muaddib-scanner 2.6.7 → 2.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/scoring.js +4 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "muaddib-scanner",
3
- "version": "2.6.7",
3
+ "version": "2.6.8",
4
4
  "description": "Supply-chain threat detection & response for npm & PyPI/Python",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/scoring.js CHANGED
@@ -164,7 +164,10 @@ const DIST_BUNDLER_ARTIFACT_TYPES = new Set([
164
164
  'js_obfuscation_pattern', 'vm_code_execution',
165
165
  'module_compile', 'module_compile_dynamic',
166
166
  // P7: env_access in dist/ is bundled SDK config reading, not credential theft
167
- 'env_access'
167
+ 'env_access',
168
+ // P8: Proxy traps in dist/ are state management frameworks (MobX, Vue reactivity, Immer),
169
+ // not malicious data interception. Two-notch downgrade (CRITICAL→MEDIUM, HIGH→LOW).
170
+ 'proxy_data_intercept'
168
171
  ]);
169
172
 
170
173
  // Types exempt from reachability downgrade — IOC matches, lifecycle, and package-level types.