npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/dist/dependencies/installed/installedScanner.js ADDED Viewed

@@ -0,0 +1,766 @@
+"use strict";
+/**
+ * Installed Dependencies Scanner
+ * Scans installed packages (node_modules, vendor, venv) for malware
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InstalledDependenciesScanner = void 0;
+exports.scanInstalledDependencies = scanInstalledDependencies;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const malwarePatterns_1 = require("./malwarePatterns");
+const types_1 = require("../types");
+const types_2 = require("../../types");
+const logger_1 = require("../../utils/logger");
+const utils_1 = require("../../utils");
+/**
+ * Default configuration for installed dependencies scanner
+ */
+const DEFAULT_CONFIG = {
+    maxFileSizeBytes: 5 * 1024 * 1024, // 5MB
+    fileExtensions: ['.js', '.ts', '.mjs', '.cjs', '.py', '.php', '.rb', '.sh', '.ps1', '.cmd', '.bat'],
+    verifyIntegrity: true,
+    scanPostInstallScripts: true,
+    maxDepth: 10,
+    verbose: false,
+    parallelScans: 4
+};
+/**
+ * Folder configurations for different ecosystems
+ */
+const DEPENDENCY_FOLDERS = {
+    npm: ['node_modules'],
+    pip: ['venv', '.venv', 'env', '.env', 'site-packages', 'lib/python*/site-packages'],
+    composer: ['vendor'],
+    maven: ['.m2/repository'],
+    gradle: ['.gradle/caches/modules-2/files-2.1'],
+    nuget: ['packages', '.nuget/packages']
+};
+/**
+ * Installed Dependencies Scanner Class
+ */
+class InstalledDependenciesScanner {
+    config;
+    scannedFiles = new Set();
+    stats;
+    constructor(config) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.stats = this.initializeStats();
+    }
+    /**
+     * Run the installed dependencies scan
+     */
+    async scan() {
+        const startTime = Date.now();
+        logger_1.logger.info('🔍 Starting installed dependencies scan...');
+        const scannedFolders = [];
+        const installedPackages = [];
+        const malwareFindings = [];
+        const integrityIssues = [];
+        const suspiciousScripts = [];
+        // Find and scan dependency folders
+        const foldersToScan = this.config.foldersToScan || this.findDependencyFolders();
+        for (const folderPath of foldersToScan) {
+            if (!fs.existsSync(folderPath))
+                continue;
+            logger_1.logger.info(`📂 Scanning: ${folderPath}`);
+            const folderInfo = await this.scanDependencyFolder(folderPath);
+            scannedFolders.push(folderInfo.scannedFolder);
+            installedPackages.push(...folderInfo.packages);
+            malwareFindings.push(...folderInfo.malwareFindings);
+            suspiciousScripts.push(...folderInfo.suspiciousScripts);
+        }
+        // Verify integrity if enabled
+        if (this.config.verifyIntegrity) {
+            const integrity = await this.verifyPackageIntegrity(installedPackages);
+            integrityIssues.push(...integrity);
+        }
+        // Update statistics
+        const endTime = Date.now();
+        this.stats.duration = endTime - startTime;
+        this.stats.totalFoldersScanned = scannedFolders.length;
+        this.stats.totalPackagesFound = installedPackages.length;
+        this.stats.malwareFindingsCount = malwareFindings.length;
+        this.stats.integrityIssuesCount = integrityIssues.length;
+        this.stats.suspiciousScriptsCount = suspiciousScripts.length;
+        // Count findings by severity
+        for (const finding of malwareFindings) {
+            this.stats.findingsBySeverity[finding.severity] =
+                (this.stats.findingsBySeverity[finding.severity] || 0) + 1;
+        }
+        logger_1.logger.info(`✅ Scan complete: ${malwareFindings.length} malware findings, ${integrityIssues.length} integrity issues`);
+        return {
+            scannedFolders,
+            installedPackages,
+            malwareFindings,
+            integrityIssues,
+            suspiciousScripts,
+            stats: this.stats,
+            timestamp: new Date()
+        };
+    }
+    /**
+     * Find dependency folders in the project
+     */
+    findDependencyFolders() {
+        const folders = [];
+        const projectPath = this.config.projectPath;
+        // Check for node_modules
+        const nodeModules = path.join(projectPath, 'node_modules');
+        if (fs.existsSync(nodeModules)) {
+            folders.push(nodeModules);
+        }
+        // Check for vendor (PHP)
+        const vendor = path.join(projectPath, 'vendor');
+        if (fs.existsSync(vendor)) {
+            folders.push(vendor);
+        }
+        // Check for Python virtual environments
+        for (const venvName of ['venv', '.venv', 'env', '.env']) {
+            const venv = path.join(projectPath, venvName);
+            if (fs.existsSync(venv)) {
+                // Look for site-packages
