secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (569) hide show
  1. package/README.md +564 -0
  2. package/dist/ai/aiAnalyzer.d.ts +99 -0
  3. package/dist/ai/aiAnalyzer.d.ts.map +1 -0
  4. package/dist/ai/aiAnalyzer.js +669 -0
  5. package/dist/ai/aiAnalyzer.js.map +1 -0
  6. package/dist/ai/index.d.ts +5 -0
  7. package/dist/ai/index.d.ts.map +1 -0
  8. package/dist/ai/index.js +21 -0
  9. package/dist/ai/index.js.map +1 -0
  10. package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
  11. package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
  12. package/dist/analyzers/base/baseAnalyzer.js +53 -0
  13. package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
  14. package/dist/analyzers/base/index.d.ts +5 -0
  15. package/dist/analyzers/base/index.d.ts.map +1 -0
  16. package/dist/analyzers/base/index.js +21 -0
  17. package/dist/analyzers/base/index.js.map +1 -0
  18. package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
  19. package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
  20. package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
  21. package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
  22. package/dist/analyzers/c-cpp/index.d.ts +5 -0
  23. package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
  24. package/dist/analyzers/c-cpp/index.js +21 -0
  25. package/dist/analyzers/c-cpp/index.js.map +1 -0
  26. package/dist/analyzers/core/engine/index.d.ts +5 -0
  27. package/dist/analyzers/core/engine/index.d.ts.map +1 -0
  28. package/dist/analyzers/core/engine/index.js +21 -0
  29. package/dist/analyzers/core/engine/index.js.map +1 -0
  30. package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
  31. package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
  32. package/dist/analyzers/core/engine/ruleEngine.js +173 -0
  33. package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
  34. package/dist/analyzers/core/index.d.ts +8 -0
  35. package/dist/analyzers/core/index.d.ts.map +1 -0
  36. package/dist/analyzers/core/index.js +24 -0
  37. package/dist/analyzers/core/index.js.map +1 -0
  38. package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
  39. package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
  40. package/dist/analyzers/core/scanner/fileScanner.js +199 -0
  41. package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
  42. package/dist/analyzers/core/scanner/index.d.ts +5 -0
  43. package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
  44. package/dist/analyzers/core/scanner/index.js +21 -0
  45. package/dist/analyzers/core/scanner/index.js.map +1 -0
  46. package/dist/analyzers/core/scoring/index.d.ts +5 -0
  47. package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
  48. package/dist/analyzers/core/scoring/index.js +21 -0
  49. package/dist/analyzers/core/scoring/index.js.map +1 -0
  50. package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
  51. package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
  52. package/dist/analyzers/core/scoring/riskScoring.js +180 -0
  53. package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
  54. package/dist/analyzers/core/securityScanner.d.ts +47 -0
  55. package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
  56. package/dist/analyzers/core/securityScanner.js +298 -0
  57. package/dist/analyzers/core/securityScanner.js.map +1 -0
  58. package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
  59. package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
  60. package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
  61. package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
  62. package/dist/analyzers/csharp/index.d.ts +5 -0
  63. package/dist/analyzers/csharp/index.d.ts.map +1 -0
  64. package/dist/analyzers/csharp/index.js +21 -0
  65. package/dist/analyzers/csharp/index.js.map +1 -0
  66. package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
  67. package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
  68. package/dist/analyzers/iac/iacAnalyzer.js +182 -0
  69. package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
  70. package/dist/analyzers/iac/index.d.ts +5 -0
  71. package/dist/analyzers/iac/index.d.ts.map +1 -0
  72. package/dist/analyzers/iac/index.js +21 -0
  73. package/dist/analyzers/iac/index.js.map +1 -0
  74. package/dist/analyzers/index.d.ts +30 -0
  75. package/dist/analyzers/index.d.ts.map +1 -0
  76. package/dist/analyzers/index.js +80 -0
  77. package/dist/analyzers/index.js.map +1 -0
  78. package/dist/analyzers/java/index.d.ts +5 -0
  79. package/dist/analyzers/java/index.d.ts.map +1 -0
  80. package/dist/analyzers/java/index.js +21 -0
  81. package/dist/analyzers/java/index.js.map +1 -0
  82. package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
  83. package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
  84. package/dist/analyzers/java/javaAnalyzer.js +224 -0
  85. package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
  86. package/dist/analyzers/javascript/astUtils.d.ts +170 -0
  87. package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
  88. package/dist/analyzers/javascript/astUtils.js +700 -0
  89. package/dist/analyzers/javascript/astUtils.js.map +1 -0
  90. package/dist/analyzers/javascript/index.d.ts +18 -0
  91. package/dist/analyzers/javascript/index.d.ts.map +1 -0
  92. package/dist/analyzers/javascript/index.js +50 -0
  93. package/dist/analyzers/javascript/index.js.map +1 -0
  94. package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
  95. package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
  96. package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
  97. package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
  98. package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
  99. package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
  100. package/dist/analyzers/javascript/malwareDetector.js +616 -0
  101. package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
  102. package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
  103. package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
  104. package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
  105. package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
  106. package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
  107. package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
  108. package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
