npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/dependencies/installed/installedScanner.ts ADDED Viewed

@@ -0,0 +1,821 @@
+/**
+ * Installed Dependencies Scanner
+ * Scans installed packages (node_modules, vendor, venv) for malware
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import {
+  InstalledPackage,
+  InstalledMalwareFinding,
+  InstalledDependenciesScanResult,
+  InstalledScanConfig,
+  InstalledScanStats,
+  ScannedFolder,
+  IntegrityIssue,
+  SuspiciousScriptFinding,
+  PostInstallScript,
+  InstalledPackageMetadata,
+  IntegrityStatus
+} from './types';
+import { MALWARE_PATTERNS, SUSPICIOUS_SCRIPT_PATTERNS, getPatternsForFile } from './malwarePatterns';
+import { MalwareIndicator, PackageEcosystem } from '../types';
+import { Severity } from '../../types';
+import { logger } from '../../utils/logger';
+import { generateId } from '../../utils';
+/**
+ * Default configuration for installed dependencies scanner
+ */
+const DEFAULT_CONFIG: Partial<InstalledScanConfig> = {
+  maxFileSizeBytes: 5 * 1024 * 1024, // 5MB
+  fileExtensions: ['.js', '.ts', '.mjs', '.cjs', '.py', '.php', '.rb', '.sh', '.ps1', '.cmd', '.bat'],
+  verifyIntegrity: true,
+  scanPostInstallScripts: true,
+  maxDepth: 10,
+  verbose: false,
+  parallelScans: 4
+};
+/**
+ * Folder configurations for different ecosystems
+ */
+const DEPENDENCY_FOLDERS = {
+  npm: ['node_modules'],
+  pip: ['venv', '.venv', 'env', '.env', 'site-packages', 'lib/python*/site-packages'],
+  composer: ['vendor'],
+  maven: ['.m2/repository'],
+  gradle: ['.gradle/caches/modules-2/files-2.1'],
+  nuget: ['packages', '.nuget/packages']
+};
+/**
+ * Installed Dependencies Scanner Class
+ */
+export class InstalledDependenciesScanner {
+  private config: InstalledScanConfig;
+  private scannedFiles: Set<string> = new Set();
+  private stats: InstalledScanStats;
+  constructor(config: InstalledScanConfig) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+    this.stats = this.initializeStats();
+  }
+  /**
+   * Run the installed dependencies scan
+   */
+  async scan(): Promise<InstalledDependenciesScanResult> {
+    const startTime = Date.now();
+    logger.info('🔍 Starting installed dependencies scan...');
+    const scannedFolders: ScannedFolder[] = [];
+    const installedPackages: InstalledPackage[] = [];
+    const malwareFindings: InstalledMalwareFinding[] = [];
+    const integrityIssues: IntegrityIssue[] = [];
+    const suspiciousScripts: SuspiciousScriptFinding[] = [];
+    // Find and scan dependency folders
+    const foldersToScan = this.config.foldersToScan || this.findDependencyFolders();
+    for (const folderPath of foldersToScan) {
+      if (!fs.existsSync(folderPath)) continue;
+      logger.info(`📂 Scanning: ${folderPath}`);
+      const folderInfo = await this.scanDependencyFolder(folderPath);
+      scannedFolders.push(folderInfo.scannedFolder);
+      installedPackages.push(...folderInfo.packages);
+      malwareFindings.push(...folderInfo.malwareFindings);
+      suspiciousScripts.push(...folderInfo.suspiciousScripts);
+    }
+    // Verify integrity if enabled
+    if (this.config.verifyIntegrity) {
+      const integrity = await this.verifyPackageIntegrity(installedPackages);
+      integrityIssues.push(...integrity);
+    }
+    // Update statistics
+    const endTime = Date.now();
+    this.stats.duration = endTime - startTime;
+    this.stats.totalFoldersScanned = scannedFolders.length;
+    this.stats.totalPackagesFound = installedPackages.length;
+    this.stats.malwareFindingsCount = malwareFindings.length;
+    this.stats.integrityIssuesCount = integrityIssues.length;
+    this.stats.suspiciousScriptsCount = suspiciousScripts.length;
