npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/rules/malware/index.ts ADDED Viewed

@@ -0,0 +1,928 @@
+/**
+ * @fileoverview Malware Detection Module - Main Entry Point
+ * @module rules/malware
+ *
+ * Enterprise-grade malware detection system with:
+ * - Multi-pattern detection (Regex, AST, Heuristic, Semantic)
+ * - Dynamic scoring with MITRE ATT&CK integration
+ * - 60+ comprehensive rules across 7 categories
+ * - Support for 13 programming languages
+ * - ReDoS protection and timeout safeguards
+ * - Obfuscation detection and entropy analysis
+ *
+ * @example
+ * ```typescript
+ * import { MalwareRuleEngine, createMalwareEngine } from './rules/malware';
+ *
+ * // Create engine with all rules
+ * const engine = createMalwareEngine();
+ *
+ * // Analyze code
+ * const findings = await engine.analyze(code, {
+ *   filePath: 'suspicious.js',
+ *   language: 'javascript'
+ * });
+ *
+ * // Check results
+ * findings.forEach(finding => {
+ *   console.log(`${finding.severity}: ${finding.ruleName}`);
+ *   console.log(`Score: ${finding.score.totalScore}/100`);
+ * });
+ * ```
+ */
+// ============================================================================
+// LEGACY TYPE COMPATIBILITY
+// ============================================================================
+import { Rule, Severity, ThreatType, FindingCategory } from '../../types';
+import { getStandardsForThreat } from '../standards';
+// ============================================================================
+// NEW TYPE EXPORTS
+// ============================================================================
+export * from './types';
+// ============================================================================
+// UTILITY EXPORTS
+// ============================================================================
+export {
+  calculateEntropy,
+  analyzeEntropyByLine,
+  normalizeCode,
+  detectObfuscationLevel,
+  detectAntiDebugging,
+  detectEnvironmentChecks,
+  safeRegexMatch,
+  extractSnippet,
+  analyzeBase64Content,
+  extractSuspiciousStrings
+} from './utils';
+// ============================================================================
+// CONSTANTS EXPORTS
+// ============================================================================
+export {
+  SCORE_THRESHOLDS,
+  ENTROPY_THRESHOLDS,
+  LIMITS,
+  OBFUSCATION_INDICATORS,
+  SUSPICIOUS_HOSTS,
+  CRYPTO_INDICATORS,
+  DANGEROUS_FUNCTIONS,
+  MITRE_TECHNIQUES
+} from './constants';
+// ============================================================================
+// SCORING EXPORTS
+// ============================================================================
+export { MalwareScoreCalculator } from './scoring';
+// ============================================================================
+// ENGINE EXPORTS
+// ============================================================================
+export {
+  MalwareRuleEngine,
+  PatternMatcher,
+  createDefaultEngine,
+  quickScan,
+  EngineOptions
+} from './engine';
+// ============================================================================
+// RULE CATEGORY EXPORTS
+// ============================================================================
+import { backdoorRules as newBackdoorRules } from './categories/backdoors';
+import { cryptominerRules as newCryptominerRules } from './categories/cryptominers';
+import { keyloggerRules as newKeyloggerRules } from './categories/keyloggers';
+import { exfiltrationRules as newExfiltrationRules } from './categories/exfiltration';
+import { obfuscationRules as newObfuscationRules } from './categories/obfuscation';
+import { loaderRules as newLoaderRules } from './categories/loaders';
+import { networkRules as newNetworkRules } from './categories/network';
+export {
+  newBackdoorRules as backdoorRulesV2,
+  newCryptominerRules as cryptominerRulesV2,
+  newKeyloggerRules as keyloggerRulesV2,
