dangerous_call_eval',
-        severity: isConstant ? 'LOW' : 'HIGH',
-        message: isConstant
-          ? 'eval() with constant string literal (low risk, globalThis polyfill pattern).'
-          : 'Dangerous call "eval" with dynamic expression detected.',
+        severity,
+        message,
         file: ctx.relFile
       });
     }

package/src/scanner/ast.js

@@ -130,7 +130,12 @@ function analyzeFile(content, filePath, basePath) {
       'nodejs.org', 'yarnpkg.com',
       'pypi.org', 'files.pythonhosted.org'
     ];
-    if (urlMatches.length > 0 && urlMatches.every(u => SAFE_FETCH_DOMAINS.some(d => u.includes(d)))) {
+    if (urlMatches.length > 0 && urlMatches.every(u => {
+      try {
+        const hostname = new URL(u).hostname;
+        return SAFE_FETCH_DOMAINS.some(d => hostname === d || hostname.endsWith('.' + d));
+      } catch { return false; }
+    })) {
       ctx.fetchOnlySafeDomains = true;
     }
   }

package/src/scoring.js

@@ -119,19 +119,35 @@ const FP_COUNT_THRESHOLDS = {
   credential_tampering: { maxCount: 5, to: 'LOW' }
 };
 
-// Types exempt from dist/ downgrade — IOC matches and lifecycle scripts are always real
+// Types exempt from dist/ downgrade — IOC matches, lifecycle scripts, and
+// high-confidence compound detections are always real even in dist/ files
 const DIST_EXEMPT_TYPES = new Set([
   'ioc_match', 'known_malicious_package', 'pypi_malicious_package', 'shai_hulud_marker',
   'lifecycle_script', 'lifecycle_shell_pipe',
-  'lifecycle_added_critical', 'lifecycle_added_high', 'lifecycle_modified'
+  'lifecycle_added_critical', 'lifecycle_added_high', 'lifecycle_modified',
+  // Compound detections — require multiple correlated signals, not single-pattern FPs
+  'zlib_inflate_eval',        // zlib + base64 + eval (event-stream pattern)
+  'fetch_decrypt_exec',       // fetch + decrypt + eval (steganographic chain)
+  'download_exec_binary',     // download + chmod + exec (binary dropper)
+  'cross_file_dataflow',      // credential read → network exfil across files
+  'staged_eval_decode',       // eval(atob(...)) (explicit payload staging)
+  'reverse_shell'             // net.Socket + connect + pipe (always malicious)
 ]);
 
 // Regex matching dist/build/minified/bundled file paths
 const DIST_FILE_RE = /(?:^|[/\\])(?:dist|build)[/\\]|\.min\.js$|\.bundle\.js$/i;
 
-// Types exempt from reachability downgrade — IOC matches, lifecycle, and package-level types
+// Types exempt from reachability downgrade — IOC matches, lifecycle, and package-level types.
+// NOTE: Uses the base IOC/lifecycle exempt set, NOT full DIST_EXEMPT_TYPES.
+// Compound detections (zlib_inflate_eval, staged_eval_decode, etc.) should still be
+// downgraded if the file is truly unreachable, since unreachable code cannot execute.
+const REACHABILITY_BASE_EXEMPT = new Set([
+  'ioc_match', 'known_malicious_package', 'pypi_malicious_package', 'shai_hulud_marker',
+  'lifecycle_script', 'lifecycle_shell_pipe',
+  'lifecycle_added_critical', 'lifecycle_added_high', 'lifecycle_modified'
+]);
 const REACHABILITY_EXEMPT_TYPES = new Set([
-  ...DIST_EXEMPT_TYPES,
+  ...REACHABILITY_BASE_EXEMPT,
   'cross_file_dataflow',
   'typosquat_detected', 'pypi_typosquat_detected',
   'pypi_malicious_package',
@@ -145,41 +161,7 @@ const FRAMEWORK_PROTO_RE = new RegExp(
   '^(' + FRAMEWORK_PROTOTYPES.join('|') + ')\\.prototype\\.'
 );
 