+                const sitePackages = this.findSitePackages(venv);
+                if (sitePackages) {
+                    folders.push(sitePackages);
+                }
+            }
+        }
+        return folders;
+    }
+    /**
+     * Find site-packages in a Python virtual environment
+     */
+    findSitePackages(venvPath) {
+        // Windows: venv/Lib/site-packages
+        const windowsPath = path.join(venvPath, 'Lib', 'site-packages');
+        if (fs.existsSync(windowsPath)) {
+            return windowsPath;
+        }
+        // Unix: venv/lib/pythonX.X/site-packages
+        const libPath = path.join(venvPath, 'lib');
+        if (fs.existsSync(libPath)) {
+            try {
+                const entries = fs.readdirSync(libPath);
+                for (const entry of entries) {
+                    if (entry.startsWith('python')) {
+                        const sitePackages = path.join(libPath, entry, 'site-packages');
+                        if (fs.existsSync(sitePackages)) {
+                            return sitePackages;
+                        }
+                    }
+                }
+            }
+            catch {
+                // Ignore errors
+            }
+        }
+        return null;
+    }
+    /**
+     * Scan a dependency folder
+     */
+    async scanDependencyFolder(folderPath) {
+        const packages = [];
+        const malwareFindings = [];
+        const suspiciousScripts = [];
+        const folderType = this.getFolderType(folderPath);
+        const ecosystem = this.getEcosystemFromFolder(folderPath);
+        let totalSize = 0;
+        let filesScanned = 0;
+        // Get all packages in the folder
+        const packageDirs = await this.getPackageDirectories(folderPath, ecosystem);
+        for (const packageDir of packageDirs) {
+            const pkg = await this.parseInstalledPackage(packageDir, ecosystem);
+            if (pkg) {
+                packages.push(pkg);
+                totalSize += pkg.sizeBytes;
+                // Scan package files for malware
+                const findings = await this.scanPackageForMalware(pkg, packageDir);
+                malwareFindings.push(...findings.malwareFindings);
+                filesScanned += findings.filesScanned;
+                // Check post-install scripts
+                if (this.config.scanPostInstallScripts && pkg.hasPostInstallScripts) {
+                    const scriptFindings = this.analyzePostInstallScripts(pkg);
+                    suspiciousScripts.push(...scriptFindings);
+                }
+                // Update ecosystem stats
+                this.stats.packagesByEcosystem[ecosystem] =
+                    (this.stats.packagesByEcosystem[ecosystem] || 0) + 1;
+            }
+        }
+        this.stats.totalFilesScanned += filesScanned;
+        this.stats.totalBytesScanned += totalSize;
+        return {
+            scannedFolder: {
+                path: folderPath,
+                type: folderType,
+                ecosystem,
+                packageCount: packages.length,
+                totalSizeBytes: totalSize,
+                filesScanned
+            },
+            packages,
+            malwareFindings,
+            suspiciousScripts
+        };
+    }
+    /**
+     * Get folder type from path
+     */
+    getFolderType(folderPath) {
+        const folderName = path.basename(folderPath);
+        if (folderName === 'node_modules')
+            return 'node_modules';
+        if (folderName === 'vendor')
+            return 'vendor';
+        if (folderName === 'site-packages')
+            return 'site-packages';
+        if (['venv', '.venv', 'env', '.env'].includes(folderName))
+            return 'venv';
+        if (folderName === 'packages')
+            return 'packages';
+        return 'other';
+    }
+    /**
+     * Get ecosystem from folder path
+     */
+    getEcosystemFromFolder(folderPath) {
+        if (folderPath.includes('node_modules'))
+            return 'npm';
+        if (folderPath.includes('vendor'))
+            return 'composer';
+        if (folderPath.includes('site-packages') || folderPath.includes('venv'))
+            return 'pip';
+        if (folderPath.includes('.nuget') || folderPath.includes('packages'))
+            return 'nuget';
+        return 'npm'; // Default
+    }
+    /**
+     * Get package directories in a dependency folder
+     */
+    async getPackageDirectories(folderPath, ecosystem) {
+        const packageDirs = [];
+        try {
+            const entries = fs.readdirSync(folderPath, { withFileTypes: true });
+            for (const entry of entries) {
+                if (!entry.isDirectory())
+                    continue;
+                const fullPath = path.join(folderPath, entry.name);
+                // Handle scoped packages for npm (@scope/package)
