shieldcortex 4.0.1 → 4.1.0

package/dist/audit/dependency-scanner.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Dependency Scanner
+ *
+ * Scans node_modules for:
+ *   1. Known malicious packages (CRITICAL)
+ *   2. Typosquat packages — Levenshtein distance 1-2 from popular packages (HIGH)
+ *   3. Suspicious postinstall scripts — network, exec, credential access patterns (HIGH/MEDIUM)
+ *   4. New packages with postinstall scripts published < 7 days ago (MEDIUM)
+ *
+ * Inspired by the axios 1.14.1 supply chain attack and the Claude Code
+ * typosquatting attacks discovered 31 Mar 2026.
+ *
+ * Usage:
+ *   shieldcortex audit --deps                      # scan ./node_modules
+ *   shieldcortex audit --deps-global               # scan global npm prefix
+ *   shieldcortex audit --deps-path /some/path      # scan specific path
+ */
+import type { ScannerResult } from './types.js';
+/**
+ * Compute Levenshtein distance between two strings.
+ * Standard dynamic-programming implementation, no external deps.
+ */
+export declare function levenshtein(a: string, b: string): number;
+export interface DependencyScanOptions {
+    /** Absolute path to node_modules directory */
+    nodeModulesPath: string;
+}
+export declare function scanDependencies(opts: DependencyScanOptions): ScannerResult;
+/**
+ * Resolve the node_modules path for a given mode.
+ */
+export declare function resolveNodeModulesPath(mode: 'local' | 'global' | 'path', customPath?: string): string;