+    // Count findings by severity
+    for (const finding of malwareFindings) {
+      this.stats.findingsBySeverity[finding.severity] =
+        (this.stats.findingsBySeverity[finding.severity] || 0) + 1;
+    }
+    logger.info(`✅ Scan complete: ${malwareFindings.length} malware findings, ${integrityIssues.length} integrity issues`);
+    return {
+      scannedFolders,
+      installedPackages,
+      malwareFindings,
+      integrityIssues,
+      suspiciousScripts,
+      stats: this.stats,
+      timestamp: new Date()
+    };
+  }
+  /**
+   * Find dependency folders in the project
+   */
+  private findDependencyFolders(): string[] {
+    const folders: string[] = [];
+    const projectPath = this.config.projectPath;
+    // Check for node_modules
+    const nodeModules = path.join(projectPath, 'node_modules');
+    if (fs.existsSync(nodeModules)) {
+      folders.push(nodeModules);
+    }
+    // Check for vendor (PHP)
+    const vendor = path.join(projectPath, 'vendor');
+    if (fs.existsSync(vendor)) {
+      folders.push(vendor);
+    }
+    // Check for Python virtual environments
+    for (const venvName of ['venv', '.venv', 'env', '.env']) {
+      const venv = path.join(projectPath, venvName);
+      if (fs.existsSync(venv)) {
+        // Look for site-packages
+        const sitePackages = this.findSitePackages(venv);
+        if (sitePackages) {
+          folders.push(sitePackages);
+        }
+      }
+    }
+    return folders;
+  }
+  /**
+   * Find site-packages in a Python virtual environment
+   */
+  private findSitePackages(venvPath: string): string | null {
+    // Windows: venv/Lib/site-packages
+    const windowsPath = path.join(venvPath, 'Lib', 'site-packages');
+    if (fs.existsSync(windowsPath)) {
+      return windowsPath;
+    }
+    // Unix: venv/lib/pythonX.X/site-packages
+    const libPath = path.join(venvPath, 'lib');
+    if (fs.existsSync(libPath)) {
+      try {
+        const entries = fs.readdirSync(libPath);
+        for (const entry of entries) {
+          if (entry.startsWith('python')) {
+            const sitePackages = path.join(libPath, entry, 'site-packages');
+            if (fs.existsSync(sitePackages)) {
+              return sitePackages;
+            }
+          }
+        }
+      } catch {
+        // Ignore errors
+      }
+    }
+    return null;
+  }
+  /**
+   * Scan a dependency folder
+   */
+  private async scanDependencyFolder(folderPath: string): Promise<{
+    scannedFolder: ScannedFolder;
+    packages: InstalledPackage[];
+    malwareFindings: InstalledMalwareFinding[];
+    suspiciousScripts: SuspiciousScriptFinding[];
+  }> {
+    const packages: InstalledPackage[] = [];
+    const malwareFindings: InstalledMalwareFinding[] = [];
+    const suspiciousScripts: SuspiciousScriptFinding[] = [];
+    const folderType = this.getFolderType(folderPath);
+    const ecosystem = this.getEcosystemFromFolder(folderPath);
+    let totalSize = 0;
+    let filesScanned = 0;
+    // Get all packages in the folder
+    const packageDirs = await this.getPackageDirectories(folderPath, ecosystem);
+    for (const packageDir of packageDirs) {
+      const pkg = await this.parseInstalledPackage(packageDir, ecosystem);
+      if (pkg) {
+        packages.push(pkg);
+        totalSize += pkg.sizeBytes;
+        // Scan package files for malware
+        const findings = await this.scanPackageForMalware(pkg, packageDir);
+        malwareFindings.push(...findings.malwareFindings);
+        filesScanned += findings.filesScanned;
+        // Check post-install scripts
+        if (this.config.scanPostInstallScripts && pkg.hasPostInstallScripts) {
