secure-scan 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +564 -0
- package/dist/ai/aiAnalyzer.d.ts +99 -0
- package/dist/ai/aiAnalyzer.d.ts.map +1 -0
- package/dist/ai/aiAnalyzer.js +669 -0
- package/dist/ai/aiAnalyzer.js.map +1 -0
- package/dist/ai/index.d.ts +5 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +21 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.js +53 -0
- package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
- package/dist/analyzers/base/index.d.ts +5 -0
- package/dist/analyzers/base/index.d.ts.map +1 -0
- package/dist/analyzers/base/index.js +21 -0
- package/dist/analyzers/base/index.js.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
- package/dist/analyzers/c-cpp/index.d.ts +5 -0
- package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/index.js +21 -0
- package/dist/analyzers/c-cpp/index.js.map +1 -0
- package/dist/analyzers/core/engine/index.d.ts +5 -0
- package/dist/analyzers/core/engine/index.d.ts.map +1 -0
- package/dist/analyzers/core/engine/index.js +21 -0
- package/dist/analyzers/core/engine/index.js.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.js +173 -0
- package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
- package/dist/analyzers/core/index.d.ts +8 -0
- package/dist/analyzers/core/index.d.ts.map +1 -0
- package/dist/analyzers/core/index.js +24 -0
- package/dist/analyzers/core/index.js.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.js +199 -0
- package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
- package/dist/analyzers/core/scanner/index.d.ts +5 -0
- package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/index.js +21 -0
- package/dist/analyzers/core/scanner/index.js.map +1 -0
- package/dist/analyzers/core/scoring/index.d.ts +5 -0
- package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/index.js +21 -0
- package/dist/analyzers/core/scoring/index.js.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.js +180 -0
- package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
- package/dist/analyzers/core/securityScanner.d.ts +47 -0
- package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
- package/dist/analyzers/core/securityScanner.js +298 -0
- package/dist/analyzers/core/securityScanner.js.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
- package/dist/analyzers/csharp/index.d.ts +5 -0
- package/dist/analyzers/csharp/index.d.ts.map +1 -0
- package/dist/analyzers/csharp/index.js +21 -0
- package/dist/analyzers/csharp/index.js.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.js +182 -0
- package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
- package/dist/analyzers/iac/index.d.ts +5 -0
- package/dist/analyzers/iac/index.d.ts.map +1 -0
- package/dist/analyzers/iac/index.js +21 -0
- package/dist/analyzers/iac/index.js.map +1 -0
- package/dist/analyzers/index.d.ts +30 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +80 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/java/index.d.ts +5 -0
- package/dist/analyzers/java/index.d.ts.map +1 -0
- package/dist/analyzers/java/index.js +21 -0
- package/dist/analyzers/java/index.js.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.js +224 -0
- package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/astUtils.d.ts +170 -0
- package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
- package/dist/analyzers/javascript/astUtils.js +700 -0
- package/dist/analyzers/javascript/astUtils.js.map +1 -0
- package/dist/analyzers/javascript/index.d.ts +18 -0
- package/dist/analyzers/javascript/index.d.ts.map +1 -0
- package/dist/analyzers/javascript/index.js +50 -0
- package/dist/analyzers/javascript/index.js.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.js +616 -0
- package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
- package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
- package/dist/analyzers/php/index.d.ts +5 -0
- package/dist/analyzers/php/index.d.ts.map +1 -0
- package/dist/analyzers/php/index.js +21 -0
- package/dist/analyzers/php/index.js.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.js +202 -0
- package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
- package/dist/analyzers/python/index.d.ts +5 -0
- package/dist/analyzers/python/index.d.ts.map +1 -0
- package/dist/analyzers/python/index.js +21 -0
- package/dist/analyzers/python/index.js.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.js +226 -0
- package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
- package/dist/cli/index.d.ts +7 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +281 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/engine/index.d.ts +5 -0
- package/dist/core/engine/index.d.ts.map +1 -0
- package/dist/core/engine/index.js +21 -0
- package/dist/core/engine/index.js.map +1 -0
- package/dist/core/engine/ruleEngine.d.ts +46 -0
- package/dist/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/core/engine/ruleEngine.js +173 -0
- package/dist/core/engine/ruleEngine.js.map +1 -0
- package/dist/core/index.d.ts +8 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +24 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/scanner/fileScanner.d.ts +31 -0
- package/dist/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/core/scanner/fileScanner.js +199 -0
- package/dist/core/scanner/fileScanner.js.map +1 -0
- package/dist/core/scanner/index.d.ts +5 -0
- package/dist/core/scanner/index.d.ts.map +1 -0
- package/dist/core/scanner/index.js +21 -0
- package/dist/core/scanner/index.js.map +1 -0
- package/dist/core/scoring/index.d.ts +5 -0
- package/dist/core/scoring/index.d.ts.map +1 -0
- package/dist/core/scoring/index.js +21 -0
- package/dist/core/scoring/index.js.map +1 -0
- package/dist/core/scoring/riskScoring.d.ts +49 -0
- package/dist/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/core/scoring/riskScoring.js +180 -0
- package/dist/core/scoring/riskScoring.js.map +1 -0
- package/dist/core/securityScanner.d.ts +47 -0
- package/dist/core/securityScanner.d.ts.map +1 -0
- package/dist/core/securityScanner.js +298 -0
- package/dist/core/securityScanner.js.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
- package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/database/cveDatabase.d.ts +32 -0
- package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
- package/dist/dependencies/database/cveDatabase.js +393 -0
- package/dist/dependencies/database/cveDatabase.js.map +1 -0
- package/dist/dependencies/database/index.d.ts +6 -0
- package/dist/dependencies/database/index.d.ts.map +1 -0
- package/dist/dependencies/database/index.js +22 -0
- package/dist/dependencies/database/index.js.map +1 -0
- package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
- package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
- package/dist/dependencies/database/maliciousPackages.js +279 -0
- package/dist/dependencies/database/maliciousPackages.js.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.js +349 -0
- package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/detectors/index.d.ts +7 -0
