supply-chain-guard 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,222 @@
1
+ "use strict";
2
+ /**
3
+ * Known malicious patterns database
4
+ *
5
+ * This file is designed to be regularly updated as new threats emerge.
6
+ * Add new patterns, wallet addresses, or domain patterns as they are discovered.
7
+ */
8
+ Object.defineProperty(exports, "__esModule", { value: true });
9
+ exports.MAX_FILE_SIZE = exports.SCANNABLE_EXTENSIONS = exports.MALICIOUS_PACKAGE_PATTERNS = exports.SUSPICIOUS_SCRIPTS = exports.SUSPICIOUS_FILES = exports.FILE_PATTERNS = exports.C2_DOMAIN_PATTERNS = exports.KNOWN_C2_WALLETS = exports.GLASSWORM_MARKERS = void 0;
10
+ // ---------------------------------------------------------------------------
11
+ // GlassWorm-specific IOCs
12
+ // ---------------------------------------------------------------------------
13
+ /** Known GlassWorm marker variables */
14
+ exports.GLASSWORM_MARKERS = ["lzcdrtfxyqiplpd"];
15
+ /** Known GlassWorm Solana wallet addresses used for C2 */
16
+ exports.KNOWN_C2_WALLETS = [
17
+ // Add confirmed wallet addresses here as they are discovered
18
+ // Example: "2fTGKciRBTwLpcMVMPGwWEqGkRrG7MkR1FoKGhCPNw2S"
19
+ ];
20
+ /** Known C2 domain patterns (regex strings) */
21
+ exports.C2_DOMAIN_PATTERNS = [
22
+ // Domains seen in GlassWorm payloads
23
+ "connect\\.\\w+\\.workers\\.dev",
24
+ "\\w+-api\\.\\w+\\.workers\\.dev",
25
+ ];
26
+ // ---------------------------------------------------------------------------
27
+ // File-based detection patterns
28
+ // ---------------------------------------------------------------------------
29
+ exports.FILE_PATTERNS = [
30
+ // GlassWorm marker
31
+ {
32
+ name: "glassworm-marker",
33
+ pattern: "lzcdrtfxyqiplpd",
34
+ description: "GlassWorm campaign marker variable detected",
35
+ severity: "critical",
36
+ rule: "GLASSWORM_MARKER",
37
+ },
38
+ // Invisible Unicode characters (zero-width spaces, joiners, etc.)
39
+ {
40
+ name: "invisible-unicode",
41
+ pattern: "[\\u200B\\u200C\\u200D\\u2060\\uFEFF\\u00AD\\u034F\\u061C\\u180E\\u2028\\u2029\\u202A-\\u202E\\u2066-\\u2069]{3,}",
42
+ description: "Suspicious invisible Unicode characters detected (potential code obfuscation)",
43
+ severity: "high",
44
+ rule: "INVISIBLE_UNICODE",
45
+ },
46
+ // Encoded eval/exec patterns
47
+ {
48
+ name: "eval-atob",
49
+ pattern: "eval\\s*\\(\\s*atob\\s*\\(",
50
+ description: "Base64-encoded eval detected (common malware obfuscation)",
51
+ severity: "critical",
52
+ rule: "EVAL_ATOB",
53
+ },
54
+ {
55
+ name: "eval-buffer-from",
56
+ pattern: "eval\\s*\\(\\s*Buffer\\.from\\s*\\(",
57
+ description: "Buffer-encoded eval detected (common malware obfuscation in Node.js)",
58
+ severity: "critical",
59
+ rule: "EVAL_BUFFER",
60
+ },
61
+ {
62
+ name: "new-function-atob",
63
+ pattern: "new\\s+Function\\s*\\(\\s*atob\\s*\\(",
64
+ description: "Base64-encoded Function constructor detected (malware obfuscation)",
65
+ severity: "critical",
66
+ rule: "FUNCTION_ATOB",
67
+ },
68
+ {
69
+ name: "eval-buffer-hex",
70
+ pattern: "eval\\s*\\(\\s*Buffer\\.from\\s*\\([^)]+,\\s*['\"]hex['\"]\\s*\\)",
71
+ description: "Hex-encoded eval detected",
72
+ severity: "critical",
73
+ rule: "EVAL_HEX",
74
+ },
75
+ {
76
+ name: "exec-encoded",
77
+ pattern: "exec\\s*\\(\\s*(?:atob|Buffer\\.from|decodeURIComponent)\\s*\\(",
78
+ description: "Encoded exec call detected",
79
+ severity: "high",
80
+ rule: "EXEC_ENCODED",
81
+ },
82
+ // Solana C2 references
83
+ {
84
+ name: "solana-mainnet",
85
+ pattern: "mainnet-beta\\.solana\\.com",
86