package/dist/audit/dependency-scanner.js

@@ -0,0 +1,312 @@
+/**
+ * Dependency Scanner
+ *
+ * Scans node_modules for:
+ *   1. Known malicious packages (CRITICAL)
+ *   2. Typosquat packages — Levenshtein distance 1-2 from popular packages (HIGH)
+ *   3. Suspicious postinstall scripts — network, exec, credential access patterns (HIGH/MEDIUM)
+ *   4. New packages with postinstall scripts published < 7 days ago (MEDIUM)
+ *
+ * Inspired by the axios 1.14.1 supply chain attack and the Claude Code
+ * typosquatting attacks discovered 31 Mar 2026.
+ *
+ * Usage:
+ *   shieldcortex audit --deps                      # scan ./node_modules
+ *   shieldcortex audit --deps-global               # scan global npm prefix
+ *   shieldcortex audit --deps-path /some/path      # scan specific path
+ */
+import { readdirSync, readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { execSync } from 'child_process';
+const LEARN_MORE_MALICIOUS = 'https://shieldcortex.ai/docs/threats/supply-chain';
+const LEARN_MORE_TYPOSQUAT = 'https://shieldcortex.ai/docs/threats/typosquatting';
+const LEARN_MORE_POSTINSTALL = 'https://shieldcortex.ai/docs/threats/malicious-scripts';
+// ── 1. Known Malicious Packages ─────────────────────────────────────────────
+const KNOWN_MALICIOUS = [
+    // Discovered packages — add more as they are found
+    'plain-crypto-js',
+    'color-diff-napi',
+    'modifiers-napi',
+    // axios supply chain imposters (March/April 2026)
+    'axios-http',
+    'axios-utils',
+    // Claude Code typosquatting (31 Mar 2026)
+    'claude-code-sdk',
+    'claude-code-helper',
+    '@anthropic/claude-code-utils',
+    // Common malicious patterns seen in the wild
+    'event-stream-http',
+    'flatmap-stream',
+    'getcookies',
+    'eslint-scope-backdoor',
+    'eslint-config-airbnb-standard',
+    'xpc-connection',
+];
+// ── 2. Popular Packages for Typosquat Detection ─────────────────────────────
+const POPULAR_PACKAGES = [
+    'axios', 'express', 'lodash', 'react', 'next', 'vue', 'crypto-js',
+    'webpack', 'babel', 'typescript', 'eslint', 'prettier', 'jest',
+    'mocha', 'chalk', 'commander', 'inquirer', 'dotenv', 'cors',
+    'body-parser', 'mongoose', 'sequelize', 'prisma', 'socket.io',
+    'jsonwebtoken', 'bcrypt', 'uuid', 'moment', 'dayjs', 'sharp',
+    'puppeteer', 'playwright', 'onnxruntime-node', 'better-sqlite3',
+];
+const SUSPICIOUS_PATTERNS = [
+    // Downloading payloads
+    { regex: /\bcurl\b/i, label: 'curl (payload download)' },
+    { regex: /\bwget\b/i, label: 'wget (payload download)' },
+    { regex: /\bfetch\s*\(/i, label: 'fetch() (HTTP request)' },
+    { regex: /https?:\/\//i, label: 'HTTP/HTTPS URL' },
+    // Executing commands
+    { regex: /\bexec\s*\(/i, label: 'exec() call' },
+    { regex: /\bspawn\s*\(/i, label: 'spawn() call' },
+    { regex: /child_process/i, label: 'child_process import' },
+    // OS detection (profiling the victim)
+    { regex: /os\.platform\s*\(/i, label: 'os.platform() (OS detection)' },
+    { regex: /os\.type\s*\(/i, label: 'os.type() (OS detection)' },
+    { regex: /process\.platform/i, label: 'process.platform (OS detection)' },
+    // Self-deletion / cleanup
+    { regex: /rm\s+-rf/i, label: 'rm -rf (file deletion)' },
+    { regex: /\bdel\s+\/[sqf]/i, label: 'del /s (Windows deletion)' },
+    { regex: /\bunlink\s*\(/i, label: 'unlink() (file deletion)' },
+    // Credential access
+    { regex: /\bprocess\.env\b/i, label: 'process.env (env access)' },
+    { regex: /\$HOME\b|\bHOME\b/, label: '$HOME (home dir access)' },
+    { regex: /\bUSERPROFILE\b/i, label: 'USERPROFILE (Windows home)' },
+    { regex: /\.ssh/i, label: '.ssh (SSH key access)' },
+    { regex: /\.aws/i, label: '.aws (AWS credentials)' },
+    { regex: /\.npmrc/i, label: '.npmrc (npm token access)' },
+];
+// ── Levenshtein Distance ─────────────────────────────────────────────────────
+/**
+ * Compute Levenshtein distance between two strings.
+ * Standard dynamic-programming implementation, no external deps.
+ */
+export function levenshtein(a, b) {
+    if (a === b)
+        return 0;
+    if (a.length === 0)
+        return b.length;
+    if (b.length === 0)
+        return a.length;
+    // Use two-row rolling array to save memory
+    let prev = Array.from({ length: b.length + 1 }, (_, i) => i);
+    let curr = new Array(b.length + 1);
+    for (let i = 1; i <= a.length; i++) {
+        curr[0] = i;
+        for (let j = 1; j <= b.length; j++) {
+            const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+            curr[j] = Math.min(curr[j - 1] + 1, // insertion
+            prev[j] + 1, // deletion
+            prev[j - 1] + cost);
+        }
+        // Swap rows
+        const _swap = prev;
+        prev = curr;
+        curr = _swap;
+    }
+    return prev[b.length];
+}
+function readPackageJson(pkgPath) {
+    const pkgJsonPath = join(pkgPath, 'package.json');
+    if (!existsSync(pkgJsonPath))
+        return null;
+    try {
+        const raw = readFileSync(pkgJsonPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * List all top-level package names in a node_modules directory.
+ * Handles scoped packages (@org/pkg).
+ */
+function listPackages(nodeModulesPath) {
+    if (!existsSync(nodeModulesPath))
+        return [];
+    let entries;
+    try {
+        entries = readdirSync(nodeModulesPath);
+    }
+    catch {
+        return [];
+    }
+    const packages = [];
+    for (const entry of entries) {
+        if (entry.startsWith('.'))
+            continue;
+        if (entry.startsWith('@')) {
+            // Scoped namespace — list sub-entries
+            try {
+                const scopedEntries = readdirSync(join(nodeModulesPath, entry));
+                for (const sub of scopedEntries) {
+                    if (!sub.startsWith('.')) {
+                        packages.push(`${entry}/${sub}`);
+                    }
+                }
+            }
+            catch { /* skip */ }
+        }
+        else {
+            packages.push(entry);
+        }
+    }
+    return packages;
+}