- package/dist/dependencies/detectors/index.d.ts.map +1 -0
- package/dist/dependencies/detectors/index.js +28 -0
- package/dist/dependencies/detectors/index.js.map +1 -0
- package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
- package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
- package/dist/dependencies/detectors/securityStandards.js +178 -0
- package/dist/dependencies/detectors/securityStandards.js.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
- package/dist/dependencies/index.d.ts +14 -0
- package/dist/dependencies/index.d.ts.map +1 -0
- package/dist/dependencies/index.js +43 -0
- package/dist/dependencies/index.js.map +1 -0
- package/dist/dependencies/installed/index.d.ts +8 -0
- package/dist/dependencies/installed/index.d.ts.map +1 -0
- package/dist/dependencies/installed/index.js +24 -0
- package/dist/dependencies/installed/index.js.map +1 -0
- package/dist/dependencies/installed/installedScanner.d.ts +91 -0
- package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
- package/dist/dependencies/installed/installedScanner.js +766 -0
- package/dist/dependencies/installed/installedScanner.js.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.js +480 -0
- package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
- package/dist/dependencies/installed/types.d.ts +274 -0
- package/dist/dependencies/installed/types.d.ts.map +1 -0
- package/dist/dependencies/installed/types.js +7 -0
- package/dist/dependencies/installed/types.js.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.js +80 -0
- package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
- package/dist/dependencies/parsers/base/index.d.ts +6 -0
- package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/index.js +27 -0
- package/dist/dependencies/parsers/base/index.js.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
- package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
- package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
- package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/index.js +27 -0
- package/dist/dependencies/parsers/cpp/index.js.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
- package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
- package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/index.js +27 -0
- package/dist/dependencies/parsers/csharp/index.js.map +1 -0
- package/dist/dependencies/parsers/index.d.ts +24 -0
- package/dist/dependencies/parsers/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/index.js +69 -0
- package/dist/dependencies/parsers/index.js.map +1 -0
- package/dist/dependencies/parsers/java/index.d.ts +6 -0
- package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/index.js +27 -0
- package/dist/dependencies/parsers/java/index.js.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.js +168 -0
- package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
- package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
- package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/index.js +27 -0
- package/dist/dependencies/parsers/javascript/index.js.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
- package/dist/dependencies/parsers/php/index.d.ts +6 -0
- package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/index.js +27 -0
- package/dist/dependencies/parsers/php/index.js.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.js +162 -0
- package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
- package/dist/dependencies/parsers/python/index.d.ts +6 -0
- package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/index.js +27 -0
- package/dist/dependencies/parsers/python/index.js.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.js +336 -0
- package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
- package/dist/dependencies/types.d.ts +280 -0
- package/dist/dependencies/types.d.ts.map +1 -0
- package/dist/dependencies/types.js +59 -0
- package/dist/dependencies/types.js.map +1 -0
- package/dist/i18n/index.d.ts +2 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/translations.d.ts +55 -0
- package/dist/i18n/translations.d.ts.map +1 -0
- package/dist/i18n/translations.js +119 -0
- package/dist/i18n/translations.js.map +1 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -0
- package/dist/reports/dependencyReportGenerator.d.ts +20 -0
- package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
- package/dist/reports/dependencyReportGenerator.js +690 -0
- package/dist/reports/dependencyReportGenerator.js.map +1 -0
- package/dist/reports/htmlReportGenerator.d.ts +43 -0
- package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
- package/dist/reports/htmlReportGenerator.js +793 -0
- package/dist/reports/htmlReportGenerator.js.map +1 -0
- package/dist/reports/index.d.ts +7 -0
- package/dist/reports/index.d.ts.map +1 -0
- package/dist/reports/index.js +23 -0
- package/dist/reports/index.js.map +1 -0
- package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
- package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
- package/dist/reports/installedDepsReportGenerator.js +872 -0
- package/dist/reports/installedDepsReportGenerator.js.map +1 -0
- package/dist/rules/index.d.ts +31 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +95 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/malware/categories/backdoors.d.ts +12 -0
- package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
- package/dist/rules/malware/categories/backdoors.js +163 -0
- package/dist/rules/malware/categories/backdoors.js.map +1 -0
- package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
- package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
- package/dist/rules/malware/categories/cryptominers.js +415 -0
- package/dist/rules/malware/categories/cryptominers.js.map +1 -0
- package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
- package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
- package/dist/rules/malware/categories/exfiltration.js +658 -0
- package/dist/rules/malware/categories/exfiltration.js.map +1 -0
- package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
- package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
- package/dist/rules/malware/categories/keyloggers.js +763 -0
- package/dist/rules/malware/categories/keyloggers.js.map +1 -0
- package/dist/rules/malware/categories/loaders.d.ts +20 -0
- package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
- package/dist/rules/malware/categories/loaders.js +702 -0
- package/dist/rules/malware/categories/loaders.js.map +1 -0
- package/dist/rules/malware/categories/network.d.ts +19 -0
- package/dist/rules/malware/categories/network.d.ts.map +1 -0
- package/dist/rules/malware/categories/network.js +622 -0
- package/dist/rules/malware/categories/network.js.map +1 -0
- package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
- package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
- package/dist/rules/malware/categories/obfuscation.js +766 -0
- package/dist/rules/malware/categories/obfuscation.js.map +1 -0
- package/dist/rules/malware/constants/index.d.ts +281 -0