+  newExfiltrationRules as exfiltrationRulesV2,
+  newObfuscationRules as obfuscationRulesV2,
+  newLoaderRules as loaderRulesV2,
+  newNetworkRules as networkRulesV2
+};
+// ============================================================================
+// AGGREGATED RULE SETS
+// ============================================================================
+import { MalwareRule } from './types';
+/**
+ * All malware detection rules (60+ rules)
+ */
+export const allMalwareRules: MalwareRule[] = [
+  ...newBackdoorRules,        // 10 rules
+  ...newCryptominerRules,     // 11 rules
+  ...newKeyloggerRules,       // 12 rules
+  ...newExfiltrationRules,    // 15 rules
+  ...newObfuscationRules,     // 14 rules
+  ...newLoaderRules,          // 9 rules
+  ...newNetworkRules          // 10 rules
+];
+/**
+ * Critical severity rules only
+ */
+export const criticalRules: MalwareRule[] = allMalwareRules.filter(
+  rule => rule.severity === 'critical'
+);
+/**
+ * High confidence rules only
+ */
+export const highConfidenceRules: MalwareRule[] = allMalwareRules.filter(
+  rule => rule.confidence === 'high'
+);
+// ============================================================================
+// ENGINE FACTORY FUNCTIONS
+// ============================================================================
+import { MalwareRuleEngine, EngineOptions } from './engine';
+import { AnalysisOptions } from './types';
+/**
+ * Create a fully configured malware detection engine with all rules
+ *
+ * @param options - Optional analysis configuration
+ * @returns Configured MalwareRuleEngine instance
+ *
+ * @example
+ * ```typescript
+ * const engine = createMalwareEngine({
+ *   enableHeuristics: true,
+ *   enableAstAnalysis: true,
+ *   minConfidence: 0.5
+ * });
+ * ```
+ */
+export function createMalwareEngine(
+  options?: Partial<EngineOptions>
+): MalwareRuleEngine {
+  return new MalwareRuleEngine(allMalwareRules, options);
+}
+/**
+ * Create an engine with only critical severity rules
+ *
+ * @param options - Optional analysis configuration
+ * @returns MalwareRuleEngine with critical rules only
+ */
+export function createCriticalOnlyEngine(
+  options?: Partial<EngineOptions>
+): MalwareRuleEngine {
+  return new MalwareRuleEngine(criticalRules, options);
+}
+/**
+ * Create an engine with custom rule subset
+ *
+ * @param rules - Array of rules to include
+ * @param options - Optional analysis configuration
+ * @returns MalwareRuleEngine with specified rules
+ */
+export function createCustomEngine(
+  rules: MalwareRule[],
+  options?: Partial<EngineOptions>
+): MalwareRuleEngine {
+  return new MalwareRuleEngine(rules, options);
+}
+// ============================================================================
+// CONVENIENCE FUNCTIONS
+// ============================================================================
+import { MalwareFinding, AnalysisContext, SupportedLanguage } from './types';
+/**
+ * Quick malware scan with default settings
+ *
+ * @param code - Code to analyze
+ * @param language - Programming language
+ * @returns Scan results with malicious status
+ *
+ * @example
+ * ```typescript
+ * const result = await scanForMalware(suspiciousCode, 'javascript');
+ * if (result.isMalicious) {
+ *   console.log(`Malware detected! Score: ${result.score}`);
+ *   result.findings.forEach(f => console.log(f.ruleName));
+ * }
+ * ```
+ */
+export async function scanForMalware(
+  code: string,
+  language?: string
+): Promise<{
+  isMalicious: boolean;
+  score: number;
+  severity: 'critical' | 'high' | 'medium' | 'low' | 'clean';
+  findings: MalwareFinding[];
+  summary: {
+    totalFindings: number;
+    criticalCount: number;
+    highCount: number;
+  };
+}> {
+  const engine = createMalwareEngine();
+  const context: AnalysisContext = {
+    filePath: 'scan',
+    content: code,