+                if (ecosystem === 'npm' && entry.name.startsWith('@')) {
+                    const scopedEntries = fs.readdirSync(fullPath, { withFileTypes: true });
+                    for (const scopedEntry of scopedEntries) {
+                        if (scopedEntry.isDirectory()) {
+                            packageDirs.push(path.join(fullPath, scopedEntry.name));
+                        }
+                    }
+                }
+                else if (!entry.name.startsWith('.')) {
+                    packageDirs.push(fullPath);
+                }
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`Error reading directory ${folderPath}: ${error}`);
+        }
+        return packageDirs;
+    }
+    /**
+     * Parse an installed package directory
+     */
+    async parseInstalledPackage(packageDir, ecosystem) {
+        try {
+            let name = path.basename(packageDir);
+            let version = 'unknown';
+            let metadata = {};
+            let hasPostInstallScripts = false;
+            let postInstallScripts = [];
+            // Handle scoped packages
+            const parentDir = path.basename(path.dirname(packageDir));
+            if (parentDir.startsWith('@')) {
+                name = `${parentDir}/${name}`;
+            }
+            // Parse package.json for npm
+            if (ecosystem === 'npm') {
+                const packageJsonPath = path.join(packageDir, 'package.json');
+                if (fs.existsSync(packageJsonPath)) {
+                    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+                    name = packageJson.name || name;
+                    version = packageJson.version || version;
+                    metadata = {
+                        author: typeof packageJson.author === 'string' ? packageJson.author : packageJson.author?.name,
+                        license: packageJson.license,
+                        homepage: packageJson.homepage,
+                        repository: typeof packageJson.repository === 'string' ? packageJson.repository : packageJson.repository?.url,
+                        description: packageJson.description,
+                        main: packageJson.main,
+                        binaries: packageJson.bin ? Object.keys(packageJson.bin) : undefined
+                    };
+                    // Check for post-install scripts
+                    const scripts = packageJson.scripts || {};
+                    for (const scriptType of ['preinstall', 'install', 'postinstall', 'preuninstall', 'postuninstall']) {
+                        if (scripts[scriptType]) {
+                            hasPostInstallScripts = true;
+                            const scriptInfo = this.analyzeScript(scriptType, scripts[scriptType], packageDir);
+                            postInstallScripts.push(scriptInfo);
+                        }
+                    }
+                }
+            }
+            // Parse for pip/Python
+            if (ecosystem === 'pip') {
+                // Try to find PKG-INFO or METADATA
+                const metadataPath = path.join(packageDir, 'PKG-INFO');
+                const distInfoDir = this.findDistInfoDir(packageDir);
+                if (distInfoDir) {
+                    const metaPath = path.join(distInfoDir, 'METADATA');
+                    if (fs.existsSync(metaPath)) {
+                        const content = fs.readFileSync(metaPath, 'utf-8');
+                        const parsed = this.parsePythonMetadata(content);
+                        name = parsed.name || name;
+                        version = parsed.version || version;
+                        metadata = {
+                            author: parsed.author,
+                            license: parsed.license,
+                            homepage: parsed.homepage,
+                            description: parsed.summary
+                        };
+                    }
+                }
+            }
+            // Calculate size and file count
+            const sizeInfo = this.calculateDirectorySize(packageDir);
+            return {
+                name,
+                version,
+                ecosystem,
+                installPath: packageDir,
+                sizeBytes: sizeInfo.size,
+                fileCount: sizeInfo.fileCount,
+                hasPostInstallScripts,
+                postInstallScripts: postInstallScripts.length > 0 ? postInstallScripts : undefined,
+                metadata
+            };
+        }
+        catch (error) {
+            logger_1.logger.debug(`Error parsing package at ${packageDir}: ${error}`);
+            return null;
+        }
+    }
+    /**
+     * Find .dist-info directory for Python packages
+     */
+    findDistInfoDir(packageDir) {
+        const parentDir = path.dirname(packageDir);
+        const packageName = path.basename(packageDir);
