supply-chain-guard 1.0.0

package/dist/cli.js

@@ -0,0 +1,139 @@
+#!/usr/bin/env node
+"use strict";
+/**
+ * supply-chain-guard CLI
+ *
+ * Scan code repositories, npm packages, and VS Code extensions
+ * for supply-chain malware indicators.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const scanner_js_1 = require("./scanner.js");
+const npm_scanner_js_1 = require("./npm-scanner.js");
+const solana_monitor_js_1 = require("./solana-monitor.js");
+const reporter_js_1 = require("./reporter.js");
+const program = new commander_1.Command();
+program
+    .name("supply-chain-guard")
+    .description("Open-source supply-chain security scanner. Detects GlassWorm and similar malware campaigns in npm packages, code repos, and VS Code extensions.")
+    .version("1.0.0");
+// ── scan command ────────────────────────────────────────────────────
+program
+    .command("scan")
+    .description("Scan a local directory or GitHub repo for malware indicators")
+    .argument("<target>", "Local directory path or GitHub repo URL")
+    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-s, --min-severity <severity>", "Minimum severity to report: critical, high, medium, low, info")
+    .option("-e, --exclude <rules>", "Comma-separated list of rule IDs to exclude")
+    .option("-d, --depth <depth>", "Maximum directory depth", "20")
+    .action(async (target, opts) => {
+    try {
+        const options = {
+            target,
+            format: opts.format,
+            minSeverity: opts.minSeverity,
+            excludeRules: opts.exclude?.split(",").map((r) => r.trim()),
+            maxDepth: parseInt(opts.depth, 10),
+        };
+        const report = await (0, scanner_js_1.scan)(options);
+        console.log((0, reporter_js_1.formatReport)(report, options.format));
+        // Exit with non-zero if critical findings
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+// ── npm command ─────────────────────────────────────────────────────
+program
+    .command("npm")
+    .description("Scan an npm package for malware indicators (downloads without installing)")
+    .argument("<package>", "npm package name (e.g., express, lodash)")
+    .option("-f, --format <format>", "Output format: text, json, markdown", "text")
+    .option("-s, --min-severity <severity>", "Minimum severity to report")
+    .action(async (packageName, opts) => {
+    try {
+        const report = await (0, npm_scanner_js_1.scanNpmPackage)(packageName, {
+            target: packageName,
+            format: opts.format,
+            minSeverity: opts.minSeverity,
+        });
+        console.log((0, reporter_js_1.formatReport)(report, opts.format));
+        if (report.summary.critical > 0) {
+            process.exit(2);
+        }
+        if (report.summary.high > 0) {
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+// ── monitor command ─────────────────────────────────────────────────
+program
+    .command("monitor")
+    .description("Monitor a Solana wallet for C2 memo transactions")
+    .argument("<address>", "Solana wallet address to monitor")
+    .option("-i, --interval <seconds>", "Polling interval in seconds", "30")
+    .option("-l, --limit <count>", "Max transactions per poll", "20")
+    .option("-f, --format <format>", "Output format: text, json", "text")
+    .option("--once", "Check once and exit (no continuous monitoring)")
+    .action(async (address, opts) => {
+    try {
+        if (opts.once) {
+            // One-shot check
+            const results = await (0, solana_monitor_js_1.checkWallet)(address, parseInt(opts.limit, 10));
+            if (opts.format === "json") {
+                console.log(JSON.stringify(results, null, 2));
+            }
+            else {
+                if (results.length === 0) {
+                    console.log("\n  No memo transactions found.\n");
+                }
+                else {
+                    console.log(`\n  Found ${results.length} memo transaction(s):\n`);
+                    for (const tx of results) {
+                        console.log(`  Signature: ${tx.signature}`);
+                        console.log(`  Memos:     ${tx.memos.join(", ")}`);
+                        if (tx.blockTime) {
+                            console.log(`  Time:      ${new Date(tx.blockTime * 1000).toISOString()}`);
+                        }
