npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/dependencies/detectors/securityStandards.ts ADDED Viewed

@@ -0,0 +1,200 @@
+/**
+ * Security Standards for Dependency Analysis
+ * Maps dependency risks to OWASP, CWE, MITRE, and SANS standards
+ */
+import { SecurityStandard } from '../../types';
+import { DependencyRiskCategory } from '../types';
+/**
+ * OWASP A06:2021 - Vulnerable and Outdated Components
+ */
+const OWASP_A06: SecurityStandard = {
+  name: 'OWASP',
+  id: 'A06:2021',
+  title: 'Vulnerable and Outdated Components',
+  description: 'Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover.',
+  url: 'https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/'
+};
+/**
+ * CWE-937 - OWASP Top 10 2017 Category A9 - Using Components with Known Vulnerabilities
+ */
+const CWE_937: SecurityStandard = {
+  name: 'CWE',
+  id: 'CWE-937',
+  title: 'Using Components with Known Vulnerabilities',
+  description: 'The product uses a component that has a known vulnerability.',
+  url: 'https://cwe.mitre.org/data/definitions/937.html'
+};
+/**
+ * CWE-1035 - OWASP Top 10 2017 Category A9 - Using Components with Known Vulnerabilities
+ */
+const CWE_1035: SecurityStandard = {
+  name: 'CWE',
+  id: 'CWE-1035',
+  title: 'OWASP Top 10 2017 Category A9',
+  description: 'Weaknesses in this category are related to the A9 category Using Components with Known Vulnerabilities in the OWASP Top 10 2017.',
+  url: 'https://cwe.mitre.org/data/definitions/1035.html'
+};
+/**
+ * CWE-506 - Embedded Malicious Code
+ */
+const CWE_506: SecurityStandard = {
+  name: 'CWE',
+  id: 'CWE-506',
+  title: 'Embedded Malicious Code',
+  description: 'The product contains code that appears to be malicious in nature.',
+  url: 'https://cwe.mitre.org/data/definitions/506.html'
+};
+/**
+ * CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
+ */
+const CWE_829: SecurityStandard = {
+  name: 'CWE',
+  id: 'CWE-829',
+  title: 'Inclusion of Functionality from Untrusted Control Sphere',
+  description: 'The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.',
+  url: 'https://cwe.mitre.org/data/definitions/829.html'
+};
+/**
+ * CWE-1104 - Use of Unmaintained Third Party Components
+ */
+const CWE_1104: SecurityStandard = {
+  name: 'CWE',
+  id: 'CWE-1104',
+  title: 'Use of Unmaintained Third Party Components',
+  description: 'The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy.',
+  url: 'https://cwe.mitre.org/data/definitions/1104.html'
+};
+/**
+ * MITRE ATT&CK - Supply Chain Compromise
+ */
+const MITRE_SUPPLY_CHAIN: SecurityStandard = {
+  name: 'MITRE',
+  id: 'T1195',
+  title: 'Supply Chain Compromise',
+  description: 'Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise.',
+  url: 'https://attack.mitre.org/techniques/T1195/'
+};
+/**
+ * MITRE ATT&CK - Compromise Software Supply Chain
+ */
+const MITRE_T1195_002: SecurityStandard = {
+  name: 'MITRE',
+  id: 'T1195.002',
+  title: 'Compromise Software Supply Chain',
+  description: 'Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.',
+  url: 'https://attack.mitre.org/techniques/T1195/002/'
+};
+/**
+ * SANS Top 25 - Related entries
+ */
+const SANS_UNTRUSTED_INPUT: SecurityStandard = {
+  name: 'SANS',
+  id: 'SANS-1',
+  title: 'Improper Neutralization of Special Elements',
+  description: 'Failure to properly validate and sanitize input from untrusted sources.',
+  url: 'https://www.sans.org/top25-software-errors/'
+};
+/**
+ * Get standards for a specific CWE
+ */
+function getCWEStandard(cweId: string): SecurityStandard | null {
+  const cweMap: Record<string, SecurityStandard> = {
+    'CWE-937': CWE_937,
+    'CWE-1035': CWE_1035,
+    'CWE-506': CWE_506,
+    'CWE-829': CWE_829,
+    'CWE-1104': CWE_1104
+  };
+  if (cweMap[cweId]) {
