pkgradar 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nilay Rajderkar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,155 @@
+# pkgradar
+
+A supply-chain scanner that reads the bytes you actually installed, not just the package names.
+
+```
+npx pkgradar
+```
+
+That is the whole thing. One command, no install, no config. It scans your project and every package cache on the machine, and tells you whether anything looks like malware.
+
+## Why this exists
+
+A lot of "supply-chain" CLIs work like this: download a list of advisories, check whether any package *name* in your project appears on it, print a scary verdict. So you run one, and it tells you something like:
+
+```
+Verdict: potential supply-chain exposure - 3 package hits
+  zod-to-json-schema@3.25.2
+  lightningcss-darwin-arm64@1.30.2
+```
+
+...even though `zod-to-json-schema` is a perfectly normal package downloaded millions of times a week, and the version you have was never touched. The advisory just *mentioned* that package's ecosystem. Name matching cannot tell the difference between "this package was trojanized" and "this package shares a name with something in a writeup".
+
+`pkgradar` does the opposite. It opens the files. For every package it finds on disk it checks:
+
+- **Install hooks that detonate.** `preinstall` / `install` / `postinstall` scripts, scored by whether they spawn processes, pipe `curl | bash`, read `~/.npmrc` / `~/.ssh` / `~/.aws/credentials`, or reference `NPM_TOKEN` / `GITHUB_TOKEN` / cloud credentials. (`prepare` is ignored on purpose: it does not run when a package is installed as a dependency.)
+- **Known worm artifacts.** Files like `setup_bun.sh`, `bun_environment.js`, `migrate-repos.sh`, hard-coded Shai-Hulud exfiltration endpoints, and the rest of the Shai-Hulud / "Mini Shai-Hulud" indicator set. A bundled GitHub Actions workflow that runs a piped shell download or exfiltrates secrets is flagged too.
+- **Obfuscated or packed payloads.** The `javascript-obfuscator` `_0x...` fingerprint, `eval` / `new Function` over `atob` / `Buffer.from(base64)`, `child_process` fed from decoded data, large base64 blobs. The "this file is just minified" signals are deliberately demoted so a normal bundled CLI does not drown the report.
+- **Manifest oddities.** `bin` entries pointing outside the package or at a shell script.
+- **Known advisories, precisely (optional).** With `--online` it cross-references [OSV.dev](https://osv.dev) by exact `(name, version)`, so you get real GHSA / CVE IDs instead of name collisions, and each advisory is reported at its own severity, so a moderate ReDoS in a dev tool does not shout as loud as an RCE.
+
+A small curated allowlist (`data/allowlist.json`) downgrades benign-but-trippy findings on famous packages (`vercel`, `corepack`, `core-js`, `esbuild`, and so on) to `INFO`. It never suppresses a hard worm indicator, because "a trusted package suddenly ships a worm" is exactly the attack worth catching.
+
+## How it works
+
+```
+                            npx pkgradar
+                                 |
+                                 v
+   +-----------------------------------------------------------+
+   |  1. DISCOVER STORES                                        |
+   |     where package code is extracted on this machine        |
+   |                                                            |
+   |   project node_modules   pnpm in-project store (.pnpm)     |
+   |   npm global root        npx ephemeral cache (~/.npm/_npx) |
+   |   bun cache              yarn v1 cache    yarn berry zips  |
+   |   pnpm global store                                        |
+   +-----------------------------------------------------------+
+                                 |
+                                 v
+   +-----------------------------------------------------------+
+   |  2. WALK EACH STORE                                        |
+   |     yield every package directory found                    |
+   |     dedupe by  name @ version @ path                       |
+   +-----------------------------------------------------------+
+                                 |
+                                 v
+   +-----------------------------------------------------------+
+   |  3. INSPECT THE BYTES   (per package, budgeted)            |
+   |                                                            |
+   |   +-------------------+   reads package.json scripts       |
+   |   | lifecycle-hook    |   pre/install/postinstall          |
+   |   +-------------------+   scored by what they touch        |
+   |                                                            |
+   |   +-------------------+   walks the package tree           |
+   |   | worm-ioc-file     |   matches known artifact names     |
+   |   | embedded-workflow |   inspects bundled CI workflows    |
+   |   +-------------------+                                    |
+   |                                                            |
+   |   +-------------------+   reads .js files (<= 1.5MB head    |
+   |   | suspicious-js     |   + 96KB tail, <= 24MB per pkg)    |
+   |   +-------------------+   obfuscation / eval / exfil combo  |
+   |                                                            |
+   |   +-------------------+   reads package.json bin           |
+   |   | odd-bin           |                                    |
+   |   +-------------------+                                    |
+   +-----------------------------------------------------------+
+                                 |
+                  +--------------+--------------+
+                  |                             |
+            (--online only)                     |
+                  v                             |
+   +---------------------------+                 |
+   | 4. OSV.dev cross-check    |                 |
+   |    querybatch -> which    |                 |
+   |    pkgs have advisories   |                 |
+   |    then /v1/query each    |                 |
+   |    -> real severity       |                 |
+   +---------------------------+                 |
+                  |                             |
+                  +--------------+--------------+
+                                 |
+                                 v
+   +-----------------------------------------------------------+
+   |  5. ALLOWLIST PASS                                         |
+   |     downgrade benign findings on famous packages to INFO   |
+   |     (never a hard worm indicator)                          |
+   +-----------------------------------------------------------+
+                                 |
+                                 v
+   +-----------------------------------------------------------+
+   |  6. REPORT                                                 |
+   |     verdict line, findings grouped by severity,            |
+   |     coloured badges, evidence paths, what-to-do            |
+   |     exit 0 clean / 1 findings / 2 error                    |
+   +-----------------------------------------------------------+
+```
+
+A finding object looks like this:
+
+```
++------------------------------------------------------+
+| package    name of the package                       |
+| version    version on disk                           |
+| store      which store it was found in               |
+| code       lifecycle-hook | worm-ioc-file |          |
+|            suspicious-js | odd-bin | osv-advisory ... |
+| severity   CRITICAL | HIGH | MEDIUM | LOW | INFO      |
+| message    what tripped, in plain words              |
+| evidence   the file path or script line that did it  |
+| dir        full path to the package on disk          |
++------------------------------------------------------+
+```
+
+## Usage
+
+```bash
+npx pkgradar                 # scan the current project plus every cache on this machine
+npx pkgradar --online        # also cross-check OSV.dev advisories by exact version
+npx pkgradar --min-sev high  # only show HIGH and CRITICAL (good for CI)
+npx pkgradar --json          # machine-readable output
+```
+
+Exit codes: `0` clean, `1` findings at or above `--min-sev`, `2` scanner error. In CI: `npx pkgradar --min-sev high`.