- package/dist/rules/malware/constants/index.d.ts.map +1 -0
- package/dist/rules/malware/constants/index.js +327 -0
- package/dist/rules/malware/constants/index.js.map +1 -0
- package/dist/rules/malware/engine/index.d.ts +178 -0
- package/dist/rules/malware/engine/index.d.ts.map +1 -0
- package/dist/rules/malware/engine/index.js +552 -0
- package/dist/rules/malware/engine/index.js.map +1 -0
- package/dist/rules/malware/index.d.ts +205 -0
- package/dist/rules/malware/index.d.ts.map +1 -0
- package/dist/rules/malware/index.js +837 -0
- package/dist/rules/malware/index.js.map +1 -0
- package/dist/rules/malware/scoring/index.d.ts +84 -0
- package/dist/rules/malware/scoring/index.d.ts.map +1 -0
- package/dist/rules/malware/scoring/index.js +441 -0
- package/dist/rules/malware/scoring/index.js.map +1 -0
- package/dist/rules/malware/types/index.d.ts +616 -0
- package/dist/rules/malware/types/index.d.ts.map +1 -0
- package/dist/rules/malware/types/index.js +155 -0
- package/dist/rules/malware/types/index.js.map +1 -0
- package/dist/rules/malware/utils/index.d.ts +117 -0
- package/dist/rules/malware/utils/index.d.ts.map +1 -0
- package/dist/rules/malware/utils/index.js +514 -0
- package/dist/rules/malware/utils/index.js.map +1 -0
- package/dist/rules/standards.d.ts +26 -0
- package/dist/rules/standards.d.ts.map +1 -0
- package/dist/rules/standards.js +352 -0
- package/dist/rules/standards.js.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.js +544 -0
- package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.js +581 -0
- package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
- package/dist/rules/vulnerabilities/index.d.ts +148 -0
- package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/index.js +252 -0
- package/dist/rules/vulnerabilities/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
- package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
- package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.js +47 -0
- package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.js +724 -0
- package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.js +414 -0
- package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
- package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
- package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/types/index.js +164 -0
- package/dist/rules/vulnerabilities/types/index.js.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.js +615 -0
- package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
- package/dist/types/index.d.ts +359 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +61 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/index.d.ts +82 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +326 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +40 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +139 -0
- package/dist/utils/logger.js.map +1 -0
- package/docs/ARCHITECTURE.md +320 -0
- package/docs/V1.2.1-IA_Performances.md +116 -0
- package/docs/images/WIN_Defender.png +0 -0
- package/package.json +68 -0
- package/secure-scan.config.json +134 -0
- package/secure-scan.sln +29 -0
- package/src/ai/aiAnalyzer.ts +714 -0
- package/src/ai/index.ts +5 -0
- package/src/analyzers/base/baseAnalyzer.ts +66 -0
- package/src/analyzers/base/index.ts +5 -0
- package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
- package/src/analyzers/c-cpp/index.ts +5 -0
- package/src/analyzers/core/engine/index.ts +5 -0
- package/src/analyzers/core/engine/ruleEngine.ts +221 -0
- package/src/analyzers/core/index.ts +8 -0
- package/src/analyzers/core/scanner/fileScanner.ts +204 -0
- package/src/analyzers/core/scanner/index.ts +5 -0
- package/src/analyzers/core/scoring/index.ts +5 -0
- package/src/analyzers/core/scoring/riskScoring.ts +198 -0
- package/src/analyzers/core/securityScanner.ts +321 -0
- package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
- package/src/analyzers/csharp/index.ts +5 -0
- package/src/analyzers/iac/iacAnalyzer.ts +318 -0
- package/src/analyzers/iac/index.ts +5 -0
- package/src/analyzers/index.ts +67 -0
- package/src/analyzers/java/index.ts +5 -0
- package/src/analyzers/java/javaAnalyzer.ts +320 -0
- package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
- package/src/analyzers/javascript/astUtils.ts +789 -0
- package/src/analyzers/javascript/index.ts +50 -0
- package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
- package/src/analyzers/javascript/malwareDetector.ts +697 -0
- package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
- package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
- package/src/analyzers/php/index.ts +5 -0
- package/src/analyzers/php/phpAnalyzer.ts +280 -0
- package/src/analyzers/python/index.ts +5 -0
- package/src/analyzers/python/pythonAnalyzer.ts +319 -0
- package/src/cli/index.ts +276 -0
- package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
- package/src/dependencies/database/cveDatabase.ts +426 -0
- package/src/dependencies/database/index.ts +6 -0
- package/src/dependencies/database/maliciousPackages.ts +286 -0
- package/src/dependencies/dependencyAnalyzer.ts +394 -0
- package/src/dependencies/detectors/index.ts +7 -0
- package/src/dependencies/detectors/securityStandards.ts +200 -0
- package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
- package/src/dependencies/index.ts +27 -0
- package/src/dependencies/installed/index.ts +8 -0
- package/src/dependencies/installed/installedScanner.ts +821 -0
- package/src/dependencies/installed/malwarePatterns.ts +492 -0
- package/src/dependencies/installed/types.ts +287 -0
- package/src/dependencies/parsers/base/baseParser.ts +108 -0
- package/src/dependencies/parsers/base/index.ts +6 -0
- package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
- package/src/dependencies/parsers/cpp/index.ts +6 -0
- package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
- package/src/dependencies/parsers/csharp/index.ts +6 -0
- package/src/dependencies/parsers/index.ts +56 -0
- package/src/dependencies/parsers/java/index.ts +6 -0
- package/src/dependencies/parsers/java/javaParser.ts +203 -0
- package/src/dependencies/parsers/javascript/index.ts +6 -0
- package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
- package/src/dependencies/parsers/php/index.ts +6 -0
- package/src/dependencies/parsers/php/phpParser.ts +208 -0
- package/src/dependencies/parsers/python/index.ts +6 -0
- package/src/dependencies/parsers/python/pythonParser.ts +437 -0
- package/src/dependencies/types.ts +330 -0
- package/src/i18n/index.ts +1 -0
- package/src/i18n/translations.ts +194 -0
- package/src/index.ts +16 -0
- package/src/reports/dependencyReportGenerator.ts +717 -0
- package/src/reports/htmlReportGenerator.ts +781 -0
- package/src/reports/index.ts +7 -0
- package/src/reports/installedDepsReportGenerator.ts +899 -0
- package/src/rules/index.ts +58 -0
- package/src/rules/malware/INFO.md +287 -0
- package/src/rules/malware/categories/backdoors.ts +174 -0
- package/src/rules/malware/categories/cryptominers.ts +434 -0