+// ── Individual Checks ────────────────────────────────────────────────────────
+function checkMalicious(name) {
+    return KNOWN_MALICIOUS.includes(name);
+}
+function checkTyposquat(name) {
+    // Strip scope for comparison — "@org/axois" → "axois"
+    const bare = name.includes('/') ? name.split('/').pop() : name;
+    for (const popular of POPULAR_PACKAGES) {
+        if (name === popular || bare === popular)
+            continue; // exact match, not a typosquat
+        const dist = levenshtein(bare, popular);
+        if (dist >= 1 && dist <= 2) {
+            return popular; // typosquat of this popular package
+        }
+    }
+    return null;
+}
+function checkSuspiciousScripts(pkg) {
+    const scriptKeys = ['postinstall', 'preinstall', 'install'];
+    const matchedLabels = [];
+    for (const key of scriptKeys) {
+        const script = pkg.scripts?.[key];
+        if (!script)
+            continue;
+        for (const { regex, label } of SUSPICIOUS_PATTERNS) {
+            if (regex.test(script) && !matchedLabels.includes(label)) {
+                matchedLabels.push(label);
+            }
+        }
+    }
+    return { matchCount: matchedLabels.length, labels: matchedLabels };
+}
+function checkPackageAge(pkg) {
+    const hasPostInstall = !!pkg.scripts?.postinstall ||
+        !!pkg.scripts?.preinstall ||
+        !!pkg.scripts?.install;
+    if (!hasPostInstall)
+        return false;
+    // Try _time field first (some lockfiles embed it), then parse _resolved for date hints
+    const timeStr = pkg._time ?? pkg._resolved;
+    if (!timeStr)
+        return false;
+    // Extract an ISO date if present
+    const isoMatch = timeStr.match(/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/);
+    if (!isoMatch)
+        return false;
+    const published = new Date(isoMatch[0]);
+    if (isNaN(published.getTime()))
+        return false;
+    const ageMs = Date.now() - published.getTime();
+    const sevenDaysMs = 7 * 24 * 60 * 60 * 1000;
+    return ageMs < sevenDaysMs;
+}
+export function scanDependencies(opts) {
+    const start = Date.now();
+    const { nodeModulesPath } = opts;
+    if (!existsSync(nodeModulesPath)) {
+        return {
+            name: 'Dependency Scanner',
+            itemsScanned: 0,
+            findings: [],
+            durationMs: Date.now() - start,
+            skipped: true,
+            skipReason: `node_modules not found at ${nodeModulesPath}`,
+        };
+    }
+    const packageNames = listPackages(nodeModulesPath);
+    const findings = [];
+    for (const name of packageNames) {
+        const pkgPath = join(nodeModulesPath, ...name.split('/'));
+        const pkg = readPackageJson(pkgPath);
+        // ── 1. Known malicious ──────────────────────────────────────────
+        if (checkMalicious(name)) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'critical',
+                title: `Known malicious package: ${name}`,
+                description: `"${name}" is a known malicious npm package. Remove it immediately and ` +
+                    `audit your codebase for any data that may have been exfiltrated.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_MALICIOUS,
+            });
+        }
+        // ── 2. Typosquat ────────────────────────────────────────────────
+        const typosquatOf = checkTyposquat(name);
+        if (typosquatOf) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'high',
+                title: `Possible typosquat: "${name}" → "${typosquatOf}"`,
+                description: `"${name}" is 1-2 characters away from the popular package "${typosquatOf}". ` +
+                    `This may be a typosquatting attack. Verify the package is intentional.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_TYPOSQUAT,
+            });
+        }
+        if (!pkg)
+            continue;
+        // ── 3. Suspicious postinstall ───────────────────────────────────
+        const { matchCount, labels } = checkSuspiciousScripts(pkg);
+        if (matchCount >= 1) {
+            const severity = matchCount >= 2 ? 'high' : 'medium';
+            findings.push({
+                scanner: 'dependency',
+                severity,
+                title: `Suspicious install script in "${name}"`,
+                description: `"${name}" has an install/postinstall script containing suspicious patterns: ` +
+                    labels.join(', ') + '. Review before trusting this package.',
+                filePath: join(pkgPath, 'package.json'),
+                matchedText: labels.slice(0, 5).join(', '),
+                learnMoreUrl: LEARN_MORE_POSTINSTALL,
+            });
+        }
+        // ── 4. New package with postinstall ────────────────────────────
+        if (checkPackageAge(pkg)) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'medium',
+                title: `Newly published package with install script: "${name}"`,
+                description: `"${name}" was published within the last 7 days and has an install/postinstall ` +
+                    `script. New packages with install scripts are a common supply-chain attack vector.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_MALICIOUS,
+            });
+        }
+    }
+    return {
+        name: 'Dependency Scanner',
+        itemsScanned: packageNames.length,
+        findings,
+        durationMs: Date.now() - start,
+    };
+}
+/**
+ * Resolve the node_modules path for a given mode.
+ */
+export function resolveNodeModulesPath(mode, customPath) {
+    switch (mode) {
+        case 'global': {
+            try {
+                const prefix = execSync('npm prefix -g', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] }).trim();
+                return join(prefix, 'lib', 'node_modules');
+            }
+            catch {
+                // Fallback common locations
+                return join('/usr/local/lib', 'node_modules');
+            }
+        }
+        case 'path':
+            return customPath ?? join(process.cwd(), 'node_modules');
+        case 'local':
+        default:
+            return join(process.cwd(), 'node_modules');
+    }
+}