+                        console.log("");
+                    }
+                }
+            }
+            return;
+        }
+        // Continuous monitoring
+        await (0, solana_monitor_js_1.monitorWallet)({
+            address,
+            interval: parseInt(opts.interval, 10),
+            limit: parseInt(opts.limit, 10),
+            format: opts.format,
+        }, (alert) => {
+            if (opts.format === "json") {
+                console.log(JSON.stringify(alert, null, 2));
+            }
+            else {
+                console.log((0, solana_monitor_js_1.formatAlert)(alert));
+            }
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`\n  Error: ${message}\n`);
+        process.exit(1);
+    }
+});
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;AAEA;;;;;GAKG;;AAEH,yCAAoC;AACpC,6CAAoC;AACpC,qDAAkD;AAClD,2DAA8E;AAC9E,+CAA6C;AAG7C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,oBAAoB,CAAC;KAC1B,WAAW,CACV,iJAAiJ,CAClJ;KACA,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,QAAQ,CAAC,UAAU,EAAE,yCAAyC,CAAC;KAC/D,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,+DAA+D,CAChE;KACA,MAAM,CACL,uBAAuB,EACvB,6CAA6C,CAC9C;KACA,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,IAAI,CAAC;KAC9D,MAAM,CACL,KAAK,EACH,MAAc,EACd,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;YACrD,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;SACnC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAI,EAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElD,0CAA0C;QAC1C,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,2EAA2E,CAAC;KACxF,QAAQ,CAAC,WAAW,EAAE,0CAA0C,CAAC;KACjE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,EAAE,MAAM,CAAC;KAC9E,MAAM,CACL,+BAA+B,EAC/B,4BAA4B,CAC7B;KACA,MAAM,CACL,KAAK,EACH,WAAmB,EACnB,IAA8C,EAC9C,EAAE;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAc,EAAC,WAAW,EAAE;YAC/C,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,IAAI,CAAC,MAAsC;YACnD,WAAW,EAAE,IAAI,CAAC,WAAmC;SACtD,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAY,EAAC,MAAM,EAAE,IAAI,CAAC,MAAsC,CAAC,CAAC,CAAC;QAE/E,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,uEAAuE;AAEvE,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kDAAkD,CAAC;KAC/D,QAAQ,CAAC,WAAW,EAAE,kCAAkC,CAAC;KACzD,MAAM,CAAC,0BAA0B,EAAE,6BAA6B,EAAE,IAAI,CAAC;KACvE,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,EAAE,IAAI,CAAC;KAChE,MAAM,CAAC,uBAAuB,EAAE,2BAA2B,EAAE,MAAM,CAAC;KACpE,MAAM,CAAC,QAAQ,EAAE,gDAAgD,CAAC;KAClE,MAAM,CACL,KAAK,EACH,OAAe,EACf,IAKC,EACD,EAAE;IACF,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,iBAAiB;YACjB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAW,EAC/B,OAAO,EACP,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CACzB,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACnD,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,CAAC,CAAC;oBAClE,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;wBACzB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACnD,IAAI,EAAE,CAAC,SAAS,EAAE,CAAC;4BACjB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,IAAI,CAAC,EAAE,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAC9D,CAAC;wBACJ,CAAC;wBACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAClB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,IAAA,iCAAa,EACjB;YACE,OAAO;YACP,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,IAAI,CAAC,MAAyB;SACvC,EACD,CAAC,KAAK,EAAE,EAAE;YACR,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,IAAA,+BAAW,EAAC,KAAK,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,cAAc,OAAO,IAAI,CAAC,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CACF,CAAC;AAEJ,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * supply-chain-guard
+ *
+ * Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions.
+ * Detects GlassWorm and similar malware campaigns.
+ */
+export { scan } from "./scanner.js";
+export { scanNpmPackage } from "./npm-scanner.js";
+export { monitorWallet, checkWallet, formatAlert } from "./solana-monitor.js";
+export { formatReport } from "./reporter.js";
+export type { Finding, ScanReport, ScanOptions, ScanSummary, Severity, NpmPackageInfo, SolanaMonitorOptions, SolanaTransaction, PatternEntry, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,GACb,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * supply-chain-guard
+ *
+ * Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions.