-// ============================================
-// BENIGN PACKAGE WHITELIST (v2.3.5)
-// ============================================
-// Well-known npm packages whose legitimate code patterns trigger false positives.
-// For whitelisted packages, non-IOC threats are downgraded to LOW.
-// IOC matches, lifecycle_shell_pipe, and cross_file_dataflow are NEVER downgraded
-// — a compromised version of these packages would still be detected.
-const BENIGN_PACKAGE_WHITELIST = new Set([
-  'meteor',               // powershell PATH setup in install.js (dangerous_exec FP)
-  'blessed',              // module._compile for terminal capabilities (module_compile FP)
-  'sharp',                // native bindings with dynamic require + postinstall (lifecycle FP)
-  'forever',              // process manager: detached spawn + HOME config access (dataflow FP)
-  'start-server-and-test', // curl/wget in test scripts, not install hooks (lifecycle FP)
-  'ultra-runner',         // aliased fs.readFileSync in pnp.js + dynamic require (taint-tracked dataflow FP)
-  'node-gyp',             // aliased child_process.spawn in node-gyp.js + env access (taint-tracked dataflow FP)
-  'graceful-fs'           // aliased fs.readFile/readdir/writeFile monkey-patching (taint-tracked credential_tampering FP)
-]);
-
-// Threat types never affected by benign package whitelist (real compromise indicators)
-const WHITELIST_EXEMPT_TYPES = new Set([
-  'ioc_match', 'known_malicious_package', 'pypi_malicious_package', 'shai_hulud_marker',
-  'lifecycle_shell_pipe',
-  'cross_file_dataflow'
-]);
-
 function applyFPReductions(threats, reachableFiles, packageName) {
-  // Benign package whitelist: downgrade all non-IOC threats to LOW
-  if (packageName && BENIGN_PACKAGE_WHITELIST.has(packageName)) {
-    for (const t of threats) {
-      if (!WHITELIST_EXEMPT_TYPES.has(t.type) && t.severity !== 'LOW') {
-        t.severity = 'LOW';
-      }
-    }
-  }
-
   // Count occurrences of each threat type (package-level, across all files)
   const typeCounts = {};
   for (const t of threats) {
@@ -188,11 +170,11 @@ function applyFPReductions(threats, reachableFiles, packageName) {
 
   const totalThreats = threats.length;
 
-  // P4: Plugin loader pattern — packages with 2+ dynamic_require + dynamic_import combined
+  // P4: Plugin loader pattern — packages with 5+ dynamic_require + dynamic_import combined
   // are legitimate plugin systems (webpack, eslint, karma, knex, jasmine, gatsby).
-  // Malware uses one pattern, not both. Bypass the per-type percentage guard.
+  // Threshold raised from >1 to >4 (audit fix: >1 was trivially exploitable).
   const pluginLoaderCount = (typeCounts.dynamic_require || 0) + (typeCounts.dynamic_import || 0);
-  if (pluginLoaderCount > 1) {
+  if (pluginLoaderCount > 4) {
     for (const t of threats) {
       if ((t.type === 'dynamic_require' || t.type === 'dynamic_import') && t.severity === 'HIGH') {
         t.severity = 'LOW';
@@ -208,10 +190,11 @@ function applyFPReductions(threats, reachableFiles, packageName) {
     const rule = FP_COUNT_THRESHOLDS[t.type];
     if (rule && typeCounts[t.type] > rule.maxCount && (!rule.from || t.severity === rule.from)) {
       const typeRatio = typeCounts[t.type] / totalThreats;
-      // P4: suspicious_dataflow bypasses the percentage guard — multiple data flow paths
-      // indicate a complex application (SMTP client, monitoring agent), not malware.
-      // Malware has 1-2 targeted exfiltration flows, not 4+.
-      if (typeRatio < 0.5 || t.type === 'suspicious_dataflow') {
+      // suspicious_dataflow: partial bypass of percentage guard up to 80%.
+      // Complex apps (SMTP, monitoring) have 50-80% dataflow findings — still downgrade.
+      // But if dataflow is >80% of ALL findings, it may be real targeted exfiltration.
+      // (Audit fix: full bypass was exploitable — 4+ dataflow patterns = all LOW.)
+      if (typeRatio < 0.5 || (t.type === 'suspicious_dataflow' && typeRatio < 0.8)) {
         t.severity = rule.to;
       }
     }
@@ -232,22 +215,22 @@ function applyFPReductions(threats, reachableFiles, packageName) {
     }
 
     // HTTP client prototype whitelist: packages with >20 prototype_hook hits
-    // targeting HTTP objects (Request, Response, fetch, etc.) are legitimate HTTP clients
+    // targeting HTTP class names are legitimate HTTP clients/frameworks.
+    // Audit fix: narrowed regex — 'get','delete','command' matched getCredentials, deleteAccount.
     if (t.type === 'prototype_hook' && (t.severity === 'HIGH' || t.severity === 'CRITICAL') &&
         typeCounts.prototype_hook > 20) {
-      const HTTP_PROTO_RE = /\b(Request|Response|fetch|get|post|put|delete|patch|head|options|query|command)\b/i;
+      const HTTP_PROTO_RE = /\b(Request|Response|IncomingMessage|ClientRequest|ServerResponse|fetch)\b/i;
       if (HTTP_PROTO_RE.test(t.message)) {
         t.severity = 'MEDIUM';
       }
     }
 
-    // Dist/build/minified files: bundler artifacts get severity downgraded two notches.
-    // Real malware injects payloads in source files, not in dist/ output.
-    // Two-notch downgrade (P4): cross-file bonus amplifies dist/ noise in large packages.
-    // IOC matches and lifecycle scripts are exempt (DIST_EXEMPT_TYPES).
+    // Dist/build/minified files: bundler artifacts get severity downgraded one notch.
+    // Reduced from two-notch (audit fix): 2-notch made dist/ attacks invisible (CRITICAL→MEDIUM=3pts).
+    // Compound detections are exempt (DIST_EXEMPT_TYPES).
     if (t.file && !DIST_EXEMPT_TYPES.has(t.type) && DIST_FILE_RE.test(t.file)) {
-      if (t.severity === 'CRITICAL') t.severity = 'MEDIUM';
-      else if (t.severity === 'HIGH') t.severity = 'LOW';
+      if (t.severity === 'CRITICAL') t.severity = 'HIGH';
+      else if (t.severity === 'HIGH') t.severity = 'MEDIUM';
       else if (t.severity === 'MEDIUM') t.severity = 'LOW';
     }
 
