secure-scan 1.2.2

package/dist/dependencies/database/maliciousPackages.js

@@ -0,0 +1,279 @@
+"use strict";
+/**
+ * Known Malicious Packages Database
+ * Static database of known malicious packages for offline detection
+ * Updated: 2024-01
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DANGEROUS_POSTINSTALL_PACKAGES = exports.DEPRECATED_PACKAGES = exports.POPULAR_PACKAGES = exports.KNOWN_MALICIOUS_PACKAGES = void 0;
+exports.getMaliciousPackage = getMaliciousPackage;
+exports.isDeprecatedPackage = isDeprecatedPackage;
+exports.getPopularPackages = getPopularPackages;
+const types_1 = require("../types");
+/**
+ * Database of known malicious packages
+ * Sources: npm security advisories, PyPI reports, Snyk, etc.
+ */
+exports.KNOWN_MALICIOUS_PACKAGES = [
+    // NPM malicious packages
+    {
+        name: 'event-stream',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.STEALER, types_1.MalwareIndicator.BACKDOOR],
+        description: 'Compromised package with cryptocurrency wallet stealer (version 3.3.6)',
+        reportedDate: '2018-11-26',
+        references: ['https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident'],
+        affectedVersions: '3.3.6'
+    },
+    {
+        name: 'ua-parser-js',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.CRYPTOMINER, types_1.MalwareIndicator.STEALER],
+        description: 'Hijacked package with cryptominer and password stealer',
+        reportedDate: '2021-10-22',
+        references: ['https://github.com/ArmandPhil662/MALWARE-SAMPLE'],
+        affectedVersions: '0.7.29, 0.8.0, 1.0.0'
+    },
+    {
+        name: 'coa',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Hijacked package used for credential theft',
+        reportedDate: '2021-11-04',
+        references: ['https://blog.sonatype.com/npm-hijacked-supply-chain'],
+        affectedVersions: '2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, 3.1.3'
+    },
+    {
+        name: 'rc',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Hijacked package used for credential theft',
+        reportedDate: '2021-11-04',
+        references: ['https://blog.sonatype.com/npm-hijacked-supply-chain'],
+        affectedVersions: '1.2.9, 1.3.9, 2.3.9'
+    },
+    {
+        name: 'flatmap-stream',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.STEALER, types_1.MalwareIndicator.BACKDOOR],
+        description: 'Malicious package injected into event-stream',
+        reportedDate: '2018-11-26',
+        references: ['https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'colors',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.OBFUSCATED],
+        description: 'Sabotaged by maintainer with infinite loop (protestware)',
+        reportedDate: '2022-01-09',
+        references: ['https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/'],
+        affectedVersions: '1.4.1, 1.4.2'
+    },
+    {
+        name: 'faker',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.OBFUSCATED],
+        description: 'Sabotaged by maintainer (protestware)',
+        reportedDate: '2022-01-09',
+        references: ['https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/'],
+        affectedVersions: '6.6.6'
+    },
+    {
+        name: 'node-ipc',
+        ecosystem: 'npm',
+        indicators: [types_1.MalwareIndicator.DATA_EXFILTRATION],
+        description: 'Supply chain attack targeting Russian/Belarusian IPs (peacenotwar)',
+        reportedDate: '2022-03-16',
+        references: ['https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/'],
+        affectedVersions: '10.1.1, 10.1.2, 10.1.3'
+    },
+    // Python malicious packages
+    {
+        name: 'ctx',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Compromised package stealing environment variables',
+        reportedDate: '2022-05-24',
+        references: ['https://www.bleepingcomputer.com/news/security/pypi-package-ctx-compromised-to-steal-aws-credentials/'],
+        affectedVersions: '0.1.2, 0.2.2, 0.2.6'
+    },
+    {
+        name: 'phpass',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Compromised package stealing environment variables',
+        reportedDate: '2022-05-24',
+        references: ['https://www.bleepingcomputer.com/news/security/pypi-package-ctx-compromised-to-steal-aws-credentials/'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'colourama',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.CRYPTOMINER],