+    return cweMap[cweId];
+  }
+  // Create a generic CWE standard for unknown CWEs
+  const cweNumber = cweId.replace('CWE-', '');
+  return {
+    name: 'CWE',
+    id: cweId,
+    title: `CWE-${cweNumber}`,
+    description: `Common Weakness Enumeration ${cweNumber}`,
+    url: `https://cwe.mitre.org/data/definitions/${cweNumber}.html`
+  };
+}
+/**
+ * Get security standards for a dependency risk category
+ */
+export function getStandardsForDependencyRisk(
+  category: DependencyRiskCategory,
+  cwes?: string[]
+): SecurityStandard[] {
+  const standards: SecurityStandard[] = [];
+  // Always include OWASP A06 for dependency risks
+  standards.push(OWASP_A06);
+  switch (category) {
+    case DependencyRiskCategory.VULNERABILITY:
+      standards.push(CWE_937, CWE_1035);
+      // Add specific CWEs if provided
+      if (cwes) {
+        for (const cwe of cwes) {
+          const cweStandard = getCWEStandard(cwe);
+          if (cweStandard && !standards.some(s => s.id === cweStandard.id)) {
+            standards.push(cweStandard);
+          }
+        }
+      }
+      break;
+    case DependencyRiskCategory.MALICIOUS:
+      standards.push(CWE_506, CWE_829, MITRE_SUPPLY_CHAIN, MITRE_T1195_002);
+      break;
+    case DependencyRiskCategory.SUPPLY_CHAIN:
+      standards.push(CWE_829, MITRE_SUPPLY_CHAIN, MITRE_T1195_002);
+      break;
+    case DependencyRiskCategory.OUTDATED:
+      standards.push(CWE_1104);
+      break;
+    case DependencyRiskCategory.MAINTENANCE:
+      standards.push(CWE_1104);
+      break;
+    case DependencyRiskCategory.LICENSE:
+      // No specific security standards for license issues
+      break;
+  }
+  return standards;
+}
+/**
+ * Get all dependency-related security standards
+ */
+export function getAllDependencyStandards(): SecurityStandard[] {
+  return [
+    OWASP_A06,
+    CWE_937,
+    CWE_1035,
+    CWE_506,
+    CWE_829,
+    CWE_1104,
+    MITRE_SUPPLY_CHAIN,
+    MITRE_T1195_002,
+    SANS_UNTRUSTED_INPUT
+  ];
+}

package/src/dependencies/detectors/vulnerabilityDetector.ts ADDED Viewed

@@ -0,0 +1,343 @@
+/**
+ * Vulnerability Detector
+ * Detects vulnerabilities, supply chain risks, and malicious packages
+ */
+import {
+  Dependency,
+  DependencyVulnerability,
+  DependencyRiskCategory,
+  DependencyRecommendation,
+  CVEInfo,
+  SupplyChainRisk,
+  MalwareIndicator,
+  TyposquattingCandidate
+} from '../types';
+import { Severity, SecurityStandard } from '../../types';
+import { generateId } from '../../utils';
+import { getCVEsForPackage } from '../database/cveDatabase';
+import { getMaliciousPackage, isDeprecatedPackage, getPopularPackages } from '../database/maliciousPackages';
+import { getStandardsForDependencyRisk } from './securityStandards';
+import { logger } from '../../utils/logger';
+/**
+ * Vulnerability Detector Class
+ * Detects various security issues in dependencies
+ */
+export class VulnerabilityDetector {
+  /**
+   * Analyze a dependency for vulnerabilities and risks
+   */
+  async analyzeDependency(dependency: Dependency): Promise<DependencyVulnerability[]> {
+    const vulnerabilities: DependencyVulnerability[] = [];
+    // Check for known malicious packages
+    const maliciousCheck = await this.checkMaliciousPackage(dependency);
+    if (maliciousCheck) {
+      vulnerabilities.push(maliciousCheck);
+    }
+    // Check for CVEs
+    const cveVulns = await this.checkCVEs(dependency);
+    vulnerabilities.push(...cveVulns);
+    // Check for typosquatting
+    const typosquatCheck = await this.checkTyposquatting(dependency);
+    if (typosquatCheck) {
+      vulnerabilities.push(typosquatCheck);
+    }
+    // Check for deprecated packages
+    const deprecatedCheck = await this.checkDeprecated(dependency);
