npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/ai/aiAnalyzer.ts ADDED Viewed

@@ -0,0 +1,714 @@
+/**
+ * AI Analyzer Module
+ * Uses AI/ML for advanced threat detection and analysis
+ */
+import { AIConfig, Finding, ScannedFile, Severity, ThreatType, FindingCategory } from '../types';
+import { logger } from '../utils/logger';
+import { generateId } from '../utils';
+import { getStandardsForThreat } from '../rules/standards';
+/**
+ * AI Analysis Result
+ */
+interface AIAnalysisResult {
+  findings: Finding[];
+  explanation?: string;
+  suggestedFixes?: string[];
+  riskAssessment?: string;
+}
+/**
+ * Detected AI Provider
+ */
+type DetectedProvider = 'openai' | 'anthropic' | 'google' | 'local';
+/**
+ * AI Analyzer Class
+ * Provides AI-powered security analysis
+ */
+export class AIAnalyzer {
+  private config: AIConfig;
+  private initialized: boolean = false;
+  private detectedProvider: DetectedProvider = 'openai';
+  constructor(config: AIConfig) {
+    this.config = config;
+    // Auto-detect provider from API key if set to 'auto' or not specified correctly
+    this.detectedProvider = this.detectProvider();
+  }
+  /**
+   * Auto-detect AI provider from API key format
+   */
+  private detectProvider(): DetectedProvider {
+    const apiKey = this.config.apiKey || '';
+    const provider = this.config.provider;
+    // If explicitly set to local, use local
+    if (provider === 'local') {
+      return 'local';
+    }
+    // Auto-detect from API key format
+    if (apiKey.startsWith('sk-ant-') || apiKey.startsWith('sk-ant')) {
+      logger.debug('🔍 Detected Anthropic API key');
+      return 'anthropic';
+    }
+    if (apiKey.startsWith('AIzaSy') || apiKey.startsWith('AIza')) {
+      logger.debug('🔍 Detected Google AI API key');
+      return 'google';
+    }
+    if (apiKey.startsWith('sk-') || apiKey.startsWith('sk-proj-')) {
+      logger.debug('🔍 Detected OpenAI API key');
+      return 'openai';
+    }
+    // Fallback to configured provider or openai
+    if (provider === 'google' || provider === 'gemini') {
+      return 'google';
+    }
+    if (provider === 'anthropic') {
+      return 'anthropic';
+    }
+    if (provider === 'openai') {
+      return 'openai';
+    }
+    // Default to openai if we can't detect
+    return 'openai';
+  }
+  /**
+   * Initialize AI analyzer
+   */
+  async initialize(): Promise<void> {
+    if (!this.config.apiKey && this.detectedProvider !== 'local') {
+      logger.warn('⚠️ AI API key not provided. AI analysis will be limited.');
+      return;
+    }
+    const providerName = this.detectedProvider === 'google' ? 'Google AI (Gemini)' :
+                         this.detectedProvider === 'anthropic' ? 'Anthropic (Claude)' :
+                         this.detectedProvider === 'openai' ? 'OpenAI (GPT)' : 'Local';
+    logger.info(`🤖 Initializing AI analyzer with ${providerName}...`);
+    this.initialized = true;
+  }
+  /**
+   * Analyze code with AI
+   */
+  async analyze(file: ScannedFile): Promise<AIAnalysisResult> {
+    if (!this.initialized) {
+      return { findings: [] };
+    }
+    try {
+      switch (this.detectedProvider) {
+        case 'openai':
+          return await this.analyzeWithOpenAI(file);
+        case 'anthropic':
+          return await this.analyzeWithAnthropic(file);
+        case 'google':
+          return await this.analyzeWithGoogle(file);
+        case 'local':
+          return await this.analyzeWithLocal(file);
+        default:
+          return { findings: [] };
+      }
+    } catch (error) {
+      logger.debug(`AI analysis error: ${error}`);
+      return { findings: [] };
+    }
+  }
+  /**
+   * Get the best model for the provider
+   */
+  private getModel(): string {
+    if (this.config.model) {
+      return this.config.model;
+    }
+    // Default models per provider
+    switch (this.detectedProvider) {
+      case 'openai':
+        return 'gpt-4o'; // Latest and most capable
+      case 'anthropic':
+        return 'claude-3-sonnet-20240229';
+      case 'google':
+        return 'gemini-pro'; // Stable model for v1beta API
+      default:
+        return 'gpt-4';
+    }
+  }
+  /**
+   * Analyze with OpenAI (supports all GPT models)
+   */
+  private async analyzeWithOpenAI(file: ScannedFile): Promise<AIAnalysisResult> {
+    // Dynamic import to avoid issues if package not installed
+    const OpenAI = (await import('openai')).default;
+    const client = new OpenAI({
+      apiKey: this.config.apiKey
+    });
+    const prompt = this.buildAnalysisPrompt(file);
+    const model = this.getModel();
+    logger.debug(`Using OpenAI model: ${model}`);
+    try {
