shieldcortex 4.0.2 → 4.2.0

package/dist/audit/dependency-scanner.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Dependency Scanner
+ *
+ * Scans node_modules for:
+ *   1. Known malicious packages (CRITICAL)
+ *   2. Typosquat packages — Levenshtein distance 1-2 from popular packages (HIGH)
+ *   3. Suspicious postinstall scripts — network, exec, credential access patterns (HIGH/MEDIUM)
+ *   4. New packages with postinstall scripts published < 7 days ago (MEDIUM)
+ *
+ * Inspired by the axios 1.14.1 supply chain attack and the Claude Code
+ * typosquatting attacks discovered 31 Mar 2026.
+ *
+ * Usage:
+ *   shieldcortex audit --deps                      # scan ./node_modules
+ *   shieldcortex audit --deps-global               # scan global npm prefix
+ *   shieldcortex audit --deps-path /some/path      # scan specific path
+ *   shieldcortex audit --deps --quarantine         # scan + quarantine CRITICAL/HIGH
+ *   shieldcortex audit --deps --clean --force      # scan + permanently delete CRITICAL
+ *   shieldcortex audit --deps --auto-protect       # scan + auto-quarantine CRITICAL
+ */
+import type { AuditFinding, ScannerResult } from './types.js';
+/**
+ * Compute Levenshtein distance between two strings.
+ * Standard dynamic-programming implementation, no external deps.
+ */
+export declare function levenshtein(a: string, b: string): number;
+export interface QuarantineManifest {
+    packageName: string;
+    version: string;
+    reason: string;
+    originalPath: string;
+    quarantinedAt: string;
+    severity: string;
+}
+/**
+ * Quarantine a package by moving it from node_modules to
+ * ~/.shieldcortex/quarantine/deps/<pkg>-<timestamp>/.
+ *
+ * Creates a manifest.json alongside the quarantined files.
+ * Only acts on CRITICAL and HIGH findings.
+ *
+ * @returns The quarantine destination path, or null if not quarantined.
+ */
+export declare function quarantinePackage(finding: AuditFinding, nodeModulesPath: string): string | null;
+/**
+ * Permanently delete a malicious package from node_modules.
+ *
+ * Only acts on CRITICAL findings (known malicious packages from blocklist).
+ *
+ * @returns The package name that was deleted, or null if not deleted.
+ */
+export declare function cleanPackage(finding: AuditFinding, nodeModulesPath: string): string | null;
+export interface DependencyScanOptions {
+    /** Absolute path to node_modules directory */
+    nodeModulesPath: string;
+}
+export declare function scanDependencies(opts: DependencyScanOptions): ScannerResult;
+/**
+ * Resolve the node_modules path for a given mode.
+ */
+export declare function resolveNodeModulesPath(mode: 'local' | 'global' | 'path', customPath?: string): string;