+ description: "Solana mainnet RPC reference detected (potential C2 channel)",
87
+ severity: "medium",
88
+ rule: "SOLANA_MAINNET",
89
+ },
90
+ {
91
+ name: "helius-rpc",
92
+ pattern: "helius(?:-rpc)?\\.(?:com|dev)",
93
+ description: "Helius Solana RPC reference detected (used in GlassWorm C2)",
94
+ severity: "medium",
95
+ rule: "HELIUS_RPC",
96
+ },
97
+ // Obfuscation patterns
98
+ {
99
+ name: "hex-string-array",
100
+ pattern: "\\[\\s*(?:0x[0-9a-fA-F]+\\s*,\\s*){10,}",
101
+ description: "Large hex array detected (potential obfuscated payload)",
102
+ severity: "medium",
103
+ rule: "HEX_ARRAY",
104
+ },
105
+ {
106
+ name: "string-char-concat",
107
+ pattern: "(?:String\\.fromCharCode|\\\\x[0-9a-fA-F]{2}){5,}",
108
+ description: "Character code string construction detected (obfuscation technique)",
109
+ severity: "medium",
110
+ rule: "CHARCODE_OBFUSCATION",
111
+ },
112
+ // Network exfiltration
113
+ {
114
+ name: "env-exfil",
115
+ pattern: "process\\.env\\b[^;]*(?:fetch|https?\\.(?:get|request)|axios|got|node-fetch)",
116
+ description: "Environment variable access combined with network request (data exfiltration pattern)",
117
+ severity: "high",
118
+ rule: "ENV_EXFILTRATION",
119
+ },
120
+ {
121
+ name: "dns-exfil",
122
+ pattern: "dns\\.resolve.*process\\.env",
123
+ description: "DNS-based data exfiltration pattern detected",
124
+ severity: "high",
125
+ rule: "DNS_EXFILTRATION",
126
+ },
127
+ ];
128
+ // ---------------------------------------------------------------------------
129
+ // Suspicious file names
130
+ // ---------------------------------------------------------------------------
131
+ /** Files that are suspicious by name alone */
132
+ exports.SUSPICIOUS_FILES = [
133
+ {
134
+ pattern: "^i\\.js$",
135
+ description: "Suspicious i.js file (commonly used as GlassWorm payload dropper)",
136
+ severity: "high",
137
+ rule: "SUSPICIOUS_I_JS",
138
+ },
139
+ {
140
+ pattern: "^init\\.json$",
141
+ description: "init.json persistence file (used by GlassWorm for configuration persistence)",
142
+ severity: "high",
143
+ rule: "SUSPICIOUS_INIT_JSON",
144
+ },
145
+ ];
146
+ // ---------------------------------------------------------------------------
147
+ // Suspicious npm scripts
148
+ // ---------------------------------------------------------------------------
149
+ /** Package.json script patterns that are suspicious */
150
+ exports.SUSPICIOUS_SCRIPTS = [
151
+ {
152
+ name: "postinstall-curl",
153
+ pattern: "curl\\s+.*\\|\\s*(?:bash|sh|node)",
154
+ description: "postinstall script downloads and executes remote code",
155
+ severity: "critical",
156
+ rule: "SCRIPT_CURL_EXEC",
157
+ },
158
+ {
159
+ name: "postinstall-wget",
160
+ pattern: "wget\\s+.*\\|\\s*(?:bash|sh|node)",
161
+ description: "postinstall script downloads and executes remote code",
162
+ severity: "critical",
163
+ rule: "SCRIPT_WGET_EXEC",
164
+ },
165
+ {
166
+ name: "postinstall-node-e",
167
+ pattern: "node\\s+-e\\s+[\"'].*(?:http|https|fetch|require)",
168
+ description: "postinstall script executes inline Node.js with network access",
169
+ severity: "high",
170
+ rule: "SCRIPT_NODE_INLINE",
171
+ },
172
+ {
173
+ name: "postinstall-encoded",
174
+ pattern: "(?:atob|Buffer\\.from|base64)",
175
+ description: "postinstall script contains encoding/decoding operations",
176
+ severity: "high",
177
+ rule: "SCRIPT_ENCODED",
178
+ },
179
+ {
180
+ name: "preinstall-exec",
181
+ pattern: "(?:exec|spawn|execSync)\\s*\\(",
182
+ description: "preinstall script executes system commands",
183
+ severity: "medium",
184
+ rule: "SCRIPT_PREINSTALL_EXEC",