+          const scriptFindings = this.analyzePostInstallScripts(pkg);
+          suspiciousScripts.push(...scriptFindings);
+        }
+        // Update ecosystem stats
+        this.stats.packagesByEcosystem[ecosystem] =
+          (this.stats.packagesByEcosystem[ecosystem] || 0) + 1;
+      }
+    }
+    this.stats.totalFilesScanned += filesScanned;
+    this.stats.totalBytesScanned += totalSize;
+    return {
+      scannedFolder: {
+        path: folderPath,
+        type: folderType,
+        ecosystem,
+        packageCount: packages.length,
+        totalSizeBytes: totalSize,
+        filesScanned
+      },
+      packages,
+      malwareFindings,
+      suspiciousScripts
+    };
+  }
+  /**
+   * Get folder type from path
+   */
+  private getFolderType(folderPath: string): ScannedFolder['type'] {
+    const folderName = path.basename(folderPath);
+    if (folderName === 'node_modules') return 'node_modules';
+    if (folderName === 'vendor') return 'vendor';
+    if (folderName === 'site-packages') return 'site-packages';
+    if (['venv', '.venv', 'env', '.env'].includes(folderName)) return 'venv';
+    if (folderName === 'packages') return 'packages';
+    return 'other';
+  }
+  /**
+   * Get ecosystem from folder path
+   */
+  private getEcosystemFromFolder(folderPath: string): PackageEcosystem {
+    if (folderPath.includes('node_modules')) return 'npm';
+    if (folderPath.includes('vendor')) return 'composer';
+    if (folderPath.includes('site-packages') || folderPath.includes('venv')) return 'pip';
+    if (folderPath.includes('.nuget') || folderPath.includes('packages')) return 'nuget';
+    return 'npm'; // Default
+  }
+  /**
+   * Get package directories in a dependency folder
+   */
+  private async getPackageDirectories(folderPath: string, ecosystem: PackageEcosystem): Promise<string[]> {
+    const packageDirs: string[] = [];
+    try {
+      const entries = fs.readdirSync(folderPath, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        const fullPath = path.join(folderPath, entry.name);
+        // Handle scoped packages for npm (@scope/package)
+        if (ecosystem === 'npm' && entry.name.startsWith('@')) {
+          const scopedEntries = fs.readdirSync(fullPath, { withFileTypes: true });
+          for (const scopedEntry of scopedEntries) {
+            if (scopedEntry.isDirectory()) {
+              packageDirs.push(path.join(fullPath, scopedEntry.name));
+            }
+          }
+        } else if (!entry.name.startsWith('.')) {
+          packageDirs.push(fullPath);
+        }
+      }
+    } catch (error) {
+      logger.debug(`Error reading directory ${folderPath}: ${error}`);
+    }
+    return packageDirs;
+  }
+  /**
+   * Parse an installed package directory
+   */
+  private async parseInstalledPackage(packageDir: string, ecosystem: PackageEcosystem): Promise<InstalledPackage | null> {
+    try {
+      let name = path.basename(packageDir);
+      let version = 'unknown';
+      let metadata: InstalledPackageMetadata = {};
+      let hasPostInstallScripts = false;
+      let postInstallScripts: PostInstallScript[] = [];
+      // Handle scoped packages
+      const parentDir = path.basename(path.dirname(packageDir));
+      if (parentDir.startsWith('@')) {
+        name = `${parentDir}/${name}`;
+      }
+      // Parse package.json for npm
+      if (ecosystem === 'npm') {
+        const packageJsonPath = path.join(packageDir, 'package.json');
+        if (fs.existsSync(packageJsonPath)) {
+          const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+          name = packageJson.name || name;
+          version = packageJson.version || version;