+    if (deprecatedCheck) {
+      vulnerabilities.push(deprecatedCheck);
+    }
+    // Check for supply chain risks
+    const supplyChainRisks = await this.checkSupplyChainRisks(dependency);
+    vulnerabilities.push(...supplyChainRisks);
+    return vulnerabilities;
+  }
+  /**
+   * Check if package is known malicious
+   */
+  private async checkMaliciousPackage(dependency: Dependency): Promise<DependencyVulnerability | null> {
+    const malicious = getMaliciousPackage(dependency.name, dependency.ecosystem);
+    if (!malicious) return null;
+    // Check if affected version
+    if (malicious.affectedVersions && malicious.affectedVersions !== '*') {
+      const version = dependency.resolvedVersion || dependency.version;
+      const affectedVersions = malicious.affectedVersions.split(',').map(v => v.trim());
+      if (!affectedVersions.some(v => v === version || v === '*')) {
+        return null;
+      }
+    }
+    logger.debug(`[VulnDetector] Malicious package detected: ${dependency.name}`);
+    return {
+      id: generateId(),
+      dependency,
+      severity: Severity.CRITICAL,
+      category: DependencyRiskCategory.MALICIOUS,
+      title: `Known Malicious Package: ${dependency.name}`,
+      description: malicious.description,
+      malwareIndicators: malicious.indicators,
+      standards: getStandardsForDependencyRisk(DependencyRiskCategory.MALICIOUS),
+      recommendation: DependencyRecommendation.REMOVE,
+      recommendationDetails: `Immediately remove ${dependency.name} from your project. This package has been reported as malicious. ${malicious.references.length > 0 ? 'See references for more information.' : ''}`,
+      confidence: 100,
+      timestamp: new Date()
+    };
+  }
+  /**
+   * Check for known CVEs
+   */
+  private async checkCVEs(dependency: Dependency): Promise<DependencyVulnerability[]> {
+    const vulnerabilities: DependencyVulnerability[] = [];
+    const version = dependency.resolvedVersion || dependency.version;
+    // Skip if no version specified
+    if (!version || version === '*') {
+      return vulnerabilities;
+    }
+    const cves = getCVEsForPackage(dependency.name, dependency.ecosystem, version);
+    for (const cve of cves) {
+      logger.debug(`[VulnDetector] CVE detected: ${cve.id} in ${dependency.name}@${version}`);
+      vulnerabilities.push({
+        id: generateId(),
+        dependency,
+        severity: cve.severity,
+        category: DependencyRiskCategory.VULNERABILITY,
+        title: `${cve.id}: ${dependency.name}`,
+        description: cve.description,
+        cve,
+        standards: getStandardsForDependencyRisk(DependencyRiskCategory.VULNERABILITY, cve.cwes),
+        recommendation: cve.fixedVersion
+          ? DependencyRecommendation.UPGRADE
+          : DependencyRecommendation.REVIEW,
+        recommendationDetails: cve.fixedVersion
+          ? `Upgrade ${dependency.name} to version ${cve.fixedVersion} or later to fix ${cve.id}.`
+          : `Review the usage of ${dependency.name} and consider alternative packages. No fixed version available.`,
+        confidence: 95,
+        timestamp: new Date()
+      });
+    }
+    return vulnerabilities;
+  }
+  /**
+   * Check for typosquatting
+   */
+  private async checkTyposquatting(dependency: Dependency): Promise<DependencyVulnerability | null> {
+    const popularPackages = getPopularPackages(dependency.ecosystem);
+    const candidates = this.findTyposquatCandidates(dependency.name, popularPackages);
+    if (candidates.length === 0) return null;
+    const bestMatch = candidates[0];
+    // Only flag if similarity is high enough (potential typosquat)
+    if (bestMatch.similarityScore < 80) return null;
+    logger.debug(`[VulnDetector] Potential typosquatting: ${dependency.name} similar to ${bestMatch.legitimatePackage}`);