+    language: (language as SupportedLanguage) ?? SupportedLanguage.JAVASCRIPT
+  };
+  const findings = await engine.analyze(context);
+  const maxScore = findings.length > 0
+    ? Math.max(...findings.map(f => f.malwareScore.score))
+    : 0;
+  const criticalCount = findings.filter(f => f.severity === 'critical').length;
+  const highCount = findings.filter(f => f.severity === 'high').length;
+  let severity: 'critical' | 'high' | 'medium' | 'low' | 'clean';
+  if (maxScore >= 85) severity = 'critical';
+  else if (maxScore >= 65) severity = 'high';
+  else if (maxScore >= 40) severity = 'medium';
+  else if (maxScore >= 20) severity = 'low';
+  else severity = 'clean';
+  return {
+    isMalicious: maxScore >= 40, // Medium threshold
+    score: maxScore,
+    severity,
+    findings,
+    summary: {
+      totalFindings: findings.length,
+      criticalCount,
+      highCount
+    }
+  };
+}
+/**
+ * Check if code contains specific malware category
+ *
+ * @param code - Code to analyze
+ * @param category - Malware category to check
+ * @param language - Programming language
+ * @returns True if category detected
+ *
+ * @example
+ * ```typescript
+ * const hasBackdoor = await hasMalwareCategory(code, 'backdoor', 'javascript');
+ * ```
+ */
+export async function hasMalwareCategory(
+  code: string,
+  category: 'backdoor' | 'cryptominer' | 'keylogger' | 'exfiltration' | 'obfuscation' | 'loader' | 'network',
+  language?: string
+): Promise<boolean> {
+  let rules: MalwareRule[];
+  switch (category) {
+    case 'backdoor':
+      rules = newBackdoorRules;
+      break;
+    case 'cryptominer':
+      rules = newCryptominerRules;
+      break;
+    case 'keylogger':
+      rules = newKeyloggerRules;
+      break;
+    case 'exfiltration':
+      rules = newExfiltrationRules;
+      break;
+    case 'obfuscation':
+      rules = newObfuscationRules;
+      break;
+    case 'loader':
+      rules = newLoaderRules;
+      break;
+    case 'network':
+      rules = newNetworkRules;
+      break;
+  }
+  const engine = new MalwareRuleEngine(rules);
+  const context: AnalysisContext = {
+    filePath: 'scan',
+    content: code,
+    language: (language as SupportedLanguage) ?? SupportedLanguage.JAVASCRIPT
+  };
+  const findings = await engine.analyze(context);
+  return findings.length > 0;
+}
+/**
+ * Analyze code and generate detailed report
+ *
+ * @param code - Code to analyze
+ * @param filePath - File path for context
+ * @param language - Programming language
+ * @returns Detailed analysis report
+ */
+export async function generateMalwareReport(
+  code: string,
+  filePath: string,
+  language?: string
+): Promise<{
+  filePath: string;
+  language?: string;
+  timestamp: Date;
+  findings: MalwareFinding[];
+  summary: {
+    totalFindings: number;
+    bySeverity: Record<string, number>;
+    byCategory: Record<string, number>;
+    highestScore: number;
+    isMalicious: boolean;
+  };
+  mitreAttack: Array<{
+    tactic: string;
+    technique: string;
+    count: number;
+  }>;
+  recommendations: string[];
+}> {
+  const engine = createMalwareEngine();
+  const context: AnalysisContext = {
+    filePath,
+    content: code,
+    language: (language as SupportedLanguage) ?? SupportedLanguage.JAVASCRIPT
+  };
+  const findings = await engine.analyze(context);
+  const summary = engine.generateSummary(findings);
+  // Aggregate MITRE ATT&CK techniques
+  const mitreTechniques = new Map<string, { tactic: string; technique: string; count: number }>();
+  for (const finding of findings) {
+    if (finding.mitreAttack) {
+      for (const mitre of finding.mitreAttack) {
+        const key = `${mitre.tacticId}-${mitre.techniqueId}`;
+        const existing = mitreTechniques.get(key);
+        if (existing) {
+          existing.count++;
+        } else {
+          mitreTechniques.set(key, {
+            tactic: mitre.tacticName,