package/dist/audit/dependency-scanner.js

@@ -0,0 +1,394 @@
+/**
+ * Dependency Scanner
+ *
+ * Scans node_modules for:
+ *   1. Known malicious packages (CRITICAL)
+ *   2. Typosquat packages — Levenshtein distance 1-2 from popular packages (HIGH)
+ *   3. Suspicious postinstall scripts — network, exec, credential access patterns (HIGH/MEDIUM)
+ *   4. New packages with postinstall scripts published < 7 days ago (MEDIUM)
+ *
+ * Inspired by the axios 1.14.1 supply chain attack and the Claude Code
+ * typosquatting attacks discovered 31 Mar 2026.
+ *
+ * Usage:
+ *   shieldcortex audit --deps                      # scan ./node_modules
+ *   shieldcortex audit --deps-global               # scan global npm prefix
+ *   shieldcortex audit --deps-path /some/path      # scan specific path
+ *   shieldcortex audit --deps --quarantine         # scan + quarantine CRITICAL/HIGH
+ *   shieldcortex audit --deps --clean --force      # scan + permanently delete CRITICAL
+ *   shieldcortex audit --deps --auto-protect       # scan + auto-quarantine CRITICAL
+ */
+import { readdirSync, readFileSync, existsSync, mkdirSync, renameSync, rmSync, writeFileSync } from 'fs';
+import { join, resolve } from 'path';
+import { execSync } from 'child_process';
+import { homedir } from 'os';
+const LEARN_MORE_MALICIOUS = 'https://shieldcortex.ai/docs/threats/supply-chain';
+const LEARN_MORE_TYPOSQUAT = 'https://shieldcortex.ai/docs/threats/typosquatting';
+const LEARN_MORE_POSTINSTALL = 'https://shieldcortex.ai/docs/threats/malicious-scripts';
+// ── 1. Known Malicious Packages ─────────────────────────────────────────────
+const KNOWN_MALICIOUS = [
+    // Discovered packages — add more as they are found
+    'plain-crypto-js',
+    'color-diff-napi',
+    'modifiers-napi',
+    // axios supply chain imposters (March/April 2026)
+    'axios-http',
+    'axios-utils',
+    // Claude Code typosquatting (31 Mar 2026)
+    'claude-code-sdk',
+    'claude-code-helper',
+    '@anthropic/claude-code-utils',
+    // Common malicious patterns seen in the wild
+    'event-stream-http',
+    'flatmap-stream',
+    'getcookies',
+    'eslint-scope-backdoor',
+    'eslint-config-airbnb-standard',
+    'xpc-connection',
+];
+// ── 2. Popular Packages for Typosquat Detection ─────────────────────────────
+const POPULAR_PACKAGES = [
+    'axios', 'express', 'lodash', 'react', 'next', 'vue', 'crypto-js',
+    'webpack', 'babel', 'typescript', 'eslint', 'prettier', 'jest',
+    'mocha', 'chalk', 'commander', 'inquirer', 'dotenv', 'cors',
+    'body-parser', 'mongoose', 'sequelize', 'prisma', 'socket.io',
+    'jsonwebtoken', 'bcrypt', 'uuid', 'moment', 'dayjs', 'sharp',
+    'puppeteer', 'playwright', 'onnxruntime-node', 'better-sqlite3',
+];
+const SUSPICIOUS_PATTERNS = [
+    // Downloading payloads
+    { regex: /\bcurl\b/i, label: 'curl (payload download)' },
+    { regex: /\bwget\b/i, label: 'wget (payload download)' },
+    { regex: /\bfetch\s*\(/i, label: 'fetch() (HTTP request)' },
+    { regex: /https?:\/\//i, label: 'HTTP/HTTPS URL' },
+    // Executing commands
+    { regex: /\bexec\s*\(/i, label: 'exec() call' },
+    { regex: /\bspawn\s*\(/i, label: 'spawn() call' },
+    { regex: /child_process/i, label: 'child_process import' },
+    // OS detection (profiling the victim)
+    { regex: /os\.platform\s*\(/i, label: 'os.platform() (OS detection)' },
+    { regex: /os\.type\s*\(/i, label: 'os.type() (OS detection)' },
+    { regex: /process\.platform/i, label: 'process.platform (OS detection)' },
+    // Self-deletion / cleanup
+    { regex: /rm\s+-rf/i, label: 'rm -rf (file deletion)' },
+    { regex: /\bdel\s+\/[sqf]/i, label: 'del /s (Windows deletion)' },
+    { regex: /\bunlink\s*\(/i, label: 'unlink() (file deletion)' },
+    // Credential access
+    { regex: /\bprocess\.env\b/i, label: 'process.env (env access)' },
+    { regex: /\$HOME\b|\bHOME\b/, label: '$HOME (home dir access)' },
+    { regex: /\bUSERPROFILE\b/i, label: 'USERPROFILE (Windows home)' },
+    { regex: /\.ssh/i, label: '.ssh (SSH key access)' },
+    { regex: /\.aws/i, label: '.aws (AWS credentials)' },
+    { regex: /\.npmrc/i, label: '.npmrc (npm token access)' },
+];
+// ── Levenshtein Distance ─────────────────────────────────────────────────────
+/**
+ * Compute Levenshtein distance between two strings.
+ * Standard dynamic-programming implementation, no external deps.
+ */
+export function levenshtein(a, b) {
+    if (a === b)
+        return 0;
+    if (a.length === 0)
+        return b.length;
+    if (b.length === 0)
+        return a.length;
+    // Use two-row rolling array to save memory
+    let prev = Array.from({ length: b.length + 1 }, (_, i) => i);
+    let curr = new Array(b.length + 1);
+    for (let i = 1; i <= a.length; i++) {
+        curr[0] = i;
+        for (let j = 1; j <= b.length; j++) {
+            const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+            curr[j] = Math.min(curr[j - 1] + 1, // insertion
+            prev[j] + 1, // deletion
+            prev[j - 1] + cost);
+        }
+        // Swap rows
+        const _swap = prev;
+        prev = curr;
+        curr = _swap;
+    }
+    return prev[b.length];
+}
+function readPackageJson(pkgPath) {
+    const pkgJsonPath = join(pkgPath, 'package.json');