  109. package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
  110. package/dist/analyzers/php/index.d.ts +5 -0
  111. package/dist/analyzers/php/index.d.ts.map +1 -0
  112. package/dist/analyzers/php/index.js +21 -0
  113. package/dist/analyzers/php/index.js.map +1 -0
  114. package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
  115. package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
  116. package/dist/analyzers/php/phpAnalyzer.js +202 -0
  117. package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
  118. package/dist/analyzers/python/index.d.ts +5 -0
  119. package/dist/analyzers/python/index.d.ts.map +1 -0
  120. package/dist/analyzers/python/index.js +21 -0
  121. package/dist/analyzers/python/index.js.map +1 -0
  122. package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
  123. package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
  124. package/dist/analyzers/python/pythonAnalyzer.js +226 -0
  125. package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
  126. package/dist/cli/index.d.ts +7 -0
  127. package/dist/cli/index.d.ts.map +1 -0
  128. package/dist/cli/index.js +281 -0
  129. package/dist/cli/index.js.map +1 -0
  130. package/dist/core/engine/index.d.ts +5 -0
  131. package/dist/core/engine/index.d.ts.map +1 -0
  132. package/dist/core/engine/index.js +21 -0
  133. package/dist/core/engine/index.js.map +1 -0
  134. package/dist/core/engine/ruleEngine.d.ts +46 -0
  135. package/dist/core/engine/ruleEngine.d.ts.map +1 -0
  136. package/dist/core/engine/ruleEngine.js +173 -0
  137. package/dist/core/engine/ruleEngine.js.map +1 -0
  138. package/dist/core/index.d.ts +8 -0
  139. package/dist/core/index.d.ts.map +1 -0
  140. package/dist/core/index.js +24 -0
  141. package/dist/core/index.js.map +1 -0
  142. package/dist/core/scanner/fileScanner.d.ts +31 -0
  143. package/dist/core/scanner/fileScanner.d.ts.map +1 -0
  144. package/dist/core/scanner/fileScanner.js +199 -0
  145. package/dist/core/scanner/fileScanner.js.map +1 -0
  146. package/dist/core/scanner/index.d.ts +5 -0
  147. package/dist/core/scanner/index.d.ts.map +1 -0
  148. package/dist/core/scanner/index.js +21 -0
  149. package/dist/core/scanner/index.js.map +1 -0
  150. package/dist/core/scoring/index.d.ts +5 -0
  151. package/dist/core/scoring/index.d.ts.map +1 -0
  152. package/dist/core/scoring/index.js +21 -0
  153. package/dist/core/scoring/index.js.map +1 -0
  154. package/dist/core/scoring/riskScoring.d.ts +49 -0
  155. package/dist/core/scoring/riskScoring.d.ts.map +1 -0
  156. package/dist/core/scoring/riskScoring.js +180 -0
  157. package/dist/core/scoring/riskScoring.js.map +1 -0
  158. package/dist/core/securityScanner.d.ts +47 -0
  159. package/dist/core/securityScanner.d.ts.map +1 -0
  160. package/dist/core/securityScanner.js +298 -0
  161. package/dist/core/securityScanner.js.map +1 -0
  162. package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
  163. package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
  164. package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
  165. package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
  166. package/dist/dependencies/database/cveDatabase.d.ts +32 -0
  167. package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
  168. package/dist/dependencies/database/cveDatabase.js +393 -0
  169. package/dist/dependencies/database/cveDatabase.js.map +1 -0
  170. package/dist/dependencies/database/index.d.ts +6 -0
  171. package/dist/dependencies/database/index.d.ts.map +1 -0
  172. package/dist/dependencies/database/index.js +22 -0
  173. package/dist/dependencies/database/index.js.map +1 -0
  174. package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
  175. package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
  176. package/dist/dependencies/database/maliciousPackages.js +279 -0
  177. package/dist/dependencies/database/maliciousPackages.js.map +1 -0
  178. package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
  179. package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
  180. package/dist/dependencies/dependencyAnalyzer.js +349 -0
  181. package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
  182. package/dist/dependencies/detectors/index.d.ts +7 -0
  183. package/dist/dependencies/detectors/index.d.ts.map +1 -0
  184. package/dist/dependencies/detectors/index.js +28 -0
  185. package/dist/dependencies/detectors/index.js.map +1 -0
  186. package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
  187. package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
  188. package/dist/dependencies/detectors/securityStandards.js +178 -0
  189. package/dist/dependencies/detectors/securityStandards.js.map +1 -0
  190. package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
  191. package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
  192. package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
  193. package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
  194. package/dist/dependencies/index.d.ts +14 -0
  195. package/dist/dependencies/index.d.ts.map +1 -0
  196. package/dist/dependencies/index.js +43 -0
  197. package/dist/dependencies/index.js.map +1 -0
  198. package/dist/dependencies/installed/index.d.ts +8 -0
  199. package/dist/dependencies/installed/index.d.ts.map +1 -0
  200. package/dist/dependencies/installed/index.js +24 -0
  201. package/dist/dependencies/installed/index.js.map +1 -0
  202. package/dist/dependencies/installed/installedScanner.d.ts +91 -0
  203. package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
  204. package/dist/dependencies/installed/installedScanner.js +766 -0
  205. package/dist/dependencies/installed/installedScanner.js.map +1 -0
  206. package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
  207. package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
  208. package/dist/dependencies/installed/malwarePatterns.js +480 -0
  209. package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
  210. package/dist/dependencies/installed/types.d.ts +274 -0
  211. package/dist/dependencies/installed/types.d.ts.map +1 -0
  212. package/dist/dependencies/installed/types.js +7 -0
  213. package/dist/dependencies/installed/types.js.map +1 -0
  214. package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
  215. package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
  216. package/dist/dependencies/parsers/base/baseParser.js +80 -0
  217. package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