+
+| flag | meaning |
+|---|---|
+| `--online` | also query OSV.dev for known advisories (needs network) |
+| `--json` | machine-readable output |
+| `--min-sev LEVEL` | `critical`, `high`, `medium`, `low`, `info` (default `medium`) |
+| `--stores LIST` | limit to `project,pnpm-project,npm-global,npx-cache,bun-cache,yarn-cache,yarn-berry` |
+| `--no-allowlist` | do not downgrade findings on well-known packages |
+| `--max-depth N` | max `node_modules` nesting depth (default `12`) |
+| `--cwd DIR` | project directory to scan (default `.`) |
+
+## What it is not
+
+These are heuristics. They surface candidates, not verdicts. A clean run means "nothing tripped the checks on the bytes that are present", not "this is proven safe". A finding on a big bundled CLI is often a false positive, which is what the allowlist is for. A finding with a worm indicator string or a `curl | bash` postinstall is not a false positive. Read the evidence line, then decide.
+
+Current coverage gaps, on the roadmap: yarn-berry packages are matched by name only (the zip archives are not opened yet), the pnpm global store and the npm `_cacache` tarballs are not extracted and scanned, and there is no npm-provenance / attestation check or typosquat-distance check yet.
+
+`pkgradar` reads files only. It never executes any package code, install script, or workflow. Zero runtime dependencies, Node 18 or newer, built-ins only, which feels right for a tool you are meant to trust about your dependencies.
+
+## License
+
+MIT

package/bin/pkgradar.js

@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+'use strict';
+const os = require('os');
+const { scan, SEV } = require('../lib/scan');
+
+const args = process.argv.slice(2);
+const has = (f) => args.includes(f);
+const val = (f, d) => { const i = args.indexOf(f); return i >= 0 && args[i + 1] ? args[i + 1] : d; };
+
+if (has('-h') || has('--help')) {
+  console.log(`pkgradar  -  content-based supply-chain scanner for npm / pnpm / yarn / bun
+
+It opens the package files you actually installed and looks for what malware
+does (install hooks, obfuscated payloads, known worm artifacts), instead of
+just matching package names against an advisory list.
+
+USAGE
+  npx pkgradar [options]
+
+OPTIONS
+  --online            also cross-reference OSV.dev for known advisories (network)
+  --json              machine-readable output
+  --min-sev LEVEL     report findings at or above LEVEL
+                      critical | high | medium | low | info        [default: medium]
+  --stores LIST       comma list to limit which stores are scanned
+                      project, pnpm-project, npm-global, npx-cache,
+                      bun-cache, yarn-cache, yarn-berry
+  --no-allowlist      do not downgrade findings on well-known packages
+  --max-depth N       max node_modules nesting depth                [default: 12]
+  --cwd DIR           project directory to scan                     [default: .]
+  -h, --help
+
+EXIT CODES
+  0  clean       1  findings at or above --min-sev       2  scanner error
+`);
+  process.exit(0);
+}
+
+const SEV_FROM_NAME = { critical: SEV.CRITICAL, high: SEV.HIGH, medium: SEV.MEDIUM, low: SEV.LOW, info: SEV.INFO };
+const minSevName = (val('--min-sev', 'medium') || 'medium').toLowerCase();
+const minSev = SEV_FROM_NAME[minSevName] ?? SEV.MEDIUM;
+
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const e = (code) => useColor ? `\x1b[${code}m` : '';
+const wrap = (code) => (s) => useColor ? `\x1b[${code}m${s}\x1b[0m` : `${s}`;
+const C = {
+  bold: wrap('1'), dim: wrap('2'), red: wrap('31'), grn: wrap('32'), ylw: wrap('33'),
+  blu: wrap('34'), mag: wrap('35'), cyan: wrap('36'), gray: wrap('90'),
+};
+// severity badge: white text on a coloured background, padded
+const badge = (sev) => {
+  const bg = { CRITICAL: '41', HIGH: '45', MEDIUM: '43', LOW: '100', INFO: '100' }[sev] || '100';
+  const fg = sev === 'MEDIUM' ? '30' : '97';
+  const label = ` ${sev} `.padEnd(10);
+  return useColor ? `\x1b[${bg};${fg};1m${label}\x1b[0m` : `[${sev}]`.padEnd(10);
+};
+const SEV_TEXT = { CRITICAL: C.red, HIGH: C.mag, MEDIUM: C.ylw, LOW: C.gray, INFO: C.gray };
+const homeShort = (p) => (p && p.startsWith(os.homedir())) ? '~' + p.slice(os.homedir().length) : p;
+
+function rule(ch = '─', n = 64) { return C.gray(ch.repeat(n)); }
+
+(async () => {
+  let res;
+  const started = Date.now();
+  try {
+    res = await scan({
+      cwd: val('--cwd', process.cwd()),
+      online: has('--online'),
+      minSev,
+      maxDepth: parseInt(val('--max-depth', '12'), 10) || 12,
+      stores: (val('--stores', '') || '').split(',').map((s) => s.trim()).filter(Boolean),
+      noAllowlist: has('--no-allowlist'),
+    });
+  } catch (err) {
+    console.error(C.red('pkgradar error: ') + (err && err.stack || err));
+    process.exit(2);
+  }
+  const secs = ((Date.now() - started) / 1000).toFixed(1);
+
+  if (has('--json')) {
+    console.log(JSON.stringify({ ...res, durationSeconds: Number(secs) }, null, 2));
+    process.exit(res.findings.some((f) => f.sevNum >= minSev) ? 1 : 0);
+  }
+
+  const counts = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0, INFO: 0 };
+  for (const f of res.findings) counts[f.severity]++;
+  const localFindings = res.findings.filter((f) => f.code !== 'osv-advisory');
+  const osvFindings = res.findings.filter((f) => f.code === 'osv-advisory');
+  const hits = res.findings.length;
+  const worst = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'].find((k) => counts[k]) || null;
+
