supply-chain-guard 1.0.0

package/dist/solana-monitor.js

@@ -0,0 +1,246 @@
+"use strict";
+/**
+ * Solana C2 wallet monitor
+ *
+ * Monitors Solana wallet addresses for transactions containing memo instructions.
+ * GlassWorm and similar campaigns encode C2 URLs as Solana transaction memos,
+ * making the blockchain an uncensorable command-and-control channel.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.monitorWallet = monitorWallet;
+exports.checkWallet = checkWallet;
+exports.formatAlert = formatAlert;
+const https = __importStar(require("node:https"));
+const SOLANA_RPC = "https://api.mainnet-beta.solana.com";
+const MEMO_PROGRAM_ID = "MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr";
+/**
+ * Monitor a Solana wallet for C2 memo transactions.
+ * Runs continuously until stopped.
+ */
+async function monitorWallet(options, onAlert) {
+    const { address, interval, limit } = options;
+    let lastSignature = null;
+    console.log(`\n  Monitoring Solana wallet: ${address}`);
+    console.log(`  Polling interval: ${interval}s | Checking last ${limit} transactions`);
+    console.log(`  Press Ctrl+C to stop\n`);
+    // Initial fetch to set baseline
+    const initial = await getRecentSignatures(address, limit);
+    if (initial.length > 0) {
+        lastSignature = initial[0]?.signature ?? null;
+        console.log(`  Baseline set: ${initial.length} existing transactions`);
+        console.log(`  Latest: ${lastSignature}\n`);
+    }
+    // Poll loop
+    const poll = async () => {
+        try {
+            const signatures = await getRecentSignatures(address, limit);
+            // Find new transactions since last check
+            const newSigs = [];
+            for (const sig of signatures) {
+                if (sig.signature === lastSignature)
+                    break;
+                newSigs.push(sig);
+            }
+            if (newSigs.length > 0 && lastSignature !== null) {
+                console.log(`  [${new Date().toISOString()}] ${newSigs.length} new transaction(s)`);
+                for (const sig of newSigs) {
+                    const detail = await getTransactionDetail(sig.signature);
+                    if (detail && detail.memos.length > 0) {
+                        for (const memo of detail.memos) {
+                            const alert = {
+                                timestamp: new Date().toISOString(),
+                                wallet: address,
+                                signature: sig.signature,
+                                memo,
+                                decodedUrls: extractUrls(memo),
+                                blockTime: detail.blockTime,
+                            };
+                            onAlert(alert);
+                        }
+                    }
+                }
+                lastSignature = newSigs[0]?.signature ?? lastSignature;
+            }
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            console.error(`  [${new Date().toISOString()}] Poll error: ${message}`);
+        }
+        // Schedule next poll
+        setTimeout(() => void poll(), interval * 1000);
+    };
+    await poll();
+}
+/**
+ * One-shot check: get recent transactions and check for memos.
+ */
+async function checkWallet(address, limit = 20) {
+    const signatures = await getRecentSignatures(address, limit);
+    const results = [];
+    for (const sig of signatures) {
+        const detail = await getTransactionDetail(sig.signature);
+        if (detail && detail.memos.length > 0) {
+            results.push(detail);
+        }
+    }
+    return results;
+}
+/**
+ * Get recent transaction signatures for a wallet.
+ */
+async function getRecentSignatures(address, limit) {
+    const response = await solanaRpc("getSignaturesForAddress", [
+        address,
+        { limit },
+    ]);
+    if (!Array.isArray(response))
+        return [];
+    return response.map((tx) => ({ signature: tx.signature }));
+}
+/**
+ * Get full transaction detail and extract memo instructions.