+        try {
+            const entries = fs.readdirSync(parentDir);
+            for (const entry of entries) {
+                if (entry.startsWith(packageName.replace(/-/g, '_')) && entry.endsWith('.dist-info')) {
+                    return path.join(parentDir, entry);
+                }
+            }
+        }
+        catch {
+            // Ignore
+        }
+        return null;
+    }
+    /**
+     * Parse Python package metadata
+     */
+    parsePythonMetadata(content) {
+        const result = {};
+        const lines = content.split('\n');
+        for (const line of lines) {
+            const match = line.match(/^([A-Za-z-]+):\s*(.+)$/);
+            if (match) {
+                const key = match[1].toLowerCase().replace(/-/g, '_');
+                result[key] = match[2].trim();
+            }
+        }
+        return {
+            name: result.name,
+            version: result.version,
+            author: result.author,
+            license: result.license,
+            homepage: result.home_page,
+            summary: result.summary
+        };
+    }
+    /**
+     * Analyze a post-install script
+     */
+    analyzeScript(type, command, packageDir) {
+        const riskIndicators = [];
+        let riskLevel = types_2.Severity.INFO;
+        let scriptContent;
+        let scriptPath;
+        // Check for file reference
+        const fileMatch = command.match(/node\s+([^\s]+)/);
+        if (fileMatch) {
+            const possiblePath = path.join(packageDir, fileMatch[1]);
+            if (fs.existsSync(possiblePath)) {
+                scriptPath = possiblePath;
+                try {
+                    scriptContent = fs.readFileSync(possiblePath, 'utf-8');
+                }
+                catch {
+                    // Ignore read errors
+                }
+            }
+        }
+        // Analyze command and content for suspicious patterns
+        const contentToAnalyze = scriptContent || command;
+        for (const pattern of malwarePatterns_1.SUSPICIOUS_SCRIPT_PATTERNS) {
+            if (pattern.test(contentToAnalyze)) {
+                riskIndicators.push(pattern.source);
+                if (riskLevel === types_2.Severity.INFO)
+                    riskLevel = types_2.Severity.LOW;
+            }
+        }
+        // Check for high-risk patterns
+        if (/curl.*\|.*sh|wget.*\|.*bash|rm\s+-rf/.test(contentToAnalyze)) {
+            riskLevel = types_2.Severity.CRITICAL;
+        }
+        else if (/eval|exec|subprocess|child_process/.test(contentToAnalyze)) {
+            riskLevel = types_2.Severity.HIGH;
+        }
+        else if (/http|fetch|request/.test(contentToAnalyze)) {
+            riskLevel = types_2.Severity.MEDIUM;
+        }
+        return {
+            type,
+            command,
+            scriptPath,
+            content: scriptContent,
+            riskLevel,
+            riskIndicators
+        };
+    }
+    /**
+     * Analyze post-install scripts for a package
+     */
+    analyzePostInstallScripts(pkg) {
+        const findings = [];
+        if (!pkg.postInstallScripts)
+            return findings;
+        for (const script of pkg.postInstallScripts) {
+            if (script.riskLevel !== 'info' && script.riskIndicators.length > 0) {
+                findings.push({
+                    packageName: pkg.name,
+                    script,
+                    severity: script.riskLevel,
+                    description: `Suspicious ${script.type} script detected in package ${pkg.name}`,
+                    riskIndicators: script.riskIndicators
+                });
+            }
+        }
+        return findings;
+    }
+    /**
+     * Calculate directory size
+     */
+    calculateDirectorySize(dirPath) {
+        let size = 0;
+        let fileCount = 0;
+        const calculate = (dir, depth = 0) => {
+            if (depth > 5)
+                return; // Limit recursion depth
+            try {
+                const entries = fs.readdirSync(dir, { withFileTypes: true });
+                for (const entry of entries) {
+                    const fullPath = path.join(dir, entry.name);
+                    if (entry.isDirectory()) {
+                        calculate(fullPath, depth + 1);
+                    }
+                    else if (entry.isFile()) {
+                        const stats = fs.statSync(fullPath);
+                        size += stats.size;
+                        fileCount++;
+                    }
+                }
+            }
+            catch {
+                // Ignore permission errors
+            }
+        };
+        calculate(dirPath);
+        return { size, fileCount };
+    }
+    /**
+     * Scan a package for malware
+     */
+    async scanPackageForMalware(pkg, packageDir) {
+        const malwareFindings = [];
+        let filesScanned = 0;