+    if (!existsSync(pkgJsonPath))
+        return null;
+    try {
+        const raw = readFileSync(pkgJsonPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * List all top-level package names in a node_modules directory.
+ * Handles scoped packages (@org/pkg).
+ */
+function listPackages(nodeModulesPath) {
+    if (!existsSync(nodeModulesPath))
+        return [];
+    let entries;
+    try {
+        entries = readdirSync(nodeModulesPath);
+    }
+    catch {
+        return [];
+    }
+    const packages = [];
+    for (const entry of entries) {
+        if (entry.startsWith('.'))
+            continue;
+        if (entry.startsWith('@')) {
+            // Scoped namespace — list sub-entries
+            try {
+                const scopedEntries = readdirSync(join(nodeModulesPath, entry));
+                for (const sub of scopedEntries) {
+                    if (!sub.startsWith('.')) {
+                        packages.push(`${entry}/${sub}`);
+                    }
+                }
+            }
+            catch { /* skip */ }
+        }
+        else {
+            packages.push(entry);
+        }
+    }
+    return packages;
+}
+// ── Individual Checks ────────────────────────────────────────────────────────
+function checkMalicious(name) {
+    return KNOWN_MALICIOUS.includes(name);
+}
+function checkTyposquat(name) {
+    // Strip scope for comparison — "@org/axois" → "axois"
+    const bare = name.includes('/') ? name.split('/').pop() : name;
+    for (const popular of POPULAR_PACKAGES) {
+        if (name === popular || bare === popular)
+            continue; // exact match, not a typosquat
+        const dist = levenshtein(bare, popular);
+        if (dist >= 1 && dist <= 2) {
+            return popular; // typosquat of this popular package
+        }
+    }
+    return null;
+}
+function checkSuspiciousScripts(pkg) {
+    const scriptKeys = ['postinstall', 'preinstall', 'install'];
+    const matchedLabels = [];
+    for (const key of scriptKeys) {
+        const script = pkg.scripts?.[key];
+        if (!script)
+            continue;
+        for (const { regex, label } of SUSPICIOUS_PATTERNS) {
+            if (regex.test(script) && !matchedLabels.includes(label)) {
+                matchedLabels.push(label);
+            }
+        }
+    }
+    return { matchCount: matchedLabels.length, labels: matchedLabels };
+}
+function checkPackageAge(pkg) {
+    const hasPostInstall = !!pkg.scripts?.postinstall ||
+        !!pkg.scripts?.preinstall ||
+        !!pkg.scripts?.install;
+    if (!hasPostInstall)
+        return false;
+    // Try _time field first (some lockfiles embed it), then parse _resolved for date hints
+    const timeStr = pkg._time ?? pkg._resolved;
+    if (!timeStr)
+        return false;
+    // Extract an ISO date if present
+    const isoMatch = timeStr.match(/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/);
+    if (!isoMatch)
+        return false;
+    const published = new Date(isoMatch[0]);
+    if (isNaN(published.getTime()))
+        return false;
+    const ageMs = Date.now() - published.getTime();
+    const sevenDaysMs = 7 * 24 * 60 * 60 * 1000;
+    return ageMs < sevenDaysMs;
+}
+/**
+ * Quarantine a package by moving it from node_modules to
+ * ~/.shieldcortex/quarantine/deps/<pkg>-<timestamp>/.
+ *
+ * Creates a manifest.json alongside the quarantined files.
+ * Only acts on CRITICAL and HIGH findings.
+ *
+ * @returns The quarantine destination path, or null if not quarantined.
+ */
+export function quarantinePackage(finding, nodeModulesPath) {
+    // Only quarantine CRITICAL and HIGH
+    if (finding.severity !== 'critical' && finding.severity !== 'high') {
+        return null;
+    }
+    // Extract package name from the finding title heuristically
+    // Title examples:
+    //   "Known malicious package: plain-crypto-js"
+    //   "Possible typosquat: "axois" → "axios""
+    //   "Suspicious install script in "bad-pkg""
+    const nameMatch = finding.title.match(/^Known malicious package:\s+(.+)$/) ??
+        finding.title.match(/^Possible typosquat:\s+"([^"]+)"/) ??
+        finding.title.match(/^Suspicious install script in\s+"([^"]+)"/);
+    const pkgName = nameMatch?.[1]?.trim();
+    if (!pkgName)
+        return null;
+    // Resolve source path
+    const pkgParts = pkgName.split('/');
+    const srcPath = resolve(join(nodeModulesPath, ...pkgParts));
+    if (!existsSync(srcPath))
+        return null;
+    // Determine version from package.json
+    const pkg = readPackageJson(srcPath);
+    const version = pkg?.version ?? 'unknown';
+    // Build quarantine destination
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+    const safeName = pkgName.replace(/\//g, '__');
+    const quarantineBase = join(homedir(), '.shieldcortex', 'quarantine', 'deps');
+    const destDir = join(quarantineBase, `${safeName}-${timestamp}`);
+    const pkgDestDir = join(destDir, 'pkg');
+    mkdirSync(destDir, { recursive: true });
+    // Move the package directory
+    renameSync(srcPath, pkgDestDir);
+    // Write manifest
+    const manifest = {
+        packageName: pkgName,
+        version,
+        reason: finding.title,
+        originalPath: srcPath,