+            technique: mitre.techniqueName,
+            count: 1
+          });
+        }
+      }
+    }
+  }
+  // Generate recommendations
+  const recommendations: string[] = [];
+  if (summary.criticalCount > 0) {
+    recommendations.push('URGENT: Critical malware detected. Isolate and analyze immediately.');
+  }
+  if (summary.bySeverity['high'] > 0) {
+    recommendations.push('High severity threats found. Review and remove malicious code.');
+  }
+  if (findings.some(f => String(f.threatType).includes('backdoor'))) {
+    recommendations.push('Backdoor detected. Check for unauthorized access and reset credentials.');
+  }
+  if (findings.some(f => String(f.threatType).includes('exfiltration'))) {
+    recommendations.push('Data exfiltration detected. Investigate what data may have been stolen.');
+  }
+  if (findings.some(f => String(f.category) === 'obfuscation')) {
+    recommendations.push('Obfuscation detected. Use deobfuscation tools to analyze intent.');
+  }
+  // Calculate by category
+  const byCategory: Record<string, number> = {};
+  for (const finding of findings) {
+    byCategory[finding.category] = (byCategory[finding.category] || 0) + 1;
+  }
+  return {
+    filePath,
+    language,
+    timestamp: new Date(),
+    findings,
+    summary: {
+      ...summary,
+      byCategory,
+      isMalicious: summary.highestScore >= 40
+    },
+    mitreAttack: Array.from(mitreTechniques.values()),
+    recommendations
+  };
+}
+// ============================================================================
+// MODULE METADATA
+// ============================================================================
+export const MALWARE_MODULE_INFO = {
+  version: '2.0.0',
+  totalRules: allMalwareRules.length,
+  categories: [
+    'backdoors',
+    'cryptominers',
+    'keyloggers',
+    'exfiltration',
+    'obfuscation',
+    'loaders',
+    'network'
+  ],
+  supportedLanguages: [
+    'javascript',
+    'typescript',
+    'python',
+    'php',
+    'c',
+    'cpp',
+    'csharp',
+    'java',
+    'ruby',
+    'go',
+    'rust',
+    'shell',
+    'powershell'
+  ],
+  features: [
+    'Multi-pattern detection (Regex, AST, Heuristic, Semantic)',
+    'Dynamic malware scoring (0-100)',
+    'MITRE ATT&CK framework integration',
+    'Obfuscation and entropy analysis',
+    'ReDoS protection',
+    'Concurrent file analysis',
+    'Detailed remediation steps',
+    'False positive reduction'
+  ]
+};
+/**
+ * Get module information
+ */
+export function getModuleInfo(): typeof MALWARE_MODULE_INFO {
+  return MALWARE_MODULE_INFO;
+}
+// ============================================================================
+// LEGACY COMPATIBILITY - ORIGINAL RULES
+// ============================================================================
+/**
+ * Backdoor Detection Rules
+ */
+const backdoorRules: Rule[] = [
+  {
+    id: 'MAL-BACK-001',
+    name: 'Potential Backdoor - Reverse Shell',
+    description: 'Code pattern consistent with a reverse shell detected. This allows remote attackers to gain shell access to the system.',
+    languages: ['javascript', 'typescript', 'python', 'php', 'c', 'cpp', 'csharp'],
+    threatType: ThreatType.REVERSE_SHELL,
+    category: FindingCategory.MALWARE,
+    severity: Severity.CRITICAL,
+    standards: getStandardsForThreat(ThreatType.REVERSE_SHELL),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: 'socket\\.(?:connect|create_connection)\\s*\\([^)]*\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: '\\/bin\\/(?:bash|sh)\\s+-i',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'nc\\s+-e\\s+\\/bin\\/(?:bash|sh)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'subprocess\\.(?:Popen|call).*(?:bash|sh|cmd)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'dup2\\s*\\(.*(?:STDIN|STDOUT|STDERR)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'CreateProcess.*cmd\\.exe',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'This code appears to implement a reverse shell backdoor. Remove immediately and investigate how this code was introduced. Audit all recent commits and contributor access.',