package/dist/audit/index.d.ts

@@ -8,6 +8,7 @@ export { scanMemories } from './memory-scanner.js';
 export { scanMcpConfigs } from './mcp-config-scanner.js';
 export { scanEnvFiles } from './env-scanner.js';
 export { scanRulesFiles } from './rules-file-scanner.js';
+export { scanDependencies, resolveNodeModulesPath } from './dependency-scanner.js';
 export { formatTerminalReport, formatMarkdownReport, formatJsonReport } from './report-formatter.js';
 export { calculateGrade } from './types.js';
 export type { AuditFinding, AuditReport, AuditGrade, AuditSeverity, ScannerResult, } from './types.js';

package/dist/audit/index.js

@@ -8,5 +8,6 @@ export { scanMemories } from './memory-scanner.js';
 export { scanMcpConfigs } from './mcp-config-scanner.js';
 export { scanEnvFiles } from './env-scanner.js';
 export { scanRulesFiles } from './rules-file-scanner.js';
+export { scanDependencies, resolveNodeModulesPath } from './dependency-scanner.js';
 export { formatTerminalReport, formatMarkdownReport, formatJsonReport } from './report-formatter.js';
 export { calculateGrade } from './types.js';

package/dist/cli/audit.d.ts

@@ -9,6 +9,9 @@
  *   npx shieldcortex audit --json           # JSON output
  *   npx shieldcortex audit --markdown       # Markdown output
  *   npx shieldcortex audit --ci             # CI mode (exit code reflects grade)
+ *   npx shieldcortex audit --deps           # Also scan ./node_modules for malicious packages
+ *   npx shieldcortex audit --deps-global    # Also scan global npm node_modules
+ *   npx shieldcortex audit --deps-path /p   # Also scan specific node_modules path
  */
 /**
  * Run the full audit.