@@ -352,6 +335,5 @@ function calculateRiskScore(deduped) {
 
 module.exports = {
   SEVERITY_WEIGHTS, RISK_THRESHOLDS, MAX_RISK_SCORE,
-  BENIGN_PACKAGE_WHITELIST, WHITELIST_EXEMPT_TYPES,
   isPackageLevelThreat, computeGroupScore, applyFPReductions, calculateRiskScore
 };

package/_test_aiweapon.js

@@ -1,12 +0,0 @@
-const { run } = require('./src/index.js');
-const path = require('path');
-
-(async () => {
-  const dir = path.join('datasets/adversarial/ai-agent-weaponization');
-  const result = await run(dir, { _capture: true });
-  console.log('Score:', result.summary.riskScore);
-  console.log('MaxFile:', result.summary.maxFileScore, 'Pkg:', result.summary.packageScore);
-  for (const t of result.threats) {
-    console.log(`  ${t.severity.padEnd(8)} ${t.type.padEnd(30)} ${(t.file || '').substring(0, 50)}`);
-  }
-})();

package/_test_fp.js

@@ -1,11 +0,0 @@
-const { applyFPReductions } = require('./src/scoring.js');
-
-const threats = [
-  { type: 'reverse_shell', severity: 'HIGH', message: 'JS reverse shell', file: 'dist\\chunks\\cli-api.js' },
-  { type: 'env_proxy_intercept', severity: 'HIGH', message: 'new Proxy(process.env)', file: 'dist\\module-evaluator.js' },
-  { type: 'prototype_hook', severity: 'MEDIUM', message: 'WebSocket.prototype.addEventListener', file: 'dist\\chunks\\cli-api.js' }
-];
-
-console.log('BEFORE:', threats.map(t => `${t.type}: ${t.severity}`));
-applyFPReductions(threats, null, null);
-console.log('AFTER:', threats.map(t => `${t.type}: ${t.severity}`));

package/_test_fp2.js

@@ -1,37 +0,0 @@
-const path = require('path');
-const { applyFPReductions } = require('./src/scoring.js');
-
-// Simulate the exact vitest threats from the scan
-const threats = [
-  { type: 'prototype_hook', severity: 'MEDIUM', message: 'WebSocket.prototype.addEventListener overridden — native API hooking for traffic interception.', file: 'dist\\chunks\\cli-api.B7PN_QUv.js', count: 1 },
-  { type: 'prototype_hook', severity: 'MEDIUM', message: 'WebSocket.prototype.removeEventListener overridden — native API hooking for traffic interception.', file: 'dist\\chunks\\cli-api.B7PN_QUv.js', count: 1 },
-  { type: 'env_access', severity: 'LOW', message: 'Dynamic access to process.env (variable key).', file: 'dist\\chunks\\cli-api.B7PN_QUv.js', count: 1 },
-  { type: 'reverse_shell', severity: 'HIGH', message: 'JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout.', file: 'dist\\chunks\\cli-api.B7PN_QUv.js', count: 1 },
-  { type: 'env_access', severity: 'LOW', message: 'Dynamic access to process.env (variable key).', file: 'dist\\chunks\\init.B6MLFIaN.js', count: 1 },
-  { type: 'dynamic_import', severity: 'MEDIUM', message: 'Dynamic import() with computed argument (possible obfuscation).', file: 'dist\\chunks\\traces.CCmnQaNT.js', count: 1 },
-  { type: 'module_compile', severity: 'LOW', message: 'module._compile() detected.', file: 'dist\\chunks\\vm.D3epNOPZ.js', count: 1 },
-  { type: 'module_compile_dynamic', severity: 'LOW', message: 'In-memory code execution.', file: 'dist\\chunks\\vm.D3epNOPZ.js', count: 1 },
-  { type: 'require_cache_poison', severity: 'LOW', message: 'require.cache accessed.', file: 'dist\\chunks\\vm.D3epNOPZ.js', count: 1 },
-  { type: 'dynamic_require', severity: 'LOW', message: 'Dynamic require() with variable argument.', file: 'dist\\chunks\\vm.D3epNOPZ.js', count: 1 },
-  { type: 'dynamic_import', severity: 'MEDIUM', message: 'Dynamic import() with computed argument (possible obfuscation).', file: 'dist\\module-evaluator.js', count: 1 },
-  { type: 'env_access', severity: 'LOW', message: 'Dynamic access to process.env (variable key).', file: 'dist\\module-evaluator.js', count: 1 },
-  { type: 'env_proxy_intercept', severity: 'HIGH', message: 'new Proxy(process.env) detected — intercepts all environment variable access.', file: 'dist\\module-evaluator.js', count: 1 },
-  { type: 'suspicious_dataflow', severity: 'MEDIUM', message: 'Suspicious flow: credentials read (stuff) + network send (request)', file: 'dist\\chunks\\cli-api.B7PN_QUv.js', count: 1 },
-  { type: 'suspicious_dataflow', severity: 'LOW', message: 'Suspicious flow: credentials read (stuff) + network send (get)', file: 'dist\\chunks\\init.B6MLFIaN.js', count: 1 },
-  { type: 'suspicious_dataflow', severity: 'MEDIUM', message: 'Suspicious flow: credentials read (stuff) + network send (get)', file: 'dist\\module-evaluator.js', count: 1 }
-];
-
-console.log('BEFORE:');
-threats.forEach(t => console.log(`  ${t.severity.padEnd(8)} ${t.type.padEnd(25)} ${t.file}`));
-
-applyFPReductions(threats, null, 'vitest');
-
-console.log('\nAFTER:');
-threats.forEach(t => console.log(`  ${t.severity.padEnd(8)} ${t.type.padEnd(25)} ${t.file}`));
-
-// Now check scoring
-const { calculateRiskScore } = require('./src/scoring.js');
-const result = calculateRiskScore(threats);
-console.log('\nScore:', result.riskScore, 'Level:', result.riskLevel);
-console.log('MaxFile:', result.maxFileScore, 'Cross:', result.crossFileBonus, 'Pkg:', result.packageScore);
-console.log('FileScores:', result.fileScores);

