scriptguard 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +214 -10
- package/dist/ai/gemini-client.d.ts +2 -1
- package/dist/ai/gemini-client.d.ts.map +1 -1
- package/dist/ai/gemini-client.js +12 -2
- package/dist/ai/gemini-client.js.map +1 -1
- package/dist/ai/prompts.d.ts.map +1 -1
- package/dist/ai/prompts.js +58 -3
- package/dist/ai/prompts.js.map +1 -1
- package/dist/cli.js +43 -7
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/scanners/ast.d.ts +11 -0
- package/dist/scanners/ast.d.ts.map +1 -0
- package/dist/scanners/ast.js +267 -0
- package/dist/scanners/ast.js.map +1 -0
- package/dist/scanners/deobfuscation.d.ts +12 -0
- package/dist/scanners/deobfuscation.d.ts.map +1 -0
- package/dist/scanners/deobfuscation.js +169 -0
- package/dist/scanners/deobfuscation.js.map +1 -0
- package/dist/scanners/index.d.ts +1 -0
- package/dist/scanners/index.d.ts.map +1 -1
- package/dist/scanners/index.js +15 -1
- package/dist/scanners/index.js.map +1 -1
- package/dist/scanners/lifecycle.d.ts +8 -2
- package/dist/scanners/lifecycle.d.ts.map +1 -1
- package/dist/scanners/lifecycle.js +63 -5
- package/dist/scanners/lifecycle.js.map +1 -1
- package/dist/types/index.d.ts +22 -1
- package/dist/types/index.d.ts.map +1 -1
- package/package.json +3 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDtC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDtC,kCAqBC;AAED,0CAIC;AAED,0CASC;AAED,sDAaC;AAED,gCAMC;AAED,8CAQC;AA5HD,iDAAuE;AACvE,6CAAiD;AACjD,4CAA8B;AAC9B,gDAAkC;AAElC,MAAM,gBAAgB,GAA8B;IAClD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,SAAS,gBAAgB,CACvB,QAA2B,EAC3B,SAAiB;IAEjB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9E,MAAM,eAAe,GAA8B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAE/F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC3B,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED,MAAM,mBAAmB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7F,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAChE,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvD,wBAAwB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC/D,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,gBAAgB,GAAc,KAAK,CAAC;IACxC,IAAI,eAAe,CAAC,QAAQ,GAAG,CAAC;QAAE,gBAAgB,GAAG,UAAU,CAAC;SAC3D,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC;QAAE,gBAAgB,GAAG,MAAM,CAAC;SACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;QAAE,gBAAgB,GAAG,QAAQ,CAAC;IAEjE,OAAO;QACL,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,mBAAmB;QACnB,QAAQ;QACR,aAAa;QACb,eAAe;QACf,gBAAgB;QAChB,gBAAgB;QAChB,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACvC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAyC;IACzE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAA,oCAAqB,EACpC,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,UAAU,EAClB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CACvD,CAAC;IACF,IAAI,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEnD,gCAAgC;IAChC,IAAI,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,iEAAiE;YACjE,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,eAAe,CAAC,OAAoB;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAA,oCAAqB,EAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACzE,OAAO,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,eAAe,CAAC,QAAgB;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,6BAAc,EAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EACjE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,IAAI,SAAS,EACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,QAAgB,EAAE,SAAqB;IACjF,IAAI,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,SAAS,EAAE,OAAO,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,UAAU,CAAC,MAAkB,EAAE,SAAqB;IAClE,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAC7B,MAAM,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAChC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,CACnE,CAAC;AACJ,CAAC;AAED,SAAgB,iBAAiB,CAAC,QAA2B,EAAE,QAAmB;IAChF,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC7C,OAAO,QAAQ;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,GAAG,CAAC;QACJ,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;KAC/E,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,MAAkB,EAAE,SAAoB;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,8EAA8E;IAC9E,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAChE,CAAC;IAEF,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAmB;QACnC,QAAQ,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACpC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QACH,IAAI,EAAE,SAAS,CAAC,IAAI,IAAI,UAAU;KACnC,CAAC;IAEF,kBAAkB;IAClB,MAAM,MAAM,GAAG,IAAA,0BAAe,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAE3D,sCAAsC;IACtC,MAAM,UAAU,GAAG,IAAI,GAAG,CACxB,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAC/D,CAAC;IAEF,IAAI,2BAA2B,GAAG,CAAC,CAAC;IACpC,IAAI,uBAAuB,GAAG,CAAC,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,UAAU,EAAE,CAAC;YACf,8BAA8B;YAC9B,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACxC,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;YAClC,CAAC;YAED,2BAA2B,IAAI,UAAU,CAAC,sBAAsB,CAAC;YACjE,uBAAuB,IAAI,UAAU,CAAC,kBAAkB,CAAC;YAEzD,yCAAyC;YACzC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,kBAAkB,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBACrE,MAAM,aAAa,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;oBAClE,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACxD,CAAC,EAAE,CAAC,CAAC,CAAC;gBAEN,2CAA2C;gBAC3C,IAAI,kBAAkB,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;oBAC3D,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC;gBAC9D,CAAC;qBAAM,IAAI,kBAAkB,KAAK,CAAC,IAAI,UAAU,CAAC,sBAAsB,GAAG,CAAC,EAAE,CAAC;oBAC7E,8CAA8C;oBAC9C,QAAQ,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC;gBAC5D,CAAC;gBAED,yBAAyB;gBACzB,IAAI,QAAQ,CAAC,SAAS,IAAI,EAAE;oBAAE,QAAQ,CAAC,SAAS,GAAG,UAAU,CAAC;qBACzD,IAAI,QAAQ,CAAC,SAAS,IAAI,EAAE;oBAAE,QAAQ,CAAC,SAAS,GAAG,MAAM,CAAC;qBAC1D,IAAI,QAAQ,CAAC,SAAS,IAAI,EAAE;oBAAE,QAAQ,CAAC,SAAS,GAAG,QAAQ,CAAC;;oBAC5D,QAAQ,CAAC,SAAS,GAAG,KAAK,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,CAAC,UAAU,GAAG;QAClB,eAAe,EAAE,UAAU,CAAC,eAAe;QAC3C,2BAA2B;QAC3B,uBAAuB;QACvB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;KACrC,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -3,8 +3,14 @@ import type { PackageAnalysis, RiskLevel } from '../types/index.js';
|
|
|
3
3
|
declare function extractLifecycleScripts(scripts: Record<string, string>): Record<string, string>;
|
|
4
4
|
declare function calculateRiskScore(findings: PackageAnalysis['findings']): number;
|
|
5
5
|
declare function riskLevelFromScore(score: number): RiskLevel;
|
|
6
|
-
export declare function analyzePackage(name: string, version: string, scripts: Record<string, string
|
|
7
|
-
|
|
6
|
+
export declare function analyzePackage(name: string, version: string, scripts: Record<string, string>, options?: {
|
|
7
|
+
ast?: boolean;
|
|
8
|
+
deobfuscate?: boolean;
|
|
9
|
+
}): PackageAnalysis;
|
|