185
+ },
186
+ ];
187
+ // ---------------------------------------------------------------------------
188
+ // Known malicious npm package name patterns
189
+ // ---------------------------------------------------------------------------
190
+ /** Patterns matching known malicious or typosquatting package names */
191
+ exports.MALICIOUS_PACKAGE_PATTERNS = [
192
+ // Typosquatting common packages
193
+ "^(lodas|1odash|l0dash|lodash-es-utils)$",
194
+ "^(cros-env|cross-env-shell|crossenv)$",
195
+ "^(bable-cli|babelcli)$",
196
+ "^(event-streem|event_stream)$",
197
+ // GlassWorm campaign packages (pattern: random-looking names)
198
+ "^[a-z]{15,}$", // Very long single-word lowercase names
199
+ // Suspicious scoped packages mimicking official ones
200
+ "^@(?!types|babel|eslint|jest|rollup|vitejs|vue|angular|react|next|nuxt|svelte|reduxjs|tanstack|trpc).*\\/.*$",
201
+ ];
202
+ // ---------------------------------------------------------------------------
203
+ // File extensions to scan
204
+ // ---------------------------------------------------------------------------
205
+ exports.SCANNABLE_EXTENSIONS = new Set([
206
+ ".js",
207
+ ".ts",
208
+ ".jsx",
209
+ ".tsx",
210
+ ".mjs",
211
+ ".cjs",
212
+ ".py",
213
+ ".sh",
214
+ ".bash",
215
+ ".json",
216
+ ".yml",
217
+ ".yaml",
218
+ ".toml",
219
+ ]);
220
+ /** Maximum file size to scan (in bytes). Files larger than this are skipped. */
221
+ exports.MAX_FILE_SIZE = 5 * 1024 * 1024; // 5 MB
222
+ //# sourceMappingURL=patterns.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"patterns.js","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,uCAAuC;AAC1B,QAAA,iBAAiB,GAAG,CAAC,iBAAiB,CAAC,CAAC;AAErD,0DAA0D;AAC7C,QAAA,gBAAgB,GAAa;AACxC,6DAA6D;AAC7D,0DAA0D;CAC3D,CAAC;AAEF,+CAA+C;AAClC,QAAA,kBAAkB,GAAa;IAC1C,qCAAqC;IACrC,gCAAgC;IAChC,iCAAiC;CAClC,CAAC;AAEF,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAEjE,QAAA,aAAa,GAAmB;IAC3C,mBAAmB;IACnB;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,iBAAiB;QAC1B,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IAED,kEAAkE;IAClE;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EACL,mHAAmH;QACrH,WAAW,EACT,+EAA+E;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,mBAAmB;KAC1B;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,4BAA4B;QACrC,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,WAAW;KAClB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,qCAAqC;QAC9C,WAAW,EACT,sEAAsE;QACxE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,aAAa;KACpB;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uCAAuC;QAChD,WAAW,EACT,oEAAoE;QACtE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,eAAe;KACtB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,mEAAmE;QAC5E,WAAW,EAAE,2BAA2B;QACxC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,UAAU;KACjB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EACL,iEAAiE;QACnE,WAAW,EAAE,4BAA4B;QACzC,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,cAAc;KACrB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,6BAA6B;QACtC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,gBAAgB;KACvB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,+BAA+B;QACxC,WAAW,EACT,6DAA6D;QAC/D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,YAAY;KACnB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EACL,yCAAyC;QAC3C,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,WAAW;KAClB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EACL,mDAAmD;QACrD,WAAW,EACT,qEAAqE;QACvE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,sBAAsB;KAC7B;