npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/analyzers/javascript/malwareDetector.ts ADDED Viewed

@@ -0,0 +1,697 @@
+/**
+ * Malware Detection Module for JavaScript/TypeScript
+ * Detects various types of malicious code patterns
+ *
+ * Inspired by YARA rules and malware analysis techniques
+ */
+import { Severity, ThreatType, FindingCategory, SecurityStandard } from '../../types';
+import { getStandardsForThreat } from '../../rules/standards';
+import { calculateEntropy, isBase64Like, isHexEncoded } from '../../utils';
+/**
+ * Malware detection result
+ */
+export interface MalwareMatch {
+  /** Type of malware detected */
+  type: MalwareType;
+  /** Name of the detection */
+  name: string;
+  /** Description of the threat */
+  description: string;
+  /** Severity level */
+  severity: Severity;
+  /** Line number */
+  line: number;
+  /** Matched code snippet */
+  code: string;
+  /** Detection confidence 0-100 */
+  confidence: number;
+  /** Indicators of compromise */
+  indicators: string[];
+  /** MITRE ATT&CK references */
+  mitreAttack?: string[];
+  /** Remediation advice */
+  remediation: string;
+}
+/**
+ * Types of malware
+ */
+export enum MalwareType {
+  // Data Theft
+  STEALER = 'stealer',
+  KEYLOGGER = 'keylogger',
+  CREDENTIAL_HARVESTER = 'credential_harvester',
+  // Cryptocurrency
+  CRYPTOMINER = 'cryptominer',
+  CRYPTO_WALLET_STEALER = 'crypto_wallet_stealer',
+  // Remote Access
+  BACKDOOR = 'backdoor',
+  REVERSE_SHELL = 'reverse_shell',
+  C2_COMMUNICATION = 'c2_communication',
+  // Loaders
+  DROPPER = 'dropper',
+  LOADER = 'loader',
+  // Obfuscation
+  OBFUSCATED_PAYLOAD = 'obfuscated_payload',
+  ENCODED_PAYLOAD = 'encoded_payload',
+  // Supply Chain
+  TYPOSQUAT = 'typosquat',
+  DEPENDENCY_CONFUSION = 'dependency_confusion',
+  POSTINSTALL_MALWARE = 'postinstall_malware',
+  // Evasion
+  ANTI_DEBUGGING = 'anti_debugging',
+  VM_DETECTION = 'vm_detection',
+  SANDBOX_EVASION = 'sandbox_evasion',
+  // Persistence
+  PERSISTENCE = 'persistence',
+  // Generic
+  SUSPICIOUS_BEHAVIOR = 'suspicious_behavior'
+}
+/**
+ * Malware detection pattern
+ */
+interface MalwarePattern {
+  /** Pattern name */
+  name: string;
+  /** Pattern type */
+  type: MalwareType;
+  /** Regex pattern */
+  pattern: RegExp;
+  /** Description */
+  description: string;
+  /** Severity */
+  severity: Severity;
+  /** Confidence base */
+  confidence: number;
+  /** Indicators to extract */
+  indicators?: (match: RegExpMatchArray) => string[];
+  /** MITRE ATT&CK references */
+  mitre?: string[];
+  /** Remediation */
+  remediation: string;
+}
+/**
+ * Malware detection patterns organized by category
+ */
+const MALWARE_PATTERNS: MalwarePattern[] = [
+  // ============ DATA STEALERS ============
+  {
+    name: 'Cookie Stealer',
+    type: MalwareType.STEALER,
+    pattern: /document\.cookie[\s\S]{0,100}(?:fetch|XMLHttpRequest|sendBeacon|axios|http)/gi,
+    description: 'Code that reads cookies and sends them to a remote server',
+    severity: Severity.CRITICAL,
+    confidence: 85,
+    mitre: ['T1539', 'T1041'],
+    remediation: 'Remove the malicious code. Investigate how it was introduced.'
+  },
+  {
+    name: 'LocalStorage Exfiltration',
+    type: MalwareType.STEALER,
+    pattern: /localStorage(?:\.getItem|\[)[\s\S]{0,200}(?:fetch|XMLHttpRequest|sendBeacon|axios)/gi,
+    description: 'Reads localStorage data and sends it externally',
+    severity: Severity.HIGH,
+    confidence: 80,
+    mitre: ['T1005', 'T1041'],
+    remediation: 'Remove the exfiltration code and audit stored data.'