10
|
+
export declare function scanInstalledPackages(projectPath: string, includeDev?: boolean, options?: {
|
|
11
|
+
ast?: boolean;
|
|
12
|
+
deobfuscate?: boolean;
|
|
13
|
+
}): PackageAnalysis[];
|
|
8
14
|
export declare function scanSinglePackage(pkgJsonContent: string): PackageAnalysis;
|
|
9
15
|
export { extractLifecycleScripts, calculateRiskScore, riskLevelFromScore };
|
|
10
16
|
//# sourceMappingURL=lifecycle.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../src/scanners/lifecycle.ts"],"names":[],"mappings":"AAAA,yFAAyF;AAIzF,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../src/scanners/lifecycle.ts"],"names":[],"mappings":"AAAA,yFAAyF;AAIzF,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAsCpE,iBAAS,uBAAuB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQxF;AAmGD,iBAAS,kBAAkB,CAAC,QAAQ,EAAE,eAAe,CAAC,UAAU,CAAC,GAAG,MAAM,CAKzE;AAED,iBAAS,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAKpD;AAED,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,OAAO,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAE,GACjD,eAAe,CAgCjB;AAED,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EACnB,UAAU,UAAQ,EAClB,OAAO,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAE,GACjD,eAAe,EAAE,CAuDnB;AAED,wBAAgB,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,eAAe,CAOzE;AAED,OAAO,EAAE,uBAAuB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,CAAC"}
|
|
@@ -43,6 +43,8 @@ exports.riskLevelFromScore = riskLevelFromScore;
|
|
|
43
43
|
const fs = __importStar(require("node:fs"));
|
|
44
44
|
const path = __importStar(require("node:path"));
|
|
45
45
|
const patterns_js_1 = require("./patterns.js");
|
|
46
|
+
const ast_js_1 = require("./ast.js");
|
|
47
|
+
const deobfuscation_js_1 = require("./deobfuscation.js");
|
|
46
48
|
const LIFECYCLE_SCRIPTS = [
|
|
47
49
|
'preinstall',
|
|
48
50
|
'install',
|
|
@@ -83,8 +85,9 @@ function extractLifecycleScripts(scripts) {
|
|
|
83
85
|
}
|
|
84
86
|
return result;
|
|
85
87
|
}
|
|
86
|
-
function analyzeScriptContent(packageName, version, scriptName, scriptContent) {
|
|
88
|
+
function analyzeScriptContent(packageName, version, scriptName, scriptContent, options) {
|
|
87
89
|
const findings = [];
|
|
90
|
+
// Layer 1: Regex pattern matching (existing)
|
|
88
91
|
for (const rule of patterns_js_1.PATTERN_RULES) {
|
|
89
92
|
const match = rule.pattern.exec(scriptContent);
|
|
90
93
|
if (match) {
|
|
@@ -99,6 +102,61 @@ function analyzeScriptContent(packageName, version, scriptName, scriptContent) {
|
|
|
99
102
|
});
|
|
100
103
|
}
|
|
101
104
|
}
|
|
105
|
+
// Layer 2: AST analysis (only if regex found something AND AST is enabled)
|
|
106
|
+
if (findings.length > 0 && options?.ast !== false) {
|
|
107
|
+
try {
|
|
108
|
+
const astFindings = (0, ast_js_1.analyzeScriptAST)(scriptContent);
|
|
109
|
+
if (astFindings.length > 0) {
|
|
110
|
+
// Add AST findings
|
|
111
|
+
findings.push(...astFindings.map((f) => ({
|
|
112
|
+
package: packageName,
|
|
113
|
+
scriptName,
|
|
114
|
+
scriptContent,
|
|
115
|
+
pattern: f.pattern,
|
|
116
|
+
description: f.description,
|
|
117
|
+
riskLevel: f.riskLevel,
|
|
118
|
+
match: f.match,
|
|
119
|
+
})));
|
|
120
|
+
// Add AST findings metadata to first regex finding
|
|
121
|
+
if (findings.length > 0) {
|
|
122
|
+
findings[0].astFindings = astFindings;
|
|
123
|
+
}
|
|
124
|
+
// Layer 3: Deobfuscation (only if AST found something AND deobfuscation is enabled)
|
|
125
|
+