+        quarantinedAt: new Date().toISOString(),
+        severity: finding.severity,
+    };
+    writeFileSync(join(destDir, 'manifest.json'), JSON.stringify(manifest, null, 2));
+    return destDir;
+}
+/**
+ * Permanently delete a malicious package from node_modules.
+ *
+ * Only acts on CRITICAL findings (known malicious packages from blocklist).
+ *
+ * @returns The package name that was deleted, or null if not deleted.
+ */
+export function cleanPackage(finding, nodeModulesPath) {
+    // Only clean CRITICAL findings
+    if (finding.severity !== 'critical') {
+        return null;
+    }
+    // Extract package name from the finding title
+    const nameMatch = finding.title.match(/^Known malicious package:\s+(.+)$/);
+    const pkgName = nameMatch?.[1]?.trim();
+    if (!pkgName)
+        return null;
+    const pkgParts = pkgName.split('/');
+    const srcPath = resolve(join(nodeModulesPath, ...pkgParts));
+    if (!existsSync(srcPath))
+        return null;
+    rmSync(srcPath, { recursive: true, force: true });
+    return pkgName;
+}
+export function scanDependencies(opts) {
+    const start = Date.now();
+    const { nodeModulesPath } = opts;
+    if (!existsSync(nodeModulesPath)) {
+        return {
+            name: 'Dependency Scanner',
+            itemsScanned: 0,
+            findings: [],
+            durationMs: Date.now() - start,
+            skipped: true,
+            skipReason: `node_modules not found at ${nodeModulesPath}`,
+        };
+    }
+    const packageNames = listPackages(nodeModulesPath);
+    const findings = [];
+    for (const name of packageNames) {
+        const pkgPath = join(nodeModulesPath, ...name.split('/'));
+        const pkg = readPackageJson(pkgPath);
+        // ── 1. Known malicious ──────────────────────────────────────────
+        if (checkMalicious(name)) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'critical',
+                title: `Known malicious package: ${name}`,
+                description: `"${name}" is a known malicious npm package. Remove it immediately and ` +
+                    `audit your codebase for any data that may have been exfiltrated.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_MALICIOUS,
+            });
+        }
+        // ── 2. Typosquat ────────────────────────────────────────────────
+        const typosquatOf = checkTyposquat(name);
+        if (typosquatOf) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'high',
+                title: `Possible typosquat: "${name}" → "${typosquatOf}"`,
+                description: `"${name}" is 1-2 characters away from the popular package "${typosquatOf}". ` +
+                    `This may be a typosquatting attack. Verify the package is intentional.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_TYPOSQUAT,
+            });
+        }
+        if (!pkg)
+            continue;
+        // ── 3. Suspicious postinstall ───────────────────────────────────
+        const { matchCount, labels } = checkSuspiciousScripts(pkg);
+        if (matchCount >= 1) {
+            const severity = matchCount >= 2 ? 'high' : 'medium';
+            findings.push({
+                scanner: 'dependency',
+                severity,
+                title: `Suspicious install script in "${name}"`,
+                description: `"${name}" has an install/postinstall script containing suspicious patterns: ` +
+                    labels.join(', ') + '. Review before trusting this package.',
+                filePath: join(pkgPath, 'package.json'),
+                matchedText: labels.slice(0, 5).join(', '),
+                learnMoreUrl: LEARN_MORE_POSTINSTALL,
+            });
+        }
+        // ── 4. New package with postinstall ────────────────────────────
+        if (checkPackageAge(pkg)) {
+            findings.push({
+                scanner: 'dependency',
+                severity: 'medium',
+                title: `Newly published package with install script: "${name}"`,
+                description: `"${name}" was published within the last 7 days and has an install/postinstall ` +
+                    `script. New packages with install scripts are a common supply-chain attack vector.`,
+                filePath: join(pkgPath, 'package.json'),
+                learnMoreUrl: LEARN_MORE_MALICIOUS,
+            });
+        }
+    }
+    return {
+        name: 'Dependency Scanner',
+        itemsScanned: packageNames.length,
+        findings,
+        durationMs: Date.now() - start,
+    };
+}
+/**
+ * Resolve the node_modules path for a given mode.
+ */
+export function resolveNodeModulesPath(mode, customPath) {
+    switch (mode) {
+        case 'global': {
+            try {
+                const prefix = execSync('npm prefix -g', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'ignore'] }).trim();
+                return join(prefix, 'lib', 'node_modules');
+            }
+            catch {
+                // Fallback common locations
+                return join('/usr/local/lib', 'node_modules');
+            }
+        }
+        case 'path':
+            return customPath ?? join(process.cwd(), 'node_modules');
+        case 'local':
+        default:
+            return join(process.cwd(), 'node_modules');
+    }
+}