+  },
+  {
+    name: 'Credentials Harvester',
+    type: MalwareType.CREDENTIAL_HARVESTER,
+    pattern: /(?:password|passwd|pwd|credentials?|auth|token|secret|api[_-]?key)[\s\S]{0,50}(?:\.value|\.val\(\)|\.text)[\s\S]{0,100}(?:fetch|XMLHttp|send|post)/gi,
+    description: 'Harvests credential input fields and sends them',
+    severity: Severity.CRITICAL,
+    confidence: 75,
+    mitre: ['T1056', 'T1041'],
+    remediation: 'Remove harvesting code and rotate all affected credentials.'
+  },
+  {
+    name: 'Environment Variable Stealer',
+    type: MalwareType.STEALER,
+    pattern: /process\.env[\s\S]{0,200}(?:fetch|http\.request|axios|child_process)/gi,
+    description: 'Reads environment variables and exfiltrates them',
+    severity: Severity.CRITICAL,
+    confidence: 80,
+    mitre: ['T1552.001', 'T1041'],
+    remediation: 'Remove the code and rotate all environment secrets.'
+  },
+  {
+    name: 'SSH Key Stealer',
+    type: MalwareType.STEALER,
+    pattern: /(?:\.ssh|id_rsa|id_ed25519|known_hosts|authorized_keys)[\s\S]{0,100}(?:readFile|fs\.|createReadStream)/gi,
+    description: 'Attempts to read SSH keys',
+    severity: Severity.CRITICAL,
+    confidence: 85,
+    mitre: ['T1552.004'],
+    remediation: 'Remove code and regenerate SSH keys.'
+  },
+  // ============ CRYPTOMINERS ============
+  {
+    name: 'Cryptominer - WebAssembly',
+    type: MalwareType.CRYPTOMINER,
+    pattern: /WebAssembly\.(?:instantiate|compile)[\s\S]{0,300}(?:hash|mine|worker|crypto)/gi,
+    description: 'WebAssembly-based cryptocurrency miner',
+    severity: Severity.HIGH,
+    confidence: 75,
+    mitre: ['T1496'],
+    remediation: 'Remove the cryptomining code entirely.'
+  },
+  {
+    name: 'Cryptominer - CoinHive Style',
+    type: MalwareType.CRYPTOMINER,
+    pattern: /(?:coinhive|coin-hive|cryptonight|monero|xmr|hashrate|CryptoNight)/gi,
+    description: 'Browser-based cryptocurrency miner reference',
+    severity: Severity.HIGH,
+    confidence: 90,
+    mitre: ['T1496'],
+    remediation: 'Remove all cryptomining references.'
+  },
+  {
+    name: 'Cryptominer - Worker Pool',
+    type: MalwareType.CRYPTOMINER,
+    pattern: /(?:stratum|mining[_-]?pool|worker\.postMessage[\s\S]{0,50}hash)/gi,
+    description: 'Mining pool communication pattern',
+    severity: Severity.HIGH,
+    confidence: 80,
+    mitre: ['T1496'],
+    remediation: 'Remove the mining worker code.'
+  },
+  {
+    name: 'Crypto Wallet Stealer',
+    type: MalwareType.CRYPTO_WALLET_STEALER,
+    pattern: /(?:wallet|ethereum|bitcoin|metamask|web3|privateKey)[\s\S]{0,100}(?:localStorage|send|post|fetch)/gi,
+    description: 'Attempts to steal cryptocurrency wallet data',
+    severity: Severity.CRITICAL,
+    confidence: 75,
+    mitre: ['T1005', 'T1041'],
+    remediation: 'Remove code, notify affected users, rotate wallet keys.'
+  },
+  // ============ BACKDOORS & REMOTE ACCESS ============
+  {
+    name: 'Reverse Shell',
+    type: MalwareType.REVERSE_SHELL,
+    pattern: /(?:net\.Socket|dgram)[\s\S]{0,200}(?:spawn|exec)[\s\S]{0,100}(?:\/bin\/(?:sh|bash)|cmd\.exe|powershell)/gi,
+    description: 'Network socket connected to shell execution',
+    severity: Severity.CRITICAL,
+    confidence: 95,
+    mitre: ['T1059', 'T1095'],
+    remediation: 'Remove immediately and audit all system access.'