+        description: 'Typosquat of colorama with cryptominer',
+        reportedDate: '2019-10-22',
+        references: ['https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'python3-dateutil',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Typosquat of python-dateutil stealing SSH keys',
+        reportedDate: '2019-12-04',
+        references: ['https://snyk.io/blog/malicious-packages-open-source-code-2019/'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'jeIlyfish',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.STEALER],
+        description: 'Typosquat of jellyfish (using capital I instead of l)',
+        reportedDate: '2019-12-04',
+        references: ['https://snyk.io/blog/malicious-packages-open-source-code-2019/'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'libpeshnern',
+        ecosystem: 'pip',
+        indicators: [types_1.MalwareIndicator.BACKDOOR],
+        description: 'Reverse shell backdoor',
+        reportedDate: '2021-05-15',
+        references: ['https://blog.sonatype.com/sonatype-catches-new-pypi-ransomware'],
+        affectedVersions: '*'
+    },
+    // PHP malicious packages (Composer)
+    {
+        name: 'phpunit/php-unit',
+        ecosystem: 'composer',
+        indicators: [types_1.MalwareIndicator.BACKDOOR],
+        description: 'Typosquat of phpunit/phpunit with backdoor',
+        reportedDate: '2020-01-15',
+        references: ['https://packagist.org/'],
+        affectedVersions: '*'
+    },
+    {
+        name: 'symfony/symf0ny',
+        ecosystem: 'composer',
+        indicators: [types_1.MalwareIndicator.BACKDOOR],
+        description: 'Typosquat of symfony packages',
+        reportedDate: '2020-01-15',
+        references: ['https://packagist.org/'],
+        affectedVersions: '*'
+    },
+    // NuGet malicious packages
+    {
+        name: 'SpeechRecognition',
+        ecosystem: 'nuget',
+        indicators: [types_1.MalwareIndicator.CRYPTOMINER],
+        description: 'Cryptocurrency miner disguised as legitimate package',
+        reportedDate: '2023-03-20',
+        references: ['https://blog.jfrog.com/nuget-malware'],
+        affectedVersions: '*'
+    },
+    // Maven malicious packages
+    {
+        name: 'org.springframework:spring-core',
+        ecosystem: 'maven',
+        indicators: [types_1.MalwareIndicator.BACKDOOR],
+        description: 'Note: Legitimate package but check for typosquats',
+        reportedDate: '2023-01-01',
+        references: [],
+        affectedVersions: 'none'
+    }
+];
+/**
+ * Popular package names for typosquatting detection
+ */
+exports.POPULAR_PACKAGES = {
+    npm: [
+        'lodash', 'express', 'react', 'webpack', 'axios', 'moment', 'chalk',
+        'request', 'commander', 'async', 'debug', 'uuid', 'underscore',
+        'typescript', 'jquery', 'vue', 'angular', 'next', 'eslint', 'babel',
+        'prettier', 'jest', 'mocha', 'gulp', 'grunt', 'nodemon', 'mongoose',
+        'socket.io', 'cheerio', 'passport', 'cors', 'dotenv', 'body-parser',
+        'colors', 'minimist', 'yargs', 'inquirer', 'rxjs', 'bluebird', 'fs-extra',
+        'glob', 'mkdirp', 'rimraf', 'semver', 'nanoid', 'dayjs', 'date-fns'
+    ],
+    pip: [
+        'requests', 'numpy', 'pandas', 'django', 'flask', 'matplotlib', 'tensorflow',
+        'scikit-learn', 'scipy', 'pillow', 'beautifulsoup4', 'selenium', 'pytest',
+        'boto3', 'sqlalchemy', 'celery', 'redis', 'psycopg2', 'paramiko', 'pyyaml',
+        'cryptography', 'jinja2', 'click', 'aiohttp', 'httpx', 'fastapi', 'uvicorn',
+        'colorama', 'tqdm', 'python-dateutil', 'pytz', 'jellyfish', 'pydantic',
+        'setuptools', 'wheel', 'pip', 'virtualenv', 'ipython', 'jupyter', 'black',
+        'pylint', 'mypy', 'flake8', 'isort', 'poetry', 'torch', 'keras', 'nltk'
+    ],
+    composer: [
+        'laravel/framework', 'symfony/symfony', 'guzzlehttp/guzzle', 'monolog/monolog',
+        'phpunit/phpunit', 'doctrine/orm', 'twig/twig', 'vlucas/phpdotenv',
+        'nesbot/carbon', 'ramsey/uuid', 'fzaninotto/faker', 'psr/log', 'swiftmailer/swiftmailer',
+        'league/flysystem', 'predis/predis', 'nikic/fast-route', 'slim/slim'
+    ],
+    maven: [