package/dist/audit/index.d.ts

@@ -8,6 +8,7 @@ export { scanMemories } from './memory-scanner.js';
 export { scanMcpConfigs } from './mcp-config-scanner.js';
 export { scanEnvFiles } from './env-scanner.js';
 export { scanRulesFiles } from './rules-file-scanner.js';
+export { scanDependencies, resolveNodeModulesPath, quarantinePackage, cleanPackage } from './dependency-scanner.js';
 export { formatTerminalReport, formatMarkdownReport, formatJsonReport } from './report-formatter.js';
 export { calculateGrade } from './types.js';
 export type { AuditFinding, AuditReport, AuditGrade, AuditSeverity, ScannerResult, } from './types.js';

package/dist/audit/index.js

@@ -8,5 +8,6 @@ export { scanMemories } from './memory-scanner.js';
 export { scanMcpConfigs } from './mcp-config-scanner.js';
 export { scanEnvFiles } from './env-scanner.js';
 export { scanRulesFiles } from './rules-file-scanner.js';
+export { scanDependencies, resolveNodeModulesPath, quarantinePackage, cleanPackage } from './dependency-scanner.js';
 export { formatTerminalReport, formatMarkdownReport, formatJsonReport } from './report-formatter.js';
 export { calculateGrade } from './types.js';

package/dist/cli/audit.d.ts

@@ -9,6 +9,12 @@
  *   npx shieldcortex audit --json           # JSON output
  *   npx shieldcortex audit --markdown       # Markdown output
  *   npx shieldcortex audit --ci             # CI mode (exit code reflects grade)
+ *   npx shieldcortex audit --deps           # Also scan ./node_modules for malicious packages
+ *   npx shieldcortex audit --deps-global    # Also scan global npm node_modules
+ *   npx shieldcortex audit --deps-path /p   # Also scan specific node_modules path
+ *   npx shieldcortex audit --deps --quarantine         # Scan + quarantine CRITICAL/HIGH
+ *   npx shieldcortex audit --deps --clean --force      # Scan + permanently delete CRITICAL
+ *   npx shieldcortex audit --deps --auto-protect       # Scan + auto-quarantine CRITICAL
  */
 /**
  * Run the full audit.