package/_test_fp3.js

@@ -1,19 +0,0 @@
-const { run } = require('./src/index.js');
-
-(async () => {
-  const result = await run(
-    'C:/Users/kposz/PyCharmMiscProject/CDA 2025 - 2026/muad-dib/.muaddib-cache/benign-tarballs/vitest/package',
-    { _capture: true }
-  );
-
-  console.log('Score:', result.summary.riskScore);
-  const rs = result.threats.find(t => t.type === 'reverse_shell');
-  const ep = result.threats.find(t => t.type === 'env_proxy_intercept');
-  console.log('reverse_shell:', rs ? rs.severity : 'not found');
-  console.log('env_proxy_intercept:', ep ? ep.severity : 'not found');
-
-  // Show all threats
-  result.threats.forEach(t => {
-    console.log(`  ${t.severity.padEnd(8)} ${t.type.padEnd(25)} ${t.file}`);
-  });
-})();

package/_test_nodemailer.js

@@ -1,17 +0,0 @@
-const { run } = require('./src/index.js');
-const path = require('path');
-
-(async () => {
-  const dir = path.join('.muaddib-cache/benign-tarballs/nodemailer/package');
-  const result = await run(dir, { _capture: true });
-
-  console.log('Score:', result.summary.riskScore);
-
-  // Show all suspicious_dataflow threats with full message
-  for (const t of result.threats) {
-    if (t.severity !== 'LOW') {
-      console.log(`\n${t.severity} ${t.type} [${t.file}]`);
-      console.log(`  ${t.message}`);
-    }
-  }
-})();

package/_test_p4_detail.js

@@ -1,45 +0,0 @@
-const { run } = require('./src/index.js');
-const path = require('path');
-const fs = require('fs');
-
-const packages = [
-  'next', 'gatsby', 'sails', 'webpack', 'jasmine', 'karma', 'knex',
-  'eslint', 'lerna', 'recoil', 'mathjs', 'nodemailer', 'ses'
-];
-
-const CACHE_DIR = '.muaddib-cache/benign-tarballs';
-const SEVERITY_WEIGHTS = { CRITICAL: 25, HIGH: 10, MEDIUM: 3, LOW: 1 };
-
-(async () => {
-  for (const pkg of packages) {
-    const cacheName = pkg.replace(/\//g, '-').replace(/^@/, '');
-    const dir = path.join(CACHE_DIR, cacheName, 'package');
-    if (!fs.existsSync(dir)) continue;
-    try {
-      const result = await run(dir, { _capture: true });
-      const score = result.summary.riskScore;
-      if (score <= 20) continue; // Only show FPs
-      console.log(`\n=== ${pkg} (score: ${score}) ===`);
-      console.log(`  maxFile: ${result.summary.maxFileScore}, crossBonus: ${result.summary.crossFileBonus || 0}, pkgScore: ${result.summary.packageScore}`);
-      console.log(`  mostSuspicious: ${result.summary.mostSuspiciousFile}`);
-
-      // Group by severity
-      const byType = {};
-      for (const t of result.threats) {
-        const key = `${t.severity}:${t.type}`;
-        if (!byType[key]) byType[key] = { severity: t.severity, type: t.type, count: 0, files: new Set(), points: 0 };
-        byType[key].count++;
-        byType[key].files.add(t.file);
-        byType[key].points += SEVERITY_WEIGHTS[t.severity] || 0;
-      }
-
-      // Sort by points descending
-      const sorted = Object.values(byType).sort((a, b) => b.points - a.points);
-      for (const entry of sorted.slice(0, 8)) {
-        console.log(`  ${entry.severity.padEnd(8)} ${entry.type.padEnd(30)} x${entry.count} = ${entry.points}pts  files: ${[...entry.files].slice(0, 2).join(', ')}`);
-      }
-    } catch (e) {
-      console.log(`ERR ${pkg}: ${e.message}`);
-    }
-  }
-})();