+  // ---- header ----
+  console.log('');
+  console.log(`  ${C.bold('pkgradar')} ${C.gray('v' + require('../package.json').version)}   ${C.gray('content-based supply-chain scan')}`);
+  console.log(`  ${C.gray('project')} ${homeShort(res.cwd)}   ${C.gray(res.stores.length + ' stores, ' + secs + 's')}`);
+  console.log('');
+
+  // ---- stores table ----
+  const nameW = Math.max(...res.stores.map((s) => s.kind.length), 6);
+  for (const s of res.stores) {
+    console.log(`  ${C.cyan(s.kind.padEnd(nameW))}  ${C.dim(String(s.packages).padStart(5) + ' pkgs')}  ${C.gray(homeShort(s.root))}`);
+  }
+  console.log(`  ${C.gray('total:')} ${C.bold(res.totalPackages)} ${C.gray('unique package@version,')} ${C.bold(res.totalScanned)} ${C.gray('locations inspected')}`);
+  if (res.osv && res.osv.error) console.log(`  ${C.ylw('OSV lookup failed:')} ${C.dim(res.osv.error)}`);
+  if (!res.osv && !has('--online')) console.log(`  ${C.gray('tip: add')} ${C.dim('--online')} ${C.gray('to also cross-check known advisories on OSV.dev')}`);
+  console.log('');
+
+  // ---- verdict line ----
+  if (!hits) {
+    console.log(`  ${C.grn('●')} ${C.bold('Verdict:')} ${C.grn('clean')} ${C.gray('- nothing tripped the heuristics at')} ${C.dim(minSevName)} ${C.gray('and above')}`);
+    console.log(`  ${C.gray('  (this inspects installed bytes; a clean run is not a proof of safety)')}`);
+    console.log('');
+    process.exit(0);
+  }
+  const summaryBits = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'].filter((k) => counts[k]).map((k) => SEV_TEXT[k](`${counts[k]} ${k.toLowerCase()}`));
+  const dot = worst === 'CRITICAL' || worst === 'HIGH' ? C.red('●') : worst === 'MEDIUM' ? C.ylw('●') : C.gray('●');
+  console.log(`  ${dot} ${C.bold('Verdict:')} ${C.bold(hits + (hits === 1 ? ' finding' : ' findings'))}  ${C.gray('(')}${summaryBits.join(C.gray(', '))}${C.gray(')')}`);
+  if (localFindings.length && osvFindings.length) {
+    console.log(`  ${C.gray('  ' + localFindings.length + ' from inspecting installed code, ' + osvFindings.length + ' known advisories (OSV.dev)')}`);
+  }
+  console.log('');
+
+  // ---- findings, grouped by severity, local first then OSV ----
+  const ORDER = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO'];
+  const printGroup = (title, list) => {
+    if (!list.length) return;
+    console.log(`  ${rule()}`);
+    console.log(`  ${C.bold(title)}`);
+    console.log('');
+    list.sort((a, b) => b.sevNum - a.sevNum || a.package.localeCompare(b.package));
+    for (const f of list) {
+      console.log(`  ${badge(f.severity)} ${C.bold(f.package + '@' + f.version)}  ${C.gray(f.store)}  ${C.cyan(f.code)}`);
+      console.log(`     ${f.message}`);
+      if (f.evidence) console.log(`     ${C.gray('→ ' + f.evidence)}`);
+      if (f.note) console.log(`     ${C.gray('note: ' + f.note)}`);
+      if (f.dir) console.log(`     ${C.gray(homeShort(f.dir))}`);
+      console.log('');
+    }
+  };
+  printGroup('From inspecting installed code', localFindings);
+  printGroup('Known advisories (OSV.dev)', osvFindings);
+
+  // ---- next steps ----
+  console.log(`  ${rule()}`);
+  console.log(`  ${C.bold('What to do')}`);
+  if (counts.CRITICAL || counts.HIGH) {
+    console.log(`  ${C.red('•')} Treat ${C.bold('CRITICAL / HIGH "installed code" findings')} as suspect: do not run install`);
+    console.log(`    scripts, remove the package, clear the relevant cache, and rotate any npm /`);
+    console.log(`    GitHub / cloud tokens this machine has held.`);
+  }
+  console.log(`  ${C.gray('•')} Check a flagged version against the registry: ${C.dim('npm view <pkg> versions')} ${C.gray('and look at')}`);
+  console.log(`    ${C.gray('publish dates and provenance.')}`);
+  if (osvFindings.length) console.log(`  ${C.gray('•')} OSV findings are the usual "known CVE in a dependency" set: ${C.dim('npm audit fix')} ${C.gray('/ bump.')}`);
+  if (!has('--online')) console.log(`  ${C.gray('•')} Re-run with ${C.dim('--online')} ${C.gray('to add OSV.dev advisory matching by exact version.')}`);
+  console.log('');
+
+  process.exit(res.findings.some((f) => f.sevNum >= minSev) ? 1 : 0);
+})();

package/data/allowlist.json

@@ -0,0 +1,16 @@
+{
+  "_comment": "Packages whose own first-party code is widely audited and known to trip the heuristics for benign reasons (bundled CLIs that read env tokens + hit the network, funding-message postinstalls, etc.). Findings on these are downgraded to INFO with a note. Match is by exact package name or by '@scope/' prefix entries ending in '/*'. Keep this list conservative — it is the one place a real compromise could hide, so entries should be famous, high-visibility packages only.",
+  "names": [
+    "core-js", "core-js-pure", "core-js-compat",
+    "esbuild", "@esbuild/*",
+    "vercel", "@vercel/*", "create-next-app", "next", "@next/*",
+    "corepack", "npm", "@npmcli/*", "pnpm", "yarn",
+    "d3", "d3-array", "d3-scale", "@edge-runtime/*",
+    "webpack", "rollup", "vite", "turbo", "@turbo/*",
+    "typescript", "ts-node", "tsx",
+    "playwright", "playwright-core", "@playwright/*", "puppeteer", "puppeteer-core",
+    "sharp", "@img/*",
+    "@sentry/*", "@clerk/*", "firebase", "@firebase/*", "aws-sdk", "@aws-sdk/*",
+    "node-gyp", "prebuild-install", "node-pre-gyp", "@mapbox/node-pre-gyp"
+  ]
+}

package/lib/checks.js

@@ -0,0 +1,228 @@
+'use strict';
+// Content-based heuristics. Each check inspects the bytes actually on disk for one
+// package and returns zero or more findings: { sev, code, msg, evidence }.