+ * Detects GlassWorm and similar malware campaigns.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatReport = exports.formatAlert = exports.checkWallet = exports.monitorWallet = exports.scanNpmPackage = exports.scan = void 0;
+var scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "scan", { enumerable: true, get: function () { return scanner_js_1.scan; } });
+var npm_scanner_js_1 = require("./npm-scanner.js");
+Object.defineProperty(exports, "scanNpmPackage", { enumerable: true, get: function () { return npm_scanner_js_1.scanNpmPackage; } });
+var solana_monitor_js_1 = require("./solana-monitor.js");
+Object.defineProperty(exports, "monitorWallet", { enumerable: true, get: function () { return solana_monitor_js_1.monitorWallet; } });
+Object.defineProperty(exports, "checkWallet", { enumerable: true, get: function () { return solana_monitor_js_1.checkWallet; } });
+Object.defineProperty(exports, "formatAlert", { enumerable: true, get: function () { return solana_monitor_js_1.formatAlert; } });
+var reporter_js_1 = require("./reporter.js");
+Object.defineProperty(exports, "formatReport", { enumerable: true, get: function () { return reporter_js_1.formatReport; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,2CAAoC;AAA3B,kGAAA,IAAI,OAAA;AACb,mDAAkD;AAAzC,gHAAA,cAAc,OAAA;AACvB,yDAA8E;AAArE,kHAAA,aAAa,OAAA;AAAE,gHAAA,WAAW,OAAA;AAAE,gHAAA,WAAW,OAAA;AAChD,6CAA6C;AAApC,2GAAA,YAAY,OAAA"}

package/dist/npm-scanner.d.ts

@@ -0,0 +1,14 @@
+/**
+ * npm package scanner
+ *
+ * Downloads and analyzes npm packages without installing them.
+ * Checks for suspicious scripts, obfuscated code, and known malicious patterns.
+ */
+import type { ScanReport, ScanOptions } from "./types.js";
+/**
+ * Scan an npm package by name.
+ */
+export declare function scanNpmPackage(packageName: string, options: Omit<ScanOptions, "target"> & {
+    target?: string;
+}): Promise<ScanReport>;
+//# sourceMappingURL=npm-scanner.d.ts.map

package/dist/npm-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-scanner.d.ts","sourceRoot":"","sources":["../src/npm-scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAA2B,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AA0BnF;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACzD,OAAO,CAAC,UAAU,CAAC,CAsErB"}

package/dist/npm-scanner.js

@@ -0,0 +1,347 @@
+"use strict";
+/**
+ * npm package scanner
+ *
+ * Downloads and analyzes npm packages without installing them.
+ * Checks for suspicious scripts, obfuscated code, and known malicious patterns.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanNpmPackage = scanNpmPackage;
+const fs = __importStar(require("node:fs"));
+const path = __importStar(require("node:path"));
+const https = __importStar(require("node:https"));
+const node_child_process_1 = require("node:child_process");
+const types_js_1 = require("./types.js");
+const patterns_js_1 = require("./patterns.js");
+const TOOL_VERSION = "1.0.0";
+const NPM_REGISTRY = "https://registry.npmjs.org";
+/**
+ * Scan an npm package by name.
+ */
+async function scanNpmPackage(packageName, options) {
+    const startTime = Date.now();
+    const findings = [];
+    // Check package name against known malicious patterns
+    checkPackageName(packageName, findings);
+    // Fetch package metadata from registry
+    const metadata = await fetchPackageMetadata(packageName);
+    const latestVersion = metadata["dist-tags"]?.latest;
+    if (!latestVersion) {
+        throw new Error(`Could not determine latest version for ${packageName}`);
+    }
+    const versionData = metadata.versions?.[latestVersion];
+    if (!versionData) {
+        throw new Error(`Version data not found for ${packageName}@${latestVersion}`);
+    }
+    // Check package.json scripts
+    checkPackageScripts(versionData, findings);
+    // Check dependencies against known malicious packages
+    checkDependencies(versionData, findings);
+    // Download and scan tarball
+    const tarballUrl = versionData.dist?.tarball;
+    if (tarballUrl) {
+        await downloadAndScanTarball(tarballUrl, findings);
+    }
+    // Calculate results
+    const summary = {
+        totalFiles: 0,
+        filesScanned: 0,
+        critical: findings.filter((f) => f.severity === "critical").length,
+        high: findings.filter((f) => f.severity === "high").length,
+        medium: findings.filter((f) => f.severity === "medium").length,
+        low: findings.filter((f) => f.severity === "low").length,
+        info: findings.filter((f) => f.severity === "info").length,
+    };
+    let score = 0;
+    for (const finding of findings) {
+        score += types_js_1.SEVERITY_SCORES[finding.severity];
+    }
+    score = Math.min(100, score);
+    const riskLevel = score === 0
+        ? "clean"
+        : score <= 10
+            ? "low"
+            : score <= 30
+                ? "medium"
+                : score <= 60
+                    ? "high"
+                    : "critical";
+    return {
+        tool: `supply-chain-guard v${TOOL_VERSION}`,
+        timestamp: new Date().toISOString(),
+        target: `${packageName}@${latestVersion}`,
+        scanType: "npm",
+        durationMs: Date.now() - startTime,
+        findings,
+        summary,
+        score,
+        riskLevel,
+        recommendations: generateNpmRecommendations(findings, packageName),
+    };
+}
+/**
+ * Check if the package name matches known malicious patterns.