  218. package/dist/dependencies/parsers/base/index.d.ts +6 -0
  219. package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
  220. package/dist/dependencies/parsers/base/index.js +27 -0
  221. package/dist/dependencies/parsers/base/index.js.map +1 -0
  222. package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
  223. package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
  224. package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
  225. package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
  226. package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
  227. package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
  228. package/dist/dependencies/parsers/cpp/index.js +27 -0
  229. package/dist/dependencies/parsers/cpp/index.js.map +1 -0
  230. package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
  231. package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
  232. package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
  233. package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
  234. package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
  235. package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
  236. package/dist/dependencies/parsers/csharp/index.js +27 -0
  237. package/dist/dependencies/parsers/csharp/index.js.map +1 -0
  238. package/dist/dependencies/parsers/index.d.ts +24 -0
  239. package/dist/dependencies/parsers/index.d.ts.map +1 -0
  240. package/dist/dependencies/parsers/index.js +69 -0
  241. package/dist/dependencies/parsers/index.js.map +1 -0
  242. package/dist/dependencies/parsers/java/index.d.ts +6 -0
  243. package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
  244. package/dist/dependencies/parsers/java/index.js +27 -0
  245. package/dist/dependencies/parsers/java/index.js.map +1 -0
  246. package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
  247. package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
  248. package/dist/dependencies/parsers/java/javaParser.js +168 -0
  249. package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
  250. package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
  251. package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
  252. package/dist/dependencies/parsers/javascript/index.js +27 -0
  253. package/dist/dependencies/parsers/javascript/index.js.map +1 -0
  254. package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
  255. package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
  256. package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
  257. package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
  258. package/dist/dependencies/parsers/php/index.d.ts +6 -0
  259. package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
  260. package/dist/dependencies/parsers/php/index.js +27 -0
  261. package/dist/dependencies/parsers/php/index.js.map +1 -0
  262. package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
  263. package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
  264. package/dist/dependencies/parsers/php/phpParser.js +162 -0
  265. package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
  266. package/dist/dependencies/parsers/python/index.d.ts +6 -0
  267. package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
  268. package/dist/dependencies/parsers/python/index.js +27 -0
  269. package/dist/dependencies/parsers/python/index.js.map +1 -0
  270. package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
  271. package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
  272. package/dist/dependencies/parsers/python/pythonParser.js +336 -0
  273. package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
  274. package/dist/dependencies/types.d.ts +280 -0
  275. package/dist/dependencies/types.d.ts.map +1 -0
  276. package/dist/dependencies/types.js +59 -0
  277. package/dist/dependencies/types.js.map +1 -0
  278. package/dist/i18n/index.d.ts +2 -0
  279. package/dist/i18n/index.d.ts.map +1 -0
  280. package/dist/i18n/index.js +18 -0
  281. package/dist/i18n/index.js.map +1 -0
  282. package/dist/i18n/translations.d.ts +55 -0
  283. package/dist/i18n/translations.d.ts.map +1 -0
  284. package/dist/i18n/translations.js +119 -0
  285. package/dist/i18n/translations.js.map +1 -0
  286. package/dist/index.d.ts +14 -0
  287. package/dist/index.d.ts.map +1 -0
  288. package/dist/index.js +36 -0
  289. package/dist/index.js.map +1 -0
  290. package/dist/reports/dependencyReportGenerator.d.ts +20 -0
  291. package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
  292. package/dist/reports/dependencyReportGenerator.js +690 -0
  293. package/dist/reports/dependencyReportGenerator.js.map +1 -0
  294. package/dist/reports/htmlReportGenerator.d.ts +43 -0
  295. package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
  296. package/dist/reports/htmlReportGenerator.js +793 -0
  297. package/dist/reports/htmlReportGenerator.js.map +1 -0
  298. package/dist/reports/index.d.ts +7 -0
  299. package/dist/reports/index.d.ts.map +1 -0
  300. package/dist/reports/index.js +23 -0
  301. package/dist/reports/index.js.map +1 -0
  302. package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
  303. package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
  304. package/dist/reports/installedDepsReportGenerator.js +872 -0
  305. package/dist/reports/installedDepsReportGenerator.js.map +1 -0
  306. package/dist/rules/index.d.ts +31 -0
  307. package/dist/rules/index.d.ts.map +1 -0
  308. package/dist/rules/index.js +95 -0
  309. package/dist/rules/index.js.map +1 -0
  310. package/dist/rules/malware/categories/backdoors.d.ts +12 -0
  311. package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
  312. package/dist/rules/malware/categories/backdoors.js +163 -0
  313. package/dist/rules/malware/categories/backdoors.js.map +1 -0
  314. package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
  315. package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
  316. package/dist/rules/malware/categories/cryptominers.js +415 -0
  317. package/dist/rules/malware/categories/cryptominers.js.map +1 -0
  318. package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
  319. package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
  320. package/dist/rules/malware/categories/exfiltration.js +658 -0
  321. package/dist/rules/malware/categories/exfiltration.js.map +1 -0
  322. package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
  323. package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