+ */
+async function getTransactionDetail(signature) {
+    const response = await solanaRpc("getTransaction", [
+        signature,
+        { encoding: "jsonParsed", maxSupportedTransactionVersion: 0 },
+    ]);
+    if (!response)
+        return null;
+    const memos = [];
+    const tx = response;
+    // Check main instructions
+    const instructions = tx.transaction?.message?.instructions ?? [];
+    for (const ix of instructions) {
+        if (ix.programId === MEMO_PROGRAM_ID) {
+            const memoText = ix.parsed ?? ix.data ?? "";
+            if (memoText)
+                memos.push(memoText);
+        }
+    }
+    // Check inner instructions
+    const innerInstructions = tx.meta?.innerInstructions ?? [];
+    for (const inner of innerInstructions) {
+        for (const ix of inner.instructions ?? []) {
+            if (ix.programId === MEMO_PROGRAM_ID) {
+                const memoText = ix.parsed ?? ix.data ?? "";
+                if (memoText)
+                    memos.push(memoText);
+            }
+        }
+    }
+    return {
+        signature,
+        blockTime: tx.blockTime ?? null,
+        memos,
+    };
+}
+/**
+ * Make a JSON-RPC call to the Solana RPC endpoint.
+ */
+function solanaRpc(method, params) {
+    const body = JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method,
+        params,
+    });
+    return new Promise((resolve, reject) => {
+        const url = new URL(SOLANA_RPC);
+        const req = https.request({
+            hostname: url.hostname,
+            port: url.port || 443,
+            path: url.pathname,
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "Content-Length": Buffer.byteLength(body),
+            },
+        }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => {
+                data += chunk.toString();
+            });
+            res.on("end", () => {
+                try {
+                    const parsed = JSON.parse(data);
+                    if (parsed.error) {
+                        reject(new Error(`Solana RPC error: ${parsed.error.message}`));
+                        return;
+                    }
+                    resolve(parsed.result);
+                }
+                catch {
+                    reject(new Error("Failed to parse Solana RPC response"));
+                }
+            });
+        });
+        req.on("error", reject);
+        req.write(body);
+        req.end();
+    });
+}
+/**
+ * Extract URLs from a memo string.
+ */
+function extractUrls(text) {
+    const urlRegex = /https?:\/\/[^\s"'<>]+/gi;
+    return text.match(urlRegex) ?? [];
+}
+/**
+ * Format a C2 alert for display.
+ */
+function formatAlert(alert) {
+    const lines = [
+        "",
+        "  ====================================",
+        "  !! C2 MEMO DETECTED !!",
+        "  ====================================",
+        `  Time:      ${alert.timestamp}`,
+        `  Wallet:    ${alert.wallet}`,
+        `  Signature: ${alert.signature}`,
+        `  Memo:      ${alert.memo}`,
+    ];
+    if (alert.decodedUrls.length > 0) {
+        lines.push(`  URLs:      ${alert.decodedUrls.join(", ")}`);
+    }
+    if (alert.blockTime) {
+        lines.push(`  Block:     ${new Date(alert.blockTime * 1000).toISOString()}`);
+    }
+    lines.push("  ====================================", "");
+    return lines.join("\n");
+}
+//# sourceMappingURL=solana-monitor.js.map

package/dist/solana-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"solana-monitor.js","sourceRoot":"","sources":["../src/solana-monitor.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBH,sCAgEC;AAKD,kCAeC;AA6JD,kCAwBC;AAzRD,kDAAoC;AAGpC,MAAM,UAAU,GAAG,qCAAqC,CAAC;AACzD,MAAM,eAAe,GAAG,6CAA6C,CAAC;AAQtE;;;GAGG;AACI,KAAK,UAAU,aAAa,CACjC,OAA6B,EAC7B,OAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAC7C,IAAI,aAAa,GAAkB,IAAI,CAAC;IAExC,OAAO,CAAC,GAAG,CAAC,iCAAiC,OAAO,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,qBAAqB,KAAK,eAAe,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAExC,gCAAgC;IAChC,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,IAAI,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,CAAC,MAAM,wBAAwB,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,aAAa,aAAa,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,YAAY;IACZ,MAAM,IAAI,GAAG,KAAK,IAAmB,EAAE;QACrC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAE7D,yCAAyC;YACzC,MAAM,OAAO,GAAiC,EAAE,CAAC;YACjD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,IAAI,GAAG,CAAC,SAAS,KAAK,aAAa;oBAAE,MAAM;gBAC3C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpB,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