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EACL,8EAA8E;QAChF,WAAW,EACT,uFAAuF;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,8BAA8B;QACvC,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,kBAAkB;KACzB;CACF,CAAC;AAEF,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,8CAA8C;AACjC,QAAA,gBAAgB,GAKxB;IACH;QACE,OAAO,EAAE,UAAU;QACnB,WAAW,EACT,mEAAmE;QACrE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,iBAAiB;KACxB;IACD;QACE,OAAO,EAAE,eAAe;QACxB,WAAW,EACT,8EAA8E;QAChF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,sBAAsB;KAC7B;CACF,CAAC;AAEF,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,uDAAuD;AAC1C,QAAA,kBAAkB,GAAmB;IAChD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,mCAAmC;QAC5C,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,mCAAmC;QAC5C,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,kBAAkB;KACzB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,mDAAmD;QAC5D,WAAW,EACT,gEAAgE;QAClE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,oBAAoB;KAC3B;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,+BAA+B;QACxC,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,gBAAgB;KACvB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,gCAAgC;QACzC,WAAW,EAAE,4CAA4C;QACzD,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,wBAAwB;KAC/B;CACF,CAAC;AAEF,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,uEAAuE;AAC1D,QAAA,0BAA0B,GAAa;IAClD,gCAAgC;IAChC,yCAAyC;IACzC,uCAAuC;IACvC,wBAAwB;IACxB,+BAA+B;IAE/B,8DAA8D;IAC9D,cAAc,EAAE,wCAAwC;IAExD,qDAAqD;IACrD,8GAA8G;CAC/G,CAAC;AAEF,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAEjE,QAAA,oBAAoB,GAAG,IAAI,GAAG,CAAC;IAC1C,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,OAAO;CACR,CAAC,CAAC;AAEH,gFAAgF;AACnE,QAAA,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO"}
@@ -0,0 +1,10 @@
1
+ /**
2
+ * Output formatting for scan reports.
3
+ * Supports text, JSON, and markdown output.
4
+ */
5
+ import type { ScanReport } from "./types.js";
6
+ /**
7
+ * Format a scan report for output.
8
+ */
9
+ export declare function formatReport(report: ScanReport, format: "text" | "json" | "markdown"): string;
10
+ //# sourceMappingURL=reporter.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"reporter.d.ts","sourceRoot":"","sources":["../src/reporter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAW,UAAU,EAAY,MAAM,YAAY,CAAC;AAqBhE;;GAEG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,GACnC,MAAM,CAUR"}
@@ -0,0 +1,224 @@
1
+ "use strict";
2
+ /**
3
+ * Output formatting for scan reports.
4
+ * Supports text, JSON, and markdown output.
5
+ */
6
+ Object.defineProperty(exports, "__esModule", { value: true });
7
+ exports.formatReport = formatReport;
8
+ const SEVERITY_COLORS = {
9
+ critical: "\x1b[91m", // bright red
10
+ high: "\x1b[31m", // red
11
+ medium: "\x1b[33m", // yellow
12
+ low: "\x1b[36m", // cyan
13
+ info: "\x1b[37m", // white
14
+ };
15
+ const RESET = "\x1b[0m";
16
+ const BOLD = "\x1b[1m";
17
+ const DIM = "\x1b[2m";
18
+ const SEVERITY_ICONS = {
19
+ critical: "🔴",
20
+ high: "🟠",
21
+ medium: "🟡",
22
+ low: "🔵",
23
+ info: "⚪",
24
+ };
25
+ /**
26
+ * Format a scan report for output.
27
+ */
28
+ function formatReport(report, format) {
29
+ switch (format) {
30
+ case "json":
31
+ return formatJson(report);
32
+ case "markdown":
33
+ return formatMarkdown(report);
34
+ case "text":
35
+ default:
36
+ return formatText(report);
37
+ }
38
+ }
39
+ /**
40
+ * Format as JSON.
41
+ */
42
+ function formatJson(report) {
43
+ return JSON.stringify(report, null, 2);
44
+ }
45
+ /**
46
+ * Format as human-readable text with colors.