  324. package/dist/rules/malware/categories/keyloggers.js +763 -0
  325. package/dist/rules/malware/categories/keyloggers.js.map +1 -0
  326. package/dist/rules/malware/categories/loaders.d.ts +20 -0
  327. package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
  328. package/dist/rules/malware/categories/loaders.js +702 -0
  329. package/dist/rules/malware/categories/loaders.js.map +1 -0
  330. package/dist/rules/malware/categories/network.d.ts +19 -0
  331. package/dist/rules/malware/categories/network.d.ts.map +1 -0
  332. package/dist/rules/malware/categories/network.js +622 -0
  333. package/dist/rules/malware/categories/network.js.map +1 -0
  334. package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
  335. package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
  336. package/dist/rules/malware/categories/obfuscation.js +766 -0
  337. package/dist/rules/malware/categories/obfuscation.js.map +1 -0
  338. package/dist/rules/malware/constants/index.d.ts +281 -0
  339. package/dist/rules/malware/constants/index.d.ts.map +1 -0
  340. package/dist/rules/malware/constants/index.js +327 -0
  341. package/dist/rules/malware/constants/index.js.map +1 -0
  342. package/dist/rules/malware/engine/index.d.ts +178 -0
  343. package/dist/rules/malware/engine/index.d.ts.map +1 -0
  344. package/dist/rules/malware/engine/index.js +552 -0
  345. package/dist/rules/malware/engine/index.js.map +1 -0
  346. package/dist/rules/malware/index.d.ts +205 -0
  347. package/dist/rules/malware/index.d.ts.map +1 -0
  348. package/dist/rules/malware/index.js +837 -0
  349. package/dist/rules/malware/index.js.map +1 -0
  350. package/dist/rules/malware/scoring/index.d.ts +84 -0
  351. package/dist/rules/malware/scoring/index.d.ts.map +1 -0
  352. package/dist/rules/malware/scoring/index.js +441 -0
  353. package/dist/rules/malware/scoring/index.js.map +1 -0
  354. package/dist/rules/malware/types/index.d.ts +616 -0
  355. package/dist/rules/malware/types/index.d.ts.map +1 -0
  356. package/dist/rules/malware/types/index.js +155 -0
  357. package/dist/rules/malware/types/index.js.map +1 -0
  358. package/dist/rules/malware/utils/index.d.ts +117 -0
  359. package/dist/rules/malware/utils/index.d.ts.map +1 -0
  360. package/dist/rules/malware/utils/index.js +514 -0
  361. package/dist/rules/malware/utils/index.js.map +1 -0
  362. package/dist/rules/standards.d.ts +26 -0
  363. package/dist/rules/standards.d.ts.map +1 -0
  364. package/dist/rules/standards.js +352 -0
  365. package/dist/rules/standards.js.map +1 -0
  366. package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
  367. package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
  368. package/dist/rules/vulnerabilities/constants/index.js +544 -0
  369. package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
  370. package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
  371. package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
  372. package/dist/rules/vulnerabilities/engine/index.js +581 -0
  373. package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
  374. package/dist/rules/vulnerabilities/index.d.ts +148 -0
  375. package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
  376. package/dist/rules/vulnerabilities/index.js +252 -0
  377. package/dist/rules/vulnerabilities/index.js.map +1 -0
  378. package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
  379. package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
  380. package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
  381. package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
  382. package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
  383. package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
  384. package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
  385. package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
  386. package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
  387. package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
  388. package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
  389. package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
  390. package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
  391. package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
  392. package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
  393. package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
  394. package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
  395. package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
  396. package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
  397. package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
  398. package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
  399. package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
  400. package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
  401. package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
  402. package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
  403. package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
  404. package/dist/rules/vulnerabilities/rules/index.js +47 -0
  405. package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
  406. package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
  407. package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
  408. package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
  409. package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
  410. package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
  411. package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
  412. package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
  413. package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
  414. package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
  415. package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
  416. package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
  417. package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
  418. package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
  419. package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
  420. package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
  421. package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
  422. package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
  423. package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
  424. package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