package/dist/cli/audit.js

@@ -9,19 +9,47 @@
  *   npx shieldcortex audit --json           # JSON output
  *   npx shieldcortex audit --markdown       # Markdown output
  *   npx shieldcortex audit --ci             # CI mode (exit code reflects grade)
+ *   npx shieldcortex audit --deps           # Also scan ./node_modules for malicious packages
+ *   npx shieldcortex audit --deps-global    # Also scan global npm node_modules
+ *   npx shieldcortex audit --deps-path /p   # Also scan specific node_modules path
  */
-import { scanMemories, scanMcpConfigs, scanEnvFiles, scanRulesFiles, formatTerminalReport, formatMarkdownReport, formatJsonReport, calculateGrade, } from '../audit/index.js';
+import { scanMemories, scanMcpConfigs, scanEnvFiles, scanRulesFiles, scanDependencies, resolveNodeModulesPath, formatTerminalReport, formatMarkdownReport, formatJsonReport, calculateGrade, } from '../audit/index.js';
 function parseAuditArgs(args) {
-    const options = { format: 'terminal', ci: false };
-    for (const arg of args) {
-        if (arg === '--json')
+    const options = {
+        format: 'terminal',
+        ci: false,
+        deps: false,
+        depsMode: 'local',
+    };
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '--json') {
             options.format = 'json';
-        else if (arg === '--markdown' || arg === '--md')
+        }
+        else if (arg === '--markdown' || arg === '--md') {
             options.format = 'markdown';
+        }
         else if (arg === '--ci') {
             options.ci = true;
             options.format = 'json';
         }
+        else if (arg === '--deps') {
+            options.deps = true;
+            options.depsMode = 'local';
+        }
+        else if (arg === '--deps-global') {
+            options.deps = true;
+            options.depsMode = 'global';
+        }
+        else if (arg === '--deps-path') {
+            options.deps = true;
+            options.depsMode = 'path';
+            const next = args[i + 1];
+            if (next && !next.startsWith('--')) {
+                options.depsPath = next;
+                i++; // consume path argument
+            }
+        }
     }
     return options;
 }
@@ -56,30 +84,45 @@ export async function handleAuditCommand(args) {
     }
     // Run all scanners
     const scanners = [];
+    const totalSteps = options.deps ? 5 : 4;
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[1/4] Memory files...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[1/${totalSteps}] Memory files...\x1b[0m`);
     const memoryResult = scanMemories();
     scanners.push(memoryResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[1/4]\x1b[0m Memory files     \x1b[2m${memoryResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[1/${totalSteps}]\x1b[0m Memory files     \x1b[2m${memoryResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[2/4] MCP configs...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[2/${totalSteps}] MCP configs...\x1b[0m`);
     const mcpResult = scanMcpConfigs();
     scanners.push(mcpResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[2/4]\x1b[0m MCP configs      \x1b[2m${mcpResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[2/${totalSteps}]\x1b[0m MCP configs      \x1b[2m${mcpResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[3/4] Environment secrets...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[3/${totalSteps}] Environment secrets...\x1b[0m`);
     const envResult = scanEnvFiles();
     scanners.push(envResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[3/4]\x1b[0m Environment      \x1b[2m${envResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[3/${totalSteps}]\x1b[0m Environment      \x1b[2m${envResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[4/4] Rules files...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[4/${totalSteps}] Rules files...\x1b[0m`);
     const rulesResult = scanRulesFiles();
     scanners.push(rulesResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[4/4]\x1b[0m Rules files      \x1b[2m${rulesResult.durationMs}ms\x1b[0m\n\n`);
+        process.stdout.write(`\r  \x1b[32m[4/${totalSteps}]\x1b[0m Rules files      \x1b[2m${rulesResult.durationMs}ms\x1b[0m\n`);
+    // Optional: dependency scan
+    if (options.deps) {
+        const nodeModulesPath = resolveNodeModulesPath(options.depsMode, options.depsPath);
+        if (options.format === 'terminal') {
+            process.stdout.write(`  \x1b[2m[5/${totalSteps}] Dependencies (${nodeModulesPath})...\x1b[0m`);
+        }
+        const depsResult = scanDependencies({ nodeModulesPath });
+        scanners.push(depsResult);
+        if (options.format === 'terminal') {
+            process.stdout.write(`\r  \x1b[32m[5/${totalSteps}]\x1b[0m Dependencies     \x1b[2m${depsResult.durationMs}ms\x1b[0m\n`);
+        }
+    }
+    if (options.format === 'terminal')
+        process.stdout.write('\n');
     // Aggregate findings
     const allFindings = scanners.flatMap(s => s.findings);
     // Sort by severity (critical first)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "4.0.1",
+  "version": "4.1.0",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/scripts/postinstall.mjs

@@ -9,7 +9,7 @@
  *   - SHIELDCORTEX_SKIP_AUTO_OPENCLAW=1 is set
  *   - Running as a local/dev install (npm_config_global !== 'true')
  */
-import { existsSync, copyFileSync, mkdirSync, readdirSync } from 'fs';
+import { existsSync, copyFileSync, mkdirSync, readdirSync, readFileSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { spawnSync } from 'child_process';
@@ -28,8 +28,8 @@ function isDockerEnvironment() {
   if (process.env.DOCKER === 'true' || process.env.DOCKER === '1') return true;
   if (process.env.container === 'docker') return true;
   try {
-    const { readFileSync } = await import('fs').catch(() => ({ readFileSync: null }));
-    // Sync fallback — import() can't be used synchronously here
+    const cgroup = readFileSync('/proc/1/cgroup', 'utf8');
+    if (cgroup.includes('docker') || cgroup.includes('kubepods') || cgroup.includes('containerd')) return true;
   } catch { /* ignore */ }
   return false;
 }