+ */
+function checkPackageName(name, findings) {
+    for (const pattern of patterns_js_1.MALICIOUS_PACKAGE_PATTERNS) {
+        const regex = new RegExp(pattern);
+        if (regex.test(name)) {
+            findings.push({
+                rule: "MALICIOUS_PACKAGE_NAME",
+                description: `Package name "${name}" matches a known malicious or typosquatting pattern`,
+                severity: "high",
+                recommendation: `Verify this is the package you intended to use. Known typosquatting packages exist with similar names.`,
+            });
+            break;
+        }
+    }
+}
+/**
+ * Check package.json scripts for suspicious entries.
+ */
+function checkPackageScripts(pkg, findings) {
+    const scripts = pkg.scripts;
+    if (!scripts)
+        return;
+    const dangerousHooks = ["preinstall", "postinstall", "preuninstall", "postuninstall"];
+    for (const hook of dangerousHooks) {
+        const script = scripts[hook];
+        if (!script)
+            continue;
+        for (const pattern of patterns_js_1.SUSPICIOUS_SCRIPTS) {
+            const regex = new RegExp(pattern.pattern, "i");
+            if (regex.test(script)) {
+                findings.push({
+                    rule: pattern.rule,
+                    description: `npm ${hook}: ${pattern.description}`,
+                    severity: pattern.severity,
+                    file: "package.json",
+                    match: `${hook}: ${script}`,
+                    recommendation: `Review the ${hook} script before installing this package.`,
+                });
+            }
+        }
+    }
+}
+/**
+ * Check dependencies against known malicious package patterns.
+ */
+function checkDependencies(pkg, findings) {
+    const allDeps = [];
+    const deps = pkg.dependencies;
+    const devDeps = pkg.devDependencies;
+    if (deps)
+        allDeps.push(...Object.keys(deps));
+    if (devDeps)
+        allDeps.push(...Object.keys(devDeps));
+    for (const dep of allDeps) {
+        for (const pattern of patterns_js_1.MALICIOUS_PACKAGE_PATTERNS) {
+            const regex = new RegExp(pattern);
+            if (regex.test(dep)) {
+                findings.push({
+                    rule: "MALICIOUS_DEPENDENCY",
+                    description: `Dependency "${dep}" matches a known malicious or typosquatting pattern`,
+                    severity: "high",
+                    file: "package.json",
+                    recommendation: `Verify that "${dep}" is a legitimate package and not a typosquat.`,
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Fetch package metadata from the npm registry.
+ */
+async function fetchPackageMetadata(packageName) {
+    const url = `${NPM_REGISTRY}/${encodeURIComponent(packageName)}`;
+    return new Promise((resolve, reject) => {
+        https
+            .get(url, { headers: { Accept: "application/json" } }, (res) => {
+            if (res.statusCode === 404) {
+                reject(new Error(`Package not found: ${packageName}`));
+                return;
+            }
+            if (res.statusCode !== 200) {
+                reject(new Error(`npm registry returned status ${res.statusCode} for ${packageName}`));
+                return;
+            }
+            let data = "";
+            res.on("data", (chunk) => {
+                data += chunk.toString();
+            });
+            res.on("end", () => {
+                try {
+                    resolve(JSON.parse(data));
+                }
+                catch {
+                    reject(new Error("Failed to parse npm registry response"));
+                }
+            });
+        })
+            .on("error", reject);
+    });
+}
+/**
+ * Download tarball and scan its contents.