+  },
+  {
+    name: 'Backdoor - Remote Code Execution',
+    type: MalwareType.BACKDOOR,
+    pattern: /(?:fetch|axios|http\.get)[\s\S]{0,100}(?:eval|Function|exec|spawn)[\s\S]{0,50}(?:body|response|data)/gi,
+    description: 'Fetches code from remote server and executes it',
+    severity: Severity.CRITICAL,
+    confidence: 90,
+    mitre: ['T1105', 'T1059'],
+    remediation: 'Remove the backdoor and investigate compromise.'
+  },
+  {
+    name: 'C2 Beacon',
+    type: MalwareType.C2_COMMUNICATION,
+    pattern: /setInterval[\s\S]{0,100}(?:fetch|axios|XMLHttpRequest)[\s\S]{0,100}(?:exec|eval|Function)/gi,
+    description: 'Periodic command and control communication',
+    severity: Severity.CRITICAL,
+    confidence: 80,
+    mitre: ['T1071', 'T1059'],
+    remediation: 'Remove C2 code and investigate network traffic.'
+  },
+  {
+    name: 'DNS Exfiltration',
+    type: MalwareType.C2_COMMUNICATION,
+    pattern: /(?:dns|resolve)[\s\S]{0,50}(?:encode|base64|hex)[\s\S]{0,50}(?:lookup|resolve4)/gi,
+    description: 'Data exfiltration via DNS queries',
+    severity: Severity.HIGH,
+    confidence: 75,
+    mitre: ['T1048.003'],
+    remediation: 'Remove the DNS exfiltration code.'
+  },
+  // ============ DROPPERS & LOADERS ============
+  {
+    name: 'Remote Script Loader',
+    type: MalwareType.LOADER,
+    pattern: /(?:document\.createElement\s*\(\s*['"`]script['"`]\s*\))[\s\S]{0,200}(?:src\s*=|appendChild)/gi,
+    description: 'Dynamically loads remote scripts',
+    severity: Severity.HIGH,
+    confidence: 70,
+    mitre: ['T1105'],
+    remediation: 'Verify script sources or remove dynamic loading.'
+  },
+  {
+    name: 'Payload Dropper',
+    type: MalwareType.DROPPER,
+    pattern: /(?:fs\.writeFile|writeFileSync)[\s\S]{0,100}(?:atob|Buffer\.from|base64|0x[0-9a-f]+)/gi,
+    description: 'Writes decoded payload to filesystem',
+    severity: Severity.CRITICAL,
+    confidence: 85,
+    mitre: ['T1105', 'T1204'],
+    remediation: 'Remove dropper and scan for dropped files.'
+  },
+  {
+    name: 'curl/wget Pipe Execution',
+    type: MalwareType.DROPPER,
+    pattern: /(?:curl|wget)\s+[^\s]+\s*\|\s*(?:sh|bash|node|python)/gi,
+    description: 'Downloads and executes remote script',
+    severity: Severity.CRITICAL,
+    confidence: 95,
+    mitre: ['T1059', 'T1105'],
+    remediation: 'Remove the dangerous command execution.'
+  },
+  // ============ OBFUSCATED & ENCODED PAYLOADS ============
+  {
+    name: 'Base64 Decode + Eval',
+    type: MalwareType.OBFUSCATED_PAYLOAD,
+    pattern: /(?:atob|Buffer\.from\s*\([^)]+,\s*['"`]base64['"`]\))[\s\S]{0,50}(?:eval|Function|exec)/gi,
+    description: 'Decodes Base64 and executes the result',
+    severity: Severity.CRITICAL,
+    confidence: 90,
+    mitre: ['T1140', 'T1059'],
+    remediation: 'Decode and analyze the payload, then remove.'
+  },
+  {
+    name: 'Hex Decode + Eval',
+    type: MalwareType.OBFUSCATED_PAYLOAD,
+    pattern: /Buffer\.from\s*\([^)]+,\s*['"`]hex['"`]\)[\s\S]{0,50}(?:eval|Function|exec|toString)/gi,
+    description: 'Decodes hex-encoded payload and executes',
+    severity: Severity.CRITICAL,
+    confidence: 85,
+    mitre: ['T1140', 'T1059'],
+    remediation: 'Decode and analyze, then remove the code.'