+          metadata = {
+            author: typeof packageJson.author === 'string' ? packageJson.author : packageJson.author?.name,
+            license: packageJson.license,
+            homepage: packageJson.homepage,
+            repository: typeof packageJson.repository === 'string' ? packageJson.repository : packageJson.repository?.url,
+            description: packageJson.description,
+            main: packageJson.main,
+            binaries: packageJson.bin ? Object.keys(packageJson.bin) : undefined
+          };
+          // Check for post-install scripts
+          const scripts = packageJson.scripts || {};
+          for (const scriptType of ['preinstall', 'install', 'postinstall', 'preuninstall', 'postuninstall'] as const) {
+            if (scripts[scriptType]) {
+              hasPostInstallScripts = true;
+              const scriptInfo = this.analyzeScript(scriptType, scripts[scriptType], packageDir);
+              postInstallScripts.push(scriptInfo);
+            }
+          }
+        }
+      }
+      // Parse for pip/Python
+      if (ecosystem === 'pip') {
+        // Try to find PKG-INFO or METADATA
+        const metadataPath = path.join(packageDir, 'PKG-INFO');
+        const distInfoDir = this.findDistInfoDir(packageDir);
+        if (distInfoDir) {
+          const metaPath = path.join(distInfoDir, 'METADATA');
+          if (fs.existsSync(metaPath)) {
+            const content = fs.readFileSync(metaPath, 'utf-8');
+            const parsed = this.parsePythonMetadata(content);
+            name = parsed.name || name;
+            version = parsed.version || version;
+            metadata = {
+              author: parsed.author,
+              license: parsed.license,
+              homepage: parsed.homepage,
+              description: parsed.summary
+            };
+          }
+        }
+      }
+      // Calculate size and file count
+      const sizeInfo = this.calculateDirectorySize(packageDir);
+      return {
+        name,
+        version,
+        ecosystem,
+        installPath: packageDir,
+        sizeBytes: sizeInfo.size,
+        fileCount: sizeInfo.fileCount,
+        hasPostInstallScripts,
+        postInstallScripts: postInstallScripts.length > 0 ? postInstallScripts : undefined,
+        metadata
+      };
+    } catch (error) {
+      logger.debug(`Error parsing package at ${packageDir}: ${error}`);
+      return null;
+    }
+  }
+  /**
+   * Find .dist-info directory for Python packages
+   */
+  private findDistInfoDir(packageDir: string): string | null {
+    const parentDir = path.dirname(packageDir);
+    const packageName = path.basename(packageDir);
+    try {
+      const entries = fs.readdirSync(parentDir);
+      for (const entry of entries) {
+        if (entry.startsWith(packageName.replace(/-/g, '_')) && entry.endsWith('.dist-info')) {
+          return path.join(parentDir, entry);
+        }
+      }
+    } catch {
+      // Ignore
+    }
+    return null;
+  }
+  /**
+   * Parse Python package metadata
+   */
+  private parsePythonMetadata(content: string): Record<string, string> {
+    const result: Record<string, string> = {};
+    const lines = content.split('\n');
+    for (const line of lines) {
+      const match = line.match(/^([A-Za-z-]+):\s*(.+)$/);
+      if (match) {
+        const key = match[1].toLowerCase().replace(/-/g, '_');
+        result[key] = match[2].trim();
+      }
+    }
+    return {
+      name: result.name,
+      version: result.version,
+      author: result.author,
+      license: result.license,
+      homepage: result.home_page,
+      summary: result.summary
+    };
+  }
+  /**
+   * Analyze a post-install script