+const fs = require('fs');
+const path = require('path');
+
+const SEV = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1, INFO: 0 };
+
+// ---- Known Shai-Hulud / Mini-Shai-Hulud worm indicators (filenames & content markers) ----
+const WORM_FILENAMES = [
+  'setup_bun.sh', 'setup_bun.js', 'bun_environment.js',
+  'shai-hulud-workflow.yml', 'shai-hulud.yaml', 'shai-hulud.yml',
+  'processor.sh', 'migrate-repos.sh', 'cloud.json', 'contents.json', 'environment.json',
+  'truffleSecrets.json', 'actionsSecrets.json',
+];
+// High-confidence exfiltration endpoints / payload constants seen in Shai-Hulud-family
+// worms. A mention of the string "shai-hulud" alone is NOT here on purpose — security
+// tools (including this one) legitimately contain that word.
+const WORM_HARD_MARKERS = [
+  'webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7',
+  'eyJ3ZWJob29rIjp7InVybCI6', // base64 of the worm's config preamble
+  'hxxps://', // defanged URL only ever appears in payloads, never real code
+];
+// "Soft" markers: only meaningful when several co-occur in one file.
+const WORM_SOFT_MARKERS = [
+  'shai-hulud', 'Shai-Hulud', 'shaihulud',
+  'truffleSecrets', 'actionsSecrets', 'NpmModuleListWebhook',
+  'migrate-repos', 'setup_bun', 'bun_environment',
+];
+const SECRET_NAMES = [
+  'NPM_TOKEN', 'NPM_CONFIG_TOKEN', 'NODE_AUTH_TOKEN', 'GITHUB_TOKEN', 'GH_TOKEN', 'GHP_',
+  'AWS_ACCESS_KEY', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN',
+  'GCP_', 'GOOGLE_APPLICATION_CREDENTIALS', 'AZURE_', 'DIGITALOCEAN_TOKEN',
+  'SLACK_TOKEN', 'STRIPE_', 'OPENAI_API_KEY', 'ANTHROPIC_API_KEY',
+];
+const NET_TOKENS = ['curl ', 'wget ', 'http://', 'https://', 'fetch(', 'net.connect', 'dns.lookup', 'request(', 'axios', 'XMLHttpRequest'];
+const EXEC_TOKENS = ['child_process', 'execSync', 'spawnSync', 'exec(', 'spawn(', 'node -e', 'node --eval', 'eval(', 'Function(', 'vm.runInThisContext'];
+const ENCODE_TOKENS = ['base64 -d', "from('", 'Buffer.from(', 'atob(', 'fromCharCode', 'unescape('];
+
+function readSafe(p, max = 2_000_000) {
+  try {
+    const st = fs.statSync(p);
+    if (st.size > max) return { truncated: true, text: fs.readFileSync(p, 'utf8').slice(0, max), size: st.size };
+    return { truncated: false, text: fs.readFileSync(p, 'utf8'), size: st.size };
+  } catch { return null; }
+}
+
+// 1. Lifecycle install hooks (the #1 detonation vector)
+function checkLifecycleHooks(pkg) {
+  const out = [];
+  const s = (pkg.manifest && pkg.manifest.scripts) || {};
+  // Only the hooks that fire when a package is installed *as a dependency from the
+  // registry*. `prepare` is excluded: it only runs on local installs / git deps.
+  const HOOKS = ['preinstall', 'install', 'postinstall'];
+  for (const h of HOOKS) {
+    const cmd = s[h];
+    if (!cmd) continue;
+    const c = cmd.trim();
+    // common, well-known native-build / tooling hooks
+    const benign = /^(node-gyp\b|prebuild-install\b|node-pre-gyp\b|cmake-js\b|napi\b|neon\b|install-from-cache\b|node-waf\b|husky\b|patch-package\b|opencollective\b|node-pre-gyp\b)/.test(c)
+      || /^(node\s+)?(scripts\/)?install(\.js)?$/.test(c)
+      || /^(ng-?ccc?|ngcc)\b/.test(c);
+    const hits = new Set();
+    for (const t of [...NET_TOKENS, ...EXEC_TOKENS, ...ENCODE_TOKENS]) if (cmd.includes(t)) hits.add(t);
+    for (const t of SECRET_NAMES) if (cmd.toUpperCase().includes(t)) hits.add(t);
+    if (cmd.includes('.npmrc') || cmd.includes('/.ssh/') || cmd.includes('.aws/credentials')) hits.add('credential-file');
+    const piped = /\b(curl|wget|fetch)\b[^|;&]*[|;&]+\s*(ba|z|d)?sh\b/.test(cmd) || /\|\s*node\b/.test(cmd);
+
+    let sev;
+    if (hits.size >= 3 || piped) sev = SEV.CRITICAL;
+    else if (hits.size >= 1) sev = SEV.HIGH;
+    else if (benign) sev = SEV.INFO;
+    else sev = SEV.LOW; // an unrecognised install hook — worth a glance, not an alarm
+    out.push({ sev, code: 'lifecycle-hook', msg: `${h} script${hits.size ? ', touches: ' + [...hits].join(', ') : (benign ? ' (recognised build tool)' : ' (unrecognised command)')}`, evidence: `"${h}": ${cmd.slice(0, 240)}` });
+  }
+  return out;
+}
+
+// 2. Worm IOC files sitting inside the package
+function checkWormFiles(pkg) {
+  if (!pkg.dir) return [];
+  const out = [];
+  const stack = [pkg.dir];
+  let budget = 4000;
+  while (stack.length && budget-- > 0) {
+    const d = stack.pop();
+    let ents;
+    try { ents = fs.readdirSync(d, { withFileTypes: true }); } catch { continue; }
+    for (const e of ents) {
+      if (e.name === 'node_modules') continue;
+      const full = path.join(d, e.name);
+      if (e.isDirectory()) { stack.push(full); continue; }
+      const low = e.name.toLowerCase();
+      if (WORM_FILENAMES.some((w) => low === w.toLowerCase())) {
+        out.push({ sev: SEV.CRITICAL, code: 'worm-ioc-file', msg: `known worm artifact file: ${e.name}`, evidence: path.relative(pkg.dir, full) });
+      }
+      if (/(^|[\\/])\.github[\\/]workflows([\\/]|$)/.test(d) && /\.ya?ml$/i.test(low)) {
+        // Many legit packages publish their whole repo (incl. .github). On its own this
+        // is barely a signal, so it is INFO. A *malicious* workflow file would also be
+        // caught by name (worm-ioc-file) or by content checks.