package/_test_p4_detail2.js

@@ -1,32 +0,0 @@
-const { run } = require('./src/index.js');
-const path = require('path');
-const fs = require('fs');
-
-const packages = ['next', 'webpack', 'jasmine', 'knex', 'eslint', 'lerna', 'nodemailer'];
-const CACHE_DIR = '.muaddib-cache/benign-tarballs';
-
-(async () => {
-  for (const pkg of packages) {
-    const cacheName = pkg.replace(/\//g, '-').replace(/^@/, '');
-    const dir = path.join(CACHE_DIR, cacheName, 'package');
-    if (!fs.existsSync(dir)) continue;
-    try {
-      const result = await run(dir, { _capture: true });
-      const score = result.summary.riskScore;
-      console.log(`\n=== ${pkg} (score: ${score}) ===`);
-      console.log(`  maxFile: ${result.summary.maxFileScore}, crossBonus: ${result.summary.crossFileBonus || '(not in summary)'}, pkgScore: ${result.summary.packageScore}`);
-      console.log(`  mostSuspicious: ${result.summary.mostSuspiciousFile}`);
-
-      // Show high-value threats (MEDIUM+)
-      const highValue = result.threats.filter(t => t.severity !== 'LOW');
-      for (const t of highValue) {
-        console.log(`  ${t.severity.padEnd(8)} ${t.type.padEnd(30)} ${(t.file || '').substring(0, 60)}`);
-      }
-      // Count LOWs
-      const lowCount = result.threats.filter(t => t.severity === 'LOW').length;
-      console.log(`  + ${lowCount} LOW threats`);
-    } catch (e) {
-      console.log(`ERR ${pkg}: ${e.message}`);
-    }
-  }
-})();

package/_test_p4_quick.js

@@ -1,33 +0,0 @@
-const { run } = require('./src/index.js');
-
-const packages = [
-  'next', 'gatsby', 'sails', 'stencil', 'webpack', '@swc/core',
-  'vitest', 'jasmine', 'karma', 'knex', 'eslint', 'lerna',
-  '@changesets/cli', 'recoil', 'mathjs', 'nodemailer', 'ses', 'jspdf'
-];
-
-const CACHE_DIR = '.muaddib-cache/benign-tarballs';
-const path = require('path');
-const fs = require('fs');
-
-(async () => {
-  const results = [];
-  for (const pkg of packages) {
-    const cacheName = pkg.replace(/\//g, '-').replace(/^@/, '');
-    const dir = path.join(CACHE_DIR, cacheName, 'package');
-    if (!fs.existsSync(dir)) {
-      console.log(`SKIP ${pkg} (not cached)`);
-      continue;
-    }
-    try {
-      const result = await run(dir, { _capture: true });
-      const score = result.summary.riskScore;
-      const flagged = score > 20;
-      console.log(`${flagged ? 'FP' : 'OK'}  ${String(score).padStart(3)} ${pkg}`);
-      if (flagged) results.push(pkg);
-    } catch (e) {
-      console.log(`ERR ${pkg}: ${e.message}`);
-    }
-  }
-  console.log(`\n${results.length} FPs remaining: ${results.join(', ')}`);
-})();

package/_test_regex.js

@@ -1,5 +0,0 @@
-const DIST_FILE_RE = /(?:^|[/\\])(?:dist|build)[/\\]|\.min\.js$|\.bundle\.js$/i;
-console.log('dist\\chunks\\file.js:', DIST_FILE_RE.test('dist\\chunks\\file.js'));
-console.log('dist/chunks/file.js:', DIST_FILE_RE.test('dist/chunks/file.js'));
-console.log('package\\dist\\file.js:', DIST_FILE_RE.test('package\\dist\\file.js'));
-console.log('src\\index.js:', DIST_FILE_RE.test('src\\index.js'));