  425. package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
  426. package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
  427. package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
  428. package/dist/rules/vulnerabilities/rules/xss.js +724 -0
  429. package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
  430. package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
  431. package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
  432. package/dist/rules/vulnerabilities/scoring/index.js +414 -0
  433. package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
  434. package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
  435. package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
  436. package/dist/rules/vulnerabilities/types/index.js +164 -0
  437. package/dist/rules/vulnerabilities/types/index.js.map +1 -0
  438. package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
  439. package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
  440. package/dist/rules/vulnerabilities/utils/index.js +615 -0
  441. package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
  442. package/dist/types/index.d.ts +359 -0
  443. package/dist/types/index.d.ts.map +1 -0
  444. package/dist/types/index.js +61 -0
  445. package/dist/types/index.js.map +1 -0
  446. package/dist/utils/index.d.ts +82 -0
  447. package/dist/utils/index.d.ts.map +1 -0
  448. package/dist/utils/index.js +326 -0
  449. package/dist/utils/index.js.map +1 -0
  450. package/dist/utils/logger.d.ts +40 -0
  451. package/dist/utils/logger.d.ts.map +1 -0
  452. package/dist/utils/logger.js +139 -0
  453. package/dist/utils/logger.js.map +1 -0
  454. package/docs/ARCHITECTURE.md +320 -0
  455. package/docs/V1.2.1-IA_Performances.md +116 -0
  456. package/docs/images/WIN_Defender.png +0 -0
  457. package/package.json +68 -0
  458. package/secure-scan.config.json +134 -0
  459. package/secure-scan.sln +29 -0
  460. package/src/ai/aiAnalyzer.ts +714 -0
  461. package/src/ai/index.ts +5 -0
  462. package/src/analyzers/base/baseAnalyzer.ts +66 -0
  463. package/src/analyzers/base/index.ts +5 -0
  464. package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
  465. package/src/analyzers/c-cpp/index.ts +5 -0
  466. package/src/analyzers/core/engine/index.ts +5 -0
  467. package/src/analyzers/core/engine/ruleEngine.ts +221 -0
  468. package/src/analyzers/core/index.ts +8 -0
  469. package/src/analyzers/core/scanner/fileScanner.ts +204 -0
  470. package/src/analyzers/core/scanner/index.ts +5 -0
  471. package/src/analyzers/core/scoring/index.ts +5 -0
  472. package/src/analyzers/core/scoring/riskScoring.ts +198 -0
  473. package/src/analyzers/core/securityScanner.ts +321 -0
  474. package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
  475. package/src/analyzers/csharp/index.ts +5 -0
  476. package/src/analyzers/iac/iacAnalyzer.ts +318 -0
  477. package/src/analyzers/iac/index.ts +5 -0
  478. package/src/analyzers/index.ts +67 -0
  479. package/src/analyzers/java/index.ts +5 -0
  480. package/src/analyzers/java/javaAnalyzer.ts +320 -0
  481. package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
  482. package/src/analyzers/javascript/astUtils.ts +789 -0
  483. package/src/analyzers/javascript/index.ts +50 -0
  484. package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
  485. package/src/analyzers/javascript/malwareDetector.ts +697 -0
  486. package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
  487. package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
  488. package/src/analyzers/php/index.ts +5 -0
  489. package/src/analyzers/php/phpAnalyzer.ts +280 -0
  490. package/src/analyzers/python/index.ts +5 -0
  491. package/src/analyzers/python/pythonAnalyzer.ts +319 -0
  492. package/src/cli/index.ts +276 -0
  493. package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
  494. package/src/dependencies/database/cveDatabase.ts +426 -0
  495. package/src/dependencies/database/index.ts +6 -0
  496. package/src/dependencies/database/maliciousPackages.ts +286 -0
  497. package/src/dependencies/dependencyAnalyzer.ts +394 -0
  498. package/src/dependencies/detectors/index.ts +7 -0
  499. package/src/dependencies/detectors/securityStandards.ts +200 -0
  500. package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
  501. package/src/dependencies/index.ts +27 -0
  502. package/src/dependencies/installed/index.ts +8 -0
  503. package/src/dependencies/installed/installedScanner.ts +821 -0
  504. package/src/dependencies/installed/malwarePatterns.ts +492 -0
  505. package/src/dependencies/installed/types.ts +287 -0
  506. package/src/dependencies/parsers/base/baseParser.ts +108 -0
  507. package/src/dependencies/parsers/base/index.ts +6 -0
  508. package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
  509. package/src/dependencies/parsers/cpp/index.ts +6 -0
  510. package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
  511. package/src/dependencies/parsers/csharp/index.ts +6 -0
  512. package/src/dependencies/parsers/index.ts +56 -0
  513. package/src/dependencies/parsers/java/index.ts +6 -0
  514. package/src/dependencies/parsers/java/javaParser.ts +203 -0
  515. package/src/dependencies/parsers/javascript/index.ts +6 -0
  516. package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
  517. package/src/dependencies/parsers/php/index.ts +6 -0
  518. package/src/dependencies/parsers/php/phpParser.ts +208 -0
  519. package/src/dependencies/parsers/python/index.ts +6 -0
  520. package/src/dependencies/parsers/python/pythonParser.ts +437 -0
  521. package/src/dependencies/types.ts +330 -0
  522. package/src/i18n/index.ts +1 -0
  523. package/src/i18n/translations.ts +194 -0
  524. package/src/index.ts +16 -0
  525. package/src/reports/dependencyReportGenerator.ts +717 -0
  526. package/src/reports/htmlReportGenerator.ts +781 -0
  527. package/src/reports/index.ts +7 -0
  528. package/src/reports/installedDepsReportGenerator.ts +899 -0
  529. package/src/rules/index.ts +58 -0
  530. package/src/rules/malware/INFO.md +287 -0
  531. package/src/rules/malware/categories/backdoors.ts +174 -0
  532. package/src/rules/malware/categories/cryptominers.ts +434 -0
  533. package/src/rules/malware/categories/exfiltration.ts +677 -0
  534. package/src/rules/malware/categories/keyloggers.ts +780 -0
  535. package/src/rules/malware/categories/loaders.ts +721 -0
  536. package/src/rules/malware/categories/network.ts +639 -0