+        const wf = readSafe(full, 200_000);
+        const nasty = wf && /\b(curl|wget)\b[^|;&\n]*[|;&]+\s*(ba|z|d)?sh\b|secrets\.[A-Z_]+\b[\s\S]{0,80}(curl|nc |bash -c|http)/.test(wf.text);
+        out.push(nasty
+          ? { sev: SEV.CRITICAL, code: 'malicious-gh-workflow', msg: `bundled GitHub Actions workflow runs a piped shell download / exfiltrates secrets`, evidence: path.relative(pkg.dir, full) }
+          : { sev: SEV.INFO, code: 'embedded-gh-workflow', msg: `package ships a GitHub Actions workflow (${e.name})`, evidence: path.relative(pkg.dir, full) });
+      }
+    }
+  }
+  return out;
+}
+
+// 3. Obfuscated / packed JS payload heuristics on the package's own JS
+function checkObfuscation(pkg) {
+  if (!pkg.dir) return [];
+  const out = [];
+  // Collect candidate JS files, then scan them under a strict per-package budget so a
+  // package full of huge vendored bundles (typescript.js, lighthouse bundles, …) can't
+  // make a scan run for minutes.
+  const files = [];
+  const stack = [pkg.dir];
+  let dirBudget = 3000;
+  while (stack.length && dirBudget-- > 0 && files.length < 200) {
+    const d = stack.pop();
+    let ents; try { ents = fs.readdirSync(d, { withFileTypes: true }); } catch { continue; }
+    for (const e of ents) {
+      if (e.name === 'node_modules' || e.name === 'test' || e.name === 'tests' || e.name === '__tests__' || e.name === 'fixtures') continue;
+      const full = path.join(d, e.name);
+      if (e.isDirectory()) { stack.push(full); continue; }
+      if (/\.(c|m)?js$/.test(e.name)) { files.push(full); if (files.length >= 200) break; }
+    }
+  }
+  const PER_FILE = 1_500_000;        // scan at most the first 1.5MB of any one file
+  const TAIL = 96 * 1024;            // ...plus the last 96KB (payloads are often appended)
+  let pkgByteBudget = 24_000_000;    // ...and at most ~24MB across the whole package
+  for (const f of files) {
+    if (pkgByteBudget <= 0) break;
+    let st; try { st = fs.statSync(f); } catch { continue; }
+    let t, truncated = false;
+    if (st.size > PER_FILE) {
+      truncated = true;
+      // big file: scan head + tail only
+      let head = '', tail = '';
+      try {
+        const fd = fs.openSync(f, 'r');
+        const hb = Buffer.alloc(Math.min(PER_FILE, st.size)); fs.readSync(fd, hb, 0, hb.length, 0); head = hb.toString('utf8');
+        const tb = Buffer.alloc(Math.min(TAIL, st.size)); fs.readSync(fd, tb, 0, tb.length, st.size - tb.length); tail = tb.toString('utf8');
+        fs.closeSync(fd);
+      } catch { continue; }
+      t = head + '\n' + tail;
+      pkgByteBudget -= (head.length + tail.length);
+    } else {
+      const r = readSafe(f, PER_FILE);
+      if (!r) continue;
+      t = r.text;
+      pkgByteBudget -= st.size;
+    }
+    const strong = [];   // each strong reason alone is reportable
+    const weak = [];      // weak reasons only matter in combination
+    let critical = false;
+
+    // --- hard worm markers: any one => critical ---
+    for (const m of WORM_HARD_MARKERS) if (t.includes(m)) { strong.push(`worm IOC string: ${m}`); critical = true; }
+    // --- soft worm markers: need >=3 distinct in one file (so a tool's advisory text won't trip it) ---
+    const softHits = WORM_SOFT_MARKERS.filter((m) => t.includes(m));
+    if (softHits.length >= 3) { strong.push(`co-occurring worm terms: ${softHits.slice(0, 6).join(', ')}`); }
+    else if (softHits.length) weak.push(`worm term(s): ${softHits.join(', ')}`);
+
+    // --- javascript-obfuscator signature ---
+    const hexIds = (t.match(/_0x[a-f0-9]{4,6}\b/g) || []).length;
+    if (hexIds > 80) strong.push(`${hexIds} _0x… mangled identifiers (javascript-obfuscator)`);
+    else if (hexIds > 20) weak.push(`${hexIds} _0x… identifiers`);
+
+    // --- code building & executing decoded data dynamically ---
+    if (/(eval|new Function|Function\()\s*\(?\s*(atob|Buffer\.from\s*\([^)]*base64|unescape|decodeURIComponent)/.test(t)) strong.push('constructs & executes decoded payload (eval/Function over atob/Buffer.from)');
+    if (/\bchild_process\b[\s\S]{0,400}\b(atob|Buffer\.from\s*\([^)]*base64)/.test(t)) strong.push('spawns a process from decoded data');
+
+    // --- weak structural signals (modern bundlers do these constantly) ---
+    const longest = t.split('\n').reduce((m, l) => Math.max(m, l.length), 0);
+    const minified = longest > 20000;
+    if (minified && !/sourceMappingURL/.test(t.slice(-400))) weak.push(`minified (${longest.toLocaleString()}-char line, no sourcemap)`);
+    const b64big = (t.match(/['"`][A-Za-z0-9+/]{1200,}={0,2}['"`]/g) || []).length;
+    if (b64big) weak.push(`${b64big} large base64 literal(s)`);
+    const readsSecret = SECRET_NAMES.some((n) => t.includes(n)) || /['"`][^'"`]*\.npmrc/.test(t) || t.includes('/.ssh/id_') || t.includes('.aws/credentials') || t.includes('.config/gh/hosts');
+    const doesNet = /(fetch\s*\(|https?\.(get|request)\s*\(|new XMLHttpRequest|net\.connect|dgram\.)/.test(t)
+      && /https?:\/\/(?!(registry\.npmjs\.org|nodejs\.org|raw\.githubusercontent\.com|api\.github\.com))[\w.-]+/.test(t);
+    if (readsSecret) weak.push('references credential file/env names');
+    if (doesNet) weak.push('makes an outbound network call to a non-package-registry host');