package/_vitest_result.json

@@ -1,395 +0,0 @@
-{
-  "target": "C:/Users/kposz/PyCharmMiscProject/CDA 2025 - 2026/muad-dib/.muaddib-cache/benign-tarballs/vitest/package",
-  "timestamp": "2026-03-06T10:35:36.370Z",
-  "threats": [
-    {
-      "type": "prototype_hook",
-      "severity": "MEDIUM",
-      "message": "WebSocket.prototype.addEventListener overridden — native API hooking for traffic interception.",
-      "file": "dist\\chunks\\cli-api.B7PN_QUv.js",
-      "count": 1,
-      "rule_id": "MUADDIB-AST-017",
-      "rule_name": "Native API Prototype Hooking",
-      "confidence": "high",
-      "references": [
-        "https://www.sygnia.co/blog/malicious-chalk-debug-npm-packages/",
-        "https://attack.mitre.org/techniques/T1557/"
-      ],
-      "mitre": "T1557",
-      "playbook": "Prototype de fonction native modifie (fetch, XMLHttpRequest, http.request). Technique d'interception de trafic pour voler des donnees en transit. Supprimer le package. Auditer le trafic reseau recent.",
-      "points": 3
-    },
-    {
-      "type": "prototype_hook",
-      "severity": "MEDIUM",
-      "message": "WebSocket.prototype.removeEventListener overridden — native API hooking for traffic interception.",
-      "file": "dist\\chunks\\cli-api.B7PN_QUv.js",
-      "count": 1,
-      "rule_id": "MUADDIB-AST-017",
-      "rule_name": "Native API Prototype Hooking",
-      "confidence": "high",
-      "references": [
-        "https://www.sygnia.co/blog/malicious-chalk-debug-npm-packages/",
-        "https://attack.mitre.org/techniques/T1557/"
-      ],
-      "mitre": "T1557",
-      "playbook": "Prototype de fonction native modifie (fetch, XMLHttpRequest, http.request). Technique d'interception de trafic pour voler des donnees en transit. Supprimer le package. Auditer le trafic reseau recent.",
-      "points": 3
-    },
-    {
-      "type": "env_access",
-      "severity": "LOW",
-      "message": "Dynamic access to process.env (variable key).",
-      "file": "dist\\chunks\\cli-api.B7PN_QUv.js",
-      "count": 3,
-      "rule_id": "MUADDIB-AST-002",
-      "rule_name": "Sensitive Environment Variable Access",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm",
-        "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions"
-      ],
-      "mitre": "T1552.001",
-      "playbook": "Acces a une variable d'environnement sensible. Verifier si les donnees sont exfiltrees.",
-      "points": 1
-    },
-    {
-      "type": "reverse_shell",
-      "severity": "HIGH",
-      "message": "JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout.",
-      "file": "dist\\chunks\\cli-api.B7PN_QUv.js",
-      "count": 1,
-      "rule_id": "MUADDIB-SHELL-002",
-      "rule_name": "Reverse Shell",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1059/004/"
-      ],
-      "mitre": "T1059.004",
-      "playbook": "CRITIQUE: Reverse shell detecte. Machine potentiellement compromise. Isoler immediatement.",
-      "points": 10
-    },
-    {
-      "type": "env_access",
-      "severity": "LOW",
-      "message": "Dynamic access to process.env (variable key).",
-      "file": "dist\\chunks\\init.B6MLFIaN.js",
-      "count": 4,
-      "unreachable": true,
-      "rule_id": "MUADDIB-AST-002",
-      "rule_name": "Sensitive Environment Variable Access",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm",
-        "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions"
-      ],
-      "mitre": "T1552.001",
-      "playbook": "Acces a une variable d'environnement sensible. Verifier si les donnees sont exfiltrees.",
-      "points": 1
-    },
-    {
-      "type": "dynamic_import",
-      "severity": "MEDIUM",
-      "message": "Dynamic import() with computed argument (possible obfuscation).",
-      "file": "dist\\chunks\\traces.CCmnQaNT.js",
-      "count": 1,
-      "rule_id": "MUADDIB-AST-008",
-      "rule_name": "Dynamic import() of Dangerous Module",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1027/"
-      ],
-      "mitre": "T1027",
-      "playbook": "import() dynamique detecte. Technique d'evasion pour eviter la detection de require(). Verifier quel module est charge et son usage.",
-      "points": 3
-    },
-    {
-      "type": "module_compile",
-      "severity": "LOW",
-      "message": "module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern).",
-      "file": "dist\\chunks\\vm.D3epNOPZ.js",
-      "count": 1,
-      "unreachable": true,
-      "rule_id": "MUADDIB-AST-023",
-      "rule_name": "Module Compile Execution",
-      "confidence": "high",
-      "references": [
-        "https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident",
-        "https://attack.mitre.org/techniques/T1059/007/"
-      ],
-      "mitre": "T1059",
-      "playbook": "CRITIQUE: module._compile() detecte. Cette API Node.js interne execute du code arbitraire a partir d'une chaine dans le contexte d'un module. Utilisee dans flatmap-stream pour executer un payload dechiffre sans ecrire sur disque. Isoler immediatement. Analyser la source de la chaine compilee.",
-      "points": 1
-    },
-    {
-      "type": "module_compile_dynamic",
-      "severity": "LOW",
-      "message": "In-memory code execution via Module._compile(). Common malware evasion technique.",