  537. package/src/rules/malware/categories/obfuscation.ts +788 -0
  538. package/src/rules/malware/constants/index.ts +358 -0
  539. package/src/rules/malware/engine/index.ts +758 -0
  540. package/src/rules/malware/index.ts +928 -0
  541. package/src/rules/malware/scoring/index.ts +549 -0
  542. package/src/rules/malware/types/index.ts +752 -0
  543. package/src/rules/malware/utils/index.ts +643 -0
  544. package/src/rules/standards.ts +372 -0
  545. package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
  546. package/src/rules/vulnerabilities/constants/index.ts +625 -0
  547. package/src/rules/vulnerabilities/engine/index.ts +831 -0
  548. package/src/rules/vulnerabilities/index.ts +312 -0
  549. package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
  550. package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
  551. package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
  552. package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
  553. package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
  554. package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
  555. package/src/rules/vulnerabilities/rules/index.ts +17 -0
  556. package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
  557. package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
  558. package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
  559. package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
  560. package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
  561. package/src/rules/vulnerabilities/rules/xss.ts +753 -0
  562. package/src/rules/vulnerabilities/scoring/index.ts +543 -0
  563. package/src/rules/vulnerabilities/types/index.ts +1004 -0
  564. package/src/rules/vulnerabilities/utils/index.ts +709 -0
  565. package/src/types/index.ts +391 -0
  566. package/src/utils/index.ts +306 -0
  567. package/src/utils/logger.ts +150 -0
  568. package/test-installed-scanner.ts +136 -0
  569. package/tsconfig.json +30 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts ADDED
@@ -0,0 +1,362 @@
1
+ /**
2
+ * JavaScript/Node.js Dependency Parser
3
+ * Parses package.json, package-lock.json, and yarn.lock
4
+ */
5
+
6
+ import { BaseDependencyParser } from '../base';
7
+ import {
8
+ DependencyManifest,
9
+ ManifestFileType,
10
+ PackageEcosystem,
11
+ Dependency,
12
+ DependencyType
13
+ } from '../../types';
14
+
15
+ /**
16
+ * NPM package.json structure
17
+ */
18
+ interface PackageJson {
19
+ name?: string;
20
+ version?: string;
21
+ dependencies?: Record<string, string>;
22
+ devDependencies?: Record<string, string>;
23
+ peerDependencies?: Record<string, string>;
24
+ optionalDependencies?: Record<string, string>;
25
+ scripts?: Record<string, string>;
26
+ }
27
+
28
+ /**
29
+ * NPM package-lock.json structure
30
+ */
31
+ interface PackageLock {
32
+ name?: string;
33
+ version?: string;
34
+ lockfileVersion?: number;
35
+ dependencies?: Record<string, PackageLockDependency>;
36
+ packages?: Record<string, PackageLockPackage>;
37
+ }
38
+
39
+ interface PackageLockDependency {
40
+ version: string;
41
+ resolved?: string;
42
+ integrity?: string;
43
+ dev?: boolean;
44
+ optional?: boolean;
45
+ requires?: Record<string, string>;
46
+ dependencies?: Record<string, PackageLockDependency>;
47
+ }
48
+
49
+ interface PackageLockPackage {
50
+ version?: string;
51
+ resolved?: string;
52
+ integrity?: string;
53
+ dev?: boolean;
54
+ optional?: boolean;
55
+ dependencies?: Record<string, string>;
56
+ devDependencies?: Record<string, string>;
57
+ }
58
+
59
+ /**
60
+ * JavaScript/Node.js Dependency Parser
61
+ */
62
+ export class JavaScriptDependencyParser extends BaseDependencyParser {
63
+ name = 'JavaScript Dependency Parser';
64
+ supportedFiles: ManifestFileType[] = ['package.json', 'package-lock.json', 'yarn.lock'];
65
+ ecosystem: PackageEcosystem = 'npm';
66
+
67
+ /**
68
+ * Parse manifest file
69
+ */
70
+ async parse(filePath: string, content: string): Promise<DependencyManifest> {
71
+ this.logParsing(filePath);
72
+
73
+ const fileName = filePath.split(/[/\\]/).pop() || '';
74
+ const dependencies: Dependency[] = [];
75
+ const parseErrors: string[] = [];
76
+
77
+ try {
78
+ if (fileName === 'package.json') {
79
+ dependencies.push(...this.parsePackageJson(content, filePath, parseErrors));
80
+ } else if (fileName === 'package-lock.json') {
81
+ dependencies.push(...this.parsePackageLock(content, filePath, parseErrors));
82
+ } else if (fileName === 'yarn.lock') {
83
+ dependencies.push(...this.parseYarnLock(content, filePath, parseErrors));
84
+ }
85
+ } catch (error) {
86
+ const errorMsg = error instanceof Error ? error.message : String(error);
87
+ parseErrors.push(`Failed to parse ${fileName}: ${errorMsg}`);
88
+ this.logError(filePath, errorMsg);
89
+ }
90
+
91
+ return {
92
+ filePath,
93
+ fileType: this.getFileType(fileName),
94
+ ecosystem: this.ecosystem,
95
+ dependencies,
96
+ parseErrors: parseErrors.length > 0 ? parseErrors : undefined,
97
+ isLockFile: this.isLockFile(fileName)
98
+ };
99
+ }
100
+
101
+ /**
102
+ * Get manifest file type
103
+ */
104
+ private getFileType(fileName: string): ManifestFileType {
105
+ if (fileName === 'package-lock.json') return 'package-lock.json';
106
+ if (fileName === 'yarn.lock') return 'yarn.lock';
107
+ return 'package.json';
108
+ }
109
+
110
+ /**
111
+ * Parse package.json
112
+ */
113
+ private parsePackageJson(content: string, filePath: string, errors: string[]): Dependency[] {
114
+ const dependencies: Dependency[] = [];
115
+
116
+ let pkg: PackageJson;
117
+ try {
118
+ pkg = JSON.parse(content);
119
+ } catch (e) {
120
+ errors.push('Invalid JSON in package.json');
121
+ return dependencies;
122
+ }
123
+
124
+ // Parse regular dependencies
125
+ if (pkg.dependencies) {
126
+ for (const [name, version] of Object.entries(pkg.dependencies)) {
127
+ dependencies.push(this.createDependency(name, version, filePath, {
128
+ dependencyType: 'direct'
129
+ }));
130
+ }
131
+ }
132
+
133
+ // Parse dev dependencies
134
+ if (pkg.devDependencies) {
135
+ for (const [name, version] of Object.entries(pkg.devDependencies)) {
136
+ dependencies.push(this.createDependency(name, version, filePath, {
137
+ dependencyType: 'dev'
138
+ }));
139
+ }
140
+ }
141
+
142
+ // Parse peer dependencies
143
+ if (pkg.peerDependencies) {
144
+ for (const [name, version] of Object.entries(pkg.peerDependencies)) {
145
+ dependencies.push(this.createDependency(name, version, filePath, {
146
+ dependencyType: 'peer'
147