+  },
+  {
+    name: 'String.fromCharCode Obfuscation',
+    type: MalwareType.OBFUSCATED_PAYLOAD,
+    pattern: /String\.fromCharCode\s*\(\s*(?:\d+\s*,?\s*){10,}\)/gi,
+    description: 'Uses character codes to hide strings',
+    severity: Severity.HIGH,
+    confidence: 75,
+    mitre: ['T1140'],
+    remediation: 'Decode the character codes to analyze.'
+  },
+  {
+    name: 'Unicode Escape Obfuscation',
+    type: MalwareType.OBFUSCATED_PAYLOAD,
+    pattern: /(?:\\u[0-9a-f]{4}){10,}/gi,
+    description: 'Heavy use of unicode escapes for obfuscation',
+    severity: Severity.MEDIUM,
+    confidence: 65,
+    mitre: ['T1140'],
+    remediation: 'Decode and review the actual content.'
+  },
+  {
+    name: 'Hex Escape Obfuscation',
+    type: MalwareType.OBFUSCATED_PAYLOAD,
+    pattern: /(?:\\x[0-9a-f]{2}){15,}/gi,
+    description: 'Heavy use of hex escapes for obfuscation',
+    severity: Severity.HIGH,
+    confidence: 70,
+    mitre: ['T1140'],
+    remediation: 'Decode and analyze the hidden content.'
+  },
+  // ============ ANTI-DEBUGGING / EVASION ============
+  {
+    name: 'DevTools Detection',
+    type: MalwareType.ANTI_DEBUGGING,
+    pattern: /(?:devtools|firebug)[\s\S]{0,50}(?:open|detect|isOpen)/gi,
+    description: 'Detects if browser DevTools is open',
+    severity: Severity.MEDIUM,
+    confidence: 80,
+    mitre: ['T1622'],
+    remediation: 'Remove anti-debugging checks.'
+  },
+  {
+    name: 'Console Timing Detection',
+    type: MalwareType.ANTI_DEBUGGING,
+    pattern: /console\.(?:log|table|dir)[\s\S]{0,100}(?:Date\.now|performance\.now)[\s\S]{0,50}(?:>\s*\d+|threshold)/gi,
+    description: 'Uses console timing to detect debuggers',
+    severity: Severity.MEDIUM,
+    confidence: 70,
+    mitre: ['T1622'],
+    remediation: 'Remove timing-based detection.'
+  },
+  {
+    name: 'Debugger Trap',
+    type: MalwareType.ANTI_DEBUGGING,
+    pattern: /(?:setInterval|setTimeout)[\s\S]{0,50}(?:function\s*\(\)\s*{\s*debugger|['"`]debugger['"`])/gi,
+    description: 'Repeatedly triggers debugger statement',
+    severity: Severity.MEDIUM,
+    confidence: 85,
+    mitre: ['T1622'],
+    remediation: 'Remove the debugger trap code.'
+  },
+  {
+    name: 'VM/Sandbox Detection',
+    type: MalwareType.SANDBOX_EVASION,
+    pattern: /(?:navigator\.(?:webdriver|hardwareConcurrency|deviceMemory)|screen\.(?:width|height)[\s\S]{0,50}(?:800|1024))[\s\S]{0,100}(?:if|===|!==)/gi,
+    description: 'Checks for VM/sandbox environment',
+    severity: Severity.MEDIUM,
+    confidence: 70,
+    mitre: ['T1497'],
+    remediation: 'Remove environment detection code.'
+  },
+  // ============ PERSISTENCE ============
+  {
+    name: 'Cron Job Creation',
+    type: MalwareType.PERSISTENCE,
+    pattern: /(?:cron|crontab|\/etc\/cron)[\s\S]{0,100}(?:write|exec|spawn|append)/gi,
+    description: 'Attempts to create scheduled tasks',
+    severity: Severity.HIGH,
+    confidence: 80,
+    mitre: ['T1053'],
+    remediation: 'Remove persistence mechanism and check crontab.'
+  },
+  {
+    name: 'Startup Script Modification',
+    type: MalwareType.PERSISTENCE,
+    pattern: /(?:\.bashrc|\.profile|\.bash_profile|init\.d|systemd)[\s\S]{0,100}(?:writeFile|appendFile|exec)/gi,
+    description: 'Modifies startup scripts for persistence',
+    severity: Severity.CRITICAL,
+    confidence: 85,
+    mitre: ['T1546'],
+    remediation: 'Remove persistence and check startup files.'