package/dist/cli/audit.js

@@ -9,19 +9,70 @@
  *   npx shieldcortex audit --json           # JSON output
  *   npx shieldcortex audit --markdown       # Markdown output
  *   npx shieldcortex audit --ci             # CI mode (exit code reflects grade)
+ *   npx shieldcortex audit --deps           # Also scan ./node_modules for malicious packages
+ *   npx shieldcortex audit --deps-global    # Also scan global npm node_modules
+ *   npx shieldcortex audit --deps-path /p   # Also scan specific node_modules path
+ *   npx shieldcortex audit --deps --quarantine         # Scan + quarantine CRITICAL/HIGH
+ *   npx shieldcortex audit --deps --clean --force      # Scan + permanently delete CRITICAL
+ *   npx shieldcortex audit --deps --auto-protect       # Scan + auto-quarantine CRITICAL
  */
-import { scanMemories, scanMcpConfigs, scanEnvFiles, scanRulesFiles, formatTerminalReport, formatMarkdownReport, formatJsonReport, calculateGrade, } from '../audit/index.js';
+import { requireFeature, FeatureGatedError } from '../license/gate.js';
+import { scanMemories, scanMcpConfigs, scanEnvFiles, scanRulesFiles, scanDependencies, resolveNodeModulesPath, quarantinePackage, cleanPackage, formatTerminalReport, formatMarkdownReport, formatJsonReport, calculateGrade, } from '../audit/index.js';
 function parseAuditArgs(args) {
-    const options = { format: 'terminal', ci: false };
-    for (const arg of args) {
-        if (arg === '--json')
+    const options = {
+        format: 'terminal',
+        ci: false,
+        deps: false,
+        depsMode: 'local',
+        quarantine: false,
+        clean: false,
+        autoProtect: false,
+        force: false,
+    };
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '--json') {
             options.format = 'json';
-        else if (arg === '--markdown' || arg === '--md')
+        }
+        else if (arg === '--markdown' || arg === '--md') {
             options.format = 'markdown';
+        }
         else if (arg === '--ci') {
             options.ci = true;
             options.format = 'json';
         }
+        else if (arg === '--deps') {
+            options.deps = true;
+            options.depsMode = 'local';
+        }
+        else if (arg === '--deps-global') {
+            options.deps = true;
+            options.depsMode = 'global';
+        }
+        else if (arg === '--deps-path') {
+            options.deps = true;
+            options.depsMode = 'path';
+            const next = args[i + 1];
+            if (next && !next.startsWith('--')) {
+                options.depsPath = next;
+                i++; // consume path argument
+            }
+        }
+        else if (arg === '--quarantine') {
+            options.quarantine = true;
+            options.deps = true;
+        }
+        else if (arg === '--clean') {
+            options.clean = true;
+            options.deps = true;
+        }
+        else if (arg === '--auto-protect') {
+            options.autoProtect = true;
+            options.deps = true;
+        }
+        else if (arg === '--force') {
+            options.force = true;
+        }
     }
     return options;
 }
@@ -31,6 +82,13 @@ function parseAuditArgs(args) {
 export async function handleAuditCommand(args) {
     const options = parseAuditArgs(args);
     const start = Date.now();
+    // --clean without --force: print warning and exit
+    if (options.clean && !options.force && !options.ci) {
+        console.error('\x1b[33m⚠  Are you sure? Use --force to confirm.\x1b[0m\n' +
+            '   --clean permanently deletes CRITICAL packages from node_modules.\n' +
+            '   Run: shieldcortex audit --deps --clean --force');
+        process.exit(1);
+    }
     // Get version from package.json
     let version = 'unknown';
     try {
@@ -56,30 +114,46 @@ export async function handleAuditCommand(args) {
     }
     // Run all scanners
     const scanners = [];
+    const totalSteps = options.deps ? 5 : 4;
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[1/4] Memory files...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[1/${totalSteps}] Memory files...\x1b[0m`);
     const memoryResult = scanMemories();
     scanners.push(memoryResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[1/4]\x1b[0m Memory files     \x1b[2m${memoryResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[1/${totalSteps}]\x1b[0m Memory files     \x1b[2m${memoryResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[2/4] MCP configs...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[2/${totalSteps}] MCP configs...\x1b[0m`);
     const mcpResult = scanMcpConfigs();
     scanners.push(mcpResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[2/4]\x1b[0m MCP configs      \x1b[2m${mcpResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[2/${totalSteps}]\x1b[0m MCP configs      \x1b[2m${mcpResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[3/4] Environment secrets...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[3/${totalSteps}] Environment secrets...\x1b[0m`);
     const envResult = scanEnvFiles();
     scanners.push(envResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[3/4]\x1b[0m Environment      \x1b[2m${envResult.durationMs}ms\x1b[0m\n`);
+        process.stdout.write(`\r  \x1b[32m[3/${totalSteps}]\x1b[0m Environment      \x1b[2m${envResult.durationMs}ms\x1b[0m\n`);
     if (options.format === 'terminal')
-        process.stdout.write('  \x1b[2m[4/4] Rules files...\x1b[0m');
+        process.stdout.write(`  \x1b[2m[4/${totalSteps}] Rules files...\x1b[0m`);