- package/src/rules/malware/categories/exfiltration.ts +677 -0
- package/src/rules/malware/categories/keyloggers.ts +780 -0
- package/src/rules/malware/categories/loaders.ts +721 -0
- package/src/rules/malware/categories/network.ts +639 -0
- package/src/rules/malware/categories/obfuscation.ts +788 -0
- package/src/rules/malware/constants/index.ts +358 -0
- package/src/rules/malware/engine/index.ts +758 -0
- package/src/rules/malware/index.ts +928 -0
- package/src/rules/malware/scoring/index.ts +549 -0
- package/src/rules/malware/types/index.ts +752 -0
- package/src/rules/malware/utils/index.ts +643 -0
- package/src/rules/standards.ts +372 -0
- package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
- package/src/rules/vulnerabilities/constants/index.ts +625 -0
- package/src/rules/vulnerabilities/engine/index.ts +831 -0
- package/src/rules/vulnerabilities/index.ts +312 -0
- package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
- package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
- package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
- package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
- package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
- package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
- package/src/rules/vulnerabilities/rules/index.ts +17 -0
- package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
- package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
- package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
- package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
- package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
- package/src/rules/vulnerabilities/rules/xss.ts +753 -0
- package/src/rules/vulnerabilities/scoring/index.ts +543 -0
- package/src/rules/vulnerabilities/types/index.ts +1004 -0
- package/src/rules/vulnerabilities/utils/index.ts +709 -0
- package/src/types/index.ts +391 -0
- package/src/utils/index.ts +306 -0
- package/src/utils/logger.ts +150 -0
- package/test-installed-scanner.ts +136 -0
- package/tsconfig.json +30 -0
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Package.json Security Analyzer
|
|
3
|
+
* Deep analysis of npm package manifests for supply chain threats
|
|
4
|
+
*
|
|
5
|
+
* Detects typosquatting, malicious scripts, suspicious dependencies
|
|
6
|
+
*/
|
|
7
|
+
import { Severity, ThreatType, FindingCategory } from '../../types';
|
|
8
|
+
/**
|
|
9
|
+
* Package.json analysis finding
|
|
10
|
+
*/
|
|
11
|
+
export interface PackageJsonFinding {
|
|
12
|
+
/** Finding type */
|
|
13
|
+
type: PackageJsonFindingType;
|
|
14
|
+
/** Finding name */
|
|
15
|
+
name: string;
|
|
16
|
+
/** Description */
|
|
17
|
+
description: string;
|
|
18
|
+
/** Severity */
|
|
19
|
+
severity: Severity;
|
|
20
|
+
/** Threat type */
|
|
21
|
+
threatType: ThreatType;
|
|
22
|
+
/** Category */
|
|
23
|
+
category: FindingCategory;
|
|
24
|
+
/** Affected field */
|
|
25
|
+
field: string;
|
|
26
|
+
/** Value that triggered the finding */
|
|
27
|
+
value: string;
|
|
28
|
+
/** Confidence 0-100 */
|
|
29
|
+
confidence: number;
|
|
30
|
+
/** Remediation advice */
|
|
31
|
+
remediation: string;
|
|
32
|
+
/** Additional context */
|
|
33
|
+
context?: Record<string, string>;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Types of package.json findings
|
|
37
|
+
*/
|
|
38
|
+
export declare enum PackageJsonFindingType {
|
|
39
|
+
MALICIOUS_SCRIPT = "malicious_script",
|
|
40
|
+
TYPOSQUATTING = "typosquatting",
|
|
41
|
+
SUSPICIOUS_DEPENDENCY = "suspicious_dependency",
|
|
42
|
+
PRIVATE_REGISTRY = "private_registry",
|
|
43
|
+
GIT_DEPENDENCY = "git_dependency",
|
|
44
|
+
LOCAL_PATH_DEPENDENCY = "local_path_dependency",
|
|
45
|
+
OVERLY_PERMISSIVE_VERSION = "overly_permissive_version",
|
|
46
|
+
DANGEROUS_POSTINSTALL = "dangerous_postinstall",
|
|
47
|
+
OUTDATED_DEPENDENCY = "outdated_dependency",
|
|
48
|
+
DEPRECATED_PACKAGE = "deprecated_package",
|
|
49
|
+
INSTALL_SCRIPT_ABUSE = "install_script_abuse",
|
|
50
|
+
SUSPICIOUS_MAINTAINER = "suspicious_maintainer"
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Package.json Analyzer Class
|
|
54
|
+
*/
|
|
55
|
+
export declare class PackageJsonAnalyzer {
|
|
56
|
+
private findings;
|
|
57
|
+
/**
|
|
58
|
+
* Analyze a package.json file
|
|
59
|
+
*/
|
|
60
|
+
analyze(content: string, filePath: string): PackageJsonFinding[];
|
|
61
|
+
/**
|
|
62
|
+
* Analyze npm scripts for malicious patterns
|
|
63
|
+
*/
|
|
64
|
+
private analyzeScripts;
|
|
65
|
+
/**
|
|
66
|
+
* Analyze dependencies for security issues
|
|
67
|
+
*/
|
|
68
|
+
private analyzeDependencies;
|
|
69
|
+
/**
|
|
70
|
+
* Check for typosquatting against popular packages
|
|
71
|
+
*/
|
|
72
|
+
private checkTyposquatting;
|
|
73
|
+
/**
|
|
74
|
+
* Check bundled dependencies
|
|
75
|
+
*/
|
|
76
|
+
private checkBundledDependencies;
|
|
77
|
+
/**
|
|
78
|
+
* Analyze package metadata for suspicious patterns
|
|
79
|
+
*/
|
|
80
|
+
private analyzeMetadata;
|
|
81
|
+
/**
|
|
82
|
+
* Check if content looks obfuscated
|
|
83
|
+
*/
|
|
84
|
+
private looksObfuscated;
|
|
85
|
+
}
|
|
86
|
+
export default PackageJsonAnalyzer;
|
|
87
|
+
//# sourceMappingURL=packageJsonAnalyzer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"packageJsonAnalyzer.d.ts","sourceRoot":"","sources":["../../../src/analyzers/javascript/packageJsonAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAiCpE;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,mBAAmB;IACnB,IAAI,EAAE,sBAAsB,CAAC;IAC7B,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,QAAQ,CAAC;IACnB,kBAAkB;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB,eAAe;IACf,QAAQ,EAAE,eAAe,CAAC;IAC1B,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,oBAAY,sBAAsB;IAChC,gBAAgB,qBAAqB;IACrC,aAAa,kBAAkB;IAC/B,qBAAqB,0BAA0B;IAC/C,gBAAgB,qBAAqB;IACrC,cAAc,mBAAmB;IACjC,qBAAqB,0BAA0B;IAC/C,yBAAyB,8BAA8B;IACvD,qBAAqB,0BAA0B;IAC/C,mBAAmB,wBAAwB;IAC3C,kBAAkB,uBAAuB;IACzC,oBAAoB,yBAAyB;IAC7C,qBAAqB,0BAA0B;CAChD;AAyKD;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAA4B;IAE5C;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,kBAAkB,EAAE;IAqChE;;OAEG;IACH,OAAO,CAAC,cAAc;IAgDtB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAwG3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAgD1B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwBhC;;OAEG;IACH,OAAO,CAAC,eAAe;IAmEvB;;OAEG;IACH,OAAO,CAAC,eAAe;CAexB;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,553 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Package.json Security Analyzer
|
|
4
|
+
* Deep analysis of npm package manifests for supply chain threats
|
|
5
|
+
*
|
|
6
|
+
* Detects typosquatting, malicious scripts, suspicious dependencies
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.PackageJsonAnalyzer = exports.PackageJsonFindingType = void 0;
|
|
10
|
+
const types_1 = require("../../types");
|
|
11
|
+
/**
|
|
12
|
+
* Calculate Levenshtein distance between two strings
|
|
13
|
+
* (Simple implementation to avoid external dependency)
|
|
14
|