47
+ */
48
+ function formatText(report) {
49
+ const lines = [];
50
+ // Header
51
+ lines.push("");
52
+ lines.push(`${BOLD} supply-chain-guard${RESET} scan report`);
53
+ lines.push(`${DIM} ${"─".repeat(50)}${RESET}`);
54
+ lines.push(` Target: ${report.target}`);
55
+ lines.push(` Type: ${report.scanType}`);
56
+ lines.push(` Time: ${report.timestamp}`);
57
+ lines.push(` Duration: ${report.durationMs}ms`);
58
+ lines.push("");
59
+ // Score
60
+ const scoreColor = report.score === 0
61
+ ? "\x1b[32m"
62
+ : report.score <= 10
63
+ ? "\x1b[36m"
64
+ : report.score <= 30
65
+ ? "\x1b[33m"
66
+ : report.score <= 60
67
+ ? "\x1b[31m"
68
+ : "\x1b[91m";
69
+ lines.push(` Risk Score: ${scoreColor}${BOLD}${report.score}/100${RESET} (${report.riskLevel.toUpperCase()})`);
70
+ lines.push("");
71
+ // Summary
72
+ lines.push(`${BOLD} Summary${RESET}`);
73
+ lines.push(`${DIM} ${"─".repeat(50)}${RESET}`);
74
+ if (report.scanType === "directory" || report.scanType === "github") {
75
+ lines.push(` Files: ${report.summary.filesScanned}/${report.summary.totalFiles} scanned`);
76
+ }
77
+ const counts = [
78
+ report.summary.critical > 0
79
+ ? `${SEVERITY_COLORS.critical}${report.summary.critical} critical${RESET}`
80
+ : null,
81
+ report.summary.high > 0
82
+ ? `${SEVERITY_COLORS.high}${report.summary.high} high${RESET}`
83
+ : null,
84
+ report.summary.medium > 0
85
+ ? `${SEVERITY_COLORS.medium}${report.summary.medium} medium${RESET}`
86
+ : null,
87
+ report.summary.low > 0
88
+ ? `${SEVERITY_COLORS.low}${report.summary.low} low${RESET}`
89
+ : null,
90
+ report.summary.info > 0
91
+ ? `${SEVERITY_COLORS.info}${report.summary.info} info${RESET}`
92
+ : null,
93
+ ].filter(Boolean);
94
+ if (counts.length > 0) {
95
+ lines.push(` Findings: ${counts.join(", ")}`);
96
+ }
97
+ else {
98
+ lines.push(` Findings: \x1b[32mNone${RESET}`);
99
+ }
100
+ lines.push("");
101
+ // Findings
102
+ if (report.findings.length > 0) {
103
+ lines.push(`${BOLD} Findings${RESET}`);
104
+ lines.push(`${DIM} ${"─".repeat(50)}${RESET}`);
105
+ // Sort by severity (critical first)
106
+ const sorted = [...report.findings].sort((a, b) => severityRank(b.severity) - severityRank(a.severity));
107
+ for (const finding of sorted) {
108
+ lines.push("");
109
+ lines.push(` ${SEVERITY_ICONS[finding.severity]} ${SEVERITY_COLORS[finding.severity]}${BOLD}[${finding.severity.toUpperCase()}]${RESET} ${finding.description}`);
110
+ lines.push(` Rule: ${finding.rule}`);
111
+ if (finding.file) {
112
+ const location = finding.line
113
+ ? `${finding.file}:${finding.line}`
114
+ : finding.file;
115
+ lines.push(` File: ${location}`);
116
+ }
117
+ if (finding.match) {
118
+ lines.push(` Match: ${DIM}${finding.match}${RESET}`);
119
+ }
120
+ lines.push(` Fix: ${finding.recommendation}`);
121
+ }
122
+ lines.push("");
123
+ }
124
+ // Recommendations
125
+ if (report.recommendations.length > 0) {
126
+ lines.push(`${BOLD} Recommendations${RESET}`);
127
+ lines.push(`${DIM} ${"─".repeat(50)}${RESET}`);
128
+ for (const rec of report.recommendations) {
129
+ lines.push(` • ${rec}`);
130
+ }
131
+ lines.push("");
132
+ }
133
+ return lines.join("\n");
134
+ }
135
+ /**
136
+ * Format as markdown (for PR comments, GitHub Actions).