const deobf = options?.deobfuscate === false
|
|
126
|
+
? { deobfuscated: scriptContent, iterations: 0, techniques: [], success: false }
|
|
127
|
+
: (0, deobfuscation_js_1.deobfuscateScript)(scriptContent);
|
|
128
|
+
if (deobf.success && deobf.iterations > 0) {
|
|
129
|
+
// Mark all findings with deobfuscation metadata
|
|
130
|
+
for (const f of findings) {
|
|
131
|
+
f.deobfuscation = deobf;
|
|
132
|
+
}
|
|
133
|
+
// Re-analyze deobfuscated code (recursive call with deobfuscated content)
|
|
134
|
+
// This catches patterns that were hidden by encoding
|
|
135
|
+
try {
|
|
136
|
+
const deobfFindings = analyzeScriptContent(packageName, version, scriptName, deobf.deobfuscated);
|
|
137
|
+
// Add deobfuscated findings if they're different
|
|
138
|
+
for (const deobfFinding of deobfFindings) {
|
|
139
|
+
// Check if this pattern was already found
|
|
140
|
+
const alreadyFound = findings.some((f) => f.pattern === deobfFinding.pattern);
|
|
141
|
+
if (!alreadyFound) {
|
|
142
|
+
// Mark as found via deobfuscation
|
|
143
|
+
deobfFinding.pattern = `${deobfFinding.pattern}-deobfuscated`;
|
|
144
|
+
findings.push(deobfFinding);
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
catch {
|
|
149
|
+
// Recursive analysis failed — continue with original findings
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
catch (error) {
|
|
155
|
+
// AST/deobfuscation failed — continue with regex-only
|
|
156
|
+
// Log warning but don't break the scan
|
|
157
|
+
console.warn(`AST/deobfuscation analysis failed for ${packageName}:${scriptName}: ${error.message}`);
|
|
158
|
+
}
|
|
159
|
+
}
|
|
102
160
|
return findings;
|
|
103
161
|
}
|
|
104
162
|
function calculateRiskScore(findings) {
|
|
@@ -117,11 +175,11 @@ function riskLevelFromScore(score) {
|
|
|
117
175
|
return 'medium';
|
|
118
176
|
return 'low';
|
|
119
177
|
}
|
|
120
|
-
function analyzePackage(name, version, scripts) {
|
|
178
|
+
function analyzePackage(name, version, scripts, options) {
|
|
121
179
|
const lifecycleScripts = extractLifecycleScripts(scripts);
|
|
122
180
|
const allFindings = [];
|
|
123
181
|
for (const [scriptName, scriptContent] of Object.entries(lifecycleScripts)) {
|
|
124
|
-
const scriptFindings = analyzeScriptContent(name, version, scriptName, scriptContent);
|
|
182
|
+
const scriptFindings = analyzeScriptContent(name, version, scriptName, scriptContent, options);
|
|
125
183
|
allFindings.push(...scriptFindings);
|
|
126
184
|
// Flag any lifecycle script that exists without findings as "low" info
|
|
127
185
|
if (scriptFindings.length === 0 && ['postinstall', 'preinstall', 'install'].includes(scriptName)) {
|
|
@@ -146,7 +204,7 @@ function analyzePackage(name, version, scripts) {
|
|
|
146
204
|
riskLevel: riskLevelFromScore(riskScore),
|
|
147
205
|
};
|
|
148
206
|
}
|
|
149
|
-
function scanInstalledPackages(projectPath, includeDev = false) {
|
|
207
|
+
function scanInstalledPackages(projectPath, includeDev = false, options) {
|
|
150
208
|
const nodeModulesPath = path.join(projectPath, 'node_modules');
|
|
151
209
|
if (!fs.existsSync(nodeModulesPath)) {
|
|
152
210
|
throw new Error(`No node_modules found at ${nodeModulesPath}`);
|
|
@@ -174,7 +232,7 @@ function scanInstalledPackages(projectPath, includeDev = false) {
|
|
|
174
232
|
continue;
|
|
175
233
|
visited.add(pkgKey);
|
|
176
234
|
if (pkgJson.scripts && Object.keys(pkgJson.scripts).length > 0) {
|
|
177
|
-