+  },
+  // ============ SUPPLY CHAIN SPECIFIC ============
+  {
+    name: 'Package Install Hook Abuse',
+    type: MalwareType.POSTINSTALL_MALWARE,
+    pattern: /["'](?:preinstall|postinstall|preuninstall)["']\s*:\s*["'](?:[^"']*(?:curl|wget|node\s+-e|eval|exec)[^"']*)/gi,
+    description: 'Suspicious npm lifecycle script',
+    severity: Severity.CRITICAL,
+    confidence: 90,
+    mitre: ['T1195.002'],
+    remediation: 'Remove malicious lifecycle scripts.'
+  },
+  {
+    name: 'Suspicious Package Name Pattern',
+    type: MalwareType.TYPOSQUAT,
+    pattern: /require\s*\(\s*['"`](?:l[o0]dash|und[e3]rscore|ex[p9]ress|m[o0]ment|ax[i1]os|react-d[o0]m|vue-r[o0]uter)['"`]\s*\)/gi,
+    description: 'Potential typosquatting package import',
+    severity: Severity.HIGH,
+    confidence: 70,
+    mitre: ['T1195.002'],
+    remediation: 'Verify package names are spelled correctly.'
+  },
+  // ============ SUSPICIOUS NETWORK BEHAVIOR ============
+  {
+    name: 'Suspicious Webhook',
+    type: MalwareType.SUSPICIOUS_BEHAVIOR,
+    pattern: /(?:discord\.com\/api\/webhooks|hooks\.slack\.com|api\.telegram\.org\/bot)/gi,
+    description: 'Sends data to messaging webhook',
+    severity: Severity.HIGH,
+    confidence: 75,
+    mitre: ['T1567'],
+    remediation: 'Verify webhook usage is legitimate.'
+  },
+  {
+    name: 'Data Upload to Pastebin',
+    type: MalwareType.SUSPICIOUS_BEHAVIOR,
+    pattern: /(?:pastebin\.com|ghostbin|hastebin|paste\.ee)[\s\S]{0,100}(?:post|send|upload)/gi,
+    description: 'Uploads data to paste service',
+    severity: Severity.MEDIUM,
+    confidence: 70,
+    mitre: ['T1567.002'],
+    remediation: 'Verify the data being uploaded.'
+  },
+  {
+    name: 'IP Logger',
+    type: MalwareType.SUSPICIOUS_BEHAVIOR,
+    pattern: /(?:iplogger|grabify|ipify|ip-api|whatismyip)[\s\S]{0,50}(?:fetch|get|request)/gi,
+    description: 'Resolves and potentially logs IP address',
+    severity: Severity.MEDIUM,
+    confidence: 65,
+    mitre: ['T1016'],
+    remediation: 'Verify IP lookup is necessary and legitimate.'
+  }
+];
+/**
+ * Long encoded string patterns to detect
+ */
+const ENCODED_STRING_THRESHOLD = 200;
+/**
+ * Malware Detector Class
+ */
+export class MalwareDetector {
+  private matches: MalwareMatch[] = [];
+  private lines: string[] = [];
+  /**
+   * Scan code for malware patterns
+   */
+  scan(content: string, filePath: string): MalwareMatch[] {
+    this.matches = [];
+    this.lines = content.split('\n');
+    // Run pattern matching
+    this.runPatternMatching(content);
+    // Check for suspicious encoded strings
+    this.checkEncodedStrings(content);
+    // Check for high entropy sections (possible encrypted/encoded payloads)
+    this.checkHighEntropyContent(content);
+    // Check for suspicious network URLs
+    this.checkSuspiciousUrls(content);
+    // Deduplicate matches
+    return this.deduplicateMatches();
+  }
+  /**
+   * Run all malware pattern checks
+   */
+  private runPatternMatching(content: string): void {
+    for (const pattern of MALWARE_PATTERNS) {
+      // Reset regex state
+      pattern.pattern.lastIndex = 0;
+      let match;
+      while ((match = pattern.pattern.exec(content)) !== null) {
+        const lineNumber = this.getLineNumber(content, match.index);
+        this.matches.push({
+          type: pattern.type,
+          name: pattern.name,
+          description: pattern.description,
+          severity: pattern.severity,
+          line: lineNumber,
+          code: this.getCodeSnippet(lineNumber),
+          confidence: pattern.confidence,