+   */
+  private analyzeScript(type: PostInstallScript['type'], command: string, packageDir: string): PostInstallScript {
+    const riskIndicators: string[] = [];
+    let riskLevel: Severity = Severity.INFO;
+    let scriptContent: string | undefined;
+    let scriptPath: string | undefined;
+    // Check for file reference
+    const fileMatch = command.match(/node\s+([^\s]+)/);
+    if (fileMatch) {
+      const possiblePath = path.join(packageDir, fileMatch[1]);
+      if (fs.existsSync(possiblePath)) {
+        scriptPath = possiblePath;
+        try {
+          scriptContent = fs.readFileSync(possiblePath, 'utf-8');
+        } catch {
+          // Ignore read errors
+        }
+      }
+    }
+    // Analyze command and content for suspicious patterns
+    const contentToAnalyze = scriptContent || command;
+    for (const pattern of SUSPICIOUS_SCRIPT_PATTERNS) {
+      if (pattern.test(contentToAnalyze)) {
+        riskIndicators.push(pattern.source);
+        if (riskLevel === Severity.INFO) riskLevel = Severity.LOW;
+      }
+    }
+    // Check for high-risk patterns
+    if (/curl.*\|.*sh|wget.*\|.*bash|rm\s+-rf/.test(contentToAnalyze)) {
+      riskLevel = Severity.CRITICAL;
+    } else if (/eval|exec|subprocess|child_process/.test(contentToAnalyze)) {
+      riskLevel = Severity.HIGH;
+    } else if (/http|fetch|request/.test(contentToAnalyze)) {
+      riskLevel = Severity.MEDIUM;
+    }
+    return {
+      type,
+      command,
+      scriptPath,
+      content: scriptContent,
+      riskLevel,
+      riskIndicators
+    };
+  }
+  /**
+   * Analyze post-install scripts for a package
+   */
+  private analyzePostInstallScripts(pkg: InstalledPackage): SuspiciousScriptFinding[] {
+    const findings: SuspiciousScriptFinding[] = [];
+    if (!pkg.postInstallScripts) return findings;
+    for (const script of pkg.postInstallScripts) {
+      if (script.riskLevel !== 'info' && script.riskIndicators.length > 0) {
+        findings.push({
+          packageName: pkg.name,
+          script,
+          severity: script.riskLevel,
+          description: `Suspicious ${script.type} script detected in package ${pkg.name}`,
+          riskIndicators: script.riskIndicators
+        });
+      }
+    }
+    return findings;
+  }
+  /**
+   * Calculate directory size
+   */
+  private calculateDirectorySize(dirPath: string): { size: number; fileCount: number } {
+    let size = 0;
+    let fileCount = 0;
+    const calculate = (dir: string, depth: number = 0) => {
+      if (depth > 5) return; // Limit recursion depth
+      try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+          const fullPath = path.join(dir, entry.name);
+          if (entry.isDirectory()) {
+            calculate(fullPath, depth + 1);
+          } else if (entry.isFile()) {
+            const stats = fs.statSync(fullPath);
+            size += stats.size;
+            fileCount++;
+          }
+        }
+      } catch {
+        // Ignore permission errors
+      }
+    };
+    calculate(dirPath);
+    return { size, fileCount };
+  }
+  /**
+   * Scan a package for malware
+   */
+  private async scanPackageForMalware(pkg: InstalledPackage, packageDir: string): Promise<{
+    malwareFindings: InstalledMalwareFinding[];
+    filesScanned: number;
+  }> {
+    const malwareFindings: InstalledMalwareFinding[] = [];
+    let filesScanned = 0;
+    const scanFile = (filePath: string) => {
+      if (this.scannedFiles.has(filePath)) return;
+      this.scannedFiles.add(filePath);
+      const ext = path.extname(filePath).toLowerCase();
+      if (!this.config.fileExtensions?.includes(ext)) return;
+      try {