+        const scanFile = (filePath) => {
+            if (this.scannedFiles.has(filePath))
+                return;
+            this.scannedFiles.add(filePath);
+            const ext = path.extname(filePath).toLowerCase();
+            if (!this.config.fileExtensions?.includes(ext))
+                return;
+            try {
+                const stats = fs.statSync(filePath);
+                if (stats.size > (this.config.maxFileSizeBytes ?? 5 * 1024 * 1024))
+                    return;
+                const content = fs.readFileSync(filePath, 'utf-8');
+                filesScanned++;
+                // Get patterns applicable to this file type
+                const patterns = (0, malwarePatterns_1.getPatternsForFile)(filePath);
+                for (const pattern of patterns) {
+                    for (const regex of pattern.patterns) {
+                        // Reset regex state
+                        regex.lastIndex = 0;
+                        const match = regex.exec(content);
+                        if (match) {
+                            // Find line number
+                            const beforeMatch = content.substring(0, match.index);
+                            const lineNumber = beforeMatch.split('\n').length;
+                            // Extract code snippet
+                            const lines = content.split('\n');
+                            const startLine = Math.max(0, lineNumber - 2);
+                            const endLine = Math.min(lines.length, lineNumber + 2);
+                            const codeSnippet = lines.slice(startLine, endLine).join('\n');
+                            malwareFindings.push({
+                                id: (0, utils_1.generateId)(),
+                                package: pkg,
+                                filePath,
+                                lineNumber,
+                                indicators: [pattern.indicator],
+                                severity: pattern.severity,
+                                title: pattern.name,
+                                description: pattern.description,
+                                matchedPattern: pattern.id,
+                                codeSnippet,
+                                standards: pattern.standards,
+                                recommendation: this.getRecommendation(pattern.indicator),
+                                confidence: pattern.confidence,
+                                timestamp: new Date()
+                            });
+                            // Only report first match per pattern per file
+                            break;
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                // Ignore file read errors (binary files, etc.)
+            }
+        };
+        const scanDirectory = (dir, depth = 0) => {
+            if (depth > (this.config.maxDepth ?? 10))
+                return;
+            try {
+                const entries = fs.readdirSync(dir, { withFileTypes: true });
+                for (const entry of entries) {
+                    const fullPath = path.join(dir, entry.name);
+                    if (entry.isDirectory()) {
+                        // Skip nested node_modules
+                        if (entry.name === 'node_modules' && depth > 0)
+                            continue;
+                        scanDirectory(fullPath, depth + 1);
+                    }
+                    else if (entry.isFile()) {
+                        scanFile(fullPath);
+                    }
+                }
+            }
+            catch {
+                // Ignore permission errors
+            }
+        };
+        scanDirectory(packageDir);
+        return { malwareFindings, filesScanned };
+    }
+    /**
+     * Get recommendation for malware indicator
+     */
+    getRecommendation(indicator) {
+        const recommendations = {
+            [types_1.MalwareIndicator.BACKDOOR]: 'Remove this package immediately. It contains backdoor code that allows remote access.',
+            [types_1.MalwareIndicator.CRYPTOMINER]: 'Remove this package. It contains cryptocurrency mining code that steals computational resources.',
+            [types_1.MalwareIndicator.STEALER]: 'Remove this package immediately. It attempts to steal credentials or sensitive data.',
+            [types_1.MalwareIndicator.LOADER]: 'Remove this package. It downloads and executes code from external sources.',
+            [types_1.MalwareIndicator.OBFUSCATED]: 'Review this package carefully. Heavily obfuscated code may hide malicious functionality.',
+            [types_1.MalwareIndicator.DATA_EXFILTRATION]: 'Remove this package. It attempts to send sensitive data to external servers.',
+            [types_1.MalwareIndicator.KNOWN_MALWARE]: 'Remove this package immediately. It has been identified as known malware.'