+
*/
|
|
15
|
+
function levenshteinDistance(a, b) {
|
|
16
|
+
const matrix = [];
|
|
17
|
+
for (let i = 0; i <= b.length; i++) {
|
|
18
|
+
matrix[i] = [i];
|
|
19
|
+
}
|
|
20
|
+
for (let j = 0; j <= a.length; j++) {
|
|
21
|
+
matrix[0][j] = j;
|
|
22
|
+
}
|
|
23
|
+
for (let i = 1; i <= b.length; i++) {
|
|
24
|
+
for (let j = 1; j <= a.length; j++) {
|
|
25
|
+
if (b.charAt(i - 1) === a.charAt(j - 1)) {
|
|
26
|
+
matrix[i][j] = matrix[i - 1][j - 1];
|
|
27
|
+
}
|
|
28
|
+
else {
|
|
29
|
+
matrix[i][j] = Math.min(matrix[i - 1][j - 1] + 1, // substitution
|
|
30
|
+
matrix[i][j - 1] + 1, // insertion
|
|
31
|
+
matrix[i - 1][j] + 1 // deletion
|
|
32
|
+
);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
return matrix[b.length][a.length];
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Types of package.json findings
|
|
40
|
+
*/
|
|
41
|
+
var PackageJsonFindingType;
|
|
42
|
+
(function (PackageJsonFindingType) {
|
|
43
|
+
PackageJsonFindingType["MALICIOUS_SCRIPT"] = "malicious_script";
|
|
44
|
+
PackageJsonFindingType["TYPOSQUATTING"] = "typosquatting";
|
|
45
|
+
PackageJsonFindingType["SUSPICIOUS_DEPENDENCY"] = "suspicious_dependency";
|
|
46
|
+
PackageJsonFindingType["PRIVATE_REGISTRY"] = "private_registry";
|
|
47
|
+
PackageJsonFindingType["GIT_DEPENDENCY"] = "git_dependency";
|
|
48
|
+
PackageJsonFindingType["LOCAL_PATH_DEPENDENCY"] = "local_path_dependency";
|
|
49
|
+
PackageJsonFindingType["OVERLY_PERMISSIVE_VERSION"] = "overly_permissive_version";
|
|
50
|
+
PackageJsonFindingType["DANGEROUS_POSTINSTALL"] = "dangerous_postinstall";
|
|
51
|
+
PackageJsonFindingType["OUTDATED_DEPENDENCY"] = "outdated_dependency";
|
|
52
|
+
PackageJsonFindingType["DEPRECATED_PACKAGE"] = "deprecated_package";
|
|
53
|
+
PackageJsonFindingType["INSTALL_SCRIPT_ABUSE"] = "install_script_abuse";
|
|
54
|
+
PackageJsonFindingType["SUSPICIOUS_MAINTAINER"] = "suspicious_maintainer";
|
|
55
|
+
})(PackageJsonFindingType || (exports.PackageJsonFindingType = PackageJsonFindingType = {}));
|
|
56
|
+
/**
|
|
57
|
+
* Popular packages for typosquatting detection
|
|
58
|
+
*/
|
|
59
|
+
const POPULAR_PACKAGES = [
|
|
60
|
+
// Core npm packages
|
|
61
|
+
'lodash', 'underscore', 'express', 'react', 'vue', 'angular',
|
|
62
|
+
'moment', 'axios', 'request', 'bluebird', 'async', 'chalk',
|
|
63
|
+
'commander', 'debug', 'dotenv', 'fs-extra', 'glob', 'inquirer',
|
|
64
|
+
'jest', 'mocha', 'chai', 'webpack', 'babel-core', 'typescript',
|
|
65
|
+
'eslint', 'prettier', 'nodemon', 'pm2', 'mongoose', 'sequelize',
|
|
66
|
+
'mysql', 'pg', 'redis', 'socket.io', 'graphql', 'apollo-server',
|
|
67
|
+
'next', 'nuxt', 'gatsby', 'electron', 'puppeteer', 'cheerio',
|
|
68
|
+
'uuid', 'jsonwebtoken', 'bcrypt', 'passport', 'cors', 'helmet',
|
|
69
|
+
'morgan', 'winston', 'pino', 'bunyan', 'body-parser', 'cookie-parser',
|
|
70
|
+
'multer', 'formidable', 'sharp', 'jimp', 'node-fetch', 'got',
|
|
71
|
+
'superagent', 'cross-env', 'rimraf', 'mkdirp', 'semver', 'yargs',
|
|
72
|
+
'minimist', 'ora', 'listr', 'execa', 'shelljs', 'cross-spawn',
|
|
73
|
+
// React ecosystem
|
|
74
|
+
'react-dom', 'react-router', 'react-redux', 'redux', 'redux-thunk',
|
|
75
|
+
'redux-saga', 'mobx', 'mobx-react', 'styled-components', 'emotion',
|
|
76
|
+
'material-ui', '@mui/material', 'antd', 'bootstrap', 'tailwindcss',
|
|
77
|
+
// Vue ecosystem
|
|
78
|
+
'vue-router', 'vuex', 'vuetify', 'element-ui', 'vant',
|
|
79
|
+
// Angular ecosystem
|
|
80
|
+
'@angular/core', '@angular/common', '@angular/router', 'rxjs',
|
|
81
|
+
// Build tools
|
|
82
|
+
'rollup', 'parcel', 'esbuild', 'vite', 'snowpack',
|
|
83
|
+
'babel-loader', 'ts-loader', 'css-loader', 'style-loader',
|
|
84
|
+
// Testing
|
|
85
|
+
'cypress', 'playwright', '@testing-library/react', 'enzyme',
|
|
86
|
+
// Security sensitive
|
|
87
|
+
'crypto-js', 'node-forge', 'bcryptjs', 'argon2'
|
|
88
|
+
];
|
|
89
|
+
/**
|
|
90
|
+
* Suspicious script patterns
|
|
91
|
+
*/
|
|
92
|
+
const SUSPICIOUS_SCRIPT_PATTERNS = [
|
|
93
|
+
{
|
|
94
|
+
pattern: /curl\s+[^\s]+\s*\|\s*(?:sh|bash|zsh)/i,
|
|
95
|
+
name: 'Remote Script Execution',
|
|
96
|
+
description: 'Downloads and executes a remote script',
|
|
97
|
+
severity: types_1.Severity.CRITICAL,
|
|
98
|
+
confidence: 95
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
pattern: /wget\s+[^\s]+\s*(?:&&|;)\s*(?:sh|bash|chmod)/i,
|
|
102
|
+
name: 'wget Remote Execution',
|
|
103
|
+
description: 'Downloads and executes a remote script via wget',
|
|
104
|
+
severity: types_1.Severity.CRITICAL,
|
|
105
|
+
confidence: 95
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
pattern: /node\s+-e\s+["'][^"']*(?:http|https|fetch|require\(['"]child_process)/i,
|
|
109
|
+
name: 'Inline Node Execution',
|
|
110
|
+
description: 'Executes inline Node.js code with network or process access',
|
|
111
|
+
severity: types_1.Severity.HIGH,
|
|
112
|
+
confidence: 85
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
pattern: /powershell\s+(?:-(?:e|enc|encodedcommand))/i,
|
|
116
|
+
name: 'PowerShell Encoded Command',
|
|
117
|
+
description: 'Executes encoded PowerShell command',
|
|
118
|
+
severity: types_1.Severity.CRITICAL,
|
|
119
|
+
confidence: 90
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
pattern: /echo\s+[A-Za-z0-9+/=]{50,}\s*\|\s*base64\s+-d/i,
|
|
123
|
+
name: 'Base64 Decode Execution',
|
|
124
|
+
description: 'Decodes and potentially executes Base64 content',
|
|
125
|
+
severity: types_1.Severity.HIGH,
|
|
126
|
+
confidence: 85
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
pattern: /\$\(curl|`curl|\$\(wget|`wget/i,
|
|
130
|
+
name: 'Command Substitution Download',
|
|
131
|
+
description: 'Uses command substitution to download content',
|
|
132
|
+
severity: types_1.Severity.HIGH,
|
|
133
|
+
confidence: 85
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
pattern: /eval\s*["'`]?\$\(/i,
|
|
137
|
+
name: 'Eval Command Substitution',
|
|
138
|
+
description: 'Evaluates the output of a command',
|
|
139
|
+
severity: types_1.Severity.CRITICAL,
|
|
140
|
+
confidence: 90
|
|
141
|
+
},
|
|
142
|
+
{
|
|
143
|
+
pattern: />\s*\/dev\/tcp\//i,
|
|
144
|
+
name: 'Bash Network Redirect',
|
|
145
|
+
description: 'Uses bash /dev/tcp for network communication',
|
|
146
|
+
severity: types_1.Severity.CRITICAL,
|
|
147
|
+
confidence: 95
|
|
148
|
+
},
|
|
149
|
+
{
|
|
150
|
+
pattern: /nc\s+-[^|]*\s+(?:\||&)/i,
|
|
151
|
+
name: 'Netcat Usage',
|
|
152
|
+
description: 'Uses netcat for network communication',
|
|
153
|
+
severity: types_1.Severity.HIGH,
|
|
154
|
+
confidence: 80
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
pattern: /rm\s+-rf\s+(?:\/|~|\$HOME)/i,
|
|
158
|
+
name: 'Dangerous File Deletion',
|
|
159
|
+
description: 'Recursively deletes important directories',
|
|
160
|
+
severity: types_1.Severity.CRITICAL,
|
|
161
|
+
confidence: 90
|
|
162
|
+
},
|
|
163
|
+
{
|
|
164
|
+
pattern: /chmod\s+(?:\+s|u\+s|4755|2755)/i,
|
|
165
|
+
name: 'SetUID/SetGID Modification',
|
|
166
|
+