+      const response = await client.chat.completions.create({
+        model: model,
+        messages: [
+          {
+            role: 'system',
+            content: this.getSystemPrompt()
+          },
+          {
+            role: 'user',
+            content: prompt
+          }
+        ],
+        max_tokens: this.config.maxTokens || 2000,
+        temperature: this.config.temperature || 0.1
+      });
+      const content = response.choices[0]?.message?.content;
+      if (!content) {
+        return { findings: [] };
+      }
+      return this.parseAIResponse(content, file);
+    } catch (error: any) {
+      if (error?.status === 429) {
+        logger.warn('⚠️ OpenAI: Cuota excedida. Verifica tu plan en https://platform.openai.com/account/billing');
+      } else if (error?.status === 401) {
+        logger.warn('⚠️ OpenAI: API key inválida');
+      } else {
+        logger.debug(`OpenAI error: ${error.message || error}`);
+      }
+      return { findings: [] };
+    }
+  }
+  /**
+   * Analyze with Anthropic Claude
+   */
+  private async analyzeWithAnthropic(file: ScannedFile): Promise<AIAnalysisResult> {
+    try {
+      const Anthropic = (await import('@anthropic-ai/sdk')).default;
+      const client = new Anthropic({
+        apiKey: this.config.apiKey
+      });
+      const prompt = this.buildAnalysisPrompt(file);
+      const model = this.getModel();
+      logger.debug(`Using Anthropic model: ${model}`);
+      const response = await client.messages.create({
+        model: model,
+        max_tokens: this.config.maxTokens || 2000,
+        system: this.getSystemPrompt(),
+        messages: [
+          {
+            role: 'user',
+            content: prompt
+          }
+        ]
+      });
+      const content = response.content[0];
+      if (!content || content.type !== 'text') {
+        return { findings: [] };
+      }
+      return this.parseAIResponse(content.text, file);
+    } catch (error) {
+      logger.debug(`Anthropic analysis error: ${error}`);
+      return { findings: [] };
+    }
+  }
+  /**
+   * Analyze with Google AI (Gemini)
+   */
+  private async analyzeWithGoogle(file: ScannedFile): Promise<AIAnalysisResult> {
+    try {
+      const prompt = this.buildAnalysisPrompt(file);
+      const model = this.getModel();
+      logger.debug(`Using Google AI model: ${model}`);
+      // Use Google AI REST API directly
+      const apiKey = this.config.apiKey;
+      // Try v1 API first, fallback to v1beta
+      const apis = [
+        `https://generativelanguage.googleapis.com/v1/models/${model}:generateContent?key=${apiKey}`,
+        `https://generativelanguage.googleapis.com/v1beta/models/${model}:generateContent?key=${apiKey}`
+      ];
+      let lastError: any = null;
+      for (const url of apis) {
+        try {
+          const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            body: JSON.stringify({
+              contents: [
+                {
+                  parts: [
+                    {
+                      text: `${this.getSystemPrompt()}\n\n${prompt}`
+                    }
+                  ]
+                }
+              ],
+              generationConfig: {
+                temperature: this.config.temperature || 0.1,
+                maxOutputTokens: this.config.maxTokens || 2000
+              }
+            })
+          });
+          const data = await response.json() as any;
+          if (!response.ok) {
+            lastError = data.error;
+            continue; // Try next API version
+          }
+          const content = data.candidates?.[0]?.content?.parts?.[0]?.text;
+          if (!content) {
+            return { findings: [] };
+          }
+          return this.parseAIResponse(content, file);
+        } catch (e) {
+          lastError = e;
+          continue;
+        }
+      }
+      // If all APIs failed, show helpful message
+      if (lastError) {
+        if (lastError.code === 404) {
+          logger.warn(`⚠️ Google AI: Modelo "${model}" no disponible. Intenta con: gemini-pro`);
+        } else if (lastError.code === 403) {
+          logger.warn('⚠️ Google AI: API key sin permisos. Habilita la API en Google Cloud Console.');
+        } else if (lastError.code === 429) {
+          logger.warn('⚠️ Google AI: Cuota excedida. Espera un momento o verifica tu plan.');
+        } else {
+          logger.debug(`Google AI error: ${JSON.stringify(lastError)}`);
+        }
+      }
+      return { findings: [] };
+    } catch (error) {
+      logger.debug(`Google AI analysis error: ${error}`);
+      return { findings: [] };
+    }
+  }
+  // Cache for local AI results