+        };
+        return recommendations[indicator] || 'Review this package and consider removing it.';
+    }
+    /**
+     * Verify package integrity
+     */
+    async verifyPackageIntegrity(packages) {
+        const issues = [];
+        // Try to load lock file
+        const lockFileData = await this.loadLockFile();
+        if (!lockFileData) {
+            logger_1.logger.debug('No lock file found for integrity verification');
+            return issues;
+        }
+        for (const pkg of packages) {
+            const expectedVersion = lockFileData.packages[pkg.name];
+            if (!expectedVersion) {
+                // Package not in lock file
+                issues.push({
+                    packageName: pkg.name,
+                    issueType: 'unexpected_package',
+                    severity: types_2.Severity.MEDIUM,
+                    description: `Package ${pkg.name} is installed but not in lock file`,
+                    actual: pkg.version
+                });
+            }
+            else if (expectedVersion !== pkg.version) {
+                // Version mismatch
+                issues.push({
+                    packageName: pkg.name,
+                    issueType: 'version_mismatch',
+                    severity: types_2.Severity.HIGH,
+                    description: `Package ${pkg.name} version mismatch - possible tampering`,
+                    expected: expectedVersion,
+                    actual: pkg.version
+                });
+            }
+            // Update package integrity status
+            pkg.integrityStatus = {
+                status: expectedVersion === pkg.version ? 'verified' :
+                    expectedVersion ? 'mismatch' : 'unknown',
+                expectedVersion,
+                installedVersion: pkg.version
+            };
+        }
+        // Check for missing packages
+        for (const [pkgName, version] of Object.entries(lockFileData.packages)) {
+            const installed = packages.find(p => p.name === pkgName);
+            if (!installed) {
+                issues.push({
+                    packageName: pkgName,
+                    issueType: 'missing_package',
+                    severity: types_2.Severity.LOW,
+                    description: `Package ${pkgName} is in lock file but not installed`,
+                    expected: version
+                });
+            }
+        }
+        return issues;
+    }
+    /**
+     * Load lock file data
+     */
+    async loadLockFile() {
+        const projectPath = this.config.projectPath;
+        const packages = {};
+        // Try package-lock.json
+        const packageLockPath = path.join(projectPath, 'package-lock.json');
+        if (fs.existsSync(packageLockPath)) {
+            try {
+                const lockFile = JSON.parse(fs.readFileSync(packageLockPath, 'utf-8'));
+                // Handle npm v3 format
+                if (lockFile.packages) {
+                    for (const [key, value] of Object.entries(lockFile.packages)) {
+                        if (key && key !== '') {
+                            const name = key.replace(/^node_modules\//, '');
+                            packages[name] = value.version;
+                        }
+                    }
+                }
+                // Handle npm v1/v2 format
+                if (lockFile.dependencies) {
+                    for (const [name, value] of Object.entries(lockFile.dependencies)) {
+                        packages[name] = value.version;
+                    }
+                }
+                return { packages };
+            }
+            catch {
+                logger_1.logger.debug('Error parsing package-lock.json');
+            }
+        }
+        // Try yarn.lock (simplified parsing)
+        const yarnLockPath = path.join(projectPath, 'yarn.lock');
+        if (fs.existsSync(yarnLockPath)) {
+            try {
+                const content = fs.readFileSync(yarnLockPath, 'utf-8');
+                const lines = content.split('\n');
+                let currentPackage = '';
+                for (const line of lines) {
+                    const pkgMatch = line.match(/^"?(@?[^@\s]+)@/);
+                    if (pkgMatch) {
+                        currentPackage = pkgMatch[1];
+                    }
+                    const versionMatch = line.match(/^\s+version:?\s+"?([^"\s]+)"?/);
+                    if (versionMatch && currentPackage) {
+                        packages[currentPackage] = versionMatch[1];
+                    }
+                }
+                return { packages };
+            }
+            catch {
+                logger_1.logger.debug('Error parsing yarn.lock');
+            }
+        }
+        return null;
+    }
+    /**
+     * Initialize statistics
+     */
+    initializeStats() {
+        return {
+            totalFoldersScanned: 0,
+            totalPackagesFound: 0,
+            totalFilesScanned: 0,
+            totalBytesScanned: 0,
+            malwareFindingsCount: 0,
+            integrityIssuesCount: 0,
+            suspiciousScriptsCount: 0,
+            packagesByEcosystem: {},
+            findingsBySeverity: {},
+            duration: 0
+        };
+    }
+}
+exports.InstalledDependenciesScanner = InstalledDependenciesScanner;
+/**
+ * Quick scan function
+ */
+async function scanInstalledDependencies(projectPath) {
+    const scanner = new InstalledDependenciesScanner({ projectPath });
+    return scanner.scan();
+}
+//# sourceMappingURL=installedScanner.js.map