+
+    // --- decide ---
+    const reasons = [...strong, ...weak];
+    let sev = null;
+    if (critical) sev = SEV.CRITICAL;
+    else if (strong.length) sev = SEV.HIGH;
+    else if (readsSecret && doesNet && (minified || b64big || hexIds > 20)) sev = SEV.HIGH; // creds + net + obfuscation
+    else if (weak.length >= 3) sev = SEV.MEDIUM;
+    // (minified-alone, base64-alone, single weak signal => not reported: too noisy)
+    if (sev != null) {
+      out.push({ sev, code: 'suspicious-js', msg: reasons.join('; '), evidence: path.relative(pkg.dir, f) + (truncated ? ` (${(st.size / 1e6).toFixed(1)}MB file, scanned head ${(PER_FILE / 1e6).toFixed(1)}MB + tail ${(TAIL / 1024) | 0}KB)` : '') });
+    }
+  }
+  return out;
+}
+
+// 4. Manifest oddities (cheap, offline)
+function checkManifestAnomalies(pkg) {
+  const out = [];
+  const m = pkg.manifest || {};
+  // bin pointing outside the package, or to a shell script
+  if (m.bin) {
+    const bins = typeof m.bin === 'string' ? { [m.name]: m.bin } : m.bin;
+    for (const [k, v] of Object.entries(bins)) {
+      if (typeof v === 'string' && (v.includes('..') || /\.(sh|bat|cmd|ps1)$/.test(v))) {
+        out.push({ sev: SEV.MEDIUM, code: 'odd-bin', msg: `bin "${k}" -> ${v}`, evidence: 'package.json#bin' });
+      }
+    }
+  }
+  return out;
+}
+
+function runAll(pkg) {
+  const findings = [];
+  for (const fn of [checkLifecycleHooks, checkWormFiles, checkManifestAnomalies, checkObfuscation]) {
+    try { findings.push(...fn(pkg)); } catch (e) { /* ignore per-check failure */ }
+  }
+  return findings;
+}
+
+module.exports = { runAll, SEV };

package/lib/osv.js

@@ -0,0 +1,100 @@
+'use strict';
+// Optional online cross-reference against OSV.dev — precise (package, version) matching,
+// no API key. Used only when --online is passed. Two phases:
+//   1. /v1/querybatch  — fast: which (name@version) have advisories at all
+//   2. /v1/query       — for just those packages, fetch full vuln objects so we can
+//                        read each advisory's real severity instead of blanket-HIGH.
+const https = require('https');
+
+function request(method, host, pathname, body) {
+  return new Promise((resolve, reject) => {
+    const data = body ? Buffer.from(JSON.stringify(body)) : null;
+    const headers = data ? { 'content-type': 'application/json', 'content-length': data.length } : {};
+    const req = https.request({ host, path: pathname, method, headers }, (res) => {
+      const chunks = [];
+      res.on('data', (c) => chunks.push(c));
+      res.on('end', () => {
+        const txt = Buffer.concat(chunks).toString('utf8');
+        if (res.statusCode >= 400) return reject(new Error(`OSV ${res.statusCode} ${pathname}`));
+        try { resolve(JSON.parse(txt)); } catch (e) { reject(e); }
+      });
+    });
+    req.on('error', reject);
+    req.setTimeout(15000, () => req.destroy(new Error('OSV request timed out')));
+    if (data) req.end(data); else req.end();
+  });
+}
+
+// CVSS v3 vector -> approximate numeric base score is non-trivial; instead bucket by the
+// vector's impact + exploitability shape. Good enough to pick LOW/MEDIUM/HIGH/CRITICAL.
+function bucketFromCvssVector(vec) {
+  if (!vec || typeof vec !== 'string') return null;
+  const m = Object.fromEntries(vec.split('/').map((p) => p.split(':')).filter((a) => a.length === 2));
+  const impactHigh = ['C', 'I', 'A'].filter((k) => m[k] === 'H').length;
+  const network = m.AV === 'N';
+  const noPriv = m.PR === 'N' || m.PR === undefined;
+  const noUI = m.UI === 'N' || m.UI === undefined;
+  if (impactHigh >= 2 && network && noPriv && noUI) return 'CRITICAL';
+  if (impactHigh >= 1 && network && noPriv) return 'HIGH';
+  if (impactHigh >= 1) return 'MEDIUM';
+  return 'LOW';
+}
+
+function severityOfVuln(v) {
+  const ds = v.database_specific && (v.database_specific.severity || v.database_specific.cvss);
+  if (typeof ds === 'string') {
+    const s = ds.toUpperCase();
+    if (s.startsWith('CRIT')) return 'CRITICAL';
+    if (s === 'HIGH') return 'HIGH';
+    if (s === 'MODERATE' || s === 'MEDIUM') return 'MEDIUM';
+    if (s === 'LOW') return 'LOW';
+  }
+  for (const s of v.severity || []) {
+    if (typeof s.score === 'string') {
+      const num = parseFloat(s.score);
+      if (!Number.isNaN(num) && /^\d/.test(s.score.trim())) {
+        if (num >= 9) return 'CRITICAL';
+        if (num >= 7) return 'HIGH';
+        if (num >= 4) return 'MEDIUM';
+        return 'LOW';
+      }
+      const b = bucketFromCvssVector(s.score);
+      if (b) return b;
+    }
+  }
+  return 'MEDIUM'; // unknown -> don't over- or under-claim
+}
+
+// pkgs: [{name, version}]. Returns Map "name@version" -> [{ id, severity, summary }]
+async function queryOSV(pkgs) {
+  const uniq = new Map();
+  for (const p of pkgs) if (p.name && p.version) uniq.set(`${p.name}@${p.version}`, p);
+  const entries = [...uniq.values()];
+
+  // phase 1: which entries have anything
+  const affected = [];
+  for (let i = 0; i < entries.length; i += 900) {
+    const batch = entries.slice(i, i + 900);
+    const resp = await request('POST', 'api.osv.dev', '/v1/querybatch', {
+      queries: batch.map((p) => ({ package: { ecosystem: 'npm', name: p.name }, version: p.version })),