+  private analysisCache: Map<string, AIAnalysisResult> = new Map();
+  /**
+   * Analyze with local model (Ollama compatible) - Optimized for performance
+   */
+  private async analyzeWithLocal(file: ScannedFile): Promise<AIAnalysisResult> {
+    if (!this.config.endpoint) {
+      logger.warn('Local AI endpoint not configured');
+      return { findings: [] };
+    }
+    // Check cache first
+    const perf = this.config.performance || {};
+    if (perf.enableCache) {
+      const cacheKey = `${file.hash}-${this.config.model}`;
+      const cached = this.analysisCache.get(cacheKey);
+      if (cached) {
+        logger.debug(`⚡ Cache hit for ${file.relativePath}`);
+        return cached;
+      }
+    }
+    const prompt = this.buildAnalysisPrompt(file);
+    const model = this.config.model || 'codellama:7b-instruct';
+    try {
+      logger.debug(`🤖 Usando modelo local: ${model}`);
+      // Build Ollama options with performance tuning
+      const ollamaOptions: Record<string, any> = {
+        num_predict: this.config.maxTokens || 2000,
+        temperature: this.config.temperature || 0.1,
+      };
+      // Apply performance settings
+      if (perf.numGpuLayers !== undefined) {
+        ollamaOptions.num_gpu = perf.numGpuLayers;
+      }
+      if (perf.numThreads !== undefined) {
+        ollamaOptions.num_thread = perf.numThreads;
+      }
+      if (perf.contextSize !== undefined) {
+        ollamaOptions.num_ctx = perf.contextSize;
+      }
+      if (perf.batchSize !== undefined) {
+        ollamaOptions.num_batch = perf.batchSize;
+      }
+      if (perf.useMmap !== undefined) {
+        ollamaOptions.use_mmap = perf.useMmap;
+      }
+      if (perf.useMlock !== undefined) {
+        ollamaOptions.use_mlock = perf.useMlock;
+      }
+      // Use AbortController for timeout
+      const controller = new AbortController();
+      const timeout = perf.timeout || 120000; // 2 minutes default
+      const timeoutId = setTimeout(() => controller.abort(), timeout);
+      const response = await fetch(this.config.endpoint, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({
+          model: model,
+          prompt: `${this.getSystemPrompt()}\n\n${prompt}`,
+          stream: false,
+          options: ollamaOptions
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorText = await response.text();
+        logger.warn(`⚠️ Error del modelo local (${response.status}): ${errorText}`);
+        return { findings: [] };
+      }
+      const data = await response.json() as { response?: string; content?: string; message?: { content?: string } };
+      const content = data.response || data.content || data.message?.content || '';
+      if (!content) {
+        logger.debug('El modelo local no devolvió respuesta');
+        return { findings: [] };
+      }
+      const result = this.parseAIResponse(content, file);
+      // Store in cache
+      if (perf.enableCache) {
+        const cacheKey = `${file.hash}-${this.config.model}`;
+        this.analysisCache.set(cacheKey, result);
+      }
+      return result;
+    } catch (error: any) {
+      if (error.name === 'AbortError') {
+        logger.warn(`⚠️ Timeout analizando ${file.relativePath}`);
+      } else if (error.code === 'ECONNREFUSED') {
+        logger.warn('⚠️ No se puede conectar al servidor local. ¿Está Ollama ejecutándose?');
+        logger.info('💡 Inicia Ollama con: ollama serve');
+      } else {
+        logger.debug(`Local AI error: ${error.message || error}`);
+      }
+      return { findings: [] };
+    }
+  }
+  /**
+   * Analyze multiple files in parallel (for local models)
+   */
+  async analyzeParallel(files: ScannedFile[]): Promise<Map<string, AIAnalysisResult>> {
+    const results = new Map<string, AIAnalysisResult>();
+    const parallelRequests = this.config.performance?.parallelRequests || 1;
+    // Process in batches
+    for (let i = 0; i < files.length; i += parallelRequests) {
+      const batch = files.slice(i, i + parallelRequests);
+      const batchPromises = batch.map(async (file) => {
+        const result = await this.analyze(file);
+        return { path: file.relativePath, result };
+      });
+      const batchResults = await Promise.all(batchPromises);
+      for (const { path, result } of batchResults) {
+        results.set(path, result);
+      }
+    }
+    return results;
+  }
+  /**
+   * Clear the analysis cache
+   */
+  clearCache(): void {
+    this.analysisCache.clear();
+    logger.debug('🗑️ AI analysis cache cleared');
+  }
+  /**
+   * Get system prompt for AI
+   */
+  private getSystemPrompt(): string {
+    return `You are an expert security analyst specializing in static code analysis (SAST).