+ */
+async function downloadAndScanTarball(tarballUrl, findings) {
+    const tempDir = fs.mkdtempSync(path.join("/tmp", "scg-npm-"));
+    const tarballPath = path.join(tempDir, "package.tgz");
+    try {
+        // Download tarball
+        await downloadFile(tarballUrl, tarballPath);
+        // Extract tarball
+        const extractDir = path.join(tempDir, "extracted");
+        fs.mkdirSync(extractDir, { recursive: true });
+        (0, node_child_process_1.execSync)(`tar xzf "${tarballPath}" -C "${extractDir}"`, { stdio: "pipe" });
+        // Scan extracted files
+        const files = collectFilesRecursive(extractDir);
+        for (const filePath of files) {
+            const ext = path.extname(filePath).toLowerCase();
+            if (!patterns_js_1.SCANNABLE_EXTENSIONS.has(ext))
+                continue;
+            const stat = fs.statSync(filePath);
+            if (stat.size > patterns_js_1.MAX_FILE_SIZE)
+                continue;
+            try {
+                const content = fs.readFileSync(filePath, "utf-8");
+                const relativePath = path.relative(extractDir, filePath);
+                for (const pattern of patterns_js_1.FILE_PATTERNS) {
+                    const regex = new RegExp(pattern.pattern, "g");
+                    const lines = content.split("\n");
+                    for (let i = 0; i < lines.length; i++) {
+                        const match = regex.exec(lines[i] ?? "");
+                        if (match) {
+                            findings.push({
+                                rule: pattern.rule,
+                                description: pattern.description,
+                                severity: pattern.severity,
+                                file: relativePath,
+                                line: i + 1,
+                                match: match[0].substring(0, 120),
+                                recommendation: `Found in published npm tarball. ${pattern.description}`,
+                            });
+                            regex.lastIndex = 0;
+                        }
+                    }
+                }
+            }
+            catch {
+                // Skip unreadable files
+            }
+        }
+    }
+    finally {
+        // Cleanup
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    }
+}
+/**
+ * Download a file from a URL.
+ */
+function downloadFile(url, dest) {
+    return new Promise((resolve, reject) => {
+        const file = fs.createWriteStream(dest);
+        https
+            .get(url, (response) => {
+            // Handle redirects
+            if (response.statusCode === 302 || response.statusCode === 301) {
+                const redirectUrl = response.headers.location;
+                if (redirectUrl) {
+                    file.close();
+                    downloadFile(redirectUrl, dest).then(resolve, reject);
+                    return;
+                }
+            }
+            response.pipe(file);
+            file.on("finish", () => {
+                file.close();
+                resolve();
+            });
+        })
+            .on("error", (err) => {
+            fs.unlinkSync(dest);
+            reject(err);
+        });
+    });
+}
+/**
+ * Recursively collect files.
+ */
+function collectFilesRecursive(dir) {
+    const files = [];
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return files;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory() && entry.name !== "node_modules") {
+            files.push(...collectFilesRecursive(fullPath));
+        }
+        else if (entry.isFile()) {
+            files.push(fullPath);
+        }
+    }
+    return files;
+}
+/**
+ * Generate recommendations for npm package scan.
+ */
+function generateNpmRecommendations(findings, packageName) {
+    const recommendations = [];
+    if (findings.some((f) => f.rule === "MALICIOUS_PACKAGE_NAME")) {
+        recommendations.push(`The package name "${packageName}" matches known malicious patterns. Verify this is the intended package.`);
+    }
+    if (findings.some((f) => f.rule.startsWith("SCRIPT_"))) {
+        recommendations.push("Suspicious install scripts detected. Use --ignore-scripts when installing: npm install --ignore-scripts");
+    }
+    if (findings.some((f) => f.severity === "critical")) {
+        recommendations.push("CRITICAL findings detected. Do NOT install this package until the findings are investigated.");
+    }
+    if (findings.some((f) => f.rule === "MALICIOUS_DEPENDENCY")) {
+        recommendations.push("This package depends on packages matching known malicious patterns. Audit the full dependency tree.");