+    return {
+      id: generateId(),
+      dependency,
+      severity: Severity.HIGH,
+      category: DependencyRiskCategory.SUPPLY_CHAIN,
+      title: `Potential Typosquatting: ${dependency.name}`,
+      description: `The package "${dependency.name}" is very similar to the popular package "${bestMatch.legitimatePackage}" (${bestMatch.similarityScore}% similarity). This could be a typosquatting attempt.`,
+      supplyChainRisks: [SupplyChainRisk.TYPOSQUATTING],
+      standards: getStandardsForDependencyRisk(DependencyRiskCategory.SUPPLY_CHAIN),
+      recommendation: DependencyRecommendation.REVIEW,
+      recommendationDetails: `Verify that "${dependency.name}" is the intended package and not a typosquat of "${bestMatch.legitimatePackage}". If this is a mistake, replace with the correct package.`,
+      confidence: bestMatch.similarityScore,
+      timestamp: new Date()
+    };
+  }
+  /**
+   * Find typosquatting candidates
+   */
+  private findTyposquatCandidates(name: string, popularPackages: string[]): TyposquattingCandidate[] {
+    const candidates: TyposquattingCandidate[] = [];
+    const normalizedName = name.toLowerCase();
+    for (const popular of popularPackages) {
+      const normalizedPopular = popular.toLowerCase();
+      // Skip if same package
+      if (normalizedName === normalizedPopular) continue;
+      const similarity = this.calculateSimilarity(normalizedName, normalizedPopular);
+      if (similarity >= 70) {
+        const typosquatType = this.detectTyposquatType(normalizedName, normalizedPopular);
+        candidates.push({
+          suspiciousName: name,
+          legitimatePackage: popular,
+          similarityScore: similarity,
+          typosquatType
+        });
+      }
+    }
+    // Sort by similarity score descending
+    return candidates.sort((a, b) => b.similarityScore - a.similarityScore);
+  }
+  /**
+   * Calculate string similarity (Levenshtein distance based)
+   */
+  private calculateSimilarity(a: string, b: string): number {
+    const distance = this.levenshteinDistance(a, b);
+    const maxLength = Math.max(a.length, b.length);
+    return Math.round((1 - distance / maxLength) * 100);
+  }
+  /**
+   * Levenshtein distance algorithm
+   */
+  private levenshteinDistance(a: string, b: string): number {
+    const matrix: number[][] = [];
+    for (let i = 0; i <= b.length; i++) {
+      matrix[i] = [i];
+    }
+    for (let j = 0; j <= a.length; j++) {
+      matrix[0][j] = j;
+    }
+    for (let i = 1; i <= b.length; i++) {
+      for (let j = 1; j <= a.length; j++) {
+        if (b.charAt(i - 1) === a.charAt(j - 1)) {
+          matrix[i][j] = matrix[i - 1][j - 1];
+        } else {
+          matrix[i][j] = Math.min(
+            matrix[i - 1][j - 1] + 1,
+            matrix[i][j - 1] + 1,
+            matrix[i - 1][j] + 1
+          );
+        }
+      }
+    }
+    return matrix[b.length][a.length];
+  }
+  /**
+   * Detect type of typosquat
+   */
+  private detectTyposquatType(suspicious: string, legitimate: string): TyposquattingCandidate['typosquatType'] {
+    const lenDiff = Math.abs(suspicious.length - legitimate.length);
+    if (lenDiff === 1) {
+      if (suspicious.length > legitimate.length) {
+        return 'extra_char';
+      } else {
+        return 'missing_char';
+      }
+    }
+    if (lenDiff === 0) {
+      // Check for homograph (e.g., l vs 1, o vs 0)
+      const homographs = [['l', '1'], ['o', '0'], ['i', 'l'], ['rn', 'm']];
+      for (const [a, b] of homographs) {
+        if (suspicious.includes(a) && legitimate.includes(b)) {
+          return 'homograph';
+        }
+        if (suspicious.includes(b) && legitimate.includes(a)) {
+          return 'homograph';