+Your task is to analyze code for:
+1. Security vulnerabilities (SQL injection, XSS, command injection, etc.)
+2. Malicious code patterns (backdoors, keyloggers, data exfiltration)
+3. Insecure configurations
+4. Hardcoded credentials
+For each finding, provide:
+- Title: Brief description
+- Severity: critical, high, medium, low, or info
+- Type: vulnerability type (sql_injection, xss, backdoor, etc.)
+- Line: approximate line number
+- Description: detailed explanation
+- Remediation: how to fix
+Respond in JSON format:
+{
+  "findings": [
+    {
+      "title": "...",
+      "severity": "...",
+      "type": "...",
+      "line": 123,
+      "description": "...",
+      "remediation": "..."
+    }
+  ],
+  "riskAssessment": "Overall risk assessment",
+  "explanation": "Summary of analysis"
+}
+Be precise and avoid false positives. Focus on real security issues.`;
+  }
+  /**
+   * Build analysis prompt
+   */
+  private buildAnalysisPrompt(file: ScannedFile): string {
+    // Truncate large files
+    const maxLength = 8000;
+    const content = file.content.length > maxLength
+      ? file.content.substring(0, maxLength) + '\n... (truncated)'
+      : file.content;
+    return `Analyze this ${file.language || 'unknown'} code file for security issues:
+File: ${file.relativePath}
+Language: ${file.language || 'unknown'}
+\`\`\`
+${content}
+\`\`\`
+Identify all security vulnerabilities and malicious code patterns.`;
+  }
+  /**
+   * Parse AI response into findings
+   */
+  private parseAIResponse(response: string, file: ScannedFile): AIAnalysisResult {
+    try {
+      // Extract JSON from response
+      const jsonMatch = response.match(/\{[\s\S]*\}/);
+      if (!jsonMatch) {
+        return { findings: [] };
+      }
+      const parsed = JSON.parse(jsonMatch[0]);
+      const findings: Finding[] = [];
+      for (const item of parsed.findings || []) {
+        const finding = this.convertToFinding(item, file);
+        if (finding) {
+          findings.push(finding);
+        }
+      }
+      return {
+        findings,
+        explanation: parsed.explanation,
+        riskAssessment: parsed.riskAssessment
+      };
+    } catch (error) {
+      logger.debug(`Failed to parse AI response: ${error}`);
+      return { findings: [] };
+    }
+  }
+  /**
+   * Convert AI finding to Finding type
+   */
+  private convertToFinding(item: any, file: ScannedFile): Finding | null {
+    if (!item.title || !item.severity) {
+      return null;
+    }
+    const severity = this.parseSeverity(item.severity);
+    const threatType = this.parseThreatType(item.type);
+    const lineNum = parseInt(item.line) || 1;
+    // Extract code context
+    const lines = file.content.split('\n');
+    const code = lines[lineNum - 1] || '';
+    const contextBefore = lines.slice(Math.max(0, lineNum - 3), lineNum - 1).join('\n');
+    const contextAfter = lines.slice(lineNum, Math.min(lines.length, lineNum + 2)).join('\n');
+    return {
+      id: generateId(),
+      title: item.title,
+      description: item.description || item.title,
+      severity,
+      threatType,
+      category: this.ismalwareType(threatType) ? FindingCategory.MALWARE : FindingCategory.VULNERABILITY,
+      location: {
+        file: file.relativePath,
+        startLine: lineNum,
+        endLine: lineNum
+      },
+      snippet: {
+        code,
+        contextBefore,
+        contextAfter
+      },
+      standards: getStandardsForThreat(threatType),
+      remediation: item.remediation || 'Review and fix the identified issue.',
+      confidence: 70,