-      "file": "dist\\chunks\\vm.D3epNOPZ.js",
-      "count": 1,
-      "unreachable": true,
-      "rule_id": "MUADDIB-AST-025",
-      "rule_name": "Dynamic Module Compile Execution",
-      "confidence": "high",
-      "references": [
-        "https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident",
-        "https://attack.mitre.org/techniques/T1059/007/"
-      ],
-      "mitre": "T1059",
-      "playbook": "CRITIQUE: Module._compile() avec argument dynamique (variable, expression). Execution de code en memoire sans ecriture sur disque. Technique d'evasion utilisee dans flatmap-stream et SANDWORM_MODE. Isoler immediatement. Tracer la source de la chaine compilee pour extraire le payload.",
-      "points": 1
-    },
-    {
-      "type": "require_cache_poison",
-      "severity": "LOW",
-      "message": "require.cache accessed — module cache poisoning to hijack or replace core Node.js modules.",
-      "file": "dist\\chunks\\vm.D3epNOPZ.js",
-      "count": 1,
-      "unreachable": true,
-      "rule_id": "MUADDIB-AST-019",
-      "rule_name": "Require Cache Poisoning",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1574/006/"
-      ],
-      "mitre": "T1574.006",
-      "playbook": "CRITIQUE: require.cache modifie pour hijacker des modules Node.js. Le code remplace les exports de modules charges (https, http, fs) pour intercepter toutes les requetes. Supprimer le package. Redemarrer le processus Node.js. Auditer le trafic reseau recent.",
-      "points": 1
-    },
-    {
-      "type": "dynamic_require",
-      "severity": "LOW",
-      "message": "Dynamic require() with variable argument (module name obfuscation).",
-      "file": "dist\\chunks\\vm.D3epNOPZ.js",
-      "count": 3,
-      "unreachable": true,
-      "rule_id": "MUADDIB-AST-006",
-      "rule_name": "Dynamic Require with Concatenation",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1027/"
-      ],
-      "mitre": "T1027",
-      "playbook": "require() avec concatenation detecte. Technique d'obfuscation pour masquer le module charge. Analyser les variables concatenees.",
-      "points": 1
-    },
-    {
-      "type": "dynamic_import",
-      "severity": "MEDIUM",
-      "message": "Dynamic import() with computed argument (possible obfuscation).",
-      "file": "dist\\module-evaluator.js",
-      "count": 1,
-      "rule_id": "MUADDIB-AST-008",
-      "rule_name": "Dynamic import() of Dangerous Module",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1027/"
-      ],
-      "mitre": "T1027",
-      "playbook": "import() dynamique detecte. Technique d'evasion pour eviter la detection de require(). Verifier quel module est charge et son usage.",
-      "points": 3
-    },
-    {
-      "type": "env_access",
-      "severity": "LOW",
-      "message": "Dynamic access to process.env (variable key).",
-      "file": "dist\\module-evaluator.js",
-      "count": 4,
-      "rule_id": "MUADDIB-AST-002",
-      "rule_name": "Sensitive Environment Variable Access",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm",
-        "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions"
-      ],
-      "mitre": "T1552.001",
-      "playbook": "Acces a une variable d'environnement sensible. Verifier si les donnees sont exfiltrees.",
-      "points": 1
-    },
-    {
-      "type": "env_proxy_intercept",
-      "severity": "HIGH",
-      "message": "new Proxy(process.env) detected — intercepts all environment variable access.",
-      "file": "dist\\module-evaluator.js",
-      "count": 1,
-      "rule_id": "MUADDIB-AST-009",
-      "rule_name": "Environment Variable Proxy Interception",
-      "confidence": "high",
-      "references": [
-        "https://attack.mitre.org/techniques/T1552/001/"
-      ],
-      "mitre": "T1552.001",
-      "playbook": "CRITIQUE: new Proxy(process.env) intercepte tous les acces aux variables d'environnement. Technique d'exfiltration silencieuse. Isoler la machine, regenerer tous les secrets.",
-      "points": 10
-    },
-    {
-      "type": "suspicious_dataflow",
-      "severity": "MEDIUM",
-      "message": "Suspicious flow: credentials read (npm_config_user_agent, process.env[dynamic], process.env[dynamic], npm_config_VITEST_MODULE_DIRECTORIES, process.env[dynamic]) + network send (request, request, net.connect, tls.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get)",
-      "file": "dist\\chunks\\cli-api.B7PN_QUv.js",
-      "count": 1,
-      "rule_id": "MUADDIB-FLOW-001",
-      "rule_name": "Suspicious Data Flow",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm"
-      ],
-      "mitre": "T1041",
-      "playbook": "CRITIQUE: Code lit des credentials et les envoie sur le reseau. Exfiltration probable. Isoler la machine, regenerer tous les secrets.",
-      "points": 3
-    },
-    {
-      "type": "suspicious_dataflow",
-      "severity": "LOW",
-      "message": "Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, fetch, get, post)",
-      "file": "dist\\chunks\\init.B6MLFIaN.js",
-      "count": 1,
-      "unreachable": true,
-      "rule_id": "MUADDIB-FLOW-001",
-      "rule_name": "Suspicious Data Flow",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm"