+        'org.springframework:spring-core', 'com.google.guava:guava', 'org.apache.commons:commons-lang3',
+        'junit:junit', 'org.slf4j:slf4j-api', 'ch.qos.logback:logback-classic',
+        'com.fasterxml.jackson.core:jackson-databind', 'org.apache.httpcomponents:httpclient',
+        'mysql:mysql-connector-java', 'org.postgresql:postgresql', 'org.projectlombok:lombok'
+    ],
+    gradle: [
+        'org.springframework:spring-core', 'com.google.guava:guava', 'org.jetbrains.kotlin:kotlin-stdlib'
+    ],
+    nuget: [
+        'Newtonsoft.Json', 'Microsoft.EntityFrameworkCore', 'Serilog', 'AutoMapper',
+        'Dapper', 'MediatR', 'FluentValidation', 'Polly', 'xunit', 'NUnit', 'Moq'
+    ],
+    vcpkg: [
+        'boost', 'openssl', 'curl', 'zlib', 'fmt', 'nlohmann-json', 'sqlite3',
+        'gtest', 'opencv', 'protobuf', 'grpc', 'abseil', 'cpprestsdk'
+    ],
+    conan: [
+        'boost', 'openssl', 'zlib', 'fmt', 'spdlog', 'gtest', 'catch2', 'nlohmann_json',
+        'abseil', 'protobuf', 'grpc', 'opencv', 'poco', 'cpprestsdk'
+    ],
+    cmake: [
+        'Boost', 'OpenSSL', 'CURL', 'ZLIB', 'GTest', 'OpenCV', 'Protobuf', 'gRPC'
+    ]
+};
+/**
+ * Known abandoned/deprecated packages
+ */
+exports.DEPRECATED_PACKAGES = {
+    'request': { ecosystem: 'npm', replacement: 'axios or node-fetch', reason: 'Deprecated in 2020' },
+    'moment': { ecosystem: 'npm', replacement: 'dayjs or date-fns', reason: 'Deprecated, large bundle size' },
+    'underscore': { ecosystem: 'npm', replacement: 'lodash', reason: 'Maintenance mode' },
+    'node-uuid': { ecosystem: 'npm', replacement: 'uuid', reason: 'Renamed to uuid' },
+    'faker': { ecosystem: 'npm', replacement: '@faker-js/faker', reason: 'Sabotaged, use community fork' },
+    'crypto': { ecosystem: 'pip', replacement: 'cryptography', reason: 'Deprecated, use cryptography' },
+    'pycrypto': { ecosystem: 'pip', replacement: 'pycryptodome', reason: 'Unmaintained since 2012' },
+    'nose': { ecosystem: 'pip', replacement: 'pytest', reason: 'Unmaintained since 2016' },
+    'phpmailer/phpmailer': { ecosystem: 'composer', replacement: 'Check for security updates', reason: 'Had critical RCE vulnerabilities' }
+};
+/**
+ * Packages known to have dangerous post-install scripts
+ */
+exports.DANGEROUS_POSTINSTALL_PACKAGES = [
+// These are examples - some packages legitimately need postinstall
+// but unusual ones should be flagged for review
+];
+/**
+ * Get malicious package entry if exists
+ */
+function getMaliciousPackage(name, ecosystem) {
+    return exports.KNOWN_MALICIOUS_PACKAGES.find(p => p.name.toLowerCase() === name.toLowerCase() && p.ecosystem === ecosystem);
+}
+/**
+ * Check if package is deprecated
+ */
+function isDeprecatedPackage(name) {
+    const info = exports.DEPRECATED_PACKAGES[name.toLowerCase()];
+    return { deprecated: !!info, info };
+}
+/**
+ * Get popular packages for an ecosystem (for typosquatting detection)
+ */
+function getPopularPackages(ecosystem) {
+    return exports.POPULAR_PACKAGES[ecosystem] || [];
+}
+//# sourceMappingURL=maliciousPackages.js.map

package/dist/dependencies/database/maliciousPackages.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"maliciousPackages.js","sourceRoot":"","sources":["../../../src/dependencies/database/maliciousPackages.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAsQH,kDAIC;AAKD,kDAGC;AAKD,gDAEC;AAvRD,oCAAqF;AAErF;;;GAGG;AACU,QAAA,wBAAwB,GAA4B;IAC/D,yBAAyB;IACzB;QACE,IAAI,EAAE,cAAc;QACpB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,EAAE,wBAAgB,CAAC,QAAQ,CAAC;QACjE,WAAW,EAAE,wEAAwE;QACrF,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,kFAAkF,CAAC;QAChG,gBAAgB,EAAE,OAAO;KAC1B;IACD;QACE,IAAI,EAAE,cAAc;QACpB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,WAAW,EAAE,wBAAgB,CAAC,OAAO,CAAC;QACpE,WAAW,EAAE,wDAAwD;QACrE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,iDAAiD,CAAC;QAC/D,gBAAgB,EAAE,sBAAsB;KACzC;IACD;QACE,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,qDAAqD,CAAC;QACnE,gBAAgB,EAAE,0CAA0C;KAC7D;IACD;QACE,IAAI,EAAE,IAAI;QACV,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,qDAAqD,CAAC;QACnE,gBAAgB,EAAE,qBAAqB;KACxC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,EAAE,wBAAgB,CAAC,QAAQ,CAAC;QACjE,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,kFAAkF,CAAC;QAChG,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