+      analyzer: 'AI Analyzer',
+      timestamp: new Date(),
+      tags: ['ai-detected'],
+      aiExplanation: item.description,
+      suggestedFix: item.remediation
+    };
+  }
+  /**
+   * Parse severity string
+   */
+  private parseSeverity(severity: string): Severity {
+    const lower = severity.toLowerCase();
+    if (lower.includes('critical')) return Severity.CRITICAL;
+    if (lower.includes('high')) return Severity.HIGH;
+    if (lower.includes('medium')) return Severity.MEDIUM;
+    if (lower.includes('low')) return Severity.LOW;
+    return Severity.INFO;
+  }
+  /**
+   * Parse threat type string
+   */
+  private parseThreatType(type: string): ThreatType {
+    const lower = (type || '').toLowerCase().replace(/[_-]/g, '');
+    const typeMap: Record<string, ThreatType> = {
+      'sqlinjection': ThreatType.SQL_INJECTION,
+      'sqli': ThreatType.SQL_INJECTION,
+      'commandinjection': ThreatType.COMMAND_INJECTION,
+      'cmdi': ThreatType.COMMAND_INJECTION,
+      'xss': ThreatType.XSS,
+      'crosssitescripting': ThreatType.XSS,
+      'csrf': ThreatType.CSRF,
+      'deserialization': ThreatType.INSECURE_DESERIALIZATION,
+      'hardcodedcredentials': ThreatType.HARDCODED_CREDENTIALS,
+      'credentials': ThreatType.HARDCODED_CREDENTIALS,
+      'pathtraversal': ThreatType.PATH_TRAVERSAL,
+      'lfi': ThreatType.PATH_TRAVERSAL,
+      'backdoor': ThreatType.BACKDOOR,
+      'keylogger': ThreatType.KEYLOGGER,
+      'cryptominer': ThreatType.CRYPTOMINER,
+      'obfuscation': ThreatType.OBFUSCATED_CODE,
+      'exfiltration': ThreatType.DATA_EXFILTRATION
+    };
+    return typeMap[lower] || ThreatType.DANGEROUS_FUNCTION;
+  }
+  /**
+   * Check if threat type is malware
+   */
+  private ismalwareType(type: ThreatType): boolean {
+    const malwareTypes = [
+      ThreatType.BACKDOOR,
+      ThreatType.KEYLOGGER,
+      ThreatType.CRYPTOMINER,
+      ThreatType.OBFUSCATED_CODE,
+      ThreatType.EMBEDDED_PAYLOAD,
+      ThreatType.REVERSE_SHELL,
+      ThreatType.DATA_EXFILTRATION,
+      ThreatType.MALICIOUS_LOADER
+    ];
+    return malwareTypes.includes(type);
+  }
+  /**
+   * Enhance finding with AI explanation
+   */
+  async enhanceFinding(finding: Finding): Promise<Finding> {
+    if (!this.initialized || !this.config.apiKey) {
+      return finding;
+    }
+    try {
+      const OpenAI = (await import('openai')).default;
+      const client = new OpenAI({ apiKey: this.config.apiKey });
+      const response = await client.chat.completions.create({
+        model: this.config.model || 'gpt-4',
+        messages: [
+          {
+            role: 'system',
+            content: 'You are a security expert. Provide a clear, technical explanation of the security issue and a specific code fix.'
+          },
+          {
+            role: 'user',
+            content: `Explain this security finding and provide a fix:
+Title: ${finding.title}
+Type: ${finding.threatType}
+Code:
+\`\`\`
+${finding.snippet.code}
+\`\`\`
+Provide a 2-3 sentence explanation and a corrected code example.`
+          }
+        ],
+        max_tokens: 500,
+        temperature: 0.2
+      });
+      const content = response.choices[0]?.message?.content;
+      if (content) {
+        finding.aiExplanation = content;
+      }
+    } catch (error) {
+      logger.debug(`Failed to enhance finding: ${error}`);
+    }
+    return finding;
+  }
+}
+export default AIAnalyzer;

package/src/ai/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/**
+ * AI Module Exports
+ */
+export * from './aiAnalyzer';