-      ],
-      "mitre": "T1041",
-      "playbook": "CRITIQUE: Code lit des credentials et les envoie sur le reseau. Exfiltration probable. Isoler la machine, regenerer tous les secrets.",
-      "points": 1
-    },
-    {
-      "type": "suspicious_dataflow",
-      "severity": "MEDIUM",
-      "message": "Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get)",
-      "file": "dist\\module-evaluator.js",
-      "count": 1,
-      "rule_id": "MUADDIB-FLOW-001",
-      "rule_name": "Suspicious Data Flow",
-      "confidence": "high",
-      "references": [
-        "https://blog.phylum.io/shai-hulud-npm-worm"
-      ],
-      "mitre": "T1041",
-      "playbook": "CRITIQUE: Code lit des credentials et les envoie sur le reseau. Exfiltration probable. Isoler la machine, regenerer tous les secrets.",
-      "points": 3
-    }
-  ],
-  "python": null,
-  "summary": {
-    "total": 16,
-    "critical": 0,
-    "high": 2,
-    "medium": 6,
-    "low": 8,
-    "riskScore": 28,
-    "riskLevel": "MEDIUM",
-    "globalRiskScore": 46,
-    "maxFileScore": 20,
-    "packageScore": 0,
-    "mostSuspiciousFile": "dist\\chunks\\cli-api.B7PN_QUv.js",
-    "fileScores": {
-      "dist\\chunks\\cli-api.B7PN_QUv.js": 20,
-      "dist\\chunks\\init.B6MLFIaN.js": 2,
-      "dist\\chunks\\traces.CCmnQaNT.js": 3,
-      "dist\\chunks\\vm.D3epNOPZ.js": 4,
-      "dist\\module-evaluator.js": 17
-    },
-    "breakdown": [
-      {
-        "rule": "MUADDIB-SHELL-002",
-        "type": "reverse_shell",
-        "points": 10,
-        "reason": "JavaScript reverse shell: net.Socket + connect() + pipe to shell process stdin/stdout."
-      },
-      {
-        "rule": "MUADDIB-AST-009",
-        "type": "env_proxy_intercept",
-        "points": 10,
-        "reason": "new Proxy(process.env) detected — intercepts all environment variable access."
-      },
-      {
-        "rule": "MUADDIB-AST-017",
-        "type": "prototype_hook",
-        "points": 3,
-        "reason": "WebSocket.prototype.addEventListener overridden — native API hooking for traffic interception."
-      },
-      {
-        "rule": "MUADDIB-AST-017",
-        "type": "prototype_hook",
-        "points": 3,
-        "reason": "WebSocket.prototype.removeEventListener overridden — native API hooking for traffic interception."
-      },
-      {
-        "rule": "MUADDIB-AST-008",
-        "type": "dynamic_import",
-        "points": 3,
-        "reason": "Dynamic import() with computed argument (possible obfuscation)."
-      },
-      {
-        "rule": "MUADDIB-AST-008",
-        "type": "dynamic_import",
-        "points": 3,
-        "reason": "Dynamic import() with computed argument (possible obfuscation)."
-      },
-      {
-        "rule": "MUADDIB-FLOW-001",
-        "type": "suspicious_dataflow",
-        "points": 3,
-        "reason": "Suspicious flow: credentials read (npm_config_user_agent, process.env[dynamic], process.env[dynamic], npm_config_VITEST_MODULE_DIRECTORIES, process.env[dynamic]) + network send (request, request, net.connect, tls.connect, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, fetch, get, get, get, get, get, get, get, get, get, get, get, get, get, get, request, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get, get)"
-      },
-      {
-        "rule": "MUADDIB-FLOW-001",
-        "type": "suspicious_dataflow",
-        "points": 3,
-        "reason": "Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, get)"
-      },
-      {
-        "rule": "MUADDIB-AST-002",
-        "type": "env_access",
-        "points": 1,
-        "reason": "Dynamic access to process.env (variable key)."
-      },
-      {
-        "rule": "MUADDIB-AST-002",
-        "type": "env_access",
-        "points": 1,
-        "reason": "Dynamic access to process.env (variable key)."
-      },
-      {
-        "rule": "MUADDIB-AST-023",
-        "type": "module_compile",
-        "points": 1,
-        "reason": "module._compile() detected — executes arbitrary code from string in module context (flatmap-stream pattern)."
-      },
-      {
-        "rule": "MUADDIB-AST-025",
-        "type": "module_compile_dynamic",
-        "points": 1,
-        "reason": "In-memory code execution via Module._compile(). Common malware evasion technique."
-      },
-      {
-        "rule": "MUADDIB-AST-019",
-        "type": "require_cache_poison",
-        "points": 1,
-        "reason": "require.cache accessed — module cache poisoning to hijack or replace core Node.js modules."
-      },
-      {
-        "rule": "MUADDIB-AST-006",
-        "type": "dynamic_require",
-        "points": 1,
-        "reason": "Dynamic require() with variable argument (module name obfuscation)."
-      },
-      {
-        "rule": "MUADDIB-AST-002",
-        "type": "env_access",
-        "points": 1,
-        "reason": "Dynamic access to process.env (variable key)."
-      },
-      {
-        "rule": "MUADDIB-FLOW-001",
-        "type": "suspicious_dataflow",
-        "points": 1,
-        "reason": "Suspicious flow: credentials read (process.env[dynamic], process.env[dynamic], process.env[dynamic], process.env[dynamic]) + network send (get, fetch, get, post)"
-      }
-    ]
-  },
-  "sandbox": null
-}