+    }
+    if (findings.length === 0) {
+        recommendations.push(`No malicious indicators found in ${packageName}. The package appears safe based on known patterns.`);
+    }
+    return recommendations;
+}
+//# sourceMappingURL=npm-scanner.js.map

package/dist/npm-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-scanner.js","sourceRoot":"","sources":["../src/npm-scanner.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCH,wCAyEC;AA1GD,4CAA8B;AAC9B,gDAAkC;AAClC,kDAAoC;AACpC,2DAA8C;AAE9C,yCAA6C;AAC7C,+CAMuB;AAEvB,MAAM,YAAY,GAAG,OAAO,CAAC;AAC7B,MAAM,YAAY,GAAG,4BAA4B,CAAC;AAelD;;GAEG;AACI,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,OAA0D;IAE1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,sDAAsD;IACtD,gBAAgB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExC,uCAAuC;IACvC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IACpD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,0CAA0C,WAAW,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC,aAAa,CAAC,CAAC;IACvD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,8BAA8B,WAAW,IAAI,aAAa,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,6BAA6B;IAC7B,mBAAmB,CAAC,WAA6B,EAAE,QAAQ,CAAC,CAAC;IAE7D,sDAAsD;IACtD,iBAAiB,CAAC,WAA6B,EAAE,QAAQ,CAAC,CAAC;IAE3D,4BAA4B;IAC5B,MAAM,UAAU,GAAI,WAA8B,CAAC,IAAI,EAAE,OAAO,CAAC;IACjE,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,sBAAsB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,oBAAoB;IACpB,MAAM,OAAO,GAAG;QACd,UAAU,EAAE,CAAC;QACb,YAAY,EAAE,CAAC;QACf,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC9D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;QACxD,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;KAC3D,CAAC;IAEF,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,IAAI,0BAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IACD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAE7B,MAAM,SAAS,GAAG,KAAK,KAAK,CAAC;QAC3B,CAAC,CAAC,OAAgB;QAClB,CAAC,CAAC,KAAK,IAAI,EAAE;YACX,CAAC,CAAC,KAAc;YAChB,CAAC,CAAC,KAAK,IAAI,EAAE;gBACX,CAAC,CAAC,QAAiB;gBACnB,CAAC,CAAC,KAAK,IAAI,EAAE;oBACX,CAAC,CAAC,MAAe;oBACjB,CAAC,CAAC,UAAmB,CAAC;IAE9B,OAAO;QACL,IAAI,EAAE,uBAAuB,YAAY,EAAE;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM,EAAE,GAAG,WAAW,IAAI,aAAa,EAAE;QACzC,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAClC,QAAQ;QACR,OAAO;QACP,KAAK;QACL,SAAS;QACT,eAAe,EAAE,0BAA0B,CAAC,QAAQ,EAAE,WAAW,CAAC;KACnE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,IAAY,EAAE,QAAmB;IACzD,KAAK,MAAM,OAAO,IAAI,wCAA0B,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,wBAAwB;gBAC9B,WAAW,EAAE,iBAAiB,IAAI,sDAAsD;gBACxF,QAAQ,EAAE,MAAM;gBAChB,cAAc,EAAE,wGAAwG;aACzH,CAAC,CAAC;YACH,MAAM;QACR,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,GAAmB,EACnB,QAAmB;IAEnB,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAC5B,IAAI,CAAC,OAAO;QAAE,OAAO;IAErB,MAAM,cAAc,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;IAEtF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,KAAK,MAAM,OAAO,IAAI,gCAAkB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC/C,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,WAAW,EAAE,OAAO,IAAI,KAAK,OAAO,CAAC,WAAW,EAAE;oBAClD,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,GAAG,IAAI,KAAK,MAAM,EAAE;oBAC3B,cAAc,EAAE,cAAc,IAAI,yCAAyC;iBAC5E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,GAAmB,EACnB,QAAmB;IAEnB,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC;IAC9B,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;IAEpC,IAAI,IAAI;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7C,IAAI,OAAO;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAEnD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,OAAO,IAAI,wCAA0B,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,WAAW,EAAE,eAAe,GAAG,sDAAsD;oBACrF,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,cAAc;oBACpB,cAAc,EAAE,gBAAgB,GAAG,gDAAgD;iBACpF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,WAAmB;IAEnB,MAAM,GAAG,GAAG,GAAG,YAAY,IAAI,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;IAEjE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,KAAK;aACF,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7D,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC3B,MAAM,CAAC,IAAI,KAAK,CAAC,sBAAsB,WAAW,EAAE,CAAC,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YACD,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC3B,MAAM,CACJ,IAAI,KAAK,CACP,gCAAgC,GAAG,CAAC,UAAU,QAAQ,WAAW,EAAE,CACpE,CACF,CAAC;gBACF,OAAO;YACT,CAAC;YAED,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBAC/B,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC,CAAC;gBACnD,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,sBAAsB,CACnC,UAAkB,EAClB,QAAmB;IAEnB,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;IAC9D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAEtD,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,YAAY,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE5C,kBAAkB;QAClB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACnD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,IAAA,6BAAQ,EAAC,YAAY,WAAW,SAAS,UAAU,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAE3E,uBAAuB;QACvB,MAAM,KAAK,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAEhD,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YACjD,IAAI,CAAC,kCAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAE7C,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,IAAI,GAAG,2BAAa;gBAAE,SAAS;YAExC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBAEzD,KAAK,MAAM,OAAO,IAAI,2BAAa,EAAE,CAAC;oBACpC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACtC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;wBACzC,IAAI,KAAK,EAAE,CAAC;4BACV,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,OAAO,CAAC,IAAI;gCAClB,WAAW,EAAE,OAAO,CAAC,WAAW;gCAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gCAC1B,IAAI,EAAE,YAAY;gCAClB,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gCACjC,cAAc,EAAE,mCAAmC,OAAO,CAAC,WAAW,EAAE;6BACzE,CAAC,CAAC;4BACH,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;wBACtB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;YAAS,CAAC;QACT,UAAU;QACV,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW,EAAE,IAAY;IAC7C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACxC,KAAK;aACF,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;YACrB,mBAAmB;YACnB,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;gBAC9C,IAAI,WAAW,EAAE,CAAC;oBAChB,IAAI,CAAC,KAAK,EAAE,CAAC;oBACb,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;oBACtD,OAAO;gBACT,CAAC;YACH,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACrB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACnB,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAoB,CAAC;IAEzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACzD,KAAK,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,QAAmB,EACnB,WAAmB;IAEnB,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,wBAAwB,CAAC,EAAE,CAAC;QAC9D,eAAe,CAAC,IAAI,CAClB,qBAAqB,WAAW,0EAA0E,CAC3G,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACvD,eAAe,CAAC,IAAI,CAClB,yGAAyG,CAC1G,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QACpD,eAAe,CAAC,IAAI,CAClB,8FAA8F,CAC/F,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAAE,CAAC;QAC5D,eAAe,CAAC,IAAI,CAClB,qGAAqG,CACtG,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,eAAe,CAAC,IAAI,CAClB,oCAAoC,WAAW,qDAAqD,CACrG,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/dist/patterns.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Known malicious patterns database
+ *
+ * This file is designed to be regularly updated as new threats emerge.
+ * Add new patterns, wallet addresses, or domain patterns as they are discovered.
+ */
+import type { PatternEntry, Severity } from "./types.js";
+/** Known GlassWorm marker variables */
+export declare const GLASSWORM_MARKERS: string[];
+/** Known GlassWorm Solana wallet addresses used for C2 */
+export declare const KNOWN_C2_WALLETS: string[];
+/** Known C2 domain patterns (regex strings) */
+export declare const C2_DOMAIN_PATTERNS: string[];
+export declare const FILE_PATTERNS: PatternEntry[];
+/** Files that are suspicious by name alone */
+export declare const SUSPICIOUS_FILES: Array<{
+    pattern: string;
+    description: string;
+    severity: Severity;
+    rule: string;
+}>;
+/** Package.json script patterns that are suspicious */
+export declare const SUSPICIOUS_SCRIPTS: PatternEntry[];
+/** Patterns matching known malicious or typosquatting package names */
+export declare const MALICIOUS_PACKAGE_PATTERNS: string[];
+export declare const SCANNABLE_EXTENSIONS: Set<string>;
+/** Maximum file size to scan (in bytes). Files larger than this are skipped. */
+export declare const MAX_FILE_SIZE: number;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAMzD,uCAAuC;AACvC,eAAO,MAAM,iBAAiB,UAAsB,CAAC;AAErD,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,EAAE,MAAM,EAGpC,CAAC;AAEF,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB,EAAE,MAAM,EAItC,CAAC;AAMF,eAAO,MAAM,aAAa,EAAE,YAAY,EAkHvC,CAAC;AAMF,8CAA8C;AAC9C,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd,CAeA,CAAC;AAMF,uDAAuD;AACvD,eAAO,MAAM,kBAAkB,EAAE,YAAY,EAqC5C,CAAC;AAMF,uEAAuE;AACvE,eAAO,MAAM,0BAA0B,EAAE,MAAM,EAY9C,CAAC;AAMF,eAAO,MAAM,oBAAoB,aAc/B,CAAC;AAEH,gFAAgF;AAChF,eAAO,MAAM,aAAa,QAAkB,CAAC"}