137
+ */
138
+ function formatMarkdown(report) {
139
+ const lines = [];
140
+ // Header
141
+ lines.push("## 🛡️ supply-chain-guard Scan Report");
142
+ lines.push("");
143
+ lines.push(`| Property | Value |`);
144
+ lines.push(`|----------|-------|`);
145
+ lines.push(`| Target | \`${report.target}\` |`);
146
+ lines.push(`| Type | ${report.scanType} |`);
147
+ lines.push(`| Time | ${report.timestamp} |`);
148
+ lines.push(`| Duration | ${report.durationMs}ms |`);
149
+ lines.push(`| **Risk Score** | **${report.score}/100** (${report.riskLevel.toUpperCase()}) |`);
150
+ lines.push("");
151
+ // Summary
152
+ lines.push("### Summary");
153
+ lines.push("");
154
+ if (report.scanType === "directory" || report.scanType === "github") {
155
+ lines.push(`Scanned ${report.summary.filesScanned} of ${report.summary.totalFiles} files.`);
156
+ lines.push("");
157
+ }
158
+ if (report.findings.length === 0) {
159
+ lines.push("> ✅ No malicious indicators detected.");
160
+ lines.push("");
161
+ }
162
+ else {
163
+ const badges = [];
164
+ if (report.summary.critical > 0)
165
+ badges.push(`🔴 ${report.summary.critical} critical`);
166
+ if (report.summary.high > 0)
167
+ badges.push(`🟠 ${report.summary.high} high`);
168
+ if (report.summary.medium > 0)
169
+ badges.push(`🟡 ${report.summary.medium} medium`);
170
+ if (report.summary.low > 0)
171
+ badges.push(`🔵 ${report.summary.low} low`);
172
+ if (report.summary.info > 0)
173
+ badges.push(`⚪ ${report.summary.info} info`);
174
+ lines.push(badges.join(" | "));
175
+ lines.push("");
176
+ }
177
+ // Findings
178
+ if (report.findings.length > 0) {
179
+ lines.push("### Findings");
180
+ lines.push("");
181
+ const sorted = [...report.findings].sort((a, b) => severityRank(b.severity) - severityRank(a.severity));
182
+ for (const finding of sorted) {
183
+ lines.push(`#### ${SEVERITY_ICONS[finding.severity]} [${finding.severity.toUpperCase()}] ${finding.description}`);
184
+ lines.push("");
185
+ lines.push(`- **Rule:** \`${finding.rule}\``);
186
+ if (finding.file) {
187
+ const location = finding.line
188
+ ? `${finding.file}:${finding.line}`
189
+ : finding.file;
190
+ lines.push(`- **File:** \`${location}\``);
191
+ }
192
+ if (finding.match) {
193
+ lines.push(`- **Match:** \`${finding.match}\``);
194
+ }
195
+ lines.push(`- **Recommendation:** ${finding.recommendation}`);
196
+ lines.push("");
197
+ }
198
+ }
199
+ // Recommendations
200
+ if (report.recommendations.length > 0) {
201
+ lines.push("### Recommendations");
202
+ lines.push("");
203
+ for (const rec of report.recommendations) {
204
+ lines.push(`- ${rec}`);
205
+ }
206
+ lines.push("");
207
+ }
208
+ lines.push(`---\n*Generated by [supply-chain-guard](https://github.com/homeofe/supply-chain-guard)*`);
209
+ return lines.join("\n");
210
+ }
211
+ /**
212
+ * Get numeric rank for severity sorting.