+    });
+    (resp.results || []).forEach((r, idx) => { if ((r.vulns || []).length) affected.push(batch[idx]); });
+  }
+
+  // phase 2: full details for affected packages only (bounded concurrency)
+  const result = new Map();
+  const queue = affected.slice();
+  const worker = async () => {
+    for (let p; (p = queue.shift()); ) {
+      try {
+        const resp = await request('POST', 'api.osv.dev', '/v1/query', { package: { ecosystem: 'npm', name: p.name }, version: p.version });
+        const vulns = (resp.vulns || []).map((v) => ({ id: v.id, severity: severityOfVuln(v), summary: v.summary || '' }));
+        if (vulns.length) result.set(`${p.name}@${p.version}`, vulns);
+      } catch { /* skip this one */ }
+    }
+  };
+  await Promise.all(Array.from({ length: Math.min(8, queue.length) }, worker));
+  return result;
+}
+
+module.exports = { queryOSV };

package/lib/scan.js

@@ -0,0 +1,86 @@
+'use strict';
+const { discoverStores, packagesInStore } = require('./stores');
+const { runAll, SEV } = require('./checks');
+const { queryOSV } = require('./osv');
+
+const SEV_NAME = { 4: 'CRITICAL', 3: 'HIGH', 2: 'MEDIUM', 1: 'LOW', 0: 'INFO' };
+
+let ALLOW_EXACT = new Set(), ALLOW_SCOPES = [];
+try {
+  const a = require('../data/allowlist.json');
+  for (const n of a.names || []) { if (n.endsWith('/*')) ALLOW_SCOPES.push(n.slice(0, -1)); else ALLOW_EXACT.add(n); }
+} catch { /* allowlist optional */ }
+function isAllowlisted(name) {
+  if (ALLOW_EXACT.has(name)) return true;
+  return ALLOW_SCOPES.some((s) => name.startsWith(s));
+}
+
+async function scan(opts = {}) {
+  const cwd = opts.cwd || process.cwd();
+  const stores = discoverStores(cwd);
+  const kindFilter = Array.isArray(opts.stores) && opts.stores.length ? new Set(opts.stores) : null;
+  const storeStats = [];
+  const seen = new Map();        // "name@version@dir" -> pkg (dedupe)
+  const findings = [];
+  const allPkgList = [];
+
+  for (const store of stores) {
+    if (kindFilter && !kindFilter.has(store.kind)) continue;
+    let count = 0;
+    for (const pkg of packagesInStore(store, { maxDepth: opts.maxDepth })) {
+      count++;
+      const key = `${pkg.name}@${pkg.version}@${pkg.dir || store.root}`;
+      if (seen.has(key)) continue;
+      seen.set(key, pkg);
+      allPkgList.push({ name: pkg.name, version: pkg.version });
+      if (pkg.archiveOnly) continue; // can't inspect bytes inside a yarn-berry zip
+      const allow = !opts.noAllowlist && isAllowlisted(pkg.name);
+      for (const f of runAll(pkg)) {
+        let sev = f.sev, note;
+        // allowlist downgrades benign-looking findings — but NEVER suppresses a hard worm
+        // IOC (worm-ioc-file / CRITICAL suspicious-js), since that's the compromise case.
+        if (allow && sev < SEV.CRITICAL) { sev = SEV.INFO; note = 'allowlisted package, heuristic likely benign; review only if context warrants'; }
+        if (sev < (opts.minSev ?? SEV.MEDIUM)) continue;
+        findings.push({
+          severity: SEV_NAME[sev], sevNum: sev, code: f.code, message: f.msg, evidence: f.evidence,
+          package: pkg.name, version: pkg.version, store: store.kind, dir: pkg.dir, note,
+        });
+      }
+    }
+    storeStats.push({ kind: store.kind, root: store.root, note: store.note, packages: count });
+  }
+
+  let osv = null;
+  if (opts.online) {
+    try {
+      const map = await queryOSV(allPkgList);
+      osv = [];
+      const SEV_RANK = { CRITICAL: SEV.CRITICAL, HIGH: SEV.HIGH, MEDIUM: SEV.MEDIUM, LOW: SEV.LOW };
+      for (const [nv, vulns] of map) {
+        const [name, version] = splitNV(nv);
+        const top = vulns.reduce((m, v) => Math.max(m, SEV_RANK[v.severity] ?? SEV.MEDIUM), SEV.LOW);
+        const bySev = {};
+        for (const v of vulns) bySev[v.severity] = (bySev[v.severity] || 0) + 1;
+        const breakdown = ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'].filter((k) => bySev[k]).map((k) => `${bySev[k]} ${k.toLowerCase()}`).join(', ');
+        const ids = vulns.map((v) => v.id);
+        findings.push({
+          severity: SEV_NAME[top], sevNum: top, code: 'osv-advisory',
+          message: `${vulns.length} OSV ${vulns.length === 1 ? 'advisory' : 'advisories'} (${breakdown}): ${ids.slice(0, 8).join(', ')}${ids.length > 8 ? ', …' : ''}`,
+          evidence: 'https://osv.dev/' + ids.find((id) => vulns.find((v) => v.id === id && SEV_RANK[v.severity] === top)),
+          package: name, version, store: 'registry', dir: null,
+        });
+        osv.push({ package: name, version, advisories: vulns });
+      }
+    } catch (e) {
+      osv = { error: e.message };
+    }
+  }
+
+  findings.sort((a, b) => b.sevNum - a.sevNum || a.package.localeCompare(b.package));
+  const totalPackages = [...new Set(allPkgList.map((p) => `${p.name}@${p.version}`))].length;
+  return { cwd, stores: storeStats, totalPackages, totalScanned: seen.size, findings, osv };
+}
+
+function splitNV(nv) { const i = nv.lastIndexOf('@'); return [nv.slice(0, i), nv.slice(i + 1)]; }
+
+module.exports = { scan, SEV };

package/lib/stores.js

@@ -0,0 +1,96 @@
+'use strict';
+// Discover every place a JS package manager leaves extracted package code, and
+// iterate the packages found there.