+ }));
148
+ }
149
+ }
150
+
151
+ // Parse optional dependencies
152
+ if (pkg.optionalDependencies) {
153
+ for (const [name, version] of Object.entries(pkg.optionalDependencies)) {
154
+ dependencies.push(this.createDependency(name, version, filePath, {
155
+ dependencyType: 'optional'
156
+ }));
157
+ }
158
+ }
159
+
160
+ return dependencies;
161
+ }
162
+
163
+ /**
164
+ * Parse package-lock.json
165
+ */
166
+ private parsePackageLock(content: string, filePath: string, errors: string[]): Dependency[] {
167
+ const dependencies: Dependency[] = [];
168
+
169
+ let lockFile: PackageLock;
170
+ try {
171
+ lockFile = JSON.parse(content);
172
+ } catch (e) {
173
+ errors.push('Invalid JSON in package-lock.json');
174
+ return dependencies;
175
+ }
176
+
177
+ // Handle lockfileVersion 2/3 (packages field)
178
+ if (lockFile.packages) {
179
+ for (const [pkgPath, pkg] of Object.entries(lockFile.packages)) {
180
+ // Skip root package (empty path)
181
+ if (!pkgPath || pkgPath === '') continue;
182
+
183
+ // Extract package name from path (e.g., "node_modules/lodash" -> "lodash")
184
+ const name = this.extractPackageName(pkgPath);
185
+ if (!name || !pkg.version) continue;
186
+
187
+ const depType: DependencyType = pkg.dev ? 'dev' : (pkg.optional ? 'optional' : 'transitive');
188
+ const depth = this.calculateDepth(pkgPath);
189
+
190
+ dependencies.push(this.createDependency(name, pkg.version, filePath, {
191
+ dependencyType: depth === 1 ? 'direct' : depType,
192
+ resolvedVersion: pkg.version,
193
+ depth
194
+ }));
195
+ }
196
+ }
197
+ // Handle lockfileVersion 1 (dependencies field)
198
+ else if (lockFile.dependencies) {
199
+ this.parsePackageLockDependencies(
200
+ lockFile.dependencies,
201
+ filePath,
202
+ dependencies,
203
+ 0,
204
+ false
205
+ );
206
+ }
207
+
208
+ return dependencies;
209
+ }
210
+
211
+ /**
212
+ * Extract package name from node_modules path
213
+ */
214
+ private extractPackageName(pkgPath: string): string | null {
215
+ // Remove "node_modules/" prefix and handle scoped packages
216
+ const parts = pkgPath.split('node_modules/');
217
+ const lastPart = parts[parts.length - 1];
218
+
219
+ if (!lastPart) return null;
220
+
221
+ // Handle scoped packages (@scope/package)
222
+ if (lastPart.startsWith('@')) {
223
+ const scopedParts = lastPart.split('/');
224
+ if (scopedParts.length >= 2) {
225
+ return `${scopedParts[0]}/${scopedParts[1]}`;
226
+ }
227
+ }
228
+
229
+ // Regular package
230
+ return lastPart.split('/')[0];
231
+ }
232
+
233
+ /**
234
+ * Calculate dependency depth from path
235
+ */
236
+ private calculateDepth(pkgPath: string): number {
237
+ return (pkgPath.match(/node_modules/g) || []).length;
238
+ }
239
+
240
+ /**
241
+ * Recursively parse package-lock dependencies (v1 format)
242
+ */
243
+ private parsePackageLockDependencies(
244
+ deps: Record<string, PackageLockDependency>,
245
+ filePath: string,
246
+ result: Dependency[],
247
+ depth: number,
248
+ isDev: boolean
249
+ ): void {
250
+ for (const [name, dep] of Object.entries(deps)) {
251
+ const depType: DependencyType = dep.dev || isDev
252
+ ? 'dev'
253
+ : (dep.optional ? 'optional' : (depth === 0 ? 'direct' : 'transitive'));
254
+
255
+ result.push(this.createDependency(name, dep.version, filePath, {
256
+ dependencyType: depType,
257
+ resolvedVersion: dep.version,
258
+ depth
259
+ }));
260
+
261
+ // Parse nested dependencies
262
+ if (dep.dependencies) {
263
+ this.parsePackageLockDependencies(
264
+ dep.dependencies,
265
+ filePath,
266
+ result,
267
+ depth + 1,
268
+ dep.dev || isDev
269
+ );
270
+ }
271
+ }
272
+ }
273
+
274
+ /**
275
+ * Parse yarn.lock (v1 format)
276
+ */
277
+ private parseYarnLock(content: string, filePath: string, errors: string[]): Dependency[] {
278
+ const dependencies: Dependency[] = [];
279
+
280
+ // Simple yarn.lock parser
281
+ const lines = content.split('\n');
282
+ let currentPackage: string | null = null;
283
+ let currentVersion: string | null = null;
284
+
285
+ for (const line of lines) {
286
+ // Skip comments and empty lines
287
+ if (line.startsWith('#') || line.trim() === '') continue;
288
+
289
+ // New package entry (lines that don't start with whitespace)
290
+ if (!line.startsWith(' ') && !line.startsWith('\t')) {
291
+ // Parse package name(s) from entry like '"lodash@^4.17.21":'
292
+ const match = line.match(/^"?(@?[^@"]+)@[^"]+/);
293
+ if (match) {
294
+ currentPackage = match[1];
295
+ }
296
+ }
297
+ // Version line
298
+ else if (line.trim().startsWith('version')) {
299
+ const versionMatch = line.match(/version\s+"?([^"]+)"?/);
300
+ if (versionMatch && currentPackage) {
301
+ currentVersion = versionMatch[1];
302
+
303
+ // Check if this dependency already exists
304
+ const existing = dependencies.find(d =>
305
+ d.name === currentPackage && d.resolvedVersion === currentVersion
306
+ );
307
+
308
+ if (!existing) {
309
+ dependencies.push(this.createDependency(currentPackage, currentVersion, filePath, {
310
+ dependencyType: 'transitive',
311
+ resolvedVersion: currentVersion,
312
+ depth: 1
313
+ }));
314
+ }
315
+
316
+ currentPackage = null;
317
+ currentVersion = null;
318
+ }
319
+ }
320
+ }
321
+
322
+ return dependencies;
323
+ }
324
+
325
+ /**
326
+ * Check for dangerous scripts in package.json
327
+ */
328
+ detectDangerousScripts(content: string): { script: string; command: string }[] {
329
+ const dangerous: { script: string; command: string }[] = [];
330
+
331
+ try {
332
+ const pkg: PackageJson = JSON.parse(content);
333
+ if (!pkg.scripts) return dangerous;
334
+
335
+ const dangerousPatterns = [
336
+ /curl\s+.*\|\s*(bash|sh)/i, // curl pipe to shell
337
+ /wget\s+.*\|\s*(bash|sh)/i, // wget pipe to shell
338
+ /eval\s*\(/i, // eval usage
339
+ /base64\s+(-d|--decode)/i, // base64 decode
340
+ /\$\(.*\)/, // command substitution
341
+ /nc\s+-e/i, // netcat reverse shell
342
+ /powershell\s+-enc/i, // encoded powershell
343
+ /node\s+-e\s+['"].*require.*http/i, // inline node with http
344
+ ];
345
+
346
+ for (const [script, command] of Object.entries(pkg.scripts)) {
347
+ for (const pattern of dangerousPatterns) {
348
+ if (pattern.test(command)) {
349
+ dangerous.push({ script, command });
350
+ break;
351
+ }
352
+ }
353
+ }
354
+ } catch {
355
+ // Ignore parse errors
356
+ }
357
+
358
+ return dangerous;
359
+ }
360
+ }
361
+
362
+ export default JavaScriptDependencyParser;
package/src/dependencies/parsers/php/index.ts ADDED
@@ -0,0 +1,6 @@
1
+ /**
2
+ * PHP Parser Module Exports
3
+ */
4
+