     const rulesResult = scanRulesFiles();
     scanners.push(rulesResult);
     if (options.format === 'terminal')
-        process.stdout.write(`\r  \x1b[32m[4/4]\x1b[0m Rules files      \x1b[2m${rulesResult.durationMs}ms\x1b[0m\n\n`);
+        process.stdout.write(`\r  \x1b[32m[4/${totalSteps}]\x1b[0m Rules files      \x1b[2m${rulesResult.durationMs}ms\x1b[0m\n`);
+    // Optional: dependency scan
+    let nodeModulesPath = '';
+    if (options.deps) {
+        nodeModulesPath = resolveNodeModulesPath(options.depsMode, options.depsPath);
+        if (options.format === 'terminal') {
+            process.stdout.write(`  \x1b[2m[5/${totalSteps}] Dependencies (${nodeModulesPath})...\x1b[0m`);
+        }
+        const depsResult = scanDependencies({ nodeModulesPath });
+        scanners.push(depsResult);
+        if (options.format === 'terminal') {
+            process.stdout.write(`\r  \x1b[32m[5/${totalSteps}]\x1b[0m Dependencies     \x1b[2m${depsResult.durationMs}ms\x1b[0m\n`);
+        }
+    }
+    if (options.format === 'terminal')
+        process.stdout.write('\n');
     // Aggregate findings
     const allFindings = scanners.flatMap(s => s.findings);
     // Sort by severity (critical first)
@@ -117,6 +191,102 @@ export async function handleAuditCommand(args) {
             console.log(formatTerminalReport(report));
             break;
     }
+    // ── Post-scan actions ────────────────────────────────────────────────────
+    const depFindings = allFindings.filter(f => f.scanner === 'dependency');
+    if (options.quarantine && depFindings.length > 0) {
+        try {
+            requireFeature('deps_quarantine');
+        }
+        catch (e) {
+            if (e instanceof FeatureGatedError) {
+                console.error('\n' + e.message);
+                process.exit(1);
+            }
+            throw e;
+        }
+        const eligible = depFindings.filter(f => f.severity === 'critical' || f.severity === 'high');
+        if (eligible.length === 0) {
+            if (options.format === 'terminal') {
+                console.log('\n\x1b[32m✓  No CRITICAL or HIGH dependency findings to quarantine.\x1b[0m');
+            }
+        }
+        else {
+            if (options.format === 'terminal') {
+                console.log(`\n\x1b[33m⚠  Quarantining ${eligible.length} package(s)...\x1b[0m`);
+            }
+            for (const finding of eligible) {
+                const dest = quarantinePackage(finding, nodeModulesPath);
+                if (dest && options.format === 'terminal') {
+                    console.log(`  \x1b[31m✗\x1b[0m  Quarantined: ${finding.title}`);
+                    console.log(`       → ${dest}`);
+                }
+            }
+        }
+    }
+    if (options.clean && depFindings.length > 0) {
+        try {
+            requireFeature('deps_clean');
+        }
+        catch (e) {
+            if (e instanceof FeatureGatedError) {
+                console.error('\n' + e.message);
+                process.exit(1);
+            }
+            throw e;
+        }
+        const criticals = depFindings.filter(f => f.severity === 'critical');
+        if (criticals.length === 0) {
+            if (options.format === 'terminal') {
+                console.log('\n\x1b[32m✓  No CRITICAL dependency findings to clean.\x1b[0m');
+            }
+        }
+        else {
+            if (options.format === 'terminal') {
+                console.log(`\n\x1b[31m🗑  Cleaning ${criticals.length} CRITICAL package(s)...\x1b[0m`);
+            }
+            for (const finding of criticals) {
+                const deleted = cleanPackage(finding, nodeModulesPath);
+                if (deleted && options.format === 'terminal') {
+                    console.log(`  \x1b[31m✗\x1b[0m  Deleted: ${deleted}`);
+                }
+            }
+        }
+    }
+    if (options.autoProtect && depFindings.length > 0) {
+        try {
+            requireFeature('deps_auto_protect');
+        }
+        catch (e) {
+            if (e instanceof FeatureGatedError) {
+                console.error('\n' + e.message);
+                process.exit(1);
+            }
+            throw e;
+        }
+        const criticals = depFindings.filter(f => f.severity === 'critical');
+        const highs = depFindings.filter(f => f.severity === 'high');
+        if (criticals.length > 0) {
+            if (options.format === 'terminal') {
+                console.log(`\n\x1b[33m⚠  Auto-protect: quarantining ${criticals.length} CRITICAL package(s)...\x1b[0m`);
+            }
+            for (const finding of criticals) {
+                const dest = quarantinePackage(finding, nodeModulesPath);
+                if (dest && options.format === 'terminal') {
+                    console.log(`  \x1b[31m✗\x1b[0m  Quarantined: ${finding.title}`);
+                    console.log(`       → ${dest}`);
+                }
+            }
+        }
+        if (highs.length > 0 && options.format === 'terminal') {
+            console.log(`\n\x1b[33m⚠  Auto-protect: ${highs.length} HIGH finding(s) detected (manual review required):\x1b[0m`);
+            for (const finding of highs) {
+                console.log(`  \x1b[33m!\x1b[0m  ${finding.title}`);
+            }
+        }
+        if (criticals.length === 0 && highs.length === 0 && options.format === 'terminal') {
+            console.log('\n\x1b[32m✓  Auto-protect: no CRITICAL or HIGH dependency findings.\x1b[0m');
+        }
+    }
     // Exit code
     if (options.ci) {
         // In CI mode: fail on critical or high findings