+          indicators: pattern.indicators ? pattern.indicators(match) : [match[0].substring(0, 100)],
+          mitreAttack: pattern.mitre,
+          remediation: pattern.remediation
+        });
+      }
+    }
+  }
+  /**
+   * Check for suspicious encoded strings
+   */
+  private checkEncodedStrings(content: string): void {
+    // Find long base64-like strings
+    const base64Pattern = /['"`]([A-Za-z0-9+/=]{100,})['"`]/g;
+    let match;
+    while ((match = base64Pattern.exec(content)) !== null) {
+      const encoded = match[1];
+      if (isBase64Like(encoded)) {
+        const lineNumber = this.getLineNumber(content, match.index);
+        // Try to decode and check for suspicious content
+        let decodedContent = '';
+        try {
+          decodedContent = Buffer.from(encoded, 'base64').toString('utf8');
+        } catch {
+          // Not valid base64
+        }
+        const isSuspicious = decodedContent.includes('eval') ||
+                            decodedContent.includes('exec') ||
+                            decodedContent.includes('Function') ||
+                            decodedContent.includes('http') ||
+                            decodedContent.includes('require');
+        if (isSuspicious) {
+          this.matches.push({
+            type: MalwareType.ENCODED_PAYLOAD,
+            name: 'Suspicious Base64 Encoded Content',
+            description: 'Long Base64 string that decodes to potentially malicious content',
+            severity: Severity.HIGH,
+            line: lineNumber,
+            code: this.getCodeSnippet(lineNumber),
+            confidence: 80,
+            indicators: [`Base64 length: ${encoded.length}`, `Contains suspicious keywords when decoded`],
+            mitreAttack: ['T1140'],
+            remediation: 'Decode and analyze the Base64 content.'
+          });
+        }
+      }
+    }
+    // Find long hex strings
+    const hexPattern = /['"`]((?:0x)?[0-9a-fA-F]{100,})['"`]/g;
+    while ((match = hexPattern.exec(content)) !== null) {
+      const hex = match[1];
+      if (isHexEncoded(hex.replace(/^0x/, ''))) {
+        const lineNumber = this.getLineNumber(content, match.index);
+        this.matches.push({
+          type: MalwareType.ENCODED_PAYLOAD,
+          name: 'Suspicious Hex Encoded Content',
+          description: 'Long hex-encoded string detected',
+          severity: Severity.MEDIUM,
+          line: lineNumber,
+          code: this.getCodeSnippet(lineNumber),
+          confidence: 65,
+          indicators: [`Hex string length: ${hex.length}`],
+          mitreAttack: ['T1140'],
+          remediation: 'Decode and analyze the hex content.'
+        });
+      }
+    }
+  }
+  /**
+   * Check for high entropy content (encrypted/compressed data)
+   */
+  private checkHighEntropyContent(content: string): void {
+    // Split into chunks and check entropy
+    const chunkSize = 500;
+    for (let i = 0; i < this.lines.length; i++) {
+      const line = this.lines[i];
+      if (line.length > 200) {
+        const entropy = calculateEntropy(line);
+        if (entropy > 5.8) {
+          this.matches.push({
+            type: MalwareType.OBFUSCATED_PAYLOAD,
+            name: 'High Entropy Code Line',
+            description: `Line with unusually high entropy (${entropy.toFixed(2)}) suggesting obfuscated or encrypted content`,
+            severity: Severity.MEDIUM,
+            line: i + 1,
+            code: line.substring(0, 100) + '...',
+            confidence: 60,
+            indicators: [`Entropy: ${entropy.toFixed(2)}`],
+            mitreAttack: ['T1027'],
+            remediation: 'Analyze the obfuscated content.'