analyses.push(analyzePackage(pkgJson.name || entry.name, pkgJson.version || 'unknown', pkgJson.scripts));
|
|
235
|
+
analyses.push(analyzePackage(pkgJson.name || entry.name, pkgJson.version || 'unknown', pkgJson.scripts, options));
|
|
178
236
|
}
|
|
179
237
|
}
|
|
180
238
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lifecycle.js","sourceRoot":"","sources":["../../src/scanners/lifecycle.ts"],"names":[],"mappings":";AAAA,yFAAyF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"lifecycle.js","sourceRoot":"","sources":["../../src/scanners/lifecycle.ts"],"names":[],"mappings":";AAAA,yFAAyF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmKzF,wCAqCC;AAED,sDA2DC;AAED,8CAOC;AAEQ,0DAAuB;AAAE,gDAAkB;AAAE,gDAAkB;AA9QxE,4CAA8B;AAC9B,gDAAkC;AAElC,+CAA8C;AAC9C,qCAA4C;AAC5C,yDAAuD;AAEvD,MAAM,iBAAiB,GAAG;IACxB,YAAY;IACZ,SAAS;IACT,aAAa;IACb,YAAY;IACZ,SAAS;IACT,aAAa;IACb,SAAS;IACT,UAAU;IACV,cAAc;IACd,WAAW;IACX,eAAe;IACf,YAAY;IACZ,SAAS;IACT,aAAa;IACb,YAAY;IACZ,SAAS;IACT,aAAa;IACb,UAAU;IACV,WAAW;IACX,UAAU;IACV,WAAW;IACX,SAAS;IACT,UAAU;CACX,CAAC;AAEF,MAAM,YAAY,GAA8B;IAC9C,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,EAAE;IACV,IAAI,EAAE,EAAE;IACR,QAAQ,EAAE,GAAG;CACd,CAAC;AAEF,SAAS,uBAAuB,CAAC,OAA+B;IAC9D,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,oBAAoB,CAC3B,WAAmB,EACnB,OAAe,EACf,UAAkB,EAClB,aAAqB,EACrB,OAAkD;IAElD,MAAM,QAAQ,GAAgC,EAAE,CAAC;IAEjD,6CAA6C;IAC7C,KAAK,MAAM,IAAI,IAAI,2BAAa,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,WAAW;gBACpB,UAAU;gBACV,aAAa;gBACb,OAAO,EAAE,IAAI,CAAC,IAAI;gBAClB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,EAAE,GAAG,KAAK,KAAK,EAAE,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAA,yBAAgB,EAAC,aAAa,CAAC,CAAC;YAEpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,mBAAmB;gBACnB,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,WAAW;oBACpB,UAAU;oBACV,aAAa;oBACb,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,WAAW,EAAE,CAAC,CAAC,WAAW;oBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,KAAK,EAAE,CAAC,CAAC,KAAK;iBACf,CAAC,CAAC,CAAC,CAAC;gBAEL,mDAAmD;gBACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,WAAW,CAAC;gBACxC,CAAC;gBAED,oFAAoF;gBACpF,MAAM,KAAK,GAAG,OAAO,EAAE,WAAW,KAAK,KAAK;oBAC1C,CAAC,CAAC,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;oBAChF,CAAC,CAAC,IAAA,oCAAiB,EAAC,aAAa,CAAC,CAAC;gBACrC,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;oBAC1C,gDAAgD;oBAChD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;wBACzB,CAAC,CAAC,aAAa,GAAG,KAAK,CAAC;oBAC1B,CAAC;oBAED,0EAA0E;oBAC1E,qDAAqD;oBACrD,IAAI,CAAC;wBACH,MAAM,aAAa,GAAG,oBAAoB,CACxC,WAAW,EACX,OAAO,EACP,UAAU,EACV,KAAK,CAAC,YAAY,CACnB,CAAC;wBAEF,iDAAiD;wBACjD,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;4BACzC,0CAA0C;4BAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,YAAY,CAAC,OAAO,CAC1C,CAAC;4BAEF,IAAI,CAAC,YAAY,EAAE,CAAC;gCAClB,kCAAkC;gCAClC,YAAY,CAAC,OAAO,GAAG,GAAG,YAAY,CAAC,OAAO,eAAe,CAAC;gCAC9D,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;4BAC9B,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,8DAA8D;oBAChE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,sDAAsD;YACtD,uCAAuC;YACvC,OAAO,CAAC,IAAI,CACV,yCAAyC,WAAW,IAAI,UAAU,KAAK,KAAK,CAAC,OAAO,EAAE,CACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAqC;IAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;IACnG,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACjC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,cAAc,CAC5B,IAAY,EACZ,OAAe,EACf,OAA+B,EAC/B,OAAkD;IAElD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAgC,EAAE,CAAC;IAEpD,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC3E,MAAM,cAAc,GAAG,oBAAoB,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;QAC/F,WAAW,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;QAEpC,uEAAuE;QACvE,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACjG,WAAW,CAAC,IAAI,CAAC;gBACf,OAAO,EAAE,IAAI;gBACb,UAAU;gBACV,aAAa;gBACb,OAAO,EAAE,0BAA0B;gBACnC,WAAW,EAAE,4BAA4B,UAAU,uBAAuB;gBAC1E,SAAS,EAAE,KAAK;gBAChB,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aACtC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAElD,OAAO;QACL,IAAI;QACJ,OAAO;QACP,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,WAAW;QACrB,SAAS;QACT,SAAS,EAAE,kBAAkB,CAAC,SAAS,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,SAAgB,qBAAqB,CACnC,WAAmB,EACnB,UAAU,GAAG,KAAK,EAClB,OAAkD;IAElD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAC/D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,4BAA4B,eAAe,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,SAAS,OAAO,CAAC,GAAW;QAC1B,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAEzC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,sCAAsC;gBACtC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/B,OAAO,CAAC,QAAQ,CAAC,CAAC;oBAClB,SAAS;gBACX,CAAC;gBAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;gBACxD,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;wBAClE,MAAM,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpD,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;4BAAE,SAAS;wBAClC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBAEpB,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC/D,QAAQ,CAAC,IAAI,CACX,cAAc,CAAC,OAAO,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,IAAI,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CACnG,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,8BAA8B;oBAChC,CAAC;gBACH,CAAC;gBAED,yCAAyC;gBACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,GAAG,cAAc,CAAC,EAAE,CAAC;oBAC3F,4BAA4B;oBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;oBACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC3B,oDAAoD;oBACtD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,eAAe,CAAC,CAAC;IACzB,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAC5D,CAAC;AAED,SAAgB,iBAAiB,CAAC,cAAsB;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC3C,OAAO,cAAc,CACnB,OAAO,CAAC,IAAI,IAAI,SAAS,EACzB,OAAO,CAAC,OAAO,IAAI,SAAS,EAC5B,OAAO,CAAC,OAAO,IAAI,EAAE,CACtB,CAAC;AACJ,CAAC"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -1,6 +1,19 @@
|
|
|
1
1
|
/** ScriptGuard — Type definitions */
|
|
2
2
|
export type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
|
|
3
|
-
export
|
|
3
|
+
export interface ASTFinding {
|
|
4
|
+
pattern: string;
|
|
5
|
+
description: string;
|
|
6
|
+
riskLevel: RiskLevel;
|
|
7
|
+
nodeType: string;
|
|
8
|
+
match: string;
|
|
9
|
+
}
|
|
10
|
+
export interface DeobfuscationResult {
|
|
11
|
+
deobfuscated: string;
|
|
12
|
+
iterations: number;
|
|
13
|
+
techniques: string[];
|
|
14
|
+
success: boolean;
|
|
15
|
+
}
|
|
16
|
+
export type AIMode = 'basic' | 'standard' | 'thorough' | 'explain';
|
|
4
17
|
export interface AIOptions {
|
|
5
18
|
enabled: boolean;
|
|
6
19
|
mode: AIMode;
|
|
@@ -56,6 +69,10 @@ export interface Finding {
|
|
|
56
69
|
match: string;
|
|
57
70
|
/** AI analysis if available */
|
|
58
71
|
aiAnalysis?: AIAnalysis;
|
|
72
|
+
/** AST-based findings (Layer 2) */
|
|
73
|
+
astFindings?: ASTFinding[];
|
|
74
|
+