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const cp = require('child_process');
+
+const exists = (p) => { try { fs.accessSync(p); return true; } catch { return false; } };
+const readdir = (p) => { try { return fs.readdirSync(p, { withFileTypes: true }); } catch { return []; } };
+const sh = (cmd) => { try { return cp.execSync(cmd, { stdio: ['ignore', 'pipe', 'ignore'] }).toString().trim(); } catch { return ''; } };
+
+function discoverStores(cwd) {
+  const home = os.homedir();
+  const out = [];
+  const add = (kind, root, note) => { if (exists(root)) out.push({ kind, root, note }); };
+
+  add('project', path.join(cwd, 'node_modules'), 'current project node_modules');
+  add('pnpm-project', path.join(cwd, 'node_modules', '.pnpm'), 'pnpm in-project store');
+  const g = sh('npm root -g'); if (g) add('npm-global', g, 'npm global packages');
+  add('npx-cache', path.join(home, '.npm', '_npx'), 'npx ephemeral installs');
+  add('bun-cache', path.join(home, '.bun', 'install', 'cache'), 'bun global cache');
+  add('bun-cache', path.join(home, '.cache', 'bun', 'install', 'cache'), 'bun cache (xdg)');
+  for (const p of [
+    path.join(home, 'Library', 'pnpm', 'store'),
+    path.join(home, '.local', 'share', 'pnpm', 'store'),
+    process.env.PNPM_HOME && path.join(process.env.PNPM_HOME, 'store'),
+  ].filter(Boolean)) add('pnpm-store', p, 'pnpm global content store (count only)');
+  const yc = sh('yarn cache dir'); if (yc) add('yarn-cache', yc, 'yarn v1 cache');
+  add('yarn-berry', path.join(cwd, '.yarn', 'cache'), 'yarn berry zip cache (names only)');
+  return out;
+}
+
+function readManifest(dir) {
+  try { return JSON.parse(fs.readFileSync(path.join(dir, 'package.json'), 'utf8')); } catch { return null; }
+}
+function pkgFromDir(dir, store) {
+  const m = readManifest(dir);
+  if (!m) return null;
+  return { name: m.name || path.basename(dir), version: m.version || '', dir, store, manifest: m };
+}
+
+function* walkTree(nmDir, store, maxDepth, depth = 0) {
+  if (depth > maxDepth || !exists(nmDir)) return;
+  for (const ent of readdir(nmDir)) {
+    if (ent.name.startsWith('.')) continue;
+    const full = path.join(nmDir, ent.name);
+    if (ent.name.startsWith('@')) {
+      for (const sub of readdir(full)) {
+        const d = path.join(full, sub.name);
+        const p = pkgFromDir(d, store); if (p) yield p;
+        yield* walkTree(path.join(d, 'node_modules'), store, maxDepth, depth + 1);
+      }
+    } else {
+      const p = pkgFromDir(full, store); if (p) yield p;
+      yield* walkTree(path.join(full, 'node_modules'), store, maxDepth, depth + 1);
+    }
+  }
+}
+
+function* packagesInStore(store, opts = {}) {
+  const maxDepth = opts.maxDepth || 12;
+  switch (store.kind) {
+    case 'bun-cache': {
+      for (const ent of readdir(store.root)) {
+        if (!ent.isDirectory() || ent.name === '.bin' || ent.name === '.cache') continue;
+        const full = path.join(store.root, ent.name);
+        if (ent.name.startsWith('@')) {
+          for (const sub of readdir(full)) if (sub.isDirectory()) { const p = pkgFromDir(path.join(full, sub.name), store); if (p) yield p; }
+        } else { const p = pkgFromDir(full, store); if (p) yield p; }
+      }
+      return;
+    }
+    case 'yarn-berry': {
+      for (const ent of readdir(store.root)) {
+        if (ent.isFile() && ent.name.endsWith('.zip')) {
+          const m = ent.name.match(/^(.*)-npm-(.+)-[a-f0-9]{8,}\.zip$/);
+          if (m) yield { name: m[1].replace(/^@([^-]+)-/, '@$1/'), version: m[2], dir: null, store, archiveOnly: true };
+        }
+      }
+      return;
+    }
+    case 'pnpm-store': return; // content-addressed blobs; not extracted trees
+    case 'npx-cache':
+    case 'pnpm-project': {
+      for (const ent of readdir(store.root)) {
+        if (ent.isDirectory()) yield* walkTree(path.join(store.root, ent.name, 'node_modules'), store, maxDepth);
+      }
+      return;
+    }
+    default: // project, npm-global, yarn-cache
+      yield* walkTree(store.root, store, maxDepth);
+  }
+}
+
+module.exports = { discoverStores, packagesInStore, exists, readdir };

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "pkgradar",
+  "version": "0.1.0",
+  "description": "Content-based supply-chain scanner for npm/pnpm/yarn/bun: inspects the bytes you actually installed (lifecycle hooks, obfuscated payloads, worm IOCs) instead of just matching package names against an advisory list.",
+  "bin": {
+    "pkgradar": "bin/pkgradar.js"
+  },
+  "type": "commonjs",
+  "files": [
+    "bin/",
+    "lib/",
+    "data/",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nilaydown/pkgradar.git"
+  },
+  "homepage": "https://github.com/nilaydown/pkgradar#readme",
+  "bugs": {
+    "url": "https://github.com/nilaydown/pkgradar/issues"
+  },
+  "author": "nilaydown",
+  "scripts": {
+    "test": "node test/smoke.js"
+  },
+  "keywords": [
+    "supply-chain",
+    "security",
+    "npm",
+    "pnpm",
+    "yarn",
+    "bun",
+    "malware",
+    "shai-hulud",
+    "audit",
+    "scanner"
+  ],
+  "license": "MIT",
+  "dependencies": {}
+}