+          });
+        }
+      }
+    }
+  }
+  /**
+   * Check for suspicious URLs
+   */
+  private checkSuspiciousUrls(content: string): void {
+    const suspiciousPatterns = [
+      // Dynamic DNS providers (often used by malware)
+      { pattern: /(?:no-ip\.com|duckdns\.org|dynu\.com|freedns\.afraid\.org)/gi, name: 'Dynamic DNS Service' },
+      // URL shorteners (can hide malicious destinations)
+      { pattern: /(?:bit\.ly|tinyurl\.com|t\.co|goo\.gl|is\.gd|v\.gd)\/\w+/gi, name: 'URL Shortener' },
+      // Raw IP addresses in URLs
+      { pattern: /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/gi, name: 'Raw IP URL' },
+      // File sharing services
+      { pattern: /(?:mega\.nz|mediafire\.com|zippyshare\.com|uploadfiles)/gi, name: 'File Sharing Service' }
+    ];
+    for (const { pattern, name } of suspiciousPatterns) {
+      pattern.lastIndex = 0;
+      let match;
+      while ((match = pattern.exec(content)) !== null) {
+        const lineNumber = this.getLineNumber(content, match.index);
+        this.matches.push({
+          type: MalwareType.SUSPICIOUS_BEHAVIOR,
+          name: `Suspicious URL: ${name}`,
+          description: `Code references ${name} which may be used to hide malicious activity`,
+          severity: Severity.MEDIUM,
+          line: lineNumber,
+          code: this.getCodeSnippet(lineNumber),
+          confidence: 55,
+          indicators: [match[0]],
+          mitreAttack: ['T1102'],
+          remediation: 'Verify the URL is legitimate and necessary.'
+        });
+      }
+    }
+  }
+  /**
+   * Get line number from string index
+   */
+  private getLineNumber(content: string, index: number): number {
+    const beforeMatch = content.substring(0, index);
+    return beforeMatch.split('\n').length;
+  }
+  /**
+   * Get code snippet for a line
+   */
+  private getCodeSnippet(lineNumber: number): string {
+    const lineIndex = lineNumber - 1;
+    if (lineIndex >= 0 && lineIndex < this.lines.length) {
+      return this.lines[lineIndex].trim().substring(0, 150);
+    }
+    return '';
+  }
+  /**
+   * Remove duplicate matches
+   */
+  private deduplicateMatches(): MalwareMatch[] {
+    const seen = new Set<string>();
+    return this.matches.filter(match => {
+      const key = `${match.type}:${match.line}:${match.name}`;
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    });
+  }
+  /**
+   * Get threat type for malware type
+   */
+  static getThreatType(type: MalwareType): ThreatType {
+    const mapping: Record<MalwareType, ThreatType> = {
+      [MalwareType.STEALER]: ThreatType.DATA_EXFILTRATION,
+      [MalwareType.KEYLOGGER]: ThreatType.KEYLOGGER,
+      [MalwareType.CREDENTIAL_HARVESTER]: ThreatType.DATA_EXFILTRATION,
+      [MalwareType.CRYPTOMINER]: ThreatType.CRYPTOMINER,
+      [MalwareType.CRYPTO_WALLET_STEALER]: ThreatType.DATA_EXFILTRATION,
+      [MalwareType.BACKDOOR]: ThreatType.BACKDOOR,
+      [MalwareType.REVERSE_SHELL]: ThreatType.REVERSE_SHELL,
+      [MalwareType.C2_COMMUNICATION]: ThreatType.SUSPICIOUS_NETWORK,
+      [MalwareType.DROPPER]: ThreatType.MALICIOUS_LOADER,
+      [MalwareType.LOADER]: ThreatType.MALICIOUS_LOADER,
+      [MalwareType.OBFUSCATED_PAYLOAD]: ThreatType.OBFUSCATED_CODE,
+      [MalwareType.ENCODED_PAYLOAD]: ThreatType.EMBEDDED_PAYLOAD,
+      [MalwareType.TYPOSQUAT]: ThreatType.MALICIOUS_LOADER,
+      [MalwareType.DEPENDENCY_CONFUSION]: ThreatType.MALICIOUS_LOADER,
+      [MalwareType.POSTINSTALL_MALWARE]: ThreatType.MALICIOUS_LOADER,
+      [MalwareType.ANTI_DEBUGGING]: ThreatType.OBFUSCATED_CODE,
+      [MalwareType.VM_DETECTION]: ThreatType.OBFUSCATED_CODE,
+      [MalwareType.SANDBOX_EVASION]: ThreatType.OBFUSCATED_CODE,
+      [MalwareType.PERSISTENCE]: ThreatType.BACKDOOR,
+      [MalwareType.SUSPICIOUS_BEHAVIOR]: ThreatType.SUSPICIOUS_NETWORK
+    };
+    return mapping[type] || ThreatType.MALICIOUS_LOADER;
+  }
+}
+export default MalwareDetector;