+        const stats = fs.statSync(filePath);
+        if (stats.size > (this.config.maxFileSizeBytes ?? 5 * 1024 * 1024)) return;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        filesScanned++;
+        // Get patterns applicable to this file type
+        const patterns = getPatternsForFile(filePath);
+        for (const pattern of patterns) {
+          for (const regex of pattern.patterns) {
+            // Reset regex state
+            regex.lastIndex = 0;
+            const match = regex.exec(content);
+            if (match) {
+              // Find line number
+              const beforeMatch = content.substring(0, match.index);
+              const lineNumber = beforeMatch.split('\n').length;
+              // Extract code snippet
+              const lines = content.split('\n');
+              const startLine = Math.max(0, lineNumber - 2);
+              const endLine = Math.min(lines.length, lineNumber + 2);
+              const codeSnippet = lines.slice(startLine, endLine).join('\n');
+              malwareFindings.push({
+                id: generateId(),
+                package: pkg,
+                filePath,
+                lineNumber,
+                indicators: [pattern.indicator],
+                severity: pattern.severity,
+                title: pattern.name,
+                description: pattern.description,
+                matchedPattern: pattern.id,
+                codeSnippet,
+                standards: pattern.standards,
+                recommendation: this.getRecommendation(pattern.indicator),
+                confidence: pattern.confidence,
+                timestamp: new Date()
+              });
+              // Only report first match per pattern per file
+              break;
+            }
+          }
+        }
+      } catch (error) {
+        // Ignore file read errors (binary files, etc.)
+      }
+    };
+    const scanDirectory = (dir: string, depth: number = 0) => {
+      if (depth > (this.config.maxDepth ?? 10)) return;
+      try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        for (const entry of entries) {
+          const fullPath = path.join(dir, entry.name);
+          if (entry.isDirectory()) {
+            // Skip nested node_modules
+            if (entry.name === 'node_modules' && depth > 0) continue;
+            scanDirectory(fullPath, depth + 1);
+          } else if (entry.isFile()) {
+            scanFile(fullPath);
+          }
+        }
+      } catch {
+        // Ignore permission errors
+      }
+    };
+    scanDirectory(packageDir);
+    return { malwareFindings, filesScanned };
+  }
+  /**
+   * Get recommendation for malware indicator
+   */
+  private getRecommendation(indicator: MalwareIndicator): string {
+    const recommendations: Record<MalwareIndicator, string> = {
+      [MalwareIndicator.BACKDOOR]: 'Remove this package immediately. It contains backdoor code that allows remote access.',
+      [MalwareIndicator.CRYPTOMINER]: 'Remove this package. It contains cryptocurrency mining code that steals computational resources.',
+      [MalwareIndicator.STEALER]: 'Remove this package immediately. It attempts to steal credentials or sensitive data.',
+      [MalwareIndicator.LOADER]: 'Remove this package. It downloads and executes code from external sources.',
+      [MalwareIndicator.OBFUSCATED]: 'Review this package carefully. Heavily obfuscated code may hide malicious functionality.',
+      [MalwareIndicator.DATA_EXFILTRATION]: 'Remove this package. It attempts to send sensitive data to external servers.',
+      [MalwareIndicator.KNOWN_MALWARE]: 'Remove this package immediately. It has been identified as known malware.'