,MAAM,qBAAqB,CAAC,CAAC;gBAEpF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;oBAC1B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBACzD,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACtC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;4BAChC,MAAM,KAAK,GAAY;gCACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gCACnC,MAAM,EAAE,OAAO;gCACf,SAAS,EAAE,GAAG,CAAC,SAAS;gCACxB,IAAI;gCACJ,WAAW,EAAE,WAAW,CAAC,IAAI,CAAC;gCAC9B,SAAS,EAAE,MAAM,CAAC,SAAS;6BAC5B,CAAC;4BAEF,OAAO,CAAC,KAAK,CAAC,CAAC;wBACjB,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,aAAa,CAAC;YACzD,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,iBAAiB,OAAO,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,qBAAqB;QACrB,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,EAAE,QAAQ,GAAG,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;IAEF,MAAM,IAAI,EAAE,CAAC;AACf,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAe,EACf,KAAK,GAAG,EAAE;IAEV,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAwB,EAAE,CAAC;IAExC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACzD,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAChC,OAAe,EACf,KAAa;IAEb,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,yBAAyB,EAAE;QAC1D,OAAO;QACP,EAAE,KAAK,EAAE;KACV,CAAC,CAAC;IAEH,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IAExC,OAAO,QAAQ,CAAC,GAAG,CACjB,CAAC,EAAyB,EAAE,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC,CAC7D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,oBAAoB,CACjC,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,gBAAgB,EAAE;QACjD,SAAS;QACT,EAAE,QAAQ,EAAE,YAAY,EAAE,8BAA8B,EAAE,CAAC,EAAE;KAC9D,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,GAAG,QAoBV,CAAC;IAEF,0BAA0B;IAC1B,MAAM,YAAY,GAAG,EAAE,CAAC,WAAW,EAAE,OAAO,EAAE,YAAY,IAAI,EAAE,CAAC;IACjE,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9B,IAAI,EAAE,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;YAC5C,IAAI,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,iBAAiB,GAAG,EAAE,CAAC,IAAI,EAAE,iBAAiB,IAAI,EAAE,CAAC;IAC3D,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YAC1C,IAAI,EAAE,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAG,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC5C,IAAI,QAAQ;oBAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS;QACT,SAAS,EAAE,EAAE,CAAC,SAAS,IAAI,IAAI;QAC/B,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,MAAc,EAAE,MAAiB;IAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;QAC1B,OAAO,EAAE,KAAK;QACd,EAAE,EAAE,CAAC;QACL,MAAM;QACN,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CACvB;YACE,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,GAAG;YACrB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;aAC1C;SACF,EACD,CAAC,GAAG,EAAE,EAAE;YACN,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBAC/B,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAsD,CAAC;oBACrF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACjB,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;wBAC/D,OAAO;oBACT,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACzB,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY;IAC/B,MAAM,QAAQ,GAAG,yBAAyB,CAAC;IAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;AACpC,CAAC;AAcD;;GAEG;AACH,SAAgB,WAAW,CAAC,KAAc;IACxC,MAAM,KAAK,GAAG;QACZ,EAAE;QACF,wCAAwC;QACxC,0BAA0B;QAC1B,wCAAwC;QACxC,gBAAgB,KAAK,CAAC,SAAS,EAAE;QACjC,gBAAgB,KAAK,CAAC,MAAM,EAAE;QAC9B,gBAAgB,KAAK,CAAC,SAAS,EAAE;QACjC,gBAAgB,KAAK,CAAC,IAAI,EAAE;KAC7B,CAAC;IAEF,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CACR,gBAAgB,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CACjE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,wCAAwC,EAAE,EAAE,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,108 @@
+/**
+ * supply-chain-guard type definitions
+ */
+export type Severity = "critical" | "high" | "medium" | "low" | "info";
+export interface Finding {
+    /** Unique rule identifier */
+    rule: string;
+    /** Human-readable description of the finding */
+    description: string;
+    /** Severity level */
+    severity: Severity;
+    /** File path relative to scan root (if applicable) */
+    file?: string;
+    /** Line number (if applicable) */
+    line?: number;
+    /** Matched content snippet */
+    match?: string;
+    /** Recommendation for remediation */
+    recommendation: string;
+}
+export interface ScanReport {
+    /** Tool name and version */
+    tool: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** What was scanned (path, URL, package name) */
+    target: string;
+    /** Type of scan performed */
+    scanType: "directory" | "github" | "npm" | "solana";