package/dist/license/gate.d.ts

@@ -6,7 +6,7 @@
  *   isFeatureEnabled('cloud_sync');               // returns boolean (soft check)
  */
 import { type LicenseTier } from './keys.js';
-export type GatedFeature = 'custom_injection_patterns' | 'custom_iron_dome_policies' | 'custom_firewall_rules' | 'audit_export' | 'skill_scanner_deep' | 'cloud_sync' | 'team_management' | 'shared_patterns' | 'cortex_learning';
+export type GatedFeature = 'custom_injection_patterns' | 'custom_iron_dome_policies' | 'custom_firewall_rules' | 'audit_export' | 'skill_scanner_deep' | 'cloud_sync' | 'team_management' | 'shared_patterns' | 'cortex_learning' | 'deps_quarantine' | 'deps_clean' | 'deps_auto_protect' | 'deps_global_scan' | 'memory_types' | 'memory_scopes' | 'dream_mode' | 'llm_reranking' | 'positive_feedback';
 export declare class FeatureGatedError extends Error {
     feature: GatedFeature;
     requiredTier: LicenseTier;

package/dist/license/gate.js

@@ -17,6 +17,15 @@ const FEATURE_TIERS = {
     team_management: 'team',
     shared_patterns: 'team',
     cortex_learning: 'pro',
+    deps_quarantine: 'pro',
+    deps_clean: 'pro',
+    deps_auto_protect: 'pro',
+    deps_global_scan: 'pro',
+    memory_types: 'pro',
+    memory_scopes: 'team',
+    dream_mode: 'pro',
+    llm_reranking: 'pro',
+    positive_feedback: 'pro',
 };
 const FEATURE_DESCRIPTIONS = {
     custom_injection_patterns: 'Define up to 50 custom regex patterns for detecting domain-specific threats.',
@@ -28,6 +37,15 @@ const FEATURE_DESCRIPTIONS = {
     team_management: 'Manage team members, invites, and shared security policies.',
     shared_patterns: 'Share custom injection patterns and policies across your team.',
     cortex_learning: 'Systematic mistake learning with pre-flight checks, pattern detection, and rule graduation.',
+    deps_quarantine: 'Quarantine malicious packages — move threats to a safe holding area.',
+    deps_clean: 'Permanently remove known malicious packages from your project.',
+    deps_auto_protect: 'Automated scan + quarantine of critical threats on every install.',
+    deps_global_scan: 'Scan global npm installations for supply chain threats.',
+    memory_types: 'Typed memories (user/feedback/project/reference) for structured knowledge.',
+    memory_scopes: 'Private vs team memory scopes for multi-agent deployments.',
+    dream_mode: 'Background memory consolidation — merge duplicates, archive stale, detect contradictions.',
+    llm_reranking: 'LLM-powered memory reranking for precision recall.',
+    positive_feedback: 'Capture what worked, not just what failed — learn from success.',
 };
 // ── Error class ──────────────────────────────────────────
 export class FeatureGatedError extends Error {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shieldcortex",
-  "version": "4.0.2",
+  "version": "4.2.0",
   "description": "Trustworthy memory and security for AI agents. Recall debugging, review queue, OpenClaw session capture, and memory poisoning defence for Claude Code, Codex, OpenClaw, LangChain, and MCP agents.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",