description: 'Changes file permissions to setuid/setgid',
|
|
167
|
+
severity: types_1.Severity.HIGH,
|
|
168
|
+
confidence: 85
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
pattern: /(?:\.ssh|id_rsa|authorized_keys)/i,
|
|
172
|
+
name: 'SSH Key Access',
|
|
173
|
+
description: 'Script accesses SSH keys or configuration',
|
|
174
|
+
severity: types_1.Severity.HIGH,
|
|
175
|
+
confidence: 75
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
pattern: /(?:\/etc\/passwd|\/etc\/shadow)/i,
|
|
179
|
+
name: 'System Password File Access',
|
|
180
|
+
description: 'Script accesses system password files',
|
|
181
|
+
severity: types_1.Severity.CRITICAL,
|
|
182
|
+
confidence: 90
|
|
183
|
+
}
|
|
184
|
+
];
|
|
185
|
+
/**
|
|
186
|
+
* Known malicious or suspicious package names
|
|
187
|
+
*/
|
|
188
|
+
const KNOWN_MALICIOUS_PACKAGES = new Set([
|
|
189
|
+
// Historical malicious packages
|
|
190
|
+
'event-stream', 'flatmap-stream', 'ua-parser-js', 'coa', 'rc',
|
|
191
|
+
'colors', 'faker', // These were sabotaged by maintainers
|
|
192
|
+
// Common typosquatting targets that have been used maliciously
|
|
193
|
+
'loadsh', 'lodahs', 'lodashs', 'crossenv', 'cross-env.js',
|
|
194
|
+
'babelcli', 'http-proxy.js', 'mongose', 'mongoos',
|
|
195
|
+
'mssql.js', 'mssql-node', 'mysqljs', 'node-fabric',
|
|
196
|
+
'node-opencv', 'node-opensl', 'node-openssl', 'node-sqlite',
|
|
197
|
+
'node-tkinter', 'nodefabric', 'nodeffmpeg', 'nodemailer-js',
|
|
198
|
+
'noderequest', 'nodesass', 'nodesqlite', 'opencv.js',
|
|
199
|
+
'openssl.js', 'proxy.js', 'shadowsock', 'smb', 'sqlite.js',
|
|
200
|
+
'sqliter', 'sqlserver', 'tkinter'
|
|
201
|
+
]);
|
|
202
|
+
/**
|
|
203
|
+
* Suspicious package name patterns
|
|
204
|
+
*/
|
|
205
|
+
const SUSPICIOUS_PACKAGE_PATTERNS = [
|
|
206
|
+
{ pattern: /^@[^/]+\/[^/]+--[^/]+$/, reason: 'Double hyphen in scoped package' },
|
|
207
|
+
{ pattern: /^[a-z]+-[0-9]+$/, reason: 'Package name with trailing numbers' },
|
|
208
|
+
{ pattern: /^node-(?!gyp|fetch|forge|uuid|notifier|schedule|html)/, reason: 'Suspicious node- prefix' },
|
|
209
|
+
{ pattern: /^js-(?!yaml|cookie|beautify)/, reason: 'Suspicious js- prefix' },
|
|
210
|
+
{ pattern: /\.(js|ts|json|node)$/, reason: 'Package name with file extension' },
|
|
211
|
+
{ pattern: /^npm-|^yarn-/i, reason: 'Package prefixed with package manager name' }
|
|
212
|
+
];
|
|
213
|
+
/**
|
|
214
|
+
* Package.json Analyzer Class
|
|
215
|
+
*/
|
|
216
|
+
class PackageJsonAnalyzer {
|
|
217
|
+
findings = [];
|
|
218
|
+
/**
|
|
219
|
+
* Analyze a package.json file
|
|
220
|
+
*/
|
|
221
|
+
analyze(content, filePath) {
|
|
222
|
+
this.findings = [];
|
|
223
|
+
let pkg;
|
|
224
|
+
try {
|
|
225
|
+
pkg = JSON.parse(content);
|
|
226
|
+
}
|
|
227
|
+
catch {
|
|
228
|
+
// Invalid JSON
|
|
229
|
+
return [];
|
|
230
|
+
}
|
|
231
|
+
// Analyze scripts
|
|
232
|
+
if (pkg.scripts && typeof pkg.scripts === 'object') {
|
|
233
|
+
this.analyzeScripts(pkg.scripts);
|
|
234
|
+
}
|
|
235
|
+
// Analyze dependencies
|
|
236
|
+
const depFields = ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'];
|
|
237
|
+
for (const field of depFields) {
|
|
238
|
+
if (pkg[field] && typeof pkg[field] === 'object') {
|
|
239
|
+
this.analyzeDependencies(pkg[field], field);
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
// Check for bundledDependencies with version specifiers (unusual)
|
|
243
|
+
if (pkg.bundledDependencies || pkg.bundleDependencies) {
|
|
244
|
+
this.checkBundledDependencies((pkg.bundledDependencies || pkg.bundleDependencies));
|
|
245
|
+
}
|
|
246
|
+
// Check for suspicious package metadata
|
|
247
|
+
this.analyzeMetadata(pkg);
|
|
248
|
+
return this.findings;
|
|
249
|
+
}
|
|
250
|
+
/**
|
|
251
|
+
* Analyze npm scripts for malicious patterns
|
|
252
|
+
*/
|
|
253
|
+
analyzeScripts(scripts) {
|
|
254
|
+
// High-risk lifecycle scripts
|
|
255
|
+
const lifecycleScripts = ['preinstall', 'install', 'postinstall', 'preuninstall', 'postuninstall'];
|
|
256
|
+
for (const [scriptName, scriptContent] of Object.entries(scripts)) {
|
|
257
|
+
// Check lifecycle scripts more strictly
|
|
258
|
+
const isLifecycle = lifecycleScripts.includes(scriptName);
|
|
259
|
+
// Check against suspicious patterns
|
|
260
|
+
for (const { pattern, name, description, severity, confidence } of SUSPICIOUS_SCRIPT_PATTERNS) {
|
|
261
|
+
if (pattern.test(scriptContent)) {
|
|
262
|
+
this.findings.push({
|
|
263
|
+
type: PackageJsonFindingType.MALICIOUS_SCRIPT,
|
|
264
|
+
name: `${name} in ${scriptName}`,
|
|
265
|
+
description: `${description} found in npm script "${scriptName}"`,
|
|
266
|
+
severity: isLifecycle ? types_1.Severity.CRITICAL : severity,
|
|
267
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
268
|
+
category: types_1.FindingCategory.MALWARE,
|
|
269
|
+
field: `scripts.${scriptName}`,
|
|
270
|
+
value: scriptContent,
|
|
271
|
+
confidence: isLifecycle ? Math.min(confidence + 10, 100) : confidence,
|
|
272
|
+
remediation: isLifecycle
|
|
273
|
+
? 'Remove or thoroughly review this lifecycle script. Use npm config set ignore-scripts true for untrusted packages.'
|
|
274
|
+
: 'Review and remove suspicious commands from the script.',
|
|
275
|
+
context: { scriptName }
|
|
276
|
+
});
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
// Check for scripts that look obfuscated
|
|
280
|
+
if (this.looksObfuscated(scriptContent)) {
|
|
281
|
+
this.findings.push({
|
|
282
|
+
type: PackageJsonFindingType.MALICIOUS_SCRIPT,
|
|
283
|
+
name: 'Obfuscated Script',
|
|
284
|
+
description: `Script "${scriptName}" appears to contain obfuscated code`,
|
|
285
|
+
severity: isLifecycle ? types_1.Severity.CRITICAL : types_1.Severity.HIGH,
|
|
286
|
+
threatType: types_1.ThreatType.OBFUSCATED_CODE,
|
|
287
|
+
category: types_1.FindingCategory.MALWARE,
|
|
288
|
+
field: `scripts.${scriptName}`,
|
|
289
|
+
value: scriptContent.substring(0, 200),
|
|
290
|
+
confidence: 75,
|
|
291
|
+
remediation: 'Deobfuscate and analyze the script content.',
|
|
292
|
+
context: { scriptName }
|
|
293
|
+
});
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
}
|
|
297
|
+
/**
|
|
298
|
+
* Analyze dependencies for security issues
|
|
299
|
+
*/
|
|
300
|
+
analyzeDependencies(deps, field) {
|
|
301
|
+
for (const [name, version] of Object.entries(deps)) {
|
|
302
|
+
// Check for known malicious packages
|
|
303
|
+
if (KNOWN_MALICIOUS_PACKAGES.has(name)) {
|
|
304
|
+
this.findings.push({
|
|
305
|
+
type: PackageJsonFindingType.SUSPICIOUS_DEPENDENCY,
|
|
306
|
+
name: 'Known Malicious Package',
|
|
307
|
+
description: `Package "${name}" has been flagged as malicious or compromised`,
|
|
308
|
+
severity: types_1.Severity.CRITICAL,
|
|
309
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
310
|
+
category: types_1.FindingCategory.MALWARE,
|
|
311
|
+
field: `${field}.${name}`,
|
|
312
|
+
value: `${name}@${version}`,
|
|
313
|
+
confidence: 95,
|
|
314
|
+
remediation: 'Remove this package immediately and find a legitimate alternative.'