+        }
+      }
+      return 'character_swap';
+    }
+    return 'bit_flip';
+  }
+  /**
+   * Check for deprecated packages
+   */
+  private async checkDeprecated(dependency: Dependency): Promise<DependencyVulnerability | null> {
+    const { deprecated, info } = isDeprecatedPackage(dependency.name);
+    if (!deprecated || !info) return null;
+    // Check ecosystem match
+    if (info.ecosystem !== dependency.ecosystem) return null;
+    logger.debug(`[VulnDetector] Deprecated package: ${dependency.name}`);
+    return {
+      id: generateId(),
+      dependency,
+      severity: Severity.LOW,
+      category: DependencyRiskCategory.OUTDATED,
+      title: `Deprecated Package: ${dependency.name}`,
+      description: `The package "${dependency.name}" is deprecated. ${info.reason}`,
+      standards: getStandardsForDependencyRisk(DependencyRiskCategory.OUTDATED),
+      recommendation: info.replacement
+        ? DependencyRecommendation.REPLACE
+        : DependencyRecommendation.REVIEW,
+      recommendationDetails: info.replacement
+        ? `Replace ${dependency.name} with ${info.replacement}.`
+        : `Review usage of ${dependency.name} and consider alternatives.`,
+      confidence: 90,
+      timestamp: new Date()
+    };
+  }
+  /**
+   * Check for supply chain risks
+   */
+  private async checkSupplyChainRisks(dependency: Dependency): Promise<DependencyVulnerability[]> {
+    const vulnerabilities: DependencyVulnerability[] = [];
+    const risks: SupplyChainRisk[] = [];
+    // Check for suspicious version patterns
+    const version = dependency.resolvedVersion || dependency.version;
+    // Flag 0.0.x versions as potentially new/untested
+    if (version && /^0\.0\.\d+/.test(version)) {
+      risks.push(SupplyChainRisk.NEW_PACKAGE);
+    }
+    // Flag packages with very recent versions (could be suspicious release)
+    // Note: This would need actual publish date data in production
+    if (risks.length > 0) {
+      vulnerabilities.push({
+        id: generateId(),
+        dependency,
+        severity: Severity.INFO,
+        category: DependencyRiskCategory.SUPPLY_CHAIN,
+        title: `Supply Chain Risk: ${dependency.name}`,
+        description: `The package "${dependency.name}" has potential supply chain risks: ${risks.join(', ')}`,
+        supplyChainRisks: risks,
+        standards: getStandardsForDependencyRisk(DependencyRiskCategory.SUPPLY_CHAIN),
+        recommendation: DependencyRecommendation.MONITOR,
+        recommendationDetails: `Monitor ${dependency.name} for any suspicious activity or updates. Consider pinning to a specific trusted version.`,
+        confidence: 60,
+        timestamp: new Date()
+      });
+    }
+    return vulnerabilities;
+  }
+}
+export default VulnerabilityDetector;

package/src/dependencies/index.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Dependency Analysis Module Exports
+ * Software Composition Analysis (SCA) for Secure-Scan
+ */
+// Types
+export * from './types';
+// Parsers
+export * from './parsers';
+// Detectors
+export * from './detectors';
+// Database
+export * from './database';
+// Main analyzer
+export * from './dependencyAnalyzer';
+export { default as DependencyAnalyzer } from './dependencyAnalyzer';
+// AI Analyzer
+export * from './aiDependencyAnalyzer';
+export { default as AIDependencyAnalyzer } from './aiDependencyAnalyzer';
+// Installed Dependencies Scanner (Malware Detection)
+export * from './installed';

package/src/dependencies/installed/index.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Installed Dependencies Module
+ * Exports for scanning installed packages for malware
+ */
+export * from './types';
+export * from './installedScanner';
+export * from './malwarePatterns';