npm - muaddib-scanner - Versions diffs - 2.7.0 → 2.7.4 - Mend

muaddib-scanner 2.7.0 → 2.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +5 -3
package/src/ioc/scraper.js +7 -1
package/src/scanner/ast-detectors.js +33 -1
package/src/scoring.js +4 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.7.0",
+  "version": "2.7.4",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {
@@ -48,8 +48,10 @@
     "acorn": "8.16.0",
     "acorn-walk": "8.3.5",
     "adm-zip": "0.5.16",
-    "js-yaml": "4.1.1",
-    "loadash": "^1.0.0"
+    "js-yaml": "4.1.1"
+  },
+  "overrides": {
+    "loadash": "0.0.0-security"
   },
   "devDependencies": {
     "@eslint/js": "10.0.1",

package/src/ioc/scraper.js CHANGED Viewed

@@ -8,7 +8,7 @@ const IOC_FILE = path.join(__dirname, 'data/iocs.json');
 const COMPACT_IOC_FILE = path.join(__dirname, 'data/iocs-compact.json');
 const HOME_IOC_FILE = path.join(os.homedir(), '.muaddib', 'data', 'iocs.json');
 const STATIC_IOCS_FILE = path.join(__dirname, '../../data/static-iocs.json');
-const { generateCompactIOCs } = require('./updater.js');
+const { generateCompactIOCs, NEVER_WILDCARD } = require('./updater.js');
 const { Spinner } = require('../utils.js');
 const { NPM_PACKAGE_REGEX } = require('../shared/constants.js');
@@ -1146,11 +1146,17 @@ async function runScraper() {
   let addedPackages = 0;
   let upgradedPackages = 0;
   let skippedInvalid = 0;
+  let skippedNeverWildcard = 0;
   for (const pkg of allPackages) {
     if (!validateIOCEntry(pkg.name, pkg.version, 'npm')) {
       skippedInvalid++;
       continue;
     }
+    // Skip wildcard entries for packages that must stay version-specific
+    if (pkg.version === '*' && NEVER_WILDCARD.has(pkg.name)) {
+      skippedNeverWildcard++;
+      continue;
+    }
     const key = pkg.name + '@' + pkg.version;
     if (!dedupMap.has(key)) {
       dedupMap.set(key, pkg);

package/src/scanner/ast-detectors.js CHANGED Viewed

@@ -143,6 +143,22 @@ const MCP_CONFIG_PATHS = [
 // MCP content indicators in written data
 const MCP_CONTENT_PATTERNS = ['mcpServers', '"mcp"', '"server"', '"command"', '"args"'];
+// Sensitive AI config files — writes to these are always suspicious regardless of content.
+// Split into two tiers:
+// - UNIQUE: filenames no legitimate plugin would use (always sensitive)
+// - ROOT_ONLY: generic names (settings.json) that are sensitive ONLY when directly
+//   at config dir root (e.g. ~/.claude/settings.json), not in subdirectories
+//   (e.g. ~/.claude/my-plugin/settings.json which is legitimate plugin config)
+const SENSITIVE_AI_CONFIG_FILES_UNIQUE = [
+  'claude.md', 'claude_desktop_config.json',
+  'mcp.json',
+  '.cursorrules', '.windsurfrules',
+  'copilot-instructions.md'
+];
+const SENSITIVE_AI_CONFIG_FILES_ROOT_ONLY = [
+  'settings.json', 'settings.local.json'
+];
 // Git hooks names
 const GIT_HOOKS = [
   'pre-commit', 'pre-push', 'post-checkout', 'post-merge',
@@ -874,9 +890,25 @@ function handleCallExpression(node, ctx) {
         // Check content argument for MCP-related patterns
         const contentArg = node.arguments[1];
         const contentStr = extractStringValue(contentArg);
+        // Extract filename from path to distinguish sensitive config files from plugin state
+        const mcpFileName = mcpCheckPath.split(/[/\\]/).filter(Boolean).pop() || '';
+        const isUniqueSensitive = SENSITIVE_AI_CONFIG_FILES_UNIQUE.some(f => mcpFileName === f);
+        // For generic names (settings.json), only sensitive at config dir root (1 level deep)
+        // e.g. .claude/settings.json → sensitive, .claude/plugin/settings.json → not sensitive
+        let isRootOnlySensitive = false;
+        if (SENSITIVE_AI_CONFIG_FILES_ROOT_ONLY.some(f => mcpFileName === f)) {
+          const matchedDir = MCP_CONFIG_PATHS.find(p => mcpCheckPath.includes(p.toLowerCase()));
+          if (matchedDir) {
+            const idx = mcpCheckPath.indexOf(matchedDir.toLowerCase());
+            const afterDir = mcpCheckPath.slice(idx + matchedDir.length);
+            // Direct child: no further path separators (e.g. "settings.json", not "sub/settings.json")
+            isRootOnlySensitive = !afterDir.includes('/') && !afterDir.includes('\\');
+          }
+        }
+        const isSensitiveConfigFile = isUniqueSensitive || isRootOnlySensitive;
         const hasContentPattern = contentStr
           ? MCP_CONTENT_PATTERNS.some(p => contentStr.includes(p.replace(/"/g, '')))
-          : true; // dynamic content = suspicious by default for AI config paths
+          : isSensitiveConfigFile; // dynamic content only suspicious for known config files
         if (hasContentPattern) {
           ctx.threats.push({
             type: 'mcp_config_injection',

package/src/scoring.js CHANGED Viewed

@@ -167,7 +167,10 @@ const DIST_BUNDLER_ARTIFACT_TYPES = new Set([
   'env_access',
   // P8: Proxy traps in dist/ are state management frameworks (MobX, Vue reactivity, Immer),
   // not malicious data interception. Two-notch downgrade (CRITICAL→MEDIUM, HIGH→LOW).
-  'proxy_data_intercept'
+  'proxy_data_intercept',
+  // P9: fetch+eval in dist/ is Vite/Webpack code splitting (lazy chunk loading),
+  // not remote code execution. Two-notch downgrade (CRITICAL→MEDIUM, HIGH→LOW).
+  'remote_code_load'
 ]);
 // Types exempt from reachability downgrade — IOC matches, lifecycle, and package-level types.