|
|
315
|
+
});
|
|
316
|
+
}
|
|
317
|
+
// Check for typosquatting
|
|
318
|
+
const typosquatResult = this.checkTyposquatting(name);
|
|
319
|
+
if (typosquatResult) {
|
|
320
|
+
this.findings.push({
|
|
321
|
+
type: PackageJsonFindingType.TYPOSQUATTING,
|
|
322
|
+
name: 'Potential Typosquatting',
|
|
323
|
+
description: `Package "${name}" may be a typosquat of "${typosquatResult.target}"`,
|
|
324
|
+
severity: types_1.Severity.HIGH,
|
|
325
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
326
|
+
category: types_1.FindingCategory.MALWARE,
|
|
327
|
+
field: `${field}.${name}`,
|
|
328
|
+
value: `${name}@${version}`,
|
|
329
|
+
confidence: typosquatResult.confidence,
|
|
330
|
+
remediation: `Verify you intended to install "${name}" and not "${typosquatResult.target}".`,
|
|
331
|
+
context: { similarTo: typosquatResult.target }
|
|
332
|
+
});
|
|
333
|
+
}
|
|
334
|
+
// Check for suspicious package name patterns
|
|
335
|
+
for (const { pattern, reason } of SUSPICIOUS_PACKAGE_PATTERNS) {
|
|
336
|
+
if (pattern.test(name)) {
|
|
337
|
+
this.findings.push({
|
|
338
|
+
type: PackageJsonFindingType.SUSPICIOUS_DEPENDENCY,
|
|
339
|
+
name: 'Suspicious Package Name',
|
|
340
|
+
description: `Package "${name}" has a suspicious name pattern: ${reason}`,
|
|
341
|
+
severity: types_1.Severity.MEDIUM,
|
|
342
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
343
|
+
category: types_1.FindingCategory.MALWARE,
|
|
344
|
+
field: `${field}.${name}`,
|
|
345
|
+
value: `${name}@${version}`,
|
|
346
|
+
confidence: 60,
|
|
347
|
+
remediation: 'Verify this is the intended package before installing.'
|
|
348
|
+
});
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
// Check for git dependencies (can be risky)
|
|
352
|
+
if (version.startsWith('git') || version.startsWith('github:') || version.includes('://')) {
|
|
353
|
+
this.findings.push({
|
|
354
|
+
type: PackageJsonFindingType.GIT_DEPENDENCY,
|
|
355
|
+
name: 'Git URL Dependency',
|
|
356
|
+
description: `Package "${name}" is installed from a git URL instead of npm registry`,
|
|
357
|
+
severity: types_1.Severity.MEDIUM,
|
|
358
|
+
threatType: types_1.ThreatType.SECURITY_MISCONFIGURATION,
|
|
359
|
+
category: types_1.FindingCategory.VULNERABILITY,
|
|
360
|
+
field: `${field}.${name}`,
|
|
361
|
+
value: `${name}@${version}`,
|
|
362
|
+
confidence: 70,
|
|
363
|
+
remediation: 'Use npm registry versions when possible. Audit the git repository.'
|
|
364
|
+
});
|
|
365
|
+
}
|
|
366
|
+
// Check for local file dependencies
|
|
367
|
+
if (version.startsWith('file:') || version.startsWith('./') || version.startsWith('../')) {
|
|
368
|
+
this.findings.push({
|
|
369
|
+
type: PackageJsonFindingType.LOCAL_PATH_DEPENDENCY,
|
|
370
|
+
name: 'Local Path Dependency',
|
|
371
|
+
description: `Package "${name}" uses a local file path`,
|
|
372
|
+
severity: types_1.Severity.LOW,
|
|
373
|
+
threatType: types_1.ThreatType.SECURITY_MISCONFIGURATION,
|
|
374
|
+
category: types_1.FindingCategory.CODE_SMELL,
|
|
375
|
+
field: `${field}.${name}`,
|
|
376
|
+
value: `${name}@${version}`,
|
|
377
|
+
confidence: 80,
|
|
378
|
+
remediation: 'Consider publishing the package or using a workspace configuration.'
|
|
379
|
+
});
|
|
380
|
+
}
|
|
381
|
+
// Check for overly permissive version ranges
|
|
382
|
+
if (version === '*' || version === 'latest' || /^>=?\s*0\./.test(version)) {
|
|
383
|
+
this.findings.push({
|
|
384
|
+
type: PackageJsonFindingType.OVERLY_PERMISSIVE_VERSION,
|
|
385
|
+
name: 'Overly Permissive Version',
|
|
386
|
+
description: `Package "${name}" uses "${version}" which could install any version`,
|
|
387
|
+
severity: types_1.Severity.MEDIUM,
|
|
388
|
+
threatType: types_1.ThreatType.VULNERABLE_DEPENDENCY,
|
|
389
|
+
category: types_1.FindingCategory.BEST_PRACTICE,
|
|
390
|
+
field: `${field}.${name}`,
|
|
391
|
+
value: `${name}@${version}`,
|
|
392
|
+
confidence: 85,
|
|
393
|
+
remediation: 'Use a specific version or a caret/tilde range.'