+    enabled: true,
+    tags: ['backdoor', 'reverse-shell', 'malware', 'critical']
+  },
+  {
+    id: 'MAL-BACK-002',
+    name: 'Web Shell Pattern',
+    description: 'Code pattern consistent with a web shell detected. Web shells provide attackers with remote command execution via web interface.',
+    languages: ['php', 'python', 'javascript', 'typescript'],
+    threatType: ThreatType.BACKDOOR,
+    category: FindingCategory.MALWARE,
+    severity: Severity.CRITICAL,
+    standards: getStandardsForThreat(ThreatType.BACKDOOR),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: '\\$_(?:GET|POST|REQUEST)\\s*\\[[\'"][^\'"]+[\'"]\\s*\\].*(?:exec|system|passthru|shell_exec|eval)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'eval\\s*\\(\\s*(?:base64_decode|gzinflate|str_rot13)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'assert\\s*\\(\\s*\\$_',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'preg_replace\\s*\\([^)]*\\/e[\'"]',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'This appears to be a web shell. Remove immediately. Investigate system for other compromises. Check web server logs for unauthorized access.',
+    enabled: true,
+    tags: ['webshell', 'backdoor', 'rce', 'critical']
+  }
+];
+/**
+ * Cryptominer Detection Rules
+ */
+const cryptominerRules: Rule[] = [
+  {
+    id: 'MAL-CRYPT-001',
+    name: 'Cryptocurrency Mining Code',
+    description: 'Code patterns associated with cryptocurrency mining detected. This may indicate unauthorized use of computing resources.',
+    languages: ['javascript', 'typescript', 'python', 'php'],
+    threatType: ThreatType.CRYPTOMINER,
+    category: FindingCategory.MALWARE,
+    severity: Severity.HIGH,
+    standards: getStandardsForThreat(ThreatType.CRYPTOMINER),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: 'coinhive|cryptoloot|coin-hive|coinimp|cryptonight',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'stratum\\+tcp:\\/\\/',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'xmrig|xmr-stak|minerd|cgminer',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'CryptoNight|RandomX|Ethash',
+        flags: 'g'
+      },
+      {
+        type: 'regex',
+        pattern: 'miner\\.(?:start|stop|mine)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'hashrate|nonce.*difficulty',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'Remove cryptocurrency mining code immediately. This is resource theft. Investigate how this code was introduced and review access controls.',
+    enabled: true,
+    tags: ['cryptominer', 'resource-abuse', 'malware']
+  }
+];
+/**
+ * Keylogger Detection Rules
+ */
+const keyloggerRules: Rule[] = [
+  {
+    id: 'MAL-KEY-001',
+    name: 'Potential Keylogger',
+    description: 'Code pattern consistent with keylogging behavior detected. Keyloggers capture and potentially exfiltrate user keystrokes.',
+    languages: ['javascript', 'typescript', 'python', 'csharp', 'c', 'cpp'],
+    threatType: ThreatType.KEYLOGGER,
+    category: FindingCategory.MALWARE,
+    severity: Severity.CRITICAL,
+    standards: getStandardsForThreat(ThreatType.KEYLOGGER),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: 'addEventListener\\s*\\([\'"]key(?:down|up|press)[\'"]',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'onkey(?:down|up|press)\\s*=',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'pynput\\.keyboard\\.Listener',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'GetAsyncKeyState|SetWindowsHookEx.*WH_KEYBOARD',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'keyboard\\.on_(?:press|release)',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'This code captures keyboard input. If not intentional for legitimate purposes (like accessibility), remove immediately and investigate.',