/** Deobfuscation result (Layer 3) */
|
|
75
|
+
deobfuscation?: DeobfuscationResult;
|
|
59
76
|
}
|
|
60
77
|
export interface PackageAnalysis {
|
|
61
78
|
/** Package name */
|
|
@@ -119,5 +136,9 @@ export interface ScanOptions {
|
|
|
119
136
|
format: 'table' | 'json' | 'sarif';
|
|
120
137
|
/** Fail on findings at or above this level (for CI) */
|
|
121
138
|
failLevel?: RiskLevel;
|
|
139
|
+
/** Enable AST-based pattern matching (default: true) */
|
|
140
|
+
ast?: boolean;
|
|
141
|
+
/** Enable deobfuscation layer (default: true) */
|
|
142
|
+
deobfuscate?: boolean;
|
|
122
143
|
}
|
|
123
144
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AAErC,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAG/D,MAAM,MAAM,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AAErC,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAG/D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAGD,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB;AAGD,MAAM,MAAM,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAEnE,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,gBAAgB,GAAG,QAAQ,GAAG,YAAY,CAAC;IACjD,QAAQ,EAAE,SAAS,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC,CAAC;IACH,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,OAAO;IACtB,8CAA8C;IAC9C,OAAO,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB;IACjB,SAAS,EAAE,SAAS,CAAC;IACrB,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,+BAA+B;IAC/B,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,mCAAmC;IACnC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,qCAAqC;IACrC,aAAa,CAAC,EAAE,mBAAmB,CAAC;CACrC;AAED,MAAM,WAAW,eAAe;IAC9B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,gCAAgC;IAChC,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,+BAA+B;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,SAAS,EAAE,SAAS,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,6BAA6B;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,kCAAkC;IAClC,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,6BAA6B;IAC7B,eAAe,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC3C,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB;IACzB,gBAAgB,EAAE,SAAS,CAAC;IAC5B,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,6BAA6B;IAC7B,UAAU,CAAC,EAAE;QACX,eAAe,EAAE,MAAM,CAAC;QACxB,2BAA2B,EAAE,MAAM,CAAC;QACpC,uBAAuB,EAAE,MAAM,CAAC;QAChC,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B;IAC5B,SAAS,EAAE,SAAS,CAAC;IACrB,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,QAAQ,EAAE,SAAS,GAAG,WAAW,GAAG,YAAY,GAAG,cAAc,GAAG,aAAa,GAAG,QAAQ,CAAC;CAC9F;AAED,MAAM,WAAW,WAAW;IAC1B,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,UAAU,EAAE,OAAO,CAAC;IACpB,mCAAmC;IACnC,YAAY,EAAE,SAAS,CAAC;IACxB,oBAAoB;IACpB,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IACnC,uDAAuD;IACvD,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,wDAAwD;IACxD,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "scriptguard",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.3",
|
|
4
4
|
"description": "Security scanner for npm package lifecycle scripts — detect malicious postinstall, preinstall, and prepare scripts before they run",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -29,6 +29,8 @@
|
|
|
29
29
|
"license": "MIT",
|
|
30
30
|
"dependencies": {
|
|
31
31
|
"@google/generative-ai": "^0.21.0",
|
|
32
|
+
"acorn": "^8.11.3",
|
|
33
|
+
"acorn-walk": "^8.3.2",
|
|
32
34
|
"chalk": "^5.3.0",
|
|
33
35
|
"commander": "^12.0.0",
|
|
34
36
|
"ora": "^8.0.0",
|