|
|
394
|
+
});
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
}
|
|
398
|
+
/**
|
|
399
|
+
* Check for typosquatting against popular packages
|
|
400
|
+
*/
|
|
401
|
+
checkTyposquatting(packageName) {
|
|
402
|
+
const lowerName = packageName.toLowerCase();
|
|
403
|
+
// Skip if it's a popular package itself
|
|
404
|
+
if (POPULAR_PACKAGES.includes(lowerName)) {
|
|
405
|
+
return null;
|
|
406
|
+
}
|
|
407
|
+
// Skip scoped packages for now (they're harder to typosquat)
|
|
408
|
+
if (packageName.startsWith('@')) {
|
|
409
|
+
return null;
|
|
410
|
+
}
|
|
411
|
+
for (const popular of POPULAR_PACKAGES) {
|
|
412
|
+
const distance = levenshteinDistance(lowerName, popular.toLowerCase());
|
|
413
|
+
const maxLength = Math.max(lowerName.length, popular.length);
|
|
414
|
+
const similarity = 1 - (distance / maxLength);
|
|
415
|
+
// If very similar but not exact
|
|
416
|
+
if (distance > 0 && distance <= 2 && similarity > 0.8) {
|
|
417
|
+
const confidence = Math.round(similarity * 100);
|
|
418
|
+
return { target: popular, confidence };
|
|
419
|
+
}
|
|
420
|
+
// Check for common typosquatting patterns
|
|
421
|
+
const patterns = [
|
|
422
|
+
`${popular}-js`,
|
|
423
|
+
`${popular}js`,
|
|
424
|
+
`${popular}.js`,
|
|
425
|
+
`js-${popular}`,
|
|
426
|
+
`node-${popular}`,
|
|
427
|
+
`${popular}-node`,
|
|
428
|
+
`${popular}2`,
|
|
429
|
+
`${popular}-v2`,
|
|
430
|
+
popular.replace(/-/g, ''),
|
|
431
|
+
popular.replace(/-/g, '_')
|
|
432
|
+
];
|
|
433
|
+
for (const pattern of patterns) {
|
|
434
|
+
if (lowerName === pattern.toLowerCase() && lowerName !== popular.toLowerCase()) {
|
|
435
|
+
return { target: popular, confidence: 75 };
|
|
436
|
+
}
|
|
437
|
+
}
|
|
438
|
+
}
|
|
439
|
+
return null;
|
|
440
|
+
}
|
|
441
|
+
/**
|
|
442
|
+
* Check bundled dependencies
|
|
443
|
+
*/
|
|
444
|
+
checkBundledDependencies(bundled) {
|
|
445
|
+
if (!Array.isArray(bundled))
|
|
446
|
+
return;
|
|
447
|
+
for (const name of bundled) {
|
|
448
|
+
if (typeof name !== 'string')
|
|
449
|
+
continue;
|
|
450
|
+
// Check for known malicious packages
|
|
451
|
+
if (KNOWN_MALICIOUS_PACKAGES.has(name)) {
|
|
452
|
+
this.findings.push({
|
|
453
|
+
type: PackageJsonFindingType.SUSPICIOUS_DEPENDENCY,
|
|
454
|
+
name: 'Malicious Bundled Dependency',
|
|
455
|
+
description: `Bundled package "${name}" is known to be malicious`,
|
|
456
|
+
severity: types_1.Severity.CRITICAL,
|
|
457
|
+
threatType: types_1.ThreatType.MALICIOUS_LOADER,
|
|
458
|
+
category: types_1.FindingCategory.MALWARE,
|
|
459
|
+
field: 'bundledDependencies',
|
|
460
|
+
value: name,
|
|
461
|
+
confidence: 95,
|
|
462
|
+
remediation: 'Remove this bundled dependency immediately.'
|
|
463
|
+
});
|
|
464
|
+
}
|
|
465
|
+
}
|
|
466
|
+
}
|
|
467
|
+
/**
|
|
468
|
+
* Analyze package metadata for suspicious patterns
|
|
469
|
+
*/
|
|
470
|
+
analyzeMetadata(pkg) {
|
|
471
|
+
// Check for suspicious repository URLs
|
|
472
|
+
if (pkg.repository) {
|
|
473
|
+
const repoUrl = typeof pkg.repository === 'string'
|
|
474
|
+
? pkg.repository
|
|
475
|
+
: pkg.repository.url;
|
|
476
|
+
if (repoUrl) {
|
|
477
|
+
// Check for IP-based repository URLs
|
|
478
|
+
if (/https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/.test(repoUrl)) {
|
|
479
|
+
this.findings.push({
|
|
480
|
+
type: PackageJsonFindingType.SUSPICIOUS_DEPENDENCY,
|
|
481
|
+
name: 'IP-Based Repository URL',
|
|
482
|
+
description: 'Repository uses a raw IP address instead of a domain',
|
|
483
|
+
severity: types_1.Severity.HIGH,
|
|
484
|
+
threatType: types_1.ThreatType.SUSPICIOUS_NETWORK,
|
|
485
|
+
category: types_1.FindingCategory.MALWARE,
|
|
486
|
+
field: 'repository',
|
|
487
|
+
value: repoUrl,
|
|
488
|
+
confidence: 75,
|
|
489
|
+
remediation: 'Verify the repository is legitimate.'
|
|
490
|
+
});
|
|
491
|
+
}
|
|
492
|
+
// Check for non-standard git hosts
|
|
493
|
+
const trustedHosts = ['github.com', 'gitlab.com', 'bitbucket.org', 'dev.azure.com'];
|
|
494
|
+
const isStandardHost = trustedHosts.some(host => repoUrl.includes(host));
|
|
495
|
+
if (!isStandardHost && repoUrl.includes('://')) {
|
|
496
|
+
this.findings.push({
|
|
497
|
+
type: PackageJsonFindingType.SUSPICIOUS_DEPENDENCY,
|
|
498
|
+
name: 'Non-Standard Repository Host',
|
|
499
|
+
description: 'Repository is hosted on a non-standard git host',
|
|
500
|
+
severity: types_1.Severity.LOW,
|
|
501
|
+
threatType: types_1.ThreatType.SECURITY_MISCONFIGURATION,
|
|
502
|
+
category: types_1.FindingCategory.CODE_SMELL,
|
|
503
|
+
field: 'repository',
|
|
504
|
+
value: repoUrl,
|
|
505
|
+
confidence: 50,
|
|
506
|
+
remediation: 'Verify the repository host is trustworthy.'
|
|
507
|
+
});
|
|
508
|
+
}
|
|
509
|
+
}
|
|
510
|
+
}
|
|
511
|
+
// Check for very new package (less relevant for static analysis, but worth noting)
|
|
512
|
+
// This would normally require npm API access
|
|
513
|
+
// Check for private registry configuration
|
|
514
|
+
if (pkg.publishConfig && typeof pkg.publishConfig === 'object') {
|
|
515
|
+
const publishConfig = pkg.publishConfig;
|
|
516
|
+
if (publishConfig.registry && !publishConfig.registry.includes('registry.npmjs.org')) {
|
|
517
|
+
this.findings.push({
|
|
518
|
+
type: PackageJsonFindingType.PRIVATE_REGISTRY,
|
|
519
|
+
name: 'Private Registry Configuration',
|
|
520
|
+
description: 'Package is configured to publish to a private registry',
|
|
521
|
+
severity: types_1.Severity.INFO,
|
|
522
|
+
threatType: types_1.ThreatType.SECURITY_MISCONFIGURATION,
|
|
523
|
+
category: types_1.FindingCategory.CODE_SMELL,
|
|
524
|
+
field: 'publishConfig.registry',
|
|
525
|
+
value: publishConfig.registry,
|
|
526
|
+
confidence: 60,
|
|
527
|
+
remediation: 'Verify the registry configuration is intentional.'
|
|
528
|
+
});
|
|
529
|
+
}
|
|
530
|
+
}
|
|
531
|
+
}
|
|
532
|
+
/**
|
|
533
|
+
* Check if content looks obfuscated
|
|
534
|
+
*/
|
|
535
|
+
looksObfuscated(content) {
|
|
536
|
+
// Check for base64-like patterns
|
|
537
|
+
if (/[A-Za-z0-9+/=]{100,}/.test(content))
|
|
538
|
+
return true;
|
|
539
|
+
// Check for heavy use of hex escapes
|
|
540
|
+
if (/(?:\\x[0-9a-f]{2}){20,}/i.test(content))
|
|
541
|
+
return true;
|
|
542
|
+
// Check for unicode escapes
|
|
543
|
+
if (/(?:\\u[0-9a-f]{4}){15,}/i.test(content))
|
|
544
|
+
return true;
|
|
545
|
+
// Check for very long single-line strings
|
|
546
|
+
if (content.length > 500 && !content.includes(' ') && !content.includes('\n'))
|
|
547
|
+
return true;
|
|
548
|
+
return false;
|
|
549
|
+
}
|
|
550
|
+
}
|
|
551
|
+
exports.PackageJsonAnalyzer = PackageJsonAnalyzer;
|
|
552
|
+
exports.default = PackageJsonAnalyzer;
|
|
553
|
+
//# sourceMappingURL=packageJsonAnalyzer.js.map
|