213
+ */
214
+ function severityRank(severity) {
215
+ const ranks = {
216
+ critical: 4,
217
+ high: 3,
218
+ medium: 2,
219
+ low: 1,
220
+ info: 0,
221
+ };
222
+ return ranks[severity];
223
+ }
224
+ //# sourceMappingURL=reporter.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"reporter.js","sourceRoot":"","sources":["../src/reporter.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA0BH,oCAaC;AAnCD,MAAM,eAAe,GAA6B;IAChD,QAAQ,EAAE,UAAU,EAAE,aAAa;IACnC,IAAI,EAAE,UAAU,EAAM,MAAM;IAC5B,MAAM,EAAE,UAAU,EAAI,SAAS;IAC/B,GAAG,EAAE,UAAU,EAAO,OAAO;IAC7B,IAAI,EAAE,UAAU,EAAM,QAAQ;CAC/B,CAAC;AACF,MAAM,KAAK,GAAG,SAAS,CAAC;AACxB,MAAM,IAAI,GAAG,SAAS,CAAC;AACvB,MAAM,GAAG,GAAG,SAAS,CAAC;AAEtB,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,IAAI;IACd,IAAI,EAAE,IAAI;IACV,MAAM,EAAE,IAAI;IACZ,GAAG,EAAE,IAAI;IACT,IAAI,EAAE,GAAG;CACV,CAAC;AAEF;;GAEG;AACH,SAAgB,YAAY,CAC1B,MAAkB,EAClB,MAAoC;IAEpC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,cAAc,CAAC,MAAM,CAAC,CAAC;QAChC,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAkB;IACpC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAkB;IACpC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,uBAAuB,KAAK,cAAc,CAAC,CAAC;IAC9D,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,QAAQ;IACR,MAAM,UAAU,GACd,MAAM,CAAC,KAAK,KAAK,CAAC;QAChB,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;YAClB,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;gBAClB,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;oBAClB,CAAC,CAAC,UAAU;oBACZ,CAAC,CAAC,UAAU,CAAC;IAEvB,KAAK,CAAC,IAAI,CACR,iBAAiB,UAAU,GAAG,IAAI,GAAG,MAAM,CAAC,KAAK,OAAO,KAAK,KAAK,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,CACpG,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,YAAY,KAAK,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,UAAU,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,MAAM,GAAG;QACb,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC;YACzB,CAAC,CAAC,GAAG,eAAe,CAAC,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,YAAY,KAAK,EAAE;YAC1E,CAAC,CAAC,IAAI;QACR,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;YACrB,CAAC,CAAC,GAAG,eAAe,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,KAAK,EAAE;YAC9D,CAAC,CAAC,IAAI;QACR,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YACvB,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,UAAU,KAAK,EAAE;YACpE,CAAC,CAAC,IAAI;QACR,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC;YACpB,CAAC,CAAC,GAAG,eAAe,CAAC,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,KAAK,EAAE;YAC3D,CAAC,CAAC,IAAI;QACR,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;YACrB,CAAC,CAAC,GAAG,eAAe,CAAC,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,QAAQ,KAAK,EAAE;YAC9D,CAAC,CAAC,IAAI;KACT,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAElB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,WAAW;IACX,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,aAAa,KAAK,EAAE,CAAC,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;QAEhD,oCAAoC;QACpC,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAC9D,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CACR,KAAK,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CACtJ,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI;oBAC3B,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;oBACnC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,GAAG,OAAO,CAAC,KAAK,GAAG,KAAK,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,oBAAoB,KAAK,EAAE,CAAC,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;QAChD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;QAC3B,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAkB;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,MAAM,MAAM,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,UAAU,MAAM,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CACR,wBAAwB,MAAM,CAAC,KAAK,WAAW,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CACnF,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACpE,KAAK,CAAC,IAAI,CACR,WAAW,MAAM,CAAC,OAAO,CAAC,YAAY,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,SAAS,CAChF,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,WAAW,CAAC,CAAC;QACxD,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,CAAC;QAC3E,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,SAAS,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;QACxE,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,CAAC;QAC1E,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,WAAW;IACX,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAC9D,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,MAAM,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CACR,QAAQ,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,CACtG,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI;oBAC3B,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE;oBACnC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,IAAI,CAAC,CAAC;YAC5C,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,kBAAkB,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;YAClD,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,yBAAyB,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;YAC9D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACzB,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CACR,yFAAyF,CAC1F,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,QAAkB;IACtC,MAAM,KAAK,GAA6B;QACtC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;KACR,CAAC;IACF,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC"}
@@ -0,0 +1,11 @@
1
+ /**
2
+ * Core file scanner
3
+ *
4
+ * Scans local directories and GitHub repos for supply-chain malware indicators.
5
+ */
6
+ import type { ScanOptions, ScanReport } from "./types.js";
7
+ /**
8
+ * Scan a local directory or GitHub repo for malware indicators.
9
+ */
10
+ export declare function scan(options: ScanOptions): Promise<ScanReport>;
11
+ //# sourceMappingURL=scanner.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAW,WAAW,EAAE,UAAU,EAAe,MAAM,YAAY,CAAC;AAYhF;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAoGpE"}