,UAAU,CAAC;QACzC,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,mHAAmH,CAAC;QACjI,gBAAgB,EAAE,cAAc;KACjC;IACD;QACE,IAAI,EAAE,OAAO;QACb,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,UAAU,CAAC;QACzC,WAAW,EAAE,uCAAuC;QACpD,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,mHAAmH,CAAC;QACjI,gBAAgB,EAAE,OAAO;KAC1B;IACD;QACE,IAAI,EAAE,UAAU;QAChB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,iBAAiB,CAAC;QAChD,WAAW,EAAE,oEAAoE;QACjF,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,gFAAgF,CAAC;QAC9F,gBAAgB,EAAE,wBAAwB;KAC3C;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,uGAAuG,CAAC;QACrH,gBAAgB,EAAE,qBAAqB;KACxC;IACD;QACE,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,uGAAuG,CAAC;QACrH,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,WAAW,CAAC;QAC1C,WAAW,EAAE,wCAAwC;QACrD,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,iFAAiF,CAAC;QAC/F,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,gDAAgD;QAC7D,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,gEAAgE,CAAC;QAC9E,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,OAAO,CAAC;QACtC,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,gEAAgE,CAAC;QAC9E,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,SAAS,EAAE,KAAK;QAChB,UAAU,EAAE,CAAC,wBAAgB,CAAC,QAAQ,CAAC;QACvC,WAAW,EAAE,wBAAwB;QACrC,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,gEAAgE,CAAC;QAC9E,gBAAgB,EAAE,GAAG;KACtB;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,kBAAkB;QACxB,SAAS,EAAE,UAAU;QACrB,UAAU,EAAE,CAAC,wBAAgB,CAAC,QAAQ,CAAC;QACvC,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,wBAAwB,CAAC;QACtC,gBAAgB,EAAE,GAAG;KACtB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,SAAS,EAAE,UAAU;QACrB,UAAU,EAAE,CAAC,wBAAgB,CAAC,QAAQ,CAAC;QACvC,WAAW,EAAE,+BAA+B;QAC5C,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,wBAAwB,CAAC;QACtC,gBAAgB,EAAE,GAAG;KACtB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,mBAAmB;QACzB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,CAAC,wBAAgB,CAAC,WAAW,CAAC;QAC1C,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,CAAC,sCAAsC,CAAC;QACpD,gBAAgB,EAAE,GAAG;KACtB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,iCAAiC;QACvC,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,CAAC,wBAAgB,CAAC,QAAQ,CAAC;QACvC,WAAW,EAAE,mDAAmD;QAChE,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,EAAE;QACd,gBAAgB,EAAE,MAAM;KACzB;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,gBAAgB,GAAuC;IAClE,GAAG,EAAE;QACH,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;QACnE,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY;QAC9D,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO;QACnE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU;QACnE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;QACnE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU;QACzE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU;KACpE;IACD,GAAG,EAAE;QACH,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY;QAC5E,cAAc,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,UAAU,EAAE,QAAQ;QACzE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ;QAC1E,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;QAC3E,UAAU,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU;QACtE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO;QACzE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;KACxE;IACD,QAAQ,EAAE;QACR,mBAAmB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,iBAAiB;QAC9E,iBAAiB,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB;QAClE,eAAe,EAAE,aAAa,EAAE,kBAAkB,EAAE,SAAS,EAAE,yBAAyB;QACxF,kBAAkB,EAAE,eAAe,EAAE,kBAAkB,EAAE,WAAW;KACrE;IACD,KAAK,EAAE;QACL,iCAAiC,EAAE,wBAAwB,EAAE,kCAAkC;QAC/F,aAAa,EAAE,qBAAqB,EAAE,gCAAgC;QACtE,6CAA6C,EAAE,sCAAsC;QACrF,4BAA4B,EAAE,2BAA2B,EAAE,0BAA0B;KACtF;IACD,MAAM,EAAE;QACN,iCAAiC,EAAE,wBAAwB,EAAE,oCAAoC;KAClG;IACD,KAAK,EAAE;QACL,iBAAiB,EAAE,+BAA+B,EAAE,SAAS,EAAE,YAAY;QAC3E,QAAQ,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK;KAC1E;IACD,KAAK,EAAE;QACL,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS;QACrE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY;KAC9D;IACD,KAAK,EAAE;QACL,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe;QAC/E,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY;KAC7D;IACD,KAAK,EAAE;QACL,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM;KAC1E;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,mBAAmB,GAA0F;IACxH,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACjG,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACzG,YAAY,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACrF,WAAW,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACjF,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACtG,QAAQ,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACnG,UAAU,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAChG,MAAM,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,yBAAyB,EAAE;IACtF,qBAAqB,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,4BAA4B,EAAE,MAAM,EAAE,kCAAkC,EAAE;CACxI,CAAC;AAEF;;GAEG;AACU,QAAA,8BAA8B,GAAa;AACtD,mEAAmE;AACnE,gDAAgD;CACjD,CAAC;AAEF;;GAEG;AACH,SAAgB,mBAAmB,CAAC,IAAY,EAAE,SAA2B;IAC3E,OAAO,gCAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACvC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CACzE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,MAAM,IAAI,GAAG,2BAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACrD,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,SAA2B;IAC5D,OAAO,wBAAgB,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;AAC3C,CAAC"}

package/dist/dependencies/dependencyAnalyzer.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Dependency Analyzer
+ * Main orchestrator for Software Composition Analysis (SCA)
+ * Analyzes project dependencies without executing any code
+ */
+import { DependencyAnalysisResult } from './types';
+import { AIConfig } from '../types';
+/**
+ * Dependency Analyzer Configuration
+ */
+export interface DependencyAnalyzerConfig {
+    /** Project path to analyze */
+    projectPath: string;
+    /** Enable AI-assisted analysis */
+    useAI?: boolean;
+    /** AI configuration */
+    aiConfig?: AIConfig;
+    /** Maximum depth to search for manifests */
+    maxDepth?: number;
+    /** Directories to exclude */
+    exclude?: string[];
+    /** Include dev dependencies in analysis */
+    includeDevDependencies?: boolean;
+    /** Verbose logging */
+    verbose?: boolean;
+}
+/**
+ * Dependency Analyzer Class
+ * Main entry point for Software Composition Analysis
+ */
+export declare class DependencyAnalyzer {
+    private config;
+    private vulnerabilityDetector;
+    private aiAnalyzer?;
+    constructor(config: DependencyAnalyzerConfig);
+    /**
+     * Run dependency analysis
+     */
+    analyze(): Promise<DependencyAnalysisResult>;
+    /**
+     * Find all manifest files in the project
+     */
+    private findManifestFiles;
+    /**
+     * Recursively walk directory
+     */
+    private walkDirectory;
+    /**
+     * Parse a manifest file
+     */
+    private parseManifest;
+    /**
+     * Deduplicate dependencies across manifests
+     */
+    private deduplicateDependencies;
+    /**
+     * Analyze dependencies for vulnerabilities
+     */
+    private analyzeVulnerabilities;
+    /**
+     * Sort vulnerabilities by severity
+     */
+    private sortVulnerabilities;
+    /**
+     * Calculate analysis statistics
+     */
+    private calculateStats;
+    /**
+     * Create empty result when no manifests found
+     */
+    private createEmptyResult;
+}
+export default DependencyAnalyzer;
+//# sourceMappingURL=dependencyAnalyzer.d.ts.map

package/dist/dependencies/dependencyAnalyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependencyAnalyzer.d.ts","sourceRoot":"","sources":["../../src/dependencies/dependencyAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EACL,wBAAwB,EAOzB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAwB,QAAQ,EAAE,MAAM,UAAU,CAAC;AAkC1D;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,uBAAuB;IACvB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,2CAA2C;IAC3C,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,sBAAsB;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,UAAU,CAAC,CAAM;gBAEb,MAAM,EAAE,wBAAwB;IAW5C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,wBAAwB,CAAC;IA0DlD;;OAEG;YACW,iBAAiB;IAsB/B;;OAEG;YACW,aAAa;IA8B3B;;OAEG;YACW,aAAa;IAwB3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAoB/B;;OAEG;YACW,sBAAsB;IAwBpC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;OAEG;IACH,OAAO,CAAC,cAAc;IAgDtB;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAiC1B;AAED,eAAe,kBAAkB,CAAC"}