+    enabled: true,
+    tags: ['keylogger', 'spyware', 'malware', 'critical']
+  }
+];
+/**
+ * Data Exfiltration Detection Rules
+ */
+const exfiltrationRules: Rule[] = [
+  {
+    id: 'MAL-EXFIL-001',
+    name: 'Suspicious Data Exfiltration',
+    description: 'Code pattern suggests collection and transmission of sensitive data to external endpoints.',
+    languages: ['javascript', 'typescript', 'python', 'php'],
+    threatType: ThreatType.DATA_EXFILTRATION,
+    category: FindingCategory.MALWARE,
+    severity: Severity.CRITICAL,
+    standards: getStandardsForThreat(ThreatType.DATA_EXFILTRATION),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: 'document\\.cookie.*(?:fetch|XMLHttpRequest|ajax|axios)',
+        flags: 'gis'
+      },
+      {
+        type: 'regex',
+        pattern: 'localStorage.*(?:fetch|XMLHttpRequest|ajax)',
+        flags: 'gis'
+      },
+      {
+        type: 'regex',
+        pattern: '(?:password|credit|ssn|secret).*(?:http|fetch|post)',
+        flags: 'gis'
+      },
+      {
+        type: 'regex',
+        pattern: 'navigator\\.(?:credentials|clipboard).*fetch',
+        flags: 'gis'
+      }
+    ],
+    remediation: 'This code appears to collect and transmit sensitive data. Verify this is intentional and authorized. If not, remove immediately and audit data flows.',
+    enabled: true,
+    tags: ['exfiltration', 'data-theft', 'malware']
+  }
+];
+/**
+ * Obfuscated Code Detection Rules
+ */
+const obfuscationRules: Rule[] = [
+  {
+    id: 'MAL-OBF-001',
+    name: 'Heavily Obfuscated Code',
+    description: 'Code appears to be heavily obfuscated, potentially hiding malicious functionality. Legitimate code rarely requires this level of obfuscation.',
+    languages: ['javascript', 'typescript', 'python', 'php'],
+    threatType: ThreatType.OBFUSCATED_CODE,
+    category: FindingCategory.MALWARE,
+    severity: Severity.HIGH,
+    standards: getStandardsForThreat(ThreatType.OBFUSCATED_CODE),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: '\\\\x[0-9a-f]{2}(?:\\\\x[0-9a-f]{2}){10,}',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: '\\\\u[0-9a-f]{4}(?:\\\\u[0-9a-f]{4}){10,}',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'String\\.fromCharCode\\s*\\([^)]{50,}\\)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'atob\\s*\\([\'"][A-Za-z0-9+/=]{100,}[\'"]\\)',
+        flags: 'g'
+      },
+      {
+        type: 'regex',
+        pattern: 'eval\\s*\\(\\s*(?:atob|Buffer\\.from|unescape)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: '_0x[a-f0-9]{4,}',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'Heavily obfuscated code should be investigated. Deobfuscate and review the actual functionality. Consider removing if source cannot be verified.',
+    enabled: true,
+    tags: ['obfuscation', 'suspicious', 'malware']
+  }
+];
+/**
+ * Embedded Payload Detection Rules
+ */
+const payloadRules: Rule[] = [
+  {
+    id: 'MAL-PAYLOAD-001',
+    name: 'Embedded Binary Payload',
+    description: 'Large base64-encoded or hex-encoded data detected that may contain embedded malware or executable payloads.',
+    languages: ['javascript', 'typescript', 'python', 'php', 'java', 'csharp'],
+    threatType: ThreatType.EMBEDDED_PAYLOAD,
+    category: FindingCategory.MALWARE,
+    severity: Severity.HIGH,
+    standards: getStandardsForThreat(ThreatType.EMBEDDED_PAYLOAD),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: '[\'"][A-Za-z0-9+/]{500,}={0,2}[\'"]',
+        flags: 'g'
+      },
+      {
+        type: 'regex',
+        pattern: '(?:4d5a|7f454c46|cafebabe)[0-9a-f]{100,}',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'base64\\.b64decode\\s*\\([\'"][A-Za-z0-9+/]{200,}',
+        flags: 'g'
+      }
+    ],