5
+ export * from './phpParser';
6
+ export { default as PHPDependencyParser } from './phpParser';
package/src/dependencies/parsers/php/phpParser.ts ADDED
@@ -0,0 +1,208 @@
1
+ /**
2
+ * PHP Dependency Parser
3
+ * Parses composer.json and composer.lock
4
+ */
5
+
6
+ import { BaseDependencyParser } from '../base';
7
+ import {
8
+ DependencyManifest,
9
+ ManifestFileType,
10
+ PackageEcosystem,
11
+ Dependency
12
+ } from '../../types';
13
+
14
+ /**
15
+ * composer.json structure
16
+ */
17
+ interface ComposerJson {
18
+ name?: string;
19
+ version?: string;
20
+ require?: Record<string, string>;
21
+ 'require-dev'?: Record<string, string>;
22
+ scripts?: Record<string, string | string[]>;
23
+ }
24
+
25
+ /**
26
+ * composer.lock structure
27
+ */
28
+ interface ComposerLock {
29
+ packages?: ComposerPackage[];
30
+ 'packages-dev'?: ComposerPackage[];
31
+ }
32
+
33
+ interface ComposerPackage {
34
+ name: string;
35
+ version: string;
36
+ require?: Record<string, string>;
37
+ 'require-dev'?: Record<string, string>;
38
+ type?: string;
39
+ license?: string | string[];
40
+ abandoned?: boolean | string;
41
+ }
42
+
43
+ /**
44
+ * PHP Dependency Parser
45
+ */
46
+ export class PHPDependencyParser extends BaseDependencyParser {
47
+ name = 'PHP Dependency Parser';
48
+ supportedFiles: ManifestFileType[] = ['composer.json', 'composer.lock'];
49
+ ecosystem: PackageEcosystem = 'composer';
50
+
51
+ /**
52
+ * Parse manifest file
53
+ */
54
+ async parse(filePath: string, content: string): Promise<DependencyManifest> {
55
+ this.logParsing(filePath);
56
+
57
+ const fileName = filePath.split(/[/\\]/).pop() || '';
58
+ const dependencies: Dependency[] = [];
59
+ const parseErrors: string[] = [];
60
+
61
+ try {
62
+ if (fileName === 'composer.json') {
63
+ dependencies.push(...this.parseComposerJson(content, filePath, parseErrors));
64
+ } else if (fileName === 'composer.lock') {
65
+ dependencies.push(...this.parseComposerLock(content, filePath, parseErrors));
66
+ }
67
+ } catch (error) {
68
+ const errorMsg = error instanceof Error ? error.message : String(error);
69
+ parseErrors.push(`Failed to parse ${fileName}: ${errorMsg}`);
70
+ this.logError(filePath, errorMsg);
71
+ }
72
+
73
+ return {
74
+ filePath,
75
+ fileType: fileName as ManifestFileType,
76
+ ecosystem: this.ecosystem,
77
+ dependencies,
78
+ parseErrors: parseErrors.length > 0 ? parseErrors : undefined,
79
+ isLockFile: fileName === 'composer.lock'
80
+ };
81
+ }
82
+
83
+ /**
84
+ * Parse composer.json
85
+ */
86
+ private parseComposerJson(content: string, filePath: string, errors: string[]): Dependency[] {
87
+ const dependencies: Dependency[] = [];
88
+
89
+ let composer: ComposerJson;
90
+ try {
91
+ composer = JSON.parse(content);
92
+ } catch (e) {
93
+ errors.push('Invalid JSON in composer.json');
94
+ return dependencies;
95
+ }
96
+
97
+ // Parse require
98
+ if (composer.require) {
99
+ for (const [name, version] of Object.entries(composer.require)) {
100
+ // Skip PHP and extensions
101
+ if (name === 'php' || name.startsWith('ext-')) continue;
102
+
103
+ dependencies.push(this.createDependency(name, version, filePath, {
104
+ dependencyType: 'direct'
105
+ }));
106
+ }
107
+ }
108
+
109
+ // Parse require-dev
110
+ if (composer['require-dev']) {
111
+ for (const [name, version] of Object.entries(composer['require-dev'])) {
112
+ // Skip PHP and extensions
113
+ if (name === 'php' || name.startsWith('ext-')) continue;
114
+
115
+ dependencies.push(this.createDependency(name, version, filePath, {
116
+ dependencyType: 'dev'
117
+ }));
118
+ }
119
+ }
120
+
121
+ return dependencies;
122
+ }
123
+
124
+ /**
125
+ * Parse composer.lock
126
+ */
127
+ private parseComposerLock(content: string, filePath: string, errors: string[]): Dependency[] {
128
+ const dependencies: Dependency[] = [];
129
+
130
+ let lockFile: ComposerLock;
131
+ try {
132
+ lockFile = JSON.parse(content);
133
+ } catch (e) {
134
+ errors.push('Invalid JSON in composer.lock');
135
+ return dependencies;
136
+ }
137
+
138
+ // Parse packages
139
+ if (lockFile.packages) {
140
+ for (const pkg of lockFile.packages) {
141
+ dependencies.push(this.createDependency(pkg.name, pkg.version, filePath, {
142
+ dependencyType: 'direct',
143
+ resolvedVersion: pkg.version,
144
+ license: Array.isArray(pkg.license) ? pkg.license[0] : pkg.license,
145
+ deprecated: typeof pkg.abandoned === 'boolean' ? pkg.abandoned : !!pkg.abandoned,
146
+ deprecationMessage: typeof pkg.abandoned === 'string' ? pkg.abandoned : undefined
147
+ }));
148
+ }
149
+ }
150
+
151
+ // Parse packages-dev
152
+ if (lockFile['packages-dev']) {
153
+ for (const pkg of lockFile['packages-dev']) {
154
+ dependencies.push(this.createDependency(pkg.name, pkg.version, filePath, {
155
+ dependencyType: 'dev',
156
+ resolvedVersion: pkg.version,
157
+ license: Array.isArray(pkg.license) ? pkg.license[0] : pkg.license,
158
+ deprecated: typeof pkg.abandoned === 'boolean' ? pkg.abandoned : !!pkg.abandoned,
159
+ deprecationMessage: typeof pkg.abandoned === 'string' ? pkg.abandoned : undefined
160
+ }));
161
+ }
162
+ }
163
+
164
+ return dependencies;
165
+ }
166
+
167
+ /**
168
+ * Check for dangerous scripts in composer.json
169
+ */
170
+ detectDangerousScripts(content: string): { script: string; command: string }[] {
171
+ const dangerous: { script: string; command: string }[] = [];
172
+
173
+ try {
174
+ const composer: ComposerJson = JSON.parse(content);
175
+ if (!composer.scripts) return dangerous;
176
+
177
+ const dangerousPatterns = [
178
+ /curl\s+.*\|\s*(bash|sh|php)/i,
179
+ /wget\s+.*\|\s*(bash|sh|php)/i,
180
+ /eval\s*\(/i,
181
+ /base64_decode/i,
182
+ /system\s*\(/i,
183
+ /exec\s*\(/i,
184
+ /shell_exec/i,
185
+ /passthru/i,
186
+ /proc_open/i,
187
+ ];
188
+
189
+ for (const [script, command] of Object.entries(composer.scripts)) {
190
+ const commands = Array.isArray(command) ? command : [command];
191
+ for (const cmd of commands) {
192
+ for (const pattern of dangerousPatterns) {
193
+ if (pattern.test(cmd)) {
194
+ dangerous.push({ script, command: cmd });
195
+ break;
196
+ }
197
+ }
198
+ }
199
+ }
200
+ } catch {
201
+ // Ignore parse errors
202
+ }
203
+
204
+ return dangerous;
205
+ }
206
+ }
207
+
208
+ export default PHPDependencyParser;
package/src/dependencies/parsers/python/index.ts ADDED
@@ -0,0 +1,6 @@
1
+ /**
2
+ * Python Parser Module Exports
3
+ */
4
+
5
+ export * from './pythonParser';
6
+ export { default as PythonDependencyParser } from './pythonParser';