+    };
+    return recommendations[indicator] || 'Review this package and consider removing it.';
+  }
+  /**
+   * Verify package integrity
+   */
+  private async verifyPackageIntegrity(packages: InstalledPackage[]): Promise<IntegrityIssue[]> {
+    const issues: IntegrityIssue[] = [];
+    // Try to load lock file
+    const lockFileData = await this.loadLockFile();
+    if (!lockFileData) {
+      logger.debug('No lock file found for integrity verification');
+      return issues;
+    }
+    for (const pkg of packages) {
+      const expectedVersion = lockFileData.packages[pkg.name];
+      if (!expectedVersion) {
+        // Package not in lock file
+        issues.push({
+          packageName: pkg.name,
+          issueType: 'unexpected_package',
+          severity: Severity.MEDIUM,
+          description: `Package ${pkg.name} is installed but not in lock file`,
+          actual: pkg.version
+        });
+      } else if (expectedVersion !== pkg.version) {
+        // Version mismatch
+        issues.push({
+          packageName: pkg.name,
+          issueType: 'version_mismatch',
+          severity: Severity.HIGH,
+          description: `Package ${pkg.name} version mismatch - possible tampering`,
+          expected: expectedVersion,
+          actual: pkg.version
+        });
+      }
+      // Update package integrity status
+      pkg.integrityStatus = {
+        status: expectedVersion === pkg.version ? 'verified' :
+                expectedVersion ? 'mismatch' : 'unknown',
+        expectedVersion,
+        installedVersion: pkg.version
+      };
+    }
+    // Check for missing packages
+    for (const [pkgName, version] of Object.entries(lockFileData.packages)) {
+      const installed = packages.find(p => p.name === pkgName);
+      if (!installed) {
+        issues.push({
+          packageName: pkgName,
+          issueType: 'missing_package',
+          severity: Severity.LOW,
+          description: `Package ${pkgName} is in lock file but not installed`,
+          expected: version as string
+        });
+      }
+    }
+    return issues;
+  }
+  /**
+   * Load lock file data
+   */
+  private async loadLockFile(): Promise<{ packages: Record<string, string> } | null> {
+    const projectPath = this.config.projectPath;
+    const packages: Record<string, string> = {};
+    // Try package-lock.json
+    const packageLockPath = path.join(projectPath, 'package-lock.json');
+    if (fs.existsSync(packageLockPath)) {
+      try {
+        const lockFile = JSON.parse(fs.readFileSync(packageLockPath, 'utf-8'));
+        // Handle npm v3 format
+        if (lockFile.packages) {
+          for (const [key, value] of Object.entries(lockFile.packages)) {
+            if (key && key !== '') {
+              const name = key.replace(/^node_modules\//, '');
+              packages[name] = (value as any).version;
+            }
+          }
+        }
+        // Handle npm v1/v2 format
+        if (lockFile.dependencies) {
+          for (const [name, value] of Object.entries(lockFile.dependencies)) {
+            packages[name] = (value as any).version;
+          }
+        }
+        return { packages };
+      } catch {
+        logger.debug('Error parsing package-lock.json');
+      }
+    }
+    // Try yarn.lock (simplified parsing)
+    const yarnLockPath = path.join(projectPath, 'yarn.lock');
+    if (fs.existsSync(yarnLockPath)) {
+      try {
+        const content = fs.readFileSync(yarnLockPath, 'utf-8');
+        const lines = content.split('\n');
+        let currentPackage = '';
+        for (const line of lines) {
+          const pkgMatch = line.match(/^"?(@?[^@\s]+)@/);
+          if (pkgMatch) {
+            currentPackage = pkgMatch[1];
+          }
+          const versionMatch = line.match(/^\s+version:?\s+"?([^"\s]+)"?/);
+          if (versionMatch && currentPackage) {
+            packages[currentPackage] = versionMatch[1];
+          }
+        }
+        return { packages };
+      } catch {
+        logger.debug('Error parsing yarn.lock');
+      }
+    }
+    return null;
+  }
+  /**
+   * Initialize statistics
+   */
+  private initializeStats(): InstalledScanStats {
+    return {
+      totalFoldersScanned: 0,
+      totalPackagesFound: 0,
+      totalFilesScanned: 0,
+      totalBytesScanned: 0,
+      malwareFindingsCount: 0,
+      integrityIssuesCount: 0,
+      suspiciousScriptsCount: 0,
+      packagesByEcosystem: {} as Record<PackageEcosystem, number>,
+      findingsBySeverity: {} as Record<Severity, number>,
+      duration: 0
+    };
+  }
+}
+/**
+ * Quick scan function
+ */
+export async function scanInstalledDependencies(projectPath: string): Promise<InstalledDependenciesScanResult> {
+  const scanner = new InstalledDependenciesScanner({ projectPath });
+  return scanner.scan();
+}