+    /** Duration in milliseconds */
+    durationMs: number;
+    /** All findings */
+    findings: Finding[];
+    /** Summary statistics */
+    summary: ScanSummary;
+    /** Overall risk score (0-100) */
+    score: number;
+    /** Risk level derived from score */
+    riskLevel: "clean" | "low" | "medium" | "high" | "critical";
+    /** Actionable recommendations */
+    recommendations: string[];
+}
+export interface ScanSummary {
+    totalFiles: number;
+    filesScanned: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    info: number;
+}
+export interface ScanOptions {
+    /** Target path, URL, or package name */
+    target: string;
+    /** Output format */
+    format: "text" | "json" | "markdown";
+    /** Only report findings at or above this severity */
+    minSeverity?: Severity;
+    /** Exclude specific rules */
+    excludeRules?: string[];
+    /** Maximum directory depth */
+    maxDepth?: number;
+}
+export interface NpmPackageInfo {
+    name: string;
+    version: string;
+    description?: string;
+    scripts?: Record<string, string>;
+    dependencies?: Record<string, string>;
+    devDependencies?: Record<string, string>;
+    repository?: {
+        url?: string;
+    } | string;
+    author?: string | {
+        name?: string;
+        email?: string;
+    };
+}
+export interface SolanaTransaction {
+    signature: string;
+    blockTime: number | null;
+    memo: string | null;
+    err: unknown;
+}
+export interface SolanaMonitorOptions {
+    /** Wallet address to monitor */
+    address: string;
+    /** Polling interval in seconds */
+    interval: number;
+    /** Maximum number of transactions to check per poll */
+    limit: number;
+    /** Output format */
+    format: "text" | "json";
+}
+export interface PatternEntry {
+    /** Pattern name or identifier */
+    name: string;
+    /** Regex pattern string */
+    pattern: string;
+    /** What this pattern detects */
+    description: string;
+    /** Severity if matched */
+    severity: Severity;
+    /** Rule ID */
+    rule: string;
+}
+export declare const SEVERITY_SCORES: Record<Severity, number>;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,WAAW,OAAO;IACtB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,gDAAgD;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,sDAAsD;IACtD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,6BAA6B;IAC7B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,CAAC;IACpD,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB;IACnB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,yBAAyB;IACzB,OAAO,EAAE,WAAW,CAAC;IACrB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,oCAAoC;IACpC,SAAS,EAAE,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC5D,iCAAiC;IACjC,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IACrC,qDAAqD;IACrD,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,6BAA6B;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,UAAU,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM,CAAC;IACvC,MAAM,CAAC,EAAE,MAAM,GAAG;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,GAAG,EAAE,OAAO,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACnC,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAMpD,CAAC"}

package/dist/types.js

@@ -0,0 +1,14 @@
+"use strict";
+/**
+ * supply-chain-guard type definitions
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SEVERITY_SCORES = void 0;
+exports.SEVERITY_SCORES = {
+    critical: 25,
+    high: 15,
+    medium: 8,
+    low: 3,
+    info: 1,
+};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AA6GU,QAAA,eAAe,GAA6B;IACvD,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "supply-chain-guard",
+  "version": "1.0.0",
+  "description": "Open-source supply-chain security scanner for npm, PyPI, and VS Code extensions. Detects GlassWorm and similar malware campaigns.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "supply-chain-guard": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "security",
+    "supply-chain",
+    "malware-detection",
+    "npm",
+    "glassworm",
+    "scanner",
+    "cli",
+    "github-action"
+  ],
+  "author": "Elvatis <emre.kohler@elvatis.com>",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/homeofe/supply-chain-guard.git"
+  },
+  "bugs": {
+    "url": "https://github.com/homeofe/supply-chain-guard/issues"
+  },
+  "homepage": "https://github.com/homeofe/supply-chain-guard#readme",
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "files": [
+    "dist/**/*",
+    "action.yml",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "commander": "^13.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  }
+}