+    remediation: 'Large embedded binary data should be investigated. Extract and analyze the payload. If legitimate, document its purpose; otherwise, remove.',
+    enabled: true,
+    tags: ['payload', 'binary', 'embedded', 'malware']
+  }
+];
+/**
+ * Suspicious Network Activity Rules
+ */
+const networkRules: Rule[] = [
+  {
+    id: 'MAL-NET-001',
+    name: 'Suspicious External Connection',
+    description: 'Code makes connections to external IP addresses or suspicious domains. This may indicate C2 communication or data exfiltration.',
+    languages: ['javascript', 'typescript', 'python', 'php', 'java', 'csharp'],
+    threatType: ThreatType.SUSPICIOUS_NETWORK,
+    category: FindingCategory.MALWARE,
+    severity: Severity.MEDIUM,
+    standards: getStandardsForThreat(ThreatType.SUSPICIOUS_NETWORK),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: '(?:fetch|axios|request|http).*(?:pastebin|hastebin|ghostbin)',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: '(?:fetch|axios|request).*\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: '\\.(?:onion|bit|i2p)[\\/\\s\\\'\\"]',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'ngrok\\.io|serveo\\.net|localhost\\.run',
+        flags: 'gi'
+      }
+    ],
+    remediation: 'Review all external network connections. Verify destinations are legitimate and authorized. Block unauthorized external communications.',
+    enabled: true,
+    tags: ['network', 'c2', 'suspicious', 'malware']
+  }
+];
+/**
+ * Malicious Loader Detection Rules
+ */
+const loaderRules: Rule[] = [
+  {
+    id: 'MAL-LOAD-001',
+    name: 'Dynamic Code Loading',
+    description: 'Code dynamically loads and executes external content. This is a common technique for loading malware payloads.',
+    languages: ['javascript', 'typescript', 'python', 'php'],
+    threatType: ThreatType.MALICIOUS_LOADER,
+    category: FindingCategory.MALWARE,
+    severity: Severity.HIGH,
+    standards: getStandardsForThreat(ThreatType.MALICIOUS_LOADER),
+    patterns: [
+      {
+        type: 'regex',
+        pattern: 'eval\\s*\\(\\s*(?:fetch|axios|request|http\\.get)',
+        flags: 'gis'
+      },
+      {
+        type: 'regex',
+        pattern: 'document\\.write\\s*\\([\'"]<script[^>]*src=',
+        flags: 'gi'
+      },
+      {
+        type: 'regex',
+        pattern: 'exec\\s*\\(\\s*(?:urllib|requests)\\.get',
+        flags: 'gis'
+      },
+      {
+        type: 'regex',
+        pattern: '\\.createElement\\s*\\([\'"]script[\'"]\\)[\\s\\S]*\\.src\\s*=',
+        flags: 'gim'
+      }
+    ],
+    remediation: 'Dynamic code loading from external sources is dangerous. Use Content Security Policy. Verify all external code sources and use integrity checks.',
+    enabled: true,
+    tags: ['loader', 'dynamic', 'remote-code', 'malware']
+  }
+];
+/**
+ * Export all malware rules (LEGACY COMPATIBILITY)
+ * For backward compatibility with existing codebase
+ */
+export const malwareRules: Rule[] = [
+  ...backdoorRules,
+  ...cryptominerRules,
+  ...keyloggerRules,
+  ...exfiltrationRules,
+  ...obfuscationRules,
+  ...payloadRules,
+  ...networkRules,
+  ...loaderRules
+];
+// ============================================================================
+// DEFAULT EXPORT
+// ============================================================================
+export default {
+  // New Engine API
+  MalwareRuleEngine,
+  createMalwareEngine,
+  createCriticalOnlyEngine,
+  createCustomEngine,
+  // New Rules (v2)
+  allMalwareRules,
+  backdoorRulesV2: newBackdoorRules,
+  cryptominerRules,
+  keyloggerRules,
+  exfiltrationRules,
+  obfuscationRules,
+  loaderRules,
+  networkRules,
+  // Convenience functions
+  scanForMalware,
+  hasMalwareCategory,
+  generateMalwareReport,
+  getModuleInfo,
+  // Legacy compatibility
+  malwareRules,
+  backdoorRules,
+  // Metadata
+  MALWARE_MODULE_INFO
+};